def unauthorized(error):
# 清除账号 cookie
if 'session_id' in request.cookies:
session_id = request.cookies['session_id']
key = 'session_id_{}'.format(session_id)
cache.delete(key)
return render_template("error/401.html")
def reset():
token = request.form.get('token')
password = request.form.get('password')
if cache.exists(token):
u = User.one(id=cache.get(token))
u.reset_password(password)
cache.delete(token)
return redirect(url_for('index.index'))
else:
redirect('404')
def logout():
if 'session_id' in request.cookies:
session_id = request.cookies['session_id']
key = 'session_id_{}'.format(session_id)
cache.delete(key)
redirect_to_index = redirect(url_for('index.index'))
response = current_app.make_response(redirect_to_index)
response.delete_cookie('session_id')
return response
else:
return redirect(url_for('index.index'))
def reset_view():
token = request.args["token"]
key = "csrf_token_{}".format(token)
if cache.exists(key):
user_id = cache.get(key)
cache.delete(key)
user = User.one(id=user_id)
token = new_csrf_token(user)
return render_template('reset.html', token=token, user=user)
else:
return abort(401)
def reset():
token = request.args.get('token', None)
try:
u_id = json.loads(cache.get(token))
except:
return abort(Response('无效的token验证码!'))
if u_id is not None:
u = User.one(id=u_id)
# 删除使用后的token
cache.delete(token)
# 生成新的token
token = new_csrf_token(u)
# 帮用户进行登陆
session_id = session_user(u.id)
res = current_app.make_response(render_template('forget/reset.html', token=token))
res.set_cookie('cache_session', session_id)
return res
else:
return abort(Response('无效的token验证码!'))