fix: 修改密码校验

373af9ac · 邓超 · 55a6d87c · 373af9ac · 373af9ac
Commit 373af9ac authored Jun 08, 2023 by 邓超
Hide whitespace changes
Inline Side-by-side

Showing with 43 additions and 7 deletions

AddUserModal.jsx src/pages/userCenter/userManage/AddUserModal.jsx +11 -2

EditUserModal.jsx src/pages/userCenter/userManage/EditUserModal.jsx +32 -5

No files found.
--- a/src/pages/userCenter/userManage/AddUserModal.jsx
+++ b/src/pages/userCenter/userManage/AddUserModal.jsx
@@ -98,6 +98,11 @@ const AddUserModal = props => {
          message: '提交失败',
          description: '密码至少为6位，且包含数字和字母!',
        });
+      } else if (passwordLevel === '弱') {
+        notification.error({
+          message: '提交失败',
+          description: '密码强度太弱，加强密码强度',
+        });
      } else if (userName === '') {
        notification.error({
          message: '提交失败',
@@ -257,8 +262,12 @@ const AddUserModal = props => {
              label="账号密码"
              rules={[
                {
-                  pattern: /^[a-zA-Z0-9_]{6,16}$/,
-                  message: '长度6-16位，支持字母与数字，允许下划线',
+                  pattern: /^(?=.*[a-zA-Z])(?=.*\d)[\w\S]{6,16}$/,
+                  message: '长度6-16位，必须包含数字与字母',
+                },
+                {
+                  pattern: /^(?!.*(?:SELECT|UPDATE|INSERT|AND|OR|'|"|;|--|\\)).*$/,
+                  message: '当前密码存在sql注入风险，请重新输入', // 防止sql注入
                },
                { required: true },
              ]}

--- a/src/pages/userCenter/userManage/EditUserModal.jsx
+++ b/src/pages/userCenter/userManage/EditUserModal.jsx
@@ -94,6 +94,7 @@ const EditUserModal = props => {
      //   });
      //   return;
      // }
+
      if ((newPassword && newPassword.length < 6) || (passwordConfirm && passwordConfirm < 6)) {
        notification.error({
          message: '提交失败',
@@ -108,6 +109,25 @@ const EditUserModal = props => {
        });
        return;
      }
+      if (newPassword && newPassword) {
+        if (newPasswordLevel === '弱') {
+          notification.error({
+            message: '提交失败',
+            description: '密码强度太弱，加强密码强度',
+          });
+          return;
+        }
+        if (
+          !/^(?=.*[a-zA-Z])(?=.*\d)[\w\S]{6,16}$/.test(newPassword) ||
+          !/^(?!.*(?:SELECT|UPDATE|INSERT|AND|OR|'|"|;|--|\\)).*$/.test(newPassword)
+        ) {
+          notification.error({
+            message: '提交失败',
+            description: '密码验证未通过',
+          });
+          return;
+        }
+      }
      // 所有验证通过才可以提交,phone/email为空时不验证
      if (
        loginName &&
@@ -339,8 +359,12 @@ const EditUserModal = props => {
              label="新密码"
              rules={[
                {
-                  pattern: /^[a-zA-Z0-9_]{6,16}$/,
-                  message: '长度6-16位，支持字母与数字，允许下划线',
+                  pattern: /^(?=.*[a-zA-Z])(?=.*\d)[\w\S]{6,16}$/,
+                  message: '长度6-16位，必须包含数字与字母',
+                },
+                {
+                  pattern: /^(?!.*(?:SELECT|UPDATE|INSERT|AND|OR|'|"|;|--|\\)).*$/,
+                  message: '当前密码存在sql注入风险，请重新输入', // 防止sql注入
                },
                // { required: true },
              ]}
@@ -374,10 +398,13 @@ const EditUserModal = props => {
              label="确认密码"
              rules={[
                {
-                  pattern: /^[a-zA-Z0-9_]{6,16}$/,
-                  message: '长度6-16位，支持字母与数字，允许下划线',
+                  pattern: /^(?=.*[a-zA-Z])(?=.*\d)[\w\S]{6,16}$/,
+                  message: '长度6-16位，必须包含数字与字母',
+                },
+                {
+                  pattern: /^(?!.*(?:SELECT|UPDATE|INSERT|AND|OR|'|"|;|--|\\)).*$/,
+                  message: '当前密码存在sql注入风险，请重新输入', // 防止sql注入
                },
-                // { required: true },
              ]}
            >
              <Input.Password