Browse Source

fixed 账号相关方法增加登录验证,安全校验

pull/347/head
xxq250 1 year ago
parent
commit
ca226e1f81
1 changed files with 1 additions and 0 deletions
  1. +1
    -0
      app/controllers/accounts_controller.rb

+ 1
- 0
app/controllers/accounts_controller.rb View File

@@ -224,6 +224,7 @@ class AccountsController < ApplicationController
def change_password
return render_error("两次输入的密码不一致") if params[:password].to_s != params[:new_password_repeat].to_s
@user = User.find_by(login: params[:login])
return render_forbidden unless User.current.login == @user&.login
return render_error("此用户禁止修改密码!") if @user.id.to_i === 104691
return render_error("未找到相关用户!") if @user.blank?
return render_error("旧密码不正确") unless @user.check_password?(params[:old_password])


Loading…
Cancel
Save