Contact Information
No response
MaxKB Version
v2.10.1-lts (build at 2026-06-10T10:47, commit: 7660b48)
Problem Description
控制台登录界面中,触发验证码后,无论验证码输入的内容是什么(错误内容/空着),都可以正常登录。
Steps to Reproduce
- 输入错误的账户与密码后,触发登录验证码显示
- 输入正确的账户与密码,无需输入验证码,即可正常登录
The expected correct result
No response
Related log output
Additional Information
疑似因为
|
if is_license_valid: |
|
# 检查账户是否被锁定 |
|
if LoginSerializer._is_account_locked(username, failed_attempts): |
|
raise AppApiException( |
|
1005, |
|
_("This account has been locked for %s minutes, please try again later") % lock_time |
|
) |
|
|
|
# 验证验证码 |
|
if LoginSerializer._need_captcha(username, max_attempts): |
|
LoginSerializer._validate_captcha(username, captcha) |
导致社区版会直接跳过不校验
Contact Information
No response
MaxKB Version
v2.10.1-lts (build at 2026-06-10T10:47, commit: 7660b48)
Problem Description
控制台登录界面中,触发验证码后,无论验证码输入的内容是什么(错误内容/空着),都可以正常登录。
Steps to Reproduce
The expected correct result
No response
Related log output
Additional Information
疑似因为
MaxKB/apps/users/serializers/login.py
Lines 135 to 145 in e0444ce
导致社区版会直接跳过不校验