Password message (#2702)

* [Update] 密码信封 * [Update] 查看密码 * [Update] 支持查看密码 * [Update] 修改语言翻译 * [Update] 迁移ansible到2.8版本 * [Update] 修改auth book的可连接性 * [Update] 删除不使用的方法
2025-09-02 07:55:16 +00:00 · 2019-05-20 12:30:55 +08:00
parent 466b922ea0
commit 3855fecc69
21 changed files with 416 additions and 192 deletions
--- a/apps/authentication/api/auth.py
+++ b/apps/authentication/api/auth.py
@@ -2,6 +2,7 @@
 #

 import uuid
+import time

 from django.core.cache import cache
 from django.urls import reverse
@@ -10,10 +11,11 @@ from django.utils.translation import ugettext as _

 from rest_framework.permissions import AllowAny
 from rest_framework.response import Response
+from rest_framework.generics import CreateAPIView
 from rest_framework.views import APIView

 from common.utils import get_logger, get_request_ip
-from common.permissions import IsOrgAdminOrAppUser
+from common.permissions import IsOrgAdminOrAppUser, IsValidUser
 from orgs.mixins import RootOrgViewMixin
 from users.serializers import UserSerializer
 from users.models import User
@@ -23,12 +25,13 @@ from users.utils import (
    check_user_valid, check_otp_code, increase_login_failed_count,
    is_block_login, clean_failed_count
 )
-
+from ..serializers import OtpVerifySerializer
 from ..signals import post_auth_success, post_auth_failed

 logger = get_logger(__name__)
 __all__ = [
    'UserAuthApi', 'UserConnectionTokenApi', 'UserOtpAuthApi',
+    'UserOtpVerifyApi',
 ]


@@ -179,3 +182,20 @@ class UserOtpAuthApi(RootOrgViewMixin, APIView):
                sender=self.__class__, username=username,
                request=self.request, reason=reason
            )
+
+
+class UserOtpVerifyApi(CreateAPIView):
+    permission_classes = (IsValidUser,)
+    serializer_class = OtpVerifySerializer
+
+    def create(self, request, *args, **kwargs):
+        serializer = self.get_serializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        code = serializer.validated_data["code"]
+
+        if request.user.check_otp(code):
+            request.session["OTP_LAST_VERIFY_TIME"] = int(time.time())
+            return Response({"ok": "1"})
+        else:
+            return Response({"error": "Code not valid"}, status=400)
+
--- a/apps/authentication/serializers.py
+++ b/apps/authentication/serializers.py
@@ -14,3 +14,7 @@ class AccessKeySerializer(serializers.ModelSerializer):
        model = AccessKey
        fields = ['id', 'secret']
        read_only_fields = ['id', 'secret']
+
+
+class OtpVerifySerializer(serializers.Serializer):
+    code = serializers.CharField(max_length=6, min_length=6)
--- a/apps/authentication/urls/api_urls.py
+++ b/apps/authentication/urls/api_urls.py
@@ -16,5 +16,6 @@ urlpatterns = [
    path('connection-token/',
         api.UserConnectionTokenApi.as_view(), name='connection-token'),
    path('otp/auth/', api.UserOtpAuthApi.as_view(), name='user-otp-auth'),
+    path('otp/verify/', api.UserOtpVerifyApi.as_view(), name='user-otp-verify'),
 ]