def OAuthDirectLogin():
"""OAuth2直接登录(首选)"""
if request.method == 'POST':
openid = request.form.get("openid")
if openid:
auth = Authentication(g.mysql, g.redis)
# 直接注册新账号并设置登录态
ip = request.headers.get('X-Real-Ip', request.remote_addr)
res = auth.oauth2_signUp(openid, ip)
res = dfr(res)
if res["success"]:
# 记录登录日志
auth.brush_loginlog(
res,
login_ip=ip,
user_agent=request.headers.get("User-Agent"))
# 登录成功,设置cookie
sessionId = set_cookie(uid=res["uid"])
response = make_response(redirect(url_for(".index")))
# 设置cookie根据浏览器周期过期,当无https时去除`secure=True`
secure = False if request.url_root.split(
"://")[0] == "http" else True
response.set_cookie(key="sessionId",
value=sessionId,
max_age=None,
httponly=True,
secure=secure)
return response
else:
flash(res["msg"])
return redirect(url_for('.index'))
else:
return redirect(url_for(".index"))
def signUp():
if request.method == 'POST':
sceneid = request.args.get("sceneid") or "02"
token = request.form.get("token")
challenge = request.form.get("challenge")
if token and challenge and vaptcha.validate(challenge, token, sceneid):
account = request.form.get("account")
vcode = request.form.get("vcode")
password = request.form.get("password")
repassword = request.form.get("repassword")
register_ip = request.headers.get('X-Real-Ip', request.remote_addr)
auth = Authentication(g.mysql, g.redis)
try:
res = auth.signUp(account=account,
vcode=vcode,
password=password,
repassword=repassword,
register_ip=register_ip)
except Exception, e:
logger.error(e, exc_info=True)
flash(u"系统异常,请稍后再试")
else:
res = dfr(res)
if res["success"]:
# 写登陆日志
return redirect(url_for('.signIn'))
else:
flash(res["msg"])
else:
flash(u"人机验证失败")
return redirect(url_for('.signUp'))
def signUp():
if request.method == 'POST':
if vaptcha.validate:
account = request.form.get("account")
vcode = request.form.get("vcode")
password = request.form.get("password")
repassword = request.form.get("repassword")
auth = Authentication(g.mysql, g.redis)
try:
res = auth.signUp(account=account,
vcode=vcode,
password=password,
repassword=repassword,
register_ip=g.ip)
except Exception, e:
logger.error(e, exc_info=True)
flash(u"系统异常,请稍后再试")
else:
res = dfr(res)
if res["success"]:
# 写登陆日志
return redirect(url_for('.signIn'))
else:
flash(res["msg"])
else:
flash(u"人机验证失败")
return redirect(url_for('.signUp'))
def userprofile():
res = dict(msg=None, code=1)
if request.method == "GET":
getBind = True if request.args.get("getBind") in ("true", "True",
True) else False
res = g.api.userprofile.getUserProfile(g.uid, getBind)
elif request.method == "PUT":
"""修改个人资料,包含:基本资料、密码、头像、社交账号绑定"""
Action = request.args.get("Action")
if Action == "profile":
data = {
k: v
for k, v in request.form.iteritems()
if k in ("nick_name", "domain_name", "birthday", "location",
"gender", "signature")
}
res = g.api.userprofile.updateUserProfile(uid=g.uid, **data)
if res["code"] == 0:
# 同步基本资料
g.api.usersso.clientsConSync(
g.api.userapp.getUserApp, g.uid,
dict(CallbackType="user_profile", CallbackData=data))
elif Action == "password":
nowpass = request.form.get("nowpass")
newpass = request.form.get("newpass")
repass = request.form.get("repass")
res = g.api.userprofile.updateUserPassword(uid=g.uid,
nowpass=nowpass,
newpass=newpass,
repass=repass)
logger.info(res)
return jsonify(dfr(res))
def OAuthDirectLogin():
"""OAuth2直接登录(首选)"""
if request.method == 'POST':
sso = request.args.get("sso") or None
logger.debug("OAuthDirectLogin, sso type: {}, content: {}".format(
type(sso), sso))
openid = request.form.get("openid")
