|
@@ -168,6 +168,7 @@ class registerView(TemplateView):
|
|
|
language = request_dict.get('language', None)
|
|
language = request_dict.get('language', None)
|
|
|
unique = request_dict.get('unique', None)
|
|
unique = request_dict.get('unique', None)
|
|
|
password_version = request_dict.get('pwdVersion', 'V1')
|
|
password_version = request_dict.get('pwdVersion', 'V1')
|
|
|
|
|
+ salt = request_dict.get('salt', None)
|
|
|
if unique:
|
|
if unique:
|
|
|
delete_local_account(unique)
|
|
delete_local_account(unique)
|
|
|
response = ResponseObject(language)
|
|
response = ResponseObject(language)
|
|
@@ -176,11 +177,11 @@ class registerView(TemplateView):
|
|
|
username = username.strip()
|
|
username = username.strip()
|
|
|
if userEmail:
|
|
if userEmail:
|
|
|
userEmail = userEmail.strip()
|
|
userEmail = userEmail.strip()
|
|
|
- return self.register(username, userEmail, password, authCode, response, password_version)
|
|
|
|
|
|
|
+ return self.register(username, userEmail, password, authCode, response, password_version, salt)
|
|
|
else:
|
|
else:
|
|
|
return response.json(800)
|
|
return response.json(800)
|
|
|
|
|
|
|
|
- def register(self, username, userEmail, password, authCode, response, password_version):
|
|
|
|
|
|
|
+ def register(self, username, userEmail, password, authCode, response, password_version, salt):
|
|
|
dataValid = DataValid()
|
|
dataValid = DataValid()
|
|
|
reds = RedisObject()
|
|
reds = RedisObject()
|
|
|
identifyingCode = reds.get_data(key=username + '_identifyingCode')
|
|
identifyingCode = reds.get_data(key=username + '_identifyingCode')
|
|
@@ -200,6 +201,7 @@ class registerView(TemplateView):
|
|
|
re_flag = dataValid.password_validate(password)
|
|
re_flag = dataValid.password_validate(password)
|
|
|
else:
|
|
else:
|
|
|
re_flag = True
|
|
re_flag = True
|
|
|
|
|
+ password = "%s$%d$%s$%s" % ("pbkdf2_sha256", 260000, salt, password)
|
|
|
if re_flag:
|
|
if re_flag:
|
|
|
if dataValid.email_validate(username):
|
|
if dataValid.email_validate(username):
|
|
|
if userEmail:
|
|
if userEmail:
|
|
@@ -347,6 +349,8 @@ class ChangePwdView(TemplateView):
|
|
|
oldPwd = request_dict.get('oldPwd', None)
|
|
oldPwd = request_dict.get('oldPwd', None)
|
|
|
newPwd = request_dict.get('newPwd', None)
|
|
newPwd = request_dict.get('newPwd', None)
|
|
|
password_version = request_dict.get('pwdVersion', 'V1')
|
|
password_version = request_dict.get('pwdVersion', 'V1')
|
|
|
|
|
+ new_salt = request_dict.get('newSalt', None)
|
|
|
|
|
+ old_salt = request_dict.get('oldSalt', None)
|
|
|
response = ResponseObject()
|
|
response = ResponseObject()
|
|
|
if oldPwd is None and newPwd is None:
|
|
if oldPwd is None and newPwd is None:
|
|
|
return response.json(800)
|
|
return response.json(800)
|
|
@@ -354,21 +358,24 @@ class ChangePwdView(TemplateView):
|
|
|
response.lang = tko.lang
|
|
response.lang = tko.lang
|
|
|
if tko.code != 0:
|
|
if tko.code != 0:
|
|
|
return response.json(tko.code)
|
|
return response.json(tko.code)
|
|
|
- return self.updatePwd(tko.userID, oldPwd, newPwd, response, password_version)
|
|
|
|
|
|
|
+ return self.updatePwd(tko.userID, oldPwd, newPwd, response, password_version, new_salt, old_salt)
|
|
|
|
|
|
|
|
- def updatePwd(self, userID, oldPwd, newPwd, response, password_version):
|
|
|
|
|
|
|
+ def updatePwd(self, userID, oldPwd, newPwd, response, password_version, new_salt, old_salt):
|
|
|
user_qs = Device_User.objects.filter(userID=userID)
|
|
user_qs = Device_User.objects.filter(userID=userID)
|
|
|
if not user_qs.exists():
|
|
if not user_qs.exists():
|
|
|
return response.json(104)
|
|
return response.json(104)
|
|
|
if password_version == 'V1':
|
|
if password_version == 'V1':
|
|
|
c_p = check_password(oldPwd, user_qs[0].password)
|
|
c_p = check_password(oldPwd, user_qs[0].password)
|
|
|
else:
|
|
else:
|
|
|
|
|
+ oldPwd = "%s$%d$%s$%s" % ("pbkdf2_sha256", 260000, old_salt, oldPwd)
|
|
|
c_p = CommonService.check_password(oldPwd, user_qs[0].password)
|
|
c_p = CommonService.check_password(oldPwd, user_qs[0].password)
|
|
|
# 密码是否正确
|
|
# 密码是否正确
|
|
|
if not c_p:
|
|
if not c_p:
|
|
|
return response.json(111)
|
|
return response.json(111)
|
|
|
if password_version == 'V1':
|
|
if password_version == 'V1':
|
|
|
newPwd = make_password(newPwd)
|
|
newPwd = make_password(newPwd)
|
|
|
|
|
+ else:
|
|
|
|
|
+ newPwd = "%s$%d$%s$%s" % ("pbkdf2_sha256", 260000, new_salt, newPwd)
|
|
|
update = user_qs.update(password=newPwd)
|
|
update = user_qs.update(password=newPwd)
|
|
|
if update:
|
|
if update:
|
|
|
return response.json(0)
|
|
return response.json(0)
|
|
@@ -396,6 +403,8 @@ class v3ChangePwdView(TemplateView):
|
|
|
token = request_dict.get('token', None)
|
|
token = request_dict.get('token', None)
|
|
|
oldPwd = request_dict.get('oldPwd', None)
|
|
oldPwd = request_dict.get('oldPwd', None)
|
|
