7x31
/
ad-password-self-service
mirror of https://github.com/capricornxl/ad-password-self-service.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

oauth2 support

This commit is contained in:
Leven 2022-12-16 11:57:40 +08:00
parent 4ed8c1e0e2
commit 6b90cd3be7
7 changed files with 114 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
resetpwd/utils.py
View File

@ -24,7 +24,15 @@ else:
logger = logging.getLogger('django') logger = logging.getLogger('django')
def code_2_user_info(ops, request, msg_template, home_url, code): def code_2_user_info(ops, home_url, code):
"""
临时授权码换取userinfo
"""
_, s, e = ops.get_user_detail(code=code, home_url=home_url)
return _, s, e
def code_2_user_info_with_oauth2(ops, request, msg_template, home_url, code):
""" """
临时授权码换取userinfo 临时授权码换取userinfo
""" """
@ -32,7 +40,7 @@ def code_2_user_info(ops, request, msg_template, home_url, code):
# 判断 user_id 在本企业钉钉/微信中是否存在 # 判断 user_id 在本企业钉钉/微信中是否存在
if not _status: if not _status:
context = { context = {
'msg': '获取钉钉userid失败错误信息{}'.format(user_id), 'msg': '获取userid失败错误信息{}'.format(user_id),
'button_click': "window.location.href='%s'" % home_url, 'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页" 'button_display': "返回主页"
} }
@ -40,7 +48,7 @@ def code_2_user_info(ops, request, msg_template, home_url, code):
detail_status, user_info = ops.get_user_detail_by_user_id(user_id) detail_status, user_info = ops.get_user_detail_by_user_id(user_id)
if not detail_status: if not detail_status:
context = { context = {
'msg': '获取钉钉用户信息失败,错误信息:{}'.format(user_info), 'msg': '获取用户信息失败,错误信息:{}'.format(user_info),
'button_click': "window.location.href='%s'" % home_url, 'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页" 'button_display': "返回主页"
} }

10
resetpwd/views.py
View File

@ -117,7 +117,7 @@ def index(request):
def callback_check(request): def callback_check(request):
""" """
钉钉扫码回调数据之后将用户账号在AD中进行验证如果通过则返回钉钉中取出用户的union_id 扫码回调数据之后将用户账号在AD中进行验证如果通过则返回钉钉中取出用户的union_id
:param request: :param request:
:return: :return:
""" """
@ -133,18 +133,20 @@ def callback_check(request):
'button_display': "返回主页" 'button_display': "返回主页"
} }
return render(request, msg_template, context) return render(request, msg_template, context)
print('code ----- ', code)
try: try:
_status, user_id, user_info = code_2_user_info(_ops, request, msg_template, home_url, code) _status, user_id, user_info = code_2_user_info(_ops, home_url, code)
print(user_info)
if not _status: if not _status:
return render(request, msg_template, user_id) return render(request, msg_template, user_id)
# 账号是否是激活的 # 账号是否是激活的
if get_user_is_active(user_info): if get_user_is_active(user_info):
return crypto_user_id_2_cookie(user_id) return crypto_user_id_2_cookie(user_id)
# 否则账号不存在或未激活 # 否则账号不存在或未激活
else: else:
context = { context = {
'msg': '当前扫码的用户在钉钉中未激活或可能己离职,用户信息如下:%s' % user_info, 'msg': '当前扫码的用户未激活或可能己离职,用户信息如下:%s' % user_info,
'button_click': "window.location.href='%s'" % home_url, 'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页" 'button_display': "返回主页"
} }

