更新 APP/auth.py

This commit is contained in:
wangwei 2024-10-14 15:37:51 +08:00
parent be8628dceb
commit 342a6c4f99

View File

@ -10,6 +10,7 @@ from flask_jwt_extended import create_access_token, create_refresh_token, jwt_re
verify_jwt_in_request
from functools import wraps
from datetime import datetime, timedelta
from app.authorization import Authorization, department_and_role_required
bp = Blueprint('auth', __name__)
@ -125,12 +126,22 @@ def login_api():
}), 403
# 检查密码是否过期
if user.needs_password_change():
current_app.logger.info(f'Password expired for user: {username_or_email}')
return jsonify({
'message': '密码已过期,请修改密码',
'require_password_change': True
}), 403
if user.password_history:
days_since_last_change = (datetime.utcnow() - user.password_history.last_password_change).days
if days_since_last_change >= 90:
current_app.logger.info(f'Password expired for user: {username_or_email}')
return jsonify({
'message': '密码已过期,请修改密码',
'require_password_change': True
}), 403
elif days_since_last_change >= 75:
expiry_date = user.password_history.last_password_change + timedelta(days=90)
warning_message = f'您的密码将在 {expiry_date.strftime("%Y-%m-%d")} 过期,请尽快修改密码'
current_app.logger.info(f'Password expiry warning for user: {username_or_email}')
else:
warning_message = None
else:
warning_message = None
login_user(user)
user.login_info.update_login_info()
@ -153,7 +164,7 @@ def login_api():
'primary_department': user.primary_department.name if user.primary_department else None,
'secondary_departments': [dept.name for dept in user.secondary_departments],
'roles': [role.name for role in user.roles],
'permissions': [perm.name for perm in user.get_all_permissions()], # 添加这行
'permissions': [perm.name for perm in user.get_all_permissions()],
'details': user_details,
'login_info': {
'register_time': user.login_info.register_time.isoformat(),
@ -164,12 +175,17 @@ def login_api():
}
}
return jsonify({
response_data = {
'message': '登录成功',
'access_token': access_token,
'refresh_token': refresh_token,
'user_info': user_info
}), 200
}
if warning_message:
response_data['warning'] = warning_message
return jsonify(response_data), 200
except Exception as e:
current_app.logger.error(f'Login error: {str(e)}')
current_app.logger.error(traceback.format_exc())
@ -354,3 +370,38 @@ def get_current_user():
current_app.logger.error(f'Error retrieving current user info: {str(e)}')
current_app.logger.error(traceback.format_exc())
return jsonify({'message': '获取用户信息失败,请稍后再试'}), 500
@bp.route('/force_password_change', methods=['POST'])
@jwt_required()
@department_and_role_required('信息技术', ['Global Administrator', 'frontline staff'])
def force_password_change():
data = request.get_json()
target_user_id = data.get('user_id')
new_password = data.get('new_password')
if not target_user_id or not new_password:
return jsonify({'message': '缺少必要的字段'}), 400
target_user = User.query.get(target_user_id)
if not target_user:
return jsonify({'message': '目标用户不存在'}), 404
try:
target_user.set_password(new_password)
target_user.login_info.has_changed_initial_password = False
target_user.login_info.is_new_user = False
# 更新密码修改历史
if target_user.password_history:
target_user.password_history.update_password_change()
else:
target_user.password_history = UserPasswordHistory(user=target_user)
db.session.commit()
current_app.logger.info(f'Password forcibly changed for user: {target_user.username}')
return jsonify({'message': '密码已成功强制修改'}), 200
except Exception as e:
current_app.logger.error(f'Force password change error: {str(e)}')
db.session.rollback()
return jsonify({'message': '强制修改密码失败,请稍后再试'}), 500