Merge pull request #866 from wklken/fix_login_password_wrong_500

fix(login): password wrong 500
TencentBlueKing · Apr 13, 2022 · 64f4e84 · 64f4e84
2 parents 69a6b45 + 86b5ec7
commit 64f4e84
Show file tree

Hide file tree

Showing 16 changed files with 123 additions and 86 deletions.
diff --git a/paas2/VERSION b/paas2/VERSION
@@ -1 +1 @@
-2.14.4
+2.14.5
diff --git a/paas2/login/backends/bk.py b/paas2/login/backends/bk.py
@@ -15,10 +15,9 @@
 
 from django.contrib.auth.backends import ModelBackend
 from django.contrib.auth import get_user_model
-from django.core.exceptions import ObjectDoesNotExist
+from django.utils.translation import ugettext_lazy as _
 
-
-from common.exceptions import AuthenticationError
+from common.exceptions import AuthenticationError, PasswordNeedReset
 from components import usermgr_api
 from common.usermgr import get_categories_str
 
@@ -40,6 +39,7 @@ def _split_username(username):
     return "@".join(parts[: length - 1]), parts[length - 1]
 
 
+
 class BkUserBackend(ModelBackend):
     """
     蓝鲸用户管理提供的认证
@@ -64,8 +64,14 @@ def authenticate(self, username=None, password=None, language="", **kwargs):
         # 认证不通过
         if not ok:
             # 用户第一次登录，且需要修改初始密码
-            redirect_to = userinfo.get("url") if code == 3210017 else None
-            raise AuthenticationError(message=message, redirect_to=redirect_to)
+            # redirect_to = userinfo.get("url") if code == 3210017 else None
+            # raise AuthenticationError(message=message, redirect_to=redirect_to)
+            # SHOULD_CHANGE_INITIAL_PASSWORD = 3210021
+            # PASSWORD_EXPIRED = 3210018
+            if code in [3210021, 3210018]:
+                raise PasswordNeedReset(message=message, reset_password_url=userinfo.get("reset_password_url"))
+            message = _("调用用户管理接口失败，请联系管理员, 查看登录日志获取错误详情")
+            raise AuthenticationError(message=message, redirect_to=userinfo.get("redirect_to"))
 
         # here we got the userinfo, but the language is not update yet(async in signal)
         # so we need to use the current language

diff --git a/paas2/login/bkauth/views.py b/paas2/login/bkauth/views.py
@@ -24,7 +24,7 @@
 from django.utils.decorators import available_attrs
 
 from common.license import check_license
-from common.exceptions import AuthenticationError
+from common.exceptions import AuthenticationError, PasswordNeedReset
 from common.mixins.exempt import LoginExemptMixin
 from common.usermgr import get_categories_str
 from bkauth.utils import set_bk_token_invalid, is_safe_url
@@ -94,7 +94,8 @@ def _bk_login(request):
     authentication_form = BkAuthenticationForm
     # NOTE: account/login.html 为支持自适应大小的模板
     template_name = "account/login.html"
-    reset_password_url = "%s://%s/o/bk_user_manage/reset_password" % (settings.HTTP_SCHEMA, request.get_host())
+    forget_reset_password_url = "%s://%s/o/bk_user_manage/reset_password" % (settings.HTTP_SCHEMA, request.get_host())
+    token_set_password_url = ""
 
     redirect_to = request.POST.get(REDIRECT_FIELD_NAME, request.GET.get(REDIRECT_FIELD_NAME, ""))
     # support oauth2 redirect ?next=
@@ -122,6 +123,9 @@ def _bk_login(request):
         except AuthenticationError as e:
             login_redirect_to = e.redirect_to
             error_message = e.message
+        except PasswordNeedReset as e:
+            token_set_password_url = e.reset_password_url
+            error_message = e.message
         else:
             error_message = _(u"账户或者密码错误，请重新输入")
     # GET
@@ -140,7 +144,8 @@ def _bk_login(request):
         "site_name": current_site.name,
         "app_id": app_id,
         "is_license_ok": is_license_ok,
-        "reset_password_url": reset_password_url,
+        "forget_password_url": forget_reset_password_url,
+        "token_set_password_url": token_set_password_url,
         "login_redirect_to": login_redirect_to,
         "categories": categories,
         "is_plain": request.path_info == "/plain/",

diff --git a/paas2/login/common/exceptions.py b/paas2/login/common/exceptions.py
@@ -13,6 +13,8 @@
 
 from __future__ import unicode_literals
 
+from django.utils.translation import ugettext_lazy as _
+
 from common.constants import enum
 
