def create_users(handler, user_list, success, failed): """ 批量创建用户 """ db = get_db() _time_now = tp_timestamp_utc_now() operator = handler.get_current_user() name_list = list() s = SQL(db) for i in range(len(user_list)): user = user_list[i] if 'type' not in user: user['type'] = TP_USER_TYPE_LOCAL if 'ldap_dn' not in user: user['ldap_dn'] = '' err = s.reset().select_from('user', ['id']).where('user.username="******"'.format(user['username'])).query() if err != TPE_OK: failed.append({'line': user['_line'], 'error': '数据库查询失败'}) if len(s.recorder) > 0: failed.append({'line': user['_line'], 'error': '账号 `{}` 已经存在'.format(user['username'])}) continue if user['type'] == TP_USER_TYPE_LOCAL: _password = tp_password_generate_secret(user['password']) else: _password = '' sql = 'INSERT INTO `{}user` (' \ '`role_id`, `username`, `surname`, `type`, `ldap_dn`, `auth_type`, `password`, ' \ '`state`, `email`, `creator_id`, `create_time`, `last_login`, `last_chpass`, `desc`' \ ') VALUES (' \ '0, "{username}", "{surname}", {user_type}, "{ldap_dn}", 0, "{password}", ' \ '{state}, "{email}", {creator_id}, {create_time}, {last_login}, {last_chpass}, "{desc}");' \ ''.format(db.table_prefix, username=user['username'], surname=user['surname'], user_type=user['type'], ldap_dn=user['ldap_dn'], password=_password, state=TP_STATE_NORMAL, email=user['email'], creator_id=operator['id'], create_time=_time_now, last_login=0, last_chpass=_time_now, desc=user['desc']) db_ret = db.exec(sql) if not db_ret: failed.append({'line': user['_line'], 'error': '写入数据库时发生错误'}) continue success.append(user['username']) name_list.append(user['username']) user['_id'] = db.last_insert_id() if len(name_list) > 0: syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "批量导入方式创建用户:{}".format(','.join(name_list))) # tp_stats().user_counter_change(len(name_list)) # calc count of users. err, cnt = s.reset().count('user') if err == TPE_OK: tp_stats().user_counter_change(cnt)
def create_user(handler, user): """ 创建一个用户账号 """ db = get_db() _time_now = tp_timestamp_sec() operator = handler.get_current_user() if 'type' not in user: user['type'] = TP_USER_TYPE_LOCAL if 'ldap_dn' not in user: user['ldap_dn'] = '' # 1. 判断此账号是否已经存在了 s = SQL(db) err = s.reset().select_from('user', ['id']).where( 'user.username="******"'.format(user['username'])).query() if err != TPE_OK: return err, 0 if len(s.recorder) > 0: return TPE_EXISTS, 0 # _password = tp_password_generate_secret(user['password']) if user['type'] == TP_USER_TYPE_LOCAL: _password = tp_password_generate_secret(user['password']) else: _password = '' sql = 'INSERT INTO `{}user` (' \ '`role_id`, `username`, `surname`, `type`, `ldap_dn`, `auth_type`, `password`, `state`, ' \ '`email`, `creator_id`, `create_time`, `last_login`, `last_chpass`, `valid_from`, `valid_to`, `desc`' \ ') VALUES (' \ '{role}, "{username}", "{surname}", {user_type}, "{ldap_dn}", {auth_type}, "{password}", {state}, ' \ '"{email}", {creator_id}, {create_time}, {last_login}, {last_chpass}, {valid_from}, '\ '{valid_to}, "{desc}");' \ ''.format(db.table_prefix, role=user['role'], username=user['username'], surname=user['surname'], user_type=user['type'], ldap_dn=user['ldap_dn'], auth_type=user['auth_type'], password=_password, state=TP_STATE_NORMAL, email=user['email'], creator_id=operator['id'], create_time=_time_now, last_login=0, last_chpass=_time_now, valid_from=user['valid_from'], valid_to=user['valid_to'], desc=user['desc']) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE, 0 _id = db.last_insert_id() syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "创建用户:{}".format(user['username'])) # calc count of users. err, cnt = s.reset().count('user') if err == TPE_OK: tp_stats().user_counter_change(cnt) return TPE_OK, _id
