diff --git a/.gitignore b/.gitignore index 485dee6..32fce7a 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,12 @@ +/.idea .idea +jsLibraryMappings.xml +misc.xml +modules.xml +pwdselfservice.iml +remote-mappings.xml +workspace.xml +codeStyles +inspectionProfiles +deployment.xml +encodings.xml diff --git a/Python-3.6.9.tar.xz b/Python-3.6.9.tar.xz new file mode 100644 index 0000000..9939829 Binary files /dev/null and b/Python-3.6.9.tar.xz differ diff --git a/auto-install.sh b/auto-install.sh new file mode 100644 index 0000000..8036a07 --- /dev/null +++ b/auto-install.sh @@ -0,0 +1,255 @@ +#!/bin/bash +echo -e "此脚本为快速部署,目前只做了Centos版本的,如果是其它系统请自行修改下相关命令\n请准备一个新的环境运行\n本脚本会快速安装相关的环境和所需要的服务\n如果你运行脚本的服务器中已经存在如:Nginx、Python3等,可能会破坏掉原有的应用配置。" + +##Check IP +function check_ip() { + local IP=$1 + VALID_CHECK=$(echo $IP|awk -F. '$1<=255&&$2<=255&&$3<=255&&$4<=255{print "yes"}') + if echo $IP|grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" >/dev/null; then + if [[ $VALID_CHECK == "yes" ]]; then + return 0 + else + return 1 + fi + else + return 1 + fi +} + +##Check domain +function check_domain() { + local DOMAIN=$1 + if echo $DOMAIN |grep -P "(?=^.{4,253}$)(^(?:[a-zA-Z0-9](?:(?:[a-zA-Z0-9\-]){0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$)" >/dev/null; then + return 0 + else + return 1 + fi +} + +##Check Port +function check_port() { + local PORT=$1 + VALID_CHECK=$(echo $PORT|awk '$1<=65535&&$1>=1{print "yes"}') + if echo $PORT |grep -E "^([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]{1}|6553[0-5])$" >/dev/null; then + if [[ $VALID_CHECK == "yes" ]]; then + return 0 + else + return 1 + fi + else + return 1 + fi +} + +while :; do echo + echo "请确认你此台服务器是全新干净的,以防此脚本相关操作对正在运行的服务造成影响(不可逆)。" + read -p "请确认是否继续执行,输入 [y/n]: " ensure_yn + if [[ ! "${ensure_yn}" =~ ^[y,n]$ ]]; then + echo "输入有误,请输入 y 或 n" + else + break + fi +done + +if [[ "${ensure_yn}" = n ]]; then + exit 0 +fi + +echo "=======================================================================" +while :; do echo + read -p "请输入密码自助平台使用的本机IP: " PWD_SELF_SERVICE_IP + check_ip ${PWD_SELF_SERVICE_IP} + if [[ $? -ne 0 ]]; then + echo "---输入的IP地址格式有误,请重新输入。" + else + break + fi +done + +echo "=======================================================================" +while :; do echo + read -p "请输入密码自助平台使用的端口: " PWD_SELF_SERVICE_PORT + check_port ${PWD_SELF_SERVICE_PORT} + if [[ $? -ne 0 ]]; then + echo "---输入的端口有误,请重新输入。" + else + break + fi +done + +echo "=======================================================================" +while :; do echo + read -p "请输入密码自助平台使用域名,例如:pwd.abc.com: " PWD_SELF_SERVICE_DOMAIN + check_domain ${PWD_SELF_SERVICE_DOMAIN} + if [[ $? -ne 0 ]]; then + echo "---输入的域名格式有误,请重新输入。" + else + break + fi +done + +##当前脚本的绝对路径 +SHELL_FOLDER=$(dirname $(readlink -f "$0")) + +echo "关闭SELINUX" +sudo setenforce 0 +sudo sed -i 's@SELINUX=*@SELINUX=disabled@g' /etc/selinux/config +echo "DONE....." +echo "关闭防火墙" +sudo systemctl disable firewalld +sudo systemctl stop firewalld +echo "DONE....." + +echo "初始化编译环境----------" +sudo yum install gcc patch libffi-devel python-devel zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel wget psmisc -y +echo "=======================================================================" +echo "初始化编译环境完成" +echo "=======================================================================" + +##Quick install nginx +echo "=======================================================================" +echo "安装 Nginx" +sudo cat << EOF > /etc/yum.repos.d/nginx.repo +[nginx-stable] +name=nginx stable repo +baseurl=http://nginx.org/packages/centos/7/\$basearch/ +gpgcheck=1 +enabled=1 +gpgkey=https://nginx.org/keys/nginx_signing.key +module_hotfixes=true +EOF + +sudo yum makecache fast +sudo yum install nginx -y + +if [[ $? -eq 0 ]] +then + sudo systemctl enable nginx + sudo systemctl start nginx + echo "=======================================================================" + echo "nginx 安装成功!" + echo "=======================================================================" +else + echo "=======================================================================" + echo "nginx 安装失败!" + echo "=======================================================================" + exit 1 +fi + +##install python3 +##如果之前用此脚本安装过python3,后续就不会再次安装。 +if [[ -f "/usr/share/python-3.6.9/bin/python3" ]] +then + echo "己发现Python3,将不会安装。" +else + if [[ -f "Python-3.6.9.tar.xz" ]] + then + echo "将安装Python3.6.9" + tar xf Python-3.6.9.tar.xz + cd Python-3.6.9 + sudo ./configure --prefix=/usr/share/python-3.6.9 && make && make install + else + echo "脚本目录下没有发现Python3.6.9.tar.xz,将会下载python 3.6.9" + sudo wget https://www.python.org/ftp/python/3.6.9/Python-3.6.9.tar.xz + tar xf Python-3.6.9.tar.xz + cd Python-3.6.9 + sudo ./configure --prefix=/usr/share/python-3.6.9 && make && make install + fi + + if [[ $? -eq 0 ]] + then + echo "创建python3和pip3的软件链接" + cd ${SHELL_FOLDER} + sudo ln -svf /usr/share/python-3.6.9/bin/python3 /usr/bin/python3 + sudo ln -svf /usr/share/python-3.6.9/bin/pip3 /usr/bin/pip3 + echo "=======================================================================" + echo "Python3 安装成功!" + echo "=======================================================================" + else + echo "=======================================================================" + echo "Python3 安装失败!" + echo "=======================================================================" + exit 1 + fi +fi + + +##修改PIP源为国内 +mkdir -p ~/.pip +cat << EOF > ~/.pip/pip.conf +[global] +index-url = https://pypi.tuna.tsinghua.edu.cn/simple +[install] +trusted-host=pypi.tuna.tsinghua.edu.cn +EOF + +cd ${SHELL_FOLDER} +echo "====升级pip================" +/usr/bin/pip3 install --upgrade pip +/usr/bin/pip3 install -r requestment + +if [[ $? -eq 0 ]] +then + echo "=======================================================================" + echo "Pip3 requestment 安装成功!" + echo "=======================================================================" +else + echo "=======================================================================" + echo "Pip3 requestment 安装失败!" + echo "=======================================================================" + exit 1 +fi + +##处理配置文件 +echo "=======================================================================" +echo "处理uwsgi.ini配置文件" +sed -i "s@PWD_SELF_SERVICE_HOME@${SHELL_FOLDER}@g" ${SHELL_FOLDER}/uwsgi.ini +sed -i "s@PWD_SELF_SERVICE_IP@${PWD_SELF_SERVICE_IP}@g" ${SHELL_FOLDER}/uwsgi.ini +sed -i "s@PWD_SELF_SERVICE_PORT@${PWD_SELF_SERVICE_PORT}@g" ${SHELL_FOLDER}/uwsgi.ini +echo "处理uwsgi.ini配置文件完成" +echo +echo "处理uwsgiserver启动脚本" +sed -i "s@PWD_SELF_SERVICE_HOME@${SHELL_FOLDER}@g" ${SHELL_FOLDER}/uwsgiserver +alias cp='cp' +cp -f ${SHELL_FOLDER}/uwsgiserver /etc/init.d/uwsgiserver +chmod +x /etc/init.d/uwsgiserver +chkconfig uwsgiserver on +echo "处理uwsgiserver启动脚本完成" +echo + +sed -i "s@PWD_SELF_SERVICE_DOMAIN@${PWD_SELF_SERVICE_DOMAIN}@g" ${SHELL_FOLDER}/pwdselfservice/local_settings.py + +##Nginx vhost配置 +cat << EOF > /etc/nginx/conf.d/pwdselfservice.conf +server { + listen 80; + server_name ${PWD_SELF_SERVICE_DOMAIN} ${PWD_SELF_SERVICE_IP}; + + location / { + proxy_pass http://${PWD_SELF_SERVICE_IP}:${PWD_SELF_SERVICE_PORT}; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + } + access_log off; +} +EOF +rm -f /etc/nginx/conf.d/default.conf +systemctl restart nginx + +echo +echo "=======================================================================" +echo +echo "密码自助服务平台的访问地址是:http://${PWD_SELF_SERVICE_DOMAIN}或http://${PWD_SELF_SERVICE_IP}" +echo "请确保以上域名能正常解析,否则使用域名无法访问。" +echo +echo "Uwsgi启动:/etc/init.d/uwsgi start" +echo "Uwsgi停止:/etc/init.d/uwsgi stop" +echo "Uwsgi重启:/etc/init.d/uwsgi restart" +echo +echo +echo "文件${SHELL_FOLDER}/pwdselfservice/local_setting.py中必要参数需要你自行修改" +echo "此文件中有AD和钉钉的一些参数,按自己企业的修改" +echo +echo "=======================================================================" diff --git a/db.sqlite3 b/log/log.log similarity index 100% rename from db.sqlite3 rename to log/log.log diff --git a/pwdselfservice/__pycache__/__init__.cpython-36.pyc b/pwdselfservice/__pycache__/__init__.cpython-36.pyc new file mode 100644 index 0000000..be7e706 Binary files /dev/null and b/pwdselfservice/__pycache__/__init__.cpython-36.pyc differ diff --git a/pwdselfservice/__pycache__/loca_settings.cpython-36.pyc b/pwdselfservice/__pycache__/loca_settings.cpython-36.pyc new file mode 100644 index 0000000..59531bb Binary files /dev/null and b/pwdselfservice/__pycache__/loca_settings.cpython-36.pyc differ diff --git a/pwdselfservice/__pycache__/local_settings.cpython-36.pyc b/pwdselfservice/__pycache__/local_settings.cpython-36.pyc new file mode 100644 index 0000000..62ff693 Binary files /dev/null and b/pwdselfservice/__pycache__/local_settings.cpython-36.pyc differ diff --git a/pwdselfservice/__pycache__/settings.cpython-36.pyc b/pwdselfservice/__pycache__/settings.cpython-36.pyc new file mode 100644 index 0000000..08aa780 Binary files /dev/null and b/pwdselfservice/__pycache__/settings.cpython-36.pyc differ diff --git a/pwdselfservice/__pycache__/urls.cpython-36.pyc b/pwdselfservice/__pycache__/urls.cpython-36.pyc new file mode 100644 index 0000000..02a0277 Binary files /dev/null and b/pwdselfservice/__pycache__/urls.cpython-36.pyc differ diff --git a/pwdselfservice/__pycache__/wsgi.cpython-36.pyc b/pwdselfservice/__pycache__/wsgi.cpython-36.pyc new file mode 100644 index 0000000..1930d01 Binary files /dev/null and b/pwdselfservice/__pycache__/wsgi.cpython-36.pyc differ diff --git a/pwdselfservice/local_settings.py b/pwdselfservice/local_settings.py index 6ca2a96..42b2529 100644 --- a/pwdselfservice/local_settings.py +++ b/pwdselfservice/local_settings.py @@ -1,30 +1,39 @@ -# AD配置 -AD_HOST = 'abc.com' -AD_LOGIN_USER = 'abc\pwdadmin' -AD_LOGIN_USER_PWD = 'gVykWgNNF0oBQzwmwPp8' -BASE_DN = 'OU=RD,DC=abc,DC=com' +# AD配置,修改为自己的 +# AD主机,可以是IP或主机域名,例如可以是:abc.com或172.16.122.1 +AD_HOST = '修改为自己的' + +# 用于登录AD做用户信息验证的账号, 需要有修改用户账号密码的权限。 +# 账号格式使用DOMAIN\USERNAME,例如:abc\pwdadmin +AD_LOGIN_USER = '修改为自己的' + +# 密码 +AD_LOGIN_USER_PWD = '修改为自己的' + +# BASE DN,账号的查找DN路径,例如:'DC=abc,DC=com',可以指定到OU之下,例如:'OU=RD,DC=abc,DC=com'。 +BASE_DN = '修改为自己的' # 钉钉配置 -# 钉钉统一接口地址,不可修改。 +# 钉钉接口地址,不可修改 DING_URL = "https://oapi.dingtalk.com/sns" -# 钉钉企业ID -DING_CORP_ID = 'ding0176902811df32' +# 钉钉企业ID,修改为自己的 +DING_CORP_ID = '修改为自己的' -# 钉钉E应用 -DING_AGENT_ID = '25311eeee' -DING_APP_KEY = 'dingqdzmax324v' -DING_APP_SECRET = 'rnGRJhhw5kVmzykG9mrTDxewmI4e0myPAluMlguYQOaadsf2fhgfdfsx' +# 钉钉E应用,修改为自己的 +DING_AGENT_ID = '修改为自己的' +DING_APP_KEY = '修改为自己的' +DING_APP_SECRET = '修改为自己的' -# 钉钉移动应用接入 -DING_SELF_APP_ID = 'dingoabrzugusdfdf33fgfds' -DING_SELF_APP_SECRET = 'IrH2MedSgesguFjGvFCTjXYBRZDhA5AI4ADQU5710sgLffdsadf32uhgfdsfs' +# 钉钉移动应用接入,修改为自己的 +DING_SELF_APP_ID = '修改为自己的' +DING_SELF_APP_SECRET = '修改为自己的' -# Crypty key 通过generate_key生成,可不用修改,如果需要自行生成,请使用Crypto.generate_key自行生成,用于加密页面提交的明文密码 +# Crypty key 通过generate_key生成,可不用修改 CRYPTO_KEY = b'dp8U9y7NAhCD3MoNwPzPBhBtTZ1uI_WWSdpNs6wUDgs=' -# COOKIE 超时,定义多长时间页面失效,单位秒。 +# COOKIE 超时单位是秒,可不用修改 TMPID_COOKIE_AGE = 300 + # 主页域名,index.html中的钉钉跳转等需要指定域名。 -HOME_URL = 'https://pwd.abc.com' \ No newline at end of file +HOME_URL = 'PWD_SELF_SERVICE_DOMAIN' \ No newline at end of file diff --git a/pwdselfservice/settings.py b/pwdselfservice/settings.py index 66adc43..372fbd8 100644 --- a/pwdselfservice/settings.py +++ b/pwdselfservice/settings.py @@ -88,7 +88,7 @@ SESSION_EXPIRE_AT_BROWSER_CLOSE = True # Application definition INSTALLED_APPS = [ - 'django.contrib.admin', + # 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', @@ -132,12 +132,12 @@ WSGI_APPLICATION = 'pwdselfservice.wsgi.application' # Database # https://docs.djangoproject.com/en/2.1/ref/settings/#databases -DATABASES = { - 'default': { - 'ENGINE': 'django.db.backends.sqlite3', - 'NAME': os.path.join(BASE_DIR, 'db.sqlite3'), - } -} +# DATABASES = { +# 'default': { +# 'ENGINE': 'django.db.backends.sqlite3', +# 'NAME': os.path.join(BASE_DIR, 'db.sqlite3'), +# } +# } # Password validation diff --git a/pwdselfservice/urls.py b/pwdselfservice/urls.py index 99622c9..74ef688 100644 --- a/pwdselfservice/urls.py +++ b/pwdselfservice/urls.py @@ -1,11 +1,8 @@ -from django.urls import path, include, re_path +from django.urls import path from django.views.generic.base import RedirectView -from django.conf import urls import resetpwd.views -from django.conf.urls.static import static urlpatterns = { - # path('admin/', admin.site.urls) path("favicon.ico", RedirectView.as_view(url='static/img/favicon.ico')), path('', resetpwd.views.resetpwd_index, name='index'), path('resetcheck', resetpwd.views.resetpwd_check_userinfo, name='resetcheck'), diff --git a/readme.md b/readme.md index 0bdade4..8bc121b 100644 --- a/readme.md +++ b/readme.md @@ -1,10 +1,9 @@ -# 初学Django时碰到的一个需求,因为公司中很多员工在修改密码之后,有一些关联的客户端或网页中的旧密码没有更新,导致密码在尝试多次之后账号被锁,为了减少这种让人头疼的重置解锁密码的操蛋工作,自己做了一个自助修改小平台。 - -## 代码写得很LOW,有需要的可以直接拿去用。 +# 初学Django时碰到的一个需求,因为公司中很多员工在修改密码之后,有一些关联的客户端或网页中的旧密码没有更新,导致密码在尝试多次之后账号被锁,为了减少这种让人头疼的重置解锁密码的操蛋工作,自己做了一个自助修改小平台。 +## 水平有限,代码写得不好,但是能用,有需要的可以直接拿去用。 #### 场景说明: -因为本公司AD是早期已经在用,用户的个人信息不是十分全面,例如:用户手机号。 -钉钉是后来才开始使用,钉钉默认是使用手机号登录。 -这样就造成如果通过手机号来进行钉钉与AD之间的验证视乎行不通。 +因为本公司AD是早期已经在用,用户的个人信息不是十分全面,例如:用户手机号。 +钉钉是后来才开始使用,钉钉默认是使用手机号登录。 +这样就造成如果通过手机号来进行钉钉与AD之间的验证视乎行不通。 在这里我就使用了通过扫码后,提取钉钉账号的邮箱信息,再将邮箱在AD中进行比对来验证用户(邮箱)是否同时在企业的钉钉和企业AD中同时存在,并账号状态是激活的。 此处的配置可按自己的实际情况修改。 @@ -33,40 +32,105 @@ 其中pwd.abc.com请按自己实际域名来,并记录相关的appId、appSecret。 +# 使用脚本自动快速部署 +## 我添加了一个快速自动部署脚本,可快速自动部署完成当前项目上线。 +把整个项目目录上传到新的服务器上 +```shell +chmod +x auto-install.sh +./auto-install.sh +``` +等待所以安装完成即可。 + +#### 按自己实际的配置修改项目配置参数: +修改pwdselfservice/local_settings.py中的参数,按自己的实际参数修改 +```` python +# AD配置 +# AD主机,可以是IP或主机域名,例如可以是:abc.com或172.16.122.1 +AD_HOST = '修改为自己的' + +# 用于登录AD做用户信息验证的账号, 需要有修改用户账号密码的权限。 +# 账号格式使用DOMAIN\USERNAME,例如:abc\pwdadmin +AD_LOGIN_USER = '修改为自己的' + +# 密码 +AD_LOGIN_USER_PWD = '修改为自己的' + +# BASE DN,账号的查找DN路径,例如:'DC=abc,DC=com',可以指定到OU之下,例如:'OU=RD,DC=abc,DC=com'。 +BASE_DN = '修改为自己的' + +# 钉钉配置 +# 钉钉接口地址,不可修改 +DING_URL = "https://oapi.dingtalk.com/sns" + +# 钉钉企业ID +DING_CORP_ID = '修改为自己的' + +# 钉钉E应用 +DING_AGENT_ID = '修改为自己的' +DING_APP_KEY = '修改为自己的' +DING_APP_SECRET = '修改为自己的' + +# 钉钉移动应用接入 +DING_SELF_APP_ID = '修改为自己的' +DING_SELF_APP_SECRET = '修改为自己的' + +# Crypty key 通过generate_key生成,可不用修改 +CRYPTO_KEY = b'dp8U9y7NAhCD3MoNwPzPBhBtTZ1uI_WWSdpNs6wUDgs=' + +# COOKIE 超时单位是秒,可不用修改 +TMPID_COOKIE_AGE = 300 + +# 主页域名,index.html中的钉钉跳转等需要指定域名,如果是脚本自动部署,以下域名会自动替换。 +HOME_URL = 'PWD_SELF_SERVICE_DOMAIN' + +```` + + +# 手动部署 + ## 按自己实际的配置修改项目配置参数: 修改pwdselfservice/local_settings.py中的参数,按自己的实际参数修改 ```` python -# AD配置 -AD_HOST = 'abc.com' -AD_LOGIN_USER = 'abc\pwdadmin' -AD_LOGIN_USER_PWD = 'gVykWgNNF0oBQzwmwPp8' -BASE_DN = 'OU=rd,DC=abc,DC=com' +# AD配置,修改为自己的 +# AD主机,可以是IP或主机域名,例如可以是:abc.com或172.16.122.1 +AD_HOST = '修改为自己的' + +# 用于登录AD做用户信息验证的账号, 需要有修改用户账号密码的权限。 +# 账号格式使用DOMAIN\USERNAME,例如:abc\pwdadmin +AD_LOGIN_USER = '修改为自己的' + +# 密码 +AD_LOGIN_USER_PWD = '修改为自己的' + +# BASE DN,账号的查找DN路径,例如:'DC=abc,DC=com',可以指定到OU之下,例如:'OU=RD,DC=abc,DC=com'。 +BASE_DN = '修改为自己的' # 钉钉配置 -# 钉钉统一接口地址,不可修改 +# 钉钉接口地址,不可修改 DING_URL = "https://oapi.dingtalk.com/sns" -# 钉钉企业ID -DING_CORP_ID = 'ding01769028f06d321' +# 钉钉企业ID,修改为自己的 +DING_CORP_ID = '修改为自己的' -# 钉钉E应用 -DING_AGENT_ID = '25304321' -DING_APP_KEY = 'dingqdzmn611l5321321' -DING_APP_SECRET = 'rnGRJhhw5kVmzykG9mrTDxewmI4e0myP1123333221jzeKv3amQYWcInLV3x' +# 钉钉E应用,修改为自己的 +DING_AGENT_ID = '修改为自己的' +DING_APP_KEY = '修改为自己的' +DING_APP_SECRET = '修改为自己的' -# 钉钉移动应用接入 -DING_SELF_APP_ID = 'dingoabr112233xts' -DING_SELF_APP_SECRET = 'IrH2MedSgesguFjGvFCTjXYBRZD3322112233332211222' +# 钉钉移动应用接入,修改为自己的 +DING_SELF_APP_ID = '修改为自己的' +DING_SELF_APP_SECRET = '修改为自己的' -# Crypty key 通过Crypty.generate_key生成 +# Crypty key 通过generate_key生成,可不用修改 CRYPTO_KEY = b'dp8U9y7NAhCD3MoNwPzPBhBtTZ1uI_WWSdpNs6wUDgs=' -# COOKIE 超时 +# COOKIE 超时单位是秒,可不用修改 TMPID_COOKIE_AGE = 300 -# 主页域名 -HOME_URL = 'https://pwd.abc.com' + +# 主页域名,index.html中的钉钉跳转等需要指定域名。 +HOME_URL = 'PWD_SELF_SERVICE_DOMAIN' ```` @@ -119,34 +183,60 @@ daemonize = /usr/local/wwwroot/log/uwsgi/uwsgi.log ```` -## 通过uwsgi启动: -/usr/local/python3/bin/uwsgi -d --ini /usr/local/wwwroot/ad-password-self-service/uwsgi.ini - -其中/xxx/xxx/ad-password-self-service/uwsgi.ini是你自己的服务器中此文件的真实地址 - -启动之后也可以通过IP+端口访问了。 - -提供2个脚本,让uwsgi在修改文件时能自动重载: - -uwsgi-start.sh: +## 通过uwsgiserver启动: +其中PWD_SELF_SERVICE_HOME是你自己的服务器当前项目的目录,请自行修改 +将以下脚本修改完之后,复制到/etc/init.d/,给予执行权限。 +uwsgiserver: ```shell #!/bin/sh -/usr/local/python3/bin/uwsgi -d --ini /usr/local/wwwroot/ad-password-self-service/uwsgi.ini --touch-reload "/usr/local/wwwroot/ad-password-self-service/reload.set" -``` -uwsgi-autoreload.sh: -````shell -#!/bin/sh -objectdir="/usr/local/wwwroot/ad-password-self-service" +INI="PWD_SELF_SERVICE_HOME/uwsgi.ini" +UWSGI="/usr/share/python-3.6.9/bin/uwsgi" +PSID=`ps aux | grep "uwsgi"| grep -v "grep" | wc -l` + +if [ ! -n "$1" ] +then + content="Usages: sh uwsgiserver [start|stop|restart]" + echo -e "\033[31m $content \033[0m" + exit 0 +fi + +if [ $1 = start ] +then + if [ `eval $PSID` -gt 4 ] + then + content="uwsgi is running!" + echo -e "\033[32m $content \033[0m" + exit 0 + else + $UWSGI $INI + content="Start uwsgi service [OK]" + echo -e "\033[32m $content \033[0m" + fi + +elif [ $1 = stop ];then + if [ `eval $PSID` -gt 4 ];then + killall -9 uwsgi + fi + content="Stop uwsgi service [OK]" + echo -e "\033[32m $content \033[0m" +elif [ $1 = restart ];then + if [ `eval $PSID` -gt 4 ];then + killall -9 uwsgi + fi + $UWSGI --ini $INI + content="Restart uwsgi service [OK]" + echo -e "\033[32m $content \033[0m" + +else + content="Usages: sh uwsgiserver [start|stop|restart]" + echo -e "\033[31m $content \033[0m" +fi -/usr/bin/inotifywait -mrq --exclude "(logs|\.swp|\.swx|\.log|\.pyc|\.sqlite3)" --timefmt '%d/%m/%y %H:%M' --format '%T %wf' --event modify,delete,move,create,attrib ${objectdir} | while read files -do -/bin/touch /usr/local/wwwroot/ad-password-self-service/reload.set -continue -done & ```` + 脚本内的路径按自己实际情况修改 ## Nginx配置: @@ -164,10 +254,9 @@ server { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - + proxy_set_header X-Forwarded-Proto $scheme; } - access_log /var/log/nginx/vhost/pwd.log access; - error_log /var/log/nginx/vhost/pwd.err error; + access_log off; } ```` diff --git a/requestment b/requestment index 947c1fe..5dfeca7 100644 --- a/requestment +++ b/requestment @@ -1,6 +1,6 @@ Django==2.1.8 dingtalk-sdk>=1.2.2 -pycrypto==2.6 +pycrypto>=2.6 cryptography ldap3 requests diff --git a/resetpwd/__pycache__/__init__.cpython-36.pyc b/resetpwd/__pycache__/__init__.cpython-36.pyc new file mode 100644 index 0000000..34ca117 Binary files /dev/null and b/resetpwd/__pycache__/__init__.cpython-36.pyc differ diff --git a/resetpwd/__pycache__/admin.cpython-36.pyc b/resetpwd/__pycache__/admin.cpython-36.pyc new file mode 100644 index 0000000..7e8b268 Binary files /dev/null and b/resetpwd/__pycache__/admin.cpython-36.pyc differ diff --git a/resetpwd/__pycache__/form.cpython-36.pyc b/resetpwd/__pycache__/form.cpython-36.pyc new file mode 100644 index 0000000..ccc256b Binary files /dev/null and b/resetpwd/__pycache__/form.cpython-36.pyc differ diff --git a/resetpwd/__pycache__/models.cpython-36.pyc b/resetpwd/__pycache__/models.cpython-36.pyc new file mode 100644 index 0000000..3fdc965 Binary files /dev/null and b/resetpwd/__pycache__/models.cpython-36.pyc differ diff --git a/resetpwd/__pycache__/views.cpython-36.pyc b/resetpwd/__pycache__/views.cpython-36.pyc new file mode 100644 index 0000000..769ef39 Binary files /dev/null and b/resetpwd/__pycache__/views.cpython-36.pyc differ diff --git a/resetpwd/form.py b/resetpwd/form.py new file mode 100644 index 0000000..dd02390 --- /dev/null +++ b/resetpwd/form.py @@ -0,0 +1,34 @@ +from django.forms import fields as c_fields +from django import forms as c_forms +from django.core.exceptions import ValidationError + + +class CheckForm(c_forms.Form): + new_password = c_fields.RegexField( + '(?=.*[0-9])(?=.*[a-zA-Z])(?=.*[^a-zA-Z0-9]).