orga0063
/
BootstrapAdmin
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

修改BUG:新用户注册于用户管理需要对一些特殊字符过滤 closed #ITL7E 

#Issue
https://gitee.com/LongbowEnterprise/BootstrapAdmin/issues/ITL7E
commit: 70aa5bb
commit: a5226b7

#Comment
使用正则表达式对允许字符进行过滤
This commit is contained in:
Argo Zhang 2019-03-15 17:19:28 +08:00
parent 5060a3e0aa
commit 7a98489d5a
6 changed files with 63 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Bootstrap.Admin/Views/Account/Login.cshtml
View File

@ -52,7 +52,7 @@
<span class="fa fa-user"></span>
</div>
</div>
<input type="text" name="userName" class="form-control" placeholder="用户名" data-required-msg="请输入用户名" value="" autofocus data-valid="true" />
<input type="text" name="userName" class="form-control" placeholder="用户名" maxlength="16" data-required-msg="请输入用户名" value="" autofocus data-valid="true" />
</div>
</div>
<div class="form-group">
@ -62,7 +62,7 @@
<span class="fa fa-lock"></span>
</div>
</div>
<input type="password" name="password" class="form-control" value="" placeholder="密码" data-required-msg="请输入密码" data-valid="true" />
<input type="password" name="password" class="form-control" value="" placeholder="密码" maxlength="16" data-required-msg="请输入密码" data-valid="true" />
</div>
</div>
<div class="form-group rememberPwd" onselectstart="return false">
@ -94,14 +94,14 @@
</div>
<div class="modal-body">
<div class="form-group">
<label for="userName">登陆账号</label>
<label for="userName">登陆名称</label>
<div class="input-group">
<div class="input-group-prepend">
<div class="input-group-text">
<span class="fa fa-user-plus"></span>
</div>
</div>
<input type="text" id="userName" autocomplete="off" class="form-control" placeholder="登陆账号不可为空" minlength="4" maxlength="50" remote="api/Register" data-remote-msg="此用户已存在" data-valid="true" />
<input type="text" id="userName" autocomplete="off" class="form-control" placeholder="登陆账号不可为空" userName="true" minlength="4" maxlength="16" remote="api/Register" data-remote-msg="此用户已存在" data-valid="true" />
</div>
</div>
<div class="form-group">
@ -112,7 +112,7 @@
<span class="fa fa-user-circle-o"></span>
</div>
</div>
<input type="text" id="displayName" class="form-control" value="" placeholder="显示名称不可为空" maxlength="50" data-valid="true" />
<input type="text" id="displayName" class="form-control" value="" placeholder="显示名称不可为空" maxlength="20" data-valid="true" />
</div>
</div>
<div class="form-group">
@ -123,7 +123,7 @@
<span class="fa fa-lock"></span>
</div>
</div>
<input type="password" id="password" class="form-control" value="" placeholder="密码不可为空" maxlength="50" data-valid="true" />
<input type="password" id="password" class="form-control" value="" placeholder="密码不可为空" maxlength="16" data-valid="true" />
</div>
</div>
<div class="form-group">
@ -134,7 +134,7 @@
<span class="fa fa-lock"></span>
</div>
</div>
<input type="password" id="assurePassword" class="form-control" value="" placeholder="确认密码" maxlength="50" equalTo="#password" data-valid="true" />
<input type="password" id="assurePassword" class="form-control" value="" placeholder="确认密码" maxlength="16" equalTo="#password" data-valid="true" />
</div>
</div>
<div class="form-group">
@ -171,7 +171,7 @@
<span class="fa fa-user-plus"></span>
</div>
</div>
<input type="text" id="f_userName" autocomplete="off" class="form-control" placeholder="登陆账号不可为空" minlength="4" maxlength="50" data-valid="true" />
<input type="text" id="f_userName" autocomplete="off" class="form-control" placeholder="登陆账号不可为空" minlength="4" maxlength="16" data-valid="true" />
</div>
</div>
<div class="form-group">
@ -182,7 +182,7 @@
<span class="fa fa-user-circle-o"></span>
</div>
</div>
<input type="text" id="f_displayName" class="form-control" value="" placeholder="显示名称不可为空" maxlength="50" data-valid="true" />
<input type="text" id="f_displayName" class="form-control" value="" placeholder="显示名称不可为空" maxlength="20" data-valid="true" />
</div>
</div>
<div class="form-group">

