7x31/ad-password-self-service
1
0
Fork 0
mirror of https://github.com/capricornxl/ad-password-self-service.git synced 2025-08-11 23:35:32 +08:00
Code Issues Packages Projects Releases Wiki Activity

修改钉钉/企业微信直接使用内部应用免密登录的方式来验证,不再支持扫码。

Browse Source 
由于一些API的权限发生变化,导致一些关键信息无法获取,所以做以上改变。
This commit is contained in:
Leven
2022-12-16 23:28:19 +08:00
parent 6b90cd3be7
commit 2e886dc6e8
95 changed files with 267 additions and 10253 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
templates/base.html
View File

@@ -1,40 +0,0 @@
{% load static %}
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="utf-8">
<title>自助密码平台</title>
<link rel="stylesheet" href="{% static 'css/dmaku.css' %}">
<script type="text/javascript" src="{% static 'js/jquery-1.8.3.min.js' %}"></script>
<script type="text/javascript" src="{% static 'js/alert.js' %}"></script>
<script type="text/javascript" src="{% static 'js/check.js' %}"></script>
{% block head %}{% endblock %}
</head>
<body>
<div class="head-container" id="head-container">
<p>
密码自助服务平台
</p>
</div>
<div class="middle-container" id="middle-container">
<div class="form-container right-content-container">
{% block right-content %} {% endblock %}
</div>
<div class="form-container left-content-container">
{% block left-content %} {% endblock %}
</div>
<div class="overlay-container">
<div class="overlay">
<div class="overlay-panel overlay-left">
{% block left-overlay %} {% endblock %}
</div>
<div class="overlay-panel overlay-right">
{% block right-overlay %} {% endblock %}
</div>
</div>
</div>
</div>
<script src="{% static 'js/dmaku.js' %}"></script>
{% block footer %} {% endblock %}
</body>
</html>

81
templates/ding_index.html
View File

@@ -1,81 +0,0 @@
{% extends 'base.html' %}
{% load static %}
{% block head %}
<script type="text/javascript" src="{% static 'js/ddLogin-0.0.5.js' %}"></script>
{% endblock %}
{% block right-content %}
<form action="" name="ding_qrcode">
<div style="width: 300px; height: 300px; margin: 0 auto" id="ding_code"></div>
<p>使用钉钉扫一扫进行登录验证</p>
<script type="text/javascript">
// 构造钉钉登录二唯码
var home_url = "{{ home_url }}";
var app_id = "{{ app_id }}";
var redirect_url = encodeURIComponent(home_url + '/callbackCheck');
var goto = encodeURIComponent('https://oapi.dingtalk.com/connect/qrconnect?appid='
+ app_id
+ '&response_type=code&scope=snsapi_login&state=STATE&redirect_uri='
+ redirect_url);
console.log(goto)
DDLogin({
id: "ding_code",
goto: goto,
style: "border:none;background-color:#FFFFFF;",
width: "300",
height: "300"
});
// 扫码后的操作
var hanndleMessage = function (event) {
var origin = event.origin;
console.log("origin", event.origin)
if (origin === "https://login.dingtalk.com") {
var loginTmpCode = event.data;
console.log("loginTmpCode", loginTmpCode);
if (loginTmpCode) {
//拿到loginTmpCode后就可以在这里构造跳转链接进行跳转了
location.href = 'https://oapi.dingtalk.com/connect/oauth2/sns_authorize?appid='
+ app_id
+ '&response_type=code&scope=snsapi_login&state=STATE&redirect_uri='
+ redirect_url
+ '&loginTmpCode=' + loginTmpCode;
}
}
};
if (typeof window.addEventListener !== 'undefined') {
window.addEventListener('message', hanndleMessage, false);
} else if (typeof window.attachEvent !== 'undefined') {
window.attachEvent('onmessage', hanndleMessage);
}
</script>
</form>
{% endblock %}
{% block left-content %}
<form action="/" method="post" autocomplete="off">
{% csrf_token %}
<h1>修改密码</h1>
<span>新密码8至30位长度要求包含大小写字母及数字。</span>
<input type="text" id="username" name="username" placeholder="账号格式abc\lisi、lisi、lisi@abc.com">
<input type="password" id="old_password" name="old_password" placeholder="旧密码">
<input type="password" id="new_password" name="new_password" placeholder="新密码">
<input type="password" id="ensure_password" name="ensure_password" placeholder="再次确认新密码">
<p></p>
<button id="btn_modify" type="submit">提交</button>
</form>
{% endblock %}
{% block left-overlay %}
<h1>我要修改密码</h1>
<p>记得自己的旧密码,需要自行修改</p>
<p>⬇️点它</p>
<button class="ghost" id="modifyPwd">自助修改密码</button>
{% endblock %}
{% block right-overlay %}
<h1>忘记密码或被锁</h1>
<p>如果密码己遗忘,可点击[扫码验证],使用{{ scan_app }}扫码验证身份信息后进行重置</p>
<p>⬇️点它</p>
<button class="ghost" id="scanCode">扫码验证</button>
{% endblock %}
{% block footer %}
<script>
BtnClick("#btn_modify", 'modify', {{ unsecpwd|safe }})
</script>
{% endblock %}

