def test_validate_phone(self):
phone = '18618193877'
r = validate_phone(phone)
self.assertEqual(r, errors.err_ok)
phone = '186181938771'
r = validate_phone(phone)
self.assertEqual(r, errors.err_invalid_phone_number)
phone = '1861819381'
r = validate_phone(phone)
self.assertEqual(r, errors.err_invalid_phone_number)
def validate_mobile(self, field):
if errors.err_ok != validate_phone(field.data):
raise validators.StopValidation(message=u'手机号错误')
user = Account.get_by_alias(field.data)
if user and not user.need_verify():
raise validators.StopValidation(message=u'手机号已被注册 试试直接登录吧')
def validate_reset_password_asker(alias):
if not alias:
raise AccountAliasValidationError()
reg_type = get_reg_type_from_alias(alias)
if reg_type == ACCOUNT_REG_TYPE.EMAIL:
if validate_email(alias) != errors.err_ok:
raise UnsupportedAliasError()
if alias.strip().endswith(INSECURE_EMAIL_DOMAINS):
raise InsecureEmailError()
elif reg_type == ACCOUNT_REG_TYPE.MOBILE:
if validate_phone(alias) != errors.err_ok:
raise UnsupportedAliasError()
else:
raise UnsupportedAliasError()
user = Account.get_by_alias(alias)
if not user:
raise AccountNotFoundError()
if user.status != ACCOUNT_STATUS.NORMAL:
raise AccountInactiveError()
return reg_type
def feedback():
error = ''
contact = None
content = None
if request.method == 'POST':
contact = request.form.get('contact')
content = request.form.get('content')
referer = request.environ.get('HTTP_REFERER')
if not contact:
return jsonify(r=False)
if not content:
return jsonify(r=False)
if (validate_value_len(contact, MAX_FEEDBACK_CONTACT_LEN)
!= errors.err_ok or validate_value_len(
content, MAX_FEEDBACK_CONTENT_LEN) != errors.err_ok):
error = errors.err_value_too_long
if (validate_email(contact) != errors.err_ok
and validate_phone(contact) != errors.err_ok):
error = errors.err_invalid_default_values
if not error:
content = escape(content)
# FIXME hidden danger of XSS here
# The user's content should be store into database directly,
# and displaying under the protection of Mako autoescape.
content += u' [来源:%s]' % referer
Feedback.add(contact, content)
return jsonify(r=True)
return jsonify(r=False, error=error)
def _validated(self, value):
value = value.strip()
result = validate_phone(value)
if result == err_invalid_phone_number:
raise ValidationError('该手机号无效,请修改后重试')
if result != err_ok:
raise ValueError(result)
return value
def pre_bind(mobile, is_send_sms=True):
user = Account.get_by_alias(mobile)
if validate_phone(mobile) != errors.err_ok:
raise BindError(u'非法的手机号')
if user and user.is_normal_account():
raise BindError(u'手机号已被使用')
request_bind(g.user.id, mobile, is_send_sms)
return True
def register():
mobile = request.form.get('mobile')
error = validate_phone(mobile)
code = request.cookies.get(INVITER_KEY)
if error != errors.err_ok:
return redirect(url_for('.invite', inviter=code))
user = Account.get_by_alias(mobile)
if user and not user.need_verify():
return redirect(url_for('.login', inviter=code))
return render_template('invite/register.html', mobile=mobile)
def validate_alias(self, field):
reg_type = get_reg_type_from_alias(field.data)
if not reg_type:
raise validators.StopValidation(message=u'手机号或邮箱错误')
if reg_type == ACCOUNT_REG_TYPE.EMAIL:
if not errors.err_ok == validate_email(field.data):
raise validators.StopValidation(message=u'邮箱错误')
elif reg_type == ACCOUNT_REG_TYPE.MOBILE:
if not errors.err_ok == validate_phone(field.data):
