def user_identify(self):
"""
用户鉴权
:return: (status, )
"""
auth_token = request.headers.get('OSR-BearerToken')
if auth_token:
payload = self.decode_auth_token(auth_token)
if not isinstance(payload, str):
user = User(ObjectId(payload['data']['id']))
if not user:
result = (
None,
gettext(
"User authentication failed, user does not exist"))
else:
if user.jwt_login_time and payload['data']["cid"] in user.jwt_login_time and \
user.jwt_login_time[payload['data']["cid"]] == payload['data']['login_time']:
result = (True, user)
else:
result = (
None,
gettext(
'User authentication token expired or changed. Please log in again for access'
))
else:
result = (None, gettext("Token is abnormal"))
else:
result = (
None,
gettext(
'No user authentication token provided "OSR-BearerToken"'))
return result
def load_user(user_id):
"""
当检测到用户已登录时回调此函数(登录针对非BearerToken验证用户的客户端,如普通浏览器)
:param user_id:
:return:用户实例
"""
user = User(user_id)
return user
def p_sign_in(username, password, code_url_obj, code, remember_me, use_jwt_auth=0):
'''
用户登录函数
:param adm:
:return:
'''
data = {}
if current_user.is_authenticated and username in [current_user.username,
current_user.email,
current_user.mphone_num]:
data['msg'] = gettext("Is logged in")
data["msg_type"] = "s"
data["http_status"] = 201
data['to_url'] = request.argget.all('next') or get_config("login_manager", "LOGIN_IN_TO")
return data
# name & pass
s, r = email_format_ver(username)
s2, r2 = mobile_phone_format_ver(username)
if s:
user = mdb_user.db.user.find_one({"email":username})
elif s2:
user = mdb_user.db.user.find_one({"mphone_num": username})
else:
user = mdb_user.db.user.find_one({"username":username})
if not user:
data = {"msg":gettext("Account or password error"), "msg_type":"e", "http_status":401}
return data
user = User(user["_id"])
# 判断是否多次密码错误,是就要验证图片验证码
user_p = mdb_user.db.user_login_log.find_one({'user_id':user.str_id})
PW_WRONG_NUM_IMG_CODE = get_config("login_manager", "PW_WRONG_NUM_IMG_CODE")
if user_p and 'pass_error' in user_p and user_p['pass_error'] >= PW_WRONG_NUM_IMG_CODE:
# 图片验证码验证
r = verify_image_code(code_url_obj, code)
if not r:
data["open_img_verif_code"] = True
data['msg'] = gettext("Verification code error")
data["msg_type"] = "e"
data["http_status"] = 401
return data
# 密码验证
if user and user.verify_password(password) and not user.is_delete:
if user.is_active:
if use_jwt_auth:
# 使用的时jwt验证
# 获取token
jwt_auth = JwtAuth()
data["auth_token"] = jwt_auth.get_login_token(user)
client = "app"
else:
login_user(user, remember_me)
client = "browser"
# 记录登录日志
login_log(user, client)
data['msg'] = gettext("Sign in success")
data["msg_type"] = "s"
data["http_status"] = 201
data["to_url"] = request.argget.all('next') or get_config("login_manager", "LOGIN_IN_TO")
return data
# 未激活
data['msg'] = gettext("Account is inactive or frozen")
data["msg_type"] = "w"
data["http_status"] = 401
else:
# 密码错误
mdb_user.db.user_login_log.update_one({'user_id':user.str_id},
{"$inc":{"pass_error":1}},
upsert=True)
# 判断是否多次密码错误
if user_p and 'pass_error' in user_p and user_p['pass_error'] >= PW_WRONG_NUM_IMG_CODE:
# 图片验证码验证码
data["open_img_verif_code"] = True
data['msg'] = gettext("Account or password error")
data["msg_type"] = "e"
data["http_status"] = 401
return data
def third_party_sign_in(platform_name):
'''
第三方登录回调函数
:param hook_name: 第三方登录钩子名称,如:"wechat_login"
:return:
'''
# 检测插件
data = plugin_manager.call_plug(hook_name="{}_login".format(platform_name),
request_argget_all=request.argget.all)
if data == "__no_plugin__":
data = {"msg":gettext("No login processing plugin for this platform, please install the relevant plugin first"),
"msg_type":"e", "http_status":400}
return data
unionid = data.get("unionid")
# 检测用户是否等录过
query = {
"login_platform.{}.unionid".format(platform_name):unionid
}
user = mdb_user.db.user.find_one(query)
if user:
# 此用户已经在当前平台登录过, 直接登录
user = User(user["_id"])
if user.is_active:
login_user(user, False)
# 记录登录日志
login_log(user, client="unknown:{}".format(platform_name))
data = {"msg":gettext("Sign in success"), "msg_type":"s", "http_status":201}
else:
# 未激活
data = {"msg":gettext("Account is inactive or frozen"), "msg_type":"w",
"http_status":401}
else:
# 第一次登录, 注册信息
# 用户基本信息
nickname = "{}_{}".format(data.get("nickname"),randint(10000000,99999999))
gender = data.get("gender")
email = data.get("email")
avatar_url = data.get("avatar_url")
province = data.get("province")
city = data.get("city")
country = data.get("country")
address = {"province":province, "city":city, "country":country}
s, r = arg_verify(reqargs=[("unionid", unionid)], required=True)
if not s:
return r
s, r = arg_verify(reqargs=[(gettext("gender"), gender)], only=["secret", "m", "f"])
if not s:
return r
role_id = mdb_user.db.role.find_one({"default": {"$in": [True, 1]}})["_id"]
user = user_model(
unionid=unionid,
platform_name=platform_name,
username=nickname,
email=email,
mphone_num=None,
password=None,
custom_domain=-1,
address=address,
avatar_url=avatar_url,
role_id=role_id,
active=True
)
r = mdb_user.db.user.insert_one(user)
if r.inserted_id:
data = {'msg':gettext('Registered successfully'),
'to_url':'/sign-in',
'msg_type':'s',"http_status":201}
else:
data = {'msg': gettext('Data saved incorrectly, please try again'),
'msg_type': 'e', "http_status": 400}
return data
