def UserAuth_Login(username, password): sql = " SELECT lauth_username, lauth_password FROM user_lauth WHERE lauth_username=%s" data= mysql.get(sql, username) logger.debug("mysql data is %s, request %s:%s" %(data, username, md5(password))) if data and username == data.get("lauth_username") and md5(password) == data.get("lauth_password"): logger.info("%s Sign in successfully" %username) return True else: logger.info("%s Sign in failed" %username) return False
def test_utils(self): self.assertEqual("900150983cd24fb0d6963f7d28e17f72", md5("abc")) self.assertEqual("a9993e364706816aba3e25717850c26c9cd0d89d", sha1("abc")) self.assertEqual("picbed:a:b", rsp("a", "b")) self.assertEqual(parse_valid_comma("a,b, c,"), ["a", "b", "c"]) self.assertEqual(parse_valid_verticaline("a|b| c"), ["a", "b", "c"]) self.assertTrue(is_true(1)) self.assertTrue(is_true("on")) self.assertTrue(is_true("true")) self.assertFalse(is_true(0)) self.assertIsInstance(get_current_timestamp(), int) self.assertTrue(allowed_file("test.PNG")) self.assertTrue(allowed_file(".jpeg")) self.assertFalse(allowed_file("my.psd")) self.assertFalse(allowed_file("ha.gif", ["jpg"])) self.assertFalse(allowed_file("ha.jpeg", ["jpg"])) self.assertFalse(allowed_file("ha.png", ["jpg"])) self.assertTrue(allowed_file("ha.jpg", ["jpg"])) v = "6afa9046a9579cad143a384c1b564b9a250d27d6f6a63f9f20bf3a7594c9e2c6" self.assertEqual(v, hmac_sha256('key', 'text')) self.assertEqual(v, hmac_sha256(b'key', b'text')) self.assertEqual(v, hmac_sha256(u'key', u'text')) self.assertEqual( "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad", sha256("abc"))
def ssoCreateTicket(self, sid=None, agent=None, ip=None): """创建授权令牌写入redis 说明: 授权令牌:临时鉴别使用,有效期3min,写入令牌集合中。 参数: sid str: 当None时表明未登录,此时ticket是首次产生;当真时,说明已登录,此时ticket非首次产生,其值需要设置为有效的sid """ ticket = gen_requestId() init = dict(last=get_current_timestamp()) if sid else dict( ctime=get_current_timestamp(), agent=agent, ip=ip) sid = sid or md5(ticket) tkey = "passport:sso:ticket:{}".format(ticket) skey = "passport:sso:sid:{}".format(sid) try: pipe = self.redis.pipeline() pipe.set(tkey, sid) #tkey过期,ticket授权令牌过期,应当给个尽可能小的时间,并且ticket使用过后要删除(一次性有效) pipe.expire(tkey, 180) #skey初始化数据 pipe.hmset(skey, init) #skey过期,即cookie过期,设置为jwt过期秒数,每次创建ticket都要更新过期时间 pipe.expire(skey, SYSTEM["SESSION_EXPIRE"]) pipe.execute() except Exception, e: logger.error(e, exc_info=True)
def upload_view(): res = dict(code=-1, msg=None) logger.debug(request.files) f = request.files.get('file') if f and allowed_file(f.filename): filename = secure_filename(gen_rnd_filename() + "." + f.filename.split('.')[-1]) #随机命名 basedir = Upyun['basedir'] if Upyun['basedir'].startswith( '/') else "/" + Upyun['basedir'] imgUrl = os.path.join(basedir, filename) try: upres = api.put(imgUrl, f.stream.read()) except Exception, e: logger.error(e, exc_info=True) res.update(code=2, msg="Storage failure") else: imgId = md5(filename) imgUrl = Upyun['dn'].strip("/") + imgUrl upres.update(ctime=get_current_timestamp(), imgUrl=imgUrl, imgId=imgId) try: pipe = g.redis.pipeline() pipe.sadd(picKey, imgId) pipe.hmset("{}:{}".format(GLOBAL['ProcessName'], imgId), upres) pipe.execute() except Exception, e: logger.error(e, exc_info=True) res.update( code=0, msg= "It has been uploaded, but the server has encountered an unknown error" ) else:
def process_item(self, item, spider): err = item.valid() if err: spider.logger.error(err) return if item["full_price"] < 5: return data = dict(item) now = dte.now() if data["crawl_source"] in ["cqky", "zjgsm", "wxsz", "tongcheng", "cbd", "jsky", "fangbian", "jsdlky", "baba", "tzky", "ctrip", "changtu", "scqcp", "bus365",'szky', "xyjt", "gdsw",'dgky', 'zhw','wmcx','lvtu100','glcx','fjky', 'sd365', "anxing", "zuoche"]: data["line_id"] = md5("%(s_city_name)s-%(d_city_name)s-%(drv_datetime)s-%(s_sta_name)s-%(d_sta_name)s-%(crawl_source)s" % data) else: data["line_id"] = md5("%(s_city_name)s-%(d_city_name)s-%(drv_datetime)s-%(bus_num)s-%(crawl_source)s" % data) data["update_datetime"] = now data["refresh_datetime"] = now pk = { "line_id": data["line_id"], } self.collection.replace_one(pk, data, upsert=True)
