Github
parent
3962536e7d
commit
fa8beccc12
|
|
@ -17,7 +17,7 @@ DING_APP_KEY = 'dingqdzmax324v'
|
|||
DING_APP_SECRET = 'rnGRJhhw5kVmzykG9mrTDxewmI4e0myPAluMlguYQOaadsf2fhgfdfsx'
|
||||
|
||||
# 钉钉移动应用接入
|
||||
DING_SELF_APP_ID = 'dingoabrzugusdfdf33fgfds
|
||||
DING_SELF_APP_ID = 'dingoabrzugusdfdf33fgfds'
|
||||
DING_SELF_APP_SECRET = 'IrH2MedSgesguFjGvFCTjXYBRZDhA5AI4ADQU5710sgLffdsadf32uhgfdsfs'
|
||||
|
||||
# Crypty key 通过generate_key生成,可不用修改,如果需要自行生成,请使用Crypto.generate_key自行生成,用于加密页面提交的明文密码
|
||||
|
|
|
|||
38
readme.md
38
readme.md
|
|
@ -57,7 +57,7 @@ DING_APP_SECRET = 'rnGRJhhw5kVmzykG9mrTDxewmI4e0myP1123333221jzeKv3amQYWcInLV3x'
|
|||
|
||||
# 钉钉移动应用接入
|
||||
DING_SELF_APP_ID = 'dingoabr112233xts'
|
||||
DING_SELF_APP_SECRET = 'IrH2MedSgesguFjGvFCTjXYBRZD3322112233332211222
|
||||
DING_SELF_APP_SECRET = 'IrH2MedSgesguFjGvFCTjXYBRZD3322112233332211222'
|
||||
|
||||
# Crypty key 通过Crypty.generate_key生成
|
||||
CRYPTO_KEY = b'dp8U9y7NAhCD3MoNwPzPBhBtTZ1uI_WWSdpNs6wUDgs='
|
||||
|
|
@ -89,38 +89,40 @@ IP和路径按自己实际路径修改
|
|||
````ini
|
||||
[uwsgi]
|
||||
http-socket = 192.168.90.111:8000
|
||||
|
||||
chdir = /usr/local/wwwroot/pwdselfservice
|
||||
|
||||
|
||||
# 项目目录
|
||||
chdir = /usr/local/wwwroot/ad-password-self-service
|
||||
|
||||
# settings.py 里的app wsgi名称
|
||||
module = pwdselfservice.wsgi:application
|
||||
|
||||
master = true
|
||||
|
||||
|
||||
processes = 4
|
||||
|
||||
|
||||
threads = 4
|
||||
|
||||
|
||||
max-requests = 2000
|
||||
|
||||
|
||||
chmod-socket = 755
|
||||
|
||||
|
||||
vacuum = true
|
||||
|
||||
#设置缓冲
|
||||
#设置缓冲大小
|
||||
post-buffering = 4096
|
||||
|
||||
#设置静态文件
|
||||
static-map = /static=/usr/local/wwwroot/pwdselfservice/static
|
||||
#设置静态文件目录映射
|
||||
static-map = /static=/usr/local/wwwroot/ad-password-self-service/static
|
||||
|
||||
#设置日志目录
|
||||
#设置日志保存目录
|
||||
daemonize = /usr/local/wwwroot/log/uwsgi/uwsgi.log
|
||||
````
|
||||
|
||||
|
||||
## 通过uwsgi启动:
|
||||
/usr/local/python3/bin/uwsgi -d --ini /usr/loca/wwwroot/pwdselfservice/uwsgi.ini
|
||||
/usr/local/python3/bin/uwsgi -d --ini /usr/local/wwwroot/ad-password-self-service/uwsgi.ini
|
||||
|
||||
其中/xxx/xxx/pwdselfservice/uwsgi.ini是你自己的服务器中此文件的真实地址
|
||||
其中/xxx/xxx/ad-password-self-service/uwsgi.ini是你自己的服务器中此文件的真实地址
|
||||
|
||||
启动之后也可以通过IP+端口访问了。
|
||||
|
||||
|
|
@ -129,17 +131,17 @@ daemonize = /usr/local/wwwroot/log/uwsgi/uwsgi.log
|
|||
uwsgi-start.sh:
|
||||
```shell
|
||||
#!/bin/sh
|
||||
/usr/local/python3/bin/uwsgi -d --ini /usr/loca/wwwroot/pwdselfservice/uwsgi.ini --touch-reload "/usr/loca/wwwroot/pwdselfservice/reload.set"
|
||||
/usr/local/python3/bin/uwsgi -d --ini /usr/local/wwwroot/ad-password-self-service/uwsgi.ini --touch-reload "/usr/local/wwwroot/ad-password-self-service/reload.set"
|
||||
```
|
||||
|
||||
uwsgi-autoreload.sh:
|
||||
````shell
|
||||
#!/bin/sh
|
||||
objectdir="/usr/loca/wwwroot/pwdselfservice"
|
||||
objectdir="/usr/local/wwwroot/ad-password-self-service"
|
||||
|
||||
/usr/bin/inotifywait -mrq --exclude "(logs|\.swp|\.swx|\.log|\.pyc|\.sqlite3)" --timefmt '%d/%m/%y %H:%M' --format '%T %wf' --event modify,delete,move,create,attrib ${objectdir} | while read files
|
||||
do
|
||||
/bin/touch /usr/loca/wwwroot/pwdselfservice/reload.set
|
||||
