添加自动安装脚本，方便快速部署上线。

调整部分代码，之前scheme是写死的https，考虑可能会有使用http，所以改成从request.scheme中取。
添加uwsgi启动脚本

.gitignore

@@ -1 +1,12 @@
+/.idea
 .idea
+jsLibraryMappings.xml
+misc.xml
+modules.xml
+pwdselfservice.iml
+remote-mappings.xml
+workspace.xml
+codeStyles
+inspectionProfiles
+deployment.xml
+encodings.xml

auto-install.sh

@@ -0,0 +1,255 @@
+#!/bin/bash
+echo -e "此脚本为快速部署，目前只做了Centos版本的，如果是其它系统请自行修改下相关命令\n请准备一个新的环境运行\n本脚本会快速安装相关的环境和所需要的服务\n如果你运行脚本的服务器中已经存在如：Nginx、Python3等，可能会破坏掉原有的应用配置。"
+
+##Check IP
+function check_ip() {
+    local IP=$1
+    VALID_CHECK=$(echo $IP|awk -F. '$1<=255&&$2<=255&&$3<=255&&$4<=255{print "yes"}')
+    if echo $IP|grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" >/dev/null; then
+        if [[ $VALID_CHECK == "yes" ]]; then
+            return 0
+        else
+            return 1
+        fi
+    else
+        return 1
+    fi
+}
+
+##Check domain
+function check_domain() {
+    local DOMAIN=$1
+    if echo $DOMAIN |grep -P "(?=^.{4,253}$)(^(?:[a-zA-Z0-9](?:(?:[a-zA-Z0-9\-]){0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$)" >/dev/null; then
+        return 0
+    else
+        return 1
+    fi
+}
+
+##Check Port
+function check_port() {
+    local PORT=$1
+    VALID_CHECK=$(echo $PORT|awk '$1<=65535&&$1>=1{print "yes"}')
+    if echo $PORT |grep -E "^([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]{1}|6553[0-5])$" >/dev/null; then
+        if [[ $VALID_CHECK == "yes" ]]; then
+            return 0
+        else
+            return 1
+        fi
+    else
+        return 1
+    fi
+}
+
+while :; do echo
+    echo "请确认你此台服务器是全新干净的，以防此脚本相关操作对正在运行的服务造成影响（不可逆）。"
+    read -p "请确认是否继续执行，输入 [y/n]: " ensure_yn
+    if [[ ! "${ensure_yn}" =~ ^[y,n]$ ]]; then
+      echo "输入有误，请输入 y 或 n"
+    else
+      break
+    fi
+done
+
+if [[ "${ensure_yn}" = n ]]; then
+    exit 0
+fi
+
+echo "======================================================================="
+while :; do echo
+    read -p "请输入密码自助平台使用的本机IP: " PWD_SELF_SERVICE_IP
+    check_ip ${PWD_SELF_SERVICE_IP}
+    if [[ $? -ne 0 ]]; then
+      echo "---输入的IP地址格式有误，请重新输入。"
+    else
+      break
+    fi
+done
+
+echo "======================================================================="
+while :; do echo
+    read -p "请输入密码自助平台使用的端口: " PWD_SELF_SERVICE_PORT
+    check_port ${PWD_SELF_SERVICE_PORT}
+    if [[ $? -ne 0 ]]; then
+      echo "---输入的端口有误，请重新输入。"
+    else
+      break
+    fi
+done
+
+echo "======================================================================="
+while :; do echo
+    read -p "请输入密码自助平台使用域名，例如：pwd.abc.com: " PWD_SELF_SERVICE_DOMAIN
+    check_domain ${PWD_SELF_SERVICE_DOMAIN}
+    if [[ $? -ne 0 ]]; then
+      echo "---输入的域名格式有误，请重新输入。"
+    else
+      break
+    fi
+done
+
+##当前脚本的绝对路径
+SHELL_FOLDER=$(dirname $(readlink -f "$0"))
+
+echo "关闭SELINUX"
+sudo setenforce 0
+sudo sed -i 's@SELINUX=*@SELINUX=disabled@g' /etc/selinux/config
+echo "DONE....."
+echo "关闭防火墙"
+sudo systemctl disable firewalld
+sudo systemctl stop firewalld
+echo "DONE....."
+
+echo "初始化编译环境----------"
+sudo yum install gcc patch libffi-devel python-devel zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel wget psmisc -y
+echo "======================================================================="
+echo "初始化编译环境完成"
+echo "======================================================================="
+
+##Quick install nginx
+echo "======================================================================="
+echo "安装 Nginx"
+sudo cat << EOF > /etc/yum.repos.d/nginx.repo
+[nginx-stable]
+name=nginx stable repo
+baseurl=http://nginx.org/packages/centos/7/\$basearch/
+gpgcheck=1
+enabled=1
+gpgkey=https://nginx.org/keys/nginx_signing.key
+module_hotfixes=true
+EOF
+
+sudo yum makecache fast
+sudo yum install nginx -y
+
+if [[ $? -eq 0 ]]
+then
+  sudo systemctl enable nginx
+  sudo systemctl start nginx
+  echo "======================================================================="
+  echo "nginx 安装成功！"
+  echo "======================================================================="
+else
+  echo "======================================================================="
+  echo "nginx 安装失败！"
+  echo "======================================================================="
+  exit 1
+fi
+
+##install python3
+##如果之前用此脚本安装过python3，后续就不会再次安装。
+if [[ -f "/usr/share/python-3.6.9/bin/python3" ]]
+then
+    echo "己发现Python3，将不会安装。"
+else
+    if [[ -f "Python-3.6.9.tar.xz" ]]
+    then
+        echo "将安装Python3.6.9"
+        tar xf Python-3.6.9.tar.xz
+        cd Python-3.6.9
+        sudo ./configure --prefix=/usr/share/python-3.6.9 && make && make install
+    else
+        echo "脚本目录下没有发现Python3.6.9.tar.xz，将会下载python 3.6.9"
+        sudo wget https://www.python.org/ftp/python/3.6.9/Python-3.6.9.tar.xz
+        tar xf Python-3.6.9.tar.xz
+        cd Python-3.6.9
+        sudo ./configure --prefix=/usr/share/python-3.6.9 && make && make install
+    fi
+
+    if [[ $? -eq 0 ]]
+    then
+      echo "创建python3和pip3的软件链接"
+      cd ${SHELL_FOLDER}
+      sudo ln -svf /usr/share/python-3.6.9/bin/python3 /usr/bin/python3
+      sudo ln -svf /usr/share/python-3.6.9/bin/pip3 /usr/bin/pip3
+      echo "======================================================================="
+      echo "Python3 安装成功！"
+      echo "======================================================================="
+    else
+      echo "======================================================================="
+      echo "Python3 安装失败！"
+      echo "======================================================================="
+      exit 1
+    fi
+fi
+
+
+##修改PIP源为国内
+mkdir -p ~/.pip
+cat << EOF > ~/.pip/pip.conf
+[global]
+index-url = https://pypi.tuna.tsinghua.edu.cn/simple
+[install]
+trusted-host=pypi.tuna.tsinghua.edu.cn
+EOF
+
+cd ${SHELL_FOLDER}
+echo "====升级pip================"
+/usr/bin/pip3 install --upgrade pip
+/usr/bin/pip3 install -r requestment
+
+if [[ $? -eq 0 ]]
+then
+  echo "======================================================================="
+  echo "Pip3 requestment 安装成功！"
+  echo "======================================================================="
+else
+  echo "======================================================================="
+  echo "Pip3 requestment 安装失败！"
+  echo "======================================================================="
+  exit 1
+fi
+
+##处理配置文件
+echo "======================================================================="
+echo "处理uwsgi.ini配置文件"
+sed -i "s@PWD_SELF_SERVICE_HOME@${SHELL_FOLDER}@g" ${SHELL_FOLDER}/uwsgi.ini
+sed -i "s@PWD_SELF_SERVICE_IP@${PWD_SELF_SERVICE_IP}@g" ${SHELL_FOLDER}/uwsgi.ini
+sed -i "s@PWD_SELF_SERVICE_PORT@${PWD_SELF_SERVICE_PORT}@g" ${SHELL_FOLDER}/uwsgi.ini
+echo "处理uwsgi.ini配置文件完成"
+echo
+echo "处理uwsgiserver启动脚本"
+sed -i "s@PWD_SELF_SERVICE_HOME@${SHELL_FOLDER}@g" ${SHELL_FOLDER}/uwsgiserver
+alias cp='cp'
+cp -f ${SHELL_FOLDER}/uwsgiserver /etc/init.d/uwsgiserver
+chmod +x /etc/init.d/uwsgiserver
+chkconfig uwsgiserver on
+echo "处理uwsgiserver启动脚本完成"
+echo
+
+sed -i "s@PWD_SELF_SERVICE_DOMAIN@${PWD_SELF_SERVICE_DOMAIN}@g" ${SHELL_FOLDER}/pwdselfservice/local_settings.py
+
+##Nginx vhost配置
+cat << EOF > /etc/nginx/conf.d/pwdselfservice.conf
+server {
+    listen  80;
+    server_name ${PWD_SELF_SERVICE_DOMAIN} ${PWD_SELF_SERVICE_IP};
+
+    location / {
+        proxy_pass         http://${PWD_SELF_SERVICE_IP}:${PWD_SELF_SERVICE_PORT};
+        proxy_set_header   Host              \$host;
+        proxy_set_header   X-Real-IP         \$remote_addr;
+        proxy_set_header   X-Forwarded-For   \$proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto \$scheme;
+    }
+	access_log off;
+}
+EOF
+rm -f /etc/nginx/conf.d/default.conf
+systemctl restart nginx
+
+echo
+echo "======================================================================="
+echo
+echo "密码自助服务平台的访问地址是：http://${PWD_SELF_SERVICE_DOMAIN}或http://${PWD_SELF_SERVICE_IP}"
+echo "请确保以上域名能正常解析，否则使用域名无法访问。"
+echo
+echo "Uwsgi启动：/etc/init.d/uwsgi start"
+echo "Uwsgi停止：/etc/init.d/uwsgi stop"
+echo "Uwsgi重启：/etc/init.d/uwsgi restart"
+echo
+echo
+echo "文件${SHELL_FOLDER}/pwdselfservice/local_setting.py中必要参数需要你自行修改"
+echo "此文件中有AD和钉钉的一些参数，按自己企业的修改"
+echo
+echo "======================================================================="

