def patch(self, *args, **kwargs):
data = json.loads(self.request.body.decode("utf-8"))
old_password = data.get('old_password', None)
new_password1 = data.get('new_password1', None)
new_password2 = data.get('new_password2', None)
username = self.get_current_user()
if not check_password(new_password1):
return self.write(dict(code=-5, msg='密码复杂度必须为: 超过8位,包含数字,大小写字母 等'))
if not old_password or not new_password1 or not new_password2 or not username:
return self.write(dict(code=-1, msg='不能有空值'))
if new_password1 != new_password2:
return self.write(dict(code=-2, msg='新密码输入不一致'))
with DBContext('r') as session:
user_info = session.query(Users).filter(
Users.username == username).first()
if user_info.password != gen_md5(old_password):
return self.write(dict(code=-3, msg='密码错误'))
with DBContext('w', None, True) as session:
session.query(Users).filter(Users.username == username).update(
{Users.password: gen_md5(new_password1)})
return self.write(dict(code=0, msg='修改成功'))
def post(self, *args, **kwargs):
data = json.loads(self.request.body.decode("utf-8"))
username = data.get('username', None)
nickname = data.get('nickname', None)
password = data.get('password', None)
department = data.get('department', None)
tel = data.get('tel', None)
wechat = data.get('wechat', None)
no = data.get('no', None)
email = data.get('email', None)
if not username or not nickname or not department or not tel or not wechat or not no or not email:
return self.write(dict(code=-1, msg='参数不能为空'))
with DBContext('r') as session:
user_info1 = session.query(Users).filter(
Users.username == username).first()
user_info2 = session.query(Users).filter(Users.tel == tel).first()
if user_info1:
return self.write(dict(code=-2, msg='用户名已注册'))
if user_info2:
return self.write(dict(code=-3, msg='手机号已注册'))
if not password:
password = '******'
else:
if not check_password(password):
return self.write(
dict(code=-5,
msg='你这密码复杂度是逗我玩吗?密码复杂度: 超过8位,英文加数字,大小写,没有特殊符号'))
password = gen_md5(password)
mfa = base64.b32encode(
bytes(str(shortuuid.uuid() + shortuuid.uuid())[:-9],
encoding="utf-8")).decode("utf-8")
with DBContext('w', None, True) as session:
session.add(
Users(username=username,
password=password,
nickname=nickname,
department=department,
tel=tel,
wechat=wechat,
no=no,
email=email,
google_key=mfa,
superuser='******',
status='20'))
self.write(dict(code=0, msg='如果没填写密码 则新用户密码为:shenshuo'))
def put(self, *args, **kwargs):
if not self.is_superuser:
return self.write(dict(code=-1, msg='不是超级管理员,没有权限'))
data = json.loads(self.request.body.decode("utf-8"))
user_list = data.get('user_list', None)
if len(user_list) < 1:
return self.write(dict(code=-2, msg='用户不能为空'))
redis_conn = cache_conn()
configs_init('all')
config_info = redis_conn.hgetall(const.APP_SETTINGS)
config_info = convert(config_info)
obj = SendMail(
mail_host=config_info.get(const.EMAIL_HOST),
mail_port=config_info.get(const.EMAIL_PORT),
mail_user=config_info.get(const.EMAIL_HOST_USER),
mail_password=config_info.get(const.EMAIL_HOST_PASSWORD),
mail_ssl=True
if config_info.get(const.EMAIL_USE_SSL) == '1' else False,
mail_tls=True
if config_info.get(const.EMAIL_USE_TLS) == '1' else False)
with DBContext('w', None, True) as session:
for user_id in user_list:
md5_password = shortuuid.uuid()
new_password = gen_md5(md5_password)
session.query(Users).filter(Users.user_id == user_id).update(
{Users.password: new_password})
mail_to = session.query(
Users.email).filter(Users.user_id == user_id).first()
obj.send_mail(mail_to[0],
'修改密码',
md5_password,
subtype='plain')
return self.write(dict(code=0, msg='重置密码成功,新密码已经发送到邮箱'))
def post(self, *args, **kwargs):
data = json.loads(self.request.body.decode("utf-8"))
username = data.get('username', None)
nickname = data.get('nickname', None)
password = data.get('password', None)
department = data.get('department', None)
tel = data.get('tel', None)
wechat = data.get('wechat', None)
no = data.get('no', None)
email = data.get('email', None)
if not username or not nickname or not department or not tel or not wechat or not no or not email:
