def validate(self, data): # 1 需要对加密的openid进行处理 access_token = data['access_token'] openid = check_access_token(access_token) if openid is None: raise serializers.ValidationError('openid错误') # 我们通过data来传递数据 data['openid'] = openid # 2 需要对短信进行验证 mobile = data['mobile'] sms_code = data['sms_code'] # 2.1 检验短信验证码 redis_check_code(mobile, sms_code) # 3 需要对手机号进行判断 try: user = User.objects.get(mobile=mobile) except User.DoesNotExist: # 说明没有注册过 # 创建用户 # User.objects.create(): pass else: # 说明注册过 # 注册过需要验证密码 if not user.check_password(data['password']): raise serializers.ValidationError('密码不正确') data['user'] = user return data
def post(self, request): mobile = request.POST.get('mobile') password = request.POST.get('password') sms_code_client = request.POST.get('sms_code') access_token_openid = request.POST.get('access_token_openid') if not all([mobile, password, sms_code_client]): return http.HttpResponseForbidden('缺少必传参数') if not re.match(r'^1[3-9]\d{9}$', mobile): return http.HttpResponseForbidden('手机号码格式错误') if not re.match(r'^[0-9a-zA-Z]{8,20}$', password): return http.HttpResponseForbidden('密码最少8位,最长20位') redis_conn = get_redis_connection('verify_code') sms_code_server = redis_conn.get('sms_code_%s' % mobile) if sms_code_server is None: # oauth_callback.html绑定用户的界面 return render(request, 'oauth_callback.html', {'sms_code_errmsg': '短信验证码过期'}) if sms_code_server.decode() != sms_code_client: return render(request, 'oauth_callback.html', {'sms_code_errmsg': '短信验证码错误'}) # 判断openid是否有效,错误提示放在sms——code-errmag openid = check_access_token(access_token_openid) if not openid: return render(request, 'oauth_callback.html', {'openid_errmsg': '无效的openid'}) try: # 使用手机号查询用户是否存在 user = User.objects.get(mobile=mobile) except User.DoesNotExist: # 用户不存在,新建用户 user = User.objects.create_user(username=mobile, password=password, mobile=mobile) else: # 如果用户存在,检查用户密码 if not user.check_password(password): return render(request, 'oauth_callback.html', {'account_errmsg': '用户名或密码错误'}) # 将用户绑定openid try: # oauth_qq_user =OAuthQQUser(user=user, openid=openid) # oauth_qq_user.save() oauth_qq_user = OAuthQQUser.objects.create(user=user, openid=openid) except DatabaseError: return render(request, 'oauth_callback.html', {'qq_login_errmsg': 'qq登录失败'}) # 实现状态保持 login(request, oauth_qq_user.user) # 响应绑定结果 next_url = request.GET.get('state') response = redirect(next_url) # 登录时用户名写入到cookie,有效期15天 response.set_cookie(username=oauth_qq_user.user.username, max_age=3600 * 24 * 15) response = merge_cart_cookie_to_redis(request=request, user=user, response=response) return response
def validate(self, attrs): access_token = attrs['access_token'] openid = check_access_token(access_token) if openid is None: raise serializers.ValidationError('openid过期') # 将openid添加到attrs中 attrs['openid'] = openid # 2.短信验证码 sms_code = attrs.get('sms_code') # 连接redis redis_conn = get_redis_connection('code') # 获取数据 mobile = attrs.get('mobile') redis_code = redis_conn.get('sms_' + mobile) # 判断数据是否存在 if redis_code is None: raise serializers.ValidationError('短信验证码已过期') if redis_code.decode() != sms_code: raise serializers.ValidationError('短信验证码输入错误') # 3.判断用户 try: user = User.objects.get(mobile=mobile) except User.DoesNotExist: pass else: password = attrs['password'] if not user.check_password(password): raise serializers.ValidationError('密码不正确') attrs['user'] = user return attrs
def post(self, request): """美多商城用户绑定到openid""" # 接收参数 mobile = request.POST.get('mobile') pwd = request.POST.get('password') sms_code_client = request.POST.get('sms_code') openid = request.POST.get('openid') # 校验参数 # 判断参数是否齐全 if not all([mobile, pwd, sms_code_client]): return http.HttpResponseForbidden('缺少必传参数') # 判断手机号是否合法 if not re.match(r'^1[3-9]\d{9}$', mobile): return http.HttpResponseForbidden('请输入正确的手机号码') # 判断密码是否合格 if not re.match(r'^[0-9A-Za-z]{8,20}$', pwd): return http.HttpResponseForbidden('请输入8-20位的密码') # 判断短信验证码是否一致 redis_conn = get_redis_connection('verify_code') sms_code_server = redis_conn.get('sms_%s' % mobile) if sms_code_server is None: return render(request, 'oauth_callback.html', {'sms_code_errmsg': '无效的短信验证码'}) if sms_code_client != sms_code_server.decode(): return render(request, 'oauth_callback.html', {'sms_code_errmsg': '输入短信验证码有误'}) # 判断openid是否有效:错误提示放在sms_code_errmsg位置 openid = check_access_token(openid) if not openid: return render(request, 'oauth_callback.html', {'openid_errmsg': '无效的openid'}) # 保存注册数据 try: user = User.objects.get(mobile=mobile) except User.DoesNotExist: # 用户不存在,新建用户 user = User.objects.create_user(username=mobile, password=pwd, mobile=mobile) else: # 如果用户存在,检查用户密码 if not user.check_password(pwd): return render(request, 'oauth_callback.html', {'account_errmsg': '用户名或密码错误'}) # 将用户绑定openid try: OAuthQQUser.objects.create(openid=openid, user=user) except DatabaseError: return render(request, 'oauth_callback.html', {'qq_login_errmsg': 'QQ登录失败'}) # 实现状态保持 login(request, user) # 响应绑定结果 next = request.GET.get('state') response = redirect(next) # 登录时用户名写入到cookie,有效期15天 response.set_cookie('username', user.username, max_age=3600 * 24 * 15) response = merge_cart_cookie_to_redis(request, user, response) return response
