def create_users(handler, user_list, success, failed):
"""
批量创建用户
"""
db = get_db()
_time_now = tp_timestamp_utc_now()
operator = handler.get_current_user()
name_list = list()
s = SQL(db)
for i in range(len(user_list)):
user = user_list[i]
if 'type' not in user:
user['type'] = TP_USER_TYPE_LOCAL
if 'ldap_dn' not in user:
user['ldap_dn'] = ''
err = s.reset().select_from('user', ['id']).where('user.username="******"'.format(user['username'])).query()
if err != TPE_OK:
failed.append({'line': user['_line'], 'error': '数据库查询失败'})
if len(s.recorder) > 0:
failed.append({'line': user['_line'], 'error': '账号 `{}` 已经存在'.format(user['username'])})
continue
if user['type'] == TP_USER_TYPE_LOCAL:
_password = tp_password_generate_secret(user['password'])
else:
_password = ''
sql = 'INSERT INTO `{}user` (' \
'`role_id`, `username`, `surname`, `type`, `ldap_dn`, `auth_type`, `password`, ' \
'`state`, `email`, `creator_id`, `create_time`, `last_login`, `last_chpass`, `desc`' \
') VALUES (' \
'0, "{username}", "{surname}", {user_type}, "{ldap_dn}", 0, "{password}", ' \
'{state}, "{email}", {creator_id}, {create_time}, {last_login}, {last_chpass}, "{desc}");' \
''.format(db.table_prefix, username=user['username'], surname=user['surname'], user_type=user['type'],
ldap_dn=user['ldap_dn'], password=_password, state=TP_STATE_NORMAL, email=user['email'],
creator_id=operator['id'], create_time=_time_now, last_login=0, last_chpass=_time_now,
desc=user['desc'])
db_ret = db.exec(sql)
if not db_ret:
failed.append({'line': user['_line'], 'error': '写入数据库时发生错误'})
continue
success.append(user['username'])
name_list.append(user['username'])
user['_id'] = db.last_insert_id()
if len(name_list) > 0:
syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "批量导入方式创建用户:{}".format(','.join(name_list)))
# tp_stats().user_counter_change(len(name_list))
# calc count of users.
err, cnt = s.reset().count('user')
if err == TPE_OK:
tp_stats().user_counter_change(cnt)
def create_user(handler, user):
"""
创建一个用户账号
"""
db = get_db()
_time_now = tp_timestamp_sec()
operator = handler.get_current_user()
if 'type' not in user:
user['type'] = TP_USER_TYPE_LOCAL
if 'ldap_dn' not in user:
user['ldap_dn'] = ''
# 1. 判断此账号是否已经存在了
s = SQL(db)
err = s.reset().select_from('user', ['id']).where(
'user.username="******"'.format(user['username'])).query()
if err != TPE_OK:
return err, 0
if len(s.recorder) > 0:
return TPE_EXISTS, 0
# _password = tp_password_generate_secret(user['password'])
if user['type'] == TP_USER_TYPE_LOCAL:
_password = tp_password_generate_secret(user['password'])
else:
_password = ''
sql = 'INSERT INTO `{}user` (' \
'`role_id`, `username`, `surname`, `type`, `ldap_dn`, `auth_type`, `password`, `state`, ' \
'`email`, `creator_id`, `create_time`, `last_login`, `last_chpass`, `valid_from`, `valid_to`, `desc`' \
') VALUES (' \
'{role}, "{username}", "{surname}", {user_type}, "{ldap_dn}", {auth_type}, "{password}", {state}, ' \
'"{email}", {creator_id}, {create_time}, {last_login}, {last_chpass}, {valid_from}, '\
'{valid_to}, "{desc}");' \
''.format(db.table_prefix, role=user['role'], username=user['username'], surname=user['surname'],
user_type=user['type'], ldap_dn=user['ldap_dn'], auth_type=user['auth_type'], password=_password,
state=TP_STATE_NORMAL, email=user['email'], creator_id=operator['id'], create_time=_time_now,
last_login=0, last_chpass=_time_now, valid_from=user['valid_from'], valid_to=user['valid_to'], desc=user['desc'])
db_ret = db.exec(sql)
if not db_ret:
return TPE_DATABASE, 0
_id = db.last_insert_id()
syslog.sys_log(operator, handler.request.remote_ip, TPE_OK,
"创建用户:{}".format(user['username']))
