def OAuthDirectLogin(): """OAuth2直接登录(首选)""" if request.method == 'POST': openid = request.form.get("openid") if openid: auth = Authentication(g.mysql, g.redis) # 直接注册新账号并设置登录态 ip = request.headers.get('X-Real-Ip', request.remote_addr) res = auth.oauth2_signUp(openid, ip) res = dfr(res) if res["success"]: # 记录登录日志 auth.brush_loginlog( res, login_ip=ip, user_agent=request.headers.get("User-Agent")) # 登录成功,设置cookie sessionId = set_cookie(uid=res["uid"]) response = make_response(redirect(url_for(".index"))) # 设置cookie根据浏览器周期过期,当无https时去除`secure=True` secure = False if request.url_root.split( "://")[0] == "http" else True response.set_cookie(key="sessionId", value=sessionId, max_age=None, httponly=True, secure=secure) return response else: flash(res["msg"]) return redirect(url_for('.index')) else: return redirect(url_for(".index"))
def signUp(): if request.method == 'POST': sceneid = request.args.get("sceneid") or "02" token = request.form.get("token") challenge = request.form.get("challenge") if token and challenge and vaptcha.validate(challenge, token, sceneid): account = request.form.get("account") vcode = request.form.get("vcode") password = request.form.get("password") repassword = request.form.get("repassword") register_ip = request.headers.get('X-Real-Ip', request.remote_addr) auth = Authentication(g.mysql, g.redis) try: res = auth.signUp(account=account, vcode=vcode, password=password, repassword=repassword, register_ip=register_ip) except Exception, e: logger.error(e, exc_info=True) flash(u"系统异常,请稍后再试") else: res = dfr(res) if res["success"]: # 写登陆日志 return redirect(url_for('.signIn')) else: flash(res["msg"]) else: flash(u"人机验证失败") return redirect(url_for('.signUp'))
def signUp(): if request.method == 'POST': if vaptcha.validate: account = request.form.get("account") vcode = request.form.get("vcode") password = request.form.get("password") repassword = request.form.get("repassword") auth = Authentication(g.mysql, g.redis) try: res = auth.signUp(account=account, vcode=vcode, password=password, repassword=repassword, register_ip=g.ip) except Exception, e: logger.error(e, exc_info=True) flash(u"系统异常,请稍后再试") else: res = dfr(res) if res["success"]: # 写登陆日志 return redirect(url_for('.signIn')) else: flash(res["msg"]) else: flash(u"人机验证失败") return redirect(url_for('.signUp'))
def userprofile(): res = dict(msg=None, code=1) if request.method == "GET": getBind = True if request.args.get("getBind") in ("true", "True", True) else False res = g.api.userprofile.getUserProfile(g.uid, getBind) elif request.method == "PUT": """修改个人资料,包含:基本资料、密码、头像、社交账号绑定""" Action = request.args.get("Action") if Action == "profile": data = { k: v for k, v in request.form.iteritems() if k in ("nick_name", "domain_name", "birthday", "location", "gender", "signature") } res = g.api.userprofile.updateUserProfile(uid=g.uid, **data) if res["code"] == 0: # 同步基本资料 g.api.usersso.clientsConSync( g.api.userapp.getUserApp, g.uid, dict(CallbackType="user_profile", CallbackData=data)) elif Action == "password": nowpass = request.form.get("nowpass") newpass = request.form.get("newpass") repass = request.form.get("repass") res = g.api.userprofile.updateUserPassword(uid=g.uid, nowpass=nowpass, newpass=newpass, repass=repass) logger.info(res) return jsonify(dfr(res))
