def login2(): """这是从内部请求面页的方式做的,比较麻烦。主要是原来想去掉crsf_token""" username = request.json.get('username', '') passwd = request.json.get('password', '') # print username loginUrl = url_for('security.login') loginUrl = current_app.config['API_URL'] + loginUrl res = requests.get(loginUrl) # print 'cookies:', res.headers['set-cookie'] content = res.text cookies = res.cookies # Must send back the cookies, or the server can't make correct crsf_token pattern = '<input id="csrf_token" name="csrf_token" type="hidden" value="([\w\.#]+)">' match = re.search(pattern, content) csrf_token = match.group(1) # print 'csrf_token:', csrf_token data = {'csrf_token': csrf_token, 'email': username, 'password': passwd} jdata = json.dumps(data) loginRes = requests.post(loginUrl, json=data, cookies=cookies) resJson = loginRes.json() if resJson['meta']['code'] == 200: user = api_user.get(int(resJson['response']['user']['id'])) del resJson['response']['user']['id'] resJson['response']['user']['nickname'] = user.nickname or user.email return json.dumps(resJson)
def login(): """这里自己调用security的login。主要是为了返回csrfToken给前端的ng使用""" email = request.json.get('email', '') passwd = request.json.get('password', '') app_id = request.headers.get('app_id') or request.args.get('app_id') headers = {'app-id': app_id} # print username loginUrl = url_for(current_app.config['SECURITY_BLUEPRINT_NAME'] + '.login') loginUrl = current_app.config['API_URL'] + loginUrl data = {'email': email, 'password': passwd} jdata = json.dumps(data) loginRes = requests.post(loginUrl, json=data, headers=headers) resJson = loginRes.json() if resJson['meta']['code'] == 200: user = api_user.get(int(resJson['response']['user']['id'])) del resJson['response']['user']['id'] resJson['response']['user']['nickname'] = user.nickname or user.email resJson['meta']['success'] = True gen_csrf = generate_csrf_token(user) response = make_response(json.dumps(resJson)) if resJson['meta']['code'] == 200: response.set_cookie('XSRF-TOKEN', gen_csrf) return response
def change_profile(user_id): readonly=['nickname', 'truename']#, 'college', 'major', 'clazz', 'in_college_date') #不让在macro进行自动处理 user = api_user.get(user_id) #已经有值的才真正的设置为readonly,否则还是可以编辑的 for pro in readonly: val = getattr(user.profile, pro) if not val and not val.strip(): readonly.remove(pro) if request.method=='GET': form = ProfileForm(obj=user.profile) return render_template('security/create_profile.html', form=form, readonly=readonly, action_url=url_for('.change_profile', user_id=user_id)) if request.method=='POST': form = ProfileForm() if form.validate_on_submit(): for pro in readonly: delattr(form, pro) #把不让改的属性移除。 profile = api_profile.get(form.id.data) api_profile.update(profile, **form.data) flash(u'更新个人信息成功') return redirect(url_for('.detail_profile', user_id=current_user.id)) else: flash(u'更新失败,请检查内容', category='danger') return render_template('security/create_profile.html', form=form, action_url=url_for('.change_profile', user_id=user_id))
def detail_profile(user_id): user = api_user.get(user_id) if user.profile: form = ProfileForm(obj=user.profile) return render_template('security/detail_profile.html', form=form, action_url=url_for('.change_profile', user_id=current_user.id)) else: flash(u'你还没有填写个人信息,补充信息有惊喜哦') return redirect(url_for('.create_profile'))
def agree_joinapply(applyid): """""" apply = api_apply.get(applyid) u = api_user.get(apply.user_id) c = api_class.get(apply.class_id) assoc = ClassUserAssociation(user=u, clazz=c) #u.class_assocs.append(assoc) api_apply.delete(apply) return redirect(url_for('.list_class_apply', page=1))
def detail_classmemberinfo(userid=None): """显示个人的班级相关信息""" user = api_user.get(userid) backurl = request.args.get('backurl')#这个是用来返回上一个页面用的 return render_template('profile_class_memberinfo.html', meminfo=user.profile, backurl=backurl)