Unverified Commit 560df502 authored by 老广's avatar 老广 Committed by GitHub

[Update] 禁用其他认证方式修改密码 (#2286)

* [Update] 禁用其他认证方式修改密码

* [Update] 禁用其他认证方式修改密码

* [Update] 禁用其他认证方式修改密码
parent b55d137e
This diff is collapsed.
...@@ -265,7 +265,6 @@ $(document).ready(function(){ ...@@ -265,7 +265,6 @@ $(document).ready(function(){
systemUserId = $('#system-users-select').val(); systemUserId = $('#system-users-select').val();
$(".select2").select2({ $(".select2").select2({
dropdownAutoWidth : true, dropdownAutoWidth : true,
width: 'auto'
}).on('select2:select', function(evt) { }).on('select2:select', function(evt) {
var data = evt.params.data; var data = evt.params.data;
systemUserId = data.id; systemUserId = data.id;
......
...@@ -120,7 +120,14 @@ class User(AbstractUser): ...@@ -120,7 +120,14 @@ class User(AbstractUser):
def set_password(self, raw_password): def set_password(self, raw_password):
self._set_password = True self._set_password = True
return super().set_password(raw_password) if self.can_update_password():
return super().set_password(raw_password)
else:
error = _("User auth from {}, go there change password").format(self.source)
raise PermissionError(error)
def can_update_password(self):
return self.is_local
@property @property
def otp_secret_key(self): def otp_secret_key(self):
......
...@@ -177,6 +177,7 @@ ...@@ -177,6 +177,7 @@
</span> </span>
</td> </td>
</tr> </tr>
{% if user_object.can_update_password %}
<tr> <tr>
<td>{% trans 'Send reset password mail' %}:</td> <td>{% trans 'Send reset password mail' %}:</td>
<td> <td>
...@@ -185,6 +186,7 @@ ...@@ -185,6 +186,7 @@
</span> </span>
</td> </td>
</tr> </tr>
{% endif %}
<tr> <tr>
<td>{% trans 'Send reset ssh key mail' %}:</td> <td>{% trans 'Send reset ssh key mail' %}:</td>
<td> <td>
......
...@@ -148,14 +148,6 @@ ...@@ -148,14 +148,6 @@
<div class="panel-body"> <div class="panel-body">
<table class="table"> <table class="table">
<tbody> <tbody>
<tr class="no-borders-tr">
<td>{% trans 'Update password' %}:</td>
<td>
<span class="pull-right">
<a type="button" class="btn btn-primary btn-xs" style="width: 54px" href="{% url 'users:user-password-update' %}">{% trans 'Update' %}</a>
</span>
</td>
</tr>
<tr class="no-borders-tr"> <tr class="no-borders-tr">
<td>{% trans 'Set MFA' %}:</td> <td>{% trans 'Set MFA' %}:</td>
<td> <td>
...@@ -177,6 +169,16 @@ ...@@ -177,6 +169,16 @@
</span> </span>
</td> </td>
</tr> </tr>
{% if request.user.can_update_password %}
<tr class="no-borders">
<td>{% trans 'Update password' %}:</td>
<td>
<span class="pull-right">
<a type="button" class="btn btn-primary btn-xs" style="width: 54px" href="{% url 'users:user-password-update' %}">{% trans 'Update' %}</a>
</span>
</td>
</tr>
{% endif %}
{% if request.user.otp_enabled and request.user.otp_secret_key %} {% if request.user.otp_enabled and request.user.otp_secret_key %}
<tr> <tr>
<td>{% trans 'Update MFA' %}:</td> <td>{% trans 'Update MFA' %}:</td>
......
...@@ -3,6 +3,7 @@ ...@@ -3,6 +3,7 @@
{% load bootstrap3 %} {% load bootstrap3 %}
{% block user_template_title %}{% trans "Update user" %}{% endblock %} {% block user_template_title %}{% trans "Update user" %}{% endblock %}
{% block password %} {% block password %}
{% if object.can_update_password %}
{% bootstrap_field form.password layout="horizontal" %} {% bootstrap_field form.password layout="horizontal" %}
{# 密码popover #} {# 密码popover #}
<div id="container"> <div id="container">
...@@ -14,13 +15,24 @@ ...@@ -14,13 +15,24 @@
<div class="popover-content"></div> <div class="popover-content"></div>
</div> </div>
</div> </div>
{% else %}
<div class="form-group">
<label class="col-sm-2 control-label">{% trans 'Password' %}</label>
<div class="col-sm-8 controls" style="margin-top: 8px;" id="password_help_text">
