def get(self, request, username):
"""
1.用户收到短信并填写短信验证码;
2.发送请求到后端,带上 account 和 sms_code;
3.后端对参数进行校验;
4.生成用于修改密码的 token,将 user_id 保存进去,返回 user_id 和 token
"""
# 获取用户以及手机验证码
user = get_user_by_account(username)
# user = User.objects.get(username=username)
sms_code = request.GET.get('sms_code')
# 从redis中获取真是的短信验证码
redis_conn = get_redis_connection('verify_codes')
real_sms_code = redis_conn.get('sms_%s' % user.mobile) # bytes
print("11", user.username, user.mobile)
print("real_sms_code", real_sms_code)
if real_sms_code is None:
return Response('短信验证码已经失效')
# 对比短信验证码
if real_sms_code.decode() != sms_code:
return Response('短信验证码填写错误')
# 生成用于修改密码的token值.
tjs = TJWSSerializer(settings.SECRET_KEY, 300)
access_token = tjs.dumps({'user_id': user.id}).decode()
return Response({'access_token': access_token, 'user_id': user.id})
def check_verify_email_token(token):
"""
检验邮件的token
:param token:
:return:
"""
serializer = TJWSSerializer(
settings.SECRET_KEY,
expires_in=constants.VERIFY_EMAIL_TOKEN_EXPIRES)
try:
data = serializer.loads(token)
except BadData:
return None
else:
email = data.get('email')
user_id = data.get('user_id')
try:
user = User.objects.get(id=user_id, email=email)
except User.DoesNotExist:
return None
else:
return user
def generate_email_verify_url(self):
"""生成邮箱验证链接"""
serializer = TJWSSerializer(settings.SECRET_KEY, expires_in=constants.EMAIL_VERIFY_TOKEN_EXPIRES)
data = {'user_id': self.id, 'email': self.email}
token = serializer.dumps(data)
verify_url = 'http://www.meiduo.site:8080/success_verify_email.html?token=' + token.decode()
return verify_url
def decode_token(token):
s = TJWSSerializer(settings.SECRET_KEY, expires_in=3600)
try:
result = s.loads(token)
except BadSignature:
return None
return result
def check_verify_email_token(token):
'''
用不到用户数据使用静态方法
校验邮箱链接
'''
# 解析需要使用到同样的serializer,配置一样的secret key和salt,使用loads方法来解析token。
serializer = TJWSSerializer(
settings.SECRET_KEY,
expires_in=constants.VERIFY_EMAIL_TOKEN_EXPIRES)
try:
# 加载
data = serializer.loads(token)
except BadData:
return None
else:
# 没有异常接受一下这个数据
user_id = data['user_id']
email = data['email']
# 查询数据库
try:
user = User.objects.get(id=user_id, email=email)
except User.DoesNotExist:
return None
return user
def validate(self, attrs):
# 解密openid
openid_token = attrs.pop('openid_token')
serializer = TJWSSerializer(settings.SECRET_KEY, 600)
try:
data = serializer.loads(openid_token)
openid = data.get('openid')
except BadData:
openid = None
if openid is None:
raise serializers.ValidationError('openid无效')
# openid 加入到字典中
attrs['openid'] = openid
mobile = attrs['mobile']
sms_code = attrs['sms_code']
email_code = attrs['email_code']
redis_conn_sms = get_redis_connection('sms_codes')
real_sms_code = redis_conn_sms.get('sms_%s' % attrs['mobile'])
if real_sms_code is None or sms_code != real_sms_code.decode():
raise serializers.ValidationError('短信验证码错误')
redis_conn_email = get_redis_connection('email_codes')
real_email_code = redis_conn_email.get('email_%s' % attrs['email'])
if real_email_code is None or email_code != real_email_code.decode():
raise serializers.ValidationError('邮箱验证码错误')
try:
user = User.objects.get(mobile=mobile)
except User.DoesNotExist:
pass
else:
attrs['user'] = user
return attrs
def generate_set_password_token(self):
"""
生成修改密码的token
"""
serializer = TJWSSerializer(settings.SECRET_KEY, expires_in=300)
data = {'user_id': self.id}
token = serializer.dumps(data)
return token.decode()
def loads(data_str, expires):
serializer = TJWSSerializer(settings.SECRET_KEY, expires)
try:
data_dict = serializer.loads(data_str)
except:
return None
else:
return data_dict
def generate_email_verify_url(self):
"""生成邮箱激活链接"""
serializer = TJWSSerializer(settings.SECRET_KEY, 3600 * 24)
data = {'user_id': self.id, 'email': self.email}
token = serializer.dumps(data).decode()
return 'http://' + settings.FRONT_END + '/success_verify_email.html?token=' + token
def generate_send_sms_code_token(self):
serializer = TJWSSerializer(settings.SECRET_KEY, constants.SEND_SMS_CODE_TOKEN_EXPIRES)
data = {
"mobile": self.mobile
}
token = serializer.dumps(data)
return token.decode()
def check_bind_user_access_token(access_token):
serializer = TJWSSerializer(settings.SECRET_KEY, constants.BIND_USER_ACCESS_TOKEN_EXPIRES)
try:
data = serializer.loads(access_token)
except BadData:
return None
else:
return data['openid']
def generate_set_password_token(self):
"""
生成修改密码的token
"""
serializer = TJWSSerializer(settings.SECRET_KEY, expires_in=constants.SET_PASSWORD_TOKEN_EXPIRES)
data = {'user_id': self.id}
token = serializer.dumps(data)
return token.decode()
