def GET(self):
inputs = sh.inputs()
assert (inputs.has_key('code'))
assert (inputs.has_key('state'))
site_name = inputs.state.partition('_')[0]
authorization_code = inputs.code.strip()
oauth_ctrl = sh.ctrl('oauth.%s' % site_name)
oauth_model = sh.model('oauth.%sOAuth2' % site_name)
user_ctrl = sh.ctrl('User')
user_model = sh.model('User')
token_url = oauth_ctrl.createAccessTokenUrl(authorization_code)
content = sh.requestHtmlContent(token_url, None,
oauth_ctrl.ACCESS_TOKEN_METHOD)
assert content, u'第三方返回的数据有误'
access_token, access_expires = oauth_ctrl.pickAccessTokenAndExpires(
content)
requested_uid = oauth_ctrl.requestUidWithAccessToken(access_token)
assert requested_uid, u'第三方返回的数据有误'
if self.TEST_API_LOGIN:
login_url = '%s/api/oauth/login?access_token=%s&access_expires=%s&uid=%s&state=%s' % (
sh.config.HOST_NAME, access_token, access_expires,
requested_uid, inputs.state)
return '<a href="%s" >%s</a>' % (login_url, login_url)
# 因为access_token是动态变化的,所以要用requested_uid来判断是否登录过
# 这也避免了access_token变化时插入重复的uid
exists = oauth_model.getByUid(requested_uid)
# 如果当前uid还没有插入数据库,则先插入再考虑绑定Userid
if not exists:
new_oauth_id = oauth_model.insert(
dict(uid=requested_uid,
access_token=access_token,
access_expires=access_expires))
exists = oauth_model.get(new_oauth_id)
# 如果已绑定Userid则登录
if exists.Userid:
return self.login(exists.Userid)
# 如果希望自动注册,则注册并绑定后登录
if self.NO_REGISTER_ACTION == 'auto_register':
data = oauth_ctrl.assignUserInfo(sh.storage(), access_token)
self.assignRandomPassword(data)
self.assignRegisterIP(data)
conflict = user_ctrl.checkNewUser(data)
if conflict:
return self.redirectToRegister(access_token,
inputs.state,
error=conflict)
new_user_id = user_model.insert(data)
oauth_model.update(exists.id, dict(Userid=new_user_id))
return self.login(new_user_id)
# 否则希望用户自己注册
elif self.NO_REGISTER_ACTION == 'to_register':
return self.redirectToRegister(access_token, inputs.state)
def GET(self):
action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')
if action == 'admin/login':
return sh.editor_nobase.user.Login()
if action == 'admin/logout':
sh.ctrl('AdminUser').logout()
return sh.redirect('/')
def GET(self):
action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')
if action == 'login':
return sh.page.user.Login()
if action == 'logout':
sh.ctrl('User').logout()
return sh.redirect('/')
def GET(self):
action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')
if action == 'admin/login':
return sh.editor_nobase.user.Login()
if action == 'admin/logout':
sh.ctrl('AdminUser').logout()
return sh.redirect('/')
def GET(self):
action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')
if action == 'login':
return sh.page.user.Login()
if action == 'logout':
sh.ctrl('User').logout()
return sh.redirect('/')
def POST(self):
inputs = sh.inputs()
if inputs['action'] == 'isLogin':
if sh.session.is_login:
return sh.toJsonp({'is_login': True, 'name': sh.session.name, 'id': sh.session.id})
else:
return sh.toJsonp({'is_login': False, 'name': '', 'id': 0})
if inputs['action'] == 'login':
assert(inputs.get('email', '').strip())
assert(inputs.get('password', ''))
model = sh.model('User')
uc = sh.ctrl('User')
if not uc.validate(inputs.email, inputs.password):
return sh.toJsonp({'is_login':False, 'error':'邮箱或密码不对'})
user = model.getByEmail(inputs.email)
if user.dead == 'yes':
return sh.toJsonp({'is_login':False, 'error':'你已被列入黑名单'})
uc.login(user, inputs.get('remember_me', '') == 'on')
return sh.toJsonp({'is_login':True, 'name': user.name, 'id': user.id})
if inputs['action'] == 'logout':
sh.ctrl('User').logout()
return 'bye'
def GET(self):
inputs = sh.inputs()
assert inputs.has_key("code")
assert inputs.has_key("state")
site_name = inputs.state.partition("_")[0]
authorization_code = inputs.code.strip()
oauth_ctrl = sh.ctrl("oauth.%s" % site_name)
oauth_model = sh.model("oauth.%sOAuth2" % site_name)
user_ctrl = sh.ctrl("User")
user_model = sh.model("User")
token_url = oauth_ctrl.createAccessTokenUrl(authorization_code)
content = sh.requestHtmlContent(token_url, None, oauth_ctrl.ACCESS_TOKEN_METHOD)
