From fba56365b54598d79eb7b0e23767df0ede0b542e Mon Sep 17 00:00:00 2001
From: nero <nero@canway.net>
Date: Tue, 2 Jul 2024 17:40:06 +0800
Subject: [PATCH 1/2] =?UTF-8?q?fix:parse=5Fusername=5Fdomain=20=E8=A7=A3?=
 =?UTF-8?q?=E6=9E=90=E5=BC=82=E5=B8=B8=EF=BC=8C=E6=8A=A5=E9=94=99=E4=BF=A1?=
 =?UTF-8?q?=E6=81=AF=E6=B3=84=E6=BC=8F=EF=BC=8C=E6=B3=84=E6=BC=8F=E4=BB=A3?=
 =?UTF-8?q?=E7=A0=81=E7=BB=9D=E5=AF=B9=E8=B7=AF=E5=BE=84?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/api/bkuser_core/api/login/views.py        |  6 +++++-
 src/api/bkuser_core/api/web/password/views.py | 20 +++++++++++++++----
 src/api/bkuser_core/api/web/profile/views.py  |  5 ++++-
 3 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/src/api/bkuser_core/api/login/views.py b/src/api/bkuser_core/api/login/views.py
index 5fad78066..e0429b050 100644
--- a/src/api/bkuser_core/api/login/views.py
+++ b/src/api/bkuser_core/api/login/views.py
@@ -356,7 +356,11 @@ def batch_query(self, request):
         domain_username_map = defaultdict(list)
 
         for x in username_list:
-            username, domain = parse_username_domain(x)
+            try:
+                username, domain = parse_username_domain(x)
+            except Exception:
+                raise error_codes.USERNAME_FORMAT_ERROR
+
             if not domain:
                 # default domain
                 domain = ProfileCategory.objects.get_default().domain
diff --git a/src/api/bkuser_core/api/web/password/views.py b/src/api/bkuser_core/api/web/password/views.py
index 534cc1f62..2ba1cd17a 100644
--- a/src/api/bkuser_core/api/web/password/views.py
+++ b/src/api/bkuser_core/api/web/password/views.py
@@ -42,7 +42,7 @@
 from bkuser_core.categories.models import ProfileCategory
 from bkuser_core.common.error_codes import error_codes
 from bkuser_core.profiles.constants import ProfileStatus
-from bkuser_core.profiles.exceptions import ProfileEmailEmpty
+from bkuser_core.profiles.exceptions import ProfileEmailEmpty, UsernameWithDomainFormatError
 from bkuser_core.profiles.models import Profile, ProfileTokenHolder
 from bkuser_core.profiles.signals import post_profile_update
 from bkuser_core.profiles.tasks import send_password_by_email
@@ -133,7 +133,11 @@ def post(self, request, *args, **kwargs):
         # SaaS 修改密码页面需要登录态, 登录用户即operator
         username = get_operator(request)
         # 注意, 这里的username是带域的
-        username, domain = parse_username_domain(username)
+        try:
+            username, domain = parse_username_domain(username)
+        except Exception:
+            raise error_codes.USERNAME_FORMAT_ERROR
+
         if not domain:
             domain = ProfileCategory.objects.get(default=True).domain
         instance = Profile.objects.get(username=username, domain=domain)
@@ -187,7 +191,11 @@ def get(self, request, *args, **kwargs):
         else:
             # 兼容登录态的change_password页面获取目录密码配置
             username = get_operator(request)
-            username, domain = parse_username_domain(username)
+            try:
+                username, domain = parse_username_domain(username)
+            except Exception:
+                raise error_codes.USERNAME_FORMAT_ERROR
+
             if not domain:
                 domain = ProfileCategory.objects.get(default=True).domain
             try:
@@ -215,7 +223,11 @@ def post(self, request, *args, **kwargs):
         # 存在着username=telephone的情况
         try:
             # 优先过滤username
-            username, domain = parse_username_domain(input_telephone)
+            try:
+                username, domain = parse_username_domain(input_telephone)
+            except UsernameWithDomainFormatError:
+                raise error_codes.USERNAME_FORMAT_ERROR
+
             if not domain:
                 domain = ProfileCategory.objects.get_default().domain
             # filter过滤，判断是否存在，存在则仅有一个
diff --git a/src/api/bkuser_core/api/web/profile/views.py b/src/api/bkuser_core/api/web/profile/views.py
index 50434a625..f6885140c 100644
--- a/src/api/bkuser_core/api/web/profile/views.py
+++ b/src/api/bkuser_core/api/web/profile/views.py
@@ -61,8 +61,11 @@ def get(self, request, *args, **kwargs):
 
         data = slz.validated_data
         username = data["username"]
+        try:
+            username, domain = parse_username_domain(username)
+        except Exception:
+            raise error_codes.USERNAME_FORMAT_ERROR
 
-        username, domain = parse_username_domain(username)
         if not domain:
             domain = ProfileCategory.objects.get(default=True).domain
 

From 3a0fc5ef8d15fb1d770b3bb906471b6d469d4ade Mon Sep 17 00:00:00 2001
From: nero <nero@canway.net>
Date: Wed, 3 Jul 2024 14:16:21 +0800
Subject: [PATCH 2/2] =?UTF-8?q?refactor:=20cr=E8=B0=83=E6=95=B4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/api/bkuser_core/api/web/password/views.py | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/api/bkuser_core/api/web/password/views.py b/src/api/bkuser_core/api/web/password/views.py
index 2ba1cd17a..83d67956c 100644
--- a/src/api/bkuser_core/api/web/password/views.py
+++ b/src/api/bkuser_core/api/web/password/views.py
@@ -42,7 +42,7 @@
 from bkuser_core.categories.models import ProfileCategory
 from bkuser_core.common.error_codes import error_codes
 from bkuser_core.profiles.constants import ProfileStatus
-from bkuser_core.profiles.exceptions import ProfileEmailEmpty, UsernameWithDomainFormatError
+from bkuser_core.profiles.exceptions import ProfileEmailEmpty
 from bkuser_core.profiles.models import Profile, ProfileTokenHolder
 from bkuser_core.profiles.signals import post_profile_update
 from bkuser_core.profiles.tasks import send_password_by_email
@@ -223,10 +223,7 @@ def post(self, request, *args, **kwargs):
         # 存在着username=telephone的情况
         try:
             # 优先过滤username
-            try:
-                username, domain = parse_username_domain(input_telephone)
-            except UsernameWithDomainFormatError:
-                raise error_codes.USERNAME_FORMAT_ERROR
+            username, domain = parse_username_domain(input_telephone)
 
             if not domain:
                 domain = ProfileCategory.objects.get_default().domain
@@ -260,6 +257,10 @@ def post(self, request, *args, **kwargs):
             logger.exception("this telephone<%s> had bound to multi profiles", input_telephone)
             raise error_codes.TELEPHONE_BOUND_TO_MULTI_PROFILE
 
+        except Exception:
+            logger.exception("failed to get profile by username<%s> because of username format error", input_telephone)
+            raise error_codes.USERNAME_FORMAT_ERROR
+
         # 生成verification_code_token
         verification_code_token = ResetPasswordVerificationCodeHandler().generate_reset_password_token(profile.id)
         raw_telephone = profile.telephone