fix(mis): 在管理系统修改用户密码时配置的正则不生效 #1253

piccaSun · 2024-05-13T06:49:35Z

背景

使用typebox时会沿用之前的特殊注释以优化为可进行后端校验
这使原本在@pattern下注释的正则规则被执行进代码
导致common.yml中即使更改了配置，在页面也可以正常显示，但是无法通过接口参数校验
passwordPattern是可配置的，原本在mis-web下的@pattern注释应理解为默认值而不是真正的校验值

此PR进一步检查了typebox相关属性定义是否与原有代码含义一致，优化了平台管理/租户管理下修改密码时对密码@pattern注释的描述，删除了typebox中关于pattern的属性定义
其他关于正则的typebox转换因为后端也没有做特殊的@pattern的注释没有上述问题

同时追加了管理系统下平台管理和租户管理对用户密码修改的后端校验
ai 系统下个人信息的密码修改后端校验

修复前

common.yml

passwordPattern:
  # 正则表达式。下面为默认值
  regex: ^(?=.*[a-zA-Z])(?=.*[`~!@#\$%^&*()_+\-[\];',./{}|:"<>?]).{8,}$

  # 出错时的消息。下面为默认值
  errorMessage: 必须包含数字和符号，长度大于等于8位

页面显示正常

但是接口请求参数校验失败，提示正则不满足包含数字

修复后
可正常在管理系统下的平台管理/租户管理/ai的个人信息下按配置的passwordPattern的正则修改用户密码
后端校验失败是提示错误信息

//TODO auth服务中校验？

changeset-bot · 2024-05-13T06:49:38Z

🦋 Changeset detected

Latest commit: 76861e3

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 11 packages

Name	Type
@scow/mis-web	Patch
@scow/config	Patch
@scow/ai	Patch
@scow/lib-server	Patch
@scow/audit-server	Patch
@scow/auth	Patch
@scow/cli	Patch
@scow/mis-server	Patch
@scow/portal-server	Patch
@scow/portal-web	Patch
@scow/gateway	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

ddadaal · 2024-05-13T21:09:34Z

apps/mis-web/src/pages/api/admin/changePassword.ts

-    newPassword: Type.String({
-      pattern:  "^(?=.*\\d)(?=.*[a-zA-Z])(?=.*[`~!@#\\$%^&*()_+\\-[\\];',./{}|:\"<>?]).{8,}$",
-    }),


这里删了验证后，那整个修改密码的pattern就没地方用到了，最后事实上没有检查用户密码了？要么在这里使用配置中的配置，要么在handler里手动根据配置验证

pattern实际用在了前端校验，看了所有涉及到common.yaml配置文件中的PASSWORD_PATTERN，全部是前端验证，只有这两个地方前期增加了@pattern的注释，在不使用typebox之前，@pattern其实也不会写入代码进行验证，只能作为一个注释提示

正则逻辑实际来源于commonConfig,最好还是把涉及到password_pattern的相关接口都追加一下对密码规则正则的400的错误处理吗？

对的，前端校验是不够的，正好PR发现了这个问题就顺便解决一下，在web后端和server都根据配置中的格式检查一下输入

github-actions · 2024-05-16T16:14:54Z

PR Preview Action v1.4.7
Preview removed because the pull request was closed.
2024-05-18 13:57 UTC

fix

234d201

fix: changeset

b58a62e

piccaSun marked this pull request as ready for review May 13, 2024 08:08

pkuhpc-review-bot bot added the Code-ReviewRequested Code Review Requested label May 13, 2024

pkuhpc-review-bot bot requested a review from ddadaal May 13, 2024 08:08

ddadaal requested changes May 13, 2024

View reviewed changes

pkuhpc-review-bot bot added Code-ChangeRequested and removed Code-ReviewRequested Code Review Requested labels May 13, 2024

fix: 补充后端校验

76861e3

ddadaal approved these changes May 18, 2024

View reviewed changes

pkuhpc-review-bot bot added Code-Approved Code Review approved ReadyForMerge Ready for merge and removed Code-ChangeRequested labels May 18, 2024

ddadaal merged commit d080a8b into master May 18, 2024
12 checks passed

ddadaal deleted the fix-read-password-pattern branch May 18, 2024 13:56

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(mis): 在管理系统修改用户密码时配置的正则不生效 #1253

fix(mis): 在管理系统修改用户密码时配置的正则不生效 #1253

piccaSun commented May 13, 2024 •

edited

Loading

changeset-bot bot commented May 13, 2024 •

edited

Loading

ddadaal May 13, 2024 •

edited

Loading

piccaSun May 14, 2024 •

edited

Loading

ddadaal May 14, 2024

github-actions bot commented May 16, 2024 •

edited

Loading

fix(mis): 在管理系统修改用户密码时配置的正则不生效 #1253

fix(mis): 在管理系统修改用户密码时配置的正则不生效 #1253

Conversation

piccaSun commented May 13, 2024 • edited Loading

changeset-bot bot commented May 13, 2024 • edited Loading

🦋 Changeset detected

ddadaal May 13, 2024 • edited Loading

Choose a reason for hiding this comment

piccaSun May 14, 2024 • edited Loading

Choose a reason for hiding this comment

ddadaal May 14, 2024

Choose a reason for hiding this comment

github-actions bot commented May 16, 2024 • edited Loading

piccaSun commented May 13, 2024 •

edited

Loading

changeset-bot bot commented May 13, 2024 •

edited

Loading

ddadaal May 13, 2024 •

edited

Loading

piccaSun May 14, 2024 •

edited

Loading

github-actions bot commented May 16, 2024 •

edited

Loading