pwdselfservice/local_settings.py

@@ -1,30 +1,39 @@
-# AD配置
+# AD配置，修改为自己的
-AD_HOST = 'abc.com'
+# AD主机，可以是IP或主机域名，例如可以是:abc.com或172.16.122.1
-AD_LOGIN_USER = 'abc\pwdadmin'
+AD_HOST = '修改为自己的'
-AD_LOGIN_USER_PWD = 'gVykWgNNF0oBQzwmwPp8'
+
-BASE_DN = 'OU=RD,DC=abc,DC=com'
+# 用于登录AD做用户信息验证的账号， 需要有修改用户账号密码的权限。
+# 账号格式使用DOMAIN\USERNAME，例如：abc\pwdadmin
+AD_LOGIN_USER = '修改为自己的'
+
+# 密码
+AD_LOGIN_USER_PWD = '修改为自己的'
+
+# BASE DN，账号的查找DN路径，例如：'DC=abc,DC=com'，可以指定到OU之下，例如：'OU=RD,DC=abc,DC=com'。
+BASE_DN = '修改为自己的'
 
 # 钉钉配置
-# 钉钉统一接口地址，不可修改。
+# 钉钉接口地址，不可修改
 DING_URL = "https://oapi.dingtalk.com/sns"
 
-# 钉钉企业ID
+# 钉钉企业ID，修改为自己的
-DING_CORP_ID = 'ding0176902811df32'
+DING_CORP_ID = '修改为自己的'
 
-# 钉钉E应用
+# 钉钉E应用，修改为自己的
-DING_AGENT_ID = '25311eeee'
+DING_AGENT_ID = '修改为自己的'
-DING_APP_KEY = 'dingqdzmax324v'
+DING_APP_KEY = '修改为自己的'
-DING_APP_SECRET = 'rnGRJhhw5kVmzykG9mrTDxewmI4e0myPAluMlguYQOaadsf2fhgfdfsx'
+DING_APP_SECRET = '修改为自己的'
 
-# 钉钉移动应用接入
+# 钉钉移动应用接入，修改为自己的
-DING_SELF_APP_ID = 'dingoabrzugusdfdf33fgfds'
+DING_SELF_APP_ID = '修改为自己的'
-DING_SELF_APP_SECRET = 'IrH2MedSgesguFjGvFCTjXYBRZDhA5AI4ADQU5710sgLffdsadf32uhgfdsfs'
+DING_SELF_APP_SECRET = '修改为自己的'
 
-# Crypty key 通过generate_key生成，可不用修改，如果需要自行生成，请使用Crypto.generate_key自行生成，用于加密页面提交的明文密码
+# Crypty key 通过generate_key生成，可不用修改
 CRYPTO_KEY = b'dp8U9y7NAhCD3MoNwPzPBhBtTZ1uI_WWSdpNs6wUDgs='
 
-# COOKIE 超时，定义多长时间页面失效，单位秒。
+# COOKIE 超时单位是秒，可不用修改
 TMPID_COOKIE_AGE = 300
 
+
 # 主页域名，index.html中的钉钉跳转等需要指定域名。
-HOME_URL = 'https://pwd.abc.com'
+HOME_URL = 'PWD_SELF_SERVICE_DOMAIN'

pwdselfservice/settings.py

@@ -88,7 +88,7 @@ SESSION_EXPIRE_AT_BROWSER_CLOSE = True
 # Application definition
 
 INSTALLED_APPS = [
-    'django.contrib.admin',
+    # 'django.contrib.admin',
     'django.contrib.auth',
     'django.contrib.contenttypes',
     'django.contrib.sessions',
@@ -132,12 +132,12 @@ WSGI_APPLICATION = 'pwdselfservice.wsgi.application'
 # Database
 # https://docs.djangoproject.com/en/2.1/ref/settings/#databases
 
-DATABASES = {
+# DATABASES = {
-    'default': {
+#     'default': {
-        'ENGINE': 'django.db.backends.sqlite3',
+#         'ENGINE': 'django.db.backends.sqlite3',
-        'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
+#         'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
-    }
+#     }
-}
+# }
 
 
 # Password validation

pwdselfservice/urls.py

@@ -1,11 +1,8 @@
-from django.urls import path, include, re_path
+from django.urls import path
 from django.views.generic.base import RedirectView
-from django.conf import urls
 import resetpwd.views
-from django.conf.urls.static import static
 
 urlpatterns = {
-    # path('admin/', admin.site.urls)
     path("favicon.ico", RedirectView.as_view(url='static/img/favicon.ico')),
     path('', resetpwd.views.resetpwd_index, name='index'),
     path('resetcheck', resetpwd.views.resetpwd_check_userinfo, name='resetcheck'),

readme.md

@@ -1,10 +1,9 @@
-# 初学Django时碰到的一个需求，因为公司中很多员工在修改密码之后，有一些关联的客户端或网页中的旧密码没有更新，导致密码在尝试多次之后账号被锁，为了减少这种让人头疼的重置解锁密码的操蛋工作，自己做了一个自助修改小平台。
+# 初学Django时碰到的一个需求，因为公司中很多员工在修改密码之后，有一些关联的客户端或网页中的旧密码没有更新，导致密码在尝试多次之后账号被锁，为了减少这种让人头疼的重置解锁密码的操蛋工作，自己做了一个自助修改小平台。  
-
+## 水平有限，代码写得不好，但是能用，有需要的可以直接拿去用。
-## 代码写得很LOW，有需要的可以直接拿去用。
 #### 场景说明：
-因为本公司AD是早期已经在用，用户的个人信息不是十分全面，例如:用户手机号。
+因为本公司AD是早期已经在用，用户的个人信息不是十分全面，例如:用户手机号。  
-钉钉是后来才开始使用，钉钉默认是使用手机号登录。
+钉钉是后来才开始使用，钉钉默认是使用手机号登录。  
-这样就造成如果通过手机号来进行钉钉与AD之间的验证视乎行不通。
+这样就造成如果通过手机号来进行钉钉与AD之间的验证视乎行不通。  
 在这里我就使用了通过扫码后，提取钉钉账号的邮箱信息，再将邮箱在AD中进行比对来验证用户(邮箱)是否同时在企业的钉钉和企业AD中同时存在，并账号状态是激活的。
 
 此处的配置可按自己的实际情况修改。
@@ -33,40 +32,105 @@
   其中pwd.abc.com请按自己实际域名来，并记录相关的appId、appSecret。
 