def OAuthDirectLogin(): """OAuth2直接登录(首选)""" if request.method == 'POST': sso = request.args.get("sso") or None logger.debug("OAuthDirectLogin, sso type: {}, content: {}".format( type(sso), sso)) openid = request.form.get("openid") if openid: auth = Authentication(g.mysql, g.redis) # 直接注册新账号并设置登录态 res = auth.oauth2_signUp(openid, g.ip) res = dfr(res) if res["success"]: # 记录登录日志 auth.brush_loginlog( res, login_ip=g.ip, user_agent=request.headers.get("User-Agent")) sso_isOk, sso_returnUrl, sso_appName = checkGet_ssoRequest(sso) sessionId, returnUrl = checkSet_ssoTicketSid( sso_isOk, sso_returnUrl, sso_appName, res["uid"], url_for("front.userset", _anchor="bind")) logger.debug( "OAuthDirectLogin post returnUrl: {}".format(returnUrl)) return set_loginstate(sessionId, returnUrl) else: flash(res["msg"]) return redirect( url_for("front.OAuthGuide", openid=openid, sso=sso)) else: return redirect(g.redirect_uri)
def activate(token): res = dfr(check_activate_token(token)) if res["code"] == 0: data = res["data"] Action = data["Action"] if Action == "verifyEmail": username = data["username"] checkmail = data["email"] uk = rsp("account", username) usermail = g.rc.hget(uk, "email") success = False url = url_for("front.my") if g.signin else url_for("front.login") if checkmail == usermail: g.rc.hset(uk, "email_verified", 1) success = True return render_template("public/go.html", url=url, success=success) elif Action == "resetPassword": username = data["username"] return render_template("public/forgot.html", is_reset=True, token=token, user=username) else: name = res["msg"] if PY2 and not isinstance(name, text_type): name = name.decode("utf-8") return render_template("public/error.html", code=res["code"], name=name)
def usermsg(): res = dict(msg=None, code=1) Action = request.args.get("Action") if request.method == "POST": if Action == "addMessage": res = g.api.usermsg.push_message( g.uid, request.form.get("msgContent"), request.form.get("msgType", "system")) elif Action == "markMessage": res = g.api.usermsg.markstatus_message(g.uid, request.form.get("msgId")) elif request.method == "GET": if Action == "getCount": res = g.api.usermsg.count_message( g.uid, request.args.get("msgStatus") or 1) elif Action == "getList": res = g.api.usermsg.pull_message( g.uid, request.args.get("msgStatus") or 1, request.args.get("msgType"), True if request.args.get("desc", True) in (True, "True", "true") else False) elif request.method == "DELETE": if Action == "delMessage": res = g.api.usermsg.delete_message(g.uid, request.form.get("msgId")) elif Action == "clearMessage": res = g.api.usermsg.clear_message(g.uid) logger.info(res) return jsonify(dfr(res))
def usersecurity(): res = dict(msg=None, code=1) Action = request.args.get("Action") if request.method == "GET": if Action == "getSessions": sd = analysis_sessionId(request.cookies.get("sessionId")) if sd: res.update(code=0) data = dict() # 获取当前会话 if request.args.get("getCurrentSession", True) in (True, "True", "true"): browserType, browserDevice, browserOs, browserFamily = parse_userAgent(request.headers.get("User-Agent")) area = getIpArea(g.ip) if len(area.split()) >= 3: area = area.split()[2] CurrentSession = dict(iat=sd['iat'], exp=sd['exp'], browser=dict(family=" ".join(browserFamily.split()[:-1]), os=browserOs), ip=g.ip, area=area) if g.sid: CurrentSession["session"] = g.api.usersso.ssoGetWithSid(g.sid, True) data["CurrentSession"]=CurrentSession # 获取其他会话 if request.args.get("getOtherSession") in (True, "True", "true"): OtherSession = [ g.api.usersso.ssoGetWithSid(sid, True) for sid in g.api.usersso.ssoGetRegisteredUserSid(g.uid) if g.sid != sid and g.api.usersso.ssoExistWithSid(sid) ] data["OtherSession"] = OtherSession res["data"] = data elif Action == "getLoginHistory": # 获取登录历史 sort = request.args.get("sort") or "desc" page = request.args.get("page") or 1 limit = request.args.get("limit") or 10 res = g.api.userprofile.listUserLoginHistory(uid=g.uid, page=page, limit=limit, sort=sort) logger.info(res) return jsonify(dfr(res))
