HWJ 何伟俊 / DMapManager · 提交

提交 3311dd3f9b6f015ff6f206dc134e7922ff0d0317

作者 qianyingz
1 个父辈 e49c1cc3

add feature#对接三方登录注销,记录登录、注销操作

内嵌 并排对比
正在显示 9 个修改的文件 包含 340 行增加94 行删除
  1 +from datetime import datetime
1 2 from logging import error
2 3 from flasgger import swag_from
3 4 from app.util import BlueprintApi
... ... @@ -6,7 +7,7 @@ from .models import *
6 7 from .oauth2 import authorization, generate_user_info, require_oauth
7 8 from authlib.oauth2 import OAuth2Error
8 9 from authlib.integrations.flask_oauth2 import current_token
9   -from . import user_create, client_create, client_query, user_query, user_update, user_delete
  10 +from . import user_create, client_create, client_query, user_query, user_update, user_delete, auth_log_query
10 11 import configure
11 12 from app.decorators.auth_decorator import auth_decorator
12 13 import time
... ... @@ -15,7 +16,8 @@ from app.util.component.StructurePrint import StructurePrint
15 16 import traceback
16 17 from oauthlib import oauth2
17 18 import requests
18   -from app.modules.auth.models import OAuth2Token, User, db
  19 +from app.modules.auth.models import OAuth2Token, User, db, OAuthLog
  20 +from app.util.enum.AuthEnum import AuthEnum, OriginEnum, OperateEnum
19 21
20 22
21 23 def current_user():
... ... @@ -45,7 +47,7 @@ class DataManager(BlueprintApi):
45 47 request2 = authorization.create_oauth2_request(request)
46 48 grant2 = authorization.get_authorization_grant(request=request2)
47 49 redirect_uri = grant2.validate_authorization_request()
48   - session["redirect_uri"] = redirect_uri
  50 + session["redirect_uri"] = redirect_uri # 记录跳转重定向地址
49 51 if request.method == "GET":
50 52 # 没有登录,跳转到登录界面
51 53 try:
... ... @@ -71,8 +73,11 @@ class DataManager(BlueprintApi):
71 73 crypt_pwd = request.form.get("password")
72 74 # password = SM3.encode(crypt_pwd)
73 75 password = SM3.encode(AESHelper.decode(crypt_pwd))
  76 +
  77 + # 仅支持dmap平台保留用户登录
  78 + origin_type = OriginEnum.Dmap.name.lower()
74 79 user = User.query.filter_by(
75   - username=username, password=password).first()
  80 + username=username, password=password, origin=origin_type).first()
76 81 if not user:
77 82 error = "账号或密码不正确"
78 83 flash(error)
... ... @@ -83,6 +88,15 @@ class DataManager(BlueprintApi):
83 88 if user:
84 89 session["id"] = user.id
85 90 grant_user = user
  91 +
  92 + # 日志
  93 + log = OAuthLog(user_id=user.id, username=user.username,
  94 + auth_type=AuthEnum.Other.name.lower(),
  95 + message="认证成功", create_time=datetime.now(),
  96 + operate_type=OperateEnum.Login)
  97 + db.session.add(log)
  98 + db.session.commit()
  99 +
86 100 return authorization.create_authorization_response(request=request, grant_user=grant_user)
87 101
88 102 # try:
... ... @@ -116,14 +130,25 @@ class DataManager(BlueprintApi):
116 130 def logout():
117 131 try:
118 132 request2 = authorization.create_oauth2_request(request)
119   - grant1 = authorization.get_authorization_grant(request=request2)
  133 + grant1 = authorization.get_authorization_grant(
  134 + request=request2)
120 135 redirect_uri = grant1.validate_authorization_request()
121 136 access_token = request.args.get("accesstoken")
122 137 accesstoken = OAuth2Token.query.filter_by(
123 138 access_token=access_token).first()
124 139 accesstoken.revoked = True
125 140 db.session.commit()
  141 + user = current_user()
126 142 remove_user()
  143 +
  144 + # 日志
  145 + log = OAuthLog(user_id=user.id, username=user.username,
  146 + auth_type=AuthEnum.Other.name.lower(),
  147 + message="注销成功", create_time=datetime.now(),
  148 + operate_type=OperateEnum.Logout, token=access_token)