|
newPwd = request_dict.get('newPwd', None)
|
|
newPwd = request_dict.get('newPwd', None)
|
|
|
|
|
+ new_salt = request_dict.get('newSalt', None)
|
|
|
|
|
+ old_salt = request_dict.get('oldSalt', None)
|
|
|
password_version = request_dict.get('pwdVersion', 'V1')
|
|
password_version = request_dict.get('pwdVersion', 'V1')
|
|
|
response = ResponseObject()
|
|
response = ResponseObject()
|
|
|
# 解密
|
|
# 解密
|
|
@@ -437,21 +446,24 @@ class v3ChangePwdView(TemplateView):
|
|
|
response.lang = tko.lang
|
|
response.lang = tko.lang
|
|
|
if tko.code != 0:
|
|
if tko.code != 0:
|
|
|
return response.json(tko.code)
|
|
return response.json(tko.code)
|
|
|
- return self.updatePwd(tko.userID, oldPwd, newPwd, response, password_version)
|
|
|
|
|
|
|
+ return self.updatePwd(tko.userID, oldPwd, newPwd, response, password_version, new_salt, old_salt)
|
|
|
|
|
|
|
|
- def updatePwd(self, userID, oldPwd, newPwd, response, password_version):
|
|
|
|
|
|
|
+ def updatePwd(self, userID, oldPwd, newPwd, response, password_version, new_salt, old_salt):
|
|
|
user_qs = Device_User.objects.filter(userID=userID)
|
|
user_qs = Device_User.objects.filter(userID=userID)
|
|
|
if not user_qs.exists():
|
|
if not user_qs.exists():
|
|
|
return response.json(104)
|
|
return response.json(104)
|
|
|
if password_version == 'V1':
|
|
if password_version == 'V1':
|
|
|
c_p = check_password(oldPwd, user_qs[0].password)
|
|
c_p = check_password(oldPwd, user_qs[0].password)
|
|
|
else:
|
|
else:
|
|
|
|
|
+ oldPwd = "%s$%d$%s$%s" % ("pbkdf2_sha256", 260000, old_salt, oldPwd)
|
|
|
c_p = CommonService.check_password(oldPwd, user_qs[0].password)
|
|
c_p = CommonService.check_password(oldPwd, user_qs[0].password)
|
|
|
# 密码是否正确
|
|
# 密码是否正确
|
|
|
if not c_p:
|
|
if not c_p:
|
|
|
return response.json(111)
|
|
return response.json(111)
|
|
|
if password_version == 'V1':
|
|
if password_version == 'V1':
|
|
|
newPwd = make_password(newPwd)
|
|
newPwd = make_password(newPwd)
|
|
|
|
|
+ else:
|
|
|
|
|
+ newPwd = "%s$%d$%s$%s" % ("pbkdf2_sha256", 260000, new_salt, newPwd)
|
|
|
update = user_qs.update(password=newPwd)
|
|
update = user_qs.update(password=newPwd)
|
|
|
if update:
|
|
if update:
|
|
|
return response.json(0)
|
|
return response.json(0)
|
|
@@ -1021,6 +1033,7 @@ class v2registerView(TemplateView):
|
|
|
lang = request_dict.get('lang', None)
|
|
lang = request_dict.get('lang', None)
|
|
|
unique = request_dict.get('unique', None)
|
|
unique = request_dict.get('unique', None)
|
|
|
number = request_dict.get('number', None)
|
|
number = request_dict.get('number', None)
|
|
|
|
|
+ salt = request_dict.get('salt', None)
|
|
|
password_version = request_dict.get('pwdVersion', 'V1')
|
|
password_version = request_dict.get('pwdVersion', 'V1')
|
|
|
if unique:
|
|
if unique:
|
|
|
delete_local_account(unique)
|
|
delete_local_account(unique)
|
|
@@ -1032,13 +1045,13 @@ class v2registerView(TemplateView):
|
|
|
if authcode is None:
|
|
if authcode is None:
|
|
|
return response.json(444, 'identifyingCode')
|
|
return response.json(444, 'identifyingCode')
|
|
|
if phone is not None:
|
|
if phone is not None:
|
|
|
- return self.do_phone_register(phone, password, authcode, number, response, password_version)
|
|
|
|
|
|
|
+ return self.do_phone_register(phone, password, authcode, number, response, password_version, salt)
|
|
|
elif email is not None:
|
|
elif email is not None:
|
|
|
- return self.do_email_register(email, password, authcode, number, response, password_version)
|
|
|
|
|
|
|
+ return self.do_email_register(email, password, authcode, number, response, password_version, salt)
|
|
|
else:
|
|
else:
|
|
|
return response.json(444, 'phone or email')
|
|
return response.json(444, 'phone or email')
|
|
|
|
|
|
|
|
- def do_phone_register(self, phone, password, authcode, number, response, password_version):
|
|
|
|
|
|
|
+ def do_phone_register(self, phone, password, authcode, number, response, password_version, salt):
|
|
|
data_valid = DataValid()
|
|
data_valid = DataValid()
|
|
|
if data_valid.mobile_validate(phone) is not True:
|
|
if data_valid.mobile_validate(phone) is not True:
|
|
|
return response.json(100)
|
|
return response.json(100)
|
|
@@ -1046,6 +1059,7 @@ class v2registerView(TemplateView):
|
|
|
re_flag = data_valid.password_validate(password)
|
|
re_flag = data_valid.password_validate(password)
|
|
|
password = make_password(password)
|
|
password = make_password(password)
|
|
|
else:
|
|
else:
|
|
|
|
|
+ password = "%s$%d$%s$%s" % ("pbkdf2_sha256", 260000, salt, password)
|
|
|
re_flag = True
|
|
re_flag = True
|
|
|
if re_flag is not True:
|
|
if re_flag is not True:
|
|
|
return response.json(109)
|
|
return response.json(109)
|
|
@@ -1114,7 +1128,7 @@ class v2registerView(TemplateView):
|
|
|
print(res)
|
|
print(res)
|
|
|
return response.json(0, res)
|
|
