diff --git a/account/migrations/0018_auto_20160217_0920.py b/account/migrations/0018_auto_20160217_0920.py new file mode 100644 index 0000000..218e800 --- /dev/null +++ b/account/migrations/0018_auto_20160217_0920.py @@ -0,0 +1,23 @@ +# -*- coding: utf-8 -*- +# Generated by Django 1.9.1 on 2016-02-17 01:20 +from __future__ import unicode_literals + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('account', '0017_auto_20151212_2139'), + ] + + operations = [ + migrations.DeleteModel( + name='AdminGroup', + ), + migrations.AddField( + model_name='user', + name='openapi_appkey', + field=models.CharField(blank=True, max_length=35, null=True), + ), + ] diff --git a/account/models.py b/account/models.py index 65d8745..abb21a0 100644 --- a/account/models.py +++ b/account/models.py @@ -5,10 +5,6 @@ from django.contrib.auth.models import AbstractBaseUser from jsonfield import JSONField -class AdminGroup(models.Model): - pass - - class UserManager(models.Manager): use_in_migrations = True @@ -38,11 +34,13 @@ class User(AbstractBaseUser): reset_password_token = models.CharField(max_length=40, blank=True, null=True) # token 生成时间 reset_password_token_create_time = models.DateTimeField(blank=True, null=True) - # 论坛授权token + # SSO授权token auth_token = models.CharField(max_length=40, blank=True, null=True) # 是否开启两步验证 two_factor_auth = models.BooleanField(default=False) tfa_token = models.CharField(max_length=40, blank=True, null=True) + # open api key + openapi_appkey = models.CharField(max_length=35, blank=True, null=True) USERNAME_FIELD = 'username' REQUIRED_FIELDS = [] diff --git a/account/serializers.py b/account/serializers.py index a2d2768..5c37680 100644 --- a/account/serializers.py +++ b/account/serializers.py @@ -38,7 +38,8 @@ class UserSerializer(serializers.ModelSerializer): class Meta: model = User - fields = ["id", "username", "real_name", "email", "admin_type", "create_time", "last_login"] + fields = ["id", "username", "real_name", "email", "admin_type", + "create_time", "last_login", "two_factor_auth", "openapi_appkey"] class EditUserSerializer(serializers.Serializer): @@ -48,6 +49,8 @@ class EditUserSerializer(serializers.Serializer): password = serializers.CharField(max_length=30, min_length=6, required=False, default=None) email = serializers.EmailField(max_length=254) admin_type = serializers.IntegerField(default=0) + openapi = serializers.BooleanField() + tfa_auth = serializers.BooleanField() class ApplyResetPasswordSerializer(serializers.Serializer): diff --git a/account/views.py b/account/views.py index cf31b15..9aa4453 100644 --- a/account/views.py +++ b/account/views.py @@ -210,8 +210,24 @@ class UserAdminAPIView(APIView): user.real_name = data["real_name"] user.email = data["email"] user.admin_type = data["admin_type"] + if data["password"]: user.set_password(data["password"]) + + # 后台控制用户是否可以使用openapi + if data["openapi"] is False: + user.openapi_appkey = None + elif data["openapi"] and user.openapi_appkey is None: + user.openapi_appkey = rand_str() + + # 后台控制用户是否使用两步验证 + # 注意:用户没开启,后台开启的话,用户没有绑定过两步验证token,会造成无法登陆的! + if data["tfa_auth"] is False: + user.two_factor_auth = False + elif data["tfa_auth"] and user.two_factor_auth is False: + user.two_factor_auth = True + user.tfa_token = rand_str() + user.save() return success_response(UserSerializer(user).data) else: @@ -368,8 +384,9 @@ class SSOAPIView(APIView): user = User.objects.get(auth_token=serializer.data["token"]) user.auth_token = None user.save() - return success_response( - {"username": user.username, "admin_type": user.admin_type, "avatar": user.userprofile.avatar}) + return success_response({"username": user.username, + "admin_type": user.admin_type, + "avatar": user.userprofile.avatar}) except User.DoesNotExist: return error_response(u"用户不存在") else: diff --git a/static/src/js/app/admin/user/userList.js b/static/src/js/app/admin/user/userList.js index f468b55..5a618ef 100644 --- a/static/src/js/app/admin/user/userList.js +++ b/static/src/js/app/admin/user/userList.js @@ -20,6 +20,8 @@ require(["jquery", "avalon", "csrfToken", "bsAlert", "pager", "validator"], email: "", adminType: 0, userId: -1, + openAPI: false, + tfa_auth: false, pager: { getPage: function (page) { @@ -32,6 +34,8 @@ require(["jquery", "avalon", "csrfToken", "bsAlert", "pager", "validator"], vm.adminType = user.admin_type; vm.email = user.email; vm.userId = user.id; + vm.tfa_auth = user.two_factor_auth; + vm.openAPI = user.openapi_appkey ? true: false; vm.isEditing = true; }, @@ -77,7 +81,9 @@ require(["jquery", "avalon", "csrfToken", "bsAlert", "pager", "validator"], real_name: vm.realName, email: vm.email, id: vm.userId, - admin_type: vm.adminType + admin_type: vm.adminType, + openapi: vm.openAPI, + tfa_auth: vm.tfa_auth }; if ($("#password").val() !== "") data.password = $("#password").val(); diff --git a/template/src/admin/user/user_list.html b/template/src/admin/user/user_list.html index 937696e..ef621eb 100644 --- a/template/src/admin/user/user_list.html +++ b/template/src/admin/user/user_list.html @@ -48,7 +48,7 @@
-
@@ -60,12 +60,12 @@
-
-
@@ -75,6 +75,16 @@
+
+
+ + +
+
+ + +
+