def post(self, request): mobile = request.POST.get('mobile') password = request.POST.get('password') sms_code_client = request.POST.get('sms_code') access_token = request.POST.get('access_token') if not all([mobile, password, sms_code_client, access_token]): return http.HttpResponseForbidden('缺少必传参数') # 判断手机号是否合法 if not re.match(r'^1[3-9]\d{9}$', mobile): return http.HttpResponseForbidden('请输入正确的手机号码') # 判断密码是否合格 if not re.match(r'^[0-9A-Za-z]{8,20}$', password): return http.HttpResponseForbidden('请输入8-20位的密码') # 3.判断短信验证码是否一致 # 创建 redis 链接对象: redis_conn = get_redis_connection('verify_code') # 从 redis 中获取 sms_code 值: sms_code_server = redis_conn.get('sms_code_%s' % mobile) # 判断获取出来的有没有: if sms_code_server is None: # 如果没有, 直接返回: return render(request, 'oauth_callback.html', {'sms_code_errmsg': '无效的短信验证码'}) # 如果有, 则进行判断: if sms_code_client != sms_code_server.decode(): # 如果不匹配, 则直接返回: return render(request, 'oauth_callback.html', {'sms_code_errmsg': '输入短信验证码有误'}) # 调用我们自定义的函数, 检验传入的 access_token 是否正确: # 错误提示放在 sms_code_errmsg 位置 openid = check_access_token(access_token) if openid is None: return render(request, 'oauth_callback.html', {'openid_errmsg': '无效的openid'}) try: user = User.objects.get(mobile=mobile) except User.DoesNotExist: user = User.objects.create_user(username=mobile, password=password, mobile=mobile) if not user.check_password(password): return render(request, 'oauth_callback.html', {'account_errmsg': '用户名或密码错误'}) try: OauthQQUser.objects.create(openid=openid, user=user) except Exception as e: return render(request, 'oauth_callback.html', {'qq_lorin_errmsg': '帮顶失败'}) login(request, user) next = request.GET.get('state') response = redirect(next) response.set_cookie('username', user.username, max_age=3600 * 24 * 14) return response
def post(self ,request ): """line登入用戶註冊""" #提取參數 username = request.POST.get('username') mobile = request.POST.get('mobile') allow = request.POST.get('allow') access_token = request.POST.get('access_token') user_messages_dict = check_access_token(access_token) #校驗參數 if not all([username ,mobile ,allow ,access_token ]): return HttpResponseForbidden('缺少必傳參數') if not re.match('^[a-zA-Z0-9_-]{5,20}$' ,username ): return HttpResponseForbidden('請輸入5~20個字符的用戶名稱') count = User.objects.filter(username=username).count() if count == 1: return HttpResponseForbidden('該用戶名稱已存在') if not re.match('^09\d{8}$' ,mobile ): return HttpResponseForbidden('您輸入的手機號碼格式不正確') if allow != 'on': return HttpResponseForbidden('請勾選同意RockeT使用合約') if not user_messages_dict: return HttpResponseForbidden('userid已失效') #實現主體業務邏輯:創建line登入用戶 name = user_messages_dict.get('name') photo_url = user_messages_dict.get('picture') userid = user_messages_dict.get('sub') state = user_messages_dict.get('state') try: #用戶不存在,創建新用戶 user = User.objects.create_user(username=username ,mobile=mobile ) #寫入用戶line登入資訊 OAuthLineUser.objects.create(user=user ,name=name ,photo_url=photo_url ,userid=userid ) except Exception as e: logger.error(e) return render(request ,'login.html' ,{'errmsg':'創建用戶失敗'}) #實現狀態保持 login(request ,user ) #重定向到指定頁面:state #構造響應數據 if state == '/': response = redirect(reverse('users:info')) else: response = redirect(state) #將用戶登入資訊寫入到cookies response.set_cookie('username' ,username ,constants.LOGIN_COOKIE_EXPIRES ) response.set_cookie('photo_url' ,photo_url ,constants.LOGIN_COOKIE_EXPIRES ) #用戶登錄成功後,同樣商品將cookies購物車數據覆蓋寫入redis response = merge_carts_cookies_redis(request, user, response) #返回響應 return response
def validate(self, attrs): #1. access_token access_token = attrs['access_token'] openid = check_access_token(access_token) if openid is None: raise serializers.ValidationError('openid过期') #将openid添加到 attrs中 attrs['openid'] = openid #2.短信验证码 # 2.短信验证码 # 2.1 用户提交的短信 sms_code = attrs.get('sms_code') # 2.2 获取redis的短信 # ① 连接redis redis_conn = get_redis_connection('code') # ② 获取数据 mobile = attrs.get('mobile') redis_code = redis_conn.get('sms_%s' % mobile) # ③ 判断数据是否存在(有有效期) if redis_code is None: raise serializers.ValidationError('短信验证码已过期') # 2.3 比对 if redis_code.decode() != sms_code: raise serializers.ValidationError('短信验证码输入错误') #3.判断用户 # mobile try: user = User.objects.get(mobile=mobile) except User.DoesNotExist: #说明 该手机号没有注册过 #就应该创建一个用户 # validate 方法主要是为了 进行 数据的验证,创建用户的代码 # 我们写在后边 pass else: #说明 注册过 # 注册过就要验证密码是否正确 password = attrs['password'] if not user.check_password(password): raise serializers.ValidationError('密码不正确') attrs['user'] = user return attrs