return response.json(0, res)
|
|
|
|
|
|
|
|
- def do_email_register(self, email, password, authcode, number, response, password_version):
|
|
|
|
|
|
|
+ def do_email_register(self, email, password, authcode, number, response, password_version, salt):
|
|
|
data_valid = DataValid()
|
|
data_valid = DataValid()
|
|
|
if data_valid.email_validate(email) is not True:
|
|
if data_valid.email_validate(email) is not True:
|
|
|
return response.json(105)
|
|
return response.json(105)
|
|
@@ -1122,6 +1136,7 @@ class v2registerView(TemplateView):
|
|
|
re_flag = data_valid.email_validate(email)
|
|
re_flag = data_valid.email_validate(email)
|
|
|
password = make_password(password)
|
|
password = make_password(password)
|
|
|
else:
|
|
else:
|
|
|
|
|
+ password = "%s$%d$%s$%s" % ("pbkdf2_sha256", 260000, salt, password)
|
|
|
re_flag = True
|
|
re_flag = True
|
|
|
if re_flag is not True:
|
|
if re_flag is not True:
|
|
|
return response.json(109)
|
|
return response.json(109)
|
|
@@ -1647,6 +1662,7 @@ class v2resetPwdByCodeView(TemplateView):
|
|
|
phone = request_dict.get('phone', None)
|
|
phone = request_dict.get('phone', None)
|
|
|
email = request_dict.get('email', None)
|
|
email = request_dict.get('email', None)
|
|
|
password = request_dict.get('password', None)
|
|
password = request_dict.get('password', None)
|
|
|
|
|
+ salt = request_dict.get('salt', None)
|
|
|
password_version = request_dict.get('pwdVersion', 'V1')
|
|
password_version = request_dict.get('pwdVersion', 'V1')
|
|
|
authcode = request_dict.get('authcode', None)
|
|
authcode = request_dict.get('authcode', None)
|
|
|
print("1111111111111111111111")
|
|
print("1111111111111111111111")
|
|
@@ -1656,14 +1672,14 @@ class v2resetPwdByCodeView(TemplateView):
|
|
|
password = password.strip()
|
|
password = password.strip()
|
|
|
if phone is not None:
|
|
if phone is not None:
|
|
|
phone = phone.strip()
|
|
phone = phone.strip()
|
|
|
- return self.do_phone_pwd_reset(phone, authcode, password, response, password_version)
|
|
|
|
|
|
|
+ return self.do_phone_pwd_reset(phone, authcode, password, response, password_version, salt)
|
|
|
elif email is not None:
|
|
elif email is not None:
|
|
|
email = email.strip()
|
|
email = email.strip()
|
|
|
- return self.do_email_pwd_reset(email, authcode, password, response, password_version)
|
|
|
|
|
|
|
+ return self.do_email_pwd_reset(email, authcode, password, response, password_version, salt)
|
|
|
else:
|
|
else:
|
|
|
return response.json(444, 'phone')
|
|
return response.json(444, 'phone')
|
|
|
|
|
|
|
|
- def do_email_pwd_reset(self, email, authcode, password, response, password_version):
|
|
|
|
|
|
|
+ def do_email_pwd_reset(self, email, authcode, password, response, password_version, salt):
|
|
|
data_valid = DataValid()
|
|
data_valid = DataValid()
|
|
|
if data_valid.email_validate(email) is not True:
|
|
if data_valid.email_validate(email) is not True:
|
|
|
return response.json(105)
|
|
return response.json(105)
|
|
@@ -1671,6 +1687,7 @@ class v2resetPwdByCodeView(TemplateView):
|
|
|
re_flag = data_valid.password_validate(password)
|
|
re_flag = data_valid.password_validate(password)
|
|
|
password = make_password(password)
|
|
password = make_password(password)
|
|
|
else:
|
|
else:
|
|
|
|
|
+ password = "%s$%d$%s$%s" % ("pbkdf2_sha256", 260000, salt, password)
|
|
|
re_flag = True
|
|
re_flag = True
|
|
|
if re_flag is not True:
|
|
if re_flag is not True:
|
|
|
return response.json(109)
|
|
return response.json(109)
|
|
@@ -1690,7 +1707,7 @@ class v2resetPwdByCodeView(TemplateView):
|
|
|
return response.json(10, '删除缓存失败')
|
|
return response.json(10, '删除缓存失败')
|
|
|
return response.json(0)
|
|
return response.json(0)
|
|
|
|
|
|
|
|
- def do_phone_pwd_reset(self, phone, authcode, password, response, password_version):
|
|
|
|
|
|
|
+ def do_phone_pwd_reset(self, phone, authcode, password, response, password_version, salt):
|
|
|
data_valid = DataValid()
|
|
data_valid = DataValid()
|
|
|
if data_valid.mobile_validate(phone) is not True:
|
|
if data_valid.mobile_validate(phone) is not True:
|
|
|
return response.json(100)
|
|
return response.json(100)
|
|
@@ -1698,6 +1715,7 @@ class v2resetPwdByCodeView(TemplateView):
|
|
|
re_flag = data_valid.password_validate(password)
|
|
re_flag = data_valid.password_validate(password)
|
|
|
password = make_password(password)
|
|
password = make_password(password)
|
|
|
else:
|
|
else:
|
|
|
|
|
+ password = "%s$%d$%s$%s" % ("pbkdf2_sha256", 260000, salt, password)
|
|
|
re_flag = True
|
|
re_flag = True
|
|
|
if re_flag is not True:
|
|
if re_flag is not True:
|
|
|
return response.json(109)
|
|
return response.json(109)
|
|
@@ -1781,6 +1799,7 @@ class v3resetPwdByCodeView(TemplateView):
|
|
|
phone = request_dict.get('phone', None)
|
|
phone = request_dict.get('phone', None)
|
|
|
email = request_dict.get('email', None)
