From fa8beccc129298e0dd53c6b587152376616c73f3 Mon Sep 17 00:00:00 2001 From: Github Date: Fri, 2 Aug 2019 22:54:35 +0800 Subject: [PATCH] =?UTF-8?q?=E7=AE=80=E5=8C=96=E4=BB=A3=E7=A0=81=20?= =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E8=B7=AF=E5=BE=84=E9=94=99=E8=AF=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pwdselfservice/local_settings.py | 2 +- readme.md | 38 ++--- resetpwd/views.py | 242 ++++++++++++++----------------- templates/index.html | 2 - uwsgi.ini | 16 +- 5 files changed, 140 insertions(+), 160 deletions(-) diff --git a/pwdselfservice/local_settings.py b/pwdselfservice/local_settings.py index eee84db..6ca2a96 100644 --- a/pwdselfservice/local_settings.py +++ b/pwdselfservice/local_settings.py @@ -17,7 +17,7 @@ DING_APP_KEY = 'dingqdzmax324v' DING_APP_SECRET = 'rnGRJhhw5kVmzykG9mrTDxewmI4e0myPAluMlguYQOaadsf2fhgfdfsx' # 钉钉移动应用接入 -DING_SELF_APP_ID = 'dingoabrzugusdfdf33fgfds +DING_SELF_APP_ID = 'dingoabrzugusdfdf33fgfds' DING_SELF_APP_SECRET = 'IrH2MedSgesguFjGvFCTjXYBRZDhA5AI4ADQU5710sgLffdsadf32uhgfdsfs' # Crypty key 通过generate_key生成,可不用修改,如果需要自行生成,请使用Crypto.generate_key自行生成,用于加密页面提交的明文密码 diff --git a/readme.md b/readme.md index 1b50d55..0bdade4 100644 --- a/readme.md +++ b/readme.md @@ -57,7 +57,7 @@ DING_APP_SECRET = 'rnGRJhhw5kVmzykG9mrTDxewmI4e0myP1123333221jzeKv3amQYWcInLV3x' # 钉钉移动应用接入 DING_SELF_APP_ID = 'dingoabr112233xts' -DING_SELF_APP_SECRET = 'IrH2MedSgesguFjGvFCTjXYBRZD3322112233332211222 +DING_SELF_APP_SECRET = 'IrH2MedSgesguFjGvFCTjXYBRZD3322112233332211222' # Crypty key 通过Crypty.generate_key生成 CRYPTO_KEY = b'dp8U9y7NAhCD3MoNwPzPBhBtTZ1uI_WWSdpNs6wUDgs=' @@ -89,38 +89,40 @@ IP和路径按自己实际路径修改 ````ini [uwsgi] http-socket = 192.168.90.111:8000 - -chdir = /usr/local/wwwroot/pwdselfservice - + +# 项目目录 +chdir = /usr/local/wwwroot/ad-password-self-service + +# settings.py 里的app wsgi名称 module = pwdselfservice.wsgi:application master = true - + processes = 4 - + threads = 4 - + max-requests = 2000 - + chmod-socket = 755 - + vacuum = true -#设置缓冲 +#设置缓冲大小 post-buffering = 4096 -#设置静态文件 -static-map = /static=/usr/local/wwwroot/pwdselfservice/static +#设置静态文件目录映射 +static-map = /static=/usr/local/wwwroot/ad-password-self-service/static -#设置日志目录 +#设置日志保存目录 daemonize = /usr/local/wwwroot/log/uwsgi/uwsgi.log ```` ## 通过uwsgi启动: -/usr/local/python3/bin/uwsgi -d --ini /usr/loca/wwwroot/pwdselfservice/uwsgi.ini +/usr/local/python3/bin/uwsgi -d --ini /usr/local/wwwroot/ad-password-self-service/uwsgi.ini -其中/xxx/xxx/pwdselfservice/uwsgi.ini是你自己的服务器中此文件的真实地址 +其中/xxx/xxx/ad-password-self-service/uwsgi.ini是你自己的服务器中此文件的真实地址 启动之后也可以通过IP+端口访问了。 @@ -129,17 +131,17 @@ daemonize = /usr/local/wwwroot/log/uwsgi/uwsgi.log uwsgi-start.sh: ```shell #!/bin/sh -/usr/local/python3/bin/uwsgi -d --ini /usr/loca/wwwroot/pwdselfservice/uwsgi.ini --touch-reload "/usr/loca/wwwroot/pwdselfservice/reload.set" +/usr/local/python3/bin/uwsgi -d --ini /usr/local/wwwroot/ad-password-self-service/uwsgi.ini --touch-reload "/usr/local/wwwroot/ad-password-self-service/reload.set" ``` uwsgi-autoreload.sh: ````shell #!