fix: 修复校验用户密码规则

3 years ago · d46f1080f8
5 changed files with 22 additions and 5 deletions
--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@ -209,6 +209,11 @@ class RoleMixin:
        from orgs.models import ROLE as ORG_ROLE
        return [str(role.label) for role in self.org_roles if role in ORG_ROLE]

+    @lazyproperty
+    def org_roles_value_list(self):
+        from orgs.models import ROLE as ORG_ROLE
+        return [str(role.value) for role in self.org_roles if role in ORG_ROLE]
+
    @lazyproperty
    def org_role_display(self):
        return ' | '.join(self.org_roles_label_list)
--- a/apps/users/serializers/profile.py
+++ b/apps/users/serializers/profile.py
@ -32,7 +32,7 @@ class UserUpdatePasswordSerializer(serializers.ModelSerializer):

    def validate_new_password(self, value):
        from ..utils import check_password_rules
-        if not check_password_rules(value, user=self.instance):
+        if not check_password_rules(value, is_org_admin=self.instance.is_org_admin):
            msg = _('Password does not match security rules')
            raise serializers.ValidationError(msg)
        if self.instance.is_history_password(value):
--- a/apps/users/serializers/user.py
+++ b/apps/users/serializers/user.py
@ -116,6 +116,18 @@ class UserSerializer(CommonBulkSerializerMixin, serializers.ModelSerializer):
            raise serializers.ValidationError(msg)
        return value

+    @property
+    def is_org_admin(self):
+        roles = []
+        role = self.initial_data.get('role')
+        if role:
+            roles.append(role)
+        org_roles = self.initial_data.get('org_roles')
+        if org_roles:
+            roles.extend(org_roles)
+        is_org_admin = User.ROLE.ADMIN.value in roles
+        return is_org_admin
+
    def validate_password(self, password):
        from ..utils import check_password_rules
        password_strategy = self.initial_data.get('password_strategy')
@ -125,7 +137,7 @@ class UserSerializer(CommonBulkSerializerMixin, serializers.ModelSerializer):
        if self.instance and not password:
            # 更新用户, 未设置密码
            return
-        if not check_password_rules(password, user=self.instance):
+        if not check_password_rules(password, is_org_admin=self.is_org_admin):
            msg = _('Password does not match security rules')
            raise serializers.ValidationError(msg)
        return password
--- a/apps/users/utils.py
+++ b/apps/users/utils.py
@ -308,7 +308,7 @@ def get_password_check_rules(user):
    return check_rules


-def check_password_rules(password, user):
+def check_password_rules(password, is_org_admin=False):
    pattern = r"^"
    if settings.SECURITY_PASSWORD_UPPER_CASE:
        pattern += '(?=.*[A-Z])'
@ -319,7 +319,7 @@ def check_password_rules(password, user):
    if settings.SECURITY_PASSWORD_SPECIAL_CHAR:
        pattern += '(?=.*[`~!@#\$%\^&\*\(\)-=_\+\[\]\{\}\|;:\'\",\.<>\/\?])'
    pattern += '[a-zA-Z\d`~!@#\$%\^&\*\(\)-=_\+\[\]\{\}\|;:\'\",\.<>\/\?]'
-    if user.is_org_admin:
+    if is_org_admin:
        min_length = settings.SECURITY_ADMIN_USER_PASSWORD_MIN_LENGTH
    else:
        min_length = settings.SECURITY_PASSWORD_MIN_LENGTH
--- a/apps/users/views/profile/reset.py
+++ b/apps/users/views/profile/reset.py
@ -101,7 +101,7 @@ class UserResetPasswordView(FormView):
            return self.form_invalid(form)

        password = form.cleaned_data['new_password']
-        is_ok = check_password_rules(password, user)
+        is_ok = check_password_rules(password, is_org_admin=user.is_org_admin)
        if not is_ok:
            error = _('* Your password does not meet the requirements')
            form.add_error('new_password', error)