return validators.StopValidation(message=u'手机号错误')
def validate_mobile(self, field):
mobile = field.data
error = validate_phone(mobile)
if error != errors.err_ok:
raise validators.ValidationError(u'无效的手机号码')
ip_limiter.raise_for_exceeded(
key=request.remote_addr,
message=u'{granularity}内只能发起{amount}次注册,请稍后再试')
if not Account.get_by_alias(mobile):
raise validators.ValidationError(u'修改手机号后请重新获取验证码')
ip_limiter.hit(request.remote_addr)
def feedback():
error = ''
contact = None
content = None
if request.method == 'POST':
contact = request.form.get('contact')
content = request.form.get('content')
if (validate_value_len(contact, MAX_FEEDBACK_CONTACT_LEN)
!= errors.err_ok or validate_value_len(
content, MAX_FEEDBACK_CONTENT_LEN) != errors.err_ok):
error = errors.err_value_too_long
if (validate_email(contact) != errors.err_ok
and validate_phone(contact) != errors.err_ok):
error = errors.err_invalid_default_values
if not error:
Feedback.add(contact, escape(content))
return redirect('/feedback')
context = dict(error=error, contact=contact, content=content)
return render_template('about/feedback.html', **context)
def confirm_bind():
if not g.user:
return jsonify(r=False, error=u'登录会话已过期,请重新登录')
if g.user.mobile:
return jsonify(r=False, error=u'您已经绑定了手机号,无需再次绑定')
mobile = request.form.get('mobile')
code = request.form.get('code')
if validate_phone(mobile) != errors.err_ok:
return jsonify(r=False, error=u'无效的手机号')
try:
verify_bind(g.user.id, code)
confirm_mobile_bind(g.user.id, mobile)
except BindError as e:
return jsonify(r=False, error=e.args[0])
else:
log_binding(g.user.id, request, mobile)
return jsonify(r=True)
def create(cls, mobile, sms_kind, user_id=None, **sms_args):
"""为已注册用户发送短信"""
assert isinstance(sms_kind, ShortMessageKind)
if validate_phone(mobile) != errors.err_ok:
raise ValueError(u'invalid mobile %s' % mobile)
if sms_kind.need_verify:
if not (user_id and Account.get(user_id)):
raise ValueError(u'unable to verify user %s' % user_id)
v = Verify.add(user_id, sms_kind.verify_type,
sms_kind.verify_delta)
sms_args.update(verify_code=v.code)
sms = cls(uuid4().hex)
# simply check formatting
sms_kind.content.format(**sms_args)
sms.update_props_items({
u'receiver_mobile': mobile,
u'sms_kind_id': sms_kind.id_,
u'sms_args': sms_args
})
return sms
def get_user(username, password, *args, **kwargs):
rsyslog.send(u'login request, user id:%s, pass:%s' % (username, password),
tag='apiv1')
if errors.err_ok not in [
validate_email(username),
validate_phone(username)
]:
rsyslog.send(u'login validation error, user id:%s, pass:%s' %
(username, password),
tag='apiv1')
return
account = Account.get_by_alias(username)
account_id = account.id_ if account else 0
rsyslog.send(u'login account info, user id:%s, account id:%s' %
(username, account_id),
tag='apiv1')
if not account:
return
if not account.is_normal_account():
return
if not account.verify_password(password):
return
return account
def validate_phone(self, field):
error = validate_phone(field.data)
if error != errors.err_ok:
raise ValidationError(u'无效的手机号')
def __call__(self, form, field):
message = field.gettext(self.message)
error = validate_phone(field.data)
if error != errors.err_ok:
raise wtforms.validators.ValidationError(message)
def get_reg_type_from_alias(alias):
# only support mobile/email parse
if validate_phone(alias) == errors.err_ok:
return ACCOUNT_REG_TYPE.MOBILE
elif validate_email(alias) == errors.err_ok:
return ACCOUNT_REG_TYPE.EMAIL
