def post(self):
response_data = {
"next": self.get_argument("next", "/")
}
form = LoginForm(self.request.arguments)
if form.validate():
email = form.email.data
password = form.password.data
encrypt_password = yield UserDocument.encrypt_password(password)
user = yield UserDocument.find_one({
'email': email,
'password': encrypt_password
})
if user:
if not user['activated']:
response_data.update({
'error': '该账号尚未被激活! 请登录该邮箱以激活该账号! '
'或者 <a href="#resend-activation-email-modal" '
'class="red-color" id="resend-activation-email-link">'
'重新发送激活邮件</a>'
})
elif user['forbidden_login']:
response_data.update({
'error': '你的账号已于%s被冻结, 冻结时间为一周. 冻结原因: %s. 请你一周后再登录!' % (
user['forbidden_login_info'][-1]['time'].strftime('%m 月 %d 日 %H:%M'),
user['forbidden_login_info'][-1]['reason']
)
})
else:
if not Ejabberd.registered(user['_id']):
Ejabberd.register(user['_id'], user['password'])
session = self.session_manager.new_session()
session.set('user_id', user['_id'])
session.set(
"ip", self.request.headers.get("X-Real-IP", None)
)
session.set(
'user_agent',
self.request.headers.get("User-Agent", None)
)
# 添加httponly,防止javascript获得session_id
self.set_secure_cookie(
'session_id', session.id, httponly=True
)
else:
response_data.update({'error': '邮箱或者密码错误!'})
else:
for field in form.errors:
response_data.update({'error': form.errors[field][0]})
break
self.write_json(response_data)
def post(self):
response_data = {"next": self.get_argument("next", "/")}
form = LoginForm(self.request.arguments)
if form.validate():
email = form.email.data
password = form.password.data
encrypt_password = yield UserDocument.encrypt_password(password)
user = yield UserDocument.find_one({
'email': email,
'password': encrypt_password
})
if user:
if not user['activated']:
response_data.update({
'error':
'该账号尚未被激活! 请登录该邮箱以激活该账号! '
'或者 <a href="#resend-activation-email-modal" '
'class="red-color" id="resend-activation-email-link">'
'重新发送激活邮件</a>'
})
elif user['forbidden_login']:
response_data.update({
'error':
'你的账号已于%s被冻结, 冻结时间为一周. 冻结原因: %s. 请你一周后再登录!' %
(user['forbidden_login_info'][-1]['time'].strftime(
'%m 月 %d 日 %H:%M'),
user['forbidden_login_info'][-1]['reason'])
})
else:
if not Ejabberd.registered(user['_id']):
Ejabberd.register(user['_id'], user['password'])
session = self.session_manager.new_session()
session.set('user_id', user['_id'])
session.set("ip",
self.request.headers.get("X-Real-IP", None))
session.set('user_agent',
self.request.headers.get("User-Agent", None))
# 添加httponly,防止javascript获得session_id
self.set_secure_cookie('session_id',
session.id,
httponly=True)
else:
response_data.update({'error': '邮箱或者密码错误!'})
else:
for field in form.errors:
response_data.update({'error': form.errors[field][0]})
break
self.finish(json.dumps(response_data))
def post(self):
response_data = {}
form = PasswordSetForm(self.request.arguments)
if form.validate():
current_password = form.current_password.data
new_password = form.new_password.data
repeat_password = form.repeat_password.data
encrypt_password = yield UserDocument.encrypt_password(
current_password
)
if self.current_user['password'] != encrypt_password:
response_data.update({'error': '密码错误!'})
elif new_password != repeat_password:
response_data.update({'error': '新密码与重复密码不一致!'})
else:
new_password = yield UserDocument.encrypt_password(
new_password
)
yield UserDocument.update(
{'_id': ObjectId(self.current_user['_id'])},
{'$set': {'password': new_password}}
)
try:
Ejabberd.unregister(self.current_user['_id'])
Ejabberd.register(self.current_user['_id'], new_password)
except:
pass
else:
for field in form.errors:
response_data.update({'error': form.errors[field][0]})
break
self.write_json(response_data)
def post(self):
form = PasswordResetPostForm(self.request.arguments)
if not form:
raise HTTPError(404)
password = form.password.data
session_id = self.get_secure_cookie('sid')
if not session_id:
raise HTTPError(404)
self.session = self.session_manager.load_session(session_id)
uid = self.session.get('uid')
code = self.session.get('code')
if not uid or not code:
raise HTTPError(404)
code = yield CodeDocument.find_one({
'uid': ObjectId(uid),
'code': code
})
if not code:
raise HTTPError(404)
user = yield UserDocument.find_one({'_id': ObjectId(uid)})
if not user:
raise HTTPError(404)
password = yield UserDocument.encrypt_password(password)
yield UserDocument.update({'_id': user["_id"]},
{'$set': {
'password': password
}})
yield CodeDocument.remove({'_id': ObjectId(code['_id'])})
try:
Ejabberd.unregister(user['_id'])
Ejabberd.register(user['_id'], password)
except:
pass
self.session.clear()
self.clear_cookie('sid')
self.finish()
def post(self):
form = PasswordResetPostForm(self.request.arguments)
if not form:
raise HTTPError(404)