if openid:
auth = Authentication(g.mysql, g.redis)
# 直接注册新账号并设置登录态
res = auth.oauth2_signUp(openid, g.ip)
res = dfr(res)
if res["success"]:
# 记录登录日志
auth.brush_loginlog(
res,
login_ip=g.ip,
user_agent=request.headers.get("User-Agent"))
sso_isOk, sso_returnUrl, sso_appName = checkGet_ssoRequest(sso)
sessionId, returnUrl = checkSet_ssoTicketSid(
sso_isOk, sso_returnUrl, sso_appName, res["uid"],
url_for("front.userset", _anchor="bind"))
logger.debug(
"OAuthDirectLogin post returnUrl: {}".format(returnUrl))
return set_loginstate(sessionId, returnUrl)
else:
flash(res["msg"])
return redirect(
url_for("front.OAuthGuide", openid=openid, sso=sso))
else:
return redirect(g.redirect_uri)
def activate(token):
res = dfr(check_activate_token(token))
if res["code"] == 0:
data = res["data"]
Action = data["Action"]
if Action == "verifyEmail":
username = data["username"]
checkmail = data["email"]
uk = rsp("account", username)
usermail = g.rc.hget(uk, "email")
success = False
url = url_for("front.my") if g.signin else url_for("front.login")
if checkmail == usermail:
g.rc.hset(uk, "email_verified", 1)
success = True
return render_template("public/go.html", url=url, success=success)
elif Action == "resetPassword":
username = data["username"]
return render_template("public/forgot.html",
is_reset=True,
token=token,
user=username)
else:
name = res["msg"]
if PY2 and not isinstance(name, text_type):
name = name.decode("utf-8")
return render_template("public/error.html",
code=res["code"],
name=name)
def usermsg():
res = dict(msg=None, code=1)
Action = request.args.get("Action")
if request.method == "POST":
if Action == "addMessage":
res = g.api.usermsg.push_message(
g.uid, request.form.get("msgContent"),
request.form.get("msgType", "system"))
elif Action == "markMessage":
res = g.api.usermsg.markstatus_message(g.uid,
request.form.get("msgId"))
elif request.method == "GET":
if Action == "getCount":
res = g.api.usermsg.count_message(
g.uid,
request.args.get("msgStatus") or 1)
elif Action == "getList":
res = g.api.usermsg.pull_message(
g.uid,
request.args.get("msgStatus") or 1,
request.args.get("msgType"),
True if request.args.get("desc", True) in (True, "True",
"true") else False)
elif request.method == "DELETE":
if Action == "delMessage":
res = g.api.usermsg.delete_message(g.uid,
request.form.get("msgId"))
elif Action == "clearMessage":
res = g.api.usermsg.clear_message(g.uid)
logger.info(res)
return jsonify(dfr(res))
def usersecurity():
res = dict(msg=None, code=1)
Action = request.args.get("Action")
if request.method == "GET":
if Action == "getSessions":
sd = analysis_sessionId(request.cookies.get("sessionId"))
if sd:
res.update(code=0)
data = dict()
# 获取当前会话
if request.args.get("getCurrentSession", True) in (True, "True", "true"):
browserType, browserDevice, browserOs, browserFamily = parse_userAgent(request.headers.get("User-Agent"))
area = getIpArea(g.ip)
if len(area.split()) >= 3:
area = area.split()[2]
CurrentSession = dict(iat=sd['iat'], exp=sd['exp'], browser=dict(family=" ".join(browserFamily.split()[:-1]), os=browserOs), ip=g.ip, area=area)
if g.sid:
CurrentSession["session"] = g.api.usersso.ssoGetWithSid(g.sid, True)
data["CurrentSession"]=CurrentSession
# 获取其他会话
if request.args.get("getOtherSession") in (True, "True", "true"):
OtherSession = [ g.api.usersso.ssoGetWithSid(sid, True) for sid in g.api.usersso.ssoGetRegisteredUserSid(g.uid) if g.sid != sid and g.api.usersso.ssoExistWithSid(sid) ]
data["OtherSession"] = OtherSession
res["data"] = data
