Example #1
0
    def get(self):
        param = {
            'mode': 0,  # mode=0, unknown mode.
            'token': '',
            'code': TPE_OK
        }

        _token = self.get_argument('token', None)
        if _token is None:
            # 如果尚未设置SMTP或者系统限制,不允许发送密码重置邮件
            if len(tp_cfg().sys.smtp.server) == 0:
                param['mode'] = 2  # mode=2, show 'error' page
                param['code'] = TPE_NETWORK
            elif not tp_cfg().sys.password.allow_reset:
                param['mode'] = 2  # mode=2, show 'error' page
                param['code'] = TPE_PRIVILEGE
            else:
                param['mode'] = 1  # mode=1, show 'find-my-password' page.
        else:
            err, _ = user.check_reset_token(_token)

            param['code'] = err
            param['token'] = _token

            if err != TPE_OK:
                param['mode'] = 2  # mode=2, show 'error' page
            else:
                param['mode'] = 3  # mode=3, show 'set-new-password' page
                param['force_strong'] = tp_cfg().sys.password.force_strong

        self.render('user/reset-password.mako', page_param=json.dumps(param))
Example #2
0
    def get(self):
        param = {
            'mode': 0,  # mode=0, unknown mode.
            'token': '',
            'code': TPE_OK
        }

        _token = self.get_argument('token', None)
        if _token is None:
            # 如果尚未设置SMTP或者系统限制,不允许发送密码重置邮件
            if len(tp_cfg().sys.smtp.server) == 0:
                param['mode'] = 2  # mode=2, show 'error' page
                param['code'] = TPE_NETWORK
            elif not tp_cfg().sys.password.allow_reset:
                param['mode'] = 2  # mode=2, show 'error' page
                param['code'] = TPE_PRIVILEGE
            else:
                param['mode'] = 1  # mode=1, show 'find-my-password' page.
        else:
            err, _ = user.check_reset_token(_token)

            param['code'] = err
            param['token'] = _token

            if err != TPE_OK:
                param['mode'] = 2  # mode=2, show 'error' page
            else:
                param['mode'] = 3  # mode=3, show 'set-new-password' page
                param['force_strong'] = tp_cfg().sys.password.force_strong

        self.render('user/reset-password.mako', page_param=json.dumps(param))
Example #3
0
    def post(self):

        args = self.get_argument('args', None)
        if args is None:
            return self.write_json(TPE_PARAM)
        try:
            args = json.loads(args)
        except:
            return self.write_json(TPE_JSON_FORMAT)

        try:
            mode = int(args['mode'])
        except:
            return self.write_json(TPE_PARAM)

        password = ''

        if mode == 1:
            # 管理员直接在后台给用户发送密码重置邮件
            err = self.check_privilege(TP_PRIVILEGE_USER_CREATE)
            if err != TPE_OK:
                return self.write_json(err)

            try:
                user_id = int(args['id'])
            except:
                return self.write_json(TPE_PARAM)

        elif mode == 2:
            # 管理员直接在后台为用户重置密码
            err = self.check_privilege(TP_PRIVILEGE_USER_CREATE)
            if err != TPE_OK:
                return self.write_json(err)

            try:
                user_id = int(args['id'])
                password = args['password']
            except:
                return self.write_json(TPE_PARAM)

        elif mode == 3:
            # 用户自行找回密码,需要填写用户名、邮箱、验证码
            try:
                username = args['username']
                email = args['email']
                captcha = args['captcha']
            except:
                return self.write_json(TPE_PARAM)

            code = self.get_session('captcha')
            if code is None:
                return self.write_json(TPE_CAPTCHA_EXPIRED, '验证码已失效')
            if code.lower() != captcha.lower():
                return self.write_json(TPE_CAPTCHA_MISMATCH, '验证码错误')

            self.del_session('captcha')
            err, user_info = user.get_by_username(username)
            if err != TPE_OK:
                return self.write_json(err)
            if user_info.email != email:
                return self.write_json(TPE_NOT_EXISTS)

            user_id = user_info.id

        elif mode == 4:
            # 用户通过密码重置邮件中的链接(有token验证),在页面上设置新密码,需要提供token、新密码
            try:
                token = args['token']
                password = args['password']
            except:
                return self.write_json(TPE_PARAM)

            err, user_id = user.check_reset_token(token)
            if err != TPE_OK:
                return self.write_json(err)

        elif mode == 5:
            # 用户输入当前密码和新密码进行设置
            try:
                current_password = args['current_password']
                password = args['password']
            except:
                return self.write_json(TPE_PARAM)

            err, user_info = user.get_by_username(
                self.get_current_user()['username'])
            if err != TPE_OK:
                return self.write_json(err)
            if not tp_password_verify(current_password, user_info['password']):
                return self.write_json(TPE_USER_AUTH)
            user_id = user_info['id']

        elif mode == 6:
            # 用户密码过期,在登录前进行修改
            try:
                username = args['username']
                current_password = args['password']
                password = args['new_password']
                captcha = args['captcha']
            except:
                return self.write_json(TPE_PARAM)

            code = self.get_session('captcha')
            if code is None:
                return self.write_json(TPE_CAPTCHA_EXPIRED, '验证码已失效')
            if code.lower() != captcha.lower():
                return self.write_json(TPE_CAPTCHA_MISMATCH, '验证码错误')

            self.del_session('captcha')

            err, user_info = user.get_by_username(username)
            if err != TPE_OK:
                return self.write_json(err)

            # xxx 如果是密码过期而在登录前修改密码,需要额外判断用户是否已经被锁定
            # 如果用户被禁用或锁定,在登录时会被拒绝,因此此处仍然允许其修改密码
            # if user_info['state'] != TP_STATE_NORMAL:
            #     if user_info['state'] == TP_STATE_LOCKED:
            #         return self.write_json(TPE_USER_LOCKED)
            #     elif user_info['state'] == TP_STATE_DISABLED:
            #         return self.write_json(TPE_USER_DISABLED)
            #     else:
            #         return self.write_json(TPE_FAILED)

            if not tp_password_verify(current_password, user_info['password']):
                return self.write_json(TPE_USER_AUTH)
            user_id = user_info['id']

        else:
            return self.write_json(TPE_PARAM)

        if user_id == 0:
            return self.write_json(TPE_PARAM)

        if mode == 1 or mode == 3:
            err, email, token = user.generate_reset_password_token(
                self, user_id)

            # generate an URL for reset password, valid in 24hr.
            reset_url = '{}://{}/user/reset-password?token={}'.format(
                self.request.protocol, self.request.host, token)

            err, msg = yield mail.tp_send_mail(
                email,
                'Teleport用户,您好!\n\n请访问以下链接以重设您的teleport登录密码。此链接将于本邮件寄出24小时之后失效。\n'
                '访问此链接,将会为您打开密码重置页面,然后您可以设定新密码。\n\n'
                '如果您并没有做重设密码的操作,请忽略本邮件,请及时联系您的系统管理员!\n\n'
                '{reset_url}\n\n\n\n'
                '[本邮件由teleport系统自动发出,请勿回复]'
                '\n\n'
                ''.format(reset_url=reset_url),
                subject='密码重置确认函')

            return self.write_json(err, msg)

        elif mode == 2 or mode == 4 or mode == 5 or mode == 6:
            if len(password) == 0:
                return self.write_json(TPE_PARAM)

            # 根据需要进行弱密码检测
            if tp_cfg().sys.password.force_strong:
                if not tp_check_strong_password(password):
                    return self.write_json(
                        TPE_FAILED, '密码强度太弱!强密码需要至少8个英文字符,必须包含大写字母、小写字母和数字。')

            password = tp_password_generate_secret(password)
            err = user.set_password(self, mode, user_id, password)

            if mode == 4 and err == TPE_OK:
                user.remove_reset_token(token)

            # 非用户自行修改密码的情况,都默认重置身份认证
            if not (mode == 5 or mode == 6) and err == TPE_OK:
                # print("reset oath secret")
                user.update_oath_secret(self, user_id, '')

            self.write_json(err)

        else:
            self.write_json(TPE_PARAM)
Example #4
0
    def post(self):

        args = self.get_argument('args', None)
        if args is None:
            return self.write_json(TPE_PARAM)
        try:
            args = json.loads(args)
        except:
            return self.write_json(TPE_JSON_FORMAT)

        try:
            mode = int(args['mode'])
        except:
            return self.write_json(TPE_PARAM)

        password = ''

        if mode == 1:
            # 管理员直接在后台给用户发送密码重置邮件
            err = self.check_privilege(TP_PRIVILEGE_USER_CREATE)
            if err != TPE_OK:
                return self.write_json(err)

            try:
                user_id = int(args['id'])
            except:
                return self.write_json(TPE_PARAM)

        elif mode == 2:
            # 管理员直接在后台为用户重置密码
            err = self.check_privilege(TP_PRIVILEGE_USER_CREATE)
            if err != TPE_OK:
                return self.write_json(err)

            try:
                user_id = int(args['id'])
                password = args['password']
            except:
                return self.write_json(TPE_PARAM)

        elif mode == 3:
            # 用户自行找回密码,需要填写用户名、邮箱、验证码
            try:
                username = args['username']
                email = args['email']
                captcha = args['captcha']
            except:
                return self.write_json(TPE_PARAM)

            code = self.get_session('captcha')
            if code is None:
                return self.write_json(TPE_CAPTCHA_EXPIRED, '验证码已失效')
            if code.lower() != captcha.lower():
                return self.write_json(TPE_CAPTCHA_MISMATCH, '验证码错误')

            self.del_session('captcha')
            err, user_info = user.get_by_username(username)
            if err != TPE_OK:
                return self.write_json(err)
            if user_info.email != email:
                return self.write_json(TPE_NOT_EXISTS)

            user_id = user_info.id

        elif mode == 4:
            # 用户通过密码重置邮件中的链接(有token验证),在页面上设置新密码,需要提供token、新密码
            try:
                token = args['token']
                password = args['password']
            except:
                return self.write_json(TPE_PARAM)

            err, user_id = user.check_reset_token(token)
            if err != TPE_OK:
                return self.write_json(err)

        elif mode == 5:
            # 用户输入当前密码和新密码进行设置
            try:
                current_password = args['current_password']
                password = args['password']
            except:
                return self.write_json(TPE_PARAM)

            err, user_info = user.get_by_username(self.get_current_user()['username'])
            if err != TPE_OK:
                return self.write_json(err)
            if not tp_password_verify(current_password, user_info['password']):
                return self.write_json(TPE_USER_AUTH)
            user_id = user_info['id']

        else:
            return self.write_json(TPE_PARAM)

        if user_id == 0:
            return self.write_json(TPE_PARAM)

        if mode == 1 or mode == 3:
            err, email, token = user.generate_reset_password_token(self, user_id)

            # generate an URL for reset password, valid in 24hr.
            reset_url = '{}://{}/user/reset-password?token={}'.format(self.request.protocol, self.request.host, token)

            err, msg = yield mail.tp_send_mail(
                email,
                'Teleport用户,您好!\n\n请访问以下链接以重设您的teleport登录密码。此链接将于本邮件寄出24小时之后失效。\n'
                '访问此链接,将会为您打开密码重置页面,然后您可以设定新密码。\n\n'
                '如果您并没有做重设密码的操作,请忽略本邮件,请及时联系您的系统管理员!\n\n'
                '{reset_url}\n\n\n\n'
                '[本邮件由teleport系统自动发出,请勿回复]'
                '\n\n'
                ''.format(reset_url=reset_url),
                subject='密码重置确认函'
            )

            return self.write_json(err, msg)

        elif mode == 2 or mode == 4 or mode == 5:
            if len(password) == 0:
                return self.write_json(TPE_PARAM)

            # 根据需要进行弱密码检测
            if tp_cfg().sys.password.force_strong:
                if not tp_check_strong_password(password):
                    return self.write_json(TPE_FAILED, '密码强度太弱!强密码需要至少8个英文字符,必须包含大写字母、小写字母和数字。')

            password = tp_password_generate_secret(password)
            err = user.set_password(self, user_id, password)

            if mode == 4 and err == TPE_OK:
                user.remove_reset_token(token)

            # 非用户自行修改密码的情况,都默认重置身份认证
            if mode != 5 and err == TPE_OK:
                print("reset oath secret")
                user.update_oath_secret(self, user_id, '')

            self.write_json(err)

        else:
            self.write_json(TPE_PARAM)
Example #5
0
    def post(self):

        args = self.get_argument('args', None)
        if args is None:
            return self.write_json(TPE_PARAM)
        try:
            args = json.loads(args)
        except:
            return self.write_json(TPE_JSON_FORMAT)

        try:
            mode = int(args['mode'])
        except:
            return self.write_json(TPE_PARAM)

        password = ''

        if mode == 1:
            # 管理员直接在后台给用户发送密码重置邮件
            err = self.check_privilege(TP_PRIVILEGE_USER_CREATE)
            if err != TPE_OK:
                return self.write_json(err)

            try:
                user_id = int(args['id'])
            except:
                return self.write_json(TPE_PARAM)

        elif mode == 2:
            # 管理员直接在后台为用户重置密码
            err = self.check_privilege(TP_PRIVILEGE_USER_CREATE)
            if err != TPE_OK:
                return self.write_json(err)

            try:
                user_id = int(args['id'])
                password = args['password']
            except:
                return self.write_json(TPE_PARAM)

        elif mode == 3:
            # 用户自行找回密码,需要填写用户名、邮箱、验证码
            try:
                username = args['username']
                email = args['email']
                captcha = args['captcha']
            except:
                return self.write_json(TPE_PARAM)

            code = self.get_session('captcha')
            if code is None:
                return self.write_json(TPE_CAPTCHA_EXPIRED, '验证码已失效')
            if code.lower() != captcha.lower():
                return self.write_json(TPE_CAPTCHA_MISMATCH, '验证码错误')

            self.del_session('captcha')
            err, user_info = user.get_by_username(username)
            if err != TPE_OK:
                return self.write_json(err)
            if user_info.email != email:
                return self.write_json(TPE_NOT_EXISTS)

            user_id = user_info.id

        elif mode == 4:
            # 用户通过密码重置邮件中的链接(有token验证),在页面上设置新密码,需要提供token、新密码
            try:
                token = args['token']
                password = args['password']
            except:
                return self.write_json(TPE_PARAM)

            err, user_id = user.check_reset_token(token)
            if err != TPE_OK:
                return self.write_json(err)

        elif mode == 5:
            # 用户输入当前密码和新密码进行设置
            try:
                current_password = args['current_password']
                password = args['password']
            except:
                return self.write_json(TPE_PARAM)

            err, user_info = user.get_by_username(
                self.get_current_user()['username'])
            if err != TPE_OK:
                return self.write_json(err)
            if not tp_password_verify(current_password, user_info['password']):
                return self.write_json(TPE_USER_AUTH)
            user_id = user_info['id']

        else:
            return self.write_json(TPE_PARAM)

        if user_id == 0:
            return self.write_json(TPE_PARAM)

        if mode == 1 or mode == 3:
            err, email, token = user.generate_reset_password_token(
                self, user_id)

            # 生成一个密码重置链接,24小时有效
            # token = tp_generate_random(16)
            reset_url = '{}://{}/user/reset-password?token={}'.format(
                self.request.protocol, self.request.host, token)
            # reset_url = 'http://127.0.0.1/user/validate-password-reset-token?token=G66LXH0EOJ47OXTH7O5KBQ0PHXRSBXBVVFALI6JBJ8HNWUALWI35QECPJ8UV8DEQ'

            err, msg = yield mail.tp_send_mail(
                email,
                'Teleport用户,您好!\n\n请访问以下链接以重设您的teleport登录密码。此链接将于本邮件寄出24小时之后失效。\n'
                '访问此链接,将会为您打开密码重置页面,然后您可以设定新密码。\n\n'
                '如果您并没有做重设密码的操作,请忽略本邮件,请及时联系您的系统管理员!\n\n'
                '{reset_url}\n\n\n\n'
                '[本邮件由teleport系统自动发出,请勿回复]'
                '\n\n'
                ''.format(reset_url=reset_url),
                subject='密码重置确认函')

            return self.write_json(err, msg)

        elif mode == 2 or mode == 4 or mode == 5:
            if len(password) == 0:
                return self.write_json(TPE_PARAM)

            # 根据需要进行弱密码检测
            if tp_cfg().sys.password.force_strong:
                if not tp_check_strong_password(password):
                    return self.write_json(
                        TPE_FAILED, '密码强度太弱!强密码需要至少8个英文字符,必须包含大写字母、小写字母和数字。')

            password = tp_password_generate_secret(password)
            err = user.set_password(self, user_id, password)

            if mode == 4 and err == TPE_OK:
                user.remove_reset_token(token)

            self.write_json(err)

        else:
            self.write_json(TPE_PARAM)