1
static/js/wwLogin-1.2.7.js Normal file
View File

@ -0,0 +1 @@
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).WwLogin=t()}(this,(function(){"use strict";var e=["work.weixin.qq.com","tencent.com"],t={sso:"/wwopen/sso/qrConnect",tww:"/login/wwLogin/sso/qrConnect",native:"/native/sso/qrConnect",twxg:"/login/wwLogin/sso/qrConnect"},n="1.2.7";return function(){function o(e){this.options=e,this.options=e,this.createFrame()}return o.prototype.destroyed=function(){console.log("WwLogin had destroyed."),window.removeEventListener("message",this.onPostMessage)},o.prototype.getUrl=function(e){var o=[];Object.keys(e).forEach((function(t){var n=e[t];[void 0,null].indexOf(n)>-1||-1!==["string","number","boolean"].indexOf(typeof n)&&"id"!==t&&o.push("".concat(t,"=").concat(n))})),o.push("version=".concat(n)),o.push("login_type=jssdk");var s=t[e.business_type||"sso"];if(!s)throw new Error("Argument business_type not match. Current version is ".concat(n,"."));var i="https://open.work.weixin.qq.com";return/tencent\.com$/.test(window.location.host)&&(i="https://open.wecom.tencent.com"),"".concat(i).concat(s,"?").concat(o.join("&"))},o.prototype.createFrame=function(){var e=this;if(this.options.is_mobile)window.location.href=this.getUrl(this.options);else{this.frame=document.createElement("iframe");var t=document.getElementById(this.options.id);this.frame.src=this.getUrl(this.options),this.frame.frameBorder="0",this.frame.allowTransparency="true",this.frame.scrolling="no",this.frame.width="300px",this.frame.height="400px",t.innerHTML="",t.appendChild(this.frame),this.frame.onload=function(){e.frame.contentWindow.postMessage&&window.addEventListener&&(window.addEventListener("message",e.onPostMessage),e.frame.contentWindow.postMessage("ask_usePostMessage","*"))}}},o.prototype.onPostMessage=function(t){if(e.filter((function(e){return new RegExp("".concat(e,"$")).test(t.origin)})).length){var n=t.data;n&&"string"==typeof n&&/^http/.test(n)&&(window.location.href=n)}},o}()}));

5
templates/we_index.v1.html
View File

@ -8,7 +8,7 @@
<script type="text/javascript" src="{% static 'js/jquery-1.8.3.min.js' %}"></script> <script type="text/javascript" src="{% static 'js/jquery-1.8.3.min.js' %}"></script>
<script type="text/javascript" src="{% static 'js/alert.js' %}"></script> <script type="text/javascript" src="{% static 'js/alert.js' %}"></script>
<script type="text/javascript" src="{% static 'js/check.js' %}"></script> <script type="text/javascript" src="{% static 'js/check.js' %}"></script>
<script src="https://rescdn.qqmail.com/node/ww/wwopenmng/js/sso/wwLogin-1.0.0.js"></script> <script src="https://wwcdn.weixin.qq.com/node/wework/wwopen/js/wwLogin-1.2.7.js"></script>
</head> </head>
<body> <body>
<div class="head-container" id="head-container"> <div class="head-container" id="head-container">
@ -25,7 +25,8 @@
let app_id = "{{ app_id }}"; let app_id = "{{ app_id }}";
let agent_id = "{{ agent_id }}" let agent_id = "{{ agent_id }}"
let redirect_url = encodeURIComponent(home_url + '/callbackCheck'); let redirect_url = encodeURIComponent(home_url + '/callbackCheck');
window.WwLogin({
var wwLogin = new WwLogin({
id: "we_code", id: "we_code",
appid: app_id, appid: app_id,
agentid: agent_id, agentid: agent_id,

22
utils/dingding_ops.py
View File

@ -84,3 +84,25 @@ class DingDingOps(AppKeyClient):
except (KeyError, IndexError) as k_error: except (KeyError, IndexError) as k_error:
return False, 'get_user_detail_by_user_id: %s' % str(k_error) return False, 'get_user_detail_by_user_id: %s' % str(k_error)
def get_user_detail(self, code, home_url):
"""
临时授权码换取userinfo
"""
_status, user_id = self.get_user_id_by_code(code)
# 判断 user_id 在本企业钉钉/微信中是否存在
if not _status:
context = {
'msg': '获取userid失败错误信息{}'.format(user_id),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return False, context, user_id
detail_status, user_info = self.get_user_detail_by_user_id(user_id)
if not detail_status:
context = {
'msg': '获取用户信息失败,错误信息:{}'.format(user_info),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return False, context, user_info
return True, user_id, user_info

