def post(self):
username = self.validated_arguments['username']
verify_code = self.validated_arguments['verify_code']
new_password = self.validated_arguments['new_password']
if is_mobile(username):
if not self.verify_mobile(username, verify_code):
raise ApiException(400, "验证码错误,请重新输入")
user = User.get_or_none(mobile=username)
if not user:
raise ApiException(400, "手机号还没有注册")
User.update(password=User.create_password(new_password)).where(
User.id == user.id).execute()
elif username.find("@") > 0:
user = User.get_or_none(email=username)
if not user:
raise ApiException(400, "邮箱还没有注册")
User.update(password=User.create_password(new_password)).where(
User.id == user.id).execute()
else:
raise ApiException(400, "用户名格式有误,请填写手机号或电子邮箱")
self.write_success()
def post(self):
mobile = self.validated_arguments['mobile']
verify_code = self.validated_arguments['verify_code']
if not self.verify_mobile(mobile, verify_code):
raise ApiException(400, "验证码错误,请重新输入")
user = User.get_or_none(mobile=mobile)
if not user:
with self.db.transaction() as txn:
user = User.create(
mobile=mobile,
mobile_verifyed=True,
reg_device_id=self.device_id,
last_device_id=self.device_id,
last_login=datetime.now(),
)
else:
update = {"last_login": datetime.now()}
if self.device_id > 0:
update["last_device_id"] = self.device_id
User.update(**update).where(User.id == user.id).execute()
if user and self.device_id:
User.update_device(user.id, self.device_id)
self.write(self.create_session(user))
def login(self, user: User, expires_days: int = None):
self.set_secure_cookie("club_session",
tornado.escape.json_encode({
"id": user.id,
}),
expires_days=expires_days)
User.update(last_login=datetime.now()).where(
User.id == user.id).execute()
def patch(self, user_id):
user = User.get_or_404(id=user_id)
self.has_update_permission(user)
form = self.validated_arguments
if not form:
raise ApiException(400, "填写需要修改的属性和值")
User.update(**form).where(User.id == user_id).execute()
self.set_status(204)
def post(self):
form = MobileResetPasswordForm(self.arguments)
if form.validate() and self.validate_verify_code(form):
User.update(password=User.create_password(
self.get_argument("password"))).where(
User.mobile == self.get_argument("mobile")).execute()
self.flash("重置密码成功,请使用新密码登录")
self.redirect(self.reverse_url("club_auth_login"))
self.render("password/mobile_reset_password.html", form=form)
def post(self):
username = self.validated_arguments['username'].lower()
password = self.validated_arguments['password']
if len(username) == 0 or len(password) == 0:
raise ApiException(400, "用户名和密码不能为空")
fail_times_key = "yiyun:user:%s:login_fail_times" % username
if intval(self.redis.get(fail_times_key)) >= 5:
raise ApiException(403, "密码错误次数太多,请休息10分钟再试")
if is_mobile(username):
user = User.get_or_none(mobile=username)
elif username.find('@') > 0:
user = User.get_or_none(email=username)
else:
raise ApiException(400, "用户名格式不正确,请填写手机号或电子邮箱")
if not password or not user \
or not User.check_password(user.password, password):
fail_times = intval(self.redis.incr(fail_times_key))
if fail_times == 1:
self.redis.expire(fail_times_key, 600)
raise ApiException(403, "密码有误,如果没有设置密码请使用手机号找回密码")
# 重试次数归零
self.redis.delete(fail_times_key)
if not user.is_active():
raise ApiException(403, "你的账户不可用,无法登录")
update = {"last_login": datetime.now()}
if self.device_id > 0:
update["last_device_id"] = self.device_id
User.update(**update).where(User.id == user.id).execute()
if user and self.device_id:
Device.update(owner_id=user.id).where(
Device.id == self.device_id).execute()
self.write(self.create_session(user))
def post(self):
form = ChangePasswordForm(self.arguments)
if form.validate() and self.validate_password(form):
User.update(
password=User.create_password(self.get_argument("newPassword"))
).where(
User.id == self.current_user.id
).execute()
self.flash("修改密码成功!", category='success')
self.redirect(self.reverse_url("club_account_change_password"))
return
self.render("account/change_password.html", form=form)
def sync_user_info(self, extra_fields):
""" 同步报名信息到用户信息
"""
