def api_register_user(*, email, name, passwd):
# 字段校验
if not name or not name.strip():
raise APIValueError('name')
if not email or not _RE_EMAIL.match(email):
raise APIValueError('email')
if not passwd or not _RE_SHA1.match(passwd):
raise APIValueError('passwd')
users = yield from User.findAll('email=?', [email]) # email 不能重复
if len(users) > 0:
raise APIError('register: failed', 'email', 'Email is already in use.')
uid = next_id()
sha1_passwd = '%s:%s' % (uid, passwd) # 混淆密码
admin = False
# if email == '*****@*****.**':
# admin = True
user = User(id=uid, name=name.strip(), email=email, passwd=hashlib.sha1(sha1_passwd.encode('utf-8')).hexdigest(), image='http://www.gravatar.com/avatar/%s?d=mm&s=120' % hashlib.md5(email.encode('utf-8')).hexdigest(), admin=admin)
yield from user.save()
r = web.Response()
r.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True)
user.passwd = '******' # 创建用户成功后,隐藏密码
r.content_type = 'application/json'
r.body = json.dumps(user, ensure_ascii=False).encode('utf-8')
return r
async def user_yes(request, *, name, em, mm, t):
'''
邮箱验证注册
:param request:
:param name:
:param em:
:param mm:
:return:
'''
if float(time.time()) - float(t) > 1800:
return 'redirect:/'
uid = next_id()
sha1_passwd = '%s:%s' % (uid, mm)
user = User(id=uid,
name=name.strip(),
email=em,
passwd=hashlib.sha1(sha1_passwd.encode('utf-8')).hexdigest(),
image='http://www.gravatar.com/avatar/%s?d=mm&s=120' %
hashlib.md5(em.encode('utf-8')).hexdigest())
await user.save()
# make session cookie
r = web.Response()
r.set_cookie(COOKIE_NAME,
user2cookie(user, 86400),
max_age=86400,
httponly=True)
user.passwd = '******'
r.content_type = 'application/json'
r.body = json.dumps(user, ensure_ascii=False).encode('utf-8')
return 'redirect:/'
async def api_register_user(*, email, name, passwd):
if not name or not name.strip():
raise APIValueError('name')
if not email or not _RE_EMAIL.match(email):
raise APIValueError('email')
if not passwd or not _RE_SHA1.match(passwd):
raise APIValueError('passwd')
users = await User.findAll('email=?', [email])
if len(users) > 0:
raise APIError('register:failed', 'email', 'Email is already in use.')
uid = next_id()
sha1_passwd = '%s:%s' % (uid, passwd)
user = User(id=uid,
name=name.strip(),
email=email,
passwd=hashlib.sha1(sha1_passwd.encode('utf-8')).hexdigest(),
image='http://www.gravatar.com/avatar/%s?d=mm&s=120' %
hashlib.md5(email.encode('utf-8')).hexdigest())
await user.save()
# make session cookie:
r = web.Response()
r.set_cookie(COOKIE_NAME,
user2cookie(user, 86400),
max_age=86400,
httponly=True)
user.passwd = '******'
r.content_type = 'application/json'
r.body = json.dumps(user, ensure_ascii=False).encode('utf-8')
return r
def api_get_users(*, page='1'):
page_index = get_page_index(page)
num = yield from User.findNumber('count(id)')
p = Page(num, page_index)
if num == 0:
return dict(page=p, users=())
users = yield from User.findAll(orderBy='created_at desc', limit=(p.offset, p.limit))
for u in users:
u.passwd = '******'
return dict(page=p, users=users)
def cookie2user(cookie_str):
"""
Parse cookie and load user if cookie is valid
从cookie中验证用户,返回由cookie查找到的用户
:param cookie_str: cookie字符串
:return:
"""
if not cookie_str:
return None
try:
L = cookie_str.split('-')
if len(L) != 3:
return None
uid, expires, sha1 = L
if int(expires) < time.time():
return None
user = yield from User.find(uid)
if user is None:
return None
s = '%s-%s-%s-%s' % (uid, user.passwd, expires, _COOKIE_KEY)
if sha1 != hashlib.sha1(s.encode('utf-8')).hexdigest():
logging.info('invalid sha1')
return None
user.passwd = '******'
return user
except Exception as e:
logging.exception(e)
return None
def authenticate(*, email, passwd):
if not email:
raise APIValueError('email', 'Invalid email.')
if not passwd:
raise APIValueError('passwd', 'Invalid password.')
users = yield from User.findAll('email=?', [email])
if len(users) == 0:
raise APIValueError('email', 'Email not exist.')
user = users[0]
# check passwd:
sha1 = hashlib.sha1()
sha1.update(user.id.encode('utf-8'))
sha1.update(b':')
sha1.update(passwd.encode('utf-8'))
if user.passwd != sha1.hexdigest():
raise APIValueError('passwd', 'Invalid password.')
# authenticate ok, set cookie:
r = web.Response()
r.set_cookie(COOKIE_NAME,
user2cookie(user, 86400),
max_age=86400,
httponly="True")
user.passwd = '******'
r.content_type = 'application/json'
r.body = json.dumps(user, ensure_ascii=False).encode('utf-8')
return r
def user_register():
form = UserRegistration()
if form.validate_on_submit():
password_hash = crypt.generate_password_hash(
form.password.data).decode('utf-8')
user = User(email=form.email.data,
password=password_hash,
display_name=form.display_name.data)
database.session.add(user)
database.session.commit()
flash("Registration Successful, please login to continue", "success")
logger(state="INFO",
message="User account for {} created".format(form.email.data))
return redirect(url_for('runtime.user_login'))
else:
return render_template('user_register.html',
title="Register Account",
form=form)
def authenticate(*, email, passwd):
if not email:
raise APIValueError('email', 'Invalid email')
if not passwd:
raise APIValueError('passwd', 'Invalid password')
users = yield from User.findAll('email=?', email)
if len(users) == 0:
raise APIValueError('email', 'Email not exist')
user = users[0]
sha1 = hashlib.sha1()
sha1.update(user.id.encode('utf-8'))
sha1.update(b':')
sha1.update(passwd.encode('utf-8'))
if user.passwd != sha1.hexdigest():
raise APIValueError('passwd', 'Invalid password')
# 验证成功,开始生成response,设置cookie,返回
r = web.Response()
r.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True)
user.passwd = '******'
r.content_type = 'application/json'
r.body = json.dumps(user, ensure_ascii=False).encode('utf-8')
return r
def test(loop):
yield from orm.create_pool(loop=loop, user='******', password='******', db='awesome')
u = User(name='Won', email='*****@*****.**', passwd='1234567890', image='about:blank')
yield from u.save()
def test(loop):
yield from orm.create_pool(loop, user='******', password='******', database='awesome_study')
u = User(name='Test', email='*****@*****.**', passwd='1234567890', image='about:blank')
yield from u.save()