assert content, u"第三方返回的数据有误"
access_token, access_expires = oauth_ctrl.pickAccessTokenAndExpires(content)
requested_uid = oauth_ctrl.requestUidWithAccessToken(access_token)
assert requested_uid, u"第三方返回的数据有误"
if self.TEST_API_LOGIN:
login_url = "%s/api/oauth/login?access_token=%s&access_expires=%s&uid=%s&state=%s" % (
sh.config.HOST_NAME,
access_token,
access_expires,
requested_uid,
inputs.state,
)
return '<a href="%s" >%s</a>' % (login_url, login_url)
# 因为access_token是动态变化的,所以要用requested_uid来判断是否登录过
# 这也避免了access_token变化时插入重复的uid
exists = oauth_model.getByUid(requested_uid)
# 如果当前uid还没有插入数据库,则先插入再考虑绑定Userid
if not exists:
new_oauth_id = oauth_model.insert(
dict(uid=requested_uid, access_token=access_token, access_expires=access_expires)
)
exists = oauth_model.get(new_oauth_id)
# 如果已绑定Userid则登录
if exists.Userid:
return self.login(exists.Userid)
# 如果希望自动注册,则注册并绑定后登录
if self.NO_REGISTER_ACTION == "auto_register":
data = oauth_ctrl.assignUserInfo(sh.storage(), access_token)
self.assignRandomPassword(data)
self.assignRegisterIP(data)
conflict = user_ctrl.checkNewUser(data)
if conflict:
return self.redirectToRegister(access_token, inputs.state, error=conflict)
new_user_id = user_model.insert(data)
oauth_model.update(exists.id, dict(Userid=new_user_id))
return self.login(new_user_id)
# 否则希望用户自己注册
elif self.NO_REGISTER_ACTION == "to_register":
return self.redirectToRegister(access_token, inputs.state)
def loginByCookie(handler):
if not sh.session.is_login:
email = web.cookies().get("email", "")
md5password = web.cookies().get("md5password", "")
if email and md5password:
user = sh.model("User").getOneByWhere("email=%s and password=%s", email, md5password)
if user:
sh.ctrl("User").login(user)
return handler()
def loginByCookie(handler):
if not sh.session.is_login:
email = web.cookies().get('email', '')
md5password = web.cookies().get('md5password', '')
if email and md5password:
user = sh.model('User').getOneByWhere('email=%s and password=%s',
email, md5password)
if user:
sh.ctrl('User').login(user)
return handler()
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
assert(inputs.get('email', '').strip())
assert(inputs.get('password', ''))
uc = sh.ctrl('User')
model = sh.model('User')
action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')
if action == 'login':
if not uc.validate(inputs.email, inputs.password):
return sh.page.user.Login('您输入的用户名或密码不对, 请重新输入', inputs.email)
user = model.getByEmail(inputs.email)
if user.dead == 'yes':
return sh.alert('登录失败,你已被列入黑名单,请联系管理员')
uc.login(user, inputs.get('remember_me', '') == 'on')
# 获得打开login页面时url中指定的referer
referer = sh.getUrlParams(sh.getEnv('HTTP_REFERER')).get('referer', None)
if referer:
return sh.redirect(referer)
elif sh.inputs().get('referer', None):
return sh.redirect(sh.inputs().get('referer', None))
else:
return sh.alert('登录成功. 欢迎回来!')
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
assert(inputs.get('email', '').strip())
assert(inputs.get('password', ''))
uc = sh.ctrl('User')
model = sh.model('User')
action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')
if action == 'login':
if not uc.validate(inputs.email, inputs.password):
return sh.page.user.Login('您输入的用户名或密码不对, 请重新输入', inputs.email)
user = model.getByEmail(inputs.email)
if user.dead == 'yes':
return sh.alert('登录失败,你已被列入黑名单,请联系管理员')
uc.login(user, inputs.get('remember_me', '') == 'on')
# 获得打开login页面时url中指定的referer
referer = sh.getUrlParams(sh.getEnv('HTTP_REFERER')).get('referer', None)
if referer:
return sh.redirect(referer)
elif sh.inputs().get('referer', None):
return sh.redirect(sh.inputs().get('referer', None))
else:
return sh.redirect('/')
def getCurrTopMenuTitle(self):
it = sh.ctrl('IndentTable')
indents = it.indent(sh.getEditorMenu())
if it.getIndentsLevel(indents) == 4:
return sh.getUrlParams().get('top_menu', indents[0][0]).partition(' ')[0]
else:
return ''
def POST(self):
inputs = sh.inputs()
assert inputs.get('access_token', '')
assert inputs.get('access_expires', '')
