def login():
form = MyForm.MyForm_login()
form.name.label = '用户名:'
form.password.label = '密码:'
user = request.cookies.get('user')
if user:
Incr = Redis.incr('%s_Incr' % user)
else:
Incr = 0
if form.submit.data:
if form.name.data and form.password.data:
user = form.name.data
pw = form.password.data
Key_Incr = '%s_Incr' % user
Key_Lock = '%s_lock' % user
try:
if Incr >= 30:
raise flash('该帐号异常登陆,已被锁定3分钟!')
if Incr >= 5:
if form.code.data:
if str(form.code.data) != str(session['verify_code']):
raise flash('输入验证码错误!')
else:
raise flash('请输入验证码,看不清点击验证码刷新!')
va_p = db_op.idc_users.query.filter(
and_(db_op.idc_users.name == user,
db_op.idc_users.passwd == Md5.Md5_make(pw))).first()
produce.Async_log(user, request.url)
if va_p:
URL = url_for('index.index')
if pw == app.config.get('INIT_OP_PASSWORD'):
URL = url_for('pw.pw')
flash('请修改初始密码!')
timestamp = None
if form.remember_me.data:
timestamp = check.timestamp(7)
ID = produce.Produce(length=24, chars=string.hexdigits)
app_resp = make_response(redirect(URL))
app_resp.set_cookie('user', user, expires=timestamp)
app_resp.set_cookie('ID', ID, expires=timestamp)
Redis.set('OP_ID_%s' % user, ID)
Redis.delete(Key_Lock)
Redis.delete(Key_Incr)
return app_resp
else:
Redis.incr(Key_Incr)
if Incr >= 30:
Redis.set(Key_Lock, 'True')
Redis.expire(Key_Incr, 60)
Redis.expire(Key_Lock, 180)
flash('用户名或者密码错误!')
URL = url_for('login.login')
app_resp = make_response(redirect(URL))
app_resp.set_cookie('user', user)
return app_resp
except Exception as e:
if 'old' not in str(e):
flash(str(e))
return render_template('login.html', form=form, verify_incr=Incr)
def login():
form = MyForm.MyForm_login()
form.name.label = '用户名:'
form.password.label = '密码:'
ym = time.strftime('%Y', time.localtime())
if form.submit.data:
if form.name.data and form.password.data:
user = form.name.data
pw = form.password.data
try:
Key_Incr = '%s_Incr' % user
Key_Lock = 'Lock_login_%s' % user
if Redis.exists(Key_Incr):
Incr = int(Redis.get(Key_Incr))
else:
Incr = 1
if Redis.exists(Key_Lock):
raise flash('该帐号异常登陆,已被锁定1分钟!')
va_p = db_op.idc_users.query.filter(
and_(db_op.idc_users.name == user,
db_op.idc_users.passwd == Md5.Md5_make(pw))).first()
produce.Async_log(user, request.url)
if va_p:
URL = url_for('index.index')
if pw == app.config.get('INIT_OP_PASSWORD'):
URL = url_for('pw.pw')
flash('请修改初始密码!')
timestamp = None
if form.remember_me.data:
timestamp = check.timestamp(7)
ID = produce.Produce(length=24, chars=string.hexdigits)
app_resp = make_response(redirect(URL))
app_resp.set_cookie('user', user, expires=timestamp)
app_resp.set_cookie('ID', ID, expires=timestamp)
Redis.set('OP_ID_%s' % user, ID)
return app_resp
else:
Redis.set(Key_Incr, Incr + 1)
if Incr >= 11:
Redis.incr(Key_Lock, 'True')
Redis.expire(Key_Lock, 60)
flash('用户名或者密码错误,还有%s次机会重试!' % (10 - int(Incr)))
URL = url_for('login.login')
app_resp = make_response(redirect(URL))
app_resp.set_cookie('user', user)
return app_resp
except Exception as e:
if 'old' not in str(e):
flash(str(e))
return render_template('login.html', form=form, ym=ym)
def logout():
timestamp = check.timestamp(0)
app_resp = make_response(redirect('/login'))
for key in request.cookies:
app_resp.set_cookie(key, expires=timestamp)
return app_resp
def logout():
timestamp = check.timestamp(0)
app_resp = make_response(redirect('/'))
app_resp.set_cookie('user', expires=timestamp)
app_resp.set_cookie('ID', expires=timestamp)
return app_resp
def login():
try:
try:
token = tools.Produce(length=24, chars=string.hexdigits)
except Exception as e:
logging.error(e)
ym = time.strftime('%Y', time.localtime())
session['Menu'] = {}
#钉钉验证授权