def get(self): phone = self.get_argument('phone') pwd = self.get_argument('pwd') r = self.db.query(orm.User)\ .filter(orm.User.phone == phone).one_or_none() if not r: return self.error(301, 'Nonexistent phone') if md5(pwd + r.salt) != r.pwd: return self.error(302, 'Wrong password') api_key = verify.Auth().add(r.id) self.response['data'] = api_key return self.write(self.response)
def user_update_password(self, username, OldPassword, NewPassword): """Update user password""" res = {"code": 0, "success": False, "msg": None} if username in self.user_get_list().get( "data", []) and md5(OldPassword) == self.user_get_lauth_passwd( username).get("data"): sql = "UPDATE user_lauth SET lauth_password=%s WHERE lauth_username=%s" if 5 <= len(NewPassword) < 30: try: self.mysql_write.update(sql, md5(NewPassword), username) except Exception, e: logger.api.error(e, exc_info=True) else: res.update(success=True) else: res.update( msg= 'password length requirement is greater than or equal to 5 less than 30', code=300002)
def patch(self, *args, **kwargs): phone = self.get_argument('phone') password = self.get_argument('pwd') if not verify.valid_pwd(password): return self.error(302, 'Invalid password') captcha = self.get_argument('captcha') if not verify.Captcha(phone).check(captcha): return self.error(303, 'Wrong captcha') r = self.db.query(orm.User)\ .filter(orm.User.phone == phone).first() if not r: return self.error(301, 'Nonexistent phone') r.pwd = md5(password + r.salt) return self.write(self.response)
def upload_view(): res = dict(code=-1, msg=None) label = request.args.get("label") _has_label = lambda label: g.redis.sismember( current_app.config["labelKey"], label ) and g.redis.exists("{}:label:{}".format(GLOBAL['ProcessName'], label) ) or label == current_app.config["labelDefault"] if not label: label = current_app.config["labelDefault"] if label and _has_label(label): f = request.files.get('file') if f and allowed_file(f.filename): filename = secure_filename(gen_rnd_filename() + "." + f.filename.split('.')[-1]) #随机命名 basedir = Upyun['basedir'] if Upyun['basedir'].startswith( '/') else "/" + Upyun['basedir'] imgUrl = os.path.join(basedir, filename) try: upres = api.put(imgUrl, f.stream.read()) except Exception, e: logger.error(e, exc_info=True) res.update(code=2, msg="Storage failure") else: imgId = md5(filename) imgUrl = Upyun['dn'].strip("/") + imgUrl upres.update(ctime=get_current_timestamp(), imgUrl=imgUrl, imgId=imgId, label=label) try: pipe = g.redis.pipeline() pipe.sadd(current_app.config["picKey"], imgId) pipe.hmset("{}:{}".format(GLOBAL['ProcessName'], imgId), upres) pipe.hincrby( "{}:label:{}".format(GLOBAL['ProcessName'], label), "imgNum") pipe.execute() except Exception, e: logger.error(e, exc_info=True) res.update( code=0, msg= "It has been uploaded, but the server has encountered an unknown error" ) else: logger.info( "Upload to Upyun file saved, its url is %s, result is %s, imgId is %s" % (imgUrl, upres, imgId)) res.update(code=0, imgUrl=imgUrl)
def novel_post_book(self, name, summary, cover, link=''): """创建一本小说""" res = dict(code=1, msg=None) if name and summary and cover: sql = "INSERT INTO novel_books (book_id,name,summary,cover,ctime,link) VALUES (%s,%s,%s,%s,%s,%s)" try: book_id = md5(name) self.mysql_write.insert(sql, book_id, name, summary, cover, get_current_timestamp(), link) except Exception as e: res.update(msg=str(e)) else: res.update(code=0, book_id=book_id) self.novel_refresh_books() else: res.update(msg="Param error") return res