assert inputs.get('uid', '')
assert inputs.get('state', '')
site_name = inputs.state.partition('_')[0]
oauth_ctrl = sh.ctrl('oauth.%s' % site_name)
oauth_model = sh.model('oauth.%sOAuth2' % site_name)
user_ctrl = sh.ctrl('User')
user_model = sh.model('User')
requested_uid = oauth_ctrl.requestUidWithAccessToken(
inputs.access_token)
# 如果access_token和uid验证不对,则不让登录
if not requested_uid or requested_uid != inputs.uid:
return sh.toJsonp(dict(error="该第三方帐号未绑定任何站内帐号", is_login=False))
exists = oauth_model.getByUid(requested_uid)
# 如果当前uid还没有插入数据库,则先插入再考虑绑定Userid
if not exists:
new_id = oauth_model.insert(
dict(uid=requested_uid,
access_token=inputs.access_token,
access_expires=inputs.access_expires))
exists = oauth_model.get(new_id)
if exists.Userid: # 如果已绑定本站帐号
return self.login(exists.Userid)
inputs = oauth_ctrl.assignUserInfo(inputs, inputs.access_token)
self.assignRandomPassword(inputs)
self.assignRegisterIP(inputs)
conflict = user_ctrl.checkNewUser(inputs)
if conflict:
return sh.toJsonp(
dict(is_login=False,
error=conflict,
name=inputs.get('name', ''),
sex=inputs.get('sex', '')))
new_id = user_model.insert(inputs)
oauth_model.update(exists.id, dict(Userid=new_id))
return self.login(new_id)
def GET(self, name):
menu_config = sh.ctrl('Editor').getMenuConfig()
# 禁止访问未公开的路径
if not menu_config: return sh.redirectTo404()
key = self.prefix_key + name
value = sh.getSiteConfig(key)
return sh.editor.IndentTable(value, menu_config)
def POST(self):
inputs = sh.inputs()
assert inputs.get('access_token', '')
assert inputs.get('state', '')
assert inputs.get(self.PRIMARY_KEY, '')
assert inputs.get('password', '')
site_name = inputs.state.partition('_')[0]
user_model = sh.model('User')
user_ctrl = sh.ctrl('User')
oauth_model = sh.model('oauth.%sOAuth2' % site_name)
oauth_ctrl = sh.ctrl('oauth.%s' % site_name)
cn_site_name = self._getCNSiteName()
if self.PRIMARY_KEY == 'email':
exists_user = user_model.getByEmail(inputs.email)
elif self.PRIMARY_KEY == 'name':
exists_user = user_model.getByName(inputs.name)
# 如果primary_value没有注册过, 那么新建用户并绑定第三方帐号
if not exists_user:
inputs = oauth_ctrl.assignUserInfo(inputs, inputs.access_token)
self.assignRegisterIP(inputs)
conflict = user_ctrl.checkNewUser(inputs)
if conflict:
return self._render(conflict)
new_id = user_model.insert(inputs)
oauth_model.bindUseridByAccessToken(inputs.access_token, new_id)
return self.login(new_id)
# 否则已经注册过,检查密码是否正确
else:
if self.PRIMARY_KEY == 'email':
check_password = user_ctrl.validate(inputs.email,
inputs.password)
elif self.PRIMARY_KEY == 'name':
check_password = user_ctrl.validateByName(
inputs.name, inputs.password)
if not check_password:
error = '您已经注册过, 但您输入的密码不正确, 请重新输入'
return self._render(error)
oauth_model.bindUseridByAccessToken(inputs.access_token,
exists_user.Userid)
return self.login(exists_user.Userid)
def getCurrTopMenuTitle(self):
it = sh.ctrl('IndentTable')
indents = it.indent(sh.getEditorMenu())
if it.getIndentsLevel(indents) == 4:
return sh.getUrlParams().get('top_menu',
indents[0][0]).partition(' ')[0]
else:
return ''
def GET(self, name):
menu_config = sh.ctrl('Editor').getMenuConfig()
# 禁止访问未公开的路径
if not menu_config: return sh.redirectTo404()
key = self.prefix_key + name
value = sh.getSiteConfig(key)
return sh.editor.IndentTable(value, menu_config)
def getTopMenuTitles(self):
it = sh.ctrl('IndentTable')
indents = it.indent(sh.getEditorMenu())
titles = [i.strip() for i, k in indents
] if it.getIndentsLevel(indents) == 4 else []
return [
t.partition(' ')[::2] if ' ' in t else (t, sh.editor_config.index)
for t in titles
]
def POST(self):
inputs = sh.inputs()
assert inputs.get('access_token', '')
assert inputs.get('state', '')
assert inputs.get(self.PRIMARY_KEY, '')
assert inputs.get('password', '')
site_name = inputs.state.partition('_')[0]
user_model = sh.model('User')
user_ctrl = sh.ctrl('User')
oauth_model = sh.model('oauth.%sOAuth2' % site_name)
oauth_ctrl = sh.ctrl('oauth.%s' % site_name)
cn_site_name = self._getCNSiteName()
if self.PRIMARY_KEY == 'email':
