7x31
/
ad-password-self-service
mirror of https://github.com/capricornxl/ad-password-self-service.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

添加自动安装脚本,方便快速部署上线。 

调整部分代码,之前scheme是写死的https,考虑可能会有使用http,所以改成从request.scheme中取。
添加uwsgi启动脚本
This commit is contained in:
pwdselfservice 2020-04-01 17:28:51 +08:00
parent fa8beccc12
commit 1352586d70
33 changed files with 913 additions and 168 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.gitignore vendored
View File

@ -1 +1,12 @@
/.idea
.idea
jsLibraryMappings.xml
misc.xml
modules.xml
pwdselfservice.iml
remote-mappings.xml
workspace.xml
codeStyles
inspectionProfiles
deployment.xml
encodings.xml

BIN
Python-3.6.9.tar.xz Normal file
View File

Binary file not shown.

255
auto-install.sh Normal file
View File

@ -0,0 +1,255 @@
#!/bin/bash
echo -e "此脚本为快速部署目前只做了Centos版本的如果是其它系统请自行修改下相关命令\n请准备一个新的环境运行\n本脚本会快速安装相关的环境和所需要的服务\n如果你运行脚本的服务器中已经存在如Nginx、Python3等可能会破坏掉原有的应用配置。"
##Check IP
function check_ip() {
local IP=$1
VALID_CHECK=$(echo $IP|awk -F. '$1<=255&&$2<=255&&$3<=255&&$4<=255{print "yes"}')
if echo $IP|grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" >/dev/null; then
if [[ $VALID_CHECK == "yes" ]]; then
return 0
else
return 1
fi
else
return 1
fi
}
##Check domain
function check_domain() {
local DOMAIN=$1
if echo $DOMAIN |grep -P "(?=^.{4,253}$)(^(?:[a-zA-Z0-9](?:(?:[a-zA-Z0-9\-]){0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$)" >/dev/null; then
return 0
else
return 1
fi
}
##Check Port
function check_port() {
local PORT=$1
VALID_CHECK=$(echo $PORT|awk '$1<=65535&&$1>=1{print "yes"}')
if echo $PORT |grep -E "^([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]{1}|6553[0-5])$" >/dev/null; then
if [[ $VALID_CHECK == "yes" ]]; then
return 0
else
return 1
fi
else
return 1
fi
}
while :; do echo
echo "请确认你此台服务器是全新干净的,以防此脚本相关操作对正在运行的服务造成影响(不可逆)。"
read -p "请确认是否继续执行,输入 [y/n]: " ensure_yn
if [[ ! "${ensure_yn}" =~ ^[y,n]$ ]]; then
echo "输入有误,请输入 y 或 n"
else
break
fi
done
if [[ "${ensure_yn}" = n ]]; then
exit 0
fi
echo "======================================================================="
while :; do echo
read -p "请输入密码自助平台使用的本机IP: " PWD_SELF_SERVICE_IP
check_ip ${PWD_SELF_SERVICE_IP}
if [[ $? -ne 0 ]]; then
echo "---输入的IP地址格式有误请重新输入。"
else
break
fi
done
echo "======================================================================="
while :; do echo
read -p "请输入密码自助平台使用的端口: " PWD_SELF_SERVICE_PORT
check_port ${PWD_SELF_SERVICE_PORT}
if [[ $? -ne 0 ]]; then
echo "---输入的端口有误,请重新输入。"
else
break
fi
done
echo "======================================================================="
while :; do echo
read -p "请输入密码自助平台使用域名例如pwd.abc.com: " PWD_SELF_SERVICE_DOMAIN
check_domain ${PWD_SELF_SERVICE_DOMAIN}
if [[ $? -ne 0 ]]; then
echo "---输入的域名格式有误,请重新输入。"
else
break
fi
done
##当前脚本的绝对路径
SHELL_FOLDER=$(dirname $(readlink -f "$0"))
echo "关闭SELINUX"
sudo setenforce 0
sudo sed -i 's@SELINUX=*@SELINUX=disabled@g' /etc/selinux/config
echo "DONE....."
echo "关闭防火墙"
sudo systemctl disable firewalld
sudo systemctl stop firewalld
echo "DONE....."
echo "初始化编译环境----------"
sudo yum install gcc patch libffi-devel python-devel zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel wget psmisc -y
echo "======================================================================="
echo "初始化编译环境完成"
echo "======================================================================="
##Quick install nginx
echo "======================================================================="
echo "安装 Nginx"
sudo cat << EOF > /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/7/\$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
sudo yum makecache fast
sudo yum install nginx -y
if [[ $? -eq 0 ]]
then
sudo systemctl enable nginx
sudo systemctl start nginx
echo "======================================================================="
echo "nginx 安装成功!"
echo "======================================================================="
else
echo "======================================================================="
echo "nginx 安装失败!"
echo "======================================================================="
exit 1
fi
##install python3
##如果之前用此脚本安装过python3后续就不会再次安装。
if [[ -f "/usr/share/python-3.6.9/bin/python3" ]]
then
echo "己发现Python3将不会安装。"
else
if [[ -f "Python-3.6.9.tar.xz" ]]
then
echo "将安装Python3.6.9"
tar xf Python-3.6.9.tar.xz
cd Python-3.6.9
sudo ./configure --prefix=/usr/share/python-3.6.9 && make && make install
else
echo "脚本目录下没有发现Python3.6.9.tar.xz将会下载python 3.6.9"
sudo wget https://www.python.org/ftp/python/3.6.9/Python-3.6.9.tar.xz
tar xf Python-3.6.9.tar.xz
cd Python-3.6.9
sudo ./configure --prefix=/usr/share/python-3.6.9 && make && make install
fi
if [[ $? -eq 0 ]]
then
echo "创建python3和pip3的软件链接"
cd ${SHELL_FOLDER}
sudo ln -svf /usr/share/python-3.6.9/bin/python3 /usr/bin/python3
sudo ln -svf /usr/share/python-3.6.9/bin/pip3 /usr/bin/pip3
echo "======================================================================="
echo "Python3 安装成功!"
echo "======================================================================="
else
echo "======================================================================="
echo "Python3 安装失败!"
echo "======================================================================="
exit 1
fi
fi
##修改PIP源为国内
mkdir -p ~/.pip
cat << EOF > ~/.pip/pip.conf
[global]
index-url = https://pypi.tuna.tsinghua.edu.cn/simple
[install]
trusted-host=pypi.tuna.tsinghua.edu.cn
EOF
cd ${SHELL_FOLDER}
echo "====升级pip================"
/usr/bin/pip3 install --upgrade pip
/usr/bin/pip3 install -r requestment
if [[ $? -eq 0 ]]
then
echo "======================================================================="
echo "Pip3 requestment 安装成功!"
echo "======================================================================="
else
echo "======================================================================="
echo "Pip3 requestment 安装失败!"
echo "======================================================================="
exit 1
fi
##处理配置文件
echo "======================================================================="
echo "处理uwsgi.ini配置文件"
sed -i "s@PWD_SELF_SERVICE_HOME@${SHELL_FOLDER}@g" ${SHELL_FOLDER}/uwsgi.ini
sed -i "s@PWD_SELF_SERVICE_IP@${PWD_SELF_SERVICE_IP}@g" ${SHELL_FOLDER}/uwsgi.ini
sed -i "s@PWD_SELF_SERVICE_PORT@${PWD_SELF_SERVICE_PORT}@g" ${SHELL_FOLDER}/uwsgi.ini
echo "处理uwsgi.ini配置文件完成"
echo
echo "处理uwsgiserver启动脚本"
sed -i "s@PWD_SELF_SERVICE_HOME@${SHELL_FOLDER}@g" ${SHELL_FOLDER}/uwsgiserver
alias cp='cp'
cp -f ${SHELL_FOLDER}/uwsgiserver /etc/init.d/uwsgiserver
chmod +x /etc/init.d/uwsgiserver
chkconfig uwsgiserver on
echo "处理uwsgiserver启动脚本完成"
echo
sed -i "s@PWD_SELF_SERVICE_DOMAIN@${PWD_SELF_SERVICE_DOMAIN}@g" ${SHELL_FOLDER}/pwdselfservice/local_settings.py
##Nginx vhost配置
cat << EOF > /etc/nginx/conf.d/pwdselfservice.conf
server {
listen 80;
server_name ${PWD_SELF_SERVICE_DOMAIN} ${PWD_SELF_SERVICE_IP};
location / {
proxy_pass http://${PWD_SELF_SERVICE_IP}:${PWD_SELF_SERVICE_PORT};
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
}
access_log off;
}
EOF
rm -f /etc/nginx/conf.d/default.conf
systemctl restart nginx
echo
echo "======================================================================="
echo
echo "密码自助服务平台的访问地址是http://${PWD_SELF_SERVICE_DOMAIN}或http://${PWD_SELF_SERVICE_IP}"
echo "请确保以上域名能正常解析,否则使用域名无法访问。"
echo
echo "Uwsgi启动/etc/init.d/uwsgi start"
echo "Uwsgi停止/etc/init.d/uwsgi stop"
echo "Uwsgi重启/etc/init.d/uwsgi restart"
echo
echo
echo "文件${SHELL_FOLDER}/pwdselfservice/local_setting.py中必要参数需要你自行修改"
echo "此文件中有AD和钉钉的一些参数按自己企业的修改"
echo
echo "======================================================================="