10
utils/format_username.py
View File

@ -15,7 +15,11 @@ def format2username(account):
:param account 用户账号可以是邮箱DOMAIN\\usernameusername格式 :param account 用户账号可以是邮箱DOMAIN\\usernameusername格式
:return: username :return: username
""" """
if account:
if account is None:
return False, NameError(
"传入的用户账号为空!".format(account))
try:
mail_compile = re.compile(r'(.*)@(.*)') mail_compile = re.compile(r'(.*)@(.*)')
domain_compile = re.compile(r'(.*)\\(.*)') domain_compile = re.compile(r'(.*)\\(.*)')
@ -25,8 +29,8 @@ def format2username(account):
return True, re.fullmatch(domain_compile, account).group(2) return True, re.fullmatch(domain_compile, account).group(2)
else: else:
return True, account.lower() return True, account.lower()
else: except Exception as e:
return False, NameError("{}格式化失败注意account用户账号是邮箱或DOMAIN\\username或username格式".format(account)) return False, NameError("格式化失败注意account用户账号是邮箱或DOMAIN\\username或username格式,错误信息[{}]".format(account, e))
def get_user_is_active(user_info): def get_user_is_active(user_info):

64
utils/wework_ops.py
View File

@ -20,6 +20,10 @@ else:
from conf.local_settings import * from conf.local_settings import *
CORP_API_TYPE = { CORP_API_TYPE = {
'GET_USER_TICKET_OAUTH2': ['/cgi-bin/auth/getuserinfo?access_token=ACCESS_TOKEN', 'GET'],
'GET_USER_INFO_OAUTH2': ['/cgi-bin/auth/getuserdetail?access_token=ACCESS_TOKEN', 'POST'],
'GET_ACCESS_TOKEN': ['/cgi-bin/gettoken', 'GET'], 'GET_ACCESS_TOKEN': ['/cgi-bin/gettoken', 'GET'],
'USER_CREATE': ['/cgi-bin/user/create?access_token=ACCESS_TOKEN', 'POST'], 'USER_CREATE': ['/cgi-bin/user/create?access_token=ACCESS_TOKEN', 'POST'],
'USER_GET': ['/cgi-bin/user/get?access_token=ACCESS_TOKEN', 'GET'], 'USER_GET': ['/cgi-bin/user/get?access_token=ACCESS_TOKEN', 'GET'],
@ -139,6 +143,66 @@ class WeWorkOps(AbstractApi):
except Exception as e: except Exception as e:
return False, "get_user_detail_by_user_id: {}".format(e) return False, "get_user_detail_by_user_id: {}".format(e)
def get_user_ticket_by_code_with_oauth2(self, code):
try:
return True, self.http_call(
CORP_API_TYPE['GET_USER_TICKET_OAUTH2'],
{
'code': code,
})
except ApiException as e:
return False, "get_user_ticket_by_code_with_oauth2: {}-{}".format(e.errCode, e.errMsg)
except Exception as e:
return False, "get_user_ticket_by_code_with_oauth2: {}".format(e)
def get_user_info_by_ticket_with_oauth2(self, user_ticket):
try:
return True, self.http_call(
CORP_API_TYPE['GET_USER_TICKET_OAUTH2'],
{
'user_ticket': user_ticket
})
except ApiException as e:
return False, "get_user_info_by_ticket_with_oauth2: {}-{}".format(e.errCode, e.errMsg)
except Exception as e:
return False, "get_user_info_by_ticket_with_oauth2: {}".format(e)
def get_user_detail(self, code, home_url):
"""
临时授权码换取userinfo
"""
_status, ticket_data = self.get_user_ticket_by_code_with_oauth2(code)
print('ticket_data ----------- ', ticket_data)
# 判断 user_ticket 是否存在
if not _status:
context = {
'msg': '获取userid失败错误信息{}'.format(ticket_data),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return False, context, ticket_data
user_id = ticket_data.get('userid')
if ticket_data.get('user_ticket') is None:
context = {
'msg': '获取用户Ticket失败当前扫码用户[{}]可能未加入企业!'.format(user_id),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return False, context, user_id
# 通过user_ticket获取企业微信用户详情信息
detail_status, user_info = self.get_user_info_by_ticket_with_oauth2(ticket_data.get('user_ticket'))
print(user_info)
if not detail_status:
context = {
'msg': '获取用户信息失败,错误信息:{}'.format(user_id),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return False, context
return True, user_id, user_info
if __name__ == '__main__': if __name__ == '__main__':
wx = WeWorkOps() wx = WeWorkOps()