Gitlink
/
forgeplus
40
1
Fork 57
Code Issues 1 Pull Requests 1 Packages Releases 15 Wiki Activity

新增: 登陆密码加密处理

This commit is contained in:
yystopf 2024-11-19 17:22:58 +08:00
parent de2ee51fc4
commit fd3bcfe92b
2 changed files with 51 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
app/controllers/accounts_controller.rb
View File

@ -1,6 +1,7 @@
class AccountsController < ApplicationController class AccountsController < ApplicationController
before_action :require_login, only: [:login_check, :simple_update, :change_password] before_action :require_login, only: [:login_check, :simple_update, :change_password]
include ApplicationHelper include ApplicationHelper
include AesCryptHelper
#skip_before_action :check_account, :only => [:logout] #skip_before_action :check_account, :only => [:logout]
@ -193,8 +194,9 @@ class AccountsController < ApplicationController
# 用户登录 # 用户登录
def login def login
Users::LoginForm.new(login_params).validate! password = decrypt(login_params[:password]) rescue ""
@user = User.try_to_login(params[:login], params[:password]) Users::LoginForm.new(login_params.merge!({password: password})).validate!
@user = User.try_to_login(params[:login], password)
return normal_status(-2, "错误的账号或密码") if @user.blank? return normal_status(-2, "错误的账号或密码") if @user.blank?
# user is already in local database # user is already in local database
@ -203,7 +205,7 @@ class AccountsController < ApplicationController
login_control = LimitForbidControl::UserLogin.new(@user) login_control = LimitForbidControl::UserLogin.new(@user)
return normal_status(-2, "登录密码出错已达上限,账号已被锁定,请#{login_control.forbid_expires/60}分钟后重新登录或找回密码") if login_control.forbid? return normal_status(-2, "登录密码出错已达上限,账号已被锁定,请#{login_control.forbid_expires/60}分钟后重新登录或找回密码") if login_control.forbid?
password_ok = @user.check_password?(params[:password].to_s) password_ok = @user.check_password?(password.to_s)
unless password_ok unless password_ok
if login_control.remain_times-1 == 0 if login_control.remain_times-1 == 0
normal_status(-2, "登录密码出错已达上限,账号已被锁定,请#{login_control.forbid_expires/60}分钟后重新登录或找回密码") normal_status(-2, "登录密码出错已达上限,账号已被锁定,请#{login_control.forbid_expires/60}分钟后重新登录或找回密码")
@ -216,7 +218,7 @@ class AccountsController < ApplicationController
LimitForbidControl::UserLogin.new(@user).clear LimitForbidControl::UserLogin.new(@user).clear
successful_authentication(@user) successful_authentication(@user)
sync_pwd_to_gitea!(@user, {password: params[:password].to_s}) # TODO用户密码未同步 sync_pwd_to_gitea!(@user, {password: password.to_s}) # TODO用户密码未同步
# session[:user_id] = @user.id # session[:user_id] = @user.id
end end

45
app/helpers/aes_crypt_helper.rb Normal file
View File

@ -0,0 +1,45 @@
module AesCryptHelper
AES_KEY = EduSetting.get("login_crypt_key") || '59c96c3572ab8cc1'
def encrypt(plain_text, output_encoding = 'base64')
# 将字符串密钥和IV转换为16字节的字节数组
key = AES_KEY.byteslice(0, 16)
iv = AES_KEY.byteslice(0, 16)
# 创建并设置AES-CBC加密器
cipher = OpenSSL::Cipher.new('AES-128-CBC')
cipher.encrypt
cipher.key = key
cipher.iv = iv
# 加密数据并添加PKCS7填充
encrypted_data = cipher.update(plain_text) + cipher.final
# 将加密数据转换为Base64编码
Base64.strict_encode64(encrypted_data)
end
def decrypt(cipher_text, input_encoding = 'base64')
# 确保密钥是16字节长
key = AES_KEY.byteslice(0, 16) # 如果密钥不足16字节填充空格如果超过截断
iv = AES_KEY.byteslice(0, 16)
decipher = OpenSSL::Cipher.new('AES-128-CBC')
decipher.decrypt
decipher.key = key
decipher.iv = iv
# 根据输入编码解码密文
decrypted_data = case input_encoding
when 'base64'
Base64.strict_decode64(cipher_text)
else
cipher_text
end
decrypted = decipher.update(decrypted_data) + decipher.final
decrypted
end
end