From df8781b9b36e6d946d9fa00f6e01f1a0261464ca Mon Sep 17 00:00:00 2001
From: Chiaki <i@wind.moe>
Date: Sat, 15 Apr 2017 14:22:37 +0800
Subject: [PATCH 01/10] Add requirements.txt

---
 requirements.txt | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 requirements.txt

diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..c837631
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1,6 @@
+django==1.9.6
+djangorestframework==3.4.0
+dateutil
+otpauth
+pillow
+python-dateutil
\ No newline at end of file

From 8a68ad7ac99913ca81ac4cb285f264f5e39a606c Mon Sep 17 00:00:00 2001
From: Chiaki <i@wind.moe>
Date: Sun, 16 Apr 2017 10:15:26 +0800
Subject: [PATCH 02/10] add account view for preview

---
 account/urls/user.py  | 10 +++++++++
 account/views/user.py | 47 +++++++++++++++++++++++++++++++++++++++++++
 oj/urls.py            |  1 +
 3 files changed, 58 insertions(+)
 create mode 100644 account/urls/user.py
 create mode 100644 account/views/user.py

diff --git a/account/urls/user.py b/account/urls/user.py
new file mode 100644
index 0000000..7ddca03
--- /dev/null
+++ b/account/urls/user.py
@@ -0,0 +1,10 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+from django.conf.urls import url
+
+from ..views.user import UserProfileAPI
+
+urlpatterns = [
+    url(r"^profile$", UserProfileAPI.as_view(), name="user_profile_api"),
+]
diff --git a/account/views/user.py b/account/views/user.py
new file mode 100644
index 0000000..f20a77b
--- /dev/null
+++ b/account/views/user.py
@@ -0,0 +1,47 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+from django.utils.translation import ugettext as _
+
+from utils.api import APIView, validate_serializer
+
+from ..decorators import login_required
+from ..serializers import EditUserSerializer, UserSerializer
+
+
+# class UserInfoAPI(APIView):
+#     @login_required
+#     def get(self, request):
+#         """
+#         Return user info api
+#         """
+#         return self.success(UserSerializer(request.user).data)
+
+
+class UserProfileAPI(APIView):
+    @login_required
+    def get(self, request):
+        """
+        Return user info api
+        """
+        return self.success(UserSerializer(request.user).data)
+
+    @validate_serializer(EditUserSerializer)
+    @login_required
+    def put(self, request):
+        data = request.data
+        user_profile = request.user.userprofile
+        if data["avatar"]:
+            user_profile.avatar = data["avatar"]
+        else:
+            user_profile.mood = data["mood"]
+            user_profile.blog = data["blog"]
+            user_profile.school = data["school"]
+            user_profile.student_id = data["student_id"]
+            user_profile.phone_number = data["phone_number"]
+            user_profile.major = data["major"]
+            # Timezone & language 暂时不加
+        user_profile.save()
+        return self.success(_("Succeeded"))
+
+
diff --git a/oj/urls.py b/oj/urls.py
index b8cc62d..79e6b03 100644
--- a/oj/urls.py
+++ b/oj/urls.py
@@ -3,6 +3,7 @@ from django.conf.urls import include, url
 urlpatterns = [
     url(r"^api/", include("account.urls.oj")),
     url(r"^api/admin/", include("account.urls.admin")),
+    url(r"^api/account/", include("account.urls.user")),
     url(r"^api/admin/", include("announcement.urls.admin")),
     url(r"^api/", include("conf.urls.oj")),
     url(r"^api/admin/", include("conf.urls.admin")),

From e3692c232916c5ce6c456e83143847629ef7a300 Mon Sep 17 00:00:00 2001
From: Chiaki <i@wind.moe>
Date: Tue, 18 Apr 2017 11:57:57 +0800
Subject: [PATCH 03/10] Add reset password api

---
 account/serializers.py |  6 +++++
 account/urls/oj.py     | 10 ++++++--
 account/urls/user.py   |  3 ++-
 account/views/oj.py    | 53 +++++++++++++++++++++++++++++++++++++++++-
 account/views/user.py  | 16 ++++++-------
 5 files changed, 75 insertions(+), 13 deletions(-)

diff --git a/account/serializers.py b/account/serializers.py
index fe128f6..a16caa8 100644
--- a/account/serializers.py
+++ b/account/serializers.py
@@ -44,3 +44,9 @@ class EditUserSerializer(serializers.Serializer):
     open_api = serializers.BooleanField()
     two_factor_auth = serializers.BooleanField()
     is_disabled = serializers.BooleanField()
+
+
+class ApplyResetPasswordSerializer(serializers.Serializer):
+    email = serializers.EmailField()
+    captcha = serializers.CharField(max_length=4, min_length=4)
+
diff --git a/account/urls/oj.py b/account/urls/oj.py
index 6a1ef6c..899f26a 100644
--- a/account/urls/oj.py
+++ b/account/urls/oj.py
@@ -1,9 +1,15 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
 from django.conf.urls import url
 
