async def login_access_token(
*,
db: Session = Depends(deps.get_db),
user_info: user.UserEmailAuth,
) -> Any:
"""
用户登录
:param db:
:param user_info:
:return:
"""
# 验证用户
user = curd_user.authenticate(db, email=user_info.username, password=user_info.password)
if not user:
logger.info(f"用户邮箱认证错误: email{user_info.username} password:{user_info.password}")
return response_code.resp_500(message="用户名或者密码错误")
elif not curd_user.is_active(user):
return response_code.resp_500(message="用户邮箱未激活")
access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
return response_code.resp_200(data={
"token": security.create_access_token(user.id, expires_delta=access_token_expires),
"token_type": "Bearer",
})
async def login_for_access_token(
form_data: OAuth2PasswordRequestForm = Depends()):
user = await authenticate_user(form_data.username, form_data.password)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password.",
headers={"WWW-Authenticate": "Bearer"},
)
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = create_access_token(data={"sub": user.username},
expires_delta=access_token_expires)
logging.info(user)
user_data = {
"id": user.oid,
"license": user.license,
"name": user.name,
"username": user.username,
"email": user.email,
"licenseOwner": user.licenseOwner,
"verified": user.verified,
"disabled": user.disabled,
"roles": user.roles,
"token": access_token,
}
return {
"access_token": access_token,
"token_type": "bearer",
"user": user_data
}
async def login_access_token(
*,
db: Session = Depends(deps.get_db),
user_info: user_schema.UserEmailAuth,
) -> Any:
"""
用户JWT登录
:param db:
:param user_info:
:return:
"""
# 验证用户
user = curd_user.authenticate(db, email=user_info.username, password=user_info.password)
if not user:
logger.info(f"用户邮箱认证错误: email{user_info.username} password:{user_info.password}")
return response_code.resp_4003(message="username or password error")
elif not curd_user.is_active(user):
return response_code.resp_4003(message="User email not activated")
access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
# 登录token 只存放了user.id
return response_code.resp_200(data={
"token": security.create_access_token(user.id, expires_delta=access_token_expires),
})
async def login_access_token(
form_data: schemas.UserLogin,
db: AsyncIOMotorClient = Depends(get_database)
) -> Any:
"""
登录接口
:param form_data:
:param db:
:return: {code: int, data: {'access_token':xxx, "name": xxx}, 'message':xxx}
"""
user = await crud.user.authenticate(db, login_data=form_data)
if not user:
return {'code': 50000, 'message': '账号或者密码错误!'}
elif not await crud.user.is_active(user):
return {'code': 50004, 'message': '账号冻结,请联系管理员激活账号!'}
access_token_expires = timedelta(
minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
return {
"code": 20000,
"data": {
"access_token":
security.create_access_token(user['username'],
expires_delta=access_token_expires),
"name":
user['full_name']
},
'message': '登陆成功!'
