def post(self): response_data = { "next": self.get_argument("next", "/") } form = LoginForm(self.request.arguments) if form.validate(): email = form.email.data password = form.password.data encrypt_password = yield UserDocument.encrypt_password(password) user = yield UserDocument.find_one({ 'email': email, 'password': encrypt_password }) if user: if not user['activated']: response_data.update({ 'error': '该账号尚未被激活! 请登录该邮箱以激活该账号! ' '或者 <a href="#resend-activation-email-modal" ' 'class="red-color" id="resend-activation-email-link">' '重新发送激活邮件</a>' }) elif user['forbidden_login']: response_data.update({ 'error': '你的账号已于%s被冻结, 冻结时间为一周. 冻结原因: %s. 请你一周后再登录!' % ( user['forbidden_login_info'][-1]['time'].strftime('%m 月 %d 日 %H:%M'), user['forbidden_login_info'][-1]['reason'] ) }) else: if not Ejabberd.registered(user['_id']): Ejabberd.register(user['_id'], user['password']) session = self.session_manager.new_session() session.set('user_id', user['_id']) session.set( "ip", self.request.headers.get("X-Real-IP", None) ) session.set( 'user_agent', self.request.headers.get("User-Agent", None) ) # 添加httponly,防止javascript获得session_id self.set_secure_cookie( 'session_id', session.id, httponly=True ) else: response_data.update({'error': '邮箱或者密码错误!'}) else: for field in form.errors: response_data.update({'error': form.errors[field][0]}) break self.write_json(response_data)
def post(self): response_data = {"next": self.get_argument("next", "/")} form = LoginForm(self.request.arguments) if form.validate(): email = form.email.data password = form.password.data encrypt_password = yield UserDocument.encrypt_password(password) user = yield UserDocument.find_one({ 'email': email, 'password': encrypt_password }) if user: if not user['activated']: response_data.update({ 'error': '该账号尚未被激活! 请登录该邮箱以激活该账号! ' '或者 <a href="#resend-activation-email-modal" ' 'class="red-color" id="resend-activation-email-link">' '重新发送激活邮件</a>' }) elif user['forbidden_login']: response_data.update({ 'error': '你的账号已于%s被冻结, 冻结时间为一周. 冻结原因: %s. 请你一周后再登录!' % (user['forbidden_login_info'][-1]['time'].strftime( '%m 月 %d 日 %H:%M'), user['forbidden_login_info'][-1]['reason']) }) else: if not Ejabberd.registered(user['_id']): Ejabberd.register(user['_id'], user['password']) session = self.session_manager.new_session() session.set('user_id', user['_id']) session.set("ip", self.request.headers.get("X-Real-IP", None)) session.set('user_agent', self.request.headers.get("User-Agent", None)) # 添加httponly,防止javascript获得session_id self.set_secure_cookie('session_id', session.id, httponly=True) else: response_data.update({'error': '邮箱或者密码错误!'}) else: for field in form.errors: response_data.update({'error': form.errors[field][0]}) break self.finish(json.dumps(response_data))
def post(self): response_data = {} form = PasswordSetForm(self.request.arguments) if form.validate(): current_password = form.current_password.data new_password = form.new_password.data repeat_password = form.repeat_password.data encrypt_password = yield UserDocument.encrypt_password( current_password ) if self.current_user['password'] != encrypt_password: response_data.update({'error': '密码错误!'}) elif new_password != repeat_password: response_data.update({'error': '新密码与重复密码不一致!'}) else: new_password = yield UserDocument.encrypt_password( new_password ) yield UserDocument.update( {'_id': ObjectId(self.current_user['_id'])}, {'$set': {'password': new_password}} ) try: Ejabberd.unregister(self.current_user['_id']) Ejabberd.register(self.current_user['_id'], new_password) except: pass else: for field in form.errors: response_data.update({'error': form.errors[field][0]}) break self.write_json(response_data)
def post(self): form = PasswordResetPostForm(self.request.arguments) if not form: raise HTTPError(404) password = form.password.data session_id = self.get_secure_cookie('sid') if not session_id: raise HTTPError(404) self.session = self.session_manager.load_session(session_id) uid = self.session.get('uid') code = self.session.get('code') if not uid or not code: raise HTTPError(404) code = yield CodeDocument.find_one({ 'uid': ObjectId(uid), 'code': code }) if not code: raise HTTPError(404) user = yield UserDocument.find_one({'_id': ObjectId(uid)}) if not user: raise HTTPError(404) password = yield UserDocument.encrypt_password(password) yield UserDocument.update({'_id': user["_id"]}, {'$set': { 'password': password }}) yield CodeDocument.remove({'_id': ObjectId(code['_id'])}) try: Ejabberd.unregister(user['_id']) Ejabberd.register(user['_id'], password) except: pass self.session.clear() self.clear_cookie('sid') self.finish()