 
@@ -36,3 +38,10 @@ def __init__(self, message=None, redirect_to=None):
             self.message = message
         if redirect_to is not None:
             self.redirect_to = redirect_to
+
+class PasswordNeedReset(Exception):
+    """Auth failure due to needing reset of password"""
+
+    def __init__(self, reset_password_url, message):
+        self.reset_password_url = reset_password_url
+        self.message = message or _("登录校验失败，请重置密码")
diff --git a/paas2/login/components/esb.py b/paas2/login/components/esb.py
@@ -50,6 +50,7 @@ def _call_esb_api(http_func, url_path, data, timeout=30):
 
     code = resp_data.get("code", -1)
     message = resp_data.get("message", "unknown")
+    _data = resp_data.get("data", {})
 
     # code may be string or int, and login v1 the code is "00"
     try:
@@ -68,7 +69,7 @@ def _call_esb_api(http_func, url_path, data, timeout=30):
         message,
     )
 
-    return False, code, message, None
+    return False, code, message, _data
 
 
 def _remove_sensitive_info(info):
@@ -79,9 +80,9 @@ def _remove_sensitive_info(info):
         return ""
 
     data = copy.copy(info)
-    sensitive_info_keys = ["bk_token", "bk_app_secret", "app_secret"]
+    sensitive_info_keys = ["bk_token", "bk_app_secret", "app_secret", "password"]
 
     for key in sensitive_info_keys:
         if key in data:
-            data[key] = data[key][:6] + "******"
+            data[key] = data[key][:3] + "******"
     return str(data)
diff --git a/paas2/login/components/usermgr_api.py b/paas2/login/components/usermgr_api.py
@@ -33,7 +33,7 @@ def authenticate(username, password, language="", domain=""):
         data["domain"] = domain
 
     ok, code, message, _data = _call_esb_api(http_post, path, data)
-    return ok, code, message, _data
+    return ok, code, message, _data or {}
 
 
 def batch_query_users(username_list=[], is_complete=False):

diff --git a/paas2/login/locale/en/LC_MESSAGES/django.mo b/paas2/login/locale/en/LC_MESSAGES/django.mo
diff --git a/paas2/login/locale/en/LC_MESSAGES/django.po b/paas2/login/locale/en/LC_MESSAGES/django.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2022-03-25 11:33+0800\n"
+"POT-Creation-Date: 2022-04-13 11:03+0800\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <[email protected]>\n"
@@ -63,6 +63,10 @@ msgstr ""
 msgid "新标签页"
 msgstr ""
 
+#: backends/bk.py:73
+msgid "调用用户管理接口失败，请联系管理员, 查看登录日志获取错误详情"
+msgstr "calling bk-user api to verify user fail, please contact the administrator to get error details from log of login"
+
 #: bk_oauth2/models.py:66
 msgid "Confidential"
 msgstr ""
@@ -135,10 +139,14 @@ msgstr "Login validity is illegal"
 msgid "长时间无操作，登录态已过期"
 msgstr "Login status has expired"
 
-#: bkauth/views.py:126
+#: bkauth/views.py:130
 msgid "账户或者密码错误，请重新输入"
 msgstr "Username or password is incorrect"
 
+#: common/exceptions.py:47
+msgid "登录校验失败，请重置密码"
+msgstr "Login verified fail, please reset your password"
+
 #: common/license.py:40
 #, python-format
 msgid "证书文件(platform.cert)不存在: %s"
@@ -827,7 +835,6 @@ msgstr ""
 "technical staff's DevOps capabilities. It supports CC/JOB/PaaS."
 
 #: templates/account/base.html:43 templates/account/base.html:98
-#: templates/account/login.html:89
 msgid "蓝鲸智云桌面"
 msgstr "BlueKing Desktop"
 
@@ -856,67 +863,82 @@ msgstr "Back top"
 msgid "返回底部"
 msgstr "Back bottom"
 
-#: templates/account/base.html:95 templates/account/login.html:86
-#: templates/account/login_ce_i18n.html:48
+#: templates/account/base.html:95 templates/account/login_ce_i18n.html:48
 msgid "QQ咨询"
 msgstr "QQ"
 
-#: templates/account/base.html:96 templates/account/login.html:87
-#: templates/account/login_ce_i18n.html:49
+#: templates/account/base.html:96 templates/account/login_ce_i18n.html:49
 msgid "蓝鲸论坛"
 msgstr "BlueKing Forum"
 