def login(): if g.signin: return redirect(url_for("index_view")) else: query = { "sso": True, "sso_r": SpliceURL.Modify(request.url_root, "/sso/").geturl, "sso_p": SSO["SSO.PROJECT"], "sso_t": md5("%s:%s" % (SSO["SSO.PROJECT"], SpliceURL.Modify(request.url_root, "/sso/").geturl)) } SSOLoginURL = SpliceURL.Modify(url=SSO["SSO.URL"], path="/login/", query=query).geturl logger.info("User request login to SSO: %s" % SSOLoginURL) return redirect(SSOLoginURL)
def createUserApp(self, name, description, app_redirect_url): """新建userapp应用 @param name str: 应用名 @param description str: 应用描述 @param app_redirect_url str: 回调url """ res = dict(msg=None, code=1) if name and description and app_redirect_url and Universal_pat.match(name) and url_pat.match(app_redirect_url): app_id = md5(name) app_secret = gen_token(36) ctime = get_current_timestamp() sql = "INSERT INTO sso_apps (name, description, app_id, app_secret, app_redirect_url, ctime) VALUES (%s, %s, %s, %s, %s, %s)" try: self.mysql.insert(sql, name, description, app_id, app_secret, app_redirect_url, ctime) except IntegrityError: res.update(msg="Name already exists", code=2) except Exception, e: logger.error(e, exc_info=True) res.update(msg="System is abnormal", code=3) else: res.update(code=0, refreshCache=self.refreshUserApp())
def test_utils(self): self.assertEqual("900150983cd24fb0d6963f7d28e17f72", md5("abc")) self.assertEqual("a9993e364706816aba3e25717850c26c9cd0d89d", sha1("abc")) self.assertEqual("picbed:a:b", rsp("a", "b")) self.assertEqual(parse_valid_comma("a,b, c,"), ["a", "b", "c"]) self.assertEqual(parse_valid_verticaline("a|b| c"), ["a", "b", "c"]) self.assertTrue(is_true(1)) self.assertTrue(is_true("on")) self.assertTrue(is_true("true")) self.assertFalse(is_true(0)) self.assertIsInstance(get_current_timestamp(), int) self.assertTrue(allowed_file("test.PNG")) self.assertTrue(allowed_file(".jpeg")) self.assertFalse(allowed_file("my.psd")) self.assertFalse(allowed_file("ha.gif", ["jpg"])) self.assertFalse(allowed_file("ha.jpeg", ["jpg"])) self.assertFalse(allowed_file("ha.png", ["jpg"])) self.assertTrue(allowed_file("ha.jpg", ["jpg"])) v = "6afa9046a9579cad143a384c1b564b9a250d27d6f6a63f9f20bf3a7594c9e2c6" self.assertEqual(v, hmac_sha256("key", "text")) self.assertEqual(v, hmac_sha256(b"key", b"text")) self.assertEqual(v, hmac_sha256(u"key", u"text")) self.assertEqual( "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad", sha256("abc"), ) #: test format_upload_src baseimg = "img-url" basefmt = {"src": baseimg} self.assertEqual(format_upload_src(123, baseimg), basefmt) self.assertEqual(format_upload_src(None, baseimg), basefmt) self.assertEqual(format_upload_src([0], baseimg), basefmt) self.assertEqual(format_upload_src("", baseimg), basefmt) self.assertEqual(format_upload_src(".", baseimg), basefmt) self.assertEqual(format_upload_src(".1", baseimg), basefmt) self.assertEqual(format_upload_src("1.", baseimg), basefmt) self.assertEqual(format_upload_src(1.1, baseimg), basefmt) self.assertEqual(format_upload_src("1.1", baseimg), {"1": { "1": baseimg }}) self.assertEqual(format_upload_src("u", baseimg), basefmt) self.assertEqual(format_upload_src("im", baseimg), {"im": baseimg}) self.assertEqual(format_upload_src("url", baseimg), {"url": baseimg}) self.assertEqual(format_upload_src("i.am.src", baseimg), basefmt) self.assertEqual(format_upload_src("src.url", baseimg), {"src": { "url": baseimg }}) #: test format_apires self.assertEqual(format_apires({"code": 0}, "success", "bool"), {"success": True}) self.assertEqual(format_apires({"code": 