7x31
/
ad-password-self-service
mirror of https://github.com/capricornxl/ad-password-self-service.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

修复utils目录自定义模块中的处理逻辑return结果不正确,导致Django无法正常在前台显示结果的BUG

This commit is contained in:
向乐🌌 2021-05-21 13:47:26 +08:00
parent 28661b0d9c
commit 9c8a82417e
17 changed files with 146 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
auto-install.sh
View File

@ -218,7 +218,7 @@ chkconfig uwsgiserver on
echo "处理uwsgiserver启动脚本完成" echo "处理uwsgiserver启动脚本完成"
echo echo
sed -i "s@PWD_SELF_SERVICE_DOMAIN@${PWD_SELF_SERVICE_DOMAIN}@g" ${SHELL_FOLDER}/pwdselfservice/local_settings.py sed -i "s@PWD_SELF_SERVICE_DOMAIN@${PWD_SELF_SERVICE_DOMAIN}@g" ${SHELL_FOLDER}/conf/local_settings.py
##Nginx vhost配置 ##Nginx vhost配置
cat << EOF > /etc/nginx/conf.d/pwdselfservice.conf cat << EOF > /etc/nginx/conf.d/pwdselfservice.conf
@ -250,7 +250,6 @@ echo "Uwsgi停止/etc/init.d/uwsgi stop"
echo "Uwsgi重启/etc/init.d/uwsgi restart" echo "Uwsgi重启/etc/init.d/uwsgi restart"
echo echo
echo echo
echo "文件${SHELL_FOLDER}/pwdselfservice/local_setting.py中必要参数需要你自行修改" echo "文件${SHELL_FOLDER}/conf/local_setting.py中配置参数请自动确认下是否完整"
echo "此文件中有AD和钉钉的一些参数按自己企业的修改"
echo echo
echo "=======================================================================" echo "======================================================================="

7
pwdselfservice/local_settings.py → conf/local_settings.py
View File

@ -55,12 +55,7 @@ WEWORK_AGNET_SECRET = r'修改为自己的'
REDIS_LOCATION = r'redis://127.0.0.1:6379/1' REDIS_LOCATION = r'redis://127.0.0.1:6379/1'
REDIS_PASSWORD = r'12345678' REDIS_PASSWORD = r'12345678'
# ########################## # COOKIE超时时间单位是秒可不用修改
# 执行python3 ./utils/crypto.py 生成
# 可自行生成后替换
CRYPTO_KEY = b'dp8U9y7NAhCD3MoNwPzPBhBtTZ1uI_WWSdpNs6wUDgs='
# COOKIE 超时单位是秒,可不用修改
TMPID_COOKIE_AGE = 300 TMPID_COOKIE_AGE = 300
# 主页域名钉钉跳转等需要指定域名格式pwd.abc.com。 # 主页域名钉钉跳转等需要指定域名格式pwd.abc.com。

1
manage.py
View File

@ -1,7 +1,6 @@
#!/usr/bin/env python #!/usr/bin/env python
import os import os
import sys import sys
from utils.ad_ops import AdOps
if __name__ == '__main__': if __name__ == '__main__':
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'pwdselfservice.settings') os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'pwdselfservice.settings')

