perf: password 等使用 rsa 加密传输 (#8188)

* perf: 修改 model fields 路径 * stash it * pref: 统一加密方式，密码字段采用 rsa 加密 * pref: 临时密码使用 rsa * perf: 去掉 debug msg * perf: 去掉 Debug * perf: 去掉 debug * perf: 抽出来 Co-authored-by: ibuler <ibuler@qq.com>
2025-10-23 08:49:04 +00:00 · 2022-05-07 16:20:12 +08:00
parent 3f856e68f0
commit 031077c298
43 changed files with 291 additions and 245 deletions
--- a/apps/authentication/forms.py
+++ b/apps/authentication/forms.py
@@ -1,15 +1,25 @@
 # -*- coding: utf-8 -*-
 #
-
 from django import forms
 from django.conf import settings
 from django.utils.translation import ugettext_lazy as _
 from captcha.fields import CaptchaField, CaptchaTextInput

+from common.utils import get_logger, rsa_decrypt_by_session_pkey
+
+logger = get_logger(__name__)
+
+
+class EncryptedField(forms.CharField):
+    def to_python(self, value):
+        value = super().to_python(value)
+        return rsa_decrypt_by_session_pkey(value)
+

 class UserLoginForm(forms.Form):
    days_auto_login = int(settings.SESSION_COOKIE_AGE / 3600 / 24)
-    disable_days_auto_login = settings.SESSION_EXPIRE_AT_BROWSER_CLOSE_FORCE or days_auto_login < 1
+    disable_days_auto_login = settings.SESSION_EXPIRE_AT_BROWSER_CLOSE_FORCE \
+                              or days_auto_login < 1

    username = forms.CharField(
        label=_('Username'), max_length=100,
@@ -18,7 +28,7 @@ class UserLoginForm(forms.Form):
            'autofocus': 'autofocus'
        })
    )
-    password = forms.CharField(
+    password = EncryptedField(
        label=_('Password'), widget=forms.PasswordInput,
        max_length=1024, strip=False
    )