{8,30}', + # 密码必须同时包含大写、小写、数字和特殊字符其中三项且至少8位 + strip=True, + min_length=8, + max_length=30, + error_messages={'required': '新密码不能为空.', + 'invalid': '密码必须包含数字,字母、特殊字符', + 'min_length': "密码长度不能小于8个字符", + 'max_length': "密码长度不能大于30个字符"} + ) + old_password = c_fields.CharField(error_messages={'required': '确认密码不能为空'}) + ensure_password = c_fields.CharField(error_messages={'required': '确认密码不能为空'}) + user_email = c_fields.CharField(error_messages={'required': '邮箱不能为空', 'invalid': '邮箱格式错误'}) + + def clean(self): + pwd0 = self.cleaned_data.get('old_password') + pwd1 = self.cleaned_data.get('new_password') + pwd2 = self.cleaned_data.get('ensure_password') + if pwd1 == pwd2: + pass + elif pwd0 == pwd1: + # 这里异常模块导入要放在函数里面,放到文件开头有时会报错,找不到 + from django.core.exceptions import ValidationError + raise ValidationError('新旧密码不能一样') + else: + from django.core.exceptions import ValidationError + raise ValidationError('新密码和确认密码输入不一致') diff --git a/resetpwd/migrations/__pycache__/__init__.cpython-36.pyc b/resetpwd/migrations/__pycache__/__init__.cpython-36.pyc new file mode 100644 index 0000000..49bc7fc Binary files /dev/null and b/resetpwd/migrations/__pycache__/__init__.cpython-36.pyc differ diff --git a/resetpwd/tests.py b/resetpwd/tests.py deleted file mode 100644 index 7ce503c..0000000 --- a/resetpwd/tests.py +++ /dev/null @@ -1,3 +0,0 @@ -from django.test import TestCase - -# Create your tests here. diff --git a/resetpwd/utils/ad.py b/resetpwd/utils/ad.py index 131b0e1..7770b6e 100644 --- a/resetpwd/utils/ad.py +++ b/resetpwd/utils/ad.py @@ -3,6 +3,10 @@ from pwdselfservice.local_settings import * def __ad_connect(): + """ + AD连接器 + :return: + """ username = str(AD_LOGIN_USER).lower() server = Server(host=AD_HOST, use_ssl=True, port=636, get_info='ALL') try: @@ -22,7 +26,9 @@ def ad_ensure_user_by_sam(username): base_dn = BASE_DN condition = '(&(objectclass=person)(mail=' + username + '))' attributes = ['sAMAccountName'] - return conn.search(base_dn, condition, attributes=attributes) + result = conn.search(base_dn, condition, attributes=attributes) + conn.unbind() + return result def ad_ensure_user_by_mail(user_mail_addr): @@ -35,10 +41,17 @@ def ad_ensure_user_by_mail(user_mail_addr): base_dn = BASE_DN condition = '(&(objectclass=person)(mail=' + user_mail_addr + '))' attributes = ['mail'] - return conn.search(base_dn, condition, attributes=attributes) + result = conn.search(base_dn, condition, attributes=attributes) + conn.unbind() + return result def ad_get_user_displayname_by_mail(user_mail_addr): + """ + 通过mail查询某个用户的显示名 + :param user_mail_addr: + :return: user_displayname + """ conn = __ad_connect() conn.search(BASE_DN, '(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=[ 'displayName']) @@ -48,22 +61,39 @@ def ad_get_user_displayname_by_mail(user_mail_addr): def ad_get_user_dn_by_mail(user_mail_addr): + """ + 通过mail查询某个用户的完整DN + :param user_mail_addr: + :return: DN + """ conn = __ad_connect() conn.search(BASE_DN, '(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=['distinguishedName']) user_dn = conn.entries[0]['distinguishedName'] + conn.unbind() return user_dn def ad_get_user_status_by_mail(user_mail_addr): + """ + 通过mail查询某个用户的账号状态 + :param user_mail_addr: + :return: user_account_control code + """ conn = __ad_connect() conn.search(BASE_DN, '(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=['userAccountControl']) user_account_control = conn.entries[0]['userAccountControl'] + conn.unbind() return user_account_control def ad_unlock_user_by_mail(user_mail_addr): + """ + 通过mail解锁某个用户 + :param user_mail_addr: + :return: + """ conn = __ad_connect() user_dn = ad_get_user_dn_by_mail(user_mail_addr) result = conn.extend.microsoft.unlock_account(user="%s" % user_dn) @@ -72,6 +102,11 @@ def ad_unlock_user_by_mail(user_mail_addr): def ad_reset_user_pwd_by_mail(user_mail_addr, new_password): + """ + 通过mail重置某个用户的密码 + :param user_mail_addr: + :return: + """ conn = __ad_connect() user_dn = ad_get_user_dn_by_mail(user_mail_addr) result = conn.extend.microsoft.modify_password(user="%s" % user_dn, new_password="%s" % new_password) @@ -80,6 +115,11 @@ def ad_reset_user_pwd_by_mail(user_mail_addr, new_password): def ad_modify_user_pwd_by_mail(user_mail_addr, old_password, new_password): + """ + 通过mail修改某个用户的密码 + :param user_mail_addr: + :return: + """ conn = __ad_connect() user_dn = ad_get_user_dn_by_mail(user_mail_addr) result = conn.extend.microsoft.modify_password(user="%s" % user_dn, new_password="%s" % new_password, @@ -89,10 +129,15 @@ def ad_modify_user_pwd_by_mail(user_mail_addr, old_password, new_password): def ad_get_user_locked_status_by_mail(user_mail_addr): + """ + 通过mail获取某个用户账号是否被锁定 + :param user_mail_addr: + :return: 如果结果是1601-01-01说明账号未锁定,返回0 + """ conn = __ad_connect() conn.search(BASE_DN, '(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=['lockoutTime']) locked_status = conn.entries[0]['lockoutTime'] - print(locked_status) + conn.unbind() if '1601-01-01' in str(locked_status): return 0 else: diff --git a/resetpwd/utils/dingding.py b/resetpwd/utils/dingding.py index 845bede..5c64bf7 100644 --- a/resetpwd/utils/dingding.py +++ b/resetpwd/utils/dingding.py @@ -4,6 +4,10 @@ from pwdselfservice.local_settings import * def ding_get_access_token(): + """ + 获取钉钉access token + :return: + """ resp = requests.get( url=DING_URL + "/gettoken", params=dict(appid=DING_SELF_APP_ID, appsecret=DING_SELF_APP_SECRET) @@ -16,6 +20,10 @@ def ding_get_access_token(): def ding_get_persistent_code(code, token): + """ + 获取钉钉当前用户的unionid + :return: + """ resp = requests.post( url="%s/get_persistent_code?access_token=%s" % (DING_URL, token), json=dict(tmp_auth_code=code), @@ -28,11 +36,20 @@ def ding_get_persistent_code(code, token): def ding_client_connect(): + """ + 钉钉连接器 + :return: + """ client = AppKeyClient(corp_id=DING_CORP_ID, app_key=DING_APP_KEY, app_secret=DING_APP_SECRET) return client def ding_get_dept_user_list_detail(dept_id, offset, size): + """ + 获取部门中的用户列表详细清单 + :param code: + :return: + """ client = ding_client_connect() result = client.user.list(department_id=dept_id, offset=offset, size=size) return result diff --git a/resetpwd/utils/pwdcheck.py b/resetpwd/utils/pwdcheck.py index fadea44..6fa71a5 100644 --- a/resetpwd/utils/pwdcheck.py +++ b/resetpwd/utils/pwdcheck.py @@ -4,12 +4,12 @@ from django.contrib import messages from dingtalk import * from resetpwd.models import * from .crypto import Crypto -from .ad import ad_get_user_locked_status_by_mail, ad_unlock_user_by_mail, ad_reset_user_pwd_by_mail, \ +from resetpwd.utils.ad import ad_get_user_locked_status_by_mail, ad_unlock_user_by_mail, ad_reset_user_pwd_by_mail, \ ad_get_user_status_by_mail, ad_ensure_user_by_mail, ad_modify_user_pwd_by_mail from .dingding import ding_get_userinfo_detail, ding_get_userid_by_unionid, ding_get_userinfo_by_code, \ ding_get_persistent_code, ding_get_access_token from pwdselfservice.local_settings import * -from .form import * +from resetpwd.form import * class CustomPasswortValidator(object): diff --git a/resetpwd/views.py b/resetpwd/views.py index 209a1d7..d46a7ac 100644 --- a/resetpwd/views.py +++ b/resetpwd/views.py @@ -6,17 +6,20 @@ from resetpwd.utils.ad import ad_get_user_locked_status_by_mail, ad_unlock_user_ from resetpwd.utils.dingding import ding_get_userinfo_detail, ding_get_userid_by_unionid, \ ding_get_persistent_code, ding_get_access_token from pwdselfservice.local_settings import * -from resetpwd.utils.form import CheckForm +from .form import CheckForm import logging - msg_template = 'msg.html' -home_url = HOME_URL logger = logging.getLogger('django') def resetpwd_index(request): - home_url = HOME_URL + """ + 用户修改密码 + :param request: + :return: + """ + home_url = '%s://%s' % (request.scheme, HOME_URL) app_id = DING_SELF_APP_ID if request.method == 'GET': return render(request, 'index.html', locals()) @@ -24,8 +27,8 @@ def resetpwd_index(request): logger.error('[异常] 请求方法:%s,请求路径:%s' % (request.method, request.path)) if request.method == 'POST': + # 对前端提交的数据进行二次验证,防止恶意提交简单密码或串改账号。 