mirror of
https://github.com/capricornxl/ad-password-self-service.git
synced 2025-08-11 16:20:10 +08:00
Merge branch 'master' of https://github.com/capricornxl/pwdselfservice
# Conflicts: # readme.md
This commit is contained in:
github
@@ -1,99 +0,0 @@
|
||||
from ldap3 import *
|
||||
from pwdselfservice.local_settings import *
|
||||
|
||||
|
||||
def __ad_connect():
|
||||
username = str(AD_LOGIN_USER).lower()
|
||||
server = Server(host=AD_HOST, use_ssl=True, port=636, get_info='ALL')
|
||||
try:
|
||||
conn = Connection(server, auto_bind=True, user=username, password=AD_LOGIN_USER_PWD, authentication='NTLM')
|
||||
return conn
|
||||
except Exception:
|
||||
raise Exception('Server Error. Could not connect to Domain Controller')
|
||||
|
||||
|
||||
def ad_ensure_user_by_sam(username):
|
||||
"""
|
||||
通过sAMAccountName查询某个用户是否在AD中
|
||||
:param username: 除去@domain.com 的部分
|
||||
:return: True or False
|
||||
"""
|
||||
conn = __ad_connect()
|
||||
base_dn = BASE_DN
|
||||
condition = '(&(objectclass=person)(mail=' + username + '))'
|
||||
attributes = ['sAMAccountName']
|
||||
return conn.search(base_dn, condition, attributes=attributes)
|
||||
|
||||
|
||||
def ad_ensure_user_by_mail(user_mail_addr):
|
||||
"""
|
||||
通过mail查询某个用户是否在AD中
|
||||
:param user_mail_addr:
|
||||
:return: True or False
|
||||
"""
|
||||
conn = __ad_connect()
|
||||
base_dn = BASE_DN
|
||||
condition = '(&(objectclass=person)(mail=' + user_mail_addr + '))'
|
||||
attributes = ['mail']
|
||||
return conn.search(base_dn, condition, attributes=attributes)
|
||||
|
||||
|
||||
def ad_get_user_displayname_by_mail(user_mail_addr):
|
||||
conn = __ad_connect()
|
||||
conn.search(BASE_DN, '(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=[
|
||||
'displayName'])
|
||||
user_displayname = conn.entries[0]['displayName']
|
||||
conn.unbind()
|
||||
return user_displayname
|
||||
|
||||
|
||||
def ad_get_user_dn_by_mail(user_mail_addr):
|
||||
conn = __ad_connect()
|
||||
conn.search(BASE_DN,
|
||||
'(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=['distinguishedName'])
|
||||
user_dn = conn.entries[0]['distinguishedName']
|
||||
return user_dn
|
||||
|
||||
|
||||
def ad_get_user_status_by_mail(user_mail_addr):
|
||||
conn = __ad_connect()
|
||||
conn.search(BASE_DN,
|
||||
'(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=['userAccountControl'])
|
||||
user_account_control = conn.entries[0]['userAccountControl']
|
||||
return user_account_control
|
||||
|
||||
|
||||
def ad_unlock_user_by_mail(user_mail_addr):
|
||||
conn = __ad_connect()
|
||||
user_dn = ad_get_user_dn_by_mail(user_mail_addr)
|
||||
result = conn.extend.microsoft.unlock_account(user="%s" % user_dn)
|
||||
conn.unbind()
|
||||
return result
|
||||
|
||||
|
||||
def ad_reset_user_pwd_by_mail(user_mail_addr, new_password):
|
||||
conn = __ad_connect()
|
||||
user_dn = ad_get_user_dn_by_mail(user_mail_addr)
|
||||
result = conn.extend.microsoft.modify_password(user="%s" % user_dn, new_password="%s" % new_password)
|
||||
conn.unbind()
|
||||
return result
|
||||
|
||||
|
||||
def ad_modify_user_pwd_by_mail(user_mail_addr, old_password, new_password):
|
||||
conn = __ad_connect()
|
||||
user_dn = ad_get_user_dn_by_mail(user_mail_addr)
|
||||
result = conn.extend.microsoft.modify_password(user="%s" % user_dn, new_password="%s" % new_password,
|
||||
old_password="%s" % old_password)
|
||||
conn.unbind()
|
||||
return result
|
||||
|
||||
|
||||
def ad_get_user_locked_status_by_mail(user_mail_addr):
|
||||
conn = __ad_connect()
|
||||
conn.search(BASE_DN, '(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=['lockoutTime'])
|
||||
locked_status = conn.entries[0]['lockoutTime']
|
||||
print(locked_status)
|
||||
if '1601-01-01' in str(locked_status):
|
||||
return 0
|
||||
else:
