From 31f43e12d107aa0858aafeba58d3fc44cf2cf131 Mon Sep 17 00:00:00 2001
From: zhaoqingang <zhaoqg0118@163.com>
Date: 星期三, 15 一月 2025 16:47:04 +0800
Subject: [PATCH] 修改密码接口增加密码保护
---
app/api/user.py | 10 ++++++----
1 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/app/api/user.py b/app/api/user.py
index abd2180..57171ff 100644
--- a/app/api/user.py
+++ b/app/api/user.py
@@ -4,7 +4,7 @@
from app.models.base_model import get_db
from app.models.user import PageParameter, UserStatus, UserInfo, LoginData, UserPassword, UserDept
from app.models.user_model import UserModel
-from app.service.auth import is_valid_password, verify_password
+from app.service.auth import is_valid_password, verify_password, password_rsa
from app.service.user import get_user_list, edit_user_status, delete_user_data, create_user, edit_user_data, \
edit_user_pwd, get_user_info, get_user_routers, get_user_menus, get_user_permission, get_user_dept, change_user_pwd, \
user_data_service, edit_user_dept
@@ -87,11 +87,13 @@
user_info = db.query(UserModel).filter(UserModel.id==current_user.id).first()
if not user_info:
return Response(code=401, msg="Incorrect change password !")
- if not verify_password(user.oldPassword, user_info.hashed_password):
+ old_password = await password_rsa(user.oldPassword)
+ new_password = await password_rsa(user.newPassword)
+ if not verify_password(old_password, user_info.hashed_password):
return Response(code=400, msg="Incorrect password !")
- if not is_valid_password(user.newPassword):
+ if not is_valid_password(new_password):
return Response(code=400, msg="The password must be at least 8 and contain both numbers and letters")
- is_edit = await change_user_pwd(db, user_info.id, user.newPassword)
+ is_edit = await change_user_pwd(db, user_info.id, new_password)
if not is_edit:
return Response(code=500, msg="user pwd change failure", data={})
return Response(code=200, msg="user pwd change success", data={})
--
Gitblit v1.8.0