12
pwdselfservice/__init__.py
View File

@ -1,23 +1,19 @@
import datetime import datetime
import time
from django_redis import get_redis_connection
from utils.storage.memorystorage import MemoryStorage
from utils.storage.kvstorage import KvStorage
from cryptography.fernet import Fernet from cryptography.fernet import Fernet
from django_redis import get_redis_connection
from utils.storage.kvstorage import KvStorage
from utils.storage.memorystorage import MemoryStorage
try: try:
redis_conn = get_redis_connection() redis_conn = get_redis_connection()
cache_storage = KvStorage(redis_conn) cache_storage = KvStorage(redis_conn)
cache_storage.set('redis_connection', str(datetime.datetime.now())) cache_storage.set('redis_connection', str(datetime.datetime.now()))
redis_get = cache_storage.get('redis_connection') redis_get = cache_storage.get('redis_connection')
print("Redis连接成功set/get测试通过--{}Token缓存将使用Redis处理" .format(redis_get)) # print("Redis连接成功set/get测试通过--{}Token缓存将使用Redis处理".format(redis_get))
except Exception as e: except Exception as e:
cache_storage = MemoryStorage() cache_storage = MemoryStorage()
print("Redis无法连接Token缓存将使用MemoryStorage处理") print("Redis无法连接Token缓存将使用MemoryStorage处理")
print("如果确定需要使用Redis作为缓存请排查Redis配置错误信息如下") print("如果确定需要使用Redis作为缓存请排查Redis配置错误信息如下")
print("Redis Exception: {}".format(e)) print("Redis Exception: {}".format(e))
crypto_key = Fernet.generate_key() crypto_key = Fernet.generate_key()

13
pwdselfservice/settings.py
View File

@ -1,5 +1,13 @@
import os import os
from pwdselfservice.local_settings import REDIS_PASSWORD, REDIS_LOCATION
APP_ENV = os.getenv('APP_ENV')
if APP_ENV == 'dev':
from conf.local_settings_dev import REDIS_PASSWORD, REDIS_LOCATION
DEBUG = True
else:
from conf.local_settings import REDIS_PASSWORD, REDIS_LOCATION
DEBUG = False
# Build paths inside the project like this: os.path.join(BASE_DIR, ...) # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
@ -7,9 +15,6 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
# SECURITY WARNING: keep the secret key used in production secret! # SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'nxnm3#&2tat_c2i6%$y74a)t$(3irh^gpwaleoja1kdv30fmcm' SECRET_KEY = 'nxnm3#&2tat_c2i6%$y74a)t$(3irh^gpwaleoja1kdv30fmcm'
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
ALLOWED_HOSTS = ['*'] ALLOWED_HOSTS = ['*']
# 创建日志的路径 # 创建日志的路径

4
readme.md
View File

@ -96,7 +96,7 @@ Redis的安装和配置方法请自行百度比较简单
### 把整个项目目录上传到新的服务器上 ### 把整个项目目录上传到新的服务器上
#### 先修改配置文件,按自己实际的配置修改项目配置文件: #### 先修改配置文件,按自己实际的配置修改项目配置文件:
修改pwdselfservice/local_settings.py中的参数按自己的实际参数修改 修改conf/local_settings.py中的参数按自己的实际参数修改
```` python ```` python
# ########## AD配置修改为自己的 # ########## AD配置修改为自己的
# AD主机可以是IP或主机域名例如可以是: abc.com或172.16.122.1 # AD主机可以是IP或主机域名例如可以是: abc.com或172.16.122.1
@ -188,7 +188,7 @@ chmod +x auto-install.sh
### 按自己实际的配置修改项目配置参数: ### 按自己实际的配置修改项目配置参数:
修改pwdselfservice/local_settings.py中的参数按自己的实际参数修改 修改conf/local_settings.py中的参数按自己的实际参数修改
```` python ```` python
# ########## AD配置修改为自己的 # ########## AD配置修改为自己的

3
requestment
View File

@ -1,4 +1,7 @@
Django==3.2 Django==3.2
pycryptodome==3.10.1
attrs==21.2.0
python-dateutil==2.8.1
dingtalk-sdk==1.3.8 dingtalk-sdk==1.3.8
cryptography==3.4.7 cryptography==3.4.7
ldap3==2.9 ldap3==2.9

1
resetpwd/form.py
View File

@ -1,6 +1,5 @@
from django.forms import fields as c_fields from django.forms import fields as c_fields
from django import forms as c_forms from django import forms as c_forms
from django.core.exceptions import ValidationError
class CheckForm(c_forms.Form): class CheckForm(c_forms.Form):