-from ..views.oj import UserChangePasswordAPI, UserLoginAPI, UserRegisterAPI
+from ..views.oj import (UserChangePasswordAPI, UserLoginAPI, UserRegisterAPI,
+                        ApplyResetPasswordAPI, ResetPasswordAPI)
 
 urlpatterns = [
     url(r"^login$", UserLoginAPI.as_view(), name="user_login_api"),
     url(r"^register$", UserRegisterAPI.as_view(), name="user_register_api"),
-    url(r"^change_password$", UserChangePasswordAPI.as_view(), name="user_change_password_api")
+    url(r"^change_password$", UserChangePasswordAPI.as_view(), name="user_change_password_api"),
+    url(r"^apply_reset_password$", ApplyResetPasswordAPI.as_view(), name="apply_reset_password_api"),
+    url(r'^reset_password$', ResetPasswordAPI.as_view(), name="apply_reset_password_api")
 ]
diff --git a/account/urls/user.py b/account/urls/user.py
index 7ddca03..518b952 100644
--- a/account/urls/user.py
+++ b/account/urls/user.py
@@ -3,8 +3,9 @@
 
 from django.conf.urls import url
 
-from ..views.user import UserProfileAPI
+from ..views.user import UserInfoAPI ,UserProfileAPI
 
 urlpatterns = [
+    url(r"^user", UserInfoAPI.as_view(), name="user_info_api"),
     url(r"^profile$", UserProfileAPI.as_view(), name="user_profile_api"),
 ]
diff --git a/account/views/oj.py b/account/views/oj.py
index 3e48a12..6d47dcb 100644
--- a/account/views/oj.py
+++ b/account/views/oj.py
@@ -1,15 +1,25 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+import codecs
+from datetime import timedelta
+
 from django.contrib import auth
+from django.conf import settings
 from django.core.exceptions import MultipleObjectsReturned
 from django.utils.translation import ugettext as _
+from django.utils.timezone import now
 from otpauth import OtpAuth
 
 from utils.api import APIView, validate_serializer
 from utils.captcha import Captcha
+from utils.shortcuts import rand_str
 
 from ..decorators import login_required
 from ..models import User, UserProfile
 from ..serializers import (UserChangePasswordSerializer, UserLoginSerializer,
-                           UserRegisterSerializer)
+                           UserRegisterSerializer,
+                           ApplyResetPasswordSerializer)
 
 
 class UserLoginAPI(APIView):
@@ -92,3 +102,44 @@ class UserChangePasswordAPI(APIView):
             return self.success(_("Succeeded"))
         else:
             return self.error(_("Invalid old password"))
+
+
+class ApplyResetPasswordAPI(APIView):
+    @validate_serializer(ApplyResetPasswordSerializer)
+    def post(self, request):
+        data = request.data
+        captcha = Captcha(request)
+        if not captcha.check(data["captcha"]):
+            return self.error(_("Invalid captcha"))
+        try:
+            user = User.objects.get(email=data["email"])
+        except User.DoesNotExist:
+            return self.error(_("User does not exist"))
+        if user.reset_password_token_expire_time and 0 < (
+            user.reset_password_token_expire_time - now()).total_seconds() < 20 * 60:
+            return self.error(_("You can only reset password once per 20 minutes"))
+        user.reset_password_token = rand_str()
+
+        user.reset_password_token_expire_time = now() + timedelta(minutes=20)
+        user.save()
+        # TODO:email template
+        # TODO:send email
+        return self.success(_("Succeeded"))
+
+
+class ResetPasswordAPI(APIView):
+    def post(self, request):
+        data = request.data
+        captcha = Captcha(request)
+        if not captcha.check(data["captcha"]):
+            return self.error(_("Invalid captcha"))
+        try:
+            user = User.objects.get(reset_password_token=data["token"])
+        except User.DoesNotExist:
+            return self.error(_("Token dose not exist"))
+        if 0 < (user.reset_password_token_expire_time - now()).total_seconds() < 30 * 60:
+            return self.error(_("Token expired"))
+        user.reset_password_token = None
+        user.set_password(data["password"])
+        user.save()
+        return self.success(_("Succeeded"))
diff --git a/account/views/user.py b/account/views/user.py
index f20a77b..190c39c 100644
--- a/account/views/user.py
+++ b/account/views/user.py
@@ -9,13 +9,13 @@ from ..decorators import login_required
 from ..serializers import EditUserSerializer, UserSerializer
 
 
-# class UserInfoAPI(APIView):
-#     @login_required
-#     def get(self, request):
-#         """
-#         Return user info api
-#         """
-#         return self.success(UserSerializer(request.user).data)
+class UserInfoAPI(APIView):
+    @login_required
+    def get(self, request):
+        """
+        Return user info api
+        """
+        return self.success(UserSerializer(request.user).data)
 
 
 class UserProfileAPI(APIView):
@@ -43,5 +43,3 @@ class UserProfileAPI(APIView):
             # Timezone & language 暂时不加
         user_profile.save()
         return self.success(_("Succeeded"))
-
-

From a9b25b872a2e71b3173191b2bcdabb76699e231c Mon Sep 17 00:00:00 2001
From: Chiaki <i@wind.moe>
Date: Tue, 18 Apr 2017 12:05:07 +0800
Subject: [PATCH 04/10] for pass ci...

---
 account/serializers.py | 1 -
 account/urls/oj.py     | 2 +-
 account/urls/user.py   | 4 ++--
 account/views/oj.py    | 4 +---
 4 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/account/serializers.py b/account/serializers.py
index a16caa8..8061d5d 100644
--- a/account/serializers.py
+++ b/account/serializers.py
@@ -49,4 +49,3 @@ class EditUserSerializer(serializers.Serializer):
 class ApplyResetPasswordSerializer(serializers.Serializer):
     email = serializers.EmailField()
     captcha = serializers.CharField(max_length=4, min_length=4)
-
diff --git a/account/urls/oj.py b/account/urls/oj.py
index 899f26a..1a66339 100644
--- a/account/urls/oj.py
+++ b/account/urls/oj.py
@@ -11,5 +11,5 @@ urlpatterns = [
     url(r"^register$", UserRegisterAPI.as_view(), name="user_register_api"),
     url(r"^change_password$", UserChangePasswordAPI.as_view(), name="user_change_password_api"),
     url(r"^apply_reset_password$", ApplyResetPasswordAPI.as_view(), name="apply_reset_password_api"),
-    url(r'^reset_password$', ResetPasswordAPI.as_view(), name="apply_reset_password_api")
+    url(r"^reset_password$", ResetPasswordAPI.as_view(), name="apply_reset_password_api")
 ]
diff --git a/account/urls/user.py b/account/urls/user.py
index 518b952..deba25b 100644
--- a/account/urls/user.py
+++ b/account/urls/user.py
@@ -3,9 +3,9 @@
 
