def r_reset_password(token): args_rules = [ Rules.TOKEN.value ] try: ji.Check.previewing(args_rules, {'token': token}) token = Utils.verify_token(token, audience='r_reset_password') user = User() user.id = token['uid'] user.get() args_rules = [ Rules.PASSWORD.value ] user.password = request.json.get('password') ji.Check.previewing(args_rules, user.__dict__) user.password = ji.Security.ji_pbkdf2(user.password) user.update() except (ji.PreviewingError, ji.JITError), e: return json.loads(e.message)
def r_before_request(): try: g.ts = ji.Common.ts() if not is_not_need_to_auth(request.endpoint) and request.blueprint is not None and request.method != 'OPTIONS': g.config = Config() g.config.id = 1 g.config.get() token = session.get('token', '') g.token = Utils.verify_token(token) user = User() user.id = g.token['uid'] try: user.get() except ji.PreviewingError, e: # 如果该用户获取失败,则清除该用户对应的session。因为该用户可能已经被删除。 for key in session.keys(): session.pop(key=key) return json.loads(e.message) except ji.JITError, e: ret = json.loads(e.message) if ret['state']['code'] == '404': return redirect(location=url_for('v_config.create'), Response=Response) if ret['state']['sub']['code'] in ['41208']: return redirect(location=url_for('v_misc.login'), Response=Response) return ret