async def add_token_in_db(user_id: UUID, token: str):
token_in_db = await find_token_by_user_id(user_id)
if token_in_db:
query = Token.update().values(token=token)
else:
query = Token.insert().values(user_id=user_id, token=token)
await database.execute(query)
return user_id
def oaLogin(self, jsonInfo):
info = json.loads(jsonInfo)
tel = info['tel']
password = info['password']
# 验证用户真实存在
query = db.session.query(UserInfo).filter(UserInfo.tel == tel)
result = query.first()
if result is None:
errorInfo = ErrorInfo['TENDER_10']
return (False, errorInfo)
# 验证登录密码正确
password = self.getMD5String(password)
passwordResult = query.filter(
and_(UserInfo.tel == tel, UserInfo.password == password)).first()
if passwordResult is None:
errorInfo = ErrorInfo['TENDER_05']
return (False, errorInfo)
userType = result.userType
jobNumber = result.jobNumber
if userType < USER_TAG_BOSS or userType > USER_TAG_OPERATOR:
return (False, ErrorInfo['TENDER_34'])
if result.disable is True:
return (False, ErrorInfo['TENDER_43'])
# 生成新的Token记录
userID = result.userID
createTime = datetime.now()
tokenID = self.generateID(userID)
try:
db.session.query(Token).filter(Token.userID == userID).delete(
synchronize_session=False)
token = Token(tokenID=tokenID,
userID=userID,
createTime=createTime,
validity='7')
db.session.add(token)
db.session.commit()
except Exception as e:
print e
errorInfo = ErrorInfo['TENDER_02']
errorInfo['detail'] = str(e)
db.session.rollback()
return (False, errorInfo)
resultDic = {}
resultDic['tokenID'] = tokenID
resultDic['userType'] = userType
resultDic['jobNumber'] = jobNumber
if userType == USER_TAG_BOSS or result.tel == '18512538533':
l = [2, 7, 8]
else:
l = [2, 7]
resultDic['rightList'] = l
return (True, resultDic)
def get_token(user_email: str,
customer_id: int,
hashed_pass: str,
access_type: int = 0,
temp_access: bool = False) -> str:
"""
Function generates jwt token. Payload - user_email, creation date of token and exp date
Header - uuid of Token
Signature - encoded with private key signature
:param access_type: int, 0 - normal access, 1 - admin
:param customer_id: int, customer unique identifier in DB
:param hashed_pass: str, hashed password of customer
:param temp_access: bool, either it is token for reset or not
:param user_email: str, email of customer/user
:return: token: str, generated token
"""
creation_date: datetime = datetime.datetime.utcnow()
exp_date: datetime = datetime.datetime.utcnow() + datetime.timedelta(
days=3)
token_uuid: str = uuid.uuid4().hex
# 'signature' is parameter in payload equals to hash(customer_id + user_pass_hash + creation_date + token_uuid)
# The purpose of signature is: once user changes password => hash changes and signature won't match => all tokens will be revoked
# Source: https://security.stackexchange.com/questions/153746/one-time-jwt-token-with-jwt-id-claim
signature: str = get_hash(
str(customer_id) + hashed_pass +
str(timegm(creation_date.utctimetuple())) + token_uuid)
# 'temp_access' parameter for forgot password
token = jwt.encode(payload={
'user_email': user_email,
'customer_id': customer_id,
'access_type': access_type,
'temp_access': temp_access,
'exp': exp_date,
'iat': creation_date,
'signature': signature
},
headers={'kid': token_uuid},
key=PRIVATE_KEY,
algorithm=ALG)
# Add token to DB
new_token: Token = Token(customer_id=customer_id,
token_uuid=token_uuid,
creation_date=creation_date,
exp_date=exp_date)
session.add_all([new_token])
session.flush()
session.commit()
return token
def createToken(self, userID):
createTime = datetime.now()
tokenID = self.generateID(userID + str(createTime))
try:
db.session.query(Token).filter(
Token.userID == userID
).delete(synchronize_session=False)
token = Token(tokenID, userID, createTime, VALID_PERIOD)
db.session.add(token)
db.session.commit()
except Exception as e:
print e
errorInfo = ErrorInfo['TENDER_02']
errorInfo['detail'] = str(e)
db.session.rollback()
return (False, errorInfo)
return tokenID
def login(self, jsonInfo):
info = json.loads(jsonInfo)
tel = info['tel']
password = info['password']
# 验证用户真实存在
query = db.session.query(UserInfo).filter(UserInfo.tel == tel)
result = query.first()
if result is None:
errorInfo = ErrorInfo['TENDER_10']
return (False, errorInfo)
# 验证登录密码正确
password = self.getMD5String(password)
passwordResult = query.filter(
and_(UserInfo.tel == tel, UserInfo.password == password)).first()
if passwordResult is None:
errorInfo = ErrorInfo['TENDER_05']
return (False, errorInfo)
# 生成新的Token记录
userID = result.userID
createTime = datetime.now()
tokenID = self.generateID(userID)
try:
db.session.query(Token).filter(Token.userID == userID).delete(
synchronize_session=False)
token = Token(tokenID=tokenID,
userID=userID,
createTime=createTime,
validity='7')
db.session.add(token)
db.session.commit()
except Exception as e:
print e
errorInfo = ErrorInfo['TENDER_02']
errorInfo['detail'] = str(e)
db.session.rollback()
return (False, errorInfo)
resultDic = {}
resultDic['tokenID'] = tokenID
return (True, resultDic)
async def check_token_in_db(user_id: UUID, token: str):
query = Token.select().where(Token.columns.user_id == user_id).where(
Token.columns.token == token)
token_in_db = await database.fetch_one(query)
return token_in_db
async def remove_token_in_db(user_id: UUID):
query = Token.delete().where(Token.columns.user_id == user_id)
user_id = await database.execute(query)
return user_id
async def find_token_by_user_id(user_id: UUID):
query = Token.select().where(Token.columns.user_id == user_id)
token_in_db = await database.fetch_one(query)
return token_in_db
async def remove_token_in_db(user_id: UUID):
query = Token.delete().where(Token.columns.user_id == user_id)
await database.execute(query)
token_exists = await find_token_by_user_id(user_id)
return True if not token_exists else False
def token(self, table_id=''):
return Token(self.line, self.column, self.type, table_id)