|
||||
return locked_status
|
||||
@@ -1,3 +0,0 @@
|
||||
from django.contrib import admin
|
||||
|
||||
# Register your models here.
|
||||
@@ -1,5 +0,0 @@
|
||||
from django.apps import AppConfig
|
||||
|
||||
|
||||
class ResetpwdConfig(AppConfig):
|
||||
name = 'resetpwd'
|
||||
@@ -1,22 +0,0 @@
|
||||
from cryptography.fernet import Fernet
|
||||
|
||||
|
||||
class Crypto(object):
|
||||
"""docstring for ClassName"""
|
||||
def __init__(self, key):
|
||||
self.factory = Fernet(key)
|
||||
|
||||
@staticmethod
|
||||
def generate_key():
|
||||
key = Fernet.generate_key()
|
||||
print(key)
|
||||
|
||||
# 加密
|
||||
def encrypt(self, string):
|
||||
token = str(self.factory.encrypt(string.encode('utf-8')), 'utf-8')
|
||||
return token
|
||||
|
||||
# 解密
|
||||
def decrypt(self, token):
|
||||
string = self.factory.decrypt(bytes(token.encode('utf-8'))).decode('utf-8')
|
||||
return string
|
||||
@@ -1,82 +0,0 @@
|
||||
from dingtalk.client import *
|
||||
import requests
|
||||
from pwdselfservice.local_settings import *
|
||||
|
||||
|
||||
def ding_get_access_token():
|
||||
resp = requests.get(
|
||||
url=DING_URL + "/gettoken",
|
||||
params=dict(appid=DING_SELF_APP_ID, appsecret=DING_SELF_APP_SECRET)
|
||||
)
|
||||
resp = resp.json()
|
||||
if resp['access_token']:
|
||||
return resp['access_token']
|
||||
else:
|
||||
return None
|
||||
|
||||
|
||||
def ding_get_persistent_code(code, token):
|
||||
resp = requests.post(
|
||||
url="%s/get_persistent_code?access_token=%s" % (DING_URL, token),
|
||||
json=dict(tmp_auth_code=code),
|
||||
)
|
||||
resp = resp.json()
|
||||
if resp['unionid']:
|
||||
return resp['unionid']
|
||||
else:
|
||||
return None
|
||||
|
||||
|
||||
def ding_client_connect():
|
||||
client = AppKeyClient(corp_id=DING_CORP_ID, app_key=DING_APP_KEY, app_secret=DING_APP_SECRET)
|
||||
return client
|
||||
|
||||
|
||||
def ding_get_dept_user_list_detail(dept_id, offset, size):
|
||||
client = ding_client_connect()
|
||||
result = client.user.list(department_id=dept_id, offset=offset, size=size)
|
||||
return result
|
||||
|
||||
|
||||
def ding_get_userinfo_by_code(code):
|
||||
"""
|
||||
:param code: requestAuthCode接口中获取的CODE
|
||||
:return:
|
||||
"""
|
||||
client = ding_client_connect()
|
||||
resutl = client.user.getuserinfo(code)
|
||||
return resutl
|
||||
|
||||
|
||||
def ding_get_userid_by_unionid(unionid):
|
||||
"""
|
||||
:param unionid: 用户在当前钉钉开放平台账号范围内的唯一标识
|
||||
:return:
|
||||
"""
|
||||
client = ding_client_connect()
|
||||
resutl = client.user.get_userid_by_unionid(unionid)
|
||||
if resutl['userid']:
|
||||
return resutl['userid']
|
||||
else:
|
||||
return None
|
||||
|
||||
|
||||
def ding_get_org_user_count():
|
||||
"""
|
||||
企业员工数量
|
||||
only_active – 是否包含未激活钉钉的人员数量
|
||||
:return:
|
||||
"""
|
||||
client = ding_client_connect()
|
||||
resutl = client.user.get_org_user_count('only_active')
|
||||
return resutl
|
||||
|
||||
|
||||
def ding_get_userinfo_detail(user_id):
|
||||
"""
|
||||
user_id – 用户ID
|
||||
:return:
|
||||
"""
|
||||
client = ding_client_connect()
|
||||
resutl = client.user.get(user_id)
|
||||