check_form = CheckForm(request.POST) - # 对前端提交的用户名、密码进行二次验证,防止有人恶意修改前端JS提交简单密码或提交非法用户 if check_form.is_valid(): form_obj = check_form.cleaned_data user_email = form_obj.get("user_email") @@ -41,55 +44,81 @@ def resetpwd_index(request): } return render(request, msg_template, context) - try: - # 判断账号是否被锁定 - if ad_get_user_locked_status_by_mail(user_mail_addr=user_email) is not 0: - context = { - 'msg': "此账号己被锁定,请先解锁账号。", - 'button_click': "window.history.back()", - 'button_display': "返回" - } - return render(request, msg_template, context) + if user_email and old_password and new_password: + try: + # 判断账号是否被锁定 + if ad_get_user_locked_status_by_mail(user_mail_addr=user_email) is not 0: + context = { + 'msg': "此账号己被锁定,请先解锁账号。", + 'button_click': "window.history.back()", + 'button_display': "返回" + } + return render(request, msg_template, context) - # 判断账号状态是否禁用或锁定 - if ad_get_user_status_by_mail(user_mail_addr=user_email) == 514 or ad_get_user_status_by_mail( - user_mail_addr=user_email) == 66050: + # 514 66050是AD中账号被禁用的特定代码,这个可以在微软官网查到。 + if ad_get_user_status_by_mail(user_mail_addr=user_email) == 514 or ad_get_user_status_by_mail( + user_mail_addr=user_email) == 66050: + context = { + 'msg': "此账号状态为己禁用,请联系HR确认账号是否正确。", + 'button_click': "window.location.href='%s'" % home_url, + 'button_display': "返回主页" + } + return render(request, msg_template, context) + + try: + result = ad_modify_user_pwd_by_mail(user_mail_addr=user_email, old_password=old_password, + new_password=new_password) + if result: + context = { + 'msg': "密码己修改成功,请妥善保管密码。你可直接关闭此页面!", + 'button_click': "window.location.href='%s'" % home_url, + 'button_display': "返回主页" + } + return render(request, msg_template, context) + + else: + context = { + 'msg': "密码未修改成功,请确认旧密码是否正确。", + 'button_click': "window.history.back()", + 'button_display': "返回" + } + return render(request, msg_template, context) + + except IndexError: + context = { + 'msg': "请确认邮箱账号[%s]是否正确?未能在Active Directory中检索到相关信息。" % user_email, + 'button_click': "window.location.href='%s'" % home_url, + 'button_display': "返回主页" + } + return render(request, msg_template, context) + + except Exception as e: + context = { + 'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e), + 'button_click': "window.location.href='%s'" % home_url, + 'button_display': "返回主页" + } + return render(request, msg_template, context) + + except IndexError: context = { - 'msg': "此账号状态为己禁用,请联系HR确认账号是否正确。", + 'msg': "请确认邮箱账号[%s]是否正确?未能在Active Directory中检索到相关信息。" % user_email, 'button_click': "window.location.href='%s'" % home_url, 'button_display': "返回主页" } return render(request, msg_template, context) - except IndexError: - context = { - 'msg': "请确认邮箱账号[%s]是否正确?未能在Active Directory中检索到相关信息。" % user_email, - 'button_click': "window.location.href='%s'" % home_url, - 'button_display': "返回主页" - } - return render(request, msg_template, context) - except Exception as e: - context = { - 'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e), - 'button_click': "window.history.back()", - 'button_display': "返回" - } - return render(request, msg_template, context) - - # 修改密码 - result = ad_modify_user_pwd_by_mail(user_mail_addr=user_email, old_password=old_password, - new_password=new_password) - if result is True: - context = { - 'msg': "密码己修改成功,请妥善保管密码。你可直接关闭此页面!", - 'button_click': "window.location.href='%s'" % home_url, - 'button_display': "返回主页" - } - return render(request, msg_template, context) + except Exception as e: + context = { + 'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e), + 'button_click': "window.history.back()", + 'button_display': "返回" + } + return render(request, msg_template, context) else: context = { - 'msg': "密码未修改成功,请确认旧密码是否正确。", + 'msg': "用户名、旧密码、新密码参数不正确,请重新确认后输入。", 'button_click': "window.history.back()", 'button_display': "返回" } @@ -105,6 +134,13 @@ def resetpwd_index(request): def resetpwd_check_userinfo(request): + """ + 钉钉扫码回调数据对用户在AD中进行验证 + 扫码之后从钉钉中取出用户的unionid + :param request: + :return: + """ + home_url = '%s://%s' % (request.scheme, HOME_URL) code = request.GET.get('code') if code: logger.info('[成功] 请求方法:%s,请求路径:%s,CODE:%s' % (request.method, request.path, code)) @@ -112,7 +148,7 @@ def resetpwd_check_userinfo(request): logger.error('[异常] 请求方法:%s,请求路径:%s,未能拿到CODE。' % (request.method, request.path)) try: unionid = ding_get_persistent_code(code, ding_get_access_token()) - # unionid 在钉钉企业中是否存在 + # 判断 unionid 在本企业钉钉中是否存在 if not unionid: logger.error('[异常] 请求方法:%s,请求路径:%s,未能拿到unionid。' % (request.method, request.path)) context = { @@ -127,8 +163,9 @@ def resetpwd_check_userinfo(request): # 钉钉中此账号是否可用 if ding_user_info['active']: crypto = Crypto(CRYPTO_KEY) + # 对unionid进行加密,因为unionid基本上固定不变的,为了防止unionid泄露而导致重复使用,进行加密后再传回。 unionid_cryto = crypto.encrypt(unionid) - # 配置cookie,并重定向到重置密码页面。 + # 配置cookie,通过cookie把加密后的用户unionid传到重置密码页面,并重定向到重置密码页面。 set_cookie = HttpResponseRedirect('resetpwd') set_cookie.set_cookie('tmpid', unionid_cryto, expires=TMPID_COOKIE_AGE) return set_cookie @@ -144,7 +181,7 @@ def resetpwd_check_userinfo(request): 'msg': "用户不存在或己离职", 'button_click': "window.location.href='%s'" % home_url, 'button_display': "返回主页" - } + } return render(request, msg_template, context) except Exception as e: logger.error('[异常] :%s' % str(e)) @@ -169,7 +206,14 @@ def resetpwd_check_userinfo(request): def resetpwd_reset(request): + """ + 钉钉扫码并验证信息之后,在重置密码页面将用户邮箱进行绑定 + :param request: + :return: + """ global unionid_crypto + home_url = '%s://%s' % (request.scheme, HOME_URL) + # 从cookie中提取unionid,并解密,然后对当前unionid的用户进行重置密码 if request.method == 'GET': try: unionid_crypto = request.COOKIES.get('tmpid') @@ -183,14 +227,18 @@ def resetpwd_reset(request): 'button_display': "返回主页" } return render(request, msg_template, context) + # 解密 crypto = Crypto(CRYPTO_KEY) unionid = crypto.decrypt(unionid_crypto) + # 通过unionid在钉钉中拿到用户的邮箱 user_email = ding_get_userinfo_detail(ding_get_userid_by_unionid(unionid))['email'] + # 如果邮箱在钉钉中能提取,则提交到前端绑定 if user_email: context = { 'user_email': user_email, } return render(request, 'resetpwd.html', context) + # 否则就是钉钉中此用户未配置邮箱,返回相关提示 else: context = { 'msg': "%s 您好,企业钉钉中未能找到您账号的邮箱配置,请联系HR完善信息。" % ding_get_userinfo_detail(ding_get_userid_by_unionid( @@ -200,9 +248,11 @@ def resetpwd_reset(request): } return render(request, msg_template, context) + # 重置密码页面,输入新密码后点击提交 elif request.method == 'POST': new_password = request.POST.get('new_password').strip() unionid_crypto = request.COOKIES.get('tmpid') + # 对cookie中的unionid进行超时验证,如果页面超时就不再做处理。 