def handle(self, *args, **options):
path = options['path'][0]
list_multiple = []
list_doesnt_exist = []
with open(path, 'r') as csvfile:
spamreader = csv.reader(csvfile, delimiter=' ')
list_wrong_date = []
for row in spamreader:
full_name = row[0]
full_name_list = full_name.split(" ")
first_name = full_name_list[0].lower()
last_name = ' '.join(full_name_list[1:]).lower()
username = row[1].split("@")[0].lower()
if username == 'contato':
username = first_name + last_name.split(" ")[0]
email = row[1].lower()
password = '******'
user = User(first_name=first_name,
last_name=last_name,
username=username,
email=email,
password=password)
user.save()
def register():
params = request.get_json()
mobile = params.get('mobile')
email = params.get('email')
nickname = params.get('nickname')
sex = params.get('sex')
password = params.get('password')
if not (email and password):
return JSONResponse.error('email and password must be provided')
else:
user = User.query.filter_by(email=email).first()
if user:
return JSONResponse.error('username has already registered!')
user = User(
mobile=mobile,
email=email,
nickname=nickname,
sex=sex,
password=generate_password_hash(password)
)
user.save()
return JSONResponse.success()
def post(self):
args = self.parser.parse_args()
username = args.get('username')
password = args.get('password')
if username and password:
try:
user = User()
user.username = username
user.password = password
db.session.add(user)
db.session.commit()
except:
db.session.rollback()
def register():
if request.method == 'GET':
return render_template('register.html')
else:
username = request.values.get('username')
password = request.values.get('password')
user = User.query.filter(User.username == username).first()
if user:
return render_template('register.html', msg='用户存在,请重新注册')
else:
user = User(username=username)
user.password = password
db.session.add(user)
db.session.commit()
return render_template('register.html', msg='注册成功')
def post(self, request):
form, error = JsonParser(
Argument('id', type=int, required=False),
Argument('username', help='请输入登录名'),
Argument('password', help='请输入密码'),
Argument('nickname', help='请输入姓名'),
Argument('role_ids', type=list, default=[]),
Argument('wx_token', required=False),
).parse(request.body)
if error is None:
user = User.objects.filter(username=form.username,
deleted_by_id__isnull=True).first()
if user and (not form.id or form.id != user.id):
return json_response(error=f'已存在登录名为【{form.username}】的用户')
role_ids, password = form.pop('role_ids'), form.pop('password')
if form.id:
user = User.objects.get(pk=form.id)
user.update_by_dict(form)
else:
user = User.objects.create(
password_hash=User.make_password(password),
created_by=request.user,
**form)
user.roles.set(role_ids)
user.set_perms_cache()
return json_response(error=error)
def patch(self, request):
form, error = JsonParser(
Argument('old_password', required=False),
Argument('new_password', required=False),
Argument('nickname', required=False, help='请输入昵称'),
Argument('wx_token', required=False),
).parse(request.body)
if error is None:
print(form)
if form.old_password and form.new_password:
if request.user.type == 'ldap':
return json_response(error='LDAP账户无法修改密码')
if len(form.new_password) < 6:
return json_response(error='请设置至少6位的新密码')
if request.user.verify_password(form.old_password):
request.user.password_hash = User.make_password(
form.new_password)
request.user.token_expired = 0
request.user.save()
return json_response()
else:
return json_response(error='原密码错误,请重新输入')
if form.nickname is not None:
request.user.nickname = form.nickname
if form.wx_token is not None:
request.user.wx_token = form.wx_token
request.user.save()
return json_response(error=error)
def authenticate_credentials(payload, request):
user_id = payload.get('user_id', '')
role = payload.get('role', '')
if '' in (user_id, role):
msg = _('Invalid payload.')