83
resetpwd/utils.py
View File

@ -9,10 +9,16 @@
from django.shortcuts import render from django.shortcuts import render
from django.http import HttpResponseRedirect from django.http import HttpResponseRedirect
import logging import logging
from utils.crypto import Crypto from utils.crypto_ops import Crypto
from pwdselfservice.local_settings import TMPID_COOKIE_AGE
from django.conf import settings from django.conf import settings
from pwdselfservice import crypto_key from pwdselfservice import crypto_key
import os
APP_ENV = os.getenv('APP_ENV')
if APP_ENV == 'dev':
from conf.local_settings_dev import *
else:
from conf.local_settings import *
logger = logging.getLogger('django') logger = logging.getLogger('django')
@ -26,7 +32,7 @@ def code_2_user_id(ops, request, msg_template, home_url, code):
'button_click': "window.location.href='%s'" % home_url, 'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页" 'button_display': "返回主页"
} }
return render(request, msg_template, context) return False, context, user_id
detail_status, user_info = ops.get_user_detail_by_user_id(user_id) detail_status, user_info = ops.get_user_detail_by_user_id(user_id)
if not detail_status: if not detail_status:
context = { context = {
@ -34,38 +40,36 @@ def code_2_user_id(ops, request, msg_template, home_url, code):
'button_click': "window.location.href='%s'" % home_url, 'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页" 'button_display': "返回主页"
} }
return render(request, msg_template, context) return False, context, user_info
return user_id, user_info return True, user_id, user_info
def crypto_id_2_user_info(ops, request, msg_template, home_url, scan_app_tag): def crypto_id_2_user_info(ops, request, msg_template, home_url, scan_app_tag):
try: try:
crypto_tmp_id = request.COOKIES.get('tmpid') crypto_tmp_id = request.COOKIES.get('tmpid')
if not crypto_tmp_id:
logger.error('[异常] 请求方法:%s,请求路径:%s未能拿到TmpID或会话己超时。' % (request.method, request.path))
context = {
'msg': "会话己超时,请重新扫码验证用户信息。",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return False, context
# 解密
crypto = Crypto(crypto_key)
user_id = crypto.decrypt(crypto_tmp_id)
# 通过user_id拿到用户的邮箱并格式化为username
userid_status, user_info = ops.get_user_detail_by_user_id(user_id)
if not userid_status:
context = {
'msg': '获取{}用户信息失败,错误信息:{}'.format(user_info, scan_app_tag),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return False, context
return True, user_info
except Exception as e: except Exception as e:
crypto_tmp_id = None return False, str(e)
logger.error('[异常] %s' % str(e))
if not crypto_tmp_id:
logger.error('[异常] 请求方法:%s,请求路径:%s未能拿到TmpID或会话己超时。' % (request.method, request.path))
context = {
'msg': "会话己超时,请重新扫码验证用户信息。",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
# 解密
crypto = Crypto(crypto_key)
user_id = crypto.decrypt(crypto_tmp_id)
# 通过user_id拿到用户的邮箱并格式化为username
userid_status, user_info = ops.get_user_detail_by_user_id(user_id)
if not userid_status:
context = {
'msg': '获取{}用户信息失败,错误信息:{}'.format(user_info, scan_app_tag),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
return user_info
def crypto_user_id_2_cookie(user_id): def crypto_user_id_2_cookie(user_id):
@ -81,6 +85,9 @@ def crypto_user_id_2_cookie(user_id):
def crypto_id_2_user_id(request, msg_template, home_url): def crypto_id_2_user_id(request, msg_template, home_url):
try: try:
crypto_tmp_id = request.COOKIES.get('tmpid') crypto_tmp_id = request.COOKIES.get('tmpid')
