From 79300b752bd129045b6837bcf9a45b7864797cec Mon Sep 17 00:00:00 2001 From: ParInshOvGotQuep Date: Mon, 4 Jan 2016 13:56:47 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=89=BE=E5=9B=9E=E5=AF=86?= =?UTF-8?q?=E7=A0=81=E5=8F=8A=E9=9D=99=E6=80=81key=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install/install.py | 5 +++++ juser/views.py | 13 ++++++++----- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/install/install.py b/install/install.py index 5552d3c20..021cc73c1 100755 --- a/install/install.py +++ b/install/install.py @@ -12,6 +12,8 @@ import socket import fcntl import struct import readline +import random +import string jms_dir = os.path.dirname(os.path.abspath(os.path.dirname(__file__))) sys.path.append(jms_dir) @@ -71,12 +73,15 @@ class PreSetup(object): self.mail_addr = 'hello@jumpserver.org' self.mail_pass = '' self.ip = '' + self.key = ''.join(random.choice(string.ascii_lowercase + string.digits) \ + for _ in range(16)) def write_conf(self, conf_file=os.path.join(jms_dir, 'jumpserver.conf')): color_print('开始写入配置文件', 'green') conf = ConfigParser.ConfigParser() conf.read(conf_file) conf.set('base', 'url', 'http://%s' % self.ip) + conf.set('base', 'key', self.key) conf.set('db', 'host', self.db_host) conf.set('db', 'port', self.db_port) conf.set('db', 'user', self.db_user) diff --git a/juser/views.py b/juser/views.py index ed2c11f2a..6b9d9a56b 100644 --- a/juser/views.py +++ b/juser/views.py @@ -313,6 +313,12 @@ def reset_password(request): hash_encode = request.GET.get('hash', '') action = '/juser/password/reset/?uuid=%s×tamp=%s&hash=%s' % (uuid_r, timestamp, hash_encode) + if hash_encode == PyCrypt.md5_crypt(uuid_r + timestamp + KEY): + if int(time.time()) - int(timestamp) > 600: + return http_error(request, u'链接已超时') + else: + return HttpResponse('hash校验失败') + if request.method == 'POST': password = request.POST.get('password') password_confirm = request.POST.get('password_confirm') @@ -328,11 +334,8 @@ def reset_password(request): else: return HttpResponse('用户不存在') - if hash_encode == PyCrypt.md5_crypt(uuid_r + timestamp + KEY): - if int(time.time()) - int(timestamp) > 600: - return http_error(request, u'链接已超时') - else: - return render_to_response('juser/reset_password.html', locals()) + else: + return render_to_response('juser/reset_password.html', locals()) return http_error(request, u'错误请求')