elif Action == "getLoginHistory":
# 获取登录历史
sort = request.args.get("sort") or "desc"
page = request.args.get("page") or 1
limit = request.args.get("limit") or 10
res = g.api.userprofile.listUserLoginHistory(uid=g.uid, page=page, limit=limit, sort=sort)
logger.info(res)
return jsonify(dfr(res))
def misc_feedback():
res = dict(msg=None, success=False)
if request.method == "POST":
point = request.form.get("point")
content = request.form.get("content")
email = request.form.get("email")
check = True
if point and content:
if email:
if not email_check(email):
check = False
res.update(msg="Bad mailbox format")
else:
check = False
res.update(msg="There are invalid parameters")
if check:
# 初始化邮箱发送服务
sendmail = SendMail()
result = sendmail.SendMessage(
to_addr=SYSTEM["EMAIL"],
subject=u"SaintIC Passport 用户反馈: %s" % point,
formatType="html",
message=u"用户预留邮箱:%s<br/>用户反馈内容:<br/>%s" % (email, content))
res.update(result)
return jsonify(dfr(res))
def userprofile():
res = dict(msg=None, code=1)
if request.method == "GET":
getBind = True if request.args.get("getBind") in ("true", "True", True) else False
res = g.api.userprofile.getUserProfile(g.uid, getBind)
elif request.method == "POST":
Action = request.args.get("Action")
if Action == "bindLauth":
account = request.form.get("account")
vcode = request.form.get("vcode")
password = request.form.get("password")
auth = Authentication()
res = auth.bindLauth(uid=g.uid, account=account, vcode=vcode, password=password)
if res["success"] == True and res["show_realname_tip"] == True:
res['set_realname'] = g.api.userprofile.updateUserRealname(g.uid)
elif request.method == "PUT":
"""修改个人资料,包含:基本资料、密码、头像、社交账号绑定"""
Action = request.args.get("Action")
if Action == "profile":
data = {k: v for k, v in request.form.iteritems() if k in ("nick_name", "domain_name", "birthday", "location", "gender", "signature")}
res = g.api.userprofile.updateUserProfile(uid=g.uid, **data)
if res["code"] == 0:
# 同步基本资料
g.api.usersso.clientsConSync(g.api.userapp.getUserApp, g.uid, dict(CallbackType="user_profile", CallbackData=data))
elif Action == "password":
nowpass = request.form.get("nowpass")
newpass = request.form.get("newpass")
repass = request.form.get("repass")
res = g.api.userprofile.updateUserPassword(uid=g.uid, nowpass=nowpass, newpass=newpass, repass=repass)
logger.info(res)
return jsonify(dfr(res))
def signUp():
if request.method == 'POST':
res = dict(msg=None, code=1, nextUrl=url_for('.signUp'))
if vaptcha.validate:
account = request.form.get("account")
vcode = request.form.get("vcode")
password = request.form.get("password")
repassword = request.form.get("repassword")
auth = Authentication(g.mysql, g.redis)
result = auth.signUp(account=account,
vcode=vcode,
password=password,
repassword=repassword,
register_ip=g.ip)
#注册欢迎消息
FastPushMessage(
result, "欢迎您的加入!%s使用中有任何问题,都可以反馈哦。" %
("" if email_check(account) else "您使用手机注册,已经完成实名认证!", ))
if result["success"]:
res.update(code=0, nextUrl=url_for('.signIn'))
else:
res.update(msg=result["msg"])
else:
res.update(msg="Man-machine verification failed")
print res
return jsonify(dfr(res))
return render_template("auth/signUp.html", vaptcha=vaptcha.getChallenge)
def userlogin():
if request.method == 'POST':
res = dict(code=1)
auth = Authentication(g.mysql, g.redis)
result = auth.signIn(
account=request.form.get("account"),
password=request.form.get("password")
)
if result["success"]:
uid = result["uid"]
# 记录登录日志
auth.brush_loginlog(result, login_ip=g.ip, user_agent=g.agent)