# 解密
crypto = Crypto(crypto_key)
return True, crypto.decrypt(crypto_tmp_id)
except Exception as e: except Exception as e:
logger.error('[异常] %s' % str(e)) logger.error('[异常] %s' % str(e))
logger.error('[异常] 请求方法:%s,请求路径:%s未能拿到TmpID或会话己超时。' % (request.method, request.path)) logger.error('[异常] 请求方法:%s,请求路径:%s未能拿到TmpID或会话己超时。' % (request.method, request.path))
@ -89,10 +96,7 @@ def crypto_id_2_user_id(request, msg_template, home_url):
'button_click': "window.location.href='%s'" % home_url, 'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页" 'button_display': "返回主页"
} }
return render(request, msg_template, context) return False, context
# 解密
crypto = Crypto(crypto_key)
return crypto.decrypt(crypto_tmp_id)
def ops_account(ad_ops, request, msg_template, home_url, username, new_password): def ops_account(ad_ops, request, msg_template, home_url, username, new_password):
@ -102,7 +106,7 @@ def ops_account(ad_ops, request, msg_template, home_url, username, new_password)
'button_click': "window.location.href='%s'" % home_url, 'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页" 'button_display': "返回主页"
} }
return render(request, msg_template, context) return False, context
account_code = ad_ops.ad_get_user_status_by_account(username) account_code = ad_ops.ad_get_user_status_by_account(username)
if account_code in settings.AD_ACCOUNT_DISABLE_CODE: if account_code in settings.AD_ACCOUNT_DISABLE_CODE:
@ -111,7 +115,8 @@ def ops_account(ad_ops, request, msg_template, home_url, username, new_password)
'button_click': "window.location.href='%s'" % home_url, 'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页" 'button_display': "返回主页"
} }
return render(request, msg_template, context) return False, context
if new_password: if new_password:
reset_status, result = ad_ops.ad_reset_user_pwd_by_account(username=username, new_password=new_password) reset_status, result = ad_ops.ad_reset_user_pwd_by_account(username=username, new_password=new_password)
if reset_status: if reset_status:
@ -123,14 +128,14 @@ def ops_account(ad_ops, request, msg_template, home_url, username, new_password)
'button_click': "window.location.href='%s'" % home_url, 'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页" 'button_display': "返回主页"
} }
return render(request, msg_template, context) return True, context
else: else:
context = { context = {
'msg': "密码未修改/重置成功,错误信息:{}".format(result), 'msg': "密码未修改/重置成功,错误信息:{}".format(result),
'button_click': "window.location.href='%s'" % home_url, 'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页" 'button_display': "返回主页"
} }
return render(request, msg_template, context) return False, context
else: else:
unlock_status, result = ad_ops.ad_unlock_user_by_account(username) unlock_status, result = ad_ops.ad_unlock_user_by_account(username)
if unlock_status: if unlock_status:
@ -139,11 +144,11 @@ def ops_account(ad_ops, request, msg_template, home_url, username, new_password)
'button_click': "window.location.href='%s'" % home_url, 'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页" 'button_display': "返回主页"
} }
return render(request, msg_template, context) return True, context
else: else:
context = { context = {
'msg': "账号未能解锁,错误信息:{}".format(result), 'msg': "账号未能解锁,错误信息:{}".format(result),
'button_click': "window.location.href='%s'" % home_url, 'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页" 'button_display': "返回主页"
} }
return render(request, msg_template, context) return False, context

