def change_password(request):
data = JSONParser().parse(request)
try:
user_id = data['user_id']
except Exception:
return JsonResponse(retcode(errcode("9999", '用户id不能为空'), "9999",
'用户id不能为空'),
safe=True,
status=status.HTTP_400_BAD_REQUEST)
try:
orig_password = data['orig_password']
except Exception:
return JsonResponse(retcode(errcode("9999", '原密码不能为空'), "9999",
'原密码不能为空'),
safe=True,
status=status.HTTP_400_BAD_REQUEST)
try:
new_password = data['new_password']
except Exception:
return JsonResponse(retcode(errcode("9999", '新密码不能为空'), "9999",
'新密码不能为空'),
safe=True,
status=status.HTTP_400_BAD_REQUEST)
try:
timestamp = data['timestamp']
except Exception:
return JsonResponse(retcode(errcode("9999", '异常错误'), "9999", '异常错误'),
safe=True,
status=status.HTTP_400_BAD_REQUEST)
try:
user = User.objects.get(user_id=user_id)
# check salt valid
current_utc = int(time.time())
if current_utc - timestamp > settings.SALT_DURATION:
return JsonResponse(retcode(errcode("4031", '非法登陆未经授权'), "4031",
'非法登陆未经授权'),
safe=True,
status=status.HTTP_403_FORBIDDEN)
m2 = hashlib.md5()
m2.update(user.user_password_encrypt + str(timestamp))
gen_password = m2.hexdigest()
log.info(
'origin_password=%s, gen_password=%s, user_password_encrypt=%s, timestamp=%s'
% (orig_password, gen_password, user.user_password_encrypt,
timestamp))
if gen_password != orig_password:
return JsonResponse(retcode(errcode("0403", '原始密码输入不正确'), "0403",
'原始密码输入不正确'),
safe=True,
status=status.HTTP_403_FORBIDDEN)
else:
user.user_password_encrypt = new_password
user.save()
except User.DoesNotExist, e:
log.error(e)
return JsonResponse(retcode(errcode("0403", '用户不存在或用户密码不正确'), "0403",
'用户不存在或用户密码不正确'),
safe=True,
status=status.HTTP_403_FORBIDDEN)
def user_detail(request, user_id):
try:
ret_user = User.objects.get(user_id=user_id)
user_ser = UserSerializer(ret_user)
except User.DoesNotExist, e:
log.error(repr(e))
return JsonResponse(retcode(errcode("9999", "查询用户信息失败"), "9999",
"查询用户信息失败"),
safe=True,
status=status.HTTP_400_BAD_REQUEST)
def group_detail(request, access_group_id):
try:
group = AccessGroup.objects.get(access_group_id=access_group_id)
ser_group = AccessGroupSerializer(group)
except User.DoesNotExist:
return JsonResponse(retcode(errcode("9999", "查询用户信息失败"), "9999",
"查询用户信息失败"),
safe=True,
status=status.HTTP_400_BAD_REQUEST)
return JsonResponse(retcode(ser_group.data, "0000", "Succ"),
safe=True,
status=status.HTTP_200_OK)
def auth_user_logout(request):
data = JSONParser().parse(request)
try:
user_id = data['user_id']
except Exception:
return JsonResponse(retcode(errcode("9999", '用户id不能为空'), "9999",
'用户id不能为空'),
safe=True,
status=status.HTTP_400_BAD_REQUEST)
try:
user = User.objects.get(user_id=user_id)
conn = get_connection_from_pool()
if conn.hexists(USER_ALIAS_ID_HASH, user.user_id):
conn.hdel(USER_ALIAS_ID_HASH, user.user_id)
# if user.user_alias_id:
# user.user_alias_id = ''
user.save()
except User.DoesNotExist, e:
log.error(e)
return JsonResponse(retcode(errcode("0403", '登出用户不存在'), "0403",
'登出用户不存在'),
safe=True,
status=status.HTTP_403_FORBIDDEN)
def update_user(request):
ret = {}
data = JSONParser().parse(request)