def misc_feedback(): res = dict(msg=None, success=False) if request.method == "POST": point = request.form.get("point") content = request.form.get("content") email = request.form.get("email") check = True if point and content: if email: if not email_check(email): check = False res.update(msg="Bad mailbox format") else: check = False res.update(msg="There are invalid parameters") if check: # 初始化邮箱发送服务 sendmail = SendMail() result = sendmail.SendMessage( to_addr=SYSTEM["EMAIL"], subject=u"SaintIC Passport 用户反馈: %s" % point, formatType="html", message=u"用户预留邮箱:%s<br/>用户反馈内容:<br/>%s" % (email, content)) res.update(result) return jsonify(dfr(res))
def userprofile(): res = dict(msg=None, code=1) if request.method == "GET": getBind = True if request.args.get("getBind") in ("true", "True", True) else False res = g.api.userprofile.getUserProfile(g.uid, getBind) elif request.method == "POST": Action = request.args.get("Action") if Action == "bindLauth": account = request.form.get("account") vcode = request.form.get("vcode") password = request.form.get("password") auth = Authentication() res = auth.bindLauth(uid=g.uid, account=account, vcode=vcode, password=password) if res["success"] == True and res["show_realname_tip"] == True: res['set_realname'] = g.api.userprofile.updateUserRealname(g.uid) elif request.method == "PUT": """修改个人资料,包含:基本资料、密码、头像、社交账号绑定""" Action = request.args.get("Action") if Action == "profile": data = {k: v for k, v in request.form.iteritems() if k in ("nick_name", "domain_name", "birthday", "location", "gender", "signature")} res = g.api.userprofile.updateUserProfile(uid=g.uid, **data) if res["code"] == 0: # 同步基本资料 g.api.usersso.clientsConSync(g.api.userapp.getUserApp, g.uid, dict(CallbackType="user_profile", CallbackData=data)) elif Action == "password": nowpass = request.form.get("nowpass") newpass = request.form.get("newpass") repass = request.form.get("repass") res = g.api.userprofile.updateUserPassword(uid=g.uid, nowpass=nowpass, newpass=newpass, repass=repass) logger.info(res) return jsonify(dfr(res))
def signUp(): if request.method == 'POST': res = dict(msg=None, code=1, nextUrl=url_for('.signUp')) if vaptcha.validate: account = request.form.get("account") vcode = request.form.get("vcode") password = request.form.get("password") repassword = request.form.get("repassword") auth = Authentication(g.mysql, g.redis) result = auth.signUp(account=account, vcode=vcode, password=password, repassword=repassword, register_ip=g.ip) #注册欢迎消息 FastPushMessage( result, "欢迎您的加入!%s使用中有任何问题,都可以反馈哦。" % ("" if email_check(account) else "您使用手机注册,已经完成实名认证!", )) if result["success"]: res.update(code=0, nextUrl=url_for('.signIn')) else: res.update(msg=result["msg"]) else: res.update(msg="Man-machine verification failed") print res return jsonify(dfr(res)) return render_template("auth/signUp.html", vaptcha=vaptcha.getChallenge)
