Exemplo n.º 1
0
    def post(self):
        form = LoginForm(self.arguments)

        if form.validate():
            user = self.have_user(form.username.data)
            if user and User.check_password(user.password, form.password.data):

                remember_me = self.get_argument("remember", "off")

                if remember_me == "on":
                    expires_days = 30
                else:
                    expires_days = None

                self.login(user, expires_days)

                team = Team.get_or_none(owner_id=user.id)
                if team is None:
                    return self.redirect(self.reverse_url("club_create"))
                elif team.state == 0:
                    return self.redirect(self.reverse_url("club_wait_approve"))
                elif self.next_url:
                    return self.redirect(self.next_url)
                else:
                    return self.redirect(self.reverse_url("club_home"))

        messages = [('danger', '登录失败:账号或密码不正确')]
        self.render("login.html", form=form, messages=messages)
Exemplo n.º 2
0
    def validate_password(self, form):
        password = self.get_argument("password")
        if not password or \
                not User.check_password(self.current_user.password, password):
            form.password.errors = [ValidationError("旧密码不正确")]
            return False

        return True
Exemplo n.º 3
0
    def post(self):

        username = self.validated_arguments['username'].lower()
        password = self.validated_arguments['password']

        if len(username) == 0 or len(password) == 0:
            raise ApiException(400, "用户名和密码不能为空")

        fail_times_key = "yiyun:user:%s:login_fail_times" % username
        if intval(self.redis.get(fail_times_key)) >= 5:
            raise ApiException(403, "密码错误次数太多,请休息10分钟再试")

        if is_mobile(username):
            user = User.get_or_none(mobile=username)

        elif username.find('@') > 0:
            user = User.get_or_none(email=username)

        else:
            raise ApiException(400, "用户名格式不正确,请填写手机号或电子邮箱")

        if not password or not user \
                or not User.check_password(user.password, password):

            fail_times = intval(self.redis.incr(fail_times_key))
            if fail_times == 1:
                self.redis.expire(fail_times_key, 600)

            raise ApiException(403, "密码有误,如果没有设置密码请使用手机号找回密码")

        # 重试次数归零
        self.redis.delete(fail_times_key)

        if not user.is_active():
            raise ApiException(403, "你的账户不可用,无法登录")

        update = {"last_login": datetime.now()}

        if self.device_id > 0:
            update["last_device_id"] = self.device_id

        User.update(**update).where(User.id == user.id).execute()

        if user and self.device_id:
            Device.update(owner_id=user.id).where(
                Device.id == self.device_id).execute()

        self.write(self.create_session(user))
Exemplo n.º 4
0
    def test_reset_password(self):
        user = User.create(name='test4',
                           mobile="13838003804",
                           password=User.create_password("123456"))

        new_password = "******"
        url = "api/2/auth/reset_password"
        body = {
            "username": "******",
            "verify_code": "8888",
            "new_password": new_password
        }

        response = self.fetch(url, method="POST", body=json.dumps(body))
        self.assertEqual(200, response.code, response.body.decode())

        user = User.get(id=user.id)
        result = User.check_password(user.password, new_password)
        self.assertEqual(True, result, result)
Exemplo n.º 5
0
    def post(self):

        mobile = self.validated_arguments['mobile']
        action = self.validated_arguments['action']

        sent_times_key = "yiyun:mobile:%s:code_sent_times" % mobile
        if intval(self.redis.get(sent_times_key)) >= 5:
            raise ApiException(400, "你已重发5次,请稍后再试")

        # 有效期内发送相同的验证码
        verify_code = random.randint(1000, 9999)
        logging.debug('verify code for mobile[{0}]: {1}'.format(
            mobile, verify_code))
        is_registered = User.select().where(User.mobile == mobile).exists()

        if action == "register" and is_registered:
            raise ApiException(1020, "手机号码已注册", status_code=400)

        if action in ('register_or_login', 'register', 'login'):
            # 保存验证码
            self.save_verify_code(mobile, verify_code)

            # 发短信
            if not self.settings["debug"]:
                tasks.message.send_sms_verifycode(mobile, verify_code)

            self.write_success(is_registered=is_registered)

        elif action == "forgot":

            if not is_registered:
                raise ApiException(400, "手机号码没有注册")

            # 保存验证码
            self.save_verify_code(mobile, verify_code)

            # 发短信
            tasks.message.send_sms_verifycode(mobile, verify_code)

            self.write_success()

        elif action == "update_mobile":

            if not self.current_user:
                raise ApiException(403, "登录后才能修改手机号")

            if is_registered:
                raise ApiException(403, "该号码已经使用,请更换")

            if self.current_user.password and \
                    not User.check_password(self.current_user.password,
                                            self.validated_arguments["password"]):
                raise ApiException(403, "密码不正确,不能修改手机号")

            # 保存验证码
            self.save_verify_code(mobile, verify_code)

            # 发短信
            tasks.message.send_sms_verifycode(mobile, verify_code)

            # 关联验证码与当前用户
            self.redis.set(
                "yiyun:update_mobile:%s:verify_code:%s" %
                (mobile, verify_code), self.current_user.id)

            # 30分钟内有效
            self.redis.expire(
                "yiyun:update_mobile:%s:verify_code:%s" %
                (mobile, verify_code), 1800)

            self.write_success()

        # 30分钟内最多发送5次验证码
        sent_times = intval(self.redis.incr(sent_times_key))
        if sent_times == 1:
            self.redis.expire(sent_times_key, 1800)