更改: password参数传递使用加密后的

This commit is contained in:
2024-11-20 11:52:26 +08:00
parent a7fd0a5437
commit f49d5d5c3a
7 changed files with 28 additions and 12 deletions
+9 -5
View File
@@ -144,7 +144,8 @@ class AccountsController < ApplicationController
user = Users::RegisterService.call(register_params)
user.mail = "#{user.login}@example.org" if user.mail.blank?
password = register_params[:password].strip
password = decrypt(register_params[:password]) rescue ""
password = password.strip
# gitea用户注册, email, username, password
interactor = Gitea::RegisterInteractor.call({username: user.login, email: user.mail, password: password})
@@ -224,15 +225,18 @@ class AccountsController < ApplicationController
end
def change_password
return render_error("两次输入的密码不一致") if params[:password].to_s != params[:new_password_repeat].to_s
password = decrypt(params[:password]) rescue ""
new_password_repeat = decrypt(params[:new_password_repeat]) rescue ""
old_password = decrypt(params[:old_password]) rescue ""
return render_error("两次输入的密码不一致") if password.to_s != new_password_repeat.to_s
@user = User.find_by(login: params[:login])
return render_forbidden unless User.current.login == @user&.login
return render_error("此用户禁止修改密码!") if @user.id.to_i === 104691
return render_error("未找到相关用户!") if @user.blank?
return render_error("旧密码不正确") unless @user.check_password?(params[:old_password])
return render_error("旧密码不正确") unless @user.check_password?(old_password)
sync_params = {
password: params[:password].to_s,
password: password.to_s,
email: @user.mail,
login_name: @user.name,
source_id: 0
@@ -240,7 +244,7 @@ class AccountsController < ApplicationController
interactor = Gitea::User::UpdateInteractor.call(@user.login, sync_params)
if interactor.success?
@user.update_attribute(:password, params[:password])
@user.update_attribute(:password, password)
render_ok
else
render_error(interactor.error)