def validate(self, attrs): #1. 需要对加密的openid进行处理 access_token = attrs.get('access_token') print(access_token) openid = check_access_token(access_token) if openid is None: raise serializers.ValidationError('openid错误') # 我们通过attrs来传递数据 attrs['openid']=openid #2. 需要对短信进行验证 # 2.1 获取用户提交的 mobile = attrs.get('mobile') sms_code = attrs['sms_code'] # 2.2 获取 redis redis_conn = get_redis_connection('code') redis_code = redis_conn.get('sms_' + mobile) if redis_code is None: raise serializers.ValidationError('短信验证码已过期') # 最好删除短信 redis_conn.delete('sms_' + mobile) # 2.3 比对 if redis_code.decode() != sms_code: raise serializers.ValidationError('验证码不一致') #3. 需要对手机号进行判断 try: user = User.objects.get(mobile=mobile) except User.DoesNotExist: #说明没有注册过 #创建用户 # User.objects.create() pass else: #说明注册过, # 注册过需要验证密码 if not user.check_password(attrs['password']): raise serializers.ValidationError('密码不正确') attrs['user']=user return attrs
def post(self, request): """美多商城用户绑定到openid""" # 1.接收参数 mobile = request.POST.get('mobile') password = request.POST.get('password') sms_code_client = request.POST.get('sms_code') access_token = request.POST.get('access_token') # 2.校验参数 if not all([mobile, password, sms_code_client]): return http.HttpResponseForbidden('缺少必要参数') # 判断手机号是否合法 if not re.match(r'^1[3-9]\d{9}$', mobile): return http.HttpResponseForbidden('请输入正确的手机号码') # 判断密码是否合格 if not re.match(r'^[0-9A-Za-z]{8,20}$', password): return http.HttpResponseForbidden('请输入8-20位的密码') # 创建redis连接,判断短信验证码是否一致 redis_conn = get_redis_connection('verify_code') sms_code_server = redis_conn.get('sms_%s' % mobile) if sms_code_server is None: return render(request, 'oauth_callback.html', {'sms_code_errmsg': '无效的短信验证码'}) if sms_code_server.decode() != sms_code_client: return render(request, 'oauth_callback.html', {'sms_code_errmsg': '输入短信验证码有误'}) openid = check_access_token(access_token) if not openid: return render(request, 'oauth_callback.html', {'openid_errmsg': '无效的openid'}) # 4.保存注册信息 try: user = User.objects.get(mobile=mobile) except User.DoesNotExist: user = User.objects.create_user(username=mobile, password=password, mobile=mobile) else: if not user.check_password(password): return render(request, 'oauth_callback.html', {'account_errmsg': '用户名或密码错误'}) try: OAuthQQUser.objects.create(openid=openid, user=user) except DatabaseError: return render(request, 'oauth_callback.html', {'qq_login_errmsg': 'QQ登录失败'}) # 状态保持 login(request, user) # 返回 next = request.GET.get('next', '/') response = redirect(next) response.set_cookie('username', user.username, max_age=3600 * 24 * 15) return response
def post(self, request): """美多商城用户绑定到openid""" # 1.接收参数 dict = json.loads(request.body.decode()) mobile = dict.get('mobile') password = dict.get('password') sms_code_client = dict.get('sms_code') access_token = dict.get('access_token') # 2.校验参数 # 判断参数是否齐全 if not all([mobile, password, sms_code_client, access_token]): return http.JsonResponse({'code': 400, 'errmsg': '缺少必传参数'}) # 判断手机号是否合法 if not re.match(r'^1[3-9]\d{9}$', mobile): return http.JsonResponse({'code': 400, 'errmsg': '请输入正确的手机号码'}) # 判断密码是否合格 if not re.match(r'^[0-9A-Za-z]{8,20}$', password): return http.JsonResponse({'code': 400, 'errmsg': '请输入8-20位的密码'}) # 3.判断短信验证码是否一致 # 创建 redis 链接对象: redis_conn = get_redis_connection('verify_code') # 从 redis 中获取 sms_code 值: sms_code_server = redis_conn.get('sms_%s' % mobile) # 判断获取出来的有没有: # if sms_code_server is None: if not sms_code_server: # 如果没有, 直接返回: return http.JsonResponse({'code': 400, 'errmsg': '验证码失效'}) # 如果有, 则进行判断: if sms_code_client != sms_code_server.decode(): # 如果不匹配, 则直接返回: return http.JsonResponse({'code': 400, 'errmsg': '输入的验证码有误'}) # 调用我们自定义的函数, 检验传入的 access_token 是否正确: # 错误提示放在 sms_code_errmsg 位置 openid = check_access_token(access_token) # if not openid: if openid is None: return http.JsonResponse({ 'code': 400, 'errmsg': '缺少openid,即sccess_token 无效' }) # 4.保存注册数据。首先判断用户是否存在 try: user = User.objects.get(mobile=mobile) except Exception as e: # 用户不存在,新建用户 user = User.objects.create_user(username=mobile, password=password, mobile=mobile) try: OAuthQQUser.objects.create( user=user, # user_id = user.id openid=openid) except Exception as e: return http.JsonResponse({'code': 400, 'errmsg': '用户绑定失败'}) # else: # # 如果用户存在,检查用户密码 # if not user.check_password(password): # return http.JsonResponse({'code': 400, # 'errmsg': '输入的密码不正确'}) else: # 5.将用户绑定 openid--------------------------- # 如果用户存在,检查用户密码 # if not user.check_password(password): # return http.JsonResponse({'code': 400, # 'errmsg': '输入的密码不正确'}) try: OAuthQQUser.objects.create(openid=openid, user=user) except Exception as e: return http.JsonResponse({'code': 400, 'errmsg': '往数据库添加数据出错'}) # 6.实现状态保持 login(request, user) # 7.创建响应对象: response = http.JsonResponse({'code': 0, 'errmsg': 'ok'}) # 8.登录时用户名写入到 cookie,有效期14天 response.set_cookie('username', user.username, max_age=3600 * 24 * 14) # 合并购物车 response = merge_cart_cookie_to_redis(request=request, user=user, response=response) # 9.响应++ return response
