diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb index 2a7237e94..4008791b8 100644 --- a/app/controllers/accounts_controller.rb +++ b/app/controllers/accounts_controller.rb @@ -1,8 +1,6 @@ class AccountsController < ApplicationController include ApplicationHelper - #skip_before_action :check_account, :only => [:logout] - def index render json: session end @@ -208,28 +206,25 @@ class AccountsController < ApplicationController # 忘记密码 def reset_password begin - code = params[:code] - login_type = phone_mail_type(params[:login].strip) - # 获取验证码 - if login_type == 1 - phone = params[:login] - verifi_code = VerificationCode.where(phone: phone, code: code, code_type: 2).last - user = User.find_by_phone(phone) - else - email = params[:login] - verifi_code = VerificationCode.where(email: email, code: code, code_type: 3).last - user = User.find_by_mail(email) #这里有问题,应该是为email,而不是mail 6.13-hs - end - return normal_status(-2, "验证码不正确") if verifi_code.try(:code) != code.strip - return normal_status(-2, "验证码已失效") if !verifi_code&.effective? - return normal_status(-1, "8~16位密码,支持字母数字和符号") unless params[:new_password] =~ CustomRegexp::PASSWORD + Accounts::ResetPasswordForm.new(reset_password_params).validate! - user.password, user.password_confirmation = params[:new_password], params[:new_password_confirmation] - ActiveRecord::Base.transaction do - user.save! - LimitForbidControl::UserLogin.new(user).clear - end - sucess_status + user = find_user + return render_error('未找到相关账号') if user.blank? + + user = Accounts::ResetPasswordService.call(user, reset_password_params) + LimitForbidControl::UserLogin.new(user).clear if user.save! + + render_ok + rescue Register::BaseForm::EmailError => e + render_result(-2, e.message) + rescue Register::BaseForm::PhoneError => e + render_result(-4, e.message) + rescue Register::BaseForm::PasswordFormatError => e + render_result(-5, e.message) + rescue Register::BaseForm::PasswordConfirmationError => e + render_result(-7, e.message) + rescue Register::BaseForm::VerifiCodeError => e + render_result(-6, e.message) rescue Exception => e uid_logger_error(e.message) tip_exception(e.message) @@ -369,5 +364,14 @@ class AccountsController < ApplicationController def register_params params.permit(:login, :namespace, :password, :password_confirmation, :code) end + + def reset_password_params + params.permit(:login, :password, :password_confirmation, :code) + end + + def find_user + phone_or_mail = strip(reset_password_params[:login]) + User.where("phone = :search OR mail = :search", search: phone_or_mail).last + end end diff --git a/app/forms/accounts/reset_password_form.rb b/app/forms/accounts/reset_password_form.rb new file mode 100644 index 000000000..7f3442220 --- /dev/null +++ b/app/forms/accounts/reset_password_form.rb @@ -0,0 +1,42 @@ +module Accounts + class ResetPasswordForm < ::BaseForm + # login 邮箱、手机号 + # code 验证码 + # type: 1:手机号注册;2:邮箱注册 + attr_accessor :login, :password, :password_confirmation, :code + + validates :login, :code, :password, :password_confirmation, presence: true, allow_blank: false + validate :check! + + def check! + Rails.logger.info "ResetPasswordForm params: code: #{code} login: #{login} + password: #{password} password_confirmation: #{password_confirmation}" + + type = phone_mail_type(login) + + db_verifi_code = + if type == 1 + check_phone_format(login) + VerificationCode.where(phone: login, code: code, code_type: 1).last + elsif type == 0 + Rails.logger.info "9999999999 #{login}" + check_email_format(login) + VerificationCode.where(email: login, code: code, code_type: 8).last + end + + check_password(password) + check_password_confirmation(password, password_confirmation) + check_verifi_code(db_verifi_code, code) + end + + def check_phone_format(phone) + phone = strip(phone) + raise LoginError, "登录名格式有误" unless phone =~ CustomRegexp::LOGIN + end + + def check_email_format(mail) + mail = strip(mail) + raise EmailError, "邮件格式有误" unless mail =~ CustomRegexp::EMAIL + end + end +end diff --git a/app/forms/base_form.rb b/app/forms/base_form.rb index 437217f00..46eaa9b58 100644 --- a/app/forms/base_form.rb +++ b/app/forms/base_form.rb @@ -1,6 +1,14 @@ class BaseForm include ActiveModel::Model + Error = Class.new(StandardError) + EmailError = Class.new(Error) + LoginError = Class.new(Error) + PhoneError = Class.new(Error) + PasswordFormatError = Class.new(Error) + VerifiCodeError = Class.new(Error) + PasswordConfirmationError = Class.new(Error) + def check_project_category(project_category_id) unless project_category_id == '' raise "project_category_id参数值无效." if project_category_id && !ProjectCategory.exists?(project_category_id) @@ -26,8 +34,35 @@ class BaseForm raise "项目标识已被占用." if ReversedKeyword.check_exists?