fields = request.form.get("fields") or "is_admin,avatar,nick_name"
fields = [i for i in comma_pat.split(fields) if i]
fields = set(fields)
fields.update(["avatar", "nick_name"])
fields = list(fields)
infores = g.api.userprofile.getUserProfile(uid)
data = {}
if infores["code"] == 0:
data = infores["data"]
data.update(token=set_sessionId(uid, 7200))
res.update(code=0, data={k: data[k] for k in fields if k in data})
else:
res.update(msg=result["msg"])
return jsonify(dfr(res))
def callback(result):
logger.info(result)
if result["sender"] == "up2local":
result["src"] = url_for("static",
filename=join(UPLOAD_FOLDER,
upload_path, filename),
_external=True)
data.append(dfr(result))
def handle_page_error(e):
resp = dfr(e.to_dict())
return (
render_template("public/error.html",
code=resp["code"],
name=resp["msg"]),
e.status_code,
)
def authorized():
""" 授权回调路由
此路由地址:/oauth2/gitee/authorized
"""
# 加密的sso参数值
sso = request.args.get("sso") or None
# 换取access_token
resp = gitee.authorized_response()
print resp
if resp and isinstance(resp, dict) and "access_token" in resp:
# 根据access_token获取用户基本信息
user = gitee.get_userinfo(resp["access_token"])
if not "id" in user:
flash(user.get("status", "Gitee error"))
return redirect(g.redirect_uri)
# 处理第三方登录逻辑
auth = Authentication(g.mysql, g.redis)
# 第三方账号登录入口`oauth2_go`
goinfo = auth.oauth2_go(name=name,
signin=g.signin,
tokeninfo=resp,
userinfo=dict(openid=user["id"],
nick_name=user["name"],
gender=2,
avatar=user["avatar_url"],
domain_name=user["login"],
signature=user["bio"]),
uid=g.uid)
goinfo = dfr(goinfo)
if goinfo["pageAction"] == "goto_signIn":
""" 未登录流程->已经绑定过账号,需要设置登录态 """
uid = goinfo["goto_signIn_data"]["guid"]
# 记录登录日志
auth.brush_loginlog(dict(identity_type=oauth2_name2type(name),
uid=uid,
success=True),
login_ip=g.ip,
user_agent=request.headers.get("User-Agent"))
# 设置登录态
return gitee.goto_signIn(uid=uid, sso=sso)
elif goinfo["pageAction"] == "goto_signUp":
""" 未登录流程->执行注册绑定功能 """
return gitee.goto_signUp(
openid=goinfo["goto_signUp_data"]["openid"], sso=sso)
else:
# 已登录流程->正在绑定第三方账号:反馈绑定结果
if goinfo["success"]:
# 绑定成功,返回原页面
flash(u"已绑定")
else:
# 绑定失败,返回原页面
flash(goinfo["msg"])
# 跳回绑定设置页面
return redirect(url_for("front.userset", _anchor="bind"))
else:
flash(u'Access denied: reason=%s error=%s' %
(resp.get('error'), resp.get('error_description')))
return redirect(g.redirect_uri)
def fgp():
# 忘记密码页-重置密码
res = dict(msg=None, success=False)
if request.method == "POST":
vcode = request.form.get("vcode")
account = request.form.get("account")
password = request.form.get("password")
if vaptcha.validate:
auth = Authentication()
res = auth.forgot(account=account, vcode=vcode, password=password)
else:
res.update(msg="Man-machine verification failed")
return jsonify(dfr(res))
def authorized():
""" 授权回调路由
此路由地址:/oauth2/qq/authorized
"""
# 加密的sso参数值
sso = request.args.get("sso") or None
# 换取access_token
resp = qq.authorized_response()
if "callback" in resp:
resp = json.loads(resp[10:-3])
else:
resp = qq.url_code(resp)
if resp and isinstance(resp, dict) and "access_token" in resp:
# 获取用户唯一标识
openid = json.loads(qq.get_openid(resp["access_token"])[10:-3]).get("openid")
# 根据access_token获取用户基本信息
user = qq.get_userinfo(resp["access_token"], openid=openid, oauth_consumer_key=PLUGINS[name]["APP_ID"])
if int(user.get("ret", 0)) < 0:
flash(user.get("msg"))
return redirect(g.redirect_uri)
# 处理第三方登录逻辑
auth = Authentication(g.mysql, g.redis)
