Skip to content

D
dify
Unverified Commit bd26c933 authored by yoogo's avatar yoogo Committed by GitHub
Browse files
Options

fix: valid password on reset-password page (#2753)

parent b6b58da2
Show whitespace changes
Inline Side-by-side
Showing with 18 additions and 9 deletions
api/services/account_service.py
View file @ bd26c933
...@@ -15,7 +15,7 @@ from events.tenant_event import tenant_was_created ...@@ -15,7 +15,7 @@ from events.tenant_event import tenant_was_created
from extensions.ext_redis import redis_client from extensions.ext_redis import redis_client
from libs.helper import get_remote_ip from libs.helper import get_remote_ip
from libs.passport import PassportService from libs.passport import PassportService
from libs.password import compare_password, hash_password from libs.password import compare_password, hash_password, valid_password
from libs.rsa import generate_key_pair from libs.rsa import generate_key_pair
from models.account import * from models.account import *
from services.errors.account import ( from services.errors.account import (
...@@ -104,6 +104,9 @@ class AccountService: ...@@ -104,6 +104,9 @@ class AccountService:
if account.password and not compare_password(password, account.password, account.password_salt): if account.password and not compare_password(password, account.password, account.password_salt):
raise CurrentPasswordIncorrectError("Current password is incorrect.") raise CurrentPasswordIncorrectError("Current password is incorrect.")
# may be raised
valid_password(new_password)
# generate password salt # generate password salt
salt = secrets.token_bytes(16) salt = secrets.token_bytes(16)
base64_salt = base64.b64encode(salt).decode() base64_salt = base64.b64encode(salt).decode()
......
web/app/activate/activateForm.tsx
View file @ bd26c933
...@@ -62,8 +62,10 @@ const ActivateForm = () => { ...@@ -62,8 +62,10 @@ const ActivateForm = () => {
showErrorMessage(t('login.error.passwordEmpty')) showErrorMessage(t('login.error.passwordEmpty'))
return false return false
} }
if (!validPassword.test(password)) if (!validPassword.test(password)) {
showErrorMessage(t('login.error.passwordInvalid')) showErrorMessage(t('login.error.passwordInvalid'))
return false
}
return true return true
}, [name, password, showErrorMessage, t]) }, [name, password, showErrorMessage, t])
......
web/app/components/header/account-setting/account-page/index.tsx
View file @ bd26c933
...@@ -71,10 +71,14 @@ export default function AccountPage() { ...@@ -71,10 +71,14 @@ export default function AccountPage() {
showErrorMessage(t('login.error.passwordEmpty')) showErrorMessage(t('login.error.passwordEmpty'))
return false return false
} }
if (!validPassword.test(password)) if (!validPassword.test(password)) {
showErrorMessage(t('login.error.passwordInvalid')) showErrorMessage(t('login.error.passwordInvalid'))
if (password !== confirmPassword) return false
}
if (password !== confirmPassword) {
showErrorMessage(t('common.account.notEqual')) showErrorMessage(t('common.account.notEqual'))
return false
}
return true return true
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment