From 7902dcd636afd6d121b0c22e9e83a293d5048cdc Mon Sep 17 00:00:00 2001
From: vapao <live1989@foxmail.com>
Date: Sun, 22 May 2022 20:49:08 +0800
Subject: [PATCH] =?UTF-8?q?U=20=E5=8A=A0=E5=BC=BA=E8=B4=A6=E6=88=B7?=
 =?UTF-8?q?=E5=AF=86=E7=A0=81=E7=AD=96=E7=95=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 spug_api/apps/account/utils.py             |  9 +++++++++
 spug_api/apps/account/views.py             | 12 ++++++++++--
 spug_web/src/pages/system/account/Form.js  |  4 ++--
 spug_web/src/pages/system/account/Table.js |  2 +-
 spug_web/src/pages/welcome/info/Reset.js   |  2 +-
 5 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/spug_api/apps/account/utils.py b/spug_api/apps/account/utils.py
index a585693..aa984b8 100644
--- a/spug_api/apps/account/utils.py
+++ b/spug_api/apps/account/utils.py
@@ -2,6 +2,7 @@
 # Copyright: (c) <spug.dev@gmail.com>
 # Released under the AGPL-3.0 License.
 from apps.host.models import Group
+import re
 
 
 def get_host_perms(user):
@@ -19,3 +20,11 @@ def has_host_perm(user, target):
     if isinstance(target, (list, set, tuple)):
         return set(target).issubset(host_ids)
     return int(target) in host_ids
+
+
+def verify_password(password):
+    if len(password) < 8:
+        return False
+    if not all(map(lambda x: re.findall(x, password), ['[0-9]', '[a-z]', '[A-Z]'])):
+        return False
+    return True
diff --git a/spug_api/apps/account/views.py b/spug_api/apps/account/views.py
index c3d56ce..b5542bc 100644
--- a/spug_api/apps/account/views.py
+++ b/spug_api/apps/account/views.py
@@ -8,6 +8,7 @@ from libs.utils import get_request_real_ip, generate_random_str
 from libs.spug import send_login_wx_code
 from apps.account.models import User, Role, History
 from apps.setting.utils import AppSetting
+from apps.account.utils import verify_password
 from libs.ldap import LDAP
 import ipaddress
 import time
@@ -40,6 +41,9 @@ class UserView(AdminView):
                 return json_response(error=f'已存在登录名为【{form.username}】的用户')
 
             role_ids, password = form.pop('role_ids'), form.pop('password')
+            if not verify_password(password):
+                return json_response(error='请设置至少8位包含数字、小写和大写字母的新密码')
+
             if form.id:
                 user = User.objects.get(pk=form.id)
                 user.update_by_dict(form)
@@ -62,6 +66,8 @@ class UserView(AdminView):
         if error is None:
             user = User.objects.get(pk=form.id)
             if form.password:
+                if not verify_password(form.password):
+                    return json_response(error='请设置至少8位包含数字、小写和大写字母的新密码')
                 user.token_expired = 0
                 user.password_hash = User.make_password(form.pop('password'))
             if form.is_active is not None:
@@ -157,8 +163,10 @@ class SelfView(View):
             if form.old_password and form.new_password:
                 if request.user.type == 'ldap':
                     return json_response(error='LDAP账户无法修改密码')
-                if len(form.new_password) < 6:
-                    return json_response(error='请设置至少6位的新密码')
+
+                if not verify_password(form.new_password):
+                    return json_response(error='请设置至少8位包含数字、小写和大写字母的新密码')
+
                 if request.user.verify_password(form.old_password):
                     request.user.password_hash = User.make_password(form.new_password)
                     request.user.token_expired = 0
diff --git a/spug_web/src/pages/system/account/Form.js b/spug_web/src/pages/system/account/Form.js
index 710a0fd..e0f1de5 100644
--- a/spug_web/src/pages/system/account/Form.js
+++ b/spug_web/src/pages/system/account/Form.js
@@ -49,8 +49,8 @@ export default observer(function () {
         <Form.Item required name="nickname" label="姓名">
           <Input placeholder="请输入姓名"/>
         </Form.Item>
-        <Form.Item required hidden={store.record.id} name="password" label="密码">
-          <Input type="password" placeholder="请输入密码"/>
+        <Form.Item required hidden={store.record.id} name="password" label="密码" extra="至少8位包含数字、小写和大写字母。">
+          <Input.Password placeholder="请输入密码"/>
         </Form.Item>
         <Form.Item hidden={store.record.is_supper} label="角色" style={{marginBottom: 0}}>
           <Form.Item name="role_ids" style={{display: 'inline-block', width: '80%'}} extra="权限最大化原则，组合多个角色权限。">
diff --git a/spug_web/src/pages/system/account/Table.js b/spug_web/src/pages/system/account/Table.js
index 73fd1e6..05ec58d 100644
--- a/spug_web/src/pages/system/account/Table.js
+++ b/spug_web/src/pages/system/account/Table.js
@@ -67,7 +67,7 @@ class ComTable extends React.Component {
       icon: <ExclamationCircleOutlined/>,
       title: '重置登录密码',
       content: <Form layout="vertical" style={{marginTop: 24}}>
-        <Form.Item required label="重置后的新密码">
+        <Form.Item required label="重置后的新密码" extra="至少8位包含数字、小写和大写字母。">
           <Input.Password onChange={val => this.setState({password: val.target.value})}/>
         </Form.Item>
       </Form>,
diff --git a/spug_web/src/pages/welcome/info/Reset.js b/spug_web/src/pages/welcome/info/Reset.js
index 2d66ded..fed5815 100644
--- a/spug_web/src/pages/welcome/info/Reset.js
+++ b/spug_web/src/pages/welcome/info/Reset.js
@@ -41,7 +41,7 @@ export default function Reset(props) {
         <Form.Item required label="原密码">
           <Input.Password value={old_password} placeholder="请输入" onChange={e => setOldPassword(e.target.value)}/>
         </Form.Item>
-        <Form.Item required label="新密码">
+        <Form.Item required label="新密码" extra="至少8位包含数字、小写和大写字母。">
           <Input.Password value={new_password} placeholder="请输入" onChange={e => setNewPassword(e.target.value)}/>
         </Form.Item>
         <Form.Item required label="再次确认">