def get(self, request): credentials = twitter.Api().GetAppOnlyAuthToken( os.environ['CONSUMER_KEY'], os.environ['CONSUMER_SECRET']) token = Token(token_type=credentials['token_type'], access_token=credentials['access_token']) token.save() return Response(credentials)
def login(request): if request.method == "POST": info = loads(request.body.decode('utf-8')) try: phone = info['phone'] user = User.objects.filter(phone=phone) if user.exists(): password = info['password'] if user[0].password == password: Device(dev_id=info['deviceId'], reg_id=info['deviceToken'], name=phone, is_active=True).save() user.update(status=True) tok = get_random_string(length=32) tok = Token(user=user[0], token=tok, expiry_date=datetime.datetime.now()) tok.save(force_insert=True) return my_response(True, 'success', tok.to_json()) else: return my_response(False, 'invalid information', {}) else: return my_response(False, 'user not found', {}) except Exception as e: e = str(e) if e.__contains__('UNIQUE constraint'): Device.objects.filter(dev_id=info['deviceId']).delete() return login(request) return my_response(False, 'error in login, check login body, ' + e, {}) else: return my_response(False, 'invalid method', {})
def register_member(data): member = Member(first_name=data['first_name'], last_name=data['last_name'], email=data['email'], patronymic=data['patronymic'], phone_number=data['phone_number'], role_id=data['role'], swimming_skill=data['swimming_skill'], password=func.Hash(data['password']), take_part_flag=data['take_part_flag']) try: member.save() token = Token(user_id=member.id, token=secrets.token_hex(51)) token.save() return HttpResponse(renderers.JSONRenderer().render({ 'member_id': member.id, 'auth_token': token.token })) except Exception as e: return HttpResponse(renderers.JSONRenderer().render({ 'status': '0', 'error': type(e) }))
def load_token(): tokens = Token.objects.filter(ts__gte=ts()) if len(tokens) == 0: settings = T411_SETTINGS try: t411 = T411(settings) except Exception as e: raise e t = Token(token=t411.token, ts=ts() + 3600 * 24 * 90) t.save() token = t411.token else: token = tokens[0].token return token
def authenticate(self, request): authorization = request.META.get("HTTP_AUTHORIZATION", None) if not authorization or not authorization.startswith("Bearer"): return None token = authorization.split(" ")[-1] role = UserRole.User.name.lower() if token == SUPER_USER_TOKEN: username = ADMIN_NAME user_model, _ = UserModel.objects.get_or_create(name=username) else: try: token_model = Token.objects.get(token=token, expire_date__gt=timezone.now()) except ObjectDoesNotExist: try: token_info = keycloak_openid.introspect(token) active = token_info.get("active", False) role = token_info.get("role", UserRole.User.name.lower()) exp_time = timezone.make_aware( datetime.fromtimestamp(token_info.get("exp"))) username = token_info.get("preferred_username", "") sub = token_info.get("sub", "") if not active: return None except Exception as exc: LOG.error("exception %s", str(exc)) return None user_model, _ = UserModel.objects.get_or_create(id=sub, name=username) user_model.role = role user_model.save() token_model = Token(token=token, user=user_model, expire_date=exp_time) token_model.save() else: username = token_model.user.name user_model = token_model.user role = user_model.role user = User() user.username = username user.token = token user.role = role user.user_model = user_model return user, None
def register(request): if request.method == "POST": try: info = loads(request.body.decode('utf-8')) p = info['phone'] e = info['email'] this_otp = info['otp'] o = Otp.objects.get(email=e) if o.otp != this_otp: return my_response(False, 'confirmation code invalid', None) if time_diff(get_hour_minute(), o.expiry) > 5: o.delete() return my_response( False, 'confirmation code invalid, try from first', None) user = User( phone=p, email=e, name=info['name'], password=info['password'], ) user.save(force_insert=True) tok = get_random_string(length=32) tok = Token(user=user, token=tok, expiry_date=datetime.datetime.now()) tok.save(force_insert=True) o.delete() Device(dev_id=info['deviceId'], reg_id=info['deviceToken'], name=p, is_active=True).save() return my_response(True, 'user registered', tok.to_json()) except Exception as e: e = str(e) if e.__contains__('UNIQUE constraint'): return my_response(False, 'user exist! please sign in', {}) else: return my_response(False, 'error in register, check body send, ' + e, {}) else: return my_response(False, 'invalid method', {})
