def post(self): username = self.validated_arguments['username'] verify_code = self.validated_arguments['verify_code'] new_password = self.validated_arguments['new_password'] if is_mobile(username): if not self.verify_mobile(username, verify_code): raise ApiException(400, "验证码错误,请重新输入") user = User.get_or_none(mobile=username) if not user: raise ApiException(400, "手机号还没有注册") User.update(password=User.create_password(new_password)).where( User.id == user.id).execute() elif username.find("@") > 0: user = User.get_or_none(email=username) if not user: raise ApiException(400, "邮箱还没有注册") User.update(password=User.create_password(new_password)).where( User.id == user.id).execute() else: raise ApiException(400, "用户名格式有误,请填写手机号或电子邮箱") self.write_success()
def post(self): mobile = self.validated_arguments['mobile'] verify_code = self.validated_arguments['verify_code'] if not self.verify_mobile(mobile, verify_code): raise ApiException(400, "验证码错误,请重新输入") user = User.get_or_none(mobile=mobile) if not user: with self.db.transaction() as txn: user = User.create( mobile=mobile, mobile_verifyed=True, reg_device_id=self.device_id, last_device_id=self.device_id, last_login=datetime.now(), ) else: update = {"last_login": datetime.now()} if self.device_id > 0: update["last_device_id"] = self.device_id User.update(**update).where(User.id == user.id).execute() if user and self.device_id: User.update_device(user.id, self.device_id) self.write(self.create_session(user))
def login(self, user: User, expires_days: int = None): self.set_secure_cookie("club_session", tornado.escape.json_encode({ "id": user.id, }), expires_days=expires_days) User.update(last_login=datetime.now()).where( User.id == user.id).execute()
def patch(self, user_id): user = User.get_or_404(id=user_id) self.has_update_permission(user) form = self.validated_arguments if not form: raise ApiException(400, "填写需要修改的属性和值") User.update(**form).where(User.id == user_id).execute() self.set_status(204)
def post(self): form = MobileResetPasswordForm(self.arguments) if form.validate() and self.validate_verify_code(form): User.update(password=User.create_password( self.get_argument("password"))).where( User.mobile == self.get_argument("mobile")).execute() self.flash("重置密码成功,请使用新密码登录") self.redirect(self.reverse_url("club_auth_login")) self.render("password/mobile_reset_password.html", form=form)
def post(self): username = self.validated_arguments['username'].lower() password = self.validated_arguments['password'] if len(username) == 0 or len(password) == 0: raise ApiException(400, "用户名和密码不能为空") fail_times_key = "yiyun:user:%s:login_fail_times" % username if intval(self.redis.get(fail_times_key)) >= 5: raise ApiException(403, "密码错误次数太多,请休息10分钟再试") if is_mobile(username): user = User.get_or_none(mobile=username) elif username.find('@') > 0: user = User.get_or_none(email=username) else: raise ApiException(400, "用户名格式不正确,请填写手机号或电子邮箱") if not password or not user \ or not User.check_password(user.password, password): fail_times = intval(self.redis.incr(fail_times_key)) if fail_times == 1: self.redis.expire(fail_times_key, 600) raise ApiException(403, "密码有误,如果没有设置密码请使用手机号找回密码") # 重试次数归零 self.redis.delete(fail_times_key) if not user.is_active(): raise ApiException(403, "你的账户不可用,无法登录") update = {"last_login": datetime.now()} if self.device_id > 0: update["last_device_id"] = self.device_id User.update(**update).where(User.id == user.id).execute() if user and self.device_id: Device.update(owner_id=user.id).where( Device.id == self.device_id).execute() self.write(self.create_session(user))
def post(self): form = ChangePasswordForm(self.arguments) if form.validate() and self.validate_password(form): User.update( password=User.create_password(self.get_argument("newPassword")) ).where( User.id == self.current_user.id ).execute() self.flash("修改密码成功!", category='success') self.redirect(self.reverse_url("club_account_change_password")) return self.render("account/change_password.html", form=form)