try:
user_gender = data['user_gender']
except Exception:
return JsonResponse(retcode(errcode("9999", '修改用户性别不能为空'), "9999",
'修改用户性别不能为空'),
safe=True,
status=status.HTTP_400_BAD_REQUEST)
try:
user_nickname = data['user_nickname']
except Exception:
return JsonResponse(retcode(errcode("9999", '修改用户性别不能为空'), "9999",
'修改用户性别不能为空'),
safe=True,
status=status.HTTP_400_BAD_REQUEST)
try:
user_phone = data['user_phone']
except Exception:
return JsonResponse(retcode(errcode("9999", '用户号码不能为空'), "9999",
'用户号码不能为空'),
safe=True,
status=status.HTTP_400_BAD_REQUEST)
try:
user_id = data['user_id']
except Exception:
return JsonResponse(retcode(errcode("9999", '修改用户id不能为空'), "9999",
'修改用户id不能为空'),
safe=True,
status=status.HTTP_400_BAD_REQUEST)
try:
user_email = data['user_email']
except Exception, e:
log.error(repr(e))
user_email = ''
def auth_with_salt(request):
data = JSONParser().parse(request)
try:
username = data['username']
except Exception:
return JsonResponse(retcode(errcode("9999", '注册姓名不能为空'), "9999",
'注册姓名不能为空'),
safe=True,
status=status.HTTP_400_BAD_REQUEST)
try:
password = data['password']
except Exception:
return JsonResponse(retcode(errcode("9999", '注册密码不能为空'), "9999",
'注册密码不能为空'),
safe=True,
status=status.HTTP_400_BAD_REQUEST)
try:
timestamp = data['timestamp']
except Exception:
return JsonResponse(retcode(errcode("9999", '异常错误'), "9999", '异常错误'),
safe=True,
status=status.HTTP_400_BAD_REQUEST)
try:
user = User.objects.get(user_name=username)
# check salt valid
current_utc = int(time.time())
if current_utc - timestamp > settings.SALT_DURATION:
return JsonResponse(retcode(errcode("4031", '非法登陆未经授权'), "4031",
'非法登陆未经授权'),
safe=True,
status=status.HTTP_403_FORBIDDEN)
m2 = hashlib.md5()
m2.update(user.user_password_encrypt + str(timestamp))
gen_password = m2.hexdigest()
log.info("password=%s, gen_password=%s, timestamp=%s, username=%s" %
(password, gen_password, timestamp, username))
if gen_password != password:
return JsonResponse(retcode(errcode("0403", '用户不存在或用户密码不正确'),
"0403", '用户不存在或用户密码不正确'),
safe=True,
status=status.HTTP_403_FORBIDDEN)
log.info("login verify success, begin alias_id init")
conn = get_connection_from_pool()
conn.hset(USER_ALIAS_ID_HASH, user.user_id, uuid.uuid1().hex)
# user.user_alias_id = uuid.uuid1().hex
# user.save()
except User.DoesNotExist, e:
log.error(repr(e))
return JsonResponse(retcode(errcode("0403", '用户不存在或用户密码不正确'), "0403",
'用户不存在或用户密码不正确'),
safe=True,
status=status.HTTP_403_FORBIDDEN)
def admin_auth_with_salt(request):
data = JSONParser().parse(request)
try:
username = data['username']
except Exception:
return JsonResponse(retcode(errcode("9999", '注册姓名不能为空'), "9999",
'注册姓名不能为空'),
safe=True,
status=status.HTTP_400_BAD_REQUEST)
try:
password = data['password']
except Exception:
return JsonResponse(retcode(errcode("9999", '注册密码不能为空'), "9999",
'注册密码不能为空'),
safe=True,
status=status.HTTP_400_BAD_REQUEST)
try:
timestamp = data['timestamp']
except Exception:
return JsonResponse(retcode(errcode("9999", '异常错误'), "9999", '异常错误'),
safe=True,
status=status.HTTP_400_BAD_REQUEST)
try:
user = User.objects.get(user_name=username, group__group='admin')