0}, oc="200"), {"code": 200}) self.assertEqual(format_apires({"code": -1}, "status", "bool"), {"status": False}) self.assertEqual( format_apires(dict(code=-1, msg="xxx"), "errno", "200"), { "errno": -1, "msg": "xxx" }, ) self.assertEqual( format_apires(dict(code=-1, msg="xxx"), "errno", "200", "errmsg"), { "errno": -1, "errmsg": "xxx" }, ) self.assertEqual( format_apires(dict(code=0, msg="xxx"), "", "200", "errmsg"), { "code": 200, "errmsg": "xxx" }, ) self.assertEqual(len(generate_random()), 6) self.assertIn("Mozilla/5.0", gen_ua()) # bleach self.assertEqual(bleach_html("<i>abc</i>"), "<i>abc</i>") self.assertEqual( bleach_html("<script>var abc</script>"), "<script>var abc</script>", ) # re self.assertEqual(parse_author_mail("staugur"), ("staugur", None)) self.assertEqual(parse_author_mail("staugur <mail>"), ("staugur", "mail"))
def post(self): """login and registry, with url args: 1. action=log/reg, default is log; post data: 1. username, 2. password, 3. email """ NULL = None res = {"url": request.url, "msg": None, "success": False} username = request.form.get("username") password = request.form.get("password") email = request.form.get("email", NULL) action = request.args.get("action") #log or reg (登录or注册) #chck username and password value if not username or not password: res.update(msg="Invaild username or password", code=10001) logger.api.debug(res) return res #check username and password length if 5 <= len(username) < 30 and 5 <= len(password) < 30: MD5password = md5(password) else: res.update({ 'msg': 'username or password length requirement is greater than or equal to 5 less than 30', 'code': 10002 }) logger.api.warn(res) return res #check username pattern if not user_pat.match(username): res.update({'msg': 'username is not valid', 'code': 10003}) logger.api.warn(res) return res if email and mail_pat.match(email) == None: res.update({'msg': "email format error", 'code': 10004}) logger.api.warn(res) return res #Start Action with (log, reg) if action == 'SignIn': logger.api.debug(RegisteredUser()) logger.api.debug( "MD5password: %s, DBpassword: %s, username: %s" % (MD5password, RegisteredUserInfo(username).get("lauth_password"), username)) if username in RegisteredUser(): if MD5password == RegisteredUserInfo(username).get( "lauth_password"): res.update({ 'msg': 'Password authentication success at sign in', 'code': 0, "success": True }) else: res.update({ 'msg': 'Password authentication failed at sign in', 'code': 10005, "success": False }) else: res.update({'msg': 'username not exists', 'code': 10006}) logger.api.debug(res) return res elif action == 'SignUp': try: AuthSQL = "INSERT INTO LAuth (lauth_username, lauth_password) VALUES(%s, %s)" logger.api.info(AuthSQL) mysql.insert(AuthSQL, username, MD5password) UserSQL = "INSERT INTO User (username, email, time, avatar) VALUES(%s, %s, %s, %s)" mysql.insert(UserSQL, username, email, get_today(), "/static/img/avatar/default.jpg") except IntegrityError, e: logger.api.error(e, exc_info=True) res.update({ 'msg': 'username already exists, cannot be registered!', 'code': 10007 }) logger.api.warn(res) return res except Exception, e: logger.api.error(e, exc_info=True) res.update(msg="server error", code=-1) logger.api.error(res) return res