  149 + db.session.add(log)
  150 + db.session.commit()
  151 +
127 152 except OAuth2Error as error:
128 153 return jsonify(dict(error.get_body()))
129 154 return redirect(redirect_uri)
... ... @@ -207,15 +232,15 @@ class DataManager(BlueprintApi):
207 232 except Exception as e:
208 233 StructurePrint().print(e.__str__()+":" + traceback.format_exc(), "error")
209 234
210   - @staticmethod
211   - @bp.route("/translate", methods=["GET"])
212   - def translate():
213   - password = ['esri@123', 'admin', 'DMap@123', 'passwd']
214   - result = {}
215   - for p in password:
216   - new_pwd = SM3.encode(p)
217   - result[p] = new_pwd
218   - return result
  235 + # @staticmethod
  236 + # @bp.route("/translate", methods=["GET"])
  237 + # def translate():
  238 + # password = ['esri@123', 'admin', 'DMap@123', 'passwd','dci112..']
  239 + # result = {}
  240 + # for p in password:
  241 + # new_pwd = SM3.encode(p)
  242 + # result[p] = new_pwd
  243 + # return result
219 244
220 245 '''
221 246 三方登录:OA
... ... @@ -237,78 +262,109 @@ class DataManager(BlueprintApi):
237 262 @staticmethod
238 263 @bp.route("/oa/callback", methods=["GET"])
239 264 def oa_callback():
  265 + try:
  266 + client = oauth2.WebApplicationClient(
  267 + configure.OA["client_id"])
  268 +
  269 + # 获取code
  270 + code = client.parse_request_uri_response(
  271 + request.url, session["oauth_state"]).get("code")
  272 +
  273 + if code == None:
  274 + return "登录失败"
  275 +
  276 + # 获取token
  277 + body = client.prepare_request_body(
  278 + code, redirect_uri=configure.OA["redirect_uri"], client_secret=configure.OA["client_secret"])
  279 +
  280 + r = requests.post(configure.OA["token_endpoint"], body, headers={
  281 + "Content-Type": "application/x-www-form-urlencoded"})
  282 +
  283 + tokeninfo = r.json()
  284 + access_token = tokeninfo.get("access_token")
  285 + id_token = tokeninfo.get("id_token")
  286 +
  287 + auth_default_redirect_uri = configure.auth_default_redirect_uri
  288 + origin_type = "dci_oa" # 三方登录标识
  289 + if access_token:
  290 + # 获取用户信息
  291 + userinfo_url = configure.OA["userinfo_endpoint"]
  292 + user_request = requests.get(userinfo_url, headers={
  293 + "Authorization": "Bearer %s" % access_token})
  294 + userinfo = user_request.json()
  295 + user_name = userinfo.get("user_name")
  296 + display_name = userinfo.get("displayname")
  297 + display_name = display_name.split(
  298 + )[-1] if display_name != None else user_name
  299 +
  300 + # 默认关联dmap用户
  301 + try:
  302 + user = User.query.filter_by(
  303 + username=user_name, origin=origin_type).first()
  304 + except error as e:
  305 + user = None
  306 +
  307 + # 用户不存在,创建用户
240 308
241   - client = oauth2.WebApplicationClient(
242   - configure.OA["client_id"])
243   -
244   - # 获取code
245   - code = client.parse_request_uri_response(
246   - request.url, session["oauth_state"]).get("code")
247   -
248   - if code == None:
249   - return "登录失败"
250   -
251   - # 获取token
252   - body = client.prepare_request_body(
253   - code, redirect_uri=configure.OA["redirect_uri"], client_secret=configure.OA["client_secret"])
254   -
255   - r = requests.post(configure.OA["token_endpoint"], body, headers={
256   - "Content-Type": "application/x-www-form-urlencoded"})
257   -
258   - tokeninfo = r.json()
259   - access_token = tokeninfo.get("access_token")
  309 + if not user:
  310 + user = User(username=user_name, password=SM3.encode('DMap@123'), role='dataman',
  311 + phone='', company='', position='', email='', displayname=display_name,
  312 + origin=origin_type,
  313 + create_time=time.strftime(