58
resetpwd/views.py
View File

@ -1,14 +1,16 @@
import logging import logging
import os
from django.http import HttpResponseRedirect
from django.shortcuts import render from django.shortcuts import render
from pwdselfservice.local_settings import SCAN_CODE_TYPE, DING_MO_APP_ID, WEWORK_CORP_ID, WEWORK_AGENT_ID, HOME_URL, TMPID_COOKIE_AGE
from utils.ad_ops import AdOps from utils.ad_ops import AdOps
from utils.crypto import Crypto
from utils.format_username import format2username, get_user_is_active from utils.format_username import format2username, get_user_is_active
from .form import CheckForm from .form import CheckForm
from .utils import code_2_user_id, crypto_id_2_user_info, ops_account, crypto_id_2_user_id, crypto_user_id_2_cookie from .utils import code_2_user_id, crypto_id_2_user_info, ops_account, crypto_id_2_user_id, crypto_user_id_2_cookie
APP_ENV = os.getenv('APP_ENV')
if APP_ENV == 'dev':
from conf.local_settings_dev import SCAN_CODE_TYPE, DING_MO_APP_ID, WEWORK_CORP_ID, WEWORK_AGENT_ID, HOME_URL
else:
from conf.local_settings import SCAN_CODE_TYPE, DING_MO_APP_ID, WEWORK_CORP_ID, WEWORK_AGENT_ID, HOME_URL
msg_template = 'messages.html' msg_template = 'messages.html'
logger = logging.getLogger('django') logger = logging.getLogger('django')
@ -27,6 +29,12 @@ class PARAMS(object):
SCAN_APP = '微信' SCAN_APP = '微信'
from utils.wework_ops import WeWorkOps from utils.wework_ops import WeWorkOps
ops = WeWorkOps() ops = WeWorkOps()
else:
app_id = WEWORK_CORP_ID
agent_id = WEWORK_AGENT_ID
SCAN_APP = '微信'
from utils.wework_ops import WeWorkOps
ops = WeWorkOps()
scan_params = PARAMS() scan_params = PARAMS()
@ -53,6 +61,8 @@ def index(request):
return render(request, 'ding_index.html', locals()) return render(request, 'ding_index.html', locals())
elif request.method == 'GET' and SCAN_CODE_TYPE == 'WEWORK': elif request.method == 'GET' and SCAN_CODE_TYPE == 'WEWORK':
return render(request, 'we_index.html', locals()) return render(request, 'we_index.html', locals())
elif request.method == 'GET' and SCAN_CODE_TYPE == 'FEISHU':
return render(request, 'feishu_index.html', locals())
else: else:
logger.error('[异常] 请求方法:%s,请求路径:%s' % (request.method, request.path)) logger.error('[异常] 请求方法:%s,请求路径:%s' % (request.method, request.path))
@ -112,8 +122,11 @@ def callback_check(request):
'button_display': "返回主页" 'button_display': "返回主页"
} }
return render(request, msg_template, context) return render(request, msg_template, context)
print("code: {}" .format(code))
try: try:
user_id, user_info = code_2_user_id(_ops, request, msg_template, home_url, code) _status, user_id, user_info = code_2_user_id(_ops, request, msg_template, home_url, code)
if not _status:
return render(request, msg_template, user_id)
# 账号是否是激活的 # 账号是否是激活的
if get_user_is_active(user_info): if get_user_is_active(user_info):
return crypto_user_id_2_cookie(user_id) return crypto_user_id_2_cookie(user_id)
@ -143,7 +156,9 @@ def reset_pwd_by_callback(request):
home_url = '%s://%s' % (request.scheme, HOME_URL) home_url = '%s://%s' % (request.scheme, HOME_URL)
# 从cookie中提取union_id并解密然后对当前union_id的用户进行重置密码 # 从cookie中提取union_id并解密然后对当前union_id的用户进行重置密码
if request.method == 'GET': if request.method == 'GET':
user_id = crypto_id_2_user_id(request, msg_template, home_url) _status, user_id = crypto_id_2_user_id(request, msg_template, home_url)
