def get(self, request, username): """ 1.用户收到短信并填写短信验证码; 2.发送请求到后端,带上 account 和 sms_code; 3.后端对参数进行校验; 4.生成用于修改密码的 token,将 user_id 保存进去,返回 user_id 和 token """ # 获取用户以及手机验证码 user = get_user_by_account(username) # user = User.objects.get(username=username) sms_code = request.GET.get('sms_code') # 从redis中获取真是的短信验证码 redis_conn = get_redis_connection('verify_codes') real_sms_code = redis_conn.get('sms_%s' % user.mobile) # bytes print("11", user.username, user.mobile) print("real_sms_code", real_sms_code) if real_sms_code is None: return Response('短信验证码已经失效') # 对比短信验证码 if real_sms_code.decode() != sms_code: return Response('短信验证码填写错误') # 生成用于修改密码的token值. tjs = TJWSSerializer(settings.SECRET_KEY, 300) access_token = tjs.dumps({'user_id': user.id}).decode() return Response({'access_token': access_token, 'user_id': user.id})
def check_verify_email_token(token): """ 检验邮件的token :param token: :return: """ serializer = TJWSSerializer( settings.SECRET_KEY, expires_in=constants.VERIFY_EMAIL_TOKEN_EXPIRES) try: data = serializer.loads(token) except BadData: return None else: email = data.get('email') user_id = data.get('user_id') try: user = User.objects.get(id=user_id, email=email) except User.DoesNotExist: return None else: return user
def generate_email_verify_url(self): """生成邮箱验证链接""" serializer = TJWSSerializer(settings.SECRET_KEY, expires_in=constants.EMAIL_VERIFY_TOKEN_EXPIRES) data = {'user_id': self.id, 'email': self.email} token = serializer.dumps(data) verify_url = 'http://www.meiduo.site:8080/success_verify_email.html?token=' + token.decode() return verify_url
def decode_token(token): s = TJWSSerializer(settings.SECRET_KEY, expires_in=3600) try: result = s.loads(token) except BadSignature: return None return result
def check_verify_email_token(token): ''' 用不到用户数据使用静态方法 校验邮箱链接 ''' # 解析需要使用到同样的serializer,配置一样的secret key和salt,使用loads方法来解析token。 serializer = TJWSSerializer( settings.SECRET_KEY, expires_in=constants.VERIFY_EMAIL_TOKEN_EXPIRES) try: # 加载 data = serializer.loads(token) except BadData: return None else: # 没有异常接受一下这个数据 user_id = data['user_id'] email = data['email'] # 查询数据库 try: user = User.objects.get(id=user_id, email=email) except User.DoesNotExist: return None return user
def validate(self, attrs): # 解密openid openid_token = attrs.pop('openid_token') serializer = TJWSSerializer(settings.SECRET_KEY, 600) try: data = serializer.loads(openid_token) openid = data.get('openid') except BadData: openid = None if openid is None: raise serializers.ValidationError('openid无效') # openid 加入到字典中 attrs['openid'] = openid mobile = attrs['mobile'] sms_code = attrs['sms_code'] email_code = attrs['email_code'] redis_conn_sms = get_redis_connection('sms_codes') real_sms_code = redis_conn_sms.get('sms_%s' % attrs['mobile']) if real_sms_code is None or sms_code != real_sms_code.decode(): raise serializers.ValidationError('短信验证码错误') redis_conn_email = get_redis_connection('email_codes') real_email_code = redis_conn_email.get('email_%s' % attrs['email']) if real_email_code is None or email_code != real_email_code.decode(): raise serializers.ValidationError('邮箱验证码错误') try: user = User.objects.get(mobile=mobile) except User.DoesNotExist: pass else: attrs['user'] = user return attrs
def generate_set_password_token(self): """ 生成修改密码的token """ serializer = TJWSSerializer(settings.SECRET_KEY, expires_in=300) data = {'user_id': self.id} token = serializer.dumps(data) return token.decode()
def loads(data_str, expires): serializer = TJWSSerializer(settings.SECRET_KEY, expires) try: data_dict = serializer.loads(data_str) except: return None else: return data_dict
def generate_email_verify_url(self): """生成邮箱激活链接""" serializer = TJWSSerializer(settings.SECRET_KEY, 3600 * 24) data = {'user_id': self.id, 'email': self.email} token = serializer.dumps(data).decode() return 'http://' + settings.FRONT_END + '/success_verify_email.html?token=' + token
def generate_send_sms_code_token(self): serializer = TJWSSerializer(settings.SECRET_KEY, constants.SEND_SMS_CODE_TOKEN_EXPIRES) data = { "mobile": self.mobile } token = serializer.dumps(data) return token.decode()
def check_bind_user_access_token(access_token): serializer = TJWSSerializer(settings.SECRET_KEY, constants.BIND_USER_ACCESS_TOKEN_EXPIRES) try: data = serializer.loads(access_token) except BadData: return None else: return data['openid']
def generate_set_password_token(self): """ 生成修改密码的token """ serializer = TJWSSerializer(settings.SECRET_KEY, expires_in=constants.SET_PASSWORD_TOKEN_EXPIRES) data = {'user_id': self.id} token = serializer.dumps(data) return token.decode()