0
db.sqlite3 → log/log.log
View File

BIN
pwdselfservice/__pycache__/__init__.cpython-36.pyc Normal file
View File

Binary file not shown.

BIN
pwdselfservice/__pycache__/loca_settings.cpython-36.pyc Normal file
View File

Binary file not shown.

BIN
pwdselfservice/__pycache__/local_settings.cpython-36.pyc Normal file
View File

Binary file not shown.

BIN
pwdselfservice/__pycache__/settings.cpython-36.pyc Normal file
View File

Binary file not shown.

BIN
pwdselfservice/__pycache__/urls.cpython-36.pyc Normal file
View File

Binary file not shown.

BIN
pwdselfservice/__pycache__/wsgi.cpython-36.pyc Normal file
View File

Binary file not shown.

45
pwdselfservice/local_settings.py
View File

@ -1,30 +1,39 @@
# AD配置
AD_HOST = 'abc.com'
AD_LOGIN_USER = 'abc\pwdadmin'
AD_LOGIN_USER_PWD = 'gVykWgNNF0oBQzwmwPp8'
BASE_DN = 'OU=RD,DC=abc,DC=com'
# AD配置修改为自己的
# AD主机可以是IP或主机域名例如可以是:abc.com或172.16.122.1
AD_HOST = '修改为自己的'
# 用于登录AD做用户信息验证的账号 需要有修改用户账号密码的权限。
# 账号格式使用DOMAIN\USERNAME例如abc\pwdadmin
AD_LOGIN_USER = '修改为自己的'
# 密码
AD_LOGIN_USER_PWD = '修改为自己的'
# BASE DN账号的查找DN路径例如'DC=abc,DC=com'可以指定到OU之下例如'OU=RD,DC=abc,DC=com'。
BASE_DN = '修改为自己的'
# 钉钉配置
# 钉钉统一接口地址,不可修改。
# 钉钉接口地址,不可修改
DING_URL = "https://oapi.dingtalk.com/sns"
# 钉钉企业ID
DING_CORP_ID = 'ding0176902811df32'
# 钉钉企业ID,修改为自己的
DING_CORP_ID = '修改为自己的'
# 钉钉E应用
DING_AGENT_ID = '25311eeee'
DING_APP_KEY = 'dingqdzmax324v'
DING_APP_SECRET = 'rnGRJhhw5kVmzykG9mrTDxewmI4e0myPAluMlguYQOaadsf2fhgfdfsx'
# 钉钉E应用,修改为自己的
DING_AGENT_ID = '修改为自己的'
DING_APP_KEY = '修改为自己的'
DING_APP_SECRET = '修改为自己的'
# 钉钉移动应用接入
DING_SELF_APP_ID = 'dingoabrzugusdfdf33fgfds'
DING_SELF_APP_SECRET = 'IrH2MedSgesguFjGvFCTjXYBRZDhA5AI4ADQU5710sgLffdsadf32uhgfdsfs'
# 钉钉移动应用接入,修改为自己的
DING_SELF_APP_ID = '修改为自己的'
DING_SELF_APP_SECRET = '修改为自己的'
# Crypty key 通过generate_key生成可不用修改如果需要自行生成请使用Crypto.generate_key自行生成用于加密页面提交的明文密码
# Crypty key 通过generate_key生成可不用修改
CRYPTO_KEY = b'dp8U9y7NAhCD3MoNwPzPBhBtTZ1uI_WWSdpNs6wUDgs='
# COOKIE 超时,定义多长时间页面失效,单位秒。
# COOKIE 超时单位是秒,可不用修改
TMPID_COOKIE_AGE = 300
# 主页域名index.html中的钉钉跳转等需要指定域名。
HOME_URL = 'https://pwd.abc.com'
HOME_URL = 'PWD_SELF_SERVICE_DOMAIN'

14
pwdselfservice/settings.py
View File

@ -88,7 +88,7 @@ SESSION_EXPIRE_AT_BROWSER_CLOSE = True
# Application definition
INSTALLED_APPS = [
'django.contrib.admin',
# 'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
@ -132,12 +132,12 @@ WSGI_APPLICATION = 'pwdselfservice.wsgi.application'
# Database
# https://docs.djangoproject.com/en/2.1/ref/settings/#databases
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
}
}
# DATABASES = {
# 'default': {
# 'ENGINE': 'django.db.backends.sqlite3',
# 'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
# }
# }
# Password validation

5
pwdselfservice/urls.py
View File

@ -1,11 +1,8 @@
from django.urls import path, include, re_path
from django.urls import path
from django.views.generic.base import RedirectView
from django.conf import urls
import resetpwd.views
from django.conf.urls.static import static
urlpatterns = {
# path('admin/', admin.site.urls)
path("favicon.ico", RedirectView.as_view(url='static/img/favicon.ico')),
path('', resetpwd.views.resetpwd_index, name='index'),
path('resetcheck', resetpwd.views.resetpwd_check_userinfo, name='resetcheck'),

