update

2025-08-11 16:20:10 +08:00 · 2019-07-15 20:16:56 +08:00
parent 2bef05016e
commit 114efffa83
44 changed files with 2470 additions and 0 deletions
--- a/resetpwd/init.py
+++ b/resetpwd/init.py
--- a/resetpwd/ad.py
+++ b/resetpwd/ad.py
@@ -0,0 +1,99 @@
+from ldap3 import *
+from pwdselfservice.local_settings import *
+
+
+def __ad_connect():
+    username = str(AD_LOGIN_USER).lower()
+    server = Server(host=AD_HOST, use_ssl=True, port=636, get_info='ALL')
+    try:
+        conn = Connection(server, auto_bind=True, user=username, password=AD_LOGIN_USER_PWD, authentication='NTLM')
+        return conn
+    except Exception:
+        raise Exception('Server Error. Could not connect to Domain Controller')
+
+
+def ad_ensure_user_by_sam(username):
+    """
+    通过sAMAccountName查询某个用户是否在AD中
+    :param username:  除去@domain.com 的部分
+    :return: True or False
+    """
+    conn = __ad_connect()
+    base_dn = BASE_DN
+    condition = '(&(objectclass=person)(mail=' + username + '))'
+    attributes = ['sAMAccountName']
+    return conn.search(base_dn, condition, attributes=attributes)
+
+
+def ad_ensure_user_by_mail(user_mail_addr):
+    """
+    通过mail查询某个用户是否在AD中
+    :param user_mail_addr:
+    :return: True or False
+    """
+    conn = __ad_connect()
+    base_dn = BASE_DN
+    condition = '(&(objectclass=person)(mail=' + user_mail_addr + '))'
+    attributes = ['mail']
+    return conn.search(base_dn, condition, attributes=attributes)
+
+
+def ad_get_user_displayname_by_mail(user_mail_addr):
+    conn = __ad_connect()
+    conn.search(BASE_DN, '(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=[
+        'displayName'])
+    user_displayname = conn.entries[0]['displayName']
+    conn.unbind()
+    return user_displayname
+
+
+def ad_get_user_dn_by_mail(user_mail_addr):
+    conn = __ad_connect()
+    conn.search(BASE_DN,
+                '(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=['distinguishedName'])
+    user_dn = conn.entries[0]['distinguishedName']
+    return user_dn
+
+
+def ad_get_user_status_by_mail(user_mail_addr):
+    conn = __ad_connect()
+    conn.search(BASE_DN,
+                '(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=['userAccountControl'])
+    user_account_control = conn.entries[0]['userAccountControl']
+    return user_account_control
+
+
+def ad_unlock_user_by_mail(user_mail_addr):
+    conn = __ad_connect()
+    user_dn = ad_get_user_dn_by_mail(user_mail_addr)
+    result = conn.extend.microsoft.unlock_account(user="%s" % user_dn)
+    conn.unbind()
+    return result
+
+
+def ad_reset_user_pwd_by_mail(user_mail_addr, new_password):
+    conn = __ad_connect()
+    user_dn = ad_get_user_dn_by_mail(user_mail_addr)
+    result = conn.extend.microsoft.modify_password(user="%s" % user_dn, new_password="%s" % new_password)
+    conn.unbind()
+    return result
+
+
+def ad_modify_user_pwd_by_mail(user_mail_addr, old_password, new_password):
+    conn = __ad_connect()
+    user_dn = ad_get_user_dn_by_mail(user_mail_addr)
+    result = conn.extend.microsoft.modify_password(user="%s" % user_dn, new_password="%s" % new_password,
+                                                   old_password="%s" % old_password)
+    conn.unbind()
+    return result
+
+
+def ad_get_user_locked_status_by_mail(user_mail_addr):
+    conn = __ad_connect()
+    conn.search(BASE_DN, '(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=['lockoutTime'])
+    locked_status = conn.entries[0]['lockoutTime']
+    print(locked_status)
+    if '1601-01-01' in str(locked_status):
+        return 0
+    else:
+        return locked_status
--- a/resetpwd/admin.py
+++ b/resetpwd/admin.py
@@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.