return resutl
|
||||
@@ -1,34 +0,0 @@
|
||||
from django.forms import fields as c_fields
|
||||
from django import forms as c_forms
|
||||
from django.core.exceptions import ValidationError
|
||||
|
||||
|
||||
class CheckForm(c_forms.Form):
|
||||
new_password = c_fields.RegexField(
|
||||
'(?=.*[0-9])(?=.*[a-zA-Z])(?=.*[^a-zA-Z0-9]).{8,30}',
|
||||
# 密码必须同时包含大写、小写、数字和特殊字符其中三项且至少8位
|
||||
strip=True,
|
||||
min_length=8,
|
||||
max_length=30,
|
||||
error_messages={'required': '新密码不能为空.',
|
||||
'invalid': '密码必须包含数字,字母、特殊字符',
|
||||
'min_length': "密码长度不能小于8个字符",
|
||||
'max_length': "密码长度不能大于30个字符"}
|
||||
)
|
||||
old_password = c_fields.CharField(error_messages={'required': '确认密码不能为空'})
|
||||
ensure_password = c_fields.CharField(error_messages={'required': '确认密码不能为空'})
|
||||
user_email = c_fields.CharField(error_messages={'required': '邮箱不能为空', 'invalid': '邮箱格式错误'})
|
||||
|
||||
def clean(self):
|
||||
pwd0 = self.cleaned_data.get('old_password')
|
||||
pwd1 = self.cleaned_data.get('new_password')
|
||||
pwd2 = self.cleaned_data.get('ensure_password')
|
||||
if pwd1 == pwd2:
|
||||
pass
|
||||
elif pwd0 == pwd1:
|
||||
# 这里异常模块导入要放在函数里面,放到文件开头有时会报错,找不到
|
||||
from django.core.exceptions import ValidationError
|
||||
raise ValidationError('新旧密码不能一样')
|
||||
else:
|
||||
from django.core.exceptions import ValidationError
|
||||
raise ValidationError('新密码和确认密码输入不一致')
|
||||
@@ -1,4 +0,0 @@
|
||||
from django.db import models
|
||||
from django import forms
|
||||
from django.contrib import auth
|
||||
|
||||
@@ -1,30 +0,0 @@
|
||||
from django.shortcuts import render, reverse, HttpResponsePermanentRedirect, redirect
|
||||
from django.http import *
|
||||
from django.contrib import messages
|
||||
from dingtalk import *
|
||||
from .models import *
|
||||
from .crypto import Crypto
|
||||
from .ad import ad_get_user_locked_status_by_mail, ad_unlock_user_by_mail, ad_reset_user_pwd_by_mail, \
|
||||
ad_get_user_status_by_mail, ad_ensure_user_by_mail, ad_modify_user_pwd_by_mail
|
||||
from .dingding import ding_get_userinfo_detail, ding_get_userid_by_unionid, ding_get_userinfo_by_code, \
|
||||
ding_get_persistent_code, ding_get_access_token
|
||||
from pwdselfservice.local_settings import *
|
||||
from .form import *
|
||||
|
||||
|
||||
class CustomPasswortValidator(object):
|
||||
|
||||
def __init__(self, min_length=1, max_length=30):
|
||||
self.min_length = min_length
|
||||
|
||||
def validate(self, password):
|
||||
special_characters = "[~\!@#\$%\^&\*\(\)_\+{}\":;'\[\]]"
|
||||
if not any(char.isdigit() for char in password):
|
||||
raise ValidationError(_('Password must contain at least %(min_length)d digit.') % {'min_length': self.min_length})
|
||||
if not any(char.isalpha() for char in password):
|
||||
raise ValidationError(_('Password must contain at least %(min_length)d letter.') % {'min_length': self.min_length})
|
||||
if not any(char in special_characters for char in password):
|
||||
raise ValidationError(_('Password must contain at least %(min_length)d special character.') % {'min_length': self.min_length})
|
||||
|
||||
def get_help_text(self):
|
||||
return ""
