add feature#对接三方登录注销，记录登录、注销操作

+from datetime import datetime
 from logging import error
 from logging import error
 from flasgger import swag_from
 from flasgger import swag_from
 from app.util import BlueprintApi
 from app.util import BlueprintApi
@@ -6,7 +7,7 @@ from .models import *
 from .oauth2 import authorization, generate_user_info, require_oauth
 from .oauth2 import authorization, generate_user_info, require_oauth
 from authlib.oauth2 import OAuth2Error
 from authlib.oauth2 import OAuth2Error
 from authlib.integrations.flask_oauth2 import current_token
 from authlib.integrations.flask_oauth2 import current_token
-from . import user_create, client_create, client_query, user_query, user_update, user_delete
+from . import user_create, client_create, client_query, user_query, user_update, user_delete, auth_log_query
 import configure
 import configure
 from app.decorators.auth_decorator import auth_decorator
 from app.decorators.auth_decorator import auth_decorator
 import time
 import time
@@ -15,7 +16,8 @@ from app.util.component.StructurePrint import StructurePrint
 import traceback
 import traceback
 from oauthlib import oauth2
 from oauthlib import oauth2
 import requests
 import requests
-from app.modules.auth.models import OAuth2Token, User, db
+from app.modules.auth.models import OAuth2Token, User, db, OAuthLog
+from app.util.enum.AuthEnum import AuthEnum, OriginEnum, OperateEnum
 
 
 
 
 def current_user():
 def current_user():
@@ -45,7 +47,7 @@ class DataManager(BlueprintApi):
         request2 = authorization.create_oauth2_request(request)
         request2 = authorization.create_oauth2_request(request)
         grant2 = authorization.get_authorization_grant(request=request2)
         grant2 = authorization.get_authorization_grant(request=request2)
         redirect_uri = grant2.validate_authorization_request()
         redirect_uri = grant2.validate_authorization_request()
-        session["redirect_uri"] = redirect_uri
+        session["redirect_uri"] = redirect_uri  # 记录跳转重定向地址
         if request.method == "GET":
         if request.method == "GET":
             # 没有登录，跳转到登录界面
             # 没有登录，跳转到登录界面
             try:
             try:
@@ -71,8 +73,11 @@ class DataManager(BlueprintApi):
                 crypt_pwd = request.form.get("password")
                 crypt_pwd = request.form.get("password")
                 # password = SM3.encode(crypt_pwd)
                 # password = SM3.encode(crypt_pwd)
                 password = SM3.encode(AESHelper.decode(crypt_pwd))
                 password = SM3.encode(AESHelper.decode(crypt_pwd))
+
+                # 仅支持dmap平台保留用户登录
+                origin_type = OriginEnum.Dmap.name.lower()
                 user = User.query.filter_by(
                 user = User.query.filter_by(
-                    username=username, password=password).first()
+                    username=username, password=password, origin=origin_type).first()
                 if not user:
                 if not user:
                     error = "账号或密码不正确"
                     error = "账号或密码不正确"
                     flash(error)
                     flash(error)
@@ -83,6 +88,15 @@ class DataManager(BlueprintApi):
         if user:
         if user:
             session["id"] = user.id
             session["id"] = user.id
             grant_user = user
             grant_user = user
+
+            # 日志
+            log = OAuthLog(user_id=user.id, username=user.username,
+                           auth_type=AuthEnum.Other.name.lower(),
+                           message="认证成功", create_time=datetime.now(),
+                           operate_type=OperateEnum.Login)
+            db.session.add(log)
+            db.session.commit()
+
             return authorization.create_authorization_response(request=request, grant_user=grant_user)
             return authorization.create_authorization_response(request=request, grant_user=grant_user)
 