--- a/resetpwd/apps.py
+++ b/resetpwd/apps.py
@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+
+class ResetpwdConfig(AppConfig):
+    name = 'resetpwd'
--- a/resetpwd/crypto.py
+++ b/resetpwd/crypto.py
@@ -0,0 +1,22 @@
+from cryptography.fernet import Fernet
+
+
+class Crypto(object):
+    """docstring for ClassName"""
+    def __init__(self, key):
+        self.factory = Fernet(key)
+
+    @staticmethod
+    def generate_key():
+        key = Fernet.generate_key()
+        print(key)
+
+    # 加密
+    def encrypt(self, string):
+        token = str(self.factory.encrypt(string.encode('utf-8')), 'utf-8')
+        return token
+
+    # 解密
+    def decrypt(self, token):
+        string = self.factory.decrypt(bytes(token.encode('utf-8'))).decode('utf-8')
+        return string
--- a/resetpwd/dingding.py
+++ b/resetpwd/dingding.py
@@ -0,0 +1,82 @@
+from dingtalk.client import *
+import requests
+from pwdselfservice.local_settings import *
+
+
+def ding_get_access_token():
+    resp = requests.get(
+        url=DING_URL + "/gettoken",
+        params=dict(appid=DING_SELF_APP_ID, appsecret=DING_SELF_APP_SECRET)
+    )
+    resp = resp.json()
+    if resp['access_token']:
+        return resp['access_token']
+    else:
+        return None
+
+
+def ding_get_persistent_code(code, token):
+    resp = requests.post(
+        url="%s/get_persistent_code?access_token=%s" % (DING_URL, token),
+        json=dict(tmp_auth_code=code),
+    )
+    resp = resp.json()
+    if resp['unionid']:
+        return resp['unionid']
+    else:
+        return None
+
+
+def ding_client_connect():
+    client = AppKeyClient(corp_id=DING_CORP_ID, app_key=DING_APP_KEY, app_secret=DING_APP_SECRET)
+    return client
+
+
+def ding_get_dept_user_list_detail(dept_id, offset, size):
+    client = ding_client_connect()
+    result = client.user.list(department_id=dept_id, offset=offset, size=size)
+    return result
+
+
+def ding_get_userinfo_by_code(code):
+    """
+    :param code:  requestAuthCode接口中获取的CODE
+    :return:
+    """
+    client = ding_client_connect()
+    resutl = client.user.getuserinfo(code)
+    return resutl
+
+
+def ding_get_userid_by_unionid(unionid):
+    """
+    :param unionid:  用户在当前钉钉开放平台账号范围内的唯一标识
+    :return:
+    """
+    client = ding_client_connect()
+    resutl = client.user.get_userid_by_unionid(unionid)
+    if resutl['userid']:
+        return resutl['userid']
+    else:
+        return None
+
+
+def ding_get_org_user_count():
+    """
+    企业员工数量
+    only_active – 是否包含未激活钉钉的人员数量
+    :return:
+    """
+    client = ding_client_connect()
+    resutl = client.user.get_org_user_count('only_active')
+    return resutl
+
+
+def ding_get_userinfo_detail(user_id):
+    """
+    user_id –  用户ID
+    :return:
+    """
+    client = ding_client_connect()
+    resutl = client.user.get(user_id)
+    return resutl
--- a/resetpwd/form.py
+++ b/resetpwd/form.py
@@ -0,0 +1,34 @@
+from django.forms import fields as c_fields
+from django import forms as c_forms
+from django.core.exceptions import ValidationError
+
+
+class CheckForm(c_forms.Form):
+    new_password = c_fields.RegexField(
