Skip to content

Commit

Permalink
Update user and auth error message (#379)
Browse files Browse the repository at this point in the history
  • Loading branch information
@wu-clan
wu-clan authored Aug 11, 2024
1 parent 144d704 commit f61dc4f
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 33 deletions.
18 changes: 9 additions & 9 deletions backend/app/admin/service/auth_service.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,11 @@ async def swagger_login(*, obj: HTTPBasicCredentials) -> tuple[str, User]:
async with async_db_session.begin() as db:
current_user = await user_dao.get_by_username(db, obj.username)
if not current_user:
raise errors.NotFoundError(msg='用户不存在')
raise errors.NotFoundError(msg='用户名或密码有误')
elif not await password_verify(f'{obj.password}{current_user.salt}', current_user.password):
raise errors.AuthorizationError(msg='密码错误')
raise errors.AuthorizationError(msg='用户名或密码有误')
elif not current_user.status:
raise errors.AuthorizationError(msg='用户已锁定, 登陆失败')
raise errors.AuthorizationError(msg='用户已被锁定, 请联系统管理员')
access_token, _ = await create_access_token(str(current_user.id), multi_login=current_user.is_multi_login)
await user_dao.update_login_time(db, obj.username)
return access_token, current_user
Expand All @@ -48,11 +48,11 @@ async def login(*, request: Request, obj: AuthLoginParam, background_tasks: Back
try:
current_user = await user_dao.get_by_username(db, obj.username)
if not current_user:
raise errors.NotFoundError(msg='用户不存在')
raise errors.NotFoundError(msg='用户名或密码有误')
elif not await password_verify(obj.password + current_user.salt, current_user.password):
raise errors.AuthorizationError(msg='密码错误')
raise errors.AuthorizationError(msg='用户名或密码有误')
elif not current_user.status:
raise errors.AuthorizationError(msg='用户已锁定, 登陆失败')
raise errors.AuthorizationError(msg='用户已被锁定, 请联系统管理员')
captcha_code = await redis_client.get(f'{admin_settings.CAPTCHA_LOGIN_REDIS_PREFIX}:{request.state.ip}')
if not captcha_code:
raise errors.AuthorizationError(msg='验证码失效,请重新获取')
Expand Down Expand Up @@ -107,13 +107,13 @@ async def login(*, request: Request, obj: AuthLoginParam, background_tasks: Back
async def new_token(*, request: Request, refresh_token: str) -> GetNewToken:
user_id = await jwt_decode(refresh_token)
if request.user.id != user_id:
raise errors.TokenError(msg='刷新 token 无效')
raise errors.TokenError(msg='Refresh Token 无效')
async with async_db_session() as db:
current_user = await user_dao.get(db, user_id)
if not current_user:
raise errors.NotFoundError(msg='用户不存在')
raise errors.NotFoundError(msg='用户名或密码有误')
elif not current_user.status:
raise errors.AuthorizationError(msg='用户已锁定,操作失败')
raise errors.AuthorizationError(msg='用户已被锁定, 请联系统管理员')
current_token = await get_token(request)
new_token = await create_new_token(
sub=str(current_user.id),
Expand Down
32 changes: 16 additions & 16 deletions backend/app/admin/service/user_service.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,14 +32,14 @@ async def register(*, obj: RegisterUserParam) -> None:
raise errors.ForbiddenError(msg='密码为空')
username = await user_dao.get_by_username(db, obj.username)
if username:
raise errors.ForbiddenError(msg='该用户名已注册')
obj.nickname = obj.nickname if obj.nickname else f'用户{random.randrange(10000, 99999)}'
raise errors.ForbiddenError(msg='用户已注册')
obj.nickname = obj.nickname if obj.nickname else f'#{random.randrange(10000, 88888)}'
nickname = await user_dao.get_by_nickname(db, obj.nickname)
if nickname:
raise errors.ForbiddenError(msg='昵称已注册')
email = await user_dao.check_email(db, obj.email)
if email:
raise errors.ForbiddenError(msg='该邮箱已注册')
raise errors.ForbiddenError(msg='邮箱已注册')
await user_dao.create(db, obj)

