def post(self):
'''
登录
'''
args_login = parse_login.parse_args()
password = args_login.get('password')
username = args_login.get('username').lower()
captcha = args_login.get('captcha')
text = cache.get('image_code_%s'%args_login.get('image_code'))
if not text:
abort(RET.Forbidden,msg='验证码错误')
if captcha.lower() != text.lower():
abort(RET.Forbidden,msg='验证码错误')
cache.delete('image_code_%s'%args_login.get('image_code'))
admin = Admin.query.filter_by(username = username,is_del='0').first()
if not admin:
abort(RET.BadRequest,msg='用户名或密码错误')
if not admin.check_pwd(password):
abort(RET.Unauthorized,msg='用户名或密码错误')
token = Auth.encode_auth_token(admin.id)
cache.set(admin.id,token,timeout=60*60*8)
# 记录登陆日志
admin_log = AdminLog()
admin_log.username = admin.username
admin_log.ip = request.remote_addr
admin_log.add()
data = {
'status':RET.OK,
'msg':'登录成功',
'token':token
}
return data
def _login(user):
login_user(user, remember=True)
if (user.auth == AuthEnum.Admin) or (user.auth == AuthEnum.SuperAdmin):
admin_log = AdminLog()
admin_log.add()
user_log = UserLog()
user_log.add()
next_ = request.args.get('next')
# not next_.startswith('/') 防止重定向攻击
if (next_ is None) or (not next_.startswith('/')):
if (user.auth == AuthEnum.Admin) or (user.auth == AuthEnum.SuperAdmin):
next_ = url_for('admin.index')
else:
next_ = url_for('home.index')
return next_