 
+# 使用脚本自动快速部署
+## 我添加了一个快速自动部署脚本，可快速自动部署完成当前项目上线。
+把整个项目目录上传到新的服务器上
+```shell
+chmod +x auto-install.sh
+./auto-install.sh
+```
+等待所以安装完成即可。
+
+#### 按自己实际的配置修改项目配置参数：
+修改pwdselfservice/local_settings.py中的参数，按自己的实际参数修改
+```` python
+# AD配置
+# AD主机，可以是IP或主机域名，例如可以是:abc.com或172.16.122.1
+AD_HOST = '修改为自己的'
+
+# 用于登录AD做用户信息验证的账号， 需要有修改用户账号密码的权限。
+# 账号格式使用DOMAIN\USERNAME，例如：abc\pwdadmin
+AD_LOGIN_USER = '修改为自己的'
+
+# 密码
+AD_LOGIN_USER_PWD = '修改为自己的'
+
+# BASE DN，账号的查找DN路径，例如：'DC=abc,DC=com'，可以指定到OU之下，例如：'OU=RD,DC=abc,DC=com'。
+BASE_DN = '修改为自己的'
+
+# 钉钉配置
+# 钉钉接口地址，不可修改
+DING_URL = "https://oapi.dingtalk.com/sns"
+
+# 钉钉企业ID
+DING_CORP_ID = '修改为自己的'
+
+# 钉钉E应用
+DING_AGENT_ID = '修改为自己的'
+DING_APP_KEY = '修改为自己的'
+DING_APP_SECRET = '修改为自己的'
+
+# 钉钉移动应用接入
+DING_SELF_APP_ID = '修改为自己的'
+DING_SELF_APP_SECRET = '修改为自己的'
+
+# Crypty key 通过generate_key生成，可不用修改
+CRYPTO_KEY = b'dp8U9y7NAhCD3MoNwPzPBhBtTZ1uI_WWSdpNs6wUDgs='
+
+# COOKIE 超时单位是秒，可不用修改
+TMPID_COOKIE_AGE = 300
+
+# 主页域名，index.html中的钉钉跳转等需要指定域名，如果是脚本自动部署，以下域名会自动替换。
+HOME_URL = 'PWD_SELF_SERVICE_DOMAIN'
+
+````
+
+
+# 手动部署
+
 ## 按自己实际的配置修改项目配置参数：
 修改pwdselfservice/local_settings.py中的参数，按自己的实际参数修改
 
 ```` python
-# AD配置
+# AD配置，修改为自己的
-AD_HOST = 'abc.com'
+# AD主机，可以是IP或主机域名，例如可以是:abc.com或172.16.122.1
-AD_LOGIN_USER = 'abc\pwdadmin'
+AD_HOST = '修改为自己的'
-AD_LOGIN_USER_PWD = 'gVykWgNNF0oBQzwmwPp8'
+
-BASE_DN = 'OU=rd,DC=abc,DC=com'
+# 用于登录AD做用户信息验证的账号， 需要有修改用户账号密码的权限。
+# 账号格式使用DOMAIN\USERNAME，例如：abc\pwdadmin
+AD_LOGIN_USER = '修改为自己的'
+
+# 密码
+AD_LOGIN_USER_PWD = '修改为自己的'
+
+# BASE DN，账号的查找DN路径，例如：'DC=abc,DC=com'，可以指定到OU之下，例如：'OU=RD,DC=abc,DC=com'。
+BASE_DN = '修改为自己的'
 
 # 钉钉配置
-# 钉钉统一接口地址，不可修改
+# 钉钉接口地址，不可修改
 DING_URL = "https://oapi.dingtalk.com/sns"
 
-# 钉钉企业ID
+# 钉钉企业ID，修改为自己的
-DING_CORP_ID = 'ding01769028f06d321'
+DING_CORP_ID = '修改为自己的'
 
-# 钉钉E应用
+# 钉钉E应用，修改为自己的
-DING_AGENT_ID = '25304321'
+DING_AGENT_ID = '修改为自己的'
-DING_APP_KEY = 'dingqdzmn611l5321321'
+DING_APP_KEY = '修改为自己的'
-DING_APP_SECRET = 'rnGRJhhw5kVmzykG9mrTDxewmI4e0myP1123333221jzeKv3amQYWcInLV3x'
+DING_APP_SECRET = '修改为自己的'
 
-# 钉钉移动应用接入
+# 钉钉移动应用接入，修改为自己的
-DING_SELF_APP_ID = 'dingoabr112233xts'
+DING_SELF_APP_ID = '修改为自己的'
-DING_SELF_APP_SECRET = 'IrH2MedSgesguFjGvFCTjXYBRZD3322112233332211222'
+DING_SELF_APP_SECRET = '修改为自己的'
 
-# Crypty key 通过Crypty.generate_key生成
+# Crypty key 通过generate_key生成，可不用修改
 CRYPTO_KEY = b'dp8U9y7NAhCD3MoNwPzPBhBtTZ1uI_WWSdpNs6wUDgs='
 
-# COOKIE 超时
+# COOKIE 超时单位是秒，可不用修改
 TMPID_COOKIE_AGE = 300
 
-# 主页域名
+
-HOME_URL = 'https://pwd.abc.com'
+# 主页域名，index.html中的钉钉跳转等需要指定域名。
+HOME_URL = 'PWD_SELF_SERVICE_DOMAIN'
 
 ````
 
@@ -119,34 +183,60 @@ daemonize = /usr/local/wwwroot/log/uwsgi/uwsgi.log
 ````
 
 
-## 通过uwsgi启动：
+## 通过uwsgiserver启动：
-/usr/local/python3/bin/uwsgi -d --ini /usr/local/wwwroot/ad-password-self-service/uwsgi.ini
+其中PWD_SELF_SERVICE_HOME是你自己的服务器当前项目的目录，请自行修改
-
+将以下脚本修改完之后，复制到/etc/init.d/，给予执行权限。
-其中/xxx/xxx/ad-password-self-service/uwsgi.ini是你自己的服务器中此文件的真实地址
+uwsgiserver:
-
-启动之后也可以通过IP+端口访问了。
-
-提供2个脚本，让uwsgi在修改文件时能自动重载：
-
-uwsgi-start.sh:
 ```shell
 #!/bin/sh
-/usr/local/python3/bin/uwsgi -d --ini /usr/local/wwwroot/ad-password-self-service/uwsgi.ini --touch-reload "/usr/local/wwwroot/ad-password-self-service/reload.set"
-```
 
-uwsgi-autoreload.sh:
+INI="PWD_SELF_SERVICE_HOME/uwsgi.ini"
-````shell
+UWSGI="/usr/share/python-3.6.9/bin/uwsgi"
-#!/bin/sh
+PSID=`ps aux | grep "uwsgi"| grep -v "grep" | wc -l`
-objectdir="/usr/local/wwwroot/ad-password-self-service"
+
+if [ ! -n "$1" ]
+then
+    content="Usages: sh uwsgiserver [start|stop|restart]"
+    echo -e "\033[31m $content \033[0m"
+    exit 0
+fi
+
+if [ $1 = start ]
+then
+    if [ `eval $PSID` -gt 4 ]
+    then
+        content="uwsgi is running!"
+        echo -e "\033[32m $content \033[0m"
+        exit 0
+    else
+        $UWSGI $INI
+        content="Start uwsgi service [OK]"
+        echo -e "\033[32m $content \033[0m"
+    fi
+
+elif [ $1 = stop ];then
+    if [ `eval $PSID` -gt 4 ];then
+        killall -9 uwsgi
+    fi
+    content="Stop uwsgi service [OK]"
+    echo -e "\033[32m $content \033[0m"
+elif [ $1 = restart ];then
+    if [ `eval $PSID` -gt 4 ];then
+        killall -9 uwsgi
+    fi
+    $UWSGI --ini $INI
+    content="Restart uwsgi service [OK]"
+    echo -e "\033[32m $content \033[0m"
+
+else
+    content="Usages: sh uwsgiserver [start|stop|restart]"
+    echo -e "\033[31m $content \033[0m"
+fi
 