179
readme.md
View File

@ -1,6 +1,5 @@
# 初学Django时碰到的一个需求因为公司中很多员工在修改密码之后有一些关联的客户端或网页中的旧密码没有更新导致密码在尝试多次之后账号被锁为了减少这种让人头疼的重置解锁密码的操蛋工作自己做了一个自助修改小平台。
## 代码写得很LOW有需要的可以直接拿去用。
## 水平有限,代码写得不好,但是能用,有需要的可以直接拿去用。
#### 场景说明:
因为本公司AD是早期已经在用用户的个人信息不是十分全面例如:用户手机号。
钉钉是后来才开始使用,钉钉默认是使用手机号登录。
@ -33,40 +32,105 @@
其中pwd.abc.com请按自己实际域名来并记录相关的appId、appSecret。
# 使用脚本自动快速部署
## 我添加了一个快速自动部署脚本,可快速自动部署完成当前项目上线。
把整个项目目录上传到新的服务器上
```shell
chmod +x auto-install.sh
./auto-install.sh
```
等待所以安装完成即可。
#### 按自己实际的配置修改项目配置参数:
修改pwdselfservice/local_settings.py中的参数按自己的实际参数修改
```` python
# AD配置
# AD主机可以是IP或主机域名例如可以是:abc.com或172.16.122.1
AD_HOST = '修改为自己的'
# 用于登录AD做用户信息验证的账号 需要有修改用户账号密码的权限。
# 账号格式使用DOMAIN\USERNAME例如abc\pwdadmin
AD_LOGIN_USER = '修改为自己的'
# 密码
AD_LOGIN_USER_PWD = '修改为自己的'
# BASE DN账号的查找DN路径例如'DC=abc,DC=com'可以指定到OU之下例如'OU=RD,DC=abc,DC=com'。
BASE_DN = '修改为自己的'
# 钉钉配置
# 钉钉接口地址,不可修改
DING_URL = "https://oapi.dingtalk.com/sns"
# 钉钉企业ID
DING_CORP_ID = '修改为自己的'
# 钉钉E应用
DING_AGENT_ID = '修改为自己的'
DING_APP_KEY = '修改为自己的'
DING_APP_SECRET = '修改为自己的'
# 钉钉移动应用接入
DING_SELF_APP_ID = '修改为自己的'
DING_SELF_APP_SECRET = '修改为自己的'
# Crypty key 通过generate_key生成可不用修改
CRYPTO_KEY = b'dp8U9y7NAhCD3MoNwPzPBhBtTZ1uI_WWSdpNs6wUDgs='
# COOKIE 超时单位是秒,可不用修改
TMPID_COOKIE_AGE = 300
# 主页域名index.html中的钉钉跳转等需要指定域名如果是脚本自动部署以下域名会自动替换。
HOME_URL = 'PWD_SELF_SERVICE_DOMAIN'
````
# 手动部署
## 按自己实际的配置修改项目配置参数:
修改pwdselfservice/local_settings.py中的参数按自己的实际参数修改
```` python
# AD配置
AD_HOST = 'abc.com'
AD_LOGIN_USER = 'abc\pwdadmin'
AD_LOGIN_USER_PWD = 'gVykWgNNF0oBQzwmwPp8'
BASE_DN = 'OU=rd,DC=abc,DC=com'
# AD配置修改为自己的
# AD主机可以是IP或主机域名例如可以是:abc.com或172.16.122.1
AD_HOST = '修改为自己的'
# 用于登录AD做用户信息验证的账号 需要有修改用户账号密码的权限。
# 账号格式使用DOMAIN\USERNAME例如abc\pwdadmin
AD_LOGIN_USER = '修改为自己的'
# 密码
AD_LOGIN_USER_PWD = '修改为自己的'
# BASE DN账号的查找DN路径例如'DC=abc,DC=com'可以指定到OU之下例如'OU=RD,DC=abc,DC=com'。
BASE_DN = '修改为自己的'
# 钉钉配置
# 钉钉统一接口地址,不可修改
# 钉钉接口地址,不可修改
DING_URL = "https://oapi.dingtalk.com/sns"
# 钉钉企业ID
DING_CORP_ID = 'ding01769028f06d321'
# 钉钉企业ID,修改为自己的
DING_CORP_ID = '修改为自己的'
# 钉钉E应用
DING_AGENT_ID = '25304321'
DING_APP_KEY = 'dingqdzmn611l5321321'
DING_APP_SECRET = 'rnGRJhhw5kVmzykG9mrTDxewmI4e0myP1123333221jzeKv3amQYWcInLV3x'
# 钉钉E应用,修改为自己的
DING_AGENT_ID = '修改为自己的'
DING_APP_KEY = '修改为自己的'
DING_APP_SECRET = '修改为自己的'
# 钉钉移动应用接入
DING_SELF_APP_ID = 'dingoabr112233xts'
DING_SELF_APP_SECRET = 'IrH2MedSgesguFjGvFCTjXYBRZD3322112233332211222'
# 钉钉移动应用接入,修改为自己的
DING_SELF_APP_ID = '修改为自己的'
DING_SELF_APP_SECRET = '修改为自己的'
# Crypty key 通过Crypty.generate_key生成
# Crypty key 通过generate_key生成,可不用修改
CRYPTO_KEY = b'dp8U9y7NAhCD3MoNwPzPBhBtTZ1uI_WWSdpNs6wUDgs='
# COOKIE 超时
# COOKIE 超时单位是秒,可不用修改
TMPID_COOKIE_AGE = 300
# 主页域名
HOME_URL = 'https://pwd.abc.com'
# 主页域名index.html中的钉钉跳转等需要指定域名。
HOME_URL = 'PWD_SELF_SERVICE_DOMAIN'
````
@ -119,34 +183,60 @@ daemonize = /usr/local/wwwroot/log/uwsgi/uwsgi.log
````
## 通过uwsgi启动
/usr/local/python3/bin/uwsgi -d --ini /usr/local/wwwroot/ad-password-self-service/uwsgi.ini
其中/xxx/xxx/ad-password-self-service/uwsgi.ini是你自己的服务器中此文件的真实地址
启动之后也可以通过IP+端口访问了。
提供2个脚本让uwsgi在修改文件时能自动重载
uwsgi-start.sh:
## 通过uwsgiserver启动
其中PWD_SELF_SERVICE_HOME是你自己的服务器当前项目的目录请自行修改
将以下脚本修改完之后,复制到/etc/init.d/,给予执行权限。
uwsgiserver:
```shell
#!/bin/sh
/usr/local/python3/bin/uwsgi -d --ini /usr/local/wwwroot/ad-password-self-service/uwsgi.ini --touch-reload "/usr/local/wwwroot/ad-password-self-service/reload.set"
```
uwsgi-autoreload.sh:
````shell
#!/bin/sh
objectdir="/usr/local/wwwroot/ad-password-self-service"
INI="PWD_SELF_SERVICE_HOME/uwsgi.ini"
UWSGI="/usr/share/python-3.6.9/bin/uwsgi"
PSID=`ps aux | grep "uwsgi"| grep -v "grep" | wc -l`
if [ ! -n "$1" ]
then
content="Usages: sh uwsgiserver [start|stop|restart]"
echo -e "\033[31m $content \033[0m"
exit 0
fi
if [ $1 = start ]
then
if [ `eval $PSID` -gt 4 ]
then
content="uwsgi is running!"
echo -e "\033[32m $content \033[0m"
exit 0
else
$UWSGI $INI
content="Start uwsgi service [OK]"
echo -e "\033[32m $content \033[0m"
fi
elif [ $1 = stop ];then
if [ `eval $PSID` -gt 4 ];then
killall -9 uwsgi
fi
content="Stop uwsgi service [OK]"
echo -e "\033[32m $content \033[0m"
elif [ $1 = restart ];then
if [ `eval $PSID` -gt 4 ];then
killall -9 uwsgi
fi
$UWSGI --ini $INI
content="Restart uwsgi service [OK]"
echo -e "\033[32m $content \033[0m"
else
content="Usages: sh uwsgiserver [start|stop|restart]"
echo -e "\033[31m $content \033[0m"
fi
/usr/bin/inotifywait -mrq --exclude "(logs|\.swp|\.swx|\.log|\.pyc|\.sqlite3)" --timefmt '%d/%m/%y %H:%M' --format '%T %wf' --event modify,delete,move,create,attrib ${objectdir} | while read files
do
/bin/touch /usr/local/wwwroot/ad-password-self-service/reload.set
continue
done &
````
脚本内的路径按自己实际情况修改
## Nginx配置
@ -164,10 +254,9 @@ server {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
access_log /var/log/nginx/vhost/pwd.log access;
error_log /var/log/nginx/vhost/pwd.err error;
access_log off;
}
````

