Exemple #1
0
def call_verification(code_url_obj, code):
    """
    记录调用次数,并查看是否有调用权限
    :return:
    """

    # 记录调用
    if current_user.is_authenticated:
        user_id = current_user.str_id
    else:
        user_id = None
    mdbs["sys"].db.sys_call_record.insert_one({
        "type": "api",
        "req_path": request.path,
        "ip": request.remote_addr,
        "user_id": user_id,
        "time": time.time()
    })
    # 查找1分钟内本IP的调用次数
    freq = mdbs["sys"].db.sys_call_record.find({
        "type": "api",
        "req_path": request.path,
        "ip": request.remote_addr,
        "user_id": user_id,
        "time": {
            "$gte": time.time() - 60
        }
    }).count(True)

    if freq:
        if freq > get_config("verify_code", "MAX_NUM_SEND_SAMEIP_PERMIN"):
            # 大于单位时间最大调用次数访问验证
            data = {
                'msg':
                gettext(
                    "The system detects that your network is sending verification codes frequently."
                    " Please try again later!"),
                'msg_type':
                "w",
                "custom_status":
                401
            }
            return False, data

        elif freq > get_config("verify_code",
                               "MAX_NUM_SEND_SAMEIP_PERMIN_NO_IMGCODE") + 1:
            # 已超过单位时间无图片验证码情况下的最大调用次数, 验证图片验证码
            # 检验图片验证码
            r = verify_image_code(code_url_obj, code)
            if not r:
                data = {
                    'msg':
                    gettext("Image verification code error, email not sent"),
                    'msg_type': "e",
                    "custom_status": 401
                }
                # 验证错误,开启验证码验证
                data["open_img_verif_code"] = True
                data["code"] = create_img_code()
                return False, data

        elif freq > get_config("verify_code",
                               "MAX_NUM_SEND_SAMEIP_PERMIN_NO_IMGCODE"):
            # 如果刚大于单位时间内,无图片验证码情况下的最大调用次数, 返回图片验证码验证码
            data = {
                'msg':
                gettext(
                    "The system detected that your operation is too frequent and"
                    " you need to verify the picture verification code"),
                'msg_type':
                "w",
                "custom_status":
                401
            }

            data["open_img_verif_code"] = True
            data["code"] = create_img_code()
            return False, data

    return True, ""
Exemple #2
0
def p_sign_in(username, password, code_url_obj, code, remember_me, use_jwt_auth=0):

    '''
    用户登录函数
    :param adm:
    :return:
    '''
    data = {}
    if current_user.is_authenticated and username in [current_user.username,
                                                      current_user.email,
                                                      current_user.mphone_num]:
        data['msg'] = gettext("Is logged in")
        data["msg_type"] = "s"
        data["http_status"] = 201
        data['to_url'] = request.argget.all('next') or get_config("login_manager", "LOGIN_IN_TO")
        return data

    # name & pass
    s, r = email_format_ver(username)
    s2, r2 = mobile_phone_format_ver(username)
    if s:
        user = mdb_user.db.user.find_one({"email":username})
    elif s2:
        user = mdb_user.db.user.find_one({"mphone_num": username})
    else:
        user = mdb_user.db.user.find_one({"username":username})
    if not user:
        data = {"msg":gettext("Account or password error"), "msg_type":"e", "http_status":401}
        return data

    user = User(user["_id"])

    # 判断是否多次密码错误,是就要验证图片验证码
    user_p = mdb_user.db.user_login_log.find_one({'user_id':user.str_id})
    PW_WRONG_NUM_IMG_CODE = get_config("login_manager", "PW_WRONG_NUM_IMG_CODE")
    if user_p and 'pass_error' in user_p and user_p['pass_error'] >= PW_WRONG_NUM_IMG_CODE:
        # 图片验证码验证
        r = verify_image_code(code_url_obj, code)
        if not r:

            data["open_img_verif_code"] = True
            data['msg'] = gettext("Verification code error")
            data["msg_type"] = "e"
            data["http_status"] = 401
            return data

    # 密码验证
    if user and user.verify_password(password) and not user.is_delete:
        if user.is_active:
            if use_jwt_auth:
                # 使用的时jwt验证
                # 获取token
                jwt_auth = JwtAuth()
                data["auth_token"] = jwt_auth.get_login_token(user)
                client = "app"
            else:
                login_user(user, remember_me)
                client = "browser"
            # 记录登录日志
            login_log(user, client)

            data['msg'] = gettext("Sign in success")
            data["msg_type"] = "s"
            data["http_status"] = 201
            data["to_url"] = request.argget.all('next') or get_config("login_manager", "LOGIN_IN_TO")
            return data

        # 未激活
        data['msg'] = gettext("Account is inactive or frozen")
        data["msg_type"] = "w"
        data["http_status"] = 401

    else:
        # 密码错误
        mdb_user.db.user_login_log.update_one({'user_id':user.str_id},
                                              {"$inc":{"pass_error":1}},
                                              upsert=True)

        # 判断是否多次密码错误
        if user_p and 'pass_error' in user_p and user_p['pass_error'] >= PW_WRONG_NUM_IMG_CODE:
            # 图片验证码验证码
            data["open_img_verif_code"] = True
        data['msg'] = gettext("Account or password error")
        data["msg_type"] = "e"
        data["http_status"] = 401
    return data