-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(mis): 在管理系统修改用户密码时配置的正则不生效 #1253
Conversation
🦋 Changeset detectedLatest commit: 76861e3 The changes in this PR will be included in the next version bump. This PR includes changesets to release 11 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
newPassword: Type.String({ | ||
pattern: "^(?=.*\\d)(?=.*[a-zA-Z])(?=.*[`~!@#\\$%^&*()_+\\-[\\];',./{}|:\"<>?]).{8,}$", | ||
}), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这里删了验证后,那整个修改密码的pattern就没地方用到了,最后事实上没有检查用户密码了?要么在这里使用配置中的配置,要么在handler里手动根据配置验证
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
pattern
实际用在了前端校验,看了所有涉及到common.yaml
配置文件中的PASSWORD_PATTERN
,全部是前端验证,只有这两个地方前期增加了@pattern
的注释,在不使用typebox
之前,@pattern
其实也不会写入代码进行验证,只能作为一个注释提示
正则逻辑实际来源于commonConfig,
最好还是把涉及到password_pattern
的相关接口都追加一下对密码规则正则的400的错误处理吗?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
对的,前端校验是不够的,正好PR发现了这个问题就顺便解决一下,在web后端和server都根据配置中的格式检查一下输入
|
背景
使用
typebox
时会沿用之前的特殊注释以优化为可进行后端校验这使原本在
@pattern
下注释的正则规则被执行进代码导致
common.yml
中即使更改了配置,在页面也可以正常显示,但是无法通过接口参数校验passwordPattern
是可配置的,原本在mis-web下的@pattern
注释应理解为默认值而不是真正的校验值此PR进一步检查了typebox相关属性定义是否与原有代码含义一致,优化了平台管理/租户管理下修改密码时对密码
@pattern
注释的描述,删除了typebox
中关于pattern
的属性定义其他关于正则的typebox转换因为后端也没有做特殊的
@pattern
的注释没有上述问题同时追加了管理系统下 平台管理和租户管理对用户密码修改的后端校验
ai 系统下 个人信息的密码修改后端校验
修复前
页面显示正常
![image](https://private-user-images.githubusercontent.com/43978285/329949380-a0eb580d-3d88-4ea9-8c98-e31c80ec6ab4.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTk1NDk5ODEsIm5iZiI6MTcxOTU0OTY4MSwicGF0aCI6Ii80Mzk3ODI4NS8zMjk5NDkzODAtYTBlYjU4MGQtM2Q4OC00ZWE5LThjOTgtZTMxYzgwZWM2YWI0LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MjglMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjI4VDA0NDEyMVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWY5NmIxNTBlMzQzODAzZDIzMGU0MDI1NGQyMWU1YjI2NTliNDNlN2U3NzdmZjI0YzA0NDQzZjBkYmVhNDNjYmMmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.ZPY7ce5dXV02MvSKHdc8aJQF-pgNx5G8ZhX0FvslDdQ)
![image](https://private-user-images.githubusercontent.com/43978285/329949709-7ff9f87e-d75c-4810-a7ac-8475b8550eb8.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTk1NDk5ODEsIm5iZiI6MTcxOTU0OTY4MSwicGF0aCI6Ii80Mzk3ODI4NS8zMjk5NDk3MDktN2ZmOWY4N2UtZDc1Yy00ODEwLWE3YWMtODQ3NWI4NTUwZWI4LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MjglMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjI4VDA0NDEyMVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTBiZjlmNGI3ZDc2YTZmOTcwYzc4MDM1MGMyY2MzZTZlMGMzODRjY2Q1ZTNlMmY2YmQzMGE5ODRjYTAxNmUxNGEmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.YAcqdhMXy8p2ngW9Uk4rr7UWIfZk65OgoCzQ75dZNj4)
但是接口请求参数校验失败,提示正则不满足包含数字
修复后
可正常在管理系统下的平台管理/租户管理/ai的个人信息下按配置的passwordPattern的正则修改用户密码
后端校验失败是提示错误信息
//TODO auth服务中校验?