/bin/touch /usr/local/wwwroot/ad-password-self-service/reload.set
|
||||
continue
|
||||
done &
|
||||
````
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ msg_template = 'msg.html'
|
|||
home_url = HOME_URL
|
||||
logger = logging.getLogger('django')
|
||||
|
||||
|
||||
def resetpwd_index(request):
|
||||
home_url = HOME_URL
|
||||
app_id = DING_SELF_APP_ID
|
||||
|
|
@ -24,6 +25,7 @@ def resetpwd_index(request):
|
|||
|
||||
if request.method == 'POST':
|
||||
check_form = CheckForm(request.POST)
|
||||
# 对前端提交的用户名、密码进行二次验证,防止有人恶意修改前端JS提交简单密码或提交非法用户
|
||||
if check_form.is_valid():
|
||||
form_obj = check_form.cleaned_data
|
||||
user_email = form_obj.get("user_email")
|
||||
|
|
@ -39,79 +41,55 @@ def resetpwd_index(request):
|
|||
}
|
||||
return render(request, msg_template, context)
|
||||
|
||||
if user_email and old_password and new_password:
|
||||
try:
|
||||
# 判断账号是否被锁定
|
||||
if ad_get_user_locked_status_by_mail(user_mail_addr=user_email) is not 0:
|
||||
context = {
|
||||
'msg': "此账号己被锁定,请先解锁账号。",
|
||||
'button_click': "window.history.back()",
|
||||
'button_display': "返回"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
|
||||
if ad_get_user_status_by_mail(user_mail_addr=user_email) == 514 or ad_get_user_status_by_mail(
|
||||
user_mail_addr=user_email) == 66050:
|
||||
context = {
|
||||
'msg': "此账号状态为己禁用,请联系HR确认账号是否正确。",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
|
||||
else:
|
||||
try:
|
||||
result = ad_modify_user_pwd_by_mail(user_mail_addr=user_email, old_password=old_password,
|
||||
new_password=new_password)
|
||||
if result is True:
|
||||
context = {
|
||||
'msg': "密码己修改成功,请妥善保管密码。你可直接关闭此页面!",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
|
||||
else:
|
||||
context = {
|
||||
'msg': "密码未修改成功,请确认旧密码是否正确。",
|
||||
'button_click': "window.history.back()",
|
||||
'button_display': "返回"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
|
||||
except IndexError:
|
||||
context = {
|
||||
'msg': "请确认邮箱账号[%s]是否正确?未能在Active Directory中检索到相关信息。" % user_email,
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
except Exception as e:
|
||||
context = {
|
||||
'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e),
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
|
||||
except IndexError:
|
||||
try:
|
||||
# 判断账号是否被锁定
|
||||
if ad_get_user_locked_status_by_mail(user_mail_addr=user_email) is not 0:
|
||||
context = {
|
||||
'msg': "请确认邮箱账号[%s]是否正确?未能在Active Directory中检索到相关信息。" % user_email,
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
except Exception as e:
|
||||
context = {
|
||||
'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e),
|
||||
'msg': "此账号己被锁定,请先解锁账号。",
|
||||
'button_click': "window.history.back()",
|
||||
'button_display': "返回"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
|
||||
# 判断账号状态是否禁用或锁定
|
||||
if ad_get_user_status_by_mail(user_mail_addr=user_email) == 514 or ad_get_user_status_by_mail(
|
||||
user_mail_addr=user_email) == 66050:
|
||||
context = {
|
||||
'msg': "此账号状态为己禁用,请联系HR确认账号是否正确。",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
|
||||
except IndexError:
|
||||
context = {
|
||||
'msg': "请确认邮箱账号[%s]是否正确?未能在Active Directory中检索到相关信息。" % user_email,
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
