7x31
/
ad-password-self-service
mirror of https://github.com/capricornxl/ad-password-self-service.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: 7x31:1.0.6
Branches Tags
7x31:master
7x31:1.0.6.1
7x31:1.0.6
7x31:1.0.5.7
7x31:1.0.5.6
7x31:1.0.5.5
7x31:1.0.5.4
7x31:1.0.5.3
7x31:1.0.5.2
7x31:1.0.5.1
7x31:1.0.5
7x31:1.0.4
7x31:1.0.3
7x31:1.0.2
7x31:1.0.1
7x31:1.0.0
...
compare: 7x31:master
Branches Tags
7x31:master
7x31:1.0.6.1
7x31:1.0.6
7x31:1.0.5.7
7x31:1.0.5.6
7x31:1.0.5.5
7x31:1.0.5.4
7x31:1.0.5.3
7x31:1.0.5.2
7x31:1.0.5.1
7x31:1.0.5
7x31:1.0.4
7x31:1.0.3
7x31:1.0.2
7x31:1.0.1
7x31:1.0.0

43 Commits
1.0.6 ... master

Author SHA1 Message Date
Yadeno 4c9bcca77f
Merge pull request #42 from copyboy/master 
Update format_username.py
 2024-10-11 18:22:44 +08:00
Qingdong Zhang 06721a35af
Update format_username.py 
钉钉更新了企业邮箱字段,
原先biz_mail已不生效, 前端抓取发现已改用orgEmail
 2024-10-11 17:32:52 +08:00
Leven d0b86b543c FIX some bug 2023-02-13 09:25:03 +08:00
Leven 2b2c76c162 Merge remote-tracking branch 'github/master' into gitee_master 2023-02-10 23:33:40 +08:00
Leven 8278895041 Merge remote-tracking branch 'github/master' into gitee_master 2023-02-10 23:33:22 +08:00
Leven c42e8bb4b7 Merge remote-tracking branch 'github/master' into gitee_master 2023-02-10 17:56:50 +08:00
Leven 7bd470f32c fix session cache bug 2023-02-10 17:55:01 +08:00
Leven 1379f26670 Merge remote-tracking branch 'github/master' into gitee_master 2023-02-10 17:50:20 +08:00
Leven cd33b5e9a9 fix session cache bug 2023-02-10 17:50:07 +08:00
Leven aedfcb22f5 Merge remote-tracking branch 'github/master' into gitee_master 2023-02-10 17:28:21 +08:00
Leven 85587fa3ae fix session cache bug 2023-02-10 17:28:12 +08:00
Leven 63026a2e3c Merge remote-tracking branch 'github/master' into gitee_master 2023-02-10 17:17:27 +08:00
Leven 8e2ffb552f fix session cache bug 2023-02-10 17:17:14 +08:00
Leven 87d5432cfd Merge remote-tracking branch 'github/master' into gitee_master 2023-02-10 17:02:40 +08:00
Leven 33f32999ba fix session cache bug 2023-02-10 17:02:24 +08:00
Leven 429fadc010 Merge remote-tracking branch 'github/master' into gitee_master 2023-02-10 16:50:01 +08:00
Leven 0839baacab fix session cache bug 2023-02-10 16:49:44 +08:00
Leven 2625ef2cb3 Merge remote-tracking branch 'github/master' into gitee_master 2023-02-10 16:45:24 +08:00
Leven ea5d2e131d fix session cache bug 2023-02-10 16:45:13 +08:00
Leven 42a362c7c4 Merge remote-tracking branch 'github/master' into gitee_master 2023-02-10 16:06:37 +08:00
Leven 362d78c9b5 fix session cache bug 2023-02-10 16:06:24 +08:00
Leven a880da7fb2 Merge remote-tracking branch 'github/master' into gitee_master 2023-02-10 14:28:58 +08:00
Leven dd48467161 Merge remote-tracking branch 'github/master' into gitee_master 2023-02-10 14:28:45 +08:00
Leven 97b60fe384 Merge remote-tracking branch 'github/master' into gitee_master 2023-02-10 12:32:07 +08:00
Leven f7390e1e03 fix session cache bug 2023-02-10 12:31:52 +08:00
Leven a68fc3f307 fix session cache bug 2023-02-10 12:29:39 +08:00
Leven 1752b1d16f fix some bugs 2023-02-06 22:01:00 +08:00
Leven a8afae7c2f Merge remote-tracking branch 'github/master' into gitee_master 2023-01-18 09:34:33 +08:00
Leven 263cb7ce6f Merge branch 'feature/update_to_layui' of https://gitee.com/yadeno/ad-password-self-service into gitee_master 
# Conflicts:
#	.gitignore
#	LICENSE
 2023-01-18 09:34:30 +08:00
Yadeno cda291f075
Merge pull request #30 from capricornxl/feature/update_to_layui 
更新一些小功能
 2023-01-17 20:01:23 +08:00
Leven e7130fa983 更新一些小功能 2023-01-17 19:58:29 +08:00
Yadeno 30212b2988
Merge pull request #29 from capricornxl/feature/update_to_layui 
add screenshot
 2023-01-17 10:34:01 +08:00
Leven ba81a90df7 add screenshot 2023-01-17 10:33:08 +08:00
Yadeno 2ae4acbffc
Merge pull request #28 from capricornxl/feature/update_to_layui 
应用内授权页面独立
 2023-01-16 16:07:24 +08:00
Leven 2e95fa3b8e 移除auto-install.sh中的redis部署步骤 
抽出应用中的授权验证跳转的代码,单独做成一个auth页面,可实现选择首页是进入修改密码,还是自动跳转重置页面
调整部分文件说明
 2023-01-16 16:05:29 +08:00
Yadeno 4f377ba09b
Merge pull request #27 from capricornxl/feature/update_to_layui 
Solve some H5 compatibility
 2023-01-14 21:16:41 +08:00
Leven b82f2ececb remove dependence redis-sever, now use mem storage 
update to layui, support PC and Mobile html render
 2023-01-14 21:12:13 +08:00
Leven 51a600c8a4 fix redis auto install 
fix redis password auto-gen and append to local_settings.py
 2023-01-09 23:05:16 +08:00
Leven d10601b9ab fix some css 2022-12-30 10:24:09 +08:00
Leven fa3f47e496 fix some html 2022-12-29 17:19:38 +08:00
Leven 729c9ae571 Merge remote-tracking branch 'github/master' 2022-12-24 14:47:34 +08:00
Leven bf29a8234c fix readme.md 2022-12-24 14:47:19 +08:00
Leven be0b4fdc16 Initial commit 2021-06-26 06:55:29 +00:00
68 changed files with 1910 additions and 35334 deletions
Show Stats Expand all files Collapse all files

442
auto-install.sh Normal file → Executable file
View File

@ -1,7 +1,33 @@
#!/bin/bash
echo -e "此脚本为快速部署目前只做了Centos版本的如果是其它系统请自行修改下相关命令\n请准备一个新的环境运行\n本脚本会快速安装相关的环境和所需要的服务\n如果你运行脚本的服务器中已经存在如Nginx、Python3等可能会破坏掉原有的应用配置。"
##Check IP
SCRIPT=$(readlink -f $0)
CWD=$(dirname ${SCRIPT})
mkdir -p ${CWD}/.status
os_distro=''
os_version=''
get_selinux=''
gen_password=$(echo "$(hostname)$(date)" |base64 |cut -b 1-24)
function get_os_basic_info() {
if [[ -f /etc/lsb-release ]]; then
os_distro=$(lsb_release -d |awk '{print $2}')
os_version=$(lsb_release -d -s |awk '{print $2}')
os_version_prefix=$(echo ${os_version} |cut -b 1-2)
elif [[ -f /etc/redhat-release ]]; then
os_distro=$(cat /etc/redhat-release |awk '{print $1}')
os_version=$(cat /etc/redhat-release |awk '{print $4}')
os_version_prefix=$(echo ${os_version} |cut -b 1)
get_selinux=$(getenforce)
if [[ ${get_selinux} =~ enforcing|Enforcing ]];then
echo "请先禁用SELINUX~~! ..."
exit 1
fi
else
echo "不能识别的操作系统请选择使用Ubuntu或Centos! ..."
