feat:新增忘记密码模块（模拟短信验证码）

fix:修复bug

Author: insistence

dash-fastapi-backend/module_admin/controller/login_controller.py

@@ -1,4 +1,3 @@
-import uuid
 from fastapi import APIRouter
 from module_admin.service.login_service import *
 from module_admin.entity.vo.login_vo import *
@@ -65,6 +64,36 @@ async def login(request: Request, form_data: CustomOAuth2PasswordRequestForm = D
         return response_500(data="", message=str(e))
 
 
+@loginController.post("/getSmsCode", response_model=SmsCode)
+async def get_sms_code(request: Request, user: ResetUserModel, query_db: Session = Depends(get_db)):
+    try:
+        sms_result = await get_sms_code_services(request, query_db, user)
+        if sms_result.is_success:
+            logger.info('获取成功')
+            return response_200(data=sms_result, message='获取成功')
+        else:
+            logger.warning(sms_result.message)
+            return response_400(data='', message=sms_result.message)
+    except Exception as e:
+        logger.exception(e)
+        return response_500(data="", message=str(e))
+
+
+@loginController.post("/forgetPwd", response_model=CrudUserResponse)
+async def forget_user_pwd(request: Request, forget_user: ResetUserModel, query_db: Session = Depends(get_db)):
+    try:
+        forget_user_result = await forget_user_services(request, query_db, forget_user)
+        if forget_user_result.is_success:
+            logger.info(forget_user_result.message)
+            return response_200(data=forget_user_result, message=forget_user_result.message)
+        else:
+            logger.warning(forget_user_result.message)
+            return response_400(data="", message=forget_user_result.message)
+    except Exception as e:
+        logger.exception(e)
+        return response_500(data="", message=str(e))
+
+
 @loginController.post("/getLoginUserInfo", response_model=CurrentUserInfoServiceResponse, dependencies=[Depends(CheckUserInterfaceAuth('common'))])
 async def get_login_user_info(request: Request, current_user: CurrentUserInfoServiceResponse = Depends(get_current_user)):
     try:

dash-fastapi-backend/module_admin/controller/user_controller.py

@@ -3,7 +3,7 @@
 import base64
 from config.get_db import get_db
 from config.env import CachePathConfig
-from module_admin.service.login_service import get_current_user, get_password_hash
+from module_admin.service.login_service import get_current_user
 from module_admin.service.user_service import *
 from module_admin.entity.vo.user_vo import *
 from module_admin.dao.user_dao import *
@@ -37,7 +37,7 @@ async def get_system_user_list(request: Request, user_page_query: UserPageObject
 @log_decorator(title='用户管理', business_type=1)
 async def add_system_user(request: Request, add_user: AddUserModel, query_db: Session = Depends(get_db), current_user: CurrentUserInfoServiceResponse = Depends(get_current_user)):
     try:
-        add_user.password = get_password_hash(add_user.password)
+        add_user.password = PwdUtil.get_password_hash(add_user.password)
         add_user.create_by = current_user.user.user_name
         add_user.update_by = current_user.user.user_name
         add_user_result = UserService.add_user_services(query_db, add_user)
@@ -155,9 +155,9 @@ async def change_system_user_profile_info(request: Request, edit_user: AddUserMo
 @log_decorator(title='个人信息', business_type=2)
 async def reset_system_user_password(request: Request, reset_user: ResetUserModel,  query_db: Session = Depends(get_db), current_user: CurrentUserInfoServiceResponse = Depends(get_current_user)):
     try:
-        if not reset_user.user_id:
+        if not reset_user.user_id and reset_user.old_password:
             reset_user.user_id = current_user.user.user_id
-        reset_user.password = get_password_hash(reset_user.password)
+        reset_user.password = PwdUtil.get_password_hash(reset_user.password)
         reset_user.update_by = current_user.user.user_name
         reset_user.update_time = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
         reset_user_result = UserService.reset_user_services(query_db, reset_user)

dash-fastapi-backend/module_admin/entity/vo/login_vo.py

@@ -14,3 +14,10 @@ class UserLogin(BaseModel):
 class Token(BaseModel):
     access_token: str
     token_type: str
+
+
+class SmsCode(BaseModel):
+    is_success: Optional[bool]
+    sms_code: str
+    session_id: str
+    message: Optional[str]

dash-fastapi-backend/module_admin/entity/vo/user_vo.py

@@ -200,6 +200,8 @@ class ResetUserModel(UserModel):
     重置用户密码模型
     """
     old_password: Optional[str]
+    sms_code: Optional[str]
+    session_id: Optional[str]
 
