获取盐接口和密码校验方法

Ansjer/urls.py

@@ -144,6 +144,7 @@ urlpatterns = [
     re_path(r'^appVer/views$', AppInfo.AppVersionView.as_view()),
     re_path(r'^user/initInfo$', UserController.InitInfoView.as_view()),
     re_path(r'^user/information/(?P<operation>.*)$', UserController.InitUserInformationView.as_view()),
+    re_path(r'^user/getSalt$', UserController.getPasswordSalt),
     re_path(r'^getTZ$', EquipmentStatus.getTZ),
     re_path(r'^stsOss/(?P<operation>.*)$', StsOssController.StsOssView.as_view()),
     re_path(r'^feedback/(?P<operation>.*)$', FeedBack.FeedBackView.as_view()),

Controller/UserController.py

@@ -4475,3 +4475,31 @@ class DeleteUser(View):
             return response.json(0)
         except Exception as e:
             return response.json(500, 'error_line:{}, error_msg:{}'.format(e.__traceback__.tb_lineno, repr(e)))
+
+
+def getPasswordSalt(request):
+    if request.method == 'GET':
+        request_dict = request.GET
+    else:
+        request_dict = request.POST
+    lang = request_dict.get('lang', 'en')
+    username = request_dict.get('userName', None)
+    response = ResponseObject(lang=lang)
+    request.encoding = 'utf-8'
+
+    if not username:
+        return response.json(444, 'userName')
+    username = username.strip()
+    data_valid = DataValid()
+    if data_valid.email_validate(username):
+        user_qs = Device_User.objects.filter(Q(username=username) | Q(userEmail=username)).values('password')
+    elif data_valid.mobile_validate(username):
+        user_qs = Device_User.objects.filter(Q(phone=username) | Q(username=username), is_active=True,
+                                             user_isValid=True).values('password')
+    elif data_valid.name_validate(username):
+        user_qs = Device_User.objects.filter(Q(username=username) | Q(phone=username) | Q(userEmail=username),
+                                             is_active=True, user_isValid=True).values('password')
+    if not user_qs.exists():
+        return response.json(104)
+    salt = user_qs[0]['password'].split('$')[2]
+    return response.json(0, {'salt': salt})

Service/CommonService.py

@@ -12,6 +12,7 @@ import simplejson as json
 from dateutil.relativedelta import relativedelta
 from django.core import serializers
 from django.utils import timezone
+from django.utils.crypto import constant_time_compare
 from pyipip import IPIPDatabase
 
 from Ansjer.config import BASE_DIR, SERVER_DOMAIN_SSL, CONFIG_INFO, CONFIG_TEST, CONFIG_CN, SERVER_DOMAIN_TEST, \
@@ -656,7 +657,7 @@ GCqvlyw5dfxNA+EtxNE2wCW/LW7ENJlACgcfgPlBZtpLheWoZB/maw4=
 
         time_list = []
         while True:
-            mid_time = datetime.datetime(start_time.year, start_time.month, start_time.day)+relativedelta(days=1)
+            mid_time = datetime.datetime(start_time.year, start_time.month, start_time.day) + relativedelta(days=1)
             if mid_time < end_time:
                 time_tuple = (CommonService.str_to_timestamp(start_time.strftime('%Y-%m-%d %H:%M:%S')),
                               CommonService.str_to_timestamp(mid_time.strftime('%Y-%m-%d %H:%M:%S')))
@@ -731,7 +732,6 @@ GCqvlyw5dfxNA+EtxNE2wCW/LW7ENJlACgcfgPlBZtpLheWoZB/maw4=
             content = content + '(' + '云盘' + ')'
             return content
 
-
     @staticmethod
     def is_cloud_device(ucode, device_type):
         """
@@ -759,4 +759,12 @@ GCqvlyw5dfxNA+EtxNE2wCW/LW7ENJlACgcfgPlBZtpLheWoZB/maw4=
         if any(i < 0 for i in number_list):
             return False
         else:
-            return True
+            return True
+
+    @staticmethod
+    def check_password(password1, password2):
+        """
+        比较密码
+        @param 返回True or False
+        """
+        return constant_time_compare(password1, password2)