except Exception as e:
|
||||
context = {
|
||||
'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e),
|
||||
'button_click': "window.history.back()",
|
||||
'button_display': "返回"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
|
||||
# 修改密码
|
||||
result = ad_modify_user_pwd_by_mail(user_mail_addr=user_email, old_password=old_password,
|
||||
new_password=new_password)
|
||||
if result is True:
|
||||
context = {
|
||||
'msg': "密码己修改成功,请妥善保管密码。你可直接关闭此页面!",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
|
||||
else:
|
||||
context = {
|
||||
'msg': "用户名、旧密码、新密码参数不正确,请重新确认后输入。",
|
||||
'msg': "密码未修改成功,请确认旧密码是否正确。",
|
||||
'button_click': "window.history.back()",
|
||||
'button_display': "返回"
|
||||
}
|
||||
|
|
@ -143,33 +121,33 @@ def resetpwd_check_userinfo(request):
|
|||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
else:
|
||||
ding_user_info = ding_get_userinfo_detail(ding_get_userid_by_unionid(unionid))
|
||||
try:
|
||||
# 钉钉中此账号是否可用
|
||||
if ding_user_info['active']:
|
||||
crypto = Crypto(CRYPTO_KEY)
|
||||
unionid_cryto = crypto.encrypt(unionid)
|
||||
# 配置cookie,并重定向到重置密码页面。
|
||||
set_cookie = HttpResponseRedirect('resetpwd')
|
||||
set_cookie.set_cookie('tmpid', unionid_cryto, expires=TMPID_COOKIE_AGE)
|
||||
return set_cookie
|
||||
else:
|
||||
context = {
|
||||
'msg': '邮箱是[%s]的用户在钉钉中未激活或可能己离职' % ding_user_info['email'],
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
except IndexError:
|
||||
|
||||
ding_user_info = ding_get_userinfo_detail(ding_get_userid_by_unionid(unionid))
|
||||
try:
|
||||
# 钉钉中此账号是否可用
|
||||
if ding_user_info['active']:
|
||||
crypto = Crypto(CRYPTO_KEY)
|
||||
unionid_cryto = crypto.encrypt(unionid)
|
||||
# 配置cookie,并重定向到重置密码页面。
|
||||
set_cookie = HttpResponseRedirect('resetpwd')
|
||||
set_cookie.set_cookie('tmpid', unionid_cryto, expires=TMPID_COOKIE_AGE)
|
||||
return set_cookie
|
||||
else:
|
||||
context = {
|
||||
'msg': "用户不存在或己离职",
|
||||
'msg': '邮箱是[%s]的用户在钉钉中未激活或可能己离职' % ding_user_info['email'],
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
except Exception as e:
|
||||
logger.error('[异常] :%s' % str(e))
|
||||
except IndexError:
|
||||
context = {
|
||||
'msg': "用户不存在或己离职",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
except Exception as e:
|
||||
logger.error('[异常] :%s' % str(e))
|
||||
|
||||
except KeyError:
|
||||
context = {
|
||||
|
|
@ -250,39 +228,39 @@ def resetpwd_reset(request):
|
|||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
else:
|
||||
try:
|
||||
result = ad_reset_user_pwd_by_mail(user_mail_addr=user_email, new_password=new_password)
|
||||
if result:
|
||||
# 重置密码并执行一次解锁,防止重置后账号还是锁定状态。
|
||||
ad_unlock_user_by_mail(user_email)
|
||||
context = {
|
||||
'msg': "密码己重置成功,请妥善保管。你可以点击返回主页或直接关闭此页面!",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
else:
|
||||
context = {
|
||||
'msg': "密码未重置成功,确认密码是否满足AD的复杂性要求。",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
except IndexError:
|
||||
|
||||
try:
|
||||
result = ad_reset_user_pwd_by_mail(user_mail_addr=user_email, new_password=new_password)
|
||||
if result:
|
||||
# 重置密码并执行一次解锁,防止重置后账号还是锁定状态。
|
||||
ad_unlock_user_by_mail(user_email)
|
||||
context = {
|
||||
'msg': "请确认邮箱账号[%s]是否正确?未能在AD中检索到相关信息。" % user_email,
