def process_request(self, request): fullPath = request.get_full_path() print("fullPath===============>", fullPath) # token=request.META.get("HTTP_TOKEN") # print("token=============>",token) # request.session['token']=token if request.method == 'GET': filterList = [ "/index", "/favicon.ico", "/login", "/register", '.js', ".css", ".jpg", ".jpeg", ".png", ".gif", ".mp4", 'mp3', ".ttf", ".wotf", ".woff", ".woff2", ".otf", ".eot", ".svg", ".csv", ".xls", ".xlsx", ".doc", ".docx", ".ppt", ".pptx", ".html", ".htm", "detail", "/forum/flist", "/forum/list", "/admin", "/xadmin", "/file/download", "/{}/remind/".format(schemaName), "/{}/option/".format(schemaName), "/autoSort" ] allModels = apps.get_app_config('main').get_models() for m in allModels: try: foreEndList = m.__foreEndList__ except: foreEndList = None if foreEndList != "前要登": filterList.append("/{}/list".format(m.__tablename__)) auth = True if fullPath == '/': pass else: for i in filterList: if i in fullPath: auth = False if auth == True: result = Auth.identify(Auth, request) if result.get('code') != normal_code: print('jwt auth success') return JsonResponse(result) elif request.method == 'POST': post_list = [ '/{}/defaultuser/register'.format(schemaName), '/{}/defaultuser/login'.format(schemaName), '/{}/users/register'.format(schemaName), '/{}/users/login'.format(schemaName), "/{}/examusers/login".format(schemaName), "/{}/examusers/register".format(schemaName), ] # 免认证list if fullPath not in post_list and "register" not in fullPath and "login" not in fullPath: # 注册时不检测token。 result = Auth.identify(Auth, request) if result.get('code') != normal_code: print('jwt auth fail') return JsonResponse(result)
def run(self): print('Adding sample data to: Club') self.additem(Club,Club(id = 8001, name_short = "InfoSec", name_long = "Information Security Club")) self.additem(Club,Club(id = 8002, name_short = "ACM", name_long = "Association For Computing Machinery")) self.additem(Club,Club(id = 8003, name_short = "IEEE", name_long = "Institute of Electrical and Electronics Engineers")) print('Adding sample data to: Member (all with a password of \'password\')') self.additem(Member,Member(id = 4457101, pw_hash = Auth.hash_password('password'), name_first = "Officer", name_last = "InfoSec", email = "*****@*****.**", acad_standing="Undergraduate")) self.additem(Membership,Membership(id=101, member=4457101, club=8001, priv_level = Auth.officer, signup_date=datetime.date.today(), paid_date=datetime.date.today(), paid_amount=15, paid_until_date=datetime.date(2015,9,10))) self.additem(Membership,Membership(id=1029, member=4457101, club=8002, priv_level = Auth.member, signup_date=datetime.date.today(), paid_date=datetime.date.today(), paid_amount=15, paid_until_date=datetime.date(2015,9,30))) self.additem(Member,Member(id = 4457102, pw_hash = Auth.hash_password('password'), name_first = "Admin", name_last = "InfoSec", email = "*****@*****.**", acad_standing="Undergraduate")) self.additem(Membership,Membership(id=102, member=4457102, club=8001, priv_level = Auth.admin, signup_date=datetime.date.today(), paid_date=datetime.date.today(), paid_amount=30)) self.additem(Member,Member(id = 4457103, pw_hash = Auth.hash_password('password'), name_first = "Member", name_last = "InfoSec", email = "*****@*****.**", acad_standing="Undergraduate")) self.additem(Membership,Membership(id=103, member=4457103, club=8001, priv_level = Auth.member, signup_date=datetime.date.today())) self.additem(Member,Member(id = 4457104, pw_hash = Auth.hash_password('password'), name_first = "Alumni", name_last = "InfoSec", email = "*****@*****.**", acad_standing="Undergraduate")) self.additem(Membership,Membership(id=104, member=4457104, club=8001, priv_level = Auth.alumni, signup_date=datetime.date.today())) self.additem(Member,Member(id = 4457105, pw_hash = Auth.hash_password('password'), name_first = "Associate", name_last = "InfoSec", email = "*****@*****.**", acad_standing="Undergraduate")) self.additem(Membership,Membership(id=105, member=4457105, club=8001, priv_level = Auth.associate, signup_date=datetime.date.today())) self.additem(Member,Member(id = 4457201, pw_hash = Auth.hash_password('password'), name_first = "Officer", name_last = "CompSci", email = "*****@*****.