def sync_user_info(self, extra_fields): """ 同步报名信息到用户信息 """ update_user_attrs = {} if not self.current_user.name and extra_fields.get("nickname", None): update_user_attrs['name'] = extra_fields['nickname'] if self.current_user.gender not in ('f', 'm') and \ extra_fields.get("gender", None): update_user_attrs['gender'] = extra_fields['gender'] if update_user_attrs: User.update( **update_user_attrs ).where( User.id == self.current_user.id ).execute()
def post(self): form = ChangeMobileForm(self.arguments) if form.validate() \ and self.validate_password(form) \ and self.validate_mobile(form): User.update( mobile=self.get_argument("mobile") ).where( User.id == self.current_user.id ).execute() self.flash("修改手机号成功!", category='success') self.redirect(self.reverse_url("club_change_mobile")) return self.validate_password(form) self.render("account/change_mobile.html", form=form)
def update_avatar_by_url(user_id, avatar_url): r = requests.get(avatar_url) if r.status_code != 200: return avatar_key = "user:%s%s" % (user_id, time.time()) avatar_key = hashlib.md5(avatar_key).hexdigest() avatar_bucket = app.settings['qiniu_avatar_bucket'] ret, info = qiniu_tool.put_data(avatar_bucket, avatar_key, r.content, mime_type="image/jpeg", check_crc=True) if not ret: raise Exception("上传头像失败") # 记录保存仓库和位置 avatar_key = "qiniu:%s:%s" % (avatar_bucket, avatar_key) User.update(avatar_key=avatar_key).where(User.id == user_id).execute()
def register_or_login(self, service, openid, access_token, expires_in, nickname, gender, head_url, auth_data): try: user = User.select().join( UserAuthData, on=(UserAuthData.user_id == User.id )).where((UserAuthData.service == service) & (UserAuthData.openid == openid)).get() except User.DoesNotExist: user = None if self.current_user: # 已绑定到其它账号 if user and user.id != self.current_user.id: raise ApiException( 403, "此%s账号已被其他用户使用" % UserAuthData.get_service_name(service)) # 已绑定到自己账号 elif user and user.id == self.current_user.id: UserAuthData.update( access_token=access_token, expires_in=expires_in, userinfo=auth_data).where( (UserAuthData.service == service) & (UserAuthData.user_id == user.id)).execute() # 已绑定其它账号 elif UserAuthData.select().where( (UserAuthData.service == service) & (UserAuthData.user_id == self.current_user.id) & (UserAuthData.openid != openid)).exists(): raise ApiException( 403, "你已绑定其他%s账号" % UserAuthData.get_service_name(service)) # 已登录执行绑定 else: UserAuthData.create(service=service, user_id=self.current_user.id, openid=openid, nickname=nickname, access_token=access_token, expires_in=expires_in, userinfo=auth_data) if self.device_id > 0: User.update(last_device_id=self.device_id).where( User.id == self.current_user.id).execute() self.write(self.create_session(self.current_user)) else: # 已注册用户直接登录 if user: update = {"last_login": datetime.now()} if self.device_id > 0: update["last_device_id"] = self.device_id User.update(**update).where(User.id == user.id).execute() UserAuthData.update( access_token=access_token, expires_in=expires_in, userinfo=auth_data).where( (UserAuthData.service == service) & (UserAuthData.user_id == user.id)).execute() # 未注册用户先注册 else: with self.db.transaction() as txn: if User.select().where(User.name == nickname).exists(): if nickname == "qzuser": name = "%s_%s" % (nickname, random.randint(100000, 999999)) else: name = "%s_%s" % (nickname, random.randint( 100, 999)) else: name = nickname user = User.create( name=name, gender=gender, mobile_verifyed=False, password=None, reg_device_id=self.device_id, last_device_id=self.device_id, last_login=datetime.now(), im_username=create_token(32).lower(), im_password=create_token(16), ) UserAuthData.create(service=service, user_id=user.id, openid=openid, nickname=nickname, access_token=access_token, expires_in=expires_in, userinfo=auth_data) # 将手机好加到 redis, 匹配好友需要 if user.mobile: self.redis.sadd('mobile:registered', user.mobile) # 从第三方下载头像 if head_url: tasks.user.update_avatar_by_url.delay( user.id, head_url) if user and self.device_id: Device.update(owner_id=user.id).where( Device.id == self.device_id).execute() self.write(self.create_session(user))