Ejemplo n.º 1
0
def login():
    form = MyForm.MyForm_login()
    form.name.label = '用户名:'
    form.password.label = '密码:'
    user = request.cookies.get('user')
    if user:
        Incr = Redis.incr('%s_Incr' % user)
    else:
        Incr = 0
    if form.submit.data:
        if form.name.data and form.password.data:
            user = form.name.data
            pw = form.password.data
            Key_Incr = '%s_Incr' % user
            Key_Lock = '%s_lock' % user
            try:
                if Incr >= 30:
                    raise flash('该帐号异常登陆,已被锁定3分钟!')
                if Incr >= 5:
                    if form.code.data:
                        if str(form.code.data) != str(session['verify_code']):
                            raise flash('输入验证码错误!')
                    else:
                        raise flash('请输入验证码,看不清点击验证码刷新!')
                va_p = db_op.idc_users.query.filter(
                    and_(db_op.idc_users.name == user,
                         db_op.idc_users.passwd == Md5.Md5_make(pw))).first()
                produce.Async_log(user, request.url)
                if va_p:
                    URL = url_for('index.index')
                    if pw == app.config.get('INIT_OP_PASSWORD'):
                        URL = url_for('pw.pw')
                        flash('请修改初始密码!')
                    timestamp = None
                    if form.remember_me.data:
                        timestamp = check.timestamp(7)
                    ID = produce.Produce(length=24, chars=string.hexdigits)
                    app_resp = make_response(redirect(URL))
                    app_resp.set_cookie('user', user, expires=timestamp)
                    app_resp.set_cookie('ID', ID, expires=timestamp)
                    Redis.set('OP_ID_%s' % user, ID)
                    Redis.delete(Key_Lock)
                    Redis.delete(Key_Incr)
                    return app_resp
                else:
                    Redis.incr(Key_Incr)
                    if Incr >= 30:
                        Redis.set(Key_Lock, 'True')
                        Redis.expire(Key_Incr, 60)
                        Redis.expire(Key_Lock, 180)
                    flash('用户名或者密码错误!')
                    URL = url_for('login.login')
                    app_resp = make_response(redirect(URL))
                    app_resp.set_cookie('user', user)
                    return app_resp
            except Exception as e:
                if 'old' not in str(e):
                    flash(str(e))
    return render_template('login.html', form=form, verify_incr=Incr)
Ejemplo n.º 2
0
def login():
    form = MyForm.MyForm_login()
    form.name.label = '用户名:'
    form.password.label = '密码:'
    ym = time.strftime('%Y', time.localtime())
    if form.submit.data:
        if form.name.data and form.password.data:
            user = form.name.data
            pw = form.password.data
            try:
                Key_Incr = '%s_Incr' % user
                Key_Lock = 'Lock_login_%s' % user
                if Redis.exists(Key_Incr):
                    Incr = int(Redis.get(Key_Incr))
                else:
                    Incr = 1
                if Redis.exists(Key_Lock):
                    raise flash('该帐号异常登陆,已被锁定1分钟!')
                va_p = db_op.idc_users.query.filter(
                    and_(db_op.idc_users.name == user,
                         db_op.idc_users.passwd == Md5.Md5_make(pw))).first()
                produce.Async_log(user, request.url)
                if va_p:
                    URL = url_for('index.index')
                    if pw == app.config.get('INIT_OP_PASSWORD'):
                        URL = url_for('pw.pw')
                        flash('请修改初始密码!')
                    timestamp = None
                    if form.remember_me.data:
                        timestamp = check.timestamp(7)
                    ID = produce.Produce(length=24, chars=string.hexdigits)
                    app_resp = make_response(redirect(URL))
                    app_resp.set_cookie('user', user, expires=timestamp)
                    app_resp.set_cookie('ID', ID, expires=timestamp)
                    Redis.set('OP_ID_%s' % user, ID)
                    return app_resp
                else:
                    Redis.set(Key_Incr, Incr + 1)
                    if Incr >= 11:
                        Redis.incr(Key_Lock, 'True')
                        Redis.expire(Key_Lock, 60)
                    flash('用户名或者密码错误,还有%s次机会重试!' % (10 - int(Incr)))
                    URL = url_for('login.login')
                    app_resp = make_response(redirect(URL))
                    app_resp.set_cookie('user', user)
                    return app_resp
            except Exception as e:
                if 'old' not in str(e):
                    flash(str(e))
    return render_template('login.html', form=form, ym=ym)
Ejemplo n.º 3
0
def logout():
    timestamp = check.timestamp(0)
    app_resp = make_response(redirect('/login'))
    for key in request.cookies:
        app_resp.set_cookie(key, expires=timestamp)
    return app_resp
Ejemplo n.º 4
0
def logout():
    timestamp = check.timestamp(0)
    app_resp = make_response(redirect('/'))
    app_resp.set_cookie('user', expires=timestamp)
    app_resp.set_cookie('ID', expires=timestamp)
    return app_resp
Ejemplo n.º 5
0
def login():
    try:
        try:
            token = tools.Produce(length=24, chars=string.hexdigits)
        except Exception as e:
            logging.error(e)
        ym = time.strftime('%Y', time.localtime())
        session['Menu'] = {}
        #钉钉验证授权
        if tools.http_args(request, 'code') and tools.http_args(
                request, 'state') == 'STATE':
            db_auth = db_op.user_auth
            code = tools.http_args(request, 'code')
