7x31/ad-password-self-service
1
0
Fork 0
mirror of https://github.com/capricornxl/ad-password-self-service.git synced 2025-08-11 16:20:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix some bugs

Browse Source
This commit is contained in:
Leven
2023-02-06 22:01:00 +08:00
parent a8afae7c2f
commit 1752b1d16f
6 changed files with 332 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
resetpwd/utils.py
View File

@@ -11,6 +11,7 @@ import logging
from ldap3.core.exceptions import LDAPException
from django.conf import settings
import os
from utils.tracecalls import decorator_logger
APP_ENV = os.getenv('APP_ENV')
if APP_ENV == 'dev':
@@ -18,9 +19,10 @@ if APP_ENV == 'dev':
else:
from conf.local_settings import *
logger = logging.getLogger('django')
logger = logging.getLogger(__name__)
@decorator_logger(logger, log_head='AccountOps', pretty=True, indent=2, verbose=1)
def code_2_user_detail(ops, home_url, code):
"""
临时授权码换取userinfo
@@ -29,6 +31,7 @@ def code_2_user_detail(ops, home_url, code):
return _, s, e
@decorator_logger(logger, log_head='AccountOps', pretty=True, indent=2, verbose=1)
def code_2_user_info_with_oauth2(ops, request, msg_template, home_url, code):
"""
临时授权码换取userinfo
@@ -53,6 +56,7 @@ def code_2_user_info_with_oauth2(ops, request, msg_template, home_url, code):
return True, user_id, user_info
@decorator_logger(logger, log_head='AccountOps', pretty=True, indent=2, verbose=1)
def ops_account(ad_ops, request, msg_template, home_url, username, new_password):
"""
ad 账号操作,判断账号状态,重置密码或解锁账号

