def _login(self, request):
account = Account()
# 判断调用方式
if settings.LOGIN_TYPE != 'custom_login':
return account.login(request)
# 调用自定义login view
custom_login_view = import_string(settings.CUSTOM_LOGIN_VIEW)
return custom_login_view(request)
def authenticate(self, request):
account = Account()
login_status, username = account.is_bk_token_valid(request)
if not login_status:
return None
user_model = get_user_model()
try:
user = user_model._default_manager.get_by_natural_key(username)
return user
except user_model.DoesNotExist:
return None
def process_view(self, request, view, args, kwargs):
full_path = request.get_full_path()
if full_path.startswith(
settings.STATIC_URL) or full_path == '/robots.txt':
return None
if getattr(view, 'login_exempt', False):
return None
user = authenticate(request=request)
if user:
request.user = user
return None
account = Account()
return account.redirect_login(request)
def validate_bk_token(data):
"""
检查bk_token的合法性,并返回用户实例
"""
account = Account()
bk_token = data.get(account.BK_COOKIE_NAME)
# 验证Token参数
is_valid, username, message = account._is_bk_token_valid(bk_token)
if not is_valid:
return False, None, message
try:
user = BkUser.objects.get(username=username)
except BkUser.DoesNotExist:
return False, None, _("用户不存在")
return True, user, ''
def process_view(self, request, view, args, kwargs):
# 静态资源不做登录态验证
full_path = request.get_full_path()
if full_path.startswith(
settings.STATIC_URL) or full_path == '/robots.txt':
return None
# 静态资源不做登录态验证
if full_path in [
settings.SITE_URL + 'i18n/setlang/', '/i18n/setlang/',
settings.SITE_URL + 'jsi18n/i18n/', '/jsi18n/i18n/'
]:
return None
if getattr(view, 'login_exempt', False):
return None
if request.user.is_authenticated():
return None
account = Account()
return account.redirect_login(request)
def login(request, template_name='login/login.html',
authentication_form=CustomLoginForm,
current_app=None, extra_context=None):
"""
登录处理,
"""
account = Account()
# 获取用户实际请求的 URL, 目前 account.REDIRECT_FIELD_NAME = 'c_url'
redirect_to = request.GET.get(account.REDIRECT_FIELD_NAME, '')
# 获取用户实际访问的蓝鲸应用
app_id = request.GET.get('app_id', '')
redirect_field_name = account.REDIRECT_FIELD_NAME
if request.method == 'POST':
#通过自定义表单CustomLoginForm实现登录验证
form = authentication_form(request, data=request.POST)
if form.is_valid():
#验证通过跳转
return account.login_success_response(request, form, redirect_to, app_id)
else:
form = authentication_form(request)
current_site = get_current_site(request)
context = {
'form': form,
redirect_field_name: redirect_to,
'site': current_site,
'site_name': current_site.name,
'app_id': app_id,
}
if extra_context is not None:
context.update(extra_context)
if current_app is not None:
request.current_app = current_app
response = TemplateResponse(request, template_name, context)
response = account.set_bk_token_invalid(request, response)
return response
def login(request):
"""
登录处理
"""
account = Account()
# 获取用户实际请求的URL, 目前account.REDIRECT_FIELD_NAME = 'c_url'
redirect_to = request.GET.get(account.REDIRECT_FIELD_NAME, '')
# 获取用户实际访问的蓝鲸应用
app_id = request.GET.get('app_id', '')
# 来自注销
is_from_logout = bool(request.GET.get('is_from_logout') or 0)
# google登录回调后会自动添加code参数
code = request.GET.get('code')
# 若没有code参数,则表示需要跳转到google登录
if code is None or is_from_logout:
# 生成跳转到google登录的链接
google_oauth_login_url, state = gen_oauth_login_url({
'app_id': app_id,
account.REDIRECT_FIELD_NAME: redirect_to
})
# 将state 设置于session,Oauth2.0特有的,防止csrf攻击的
request.session['state'] = state
# 直接调用蓝鲸登录重定向方法
response = account.login_redirect_response(request, google_oauth_login_url, is_from_logout)
return response
# 已经有企业认证票据参数(如code参数),表示企业登录后的回调或企业认证票据还存在
# oauth2.0 特有处理逻辑,防止csrf攻击
# 处理state参数
state = request.GET.get('state', '')
state_dict = dict(urlparse.parse_qsl(state))
app_id = state_dict.get('app_id')
redirect_to = state_dict.get(account.REDIRECT_FIELD_NAME, '')
state_from_session = request.session.get('state')
# 校验state,防止csrf攻击
if state != state_from_session:
return account.login_failed_response(request, redirect_to, app_id)
# 验证用户登录是否OK
user = authenticate(code=code)
if user is None:
# 直接调用蓝鲸登录失败处理方法
return account.login_failed_response(request, redirect_to, app_id)
# 成功,则调用蓝鲸登录成功的处理函数,并返回响应
return account.login_success_response(request, user, redirect_to, app_id)
def modify_user_info(request):
"""
\xe4\xbf\xae\xe6\x94\xb9\xe7\x94\xa8\xe6\x88\xb7\xe4\xb8\xaa\xe4\xba\xba\xe4\xbf\xa1\xe6\x81\xaf
"""
account = Account()
return account.modify_user_info(request)
def reset_password(request):
"""
\xe9\x87\x8d\xe7\xbd\xae\xe5\xaf\x86\xe7\xa0\x81
"""
account = Account()
return account.reset_password(request)
def get_batch_user(request):
"""
\xe6\x89\xb9\xe9\x87\x8f\xe8\x8e\xb7\xe5\x8f\x96\xe7\x94\xa8\xe6\x88\xb7\xe4\xbf\xa1\xe6\x81\xafAPI
"""
account = Account()
return account.get_batch_user(request)
def is_login(request):
"""
\xe7\x99\xbb\xe5\xbd\x95\xe6\x80\x81\xe9\xaa\x8c\xe8\xaf\x81API
"""
account = Account()
return account.is_login(request)
def logout(request):
"""
\xe7\x99\xbb\xe5\x87\xba
"""
account = Account()
return account.logout(request)
def login(request):
"""
\xe7\x99\xbb\xe5\x85\xa5
"""
account = Account()
return account.login(request)
def get(self, request):
account = Account()
return account.logout(request)