def register_by_password():
"""注册:第三步:使用密码验证注册"""
if request.method == 'POST':
if any(
map(lambda x: not request.form.get(x, None),
("password", "password2", "jwPassword"))):
flash(MSG_EMPTY_PASSWORD)
return redirect(url_for("user.register_by_password"))
# 密码强度检查
pwd_strength_report = zxcvbn(password=request.form["password"])
if pwd_strength_report['score'] < 2:
SimplePassword.new(
password=request.form["password"],
sid_orig=session[SESSION_STUDENT_TO_REGISTER].sid_orig)
flash(MSG_WEAK_PASSWORD)
return redirect(url_for("user.register_by_password"))
if request.form["password"] != request.form["password2"]:
flash(MSG_PWD_DIFFERENT)
return redirect(url_for("user.register_by_password"))
# captcha
if not TencentCaptcha.verify_old():
flash(MSG_INVALID_CAPTCHA)
return redirect(url_for("user.register_by_password"))
request_id = IdentityVerification.new_register_request(
session[SESSION_STUDENT_TO_REGISTER].sid_orig,
"password",
ID_STATUS_WAIT_VERIFY,
password=request.form["password"])
# call everyclass-auth to verify password
with tracer.trace('register_by_password'):
try:
rpc_result = Auth.register_by_password(
request_id=str(request_id),
student_id=session[SESSION_STUDENT_TO_REGISTER].sid_orig,
password=request.form["jwPassword"])
except Exception as e:
return handle_exception_with_error_page(e)
if rpc_result['acknowledged']:
session[SESSION_PWD_VER_REQ_ID] = request_id
return render_template('user/passwordRegistrationPending.html',
request_id=request_id)
else:
return render_template('common/error.html',
message=MSG_INTERNAL_ERROR)
else:
# show password registration page
if not session.get(SESSION_STUDENT_TO_REGISTER, None):
return render_template('common/error.html',
message=MSG_VIEW_SCHEDULE_FIRST)
return render_template("user/passwordRegistration.html",
name=session[SESSION_STUDENT_TO_REGISTER].name)
def register_by_password():
"""使用密码验证注册
JSON 参数:
- student_id
- password
- jw_password
- captcha_ticket
- captcha_rand
- remote_addr
"""
passed, ret_msg, student_id, password, jw_password = check_payloads(
("student_id", return_err(E_EMPTY_USERNAME)),
("password", return_err(E_EMPTY_PASSWORD)),
("jw_password", return_err(E_EMPTY_PASSWORD)))
if not passed:
return ret_msg
# todo 这里可以通过 api-server 查询判断一下学号是否存在
# captcha
if not TencentCaptcha.verify():
return return_err(E_INVALID_CAPTCHA)
# 密码强度检查
pwd_strength_report = zxcvbn(password=password)
if pwd_strength_report['score'] < 2:
SimplePassword.new(password=password,
sid_orig=student_id)
return return_err(E_WEAK_PASSWORD)
request_id = IdentityVerification.new_register_request(student_id,
"password",
ID_STATUS_WAIT_VERIFY,
password=password)
# call everyclass-auth to verify password
try:
rpc_result = Auth.register_by_password(request_id=str(request_id),
student_id=student_id,
password=jw_password)
except Exception as e:
return handle_exception_with_json(e, True)
if rpc_result['acknowledged']:
return jsonify({"success" : True,
"message" : "Acknowledged",
"request_id": str(request_id)})
else:
return return_err(E_BE_INTERNAL)
def login():
"""
用户登录
采用JSON POST。如果正确则返回 JWT Token
JSON 参数:
- student_id
- password
- captcha_ticket
- captcha_rand
- remote_addr
"""
passed, ret_msg, student_id, password = check_payloads(("student_id", return_err(E_EMPTY_USERNAME)),
("password", return_err(E_EMPTY_PASSWORD)))
if not passed:
return ret_msg
# captcha
if not TencentCaptcha.verify():
return return_err(E_INVALID_CAPTCHA)
# 检查学号是否存在
try:
student = APIServer.get_student(student_id)
except RpcResourceNotFound:
return return_err(E_STUDENT_UNEXIST)
except Exception as e:
return handle_exception_with_json(e, lazy=True)
try:
success = User.check_password(student_id, password)
except ValueError:
# 未注册
return return_err(E_STUDENT_NOT_REGISTERED)
if success:
return jsonify({"success": True,
"token" : generate_token({"sub": student.student_id,
"pol": current_app.config.TYK_POLICY_ID})})
else:
return return_err(E_WRONG_PASSWORD)
def register_by_password():
"""注册:第三步:使用密码验证注册"""
if not session.get(SESSION_USER_REGISTERING, None):
return render_template('common/error.html',
message=MSG_VIEW_SCHEDULE_FIRST)
if request.method == 'POST':
if any(