-#: templates/account/base.html:97 templates/account/login.html:88
-#: templates/account/login_ce_i18n.html:50
+#: templates/account/base.html:97 templates/account/login_ce_i18n.html:50
 msgid "蓝鲸官网"
 msgstr "Blueking Official"
 
-#: templates/account/base.html:101 templates/account/login_ce.html:113
+#: templates/account/base.html:101 templates/account/login.html:133
+#: templates/account/login_ce.html:113
 msgid "蓝鲸智云 版权所有"
 msgstr " "
 
 #: templates/account/login.html:10
 msgid "登录|蓝鲸智云企业版"
 msgstr "Login|BlueKing"
 
-#: templates/account/login.html:16
+#: templates/account/login.html:54
 msgid "img/logo/logo_cn.svg"
 msgstr "img/logo/logo_en.svg"
 
-#: templates/account/login.html:29
+#: templates/account/login.html:67
 msgid "用户名/邮箱/手机号"
 msgstr "username/email/phone"
 
-#: templates/account/login.html:37
+#: templates/account/login.html:75
 msgid "密码"
 msgstr "password"
 
-#: templates/account/login.html:44 templates/account/login_ce_i18n.html:39
+#: templates/account/login.html:82 templates/account/login_ce_i18n.html:39
 msgid "登录"
 msgstr "SIGN IN"
 
-#: templates/account/login.html:45 templates/account/login.html:50
+#: templates/account/login.html:83 templates/account/login.html:88
 #: templates/account/login_ce_i18n.html:40
 msgid "查看用户协议"
 msgstr "Agreement"
 
-#: templates/account/login.html:53 templates/account/login_ce.html:73
+#: templates/account/login.html:91 templates/account/login_ce.html:73
 msgid "忘记密码？"
 msgstr "Forget password?"
 
-#: templates/account/login.html:72
+#: templates/account/login.html:110
 msgid "img/logo/btn_cn.png"
 msgstr "img/logo/btn_en.png"
 
-#: templates/account/login.html:99 templates/account/login_ce.html:120
+#: templates/account/login.html:124 templates/account/login_ce.html:104
+msgid "技术支持"
+msgstr "Support"
+
+#: templates/account/login.html:125 templates/account/login_ce.html:105
+msgid "社区论坛"
+msgstr "Community"
+
+#: templates/account/login.html:126 templates/account/login_ce.html:106
+msgid "产品官网"
+msgstr "Official"
+
+#: templates/account/login.html:128 templates/account/login_ce.html:108
+#: templates/account/login_ce_i18n.html:52
+msgid "关注我们"
+msgstr "Follow us"
+
+#: templates/account/login.html:145 templates/account/login_ce.html:120
 #: templates/account/login_ce_i18n.html:69
 msgid ""
 "您的浏览器非Chrome，建议您使用最新版本的Chrome浏览，以保证最好的体验效果"
 msgstr ""
 "Your browser is not Chrome, we recommend using the latest version of Chrome "
 "for the best experience"
 
-#: templates/account/login.html:103
+#: templates/account/login.html:149
 msgid "企业证书校验无效，请联系系统管理员处理"
 msgstr ""
 "Enterprise certificate verification ineffective, please contact the system "
@@ -946,22 +968,6 @@ msgstr "Change Password"
 msgid "用户协议 >"
 msgstr "Agreement >"
 
-#: templates/account/login_ce.html:104
-msgid "技术支持"
-msgstr "Support"
-
-#: templates/account/login_ce.html:105
-msgid "社区论坛"
-msgstr "Community"
-
-#: templates/account/login_ce.html:106
-msgid "产品官网"
-msgstr "Official"
-
-#: templates/account/login_ce.html:108 templates/account/login_ce_i18n.html:52
-msgid "关注我们"
-msgstr "Follow us"
-
 #: templates/account/login_ce_i18n.html:10
 msgid "登录|蓝鲸智云"
 msgstr "Login|BlueKing"

diff --git a/paas2/login/locale/en/LC_MESSAGES/djangojs.mo b/paas2/login/locale/en/LC_MESSAGES/djangojs.mo
diff --git a/paas2/login/locale/en/LC_MESSAGES/djangojs.po b/paas2/login/locale/en/LC_MESSAGES/djangojs.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2022-03-25 11:33+0800\n"
+"POT-Creation-Date: 2022-04-13 10:53+0800\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <[email protected]>\n"

diff --git a/paas2/login/locale/zh_Hans/LC_MESSAGES/django.mo b/paas2/login/locale/zh_Hans/LC_MESSAGES/django.mo