  314 + "%Y-%m-%d %H:%M:%S", time.localtime()),
  315 + update_time=time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()))
  316 + db.session.add(user)
  317 + db.session.commit()
  318 +
  319 + session["id"] = user.id
  320 +
  321 + # dmap token授权
  322 + # 存入数据库
  323 + token = OAuth2Token(
  324 + client_id=configure.OA["client_id"],
  325 + token_type=tokeninfo.get("token_type"),
  326 + access_token=access_token,
  327 + scope=tokeninfo.get("scope"),
  328 + expires_in=tokeninfo.get("expires_in"),
  329 + user_id=user.id
  330 + )
  331 +
  332 + db.session.add(token)
  333 + db.session.commit()
260 334
261   - if access_token:
262   - # 获取用户信息
263   - userinfo_url = configure.OA["userinfo_endpoint"]
264   - user_request = requests.get(userinfo_url, headers={
265   - "Authorization": "Bearer %s" % access_token})
266   - userinfo = user_request.json()
267   - user_name = userinfo.get("user_name")
268   - display_name = userinfo.get("displayname")
  335 + redirect_uri = session["redirect_uri"] if "redirect_uri" in session else auth_default_redirect_uri
269 336
270   - # 默认关联dmap用户
271   - try:
272   - user = User.query.filter_by(
273   - username=user_name).first()
274   - except error as e:
275   - user = None
  337 + #session["id_token"] = id_token
  338 + response = make_response(redirect(redirect_uri))
  339 + response.set_cookie('accessToken', access_token,
  340 + max_age=configure.expiretime)
  341 + response.set_cookie('id_token', id_token,
  342 + max_age=configure.expiretime)
276 343
277   - # 用户不存在,创建用户
278   - if not user:
279   - user = User(username=user_name, password=SM3.encode('DMap@123'), role='dataman',
280   - phone='', company='', position='', email='',
281   - create_time=time.strftime(
282   - "%Y-%m-%d %H:%M:%S", time.localtime()),
283   - update_time=time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()))
284   - db.session.add(user)
  344 + log = OAuthLog(user_id=user.id, username=user_name, auth_type=AuthEnum.Other.name.lower(),
  345 + message="三方认证成功", create_time=datetime.now(),
  346 + operate_type=OperateEnum.Login, token=access_token)
  347 + db.session.add(log)
285 348 db.session.commit()
286 349
287   - # dmap token授权
288   - session["id"] = user.id
  350 + return response
  351 + else:
  352 + raise Exception("缺少access_token")
289 353
290   - # 存入数据库
291   - token = OAuth2Token(
292   - client_id=configure.OA["client_id"],
293   - token_type=tokeninfo.get("token_type"),
294   - access_token=access_token,
295   - scope=tokeninfo.get("scope"),
296   - expires_in=tokeninfo.get("expires_in"),
297   - user_id=user.id
298   - )
299   - db.session.add(token)
300   - db.session.commit()
301   - redirect_uri = ""
302   - try:
303   - redirect_uri = session["redirect_uri"]
304   - if not redirect_uri:
305   - redirect_uri = '/'
306   - except:
307   - redirect_uri = "/"
308   -
309   - response = make_response(redirect(redirect_uri))
310   - response.set_cookie('accessToken', access_token, max_age=604_800)
311   -
312   - return response
313   - else:
314   - return redirect('/')
  354 + except Exception as e:
  355 + StructurePrint().print(e.__str__()+":" + traceback.format_exc(), "error")
  356 + pop_list = ["id", "redirect_uri"]
  357 + for p in pop_list:
  358 + if p in session:
  359 + session.pop(p)
  360 + return redirect(auth_default_redirect_uri)
  361 +
  362 + @staticmethod
  363 + @bp.route("/logs", methods=["GET"])
  364 + @swag_from(auth_log_query.Api.api_doc)
  365 + @auth_decorator(configure.UserPermission)
  366 + def authLog():
  367 + '''
  368 + 登录日志
  369 + '''
  370 + return auth_log_query.Api().result
... ...