# calc count of users.
err, cnt = s.reset().count('user')
if err == TPE_OK:
tp_stats().user_counter_change(cnt)
return TPE_OK, _id
def _make_builtin_data(self, sysadmin, email, password):
_time_now = tp_timestamp_utc_now()
self._db_exec(
'设定数据库版本',
'INSERT INTO `{}config` (`name`, `value`) VALUES ("db_ver", "{}");'
.format(self.db.table_prefix, self.db.DB_VERSION))
self._db_exec(
'设置本地核心服务',
'INSERT INTO `{}core_server` (`sn`, `secret`, `ip`, `port`, `state`) VALUES '
'("0000", "", "127.0.0.1", 52080, 1);'
''.format(self.db.table_prefix))
privilege_admin = TP_PRIVILEGE_ALL
privilege_ops = TP_PRIVILEGE_LOGIN_WEB | TP_PRIVILEGE_OPS
privilege_audit = TP_PRIVILEGE_LOGIN_WEB | TP_PRIVILEGE_AUDIT
self._db_exec('创建默认角色', [
'INSERT INTO `{}role` (`id`, `name`, `privilege`, `creator_id`, `create_time`) VALUES '
'(1, "{name}", {privilege}, 0, {create_time});'
''.format(self.db.table_prefix,
name='系统管理员',
privilege=privilege_admin,
create_time=_time_now),
'INSERT INTO `{}role` (`id`, `name`, `privilege`, `creator_id`, `create_time`) VALUES '
'(2, "{name}", {privilege}, 0, {create_time});'
''.format(self.db.table_prefix,
name='运维人员',
privilege=privilege_ops,
create_time=_time_now),
'INSERT INTO `{}role` (`id`, `name`, `privilege`, `creator_id`, `create_time`) VALUES '
'(3, "{name}", {privilege}, 0, {create_time});'
''.format(self.db.table_prefix,
name='审计员',
privilege=privilege_audit,
create_time=_time_now)
])
self._db_exec(
'创建系统管理员账号',
'INSERT INTO `{}user` (`type`, `auth_type`, `username`, `surname`, `password`, `role_id`, `state`, `email`, `creator_id`, `create_time`, `last_login`, `last_chpass`) VALUES '
'(1, {auth_type}, "{username}", "{surname}", "{password}", 1, {state}, "{email}", 0, {create_time}, {last_login}, {last_chpass});'
''.format(self.db.table_prefix,
auth_type=TP_LOGIN_AUTH_USERNAME_PASSWORD_CAPTCHA,
username=sysadmin,
surname=sysadmin,
password=tp_password_generate_secret(password),
state=TP_STATE_NORMAL,
email=email,
create_time=_time_now,
last_login=_time_now,
last_chpass=_time_now))
def create_user(handler, user):
"""
创建一个用户账号
"""
db = get_db()
_time_now = tp_timestamp_utc_now()
operator = handler.get_current_user()
if 'type' not in user:
user['type'] = TP_USER_TYPE_LOCAL
if 'ldap_dn' not in user:
user['ldap_dn'] = ''
# 1. 判断此账号是否已经存在了
s = SQL(db)
err = s.reset().select_from('user', ['id']).where('user.username="******"'.format(user['username'])).query()
if err != TPE_OK:
return err, 0
if len(s.recorder) > 0:
return TPE_EXISTS, 0
# _password = tp_password_generate_secret(user['password'])
if user['type'] == TP_USER_TYPE_LOCAL:
_password = tp_password_generate_secret(user['password'])
else:
_password = ''
sql = 'INSERT INTO `{}user` (' \
'`role_id`, `username`, `surname`, `type`, `ldap_dn`, `auth_type`, `password`, `state`, ' \
'`email`, `creator_id`, `create_time`, `last_login`, `last_chpass`, `desc`' \
') VALUES (' \
'{role}, "{username}", "{surname}", {user_type}, "{ldap_dn}", {auth_type}, "{password}", {state}, ' \
'"{email}", {creator_id}, {create_time}, {last_login}, {last_chpass}, "{desc}");' \
''.format(db.table_prefix, role=user['role'], username=user['username'], surname=user['surname'],
user_type=user['type'], ldap_dn=user['ldap_dn'], auth_type=user['auth_type'], password=_password,
state=TP_STATE_NORMAL, email=user['email'], creator_id=operator['id'], create_time=_time_now,
last_login=0, last_chpass=_time_now, desc=user['desc'])
db_ret = db.exec(sql)
if not db_ret:
return TPE_DATABASE, 0
_id = db.last_insert_id()
syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "创建用户:{}".format(user['username']))
