fix: 解决手机号加密导致忘记密码判断总是失败问题

11 months ago · 814dbeb749
parent 630bb56601
commit 814dbeb749
3 changed files with 17 additions and 12 deletions
--- a/apps/authentication/api/password.py
+++ b/apps/authentication/api/password.py
@ -15,12 +15,11 @@ from authentication.mixins import authenticate
 from authentication.serializers import (
    PasswordVerifySerializer, ResetPasswordCodeSerializer
 )
+from authentication.utils import check_user_property_is_correct
 from common.permissions import IsValidUser
-from common.utils import get_object_or_none
 from common.utils.random import random_string
 from common.utils.verify_code import SendAndVerifyCodeUtil
 from settings.utils import get_login_title
-from users.models import User


 class UserResetPasswordSendCodeApi(CreateAPIView):
@ -28,13 +27,9 @@ class UserResetPasswordSendCodeApi(CreateAPIView):
    serializer_class = ResetPasswordCodeSerializer

    @staticmethod
-    def is_valid_user(username, **attr_query):
-        user = get_object_or_none(User, username=username)
-        valid = True
-        for attr, value in attr_query.items():
-            if getattr(user, attr, None) != value:
-                valid = False
-        if not valid:
+    def is_valid_user(username, **properties):
+        user = check_user_property_is_correct(username, **properties)
+        if not user:
            err_msg = _('User does not exist: {}').format(_("No user matched"))
            return None, err_msg
        if not user.is_local:
--- a/apps/authentication/utils.py
+++ b/apps/authentication/utils.py
@ -7,8 +7,9 @@ from django.conf import settings
 from django.utils.translation import gettext_lazy as _

 from audits.const import DEFAULT_CITY
+from users.models import User
 from audits.models import UserLoginLog
-from common.utils import get_logger
+from common.utils import get_logger, get_object_or_none
 from common.utils import validate_ip, get_ip_city, get_request_ip
 from .notifications import DifferentCityLoginMessage

@ -59,3 +60,12 @@ def build_absolute_uri_for_oidc(request, path=None):
        redirect_uri = urljoin(settings.BASE_SITE_URL, path)
        return redirect_uri
    return build_absolute_uri(request, path=path)
+
+
+def check_user_property_is_correct(username, **properties):
+    user = get_object_or_none(User, username=username)
+    for attr, value in properties.items():
+        if getattr(user, attr, None) != value:
+            user = None
+            break
+    return user
--- a/apps/users/views/profile/reset.py
+++ b/apps/users/views/profile/reset.py
@ -12,6 +12,7 @@ from django.utils.translation import gettext as _
 from django.views.generic import FormView, RedirectView

 from authentication.errors import IntervalTooShort
+from authentication.utils import check_user_property_is_correct
 from common.utils import FlashMessageUtil, get_object_or_none, random_string
 from common.utils.verify_code import SendAndVerifyCodeUtil
 from users.notifications import ResetPasswordSuccessMsg
@ -148,7 +149,6 @@ class UserForgotPasswordView(FormView):
        query_key = form_type
        if form_type == 'sms':
            query_key = 'phone'
-            target = target.lstrip('+')

        try:
            self.safe_verify_code(token, target, form_type, code)
@ -158,7 +158,7 @@ class UserForgotPasswordView(FormView):
            form.add_error('code', str(e))
            return super().form_invalid(form)

-        user = get_object_or_none(User, **{'username': username, query_key: target})
+        user = check_user_property_is_correct(username, **{query_key: target})
        if not user:
            form.add_error('code', _('No user matched'))
            return super().form_invalid(form)