map(lambda x: not request.form.get(x, None),
("password", "password2", "jwPassword"))):
flash(MSG_EMPTY_PASSWORD)
return redirect(url_for("user.register_by_password"))
if request.form["password"] != request.form["password2"]:
flash(MSG_PWD_DIFFERENT)
return redirect(url_for("user.register_by_password"))
# captcha
if not TencentCaptcha.verify_old():
flash(MSG_INVALID_CAPTCHA)
return redirect(url_for("user.register_by_password"))
try:
request_id = user_service.register_by_password(
request.form["jwPassword"], request.form["password"],
session.get(SESSION_USER_REGISTERING, None).identifier)
except everyclass.server.user.exceptions.PasswordTooWeakError:
flash(MSG_WEAK_PASSWORD)
return redirect(url_for("user.register_by_password"))
except Exception as e:
return handle_exception_with_error_page(e)
session[SESSION_PWD_VER_REQ_ID] = request_id
return render_template('user/passwordRegistrationPending.html',
request_id=request_id)
else:
# show password registration page
return render_template("user/passwordRegistration.html",
name=session[SESSION_USER_REGISTERING].name)
def login():
"""
登录页
判断学生是否未注册,若已经注册,渲染登录页。否则跳转到注册页面。
"""
if request.method == 'GET':
if session.get(SESSION_LAST_VIEWED_STUDENT, None):
user_name = session[SESSION_LAST_VIEWED_STUDENT].name
else:
user_name = None
return render_template('user/login.html', name=user_name)
else: # 表单提交
if not request.form.get("password", None):
flash(MSG_EMPTY_PASSWORD)
return redirect(url_for("user.login"))
# captcha
if not TencentCaptcha.verify_old():
flash(MSG_INVALID_CAPTCHA)
return redirect(url_for("user.login"))
if request.form.get("xh", None): # 已手动填写用户名
student_id = request.form["xh"]
# 检查学号是否存在
try:
Entity.get_student(student_id)
except RpcResourceNotFound:
flash(MSG_USERNAME_NOT_EXIST)
return redirect(url_for("user.login"))
except Exception as e:
return handle_exception_with_error_page(e)
else:
if session.get(SESSION_LAST_VIEWED_STUDENT, None):
student_id = session[
SESSION_LAST_VIEWED_STUDENT].sid_orig # 没有手动填写,使用获取最后浏览的学生
else:
flash(MSG_EMPTY_USERNAME) # 没有最后浏览的学生,必须填写用户名
return redirect(url_for("user.login"))
try:
success = User.check_password(student_id, request.form["password"])
except ValueError:
# 未注册
flash(MSG_NOT_REGISTERED)
_session_save_student_to_register_(student_id)
return redirect(url_for("user.register"))
if success:
try:
student = Entity.get_student(student_id)
except Exception as e:
return handle_exception_with_error_page(e)
# 登录态写入 session
session[SESSION_CURRENT_USER] = StudentSession(
sid_orig=student_id,
sid=student.student_id_encoded,
name=student.name)
return redirect(url_for("user.main"))
else:
flash(MSG_WRONG_PASSWORD)
return redirect(url_for("user.login"))
def login():
"""
登录页
判断学生是否未注册,若已经注册,渲染登录页。否则跳转到注册页面。
"""
if request.method == 'GET':
if session.get(SESSION_LAST_VIEWED_STUDENT, None):
user_name = session[SESSION_LAST_VIEWED_STUDENT].name
else:
user_name = None
return render_template('user/login.html', name=user_name)
else: # 表单提交
if not request.form.get("password", None):
flash(MSG_EMPTY_PASSWORD)
return redirect(url_for("user.login"))
# captcha
if not TencentCaptcha.verify_old():
flash(MSG_INVALID_CAPTCHA)
return redirect(url_for("user.login"))
if request.form.get("xh", None): # 已手动填写用户名
identifier = request.form["xh"]
# 检查学号/教工号是否存在
try:
entity_service.get_people_info(identifier)
except entity_service.PeopleNotFoundError:
flash(MSG_USERNAME_NOT_EXIST)
return redirect(url_for("user.login"))
except Exception as e:
return handle_exception_with_error_page(e)
else:
if session.get(SESSION_LAST_VIEWED_STUDENT, None):
identifier = session[
SESSION_LAST_VIEWED_STUDENT].sid_orig # 没有手动填写,使用获取最后浏览的学生
else:
flash(MSG_EMPTY_USERNAME) # 没有最后浏览的学生,必须填写用户名
return redirect(url_for("user.login"))
try:
success = user_service.check_password(identifier,
request.form["password"])
except everyclass.server.user.exceptions.UserNotExists:
# 未注册
flash(MSG_NOT_REGISTERED)
return redirect(url_for("user.register"))
if success:
try:
_set_current_user(identifier)
except Exception as e:
return handle_exception_with_error_page(e)
return redirect(url_for("user.main"))
else:
flash(MSG_WRONG_PASSWORD)
return redirect(url_for("user.login"))