 
 class DeleteUserModel(BaseModel):

dash-fastapi-backend/module_admin/service/login_service.py

@@ -1,19 +1,22 @@
 from module_admin.entity.vo.user_vo import *
-from module_admin.entity.vo.login_vo import UserLogin
+from module_admin.entity.vo.login_vo import *
 from module_admin.dao.login_dao import *
+from module_admin.service.user_service import UserService
 from module_admin.dao.user_dao import *
 from jose import JWTError, jwt
-from passlib.context import CryptContext
 from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
+import random
+import uuid
 from config.env import JwtConfig
+from utils.pwd_util import *
 from utils.response_util import *
 from utils.log_util import *
+from utils.message_util import *
 from datetime import datetime, timedelta
 from fastapi import Request, Form
 from fastapi import Depends, Header
 from config.get_db import get_db
 
-pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
 oauth2_scheme = OAuth2PasswordBearer(tokenUrl="login/loginByAccount")
 
 
@@ -94,37 +97,65 @@ async def get_current_user(request: Request = Request, token: str = Depends(oaut
         raise AuthException(data="", message="用户token已失效，请重新登录")
 
 
-async def logout_services(request: Request, session_id: str):
+async def get_sms_code_services(request: Request, result_db: Session, user: ResetUserModel):
     """
-    退出登录services
+    获取短信验证码service
     :param request: Request对象
-    :param session_id: 会话编号
-    :return: 退出登录结果
+    :param result_db: orm对象
+    :param user: 用户对象
+    :return: 短信验证码对象
     """
-    await request.app.state.redis.delete(f'access_token:{session_id}')
-    # await request.app.state.redis.delete(f'{current_user.user.user_id}_access_token')
-    # await request.app.state.redis.delete(f'{current_user.user.user_id}_session_id')
+    redis_sms_result = await request.app.state.redis.get(f"sms_code:{user.session_id}")
+    if redis_sms_result:
+        return SmsCode(**dict(is_success=False, sms_code='', session_id='', message='短信验证码仍在有效期内'))
+    is_user = UserDao.get_user_by_name(result_db, user.user_name)
+    if is_user:
+        sms_code = str(random.randint(100000, 999999))
+        session_id = str(uuid.uuid4())
+        await request.app.state.redis.set(f"sms_code:{session_id}", sms_code, ex=timedelta(minutes=2))
+        # 此处模拟调用短信服务
+        message_service(sms_code)
 
-    return True
+        return SmsCode(**dict(is_success=True, sms_code=sms_code, session_id=session_id, message='获取成功'))
+
+    return SmsCode(**dict(is_success=False, sms_code='', session_id='', message='用户不存在'))
 
 
-def verify_password(plain_password, hashed_password):
+async def forget_user_services(request: Request, result_db: Session, forget_user: ResetUserModel):
     """
-    工具方法：校验当前输入的密码与数据库存储的密码是否一致
-    :param plain_password: 当前输入的密码
-    :param hashed_password: 数据库存储的密码
-    :return: 校验结果
+    用户忘记密码services
+    :param request: Request对象
+    :param result_db: orm对象
+    :param forget_user: 重置用户对象
+    :return: 重置结果
     """
-    return pwd_context.verify(plain_password, hashed_password)
+    redis_sms_result = await request.app.state.redis.get(f"sms_code:{forget_user.session_id}")
+    if forget_user.sms_code == redis_sms_result:
+        forget_user.password = PwdUtil.get_password_hash(forget_user.password)
+        forget_user.user_id = UserDao.get_user_by_name(result_db, forget_user.user_name).user_id
+        edit_result = UserService.reset_user_services(result_db, forget_user)
+        result = edit_result.dict()
+    elif not redis_sms_result:
+        result = dict(is_success=False, message='短信验证码已过期')
+    else:
+        await request.app.state.redis.delete(f"sms_code:{forget_user.session_id}")
+        result = dict(is_success=False, message='短信验证码不正确')
+
+    return CrudUserResponse(**result)
 