return self.write(dict(code=-1, msg='参数不能为空'))
with DBContext('r') as session:
user_info1 = session.query(Users).filter(
Users.username == username).first()
user_info2 = session.query(Users).filter(Users.tel == tel).first()
user_info3 = session.query(Users).filter(
Users.email == email).first()
user_info4 = session.query(Users).filter(
Users.nickname == nickname).first()
if user_info1:
return self.write(dict(code=-2, msg='用户名已注册'))
if user_info2:
return self.write(dict(code=-3, msg='手机号已注册'))
if user_info3:
return self.write(dict(code=-4, msg='邮箱已注册'))
if user_info4:
return self.write(dict(code=-4, msg='昵称已注册'))
if not password:
md5_password = shortuuid.uuid()
password = gen_md5(md5_password)
else:
if not check_password(password):
return self.write(
dict(code=-5, msg='密码复杂度必须为: 超过8位,包含数字,大小写字母 等'))
password = gen_md5(password)
mfa = base64.b32encode(
bytes(str(shortuuid.uuid() + shortuuid.uuid())[:-9],
encoding="utf-8")).decode("utf-8")
redis_conn = cache_conn()
configs_init('all')
config_info = redis_conn.hgetall(const.APP_SETTINGS)
config_info = convert(config_info)
obj = SendMail(
mail_host=config_info.get(const.EMAIL_HOST),
mail_port=config_info.get(const.EMAIL_PORT),
mail_user=config_info.get(const.EMAIL_HOST_USER),
mail_password=config_info.get(const.EMAIL_HOST_PASSWORD),
mail_ssl=True
if config_info.get(const.EMAIL_USE_SSL) == '1' else False,
mail_tls=True
if config_info.get(const.EMAIL_USE_TLS) == '1' else False)
with DBContext('w', None, True) as session:
session.add(
Users(username=username,
password=password,
nickname=nickname,
department=department,
tel=tel,
wechat=wechat,
no=no,
email=email,
google_key=mfa,
superuser='******'))
obj.send_mail(email,
'用户注册成功',
'密码为:{} \n MFA:{}'.format(password, mfa),
subtype='plain')
return self.write(
dict(code=0, msg='恭喜你! 注册成功,赶紧联系管理员给你添加权限吧!!!', mfa=mfa))
def post(self, *args, **kwargs):
data = json.loads(self.request.body.decode("utf-8"))
username = data.get('username', None)
password = data.get('password', None)
dynamic = data.get('dynamic', None)
if not username or not password: return self.write(dict(code=-1, msg='账号密码不能为空'))
redis_conn = cache_conn()
configs_init('all')
if is_mail(username):
login_mail = redis_conn.hget(const.APP_SETTINGS, const.EMAILLOGIN_DOMAIN)
if login_mail:
if is_mail(username, login_mail.decode('utf-8')):
email = username
username = email.split("@")[0]
email_server = redis_conn.hget(const.APP_SETTINGS, const.EMAILLOGIN_SERVER).decode('utf-8')
if not email_server:
return self.write(dict(code=-9, msg='请配置邮箱服务的SMTP服务地址'))
if not mail_login(email, password, email_server):
return self.write(dict(code=-2, msg='邮箱登陆认证失败'))
with DBContext('r') as session:
user_info = session.query(Users).filter(Users.email == email, Users.username == username,
Users.status != '10').first()
if not user_info:
return self.write(dict(code=-3, msg='邮箱认证通过,请根据邮箱完善用户信息', username=username, email=email))
else:
with DBContext('r') as session:
user_info = session.query(Users).filter(Users.username == username, Users.password == gen_md5(password),
Users.status != '10').first()
if not user_info:
# redis_conn = cache_conn()
# configs_init('all')
ldap_login = redis_conn.hget(const.APP_SETTINGS, const.LDAP_ENABLE)
ldap_login = convert(ldap_login)
if ldap_login != '1':
return self.write(dict(code=-4, msg='账号密码错误'))
### 如果开启了LDAP认证 则进行LDAP认证
else:
####
config_info = redis_conn.hgetall(const.APP_SETTINGS)
config_info = convert(config_info)
ldap_ssl = True if config_info.get(const.LDAP_USE_SSL) == '1' else False
obj = LdapApi(config_info.get(const.LDAP_SERVER_HOST), config_info.get(const.LDAP_ADMIN_DN),
config_info.get(const.LDAP_ADMIN_PASSWORD),
int(config_info.get(const.LDAP_SERVER_PORT, 389)),
ldap_ssl)
ldap_pass_info = obj.ldap_auth(username, password, config_info.get(const.LDAP_SEARCH_BASE),
config_info.get(const.LDAP_SEARCH_FILTER))
if ldap_pass_info[0]:
with DBContext('r') as session:
if not ldap_pass_info[2]:
return self.write(dict(code=-11, msg='LDAP认证成功,但是没有找到用户邮箱,请完善!'))