+        '(?=.*[0-9])(?=.*[a-zA-Z])(?=.*[^a-zA-Z0-9]).{8,30}',
+        # 密码必须同时包含大写、小写、数字和特殊字符其中三项且至少8位
+        strip=True,
+        min_length=8,
+        max_length=30,
+        error_messages={'required': '新密码不能为空.',
+                        'invalid': '密码必须包含数字，字母、特殊字符',
+                        'min_length': "密码长度不能小于8个字符",
+                        'max_length': "密码长度不能大于30个字符"}
+    )
+    old_password = c_fields.CharField(error_messages={'required': '确认密码不能为空'})
+    ensure_password = c_fields.CharField(error_messages={'required': '确认密码不能为空'})
+    user_email = c_fields.CharField(error_messages={'required': '邮箱不能为空', 'invalid': '邮箱格式错误'})
+
+    def clean(self):
+        pwd0 = self.cleaned_data.get('old_password')
+        pwd1 = self.cleaned_data.get('new_password')
+        pwd2 = self.cleaned_data.get('ensure_password')
+        if pwd1 == pwd2:
+            pass
+        elif pwd0 == pwd1:
+            # 这里异常模块导入要放在函数里面，放到文件开头有时会报错，找不到
+            from django.core.exceptions import ValidationError
+            raise ValidationError('新旧密码不能一样')
+        else:
+            from django.core.exceptions import ValidationError
+            raise ValidationError('新密码和确认密码输入不一致')
--- a/resetpwd/migrations/init.py
+++ b/resetpwd/migrations/init.py
--- a/resetpwd/models.py
+++ b/resetpwd/models.py
@@ -0,0 +1,4 @@
+from django.db import models
+from django import forms
+from django.contrib import auth
+
--- a/resetpwd/pwdcheck.py
+++ b/resetpwd/pwdcheck.py
@@ -0,0 +1,30 @@
+from django.shortcuts import render, reverse, HttpResponsePermanentRedirect, redirect
+from django.http import *
+from django.contrib import messages
+from dingtalk import *
+from .models import *
+from .crypto import Crypto
+from .ad import ad_get_user_locked_status_by_mail, ad_unlock_user_by_mail, ad_reset_user_pwd_by_mail, \
+    ad_get_user_status_by_mail, ad_ensure_user_by_mail, ad_modify_user_pwd_by_mail
+from .dingding import ding_get_userinfo_detail, ding_get_userid_by_unionid, ding_get_userinfo_by_code, \
+    ding_get_persistent_code, ding_get_access_token
+from pwdselfservice.local_settings import *
+from .form import *
+
+
+class CustomPasswortValidator(object):
+
+    def __init__(self, min_length=1, max_length=30):
+        self.min_length = min_length
+
+    def validate(self, password):
+        special_characters = "[~\!@#\$%\^&\*\(\)_\+{}\":;'\[\]]"
+        if not any(char.isdigit() for char in password):
+            raise ValidationError(_('Password must contain at least %(min_length)d digit.') % {'min_length': self.min_length})
+        if not any(char.isalpha() for char in password):
+            raise ValidationError(_('Password must contain at least %(min_length)d letter.') % {'min_length': self.min_length})
+        if not any(char in special_characters for char in password):
+            raise ValidationError(_('Password must contain at least %(min_length)d special character.') % {'min_length': self.min_length})
+
+    def get_help_text(self):
+        return ""
--- a/resetpwd/tests.py
+++ b/resetpwd/tests.py
@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.