|
|
email = request_dict.get('email', None)
|
|
|
password = request_dict.get('password', None)
|
|
password = request_dict.get('password', None)
|
|
|
|
|
+ salt = request_dict.get('salt', None)
|
|
|
password_version = request_dict.get('pwdVersion', 'V1')
|
|
password_version = request_dict.get('pwdVersion', 'V1')
|
|
|
authcode = request_dict.get('authcode', None)
|
|
authcode = request_dict.get('authcode', None)
|
|
|
if password is None or authcode is None:
|
|
if password is None or authcode is None:
|
|
@@ -1825,14 +1844,14 @@ class v3resetPwdByCodeView(TemplateView):
|
|
|
return response.json(121)
|
|
return response.json(121)
|
|
|
if phone is not None:
|
|
if phone is not None:
|
|
|
phone = phone.strip()
|
|
phone = phone.strip()
|
|
|
- return self.do_phone_pwd_reset(phone, authcode, password, response, password_version)
|
|
|
|
|
|
|
+ return self.do_phone_pwd_reset(phone, authcode, password, response, password_version, salt)
|
|
|
elif email is not None:
|
|
elif email is not None:
|
|
|
email = email.strip()
|
|
email = email.strip()
|
|
|
- return self.do_email_pwd_reset(email, authcode, password, response, password_version)
|
|
|
|
|
|
|
+ return self.do_email_pwd_reset(email, authcode, password, response, password_version, salt)
|
|
|
else:
|
|
else:
|
|
|
return response.json(444, 'phone')
|
|
return response.json(444, 'phone')
|
|
|
|
|
|
|
|
- def do_email_pwd_reset(self, email, authcode, password, response, password_version):
|
|
|
|
|
|
|
+ def do_email_pwd_reset(self, email, authcode, password, response, password_version, salt):
|
|
|
data_valid = DataValid()
|
|
data_valid = DataValid()
|
|
|
if data_valid.email_validate(email) is not True:
|
|
if data_valid.email_validate(email) is not True:
|
|
|
return response.json(105)
|
|
return response.json(105)
|
|
@@ -1840,6 +1859,7 @@ class v3resetPwdByCodeView(TemplateView):
|
|
|
re_flag = data_valid.password_validate(password)
|
|
re_flag = data_valid.password_validate(password)
|
|
|
password = make_password(password)
|
|
password = make_password(password)
|
|
|
else:
|
|
else:
|
|
|
|
|
+ password = "%s$%d$%s$%s" % ("pbkdf2_sha256", 260000, salt, password)
|
|
|
re_flag = True
|
|
re_flag = True
|
|
|
if re_flag is not True:
|
|
if re_flag is not True:
|
|
|
return response.json(109)
|
|
return response.json(109)
|
|
@@ -1859,7 +1879,7 @@ class v3resetPwdByCodeView(TemplateView):
|
|
|
return response.json(10, '删除缓存失败')
|
|
return response.json(10, '删除缓存失败')
|
|
|
return response.json(0)
|
|
return response.json(0)
|
|
|
|
|
|
|
|
- def do_phone_pwd_reset(self, phone, authcode, password, response, password_version):
|
|
|
|
|
|
|
+ def do_phone_pwd_reset(self, phone, authcode, password, response, password_version, salt):
|
|
|
data_valid = DataValid()
|
|
data_valid = DataValid()
|
|
|
if data_valid.mobile_validate(phone) is not True:
|
|
if data_valid.mobile_validate(phone) is not True:
|
|
|
return response.json(100)
|
|
return response.json(100)
|
|
@@ -1867,6 +1887,7 @@ class v3resetPwdByCodeView(TemplateView):
|
|
|
re_flag = data_valid.password_validate(password)
|
|
re_flag = data_valid.password_validate(password)
|
|
|
password = make_password(password)
|
|
password = make_password(password)
|
|
|
else:
|
|
else:
|
|
|
|
|
+ password = "%s$%d$%s$%s" % ("pbkdf2_sha256", 260000, salt, password)
|
|
|
re_flag = True
|
|
re_flag = True
|
|
|
if re_flag is not True:
|
|
if re_flag is not True:
|
|
|
return response.json(109)
|
|
return response.json(109)
|
|
@@ -1947,6 +1968,7 @@ class v2LoginView(TemplateView):
|
|
|
def validates(self, request_dict, response):
|
|
def validates(self, request_dict, response):
|
|
|
username = request_dict.get('userName', None)
|
|
username = request_dict.get('userName', None)
|
|
|
password = request_dict.get('userPwd', None)
|
|
password = request_dict.get('userPwd', None)
|
|
|
|
|
+ salt = request_dict.get('salt', None)
|
|
|
password_version = request_dict.get('pwdVersion', 'V1')
|
|
password_version = request_dict.get('pwdVersion', 'V1')
|
|
|
number = request_dict.get('number', None)
|
|
number = request_dict.get('number', None)
|
|
|
if not username or not password:
|
|
if not username or not password:
|
|
@@ -1955,28 +1977,28 @@ class v2LoginView(TemplateView):
|
|
|
password = password.strip()
|
|
password = password.strip()
|
|
|
data_valid = DataValid()
|
|
data_valid = DataValid()
|
|
|
if data_valid.email_validate(username):
|
|
if data_valid.email_validate(username):
|
|
|
- return self.do_email_login(username, password, number, response, password_version)
|
|
|
|
|
|
|
+ return self.do_email_login(username, password, number, response, password_version, salt)
|
|
|
elif data_valid.mobile_validate(username):
|
|
elif data_valid.mobile_validate(username):
|
|
|
- return self.do_phone_login(username, password, number, response, password_version)
