Skip to content

Commit

Permalink
fix: valid password on reset-password page (#2753)
Browse files Browse the repository at this point in the history
  • Loading branch information
yoogoc authored Mar 8, 2024
1 parent b6b58da commit bd26c93
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 9 deletions.
15 changes: 9 additions & 6 deletions api/services/account_service.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
from extensions.ext_redis import redis_client
from libs.helper import get_remote_ip
from libs.passport import PassportService
from libs.password import compare_password, hash_password
from libs.password import compare_password, hash_password, valid_password
from libs.rsa import generate_key_pair
from models.account import *
from services.errors.account import (
Expand Down Expand Up @@ -58,7 +58,7 @@ def load_user(user_id: str) -> Account:
account.current_tenant_id = available_ta.tenant_id
available_ta.current = True
db.session.commit()

if datetime.utcnow() - account.last_active_at > timedelta(minutes=10):
account.last_active_at = datetime.utcnow()
db.session.commit()
Expand Down Expand Up @@ -104,6 +104,9 @@ def update_account_password(account, password, new_password):
if account.password and not compare_password(password, account.password, account.password_salt):
raise CurrentPasswordIncorrectError("Current password is incorrect.")

# may be raised
valid_password(new_password)

# generate password salt
salt = secrets.token_bytes(16)
base64_salt = base64.b64encode(salt).decode()
Expand Down Expand Up @@ -140,9 +143,9 @@ def create_account(email: str, name: str, interface_language: str,

account.interface_language = interface_language
account.interface_theme = interface_theme

# Set timezone based on language
account.timezone = language_timezone_mapping.get(interface_language, 'UTC')
account.timezone = language_timezone_mapping.get(interface_language, 'UTC')

db.session.add(account)
db.session.commit()
Expand Down Expand Up @@ -279,7 +282,7 @@ def switch_tenant(account: Account, tenant_id: int = None) -> None:
tenant_account_join = TenantAccountJoin.query.filter_by(account_id=account.id, tenant_id=tenant_id).first()
if not tenant_account_join:
raise AccountNotLinkTenantError("Tenant not found or account is not a member of the tenant.")
else:
else:
TenantAccountJoin.query.filter(TenantAccountJoin.account_id == account.id, TenantAccountJoin.tenant_id != tenant_id).update({'current': False})
tenant_account_join.current = True
# Set the current tenant for the account
Expand Down Expand Up @@ -449,7 +452,7 @@ def register(cls, email, name, password: str = None, open_id: str = None, provid
return account

@classmethod
def invite_new_member(cls, tenant: Tenant, email: str, language: str, role: str = 'normal', inviter: Account = None) -> str:
def invite_new_member(cls, tenant: Tenant, email: str, language: str, role: str = 'normal', inviter: Account = None) -> str:
"""Invite new member"""
account = Account.query.filter_by(email=email).first()

Expand Down
4 changes: 3 additions & 1 deletion web/app/activate/activateForm.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -62,8 +62,10 @@ const ActivateForm = () => {
showErrorMessage(t('login.error.passwordEmpty'))
return false
}
if (!validPassword.test(password))
if (!validPassword.test(password)) {
showErrorMessage(t('login.error.passwordInvalid'))
return false
}

return true
}, [name, password, showErrorMessage, t])
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -71,10 +71,14 @@ export default function AccountPage() {
showErrorMessage(t('login.error.passwordEmpty'))
return false
}
if (!validPassword.test(password))
if (!validPassword.test(password)) {
showErrorMessage(t('login.error.passwordInvalid'))
if (password !== confirmPassword)
return false
}
if (password !== confirmPassword) {
showErrorMessage(t('common.account.notEqual'))
return false
}

return true
}
Expand Down

0 comments on commit bd26c93

Please sign in to comment.