def get_userid(request):
"""
从cookie中获取user_id, 失败返回None
"""
if not hasattr(request, '_userid'):
token = request.QUERY.get("tbkt_token") or request.META.get(
'HTTP_TBKT_TOKEN') or request.COOKIES.get('tbkt_token')
r = auth.decode_token(token)
request._userid = r['user_id'] if r else None
request._expire = expire = r['expire'] if r else None
# 如果token过期时间到一半就续签
if expire and time.time() >= expire - settings.SESSION_COOKIE_AGE / 2:
request._newtoken = auth.create_token(request._userid)
return request._userid
def __init__(self, request=None, user_id=None, headers=None, cookies=None):
"""
:param request: django.http.HttpRequest对象
如果request不为空, 意味着每次调用都携带登录状态
:param user_id: 如果user_id不为空, 构造登录token
:param headers: 自定义公共头部字典
:param cookies: 自定义公共cookie字典
"""
self.headers = headers or {}
self.cookies = cookies or {}
if request:
token = request.META.get('HTTP_TBKT_TOKEN') or request.COOKIES.get('tbkt_token')
self.cookies['tbkt_token'] = token
if user_id:
token = auth.create_token(user_id)
self.cookies['tbkt_token'] = token
def verify_user(user_id, phone, name):
"""确认邀请用户"""
if len(phone) != 11 or not phone.isdigit():
return u'', u'请输入正确手机号!'
stus = db.tbkt_user_slave.auth_user.filter(username__startswith=phone,
type=1).select(
'id', 'real_name')[:]
if not stus:
return u'', u'您不是同步课堂用户,请登录http://user.jxtbkt.cn/注册'
stu = None
for s in stus:
if s.real_name == name:
stu = s
break
if not stu:
return u'', u'手机号或用户名错误!'
open_info = get_open_status(stu.id, [2, 5, 9])
token = create_token(stu.id)
data = dict(open_info=open_info, token=token)
return data, None
def phone_login(request):
"""
@api {post} /account/login/web [登录]WEB登录
@apiGroup account
@apiParamExample {json} 请求示例
{
"username":"******",
"password":"******",
"pass_flag": 1 # 0 以前的老接口,不加密, 1 现在的新程序,加密
}
@apiParam {String} username 手机号或帐号
@apiParam {String} password 密码
@apiSuccessExample {json} 成功返回
{
"next": "",
"error": "",
"message": "",
"data": [
{
"real_name": "张三",
"school_name": "创恒中学",
"unit_name": "100班",
"type":1,
"portrait": "头像",
"tbkt_token": "有效期7天的token"
},
],
"response": "ok"
}
* type = 1 学生
* type = 3 教师
"""
args = request.QUERY.casts(username=str, password=str, pass_flag=int)
username = args.username or ''
password = args.password or ''
pass_flag = int(args.pass_flag or 0)
username = username.strip().lower()
out = []
if not username:
return ajax.jsonp_fail(request, message='请输入用户名或手机号')
if not password:
return ajax.jsonp_fail(request, message='请输入密码')
if pass_flag:
password = auth.safe_pass_decode(password)
# 模糊匹配(根据手机号+密码猜测具体帐号)
if username.isdigit():
encoded_password = auth.encode_plain_password(password)
sql = """
select u.username, u.status from auth_user u
inner join auth_profile p on p.user_id=u.id and p.password='******'
where u.phone='%s'
""" % (encoded_password, username)
binds = db.user_slave.fetchall_dict(sql)
if not binds:
return ajax.jsonp_fail(request, message="账号或密码错误!")
now_binds = [b for b in binds if int(b.status) != 2]
if not now_binds:
return ajax.jsonp_fail(request, message="该账号已被禁用,请联系客服")
else:
user, auth_user = com_user.authenticate(username=username, password=password)
if not user:
return ajax.jsonp_fail(request, message='账号或密码错误,是否找回密码?')
if int(user.status) == 2:
return ajax.jsonp_fail(request, message='该账号已被禁用,请联系客服')
# 登录检查
error = com_user.web_login_check(user)
if error:
return ajax.jsonp_fail(request, message=error)
# 登录日志
thread_pool.call(common.login_handle, request, args, user)
# 输入后缀xs,js 准确返回用户信息
if not username.isdigit():
d = dict(
real_name=user.real_name,
school_name=user.school_name if user.school_name else "",
unit_name=user.unit.name if user.unit else "",
portrait=user.portrait,
type=user.type,
tbkt_token=auth.login(request, user.id),
dept_id=user.dept_id,
)
out.append(d)
return ajax.jsonp_ok(request, out)
# 手机号下的所有账号
sql = """
select u.id, u.real_name, p.portrait, u.type,p.password,u.sid,u.dept_id, u.status
from auth_user u inner join auth_profile p on u.id = p.user_id and u.phone = "%s"
where u.type in (1,3) and u.dept_id in (1,2) and u.status != 2
order by u.type desc
""" % username
users = db.user_slave.fetchall_dict(sql)
if not users:
return ajax.jsonp_fail(request, message='账号或密码错误,是否找回密码?')
user_ids = [i.id for i in users]
regions = db.ketang.mobile_order_region.select("school_name", "unit_class_id", "user_id") \
.filter(user_id__in=user_ids).group_by("user_id")[:]
units_id = [i.unit_class_id for i in regions]
region_map = {i.user_id: i for i in regions}
units = db.slave.school_unit_class.select("unit_name", "id").filter(id__in=units_id)[:]
units_map = {i.id: i.unit_name for i in units}
for i in users:
region = region_map.get(i.id)
unit_id = region.unit_class_id if region else 0
school_name = region.school_name if region else ""
unit_name = units_map.get(unit_id, "")
d = dict(
real_name=i.real_name,
school_name=school_name,
unit_name=unit_name,
type=i.type,
portrait=get_portrait(i, i.type),
# 'portrait': com_user.get_portrait(u, u.type),
tbkt_token=create_token(i.id),
sid=i.sid,
dept_id=i.dept_id
)
out.append(d)
return ajax.jsonp_ok(request, out)