fix: 解决手机号加密导致忘记密码判断总是失败问题

zhubairui · Jan 8, 2024 · 814dbeb · 814dbeb
1 parent 630bb56
commit 814dbeb
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 12 deletions.
diff --git a/apps/authentication/api/password.py b/apps/authentication/api/password.py
@@ -15,26 +15,21 @@
 from authentication.serializers import (
     PasswordVerifySerializer, ResetPasswordCodeSerializer
 )
+from authentication.utils import check_user_property_is_correct
 from common.permissions import IsValidUser
-from common.utils import get_object_or_none
 from common.utils.random import random_string
 from common.utils.verify_code import SendAndVerifyCodeUtil
 from settings.utils import get_login_title
-from users.models import User
 
 
 class UserResetPasswordSendCodeApi(CreateAPIView):
     permission_classes = (AllowAny,)
     serializer_class = ResetPasswordCodeSerializer
 
     @staticmethod
-    def is_valid_user(username, **attr_query):
-        user = get_object_or_none(User, username=username)
-        valid = True
-        for attr, value in attr_query.items():
-            if getattr(user, attr, None) != value:
-                valid = False
-        if not valid:
+    def is_valid_user(username, **properties):
+        user = check_user_property_is_correct(username, **properties)
+        if not user:
             err_msg = _('User does not exist: {}').format(_("No user matched"))
             return None, err_msg
         if not user.is_local:

diff --git a/apps/authentication/utils.py b/apps/authentication/utils.py
@@ -7,8 +7,9 @@
 from django.utils.translation import gettext_lazy as _
 
 from audits.const import DEFAULT_CITY
+from users.models import User
 from audits.models import UserLoginLog
-from common.utils import get_logger
+from common.utils import get_logger, get_object_or_none
 from common.utils import validate_ip, get_ip_city, get_request_ip
 from .notifications import DifferentCityLoginMessage
 
@@ -59,3 +60,12 @@ def build_absolute_uri_for_oidc(request, path=None):
         redirect_uri = urljoin(settings.BASE_SITE_URL, path)
         return redirect_uri
     return build_absolute_uri(request, path=path)
+
+
+def check_user_property_is_correct(username, **properties):
+    user = get_object_or_none(User, username=username)
+    for attr, value in properties.items():
+        if getattr(user, attr, None) != value:
+            user = None
+            break
+    return user
diff --git a/apps/users/views/profile/reset.py b/apps/users/views/profile/reset.py
@@ -12,6 +12,7 @@
 from django.views.generic import FormView, RedirectView
 
 from authentication.errors import IntervalTooShort
+from authentication.utils import check_user_property_is_correct
 from common.utils import FlashMessageUtil, get_object_or_none, random_string
 from common.utils.verify_code import SendAndVerifyCodeUtil
 from users.notifications import ResetPasswordSuccessMsg
@@ -148,7 +149,6 @@ def form_valid(self, form):
         query_key = form_type
         if form_type == 'sms':
             query_key = 'phone'
-            target = target.lstrip('+')
 
         try:
             self.safe_verify_code(token, target, form_type, code)
@@ -158,7 +158,7 @@ def form_valid(self, form):
             form.add_error('code', str(e))
             return super().form_invalid(form)
 
-        user = get_object_or_none(User, **{'username': username, query_key: target})
+        user = check_user_property_is_correct(username, **{query_key: target})
         if not user:
             form.add_error('code', _('No user matched'))
             return super().form_invalid(form)