|
|
|
|
|
|
|
+ return self.do_phone_login(username, password, number, response, password_version, salt)
|
|
|
elif data_valid.name_validate(username):
|
|
elif data_valid.name_validate(username):
|
|
|
- return self.do_name_login(username, password, number, response, password_version)
|
|
|
|
|
|
|
+ return self.do_name_login(username, password, number, response, password_version, salt)
|
|
|
else:
|
|
else:
|
|
|
return response.json(107)
|
|
return response.json(107)
|
|
|
|
|
|
|
|
- def do_email_login(self, email, password, number, response, password_version):
|
|
|
|
|
|
|
+ def do_email_login(self, email, password, number, response, password_version, salt):
|
|
|
user_qs = Device_User.objects.filter(Q(username=email) | Q(userEmail=email))
|
|
user_qs = Device_User.objects.filter(Q(username=email) | Q(userEmail=email))
|
|
|
- return self.valid_login(user_qs, password, number, response, password_version)
|
|
|
|
|
|
|
+ return self.valid_login(user_qs, password, number, response, password_version, salt)
|
|
|
|
|
|
|
|
- def do_phone_login(self, phone, password, number, response, password_version):
|
|
|
|
|
|
|
+ def do_phone_login(self, phone, password, number, response, password_version, salt):
|
|
|
user_qs = Device_User.objects.filter(Q(phone=phone) | Q(username=phone), is_active=True, user_isValid=True)
|
|
user_qs = Device_User.objects.filter(Q(phone=phone) | Q(username=phone), is_active=True, user_isValid=True)
|
|
|
- return self.valid_login(user_qs, password, number, response, password_version)
|
|
|
|
|
|
|
+ return self.valid_login(user_qs, password, number, response, password_version, salt)
|
|
|
|
|
|
|
|
- def do_name_login(self, username, password, number, response, password_version):
|
|
|
|
|
|
|
+ def do_name_login(self, username, password, number, response, password_version, salt):
|
|
|
user_qs = Device_User.objects.filter(Q(username=username) | Q(phone=username) | Q(userEmail=username),
|
|
user_qs = Device_User.objects.filter(Q(username=username) | Q(phone=username) | Q(userEmail=username),
|
|
|
is_active=True, user_isValid=True)
|
|
is_active=True, user_isValid=True)
|
|
|
- return self.valid_login(user_qs, password, number, response, password_version)
|
|
|
|
|
|
|
+ return self.valid_login(user_qs, password, number, response, password_version, salt)
|
|
|
|
|
|
|
|
- def valid_login(self, user_qs, password, number, response, password_version):
|
|
|
|
|
|
|
+ def valid_login(self, user_qs, password, number, response, password_version, salt):
|
|
|
if not user_qs.exists():
|
|
if not user_qs.exists():
|
|
|
return response.json(104)
|
|
return response.json(104)
|
|
|
# users = user_qs.values('role__rid', 'role__roleName', 'userID', 'role', 'NickName', 'username', 'userEmail',
|
|
# users = user_qs.values('role__rid', 'role__roleName', 'userID', 'role', 'NickName', 'username', 'userEmail',
|
|
@@ -1986,6 +2008,7 @@ class v2LoginView(TemplateView):
|
|
|
if password_version == 'V1':
|
|
if password_version == 'V1':
|
|
|
check_flag = check_password(password, users['password'])
|
|
check_flag = check_password(password, users['password'])
|
|
|
else:
|
|
else:
|
|
|
|
|
+ password = "%s$%d$%s$%s" % ("pbkdf2_sha256", 260000, salt, password)
|
|
|
check_flag = CommonService.check_password(password, users['password'])
|
|
check_flag = CommonService.check_password(password, users['password'])
|
|
|
if not check_flag:
|
|
if not check_flag:
|
|
|
return response.json(111)
|
|
return response.json(111)
|
|
@@ -2139,6 +2162,7 @@ class v3LoginView(TemplateView):
|
|
|
def validates(self, request_dict, response):
|
|
def validates(self, request_dict, response):
|
|
|
username = request_dict.get('userName', None)
|
|
username = request_dict.get('userName', None)
|
|
|
password = request_dict.get('userPwd', None)
|
|
password = request_dict.get('userPwd', None)
|
|
|
|
|
+ salt = request_dict.get('salt', None)
|
|
|
password_version = request_dict.get('pwdVersion', 'V1')
|
|
password_version = request_dict.get('pwdVersion', 'V1')
|
|
|
subscribe = request_dict.get('subscribe', None)
|
|
subscribe = request_dict.get('subscribe', None)
|
|
|
number = request_dict.get('number', None)
|
|
number = request_dict.get('number', None)
|
|
@@ -2175,28 +2199,28 @@ class v3LoginView(TemplateView):
|
|
|
else:
|
|
else:
|
|
|
data_valid = DataValid()
|
|
data_valid = DataValid()
|
|
|
if data_valid.email_validate(username):
|
|
if data_valid.email_validate(username):
|
|
|
- return self.do_email_login(username, password, response, subscribe, number, request_dict)
|
|
|
|
|
|
|
+ return self.do_email_login(username, password, response, subscribe, number, request_dict, salt)
|
|
|
elif data_valid.mobile_validate(username):
|
|
elif data_valid.mobile_validate(username):
|
|
|
- return self.do_phone_login(username, password, response, subscribe, number, request_dict)