8
Bootstrap.Admin/Views/Admin/Profiles.cshtml
View File

@ -41,7 +41,7 @@
</div>
<div class="form-group col-sm-6 col-md-auto">
<label class="control-label" for="DisplayName">显示名称</label>
<input type="text" class="form-control" id="displayName" name="displayName" value="@Model.DisplayName" placeholder="不可为空,50字以内" maxlength="50" data-valid="true" />
<input type="text" class="form-control" id="displayName" name="displayName" value="@Model.DisplayName" placeholder="不可为空,20字以内" maxlength="20" data-valid="true" />
</div>
</div>
</form>
@ -57,17 +57,17 @@
<div class="row">
<div class="form-group col-sm-6 col-md-auto">
<label class="control-label" for="currentPassword">原密码: </label>
<input type="password" class="form-control" id="currentPassword" placeholder="原密码50字以内" maxlength="50" data-valid="true" />
<input type="password" class="form-control" id="currentPassword" placeholder="原密码" maxlength="16" data-valid="true" />
</div>
</div>
<div class="row">
<div class="form-group col-sm-6 col-md-auto">
<label class="control-label" for="newPassword">新密码: </label>
<input type="password" class="form-control" id="newPassword" placeholder="新密码50字以内" maxlength="50" data-valid="true" />
<input type="password" class="form-control" id="newPassword" placeholder="新密码" maxlength="16" data-valid="true" />
</div>
<div class="form-group col-sm-6 col-md-auto">
<label class="control-label" for="confirmPassword">确认密码: </label>
<input type="password" class="form-control" id="confirmPassword" placeholder="与新密码一致50字以内" maxlength="50" equalTo="#newPassword" data-valid="true" />
<input type="password" class="form-control" id="confirmPassword" placeholder="与新密码一致" maxlength="16" equalTo="#newPassword" data-valid="true" />
</div>
</div>
</form>

18
Bootstrap.Admin/Views/Admin/Users.cshtml
View File

@ -11,11 +11,11 @@
<div class="row">
<div class="form-group col-sm-5 col-md-auto">
<label class="control-label" for="txt_search_name">登陆名称</label>
<input type="text" class="form-control" id="txt_search_name" />
<input type="text" class="form-control" id="txt_search_name" maxlength="16" />
</div>
<div class="form-group col-sm-5 col-md-auto">
<label class="control-label" for="txt_display_name">显示名称</label>
<input type="text" class="form-control" id="txt_display_name" />
<input type="text" class="form-control" id="txt_display_name" maxlength="20" />
</div>
<div class="form-group col-sm-2 col-md-auto flex-md-fill justify-content-md-end">
<button type="button" id="btn_query" class="btn btn-primary btn-fill align-self-sm-end align-self-md-auto"><i class="fa fa-search" aria-hidden="true"></i><span>查询</span></button>
@ -50,19 +50,19 @@
<div class="row">
<div class="form-group col-sm-6">
<label class="control-label" for="userName">登陆名称</label>
<input type="text" class="form-control" id="userName" placeholder="不可为空,50字以内" minlength="4" maxlength="50" remote="api/Register" data-remote-msg="此用户已存在" data-valid="true" />
<input type="text" class="form-control" id="userName" placeholder="不可为空,16字以内" minlength="4" maxlength="16" userName="true" remote="api/Register" data-remote-msg="此用户已存在" data-valid="true" />
</div>
<div class="form-group col-sm-6">
<label class="control-label" for="displayName">显示名称</label>
<input type="text" class="form-control" id="displayName" placeholder="不可为空,50字以内" maxlength="50" data-valid="true" />
<input type="text" class="form-control" id="displayName" placeholder="不可为空,20字以内" maxlength="20" data-valid="true" />
</div>
<div class="form-group col-sm-6">
<label class="control-label" for="password">登录密码</label>
<input type="password" class="form-control" id="password" placeholder="不可为空,50字以内" maxlength="50" data-valid="true" />
<input type="password" class="form-control" id="password" placeholder="不可为空,16字以内" maxlength="16" data-valid="true" />
</div>
<div class="form-group col-sm-6">
<label class="control-label" for="confirm">确认密码</label>
<input type="password" class="form-control" id="confirm" placeholder="与登陆密码一致50字以内" maxlength="50" equalTo="#password" data-valid="true" />
<input type="password" class="form-control" id="confirm" placeholder="与登陆密码一致" maxlength="16" equalTo="#password" data-valid="true" />
</div>
</div>
</form>
@ -83,15 +83,15 @@
<div class="form-row" id="resetForm">
<div class="form-group col-sm-6">
<label class="control-label" for="password">登录密码</label>
<input type="password" class="form-control" id="resetPassword" placeholder="不可为空,50字以内" maxlength="50" data-valid="true" />
<input type="password" class="form-control" id="resetPassword" placeholder="不可为空,16字以内" maxlength="16" data-valid="true" />
</div>
<div class="form-group col-sm-6">
<label class="control-label" for="confirm">确认密码</label>
<input type="password" class="form-control" id="resetConfirm" placeholder="与登陆密码一致50字以内" maxlength="50" equalTo="#resetPassword" data-valid="true" />
<input type="password" class="form-control" id="resetConfirm" placeholder="与登陆密码一致" maxlength="16" equalTo="#resetPassword" data-valid="true" />
</div>
<div class="form-group col-sm-12">
<label class="control-label" for="resetReason">重置原因</label>
<textarea class="form-control flex-sm-fill" id="resetReason" rows="3" readonly="readonly"></textarea>
<textarea class="form-control flex-sm-fill" id="resetReason" rows="3" readonly="readonly" maxlength="200"></textarea>
</div>
</div>
</form>

