def activate(user_id, token):
"""激活用户"""
user = User.query.get_or_404(user_id)
if token == hashlib.sha1(user.name).hexdigest():
user.is_new = False
db.session.add(user)
db.session.commit()
signin_user(user, True)
flash('账号激活成功!')
return redirect(url_for('site.index'))
flash('无效的激活链接')
return redirect(url_for('site.index'))
def activate(user_id, token):
"""激活用户"""
user = User.query.get_or_404(user_id)
if token == hashlib.sha1(user.name).hexdigest():
user.is_new = False
db.session.add(user)
db.session.commit()
signin_user(user, True)
flash('账号激活成功!')
return redirect(url_for('site.index'))
flash('无效的激活链接')
return redirect(url_for('site.index'))
def signin():
"""通过豆瓣OAuth登陆"""
# get current authed user id
code = request.args.get('code')
if not code:
return redirect(url_for('site.index'))
url = "https://www.douban.com/service/auth2/token"
config = current_app.config
data = {
'client_id': config.get('DOUBAN_CLIENT_ID'),
'client_secret': config.get('DOUBAN_SECRET'),
'redirect_uri': config.get('DOUBAN_REDIRECT_URI'),
'grant_type': 'authorization_code',
'code': code
}
headers = {
'User-Agent': 'request'
}
res = requests.post(url, data=data, headers=headers).json()
if 'douban_user_id' not in res:
return redirect(url_for('site.index'))
user_id = int(res['douban_user_id'])
user = User.query.get(user_id)
if user:
if user.is_banned:
flash('账户已被禁用')
return redirect(url_for('site.index'))
if user.is_new:
flash('账户尚未激活,请登陆邮箱激活账户')
return redirect(url_for('site.index'))
flash('欢迎来到西窗烛')
signin_user(user, True)
redirect_url = session.get('referer') or url_for('site.index')
session.pop('referer')
return redirect(redirect_url)
# 通过加密的session传递user_id数据,防止恶意注册
session['signup_user_id'] = user_id
return redirect(url_for('.signup'))
def signin():
"""通过豆瓣OAuth登陆"""
# get current authed user id
code = request.args.get('code')
if not code:
return redirect(url_for('site.index'))
url = "https://www.douban.com/service/auth2/token"
config = current_app.config
data = {
'client_id': config.get('DOUBAN_CLIENT_ID'),
'client_secret': config.get('DOUBAN_SECRET'),
'redirect_uri': config.get('DOUBAN_REDIRECT_URI'),
'grant_type': 'authorization_code',
'code': code
}
headers = {'User-Agent': 'request'}
res = requests.post(url, data=data, headers=headers).json()
if 'douban_user_id' not in res:
return redirect(url_for('site.index'))
user_id = int(res['douban_user_id'])
user = User.query.get(user_id)
if user:
if user.is_banned:
flash('账户已被禁用')
return redirect(url_for('site.index'))
if user.is_new:
flash('账户尚未激活,请登陆邮箱激活账户')
return redirect(url_for('site.index'))
flash('欢迎来到西窗烛')
signin_user(user, True)
redirect_url = session.get('referer') or url_for('site.index')
session.pop('referer')
return redirect(redirect_url)
# 通过加密的session传递user_id数据,防止恶意注册
session['signup_user_id'] = user_id
return redirect(url_for('.signup'))