  1 +# coding=utf-8
  2 +#author: qianyingz
  3 +# createtime: 2022/03/09
  4 +#email: qianyingz@chinadci.com
  5 +from datetime import datetime
  6 +from .models import *
  7 +from app.util.component.ApiTemplate import ApiTemplate
  8 +import time
  9 +
  10 +
  11 +class Api(ApiTemplate):
  12 + api_name = "登录日志"
  13 +
  14 + def para_check(self):
  15 + pass
  16 +
  17 + def process(self):
  18 + # 返回结果
  19 + res = {}
  20 + res["result"] = False
  21 + try:
  22 + # 业务逻辑
  23 + page_index = int(self.para.get("page_index", "0"))
  24 + page_size = int(self.para.get("page_size", "1000"))
  25 + #name = self.para.get("name")
  26 + sort_key = self.para.get("sort_key")
  27 +
  28 + log_query = OAuthLog.query
  29 + log_query = log_query.order_by(OAuthLog.create_time.desc())
  30 +
  31 + count = log_query.count()
  32 + logs = log_query.limit(page_size).offset(
  33 + page_index*page_size).all()
  34 +
  35 + res["data"] = {"count": count,
  36 + "list": list(map(lambda t:
  37 + {"id": t.id, "username": t.username, "ip": t.ip,
  38 + "message": t.message, "create_time": t.create_time.strftime("%Y-%m-%d %H:%M:%S"),
  39 + "operate_type": t.operate_type,
  40 + "auth_type": t.auth_type,
  41 + "displayname": t.displayname}, logs))}
  42 +
  43 + # if id:
  44 + # tmp_user = User.query.filter_by(id=id).first()
  45 + # res["data"] = {"guid": tmp_user.id, "username": tmp_user.username,
  46 + # "role": tmp_user.role, "company": tmp_user.company,
  47 + # "position": tmp_user.position, "email": tmp_user.email,
  48 + # "phone": tmp_user.phone, "display_name": tmp_user.display_name,
  49 + # "status": tmp_user.status}
  50 + # else:
  51 + # # 获取集合
  52 + # userLinq = User.query.order_by(User.id.desc())
  53 + # if name:
  54 + # userLinq = userLinq.filter(
  55 + # User.username.like("%" + name + "%"))
  56 + # tmp_count = userLinq.count()
  57 + # tmp_list = userLinq.limit(page_size).offset(
  58 + # page_index * page_size).all()
  59 + # res["data"] = {
  60 + # "count": tmp_count,
  61 + # "list": list(map(lambda t:
  62 + # {"guid": t.id, "username": t.username,
  63 + # "role": t.role, "display_name": t.display_name,
  64 + # "status": t.status},
  65 + # tmp_list))}
  66 +
  67 + res["result"] = True
  68 +
  69 + except Exception as e:
  70 + raise e
  71 + return res
  72 +
  73 + api_doc = {
  74 + "tags": ["登录日志"],
  75 + "parameters": [
  76 + {"name": "page_index",
  77 + "in": "query",
  78 + "type": "int",
  79 + "description": "当前页",
  80 + "default": 0},
  81 + {"name": "page_size",
  82 + "in": "query",
  83 + "type": "int",
  84 + "description": "条数",
  85 + "default": 1000},
  86 + {"name": "sort_key",
  87 + "in": "query",
  88 + "type": "string",
  89 + "description": "排序"}
  90 + ],
  91 + "responses": {
  92 + 200: {
  93 + "schema": {
  94 + "properties": {
  95 + }
  96 + }
  97 + }
  98 + }
  99 + }
... ...