if not unionid_crypto: context = { 'msg': "会话己超时,请重新扫码验证用户信息。", @@ -271,6 +321,12 @@ def resetpwd_reset(request): def resetpwd_unlock(request): + """ + 解锁账号 + :param request: + :return: + """ + home_url = '%s://%s' % (request.scheme, HOME_URL) if request.method == 'GET': unionid_crypto = request.COOKIES.get('tmpid') if not unionid_crypto: @@ -308,37 +364,37 @@ def resetpwd_unlock(request): 'button_display': "返回主页" } return render(request, msg_template, context) - - try: - result = ad_unlock_user_by_mail(user_email) - if result: + else: + try: + result = ad_unlock_user_by_mail(user_email) + if result: + context = { + 'msg': "账号己解锁成功。你可以点击返回主页或直接关闭此页面!", + 'button_click': "window.location.href='%s'" % home_url, + 'button_display': "返回主页" + } + return render(request, msg_template, context) + else: + context = { + 'msg': "账号未能解锁,请联系管理员确认该账号在AD的是否己禁用。", + 'button_click': "window.location.href='%s'" % home_url, + 'button_display': "返回主页" + } + return render(request, msg_template, context) + except IndexError: context = { - 'msg': "账号己解锁成功。你可以点击返回主页或直接关闭此页面!", + 'msg': "请确认邮箱账号[%s]是否正确?未能在AD中检索到相关信息。" % user_email, 'button_click': "window.location.href='%s'" % home_url, 'button_display': "返回主页" } return render(request, msg_template, context) - else: + except Exception as e: context = { - 'msg': "账号未能解锁,请联系管理员确认该账号在AD的是否己禁用。", + 'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e), 'button_click': "window.location.href='%s'" % home_url, 'button_display': "返回主页" } return render(request, msg_template, context) - except IndexError: - context = { - 'msg': "请确认邮箱账号[%s]是否正确?未能在AD中检索到相关信息。" % user_email, - 'button_click': "window.location.href='%s'" % home_url, - 'button_display': "返回主页" - } - return render(request, msg_template, context) - except Exception as e: - context = { - 'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e), - 'button_click': "window.location.href='%s'" % home_url, - 'button_display': "返回主页" - } - return render(request, msg_template, context) else: context = { 'msg': "请从主页开始进行操作。", diff --git a/static/css/login_v2.css b/static/css/login_v2.css new file mode 100644 index 0000000..f310752 --- /dev/null +++ b/static/css/login_v2.css @@ -0,0 +1,119 @@ +a, body, button, dd, div, dl, dt, h1, h2, h3, h4, h5, h6, input, li, ol, p, td, textarea, ul { margin: 0; padding: 0; } +body, button, input, select, textarea { font: 9pt/1.5 tahoma,arial,Hiragino Sans GB,\5b8b\4f53,sans-serif; } +button, h1, h2, h3, h4, h5, h6, input, select, textarea { font-size: 100%; } + /*background-image: linear-gradient(160deg, #2f548e 20%,#043559 80%);*/ +html{height: 100%; background-image: linear-gradient(160deg, #2f548e 20%,#043559 80%);} +ol, ul { list-style: none;} +a { color: #666; text-decoration: none; } +a:hover { color: #043559; text-decoration: underline; } +body { font-size: 9pt; height: 100%; + font-family: 'microsoft yahei', sans-serif; min-width: 750pt; margin: 0; overflow: hidden} +img { border: 0; vertical-align: top; } +textarea { resize: none; } +a, button, input, select, textarea { outline: 0; } +a, button { cursor: pointer; } +button { border: none; } +.errorlist {font-size: 16px; color: #333333} +.pagewrap {height: 100% } +.main { position: relative; margin-top:0; width: 100%; height: 100%} +.header {height: 100px;margin-bottom: 5%;margin-left: 50px; background: url(/static/img/rgec.png) left center no-repeat; } +.header h1 a { display: block; } +.content { overflow: hidden; margin-left: 10% } +.content .con_left { float: left; height: 450px; width: 50%; margin-top: 65px} +/*.content .con_left .box {position: absolute; width: 400px; height:400px; left: 50%; right: 50%; margin-left: -100px; margin-right: -100px;}*/ +.content .con_left p { padding: 0 0 3px; width: 10pc; color: #040000; font-size: 1pc; font-family: 'microsoft yahei', sans-serif; } +.content .con_left a { padding: 0 0 0 2pc; color: #2f548e; text-decoration: underline; font-size: 1pc; font-family: 'microsoft yahei', sans-serif; } +.content .con_right { float: left; margin: 65px 0 0; width: 28pc; height: 450px; border: 1px solid #dedede; background: #fff; } +.content .con_right .con_r_top { padding: 0 0 0 39px; width: 409px; height: 110px; border-top: 8px solid #2e558e; } +.content .con_right .con_r_top .left, .content .con_right .con_r_top .right { float: left; padding: 35px 0 0; width: 186px; height: 35px; text-align: center; text-decoration: none; font-size: 18px; font-family: "微软雅黑"; } +.content .con_right .con_r_top .left { border-bottom: 2px solid #dedede; color: #999; } +.content .con_right ul .con_r_left .erweima { text-align: center; } +.content .con_right ul .con_r_left p {color: #2f548e; font-size: 25px; font-family: 'microsoft yahei', sans-serif; } +.content .con_right ul .con_r_left .user input { margin: 0 0 1px -1px; padding-left: 7px; width: 324px; height: 33px; border: 1px solid #dedede; color: #999; font-size: 14px; font-family: "微软雅黑"; line-height: 2pc; } +.content .con_right ul .con_r_left .user { padding: 0 0 0 39px; } +.content .con_right ul .con_r_left .user ul{font-size: 16px; color: #333333} +.content .con_right ul .con_r_left .user li{font-size: 16px; color: #333333} +.content .con_right ul .con_r_left .user .user-icon { float: left; width: 36px; height: 35px; background: url(../img/user-icon.jpg) left top no-repeat; } +.content .con_right ul .con_r_left .user .mima-icon { float: left; width: 36px; height: 35px; background: url(../img/mima-icon.jpg) left top no-repeat; } +.content .con_right ul .con_r_left .user .unlock-icon { float: left; width: 36px; height: 35px; background: url(../img/unlock.jpg) left top no-repeat; } +.content .con_right ul .con_r_left p { overflow: hidden; padding: 0 39px 37px; color: #666; font-size: 13px; font-family: 'microsoft yahei', sans-serif; } +.content .con_right ul .con_r_left p .mima { float: left; padding-left: 5px; text-decoration: none; } +.content .con_right ul .con_r_left p .zhuce { float: right; text-decoration: none; } +.content .con_right ul .con_r_left button { margin: 0 0 0 75pt; width: 250px; height: 