def validate_password(self, field): account = self.account.data if '@' in account: user = User.get(email=account) else: user = User.get(name=account) if not user: raise ValidationError('用户名或密码错误') if user.check_password(field.data): self.user = user return user raise ValidationError('用户名或密码错误')
def _verify_token(self, token): try: token = base64.b64decode(token) except: result = {"status": "error", "message": "验证链接错误"} self.flash_message(**result) return None splits = token.split('|') if len(splits) != 4: result = {"status": "error", "message": "验证链接错误"} self.flash_message(**result) return None email, salt, created, hsh = splits delta = time.time() - int(created) if delta < 1: result = {"status": "error", "message": "验证链接错误"} self.flash_message(**result) return None if delta > 3600: # 1 hour result = {"status": "info", "message": "此验证链接已过期,请再次验证"} self.flash_message(**result) return None user = User.get(email=email) if not user: return None if hsh == hashlib.sha1(salt + created + user.token).hexdigest(): return user result = {"status": "error", "message": "验证链接错误"} self.flash_message(**result) return None
def send_password_email(self): email = self.get_argument('email', None) if self.current_user: user = self.current_user elif not email: result = {"status": "error", "message": "请输入邮箱地址"} self.flash_message(**result) return self.redirect('/signin') else: user = User.get(email=email) if not user: result = {"status": "error", "message": "用户不存在"} self.flash_message(**result) return self.redirect('/signin') token = self._create_token(user) url = '%s/account/password?verify=%s' % (config.site_url, token) template = ( '<div>你好 <strong>{nickname}</strong></div>' '<br /><div>请点击下面的链接来找回你的密码: ' '<a href="{url}">this link</a>.<div><br />' "<div>如果你的浏览器不能点击上面的链接 " '把下面的链接地址粘贴复制到你的浏览器地址栏: <br />' '{url} </div>' ) content = template.format(nickname=user.nickname, url=url) result = {"status": "success", "message": "邮件已经发送,请检查您的邮箱"} self.flash_message(**result) self.send_email(self, user.email, '找回密码', content)
def post(self): user_id = force_int(self.get_argument('user_id', 0), 0) sender = self.current_user receiver = User.get(id=user_id) if receiver: form = MessageForm(self.request.arguments) if form.validate(): message = form.save(sender_id=sender.id, receiver_id=receiver.id) result = { "status": "success", "message": "私信发送成功", "content": message.content, "created": message.created, "avatar": sender.get_avatar(size=48), "url": sender.url, "id": message.id, } else: result = {"status": "error", "message": "请填写至少 4 字的内容"} self.send_result(result) self.finish() return WebSocketHandler.send_message(message.receiver_id, message) result = {"status": "error", "message": "没有目标用户,不能发送私信哦"} self.send_result(result)
def send_password_email(self): email = self.get_argument('email', None) if self.current_user: user = self.current_user elif not email: result = {"status": "error", "message": "请输入邮箱地址"} self.flash_message(**result) return self.redirect('/signin') else: user = User.get(email=email) if not user: result = {"status": "error", "message": "用户不存在"} self.flash_message(**result) return self.redirect('/signin') token = self._create_token(user) url = '%s/account/password?verify=%s' % (config.site_url, token) template = ('<div>你好 <strong>{nickname}</strong></div>' '<br /><div>请点击下面的链接来找回你的密码: ' '<a href="{url}">this link</a>.<div><br />' "<div>如果你的浏览器不能点击上面的链接 " '把下面的链接地址粘贴复制到你的浏览器地址栏: <br />' '{url} </div>') content = template.format(nickname=user.nickname, url=url) result = {"status": "success", "message": "邮件已经发送,请检查您的邮箱"} self.flash_message(**result) self.send_email(self, user.email, '找回密码', content)
def get(self): page = force_int(self.get_argument('page', 1), 1) user_id = force_int(self.get_argument('user_id', 0), 0) current_user = self.current_user user = User.get(id=user_id) if not user: category = self.get_argument('category', 'all') return self.render("user/message_box.html", category=category, page=page) message_box = current_user.get_message_box(user=user) if not message_box: result = {"status": "error", "message": "无此私信"} return self.send_result(result) form = MessageForm() self.render("user/message.html", user=user, message_box=message_box, form=form, page=page) if message_box.status == 0: message_box.status = 1 try: orm.commit() except: pass
def validate_urlname(self, field): data = field.data if data != self.user.urlname: if self.user.edit_urlname_count < 1: field.data = self.user.urlname raise ValidationError('您已经没有修改域名的机会') if data in config.forbidden_name_list or User.get(urlname=data): raise ValidationError('此域名已经被占用')
def change_password(self): user = User.get(id=self.current_user.id) password = self.get_argument('password', None) if not user.check_password(password): result = {"status": "error", "message": "旧密码有误"} self.flash_message(**result) return self.render('user/password.html', token=None) password1 = self.get_argument('password1', None) password2 = self.get_argument('password2', None) self._change_password(user, password1, password2)
def get(self): user = self.current_user user_id = self.get_int('user_id', None) if user_id: user = User.get(id=user_id) if not user: return self.send_error_result(msg=u'没有指定用户 id') albums = user.get_albums(page=None) object_list = [album.to_simple_dict() for album in albums] data = { 'object_list': object_list, } return self.send_success_result(**data)
def post(self): action = self.get_argument('action', None) if action != "read": return user_id = force_int(self.get_argument('user_id', 0), 0) current_user = self.current_user user = User.get(id=user_id) if not user: return self.send_error(404) message_box = current_user.get_message_box(user=user) if not message_box: return self.send_error(404) message_box.status = 1 return self.send_success_result(msg="已读")
