7x31/ad-password-self-service
1
0
Fork 0
mirror of https://github.com/capricornxl/ad-password-self-service.git synced 2025-08-12 04:01:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

添加自动安装脚本,方便快速部署上线。

Browse Source 
调整部分代码,之前scheme是写死的https,考虑可能会有使用http,所以改成从request.scheme中取。
添加uwsgi启动脚本
This commit is contained in:
pwdselfservice
2020-04-01 17:28:51 +08:00
parent fa8beccc12
commit 1352586d70
33 changed files with 913 additions and 168 deletions
Download Patch File Download Diff File Expand all files Collapse all files

192
resetpwd/views.py
View File

@@ -6,17 +6,20 @@ from resetpwd.utils.ad import ad_get_user_locked_status_by_mail, ad_unlock_user_
from resetpwd.utils.dingding import ding_get_userinfo_detail, ding_get_userid_by_unionid, \
ding_get_persistent_code, ding_get_access_token
from pwdselfservice.local_settings import *
from resetpwd.utils.form import CheckForm
from .form import CheckForm
import logging
msg_template = 'msg.html'
home_url = HOME_URL
logger = logging.getLogger('django')
def resetpwd_index(request):
home_url = HOME_URL
"""
用户修改密码
:param request:
:return:
"""
home_url = '%s://%s' % (request.scheme, HOME_URL)
app_id = DING_SELF_APP_ID
if request.method == 'GET':
return render(request, 'index.html', locals())
@@ -24,8 +27,8 @@ def resetpwd_index(request):
logger.error('[异常] 请求方法:%s,请求路径:%s' % (request.method, request.path))
if request.method == 'POST':
# 对前端提交的数据进行二次验证,防止恶意提交简单密码或串改账号。
check_form = CheckForm(request.POST)
# 对前端提交的用户名、密码进行二次验证防止有人恶意修改前端JS提交简单密码或提交非法用户
if check_form.is_valid():
form_obj = check_form.cleaned_data
user_email = form_obj.get("user_email")
@@ -41,55 +44,81 @@ def resetpwd_index(request):
}
return render(request, msg_template, context)
try:
# 判断账号是否被锁定
if ad_get_user_locked_status_by_mail(user_mail_addr=user_email) is not 0:
context = {
'msg': "此账号己被锁定,请先解锁账号。",
'button_click': "window.history.back()",
'button_display': "返回"
}
return render(request, msg_template, context)
if user_email and old_password and new_password:
try:
# 判断账号是否被锁定
if ad_get_user_locked_status_by_mail(user_mail_addr=user_email) is not 0:
context = {
'msg': "此账号己被锁定,请先解锁账号。",
'button_click': "window.history.back()",
'button_display': "返回"
}
return render(request, msg_template, context)
# 判断账号状态是否禁用或锁定
if ad_get_user_status_by_mail(user_mail_addr=user_email) == 514 or ad_get_user_status_by_mail(
user_mail_addr=user_email) == 66050:
# 514 66050是AD中账号被禁用的特定代码这个可以在微软官网查到。
if ad_get_user_status_by_mail(user_mail_addr=user_email) == 514 or ad_get_user_status_by_mail(
user_mail_addr=user_email) == 66050:
context = {
'msg': "此账号状态为己禁用请联系HR确认账号是否正确。",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
try:
result = ad_modify_user_pwd_by_mail(user_mail_addr=user_email, old_password=old_password,
new_password=new_password)
if result:
context = {
'msg': "密码己修改成功,请妥善保管密码。你可直接关闭此页面!",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
else:
context = {
'msg': "密码未修改成功,请确认旧密码是否正确。",
'button_click': "window.history.back()",
'button_display': "返回"
}
return render(request, msg_template, context)
except IndexError:
context = {
'msg': "请确认邮箱账号[%s]是否正确未能在Active Directory中检索到相关信息。" % user_email,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
except Exception as e:
context = {
'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
except IndexError:
context = {
'msg': "此账号状态为己禁用请联系HR确认账号是否正确。",
'msg': "请确认邮箱账号[%s]是否正确未能在Active Directory中检索到相关信息。" % user_email,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
except IndexError:
context = {
'msg': "请确认邮箱账号[%s]是否正确未能在Active Directory中检索到相关信息。" % user_email,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
except Exception as e:
context = {
'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e),
'button_click': "window.history.back()",
'button_display': "返回"
}
return render(request, msg_template, context)
# 修改密码
result = ad_modify_user_pwd_by_mail(user_mail_addr=user_email, old_password=old_password,
new_password=new_password)
if result is True:
context = {
'msg': "密码己修改成功,请妥善保管密码。你可直接关闭此页面!",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
except Exception as e:
context = {
'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e),
