From 6b90cd3be7b3a9fdf3f575a6a617b687709b49c3 Mon Sep 17 00:00:00 2001 From: Leven Date: Fri, 16 Dec 2022 11:57:40 +0800 Subject: [PATCH] oauth2 support --- resetpwd/utils.py | 14 +++++++-- resetpwd/views.py | 10 +++--- static/js/wwLogin-1.2.7.js | 1 + templates/we_index.v1.html | 5 +-- utils/dingding_ops.py | 22 +++++++++++++ utils/format_username.py | 10 ++++-- utils/wework_ops.py | 64 ++++++++++++++++++++++++++++++++++++++ 7 files changed, 114 insertions(+), 12 deletions(-) create mode 100644 static/js/wwLogin-1.2.7.js diff --git a/resetpwd/utils.py b/resetpwd/utils.py index 40e79c1..398fb5d 100644 --- a/resetpwd/utils.py +++ b/resetpwd/utils.py @@ -24,7 +24,15 @@ else: logger = logging.getLogger('django') -def code_2_user_info(ops, request, msg_template, home_url, code): +def code_2_user_info(ops, home_url, code): + """ + 临时授权码换取userinfo + """ + _, s, e = ops.get_user_detail(code=code, home_url=home_url) + return _, s, e + + +def code_2_user_info_with_oauth2(ops, request, msg_template, home_url, code): """ 临时授权码换取userinfo """ @@ -32,7 +40,7 @@ def code_2_user_info(ops, request, msg_template, home_url, code): # 判断 user_id 在本企业钉钉/微信中是否存在 if not _status: context = { - 'msg': '获取钉钉userid失败,错误信息:{}'.format(user_id), + 'msg': '获取userid失败,错误信息:{}'.format(user_id), 'button_click': "window.location.href='%s'" % home_url, 'button_display': "返回主页" } @@ -40,7 +48,7 @@ def code_2_user_info(ops, request, msg_template, home_url, code): detail_status, user_info = ops.get_user_detail_by_user_id(user_id) if not detail_status: context = { - 'msg': '获取钉钉用户信息失败,错误信息:{}'.format(user_info), + 'msg': '获取用户信息失败,错误信息:{}'.format(user_info), 'button_click': "window.location.href='%s'" % home_url, 'button_display': "返回主页" } diff --git a/resetpwd/views.py b/resetpwd/views.py index 603e443..50be3fc 100644 --- a/resetpwd/views.py +++ b/resetpwd/views.py @@ -117,7 +117,7 @@ def index(request): def callback_check(request): """ - 钉钉扫码回调数据之后,将用户账号在AD中进行验证,如果通过,则返回钉钉中取出用户的union_id + 扫码回调数据之后,将用户账号在AD中进行验证,如果通过,则返回钉钉中取出用户的union_id :param request: :return: """ @@ -133,18 +133,20 @@ def callback_check(request): 'button_display': "返回主页" } return render(request, msg_template, context) + + print('code ----- ', code) try: - _status, user_id, user_info = code_2_user_info(_ops, request, msg_template, home_url, code) - print(user_info) + _status, user_id, user_info = code_2_user_info(_ops, home_url, code) if not _status: return render(request, msg_template, user_id) # 账号是否是激活的 if get_user_is_active(user_info): return crypto_user_id_2_cookie(user_id) + # 否则账号不存在或未激活 else: context = { - 'msg': '当前扫码的用户在钉钉中未激活或可能己离职,用户信息如下:%s' % user_info, + 'msg': '当前扫码的用户未激活或可能己离职,用户信息如下:%s' % user_info, 'button_click': "window.location.href='%s'" % home_url, 'button_display': "返回主页" } diff --git a/static/js/wwLogin-1.2.7.js b/static/js/wwLogin-1.2.7.js new file mode 100644 index 0000000..908ab96 --- /dev/null +++ b/static/js/wwLogin-1.2.7.js @@ -0,0 +1 @@ +!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).WwLogin=t()}(this,(function(){"use strict";var e=["work.weixin.qq.com","tencent.com"],t={sso:"/wwopen/sso/qrConnect",tww:"/login/wwLogin/sso/qrConnect",native:"/native/sso/qrConnect",twxg:"/login/wwLogin/sso/qrConnect"},n="1.2.7";return function(){function o(e){this.options=e,this.options=e,this.createFrame()}return o.prototype.destroyed=function(){console.log("WwLogin had destroyed."),window.removeEventListener("message",this.onPostMessage)},o.prototype.getUrl=function(e){var o=[];Object.keys(e).forEach((function(t){var n=e[t];[void 0,null].indexOf(n)>-1||-1!