Пример #1
0
async def put(request, oid):
    # 检查必填参数
    checkParam(['account', 'old_password', 'new_password'], request)

    # 检查密码是否符合要求
    oldPw = rsaDecrypt(KEY_PATH, request['old_password'])
    newPw = rsaDecrypt(KEY_PATH, request['new_password'])
    newPwLen = len(newPw)
    if oldPw == newPw:
        return fail('新密码不能与原密码相同')
    if newPwLen < 6 or newPwLen > 16:
        return fail('密码长度不能小于6位或大于16位')
    if not re.match(r'^[a-zA-Z0-9_]+$', newPw):
        return fail('密码只能是大小写字母加数字以及下划线的组合')

    # 检查原密码和数据库存储密码是否一致
    saveManage = getItem('manages', oid)
    savePw = rsaDecrypt(KEY_PATH, saveManage['password'])
    if oldPw != savePw:
        return fail('原密码不正确')

    # 检查用户名是否被修改
    account = request['account']
    if account != saveManage['username']:
        return fail('用户名不能被修改')

    # 将参数整理为数据库所需字段
    request['username'] = request.pop('account')
    request['password'] = request.pop('new_password')
    request.pop('old_password')
Пример #2
0
async def login(request):
    dat = request.json
    manageData = {'username': '******', 'password': '******'}

    res = fail('参数错误', 400)

    # 检查入参是否正确
    if not checkParam(['account', 'password'], dat):
        del res.cookies['session']
        return res

    # 从传参中解密密码
    password = rsaDecrypt(PRIVATE_KEY_PATH, dat['password'])

    # 检查用户名密码是否正确
    if dat['account'] != manageData['username'] \
            or password != manageData['password']:
        res = fail('用户名或密码错误', 400)
        del res.cookies['session']
        return res

    # 正常处理
    token = makeToken(dat['account'], 'manage')
    res = ok(token)
    res.cookies['session'] = token
    res.cookies['session']['httponly'] = True

    return res
Пример #3
0
async def login(request):

    # 先检查参数是否正确
    req = json.loads(request.body)
    checkParam(['account', 'password'], req)

    # 根据用户名,从数据库中读取管理员信息
    accRes = json.loads(rest.ls({'username': req['account']}, 'manages').body)

    # 判断查询结果是否正常
    if accRes['status'] == 0:

        # 判断是否查到该管理员
        if len(accRes['data']['list']) >= 1:

            # 处理管路员密码
            acc = accRes['data']['list'][0]
            accPw = rsaDecrypt(KEY_PATH, acc['password'])
            reqPw = rsaDecrypt(KEY_PATH, req['password'])
            reqPwLen = len(reqPw)
            if reqPwLen < 6 or reqPwLen > 16:
                res =  fail('密码长度为 6-16 位')
                del res.cookies['session']
                return res
            elif accPw != reqPw:
                res =  fail('密码不正确')
                del res.cookies['session']
                return res
            else:
                session = makeSession(req['account'], 'manage')
                res = ok('登录成功')
                res.cookies['session'] = session
                res.cookies['session']['httponly'] = True
                return res
        else:
            res = fail('用户名不正确')
            del res.cookies['session']
            return res
    else:
        return fail('服务器内部错误', 503)
Пример #4
0
async def post(request):
    data = request['data']
    for i in data:
        # 检查必填参数
        if not checkParam(['account', 'password'], i):
            return fail('参数错误', 400)

        account = i['account']
        # 检查添加的用户名在数据库中是否存在
        saveData = getList({'username': account}, 'manages')
        if saveData != 1 and saveData['total'] >= 1:
            return fail('数据库已有用户名为' + account + '的管理员', 400)
        # 数据库存储字段名为 username 所以这里要改名
        i['username'] = i.pop('account')