'button_click': "window.history.back()",
'button_display': "返回"
}
return render(request, msg_template, context)
else:
context = {
'msg': "密码未修改成功,请确认旧密码是否正确",
'msg': "用户名、旧密码、新密码参数不正确,请重新确认后输入",
'button_click': "window.history.back()",
'button_display': "返回"
}
@@ -105,6 +134,13 @@ def resetpwd_index(request):
def resetpwd_check_userinfo(request):
"""
钉钉扫码回调数据对用户在AD中进行验证
扫码之后从钉钉中取出用户的unionid
:param request:
:return:
"""
home_url = '%s://%s' % (request.scheme, HOME_URL)
code = request.GET.get('code')
if code:
logger.info('[成功] 请求方法:%s,请求路径:%sCODE%s' % (request.method, request.path, code))
@@ -112,7 +148,7 @@ def resetpwd_check_userinfo(request):
logger.error('[异常] 请求方法:%s,请求路径:%s未能拿到CODE。' % (request.method, request.path))
try:
unionid = ding_get_persistent_code(code, ding_get_access_token())
# unionid 在钉钉企业中是否存在
# 判断 unionid 在本企业钉钉中是否存在
if not unionid:
logger.error('[异常] 请求方法:%s,请求路径:%s未能拿到unionid。' % (request.method, request.path))
context = {
@@ -127,8 +163,9 @@ def resetpwd_check_userinfo(request):
# 钉钉中此账号是否可用
if ding_user_info['active']:
crypto = Crypto(CRYPTO_KEY)
# 对unionid进行加密因为unionid基本上固定不变的为了防止unionid泄露而导致重复使用进行加密后再传回。
unionid_cryto = crypto.encrypt(unionid)
# 配置cookie并重定向到重置密码页面。
# 配置cookie通过cookie把加密后的用户unionid传到重置密码页面并重定向到重置密码页面。
set_cookie = HttpResponseRedirect('resetpwd')
set_cookie.set_cookie('tmpid', unionid_cryto, expires=TMPID_COOKIE_AGE)
return set_cookie
@@ -144,7 +181,7 @@ def resetpwd_check_userinfo(request):
'msg': "用户不存在或己离职",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
}
return render(request, msg_template, context)
except Exception as e:
logger.error('[异常] %s' % str(e))
@@ -169,7 +206,14 @@ def resetpwd_check_userinfo(request):
def resetpwd_reset(request):
"""
钉钉扫码并验证信息之后,在重置密码页面将用户邮箱进行绑定
:param request:
:return:
"""
global unionid_crypto
home_url = '%s://%s' % (request.scheme, HOME_URL)
# 从cookie中提取unionid并解密然后对当前unionid的用户进行重置密码
if request.method == 'GET':
try:
unionid_crypto = request.COOKIES.get('tmpid')
@@ -183,14 +227,18 @@ def resetpwd_reset(request):
'button_display': "返回主页"
}
return render(request, msg_template, context)
# 解密
crypto = Crypto(CRYPTO_KEY)
unionid = crypto.decrypt(unionid_crypto)
# 通过unionid在钉钉中拿到用户的邮箱
user_email = ding_get_userinfo_detail(ding_get_userid_by_unionid(unionid))['email']
# 如果邮箱在钉钉中能提取,则提交到前端绑定
if user_email:
context = {
'user_email': user_email,
}
return render(request, 'resetpwd.html', context)
# 否则就是钉钉中此用户未配置邮箱,返回相关提示
else:
context = {
'msg': "%s 您好企业钉钉中未能找到您账号的邮箱配置请联系HR完善信息。" % ding_get_userinfo_detail(ding_get_userid_by_unionid(
@@ -200,9 +248,11 @@ def resetpwd_reset(request):
}
return render(request, msg_template, context)
# 重置密码页面,输入新密码后点击提交
elif request.method == 'POST':
new_password = request.POST.get('new_password').strip()
unionid_crypto = request.COOKIES.get('tmpid')
# 对cookie中的unionid进行超时验证如果页面超时就不再做处理。
if not unionid_crypto:
context = {
'msg': "会话己超时,请重新扫码验证用户信息。",
@@ -271,6 +321,12 @@ def resetpwd_reset(request):
def resetpwd_unlock(request):
"""
解锁账号
:param request:
:return:
"""
home_url = '%s://%s' % (request.scheme, HOME_URL)
if request.method == 'GET':
unionid_crypto = request.COOKIES.get('tmpid')
if not unionid_crypto:
@@ -308,37 +364,37 @@ def resetpwd_unlock(request):
'button_display': "返回主页"
}
return render(request, msg_template, context)
try:
result = ad_unlock_user_by_mail(user_email)
if result:
else:
try:
result = ad_unlock_user_by_mail(user_email)
if result:
context = {
'msg': "账号己解锁成功。你可以点击返回主页或直接关闭此页面!",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
else:
context = {
'msg': "账号未能解锁请联系管理员确认该账号在AD的是否己禁用。",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
except IndexError:
context = {
'msg': "账号己解锁成功。你可以点击返回主页或直接关闭此页面!",
'msg': "请确认邮箱账号[%s]是否正确未能在AD中检索到相关信息。" % user_email,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
else:
except Exception as e:
context = {
'msg': "账号未能解锁请联系管理员确认该账号在AD的是否己禁用。",
'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
except IndexError:
context = {
'msg': "请确认邮箱账号[%s]是否正确未能在AD中检索到相关信息。" % user_email,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
except Exception as e:
context = {
'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
else:
context = {
'msg': "请从主页开始进行操作。",