def userlogin(): if request.method == 'POST': res = dict(code=1) auth = Authentication(g.mysql, g.redis) result = auth.signIn( account=request.form.get("account"), password=request.form.get("password") ) if result["success"]: uid = result["uid"] # 记录登录日志 auth.brush_loginlog(result, login_ip=g.ip, user_agent=g.agent) fields = request.form.get("fields") or "is_admin,avatar,nick_name" fields = [i for i in comma_pat.split(fields) if i] fields = set(fields) fields.update(["avatar", "nick_name"]) fields = list(fields) infores = g.api.userprofile.getUserProfile(uid) data = {} if infores["code"] == 0: data = infores["data"] data.update(token=set_sessionId(uid, 7200)) res.update(code=0, data={k: data[k] for k in fields if k in data}) else: res.update(msg=result["msg"]) return jsonify(dfr(res))
def callback(result): logger.info(result) if result["sender"] == "up2local": result["src"] = url_for("static", filename=join(UPLOAD_FOLDER, upload_path, filename), _external=True) data.append(dfr(result))
def handle_page_error(e): resp = dfr(e.to_dict()) return ( render_template("public/error.html", code=resp["code"], name=resp["msg"]), e.status_code, )
def authorized(): """ 授权回调路由 此路由地址:/oauth2/gitee/authorized """ # 加密的sso参数值 sso = request.args.get("sso") or None # 换取access_token resp = gitee.authorized_response() print resp if resp and isinstance(resp, dict) and "access_token" in resp: # 根据access_token获取用户基本信息 user = gitee.get_userinfo(resp["access_token"]) if not "id" in user: flash(user.get("status", "Gitee error")) return redirect(g.redirect_uri) # 处理第三方登录逻辑 auth = Authentication(g.mysql, g.redis) # 第三方账号登录入口`oauth2_go` goinfo = auth.oauth2_go(name=name, signin=g.signin, tokeninfo=resp, userinfo=dict(openid=user["id"], nick_name=user["name"], gender=2, avatar=user["avatar_url"], domain_name=user["login"], signature=user["bio"]), uid=g.uid) goinfo = dfr(goinfo) if goinfo["pageAction"] == "goto_signIn": """ 未登录流程->已经绑定过账号,需要设置登录态 """ uid = goinfo["goto_signIn_data"]["guid"] # 记录登录日志 auth.brush_loginlog(dict(identity_type=oauth2_name2type(name), uid=uid, success=True), login_ip=g.ip, user_agent=request.headers.get("User-Agent")) # 设置登录态 return gitee.goto_signIn(uid=uid, sso=sso) elif goinfo["pageAction"] == "goto_signUp": """ 未登录流程->执行注册绑定功能 """ return gitee.goto_signUp( openid=goinfo["goto_signUp_data"]["openid"], sso=sso) else: # 已登录流程->正在绑定第三方账号:反馈绑定结果 if goinfo["success"]: # 绑定成功,返回原页面 flash(u"已绑定") else: # 绑定失败,返回原页面 flash(goinfo["msg"]) # 跳回绑定设置页面 return redirect(url_for("front.userset", _anchor="bind")) else: flash(u'Access denied: reason=%s error=%s' % (resp.get('error'), resp.get('error_description'))) return redirect(g.redirect_uri)
def fgp(): # 忘记密码页-重置密码 res = dict(msg=None, success=False) if request.method == "POST": vcode = request.form.get("vcode") account = request.form.get("account") password = request.form.get("password") if vaptcha.validate: auth = Authentication() res = auth.forgot(account=account, vcode=vcode, password=password) else: res.update(msg="Man-machine verification failed") return jsonify(dfr(res))
def authorized(): """ 授权回调路由 此路由地址:/oauth2/qq/authorized """ # 加密的sso参数值 sso = request.args.get("sso") or None # 换取access_token resp = qq.authorized_response() if "callback" in resp: resp = json.loads(resp[10:-3]) else: resp = qq.url_code(resp) if resp and isinstance(resp, dict) and "access_token" in resp: # 获取用户唯一标识 openid = json.loads(qq.get_openid(resp["access_token"])[10:-3]).get("openid") # 根据access_token获取用户基本信息 user = qq.get_userinfo(resp["access_token"], openid=openid, oauth_consumer_key=PLUGINS[name]["APP_ID"]) if int(user.get("ret", 0)) < 0: flash(user.get("msg")) return redirect(g.redirect_uri) # 处理第三方登录逻辑 auth = Authentication(g.mysql, g.redis) # 第三方账号登录入口`oauth2_go` goinfo = auth.oauth2_go(name=name, signin=g.signin, tokeninfo=resp, userinfo=dict(openid=openid, nick_name=user["nickname"], gender=oauth2_genderconverter(user["gender"]), avatar=user["figureurl_qq_2"] or user["figureurl_qq_1"], location="%s %s" %(user.get("province"), user.get("city"))), uid=g.uid) goinfo = dfr(goinfo) if goinfo["pageAction"] == "goto_signIn": """ 未登录流程->已经绑定过账号,需要设置登录态 """ uid = goinfo["goto_signIn_data"]["guid"] # 记录登录日志 auth.brush_loginlog(dict(identity_type=oauth2_name2type(name), uid=uid, success=True), login_ip=g.ip, user_agent=request.headers.get("User-Agent")) # 设置登录态 return qq.goto_signIn(uid=uid, sso=sso) elif goinfo["pageAction"] == "goto_signUp": """ 未登录流程->openid没有对应账号,执行注册或绑定功能 """ return qq.goto_signUp(openid=goinfo["goto_signUp_data"]["openid"], sso=sso) else: # 已登录流程->正在绑定第三方账号:反馈绑定结果 if goinfo["success"]: # 绑定成功,返回原页面 flash(u"已绑定") else: # 绑定失败,返回原页面 flash(goinfo["msg"]) # 跳回绑定设置页面 return redirect(url_for("front.userset", _anchor="bind")) else: flash(u'Access denied: reason=%s error=%s' % ( resp.get('error'), resp.get('error_description') )) return redirect(g.redirect_uri)
def fgp(): # 忘记密码页-重置密码 res = dict(msg=None, code=1) if request.method == "POST": vcode = request.form.get("vcode") account = request.form.get("account") password = request.form.get("password") auth = Authentication(g.mysql, g.redis) result = auth.forgot(account=account, vcode=vcode, password=password) if result["success"]: res.update(code=0, nextUrl=url_for("front.signIn")) else: res.update(msg=result["msg"]) return jsonify(dfr(res))
def unbind(): # 解绑账号 identity_name = request.args.get("identity_name") if identity_name: auth = Authentication(g.mysql, g.redis) res = auth.unbind(g.uid, oauth2_name2type(identity_name)) res = dfr(res) if res["code"] == 0: flash(u"解绑成功") else: flash(res["msg"]) else: flash(u"无效参数") return redirect(url_for("front.userset", _anchor="bind"))
def userapp(): """管理接口""" res = dict(msg=None, code=1) if request.method == "GET": # 定义参数 sort = request.args.get("sort") or "desc" page = request.args.get("page") or 1 limit = request.args.get("limit") or 10 # 参数检查 try: page = int(page) limit = int(limit) page -= 1 if page < 0: raise except: res.update(code=2, msg="There are invalid parameters") else: # 从封装类中获取数据 res.update(g.api.userapp.listUserApp()) data = res.get("data") if data and isinstance(data, (list, tuple)): data = [i for i in sorted(data, reverse=False if sort == "asc" else True)] count = len(data) data = ListEqualSplit(data, limit) pageCount = len(data) if page < pageCount: res.update(code=0, data=data[page], pageCount=pageCount, page=page, limit=limit, count=count) else: res.update(code=3, msg="There are invalid parameters") else: res.update(code=4, msg="No data") elif request.method == "POST": name = request.form.get("name") description = request.form.get("description") app_redirect_url = request.form.get("app_redirect_url") res.update(g.api.userapp.createUserApp(name=name, description=description, app_redirect_url=app_redirect_url)) elif request.method == "PUT": name = request.form.get("name") description = request.form.get("description") app_redirect_url = request.form.get("app_redirect_url") res.update(g.api.userapp.updateUserApp(name=name, description=description, app_redirect_url=app_redirect_url)) elif request.method == "DELETE": name = request.form.get("name") res.update(g.api.userapp.deleteUserApp(name=name)) FastPushMessage(res, "您于<i>{}</i>删除了一个SSO客户端应用:<strong>{}</strong>".format(timestamp_to_timestring(get_current_timestamp()), name)) logger.info(res) return jsonify(dfr(res))