exit 1
fi
}
function check_ip() {
local IP=$1
VALID_CHECK=$(echo $IP|awk -F. '$1<=255&&$2<=255&&$3<=255&&$4<=255{print "yes"}')
@ -16,7 +42,6 @@ function check_ip() {
fi
}
##Check domain
function check_domain() {
local DOMAIN=$1
if echo $DOMAIN |grep -P "(?=^.{4,253}$)(^(?:[a-zA-Z0-9](?:(?:[a-zA-Z0-9\-]){0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$)" >/dev/null; then
@ -26,7 +51,6 @@ function check_domain() {
fi
}
##Check Port
function check_port() {
local PORT=$1
VALID_CHECK=$(echo $PORT|awk '$1<=65535&&$1>=1{print "yes"}')
@ -41,11 +65,46 @@ function check_port() {
fi
}
function safe_installer() {
local _run_cmd="$@"
if [[ ${os_distro} =~ (CentOS|Redhat) ]]; then
sudo yum makecache
sudo yum install -y ${_run_cmd}
elif [[ ${os_distro} =~ (Ubuntu|Debian) ]]; then
sudo apt-get update
sudo apt-get install -y ${_run_cmd}
else
echo "未适配的操作系统 ${os_distro}"
exit 1
fi
if [[ $? -ne 0 ]]; then
echo "安装 [${_run_cmd}] 失败"
exit 1
fi
}
check_status() {
local status=$1
if [[ ${status} -ne 0 ]]; then
echo "出现错误,请检查后再试 ..."
exit 1
fi
}
get_os_basic_info
echo "============================================================================="
echo " 此脚本为快速部署,支持[Ubuntu, Debian, Centos]
请准备一个新的环境运行,本脚本会快速安装相关的环境和所需要的服务
如果你运行脚本的服务器中已经存在如Nginx、Python3等可能会破坏掉原有的应用配置"
echo " 当前目录:${CWD}"
echo " 操作系统发行版本:${os_distro}, 系统版本:${os_version} ..."
echo "============================================================================="
while :; do echo
echo "请确认你此台服务器是全新干净的,以防此脚本相关操作对正在运行的服务造成影响(不可逆)。"
echo "请确认你此台服务器是全新干净的,以防此脚本相关操作对正在运行的服务造成影响(不可逆) ..."
read -p "请确认是否继续执行,输入 [y/n]: " ensure_yn
if [[ ! "${ensure_yn}" =~ ^[y,n]$ ]]; then
echo "输入有误,请输入 y 或 n"
echo "输入有误,请输入 y 或 n ..."
else
break
fi
@ -55,179 +114,282 @@ if [[ "${ensure_yn}" = n ]]; then
exit 0
fi
echo "======================================================================="
while :; do echo
read -p "请输入密码自助平台使用的本机IP: " PWD_SELF_SERVICE_IP
check_ip ${PWD_SELF_SERVICE_IP}
check_ip "${PWD_SELF_SERVICE_IP}"
if [[ $? -ne 0 ]]; then
echo "---输入的IP地址格式有误请重新输入"
echo "---输入的IP地址格式有误请重新输入 ..."
else
break
fi
done
echo "======================================================================="
while :; do echo
read -p "请输入密码自助平台使用的端口(不要和Nginx一样): " PWD_SELF_SERVICE_PORT
check_port ${PWD_SELF_SERVICE_PORT}
read -p "请输入密码自助平台使用的端口(不要和Nginx[80]一样): " PWD_SELF_SERVICE_PORT
check_port "${PWD_SELF_SERVICE_PORT}"
if [[ $? -ne 0 ]]; then
echo "---输入的端口有误,请重新输入"
echo "---输入的端口有误,请重新输入 ..."
else
break
fi
done
echo "======================================================================="
while :; do echo
read -p "请输入密码自助平台使用域名例如pwd.abc.com不需要加http://或https:// " PWD_SELF_SERVICE_DOMAIN
check_domain ${PWD_SELF_SERVICE_DOMAIN}
check_domain "${PWD_SELF_SERVICE_DOMAIN}"
if [[ $? -ne 0 ]]; then
echo "---输入的域名格式有误,请重新输入"
echo "---输入的域名格式有误,请重新输入 ..."