# 第三方账号登录入口`oauth2_go`
goinfo = auth.oauth2_go(name=name, signin=g.signin, tokeninfo=resp, userinfo=dict(openid=openid, nick_name=user["nickname"], gender=oauth2_genderconverter(user["gender"]), avatar=user["figureurl_qq_2"] or user["figureurl_qq_1"], location="%s %s" %(user.get("province"), user.get("city"))), uid=g.uid)
goinfo = dfr(goinfo)
if goinfo["pageAction"] == "goto_signIn":
""" 未登录流程->已经绑定过账号,需要设置登录态 """
uid = goinfo["goto_signIn_data"]["guid"]
# 记录登录日志
auth.brush_loginlog(dict(identity_type=oauth2_name2type(name), uid=uid, success=True), login_ip=g.ip, user_agent=request.headers.get("User-Agent"))
# 设置登录态
return qq.goto_signIn(uid=uid, sso=sso)
elif goinfo["pageAction"] == "goto_signUp":
""" 未登录流程->openid没有对应账号,执行注册或绑定功能 """
return qq.goto_signUp(openid=goinfo["goto_signUp_data"]["openid"], sso=sso)
else:
# 已登录流程->正在绑定第三方账号:反馈绑定结果
if goinfo["success"]:
# 绑定成功,返回原页面
flash(u"已绑定")
else:
# 绑定失败,返回原页面
flash(goinfo["msg"])
# 跳回绑定设置页面
return redirect(url_for("front.userset", _anchor="bind"))
else:
flash(u'Access denied: reason=%s error=%s' % (
resp.get('error'),
resp.get('error_description')
))
return redirect(g.redirect_uri)
def fgp():
# 忘记密码页-重置密码
res = dict(msg=None, code=1)
if request.method == "POST":
vcode = request.form.get("vcode")
account = request.form.get("account")
password = request.form.get("password")
auth = Authentication(g.mysql, g.redis)
result = auth.forgot(account=account, vcode=vcode, password=password)
if result["success"]:
res.update(code=0, nextUrl=url_for("front.signIn"))
else:
res.update(msg=result["msg"])
return jsonify(dfr(res))
def unbind():
# 解绑账号
identity_name = request.args.get("identity_name")
if identity_name:
auth = Authentication(g.mysql, g.redis)
res = auth.unbind(g.uid, oauth2_name2type(identity_name))
res = dfr(res)
if res["code"] == 0:
flash(u"解绑成功")
else:
flash(res["msg"])
else:
flash(u"无效参数")
return redirect(url_for("front.userset", _anchor="bind"))
def userapp():
"""管理接口"""
res = dict(msg=None, code=1)
if request.method == "GET":
# 定义参数
sort = request.args.get("sort") or "desc"
page = request.args.get("page") or 1
limit = request.args.get("limit") or 10
# 参数检查
try:
page = int(page)
limit = int(limit)
page -= 1
if page < 0:
raise
except:
res.update(code=2, msg="There are invalid parameters")
else:
# 从封装类中获取数据
res.update(g.api.userapp.listUserApp())
data = res.get("data")
if data and isinstance(data, (list, tuple)):
data = [i for i in sorted(data, reverse=False if sort == "asc" else True)]
count = len(data)
data = ListEqualSplit(data, limit)
pageCount = len(data)
if page < pageCount:
res.update(code=0, data=data[page], pageCount=pageCount, page=page, limit=limit, count=count)
else:
res.update(code=3, msg="There are invalid parameters")
else:
res.update(code=4, msg="No data")
elif request.method == "POST":
name = request.form.get("name")
description = request.form.get("description")
app_redirect_url = request.form.get("app_redirect_url")
res.update(g.api.userapp.createUserApp(name=name, description=description, app_redirect_url=app_redirect_url))
elif request.method == "PUT":
name = request.form.get("name")
description = request.form.get("description")
app_redirect_url = request.form.get("app_redirect_url")
res.update(g.api.userapp.updateUserApp(name=name, description=description, app_redirect_url=app_redirect_url))
elif request.method == "DELETE":
name = request.form.get("name")
res.update(g.api.userapp.deleteUserApp(name=name))
FastPushMessage(res, "您于<i>{}</i>删除了一个SSO客户端应用:<strong>{}</strong>".format(timestamp_to_timestring(get_current_timestamp()), name))
logger.info(res)
return jsonify(dfr(res))
def authorized():