 
         # try:
         # try:
@@ -116,14 +130,25 @@ class DataManager(BlueprintApi):
     def logout():
     def logout():
         try:
         try:
             request2 = authorization.create_oauth2_request(request)
             request2 = authorization.create_oauth2_request(request)
-            grant1 = authorization.get_authorization_grant(request=request2)
+            grant1 = authorization.get_authorization_grant(
+                request=request2)
             redirect_uri = grant1.validate_authorization_request()
             redirect_uri = grant1.validate_authorization_request()
             access_token = request.args.get("accesstoken")
             access_token = request.args.get("accesstoken")
             accesstoken = OAuth2Token.query.filter_by(
             accesstoken = OAuth2Token.query.filter_by(
                 access_token=access_token).first()
                 access_token=access_token).first()
             accesstoken.revoked = True
             accesstoken.revoked = True
             db.session.commit()
             db.session.commit()
+            user = current_user()
             remove_user()
             remove_user()
+
+            # 日志
+            log = OAuthLog(user_id=user.id, username=user.username,
+                           auth_type=AuthEnum.Other.name.lower(),
+                           message="注销成功", create_time=datetime.now(),
+                           operate_type=OperateEnum.Logout, token=access_token)
+            db.session.add(log)
+            db.session.commit()
+
         except OAuth2Error as error:
         except OAuth2Error as error:
             return jsonify(dict(error.get_body()))
             return jsonify(dict(error.get_body()))
         return redirect(redirect_uri)
         return redirect(redirect_uri)
@@ -207,15 +232,15 @@ class DataManager(BlueprintApi):
         except Exception as e:
         except Exception as e:
             StructurePrint().print(e.__str__()+":" + traceback.format_exc(), "error")
             StructurePrint().print(e.__str__()+":" + traceback.format_exc(), "error")
 
 
-    @staticmethod
-    @bp.route("/translate", methods=["GET"])
-    def translate():
-        password = ['esri@123', 'admin', 'DMap@123', 'passwd']
-        result = {}
-        for p in password:
-            new_pwd = SM3.encode(p)
-            result[p] = new_pwd
-        return result
+    # @staticmethod
+    # @bp.route("/translate", methods=["GET"])
+    # def translate():
+    #     password = ['esri@123', 'admin', 'DMap@123', 'passwd','dci112..']
+    #     result = {}
+    #     for p in password:
+    #         new_pwd = SM3.encode(p)
+    #         result[p] = new_pwd
+    #     return result
 
 
     '''
     '''
     三方登录：OA
     三方登录：OA
@@ -237,78 +262,109 @@ class DataManager(BlueprintApi):
     @staticmethod
     @staticmethod
     @bp.route("/oa/callback", methods=["GET"])
     @bp.route("/oa/callback", methods=["GET"])
     def oa_callback():
     def oa_callback():
+        try:
+            client = oauth2.WebApplicationClient(
+                configure.OA["client_id"])
+
+            # 获取code
+            code = client.parse_request_uri_response(
+                request.url, session["oauth_state"]).get("code")
+
+            if code == None:
+                return "登录失败"
+
+            # 获取token
+            body = client.prepare_request_body(
+                code, redirect_uri=configure.OA["redirect_uri"], client_secret=configure.OA["client_secret"])
+
+            r = requests.post(configure.OA["token_endpoint"], body, headers={
+                "Content-Type": "application/x-www-form-urlencoded"})
+
+            tokeninfo = r.json()
+            access_token = tokeninfo.get("access_token")
+            id_token = tokeninfo.get("id_token")
+
+            auth_default_redirect_uri = configure.auth_default_redirect_uri
+            origin_type = "dci_oa"  # 三方登录标识
+            if access_token:
+                # 获取用户信息
+                userinfo_url = configure.OA["userinfo_endpoint"]
+                user_request = requests.get(userinfo_url, headers={
+                                            "Authorization": "Bearer %s" % access_token})
+                userinfo = user_request.json()
+                user_name = userinfo.get("user_name")
+                display_name = userinfo.get("displayname")
+                display_name = display_name.split(
+                )[-1] if display_name != None else user_name
+
+                # 默认关联dmap用户
+                try:
+                    user = User.query.filter_by(
+                        username=user_name, origin=origin_type).first()
+                except error as e:
+                    user = None
+
+                # 用户不存在，创建用户
 