else
break
fi
done
##当前脚本的绝对路径
SHELL_FOLDER=$(dirname $(readlink -f "$0"))
echo
echo "==============================================="
echo "开始部署 ..."
echo "关闭SELINUX"
sudo setenforce 0
sudo sed -i 's@SELINUX=*@SELINUX=disabled@g' /etc/selinux/config
echo "DONE....."
echo "关闭防火墙"
sudo systemctl disable firewalld
sudo systemctl stop firewalld
echo "DONE....."
echo "初始化编译环境----------"
sudo yum install gcc patch libffi-devel python-devel zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel wget psmisc -y
echo "======================================================================="
echo "初始化编译环境完成"
echo "======================================================================="
##Quick install nginx
echo "======================================================================="
echo "安装 Nginx"
sudo cat << EOF > /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/7/\$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
sudo yum makecache fast
sudo yum install nginx -y
if [[ $? -eq 0 ]]
then
sudo systemctl enable nginx
sudo systemctl start nginx
echo "======================================================================="
echo "nginx 安装成功!"
echo "======================================================================="
else
echo "======================================================================="
echo "nginx 安装失败!"
echo "======================================================================="
exit 1
if [[ ! -f "${CWD}/.status/.init_repo.Done" ]]; then
echo "处理源配置,改成国内源 ..."
if [[ ${os_distro} =~ (CentOS|Centos) ]]; then
if [[ ${os_version_prefix} -lt 9 ]];then
sudo cp -a /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.$(date '+%Y%m%d%H%M%S')
rm -f /etc/yum.repos.d/CentOS-Base.repo
cp -a ${CWD}/conf/CentOS-${os_version_prefix}-reg.repo /etc/yum.repos.d/CentOS-Base.repo
check_status $?
sudo yum makecache
sudo yum install --nogpgcheck -y epel-release
sed -i "s/#baseurl/baseurl/g" /etc/yum.repos.d/epel.repo
sed -i "s/metalink/#metalink/g" /etc/yum.repos.d/epel.repo
sed -i "s@https\?://download.fedoraproject.org/pub@https://repo.huaweicloud.com@g" /etc/yum.repos.d/epel.repo
check_status $?
fi
fi
if [[ ${os_distro} =~ (Ubuntu|ubuntu) ]]; then
sudo cp -a /etc/apt/sources.list /etc/apt/sources.list.bak
sudo sed -i "s@http://.*archive.ubuntu.com@http://repo.huaweicloud.com@g" /etc/apt/sources.list
sudo sed -i "s@http://.*security.ubuntu.com@http://repo.huaweicloud.com@g" /etc/apt/sources.list
check_status $?
fi
if [[ ${os_distro} =~ (Debian|debian) ]]; then
sudo cp -a /etc/apt/sources.list /etc/apt/sources.list.bak
sed -i "s@http://ftp.debian.org@https://repo.huaweicloud.com@g" /etc/apt/sources.list
sed -i "s@http://security.debian.org@https://repo.huaweicloud.com@g" /etc/apt/sources.list
check_status $?
fi
touch "${CWD}/.status/.init_repo.Done"
fi
##install python3
##如果之前用此脚本安装过python3后续就不会再次安装。
PYTHON_VER='3.8.9'
PYTHON_INSTALL_DIR=/usr/share/python-${PYTHON_VER}
if [[ -f "${PYTHON_INSTALL_DIR}/bin/python3" ]]
then
echo "己发现Python3将不会安装。"
else
if [[ -f "Python-${PYTHON_VER}.tar.xz" ]]
then
echo "将安装Python${PYTHON_VER}"
tar xf Python-${PYTHON_VER}.tar.xz
cd Python-${PYTHON_VER}
sudo ./configure --prefix=${PYTHON_INSTALL_DIR} && make && make install
else
echo "脚本目录下没有发现Python${PYTHON_VER}.tar.xz将会下载python ${PYTHON_VER}"
sudo wget https://www.python.org/ftp/python/${PYTHON_VER}/Python-${PYTHON_VER}.tar.xz
tar xf Python-${PYTHON_VER}.tar.xz
cd Python-${PYTHON_VER}
sudo ./configure --prefix=${PYTHON_INSTALL_DIR} && make && make install
if [[ ! -f "${CWD}/.status/.init_package.Done" ]]; then
echo "初始化依赖包 ..."