87
templates/ding_index.v1.html
View File

@@ -8,7 +8,7 @@
<script type="text/javascript" src="{% static 'js/jquery-1.8.3.min.js' %}"></script>
<script type="text/javascript" src="{% static 'js/alert.js' %}"></script>
<script type="text/javascript" src="{% static 'js/check.js' %}"></script>
<script type="text/javascript" src="{% static 'js/ddLogin-0.0.5.js' %}"></script>
<script type="text/javascript" src="{% static 'js/dingtalk.open.js' %}"></script>
</head>
<body>
<div class="head-container" id="head-container">
@@ -18,50 +18,7 @@
</div>
<div class="middle-container" id="middle-container">
<div class="form-container right-content-container">
<form action="" name="ding_qrcode">
<div style="width: 300px; height: 300px; margin: 0 auto" id="ding_code"></div>
<p>使用钉钉扫一扫进行登录验证</p>
<script type="text/javascript">
// 构造钉钉登录二唯码
var home_url = "{{ home_url }}";
var app_id = "{{ app_id }}";
var redirect_url = encodeURIComponent(home_url + '/callbackCheck');
var goto = encodeURIComponent('https://oapi.dingtalk.com/connect/qrconnect?appid='
+ app_id
+ '&response_type=code&scope=snsapi_login&state=STATE&redirect_uri='
+ redirect_url);
console.log(goto)
DDLogin({
id: "ding_code",
goto: goto,
style: "border:none;background-color:#FFFFFF;",
width: "300",
height: "300"
});
// 扫码后的操作
var hanndleMessage = function (event) {
var origin = event.origin;
console.log("origin", event.origin)
if (origin === "https://login.dingtalk.com") {
var loginTmpCode = event.data;
console.log("loginTmpCode", loginTmpCode);
if (loginTmpCode) {
//拿到loginTmpCode后就可以在这里构造跳转链接进行跳转了
location.href = 'https://oapi.dingtalk.com/connect/oauth2/sns_authorize?appid='
+ app_id
+ '&response_type=code&scope=snsapi_login&state=STATE&redirect_uri='
+ redirect_url
+ '&loginTmpCode=' + loginTmpCode;
}
}
};
if (typeof window.addEventListener !== 'undefined') {
window.addEventListener('message', hanndleMessage, false);
} else if (typeof window.attachEvent !== 'undefined') {
window.attachEvent('onmessage', hanndleMessage);
}
</script>
<form action="">
</form>
</div>
<div class="form-container left-content-container">
@@ -82,14 +39,18 @@
<div class="overlay-panel overlay-left">
<h1>我要修改密码</h1>
<p>记得自己的旧密码,需要自行修改</p>
<p>⬇️点它</p>
<button class="ghost" id="modifyPwd">自助修改密码</button>
<p>⬇️点它</p>
<button class="ghost" id="modifyPwd">我要修改密码</button>
</div>
<div class="overlay-panel overlay-right">
<h1>忘记密码或被锁</h1>
<p>如果密码己遗忘,可点击[扫码验证]使用{{ scan_app }}扫码验证身份信息后进行重置</p>
<p>如果密码己遗忘,可通过使用{{ scan_app }}⌉免密登录授权通过身份验证后方可重置</p>
<p></p>
<p>⬇️点它</p>
<button class="ghost" id="scanCode">扫码验证</button>
<form action="/resetPassword" id="formDingLogin" name="formDingLogin" method="get">
<input type="hidden" name="code" value="" id="code">
<button class="ghost" id="dingLogin" type="submit">我要重置密码</button>
</form>
</div>
</div>
</div>
@@ -97,6 +58,34 @@
<script src="{% static 'js/dmaku.js' %}"></script>
<script>
BtnClick("#btn_modify", 'modify', {{ unsecpwd|safe }})
let code;
window.onload = function () {
if (dd.env.platform !== 'notInDingTalk') {
dd.ready(() => {
dd.runtime.permission.requestAuthCode({corpId: '{{ corp_id }}'}).then((result) => {
code = result.code;
}).catch(err => {
console.log(err);
}).finally(() => {
document.getElementById("code").setAttribute("value", code)
})
});
} else {
$.alert('请在钉钉中访问本应用!')
}
}
/** 回退事件 **/
dd.ready(function () {
document.addEventListener('backbutton', function (e) {
e.preventDefault();
dd.biz.navigation.close({
onSuccess: function (result) {
},
onFail: function (err) {
}
})
});
});
</script>
</body>
</html>