def test_utils(self): self.assertEqual("900150983cd24fb0d6963f7d28e17f72", md5("abc")) self.assertEqual( "a9993e364706816aba3e25717850c26c9cd0d89d", sha1("abc") ) self.assertEqual("picbed:a:b", rsp("a", "b")) self.assertEqual(parse_valid_comma("a,b, c,"), ["a", "b", "c"]) self.assertEqual(parse_valid_verticaline("a|b| c"), ["a", "b", "c"]) self.assertTrue(is_true(1)) self.assertTrue(is_true("on")) self.assertTrue(is_true("true")) self.assertFalse(is_true(0)) self.assertIsInstance(get_current_timestamp(), int) self.assertTrue(allowed_file("test.PNG")) self.assertTrue(allowed_file(".jpeg")) self.assertFalse(allowed_file("my.psd")) self.assertFalse(allowed_file("ha.gif", ["jpg"])) self.assertFalse(allowed_file("ha.jpeg", ["jpg"])) self.assertFalse(allowed_file("ha.png", ["jpg"])) self.assertTrue(allowed_file("ha.jpg", ["jpg"])) v = "6afa9046a9579cad143a384c1b564b9a250d27d6f6a63f9f20bf3a7594c9e2c6" self.assertEqual(v, hmac_sha256('key', 'text')) self.assertEqual(v, hmac_sha256(b'key', b'text')) self.assertEqual(v, hmac_sha256(u'key', u'text')) self.assertEqual( "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad", sha256("abc") ) #: test format_upload_src baseimg = 'img-url' basefmt = {'src': baseimg} self.assertEqual(format_upload_src(123, baseimg), basefmt) self.assertEqual(format_upload_src(None, baseimg), basefmt) self.assertEqual(format_upload_src([0], baseimg), basefmt) self.assertEqual(format_upload_src('', baseimg), basefmt) self.assertEqual(format_upload_src('.', baseimg), basefmt) self.assertEqual(format_upload_src('.1', baseimg), basefmt) self.assertEqual(format_upload_src('1.', baseimg), basefmt) self.assertEqual(format_upload_src(1.1, baseimg), basefmt) self.assertEqual( format_upload_src('1.1', baseimg), {'1': {'1': baseimg}} ) self.assertEqual(format_upload_src('u', baseimg), basefmt) self.assertEqual(format_upload_src('im', baseimg), {'im': baseimg}) self.assertEqual(format_upload_src('url', baseimg), {'url': baseimg}) self.assertEqual(format_upload_src('i.am.src', baseimg), basefmt) self.assertEqual( format_upload_src('src.url', baseimg), {'src': {'url': baseimg}} ) #: test format_apires self.assertEqual( format_apires({'code': 0}, "success", "bool"), {'success': True} ) self.assertEqual( format_apires({'code': 0}, oc="200"), {'code': 200} ) self.assertEqual( format_apires({'code': -1}, "status", "bool"), {'status': False} ) self.assertEqual( format_apires(dict(code=-1, msg='xxx'), 'errno', '200'), {'errno': -1, 'msg': 'xxx'} ) self.assertEqual( format_apires(dict(code=-1, msg='xxx'), 'errno', '200', 'errmsg'), {'errno': -1, 'errmsg': 'xxx'} ) self.assertEqual( format_apires(dict(code=0, msg='xxx'), '', '200', 'errmsg'), {'code': 200, 'errmsg': 'xxx'} ) self.assertEqual(len(generate_random()), 6) self.assertIn("Mozilla/5.0", gen_ua())
def get(self): code = request.args.get("code") SSORequest = True if request.args.get("sso") in ("true", "True", True, "1", "on") else False SSOProject = request.args.get("sso_p") SSORedirect = request.args.get("sso_r") SSOToken = request.args.get("sso_t") SSOTokenMD5 = md5("%s:%s" % (SSOProject, SSORedirect)) logger.debug(request.args) logger.debug(SSOTokenMD5 == SSOToken) if g.signin: return redirect(url_for("uc")) elif code: SSOLoginURL = "%s?%s" % ( PLUGINS['thirdLogin']['GITHUB']['REDIRECT_URI'], urlencode({ "sso": SSORequest, "sso_r": SSORedirect, "sso_p": SSOProject, "sso_t": SSOToken })) logger.debug(SSOLoginURL) data = GitHub_Login_Page_State( code, PLUGINS['thirdLogin']['GITHUB']['APP_ID'], PLUGINS['thirdLogin']['GITHUB']['APP_KEY'], SSOLoginURL) if data: username = data.get("username") expires_in = 3600 * 24 * 30 userid = data.get("uid") expire_time = How_Much_Time( seconds=expires_in) if expires_in else None sessionId = md5( '%s-%s-%s-%s' % (username, userid, expire_time, "COOKIE_KEY")).upper() if SSOProject in GLOBAL.get( "ACL" ) and SSORequest and SSORedirect and SSOTokenMD5 == SSOToken: logger.info( "RequestURL:%s, SSORequest:%s, SSOProject:%s, SSORedirect:%s" % (request.url, SSORequest, SSOProject, SSORedirect)) ticket = '.'