def change_pwd(): current_user = json.loads(get_jwt_claims()) change_uid = request.values.get('userId', default=None) old_pwd = request.values.get('oldPassword', default=None) new_pwd = request.values.get('newPassword', default=None) if not change_uid: raise InvalidUsage(payload=ResponseEnum.USER_ID_CANNOT_BE_EMPTY) change_user = User.query.get(change_uid) if not change_user: raise InvalidUsage(payload=ResponseEnum.OBJECT_NOT_FOUNT) if current_user.get('admin') != 1 \ and change_user.id != current_user.get('id'): raise InvalidUsage(payload=ResponseEnum.PERMISSION_ERROR) old_pwd_encrypt = hashlib.md5(old_pwd.encode(encoding='utf-8')).hexdigest() if change_user.password != old_pwd_encrypt: raise InvalidUsage(payload=ResponseEnum.OLDPASSWORD_IS_NOT_MATCH) if not new_pwd: raise InvalidUsage(payload=ResponseEnum.PASSWORD_CANNOT_BE_EMPTY) change_user.password = hashlib.md5(new_pwd.encode(encoding='utf-8')).hexdigest() change_user.save() return 'ok'
def update_project(self): if not self.id: raise InvalidUsage(payload=ResponseEnum.INVALID_PARAMS) project = Project.query.get(self.id) if not project: raise InvalidUsage(status_code=404, payload=ResponseEnum.OBJECT_NOT_FOUNT) if project.name == self.name and project.description == self.description: return project.to_json() project.name = self.name project.description = self.description project.updated_on = datetime.now() project.save() self.add_external_field(project) return project.to_json()
def delete_project(self, project_id): if not project_id: raise InvalidUsage(payload=ResponseEnum.INVALID_PARAMS) project = Project.query.get(project_id) if not project: return 'success' try: delete_repository(project) project.delete_self() MemberService().delall_project_member(project_id) except SvnOperateException: raise InvalidUsage(payload=ResponseEnum.SERVER_ERROR) return 'success'
def save(self): current_user = json.loads(get_jwt_claims()) # 创建数据库 project = Project() project.created_by = current_user.get('id') project.name = self.name project.path = self.path project.description = self.description project.visibility = self.visibility project.setting_auth_content = self.generate_setting_auth_content( current_user) project.final_auth_content = self.generate_final_auth_content(project) project.last_activity_on = datetime.now() project.save() try: MemberService().save_project_member(project.id, project.created_by, project.created_by, 50) # 创建仓库 create_repository(project) # 初始化目录 if self.initDirs: init_repo_dirs(project) # 保存权限 save_authz(project) except SvnOperateException as e: delete_repository(project) project.delete_self() raise InvalidUsage(payload=(e.status, e.output)) self.add_external_field(project) return project.to_json()
def handle_group_line(self, index, auth_line): if not re.search('^\\w+=(\\w+,)*\\w+$', auth_line): err_msg = '第{0}行出错,出现非法字符'.format(index + 1) raise InvalidUsage(payload=(9000, err_msg)) group = auth_line.split('=')[0] users = auth_line.split('=')[1] user_list = users.split(',') return group, user_list
def validate(self): if not self.fullname or not self.username or not self.email: raise InvalidUsage( payload=ResponseEnum.ACCOUNT_INFO_CANNOT_BE_EMPTY) if not self.password: raise InvalidUsage(payload=ResponseEnum.PASSWORD_CANNOT_BE_EMPTY) user = User.query.filter( or_(User.username == self.username, User.email == self.email)).first() if user and user.username == self.username: raise InvalidUsage(payload=ResponseEnum.ACCOUNT_CONFLICT) if user and user.email == self.email: raise InvalidUsage(payload=ResponseEnum.EMAIL_CONFLICT) if self.current_user.get('admin') != 1: raise InvalidUsage(payload=ResponseEnum.PERMISSION_ERROR) if not re.match(r'[a-z][a-z0-9]+', self.username): raise InvalidUsage(payload=ResponseEnum.USERNAME_INVALID) if not re.match( r'([a-zA-Z]|[0-9])(\w|-)+@[a-zA-Z0-9]+\.([a-zA-Z]{2,4})', self.email): raise InvalidUsage(payload=ResponseEnum.EMAIL_INVALID) return self
def get_by_id(self, project_id): if not project_id: raise InvalidUsage(payload=ResponseEnum.INVALID_PARAMS) project = Project.query.get(project_id) self.add_external_field(project) if project: return project.to_json() else: abort(404)