78
templates/feishu_index.v1.html
View File

@@ -1,78 +0,0 @@
{% load static %}
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="utf-8">
<title>自助密码平台</title>
<link rel="stylesheet" href="{% static 'css/dmaku.css' %}">
<script type="text/javascript" src="{% static 'js/jquery-1.8.3.min.js' %}"></script>
<script type="text/javascript" src="{% static 'js/alert.js' %}"></script>
<script type="text/javascript" src="{% static 'js/check.js' %}"></script>
<script type="text/javascript" src="{% static 'js/wwLogin-1.0.0.js' %}"></script>
</head>
<body>
<div class="head-container" id="head-container">
<p>
密码自助服务平台
</p>
</div>
<div class="middle-container" id="middle-container">
<div class="form-container right-content-container">
<form action="">
<div style="width: 300px; height: 300px; margin: 0 auto" id="feishu_code"></div>
<script type="text/javascript">
let home_url = "{{ home_url }}";
let app_id = "{{ app_id }}";
let agent_id = "{{ agent_id }}"
let redirect_url = encodeURIComponent(home_url + '/callbackCheck');
window.WwLogin({
id: "we_code",
appid: app_id,
agentid: agent_id,
redirect_uri: redirect_url,
// 样式使用base64加密而不使用https的方式
href: 'data:text/css;base64, ' +
'LmltcG93ZXJCb3ggLnRpdGxlIHtkaXNwbGF5OiBub25lO30KLmltcG93ZXJCb3ggLnFyY29kZSB7d2lkdGg6IDIyMHB4O30KLmltcG93ZXJCb3ggLmluZm8ge3dpZHRoOiAyMjBweDt9Ci5zdGF0dXNfaWNvbiB7ZGlzcGxheTogbm9uZSAgIWltcG9ydGFudH0KLmltcG93ZXJCb3ggLnN0YXR1cy5zdGF0dXNfYnJvd3NlciB7ZGlzcGxheTogbm9uZTt9Ci5pbXBvd2VyQm94IC5zdGF0dXMge3RleHQtYWxpZ246IGNlbnRlcjt9'
});
</script>
<p>使用企业微信扫一扫</p>
</form>
</div>
<div class="form-container left-content-container">
<form action="/" method="post" autocomplete="off">
{% csrf_token %}
<h1>修改密码</h1>
<span>新密码8至30位长度要求包含大小写字母及数字。</span>
<input type="text" id="username" name="username" placeholder="账号格式abc\lisi、lisi、lisi@abc.com">
<input type="password" id="old_password" name="old_password" placeholder="旧密码">
<input type="password" id="new_password" name="new_password" placeholder="新密码">
<input type="password" id="ensure_password" name="ensure_password" placeholder="再次确认新密码">
<p></p>
<button id="btn_modify" type="submit">提交</button>
</form>
</div>
<div class="overlay-container">
<div class="overlay">
<div class="overlay-panel overlay-left">
<h1>我要修改密码</h1>
<p>记得自己的旧密码,需要自行修改</p>
<p>⬇️点它</p>
<button class="ghost" id="modifyPwd">自助修改密码</button>
</div>
<div class="overlay-panel overlay-right">
<h1>忘记密码或被锁</h1>
<p>如果密码己遗忘,可点击[扫码验证],使用{{ scan_app }}扫码验证身份信息后进行重置</p>
<p>⬇️点它</p>
<button class="ghost" id="scanCode">扫码验证</button>
</div>
</div>
</div>
</div>
<script src="{% static 'js/dmaku.js' %}"></script>
<script>
let qrcode_inner = document.getElementsByClassName("form-container right-content-container")
console.log(qrcode_inner)
BtnClick("#btn_modify", 'modify',{{ unsecpwd|safe }})
</script>
</body>
</html>

4
templates/index.v1.html
View File

@@ -95,8 +95,8 @@
</div>
<script src="{% static 'js/dmaku.js' %}"></script>
<script>
let qrcode_inner = document.getElementsByClassName("form-container right-content-container")
console.log(qrcode_inner)
let oauth2_inner = document.getElementsByClassName("form-container right-content-container")
console.log(oauth2_inner)
BtnClick("#btn_modify", 'modify', {{ unsecpwd|safe }})
</script>
</body>