if [[ ${os_distro} =~ (CentOS|Redhat) ]]; then
sudo yum-complete-transaction --cleanup-only
sudo yum makecache
sudo yum install --nogpgcheck -y @development zlib-devel bzip2 bzip2-devel readline-devel \
sqlite-devel openssl-devel xz-devel libffi-devel ncurses-devel readline-devel tk-devel \
libpcap-devel findutils wget nginx tar initscripts
elif [[ ${os_distro} =~ (Ubuntu|Debian) ]]; then
sudo apt-get install apt-transport-https ca-certificates -y
sudo apt-get update
sudo apt-get install -y make build-essential libssl-dev zlib1g-dev libbz2-dev \
libreadline-dev libsqlite3-dev llvm libncurses5-dev libncursesw5-dev \
xz-utils tk-dev libffi-dev liblzma-dev python-openssl wget nginx tar initscripts
fi
if [[ $? -eq 0 ]]
then
echo "创建python3和pip3的软件链接"
cd ${SHELL_FOLDER}
sudo ln -svf ${PYTHON_INSTALL_DIR}/bin/python3 /usr/bin/python3
sudo ln -svf ${PYTHON_INSTALL_DIR}/bin/pip3 /usr/bin/pip3
echo "======================================================================="
echo "Python3 安装成功!"
echo "======================================================================="
if [[ $? -eq 0 ]]; then
echo "初始化依赖包完成 ..."
touch ${CWD}/.status/.init_package.Done
else
echo "======================================================================="
echo "Python3 安装失败!"
echo "======================================================================="
echo "初始化依赖包失败 ..."
exit 1
fi
fi
if [[ ! -f "${CWD}/.status/.redis.Done" ]]; then
safe_installer redis
if [[ $? -eq 0 ]]; then
if [[ -f /etc/redis.conf ]]; then
REDIS_CONF=/etc/redis.conf
else
REDIS_CONF=/etc/redis/redis.conf
fi
sed -i 's@^requirepass.*@@g' ${REDIS_CONF}
sed -i "/# requirepass foobared/a requirepass ${gen_password}" ${REDIS_CONF}
sed -i "s@REDIS_PASSWORD.*@REDIS_PASSWORD = r'${gen_password}'@g" ${CWD}/conf/local_settings.py
touch ${CWD}/.status/.redis.Done
echo "${gen_password}" >${CWD}/.status/.redis.Done
echo "安装 redis-server 成功"
else
echo "安装 redis-server 失败,请重新运行本脚本再试"
fi
else
gen_password=$(cat ${CWD}/.status/.redis.Done)
fi
redis_service=''
if [[ -f /usr/lib/systemd/system/redis.service ]];then
redis_service=redis
elif [[ -f /usr/lib/systemd/system/redis-server.service ]]; then
redis_service='redis-server'
fi
if [[ -z ${redis_service} ]]; then
echo "Redis服务名未能识别到请自行手动重启本机的Redis服务 ..."
else
rm -f /etc/nginx/conf.d/default.conf
rm -f /etc/nginx/sites-enabled/default.conf
systemctl restart ${redis_service}
fi
NGINX_USER=$(grep -E '^user' /etc/nginx/nginx.conf |sed 's@user @@g' |sed 's@;@@g' |awk '{print $1}')
cat <<'EOF' >/etc/nginx/nginx.conf
worker_processes auto;
pid /run/nginx.pid;
events {
use epoll;
worker_connections 2048;
}
http {
include mime.types;
default_type application/octet-stream;
server_tokens off;
client_header_buffer_size 16k;
client_body_buffer_size 128k;
keepalive_timeout 65;
keepalive_requests 120;
sendfile on;
tcp_nodelay on;
tcp_nopush on;
charset utf-8;
autoindex off;
# gzip
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 3;
gzip_disable "MSIE [1-6]\.";
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png application/json;
gzip_vary on;
gzip_static on;
# upload file
client_max_body_size 0;
proxy_buffering off;
proxy_send_timeout 10m;
proxy_read_timeout 10m;
proxy_connect_timeout 10m;
proxy_request_buffering off;
# log
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log;
# config file
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
}
EOF
sed -i "1i\user ${NGINX_USER};" /etc/nginx/nginx.conf
PYTHON_VER='3.8.16'
PYTHON_INSTALL_DIR=/usr/share/python-${PYTHON_VER}
PYTHON_VENV_DIR=${CWD}/pwd_venv
if [[ -f "${CWD}/.status/.python3.Done" ]];then
echo "Python3己部署跳过 ..."
