wnserver/obj/apps/users/views.py

# # Create your views here.
# import json
# import base64
#
# import re
# from django import http
# from django.shortcuts import render,redirect
#
# # Create your views here.
# from django.views import View
# from django.conf import settings
# from django.db import connection, transaction
# import datetime
# from django.contrib.auth import authenticate, login,logout
#
# from utils.sqlinjection import sqlinjections
# from utils.cust_data import customer_data
# from utils.et_CACC_NO import et_CACC_NO
# from utils.examine_ood import examine_ood
# from utils.if_account import if_account
#
# from utils.usr_data import usr_data
# from utils.monthly_odd import monthly_odd
# from utils.executeQuery import executeQuery
#
# # 用户注册
# from users.models import Customer
#
# # 用户注册
# class RegisterView(View):
#     def get(self,request):
#         return render(request,'register.html')
#     def post(self,request):
#         #1,获取参数
#         user_name = request.POST.get("user_name")
#         pwd = request.POST.get("pwd")
#         #2,校验参数
#         #2,1 为空校验
#         if not all([user_name,pwd]):
#             return http.HttpResponseForbidden("参数不全")
#
#         #3,创建用户对象,保存到数据库中
#         user = Customer.objects.create(username=user_name,password=pwd)
#
#         #4,返回响应
#         response = redirect("http://www.taobao.com")
#         return response
# # 用户登录处理 初始化密码后台设置为：MTEx  表示密码是：111
# class Login(View):
#     def get(self, request):
#         return render(request, 'login.html')
#     def post(self, request):
#         sqlinjection = sqlinjections().ifsql(request.POST)
#         if sqlinjection:
#             return http.HttpResponseForbidden("参数非法")
#         user_1 = request.POST.get("user_name").split('->')[0]
#         # print(request.POST)
#         pswd = request.POST.get("pwd").lower()
#         # 校验参数
#         if not all([user_1,pswd]):
#             return http.HttpResponseForbidden("请输入账号密码")
#         # 判断用户密码正确性
#         try:
#             user = Customer.objects.get(user_no=user_1)
#         except Exception:
#             return http.HttpResponseForbidden("存在重复的账号，请联系管理员")
#         # 对数据库密码进行解码
#         try:
#             sql_password = bytes(base64.b64decode(user.password.encode(encoding='utf-8'))).decode()
#         except Exception:
#             return http.HttpResponseForbidden("密码被后台操作过请联系管理员")
#         print(sql_password)
#         # 校验密码是否正确
#         if user.user_no !=user_1 or sql_password!=pswd:
#             return http.HttpResponseForbidden("账号或者密码错误")
#         # 3,状态保持
#         # login(request, user)
#         # 3,1设置状态保持的时间
#         # if request.session.get('username'):
#         request.session['username'] = user_1
#         request.session.set_expiry(3600 * 24 * 2)  # 两天有效
#         response = redirect('/index')
#         response.set_cookie("username", user.username, 3600 * 24 * 2)
#         return response
#     def put(self,request):
#         req_data = json.loads(request.body.decode())["params"]
#         user_2 = req_data.get("user_2").split('->')[0]
#         print(user_2)
#         pswd_old = req_data.get("pswd_old").lower()
#         pswd_new = req_data.get("pswd_new").lower()
#         print(req_data)
#         try:
#             user = Customer.objects.get(user_no=user_2)
#         except Exception:
#             return http.HttpResponseForbidden("存在重复的账号，请联系管理员")
#         # 对数据库密码进行解码
#         try:
#             sql_password = bytes(base64.b64decode(user.password.encode(encoding='utf-8'))).decode()
#         except Exception:
#             return http.HttpResponseForbidden("密码被后台操作过请联系管理员")
#         # 判断输入的密码是否正确
#         if user.user_no !=user_2 or sql_password!=pswd_old:
#             return http.HttpResponseForbidden("旧密码与账号不匹配")
#         pswd_new = bytes(base64.b64encode(pswd_new.encode())).decode()
#         user.password = pswd_new
#         user.save()
#         context = {
#             "message":"修改成功",
#             "code":200
#         }
#         return http.JsonResponse(context)
#     def delete(self, request):
#         del request.session['username']
#         response = redirect('/login/')
#         response.delete_cookie("username")
#         return response
import json
import re

from django import http
from django.views import View
from rest_framework import status
from rest_framework.response import Response
from rest_framework.views import APIView
from rest_framework_jwt.views import obtain_jwt_token, RefreshJSONWebToken
from rest_framework_jwt.settings import api_settings
from rest_framework_jwt.views import ObtainJSONWebToken

from .models import User

jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER
jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER
jwt_decode_handler = api_settings.JWT_DECODE_HANDLER
from rest_framework_jwt.views import ObtainJSONWebToken
from rest_framework.authentication import SessionAuthentication,BasicAuthentication
from rest_framework.permissions import IsAuthenticated,AllowAny
from rest_framework_jwt.authentication import JSONWebTokenAuthentication

from utils.executeQuery import executeQuery,IseUpDelQuery
from utils.ClssSql import ClassSqls
#用户登录
class LoginView(ObtainJSONWebToken):
    def post(self, request, *args, **kwargs):
        usr = request.data.get('usr')
        pwd = request.data.get('pwd')
        user_query = User.objects.filter(username=usr)
        user_obj = user_query.first()
        if user_obj and user_obj.check_password(pwd):
            payload = jwt_payload_handler(user_obj)
            token = jwt_encode_handler(payload)
            data = {"data":[{"token":token,"username":user_obj.username,"is_superuser":user_obj.is_superuser}]}
            return Response(data,status=status.HTTP_200_OK)
            # return APIResponse(results={'username': user_obj.username}, token=token)
        return Response({"msg":"账号或密码错误"},status=status.HTTP_304_NOT_MODIFIED)

# 查看用户用户信息操作
class LoginInformation(APIView):
    # 1,设置局部认证
    authentication_classes = (JSONWebTokenAuthentication, SessionAuthentication,)
    # authentication_classes = [SessionAuthentication, BasicAuthentication]
    # 2,设置局部权限
    permission_classes = (IsAuthenticated,)

    # permission_classes = (AllowAny,) #任何用户都能访问
    def get(self, request):
        sql = ClassSqls.CommonUsers
        result = executeQuery(sql)
        data = {
            "result": result,
            "errmsg": "获取用户信息成功",
        }
        return Response(data,status=status.HTTP_200_OK)
    def post(self,request):
        sql = ClassSqls.InsetUser
        IseUpDelQuery(sql)
        data = {
            "msg": "批量导入成功",
        }
        return http.JsonResponse(data, status=status.HTTP_200_OK)
    def put(self,request):
        loginusername = request.user.username
        is_superuser = request.user.is_superuser
        req_data = request.data
        username =req_data["username"]
        password =req_data["password"]
        print(req_data)
        if is_superuser:
            user = User.objects.get(username=username)
            user.set_password(password)
            user.save()
        else:
            user = User.objects.get(username=loginusername)
            user.set_password(password)
            user.save()
        # a = User.objects.filter(username=username)
        # request.user.set_password(pwd)
        # try:
        #     User.objects.filter(username=username).update(pssword=pwd)
        # except Exception:
        #     return http.HttpResponseForbidden("密码修改失败")
        data = {
            "msg": "密码修改成功",
        }
        return http.JsonResponse(data,status=status.HTTP_200_OK)