优化重置密码逻辑

dependabot/npm_and_yarn/fir_admin/tmpl-1.0.5
youngS 3 years ago
parent 10297e1616
commit d460da0024
  1. 62
      fir_client/src/components/FirResetPwd.vue
  2. 2
      fir_client/src/restful/index.js
  3. 12
      fir_client/src/utils/index.js
  4. 54
      fir_ser/api/views/login.py

@ -33,11 +33,25 @@
</el-row>
</el-form-item>
<el-form-item>
<el-row>
<el-col :span="16">
<el-input v-model="form.seicode" prefix-icon="el-icon-mobile"
placeholder="验证码" clearable/>
</el-col>
<el-col :span="8">
<el-button type="info" @click="onGetCode" plain
style="margin:0 4px;border-radius:4px;cursor:pointer;height: 40px">获取验证码
</el-button>
</el-col>
</el-row>
</el-form-item>
<el-form-item>
<div id="captcha" ref="captcha"></div>
</el-form-item>
<el-form-item style="margin-top: 30px">
<el-button type="danger" :disabled="login_disable" @click="onSubmit">发送重置密码邮件</el-button>
<el-button type="danger" :disabled="login_disable" @click="onReset">发送重置密码邮件</el-button>
</el-form-item>
<el-form-item style="margin-top: 30px">
<el-button type="primary" @click="onLogin">我是老用户,要登录</el-button>
@ -58,8 +72,7 @@
<script>
import {loginFun} from "@/restful";
import {checkEmail, geetest} from "@/utils";
import {checkphone} from "../utils";
import {checkEmail, geetest, checkphone} from "@/utils";
export default {
name: "FirResetPwd",
@ -68,7 +81,9 @@
form: {
email: '',
password: '',
authcode: ''
authcode: '',
seicode: '',
auth_token: ''
},
cptch: {"cptch_image": '', "cptch_key": '', "length": 8},
activeName: 'username',
@ -80,6 +95,18 @@
}
},
methods: {
onGetCode() {
this.form.auth_token = '';
this.form.seicode = '';
this.onSubmit();
},
onReset() {
if (this.form.auth_token && this.form.seicode && this.form.seicode.length > 3) {
this.onSubmit()
} else {
this.$message.error("输入有误,请检查")
}
},
is_cptch() {
let cptch_flag = this.form.authcode.length === this.cptch.length;
if (this.cptch.cptch_key === '' || !this.cptch.cptch_key) {
@ -97,13 +124,21 @@
if (cptch_flag) {
let checke = checkEmail(this.form.email);
let checkp = checkphone(this.form.email);
if(checke||checkp){
if (checke || checkp) {
let params = {
"username": email,
"authcode": authcode,
"cptch_key": this.cptch.cptch_key,
"login_type": 'reset',
};
let seicode = this.form.seicode;
let auth_token = this.form.auth_token;
if (seicode && seicode.length > 3) {
params['seicode'] = seicode
}
if (auth_token && auth_token.length > 3) {
params['auth_token'] = auth_token
}
this.login_disable = true;
if (this.cptch.geetest) {
geetest(this, params, (n_params) => {
@ -112,11 +147,11 @@
} else {
this.do_login(params)
}
}else {
this.$message({
message: '邮箱或手机号输入有误',
type: 'error'
});
} else {
this.$message({
message: '邮箱或手机号输入有误',
type: 'error'
});
}
} else {
@ -129,8 +164,13 @@
do_login(params) {
loginFun(data => {
if (data.code === 1000) {
let msg = '密码重置成功,请登录邮箱或者手机短信查看';
if (data.data && data.data.auth_token) {
this.form.auth_token = data.data.auth_token;
msg = "验证码发送成功,请登录邮箱或者手机短信查看"
}
this.$message({
message: '密码重置成功,请登录邮箱或者手机短信查看',
message: msg,
type: 'success'
});

@ -10,7 +10,7 @@ Axios.defaults.withCredentials = true;
// });
// eslint-disable-next-line no-console
console.log("flyapps js version:"+process.env.base_env.version);
console.log("flyapps js version:" + process.env.base_env.version);
const DOMAIN = process.env.base_env.baseUrl;
const APIPATH = '/api/v1/fir/server';

@ -137,13 +137,13 @@ export function uploadaliyunoss(file, certinfo, app, successcallback, processcal
let retryCount = 0;
let partSize= 1024 * 1024;
let partSize = 1024 * 1024;
let f_count = Math.floor(file.size/partSize);
let f_count = Math.floor(file.size / partSize);
if(f_count > 200){
f_count=Math.floor(f_count*0.3)
}else {
if (f_count > 200) {
f_count = Math.floor(f_count * 0.3)
} else {
f_count = 60
}
let retryCountMax = 5 + f_count;
@ -188,7 +188,7 @@ export function uploadaliyunoss(file, certinfo, app, successcallback, processcal
uploadFile('')
} else {
app.$message({
message: file.name + ' 重试了'+retryCount+'次,还是上传失败了,请刷新页面重试',
message: file.name + ' 重试了' + retryCount + '次,还是上传失败了,请刷新页面重试',
type: 'error',
duration: 0
});