 from django.conf.urls import url
 
-from ..views.user import UserInfoAPI ,UserProfileAPI
+from ..views.user import UserInfoAPI, UserProfileAPI
 
 urlpatterns = [
     url(r"^user", UserInfoAPI.as_view(), name="user_info_api"),
-    url(r"^profile$", UserProfileAPI.as_view(), name="user_profile_api"),
+    url(r"^profile$", UserProfileAPI.as_view(), name="user_profile_api")
 ]
diff --git a/account/views/oj.py b/account/views/oj.py
index 6d47dcb..1d63f0b 100644
--- a/account/views/oj.py
+++ b/account/views/oj.py
@@ -1,11 +1,9 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-import codecs
 from datetime import timedelta
 
 from django.contrib import auth
-from django.conf import settings
 from django.core.exceptions import MultipleObjectsReturned
 from django.utils.translation import ugettext as _
 from django.utils.timezone import now
@@ -116,7 +114,7 @@ class ApplyResetPasswordAPI(APIView):
         except User.DoesNotExist:
             return self.error(_("User does not exist"))
         if user.reset_password_token_expire_time and 0 < (
-            user.reset_password_token_expire_time - now()).total_seconds() < 20 * 60:
+           user.reset_password_token_expire_time - now()).total_seconds() < 20 * 60:
             return self.error(_("You can only reset password once per 20 minutes"))
         user.reset_password_token = rand_str()
 

From c6f49c1fe7477c1bcc5ac75c4b8d5e7627182c65 Mon Sep 17 00:00:00 2001
From: Chiaki <i@wind.moe>
Date: Tue, 18 Apr 2017 14:34:23 +0800
Subject: [PATCH 05/10] Add mail module and fix reset password api

---
 account/tasks.py                            | 10 +++
 account/templates/reset_password_email.html | 78 +++++++++++++++++++++
 account/views/oj.py                         | 21 +++++-
 requirements.txt                            |  4 +-
 reset_password_email.html                   |  0
 utils/mail.py                               | 21 ++++++
 6 files changed, 130 insertions(+), 4 deletions(-)
 create mode 100644 account/tasks.py
 create mode 100644 account/templates/reset_password_email.html
 create mode 100644 reset_password_email.html
 create mode 100644 utils/mail.py

diff --git a/account/tasks.py b/account/tasks.py
new file mode 100644
index 0000000..6470b70
--- /dev/null
+++ b/account/tasks.py
@@ -0,0 +1,10 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+from celery import shared_task
+from utils.mail import send_email
+
+
+@shared_task
+def _send_email(from_name, to_email, to_name, subject, content):
+    send_email(from_name, to_email, to_name, subject, content)
diff --git a/account/templates/reset_password_email.html b/account/templates/reset_password_email.html
new file mode 100644
index 0000000..5a0b591
--- /dev/null
+++ b/account/templates/reset_password_email.html
@@ -0,0 +1,78 @@
+<table cellpadding="0" cellspacing="0" align="center" style="text-align:left;font-family:'微软雅黑','黑体',arial;"
+       width="742">
+    <tbody>
+    <tr>
+        <td>
+            <table cellpadding="0" cellspacing="0"
+                   style="text-align:left;border:1px solid #50a5e6;color:#fff;font-size:18px;" width="740">
+                <tbody>
+                <tr height="39" style="background-color:#50a5e6;">
+                    <td style="padding-left:15px;font-family:'微软雅黑','黑体',arial;">
+                        {{ website_name }} 登录信息找回
+                    </td>
+                </tr>
+                </tbody>
+            </table>
+            <table cellpadding="0" cellspacing="0"
+                   style="text-align:left;border:1px solid #f0f0f0;border-top:none;color:#585858;background-color:#fafafa;"
+                   width="740">
+                <tbody>
+                <tr height="25">
+                    <td></td>
+                </tr>
+
+                <tr height="40">
+                    <td style="padding-left:25px;padding-right:25px;font-size:18px;font-family:'微软雅黑','黑体',arial;">
+                        Hello, {{ username }}:
+                    </td>
+                </tr>
+
+                <tr height="15">
+                    <td></td>
+                </tr>
+                <tr height="30">
+                    <td style="padding-left:55px;padding-right:55px;font-family:'微软雅黑','黑体',arial;font-size:14px;">
+                        您刚刚在 {{ website_name }} 申请了找回登录信息服务。
+                    </td>
+                </tr>
+                <tr height="30">
+                    <td style="padding-left:55px;padding-right:55px;font-family:'微软雅黑','黑体',arial;font-size:14px;">
+                        请在<span style="color:rgb(255,0,0)">30分钟</span>内点击下面链接设置您的新密码：
+                    </td>
+                </tr>
+                <tr height="60">
+                    <td style="padding-left:55px;padding-right:55px;font-family:'微软雅黑','黑体',arial;font-size:14px;">
+                        <a href="{{ link }}" target="_blank"
+                           style="color: rgb(255,255,255);text-decoration: none;display: block;min-height: 39px;width: 158px;line-height: 39px;background-color:rgb(80,165,230);font-size:20px;text-align:center;">重置密码</a>
+                    </td>
+                </tr>
+                <tr height="10">
+                    <td></td>
+                </tr>
+                <tr height="20">
+                    <td style="padding-left:55px;padding-right:55px;font-family:'微软雅黑','黑体',arial;font-size:12px;">
+                        如果上面的链接点击无效，请复制以下链接至浏览器的地址栏直接打开。
+                    </td>
+                </tr>
+                <tr height="30">
+                    <td style="padding-left:55px;padding-right:65px;font-family:'微软雅黑','黑体',arial;">
+                        <a href="{{ link }}" target="_blank" style="color:#0c94de;font-size:12px;">
+                            {{ link }}
+                        </a>
+                    </td>
+                </tr>
+                <tr height="20">
+                    <td style="padding-left:55px;padding-right:55px;font-family:'微软雅黑','黑体',arial;font-size:12px;">
+                        如果您没有提出过该申请，请忽略此邮件。有可能是其他用户误填了您的邮件地址，我们不会对你的帐户进行任何修改。
+                        请不要向他人透露本邮件的内容，否则可能会导致您的账号被盗。
+                    </td>
+                </tr>
+                <tr height="20">
+                    <td></td>
+                </tr>
+                </tbody>
+            </table>
+        </td>
+    </tr>
+    </tbody>
+</table>
\ No newline at end of file
diff --git a/account/views/oj.py b/account/views/oj.py
index 1d63f0b..86f82d6 100644
--- a/account/views/oj.py
+++ b/account/views/oj.py
@@ -1,14 +1,18 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
+import os
+
 from datetime import timedelta
 