# calc count of users.
err, cnt = s.reset().count('user')
if err == TPE_OK:
tp_stats().user_counter_change(cnt)
return TPE_OK, _id
def create_users(handler, user_list, success, failed):
"""
批量创建用户
"""
db = get_db()
_time_now = tp_timestamp_utc_now()
operator = handler.get_current_user()
name_list = list()
s = SQL(db)
for i in range(len(user_list)):
user = user_list[i]
err = s.reset().select_from('user', ['id']).where(
'user.username="******"'.format(user['username'])).query()
if err != TPE_OK:
failed.append({'line': user['_line'], 'error': '数据库查询失败'})
if len(s.recorder) > 0:
failed.append({
'line': user['_line'],
'error': '账号 `{}` 已经存在'.format(user['username'])
})
continue
_password = tp_password_generate_secret(user['password'])
sql = 'INSERT INTO `{}user` (`type`, `auth_type`, `password`, `username`, `surname`, `role_id`, `state`, `email`, `creator_id`, `create_time`, `last_login`, `last_chpass`, `desc`) VALUES ' \
'(1, 0, "{password}", "{username}", "{surname}", 0, {state}, "{email}", {creator_id}, {create_time}, {last_login}, {last_chpass}, "{desc}");' \
''.format(db.table_prefix,
username=user['username'], surname=user['surname'], password=_password, state=TP_STATE_NORMAL, email=user['email'],
creator_id=operator['id'], create_time=_time_now, last_login=0, last_chpass=0, desc=user['desc'])
db_ret = db.exec(sql)
if not db_ret:
failed.append({'line': user['_line'], 'error': '写入数据库时发生错误'})
continue
success.append(user['username'])
name_list.append(user['username'])
user['_id'] = db.last_insert_id()
if len(name_list) > 0:
syslog.sys_log(operator, handler.request.remote_ip, TPE_OK,
"批量导入方式创建用户:{}".format(','.join(name_list)))
# tp_stats().user_counter_change(len(name_list))
# calc count of users.
err, cnt = s.reset().count('user')
if err == TPE_OK:
tp_stats().user_counter_change(cnt)
def _make_builtin_data(self, sysadmin, email, password):
_time_now = tp_timestamp_utc_now()
self._db_exec(
'设定数据库版本',
'INSERT INTO `{}config` (`name`, `value`) VALUES ("db_ver", "{}");'.format(self.db.table_prefix, self.db.DB_VERSION)
)
self._db_exec(
'设置本地核心服务',
'INSERT INTO `{}core_server` (`sn`, `secret`, `ip`, `port`, `state`) VALUES '
'("0000", "", "127.0.0.1", 52080, 1);'
''.format(self.db.table_prefix)
)
privilege_admin = TP_PRIVILEGE_ALL
privilege_ops = TP_PRIVILEGE_LOGIN_WEB | TP_PRIVILEGE_OPS
privilege_audit = TP_PRIVILEGE_LOGIN_WEB | TP_PRIVILEGE_AUDIT
self._db_exec(
'创建默认角色',
[
'INSERT INTO `{}role` (`id`, `name`, `privilege`, `creator_id`, `create_time`) VALUES '
'(1, "{name}", {privilege}, 0, {create_time});'
''.format(self.db.table_prefix,
name='系统管理员', privilege=privilege_admin, create_time=_time_now),
'INSERT INTO `{}role` (`id`, `name`, `privilege`, `creator_id`, `create_time`) VALUES '
'(2, "{name}", {privilege}, 0, {create_time});'
''.format(self.db.table_prefix,
name='运维人员', privilege=privilege_ops, create_time=_time_now),
'INSERT INTO `{}role` (`id`, `name`, `privilege`, `creator_id`, `create_time`) VALUES '
'(3, "{name}", {privilege}, 0, {create_time});'
''.format(self.db.table_prefix,
name='审计员', privilege=privilege_audit, create_time=_time_now)
]
)
self._db_exec(
'创建系统管理员账号',
