예제 #1
0
def userlogin():
    if request.method == 'POST':
        res = dict(code=1)
        auth = Authentication(g.mysql, g.redis)
        result = auth.signIn(account=request.form.get("account"),
                             password=request.form.get("password"))
        if result["success"]:
            uid = result["uid"]
            # 记录登录日志
            auth.brush_loginlog(result, login_ip=g.ip, user_agent=g.agent)
            fields = request.form.get("fields") or "is_admin,avatar,nick_name"
            fields = [i for i in comma_pat.split(fields) if i]
            fields = set(fields)
            fields.update(["avatar", "nick_name"])
            fields = list(fields)
            infores = g.api.userprofile.getUserProfile(uid)
            data = {}
            if infores["code"] == 0:
                data = infores["data"]
            data.update(token=set_sessionId(uid, 7200))
            res.update(code=0, data={k: data[k] for k in fields if k in data})
        else:
            res.update(msg=result["msg"])
        return jsonify(dfr(res))
예제 #2
0
def authorized():
    """ Client SSO 单点登录、注销入口, 根据`Action`参数判断是`ssoLogin`还是`ssoLogout` """
    Action = request.args.get("Action")
    if Action == "ssoLogin":
        # 单点登录
        ticket = request.args.get("ticket")
        if request.method == "GET" and ticket and g.signin == False:
            resp = sso_request(
                "{}/sso/validate".format(sso_server),
                dict(Action="validate_ticket"),
                dict(ticket=ticket,
                     app_name=SSO["app_name"],
                     get_userinfo=True,
                     get_userbind=False))
            logger.sys.debug("SSO check ticket resp: {}".format(resp))
            if resp and isinstance(
                    resp, dict) and "success" in resp and "uid" in resp:
                if resp["success"] is True:
                    uid = resp["uid"]
                    sid = resp["sid"]
                    expire = int(resp["expire"])
                    g.userinfo = resp["userinfo"].get("data") or dict()
                    logger.sys.debug(g.userinfo)
                    # 授权令牌验证通过,设置局部会话,允许登录
                    sessionId = set_sessionId(uid=uid, seconds=expire, sid=sid)
                    response = make_response(
                        redirect(get_redirect_url("front.index")))
                    response.set_cookie(
                        key="sessionId",
                        value=sessionId,
                        max_age=expire,
                        httponly=True,
                        secure=False if request.url_root.split("://")[0]
                        == "http" else True)
                    return response
    elif Action == "ssoLogout":
        # 单点注销
        ReturnUrl = request.args.get("ReturnUrl") or get_referrer_url(
        ) or url_for("front.index", _external=True)
        NextUrl = "{}/signOut?ReturnUrl={}".format(sso_server, ReturnUrl)
        app_name = request.args.get("app_name")
        if request.method == "GET" and NextUrl and app_name and g.signin == True and app_name == SSO[
                "app_name"]:
            response = make_response(redirect(NextUrl))
            response.set_cookie(key="sessionId", value="", expires=0)
            return response
    elif Action == "ssoConSync":
        # 数据同步:参数中必须包含大写的hmac_sha256(app_name:app_id:app_secret)的signature值
        # 此处可以改为要求登录,passport sessionId可以解析出所需要的sid、uid
        signature = request.args.get("signature")
        if request.method == "POST" and signature and signature == hmac_sha256(
                "{}:{}:{}".format(SSO["app_name"], SSO["app_id"],
                                  SSO["app_secret"])).upper():
            try:
                data = json.loads(request.form.get("data"))
                ct = data["CallbackType"]
                cd = data["CallbackData"]
                uid = data["uid"]
                token = data["token"]
            except Exception, e:
                logger.plugin.warning(e)
            else:
                logger.plugin.info("ssoConSync with uid: {} -> {}: {}".format(
                    uid, ct, cd))
                resp = sso_request("{}/sso/validate".format(sso_server),
                                   dict(Action="validate_sync"),
                                   dict(token=token, uid=uid))
                if resp and isinstance(resp,
                                       dict) and resp.get("success") is True:
                    # 之后根据不同类型的ct处理cd
                    logger.plugin.debug("ssoConSync is ok")
                    if ct == "user_profile":
                        # like {u'nick_name': u'.\u5f18\u5f08', u'gender': u'1', u'domain_name': u'taochengwei', u'birthday': u'1995-04-22', u'location': u'\u5317\u4eac \u671d\u9633', u'signature': u'\u5c81\u6708\u5982\u5200\u65a9\u5929\u9a84'}