raise exceptions.AuthenticationFailed(msg)
if role == 'commerce':
v = cache.hget('user:user', user_id)
try:
obj = json.loads(v)
user = User.init_from_dict(obj)
except json.JSONDecodeError:
return None
elif role == 'proxy':
try:
user = Proxy.objects.get(id=user_id)
except Proxy.DoesNotExist:
return None
else:
try:
user = Channel.objects.get(id=user_id)
except Channel.DoesNotExist:
return None
return user
def handle(self, *args, **options):
User.objects.create(
username=options['u'],
nickname=options['n'],
password_hash=User.make_password(options['p']),
is_supper=options['s'],
)
self.stdout.write(self.style.SUCCESS('创建成功'))
def login():
code = request.values.get("code")
if code is None:
# Authorize the client from SSO, redirect as a query with "code"
sl = "?".join([config.sso_params.get("cootek.authorize"), urlencode(config.authorize_params)])
return redirect(sl)
else:
config.token_params.update({"code": code})
ret = requests.post(config.sso_params.get("cootek.token"), data=config.token_params)
token = json.loads(ret.text)
if "access_token" in token and "id_token" in token:
# Analyse username from id_token
user_info = token['id_token'].split(".")[1]
missing_padding = 4 - len(user_info) % 4
if missing_padding:
user_info += '=' * missing_padding
temp_user_info = base64.b64decode(user_info)
user_info = json.loads(bytes.decode(temp_user_info))
username = user_info['upn'].split("@")[0]
sid = user_info['sid'].split("@")[0]
token = uuid.uuid4().hex
user = User.query.filter_by(username=username).first()
if not user:
user = User()
user.username = username
user.access_token = token
user.token_expired = time.time() + 8 * 60 * 60
user.save()
login_user(user)
return app.send_static_file('index.html')
else:
sl = "?".join([config.sso_params.get("cootek.authorize"), urlencode(config.authorize_params)])
return redirect(sl)
def handle(self, *args, **options):
action = options['action']
if action == 'add':
if not all((options['u'], options['p'], options['n'])):
self.echo_error('缺少参数')
self.print_help()
elif User.objects.filter(username=options['u'],
deleted_by_id__isnull=True).exists():
self.echo_error(f'已存在登录名为【{options["u"]}】的用户')
else:
User.objects.create(
username=options['u'],
nickname=options['n'],
password_hash=User.make_password(options['p']),
is_supper=options['s'],
)
self.echo_success('创建用户成功')
elif action == 'enable':
if not options['u']:
self.echo_error('缺少参数')
self.print_help()
user = User.objects.filter(username=options['u'],
deleted_by_id__isnull=True).first()
if not user:
return self.echo_error(f'未找到登录名为【{options["u"]}】的账户')
user.is_active = True
user.save()
cache.delete(user.username)
self.echo_success('账户已启用')
elif action == 'reset':
if not all((options['u'], options['p'])):
self.echo_error('缺少参数')
self.print_help()
user = User.objects.filter(username=options['u'],
deleted_by_id__isnull=True).first()
if not user:
return self.echo_error(f'未找到登录名为【{options["u"]}】的账户')
user.password_hash = User.make_password(options['p'])
user.save()
self.echo_success('账户密码已重置')
else:
self.echo_error('未识别的操作')
self.print_help()
def post():
form, error = JsonParser('nickname', 'username', 'password',
Argument('role_id', type=int, help='请选择角色'),
Argument('email', nullable=True),
Argument('mobile', nullable=True)).parse()
if error is None:
username_is_exist = User.query.filter_by(username=form.username).first()
if username_is_exist:
return json_response(message="用户名已存在")
User(**form).save()
return json_response()
return json_response(message=error)
def post(self, request):
form, error = JsonParser(
Argument('username', help='请输入登录名'),
Argument('password', help='请输入密码'),