-/usr/bin/inotifywait -mrq --exclude "(logs|\.swp|\.swx|\.log|\.pyc|\.sqlite3)" --timefmt '%d/%m/%y %H:%M' --format '%T %wf' --event modify,delete,move,create,attrib ${objectdir} | while read files
-do
-/bin/touch /usr/local/wwwroot/ad-password-self-service/reload.set
-continue
-done & 
 ````
 
 
+
 脚本内的路径按自己实际情况修改
 
 ## Nginx配置：
@@ -164,10 +254,9 @@ server {
         proxy_set_header   Host              $host;
         proxy_set_header   X-Real-IP         $remote_addr;
         proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
-
+        proxy_set_header   X-Forwarded-Proto $scheme;
     }
-	access_log  /var/log/nginx/vhost/pwd.log access;
+	access_log  off;
-	error_log   /var/log/nginx/vhost/pwd.err error;
 }
 ````
 

requestment

@@ -1,6 +1,6 @@
 Django==2.1.8
 dingtalk-sdk>=1.2.2
-pycrypto==2.6
+pycrypto>=2.6
 cryptography
 ldap3
 requests

resetpwd/form.py

@@ -0,0 +1,34 @@
+from django.forms import fields as c_fields
+from django import forms as c_forms
+from django.core.exceptions import ValidationError
+
+
+class CheckForm(c_forms.Form):
+    new_password = c_fields.RegexField(
+        '(?=.*[0-9])(?=.*[a-zA-Z])(?=.*[^a-zA-Z0-9]).{8,30}',
+        # 密码必须同时包含大写、小写、数字和特殊字符其中三项且至少8位
+        strip=True,
+        min_length=8,
+        max_length=30,
+        error_messages={'required': '新密码不能为空.',
+                        'invalid': '密码必须包含数字，字母、特殊字符',
+                        'min_length': "密码长度不能小于8个字符",
+                        'max_length': "密码长度不能大于30个字符"}
+    )
+    old_password = c_fields.CharField(error_messages={'required': '确认密码不能为空'})
+    ensure_password = c_fields.CharField(error_messages={'required': '确认密码不能为空'})
+    user_email = c_fields.CharField(error_messages={'required': '邮箱不能为空', 'invalid': '邮箱格式错误'})
+
+    def clean(self):
+        pwd0 = self.cleaned_data.get('old_password')
+        pwd1 = self.cleaned_data.get('new_password')
+        pwd2 = self.cleaned_data.get('ensure_password')
+        if pwd1 == pwd2:
+            pass
+        elif pwd0 == pwd1:
+            # 这里异常模块导入要放在函数里面，放到文件开头有时会报错，找不到
+            from django.core.exceptions import ValidationError
+            raise ValidationError('新旧密码不能一样')
+        else:
+            from django.core.exceptions import ValidationError
+            raise ValidationError('新密码和确认密码输入不一致')

resetpwd/tests.py

@@ -1,3 +0,0 @@
-from django.test import TestCase
-
-# Create your tests here.

resetpwd/utils/ad.py

@@ -3,6 +3,10 @@ from pwdselfservice.local_settings import *
 
 
 def __ad_connect():
+    """
+    AD连接器
+    :return:
+    """
     username = str(AD_LOGIN_USER).lower()
     server = Server(host=AD_HOST, use_ssl=True, port=636, get_info='ALL')
     try:
@@ -22,7 +26,9 @@ def ad_ensure_user_by_sam(username):
     base_dn = BASE_DN
     condition = '(&(objectclass=person)(mail=' + username + '))'
     attributes = ['sAMAccountName']
-    return conn.search(base_dn, condition, attributes=attributes)
+    result = conn.search(base_dn, condition, attributes=attributes)
+    conn.unbind()
+    return result
 
 
 def ad_ensure_user_by_mail(user_mail_addr):
@@ -35,10 +41,17 @@ def ad_ensure_user_by_mail(user_mail_addr):
     base_dn = BASE_DN
     condition = '(&(objectclass=person)(mail=' + user_mail_addr + '))'
     attributes = ['mail']
-    return conn.search(base_dn, condition, attributes=attributes)
+    result = conn.search(base_dn, condition, attributes=attributes)
+    conn.unbind()
+    return result
 
 
 def ad_get_user_displayname_by_mail(user_mail_addr):
+    """
+    通过mail查询某个用户的显示名
+    :param user_mail_addr:
+    :return: user_displayname
+    """
     conn = __ad_connect()
     conn.search(BASE_DN, '(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=[
         'displayName'])
@@ -48,22 +61,39 @@ def ad_get_user_displayname_by_mail(user_mail_addr):
 
 
 def ad_get_user_dn_by_mail(user_mail_addr):
+    """
+    通过mail查询某个用户的完整DN
+    :param user_mail_addr:
+    :return: DN
+    """
     conn = __ad_connect()
     conn.search(BASE_DN,
                 '(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=['distinguishedName'])
     user_dn = conn.entries[0]['distinguishedName']
+    conn.unbind()
     return user_dn
 
 
 def ad_get_user_status_by_mail(user_mail_addr):
+    """
+    通过mail查询某个用户的账号状态
+    :param user_mail_addr:
+    :return: user_account_control code
+    """
     conn = __ad_connect()
     conn.search(BASE_DN,
                 '(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=['userAccountControl'])
     user_account_control = conn.entries[0]['userAccountControl']
+    conn.unbind()
     return user_account_control
 
 
 def ad_unlock_user_by_mail(user_mail_addr):
+    """
+    通过mail解锁某个用户
+    :param user_mail_addr:
+    :return:
+    """
     conn = __ad_connect()
     user_dn = ad_get_user_dn_by_mail(user_mail_addr)
     result = conn.extend.microsoft.unlock_account(user="%s" % user_dn)
@@ -72,6 +102,11 @@ def ad_unlock_user_by_mail(user_mail_addr):
 
 
 def ad_reset_user_pwd_by_mail(user_mail_addr, new_password):
+    """
+    通过mail重置某个用户的密码
+    :param user_mail_addr:
+    :return:
+    """
     conn = __ad_connect()
     user_dn = ad_get_user_dn_by_mail(user_mail_addr)
     result = conn.extend.microsoft.modify_password(user="%s" % user_dn, new_password="%s" % new_password)
@@ -80,6 +115,11 @@ def ad_reset_user_pwd_by_mail(user_mail_addr, new_password):
 
 
 def ad_modify_user_pwd_by_mail(user_mail_addr, old_password, new_password):
+    """
+    通过mail修改某个用户的密码
+    :param user_mail_addr:
+    :return:
+    """
     conn = __ad_connect()
     user_dn = ad_get_user_dn_by_mail(user_mail_addr)
     result = conn.extend.microsoft.modify_password(user="%s" % user_dn, new_password="%s" % new_password,
@@ -89,10 +129,15 @@ def ad_modify_user_pwd_by_mail(user_mail_addr, old_password, new_password):
 
 
 def ad_get_user_locked_status_by_mail(user_mail_addr):
+    """
+    通过mail获取某个用户账号是否被锁定
+    :param user_mail_addr:
+    :return: 如果结果是1601-01-01说明账号未锁定，返回0
+    """
     conn = __ad_connect()
     conn.search(BASE_DN, '(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=['lockoutTime'])
     locked_status = conn.entries[0]['lockoutTime']
-    print(locked_status)
+    conn.unbind()
     if '1601-01-01' in str(locked_status):
         return 0
     else:

resetpwd/utils/dingding.py

@@ -4,6 +4,10 @@ from pwdselfservice.local_settings import *
 
 
 def ding_get_access_token():
+    """
+    获取钉钉access token
+    :return:
+    """
     resp = requests.get(
         url=DING_URL + "/gettoken",
         params=dict(appid=DING_SELF_APP_ID, appsecret=DING_SELF_APP_SECRET)
@@ -16,6 +20,10 @@ def ding_get_access_token():
 
 
 def ding_get_persistent_code(code, token):
+    """
+    获取钉钉当前用户的unionid
+    :return:
+    """
     resp = requests.post(
         url="%s/get_persistent_code?access_token=%s" % (DING_URL, token),
         json=dict(tmp_auth_code=code),
@@ -28,11 +36,20 @@ def ding_get_persistent_code(code, token):
 
 
 def ding_client_connect():
+    """
+    钉钉连接器
+    :return:
+    """
     client = AppKeyClient(corp_id=DING_CORP_ID, app_key=DING_APP_KEY, app_secret=DING_APP_SECRET)
     return client
 
 
 def ding_get_dept_user_list_detail(dept_id, offset, size):
+    """
+    获取部门中的用户列表详细清单
+    :param code:
+    :return:
+    """
     client = ding_client_connect()
     result = client.user.list(department_id=dept_id, offset=offset, size=size)
     return result

resetpwd/utils/pwdcheck.py

@@ -4,12 +4,12 @@ from django.contrib import messages
 from dingtalk import *
 from resetpwd.models import *
 from .crypto import Crypto
-from .ad import ad_get_user_locked_status_by_mail, ad_unlock_user_by_mail, ad_reset_user_pwd_by_mail, \
+from resetpwd.utils.ad import ad_get_user_locked_status_by_mail, ad_unlock_user_by_mail, ad_reset_user_pwd_by_mail, \
     ad_get_user_status_by_mail, ad_ensure_user_by_mail, ad_modify_user_pwd_by_mail
 from .dingding import ding_get_userinfo_detail, ding_get_userid_by_unionid, ding_get_userinfo_by_code, \
     ding_get_persistent_code, ding_get_access_token
 from pwdselfservice.local_settings import *
-from .form import *
+from resetpwd.form import *
 
 
 class CustomPasswortValidator(object):

resetpwd/views.py

@@ -6,17 +6,20 @@ from resetpwd.utils.ad import ad_get_user_locked_status_by_mail, ad_unlock_user_
 from resetpwd.utils.dingding import ding_get_userinfo_detail, ding_get_userid_by_unionid, \
     ding_get_persistent_code, ding_get_access_token
 from pwdselfservice.local_settings import *
-from resetpwd.utils.form import CheckForm
+from .form import CheckForm
 import logging
 
