From bb4ad680fc4d94b22a1d27292e69febb0e7897bf Mon Sep 17 00:00:00 2001
From: wxg0103 <727495428@qq.com>
Date: Mon, 14 Jul 2025 10:59:32 +0800
Subject: [PATCH] feat: enhance password regex for improved security and
 clarity

---
 apps/users/serializers/user.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/apps/users/serializers/user.py b/apps/users/serializers/user.py
index 0fa1918e3..44022b085 100644
--- a/apps/users/serializers/user.py
+++ b/apps/users/serializers/user.py
@@ -35,9 +35,12 @@ from django.core.mail import send_mail
 from django.utils.translation import get_language
 
 PASSWORD_REGEX = re.compile(
-    r"^(?=.*[a-z])(?=.*[_!@#$%^&*`~.()-+=])"
-    r"(?:(?=.*[A-Z])|(?=.*\d))"
-    r"[a-zA-Z0-9_!@#$%^&*`~.()-+=]{6,20}$"
+    r"^"  # 开始
+    r"(?=.*[a-z])"  # 至少一个小写字母
+    r"(?=.*[-_!@#$%^&*`~.()+=])"  # 至少一个指定的特殊字符
+    r"(?:(?=.*[A-Z])|(?=.*\d))"  # 至少一个大写字母 或 数字
+    r"[a-zA-Z0-9-_!@#$%^&*`~.()+=]{6,20}"  # 总长度6~20个合法字符
+    r"$"  # 结束
 )
 
 version, get_key = Cache_Version.SYSTEM.value