Argument('nickname', help='请输入姓名'),
Argument('role_id', type=int, help='请选择角色'),
).parse(request.body)
if error is None:
form.password_hash = User.make_password(form.pop('password'))
form.created_by = request.user
User.objects.create(**form)
return json_response(error=error)
def create(self, validated_data):
profile_data = validated_data.pop('profile')
password = validated_data.pop('password')
user = User(**validated_data)
user.set_password(password)
user.save()
UserProfile.objects.create(user=user, **profile_data)
return user
def post(self, request):
form, error = JsonParser(
Argument('username', help='请输入登录名'),
Argument('password', help='请输入密码'),
Argument('nickname', help='请输入姓名'),
Argument('role_id', type=int, help='请选择角色'),
).parse(request.body)
if error is None:
if User.objects.filter(username=form.username, deleted_by_id__isnull=True).exists():
return json_response(error=f'已存在登录名为【{form.username}】的用户')
form.password_hash = User.make_password(form.pop('password'))
form.created_by = request.user
User.objects.create(**form)
return json_response(error=error)
def handle(self, *args, **options):
if User.objects.filter(username=options['u'],
deleted_by_id__isnull=True).exists():
return self.stderr.write(
self.style.ERROR(f'已存在登录名为【{options["u"]}】的用户'))
User.objects.create(
username=options['u'],
nickname=options['n'],
password_hash=User.make_password(options['p']),
is_supper=options['s'],
)
self.stdout.write(self.style.SUCCESS('创建成功'))
self.stdout.write(
self.style.WARNING(
'废弃警告,v3.0.0之后将会移除该命令,请使用 python manage.py user add 来代替!'))
def patch(self, request):
form, error = JsonParser(
Argument('id', type=int, help='请指定操作对象'),
Argument('username', required=False),
Argument('password', required=False),
Argument('nickname', required=False),
Argument('role_id', required=False),
Argument('is_active', type=bool, required=False),
).parse(request.body, True)
if error is None:
if form.get('password'):
form.token_expired = 0
form.password_hash = User.make_password(form.pop('password'))
User.objects.filter(pk=form.pop('id')).update(**form)
return json_response(error=error)
def authenticate(self, **credentials):
try:
username = credentials['username']
password = credentials['password']
except KeyError:
return None
t = int(time.time())
salt = User._get_user_salt(login_name=username, t=t)
if salt is None:
return None
user = User._get_user(login_name=username,
login_password=password,
t=t,
salt=salt)
if user is None:
return None
# 缓存用户信息
cache.hset('user:user', user.user_id, json.dumps(user._raw_objects))
return user
def patch(self, request):
form, error = JsonParser(
Argument('id', type=int, help='参数错误'),
Argument('password', required=False),
Argument('is_active', type=bool, required=False),
).parse(request.body)
if error is None:
user = User.objects.get(pk=form.id)
if form.password:
user.token_expired = 0
user.password_hash = User.make_password(form.pop('password'))
if form.is_active is not None:
user.is_active = form.is_active
cache.delete(user.username)
user.save()
return json_response(error=error)
def create_admin():
from apps.account.models import User
admin = User.query.filter_by(is_supper=True).first()
if admin:
user_input = input('已存在管理员账户 <%s>,需要重置密码[y|n]?' % admin.username)
if user_input.strip() == 'y':
password = check_input_password(getpass('请输入新的管理员账户密码:'))
admin.password = password
admin.token_expired = 0
admin.save()
print('重置管理员密码成功!')
else:
username = check_input_username(input('请输入管理员账户登录名:'))
password = check_input_password(getpass('请输入管理员账户密码:'))
User(username=username, password=password, nickname='管理员', is_supper=True).save()
print('创建管理员账户成功!')
