修正：邮件重置密码收到的重置邮件永久有效（bug #52）

2018-03-07 01:36:14 +08:00 · 2018-03-07 01:36:14 +08:00 · 88945c0ea6
parent 1ff768dd4f
commit 88945c0ea6
4 changed files with 15 additions and 12 deletions
--- a/server/www/teleport/static/js/ops/auz-list.js
+++ b/server/www/teleport/static/js/ops/auz-list.js
@ -49,11 +49,11 @@ $app.on_rebuild = function () {
            if (ret.code === TPE_OK) {
                $tp.notify_success('重建授权映射成功！');
            } else {
-                $tp.notify_error('重建授权映射成功失败：' + tp_error_msg(ret.code, ret.message));
+                $tp.notify_error('重建授权映射失败：' + tp_error_msg(ret.code, ret.message));
            }
        },
        function () {
-            $tp.notify_error('网络故障，重建授权映射成功失败！');
+            $tp.notify_error('网络故障，重建授权映射失败！');
        }
    );
 };
--- a/server/www/teleport/view/user/reset-password.mako
+++ b/server/www/teleport/view/user/reset-password.mako
@ -49,7 +49,7 @@
                        您可以：
                        <ul>
                            <li>联系管理员手工重置密码</li>
-                            <li><a href="/user/reset-password">稍后再尝试重置密码</a></li>
+                            <li><a href="/user/reset-password">重新重置密码</a></li>
                        </ul>
                    </div>
                </div>
--- a/server/www/teleport/webroot/app/controller/user.py
+++ b/server/www/teleport/webroot/app/controller/user.py
@ -742,6 +742,9 @@ class DoResetPasswordHandler(TPBaseJsonHandler):
            password = tp_password_generate_secret(password)
            err = user.set_password(self, user_id, password)

+            if mode == 4 and err == TPE_OK:
+                user.remove_reset_token(token)
+
            self.write_json(err)

        else:
--- a/server/www/teleport/webroot/app/model/user.py
+++ b/server/www/teleport/webroot/app/model/user.py
@ -385,8 +385,8 @@ def check_reset_token(token):
    _time_now = tp_timestamp_utc_now()

    # 0. remove expired token (after 3 days)
-    sql = 'DELETE FROM  `{dbtp}user_rpt` WHERE create_time<{dbph};'.format(dbtp=db.table_prefix, dbph=db.place_holder)
-    db.query(sql, (_time_now - 3 * 24 * 60 * 60,))
+    sql = 'DELETE FROM `{dbtp}user_rpt` WHERE create_time<{dbph};'.format(dbtp=db.table_prefix, dbph=db.place_holder)
+    db.exec(sql, (_time_now - 3 * 24 * 60 * 60,))

    # 1. query user's id
    sql = 'SELECT user_id, create_time FROM `{dbtp}user_rpt` WHERE token={dbph};'.format(dbtp=db.table_prefix, dbph=db.place_holder)
@ -397,19 +397,19 @@ def check_reset_token(token):
    user_id = db_ret[0][0]
    create_time = db_ret[0][1]

-    # err = s.select_from('user', ['email'], alt_name='u').where('u.id="{user_id}"'.format(user_id=user_id)).query()
-    # if err != TPE_OK:
-    #     return err
-    # if len(s.recorder) == 0:
-    #     return TPE_DATABASE
-    # email = s.recorder[0].email
-
    if _time_now - create_time > 24 * 60 * 60:
        return TPE_EXPIRED, user_id
    else:
        return TPE_OK, user_id


+def remove_reset_token(token):
+    db = get_db()
+    sql = 'DELETE FROM `{dbtp}user_rpt` WHERE token={dbph};'.format(dbtp=db.table_prefix, dbph=db.place_holder)
+    err = db.exec(sql, (token,))
+    return TPE_OK if err else TPE_DATABASE
+
+
 def update_login_info(handler, user_id):
    db = get_db()
    _time_now = tp_timestamp_utc_now()