更新 APP/auth.py
This commit is contained in:
parent
be8628dceb
commit
342a6c4f99
59
APP/auth.py
59
APP/auth.py
@ -10,6 +10,7 @@ from flask_jwt_extended import create_access_token, create_refresh_token, jwt_re
|
|||||||
verify_jwt_in_request
|
verify_jwt_in_request
|
||||||
from functools import wraps
|
from functools import wraps
|
||||||
from datetime import datetime, timedelta
|
from datetime import datetime, timedelta
|
||||||
|
from app.authorization import Authorization, department_and_role_required
|
||||||
|
|
||||||
bp = Blueprint('auth', __name__)
|
bp = Blueprint('auth', __name__)
|
||||||
|
|
||||||
@ -125,12 +126,22 @@ def login_api():
|
|||||||
}), 403
|
}), 403
|
||||||
|
|
||||||
# 检查密码是否过期
|
# 检查密码是否过期
|
||||||
if user.needs_password_change():
|
if user.password_history:
|
||||||
|
days_since_last_change = (datetime.utcnow() - user.password_history.last_password_change).days
|
||||||
|
if days_since_last_change >= 90:
|
||||||
current_app.logger.info(f'Password expired for user: {username_or_email}')
|
current_app.logger.info(f'Password expired for user: {username_or_email}')
|
||||||
return jsonify({
|
return jsonify({
|
||||||
'message': '密码已过期,请修改密码',
|
'message': '密码已过期,请修改密码',
|
||||||
'require_password_change': True
|
'require_password_change': True
|
||||||
}), 403
|
}), 403
|
||||||
|
elif days_since_last_change >= 75:
|
||||||
|
expiry_date = user.password_history.last_password_change + timedelta(days=90)
|
||||||
|
warning_message = f'您的密码将在 {expiry_date.strftime("%Y-%m-%d")} 过期,请尽快修改密码'
|
||||||
|
current_app.logger.info(f'Password expiry warning for user: {username_or_email}')
|
||||||
|
else:
|
||||||
|
warning_message = None
|
||||||
|
else:
|
||||||
|
warning_message = None
|
||||||
|
|
||||||
login_user(user)
|
login_user(user)
|
||||||
user.login_info.update_login_info()
|
user.login_info.update_login_info()
|
||||||
@ -153,7 +164,7 @@ def login_api():
|
|||||||
'primary_department': user.primary_department.name if user.primary_department else None,
|
'primary_department': user.primary_department.name if user.primary_department else None,
|
||||||
'secondary_departments': [dept.name for dept in user.secondary_departments],
|
'secondary_departments': [dept.name for dept in user.secondary_departments],
|
||||||
'roles': [role.name for role in user.roles],
|
'roles': [role.name for role in user.roles],
|
||||||
'permissions': [perm.name for perm in user.get_all_permissions()], # 添加这行
|
'permissions': [perm.name for perm in user.get_all_permissions()],
|
||||||
'details': user_details,
|
'details': user_details,
|
||||||
'login_info': {
|
'login_info': {
|
||||||
'register_time': user.login_info.register_time.isoformat(),
|
'register_time': user.login_info.register_time.isoformat(),
|
||||||
@ -164,12 +175,17 @@ def login_api():
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return jsonify({
|
response_data = {
|
||||||
'message': '登录成功',
|
'message': '登录成功',
|
||||||
'access_token': access_token,
|
'access_token': access_token,
|
||||||
'refresh_token': refresh_token,
|
'refresh_token': refresh_token,
|
||||||
'user_info': user_info
|
'user_info': user_info
|
||||||
}), 200
|
}
|
||||||
|
|
||||||
|
if warning_message:
|
||||||
|
response_data['warning'] = warning_message
|
||||||
|
|
||||||
|
return jsonify(response_data), 200
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
current_app.logger.error(f'Login error: {str(e)}')
|
current_app.logger.error(f'Login error: {str(e)}')
|
||||||
current_app.logger.error(traceback.format_exc())
|
current_app.logger.error(traceback.format_exc())
|
||||||
@ -354,3 +370,38 @@ def get_current_user():
|
|||||||
current_app.logger.error(f'Error retrieving current user info: {str(e)}')
|
current_app.logger.error(f'Error retrieving current user info: {str(e)}')
|
||||||
current_app.logger.error(traceback.format_exc())
|
current_app.logger.error(traceback.format_exc())
|
||||||
return jsonify({'message': '获取用户信息失败,请稍后再试'}), 500
|
return jsonify({'message': '获取用户信息失败,请稍后再试'}), 500
|
||||||
|
|
||||||
|
@bp.route('/force_password_change', methods=['POST'])
|
||||||
|
@jwt_required()
|
||||||
|
@department_and_role_required('信息技术', ['Global Administrator', 'frontline staff'])
|
||||||
|
def force_password_change():
|
||||||
|
data = request.get_json()
|
||||||
|
target_user_id = data.get('user_id')
|
||||||
|
new_password = data.get('new_password')
|
||||||
|
|
||||||
|
if not target_user_id or not new_password:
|
||||||
|
return jsonify({'message': '缺少必要的字段'}), 400
|
||||||
|
|
||||||
|
target_user = User.query.get(target_user_id)
|
||||||
|
if not target_user:
|
||||||
|
return jsonify({'message': '目标用户不存在'}), 404
|
||||||
|
|
||||||
|
try:
|
||||||
|
target_user.set_password(new_password)
|
||||||
|
target_user.login_info.has_changed_initial_password = False
|
||||||
|
target_user.login_info.is_new_user = False
|
||||||
|
|
||||||
|
# 更新密码修改历史
|
||||||
|
if target_user.password_history:
|
||||||
|
target_user.password_history.update_password_change()
|
||||||
|
else:
|
||||||
|
target_user.password_history = UserPasswordHistory(user=target_user)
|
||||||
|
|
||||||
|
db.session.commit()
|
||||||
|
|
||||||
|
current_app.logger.info(f'Password forcibly changed for user: {target_user.username}')
|
||||||
|
return jsonify({'message': '密码已成功强制修改'}), 200
|
||||||
|
except Exception as e:
|
||||||
|
current_app.logger.error(f'Force password change error: {str(e)}')
|
||||||
|
db.session.rollback()
|
||||||
|
return jsonify({'message': '强制修改密码失败,请稍后再试'}), 500
|
||||||
Loading…
Reference in New Issue
Block a user