def change_pwd():
current_user = json.loads(get_jwt_claims())
change_uid = request.values.get('userId', default=None)
old_pwd = request.values.get('oldPassword', default=None)
new_pwd = request.values.get('newPassword', default=None)
if not change_uid:
raise InvalidUsage(payload=ResponseEnum.USER_ID_CANNOT_BE_EMPTY)
change_user = User.query.get(change_uid)
if not change_user:
raise InvalidUsage(payload=ResponseEnum.OBJECT_NOT_FOUNT)
if current_user.get('admin') != 1 \
and change_user.id != current_user.get('id'):
raise InvalidUsage(payload=ResponseEnum.PERMISSION_ERROR)
old_pwd_encrypt = hashlib.md5(old_pwd.encode(encoding='utf-8')).hexdigest()
if change_user.password != old_pwd_encrypt:
raise InvalidUsage(payload=ResponseEnum.OLDPASSWORD_IS_NOT_MATCH)
if not new_pwd:
raise InvalidUsage(payload=ResponseEnum.PASSWORD_CANNOT_BE_EMPTY)
change_user.password = hashlib.md5(new_pwd.encode(encoding='utf-8')).hexdigest()
change_user.save()
return 'ok'
def update_project(self):
if not self.id:
raise InvalidUsage(payload=ResponseEnum.INVALID_PARAMS)
project = Project.query.get(self.id)
if not project:
raise InvalidUsage(status_code=404,
payload=ResponseEnum.OBJECT_NOT_FOUNT)
if project.name == self.name and project.description == self.description:
return project.to_json()
project.name = self.name
project.description = self.description
project.updated_on = datetime.now()
project.save()
self.add_external_field(project)
return project.to_json()
def delete_project(self, project_id):
if not project_id:
raise InvalidUsage(payload=ResponseEnum.INVALID_PARAMS)
project = Project.query.get(project_id)
if not project:
return 'success'
try:
delete_repository(project)
project.delete_self()
MemberService().delall_project_member(project_id)
except SvnOperateException:
raise InvalidUsage(payload=ResponseEnum.SERVER_ERROR)
return 'success'
def save(self):
current_user = json.loads(get_jwt_claims())
# 创建数据库
project = Project()
project.created_by = current_user.get('id')
project.name = self.name
project.path = self.path
project.description = self.description
project.visibility = self.visibility
project.setting_auth_content = self.generate_setting_auth_content(
current_user)
project.final_auth_content = self.generate_final_auth_content(project)
project.last_activity_on = datetime.now()
project.save()
try:
MemberService().save_project_member(project.id, project.created_by,
project.created_by, 50)
# 创建仓库
create_repository(project)
# 初始化目录
if self.initDirs:
init_repo_dirs(project)
# 保存权限
save_authz(project)
except SvnOperateException as e:
delete_repository(project)
project.delete_self()
raise InvalidUsage(payload=(e.status, e.output))
self.add_external_field(project)
return project.to_json()
def handle_group_line(self, index, auth_line):
if not re.search('^\\w+=(\\w+,)*\\w+$', auth_line):
err_msg = '第{0}行出错,出现非法字符'.format(index + 1)
raise InvalidUsage(payload=(9000, err_msg))
group = auth_line.split('=')[0]
users = auth_line.split('=')[1]
user_list = users.split(',')
return group, user_list
def validate(self):
if not self.fullname or not self.username or not self.email:
raise InvalidUsage(
payload=ResponseEnum.ACCOUNT_INFO_CANNOT_BE_EMPTY)
if not self.password:
raise InvalidUsage(payload=ResponseEnum.PASSWORD_CANNOT_BE_EMPTY)
user = User.query.filter(
or_(User.username == self.username,
User.email == self.email)).first()
if user and user.username == self.username:
raise InvalidUsage(payload=ResponseEnum.ACCOUNT_CONFLICT)
if user and user.email == self.email:
raise InvalidUsage(payload=ResponseEnum.EMAIL_CONFLICT)
if self.current_user.get('admin') != 1:
raise InvalidUsage(payload=ResponseEnum.PERMISSION_ERROR)
if not re.match(r'[a-z][a-z0-9]+', self.username):
raise InvalidUsage(payload=ResponseEnum.USERNAME_INVALID)
if not re.match(
r'([a-zA-Z]|[0-9])(\w|-)+@[a-zA-Z0-9]+\.([a-zA-Z]{2,4})',
self.email):
raise InvalidUsage(payload=ResponseEnum.EMAIL_INVALID)
return self
def get_by_id(self, project_id):
if not project_id:
raise InvalidUsage(payload=ResponseEnum.INVALID_PARAMS)
project = Project.query.get(project_id)
self.add_external_field(project)
if project:
return project.to_json()
else:
abort(404)
def validate(self):
if not self.name:
raise InvalidUsage(
payload=ResponseEnum.PROJECT_NAME_CANNOT_BE_EMPTY)