# check salt valid
current_utc = int(time.time())
if current_utc - timestamp > settings.SALT_DURATION:
return JsonResponse(retcode(errcode("4031", '非法登陆未经授权'), "4031",
'非法登陆未经授权'),
safe=True,
status=status.HTTP_403_FORBIDDEN)
m2 = hashlib.md5()
m2.update(user.user_password_encrypt + str(timestamp))
gen_password = m2.hexdigest()
log.info("password=%s, gen_password=%s, timestamp=%s, username=%s" %
(password, gen_password, timestamp, username))
if gen_password != password:
return JsonResponse(retcode(errcode("0403", '用户不存在或用户密码不正确'),
"0403", '用户不存在或用户密码不正确'),
safe=True,
status=status.HTTP_403_FORBIDDEN)
except User.DoesNotExist, e:
log.error(repr(e))
return JsonResponse(retcode(errcode("0403", '用户不存在或用户密码不正确'), "0403",
'用户不存在或用户密码不正确'),
safe=True,
status=status.HTTP_403_FORBIDDEN)
def add_user(request):
ret = {}
data = JSONParser().parse(request)
try:
user_name = data['user_name']
except Exception:
return JsonResponse(retcode(errcode("9999", '注册登陆名不能为空'), "9999",
'注册登陆名不能为空'),
safe=True,
status=status.HTTP_400_BAD_REQUEST)
try:
user_real_name = data['user_real_name']
except Exception:
return JsonResponse(retcode(errcode("9999", '注册用户姓名不能为空'), "9999",
'注册用户姓名不能为空'),
safe=True,
status=status.HTTP_400_BAD_REQUEST)
try:
user_gender = data['user_gender']
except Exception:
return JsonResponse(retcode(errcode("9999", '注册用户性别不能为空'), "9999",
'注册用户性别不能为空'),
safe=True,
status=status.HTTP_400_BAD_REQUEST)
try:
user_phone = data['user_phone']
except Exception:
return JsonResponse(retcode({}, "9999", '注册用户号码不能为空'),
safe=True,
status=status.HTTP_400_BAD_REQUEST)
try:
role = data['role']
role_obj = Role.objects.get(role_id=role)
except Exception:
return JsonResponse(retcode({}, "9999", '用户角色不能为空'),
safe=True,
status=status.HTTP_400_BAD_REQUEST)
group_default = 'user'
try:
try:
group_obj = AccessGroup.objects.get(group=group_default)
except AccessGroup.DoesNotExist:
return JsonResponse(retcode({}, "9999", '企业用户群组不存在'),
safe=True,
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
try:
usr = User.objects.get(user_name=user_name)
if usr:
log.error(
"Enterprise User exists already and return 500 error")
return JsonResponse(
retcode({}, "0500", '登陆名已存在'),
safe=True,
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
except User.DoesNotExist:
with transaction.atomic():
md = hashlib.md5()
md.update('hna123')
md5_pwd = md.hexdigest()
new_user = User(user_id=uuid.uuid1(),
user_name=user_name,
user_password='******',
status='',
avatar_url='',
user_phone=user_phone,
user_email='',
register_time=datetime.datetime.now(tz=tz),
user_token=uuid.uuid4().hex,
role=role_obj,
group=group_obj,
user_real_name=user_real_name,
user_gender=user_gender,
user_alias_id=uuid.uuid1().hex,
user_password_encrypt=md5_pwd)
new_user.save()
auth_user_group = AuthUserGroup(user_token=new_user.user_token,
group=group_obj)
auth_user_group.save()
ret['user_id'] = new_user.user_id
update_redis_token(new_user.user_token, group_default)
except Exception, e:
log.error(repr(e))
return JsonResponse(retcode({}, "0500", '创建用户失败'),
safe=True,
status=status.HTTP_500_INTERNAL_SERVER_ERROR)