def _make_builtin_data(self, sysadmin, email, password): _time_now = tp_timestamp_utc_now() self._db_exec( '设定数据库版本', 'INSERT INTO `{}config` (`name`, `value`) VALUES ("db_ver", "{}");' .format(self.db.table_prefix, self.db.DB_VERSION)) self._db_exec( '设置本地核心服务', 'INSERT INTO `{}core_server` (`sn`, `secret`, `ip`, `port`, `state`) VALUES ' '("0000", "", "127.0.0.1", 52080, 1);' ''.format(self.db.table_prefix)) privilege_admin = TP_PRIVILEGE_ALL privilege_ops = TP_PRIVILEGE_LOGIN_WEB | TP_PRIVILEGE_OPS privilege_audit = TP_PRIVILEGE_LOGIN_WEB | TP_PRIVILEGE_AUDIT self._db_exec('创建默认角色', [ 'INSERT INTO `{}role` (`id`, `name`, `privilege`, `creator_id`, `create_time`) VALUES ' '(1, "{name}", {privilege}, 0, {create_time});' ''.format(self.db.table_prefix, name='系统管理员', privilege=privilege_admin, create_time=_time_now), 'INSERT INTO `{}role` (`id`, `name`, `privilege`, `creator_id`, `create_time`) VALUES ' '(2, "{name}", {privilege}, 0, {create_time});' ''.format(self.db.table_prefix, name='运维人员', privilege=privilege_ops, create_time=_time_now), 'INSERT INTO `{}role` (`id`, `name`, `privilege`, `creator_id`, `create_time`) VALUES ' '(3, "{name}", {privilege}, 0, {create_time});' ''.format(self.db.table_prefix, name='审计员', privilege=privilege_audit, create_time=_time_now) ]) self._db_exec( '创建系统管理员账号', 'INSERT INTO `{}user` (`type`, `auth_type`, `username`, `surname`, `password`, `role_id`, `state`, `email`, `creator_id`, `create_time`, `last_login`, `last_chpass`) VALUES ' '(1, {auth_type}, "{username}", "{surname}", "{password}", 1, {state}, "{email}", 0, {create_time}, {last_login}, {last_chpass});' ''.format(self.db.table_prefix, auth_type=TP_LOGIN_AUTH_USERNAME_PASSWORD_CAPTCHA, username=sysadmin, surname=sysadmin, password=tp_password_generate_secret(password), state=TP_STATE_NORMAL, email=email, create_time=_time_now, last_login=_time_now, last_chpass=_time_now))
def create_user(handler, user): """ 创建一个用户账号 """ db = get_db() _time_now = tp_timestamp_utc_now() operator = handler.get_current_user() if 'type' not in user: user['type'] = TP_USER_TYPE_LOCAL if 'ldap_dn' not in user: user['ldap_dn'] = '' # 1. 判断此账号是否已经存在了 s = SQL(db) err = s.reset().select_from('user', ['id']).where('user.username="******"'.format(user['username'])).query() if err != TPE_OK: return err, 0 if len(s.recorder) > 0: return TPE_EXISTS, 0 # _password = tp_password_generate_secret(user['password']) if user['type'] == TP_USER_TYPE_LOCAL: _password = tp_password_generate_secret(user['password']) else: _password = '' sql = 'INSERT INTO `{}user` (' \ '`role_id`, `username`, `surname`, `type`, `ldap_dn`, `auth_type`, `password`, `state`, ' \ '`email`, `creator_id`, `create_time`, `last_login`, `last_chpass`, `desc`' \ ') VALUES (' \ '{role}, "{username}", "{surname}", {user_type}, "{ldap_dn}", {auth_type}, "{password}", {state}, ' \ '"{email}", {creator_id}, {create_time}, {last_login}, {last_chpass}, "{desc}");' \ ''.format(db.table_prefix, role=user['role'], username=user['username'], surname=user['surname'], user_type=user['type'], ldap_dn=user['ldap_dn'], auth_type=user['auth_type'], password=_password, state=TP_STATE_NORMAL, email=user['email'], creator_id=operator['id'], create_time=_time_now, last_login=0, last_chpass=_time_now, desc=user['desc']) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE, 0 _id = db.last_insert_id() syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "创建用户:{}".format(user['username'])) # calc count of users. err, cnt = s.reset().count('user') if err == TPE_OK: tp_stats().user_counter_change(cnt) return TPE_OK, _id
def create_users(handler, user_list, success, failed): """ 批量创建用户 """ db = get_db() _time_now = tp_timestamp_utc_now() operator = handler.get_current_user() name_list = list() s = SQL(db) for i in range(len(user_list)): user = user_list[i] err = s.reset().select_from('user', ['id']).where( 'user.username="******"'.format(user['username'])).query() if err != TPE_OK: failed.append({'line': user['_line'], 'error': '数据库查询失败'}) if len(s.recorder) > 0: failed.append({ 'line': user['_line'], 'error': '账号 `{}` 已经存在'.format(user['username']) }) continue _password = tp_password_generate_secret(user['password']) sql = 'INSERT INTO `{}user` (`type`, `auth_type`, `password`, `username`, `surname`, `role_id`, `state`, `email`, `creator_id`, `create_time`, `last_login`, `last_chpass`, `desc`) VALUES ' \ '(1, 0, "{password}", "{username}", "{surname}", 0, {state}, "{email}", {creator_id}, {create_time}, {last_login}, {last_chpass}, "{desc}");' \ ''.format(db.table_prefix, username=user['username'], surname=user['surname'], password=_password, state=TP_STATE_NORMAL, email=user['email'], creator_id=operator['id'], create_time=_time_now, last_login=0, last_chpass=0, desc=user['desc']) db_ret = db.exec(sql) if not db_ret: failed.append({'line': user['_line'], 'error': '写入数据库时发生错误'}) continue success.append(user['username']) name_list.append(user['username']) user['_id'] = db.last_insert_id() if len(name_list) > 0: syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "批量导入方式创建用户:{}".format(','.join(name_list))) # tp_stats().user_counter_change(len(name_list)) # calc count of users. err, cnt = s.reset().count('user') if err == TPE_OK: tp_stats().user_counter_change(cnt)
def _make_builtin_data(self, sysadmin, email, password): _time_now = tp_timestamp_utc_now() self._db_exec( '设定数据库版本', 'INSERT INTO `{}config` (`name`, `value`) VALUES ("db_ver", "{}");'.format(self.db.table_prefix, self.db.DB_VERSION) ) self._db_exec( '设置本地核心服务', 'INSERT INTO `{}core_server` (`sn`, `secret`, `ip`, `port`, `state`) VALUES ' '("0000", "", "127.0.0.1", 52080, 1);' ''.format(self.db.table_prefix) ) privilege_admin = TP_PRIVILEGE_ALL privilege_ops = TP_PRIVILEGE_LOGIN_WEB | TP_PRIVILEGE_OPS privilege_audit = TP_PRIVILEGE_LOGIN_WEB | TP_PRIVILEGE_AUDIT self._db_exec( '创建默认角色', [ 'INSERT INTO `{}role` (`id`, `name`, `privilege`, `creator_id`, `create_time`) VALUES ' '(1, "{name}", {privilege}, 0, {create_time});' ''.format(self.db.table_prefix, name='系统管理员', privilege=privilege_admin, create_time=_time_now), 'INSERT INTO `{}role` (`id`, `name`, `privilege`, `creator_id`, `create_time`) VALUES ' '(2, "{name}", {privilege}, 0, {create_time});' ''.format(self.db.table_prefix, name='运维人员', privilege=privilege_ops, create_time=_time_now), 'INSERT INTO `{}role` (`id`, `name`, `privilege`, `creator_id`, `create_time`) VALUES ' '(3, "{name}", {privilege}, 0, {create_time});' ''.format(self.db.table_prefix, name='审计员', privilege=privilege_audit, create_time=_time_now) ] ) self._db_exec( '创建系统管理员账号', 'INSERT INTO `{}user` (`type`, `auth_type`, `username`, `surname`, `password`, `role_id`, `state`, `email`, `creator_id`, `create_time`, `last_login`, `last_chpass`) VALUES ' '(1, {auth_type}, "{username}", "{surname}", "{password}", 1, {state}, "{email}", 0, {create_time}, {last_login}, {last_chpass});' ''.format(self.db.table_prefix, auth_type=TP_LOGIN_AUTH_USERNAME_PASSWORD_CAPTCHA, username=sysadmin, surname=sysadmin, password=tp_password_generate_secret(password), state=TP_STATE_NORMAL, email=email, create_time=_time_now, last_login=_time_now, last_chpass=_time_now) )
def create_user(handler, args): """ 创建一个用户账号 """ db = get_db() _time_now = tp_timestamp_utc_now() operator = handler.get_current_user() # 1. 判断此账号是否已经存在了 s = SQL(db) err = s.reset().select_from('user', ['id']).where( 'user.username="******"'.format(args['username'])).query() if err != TPE_OK: return err, 0 if len(s.recorder) > 0: return TPE_EXISTS, 0 _password = tp_password_generate_secret(args['password']) sql = 'INSERT INTO `{}user` (`type`, `auth_type`, `password`, `username`, `surname`, `role_id`, `state`, `email`, `creator_id`, `create_time`, `last_login`, `last_chpass`, `desc`) VALUES ' \ '(1, {auth_type}, "{password}", "{username}", "{surname}", {role}, {state}, "{email}", {creator_id}, {create_time}, {last_login}, {last_chpass}, "{desc}");' \ ''.format(db.table_prefix, auth_type=args['auth_type'], password=_password, username=args['username'], surname=args['surname'], role=args['role'], state=TP_STATE_NORMAL, email=args['email'], creator_id=operator['id'], create_time=_time_now, last_login=0, last_chpass=0, desc=args['desc']) db_ret = db.exec(sql) if not db_ret: return TPE_DATABASE, 0 _id = db.last_insert_id() syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "创建用户:{}".format(args['username'])) # calc count of users. err, cnt = s.reset().count('user') if err == TPE_OK: tp_stats().user_counter_change(cnt) return TPE_OK, _id
def post(self): args = self.get_argument('args', None) if args is None: return self.write_json(TPE_PARAM) try: args = json.loads(args) except: return self.write_json(TPE_JSON_FORMAT) try: mode = int(args['mode']) except: return self.write_json(TPE_PARAM) password = '' if mode == 1: # 管理员直接在后台给用户发送密码重置邮件 err = self.check_privilege(TP_PRIVILEGE_USER_CREATE) if err != TPE_OK: return self.write_json(err) try: user_id = int(args['id']) except: return self.write_json(TPE_PARAM) elif mode == 2: # 管理员直接在后台为用户重置密码 err = self.check_privilege(TP_PRIVILEGE_USER_CREATE) if err != TPE_OK: return self.write_json(err) try: user_id = int(args['id']) password = args['password'] except: return self.write_json(TPE_PARAM) elif mode == 3: # 用户自行找回密码,需要填写用户名、邮箱、验证码 try: username = args['username'] email = args['email'] captcha = args['captcha'] except: return self.write_json(TPE_PARAM) code = self.get_session('captcha') if code is None: return self.write_json(TPE_CAPTCHA_EXPIRED, '验证码已失效') if code.lower() != captcha.lower(): return self.write_json(TPE_CAPTCHA_MISMATCH, '验证码错误') self.del_session('captcha') err, user_info = user.get_by_username(username) if err != TPE_OK: return self.write_json(err) if user_info.email != email: return self.write_json(TPE_NOT_EXISTS) user_id = user_info.id elif mode == 4: # 用户通过密码重置邮件中的链接(有token验证),在页面上设置新密码,需要提供token、新密码 try: token = args['token'] password = args['password'] except: return self.write_json(TPE_PARAM) err, user_id = user.check_reset_token(token) if err != TPE_OK: return self.write_json(err) elif mode == 5: # 用户输入当前密码和新密码进行设置 try: current_password = args['current_password'] password = args['password'] except: return self.write_json(TPE_PARAM) err, user_info = user.get_by_username( self.get_current_user()['username']) if err != TPE_OK: return self.write_json(err) if not tp_password_verify(current_password, user_info['password']): return self.write_json(TPE_USER_AUTH) user_id = user_info['id'] elif mode == 6: # 用户密码过期,在登录前进行修改 try: username = args['username'] current_password = args['password'] password = args['new_password'] captcha = args['captcha'] except: return self.write_json(TPE_PARAM) code = self.get_session('captcha') if code is None: return self.write_json(TPE_CAPTCHA_EXPIRED, '验证码已失效') if code.lower() != captcha.lower(): return self.write_json(TPE_CAPTCHA_MISMATCH, '验证码错误') self.del_session('captcha') err, user_info = user.get_by_username(username) if err != TPE_OK: return self.write_json(err) # xxx 如果是密码过期而在登录前修改密码,需要额外判断用户是否已经被锁定 # 如果用户被禁用或锁定,在登录时会被拒绝,因此此处仍然允许其修改密码 # if user_info['state'] != TP_STATE_NORMAL: # if user_info['state'] == TP_STATE_LOCKED: # return self.write_json(TPE_USER_LOCKED) # elif user_info['state'] == TP_STATE_DISABLED: # return self.write_json(TPE_USER_DISABLED) # else: # return self.write_json(TPE_FAILED) if not tp_password_verify(current_password, user_info['password']): return self.write_json(TPE_USER_AUTH) user_id = user_info['id'] else: return self.write_json(TPE_PARAM) if user_id == 0: return self.write_json(TPE_PARAM) if mode == 1 or mode == 3: err, email, token = user.generate_reset_password_token( self, user_id) # generate an URL for reset password, valid in 24hr. reset_url = '{}://{}/user/reset-password?token={}'.format( self.request.protocol, self.request.host, token) err, msg = yield mail.tp_send_mail( email, 'Teleport用户,您好!\n\n请访问以下链接以重设您的teleport登录密码。此链接将于本邮件寄出24小时之后失效。\n' '访问此链接,将会为您打开密码重置页面,然后您可以设定新密码。\n\n' '如果您并没有做重设密码的操作,请忽略本邮件,请及时联系您的系统管理员!\n\n' '{reset_url}\n\n\n\n' '[本邮件由teleport系统自动发出,请勿回复]' '\n\n' ''.format(reset_url=reset_url), subject='密码重置确认函') return self.write_json(err, msg) elif mode == 2 or mode == 4 or mode == 5 or mode == 6: if len(password) == 0: return self.write_json(TPE_PARAM) # 根据需要进行弱密码检测 if tp_cfg().sys.password.force_strong: if not tp_check_strong_password(password): return self.write_json( TPE_FAILED, '密码强度太弱!强密码需要至少8个英文字符,必须包含大写字母、小写字母和数字。') password = tp_password_generate_secret(password) err = user.set_password(self, mode, user_id, password) if mode == 4 and err == TPE_OK: user.remove_reset_token(token) # 非用户自行修改密码的情况,都默认重置身份认证 if not (mode == 5 or mode == 6) and err == TPE_OK: # print("reset oath secret") user.update_oath_secret(self, user_id, '') self.write_json(err) else: self.write_json(TPE_PARAM)