-
 msg_template = 'msg.html'
-home_url = HOME_URL
 logger = logging.getLogger('django')
 
 
 def resetpwd_index(request):
-    home_url = HOME_URL
+    """
+    用户修改密码
+    :param request:
+    :return:
+    """
+    home_url = '%s://%s' % (request.scheme, HOME_URL)
     app_id = DING_SELF_APP_ID
     if request.method == 'GET':
         return render(request, 'index.html', locals())
@@ -24,8 +27,8 @@ def resetpwd_index(request):
         logger.error('[异常]  请求方法：%s，请求路径：%s' % (request.method, request.path))
 
     if request.method == 'POST':
+        # 对前端提交的数据进行二次验证，防止恶意提交简单密码或串改账号。
         check_form = CheckForm(request.POST)
-        # 对前端提交的用户名、密码进行二次验证，防止有人恶意修改前端JS提交简单密码或提交非法用户
         if check_form.is_valid():
             form_obj = check_form.cleaned_data
             user_email = form_obj.get("user_email")
@@ -41,55 +44,81 @@ def resetpwd_index(request):
             }
             return render(request, msg_template, context)
 
-        try:
+        if user_email and old_password and new_password:
-            # 判断账号是否被锁定
+            try:
-            if ad_get_user_locked_status_by_mail(user_mail_addr=user_email) is not 0:
+                # 判断账号是否被锁定
-                context = {
+                if ad_get_user_locked_status_by_mail(user_mail_addr=user_email) is not 0:
-                    'msg': "此账号己被锁定，请先解锁账号。",
+                    context = {
-                    'button_click': "window.history.back()",
+                        'msg': "此账号己被锁定，请先解锁账号。",
-                    'button_display': "返回"
+                        'button_click': "window.history.back()",
-                }
+                        'button_display': "返回"
-                return render(request, msg_template, context)
+                    }
+                    return render(request, msg_template, context)
 
-            # 判断账号状态是否禁用或锁定
+                # 514 66050是AD中账号被禁用的特定代码，这个可以在微软官网查到。
-            if ad_get_user_status_by_mail(user_mail_addr=user_email) == 514 or ad_get_user_status_by_mail(
+                if ad_get_user_status_by_mail(user_mail_addr=user_email) == 514 or ad_get_user_status_by_mail(
-                    user_mail_addr=user_email) == 66050:
+                        user_mail_addr=user_email) == 66050:
+                    context = {
+                        'msg': "此账号状态为己禁用，请联系HR确认账号是否正确。",
+                        'button_click': "window.location.href='%s'" % home_url,
+                        'button_display': "返回主页"
+                    }
+                    return render(request, msg_template, context)
+
+                try:
+                    result = ad_modify_user_pwd_by_mail(user_mail_addr=user_email, old_password=old_password,
+                                                        new_password=new_password)
+                    if result:
+                        context = {
+                            'msg': "密码己修改成功，请妥善保管密码。你可直接关闭此页面！",
+                            'button_click': "window.location.href='%s'" % home_url,
+                            'button_display': "返回主页"
+                        }
+                        return render(request, msg_template, context)
+
+                    else:
+                        context = {
+                            'msg': "密码未修改成功，请确认旧密码是否正确。",
+                            'button_click': "window.history.back()",
+                            'button_display': "返回"
+                        }
+                        return render(request, msg_template, context)
+
+                except IndexError:
+                    context = {
+                        'msg': "请确认邮箱账号[%s]是否正确？未能在Active Directory中检索到相关信息。" % user_email,
+                        'button_click': "window.location.href='%s'" % home_url,
+                        'button_display': "返回主页"
+                    }
+                    return render(request, msg_template, context)
+
+                except Exception as e:
+                    context = {
+                        'msg': "出现未预期的错误[%s]，请与管理员联系~" % str(e),
+                        'button_click': "window.location.href='%s'" % home_url,
+                        'button_display': "返回主页"
+                    }
+                    return render(request, msg_template, context)
+
+            except IndexError:
                 context = {
-                    'msg': "此账号状态为己禁用，请联系HR确认账号是否正确。",
+                    'msg': "请确认邮箱账号[%s]是否正确？未能在Active Directory中检索到相关信息。" % user_email,
                     'button_click': "window.location.href='%s'" % home_url,
                     'button_display': "返回主页"
                 }
                 return render(request, msg_template, context)
 
-        except IndexError:
+            except Exception as e:
-            context = {
+                context = {
-                'msg': "请确认邮箱账号[%s]是否正确？未能在Active Directory中检索到相关信息。" % user_email,
+                    'msg': "出现未预期的错误[%s]，请与管理员联系~" % str(e),
-                'button_click': "window.location.href='%s'" % home_url,
+                    'button_click': "window.history.back()",
-                'button_display': "返回主页"
+                    'button_display': "返回"
-            }
+                }
-            return render(request, msg_template, context)
+                return render(request, msg_template, context)
-        except Exception as e:
-            context = {
-                'msg': "出现未预期的错误[%s]，请与管理员联系~" % str(e),
-                'button_click': "window.history.back()",
-                'button_display': "返回"
-            }
-            return render(request, msg_template, context)
-
-        # 修改密码
-        result = ad_modify_user_pwd_by_mail(user_mail_addr=user_email, old_password=old_password,
-                                            new_password=new_password)
-        if result is True:
-            context = {
-                'msg': "密码己修改成功，请妥善保管密码。你可直接关闭此页面！",
-                'button_click': "window.location.href='%s'" % home_url,
-                'button_display': "返回主页"
-            }
-            return render(request, msg_template, context)
 
         else:
             context = {
-                'msg': "密码未修改成功，请确认旧密码是否正确。",
+                'msg': "用户名、旧密码、新密码参数不正确，请重新确认后输入。",
                 'button_click': "window.history.back()",
                 'button_display': "返回"
             }
@@ -105,6 +134,13 @@ def resetpwd_index(request):
 
 
 def resetpwd_check_userinfo(request):
+    """
+    钉钉扫码回调数据对用户在AD中进行验证
+    扫码之后从钉钉中取出用户的unionid
+    :param request:
+    :return:
+    """
+    home_url = '%s://%s' % (request.scheme, HOME_URL)
     code = request.GET.get('code')
     if code:
         logger.info('[成功]  请求方法：%s，请求路径：%s，CODE：%s' % (request.method, request.path, code))
@@ -112,7 +148,7 @@ def resetpwd_check_userinfo(request):
         logger.error('[异常]  请求方法：%s，请求路径：%s，未能拿到CODE。' % (request.method, request.path))
     try:
         unionid = ding_get_persistent_code(code, ding_get_access_token())
-        # unionid 在钉钉企业中是否存在
+        # 判断 unionid 在本企业钉钉中是否存在
         if not unionid:
             logger.error('[异常]  请求方法：%s，请求路径：%s，未能拿到unionid。' % (request.method, request.path))
             context = {
@@ -127,8 +163,9 @@ def resetpwd_check_userinfo(request):
             # 钉钉中此账号是否可用
             if ding_user_info['active']:
                 crypto = Crypto(CRYPTO_KEY)
+                # 对unionid进行加密，因为unionid基本上固定不变的，为了防止unionid泄露而导致重复使用，进行加密后再传回。
                 unionid_cryto = crypto.encrypt(unionid)
-                # 配置cookie，并重定向到重置密码页面。
+                # 配置cookie，通过cookie把加密后的用户unionid传到重置密码页面，并重定向到重置密码页面。
                 set_cookie = HttpResponseRedirect('resetpwd')
                 set_cookie.set_cookie('tmpid', unionid_cryto, expires=TMPID_COOKIE_AGE)
                 return set_cookie
@@ -144,7 +181,7 @@ def resetpwd_check_userinfo(request):
                 'msg': "用户不存在或己离职",
                 'button_click': "window.location.href='%s'" % home_url,
                 'button_display': "返回主页"
-                }
+            }
             return render(request, msg_template, context)
         except Exception as e:
             logger.error('[异常] ：%s' % str(e))
@@ -169,7 +206,14 @@ def resetpwd_check_userinfo(request):
 