|
|
|
|
|
|
|
+ return self.do_phone_login(username, password, response, subscribe, number, request_dict, salt)
|
|
|
elif data_valid.name_validate(username):
|
|
elif data_valid.name_validate(username):
|
|
|
- return self.do_name_login(username, password, response, subscribe, number, request_dict)
|
|
|
|
|
|
|
+ return self.do_name_login(username, password, response, subscribe, number, request_dict, salt)
|
|
|
else:
|
|
else:
|
|
|
return response.json(107)
|
|
return response.json(107)
|
|
|
|
|
|
|
|
- def do_email_login(self, email, password, response, subscribe, number, request_dict):
|
|
|
|
|
|
|
+ def do_email_login(self, email, password, response, subscribe, number, request_dict, salt):
|
|
|
user_qs = Device_User.objects.filter(Q(username=email) | Q(userEmail=email))
|
|
user_qs = Device_User.objects.filter(Q(username=email) | Q(userEmail=email))
|
|
|
- return self.valid_login(user_qs, password, response, subscribe, number, request_dict)
|
|
|
|
|
|
|
+ return self.valid_login(user_qs, password, response, subscribe, number, request_dict, salt)
|
|
|
|
|
|
|
|
- def do_phone_login(self, phone, password, response, subscribe, number, request_dict):
|
|
|
|
|
|
|
+ def do_phone_login(self, phone, password, response, subscribe, number, request_dict, salt):
|
|
|
user_qs = Device_User.objects.filter(Q(phone=phone) | Q(username=phone), is_active=True, user_isValid=True)
|
|
user_qs = Device_User.objects.filter(Q(phone=phone) | Q(username=phone), is_active=True, user_isValid=True)
|
|
|
- return self.valid_login(user_qs, password, response, subscribe, number, request_dict)
|
|
|
|
|
|
|
+ return self.valid_login(user_qs, password, response, subscribe, number, request_dict, salt)
|
|
|
|
|
|
|
|
- def do_name_login(self, username, password, response, subscribe, number, request_dict):
|
|
|
|
|
|
|
+ def do_name_login(self, username, password, response, subscribe, number, request_dict, salt):
|
|
|
user_qs = Device_User.objects.filter(Q(username=username) | Q(phone=username) | Q(userEmail=username),
|
|
user_qs = Device_User.objects.filter(Q(username=username) | Q(phone=username) | Q(userEmail=username),
|
|
|
is_active=True, user_isValid=True)
|
|
is_active=True, user_isValid=True)
|
|
|
- return self.valid_login(user_qs, password, response, subscribe, number, request_dict)
|
|
|
|
|
|
|
+ return self.valid_login(user_qs, password, response, subscribe, number, request_dict, salt)
|
|
|
|
|
|
|
|
- def valid_login(self, user_qs, password, response, subscribe, number, request_dict):
|
|
|
|
|
|
|
+ def valid_login(self, user_qs, password, response, subscribe, number, request_dict, salt):
|
|
|
password_version = request_dict.get('pwdVersion', 'V1')
|
|
password_version = request_dict.get('pwdVersion', 'V1')
|
|
|
if not user_qs.exists():
|
|
if not user_qs.exists():
|
|
|
return response.json(104)
|
|
return response.json(104)
|
|
@@ -2209,6 +2233,7 @@ class v3LoginView(TemplateView):
|
|
|
if password_version == 'V1':
|
|
if password_version == 'V1':
|
|
|
check_flag = check_password(password, users['password'])
|
|
check_flag = check_password(password, users['password'])
|
|
|
else:
|
|
else:
|
|
|
|
|
+ password = "%s$%d$%s$%s" % ("pbkdf2_sha256", 260000, salt, password)
|
|
|
check_flag = CommonService.check_password(password, users['password'])
|
|
check_flag = CommonService.check_password(password, users['password'])
|
|
|
if not check_flag:
|
|
if not check_flag:
|
|
|
return response.json(111)
|
|
return response.json(111)
|
|
@@ -3113,10 +3138,10 @@ class OauthPerfectView(TemplateView):
|
|
|
phone = request_dict.get('phone', None)
|
|
phone = request_dict.get('phone', None)
|
|
|
email = request_dict.get('email', None)
|
|
email = request_dict.get('email', None)
|
|
|
password = request_dict.get('password', None)
|
|
password = request_dict.get('password', None)
|
|
|
|
|
+ salt = request_dict.get('salt', None)
|
|
|
password_version = request_dict.get('pwdVersion', 'V1')
|
|
password_version = request_dict.get('pwdVersion', 'V1')
|
|
|
authcode = request_dict.get('authcode', None)
|
|
authcode = request_dict.get('authcode', None)
|
|
|
token = request_dict.get('token', None)
|
|
token = request_dict.get('token', None)
|
|
|
- token = request_dict.get('token')
|
|
|
|
|
tko = TokenObject(token)
|
|
tko = TokenObject(token)
|
|
|
if password is None or authcode is None:
|
|
if password is None or authcode is None:
|
|
|
return response.json(444, 'password,authcode')
|
|
return response.json(444, 'password,authcode')
|
|
@@ -3129,14 +3154,14 @@ class OauthPerfectView(TemplateView):
|
|
|
return response.json(444, 'password,authcode')
|
|
return response.json(444, 'password,authcode')
|
|
|
if phone is not None:
|
|
if phone is not None:
|
|
|
phone = phone.strip()
|
|
phone = phone.strip()
|
|
|
- return self.do_phone(tko, phone, authcode, password, response, password_version)
