def invite_content(self, email, tenant_name, identity, eid): if settings.MODULES.get('SSO_LOGIN'): domain = SSO_BASE_URL mail_body = AuthCode.encode( ','.join(['invite_tenant', email, tenant_name, identity, eid]), 'goodrain') link_url = '{0}/api/invite?key={1}'.format(domain, mail_body) else: domain = self.request.META.get('HTTP_HOST') mail_body = AuthCode.encode( ','.join([email, tenant_name, identity, eid]), 'goodrain') link_url = 'http://{0}/invite?key={1}'.format(domain, mail_body) content = render_to_string('mail_invite.html', { 'link_url': link_url, 'inviter': tenant_name }) return content
def post(self, request, *args, **kwargs): """微信通知处理入口, 云帮不做处理只是转发请求给云市处理""" body_raw = request.body logger.debug("account.wechat", "recv wechat notify: {}".format(body_raw)) # 将xml转成dict data = dict( (child.tag, child.text) for child in ET.fromstring(body_raw)) logger.debug("account.wechat", "format to map: {}".format(data)) msg_type = data["MsgType"] # 非事件类消息不处理 if msg_type != "event": return HttpResponse("") # 当前只处理公众号订阅跟扫码消息 event_type = data["Event"] if event_type not in self.ALLOW_EVENT: return HttpResponse("") post_data = {} if event_type == "subscribe": # 只处理qrscene_xxxx类型的场景关注通知 if "EventKey" not in data: return HttpResponse("") user_id = data["EventKey"].split("_")[1] open_id = data["FromUserName"] user_id, open_id = self.bind_wechat_user_to_goodrain( user_id, open_id) post_data = { "user_id": user_id, "open_id": open_id, "event_type": "subscribe" } elif event_type == "SCAN": user_id = data["EventKey"] open_id = data["FromUserName"] user_id, open_id = self.bind_wechat_user_to_goodrain( user_id, open_id) post_data = { "user_id": user_id, "open_id": open_id, "event_type": "scan" } # 不管上面绑定关系如何, 用户确实完成对公众号的关注,所以将事件推送到关注的监听者 for url in self.REGISTER_LISTENER: try: body_encode = AuthCode.encode(json.dumps(post_data), "goodrain") logger.debug("account.wechat", "post {} with data {}".format(url, post_data)) # 微信端5秒内需要返回 requests.post(url, data={"body": body_encode}, timeout=4) except Exception as e: logger.exception("push event to market failed!", e) return HttpResponse("")
def export_group_backup(self, tenant, backup_id): backup_record = backup_record_repo.get_record_by_backup_id(tenant.tenant_id, backup_id) if not backup_record: return 404, "不存在该备份记录", None if backup_record.mode == "full-offline": return 409, "本地备份数据暂不支持导出", None if backup_record.status == "starting": return 409, "正在备份中,请稍后重试", None data_str = AuthCode.encode(json.dumps(backup_record.to_dict()), KEY) return 200, "success", data_str
def get(self, request, *args, **kwargs): if not settings.MODULES["WeChat_Module"]: index_url = settings.WECHAT_CALLBACK.get("index") return self.redirect_to(index_url) # 获取cookie中的corf csrftoken = request.COOKIES.get('csrftoken') if csrftoken is None: csrftoken = "csrf" # 判断登录来源,默认从微信上登录 origin = request.GET.get("origin", "console") origin_url = request.GET.get("redirect_url", "redirect_url") logger.debug("account.wechat", "origin_url=" + origin_url) next_url = request.GET.get("next", "") if origin == "discourse": sig = request.GET.get("sig") next_url = "{0}&sig={1}".format(next_url, sig) config = WECHAT_GOODRAIN oauth2 = 'https://open.weixin.qq.com/connect/oauth2/authorize' scope = 'snsapi_userinfo' # 判断是否微信浏览器 if not is_weixin(request): config = WECHAT_USER oauth2 = 'https://open.weixin.qq.com/connect/qrconnect' scope = 'snsapi_login' state = AuthCode.encode( ','.join([csrftoken, origin, next_url, config, origin_url]), 'we_chat_login') logger.debug("account.wechat", state) # 存储state wechat_state = WeChatState(state=state) wechat_state.save() # 获取user对应的微信配置 config = WeChatConfig.objects.get(config=config) app_id = config.app_id # 扫码后微信的回跳页面 redirect_url = settings.WECHAT_CALLBACK.get("console_goodrain") if not is_weixin(request): redirect_url = settings.WECHAT_CALLBACK.get("console") redirect_url = urllib.urlencode({"1": redirect_url})[2:] # 微信登录扫码路径 url = "{0}?appid={1}" \ "&redirect_uri={2}" \ "&response_type=code" \ "&scope={3}" \ "&state={4}#wechat_redirect".format(oauth2, app_id, redirect_url, scope, wechat_state.ID) logger.debug(url) return self.redirect_to(url)
