### 本次升级、修复，请使用最新版：

+ 升级Python版本为3.8
+ 升级Django到3.2
+ 修复用户名中使用\被转义的问题
+ 重写了dingding模块，因为dingding开发者平台接口鉴权的一些变动，之前的一些接口不能再使用，本次重写。
+ 重写了ad模块，修改账号的一些判断逻辑。
+ 重写了用户账号的格式兼容，现在用户账号可以兼容：username、DOMAIN\username、username@abc.com这三种格式。
+ 优化了整体的代码逻辑，去掉一些冗余重复的代码。

resetpwd/utils/ad.py

@@ -1,144 +0,0 @@
-from ldap3 import *
-from pwdselfservice.local_settings import *
-
-
-def __ad_connect():
-    """
-    AD连接器
-    :return:
-    """
-    username = str(AD_LOGIN_USER).lower()
-    server = Server(host=AD_HOST, use_ssl=True, port=636, get_info='ALL')
-    try:
-        conn = Connection(server, auto_bind=True, user=username, password=AD_LOGIN_USER_PWD, authentication='NTLM')
-        return conn
-    except Exception:
-        raise Exception('Server Error. Could not connect to Domain Controller')
-
-
-def ad_ensure_user_by_sam(username):
-    """
-    通过sAMAccountName查询某个用户是否在AD中
-    :param username:  除去@domain.com 的部分
-    :return: True or False
-    """
-    conn = __ad_connect()
-    base_dn = BASE_DN
-    condition = '(&(objectclass=person)(mail=' + username + '))'
-    attributes = ['sAMAccountName']
-    result = conn.search(base_dn, condition, attributes=attributes)
-    conn.unbind()
-    return result
-
-
-def ad_ensure_user_by_mail(user_mail_addr):
-    """
-    通过mail查询某个用户是否在AD中
-    :param user_mail_addr:
-    :return: True or False
-    """
-    conn = __ad_connect()
-    base_dn = BASE_DN
-    condition = '(&(objectclass=person)(mail=' + user_mail_addr + '))'
-    attributes = ['mail']
-    result = conn.search(base_dn, condition, attributes=attributes)
-    conn.unbind()
-    return result
-
-
-def ad_get_user_displayname_by_mail(user_mail_addr):
-    """
-    通过mail查询某个用户的显示名
-    :param user_mail_addr:
-    :return: user_displayname
-    """
-    conn = __ad_connect()
-    conn.search(BASE_DN, '(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=[
-        'displayName'])
-    user_displayname = conn.entries[0]['displayName']
-    conn.unbind()
-    return user_displayname
-
-
-def ad_get_user_dn_by_mail(user_mail_addr):
-    """
-    通过mail查询某个用户的完整DN
-    :param user_mail_addr:
-    :return: DN
-    """
-    conn = __ad_connect()
-    conn.search(BASE_DN,
-                '(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=['distinguishedName'])
-    user_dn = conn.entries[0]['distinguishedName']
-    conn.unbind()
-    return user_dn
-
-
-def ad_get_user_status_by_mail(user_mail_addr):
-    """
-    通过mail查询某个用户的账号状态
-    :param user_mail_addr:
-    :return: user_account_control code
-    """
-    conn = __ad_connect()
-    conn.search(BASE_DN,
-                '(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=['userAccountControl'])
-    user_account_control = conn.entries[0]['userAccountControl']
-    conn.unbind()
-    return user_account_control
-
-
-def ad_unlock_user_by_mail(user_mail_addr):
-    """
-    通过mail解锁某个用户
-    :param user_mail_addr:
-    :return:
-    """
-    conn = __ad_connect()
-    user_dn = ad_get_user_dn_by_mail(user_mail_addr)
-    result = conn.extend.microsoft.unlock_account(user="%s" % user_dn)
-    conn.unbind()
-    return result
-
-
-def ad_reset_user_pwd_by_mail(user_mail_addr, new_password):
-    """
-    通过mail重置某个用户的密码
-    :param user_mail_addr:
-    :return:
-    """
-    conn = __ad_connect()
-    user_dn = ad_get_user_dn_by_mail(user_mail_addr)
-    result = conn.extend.microsoft.modify_password(user="%s" % user_dn, new_password="%s" % new_password)
-    conn.unbind()
-    return result
-
-
-def ad_modify_user_pwd_by_mail(user_mail_addr, old_password, new_password):
-    """
-    通过mail修改某个用户的密码
-    :param user_mail_addr:
-    :return:
-    """
-    conn = __ad_connect()
-    user_dn = ad_get_user_dn_by_mail(user_mail_addr)
-    result = conn.extend.microsoft.modify_password(user="%s" % user_dn, new_password="%s" % new_password,
-                                                   old_password="%s" % old_password)
-    conn.unbind()
-    return result
-
-
-def ad_get_user_locked_status_by_mail(user_mail_addr):
-    """
-    通过mail获取某个用户账号是否被锁定
-    :param user_mail_addr:
-    :return: 如果结果是1601-01-01说明账号未锁定，返回0
-    """
-    conn = __ad_connect()
-    conn.search(BASE_DN, '(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=['lockoutTime'])
-    locked_status = conn.entries[0]['lockoutTime']
-    conn.unbind()
-    if '1601-01-01' in str(locked_status):
-        return 0
-    else:
-        return locked_status