'INSERT INTO `{}user` (`type`, `auth_type`, `username`, `surname`, `password`, `role_id`, `state`, `email`, `creator_id`, `create_time`, `last_login`, `last_chpass`) VALUES '
'(1, {auth_type}, "{username}", "{surname}", "{password}", 1, {state}, "{email}", 0, {create_time}, {last_login}, {last_chpass});'
''.format(self.db.table_prefix,
auth_type=TP_LOGIN_AUTH_USERNAME_PASSWORD_CAPTCHA,
username=sysadmin, surname=sysadmin, password=tp_password_generate_secret(password), state=TP_STATE_NORMAL, email=email,
create_time=_time_now, last_login=_time_now, last_chpass=_time_now)
)
def create_user(handler, args):
"""
创建一个用户账号
"""
db = get_db()
_time_now = tp_timestamp_utc_now()
operator = handler.get_current_user()
# 1. 判断此账号是否已经存在了
s = SQL(db)
err = s.reset().select_from('user', ['id']).where(
'user.username="******"'.format(args['username'])).query()
if err != TPE_OK:
return err, 0
if len(s.recorder) > 0:
return TPE_EXISTS, 0
_password = tp_password_generate_secret(args['password'])
sql = 'INSERT INTO `{}user` (`type`, `auth_type`, `password`, `username`, `surname`, `role_id`, `state`, `email`, `creator_id`, `create_time`, `last_login`, `last_chpass`, `desc`) VALUES ' \
'(1, {auth_type}, "{password}", "{username}", "{surname}", {role}, {state}, "{email}", {creator_id}, {create_time}, {last_login}, {last_chpass}, "{desc}");' \
''.format(db.table_prefix, auth_type=args['auth_type'], password=_password,
username=args['username'], surname=args['surname'], role=args['role'], state=TP_STATE_NORMAL, email=args['email'],
creator_id=operator['id'],
create_time=_time_now, last_login=0, last_chpass=0, desc=args['desc'])
db_ret = db.exec(sql)
if not db_ret:
return TPE_DATABASE, 0
_id = db.last_insert_id()
syslog.sys_log(operator, handler.request.remote_ip, TPE_OK,
"创建用户:{}".format(args['username']))
# calc count of users.
err, cnt = s.reset().count('user')
if err == TPE_OK:
tp_stats().user_counter_change(cnt)
return TPE_OK, _id
def post(self):
args = self.get_argument('args', None)
if args is None:
return self.write_json(TPE_PARAM)
try:
args = json.loads(args)
except:
return self.write_json(TPE_JSON_FORMAT)
try:
mode = int(args['mode'])
except:
return self.write_json(TPE_PARAM)
password = ''
if mode == 1:
# 管理员直接在后台给用户发送密码重置邮件
err = self.check_privilege(TP_PRIVILEGE_USER_CREATE)
if err != TPE_OK:
return self.write_json(err)
try:
user_id = int(args['id'])
except:
return self.write_json(TPE_PARAM)
elif mode == 2:
# 管理员直接在后台为用户重置密码
err = self.check_privilege(TP_PRIVILEGE_USER_CREATE)
if err != TPE_OK:
return self.write_json(err)
try:
user_id = int(args['id'])
password = args['password']
except:
return self.write_json(TPE_PARAM)
elif mode == 3:
# 用户自行找回密码,需要填写用户名、邮箱、验证码
try:
username = args['username']
email = args['email']
captcha = args['captcha']
except:
return self.write_json(TPE_PARAM)
code = self.get_session('captcha')
if code is None:
return self.write_json(TPE_CAPTCHA_EXPIRED, '验证码已失效')
if code.lower() != captcha.lower():
return self.write_json(TPE_CAPTCHA_MISMATCH, '验证码错误')
self.del_session('captcha')
err, user_info = user.get_by_username(username)
if err != TPE_OK:
return self.write_json(err)
if user_info.email != email:
return self.write_json(TPE_NOT_EXISTS)