@staticmethod
Expand All @@ -48,16 +48,16 @@ async def add(*, request: Request, obj: AddUserParam) -> None:
await superuser_verify(request)
username = await user_dao.get_by_username(db, obj.username)
if username:
raise errors.ForbiddenError(msg='此用户名已注册')
obj.nickname = obj.nickname if obj.nickname else f'用户{random.randrange(10000, 99999)}'
raise errors.ForbiddenError(msg='用户已注册')
obj.nickname = obj.nickname if obj.nickname else f'#{random.randrange(88888, 99999)}'
nickname = await user_dao.get_by_nickname(db, obj.nickname)
if nickname:
raise errors.ForbiddenError(msg='昵称已注册')
if not obj.password:
raise errors.ForbiddenError(msg='密码为空')
email = await user_dao.check_email(db, obj.email)
if email:
raise errors.ForbiddenError(msg='该邮箱已注册')
raise errors.ForbiddenError(msg='邮箱已注册')
dept = await dept_dao.get(db, obj.dept_id)
if not dept:
raise errors.NotFoundError(msg='部门不存在')
Expand All @@ -71,11 +71,11 @@ async def add(*, request: Request, obj: AddUserParam) -> None:
async def pwd_reset(*, request: Request, obj: ResetPasswordParam) -> int:
async with async_db_session.begin() as db:
if not await password_verify(f'{obj.old_password}{request.user.salt}', request.user.password):
raise errors.ForbiddenError(msg='旧密码错误')
raise errors.ForbiddenError(msg='原密码错误')
np1 = obj.new_password
np2 = obj.confirm_password
if np1 != np2:
raise errors.ForbiddenError(msg='两次密码输入不一致')
raise errors.ForbiddenError(msg='密码输入不一致')
new_pwd = await get_hash_password(f'{obj.new_password}{request.user.salt}')
count = await user_dao.reset_password(db, request.user.id, new_pwd)
prefix = [
Expand Down Expand Up @@ -106,15 +106,15 @@ async def update(*, request: Request, username: str, obj: UpdateUserParam) -> in
if input_user.username != obj.username:
_username = await user_dao.get_by_username(db, obj.username)
if _username:
raise errors.ForbiddenError(msg='该用户名已存在')
raise errors.ForbiddenError(msg='用户名已注册')
if input_user.nickname != obj.nickname:
nickname = await user_dao.get_by_nickname(db, obj.nickname)
if nickname:
raise errors.ForbiddenError(msg='改昵称已存在')
raise errors.ForbiddenError(msg='昵称已注册')
if input_user.email != obj.email:
email = await user_dao.check_email(db, obj.email)
if email:
raise errors.ForbiddenError(msg='该邮箱已注册')
raise errors.ForbiddenError(msg='邮箱已注册')
count = await user_dao.update_userinfo(db, input_user, obj)
return count

Expand All @@ -123,7 +123,7 @@ async def update_roles(*, request: Request, username: str, obj: UpdateUserRolePa
async with async_db_session.begin() as db:
if not request.user.is_superuser:
if request.user.username != username:
raise errors.ForbiddenError(msg='你只能修改自己的角色')
raise errors.AuthorizationError
input_user = await user_dao.get_with_relation(db, username=username)
if not input_user:
raise errors.NotFoundError(msg='用户不存在')
Expand All @@ -139,7 +139,7 @@ async def update_avatar(*, request: Request, username: str, avatar: AvatarParam)
async with async_db_session.begin() as db:
if not request.user.is_superuser:
if request.user.username != username:
raise errors.ForbiddenError(msg='你只能修改自己的头像')
raise errors.AuthorizationError
input_user = await user_dao.get_by_username(db, username)
if not input_user:
raise errors.NotFoundError(msg='用户不存在')
Expand All @@ -159,7 +159,7 @@ async def update_permission(*, request: Request, pk: int) -> int:
else:
user_id = request.user.id
if pk == user_id:
raise errors.ForbiddenError(msg='禁止修改自身管理员权限')
raise errors.ForbiddenError(msg='非法操作')
super_status = await user_dao.get_super(db, user_id)
count = await user_dao.set_super(db, pk, False if super_status else True)
return count
Expand All @@ -173,7 +173,7 @@ async def update_staff(*, request: Request, pk: int) -> int:
else:
user_id = request.user.id
if pk == user_id:
raise errors.ForbiddenError(msg='禁止修改自身后台管理登陆权限')
raise errors.ForbiddenError(msg='非法操作')
staff_status = await user_dao.get_staff(db, user_id)
count = await user_dao.set_staff(db, pk, False if staff_status else True)
return count
Expand All @@ -187,7 +187,7 @@ async def update_status(*, request: Request, pk: int) -> int:
else:
user_id = request.user.id
if pk == user_id:
raise errors.ForbiddenError(msg='禁止修改自身状态')
raise errors.ForbiddenError(msg='非法操作')
status = await user_dao.get_status(db, user_id)
count = await user_dao.set_status(db, pk, False if status else True)
return count
Expand Down
14 changes: 6 additions & 8 deletions backend/common/security/jwt.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ async def create_refresh_token(sub: str, expire_time: datetime | None = None, **
expire_datetime = timezone.f_datetime(expire_time)
current_datetime = timezone.now()
if expire_datetime < current_datetime:
raise TokenError(msg='Refresh Token 过期时间无效')
raise TokenError(msg='Refresh Token 已过期')
expire_seconds = int((expire_datetime - current_datetime).total_seconds())
else:
expire = timezone.now() + timedelta(seconds=settings.TOKEN_EXPIRE_SECONDS)
Expand Down Expand Up @@ -191,7 +191,7 @@ async def get_current_user(db: AsyncSession, data: dict) -> User:
if not user:
raise TokenError(msg='Token 无效')
if not user.status:
raise AuthorizationError(msg='用户已锁定')
raise AuthorizationError(msg='用户已被锁定,请联系系统管理员')
if user.dept_id:
if not user.dept.status:
raise AuthorizationError(msg='用户所属部门已锁定')
Expand All @@ -212,9 +212,7 @@ def superuser_verify(request: Request) -> bool:
:param request:
:return:
"""
is_superuser = request.user.is_superuser
if not is_superuser:
raise AuthorizationError(msg='仅管理员有权操作')
if not request.user.is_staff:
raise AuthorizationError(msg='此管理员已被禁止后台管理操作')
return is_superuser
superuser = request.user.is_superuser
if not superuser or not request.user.is_staff:
raise AuthorizationError
return superuser

0 comments on commit f61dc4f

Please sign in to comment.