exists_user = user_model.getByEmail(inputs.email)
elif self.PRIMARY_KEY == 'name':
exists_user = user_model.getByName(inputs.name)
# 如果primary_value没有注册过, 那么新建用户并绑定第三方帐号
if not exists_user:
inputs = oauth_ctrl.assignUserInfo(inputs, inputs.access_token)
self.assignRegisterIP(inputs)
conflict = user_ctrl.checkNewUser(inputs)
if conflict:
return self._render(conflict)
new_id = user_model.insert(inputs)
oauth_model.bindUseridByAccessToken(inputs.access_token, new_id)
return self.login(new_id)
# 否则已经注册过,检查密码是否正确
else:
if self.PRIMARY_KEY == 'email':
check_password = user_ctrl.validate(inputs.email, inputs.password)
elif self.PRIMARY_KEY == 'name':
check_password = user_ctrl.validateByName(inputs.name, inputs.password)
if not check_password:
error = '您已经注册过, 但您输入的密码不正确, 请重新输入'
return self._render(error)
oauth_model.bindUseridByAccessToken(inputs.access_token, exists_user.Userid)
return self.login(exists_user.Userid)
def getAdminMenuList(self):
t_ctrl = sh.ctrl('IndentTable')
menu_list = t_ctrl.indentsToList(t_ctrl.indent(self._getEditorMenu()))
for title, sub_menu in menu_list:
for sub_title, page in sub_menu:
if not page.has_key('url'):
model_name = page.get('model', '')
assert sh.model(model_name), '后台目录%s配置中缺少url或model名称不正确: %s' % (sub_title, model_name)
page.url = '/admin/model/%s' % model_name
return menu_list
def POST(self):
inputs = sh.inputs()
assert inputs.get("access_token", "")
assert inputs.get("access_expires", "")
assert inputs.get("uid", "")
assert inputs.get("state", "")
site_name = inputs.state.partition("_")[0]
oauth_ctrl = sh.ctrl("oauth.%s" % site_name)
oauth_model = sh.model("oauth.%sOAuth2" % site_name)
user_ctrl = sh.ctrl("User")
user_model = sh.model("User")
requested_uid = oauth_ctrl.requestUidWithAccessToken(inputs.access_token)
# 如果access_token和uid验证不对,则不让登录
if not requested_uid or requested_uid != inputs.uid:
return sh.toJsonp(dict(error="该第三方帐号未绑定任何站内帐号", is_login=False))
exists = oauth_model.getByUid(requested_uid)
# 如果当前uid还没有插入数据库,则先插入再考虑绑定Userid
if not exists:
new_id = oauth_model.insert(
dict(uid=requested_uid, access_token=inputs.access_token, access_expires=inputs.access_expires)
)
exists = oauth_model.get(new_id)
if exists.Userid: # 如果已绑定本站帐号
return self.login(exists.Userid)
inputs = oauth_ctrl.assignUserInfo(inputs, inputs.access_token)
self.assignRandomPassword(inputs)
self.assignRegisterIP(inputs)
conflict = user_ctrl.checkNewUser(inputs)
if conflict:
return sh.toJsonp(
dict(is_login=False, error=conflict, name=inputs.get("name", ""), sex=inputs.get("sex", ""))
)
new_id = user_model.insert(inputs)
oauth_model.update(exists.id, dict(Userid=new_id))
return self.login(new_id)
def pickPageConfig(self, menu_config, path):
config = sh.ctrl('IndentTable').contentToDict(menu_config)
for t1, v1 in config.items():
for t2, v2 in v1.items():
if self._matchMenuPath(path, v2):
v2._title = [t1, t2]
v2 = self._changeType(v2)
return v2
return None
def pickPageConfig(self, menu_config, path):
config = sh.ctrl('IndentTable').contentToDict(menu_config)
for t1, v1 in config.items():
for t2, v2 in v1.items():
if self._matchMenuPath(path, v2):
v2._title = [t1, t2]
v2 = self._changeType(v2)
return v2
return None
def POST(self):
inputs = web.input()
if inputs.action == 'send_code':
user = sh.model('User').getByEmail(inputs.email.strip())
if user:
sh.ctrl('User').sendForgetPasswordEmail(user)
return sh.alert('发送成功,请查收您的邮件(可能在"垃圾邮件"中)。', '/')
elif inputs.action == 'reset_password':
assert(6 <= len(inputs.password) < 60)
user_model = sh.model('User')
code_model = sh.model('UserForgetPassword')
exists = code_model.getOneByWhere('Userid=%s and code=%s', inputs.Userid, inputs.code)
if not exists:
return sh.alert('链接无效,请重新申请')
if (datetime.now() - exists.created).seconds > code_model.expires:
return sh.alert('链接已过期,请重新申请')
user_model.update(inputs.Userid, dict(password=inputs.password))
code_model.delete(exists.id)
return sh.alert('重设密码成功,请登录', '/login')
def POST(self):
inputs = web.input()
if inputs.action == 'send_code':
user = sh.model('User').getByEmail(inputs.email.strip())