|
||||
@@ -1,3 +0,0 @@
|
||||
from django.test import TestCase
|
||||
|
||||
# Create your tests here.
|
||||
@@ -1,382 +0,0 @@
|
||||
from django.shortcuts import render
|
||||
from django.http import *
|
||||
from .crypto import Crypto
|
||||
from .ad import ad_get_user_locked_status_by_mail, ad_unlock_user_by_mail, ad_reset_user_pwd_by_mail, \
|
||||
ad_get_user_status_by_mail, ad_ensure_user_by_mail, ad_modify_user_pwd_by_mail
|
||||
from .dingding import ding_get_userinfo_detail, ding_get_userid_by_unionid, \
|
||||
ding_get_persistent_code, ding_get_access_token
|
||||
from pwdselfservice.local_settings import *
|
||||
from .form import CheckForm
|
||||
import logging
|
||||
|
||||
|
||||
msg_template = 'msg.html'
|
||||
home_url = HOME_URL
|
||||
logger = logging.getLogger('django')
|
||||
|
||||
def resetpwd_index(request):
|
||||
home_url = HOME_URL
|
||||
app_id = DING_SELF_APP_ID
|
||||
if request.method == 'GET':
|
||||
return render(request, 'index.html', locals())
|
||||
else:
|
||||
logger.error('[异常] 请求方法:%s,请求路径:%s' % (request.method, request.path))
|
||||
|
||||
if request.method == 'POST':
|
||||
check_form = CheckForm(request.POST)
|
||||
if check_form.is_valid():
|
||||
form_obj = check_form.cleaned_data
|
||||
user_email = form_obj.get("user_email")
|
||||
old_password = form_obj.get("old_password")
|
||||
new_password = form_obj.get("new_password")
|
||||
else:
|
||||
msg = check_form.as_p().errors
|
||||
logger.error('[异常] 请求方法:%s,请求路径:%s,错误信息:%s' % (request.method, request.path, msg))
|
||||
context = {
|
||||
'msg': msg,
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
|
||||
if user_email and old_password and new_password:
|
||||
try:
|
||||
# 判断账号是否被锁定
|
||||
if ad_get_user_locked_status_by_mail(user_mail_addr=user_email) is not 0:
|
||||
context = {
|
||||
'msg': "此账号己被锁定,请先解锁账号。",
|
||||
'button_click': "window.history.back()",
|
||||
'button_display': "返回"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
|
||||
if ad_get_user_status_by_mail(user_mail_addr=user_email) == 514 or ad_get_user_status_by_mail(
|
||||
user_mail_addr=user_email) == 66050:
|
||||
context = {
|
||||
'msg': "此账号状态为己禁用,请联系HR确认账号是否正确。",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
|
||||
else:
|
||||
try:
|
||||
result = ad_modify_user_pwd_by_mail(user_mail_addr=user_email, old_password=old_password,
|
||||
new_password=new_password)
|
||||
if result is True:
|
||||
context = {
|
||||
'msg': "密码己修改成功,请妥善保管密码。你可直接关闭此页面!",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
|
||||
else:
|
||||
context = {
|
||||
'msg': "密码未修改成功,请确认旧密码是否正确。",
|
||||
'button_click': "window.history.back()",
|
||||
'button_display': "返回"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
|
||||
except IndexError:
|
||||
context = {
|
||||
'msg': "请确认邮箱账号[%s]是否正确?未能在Active Directory中检索到相关信息。" % user_email,
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
except Exception as e:
|
||||
context = {
|
||||
'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e),
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
|
||||
except IndexError:
|
||||
context = {
|
||||
'msg': "请确认邮箱账号[%s]是否正确?未能在Active Directory中检索到相关信息。" % user_email,
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
except Exception as e:
|
||||
context = {
|
||||
'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e),
|
||||
'button_click': "window.history.back()",
|
||||
'button_display': "返回"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
|
||||
else:
|
||||
context = {
|
||||
'msg': "用户名、旧密码、新密码参数不正确,请重新确认后输入。",
|
||||
'button_click': "window.history.back()",
|
||||
