feat: 用户更改密码不可使用前n次历史密码，管理员可设置历史密码重复次数 (#6010)

* feat: 用户更改密码不可使用前n次历史密码，管理员可设置历史密码重复次数 * feat: 用户更改密码不可使用前n次历史密码，管理员可设置历史密码重复次数, 判断是否为历史密码逻辑修改 * feat: 用户更改密码不可使用前n次历史密码，管理员可设置历史密码重复次数, 提示内容更人性化 * fixs: 用户更改密码不可使用前n次历史密码，管理员可设置历史密码重复次数, 最新国际化翻译文件
2025-09-13 13:59:17 +00:00 · 2021-04-28 17:03:20 +08:00
parent 4519ccfe1a
commit 11e5a97f14
10 changed files with 103 additions and 11 deletions
--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@@ -7,8 +7,11 @@ import string
 import random
 import datetime

+from functools import partial
+
 from django.conf import settings
 from django.contrib.auth.models import AbstractUser
+from django.contrib.auth.hashers import check_password, make_password
 from django.core.cache import cache
 from django.db import models
 from django.db.models import TextChoices
@@ -70,6 +73,22 @@ class AuthMixin:
    def can_use_ssh_key_login():
        return settings.TERMINAL_PUBLIC_KEY_AUTH

+    def is_history_password(self, password):
+        allow_history_password_count = settings.OLD_PASSWORD_HISTORY_LIMIT_COUNT
+        history_passwords = self.history_passwords.all().order_by('-date_created')[:int(allow_history_password_count)]
+
+        for history_password in history_passwords:
+            if check_password(password, history_password.password):
+                return True
+        else:
+            return False
+
+    def save_history_password(self, password):
+        UserPasswordHistory.objects.create(
+            user=self, password=make_password(password),
+            date_created=self.date_password_last_updated
+        )
+
    def is_public_key_valid(self):
        """
            Check if the user's ssh public key is valid.
@@ -729,3 +748,11 @@ class User(AuthMixin, TokenMixin, RoleMixin, MFAMixin, AbstractUser):
        if self.email and self.source == self.Source.local.value:
            return True
        return False
+
+
+class UserPasswordHistory(models.Model):
+    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
+    password = models.CharField(max_length=128)
+    user = models.ForeignKey("users.User", related_name='history_passwords',
+                             on_delete=models.CASCADE, verbose_name=_('User'))
+    date_created = models.DateTimeField(auto_now_add=True, verbose_name=_("Date created"))