 from django.contrib import auth
+from django.conf import settings
 from django.core.exceptions import MultipleObjectsReturned
 from django.utils.translation import ugettext as _
 from django.utils.timezone import now
 from otpauth import OtpAuth
 
+from conf.models import WebsiteConfig
 from utils.api import APIView, validate_serializer
 from utils.captcha import Captcha
 from utils.shortcuts import rand_str
@@ -18,6 +22,7 @@ from ..models import User, UserProfile
 from ..serializers import (UserChangePasswordSerializer, UserLoginSerializer,
                            UserRegisterSerializer,
                            ApplyResetPasswordSerializer)
+from ..tasks import _send_email
 
 
 class UserLoginAPI(APIView):
@@ -114,14 +119,24 @@ class ApplyResetPasswordAPI(APIView):
         except User.DoesNotExist:
             return self.error(_("User does not exist"))
         if user.reset_password_token_expire_time and 0 < (
-           user.reset_password_token_expire_time - now()).total_seconds() < 20 * 60:
+                    user.reset_password_token_expire_time - now()).total_seconds() < 20 * 60:
             return self.error(_("You can only reset password once per 20 minutes"))
         user.reset_password_token = rand_str()
 
         user.reset_password_token_expire_time = now() + timedelta(minutes=20)
         user.save()
-        # TODO:email template
-        # TODO:send email
+        email_template = open("reset_password_email.html", "w",
+                              encoding="utf-8").read()
+        email_template = email_template.replace("{{ username }}", user.username). \
+            replace("{{ website_name }}", settings.WEBSITE_INFO["website_name"]). \
+            replace("{{ link }}", settings.WEBSITE_INFO["url"] + "/reset_password/t/" +
+                    user.reset_password_token)
+        config = WebsiteConfig.objects.first()
+        _send_email.delay(config.name,
+                          user.email,
+                          user.username,
+                          config.name + " 登录信息找回邮件",
+                          email_template)
         return self.success(_("Succeeded"))
 
 
diff --git a/requirements.txt b/requirements.txt
index c837631..f17f7a4 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,4 +3,6 @@ djangorestframework==3.4.0
 dateutil
 otpauth
 pillow
-python-dateutil
\ No newline at end of file
+python-dateutil
+celery
+Envelopes
\ No newline at end of file
diff --git a/reset_password_email.html b/reset_password_email.html
new file mode 100644
index 0000000..e69de29
diff --git a/utils/mail.py b/utils/mail.py
new file mode 100644
index 0000000..6ff7e7d
--- /dev/null
+++ b/utils/mail.py
@@ -0,0 +1,21 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+from envelopes import Envelope
+
+from conf.models import SMTPConfig
+
+
+def send_email(from_name, to_email, to_name, subject, content):
+    smtp = SMTPConfig.objects.first()
+    if not smtp:
+        return
+    envlope = Envelope(from_addr=(smtp.email, from_name),
+                       to_addr=(to_email, to_name),
+                       subject=subject,
+                       html_body=content)
+    envlope.send(smtp.server,
+                 login=smtp.email,
+                 password=smtp.password,
+                 port=smtp.port,
+                 tls=smtp.tls)

From 2c4518e80303bc3227969aa99828d888148e195b Mon Sep 17 00:00:00 2001
From: Chiaki <i@wind.moe>
Date: Tue, 18 Apr 2017 14:40:36 +0800
Subject: [PATCH 06/10] Fix deploy requirements.txt

---
 deploy/requirements.txt   | 5 +++--
 requirements.txt          | 5 +++--
 reset_password_email.html | 0
 3 files changed, 6 insertions(+), 4 deletions(-)
 delete mode 100644 reset_password_email.html

diff --git a/deploy/requirements.txt b/deploy/requirements.txt
index ae2a33c..54b4aa3 100644
--- a/deploy/requirements.txt
+++ b/deploy/requirements.txt
@@ -1,5 +1,5 @@
-Django<1.10
-djangorestframework==3.3.3
+django==1.9.6
+djangorestframework==3.4.0
 pillow
 jsonfield
 otpauth
@@ -7,3 +7,4 @@ flake8-quotes
 pytz
 coverage
 python-dateutil
+celery
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
index f17f7a4..a972bb2 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,8 +1,9 @@
 django==1.9.6
 djangorestframework==3.4.0
-dateutil
 otpauth
 pillow
 python-dateutil
 celery
-Envelopes
\ No newline at end of file
+Envelopes
+pytz
+jsonfield
\ No newline at end of file
diff --git a/reset_password_email.html b/reset_password_email.html
deleted file mode 100644
index e69de29..0000000

