Merge f3118fb into 36edc1a

liangliangyy · Sep 30, 2019 · 8ee2c75 · 8ee2c75
2 parents 36edc1a + f3118fb
commit 8ee2c75
Show file tree

Hide file tree

Showing 7 changed files with 57 additions and 4 deletions.
diff --git a/accounts/forms.py b/accounts/forms.py
@@ -17,9 +17,10 @@
 from django.conf import settings
 from django.contrib.auth import get_user_model
 from django.core.exceptions import ValidationError
-
+from django import forms
 
 class LoginForm(AuthenticationForm):
+    pub_key = forms.CharField(widget=forms.HiddenInput())
     def __init__(self, *args, **kwargs):
         super(LoginForm, self).__init__(*args, **kwargs)
         self.fields['username'].widget = widgets.TextInput(attrs={'placeholder': "username", "class": "form-control"})

diff --git a/accounts/views.py b/accounts/views.py
@@ -19,7 +19,10 @@
 from django.utils.http import is_safe_url
 from DjangoBlog.utils import send_email, get_md5, get_current_site
 from django.conf import settings
-
+from Crypto import Random
+from Crypto.Cipher import PKCS1_v1_5
+import base64
+from Crypto.PublicKey import RSA
 logger = logging.getLogger(__name__)
 
 
@@ -91,6 +94,18 @@ def dispatch(self, request, *args, **kwargs):
 
         return super(LoginView, self).dispatch(request, *args, **kwargs)
 
+    def get_initial(self):
+        initial = super(LoginView, self).get_initial()
+        if self.request.method in ('GET'):
+            #generate RSA key
+            random_generator = Random.new().read
+            rsa = RSA.generate(2048, random_generator)
+            rsa_private_key = rsa.exportKey()
+            self.request.session['privkey'] = rsa_private_key.decode()
+            rsa_public_key = rsa.publickey().exportKey()
+            initial.update({'pub_key':rsa_public_key.decode()})
+        return initial
+
     def get_context_data(self, **kwargs):
         redirect_to = self.request.GET.get(self.redirect_field_name)
         if redirect_to is None:
@@ -99,6 +114,27 @@ def get_context_data(self, **kwargs):
 
         return super(LoginView, self).get_context_data(**kwargs)
 
+    def get_form_kwargs(self):
+        #decode password
+        if self.request.method in ('POST', 'PUT'):
+
+            if self.request.session.get('privkey')!=None:
+                privkeystr = self.request.session.get('privkey').encode()
+                #decode
+                password = self.request.POST['password']
+                privkey = RSA.importKey(privkeystr)
+                cipher = PKCS1_v1_5.new(privkey)
+                password_decode = cipher.decrypt(base64.b64decode(password.encode()), 'error')
+
+                #change self.requet.POST to mutable
+                _mutable = self.request.POST._mutable
+                self.request.POST._mutable = True
+                self.request.POST['password'] = password_decode
+                self.request.POST._mutable = _mutable
+
+        kwargs = super(LoginView, self).get_form_kwargs()
+        return kwargs
+
     def form_valid(self, form):
         form = AuthenticationForm(data=self.request.POST, request=self.request)
 

diff --git a/blog/static/blog/js/jsencrypt.min.js b/blog/static/blog/js/jsencrypt.min.js
diff --git a/blog/static/blog/js/login.js b/blog/static/blog/js/login.js
@@ -0,0 +1,11 @@
+/*global JSEncrypt*/
+function dologin() {
+        //公钥加密
+        var pwd =$("#id_password").val();
+        var pubkey = $("#id_pub_key").val();
+        var jsencrypt = new JSEncrypt();
+        jsencrypt.setPublicKey(pubkey);
+        var enPwd = jsencrypt.encrypt(pwd);
+        $("#id_password").val(enPwd);
+        $("#login_form").submit();
+    }
diff --git a/requirements.txt b/requirements.txt
@@ -33,6 +33,7 @@ olefile==0.46
 packaging==19.1
 Pillow==6.1.0
 pycparser==2.19
+pycrypto==2.6.1
 Pygments==2.4.2
 pylint==2.3.1
 pyparsing==2.4.2

diff --git a/templates/account/login.html b/templates/account/login.html
@@ -7,7 +7,7 @@ <h2 class="form-signin-heading text-center">Sign in with your Account</h2>
 
         <div class="card card-signin">
             <img class="img-circle profile-img" src="{% static 'blog/img/avatar.png' %}" alt="">
-            <form class="form-signin" action="{% url 'account:login' %}" method="post">
+            <form id="login_form" class="form-signin" action="{% url 'account:login' %}" method="post">
                 {% csrf_token %}
                 {% comment %}<label for="inputEmail" class="sr-only">Email address</label>
                 <input type="email" id="inputEmail" class="form-control" placeholder="Email" required autofocus>
@@ -20,7 +20,7 @@ <h2 class="form-signin-heading text-center">Sign in with your Account</h2>
                 {% endfor %}
 
                 <input type="hidden" name="next" value="{{ redirect_to }}">
-                <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
+                <button class="btn btn-lg btn-primary btn-block" type="submit" onclick="dologin();return false;">Sign in</button>
 
                 <div class="checkbox">
                     {% comment %}<a class="pull-right">Need help?</a>{% endcomment %}

diff --git a/templates/share_layout/base_account.html b/templates/share_layout/base_account.html
@@ -26,6 +26,9 @@
     {% compress js %}
         <script src="{% static 'assets/js/ie10-viewport-bug-workaround.js' %}"></script>
         <script src="{% static 'assets/js/ie-emulation-modes-warning.js' %}"></script>
+        <script type="text/javascript" src="{% static 'blog/js/jquery-3.1.1.js' %}"></script>
+        <script src="{% static 'blog/js/jsencrypt.min.js' %}"></script>
+        <script src="{% static 'blog/js/login.js' %}"></script>
     {% endcompress %}
     <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
     <!--[if lt IE 9]>