AnthonyDuan/luntan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: 保持默认Admin/lzgzsystem常驻且禁止修改密码

Browse Source
This commit is contained in:
AnthonyDuan
2025-12-07 11:08:53 +08:00
parent 60fff79936
commit 20cef898d3
2 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
app/__init__.py
View File

@@ -26,13 +26,18 @@ def create_app():
pass pass
from .models import User, UserStatus, Profile from .models import User, UserStatus, Profile
from werkzeug.security import generate_password_hash from werkzeug.security import generate_password_hash
admin_any = User.query.filter_by(role="admin").first() admin = User.query.filter_by(username="Admin").first()
admin_named = User.query.filter_by(username="Admin").first() if admin:
if not admin_named: admin.role = "admin"
admin.status = UserStatus.approved
admin.password_hash = generate_password_hash("lzgzsystem")
admin.must_change_password = False
db.session.commit()
else:
email = "admin@example.com" email = "admin@example.com"
if User.query.filter_by(email=email).first(): if User.query.filter_by(email=email).first():
email = "admin2@example.com" email = "admin2@example.com"
u = User(email=email, username="Admin", password_hash=generate_password_hash("lzgzsystem"), role="admin", status=UserStatus.approved, must_change_password=True) u = User(email=email, username="Admin", password_hash=generate_password_hash("lzgzsystem"), role="admin", status=UserStatus.approved, must_change_password=False)
db.session.add(u) db.session.add(u)
db.session.flush() db.session.flush()
db.session.add(Profile(user_id=u.id)) db.session.add(Profile(user_id=u.id))

8
app/blueprints/admin.py
View File

@@ -38,12 +38,9 @@ def dashboard():
flash("登录失败") flash("登录失败")
return render_template("admin/login.html") return render_template("admin/login.html")
login_user(user) login_user(user)
if user.role == "admin" and getattr(user, "must_change_password", False):
return redirect(url_for("admin.change_password"))
if not current_user.is_authenticated or role() not in {"admin","sub_admin","checker"}: if not current_user.is_authenticated or role() not in {"admin","sub_admin","checker"}:
return render_template("admin/login.html") return render_template("admin/login.html")
if role()=="admin" and getattr(current_user, "must_change_password", False): # 默认管理员不强制改密
return redirect(url_for("admin.change_password"))
pending_users = User.query.filter_by(status=UserStatus.pending).count() pending_users = User.query.filter_by(status=UserStatus.pending).count()
pending_posts = Post.query.filter_by(status=ReviewStatus.pending).count() pending_posts = Post.query.filter_by(status=ReviewStatus.pending).count()
pending_subs = ActivitySubmission.query.filter_by(status=ReviewStatus.pending).count() pending_subs = ActivitySubmission.query.filter_by(status=ReviewStatus.pending).count()
@@ -54,6 +51,9 @@ def dashboard():
def change_password(): def change_password():
if role() != "admin": if role() != "admin":
return redirect(url_for("admin.dashboard")) return redirect(url_for("admin.dashboard"))
if getattr(current_user, "username", "") == "Admin":
flash("默认管理员密码固定")
return redirect(url_for("admin.dashboard"))
if request.method == "POST": if request.method == "POST":
p1 = request.form.get("password") p1 = request.form.get("password")
p2 = request.form.get("confirm") p2 = request.form.get("confirm")