}
def basic_user_token(
test_db,
create_basic_user # noqa F811
):
if authenticate(test_db,
username=settings.TEST_USER_USERNAME,
password=settings.TEST_USER_PASSWORD):
return create_access_token(settings.TEST_USER_USERNAME)
async def login(login: Login,
users: UserRepository = Depends(get_user_repository)):
user = await users.get_by_email(login.email)
if user is None or not verify_password(login.password,
user.hashed_password):
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password")
return Token(access_token=create_access_token({"sub": user.email}),
token_type="Bearer")
def login(user:Login,db: Session = Depends(get_db)):
user = authenticate(db,user.email,user.password)
if not user:
raise HTTPException(status_code=400, detail="Incorrect email or password")
return {
"access_token": create_access_token(user.email),
"token_type": "bearer",
"rol_id": user.rol.id if user.rol else None,
"rol_name": user.rol.name if user.rol else None
}
def login(user: Login, db: Session = Depends(get_db)):
user = authenticate(db,
username=user.username,
password=user.password,
email=user.email)
if not user:
raise HTTPException(status_code=400,
detail='Incorrect email or password')
return {
'access_token': create_access_token(user.username),
'token_type': 'bearer',
'rol_id': user.rol.id if user.rol else None,
'rol_name': user.rol.name if user.rol else None
}
def login(user: Login, db: Session = Depends(get_db)) -> TokenUser:
user_auth = authenticate(db, username=user.username, password=user.password, email=user.email)
if not user_auth:
credential_type = 'email' if user.email else 'username'
raise HTTPException(
status_code=400,
detail=f'Incorrect {credential_type} or password'
)
return {
'access_token': create_access_token(user_auth.username),
'token_type': 'bearer',
'rol_id': user_auth.rol.id if user_auth.rol else None,
'rol_name': user_auth.rol.name if user_auth.rol else None
}
def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends(),
db: Session = Depends(get_db)):
user = authenticate_user(username=form_data.username,
password=form_data.password,
db=db)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
)
access_token_expires = timedelta(
minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = create_access_token(data={"sub": user.email},
expires_delta=access_token_expires)
return {"access_token": access_token, "token_type": "bearer"}
async def login_for_access_token(
form_data: OAuth2PasswordRequestForm = Depends()):
user = security.authenticate_user(fake_users_db, form_data.username,
form_data.password)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
headers={"WWW-Authenticate": "Bearer"},
)
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = security.create_access_token(
data={"sub": user.username}, expires_delta=access_token_expires)
return {"access_token": access_token, "token_type": "bearer"}
async def login_for_access_token(*,
username: str = Body(...),
password: str = Body(...),
db: Session = Depends(get_db),
respose: Response):
user = crud.user.authenticate(db, username, password)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
headers={"WWW-Authenticate": "Bearer"},
)
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = create_access_token(data={"sub": user.username},
expires_delta=access_token_expires)
# respose.set_cookie("airwaybill-session", access_token) //mvc set cookies
return {"access_token": access_token, "token_type": "bearer"}
async def profile_login(user_info: UserLogin):
"""
登录 \n
username admin \n
password 12345 \n
:param user_info:
:return:
"""
# 由于这里这是模拟 所以就不查询数据库了, 如有需要查看我这个项目 FastAPI jwt登录认证
# https://github.com/CoderCharm/FastAdmin/blob/master/backend/app/api/api_v1/auth/views.py#L32
if user_info.username == "admin" and user_info.password == "12345":
# 过期时间
access_token_expires = timedelta(minutes=config.ACCESS_TOKEN_EXPIRE_MINUTES)
# 保存数据到token中, 我这里保存的是用户名 一般保存用户id
token = security.create_access_token(user_info.username, expires_delta=access_token_expires)
return response_code.resp_200({"token": token})
else:
return response_code.resp_200(message="用户名或者密码错误")
