def post(self):
args = self.get_argument('args', None)
if args is None:
return self.write_json(TPE_PARAM)
try:
args = json.loads(args)
except:
return self.write_json(TPE_JSON_FORMAT)
try:
username = args['username']
password = args['password']
oath_code = args['oath_code']
except:
return self.write_json(TPE_PARAM)
err, user_info, msg = user.login(self, username, password=password)
if err != TPE_OK:
if err == TPE_NOT_EXISTS:
err = TPE_USER_AUTH
return self.write_json(err)
secret = self.get_session('tmp_oath_secret', None)
if secret is None:
return self.write_json(TPE_FAILED, '内部错误!')
self.del_session('tmp_oath_secret')
if not tp_oath_verify_code(secret, oath_code):
return self.write_json(TPE_OATH_MISMATCH)
err = user.update_oath_secret(self, user_info['id'], secret)
if err != TPE_OK:
return self.write_json(err)
return self.write_json(TPE_OK)
def post(self):
args = self.get_argument('args', None)
if args is None:
return self.write_json(TPE_PARAM)
try:
args = json.loads(args)
except:
return self.write_json(TPE_JSON_FORMAT)
try:
username = args['username']
password = args['password']
oath_code = args['oath_code']
except:
return self.write_json(TPE_PARAM)
err, user_info = user.login(self, username, password=password)
if err != TPE_OK:
if err == TPE_NOT_EXISTS:
err = TPE_USER_AUTH
return self.write_json(err)
secret = self.get_session('tmp_oath_secret', None)
if secret is None:
return self.write_json(TPE_FAILED, '内部错误!')
self.del_session('tmp_oath_secret')
if not tp_oath_verify_code(secret, oath_code):
return self.write_json(TPE_OATH_MISMATCH)
err = user.update_oath_secret(self, user_info['id'], secret)
if err != TPE_OK:
return self.write_json(err)
return self.write_json(TPE_OK)
def post(self):
ret = self.check_privilege(TP_PRIVILEGE_USER_DELETE)
if ret != TPE_OK:
return
args = self.get_argument('args', None)
if args is None:
return self.write_json(TPE_PARAM)
try:
args = json.loads(args)
except:
return self.write_json(TPE_JSON_FORMAT)
try:
users = args['users']
except:
return self.write_json(TPE_PARAM)
# 把oath设置为空就是去掉oath验证
err = user.update_oath_secret(self, users, '')
self.write_json(err)
def post(self):
ret = self.check_privilege(TP_PRIVILEGE_USER_DELETE)
if ret != TPE_OK:
return
args = self.get_argument('args', None)
if args is None:
return self.write_json(TPE_PARAM)
try:
args = json.loads(args)
except:
return self.write_json(TPE_JSON_FORMAT)
try:
users = args['users']
except:
return self.write_json(TPE_PARAM)
# 把oath设置为空就是去掉oath验证
err = user.update_oath_secret(self, users, '')
self.write_json(err)
def post(self):
args = self.get_argument('args', None)
if args is None:
return self.write_json(TPE_PARAM)
try:
args = json.loads(args)
except:
return self.write_json(TPE_JSON_FORMAT)
try:
mode = int(args['mode'])
except:
return self.write_json(TPE_PARAM)
password = ''
if mode == 1:
# 管理员直接在后台给用户发送密码重置邮件
err = self.check_privilege(TP_PRIVILEGE_USER_CREATE)
if err != TPE_OK:
return self.write_json(err)
try:
user_id = int(args['id'])
except:
return self.write_json(TPE_PARAM)
elif mode == 2:
# 管理员直接在后台为用户重置密码
err = self.check_privilege(TP_PRIVILEGE_USER_CREATE)
if err != TPE_OK:
return self.write_json(err)
try:
user_id = int(args['id'])
password = args['password']
except:
return self.write_json(TPE_PARAM)
elif mode == 3:
# 用户自行找回密码,需要填写用户名、邮箱、验证码
try:
username = args['username']
email = args['email']