From 1a4cb9332ec8fb02b5b75b7c12b3cd543a0b5bff Mon Sep 17 00:00:00 2001
From: Chiaki <i@wind.moe>
Date: Tue, 18 Apr 2017 14:42:28 +0800
Subject: [PATCH 07/10] Fix deploy requirements.txt

---
 deploy/requirements.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/deploy/requirements.txt b/deploy/requirements.txt
index 54b4aa3..98ef6ed 100644
--- a/deploy/requirements.txt
+++ b/deploy/requirements.txt
@@ -7,4 +7,5 @@ flake8-quotes
 pytz
 coverage
 python-dateutil
-celery
\ No newline at end of file
+celery
+Envelopes
\ No newline at end of file

From ee05af8e5a3ee8daa5ee9e0be1652438f79e2503 Mon Sep 17 00:00:00 2001
From: Chiaki <i@wind.moe>
Date: Tue, 18 Apr 2017 15:19:26 +0800
Subject: [PATCH 08/10] Add sso and 2fa api

---
 account/serializers.py  | 15 +++++++
 account/urls/user.py    |  9 ++--
 account/views/oj.py     |  9 ++--
 account/views/user.py   | 91 ++++++++++++++++++++++++++++++++++++++++-
 deploy/requirements.txt |  3 +-
 requirements.txt        |  3 +-
 6 files changed, 119 insertions(+), 11 deletions(-)

diff --git a/account/serializers.py b/account/serializers.py
index 8061d5d..112d59d 100644
--- a/account/serializers.py
+++ b/account/serializers.py
@@ -49,3 +49,18 @@ class EditUserSerializer(serializers.Serializer):
 class ApplyResetPasswordSerializer(serializers.Serializer):
     email = serializers.EmailField()
     captcha = serializers.CharField(max_length=4, min_length=4)
+
+
+class ResetPasswordSerializer(serializers.Serializer):
+    token = serializers.CharField(min_length=1, max_length=40)
+    password = serializers.CharField(min_length=6, max_length=30)
+    captcha = serializers.CharField(max_length=4, min_length=4)
+
+
+class SSOSerializer(serializers.Serializer):
+    appkey = serializers.CharField(max_length=35)
+    token = serializers.CharField(max_length=40)
+
+
+class TwoFactorAuthCodeSerializer(serializers.Serializer):
+    code = serializers.IntegerField()
diff --git a/account/urls/user.py b/account/urls/user.py
index deba25b..307b94e 100644
--- a/account/urls/user.py
+++ b/account/urls/user.py
@@ -3,9 +3,12 @@
 
 from django.conf.urls import url
 
-from ..views.user import UserInfoAPI, UserProfileAPI
+from ..views.user import (UserInfoAPI, UserProfileAPI,
+                          SSOAPI, TwoFactorAuthAPI)
 
 urlpatterns = [
-    url(r"^user", UserInfoAPI.as_view(), name="user_info_api"),
-    url(r"^profile$", UserProfileAPI.as_view(), name="user_profile_api")
+    url(r"^user$", UserInfoAPI.as_view(), name="user_info_api"),
+    url(r"^profile$", UserProfileAPI.as_view(), name="user_profile_api"),
+    url(r"^sso$", SSOAPI.as_view(), name="sso_api"),
+    url(r"^two_factor_auth$", TwoFactorAuthAPI.as_view(), name="two_factor_auth_api")
 ]
diff --git a/account/views/oj.py b/account/views/oj.py
index 86f82d6..125fc69 100644
--- a/account/views/oj.py
+++ b/account/views/oj.py
@@ -1,16 +1,14 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-import os
-
 from datetime import timedelta
+from otpauth import OtpAuth
 
 from django.contrib import auth
 from django.conf import settings
 from django.core.exceptions import MultipleObjectsReturned
 from django.utils.translation import ugettext as _
 from django.utils.timezone import now
-from otpauth import OtpAuth
 
 from conf.models import WebsiteConfig
 from utils.api import APIView, validate_serializer
@@ -21,7 +19,7 @@ from ..decorators import login_required
 from ..models import User, UserProfile
 from ..serializers import (UserChangePasswordSerializer, UserLoginSerializer,
                            UserRegisterSerializer,
-                           ApplyResetPasswordSerializer)
+                           ApplyResetPasswordSerializer, ResetPasswordSerializer)
 from ..tasks import _send_email
 
 
@@ -112,6 +110,7 @@ class ApplyResetPasswordAPI(APIView):
     def post(self, request):
         data = request.data
         captcha = Captcha(request)
+        config = WebsiteConfig.objects.first()
         if not captcha.check(data["captcha"]):
             return self.error(_("Invalid captcha"))
         try:
@@ -131,7 +130,6 @@ class ApplyResetPasswordAPI(APIView):
             replace("{{ website_name }}", settings.WEBSITE_INFO["website_name"]). \
             replace("{{ link }}", settings.WEBSITE_INFO["url"] + "/reset_password/t/" +
                     user.reset_password_token)
-        config = WebsiteConfig.objects.first()
         _send_email.delay(config.name,
                           user.email,
                           user.username,
@@ -141,6 +139,7 @@ class ApplyResetPasswordAPI(APIView):
 
 
 class ResetPasswordAPI(APIView):
+    @validate_serializer(ResetPasswordSerializer)
     def post(self, request):
         data = request.data
         captcha = Captcha(request)
diff --git a/account/views/user.py b/account/views/user.py
index 190c39c..2388c59 100644
--- a/account/views/user.py
+++ b/account/views/user.py
@@ -1,12 +1,23 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
+import qrcode
+
+from io import StringIO
+from otpauth import OtpAuth
+
+from django.conf import settings
+from django.http import HttpResponse
 from django.utils.translation import ugettext as _
 
