floraachy
/
gitlink-forgeplus
mirror of https://gitlink.org.cn/Gitlink/forgeplus.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

停止trustie同步cookie

This commit is contained in:
xiaoxiaoqiong 2021-12-29 15:00:37 +08:00
parent abde13f061
commit 650dbea38b
1 changed files with 384 additions and 384 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

768
app/controllers/accounts_controller.rb
View File

@ -1,384 +1,384 @@
class AccountsController < ApplicationController class AccountsController < ApplicationController
include ApplicationHelper include ApplicationHelper
def index def index
render json: session render json: session
end end
# 其他平台同步注册的用户 # 其他平台同步注册的用户
def remote_register def remote_register
Register::RemoteForm.new(remote_register_params).validate! Register::RemoteForm.new(remote_register_params).validate!
username = params[:username]&.gsub(/\s+/, "") username = params[:username]&.gsub(/\s+/, "")
tip_exception("无法使用以下关键词:#{username},请重新命名") if ReversedKeyword.check_exists?(username) tip_exception("无法使用以下关键词:#{username},请重新命名") if ReversedKeyword.check_exists?(username)
email = params[:email]&.gsub(/\s+/, "") email = params[:email]&.gsub(/\s+/, "")
password = params[:password] password = params[:password]
platform = (params[:platform] || 'forge')&.gsub(/\s+/, "") platform = (params[:platform] || 'forge')&.gsub(/\s+/, "")
ActiveRecord::Base.transaction do ActiveRecord::Base.transaction do
result = autologin_register(username, email, password, platform) result = autologin_register(username, email, password, platform)
if result[:message].blank? if result[:message].blank?
render_ok({user: result[:user]}) render_ok({user: result[:user]})
else else
render_error(result[:message]) render_error(result[:message])
end end
end end
rescue Exception => e rescue Exception => e
uid_logger_error(e.message) uid_logger_error(e.message)
tip_exception(-1, e.message) tip_exception(-1, e.message)
end end
# 其他平台修改用户的信息,这边同步修改 # 其他平台修改用户的信息,这边同步修改
def remote_update def remote_update
ActiveRecord::Base.transaction do ActiveRecord::Base.transaction do
user_params = params[:user_params] user_params = params[:user_params]
user_extension_params = params[:user_extension_params] user_extension_params = params[:user_extension_params]
u = User.find_by(login: params[:old_user_login]) u = User.find_by(login: params[:old_user_login])
user_mail = u.try(:mail) user_mail = u.try(:mail)
if u.present? if u.present?
ue = u.user_extension ue = u.user_extension
u.login = user_params["login"] if user_params["login"] u.login = user_params["login"] if user_params["login"]
u.mail = user_params["mail"] if user_params["mail"] u.mail = user_params["mail"] if user_params["mail"]
u.lastname = user_params["lastname"] if user_params["lastname"] u.lastname = user_params["lastname"] if user_params["lastname"]
ue.gender = user_extension_params["gender"] ue.gender = user_extension_params["gender"]
ue.school_id = user_extension_params["school_id"] ue.school_id = user_extension_params["school_id"]
ue.location = user_extension_params["location"] ue.location = user_extension_params["location"]
ue.location_city = user_extension_params["location_city"] ue.location_city = user_extension_params["location_city"]
ue.identity = user_extension_params["identity"] ue.identity = user_extension_params["identity"]
ue.technical_title = user_extension_params["technical_title"] ue.technical_title = user_extension_params["technical_title"]
ue.student_id = user_extension_params["student_id"] ue.student_id = user_extension_params["student_id"]
ue.description = user_extension_params["description"] ue.description = user_extension_params["description"]
ue.save! ue.save!
u.save! u.save!
sync_params = {} sync_params = {}
if (user_params["mail"] && user_params["mail"] != user_mail) if (user_params["mail"] && user_params["mail"] != user_mail)
sync_params = sync_params.merge(email: user_params["mail"]) sync_params = sync_params.merge(email: user_params["mail"])
end end
if sync_params.present? if sync_params.present?
interactor = Gitea::User::UpdateInteractor.call(u.login, sync_params) interactor = Gitea::User::UpdateInteractor.call(u.login, sync_params)
if interactor.success? if interactor.success?
render_ok render_ok
else else
render_error(interactor.error) render_error(interactor.error)
end end
end end
end end
end end
rescue Exception => e rescue Exception => e
uid_logger_error(e.message) uid_logger_error(e.message)
tip_exception(-1, e.message) tip_exception(-1, e.message)
end end
# 其他平台同步登录 # 其他平台同步登录
def remote_login def remote_login
@user = User.try_to_login(params[:login], params[:password]) @user = User.try_to_login(params[:login], params[:password])
if @user if @user
successful_authentication(@user) successful_authentication(@user)
render_ok({user: {id: @user.id, token: @user.gitea_token}}) render_ok({user: {id: @user.id, token: @user.gitea_token}})
else else
render_error("用户不存在") render_error("用户不存在")
end end
end end
#修改密码 #修改密码
def remote_password def remote_password
@user = User.find_by(login: params[:login]) @user = User.find_by(login: params[:login])
return render_error("未找到相关用户!") if @user.blank? return render_error("未找到相关用户!") if @user.blank?
sync_params = { sync_params = {
password: params[:password].to_s, password: params[:password].to_s,
email: @user.mail email: @user.mail
} }
interactor = Gitea::User::UpdateInteractor.call(@user.login, sync_params) interactor = Gitea::User::UpdateInteractor.call(@user.login, sync_params)
if interactor.success? if interactor.success?
@user.update_attribute(:password, params[:password]) @user.update_attribute(:password, params[:password])
render_ok render_ok
else else
render_error(interactor.error) render_error(interactor.error)
end end
end end
# 用户注册 # 用户注册
# 注意:用户注册需要兼顾本地版,本地版是不需要验证码及激活码以及使用授权的,注册完成即可使用 # 注意:用户注册需要兼顾本地版,本地版是不需要验证码及激活码以及使用授权的,注册完成即可使用
# params[:login] 邮箱或者手机号 # params[:login] 邮箱或者手机号
# params[:namespace] 登录名 # params[:namespace] 登录名
# params[:code] 验证码 # params[:code] 验证码
# code_type 1注册手机验证码 8邮箱注册验证码 # code_type 1注册手机验证码 8邮箱注册验证码
# 本地forge注册入口需要重新更改逻辑 # 本地forge注册入口需要重新更改逻辑
def register def register
# type只可能是1或者8 # type只可能是1或者8
user = nil user = nil
begin begin
Register::Form.new(register_params).validate! Register::Form.new(register_params).validate!
user = Users::RegisterService.call(register_params) user = Users::RegisterService.call(register_params)
password = register_params[:password].strip password = register_params[:password].strip
# gitea用户注册, email, username, password # gitea用户注册, email, username, password
interactor = Gitea::RegisterInteractor.call({username: user.login, email: user.mail, password: password}) interactor = Gitea::RegisterInteractor.call({username: user.login, email: user.mail, password: password})
if interactor.success? if interactor.success?
gitea_user = interactor.result gitea_user = interactor.result
result = Gitea::User::GenerateTokenService.call(user.login, password) result = Gitea::User::GenerateTokenService.call(user.login, password)
user.gitea_token = result['sha1'] user.gitea_token = result['sha1']
user.gitea_uid = gitea_user[:body]['id'] user.gitea_uid = gitea_user[:body]['id']
if user.save! if user.save!