def post(self): """Function serving login user api endpoint""" data = request.get_json(self) data['username'] = data['username'].replace(" ", "").lower() if validate_login(data): return Response(json.dumps(validate_login(data)), status=400) user = User.query.filter_by(username=data['username']).first() if user: if User.verify_password(user.password_hash, data['password']): logged_in = Token.token_by_owner(user.username) # if logged_in: # return Response(json.dumps({"Message": "Already logged in", "Token": logged_in.token}), status=403) expires = timedelta(days=30) token = create_access_token(identity=user.username, expires_delta=expires) tk = Token(token, user.username).save() return Response(json.dumps({"Message": "Successfully logged in", "Token": token, "User": user.serialize}), status=200) return Response(json.dumps({"Message": "Wrong password"}), status=401) return Response(json.dumps({"Message": "User does not exist"}), status=404)
def token_add(request): if request.method == 'POST': f = ApiTokenForm(request.POST) if f.is_valid(): cleaned_data = f.cleaned_data try: token = Token() token.title = cleaned_data['title'] token.token = cleaned_data['token'] token.save() messages.info(request, '添加成功') except: messages.error(request, '添加失败') finally: return redirect('admin:api.token') else: f = ApiTokenForm() return render(request, 'admin/api/add_token.html', { "form": f, "auto_generate_token": uuid4(), })
def auth(): if user_obj.check_password(user_obj.password, password): token_dict = { "key": getRandomString(32), "user_id": user_obj.nid } # token 时效性一周 if Token.uget(user_obj.nid): Token.uupdate(user_obj.nid, token_dict) else: token_obj = Token(**token_dict) token_obj.add() # 登录成功初始化状态 1 错误次数 0 User.update(user_obj.nid, {"status": 1, "errtimes": 0}) res.data = { "username": username, "token": token_dict.get("key") } return res.dict # 错误次数达到3次 锁定账号 elif user_obj.errtimes == trytimes: User.update(user_obj.nid, {"status": 0, "locktime": newtime}) return dict(errcode=4022, errmsg="错误次数过多,账号已锁定,请%s分钟后重试" % lockmin) else: # 错误次数+1 User.updateplus(user_obj.nid) if user_obj.errtimes == trytimes: User.update(user_obj.nid, { "status": 0, "locktime": newtime }) return dict(errcode=4022, errmsg="错误次数过多,账号已锁定,请%s分钟后重试" % lockmin) else: return dict(errcode=4021, errmsg="密码错误,还可尝试%s次,错误3次账号将锁定5分钟" % (trytimes - user_obj.errtimes))
def signup(request): username = request.POST.get('username') password = request.POST.get('password') fname = request.POST.get('fname') lname = request.POST.get('lname') encode = jwt.encode({'username': username}, settings.SECRET_KEY) if User.objects.filter(username=username).exists(): response = {'result': -1, 'message': 'User name exist'} else: try: user = User(username=username, password=password, first_name=fname, last_name=lname) user.set_password(password) user.is_active = True user.is_staff = True user.is_superuser = True group_name = 'admin' try: group = Group.objects.get(name=group_name) except Group.DoesNotExist: new_group, created = Group.objects.get_or_create( name=group_name) group = Group.objects.get(name=group_name) user.save() group.user_set.add(user) token = Token(user=user, token=str(encode)) token.save() response = {'result': 1, 'message': 'Save success'} except Exception as e: response = {'result': 0, 'message': 'Can not save user'} return JsonResponse(response)
def add_token(self): # assign a token to the user t = Token(user=self, daily_computation_time=600) t.token = t.generate_token(self.email) t.save()