def api_register_user(*, email, name, passwd): # 字段校验 if not name or not name.strip(): raise APIValueError('name') if not email or not _RE_EMAIL.match(email): raise APIValueError('email') if not passwd or not _RE_SHA1.match(passwd): raise APIValueError('passwd') users = yield from User.findAll('email=?', [email]) # email 不能重复 if len(users) > 0: raise APIError('register: failed', 'email', 'Email is already in use.') uid = next_id() sha1_passwd = '%s:%s' % (uid, passwd) # 混淆密码 admin = False # if email == '*****@*****.**': # admin = True user = User(id=uid, name=name.strip(), email=email, passwd=hashlib.sha1(sha1_passwd.encode('utf-8')).hexdigest(), image='http://www.gravatar.com/avatar/%s?d=mm&s=120' % hashlib.md5(email.encode('utf-8')).hexdigest(), admin=admin) yield from user.save() r = web.Response() r.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True) user.passwd = '******' # 创建用户成功后,隐藏密码 r.content_type = 'application/json' r.body = json.dumps(user, ensure_ascii=False).encode('utf-8') return r
async def user_yes(request, *, name, em, mm, t): ''' 邮箱验证注册 :param request: :param name: :param em: :param mm: :return: ''' if float(time.time()) - float(t) > 1800: return 'redirect:/' uid = next_id() sha1_passwd = '%s:%s' % (uid, mm) user = User(id=uid, name=name.strip(), email=em, passwd=hashlib.sha1(sha1_passwd.encode('utf-8')).hexdigest(), image='http://www.gravatar.com/avatar/%s?d=mm&s=120' % hashlib.md5(em.encode('utf-8')).hexdigest()) await user.save() # make session cookie r = web.Response() r.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True) user.passwd = '******' r.content_type = 'application/json' r.body = json.dumps(user, ensure_ascii=False).encode('utf-8') return 'redirect:/'
async def api_register_user(*, email, name, passwd): if not name or not name.strip(): raise APIValueError('name') if not email or not _RE_EMAIL.match(email): raise APIValueError('email') if not passwd or not _RE_SHA1.match(passwd): raise APIValueError('passwd') users = await User.findAll('email=?', [email]) if len(users) > 0: raise APIError('register:failed', 'email', 'Email is already in use.') uid = next_id() sha1_passwd = '%s:%s' % (uid, passwd) user = User(id=uid, name=name.strip(), email=email, passwd=hashlib.sha1(sha1_passwd.encode('utf-8')).hexdigest(), image='http://www.gravatar.com/avatar/%s?d=mm&s=120' % hashlib.md5(email.encode('utf-8')).hexdigest()) await user.save() # make session cookie: r = web.Response() r.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True) user.passwd = '******' r.content_type = 'application/json' r.body = json.dumps(user, ensure_ascii=False).encode('utf-8') return r
def api_get_users(*, page='1'): page_index = get_page_index(page) num = yield from User.findNumber('count(id)') p = Page(num, page_index) if num == 0: return dict(page=p, users=()) users = yield from User.findAll(orderBy='created_at desc', limit=(p.offset, p.limit)) for u in users: u.passwd = '******' return dict(page=p, users=users)
def cookie2user(cookie_str): """ Parse cookie and load user if cookie is valid 从cookie中验证用户,返回由cookie查找到的用户 :param cookie_str: cookie字符串 :return: """ if not cookie_str: return None try: L = cookie_str.split('-') if len(L) != 3: return None uid, expires, sha1 = L if int(expires) < time.time(): return None user = yield from User.find(uid) if user is None: return None s = '%s-%s-%s-%s' % (uid, user.passwd, expires, _COOKIE_KEY) if sha1 != hashlib.sha1(s.encode('utf-8')).hexdigest(): logging.info('invalid sha1') return None user.passwd = '******' return user except Exception as e: logging.exception(e) return None
def authenticate(*, email, passwd): if not email: raise APIValueError('email', 'Invalid email.') if not passwd: raise APIValueError('passwd', 'Invalid password.') users = yield from User.findAll('email=?', [email]) if len(users) == 0: raise APIValueError('email', 'Email not exist.') user = users[0] # check passwd: sha1 = hashlib.sha1() sha1.update(user.id.encode('utf-8')) sha1.update(b':') sha1.update(passwd.encode('utf-8')) if user.passwd != sha1.hexdigest(): raise APIValueError('passwd', 'Invalid password.') # authenticate ok, set cookie: r = web.Response() r.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly="True") user.passwd = '******' r.content_type = 'application/json' r.body = json.dumps(user, ensure_ascii=False).encode('utf-8') return r
def user_register(): form = UserRegistration() if form.validate_on_submit(): password_hash = crypt.generate_password_hash( form.password.data).decode('utf-8') user = User(email=form.email.data, password=password_hash, display_name=form.display_name.data) database.session.add(user) database.session.commit() flash("Registration Successful, please login to continue", "success") logger(state="INFO", message="User account for {} created".format(form.email.data)) return redirect(url_for('runtime.user_login')) else: return render_template('user_register.html', title="Register Account", form=form)
def authenticate(*, email, passwd): if not email: raise APIValueError('email', 'Invalid email') if not passwd: raise APIValueError('passwd', 'Invalid password') users = yield from User.findAll('email=?', email) if len(users) == 0: raise APIValueError('email', 'Email not exist') user = users[0] sha1 = hashlib.sha1() sha1.update(user.id.encode('utf-8')) sha1.update(b':') sha1.update(passwd.encode('utf-8')) if user.passwd != sha1.hexdigest(): raise APIValueError('passwd', 'Invalid password') # 验证成功,开始生成response,设置cookie,返回 r = web.Response() r.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True) user.passwd = '******' r.content_type = 'application/json' r.body = json.dumps(user, ensure_ascii=False).encode('utf-8') return r
def test(loop): yield from orm.create_pool(loop=loop, user='******', password='******', db='awesome') u = User(name='Won', email='*****@*****.**', passwd='1234567890', image='about:blank') yield from u.save()
def test(loop): yield from orm.create_pool(loop, user='******', password='******', database='awesome_study') u = User(name='Test', email='*****@*****.**', passwd='1234567890', image='about:blank') yield from u.save()