else
if [[ -f "${CWD}/Python-${PYTHON_VER}.tar.xz" ]] && [[ -f "${CWD}/python.${PYTHON_VER}.md5" ]]; then
python3_md5=$(md5sum "${CWD}/Python-${PYTHON_VER}.tar.xz" |awk '{print $1}')
python3_md5_record=$(cat ${CWD}/python.${PYTHON_VER}.md5)
if [[ x"${python3_md5}" != x"${python3_md5_record}" ]]; then
rm -f "${CWD}/Python-${PYTHON_VER}.tar.xz"
rm -f "${CWD}/python.${PYTHON_VER}.md5"
fi
else
echo "无Python${PYTHON_VER}.tar.xz执行下载python ${PYTHON_VER} ..."
rm -f "${CWD}/Python-${PYTHON_VER}.tar.xz"
sudo wget -c -t 10 -T 120 https://repo.huaweicloud.com/python/${PYTHON_VER}/Python-${PYTHON_VER}.tar.xz -O ${CWD}/Python-${PYTHON_VER}.tar.xz
md5sum "${CWD}/Python-${PYTHON_VER}.tar.xz" |awk '{print $1}' > ${CWD}/python.${PYTHON_VER}.md5
if [[ $? -ne 0 ]]; then
echo "下载${PYTHON_VER}/Python-${PYTHON_VER}.tar.xz失败请重新运行本脚本再次重试 ..."
exit 1
fi
fi
echo "执行安装Python${PYTHON_VER} ..."
tar xf ${CWD}/Python-${PYTHON_VER}.tar.xz -C ${CWD}/
cd "${CWD}/Python-${PYTHON_VER}" || exit 1
sudo ./configure --prefix=${PYTHON_INSTALL_DIR} && make && make install
if [[ $? -eq 0 ]]; then
echo "创建python虚拟环境 -> ${PYTHON_VENV_DIR} ..."
rm -rf "${PYTHON_VENV_DIR}"
${PYTHON_INSTALL_DIR}/bin/python3 -m venv --copies "${PYTHON_VENV_DIR}"
touch ${CWD}/.status/.python3.Done
echo "Python3 安装成功 ..."
else
echo "Python3 安装失败,请重试 ..."
exit 1
fi
fi
##修改PIP源为国内
mkdir -p ~/.pip
cat << EOF > ~/.pip/pip.conf
cat <<'EOF' > ~/.pip/pip.conf
[global]
index-url = https://pypi.tuna.tsinghua.edu.cn/simple
index-url=https://pypi.tuna.tsinghua.edu.cn/simple
[install]
trusted-host=pypi.tuna.tsinghua.edu.cn
EOF
cd ${SHELL_FOLDER}
echo "====升级pip================"
/usr/bin/pip3 install --upgrade pip
/usr/bin/pip3 install -r requestment
if [[ $? -eq 0 ]]
then
echo "======================================================================="
echo "Pip3 requestment 安装成功!"
echo "======================================================================="
else
echo "======================================================================="
echo "Pip3 requestment 安装失败!"
echo "======================================================================="
exit 1
if [[ ! -f "${CWD}/.status/.pip3.Done" ]]; then
echo "部署pip依赖 ..."
${PYTHON_VENV_DIR}/bin/pip3 install --upgrade pip
${PYTHON_VENV_DIR}/bin/pip3 install wheel setuptools
${PYTHON_VENV_DIR}/bin/pip3 install -r ${CWD}/requirement
if [[ $? -eq 0 ]]; then
touch ${CWD}/.status/.pip3.Done
echo "Pip3 Requirement 安装成功 ..."
else
echo "Pip3 Requirement 安装失败 ..."
exit 1
fi
fi
##处理配置文件
echo "======================================================================="
echo "处理uwsgi.ini配置文件"
echo "处理uwsgi.ini配置文件 ..."