UserExtension.create!(user_id: user.id) UserExtension.create!(user_id: user.id)
successful_authentication(user) successful_authentication(user)
render_ok render_ok
end end
else else
tip_exception(-1, interactor.error) tip_exception(-1, interactor.error)
end end
rescue Register::BaseForm::EmailError => e rescue Register::BaseForm::EmailError => e
render_result(-2, e.message) render_result(-2, e.message)
rescue Register::BaseForm::LoginError => e rescue Register::BaseForm::LoginError => e
render_result(-3, e.message) render_result(-3, e.message)
rescue Register::BaseForm::PhoneError => e rescue Register::BaseForm::PhoneError => e
render_result(-4, e.message) render_result(-4, e.message)
rescue Register::BaseForm::PasswordFormatError => e rescue Register::BaseForm::PasswordFormatError => e
render_result(-5, e.message) render_result(-5, e.message)
rescue Register::BaseForm::PasswordConfirmationError => e rescue Register::BaseForm::PasswordConfirmationError => e
render_result(-7, e.message) render_result(-7, e.message)
rescue Register::BaseForm::VerifiCodeError => e rescue Register::BaseForm::VerifiCodeError => e
render_result(-6, e.message) render_result(-6, e.message)
rescue Exception => e rescue Exception => e
Gitea::User::DeleteService.call(user.login) unless user.nil? Gitea::User::DeleteService.call(user.login) unless user.nil?
uid_logger_error(e.message) uid_logger_error(e.message)
tip_exception(-1, e.message) tip_exception(-1, e.message)
end end
end end
# 用户登录 # 用户登录
def login def login
Users::LoginForm.new(login_params).validate! Users::LoginForm.new(login_params).validate!
@user = User.try_to_login(params[:login], params[:password]) @user = User.try_to_login(params[:login], params[:password])
return normal_status(-2, "错误的账号或密码") if @user.blank? return normal_status(-2, "错误的账号或密码") if @user.blank?
# user is already in local database # user is already in local database
return normal_status(-2, "违反平台使用规范,账号已被锁定") if @user.locked? return normal_status(-2, "违反平台使用规范,账号已被锁定") if @user.locked?
login_control = LimitForbidControl::UserLogin.new(@user) login_control = LimitForbidControl::UserLogin.new(@user)
return normal_status(-2, "登录密码出错已达上限,账号已被锁定, 请#{login_control.forbid_expires/60}分钟后重新登录或找回密码") if login_control.forbid? return normal_status(-2, "登录密码出错已达上限,账号已被锁定, 请#{login_control.forbid_expires/60}分钟后重新登录或找回密码") if login_control.forbid?
password_ok = @user.check_password?(params[:password].to_s) password_ok = @user.check_password?(params[:password].to_s)
unless password_ok unless password_ok
if login_control.remain_times-1 == 0 if login_control.remain_times-1 == 0
normal_status(-2, "登录密码出错已达上限,账号已被锁定, 请#{login_control.forbid_expires/60}分钟后重新登录或找回密码") normal_status(-2, "登录密码出错已达上限,账号已被锁定, 请#{login_control.forbid_expires/60}分钟后重新登录或找回密码")
else else
normal_status(-2, "你已经输错密码#{login_control.error_times+1}次,还剩余#{login_control.remain_times-1}次机会") normal_status(-2, "你已经输错密码#{login_control.error_times+1}次,还剩余#{login_control.remain_times-1}次机会")
end end
login_control.increment! login_control.increment!
return return
end end
successful_authentication(@user) successful_authentication(@user)
sync_pwd_to_gitea!(@user, {password: params[:password].to_s}) # TODO用户密码未同步 sync_pwd_to_gitea!(@user, {password: params[:password].to_s}) # TODO用户密码未同步
# session[:user_id] = @user.id # session[:user_id] = @user.id
end end
def change_password def change_password
@user = User.find_by(login: params[:login]) @user = User.find_by(login: params[:login])
return render_error("未找到相关用户!") if @user.blank? return render_error("未找到相关用户!") if @user.blank?
return render_error("旧密码不正确") unless @user.check_password?(params[:old_password]) return render_error("旧密码不正确") unless @user.check_password?(params[:old_password])
sync_params = { sync_params = {
password: params[:password].to_s, password: params[:password].to_s,
email: @user.mail email: @user.mail
} }
interactor = Gitea::User::UpdateInteractor.call(@user.login, sync_params) interactor = Gitea::User::UpdateInteractor.call(@user.login, sync_params)
if interactor.success? if interactor.success?