def invite_content(self, email, tenant_name, service_alias, identity): if settings.MODULES.get('SSO_LOGIN'): domain = SSO_BASE_URL mail_body = AuthCode.encode( ','.join([ 'invite_service', email, tenant_name, service_alias, identity ]), 'goodrain') link_url = '{0}/api/invite?key={1}'.format(domain, mail_body) else: domain = self.request.META.get('HTTP_HOST') mail_body = AuthCode.encode( ','.join([email, tenant_name, service_alias, identity]), 'goodrain') link_url = 'http://{0}/invite?key={1}'.format(domain, mail_body) content = u"尊敬的用户您好," content = content + "<br/>" content = content + u"非常感谢您申请试用 好雨云平台! 请点击下面的链接完成注册:" content = content + "<br/>" content = content + u"注册链接: <a target='_blank' color='red' href=" + link_url + ">注册好雨云平台</a>" content = content + "<br/>" content = content + u"我们的服务在一定的资源范围内永久免费!内测阶段也可以申请增加免费资源,增加的资源在产品正式版上线后也不会另收费用哦!另外参与内测并提交问题报告的用户,正式上线后还会有更多的福利。" content = content + "<br/>" content = content + u"我们的文档及博客正在建设中,以后会陆续发布一系列好雨云平台的使用教程和技巧,欢迎关注!" content = content + "<br/>" content = content + u"您在使用过程中遇到的任何问题,或者对平台有任何建议,都可以通过以下途径提交反馈。对于提出高质量的反馈的用户,还有精美礼品等待您!" content = content + "<br/>" content = content + "Email: [email protected]" content = content + "<br/>" content = content + u"微信公众号:goodrain-cloud " content = content + "<br/>" content = content + u"联系电话:13621236261" content = content + "<br/>" content = content + u"QQ:78542636" content = content + "<br/>" content = content + u"再次感谢您关注我们的产品!" content = content + "<br/>" content = content + u"好雨科技 (Goodrain Inc.) CEO 刘凡" return content
def post(self, request, *args, **kwargs): """ 发送忘记密码邮件 --- parameters: - name: email description: 邮箱 required: true type: string paramType: form """ email = request.POST.get("email", None) code = 200 try: if email: if len(email) > 5: rerule = "^.+\\@(\\[?)[a-zA-Z0-9\\-\\.]+\\.([a-zA-Z]{2,3}|[0-9]{1,3})(\\]?)$" if re.match(rerule, email): if Users.objects.filter(email=email).exists(): # TODO 生成 url 并发送一封邮件 domain = self.request.META.get('HTTP_HOST') timestamp = str(int(time.time())) tag = AuthCode.encode(','.join([email, timestamp]), 'password') link_url = 'http://%s/console/users/begin_password_reset?tag=%s' % ( domain, tag) content = "请点击下面的链接重置您的密码,%s" % link_url try: send_reset_pass_mail(email, content) except Exception as e: logger.error( "account.passwdreset", "send email to {0} failed".format(email)) logger.exception("account.passwdreset", e) result = general_message(code, "success", "邮件发送成功") else: code = 400 result = general_message(code, "failed!", "当前用户没有注册!") return Response(result, status=code) else: code = 400 result = general_message(code, "failed", "邮箱不合法!") return Response(result, status=code) else: code = 400 result = general_message(code, "failed", "邮件发送失败") return Response(result, status=code) except Exception as e: logger.exception(e) result = error_message(e.message) return Response(result, status=500)
