def password_account_sign_in():
mongo_client = mongo_client_builder.build_mongo_client()
account = mongo_client.password_account.find_one(
{'account_name': request.json['username']})
if not account:
return jsonify({'msg': 'account not existed'}), 404
common_account = mongo_client.common_account.find_one(
{'_id': account['refer_account_id']})
if time.time() <= common_account['lock_expired']:
return jsonify({'msg': 'locked'}), 401
if account['hash_algo'] == 'md5':
hashed_password = hashlib.md5(request.json['password'].encode(
encoding='UTF-8')).hexdigest().upper()
if hashed_password != account['password']:
account_temporary_locked.account_temporary_attempt_times_inc(
str(common_account['_id']), 24 * 60 * 60)
return jsonify({'msg': 'password error'}), 400
else:
return jsonify({'msg': 'unsupport hash algo'}), 500
attempt_times = account_temporary_locked.account_temporary_attempt_times(
str(common_account['_id']))
if attempt_times >= int(os.getenv('ATTEMPT_SIGN_IN_TIMES')):
return jsonify({'msg': 'account locked'}), 403
key = uuid.uuid5(uuid.NAMESPACE_OID,
'{}-{}'.format(str(common_account['_id']), time.time()))
session_stored.session_store(str(key), str(common_account['_id']))
return jsonify({'msg': 'success', 'session_key': key})
def wechat_oauth2_access():
req_uri = 'https://api.weixin.qq.com/sns/oauth2/access_token'
req_uri += '?appid={}'.format(os.getenv('WECHAT_APP_ID'))
req_uri += '&secret={}'.format(os.getenv('WECHAT_APP_SECRET'))
req_uri += '&code={}'.format(request.json['code'])
req_uri += '&grant_type=authorization_code'
res = requests.get(req_uri)
content = res.json()
content['expire'] = time.time() + int(content['expires_in'])
db = mongo_client_builder.build_mongo_client()
wechat_account = db.wechat_account.find_one(
{'wechat_openid': content['openid']})
db = mongo_client_builder.build_mongo_client()
if not wechat_account:
common_account_id = db.common_account.insert_one({
'support': ['wechat'],
'roles': [],
'lock_expired': 0
}).inserted_id
db.wechat_account.insert_one({
'wechat_openid': content['openid'],
'wechat_token': content,
'refer_account_id': common_account_id
})
db.user_profile.insert_one({'refer_account_id': common_account_id})
wechat_account = db.wechat_account.find_one(
{'wechat_openid': content['openid']})
else:
db.wechat_account.update({'wechat_openid': content['openid']},
{'$set': {
'wechat_token': content
}})
key = uuid.uuid5(
uuid.NAMESPACE_OID,
'{}-{}'.format(str(wechat_account['refer_account_id']), time.time()))
session_stored.session_store(str(key),
str(wechat_account['refer_account_id']))
return jsonify({
'msg': 'success',
'session_key': key,
'openid': content['openid']
}), 200
def common_user_profile():
common_account_id = session_stored.session_get(request.json['session_key'])
db = mongo_client_builder.build_mongo_client()
profile = db.user_profile.find_one(
{'refer_account_id': ObjectId(common_account_id)})
content = {}
for key in profile:
content[key] = profile[key]
return jsonify(profile)
def common_role_satisfy():
account_id = session_stored.session_get(request.json['session_key'])
if not account_id:
return jsonify({'msg': 'session not existed'}), 404
db = mongo_client_builder.build_mongo_client()
account = db.common_account.find_one({'_id': ObjectId(account_id)})
if not account:
return jsonify({'msg': 'account not existed'}), 404
account_roles = set()
for role in account['roles']:
account_roles.add(role)
for role in request.json['roles']:
if role not in account_roles:
return jsonify({'msg': 'not satisfy'}), 400
return jsonify({'msg': 'success'})
def wechat_oauth2_verify():
common_account_id = session_stored.session_get('session_key')
db = mongo_client_builder.build_mongo_client()
wechat_account = db.wechat_account.find_one(
{'refer_account_id': ObjectId(common_account_id)})
if not wechat_account:
return jsonify({'msg': 'wechat account not existed'}), 404
if wechat_account['wechat_token']['expire'] <= time.time():
return jsonify({'msg': 'timeout'}), 400
req_uri = 'https://api.weixin.qq.com/sns/auth'
req_uri += '?access_token={}'.format(
wechat_account['wechat_token']['access_token'])
req_uri += '&openid={}'.format(wechat_account['wechat_openid'])
res = requests.get(req_uri)
content = res.json()