if user:
sh.ctrl('User').sendForgetPasswordEmail(user)
return sh.alert('发送成功,请查收您的邮件(可能在"垃圾邮件"中)。', '/')
elif inputs.action == 'reset_password':
assert (6 <= len(inputs.password) < 60)
user_model = sh.model('User')
code_model = sh.model('UserForgetPassword')
exists = code_model.getOneByWhere('Userid=%s and code=%s',
inputs.Userid, inputs.code)
if not exists:
return sh.alert('链接无效,请重新申请')
if (datetime.now() - exists.created).seconds > code_model.expires:
return sh.alert('链接已过期,请重新申请')
user_model.update(inputs.Userid, dict(password=inputs.password))
code_model.delete(exists.id)
return sh.alert('重设密码成功,请登录', '/login')
def getAdminMenuList(self):
t_ctrl = sh.ctrl('IndentTable')
menu_list = t_ctrl.indentsToList(t_ctrl.indent(self._getEditorMenu()))
for title, sub_menu in menu_list:
for sub_title, page in sub_menu:
if not page.has_key('url'):
model_name = page.get('model', '')
assert sh.model(
model_name), '后台目录%s配置中缺少url或model名称不正确: %s' % (
sub_title, model_name)
page.url = '/admin/model/%s' % model_name
return menu_list
def POST(self):
inputs = sh.inputs()
if inputs['action'] == 'isLogin':
if sh.session.is_login:
return sh.toJsonp({
'is_login': True,
'name': sh.session.name,
'id': sh.session.id
})
else:
return sh.toJsonp({'is_login': False, 'name': '', 'id': 0})
if inputs['action'] == 'login':
assert (inputs.get('email', '').strip())
assert (inputs.get('password', ''))
model = sh.model('User')
uc = sh.ctrl('User')
if not uc.validate(inputs.email, inputs.password):
return sh.toJsonp({'is_login': False, 'error': '邮箱或密码不对'})
user = model.getByEmail(inputs.email)
if user.dead == 'yes':
return sh.toJsonp({'is_login': False, 'error': '你已被列入黑名单'})
uc.login(user, inputs.get('remember_me', '') == 'on')
return sh.toJsonp({
'is_login': True,
'name': user.name,
'id': user.id
})
if inputs['action'] == 'logout':
sh.ctrl('User').logout()
return 'bye'
def GET(self, model_name):
model = sh.model(model_name)
menu_config = sh.ctrl('Editor').getMenuConfig()
# 禁止访问未公开的路径
if not menu_config: return sh.redirectTo404()
env = self._getEnv(model, menu_config)
items = model.all(env)
pagination_html = model.getPaginationHtml(env) \
if hasattr(model, 'getPaginationHtml') else ''
return sh.editor.model.List(model_name, model.column_names + menu_config.append_column,
model.getColumnTypes(), menu_config, items, pagination_html, )
def _getEditorMenu(self):
it = sh.ctrl('IndentTable')
indents = it.indent(sh.getEditorMenu())
level = it.getIndentsLevel(indents)
if level == 3:
return sh.getEditorMenu()
elif level == 4:
menu_name = sh.getUrlParams().get('top_menu', indents[0][0])
for k,v in indents:
if k == menu_name or (' ' in k and k.partition(' ')[0] == menu_name):
return it.indentsToConfig(v)
else:
return ''
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
uc = sh.ctrl('User')
error = uc.checkNewUser(inputs)
if error:
return sh.toJsonp({'is_login': False, 'error': error})
new_id = uc.register(inputs)
uc.loginById(new_id, inputs.get('remember_me', 'no') == 'yes')
if sh.model('User').validation_request:
uc.sendValidationEmail(user)
return sh.toJsonp({'is_login': True, 'id': new_id, 'msg': '注册成功,请查收您的验证邮件'})
else:
return sh.toJsonp({'is_login': True, 'id': new_id, 'msg': '注册成功'})
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
uc = sh.ctrl('User')
error = uc.checkNewUser(inputs)
if error:
return sh.page.user.Register(error, inputs.get('email', ''))
new_id = uc.register(inputs)
uc.loginById(new_id, inputs.get('remember_me', 'no') == 'yes')
if sh.model('User').validation_request:
uc.sendValidationEmail(user)
return sh.alert('注册成功,请查收您的验证邮件')
else:
return sh.alert('注册成功')
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
uc = sh.ctrl('User')
error = uc.checkNewUser(inputs)
if error:
return sh.toJsonp({'is_login': False, 'error': error})
new_id = uc.register(inputs)
uc.loginById(new_id, inputs.get('remember_me', 'off') == 'on')
if sh.model('User').validation_request:
uc.sendValidationEmail(user)
return sh.toJsonp({'is_login': True, 'id': new_id, 'msg': '注册成功,请查收您的验证邮件'})
