seg_yinzy
/
myems
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

modified login_counter to failed_login_count

pull/97/head
Caozhenhui 2021-12-15 11:48:06 +08:00
parent 7303ebdc58
commit 3810b0cf30
1 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
myems-api/core/user.py
View File

@ -444,7 +444,7 @@ class UserLogin:
description='API.INVALID_USER_NAME') description='API.INVALID_USER_NAME')
query = (" SELECT id, name, uuid, display_name, email, salt, password, is_admin, " query = (" SELECT id, name, uuid, display_name, email, salt, password, is_admin, "
" account_expiration_datetime_utc, password_expiration_datetime_utc, login_counter " " account_expiration_datetime_utc, password_expiration_datetime_utc, failed_login_count "
" FROM tbl_users " " FROM tbl_users "
" WHERE name = %s ") " WHERE name = %s ")
cursor.execute(query, (str.strip(new_values['data']['name']).lower(),)) cursor.execute(query, (str.strip(new_values['data']['name']).lower(),))
@ -464,7 +464,7 @@ class UserLogin:
"is_admin": True if row[7] else False, "is_admin": True if row[7] else False,
"account_expiration_datetime_utc": row[8], "account_expiration_datetime_utc": row[8],
"password_expiration_datetime_utc": row[9], "password_expiration_datetime_utc": row[9],
"login_counter": row[10]} "failed_login_count": row[10]}
elif 'email' in new_values['data']: elif 'email' in new_values['data']:
if not isinstance(new_values['data']['email'], str) or \ if not isinstance(new_values['data']['email'], str) or \
@ -473,7 +473,7 @@ class UserLogin:
description='API.INVALID_EMAIL') description='API.INVALID_EMAIL')
query = (" SELECT id, name, uuid, display_name, email, salt, password, is_admin, " query = (" SELECT id, name, uuid, display_name, email, salt, password, is_admin, "
" account_expiration_datetime_utc, password_expiration_datetime_utc,login_counter " " account_expiration_datetime_utc, password_expiration_datetime_utc,failed_login_count "
" FROM tbl_users " " FROM tbl_users "
" WHERE email = %s ") " WHERE email = %s ")
cursor.execute(query, (str.strip(new_values['data']['email']).lower(),)) cursor.execute(query, (str.strip(new_values['data']['email']).lower(),))
@ -493,7 +493,7 @@ class UserLogin:
"is_admin": True if row[7] else False, "is_admin": True if row[7] else False,
"account_expiration_datetime_utc": row[8], "account_expiration_datetime_utc": row[8],
"password_expiration_datetime_utc": row[9], "password_expiration_datetime_utc": row[9],
"login_counter": row[10]} "failed_login_count": row[10]}
else: else:
cursor.close() cursor.close()
@ -501,9 +501,9 @@ class UserLogin:
raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST',
description='API.INVALID_USER_NAME_OR_EMAIL') description='API.INVALID_USER_NAME_OR_EMAIL')
login_counter = result['login_counter'] failed_login_count = result['failed_login_count']
if login_counter >= 3: if failed_login_count >= 3:
cursor.close() cursor.close()
cnx.disconnect() cnx.disconnect()
raise falcon.HTTPError(falcon.HTTP_400, 'API.BAD_REQUEST', 'API.USER_ACCOUNT_HAS_BEEN_LOCKED') raise falcon.HTTPError(falcon.HTTP_400, 'API.BAD_REQUEST', 'API.USER_ACCOUNT_HAS_BEEN_LOCKED')
@ -513,11 +513,11 @@ class UserLogin:
hashed_password = hashlib.sha512(salt.encode() + password.encode()).hexdigest() hashed_password = hashlib.sha512(salt.encode() + password.encode()).hexdigest()
if hashed_password != result['password']: if hashed_password != result['password']:
update_login_counter = (" UPDATE tbl_users " update_failed_login_count = (" UPDATE tbl_users "
" SET login_counter = %s " " SET failed_login_count = %s "
" WHERE uuid = %s ") " WHERE uuid = %s ")
user_uuid = result['uuid'] user_uuid = result['uuid']
cursor.execute(update_login_counter, (login_counter + 1, user_uuid)) cursor.execute(update_failed_login_count, (failed_login_count + 1, user_uuid))
cnx.commit() cnx.commit()
cursor.close() cursor.close()
cnx.disconnect() cnx.disconnect()
@ -875,7 +875,7 @@ class Unlock:
cnx = mysql.connector.connect(**config.myems_user_db) cnx = mysql.connector.connect(**config.myems_user_db)
cursor = cnx.cursor() cursor = cnx.cursor()
query = (" SELECT login_counter " query = (" SELECT failed_login_count "
" FROM tbl_users " " FROM tbl_users "
" WHERE id = %s ") " WHERE id = %s ")
cursor.execute(query, (Id,)) cursor.execute(query, (Id,))
@ -885,19 +885,19 @@ class Unlock:
cnx.disconnect() cnx.disconnect()
raise falcon.HTTPError(falcon.HTTP_400, 'API.BAD_REQUEST', 'API.INVALID_Id') raise falcon.HTTPError(falcon.HTTP_400, 'API.BAD_REQUEST', 'API.INVALID_Id')
login_counter = row[0] failed_login_count = row[0]
if login_counter < 3: if failed_login_count < 3:
cursor.close() cursor.close()
cnx.disconnect() cnx.disconnect()
raise falcon.HTTPError(falcon.HTTP_400, 'API.BAD_REQUEST', 'API.USER_ACCOUNT_IS_NOT_LOCKED') raise falcon.HTTPError(falcon.HTTP_400, 'API.BAD_REQUEST', 'API.USER_ACCOUNT_IS_NOT_LOCKED')
update_user = (" UPDATE tbl_users " update_user = (" UPDATE tbl_users "
" SET login_counter = 0" " SET failed_login_count = 0"
" WHERE id = %s ") " WHERE id = %s ")
cursor.execute(update_user, (Id, )) cursor.execute(update_user, (Id, ))
cnx.commit() cnx.commit()
query = (" SELECT login_counter " query = (" SELECT failed_login_count "
" FROM tbl_users " " FROM tbl_users "
" WHERE id = %s ") " WHERE id = %s ")
cursor.execute(query, (Id,)) cursor.execute(query, (Id,))