/bin/sh -objectdir="/usr/loca/wwwroot/pwdselfservice" +objectdir="/usr/local/wwwroot/ad-password-self-service" /usr/bin/inotifywait -mrq --exclude "(logs|\.swp|\.swx|\.log|\.pyc|\.sqlite3)" --timefmt '%d/%m/%y %H:%M' --format '%T %wf' --event modify,delete,move,create,attrib ${objectdir} | while read files do -/bin/touch /usr/loca/wwwroot/pwdselfservice/reload.set +/bin/touch /usr/local/wwwroot/ad-password-self-service/reload.set continue done & ```` diff --git a/resetpwd/views.py b/resetpwd/views.py index af6c63c..209a1d7 100644 --- a/resetpwd/views.py +++ b/resetpwd/views.py @@ -14,6 +14,7 @@ msg_template = 'msg.html' home_url = HOME_URL logger = logging.getLogger('django') + def resetpwd_index(request): home_url = HOME_URL app_id = DING_SELF_APP_ID @@ -24,6 +25,7 @@ def resetpwd_index(request): if request.method == 'POST': check_form = CheckForm(request.POST) + # 对前端提交的用户名、密码进行二次验证,防止有人恶意修改前端JS提交简单密码或提交非法用户 if check_form.is_valid(): form_obj = check_form.cleaned_data user_email = form_obj.get("user_email") @@ -39,79 +41,55 @@ def resetpwd_index(request): } return render(request, msg_template, context) - if user_email and old_password and new_password: - try: - # 判断账号是否被锁定 - if ad_get_user_locked_status_by_mail(user_mail_addr=user_email) is not 0: - context = { - 'msg': "此账号己被锁定,请先解锁账号。", - 'button_click': "window.history.back()", - 'button_display': "返回" - } - return render(request, msg_template, context) - - if ad_get_user_status_by_mail(user_mail_addr=user_email) == 514 or ad_get_user_status_by_mail( - user_mail_addr=user_email) == 66050: - context = { - 'msg': "此账号状态为己禁用,请联系HR确认账号是否正确。", - 'button_click': "window.location.href='%s'" % home_url, - 'button_display': "返回主页" - } - return render(request, msg_template, context) - - else: - try: - result = ad_modify_user_pwd_by_mail(user_mail_addr=user_email, old_password=old_password, - new_password=new_password) - if result is True: - context = { - 'msg': "密码己修改成功,请妥善保管密码。你可直接关闭此页面!", - 'button_click': "window.location.href='%s'" % home_url, - 'button_display': "返回主页" - } - return render(request, msg_template, context) - - else: - context = { - 'msg': "密码未修改成功,请确认旧密码是否正确。", - 'button_click': "window.history.back()", - 'button_display': "返回" - } - return render(request, msg_template, context) - - except IndexError: - context = { - 'msg': "请确认邮箱账号[%s]是否正确?未能在Active Directory中检索到相关信息。" % user_email, - 'button_click': "window.location.href='%s'" % home_url, - 'button_display': "返回主页" - } - return render(request, msg_template, context) - except Exception as e: - context = { - 'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e), - 'button_click': "window.location.href='%s'" % home_url, - 'button_display': "返回主页" - } - return render(request, msg_template, context) - - except IndexError: + try: + # 判断账号是否被锁定 + if ad_get_user_locked_status_by_mail(user_mail_addr=user_email) is not 0: context = { - 'msg': "请确认邮箱账号[%s]是否正确?未能在Active Directory中检索到相关信息。" % user_email, - 'button_click': "window.location.href='%s'" % home_url, - 'button_display': "返回主页" - } - return render(request, msg_template, context) - except Exception as e: - context = { - 'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e), + 'msg': "此账号己被锁定,请先解锁账号。", 'button_click': "window.history.back()", 'button_display': "返回" } return render(request, msg_template, context) + # 判断账号状态是否禁用或锁定 + if ad_get_user_status_by_mail(user_mail_addr=user_email) == 514 or ad_get_user_status_by_mail( + user_mail_addr=user_email) == 66050: + context = { + 'msg': "此账号状态为己禁用,请联系HR确认账号是否正确。", + 'button_click': "window.location.href='%s'" % home_url, + 'button_display': "返回主页" + } + return render(request, msg_template, context) + + except IndexError: + context = { + 'msg': "请确认邮箱账号[%s]是否正确?