                        logger.plugin.debug(
                            "sync user_profile before: {}".format(g.userinfo))
                        g.userinfo.update(cd)
                        logger.plugin.debug(
                            "sync user_profile after: {}".format(g.userinfo))
                    elif ct == "user_avatar":
                        logger.plugin.debug(
                            "sync user_avatar before: {}".format(
                                g.userinfo["avatar"]))
                        g.userinfo["avatar"] = cd
                        logger.plugin.debug(
                            "sync user_avatar after: {}".format(
                                g.userinfo["avatar"]))
                    return jsonify(msg="Synchronization completed",
                                   success=g.api.sso_set_userinfo(
                                       uid, g.userinfo),
                                   app_name=SSO["app_name"])
예제 #3
0
def authorized():
    """ Client SSO 单点登录、注销入口, 根据`Action`参数判断是`ssoLogin`还是`ssoLogout` """
    Action = request.args.get("Action")
    if Action == "ssoLogin":
        # 单点登录
        ticket = request.args.get("ticket")
        if request.method == "GET" and ticket and g.signin == False:
            resp = sso_request(
                "{}/sso/validate".format(sso_server),
                dict(Action="validate_ticket"),
                dict(ticket=ticket,
                     app_name=SSO["app_name"],
                     get_userinfo=False,
                     get_userbind=False))
            logger.debug("SSO check ticket resp: {}".format(resp))
            if resp and isinstance(
                    resp, dict) and "success" in resp and "uid" in resp:
                if resp["success"] is True:
                    uid = resp["uid"]
                    sid = resp["sid"]
                    expire = int(resp["expire"])
                    #userinfo = resp["userinfo"]
                    #logger.debug(userinfo)
                    # 授权令牌验证通过,设置局部会话,允许登录
                    sessionId = set_sessionId(uid=uid, seconds=expire, sid=sid)
                    response = make_response(
                        redirect(get_redirect_url("front.index")))
                    response.set_cookie(
                        key="sessionId",
                        value=sessionId,
                        max_age=expire,
                        httponly=True,
                        secure=False if request.url_root.split("://")[0]
                        == "http" else True)
                    return response
    elif Action == "ssoLogout":
        # 单点注销
        ReturnUrl = request.args.get("ReturnUrl") or get_referrer_url(
        ) or url_for("front.index", _external=True)
        NextUrl = "{}/signOut?ReturnUrl={}".format(sso_server, ReturnUrl)
        app_name = request.args.get("app_name")
        if request.method == "GET" and NextUrl and app_name and g.signin == True and app_name == SSO[
                "app_name"]:
            response = make_response(redirect(NextUrl))
            response.set_cookie(key="sessionId", value="", expires=0)
            return response
    elif Action == "ssoConSync":
        # 数据同步:参数中必须包含大写的hmac_sha256(app_name:app_id:app_secret)的signature值
        signature = request.args.get("signature")
        if request.method == "POST" and signature and signature == hmac_sha256(
                "{}:{}:{}".format(SSO["app_name"], SSO["app_id"],
                                  SSO["app_secret"])).upper():
            try:
                data = json.loads(request.form.get("data"))
                ct = data["CallbackType"]
                cd = data["CallbackData"]
                uid = data["uid"]
                token = data["token"]
            except Exception, e:
                logger.warning(e)
            else:
                logger.info("ssoConSync with uid: {} -> {}: {}".format(
                    uid, ct, cd))
                resp = sso_request("{}/sso/validate".format(sso_server),
                                   dict(Action="validate_sync"),
                                   dict(token=token, uid=uid))
                if resp and isinstance(resp,
                                       dict) and resp.get("success") is True:
                    # 之后根据不同类型的ct处理cd
                    logger.debug("ssoConSync is ok")
                    if ct == "user_profile":
                        pass
                    elif ct == "user_avatar":
                        pass
                    return jsonify(msg="Synchronization completed",
                                   success=True,
                                   app_name=SSO["app_name"])