 
 def resetpwd_reset(request):
+    """
+    钉钉扫码并验证信息之后，在重置密码页面将用户邮箱进行绑定
+    :param request:
+    :return:
+    """
     global unionid_crypto
+    home_url = '%s://%s' % (request.scheme, HOME_URL)
+    # 从cookie中提取unionid，并解密，然后对当前unionid的用户进行重置密码
     if request.method == 'GET':
         try:
             unionid_crypto = request.COOKIES.get('tmpid')
@@ -183,14 +227,18 @@ def resetpwd_reset(request):
                 'button_display': "返回主页"
             }
             return render(request, msg_template, context)
+        # 解密
         crypto = Crypto(CRYPTO_KEY)
         unionid = crypto.decrypt(unionid_crypto)
+        # 通过unionid在钉钉中拿到用户的邮箱
         user_email = ding_get_userinfo_detail(ding_get_userid_by_unionid(unionid))['email']
+        # 如果邮箱在钉钉中能提取，则提交到前端绑定
         if user_email:
             context = {
                 'user_email': user_email,
             }
             return render(request, 'resetpwd.html', context)
+        # 否则就是钉钉中此用户未配置邮箱，返回相关提示
         else:
             context = {
                 'msg': "%s 您好，企业钉钉中未能找到您账号的邮箱配置，请联系HR完善信息。" % ding_get_userinfo_detail(ding_get_userid_by_unionid(
@@ -200,9 +248,11 @@ def resetpwd_reset(request):
             }
             return render(request, msg_template, context)
 
+    # 重置密码页面，输入新密码后点击提交
     elif request.method == 'POST':
         new_password = request.POST.get('new_password').strip()
         unionid_crypto = request.COOKIES.get('tmpid')
+        # 对cookie中的unionid进行超时验证，如果页面超时就不再做处理。
         if not unionid_crypto:
             context = {
                 'msg': "会话己超时，请重新扫码验证用户信息。",
@@ -271,6 +321,12 @@ def resetpwd_reset(request):
 
 
 def resetpwd_unlock(request):
+    """
+    解锁账号
+    :param request:
+    :return:
+    """
+    home_url = '%s://%s' % (request.scheme, HOME_URL)
     if request.method == 'GET':
         unionid_crypto = request.COOKIES.get('tmpid')
         if not unionid_crypto:
@@ -308,37 +364,37 @@ def resetpwd_unlock(request):
                 'button_display': "返回主页"
             }
             return render(request, msg_template, context)
-
+        else:
-        try:
+            try:
-            result = ad_unlock_user_by_mail(user_email)
+                result = ad_unlock_user_by_mail(user_email)
-            if result:
+                if result:
+                    context = {
+                        'msg': "账号己解锁成功。你可以点击返回主页或直接关闭此页面！",
+                        'button_click': "window.location.href='%s'" % home_url,
+                        'button_display': "返回主页"
+                    }
+                    return render(request, msg_template, context)
+                else:
+                    context = {
+                        'msg': "账号未能解锁，请联系管理员确认该账号在AD的是否己禁用。",
+                        'button_click': "window.location.href='%s'" % home_url,
+                        'button_display': "返回主页"
+                    }
+                    return render(request, msg_template, context)
+            except IndexError:
                 context = {
-                    'msg': "账号己解锁成功。你可以点击返回主页或直接关闭此页面！",
+                    'msg': "请确认邮箱账号[%s]是否正确？未能在AD中检索到相关信息。" % user_email,
                     'button_click': "window.location.href='%s'" % home_url,
                     'button_display': "返回主页"
                 }
                 return render(request, msg_template, context)
-            else:
+            except Exception as e:
                 context = {
-                    'msg': "账号未能解锁，请联系管理员确认该账号在AD的是否己禁用。",
+                    'msg': "出现未预期的错误[%s]，请与管理员联系~" % str(e),
                     'button_click': "window.location.href='%s'" % home_url,
                     'button_display': "返回主页"
                 }
                 return render(request, msg_template, context)
-        except IndexError:
-            context = {
-                'msg': "请确认邮箱账号[%s]是否正确？未能在AD中检索到相关信息。" % user_email,
-                'button_click': "window.location.href='%s'" % home_url,
-                'button_display': "返回主页"
-            }
-            return render(request, msg_template, context)
-        except Exception as e:
-            context = {
-                'msg': "出现未预期的错误[%s]，请与管理员联系~" % str(e),
-                'button_click': "window.location.href='%s'" % home_url,
-                'button_display': "返回主页"
-            }
-            return render(request, msg_template, context)
     else:
         context = {
             'msg': "请从主页开始进行操作。",