4
Bootstrap.DataAccess.MongoDB/User.cs
View File

@ -93,15 +93,13 @@ namespace Bootstrap.DataAccess.MongoDB
/// <summary>
///
/// </summary>
/// <param name="p"></param>
/// <param name="user"></param>
/// <returns></returns>
public override bool Save(DataAccess.User user)
{
// 已经存在或者已经在新用户中了
if (UserHelper.RetrieveUserByUserName(user.UserName) != null || UserHelper.RetrieveNewUsers().Any(u => u.UserName == user.UserName)) return false;
if (user.Description.Length > 500) user.Description = user.Description.Substring(0, 500);
if (user.UserName.Length > 50) user.UserName = user.UserName.Substring(0, 50);
DbManager.Users.InsertOne(new User()
{
UserName = user.UserName,

42
Bootstrap.DataAccess/Helper/UserHelper.cs
View File

@ -3,6 +3,7 @@ using Longbow.Cache;
using Longbow.Data;
using System;
using System.Collections.Generic;
using System.Text.RegularExpressions;
namespace Bootstrap.DataAccess
{
@ -17,10 +18,19 @@ namespace Bootstrap.DataAccess
public const string RetrieveNewUsersDataKey = "UserHelper-RetrieveNewUsers";
public const string RetrieveUsersByNameDataKey = "BootstrapUser-RetrieveUsersByName";
private static bool UserChecker(User user)
{
if (user.Description?.Length > 500) user.Description = user.Description.Substring(0, 500);
if (user.UserName?.Length > 16) user.UserName = user.UserName.Substring(0, 16);
if (user.Password?.Length > 16) user.Password = user.Password.Substring(0, 16);
if (user.DisplayName?.Length > 20) user.DisplayName = user.DisplayName.Substring(0, 20);
var pattern = @"^[a-zA-Z0-9_@.]*$";
return user.UserName.IsNullOrEmpty() || Regex.IsMatch(user.UserName, pattern);
}
/// <summary>
/// 查询所有用户
/// </summary>
/// <param name="id"></param>
/// <returns></returns>
public static IEnumerable<User> Retrieves() => CacheManager.GetOrAdd(RetrieveUsersDataKey, key => DbContextManager.Create<User>().Retrieves());
@ -29,10 +39,12 @@ namespace Bootstrap.DataAccess
/// </summary>
/// <param name="userName"></param>
/// <param name="password"></param>
/// <param name="config"></param>
/// <returns></returns>
public static bool Authenticate(string userName, string password, Action<LoginUser> config)
{
var loginUser = new LoginUser()
if (!UserChecker(new User { UserName = userName, Password = password })) return false;
var loginUser = new LoginUser
{
UserName = userName,
LoginTime = DateTime.Now,
@ -78,12 +90,13 @@ namespace Bootstrap.DataAccess
/// <summary>
/// 保存新建
/// </summary>
/// <param name="p"></param>
/// <param name="user"></param>
/// <returns></returns>
public static bool Save(User p)
public static bool Save(User user)
{
var ret = DbContextManager.Create<User>().Save(p);
if (ret) CacheCleanUtility.ClearCache(userIds: string.IsNullOrEmpty(p.Id) ? new List<string>() : new List<string>() { p.Id });
if (!UserChecker(user)) return false;
var ret = DbContextManager.Create<User>().Save(user);
if (ret) CacheCleanUtility.ClearCache(userIds: string.IsNullOrEmpty(user.Id) ? new List<string>() : new List<string>() { user.Id });
return ret;
}
@ -96,6 +109,7 @@ namespace Bootstrap.DataAccess
/// <returns></returns>
public static bool Update(string id, string password, string displayName)
{
if (!UserChecker(new User { Password = password, DisplayName = displayName })) return false;
var ret = DbContextManager.Create<User>().Update(id, password, displayName);
if (ret) CacheCleanUtility.ClearCache(userIds: string.IsNullOrEmpty(id) ? new List<string>() : new List<string>() { id });
return ret;
@ -121,7 +135,11 @@ namespace Bootstrap.DataAccess
/// <param name="password"></param>
/// <param name="newPass"></param>
/// <returns></returns>
public static bool ChangePassword(string userName, string password, string newPass) => DbContextManager.Create<User>().ChangePassword(userName, password, newPass);
public static bool ChangePassword(string userName, string password, string newPass)
{
if (!UserChecker(new User { UserName = userName, Password = password })) return false;
return DbContextManager.Create<User>().ChangePassword(userName, password, newPass);
}
/// <summary>
///
@ -129,10 +147,14 @@ namespace Bootstrap.DataAccess
/// <param name="userName"></param>
/// <param name="password"></param>
/// <returns></returns>
public static bool ResetPassword(string userName, string password) => DbContextManager.Create<User>().ResetPassword(userName, password);
public static bool ResetPassword(string userName, string password)
{
if (!UserChecker(new User { UserName = userName, Password = password })) return false;
return DbContextManager.Create<User>().ResetPassword(userName, password);
}
/// <summary>
///
/// 忘记密码调用
/// </summary>
/// <param name="user"></param>
public static bool ForgotPassword(ResetUser user) => DbContextManager.Create<User>().ForgotPassword(user);
@ -142,7 +164,6 @@ namespace Bootstrap.DataAccess
/// </summary>
/// <param name="id"></param>
/// <param name="rejectBy"></param>
/// <param name="reason"></param>
/// <returns></returns>
public static bool Reject(string id, string rejectBy)
{
@ -212,6 +233,7 @@ namespace Bootstrap.DataAccess
/// <returns></returns>
public static bool SaveDisplayName(string userName, string displayName)
{
if (!UserChecker(new User { UserName = userName, DisplayName = displayName })) return false;
var ret = DbContextManager.Create<User>().SaveDisplayName(userName, displayName);
if (ret) CacheCleanUtility.ClearCache(cacheKey: $"{RetrieveUsersDataKey}*");
return ret;

