def patch(self, uid):
body_json = request.json
utoken = body_json.get('utoken')
user_info = verify_json_web_token(utoken)
if not user_info:
return jsonify({'message': '登录已过期,重新登录再进行修改'}), 400
user_id = int(user_info['id'])
modify_dict = dict()
for can_modify_key in ['username', 'password', 'phone', 'email']:
if can_modify_key in body_json:
if can_modify_key == 'password':
modify_dict['password'] = hash_user_password(
body_json['password'])
else:
modify_dict[can_modify_key] = body_json[can_modify_key]
update_str = ""
for modify_key in modify_dict:
update_str += "`{}`='{}',".format(modify_key,
modify_dict[modify_key])
update_str = update_str[:-1]
update_statement = "UPDATE `info_user` SET %s WHERE `id`=%d;" % (
update_str, user_id)
db_connection = MySQLConnection()
cursor = db_connection.get_cursor()
cursor.execute(update_statement)
db_connection.commit()
db_connection.close()
return jsonify({"message": "修改成功!"})
def post(self):
json_body = request.json
imgcid = json_body.get('image_code_id', '')
machine_code = json_body.get('machine_code', None)
client = get_client(machine_code)
if not client:
return jsonify({'message': 'INVALID CLIENT,无法注册!'})
role_num = 5
if client['is_manager'] == 1:
role_num = 4
username = json_body.get('username', None)
password = json_body.get('password', None)
phone = json_body.get('phone', None)
email = json_body.get('email', '')
image_code = json_body.get('imgcode', None)
agent = request.headers.get('User-Agent', '')
user_origin = ''
if agent.startswith('Delivery'):
user_origin = 'delivery'
if not all([username, password, phone, image_code]):
return jsonify({'message': '请提交完整数据.'})
if not re.match(r'^[1][3-9][0-9]{9}$', phone): # 手机号验证
return jsonify({"message": "手机号有误!"})
redis_connection = RedisConnection()
real_imgcode = redis_connection.get_value('imgcid_%s' %
imgcid) # 取出验证码
if not real_imgcode or image_code.lower() != real_imgcode.lower():
return jsonify({"message": "验证码错误!"})
password = hash_user_password(password)
db_connection = MySQLConnection()
cursor = db_connection.get_cursor()
try:
save_statement = "INSERT INTO `info_user`(`username`,`password`,`phone`,`email`,`role_num`,`origin`)" \
"VALUES (%s,%s,%s,%s,%s,%s);"
cursor.execute(
save_statement,
(username, password, phone, email, role_num, user_origin))
# 写入第三方表(记录用户可登录的客户端表)
new_user_id = db_connection.insert_id()
client_id = int(client['id'])
expire_time = datetime.datetime.strptime("3000-01-01", "%Y-%m-%d")
uc_save_statement = "INSERT INTO `link_user_client`(`user_id`,`client_id`,`expire_time`)" \
"VALUES (%s,%s,%s);"
cursor.execute(uc_save_statement,
(new_user_id, client_id, expire_time))
db_connection.commit()
except Exception as e:
current_app.logger.error("用户注册错误:{}".format(e))
db_connection.rollback() # 事务回滚
db_connection.close()
return jsonify({"message": "注册失败%s" % str(e)}), 400
else:
return jsonify({"message": "注册成功"}), 201
def post(self, user_id):
utoken = request.json.get('utoken')
operator_user = psd_handler.verify_json_web_token(utoken)
if not operator_user or not operator_user['is_admin']:
return jsonify("登录已过期或无权限操作!"), 400
password = request.json.get('password')
new_password = psd_handler.hash_user_password(password)
# 设置新密码
update_statement = "UPDATE `user_info` SET `password`=%s WHERE `id`=%s;"
db_connection = MySQLConnection()
cursor = db_connection.get_cursor()
cursor.execute(update_statement, (new_password, user_id))
db_connection.commit()
db_connection.close()
return jsonify("重置用户密码成功!\n新密码为:123456")
def post(self):
body_json = request.json
utoken = body_json.get('utoken')
password = body_json.get('password')
user_info = psd_handler.verify_json_web_token(utoken)
if not user_info:
return jsonify("登录已过期,重新登录"), 400 # 重定向
user_id = user_info['uid']
new_password = psd_handler.hash_user_password(password)
db_connection = MySQLConnection()
cursor = db_connection.get_cursor()
modify_statement = "UPDATE `user_info` SET `password`=%s WHERE `id`=%s;"
cursor.execute(modify_statement, (new_password, user_id))
db_connection.commit()
db_connection.close()
return jsonify("修改密码成功!请重新登录!") # 重定向
def post(self, uid):
# 管理员重置用户密码
body_json = request.json
utoken = body_json.get('utoken', None)
operate_user = verify_json_web_token(utoken) # 操作者
print(operate_user)
if not operate_user or operate_user['role_num'] > 2:
return jsonify({'message': '没有权限进行这个操作!'}), 400
# 重置密码
new_password = hash_user_password('123456')
db_connection = MySQLConnection()
cursor = db_connection.get_cursor()
new_statement = "UPDATE `info_user` SET `password`=%s WHERE `id`=%s;"
cursor.execute(new_statement, (new_password, uid))
db_connection.commit()
db_connection.close()
return jsonify({'message': '重置成功!'})
def post(self):
# 设置新密码
body_json = request.json
username = body_json.get('username', None)
password = body_json.get('password', None)
email_code = body_json.get('email_code', None)
if not all([username, password, email_code]):
return jsonify({'message': '参数不足.', 'ret': False})
# 取出redis中的验证码
redis_connection = RedisConnection()
code = redis_connection.get_value("{}_email_code".format(username))
# 对比验证码,设置新密码
if code.lower() == email_code.lower():
new_psd = psd_handler.hash_user_password(password)
update_statement = "UPDATE `user_info` SET `password`=%s WHERE `name`=%s;"
db_connection = MySQLConnection()
cursor = db_connection.get_cursor()
cursor.execute(update_statement, (new_psd, username))
db_connection.commit()
db_connection.close()
return jsonify({'message': '修改成功!', 'ret': True})
else:
return jsonify({'message': '验证码错误!', 'ret': False})
def post(self):
json_data = request.json
# 验证数据完整性,存入数据库
username = json_data.get('name')
password = psd_handler.hash_user_password(json_data.get('password'))
phone = json_data.get('phone', '')
email = json_data.get('email', '')
if not username or not password or not phone:
return jsonify("请提交完整注册信息."), 400
# 验证手机号和邮箱
if not re.match(r'^1[345678][0-9]{9}$', phone):
return jsonify('请提交正确的手机号.'), 400
if not re.match(
r'^([a-zA-Z0-9]+[_|\_|\.]?)*[a-zA-Z0-9]+@([a-zA-Z0-9]+[_|\_|\.]?)*[a-zA-Z0-9]+\.[a-zA-Z]{2,3}$',
email):
return jsonify("请提交正确的邮箱."), 400
# 生成fixed_code
fixed_code = psd_handler.generate_string_with_time(7)
if self.save_user_information(username, password, 0, fixed_code, phone,
email):
return jsonify("注册成功!"), 201
else:
return jsonify("注册失败"), 400