def check_login(): cookies = request.cookies auth_cookie = cookies[app.config['AUTH_COOKIE_NAME']] if app.config[ 'AUTH_COOKIE_NAME'] in cookies else None if '/api' in request.path: app.logger.info(request.path) auth_cookie = request.headers.get("Authorization") app.logger.info(request.headers.get("Authorization")) if auth_cookie is None: return False auth_info = auth_cookie.split("#") if len(auth_info) != 2: return False try: user_info = User.query.filter_by(uid=auth_info[1]).first() except Exception: return False if user_info is None: return False if auth_info[0] != UserService.generate_auth_code(user_info): return False if user_info.status != 1: return False return user_info
def login(): """ 登录控制器处理 :return: 登录页面视图 """ if request.method == "GET": if g.current_user: return redirect(UrlManager.build_url("/")) return ops_render("user/login.html") resp = {'code': 200, 'msg': '登录成功~~', 'data': {}} req = request.values login_name = req['login_name'] if 'login_name' in req else '' login_pwd = req['login_pwd'] if 'login_pwd' in req else '' if login_name is None or len(login_name) < 1: resp['code'] = -1 resp['msg'] = "请输入正确的登录用户名~~" return jsonify(resp) if login_pwd is None or len(login_pwd) < 1: resp['code'] = -1 resp['msg'] = "请输入正确的邮箱密码~~" return jsonify(resp) user_info = User.query.filter_by(login_name=login_name).first() if not user_info: resp['code'] = -1 resp['msg'] = "请输入正确的登录用户名和密码-1~~" return jsonify(resp) if user_info.login_pwd != UserService.generate_password( login_pwd, user_info.login_salt): resp['code'] = -1 resp['msg'] = "请输入正确的登录用户名和密码-2~~" return jsonify(resp) if user_info.status != 1: resp['code'] = -1 resp['msg'] = "账号已被禁用,请联系管理员处理~~" return jsonify(resp) response = make_response(json.dumps({'code': 200, 'msg': '登录成功~~'})) response.set_cookie( app.config['AUTH_COOKIE_NAME'], '%s#%s' % (UserService.generate_auth_code(user_info), user_info.uid), 60 * 60 * 24 * 120) # 保存120天 return response
def reset_pwd(): if request.method == "GET": return ops_render("user/reset_pwd.html", {'current': 'reset-pwd'}) resp = {'code': 200, 'msg': '操作成功~', 'data': {}} req = request.values old_password = req['old_password'] if 'old_password' in req else '' new_password = req['new_password'] if 'new_password' in req else '' if old_password is None or len(old_password) < 6: resp['code'] = -1 resp['msg'] = "请输入符合规范的原密码~~" return jsonify(resp) if new_password is None or len(new_password) < 6: resp['code'] = -1 resp['msg'] = "请输入符合规范的新密码~~" return jsonify(resp) if old_password == new_password: resp['code'] = -1 resp['msg'] = "请重新输入一个吧,新密码和原密码不能相同哦~~" return jsonify(resp) user_info = g.current_user if user_info.uid == 1: resp['code'] = -1 resp['msg'] = "该用户是演示账号,不准修改密码和登录用户名~~" return jsonify(resp) user_info.login_pwd = UserService.generate_password( new_password, user_info.login_salt) db.session.add(user_info) db.session.commit() # 修改完密码更新cookie,保持登录状态 response = make_response(json.dumps(resp)) response.set_cookie( app.config['AUTH_COOKIE_NAME'], '%s#%s' % (UserService.generate_auth_code(user_info), user_info.uid), 60 * 60 * 24 * 120) # 保存120天 return response