249
resetpwd/views.py
View File

@@ -9,6 +9,7 @@ from .form import CheckForm
from .utils import code_2_user_detail, ops_account
from django.conf import settings
from utils.logger_filter import decorator_request_logger
from utils.tracecalls import decorator_logger
APP_ENV = os.getenv('APP_ENV')
if APP_ENV == 'dev':
@@ -19,7 +20,7 @@ else:
DING_CORP_ID, TITLE
msg_template = 'messages.html'
logger = logging.getLogger('django')
logger = logging.getLogger(__name__)
class PARAMS(object):
@@ -43,7 +44,7 @@ scan_params = PARAMS()
_ops = scan_params.ops
@decorator_request_logger(logger)
@decorator_logger(logger, log_head='Request', pretty=True, indent=2, verbose=1)
def auth(request):
home_url = '%s://%s' % (request.scheme, HOME_URL)
corp_id = scan_params.corp_id
@@ -56,25 +57,13 @@ def auth(request):
global_title = TITLE
if request.method == 'GET':
code = request.GET.get('code', None)
username = request.GET.get('username', None)
# 如果满足,说明已经授权免密登录
if username and code and request.session.get(username) == code:
context = {'global_title': TITLE,
'username': username,
'code': code,
}
return render(request, 'reset_password.html', context)
return render(request, 'auth.html', locals())
else:
logger.error('[异常] 请求方法:%s,请求路径%s' % (request.method, request.path))
@decorator_request_logger(logger)
@decorator_logger(logger, log_head='Request', pretty=True, indent=2, verbose=1)
def index(request):
"""
用户自行修改密码/首页
"""
home_url = '%s://%s' % (request.scheme, HOME_URL)
scan_app = scan_params.AUTH_APP
global_title = TITLE
@@ -93,41 +82,45 @@ def index(request):
else:
_msg = check_form
logger.error('[异常] 请求方法:%s,请求路径:%s,错误信息:%s' % (request.method, request.path, _msg))
context = {'global_title': TITLE,
'msg': _msg,
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
context = {
'global_title': TITLE,
'msg': _msg,
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
# 格式化用户名
_, username = format2username(username)
if _ is False:
context = {'global_title': TITLE,
'msg': username,
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
context = {
'global_title': TITLE,
'msg': username,
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
# 检测账号状态
auth_status, auth_result = AdOps().ad_auth_user(username=username, password=old_password)
if not auth_status:
context = {'global_title': TITLE,
'msg': str(auth_result),
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
context = {
'global_title': TITLE,
'msg': str(auth_result),
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
return ops_account(AdOps(), request, msg_template, home_url, username, new_password)
else:
context = {'global_title': TITLE,
'msg': "不被接受的认证信息,请重新尝试认证授权。",
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
context = {
'global_title': TITLE,
'msg': "不被接受的认证信息,请重新尝试认证授权。",
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
@decorator_request_logger(logger)
@decorator_logger(logger, log_head='Request', pretty=True, indent=2, verbose=1)
def reset_password(request):
"""
钉钉扫码并验证信息通过之后,在重置密码页面将用户账号进行绑定
@@ -140,21 +133,23 @@ def reset_password(request):
username = request.GET.get('username', None)
# 如果满足,说明已经授权免密登录
if username and code and request.session.get(username) == code:
context = {'global_title': TITLE,
'username': username,
'code': code,
}
context = {
'global_title': TITLE,
'username': username,
'code': code,
}
return render(request, 'reset_password.html', context)
else:
if code:
logger.info('[成功] 请求方法:%s,请求路径:%sCode%s' % (request.method, request.path, code))
else:
logger.error('[异常] 请求方法:%s,请求路径:%s未能拿到Code。' % (request.method, request.path))
context = {'global_title': TITLE,
'msg': "错误,临时授权码己失效,请尝试重新认证授权..",
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
context = {
'global_title': TITLE,
'msg': "错误,临时授权码己失效,请尝试重新认证授权..",
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
try:
# 用code换取用户基本信息
@@ -164,86 +159,91 @@ def reset_password(request):
# 账号在企业微信或钉钉中是否是激活的
_, res = get_user_is_active(user_info)
if not _:
context = {'global_title': TITLE,
'msg': '当前扫码的用户未激活或可能己离职,用户信息如下:%s' % user_info,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
context = {
'global_title': TITLE,
'msg': '当前扫码的用户未激活或可能己离职,用户信息如下:%s' % user_info,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
except Exception as callback_e:
context = {'global_title': TITLE,
'msg': "错误[%s],请与管理员联系." % str(callback_e),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
context = {
'global_title': TITLE,
'msg': "错误[%s],请与管理员联系." % str(callback_e),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
logger.error('[异常] %s' % str(callback_e))
return render(request, msg_template, context)
# 通过user_info拿到用户邮箱并格式化为username
_, email = get_email_from_userinfo(user_info)
if not _:
context = {'global_title': TITLE,
'msg': email,
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
context = {
'global_title': TITLE,
'msg': email,
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
_, username = format2username(email)
if _ is False:
context = {'global_title': TITLE,
'msg': username,
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
context = {
'global_title': TITLE,
'msg': username,
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
# 如果邮箱能提取到,则格式化之后,提取出账号提交到前端绑定
if username:
request.session[username] = code
context = {'global_title': TITLE,
'username': username,
'code': code,
}
context = {
'global_title': TITLE,
'username': username,
'code': code,
}
return render(request, 'reset_password.html', context)
else:
context = {'global_title': TITLE,
'msg': "{},您好,企业{}中未能找到您账号的邮箱配置请联系HR完善信息。".format(
user_info.get('name'), scan_params.AUTH_APP),
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
context = {
'global_title': TITLE,
'msg': "{},您好,企业{}中未能找到您账号的邮箱配置请联系HR完善信息。".format(
user_info.get('name'), scan_params.AUTH_APP),
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
# 重置密码页面,输入新密码后点击提交
elif request.method == 'POST':
username = request.POST.get('username')
code = request.POST.get('code')
if code and request.session.get(username) == code:
if username and code and request.session.get(username) == code:
_new_password = request.POST.get('new_password').strip()
try:
return ops_account(ad_ops=AdOps(), request=request, msg_template=msg_template, home_url=home_url,
username=username, new_password=_new_password)
except Exception as reset_e:
context = {'global_title': TITLE,
'msg': "错误[%s],请与管理员联系." % str(reset_e),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
context = {
'global_title': TITLE,
'msg': "错误[%s],请与管理员联系." % str(reset_e),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
logger.error('[异常] %s' % str(reset_e))
return render(request, msg_template, context)
finally:
del request.session[username]
else:
context = {'global_title': TITLE,
'msg': "认证已经失效,可尝试从重新认证授权。",
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
else:
context = {
'global_title': TITLE,
'msg': "认证已经失效,可尝试从重新认证授权。",
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
@decorator_request_logger(logger)
@decorator_logger(logger, log_head='Request', pretty=True, indent=2, verbose=1)
def unlock_account(request):
"""
解锁账号
@@ -255,53 +255,56 @@ def unlock_account(request):
if request.method == 'GET':
code = request.GET.get('code')
username = request.GET.get('username')
if code and request.session.get(username) == code:
context = {'global_title': TITLE,
'username': username,
'code': code,
}
if username and code and request.session.get(username) == code:
context = {
'global_title': TITLE,
'username': username,
'code': code,
}
return render(request, 'unlock.html', context)
else:
context = {'global_title': TITLE,
'msg': "{},您好,当前会话可能已经过期,请再试一次吧。".format(username),
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
context = {
'global_title': TITLE,
'msg': "{},您好,当前会话可能已经过期,请再试一次吧。".format(username),
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
if request.method == 'POST':
username = request.POST.get('username')
code = request.POST.get('code')
if request.session.get(username) and request.session.get(username) == code:
if username and code and request.session.get(username) == code:
try:
return ops_account(AdOps(), request, msg_template, home_url, username, None)
except Exception as reset_e:
context = {'global_title': TITLE,
'msg': "错误[%s],请与管理员联系." % str(reset_e),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
context = {
'global_title': TITLE,
'msg': "错误[%s],请与管理员联系." % str(reset_e),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
logger.error('[异常] %s' % str(reset_e))
return render(request, msg_template, context)
finally:
del request.session[username]
else:
context = {'global_title': TITLE,
'msg': "认证已经失效,请尝试从重新进行认证授权。",
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
else:
context = {
'global_title': TITLE,
'msg': "认证已经失效,请尝试从重新进行认证授权。",
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
@decorator_request_logger(logger)
@decorator_logger(logger, log_head='Request', pretty=True, indent=2, verbose=1)
def messages(request):
_msg = request.GET.get('msg')
button_click = request.GET.get('button_click')
button_display = request.GET.get('button_display')
context = {'global_title': TITLE,
'msg': _msg,
'button_click': button_click,
'button_display': button_display
}
context = {
'global_title': TITLE,
'msg': _msg,
'button_click': button_click,
'button_display': button_display
}
return render(request, msg_template, context)