1   -from flask_sqlalchemy import sqlalchemy
2   -from sqlalchemy import Column, Integer, Text, Time, ForeignKey
  1 +from sqlalchemy import Column, Integer, Text, Time, ForeignKey, column
3 2 from app.models import db
4 3 from authlib.integrations.sqla_oauth2 import (
5 4 OAuth2ClientMixin,
... ... @@ -7,6 +6,7 @@ from authlib.integrations.sqla_oauth2 import (
7 6 OAuth2AuthorizationCodeMixin
8 7 )
9 8 from sqlalchemy.orm import relationship
  9 +from app.util.enum.AuthEnum import OriginEnum,UserStatusEnum
10 10
11 11
12 12 class User (db.Model):
... ... @@ -16,7 +16,6 @@ class User (db.Model):
16 16 __tablename__ = "dmap_user"
17 17 id = Column(Integer, primary_key=True)
18 18 username = Column(Text)
19   -
20 19 password = Column(Text)
21 20 company = Column(Text)
22 21 position = Column(Text)
... ... @@ -25,8 +24,10 @@ class User (db.Model):
25 24 create_time = Column(Time)
26 25 update_time = Column(Time)
27 26 role = Column(Text)
28   - #display_name = Column(Text, nullable=True) # 昵称
29   - #origin = Column(Text, default="dmap") # 用户来源,默认dmap平台用户
  27 + displayname = Column(Text, nullable=True) # 昵称
  28 + # 用户来源,默认dmap平台用户
  29 + origin = Column(Text, default=OriginEnum.Dmap.name.lower())
  30 + status = Column(Integer, default=UserStatusEnum.Active) # 1:激活,2:冻结,0:注销
30 31
31 32 def __str__(self):
32 33 return self.username
... ... @@ -68,3 +69,26 @@ class OAuth2Token(db.Model, OAuth2TokenMixin):
68 69 Integer, ForeignKey('dmap_user.id', ondelete='CASCADE'))
69 70 # name = Column(Text)
70 71 user = relationship('User')
  72 +
  73 +
  74 +'''
  75 +认证日志
  76 +'''
  77 +
  78 +# 认证日志
  79 +
  80 +
  81 +class OAuthLog(db.Model):
  82 + __tablename__ = "dmap_oauth_log"
  83 +
  84 + id = Column(Integer, primary_key=True)
  85 + user_id = Column(Text, nullable=False)
  86 + username = Column(Text) # 用户输入账号
  87 + displayname=Column(Text) # 昵称
  88 + ip = Column(Text)
  89 + # 登录方式:password,三方登录
  90 + auth_type = Column(Text)
  91 + message = Column(Text) # 登录返回提示
  92 + create_time = Column(Time) # 记录创建时间
  93 + operate_type = Column(Integer, nullable=False) # 操作类型,登录,注销
  94 + token = Column(Text)
... ...
... ... @@ -51,7 +51,7 @@ def exists_nonce(nonce, req):
51 51
52 52
53 53 def generate_user_info(user, scope):
54   - return UserInfo(sub=str(user.id), name=user.username, role=user.role, company=user.company)
  54 + return UserInfo(sub=str(user.id), name=user.username, role=user.role, company=user.company, display_name=user.displayname, status=user.status)
55 55
56 56
57 57 def create_authorization_code(client, grant_user, request):
... ...
... ... @@ -20,7 +20,6 @@ class Api(ApiTemplate):
20 20 res["result"] = False
21 21 try:
22 22 # 业务逻辑
23   - pass
24 23 page_index = int(self.para.get("page_index", "0"))
25 24 page_size = int(self.para.get("page_size", "1000"))
26 25 name = self.para.get("name")
... ... @@ -31,7 +30,8 @@ class Api(ApiTemplate):
31 30 res["data"] = {"guid": tmp_user.id, "username": tmp_user.username,
32 31 "role": tmp_user.role, "company": tmp_user.company,
33 32 "position": tmp_user.position, "email": tmp_user.email,
34   - "phone": tmp_user.phone}
  33 + "phone": tmp_user.phone, "display_name": tmp_user.displayname,
  34 + "status": tmp_user.status}
35 35 else:
36 36 # 获取集合
37 37 userLinq = User.query.order_by(User.id.desc())
... ... @@ -45,7 +45,8 @@ class Api(ApiTemplate):
45 45 "count": tmp_count,
46 46 "list": list(map(lambda t:
47 47 {"guid": t.id, "username": t.username,
48   - "role": t.role},
  48 + "role": t.role, "display_name": t.displayname,
  49 + "status": t.status},
49 50 tmp_list))}
50 51 res["result"] = True
51 52
... ...
