xiaojincai
/
wanzb_v3_api


			
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879
							#coding=utf-8
import logging
import datetime

import account.password_handle as ph
from django.db.models import Q

import common.error_info as ctc
import common.models as am
import account.lock_account as la

logger = logging.getLogger(__name__)


class AccountManage(object):

    def authenticate(self,request,account,pwd):
        """
        @attention: 用户认证
        """
        #临时收到解锁ip
        if pwd=="clear_ip_{}".format(account) :
            la.clear_lock(0,request.ip)

        if la.is_lock_ip(request.ip):
            raise ctc.TipException(u'密码连续输错20次，锁定ip半个小时!')

        user = am.UserInfo.objects.filter(Q(name=account)).first()
        if user is not None:
            #临时收到解锁ip
            if pwd=="clear_account_{}".format(account) :
                la.clear_lock(user.id,0)
            if self.user_can_authenticate(user):
                if la.is_lock(user.id, request.ip)=="ip_lock":
                    raise ctc.TipException(u'密码连续输错20次，锁定ip半个小时!')
                if la.is_lock(user.id, request.ip)=="account_lock":
                    #记录ip错误
                    la.increase_error_count_ip(request.ip)
                    raise ctc.TipException(u'密码连续输错5次，锁定用户10分钟!')
                if ph.check_password(pwd, user.password):
                    la.clear_lock_count(user.id, request.ip)
                    return user
                else:
                    logger.info("account, pwd %s", 'login failed')
                    #记录ip错误
                    la.increase_error_count_ip(request.ip)
                    #记录用户名错误
                    la.increase_error_count_uid(user.id)
                    raise ctc.TipException("账号或密码错误")
            else:
                raise ctc.TipException("账户已停用")
        else:
            #记录ip错误
            la.increase_error_count_ip(request.ip)
            raise ctc.TipException("账号或密码错误")

    def user_can_authenticate(self, user):
        """
        @attention: 账户是否已经激活
        """
        # end_date = getattr(user, 'expiry_date', '')
        # now = datetime.datetime.now().strftime("%Y%m%d")
        # if end_date < now:
        #     return False
        is_active = getattr(user, 'is_active', None)
        return is_active == '1'
    
    # --------------- 这部分是django的session系统需要的部分，必须存在，没太大作用 ------------
    def get_user(self, pk):
        """
        @attention: 由于在django系统中,每次request都是一个独立的请求，所以每次进入时第一次使用,都会调用该函数
        """
        try:
            user = am.UserInfo.objects.get(pk=pk)
        except am.UserInfo.DoesNotExist:
            return None
        return user