p90524618
/
answer
mirror of https://gitee.com/answerdev/answer.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix(password): password can't contains space.

This commit is contained in:
LinkinStars 2023-05-22 15:09:22 +08:00
parent 8e46fe3ecd
commit 7d23b17cdb
6 changed files with 36 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
i18n/en_US.yaml
View File

@ -1,19 +1,4 @@
# The following fields are used for back-end # The following fields are used for back-end
# backend.email.tpl.change_email.title.other = Confirm your new email address for {{.SiteName}} by clicking on the following link:\u003cbr\u003e\u003cbr\u003e\n\n\u003ca href='{{.ChangeEmailUrl}}' target='_blank'\u003e{{.ChangeEmailUrl}}\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e\n\nIf you did not request this change, please ignore this email.\n
# backend.email.tpl.change_email.body.other = [{{.SiteName}}] Confirm your new email address
# backend.email.tpl.new_answer.title.other = \u003cstrong\u003e\u003ca href='{{.AnswerUrl}}'\u003e{{.QuestionTitle}}\u003c/a\u003e\u003c/strong\u003e\u003cbr\u003e\u003cbr\u003e\n\n\u003csmall\u003e{{.DisplayName}}:\u003c/small\u003e\u003cbr\u003e\n\u003cblockquote\u003e{{.AnswerSummary}}\u003c/blockquote\u003e\u003cbr\u003e\n\u003ca href='{{.AnswerUrl}}'\u003eView it on {{.SiteName}}\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e\n\n\u003csmall\u003eYou are receiving this because you authored the thread. \u003ca href='{{.UnsubscribeUrl}}'\u003eUnsubscribe\u003c/a\u003e\u003c/small\u003e
# backend.email.tpl.new_answer.body.other = [{{.SiteName}}] {{.DisplayName}} answered your question
# backend.email.tpl.new_comment.title.other = \u003cstrong\u003e\u003ca href='{{.CommentUrl}}'\u003e{{.QuestionTitle}}\u003c/a\u003e\u003c/strong\u003e\u003cbr\u003e\u003cbr\u003e\n\n\u003csmall\u003e{{.DisplayName}}:\u003c/small\u003e\u003cbr\u003e\n\u003cblockquote\u003e{{.CommentSummary}}\u003c/blockquote\u003e\u003cbr\u003e\n\u003ca href='{{.CommentUrl}}'\u003eView it on {{.SiteName}}\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e\n\n\u003csmall\u003eYou are receiving this because you authored the thread. \u003ca href='{{.UnsubscribeUrl}}'\u003eUnsubscribe\u003c/a\u003e\u003c/small\u003e
# backend.email.tpl.new_comment.body.other = [{{.SiteName}}] {{.DisplayName}} commented on your post
# backend.email.tpl.pass_reset.title.other = Somebody asked to reset your password on [{{.SiteName}}].\u003cbr\u003e\u003cbr\u003e\n\nIf it was not you, you can safely ignore this email.\u003cbr\u003e\u003cbr\u003e\n\nClick the following link to choose a new password:\u003cbr\u003e\n\u003ca href='{{.PassResetUrl}}' target='_blank'\u003e{{.PassResetUrl}}\u003c/a\u003e\n
# backend.email.tpl.pass_reset.body.other = [{{.SiteName }}] Password reset
# backend.email.tpl.register.title.other = Welcome to {{.SiteName}}\u003cbr\u003e\u003cbr\u003e\n\nClick the following link to confirm and activate your new account:\u003cbr\u003e\n\u003ca href='{{.RegisterUrl}}' target='_blank'\u003e{{.RegisterUrl}}\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e\n\nIf the above link is not clickable, try copying and pasting it into the address bar of your web browser.\n
# backend.email.tpl.register.body.other = [{{.SiteName}}] Confirm your new account
# backend.email.tpl.test.title.other = This is a test email.
# backend.email.tpl.test.body.other = [{{.SiteName}}] Test Email
backend: backend:
base: base:
success: success:
@ -123,6 +108,9 @@ backend:
email_or_password_wrong_error: email_or_password_wrong_error:
other: Email and password do not match. other: Email and password do not match.
error: error:
password:
space_invalid:
other: Password cannot contain spaces.
admin: admin:
cannot_update_their_password: cannot_update_their_password:
other: You cannot modify your password. other: You cannot modify your password.

5
i18n/zh_CN.yaml
View File

@ -97,13 +97,16 @@ backend:
other: 编辑标签描述(无需审核) other: 编辑标签描述(无需审核)
rank_tag_synonym_label: rank_tag_synonym_label:
other: 管理标签同义词 other: 管理标签同义词
email: e_mail:
other: 邮箱 other: 邮箱
password: password:
other: 密码 other: 密码
email_or_password_wrong_error: email_or_password_wrong_error:
other: 邮箱和密码不匹配。 other: 邮箱和密码不匹配。
error: error:
password:
space_invalid:
other: 密码不能包含空格。
admin: admin:
cannot_update_their_password: cannot_update_their_password:
other: 您无法修改自己的密码。 other: 您无法修改自己的密码。

4
internal/base/validator/validator.go
View File

@ -207,10 +207,12 @@ func (m *MyValidator) Check(value interface{}) (errFields []*FormErrorField, err
if err == nil { if err == nil {
return nil, nil return nil, nil
} }
errMsg := ""
for _, errField := range errFields { for _, errField := range errFields {
errField.ErrorMsg = translator.Tr(m.Lang, errField.ErrorMsg) errField.ErrorMsg = translator.Tr(m.Lang, errField.ErrorMsg)
errMsg = errField.ErrorMsg
} }
return errFields, err return errFields, myErrors.BadRequest(reason.RequestFormatError).WithMsg(errMsg)
} }
return nil, nil return nil, nil
} }

