Merge branch 'dev' into hohoTT-dev

Conflicts:
	oj/urls.py

account/migrations/0003_auto_20150915_2025.py

@@ -0,0 +1,19 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import models, migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('account', '0002_user_problems_status'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='user',
+            name='problems_status',
+            field=models.TextField(default=b'{}'),
+        ),
+    ]

account/models.py

@@ -31,8 +31,7 @@ class User(AbstractBaseUser):
     # 0代表不是管理员 1是普通管理员 2是超级管理员
     admin_type = models.IntegerField(default=0)
     # JSON字典用来表示该用户的问题的解决状态 1为ac，2为正在进行
-    problems_status = models.TextField(blank=True)
-
+    problems_status = models.TextField(default="{}")
 
     USERNAME_FIELD = 'username'
     REQUIRED_FIELDS = []

account/serializers.py

@@ -7,6 +7,7 @@ from .models import User
 class UserLoginSerializer(serializers.Serializer):
     username = serializers.CharField(max_length=30)
     password = serializers.CharField(max_length=30)
+    captcha = serializers.CharField(required=False,min_length=4,max_length=4)
 
 
 class UsernameCheckSerializer(serializers.Serializer):
@@ -22,6 +23,7 @@ class UserRegisterSerializer(serializers.Serializer):
     real_name = serializers.CharField(max_length=30)
     password = serializers.CharField(max_length=30, min_length=6)
     email = serializers.EmailField(max_length=254)
+    captcha = serializers.CharField(max_length=4, min_length=4)
 
 
 class UserChangePasswordSerializer(serializers.Serializer):

account/views.py

@@ -5,15 +5,15 @@ from django.shortcuts import render
 from django.db.models import Q
 
 from rest_framework.views import APIView
-
+from rest_framework.response import Response
 from utils.shortcuts import serializer_invalid_response, error_response, success_response, paginate
 from utils.captcha import Captcha
 
 from .decorators import login_required
 from .models import User
 from .serializers import (UserLoginSerializer, UsernameCheckSerializer,
-                          UserRegisterSerializer,  UserChangePasswordSerializer,
-                          EmailCheckSerializer,  UserSerializer, EditUserSerializer)
+                          UserRegisterSerializer, UserChangePasswordSerializer,
+                          EmailCheckSerializer, UserSerializer, EditUserSerializer)
 
 
 class UserLoginAPIView(APIView):
@@ -26,6 +26,14 @@ class UserLoginAPIView(APIView):
         serializer = UserLoginSerializer(data=request.data)
         if serializer.is_valid():
             data = serializer.data
+            user = User.objects.get(username=data["username"])
+            # 只有管理员才适用验证码登录
+            if user.admin_type > 0:
+                if not "captcha" in data:
+                    return error_response(u"请填写验证码！")
+                captcha = Captcha(request)
+                if not captcha.check(data["captcha"]):
+                    return error_response(u"验证码错误")
             user = auth.authenticate(username=data["username"], password=data["password"])
             # 用户名或密码错误的话 返回None
             if user:
@@ -64,6 +72,9 @@ class UserRegisterAPIView(APIView):
         serializer = UserRegisterSerializer(data=request.data)
         if serializer.is_valid():
             data = serializer.data
+            captcha = Captcha(request)
+            if not captcha.check(data["captcha"]):
+                return error_response(u"验证码错误")
             try:
                 User.objects.get(username=data["username"])
                 return error_response(u"用户名已存在")
@@ -109,39 +120,35 @@ class UserChangePasswordAPIView(APIView):
 
 
 class UsernameCheckAPIView(APIView):
-    def post(self, request):
+    def get(self, request):
         """
-        检测用户名是否存在，存在返回True，不存在返回False
+        检测用户名是否存在，存在返回状态码400，不存在返回200
         ---
-        request_serializer: UsernameCheckSerializer
         """
-        serializer = UsernameCheckSerializer(data=request.data)
-        if serializer.is_valid():
+        username = request.GET.get("username", None)
+        if username:
             try:
-                User.objects.get(username=serializer.data["username"])
-                return success_response(True)
+                User.objects.get(username=username)
+                return Response(status=400)
             except User.DoesNotExist:
-                return success_response(False)
-        else:
-            return serializer_invalid_response(serializer)
+                return Response(status=200)
+        return Response(status=200)
 
 
 class EmailCheckAPIView(APIView):
-    def post(self, request):
+    def get(self, request):
         """
-        检测邮箱是否存在，存在返回True，不存在返回False
+        检测邮箱是否存在，存在返回状态码400，不存在返回200
         ---
-        request_serializer: EmailCheckSerializer
         """
-        serializer = EmailCheckSerializer(data=request.data)
-        if serializer.is_valid():
+        email = request.GET.get("email", None)
+        if email:
             try:
-                User.objects.get(email=serializer.data["email"])
-                return success_response(True)
+                User.objects.get(email=email)
+                return Response(status=400)
             except User.DoesNotExist:
-                return success_response(False)
-        else:
-            return serializer_invalid_response(serializer)
+                return Response(status=200)
+        return Response(status=200)
 
 
 class UserAdminAPIView(APIView):
@@ -206,3 +213,19 @@ class UserInfoAPIView(APIView):
         response_serializer: UserSerializer
         """
         return success_response(UserSerializer(request.user).data)
+
+
+class AccountSecurityAPIView(APIView):
+    def get(self, request):
+        """
+        判断用户登录是否需要验证码
+        ---
+        """
+        username = request.GET.get("username", None)
+        if username:
+            try:
+                User.objects.get(username=username, admin_type__gt=0)
+            except User.DoesNotExist:
+                return success_response({"applied_captcha": False})
+            return success_response({"applied_captcha": True})
+        return success_response({"applied_captcha": False})