def import_group_backup(self, tenant, region, group_id, upload_file): group = group_repo.get_group_by_id(group_id) if not group: return 404, "需要导入的组不存在", None services = group_service.get_group_services(group_id) if services: return 409, "请确保需要导入的组中不存在组件", None content = upload_file.read().strip() data = json.loads(AuthCode.decode(content, KEY)) current_backup = backup_record_repo.get_record_by_group_id_and_backup_id( group_id, data["backup_id"]) if current_backup: return 412, "当前团队已导入过该备份", None event_id = make_uuid() group_uuid = make_uuid() params = { "event_id": event_id, "group_id": group_uuid, "status": data["status"], "version": data["version"], "source_dir": data["source_dir"], "source_type": data["source_type"], "backup_mode": data["mode"], "backup_size": data["backup_size"] } body = region_api.copy_backup_data(region, tenant.tenant_name, params) bean = body["bean"] record_data = { "group_id": group.ID, "event_id": event_id, "group_uuid": group_uuid, "version": data["version"], "team_id": tenant.tenant_id, "region": region, "status": bean["status"], "note": data["note"], "mode": data["mode"], "backup_id": bean["backup_id"], "source_dir": data["source_dir"], "source_type": data["source_type"], "backup_size": data["backup_size"], "user": data["user"], "total_memory": data["total_memory"], "backup_server_info": data["backup_server_info"] } new_backup_record = backup_record_repo.create_backup_records( **record_data) return 200, "success", new_backup_record
def post(self, request, *args, **kwargs): """ 忘记密码 --- parameters: - name: password description: 新密码 required: true type: string paramType: form - name: password_repeat description: 确认密码 required: true type: string paramType: form """ try: tag = str(request.GET.get('tag')) email, old_timestamp = AuthCode.decode(tag, 'password').split(',') timestamp = int(time.time()) if (timestamp - int(old_timestamp)) > 3600: logger.info( "account.passwdreset", "link expired, email: {0}, link_timestamp: {1}".format( email, old_timestamp)) result = general_message(400, "failed", "链接已失效") return Response(result, status=400) user = Users.objects.get(email=email) form = PasswordResetForm(request.POST) if form.is_valid(): raw_password = request.POST.get('password') user.set_password(raw_password) user.save() result = general_message(200, "success", "修改密码成功") return Response(result, status=200) else: error = { "error": list(json.loads(form.errors.as_json()).values())[0][0].get( "message", "参数错误") } result = general_message(400, "failed", "参数错误,{}".format(error["error"])) return Response(result, status=400) except Exception as e: logger.exception(e) result = error_message(e.message) return Response(result, status=500)
def get(self, request, *args, **kwargs): """正常注册用户绑定微信""" # 获取cookie中的corf csrftoken = request.COOKIES.get('csrftoken') if csrftoken is None: csrftoken = "csrf" user_id = str(self.user.pk) next_url = request.GET.get('next', "/") # 获取user对应的微信配置 config = WECHAT_GOODRAIN oauth2 = 'https://open.weixin.qq.com/connect/oauth2/authorize' scope = 'snsapi_userinfo' redirect_url = settings.WECHAT_CALLBACK.get("console_bind_goodrain") if not is_weixin(request): config = WECHAT_USER oauth2 = 'https://open.weixin.qq.com/connect/qrconnect' scope = 'snsapi_login' redirect_url = settings.WECHAT_CALLBACK.get("console_bind") state = AuthCode.encode( ','.join([csrftoken, user_id, next_url, config]), 'wechat') logger.debug("bind wechat, state:{0}".format(state)) wechat_config = WeChatConfig.objects.get(config=config) app_id = wechat_config.app_id # 微信的回跳页面 redirect_url = urllib.urlencode({"1": redirect_url})[2:] # 微信登录扫码路径 url = "{0}?appid={1}" \ "&redirect_uri={2}" \ "&response_type=code" \ "&scope={3}" \ "&state={4}#wechat_redirect".format(oauth2, app_id, redirect_url, scope, state) return self.redirect_to(url)
