fix: User check password need reset

2024-08-28 14:57:00 +08:00 · 2024-08-28 14:57:00 +08:00 · 9554de4ea6
parent 6157ff7b7d
commit 9554de4ea6
2 changed files with 14 additions and 2 deletions
--- a/apps/authentication/mixins.py
+++ b/apps/authentication/mixins.py
@ -319,14 +319,14 @@ class AuthPostCheckMixin:

    @classmethod
    def _check_passwd_is_too_simple(cls, user: User, password):
-        if password == 'admin' or password == 'ChangeMe':
+        if user.check_passwd_too_simple(password):
            message = _('Your password is too simple, please change it for security')
            url = cls.generate_reset_password_url_with_flash_msg(user, message=message)
            raise errors.PasswordTooSimple(url)

    @classmethod
    def _check_passwd_need_update(cls, user: User):
-        if user.need_update_password:
+        if user.check_need_update_password():
            message = _('You should to change your password before login')
            url = cls.generate_reset_password_url_with_flash_msg(user, message)
            raise errors.PasswordNeedUpdate(url)
--- a/apps/users/models/user/_auth.py
+++ b/apps/users/models/user/_auth.py
@ -228,6 +228,18 @@ class AuthMixin:
            return True
        return False

+    def check_need_update_password(self):
+        if self.is_local and self.need_update_password:
+            return True
+        return False
+
+    def check_passwd_too_simple(self, password):
+        backend = getattr(self, 'backend', None)
+        simple_passwords = ['admin', 'ChangeMe']
+        if backend == settings.AUTH_BACKEND_MODEL and password in simple_passwords:
+            return True
+        return False
+
    @staticmethod
    def get_public_key_md5(key):
        try: