def balance(token_hex):
token = Token.query.filter_by(hex=token_hex).first()
is_valid, template = validate_token(token)
if not is_valid:
return template
balance_form = BalanceForm()
if balance_form.validate_on_submit():
if balance_form.back.data:
return redirect(url_for('options', token_hex=token_hex))
elif balance_form.ext.data:
return redirect(url_for('card'))
card = token.get_card()
if card is None:
return render_template('fail.html',
message='Недействительная карта',
url=url_for('balance', token_hex=token_hex))
card.add_history('111')
return render_template('balance.html',
form=balance_form,
balance=card.amount,
number=card.number,
token_hex=token_hex,
date=datetime.utcnow().strftime('%d.%m.%Y'))
def _is_auth(*args, **kwargs):
authorization = request.headers.get('Authorization')
token_validation = validate_token(authorization)
if token_validation[0]:
return f(*args, **kwargs, token_payload=token_validation[1])
else:
abort(403, token_validation[1])
def change_email(token):
if validate_token(user=current_user,
token=token,
operation=Operations.CHANGE_EMAIL):
flash("Email updated", 'success')
return redirect(url_for('.index', username=current_user.username))
else:
flash("Invalid or expired token", 'danger')
return redirect(url_for('.change_email_request'))
def change_email(token):
if validate_token(user=current_user,
token=token,
operation=Operations.CHANGE_EMAIL):
flash('电子邮件已更新.', 'success')
return redirect(url_for('.index', username=current_user.username))
else:
flash('无效或过期的令牌.', 'warning')
return redirect(url_for('.change_email_request'))
def confirm(token):
if current_user.confirmed:
return redirect(url_for('main.index'))
if validate_token(user=current_user, token=token, operation=Operations.CONFIRM):
flash('Account confirmed.', 'success')
return redirect(url_for('main.index'))
else:
flash('Invalid or expired token.', 'danger')
return redirect(url_for('.resend_confirm_email'))
def reset_password(token):
form = Reset_passwordForm()
if form.validate_on_submit():
user_id = validate_token(token)
if user_id:
user = User.query.get(user_id)
user.reset_password(form.password2.data)
flash('密码已更新,请使用新密码登录', 'success')
return redirect(url_for('.login'))
return render_template('reset_password.html', form=form)
def confirm(token):
if current_user.confirmed:
return redirect(url_for('main.main_index'))
if validate_token(user=current_user,
token=token,
operation=Operations.CONFIRM):
flash('账号激活成功', 'success')
return redirect(url_for('main.main_index'))
else:
flash('无效或令牌已过期', 'danger')
return redirect(url_for('.resend_confirm_email'))
def reset_password(token):
if current_user.is_authenticated:
return redirect(url_for('main.index'))
form = ResetPasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data.lower()).first()
if user is None:
return redirect(url_for("main.index"))
if validate_token(user=user, token=token, operation=Operations.RESET_PASSWORD, new_password=form.password.data):
flash("Password updated", 'success')
return redirect(url_for('.login'))
else:
flash("Invalid or expired link", "danger")
return redirect(url_for('.forget_password'))
return render_template('auth/reset_password.html', form=form)
def options(token_hex):
token = Token.query.filter_by(hex=token_hex).first()
is_valid, template = validate_token(token)
if not is_valid:
return template
opt_form = OptionsForm()
if opt_form.validate_on_submit():
if opt_form.balance.data:
return redirect(url_for('balance', token_hex=token_hex))
elif opt_form.cash.data:
return redirect(url_for('cash', token_hex=token_hex))
elif opt_form.ext.data:
return redirect(url_for('card'))
return render_template('options.html', form=opt_form, token_hex=token_hex)
def pin(token_hex):
token = Token.query.filter_by(hex=token_hex).first()
is_valid, template = validate_token(token, False)
if not is_valid:
return template
card = token.get_card()
if card is None:
return render_template('fail.html',
message='Недействительная карта',
url=url_for('card'))
elif not card.active:
return render_template('fail.html',
message='Карта заблокирована',
url=url_for('card'))
pin_form = PinForm()
if pin_form.validate_on_submit():
if (card is not None and card.active and card.tries <= 3
and card.check_pin_code(pin_form.pin.data)):
card.tries = 0
token.active = True
db.session.commit()
return redirect(url_for('options', token_hex=token_hex))
# return render_template('options.html', token_hex=token_hex, form=opt_form)
if not card.check_pin_code(pin_form.pin.data):
card.tries += 1
if card.tries > 3:
card.active = False
card.tries = 0
card.add_history('666')
db.session.commit()
message = 'Превышено количество попыток ввода кода. Карта заблокирована'
return render_template('fail.html',
message=message,
url=url_for('card'))
else:
db.session.commit()
message = 'Неверный код'
return render_template('fail.html',
message=message,
url=url_for('pin', token_hex=token_hex))
return render_template('pin.html', token_hex=token_hex, form=pin_form)
def reset_password(token):
# if current_user.is_authenticated:
# return redirect(url_for('main.index'))
form = ResetPasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data.lower(),role_id = 1).first()
if user is None:
flash('用户不存在.','warning')
return redirect(url_for('auth.login'))
if validate_token(user=user, token=token, operation=Operations.RESET_PASSWORD,
new_password=form.password.data):
flash('密码重置成功.', 'success')
return redirect(url_for('.login'))
else:
flash('链接无效或超时.', 'danger')
return redirect(url_for('.forget_password'))
return render_template('auth/reset_password.html', form=form)
def bill(token_hex):
token = Token.query.filter_by(hex=token_hex).first()
is_valid, template = validate_token(token)
if not is_valid:
return template
bill_form = BillForm()
if bill_form.validate_on_submit():
if bill_form.back.data:
return redirect(url_for('cash', token_hex=token_hex))
elif bill_form.ext.data:
return redirect(url_for('card'))
return render_template('cash.html',
form=bill_form,
balance=card.amount,
token_hex=token_hex,
date=datetime.utcnow().strftime('%d.%m.%Y'))
def cash(token_hex):
token = Token.query.filter_by(hex=token_hex).first()
is_valid, template = validate_token(token)
if not is_valid:
return template
card = token.get_card()
if card is None:
return render_template('fail.html',
message='Недействительная карта',
url=url_for('cash', token_hex=token_hex))
cash_form = CashForm()
if cash_form.validate_on_submit():
if cash_form.back.data:
return redirect(url_for('options', token_hex=token_hex))
elif cash_form.ext.data:
return redirect(url_for('card'))
elif cash_form.amount.data and float(cash_form.amount.data) > 0:
amount = float(cash_form.amount.data)
if card.amount < amount:
return render_template('fail.html',
message='Недостаточно денег на счету',
url=url_for('cash',
token_hex=token_hex))
card.amount = round(card.amount - amount, 2)
card.add_history('222', {'amount': amount})
db.session.commit()
bill_form = BillForm()
return render_template('bill.html',
form=bill_form,
card=card,
amount=amount,
token_hex=token_hex,
date=datetime.utcnow().strftime('%d.%m.%Y'))
return render_template('cash.html',
form=cash_form,
balance=card.amount,
token_hex=token_hex,
date=datetime.utcnow().strftime('%d.%m.%Y'))
def validate_auth(header):
if 'Authorization' not in header:
return None
user = validate_token(header['Authorization'])
return user