def post(self, request, *args, **kwargs): try: # 获取sso的user_id sso_user_id = request.data.get('uid') sso_user_token = request.data.get('token') sso_enterprise_id = request.data.get('eid') rf = request.data.get('rf') or 'sso' market_client_id = request.data.get('eid') market_client_token = request.data.get('etoken') if not market_client_id or not market_client_token: msg = "no market_client_id or market_client_token" logger.debug('account.login', msg) return Response({'success': False, 'msg': msg}) rf_username = request.data.get('rf_username') or '' logger.debug( 'account.login', 'request.sso_user_id:{0} request.sso_user_token:{1} request.sso_enterprise_id:{2}' .format(sso_user_id, sso_user_token, sso_enterprise_id)) is_pass, msg = self.__check_params(sso_user_id, sso_user_token, sso_enterprise_id) if not is_pass: return Response({'success': False, 'msg': msg}) is_pass, msg, sso_user = self.__get_auth_user_token( sso_user_id, sso_user_token) if not is_pass: return Response({'success': False, 'msg': msg}) enterprise = enterprise_services.get_enterprise_by_enterprise_id( sso_user.get('eid')) if not enterprise: sso_company = sso_user.get('company') enterprise = enterprise_services.create_tenant_enterprise( sso_user.get('eid'), sso_company, sso_company, True) user = self.__update_user_info(sso_user, sso_user_id, sso_user_token, rf) # 保存访问云市的token domain = os.getenv('GOODRAIN_APP_API', settings.APP_SERVICE_API["url"]) client_auth_service.save_market_access_token( enterprise.enterprise_id, domain, market_client_id, market_client_token) key = request.data.get('key') logger.debug('invite key: {0}'.format(key)) if key: logger.debug('account.login', 'invite register: {}'.format(key)) data = AuthCode.decode(str(key), 'goodrain').split(',') logger.debug(data) action = data[0] if action == 'invite_tenant': self.__process_invite_tenant(user, data) elif action == 'invite_service': self.__process_invite_service(user, data) user.is_active = True user.save() logger.debug('account.login', 'user invite register successful') else: logger.debug( 'account.login', 'register/login user.is_active:{}'.format(user.is_active)) if not user.is_active: # 如果注册用户是通过云市私有交付创建的企业客户, 则将厂商账户加入到其客户企业的管理员列表 agent_sso_user_id = request.data.get('agent_sid') logger.debug('account.login', 'agent_sid: {}'.format(agent_sso_user_id)) if agent_sso_user_id: code, msg, team = self.__init_and_create_user_tenant( user, enterprise) if code != 200: return Response({ 'success': False, 'msg': msg }, status=500) agent_user = user_services.get_user_by_sso_user_id( agent_sso_user_id) if agent_user: # 创建用户在团队的权限 perm_info = { "user_id": agent_user.user_id, "tenant_id": team.ID, "identity": "admin", "enterprise_id": enterprise.pk } perm_services.add_user_tenant_perm(perm_info) logger.debug( 'account.login', 'agent manage team success: {}'.format( perm_info)) else: user_services.make_user_as_admin_for_enterprise( user.user_id, enterprise.enterprise_id) user.is_active = True user.save() logger.debug('account.login', "enterprise id {0}".format(enterprise.enterprise_id)) teams = team_services.get_enterprise_teams( enterprise.enterprise_id) data_list = [{ 'uid': user.sso_user_id, 'tenant_id': t.tenant_id, 'tenant_name': t.tenant_name, 'tenant_alias': t.tenant_alias, 'eid': t.enterprise_id } for t in teams] return Response({'success': True, 'list': data_list}, status=200) except Exception as e: logger.exception(e) return Response({'success': False, 'msg': e.message}, status=500)