(repository_name) end + def check_password(password) + password = strip(password) + raise PasswordFormatError, "密码8~16位密码,支持字母数字和符号" unless password =~ CustomRegexp::PASSWORD + end + + def check_password_confirmation(password, password_confirmation) + password = strip(password) + password_confirmation = strip(password_confirmation) + + raise PasswordFormatError, "确认密码为8~16位密码,支持字母数字和符号" unless password_confirmation =~ CustomRegexp::PASSWORD + raise PasswordConfirmationError, "两次输入的密码不一致" unless password == password_confirmation + end + + def check_verifi_code(verifi_code, code) + code = strip(code) + # return if code == "123123" # TODO 万能验证码,用于测试 + + raise VerifiCodeError, "验证码不正确" if verifi_code&.code != code + raise VerifiCodeError, "验证码已失效" if !verifi_code&.effective? + end + private def strip(str) str.to_s.strip.presence end + + # 1 手机类型;0 邮箱类型 + # 注意新版的login是自动名生成的 + def phone_mail_type value + value =~ /^1\d{10}$/ ? 1 : 0 + end end diff --git a/app/forms/register/base_form.rb b/app/forms/register/base_form.rb index 9bea65ba4..150fef73a 100644 --- a/app/forms/register/base_form.rb +++ b/app/forms/register/base_form.rb @@ -2,14 +2,6 @@ module Register class BaseForm < ::BaseForm include ActiveModel::Model - Error = Class.new(StandardError) - EmailError = Class.new(Error) - LoginError = Class.new(Error) - PhoneError = Class.new(Error) - PasswordFormatError = Class.new(Error) - VerifiCodeError = Class.new(Error) - PasswordConfirmationError = Class.new(Error) - private def check_login(login) login = strip(login) @@ -34,27 +26,5 @@ module Register phone_exist = Owner.exists?(phone: phone) raise PhoneError, '手机号已被使用' if phone_exist end - - def check_password(password) - password = strip(password) - raise PasswordFormatError, "密码8~16位密码,支持字母数字和符号" unless password =~ CustomRegexp::PASSWORD - end - - def check_password_confirmation(password, password_confirmation) - password = strip(password) - password_confirmation = strip(password_confirmation) - - raise PasswordFormatError, "确认密码为8~16位密码,支持字母数字和符号" unless password_confirmation =~ CustomRegexp::PASSWORD - raise PasswordConfirmationError, "两次输入的密码不一致" unless password == password_confirmation - end - - def check_verifi_code(verifi_code, code) - code = strip(code) - return if code == "123123" # TODO 万能验证码,用于测试 - - raise VerifiCodeError, "验证码不正确" if verifi_code&.code != code - raise VerifiCodeError, "验证码已失效" if !verifi_code&.effective? - end - end end diff --git a/app/forms/register/form.rb b/app/forms/register/form.rb index 429922f9f..6800fa1de 100644 --- a/app/forms/register/form.rb +++ b/app/forms/register/form.rb @@ -10,7 +10,9 @@ module Register def check! Rails.logger.info "Register::Form params: code: #{code}; login: #{login}; - namespace: #{namespace}; password: #{password}; password_confirmation: #{password_confirmation}; type: #{type}" + namespace: #{namespace}; password: #{password}; password_confirmation: #{password_confirmation}" + + type = phone_mail_type(strip(login)) db_verifi_code = if type == 1 check_phone(login) diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 9cad9f44b..148c6b454 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -461,5 +461,9 @@ module ApplicationHelper def phone_mail_type value value =~ /^1\d{10}$/ ? 1 : 0 end + + def strip(str) + str.to_s.strip.presence + end end diff --git a/app/services/accounts/reset_password_service.rb b/app/services/accounts/reset_password_service.rb new file mode 100644 index 000000000..61a4bb1cf --- /dev/null +++ b/app/services/accounts/reset_password_service.rb @@ -0,0 +1,23 @@ +module Accounts + class ResetPasswordService < ApplicationService + # login、code、password、password_confirmation + def initialize(user, params) + @user = user + @password = params[:password] + @password_confirmation = params[:password_confirmation] + end + + def call + return if @user.blank? + password = strip(@password) + password_confirmation = strip(@password_confirmation) + + Rails.logger.info "Accounts::ResetPasswordService params: + ##### password: #{@password} password_confirmation: #{@password_confirmation}" + + @user.password, @user.password_confirmation = password, password_confirmation + + @user + end + end +end diff --git a/app/services/application_service.rb b/app/services/application_service.rb index 2fa59ed29..81ecf5f7b 100644 --- a/app/services/application_service.rb +++ b/app/services/application_service.rb @@ -18,4 +18,9 @@ class ApplicationService def str_to_boolean str ActiveModel::Type::Boolean.new.cast str end + + def phone_mail_type value + value =~ /^1\d{10}$/ ? 1 : 0 + end + end diff --git a/app/services/users/register_service.rb b/app/services/users/register_service.rb index bb3b3ada1..fc0e4231e 100644 --- a/app/services/users/register_service.rb +++ b/app/services/users/register_service.rb @@ -12,7 +12,8 @@ class Users::RegisterService < ApplicationService namespace = strip(@namespace) password = strip(@password) - Rails.logger.info "Users::RegisterService params: ##### #{params} " + Rails.logger.info "Users::RegisterService params: + ##### code: #{code} login: #{login} namespace: #{namespace} password: #{password} " email, phone = if register_type == 1 @@ -50,9 +51,4 @@ class Users::RegisterService < ApplicationService def register_type phone_mail_type(@login) end - - def phone_mail_type value - value =~ /^1\d{10}$/ ? 1 : 0 - end - end