From b36aa6f917212145fa36d6f989b7a17e07ae1018 Mon Sep 17 00:00:00 2001 From: Tao Chen Date: Thu, 31 Oct 2024 16:22:42 +0800 Subject: [PATCH 1/2] add IsPasswordEmpty... --- service/user.go | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/service/user.go b/service/user.go index 6bb431f..95328c0 100644 --- a/service/user.go +++ b/service/user.go @@ -304,3 +304,27 @@ func (us *UserService) FindLatestUserIdFromLoginLogByUuid(uuid string) uint { global.DB.Where("uuid = ?", uuid).Order("id desc").First(llog) return llog.UserId } + +// IsPasswordEmptyById 根据用户id判断密码是否为空,主要用于第三方登录的自动注册 +func (us *UserService) IsPasswordEmptyById(id uint) bool { + u := &model.User{} + if global.DB.Where("id = ?", id).First(u).Error != nil { + return false + } + return u.Password == "" +} + +// IsPasswordEmptyByUsername 根据用户id判断密码是否为空,主要用于第三方登录的自动注册 +func (us *UserService) IsPasswordEmptyByUsername(username string) bool { + u := &model.User{} + if global.DB.Where("username = ?", username).First(u).Error != nil { + return false + } + return u.Password == "" +} + +// IsPasswordEmptyByUser 判断密码是否为空,主要用于第三方登录的自动注册 +func (us *UserService) IsPasswordEmptyByUser(u *model.User) bool { + return us.IsPasswordEmptyById(u.Id) +} + From 46657a525d41f9996018ad5958887db639bb7592 Mon Sep 17 00:00:00 2001 From: Tao Chen Date: Thu, 31 Oct 2024 16:23:06 +0800 Subject: [PATCH 2/2] ommit check old passwd if password is empty --- http/controller/admin/user.go | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/http/controller/admin/user.go b/http/controller/admin/user.go index 9f7415c..a539371 100644 --- a/http/controller/admin/user.go +++ b/http/controller/admin/user.go @@ -247,10 +247,14 @@ func (ct *User) ChangeCurPwd(c *gin.Context) { return } u := service.AllService.UserService.CurUser(c) - oldPwd := service.AllService.UserService.EncryptPassword(f.OldPassword) - if u.Password != oldPwd { - response.Fail(c, 101, response.TranslateMsg(c, "OldPasswordError")) - return + // If the password is not empty, the old password is verified + // otherwise, the old password is not verified + if !service.AllService.UserService.IsPasswordEmptyByUser(u) { + oldPwd := service.AllService.UserService.EncryptPassword(f.OldPassword) + if u.Password != oldPwd { + response.Fail(c, 101, response.TranslateMsg(c, "OldPasswordError")) + return + } } err := service.AllService.UserService.UpdatePassword(u, f.NewPassword) if err != nil {