resetpwd/utils/crypto.py

@@ -1,29 +0,0 @@
-import os
-import random
-
-try:
-    from cryptography.fernet import Fernet
-except ImportError:
-    os.system('pip3 install cryptography')
-    from cryptography.fernet import Fernet
-
-
-class Crypto(object):
-    """docstring for ClassName"""
-    def __init__(self, key):
-        self.factory = Fernet(key)
-
-    # 加密
-    def encrypt(self, string):
-        token = str(self.factory.encrypt(string.encode('utf-8')), 'utf-8')
-        return token
-
-    # 解密
-    def decrypt(self, token):
-        string = self.factory.decrypt(bytes(token.encode('utf-8'))).decode('utf-8')
-        return string
-
-
-if __name__ == '__main__':
-    key = Fernet.generate_key()
-    print(key)

resetpwd/utils/form.py

@@ -1,34 +0,0 @@
-from django.forms import fields as c_fields
-from django import forms as c_forms
-from django.core.exceptions import ValidationError
-
-
-class CheckForm(c_forms.Form):
-    new_password = c_fields.RegexField(
-        '(?=.*[0-9])(?=.*[a-zA-Z])(?=.*[^a-zA-Z0-9]).{8,30}',
-        # 密码必须同时包含大写、小写、数字和特殊字符其中三项且至少8位
-        strip=True,
-        min_length=8,
-        max_length=30,
-        error_messages={'required': '新密码不能为空.',
-                        'invalid': '密码必须包含数字，字母、特殊字符',
-                        'min_length': "密码长度不能小于8个字符",
-                        'max_length': "密码长度不能大于30个字符"}
-    )
-    old_password = c_fields.CharField(error_messages={'required': '确认密码不能为空'})
-    ensure_password = c_fields.CharField(error_messages={'required': '确认密码不能为空'})
-    user_email = c_fields.CharField(error_messages={'required': '邮箱不能为空', 'invalid': '邮箱格式错误'})
-
-    def clean(self):
-        pwd0 = self.cleaned_data.get('old_password')
-        pwd1 = self.cleaned_data.get('new_password')
-        pwd2 = self.cleaned_data.get('ensure_password')
-        if pwd1 == pwd2:
-            pass
-        elif pwd0 == pwd1:
-            # 这里异常模块导入要放在函数里面，放到文件开头有时会报错，找不到
-            from django.core.exceptions import ValidationError
-            raise ValidationError('新旧密码不能一样')
-        else:
-            from django.core.exceptions import ValidationError
-            raise ValidationError('新密码和确认密码输入不一致')

resetpwd/utils/pwdcheck.py

@@ -1,30 +0,0 @@
-from django.shortcuts import render, reverse, HttpResponsePermanentRedirect, redirect
-from django.http import *
-from django.contrib import messages
-from dingtalk import *
-from resetpwd.models import *
-from .crypto import Crypto
-from resetpwd.utils.ad import ad_get_user_locked_status_by_mail, ad_unlock_user_by_mail, ad_reset_user_pwd_by_mail, \
-    ad_get_user_status_by_mail, ad_ensure_user_by_mail, ad_modify_user_pwd_by_mail
-from .dingding import ding_get_userinfo_detail, ding_get_userid_by_unionid, ding_get_userinfo_by_code, \
-    ding_get_persistent_code, ding_get_access_token
-from pwdselfservice.local_settings import *
-from resetpwd.form import *
-
-
-class CustomPasswortValidator(object):
-
-    def __init__(self, min_length=1, max_length=30):
-        self.min_length = min_length
-
-    def validate(self, password):
-        special_characters = "[~\!@#\$%\^&\*\(\)_\+{}\":;'\[\]]"
-        if not any(char.isdigit() for char in password):
-            raise ValidationError(_('Password must contain at least %(min_length)d digit.') % {'min_length': self.min_length})
-        if not any(char.isalpha() for char in password):
-            raise ValidationError(_('Password must contain at least %(min_length)d letter.') % {'min_length': self.min_length})
-        if not any(char in special_characters for char in password):
-            raise ValidationError(_('Password must contain at least %(min_length)d special character.') % {'min_length': self.min_length})
-
-    def get_help_text(self):
-        return ""