def post(self):
""" 修改当前用户的密码 """
self.current_user = self.get_current_user()
if not self.current_user:
return self.send_error(errors.need_login)
info = self.get_body_obj(u.User)
if not info:
return self.send_error(errors.incomplete)
if not info.password:
return self.send_error(errors.need_password)
if not info.old_password:
return self.send_error(errors.incomplete, reason="缺原密码")
if not re_password.match(info.password) or re.match(
r'^(\d+|[A-Z]+|[a-z]+)$', info.password):
return self.send_error(errors.invalid_psw_format)
if info.password == info.old_password:
return self.send_response()
try:
self.update_login()
r = self.db.user.update_one(
dict(id=self.current_user.id,
password=errors.gen_id(info.old_password)),
{'$set': dict(password=errors.gen_id(info.password))})
if not r.matched_count:
r = self.db.user.find_one(dict(id=self.current_user.id))
return self.send_error(
errors.invalid_password if r else errors.no_user)
self.add_op_log('change_pwd')
except DbError as e:
return self.send_db_error(e)
logging.info('change password %s %s' % (info.id, info.name))
self.send_response()
def check_info(self, user):
if not user:
return self.send_error(errors.incomplete)
if not user.email:
return self.send_error(errors.need_email)
if not user.name:
return self.send_error(errors.incomplete, reason='姓名')
if not user.password:
return self.send_error(errors.need_password)
user.email = user.email.lower()
if not re_email.match(user.email):
return self.send_error(errors.invalid_email)
if not re_password.match(user.password) or re.match(
r'^(\d+|[A-Z]+|[a-z]+)$', user.password):
return self.send_error(errors.invalid_psw_format)
if not re_name.match(unicode_type(user.name)):
return self.send_error(errors.invalid_name, reason=user.name)
user.id = errors.gen_id(user.email, 'user')
user.create_time = errors.get_date_time()
self.authority = user.authority = ''
return True
def post(self):
""" 注册 """
user = self.get_body_obj(u.User)
if self.check_info(user):
try:
# 如果是第一个用户则设置为管理员
mgr = not self.db.user.find_one({})
if self.db.user.find_one(dict(email=user.email)):
return self.send_error(errors.user_exists,
reason=user.email)
# 创建用户,分配权限,设置为当前用户
self.db.user.insert_one(
dict(id=user.id,
name=user.name,
email=user.email,
password=errors.gen_id(user.password),
manager=int(mgr),
task_mgr=int(mgr),
data_mgr=int(mgr),
create_time=user.create_time))
user.authority = u.ACCESS_MANAGER if mgr else ''
self.current_user = user
self.add_op_log('register',
context=user.email + ': ' + user.name)
except DbError as e:
return self.send_db_error(e)
user.login_md5 = errors.gen_id(user.authority)
user.__dict__.pop('old_password', 0)
user.__dict__.pop('password', 0)
user.__dict__.pop('last_time', 0)
self.authority = user.authority
self.set_secure_cookie('user',
json_encode(self.convert2dict(user)))
logging.info('register id=%s, name=%s, email=%s' %
(user.id, user.name, user.email))
self.send_response(user, trim=trim_user)
def post(self, rid):
""" 重置一个用户的密码 """
self.current_user = self.get_current_user()
if not self.current_user:
return self.send_error(errors.need_login)
pwd = '%s%d' % (chr(random.randint(97,
122)), random.randint(10000, 99999))
try:
self.update_login()
if u.ACCESS_MANAGER not in self.authority:
return self.send_error(errors.unauthorized)
r = self.db.user.update_one(
dict(id=rid), {'$set': dict(password=errors.gen_id(pwd))})
if not r.matched_count:
return self.send_error(errors.no_user)
user = self.db.user.find_one(dict(id=rid))
self.remove_login_fails(self, user['email'])
self.add_op_log('reset_pwd', context=': '.join(user))
except DbError as e:
return self.send_db_error(e)
self.send_response({'password': pwd})
def post(self):
""" 登录 """
user = self.get_body_obj(u.User)
email = user.email
password = user.password
if not email:
return self.send_error(errors.need_email)
if not password:
return self.send_error(errors.need_password)
email = email.lower()
if not re_email.match(email):
return self.send_error(errors.invalid_email)
fields = base_fields + ['password'] + list(u.authority_map.keys())
try:
# 检查是否多次登录失败
login_fail = {
'type': 'login-fail',
'create_time': {
'$gt': errors.get_date_time(diff_seconds=-1800)
},
'context': email
}
times = self.db.log.count_documents(login_fail)
if times >= 20:
return self.send_error(errors.unauthorized,
reason='请半小时后重试,或者申请重置密码')
login_fail['create_time']['$gt'] = errors.get_date_time(
diff_seconds=-60)
times = self.db.log.count_documents(login_fail)
if times >= 5:
return self.send_error(errors.unauthorized, reason='请一分钟后重试')
# 尝试登录,成功后清除登录失败记录,设置为当前用户
user = self.fetch2obj(self.db.user.find_one(dict(email=email)),
u.User,
fetch_authority,
fields=fields)
if not user:
self.add_op_log('login-no', context=email)
return self.send_error(errors.no_user, reason=email)
if user.password != errors.gen_id(password):
self.add_op_log('login-fail', context=email)
return self.send_error(errors.invalid_password)
self.current_user = user
self.add_op_log('login-ok', context=email + ': ' + user.name)
ResetPasswordApi.remove_login_fails(self, email)
user.login_md5 = errors.gen_id(user.authority)
except DbError as e:
return self.send_db_error(e)
user.__dict__.pop('old_password', 0)
user.__dict__.pop('password', 0)
user.__dict__.pop('last_time', 0)
self.authority = user.authority
self.set_secure_cookie('user', json_encode(self.convert2dict(user)))
logging.info('login id=%s, name=%s, email=%s, auth=%s' %
(user.id, user.name, user.email, user.authority))
self.send_response(user, trim=trim_user)