6
templates/resetPassword.v1.html
View File

@@ -47,13 +47,15 @@
<h1>我要重置密码</h1>
<p></p>
<p>⬇️点它</p>
<button class="ghost" id="modifyPwd">切换重置密码</button>
<button class="ghost" id="modifyPwd">点我重置密码</button>
<a class="ghost" href="/">返回主页</a>
</div>
<div class="overlay-panel overlay-right">
<h1>我要解锁账号</h1>
<p></p>
<p>⬇️点它</p>
<button class="ghost" id="scanCode">切换解锁账号</button>
<button class="ghost" id="scanCode">点我解锁账号</button>
<a class="ghost" href="/">返回主页</a>
</div>
</div>
</div>

39
templates/we_index.v1.html
View File

@@ -8,7 +8,6 @@
<script type="text/javascript" src="{% static 'js/jquery-1.8.3.min.js' %}"></script>
<script type="text/javascript" src="{% static 'js/alert.js' %}"></script>
<script type="text/javascript" src="{% static 'js/check.js' %}"></script>
<script src="https://wwcdn.weixin.qq.com/node/wework/wwopen/js/wwLogin-1.2.7.js"></script>
</head>
<body>
<div class="head-container" id="head-container">
@@ -19,32 +18,6 @@
<div class="middle-container" id="middle-container">
<div class="form-container right-content-container">
<form action="">
<div style="width: 300px; height: 300px; margin: 0 auto" id="we_code"></div>
<script type="text/javascript">
let home_url = "{{ home_url }}";
let app_id = "{{ app_id }}";
let agent_id = "{{ agent_id }}"
let redirect_url = encodeURIComponent(home_url + '/callbackCheck');
var wwLogin = new WwLogin({
id: "we_code",
appid: app_id,
agentid: agent_id,
redirect_uri: redirect_url,
// 样式使用base64加密而不使用https的方式
/*
.impowerBox .title {display: none;}
.impowerBox .qrcode {width: 220px;}
.impowerBox .info {width: 220px;}
.status_icon {display: none !important}
.impowerBox .status.status_browser {display: none;}
.impowerBox .status {text-align: center;}
* */
href: 'data:text/css;base64, ' +
'LmltcG93ZXJCb3ggLnRpdGxlIHtkaXNwbGF5OiBub25lO30KLmltcG93ZXJCb3ggLnFyY29kZSB7d2lkdGg6IDIyMHB4O30KLmltcG93ZXJCb3ggLmluZm8ge3dpZHRoOiAyMjBweDt9Ci5zdGF0dXNfaWNvbiB7ZGlzcGxheTogbm9uZSAgIWltcG9ydGFudH0KLmltcG93ZXJCb3ggLnN0YXR1cy5zdGF0dXNfYnJvd3NlciB7ZGlzcGxheTogbm9uZTt9Ci5pbXBvd2VyQm94IC5zdGF0dXMge3RleHQtYWxpZ246IGNlbnRlcjt9'
});
</script>
<p>使用企业微信扫一扫登录验证</p>
</form>
</div>
<div class="form-container left-content-container">
@@ -65,22 +38,22 @@
<div class="overlay-panel overlay-left">
<h1>我要修改密码</h1>
<p>记得自己的旧密码,需要自行修改</p>
<p>⬇️点它</p>
<button class="ghost" id="modifyPwd">自助修改密码</button>
<p>⬇️点它</p>
<button class="ghost" id="modifyPwd">我要修改密码</button>
</div>
<div class="overlay-panel overlay-right">
<h1>忘记密码或被锁</h1>
<p>如果密码己遗忘,可点击[扫码验证]使用{{ scan_app }}扫码验证身份信息后进行重置</p>
<p>如果密码己遗忘,可通过使用{{ scan_app }}⌉OAuth2授权通过身份验证后方可重置</p>
<p>当弹出<b>是否同意授权</b>时,请务必<b>全部同意</b>,否则无法获取关键信息,导致无法正常重置/解锁账号!</p>
<p>⬇️点它</p>
<button class="ghost" id="scanCode">扫码验证</button>
<a class="ghost" href="https://open.weixin.qq.com/connect/oauth2/authorize?appid={{ app_id }}&agentid={{ agent_id }}&redirect_uri={{ redirect_url }}&response_type=code&scope=snsapi_privateinfo&state=#wechat_redirect">我要重置密码</a>
</div>
</div>
</div>
</div>
<script src="{% static 'js/dmaku.js' %}"></script>
<script>
let qrcode_inner = document.getElementsByClassName("form-container right-content-container")
console.log(qrcode_inner)
let oauth2_inner = document.getElementsByClassName("form-container right-content-container")
BtnClick("#btn_modify", 'modify',{{ unsecpwd|safe }})
</script>
</body>