update_user_attrs = {}
if not self.current_user.name and extra_fields.get("nickname", None):
update_user_attrs['name'] = extra_fields['nickname']
if self.current_user.gender not in ('f', 'm') and \
extra_fields.get("gender", None):
update_user_attrs['gender'] = extra_fields['gender']
if update_user_attrs:
User.update(
**update_user_attrs
).where(
User.id == self.current_user.id
).execute()
def post(self):
form = ChangeMobileForm(self.arguments)
if form.validate() \
and self.validate_password(form) \
and self.validate_mobile(form):
User.update(
mobile=self.get_argument("mobile")
).where(
User.id == self.current_user.id
).execute()
self.flash("修改手机号成功!", category='success')
self.redirect(self.reverse_url("club_change_mobile"))
return
self.validate_password(form)
self.render("account/change_mobile.html", form=form)
def update_avatar_by_url(user_id, avatar_url):
r = requests.get(avatar_url)
if r.status_code != 200:
return
avatar_key = "user:%s%s" % (user_id, time.time())
avatar_key = hashlib.md5(avatar_key).hexdigest()
avatar_bucket = app.settings['qiniu_avatar_bucket']
ret, info = qiniu_tool.put_data(avatar_bucket,
avatar_key,
r.content,
mime_type="image/jpeg",
check_crc=True)
if not ret:
raise Exception("上传头像失败")
# 记录保存仓库和位置
avatar_key = "qiniu:%s:%s" % (avatar_bucket, avatar_key)
User.update(avatar_key=avatar_key).where(User.id == user_id).execute()
def register_or_login(self, service, openid, access_token, expires_in,
nickname, gender, head_url, auth_data):
try:
user = User.select().join(
UserAuthData,
on=(UserAuthData.user_id == User.id
)).where((UserAuthData.service == service)
& (UserAuthData.openid == openid)).get()
except User.DoesNotExist:
user = None
if self.current_user:
# 已绑定到其它账号
if user and user.id != self.current_user.id:
raise ApiException(
403,
"此%s账号已被其他用户使用" % UserAuthData.get_service_name(service))
# 已绑定到自己账号
elif user and user.id == self.current_user.id:
UserAuthData.update(
access_token=access_token,
expires_in=expires_in,
userinfo=auth_data).where(
(UserAuthData.service == service)
& (UserAuthData.user_id == user.id)).execute()
# 已绑定其它账号
elif UserAuthData.select().where(
(UserAuthData.service == service)
& (UserAuthData.user_id == self.current_user.id)
& (UserAuthData.openid != openid)).exists():
raise ApiException(
403, "你已绑定其他%s账号" % UserAuthData.get_service_name(service))
# 已登录执行绑定
else:
UserAuthData.create(service=service,
user_id=self.current_user.id,
openid=openid,
nickname=nickname,
access_token=access_token,
expires_in=expires_in,
userinfo=auth_data)
if self.device_id > 0:
User.update(last_device_id=self.device_id).where(
User.id == self.current_user.id).execute()
self.write(self.create_session(self.current_user))
else:
# 已注册用户直接登录
if user:
update = {"last_login": datetime.now()}
if self.device_id > 0:
update["last_device_id"] = self.device_id
User.update(**update).where(User.id == user.id).execute()
UserAuthData.update(
access_token=access_token,
expires_in=expires_in,
userinfo=auth_data).where(
(UserAuthData.service == service)
& (UserAuthData.user_id == user.id)).execute()
# 未注册用户先注册
else:
with self.db.transaction() as txn:
if User.select().where(User.name == nickname).exists():
if nickname == "qzuser":
name = "%s_%s" % (nickname,
random.randint(100000, 999999))
else:
name = "%s_%s" % (nickname, random.randint(
100, 999))
else:
name = nickname
user = User.create(
name=name,
gender=gender,
mobile_verifyed=False,
password=None,
reg_device_id=self.device_id,
last_device_id=self.device_id,
last_login=datetime.now(),
im_username=create_token(32).lower(),
im_password=create_token(16),
)
UserAuthData.create(service=service,
user_id=user.id,
openid=openid,
nickname=nickname,
access_token=access_token,
expires_in=expires_in,
userinfo=auth_data)
# 将手机好加到 redis, 匹配好友需要
if user.mobile:
self.redis.sadd('mobile:registered', user.mobile)
# 从第三方下载头像
if head_url:
tasks.user.update_avatar_by_url.delay(
user.id, head_url)
if user and self.device_id:
Device.update(owner_id=user.id).where(
Device.id == self.device_id).execute()
self.write(self.create_session(user))