def authorized(): """ 授权回调路由 此路由地址:/oauth2/coding/authorized """ # 加密的sso参数值 sso = request.args.get("sso") or None # 换取access_token resp = coding.authorized_response() if resp and isinstance(resp, dict) and "access_token" in resp: # 根据access_token获取用户基本信息 user = coding.get_userinfo(resp["access_token"]) if user["code"] != 0: flash(user["msg"].keys()) return redirect(g.redirect_uri) user = user["data"] # 处理第三方登录逻辑 auth = Authentication(g.mysql, g.redis) # 第三方账号登录入口`oauth2_go` avatar = "https://coding.net" + user["avatar"] if user["avatar"].startswith("/") else user["avatar"] goinfo = auth.oauth2_go(name=name, signin=g.signin, tokeninfo=resp, userinfo=dict(openid=user["id"], nick_name=user["name"], gender=oauth2_genderconverter(user["sex"]), avatar=avatar, domain_name=user["global_key"], signature=user["slogan"], location=user.get("location")), uid=g.uid) goinfo = dfr(goinfo) if goinfo["pageAction"] == "goto_signIn": """ 未登录流程->已经绑定过账号,需要设置登录态 """ uid = goinfo["goto_signIn_data"]["guid"] # 记录登录日志 auth.brush_loginlog(dict(identity_type=oauth2_name2type(name), uid=uid, success=True), login_ip=g.ip, user_agent=request.headers.get("User-Agent")) # 设置登录态 return coding.goto_signIn(uid=uid, sso=sso) elif goinfo["pageAction"] == "goto_signUp": """ 未登录流程->执行注册绑定功能 """ return coding.goto_signUp(openid=goinfo["goto_signUp_data"]["openid"], sso=sso) else: # 已登录流程->正在绑定第三方账号:反馈绑定结果 if goinfo["success"]: # 绑定成功,返回原页面 flash(u"已绑定") else: # 绑定失败,返回原页面 flash(goinfo["msg"]) # 跳回绑定设置页面 return redirect(url_for("front.userset", _anchor="bind")) else: flash(u'Access denied: reason=%s error=%s' % ( request.args.get('error'), request.args.get('error_description') )) return redirect(g.redirect_uri)
def fgp(): # 忘记密码页-重置密码 res = dict(msg=None, code=1) if request.method == "POST": vcode = request.form.get("vcode") account = request.form.get("account") password = request.form.get("password") if vaptcha.validate: auth = Authentication() result = auth.forgot(account=account, vcode=vcode, password=password) if result["success"]: res.update(code=0, nextUrl=url_for("front.signIn")) else: res.update(msg=result["msg"]) else: res.update(msg="Man-machine verification failed") return jsonify(dfr(res))
def OAuthBindAccount(): """OAuth2绑定已有账号登录""" if request.method == 'POST': openid = request.form.get("openid") sceneid = request.args.get("sceneid") or "03" token = request.form.get("token") challenge = request.form.get("challenge") if token and challenge and vaptcha.validate(challenge, token, sceneid): account = request.form.get("account") password = request.form.get("password") auth = Authentication(g.mysql, g.redis) res = auth.oauth2_bindLogin(openid=openid, account=account, password=password) res = dfr(res) if res["success"]: # 记录登录日志 auth.brush_loginlog( res, login_ip=request.headers.get('X-Real-Ip', request.remote_addr), user_agent=request.headers.get("User-Agent")) # 登录成功,设置cookie sessionId = set_cookie(uid=res["uid"]) response = make_response(redirect(url_for(".index"))) # 设置cookie根据浏览器周期过期,当无https时去除`secure=True` secure = False if request.url_root.split( "://")[0] == "http" else True response.set_cookie(key="sessionId", value=sessionId, max_age=None, httponly=True, secure=secure) return response else: flash(res["msg"]) else: flash(u"人机验证失败") return redirect(url_for('.OAuthBindAccount', openid=openid)) else: openid = request.args.get("openid") if openid: return render_template("auth/OAuthBindAccount.html") else: redirect(url_for(".index"))