... ... @@ -238,4 +238,28 @@ button {
238 238 -webkit-box-sizing: border-box;
239 239 -moz-box-sizing: border-box;
240 240 box-sizing: border-box;
  241 +}
  242 +
  243 +.other-mod {
  244 + margin-top: 35px;
  245 +}
  246 +
  247 +.other-mod .other-tit {
  248 + color: #999;
  249 + display: inline-block;
  250 + margin-right: 20px;
  251 +}
  252 +
  253 +.other-mod .other-link {
  254 + text-align: right;
  255 + margin-left: 20px;
  256 + float: right;
  257 +}
  258 +
  259 +.other-mod .other-link a {
  260 + color: #545454;
  261 +}
  262 +
  263 +.other-mod .other-link:hover a {
  264 + color: #3081c3;
241 265 }
\ No newline at end of file
... ...
... ... @@ -76,8 +76,13 @@
76 76 立即登录
77 77 </button>
78 78 </div>
79   - <div>——或者——</div>
80   - <a href="/auth/oa"> 城信所统一用户认证 </a>
  79 +
  80 + <div class="form-group other-mod">
  81 + <div class="other-tit"><span>其他登录方式</span></div>
  82 + <div class="other-link">
  83 + <a href="/auth/oa">城信所统一用户认证</a>
  84 + </div>
  85 + </div>
81 86 </form>
82 87 </div>
83 88 <div class="clear"></div>
... ...
  1 +from enum import Enum,IntEnum
  2 +
  3 +'''
  4 +认证方式
  5 +'''
  6 +
  7 +
  8 +class AuthEnum(IntEnum):
  9 + Password = 1 # 账号密码登录,包括三方的账号密码登录
  10 + Other = 3 # 三方登录
  11 +
  12 +
  13 +'''
  14 +用户来源
  15 +'''
  16 +
  17 +
  18 +class OriginEnum(IntEnum):
  19 + Dmap = 1
  20 +
  21 +
  22 +'''用户状态'''
  23 +
  24 +
  25 +class UserStatusEnum(IntEnum):
  26 + Cancellation = 0, # 注销
  27 + Active = 1, # 活跃
  28 + Freeze = 2 # 冻结
  29 +
  30 +
  31 +class OperateEnum(IntEnum):
  32 + Login = 1, # 登录
  33 + Logout = 2 # 注销
... ...
... ... @@ -27,6 +27,7 @@ ServicePermission = ['admin', 'dataman', 'publisher']
27 27
28 28 log_level = logging.INFO
29 29
  30 +expiretime = 604_800 # 7天
30 31
31 32 OA = {
32 33 "client_id": "dmap",
... ... @@ -35,5 +36,8 @@ OA = {
35 36 "redirect_uri": "http://localhost:8841/auth/oa/callback",
36 37 "authorization_endpoint": "https://login.chinadci.com/netsso/connect/authorize",
37 38 "token_endpoint": "https://login.chinadci.com/netsso/connect/token",
38   - "userinfo_endpoint": "https://login.chinadci.com/netsso/connect/userinfo"
  39 + "userinfo_endpoint": "https://login.chinadci.com/netsso/connect/userinfo",
  40 + "end_session_endpoint": "https://login.chinadci.com/netsso/connect/endsession"
39 41 }
  42 +
  43 +auth_default_redirect_uri="http://localhost:9999"
\ No newline at end of file
... ...
注册登录 后发表评论