2
requestment
View File

@ -1,6 +1,6 @@
Django==2.1.8
dingtalk-sdk>=1.2.2
pycrypto==2.6
pycrypto>=2.6
cryptography
ldap3
requests

BIN
resetpwd/__pycache__/__init__.cpython-36.pyc Normal file
View File

Binary file not shown.

BIN
resetpwd/__pycache__/admin.cpython-36.pyc Normal file
View File

Binary file not shown.

BIN
resetpwd/__pycache__/form.cpython-36.pyc Normal file
View File

Binary file not shown.

BIN
resetpwd/__pycache__/models.cpython-36.pyc Normal file
View File

Binary file not shown.

BIN
resetpwd/__pycache__/views.cpython-36.pyc Normal file
View File

Binary file not shown.

34
resetpwd/form.py Normal file
View File

@ -0,0 +1,34 @@
from django.forms import fields as c_fields
from django import forms as c_forms
from django.core.exceptions import ValidationError
class CheckForm(c_forms.Form):
new_password = c_fields.RegexField(
'(?=.*[0-9])(?=.*[a-zA-Z])(?=.*[^a-zA-Z0-9]).{8,30}',
# 密码必须同时包含大写、小写、数字和特殊字符其中三项且至少8位
strip=True,
min_length=8,
max_length=30,
error_messages={'required': '新密码不能为空.',
'invalid': '密码必须包含数字,字母、特殊字符',
'min_length': "密码长度不能小于8个字符",
'max_length': "密码长度不能大于30个字符"}
)
old_password = c_fields.CharField(error_messages={'required': '确认密码不能为空'})
ensure_password = c_fields.CharField(error_messages={'required': '确认密码不能为空'})
user_email = c_fields.CharField(error_messages={'required': '邮箱不能为空', 'invalid': '邮箱格式错误'})
def clean(self):
pwd0 = self.cleaned_data.get('old_password')
pwd1 = self.cleaned_data.get('new_password')
pwd2 = self.cleaned_data.get('ensure_password')
if pwd1 == pwd2:
pass
elif pwd0 == pwd1:
# 这里异常模块导入要放在函数里面,放到文件开头有时会报错,找不到
from django.core.exceptions import ValidationError
raise ValidationError('新旧密码不能一样')
else:
from django.core.exceptions import ValidationError
raise ValidationError('新密码和确认密码输入不一致')

BIN
resetpwd/migrations/__pycache__/__init__.cpython-36.pyc Normal file
View File

Binary file not shown.

3
resetpwd/tests.py
View File

@ -1,3 +0,0 @@
from django.test import TestCase
# Create your tests here.

51
resetpwd/utils/ad.py
View File

@ -3,6 +3,10 @@ from pwdselfservice.local_settings import *
def __ad_connect():
"""
AD连接器
:return:
"""
username = str(AD_LOGIN_USER).lower()
server = Server(host=AD_HOST, use_ssl=True, port=636, get_info='ALL')
try:
@ -22,7 +26,9 @@ def ad_ensure_user_by_sam(username):
base_dn = BASE_DN
condition = '(&(objectclass=person)(mail=' + username + '))'
attributes = ['sAMAccountName']
return conn.search(base_dn, condition, attributes=attributes)
result = conn.search(base_dn, condition, attributes=attributes)
conn.unbind()
return result
def ad_ensure_user_by_mail(user_mail_addr):
@ -35,10 +41,17 @@ def ad_ensure_user_by_mail(user_mail_addr):
base_dn = BASE_DN
condition = '(&(objectclass=person)(mail=' + user_mail_addr + '))'
attributes = ['mail']
return conn.search(base_dn, condition, attributes=attributes)
result = conn.search(base_dn, condition, attributes=attributes)
conn.unbind()
return result
def ad_get_user_displayname_by_mail(user_mail_addr):
"""
通过mail查询某个用户的显示名
:param user_mail_addr:
:return: user_displayname
"""
conn = __ad_connect()
conn.search(BASE_DN, '(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=[
'displayName'])
@ -48,22 +61,39 @@ def ad_get_user_displayname_by_mail(user_mail_addr):
def ad_get_user_dn_by_mail(user_mail_addr):
"""
通过mail查询某个用户的完整DN
:param user_mail_addr:
:return: DN
"""
conn = __ad_connect()
conn.search(BASE_DN,
'(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=['distinguishedName'])
user_dn = conn.entries[0]['distinguishedName']
conn.unbind()
return user_dn
def ad_get_user_status_by_mail(user_mail_addr):
"""
通过mail查询某个用户的账号状态
:param user_mail_addr:
:return: user_account_control code
"""
conn = __ad_connect()
conn.search(BASE_DN,
'(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=['userAccountControl'])
user_account_control = conn.entries[0]['userAccountControl']
conn.unbind()
return user_account_control
def ad_unlock_user_by_mail(user_mail_addr):
"""
通过mail解锁某个用户
:param user_mail_addr:
:return:
"""
conn = __ad_connect()
user_dn = ad_get_user_dn_by_mail(user_mail_addr)
result = conn.extend.microsoft.unlock_account(user="%s" % user_dn)
@ -72,6 +102,11 @@ def ad_unlock_user_by_mail(user_mail_addr):
def ad_reset_user_pwd_by_mail(user_mail_addr, new_password):
"""
通过mail重置某个用户的密码
:param user_mail_addr:
:return:
"""
conn = __ad_connect()
user_dn = ad_get_user_dn_by_mail(user_mail_addr)
result = conn.extend.microsoft.modify_password(user="%s" % user_dn, new_password="%s" % new_password)
@ -80,6 +115,11 @@ def ad_reset_user_pwd_by_mail(user_mail_addr, new_password):
def ad_modify_user_pwd_by_mail(user_mail_addr, old_password, new_password):
"""
通过mail修改某个用户的密码
:param user_mail_addr:
:return:
"""
conn = __ad_connect()
user_dn = ad_get_user_dn_by_mail(user_mail_addr)
result = conn.extend.microsoft.modify_password(user="%s" % user_dn, new_password="%s" % new_password,
@ -89,10 +129,15 @@ def ad_modify_user_pwd_by_mail(user_mail_addr, old_password, new_password):
def ad_get_user_locked_status_by_mail(user_mail_addr):
"""
通过mail获取某个用户账号是否被锁定
:param user_mail_addr:
:return: 如果结果是1601-01-01说明账号未锁定返回0
"""
conn = __ad_connect()
conn.search(BASE_DN, '(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=['lockoutTime'])
locked_status = conn.entries[0]['lockoutTime']
print(locked_status)
conn.unbind()
if '1601-01-01' in str(locked_status):
return 0
else:

17
resetpwd/utils/dingding.py
View File

@ -4,6 +4,10 @@ from pwdselfservice.local_settings import *
def ding_get_access_token():
"""
获取钉钉access token
:return:
"""
resp = requests.get(
url=DING_URL + "/gettoken",
params=dict(appid=DING_SELF_APP_ID, appsecret=DING_SELF_APP_SECRET)
@ -16,6 +20,10 @@ def ding_get_access_token():
def ding_get_persistent_code(code, token):
"""
获取钉钉当前用户的unionid
:return:
"""
resp = requests.post(
url="%s/get_persistent_code?access_token=%s" % (DING_URL, token),
json=dict(tmp_auth_code=code),
@ -28,11 +36,20 @@ def ding_get_persistent_code(code, token):
def ding_client_connect():
"""
钉钉连接器
:return:
"""
client = AppKeyClient(corp_id=DING_CORP_ID, app_key=DING_APP_KEY, app_secret=DING_APP_SECRET)
return client
def ding_get_dept_user_list_detail(dept_id, offset, size):
"""
获取部门中的用户列表详细清单
:param code:
:return:
"""
client = ding_client_connect()
result = client.user.list(department_id=dept_id, offset=offset, size=size)
return result

4
resetpwd/utils/pwdcheck.py
View File

@ -4,12 +4,12 @@ from django.contrib import messages
from dingtalk import *
from resetpwd.models import *
from .crypto import Crypto
from .ad import ad_get_user_locked_status_by_mail, ad_unlock_user_by_mail, ad_reset_user_pwd_by_mail, \
from resetpwd.utils.ad import ad_get_user_locked_status_by_mail, ad_unlock_user_by_mail, ad_reset_user_pwd_by_mail, \
ad_get_user_status_by_mail, ad_ensure_user_by_mail, ad_modify_user_pwd_by_mail
from .dingding import ding_get_userinfo_detail, ding_get_userid_by_unionid, ding_get_userinfo_by_code, \
ding_get_persistent_code, ding_get_access_token
from pwdselfservice.local_settings import *
from .form import *
from resetpwd.form import *
class CustomPasswortValidator(object):

108
resetpwd/views.py
View File

@ -6,17 +6,20 @@ from resetpwd.utils.ad import ad_get_user_locked_status_by_mail, ad_unlock_user_
from resetpwd.utils.dingding import ding_get_userinfo_detail, ding_get_userid_by_unionid, \
ding_get_persistent_code, ding_get_access_token
from pwdselfservice.local_settings import *
from resetpwd.utils.form import CheckForm
from .form import CheckForm
import logging
msg_template = 'msg.html'
home_url = HOME_URL
logger = logging.getLogger('django')
def resetpwd_index(request):
home_url = HOME_URL
"""
用户修改密码
:param request:
:return:
"""
home_url = '%s://%s' % (request.scheme, HOME_URL)
app_id = DING_SELF_APP_ID
if request.method == 'GET':
return render(request, 'index.html', locals())
@ -24,8 +27,8 @@ def resetpwd_index(request):
logger.error('[异常] 请求方法:%s,请求路径:%s' % (request.method, request.path))
if request.method == 'POST':
# 对前端提交的数据进行二次验证,防止恶意提交简单密码或串改账号。
check_form = CheckForm(request.POST)
# 对前端提交的用户名、密码进行二次验证防止有人恶意修改前端JS提交简单密码或提交非法用户
if check_form.is_valid():
form_obj = check_form.cleaned_data
user_email = form_obj.get("user_email")
@ -41,6 +44,7 @@ def resetpwd_index(request):
}
return render(request, msg_template, context)
if user_email and old_password and new_password:
try:
# 判断账号是否被锁定
if ad_get_user_locked_status_by_mail(user_mail_addr=user_email) is not 0:
@ -51,7 +55,7 @@ def resetpwd_index(request):
}
return render(request, msg_template, context)
# 判断账号状态是否禁用或锁定
# 514 66050是AD中账号被禁用的特定代码这个可以在微软官网查到。
if ad_get_user_status_by_mail(user_mail_addr=user_email) == 514 or ad_get_user_status_by_mail(
user_mail_addr=user_email) == 66050:
context = {
@ -61,25 +65,10 @@ def resetpwd_index(request):
}
return render(request, msg_template, context)
except IndexError:
context = {
'msg': "请确认邮箱账号[%s]是否正确未能在Active Directory中检索到相关信息。" % user_email,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
except Exception as e:
context = {
'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e),
'button_click': "window.history.back()",
'button_display': "返回"
}
return render(request, msg_template, context)
# 修改密码
try:
result = ad_modify_user_pwd_by_mail(user_mail_addr=user_email, old_password=old_password,
new_password=new_password)
if result is True:
if result:
context = {
'msg': "密码己修改成功,请妥善保管密码。你可直接关闭此页面!",
'button_click': "window.location.href='%s'" % home_url,
@ -95,6 +84,46 @@ def resetpwd_index(request):
}
return render(request, msg_template, context)
except IndexError:
context = {
'msg': "请确认邮箱账号[%s]是否正确未能在Active Directory中检索到相关信息。" % user_email,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
except Exception as e:
context = {
'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
except IndexError:
context = {
'msg': "请确认邮箱账号[%s]是否正确未能在Active Directory中检索到相关信息。" % user_email,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
except Exception as e:
context = {
'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e),
'button_click': "window.history.back()",
'button_display': "返回"
}
return render(request, msg_template, context)
else:
context = {
'msg': "用户名、旧密码、新密码参数不正确,请重新确认后输入。",
'button_click': "window.history.back()",
'button_display': "返回"
}
return render(request, msg_template, context)
else:
context = {
'msg': "请从主页进行修改密码操作或扫码验证用户信息。",
@ -105,6 +134,13 @@ def resetpwd_index(request):
def resetpwd_check_userinfo(request):
"""
钉钉扫码回调数据对用户在AD中进行验证
扫码之后从钉钉中取出用户的unionid
:param request:
:return:
"""
home_url = '%s://%s' % (request.scheme, HOME_URL)
code = request.GET.get('code')
if code:
logger.info('[成功] 请求方法:%s,请求路径:%sCODE%s' % (request.method, request.path, code))
@ -112,7 +148,7 @@ def resetpwd_check_userinfo(request):
logger.error('[异常] 请求方法:%s,请求路径:%s未能拿到CODE。' % (request.method, request.path))
try:
unionid = ding_get_persistent_code(code, ding_get_access_token())
# unionid 在钉钉企业中是否存在
# 判断 unionid 在本企业钉钉中是否存在
if not unionid:
logger.error('[异常] 请求方法:%s,请求路径:%s未能拿到unionid。' % (request.method, request.path))
context = {
@ -127,8 +163,9 @@ def resetpwd_check_userinfo(request):
# 钉钉中此账号是否可用
if ding_user_info['active']:
crypto = Crypto(CRYPTO_KEY)
# 对unionid进行加密因为unionid基本上固定不变的为了防止unionid泄露而导致重复使用进行加密后再传回。
unionid_cryto = crypto.encrypt(unionid)
# 配置cookie并重定向到重置密码页面。
# 配置cookie通过cookie把加密后的用户unionid传到重置密码页面并重定向到重置密码页面。
set_cookie = HttpResponseRedirect('resetpwd')
set_cookie.set_cookie('tmpid', unionid_cryto, expires=TMPID_COOKIE_AGE)
return set_cookie
@ -169,7 +206,14 @@ def resetpwd_check_userinfo(request):
def resetpwd_reset(request):
"""
钉钉扫码并验证信息之后在重置密码页面将用户邮箱进行绑定
:param request:
:return:
"""
global unionid_crypto
home_url = '%s://%s' % (request.scheme, HOME_URL)
# 从cookie中提取unionid并解密然后对当前unionid的用户进行重置密码
if request.method == 'GET':
try:
unionid_crypto = request.COOKIES.get('tmpid')
@ -183,14 +227,18 @@ def resetpwd_reset(request):
'button_display': "返回主页"
}
return render(request, msg_template, context)
# 解密
crypto = Crypto(CRYPTO_KEY)
unionid = crypto.decrypt(unionid_crypto)
# 通过unionid在钉钉中拿到用户的邮箱
user_email = ding_get_userinfo_detail(ding_get_userid_by_unionid(unionid))['email']
# 如果邮箱在钉钉中能提取,则提交到前端绑定
if user_email:
context = {
'user_email': user_email,
}
return render(request, 'resetpwd.html', context)
# 否则就是钉钉中此用户未配置邮箱,返回相关提示
else:
context = {
'msg': "%s 您好企业钉钉中未能找到您账号的邮箱配置请联系HR完善信息。" % ding_get_userinfo_detail(ding_get_userid_by_unionid(
@ -200,9 +248,11 @@ def resetpwd_reset(request):
}
return render(request, msg_template, context)
# 重置密码页面,输入新密码后点击提交
elif request.method == 'POST':
new_password = request.POST.get('new_password').strip()
unionid_crypto = request.COOKIES.get('tmpid')
# 对cookie中的unionid进行超时验证如果页面超时就不再做处理。
if not unionid_crypto:
context = {
'msg': "会话己超时,请重新扫码验证用户信息。",
@ -271,6 +321,12 @@ def resetpwd_reset(request):
def resetpwd_unlock(request):
"""
解锁账号
:param request:
:return:
"""
home_url = '%s://%s' % (request.scheme, HOME_URL)
if request.method == 'GET':
unionid_crypto = request.COOKIES.get('tmpid')
if not unionid_crypto:
@ -308,7 +364,7 @@ def resetpwd_unlock(request):
'button_display': "返回主页"
}
return render(request, msg_template, context)
else:
try:
result = ad_unlock_user_by_mail(user_email)
if result:

119
static/css/login_v2.css Normal file
View File

@ -0,0 +1,119 @@
a, body, button, dd, div, dl, dt, h1, h2, h3, h4, h5, h6, input, li, ol, p, td, textarea, ul { margin: 0; padding: 0; }
body, button, input, select, textarea { font: 9pt/1.5 tahoma,arial,Hiragino Sans GB,\5b8b\4f53,sans-serif; }
button, h1, h2, h3, h4, h5, h6, input, select, textarea { font-size: 100%; }
/*background-image: linear-gradient(160deg, #2f548e 20%,#043559 80%);*/
html{height: 100%; background-image: linear-gradient(160deg, #2f548e 20%,#043559 80%);}
ol, ul { list-style: none;}
a { color: #666; text-decoration: none; }
a:hover { color: #043559; text-decoration: underline; }
body { font-size: 9pt; height: 100%;
font-family: 'microsoft yahei', sans-serif; min-width: 750pt; margin: 0; overflow: hidden}
img { border: 0; vertical-align: top; }
textarea { resize: none; }
a, button, input, select, textarea { outline: 0; }
a, button { cursor: pointer; }
button { border: none; }
.errorlist {font-size: 16px; color: #333333}
.pagewrap {height: 100% }
.main { position: relative; margin-top:0; width: 100%; height: 100%}
.header {height: 100px;margin-bottom: 5%;margin-left: 50px; background: url(/static/img/rgec.png) left center no-repeat; }
.header h1 a { display: block; }
.content { overflow: hidden; margin-left: 10% }
.content .con_left { float: left; height: 450px; width: 50%; margin-top: 65px}
/*.content .con_left .box {position: absolute; width: 400px; height:400px; left: 50%; right: 50%; margin-left: -100px; margin-right: -100px;}*/
.content .con_left p { padding: 0 0 3px; width: 10pc; color: #040000; font-size: 1pc; font-family: 'microsoft yahei', sans-serif; }
.content .con_left a { padding: 0 0 0 2pc; color: #2f548e; text-decoration: underline; font-size: 1pc; font-family: 'microsoft yahei', sans-serif; }
.content .con_right { float: left; margin: 65px 0 0; width: 28pc; height: 450px; border: 1px solid #dedede; background: #fff; }
.content .con_right .con_r_top { padding: 0 0 0 39px; width: 409px; height: 110px; border-top: 8px solid #2e558e; }
.content .con_right .con_r_top .left, .content .con_right .con_r_top .right { float: left; padding: 35px 0 0; width: 186px; height: 35px; text-align: center; text-decoration: none; font-size: 18px; font-family: "微软雅黑"; }
.content .con_right .con_r_top .left { border-bottom: 2px solid #dedede; color: #999; }
.content .con_right ul .con_r_left .erweima { text-align: center; }
.content .con_right ul .con_r_left p {color: #2f548e; font-size: 25px; font-family: 'microsoft yahei', sans-serif; }
.content .con_right ul .con_r_left .user input { margin: 0 0 1px -1px; padding-left: 7px; width: 324px; height: 33px; border: 1px solid #dedede; color: #999; font-size: 14px; font-family: "微软雅黑"; line-height: 2pc; }
.content .con_right ul .con_r_left .user { padding: 0 0 0 39px; }
.content .con_right ul .con_r_left .user ul{font-size: 16px; color: #333333}
.content .con_right ul .con_r_left .user li{font-size: 16px; color: #333333}
.content .con_right ul .con_r_left .user .user-icon { float: left; width: 36px; height: 35px; background: url(../img/user-icon.jpg) left top no-repeat; }
.content .con_right ul .con_r_left .user .mima-icon { float: left; width: 36px; height: 35px; background: url(../img/mima-icon.jpg) left top no-repeat; }
.content .con_right ul .con_r_left .user .unlock-icon { float: left; width: 36px; height: 35px; background: url(../img/unlock.jpg) left top no-repeat; }
.content .con_right ul .con_r_left p { overflow: hidden; padding: 0 39px 37px; color: #666; font-size: 13px; font-family: 'microsoft yahei', sans-serif; }
.content .con_right ul .con_r_left p .mima { float: left; padding-left: 5px; text-decoration: none; }
.content .con_right ul .con_r_left p .zhuce { float: right; text-decoration: none; }
.content .con_right ul .con_r_left button { margin: 0 0 0 75pt; width: 250px; height: 44px; background: #2e558e; color: #fff; font-size: 1pc; font-family: 'microsoft yahei', sans-serif; }
.content .con_right .con_r_top .right { border-bottom: 2px solid #2e558e; color: #333; }
.content .con_right ul .con_r_right .user input { margin: 0 0 1px -1px; padding-left: 7px; width: 324px; height: 33px; border: 1px solid #dedede; color: #999; font-size: 14px; font-family: "微软雅黑"; line-height: 2pc; }
.content .con_right ul .con_r_right .user { padding: 0 0 0 39px; }
.content .con_right ul .con_r_right .user ul{font-size: 16px; color: #333333}
.content .con_right ul .con_r_right .user li{font-size: 16px; color: #333333}
.content .con_right ul .con_r_right .user .user-icon { float: left; width: 36px; height: 35px; background: url(../img/user-icon.jpg) left top no-repeat; }
.content .con_right ul .con_r_right .user .mima-icon { float: left; width: 36px; height: 35px; background: url(../img/mima-icon.jpg) left top no-repeat; }
.content .con_right ul .con_r_right .user .unlock-icon { float: left; width: 36px; height: 35px; background: url(../img/unlock.jpg) left top no-repeat; }