def authorized(): """ 授权回调路由 此路由地址:/oauth2/baidu/authorized """ # 换取access_token resp = baidu.authorized_response() print "authorized_response:",resp if resp and isinstance(resp, dict) and "access_token" in resp: # 根据access_token获取用户基本信息 user = baidu.get_userinfo(resp["access_token"]) if user.get("error"): flash("{} error_description: {}".format(user.get("error"), user.get("error_description"))) return redirect(url_for("front.index")) # 处理第三方登录逻辑 auth = Authentication(g.mysql, g.redis) avatar = "http://tb.himg.baidu.com/sys/portrait/item/" + user["portrait"] # 第三方账号登录入口`oauth2_go` goinfo = auth.oauth2_go(name=name, signin=g.signin, tokeninfo=resp, userinfo=dict(openid=user["userid"], nick_name=user["username"], gender=user["sex"], avatar=avatar, signature=user["userdetail"], location=user.get("location")), uid=g.uid) goinfo = dfr(goinfo) if goinfo["pageAction"] == "goto_signIn": """ 未登录流程->执行登录 """ # 记录登录日志 auth.brush_loginlog(dict(identity_type=oauth2_name2type(name), uid=goinfo["goto_signIn_data"]["guid"], success=True), login_ip=request.headers.get('X-Real-Ip', request.remote_addr), user_agent=request.headers.get("User-Agent")) # 设置登录态 return baidu.goto_signIn(uid=goinfo["goto_signIn_data"]["guid"]) elif goinfo["pageAction"] == "goto_signUp": """ 未登录流程->执行注册绑定功能 """ return baidu.goto_signUp(openid=goinfo["goto_signUp_data"]["openid"]) else: # 已登录流程->反馈绑定结果 if goinfo["success"]: # 绑定成功,返回原页面 flash(u"已绑定") else: # 绑定失败,返回原页面 flash(goinfo["msg"]) # 跳回原页面 return redirect(url_for("front.index")) else: flash(u'Access denied: reason=%s error=%s' % ( request.args.get('error'), request.args.get('error_description') )) return redirect(url_for("front.index"))
def authorized(): """ 授权回调路由 此路由地址:/oauth2/github/authorized """ # 换取access_token resp = github.authorized_response() resp = github.url_code(resp) print "authorized_response:",resp if resp and isinstance(resp, dict) and "access_token" in resp: # 根据access_token获取用户基本信息 user = github.get_userinfo(resp["access_token"]) # 处理第三方登录逻辑 auth = Authentication(g.mysql, g.redis) # 第三方账号登录入口`oauth2_go` goinfo = auth.oauth2_go(name=name, signin=g.signin, tokeninfo=resp, userinfo=dict(openid=user["id"], nick_name=user["name"], gender=2, avatar=user["avatar_url"], domain_name=user["login"], signature=user["bio"], location=user.get("location")), uid=g.uid) goinfo = dfr(goinfo) if goinfo["pageAction"] == "goto_signIn": """ 未登录流程->执行登录 """ # 记录登录日志 auth.brush_loginlog(dict(identity_type=oauth2_name2type(name), uid=goinfo["goto_signIn_data"]["guid"], success=True), login_ip=request.headers.get('X-Real-Ip', request.remote_addr), user_agent=request.headers.get("User-Agent")) # 设置登录态 return github.goto_signIn(uid=goinfo["goto_signIn_data"]["guid"]) elif goinfo["pageAction"] == "goto_signUp": """ 未登录流程->执行注册绑定功能 """ return github.goto_signUp(openid=goinfo["goto_signUp_data"]["openid"]) else: # 已登录流程->反馈绑定结果 if goinfo["success"]: # 绑定成功,返回原页面 flash(u"已绑定") else: # 绑定失败,返回原页面 flash(goinfo["msg"]) # 跳回原页面 return redirect(url_for("front.index")) else: flash(u'Access denied: reason=%s error=%s' % ( request.args.get('error'), request.args.get('error_description') )) return redirect(url_for("front.index"))