**", acad_standing="Undergraduate")) self.additem(Membership,Membership(id=201, member=4457201, club=8002, priv_level = Auth.officer, signup_date=datetime.date.today())) self.additem(Member,Member(id = 4457202, pw_hash = Auth.hash_password('password'), name_first = "Admin", name_last = "CompSci", email = "*****@*****.**", acad_standing="Undergraduate")) self.additem(Membership,Membership(id=202, member=4457202, club=8002, priv_level = Auth.admin, signup_date=datetime.date.today())) self.additem(Member,Member(id = 4457203, pw_hash = Auth.hash_password('password'), name_first = "Member", name_last = "CompSci", email = "*****@*****.**", acad_standing="Undergraduate")) self.additem(Membership,Membership(id=203, member=4457203, club=8002, priv_level = Auth.member, signup_date=datetime.date.today())) self.additem(Member,Member(id = 4457204, pw_hash = Auth.hash_password('password'), name_first = "Alumni", name_last = "CompSci", email = "*****@*****.**", acad_standing="Undergraduate")) self.additem(Membership,Membership(id=204, member=4457204, club=8002, priv_level = Auth.alumni, signup_date=datetime.date.today())) self.additem(Member,Member(id = 4457205, pw_hash = Auth.hash_password('password'), name_first = "Associate", name_last = "CompSci", email = "*****@*****.**", acad_standing="Undergraduate")) self.additem(Membership,Membership(id=205, member=4457205, club=8002, priv_level = Auth.associate, signup_date=datetime.date.today())) '''print('Adding sample data to: Event, RSVP') self.additem(Event,Event(id=201, timestamp_start=datetime.datetime(2015,5,16,9,0), timestamp_end=datetime.datetime(2015,5,16,17,0), location='CO-125', title='ICCS Conference', description_short='International Conference on Cyber Security (ICCS) - $50 for students (includes food). This student offer is not valid for Day #2 of the event (May 17th).')) self.additem(RSVP,RSVP(id=301, member=101, event=201, reply=1, comment='See ya there!')) self.additem(RSVP,RSVP(id=302, member=102, event=201, reply=1)) self.additem(Event,Event(id=202, timestamp_start=datetime.datetime(2015,5,16,9,30), timestamp_end=datetime.datetime(2015,5,16,16,30), location='Cal Poly Pomona', title='SWIFT TechSymposium', description_short='SWIFT TechSymposium - A System- Administration Conference for Students and inquisitive minds. Free for students. Includes Python, security, and networking workshops.')) self.additem(Event,Event(id=203, hosting_club=8001, timestamp_start=datetime.datetime(2015,5,27,11,0), timestamp_end=datetime.datetime(2015,5,27,12,30), location='JB-122', title='Guest Speakers: YP.com security folk', description_short='Security folk from YP.com - looking to hire Security/IT students')) self.additem(RSVP,RSVP(id=303, member=103, event=203, reply=1)) self.additem(RSVP,RSVP(id=304, member=104, event=203, reply=0)) self.additem(RSVP,RSVP(id=305, member=105, event=203, reply=0)) self.additem(RSVP,RSVP(id=306, member=202, event=203, reply=1)) self.additem(RSVP,RSVP(id=307, member=203, event=203, reply=2, comment='Depends on my school schedule.')) self.additem(Event,Event(id=204, hosting_club=8002, timestamp_start=datetime.datetime(2015,5,29,11,0), timestamp_end=datetime.datetime(2015,5,29,13,0), location='JB-358/359', title='Workshop: Test-driven Development', description_short='Workshop: Test-driven Development')) self.additem(Event,Event(id=205, hosting_club=8002, timestamp_start=datetime.datetime(2015,5,29,13,0), timestamp_end=datetime.datetime(2015,5,29,15,0), location='JB-358/359', title='Workshop: Debugging', description_short='Workshop: Debugging')) self.additem(Event,Event(id=206, hosting_club=8001, timestamp_start=datetime.datetime(2015,6,10,11,0), timestamp_end=datetime.datetime(2015,6,10,12,30), location='JB-122', title='Regular InfoSec Meeting', description_short='Security folk from ESRI')) ''' '''print('Adding sample data to: Content') self.additem(Content,Content(id=901, required_priv_level=Auth.permission_general, content_type='page', navpath='', title='Home page', data_blob='Home page content here')) self.additem(Content,Content(id=902, required_priv_level=Auth.permission_general, content_type='page', navpath='', title='Events page', data_blob='Event calendar here')) self.additem(Content,Content(id=903, required_priv_level=Auth.permission_general, content_type='page', navpath='Projects', title='WRCCDC', data_blob='# Western Regional Collegiate Cyber Defense Competition\n\n## About\n\nHosted by CalPoly Pomona.\n\n## How we practice for it\n\nIn a super cool lab.')) self.additem(Content,Content(id=904, required_priv_level=Auth.permission_general, content_type='page', navpath='Projects', title='WRCCDC', data_blob='# Western Regional Collegiate Cyber Defense Competition\n\n## About\n\nHosted by CalPoly Pomona.\n\n## How we practice for it\n\nIn a super cool lab.')) ''' db.session.commit()