2
internal/migrations/v10.go
View File

@ -24,6 +24,8 @@ func addLoginLimitations(x *xorm.Engine) error {
_ = json.Unmarshal([]byte(loginSiteInfo.Content), content) _ = json.Unmarshal([]byte(loginSiteInfo.Content), content)
content.AllowEmailRegistrations = true content.AllowEmailRegistrations = true
content.AllowEmailDomains = make([]string, 0) content.AllowEmailDomains = make([]string, 0)
data, _ := json.Marshal(content)
loginSiteInfo.Content = string(data)
_, err = x.ID(loginSiteInfo.ID).Cols("content").Update(loginSiteInfo) _, err = x.ID(loginSiteInfo.ID).Cols("content").Update(loginSiteInfo)
if err != nil { if err != nil {
return fmt.Errorf("update site info failed: %w", err) return fmt.Errorf("update site info failed: %w", err)

31
internal/schema/user_schema.go
View File

@ -262,35 +262,29 @@ type UserRegisterReq struct {
} }
func (u *UserRegisterReq) Check() (errFields []*validator.FormErrorField, err error) { func (u *UserRegisterReq) Check() (errFields []*validator.FormErrorField, err error) {
// TODO i18n if err = checker.CheckPassword(u.Pass); err != nil {
err = checker.CheckPassword(8, 32, 0, u.Pass) errFields = append(errFields, &validator.FormErrorField{
if err != nil {
errField := &validator.FormErrorField{
ErrorField: "pass", ErrorField: "pass",
ErrorMsg: err.Error(), ErrorMsg: err.Error(),
} })
errFields = append(errFields, errField)
return errFields, err return errFields, err
} }
return nil, nil return nil, nil
} }
type UserModifyPasswordReq struct { type UserModifyPasswordReq struct {
OldPass string `validate:"omitempty,gte=8,lte=32" json:"old_pass"` OldPass string `validate:"omitempty,gte=8,lte=32" json:"old_pass"`
Pass string `validate:"required,gte=8,lte=32" json:"pass"` Pass string `validate:"required,gte=8,lte=32" json:"pass"`
UserID string `json:"-"` UserID string `json:"-"`
AccessToken string `json:"-"` AccessToken string `json:"-"`
} }
func (u *UserModifyPasswordReq) Check() (errFields []*validator.FormErrorField, err error) { func (u *UserModifyPasswordReq) Check() (errFields []*validator.FormErrorField, err error) {
// TODO i18n if err = checker.CheckPassword(u.Pass); err != nil {
err = checker.CheckPassword(8, 32, 0, u.Pass) errFields = append(errFields, &validator.FormErrorField{
if err != nil {
errField := &validator.FormErrorField{
ErrorField: "pass", ErrorField: "pass",
ErrorMsg: err.Error(), ErrorMsg: err.Error(),
} })
errFields = append(errFields, errField)
return errFields, err return errFields, err
} }
return nil, nil return nil, nil
@ -352,14 +346,11 @@ type UserRePassWordRequest struct {
} }
func (u *UserRePassWordRequest) Check() (errFields []*validator.FormErrorField, err error) { func (u *UserRePassWordRequest) Check() (errFields []*validator.FormErrorField, err error) {
// TODO i18n if err = checker.CheckPassword(u.Pass); err != nil {
err = checker.CheckPassword(8, 32, 0, u.Pass) errFields = append(errFields, &validator.FormErrorField{
if err != nil {
errField := &validator.FormErrorField{
ErrorField: "pass", ErrorField: "pass",
ErrorMsg: err.Error(), ErrorMsg: err.Error(),
} })
errFields = append(errFields, errField)
return errFields, err return errFields, err
} }
return nil, nil return nil, nil

26
pkg/checker/password.go
View File

@ -3,6 +3,7 @@ package checker
import ( import (
"fmt" "fmt"
"regexp" "regexp"
"strings"
) )
const ( const (
@ -13,27 +14,26 @@ const (
LevelS LevelS
) )
// CheckPassword const (
// minLength: Specifies the minimum length of a password PasswordCannotContainSpaces = "error.password.space_invalid"
// maxLengthSpecifies the maximum length of a password )
// minLevelSpecifies the minimum strength level required for passwords
// pwdText passwords // CheckPassword checks the password strength
func CheckPassword(minLength, maxLength, minLevel int, pwd string) error { func CheckPassword(password string) error {
// First check whether the password length is within the range if strings.Contains(password, " ") {
if len(pwd) < minLength { return fmt.Errorf(PasswordCannotContainSpaces)
return fmt.Errorf("BAD PASSWORD: The password is shorter than %d characters", minLength)
}
if len(pwd) > maxLength {
return fmt.Errorf("BAD PASSWORD: The password is logner than %d characters", maxLength)
} }
// TODO Currently there is no requirement for password strength
minLevel := 0
// The password strength level is initialized to D. // The password strength level is initialized to D.
// The regular is used to verify the password strength. // The regular is used to verify the password strength.
// If the matching is successful, the password strength increases by 1 // If the matching is successful, the password strength increases by 1
level := levelD level := levelD
patternList := []string{`[0-9]+`, `[a-z]+`, `[A-Z]+`, `[~!@#$%^&*?_-]+`} patternList := []string{`[0-9]+`, `[a-z]+`, `[A-Z]+`, `[~!@#$%^&*?_-]+`}
for _, pattern := range patternList { for _, pattern := range patternList {
match, _ := regexp.MatchString(pattern, pwd) match, _ := regexp.MatchString(pattern, password)
if match { if match {
level++ level++
} }