if tools.http_args(request, 'code') and tools.http_args(
request, 'state') == 'STATE':
db_auth = db_op.user_auth
code = tools.http_args(request, 'code')
#获取token
try:
url = "https://oapi.dingtalk.com/sns/gettoken?appid=dingoadq3qon8zb34vzdff&appsecret=Tu6IlXjTn1m4vqrOA580xLOt2VbOK26bVu3sBOtvp0MnqIp2zpcwkL3qVpqAT7rG"
if ENV == 'dev':
url = "https://oapi.dingtalk.com/sns/gettoken?appid=dingoa7wymhx6dbeffjels&appsecret=I-v3OXL1hFKYZlJ3b6pqABmoNGYREXePpdzQ5JaSK8DqJdQyn_1J3wEUYBTpdiE_"
r = requests.get(url)
access_token = r.json()['access_token']
r = requests.post(
"https://oapi.dingtalk.com/sns/get_persistent_code?access_token=%s"
% access_token,
data=json.dumps({"tmp_auth_code": code}))
openid = r.json()['openid']
persistent_code = r.json()['persistent_code']
r = requests.post(
"https://oapi.dingtalk.com/sns/get_sns_token?access_token=%s"
% access_token,
data=json.dumps({
"openid": openid,
"persistent_code": persistent_code
}))
sns_token = r.json()['sns_token']
#获取用户信息
r = requests.get(
'https://oapi.dingtalk.com/sns/getuserinfo?sns_token=%s' %
sns_token)
user_info = r.json()['user_info']
nick = user_info['nick']
dingId = user_info['dingId']
except Exception as e:
logging.error(e)
#授权用户登陆
if nick and dingId:
try:
val = db_auth.query.filter(
and_(db_auth.dingId == dingId,
db_auth.openid == openid)).all()
if val:
db_auth.query.filter(
and_(db_auth.dingId == dingId,
db_auth.openid == openid)).update({
db_auth.token:
token,
db_auth.update_time:
time.strftime('%Y-%m-%d %H:%M:%S',
time.localtime())
})
db_op.DB.session.commit()
URL = url_for('main')
timestamp = check.timestamp(7)
else:
#跳转至权限申请页
URL = url_for('approval.apply')
timestamp = check.timestamp(1)
except Exception as e:
logging.error(e)
app_resp = make_response(redirect(URL))
try:
app_resp.set_cookie('user',
Md5.Md5_make(nick),
expires=timestamp,
path='/')
app_resp.set_cookie('openid',
Md5.Md5_make(openid),
expires=timestamp,
path='/')
app_resp.set_cookie('dingId',
Md5.Md5_make(dingId),
expires=timestamp,
path='/')
app_resp.set_cookie('token',
Md5.Md5_make(token),
expires=timestamp,
path='/')
except Exception as e:
logging.error(e)
else:
Redis.set('OP_verify_%s' % dingId, token)
Redis.set('OP_token_%s' % Md5.Md5_make(token), token)
Redis.set('OP_dingId_%s' % Md5.Md5_make(dingId), dingId)
Redis.set('OP_user_%s' % Md5.Md5_make(nick), nick)
Redis.set('OP_openid_%s' % Md5.Md5_make(openid), openid)
return app_resp
except Exception as e:
flash('登录失败!')
logging.error(e)
finally:
db_op.DB.session.remove()
return render_template('login.html', ym=ym, ENV=ENV)
#-*- coding: utf-8 -*-
from flask import Blueprint,redirect,url_for,render_template,flash,make_response,g,request
from sqlalchemy import and_
from Modules import db_op,produce, MyForm, Md5,check
page_pw = Blueprint('pw',__name__)
timestamp = check.timestamp(7)
@page_pw.route('/pw',methods = ['GET', 'POST'])
def pw():
form = MyForm.MyForm_pw()
if form.submit.data:
pw = Md5.Md5_make(form.password.data)
pw1 = form.new_password1.data
pw2 = form.new_password2.data
try:
db = db_op.idc_users
va = db.query.filter(and_(db.name == g.user, db.passwd == pw)).first()
if pw1 == pw2:
if va:
va.passwd = Md5.Md5_make(pw1)
db_op.DB.session.commit()
db_op.DB.session.close()
flash('密码修改成功,请重新登录!')
app_resp = make_response( redirect(url_for('index.index')))
return app_resp
else:
flash('旧密码错误!')
else:
flash('新密码不一致!')
except Exception as e:
flash(e)
return render_template('password.html',form=form)
def logout():
timestamp = check.timestamp(0)
app_resp = make_response(redirect('/'))
app_resp.set_cookie('user', expires=timestamp)
app_resp.set_cookie('ID', expires=timestamp)
return app_resp
