예제 #1
0
def group_detail(request, access_group_id):
    try:
        group = AccessGroup.objects.get(access_group_id=access_group_id)
        ser_group = AccessGroupSerializer(group)
    except User.DoesNotExist:
        return JsonResponse(retcode(errcode("9999", "查询用户信息失败"), "9999",
                                    "查询用户信息失败"),
                            safe=True,
                            status=status.HTTP_400_BAD_REQUEST)
    return JsonResponse(retcode(ser_group.data, "0000", "Succ"),
                        safe=True,
                        status=status.HTTP_200_OK)
예제 #2
0
def change_password(request):
    data = JSONParser().parse(request)
    try:
        user_id = data['user_id']
    except Exception:
        return JsonResponse(retcode(errcode("9999", '用户id不能为空'), "9999",
                                    '用户id不能为空'),
                            safe=True,
                            status=status.HTTP_400_BAD_REQUEST)
    try:
        orig_password = data['orig_password']
    except Exception:
        return JsonResponse(retcode(errcode("9999", '原密码不能为空'), "9999",
                                    '原密码不能为空'),
                            safe=True,
                            status=status.HTTP_400_BAD_REQUEST)
    try:
        new_password = data['new_password']
    except Exception:
        return JsonResponse(retcode(errcode("9999", '新密码不能为空'), "9999",
                                    '新密码不能为空'),
                            safe=True,
                            status=status.HTTP_400_BAD_REQUEST)
    try:
        timestamp = data['timestamp']
    except Exception:
        return JsonResponse(retcode(errcode("9999", '异常错误'), "9999", '异常错误'),
                            safe=True,
                            status=status.HTTP_400_BAD_REQUEST)
    try:
        user = User.objects.get(user_id=user_id)
        # check salt valid
        current_utc = int(time.time())
        if current_utc - timestamp > settings.SALT_DURATION:
            return JsonResponse(retcode(errcode("4031", '非法登陆未经授权'), "4031",
                                        '非法登陆未经授权'),
                                safe=True,
                                status=status.HTTP_403_FORBIDDEN)
        m2 = hashlib.md5()
        m2.update(user.user_password_encrypt + str(timestamp))
        gen_password = m2.hexdigest()
        log.info(
            'origin_password=%s, gen_password=%s, user_password_encrypt=%s, timestamp=%s'
            % (orig_password, gen_password, user.user_password_encrypt,
               timestamp))
        if gen_password != orig_password:
            return JsonResponse(retcode(errcode("0403", '原始密码输入不正确'), "0403",
                                        '原始密码输入不正确'),
                                safe=True,
                                status=status.HTTP_403_FORBIDDEN)
        else:
            user.user_password_encrypt = new_password
            user.save()
    except User.DoesNotExist, e:
        log.error(e)
        return JsonResponse(retcode(errcode("0403", '用户不存在或用户密码不正确'), "0403",
                                    '用户不存在或用户密码不正确'),
                            safe=True,
                            status=status.HTTP_403_FORBIDDEN)
예제 #3
0
def user_detail(request, user_id):
    try:
        ret_user = User.objects.get(user_id=user_id)
        user_ser = UserSerializer(ret_user)
    except User.DoesNotExist, e:
        log.error(repr(e))
        return JsonResponse(retcode(errcode("9999", "查询用户信息失败"), "9999",
                                    "查询用户信息失败"),
                            safe=True,
                            status=status.HTTP_400_BAD_REQUEST)
예제 #4
0
def auth_user_logout(request):
    data = JSONParser().parse(request)
    try:
        user_id = data['user_id']
    except Exception:
        return JsonResponse(retcode(errcode("9999", '用户id不能为空'), "9999",
                                    '用户id不能为空'),
                            safe=True,
                            status=status.HTTP_400_BAD_REQUEST)
    try:
        user = User.objects.get(user_id=user_id)
        conn = get_connection_from_pool()
        if conn.hexists(USER_ALIAS_ID_HASH, user.user_id):