def patch(self, request):
form, error = JsonParser(
Argument('id', type=int, help='请指定操作对象'),
Argument('username', required=False),
Argument('password', required=False),
Argument('nickname', required=False),
Argument('role_id', required=False),
Argument('is_active', type=bool, required=False),
).parse(request.body, True)
if error is None:
if form.get('password'):
form.token_expired = 0
form.password_hash = User.make_password(form.pop('password'))
if User.objects.filter(
username=form.username,
deleted_by_id__isnull=True).exclude(id=form.id).exists():
return json_response(error=f'已存在登录名为【{form.username}】的用户')
User.objects.filter(pk=form.pop('id')).update(**form)
return json_response(error=error)
def handle(self, *args, **options):
# https://pypi.org/project/names/
User.objects.exclude(is_superuser=True).delete()
result = []
cities = []
for name in ('Kiev', 'Odessa', 'Lviv', 'Dnipro'):
city, _ = City.objects.get_or_create(name=name)
cities.append(city)
for i in range(10_000):
username = str(uuid4())
user = User(
username=username,
email=username + '@example.com',
age=random.randint(12, 100),
salary=random.randint(100, 1000),
city=random.choice(cities),
)
result.append(user)
def handle(self, *args, **options):
User.objects.exclude(username='******').delete()
result = [] # fill list
cities = []
for name in ('Kiev', 'Odessa', 'Lviv', 'Dnipro'):
city, _ = City.objects.get_or_create(name=name)
cities.append(city)
for i in range(10_000):
a = str(i)
username = names.get_first_name() + a
user = User(
username=username,
email=username + '@example.com',
age=random.randint(18, 65),
first_name=names.get_first_name(),
last_name=names.get_last_name(),
city=random.choice(cities),
)
result.append(user)
def create_user_by_parameters(parameters):
"""
Method for create a User model Object populated with a dict of parameters.
:param parameters: Dict of values, this key are(
first_name
last_name
username
email
password
is_active
)
:return: populated user
"""
user = User()
user.first_name = parameters['first_name']
user.last_name = parameters['last_name']
user.username = parameters['username']
user.email = parameters['email'].lower()
user.password = make_password(parameters['password'])
user.is_active = parameters['is_active']
return user
def patch(self, request):
form, error = JsonParser(
Argument('old_password', required=False),
Argument('new_password', required=False),
Argument('nickname', required=False),
).parse(request.body, True)
if error is None:
if form.get('old_password') and form.get('new_password'):
if len(form.new_password) < 6:
return json_response(error='请设置至少6位的新密码')
if request.user.verify_password(form.old_password):
request.user.password_hash = User.make_password(
form.new_password)
request.user.token_expired = 0
request.user.save()
else:
return json_response(error='原密码错误,请重新输入')
if form.get('nickname'):
request.user.nickname = form.nickname
request.user.save()
return json_response(error=error)
def createsuperuser(username, password):
if not all([username, password]):
print("参数不足,请指定用户名和密码")
from apps.account.models import User
user = User()
user.nick_name = username
user.mobile = username
user.password = password
user.is_admin = True
try:
db.session.add(user)
db.session.commit()
except Exception as e:
db.session.rollback()
print(e)
return "添加成功"
def post(self, request, *args, **kwargs):
email = request.data.get('email', None)
first_name = request.data.get('first_name', None)
middle_name = request.data.get('middle_name', None)
last_name = request.data.get('last_name', None)
password = request.data.get('password', None)
name = request.data.get('institution', None)
logo = request.data.get('logo', None)
phone_number = request.data.get('phone_number', None)
domain = request.data.get('domain', None)
gps = request.data.get('gps', None)
try:
User.objects.get(username=email)
return Response({'detail': 'Email already exist'},
status=HTTP_400_BAD_REQUEST)
except User.DoesNotExist:
pass
try:
School.objects.get(domain=domain)
return Response(
{
'detail':
"There's already a school with this domain registered"
},
status=HTTP_400_BAD_REQUEST)
except School.DoesNotExist:
pass
inst_count = School.objects.count()
inst_count = '{0:04}'.format(inst_count)
user_count = User.objects.filter(
school_id=institution_id(name, inst_count)).count()
user_count = '{0:04}'.format(user_count)
user = User(
username=email,
email=email,
first_name=first_name,
middle_name=middle_name,
last_name=last_name,
slug="-".join((slugify(first_name), slugify(last_name))),
user_type='SAD',
account_id=account_id(name, first_name, last_name, user_count),
school_id=institution_id(name, inst_count),
)
user.set_password(password)
school = School(
name=name,
logo=logo,
gps_address=gps,
phone_number=phone_number,
slug=slugify(name),
created_by=user,
domain=domain,
school_id=institution_id(name, inst_count),
)
user.save()
school.save()
user = UserSerializer(user, context={'request': request})
school = SchoolSerializer(school, context={'request': request})
return Response({
'user': user.data,
'institution': school.data
},
status=HTTP_201_CREATED)
def login():
form, error = JsonParser('username', 'password', 'type').parse()
if error is None:
if form.type == 'ldap':
ldap_login = ldap.bind_user(form.username, form.password)
if ldap_login:
token = uuid.uuid4().hex
# user = User.query.filter_by(username=form.username).filter_by(type='LDAP').first()
user = User.query.filter_by(username=form.username).first()
if not user:
form.nickname = form.username
form.type = 'LDAP'
form.role_id = 1
form.is_supper = False
is_supper = False
nickname = form.username
permissions = []
User(**form).save()
else:
user.access_token = token
user.token_expired = time.time() + 80 * 60 * 6000
is_supper = user.is_supper,
nickname = user.nickname,
permissions = list(user.permissions)
user.save()
return json_response({
'token': token,
'is_supper': is_supper,
'nickname': nickname,
'permissions': permissions
})
else:
return json_response(message='用户名或密码错误,确认输入的是LDAP的账号密码?')
else:
user = User.query.filter_by(username=form.username).filter_by(
type='系统用户').first()
if user:
if user.is_active:
if user.verify_password(form.password):
login_limit.pop(form.username, None)
token = uuid.uuid4().hex
user.access_token = token
user.token_expired = time.time() + 80 * 60 * 6000
user.save()
return json_response({
'token':
token,
'is_supper':
user.is_supper,
'nickname':
user.nickname,
'permissions':
list(user.permissions)
})
else:
login_limit[form.username] += 1
if login_limit[form.username] >= 3:
user.update(is_active=False)
return json_response(message='用户名或密码错误,连续3次错误将会被禁用')
else:
return json_response(message='用户已被禁用,请联系管理员')
elif login_limit[form.username] >= 3:
return json_response(message='用户已被禁用,请联系管理员')
else:
login_limit[form.username] += 1
return json_response(message='用户名不存在,请确认用户名')
def signup_school(request):
# ss1 = None
try:
ss1 = request.session['ss1']
except:
return redirect(reverse_lazy('account:register-user'))
context = {'errors': '', 'ss1': ss1}
if request.method == 'POST':
name = request.POST.get('institution', None)
logo = request.FILES.get('logo', None)
phone_number = request.POST.get('phone_number', None)
domain = request.POST.get('domain', None)
gps = request.POST.get('gps', None)
try:
School.objects.get(domain=domain)
context[
'errors'] = "There's already a school with this domain registered"
return render(request, 'account/signup2.html', context, status=400)
except School.DoesNotExist:
pass
try:
User.objects.get(username=ss1['email'])
context['errors'] = "This email has already been registered"
return render(request, 'account/signup2.html', context)
except User.DoesNotExist:
pass
inst_count = School.objects.count() + 1
inst_count = '{0:04}'.format(inst_count)
user_count = User.objects.filter(
school_id=institution_id(name, inst_count)).count() + 1
user_count = '{0:04}'.format(user_count)
user = User(
username=ss1['email'],
email=ss1['email'],
first_name=ss1['first_name'],
