def update():
token = request.args["token"]
key = "csrf_token_{}".format(token)
username = request.form["username"]
user = User.one(username=username)
log("reset update:", user.id, cache.get(key))
new_ps = request.form['password']
if cache.exists(key) and int(cache.get(key)) == user.id:
user.password = User.salted_password(new_ps)
user.save()
return redirect('/')
else:
return abort(401)
def replied_topic(user_id):
# O(k)+O(m*n)
# rs = Reply.all(user_id=user_id)
# ts = []
# for r in rs:
# t = Topic.one(id=r.topic_id)
# ts.append(t)
# return ts
#
# sql = """
# select * from topic
# join reply on reply.topic_id=topic.id
# where reply.user_id=1
# """
k = 'replied_topic_{}'.format(user_id)
if cache.exists(k):
v = cache.get(k)
ts = json.loads(v)
return ts
else:
rs = Reply.all(user_id=user_id)
ts = []
for r in rs:
t = Topic.one(id=r.topic_id)
ts.append(t)
v = json.dumps([t.json() for t in ts])
cache.set(k, v)
return ts
def reset():
token = request.form.get('token')
password = request.form.get('password')
if cache.exists(token):
u = User.one(id=cache.get(token))
u.reset_password(password)
cache.delete(token)
return redirect(url_for('index.index'))
else:
redirect('404')
def update():
form = request.form.to_dict()
password = form['password']
token = form['token']
if cache.exists(token):
u = User.one(id=int(cache.get(token)))
form['password'] = User.salted_password(password)
form['updated_time'] = int(time.time())
form.pop('token')
User.update(u.id, **form)
return redirect(url_for('.index'))
def reset_update(token):
if token is not None:
user_id = cache.get(token)
log('user_id:', user_id)
u = User.one(id=int(user_id))
new_password = request.form['password']
u.update(id=user_id, password=u.salted_password(new_password))
log('重置密码成功')
return redirect(url_for('.index'))
def reset_view():
token = request.args["token"]
key = "csrf_token_{}".format(token)
if cache.exists(key):
user_id = cache.get(key)
cache.delete(key)
user = User.one(id=user_id)
token = new_csrf_token(user)
return render_template('reset.html', token=token, user=user)
else:
return abort(401)
def created_topic(user_id):
k = 'created_topic_{}'.format(user_id)
if cache.exists(k):
v = cache.get(k)
ts = json.loads(v)
ts = [Topic(**t) for t in ts]
return ts
else:
ts = Topic.all(user_id=user_id)
v = json.dumps([t.json() for t in ts])
cache.set(k, v)
return ts
def update(token):
k = 'csrf_tokens_{}'.format(token)
v = cache.get(k)
uid = v
if uid is None:
abort(401)
u = User.one(id=uid)
new_pass = request.form['password']
u.update(id=u.id, password=User.salted_password(new_pass))
return redirect(url_for('login.login'))
def update():
form = request.form.to_dict()
log('form', form)
token = str(request.referrer).split('=')[-1]
# log('token', token, request.referrer, csrf_tokens)
# user_id = csrf_tokens[token]
user_id = cache.get(token)
u = User.one(id=user_id)
new_password = User.salted_password(form['password'])
User.update(u.id, password=new_password)
return render_template('login.html')
def reset_post(token):
u_id = json.loads(cache.get(token))
password = request.form['password']
if u_id is not None and len(password) > 2:
u = User.one(id=u_id)
u.password = u.salted_password(password)
User.update(u_id, password=u.password)
flash('重置密码成功!')
return redirect(url_for('index.index'))
else:
flash('密码格式错误!')
return redirect(url_for('.reset', token=token))
def replied_topic(user_id):
k = 'replied_topic_{}'.format(user_id)
if cache.exists(k):
v = cache.get(k)
ts = json.loads(v)
return ts
else:
rs = Reply.all(user_id=user_id)
ts = []
for r in rs:
t = Topic.one(id=r.topic_id)
ts.append(t)
v = json.dumps([t.json() for t in ts])
cache.set(k, v)
return ts
def reset():
token = request.args.get('token', None)
try:
u_id = json.loads(cache.get(token))
except:
return abort(Response('无效的token验证码!'))
if u_id is not None:
u = User.one(id=u_id)
# 删除使用后的token
cache.delete(token)
# 生成新的token
token = new_csrf_token(u)
# 帮用户进行登陆
session_id = session_user(u.id)
res = current_app.make_response(render_template('forget/reset.html', token=token))
res.set_cookie('cache_session', session_id)
return res
else:
return abort(Response('无效的token验证码!'))
def replied_topic(user_id):
# 避免ORM的n+1问题
k = 'replied_topic_{}'.format(user_id)
if cache.exists(k):
v = cache.get(k)
ts = json.loads(v, object_hook=topichook)
return ts
else:
# 调用SQLAlchemy join拼接table;filter查询;order_by排序;desc()倒序
# 解决ORM的n+1问题
ts = Topic.query.join(Reply, Reply.topic_id == Topic.id)\
.filter(Reply.user_id == user_id)\
.order_by(Reply.created_time.desc())\
.all()
# rs = Reply.all(user_id=user_id)
# ts = []
# for r in rs:
# t = Topic.one(id=r.topic_id)
# ts.append(t)
# ts = sorted(ts, key=lambda x: x.updated_time, reverse=True)
v = json.dumps([t.json() for t in ts])
cache.set(k, v)
return ts
