def post(self): form = LoginForm(self.arguments) if form.validate(): user = self.have_user(form.username.data) if user and User.check_password(user.password, form.password.data): remember_me = self.get_argument("remember", "off") if remember_me == "on": expires_days = 30 else: expires_days = None self.login(user, expires_days) team = Team.get_or_none(owner_id=user.id) if team is None: return self.redirect(self.reverse_url("club_create")) elif team.state == 0: return self.redirect(self.reverse_url("club_wait_approve")) elif self.next_url: return self.redirect(self.next_url) else: return self.redirect(self.reverse_url("club_home")) messages = [('danger', '登录失败:账号或密码不正确')] self.render("login.html", form=form, messages=messages)
def validate_password(self, form): password = self.get_argument("password") if not password or \ not User.check_password(self.current_user.password, password): form.password.errors = [ValidationError("旧密码不正确")] return False return True
def post(self): username = self.validated_arguments['username'].lower() password = self.validated_arguments['password'] if len(username) == 0 or len(password) == 0: raise ApiException(400, "用户名和密码不能为空") fail_times_key = "yiyun:user:%s:login_fail_times" % username if intval(self.redis.get(fail_times_key)) >= 5: raise ApiException(403, "密码错误次数太多,请休息10分钟再试") if is_mobile(username): user = User.get_or_none(mobile=username) elif username.find('@') > 0: user = User.get_or_none(email=username) else: raise ApiException(400, "用户名格式不正确,请填写手机号或电子邮箱") if not password or not user \ or not User.check_password(user.password, password): fail_times = intval(self.redis.incr(fail_times_key)) if fail_times == 1: self.redis.expire(fail_times_key, 600) raise ApiException(403, "密码有误,如果没有设置密码请使用手机号找回密码") # 重试次数归零 self.redis.delete(fail_times_key) if not user.is_active(): raise ApiException(403, "你的账户不可用,无法登录") update = {"last_login": datetime.now()} if self.device_id > 0: update["last_device_id"] = self.device_id User.update(**update).where(User.id == user.id).execute() if user and self.device_id: Device.update(owner_id=user.id).where( Device.id == self.device_id).execute() self.write(self.create_session(user))
def test_reset_password(self): user = User.create(name='test4', mobile="13838003804", password=User.create_password("123456")) new_password = "******" url = "api/2/auth/reset_password" body = { "username": "******", "verify_code": "8888", "new_password": new_password } response = self.fetch(url, method="POST", body=json.dumps(body)) self.assertEqual(200, response.code, response.body.decode()) user = User.get(id=user.id) result = User.check_password(user.password, new_password) self.assertEqual(True, result, result)
def post(self): mobile = self.validated_arguments['mobile'] action = self.validated_arguments['action'] sent_times_key = "yiyun:mobile:%s:code_sent_times" % mobile if intval(self.redis.get(sent_times_key)) >= 5: raise ApiException(400, "你已重发5次,请稍后再试") # 有效期内发送相同的验证码 verify_code = random.randint(1000, 9999) logging.debug('verify code for mobile[{0}]: {1}'.format( mobile, verify_code)) is_registered = User.select().where(User.mobile == mobile).exists() if action == "register" and is_registered: raise ApiException(1020, "手机号码已注册", status_code=400) if action in ('register_or_login', 'register', 'login'): # 保存验证码 self.save_verify_code(mobile, verify_code) # 发短信 if not self.settings["debug"]: tasks.message.send_sms_verifycode(mobile, verify_code) self.write_success(is_registered=is_registered) elif action == "forgot": if not is_registered: raise ApiException(400, "手机号码没有注册") # 保存验证码 self.save_verify_code(mobile, verify_code) # 发短信 tasks.message.send_sms_verifycode(mobile, verify_code) self.write_success() elif action == "update_mobile": if not self.current_user: raise ApiException(403, "登录后才能修改手机号") if is_registered: raise ApiException(403, "该号码已经使用,请更换") if self.current_user.password and \ not User.check_password(self.current_user.password, self.validated_arguments["password"]): raise ApiException(403, "密码不正确,不能修改手机号") # 保存验证码 self.save_verify_code(mobile, verify_code) # 发短信 tasks.message.send_sms_verifycode(mobile, verify_code) # 关联验证码与当前用户 self.redis.set( "yiyun:update_mobile:%s:verify_code:%s" % (mobile, verify_code), self.current_user.id) # 30分钟内有效 self.redis.expire( "yiyun:update_mobile:%s:verify_code:%s" % (mobile, verify_code), 1800) self.write_success() # 30分钟内最多发送5次验证码 sent_times = intval(self.redis.incr(sent_times_key)) if sent_times == 1: self.redis.expire(sent_times_key, 1800)