            #获取token
            try:
                url = "https://oapi.dingtalk.com/sns/gettoken?appid=dingoadq3qon8zb34vzdff&appsecret=Tu6IlXjTn1m4vqrOA580xLOt2VbOK26bVu3sBOtvp0MnqIp2zpcwkL3qVpqAT7rG"
                if ENV == 'dev':
                    url = "https://oapi.dingtalk.com/sns/gettoken?appid=dingoa7wymhx6dbeffjels&appsecret=I-v3OXL1hFKYZlJ3b6pqABmoNGYREXePpdzQ5JaSK8DqJdQyn_1J3wEUYBTpdiE_"
                r = requests.get(url)
                access_token = r.json()['access_token']
                r = requests.post(
                    "https://oapi.dingtalk.com/sns/get_persistent_code?access_token=%s"
                    % access_token,
                    data=json.dumps({"tmp_auth_code": code}))
                openid = r.json()['openid']
                persistent_code = r.json()['persistent_code']
                r = requests.post(
                    "https://oapi.dingtalk.com/sns/get_sns_token?access_token=%s"
                    % access_token,
                    data=json.dumps({
                        "openid": openid,
                        "persistent_code": persistent_code
                    }))
                sns_token = r.json()['sns_token']
                #获取用户信息
                r = requests.get(
                    'https://oapi.dingtalk.com/sns/getuserinfo?sns_token=%s' %
                    sns_token)
                user_info = r.json()['user_info']
                nick = user_info['nick']
                dingId = user_info['dingId']
            except Exception as e:
                logging.error(e)
            #授权用户登陆
            if nick and dingId:
                try:
                    val = db_auth.query.filter(
                        and_(db_auth.dingId == dingId,
                             db_auth.openid == openid)).all()
                    if val:
                        db_auth.query.filter(
                            and_(db_auth.dingId == dingId,
                                 db_auth.openid == openid)).update({
                                     db_auth.token:
                                     token,
                                     db_auth.update_time:
                                     time.strftime('%Y-%m-%d %H:%M:%S',
                                                   time.localtime())
                                 })
                        db_op.DB.session.commit()
                        URL = url_for('main')
                        timestamp = check.timestamp(7)
                    else:
                        #跳转至权限申请页
                        URL = url_for('approval.apply')
                        timestamp = check.timestamp(1)
                except Exception as e:
                    logging.error(e)
                app_resp = make_response(redirect(URL))
                try:
                    app_resp.set_cookie('user',
                                        Md5.Md5_make(nick),
                                        expires=timestamp,
                                        path='/')
                    app_resp.set_cookie('openid',
                                        Md5.Md5_make(openid),
                                        expires=timestamp,
                                        path='/')
                    app_resp.set_cookie('dingId',
                                        Md5.Md5_make(dingId),
                                        expires=timestamp,
                                        path='/')
                    app_resp.set_cookie('token',
                                        Md5.Md5_make(token),
                                        expires=timestamp,
                                        path='/')
                except Exception as e:
                    logging.error(e)
                else:
                    Redis.set('OP_verify_%s' % dingId, token)
                    Redis.set('OP_token_%s' % Md5.Md5_make(token), token)
                    Redis.set('OP_dingId_%s' % Md5.Md5_make(dingId), dingId)
                    Redis.set('OP_user_%s' % Md5.Md5_make(nick), nick)
                    Redis.set('OP_openid_%s' % Md5.Md5_make(openid), openid)
                return app_resp
    except Exception as e:
        flash('登录失败!')
        logging.error(e)
    finally:
        db_op.DB.session.remove()
    return render_template('login.html', ym=ym, ENV=ENV)
Ejemplo n.º 6
0
#-*- coding: utf-8 -*-
from flask import Blueprint,redirect,url_for,render_template,flash,make_response,g,request
from sqlalchemy import and_
from Modules import db_op,produce, MyForm, Md5,check
page_pw = Blueprint('pw',__name__)
timestamp = check.timestamp(7)
@page_pw.route('/pw',methods = ['GET', 'POST'])
def pw():
    form = MyForm.MyForm_pw()
    if form.submit.data:
        pw = Md5.Md5_make(form.password.data)
        pw1 = form.new_password1.data
        pw2 = form.new_password2.data
        try:
            db = db_op.idc_users
            va = db.query.filter(and_(db.name == g.user, db.passwd == pw)).first()
            if pw1 == pw2:
                if va:
                    va.passwd = Md5.Md5_make(pw1)
                    db_op.DB.session.commit()
                    db_op.DB.session.close()
                    flash('密码修改成功,请重新登录!')
                    app_resp = make_response( redirect(url_for('index.index')))
                    return app_resp
                else:
                    flash('旧密码错误!')
            else:
                flash('新密码不一致!')
        except Exception as e:
            flash(e)
    return render_template('password.html',form=form)
Ejemplo n.º 7
0
def logout():
    timestamp = check.timestamp(0)
    app_resp = make_response(redirect('/'))
    app_resp.set_cookie('user', expires=timestamp)
    app_resp.set_cookie('ID', expires=timestamp)
    return app_resp