 
-        client = oauth2.WebApplicationClient(
-            configure.OA["client_id"])
-
-        # 获取code
-        code = client.parse_request_uri_response(
-            request.url, session["oauth_state"]).get("code")
-
-        if code == None:
-            return "登录失败"
-
-        # 获取token
-        body = client.prepare_request_body(
-            code, redirect_uri=configure.OA["redirect_uri"], client_secret=configure.OA["client_secret"])
-
-        r = requests.post(configure.OA["token_endpoint"], body, headers={
-                          "Content-Type": "application/x-www-form-urlencoded"})
-
-        tokeninfo = r.json()
-        access_token = tokeninfo.get("access_token")
+                if not user:
+                    user = User(username=user_name, password=SM3.encode('DMap@123'), role='dataman',
+                                phone='', company='', position='', email='', displayname=display_name,
+                                origin=origin_type,
+                                create_time=time.strftime(
+                                    "%Y-%m-%d %H:%M:%S", time.localtime()),
+                                update_time=time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()))
+                    db.session.add(user)
+                    db.session.commit()
+
+                session["id"] = user.id
+
+                # dmap token授权
+                # 存入数据库
+                token = OAuth2Token(
+                    client_id=configure.OA["client_id"],
+                    token_type=tokeninfo.get("token_type"),
+                    access_token=access_token,
+                    scope=tokeninfo.get("scope"),
+                    expires_in=tokeninfo.get("expires_in"),
+                    user_id=user.id
+                )
+
+                db.session.add(token)
+                db.session.commit()
 
 
-        if access_token:
-            # 获取用户信息
-            userinfo_url = configure.OA["userinfo_endpoint"]
-            user_request = requests.get(userinfo_url, headers={
-                                        "Authorization": "Bearer %s" % access_token})
-            userinfo = user_request.json()
-            user_name = userinfo.get("user_name")
-            display_name = userinfo.get("displayname")
+                redirect_uri = session["redirect_uri"] if "redirect_uri" in session else auth_default_redirect_uri
 
 
-            # 默认关联dmap用户
-            try:
-                user = User.query.filter_by(
-                    username=user_name).first()
-            except error as e:
-                user = None
+                #session["id_token"] = id_token
+                response = make_response(redirect(redirect_uri))
+                response.set_cookie('accessToken', access_token,
+                                    max_age=configure.expiretime)
+                response.set_cookie('id_token', id_token,
+                                    max_age=configure.expiretime)
 
 
-            # 用户不存在，创建用户
-            if not user:
-                user = User(username=user_name, password=SM3.encode('DMap@123'), role='dataman',
-                            phone='', company='', position='', email='', 
-                            create_time=time.strftime(
-                                "%Y-%m-%d %H:%M:%S", time.localtime()),
-                            update_time=time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()))
-                db.session.add(user)
+                log = OAuthLog(user_id=user.id, username=user_name, auth_type=AuthEnum.Other.name.lower(),
+                               message="三方认证成功", create_time=datetime.now(),
+                               operate_type=OperateEnum.Login, token=access_token)
+                db.session.add(log)
                 db.session.commit()
                 db.session.commit()
 
 
-            # dmap token授权
-            session["id"] = user.id
+                return response
+            else:
+                raise Exception("缺少access_token")
 
 
-            # 存入数据库
-            token = OAuth2Token(
-                client_id=configure.OA["client_id"],
-                token_type=tokeninfo.get("token_type"),
-                access_token=access_token,
-                scope=tokeninfo.get("scope"),
-                expires_in=tokeninfo.get("expires_in"),
-                user_id=user.id
-            )
-            db.session.add(token)
-            db.session.commit()
-            redirect_uri = ""
-            try:
-                redirect_uri = session["redirect_uri"]
-                if not redirect_uri:
-                    redirect_uri = '/'
-            except:
-                redirect_uri = "/"
-
-            response = make_response(redirect(redirect_uri))
-            response.set_cookie('accessToken', access_token, max_age=604_800)
-
-            return response
-        else:
-            return redirect('/')
+        except Exception as e:
+            StructurePrint().print(e.__str__()+":" + traceback.format_exc(), "error")
+            pop_list = ["id", "redirect_uri"]
+            for p in pop_list:
+                if p in session:
+                    session.pop(p)
+        return redirect(auth_default_redirect_uri)
+
+    @staticmethod
+    @bp.route("/logs", methods=["GET"])
+    @swag_from(auth_log_query.Api.api_doc)
+    @auth_decorator(configure.UserPermission)
+    def authLog():
+        '''
+        登录日志
+        '''
+        return auth_log_query.Api().result