44px; background: #2e558e; color: #fff; font-size: 1pc; font-family: 'microsoft yahei', sans-serif; } +.content .con_right .con_r_top .right { border-bottom: 2px solid #2e558e; color: #333; } +.content .con_right ul .con_r_right .user input { margin: 0 0 1px -1px; padding-left: 7px; width: 324px; height: 33px; border: 1px solid #dedede; color: #999; font-size: 14px; font-family: "微软雅黑"; line-height: 2pc; } +.content .con_right ul .con_r_right .user { padding: 0 0 0 39px; } +.content .con_right ul .con_r_right .user ul{font-size: 16px; color: #333333} +.content .con_right ul .con_r_right .user li{font-size: 16px; color: #333333} +.content .con_right ul .con_r_right .user .user-icon { float: left; width: 36px; height: 35px; background: url(../img/user-icon.jpg) left top no-repeat; } +.content .con_right ul .con_r_right .user .mima-icon { float: left; width: 36px; height: 35px; background: url(../img/mima-icon.jpg) left top no-repeat; } +.content .con_right ul .con_r_right .user .unlock-icon { float: left; width: 36px; height: 35px; background: url(../img/unlock.jpg) left top no-repeat; } +.content .con_right ul .con_r_right p { overflow: hidden; padding: 0 39px 37px; color: #666; font-size: 13px; font-family: 'microsoft yahei', sans-serif; } +.content .con_right ul .con_r_right p .mima { float: left; padding-left: 5px; text-decoration: none; } +.content .con_right ul .con_r_right p .zhuce { float: right; text-decoration: none; } +.content .con_right ul .con_r_right button { margin: 0 0 0 75pt; width: 250px; height: 44px; background: #2e558e; color: #fff; font-size: 1pc; font-family: 'microsoft yahei', sans-serif; } +.content .con_right ul .con_r_left { display: none; } +.con_right ul .con_r_left .erweima { position: relative; margin: 0 auto; width: 365px; height: 330px; } +.qrcode { position: absolute; top: 0; left: 0; width: 174px; height: 11pc; } +.divimg { position: absolute; top: 50%; left: 50%; z-index: 100; overflow: hidden; margin-top: -15px; margin-left: -30px; padding: 1px; width: 60px; height: 30px; border: 1px solid #eee; border-radius: .5rem; background: #fff; opacity: .9; filter: alpha(opacity=90); -moz-opacity: .9; } +.content .con_right ul .con_r_right .user .yanzheng { width: 150px; margin: 0 5px 10px 1px; padding-left: 5px; } +.content .con_right ul .con_r_right .user .next { font-size: 12px; width: 40px; height: 33px; float: right; margin-right: 40px; } +.content .con_right .con_r_top { *height: 90px; } + +.autoWidth{margin:0 auto;min-width:1000px;max-width:1200px} +.auto{margin:0 auto;min-width:1000px;max-width:1200px} +@media screen and (max-width:1233px){.auto{padding-left:10px} +} +.clearfix:after,.clearfix:before{display:table;line-height:0;content:""} +.clearfix:after{clear:both} +.clear-float{clear:both} + +.footer{background-color:#009fd9;font-family: 'microsoft yahei', sans-serif; } +.footer-floor1{width:100%;padding:36px 0 60px} +.footer-list{width:69%;height:100%;float:left} +.footer-list ul{float:left;margin-right:13%} +.footer-list .flist-4{margin-right:0} +.footer-list li{line-height:32px} +.footer-list li a{color:#b6e2f2;font-size:12px;text-decoration:none} +.footer-list li a:hover{text-decoration:underline;color:#fff} +.footer-list .flist-title{font-size:16px;color:#fff;margin-bottom:15px} +.footer-floor2{width:100%;border-top:1px solid #4cc3ed;padding:20px 0;text-align:center} +.footer-floor2 p{text-align:center;color:#b6e2f2;font-size:12px;line-height:30px} +.footer-floor2 p span{font-family:PingFangSC-Light,'helvetica neue','hiragino sans gb',tahoma,'microsoft yahei ui','microsoft yahei',sans-serif} +.footer-floor2 a{color:#b6e2f2} +.footer-floor2 a:hover{color:#a8d0e0;text-decoration:underline} +.foot-link{margin:0 15px;text-decoration:none;color:#b6e2f2} +.foot-link:hover{text-decoration:underline} +.footer-right{width:300px;float:right} +.telephone{width:100%;height:32px;line-height:32px;color:#fff} +.telephone .tel-number{font-size:30px;font-weight:400;text-align:right} +.official-plat{width:100%;height:100%;margin-top:20px;position:relative} +.official-plat ul{float:right;margin-top:7px} +.official-plat ul li{height:45px} +.official-plat ul a{display:inline-block;height:32px;width:100%;line-height:32px;color:#fff;text-decoration:none;font-size:12px} +.official-plat>p{display:inline-block;width:132px;height:132px;border:1px solid #ddd;background-color:#fff} +#wx-corner{border:10px solid transparent;border-left:10px solid #fff;position:absolute;top:12px;right:-20px;z-index:10} +#wb-corner{border:10px solid transparent;border-left:10px solid #fff;position:absolute;top:58px;right:-20px;z-index:10} +.five-superiority{width:100%;border-bottom:1px solid #27aede;padding:10px 0 20px} +.five-superiority-list li{float:left;width:20%;height:36px;text-align:center;border-left:1px solid #27aede} +.five-superiority-list li:first-child{border-left:none} +.five-superiority-list li a{display:inline-block;position:relative;width:100%;height:36px;line-height:36px;background:no-repeat 2% center;text-indent:2em;color:#fff;font-size:16px} +.five-superiority-list li a:hover{color:#bfe7f5} +.five-superiority-list li a.superiority-text{text-indent:4em} +.compensate_ico .superiority-icon{background-position:0 0} +.compensate_ico:hover .superiority-icon{background-position:0 -50px} +.retreat_ico .superiority-icon{background-position:0 -100px} +.retreat_ico:hover .superiority-icon{background-position:0 -150px} +.technology_ico .superiority-icon{background-position:0 -200px} +.technology_ico:hover .superiority-icon{background-position:0 -250px} +.prepare_ico .superiority-icon{background-position:0 -300px} +.prepare_ico:hover .superiority-icon{background-position:0 -350px} +.service_ico .superiority-icon{background-position:0 -400px} +.service_ico:hover .superiority-icon{background-position:0 -450px} +.marquee-box{overflow:hidden;width:100%;position:absolute;left:0;top:0} +.marquee{width:8000%;height:60px} +.wave-list-box{float:left} +.wave-list-box ul{float:left;height:60px;overflow:hidden;zoom:1} +.wave-list-box ul li{height:60px;width:100%;float:left;line-height:30px;list-style:none} +.wave-box{position:relative;height:60px;background:#fff} + diff --git a/static/css/style_v2.css b/static/css/style_v2.css new file mode 100644 index 0000000..01f0f7c --- /dev/null +++ b/static/css/style_v2.css @@ -0,0 +1,66 @@ +*{margin:0;padding:0;box-sizing:border-box;list-style:none} +html{height: 100%; width:100%} +body{font-family:"Microsoft Yahei";min-width:1000px} +a{outline:0;text-decoration:none} +strong{font-weight:400} +.strong{font-weight:700} +::selection{background:#1EACDF;color:#fff} +img{border:0} +::-moz-selection{background:#1EACDF;color:#fff} +::-webkit-selection{background:#1EACDF;color:#fff} +.autoWidth{margin:0 