else:
return sh.toJsonp({'is_login': True, 'id': new_id, 'msg': '注册成功'})
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
uc = sh.ctrl('User')
error = uc.checkNewUser(inputs)
if error:
return sh.page.user.Register(error, inputs.get('email', ''))
new_id = uc.register(inputs)
uc.loginById(new_id, inputs.get('remember_me', 'no') == 'yes')
if sh.model('User').validation_request:
uc.sendValidationEmail(user)
return sh.alert('注册成功,请查收您的验证邮件')
else:
return sh.alert('注册成功')
def POST(self, inputs=None):
if not inputs: inputs = web.input()
assert (inputs.get('email', '').strip())
assert (inputs.get('password', ''))
uc = sh.ctrl('AdminUser')
model = sh.model('AdminUser')
action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')
if action == 'admin/login':
if not uc.validate(inputs.email, inputs.password):
return sh.editor_nobase.user.Login('密码不对', inputs.email)
user = model.getByEmail(inputs.email)
uc.login(user)
return sh.redirect('/admin')
def _getEditorMenu(self):
it = sh.ctrl('IndentTable')
indents = it.indent(sh.getEditorMenu())
level = it.getIndentsLevel(indents)
if level == 3:
return sh.getEditorMenu()
elif level == 4:
menu_name = sh.getUrlParams().get('top_menu', indents[0][0])
for k, v in indents:
if k == menu_name or (' ' in k
and k.partition(' ')[0] == menu_name):
return it.indentsToConfig(v)
else:
return ''
def POST(self, inputs=None):
if not inputs: inputs = web.input()
assert(inputs.get('email', '').strip())
assert(inputs.get('password', ''))
uc = sh.ctrl('AdminUser')
model = sh.model('AdminUser')
action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')
if action == 'admin/login':
if not uc.validate(inputs.email, inputs.password):
return sh.editor.user.Login('密码不对', inputs.email)
user = model.getByEmail(inputs.email)
uc.login(user)
return sh.redirect('/admin')
def GET(self, model_name, model_id=None):
menu_config = sh.ctrl('Editor').getMenuConfig()
# 禁止访问未公开的路径
if not menu_config: return sh.redirectTo404()
model = sh.model(model_name)
if model_id:
item = model.get(model_id)
action = 'update'
assert item is not None
else:
item = None
action = 'insert'
return sh.editor.model.Edit(model_name, model.column_names + menu_config.append_column, model.getColumnTypes(), menu_config, item, action)
def POST(self):
inputs = sh.inputs()
assert (6 <= len(inputs.new_password) < 60)
user_model = sh.model('User')
user_ctrl = sh.ctrl('User')
if not sh.session.is_login:
return sh.redirectToLogin()
Userid = sh.session.id
user = user_model.get(Userid)
assert (user is not None)
if not user_ctrl.validate(user.email, inputs.old_password):
return sh.page.user.ResetPassword('原密码输入错误, 请重新输入')
user_model.update(Userid, dict(password=inputs.new_password))
return sh.alert('重置密码成功', '/')
def POST(self):
inputs = sh.inputs()
assert(6 <= len(inputs.new_password) < 60)
user_model = sh.model('User')
user_ctrl = sh.ctrl('User')
if not sh.session.is_login:
return sh.redirectToLogin()
Userid = sh.session.id
user = user_model.get(Userid)
assert(user is not None)
if not user_ctrl.validate(user.email, inputs.old_password):
return sh.page.user.ResetPassword('原密码输入错误, 请重新输入')
user_model.update(Userid, dict(password=inputs.new_password))
return sh.alert('重置密码成功', '/')
def GET(self, model_name):
model = sh.model(model_name)
menu_config = sh.ctrl('Editor').getMenuConfig()
# 禁止访问未公开的路径
if not menu_config: return sh.redirectTo404()
env = self._getEnv(model, menu_config)
if hasattr(model, '_usePrivate'):
assert 'new' in menu_config.list_btn_hidden, '私有数据请关闭后台new功能'
assert 'edit' in menu_config.list_btn_hidden, '私有数据请关闭后台edit功能'
assert 'delete' in menu_config.list_btn_hidden, '私有数据请关闭后台delete功能'
env['use_private'] = False # 不使用Private Decorator
items = model.all(env)
pagination_html = model.getPaginationHtml(env) \
if hasattr(model, 'getPaginationHtml') else ''
return sh.editor.model.List(model_name, model.column_names + menu_config.append_column,
model.getColumnTypes(), menu_config, items, pagination_html, )
def GET(self, name):
inputs = sh.inputs()