@user.update_attribute(:password, params[:password]) @user.update_attribute(:password, params[:password])
render_ok render_ok
else else
render_error(interactor.error) render_error(interactor.error)
end end
end end
# 忘记密码 # 忘记密码
def reset_password def reset_password
begin begin
Accounts::ResetPasswordForm.new(reset_password_params).validate! Accounts::ResetPasswordForm.new(reset_password_params).validate!
user = find_user user = find_user
return render_error('未找到相关账号') if user.blank? return render_error('未找到相关账号') if user.blank?
user = Accounts::ResetPasswordService.call(user, reset_password_params) user = Accounts::ResetPasswordService.call(user, reset_password_params)
LimitForbidControl::UserLogin.new(user).clear if user.save! LimitForbidControl::UserLogin.new(user).clear if user.save!
render_ok render_ok
rescue Register::BaseForm::EmailError => e rescue Register::BaseForm::EmailError => e
render_result(-2, e.message) render_result(-2, e.message)
rescue Register::BaseForm::PhoneError => e rescue Register::BaseForm::PhoneError => e
render_result(-4, e.message) render_result(-4, e.message)
rescue Register::BaseForm::PasswordFormatError => e rescue Register::BaseForm::PasswordFormatError => e
render_result(-5, e.message) render_result(-5, e.message)
rescue Register::BaseForm::PasswordConfirmationError => e rescue Register::BaseForm::PasswordConfirmationError => e
render_result(-7, e.message) render_result(-7, e.message)
rescue Register::BaseForm::VerifiCodeError => e rescue Register::BaseForm::VerifiCodeError => e
render_result(-6, e.message) render_result(-6, e.message)
rescue ActiveRecord::Rollback => e rescue ActiveRecord::Rollback => e
render_result(-1, "服务器异常") render_result(-1, "服务器异常")
rescue Exception => e rescue Exception => e
uid_logger_error(e.message) uid_logger_error(e.message)
tip_exception(e.message) tip_exception(e.message)
end end
end end
def successful_authentication(user) def successful_authentication(user)
uid_logger("Successful authentication start: '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}") uid_logger("Successful authentication start: '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}")
# Valid user # Valid user
self.logged_user = user self.logged_user = user
# generate a key and set cookie if autologin # generate a key and set cookie if autologin
set_autologin_cookie(user) set_autologin_cookie(user)
UserAction.create(:action_id => user.try(:id), :action_type => "Login", :user_id => user.try(:id), :ip => request.remote_ip) UserAction.create(:action_id => user.try(:id), :action_type => "Login", :user_id => user.try(:id), :ip => request.remote_ip)
user.update_column(:last_login_on, Time.now) user.update_column(:last_login_on, Time.now)
session[:"#{default_yun_session}"] = user.id session[:"#{default_yun_session}"] = user.id
Rails.logger.info("#########_____session_default_yun_session__________###############{default_yun_session}") Rails.logger.info("#########_____session_default_yun_session__________###############{default_yun_session}")
# 注册完成后有一天的试用申请(先去掉) # 注册完成后有一天的试用申请(先去掉)
# UserDayCertification.create(user_id: user.id, status: 1) # UserDayCertification.create(user_id: user.id, status: 1)
end end
def set_autologin_cookie(user) def set_autologin_cookie(user)
token = Token.get_or_create_permanent_login_token(user, "autologin") token = Token.get_or_create_permanent_login_token(user, "autologin")
sync_user_token_to_trustie(user.login, token.value) # sync_user_token_to_trustie(user.login, token.value)
cookie_options = { cookie_options = {
:value => token.value, :value => token.value,
:expires => 1.month.from_now, :expires => 1.month.from_now,
:path => '/', :path => '/',
:secure => false, :secure => false,
:httponly => true :httponly => true
} }
if edu_setting('cookie_domain').present? if edu_setting('cookie_domain').present?