+from conf.models import WebsiteConfig
 from utils.api import APIView, validate_serializer
+from utils.shortcuts import rand_str
 
 from ..decorators import login_required
-from ..serializers import EditUserSerializer, UserSerializer
+from ..models import User
+from ..serializers import (EditUserSerializer, UserSerializer,
+                           SSOSerializer, TwoFactorAuthCodeSerializer)
 
 
 class UserInfoAPI(APIView):
@@ -43,3 +54,81 @@ class UserProfileAPI(APIView):
             # Timezone & language 暂时不加
         user_profile.save()
         return self.success(_("Succeeded"))
+
+
+class SSOAPI(APIView):
+    @login_required
+    def get(self, request):
+        callback = request.GET.get("callback", None)
+        if not callback:
+            return self.error(_("Parameter Error"))
+        token = rand_str()
+        request.user.auth_token = token
+        request.user.save()
+        return self.success({"redirect_url": callback + "?token=" + token,
+                             "callback": callback})
+
+    @validate_serializer(SSOSerializer)
+    def post(self, request):
+        data = request.data
+        try:
+            User.objects.get(open_api_appkey=data["appkey"])
+        except User.DoesNotExist:
+            return self.error(_("Invalid appkey"))
+        try:
+            user = User.objects.get(auth_token=data["token"])
+            user.auth_token = None
+            user.save()
+            return self.success({"username": user.username,
+                                 "id": user.id,
+                                 "admin_type": user.admin_type,
+                                 "avatar": user.userprofile.avatar})
+        except User.DoesNotExist:
+            return self.error("User does not exist")
+
+
+class TwoFactorAuthAPI(APIView):
+    @login_required
+    def get(self, request):
+        """
+        Get QR code
+        """
+        user = request.user
+        if user.two_factor_auth:
+            return self.error("Already open 2FA")
+        token = rand_str()
+        user.tfa_token = token
+        user.save()
+
+        config = WebsiteConfig.objects.first()
+        image = qrcode.make(OtpAuth(token).to_uri("totp", config.base_url, config.name))
+        buf = StringIO()
+        image.save(buf, 'gif')
+
+        return HttpResponse(buf.getvalue(), 'image/gif')
+
+    @login_required
+    @validate_serializer(TwoFactorAuthCodeSerializer)
+    def post(self, request):
+        """
+        Open 2FA
+        """
+        code = request.data["code"]
+        user = request.user
+        if OtpAuth(user.tfa_token).valid_totp(code):
+            user.two_factor_auth = True
+            user.save()
+            return self.success(_("Succeeded"))
+        else:
+            return self.error(_("Invalid captcha"))
+
+    @login_required
+    @validate_serializer(TwoFactorAuthCodeSerializer)
+    def put(self, request):
+        code = request.data["code"]
+        user = request.user
+        if OtpAuth(user.tfa_token).valid_totp(code):
+            user.two_factor_auth = False
+            user.save()
+        else:
+            return self.error(_("Invalid captcha"))
diff --git a/deploy/requirements.txt b/deploy/requirements.txt
index 98ef6ed..308698b 100644
--- a/deploy/requirements.txt
+++ b/deploy/requirements.txt
@@ -8,4 +8,5 @@ pytz
 coverage
 python-dateutil
 celery
-Envelopes
\ No newline at end of file
+Envelopes
+qrcode
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
index a972bb2..9b0d805 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,4 +6,5 @@ python-dateutil
 celery
 Envelopes
 pytz
-jsonfield
\ No newline at end of file
+jsonfield
+qrcode
\ No newline at end of file

From 1fcd13b5e12359a150e7bc28bac43e17cd201f48 Mon Sep 17 00:00:00 2001
From: Chiaki <i@wind.moe>
Date: Tue, 18 Apr 2017 15:35:08 +0800
Subject: [PATCH 09/10] Add avatar upload api

---
 account/urls/user.py  |  3 ++-
 account/views/user.py | 19 +++++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/account/urls/user.py b/account/urls/user.py
index 307b94e..3eb9252 100644
--- a/account/urls/user.py
+++ b/account/urls/user.py
@@ -3,12 +3,13 @@
 
 from django.conf.urls import url
 
-from ..views.user import (UserInfoAPI, UserProfileAPI,
+from ..views.user import (UserInfoAPI, UserProfileAPI, AvatarUploadAPI,
                           SSOAPI, TwoFactorAuthAPI)
 
 urlpatterns = [
     url(r"^user$", UserInfoAPI.as_view(), name="user_info_api"),
     url(r"^profile$", UserProfileAPI.as_view(), name="user_profile_api"),
+    url(r"^avatar/upload$", AvatarUploadAPI.as_view(), name="avatar_upload_api"),
     url(r"^sso$", SSOAPI.as_view(), name="sso_api"),
     url(r"^two_factor_auth$", TwoFactorAuthAPI.as_view(), name="two_factor_auth_api")
 ]
diff --git a/account/views/user.py b/account/views/user.py
index 2388c59..7cbd791 100644
--- a/account/views/user.py
+++ b/account/views/user.py
@@ -1,6 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
+import os
 import qrcode
 
 from io import StringIO
@@ -56,6 +57,24 @@ class UserProfileAPI(APIView):
         return self.success(_("Succeeded"))
 
