示例#1
0
文件: urls.py 项目: edwingoo/mywebapp 
def api_delete_user(user_id):
    check_admin()
    user = Users.get(user_id)
    if not user:
        raise APIResourceNotFoundError('user')
    localauth = LocalAuth.find_first('where user_id=?',user_id)
    user.delete()
    localauth.delete()
    return dict(user_id=user_id)
示例#2
0
文件: urls.py 项目: edwingoo/mywebapp 
def check_admin():
    """

    :return:
    """
    user = ctx.request.user
    localauth = LocalAuth.find_first('where user_id=?', user.user_id)
    if user and localauth.user_admin:
        return
    raise APIPermissionError('No permission')
示例#3
0
文件: urls.py 项目: edwingoo/mywebapp 
def manage_interceptor(next):
    """

    :param next:
    :return: :raise seeother:
    """
    user = ctx.request.user
    if user:
        localauth = LocalAuth.find_first('where user_id=?', user.user_id)
        if localauth.user_admin:
            return next()
    raise seeother('/signin')
示例#4
0
文件: urls.py 项目: edwingoo/mywebapp 
def register_user():
    i = ctx.request.input(name='', email='', password='')
    name = i.name.strip()
    email = i.email.strip().lower()
    password = hashlib.md5(i.password).hexdigest()
    if not name:
        raise APIValueError('name')
    if not email or not _RE_EMAIL.match(email):
        raise APIValueError('email')
    # if not password or not _RE_PASSWORD.match(password):
    #     raise APIValueError('password')
    user = LocalAuth.find_first('where user_email=?', email)
    if user:
        raise APIError('register:failed', 'email', 'Email already in user.')
    user = Users(user_name=name)
    user.insert()
    # print user.user_id
    localauth = LocalAuth(user_id=user.user_id, user_email=email, user_password=password)
    localauth.insert()
    # make session cookie
    cookie = make_signed_cookie(user.user_id, localauth.user_password, None)
    ctx.response.set_cookie(__COOKIE_NAME, cookie)
    return user
示例#5
0
文件: urls.py 项目: edwingoo/mywebapp 
def authenticate():
    i = ctx.request.input(remember='')
    email = i.email.strip().lower()
    password = hashlib.md5(i.password).hexdigest()
    remember = i.remember
    localauth = LocalAuth.find_first('where user_email=?', email)
    print localauth
    if localauth is None:
        raise APIError('auth:failed', 'email', 'Invalid email')
    elif password != localauth.user_password:
        raise APIError('auth:failed', 'password', 'Invalid password')
    # make session cookie:
    max_age = 608400 if remember == 'true' else None
    cookie = make_signed_cookie(localauth.user_id, password, max_age)
    ctx.response.set_cookie(__COOKIE_NAME, cookie, max_age)
    user = Users.get(localauth.user_id)
    # print user
    return user
示例#6
0
文件: urls.py 项目: edwingoo/mywebapp 
def parse_signed_cookie(cookie_str):
    """
    解析COOKIE
    :param cookie_str:
    :return:
    """
    try:
        L = cookie_str.split('-')
        if len(L) != 3:
            return None
        id, expires, md5 = L
        if int(expires) < time.time():
            return None
        user = Users.get(id)
        localauth = LocalAuth.find_first('where user_id=?', id)
        if user is None:
            return None
        if md5 != hashlib.md5('%s-%s-%s-%s' % (id, localauth.user_password, expires, __COOKIE_KEY)).hexdigest():
            return None
        return user
    except:
        return None