新增: 登陆密码加密处理

app/controllers/accounts_controller.rb

@@ -1,6 +1,7 @@
 class AccountsController < ApplicationController
   before_action :require_login, only: [:login_check, :simple_update, :change_password]
   include ApplicationHelper
+  include AesCryptHelper
 
   #skip_before_action :check_account, :only => [:logout]
 
@@ -193,8 +194,9 @@ class AccountsController < ApplicationController
 
   # 用户登录
   def login
-    Users::LoginForm.new(login_params).validate!
-    @user = User.try_to_login(params[:login], params[:password])
+    password = decrypt(login_params[:password]) rescue ""
+    Users::LoginForm.new(login_params.merge!({password: password})).validate!
+    @user = User.try_to_login(params[:login], password)
 
     return normal_status(-2, "错误的账号或密码") if @user.blank?
     # user is already in local database
@@ -203,7 +205,7 @@ class AccountsController < ApplicationController
     login_control = LimitForbidControl::UserLogin.new(@user)
     return normal_status(-2, "登录密码出错已达上限，账号已被锁定，请#{login_control.forbid_expires/60}分钟后重新登录或找回密码") if login_control.forbid?
 
-    password_ok = @user.check_password?(params[:password].to_s)
+    password_ok = @user.check_password?(password.to_s)
     unless password_ok
       if login_control.remain_times-1 == 0
         normal_status(-2, "登录密码出错已达上限，账号已被锁定，请#{login_control.forbid_expires/60}分钟后重新登录或找回密码")
@@ -216,7 +218,7 @@ class AccountsController < ApplicationController
 
     LimitForbidControl::UserLogin.new(@user).clear
     successful_authentication(@user)
-    sync_pwd_to_gitea!(@user, {password: params[:password].to_s}) # TODO用户密码未同步
+    sync_pwd_to_gitea!(@user, {password: password.to_s}) # TODO用户密码未同步
     
     # session[:user_id] = @user.id
   end