def password_account_sign_in(): mongo_client = mongo_client_builder.build_mongo_client() account = mongo_client.password_account.find_one( {'account_name': request.json['username']}) if not account: return jsonify({'msg': 'account not existed'}), 404 common_account = mongo_client.common_account.find_one( {'_id': account['refer_account_id']}) if time.time() <= common_account['lock_expired']: return jsonify({'msg': 'locked'}), 401 if account['hash_algo'] == 'md5': hashed_password = hashlib.md5(request.json['password'].encode( encoding='UTF-8')).hexdigest().upper() if hashed_password != account['password']: account_temporary_locked.account_temporary_attempt_times_inc( str(common_account['_id']), 24 * 60 * 60) return jsonify({'msg': 'password error'}), 400 else: return jsonify({'msg': 'unsupport hash algo'}), 500 attempt_times = account_temporary_locked.account_temporary_attempt_times( str(common_account['_id'])) if attempt_times >= int(os.getenv('ATTEMPT_SIGN_IN_TIMES')): return jsonify({'msg': 'account locked'}), 403 key = uuid.uuid5(uuid.NAMESPACE_OID, '{}-{}'.format(str(common_account['_id']), time.time())) session_stored.session_store(str(key), str(common_account['_id'])) return jsonify({'msg': 'success', 'session_key': key})
def wechat_oauth2_access(): req_uri = 'https://api.weixin.qq.com/sns/oauth2/access_token' req_uri += '?appid={}'.format(os.getenv('WECHAT_APP_ID')) req_uri += '&secret={}'.format(os.getenv('WECHAT_APP_SECRET')) req_uri += '&code={}'.format(request.json['code']) req_uri += '&grant_type=authorization_code' res = requests.get(req_uri) content = res.json() content['expire'] = time.time() + int(content['expires_in']) db = mongo_client_builder.build_mongo_client() wechat_account = db.wechat_account.find_one( {'wechat_openid': content['openid']}) db = mongo_client_builder.build_mongo_client() if not wechat_account: common_account_id = db.common_account.insert_one({ 'support': ['wechat'], 'roles': [], 'lock_expired': 0 }).inserted_id db.wechat_account.insert_one({ 'wechat_openid': content['openid'], 'wechat_token': content, 'refer_account_id': common_account_id }) db.user_profile.insert_one({'refer_account_id': common_account_id}) wechat_account = db.wechat_account.find_one( {'wechat_openid': content['openid']}) else: db.wechat_account.update({'wechat_openid': content['openid']}, {'$set': { 'wechat_token': content }}) key = uuid.uuid5( uuid.NAMESPACE_OID, '{}-{}'.format(str(wechat_account['refer_account_id']), time.time())) session_stored.session_store(str(key), str(wechat_account['refer_account_id'])) return jsonify({ 'msg': 'success', 'session_key': key, 'openid': content['openid'] }), 200
def common_user_profile(): common_account_id = session_stored.session_get(request.json['session_key']) db = mongo_client_builder.build_mongo_client() profile = db.user_profile.find_one( {'refer_account_id': ObjectId(common_account_id)}) content = {} for key in profile: content[key] = profile[key] return jsonify(profile)
def common_role_satisfy(): account_id = session_stored.session_get(request.json['session_key']) if not account_id: return jsonify({'msg': 'session not existed'}), 404 db = mongo_client_builder.build_mongo_client() account = db.common_account.find_one({'_id': ObjectId(account_id)}) if not account: return jsonify({'msg': 'account not existed'}), 404 account_roles = set() for role in account['roles']: account_roles.add(role) for role in request.json['roles']: if role not in account_roles: return jsonify({'msg': 'not satisfy'}), 400 return jsonify({'msg': 'success'})
def wechat_oauth2_verify(): common_account_id = session_stored.session_get('session_key') db = mongo_client_builder.build_mongo_client() wechat_account = db.wechat_account.find_one( {'refer_account_id': ObjectId(common_account_id)}) if not wechat_account: return jsonify({'msg': 'wechat account not existed'}), 404 if wechat_account['wechat_token']['expire'] <= time.time(): return jsonify({'msg': 'timeout'}), 400 req_uri = 'https://api.weixin.qq.com/sns/auth' req_uri += '?access_token={}'.format( wechat_account['wechat_token']['access_token']) req_uri += '&openid={}'.format(wechat_account['wechat_openid']) res = requests.get(req_uri) content = res.json() if content['errcode'] == 0: return jsonify({'msg': 'success'}), 200 else: return jsonify({'msg': 'verify failed'}), 400