def login(): form = LoginForm() if form.validate_on_submit(): if Auth.check(form.username.data, form.password.data): Auth.login(form.username.data, form.password.data) else: flash('Invalid credentials.') if 'user' in session and session['user'].priv_level >= Auth.member: return redirect('/members') if 'user' in session and session['user'].priv_level <= Auth.admin: return redirect('/admin') return render_template('login.tmpl', form=form, hideback=True)
def login(): form = LoginForm() if form.validate_on_submit(): if Auth.check(form.username.data, form.password.data): Auth.login(form.username.data, form.password.data) else: flash('Invalid credentials.') if 'user' in session and session['user'].priv_level >= Auth.member: return redirect('/members') if 'user' in session and session['user'].priv_level <= Auth.admin: return redirect('/admin') return render_template('login.html', form=form, hideback=True)
def discussshangpinxinxi_login(request): if request.method in ["POST", "GET"]: msg = {'code': normal_code, "msg": mes.normal_code} req_dict = request.session.get("req_dict") datas = discussshangpinxinxi.getbyparams(discussshangpinxinxi, discussshangpinxinxi, req_dict) if not datas: msg['code'] = password_error_code msg['msg'] = mes.password_error_code return JsonResponse(msg) try: __sfsh__ = discussshangpinxinxi.__sfsh__ except: __sfsh__ = None if __sfsh__ == '是': if datas[0].get('sfsh') == '否': msg['code'] = other_code msg['msg'] = "账号已锁定,请联系管理员审核!" return JsonResponse(msg) req_dict['id'] = datas[0].get('id') return Auth.authenticate(Auth, discussshangpinxinxi, req_dict)
def wrapper(self, *args, **kwargs): from flask import request from util.auth import Auth # 请求头是否包含"jwt" if "jwt" in request.headers: is_vaild, info = Auth.decode_auth_token(request.headers['jwt']) if is_vaild: fn = origin_func(self, *args, **kwargs) return fn else: return falseReturn(info) else: return VaildReturn("")
def users_login(request): if request.method in ["POST", "GET"]: msg = {'code': normal_code, "msg": mes.normal_code} req_dict = request.session.get("req_dict") if req_dict.get('role') != None: del req_dict['role'] datas = users.getbyparams(users, users, req_dict) if not datas: msg['code'] = password_error_code msg['msg'] = mes.password_error_code return JsonResponse(msg) req_dict['id'] = datas[0].get('id') return Auth.authenticate(Auth, users, req_dict)
db.session.add(item) print(' ' + table.__tablename__ + ' id ' + str(item.id) + ' added') else: print(' ' + table.__tablename__ + ' id ' + str(item.id) + ' already exists') if __name__ == '__main__': print('Adding sample clubs...') additem(Club,Club(id = 8001, shortname = "InfoSec", longname = "Information Security Club")) additem(Club,Club(id = 8002, shortname = "ACM", longname = "Association For Computing Machinery")) additem(Club,Club(id = 8003, shortname = "IEEE", longname = "Institute of Electrical and Electronics Engineers")) print('Adding sample members, all with a password of \'password\'...') additem(Member,Member(id=5001, student_id = "000000001", pw_hash = Auth.hash_password('password'), primary_club = 8002, priv_level = Auth.admin, name_first = "Mike", name_middle = "", name_last = "Korcha", email1 = "*****@*****.**", email2="*****@*****.**", acad_standing = "Graduate", gender="Male", shirt_size="M", signup_date = datetime.utcfromtimestamp(0))) additem(Member,Member(id=5002, student_id = "000000002", pw_hash = Auth.hash_password('password'), primary_club = 8001, priv_level = Auth.member, name_first = "Kenneth", name_middle = "", name_last = "Johnson", email1 = "*****@*****.**", acad_standing="Undergraduate", signup_date = datetime.utcfromtimestamp(0))) print('Adding sample content blocks...')
