github
/
teleport
mirror of https://github.com/tp4a/teleport
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

修正:邮件重置密码收到的重置邮件永久有效(bug #52)

pull/105/head
Apex Liu 2018-03-07 01:36:14 +08:00
parent 1ff768dd4f
commit 88945c0ea6
4 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
server/www/teleport/static/js/ops/auz-list.js
View File

@ -49,11 +49,11 @@ $app.on_rebuild = function () {
if (ret.code === TPE_OK) { if (ret.code === TPE_OK) {
$tp.notify_success('重建授权映射成功!'); $tp.notify_success('重建授权映射成功!');
} else { } else {
$tp.notify_error('重建授权映射成功失败:' + tp_error_msg(ret.code, ret.message)); $tp.notify_error('重建授权映射失败:' + tp_error_msg(ret.code, ret.message));
} }
}, },
function () { function () {
$tp.notify_error('网络故障,重建授权映射成功失败!'); $tp.notify_error('网络故障,重建授权映射失败!');
} }
); );
}; };

2
server/www/teleport/view/user/reset-password.mako
View File

@ -49,7 +49,7 @@
您可以: 您可以:
<ul> <ul>
<li>联系管理员手工重置密码</li> <li>联系管理员手工重置密码</li>
<li><a href="/user/reset-password">稍后再尝试重置密码</a></li> <li><a href="/user/reset-password">重新重置密码</a></li>
</ul> </ul>
</div> </div>
</div> </div>

3
server/www/teleport/webroot/app/controller/user.py
View File

@ -742,6 +742,9 @@ class DoResetPasswordHandler(TPBaseJsonHandler):
password = tp_password_generate_secret(password) password = tp_password_generate_secret(password)
err = user.set_password(self, user_id, password) err = user.set_password(self, user_id, password)
if mode == 4 and err == TPE_OK:
user.remove_reset_token(token)
self.write_json(err) self.write_json(err)
else: else:

16
server/www/teleport/webroot/app/model/user.py
View File

@ -386,7 +386,7 @@ def check_reset_token(token):
# 0. remove expired token (after 3 days) # 0. remove expired token (after 3 days)
sql = 'DELETE FROM `{dbtp}user_rpt` WHERE create_time<{dbph};'.format(dbtp=db.table_prefix, dbph=db.place_holder) sql = 'DELETE FROM `{dbtp}user_rpt` WHERE create_time<{dbph};'.format(dbtp=db.table_prefix, dbph=db.place_holder)
db.query(sql, (_time_now - 3 * 24 * 60 * 60,)) db.exec(sql, (_time_now - 3 * 24 * 60 * 60,))
# 1. query user's id # 1. query user's id
sql = 'SELECT user_id, create_time FROM `{dbtp}user_rpt` WHERE token={dbph};'.format(dbtp=db.table_prefix, dbph=db.place_holder) sql = 'SELECT user_id, create_time FROM `{dbtp}user_rpt` WHERE token={dbph};'.format(dbtp=db.table_prefix, dbph=db.place_holder)
@ -397,19 +397,19 @@ def check_reset_token(token):
user_id = db_ret[0][0] user_id = db_ret[0][0]
create_time = db_ret[0][1] create_time = db_ret[0][1]
# err = s.select_from('user', ['email'], alt_name='u').where('u.id="{user_id}"'.format(user_id=user_id)).query()
# if err != TPE_OK:
# return err
# if len(s.recorder) == 0:
# return TPE_DATABASE
# email = s.recorder[0].email
if _time_now - create_time > 24 * 60 * 60: if _time_now - create_time > 24 * 60 * 60:
return TPE_EXPIRED, user_id return TPE_EXPIRED, user_id
else: else:
return TPE_OK, user_id return TPE_OK, user_id
def remove_reset_token(token):
db = get_db()
sql = 'DELETE FROM `{dbtp}user_rpt` WHERE token={dbph};'.format(dbtp=db.table_prefix, dbph=db.place_holder)
err = db.exec(sql, (token,))
return TPE_OK if err else TPE_DATABASE
def update_login_info(handler, user_id): def update_login_info(handler, user_id):
db = get_db() db = get_db()
_time_now = tp_timestamp_utc_now() _time_now = tp_timestamp_utc_now()