            conn.hdel(USER_ALIAS_ID_HASH, user.user_id)
        # if user.user_alias_id:
        #     user.user_alias_id = ''
        user.save()
    except User.DoesNotExist, e:
        log.error(e)
        return JsonResponse(retcode(errcode("0403", '登出用户不存在'), "0403",
                                    '登出用户不存在'),
                            safe=True,
                            status=status.HTTP_403_FORBIDDEN)
예제 #5
0
def update_user(request):
    ret = {}
    data = JSONParser().parse(request)
    try:
        user_gender = data['user_gender']
    except Exception:
        return JsonResponse(retcode(errcode("9999", '修改用户性别不能为空'), "9999",
                                    '修改用户性别不能为空'),
                            safe=True,
                            status=status.HTTP_400_BAD_REQUEST)
    try:
        user_nickname = data['user_nickname']
    except Exception:
        return JsonResponse(retcode(errcode("9999", '修改用户性别不能为空'), "9999",
                                    '修改用户性别不能为空'),
                            safe=True,
                            status=status.HTTP_400_BAD_REQUEST)
    try:
        user_phone = data['user_phone']
    except Exception:
        return JsonResponse(retcode(errcode("9999", '用户号码不能为空'), "9999",
                                    '用户号码不能为空'),
                            safe=True,
                            status=status.HTTP_400_BAD_REQUEST)
    try:
        user_id = data['user_id']
    except Exception:
        return JsonResponse(retcode(errcode("9999", '修改用户id不能为空'), "9999",
                                    '修改用户id不能为空'),
                            safe=True,
                            status=status.HTTP_400_BAD_REQUEST)
    try:
        user_email = data['user_email']
    except Exception, e:
        log.error(repr(e))
        user_email = ''
예제 #6
0
def auth_with_salt(request):
    data = JSONParser().parse(request)
    try:
        username = data['username']
    except Exception:
        return JsonResponse(retcode(errcode("9999", '注册姓名不能为空'), "9999",
                                    '注册姓名不能为空'),
                            safe=True,
                            status=status.HTTP_400_BAD_REQUEST)
    try:
        password = data['password']
    except Exception:
        return JsonResponse(retcode(errcode("9999", '注册密码不能为空'), "9999",
                                    '注册密码不能为空'),
                            safe=True,
                            status=status.HTTP_400_BAD_REQUEST)
    try:
        timestamp = data['timestamp']
    except Exception:
        return JsonResponse(retcode(errcode("9999", '异常错误'), "9999", '异常错误'),
                            safe=True,
                            status=status.HTTP_400_BAD_REQUEST)
    try:
        user = User.objects.get(user_name=username)
        # check salt valid
        current_utc = int(time.time())
        if current_utc - timestamp > settings.SALT_DURATION:
            return JsonResponse(retcode(errcode("4031", '非法登陆未经授权'), "4031",
                                        '非法登陆未经授权'),
                                safe=True,
                                status=status.HTTP_403_FORBIDDEN)
        m2 = hashlib.md5()
        m2.update(user.user_password_encrypt + str(timestamp))
        gen_password = m2.hexdigest()
        log.info("password=%s, gen_password=%s, timestamp=%s, username=%s" %
                 (password, gen_password, timestamp, username))
        if gen_password != password:
            return JsonResponse(retcode(errcode("0403", '用户不存在或用户密码不正确'),
                                        "0403", '用户不存在或用户密码不正确'),
                                safe=True,
                                status=status.HTTP_403_FORBIDDEN)
        log.info("login verify success, begin alias_id init")
        conn = get_connection_from_pool()
        conn.hset(USER_ALIAS_ID_HASH, user.user_id, uuid.uuid1().hex)
        # user.user_alias_id = uuid.uuid1().hex
        # user.save()
    except User.DoesNotExist, e:
        log.error(repr(e))
        return JsonResponse(retcode(errcode("0403", '用户不存在或用户密码不正确'), "0403",
                                    '用户不存在或用户密码不正确'),
                            safe=True,
