def loginRequest(auth):
"""Login cvat\n
params:
auth: json contains username and password
return: json contains apiKey token
"""
if not auth or not auth.username or not auth.password:
return make_response(
'Could not verify', 401,
{'WWW-Authenticate': 'Basic realm="Login required!"'})
user = models.User.query.filter_by(username=auth.username).first()
if not user:
return make_response(
'Could not verify', 401,
{'WWW-Authenticate': 'Basic realm="Login required!"'})
algo, iterations, salt, hashTemp = user.password.split('$')
if django_pbkdf2_sha256.using(rounds=int(iterations),
salt=salt).verify(auth.password,
user.password):
token = jwt.encode(
{
'id': user.id,
'exp':
datetime.datetime.utcnow() + datetime.timedelta(days=365)
}, app.app.config['SECRET_KEY'])
return jsonify({'apiKey': token.decode('UTF-8')})
return make_response('Could not verify', 401,
{'WWW-Authenticate': 'Basic realm="Login required!"'})
def post(self, request, format='json'):
now = datetime.now()
serializer = JSONParser().parse(request)
serializer['password'] = handler.using(rounds=18000).hash(
serializer['password'])
latest = 0
dt_string = now.strftime("%d/%m/%Y %H:%M:%S")
temp = my_client.find().sort("_id", -1).limit(1)
for i in temp:
latest = i['id']
serializer['id'] = latest + 1
serializer['is_superuser'] = False
serializer['is_staff'] = False
serializer['is_active'] = True
serializer['date_joined'] = dt_string
serializer['bill'] = []
x = my_client.insert_one(serializer)
if x:
return JsonResponse({"result": "success"},
status=status.HTTP_201_CREATED)
return JsonResponse({"result": "failure"},
status=status.HTTP_400_BAD_REQUEST)
stock_rounds = 24000
else: # 1.8
stock_config = _apps.django16_context.to_dict()
stock_rounds = 20000
stock_config.update(
deprecated="auto",
django_pbkdf2_sha1__default_rounds=stock_rounds,
django_pbkdf2_sha256__default_rounds=stock_rounds,
)
# override sample hashes used in test cases
from passlib.hash import django_pbkdf2_sha256
sample_hashes = dict(django_pbkdf2_sha256=(
"not a password",
django_pbkdf2_sha256.using(rounds=stock_config.get(
"django_pbkdf2_sha256__default_rounds")).hash("not a password")))
#=============================================================================
# test utils
#=============================================================================
class _ExtensionSupport(object):
"""support funcs for loading/unloading extension"""
#===================================================================
# support funcs
#===================================================================
@classmethod
def _iter_patch_candidates(cls):
"""helper to scan for monkeypatches.
returns tuple containing:
def verify_pw(pw, db_pw):
# 校验密码
hash = django_pbkdf2_sha256.using(rounds=36000)
is_true = hash.verify(pw, db_pw)
return is_true
def make_pw_hash(pw):
# 密码加密,返回加密密码
hash = django_pbkdf2_sha256.using(rounds=36000)
hash_pw = hash.hash(pw)
return hash_pw
Date: 2020-11-21 15:13:04
LastEditors: Moyu
LastEditTime: 2020-11-25 11:29:20
'''
import time
from datetime import datetime, timedelta
from typing import Any, Union
import jwt
from models import SysUser
from passlib.hash import django_pbkdf2_sha256
from schemas import TokenPayload
from core.config import settings
pwd_context = django_pbkdf2_sha256.using(rounds=180000)
ALGORITHM = "HS256"
def create_access_token(sys_user: SysUser) -> str:
expires_at = int(time.time()) + 60 * settings.ACCESS_TOKEN_EXPIRE_MINUTES
to_encode = {
"sub": sys_user.id,
"nickname": sys_user.nickname,
"username": sys_user.username,
"authority_id": sys_user.sys_authority_id,
"buffer_time": 60 * 60 * 24, # 缓冲时间1天
"not_before": int(time.time()) - 1, # 生效时间
"expires_at": expires_at, # 过期时间
}