コード例 #1
0
ファイル: api.py プロジェクト: kinorsi/Luyasi-Flask
def login2():
    """这是从内部请求面页的方式做的,比较麻烦。主要是原来想去掉crsf_token"""

    username = request.json.get('username', '')
    passwd = request.json.get('password', '')

    # print username

    loginUrl = url_for('security.login')
    loginUrl = current_app.config['API_URL'] + loginUrl

    res = requests.get(loginUrl)

    # print 'cookies:', res.headers['set-cookie']
    content = res.text
    cookies = res.cookies  # Must send back the cookies, or the server can't make correct crsf_token

    pattern = '<input id="csrf_token" name="csrf_token" type="hidden" value="([\w\.#]+)">'

    match = re.search(pattern, content)
    csrf_token = match.group(1)
    # print 'csrf_token:', csrf_token

    data = {'csrf_token': csrf_token, 'email': username, 'password': passwd}
    jdata = json.dumps(data)
    loginRes = requests.post(loginUrl, json=data, cookies=cookies)
    resJson = loginRes.json()

    if resJson['meta']['code'] == 200:
        user = api_user.get(int(resJson['response']['user']['id']))
        del resJson['response']['user']['id']
        resJson['response']['user']['nickname'] = user.nickname or user.email

    return json.dumps(resJson)
コード例 #2
0
ファイル: api.py プロジェクト: kinorsi/Luyasi-Flask
def login():
    """这里自己调用security的login。主要是为了返回csrfToken给前端的ng使用"""

    email = request.json.get('email', '')
    passwd = request.json.get('password', '')
    app_id = request.headers.get('app_id') or request.args.get('app_id')
    headers = {'app-id': app_id}
    # print username

    loginUrl = url_for(current_app.config['SECURITY_BLUEPRINT_NAME'] + '.login')
    loginUrl = current_app.config['API_URL'] + loginUrl

    data = {'email': email, 'password': passwd}
    jdata = json.dumps(data)
    loginRes = requests.post(loginUrl, json=data, headers=headers)
    resJson = loginRes.json()

    if resJson['meta']['code'] == 200:
        user = api_user.get(int(resJson['response']['user']['id']))
        del resJson['response']['user']['id']
        resJson['response']['user']['nickname'] = user.nickname or user.email
        resJson['meta']['success'] = True
        gen_csrf = generate_csrf_token(user)

    response = make_response(json.dumps(resJson))

    if resJson['meta']['code'] == 200:
        response.set_cookie('XSRF-TOKEN', gen_csrf)

    return response
コード例 #3
0
ファイル: security.py プロジェクト: kinorsi/Luyasi-Flask
def change_profile(user_id):
    readonly=['nickname', 'truename']#, 'college', 'major', 'clazz', 'in_college_date') #不让在macro进行自动处理
    user = api_user.get(user_id)
    
    #已经有值的才真正的设置为readonly,否则还是可以编辑的
    for pro in readonly:
        val = getattr(user.profile, pro)
        if not val and not val.strip():
            readonly.remove(pro)    

    if request.method=='GET':
        form = ProfileForm(obj=user.profile)
        return render_template('security/create_profile.html', form=form, readonly=readonly,
                                   action_url=url_for('.change_profile', user_id=user_id))
    if request.method=='POST':
        form = ProfileForm()
        
        if form.validate_on_submit():
            for pro in readonly:
                delattr(form, pro) #把不让改的属性移除。
            profile = api_profile.get(form.id.data)
            api_profile.update(profile, **form.data)
            flash(u'更新个人信息成功')
            return redirect(url_for('.detail_profile', user_id=current_user.id))
        else:
            flash(u'更新失败,请检查内容', category='danger')
            return render_template('security/create_profile.html', form=form,
                           action_url=url_for('.change_profile', user_id=user_id))
コード例 #4
0
ファイル: security.py プロジェクト: kinorsi/Luyasi-Flask
def detail_profile(user_id):
    user = api_user.get(user_id)
    if user.profile:
        form = ProfileForm(obj=user.profile)
        return render_template('security/detail_profile.html', form=form,
                               action_url=url_for('.change_profile', user_id=current_user.id))
    else:
        flash(u'你还没有填写个人信息,补充信息有惊喜哦')
        return redirect(url_for('.create_profile'))
コード例 #5
0
ファイル: xiaoyuan.py プロジェクト: kinorsi/Luyasi-Flask
def agree_joinapply(applyid):
    """"""
    apply = api_apply.get(applyid)
    u = api_user.get(apply.user_id)
    c = api_class.get(apply.class_id)
    assoc = ClassUserAssociation(user=u, clazz=c)
    #u.class_assocs.append(assoc)
    api_apply.delete(apply)
    return redirect(url_for('.list_class_apply', page=1))
コード例 #6
0
ファイル: xiaoyuan.py プロジェクト: kinorsi/Luyasi-Flask
def detail_classmemberinfo(userid=None):
    """显示个人的班级相关信息"""
    user = api_user.get(userid)
    backurl = request.args.get('backurl')#这个是用来返回上一个页面用的
    return render_template('profile_class_memberinfo.html', meminfo=user.profile, backurl=backurl)