更新密码要求允许常见的特殊字符

2025-08-16 22:31:28 +08:00 · 2025-08-16 22:31:28 +08:00 · 839f86ec84
parent 3b07839e17
commit 839f86ec84
1 changed files with 7 additions and 2 deletions
--- a/app/utils/security.py
+++ b/app/utils/security.py
@ -34,8 +34,13 @@ async def validate_password(password: str):
        raise HTTPException(status_code=400, detail="密码长度必须在6到20之间")
    if not re.search(r'\d', password):
        raise HTTPException(status_code=400, detail="密码必须包含至少一个数字")
-    if re.search(r'[^a-zA-Z0-9]', password):
-        raise HTTPException(status_code=400, detail="密码不能包含特殊字符，只能包含字母和数字")
+    # 检查是否包含允许的特殊字符（白名单方式）
+    allowed_specials = r"!@#$%^&*()_\-+=\[\]{};:'\",.<>?/\\|`~"
+    if re.search(fr"[^\da-zA-Z{re.escape(allowed_specials)}]", password):
+        raise HTTPException(
+            status_code=400,
+            detail=f"密码只能包含字母、数字和常见特殊字符 {allowed_specials}"
+        )


 # 登陆校验