未能在Active Directory中检索到相关信息。" % user_email, + 'button_click': "window.location.href='%s'" % home_url, + 'button_display': "返回主页" + } + return render(request, msg_template, context) + except Exception as e: + context = { + 'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e), + 'button_click': "window.history.back()", + 'button_display': "返回" + } + return render(request, msg_template, context) + + # 修改密码 + result = ad_modify_user_pwd_by_mail(user_mail_addr=user_email, old_password=old_password, + new_password=new_password) + if result is True: + context = { + 'msg': "密码己修改成功,请妥善保管密码。你可直接关闭此页面!", + 'button_click': "window.location.href='%s'" % home_url, + 'button_display': "返回主页" + } + return render(request, msg_template, context) + else: context = { - 'msg': "用户名、旧密码、新密码参数不正确,请重新确认后输入。", + 'msg': "密码未修改成功,请确认旧密码是否正确。", 'button_click': "window.history.back()", 'button_display': "返回" } @@ -143,33 +121,33 @@ def resetpwd_check_userinfo(request): 'button_display': "返回主页" } return render(request, msg_template, context) - else: - ding_user_info = ding_get_userinfo_detail(ding_get_userid_by_unionid(unionid)) - try: - # 钉钉中此账号是否可用 - if ding_user_info['active']: - crypto = Crypto(CRYPTO_KEY) - unionid_cryto = crypto.encrypt(unionid) - # 配置cookie,并重定向到重置密码页面。 - set_cookie = HttpResponseRedirect('resetpwd') - set_cookie.set_cookie('tmpid', unionid_cryto, expires=TMPID_COOKIE_AGE) - return set_cookie - else: - context = { - 'msg': '邮箱是[%s]的用户在钉钉中未激活或可能己离职' % ding_user_info['email'], - 'button_click': "window.location.href='%s'" % home_url, - 'button_display': "返回主页" - } - return render(request, msg_template, context) - except IndexError: + + ding_user_info = ding_get_userinfo_detail(ding_get_userid_by_unionid(unionid)) + try: + # 钉钉中此账号是否可用 + if ding_user_info['active']: + crypto = Crypto(CRYPTO_KEY) + unionid_cryto = crypto.encrypt(unionid) + # 配置cookie,并重定向到重置密码页面。 + set_cookie = HttpResponseRedirect('resetpwd') + set_cookie.set_cookie('tmpid', unionid_cryto, expires=TMPID_COOKIE_AGE) + return set_cookie + else: context = { - 'msg': "用户不存在或己离职", + 'msg': '邮箱是[%s]的用户在钉钉中未激活或可能己离职' % ding_user_info['email'], 'button_click': "window.location.href='%s'" % home_url, 'button_display': "返回主页" - } + } return render(request, msg_template, context) - except Exception as e: - logger.error('[异常] :%s' % str(e)) + except IndexError: + context = { + 'msg': "用户不存在或己离职", + 'button_click': "window.location.href='%s'" % home_url, + 'button_display': "返回主页" + } + return render(request, msg_template, context) + except Exception as e: + logger.error('[异常] :%s' % str(e)) except KeyError: context = { @@ -250,39 +228,39 @@ def resetpwd_reset(request): 'button_display': "返回主页" } return render(request, msg_template, context) - else: - try: - result = ad_reset_user_pwd_by_mail(user_mail_addr=user_email, new_password=new_password) - if result: - # 重置密码并执行一次解锁,防止重置后账号还是锁定状态。 - ad_unlock_user_by_mail(user_email) - context = { - 'msg': "密码己重置成功,请妥善保管。你可以点击返回主页或直接关闭此页面!", - 'button_click': "window.location.href='%s'" % home_url, - 'button_display': "返回主页" - } - return render(request, msg_template, context) - else: - context = { - 'msg': "密码未重置成功,确认密码是否满足AD的复杂性要求。", - 'button_click': "window.location.href='%s'" % home_url, - 'button_display': "返回主页" - } - return render(request, msg_template, context) - except IndexError: + + try: + result = ad_reset_user_pwd_by_mail(user_mail_addr=user_email, new_password=new_password) + if result: + # 重置密码并执行一次解锁,防止重置后账号还是锁定状态。 + ad_unlock_user_by_mail(user_email) context = { - 'msg': "请确认邮箱账号[%s]是否正确?未能在AD中检索到相关信息。" % user_email, + 'msg': "密码己重置成功,请妥善保管。