def generate_send_sms_code_token(self):
"""
生成发送短信验证码的token
"""
serializer = TJWSSerializer(settings.SECRET_KEY, expires_in= 60)
data = {'mobile': self.mobile}
token = serializer.dumps(data)
return token.decode()
def generate_send_sms_token(self):
"""
生成发送短信验证码的token
"""
# 注意看导入的包,access_token是作为一种验证身份,使用itsdangerouse包
serializer = TJWSSerializer(settings.SECRET_KEY, expires_in=300)
data = {'mobile': self.mobile}
token = serializer.dumps(data)
return token.decode()
def generate_verify_email_url(self):
"""
生成验证邮箱的url
"""
serializer = TJWSSerializer(settings.SECRET_KEY, expires_in=300)
data = {'user_id': self.id, 'email': self.email}
token = serializer.dumps(data).decode()
verify_url = 'http://www.meiduo.site:8080/success_verify_email.html?token=' + token
return verify_url
def load_data(secret_key, token):
s = TJWSSerializer(secret_key)
try:
data = s.loads(token)
return data
except SignatureExpired: # valid token, but expired
return None
except BadSignature: # invalid token
return None
def generate_save_user_openid(openid):
#1,创建TJWSSerializer对象
serializer = TJWSSerializer(settings.SECRET_KEY, expires_in=300)
#2,加密数据
token = serializer.dumps({"openid": openid})
#3,返回
return token
def check_send_sms_token(access_token):
serializer = TJWSSerializer(
settings.SECRET_KEY, expires_in=constants.SEND_SMS_TOKEN_EXPIRES)
try:
payload = serializer.loads(access_token)
except BadData:
return None
else:
return payload.get('mobile')
def check_save_user_openid(access_token):
#1,创建serializer对象
serializer = TJWSSerializer(settings.SECRET_KEY, expires_in=300)
#2,解密openid
dict_data = serializer.loads(access_token)
#3,返回
return dict_data.get("openid")
def generate_set_password_token(self):
"""
生成重置密码的access_token
:return: access_token
"""
serializer = TJWSSerializer(settings.SECRET_KEY,
constants.SMS_CODE_REDIS_EXPIRES)
access_token = serializer.dumps({'user_id': self.id}).decode()
return access_token
def generate_send_sms_token(self):
"""
生成发送短信验证码的token
"""
serializer = TJWSSerializer(
settings.SECRET_KEY, expires_in=constants.SEND_SMS_TOKEN_EXPIRES)
data = {'mobile': self.mobile}
token = serializer.dumps(data)
return token.decode()
def encode_openid(openid):
# 1,创建加密对象
serializer = TJWSSerializer(secret_key=settings.SECRET_KEY, expires_in=300)
# 2,加密openid
token = serializer.dumps({"openid": openid})
# 3,返回加密的openid
return token.decode()
def check_save_user_token(access_token):
serializer = TJWSSerializer(
settings.SECRET_KEY,
expires_in=constants.SAVE_QQ_USER_TOKEN_EXPIRES)
try:
payload = serializer.loads(access_token)
except BadData:
return None
else:
return payload.get('openid')
def generate_save_user_token(openid):
"""
生成保存用户数据的token
:param openid: 用户的openid
:return: token
"""
serializer = TJWSSerializer(settings.SECRET_KEY, expires_in=constants.SAVE_QQ_USER_TOKEN_EXPIRES)
data = {'openid': openid}
token = serializer.dumps(data)
return token.decode()
def generate_access_token(openid):
"""
生成access_token
:return: token
"""
serializer = TJWSSerializer(
settings.SECRET_KEY,
expires_in=constants.SAVE_QQ_USER_TOKEN_EXPIRES)
token = serializer.dumps({"openid": openid})
return token.decode()
def generate_save_user_token(self, openid):
'''
生成保存用户数据的token
:param openid: 用户的openid
:return: token
'''
serializer = TJWSSerializer(settings.SECRET_KEY,
constants.BIND_USER_ACCESS_TOKEN_EXPIRES)
token = serializer.dumps({'openid': openid})
return token.decode()
def generate_send_sms_code_token(self): # self是user
# 创建itsdangerous模型的转换工具
serializer = TJWSSerializer(settings.SECRET_KEY,
SEND_SMS_CODE_TOKEN_EXPIRES)
# 将手机号字典放在token中
data = {"mobile": self.mobile}
# 生成token
token = serializer.dumps(data) # type:bytes
# 返回非二进制token
return token.decode()
def generate_verify_email_url(self):
"""生成用户的邮箱验证码链接地址"""
data = {'id': self.id, 'email': self.email}
serializer = TJWSSerializer(
secret_key=settings.SECRET_KEY,
expires_in=constants.VERIFY_EMAIL_TOKEN_EXPIRES)
token = serializer.dumps(data).decode()
verify_url = 'http://www.meiduo.site:8080/success_verify_email.html?token=' + token
return verify_url
def generate_send_sms_code_token(self):
"""生成发送短信验证码的access_token
:return: access_token
"""
# 创建itsdangerous的转换工具
serialier = TJWSSerializer(settings.SECRET_KEY,
constants.SEND_SMS_CODE_TOKEN_EXIPIRES)
data = {'mobile': self.mobile}
token = serialier.dumps(data)
return token.decode()
def generate_bind_user_access_token(self, openid):
"""
生成保存用户数据的token
:param openid: 用户的openid
:return: tokenf
"""
serializer = TJWSSerializer(settings.SECRET_KEY,
constants.BIND_USER_ACCESS_TOKEN_EXPIRES)
token = serializer.dumps({"openid": openid})
return token.decode()