feat(user): add reset password by wechat

微信登录者，根据jscode和token的双重校验，在无需输入旧密码的情况下，修改密码
e-dialect · Dec 17, 2023 · 2f72272 · 2f72272
1 parent b1d9ced
commit 2f72272
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 21 deletions.
diff --git a/hinghwa-dict-backend/user/urls.py b/hinghwa-dict-backend/user/urls.py
@@ -1,6 +1,6 @@
 from django.urls import path
 
-from .view.wechat import WechatLogin, WechatRegister, BindWechat
+from .view.wechat import WechatLogin, WechatRegister, BindWechat, WechatManage
 from .views import *
 from .view.manage import *
 from .view.forget import *
@@ -17,9 +17,7 @@
 urlpatterns += [
     path("<int:id>", csrf_exempt(Manage.as_view())),  # get US0201 put US0301
     path("<int:id>/password", csrf_exempt(ManagePassword.as_view())),  # put US0302
-    path(
-        "<int:id>/password/reset", csrf_exempt(ManagePassword.as_view())
-    ),  # post US0307
+    path("<int:id>/password/reset", csrf_exempt(WechatManage.as_view())),  # post US0307
     path("<int:id>/email", csrf_exempt(ManageEmail.as_view())),  # put US0303
     path("<int:id>/points", csrf_exempt(ManagePoints.as_view())),
 ]

diff --git a/hinghwa-dict-backend/user/view/manage.py b/hinghwa-dict-backend/user/view/manage.py
@@ -139,23 +139,6 @@ def put(self, request, id) -> JsonResponse:
             status=200,
         )
 
-    # US0307 微信更新用户密码
-    def post(self, request, id) -> JsonResponse:
-        user = get_request_user(request)
-        if user.id != id:
-            raise ForbiddenException
-        body = demjson.decode(request.body)
-        password_validator(body["newpassword"])
-        user.set_password(body["newpassword"])
-        user.save()
-        return JsonResponse(
-            {
-                "user": user_all(user),
-                "token": generate_token(user),
-            },
-            status=200,
-        )
-
 
 class ManageEmail(View):
     # US0303 更新用户邮箱

diff --git a/hinghwa-dict-backend/user/view/wechat.py b/hinghwa-dict-backend/user/view/wechat.py
@@ -13,7 +13,9 @@
     NotBoundWechat,
     NotFoundException,
 )
+from utils.exception.types.forbidden import ForbiddenException
 from utils.token import generate_token, check_request_user
+from user.dto.user_all import user_all
 
 
 class OpenId:
@@ -106,3 +108,29 @@ def delete(self, request, id) -> JsonResponse:
         user.user_info.wechat = ""
         user.user_info.save()
         return JsonResponse({}, status=200)
+
+
+class WechatManage(View):
+    # US0307 微信更新用户密码
+    def post(self, request, id) -> JsonResponse:
+        #    基于token获取的用户
+        user = check_request_user(request, id)
+        if user.id != id:
+            raise ForbiddenException
+        body = demjson.decode(request.body)
+        jscode = body["jscode"]
+        openid = OpenId(jscode).get_openid()
+        #   基于jscode获取的用户
+        user_info = UserInfo.objects.filter(wechat__contains=openid)
+        if user_info[0].user != user:
+            raise ForbiddenException
+        password_validator(body["newpassword"])
+        user.set_password(body["newpassword"])
+        user.save()
+        return JsonResponse(
+            {
+                "user": user_all(user),
+                "token": generate_token(user),
+            },
+            status=200,
+        )