def post(self):
args = self.get_argument('args', None)
if args is None:
return self.write_json(TPE_PARAM)
try:
args = json.loads(args)
except:
return self.write_json(TPE_JSON_FORMAT)
try:
username = args['username']
password = args['password']
except:
return self.write_json(TPE_PARAM)
try:
check_bind_oath = args['check_bind_oath']
except:
check_bind_oath = False
err, user_info, msg = user.login(self,
username,
password=password,
check_bind_oath=check_bind_oath)
if err != TPE_OK:
if err == TPE_NOT_EXISTS:
err = TPE_USER_AUTH
return self.write_json(err)
return self.write_json(TPE_OK)
def post(self):
args = self.get_argument('args', None)
if args is None:
return self.write_json(TPE_PARAM)
try:
args = json.loads(args)
except:
return self.write_json(TPE_JSON_FORMAT)
try:
username = args['username']
password = args['password']
oath_code = args['oath_code']
except:
return self.write_json(TPE_PARAM)
err, user_info, msg = user.login(self, username, password=password)
if err != TPE_OK:
if err == TPE_NOT_EXISTS:
err = TPE_USER_AUTH
return self.write_json(err)
secret = self.get_session('tmp_oath_secret', None)
if secret is None:
return self.write_json(TPE_FAILED, '内部错误!')
self.del_session('tmp_oath_secret')
if not tp_oath_verify_code(secret, oath_code):
return self.write_json(TPE_OATH_MISMATCH)
err = user.update_oath_secret(self, user_info['id'], secret)
if err != TPE_OK:
return self.write_json(err)
return self.write_json(TPE_OK)
def post(self):
args = self.get_argument('args', None)
if args is None:
return self.write_json(TPE_PARAM)
try:
args = json.loads(args)
except:
return self.write_json(TPE_JSON_FORMAT)
try:
username = args['username']
password = args['password']
oath_code = args['oath_code']
except:
return self.write_json(TPE_PARAM)
err, user_info = user.login(self, username, password=password)
if err != TPE_OK:
if err == TPE_NOT_EXISTS:
err = TPE_USER_AUTH
return self.write_json(err)
secret = self.get_session('tmp_oath_secret', None)
if secret is None:
return self.write_json(TPE_FAILED, '内部错误!')
self.del_session('tmp_oath_secret')
if not tp_oath_verify_code(secret, oath_code):
return self.write_json(TPE_OATH_MISMATCH)
err = user.update_oath_secret(self, user_info['id'], secret)
if err != TPE_OK:
return self.write_json(err)
return self.write_json(TPE_OK)
def post(self):
args = self.get_argument('args', None)
if args is None:
return self.write_json(TPE_PARAM)
try:
args = json.loads(args)
except:
return self.write_json(TPE_JSON_FORMAT)
try:
username = args['username']
password = args['password']
except:
return self.write_json(TPE_PARAM)
try:
check_bind_oath = args['check_bind_oath']
except:
check_bind_oath = False
err, user_info = user.login(self, username, password=password, check_bind_oath=check_bind_oath)
if err != TPE_OK:
if err == TPE_NOT_EXISTS:
err = TPE_USER_AUTH
return self.write_json(err)
return self.write_json(TPE_OK)
def post(self):
sys_cfg = tp_cfg().sys
args = self.get_argument('args', None)
if args is None:
return self.write_json(TPE_PARAM)
try:
args = json.loads(args)
except:
return self.write_json(TPE_JSON_FORMAT, '参数错误')
try:
login_type = args['type']
captcha = args['captcha'].strip()
username = args['username'].strip().lower()