if not self.path or not re.search('^[A-z][\\w\\-_]*$', self.path):
raise InvalidUsage(payload=ResponseEnum.PROJECT_PATH_NOT_VALID)
if not self.visibility:
self.visibility = 'private'
if self.name_or_path_conflict():
raise InvalidUsage(
payload=ResponseEnum.NAME_OR_PATH_ALREADY_EXISTS)
visibility_list = (BusiEnum.get_key(BusiEnum.VISIBILITY_PRIVATE),
BusiEnum.get_key(BusiEnum.VISIBILITY_PUBLIC))
if self.visibility not in visibility_list:
raise InvalidUsage(payload=ResponseEnum.VISIBILITY_NOT_VALID)
return self
def handle_normal_line(self, index, auth_line):
if not re.search('^((@?\\w+)|(\\*))=(r|rw)?$', auth_line):
err_msg = '第{0}行出错,出现非法字符或权限不符合(r = 只读 rw = 读写 空 = 无权限)'.format(
index + 1)
raise InvalidUsage(payload=(9000, err_msg))
if auth_line.startswith('@'):
group = auth_line.split('=')[0].replace('@', '')
return group, None
user = auth_line.split('=')[0]
return None, user
def update_project_auth(self, project_id):
current_user = json.loads(get_jwt_claims())
if not project_id or not self.setting_auth_content:
raise InvalidUsage(payload=ResponseEnum.INVALID_PARAMS)
auth_list = self.setting_auth_content.replace(' ', '').split('\n')
resouces = []
defined_groups = []
used_groups = []
developers = []
for index, auth_line in enumerate(auth_list):
auth_line = auth_line.replace(' ', '')
if index == 0 and not auth_line.startswith('['):
err_msg = '第{0}行有错,未定义资源路径'.format(index + 1)
raise InvalidUsage(payload=(9000, err_msg))
elif auth_line.startswith('['):
if not re.search('^\\[[:|/|\\w]+\\]$', auth_line):
err_msg = '第{0}行有错,[]未匹配'.format(index + 1)
raise InvalidUsage(payload=(9000, err_msg))
resouces.append(auth_line)
elif resouces[-1] == '[groups]' and not auth_line.startswith('['):
group, user_list = self.handle_group_line(index, auth_line)
defined_groups.append(group)
developers.append(user_list)
else:
if len(auth_line) == 0:
continue
group, user_list = self.handle_normal_line(index, auth_line)
if group:
used_groups.append(group)
if user_list:
developers.append(user_list)
used_groups_set = set(used_groups)
defined_groups_set = set(defined_groups)
for g in used_groups_set:
if g not in defined_groups_set:
err_msg = '错误,组{}未定义'.format(g)
raise InvalidUsage(payload=(9000, err_msg))
# check username if exists
for d in developers:
user = User.query.filter(User.username == d).first()
if not user:
err_msg = '错误,用户{}不存在'.format(d)
raise InvalidUsage(payload=(9000, err_msg))
project = Project.query.get(project_id)
if not project:
raise InvalidUsage(ResponseEnum.OBJECT_NOT_FOUNT)
project.setting_auth_content = self.setting_auth_content
project.final_auth_content = self.generate_final_auth_content(project)
try:
save_authz(project)
db.session.commit()
self.sync_project_member(project, developers, current_user)
except Exception:
db.session.rollback()
raise InvalidUsage(payload=ResponseEnum.SERVER_ERROR)
return 'success'
def login():
"""
登录接口
---
tags:
- 用户登录
parameters:
- name: username
in: formData
type: string
- name: password
in: formData
type: string
definitions:
User:
type: object
properties:
id:
type: integer
username:
type: string
fullname:
type: string
email:
type: string
sign_in_count:
type: integer
project_limits:
type: integer
state:
type: string
last_activity_on:
type: string
admin:
type: integer
created_on:
type: string
updated_on:
type: string
created_by:
type: integer
LoginResponse:
type: object
properties:
access_token:
type: string
user_info:
$ref: '#/definitions/User'
responses:
200:
description: 用户信息以及token信息
schema:
$ref: '#/definitions/LoginResponse'
"""
username = request.values.get('username', default=None)
password = request.values.get('password', default=None)
if not username or not password:
raise InvalidUsage(payload=ResponseEnum.MISSING_USERNAME_OR_PASSWORD)
user = User.query.filter(and_(
User.username == username,
User.password == hashlib.md5(password.encode(encoding='utf-8')).hexdigest(),
User.state == 'active'
)).first()
if not user:
raise InvalidUsage(payload=ResponseEnum.LOGIN_FAILED)
user.last_activity_on = datetime.now()
if user.sign_in_count:
user.sign_in_count = user.sign_in_count + 1
else:
user.sign_in_count = 1
user.save()
results = {
'access_token': create_access_token(identity=user.id, user_claims=user.to_json()),
'user_info': user.to_dict()
}
return json.dumps(results)