else:
user_info = session.query(Users).filter(Users.email == ldap_pass_info[2],
Users.username == username,
Users.status != '10').first()
if not user_info:
return self.write(dict(code=-3, msg='LDAP认证通过,完善用户信息', username=ldap_pass_info[1],
email=ldap_pass_info[2]))
else:
return self.write(dict(code=-4, msg='账号密码错误'))
if 'user_info' not in dir():
return self.write(dict(code=-4, msg='账号异常'))
if user_info.status != '0':
return self.write(dict(code=-4, msg='账号被禁用'))
is_superuser = True if user_info.superuser == '0' else False
### 如果被标记为必须动态验证切没有输入动态密钥,则跳转到二维码添加密钥的地方
### 默认为 True, False 则全局禁用MFA
mfa_global = False if convert(redis_conn.hget(const.APP_SETTINGS, const.MFA_GLOBAL)) == '1' else True
if mfa_global and user_info.google_key:
if not dynamic:
### 第一次不带MFA的认证
return self.write(dict(code=1, msg='跳转二次认证'))
else:
### 二次认证
t_otp = pyotp.TOTP(user_info.google_key)
if t_otp.now() != str(dynamic):
return self.write(dict(code=-5, msg='MFA错误'))
user_id = str(user_info.user_id)
### 生成token 并写入cookie
token_exp_hours = redis_conn.hget(const.APP_SETTINGS, const.TOKEN_EXP_TIME)
if token_exp_hours and convert(token_exp_hours):
token_info = dict(user_id=user_id, username=user_info.username, nickname=user_info.nickname,
email=user_info.email, is_superuser=is_superuser, exp_hours=token_exp_hours)
else:
token_info = dict(user_id=user_id, username=user_info.username, nickname=user_info.nickname,
email=user_info.email, is_superuser=is_superuser)
auth_token = AuthToken()
auth_key = auth_token.encode_auth_token_v2(**token_info)
login_ip_list = self.request.headers.get("X-Forwarded-For")
if login_ip_list:
login_ip = login_ip_list.split(",")[0]
with DBContext('w', None, True) as session:
session.query(Users).filter(Users.user_id == user_id).update({Users.last_ip: login_ip})
session.commit()
self.set_secure_cookie("nickname", user_info.nickname)
self.set_secure_cookie("username", user_info.username)
self.set_secure_cookie("user_id", str(user_info.user_id))
self.set_cookie('auth_key', auth_key, expires_days=1)
### 后端权限写入缓存
my_verify = MyVerify(user_id, is_superuser)
my_verify.write_verify()
### 前端权限写入缓存
# get_user_rules(user_id, is_superuser)
return self.write(dict(code=0, auth_key=auth_key.decode(), username=user_info.username,
nickname=user_info.nickname, msg='登录成功'))
def post(self, *args, **kwargs):
data = json.loads(self.request.body.decode("utf-8"))
username = data.get('username', None)
password = data.get('password', None)
dynamic = data.get('dynamic', None)
next_url = data.get('next_url', None)
if not username or not password:
return self.write(dict(code=-1, msg='账号密码不能为空'))
if is_mail(username):
redis_conn = cache_conn()
configs_init('all')
login_mail = redis_conn.hget(const.APP_SETTINGS,
const.EMAILLOGIN_DOMAIN)
if login_mail:
if is_mail(username, login_mail.decode('utf-8')):
email = username
username = email.split("@")[0]
email_server = redis_conn.hget(
const.APP_SETTINGS,
const.EMAILLOGIN_SERVER).decode('utf-8')
if not email_server:
return self.write(dict(code=-9,
msg='请配置邮箱服务的SMTP服务地址'))
if not mail_login(email, password, email_server):
return self.write(dict(code=-2, msg='邮箱登陆认证失败'))
with DBContext('r') as session:
user_info = session.query(Users).filter(
Users.email == email, Users.username == username,
Users.status != '10').first()
if not user_info:
return self.write(
dict(code=-3,
msg='邮箱认证通过,请根据邮箱完善用户信息',
email=email))
else:
with DBContext('r') as session:
user_info = session.query(Users).filter(
Users.username == username,
Users.password == gen_md5(password),
Users.status != '10').first()
if not user_info:
return self.write(dict(code=-4, msg='账号密码错误'))
if user_info.status != '0':
return self.write(dict(code=-4, msg='账号被禁用'))
if user_info.superuser == '0':
is_superuser = True
else:
is_superuser = False
### 如果被标记为必须动态验证切没有输入动态密钥,则跳转到二维码添加密钥的地方
if user_info.google_key:
totp = pyotp.TOTP(user_info.google_key)
if dynamic:
if totp.now() != str(dynamic):
return self.write(dict(code=-5, msg='MFA错误'))
else:
return self.write(dict(code=-8, msg='请输入MFA'))
user_id = str(user_info.user_id)
### 生成token 并写入cookie
token_info = dict(user_id=user_id,
username=user_info.username,
nickname=user_info.nickname,
is_superuser=is_superuser)
auth_token = AuthToken()
auth_key = auth_token.encode_auth_token(**token_info)
login_ip_list = self.request.headers.get("X-Forwarded-For")
if login_ip_list:
login_ip = login_ip_list.split(",")[0]
with DBContext('w', None, True) as session:
session.query(Users).filter(Users.user_id == user_id).update(
{Users.last_ip: login_ip})
self.set_secure_cookie("nickname", user_info.nickname)
self.set_secure_cookie("username", user_info.username)
self.set_secure_cookie("user_id", str(user_info.user_id))
self.set_cookie('auth_key', auth_key, expires_days=1)
### 后端权限写入缓存
my_verify = MyVerify(user_id)
my_verify.write_verify()
### 前端权限写入缓存
get_user_rules(user_id)
return self.write(
dict(code=0,
auth_key=auth_key.decode(encoding="utf-8"),
username=user_info.username,
nickname=user_info.nickname,
next_url=next_url,
msg='登录成功'))