@ -7,7 +7,7 @@ from django.core.cache import cache
from rest_framework.views import APIView
from api.utils.utils import get_captcha, valid_captcha, \
get_sender_sms_token, is_valid_sender_code, get_sender_email_token, get_random_username, \
check_username_exists, set_user_token, get_sender_token
check_username_exists, set_user_token
from api.utils.baseutils import is_valid_phone, is_valid_email, get_min_default_domain_cname_obj
from api.utils.auth import ExpiringTokenAuthentication
from api.utils.response import BaseResponse
@ -55,7 +55,7 @@ def get_authenticate(target, password, act, allow_type):
return user_obj
def check_register_userinfo(target, act, key):
def check_register_userinfo(target, act, key, ftype=None):
res = BaseResponse()
res.data = {}
times_key = "%s_%s_%s" % (key, act, target)
@ -70,7 +70,7 @@ def check_register_userinfo(target, act, key):
if is_valid_phone(target):
if login_auth_failed("get", times_key):
login_auth_failed("set", times_key)
if UserInfo.objects.filter(mobile=target):
if UserInfo.objects.filter(mobile=target) and ftype is None:
res.code = 1005
res.msg = "手机号已经存在"
else:
@ -87,7 +87,7 @@ def check_register_userinfo(target, act, key):
if is_valid_email(target):
if login_auth_failed("get", times_key):
login_auth_failed("set", times_key)
if UserInfo.objects.filter(email=target):
if UserInfo.objects.filter(email=target) and ftype is None:
res.code = 1005
res.msg = "邮箱已经存在"
else:
@ -102,7 +102,7 @@ def check_register_userinfo(target, act, key):
elif act == "up":
if login_auth_failed("get", times_key):
login_auth_failed("set", times_key)
if UserInfo.objects.filter(username=target):
if UserInfo.objects.filter(username=target) and ftype is None:
res.code = 1005
res.msg = "用户名已经存在"
else:
@ -140,7 +140,7 @@ def check_change_userinfo(target, act, key, user, ftype=None):
res.data["auth_token"] = token
else:
res.code = 1009
res.msg = "该手机号今日注册次数已经达到上限"
res.msg = "该手机号今日使用次数已经达到上限"
else:
res.code = 1005
res.msg = "手机号校验失败"
@ -149,7 +149,7 @@ def check_change_userinfo(target, act, key, user, ftype=None):
if is_valid_email(target) and str(user.email) != str(target):
if login_auth_failed("get", times_key):
login_auth_failed("set", times_key)
if UserInfo.objects.filter(email=target):
if UserInfo.objects.filter(email=target) and ftype is None:
res.code = 1005
res.msg = "邮箱已经存在"
else:
@ -157,14 +157,14 @@ def check_change_userinfo(target, act, key, user, ftype=None):
res.data["auth_token"] = token
else:
res.code = 1009
res.msg = "该邮箱今日注册次数已经达到上限"
res.msg = "该邮箱今日使用次数已经达到上限"
else:
res.code = 1006
res.msg = "邮箱校验失败"
elif act == "up":
if login_auth_failed("get", times_key):
login_auth_failed("set", times_key)
if UserInfo.objects.filter(username=target):
if UserInfo.objects.filter(username=target) and ftype is None:
res.code = 1005
res.msg = "用户名已经存在"
else:
@ -202,15 +202,19 @@ class LoginView(APIView):
return Response(response.dict)
login_type = receive.get("login_type", None)
seicode = receive.get("seicode", None)
if login_auth_failed("get", username):
if login_type == 'reset':
user1_obj = None
user2_obj = None
act = None
if is_valid_email(username):
user1_obj = UserInfo.objects.filter(email=username).first()
act = "email"
if is_valid_phone(username):
user2_obj = UserInfo.objects.filter(mobile=username).first()
act = "sms"
if user1_obj or user2_obj:
user_obj = user1_obj if user1_obj else user2_obj
@ -218,17 +222,29 @@ class LoginView(APIView):
if login_auth_failed("get", user_obj.uid):
login_auth_failed("set", user_obj.uid)
if user2_obj:
a, b = get_sender_sms_token('sms', username, 'password', password)
else:
a, b = get_sender_email_token('email', username, 'password', password)
if a and b:
reset_user_pwd(user_obj, password)
login_auth_failed("del", username)
logger.warning(f'{user_obj} 找回密码成功,您的新密码为 {password} 请用新密码登录之后,及时修改密码')
if seicode:
is_valid, target = is_valid_sender_code(act, receive.get("auth_token", None), seicode)
if is_valid and str(target) == str(username):
if user2_obj:
a, b = get_sender_sms_token('sms', username, 'password', password)
else:
a, b = get_sender_email_token('email', username, 'password', password)
if a and b:
reset_user_pwd(user_obj, password)
login_auth_failed("del", username)
logger.warning(f'{user_obj} 找回密码成功,您的新密码为 {password} 请用新密码登录之后,及时修改密码')
else:
response.code = 1007
response.msg = "密码重置失败,请稍后重试或者联系管理员"
else:
response.code = 1009
response.msg = "验证码有误,请检查或者重新尝试"
else:
response.code = 1007
response.msg = "密码重置失败,请稍后重试或者联系管理员"
res = check_register_userinfo(username, act, 'change', 'reset')
return Response(res.dict)
else:
response.code = 1008
response.msg = "手机或者邮箱已经超过最大发送,请24小时后重试"

Loading…
Cancel
Save