cookie_options = cookie_options.merge(domain: edu_setting('cookie_domain')) cookie_options = cookie_options.merge(domain: edu_setting('cookie_domain'))
end end
cookies[autologin_cookie_name] = cookie_options cookies[autologin_cookie_name] = cookie_options
cookies.signed[:user_id] ||= user.id cookies.signed[:user_id] ||= user.id
logger.info("cookies is #{cookies} ======> #{cookies.signed[:user_id]} =====> #{cookies[autologin_cookie_name]}") logger.info("cookies is #{cookies} ======> #{cookies.signed[:user_id]} =====> #{cookies[autologin_cookie_name]}")
end end
def logout def logout
Rails.logger.info("########___logout_current_user____________########{current_user.try(:id)}") Rails.logger.info("########___logout_current_user____________########{current_user.try(:id)}")
UserAction.create(action_id: User.current.id, action_type: "Logout", user_id: User.current.id, :ip => request.remote_ip) UserAction.create(action_id: User.current.id, action_type: "Logout", user_id: User.current.id, :ip => request.remote_ip)
logout_user logout_user
render :json => {status: 1, message: "退出成功!"} render :json => {status: 1, message: "退出成功!"}
end end
# 检验邮箱是否已被注册及邮箱或者手机号是否合法 # 检验邮箱是否已被注册及邮箱或者手机号是否合法
# 参数type为事件类型 1注册2忘记密码3绑定 # 参数type为事件类型 1注册2忘记密码3绑定
def valid_email_and_phone def valid_email_and_phone
check_mail_and_phone_valid(params[:login], params[:type]) check_mail_and_phone_valid(params[:login], params[:type])
end end
# 发送验证码 # 发送验证码
# params[:login] 手机号或者邮箱号 # params[:login] 手机号或者邮箱号
# params[:type]为事件通知类型 1用户注册 2忘记密码 3: 绑定手机 4: 绑定邮箱, 5: 验收手机号有效 # 如果有新的继续后面加 # params[:type]为事件通知类型 1用户注册 2忘记密码 3: 绑定手机 4: 绑定邮箱, 5: 验收手机号有效 # 如果有新的继续后面加
# 发送验证码send_type 1注册手机验证码 2找回密码手机验证码 3找回密码邮箱验证码 4绑定手机 5绑定邮箱 # 发送验证码send_type 1注册手机验证码 2找回密码手机验证码 3找回密码邮箱验证码 4绑定手机 5绑定邮箱
# 6手机验证码登录 7邮箱验证码登录 8邮箱注册验证码 9: 验收手机号有效 # 6手机验证码登录 7邮箱验证码登录 8邮箱注册验证码 9: 验收手机号有效
def get_verification_code def get_verification_code
code = %W(0 1 2 3 4 5 6 7 8 9) code = %W(0 1 2 3 4 5 6 7 8 9)
value = params[:login] value = params[:login]
type = params[:type].strip.to_i type = params[:type].strip.to_i
login_type = phone_mail_type(value) login_type = phone_mail_type(value)
send_type = verify_type(login_type, type) send_type = verify_type(login_type, type)
verification_code = code.sample(6).join verification_code = code.sample(6).join
sign = Digest::MD5.hexdigest("#{OPENKEY}#{value}") sign = Digest::MD5.hexdigest("#{OPENKEY}#{value}")
tip_exception(501, "请求不合理") if sign != params[:smscode] tip_exception(501, "请求不合理") if sign != params[:smscode]
logger.info "########### 验证码:#{verification_code}" logger.info "########### 验证码:#{verification_code}"
logger.info("########get_verification_code: login_type #{login_type} send_type#{send_type}, ") logger.info("########get_verification_code: login_type #{login_type} send_type#{send_type}, ")
# 记录验证码 # 记录验证码
check_verification_code(verification_code, send_type, value) check_verification_code(verification_code, send_type, value)
render_ok render_ok
end end
# check user's login or email or phone is used # check user's login or email or phone is used
# params[:value] 手机号或者邮箱号或者登录名 # params[:value] 手机号或者邮箱号或者登录名
# params[:type] 为事件类型 1登录名(login) 2email(邮箱) 3phone(手机号) # params[:type] 为事件类型 1登录名(login) 2email(邮箱) 3phone(手机号)
def check def check
Register::CheckColumnsForm.new(check_params).validate! Register::CheckColumnsForm.new(check_params).validate!