def post(self): args = self.get_argument('args', None) if args is None: return self.write_json(TPE_PARAM) try: args = json.loads(args) except: return self.write_json(TPE_JSON_FORMAT) try: mode = int(args['mode']) except: return self.write_json(TPE_PARAM) password = '' if mode == 1: # 管理员直接在后台给用户发送密码重置邮件 err = self.check_privilege(TP_PRIVILEGE_USER_CREATE) if err != TPE_OK: return self.write_json(err) try: user_id = int(args['id']) except: return self.write_json(TPE_PARAM) elif mode == 2: # 管理员直接在后台为用户重置密码 err = self.check_privilege(TP_PRIVILEGE_USER_CREATE) if err != TPE_OK: return self.write_json(err) try: user_id = int(args['id']) password = args['password'] except: return self.write_json(TPE_PARAM) elif mode == 3: # 用户自行找回密码,需要填写用户名、邮箱、验证码 try: username = args['username'] email = args['email'] captcha = args['captcha'] except: return self.write_json(TPE_PARAM) code = self.get_session('captcha') if code is None: return self.write_json(TPE_CAPTCHA_EXPIRED, '验证码已失效') if code.lower() != captcha.lower(): return self.write_json(TPE_CAPTCHA_MISMATCH, '验证码错误') self.del_session('captcha') err, user_info = user.get_by_username(username) if err != TPE_OK: return self.write_json(err) if user_info.email != email: return self.write_json(TPE_NOT_EXISTS) user_id = user_info.id elif mode == 4: # 用户通过密码重置邮件中的链接(有token验证),在页面上设置新密码,需要提供token、新密码 try: token = args['token'] password = args['password'] except: return self.write_json(TPE_PARAM) err, user_id = user.check_reset_token(token) if err != TPE_OK: return self.write_json(err) elif mode == 5: # 用户输入当前密码和新密码进行设置 try: current_password = args['current_password'] password = args['password'] except: return self.write_json(TPE_PARAM) err, user_info = user.get_by_username(self.get_current_user()['username']) if err != TPE_OK: return self.write_json(err) if not tp_password_verify(current_password, user_info['password']): return self.write_json(TPE_USER_AUTH) user_id = user_info['id'] else: return self.write_json(TPE_PARAM) if user_id == 0: return self.write_json(TPE_PARAM) if mode == 1 or mode == 3: err, email, token = user.generate_reset_password_token(self, user_id) # generate an URL for reset password, valid in 24hr. reset_url = '{}://{}/user/reset-password?token={}'.format(self.request.protocol, self.request.host, token) err, msg = yield mail.tp_send_mail( email, 'Teleport用户,您好!\n\n请访问以下链接以重设您的teleport登录密码。此链接将于本邮件寄出24小时之后失效。\n' '访问此链接,将会为您打开密码重置页面,然后您可以设定新密码。\n\n' '如果您并没有做重设密码的操作,请忽略本邮件,请及时联系您的系统管理员!\n\n' '{reset_url}\n\n\n\n' '[本邮件由teleport系统自动发出,请勿回复]' '\n\n' ''.format(reset_url=reset_url), subject='密码重置确认函' ) return self.write_json(err, msg) elif mode == 2 or mode == 4 or mode == 5: if len(password) == 0: return self.write_json(TPE_PARAM) # 根据需要进行弱密码检测 if tp_cfg().sys.password.force_strong: if not tp_check_strong_password(password): return self.write_json(TPE_FAILED, '密码强度太弱!强密码需要至少8个英文字符,必须包含大写字母、小写字母和数字。') password = tp_password_generate_secret(password) err = user.set_password(self, user_id, password) if mode == 4 and err == TPE_OK: user.remove_reset_token(token) # 非用户自行修改密码的情况,都默认重置身份认证 if mode != 5 and err == TPE_OK: print("reset oath secret") user.update_oath_secret(self, user_id, '') self.write_json(err) else: self.write_json(TPE_PARAM)
