feat: 忘记密码支持手机短信找回，并修改邮箱方式和手机方式统一 (#8960)

* feat: 忘记密码支持通过手机找回，邮箱方式修改为和手机方式一致 * feat: 翻译 * feat: 修改翻译 * fix: 还原 Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
2025-09-22 11:58:29 +00:00 · 2022-11-04 13:56:55 +08:00
parent 262d070f3c
commit 1e97a23bc5
15 changed files with 583 additions and 281 deletions
--- a/apps/authentication/api/password.py
+++ b/apps/authentication/api/password.py
@@ -1,13 +1,73 @@
 from rest_framework.generics import CreateAPIView
 from rest_framework.response import Response
+from rest_framework.permissions import AllowAny
+from django.utils.translation import ugettext as _
+from django.template.loader import render_to_string

-from authentication.serializers import PasswordVerifySerializer
+from common.utils.verify_code import SendAndVerifyCodeUtil
 from common.permissions import IsValidUser
+from common.utils.random import random_string
+from common.utils import get_object_or_none
+from authentication.serializers import (
+    PasswordVerifySerializer, ResetPasswordCodeSerializer
+)
+from settings.utils import get_login_title
+from users.models import User
 from authentication.mixins import authenticate
 from authentication.errors import PasswordInvalid
 from authentication.mixins import AuthMixin


+class UserResetPasswordSendCodeApi(CreateAPIView):
+    permission_classes = (AllowAny,)
+    serializer_class = ResetPasswordCodeSerializer
+
+    @staticmethod
+    def is_valid_user( **kwargs):
+        user = get_object_or_none(User, **kwargs)
+        if not user:
+            err_msg = _('User does not exist: {}').format(_("No user matched"))
+            return None, err_msg
+        if not user.is_local:
+            err_msg = _(
+                'The user is from {}, please go to the corresponding system to change the password'
+            ).format(user.get_source_display())
+            return None, err_msg
+        return user, None
+
+    def create(self, request, *args, **kwargs):
+        serializer = self.get_serializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        form_type = serializer.validated_data['form_type']
+        username = serializer.validated_data['username']
+        code = random_string(6, lower=False, upper=False)
+        other_args = {}
+
+        if form_type == 'phone':
+            backend = 'sms'
+            target = serializer.validated_data['phone']
+            user, err = self.is_valid_user(username=username, phone=target)
+            if not user:
+                return Response({'error': err}, status=400)
+        else:
+            backend = 'email'
+            target = serializer.validated_data['email']
+            user, err = self.is_valid_user(username=username, email=target)
+            if not user:
+                return Response({'error': err}, status=400)
+
+            subject = '%s: %s' % (get_login_title(), _('Forgot password'))
+            context = {
+                'user': user, 'title': subject, 'code': code,
+            }
+            message = render_to_string('authentication/_msg_reset_password_code.html', context)
+            other_args['subject'] = subject
+            other_args['message'] = message
+
+        SendAndVerifyCodeUtil(target, code, backend=backend, **other_args).gen_and_send_async()
+        return Response({'data': 'ok'}, status=200)
+
+
 class UserPasswordVerifyApi(AuthMixin, CreateAPIView):
    permission_classes = (IsValidUser,)
    serializer_class = PasswordVerifySerializer
--- a/apps/authentication/mfa/sms.py
+++ b/apps/authentication/mfa/sms.py
@@ -2,7 +2,7 @@ from django.utils.translation import ugettext_lazy as _
 from django.conf import settings

 from .base import BaseMFA
-from common.sdk.sms import SendAndVerifySMSUtil
+from common.utils.verify_code import SendAndVerifyCodeUtil

 sms_failed_msg = _("SMS verify code invalid")

@@ -15,7 +15,7 @@ class MFASms(BaseMFA):
    def __init__(self, user):
        super().__init__(user)
        phone = user.phone if self.is_authenticated() else ''
-        self.sms = SendAndVerifySMSUtil(phone)
+        self.sms = SendAndVerifyCodeUtil(phone, backend=self.name)

    def check_code(self, code):
        assert self.is_authenticated()
@@ -37,7 +37,7 @@ class MFASms(BaseMFA):
        return True

    def send_challenge(self):
-        self.sms.gen_and_send()
+        self.sms.gen_and_send_async()

    @staticmethod
    def global_enabled():
--- a/apps/authentication/serializers/password_mfa.py
+++ b/apps/authentication/serializers/password_mfa.py
@@ -1,15 +1,41 @@
 # -*- coding: utf-8 -*-
 #
+from django.utils.translation import ugettext_lazy as _
 from rest_framework import serializers

 from common.drf.fields import EncryptedField

 __all__ = [
    'MFAChallengeSerializer', 'MFASelectTypeSerializer',
-    'PasswordVerifySerializer',
+    'PasswordVerifySerializer', 'ResetPasswordCodeSerializer',
 ]


+class ResetPasswordCodeSerializer(serializers.Serializer):
+    form_type = serializers.CharField(default='email')
+    username = serializers.CharField()
+    email = serializers.CharField(allow_blank=True)
+    phone = serializers.CharField(allow_blank=True)
+
+    def create(self, attrs):
+        error = []
+        form_type = attrs.get('form_type', 'email')
+        username = attrs.get('username')
+        if not username:
+            error.append(_('The {} cannot be empty').format(_('Username')))
+        if form_type == 'phone':
+            phone = attrs.get('phone')
+            if not phone:
+                error.append(_('The {} cannot be empty').format(_('Phone')))
+        else:
+            email = attrs.get('email')
+            if not email:
+                error.append(_('The {} cannot be empty').format(_('Email')))
+
+        if error:
+            raise serializers.ValidationError(error)
+
+
 class PasswordVerifySerializer(serializers.Serializer):
    password = EncryptedField()

--- a/apps/authentication/templates/authentication/_msg_reset_password_code.html
+++ b/apps/authentication/templates/authentication/_msg_reset_password_code.html
@@ -0,0 +1,21 @@
+{% load i18n %}
+
+<div style="width: 100%; text-align: center">
+    <table style="margin: 0 auto; border: 1px solid #ccc; border-collapse: collapse; width: 60%">
+        <tr style="background-color: #1ab394; color: white">
+            <th style="height: 80px;">{{ title }}</th>
+        </tr>
+        <tr style="border: 1px solid #eee;">
+            <td style="height: 50px;">{% trans 'Hello' %} {{ user.name }},</td>
+        </tr>
+        <tr style="border: 1px solid #eee">
+            <td style="height: 50px;">{% trans 'Verify code' %}: <span style="font-weight: bold;">{{ code }}</span></td>
+        </tr>
+        <tr style="border: 1px solid #eee;">
+            <td style="height: 30px;"> {% trans 'Copy the verification code to the Reset Password page to reset the password.' %} </td>
+        </tr>
+        <tr style="border: 1px solid #eee">
+            <td style="height: 30px;">{% trans 'The validity period of the verification code is one minute' %}</td>
+        </tr>
+    </table>
+</div>
--- a/apps/authentication/urls/api_urls.py
+++ b/apps/authentication/urls/api_urls.py
@@ -32,7 +32,8 @@ urlpatterns = [
    path('mfa/verify/', api.MFAChallengeVerifyApi.as_view(), name='mfa-verify'),
    path('mfa/challenge/', api.MFAChallengeVerifyApi.as_view(), name='mfa-challenge'),
    path('mfa/select/', api.MFASendCodeApi.as_view(), name='mfa-select'),
-    path('mfa/send-code/', api.MFASendCodeApi.as_view(), name='mfa-send-codej'),
+    path('mfa/send-code/', api.MFASendCodeApi.as_view(), name='mfa-send-code'),
+    path('password/reset-code/', api.UserResetPasswordSendCodeApi.as_view(), name='reset-password-code'),
    path('password/verify/', api.UserPasswordVerifyApi.as_view(), name='user-password-verify'),
    path('login-confirm-ticket/status/', api.TicketStatusApi.as_view(), name='login-confirm-ticket-status'),
 ]