7x31
/
ad-password-self-service
mirror of https://github.com/capricornxl/ad-password-self-service.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

修改format2username方法,返回元组作为结果判断。 

悠resetpwd.views 将所有format2username兼容处理,防止当用户名为空时,能正确抛出异常给前端页面。
修复resetpwd.views callback_check中一个BUG(如果用户不存在或未激活,会存在通过format2username拿不到用户名的情况,在这里就直接抛出user_info整个json)
This commit is contained in:
向乐🌌 2021-08-05 09:35:56 +08:00
parent 4f8fcb68b4
commit 75b3916191
4 changed files with 61 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
conf/local_settings.py
View File

@ -1,3 +1,8 @@
# ##########################################################################
# 字符串前面的格式编码不要去掉了,主要是为了解决特殊字符被转义的问题。 #
# ##########################################################################
# ########## AD配置修改为自己的
# AD主机可以是IP或主机域名例如可以是: abc.com或172.16.122.1
AD_HOST = r'修改成自己的'

5
readme.md
View File

@ -9,6 +9,11 @@
### 逻辑:
>用户扫码通过之后通过临时授权码提取用户的userid再通过userid断用户在本企业中是否存在。如果存在提取钉钉/企业微信用户的邮箱通过邮箱转成账号将账号拿到AD中进行比对来验证账号在AD中是否存在并账号状态是激活的。满足以上条件的账号就会视为可自行重置密码。
## <u>_**所能接受的账号规则**_ </u>
无论是钉钉、微信均是通过提取用户邮箱的前缀部分来作为关联AD的账号所以目前的识别逻辑就需要保证邮箱的前缀和AD的登录账号是一致的。
如果您的场景不是这样,请按自己的需求修改源代码适配。
### 代码提交到--新分支:
```
djaong3

61
resetpwd/views.py
View File

@ -44,13 +44,6 @@ class PARAMS(object):
scan_params = PARAMS()
_ops = scan_params.ops
# try:
# AdOps() = AdOps()
# print("初始化Active Directory连接成功...")
# except Exception as e:
# AdOps() = LDAPException("连接域控制器失败无法访问到LDAP")
# print("初始化Active Directory连接失败...")
# print(str(e))
def index(request):
@ -95,7 +88,14 @@ def index(request):
}
return render(request, msg_template, context)
# 格式化用户名
username = format2username(username)
_, username = format2username(username)
if _ is False:
context = {
'msg': username,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
# 检测账号状态
auth_status, auth_result = AdOps().ad_auth_user(username=username, password=old_password)
if not auth_status:
@ -133,17 +133,18 @@ def callback_check(request):
'button_display': "返回主页"
}
return render(request, msg_template, context)
print("code: {}" .format(code))
try:
_status, user_id, user_info = code_2_user_info(_ops, request, msg_template, home_url, code)
print(user_info)
if not _status:
return render(request, msg_template, user_id)
# 账号是否是激活的
if get_user_is_active(user_info):
return crypto_user_id_2_cookie(user_id)
# 否则账号不存在或未激活
else:
context = {
'msg': '[%s]在钉钉中未激活或可能己离职' % format2username(user_info.get('name')),
'msg': '当前扫码的用户在钉钉中未激活或可能己离职,用户信息如下:%s' % user_info,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
@ -171,7 +172,15 @@ def reset_pwd_by_callback(request):
if not _status:
return render(request, msg_template, user_info)
# 通过user_id拿到用户信息并格式化为username
username = format2username(user_info.get('email'))
# 格式化用户名
_, username = format2username(user_info.get('email'))
if _ is False:
context = {
'msg': username,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
# 如果邮箱能提取到,则格式化之后,提取出账号提交到前端绑定
if username:
context = {
@ -193,7 +202,15 @@ def reset_pwd_by_callback(request):
_status, user_info = crypto_id_2_user_info(_ops, request, msg_template, home_url, scan_params.SCAN_APP)
if not _status:
return render(request, msg_template, user_info)
username = format2username(user_info.get('email'))
# 格式化用户名
_, username = format2username(user_info.get('email'))
if _ is False:
context = {
'msg': username,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
return ops_account(ad_ops=AdOps(), request=request, msg_template=msg_template, home_url=home_url, username=username, new_password=_new_password)
except Exception as reset_e:
context = {
@ -223,7 +240,15 @@ def unlock_account(request):
_status, user_info = crypto_id_2_user_info(_ops, request, msg_template, home_url, scan_params.SCAN_APP)
if not _status:
return render(request, msg_template, user_info)
username = format2username(user_info.get('email'))
# 格式化用户名
_, username = format2username(user_info.get('email'))
if _ is False:
context = {
'msg': username,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
context = {
'username': username,
}
@ -233,7 +258,15 @@ def unlock_account(request):
_status, user_info = crypto_id_2_user_info(_ops, request, msg_template, home_url, scan_params.SCAN_APP)
if not _status:
return render(request, msg_template, user_info)
username = format2username(user_info.get('email'))
# 格式化用户名
_, username = format2username(user_info.get('email'))
if _ is False:
context = {
'msg': username,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
return ops_account(AdOps(), request, msg_template, home_url, username, None)
else:
context = {

8
utils/format_username.py
View File

@ -20,13 +20,13 @@ def format2username(account):
domain_compile = re.compile(r'(.*)\\(.*)')
if re.fullmatch(mail_compile, account):
return re.fullmatch(mail_compile, account).group(1)
return True, re.fullmatch(mail_compile, account).group(1)
elif re.fullmatch(domain_compile, account):
return re.fullmatch(domain_compile, account).group(2)
return True, re.fullmatch(domain_compile, account).group(2)
else:
return account.lower()
return True, account.lower()
else:
raise NameError("输入的账号不能为空..")
return False, NameError("{}格式化失败注意account用户账号是邮箱或DOMAIN\\username或username格式".format(account))
def get_user_is_active(user_info):