CPU_NUM=$(cat /proc/cpuinfo | grep processor | wc -l)
sed -i "s@CPU_NUM@${CPU_NUM}@g" ${SHELL_FOLDER}/uwsgi.ini
sed -i "s@PWD_SELF_SERVICE_HOME@${SHELL_FOLDER}@g" ${SHELL_FOLDER}/uwsgi.ini
sed -i "s@PWD_SELF_SERVICE_IP@${PWD_SELF_SERVICE_IP}@g" ${SHELL_FOLDER}/uwsgi.ini
sed -i "s@PWD_SELF_SERVICE_PORT@${PWD_SELF_SERVICE_PORT}@g" ${SHELL_FOLDER}/uwsgi.ini
echo "处理uwsgi.ini配置文件完成"
sed -i "s@CPU_NUM@${CPU_NUM}@g" ${CWD}/uwsgi.ini
sed -i "s@PYTHON_VENV_DIR@${PYTHON_VENV_DIR}@g" ${CWD}/uwsgi.ini
sed -i "s@PWD_SELF_SERVICE_HOME@${CWD}@g" ${CWD}/uwsgi.ini
sed -i "s@PWD_SELF_SERVICE_IP@${PWD_SELF_SERVICE_IP}@g" ${CWD}/uwsgi.ini
sed -i "s@PWD_SELF_SERVICE_PORT@${PWD_SELF_SERVICE_PORT}@g" ${CWD}/uwsgi.ini
echo "处理uwsgi.ini配置文件完成 ..."
echo
echo "处理uwsgiserver启动脚本"
sed -i "s@PWD_SELF_SERVICE_HOME@${SHELL_FOLDER}@g" ${SHELL_FOLDER}/uwsgiserver
sed -i "s@PYTHON_INSTALL_DIR@${PYTHON_INSTALL_DIR}@g" ${SHELL_FOLDER}/uwsgiserver
echo "处理uwsgiserver启动脚本 ..."
sed -i "s@PWD_SELF_SERVICE_HOME@${CWD}@g" ${CWD}/uwsgiserver
sed -i "s@PYTHON_VENV_DIR@${PYTHON_VENV_DIR}@g" ${CWD}/uwsgiserver
alias cp='cp'
cp -f ${SHELL_FOLDER}/uwsgiserver /etc/init.d/uwsgiserver
cp -rfp ${CWD}/uwsgiserver /etc/init.d/uwsgiserver
chmod +x /etc/init.d/uwsgiserver
chkconfig uwsgiserver on
echo "处理uwsgiserver启动脚本完成"
systemctl daemon-reload
systemctl enable uwsgiserver
echo "处理uwsgiserver启动脚本完成 ..."
echo
sed -i "s@PWD_SELF_SERVICE_DOMAIN@${PWD_SELF_SERVICE_DOMAIN}@g" ${SHELL_FOLDER}/conf/local_settings.py
sed -i "s@PWD_SELF_SERVICE_DOMAIN@${PWD_SELF_SERVICE_DOMAIN}@g" ${CWD}/conf/local_settings.py
##Nginx vhost配置
cat << EOF > /etc/nginx/conf.d/pwdselfservice.conf
mkdir -p /etc/nginx/conf.d
cat <<EOF >/etc/nginx/conf.d/pwdselfservice.conf
server {
listen 80;
server_name ${PWD_SELF_SERVICE_DOMAIN} ${PWD_SELF_SERVICE_IP};
@ -242,20 +404,22 @@ server {
access_log off;
}
EOF
rm -f /etc/nginx/conf.d/default.conf
systemctl restart nginx
systemctl start nginx
systemctl start uwsgiserver
echo
echo "======================================================================="
echo
echo "密码自助服务平台的访问地址是http://${PWD_SELF_SERVICE_DOMAIN}或http://${PWD_SELF_SERVICE_IP}"
echo "请确保以上域名能正常解析,否则使用域名无法访问。"
echo "密码自助服务平台的访问地址是http://${PWD_SELF_SERVICE_DOMAIN}或http://${PWD_SELF_SERVICE_IP} ..."
