更改: password参数传递使用加密后的

2024-11-20 11:52:26 +08:00 · 2024-11-20 11:52:26 +08:00 · f49d5d5c3a
parent a7fd0a5437
commit f49d5d5c3a
7 changed files with 28 additions and 12 deletions
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@ -144,7 +144,8 @@ class AccountsController < ApplicationController

      user = Users::RegisterService.call(register_params)
      user.mail = "#{user.login}@example.org" if user.mail.blank?
-      password = register_params[:password].strip
+      password = decrypt(register_params[:password]) rescue ""
+      password = password.strip

      # gitea用户注册, email, username, password
      interactor = Gitea::RegisterInteractor.call({username: user.login, email: user.mail, password: password})
@ -224,15 +225,18 @@ class AccountsController < ApplicationController
  end

  def change_password 
-    return render_error("两次输入的密码不一致") if params[:password].to_s != params[:new_password_repeat].to_s
+    password = decrypt(params[:password]) rescue ""
+    new_password_repeat = decrypt(params[:new_password_repeat]) rescue ""
+    old_password = decrypt(params[:old_password]) rescue ""
+    return render_error("两次输入的密码不一致") if password.to_s != new_password_repeat.to_s
    @user = User.find_by(login: params[:login])
    return render_forbidden unless User.current.login == @user&.login
    return render_error("此用户禁止修改密码！") if @user.id.to_i === 104691
    return render_error("未找到相关用户!") if @user.blank?
-    return render_error("旧密码不正确") unless @user.check_password?(params[:old_password])
+    return render_error("旧密码不正确") unless @user.check_password?(old_password)

    sync_params = {
-      password: params[:password].to_s,
+      password: password.to_s,
      email: @user.mail,
      login_name: @user.name,
      source_id: 0
@ -240,7 +244,7 @@ class AccountsController < ApplicationController

    interactor = Gitea::User::UpdateInteractor.call(@user.login, sync_params)
    if interactor.success?
-      @user.update_attribute(:password, params[:password])
+      @user.update_attribute(:password, password)
      render_ok
    else
      render_error(interactor.error)
--- a/app/controllers/api/v1/users_controller.rb
+++ b/app/controllers/api/v1/users_controller.rb
@ -1,4 +1,5 @@
 class Api::V1::UsersController < Api::V1::BaseController 
+  include AesCryptHelper

  before_action :load_observe_user, except: [:check_user_id, :check_user_login]
  before_action :check_auth_for_observe_user, except: [:check_user_id, :check_user_login]
@ -53,7 +54,7 @@ class Api::V1::UsersController < Api::V1::BaseController
  end

  def check_password 
-    password = params[:password]
+    password = decrypt(params[:password]) rescue ""
    return tip_exception(-5, "8~16位密码，支持字母数字和符号") unless password =~ CustomRegexp::PASSWORD
    return tip_exception(-5, "密码错误") unless @observe_user.check_password?(password)
    render_ok
@ -126,7 +127,8 @@ class Api::V1::UsersController < Api::V1::BaseController


  def destroy
-    return tip_exception(-1, "密码不正确.")  unless @observe_user.check_password?(params[:password])
+    password = decrypt(params[:password]) rescue ""
+    return tip_exception(-1, "密码不正确.")  unless @observe_user.check_password?(password)
    org_ids = TeamUser.where(user_id: @observe_user.id).pluck(:organization_id) | OrganizationUser.where(user_id: @observe_user.id).pluck(:organization_id)
    org_count = TeamUser.where(organization_id: org_ids).where(user_id: @observe_user.id).joins(:team).where(teams: {authorize: %w(owner)}).count
    project_count = Project.where(user_id: @observe_user.id).count
--- a/app/forms/base_form.rb
+++ b/app/forms/base_form.rb
@ -1,5 +1,6 @@
 class BaseForm
  include ActiveModel::Model
+  include AesCryptHelper

  Error                     = Class.new(StandardError)
  EmailError                = Class.new(Error)
@ -53,11 +54,15 @@ class BaseForm
  end

  def check_password(password)
+    password = decrypt(password) rescue ""
    password = strip(password)
    raise PasswordFormatError, "密码8~16位密码，支持字母数字和符号" unless password =~ CustomRegexp::PASSWORD
  end

  def check_password_confirmation(password, password_confirmation)
+    password = decrypt(password) rescue ""
+    password_confirmation = decrypt(password_confirmation) rescue ""
+
    password = strip(password)
    password_confirmation = strip(password_confirmation)

--- a/app/services/accounts/reset_password_service.rb
+++ b/app/services/accounts/reset_password_service.rb
@ -1,10 +1,11 @@
 module Accounts
  class ResetPasswordService < ApplicationService
+    include AesCryptHelper
    # login、code、password、password_confirmation
    def initialize(user, params)
      @user      = user
-      @password  = params[:password]
-      @password_confirmation = params[:password_confirmation]
+      @password  = decrypt(params[:password]) rescue ""
+      @password_confirmation = decrypt(params[:password_confirmation]) rescue ""
    end

    def call
--- a/app/services/api/v1/users/update_email_service.rb
+++ b/app/services/api/v1/users/update_email_service.rb
@ -1,5 +1,6 @@
 class Api::V1::Users::UpdateEmailService < ApplicationService 
  include ActiveModel::Model 
+  include AesCryptHelper

  attr_reader :user, :token, :password, :mail, :old_mail, :code, :verify_code
  attr_accessor :gitea_data
@ -10,7 +11,7 @@ class Api::V1::Users::UpdateEmailService < ApplicationService
  def initialize(user, params, token =nil)
    @user = user 
    @token = token 
-    @password = params[:password]
+    @password = decrypt(params[:password]) rescue ""
    @mail = params[:email]
    @old_mail = user.mail
    @code = params[:code]
--- a/app/services/api/v1/users/update_phone_service.rb
+++ b/app/services/api/v1/users/update_phone_service.rb
@ -1,5 +1,6 @@
 class Api::V1::Users::UpdatePhoneService < ApplicationService
  include ActiveModel::Model 
+  include AesCryptHelper

  attr_reader :user, :password, :phone, :code, :verify_code

@ -8,7 +9,7 @@ class Api::V1::Users::UpdatePhoneService < ApplicationService

  def initialize(user, params)
    @user = user 
-    @password = params[:password]
+    @password = decrypt(params[:password]) rescue ""
    @phone = params[:phone]
    @code = params[:code]
    @verify_code = VerificationCode.where(phone: @phone, code_type: 4).last
--- a/app/services/users/register_service.rb
+++ b/app/services/users/register_service.rb
@ -1,8 +1,10 @@
 class Users::RegisterService < ApplicationService
+  include AesCryptHelper
+
  def initialize(params)
    @login     = params[:login]
    @namespace = params[:namespace]
-    @password  = params[:password]
+    @password  = decrypt(params[:password]) rescue ""
    @code      = params[:code]
  end