'button_display': "返回"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
|
||||
else:
|
||||
context = {
|
||||
'msg': "请从主页进行修改密码操作或扫码验证用户信息。",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
|
||||
|
||||
def resetpwd_check_userinfo(request):
|
||||
code = request.GET.get('code')
|
||||
if code:
|
||||
logger.info('[成功] 请求方法:%s,请求路径:%s,CODE:%s' % (request.method, request.path, code))
|
||||
else:
|
||||
logger.error('[异常] 请求方法:%s,请求路径:%s,未能拿到CODE。' % (request.method, request.path))
|
||||
try:
|
||||
unionid = ding_get_persistent_code(code, ding_get_access_token())
|
||||
# unionid 在钉钉企业中是否存在
|
||||
if not unionid:
|
||||
logger.error('[异常] 请求方法:%s,请求路径:%s,未能拿到unionid。' % (request.method, request.path))
|
||||
context = {
|
||||
'msg': '未能在钉钉企业通讯录中检索到相关信息,请确认当前登录钉钉的账号已在企业中注册!',
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
else:
|
||||
ding_user_info = ding_get_userinfo_detail(ding_get_userid_by_unionid(unionid))
|
||||
try:
|
||||
# 钉钉中此账号是否可用
|
||||
if ding_user_info['active']:
|
||||
crypto = Crypto(CRYPTO_KEY)
|
||||
unionid_cryto = crypto.encrypt(unionid)
|
||||
# 配置cookie,并重定向到重置密码页面。
|
||||
set_cookie = HttpResponseRedirect('resetpwd')
|
||||
set_cookie.set_cookie('tmpid', unionid_cryto, expires=TMPID_COOKIE_AGE)
|
||||
return set_cookie
|
||||
else:
|
||||
context = {
|
||||
'msg': '邮箱是[%s]的用户在钉钉中未激活或可能己离职' % ding_user_info['email'],
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
except IndexError:
|
||||
context = {
|
||||
'msg': "用户不存在或己离职",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
except Exception as e:
|
||||
logger.error('[异常] :%s' % str(e))
|
||||
|
||||
except KeyError:
|
||||
context = {
|
||||
'msg': "错误,钉钉临时Code己失效,请从主页重新扫码。",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
logger.error('[异常] :%s' % str(KeyError))
|
||||
return render(request, msg_template, context)
|
||||
|
||||
except Exception as e:
|
||||
context = {
|
||||
'msg': "错误[%s],请与管理员联系." % str(e),
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
logger.error('[异常] :%s' % str(e))
|
||||
return render(request, msg_template, context)
|
||||
|
||||
|
||||
def resetpwd_reset(request):
|
||||
global unionid_crypto
|
||||
if request.method == 'GET':
|
||||
try:
|
||||
unionid_crypto = request.COOKIES.get('tmpid')
|
||||
except Exception as e:
|
||||
logger.error('[异常] :%s' % str(e))
|
||||
if not unionid_crypto:
|
||||
logger.error('[异常] 请求方法:%s,请求路径:%s,未能拿到CODE或CODE己超时。' % (request.method, request.path))
|
||||
context = {
|
||||
'msg': "会话己超时,请重新扫码验证用户信息。",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
crypto = Crypto(CRYPTO_KEY)
|
||||
unionid = crypto.decrypt(unionid_crypto)
|
||||
user_email = ding_get_userinfo_detail(ding_get_userid_by_unionid(unionid))['email']
|
||||
if user_email:
|
||||
context = {
|
||||
'user_email': user_email,
|
||||
}
|
||||
return render(request, 'resetpwd.html', context)
|
||||
else:
|
||||
context = {
|
||||
'msg': "%s 您好,企业钉钉中未能找到您账号的邮箱配置,请联系HR完善信息。" % ding_get_userinfo_detail(ding_get_userid_by_unionid(
|
||||
unionid))['name'],
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
|
||||
elif request.method == 'POST':
|
||||
new_password = request.POST.get('new_password').strip()
|
||||
unionid_crypto = request.COOKIES.get('tmpid')
|
||||
if not unionid_crypto:
|
||||
context = {
|
||||
'msg': "会话己超时,请重新扫码验证用户信息。",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
crypto = Crypto(CRYPTO_KEY)
|
||||
unionid = crypto.decrypt(unionid_crypto)
|
||||
user_email = ding_get_userinfo_detail(ding_get_userid_by_unionid(unionid))['email']
|
||||
if ad_ensure_user_by_mail(user_mail_addr=user_email) is False:
|
||||
context = {
|
||||