""" 授权回调路由
此路由地址:/oauth2/coding/authorized
"""
# 加密的sso参数值
sso = request.args.get("sso") or None
# 换取access_token
resp = coding.authorized_response()
if resp and isinstance(resp, dict) and "access_token" in resp:
# 根据access_token获取用户基本信息
user = coding.get_userinfo(resp["access_token"])
if user["code"] != 0:
flash(user["msg"].keys())
return redirect(g.redirect_uri)
user = user["data"]
# 处理第三方登录逻辑
auth = Authentication(g.mysql, g.redis)
# 第三方账号登录入口`oauth2_go`
avatar = "https://coding.net" + user["avatar"] if user["avatar"].startswith("/") else user["avatar"]
goinfo = auth.oauth2_go(name=name, signin=g.signin, tokeninfo=resp, userinfo=dict(openid=user["id"], nick_name=user["name"], gender=oauth2_genderconverter(user["sex"]), avatar=avatar, domain_name=user["global_key"], signature=user["slogan"], location=user.get("location")), uid=g.uid)
goinfo = dfr(goinfo)
if goinfo["pageAction"] == "goto_signIn":
""" 未登录流程->已经绑定过账号,需要设置登录态 """
uid = goinfo["goto_signIn_data"]["guid"]
# 记录登录日志
auth.brush_loginlog(dict(identity_type=oauth2_name2type(name), uid=uid, success=True), login_ip=g.ip, user_agent=request.headers.get("User-Agent"))
# 设置登录态
return coding.goto_signIn(uid=uid, sso=sso)
elif goinfo["pageAction"] == "goto_signUp":
""" 未登录流程->执行注册绑定功能 """
return coding.goto_signUp(openid=goinfo["goto_signUp_data"]["openid"], sso=sso)
else:
# 已登录流程->正在绑定第三方账号:反馈绑定结果
if goinfo["success"]:
# 绑定成功,返回原页面
flash(u"已绑定")
else:
# 绑定失败,返回原页面
flash(goinfo["msg"])
# 跳回绑定设置页面
return redirect(url_for("front.userset", _anchor="bind"))
else:
flash(u'Access denied: reason=%s error=%s' % (
request.args.get('error'),
request.args.get('error_description')
))
return redirect(g.redirect_uri)
def fgp():
# 忘记密码页-重置密码
res = dict(msg=None, code=1)
if request.method == "POST":
vcode = request.form.get("vcode")
account = request.form.get("account")
password = request.form.get("password")
if vaptcha.validate:
auth = Authentication()
result = auth.forgot(account=account, vcode=vcode, password=password)
if result["success"]:
res.update(code=0, nextUrl=url_for("front.signIn"))
else:
res.update(msg=result["msg"])
else:
res.update(msg="Man-machine verification failed")
return jsonify(dfr(res))
def OAuthBindAccount():
"""OAuth2绑定已有账号登录"""
if request.method == 'POST':
openid = request.form.get("openid")
sceneid = request.args.get("sceneid") or "03"
token = request.form.get("token")
challenge = request.form.get("challenge")
if token and challenge and vaptcha.validate(challenge, token, sceneid):
account = request.form.get("account")
password = request.form.get("password")
auth = Authentication(g.mysql, g.redis)
res = auth.oauth2_bindLogin(openid=openid,
account=account,
password=password)
res = dfr(res)
if res["success"]:
# 记录登录日志
auth.brush_loginlog(
res,
login_ip=request.headers.get('X-Real-Ip',
request.remote_addr),
user_agent=request.headers.get("User-Agent"))
# 登录成功,设置cookie
sessionId = set_cookie(uid=res["uid"])
response = make_response(redirect(url_for(".index")))
# 设置cookie根据浏览器周期过期,当无https时去除`secure=True`
secure = False if request.url_root.split(
"://")[0] == "http" else True
response.set_cookie(key="sessionId",
value=sessionId,
max_age=None,
httponly=True,
secure=secure)
return response
else:
flash(res["msg"])
else:
flash(u"人机验证失败")
return redirect(url_for('.OAuthBindAccount', openid=openid))
else:
openid = request.args.get("openid")
if openid:
return render_template("auth/OAuthBindAccount.html")
else:
redirect(url_for(".index"))
def authorized():
""" 授权回调路由
此路由地址:/oauth2/baidu/authorized
