Skip to content

Commit 238c627

Browse files
committed
fix: handle decryption of encrypted password and data in user password reset flow
1 parent f4a471e commit 238c627

2 files changed

Lines changed: 34 additions & 3 deletions

File tree

apps/users/serializers/user.py

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
@desc:
88
"""
99
import datetime
10+
import json
1011
import os
1112
import random
1213
import re
@@ -119,7 +120,8 @@ def profile(user: User, auth: Auth):
119120
'source': user.source,
120121
'role': auth.role_list,
121122
'permissions': auth.permission_list,
122-
'is_edit_password': password_verify(CONFIG.get('DEFAULT_PASSWORD', 'MaxKB@123..'), user.password) if user.source == 'LOCAL' else False,
123+
'is_edit_password': password_verify(CONFIG.get('DEFAULT_PASSWORD', 'MaxKB@123..'),
124+
user.password) if user.source == 'LOCAL' else False,
123125
'language': user.language,
124126
'workspace_list': workspace_list,
125127
'role_name': role_name
@@ -514,6 +516,16 @@ def one(self, with_valid=True):
514516
def re_password(self, instance, with_valid=True):
515517
if with_valid:
516518
self.is_valid(raise_exception=True)
519+
encrypted_data = instance.get("encryptedData", "")
520+
if encrypted_data:
521+
try:
522+
decrypted_raw = decrypt(encrypted_data)
523+
# decrypt 可能返回非 JSON 字符串,防护解析异常
524+
decrypted_data = json.loads(decrypted_raw) if decrypted_raw else {}
525+
if isinstance(decrypted_data, dict):
526+
instance.update(decrypted_data)
527+
except Exception as e:
528+
raise AppApiException(500, _("Invalid encrypted data"))
517529
UserManageSerializer.RePasswordInstance(data=instance).is_valid(raise_exception=True)
518530
user = User.objects.filter(id=self.data.get('id')).first()
519531
user.password = password_encrypt(instance.get('password'))

apps/users/views/user.py

Lines changed: 21 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,8 @@
66
@date:2025/4/14 19:25
77
@desc:
88
"""
9+
import json
10+
911
from django.core.cache import cache
1012
from django.db.models import QuerySet
1113
from django.utils.translation import gettext_lazy as _
@@ -17,9 +19,11 @@
1719
from common.auth.authentication import has_permissions
1820
from common.constants.cache_version import Cache_Version
1921
from common.constants.permission_constants import PermissionConstants, Permission, Group, Operate, RoleConstants
22+
from common.exception.app_exception import AppApiException
2023
from common.log.log import log
2124
from common.result import result
2225
from common.utils.common import query_params_to_single_dict
26+
from common.utils.rsa_util import decrypt
2327
from maxkb.const import CONFIG
2428
from models_provider.api.model import DefaultModelResponse
2529
from tools.serializers.tool import encryption
@@ -299,7 +303,11 @@ class RePasswordView(APIView):
299303
get_operation_object=lambda r, k: {'name': r.user.username},
300304
get_details=get_re_password_details)
301305
def post(self, request: Request):
302-
serializer_obj = RePasswordSerializer(data=request.data)
306+
request_data = request.data
307+
if request_data.get("encrypted", False):
308+
request_data['password'] = decrypt(request_data.get('password'))
309+
request_data['re_password'] = decrypt(request_data.get('re_password'))
310+
serializer_obj = RePasswordSerializer(data=request_data)
303311
return result.success(serializer_obj.reset_password())
304312

305313

@@ -371,7 +379,18 @@ class ResetCurrentUserPasswordView(APIView):
371379
@has_permissions(PermissionConstants.CHANGE_PASSWORD, RoleConstants.ADMIN, RoleConstants.USER,
372380
RoleConstants.WORKSPACE_MANAGE)
373381
def post(self, request: Request):
374-
serializer_obj = ResetCurrentUserPassword(data=request.data)
382+
request_data = request.data
383+
encrypted_data = request_data.get("encryptedData", "")
384+
if encrypted_data:
385+
try:
386+
decrypted_raw = decrypt(encrypted_data)
387+
# decrypt 可能返回非 JSON 字符串,防护解析异常
388+
decrypted_data = json.loads(decrypted_raw) if decrypted_raw else {}
389+
if isinstance(decrypted_data, dict):
390+
request_data = decrypted_data
391+
except Exception as e:
392+
raise AppApiException(500, _("Invalid encrypted data"))
393+
serializer_obj = ResetCurrentUserPassword(data=request_data)
375394
if serializer_obj.reset_password(request.user.id):
376395
version, get_key = Cache_Version.TOKEN.value
377396
cache.delete(get_key(token=request.auth), version=version)

0 commit comments

Comments
 (0)