def post(self, request, *args, **kwargs): """ SSO通知,用户信息同步回来 """ # 获取sso的user_id sso_user_id = request.POST.get('uid') sso_user_token = request.POST.get('token') sso_enterprise_id = request.POST.get('eid') logger.debug('request.sso_user_id:{}'.format(sso_user_id)) logger.debug('request.sso_user_token:{}'.format(sso_user_token)) logger.debug('request.sso_enterprise_id:{}'.format(sso_enterprise_id)) if not sso_user_id or not sso_user_token or not sso_enterprise_id: logger.error('post params [uid] or [token] or [eid] not specified!') return JsonResponse({'success': False, 'msg': 'post params [uid] or [token] or [eid] not specified!'}) if sso_user_id == 'null' or sso_user_token == 'null': logger.error('bad uid or token, value is null!') return JsonResponse({"success": False, 'msg': 'bad uid or token, value is null!'}) api = GoodRainSSOApi(sso_user_id, sso_user_token) if not api.auth_sso_user_token(): logger.error('Illegal user token!') return JsonResponse({"success": False, 'msg': 'auth from sso failed!'}) sso_user = api.get_sso_user_info() logger.debug(sso_user) # 同步sso_id所代表的用户与企业信息,没有则创建 sso_eid = sso_user.get('eid') sso_company = sso_user.get('company') sso_username = sso_user.get('name') sso_phone = sso_user.get('mobile') sso_pwd = sso_user.get('pwd') try: enterprise = TenantEnterprise.objects.get(enterprise_id=sso_eid) logger.debug('query enterprise does existed, updated!') except TenantEnterprise.DoesNotExist: logger.debug('query enterprise does not existed, created!') enterprise = TenantEnterprise() enterprise.enterprise_id = sso_eid enterprise.enterprise_name = sso_company enterprise.enterprise_alias = sso_company enterprise.is_active = 1 enterprise.save() logger.info( 'create enterprise[{0}] with name {1}'.format(enterprise.enterprise_id, enterprise.enterprise_name)) try: user = Users.objects.get(sso_user_id=sso_user_id) user.sso_user_token = sso_user_token user.password = sso_pwd or '' user.phone = sso_phone or '' user.nick_name = sso_username user.enterprise_id = sso_eid user.save() logger.debug('query user with sso_user_id existed, updated!') except Users.DoesNotExist: logger.debug('query user with sso_user_id does not existed, created!') user = Users.objects.create(nick_name=sso_username, email=sso_user.get('email') or '', phone=sso_phone or '', password=sso_pwd or '', sso_user_id=sso_user.get('uid'), enterprise_id=sso_eid, sso_user_token=sso_user_token, is_active=False, rf='sso') logger.info( 'create user[{0}] with name [{1}] from [{2}] use sso_id [{3}]'.format(user.user_id, user.nick_name, user.rf, user.sso_user_id)) monitor_hook.registerMonitor(user, 'register') logger.debug('user.is_active:{}'.format(user.is_active)) if not user.is_active: tenant = enterprise_svc.create_and_init_team(user.user_id, enterprise_id=user.enterprise_id) else: tenant = user_svc.get_default_tenant_by_user(user.user_id) logger.info(tenant.to_dict()) key = request.POST.get('key') logger.debug('invite key: {}'.format(key)) if key: data = AuthCode.decode(str(key), 'goodrain').split(',') logger.debug(data) action = data[0] if action == 'invite_tenant': email, tenant_name, identity = data[1], data[2], data[3] tenant = Tenants.objects.get(tenant_name=tenant_name) if PermRelTenant.objects.filter(user_id=user.user_id, tenant_id=tenant.pk).count() == 0: invite_enter = TenantEnterprise.objects.get(enterprise_id=tenant.enterprise_id) PermRelTenant.objects.create(user_id=user.user_id, tenant_id=tenant.pk, identity=identity, enterprise_id=invite_enter.pk) elif action == 'invite_service': email, tenant_name, service_alias, identity = data[1], data[2], data[3], data[4] tenant_service = TenantServiceInfo.objects.get(service_alias=service_alias) if PermRelService.objects.filter(user_id=user.user_id, service_id=tenant_service.pk).count() == 0: PermRelService.objects.create(user_id=user.user_id, service_id=tenant_service.pk, identity=identity) logger.debug('user invite sucess') return JsonResponse({"success": True})
