Gitlink
/
forgeplus
Not watched
1
0
Fork 0
Code
Releases 16 Wiki evaluate Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain HPC
Browse Source

新增: 登陆密码加密处理

pull/347/head
yystopf 1 year ago
parent
de2ee51fc4
commit
fd3bcfe92b
2 changed files with 51 additions and 4 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +6
    -4
      app/controllers/accounts_controller.rb
  2. +45
    -0
      app/helpers/aes_crypt_helper.rb

+ 6
- 4
app/controllers/accounts_controller.rb View File

@@ -1,6 +1,7 @@
class AccountsController < ApplicationController class AccountsController < ApplicationController
before_action :require_login, only: [:login_check, :simple_update, :change_password] before_action :require_login, only: [:login_check, :simple_update, :change_password]
include ApplicationHelper include ApplicationHelper
include AesCryptHelper


#skip_before_action :check_account, :only => [:logout] #skip_before_action :check_account, :only => [:logout]


@@ -193,8 +194,9 @@ class AccountsController < ApplicationController


# 用户登录 # 用户登录
def login def login
Users::LoginForm.new(login_params).validate!
@user = User.try_to_login(params[:login], params[:password])
password = decrypt(login_params[:password]) rescue ""
Users::LoginForm.new(login_params.merge!({password: password})).validate!
@user = User.try_to_login(params[:login], password)


return normal_status(-2, "错误的账号或密码") if @user.blank? return normal_status(-2, "错误的账号或密码") if @user.blank?
# user is already in local database # user is already in local database
@@ -203,7 +205,7 @@ class AccountsController < ApplicationController
login_control = LimitForbidControl::UserLogin.new(@user) login_control = LimitForbidControl::UserLogin.new(@user)
return normal_status(-2, "登录密码出错已达上限,账号已被锁定,请#{login_control.forbid_expires/60}分钟后重新登录或找回密码") if login_control.forbid? return normal_status(-2, "登录密码出错已达上限,账号已被锁定,请#{login_control.forbid_expires/60}分钟后重新登录或找回密码") if login_control.forbid?


password_ok = @user.check_password?(params[:password].to_s)
password_ok = @user.check_password?(password.to_s)
unless password_ok unless password_ok
if login_control.remain_times-1 == 0 if login_control.remain_times-1 == 0
normal_status(-2, "登录密码出错已达上限,账号已被锁定,请#{login_control.forbid_expires/60}分钟后重新登录或找回密码") normal_status(-2, "登录密码出错已达上限,账号已被锁定,请#{login_control.forbid_expires/60}分钟后重新登录或找回密码")
@@ -216,7 +218,7 @@ class AccountsController < ApplicationController


LimitForbidControl::UserLogin.new(@user).clear LimitForbidControl::UserLogin.new(@user).clear
successful_authentication(@user) successful_authentication(@user)
sync_pwd_to_gitea!(@user, {password: params[:password].to_s}) # TODO用户密码未同步
sync_pwd_to_gitea!(@user, {password: password.to_s}) # TODO用户密码未同步
# session[:user_id] = @user.id # session[:user_id] = @user.id
end end


+ 45
- 0
app/helpers/aes_crypt_helper.rb View File

@@ -0,0 +1,45 @@
module AesCryptHelper

AES_KEY = EduSetting.get("login_crypt_key") || '59c96c3572ab8cc1'

def encrypt(plain_text, output_encoding = 'base64')

# 将字符串密钥和IV转换为16字节的字节数组
key = AES_KEY.byteslice(0, 16)
iv = AES_KEY.byteslice(0, 16)

# 创建并设置AES-CBC加密器
cipher = OpenSSL::Cipher.new('AES-128-CBC')
cipher.encrypt
cipher.key = key
cipher.iv = iv

# 加密数据,并添加PKCS7填充
encrypted_data = cipher.update(plain_text) + cipher.final
# 将加密数据转换为Base64编码
Base64.strict_encode64(encrypted_data)
end
def decrypt(cipher_text, input_encoding = 'base64')
# 确保密钥是16字节长
key = AES_KEY.byteslice(0, 16) # 如果密钥不足16字节,填充空格;如果超过,截断
iv = AES_KEY.byteslice(0, 16)
decipher = OpenSSL::Cipher.new('AES-128-CBC')
decipher.decrypt
decipher.key = key
decipher.iv = iv
# 根据输入编码解码密文
decrypted_data = case input_encoding
when 'base64'
Base64.strict_decode64(cipher_text)
else
cipher_text
end
decrypted = decipher.update(decrypted_data) + decipher.final
decrypted
end
end

Write Preview
Loading…
Cancel
Save