def additem(table, item): if table.query.filter_by(id=item.id).first() is None: db.session.add(item) print(' ' + table.__tablename__ + ' id ' + str(item.id) + ' added') else: print(' ' + table.__tablename__ + ' id ' + str(item.id) + ' already exists') if __name__ == '__main__': print('Adding sample data to: Club') additem(Club,Club(id = 8001, name_short = "InfoSec", name_long = "Information Security Club")) additem(Club,Club(id = 8002, name_short = "ACM", name_long = "Association For Computing Machinery")) additem(Club,Club(id = 8003, name_short = "IEEE", name_long = "Institute of Electrical and Electronics Engineers")) print('Adding sample data to: Member (all with a password of \'password\')') additem(Member,Member(id=101, student_id = "900000101", pw_hash = Auth.hash_password('password'), priv_level = Auth.officer, name_first = "Officer", name_middle = "", name_last = "InfoSec", email = "*****@*****.**", acad_standing="Undergraduate")) additem(Membership,Membership(id=101, member=101, club=8001, signup_date=datetime.utcfromtimestamp(0), paid_date=datetime.utcfromtimestamp(0), paid_amount=30, paid_until_date=datetime(2015,6,20))) additem(Member,Member(id=102, student_id = "900000102", pw_hash = Auth.hash_password('password'), priv_level = Auth.admin, name_first = "Admin", name_middle = "", name_last = "InfoSec", email = "*****@*****.**", acad_standing="Undergraduate")) additem(Membership,Membership(id=102, member=102, club=8001, signup_date=datetime.utcfromtimestamp(0), paid_date=datetime.utcfromtimestamp(0), paid_amount=30, paid_until_date=datetime(2015,6,20))) additem(Member,Member(id=103, student_id = "900000103", pw_hash = Auth.hash_password('password'), priv_level = Auth.member, name_first = "Member", name_middle = "", name_last = "InfoSec", email = "*****@*****.**", acad_standing="Undergraduate")) additem(Membership,Membership(id=103, member=103, club=8001, signup_date=datetime.utcfromtimestamp(0))) additem(Member,Member(id=104, student_id = "900000104", pw_hash = Auth.hash_password('password'), priv_level = Auth.alumni, name_first = "Alumni", name_middle = "", name_last = "InfoSec", email = "*****@*****.**", acad_standing="Undergraduate")) additem(Membership,Membership(id=104, member=104, club=8001, signup_date=datetime.utcfromtimestamp(0))) additem(Member,Member(id=105, student_id = "900000105", pw_hash = Auth.hash_password('password'), priv_level = Auth.associate, name_first = "Associate", name_middle = "", name_last = "InfoSec", email = "*****@*****.**", acad_standing="Undergraduate")) additem(Membership,Membership(id=105, member=105, club=8001, signup_date=datetime.utcfromtimestamp(0))) additem(Member,Member(id=201, student_id = "900000201", pw_hash = Auth.hash_password('password'), priv_level = Auth.officer, name_first = "Officer", name_middle = "", name_last = "CompSci", email = "*****@*****.**", acad_standing="Undergraduate")) additem(Membership,Membership(id=201, member=201, club=8002, signup_date=datetime.utcfromtimestamp(0))) additem(Member,Member(id=202, student_id = "900000202", pw_hash = Auth.hash_password('password'), priv_level = Auth.admin, name_first = "Admin", name_middle = "", name_last = "CompSci", email = "*****@*****.**", acad_standing="Undergraduate")) additem(Membership,Membership(id=202, member=202, club=8002, signup_date=datetime.utcfromtimestamp(0))) additem(Member,Member(id=203, student_id = "900000203", pw_hash = Auth.hash_password('password'), priv_level = Auth.member, name_first = "Member", name_middle = "", name_last = "CompSci", email = "*****@*****.**", acad_standing="Undergraduate")) additem(Membership,Membership(id=203, member=203, club=8002, signup_date=datetime.utcfromtimestamp(0)))
def logout(): Auth.logout() flash('You have been logged out.') return redirect('/login')
Club, Club(id=8002, shortname="ACM", longname="Association For Computing Machinery")) additem( Club, Club(id=8003, shortname="IEEE", longname="Institute of Electrical and Electronics Engineers")) print('Adding sample members, all with a password of \'password\'...') additem( Member, Member(id=5001, student_id="000000001", pw_hash=Auth.hash_password('password'), primary_club=8002, priv_level=Auth.admin, name_first="Mike", name_middle="", name_last="Korcha", email1="*****@*****.**", email2="*****@*****.**", acad_standing="Graduate", gender="Male", shirt_size="M", signup_date=datetime.utcfromtimestamp(0))) additem( Member, Member(id=5002, student_id="000000002",