|
||||
'msg': "密码己重置成功,请妥善保管。你可以点击返回主页或直接关闭此页面!",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
except Exception as e:
|
||||
else:
|
||||
context = {
|
||||
'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e),
|
||||
'msg': "密码未重置成功,确认密码是否满足AD的复杂性要求。",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
except IndexError:
|
||||
context = {
|
||||
'msg': "请确认邮箱账号[%s]是否正确?未能在AD中检索到相关信息。" % user_email,
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
except Exception as e:
|
||||
context = {
|
||||
'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e),
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
else:
|
||||
context = {
|
||||
'msg': "请从主页开始进行操作。",
|
||||
|
|
@ -330,37 +308,37 @@ def resetpwd_unlock(request):
|
|||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
else:
|
||||
try:
|
||||
result = ad_unlock_user_by_mail(user_email)
|
||||
if result:
|
||||
context = {
|
||||
'msg': "账号己解锁成功。你可以点击返回主页或直接关闭此页面!",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
else:
|
||||
context = {
|
||||
'msg': "账号未能解锁,请联系管理员确认该账号在AD的是否己禁用。",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
except IndexError:
|
||||
|
||||
try:
|
||||
result = ad_unlock_user_by_mail(user_email)
|
||||
if result:
|
||||
context = {
|
||||
'msg': "请确认邮箱账号[%s]是否正确?未能在AD中检索到相关信息。" % user_email,
|
||||
'msg': "账号己解锁成功。你可以点击返回主页或直接关闭此页面!",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
except Exception as e:
|
||||
else:
|
||||
context = {
|
||||
'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e),
|
||||
'msg': "账号未能解锁,请联系管理员确认该账号在AD的是否己禁用。",
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
except IndexError:
|
||||
context = {
|
||||
'msg': "请确认邮箱账号[%s]是否正确?未能在AD中检索到相关信息。" % user_email,
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
except Exception as e:
|
||||
context = {
|
||||
'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e),
|
||||
'button_click': "window.location.href='%s'" % home_url,
|
||||
'button_display': "返回主页"
|
||||
}
|
||||
return render(request, msg_template, context)
|
||||
else:
|
||||
context = {
|
||||
'msg': "请从主页开始进行操作。",
|
||||
|
|
|
|||
|
|
@ -108,7 +108,5 @@ if (!!window.ActiveXObject || "ActiveXObject" in window)
|
|||
alert("您当前使用的浏览器为IE或IE内核,因为IE各种体验问题,本网站不对IE兼容。\n为能正常使用密码自助修改服务,请更换谷歌、火狐等非IE核心的浏览器。\n如果是360、Maxthon" +
|
||||
"等这类双核心浏览器,请切换至[极速模式]亦可。")
|
||||
}
|
||||
|
||||
|
||||
</script>
|
||||
</body></html>
|
||||
16
uwsgi.ini
16
uwsgi.ini
|
|
@ -1,8 +1,10 @@
|
|||
[uwsgi]
|
||||
http-socket = 192.168.90.111:8000
|
||||
|
||||
chdir = /usr/local/wwwroot/pwdselfservice
|
||||
|
||||
|
||||
# 项目目录
|
||||
chdir = /usr/local/wwwroot/ad-password-self-service
|
||||
|
||||
# settings.py 里的wsgi名称
|
||||
module = pwdselfservice.wsgi:application
|
||||
|
||||
master = true
|
||||
|
|
@ -17,11 +19,11 @@ chmod-socket = 755
|
|||
|
||||
vacuum = true
|
||||
|
||||
#设置缓冲
|
||||
#设置缓冲大小
|
||||
post-buffering = 4096
|
||||
|
||||
#设置静态文件
|
||||
static-map = /static=/usr/local/wwwroot/pwdselfservice/static
|
||||
#设置静态文件目录映射
|
||||
static-map = /static=/usr/local/wwwroot/ad-password-self-service/static
|
||||
|
||||
#设置日志目录
|
||||
#设置日志保存目录
|
||||
daemonize = /usr/local/wwwroot/log/uwsgi/uwsgi.log
|
||||
Loading…
Reference in New Issue