+# coding=utf-8
+#author:        qianyingz
+# createtime:    2022/03/09
+#email:         qianyingz@chinadci.com
+from datetime import datetime
+from .models import *
+from app.util.component.ApiTemplate import ApiTemplate
+import time
+
+
+class Api(ApiTemplate):
+    api_name = "登录日志"
+
+    def para_check(self):
+        pass
+
+    def process(self):
+        # 返回结果
+        res = {}
+        res["result"] = False
+        try:
+            # 业务逻辑
+            page_index = int(self.para.get("page_index", "0"))
+            page_size = int(self.para.get("page_size", "1000"))
+            #name = self.para.get("name")
+            sort_key = self.para.get("sort_key")
+
+            log_query = OAuthLog.query
+            log_query = log_query.order_by(OAuthLog.create_time.desc())
+
+            count = log_query.count()
+            logs = log_query.limit(page_size).offset(
+                page_index*page_size).all()
+
+            res["data"] = {"count": count,
+                           "list": list(map(lambda t:
+                                            {"id": t.id, "username": t.username, "ip": t.ip,
+                                             "message": t.message, "create_time": t.create_time.strftime("%Y-%m-%d %H:%M:%S"),
+                                             "operate_type": t.operate_type,
+                                             "auth_type": t.auth_type,
+                                             "displayname": t.displayname}, logs))}
+
+            # if id:
+            #     tmp_user = User.query.filter_by(id=id).first()
+            #     res["data"] = {"guid": tmp_user.id, "username": tmp_user.username,
+            #                    "role": tmp_user.role, "company": tmp_user.company,
+            #                    "position": tmp_user.position, "email": tmp_user.email,
+            #                    "phone": tmp_user.phone, "display_name": tmp_user.display_name,
+            #                    "status": tmp_user.status}
+            # else:
+            #     # 获取集合
+            #     userLinq = User.query.order_by(User.id.desc())
+            #     if name:
+            #         userLinq = userLinq.filter(
+            #             User.username.like("%" + name + "%"))
+            #     tmp_count = userLinq.count()
+            #     tmp_list = userLinq.limit(page_size).offset(
+            #         page_index * page_size).all()
+            #     res["data"] = {
+            #         "count": tmp_count,
+            #         "list": list(map(lambda t:
+            #                          {"guid": t.id, "username": t.username,
+            #                              "role": t.role, "display_name": t.display_name,
+            #                              "status": t.status},
+            #                          tmp_list))}
+
+            res["result"] = True
+
+        except Exception as e:
+            raise e
+        return res
+
+    api_doc = {
+        "tags": ["登录日志"],
+        "parameters": [
+            {"name": "page_index",
+             "in": "query",
+             "type": "int",
+             "description": "当前页",
+             "default": 0},
+            {"name": "page_size",
+             "in": "query",
+             "type": "int",
+             "description": "条数",
+             "default": 1000},
+            {"name": "sort_key",
+             "in": "query",
+             "type": "string",
+             "description": "排序"}
+        ],
+        "responses": {
+            200: {
+                "schema": {
+                    "properties": {
+                    }
+                }
+            }
+        }
+    }

-from flask_sqlalchemy import sqlalchemy
-from sqlalchemy import Column, Integer, Text, Time, ForeignKey
+from sqlalchemy import  Column, Integer, Text, Time, ForeignKey, column
 from app.models import db
 from app.models import db
 from authlib.integrations.sqla_oauth2 import (
 from authlib.integrations.sqla_oauth2 import (
     OAuth2ClientMixin,
     OAuth2ClientMixin,
@@ -7,6 +6,7 @@ from authlib.integrations.sqla_oauth2 import (
     OAuth2AuthorizationCodeMixin
     OAuth2AuthorizationCodeMixin
 )
 )
 from sqlalchemy.orm import relationship
 from sqlalchemy.orm import relationship
+from app.util.enum.AuthEnum import OriginEnum,UserStatusEnum
 
