def change_password(self):
"""修改密码"""
try:
old_pwd = str(self.data.pop('oldPassword'))
new_pwd = str(self.data.pop('newPassword'))
except KeyError:
return make_response({"code": "100", "desc": "入参校验失败"})
default_pwd = str(config.DEFAULT_USER_PWD)
if new_pwd == default_pwd:
return make_response({
"code": "400",
"desc": "不能设定为初始密码[{}]".format(default_pwd)
})
token = request.headers.get('X-Token')
username = redis.get_username(token)
user_obj = UserManager.get_user_by_username(username)
if not user_obj:
return make_response({"code": "200", "desc": "userId不存在"})
if user_obj.password != md5(old_pwd):
return make_response({"code": "300", "desc": "原密码错误"})
if new_pwd == old_pwd:
return make_response({"code": "500", "desc": "新旧密码不能相同"})
# 是否修改初始密码
if old_pwd == default_pwd:
# 判断原权限决定升级后的新权限
if user_obj.level == 35:
upgrade_level = 25
else:
upgrade_level = 20
kw = {
'password': md5(new_pwd),
'level': upgrade_level,
'user_status': 0
}
else:
kw = {'password': md5(new_pwd)}
UserManager.update_user(user_obj.id, **kw)
# 清除redis的token和user
redis.delete_token(token)
redis.delete_user(username)
return make_response({"code": "000", "desc": "密码已修改"})
def reset_password(self):
"""重置密码"""
try:
user_id = self.data.pop('userId')
except KeyError:
return make_response({"code": "100", "desc": "入参校验失败"})
obj = UserManager.get_user(user_id)
if not obj:
return make_response({"code": "200", "desc": "userId不存在"})
if obj.username in ['admin', 'guest']:
return make_response({"code": "300", "desc": "特殊账号不能重置密码"})
user_obj = UserManager.get_user(user_id)
if user_obj.level in [25, 35]:
reset_level = 35
else:
reset_level = 30
UserManager.update_user(user_id,
password=md5(config.DEFAULT_USER_PWD),
level=reset_level,
user_status=1)
# 清除redis的token和user
token = redis.get_user_info(obj.username, key='token')
redis.delete_token(token)
redis.delete_user(obj.username)
return make_response({
"code":
"000",
"desc":
"用户密码已重置为[{}]".format(config.DEFAULT_USER_PWD)
})
def add_user(self):
"""新增用户"""
try:
username = str(self.data.pop('username')).strip()
nickname = str(self.data.pop('nickname')).strip()
role = self.data.pop('role')
except KeyError:
return make_response({"code": "100", "desc": "入参校验失败"})
obj = UserManager.get_user_by_username(username)
if obj:
return make_response({
"code": "200",
"desc": "用户<{}>已存在".format(username)
})
if role == 'tester':
level = 30
else:
level = 35
UserManager.insert_user(username=username,
nickname=nickname,
password=md5(config.DEFAULT_USER_PWD),
level=level,
user_status=1)
return make_response({
"code": "000",
"desc": "用户<{}>新增成功".format(username)
})
def login(self):
"""用户登录"""
try:
username = self.data["username"]
plain_password = self.data["password"]
except KeyError:
return make_response({"code": "100", "desc": "入参校验失败"})
user_obj = UserManager.get_user_by_username(username)
if not user_obj:
user_obj = UserManager.get_user_by_nickname(username)
password = md5(plain_password)
if not user_obj or user_obj.password != password:
return make_response({"code": "100", "desc": "用户名或密码错误"})
username = user_obj.username
nickname = user_obj.nickname
level = user_obj.level
old_token = redis.get_user_info(username, key='token')
# token不存在,或者,token存在但已失效
if (not old_token) or (not redis.check_token_valid(old_token)):
token = gen_token(username, password)
user_map = {
'token': token,
'nickname': nickname,
'online': 1,
'level': level
}
redis.set_user_map(username, user_map)
redis.set_token(token,
username,
expire_time=config.LOGIN_EXPIRE_TIME)
else:
token = old_token
redis.set_token(token,
username,
expire_time=config.LOGIN_EXPIRE_TIME)
return make_response({
"code": "000",
"desc": "登录成功",
"token": token,
"username": username,
"nickname": nickname
})
def gen_token(username, password):
"""生成token"""
token = md5(username, password, str(int(time.time())))
return token