.content .con_right ul .con_r_right p { overflow: hidden; padding: 0 39px 37px; color: #666; font-size: 13px; font-family: 'microsoft yahei', sans-serif; }
.content .con_right ul .con_r_right p .mima { float: left; padding-left: 5px; text-decoration: none; }
.content .con_right ul .con_r_right p .zhuce { float: right; text-decoration: none; }
.content .con_right ul .con_r_right button { margin: 0 0 0 75pt; width: 250px; height: 44px; background: #2e558e; color: #fff; font-size: 1pc; font-family: 'microsoft yahei', sans-serif; }
.content .con_right ul .con_r_left { display: none; }
.con_right ul .con_r_left .erweima { position: relative; margin: 0 auto; width: 365px; height: 330px; }
.qrcode { position: absolute; top: 0; left: 0; width: 174px; height: 11pc; }
.divimg { position: absolute; top: 50%; left: 50%; z-index: 100; overflow: hidden; margin-top: -15px; margin-left: -30px; padding: 1px; width: 60px; height: 30px; border: 1px solid #eee; border-radius: .5rem; background: #fff; opacity: .9; filter: alpha(opacity=90); -moz-opacity: .9; }
.content .con_right ul .con_r_right .user .yanzheng { width: 150px; margin: 0 5px 10px 1px; padding-left: 5px; }
.content .con_right ul .con_r_right .user .next { font-size: 12px; width: 40px; height: 33px; float: right; margin-right: 40px; }
.content .con_right .con_r_top { *height: 90px; }
.autoWidth{margin:0 auto;min-width:1000px;max-width:1200px}
.auto{margin:0 auto;min-width:1000px;max-width:1200px}
@media screen and (max-width:1233px){.auto{padding-left:10px}
}
.clearfix:after,.clearfix:before{display:table;line-height:0;content:""}
.clearfix:after{clear:both}
.clear-float{clear:both}
.footer{background-color:#009fd9;font-family: 'microsoft yahei', sans-serif; }
.footer-floor1{width:100%;padding:36px 0 60px}
.footer-list{width:69%;height:100%;float:left}
.footer-list ul{float:left;margin-right:13%}
.footer-list .flist-4{margin-right:0}
.footer-list li{line-height:32px}
.footer-list li a{color:#b6e2f2;font-size:12px;text-decoration:none}
.footer-list li a:hover{text-decoration:underline;color:#fff}
.footer-list .flist-title{font-size:16px;color:#fff;margin-bottom:15px}
.footer-floor2{width:100%;border-top:1px solid #4cc3ed;padding:20px 0;text-align:center}
.footer-floor2 p{text-align:center;color:#b6e2f2;font-size:12px;line-height:30px}
.footer-floor2 p span{font-family:PingFangSC-Light,'helvetica neue','hiragino sans gb',tahoma,'microsoft yahei ui','microsoft yahei',sans-serif}
.footer-floor2 a{color:#b6e2f2}
.footer-floor2 a:hover{color:#a8d0e0;text-decoration:underline}
.foot-link{margin:0 15px;text-decoration:none;color:#b6e2f2}
.foot-link:hover{text-decoration:underline}
.footer-right{width:300px;float:right}
.telephone{width:100%;height:32px;line-height:32px;color:#fff}
.telephone .tel-number{font-size:30px;font-weight:400;text-align:right}
.official-plat{width:100%;height:100%;margin-top:20px;position:relative}
.official-plat ul{float:right;margin-top:7px}
.official-plat ul li{height:45px}
.official-plat ul a{display:inline-block;height:32px;width:100%;line-height:32px;color:#fff;text-decoration:none;font-size:12px}
.official-plat>p{display:inline-block;width:132px;height:132px;border:1px solid #ddd;background-color:#fff}
#wx-corner{border:10px solid transparent;border-left:10px solid #fff;position:absolute;top:12px;right:-20px;z-index:10}
#wb-corner{border:10px solid transparent;border-left:10px solid #fff;position:absolute;top:58px;right:-20px;z-index:10}
.five-superiority{width:100%;border-bottom:1px solid #27aede;padding:10px 0 20px}
.five-superiority-list li{float:left;width:20%;height:36px;text-align:center;border-left:1px solid #27aede}
.five-superiority-list li:first-child{border-left:none}
.five-superiority-list li a{display:inline-block;position:relative;width:100%;height:36px;line-height:36px;background:no-repeat 2% center;text-indent:2em;color:#fff;font-size:16px}
.five-superiority-list li a:hover{color:#bfe7f5}
.five-superiority-list li a.superiority-text{text-indent:4em}
.compensate_ico .superiority-icon{background-position:0 0}
.compensate_ico:hover .superiority-icon{background-position:0 -50px}
.retreat_ico .superiority-icon{background-position:0 -100px}
.retreat_ico:hover .superiority-icon{background-position:0 -150px}
.technology_ico .superiority-icon{background-position:0 -200px}
.technology_ico:hover .superiority-icon{background-position:0 -250px}
.prepare_ico .superiority-icon{background-position:0 -300px}
.prepare_ico:hover .superiority-icon{background-position:0 -350px}
.service_ico .superiority-icon{background-position:0 -400px}
.service_ico:hover .superiority-icon{background-position:0 -450px}
.marquee-box{overflow:hidden;width:100%;position:absolute;left:0;top:0}
.marquee{width:8000%;height:60px}
.wave-list-box{float:left}
.wave-list-box ul{float:left;height:60px;overflow:hidden;zoom:1}
.wave-list-box ul li{height:60px;width:100%;float:left;line-height:30px;list-style:none}
.wave-box{position:relative;height:60px;background:#fff}