def wechat_oauth2_fresh(): common_account_id = session_stored.session_get('session_key') db = mongo_client_builder.build_mongo_client() wechat_account = db.wechat_account.find_one( {'refer_account_id': ObjectId(common_account_id)}) if not wechat_account: return jsonify({'msg': 'wechat account not existed'}), 404 if wechat_account['wechat_token']['expire'] <= time.time(): return jsonify({'msg': 'timeout'}), 400 req_uri = 'https://api.weixin.qq.com/sns/oauth2/refresh_token' req_uri += '?appid={}'.format(os.getenv('WECHAT_APP_ID')) req_uri += '&grant_type=refresh_token' req_uri += '&refresh_token={}'.format( wechat_account['wechat_token']['refresh_token']) res = requests.get(req_uri) content = res.json() content['expire'] = time.time() + int(content['expires_in']) db.wechat_account.update({'refer_account_id': ObjectId(common_account_id)}, {'$set': { 'wechat_token': content }}) return jsonify({'msg': 'success'}), 200
def wechat_oauth2_userinfo(): common_account_id = session_stored.session_get('session_key') db = mongo_client_builder.build_mongo_client() wechat_account = db.wechat_account.find_one( {'refer_account_id': ObjectId(common_account_id)}) if not wechat_account: return jsonify({'msg': 'wechat account not existed'}), 404 if wechat_account['wechat_token']['expire'] <= time.time(): return jsonify({'msg': 'timeout'}), 400 req_uri = 'https://api.weixin.qq.com/sns/userinfo' req_uri += '?access_token={}'.format( wechat_account['wechat_token']['access_token']) req_uri += '&openid={}'.format(wechat_account['wechat_openid']) req_uri += '&lang=zh_CN' res = requests.get(req_uri) content = res.json() db.user_profile.update({'refer_account_id': ObjectId(common_account_id)}, {'$set': { 'wechat_userinfo': content }}) return jsonify(content), 200
def set_password_account_new_password(): mongo_client = mongo_client_builder.build_mongo_client() if not mongo_client.password_account.find_one( {'account_name': request.json['username']}): return jsonify({'msg': 'username existed'}), 400 hash_type = request.json['hash_algo'].lower() if hash_type == 'md5': hashed_password = hashlib.md5(request.json['password'].encode( encoding="UTF-8")).hexdigest().upper() else: return jsonify( {'msg': 'not support {} hash algorithm'.format(hash_type)}), 400 mongo_client.password_account.update( {'account_name': request.json['username']}, {'$set': { 'password': hashed_password, 'hash_algo': hash_type }}) return jsonify({'msg': 'success'})
def register_password_account(): mongo_client = mongo_client_builder.build_mongo_client() if mongo_client.password_account.find_one( {'account_name': request.json['username']}): return jsonify({'msg': 'username existed'}), 400 common_account_id = mongo_client.common_account.insert_one({ 'support': ['password'], 'roles': [], 'lock_expired': 0 }).inserted_id mongo_client.user_profile.insert_one( {'refer_account_id': common_account_id}) hash_type = request.json['hash_algo'].lower() if hash_type == 'md5': hashed_password = hashlib.md5(request.json['password'].encode( encoding='UTF-8')).hexdigest().upper() else: return jsonify( {'msg': 'not support {} hash algorithm'.format(hash_type)}), 400 password_account_id = mongo_client.password_account.insert_one({ 'account_name': request.json['username'], 'hash_algo': hash_type, 'password': hashed_password, 'refer_account_id': common_account_id }).inserted_id return jsonify({'msg': 'success'}), 201
def password_account_role_add(): db = mongo_client_builder.build_mongo_client() password_account = db.password_account.find_one( {'account_name': request.json['username']}) if not password_account: return jsonify({'msg': 'account not exist'}), 404 common_account = db.common_account.find_one( {"_id": password_account['refer_account_id']}) if not common_account: return jsonify({'msg': 'common account not exist'}), 404 roles = set() for role in common_account['roles']: roles.add(role) for role in request.json['roles']: roles.add(role) roles_list = [] for role in roles: roles_list.append(role) db.common_account.update({'_id': common_account['_id']}, {'roles': roles_list}) return jsonify({'msg': 'success'})