render_ok render_ok
end end
private private
# type 事件类型 1用户注册 2忘记密码 3: 绑定手机 4: 绑定邮箱, 5: 验证手机号是否有效 # 如果有新的继续后面加 # type 事件类型 1用户注册 2忘记密码 3: 绑定手机 4: 绑定邮箱, 5: 验证手机号是否有效 # 如果有新的继续后面加
# login_type 1手机类型 2邮箱类型 # login_type 1手机类型 2邮箱类型
def verify_type login_type, type def verify_type login_type, type
case type case type
when 1 when 1
login_type == 1 ? 1 : 8 login_type == 1 ? 1 : 8
when 2 when 2
login_type == 1 ? 2 : 3 login_type == 1 ? 2 : 3
when 3 when 3
login_type == 1 ? 4 : tip_exception('请填写正确的手机号') login_type == 1 ? 4 : tip_exception('请填写正确的手机号')
when 4 when 4
login_type == 1 ? tip_exception('请填写正确的邮箱') : 5 login_type == 1 ? tip_exception('请填写正确的邮箱') : 5
when 5 when 5
login_type == 1 ? 9 : tip_exception('请填写正确的手机号') login_type == 1 ? 9 : tip_exception('请填写正确的手机号')
end end
end end
def generate_login(login) def generate_login(login)
type = phone_mail_type(login.strip) type = phone_mail_type(login.strip)
if type == 1 if type == 1
uid_logger("start register by phone: type is #{type}") uid_logger("start register by phone: type is #{type}")
pre = 'p' pre = 'p'
email = nil email = nil
phone = login phone = login
else else
uid_logger("start register by email: type is #{type}") uid_logger("start register by email: type is #{type}")
pre = 'm' pre = 'm'
email = login email = login
phone = nil phone = nil
end end
code = generate_identifier User, 8, pre code = generate_identifier User, 8, pre
{ login: pre + code, email: email, phone: phone } { login: pre + code, email: email, phone: phone }
end end
def user_params def user_params
params.require(:user).permit(:login, :email, :phone) params.require(:user).permit(:login, :email, :phone)
end end
def login_params def login_params
params.require(:account).permit(:login, :password) params.require(:account).permit(:login, :password)
end end
def check_params def check_params
params.permit(:type, :value) params.permit(:type, :value)
end end
def register_params def register_params
params.permit(:login, :namespace, :password, :password_confirmation, :code) params.permit(:login, :namespace, :password, :password_confirmation, :code)
end end
def reset_password_params def reset_password_params
params.permit(:login, :password, :password_confirmation, :code) params.permit(:login, :password, :password_confirmation, :code)
end end
def find_user def find_user
phone_or_mail = strip(reset_password_params[:login]) phone_or_mail = strip(reset_password_params[:login])
User.where("phone = :search OR mail = :search", search: phone_or_mail).last User.where("phone = :search OR mail = :search", search: phone_or_mail).last
end end
def remote_register_params def remote_register_params
params.permit(:username, :email, :password, :platform) params.permit(:username, :email, :password, :platform)
end end
end end