def update(): token = request.args["token"] key = "csrf_token_{}".format(token) username = request.form["username"] user = User.one(username=username) log("reset update:", user.id, cache.get(key)) new_ps = request.form['password'] if cache.exists(key) and int(cache.get(key)) == user.id: user.password = User.salted_password(new_ps) user.save() return redirect('/') else: return abort(401)
def replied_topic(user_id): # O(k)+O(m*n) # rs = Reply.all(user_id=user_id) # ts = [] # for r in rs: # t = Topic.one(id=r.topic_id) # ts.append(t) # return ts # # sql = """ # select * from topic # join reply on reply.topic_id=topic.id # where reply.user_id=1 # """ k = 'replied_topic_{}'.format(user_id) if cache.exists(k): v = cache.get(k) ts = json.loads(v) return ts else: rs = Reply.all(user_id=user_id) ts = [] for r in rs: t = Topic.one(id=r.topic_id) ts.append(t) v = json.dumps([t.json() for t in ts]) cache.set(k, v) return ts
def reset(): token = request.form.get('token') password = request.form.get('password') if cache.exists(token): u = User.one(id=cache.get(token)) u.reset_password(password) cache.delete(token) return redirect(url_for('index.index')) else: redirect('404')
def update(): form = request.form.to_dict() password = form['password'] token = form['token'] if cache.exists(token): u = User.one(id=int(cache.get(token))) form['password'] = User.salted_password(password) form['updated_time'] = int(time.time()) form.pop('token') User.update(u.id, **form) return redirect(url_for('.index'))
def reset_update(token): if token is not None: user_id = cache.get(token) log('user_id:', user_id) u = User.one(id=int(user_id)) new_password = request.form['password'] u.update(id=user_id, password=u.salted_password(new_password)) log('重置密码成功') return redirect(url_for('.index'))
def reset_view(): token = request.args["token"] key = "csrf_token_{}".format(token) if cache.exists(key): user_id = cache.get(key) cache.delete(key) user = User.one(id=user_id) token = new_csrf_token(user) return render_template('reset.html', token=token, user=user) else: return abort(401)
def created_topic(user_id): k = 'created_topic_{}'.format(user_id) if cache.exists(k): v = cache.get(k) ts = json.loads(v) ts = [Topic(**t) for t in ts] return ts else: ts = Topic.all(user_id=user_id) v = json.dumps([t.json() for t in ts]) cache.set(k, v) return ts
def update(token): k = 'csrf_tokens_{}'.format(token) v = cache.get(k) uid = v if uid is None: abort(401) u = User.one(id=uid) new_pass = request.form['password'] u.update(id=u.id, password=User.salted_password(new_pass)) return redirect(url_for('login.login'))
def update(): form = request.form.to_dict() log('form', form) token = str(request.referrer).split('=')[-1] # log('token', token, request.referrer, csrf_tokens) # user_id = csrf_tokens[token] user_id = cache.get(token) u = User.one(id=user_id) new_password = User.salted_password(form['password']) User.update(u.id, password=new_password) return render_template('login.html')
def reset_post(token): u_id = json.loads(cache.get(token)) password = request.form['password'] if u_id is not None and len(password) > 2: u = User.one(id=u_id) u.password = u.salted_password(password) User.update(u_id, password=u.password) flash('重置密码成功!') return redirect(url_for('index.index')) else: flash('密码格式错误!') return redirect(url_for('.reset', token=token))
def replied_topic(user_id): k = 'replied_topic_{}'.format(user_id) if cache.exists(k): v = cache.get(k) ts = json.loads(v) return ts else: rs = Reply.all(user_id=user_id) ts = [] for r in rs: t = Topic.one(id=r.topic_id) ts.append(t) v = json.dumps([t.json() for t in ts]) cache.set(k, v) return ts
def reset(): token = request.args.get('token', None) try: u_id = json.loads(cache.get(token)) except: return abort(Response('无效的token验证码!')) if u_id is not None: u = User.one(id=u_id) # 删除使用后的token cache.delete(token) # 生成新的token token = new_csrf_token(u) # 帮用户进行登陆 session_id = session_user(u.id) res = current_app.make_response(render_template('forget/reset.html', token=token)) res.set_cookie('cache_session', session_id) return res else: return abort(Response('无效的token验证码!'))
def replied_topic(user_id): # 避免ORM的n+1问题 k = 'replied_topic_{}'.format(user_id) if cache.exists(k): v = cache.get(k) ts = json.loads(v, object_hook=topichook) return ts else: # 调用SQLAlchemy join拼接table;filter查询;order_by排序;desc()倒序 # 解决ORM的n+1问题 ts = Topic.query.join(Reply, Reply.topic_id == Topic.id)\ .filter(Reply.user_id == user_id)\ .order_by(Reply.created_time.desc())\ .all() # rs = Reply.all(user_id=user_id) # ts = [] # for r in rs: # t = Topic.one(id=r.topic_id) # ts.append(t) # ts = sorted(ts, key=lambda x: x.updated_time, reverse=True) v = json.dumps([t.json() for t in ts]) cache.set(k, v) return ts