password = args['password']
oath = args['oath'].strip()
remember = args['remember']
except:
return self.write_json(TPE_PARAM)
if login_type not in [
TP_LOGIN_AUTH_USERNAME_PASSWORD,
TP_LOGIN_AUTH_USERNAME_PASSWORD_CAPTCHA,
TP_LOGIN_AUTH_USERNAME_PASSWORD_OATH,
TP_LOGIN_AUTH_USERNAME_OATH
]:
return self.write_json(TPE_PARAM, '未知的认证方式')
if login_type == TP_LOGIN_AUTH_USERNAME_PASSWORD_CAPTCHA:
oath = None
code = self.get_session('captcha')
if code is None:
return self.write_json(TPE_CAPTCHA_EXPIRED, '验证码已失效')
if code.lower() != captcha.lower():
return self.write_json(TPE_CAPTCHA_MISMATCH, '验证码错误')
elif login_type in [
TP_LOGIN_AUTH_USERNAME_OATH,
TP_LOGIN_AUTH_USERNAME_PASSWORD_OATH
]:
if len(oath) == 0:
return self.write_json(TPE_OATH_MISMATCH, '未提供身份验证器动态验证码')
self.del_session('captcha')
if len(username) == 0:
return self.write_json(TPE_PARAM, '未提供登录用户名')
if login_type not in [
TP_LOGIN_AUTH_USERNAME_PASSWORD,
TP_LOGIN_AUTH_USERNAME_PASSWORD_CAPTCHA,
TP_LOGIN_AUTH_USERNAME_PASSWORD_OATH
]:
password = None
if login_type not in [
TP_LOGIN_AUTH_USERNAME_PASSWORD_OATH,
TP_LOGIN_AUTH_USERNAME_OATH
]:
oath = None
# 检查用户名合法性,防止SQL注入攻击
if '<' in username or '>' in username:
username = username.replace('<', '<')
username = username.replace('>', '>')
err = TPE_USER_AUTH
syslog.sys_log({
'username': '******',
'surname': '???'
}, self.request.remote_ip, TPE_NOT_EXISTS,
'登录失败,可能是攻击行为。试图使用用户名 {} 进行登录。'.format(username))
return self.write_json(err)
err, user_info = user.login(self,
username,
password=password,
oath_code=oath)
if err != TPE_OK:
if err == TPE_NOT_EXISTS:
err = TPE_USER_AUTH
syslog.sys_log({
'username': '******',
'surname': '???'
}, self.request.remote_ip, TPE_NOT_EXISTS,
'登录失败,用户`{}`不存在'.format(username))
return self.write_json(err)
# 判断此用户是否被允许使用当前登录认证方式
auth_type = user_info.auth_type
if auth_type == 0:
auth_type = sys_cfg.login.auth
if (auth_type & login_type) != login_type:
return self.write_json(TPE_USER_AUTH, '不允许使用此身份认证方式')
self._user = user_info
self._user['_is_login'] = True
# del self._user['password']
# del self._user['oath_secret']
if remember:
self.set_session('user', self._user, 12 * 60 * 60)
else:
self.set_session('user', self._user)
user.update_login_info(self, user_info['id'])
# 记录登录日志
syslog.sys_log(self._user, self.request.remote_ip, TPE_OK, "登录成功")
self.set_cookie('username', username)
return self.write_json(TPE_OK)
def post(self):
sys_cfg = tp_cfg().sys
args = self.get_argument('args', None)
if args is None:
return self.write_json(TPE_PARAM)
try:
args = json.loads(args)
except:
return self.write_json(TPE_JSON_FORMAT, '参数错误')
try:
login_type = args['type']
captcha = args['captcha'].strip()
username = args['username'].strip().lower()
password = args['password']
oath = args['oath'].strip()
remember = args['remember']
except:
return self.write_json(TPE_PARAM)
if login_type not in [TP_LOGIN_AUTH_USERNAME_PASSWORD,
TP_LOGIN_AUTH_USERNAME_PASSWORD_CAPTCHA,
TP_LOGIN_AUTH_USERNAME_PASSWORD_OATH,
TP_LOGIN_AUTH_USERNAME_OATH
]:
return self.write_json(TPE_PARAM, '未知的认证方式')
if login_type == TP_LOGIN_AUTH_USERNAME_PASSWORD_CAPTCHA:
oath = None
code = self.get_session('captcha')
if code is None:
return self.write_json(TPE_CAPTCHA_EXPIRED, '验证码已失效')
if code.lower() != captcha.lower():
return self.write_json(TPE_CAPTCHA_MISMATCH, '验证码错误')
elif login_type in [TP_LOGIN_AUTH_USERNAME_OATH, TP_LOGIN_AUTH_USERNAME_PASSWORD_OATH]:
if len(oath) == 0:
return self.write_json(TPE_OATH_MISMATCH, '未提供身份验证器动态验证码')
self.del_session('captcha')
if len(username) == 0:
return self.write_json(TPE_PARAM, '未提供登录用户名')
if login_type not in [TP_LOGIN_AUTH_USERNAME_PASSWORD,
TP_LOGIN_AUTH_USERNAME_PASSWORD_CAPTCHA,
TP_LOGIN_AUTH_USERNAME_PASSWORD_OATH
]:
password = None
if login_type not in [TP_LOGIN_AUTH_USERNAME_PASSWORD_OATH,
TP_LOGIN_AUTH_USERNAME_OATH
]:
oath = None
# 检查用户名合法性,防止SQL注入攻击
if '<' in username or '>' in username:
username = username.replace('<', '<')
username = username.replace('>', '>')
err = TPE_USER_AUTH
syslog.sys_log({'username': '******', 'surname': '???'}, self.request.remote_ip, TPE_NOT_EXISTS, '登录失败,可能是攻击行为。试图使用用户名 {} 进行登录。'.format(username))
return self.write_json(err)
err, user_info = user.login(self, username, password=password, oath_code=oath)
if err != TPE_OK:
if err == TPE_NOT_EXISTS:
err = TPE_USER_AUTH
syslog.sys_log({'username': '******', 'surname': '???'}, self.request.remote_ip, TPE_NOT_EXISTS, '登录失败,用户`{}`不存在'.format(username))
return self.write_json(err)
# 判断此用户是否被允许使用当前登录认证方式
auth_type = user_info.auth_type
if auth_type == 0:
auth_type = sys_cfg.login.auth
if (auth_type & login_type) != login_type:
return self.write_json(TPE_USER_AUTH, '不允许使用此身份认证方式')
self._user = user_info
self._user['_is_login'] = True
# del self._user['password']
# del self._user['oath_secret']
if remember:
self.set_session('user', self._user, 12 * 60 * 60)
else:
self.set_session('user', self._user)
user.update_login_info(self, user_info['id'])
# 记录登录日志
syslog.sys_log(self._user, self.request.remote_ip, TPE_OK, "登录成功")
self.set_cookie('username', username)
return self.write_json(TPE_OK)
def post(self):
sys_cfg = tp_cfg().sys
args = self.get_argument('args', None)
if args is None:
return self.write_json(TPE_PARAM)
try:
args = json.loads(args)
except:
return self.write_json(TPE_JSON_FORMAT, '参数错误')
try:
login_type = args['type']
captcha = args['captcha'].strip()
username = args['username'].strip().lower()
password = args['password']
oath = args['oath'].strip()
remember = args['remember']
except:
return self.write_json(TPE_PARAM)
if login_type not in [
TP_LOGIN_AUTH_USERNAME_PASSWORD,
TP_LOGIN_AUTH_USERNAME_PASSWORD_CAPTCHA,
TP_LOGIN_AUTH_USERNAME_PASSWORD_OATH,
TP_LOGIN_AUTH_USERNAME_OATH
]:
return self.write_json(TPE_PARAM, '未知的认证方式')
if login_type == TP_LOGIN_AUTH_USERNAME_PASSWORD_CAPTCHA:
oath = None
code = self.get_session('captcha')
if code is None:
return self.write_json(TPE_CAPTCHA_EXPIRED, '验证码已失效')
if code.lower() != captcha.lower():
return self.write_json(TPE_CAPTCHA_MISMATCH, '验证码错误')
elif login_type in [
TP_LOGIN_AUTH_USERNAME_OATH,
TP_LOGIN_AUTH_USERNAME_PASSWORD_OATH
]:
if len(oath) == 0:
return self.write_json(TPE_OATH_MISMATCH, '未提供身份验证器动态验证码')
self.del_session('captcha')
if len(username) == 0:
return self.write_json(TPE_PARAM, '未提供登录用户名')
if login_type not in [
TP_LOGIN_AUTH_USERNAME_PASSWORD,
TP_LOGIN_AUTH_USERNAME_PASSWORD_CAPTCHA,
