def manager_user():
grade = request.args.get('grade', '2')
if grade == '1':
users = User.objects(is_admin='1').all()
else:
users = User.objects(is_admin='2').all()
page = request.args.get('page', 1, int)
pagination = users.paginate(page, 10)
targets = pagination.items
return render_template('admin/manager_user.html', pagination=pagination, targets=targets)
def validate_token(user, token, operation, new_password=None):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except (SignatureExpired, BadSignature):
return False
if operation != data.get('operation') or str(user.pk) != data.get('id'):
return False
if operation == 'confirm':
user.confirmed = True
elif operation == 'reset-password':
user.set_password(new_password)
elif operation == 'change_email':
new_email = data.get('new_email')
if new_email is None:
return False
if User.objects(email=new_email).first() is not None:
return False
user.email = new_email
else:
return False
user.save()
return True
def upgrade(user_id):
form = UpgradeForm()
user = User.objects(pk=user_id).first()
if form.validate_on_submit():
user.update(is_admin=form.is_admin.data)
flash('修改管理成功', 'success')
return redirect(url_for('admin.manager_user'))
form.is_admin.data = user.is_admin
return render_template('admin/upgrade.html', form=form)
def forget_password():
if current_user.is_authenticated:
return redirect(url_for('base'))
form = ForgetPasswordForm()
if form.validate_on_submit():
user = User.objects(email=form.email.data.lower()).first()
if user:
token = generate_token(user=user, operation='reset-password')
send_reset_password_email(user=user, token=token)
flash('重置密码邮件已发送,请到邮箱中确认', 'info')
return redirect(url_for('user.login'))
flash('该邮箱不存在', 'warning')
return redirect(url_for('user.forget_password'))
return render_template('user/reset_password.html', form=form)
def test_register(self):
self.logout()
email = '*****@*****.**'
username = '******'
password = '******'
password2 = '1234567a'
res = self.client.post(url_for('user.register'),
data=dict(email=email,
username=username,
password=password,
password2=password2),
follow_redirects=True)
data = res.get_data(as_text=True)
user = User.objects(username='******').first()
user.delete()
self.assertEqual(res.status_code, 200)
self.assertIn('确认邮件已发送,请检查您的收件箱', data)
def login():
if current_user.is_authenticated:
return redirect(url_for('base'))
form = LoginForm()
if form.validate_on_submit():
user = User.objects(email=form.email.data).first()
if user:
if user.validate_password(form.password.data):
login_user(user, form.remember_me.data)
flash('欢迎回来.', 'info')
return redirect_back()
else:
flash('密码错误', 'warning')
return redirect(url_for('user.login'))
else:
flash('帐号不存在', 'warning')
return redirect(url_for('user.login'))
return render_template('user/login.html', form=form)
def reset_password(token):
if current_user.is_authenticated:
return redirect(url_for('base'))
form = ResetPasswordForm()
if form.validate_on_submit():
user = User.objects(email=form.email.data.lower()).first()
if user is None:
flash('邮箱不存在', 'warning')
return redirect(url_for('base'))
if validate_token(user=user,
token=token,
operation='reset-password',
new_password=form.password.data):
flash('重置密码成功', 'success')
return redirect(url_for('user.login'))
else:
flash('无效或者过期的链接', 'danger')
return redirect(url_for('user.forget_password'))
return render_template('user/reset_password.html', form=form)
def validate_username(self, field):
if User.objects(username=field.data).first():
raise ValidationError('帐号已经存在')
def validate_email(self, field):
if User.objects(email=field.data.lower()).first():
raise ValidationError('该邮箱已被注册')