From 0a51ec8ad50707e1bb38ed2ababab7756b074622 Mon Sep 17 00:00:00 2001
From: cxt <853663049@qq.com>
Date: Mon, 9 Dec 2019 16:30:34 +0800
Subject: [PATCH] =?UTF-8?q?=E5=B9=B3=E5=8F=B0=E5=AF=86=E7=A0=81=E7=9A=84?=
 =?UTF-8?q?=E9=AA=8C=E8=AF=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/forms/users/update_password_form.rb | 2 +-
 app/libs/custom_regexp.rb               | 1 +
 app/models/user.rb                      | 3 +++
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/forms/users/update_password_form.rb b/app/forms/users/update_password_form.rb
index 4da341839..db674384c 100644
--- a/app/forms/users/update_password_form.rb
+++ b/app/forms/users/update_password_form.rb
@@ -3,5 +3,5 @@ class Users::UpdatePasswordForm
 
   attr_accessor :password, :old_password
 
-  validates :password, presence: true
+  validates :password, presence: true, length: { minimum: 8, maximum: 16 }, format: { with: CustomRegexp::PASSWORD, message: "8~16位密码，支持字母数字和符号" }
 end
\ No newline at end of file
diff --git a/app/libs/custom_regexp.rb b/app/libs/custom_regexp.rb
index 2a2a99384..dd2ebb0b8 100644
--- a/app/libs/custom_regexp.rb
+++ b/app/libs/custom_regexp.rb
@@ -3,4 +3,5 @@ module CustomRegexp
   EMAIL = /\A[a-zA-Z0-9]+([._\\]*[a-zA-Z0-9])*@([a-z0-9]+[-a-z0-9]*[a-z0-9]+.){1,63}[a-z0-9]+\z/
   LASTNAME = /\A[a-zA-Z0-9\u4e00-\u9fa5]+\z/
   NICKNAME = /\A[\u4e00-\u9fa5_a-zA-Z0-9]+\z/
+  PASSWORD = /\A[a-z_A-Z0-9-\.!@#\$%\\\^&\*\)\(\+=\{\}\[\]\/",'<>~\·`\?:;|]{8,16}\z/
 end
\ No newline at end of file
diff --git a/app/models/user.rb b/app/models/user.rb
index eb3ece0a4..b73dc48ff 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -23,6 +23,8 @@ class User < ApplicationRecord
   # 身份证
   VALID_NUMBER_REGEX = /(^[1-9]\d{5}(18|19|20|(3\d))\d{2}((0[1-9])|(1[0-2]))(([0-2][1-9])|10|20|30|31)\d{3}[0-9Xx]$)|(^([A-Z]\d{6,10}(\(\w{1}\))?)$)/
 
+  VALID_PASSWORD_REGEX = /\A[a-z_A-Z0-9-\.!@#\$%\\\^&\*\)\(\+=\{\}\[\]\/",'<>~\·`\?:;|]{8,16}\z/
+
   LOGIN_LENGTH_LIMIT = 30
   MAIL_LENGTH_LMIT = 60
 
@@ -181,6 +183,7 @@ class User < ApplicationRecord
   #validates_format_of :ID_number, with: VALID_NUMBER_REGEX, multiline: true, message: "身份证号格式不对"
   # validates :nickname, presence: true, length: { maximum: 10 }
   # validates :lastname, presence: true
+  validates :password, with: VALID_PASSWORD_REGEX, message: "8~16位密码，支持字母数字和符号"
 
   # 删除自动登录的token，一旦退出下次会提示需要登录
   def delete_autologin_token(value)