 
+class AvatarUploadAPI(APIView):
+    def post(self, request):
+        if "file" not in request.FILES:
+            return self.error(_("Upload failed"))
+
+        f = request.FILES["file"]
+        if f.size > 1024 * 1024:
+            return self.error(_("Picture too large"))
+        if os.path.splitext(f.name)[-1].lower() not in [".gif", ".jpg", ".jpeg", ".bmp", ".png"]:
+            return self.error(_("Unsupported file format"))
+
+        name = "avatar_" + rand_str(5) + os.path.splitext(f.name)[-1]
+        with open(os.path.join(settings.IMAGE_UPLOAD_DIR, name), "wb") as img:
+            for chunk in request.FILES["file"]:
+                img.write(chunk)
+        return self.success({"path": "/static/upload/" + name})
+
+
 class SSOAPI(APIView):
     @login_required
     def get(self, request):

From 3caf2d9d2c1fbdc71d6b4d3bee98e3004f998a15 Mon Sep 17 00:00:00 2001
From: Chiaki <i@wind.moe>
Date: Tue, 18 Apr 2017 15:39:49 +0800
Subject: [PATCH 10/10] Allow multiple ways to access url and fix ci

---
 account/urls/admin.py      |  2 +-
 account/urls/oj.py         | 10 +++++-----
 account/urls/user.py       | 10 +++++-----
 account/views/user.py      |  4 ++--
 announcement/urls/admin.py |  2 +-
 conf/urls/admin.py         |  6 +++---
 conf/urls/oj.py            |  6 +++---
 contest/urls/admin.py      |  4 ++--
 contest/urls/oj.py         |  2 +-
 problem/urls/admin.py      |  6 +++---
 problem/urls/oj.py         |  2 +-
 11 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/account/urls/admin.py b/account/urls/admin.py
index 372ba24..b10741e 100644
--- a/account/urls/admin.py
+++ b/account/urls/admin.py
@@ -3,5 +3,5 @@ from django.conf.urls import url
 from ..views.admin import UserAdminAPI
 
 urlpatterns = [
-    url(r"^user$", UserAdminAPI.as_view(), name="user_admin_api"),
+    url(r"^user/?$", UserAdminAPI.as_view(), name="user_admin_api"),
 ]
diff --git a/account/urls/oj.py b/account/urls/oj.py
index 1a66339..e73311f 100644
--- a/account/urls/oj.py
+++ b/account/urls/oj.py
@@ -7,9 +7,9 @@ from ..views.oj import (UserChangePasswordAPI, UserLoginAPI, UserRegisterAPI,
                         ApplyResetPasswordAPI, ResetPasswordAPI)
 
 urlpatterns = [
-    url(r"^login$", UserLoginAPI.as_view(), name="user_login_api"),
-    url(r"^register$", UserRegisterAPI.as_view(), name="user_register_api"),
-    url(r"^change_password$", UserChangePasswordAPI.as_view(), name="user_change_password_api"),
-    url(r"^apply_reset_password$", ApplyResetPasswordAPI.as_view(), name="apply_reset_password_api"),
-    url(r"^reset_password$", ResetPasswordAPI.as_view(), name="apply_reset_password_api")
+    url(r"^login/?$", UserLoginAPI.as_view(), name="user_login_api"),
+    url(r"^register/?$", UserRegisterAPI.as_view(), name="user_register_api"),
+    url(r"^change_password/?$", UserChangePasswordAPI.as_view(), name="user_change_password_api"),
+    url(r"^apply_reset_password/?$", ApplyResetPasswordAPI.as_view(), name="apply_reset_password_api"),
+    url(r"^reset_password/?$", ResetPasswordAPI.as_view(), name="apply_reset_password_api")
 ]
diff --git a/account/urls/user.py b/account/urls/user.py
index 3eb9252..3ec765a 100644
--- a/account/urls/user.py
+++ b/account/urls/user.py
@@ -7,9 +7,9 @@ from ..views.user import (UserInfoAPI, UserProfileAPI, AvatarUploadAPI,
                           SSOAPI, TwoFactorAuthAPI)
 
 urlpatterns = [
-    url(r"^user$", UserInfoAPI.as_view(), name="user_info_api"),
-    url(r"^profile$", UserProfileAPI.as_view(), name="user_profile_api"),
-    url(r"^avatar/upload$", AvatarUploadAPI.as_view(), name="avatar_upload_api"),
-    url(r"^sso$", SSOAPI.as_view(), name="sso_api"),
-    url(r"^two_factor_auth$", TwoFactorAuthAPI.as_view(), name="two_factor_auth_api")
+    url(r"^user/?$", UserInfoAPI.as_view(), name="user_info_api"),
+    url(r"^profile/?$", UserProfileAPI.as_view(), name="user_profile_api"),
+    url(r"^avatar/upload/?$", AvatarUploadAPI.as_view(), name="avatar_upload_api"),
+    url(r"^sso/?$", SSOAPI.as_view(), name="sso_api"),
+    url(r"^two_factor_auth/?$", TwoFactorAuthAPI.as_view(), name="two_factor_auth_api")
 ]
diff --git a/account/views/user.py b/account/views/user.py
index 7cbd791..d3bcacf 100644
--- a/account/views/user.py
+++ b/account/views/user.py
@@ -122,9 +122,9 @@ class TwoFactorAuthAPI(APIView):
         config = WebsiteConfig.objects.first()
         image = qrcode.make(OtpAuth(token).to_uri("totp", config.base_url, config.name))
         buf = StringIO()
-        image.save(buf, 'gif')
+        image.save(buf, "gif")
 