TP_LOGIN_AUTH_USERNAME_PASSWORD_OATH
]:
password = None
if login_type not in [
TP_LOGIN_AUTH_USERNAME_PASSWORD_OATH,
TP_LOGIN_AUTH_USERNAME_OATH
]:
oath = None
err, user_info = user.login(self,
username,
password=password,
oath_code=oath)
if err != TPE_OK:
if err == TPE_NOT_EXISTS:
err = TPE_USER_AUTH
syslog.sys_log({
'username': username,
'surname': username
}, self.request.remote_ip, TPE_NOT_EXISTS,
'登录失败,用户`{}`不存在'.format(username))
return self.write_json(err)
# 判断此用户是否被允许使用当前登录认证方式
auth_type = user_info.auth_type
if auth_type == 0:
auth_type = sys_cfg.login.auth
if (auth_type & login_type) != login_type:
return self.write_json(TPE_USER_AUTH, '不允许使用此身份认证方式')
# err, user_info = user.get_by_username(username)
# if err != TPE_OK:
# if err == TPE_NOT_EXISTS:
# syslog.sys_log({'username': username, 'surname': username}, self.request.remote_ip, TPE_NOT_EXISTS, '登录失败,用户`{}`不存在'.format(username))
# return self.write_json(err)
#
# if user_info.privilege == 0:
# # 尚未为此用户设置角色
# return self.write_json(TPE_PRIVILEGE, '用户尚未分配角色')
#
# if user_info['state'] == TP_STATE_LOCKED:
# # 用户已经被锁定,如果系统配置为一定时间后自动解锁,则更新一下用户信息
# if sys_cfg.login.lock_timeout != 0:
# if tp_timestamp_utc_now() - user_info.lock_time > sys_cfg.login.lock_timeout * 60:
# user_info.fail_count = 0
# user_info.state = TP_STATE_NORMAL
# if user_info['state'] == TP_STATE_LOCKED:
# syslog.sys_log(user_info, self.request.remote_ip, TPE_USER_LOCKED, '登录失败,用户已被锁定')
# return self.write_json(TPE_USER_LOCKED)
# elif user_info['state'] == TP_STATE_DISABLED:
# syslog.sys_log(user_info, self.request.remote_ip, TPE_USER_DISABLED, '登录失败,用户已被禁用')
# return self.write_json(TPE_USER_DISABLED)
# elif user_info['state'] != TP_STATE_NORMAL:
# syslog.sys_log(user_info, self.request.remote_ip, TPE_FAILED, '登录失败,系统内部错误')
# return self.write_json(TPE_FAILED)
#
# err_msg = ''
# if login_type in [TP_LOGIN_AUTH_USERNAME_PASSWORD, TP_LOGIN_AUTH_USERNAME_PASSWORD_CAPTCHA, TP_LOGIN_AUTH_USERNAME_PASSWORD_OATH]:
# # 如果系统配置了密码有效期,则检查用户的密码是否失效
# if sys_cfg.password.timeout != 0:
# pass
#
# if not tp_password_verify(password, user_info['password']):
# err, is_locked = user.update_fail_count(self, user_info)
# if is_locked:
# err_msg = '用户被临时锁定!'
# syslog.sys_log(user_info, self.request.remote_ip, TPE_USER_AUTH, '登录失败,密码错误!{}'.format(err_msg))
# return self.write_json(TPE_USER_AUTH)
#
# if login_type in [TP_LOGIN_AUTH_USERNAME_OATH, TP_LOGIN_AUTH_USERNAME_PASSWORD_OATH]:
# # use oath
# if not tp_oath_verify_code(user_info['oath_secret'], oath):
# err, is_locked = user.update_fail_count(self, user_info)
# if is_locked:
# err_msg = '用户被临时锁定!'
# syslog.sys_log(user_info, self.request.remote_ip, TPE_OATH_MISMATCH, "登录失败,身份验证器动态验证码错误!{}".format(err_msg))
# return self.write_json(TPE_OATH_MISMATCH)
self._user = user_info
self._user['_is_login'] = True
# del self._user['password']
# del self._user['oath_secret']
if remember:
self.set_session('user', self._user, 12 * 60 * 60)
else:
self.set_session('user', self._user)
user.update_login_info(self, user_info['id'])
# 记录登录日志
syslog.sys_log(self._user, self.request.remote_ip, TPE_OK, "登录成功")
self.set_cookie('username', username)
return self.write_json(TPE_OK)