def post(self, request): ''' 接收表单传入的参数, 解析, 并且保存 :param request: :return: ''' # 1.接收参数(4个) mobile = request.POST.get('mobile') password = request.POST.get('password') sms_code_client = request.POST.get('sms_code') access_token = request.POST.get('access_token') # 2.检验(整体 + 单个) if not all([mobile, password, sms_code_client]): return http.HttpResponseForbidden('缺少必传参数') if not re.match(r'^1[3-9]\d{9}$', mobile): return http.HttpResponseForbidden('手机号格式不正确') if not re.match(r'^[a-zA-Z0-9]{8,20}$', password): return http.HttpResponseForbidden('密码格式不正确') # 链接redis, 获取链接对象 redis_conn = get_redis_connection('verify_code') # 从redis取值 sms_code_server = redis_conn.get('send_sms_%s' % mobile) # 判断该值是否存在,如果不存在, 报错(过期) if sms_code_server is None: return render(request, 'oauth_callback.html', {'sms_code_errmsg': '过期了'}) # 对比, 如果对比不通过, 报错(输入错误) if sms_code_client != sms_code_server.decode(): return render(request, 'oauth_callback.html', {'sms_code_errmsg': '输入的短信验证码有误'}) # 3.access_token 解密: openid openid = check_access_token(access_token) if openid is None: return render(request, 'oauth_callback.html', {'openid_errmsg': '解密失败'}) # 4.往两个表中保存数据(User, OAuthQQUser) # 5.查看User表中对应的手机号存不存在用户 try: user = User.objects.get(mobile=mobile) except Exception as e: # 7.如果不存在, 创建新的用户 user = User.objects.create_user(username=mobile, password=password, mobile=mobile) else: # 6.如果存在, 检查密码 if not user.check_password(password): return render(request, 'oauth_callback.html', {'account_errmsg': '用户名或者密码有误'}) # 8.往OAuthQQUser存入数据 try: OAuthQQUser.objects.create(openid=openid, user=user) except Exception as e: return render(request, 'oauth_callback.html', {'qq_login_errmsg': '登录失败'}) # 9.实现状态保持 login(request, user) response = redirect(reverse('contents:index')) # 10.设置cookie response.set_cookie('username', user.username, max_age=3600 * 24 * 14) # 11. 返回首页 return response
def post(self, request): # 接受参数 mobile = request.POST.get('mobile') password = request.POST.get('password') sms_code_cli = request.POST.get('sms_code') access_token = request.POST.get('access_token') # 检验参数 if not all([mobile, password, sms_code_cli]): return http.HttpResponseForbidden("缺少必传参数") # 判断手机号是否合法 if not re.match(r'^1[3-9]\d{9}$', mobile): return http.HttpResponseForbidden('手机号格式不匹配') # 判断密码是否合格 if not re.match(r'^[0-9A-Za-z]{8,20}$', password): return http.HttpResponseForbidden('请输入8-20位的密码') # 判断短信验证码是否合格 # 链接redis redis_connection = get_redis_connection('verify_code') # 从redis中获取sms_code的值 sms_code_server = redis_connection.get('sms_code_%s' % mobile) # 取不取的出来值 # 取不出 if sms_code_server is None: return render(request, 'oauth_callback.html', {'sms_code_errmsg': '无效的短信验证码'}) # 取得出 # 判断短信验证码是否一致 if sms_code_server.decode() != sms_code_cli: return render(request, 'oauth_callback.html', {'sms_code_errmsg': '输入短信验证码有误'}) # 判断access_token 是否正确 openid = check_access_token(access_token) if openid is None: return render(request, 'oauth_callback.html', {'openid_errmsg': '无效的openid'}) # 保存注册数据 try: user = User.objects.get(mobile=mobile) except User.DoesNotExist: # 用户不存在,新建用户 user = User.objects.create_user(username=mobile, password=password, mobile=mobile) else: # 如果用户存在,检查用户密码 if not user.check_password(password): return render(request, 'oauth_callback.html', {'account_errmsg': '用户名或密码错误'}) # 将用户绑定 openid try: OAuthQQUser.objects.create(openid=openid, user=user) except DatabaseError: return render(request, 'oauth_callback.html', {'qq_login_errmsg': 'QQ登录失败'}) # 实现状态保持 login(request, user) # 响应绑定结果 next = request.GET.get('state') response = redirect(next) # 登录时用户名写入到 cookie,有效期15天 response.set_cookie('username', user.username, max_age=3600 * 24 * 15) # 响应 return response
def post(self, request): """实现绑定用户的逻辑""" mobile = request.POST.get('mobile') password = request.POST.get('password') sms_code_client = request.POST.get('sms_code') access_token_openid = request.POST.get('access_token_openid') if not all([mobile, password, sms_code_client]): return http.HttpResponseForbidden('缺少必传参数') if not re.match(r'^1[3-9]\d{9}$', mobile): return http.HttpResponseForbidden('请输入正确的手机号码') if not re.match(r'^[0-9a-zA-Z_-]{8,20}$', password): return http.HttpResponseForbidden('请输入8-20位的密码') # 判断短信验证码是否一致 redis_conn = get_redis_connection('verify_code') sms_code_server = redis_conn.get('sms_%s' % mobile) if sms_code_server is None: return render(request, 'oauth_callback.html', {'sms_code_errmsg': '无效的短信验证码'}) if sms_code_client != sms_code_server.decode(): return render(request, 'oauth_callback.html', {'sms_code_errmsg': '输入短信验证码有误'}) # 判断openid是否有效 openid = check_access_token(access_token_openid) if not openid: return render(request, 'oauth_callback.html', {'openid_errmsg': 'openid已失效'}) # 使用手机号查询对应的用户是否存在 try: user = User.objects.get(mobile=mobile) except User.DoesNotExist: # 如果手机号用户不存在,新建用户 user = User.objects.create_user(username=mobile, password=password, mobile=mobile) else: # 如果手机号用户存在,需要检验密码 if not user.check_password(password): return render(request, 'oauth_callback.html', {'qq_login_errmsg': '账号或密码错误'}) # 将新建用户(或已存在用户)绑定到openid try: # oauth_qq_user = OAuthQQUser(user=user,openid=openid) # oauth_qq_user.save() oauth_qq_user = OAuthQQUser.objects.create(user=user, openid=openid) except Exception as e: logger.error(e) return render(request, 'oauth_callback.html', {'qq_login_errmsg': '账号或密码错误'}) # 实现状态保持 login(request, oauth_qq_user.user) # 重定向到state next = request.GET.get('state') response = redirect(next) # cookies中写入用户名 response.set_cookie('username', oauth_qq_user.user.username, max_age=3600 * 24 * 15) # 用户登录成功,合并cookie购物车到Redis购物车 response = merge_cart_cookies_redis(request=request, user=user, response=response) return response