--- a/resetpwd/views.py
+++ b/resetpwd/views.py
@@ -0,0 +1,382 @@
+from django.shortcuts import render
+from django.http import *
+from .crypto import Crypto
+from .ad import ad_get_user_locked_status_by_mail, ad_unlock_user_by_mail, ad_reset_user_pwd_by_mail, \
+    ad_get_user_status_by_mail, ad_ensure_user_by_mail, ad_modify_user_pwd_by_mail
+from .dingding import ding_get_userinfo_detail, ding_get_userid_by_unionid, \
+    ding_get_persistent_code, ding_get_access_token
+from pwdselfservice.local_settings import *
+from .form import CheckForm
+import logging
+
+
+msg_template = 'msg.html'
+home_url = HOME_URL
+logger = logging.getLogger('django')
+
+def resetpwd_index(request):
+    home_url = HOME_URL
+    app_id = DING_SELF_APP_ID
+    if request.method == 'GET':
+        return render(request, 'index.html', locals())
+    else:
+        logger.error('[异常]  请求方法：%s，请求路径：%s' % (request.method, request.path))
+
+    if request.method == 'POST':
+        check_form = CheckForm(request.POST)
+        if check_form.is_valid():
+            form_obj = check_form.cleaned_data
+            user_email = form_obj.get("user_email")
+            old_password = form_obj.get("old_password")
+            new_password = form_obj.get("new_password")
+        else:
+            msg = check_form.as_p().errors
+            logger.error('[异常]  请求方法：%s，请求路径：%s，错误信息：%s' % (request.method, request.path, msg))
+            context = {
+                'msg': msg,
+                'button_click': "window.location.href='%s'" % home_url,
+                'button_display': "返回主页"
+            }
+            return render(request, msg_template, context)
+
+        if user_email and old_password and new_password:
+            try:
+                # 判断账号是否被锁定
+                if ad_get_user_locked_status_by_mail(user_mail_addr=user_email) is not 0:
+                    context = {
+                        'msg': "此账号己被锁定，请先解锁账号。",
+                        'button_click': "window.history.back()",
+                        'button_display': "返回"
+                    }
+                    return render(request, msg_template, context)
+
+                if ad_get_user_status_by_mail(user_mail_addr=user_email) == 514 or ad_get_user_status_by_mail(
+                        user_mail_addr=user_email) == 66050:
+                    context = {
+                        'msg': "此账号状态为己禁用，请联系HR确认账号是否正确。",
+                        'button_click': "window.location.href='%s'" % home_url,
+                        'button_display': "返回主页"
+                    }
+                    return render(request, msg_template, context)
+
+                else:
+                    try:
+                        result = ad_modify_user_pwd_by_mail(user_mail_addr=user_email, old_password=old_password,
+                                                            new_password=new_password)
+                        if result is True:
+                            context = {
+                                'msg': "密码己修改成功，请妥善保管密码。你可直接关闭此页面！",
+                                'button_click': "window.location.href='%s'" % home_url,
+                                'button_display': "返回主页"
+                            }
+                            return render(request, msg_template, context)
+
+                        else:
+                            context = {
+                                'msg': "密码未修改成功，请确认旧密码是否正确。",
+                                'button_click': "window.history.back()",
+                                'button_display': "返回"
+                            }
+                            return render(request, msg_template, context)
+
+                    except IndexError:
+                        context = {
+                            'msg': "请确认邮箱账号[%s]是否正确？未能在Active Directory中检索到相关信息。" % user_email,
+                            'button_click': "window.location.href='%s'" % home_url,
+                            'button_display': "返回主页"
+                        }
+                        return render(request, msg_template, context)
+                    except Exception as e:
+                        context = {
+                            'msg': "出现未预期的错误[%s]，请与管理员联系~" % str(e),
