From 12b6eae6e85460625a26c75acbc010906cf4578f Mon Sep 17 00:00:00 2001
From: virusdefender <1670873886@qq.com>
Date: Thu, 10 Sep 2015 15:59:48 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E4=BF=AE=E6=94=B9=E5=AF=86?=
 =?UTF-8?q?=E7=A0=81=E7=9A=84=E9=AA=8C=E8=AF=81=E7=A0=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 account/serializers.py                          |  1 +
 account/views.py                                |  4 ++++
 oj/urls.py                                      |  1 +
 static/src/js/app/oj/account/change_password.js | 12 +++++++++++-
 template/src/oj/account/change_password.html    |  8 +++++++-
 utils/captcha/views.py                          |  8 ++++++++
 6 files changed, 32 insertions(+), 2 deletions(-)
 create mode 100644 utils/captcha/views.py

diff --git a/account/serializers.py b/account/serializers.py
index 179d28d5..4cda3ae0 100644
--- a/account/serializers.py
+++ b/account/serializers.py
@@ -27,6 +27,7 @@ class UserRegisterSerializer(serializers.Serializer):
 class UserChangePasswordSerializer(serializers.Serializer):
     old_password = serializers.CharField()
     new_password = serializers.CharField(max_length=30, min_length=6)
+    captcha = serializers.CharField(max_length=4, min_length=4)
 
 
 class UserSerializer(serializers.ModelSerializer):
diff --git a/account/views.py b/account/views.py
index 1da8967d..1304ded5 100644
--- a/account/views.py
+++ b/account/views.py
@@ -7,6 +7,7 @@ from django.db.models import Q
 from rest_framework.views import APIView
 
 from utils.shortcuts import serializer_invalid_response, error_response, success_response, paginate
+from utils.captcha import Captcha
 
 from .decorators import login_required
 from .models import User
@@ -79,6 +80,9 @@ class UserChangePasswordAPIView(APIView):
         serializer = UserChangePasswordSerializer(data=request.data)
         if serializer.is_valid():
             data = serializer.data
+            captcha = Captcha(request)
+            if not captcha.check(data["captcha"]):
+                return error_response(u"验证码错误")
             username = request.user.username
             user = auth.authenticate(username=username, password=data["old_password"])
             if user:
diff --git a/oj/urls.py b/oj/urls.py
index a5582d26..8d6e819a 100644
--- a/oj/urls.py
+++ b/oj/urls.py
@@ -112,4 +112,5 @@ urlpatterns = [
     url(r'^help/$', TemplateView.as_view(template_name="utils/help.html"), name="help_page"),
 
     url(r'^api/submission/share/$', SubmissionShareAPIView.as_view(), name="submission_share_api"),
+    url(r'^captcha/$', "utils.captcha.views.show_captcha", name="show_captcha"),
 ]
diff --git a/static/src/js/app/oj/account/change_password.js b/static/src/js/app/oj/account/change_password.js
index 608114f7..a66505db 100644
--- a/static/src/js/app/oj/account/change_password.js
+++ b/static/src/js/app/oj/account/change_password.js
@@ -1,13 +1,22 @@
 require(["jquery", "bsAlert", "csrfToken", "validator"], function ($, bsAlert, csrfTokenHeader) {
 
+    function refresh_captcha(){
+        this.src = "/captcha/?" + Math.random();
+        $("#captcha")[0].value = "";
+    }
+    $("#captcha-img").click(function(){
+        refresh_captcha();
+    });
+
     $('form').validator().on('submit', function (e) {
         e.preventDefault();
         var newPassword = $("#new_password ").val();
         var password = $("#password").val();
+        var captcha = $("#captcha").val();
         $.ajax({
             beforeSend: csrfTokenHeader,
             url: "/api/change_password/",
-            data: {new_password: newPassword, old_password: password},
+            data: {new_password: newPassword, old_password: password, captcha: captcha},
             dataType: "json",
             method: "post",
             success: function (data) {
@@ -15,6 +24,7 @@ require(["jquery", "bsAlert", "csrfToken", "validator"], function ($, bsAlert, c
                     window.location.href = "/login/";
                 }
                 else {
+                    refresh_captcha();
                     bsAlert(data.data);
                 }
             }
diff --git a/template/src/oj/account/change_password.html b/template/src/oj/account/change_password.html
index dad9d144..d8099f53 100644
--- a/template/src/oj/account/change_password.html
+++ b/template/src/oj/account/change_password.html
@@ -17,7 +17,13 @@
                 </div>
                 <div class="form-group">
                     <label for="confirm_password">确认密码</label>
-                    <input type="password" class="form-control input-lg" id="confirm_password" name="confirm_password" placeholder="确认密码" maxlength="30" data-match="#new_password" data-match-error="两个密码不一致" require>
+                    <input type="password" class="form-control input-lg" id="confirm_password" name="confirm_password" placeholder="确认密码" maxlength="30" data-match="#new_password" data-match-error="两个密码不一致" required>
+                    <div class="help-block with-errors"></div>
+                </div>
+                <div class="form-group">
+                    <label for="confirm_password">验证码</label>
+                    <img src="/captcha/" id="captcha-img">
+                    <input type="text" class="form-control input-lg" id="captcha" name="captcha" placeholder="验证码" maxlength="4" required>
                     <div class="help-block with-errors"></div>
                 </div>
                 <div class="form-group">
diff --git a/utils/captcha/views.py b/utils/captcha/views.py
new file mode 100644
index 00000000..85629127
--- /dev/null
+++ b/utils/captcha/views.py
@@ -0,0 +1,8 @@
+# coding=utf-8
+from django.http import HttpResponse
+
+from utils.captcha import Captcha
+
+
+def show_captcha(request):
+    return HttpResponse(Captcha(request).display(), content_type="image/gif")