你可以点击返回主页或直接关闭此页面!", 'button_click': "window.location.href='%s'" % home_url, 'button_display': "返回主页" } return render(request, msg_template, context) - except Exception as e: + else: context = { - 'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e), + 'msg': "密码未重置成功,确认密码是否满足AD的复杂性要求。", 'button_click': "window.location.href='%s'" % home_url, 'button_display': "返回主页" } return render(request, msg_template, context) + except IndexError: + context = { + 'msg': "请确认邮箱账号[%s]是否正确?未能在AD中检索到相关信息。" % user_email, + 'button_click': "window.location.href='%s'" % home_url, + 'button_display': "返回主页" + } + return render(request, msg_template, context) + except Exception as e: + context = { + 'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e), + 'button_click': "window.location.href='%s'" % home_url, + 'button_display': "返回主页" + } + return render(request, msg_template, context) else: context = { 'msg': "请从主页开始进行操作。", @@ -330,37 +308,37 @@ def resetpwd_unlock(request): 'button_display': "返回主页" } return render(request, msg_template, context) - else: - try: - result = ad_unlock_user_by_mail(user_email) - if result: - context = { - 'msg': "账号己解锁成功。你可以点击返回主页或直接关闭此页面!", - 'button_click': "window.location.href='%s'" % home_url, - 'button_display': "返回主页" - } - return render(request, msg_template, context) - else: - context = { - 'msg': "账号未能解锁,请联系管理员确认该账号在AD的是否己禁用。", - 'button_click': "window.location.href='%s'" % home_url, - 'button_display': "返回主页" - } - return render(request, msg_template, context) - except IndexError: + + try: + result = ad_unlock_user_by_mail(user_email) + if result: context = { - 'msg': "请确认邮箱账号[%s]是否正确?未能在AD中检索到相关信息。" % user_email, + 'msg': "账号己解锁成功。你可以点击返回主页或直接关闭此页面!", 'button_click': "window.location.href='%s'" % home_url, 'button_display': "返回主页" } return render(request, msg_template, context) - except Exception as e: + else: context = { - 'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e), + 'msg': "账号未能解锁,请联系管理员确认该账号在AD的是否己禁用。", 'button_click': "window.location.href='%s'" % home_url, 'button_display': "返回主页" } return render(request, msg_template, context) + except IndexError: + context = { + 'msg': "请确认邮箱账号[%s]是否正确?未能在AD中检索到相关信息。" % user_email, + 'button_click': "window.location.href='%s'" % home_url, + 'button_display': "返回主页" + } + return render(request, msg_template, context) + except Exception as e: + context = { + 'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e), + 'button_click': "window.location.href='%s'" % home_url, + 'button_display': "返回主页" + } + return render(request, msg_template, context) else: context = { 'msg': "请从主页开始进行操作。", diff --git a/templates/index.html b/templates/index.html index 1123c79..26cc1ad 100644 --- a/templates/index.html +++ b/templates/index.html @@ -108,7 +108,5 @@ if (!!window.ActiveXObject || "ActiveXObject" in window) alert("您当前使用的浏览器为IE或IE内核,因为IE各种体验问题,本网站不对IE兼容。\n为能正常使用密码自助修改服务,请更换谷歌、火狐等非IE核心的浏览器。\n如果是360、Maxthon" + "等这类双核心浏览器,请切换至[极速模式]亦可。") } - - \ No newline at end of file diff --git a/uwsgi.ini b/uwsgi.ini index 151a128..0b2d962 100644 --- a/uwsgi.ini +++ b/uwsgi.ini @@ -1,8 +1,10 @@ [uwsgi] http-socket = 192.168.90.111:8000 - -chdir = /usr/local/wwwroot/pwdselfservice - + +# 项目目录 +chdir = /usr/local/wwwroot/ad-password-self-service + +# settings.py 里的wsgi名称 module = pwdselfservice.wsgi:application master = true @@ -17,11 +19,11 @@ chmod-socket = 755 vacuum = true -#设置缓冲 +#设置缓冲大小 post-buffering = 4096 -#设置静态文件 -static-map = /static=/usr/local/wwwroot/pwdselfservice/static +#设置静态文件目录映射 +static-map = /static=/usr/local/wwwroot/ad-password-self-service/static -#设置日志目录 +#设置日志保存目录 daemonize = /usr/local/wwwroot/log/uwsgi/uwsgi.log \ No newline at end of file