static/css/login_v2.css

@@ -0,0 +1,119 @@
+a, body, button, dd, div, dl, dt, h1, h2, h3, h4, h5, h6, input, li, ol, p, td, textarea, ul { margin: 0; padding: 0; }
+body, button, input, select, textarea { font: 9pt/1.5 tahoma,arial,Hiragino Sans GB,\5b8b\4f53,sans-serif; }
+button, h1, h2, h3, h4, h5, h6, input, select, textarea { font-size: 100%; }
+ /*background-image: linear-gradient(160deg, #2f548e 20%,#043559 80%);*/
+html{height: 100%; background-image: linear-gradient(160deg, #2f548e 20%,#043559 80%);}
+ol, ul { list-style: none;}
+a { color: #666; text-decoration: none; }
+a:hover { color: #043559; text-decoration: underline; }
+body {  font-size: 9pt; height: 100%;
+    font-family: 'microsoft yahei', sans-serif; min-width: 750pt; margin: 0; overflow: hidden}
+img { border: 0; vertical-align: top; }
+textarea { resize: none; }
+a, button, input, select, textarea { outline: 0; }
+a, button { cursor: pointer; }
+button { border: none; }
+.errorlist {font-size: 16px; color: #333333}
+.pagewrap {height: 100% }
+.main { position: relative; margin-top:0; width: 100%; height: 100%}
+.header {height: 100px;margin-bottom: 5%;margin-left: 50px; background: url(/static/img/rgec.png) left center no-repeat; }
+.header h1 a { display: block; }
+.content { overflow: hidden; margin-left: 10% }
+.content .con_left { float: left; height: 450px; width: 50%; margin-top: 65px}
+/*.content .con_left .box {position: absolute; width: 400px; height:400px; left: 50%; right: 50%; margin-left: -100px; margin-right: -100px;}*/
+.content .con_left p { padding: 0 0 3px; width: 10pc; color: #040000; font-size: 1pc; font-family: 'microsoft yahei', sans-serif; }
+.content .con_left a { padding: 0 0 0 2pc; color: #2f548e; text-decoration: underline; font-size: 1pc; font-family: 'microsoft yahei', sans-serif; }
+.content .con_right { float: left; margin: 65px 0 0; width: 28pc; height: 450px; border: 1px solid #dedede; background: #fff; }
+.content .con_right .con_r_top { padding: 0 0 0 39px; width: 409px; height: 110px; border-top: 8px solid #2e558e; }
+.content .con_right .con_r_top .left, .content .con_right .con_r_top .right { float: left; padding: 35px 0 0; width: 186px; height: 35px; text-align: center; text-decoration: none; font-size: 18px; font-family: "微软雅黑"; }
+.content .con_right .con_r_top .left { border-bottom: 2px solid #dedede; color: #999; }
+.content .con_right ul .con_r_left .erweima { text-align: center; }
+.content .con_right ul .con_r_left p {color: #2f548e; font-size: 25px; font-family: 'microsoft yahei', sans-serif; }
+.content .con_right ul .con_r_left .user input { margin: 0 0 1px -1px; padding-left: 7px; width: 324px; height: 33px; border: 1px solid #dedede; color: #999; font-size: 14px; font-family: "微软雅黑"; line-height: 2pc; }
+.content .con_right ul .con_r_left .user { padding: 0 0 0 39px; }
+.content .con_right ul .con_r_left .user ul{font-size: 16px; color: #333333}
+.content .con_right ul .con_r_left .user li{font-size: 16px; color: #333333}
+.content .con_right ul .con_r_left .user .user-icon { float: left; width: 36px; height: 35px; background: url(../img/user-icon.jpg) left top no-repeat; }
+.content .con_right ul .con_r_left .user .mima-icon { float: left; width: 36px; height: 35px; background: url(../img/mima-icon.jpg) left top no-repeat; }
+.content .con_right ul .con_r_left .user .unlock-icon { float: left; width: 36px; height: 35px; background: url(../img/unlock.jpg) left top no-repeat; }
+.content .con_right ul .con_r_left p { overflow: hidden; padding: 0 39px 37px; color: #666; font-size: 13px; font-family: 'microsoft yahei', sans-serif;  }
+.content .con_right ul .con_r_left p .mima { float: left; padding-left: 5px; text-decoration: none; }
+.content .con_right ul .con_r_left p .zhuce { float: right; text-decoration: none; }
+.content .con_right ul .con_r_left button { margin: 0 0 0 75pt; width: 250px; height: 44px; background: #2e558e; color: #fff; font-size: 1pc; font-family: 'microsoft yahei', sans-serif; }
+.content .con_right .con_r_top .right { border-bottom: 2px solid #2e558e; color: #333; }
+.content .con_right ul .con_r_right .user input { margin: 0 0 1px -1px; padding-left: 7px; width: 324px; height: 33px; border: 1px solid #dedede; color: #999; font-size: 14px; font-family: "微软雅黑"; line-height: 2pc; }
+.content .con_right ul .con_r_right .user { padding: 0 0 0 39px; }
+.content .con_right ul .con_r_right .user ul{font-size: 16px; color: #333333}
+.content .con_right ul .con_r_right .user li{font-size: 16px; color: #333333}
+.content .con_right ul .con_r_right .user .user-icon { float: left; width: 36px; height: 35px; background: url(../img/user-icon.jpg) left top no-repeat; }
+.content .con_right ul .con_r_right .user .mima-icon { float: left; width: 36px; height: 35px; background: url(../img/mima-icon.jpg) left top no-repeat; }
+.content .con_right ul .con_r_right .user .unlock-icon { float: left; width: 36px; height: 35px; background: url(../img/unlock.jpg) left top no-repeat; }
+.content .con_right ul .con_r_right p { overflow: hidden; padding: 0 39px 37px; color: #666; font-size: 13px; font-family: 'microsoft yahei', sans-serif; }
+.content .con_right ul .con_r_right p .mima { float: left; padding-left: 5px; text-decoration: none; }
+.content .con_right ul .con_r_right p .zhuce { float: right; text-decoration: none; }
+.content .con_right ul .con_r_right button { margin: 0 0 0 75pt; width: 250px; height: 44px; background: #2e558e; color: #fff; font-size: 1pc; font-family: 'microsoft yahei', sans-serif;  }
+.content .con_right ul .con_r_left { display: none; }
+.con_right ul .con_r_left .erweima { position: relative; margin: 0 auto; width: 365px; height: 330px; }
+.qrcode { position: absolute; top: 0; left: 0; width: 174px; height: 11pc; }
+.divimg { position: absolute; top: 50%; left: 50%; z-index: 100; overflow: hidden; margin-top: -15px; margin-left: -30px; padding: 1px; width: 60px; height: 30px; border: 1px solid #eee; border-radius: .5rem; background: #fff; opacity: .9; filter: alpha(opacity=90); -moz-opacity: .9; }
+.content .con_right ul .con_r_right .user .yanzheng { width: 150px; margin: 0 5px 10px 1px; padding-left: 5px; }
+.content .con_right ul .con_r_right .user .next { font-size: 12px; width: 40px; height: 33px; float: right; margin-right: 40px; }
+.content .con_right .con_r_top { *height: 90px; }
+
+.autoWidth{margin:0 auto;min-width:1000px;max-width:1200px}
+.auto{margin:0 auto;min-width:1000px;max-width:1200px}
+@media screen and (max-width:1233px){.auto{padding-left:10px}
+}
+.clearfix:after,.clearfix:before{display:table;line-height:0;content:""}
+.clearfix:after{clear:both}
+.clear-float{clear:both}
+
+.footer{background-color:#009fd9;font-family: 'microsoft yahei', sans-serif; }
+.footer-floor1{width:100%;padding:36px 0 60px}
+.footer-list{width:69%;height:100%;float:left}
+.footer-list ul{float:left;margin-right:13%}
+.footer-list .flist-4{margin-right:0}
+.footer-list li{line-height:32px}
+.footer-list li a{color:#b6e2f2;font-size:12px;text-decoration:none}
+.footer-list li a:hover{text-decoration:underline;color:#fff}
+.footer-list .flist-title{font-size:16px;color:#fff;margin-bottom:15px}
+.footer-floor2{width:100%;border-top:1px solid #4cc3ed;padding:20px 0;text-align:center}
+.footer-floor2 p{text-align:center;color:#b6e2f2;font-size:12px;line-height:30px}
+.footer-floor2 p span{font-family:PingFangSC-Light,'helvetica neue','hiragino sans gb',tahoma,'microsoft yahei ui','microsoft yahei',sans-serif}
+.footer-floor2 a{color:#b6e2f2}
+.footer-floor2 a:hover{color:#a8d0e0;text-decoration:underline}
+.foot-link{margin:0 15px;text-decoration:none;color:#b6e2f2}
+.foot-link:hover{text-decoration:underline}
+.footer-right{width:300px;float:right}
+.telephone{width:100%;height:32px;line-height:32px;color:#fff}
+.telephone .tel-number{font-size:30px;font-weight:400;text-align:right}
+.official-plat{width:100%;height:100%;margin-top:20px;position:relative}
+.official-plat ul{float:right;margin-top:7px}
+.official-plat ul li{height:45px}
+.official-plat ul a{display:inline-block;height:32px;width:100%;line-height:32px;color:#fff;text-decoration:none;font-size:12px}
+.official-plat>p{display:inline-block;width:132px;height:132px;border:1px solid #ddd;background-color:#fff}
+#wx-corner{border:10px solid transparent;border-left:10px solid #fff;position:absolute;top:12px;right:-20px;z-index:10}
+#wb-corner{border:10px solid transparent;border-left:10px solid #fff;position:absolute;top:58px;right:-20px;z-index:10}
+.five-superiority{width:100%;border-bottom:1px solid #27aede;padding:10px 0 20px}
+.five-superiority-list li{float:left;width:20%;height:36px;text-align:center;border-left:1px solid #27aede}
+.five-superiority-list li:first-child{border-left:none}
+.five-superiority-list li a{display:inline-block;position:relative;width:100%;height:36px;line-height:36px;background:no-repeat 2% center;text-indent:2em;color:#fff;font-size:16px}
+.five-superiority-list li a:hover{color:#bfe7f5}
+.five-superiority-list li a.superiority-text{text-indent:4em}
+.compensate_ico .superiority-icon{background-position:0 0}
+.compensate_ico:hover .superiority-icon{background-position:0 -50px}
+.retreat_ico .superiority-icon{background-position:0 -100px}
+.retreat_ico:hover .superiority-icon{background-position:0 -150px}
+.technology_ico .superiority-icon{background-position:0 -200px}
+.technology_ico:hover .superiority-icon{background-position:0 -250px}
+.prepare_ico .superiority-icon{background-position:0 -300px}
+.prepare_ico:hover .superiority-icon{background-position:0 -350px}
+.service_ico .superiority-icon{background-position:0 -400px}
+.service_ico:hover .superiority-icon{background-position:0 -450px}
+.marquee-box{overflow:hidden;width:100%;position:absolute;left:0;top:0}
+.marquee{width:8000%;height:60px}
+.wave-list-box{float:left}
+.wave-list-box ul{float:left;height:60px;overflow:hidden;zoom:1}
+.wave-list-box ul li{height:60px;width:100%;float:left;line-height:30px;list-style:none}
+.wave-box{position:relative;height:60px;background:#fff}
+