def login_access_token(db: Session = Depends(deps.get_db),
form_data: OAuth2PasswordRequestForm = Depends()):
"""
OAuth2 compatible token login, get an access token for future requests
"""
user = user_crud.authenticate(db,
email=form_data.username,
password=form_data.password)
if not user:
raise HTTPException(status_code=400,
detail="Incorrect email or password")
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
return {
"access_token":
security.create_access_token(user.id,
expires_delta=access_token_expires),
"token_type":
"bearer",
}
def login_access_token(
db: Session = Depends(deps.get_db), form_data: OAuth2PasswordRequestForm = Depends()
) -> Any:
"""
OAuth2 compatible token login, get an access token for future requests
"""
user = crud.user.authenticate(
db, email=form_data.username, password=form_data.password
)
if not user:
raise NotFoundException("用户不存在")
elif not crud.user.is_active(user):
raise UnicornException("无效用户")
access_token_expires = timedelta(
minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
return resp_200({
"access_token": security.create_access_token(
user.id, expires_delta=access_token_expires
),
"token_type": "bearer",
})
def login_access_token(
form_data: OAuth2PasswordRequestForm = Depends(),
db: Session = Depends(deps.get_db),
) -> Any:
user = crud.user.authenticate(db,
email=form_data.username,
password=form_data.password)
if not user:
raise HTTPException(status_code=400,
detail="Incorrect email or password")
elif not crud.user.is_active(user):
raise HTTPException(status_code=400, detail="Inactive user")
access_token_expires = timedelta(
minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
return {
"access_token":
security.create_access_token(user.id,
expires_delta=access_token_expires),
"token_type":
"bearer",
}
async def get_token(request: Request,
form_data: AuthLoginForm = Depends(verify_auth_form)):
login_log = LoginLog(grant_type=form_data.grant_type,
ip_address=request.client.host)
response = AuthorizationResponse(
token_type="Bearer", expires_in=settings.ACCESS_TOKEN_EXPIRATION_TIME)
user: ORMUser = None
if form_data.grant_type == "password":
user = await ORMUser.query.where(ORMUser.email == form_data.username
).gino.first()
if user is None or form_data.password != user.password:
if not user:
pre_user: PreUser = await PreUser.query.where(
PreUser.email == form_data.username).gino.first()
if pre_user and pre_user.password == form_data.password:
token: str = await create_email_confirmation_token(pre_user
)
await send_confirmation_email(pre_user.email, token)
return {
"pre_user_id":
pre_user.id,
"success":
"emailconfirm_login",
"success_description":
"Need to confirm email before login",
}
if user.password == None:
#TODO: AUTENTIFICAR COM GOOGLE,FACEBOOK ou APPLE
return ''
raise HTTPException(
status_code=400,
detail={
"error": "invalid_grant",
"error_description": "Email or password incorrect.",
},
)
refresh_token = await create_refresh_token(user)
response.refresh_token = refresh_token
if form_data.grant_type == "refresh_token":
if not await verify_refresh_token(form_data.refresh_token):
raise HTTPException(
status_code=400,
detail={
"error": "invalid_grant",
"error_description": "Refresh token invalid or revoked.",
},
)
user = await get_owner_refresh_token(form_data.refresh_token)
response.refresh_token = form_data.refresh_token
if not user.is_active:
raise HTTPException(
status_code=400,
detail={
"error": "invalid_grant",
"error_description": "User is not active.",
},
)
login_log.user_id = user.id
await login_log.create()
response.access_token = create_access_token(user)
return response
def signin_by_verify_code(self, db: Session, request: Request,
response: Response, *,
obj_in: schema_user.UserVerifyCodeSigninIn):
"""
通过 短信/邮箱 验证码登录
:param account: 手机号/邮箱/用户名
:param verify_code: 验证码
:return: token, 提示信息
"""
# --------- 比较验证码是否匹配 ----------- #
redis_verify_code = redis_client.get(obj_in.account)
if obj_in.verify_code != redis_verify_code:
message = "验证码不正确或已过期"
response.status_code = status.HTTP_422_UNPROCESSABLE_ENTITY
logger.error(message)