+                            'button_click': "window.location.href='%s'" % home_url,
+                            'button_display': "返回主页"
+                        }
+                        return render(request, msg_template, context)
+
+            except IndexError:
+                context = {
+                    'msg': "请确认邮箱账号[%s]是否正确？未能在Active Directory中检索到相关信息。" % user_email,
+                    'button_click': "window.location.href='%s'" % home_url,
+                    'button_display': "返回主页"
+                }
+                return render(request, msg_template, context)
+            except Exception as e:
+                context = {
+                    'msg': "出现未预期的错误[%s]，请与管理员联系~" % str(e),
+                    'button_click': "window.history.back()",
+                    'button_display': "返回"
+                }
+                return render(request, msg_template, context)
+
+        else:
+            context = {
+                'msg': "用户名、旧密码、新密码参数不正确，请重新确认后输入。",
+                'button_click': "window.history.back()",
+                'button_display': "返回"
+            }
+            return render(request, msg_template, context)
+
+    else:
+        context = {
+            'msg': "请从主页进行修改密码操作或扫码验证用户信息。",
+            'button_click': "window.location.href='%s'" % home_url,
+            'button_display': "返回主页"
+        }
+        return render(request, msg_template, context)
+
+
+def resetpwd_check_userinfo(request):
+    code = request.GET.get('code')
+    if code:
+        logger.info('[成功]  请求方法：%s，请求路径：%s，CODE：%s' % (request.method, request.path, code))
+    else:
+        logger.error('[异常]  请求方法：%s，请求路径：%s，未能拿到CODE。' % (request.method, request.path))
+    try:
+        unionid = ding_get_persistent_code(code, ding_get_access_token())
+        # unionid 在钉钉企业中是否存在
+        if not unionid:
+            logger.error('[异常]  请求方法：%s，请求路径：%s，未能拿到unionid。' % (request.method, request.path))
+            context = {
+                'msg': '未能在钉钉企业通讯录中检索到相关信息，请确认当前登录钉钉的账号已在企业中注册！',
+                'button_click': "window.location.href='%s'" % home_url,
+                'button_display': "返回主页"
+            }
+            return render(request, msg_template, context)
+        else:
+            ding_user_info = ding_get_userinfo_detail(ding_get_userid_by_unionid(unionid))
+            try:
+                # 钉钉中此账号是否可用
+                if ding_user_info['active']:
+                    crypto = Crypto(CRYPTO_KEY)
+                    unionid_cryto = crypto.encrypt(unionid)
+                    # 配置cookie，并重定向到重置密码页面。
+                    set_cookie = HttpResponseRedirect('resetpwd')
+                    set_cookie.set_cookie('tmpid', unionid_cryto, expires=TMPID_COOKIE_AGE)
+                    return set_cookie
+                else:
+                    context = {
+                        'msg': '邮箱是[%s]的用户在钉钉中未激活或可能己离职' % ding_user_info['email'],
+                        'button_click': "window.location.href='%s'" % home_url,
+                        'button_display': "返回主页"
+                    }
+                    return render(request, msg_template, context)
+            except IndexError:
+                context = {
+                    'msg': "用户不存在或己离职",
+                    'button_click': "window.location.href='%s'" % home_url,
+                    'button_display': "返回主页"
+                    }
+                return render(request, msg_template, context)
+            except Exception as e:
+                logger.error('[异常] ：%s' % str(e))
+
+    except KeyError:
+        context = {
+            'msg': "错误，钉钉临时Code己失效，请从主页重新扫码。",
+            'button_click': "window.location.href='%s'" % home_url,
+            'button_display': "返回主页"
+        }
+        logger.error('[异常] ：%s' % str(KeyError))
+        return render(request, msg_template, context)
+
+    except Exception as e:
+        context = {
+            'msg': "错误[%s]，请与管理员联系." % str(e),
+            'button_click': "window.location.href='%s'" % home_url,
+            'button_display': "返回主页"
+        }
+        logger.error('[异常] ：%s' % str(e))
+        return render(request, msg_template, context)
+
+
