dynamic create crypto_key when django running

2025-11-12 04:56:09 +08:00 · 2021-05-20 13:11:55 +08:00
parent ca84457c1f
commit 28661b0d9c
4 changed files with 42 additions and 47 deletions
--- a/resetpwd/utils.py
+++ b/resetpwd/utils.py
@@ -7,10 +7,12 @@
 # @Date：          2021/5/20 8:47

 from django.shortcuts import render
+from django.http import HttpResponseRedirect
 import logging
 from utils.crypto import Crypto
-from pwdselfservice.local_settings import CRYPTO_KEY
+from pwdselfservice.local_settings import TMPID_COOKIE_AGE
 from django.conf import settings
+from pwdselfservice import crypto_key

 logger = logging.getLogger('django')

@@ -36,13 +38,13 @@ def code_2_user_id(ops, request, msg_template, home_url, code):
    return user_id, user_info


-def tmpid_2_user_info(ops, request, msg_template, home_url, scan_app_tag):
+def crypto_id_2_user_info(ops, request, msg_template, home_url, scan_app_tag):
    try:
-        tmpid_crypto = request.COOKIES.get('tmpid')
+        crypto_tmp_id = request.COOKIES.get('tmpid')
    except Exception as e:
-        tmpid_crypto = None
+        crypto_tmp_id = None
        logger.error('[异常] ：%s' % str(e))
-    if not tmpid_crypto:
+    if not crypto_tmp_id:
        logger.error('[异常]  请求方法：%s，请求路径：%s，未能拿到TmpID或会话己超时。' % (request.method, request.path))
        context = {
            'msg': "会话己超时，请重新扫码验证用户信息。",
@@ -51,8 +53,8 @@ def tmpid_2_user_info(ops, request, msg_template, home_url, scan_app_tag):
        }
        return render(request, msg_template, context)
    # 解密
-    crypto = Crypto(CRYPTO_KEY)
-    user_id = crypto.decrypt(tmpid_crypto)
+    crypto = Crypto(crypto_key)
+    user_id = crypto.decrypt(crypto_tmp_id)
    # 通过user_id拿到用户的邮箱，并格式化为username
    userid_status, user_info = ops.get_user_detail_by_user_id(user_id)
    if not userid_status:
@@ -66,9 +68,19 @@ def tmpid_2_user_info(ops, request, msg_template, home_url, scan_app_tag):
    return user_info


-def tmpid_2_user_id(request, msg_template, home_url):
+def crypto_user_id_2_cookie(user_id):
+    crypto = Crypto(crypto_key)
+    # 对user_id进行加密，因为user_id基本上固定不变的，为了防止user_id泄露而导致重复使用，进行加密后再传回。
+    _id_cryto = crypto.encrypt(user_id)
+    # 配置cookie，通过cookie把加密后的用户user_id传到重置密码页面，并重定向到重置密码页面。
+    set_cookie = HttpResponseRedirect('resetPassword')
+    set_cookie.set_cookie('tmpid', _id_cryto, expires=TMPID_COOKIE_AGE)
+    return set_cookie
+
+
+def crypto_id_2_user_id(request, msg_template, home_url):
    try:
-        tmpid_crypto = request.COOKIES.get('tmpid')
+        crypto_tmp_id = request.COOKIES.get('tmpid')
    except Exception as e:
        logger.error('[异常] ：%s' % str(e))
        logger.error('[异常]  请求方法：%s，请求路径：%s，未能拿到TmpID或会话己超时。' % (request.method, request.path))
@@ -79,8 +91,8 @@ def tmpid_2_user_id(request, msg_template, home_url):
        }
        return render(request, msg_template, context)
    # 解密
-    crypto = Crypto(CRYPTO_KEY)
-    return crypto.decrypt(tmpid_crypto)
+    crypto = Crypto(crypto_key)
+    return crypto.decrypt(crypto_tmp_id)


 def ops_account(ad_ops, request, msg_template, home_url, username, new_password):