return None, message
if re.match(RE_PHONE, obj_in.account): # 手机
db_user = crud_user.get_user_by_phone(db, phone=obj_in.account)
elif re.match(RE_EMAIL, obj_in.account): # 邮箱
db_user = crud_user.get_user_by_email(db, email=obj_in.account)
else:
message = "账号输入有误,请重新输入"
response.status_code = status.HTTP_422_UNPROCESSABLE_ENTITY
logger.error(message)
return None, message
# ----------- 判断账号是否注册过 ----------- #
userid = None
authorityid = None
if not db_user:
if re.match(RE_PHONE, obj_in.account): # 手机
dict_obj_in = {
"phone": obj_in.account,
"hashed_password": None,
"ip": request.client.host
}
db_user_obj = crud_user.create_by_phone(db, obj_in=dict_obj_in)
elif re.match(RE_EMAIL, obj_in.account): # 邮箱
dict_obj_in = {
"email": obj_in.account,
"hashed_password": None,
"ip": request.client.host
}
db_user_obj = crud_user.create_by_email(db, obj_in=dict_obj_in)
if not db_user_obj:
message = "登录失败"
response.status_code = status.HTTP_500_INTERNAL_SERVER_ERROR
logger.error(message)
return None, message
userid = db_user_obj.id # 将新增之后的 用户id 赋值给变量
authorityid = db_user_obj.authorityid # 默认权限
elif db_user.status == 1:
message = f"账号 {obj_in.account} 已被禁用"
response.status_code = status.HTTP_403_FORBIDDEN
logger.error(message)
return None, message
if db_user:
userid = db_user.id
authorityid = db_user.authorityid
# -------- # 登录token 存储了userid 和 authorityid ------- #
access_token_expires = timedelta(
minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
token = security.create_access_token(
userid, authorityid, expires_delta=access_token_expires)
redis_client.set(userid,
token,
ex=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
# --------- 登录成功之后向数据库添加一条登录日志信息 ---------- #
ip = request.client.host # 用户ip
signin_log_id = crud_user.add_signin_log(db, userid=userid, ip=ip)
if not signin_log_id:
message = f"用户 {obj_in.account} 登录失败"
response.status_code = status.HTTP_500_INTERNAL_SERVER_ERROR
logger.error(message)
return None, message
else:
redis_client.set(obj_in.account, "", ex=1) # 使验证码失效
message = f"用户 {obj_in.account} 登录成功"
response.status_code = status.HTTP_200_OK
return token, message
def signin(self, db: Session, request: Request, response: Response, *,
obj_in: schema_user.UserPasswordSigninIn):
"""
通过密码登录
:param account: 手机号/邮箱/用户名
:param password: 密码
:return: token, 提示信息
"""
# -------- 判断输入账号 手机号/邮箱/用户名 ------- #
if re.match(RE_PHONE, obj_in.account): # 手机
db_user = crud_user.get_user_by_phone(db, phone=obj_in.account)
elif re.match(RE_EMAIL, obj_in.account): # 邮箱
db_user = crud_user.get_user_by_email(db, email=obj_in.account)
else: # 用户名
db_user = crud_user.get_user_by_username(db,
username=obj_in.account)
# --------- 判断账号是否注册过 ---------- #
if not db_user:
message = f"账号 {obj_in.account} 未注册"
response.status_code = status.HTTP_404_NOT_FOUND
elif db_user.status == 1:
message = f"账号 {obj_in.account} 已被禁用"
response.status_code = status.HTTP_403_FORBIDDEN
else:
# ------ 判断用户是否设置初始密码 ------ #
if not db_user.hashed_password:
message = f"账号 {obj_in.account} 还未设置初始密码"
response.status_code = status.HTTP_401_UNAUTHORIZED
return None, message
# --------- 密码进行比对 ----------- #
if not security.verify_password(obj_in.password,
db_user.hashed_password):
message = f"用户 {obj_in.account} 密码不正确"
response.status_code = status.HTTP_401_UNAUTHORIZED
logger.error(message)
else:
# -------- # 登录token 存储了userid 和 authorityid ------- #
access_token_expires = timedelta(
minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
token = security.create_access_token(
db_user.id,
db_user.authorityid,
expires_delta=access_token_expires)
redis_client.set(db_user.id,
token,
ex=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
# -------- 登录成功之后向数据库添加一条登录日志信息 -------- #
ip = request.client.host # 用户ip
db_signin_log = crud_user.add_signin_log(db,
userid=db_user.id,
ip=ip)
if not db_signin_log:
message = f"用户 {obj_in.account} 登录失败"
response.status_code = status.HTTP_401_UNAUTHORIZED
else:
message = f"用户 {obj_in.account} 登录成功"
response.status_code = status.HTTP_200_OK
return token, message
logger.error(message)
return None, message
