def post(self):
form = LoginForm(self.arguments)
if form.validate():
user = self.have_user(form.username.data)
if user and User.check_password(user.password, form.password.data):
remember_me = self.get_argument("remember", "off")
if remember_me == "on":
expires_days = 30
else:
expires_days = None
self.login(user, expires_days)
team = Team.get_or_none(owner_id=user.id)
if team is None:
return self.redirect(self.reverse_url("club_create"))
elif team.state == 0:
return self.redirect(self.reverse_url("club_wait_approve"))
elif self.next_url:
return self.redirect(self.next_url)
else:
return self.redirect(self.reverse_url("club_home"))
messages = [('danger', '登录失败:账号或密码不正确')]
self.render("login.html", form=form, messages=messages)
def validate_password(self, form):
password = self.get_argument("password")
if not password or \
not User.check_password(self.current_user.password, password):
form.password.errors = [ValidationError("旧密码不正确")]
return False
return True
def post(self):
username = self.validated_arguments['username'].lower()
password = self.validated_arguments['password']
if len(username) == 0 or len(password) == 0:
raise ApiException(400, "用户名和密码不能为空")
fail_times_key = "yiyun:user:%s:login_fail_times" % username
if intval(self.redis.get(fail_times_key)) >= 5:
raise ApiException(403, "密码错误次数太多,请休息10分钟再试")
if is_mobile(username):
user = User.get_or_none(mobile=username)
elif username.find('@') > 0:
user = User.get_or_none(email=username)
else:
raise ApiException(400, "用户名格式不正确,请填写手机号或电子邮箱")
if not password or not user \
or not User.check_password(user.password, password):
fail_times = intval(self.redis.incr(fail_times_key))
if fail_times == 1:
self.redis.expire(fail_times_key, 600)
raise ApiException(403, "密码有误,如果没有设置密码请使用手机号找回密码")
# 重试次数归零
self.redis.delete(fail_times_key)
if not user.is_active():
raise ApiException(403, "你的账户不可用,无法登录")
update = {"last_login": datetime.now()}
if self.device_id > 0:
update["last_device_id"] = self.device_id
User.update(**update).where(User.id == user.id).execute()
if user and self.device_id:
Device.update(owner_id=user.id).where(
Device.id == self.device_id).execute()
self.write(self.create_session(user))
def test_reset_password(self):
user = User.create(name='test4',
mobile="13838003804",
password=User.create_password("123456"))
new_password = "******"
url = "api/2/auth/reset_password"
body = {
"username": "******",
"verify_code": "8888",
"new_password": new_password
}
response = self.fetch(url, method="POST", body=json.dumps(body))
self.assertEqual(200, response.code, response.body.decode())
user = User.get(id=user.id)
result = User.check_password(user.password, new_password)
self.assertEqual(True, result, result)
def post(self):
mobile = self.validated_arguments['mobile']
action = self.validated_arguments['action']
sent_times_key = "yiyun:mobile:%s:code_sent_times" % mobile
if intval(self.redis.get(sent_times_key)) >= 5:
raise ApiException(400, "你已重发5次,请稍后再试")
# 有效期内发送相同的验证码
verify_code = random.randint(1000, 9999)
logging.debug('verify code for mobile[{0}]: {1}'.format(
mobile, verify_code))
is_registered = User.select().where(User.mobile == mobile).exists()
if action == "register" and is_registered:
raise ApiException(1020, "手机号码已注册", status_code=400)
if action in ('register_or_login', 'register', 'login'):
# 保存验证码
self.save_verify_code(mobile, verify_code)
# 发短信
if not self.settings["debug"]:
tasks.message.send_sms_verifycode(mobile, verify_code)
self.write_success(is_registered=is_registered)
elif action == "forgot":
if not is_registered:
raise ApiException(400, "手机号码没有注册")
# 保存验证码
self.save_verify_code(mobile, verify_code)
# 发短信
tasks.message.send_sms_verifycode(mobile, verify_code)
self.write_success()
elif action == "update_mobile":
if not self.current_user:
raise ApiException(403, "登录后才能修改手机号")
if is_registered:
raise ApiException(403, "该号码已经使用,请更换")
if self.current_user.password and \
not User.check_password(self.current_user.password,
self.validated_arguments["password"]):
raise ApiException(403, "密码不正确,不能修改手机号")
# 保存验证码
self.save_verify_code(mobile, verify_code)
# 发短信
tasks.message.send_sms_verifycode(mobile, verify_code)
# 关联验证码与当前用户
self.redis.set(
"yiyun:update_mobile:%s:verify_code:%s" %
(mobile, verify_code), self.current_user.id)
# 30分钟内有效
self.redis.expire(
"yiyun:update_mobile:%s:verify_code:%s" %
(mobile, verify_code), 1800)
self.write_success()
# 30分钟内最多发送5次验证码
sent_times = intval(self.redis.incr(sent_times_key))
if sent_times == 1:
self.redis.expire(sent_times_key, 1800)
