def login():
"""
请求如下
POST /api/v1/user
{"username": "", "password": ""}
登录成功并设置SESSION
:return:
"""
post_data = request.get_json(force=True)
username = post_data["username"]
password = post_data["password"]
count = UserService.count(where=(User.username == username,
User.password == password))
if count > 0:
session["username"] = username
session["password"] = password
session["ok"] = True
response_data = jsonify(status=200,
message="授权成功",
data={
"extra_info": "跳转到后台",
"site": "/"
})
else:
response_data = jsonify(status=403,
message="未能授权成功",
data={
"extra_info": "跳转到登录页面",
"site": "/login"
})
return response_data
def create_admin_user():
"""
新建管理账户
:return:
"""
if UserService.count(where=(User.user_name == "hunter")) <= 0:
User.create(user_name="hunter",
pass_word="hunter",
full_name="hunter管理员",
role=4)
def addUser2dbAndRedis(self):
"""
同步一个账号到数据库和redis
:return:
"""
from api.service.redis_service import RedisService
from model.default_value import Role
from model.user import User, UserService
user_name = "b5mali4"
full_name = "小明"
email = "*****@*****.**"
dept_name = "信息安全部"
role = Role.USER
mobile_phone = "131xxxx9871"
if UserService.count(where=(User.user_name == user_name)) <= 0:
UserService.save(user_name=user_name,
full_name=full_name,
email=email,
dept_name=dept_name,
role=role,
mobile_phone=mobile_phone)
else:
UserService.update(fields=({
User.user_name: user_name,
User.full_name: full_name,
User.email: email,
User.dept_name: dept_name,
User.role: role,
User.mobile_phone: mobile_phone
}))
user = UserService.get_fields_by_where(
where=(User.user_name == user_name))[0]
user_info = {
"user_name": "b5mali4",
"full_name": "小明",
"email": "*****@*****.**",
"dept_name": "信息安全部",
"role": Role.USER,
"mobile_phone": "131xxxx9871",
"id": user.id
}
RedisService.update_user(user_name="b5mali4", user_info=user_info)
def authorize_route():
"""
基础账号密码认证体系
:return:
"""
try:
post_data = request.get_json(force=True)
post_user_name = post_data.get("user_name")
post_pass_word = post_data.get("pass_word")
if UserService.count(
where=(User.user_name == post_user_name,
User.pass_word == post_pass_word)) <= 0:
return jsonify(status=403,
message="认证出错",
data={
"extra_info": "账号密码登录出错",
"site": "/login"
})
db_user = UserService.get_fields_by_where(
where=(User.user_name == post_user_name,
User.pass_word == post_pass_word))[0]
BaseAuthModule.modify_user_info_cache_session(
user_name=db_user.user_name, db_user=db_user)
return jsonify(status=200,
message="认证成功",
data={
"extra_info": "稍后自动跳转首页,请耐心等待",
"site":
get_system_config()['front_end']['index']
})
except Exception as e:
logger.exception("auth_account raise error")
return jsonify(status=500,
message="未知异常",
data={"extra_info": "发生未知异常,请联系管理员查看异常日志"})
def authorize_route():
"""
ldap认证账号体系
:return:
"""
try:
post_data = request.get_json(force=True)
post_user_name = post_data.get("user_name")
post_pass_word = post_data.get("pass_word")
ldap_config = LdapConfigService.get_single_instance()
if ldap_config.ldap_switch is False:
return jsonify(status=500,
message="登录失败",
data={"extra_info": "不支持ldap认证,请后台配置并开启ldap模块"})
status, result_dict = ldap_auth(post_user_name, post_pass_word)
if status:
user_name = result_dict["user_name"]
# 保存更新数据库和Redis
if UserService.count(where=(User.user_name == user_name)) <= 0:
UserService.save(user_name=result_dict["user_name"],
full_name=result_dict["full_name"],
dept_name=result_dict["dept_name"],
email=result_dict["email"],
mobile_phone=result_dict["mobile"])
else:
UserService.update(fields=({
User.full_name:
result_dict["full_name"],
User.dept_name:
result_dict["dept_name"],
User.email:
result_dict["email"],
User.mobile_phone:
result_dict["mobile"]
}),
where=(User.user_name == user_name))
db_user = UserService.get_fields_by_where(
where=(User.user_name == user_name))[0]
BaseAuthModule.modify_user_info_cache_session(
user_name=db_user.user_name, db_user=db_user)
return jsonify(status=200,
message="认证成功",
data={
"extra_info":
"稍后自动跳转首页,请耐心等待",
"site":
get_system_config()['front_end']['index']
})
return jsonify(status=403,
message="认证出错",
data={
"extra_info": "账号密码登录出错",
"site": "/login"
})
except Exception as e:
logger.exception("auth_account raise error")
return jsonify(status=500,
message="未知异常",
data={"extra_info": "发生未知异常,请联系管理员查看异常日志"})