def post(self): args = self.get_argument('args', None) if args is None: return self.write_json(TPE_PARAM) try: args = json.loads(args) except: return self.write_json(TPE_JSON_FORMAT) try: mode = int(args['mode']) except: return self.write_json(TPE_PARAM) password = '' if mode == 1: # 管理员直接在后台给用户发送密码重置邮件 err = self.check_privilege(TP_PRIVILEGE_USER_CREATE) if err != TPE_OK: return self.write_json(err) try: user_id = int(args['id']) except: return self.write_json(TPE_PARAM) elif mode == 2: # 管理员直接在后台为用户重置密码 err = self.check_privilege(TP_PRIVILEGE_USER_CREATE) if err != TPE_OK: return self.write_json(err) try: user_id = int(args['id']) password = args['password'] except: return self.write_json(TPE_PARAM) elif mode == 3: # 用户自行找回密码,需要填写用户名、邮箱、验证码 try: username = args['username'] email = args['email'] captcha = args['captcha'] except: return self.write_json(TPE_PARAM) code = self.get_session('captcha') if code is None: return self.write_json(TPE_CAPTCHA_EXPIRED, '验证码已失效') if code.lower() != captcha.lower(): return self.write_json(TPE_CAPTCHA_MISMATCH, '验证码错误') self.del_session('captcha') err, user_info = user.get_by_username(username) if err != TPE_OK: return self.write_json(err) if user_info.email != email: return self.write_json(TPE_NOT_EXISTS) user_id = user_info.id elif mode == 4: # 用户通过密码重置邮件中的链接(有token验证),在页面上设置新密码,需要提供token、新密码 try: token = args['token'] password = args['password'] except: return self.write_json(TPE_PARAM) err, user_id = user.check_reset_token(token) if err != TPE_OK: return self.write_json(err) elif mode == 5: # 用户输入当前密码和新密码进行设置 try: current_password = args['current_password'] password = args['password'] except: return self.write_json(TPE_PARAM) err, user_info = user.get_by_username( self.get_current_user()['username']) if err != TPE_OK: return self.write_json(err) if not tp_password_verify(current_password, user_info['password']): return self.write_json(TPE_USER_AUTH) user_id = user_info['id'] else: return self.write_json(TPE_PARAM) if user_id == 0: return self.write_json(TPE_PARAM) if mode == 1 or mode == 3: err, email, token = user.generate_reset_password_token( self, user_id) # 生成一个密码重置链接,24小时有效 # token = tp_generate_random(16) reset_url = '{}://{}/user/reset-password?token={}'.format( self.request.protocol, self.request.host, token) # reset_url = 'http://127.0.0.1/user/validate-password-reset-token?token=G66LXH0EOJ47OXTH7O5KBQ0PHXRSBXBVVFALI6JBJ8HNWUALWI35QECPJ8UV8DEQ' err, msg = yield mail.tp_send_mail( email, 'Teleport用户,您好!\n\n请访问以下链接以重设您的teleport登录密码。此链接将于本邮件寄出24小时之后失效。\n' '访问此链接,将会为您打开密码重置页面,然后您可以设定新密码。\n\n' '如果您并没有做重设密码的操作,请忽略本邮件,请及时联系您的系统管理员!\n\n' '{reset_url}\n\n\n\n' '[本邮件由teleport系统自动发出,请勿回复]' '\n\n' ''.format(reset_url=reset_url), subject='密码重置确认函') return self.write_json(err, msg) elif mode == 2 or mode == 4 or mode == 5: if len(password) == 0: return self.write_json(TPE_PARAM) # 根据需要进行弱密码检测 if tp_cfg().sys.password.force_strong: if not tp_check_strong_password(password): return self.write_json( TPE_FAILED, '密码强度太弱!强密码需要至少8个英文字符,必须包含大写字母、小写字母和数字。') password = tp_password_generate_secret(password) err = user.set_password(self, user_id, password) if mode == 4 and err == TPE_OK: user.remove_reset_token(token) self.write_json(err) else: self.write_json(TPE_PARAM)