password = form.password.data
session_id = self.get_secure_cookie('sid')
if not session_id:
raise HTTPError(404)
self.session = self.session_manager.load_session(session_id)
uid = self.session.get('uid')
code = self.session.get('code')
if not uid or not code:
raise HTTPError(404)
code = yield CodeDocument.find_one({
'uid': ObjectId(uid),
'code': code
})
if not code:
raise HTTPError(404)
user = yield UserDocument.find_one({'_id': ObjectId(uid)})
if not user:
raise HTTPError(404)
password = yield UserDocument.encrypt_password(password)
yield UserDocument.update(
{'_id': user["_id"]},
{'$set': {'password': password}}
)
yield CodeDocument.remove({'_id': ObjectId(code['_id'])})
try:
Ejabberd.unregister(user['_id'])
Ejabberd.register(user['_id'], password)
except:
pass
self.session.clear()
self.clear_cookie('sid')
self.finish()
def post(self):
response_data = {}
form = RegisterForm(self.request.arguments)
if form.validate():
name = form.name.data
email = form.email.data
password = form.password.data
if (yield UserDocument.find_one({'name': name})):
response_data["error"] = "用户名已被占用"
if (yield UserDocument.find_one({"email": email})):
response_data["error"] = "邮箱已被注册"
if not response_data:
password = yield UserDocument.encrypt_password(password)
document = {
'email': email,
'name': name,
'password': password,
'user_type': "person",
'register_date': datetime.now()
}
try:
user_id = yield UserDocument.insert(document)
except:
raise HTTPError(500)
# 头像初始化
avatar = open(
os.path.join(APPLICATION_SETTINGS['static_path'],
'img/default.jpg'))
content = avatar.read()
avatar.close()
document = {
'name':
'default.jpg',
'upload_time':
datetime.now(),
'content_type':
'jpeg',
'owner':
DBRef(UserDocument.meta['collection'], ObjectId(user_id)),
'content':
Binary(content),
'thumbnail50x50':
Binary(content),
'thumbnail180x180':
Binary(content)
}
yield AvatarDocument.insert(document)
# 用户设置初始化
_ = yield OfficialProfileCoverDocument.get_profile_cover_list()
profile_cover = random.sample(_, 1)[0]
document = {
'user':
DBRef(UserDocument.meta['collection'], ObjectId(user_id)),
'profile_cover':
DBRef(OfficialProfileCoverDocument.meta['collection'],
ObjectId(profile_cover['_id']))
}
yield UserSettingDocument.insert(document)
# Ejabberd注册
try:
Ejabberd.register(user_id, password)
except:
pass
# 给用户发送验证邮件
document = {
'uid':
user_id,
'code':
CodeDocument.generate_code(),
'expired_time':
datetime.now() +
timedelta(days=USER_SETTINGS['code_expired_after'])
}
code_id = yield CodeDocument.insert(document)
WriterManager.pub(MessageTopic.SEND_ACTIVATION_EMAIL, code_id)
response_data.update(
{'success': '注册成功! 系统已经向你的注册邮箱发送了一封激活'
'邮件, 请验证后登录!'})
else:
for field in form.errors:
response_data.update({'error': form.errors[field][0]})
break
self.finish(json.dumps(response_data))
def post(self):
response_data = {}
form = RegisterForm(self.request.arguments)
if form.validate():
name = form.name.data
email = form.email.data
password = form.password.data
if (yield UserDocument.find_one({'name': name})):
response_data["error"] = "用户名已被占用"
if (yield UserDocument.find_one({"email": email})):
response_data["error"] = "邮箱已被注册"
if not response_data:
password = yield UserDocument.encrypt_password(password)
document = {
'email': email,
'name': name,
'password': password,
'user_type': "person",
'register_date': datetime.now()
}
try:
user_id = yield UserDocument.insert(document)
except:
raise HTTPError(500)
# 头像初始化
avatar = open(os.path.join(
APPLICATION_SETTINGS['static_path'], 'img/default.jpg')
)
content = avatar.read()
avatar.close()
document = {
'name': 'default.jpg',
'upload_time': datetime.now(),
'content_type': 'jpeg',
'owner': DBRef(
UserDocument.meta['collection'], ObjectId(user_id)
),
'content': Binary(content),
'thumbnail50x50': Binary(content),
'thumbnail180x180': Binary(content)
}
yield AvatarDocument.insert(document)
# 用户设置初始化
_ = yield OfficialProfileCoverDocument.get_profile_cover_list()
profile_cover = random.sample(_, 1)[0]
document = {
'user': DBRef(
UserDocument.meta['collection'], ObjectId(user_id)
),
'profile_cover': DBRef(
OfficialProfileCoverDocument.meta['collection'],
ObjectId(profile_cover['_id'])
)
}
yield UserSettingDocument.insert(document)
# Ejabberd注册
try:
Ejabberd.register(user_id, password)
except:
pass
# 给用户发送验证邮件
document = {
'uid': user_id,
'code': CodeDocument.generate_code(),
'expired_time': datetime.now() + timedelta(
days=USER_SETTINGS['code_expired_after']
)
}
code_id = yield CodeDocument.insert(document)
WriterManager.pub(MessageTopic.SEND_ACTIVATION_EMAIL, code_id)
response_data.update({
'success': '注册成功! 系统已经向你的注册邮箱发送了一封激活'
'邮件, 请验证后登录!'
})
else:
for field in form.errors:
response_data.update({'error': form.errors[field][0]})
break
self.write_json(response_data)