{% trans 'User auth from {}, go there change password' %}
</div>
</div>
{% endif %}
{% bootstrap_field form.public_key layout="horizontal" %} {% bootstrap_field form.public_key layout="horizontal" %}
{% endblock %} {% endblock %}
{% block custom_foot_js %} {% block custom_foot_js %}
{{ block.super }} {{ block.super }}
<script> <script>
$(document).ready(function(){ function passwordCheck() {
if ($('#id_password').length != 1) {
return
}
var el = $('#id_password_rules'), var el = $('#id_password_rules'),
idPassword = $('#id_password'), idPassword = $('#id_password'),
idPopover = $('#popover777'), idPopover = $('#popover777'),
...@@ -39,11 +51,11 @@ ...@@ -39,11 +51,11 @@
"veryStrong": "{% trans 'Very strong' %}" "veryStrong": "{% trans 'Very strong' %}"
}; };
jQuery.each(password_check_rules, function (idx, rules) { $.each(password_check_rules, function (idx, rules) {
if(rules.key === 'id_security_password_min_length'){ if(rules.key === 'id_security_password_min_length'){
minLength = rules.value minLength = rules.value
} }
}); });
// 初始化popover // 初始化popover
initPopover(container, progress, idPassword, el, password_check_rules, i18n_fallback); initPopover(container, progress, idPassword, el, password_check_rules, i18n_fallback);
...@@ -61,6 +73,13 @@ ...@@ -61,6 +73,13 @@
var password = idPassword.val(); var password = idPassword.val();
checkPasswordRules(password, minLength); checkPasswordRules(password, minLength);
}); });
}
$(document).ready(function(){
passwordCheck();
var origin_text = $("#password_help_text").text();
var new_text = origin_text.replace('{}', "{{ object.source_display }}");
$("#password_help_text").html(new_text);
}) })
</script> </script>
......
...@@ -239,7 +239,7 @@ class UserForgotPasswordView(TemplateView): ...@@ -239,7 +239,7 @@ class UserForgotPasswordView(TemplateView):
if not user: if not user:
error = _('Email address invalid, please input again') error = _('Email address invalid, please input again')
return self.get(request, errors=error) return self.get(request, errors=error)
elif not user.is_local: elif not user.can_update_password():
error = _('User auth from {}, go there change password'.format(user.source)) error = _('User auth from {}, go there change password'.format(user.source))
return self.get(request, errors=error) return self.get(request, errors=error)
else: else:
...@@ -298,6 +298,9 @@ class UserResetPasswordView(TemplateView): ...@@ -298,6 +298,9 @@ class UserResetPasswordView(TemplateView):
return self.get(request, errors=_('Password not same')) return self.get(request, errors=_('Password not same'))
user = User.validate_reset_token(token) user = User.validate_reset_token(token)
if not user.can_update_password():
error = _('User auth from {}, go there change password'.format(user.source))
return self.get(request, errors=error)
if not user: if not user:
return self.get(request, errors=_('Token invalid or expired')) return self.get(request, errors=_('Token invalid or expired'))
......
...@@ -414,6 +414,12 @@ class UserPasswordUpdateView(LoginRequiredMixin, UpdateView): ...@@ -414,6 +414,12 @@ class UserPasswordUpdateView(LoginRequiredMixin, UpdateView):
return super().get_success_url() return super().get_success_url()
def form_valid(self, form): def form_valid(self, form):
if not self.request.user.can_update_password():
error = _("User auth from {}, go there change password").format(
self.request.source_display
)
form.add_error("password", error)
return self.form_invalid(form)
password = form.cleaned_data.get('new_password') password = form.cleaned_data.get('new_password')
is_ok = check_password_rules(password) is_ok = check_password_rules(password)
if not is_ok: if not is_ok:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment