def EmptyCurrent(response, request):
try:
if ParameterService.GetServiceConfig(
CommonUtils.Current(response, request),
'LoginProvider') == 'Cookie':
response.delete_cookie(
ParameterService.GetServiceConfig(
CommonUtils.Current(response, request),
'LoginProvider'))
else:
request.session.clear()
except Exception as e:
print(e)
def wrapped_function(*args, **kwargs):
if ParameterService.GetServiceConfig(None,
'LoginProvider') == 'Cookie':
try:
user = args[0].get_signed_cookie(
ParameterService.GetServiceConfig(
None, 'LoginProvider'),
salt=ParameterService.GetServiceConfig(
None, 'LoginUserKey'))
if user:
user = SecretHelper.AESDecrypt(user)
try:
user = json.loads(user,
object_hook=UserInfo.json_2_obj)
if PublicController.IsAuthorized(
HttpResponse(), args[0], code):
return func(*args, **kwargs)
else:
return HttpResponseRedirect('/Admin/Index/')
except:
return HttpResponseRedirect('/Admin/Index/')
else:
return HttpResponseRedirect('/Admin/Index/')
except Exception as e:
print(e)
return HttpResponseRedirect('/Admin/Index/')
else:
try:
user = args[0].session.get(
ParameterService.GetServiceConfig(
None, 'LoginProvider'))
if user:
user = SecretHelper.AESDecrypt(user)
try:
user = json.loads(user,
object_hook=UserInfo.json_2_obj)
if PublicController.IsAuthorized(
HttpResponse(), args[0], code):
return func(*args, **kwargs)
else:
return HttpResponseRedirect('/Admin/Index/')
except:
return HttpResponseRedirect('/Admin/Index/')
else:
return HttpResponseRedirect('/Admin/Index/')
except Exception as e:
print(e)
return HttpResponseRedirect('/Admin/Index/')
def Delete(request):
try:
key = request.POST['key']
except:
key = ''
returnValue = ParameterService.SetDeleted(
CommonUtils.Current(HttpResponse(), request), key)
if returnValue > 0:
response = HttpResponse()
response.content = json.dumps({
'Success': True,
'Data': '1',
'Message': FrameworkMessage.MSG0013
})
return response
else:
response = HttpResponse()
response.content = json.dumps({
'Success': False,
'Data': '0',
'Message': FrameworkMessage.MSG3020
})
return response
def __call__(self, *args, **kw):
if ParameterService.GetServiceConfig(None,
'LoginProvider') == 'Cookie':
try:
user = args[0].get_signed_cookie(
ParameterService.GetServiceConfig(None, 'LoginProvider'),
salt=ParameterService.GetServiceConfig(
None, 'LoginUserKey'))
if user:
user = SecretHelper.AESDecrypt(user)
try:
user = json.loads(user,
object_hook=UserInfo.json_2_obj)
except:
return HttpResponseRedirect('/Admin/Index/')
return self.f(*args, **kw)
else:
return HttpResponseRedirect('/Admin/Index/')
except Exception as e:
print(e)
return HttpResponseRedirect('/Admin/Index/')
else:
try:
user = args[0].session.get(
ParameterService.GetServiceConfig(None, 'LoginProvider'))
if user:
user = SecretHelper.AESDecrypt(user)
try:
user = json.loads(user,
object_hook=UserInfo.json_2_obj)
except:
return HttpResponseRedirect('/Admin/Index/')
return self.f(*args, **kw)
else:
return HttpResponseRedirect('/Admin/Index/')
except Exception as e:
print(e)
#TODO:这个地方只是暂时用来记录异常信息的代码,应当将不同模块不同方法的异常记录写到各自的代码中,后期此代码要删除
e_out = Ciexception()
e_out.id = uuid.uuid4()
e_out.createon = datetime.datetime.now()
e_out.message = e
ExceptionService.Add(None, e_out)
return HttpResponseRedirect('/Admin/Index/')
def GetEntity(request):
try:
key = request.POST['key']
except:
key = None
entity = ParameterService.GetEntity(CommonUtils.Current(HttpResponse(), request), key)
response = HttpResponse()
response.content = entity.toJSON()
return response
def Theme(response, request):
tmpTheme = "default"
vUser = CommonUtils.Current(response, request)
if vUser:
tmpTheme = ParameterService.GetParameter(
CommonUtils.Current(response, request), 'User', vUser.Id,
'WebTheme')
if not tmpTheme:
tmpTheme = 'default'
request.session['theme'] = tmpTheme
response.set_signed_cookie(
'theme',
tmpTheme,
max_age=int(
ParameterService.GetServiceConfig(
CommonUtils.Current(response, request), 'CookieMaxAge')),
salt=ParameterService.GetServiceConfig(
CommonUtils.Current(response, request), 'LoginUserKey'))
return tmpTheme
def UIStyle(userInfo, response, request):
tmpUIStyle = "AccordionTree"
vUser = CommonUtils.Current(response, request)
if userInfo:
try:
tmpUIStyle = ParameterService.GetParameter(
CommonUtils.Current(response, request), 'User',
userInfo.Id, 'NavType')
except:
tmpUIStyle = 'AccordionTree'
else:
tmpUIStyle = 'AccordionTree'
request.session['UIStyle'] = tmpUIStyle
response.set_signed_cookie(
'UIStyle',
tmpUIStyle,
max_age=int(
ParameterService.GetServiceConfig(
CommonUtils.Current(response, request), 'CookieMaxAge')),
salt=ParameterService.GetServiceConfig(
CommonUtils.Current(response, request), 'LoginUserKey'))
return tmpUIStyle
def GridPageListJson(request):
page = None
rows = None
sort = None
order = None
filter = None
try:
page = request.POST['page']
except:
page = 1
try:
rows = request.POST['rows']
except:
rows = 20
try:
sort = request.POST['sort']
except:
sort = 'sortcode'
try:
order = request.POST['order']
except:
order = 'asc'
try:
filter = request.POST['filter']
except:
filter = ''
response = HttpResponse()
recordCount, dtParameter = ParameterService.GetDTByPage(
CommonUtils.Current(response, request),
SearchFilter.TransfromFilterToSql(filter, False), rows,
sort + ' ' + order)
pageValue = dtParameter.page(page)
parameterTmp = ''
for parameter in pageValue:
parameterTmp = parameterTmp + ', ' + json.dumps(parameter,
cls=DateEncoder)
parameterTmp = parameterTmp.strip(',')
returnValue = '{"total": ' + str(
recordCount) + ', "rows":[' + parameterTmp + ']}'
response.content = returnValue
return response
def Current(response, request):
if ParameterService.GetServiceConfig(None,
'LoginProvider') == 'Cookie':
try:
user = request.get_signed_cookie(
ParameterService.GetServiceConfig(None, 'LoginProvider'),
salt=ParameterService.GetServiceConfig(
None, 'LoginUserKey'))
#user = pickle.loads(user)
user = SecretHelper.AESDecrypt(user)
user = json.loads(user, object_hook=UserInfo.json_2_obj)
return user
except Exception as e:
return None
else:
try:
user = request.session.get(
ParameterService.GetServiceConfig(None, 'LoginProvider'))
user = SecretHelper.AESDecrypt(user)
user = json.loads(user, object_hook=UserInfo.json_2_obj)
return user
except Exception as e:
print(e)
return None
def UpdateUserConfig(request):
if request.POST['themeJson']:
response = HttpResponse()
vUser = CommonUtils.Current(response, request)
jobj = json.loads(request.POST['themeJson'])
pageSize = str(jobj['gridRows'])
themeName = str(jobj['theme']['name'])
navType = str(jobj['navType'])
returnValue = 0
if pageSize:
returnValue = returnValue + ParameterService.SetParameter(
vUser, "User", vUser.Id, "WebPageSize", pageSize)
if themeName:
returnValue = returnValue + ParameterService.SetParameter(
vUser, "User", vUser.Id, "WebTheme", themeName)
response.set_signed_cookie(
'theme',
themeName,
max_age=int(
ParameterService.GetServiceConfig(
CommonUtils.Current(response, request),
'CookieMaxAge')),
salt=ParameterService.GetServiceConfig(
CommonUtils.Current(response, request), 'LoginUserKey'))
if navType:
returnValue = returnValue + ParameterService.SetParameter(
vUser, "User", vUser.Id, "NavType", navType)
response.set_signed_cookie(
'UIStyle',
navType,
max_age=int(
ParameterService.GetServiceConfig(
CommonUtils.Current(response, request),
'CookieMaxAge')),
salt=ParameterService.GetServiceConfig(
CommonUtils.Current(response, request), 'LoginUserKey'))
if returnValue > 0:
response.content = '1'
else:
response.content = '保存失败!'
return response
else:
response = HttpResponse()
response.content = "无保存数据!"
return response
def AddCurrent(user, response, request):
"""
写入登录信息
Args:
user (UserInfo): user
Returns:
"""
try:
if ParameterService.GetServiceConfig(
CommonUtils.Current(response, request),
'LoginProvider') == 'Cookie':
#user = pickle.dumps(user)
user = json.dumps(user, default=UserInfo.obj_2_json)
#response.set_signed_cookie(ParameterService.GetServiceConfig('LoginProvider'), str(user), max_age=int(ParameterService.GetServiceConfig('CookieMaxAge')), salt=ParameterService.GetServiceConfig('LoginUserKey'))
user = SecretHelper.AESEncrypt(user)
user = str(user, encoding="utf8")
response.set_signed_cookie(
ParameterService.GetServiceConfig(
CommonUtils.Current(response, request),
'LoginProvider'),
user,
max_age=int(
ParameterService.GetServiceConfig(
CommonUtils.Current(response, request),
'CookieMaxAge')),
salt=ParameterService.GetServiceConfig(
CommonUtils.Current(response, request),
'LoginUserKey'))
else:
#user = pickle.dumps(user)
user = json.dumps(user, default=UserInfo.obj_2_json)
user = SecretHelper.AESEncrypt(user)
user = str(user, encoding="utf8")
request.session[ParameterService.GetServiceConfig(
CommonUtils.Current(response, request),
'LoginProvider')] = user
request.session.set_expiry(
int(
ParameterService.GetServiceConfig(
CommonUtils.Current(response, request),
'CookieMaxAge')))
except Exception as e:
print(e)
def GetDefaultConfig(request):
response = HttpResponse()
vUser = CommonUtils.Current(response, request)
curTheme = ParameterService.GetParameter(vUser, "User", vUser.Id,
"WebTheme")
curPageSize = ParameterService.GetParameter(vUser, "User", vUser.Id,
"WebPageSize")
curNavType = ParameterService.GetParameter(vUser, "User", vUser.Id,
"NavType")
if curTheme:
if ParameterService.GetServiceConfig(
CommonUtils.Current(response, request),
'LoginProvider') == 'Cookie':
response.set_signed_cookie(
'theme',
curTheme,
max_age=int(
ParameterService.GetServiceConfig(
CommonUtils.Current(response, request),
'CookieMaxAge')),
salt=ParameterService.GetServiceConfig(
CommonUtils.Current(response, request), 'LoginUserKey'))
outJson = "{"
if curTheme:
outJson = outJson + "\"theme\":{\"title\":\"默认皮肤\",\"name\":\"" + curTheme + "\",\"selected\":true}"
else:
outJson = outJson + "\"theme\":{\"title\":\"默认皮肤\",\"name\":\"default\",\"selected\":true}"
if curPageSize:
outJson = outJson + ",\"gridRows\":" + curPageSize
else:
outJson = outJson + ",\"gridRows\":20"
if curNavType:
outJson = outJson + ",\"navType\":\"" + curNavType + "\"}"
else:
outJson = outJson + ",\"navType\":\"AccordionTree\"}"
response.content = outJson
return response
def LogOn(userName,
password,
openId=None,
createNewOpenId=False,
ipAddress=None,
macAddress=None,
checkUserPassword=True):
ReturnStatusCode = ''
userInfo = UserInfo()
realName = ''
if UserInfo:
realName = userInfo.RealName
if ipAddress:
#ipAddress = UserInfo.IPAddress
userInfo.IPAddress = ipAddress
if macAddress:
#macAddress = UserInfo.MACAddress
userInfo.MACAddress = macAddress
#01: 系统是否采用了在线用户的限制
if SystemInfo.OnLineLimit > 0 and LogOnService.CheckOnLineLimit():
ReturnStatusCode = StatusCode.statusCodeDic['ErrorOnLineLimit']
return userInfo
#02. 默认为用户没有找到状态,查找用户
#这是为了达到安全要求,不能提示用户未找到,那容易让别人猜测到帐户
if SystemInfo.EnableCheckPasswordStrength:
ReturnStatusCode = StatusCode.statusCodeDic['ErrorLogOn']
else:
ReturnStatusCode = StatusCode.statusCodeDic['UserNotFound']
#03. 查询数据库中的用户数据?只查询未被删除的
dataTable = Piuser.objects.filter(
Q(deletemark=0) & Q(username=userName))
if dataTable.count() == 0:
#TODO:若没数据再工号、邮件、手机号等方式登录
pass
userEntity = None
userLogOnEntity = None
if dataTable.count() > 1:
ReturnStatusCode = StatusCode.statusCodeDic['UserDuplicate']
elif dataTable.count() == 1:
#05. 判断密码,是否允许登录,是否离职是否正确
userEntity = dataTable[0]
if userEntity.auditstatus and userEntity.auditstatus.endswith(
AuditStatus.WaitForAudit):
ReturnStatusCode = AuditStatus.WaitForAudit
return ReturnStatusCode, userInfo
#用户无效、已离职的
if userEntity.isdimission == 1 or userEntity.enabled == 0:
ReturnStatusCode = StatusCode.statusCodeDic['LogOnDeny']
return ReturnStatusCode, userInfo
#用户是否有效的
if userEntity.enabled == -1:
ReturnStatusCode = StatusCode.statusCodeDic['UserNotActive']
return ReturnStatusCode, userInfo
userLogOnEntity = Piuserlogon.objects.get(id=userEntity.id)
if (not userEntity.username) or (userEntity.username !=
'Administrator'):
#06. 允许登录时间是否有限制
if userLogOnEntity.allowendtime:
userLogOnEntity.allowendtime = datetime.datetime(
datetime.datetime.now().year,
datetime.datetime.now().month,
datetime.datetime.now().day,
userLogOnEntity.allowendtime.hour,
userLogOnEntity.allowendtime.minute,
userLogOnEntity.allowendtime.second)
if userLogOnEntity.allowstarttime:
userLogOnEntity.allowstarttime = datetime.datetime(
datetime.datetime.now().year,
datetime.datetime.now().month,
datetime.datetime.now().day,
userLogOnEntity.allowstarttime.hour,
userLogOnEntity.allowstarttime.minute,
userLogOnEntity.allowstarttime.second)
if datetime.datetime.now(
) < userLogOnEntity.allowstarttime:
ReturnStatusCode = StatusCode.statusCodeDic[
'UserLocked']
return ReturnStatusCode, userInfo
if userLogOnEntity.allowendtime:
if datetime.datetime.now() > userLogOnEntity.allowendtime:
ReturnStatusCode = StatusCode.statusCodeDic[
'UserLocked']
return ReturnStatusCode, userInfo
#07. 锁定日期是否有限制
if userLogOnEntity.lockstartdate and datetime.datetime.now(
) > userLogOnEntity.lockstartdate:
if userLogOnEntity.lockenddate or datetime.datetime.now(
) < userLogOnEntity.lockenddate:
ReturnStatusCode = StatusCode.statusCodeDic[
'UserLocked']
return ReturnStatusCode, userInfo
#08. 是否检查用户IP地址,是否进行访问限制?管理员不检查IP. && !this.IsAdministrator(userEntity.Id.ToString()
if SystemInfo.EnableCheckIPAddress and userLogOnEntity.checkipAddress == 1 and (
userEntity.username != 'Administrator'
or userEntity.code == 'Administrator'):
if ipAddress:
if ParameterService.Exists(userEntity.id, 'IPAddress'):
if not CheckIPAddress.CheckIPAddress(
ipAddress, userEntity.id):
ReturnStatusCode = StatusCode.statusCodeDic[
'ErrorIPAddress']
return ReturnStatusCode, userInfo
#没有设置MAC地址时不检查
if macAddress:
if ParameterService.Exists(userEntity.id, 'MacAddress'):
if not CheckIPAddress.CheckIPAddress(
macAddress, userEntity.id):
ReturnStatusCode = StatusCode.statusCodeDic[
'ErrorMacAddress']
return ReturnStatusCode, userInfo
#10. 只允许登录一次,需要检查是否自己重新登录了,或者自己扮演自己了
if UserInfo and UserInfo.Id != userEntity.id:
if SystemInfo.CheckOnLine and userLogOnEntity.multiuserlogin == 0 and userLogOnEntity.useronline > 0:
isSelf = False
if openId:
if userLogOnEntity.openid:
if userLogOnEntity.openid == openId:
isSelf = True
if not isSelf:
ReturnStatusCode = StatusCode.statusCodeDic['ErrorOnLine']
return ReturnStatusCode, userInfo
#04. 系统是否采用了密码加密策略?
if checkUserPassword and SystemInfo.EnableEncryptServerPassword:
password = SecretHelper.AESEncrypt(password).decode()
#11. 密码是否正确(null 与空看成是相等的)
if userLogOnEntity.userpassword and password:
userPasswordOK = True
#用户密码是空的
if not userLogOnEntity.userpassword:
#但是输入了不为空的密码
if password:
userPasswordOK = False
else:
#用户的密码不为空,但是用户是输入了密码、 再判断用户的密码与输入的是否相同
userPasswordOK = password and userLogOnEntity.userpassword == password
#用户的密码不相等
if not userPasswordOK:
userLogOnEntity.passworderrorcount = userLogOnEntity.passworderrorcount + 1
if SystemInfo.PasswordErrorLockLimit > 0 and userLogOnEntity.passworderrorcount >= SystemInfo.PasswordErrorLockLimit:
#密码错误锁定周期若为0,直接设帐号无效,需要管理员审核
if SystemInfo.PasswordErrorLockCycle == 0:
Piuser.objects.filter(id=userEntity.id).update(
enabled=0, auditstatus=AuditStatus.WaitForAudit)
else:
userLogOnEntity.lockstartdate = datetime.datetime.now()
userLogOnEntity.lockenddate = datetime.datetime.now(
) + datetime.timedelta(
minutes=SystemInfo.PasswordErrorLockCycle)
Piuserlogon.objects.filter(id=userEntity.id).update(
lockstartdate=userLogOnEntity.lockstartdate,
lockenddate=userLogOnEntity.lockenddate)
else:
Piuserlogon.objects.filter(id=userEntity.id).update(
passworderrorcount=userLogOnEntity.passworderrorcount)
'''
密码错误后处理:
11.1:记录日志
LogManager.Instance.Add(DBProvider, userEntity.Id.ToString(), userEntity.RealName, "LogOn", RDIFrameworkMessage.UserManager, "LogOn", RDIFrameworkMessage.UserManager_LogOn, userEntity.RealName, ipAddress, RDIFrameworkMessage.MSG0088);
TODO: 11.2:看当天(24小时内)输入错误密码多少次了?
TODO: 11.3:若输错密码数量已经超过了系统限制,则用户被锁定系统设定的小时数。
TODO: 11.4:同时处理返回值,由于输入错误密码次数过多导致被锁定,登录时应读取这个状态比较,时间过期后应处理下状态。
密码强度检查,若是要有安全要求比较高的,返回的提醒消息要进行特殊处理,不能返回非常明确的提示信息。
'''
if SystemInfo.EnableCheckPasswordStrength:
ReturnStatusCode = StatusCode.statusCodeDic['ErrorLogOn']
else:
ReturnStatusCode = StatusCode.statusCodeDic[
'PasswordError']
return ReturnStatusCode, userInfo
#12. 更新IP地址,更新MAC地址
userLogOnEntity.passworderrorcount = 0
if ipAddress:
userLogOnEntity.ipaddress = ipAddress
if macAddress:
userLogOnEntity.macaddress = macAddress
Piuserlogon.objects.filter(id=userEntity.id).update(
passworderrorcount=0, ipaddress=ipAddress, macaddress=macAddress)
#可以正常登录了
ReturnStatusCode = StatusCode.statusCodeDic['OK']
#13. 登录、重新登录、扮演时的在线状态进行更新
#userLogOnManager.ChangeOnLine(userEntity.Id);
userInfo = LogOnService.ConvertToUserInfo(userInfo, userEntity,
userLogOnEntity)
userInfo.IPAddress = ipAddress
userInfo.MACAddress = macAddress
userInfo.Password = password
#这里是判断用户是否为系统管理员的
userInfo.IsAdministrator = PermissionService.IsAdministrator(
userEntity)
'''
// 数据找到了,就可以退出循环了
/*
// 获得员工的信息
if (userEntity.IsStaff == 1)
{
PiStaffManager staffManager = new PiStaffManager(DBProvider, UserInfo);
//这里需要按 员工的用户ID来进行查找对应的员工-用户关系
PiStaffEntity staffEntity = new PiStaffEntity(staffManager.GetDT(PiStaffTable.FieldUserId, userEntity.Id));
if (!string.IsNullOrEmpty(staffEntity.Id))
{
userInfo = staffManager.ConvertToUserInfo(staffEntity, userInfo);
}
}*/
'''
#记录系统访问日志
if ReturnStatusCode == StatusCode.statusCodeDic['OK']:
if not userInfo.OpenId:
createNewOpenId = True
if createNewOpenId:
userInfo.OpenId = LogOnService.UpdateVisitDate(
userEntity.id, createNewOpenId)
else:
LogOnService.UpdateVisitDate(userEntity.id, createNewOpenId)
return ReturnStatusCode, userInfo
def SubmitForm(request):
try:
IsOk = '1'
try:
key = request.GET['key']
except:
key = None
response = HttpResponse()
curUser = CommonUtils.Current(response, request)
if not key:
parameter = Ciparameter()
parameter = parameter.loadJson(request)
parameter.id = uuid.uuid4()
parameter.deletemark = 0
parameter.createon = datetime.datetime.now().strftime(
'%Y-%m-%d %H:%M:%S')
parameter.createby = curUser.RealName
parameter.createuserid = curUser.Id
parameter.modifiedon = datetime.datetime.now().strftime(
'%Y-%m-%d %H:%M:%S')
parameter.modifiedby = curUser.RealName
parameter.enabled = 1
returnCode, returnMessage, returnValue = ParameterService.Add(
curUser, parameter)
if returnCode == StatusCode.statusCodeDic['OKAdd']:
response.content = json.dumps({
'Success': True,
'Data': IsOk,
'Message': returnMessage
})
return response
elif returnCode == StatusCode.statusCodeDic['ErrorCodeExist']:
response.content = json.dumps({
'Success': False,
'Data': '0',
'Message': '编码或名称重复'
})
return response
else:
response.content = json.dumps({
'Success': False,
'Data': '0',
'Message': returnMessage
})
return response
else:
parameter = ParameterService.GetEntity(
CommonUtils.Current(response, request), key)
if parameter:
parameter = parameter.loadJson(request)
else:
response.content = json.dumps({
'Success': False,
'Data': '0',
'Message': "修改失败!"
})
return response
if curUser:
parameter.modifiedby = curUser.RealName
parameter.modifieduserid = curUser.Id
parameter.modifiedon = datetime.datetime.now()
returnCode, returnMessage = ParameterService.Update(
CommonUtils.Current(response, request), parameter)
if returnCode == StatusCode.statusCodeDic['OKUpdate']:
response.content = json.dumps({
'Success': True,
'Data': IsOk,
'Message': returnMessage
})
return response
else:
response.content = json.dumps({
'Success': False,
'Data': '0',
'Message': returnMessage
})
return response
except Exception as e:
print(e)
response = HttpResponse()
response.content = json.dumps({
'Success': False,
'Data': '0',
'Message': FrameworkMessage.MSG3020
})
return response