'msg': "账号[%s]在AD中不存在,请确认当前钉钉扫码账号绑定的邮箱是否和您正在使用的邮箱一致?或者该邮箱账号己被禁用!\n猜测:您的邮箱是否是带有数字或其它字母区分?" % user_email,
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
if ad_get_user_status_by_mail(user_mail_addr=user_email) == 514 or ad_get_user_status_by_mail(
|
||||
user_mail_addr=user_email) == 66050:
|
||||
context = {
|
||||
'msg': "此账号状态为己禁用,请联系HR确认账号是否正确。",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
else:
|
||||
try:
|
||||
result = ad_reset_user_pwd_by_mail(user_mail_addr=user_email, new_password=new_password)
|
||||
if result:
|
||||
# 重置密码并执行一次解锁,防止重置后账号还是锁定状态。
|
||||
ad_unlock_user_by_mail(user_email)
|
||||
context = {
|
||||
'msg': "密码己重置成功,请妥善保管。你可以点击返回主页或直接关闭此页面!",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
else:
|
||||
context = {
|
||||
'msg': "密码未重置成功,确认密码是否满足AD的复杂性要求。",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
except IndexError:
|
||||
context = {
|
||||
'msg': "请确认邮箱账号[%s]是否正确?未能在AD中检索到相关信息。" % user_email,
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
except Exception as e:
|
||||
context = {
|
||||
'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e),
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
else:
|
||||
context = {
|
||||
'msg': "请从主页开始进行操作。",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
|
||||
|
||||
def resetpwd_unlock(request):
|
||||
if request.method == 'GET':
|
||||
unionid_crypto = request.COOKIES.get('tmpid')
|
||||
if not unionid_crypto:
|
||||
context = {
|
||||
'msg': "会话己超时,请重新扫码验证用户信息。",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
crypto = Crypto(CRYPTO_KEY)
|
||||
unionid = crypto.decrypt(unionid_crypto)
|
||||
user_email = ding_get_userinfo_detail(ding_get_userid_by_unionid(unionid))['email']
|
||||
context = {
|
||||
'user_email': user_email,
|
||||
}
|
||||
return render(request, 'resetpwd.html', context)
|
||||
|
||||
elif request.method == 'POST':
|
||||
unionid_crypto = request.COOKIES.get('tmpid')
|
||||
if not unionid_crypto:
|
||||
context = {
|
||||
'msg': "会话己超时,请重新扫码验证用户信息。",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
crypto = Crypto(CRYPTO_KEY)
|
||||
unionid = crypto.decrypt(unionid_crypto)
|
||||
user_email = ding_get_userinfo_detail(ding_get_userid_by_unionid(unionid))['email']
|
||||
if ad_ensure_user_by_mail(user_mail_addr=user_email) is False:
|
||||
context = {
|
||||
'msg': "账号[%s]在AD中未能正确检索到,请确认当前钉钉扫码账号绑定的邮箱是否和您正在使用的邮箱一致?或者该邮箱账号己被禁用!\n猜测:您的邮箱是否是带有数字或其它字母区分?" %
|
||||
user_email,
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
else:
|
||||
try:
|
||||
result = ad_unlock_user_by_mail(user_email)
|
||||
if result:
|
||||
context = {
|
||||
'msg': "账号己解锁成功。你可以点击返回主页或直接关闭此页面!",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
else:
|
||||
context = {
|
||||
'msg': "账号未能解锁,请联系管理员确认该账号在AD的是否己禁用。",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
except IndexError:
|
||||
context = {
|
||||
'msg': "请确认邮箱账号[%s]是否正确?未能在AD中检索到相关信息。" % user_email,
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
except Exception as e:
|
||||
context = {
|
||||
'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e),
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
else:
|
||||
context = {
|
||||
'msg': "请从主页开始进行操作。",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
|
||||
|
||||
def reset_msg(request):
|
||||
msg = request.GET.get('msg')
|
||||
button_click = request.GET.get('button_click')
|
||||
button_display = request.GET.get('button_display')
|
||||
context = {
|
||||
'msg': msg,
|
||||
'button_click': button_click,
|
||||
'button_display': button_display
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
Reference in New Issue
Block a user