                            status=status.HTTP_403_FORBIDDEN)
예제 #7
0
def admin_auth_with_salt(request):
    data = JSONParser().parse(request)
    try:
        username = data['username']
    except Exception:
        return JsonResponse(retcode(errcode("9999", '注册姓名不能为空'), "9999",
                                    '注册姓名不能为空'),
                            safe=True,
                            status=status.HTTP_400_BAD_REQUEST)
    try:
        password = data['password']
    except Exception:
        return JsonResponse(retcode(errcode("9999", '注册密码不能为空'), "9999",
                                    '注册密码不能为空'),
                            safe=True,
                            status=status.HTTP_400_BAD_REQUEST)
    try:
        timestamp = data['timestamp']
    except Exception:
        return JsonResponse(retcode(errcode("9999", '异常错误'), "9999", '异常错误'),
                            safe=True,
                            status=status.HTTP_400_BAD_REQUEST)
    try:
        user = User.objects.get(user_name=username, group__group='admin')
        # check salt valid
        current_utc = int(time.time())
        if current_utc - timestamp > settings.SALT_DURATION:
            return JsonResponse(retcode(errcode("4031", '非法登陆未经授权'), "4031",
                                        '非法登陆未经授权'),
                                safe=True,
                                status=status.HTTP_403_FORBIDDEN)
        m2 = hashlib.md5()
        m2.update(user.user_password_encrypt + str(timestamp))
        gen_password = m2.hexdigest()
        log.info("password=%s, gen_password=%s, timestamp=%s, username=%s" %
                 (password, gen_password, timestamp, username))
        if gen_password != password:
            return JsonResponse(retcode(errcode("0403", '用户不存在或用户密码不正确'),
                                        "0403", '用户不存在或用户密码不正确'),
                                safe=True,
                                status=status.HTTP_403_FORBIDDEN)
    except User.DoesNotExist, e:
        log.error(repr(e))
        return JsonResponse(retcode(errcode("0403", '用户不存在或用户密码不正确'), "0403",
                                    '用户不存在或用户密码不正确'),
                            safe=True,
                            status=status.HTTP_403_FORBIDDEN)
예제 #8
0
def add_user(request):
    ret = {}
    data = JSONParser().parse(request)
    try:
        user_name = data['user_name']
    except Exception:
        return JsonResponse(retcode(errcode("9999", '注册登陆名不能为空'), "9999",
                                    '注册登陆名不能为空'),
                            safe=True,
                            status=status.HTTP_400_BAD_REQUEST)
    try:
        user_real_name = data['user_real_name']
    except Exception:
        return JsonResponse(retcode(errcode("9999", '注册用户姓名不能为空'), "9999",
                                    '注册用户姓名不能为空'),
                            safe=True,
                            status=status.HTTP_400_BAD_REQUEST)
    try:
        user_gender = data['user_gender']
    except Exception:
        return JsonResponse(retcode(errcode("9999", '注册用户性别不能为空'), "9999",
                                    '注册用户性别不能为空'),
                            safe=True,
                            status=status.HTTP_400_BAD_REQUEST)
    try:
        user_phone = data['user_phone']
    except Exception:
        return JsonResponse(retcode({}, "9999", '注册用户号码不能为空'),
                            safe=True,
                            status=status.HTTP_400_BAD_REQUEST)
    try:
        role = data['role']
        role_obj = Role.objects.get(role_id=role)
    except Exception:
        return JsonResponse(retcode({}, "9999", '用户角色不能为空'),
                            safe=True,
                            status=status.HTTP_400_BAD_REQUEST)
    group_default = 'user'
    try:
        try:
            group_obj = AccessGroup.objects.get(group=group_default)
        except AccessGroup.DoesNotExist:
            return JsonResponse(retcode({}, "9999", '企业用户群组不存在'),
                                safe=True,
                                status=status.HTTP_500_INTERNAL_SERVER_ERROR)
        try:
            usr = User.objects.get(user_name=user_name)
