def get_token():
if g.current_user.is_anonymous or g.token_used:
return unauthorized('无效认证')
return jsonify({
'token': g.current_user.generate_auth_token(expiration=3600),
'expiration': 3600
})
def add_user():
data = request.json['data']
try:
token_data = rsa_cipher.decrypt(data)
except cryptography.exceptions.InvalidKey:
return unauthorized('invalid public key')
username = token_data.split(':')[0]
password = token_data.split(':')[1]
user_query = User.query.filter_by(email=username).first()
if user_query is not None:
return not_acceptable('user already exists')
else:
random_user_name = ''.join(
random.SystemRandom().choice(string.ascii_uppercase +
string.digits +
string.ascii_lowercase)
for _ in range(7))
user = User(email=username,
username=random_user_name,
password=password)
db.session.add(user)
response = jsonify({'message': 'success'})
response.status_code = 200
return response
def get_token():
if g.current_user.is_anonymous or g.token_used:
return unauthorized('暂未认证的账户')
# 视图函数返回 JSON 格式的响应,其中
# 包含了过期时间为 1 小时的令牌
return jsonify({'token': g.current_user.generate_auth_token(
expiration=3600), 'expiration': 3600})
def get_token():
if g.current_user.is_anonymous or g.token_used:
return unauthorized('Invalid credentials')
return jsonify({
'token': g.current_user.generate_auth_token(),
'expiration': 3600
})
def decorated(*args, **kwargs):
"""
Wrapper to check user authorization
"""
# verify token
token = None
#check if x-access-token which is used to store the token is
# in headers
if 'x-access-token' in request.headers:
token = request.headers['x-access-token']
if not token:
return unauthorized('Token missing')
if token in black_list:
return unauthorized('You need to login!')
try:
data = jwt.decode(token, current_app.config.get('SECRET_KEY'))
current_user = User.get_user(users_list, data['id'])
except:
return unauthorized('Token is invalid')
return f(current_user, *args, **kwargs)
def get_user():
try:
token_flag = g.token_used
except AttributeError:
return forbidden('Unconfirmed account')
else:
if token_flag:
user = g.current_user
return jsonify(user.to_json())
else:
return unauthorized('Invalid credentials')
def reset_password():
data = request.json['data']
try:
token_data = rsa_cipher.decrypt(data)
except cryptography.exceptions.InvalidKey:
return unauthorized('invalid public key')
password = token_data
user = User.query.filter_by(id=g.current_user.id).first()
is_success = user.reset_password(password)
if is_success:
response = jsonify({'message': 'success'})
response.status_code = 200
return response
else:
return bad_request('db is not corresponding')
def reset_password(current_user):
"""Resets user password"""
if not current_user:
return unauthorized('You are not allowed to perform this action')
username = str(request.data.get('Username', ''))
old_password = str(request.data.get('Previous Password', ''))
new_password = str(request.data.get('New Password', ''))
if username and old_password and new_password:
update_user = User.reset_password(users_list, username, old_password, \
new_password)
if update_user:
response = jsonify({
"Message":"Successfuly changed password"
})
response.status_code = 200
return response
else:
return forbidden(update_user)
else:
return bad_request("Provide all fields")
def reset_username():
data = request.json['data']
try:
token_data = rsa_cipher.decrypt(data)
except cryptography.exceptions.InvalidKey:
return unauthorized('invalid public key')
username = token_data
user_query = User.query.filter_by(username=username).first()
if user_query is not None:
return not_acceptable('username already exists')
else:
user = User.query.filter_by(id=g.current_user.id).first()
user.reset_username(username)
response = jsonify({'message': 'success'})
response.status_code = 200
return response
def get_score():
score_type = request.args.get('score_type')
if g.current_user.is_anonymous:
return unauthorized('Invalid credentials')
user_code = g.current_user.user_code
if user_code is None:
response = jsonify({'error': '该用户没有用户代号'})
response.status_code = 404
return response
try:
sc = ScoreCatcher()
score = sc.get_score(g.current_user.school_code,
user_code,
score_type=score_type)
except ScoreException as e:
response = jsonify({'error': str(e)})
response.status_code = 404
return response
except NetException:
response = jsonify({'error': '教务系统出现网络问题'})
response.status_code = 502
return response
return jsonify(score)
def api_auth_error():
return unauthorized('Invalid credentials')
def auth_error():
return unauthorized('网络凭证不正确!')
def get_token():
if g.current_user.is_anonymous or g.token_used:
return unauthorized('Invalid credentials')
return jsonify({
'token':g.current_user.generate_auth_token(expiration=3600),
'expiration':3600})
def auth_error():
return unauthorized('Invalid credentials')
def unauthorized_access(e):
if request.accept_mimetypes.accept_json and \
not request.accept_mimetypes.accept_html:
return unauthorized('Unauthorized')
return render_template('401.html'), 401
def auth_error():
return unauthorized('无效认证')
def get_token():
if g.current_user.is_anonymous or g.token_used:
return unauthorized('Invalid credentials')
timed_key = token_authentication.generate_auth_token(g.current_user,
expiration=3600)
return jsonify({'token': timed_key, 'expiration': 3600})