def post(self): form = PasswordResetPostForm(self.request.arguments) if not form: raise HTTPError(404) password = form.password.data session_id = self.get_secure_cookie('sid') if not session_id: raise HTTPError(404) self.session = self.session_manager.load_session(session_id) uid = self.session.get('uid') code = self.session.get('code') if not uid or not code: raise HTTPError(404) code = yield CodeDocument.find_one({ 'uid': ObjectId(uid), 'code': code }) if not code: raise HTTPError(404) user = yield UserDocument.find_one({'_id': ObjectId(uid)}) if not user: raise HTTPError(404) password = yield UserDocument.encrypt_password(password) yield UserDocument.update( {'_id': user["_id"]}, {'$set': {'password': password}} ) yield CodeDocument.remove({'_id': ObjectId(code['_id'])}) try: Ejabberd.unregister(user['_id']) Ejabberd.register(user['_id'], password) except: pass self.session.clear() self.clear_cookie('sid') self.finish()
def post(self): response_data = {} form = RegisterForm(self.request.arguments) if form.validate(): name = form.name.data email = form.email.data password = form.password.data if (yield UserDocument.find_one({'name': name})): response_data["error"] = "用户名已被占用" if (yield UserDocument.find_one({"email": email})): response_data["error"] = "邮箱已被注册" if not response_data: password = yield UserDocument.encrypt_password(password) document = { 'email': email, 'name': name, 'password': password, 'user_type': "person", 'register_date': datetime.now() } try: user_id = yield UserDocument.insert(document) except: raise HTTPError(500) # 头像初始化 avatar = open( os.path.join(APPLICATION_SETTINGS['static_path'], 'img/default.jpg')) content = avatar.read() avatar.close() document = { 'name': 'default.jpg', 'upload_time': datetime.now(), 'content_type': 'jpeg', 'owner': DBRef(UserDocument.meta['collection'], ObjectId(user_id)), 'content': Binary(content), 'thumbnail50x50': Binary(content), 'thumbnail180x180': Binary(content) } yield AvatarDocument.insert(document) # 用户设置初始化 _ = yield OfficialProfileCoverDocument.get_profile_cover_list() profile_cover = random.sample(_, 1)[0] document = { 'user': DBRef(UserDocument.meta['collection'], ObjectId(user_id)), 'profile_cover': DBRef(OfficialProfileCoverDocument.meta['collection'], ObjectId(profile_cover['_id'])) } yield UserSettingDocument.insert(document) # Ejabberd注册 try: Ejabberd.register(user_id, password) except: pass # 给用户发送验证邮件 document = { 'uid': user_id, 'code': CodeDocument.generate_code(), 'expired_time': datetime.now() + timedelta(days=USER_SETTINGS['code_expired_after']) } code_id = yield CodeDocument.insert(document) WriterManager.pub(MessageTopic.SEND_ACTIVATION_EMAIL, code_id) response_data.update( {'success': '注册成功! 系统已经向你的注册邮箱发送了一封激活' '邮件, 请验证后登录!'}) else: for field in form.errors: response_data.update({'error': form.errors[field][0]}) break self.finish(json.dumps(response_data))
def post(self): response_data = {} form = RegisterForm(self.request.arguments) if form.validate(): name = form.name.data email = form.email.data password = form.password.data if (yield UserDocument.find_one({'name': name})): response_data["error"] = "用户名已被占用" if (yield UserDocument.find_one({"email": email})): response_data["error"] = "邮箱已被注册" if not response_data: password = yield UserDocument.encrypt_password(password) document = { 'email': email, 'name': name, 'password': password, 'user_type': "person", 'register_date': datetime.now() } try: user_id = yield UserDocument.insert(document) except: raise HTTPError(500) # 头像初始化 avatar = open(os.path.join( APPLICATION_SETTINGS['static_path'], 'img/default.jpg') ) content = avatar.read() avatar.close() document = { 'name': 'default.jpg', 'upload_time': datetime.now(), 'content_type': 'jpeg', 'owner': DBRef( UserDocument.meta['collection'], ObjectId(user_id) ), 'content': Binary(content), 'thumbnail50x50': Binary(content), 'thumbnail180x180': Binary(content) } yield AvatarDocument.insert(document) # 用户设置初始化 _ = yield OfficialProfileCoverDocument.get_profile_cover_list() profile_cover = random.sample(_, 1)[0] document = { 'user': DBRef( UserDocument.meta['collection'], ObjectId(user_id) ), 'profile_cover': DBRef( OfficialProfileCoverDocument.meta['collection'], ObjectId(profile_cover['_id']) ) } yield UserSettingDocument.insert(document) # Ejabberd注册 try: Ejabberd.register(user_id, password) except: pass # 给用户发送验证邮件 document = { 'uid': user_id, 'code': CodeDocument.generate_code(), 'expired_time': datetime.now() + timedelta( days=USER_SETTINGS['code_expired_after'] ) } code_id = yield CodeDocument.insert(document) WriterManager.pub(MessageTopic.SEND_ACTIVATION_EMAIL, code_id) response_data.update({ 'success': '注册成功! 系统已经向你的注册邮箱发送了一封激活' '邮件, 请验证后登录!' }) else: for field in form.errors: response_data.update({'error': form.errors[field][0]}) break self.write_json(response_data)