user_id = user_info.id
elif mode == 4:
# 用户通过密码重置邮件中的链接(有token验证),在页面上设置新密码,需要提供token、新密码
try:
token = args['token']
password = args['password']
except:
return self.write_json(TPE_PARAM)
err, user_id = user.check_reset_token(token)
if err != TPE_OK:
return self.write_json(err)
elif mode == 5:
# 用户输入当前密码和新密码进行设置
try:
current_password = args['current_password']
password = args['password']
except:
return self.write_json(TPE_PARAM)
err, user_info = user.get_by_username(
self.get_current_user()['username'])
if err != TPE_OK:
return self.write_json(err)
if not tp_password_verify(current_password, user_info['password']):
return self.write_json(TPE_USER_AUTH)
user_id = user_info['id']
elif mode == 6:
# 用户密码过期,在登录前进行修改
try:
username = args['username']
current_password = args['password']
password = args['new_password']
captcha = args['captcha']
except:
return self.write_json(TPE_PARAM)
code = self.get_session('captcha')
if code is None:
return self.write_json(TPE_CAPTCHA_EXPIRED, '验证码已失效')
if code.lower() != captcha.lower():
return self.write_json(TPE_CAPTCHA_MISMATCH, '验证码错误')
self.del_session('captcha')
err, user_info = user.get_by_username(username)
if err != TPE_OK:
return self.write_json(err)
# xxx 如果是密码过期而在登录前修改密码,需要额外判断用户是否已经被锁定
# 如果用户被禁用或锁定,在登录时会被拒绝,因此此处仍然允许其修改密码
# if user_info['state'] != TP_STATE_NORMAL:
# if user_info['state'] == TP_STATE_LOCKED:
# return self.write_json(TPE_USER_LOCKED)
# elif user_info['state'] == TP_STATE_DISABLED:
# return self.write_json(TPE_USER_DISABLED)
# else:
# return self.write_json(TPE_FAILED)
if not tp_password_verify(current_password, user_info['password']):
return self.write_json(TPE_USER_AUTH)
user_id = user_info['id']
else:
return self.write_json(TPE_PARAM)
if user_id == 0:
return self.write_json(TPE_PARAM)
if mode == 1 or mode == 3:
err, email, token = user.generate_reset_password_token(
self, user_id)
# generate an URL for reset password, valid in 24hr.
reset_url = '{}://{}/user/reset-password?token={}'.format(
self.request.protocol, self.request.host, token)
err, msg = yield mail.tp_send_mail(
email,
'Teleport用户,您好!\n\n请访问以下链接以重设您的teleport登录密码。此链接将于本邮件寄出24小时之后失效。\n'
'访问此链接,将会为您打开密码重置页面,然后您可以设定新密码。\n\n'
'如果您并没有做重设密码的操作,请忽略本邮件,请及时联系您的系统管理员!\n\n'
'{reset_url}\n\n\n\n'
'[本邮件由teleport系统自动发出,请勿回复]'
'\n\n'
''.format(reset_url=reset_url),
subject='密码重置确认函')
return self.write_json(err, msg)
elif mode == 2 or mode == 4 or mode == 5 or mode == 6:
if len(password) == 0:
return self.write_json(TPE_PARAM)
# 根据需要进行弱密码检测
if tp_cfg().sys.password.force_strong:
if not tp_check_strong_password(password):
return self.write_json(
TPE_FAILED, '密码强度太弱!强密码需要至少8个英文字符,必须包含大写字母、小写字母和数字。')
password = tp_password_generate_secret(password)
err = user.set_password(self, mode, user_id, password)
if mode == 4 and err == TPE_OK:
user.remove_reset_token(token)
# 非用户自行修改密码的情况,都默认重置身份认证
if not (mode == 5 or mode == 6) and err == TPE_OK:
# print("reset oath secret")
user.update_oath_secret(self, user_id, '')
self.write_json(err)
else:
self.write_json(TPE_PARAM)
def post(self):
args = self.get_argument('args', None)
if args is None:
return self.write_json(TPE_PARAM)
try:
args = json.loads(args)
except:
return self.write_json(TPE_JSON_FORMAT)
try:
mode = int(args['mode'])
except:
return self.write_json(TPE_PARAM)
password = ''
if mode == 1:
# 管理员直接在后台给用户发送密码重置邮件
err = self.check_privilege(TP_PRIVILEGE_USER_CREATE)
if err != TPE_OK:
return self.write_json(err)
try:
user_id = int(args['id'])
except:
return self.write_json(TPE_PARAM)
elif mode == 2:
# 管理员直接在后台为用户重置密码
err = self.check_privilege(TP_PRIVILEGE_USER_CREATE)
if err != TPE_OK:
return self.write_json(err)
try:
user_id = int(args['id'])
password = args['password']
except:
return self.write_json(TPE_PARAM)
elif mode == 3:
# 用户自行找回密码,需要填写用户名、邮箱、验证码
try:
username = args['username']
email = args['email']
captcha = args['captcha']
except:
return self.write_json(TPE_PARAM)
code = self.get_session('captcha')
if code is None:
return self.write_json(TPE_CAPTCHA_EXPIRED, '验证码已失效')
if code.lower() != captcha.lower():
return self.write_json(TPE_CAPTCHA_MISMATCH, '验证码错误')
self.del_session('captcha')
err, user_info = user.get_by_username(username)
if err != TPE_OK:
return self.write_json(err)
if user_info.email != email:
return self.write_json(TPE_NOT_EXISTS)
user_id = user_info.id
elif mode == 4:
# 用户通过密码重置邮件中的链接(有token验证),在页面上设置新密码,需要提供token、新密码
try:
token = args['token']
password = args['password']
except:
return self.write_json(TPE_PARAM)
err, user_id = user.check_reset_token(token)
if err != TPE_OK:
return self.write_json(err)
elif mode == 5:
# 用户输入当前密码和新密码进行设置
try:
current_password = args['current_password']
password = args['password']
except:
return self.write_json(TPE_PARAM)
err, user_info = user.get_by_username(self.get_current_user()['username'])
if err != TPE_OK:
return self.write_json(err)
if not tp_password_verify(current_password, user_info['password']):
return self.write_json(TPE_USER_AUTH)
user_id = user_info['id']
else:
return self.write_json(TPE_PARAM)
if user_id == 0:
return self.write_json(TPE_PARAM)
if mode == 1 or mode == 3:
err, email, token = user.generate_reset_password_token(self, user_id)
# generate an URL for reset password, valid in 24hr.
reset_url = '{}://{}/user/reset-password?token={}'.format(self.request.protocol, self.request.host, token)
err, msg = yield mail.tp_send_mail(
email,
'Teleport用户,您好!\n\n请访问以下链接以重设您的teleport登录密码。此链接将于本邮件寄出24小时之后失效。\n'
'访问此链接,将会为您打开密码重置页面,然后您可以设定新密码。\n\n'
'如果您并没有做重设密码的操作,请忽略本邮件,请及时联系您的系统管理员!\n\n'
'{reset_url}\n\n\n\n'
'[本邮件由teleport系统自动发出,请勿回复]'
'\n\n'
''.format(reset_url=reset_url),
subject='密码重置确认函'
)
return self.write_json(err, msg)
elif mode == 2 or mode == 4 or mode == 5:
if len(password) == 0:
return self.write_json(TPE_PARAM)
# 根据需要进行弱密码检测
if tp_cfg().sys.password.force_strong:
if not tp_check_strong_password(password):
return self.write_json(TPE_FAILED, '密码强度太弱!强密码需要至少8个英文字符,必须包含大写字母、小写字母和数字。')
password = tp_password_generate_secret(password)
err = user.set_password(self, user_id, password)
if mode == 4 and err == TPE_OK:
user.remove_reset_token(token)
# 非用户自行修改密码的情况,都默认重置身份认证
if mode != 5 and err == TPE_OK:
print("reset oath secret")
user.update_oath_secret(self, user_id, '')
self.write_json(err)
else:
self.write_json(TPE_PARAM)
def post(self):
args = self.get_argument('args', None)
if args is None:
return self.write_json(TPE_PARAM)
try:
args = json.loads(args)
except:
return self.write_json(TPE_JSON_FORMAT)
try:
mode = int(args['mode'])
except:
return self.write_json(TPE_PARAM)
password = ''
if mode == 1:
# 管理员直接在后台给用户发送密码重置邮件
err = self.check_privilege(TP_PRIVILEGE_USER_CREATE)
if err != TPE_OK:
return self.write_json(err)
try:
user_id = int(args['id'])
except:
return self.write_json(TPE_PARAM)
elif mode == 2:
# 管理员直接在后台为用户重置密码
err = self.check_privilege(TP_PRIVILEGE_USER_CREATE)
if err != TPE_OK:
return self.write_json(err)
try:
user_id = int(args['id'])
password = args['password']
except:
return self.write_json(TPE_PARAM)
elif mode == 3:
# 用户自行找回密码,需要填写用户名、邮箱、验证码
try:
username = args['username']
email = args['email']
captcha = args['captcha']
except:
return self.write_json(TPE_PARAM)
code = self.get_session('captcha')
if code is None:
return self.write_json(TPE_CAPTCHA_EXPIRED, '验证码已失效')
if code.lower() != captcha.lower():
return self.write_json(TPE_CAPTCHA_MISMATCH, '验证码错误')
self.del_session('captcha')
err, user_info = user.get_by_username(username)
if err != TPE_OK:
return self.write_json(err)
if user_info.email != email:
return self.write_json(TPE_NOT_EXISTS)
user_id = user_info.id
elif mode == 4:
# 用户通过密码重置邮件中的链接(有token验证),在页面上设置新密码,需要提供token、新密码
try:
token = args['token']
password = args['password']
except:
return self.write_json(TPE_PARAM)
err, user_id = user.check_reset_token(token)
if err != TPE_OK:
return self.write_json(err)
elif mode == 5:
# 用户输入当前密码和新密码进行设置
try:
current_password = args['current_password']
password = args['password']
except:
return self.write_json(TPE_PARAM)
err, user_info = user.get_by_username(
self.get_current_user()['username'])
if err != TPE_OK:
return self.write_json(err)
if not tp_password_verify(current_password, user_info['password']):
return self.write_json(TPE_USER_AUTH)
user_id = user_info['id']
else:
return self.write_json(TPE_PARAM)
if user_id == 0:
return self.write_json(TPE_PARAM)
if mode == 1 or mode == 3:
err, email, token = user.generate_reset_password_token(
self, user_id)
# 生成一个密码重置链接,24小时有效
# token = tp_generate_random(16)
reset_url = '{}://{}/user/reset-password?token={}'.format(
self.request.protocol, self.request.host, token)
# reset_url = 'http://127.0.0.1/user/validate-password-reset-token?token=G66LXH0EOJ47OXTH7O5KBQ0PHXRSBXBVVFALI6JBJ8HNWUALWI35QECPJ8UV8DEQ'
err, msg = yield mail.tp_send_mail(
email,
'Teleport用户,您好!\n\n请访问以下链接以重设您的teleport登录密码。此链接将于本邮件寄出24小时之后失效。\n'
'访问此链接,将会为您打开密码重置页面,然后您可以设定新密码。\n\n'
'如果您并没有做重设密码的操作,请忽略本邮件,请及时联系您的系统管理员!\n\n'
'{reset_url}\n\n\n\n'
'[本邮件由teleport系统自动发出,请勿回复]'
'\n\n'
''.format(reset_url=reset_url),
subject='密码重置确认函')
return self.write_json(err, msg)
elif mode == 2 or mode == 4 or mode == 5:
if len(password) == 0:
return self.write_json(TPE_PARAM)
# 根据需要进行弱密码检测
if tp_cfg().sys.password.force_strong:
if not tp_check_strong_password(password):
return self.write_json(
TPE_FAILED, '密码强度太弱!强密码需要至少8个英文字符,必须包含大写字母、小写字母和数字。')
password = tp_password_generate_secret(password)
err = user.set_password(self, user_id, password)
if mode == 4 and err == TPE_OK:
user.remove_reset_token(token)
self.write_json(err)
else:
self.write_json(TPE_PARAM)