19
Bootstrap.DataAccess/User.cs
View File

@ -119,7 +119,6 @@ namespace Bootstrap.DataAccess
/// <summary>
/// 查询所有用户
/// </summary>
/// <param name="id"></param>
/// <returns></returns>
public virtual IEnumerable<User> Retrieves() => DbManager.Create().Fetch<User>("select u.ID, u.UserName, u.DisplayName, RegisterTime, ApprovedTime, ApprovedBy, Description, ru.IsReset from Users u left join (select 1 as IsReset, UserName from ResetUsers group by UserName) ru on u.UserName = ru.UserName Where ApprovedTime is not null");
@ -201,25 +200,23 @@ namespace Bootstrap.DataAccess
/// <summary>
/// 新建前台User View调用/注册用户调用
/// </summary>
/// <param name="p"></param>
/// <param name="user"></param>
/// <returns></returns>
public virtual bool Save(User p)
public virtual bool Save(User user)
{
var ret = false;
if (string.IsNullOrEmpty(p.Id) && p.Description.Length > 500) p.Description = p.Description.Substring(0, 500);
if (p.UserName.Length > 50) p.UserName = p.UserName.Substring(0, 50);
p.PassSalt = LgbCryptography.GenerateSalt();
p.Password = LgbCryptography.ComputeHash(p.Password, p.PassSalt);
p.RegisterTime = DateTime.Now;
user.PassSalt = LgbCryptography.GenerateSalt();
user.Password = LgbCryptography.ComputeHash(user.Password, user.PassSalt);
user.RegisterTime = DateTime.Now;
var db = DbManager.Create();
try
{
db.BeginTransaction();
if (!db.Exists<User>("where UserName = @0", p.UserName))
if (!db.Exists<User>("where UserName = @0", user.UserName))
{
db.Insert(p);
db.Execute("insert into UserRole (UserID, RoleID) select ID, (select ID from Roles where RoleName = 'Default') RoleId from Users where UserName = @0", p.UserName);
db.Insert(user);
db.Execute("insert into UserRole (UserID, RoleID) select ID, (select ID from Roles where RoleName = 'Default') RoleId from Users where UserName = @0", user.UserName);
}
db.CompleteTransaction();
ret = true;