def OAuthBindAccount(): """OAuth2绑定已有账号登录""" if request.method == 'POST': sso = request.args.get("sso") or None logger.debug("OAuthBindAccount, sso type: {}, content: {}".format( type(sso), sso)) openid = request.form.get("openid") if vaptcha.validate: account = request.form.get("account") password = request.form.get("password") auth = Authentication(g.mysql, g.redis) res = auth.oauth2_bindLogin(openid=openid, account=account, password=password) res = dfr(res) if res["success"]: # 记录登录日志 auth.brush_loginlog( res, login_ip=g.ip, user_agent=request.headers.get("User-Agent")) sso_isOk, sso_returnUrl, sso_appName = checkGet_ssoRequest(sso) sessionId, returnUrl = checkSet_ssoTicketSid( sso_isOk, sso_returnUrl, sso_appName, res["uid"], url_for("front.userset", _anchor="bind")) logger.debug( "OAuthBindAccount post returnUrl: {}".format(returnUrl)) return set_loginstate(sessionId, returnUrl) else: flash(res["msg"]) else: flash(u"人机验证失败") return redirect(url_for('.OAuthBindAccount', openid=openid, sso=sso)) else: openid = request.args.get("openid") if openid: return render_template("auth/OAuthBindAccount.html", vaptcha=vaptcha.getChallenge) else: return redirect(g.redirect_uri)
def signIn(): if request.method == 'POST': sceneid = request.args.get("sceneid") or "01" token = request.form.get("token") challenge = request.form.get("challenge") if token and challenge and vaptcha.validate(challenge, token, sceneid): account = request.form.get("account") password = request.form.get("password") login_ip = request.headers.get('X-Real-Ip', request.remote_addr) auth = Authentication(g.mysql, g.redis) res = auth.signIn(account=account, password=password) res = dfr(res) if res["success"]: # 记录登录日志 auth.brush_loginlog( res, login_ip=login_ip, user_agent=request.headers.get("User-Agent")) # 登录成功,设置cookie sessionId = set_cookie(uid=res["uid"]) response = make_response(redirect(g.redirect_uri)) # 设置cookie根据浏览器周期过期,当无https时去除`secure=True` secure = False if request.url_root.split( "://")[0] == "http" else True response.set_cookie(key="sessionId", value=sessionId, max_age=None, httponly=True, secure=secure) return response else: flash(res["msg"]) else: flash(u"人机验证失败") return redirect(url_for('.signIn')) return render_template("auth/signIn.html")
except Exception, e: logger.error(e, exc_info=True) res.update(msg="System is abnormal") else: res.update( msg="Sent verification code, valid for 300 seconds", success=True) else: res.update( msg="Mail delivery failed, please try again later") elif phone_check(account): res.update(msg="Not support phone number") else: res.update(msg="Invalid account") logger.debug(res) return jsonify(dfr(res)) @ApiBlueprint.route("/miscellaneous/_getDownTime") def misc_getDownTime(): """Vaptcha宕机模式接口""" return jsonify(vaptcha.getDownTime) @ApiBlueprint.route("/miscellaneous/feedback/", methods=["POST"]) def misc_feedback(): res = dict(msg=None, success=False) if request.method == "POST": point = request.form.get("point") content = request.form.get("content") email = request.form.get("email")
def translate(res): if res.is_json: data = res.get_json() if isinstance(data, dict): res.set_data(json.dumps(dfr(data))) return res
try: printcolor("请根据提示输入信息以创建管理员用户", "red") email = raw_input("请输入管理员邮箱账号:") password = getpass.getpass("请输入管理员账号密码:") repasswd = getpass.getpass("请确认管理员账号密码:") except KeyboardInterrupt: sys.stdout.write('\n') exit(1) else: if not email_check(email): printcolor("请输入正确的邮箱", "yellow") else: if password != repasswd: printcolor("两次密码不一致", "yellow") else: res = dfr(__createSuperuser(email, password), "zh-CN") if res["success"] is True: printcolor( "管理员注册成功,账号是<%s>,密码是<%s>,请妥善保管!" % (email, password), "green") else: printcolor(res["msg"], "yellow") if __name__ == "__main__": import argparse parser = argparse.ArgumentParser() parser.add_argument("--refresh_loginlog", help=u"刷入登录日志", default=False, action='store_true')