.join([username, expire_time, sessionId]) returnURL = SSORedirect + "?ticket=" + ticket logger.info( "SSO(%s) request project is in acl, will create a ticket, redirect to %s" % (SSOProject, returnURL)) resp = make_response(redirect(returnURL)) else: logger.info("Not SSO Auth, to local auth") resp = make_response(redirect(url_for("uc"))) resp.set_cookie(key='logged_in', value="yes", max_age=expires_in) resp.set_cookie(key='username', value=username, max_age=expires_in) resp.set_cookie(key='time', value=expire_time, max_age=expires_in) resp.set_cookie(key='Azone', value="GitHub", max_age=expires_in) resp.set_cookie( key='sessionId', value=md5( '%s-%s-%s-%s' % (username, userid, expire_time, "COOKIE_KEY")).upper(), max_age=expires_in) return resp else: return redirect(url_for("login"))
def login(): SSORequest = True if request.args.get("sso") in ("true", "True", True, "1", "on") else False SSOProject = request.args.get("sso_p") SSORedirect = request.args.get("sso_r") SSOToken = request.args.get("sso_t") SSOTokenMD5 = md5("%s:%s" % (SSOProject, SSORedirect)) logger.debug(request.args) logger.debug("remember: %s" % request.form) logger.debug(SSOTokenMD5 == SSOToken) if g.signin: if SSOProject in GLOBAL.get( "ACL" ) and SSORequest and SSORedirect and SSOTokenMD5 == SSOToken: returnURL = SSORedirect + "?ticket=" + g.credential logger.info( "SSO(%s) request project is in acl, already landing, redirect to %s" % (SSOProject, returnURL)) return redirect(returnURL) else: return redirect(url_for("uc")) else: if request.method == "GET": return render_template( "signin.html", enable_qq=PLUGINS['thirdLogin']['QQ']['ENABLE'], enable_weibo=PLUGINS['thirdLogin']['WEIBO']['ENABLE'], enable_github=PLUGINS['thirdLogin']['GITHUB']['ENABLE'], enable_instagram=PLUGINS['thirdLogin']['INSTAGRAM']['ENABLE'], enable_oschina=PLUGINS['thirdLogin']['OSCHINA']['ENABLE']) else: username = request.form.get("username") password = request.form.get("password") remember = 30 if request.form.get("remember") in ("True", "true", True) else None if username and password and UserAuth_Login(username, password): max_age_sec = 3600 * 24 * remember if remember else None expires = How_Much_Time(max_age_sec) if max_age_sec else 'None' #expire_time = datetime.datetime.today() + datetime.timedelta(days=remember) if remember else None sessionId = md5( '%s-%s-%s-%s' % (username, md5(password), expires, "COOKIE_KEY")).upper() logger.debug( "check user login successful, max_age_sec: %s, expires: %s" % (max_age_sec, expires)) if SSOProject in GLOBAL.get( "ACL" ) and SSORequest and SSORedirect and SSOTokenMD5 == SSOToken: logger.info( "RequestURL:%s, SSORequest:%s, SSOProject:%s, SSORedirect:%s" % (request.url, SSORequest, SSOProject, SSORedirect)) ticket = '.'.join([username, expires, sessionId]) returnURL = SSORedirect + "?ticket=" + ticket logger.info( "SSO(%s) request project is in acl, will create a ticket, redirect to %s" % (SSOProject, returnURL)) resp = make_response(redirect(returnURL)) else: logger.info("Not SSO Auth, to local auth") resp = make_response(redirect(url_for("uc"))) resp.set_cookie(key='logged_in', value="yes", max_age=max_age_sec) resp.set_cookie(key='username', value=username, max_age=max_age_sec) resp.set_cookie(key='sessionId', value=sessionId, max_age=max_age_sec) resp.set_cookie(key='time', value=expires, max_age=max_age_sec) resp.set_cookie(key='Azone', value="local", max_age=max_age_sec) #LogonCredentials: make_signed_cookie(username, md5(password), seconds=max_age_sec) #LogonCredentials: make_signed_cookie(username, openid/uid, seconds=max_age_sec) return resp else: if SSORequest: return redirect( url_for("login", sso=SSORequest, sso_p=SSOProject, sso_r=SSORedirect, sso_t=SSOToken)) else: return redirect(url_for("login"))
def __init__(self, phone=None, pwd=None): self.phone = phone self.salt = random_str(32) self.pwd = md5(pwd + self.salt)