def userlogin():
if request.method == 'POST':
res = dict(code=1)
auth = Authentication(g.mysql, g.redis)
result = auth.signIn(account=request.form.get("account"),
password=request.form.get("password"))
if result["success"]:
uid = result["uid"]
# 记录登录日志
auth.brush_loginlog(result, login_ip=g.ip, user_agent=g.agent)
fields = request.form.get("fields") or "is_admin,avatar,nick_name"
fields = [i for i in comma_pat.split(fields) if i]
fields = set(fields)
fields.update(["avatar", "nick_name"])
fields = list(fields)
infores = g.api.userprofile.getUserProfile(uid)
data = {}
if infores["code"] == 0:
data = infores["data"]
data.update(token=set_sessionId(uid, 7200))
res.update(code=0, data={k: data[k] for k in fields if k in data})
else:
res.update(msg=result["msg"])
return jsonify(dfr(res))
def authorized():
""" Client SSO 单点登录、注销入口, 根据`Action`参数判断是`ssoLogin`还是`ssoLogout` """
Action = request.args.get("Action")
if Action == "ssoLogin":
# 单点登录
ticket = request.args.get("ticket")
if request.method == "GET" and ticket and g.signin == False:
resp = sso_request(
"{}/sso/validate".format(sso_server),
dict(Action="validate_ticket"),
dict(ticket=ticket,
app_name=SSO["app_name"],
get_userinfo=True,
get_userbind=False))
logger.sys.debug("SSO check ticket resp: {}".format(resp))
if resp and isinstance(
resp, dict) and "success" in resp and "uid" in resp:
if resp["success"] is True:
uid = resp["uid"]
sid = resp["sid"]
expire = int(resp["expire"])
g.userinfo = resp["userinfo"].get("data") or dict()
logger.sys.debug(g.userinfo)
# 授权令牌验证通过,设置局部会话,允许登录
sessionId = set_sessionId(uid=uid, seconds=expire, sid=sid)
response = make_response(
redirect(get_redirect_url("front.index")))
response.set_cookie(
key="sessionId",
value=sessionId,
max_age=expire,
httponly=True,
secure=False if request.url_root.split("://")[0]
== "http" else True)
return response
elif Action == "ssoLogout":
# 单点注销
ReturnUrl = request.args.get("ReturnUrl") or get_referrer_url(
) or url_for("front.index", _external=True)
NextUrl = "{}/signOut?ReturnUrl={}".format(sso_server, ReturnUrl)
app_name = request.args.get("app_name")
if request.method == "GET" and NextUrl and app_name and g.signin == True and app_name == SSO[
"app_name"]:
response = make_response(redirect(NextUrl))
response.set_cookie(key="sessionId", value="", expires=0)
return response
elif Action == "ssoConSync":
# 数据同步:参数中必须包含大写的hmac_sha256(app_name:app_id:app_secret)的signature值
# 此处可以改为要求登录,passport sessionId可以解析出所需要的sid、uid
signature = request.args.get("signature")
if request.method == "POST" and signature and signature == hmac_sha256(
"{}:{}:{}".format(SSO["app_name"], SSO["app_id"],
SSO["app_secret"])).upper():
try:
data = json.loads(request.form.get("data"))
ct = data["CallbackType"]
cd = data["CallbackData"]
uid = data["uid"]
token = data["token"]
except Exception, e:
logger.plugin.warning(e)
else:
logger.plugin.info("ssoConSync with uid: {} -> {}: {}".format(
uid, ct, cd))
resp = sso_request("{}/sso/validate".format(sso_server),
dict(Action="validate_sync"),
dict(token=token, uid=uid))
if resp and isinstance(resp,
dict) and resp.get("success") is True:
# 之后根据不同类型的ct处理cd
logger.plugin.debug("ssoConSync is ok")
if ct == "user_profile":
# like {u'nick_name': u'.\u5f18\u5f08', u'gender': u'1', u'domain_name': u'taochengwei', u'birthday': u'1995-04-22', u'location': u'\u5317\u4eac \u671d\u9633', u'signature': u'\u5c81\u6708\u5982\u5200\u65a9\u5929\u9a84'}
logger.plugin.debug(
"sync user_profile before: {}".format(g.userinfo))
g.userinfo.update(cd)
logger.plugin.debug(
"sync user_profile after: {}".format(g.userinfo))
elif ct == "user_avatar":
logger.plugin.debug(
"sync user_avatar before: {}".format(
g.userinfo["avatar"]))
g.userinfo["avatar"] = cd
logger.plugin.debug(
"sync user_avatar after: {}".format(
g.userinfo["avatar"]))
return jsonify(msg="Synchronization completed",
success=g.api.sso_set_userinfo(
uid, g.userinfo),
app_name=SSO["app_name"])
def authorized():
""" Client SSO 单点登录、注销入口, 根据`Action`参数判断是`ssoLogin`还是`ssoLogout` """
Action = request.args.get("Action")
if Action == "ssoLogin":
# 单点登录
ticket = request.args.get("ticket")
if request.method == "GET" and ticket and g.signin == False:
resp = sso_request(
"{}/sso/validate".format(sso_server),
dict(Action="validate_ticket"),
dict(ticket=ticket,
app_name=SSO["app_name"],
get_userinfo=False,
get_userbind=False))
logger.debug("SSO check ticket resp: {}".format(resp))
if resp and isinstance(
resp, dict) and "success" in resp and "uid" in resp:
if resp["success"] is True:
uid = resp["uid"]
sid = resp["sid"]
expire = int(resp["expire"])
#userinfo = resp["userinfo"]
#logger.debug(userinfo)
# 授权令牌验证通过,设置局部会话,允许登录
sessionId = set_sessionId(uid=uid, seconds=expire, sid=sid)
response = make_response(
redirect(get_redirect_url("front.index")))
response.set_cookie(
key="sessionId",
value=sessionId,
max_age=expire,
httponly=True,
secure=False if request.url_root.split("://")[0]
== "http" else True)
return response
elif Action == "ssoLogout":
# 单点注销
ReturnUrl = request.args.get("ReturnUrl") or get_referrer_url(
) or url_for("front.index", _external=True)
NextUrl = "{}/signOut?ReturnUrl={}".format(sso_server, ReturnUrl)
app_name = request.args.get("app_name")
if request.method == "GET" and NextUrl and app_name and g.signin == True and app_name == SSO[
"app_name"]:
response = make_response(redirect(NextUrl))
response.set_cookie(key="sessionId", value="", expires=0)
return response
elif Action == "ssoConSync":
# 数据同步:参数中必须包含大写的hmac_sha256(app_name:app_id:app_secret)的signature值
signature = request.args.get("signature")
if request.method == "POST" and signature and signature == hmac_sha256(
"{}:{}:{}".format(SSO["app_name"], SSO["app_id"],
SSO["app_secret"])).upper():
try:
data = json.loads(request.form.get("data"))
ct = data["CallbackType"]
cd = data["CallbackData"]
uid = data["uid"]
token = data["token"]
except Exception, e:
logger.warning(e)
else:
logger.info("ssoConSync with uid: {} -> {}: {}".format(
uid, ct, cd))
resp = sso_request("{}/sso/validate".format(sso_server),
dict(Action="validate_sync"),
dict(token=token, uid=uid))
if resp and isinstance(resp,
dict) and resp.get("success") is True:
# 之后根据不同类型的ct处理cd
logger.debug("ssoConSync is ok")
if ct == "user_profile":
pass
elif ct == "user_avatar":
pass
return jsonify(msg="Synchronization completed",
success=True,
app_name=SSO["app_name"])