def register(mailman, user, by_admin):
if not UserValidation.register_format_valid(user):
return REGISTER_VALIDATION_FAILED
user['password'] = PasswordManager.hashed_password(user['password'])
my_user = User.query_by_username_or_email(user['username'],
user['email'])
if my_user:
return REGISTER_DUPLICATED_USERNAME_OR_EMAIL
random_id, my_time = RegisterAction.insert(user['username'],
user['password'],
user['email'])
UserAction.insert(user['username'], REGISTER_ACTION, random_id,
my_time)
token_register = TokenManager.token_provider(
{
'username': user['username'],
'password': user['password'],
'email': user['email'],
'action_id': random_id
}, OtherConfig.CONFIRMATION_TIME_OUT)
my_thread = MyThread(
ACTION_SEND_MAIL, app, mailman, REGISTER_TITLE, REGISTER_MESSAGE +
OtherConfig.HOST + '/confirm/register/' + str(token_register),
user['email'])
my_thread.start()
return REGISTER_SUCCESS
def password_reset(mailman, username, email=None):
my_user = User.query_by_username(username)
old_password = my_user.password
right_email = my_user.email
if right_email != email:
return
new_random_password = RandomGenerator.random_password()
random_id, my_time = PasswordResetAction.insert(
username=username,
email=email,
old_password=old_password,
new_password=new_random_password)
UserAction.insert(username=username,
action_type=PASSWORD_RESET_ACTION,
action_id=random_id,
my_time=my_time)
token_password_reset = TokenManager.token_provider(
{
'username': username,
'new_password': new_random_password,
'action_id': random_id
}, OtherConfig.CONFIRMATION_TIME_OUT)
my_thread = MyThread(
ACTION_SEND_MAIL, app, mailman,
PASSWORD_RESET_TITLE, 'username: {}\npassword: {}\n'.format(
username, new_random_password) + PASSWORD_RESET_MESSAGE +
OtherConfig.HOST + '/confirm/password_reset/' +
str(token_password_reset), email)
my_thread.start()
return token_password_reset
def password_change(username, old_password, new_password, by_admin):
if not UserValidation.password_change_format_valid(
{
'username': username,
'old_password': old_password,
'new_password': new_password
}):
return PASSWORD_CHANGE_VALIDATION_FAILED
old_password = PasswordManager.hashed_password(old_password)
new_password = PasswordManager.hashed_password(new_password)
verify_user = User.query_by_username(username=username)
if verify_user:
if by_admin and verify_user.privilege == ADMIN_PRIVILEGE:
return PASSWORD_CHANGE_PRIVILEGE_FAILED
if by_admin or verify_user.password == old_password:
last_five_password = PasswordChangeAction.last_five_password(
username)
if not by_admin and new_password in last_five_password:
return PASSWORD_CHANGE_LAST_FIVE_PASSWORDS
old_password = verify_user.password
User.update_password(username=username,
new_password=new_password)
random_id, my_time = PasswordChangeAction.insert(
username=username,
old_password=old_password,
new_password=new_password)
UserAction.insert(username=username,
action_type=PASSWORD_CHANGE_ACTION,
action_id=random_id,
my_time=my_time)
return PASSWORD_CHANGE_SUCCESS
return PASSWORD_CHANGE_FAILED
def login_action(username):
random_id, my_time = LoginAction.insert(username=username,
success=True)
UserAction.insert(username=username,
action_type=LOGIN_ACTION,
action_id=random_id,
my_time=my_time)
return random_id
def get_action_by_action_id(_id):
record = UserAction.get_action_info_by_id(_id)
if record:
model = respective_action_model[record.action_type]
random_id = record.action_id
returned_record = Action.get_action_detail_by_id(random_id, model)
# returned_record = model.get_action_detail_by_id(random_id, model)
returned_record = parse_record_data(returned_record, record.action_type)
return returned_record
return None
def user_actions(username):
res = UserAction.get_actions_by_username(username)
ans = []
for row in res:
ans.append(
{
'id': row.id,
'time': row.time,
'action': respective_action_text_name[row.action_type],
'action_id': row.action_id
}
)
return ans
def login(user):
if not UserValidation.login_format_valid(user):
return None
username = user['username']
password = user['password']
password = PasswordManager.hashed_password(password)
my_user = User.query_by_username(username=username)
returned_value = {'signal': SIGNAL_NOTHING, 'token': None}
if my_user:
if my_user.password == password:
random_id = UserController.login_action(my_user.username)
if not AccountLock.account_being_locked(username):
AccountLock.unlock_account(username)
return {
'signal':
SIGNAL_NOTHING,
'token':
TokenManager.token_provider(
{
'username': my_user.username,
'privilege': my_user.privilege,
'action_id': random_id
}, OtherConfig.LOGIN_TIME_OUT)
}
else:
return {'signal': SIGNAL_ACCOUNT_LOCK, 'token': None}
else:
returned_value['signal'] = AccountLock.failed_login(username)
random_id, my_time = LoginAction.insert(username=username,
success=False)
UserAction.insert(username=username,
action_type=LOGIN_ACTION,
action_id=random_id,
my_time=my_time)
return returned_value
def get_logout_time(username):
action_id = UserAction.get_login_action_id_by_username(username)
record = db.session.query(LoginAction).filter(LoginAction.random_id == action_id).first()
if record:
return record.logout_time
return -1