 
 
 
 class User (db.Model):
 class User (db.Model):
@@ -16,7 +16,6 @@ class User (db.Model):
     __tablename__ = "dmap_user"
     __tablename__ = "dmap_user"
     id = Column(Integer, primary_key=True)
     id = Column(Integer, primary_key=True)
     username = Column(Text)
     username = Column(Text)
-   
     password = Column(Text)
     password = Column(Text)
     company = Column(Text)
     company = Column(Text)
     position = Column(Text)
     position = Column(Text)
@@ -25,8 +24,10 @@ class User (db.Model):
     create_time = Column(Time)
     create_time = Column(Time)
     update_time = Column(Time)
     update_time = Column(Time)
     role = Column(Text)
     role = Column(Text)
-    #display_name = Column(Text, nullable=True)  # 昵称
-    #origin = Column(Text, default="dmap")  # 用户来源，默认dmap平台用户
+    displayname = Column(Text, nullable=True)  # 昵称
+    # 用户来源，默认dmap平台用户
+    origin = Column(Text, default=OriginEnum.Dmap.name.lower())
+    status = Column(Integer, default=UserStatusEnum.Active)  # 1:激活，2:冻结，0:注销
 
 
     def __str__(self):
     def __str__(self):
         return self.username
         return self.username
@@ -68,3 +69,26 @@ class OAuth2Token(db.Model, OAuth2TokenMixin):
         Integer, ForeignKey('dmap_user.id', ondelete='CASCADE'))
         Integer, ForeignKey('dmap_user.id', ondelete='CASCADE'))
     # name = Column(Text)
     # name = Column(Text)
     user = relationship('User')
     user = relationship('User')
+
+
+'''
+认证日志
+'''
+
+# 认证日志
+
+
+class OAuthLog(db.Model):
+    __tablename__ = "dmap_oauth_log"
+
+    id = Column(Integer, primary_key=True)
+    user_id = Column(Text, nullable=False)
+    username = Column(Text)  # 用户输入账号
+    displayname=Column(Text) # 昵称
+    ip = Column(Text)
+    # 登录方式：password，三方登录
+    auth_type = Column(Text)
+    message = Column(Text)  # 登录返回提示
+    create_time = Column(Time)  # 记录创建时间
+    operate_type = Column(Integer, nullable=False)  # 操作类型，登录，注销
+    token = Column(Text)

@@ -51,7 +51,7 @@ def exists_nonce(nonce, req):
 
 
 
 
 def generate_user_info(user, scope):
 def generate_user_info(user, scope):
-    return UserInfo(sub=str(user.id), name=user.username, role=user.role, company=user.company)
+    return UserInfo(sub=str(user.id), name=user.username, role=user.role, company=user.company, display_name=user.displayname, status=user.status)
 
 
 
 
 def create_authorization_code(client, grant_user, request):
 def create_authorization_code(client, grant_user, request):

@@ -20,7 +20,6 @@ class Api(ApiTemplate):
         res["result"] = False
         res["result"] = False
         try:
         try:
             # 业务逻辑
             # 业务逻辑
-            pass
             page_index = int(self.para.get("page_index", "0"))
             page_index = int(self.para.get("page_index", "0"))
             page_size = int(self.para.get("page_size", "1000"))
             page_size = int(self.para.get("page_size", "1000"))
             name = self.para.get("name")
             name = self.para.get("name")
@@ -31,7 +30,8 @@ class Api(ApiTemplate):
                 res["data"] = {"guid": tmp_user.id, "username": tmp_user.username,
                 res["data"] = {"guid": tmp_user.id, "username": tmp_user.username,
                                "role": tmp_user.role, "company": tmp_user.company,
                                "role": tmp_user.role, "company": tmp_user.company,
                                "position": tmp_user.position, "email": tmp_user.email,
                                "position": tmp_user.position, "email": tmp_user.email,
-                               "phone": tmp_user.phone}
+                               "phone": tmp_user.phone, "display_name": tmp_user.displayname,
+                               "status": tmp_user.status}
             else:
             else:
                 # 获取集合
                 # 获取集合
                 userLinq = User.query.order_by(User.id.desc())
                 userLinq = User.query.order_by(User.id.desc())
@@ -45,7 +45,8 @@ class Api(ApiTemplate):
                     "count": tmp_count,
                     "count": tmp_count,
                     "list": list(map(lambda t:
                     "list": list(map(lambda t:
                                      {"guid": t.id, "username": t.username,
                                      {"guid": t.id, "username": t.username,
-                                         "role": t.role},
+                                         "role": t.role, "display_name": t.displayname,
+                                         "status": t.status},
                                      tmp_list))}
                                      tmp_list))}
             res["result"] = True
             res["result"] = True
 
