feat: 密码登录复杂度校验可选择

apps/auth1/serializers.py

@@ -4,6 +4,7 @@ from rest_framework import serializers
 class LoginSerializer(serializers.Serializer):
     username = serializers.CharField(label="用户名")
     password = serializers.CharField(label="密码")
+    password_check = serializers.BooleanField(required=False, default=True)
 
 
 class SendCodeSerializer(serializers.Serializer):

apps/auth1/services.py

@@ -1,5 +1,6 @@
 from django.core.cache import cache
 from rest_framework.exceptions import ParseError
+import re
 
 
 def check_phone_code(phone, code, raise_exception=True):
@@ -9,3 +10,15 @@ def check_phone_code(phone, code, raise_exception=True):
     if raise_exception:
         raise ParseError('验证码错误')
     return False
+
+
+
+def validate_password(password):
+    # 正则表达式匹配规则
+    pattern = r"^(?=.*[a-zA-Z])(?=.*\d)(?=.*[@#$%^&+=!])(?!.*\s).{8,}$"
+    
+    # 使用正则表达式进行匹配
+    if re.match(pattern, password):
+        return True
+    else:
+        return False

apps/auth1/urls.py

@@ -1,14 +1,13 @@
 
 from django.urls import path
-from rest_framework_simplejwt.views import (TokenObtainPairView,
-                                            TokenRefreshView)
+from rest_framework_simplejwt.views import TokenRefreshView
 
 from apps.auth1.views import (CodeLogin, LoginView, LogoutView, PwResetView,
-                              SecretLogin, SendCode, TokenBlackView, WxLogin, WxmpLogin)
+                              SecretLogin, SendCode, TokenBlackView, WxLogin, WxmpLogin, TokenLoginView)
 
 API_BASE_URL = 'api/auth/'
 urlpatterns = [
-    path(API_BASE_URL + 'token/', TokenObtainPairView.as_view(), name='token_obtain_pair'),
+    path(API_BASE_URL + 'token/', TokenLoginView.as_view(), name='token_obtain_pair'),
     path(API_BASE_URL + 'token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
     path(API_BASE_URL + 'token/black/', TokenBlackView.as_view(), name='token_black'),
     path(API_BASE_URL + 'login/', LoginView.as_view(), name='session_login'),

apps/auth1/views.py

@@ -16,11 +16,13 @@ from apps.utils.wxmp import wxmpClient
 from apps.utils.wx import wxClient
 from django.contrib.auth.hashers import make_password
 from django.db.models import Q
+from apps.auth1.services import validate_password
 
 
 from apps.auth1.serializers import (CodeLoginSerializer, LoginSerializer,
                                     PwResetSerializer, SecretLoginSerializer, SendCodeSerializer, WxCodeSerializer)
 from apps.system.models import User
+from rest_framework_simplejwt.views import TokenObtainPairView
 
 # Create your views here.
 
@@ -32,6 +34,32 @@ def get_tokens_for_user(user: User):
         'access': str(refresh.access_token),
     }
 
+class TokenLoginView(CreateAPIView):
+    """
+    账户名/密码获取token
+
+    账户名/密码获取token
+    """
+    authentication_classes = []  
+    permission_classes = []
+    serializer_class = LoginSerializer
+
+    def create(self, request, *args, **kwargs):
+        serializer = self.get_serializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        vdata = serializer.validated_data
+        password_check = vdata.get('password_check', True)
+        # 校验密码复杂度
+        is_ok = validate_password(vdata.get('password'))
+        if is_ok is False and password_check:
+            raise ParseError('密码校验失败, 请更换登录方式并修改密码')
+        user = authenticate(username=vdata.get('username'),
+                            password=vdata.get('password'))
+        if user is not None:
+            token_dict = get_tokens_for_user(user)
+            token_dict['password_ok'] = is_ok
+            return Response(token_dict)
+        raise ParseError(**USERNAME_OR_PASSWORD_WRONG)
     
 class TokenBlackView(APIView):
     permission_classes = [IsAuthenticated]