def delete(self, topic_id): topic = Topic.get(id=topic_id) if not topic: return self.redirect_next_url() subject = "主题删除通知 - " + config.site_name template = ( '<p>尊敬的 <strong>{nickname}</strong> 您好!</p>' '<p>您的主题 <strong>「{topic_title}」</strong>' '由于违反社区规定而被删除,我们以邮件的形式给您进行了备份,备份数据如下:</p>' '<div class="content">{content}</div>' ) content = template.format( nickname=topic.author.nickname, topic_title=topic.title, content=topic.content ) self.send_email(self, topic.author.email, subject, content) replies = topic.replies users = [] content_dict = {} for reply in replies: if reply.author not in users: users.append(reply.author) content = '<li>' + reply.content + '</li>' else: content = content_dict.get(reply.author.name) content += '<li>' + reply.content + '</li>' content_dict.update({reply.author.name: content}) for name, content in content_dict.items(): user = User.get(name=name) subject = "评论删除通知 - " + config.site_name template = ( '<p>尊敬的 <strong>{nickname}</strong> 您好!</p>' '<p>主题 <strong>「{topic_title}」</strong>' '由于某些原因被删除,您在此主题下的评论收到了牵连,遂给您以邮件的形式进行了备份,备份数据如下:</p>' '<ul class="content">{content}</ul>' ) content = template.format( nickname=user.nickname, topic_title=topic.title, content=content ) self.send_email(self, user.email, subject, content) topic.delete() result = {'status': 'success', 'message': '已成功删除'} return self.write(result)
def delete(self, topic_id): topic = Topic.get(id=topic_id) if not topic: return self.redirect_next_url() subject = "主题删除通知 - " + config.site_name template = ( '<p>尊敬的 <strong>{nickname}</strong> 您好!</p>' '<p>您的主题 <strong>「{topic_title}」</strong>' '由于违反社区规定而被删除,我们以邮件的形式给您进行了备份,备份数据如下:</p>' '<div class="content">{content}</div>' ) content = template.format( nickname=topic.author.nickname, topic_title=topic.title, content=topic.content ) self.send_email(self, topic.author.email, subject, content) replies = topic.replies users = [] content_dict = {} for reply in replies: if reply.author not in users: users.append(reply.author) content = '<li>' + reply.content + '</li>' else: content = content_dict.get(reply.author.name) content += '<li>' + reply.content + '</li>' content_dict.update({reply.author.name: content}) for name, content in content_dict.iteritems(): user = User.get(name=name) subject = "评论删除通知 - " + config.site_name template = ( '<p>尊敬的 <strong>{nickname}</strong> 您好!</p>' '<p>主题 <strong>「{topic_title}」</strong>' '由于某些原因被删除,您在此主题下的评论收到了牵连,遂给您以邮件的形式进行了备份,备份数据如下:</p>' '<ul class="content">{content}</ul>' ) content = template.format( nickname=user.nickname, topic_title=topic.title, content=content ) self.send_email(self, user.email, subject, content) topic.delete() result = {'status': 'success', 'message': '已成功删除'} return self.write(result)
def get(self, urlname, view='index', category='all'): page = force_int(self.get_argument('page', 1), 1) user = User.get(urlname=urlname) if not user: raise tornado.web.HTTPError(404) action = self.get_argument('action', None) if action and self.current_user: if action == 'follow' and user != self.current_user: result = self.current_user.follow(whom_id=user.id) return self.send_result(result) items = [] item_count = 0 url = user.url if view == 'topics': items = user.get_topics(page=page, category=category) item_count = orm.count( user.get_topics(page=None, category=category)) url += '/topics' elif view == 'replies': items = user.get_replies(page=page, category=category) item_count = orm.count( user.get_replies(page=None, category=category)) url += '/replies' elif view == 'followings': items = user.get_followings(page=page) item_count = orm.count(user.get_followings(page=None)) url += '/followings' elif view == 'followers': items = user.get_followers(page=page) item_count = orm.count(user.get_followers(page=None)) url += '/followers' elif view == 'albums': items = user.get_albums(page=page) item_count = orm.count(user.get_albums(page=None)) url += '/albums' page_count = (item_count + config.paged - 1) // config.paged return self.render("user/index.html", user=user, items=items, view=view, category=category, page=page, page_count=page_count, url=url)
def get(self, urlname, view='index', category='all'): page = force_int(self.get_argument('page', 1), 1) user = User.get(urlname=urlname) if not user: raise tornado.web.HTTPError(404) action = self.get_argument('action', None) if action and self.current_user: if action == 'follow' and user != self.current_user: result = self.current_user.follow(whom_id=user.id) return self.send_result(result) items = [] item_count = 0 url = user.url if view == 'topics': items = user.get_topics(page=page, category=category) item_count = orm.count(user.get_topics(page=None, category=category)) url += '/topics' elif view == 'replies': items = user.get_replies(page=page, category=category) item_count = orm.count(user.get_replies(page=None, category=category)) url += '/replies' elif view == 'followings': items = user.get_followings(page=page) item_count = orm.count(user.get_followings(page=None)) url += '/followings' elif view == 'followers': items = user.get_followers(page=page) item_count = orm.count(user.get_followers(page=None)) url += '/followers' elif view == 'albums': items = user.get_albums(page=page) item_count = orm.count(user.get_albums(page=None)) url += '/albums' page_count = (item_count + config.paged - 1) // config.paged return self.render("user/index.html", user=user, items=items, view=view, category=category, page=page, page_count=page_count, url=url)
def validate_name(self, field): data = field.data.lower() if data in config.forbidden_name_list or User.get(name=data): raise ValidationError('此用户名已注册')
def validate_email(self, field): data = field.data.lower() if User.get(email=data): raise ValidationError('此邮箱已注册')