def Process( handler, *args ) :
#请求前重建Session数据的过程
try :
email = handler.get_argument( 'email',default=None )
passwd = handler.get_argument( 'passwd',default=None )
rememberme = handler.get_argument( 'rememberme',default=None )
log.i( 'email=%s , passwd=%s , rememberme=%s' % (email,passwd,rememberme) )
expires = None
if rememberme == "on" :
expires = datetime.datetime.utcnow() + datetime.timedelta(days=365)
if not email or not passwd:
log.w( 'empty email or passwd' )
res = { 'op':False, 'msg':'邮箱和密码不能为空' }
handler.write( json.dumps(res) )
handler.finish()
return
email = email.strip().lower()
domain = util.get_domain_from_host( handler.request.host )
#user = data_user.get_user_by_email( mongo.db_pool[domain].user, email, passwd )
user = None
handler.ss_id = None
if not user:
log.w( 'no such user' )
res = { 'op':False, 'msg':'邮箱或密码错误' }
handler.write( json.dumps(res) )
handler.finish()
return
if passwd != user['pw'] :
log.w( 'passwd err'+' '+ user['pw'] )
res = { 'op':False, 'msg':'邮箱或密码错误' }
handler.write( json.dumps(res) )
handler.finish()
return
if user['ss']['ssid'] :
old_ss_id = str( user['ss']['ssid'] )
old_ss_data = handler.ss_store.get( old_ss_id )
if old_ss_data :
log.i( "old session : uid=%s , ssid=%s" % (user['uid'],old_ss_id) )
handler.ss_id = old_ss_id
if not handler.ss_id :
handler.ss_id = generate_id()
log.i( "new session : uid=%s , ssid=%s" % (user['uid'],handler.ss_id) )
handler.ss_id_hmac = generate_hmac( handler.ss_id )
handler.set_secure_cookie( etc.cookie_name, handler.ss_id, domain=domain, expires=expires )
handler.set_secure_cookie( etc.cookie_verify, handler.ss_id_hmac, domain=domain, expires=expires )
#data_user.set_login( mongo.db_pool[domain].user, user['uid'], handler.ss_id )
handler.ss_user = user
#执行原本请求的方法
request( handler, *args )
except Exception as e :
log.exp(e)
res = { 'op':False, 'msg':etc.err_500 }
handler.write( json.dumps(res) )
handler.finish()
return
def get( self ) :
try:
self.clear_all_cookies()
if self.get_current_user() :
domain = util.get_domain_from_host( self.request.host )
#data_user.set_logout( mongo.db_pool[domain].user, self.ss_data['uid'] )
self.ss_store.delete( self.ss_data.ss_id )
except Exception as e :
log.exp( e )
finally:
self.ss_data = None
self.redirect(etc.url['user_home'])
def get_current_user( self ) :
try:
uuid = self.get_cookie( etc.cookie_uuid )
if not uuid :
log.i( 'no uuid' )
expires = datetime.datetime.utcnow() + datetime.timedelta(days=365)
uuid = generate_uuid()
domain = util.get_domain_from_host( self.request.host )
self.set_cookie( etc.cookie_uuid, uuid, domain=domain, expires=expires )
self.uuid = uuid
usr_ss_id = self.get_secure_cookie( etc.cookie_name )
usr_ss_id_hmac = self.get_secure_cookie( etc.cookie_verify )
if not usr_ss_id or not usr_ss_id_hmac :
log.i( 'no cookie' )
self.clear_cookie( etc.cookie_name )
self.clear_cookie( etc.cookie_verify )
self.ss_data = None
return None
check_hmac = session_base.generate_hmac( usr_ss_id )
if usr_ss_id_hmac != check_hmac :
log.w("evil session : %s %s"%(usr_ss_id,usr_ss_id_hmac))
self.clear_cookie( etc.cookie_name )
self.clear_cookie( etc.cookie_verify )
self.ss_data = None
return None
old_ss_data = self.ss_store.get( usr_ss_id )
if old_ss_data == None :
log.i("session expired")
self.clear_cookie( etc.cookie_name )
self.clear_cookie( etc.cookie_verify )
self.ss_data = None
return None
self.ss_data = old_ss_data
return self.ss_data
except Exception as e :
log.exp(e)
self.clear_cookie( etc.cookie_name )
self.clear_cookie( etc.cookie_verify )
self.ss_data = None
return self.ss_data
def get( self ) :
try:
vid = self.get_argument( 'vid', default=None )
log.i('vid=%s' % vid)
domain = util.get_domain_from_host( self.request.host )
#reset = data_user.get_reset( mongo.db_pool[domain].reset, vid )
reset = NOne
if not reset:
log.w('no such reset pwd')
return self.redirect( etc.url['user_main'] )
else:
log.i( 'verify success' )
return self.render( "user_reset_pwd.html",
p_url = etc.url,
p_session = self.ss_data,
p_pwsecret = etc.pw_secret,
p_next = None,
p_email = reset['email'],
p_vid = reset['vid'],
)
except Exception as e :
log.exp( e )
self.redirect( etc.url['user_main'] )