From e11f60ade21caf94a7350969c66725450079e5e4 Mon Sep 17 00:00:00 2001
From: zhenchaozhu <lhuflying@gmail.com>
Date: Mon, 28 Nov 2016 20:32:28 +0800
Subject: [PATCH] m
---
decrators.py | 0
homepage/views.py | 20 ++++++++++++++-
middlewares/session_middleware.py | 54 +++++++++++++++++++++++++++++++++++++++
weapp_sys/settings.py | 4 ++-
4 files changed, 76 insertions(+), 2 deletions(-)
create mode 100644 decrators.py
create mode 100644 middlewares/session_middleware.py
diff --git a/decrators.py b/decrators.py
new file mode 100644
index 0000000..e69de29
diff --git a/homepage/views.py b/homepage/views.py
index b5dd761..11ac426 100644
--- a/homepage/views.py
+++ b/homepage/views.py
@@ -10,6 +10,7 @@ from django.contrib.auth import get_user_model
from django.shortcuts import render_to_response
from django.template import RequestContext
from django.template.context_processors import csrf
+from django.conf import settings
@login_required
def homepage(request):
@@ -31,7 +32,24 @@ def mylogin(request):
postdata = request.POST
username = postdata.get('username','')
password = postdata.get('password','')
- user = auth.authenticate(username=username, password=password)
+ post_params = {
+ 'comefrom': 2,
+ 'user_name': username,
+ 'password': password,
+ }
+ resp = request.post(settings.AUTH_DOMAIN, data=post_params, verify=False)
+ if resp.status_code == 200:
+ rst = resp.json()
+ if rst.get('status') == 1:
+ data = rst.get('data')
+ token = data.get('token')
+ suid = data.get('1000')
+ t = HttpResponseRedirect('/admin/')
+ t.set_cookie('pu', username, 864000)
+ t.set_cookie(('pt'), )
+
+ else:
+ pass
if user:
auth.login(request, user)
t = HttpResponseRedirect('/admin/')
diff --git a/middlewares/session_middleware.py b/middlewares/session_middleware.py
new file mode 100644
index 0000000..353be7b
--- /dev/null
+++ b/middlewares/session_middleware.py
@@ -0,0 +1,54 @@
+# coding: utf-8
+
+import requests
+from django.conf import settings
+from django.core.cache import caches
+from django.contrib.auth import get_user_model
+from django.contrib.auth.models import AnonymousUser
+
+class SessionWithoutLocalUserMiddleware(object):
+ """
+ 统一权限(认证)中间件,Django系统本地不保存用户的情况使用
+ """
+
+ def __init__(self):
+ self.cache_alias = settings.CACHE_MIDDLEWARE_ALIAS
+ self.cache = caches[self.cache_alias]
+ self.UserModel = get_user_model()
+
+ def process_request(self, request):
+ if hasattr(request, "user") and getattr(request.user, "is_superuser", False):
+ # 对于Django系统的admin用户,这里不做任何处理
+ pass
+ else:
+ pt = request.COOKIES.get('pt')
+ pu = request.COOKIES.get('pu')
+ if pt and pu:
+ # 能拿到统一认证session的情况,优先从缓存中拿用户
+ user = self.cache.get(pu)
+ if not user:
+ # 如果缓存未命中,则直接调用统一权限,查询当前session的状态,构造用户,并存入缓存
+ user_info = ''
+
+ manager = Manager()
+ user_info = manager.get_user_info(request)
+ if user_info is None:
+ # 查询session状态失败的情况,构造匿名用户
+ user = AnonymousUser()
+ else:
+ # 查询session状态成功的情况,构造QCCRUser
+ user = user_info
+ self.cache.set(pt, user, 60)
+ request.user = user
+ else:
+ # 拿不到统一认证的session,将当前用户设为匿名用户
+ request.user = AnonymousUser()
+
+
+class Manager(object):
+
+ def __init__(self):
+ self.auth_domain = 'https://api.xiuyetang.com/sys/user/login'
+
+ def get_user_info(self, request):
+ pass
\ No newline at end of file
diff --git a/weapp_sys/settings.py b/weapp_sys/settings.py
index b2250ac..20792c3 100644
--- a/weapp_sys/settings.py
+++ b/weapp_sys/settings.py
@@ -135,4 +135,6 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
MEDIA_ROOT = os.path.join(BASE_DIR, 'media')
MEDIA_URL = '/media/'
-LOGIN_URL = '/login/'
\ No newline at end of file
+LOGIN_URL = '/login/'
+
+AUTH_DOMAIN = 'https://api.xiuyetang.com/sys/user/login'
\ No newline at end of file
--
2.0.0