def login_handler():
"""
@api {post} /v1/user/login 登录
@apiName Login
@apiGroup 用户
@apiDescription 登录
@apiParam {string} username 用户
@apiParam {string} password 密码
@apiParamExample {json} Request-Example:
{
"username":"******",
"password":"******"
}
@apiSuccess {string} token 用户token
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"code": 0,
"data": {
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IndpZ2dlbnMiLCJ1c2VyaWQiOj"
},
"message": "ok"
}
"""
username, passwd = parse_json_form('login')
if passwd is '':
return json_detail_render(301)
# code, data = AuthBusiness.login(username, passwd)
code, data = AuthBusiness.ssoLogin(username, passwd)
return json_detail_render(code, data)
def _(*args, **kwargs):
if g.istrpc == 1:
return func(*args, **kwargs)
if g.is_admin == 1:
return func(*args, **kwargs)
roles = [
i['name']
for i in UserBusiness.query_json_by_id(g.userid)[0]['role']
]
project = None
if request.args and 'project_id' in request.args:
project = request.args.get('project_id')
if request.json and 'project_id' in request.json:
project = request.json.get('project_id')
project_list = UserBusiness.own_in_project()
if project and _is_owneristrator(
roles) and project_list and _is_have_project(
int(project), project_list):
return func(*args, **kwargs)
abilities = AuthBusiness.query_ability_by_role_name(roles)
if _has_ability(ability, abilities):
return func(*args, **kwargs)
raise OperationPermissionDeniedException
def _(*args, **kwargs):
if g.istrpc == 1:
return func(*args, **kwargs)
if g.is_admin == 1:
return func(*args, **kwargs)
# 项目外需要owner权限的在premission中@owner_required
roles = []
if not g.projectid:
raise OperationPermissionDeniedException
roles_row = UserBusiness.query_json_by_id_and_project(
g.userid, g.projectid)
roles_list = roles_row[0]['role'] if roles_row else []
for i in roles_list:
roles.append(i['name'])
if _is_owneristrator(roles):
return func(*args, **kwargs)
abilities = AuthBusiness.query_ability_by_role_name(roles)
if _has_ability(ability, abilities):
return func(*args, **kwargs)
raise OperationPermissionDeniedException
def required_no_pid_no_dec(ability=None):
if g.istrpc == 1:
return 1
if g.is_admin == 1:
return 1
roles = [
i['name'] for i in UserBusiness.query_json_by_id(g.userid)[0]['role']
]
project = None
if request.args and 'project_id' in request.args:
project = request.args.get('project_id')
if request.json and 'project_id' in request.json:
project = request.json.get('project_id')
project_list = UserBusiness.own_in_project()
if project and is_owneristrator(
roles) and project_list and is_have_project(
int(project), project_list):
return 1
abilities = AuthBusiness.query_ability_by_role_name(roles)
if has_ability(ability, abilities):
return 1
return 0
def login_handler():
"""
@api {post} /v1/user/login 登录
@apiName Login
@apiGroup 用户
@apiDescription 登录
@apiParam {string} username 用户
@apiParam {string} password 密码
@apiParamExample {json} Request-Example:
{
"username":"******",
"password":"******"
}
@apiSuccess {string} token 用户token
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"code": 0,
"data": {
"token": "tokenxxxx.xxxxx"
},
"message": "ok"
}
"""
username, passwd = parse_json_form('login')
if passwd is '':
return json_detail_render(301)
code, data = AuthBusiness.login(username, passwd)
return json_detail_render(code, data)
def get_user(cls, user_code):
# 读取成员 'https://qyapi.weixin.qq.com/cgi-bin/user/get?access_token=ACCESS_TOKEN&userid=USERID'
# access_token 调用接口凭证,
# userid 成员UserID。对应管理端的帐号,企业内必须唯一。不区分大小写,长度为1~64个字节
access_token = cls.get_access_token()
errcode, user_id = cls.get_user_info(access_token, user_code)
if errcode == 102:
return 109, [], '非企业人员'
if errcode == 40014:
access_token = cls.force_get_access_token()
url = QYWXHost + 'user/get' + '?access_token={}&userid={}'.format(access_token, user_id)
current_app.logger.info(url)
ret = requests.get(url=url)
current_app.logger.info(ret.text)
r = json.loads(ret.text)
if r['errcode'] is 0:
uid = r['userid']
nickname = r['name']
email = r['email']
telephone = r['mobile']
avatar = r['avatar']
current_app.logger.info("avatar:" + str(avatar))
res = User.query.filter(User.wx_userid == uid, User.status == User.ACTIVE).first()
if res:
code, data = AuthBusiness.no_password_login(res.name)
pic = User.query.get(res.id)
pic.picture = avatar
db.session.add(pic)
db.session.commit()
try:
TrackUserBusiness.user_track(res)
except Exception as e:
current_app.logger.info(e)
return code, data, ''
else:
UserBusiness.create_new_wxuser(uid, nickname, '', email, telephone, avatar)
code, data = AuthBusiness.no_password_login(uid)
return code, data, ''
else:
return r['errcode'], [], r['errmsg']
def renew_token_handler():
"""
@api {get} /v1/user/renewtoken 刷新 token
@apiName RenewToken
@apiGroup 用户
@apiDescription 刷新 token
@apiSuccess {string} token 用户token
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"code": 0,
"data": {
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IndpZ2dlbnMiLCJ1"
},
"message": "ok"
}
"""
token = request.headers.get('Authorization')
userdetail = AuthBusiness.jwt_decode(token)
new_token = AuthBusiness.jwt_b_encode(userdetail).decode('utf-8')
data = dict(token=new_token)
return json_detail_render(0, data)
def renew_token_handler():
"""
@api {get} /v1/user/renewtoken 刷新 token
@apiName RenewToken
@apiGroup 用户
@apiDescription 刷新 token
@apiSuccess {string} token 用户token
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"code": 0,
"data": {
"token": "tokenxxxx.xxxxx"
},
"message": "ok"
}
"""
token = request.headers.get('Authorization')
userdetail = AuthBusiness.jwt_decode(token)
new_token = AuthBusiness.jwt_b_encode(userdetail).decode('utf-8')
data = dict(token=new_token)
return json_detail_render(0, data)
def required_no_dec(ability=None):
if g.istrpc == 1:
return 1
if g.is_admin == 1:
return 1
roles = []
if not g.projectid:
raise PermissionDeniedException
roles_row = UserBusiness.query_json_by_id_and_project(
g.userid, g.projectid)
roles_list = roles_row[0]['role'] if roles_row else []
for i in roles_list:
roles.append(i['name'])
if is_owneristrator(roles):
return 1
abilities = AuthBusiness.query_ability_by_role_name(roles)
if has_ability(ability, abilities):
return 1
return 0