补充漏推送的东西
This commit is contained in:
@@ -1,6 +1,9 @@
|
||||
import base64
|
||||
import json
|
||||
import os
|
||||
import io
|
||||
import random
|
||||
import string
|
||||
|
||||
from django.http import JsonResponse, HttpResponseBadRequest
|
||||
from django.shortcuts import render, redirect
|
||||
@@ -24,6 +27,22 @@ def pubkey(request):
|
||||
pk_b64 = get_public_key_spki_b64()
|
||||
return JsonResponse({"public_key_spki": pk_b64})
|
||||
|
||||
@require_http_methods(["GET"])
|
||||
@ensure_csrf_cookie
|
||||
def captcha(request):
|
||||
try:
|
||||
from captcha.image import ImageCaptcha
|
||||
except Exception:
|
||||
return JsonResponse({"ok": False, "message": "captcha unavailable"}, status=500)
|
||||
code = ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(5))
|
||||
request.session["captcha_code"] = code
|
||||
img = ImageCaptcha(width=160, height=60)
|
||||
image = img.generate_image(code)
|
||||
buf = io.BytesIO()
|
||||
image.save(buf, format="PNG")
|
||||
b64 = base64.b64encode(buf.getvalue()).decode("ascii")
|
||||
return JsonResponse({"ok": True, "image_b64": b64})
|
||||
|
||||
|
||||
@require_http_methods(["POST"])
|
||||
@csrf_protect
|
||||
@@ -66,11 +85,18 @@ def secure_login_submit(request):
|
||||
password = (obj.get("password") or "")
|
||||
if not username or not password:
|
||||
return HttpResponseBadRequest("Missing credentials")
|
||||
if bool(request.session.get("login_failed_once")):
|
||||
ans = (obj.get("captcha") or "").strip()
|
||||
code = request.session.get("captcha_code")
|
||||
if not ans or not code or ans.lower() != str(code).lower():
|
||||
return JsonResponse({"ok": False, "message": "验证码错误", "captcha_required": True}, status=401)
|
||||
user = get_user_by_username(username)
|
||||
if not user:
|
||||
return JsonResponse({"ok": False, "message": "User not found"}, status=401)
|
||||
request.session["login_failed_once"] = True
|
||||
return JsonResponse({"ok": False, "message": "用户不存在", "captcha_required": True}, status=401)
|
||||
if not verify_password(password, user.get("password_salt") or "", user.get("password_hash") or ""):
|
||||
return JsonResponse({"ok": False, "message": "Invalid credentials"}, status=401)
|
||||
request.session["login_failed_once"] = True
|
||||
return JsonResponse({"ok": False, "message": "账户或密码错误", "captcha_required": True}, status=401)
|
||||
try:
|
||||
request.session.cycle_key()
|
||||
except Exception:
|
||||
@@ -83,6 +109,10 @@ def secure_login_submit(request):
|
||||
request.session["permission"] = 1
|
||||
if "session_enc_key_b64" in request.session:
|
||||
del request.session["session_enc_key_b64"]
|
||||
if "login_failed_once" in request.session:
|
||||
del request.session["login_failed_once"]
|
||||
if "captcha_code" in request.session:
|
||||
del request.session["captcha_code"]
|
||||
return JsonResponse({"ok": True, "redirect_url": f"/main/home/?user_id={user['user_id']}"})
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user