if not _status:
return render(request, msg_template, user_id)
userid_status, user_info = _ops.get_user_detail_by_user_id(user_id) userid_status, user_info = _ops.get_user_detail_by_user_id(user_id)
if not userid_status: if not userid_status:
context = { context = {
@ -162,7 +177,7 @@ def reset_pwd_by_callback(request):
return render(request, 'resetPassword.html', context) return render(request, 'resetPassword.html', context)
else: else:
context = { context = {
'msg': "{},您好,企业{}中未能找到您账号的邮箱配置请联系HR完善信息。" .format(user_info.get('name'), scan_params.SCAN_APP), 'msg': "{},您好,企业{}中未能找到您账号的邮箱配置请联系HR完善信息。".format(user_info.get('name'), scan_params.SCAN_APP),
'button_click': "window.location.href='%s'" % home_url, 'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页" 'button_display': "返回主页"
} }
@ -170,10 +185,21 @@ def reset_pwd_by_callback(request):
# 重置密码页面,输入新密码后点击提交 # 重置密码页面,输入新密码后点击提交
elif request.method == 'POST': elif request.method == 'POST':
_new_password = request.POST.get('new_password').strip() try:
user_info = crypto_id_2_user_info(_ops, request, msg_template, home_url, scan_params.SCAN_APP) _new_password = request.POST.get('new_password').strip()
username = format2username(user_info.get('email')) _status, user_info = crypto_id_2_user_info(_ops, request, msg_template, home_url, scan_params.SCAN_APP)
return ops_account(ad_ops, request, msg_template, home_url, username, _new_password) if not _status:
return render(request, msg_template, user_info)
username = format2username(user_info.get('email'))
return ops_account(ad_ops, request, msg_template, home_url, username, _new_password)
except Exception as reset_e:
context = {
'msg': "错误[%s],请与管理员联系." % str(reset_e),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
logger.error('[异常] %s' % str(reset_e))
return render(request, msg_template, context)
else: else:
context = { context = {
'msg': "请从主页开始进行操作。", 'msg': "请从主页开始进行操作。",
@ -191,7 +217,9 @@ def unlock_account(request):
""" """
home_url = '%s://%s' % (request.scheme, HOME_URL) home_url = '%s://%s' % (request.scheme, HOME_URL)
if request.method == 'GET': if request.method == 'GET':
user_info = crypto_id_2_user_info(_ops, request, msg_template, home_url, scan_params.SCAN_APP) _status, user_info = crypto_id_2_user_info(_ops, request, msg_template, home_url, scan_params.SCAN_APP)
if not _status:
return render(request, msg_template, user_info)
username = format2username(user_info.get('email')) username = format2username(user_info.get('email'))
context = { context = {
'username': username, 'username': username,
@ -199,7 +227,9 @@ def unlock_account(request):
return render(request, 'resetPassword.html', context) return render(request, 'resetPassword.html', context)
elif request.method == 'POST': elif request.method == 'POST':
user_info = crypto_id_2_user_info(_ops, request, msg_template, home_url, scan_params.SCAN_APP) _status, user_info = crypto_id_2_user_info(_ops, request, msg_template, home_url, scan_params.SCAN_APP)
if not _status:
return render(request, msg_template, user_info)
username = format2username(user_info.get('email')) username = format2username(user_info.get('email'))
return ops_account(ad_ops, request, msg_template, home_url, username, None) return ops_account(ad_ops, request, msg_template, home_url, username, None)
else: else:

1
templates/ding_index.html
View File

@ -76,7 +76,6 @@
width: "300", width: "300",
height: "300" height: "300"
}); });
// 获取loginTmpCode
var hanndleMessage = function (event) { var hanndleMessage = function (event) {
var origin = event.origin; var origin = event.origin;
console.log("origin", event.origin) console.log("origin", event.origin)

8
utils/ad_ops.py
View File

@ -2,8 +2,12 @@ from ldap3 import *
from ldap3.core.exceptions import LDAPInvalidCredentialsResult, LDAPOperationResult from ldap3.core.exceptions import LDAPInvalidCredentialsResult, LDAPOperationResult
from ldap3.core.results import * from ldap3.core.results import *
from ldap3.utils.dn import safe_dn from ldap3.utils.dn import safe_dn
import os
from pwdselfservice.local_settings import * APP_ENV = os.getenv('APP_ENV')
if APP_ENV == 'dev':
from conf.local_settings_dev import *
else:
from conf.local_settings import *
""" """
根据以下网站的说明 根据以下网站的说明

0
utils/crypto.py → utils/crypto_ops.py
View File

39
utils/dingding_ops.py
View File

@ -11,11 +11,19 @@ import requests
from dingtalk.client import AppKeyClient from dingtalk.client import AppKeyClient
from pwdselfservice import cache_storage from pwdselfservice import cache_storage
from pwdselfservice.local_settings import DING_APP_KEY, DING_APP_SECRET, DING_CORP_ID, DING_URL, DING_MO_APP_ID, DING_MO_APP_SECRET import os
APP_ENV = os.getenv('APP_ENV')
if APP_ENV == 'dev':
from conf.local_settings_dev import *
else:
from conf.local_settings import *
class DingDingOps(object): class DingDingOps(AppKeyClient):
def __init__(self, corp_id=DING_CORP_ID, app_key=DING_APP_KEY, app_secret=DING_APP_SECRET, mo_app_id=DING_MO_APP_ID, mo_app_secret=DING_MO_APP_SECRET, storage=cache_storage): def __init__(self, corp_id=DING_CORP_ID, app_key=DING_APP_KEY, app_secret=DING_APP_SECRET, mo_app_id=DING_MO_APP_ID, mo_app_secret=DING_MO_APP_SECRET,
storage=cache_storage):
super().__init__(corp_id, app_key, app_secret, storage)
self.corp_id = corp_id self.corp_id = corp_id
self.app_key = app_key self.app_key = app_key
self.app_secret = app_secret self.app_secret = app_secret
@ -23,23 +31,13 @@ class DingDingOps(object):
self.mo_app_secret = mo_app_secret self.mo_app_secret = mo_app_secret
self.storage = storage self.storage = storage
@property
def _client_connect(self):
"""
钉钉连接器
:return:
"""
return AppKeyClient(corp_id=self.corp_id, app_key=self.app_key, app_secret=self.app_secret)
def get_union_id_by_code(self, code): def get_union_id_by_code(self, code):
""" """
通过移动应用接入扫码返回的临时授权码使用临时授权码换取用户的unionid 通过移动应用接入扫码返回的临时授权码使用临时授权码换取用户的 unionid
:param code: :param code: 临时授权码
:return: :return: unionid
""" """
# token = self.ding_get_access_token
time_stamp = int(round(time.time() * 1000)) time_stamp = int(round(time.time() * 1000))
# 时间戳
# 通过appSecret计算出来的签名值该参数值在HTTP请求参数中需要urlEncode(因为签名中可能包含特殊字符+)。 # 通过appSecret计算出来的签名值该参数值在HTTP请求参数中需要urlEncode(因为签名中可能包含特殊字符+)。
signature = quote(base64.b64encode(hmac.new( signature = quote(base64.b64encode(hmac.new(
self.mo_app_secret.encode('utf-8'), self.mo_app_secret.encode('utf-8'),
@ -51,8 +49,8 @@ class DingDingOps(object):
url=url, url=url,
json=dict(tmp_auth_code=code), json=dict(tmp_auth_code=code),
) )
resp = resp.json()
try: try:
resp = resp.json()
if resp['errcode'] != 0: if resp['errcode'] != 0:
return False, 'get_union_id_by_code: %s' % str(resp) return False, 'get_union_id_by_code: %s' % str(resp)
else: else:
@ -62,13 +60,13 @@ class DingDingOps(object):
def get_user_id_by_code(self, code): def get_user_id_by_code(self, code):
""" """
通过code获取用户的userid 通过code获取用户的 userid
:param id: 用户在当前钉钉开放平台账号范围内的唯一标识 :param id: 用户在当前钉钉开放平台账号范围内的唯一标识
:return: :return:
""" """
_status, union_id = self.get_union_id_by_code(code) _status, union_id = self.get_union_id_by_code(code)
if _status: if _status:
return True, self._client_connect.user.get_userid_by_unionid(union_id).get('userid') return True, self.user.get_userid_by_unionid(union_id).get('userid')
else: else:
return False, 'get_user_id_by_code: %s' % str(union_id) return False, 'get_user_id_by_code: %s' % str(union_id)
@ -79,9 +77,10 @@ class DingDingOps(object):
:return: :return:
""" """
try: try:
return True, self._client_connect.user.get(user_id) return True, self.user.get(user_id)
except Exception as e: except Exception as e:
return False, 'get_user_detail_by_user_id: %s' % str(e) return False, 'get_user_detail_by_user_id: %s' % str(e)
except (KeyError, IndexError) as k_error: except (KeyError, IndexError) as k_error:
return False, 'get_user_detail_by_user_id: %s' % str(k_error) return False, 'get_user_detail_by_user_id: %s' % str(k_error)

