Ejemplo n.º 1
0
def login(request):
    form, error = JsonParser(Argument('username', help='请输入用户名'),
                             Argument('password', help='请输入密码'),
                             Argument('type')).parse(request.body)
    if error is None:
        x_real_ip = request.headers.get('x-real-ip', '')
        user = User.objects.filter(username=form.username,
                                   type=form.type).first()
        if user and not user.is_active:
            return json_response(error="账户已被系统禁用")
        if form.type == 'ldap':
            ldap = LDAP()
            is_success, message = ldap.valid_user(form.username, form.password)
            if is_success:
                if not user:
                    user = User.objects.create(username=form.username,
                                               nickname=form.username,
                                               type=form.type)
                return handle_user_info(user, x_real_ip)
            elif message:
                return json_response(error=message)
        else:
            if user and user.deleted_by is None:
                if user.verify_password(form.password):
                    return handle_user_info(user, x_real_ip)

        value = cache.get_or_set(form.username, 0, 86400)
        if value >= 3:
            if user and user.is_active:
                user.is_active = False
                user.save()
            return json_response(error='账户已被系统禁用')
        cache.set(form.username, value + 1, 86400)
        return json_response(error="用户名或密码错误,连续多次错误账户将会被禁用")
Ejemplo n.º 2
0
def login(request):
    form, error = JsonParser(Argument('username', help='请输入用户名'),
                             Argument('password', help='请输入密码'),
                             Argument('type')).parse(request.body)
    if error is None:
        user = User.objects.filter(username=form.username)
        if form.type == 'ldap':
            u = LDAP()
            valid = u.valid_user(form.username, form.password)
            if valid['status']:
                user = user.filter(type='LDAP').first()
                if user:
                    if not user.is_active:
                        return json_response(error="账户已被系统禁用")
                    if not user.role_id:
                        return json_response(error="LDAP用户角色未分配")

                    x_real_ip = request.headers.get('x-real-ip', '')
                    ret = handle_user_info(user, form.username, x_real_ip)
                    return json_response(ret)

                x_real_ip = request.headers.get('x-real-ip', '')
                form.access_token = uuid.uuid4().hex
                form.nickname = form.username
                form.token_expired = time.time() + 8 * 60 * 60
                form.last_login = human_datetime()
                form.last_ip = x_real_ip
                form.type = 'LDAP'
                form.pop('password')
                User.objects.create(**form)
                return json_response({
                    'access_token': form.access_token,
                    'nickname': form.username,
                    'is_supper': False,
                    'has_real_ip': True if x_real_ip else False,
                    'permissions': []
                })
            return json_response(error=valid['info'])
        else:
            user = user.filter(type='系统用户').first()
            if user and user.deleted_by is None:
                if not user.is_active:
                    return json_response(error="账户已被系统禁用")
                if user.verify_password(form.password):
                    cache.delete(form.username)
                    x_real_ip = request.headers.get('x-real-ip', '')
                    ret = handle_user_info(user, form.username, x_real_ip)
                    return json_response(ret)

            value = cache.get_or_set(form.username, 0, 86400)
            if value >= 3:
                if user and user.is_active:
                    user.is_active = False
                    user.save()
                return json_response(error='账户已被系统禁用')
            cache.set(form.username, value + 1, 86400)
            return json_response(error="用户名或密码错误,连续多次错误账户将会被禁用")
    return json_response(error=error)
Ejemplo n.º 3
0
def login(request):
    form, error = JsonParser(Argument('username', help='请输入用户名'),
                             Argument('password', help='请输入密码'),
                             Argument('captcha', required=False),
                             Argument('type',
                                      required=False)).parse(request.body)
    if error is None:
        user = User.objects.filter(username=form.username,
                                   type=form.type).first()
        if user and not user.is_active:
            return json_response(error="账户已被系统禁用")
        if form.type == 'ldap':
            config = AppSetting.get_default('ldap_service')
            if not config:
                return json_response(error='请在系统设置中配置LDAP后再尝试通过该方式登录')
            ldap = LDAP(**config)
            is_success, message = ldap.valid_user(form.username, form.password)
            if is_success:
                if not user:
                    user = User.objects.create(username=form.username,
                                               nickname=form.username,
                                               type=form.type)
                return handle_user_info(request, user, form.captcha)
            elif message:
                return json_response(error=message)
        else:
            if user and user.deleted_by is None:
                if user.verify_password(form.password):
                    return handle_user_info(request, user, form.captcha)

        value = cache.get_or_set(form.username, 0, 86400)
        if value >= 3:
            if user and user.is_active:
                user.is_active = False
                user.save()
            return json_response(error='账户已被系统禁用')
        cache.set(form.username, value + 1, 86400)
        return json_response(error="用户名或密码错误,连续多次错误账户将会被禁用")
    return json_response(error=error)