Пример #1
0
    def post(self):

        username = self.validated_arguments['username']
        verify_code = self.validated_arguments['verify_code']
        new_password = self.validated_arguments['new_password']

        if is_mobile(username):
            if not self.verify_mobile(username, verify_code):
                raise ApiException(400, "验证码错误,请重新输入")

            user = User.get_or_none(mobile=username)
            if not user:
                raise ApiException(400, "手机号还没有注册")

            User.update(password=User.create_password(new_password)).where(
                User.id == user.id).execute()

        elif username.find("@") > 0:

            user = User.get_or_none(email=username)
            if not user:
                raise ApiException(400, "邮箱还没有注册")

            User.update(password=User.create_password(new_password)).where(
                User.id == user.id).execute()

        else:
            raise ApiException(400, "用户名格式有误,请填写手机号或电子邮箱")

        self.write_success()
Пример #2
0
    def post(self):

        mobile = self.validated_arguments['mobile']
        verify_code = self.validated_arguments['verify_code']

        if not self.verify_mobile(mobile, verify_code):
            raise ApiException(400, "验证码错误,请重新输入")

        user = User.get_or_none(mobile=mobile)

        if not user:
            with self.db.transaction() as txn:
                user = User.create(
                    mobile=mobile,
                    mobile_verifyed=True,
                    reg_device_id=self.device_id,
                    last_device_id=self.device_id,
                    last_login=datetime.now(),
                )

        else:
            update = {"last_login": datetime.now()}

            if self.device_id > 0:
                update["last_device_id"] = self.device_id

            User.update(**update).where(User.id == user.id).execute()

        if user and self.device_id:
            User.update_device(user.id, self.device_id)

        self.write(self.create_session(user))
Пример #3
0
    def login(self, user: User, expires_days: int = None):
        self.set_secure_cookie("club_session",
                               tornado.escape.json_encode({
                                   "id": user.id,
                               }),
                               expires_days=expires_days)

        User.update(last_login=datetime.now()).where(
            User.id == user.id).execute()
Пример #4
0
    def patch(self, user_id):
        user = User.get_or_404(id=user_id)
        self.has_update_permission(user)

        form = self.validated_arguments
        if not form:
            raise ApiException(400, "填写需要修改的属性和值")

        User.update(**form).where(User.id == user_id).execute()
        self.set_status(204)
Пример #5
0
    def post(self):
        form = MobileResetPasswordForm(self.arguments)

        if form.validate() and self.validate_verify_code(form):
            User.update(password=User.create_password(
                self.get_argument("password"))).where(
                    User.mobile == self.get_argument("mobile")).execute()

            self.flash("重置密码成功,请使用新密码登录")
            self.redirect(self.reverse_url("club_auth_login"))

        self.render("password/mobile_reset_password.html", form=form)
Пример #6
0
    def post(self):

        username = self.validated_arguments['username'].lower()
        password = self.validated_arguments['password']

        if len(username) == 0 or len(password) == 0:
            raise ApiException(400, "用户名和密码不能为空")

        fail_times_key = "yiyun:user:%s:login_fail_times" % username
        if intval(self.redis.get(fail_times_key)) >= 5:
            raise ApiException(403, "密码错误次数太多,请休息10分钟再试")

        if is_mobile(username):
            user = User.get_or_none(mobile=username)

        elif username.find('@') > 0:
            user = User.get_or_none(email=username)

        else:
            raise ApiException(400, "用户名格式不正确,请填写手机号或电子邮箱")

        if not password or not user \
                or not User.check_password(user.password, password):

            fail_times = intval(self.redis.incr(fail_times_key))
            if fail_times == 1:
                self.redis.expire(fail_times_key, 600)

            raise ApiException(403, "密码有误,如果没有设置密码请使用手机号找回密码")

        # 重试次数归零
        self.redis.delete(fail_times_key)

        if not user.is_active():
            raise ApiException(403, "你的账户不可用,无法登录")

        update = {"last_login": datetime.now()}

        if self.device_id > 0:
            update["last_device_id"] = self.device_id

        User.update(**update).where(User.id == user.id).execute()

        if user and self.device_id:
            Device.update(owner_id=user.id).where(
                Device.id == self.device_id).execute()

        self.write(self.create_session(user))
Пример #7
0
    def post(self):
        form = ChangePasswordForm(self.arguments)

        if form.validate() and self.validate_password(form):

            User.update(
                password=User.create_password(self.get_argument("newPassword"))
            ).where(
                User.id == self.current_user.id
            ).execute()

            self.flash("修改密码成功!", category='success')
            self.redirect(self.reverse_url("club_account_change_password"))
            return

        self.render("account/change_password.html", form=form)
Пример #8
0
    def sync_user_info(self, extra_fields):
        """ 同步报名信息到用户信息
        """

        update_user_attrs = {}
        if not self.current_user.name and extra_fields.get("nickname", None):
            update_user_attrs['name'] = extra_fields['nickname']

        if self.current_user.gender not in ('f', 'm') and \
                extra_fields.get("gender", None):
            update_user_attrs['gender'] = extra_fields['gender']

        if update_user_attrs:
            User.update(
                **update_user_attrs
            ).where(
                User.id == self.current_user.id
            ).execute()
Пример #9
0
    def post(self):
        form = ChangeMobileForm(self.arguments)

        if form.validate() \
                and self.validate_password(form) \
                and self.validate_mobile(form):