2
utils/storage/kvstorage.py
View File

@ -54,7 +54,7 @@ def byte2int(c):
class KvStorage(BaseStorage): class KvStorage(BaseStorage):
def __init__(self, kvdb, prefix='wework'): def __init__(self, kvdb, prefix='client'):
for method_name in ('get', 'set', 'delete'): for method_name in ('get', 'set', 'delete'):
assert hasattr(kvdb, method_name) assert hasattr(kvdb, method_name)
self.kvdb = kvdb self.kvdb = kvdb

0
utils/wework_api/AbstractApi.py → utils/wework_api/abstract_api.py
View File

17
utils/wework_ops.py
View File

@ -7,11 +7,17 @@
# @Date 2021/5/18 16:55 # @Date 2021/5/18 16:55
from __future__ import absolute_import, unicode_literals from __future__ import absolute_import, unicode_literals
from pwdselfservice import cache_storage import os
from pwdselfservice.local_settings import * from pwdselfservice import cache_storage
from utils.storage.cache import WeWorkCache from utils.storage.cache import WeWorkCache
from utils.wework_api.AbstractApi import * from utils.wework_api.abstract_api import *
APP_ENV = os.getenv('APP_ENV')
if APP_ENV == 'dev':
from conf.local_settings_dev import *
else:
from conf.local_settings import *
CORP_API_TYPE = { CORP_API_TYPE = {
'GET_ACCESS_TOKEN': ['/cgi-bin/gettoken', 'GET'], 'GET_ACCESS_TOKEN': ['/cgi-bin/gettoken', 'GET'],
@ -117,7 +123,7 @@ class WeWorkOps(AbstractApi):
'code': code, 'code': code,
}).get('UserId') }).get('UserId')
except ApiException as e: except ApiException as e:
return False, "get_user_id_by_code: {}-{}" .format(e.errCode, e.errMsg) return False, "get_user_id_by_code: {}-{}".format(e.errCode, e.errMsg)
except Exception as e: except Exception as e:
return False, "get_user_id_by_code: {}".format(e) return False, "get_user_id_by_code: {}".format(e)
@ -129,7 +135,7 @@ class WeWorkOps(AbstractApi):
'userid': user_id, 'userid': user_id,
}) })
except ApiException as e: except ApiException as e:
return False, "get_user_detail_by_user_id: {}-{}" .format(e.errCode, e.errMsg) return False, "get_user_detail_by_user_id: {}-{}".format(e.errCode, e.errMsg)
except Exception as e: except Exception as e:
return False, "get_user_detail_by_user_id: {}".format(e) return False, "get_user_detail_by_user_id: {}".format(e)
@ -137,4 +143,3 @@ class WeWorkOps(AbstractApi):
if __name__ == '__main__': if __name__ == '__main__':
wx = WeWorkOps() wx = WeWorkOps()
print(wx.get_user_detail_by_user_id('XiangLe')) print(wx.get_user_detail_by_user_id('XiangLe'))