def get_reset_password_email_verify(self): session = Session() if session.get("logged_in") == " true": session.extend() return redirect("/homepage") if session.get("email_verified") == "true": return redirect("/auth/reset_password") return render_template("reset_password_email_verify.html")
def get_register(self): session = Session() if session.get("logged_in") == "true": session.extend() return redirect("/homepage") if session.get("email_verified") != "true": return redirect("/auth/email_verify") return render_template("auth_register.html")
def post_email_verify(self): session = Session() if session.get("login"): session.extend() return redirect("/homepage") token = request.form.get("token") stored_token = session.get("token") if stored_token is not None and stored_token == token: session["email_verified"] = "true" session.expire(900) return {"status": True, "message": "Email verify succeeds"} else: return {"status": False, "message": "Wrong token"}
def get_email_verify(self): session = Session() if session.get("logged_in") == "true": session.extend() return redirect("/homepage") return render_template("auth_email_verify.html")
def post_reset_password_email_verify(self): session = Session() if session.get("logged_in") == " true": session.extend() return redirect("/homepage") if session.get("reset_password_email_verified") == "true": return redirect("/auth/reset_password") token = request.form.get("token") stored_token = session.get("token") if stored_token is not None and stored_token == token: session["reset_password_email_verified"] = "true" session.expire(900) return redirect("/auth/reset_password") else: return {"status": False, "message": "Wrong token"}
def post_token(self): session = Session() if session.get("logged_in") == "true": session.extend() return redirect("/auth/login") from utils.format_checker import nyu_email_check email = request.form.get("email") print("email_received:", email) if not nyu_email_check(email): logbook.info("[GET EMAIL TOKEN] Wrong email format") return {"status": False, "message": "Email is of wrong format. Please provide NYU email"} query = User.select().where(User.email == email) if request.form.get("reset_password") == "true" and not(query.exists()): return {"status": False, "message": "This email has not been registered yet. Please register first"} if request.form.get("reset_password") != "true" and query.exists(): return {"status": False, "message": "This email has been registered"} token = TokenGenerator.generate() session["token"] = token session["email"] = email session.expire(600) email_helper = EmailHelper(receiver_email=email) email_helper.send_token(token) return {"status": True, "message": "A token has been sent to your mail box"}
def get_reset_password(self): session = Session() if session.get("logged_in") == " true": session.extend() return redirect("/homepage") if session.get("reset_password_email_verified") != "true": return redirect("/auth/reset_password_email_verify") email = session.get("email") password = request.form.get("password") from utils.format_checker import ( password_checker ) password_check = password_checker(password) if not password_check: return {"status": False, "message": "Bad password format"} hashed_pwd = MD5Helper.hash(password) User.update(password=hashed_pwd).where(User.email == email).execute()
def get_page(self): session = Session() if session.get("logged_in") != "true": return {"status": False, "message": "permission denied"} image_id = request.args.get("id") if image_id is None: return {"status": False, "message": "no image_id"} query = Image.select().where(Image.id == image_id) if query.exists(): image_ins = query.get() if image_ins.user.email == session.get("email"): with open(f"{image_id}.{image_ins.image_format}", "wb") as fp: fp.write(image_ins.content) return Response(fp, mimetype=f"image/{image_ins.image_format}") else: return {"status": False, "message": "permission denied"} else: return {"status": False, "message": "image does not exist"}
def wrapper(RequestHandler, *args, **kwargs): # 首选缓存中获取用户信息,没有的按照游客角色id“000000”处理 roleid = '000000' session_data = Session(RequestHandler).data if session_data: roleid = session_data.get('roleid') if session_data.get( 'roleid') else '000000' # 获取角色的接口 roleapi = RequestHandler.redis.hget('roleapi_cache', roleid) #开发阶段屏蔽 # roleapi = None if not roleapi: sql = 'SELECT (SELECT sa_uri FROM sys_api WHERE a.ra_apiid = sa_id) AS ra_uri, ra_get,ra_post,ra_put,ra_delete FROM sys_roleapi AS a WHERE ra_roleid=%s' ret = yield db.fetchall(sql, args=(roleid,)) ret = json.dumps(ret) RequestHandler.redis.hset('roleapi_cache', roleid, ret) roleapi = ret # 接口权限 roleapi = json.loads(roleapi) request_uri = RequestHandler.request.uri.split('?')[0] accordapi = None for api in roleapi: if re.match(r'^%s$' % api.get('ra_uri'), request_uri): accordapi = api break # 接口请求方式权限 if accordapi: request_method = 'ra_%s' % RequestHandler.request.method.lower() rm_power = accordapi.get(request_method, 0) if str(rm_power) == '1': fun(RequestHandler, *args, **kwargs) else: RequestHandler.send_error( 403, msg='服务器拒绝了你,原因:%s无权访问或登录过期' % (RequestHandler.request.method)) raise gen.Return() else: RequestHandler.send_error(403, msg='服务器拒绝了你,原因:无权访问或登录过期') raise gen.Return()
def post_register(self): session = Session() if session.get("logged_in") == " true": session.extend() return redirect("/homepage") if session.get("email_verified") != "true": return redirect("/auth/email_verify") username = request.form.get("username") password = request.form.get("password") email = session.get("email") from utils.format_checker import ( password_checker, username_checker ) username_check = username_checker(username) password_check = password_checker(password) if not username_check["status"]: return {"status": False, "message": username_check["error"]} if not password_check: return {"status": False, "message": "Bad password format"} from utils.MD5_helper import MD5Helper user_id = User.insert( email=email, password=MD5Helper.hash(password) ).execute() Profile.insert( username=username, user=user_id ).execute() print(f"[REGISTER] Register Success. username: {username}, email: {email}") session["logged_in"] = "true" session.extend() return redirect("/auth/login")
def post(self): session = Session() email = session.get("email") username = request.form.get("username"), grade = request.form.get("grade"), contact_info = request.form.get("contact_info"), avatar = request.file.get("avatar") file_format = self.profile_service.avatar_format_check( avatar.file_name) if not file_format: return {"status": False, "message": "wrong image format"} image_content = avatar.read() avatar_id = self.profile_service.add_avatar(email=email, content=image_content, file_format=file_format) data = { "username": username, "grade": grade, "contact_info": contact_info, "avatar_id": avatar_id, } self.profile_service.update_user_profile(email=email, data=data)
def post_login(self): session = Session() if session.get("logged_in") == "true": session.extend() return redirect("/homepage") email = request.form.get("email") input_password = request.form.get("password") query = User.select().where(User.email == email) if query.exists(): stored_password_hash = [ _ for _ in query][0].password if MD5Helper.evaluate(input_password, stored_password_hash): session["logged_in"] = "true" session["email"] = email session.extend() logbook.info(f"[LOGIN] Login Succeed: [user_email: {email}]") print(f"[LOGIN] Login Succeed: [user_email: {email}]") return redirect("/homepage") else: logbook.info("[LOGIN] Login Failed: wrong password.") return {"status": False, "message": "wrong password"} else: logbook.info("[LOGIN] Login Failed: user not found.") return {"status": False, "message": "Email not found"}
def get(self): sesson = Session() if sesson.get("logged-in") == "true": return redirect("/homepage") return render_template("index.html")
def inner(*args, **kwargs): session = Session() if session.get("logged_in") != "true": return redirect("/auth/login") session.extend() return func(*args, **kwargs)