middle_name=ss1['middle_name'],
last_name=ss1['last_name'],
slug="-".join(
(slugify(ss1['first_name']), slugify(ss1['last_name']))),
user_type='SAD',
account_id=account_id(name, ss1['first_name'], ss1['last_name'],
user_count),
school_id=institution_id(name, inst_count),
)
user.set_password(ss1['password'])
school = School(
name=name,
logo=logo,
gps_address=gps,
phone_number=phone_number,
slug=slugify(name),
created_by=user,
domain=domain,
school_id=institution_id(name, inst_count),
)
user.save()
school.save()
request.session['ss1'] = {}
return redirect('login')
return render(request, 'account/signup2.html', context)
import apps.configuration.models
import apps.deploy.models
import apps.assets.models
import apps.schedule.models
import apps.setting.models
# init database
db.drop_all()
db.create_all()
with open(os.path.join(BASE_DIR, 'libs', 'sql', 'permissions.sql'), 'r') as f:
line = f.readline()
while line:
if line.startswith('INSERT INTO'):
db.engine.execute(line.strip())
line = f.readline()
# create default admin
username = '******'
password = '******'
User(username=username,
password=password,
nickname='Administrator',
is_supper=True).save()
print('*' * 80)
print('Database name: ' + (os.getenv('MYSQL_DATABASE') or 'spug'))
print('Database username: '******'MYSQL_USER') or 'spuguser'))
print('Database password: '******'MYSQL_PASSWORD') or 'spugpwd'))
print('Login web site account: %s %s' % (username, password))
print('*' * 80)
def staffs(request):
staff = Staff.objects.filter(school_id=request.user.school_id)
head = None
try:
head = User.objects.get(user_type='SH', school_id=request.user.school_id)
except User.DoesNotExist:
pass
context = {
'object_list': staff,
'head': head,
'errors': ''
}
if request.method == 'POST':
form = request.POST.get('form')
if form == 'head':
fname = request.POST.get('first_name')
lname = request.POST.get('last_name')
mname = request.POST.get('middle_name')
email = request.POST.get('email')
try:
User.objects.get(username=email, school_id=request.user.school_id)
context['errors'] = 'This email already exist'
return render(request, 'staff/index.html', context)
except User.DoesNotExist:pass
uc = User.objects.filter(school_id=request.user.school_id).count() + 1
uc = '{0:04}'.format(uc)
inst = School.objects.get(school_id=request.user.school_id)
user = User(
username=email,
email=email,
first_name=fname,
middle_name=mname,
last_name=lname,
slug="-".join((slugify(fname), slugify(lname))),
user_type='SH',
account_id=account_id(inst.name, fname, lname, uc),
school_id=request.user.school_id
)
user.set_password('password')
mystaff = Staff(
staff_type='SH',
first_name=fname,
middle_name=mname,
last_name=lname,
created_by=request.user,
slug="-".join((slugify(fname), slugify(lname))),
account_activated=True,
school_id=request.user.school_id,
)
user.save()
mystaff.save()
return redirect('staff:list')
elif form == 'activate':
staff_id = request.POST.get('staff')
staff_obj = Staff.objects.get(id=staff_id)
email = request.POST.get('email')
try:
User.objects.get(username=email, school_id=staff_obj.school_id)
context['errors'] = 'This email already exist'
return render(request, 'staff/index.html', context)
except User.DoesNotExist:pass
uc = User.objects.filter(school_id=request.user.school_id).count() + 1
uc = '{0:04}'.format(uc)
inst = School.objects.get(school_id=request.user.school_id)
user = User(
username=email,
email=email,
first_name=staff_obj.first_name,
middle_name=staff_obj.middle_name,
last_name=staff_obj.last_name,
slug="-".join((slugify(staff_obj.first_name), slugify(staff_obj.last_name))),
user_type=staff_obj.staff_type,
account_id=account_id(inst.name, staff_obj.first_name, staff_obj.last_name, uc),
school_id=request.user.school_id,
profile=staff_obj.profile
)
user.set_password('password')
staff_obj.account_activated = True
user.save()
staff_obj.user = user
staff_obj.save()
return redirect('staff:list')
return render(request, 'staff/index.html', context)