static/css/style_v2.css

@@ -0,0 +1,66 @@
+*{margin:0;padding:0;box-sizing:border-box;list-style:none}
+html{height: 100%; width:100%}
+body{font-family:"Microsoft Yahei";min-width:1000px}
+a{outline:0;text-decoration:none}
+strong{font-weight:400}
+.strong{font-weight:700}
+::selection{background:#1EACDF;color:#fff}
+img{border:0}
+::-moz-selection{background:#1EACDF;color:#fff}
+::-webkit-selection{background:#1EACDF;color:#fff}
+.autoWidth{margin:0 auto;min-width:1000px;max-width:1200px}
+.auto{margin:0 auto;min-width:1000px;max-width:1200px}
+@media screen and (max-width:1233px){.auto{padding-left:10px}
+}
+.clearfix:after,.clearfix:before{display:table;line-height:0;content:""}
+.clearfix:after{clear:both}
+.clear-float{clear:both}
+
+
+
+.footer{background-color:#009fd9;font-family:"Microsoft Yahei"}
+.footer-floor1{width:100%;padding:36px 0 60px}
+.footer-list{width:69%;height:100%;float:left}
+.footer-list ul{float:left;margin-right:13%}
+.footer-list .flist-4{margin-right:0}
+.footer-list li{line-height:32px}
+.footer-list li a{color:#b6e2f2;font-size:12px;text-decoration:none}
+.footer-list li a:hover{text-decoration:underline;color:#fff}
+.footer-list .flist-title{font-size:16px;color:#fff;margin-bottom:15px}
+.footer-floor2{width:100%;border-top:1px solid #4cc3ed;padding:20px 0;text-align:center}
+.footer-floor2 p{text-align:center;color:#b6e2f2;font-size:12px;line-height:30px}
+.footer-floor2 p span{font-family:PingFangSC-Light,'helvetica neue','hiragino sans gb',tahoma,'microsoft yahei ui','microsoft yahei',simsun,sans-serif}
+.footer-floor2 a{color:#b6e2f2}
+.footer-floor2 a:hover{color:#a8d0e0;text-decoration:underline}
+.foot-link{margin:0 15px;text-decoration:none;color:#b6e2f2}
+.foot-link:hover{text-decoration:underline}
+.footer-right{width:300px;float:right}
+.official-plat{width:100%;height:100%;margin-top:20px;position:relative}
+.official-plat ul{float:right;margin-top:7px}
+.official-plat ul li{height:45px}
+.official-plat ul a{display:inline-block;height:32px;width:100%;line-height:32px;color:#fff;text-decoration:none;font-size:12px}
+.official-plat>p{display:inline-block;width:132px;height:132px;border:1px solid #ddd;background-color:#fff}
+#wx-corner{border:10px solid transparent;border-left:10px solid #fff;position:absolute;top:12px;right:-20px;z-index:10}
+#wb-corner{border:10px solid transparent;border-left:10px solid #fff;position:absolute;top:58px;right:-20px;z-index:10}
+.five-superiority{width:100%;border-bottom:1px solid #27aede;padding:10px 0 20px}
+.five-superiority-list li{float:left;width:20%;height:36px;text-align:center;border-left:1px solid #27aede}
+.five-superiority-list li:first-child{border-left:none}
+.five-superiority-list li a{display:inline-block;position:relative;width:100%;height:36px;line-height:36px;background:no-repeat 2% center;text-indent:2em;color:#fff;font-size:16px}
+.five-superiority-list li a:hover{color:#bfe7f5}
+.five-superiority-list li a.superiority-text{text-indent:4em}
+.compensate_ico .superiority-icon{background-position:0 0}
+.compensate_ico:hover .superiority-icon{background-position:0 -50px}
+.retreat_ico .superiority-icon{background-position:0 -100px}
+.retreat_ico:hover .superiority-icon{background-position:0 -150px}
+.technology_ico .superiority-icon{background-position:0 -200px}
+.technology_ico:hover .superiority-icon{background-position:0 -250px}
+.prepare_ico .superiority-icon{background-position:0 -300px}
+.prepare_ico:hover .superiority-icon{background-position:0 -350px}
+.service_ico .superiority-icon{background-position:0 -400px}
+.service_ico:hover .superiority-icon{background-position:0 -450px}
+.marquee-box{overflow:hidden;width:100%;position:absolute;left:0;top:0}
+.marquee{width:8000%;height:60px}
+.wave-list-box{float:left}
+.wave-list-box ul{float:left;height:60px;overflow:hidden;zoom:1}
+.wave-list-box ul li{height:60px;width:100%;float:left;line-height:30px;list-style:none}
+.wave-box{position:relative;height:60px;background:#fff}

templates/index.html

@@ -63,7 +63,6 @@
                                     var home_url = "{{ home_url }}";
                                     // 钉钉移动应用接入ID
                                     var appid = "{{ app_id }}";
-                                    // 钉钉回调域名
                                     var url = encodeURIComponent(home_url + '/resetcheck');
                                     var goto = encodeURIComponent('https://oapi.dingtalk.com/connect/oauth2/sns_authorize?appid=' + appid + '&response_type=code&scope=snsapi_login&state=STATE&redirect_uri=' + url);
                                     var obj = DDLogin({
@@ -105,8 +104,7 @@
 <script type="text/javascript">
 window.onload=function() {
 if (!!window.ActiveXObject || "ActiveXObject" in window)
-  alert("您当前使用的浏览器为IE或IE内核，因为IE各种体验问题，本网站不对IE兼容。\n为能正常使用密码自助修改服务，请更换谷歌、火狐等非IE核心的浏览器。\n如果是360、Maxthon" +
+  alert("您当前使用的浏览器为IE或IE内核，因为IE各种体验问题，本网站不对IE兼容。\n为能正常使用密码自助修改服务，请更换谷歌、火狐等非IE核心的浏览器。\n如果是360、Maxthon等这类双核心浏览器，请切换至[极速模式]亦可。")
-      "等这类双核心浏览器，请切换至[极速模式]亦可。")
 }
 </script>
 </body></html>

uwsgi.ini

@@ -1,10 +1,8 @@
 [uwsgi]
-http-socket = 192.168.90.111:8000
+http-socket = PWD_SELF_SERVICE_IP:PWD_SELF_SERVICE_PORT
 
-# 项目目录
+chdir = PWD_SELF_SERVICE_HOME
-chdir = /usr/local/wwwroot/ad-password-self-service
+ 
-
-# settings.py 里的wsgi名称
 module = pwdselfservice.wsgi:application
 
 master = true
@@ -19,11 +17,12 @@ chmod-socket = 755
  
 vacuum = true
 
-#设置缓冲大小
+#设置缓冲
 post-buffering = 4096
 
-#设置静态文件目录映射
+#设置静态文件
-static-map = /static=/usr/local/wwwroot/ad-password-self-service/static
+static-map = /static=PWD_SELF_SERVICE_HOME/static
+
+#设置日志目录
+daemonize = PWD_SELF_SERVICE_HOME/log/uwsgi.log
 
-#设置日志保存目录
-daemonize = /usr/local/wwwroot/log/uwsgi/uwsgi.log

uwsgiserver

@@ -0,0 +1,53 @@
+#!/bin/sh
+# Startup script for the uwsgi server
+# chkconfig: - 85 15
+# description: uwsgi server is Web Server
+# HTML files and CGI.
+# processname: uwsgiserver
+
+INI="PWD_SELF_SERVICE_HOME/uwsgi.ini"
+UWSGI="/usr/share/python-3.6.9/bin/uwsgi"
+PSID="ps aux | grep "uwsgi"| grep -v "grep" | wc -l"
+
+if [ ! -n "$1" ]
+then
+    content="Usages: sh uwsgiserver [start|stop|restart|status]"
+    echo -e "\033[31m $content \033[0m"
+    exit 0
+fi
+
+if [ $1 = start ]
+then
+    if [ `eval $PSID` -gt 4 ]
+    then
+        content="uwsgi is running!"
+        echo -e "\033[32m $content \033[0m"
+        exit 0
+    else
+        $UWSGI $INI
+        content="Start uwsgi service [OK]"
+        echo -e "\033[32m $content \033[0m"
+    fi
+
+elif [ $1 = stop ];then
+    if [ `eval $PSID` -gt 4 ];then
+        killall -9 uwsgi
+    fi
+    content="Stop uwsgi service [OK]"
+    echo -e "\033[32m $content \033[0m"
+
+elif [ $1 = restart ];then
+    if [ `eval $PSID` -gt 4 ];then
+        killall -9 uwsgi
+    fi
+    $UWSGI --ini $INI
+    content="Restart uwsgi service [OK]"
+    echo -e "\033[32m $content \033[0m"
+
+elif [ $1 = status ];then
+    ps -ef | grep uwsgi | grep -v "uwsgiserver" | grep -v "grep"
+
+else
+    content="Usages: sh uwsgiserver [start|stop|restart|status]"
+    echo -e "\033[31m $content \033[0m"
+fi