            if usr:
                log.error(
                    "Enterprise User exists already and return 500 error")
                return JsonResponse(
                    retcode({}, "0500", '登陆名已存在'),
                    safe=True,
                    status=status.HTTP_500_INTERNAL_SERVER_ERROR)
        except User.DoesNotExist:
            with transaction.atomic():
                md = hashlib.md5()
                md.update('hna123')
                md5_pwd = md.hexdigest()
                new_user = User(user_id=uuid.uuid1(),
                                user_name=user_name,
                                user_password='******',
                                status='',
                                avatar_url='',
                                user_phone=user_phone,
                                user_email='',
                                register_time=datetime.datetime.now(tz=tz),
                                user_token=uuid.uuid4().hex,
                                role=role_obj,
                                group=group_obj,
                                user_real_name=user_real_name,
                                user_gender=user_gender,
                                user_alias_id=uuid.uuid1().hex,
                                user_password_encrypt=md5_pwd)
                new_user.save()
                auth_user_group = AuthUserGroup(user_token=new_user.user_token,
                                                group=group_obj)
                auth_user_group.save()
            ret['user_id'] = new_user.user_id
            update_redis_token(new_user.user_token, group_default)
    except Exception, e:
        log.error(repr(e))
        return JsonResponse(retcode({}, "0500", '创建用户失败'),
                            safe=True,
                            status=status.HTTP_500_INTERNAL_SERVER_ERROR)
예제 #9
0
    return paginator.get_paginated_response(user_ser.data)


@csrf_exempt
@api_view(['GET'])
def user_detail(request, user_id):
    try:
        ret_user = User.objects.get(user_id=user_id)
        user_ser = UserSerializer(ret_user)
    except User.DoesNotExist, e:
        log.error(repr(e))
        return JsonResponse(retcode(errcode("9999", "查询用户信息失败"), "9999",
                                    "查询用户信息失败"),
                            safe=True,
                            status=status.HTTP_400_BAD_REQUEST)
    return JsonResponse(retcode(user_ser.data, "0000", "Succ"),
                        safe=True,
                        status=status.HTTP_200_OK)


@csrf_exempt
@api_view(['POST'])
def add_user(request):
    ret = {}
    data = JSONParser().parse(request)
    try:
        user_name = data['user_name']
    except Exception:
        return JsonResponse(retcode(errcode("9999", '注册登陆名不能为空'), "9999",
                                    '注册登陆名不能为空'),
                            safe=True,
예제 #10
0
        if gen_password != password:
            return JsonResponse(retcode(errcode("0403", '用户不存在或用户密码不正确'),
                                        "0403", '用户不存在或用户密码不正确'),
                                safe=True,
                                status=status.HTTP_403_FORBIDDEN)
    except User.DoesNotExist, e:
        log.error(repr(e))
        return JsonResponse(retcode(errcode("0403", '用户不存在或用户密码不正确'), "0403",
                                    '用户不存在或用户密码不正确'),
                            safe=True,
                            status=status.HTTP_403_FORBIDDEN)
    ser_user = UserSerializer(user)
    ret = ser_user.data
    ret['group'] = user.group.group
    # request.session[user.user_token] = user.user_token
    return JsonResponse(retcode(ret, "0000", "Succ"),
                        safe=True,
                        status=status.HTTP_200_OK)


@csrf_exempt
@api_view(['POST'])
def auth_with_salt(request):
    data = JSONParser().parse(request)
    try:
        username = data['username']
    except Exception:
        return JsonResponse(retcode(errcode("9999", '注册姓名不能为空'), "9999",
                                    '注册姓名不能为空'),
                            safe=True,
                            status=status.HTTP_400_BAD_REQUEST)