|
|
|
|
|
|
|
+ return self.do_phone(tko, phone, authcode, password, response, password_version, salt)
|
|
|
elif email is not None:
|
|
elif email is not None:
|
|
|
email = email.strip()
|
|
email = email.strip()
|
|
|
- return self.do_email(tko, email, authcode, password, response, password_version)
|
|
|
|
|
|
|
+ return self.do_email(tko, email, authcode, password, response, password_version, salt)
|
|
|
else:
|
|
else:
|
|
|
return response.json(444, 'phone')
|
|
return response.json(444, 'phone')
|
|
|
|
|
|
|
|
- def do_email(self, tko, email, authcode, password, response, password_version):
|
|
|
|
|
|
|
+ def do_email(self, tko, email, authcode, password, response, password_version, salt):
|
|
|
data_valid = DataValid()
|
|
data_valid = DataValid()
|
|
|
if data_valid.email_validate(email) is not True:
|
|
if data_valid.email_validate(email) is not True:
|
|
|
return response.json(105)
|
|
return response.json(105)
|
|
@@ -3144,6 +3169,7 @@ class OauthPerfectView(TemplateView):
|
|
|
re_flag = data_valid.password_validate(password)
|
|
re_flag = data_valid.password_validate(password)
|
|
|
password = make_password(password)
|
|
password = make_password(password)
|
|
|
else:
|
|
else:
|
|
|
|
|
+ password = "%s$%d$%s$%s" % ("pbkdf2_sha256", 260000, salt, password)
|
|
|
re_flag = True
|
|
re_flag = True
|
|
|
if re_flag is not True:
|
|
if re_flag is not True:
|
|
|
return response.json(109)
|
|
return response.json(109)
|
|
@@ -3167,7 +3193,7 @@ class OauthPerfectView(TemplateView):
|
|
|
return response.json(10, '删除缓存失败')
|
|
return response.json(10, '删除缓存失败')
|
|
|
return response.json(0)
|
|
return response.json(0)
|
|
|
|
|
|
|
|
- def do_phone(self, tko, phone, authcode, password, response, password_version):
|
|
|
|
|
|
|
+ def do_phone(self, tko, phone, authcode, password, response, password_version, salt):
|
|
|
data_valid = DataValid()
|
|
data_valid = DataValid()
|
|
|
if data_valid.mobile_validate(phone) is not True:
|
|
if data_valid.mobile_validate(phone) is not True:
|
|
|
return response.json(100)
|
|
return response.json(100)
|
|
@@ -3175,6 +3201,7 @@ class OauthPerfectView(TemplateView):
|
|
|
re_flag = data_valid.password_validate(password)
|
|
re_flag = data_valid.password_validate(password)
|
|
|
password = make_password(password)
|
|
password = make_password(password)
|
|
|
else:
|
|
else:
|
|
|
|
|
+ password = "%s$%d$%s$%s" % ("pbkdf2_sha256", 260000, salt, password)
|
|
|
re_flag = True
|
|
re_flag = True
|
|
|
if re_flag is not True:
|
|
if re_flag is not True:
|
|
|
return response.json(109)
|
|
return response.json(109)
|
|
@@ -3260,6 +3287,7 @@ class alexaAuthView(TemplateView):
|
|
|
def validates(self, request_dict, response):
|
|
def validates(self, request_dict, response):
|
|
|
username = request_dict.get('userName', None)
|
|
username = request_dict.get('userName', None)
|
|
|
password = request_dict.get('userPwd', None)
|
|
password = request_dict.get('userPwd', None)
|
|
|
|
|
+ salt = request_dict.get('salt', None)
|
|
|
password_version = request_dict.get('pwdVersion', 'V1')
|
|
password_version = request_dict.get('pwdVersion', 'V1')
|
|
|
if not username or not password:
|
|
if not username or not password:
|
|
|
return response.json(111)
|
|
return response.json(111)
|
|
@@ -3267,34 +3295,35 @@ class alexaAuthView(TemplateView):
|
|
|
password = password.strip()
|
|
password = password.strip()
|
|
|
data_valid = DataValid()
|
|
data_valid = DataValid()
|
|
|
if data_valid.email_validate(username):
|
|
if data_valid.email_validate(username):
|
|
|
- return self.do_email_login(username, password, response, password_version)
|
|
|
|
|
|
|
+ return self.do_email_login(username, password, response, password_version, salt)
|
|
|
elif data_valid.mobile_validate(username):
|
|
elif data_valid.mobile_validate(username):
|
|
|
- return self.do_phone_login(username, password, response, password_version)
|
|
|
|
|
|
|
+ return self.do_phone_login(username, password, response, password_version, salt)
|
|
|
elif data_valid.name_validate(username):
|
|
elif data_valid.name_validate(username):
|
|
|
- return self.do_name_login(username, password, response, password_version)
|
|
|
|
|
|
|
+ return self.do_name_login(username, password, response, password_version, salt)
|
|
|
else:
|
|
else:
|
|
|
return response.json(107)
|
|
return response.json(107)
|
|
|
|
|
|
|
|
- def do_email_login(self, email, password, response, password_version):
|
|
|
|
|
|
|
+ def do_email_login(self, email, password, response, password_version, salt):
|
|
|
user_qs = Device_User.objects.filter(Q(username=email) | Q(userEmail=email))
|
|
user_qs = Device_User.objects.filter(Q(username=email) | Q(userEmail=email))
|
|
|
- return self.valid_login(user_qs, password, response, password_version)
|
|
|
|
|
|
|