+def resetpwd_reset(request):
+    global unionid_crypto
+    if request.method == 'GET':
+        try:
+            unionid_crypto = request.COOKIES.get('tmpid')
+        except Exception as e:
+            logger.error('[异常] ：%s' % str(e))
+        if not unionid_crypto:
+            logger.error('[异常]  请求方法：%s，请求路径：%s，未能拿到CODE或CODE己超时。' % (request.method, request.path))
+            context = {
+                'msg': "会话己超时，请重新扫码验证用户信息。",
+                'button_click': "window.location.href='%s'" % home_url,
+                'button_display': "返回主页"
+            }
+            return render(request, msg_template, context)
+        crypto = Crypto(CRYPTO_KEY)
+        unionid = crypto.decrypt(unionid_crypto)
+        user_email = ding_get_userinfo_detail(ding_get_userid_by_unionid(unionid))['email']
+        if user_email:
+            context = {
+                'user_email': user_email,
+            }
+            return render(request, 'resetpwd.html', context)
+        else:
+            context = {
+                'msg': "%s 您好，企业钉钉中未能找到您账号的邮箱配置，请联系HR完善信息。" % ding_get_userinfo_detail(ding_get_userid_by_unionid(
+                    unionid))['name'],
+                'button_click': "window.location.href='%s'" % home_url,
+                'button_display': "返回主页"
+            }
+            return render(request, msg_template, context)
+
+    elif request.method == 'POST':
+        new_password = request.POST.get('new_password').strip()
+        unionid_crypto = request.COOKIES.get('tmpid')
+        if not unionid_crypto:
+            context = {
+                'msg': "会话己超时，请重新扫码验证用户信息。",
+                'button_click': "window.location.href='%s'" % home_url,
+                'button_display': "返回主页"
+            }
+            return render(request, msg_template, context)
+        crypto = Crypto(CRYPTO_KEY)
+        unionid = crypto.decrypt(unionid_crypto)
+        user_email = ding_get_userinfo_detail(ding_get_userid_by_unionid(unionid))['email']
+        if ad_ensure_user_by_mail(user_mail_addr=user_email) is False:
+            context = {
+                'msg': "账号[%s]在AD中不存在，请确认当前钉钉扫码账号绑定的邮箱是否和您正在使用的邮箱一致？或者该邮箱账号己被禁用！\n猜测：您的邮箱是否是带有数字或其它字母区分？" % user_email,
+                'button_click': "window.location.href='%s'" % home_url,
+                'button_display': "返回主页"
+            }
+            return render(request, msg_template, context)
+        if ad_get_user_status_by_mail(user_mail_addr=user_email) == 514 or ad_get_user_status_by_mail(
+                user_mail_addr=user_email) == 66050:
+            context = {
+                'msg': "此账号状态为己禁用，请联系HR确认账号是否正确。",
+                'button_click': "window.location.href='%s'" % home_url,
+                'button_display': "返回主页"
+            }
+            return render(request, msg_template, context)
+        else:
+            try:
+                result = ad_reset_user_pwd_by_mail(user_mail_addr=user_email, new_password=new_password)
+                if result:
+                    # 重置密码并执行一次解锁，防止重置后账号还是锁定状态。
+                    ad_unlock_user_by_mail(user_email)
+                    context = {
+                        'msg': "密码己重置成功，请妥善保管。你可以点击返回主页或直接关闭此页面！",
+                        'button_click': "window.location.href='%s'" % home_url,
+                        'button_display': "返回主页"
+                    }
+                    return render(request, msg_template, context)
+                else:
+                    context = {
+                        'msg': "密码未重置成功，确认密码是否满足AD的复杂性要求。",
+                        'button_click': "window.location.href='%s'" % home_url,
+                        'button_display': "返回主页"
+                    }
+                    return render(request, msg_template, context)
+            except IndexError:
+                context = {
+                    'msg': "请确认邮箱账号[%s]是否正确？未能在AD中检索到相关信息。" % user_email,
+                    'button_click': "window.location.href='%s'" % home_url,
+                    'button_display': "返回主页"
+                }
+                return render(request, msg_template, context)
+            except Exception as e:
+                context = {
+                    'msg': "出现未预期的错误[%s]，请与管理员联系~" % str(e),
