From 2f72272ba6647cb74bc7d13386182cc9c0d3ac31 Mon Sep 17 00:00:00 2001 From: Norton-Lin <358154247@qq.com> Date: Sun, 17 Dec 2023 19:23:58 +0800 Subject: [PATCH] feat(user): add reset password by wechat MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 微信登录者,根据jscode和token的双重校验,在无需输入旧密码的情况下,修改密码 --- hinghwa-dict-backend/user/urls.py | 6 ++--- hinghwa-dict-backend/user/view/manage.py | 17 -------------- hinghwa-dict-backend/user/view/wechat.py | 28 ++++++++++++++++++++++++ 3 files changed, 30 insertions(+), 21 deletions(-) diff --git a/hinghwa-dict-backend/user/urls.py b/hinghwa-dict-backend/user/urls.py index 27c34aae..0a0f43a6 100644 --- a/hinghwa-dict-backend/user/urls.py +++ b/hinghwa-dict-backend/user/urls.py @@ -1,6 +1,6 @@ from django.urls import path -from .view.wechat import WechatLogin, WechatRegister, BindWechat +from .view.wechat import WechatLogin, WechatRegister, BindWechat, WechatManage from .views import * from .view.manage import * from .view.forget import * @@ -17,9 +17,7 @@ urlpatterns += [ path("", csrf_exempt(Manage.as_view())), # get US0201 put US0301 path("/password", csrf_exempt(ManagePassword.as_view())), # put US0302 - path( - "/password/reset", csrf_exempt(ManagePassword.as_view()) - ), # post US0307 + path("/password/reset", csrf_exempt(WechatManage.as_view())), # post US0307 path("/email", csrf_exempt(ManageEmail.as_view())), # put US0303 path("/points", csrf_exempt(ManagePoints.as_view())), ] diff --git a/hinghwa-dict-backend/user/view/manage.py b/hinghwa-dict-backend/user/view/manage.py index b2b848c2..4655db05 100644 --- a/hinghwa-dict-backend/user/view/manage.py +++ b/hinghwa-dict-backend/user/view/manage.py @@ -139,23 +139,6 @@ def put(self, request, id) -> JsonResponse: status=200, ) - # US0307 微信更新用户密码 - def post(self, request, id) -> JsonResponse: - user = get_request_user(request) - if user.id != id: - raise ForbiddenException - body = demjson.decode(request.body) - password_validator(body["newpassword"]) - user.set_password(body["newpassword"]) - user.save() - return JsonResponse( - { - "user": user_all(user), - "token": generate_token(user), - }, - status=200, - ) - class ManageEmail(View): # US0303 更新用户邮箱 diff --git a/hinghwa-dict-backend/user/view/wechat.py b/hinghwa-dict-backend/user/view/wechat.py index b185fd50..403feedf 100644 --- a/hinghwa-dict-backend/user/view/wechat.py +++ b/hinghwa-dict-backend/user/view/wechat.py @@ -13,7 +13,9 @@ NotBoundWechat, NotFoundException, ) +from utils.exception.types.forbidden import ForbiddenException from utils.token import generate_token, check_request_user +from user.dto.user_all import user_all class OpenId: @@ -106,3 +108,29 @@ def delete(self, request, id) -> JsonResponse: user.user_info.wechat = "" user.user_info.save() return JsonResponse({}, status=200) + + +class WechatManage(View): + # US0307 微信更新用户密码 + def post(self, request, id) -> JsonResponse: + # 基于token获取的用户 + user = check_request_user(request, id) + if user.id != id: + raise ForbiddenException + body = demjson.decode(request.body) + jscode = body["jscode"] + openid = OpenId(jscode).get_openid() + # 基于jscode获取的用户 + user_info = UserInfo.objects.filter(wechat__contains=openid) + if user_info[0].user != user: + raise ForbiddenException + password_validator(body["newpassword"]) + user.set_password(body["newpassword"]) + user.save() + return JsonResponse( + { + "user": user_all(user), + "token": generate_token(user), + }, + status=200, + )