if content['errcode'] == 0:
return jsonify({'msg': 'success'}), 200
else:
return jsonify({'msg': 'verify failed'}), 400
def wechat_oauth2_fresh():
common_account_id = session_stored.session_get('session_key')
db = mongo_client_builder.build_mongo_client()
wechat_account = db.wechat_account.find_one(
{'refer_account_id': ObjectId(common_account_id)})
if not wechat_account:
return jsonify({'msg': 'wechat account not existed'}), 404
if wechat_account['wechat_token']['expire'] <= time.time():
return jsonify({'msg': 'timeout'}), 400
req_uri = 'https://api.weixin.qq.com/sns/oauth2/refresh_token'
req_uri += '?appid={}'.format(os.getenv('WECHAT_APP_ID'))
req_uri += '&grant_type=refresh_token'
req_uri += '&refresh_token={}'.format(
wechat_account['wechat_token']['refresh_token'])
res = requests.get(req_uri)
content = res.json()
content['expire'] = time.time() + int(content['expires_in'])
db.wechat_account.update({'refer_account_id': ObjectId(common_account_id)},
{'$set': {
'wechat_token': content
}})
return jsonify({'msg': 'success'}), 200
def wechat_oauth2_userinfo():
common_account_id = session_stored.session_get('session_key')
db = mongo_client_builder.build_mongo_client()
wechat_account = db.wechat_account.find_one(
{'refer_account_id': ObjectId(common_account_id)})
if not wechat_account:
return jsonify({'msg': 'wechat account not existed'}), 404
if wechat_account['wechat_token']['expire'] <= time.time():
return jsonify({'msg': 'timeout'}), 400
req_uri = 'https://api.weixin.qq.com/sns/userinfo'
req_uri += '?access_token={}'.format(
wechat_account['wechat_token']['access_token'])
req_uri += '&openid={}'.format(wechat_account['wechat_openid'])
req_uri += '&lang=zh_CN'
res = requests.get(req_uri)
content = res.json()
db.user_profile.update({'refer_account_id': ObjectId(common_account_id)},
{'$set': {
'wechat_userinfo': content
}})
return jsonify(content), 200
def set_password_account_new_password():
mongo_client = mongo_client_builder.build_mongo_client()
if not mongo_client.password_account.find_one(
{'account_name': request.json['username']}):
return jsonify({'msg': 'username existed'}), 400
hash_type = request.json['hash_algo'].lower()
if hash_type == 'md5':
hashed_password = hashlib.md5(request.json['password'].encode(
encoding="UTF-8")).hexdigest().upper()
else:
return jsonify(
{'msg': 'not support {} hash algorithm'.format(hash_type)}), 400
mongo_client.password_account.update(
{'account_name': request.json['username']},
{'$set': {
'password': hashed_password,
'hash_algo': hash_type
}})
return jsonify({'msg': 'success'})
def register_password_account():
mongo_client = mongo_client_builder.build_mongo_client()
if mongo_client.password_account.find_one(
{'account_name': request.json['username']}):
return jsonify({'msg': 'username existed'}), 400
common_account_id = mongo_client.common_account.insert_one({
'support': ['password'],
'roles': [],
'lock_expired':
0
}).inserted_id
mongo_client.user_profile.insert_one(
{'refer_account_id': common_account_id})
hash_type = request.json['hash_algo'].lower()
if hash_type == 'md5':
hashed_password = hashlib.md5(request.json['password'].encode(
encoding='UTF-8')).hexdigest().upper()
else:
return jsonify(
{'msg': 'not support {} hash algorithm'.format(hash_type)}), 400
password_account_id = mongo_client.password_account.insert_one({
'account_name':
request.json['username'],
'hash_algo':
hash_type,
'password':
hashed_password,
'refer_account_id':
common_account_id
}).inserted_id
return jsonify({'msg': 'success'}), 201
def password_account_role_add():
db = mongo_client_builder.build_mongo_client()
password_account = db.password_account.find_one(
{'account_name': request.json['username']})
if not password_account:
return jsonify({'msg': 'account not exist'}), 404
common_account = db.common_account.find_one(
{"_id": password_account['refer_account_id']})
if not common_account:
return jsonify({'msg': 'common account not exist'}), 404
roles = set()
for role in common_account['roles']:
roles.add(role)
for role in request.json['roles']:
roles.add(role)
roles_list = []
for role in roles:
roles_list.append(role)
db.common_account.update({'_id': common_account['_id']},
{'roles': roles_list})
return jsonify({'msg': 'success'})
