From e11f60ade21caf94a7350969c66725450079e5e4 Mon Sep 17 00:00:00 2001 From: zhenchaozhu Date: Mon, 28 Nov 2016 20:32:28 +0800 Subject: [PATCH] m --- decrators.py | 0 homepage/views.py | 20 ++++++++++++++- middlewares/session_middleware.py | 54 +++++++++++++++++++++++++++++++++++++++ weapp_sys/settings.py | 4 ++- 4 files changed, 76 insertions(+), 2 deletions(-) create mode 100644 decrators.py create mode 100644 middlewares/session_middleware.py diff --git a/decrators.py b/decrators.py new file mode 100644 index 0000000..e69de29 diff --git a/homepage/views.py b/homepage/views.py index b5dd761..11ac426 100644 --- a/homepage/views.py +++ b/homepage/views.py @@ -10,6 +10,7 @@ from django.contrib.auth import get_user_model from django.shortcuts import render_to_response from django.template import RequestContext from django.template.context_processors import csrf +from django.conf import settings @login_required def homepage(request): @@ -31,7 +32,24 @@ def mylogin(request): postdata = request.POST username = postdata.get('username','') password = postdata.get('password','') - user = auth.authenticate(username=username, password=password) + post_params = { + 'comefrom': 2, + 'user_name': username, + 'password': password, + } + resp = request.post(settings.AUTH_DOMAIN, data=post_params, verify=False) + if resp.status_code == 200: + rst = resp.json() + if rst.get('status') == 1: + data = rst.get('data') + token = data.get('token') + suid = data.get('1000') + t = HttpResponseRedirect('/admin/') + t.set_cookie('pu', username, 864000) + t.set_cookie(('pt'), ) + + else: + pass if user: auth.login(request, user) t = HttpResponseRedirect('/admin/') diff --git a/middlewares/session_middleware.py b/middlewares/session_middleware.py new file mode 100644 index 0000000..353be7b --- /dev/null +++ b/middlewares/session_middleware.py @@ -0,0 +1,54 @@ +# coding: utf-8 + +import requests +from django.conf import settings +from django.core.cache import caches +from django.contrib.auth import get_user_model +from django.contrib.auth.models import AnonymousUser + +class SessionWithoutLocalUserMiddleware(object): + """ + 统一权限(认证)中间件,Django系统本地不保存用户的情况使用 + """ + + def __init__(self): + self.cache_alias = settings.CACHE_MIDDLEWARE_ALIAS + self.cache = caches[self.cache_alias] + self.UserModel = get_user_model() + + def process_request(self, request): + if hasattr(request, "user") and getattr(request.user, "is_superuser", False): + # 对于Django系统的admin用户,这里不做任何处理 + pass + else: + pt = request.COOKIES.get('pt') + pu = request.COOKIES.get('pu') + if pt and pu: + # 能拿到统一认证session的情况,优先从缓存中拿用户 + user = self.cache.get(pu) + if not user: + # 如果缓存未命中,则直接调用统一权限,查询当前session的状态,构造用户,并存入缓存 + user_info = '' + + manager = Manager() + user_info = manager.get_user_info(request) + if user_info is None: + # 查询session状态失败的情况,构造匿名用户 + user = AnonymousUser() + else: + # 查询session状态成功的情况,构造QCCRUser + user = user_info + self.cache.set(pt, user, 60) + request.user = user + else: + # 拿不到统一认证的session,将当前用户设为匿名用户 + request.user = AnonymousUser() + + +class Manager(object): + + def __init__(self): + self.auth_domain = 'https://api.xiuyetang.com/sys/user/login' + + def get_user_info(self, request): + pass \ No newline at end of file diff --git a/weapp_sys/settings.py b/weapp_sys/settings.py index b2250ac..20792c3 100644 --- a/weapp_sys/settings.py +++ b/weapp_sys/settings.py @@ -135,4 +135,6 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) MEDIA_ROOT = os.path.join(BASE_DIR, 'media') MEDIA_URL = '/media/' -LOGIN_URL = '/login/' \ No newline at end of file +LOGIN_URL = '/login/' + +AUTH_DOMAIN = 'https://api.xiuyetang.com/sys/user/login' \ No newline at end of file -- 2.0.0