def validate(self): if not self.name: raise InvalidUsage( payload=ResponseEnum.PROJECT_NAME_CANNOT_BE_EMPTY) if not self.path or not re.search('^[A-z][\\w\\-_]*$', self.path): raise InvalidUsage(payload=ResponseEnum.PROJECT_PATH_NOT_VALID) if not self.visibility: self.visibility = 'private' if self.name_or_path_conflict(): raise InvalidUsage( payload=ResponseEnum.NAME_OR_PATH_ALREADY_EXISTS) visibility_list = (BusiEnum.get_key(BusiEnum.VISIBILITY_PRIVATE), BusiEnum.get_key(BusiEnum.VISIBILITY_PUBLIC)) if self.visibility not in visibility_list: raise InvalidUsage(payload=ResponseEnum.VISIBILITY_NOT_VALID) return self
def handle_normal_line(self, index, auth_line): if not re.search('^((@?\\w+)|(\\*))=(r|rw)?$', auth_line): err_msg = '第{0}行出错,出现非法字符或权限不符合(r = 只读 rw = 读写 空 = 无权限)'.format( index + 1) raise InvalidUsage(payload=(9000, err_msg)) if auth_line.startswith('@'): group = auth_line.split('=')[0].replace('@', '') return group, None user = auth_line.split('=')[0] return None, user
def update_project_auth(self, project_id): current_user = json.loads(get_jwt_claims()) if not project_id or not self.setting_auth_content: raise InvalidUsage(payload=ResponseEnum.INVALID_PARAMS) auth_list = self.setting_auth_content.replace(' ', '').split('\n') resouces = [] defined_groups = [] used_groups = [] developers = [] for index, auth_line in enumerate(auth_list): auth_line = auth_line.replace(' ', '') if index == 0 and not auth_line.startswith('['): err_msg = '第{0}行有错,未定义资源路径'.format(index + 1) raise InvalidUsage(payload=(9000, err_msg)) elif auth_line.startswith('['): if not re.search('^\\[[:|/|\\w]+\\]$', auth_line): err_msg = '第{0}行有错,[]未匹配'.format(index + 1) raise InvalidUsage(payload=(9000, err_msg)) resouces.append(auth_line) elif resouces[-1] == '[groups]' and not auth_line.startswith('['): group, user_list = self.handle_group_line(index, auth_line) defined_groups.append(group) developers.append(user_list) else: if len(auth_line) == 0: continue group, user_list = self.handle_normal_line(index, auth_line) if group: used_groups.append(group) if user_list: developers.append(user_list) used_groups_set = set(used_groups) defined_groups_set = set(defined_groups) for g in used_groups_set: if g not in defined_groups_set: err_msg = '错误,组{}未定义'.format(g) raise InvalidUsage(payload=(9000, err_msg)) # check username if exists for d in developers: user = User.query.filter(User.username == d).first() if not user: err_msg = '错误,用户{}不存在'.format(d) raise InvalidUsage(payload=(9000, err_msg)) project = Project.query.get(project_id) if not project: raise InvalidUsage(ResponseEnum.OBJECT_NOT_FOUNT) project.setting_auth_content = self.setting_auth_content project.final_auth_content = self.generate_final_auth_content(project) try: save_authz(project) db.session.commit() self.sync_project_member(project, developers, current_user) except Exception: db.session.rollback() raise InvalidUsage(payload=ResponseEnum.SERVER_ERROR) return 'success'
def login(): """ 登录接口 --- tags: - 用户登录 parameters: - name: username in: formData type: string - name: password in: formData type: string definitions: User: type: object properties: id: type: integer username: type: string fullname: type: string email: type: string sign_in_count: type: integer project_limits: type: integer state: type: string last_activity_on: type: string admin: type: integer created_on: type: string updated_on: type: string created_by: type: integer LoginResponse: type: object properties: access_token: type: string user_info: $ref: '#/definitions/User' responses: 200: description: 用户信息以及token信息 schema: $ref: '#/definitions/LoginResponse' """ username = request.values.get('username', default=None) password = request.values.get('password', default=None) if not username or not password: raise InvalidUsage(payload=ResponseEnum.MISSING_USERNAME_OR_PASSWORD) user = User.query.filter(and_( User.username == username, User.password == hashlib.md5(password.encode(encoding='utf-8')).hexdigest(), User.state == 'active' )).first() if not user: raise InvalidUsage(payload=ResponseEnum.LOGIN_FAILED) user.last_activity_on = datetime.now() if user.sign_in_count: user.sign_in_count = user.sign_in_count + 1 else: user.sign_in_count = 1 user.save() results = { 'access_token': create_access_token(identity=user.id, user_claims=user.to_json()), 'user_info': user.to_dict() } return json.dumps(results)