def rainEntrance(self): RAINDB_CONF = current_app.config['RAINDB_CONF'] username = self['username'] password = self['password'] user = User(username=username) result = user.query(RAINDB_CONF) if result is None: return json.dumps({"success": False}) elif username in json.dumps(result): if pwd_context.verify(password, result['password']) is True: g.user = user try: expiration = 10 token = Serializer(current_app.config['SECRET_KEY'], expires_in=expiration).dumps( {'username': username}) return json.dumps({ "success": True, "token": token.decode('ascii') }) except BaseException as e: print(e) return json.dumps({"success": False}) else: return json.dumps({"success": False})
def path_filter(self, req, resp): if req.path == '/' and req.method == 'GET': # 首页 raise UserHttpError(description=dict(code=0, msg='hello, world!')) elif req.path == '{}/login'.format( self.config.route_path) and req.method == 'POST': # 登录 username = req.body.get('username', None) password = req.body.get('password', None) if not username or not password: raise UserHttpError(description=dict(code=3000, msg=msg[3000])) self.logger.info('user: {} is logging in......'.format(username)) if not db_session.query(User).filter(User.username == username, User.password == password).first(): raise UserHttpError(description=dict(code=3001, msg=msg[3001])) else: token_dict = dict(username=username, forwarded_host=req.forwarded_host) token = Serializer(self.config.SECRET_KEY, expires_in=7200).dumps(token_dict) self.logger.info( (username, req.forwarded_host, req.port, req.method, req.path, resp.status, resp.body)) raise UserHttpError(description=dict( code=0, msg=msg[0], token=token.decode('utf-8'))) elif req.path == '{}/logout'.format( self.config.route_path) and req.method == 'POST': # 退出 raise UserHttpError(description=dict(code=0, msg=msg[0]))
def post(self, request): username = request.POST.get('user_name') password = request.POST.get('pwd') email = request.POST.get('email') allow = request.POST.get('allow') if not all([username, password, email]): return render(request, 'register.html', {'errmsg': '数据不完整'}) if not re.match(r'^[a-z0-9][\w.\-]*@[a-z0-9\-]+(\.[a-z]{2,5}){1,2}$', email): return render(request, 'register.html', {'errmsg': '邮箱格式有误'}) if allow != 'on': return render(request, 'register.html', {'errmsg': '未勾选协议'}) try: user = User.objects.get(username=username) except User.DoesNotExist: user = None if user: return render(request, 'register.html', {'errmsg': '用户名已存在'}) user = User.objects.create_user(username, email, password) user.is_active = 0 user.save() user_info = { 'user_id': user.id, } token = TimedJSONWebSignatureSerializer(secret_key=settings.SECRET_KEY, expires_in=30) token = token.dumps(user_info) token = token.decode() # 发邮件 subject = '淘生鲜欢迎您' message = '' sender = settings.EMAIL_FROM receiver = [email] html_message = f'<h1>{username}您好,欢迎您成为淘生鲜注册用户</h1>请点击以下链接激活您的账号<a href="http://127.0.0.1:8000/user/active/{token}">http://127.0.0.1:8000/user/active/{token}</a>' # 发送激活邮件 send_mail(subject, message, sender, receiver, html_message=html_message) return redirect(reverse('goods:index'))
def login(): auth = request.authorization if not auth or not auth.username or not auth.password: return make_response('Could not verify', 401, {'WWW-Authenticate':'Basic realm="Login required"'}) user = User.query.filter_by(name=auth.username).first() if not user: return make_response('Could not verify', 401, {'WWW-Authenticate':'Basic realm="Login required"'}) if check_password_hash(user.password, auth.password): token = Serializer(app.config['SECRET_KEY'], expires_in = 3600).dumps(user.public_id) return jsonify({'token':token.decode('UTF-8') }) return make_response('Could not verify', 401, {'WWW-Authenticate':'Basic realm="Login required"'})