def post(self, request): '''保存表单时数据''' # 1.接收参数 dict = json.loads(request.body.decode()) mobile = dict.get('mobile') password = dict.get('password') sms_code_client = dict.get('sms_code') access_token = dict.get('access_token') # 2.检验参数(整体 + 单个) # 3.整体 if not all([mobile, password, sms_code_client, access_token]): return JsonResponse({'code': 400, 'errmsg': "缺少必传参数"}) # 4.mobile单个检验 if not re.match(r'^1[3-9]\d{9}$', mobile): return JsonResponse({'code': 400, 'errmsg': "mobile格式不正确"}) # 5.password单个检验 if not re.match(r'^[a-zA-Z0-9]{8,20}$', password): return JsonResponse({'code': 400, 'errmsg': "password格式不正确"}) # 6.链接redis, 获取链接对象 redis_conn = get_redis_connection('verify_code') # 7.从redis中获取短信验证码 sms_code_server = redis_conn.get('sms_%s' % mobile) # 8.判断该短信验证码是否存在 if not sms_code_server: return JsonResponse({'code': 400, 'errmsg': "短信验证码过期"}) # 9.对比前后端的短信验证码 if sms_code_client != sms_code_server.decode(): return JsonResponse({'code': 400, 'errmsg': "输入的短信验证吗有误"}) # 10.把access_token解密为openid openid = check_access_token(access_token) # 11.根据mobile,去User表中查询是否存在用户 try: user = User.objects.get(mobile=mobile) except Exception as e: # 13.如果不存在, 往User表中增加一个新用户 user = User.objects.create_user(username=mobile, password=password, mobile=mobile) else: # 12.如果存在, 检查密码 if not user.check_password(password): return JsonResponse({'code': 400, 'errmsg': "输入的密码不正确"}) # 14.往QQ表中存储数据(user , openid) try: OAuthQQUser.objects.create(user=user, openid=openid) except Exception as e: return JsonResponse({'code': 400, 'errmsg': "往数据库写入数据失败"}) # 15.状态保持 login(request, user) response = JsonResponse({'code': 0, 'errmsg': 'ok'}) # 16.往cookie中写入用户名(username) response.set_cookie('username', user.username, max_age=3600 * 24 * 14) # 补充内容:购物车的合并 response = merge_cart_cookie_to_redis(request, response) # 17.返回json return response
def post(self, request): #1.接受请求, 提取参数(mobile,password,sms_code,access_token) dict = json.loads(request.body.decode()) mobile = dict.get('mobile') password = dict.get('password') sms_code_client = dict.get('sms_code') access_token = dict.get('access_token') #2.检验参数, 整体检验 if not all([mobile, password, sms_code_client]): return http.JsonResponse({'code': 400, 'errmsg': '缺少必传参数'}) #3.单独检验(mobile,password if not re.match(r'^1[3-9]\d{9}$', mobile): return http.JsonResponse({'code': 400, 'errmsg': '请输入正确的手机号码'}) if not re.match(r'^[0-9A-Za-z]{8,20}$', password): return http.JsonResponse({'code': 400, 'errmsg': '请输入8-20位的密码'}) #4.单个检验:sms_code #4.2创建redis链接对象 redis_conn = get_redis_connection('verify_code') #4.3提取redis值 try: sms_code_server = redis_conn.get('sms_%s' % mobile) except Exception as e: return http.JsonResponse({'code': 400, 'errmsg': '数据库访问失败'}) if sms_code_server is None: return http.JsonResponse({'code': 400, 'errmsg': '验证码失效'}) if sms_code_client != sms_code_server.decode(): return http.JsonResponse({'code': 400, 'errmsg': '输入的验证码有误'}) #5.单个检验:access_token #5.2自定义一个检验函数-->在oauth/utils.py中 openid = check_access_token(access_token) #5.3判断解密后的openid是否存在 if openid is None: return http.JsonResponse({'code': 400, 'errmsg': '缺少openid'}) #6.从User表中获取一个该手机号对应的用户 try: user = User.objects.get(mobile=mobile) #7.如果该客户不存在,给User增加一个新记录 except User.DoesNotExist: user = User.objects.create_user(username=mobile, password=password, mobile=mobile) #8.如果存在,比较密码是否一致 else: if not user.check_password(password): return http.JsonResponse({'code': 400, 'errmsg': '输入的密码不正确'}) #9.把openid和user保存到QQ表 try: OAuthQQUser.objects.create(openid=openid, user=user) except DatabaseError: return http.JsonResponse({'code': 400, 'errmsg': '往数据库添加数据出错'}) #10.保持状态 login(request, user) response = http.JsonResponse({'code': 0, 'errmsg': 'ok'}) #11.设置cookie:username response.set_cookie('username', user.username, max_age=3600 * 24) # 增加合并购物车功能 response = merge_cart_cookie_to_redis(request, response) #12.返回json return response
def post(self, request): '''qq登录的第三个接口''' # 1.接收参数(json) dict = json.loads(request.body.decode()) mobile = dict.get('mobile') password = dict.get('password') sms_code_client = dict.get('sms_code') access_token = dict.get('access_token') # 2.总体检验,查看是否为空 if not all([mobile, password, sms_code_client, access_token]): return JsonResponse({'code': 400, 'errmsg': '缺少必传参数'}) # 3.mobile单个检验 if not re.match(r'^1[3-9]\d{9}$', mobile): return JsonResponse({'code': 400, 'errmsg': 'mobile格式有误'}) # 4.password单个检验 if not re.match(r'^[a-zA-Z0-9]{8,20}$', password): return JsonResponse({'code': 400, 'errmsg': 'password格式有误'}) # 5.链接redis, 获取redis的链接对象 redis_conn = get_redis_connection('verify_code') # 6.从redis中获取服务端的短信验证码 sms_code_server = redis_conn.get('sms_%s' % mobile) # 7.判断服务端的短信验证码是否过期 if not sms_code_server: return JsonResponse({'code': 400, 'errmsg': '短信验证码过期'}) # 8.对比前后端的短信验证码 if sms_code_client != sms_code_server.decode(): return JsonResponse({'code': 400, 'errmsg': '输入的短信验证码有误'}) # 9.