"""
# 换取access_token
resp = baidu.authorized_response()
print "authorized_response:",resp
if resp and isinstance(resp, dict) and "access_token" in resp:
# 根据access_token获取用户基本信息
user = baidu.get_userinfo(resp["access_token"])
if user.get("error"):
flash("{} error_description: {}".format(user.get("error"), user.get("error_description")))
return redirect(url_for("front.index"))
# 处理第三方登录逻辑
auth = Authentication(g.mysql, g.redis)
avatar = "http://tb.himg.baidu.com/sys/portrait/item/" + user["portrait"]
# 第三方账号登录入口`oauth2_go`
goinfo = auth.oauth2_go(name=name, signin=g.signin, tokeninfo=resp, userinfo=dict(openid=user["userid"], nick_name=user["username"], gender=user["sex"], avatar=avatar, signature=user["userdetail"], location=user.get("location")), uid=g.uid)
goinfo = dfr(goinfo)
if goinfo["pageAction"] == "goto_signIn":
""" 未登录流程->执行登录 """
# 记录登录日志
auth.brush_loginlog(dict(identity_type=oauth2_name2type(name), uid=goinfo["goto_signIn_data"]["guid"], success=True), login_ip=request.headers.get('X-Real-Ip', request.remote_addr), user_agent=request.headers.get("User-Agent"))
# 设置登录态
return baidu.goto_signIn(uid=goinfo["goto_signIn_data"]["guid"])
elif goinfo["pageAction"] == "goto_signUp":
""" 未登录流程->执行注册绑定功能 """
return baidu.goto_signUp(openid=goinfo["goto_signUp_data"]["openid"])
else:
# 已登录流程->反馈绑定结果
if goinfo["success"]:
# 绑定成功,返回原页面
flash(u"已绑定")
else:
# 绑定失败,返回原页面
flash(goinfo["msg"])
# 跳回原页面
return redirect(url_for("front.index"))
else:
flash(u'Access denied: reason=%s error=%s' % (
request.args.get('error'),
request.args.get('error_description')
))
return redirect(url_for("front.index"))
def authorized():
""" 授权回调路由
此路由地址:/oauth2/github/authorized
"""
# 换取access_token
resp = github.authorized_response()
resp = github.url_code(resp)
print "authorized_response:",resp
if resp and isinstance(resp, dict) and "access_token" in resp:
# 根据access_token获取用户基本信息
user = github.get_userinfo(resp["access_token"])
# 处理第三方登录逻辑
auth = Authentication(g.mysql, g.redis)
# 第三方账号登录入口`oauth2_go`
goinfo = auth.oauth2_go(name=name, signin=g.signin, tokeninfo=resp, userinfo=dict(openid=user["id"], nick_name=user["name"], gender=2, avatar=user["avatar_url"], domain_name=user["login"], signature=user["bio"], location=user.get("location")), uid=g.uid)
goinfo = dfr(goinfo)
if goinfo["pageAction"] == "goto_signIn":
""" 未登录流程->执行登录 """
# 记录登录日志
auth.brush_loginlog(dict(identity_type=oauth2_name2type(name), uid=goinfo["goto_signIn_data"]["guid"], success=True), login_ip=request.headers.get('X-Real-Ip', request.remote_addr), user_agent=request.headers.get("User-Agent"))
# 设置登录态
return github.goto_signIn(uid=goinfo["goto_signIn_data"]["guid"])
elif goinfo["pageAction"] == "goto_signUp":
""" 未登录流程->执行注册绑定功能 """
return github.goto_signUp(openid=goinfo["goto_signUp_data"]["openid"])
else:
# 已登录流程->反馈绑定结果
if goinfo["success"]:
# 绑定成功,返回原页面
flash(u"已绑定")
else:
# 绑定失败,返回原页面
flash(goinfo["msg"])
# 跳回原页面
return redirect(url_for("front.index"))
else:
flash(u'Access denied: reason=%s error=%s' % (
request.args.get('error'),
request.args.get('error_description')
))
return redirect(url_for("front.index"))
def OAuthBindAccount():
"""OAuth2绑定已有账号登录"""
if request.method == 'POST':
sso = request.args.get("sso") or None
logger.debug("OAuthBindAccount, sso type: {}, content: {}".format(
type(sso), sso))
openid = request.form.get("openid")
if vaptcha.validate:
account = request.form.get("account")
password = request.form.get("password")
auth = Authentication(g.mysql, g.redis)
