def patch(self, *args, **kwargs): data = json.loads(self.request.body.decode("utf-8")) old_password = data.get('old_password', None) new_password1 = data.get('new_password1', None) new_password2 = data.get('new_password2', None) username = self.get_current_user() if not check_password(new_password1): return self.write(dict(code=-5, msg='密码复杂度必须为: 超过8位,包含数字,大小写字母 等')) if not old_password or not new_password1 or not new_password2 or not username: return self.write(dict(code=-1, msg='不能有空值')) if new_password1 != new_password2: return self.write(dict(code=-2, msg='新密码输入不一致')) with DBContext('r') as session: user_info = session.query(Users).filter( Users.username == username).first() if user_info.password != gen_md5(old_password): return self.write(dict(code=-3, msg='密码错误')) with DBContext('w', None, True) as session: session.query(Users).filter(Users.username == username).update( {Users.password: gen_md5(new_password1)}) return self.write(dict(code=0, msg='修改成功'))
def post(self, *args, **kwargs): data = json.loads(self.request.body.decode("utf-8")) username = data.get('username', None) nickname = data.get('nickname', None) password = data.get('password', None) department = data.get('department', None) tel = data.get('tel', None) wechat = data.get('wechat', None) no = data.get('no', None) email = data.get('email', None) if not username or not nickname or not department or not tel or not wechat or not no or not email: return self.write(dict(code=-1, msg='参数不能为空')) with DBContext('r') as session: user_info1 = session.query(Users).filter( Users.username == username).first() user_info2 = session.query(Users).filter(Users.tel == tel).first() if user_info1: return self.write(dict(code=-2, msg='用户名已注册')) if user_info2: return self.write(dict(code=-3, msg='手机号已注册')) if not password: password = '******' else: if not check_password(password): return self.write( dict(code=-5, msg='你这密码复杂度是逗我玩吗?密码复杂度: 超过8位,英文加数字,大小写,没有特殊符号')) password = gen_md5(password) mfa = base64.b32encode( bytes(str(shortuuid.uuid() + shortuuid.uuid())[:-9], encoding="utf-8")).decode("utf-8") with DBContext('w', None, True) as session: session.add( Users(username=username, password=password, nickname=nickname, department=department, tel=tel, wechat=wechat, no=no, email=email, google_key=mfa, superuser='******', status='20')) self.write(dict(code=0, msg='如果没填写密码 则新用户密码为:shenshuo'))
def put(self, *args, **kwargs): if not self.is_superuser: return self.write(dict(code=-1, msg='不是超级管理员,没有权限')) data = json.loads(self.request.body.decode("utf-8")) user_list = data.get('user_list', None) if len(user_list) < 1: return self.write(dict(code=-2, msg='用户不能为空')) redis_conn = cache_conn() configs_init('all') config_info = redis_conn.hgetall(const.APP_SETTINGS) config_info = convert(config_info) obj = SendMail( mail_host=config_info.get(const.EMAIL_HOST), mail_port=config_info.get(const.EMAIL_PORT), mail_user=config_info.get(const.EMAIL_HOST_USER), mail_password=config_info.get(const.EMAIL_HOST_PASSWORD), mail_ssl=True if config_info.get(const.EMAIL_USE_SSL) == '1' else False, mail_tls=True if config_info.get(const.EMAIL_USE_TLS) == '1' else False) with DBContext('w', None, True) as session: for user_id in user_list: md5_password = shortuuid.uuid() new_password = gen_md5(md5_password) session.query(Users).filter(Users.user_id == user_id).update( {Users.password: new_password}) mail_to = session.query( Users.email).filter(Users.user_id == user_id).first() obj.send_mail(mail_to[0], '修改密码', md5_password, subtype='plain') return self.write(dict(code=0, msg='重置密码成功,新密码已经发送到邮箱'))
def post(self, *args, **kwargs): data = json.loads(self.request.body.decode("utf-8")) username = data.get('username', None) nickname = data.get('nickname', None) password = data.get('password', None) department = data.get('department', None) tel = data.get('tel', None) wechat = data.get('wechat', None) no = data.get('no', None) email = data.get('email', None) if not username or not nickname or not department or not tel or not wechat or not no or not email: return self.write(dict(code=-1, msg='参数不能为空')) with DBContext('r') as session: user_info1 = session.query(Users).filter( Users.username == username).first() user_info2 = session.query(Users).filter(Users.tel == tel).first() user_info3 = session.query(Users).filter( Users.email == email).first() user_info4 = session.query(Users).filter( Users.nickname == nickname).first() if user_info1: return self.write(dict(code=-2, msg='用户名已注册')) if user_info2: return self.write(dict(code=-3, msg='手机号已注册')) if user_info3: return self.write(dict(code=-4, msg='邮箱已注册')) if user_info4: return self.write(dict(code=-4, msg='昵称已注册')) if not password: md5_password = shortuuid.uuid() password = gen_md5(md5_password) else: if not check_password(password): return self.write( dict(code=-5, msg='密码复杂度必须为: 超过8位,包含数字,大小写字母 等')) password = gen_md5(password) mfa = base64.b32encode( bytes(str(shortuuid.uuid() + shortuuid.uuid())[:-9], encoding="utf-8")).decode("utf-8") redis_conn = cache_conn() configs_init('all') config_info = redis_conn.hgetall(const.APP_SETTINGS) config_info = convert(config_info) obj = SendMail( mail_host=config_info.get(const.EMAIL_HOST), mail_port=config_info.get(const.EMAIL_PORT), mail_user=config_info.get(const.EMAIL_HOST_USER), mail_password=config_info.get(const.EMAIL_HOST_PASSWORD), mail_ssl=True if config_info.get(const.EMAIL_USE_SSL) == '1' else False, mail_tls=True if config_info.get(const.EMAIL_USE_TLS) == '1' else False) with DBContext('w', None, True) as session: session.add( Users(username=username, password=password, nickname=nickname, department=department, tel=tel, wechat=wechat, no=no, email=email, google_key=mfa, superuser='******')) obj.send_mail(email, '用户注册成功', '密码为:{} \n MFA:{}'.format(password, mfa), subtype='plain') return self.write( dict(code=0, msg='恭喜你! 注册成功,赶紧联系管理员给你添加权限吧!!!', mfa=mfa))
def post(self, *args, **kwargs): data = json.loads(self.request.body.decode("utf-8")) username = data.get('username', None) password = data.get('password', None) dynamic = data.get('dynamic', None) if not username or not password: return self.write(dict(code=-1, msg='账号密码不能为空')) redis_conn = cache_conn() configs_init('all') if is_mail(username): login_mail = redis_conn.hget(const.APP_SETTINGS, const.EMAILLOGIN_DOMAIN) if login_mail: if is_mail(username, login_mail.decode('utf-8')): email = username username = email.split("@")[0] email_server = redis_conn.hget(const.APP_SETTINGS, const.EMAILLOGIN_SERVER).decode('utf-8') if not email_server: return self.write(dict(code=-9, msg='请配置邮箱服务的SMTP服务地址')) if not mail_login(email, password, email_server): return self.write(dict(code=-2, msg='邮箱登陆认证失败')) with DBContext('r') as session: user_info = session.query(Users).filter(Users.email == email, Users.username == username, Users.status != '10').first() if not user_info: return self.write(dict(code=-3, msg='邮箱认证通过,请根据邮箱完善用户信息', username=username, email=email)) else: with DBContext('r') as session: user_info = session.query(Users).filter(Users.username == username, Users.password == gen_md5(password), Users.status != '10').first() if not user_info: # redis_conn = cache_conn() # configs_init('all') ldap_login = redis_conn.hget(const.APP_SETTINGS, const.LDAP_ENABLE) ldap_login = convert(ldap_login) if ldap_login != '1': return self.write(dict(code=-4, msg='账号密码错误')) ### 如果开启了LDAP认证 则进行LDAP认证 else: #### config_info = redis_conn.hgetall(const.APP_SETTINGS) config_info = convert(config_info) ldap_ssl = True if config_info.get(const.LDAP_USE_SSL) == '1' else False obj = LdapApi(config_info.get(const.LDAP_SERVER_HOST), config_info.get(const.LDAP_ADMIN_DN), config_info.get(const.LDAP_ADMIN_PASSWORD), int(config_info.get(const.LDAP_SERVER_PORT, 389)), ldap_ssl) ldap_pass_info = obj.ldap_auth(username, password, config_info.get(const.LDAP_SEARCH_BASE), config_info.get(const.LDAP_SEARCH_FILTER)) if ldap_pass_info[0]: with DBContext('r') as session: if not ldap_pass_info[2]: return self.write(dict(code=-11, msg='LDAP认证成功,但是没有找到用户邮箱,请完善!')) else: user_info = session.query(Users).filter(Users.email == ldap_pass_info[2], Users.username == username, Users.status != '10').first() if not user_info: return self.write(dict(code=-3, msg='LDAP认证通过,完善用户信息', username=ldap_pass_info[1], email=ldap_pass_info[2])) else: return self.write(dict(code=-4, msg='账号密码错误')) if 'user_info' not in dir(): return self.write(dict(code=-4, msg='账号异常')) if user_info.status != '0': return self.write(dict(code=-4, msg='账号被禁用')) is_superuser = True if user_info.superuser == '0' else False ### 如果被标记为必须动态验证切没有输入动态密钥,则跳转到二维码添加密钥的地方 ### 默认为 True, False 则全局禁用MFA mfa_global = False if convert(redis_conn.hget(const.APP_SETTINGS, const.MFA_GLOBAL)) == '1' else