66
static/css/style_v2.css Normal file
View File

@ -0,0 +1,66 @@
*{margin:0;padding:0;box-sizing:border-box;list-style:none}
html{height: 100%; width:100%}
body{font-family:"Microsoft Yahei";min-width:1000px}
a{outline:0;text-decoration:none}
strong{font-weight:400}
.strong{font-weight:700}
::selection{background:#1EACDF;color:#fff}
img{border:0}
::-moz-selection{background:#1EACDF;color:#fff}
::-webkit-selection{background:#1EACDF;color:#fff}
.autoWidth{margin:0 auto;min-width:1000px;max-width:1200px}
.auto{margin:0 auto;min-width:1000px;max-width:1200px}
@media screen and (max-width:1233px){.auto{padding-left:10px}
}
.clearfix:after,.clearfix:before{display:table;line-height:0;content:""}
.clearfix:after{clear:both}
.clear-float{clear:both}
.footer{background-color:#009fd9;font-family:"Microsoft Yahei"}
.footer-floor1{width:100%;padding:36px 0 60px}
.footer-list{width:69%;height:100%;float:left}
.footer-list ul{float:left;margin-right:13%}
.footer-list .flist-4{margin-right:0}
.footer-list li{line-height:32px}
.footer-list li a{color:#b6e2f2;font-size:12px;text-decoration:none}
.footer-list li a:hover{text-decoration:underline;color:#fff}
.footer-list .flist-title{font-size:16px;color:#fff;margin-bottom:15px}
.footer-floor2{width:100%;border-top:1px solid #4cc3ed;padding:20px 0;text-align:center}
.footer-floor2 p{text-align:center;color:#b6e2f2;font-size:12px;line-height:30px}
.footer-floor2 p span{font-family:PingFangSC-Light,'helvetica neue','hiragino sans gb',tahoma,'microsoft yahei ui','microsoft yahei',simsun,sans-serif}
.footer-floor2 a{color:#b6e2f2}
.footer-floor2 a:hover{color:#a8d0e0;text-decoration:underline}
.foot-link{margin:0 15px;text-decoration:none;color:#b6e2f2}
.foot-link:hover{text-decoration:underline}
.footer-right{width:300px;float:right}
.official-plat{width:100%;height:100%;margin-top:20px;position:relative}
.official-plat ul{float:right;margin-top:7px}
.official-plat ul li{height:45px}
.official-plat ul a{display:inline-block;height:32px;width:100%;line-height:32px;color:#fff;text-decoration:none;font-size:12px}
.official-plat>p{display:inline-block;width:132px;height:132px;border:1px solid #ddd;background-color:#fff}
#wx-corner{border:10px solid transparent;border-left:10px solid #fff;position:absolute;top:12px;right:-20px;z-index:10}
#wb-corner{border:10px solid transparent;border-left:10px solid #fff;position:absolute;top:58px;right:-20px;z-index:10}
.five-superiority{width:100%;border-bottom:1px solid #27aede;padding:10px 0 20px}
.five-superiority-list li{float:left;width:20%;height:36px;text-align:center;border-left:1px solid #27aede}
.five-superiority-list li:first-child{border-left:none}
.five-superiority-list li a{display:inline-block;position:relative;width:100%;height:36px;line-height:36px;background:no-repeat 2% center;text-indent:2em;color:#fff;font-size:16px}
.five-superiority-list li a:hover{color:#bfe7f5}
.five-superiority-list li a.superiority-text{text-indent:4em}
.compensate_ico .superiority-icon{background-position:0 0}
.compensate_ico:hover .superiority-icon{background-position:0 -50px}
.retreat_ico .superiority-icon{background-position:0 -100px}
.retreat_ico:hover .superiority-icon{background-position:0 -150px}
.technology_ico .superiority-icon{background-position:0 -200px}
.technology_ico:hover .superiority-icon{background-position:0 -250px}
.prepare_ico .superiority-icon{background-position:0 -300px}
.prepare_ico:hover .superiority-icon{background-position:0 -350px}
.service_ico .superiority-icon{background-position:0 -400px}
.service_ico:hover .superiority-icon{background-position:0 -450px}
.marquee-box{overflow:hidden;width:100%;position:absolute;left:0;top:0}
.marquee{width:8000%;height:60px}
.wave-list-box{float:left}
.wave-list-box ul{float:left;height:60px;overflow:hidden;zoom:1}
.wave-list-box ul li{height:60px;width:100%;float:left;line-height:30px;list-style:none}
.wave-box{position:relative;height:60px;background:#fff}

BIN
static/img/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 KiB

4
templates/index.html
View File

@ -63,7 +63,6 @@
var home_url = "{{ home_url }}";
// 钉钉移动应用接入ID
var appid = "{{ app_id }}";
// 钉钉回调域名
var url = encodeURIComponent(home_url + '/resetcheck');
var goto = encodeURIComponent('https://oapi.dingtalk.com/connect/oauth2/sns_authorize?appid=' + appid + '&response_type=code&scope=snsapi_login&state=STATE&redirect_uri=' + url);
var obj = DDLogin({
@ -105,8 +104,7 @@
<script type="text/javascript">
window.onload=function() {
if (!!window.ActiveXObject || "ActiveXObject" in window)
alert("您当前使用的浏览器为IE或IE内核因为IE各种体验问题本网站不对IE兼容。\n为能正常使用密码自助修改服务请更换谷歌、火狐等非IE核心的浏览器。\n如果是360、Maxthon" +
"等这类双核心浏览器,请切换至[极速模式]亦可。")
alert("您当前使用的浏览器为IE或IE内核因为IE各种体验问题本网站不对IE兼容。\n为能正常使用密码自助修改服务请更换谷歌、火狐等非IE核心的浏览器。\n如果是360、Maxthon等这类双核心浏览器请切换至[极速模式]亦可。")
}
</script>
</body></html>

17
uwsgi.ini
View File

@ -1,10 +1,8 @@
[uwsgi]
http-socket = 192.168.90.111:8000
http-socket = PWD_SELF_SERVICE_IP:PWD_SELF_SERVICE_PORT
# 项目目录
chdir = /usr/local/wwwroot/ad-password-self-service
chdir = PWD_SELF_SERVICE_HOME
# settings.py 里的wsgi名称
module = pwdselfservice.wsgi:application
master = true
@ -19,11 +17,12 @@ chmod-socket = 755
vacuum = true
#设置缓冲大小
#设置缓冲
post-buffering = 4096
#设置静态文件目录映射
static-map = /static=/usr/local/wwwroot/ad-password-self-service/static
#设置静态文件
static-map = /static=PWD_SELF_SERVICE_HOME/static
#设置日志目录
daemonize = PWD_SELF_SERVICE_HOME/log/uwsgi.log
#设置日志保存目录
daemonize = /usr/local/wwwroot/log/uwsgi/uwsgi.log

53
uwsgiserver Normal file
View File

@ -0,0 +1,53 @@
#!/bin/sh
# Startup script for the uwsgi server
# chkconfig: - 85 15
# description: uwsgi server is Web Server
# HTML files and CGI.
# processname: uwsgiserver
INI="PWD_SELF_SERVICE_HOME/uwsgi.ini"
UWSGI="/usr/share/python-3.6.9/bin/uwsgi"
PSID="ps aux | grep "uwsgi"| grep -v "grep" | wc -l"
if [ ! -n "$1" ]
then
content="Usages: sh uwsgiserver [start|stop|restart|status]"
echo -e "\033[31m $content \033[0m"
exit 0
fi
if [ $1 = start ]
then
if [ `eval $PSID` -gt 4 ]
then
content="uwsgi is running!"
echo -e "\033[32m $content \033[0m"
exit 0
else
$UWSGI $INI
content="Start uwsgi service [OK]"
echo -e "\033[32m $content \033[0m"
fi
elif [ $1 = stop ];then
if [ `eval $PSID` -gt 4 ];then
killall -9 uwsgi
fi
content="Stop uwsgi service [OK]"
echo -e "\033[32m $content \033[0m"
elif [ $1 = restart ];then
if [ `eval $PSID` -gt 4 ];then
killall -9 uwsgi
fi
$UWSGI --ini $INI
content="Restart uwsgi service [OK]"
echo -e "\033[32m $content \033[0m"
elif [ $1 = status ];then
ps -ef | grep uwsgi | grep -v "uwsgiserver" | grep -v "grep"
else
content="Usages: sh uwsgiserver [start|stop|restart|status]"
echo -e "\033[31m $content \033[0m"
fi