* 直接重置用户密码(管理员功能,无需旧密码) * 用于忘记密码时,通过验证用户名来重置
(username, newPassword)
| 337 | * 用于忘记密码时,通过验证用户名来重置 |
| 338 | */ |
| 339 | async forceResetPassword(username, newPassword) { |
| 340 | try { |
| 341 | const user = await this.getUserByUsername(username); |
| 342 | if (!user) { |
| 343 | throw new Error('用户不存在'); |
| 344 | } |
| 345 | |
| 346 | // 验证新密码复杂度 |
| 347 | if (!this.isPasswordComplex(newPassword)) { |
| 348 | throw new Error('新密码不符合复杂度要求(需要8-16位,包含字母、数字和特殊字符)'); |
| 349 | } |
| 350 | |
| 351 | // 更新密码 |
| 352 | const hashedNewPassword = await bcrypt.hash(newPassword, 10); |
| 353 | await database.run( |
| 354 | 'UPDATE users SET password = ?, updated_at = ? WHERE username = ?', |
| 355 | [hashedNewPassword, new Date().toISOString(), username] |
| 356 | ); |
| 357 | |
| 358 | logger.info(`用户 ${username} 密码已被强制重置`); |
| 359 | return { success: true }; |
| 360 | } catch (error) { |
| 361 | logger.error('强制重置密码失败:', error); |
| 362 | throw error; |
| 363 | } |
| 364 | } |
| 365 | } |
| 366 | |
| 367 | module.exports = new UserServiceDB(); |
nothing calls this directly
no test coverage detected