==["string","number","boolean"].indexOf(typeof n)&&"id"!==t&&o.push("".concat(t,"=").concat(n))})),o.push("version=".concat(n)),o.push("login_type=jssdk");var s=t[e.business_type||"sso"];if(!s)throw new Error("Argument business_type not match. Current version is ".concat(n,"."));var i="https://open.work.weixin.qq.com";return/tencent\.com$/.test(window.location.host)&&(i="https://open.wecom.tencent.com"),"".concat(i).concat(s,"?").concat(o.join("&"))},o.prototype.createFrame=function(){var e=this;if(this.options.is_mobile)window.location.href=this.getUrl(this.options);else{this.frame=document.createElement("iframe");var t=document.getElementById(this.options.id);this.frame.src=this.getUrl(this.options),this.frame.frameBorder="0",this.frame.allowTransparency="true",this.frame.scrolling="no",this.frame.width="300px",this.frame.height="400px",t.innerHTML="",t.appendChild(this.frame),this.frame.onload=function(){e.frame.contentWindow.postMessage&&window.addEventListener&&(window.addEventListener("message",e.onPostMessage),e.frame.contentWindow.postMessage("ask_usePostMessage","*"))}}},o.prototype.onPostMessage=function(t){if(e.filter((function(e){return new RegExp("".concat(e,"$")).test(t.origin)})).length){var n=t.data;n&&"string"==typeof n&&/^http/.test(n)&&(window.location.href=n)}},o}()})); diff --git a/templates/we_index.v1.html b/templates/we_index.v1.html index 196ba62..1ec7293 100644 --- a/templates/we_index.v1.html +++ b/templates/we_index.v1.html @@ -8,7 +8,7 @@ - +
@@ -25,7 +25,8 @@ let app_id = "{{ app_id }}"; let agent_id = "{{ agent_id }}" let redirect_url = encodeURIComponent(home_url + '/callbackCheck'); - window.WwLogin({ + + var wwLogin = new WwLogin({ id: "we_code", appid: app_id, agentid: agent_id, diff --git a/utils/dingding_ops.py b/utils/dingding_ops.py index 06373da..b5a3415 100644 --- a/utils/dingding_ops.py +++ b/utils/dingding_ops.py @@ -84,3 +84,25 @@ class DingDingOps(AppKeyClient): except (KeyError, IndexError) as k_error: return False, 'get_user_detail_by_user_id: %s' % str(k_error) + def get_user_detail(self, code, home_url): + """ + 临时授权码换取userinfo + """ + _status, user_id = self.get_user_id_by_code(code) + # 判断 user_id 在本企业钉钉/微信中是否存在 + if not _status: + context = { + 'msg': '获取userid失败,错误信息:{}'.format(user_id), + 'button_click': "window.location.href='%s'" % home_url, + 'button_display': "返回主页" + } + return False, context, user_id + detail_status, user_info = self.get_user_detail_by_user_id(user_id) + if not detail_status: + context = { + 'msg': '获取用户信息失败,错误信息:{}'.format(user_info), + 'button_click': "window.location.href='%s'" % home_url, + 'button_display': "返回主页" + } + return False, context, user_info + return True, user_id, user_info diff --git a/utils/format_username.py b/utils/format_username.py index b76631e..7d68051 100644 --- a/utils/format_username.py +++ b/utils/format_username.py @@ -15,7 +15,11 @@ def format2username(account): :param account 用户账号可以是邮箱、DOMAIN\\username、username格式。 :return: username """ - if account: + + if account is None: + return False, NameError( + "传入的用户账号为空!".format(account)) + try: mail_compile = re.compile(r'(.*)@(.*)') domain_compile = re.compile(r'(.*)\\(.*)') @@ -25,8 +29,8 @@ def format2username(account): return True, re.fullmatch(domain_compile, account).group(2) else: return True, account.lower() - else: - return False, NameError("{}格式化失败,注意:account用户账号是邮箱或DOMAIN\\username或username格式!".format(account)) + except Exception as e: + return False, NameError("格式化失败,注意:account用户账号是邮箱或DOMAIN\\username或username格式,错误信息[{}]".format(account, e)) def get_user_is_active(user_info): diff --git a/utils/wework_ops.py b/utils/wework_ops.py index 047c93e..73b0658 100644 --- a/utils/wework_ops.py +++ b/utils/wework_ops.py @@ -20,6 +20,10 @@ else: from conf.local_settings import * CORP_API_TYPE = { + 'GET_USER_TICKET_OAUTH2': ['/cgi-bin/auth/getuserinfo?access_token=ACCESS_TOKEN', 'GET'], + 'GET_USER_INFO_OAUTH2': ['/cgi-bin/auth/getuserdetail?access_token=ACCESS_TOKEN', 'POST'], + + 'GET_ACCESS_TOKEN': ['/cgi-bin/gettoken', 'GET'], 'USER_CREATE': ['/cgi-bin/user/create?access_token=ACCESS_TOKEN', 'POST'], 'USER_GET': ['/cgi-bin/user/get?access_token=ACCESS_TOKEN', 'GET'], @@ -139,6 +143,66 @@ class WeWorkOps(AbstractApi): except Exception as e: return False, "get_user_detail_by_user_id: {}".format(e) + def get_user_ticket_by_code_with_oauth2(self, code): + try: + return True, self.http_call( + CORP_API_TYPE['GET_USER_TICKET_OAUTH2'], + { + 'code': code, + }) + except ApiException as e: + return False, "get_user_ticket_by_code_with_oauth2: {}-{}".format(e.errCode, e.errMsg) + except Exception as e: + return False, "get_user_ticket_by_code_with_oauth2: {}".format(e) + + def get_user_info_by_ticket_with_oauth2(self, user_ticket): + try: + return True, self.http_call( + CORP_API_TYPE['GET_USER_TICKET_OAUTH2'], + { + 'user_ticket': user_ticket + }) + except ApiException as e: + return False, "get_user_info_by_ticket_with_oauth2: {}-{}".format(e.errCode, e.errMsg) + except Exception as e: + return False, "get_user_info_by_ticket_with_oauth2: {}".format(e) + + def get_user_detail(self, code, home_url): + """ + 临时授权码换取userinfo + """ + _status, ticket_data = self.get_user_ticket_by_code_with_oauth2(code) + print('ticket_data ----------- ', ticket_data) + # 判断 user_ticket 是否存在 + if not _status: + context = { + 'msg': '获取userid失败,错误信息:{}'.format(ticket_data), + 'button_click': "window.location.href='%s'" % home_url, + 'button_display': "返回主页" + } + return False, context, ticket_data + + user_id = ticket_data.get('userid') + if ticket_data.get('user_ticket') is None: + context = { + 'msg': '获取用户Ticket失败,当前扫码用户[{}]可能未加入企业!'.format(user_id), + 'button_click': "window.location.href='%s'" % home_url, + 'button_display': "返回主页" + } + return False, context, user_id + + # 通过user_ticket获取企业微信用户详情信息 + detail_status, user_info = self.get_user_info_by_ticket_with_oauth2(ticket_data.get('user_ticket')) + print(user_info) + if not detail_status: + context = { + 'msg': '获取用户信息失败,错误信息:{}'.format(user_id), + 'button_click': "window.location.href='%s'" % home_url, + 'button_display': "返回主页" + } + return False, context + return True, user_id, user_info + if __name__ == '__main__': wx = WeWorkOps()