单点登录系统（简易版），因为存在多个系统，各个系统都有用户管理，所以特意将它独立出来！.zip

#!/usr/bin/python # -*- coding:utf-8 -*- from django.contrib.auth import login, logout, authenticate from django.contrib.auth.decorators import login_required from django.core.urlresolvers import reverse from django.http import HttpResponseRedirect, HttpResponse from django.template import RequestContext from django.contrib import messages from django.contrib.admin.models import LogEntry from django.contrib.contenttypes.models import ContentType from django.contrib.auth.decorators import user_passes_test from django.shortcuts import render_to_response from django.conf import settings from cStringIO import StringIO from library.common import paging from system.models import UserProfile from system.forms import * from users.models import Users import pyotp import qrcode def super_user_required(login_url='/error_403'): """ check permission :param login_url: :return: """ return user_passes_test(lambda u: u.is_superuser, login_url=login_url) def user_login(request): """ 用户登录视图 :param request: :return: """ callback = request.REQUEST.get('next', '') response = HttpResponseRedirect(callback) if callback != '' else HttpResponseRedirect('/') if request.method == 'POST': form = UserLoginForm(request.POST) if form.is_valid(): rs, msg = False, '用户不存在/密码错误！' cd = form.cleaned_data # 验证账号密码 user = authenticate(username=cd['username'], password=cd['password']) if user: # 验证OTP try: key = user.profile.otp if settings.ARCHER_ENABLE_OTP and cd['otp'] and len(cd['otp']) == 6: if not pyotp.TOTP(key).verify(cd['code']): msg = '错误：动态口令验证失败！' else: login(request, user) rs = True, '登录成功！' except Exception, e: UserProfile(user=user, otp=pyotp.random_base32(), avatar='').save() # 追加otp msg = e.message if rs: messages.add_message(request, messages.SUCCESS, msg) else: messages.add_message(request, messages.ERROR, msg) response = HttpResponseRedirect(reverse('system:system_user_login')) return response else: return response if request.user.is_authenticated() else render_to_response('system/login.html', { 'enable_otp': settings.ARCHER_ENABLE_OTP}, context_instance=RequestContext(request)) @login_required(login_url='/system/u/login/') def user_logout(request): """ 用户注销 :param request: :return: """ logout(request) return HttpResponseRedirect(reverse('system:system_user_login')) @login_required(login_url='/system/u/login/') def user_change_password(request): """ 修改用户密码 :param request: :return: """ if request.method == 'POST': form = UserChangePasswordForm(request.POST) rs, msg = False, '密码修改失败' if form.is_valid(): form_data = form.cleaned_data new_password1 = form_data['new_password1'] new_password2 = form_data['new_password2'] if new_password1 == '' or new_password2 == '': msg = "密码/otp_code不允许为空" elif new_password1 != new_password2: msg = "两次密码不一致" elif len(new_password1) < 6: msg = "密码必须大于六位" elif new_password1 == new_password2: request.user.set_password(new_password1) request.user.save() rs, msg = True, "修改成功" else: msg = "未知错误" if rs: messages.add_message(request, messages.SUCCESS, msg) else: messages.add_message(request, messages.ERROR, msg) else: messages.add_message(request, messages.ERROR, '密码不为空！') return HttpResponseRedirect(reverse('system:system_user_change_password')) else: return render_to_response('system/change_password.html', {'userinfo': User.objects.get(pk=request.user.id)}, context_instance=RequestContext(request)) @login_required(login_url='/system/u/login/') @super_user_required(login_url="/error_403") def user_list(request): """ User list :param request: :return: """ page = int(request.REQUEST.get('page', 1)) data = User.objects.all().order_by('id') data, page_range = paging(page, data, 40) return render_to_response('system/user_list.html', {'data': data, 'page_range': page_range}, context_instance=RequestContext(request)) @login_required(login_url='/system/u/login/') def user_profile(request): """ User Profile :param request: :return: """ return render_to_response('system/profile.html', {}, context_instance=RequestContext(request)) @login_required(login_url='/system/u/login/') @super_user_required(login_url="/error_403") def user_add(request): if request.method == 'POST': username = request.POST.get('username', '') first_name = request.POST.get('first_name', '') last_name = request.POST.get('last_name', '') email = request.POST.get('email', '') password = request.POST.get('password', '') group = request.POST.get('group', '') permission = request.POST.getlist('permission') user = User.objects.filter(username=username) if not user: u = User.objects.create_user(username, email, password) u.last_name = last_name u.first_name = first_name u.groups = group u.user_permissions = permission u.save() p = UserProfile(user=u, otp=pyotp.random_base32(), avatar='') p.save() msg = '创建成功' res = True else: msg = '用户已经存在' res = False if res: messages.add_message(request, messages.SUCCESS, msg) return HttpResponseRedirect(reverse('system:system_user_list')) else: messages.add_message(request, messages.ERROR, msg) return HttpResponseRedirect(reverse('system:system_user_add')) else: groups = Group.objects.all() perms = Permission.objects.all() return render_to_response('system/create.html', {'groups': groups, 'perms': perms}, context_instance=RequestContext(request)) @login_required(login_url='/system/u/login/') @super_user_required(login_url="/error_403") def user_edit(request, uid): if request.method == 'POST': uid = request.POST.get('uid', '') first_name = request.POST.get('first_name', '') last_name = request.POST.get('last_name', '') email = request.POST.get('email', '') group = request.POST.get('group', '') permission = request.POST.getlist('permission') try: u = User.objects.get(pk=uid) u.first_name = first_name u.last_name = last_name u.email = email u.groups = group u.user_permissions = permission u.save() res, msg = True, '用户：' + str(uid) + '修改成功！' except User.DoesNotExist: res, msg = False, '用户：' + str(uid) + '不存在！' if res: messages.add_message(request, messages.SUCCESS, msg) else: messages.add_message(request, messages.SUCCESS, msg) return HttpResponseRedirect(reverse('system:system_user_list')) else: data = User.objects.get(pk=ui