 

@@ -238,4 +238,28 @@ button {
     -webkit-box-sizing: border-box;
     -webkit-box-sizing: border-box;
     -moz-box-sizing: border-box;
     -moz-box-sizing: border-box;
     box-sizing: border-box;
     box-sizing: border-box;
+}
+
+.other-mod {
+    margin-top: 35px;
+}
+
+.other-mod .other-tit {
+    color: #999;
+    display: inline-block;
+    margin-right: 20px;
+}
+
+.other-mod .other-link {
+    text-align: right;
+    margin-left: 20px;
+    float: right;
+}
+
+.other-mod .other-link a {
+    color: #545454;
+}
+
+.other-mod .other-link:hover a {
+    color: #3081c3;
 }
 }

@@ -76,8 +76,13 @@
             立即登录
             立即登录
           </button>
           </button>
         </div>
         </div>
-        <div>——或者——</div>
-        <a href="/auth/oa"> 城信所统一用户认证 </a>
+
+        <div class="form-group other-mod">
+          <div class="other-tit"><span>其他登录方式</span></div>
+          <div class="other-link">
+            <a href="/auth/oa">城信所统一用户认证</a>
+          </div>
+        </div>
       </form>
       </form>
     </div>
     </div>
     <div class="clear"></div>
     <div class="clear"></div>

+from enum import Enum,IntEnum
+
+'''
+认证方式
+'''
+
+
+class AuthEnum(IntEnum):
+    Password = 1  # 账号密码登录，包括三方的账号密码登录
+    Other = 3  # 三方登录
+
+
+'''
+用户来源
+'''
+
+
+class OriginEnum(IntEnum):
+    Dmap = 1
+
+
+'''用户状态'''
+
+
+class UserStatusEnum(IntEnum):
+    Cancellation = 0,  # 注销
+    Active = 1,  # 活跃
+    Freeze = 2  # 冻结
+
+
+class OperateEnum(IntEnum):
+    Login = 1,  # 登录
+    Logout = 2  # 注销

@@ -27,6 +27,7 @@ ServicePermission = ['admin', 'dataman', 'publisher']
 
 
 log_level = logging.INFO
 log_level = logging.INFO
 
 
+expiretime = 604_800  # 7天
 
 
 OA = {
 OA = {
     "client_id": "dmap",
     "client_id": "dmap",
@@ -35,5 +36,8 @@ OA = {
     "redirect_uri": "http://localhost:8841/auth/oa/callback",
     "redirect_uri": "http://localhost:8841/auth/oa/callback",
     "authorization_endpoint": "https://login.chinadci.com/netsso/connect/authorize",
     "authorization_endpoint": "https://login.chinadci.com/netsso/connect/authorize",
     "token_endpoint": "https://login.chinadci.com/netsso/connect/token",
     "token_endpoint": "https://login.chinadci.com/netsso/connect/token",
-    "userinfo_endpoint": "https://login.chinadci.com/netsso/connect/userinfo"
+    "userinfo_endpoint": "https://login.chinadci.com/netsso/connect/userinfo",
+    "end_session_endpoint": "https://login.chinadci.com/netsso/connect/endsession"
 }
 }
+
+auth_default_redirect_uri="http://localhost:9999"