自定义一个函数,把access_token解密:openid openid = check_access_token(access_token) # 10.判断openid是否存在,如果存在没问题 if openid is None: return JsonResponse({'code': 400, 'errmsg': 'openid为空'}) try: # 11.从User表中获取一个该手机号对应的用户 user = User.objects.get(mobile=mobile) except Exception as e: # 12.如果该用户不存在, 给User增加一个新的记录 user = User.objects.create_user(username=mobile, password=password, mobile=mobile) else: # 13.如果该用户存在, 比较密码是否一致 if not user.check_password(password): return JsonResponse({'code': 400, 'errmsg': '密码输入的不对'}) # 14.把openid和user保存到QQ表中 try: OAuthQQUser.objects.create(openid=openid, user=user) except Exception as e: return JsonResponse({'code': 400, 'errmsg': '保存到qq表中出错'}) # 15.状态保持 login(request, user) response = JsonResponse({'code': 0, 'errmsg': 'ok'}) # 16.设置cookie:username response.set_cookie('username', user.username, max_age=3600 * 24 * 14) #增加合并购物车功能: response = merge_cookie_to_redis(request, response) # 17.返回json return response
def post(self, request): ''' 绑定用户发来的信息 :param request: :return: ''' # 1.接收参数(4个) mobile = request.POST.get('mobile') password = request.POST.get('password') sms_code_client = request.POST.get('sms_code') access_token = request.POST.get('access_token') # 2.检验参数(总体检验+单个检验) if not all([mobile, password, sms_code_client]): return http.HttpResponseForbidden('缺少必传参数') if not re.match(r'^1[3-9]\d{9}$', mobile): return http.HttpResponseForbidden('手机号格式不匹配') if not re.match(r'^[a-zA-Z0-9]{8,20}$', password): return http.HttpResponseForbidden('密码格式不匹配') # redis: redis_conn = get_redis_connection('verify_code') sms_code_server = redis_conn.get('sms_code_%s' % mobile) if sms_code_server is None: return render(request, 'oauth_callback.html', {'sms_code_errmsg': '无效的短信验证码'}) if sms_code_server.decode() != sms_code_client: return render(request, 'oauth_callback.html', {'sms_code_errmsg': '输入的短信验证码有误'}) # 解密: openid = check_access_token(access_token) if openid is None: return render(request, 'oauth_callback.html', {'openid_errmsg': '无效的openid'}) # 3.获取User中的用户, try: user = User.objects.get(mobile=mobile) except User.DoesNotExist: # 4.如果没有, 往User保存 user = User.objects.create_user(username=mobile, password=password, mobile=mobile) else: # 5.如果有, 检查密码是否正确 if not user.check_password(password): return render(request, 'oauth_callback.html', {'account_errmsg': '用户名或者密码错误'}) # 6. 保存openid和user到OAuthQQUser try: OAuthQQUser.objects.create(openid=openid, user=user) except DatabaseError: return render(request, 'oauth_callback.html', {'qq_login_errmsg': 'qq登录失败'}) # 7. 状态保持 login(request, user) # 8. 获取state值 next = request.GET.get('state') response = redirect(next) # 9. 添加cookie response.set_cookie('username', user.username, max_age=3600 * 24 * 15) response = merge_cart_cookie_to_redis(request, response, user) # 10. 返回 return response
def post(self, request): """美多商城用户绑定到openid""" # 1.接收参数 mobile = request.POST.get('mobile') password = request.POST.get('password') sms_code_client = request.POST.get('sms_code') access_token = request.POST.get('access_token') # 2.校验参数 # 判断参数是否齐全 if not all([mobile, password, sms_code_client]): return http.HttpResponseForbidden('缺少必传参数') # 判断手机号是否合法 if not re.match(r'^1[3-9]\d{9}$', mobile): return http.HttpResponseForbidden('请输入正确的手机号码') # 判断密码是否合格 if not re.match(r'^[0-9A-Za-z]{8,20}$', password): return http.HttpResponseForbidden('请输入8-20位密码') # 3.判断短信验证码是否一致 # 创建 redis 链接对象: redis_conn = get_redis_connection('verify_code') # 从 redis 中获取 sms_code 值: sms_code_server = redis_conn.get('sms_code_%s' % mobile) print(sms_code_server) # 判断获取出来的有没有 if sms_code_server is None: # 如果没有,直接返回: return render(request, 'oauth_callback.html', {'sms_code_errmsg': '无效的短信验证码'}) # 如果有,则进行判断: if sms_code_client != sms_code_server.decode(): # 如果不匹配,则直接返回: return render(request, 'oauth_callback.html', {'sms_code_errmsg': '输入的短信验证码有误'}) # 调用我们自定义的函数, 检验传入的 access_token 是否正确: # 错误提示放在 sms_code_errmsg 位置 openid = check_access_token(access_token) if openid is None: return render(request, 'oauth_callback.html', {'openid_errmsg': '无效的openid'}) # 4.保存注册数据 try: user = User.objects.get(mobile=mobile) except User.DoesNotExist: # 用户不存在, 新建用户 user = User.objects.create_user(username=mobile, password=password, mobile=mobile) else: # 如果用户存在, 检查用户密码 if not user.check_password(password): return render(request, 'oauth_callback.html', {'account_errmsg': '用户名或密码错误'}) # 5.将用户绑定 openid try: OAuthQQUser.objects.create(openid=openid, user=user) except DatabaseError: return render(request, 'oauth_callback.html', {'qq_login_errmsg': 'QQ登录失败'}) # 6.实现状态保持 login(request, user) # 7.响应绑定结果 next = request.GET.get('next', '/') response = redirect(next) # 8.登录是用户名写入到 cookid, 有效期 15天 response.set_cookie('username', user.username, max_age=3600 * 24 * 15) # 合并购物车 response = merge_cart_cookie_to_redis(request, user, response) # 9.返回(从哪里来到那里去) return response