def generate_send_sms_code_token(self): """ 生成发送短信验证码的token """ serializer = TJWSSerializer(settings.SECRET_KEY, expires_in= 60) data = {'mobile': self.mobile} token = serializer.dumps(data) return token.decode()
def generate_send_sms_token(self): """ 生成发送短信验证码的token """ # 注意看导入的包,access_token是作为一种验证身份,使用itsdangerouse包 serializer = TJWSSerializer(settings.SECRET_KEY, expires_in=300) data = {'mobile': self.mobile} token = serializer.dumps(data) return token.decode()
def generate_verify_email_url(self): """ 生成验证邮箱的url """ serializer = TJWSSerializer(settings.SECRET_KEY, expires_in=300) data = {'user_id': self.id, 'email': self.email} token = serializer.dumps(data).decode() verify_url = 'http://www.meiduo.site:8080/success_verify_email.html?token=' + token return verify_url
def load_data(secret_key, token): s = TJWSSerializer(secret_key) try: data = s.loads(token) return data except SignatureExpired: # valid token, but expired return None except BadSignature: # invalid token return None
def generate_save_user_openid(openid): #1,创建TJWSSerializer对象 serializer = TJWSSerializer(settings.SECRET_KEY, expires_in=300) #2,加密数据 token = serializer.dumps({"openid": openid}) #3,返回 return token
def check_send_sms_token(access_token): serializer = TJWSSerializer( settings.SECRET_KEY, expires_in=constants.SEND_SMS_TOKEN_EXPIRES) try: payload = serializer.loads(access_token) except BadData: return None else: return payload.get('mobile')
def check_save_user_openid(access_token): #1,创建serializer对象 serializer = TJWSSerializer(settings.SECRET_KEY, expires_in=300) #2,解密openid dict_data = serializer.loads(access_token) #3,返回 return dict_data.get("openid")
def generate_set_password_token(self): """ 生成重置密码的access_token :return: access_token """ serializer = TJWSSerializer(settings.SECRET_KEY, constants.SMS_CODE_REDIS_EXPIRES) access_token = serializer.dumps({'user_id': self.id}).decode() return access_token
def generate_send_sms_token(self): """ 生成发送短信验证码的token """ serializer = TJWSSerializer( settings.SECRET_KEY, expires_in=constants.SEND_SMS_TOKEN_EXPIRES) data = {'mobile': self.mobile} token = serializer.dumps(data) return token.decode()
def encode_openid(openid): # 1,创建加密对象 serializer = TJWSSerializer(secret_key=settings.SECRET_KEY, expires_in=300) # 2,加密openid token = serializer.dumps({"openid": openid}) # 3,返回加密的openid return token.decode()
def check_save_user_token(access_token): serializer = TJWSSerializer( settings.SECRET_KEY, expires_in=constants.SAVE_QQ_USER_TOKEN_EXPIRES) try: payload = serializer.loads(access_token) except BadData: return None else: return payload.get('openid')
def generate_save_user_token(openid): """ 生成保存用户数据的token :param openid: 用户的openid :return: token """ serializer = TJWSSerializer(settings.SECRET_KEY, expires_in=constants.SAVE_QQ_USER_TOKEN_EXPIRES) data = {'openid': openid} token = serializer.dumps(data) return token.decode()
def generate_access_token(openid): """ 生成access_token :return: token """ serializer = TJWSSerializer( settings.SECRET_KEY, expires_in=constants.SAVE_QQ_USER_TOKEN_EXPIRES) token = serializer.dumps({"openid": openid}) return token.decode()
def generate_save_user_token(self, openid): ''' 生成保存用户数据的token :param openid: 用户的openid :return: token ''' serializer = TJWSSerializer(settings.SECRET_KEY, constants.BIND_USER_ACCESS_TOKEN_EXPIRES) token = serializer.dumps({'openid': openid}) return token.decode()
def generate_send_sms_code_token(self): # self是user # 创建itsdangerous模型的转换工具 serializer = TJWSSerializer(settings.SECRET_KEY, SEND_SMS_CODE_TOKEN_EXPIRES) # 将手机号字典放在token中 data = {"mobile": self.mobile} # 生成token token = serializer.dumps(data) # type:bytes # 返回非二进制token return token.decode()
def generate_verify_email_url(self): """生成用户的邮箱验证码链接地址""" data = {'id': self.id, 'email': self.email} serializer = TJWSSerializer( secret_key=settings.SECRET_KEY, expires_in=constants.VERIFY_EMAIL_TOKEN_EXPIRES) token = serializer.dumps(data).decode() verify_url = 'http://www.meiduo.site:8080/success_verify_email.html?token=' + token return verify_url
def generate_send_sms_code_token(self): """生成发送短信验证码的access_token :return: access_token """ # 创建itsdangerous的转换工具 serialier = TJWSSerializer(settings.SECRET_KEY, constants.SEND_SMS_CODE_TOKEN_EXIPIRES) data = {'mobile': self.mobile} token = serialier.dumps(data) return token.decode()
def generate_bind_user_access_token(self, openid): """ 生成保存用户数据的token :param openid: 用户的openid :return: tokenf """ serializer = TJWSSerializer(settings.SECRET_KEY, constants.BIND_USER_ACCESS_TOKEN_EXPIRES) token = serializer.dumps({"openid": openid}) return token.decode()