True if mfa_global and user_info.google_key: if not dynamic: ### 第一次不带MFA的认证 return self.write(dict(code=1, msg='跳转二次认证')) else: ### 二次认证 t_otp = pyotp.TOTP(user_info.google_key) if t_otp.now() != str(dynamic): return self.write(dict(code=-5, msg='MFA错误')) user_id = str(user_info.user_id) ### 生成token 并写入cookie token_exp_hours = redis_conn.hget(const.APP_SETTINGS, const.TOKEN_EXP_TIME) if token_exp_hours and convert(token_exp_hours): token_info = dict(user_id=user_id, username=user_info.username, nickname=user_info.nickname, email=user_info.email, is_superuser=is_superuser, exp_hours=token_exp_hours) else: token_info = dict(user_id=user_id, username=user_info.username, nickname=user_info.nickname, email=user_info.email, is_superuser=is_superuser) auth_token = AuthToken() auth_key = auth_token.encode_auth_token_v2(**token_info) login_ip_list = self.request.headers.get("X-Forwarded-For") if login_ip_list: login_ip = login_ip_list.split(",")[0] with DBContext('w', None, True) as session: session.query(Users).filter(Users.user_id == user_id).update({Users.last_ip: login_ip}) session.commit() self.set_secure_cookie("nickname", user_info.nickname) self.set_secure_cookie("username", user_info.username) self.set_secure_cookie("user_id", str(user_info.user_id)) self.set_cookie('auth_key', auth_key, expires_days=1) ### 后端权限写入缓存 my_verify = MyVerify(user_id, is_superuser) my_verify.write_verify() ### 前端权限写入缓存 # get_user_rules(user_id, is_superuser) return self.write(dict(code=0, auth_key=auth_key.decode(), username=user_info.username, nickname=user_info.nickname, msg='登录成功'))
def post(self, *args, **kwargs): data = json.loads(self.request.body.decode("utf-8")) username = data.get('username', None) password = data.get('password', None) dynamic = data.get('dynamic', None) next_url = data.get('next_url', None) if not username or not password: return self.write(dict(code=-1, msg='账号密码不能为空')) if is_mail(username): redis_conn = cache_conn() configs_init('all') login_mail = redis_conn.hget(const.APP_SETTINGS, const.EMAILLOGIN_DOMAIN) if login_mail: if is_mail(username, login_mail.decode('utf-8')): email = username username = email.split("@")[0] email_server = redis_conn.hget( const.APP_SETTINGS, const.EMAILLOGIN_SERVER).decode('utf-8') if not email_server: return self.write(dict(code=-9, msg='请配置邮箱服务的SMTP服务地址')) if not mail_login(email, password, email_server): return self.write(dict(code=-2, msg='邮箱登陆认证失败')) with DBContext('r') as session: user_info = session.query(Users).filter( Users.email == email, Users.username == username, Users.status != '10').first() if not user_info: return self.write( dict(code=-3, msg='邮箱认证通过,请根据邮箱完善用户信息', email=email)) else: with DBContext('r') as session: user_info = session.query(Users).filter( Users.username == username, Users.password == gen_md5(password), Users.status != '10').first() if not user_info: return self.write(dict(code=-4, msg='账号密码错误')) if user_info.status != '0': return self.write(dict(code=-4, msg='账号被禁用')) if user_info.superuser == '0': is_superuser = True else: is_superuser = False ### 如果被标记为必须动态验证切没有输入动态密钥,则跳转到二维码添加密钥的地方 if user_info.google_key: totp = pyotp.TOTP(user_info.google_key) if dynamic: if totp.now() != str(dynamic): return self.write(dict(code=-5, msg='MFA错误')) else: return self.write(dict(code=-8, msg='请输入MFA')) user_id = str(user_info.user_id) ### 生成token 并写入cookie token_info = dict(user_id=user_id, username=user_info.username, nickname=user_info.nickname, is_superuser=is_superuser) auth_token = AuthToken() auth_key = auth_token.encode_auth_token(**token_info) login_ip_list = self.request.headers.get("X-Forwarded-For") if login_ip_list: login_ip = login_ip_list.split(",")[0] with DBContext('w', None, True) as session: session.query(Users).filter(Users.user_id == user_id).update( {Users.last_ip: login_ip}) self.set_secure_cookie("nickname", user_info.nickname) self.set_secure_cookie("username", user_info.username) self.set_secure_cookie("user_id", str(user_info.user_id)) self.set_cookie('auth_key', auth_key, expires_days=1) ### 后端权限写入缓存 my_verify = MyVerify(user_id) my_verify.write_verify() ### 前端权限写入缓存 get_user_rules(user_id) return self.write( dict(code=0, auth_key=auth_key.decode(encoding="utf-8"), username=user_info.username, nickname=user_info.nickname, next_url=next_url, msg='登录成功'))