            User.update(
                mobile=self.get_argument("mobile")
            ).where(
                User.id == self.current_user.id
            ).execute()

            self.flash("修改手机号成功!", category='success')
            self.redirect(self.reverse_url("club_change_mobile"))
            return

        self.validate_password(form)

        self.render("account/change_mobile.html", form=form)
Пример #10
0
def update_avatar_by_url(user_id, avatar_url):

    r = requests.get(avatar_url)

    if r.status_code != 200:
        return

    avatar_key = "user:%s%s" % (user_id, time.time())
    avatar_key = hashlib.md5(avatar_key).hexdigest()

    avatar_bucket = app.settings['qiniu_avatar_bucket']

    ret, info = qiniu_tool.put_data(avatar_bucket,
                                    avatar_key,
                                    r.content,
                                    mime_type="image/jpeg",
                                    check_crc=True)
    if not ret:
        raise Exception("上传头像失败")

    # 记录保存仓库和位置
    avatar_key = "qiniu:%s:%s" % (avatar_bucket, avatar_key)

    User.update(avatar_key=avatar_key).where(User.id == user_id).execute()
Пример #11
0
    def register_or_login(self, service, openid, access_token, expires_in,
                          nickname, gender, head_url, auth_data):

        try:
            user = User.select().join(
                UserAuthData,
                on=(UserAuthData.user_id == User.id
                    )).where((UserAuthData.service == service)
                             & (UserAuthData.openid == openid)).get()

        except User.DoesNotExist:
            user = None

        if self.current_user:

            # 已绑定到其它账号
            if user and user.id != self.current_user.id:
                raise ApiException(
                    403,
                    "此%s账号已被其他用户使用" % UserAuthData.get_service_name(service))

            # 已绑定到自己账号
            elif user and user.id == self.current_user.id:
                UserAuthData.update(
                    access_token=access_token,
                    expires_in=expires_in,
                    userinfo=auth_data).where(
                        (UserAuthData.service == service)
                        & (UserAuthData.user_id == user.id)).execute()

            # 已绑定其它账号
            elif UserAuthData.select().where(
                (UserAuthData.service == service)
                    & (UserAuthData.user_id == self.current_user.id)
                    & (UserAuthData.openid != openid)).exists():

                raise ApiException(
                    403, "你已绑定其他%s账号" % UserAuthData.get_service_name(service))

            # 已登录执行绑定
            else:
                UserAuthData.create(service=service,
                                    user_id=self.current_user.id,
                                    openid=openid,
                                    nickname=nickname,
                                    access_token=access_token,
                                    expires_in=expires_in,
                                    userinfo=auth_data)

                if self.device_id > 0:
                    User.update(last_device_id=self.device_id).where(
                        User.id == self.current_user.id).execute()

            self.write(self.create_session(self.current_user))

        else:
            # 已注册用户直接登录
            if user:
                update = {"last_login": datetime.now()}

                if self.device_id > 0:
                    update["last_device_id"] = self.device_id

                User.update(**update).where(User.id == user.id).execute()

                UserAuthData.update(
                    access_token=access_token,
                    expires_in=expires_in,
                    userinfo=auth_data).where(
                        (UserAuthData.service == service)
                        & (UserAuthData.user_id == user.id)).execute()

            # 未注册用户先注册
            else:

                with self.db.transaction() as txn:
                    if User.select().where(User.name == nickname).exists():
                        if nickname == "qzuser":
                            name = "%s_%s" % (nickname,
                                              random.randint(100000, 999999))
                        else:
                            name = "%s_%s" % (nickname, random.randint(
                                100, 999))

                    else:
                        name = nickname

                    user = User.create(
                        name=name,
                        gender=gender,
                        mobile_verifyed=False,
                        password=None,
                        reg_device_id=self.device_id,
                        last_device_id=self.device_id,
                        last_login=datetime.now(),
                        im_username=create_token(32).lower(),
                        im_password=create_token(16),
                    )

                    UserAuthData.create(service=service,
                                        user_id=user.id,
                                        openid=openid,
                                        nickname=nickname,
                                        access_token=access_token,
                                        expires_in=expires_in,
                                        userinfo=auth_data)

                    # 将手机好加到 redis, 匹配好友需要
                    if user.mobile:
                        self.redis.sadd('mobile:registered', user.mobile)

                    # 从第三方下载头像
                    if head_url:
                        tasks.user.update_avatar_by_url.delay(
                            user.id, head_url)

            if user and self.device_id:
                Device.update(owner_id=user.id).where(
                    Device.id == self.device_id).execute()

            self.write(self.create_session(user))