seg_yinzy
/
myems
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added user log to UserLogin, ChangePassword and ResetPassword in API 

Merge branch 'develop'
pull/64/head
13621160019@163.com 2021-08-28 11:27:05 +08:00
parent a0dfcece6d 6c90203d51
commit 7725cf2962
1 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
myems-api/core/user.py
View File

@ -7,7 +7,7 @@ import hashlib
import re import re
import os import os
from datetime import datetime, timedelta from datetime import datetime, timedelta
from core.userlogger import user_logger from core.userlogger import user_logger, write_log
class UserCollection: class UserCollection:
@ -22,6 +22,7 @@ class UserCollection:
@staticmethod @staticmethod
def on_get(req, resp): def on_get(req, resp):
# todo: add access control
cnx = mysql.connector.connect(**config.myems_user_db) cnx = mysql.connector.connect(**config.myems_user_db)
cursor = cnx.cursor() cursor = cnx.cursor()
@ -54,6 +55,8 @@ class UserCollection:
@staticmethod @staticmethod
def on_post(req, resp): def on_post(req, resp):
"""Handles POST requests""" """Handles POST requests"""
# todo: add access control
# todo: add user log
try: try:
raw_json = req.stream.read().decode('utf-8') raw_json = req.stream.read().decode('utf-8')
except Exception as ex: except Exception as ex:
@ -171,6 +174,7 @@ class UserItem:
@staticmethod @staticmethod
def on_get(req, resp, id_): def on_get(req, resp, id_):
# todo: add access control
if not id_.isdigit() or int(id_) <= 0: if not id_.isdigit() or int(id_) <= 0:
raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST',
description='API.INVALID_USER_ID') description='API.INVALID_USER_ID')
@ -453,6 +457,8 @@ class UserLogin:
resp.body = json.dumps(result) resp.body = json.dumps(result)
resp.status = falcon.HTTP_200 resp.status = falcon.HTTP_200
write_log(user_uuid=user_uuid, request_method='PUT', resource_type='UserLogin',
resource_id=None, request_body=None)
class UserLogout: class UserLogout:
@ -618,6 +624,8 @@ class ChangePassword:
cnx.disconnect() cnx.disconnect()
resp.body = json.dumps("OK") resp.body = json.dumps("OK")
resp.status = falcon.HTTP_200 resp.status = falcon.HTTP_200
write_log(user_uuid=user_uuid, request_method='PUT', resource_type='ChangePassword',
resource_id=None, request_body=None)
class ResetPassword: class ResetPassword:
@ -708,6 +716,18 @@ class ResetPassword:
cursor.execute(update_user, (salt, hashed_password, user_name,)) cursor.execute(update_user, (salt, hashed_password, user_name,))
cnx.commit() cnx.commit()
query = (" SELECT id "
" FROM tbl_users "
" WHERE name = %s ")
cursor.execute(query, (user_name,))
row = cursor.fetchone()
if row is None:
cursor.close()
cnx.disconnect()
raise falcon.HTTPError(falcon.HTTP_400, 'API.BAD_REQUEST', 'API.INVALID_USERNAME')
user_id = row[0]
# Refresh administrator session # Refresh administrator session
update_session = (" UPDATE tbl_sessions " update_session = (" UPDATE tbl_sessions "
" SET utc_expires = %s " " SET utc_expires = %s "
@ -720,3 +740,5 @@ class ResetPassword:
cnx.disconnect() cnx.disconnect()
resp.body = json.dumps("OK") resp.body = json.dumps("OK")
resp.status = falcon.HTTP_200 resp.status = falcon.HTTP_200
write_log(user_uuid=admin_user_uuid, request_method='PUT', resource_type='ResetPassword',
resource_id=user_id, request_body=None)