auto;min-width:1000px;max-width:1200px} +.auto{margin:0 auto;min-width:1000px;max-width:1200px} +@media screen and (max-width:1233px){.auto{padding-left:10px} +} +.clearfix:after,.clearfix:before{display:table;line-height:0;content:""} +.clearfix:after{clear:both} +.clear-float{clear:both} + + + +.footer{background-color:#009fd9;font-family:"Microsoft Yahei"} +.footer-floor1{width:100%;padding:36px 0 60px} +.footer-list{width:69%;height:100%;float:left} +.footer-list ul{float:left;margin-right:13%} +.footer-list .flist-4{margin-right:0} +.footer-list li{line-height:32px} +.footer-list li a{color:#b6e2f2;font-size:12px;text-decoration:none} +.footer-list li a:hover{text-decoration:underline;color:#fff} +.footer-list .flist-title{font-size:16px;color:#fff;margin-bottom:15px} +.footer-floor2{width:100%;border-top:1px solid #4cc3ed;padding:20px 0;text-align:center} +.footer-floor2 p{text-align:center;color:#b6e2f2;font-size:12px;line-height:30px} +.footer-floor2 p span{font-family:PingFangSC-Light,'helvetica neue','hiragino sans gb',tahoma,'microsoft yahei ui','microsoft yahei',simsun,sans-serif} +.footer-floor2 a{color:#b6e2f2} +.footer-floor2 a:hover{color:#a8d0e0;text-decoration:underline} +.foot-link{margin:0 15px;text-decoration:none;color:#b6e2f2} +.foot-link:hover{text-decoration:underline} +.footer-right{width:300px;float:right} +.official-plat{width:100%;height:100%;margin-top:20px;position:relative} +.official-plat ul{float:right;margin-top:7px} +.official-plat ul li{height:45px} +.official-plat ul a{display:inline-block;height:32px;width:100%;line-height:32px;color:#fff;text-decoration:none;font-size:12px} +.official-plat>p{display:inline-block;width:132px;height:132px;border:1px solid #ddd;background-color:#fff} +#wx-corner{border:10px solid transparent;border-left:10px solid #fff;position:absolute;top:12px;right:-20px;z-index:10} +#wb-corner{border:10px solid transparent;border-left:10px solid #fff;position:absolute;top:58px;right:-20px;z-index:10} +.five-superiority{width:100%;border-bottom:1px solid #27aede;padding:10px 0 20px} +.five-superiority-list li{float:left;width:20%;height:36px;text-align:center;border-left:1px solid #27aede} +.five-superiority-list li:first-child{border-left:none} +.five-superiority-list li a{display:inline-block;position:relative;width:100%;height:36px;line-height:36px;background:no-repeat 2% center;text-indent:2em;color:#fff;font-size:16px} +.five-superiority-list li a:hover{color:#bfe7f5} +.five-superiority-list li a.superiority-text{text-indent:4em} +.compensate_ico .superiority-icon{background-position:0 0} +.compensate_ico:hover .superiority-icon{background-position:0 -50px} +.retreat_ico .superiority-icon{background-position:0 -100px} +.retreat_ico:hover .superiority-icon{background-position:0 -150px} +.technology_ico .superiority-icon{background-position:0 -200px} +.technology_ico:hover .superiority-icon{background-position:0 -250px} +.prepare_ico .superiority-icon{background-position:0 -300px} +.prepare_ico:hover .superiority-icon{background-position:0 -350px} +.service_ico .superiority-icon{background-position:0 -400px} +.service_ico:hover .superiority-icon{background-position:0 -450px} +.marquee-box{overflow:hidden;width:100%;position:absolute;left:0;top:0} +.marquee{width:8000%;height:60px} +.wave-list-box{float:left} +.wave-list-box ul{float:left;height:60px;overflow:hidden;zoom:1} +.wave-list-box ul li{height:60px;width:100%;float:left;line-height:30px;list-style:none} +.wave-box{position:relative;height:60px;background:#fff} diff --git a/static/img/logo.png b/static/img/logo.png new file mode 100644 index 0000000..c14b9a4 Binary files /dev/null and b/static/img/logo.png differ diff --git a/templates/index.html b/templates/index.html index 26cc1ad..86513a0 100644 --- a/templates/index.html +++ b/templates/index.html @@ -63,7 +63,6 @@ var home_url = "{{ home_url }}"; // 钉钉移动应用接入ID var appid = "{{ app_id }}"; - // 钉钉回调域名 var url = encodeURIComponent(home_url + '/resetcheck'); var goto = encodeURIComponent('https://oapi.dingtalk.com/connect/oauth2/sns_authorize?appid=' + appid + '&response_type=code&scope=snsapi_login&state=STATE&redirect_uri=' + url); var obj = DDLogin({ @@ -105,8 +104,7 @@ <script type="text/javascript"> window.onload=function() { if (!!window.ActiveXObject || "ActiveXObject" in window) - alert("您当前使用的浏览器为IE或IE内核,因为IE各种体验问题,本网站不对IE兼容。\n为能正常使用密码自助修改服务,请更换谷歌、火狐等非IE核心的浏览器。\n如果是360、Maxthon" + - "等这类双核心浏览器,请切换至[极速模式]亦可。") + alert("您当前使用的浏览器为IE或IE内核,因为IE各种体验问题,本网站不对IE兼容。\n为能正常使用密码自助修改服务,请更换谷歌、火狐等非IE核心的浏览器。\n如果是360、Maxthon等这类双核心浏览器,请切换至[极速模式]亦可。") } </script> </body></html> \ No newline at end of file diff --git a/uwsgi.ini b/uwsgi.ini index 0b2d962..7ecedf7 100644 --- a/uwsgi.ini +++ b/uwsgi.ini @@ -1,10 +1,8 @@ [uwsgi] -http-socket = 192.168.90.111:8000 +http-socket = PWD_SELF_SERVICE_IP:PWD_SELF_SERVICE_PORT -# 项目目录 -chdir = /usr/local/wwwroot/ad-password-self-service - -# settings.py 里的wsgi名称 +chdir = PWD_SELF_SERVICE_HOME + module = pwdselfservice.wsgi:application master = true @@ -19,11 +17,12 @@ chmod-socket = 755 vacuum = true -#设置缓冲大小 +#设置缓冲 post-buffering = 4096 -#设置静态文件目录映射 -static-map = /static=/usr/local/wwwroot/ad-password-self-service/static +#设置静态文件 +static-map = /static=PWD_SELF_SERVICE_HOME/static + +#设置日志目录 +daemonize = PWD_SELF_SERVICE_HOME/log/uwsgi.log -#设置日志保存目录 -daemonize = /usr/local/wwwroot/log/uwsgi/uwsgi.log \ No newline at end of file diff --git a/uwsgiserver b/uwsgiserver new file mode 100644 index 0000000..ed6b0e2 --- /dev/null +++ b/uwsgiserver @@ -0,0 +1,53 @@ +#!/bin/sh +# Startup script for the uwsgi server +# chkconfig: - 85 15 +# description: uwsgi server is Web Server +# HTML files and CGI. +# processname: uwsgiserver + +INI="PWD_SELF_SERVICE_HOME/uwsgi.ini" +UWSGI="/usr/share/python-3.6.9/bin/uwsgi" +PSID="ps aux | grep "uwsgi"| grep -v "grep" | wc -l" + +if [ ! -n "$1" ] +then + content="Usages: sh uwsgiserver [start|stop|restart|status]" + echo -e "\033[31m $content \033[0m" + exit 0 +fi + +if [ $1 = start ] +then + if [ `eval $PSID` -gt 4 ] + then + content="uwsgi is running!" + echo -e "\033[32m $content \033[0m" + exit 0 + else + $UWSGI $INI + content="Start uwsgi service [OK]" + echo -e "\033[32m $content \033[0m" + fi + +elif [ $1 = stop ];then + if [ `eval $PSID` -gt 4 ];then + killall -9 uwsgi + fi + content="Stop uwsgi service [OK]" + echo -e "\033[32m $content \033[0m" + +elif [ $1 = restart ];then + if [ `eval $PSID` -gt 4 ];then + killall -9 uwsgi + fi + $UWSGI --ini $INI + content="Restart uwsgi service [OK]" + echo -e "\033[32m $content \033[0m" + +elif [ $1 = status ];then + ps -ef | grep uwsgi | grep -v "uwsgiserver" | grep -v "grep" + +else + content="Usages: sh uwsgiserver [start|stop|restart|status]" + echo -e "\033[31m $content \033[0m" +fi