def post(self, request): """ 实现QQ登陆的第三个接口,用于接收前端发来的手机号,密码,短信验证码,access_token,校验这些参数后, 查看数据库中是否有用户数据 如有,直接将openid绑定用户数据 如没有,创建用户数据并绑定openid :param request: 请求对象 :return: 响应结果 """ # 1.接收参数 mobile = request.POST.get('mobile') password = request.POST.get('password') sms_code_client = request.POST.get('sms_code') access_token = request.POST.get('access_token') # 2.校验参数 # 判断参数是否齐全 if not all([mobile, password, sms_code_client]): return http.HttpResponseForbidden('缺少必传参数') # 判断手机号是否合法 if not re.match(r'^1[345789]\d{9}$', mobile): return http.HttpResponseForbidden('您输入的手机号格式不正确') # 判断密码是否是8-20个数字 if not re.match(r'^[0-9A-Za-z]{8,20}$', password): return http.HttpResponseForbidden('请输入8-20位的密码') # 判断短信验证码是否一致 # 创建redis连接对象 redis_conn = get_redis_connection('verify_code') # 从redis数据库中获取保存的短信验证码值 sms_code_server = redis_conn.get('sms_code_%s' % mobile) # 如果获取的为空 if sms_code_server is None: return render(request, 'oauth_callback.html', {'sms_code_errmsg': '短信验证码已失效'}) # 如果用户输的验证码和数据库中存的不一致 if sms_code_server.decode() != sms_code_client: return render(request, 'oauth_callback.html', {'sms_code_errmsg': '短信验证码输入错误'}) # 校验access_token # 把access_token解密成openid openid = check_access_token(access_token) # 如果openid不存在 if openid is None: return render(request, 'oauth_callback.html', {'openid_errmsg': 'access_token不正确'}) # 查看数据库中是否有用户数据 try: user = User.objects.get(mobile=mobile) # 没有,创建用户数据 except User.DoesNotExist: user = User.objects.create_user(username=mobile, password=password, mobile=mobile) # 有,检查密码 else: if not user.check_password(password): return render(request, 'oauth_callback.html', {'account_errmsg': '密码错误'}) # openid绑定用户数据 try: OAuthQQUser.objects.create(user=user, openid=openid) except DatabaseError: return render(request, 'oauth_callback.html', {'qq_login_errmsg': '绑定用户失败'}) else: # 实现状态保持 login(request, user) # 重定向到首页或用户要前往的页面 next = request.GET.get('state') if next: response = redirect(next) else: response = redirect(reverse('contents:index')) # 登录时用户名写入到 cookie,有效期15天 response.set_cookie('username', user.username, max_age=3600 * 24 * 15) # 合并购物车数据 response = merge_cart_cookie_to_redis(request, response) # 返回响应 return response
def post(self, request): """实现绑定用户的逻辑""" # 接收参数 mobile = request.POST.get('mobile') password = request.POST.get('password') sms_code_client = request.POST.get('sms_code') access_token_openid = request.POST.get('access_token_openid') # 校验参数 # 判断参数是否齐全 if not all([mobile, password, sms_code_client]): return http.HttpResponseForbidden('缺少必传参数') # 判断手机号是否合法 if not re.match(r'^1[3-9]\d{9}$', mobile): return http.HttpResponseForbidden('请输入正确的手机号码') # 判断密码是否合格 if not re.match(r'^[0-9A-Za-z]{8,20}$', password): return http.HttpResponseForbidden('请输入8-20位的密码') # 判断短信验证码是否一致 redis_conn = get_redis_connection('verify_code') sms_code_server = redis_conn.get('sms_%s' % mobile) if sms_code_server is None: return render(request, 'oauth_callback.html', {'sms_code_errmsg': '无效的短信验证码'}) if sms_code_client != sms_code_server.decode(): return render(request, 'oauth_callback.html', {'sms_code_errmsg': '输入短信验证码有误'}) # 判断openid是否有效:openid使用itsdangerous签名之后只有600秒的有效期 openid = check_access_token(access_token_openid) if not openid: return render(request, 'oauth_callback.html', {'openid_errmsg': 'openid已失效'}) # 使用手机号查询对应的用户是否存在 try: user = User.objects.get(mobile=mobile) except User.DoesNotExist: # 如果手机号用户不存在,新建用户 user = User.objects.create_user(username=mobile, password=password, mobile=mobile) else: # 如果手机号用户存在,需要校验密码 if not user.check_password(password): return render(request, 'oauth_callback.html', {'account_errmsg': '账号或密码错误'}) # 将新建用户、已存在用户绑定到openid # oauth_qq_user = OAuthQQUser(user=user, openid=openid) # oauth_qq_user.save() try: oauth_qq_user = OAuthQQUser.objects.create(user=user, openid=openid) except Exception as e: logger.error(e) return render(request, 'oauth_callback.html', {'qq_login_errmsg': '账号或密码错误'}) # openid已绑定美多商城用户:oauth_user.user表示从QQ登陆模型类对象中找到对应的用户模型类对象 login(request, oauth_qq_user.user) # 重定向到state:从哪来,QQ登录完之后回哪而去 next = request.GET.get('state') response = redirect(next) # 将用户名写入到cookies中 response.set_cookie('username', oauth_qq_user.user.username, max_age=3600 * 24 * 15) response = merge_carts_cookies_redis(request=request, user=user, response=response) # 响应QQ登录结果 return response
def post(self, request): """ 用户绑定qq :param request: :return: """ # 接受参数 表单传参 # json_dict = json.loads(request.body.decode()) # mobile = json_dict.get('mobile') # password = json_dict.get('password') # sms_code_client = json_dict.get('sms_code') # access_token = json_dict.get('access_token') mobile = request.POST.get('mobile') password = request.POST.get('password') sms_code_client = request.POST.get('sms_code') access_token = request.POST.get('access_token') # 校验参数 if not all([mobile, password, sms_code_client, access_token]): return http.HttpResponseForbidden('缺少参数') if not re.match(r'^1[3-9]\d{9}$', mobile): return http.HttpResponseForbidden('手机格式不正确') if not re.match(r'^[a-zA-Z0-9]{8,20}$', password): return http.HttpResponseForbidden('密码格式不正确') # 链接redis查询验证码 redis_conn = get_redis_connection('verify_code') try: sms_code_server = redis_conn.get('sms_%s' % mobile).decode() except Exception as e: logger.error(e) return http.HttpResponseForbidden('验证码已经失效') else: if sms_code_client != sms_code_server: return http.HttpResponseForbidden('短信验证码错误') # 校验access_token openid = check_access_token(access_token) # 如果openid没有值,则验证失败 if openid is None: return http.HttpResponseForbidden('openid回传错误') # 保存openid try: user = User.objects.create_user(username=mobile, password=password, mobile=mobile) except Exception as e: logger.error(e) return http.HttpResponseForbidden('OAuth2.0验证失败:保存openid对应的user失败') try: user_qq = OAuthQQUser.objects.create(openid=openid, user=user) except Exception as e: logger.error(e) return http.HttpResponseForbidden('OAuth2.0验证失败:保存openid失败') # 保持状态 修改cookie login(request, user_qq.user) # 获取next的参数,进行重定向 next = request.GET.get('state', '/') # 如果没有获取到,就给get设置默认值'/' response = redirect(next) response.set_cookie('username', user.username, 3600 * 24 * 15) # 登录成功 合并cookie中的购物车 response = merge_cart_cookie_to_redis(request, response, user_qq.user) # 返回首页 return response
def post(self, request): """美多商城用户绑定到openid""" # 1.接收参数 mobile = request.POST.get('mobile') password = request.POST.get('password') sms_code_client = request.POST.get('sms_code') access_token = request.POST.get('access_token') # 2.校验参数 # 判断参数是否齐全 if not all([mobile, password, sms_code_client]): return HttpResponseForbidden('缺少必传参数') # 判断手机是否合法 if not re.match(r'^1[3-9]\d{9}$', mobile): return HttpResponseForbidden('请输入正确的手机号码') # 判断密码是否合格 if not re.match(r'^[0-9A-Za-z]{8,20}$', password): return HttpResponseForbidden('请输入8-20位的密码') # 3.判断短信验证码是否一致 # 创建redis连接对象 redis_conn = get_redis_connection('verify_code') # 从redis中获取sms_code值 sms_code_server = redis_conn.get('sms_code_%s' % mobile) # 判断获取的sms_code是否存在 if sms_code_server is None: # 如果没有,直接返回 return render(request, 'oauth_callback.html', {'sms_code_errmsg': '无效的短信验证码'}) # 如果有,则进行判断 if sms_code_client != sms_code_server.decode(): # 如果不匹配,则直接返回 return render(request, 'oauth_callback.html', {'sms_code_errmsg': '输入短信验证码有误'}) # 调用我们自定义的函数,检验传入的access_token是否正确 # 错误提示放在sms_code_errmsg位置 openid = check_access_token(access_token) if not openid: return render(request, 'oauth_callback.html', {'openid_errmsg': '无效的openid'}) # 4.保存注册数据 try: user = User.objects.get(mobile=mobile) except User.DoesNotExist: # 用户不存在,新建用户 user = User.objects.create_user(username=mobile, password=password, mobile=mobile) else: # 如果用户存在,检查密码 if not user.check_password(password): return render(request, 'oauth_callback.html', {'account_errmsg': '用户名或密码错误'}) # 5.将用户绑定openid try: OAuthQQUser.objects.create(openid=openid, user=user) except DatabaseError: return render(request, 'oauth_callback.html', {'qq_login_errmsg': 'QQ登录失败'}) # 6.实现状态保持 login(request, user) # 7.响应绑定结果 next = request.GET.get('state') response = redirect(next) # 8.登录时用户名写入到cookie,有效期15天 response.set_cookie('username', user.username, max_age=3600 * 24 * 15) # 合并购物车 response = merge_cart_cookie_to_redis(request=request, response=response) # 9.响应 return response
def post(self,request): # 获取参数 dict = json.loads(request.body.decode()) mobile = dict.get('mobile') password = dict.get('password') sms_code = dict.get('sms_code') access_code = dict.get('access_token') # 校验参数必要性 if not all([mobile, password, sms_code, access_code]): return JsonResponse({ 'code': 400, 'errmsg': '缺少必要参数' }) # 验证每个参数是否符合格式要求 # 手机号是否符合格式要求 if not re.match(r"^1[3-9]\d{9}$", mobile): return JsonResponse({ 'code': 400, 'errmsg': '手机号码格式不对' }) # 判断密码是够符合格式 if not re.match(r'^[0-9A-Za-z]{8,20}$', password): return JsonResponse({ 'code': 400, 'errmsg': '密码格式不对' }) # 判断验证码是否符合要求 redis_conn = get_redis_connection('verify_code') sms_code_from_redis = redis_conn.get('sms_%s' % mobile) # 判断验证码是否已经过期 if not sms_code_from_redis: return JsonResponse({ 'code': 400, 'errmsg': '验证码已经过期' }) # 判断验证码是否正确 if sms_code_from_redis.decode() != sms_code: return JsonResponse({ 'code': 400, 'errmsg': '验证码输入错误' }) # 判断用户是否已经注册过 # 解密获取用户的openid openid = check_access_token(access_code) try: user = User.objects.get(mobile=mobile) # 存在则继续校验用户密码是否输入正确 if user.check_password(password): # 将oauth_qq表中的user外键绑定为user的id try: OAuthQQUser.objects.create(user_id=user.id, openid=openid) response = JsonResponse({ 'code': 0, 'errmsg': 'ok' }) #状态保持 login(request, user) response.set_cookie('username', user.username, max_age=3600*24*14) return response except Exception as e: logger.error(e) return JsonResponse({ 'code': 400, 'errmsg': '绑定用户信息失败,数据库写入错误' }) else: return JsonResponse({ 'code': 400, 'errmsg': '密码输入错误', }) # 用户没有注册过 except Exception as e: # 在User模型类中创建用户信息 try: user = User.objects.create_user(username=mobile, password=password, mobile=mobile) OAuthQQUser.objects.create(openid=openid, user_id=user.id) # 状态保持 login(request, user) response = JsonResponse({ 'code': 0, 'errmsg': 'ok', }) response.set_cookie('username', user.username, max_age=3600*24*14) return response except Exception as e: logger.error(e) return JsonResponse({ 'code': 400, 'errmsg': '用户数据保存失败,写入数据库出错' })