def get(self, request, *args, **kwargs): """正常注册用户绑定微信返回路径""" # 获取cookie中的csrf csrftoken = request.COOKIES.get('csrftoken') if csrftoken is None: csrftoken = "csrf" # 获取statue state = request.GET.get("state") # 解码 oldcsrftoken, user_id, next_url, config = AuthCode.decode( str(state), 'wechat').split(',') # 判断是否微信浏览器 if csrftoken != oldcsrftoken: logger.error("csrftoken check error!") return self.redirect_to(next_url) # 获取的code code = request.GET.get("code") if code is None: logger.error("wechat donot return code! you do not permissioned!") return self.redirect_to(next_url) # 根据code获取access_token wechat_config = WeChatConfig.objects.get(config=config) access_token, open_id = OpenWeChatAPI.access_token_oauth2_static( wechat_config.app_id, wechat_config.app_secret, code) if access_token is None: # 登录失败,重新跳转到授权页面 logger.error("wechat oauth access token error!") return self.redirect_to(next_url) # 检查用户的open_id是否已经存在 need_new = False wechat_user = None try: wechat_user = WeChatUser.objects.get(open_id=open_id) except WeChatUser.DoesNotExist: logger.warning("open_id is first to access console. now regist...") need_new = True # 添加wechatuser if need_new: jsondata = OpenWeChatAPI.query_userinfo_static( open_id, access_token) nick_name = jsondata.get("nickname") if nick_name: nick_name = nick_name.encode("utf-8") WeChatUser(open_id=jsondata.get("openid"), nick_name=nick_name, union_id=jsondata.get("unionid"), sex=jsondata.get("sex"), city=jsondata.get("city"), province=jsondata.get("province"), country=jsondata.get("country"), headimgurl=jsondata.get("headimgurl"), config=config).save() # 判断union_id是否已经绑定user # 根据微信的union_id判断用户是否已经注册 try: old_user = Users.objects.get(union_id=wechat_user.union_id) num = WeChatUnBind.objects.filter(union_id=wechat_user.union_id, user_id=old_user.pk).count() if num == 0: count = WeChatUnBind.objects.filter( union_id=wechat_user.union_id).count() WeChatUnBind.objects.create(user_id=old_user.pk, union_id=wechat_user.union_id, status=count) old_user.union_id = "" old_user.save() except Exception as e: logger.exception(e) user = Users.objects.get(pk=user_id) if user.status == 0: user.status = 1 elif user.status == 4: user.status = 3 user.union_id = wechat_user.union_id user.save() return self.redirect_to(next_url)
def get(self, request, *args, **kwargs): import datetime # 获取cookie中的csrf csrftoken = request.COOKIES.get('csrftoken') if csrftoken is None: csrftoken = "csrf" # 获取statue state = request.GET.get("state") # 解码toke, type logger.debug("account.wechat", state) logger.debug("account.wechat", "is_weixin:{0}".format(str(is_weixin(request)))) # 查询数据库 err_url = settings.WECHAT_CALLBACK.get("index") try: wechat_state = WeChatState.objects.get(pk=state) except Exception as e: logger.exception("account.wechat", e) logger.error("account.wechat", "wechatstate is missing,id={0}".format(state)) return self.redirect_to(err_url) cry_state = wechat_state.state state_array = AuthCode.decode(str(cry_state), 'we_chat_login').split(',') oldcsrftoken = state_array[0] origin = state_array[1] next_url = state_array[2] config = state_array[3] origin_url = None if len(state_array) == 5: origin_url = state_array[4] logger.debug("account.wechat", oldcsrftoken) logger.debug("account.wechat", origin) logger.debug("account.wechat", next_url) logger.debug("account.wechat", config) logger.debug("account.wechat", origin_url) if csrftoken != oldcsrftoken: return self.redirect_to(err_url) # 获取的code code = request.GET.get("code") logger.info(code) if code is None: return self.redirect_to(err_url) # 根据code获取access_token wechat_config = WeChatConfig.objects.get(config=config) access_token, open_id = OpenWeChatAPI.access_token_oauth2_static( wechat_config.app_id, wechat_config.app_secret, code) logger.info(access_token) if access_token is None: # 登录失败,跳转到失败页面 return self.redirect_to(err_url) # 检查用户的open_id是否已经存在 need_new = False wechat_user = None try: wechat_user = WeChatUser.objects.get(open_id=open_id) except WeChatUser.DoesNotExist: logger.warning( "account.wechat", "open_id is first to access console. now regist...") need_new = True # 添加wechatuser if need_new: jsondata = OpenWeChatAPI.query_userinfo_static( open_id, access_token) nick_name = jsondata.get("nickname") if nick_name: nick_name = nick_name.encode("utf-8") wechat_user = WeChatUser(open_id=jsondata.get("openid"), nick_name=nick_name, union_id=jsondata.get("unionid"), sex=jsondata.get("sex"), city=jsondata.get("city"), province=jsondata.get("province"), country=jsondata.get("country"), headimgurl=jsondata.get("headimgurl"), config=config) wechat_user.save() # 根据微信的union_id判断用户是否已经注册 need_new = False user = None try: user = Users.objects.get(union_id=wechat_user.union_id) except Users.DoesNotExist: logger.warning( "account.wechat", "union id is first to access console. now create user...") need_new = True # 用户表中不存在对应用户,判断是否已经解绑 if need_new: try: binding = WeChatUnBind.objects.get( union_id=wechat_user.union_id, status=0) user = Users.objects.get(pk=binding.user_id) user.union_id = wechat_user.union_id user.save() need_new = False except WeChatUnBind.DoesNotExist: pass # 创建租户 if need_new: union_id = wechat_user.union_id tmp_union_id = md5fun(union_id) begin_index = len(tmp_union_id) - 8 tenant_name = tmp_union_id[begin_index:] tenant_name = tenant_name.replace("_", "-").lower() email = tenant_name + "@wechat.com" logger.debug( "account.wechat", "new wx regist user.email:{0} tenant_name:{1}".format( email, tenant_name)) # 创建用户,邮箱为openid后8位@wechat.comemail=email, # 统计当前wx数量 count = Users.objects.filter(rf="open_wx").count() count += 1989 nick_name = "wxgd0" + str(count) user = Users(nick_name=nick_name, phone="", client_ip=get_client_ip(request), rf="open_wx", status=2, union_id=union_id) user.set_password("wechatpwd") user.save() monitorhook.registerMonitor(user, 'register') # 创建租户,默认为alish region = RegionInfo.register_choices()[0][0] # add by tanm regions = [region] enterprise_svc.create_and_init_tenant(user.user_id, tenant_name, regions, user.enterprise_id) # create gitlab user if user.email is not None and user.email != "": codeRepositoriesService.createUser(user, email, password, nick_name, nick_name) logger.info(user) if user is None: logger.error("account.wechat", "微信用户登录失败!") return self.redirect_to(err_url) # 微信用户登录 user = authenticate(union_id=user.union_id) login(request, user) self.user = request.user # 回跳到云市 if next_url is not None \ and next_url != "" \ and next_url != "none" \ and next_url != "None": if origin == "app": logger.debug("account.wechat", "now return to cloud market login..") if origin_url is None or origin_url == "redirect_url" or origin_url == "": origin_url = settings.APP_SERVICE_API.get("url") if not origin_url.startswith("http://"): origin_url = "http://" + origin_url # 返回参数 payload = { "nick_name": user.nick_name, "user_id": str(user.user_id), "next_url": next_url, "action": "register" if need_new else "login" } if wechat_user is not None: payload["wechat_name"] = wechat_user.nick_name ticket = AuthCode.encode(json.dumps(payload), "goodrain") next_url = "{0}/login/{1}/success?ticket={2}".format( origin_url, sn.instance.cloud_assistant, ticket) # next_url = settings.APP_SERVICE_API.get("url") + '/login/goodrain/success?ticket=' + ticket logger.debug("account.wechat", next_url) return redirect(next_url) return self.redirect_view()