From bd26c933d2c35c67a8749109a99e68efb98c343f Mon Sep 17 00:00:00 2001 From: yoogo Date: Fri, 8 Mar 2024 18:44:49 +0800 Subject: [PATCH] fix: valid password on reset-password page (#2753) --- api/services/account_service.py | 15 +++++++++------ web/app/activate/activateForm.tsx | 4 +++- .../header/account-setting/account-page/index.tsx | 8 ++++++-- 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/api/services/account_service.py b/api/services/account_service.py index e35d325ae4736b..103af7f79c0ba3 100644 --- a/api/services/account_service.py +++ b/api/services/account_service.py @@ -15,7 +15,7 @@ from extensions.ext_redis import redis_client from libs.helper import get_remote_ip from libs.passport import PassportService -from libs.password import compare_password, hash_password +from libs.password import compare_password, hash_password, valid_password from libs.rsa import generate_key_pair from models.account import * from services.errors.account import ( @@ -58,7 +58,7 @@ def load_user(user_id: str) -> Account: account.current_tenant_id = available_ta.tenant_id available_ta.current = True db.session.commit() - + if datetime.utcnow() - account.last_active_at > timedelta(minutes=10): account.last_active_at = datetime.utcnow() db.session.commit() @@ -104,6 +104,9 @@ def update_account_password(account, password, new_password): if account.password and not compare_password(password, account.password, account.password_salt): raise CurrentPasswordIncorrectError("Current password is incorrect.") + # may be raised + valid_password(new_password) + # generate password salt salt = secrets.token_bytes(16) base64_salt = base64.b64encode(salt).decode() @@ -140,9 +143,9 @@ def create_account(email: str, name: str, interface_language: str, account.interface_language = interface_language account.interface_theme = interface_theme - + # Set timezone based on language - account.timezone = language_timezone_mapping.get(interface_language, 'UTC') + account.timezone = language_timezone_mapping.get(interface_language, 'UTC') db.session.add(account) db.session.commit() @@ -279,7 +282,7 @@ def switch_tenant(account: Account, tenant_id: int = None) -> None: tenant_account_join = TenantAccountJoin.query.filter_by(account_id=account.id, tenant_id=tenant_id).first() if not tenant_account_join: raise AccountNotLinkTenantError("Tenant not found or account is not a member of the tenant.") - else: + else: TenantAccountJoin.query.filter(TenantAccountJoin.account_id == account.id, TenantAccountJoin.tenant_id != tenant_id).update({'current': False}) tenant_account_join.current = True # Set the current tenant for the account @@ -449,7 +452,7 @@ def register(cls, email, name, password: str = None, open_id: str = None, provid return account @classmethod - def invite_new_member(cls, tenant: Tenant, email: str, language: str, role: str = 'normal', inviter: Account = None) -> str: + def invite_new_member(cls, tenant: Tenant, email: str, language: str, role: str = 'normal', inviter: Account = None) -> str: """Invite new member""" account = Account.query.filter_by(email=email).first() diff --git a/web/app/activate/activateForm.tsx b/web/app/activate/activateForm.tsx index 3cf88ce2813674..be3706037b899e 100644 --- a/web/app/activate/activateForm.tsx +++ b/web/app/activate/activateForm.tsx @@ -62,8 +62,10 @@ const ActivateForm = () => { showErrorMessage(t('login.error.passwordEmpty')) return false } - if (!validPassword.test(password)) + if (!validPassword.test(password)) { showErrorMessage(t('login.error.passwordInvalid')) + return false + } return true }, [name, password, showErrorMessage, t]) diff --git a/web/app/components/header/account-setting/account-page/index.tsx b/web/app/components/header/account-setting/account-page/index.tsx index 1cd0e5e1be96b9..b437853b73c7cf 100644 --- a/web/app/components/header/account-setting/account-page/index.tsx +++ b/web/app/components/header/account-setting/account-page/index.tsx @@ -71,10 +71,14 @@ export default function AccountPage() { showErrorMessage(t('login.error.passwordEmpty')) return false } - if (!validPassword.test(password)) + if (!validPassword.test(password)) { showErrorMessage(t('login.error.passwordInvalid')) - if (password !== confirmPassword) + return false + } + if (password !== confirmPassword) { showErrorMessage(t('common.account.notEqual')) + return false + } return true }