 
-def get_password_hash(input_password):
+async def logout_services(request: Request, session_id: str):
     """
-    工具方法：对当前输入的密码进行加密
-    :param input_password: 输入的密码
-    :return: 加密成功的密码
+    退出登录services
+    :param request: Request对象
+    :param session_id: 会话编号
+    :return: 退出登录结果
     """
-    return pwd_context.hash(input_password)
+    await request.app.state.redis.delete(f'access_token:{session_id}')
+    # await request.app.state.redis.delete(f'{current_user.user.user_id}_access_token')
+    # await request.app.state.redis.delete(f'{current_user.user.user_id}_session_id')
+
+    return True
 
 
 async def check_login_captcha(request: Request, login_user: UserLogin):
@@ -160,10 +191,10 @@ async def authenticate_user(request: Request, query_db: Session, login_user: Use
     if login_user.captcha_enabled:
         await check_login_captcha(request, login_user)
     user = login_by_account(query_db, login_user.user_name)
-    if not user[0]:
+    if not user:
         logger.warning("用户不存在")
         raise LoginException(data="", message="用户不存在")
-    if not verify_password(login_user.password, user[0].password):
+    if not PwdUtil.verify_password(login_user.password, user[0].password):
         cache_password_error_count = await request.app.state.redis.get(f"password_error_count:{login_user.user_name}")
         password_error_counted = 0
         if cache_password_error_count:

dash-fastapi-backend/module_admin/service/user_service.py

@@ -1,6 +1,7 @@
+from fastapi import Request
 from module_admin.entity.vo.user_vo import *
 from module_admin.dao.user_dao import *
-from module_admin.service.login_service import verify_password
+from utils.pwd_util import *
 from utils.common_util import export_list2excel
 
 
@@ -152,19 +153,26 @@ def reset_user_services(cls, result_db: Session, page_object: ResetUserModel):
         :param page_object: 重置用户对象
         :return: 重置用户校验结果
         """
-        user = UserDao.get_user_detail_by_id(result_db, user_id=page_object.user_id).user_basic_info[0]
+        reset_user = page_object.dict(exclude_unset=True)
         if page_object.old_password:
-            if not verify_password(page_object.old_password, user.password):
-                result = CrudUserResponse(**dict(is_success=False, message='旧密码不正确'))
+            user = UserDao.get_user_detail_by_id(result_db, user_id=page_object.user_id).user_basic_info[0]
+            if not PwdUtil.verify_password(page_object.old_password, user.password):
+                result = dict(is_success=False, message='旧密码不正确')
+                return CrudUserResponse(**result)
             else:
-                reset_user = page_object.dict(exclude_unset=True)
                 del reset_user['old_password']
-                result = UserDao.edit_user_dao(result_db, reset_user)
-        else:
-            reset_user = page_object.dict(exclude_unset=True)
-            result = UserDao.edit_user_dao(result_db, reset_user)
+        if page_object.sms_code and page_object.session_id:
+            del reset_user['sms_code']
+            del reset_user['session_id']
+        try:
+            UserDao.edit_user_dao(result_db, reset_user)
+            result_db.commit()
+            result = dict(is_success=True, message='重置成功')
+        except Exception as e:
+            result_db.rollback()
+            result = dict(is_success=False, message=str(e))
 
-        return result
+        return CrudUserResponse(**result)
 
     @staticmethod
     def export_user_list_services(user_list: List):

dash-fastapi-backend/utils/message_util.py

@@ -0,0 +1,5 @@
+from utils.log_util import logger
+
+
+def message_service(sms_code: str):
+    logger.info(f"短信验证码为{sms_code}")

dash-fastapi-backend/utils/pwd_util.py

@@ -0,0 +1,28 @@
+from passlib.context import CryptContext
+
+pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+
+
+class PwdUtil:
+    """
+    密码工具类
+    """
+
+    @classmethod
+    def verify_password(cls, plain_password, hashed_password):
+        """
+        工具方法：校验当前输入的密码与数据库存储的密码是否一致
+        :param plain_password: 当前输入的密码
+        :param hashed_password: 数据库存储的密码
+        :return: 校验结果
+        """
+        return pwd_context.verify(plain_password, hashed_password)
+
+    @classmethod
+    def get_password_hash(cls, input_password):
+        """
+        工具方法：对当前输入的密码进行加密
+        :param input_password: 输入的密码
+        :return: 加密成功的密码
+        """
+        return pwd_context.hash(input_password)

dash-fastapi-frontend/api/message.py

@@ -3,4 +3,4 @@
 
 def send_message_api(page_obj: dict):
 
-    return api_request(method='post', url='/login/loginByAccount', is_headers=False, json=page_obj)
+    return api_request(method='post', url='/login/getSmsCode', is_headers=False, json=page_obj)

dash-fastapi-frontend/api/user.py

@@ -1,9 +1,9 @@
 from utils.request import api_request
 
 
-def change_password_api(page_obj: dict):
+def forget_user_pwd_api(page_obj: dict):
 
-    return api_request(method='post', url='/login/loginByAccount', is_headers=False, json=page_obj)
+    return api_request(method='post', url='/login/forgetPwd', is_headers=False, json=page_obj)
 
 
 def get_user_list_api(page_obj: dict):