menu_config = sh.ctrl('Editor').getMenuConfig()
# 禁止访问未公开的路径
if not menu_config: return sh.redirectTo404()
model = sh.model('SiteConfig')
env = sh.storage()
if menu_config.get('filter', None):
env['where'] = ['name like %s', menu_config['filter']]
if menu_config.get('orderby', None):
env.orderby = model.replaceAttr(menu_config.orderby)
if inputs.get('where', ''):
env.where = [inputs.where]
items = model.all(env)
pagination_html = model.getPaginationHtml(env)
return sh.editor.SiteConfig(items, pagination_html, menu_config)
def GET(self, name):
inputs = sh.inputs()
menu_config = sh.ctrl('Editor').getMenuConfig()
# 禁止访问未公开的路径
if not menu_config: return sh.redirectTo404()
model = sh.model('SiteConfig')
env = sh.storage()
if menu_config.get('filter', None):
env['where'] = ['name like %s', menu_config['filter']]
if menu_config.get('orderby', None):
env.orderby = model.replaceAttr(menu_config.orderby)
if inputs.get('where', ''):
env.where = [inputs.where]
items = model.all(env)
pagination_html = model.getPaginationHtml(env)
return sh.editor.SiteConfig(items, pagination_html, menu_config)
def GET(self, path):
mc = sh.ctrl("Editor").getMenuConfig()
# 禁止访问未公开的路径
if not mc:
return sh.redirectTo404()
inputs = sh.inputs()
select = mc.get("select", "").replace("%", "%%") # 因为MySQLdb会转义%
db = sh.getDBHelper()
if mc.get("paging", ""):
if " limit " in select.lower():
return sh.alert("使用paging选项时select中不能使用limit, 请检查后台配置", stay=10)
# 如果使用了paging, select中就不允许出现limit
if int(mc.get("paging")) <= 0:
return sh.alert("paging配置参数应为正整数", stay=10)
if " distinct " in select.lower():
return sh.alert("抱歉, 暂不支持paging与distinct一起使用", stay=10)
# 查询count(*)
form_key = " from " if " from " in select else " FROM "
total = self.__getTotal(select)
# 设置limit获得数据
select = select + " limit %d, %d" % self.__getLimit(inputs.get("page_num", 1), int(mc.paging))
items = db.fetchSome(select)
# 获得分页
pagination_html = (
'<div fx="paging[style=zarkpy;pageCount=%d;totalCount=%d;displayPages=10;firstText=第一页;lastText=末页;]"></div>'
% (int(mc.paging), total)
)
else:
items = db.fetchSome(select)
pagination_html = ""
keys = self.__getSortedKeys(select)
if len(keys) == 0 and len(items) > 0:
keys = items[0].keys()
return sh.editor.ReportForms(items, pagination_html, keys, mc)
def GET(self, path):
mc = sh.ctrl('Editor').getMenuConfig()
# 禁止访问未公开的路径
if not mc: return sh.redirectTo404()
inputs = sh.inputs()
select = mc.get('select', '').replace('%', '%%') # 因为MySQLdb会转义%
db = sh.getDBHelper()
if mc.get('paging', ''):
if ' limit ' in select.lower():
return sh.alert('使用paging选项时select中不能使用limit, 请检查后台配置', stay=10)
# 如果使用了paging, select中就不允许出现limit
if int(mc.get('paging')) <= 0:
return sh.alert('paging配置参数应为正整数', stay=10)
if ' distinct ' in select.lower():
return sh.alert('抱歉, 暂不支持paging与distinct一起使用', stay=10)
# 查询count(*)
form_key = ' from ' if ' from ' in select else ' FROM '
total = self.__getTotal(select)
# 设置limit获得数据
select = select + ' limit %d, %d' % \
self.__getLimit(inputs.get('page_num', 1), int(mc.paging))
items = db.fetchSome(select)
# 获得分页
pagination_html = '<div fx="paging[style=zarkpy;pageCount=%d;totalCount=%d;displayPages=10;firstText=第一页;lastText=末页;]"></div>' % (int(mc.paging), total)
else:
items = db.fetchSome(select)
pagination_html = ''
keys = self.__getSortedKeys(select)
if len(keys) == 0 and len(items) > 0:
keys = items[0].keys()
return sh.editor.ReportForms(items, pagination_html, keys, mc)
def GET(self, model_name):
model = sh.model(model_name)
menu_config = sh.ctrl('Editor').getMenuConfig()
# 禁止访问未公开的路径
if not menu_config: return sh.redirectTo404()
env = self._getEnv(model, menu_config)
if hasattr(model, '_usePrivate'):
assert 'new' in menu_config.list_btn_hidden, '私有数据请关闭后台new功能'
assert 'edit' in menu_config.list_btn_hidden, '私有数据请关闭后台edit功能'
assert 'delete' in menu_config.list_btn_hidden, '私有数据请关闭后台delete功能'
env['use_private'] = False # 不使用Private Decorator
items = model.all(env)
pagination_html = model.getPaginationHtml(env) \
if hasattr(model, 'getPaginationHtml') else ''