+                    'button_click': "window.location.href='%s'" % home_url,
+                    'button_display': "返回主页"
+                }
+                return render(request, msg_template, context)
+    else:
+        context = {
+            'msg': "请从主页开始进行操作。",
+            'button_click': "window.location.href='%s'" % home_url,
+            'button_display': "返回主页"
+        }
+        return render(request, msg_template, context)
+
+
+def resetpwd_unlock(request):
+    if request.method == 'GET':
+        unionid_crypto = request.COOKIES.get('tmpid')
+        if not unionid_crypto:
+            context = {
+                'msg': "会话己超时，请重新扫码验证用户信息。",
+                'button_click': "window.location.href='%s'" % home_url,
+                'button_display': "返回主页"
+            }
+            return render(request, msg_template, context)
+        crypto = Crypto(CRYPTO_KEY)
+        unionid = crypto.decrypt(unionid_crypto)
+        user_email = ding_get_userinfo_detail(ding_get_userid_by_unionid(unionid))['email']
+        context = {
+            'user_email': user_email,
+        }
+        return render(request, 'resetpwd.html', context)
+
+    elif request.method == 'POST':
+        unionid_crypto = request.COOKIES.get('tmpid')
+        if not unionid_crypto:
+            context = {
+                'msg': "会话己超时，请重新扫码验证用户信息。",
+                'button_click': "window.location.href='%s'" % home_url,
+                'button_display': "返回主页"
+            }
+            return render(request, msg_template, context)
+        crypto = Crypto(CRYPTO_KEY)
+        unionid = crypto.decrypt(unionid_crypto)
+        user_email = ding_get_userinfo_detail(ding_get_userid_by_unionid(unionid))['email']
+        if ad_ensure_user_by_mail(user_mail_addr=user_email) is False:
+            context = {
+                'msg': "账号[%s]在AD中未能正确检索到，请确认当前钉钉扫码账号绑定的邮箱是否和您正在使用的邮箱一致？或者该邮箱账号己被禁用！\n猜测：您的邮箱是否是带有数字或其它字母区分？" %
+                       user_email,
+                'button_click': "window.location.href='%s'" % home_url,
+                'button_display': "返回主页"
+            }
+            return render(request, msg_template, context)
+        else:
+            try:
+                result = ad_unlock_user_by_mail(user_email)
+                if result:
+                    context = {
+                        'msg': "账号己解锁成功。你可以点击返回主页或直接关闭此页面！",
+                        'button_click': "window.location.href='%s'" % home_url,
+                        'button_display': "返回主页"
+                    }
+                    return render(request, msg_template, context)
+                else:
+                    context = {
+                        'msg': "账号未能解锁，请联系管理员确认该账号在AD的是否己禁用。",
+                        'button_click': "window.location.href='%s'" % home_url,
+                        'button_display': "返回主页"
+                    }
+                    return render(request, msg_template, context)
+            except IndexError:
+                context = {
+                    'msg': "请确认邮箱账号[%s]是否正确？未能在AD中检索到相关信息。" % user_email,
+                    'button_click': "window.location.href='%s'" % home_url,
+                    'button_display': "返回主页"
+                }
+                return render(request, msg_template, context)
+            except Exception as e:
+                context = {
+                    'msg': "出现未预期的错误[%s]，请与管理员联系~" % str(e),
+                    'button_click': "window.location.href='%s'" % home_url,
+                    'button_display': "返回主页"
+                }
+                return render(request, msg_template, context)
+    else:
+        context = {
+            'msg': "请从主页开始进行操作。",
+            'button_click': "window.location.href='%s'" % home_url,
+            'button_display': "返回主页"
+        }
+        return render(request, msg_template, context)
+
+
+def reset_msg(request):
+    msg = request.GET.get('msg')
+    button_click = request.GET.get('button_click')
+    button_display = request.GET.get('button_display')
+    context = {
+        'msg': msg,
+        'button_click': button_click,
+        'button_display': button_display
+    }
+    return render(request, msg_template, context)