captcha = args['captcha']
except:
return self.write_json(TPE_PARAM)
code = self.get_session('captcha')
if code is None:
return self.write_json(TPE_CAPTCHA_EXPIRED, '验证码已失效')
if code.lower() != captcha.lower():
return self.write_json(TPE_CAPTCHA_MISMATCH, '验证码错误')
self.del_session('captcha')
err, user_info = user.get_by_username(username)
if err != TPE_OK:
return self.write_json(err)
if user_info.email != email:
return self.write_json(TPE_NOT_EXISTS)
user_id = user_info.id
elif mode == 4:
# 用户通过密码重置邮件中的链接(有token验证),在页面上设置新密码,需要提供token、新密码
try:
token = args['token']
password = args['password']
except:
return self.write_json(TPE_PARAM)
err, user_id = user.check_reset_token(token)
if err != TPE_OK:
return self.write_json(err)
elif mode == 5:
# 用户输入当前密码和新密码进行设置
try:
current_password = args['current_password']
password = args['password']
except:
return self.write_json(TPE_PARAM)
err, user_info = user.get_by_username(
self.get_current_user()['username'])
if err != TPE_OK:
return self.write_json(err)
if not tp_password_verify(current_password, user_info['password']):
return self.write_json(TPE_USER_AUTH)
user_id = user_info['id']
elif mode == 6:
# 用户密码过期,在登录前进行修改
try:
username = args['username']
current_password = args['password']
password = args['new_password']
captcha = args['captcha']
except:
return self.write_json(TPE_PARAM)
code = self.get_session('captcha')
if code is None:
return self.write_json(TPE_CAPTCHA_EXPIRED, '验证码已失效')
if code.lower() != captcha.lower():
return self.write_json(TPE_CAPTCHA_MISMATCH, '验证码错误')
self.del_session('captcha')
err, user_info = user.get_by_username(username)
if err != TPE_OK:
return self.write_json(err)
# xxx 如果是密码过期而在登录前修改密码,需要额外判断用户是否已经被锁定
# 如果用户被禁用或锁定,在登录时会被拒绝,因此此处仍然允许其修改密码
# if user_info['state'] != TP_STATE_NORMAL:
# if user_info['state'] == TP_STATE_LOCKED:
# return self.write_json(TPE_USER_LOCKED)
# elif user_info['state'] == TP_STATE_DISABLED:
# return self.write_json(TPE_USER_DISABLED)
# else:
# return self.write_json(TPE_FAILED)
if not tp_password_verify(current_password, user_info['password']):
return self.write_json(TPE_USER_AUTH)
user_id = user_info['id']
else:
return self.write_json(TPE_PARAM)
if user_id == 0:
return self.write_json(TPE_PARAM)
if mode == 1 or mode == 3:
err, email, token = user.generate_reset_password_token(
self, user_id)
# generate an URL for reset password, valid in 24hr.
reset_url = '{}://{}/user/reset-password?token={}'.format(
self.request.protocol, self.request.host, token)
err, msg = yield mail.tp_send_mail(
email,
'Teleport用户,您好!\n\n请访问以下链接以重设您的teleport登录密码。此链接将于本邮件寄出24小时之后失效。\n'
'访问此链接,将会为您打开密码重置页面,然后您可以设定新密码。\n\n'
'如果您并没有做重设密码的操作,请忽略本邮件,请及时联系您的系统管理员!\n\n'
'{reset_url}\n\n\n\n'
'[本邮件由teleport系统自动发出,请勿回复]'
'\n\n'
''.format(reset_url=reset_url),
subject='密码重置确认函')
return self.write_json(err, msg)
elif mode == 2 or mode == 4 or mode == 5 or mode == 6:
if len(password) == 0:
return self.write_json(TPE_PARAM)
# 根据需要进行弱密码检测
if tp_cfg().sys.password.force_strong:
if not tp_check_strong_password(password):
return self.write_json(
TPE_FAILED, '密码强度太弱!强密码需要至少8个英文字符,必须包含大写字母、小写字母和数字。')
password = tp_password_generate_secret(password)
err = user.set_password(self, mode, user_id, password)
if mode == 4 and err == TPE_OK:
user.remove_reset_token(token)
# 非用户自行修改密码的情况,都默认重置身份认证
if not (mode == 5 or mode == 6) and err == TPE_OK:
# print("reset oath secret")
user.update_oath_secret(self, user_id, '')
self.write_json(err)
else:
self.write_json(TPE_PARAM)
def post(self):
args = self.get_argument('args', None)
if args is None:
return self.write_json(TPE_PARAM)
try:
args = json.loads(args)
except:
return self.write_json(TPE_JSON_FORMAT)
try:
mode = int(args['mode'])
except:
return self.write_json(TPE_PARAM)
password = ''
if mode == 1:
# 管理员直接在后台给用户发送密码重置邮件
err = self.check_privilege(TP_PRIVILEGE_USER_CREATE)
if err != TPE_OK:
return self.write_json(err)
try:
user_id = int(args['id'])
except:
return self.write_json(TPE_PARAM)
elif mode == 2:
# 管理员直接在后台为用户重置密码
err = self.check_privilege(TP_PRIVILEGE_USER_CREATE)
if err != TPE_OK:
return self.write_json(err)
try:
user_id = int(args['id'])
password = args['password']
except:
return self.write_json(TPE_PARAM)
elif mode == 3:
# 用户自行找回密码,需要填写用户名、邮箱、验证码
try:
username = args['username']
email = args['email']
captcha = args['captcha']
except:
return self.write_json(TPE_PARAM)
code = self.get_session('captcha')
if code is None:
return self.write_json(TPE_CAPTCHA_EXPIRED, '验证码已失效')
if code.lower() != captcha.lower():
return self.write_json(TPE_CAPTCHA_MISMATCH, '验证码错误')
self.del_session('captcha')
err, user_info = user.get_by_username(username)
if err != TPE_OK:
return self.write_json(err)
if user_info.email != email:
return self.write_json(TPE_NOT_EXISTS)
user_id = user_info.id
elif mode == 4:
# 用户通过密码重置邮件中的链接(有token验证),在页面上设置新密码,需要提供token、新密码
try:
token = args['token']
password = args['password']
except:
return self.write_json(TPE_PARAM)
err, user_id = user.check_reset_token(token)
if err != TPE_OK:
return self.write_json(err)
elif mode == 5:
# 用户输入当前密码和新密码进行设置
try:
current_password = args['current_password']
password = args['password']
except:
return self.write_json(TPE_PARAM)
err, user_info = user.get_by_username(self.get_current_user()['username'])
if err != TPE_OK:
return self.write_json(err)
if not tp_password_verify(current_password, user_info['password']):
return self.write_json(TPE_USER_AUTH)
user_id = user_info['id']
else:
return self.write_json(TPE_PARAM)
if user_id == 0:
return self.write_json(TPE_PARAM)
if mode == 1 or mode == 3:
err, email, token = user.generate_reset_password_token(self, user_id)
# generate an URL for reset password, valid in 24hr.
reset_url = '{}://{}/user/reset-password?token={}'.format(self.request.protocol, self.request.host, token)
err, msg = yield mail.tp_send_mail(
email,
'Teleport用户,您好!\n\n请访问以下链接以重设您的teleport登录密码。此链接将于本邮件寄出24小时之后失效。\n'
'访问此链接,将会为您打开密码重置页面,然后您可以设定新密码。\n\n'
'如果您并没有做重设密码的操作,请忽略本邮件,请及时联系您的系统管理员!\n\n'
'{reset_url}\n\n\n\n'
'[本邮件由teleport系统自动发出,请勿回复]'
'\n\n'
''.format(reset_url=reset_url),
subject='密码重置确认函'
)
return self.write_json(err, msg)
elif mode == 2 or mode == 4 or mode == 5:
if len(password) == 0:
return self.write_json(TPE_PARAM)
# 根据需要进行弱密码检测
if tp_cfg().sys.password.force_strong:
if not tp_check_strong_password(password):
return self.write_json(TPE_FAILED, '密码强度太弱!强密码需要至少8个英文字符,必须包含大写字母、小写字母和数字。')
password = tp_password_generate_secret(password)
err = user.set_password(self, user_id, password)
if mode == 4 and err == TPE_OK:
user.remove_reset_token(token)
# 非用户自行修改密码的情况,都默认重置身份认证
if mode != 5 and err == TPE_OK:
print("reset oath secret")
user.update_oath_secret(self, user_id, '')
self.write_json(err)
else:
self.write_json(TPE_PARAM)