return sh.editor.model.List(
model_name,
model.column_names + menu_config.append_column,
model.getColumnTypes(),
menu_config,
items,
pagination_html,
)
#coding=utf-8
# ../../controller/IndentTable.py
import unittest
import site_helper as sh
t_ctrl = sh.ctrl('IndentTable')
db = sh.getDBHelper()
class TestIndentTable(unittest.TestCase):
def setUp(self):
model = sh.model('SiteConfig')
# 使用truncate是为了每个test中SiteConfigid从1开始
db.executeQuery('truncate %s' % model.table_name)
model.insert({'name': 'n1', 'value': 'v1', 'title': 't1'})
model.insert({'name': 'n2', 'value': 'v2', 'title': 't2'})
model.insert({'name': 'n3', 'value': 'v3', 'title': 't3'})
def test_indent_1(self):
source = '''
aaa
bb
cc
'''
target = [
['aaa',[
['bb',[]],
['cc',[]]
]],
]
#coding=utf-8
# ../../controller/Editor.py
import unittest
import site_helper as sh
e_ctrl = sh.ctrl('Editor')
db = sh.getDBHelper()
class TestEditor(unittest.TestCase):
# sh.ctrl工厂返回的实例是单例模式
def test_sh_ctrl(self):
c1 = sh.ctrl('Editor')
c2 = sh.ctrl('Editor')
self.assertIs(c1, c2)
# 根据path中的model名与配置中的model名对比(或url),获得页面配置
def test_pickPageConfig(self):
menu = '''
内容
新闻
model: News
其它
model: Other
配置
排行榜
url: /admin/rank
广告
url: /admin/ad
'''
path = '/admin/model/News/new'
def login(self, Userid):
exists_user = sh.model("User").get(Userid)
assert exists_user, u"用户不存在"
sh.ctrl("User").login(exists_user, self.REMEMBER_ME)
return sh.toJsonp(dict(is_login=True, Userid=Userid, name=sh.session.name))
def _getCNSiteName(self):
site_name = sh.inputs().state.partition('_')[0]
return sh.ctrl('oauth.' + site_name).CN_SITE_NAME
#coding=utf-8
# ../../controller/Editor.py
import unittest
import site_helper as sh
e_ctrl = sh.ctrl('Editor')
db = sh.getDBHelper()
class TestEditor(unittest.TestCase):
# sh.ctrl工厂返回的实例是单例模式
def test_sh_ctrl(self):
c1 = sh.ctrl('Editor')
c2 = sh.ctrl('Editor')
self.assertIs(c1, c2)
# 根据path中的model名与配置中的model名对比(或url),获得页面配置
def test_pickPageConfig(self):
menu = '''
内容
新闻
model: News
其它
model: Other
配置
排行榜
url: /admin/rank
广告
url: /admin/ad
'''
path = '/admin/model/News/new'
def login(self, Userid):
exists_user = sh.model('User').get(Userid)
assert exists_user, u'用户不存在'
sh.ctrl('User').login(exists_user, self.REMEMBER_ME)
return sh.redirect('/')
def _getCNSiteName(self):
site_name = sh.inputs().state.partition('_')[0]
return sh.ctrl('oauth.' + site_name).CN_SITE_NAME
#coding=utf-8
# ../../controller/IndentTable.py
import unittest
import site_helper as sh
t_ctrl = sh.ctrl('IndentTable')
db = sh.getDBHelper()
class TestIndentTable(unittest.TestCase):
def setUp(self):
model = sh.model('SiteConfig')
# 使用truncate是为了每个test中SiteConfigid从1开始
db.executeQuery('truncate %s' % model.table_name)
model.insert({'name': 'n1', 'value': 'v1', 'title': 't1'})
model.insert({'name': 'n2', 'value': 'v2', 'title': 't2'})
model.insert({'name': 'n3', 'value': 'v3', 'title': 't3'})
def test_indent_1(self):
source = '''
aaa
bb
cc
'''
target = [
['aaa', [['bb', []], ['cc', []]]],
]
self.assertEqual(t_ctrl.indent(source), target)
def loginById(self, user_id, remember_me=False):
user = sh.model(self.model_name).get(user_id)
assert(user is not None)
sh.ctrl(self.model_name).login(user, remember_me)
def login(self, Userid):
exists_user = sh.model('User').get(Userid)
assert exists_user, u'用户不存在'
sh.ctrl('User').login(exists_user, self.REMEMBER_ME)
return sh.toJsonp(
dict(is_login=True, Userid=Userid, name=sh.session.name))
def test_sh_ctrl(self):
c1 = sh.ctrl('Editor')
c2 = sh.ctrl('Editor')
self.assertIs(c1, c2)
def loginById(self, user_id, remember_me=False):
user = sh.model(self.model_name).get(user_id)
assert (user is not None)
sh.ctrl(self.model_name).login(user, remember_me)
def getTopMenuTitles(self):
it = sh.ctrl('IndentTable')
indents = it.indent(sh.getEditorMenu())
titles = [i.strip() for i,k in indents] if it.getIndentsLevel(indents) == 4 else []
return [t.partition(' ')[::2] if ' ' in t else (t, sh.editor_config.index) for t in titles ]
def test_sh_ctrl(self):
c1 = sh.ctrl('Editor')
c2 = sh.ctrl('Editor')
self.assertIs(c1, c2)
