Merge branch 'pre_trustie_server' into trustie_server

app/controllers/accounts_controller.rb

@@ -1,6 +1,7 @@
 class AccountsController < ApplicationController
   before_action :require_login, only: [:login_check, :simple_update, :change_password]
   include ApplicationHelper
+  include AesCryptHelper
 
   #skip_before_action :check_account, :only => [:logout]
 
@@ -143,7 +144,8 @@ class AccountsController < ApplicationController
 
       user = Users::RegisterService.call(register_params)
       user.mail = "#{user.login}@example.org" if user.mail.blank?
-      password = register_params[:password].strip
+      password = decrypt(register_params[:password]) rescue ""
+      password = password.strip
 
       # gitea用户注册, email, username, password
       interactor = Gitea::RegisterInteractor.call({username: user.login, email: user.mail, password: password})
@@ -193,8 +195,9 @@ class AccountsController < ApplicationController
 
   # 用户登录
   def login
-    Users::LoginForm.new(login_params).validate!
-    @user = User.try_to_login(params[:login], params[:password])
+    password = decrypt(login_params[:password]) rescue ""
+    Users::LoginForm.new(login_params.merge!({password: password})).validate!
+    @user = User.try_to_login(params[:login], password)
 
     return normal_status(-2, "错误的账号或密码") if @user.blank?
     # user is already in local database
@@ -203,7 +206,7 @@ class AccountsController < ApplicationController
     login_control = LimitForbidControl::UserLogin.new(@user)
     return normal_status(-2, "登录密码出错已达上限，账号已被锁定，请#{login_control.forbid_expires/60}分钟后重新登录或找回密码") if login_control.forbid?
 
-    password_ok = @user.check_password?(params[:password].to_s)
+    password_ok = @user.check_password?(password.to_s)
     unless password_ok
       if login_control.remain_times-1 == 0
         normal_status(-2, "登录密码出错已达上限，账号已被锁定，请#{login_control.forbid_expires/60}分钟后重新登录或找回密码")
@@ -216,21 +219,24 @@ class AccountsController < ApplicationController
 
     LimitForbidControl::UserLogin.new(@user).clear
     successful_authentication(@user)
-    sync_pwd_to_gitea!(@user, {password: params[:password].to_s}) # TODO用户密码未同步
+    sync_pwd_to_gitea!(@user, {password: password.to_s}) # TODO用户密码未同步
     
     # session[:user_id] = @user.id
   end
 
   def change_password 
-    return render_error("两次输入的密码不一致") if params[:password].to_s != params[:new_password_repeat].to_s
+    password = decrypt(params[:password]) rescue ""
+    new_password_repeat = decrypt(params[:new_password_repeat]) rescue ""
+    old_password = decrypt(params[:old_password]) rescue ""
+    return render_error("两次输入的密码不一致") if password.to_s != new_password_repeat.to_s
     @user = User.find_by(login: params[:login])
     return render_forbidden unless User.current.login == @user&.login
     return render_error("此用户禁止修改密码！") if @user.id.to_i === 104691
     return render_error("未找到相关用户!") if @user.blank?
-    return render_error("旧密码不正确") unless @user.check_password?(params[:old_password])
+    return render_error("旧密码不正确") unless @user.check_password?(old_password)
 
     sync_params = {
-      password: params[:password].to_s,
+      password: password.to_s,
       email: @user.mail,
       login_name: @user.name,
       source_id: 0
@@ -238,7 +244,7 @@ class AccountsController < ApplicationController
 
     interactor = Gitea::User::UpdateInteractor.call(@user.login, sync_params)
     if interactor.success?
-      @user.update_attribute(:password, params[:password])
+      @user.update_attribute(:password, password)
       render_ok
     else
       render_error(interactor.error)

app/controllers/api/v1/users_controller.rb

@@ -1,4 +1,5 @@
 class Api::V1::UsersController < Api::V1::BaseController 
+  include AesCryptHelper
 
   before_action :load_observe_user, except: [:check_user_id, :check_user_login]
   before_action :check_auth_for_observe_user, except: [:check_user_id, :check_user_login]
@@ -53,7 +54,7 @@ class Api::V1::UsersController < Api::V1::BaseController
   end
 
   def check_password 
-    password = params[:password]
+    password = decrypt(params[:password]) rescue ""
     return tip_exception(-5, "8~16位密码，支持字母数字和符号") unless password =~ CustomRegexp::PASSWORD
     return tip_exception(-5, "密码错误") unless @observe_user.check_password?(password)
     render_ok
@@ -126,7 +127,8 @@ class Api::V1::UsersController < Api::V1::BaseController
 
 
   def destroy
-    return tip_exception(-1, "密码不正确.")  unless @observe_user.check_password?(params[:password])
+    password = decrypt(params[:password]) rescue ""
+    return tip_exception(-1, "密码不正确.")  unless @observe_user.check_password?(password)
     org_ids = TeamUser.where(user_id: @observe_user.id).pluck(:organization_id) | OrganizationUser.where(user_id: @observe_user.id).pluck(:organization_id)
     org_count = TeamUser.where(organization_id: org_ids).where(user_id: @observe_user.id).joins(:team).where(teams: {authorize: %w(owner)}).count
     project_count = Project.where(user_id: @observe_user.id).count

app/controllers/organizations/organizations_controller.rb

@@ -1,4 +1,5 @@
 class Organizations::OrganizationsController < Organizations::BaseController
+  include AesCryptHelper
   before_action :require_login, except: [:index, :show, :recommend, :languages]
   # before_action :require_profile_completed, only: [:create]
   before_action :convert_image!, only: [:create, :update]
@@ -139,7 +140,7 @@ class Organizations::OrganizationsController < Organizations::BaseController
   end
 
   def password
-    params.fetch(:password, "")
+    decrypt(params[:password]) rescue ""
   end
 
   def load_organization