fix: 解决手机号加密导致忘记密码判断总是失败问题

apps/authentication/api/password.py

@@ -15,12 +15,11 @@ from authentication.mixins import authenticate
 from authentication.serializers import (
     PasswordVerifySerializer, ResetPasswordCodeSerializer
 )
+from authentication.utils import check_user_property_is_correct
 from common.permissions import IsValidUser
-from common.utils import get_object_or_none
 from common.utils.random import random_string
 from common.utils.verify_code import SendAndVerifyCodeUtil
 from settings.utils import get_login_title
-from users.models import User
 
 
 class UserResetPasswordSendCodeApi(CreateAPIView):
@@ -28,13 +27,9 @@ class UserResetPasswordSendCodeApi(CreateAPIView):
     serializer_class = ResetPasswordCodeSerializer
 
     @staticmethod
-    def is_valid_user(username, **attr_query):
+    def is_valid_user(username, **properties):
-        user = get_object_or_none(User, username=username)
+        user = check_user_property_is_correct(username, **properties)
-        valid = True
+        if not user:
-        for attr, value in attr_query.items():
-            if getattr(user, attr, None) != value:
-                valid = False
-        if not valid:
             err_msg = _('User does not exist: {}').format(_("No user matched"))
             return None, err_msg
         if not user.is_local:

apps/authentication/utils.py

@@ -7,8 +7,9 @@ from django.conf import settings
 from django.utils.translation import gettext_lazy as _
 
 from audits.const import DEFAULT_CITY
+from users.models import User
 from audits.models import UserLoginLog
-from common.utils import get_logger
+from common.utils import get_logger, get_object_or_none
 from common.utils import validate_ip, get_ip_city, get_request_ip
 from .notifications import DifferentCityLoginMessage
 
@@ -59,3 +60,12 @@ def build_absolute_uri_for_oidc(request, path=None):
         redirect_uri = urljoin(settings.BASE_SITE_URL, path)
         return redirect_uri
     return build_absolute_uri(request, path=path)
+
+
+def check_user_property_is_correct(username, **properties):
+    user = get_object_or_none(User, username=username)
+    for attr, value in properties.items():
+        if getattr(user, attr, None) != value:
+            user = None
+            break
+    return user

apps/users/views/profile/reset.py

@@ -12,6 +12,7 @@ from django.utils.translation import gettext as _
 from django.views.generic import FormView, RedirectView
 
 from authentication.errors import IntervalTooShort
+from authentication.utils import check_user_property_is_correct
 from common.utils import FlashMessageUtil, get_object_or_none, random_string
 from common.utils.verify_code import SendAndVerifyCodeUtil
 from users.notifications import ResetPasswordSuccessMsg
@@ -148,7 +149,6 @@ class UserForgotPasswordView(FormView):
         query_key = form_type
         if form_type == 'sms':
             query_key = 'phone'
-            target = target.lstrip('+')
 
         try:
             self.safe_verify_code(token, target, form_type, code)
@@ -158,7 +158,7 @@ class UserForgotPasswordView(FormView):
             form.add_error('code', str(e))
             return super().form_invalid(form)
 
-        user = get_object_or_none(User, **{'username': username, query_key: target})
+        user = check_user_property_is_correct(username, **{query_key: target})
         if not user:
             form.add_error('code', _('No user matched'))
             return super().form_invalid(form)