+ return self.valid_login(user_qs, password, response, password_version, salt)
|
|
|
|
|
|
|
|
- def do_phone_login(self, phone, password, response, password_version):
|
|
|
|
|
|
|
+ def do_phone_login(self, phone, password, response, password_version, salt):
|
|
|
user_qs = Device_User.objects.filter(Q(phone=phone) | Q(username=phone), is_active=True, user_isValid=True)
|
|
user_qs = Device_User.objects.filter(Q(phone=phone) | Q(username=phone), is_active=True, user_isValid=True)
|
|
|
- return self.valid_login(user_qs, password, response, password_version)
|
|
|
|
|
|
|
+ return self.valid_login(user_qs, password, response, password_version, salt)
|
|
|
|
|
|
|
|
- def do_name_login(self, username, password, response, password_version):
|
|
|
|
|
|
|
+ def do_name_login(self, username, password, response, password_version, salt):
|
|
|
user_qs = Device_User.objects.filter(Q(username=username) | Q(phone=username) | Q(userEmail=username),
|
|
user_qs = Device_User.objects.filter(Q(username=username) | Q(phone=username) | Q(userEmail=username),
|
|
|
is_active=True, user_isValid=True)
|
|
is_active=True, user_isValid=True)
|
|
|
- return self.valid_login(user_qs, password, response, password_version)
|
|
|
|
|
|
|
+ return self.valid_login(user_qs, password, response, password_version, salt)
|
|
|
|
|
|
|
|
- def valid_login(self, user_qs, password, response, password_version):
|
|
|
|
|
|
|
+ def valid_login(self, user_qs, password, response, password_version, salt):
|
|
|
if not user_qs.exists():
|
|
if not user_qs.exists():
|
|
|
return response.json(104)
|
|
return response.json(104)
|
|
|
users = user_qs.values('userID', 'password', 'region_country')[0]
|
|
users = user_qs.values('userID', 'password', 'region_country')[0]
|
|
|
if password_version == 'V1':
|
|
if password_version == 'V1':
|
|
|
check_flag = check_password(password, users['password'])
|
|
check_flag = check_password(password, users['password'])
|
|
|
else:
|
|
else:
|
|
|
|
|
+ password = "%s$%d$%s$%s" % ("pbkdf2_sha256", 260000, salt, password)
|
|
|
check_flag = CommonService.check_password(password, users['password'])
|
|
check_flag = CommonService.check_password(password, users['password'])
|
|
|
if not check_flag:
|
|
if not check_flag:
|
|
|
return response.json(111)
|
|
return response.json(111)
|
|
@@ -3625,6 +3654,7 @@ class Image_Code_RegisterView(TemplateView):
|
|
|
"""
|
|
"""
|
|
|
userEmail = request_dict.get('userEmail', None)
|
|
userEmail = request_dict.get('userEmail', None)
|
|
|
password = request_dict.get('userPwd', None)
|
|
password = request_dict.get('userPwd', None)
|
|
|
|
|
+ salt = request_dict.get('salt', None)
|
|
|
password_version = request_dict.get('pwdVersion', 'V1')
|
|
password_version = request_dict.get('pwdVersion', 'V1')
|
|
|
imageCodeId = request_dict.get('imageCodeId', None)
|
|
imageCodeId = request_dict.get('imageCodeId', None)
|
|
|
valid_code = request_dict.get('id_v_code', None)
|
|
valid_code = request_dict.get('id_v_code', None)
|
|
@@ -3657,6 +3687,8 @@ class Image_Code_RegisterView(TemplateView):
|
|
|
password = password.decode('utf-8')
|
|
password = password.decode('utf-8')
|
|
|
password = password[3:-3]
|
|
password = password[3:-3]
|
|
|
password = make_password(password)
|
|
password = make_password(password)
|
|
|
|
|
+ else:
|
|
|
|
|
+ password = "%s$%d$%s$%s" % ("pbkdf2_sha256", 260000, salt, password)
|
|
|
except Exception as e:
|
|
except Exception as e:
|
|
|
print(repr(e))
|
|
print(repr(e))
|
|
|
return response.json(111)
|
|
return response.json(111)
|
|
@@ -4445,6 +4477,7 @@ def deleteAccount(request):
|
|
|
lang = request.POST.get('lang', None)
|
|
lang = request.POST.get('lang', None)
|
|
|
token = request.POST.get('token', None)
|
|
token = request.POST.get('token', None)
|
|
|
password = request.POST.get('userPwd', None)
|
|
password = request.POST.get('userPwd', None)
|
|
|
|
|
+ salt = request.POST.get('salt', None)
|
|
|
password_version = request.POST.get('pwdVersion', 'V1')
|
|
password_version = request.POST.get('pwdVersion', 'V1')
|
|
|
response = ResponseObject(lang=lang) if lang else ResponseObject()
|
|
response = ResponseObject(lang=lang) if lang else ResponseObject()
|
|
|
request.encoding = 'utf-8'
|
|
request.encoding = 'utf-8'
|
|
@@ -4491,6 +4524,7 @@ def deleteAccount(request):
|
|
|
if password_version == 'V1':
|
|
if password_version == 'V1':
|
|
|
check_flag = check_password(password, userPWD['password'])
|
|
check_flag = check_password(password, userPWD['password'])
|
|
|
else:
|
|
else:
|
|
|
|
|
+ password = "%s$%d$%s$%s" % ("pbkdf2_sha256", 260000, salt, password)
|
|
|
check_flag = CommonService.check_password(password, userPWD['password'])
|
|
check_flag = CommonService.check_password(password, userPWD['password'])
|
|
|
if not check_flag:
|
|
if not check_flag:
|
|
|
return response.json(111)
|
|
return response.json(111)
|