-        return HttpResponse(buf.getvalue(), 'image/gif')
+        return HttpResponse(buf.getvalue(), "image/gif")
 
     @login_required
     @validate_serializer(TwoFactorAuthCodeSerializer)
diff --git a/announcement/urls/admin.py b/announcement/urls/admin.py
index fefc160..6b9ce0f 100644
--- a/announcement/urls/admin.py
+++ b/announcement/urls/admin.py
@@ -3,5 +3,5 @@ from django.conf.urls import url
 from ..views import AnnouncementAdminAPI
 
 urlpatterns = [
-    url(r"^announcement$", AnnouncementAdminAPI.as_view(), name="announcement_admin_api"),
+    url(r"^announcement/?$", AnnouncementAdminAPI.as_view(), name="announcement_admin_api"),
 ]
diff --git a/conf/urls/admin.py b/conf/urls/admin.py
index dcb5c6f..be24272 100644
--- a/conf/urls/admin.py
+++ b/conf/urls/admin.py
@@ -3,7 +3,7 @@ from django.conf.urls import url
 from ..views import SMTPAPI, JudgeServerAPI, WebsiteConfigAPI
 
 urlpatterns = [
-    url(r"^smtp$", SMTPAPI.as_view(), name="smtp_admin_api"),
-    url(r"^website$", WebsiteConfigAPI.as_view(), name="website_config_api"),
-    url(r"^judge_server", JudgeServerAPI.as_view(), name="judge_server_api")
+    url(r"^smtp/?$", SMTPAPI.as_view(), name="smtp_admin_api"),
+    url(r"^website/?$", WebsiteConfigAPI.as_view(), name="website_config_api"),
+    url(r"^judge_server/?$", JudgeServerAPI.as_view(), name="judge_server_api")
 ]
diff --git a/conf/urls/oj.py b/conf/urls/oj.py
index b5a06e5..3e6d757 100644
--- a/conf/urls/oj.py
+++ b/conf/urls/oj.py
@@ -3,7 +3,7 @@ from django.conf.urls import url
 from ..views import JudgeServerHeartbeatAPI, LanguagesAPI, WebsiteConfigAPI
 
 urlpatterns = [
-    url(r"^website$", WebsiteConfigAPI.as_view(), name="website_info_api"),
-    url(r"^judge_server_heartbeat$", JudgeServerHeartbeatAPI.as_view(), name="judge_server_heartbeat_api"),
-    url(r"^languages$", LanguagesAPI.as_view(), name="language_list_api")
+    url(r"^website/?$", WebsiteConfigAPI.as_view(), name="website_info_api"),
+    url(r"^judge_server_heartbeat/?$", JudgeServerHeartbeatAPI.as_view(), name="judge_server_heartbeat_api"),
+    url(r"^languages/?$", LanguagesAPI.as_view(), name="language_list_api")
 ]
diff --git a/contest/urls/admin.py b/contest/urls/admin.py
index d9ea9c9..2a7705a 100644
--- a/contest/urls/admin.py
+++ b/contest/urls/admin.py
@@ -3,6 +3,6 @@ from django.conf.urls import url
 from ..views.admin import ContestAnnouncementAPI, ContestAPI
 
 urlpatterns = [
-    url(r"^contest$", ContestAPI.as_view(), name="contest_api"),
-    url(r"^contest/announcement$", ContestAnnouncementAPI.as_view(), name="contest_announcement_admin_api")
+    url(r"^contest/?$", ContestAPI.as_view(), name="contest_api"),
+    url(r"^contest/announcement/?$", ContestAnnouncementAPI.as_view(), name="contest_announcement_admin_api")
 ]
diff --git a/contest/urls/oj.py b/contest/urls/oj.py
index e2e48ca..bfc80b8 100644
--- a/contest/urls/oj.py
+++ b/contest/urls/oj.py
@@ -3,5 +3,5 @@ from django.conf.urls import url
 from ..views.oj import ContestAnnouncementListAPI
 
 urlpatterns = [
-    url(r"^contest$", ContestAnnouncementListAPI.as_view(), name="contest_list_api"),
+    url(r"^contest/?$", ContestAnnouncementListAPI.as_view(), name="contest_list_api"),
 ]
diff --git a/problem/urls/admin.py b/problem/urls/admin.py
index bfd66c2..7ea423e 100644
--- a/problem/urls/admin.py
+++ b/problem/urls/admin.py
@@ -3,7 +3,7 @@ from django.conf.urls import url
 from ..views.admin import ProblemAPI, TestCaseUploadAPI, ContestProblemAPI
 
 urlpatterns = [
-    url(r"^test_case/upload$", TestCaseUploadAPI.as_view(), name="test_case_upload_api"),
-    url(r"^problem$", ProblemAPI.as_view(), name="problem_api"),
-    url(r"^contest/problem$", ContestProblemAPI.as_view(), name="contest_problem_api")
+    url(r"^test_case/upload/?$", TestCaseUploadAPI.as_view(), name="test_case_upload_api"),
+    url(r"^problem/?$", ProblemAPI.as_view(), name="problem_api"),
+    url(r"^contest/problem/?$", ContestProblemAPI.as_view(), name="contest_problem_api")
 ]
diff --git a/problem/urls/oj.py b/problem/urls/oj.py
index d99155a..a7613f1 100644
--- a/problem/urls/oj.py
+++ b/problem/urls/oj.py
@@ -3,5 +3,5 @@ from django.conf.urls import url
 from ..views.oj import ProblemTagAPI
 
 urlpatterns = [
-    url(r"^problem/tags$", ProblemTagAPI.as_view(), name="problem_tag_list_api")
+    url(r"^problem/tags/?$", ProblemTagAPI.as_view(), name="problem_tag_list_api")
 ]