def create_user(**args): token = token_service.get_token(args.get('http_request')) user_login = token.username has_role = token.has_role('ROLE_ADMIN') if not has_role: raise Exception('403 Forbidden') user = User() user.__dict__ = args.get('user') old = user_db.find_one_by_kv('login', user.login) if old is not None: raise Exception('400 已存在同名用户') old = user_db.find_one_by_kv('email', user.email) if old is not None: raise Exception('400 email已存在') old = user_db.find_one_by_kv('phone', user.phone) if old is not None: raise Exception('400 phone已存在') user.password = passwd_service.encode(user.password) user.activated = True user.imageUrl = '' user.langKey = 'en' user.createdBy = user_login user.createdDate = mytime.now() user.lastModifiedBy = user.createdBy user.lastModifiedDate = mytime.now() id = user_db.create_user(user) return id
def update_current_account(**args): http_request = args.get('http_request') token = token_service.get_token(http_request) user_login = token.username user = User() user.__dict__ = args.get('user') if user_login is None or user_login != user.login: raise Exception('403 Forbidden') old = user_db.find_one_by_kv('email', user.email) if old is not None and old.login != user_login: raise Exception('400 email已存在') old = user_db.find_one_by_kv('phone', user.phone) if old is not None and old.login != user_login: raise Exception('400 phone已存在') old = user_db.find_one_by_kv('login', user_login) if old is None: raise Exception('400 用户不存在') user_db.update_user_base_info(user) return 0
def update_user(**args): token = token_service.get_token(args.get('http_request')) user_login = token.username has_role = token.has_role('ROLE_ADMIN') if not has_role: raise Exception('403 Forbidden') user = User() user.__dict__ = args.get('user') old = user_db.find_one_by_kv('email', user.email) if old is not None and old.id != user.id: raise Exception('400 email已存在') old = user_db.find_one_by_kv('phone', user.phone) if old is not None and old.id != user.id: raise Exception('400 phone已存在') user.lastModifiedBy = user_login user.lastModifiedDate = mytime.now() user_db.update_user(user) if hasattr(user, 'password') and user.password: user_db.change_password(user.login, passwd_service.encode(user.password)) return 0
def verify_user_password(username, password): user = user_db.find_one_by_kv('login', username) if user is not None and passwd_service.verify_passwd( user.password, password): return user user = user_db.find_one_by_kv('email', username) if user is not None and passwd_service.verify_passwd( user.password, password): return user user = user_db.find_one_by_kv('phone', username) if user is not None and passwd_service.verify_passwd( user.password, password): return user return None
def activate_user(**args): key = args.get('key') user = user_db.find_one_by_kv('activation_key', key) if user is None: raise Exception('400 激活码失效') user.activated = True user.activationKey = '' user_db.update_user_activation(user) return 0
def register_user(**args): user = User() user.__dict__ = args.get('user') old = user_db.find_one_by_kv('login', user.login) if old is not None: raise Exception('400 username重名') old = user_db.find_one_by_kv('email', user.email) if old is not None: raise Exception('400 email重名') old = user_db.find_one_by_kv('phone', user.phone) if old is not None: raise Exception('400 phone重名') user.password = passwd_service.encode(user.password) user.activated = False user.activationKey = passwd_service.gen_random_key() user.imageUrl = '' user.langKey = 'en' user.createdBy = user.login user.createdDate = mytime.now() user.lastModifiedBy = user.login user.lastModifiedDate = mytime.now() user.authorities = [ 'ROLE_USER', ] # 缺省所有用户都有ROLE_USER角色 user_db.create_user(user) if not mail_service.send_activation_email( user.email, user.activateUrlPrefix, user.activationKey): user_db.delete_user_by_login(user.login) raise Exception('400 发送注册邮件失败') return 0
def password_reset_finish(**args): new_password = args.get('newPassword') key = args.get('key') user = user_db.find_one_by_kv('reset_key', key) if user is None: raise Exception('400, 重置码失效') expire = datetime.strptime( user.resetDate, '%Y-%m-%dT%H:%M:%S').timestamp() + 172800 # 2 days if datetime.now().timestamp() > expire: raise Exception('400, 重置码失效') user.password = passwd_service.encode(new_password) user.resetKey = '' user_db.update_user_password_reset(user) return 0
def password_reset_init(**args): if verify_code_service.validate_verify_code(**args) != 1: raise Exception('403, 验证码错误') user = user_db.find_one_by_kv('email', args.get('email')) if user is None or not user.activated: raise Exception('400, 用户不存在或未激活') user.resetKey = passwd_service.gen_random_key() user.resetDate = mytime.now() user_db.update_user_password_reset(user) if not mail_service.send_password_reset_email( args.get('email'), args.get('resetUrlPrefix'), user.resetKey): raise Exception('400, 发送邮件失败') return 0
def get_user_by_phone(phone): user = user_db.find_one_by_kv('phone', phone) if user is not None: user.remove_internal_values() return user
def get_user_by_email(email): user = user_db.find_one_by_kv('email', email) if user is not None: user.remove_internal_values() return user
def get_user_by_login(login): user = user_db.find_one_by_kv('login', login) if user is not None: user.remove_internal_values() return user
def get_user_by_id(id): user = user_db.find_one_by_kv('id', id) if user is not None: user.remove_internal_values() return user
def gen_from_refresh_token(refresh_token): try: jwt_decoded = python_jwt.verify_jwt(refresh_token, pub_key=jwk.JWK.from_pem( g.config.public_key), allowed_algs=['RS256'], checks_optional=True, ignore_not_implemented=True) except: return None user_name = jwt_decoded[1].get('user_name') # 用户的ROLE可能改变,所以refresh token时应该重新查询用户数据库,而不能直接用上次token中信息 user = user_db.find_one_by_kv('login', user_name) if user is None: return None claims = { 'user_name': user.login, 'authorities': user.authorities, 'scope': ['openid'], 'client_id': 'web_app' } try: access_token = python_jwt.generate_jwt( claims, priv_key=jwk.JWK.from_pem(g.config.private_key), algorithm='RS256', lifetime=datetime.timedelta(seconds=300), # 5 min jti_size=16) except: return None try: jwt_decoded = python_jwt.verify_jwt(access_token, pub_key=jwk.JWK.from_pem( g.config.public_key), allowed_algs=['RS256'], checks_optional=True, ignore_not_implemented=True) except: return None try: refresh_token = python_jwt.generate_jwt( claims, priv_key=jwk.JWK.from_pem(g.config.private_key), algorithm='RS256', lifetime=datetime.timedelta(seconds=604800), # 7 days jti_size=16) except: return None result = { 'access_token': access_token, 'refresh_token': refresh_token, 'token_type': 'bearer', 'scope': 'web-app', 'iat': jwt_decoded[1].get('iat'), 'exp': jwt_decoded[1].get('exp'), 'expires_in': jwt_decoded[1].get('exp') - jwt_decoded[1].get('iat') - 1, 'jti': jwt_decoded[1].get('jti') } return result