res = auth.oauth2_bindLogin(openid=openid,
account=account,
password=password)
res = dfr(res)
if res["success"]:
# 记录登录日志
auth.brush_loginlog(
res,
login_ip=g.ip,
user_agent=request.headers.get("User-Agent"))
sso_isOk, sso_returnUrl, sso_appName = checkGet_ssoRequest(sso)
sessionId, returnUrl = checkSet_ssoTicketSid(
sso_isOk, sso_returnUrl, sso_appName, res["uid"],
url_for("front.userset", _anchor="bind"))
logger.debug(
"OAuthBindAccount post returnUrl: {}".format(returnUrl))
return set_loginstate(sessionId, returnUrl)
else:
flash(res["msg"])
else:
flash(u"人机验证失败")
return redirect(url_for('.OAuthBindAccount', openid=openid, sso=sso))
else:
openid = request.args.get("openid")
if openid:
return render_template("auth/OAuthBindAccount.html",
vaptcha=vaptcha.getChallenge)
else:
return redirect(g.redirect_uri)
def signIn():
if request.method == 'POST':
sceneid = request.args.get("sceneid") or "01"
token = request.form.get("token")
challenge = request.form.get("challenge")
if token and challenge and vaptcha.validate(challenge, token, sceneid):
account = request.form.get("account")
password = request.form.get("password")
login_ip = request.headers.get('X-Real-Ip', request.remote_addr)
auth = Authentication(g.mysql, g.redis)
res = auth.signIn(account=account, password=password)
res = dfr(res)
if res["success"]:
# 记录登录日志
auth.brush_loginlog(
res,
login_ip=login_ip,
user_agent=request.headers.get("User-Agent"))
# 登录成功,设置cookie
sessionId = set_cookie(uid=res["uid"])
response = make_response(redirect(g.redirect_uri))
# 设置cookie根据浏览器周期过期,当无https时去除`secure=True`
secure = False if request.url_root.split(
"://")[0] == "http" else True
response.set_cookie(key="sessionId",
value=sessionId,
max_age=None,
httponly=True,
secure=secure)
return response
else:
flash(res["msg"])
else:
flash(u"人机验证失败")
return redirect(url_for('.signIn'))
return render_template("auth/signIn.html")
except Exception, e:
logger.error(e, exc_info=True)
res.update(msg="System is abnormal")
else:
res.update(
msg="Sent verification code, valid for 300 seconds",
success=True)
else:
res.update(
msg="Mail delivery failed, please try again later")
elif phone_check(account):
res.update(msg="Not support phone number")
else:
res.update(msg="Invalid account")
logger.debug(res)
return jsonify(dfr(res))
@ApiBlueprint.route("/miscellaneous/_getDownTime")
def misc_getDownTime():
"""Vaptcha宕机模式接口"""
return jsonify(vaptcha.getDownTime)
@ApiBlueprint.route("/miscellaneous/feedback/", methods=["POST"])
def misc_feedback():
res = dict(msg=None, success=False)
if request.method == "POST":
point = request.form.get("point")
content = request.form.get("content")
email = request.form.get("email")
def translate(res):
if res.is_json:
data = res.get_json()
if isinstance(data, dict):
res.set_data(json.dumps(dfr(data)))
return res
try:
printcolor("请根据提示输入信息以创建管理员用户", "red")
email = raw_input("请输入管理员邮箱账号:")
password = getpass.getpass("请输入管理员账号密码:")
repasswd = getpass.getpass("请确认管理员账号密码:")
except KeyboardInterrupt:
sys.stdout.write('\n')
exit(1)
else:
if not email_check(email):
printcolor("请输入正确的邮箱", "yellow")
else:
if password != repasswd:
printcolor("两次密码不一致", "yellow")
else:
res = dfr(__createSuperuser(email, password), "zh-CN")
if res["success"] is True:
printcolor(
"管理员注册成功,账号是<%s>,密码是<%s>,请妥善保管!" % (email, password),
"green")
else:
printcolor(res["msg"], "yellow")
if __name__ == "__main__":
import argparse
parser = argparse.ArgumentParser()
parser.add_argument("--refresh_loginlog",
help=u"刷入登录日志",
default=False,
action='store_true')