echo "请确保以上域名能正常解析,否则使用域名无法访问 ..."
echo "如果本机防火墙是开启状态,请自行放行端口: [80, ${PWD_SELF_SERVICE_PORT}]"
echo
echo "Uwsgi启动/etc/init.d/uwsgi start"
echo "Uwsgi停止/etc/init.d/uwsgi stop"
echo "Uwsgi重启/etc/init.d/uwsgi restart"
echo "Uwsgi启动/etc/init.d/uwsgiserver start ..."
echo "Uwsgi停止/etc/init.d/uwsgiserver stop ..."
echo "Uwsgi重启/etc/init.d/uwsgiserver restart ..."
echo
echo "Redis Server密码是${gen_password},可在${REDIS_CONF}中查到 ..."
echo
echo "文件${SHELL_FOLDER}/conf/local_setting.py中配置参数请自动确认下是否完整"
echo "文件${CWD}/conf/local_setting.py中配置参数请自行确认下是否完整 ..."
echo
echo "======================================================================="

43
conf/CentOS-7-reg.repo Normal file
View File

@ -0,0 +1,43 @@
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[base]
name=CentOS-$releasever - Base - repo.huaweicloud.com
baseurl=https://repo.huaweicloud.com/centos/$releasever/os/$basearch/
#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-7
#released updates
[updates]
name=CentOS-$releasever - Updates - repo.huaweicloud.com
baseurl=https://repo.huaweicloud.com/centos/$releasever/updates/$basearch/
#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-7
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - repo.huaweicloud.com
baseurl=https://repo.huaweicloud.com/centos/$releasever/extras/$basearch/
#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-7
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - repo.huaweicloud.com
baseurl=https://repo.huaweicloud.com/centos/$releasever/centosplus/$basearch/
#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
gpgcheck=1
enabled=0
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-7

52
conf/CentOS-8-reg.repo Normal file
View File

@ -0,0 +1,52 @@
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[BaseOS]
name=CentOS-$releasever - Base - repo.huaweicloud.com
baseurl=https://repo.huaweicloud.com/centos-vault/8.5.2111/BaseOS/$basearch/os/
#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=BaseOS&infra=$infra
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-Official
#released updates
[AppStream]
name=CentOS-$releasever - AppStream - repo.huaweicloud.com
baseurl=https://repo.huaweicloud.com/centos-vault/8.5.2111/AppStream/$basearch/os/
#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=AppStream&infra=$infra
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-Official
[PowerTools]
name=CentOS-$releasever - PowerTools - repo.huaweicloud.com
baseurl=https://repo.huaweicloud.com/centos-vault/8.5.2111/PowerTools/$basearch/os/
#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=PowerTools&infra=$infra
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-Official
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - repo.huaweicloud.com
baseurl=https://repo.huaweicloud.com/centos-vault/8.5.2111/extras/$basearch/os/
#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-Official
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - repo.huaweicloud.com
baseurl=https://repo.huaweicloud.com/centos-vault/8.5.2111/centosplus/$basearch/os/
#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
gpgcheck=1
enabled=0
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-Official

40
conf/local_settings.py
View File

@ -5,31 +5,41 @@
# ########## AD配置修改为自己的
# AD主机可以是IP或主机域名例如可以是: abc.com或172.16.122.1
AD_HOST = r'修改成自己的'
LDAP_HOST = r'修改成自己的'
# AD域控的DOMAIN例如比如你的域名是abc.com那么这里的AD_DOMAIN就是abc
# AD域控的DOMAIN例如比如你的域名是abc.com那么这里的LDAP_DOMAIN就是abc
# NTLM认证必须是domain\username
AD_DOMAIN = r'修改成自己的'
LDAP_DOMAIN = r'修改成自己的'
# 用于登录AD做用户信息处理的账号需要有修改用户账号密码或信息的权限。
# AD账号例如pwdadmin
AD_LOGIN_USER = r'修改成自己的'
LDAP_LOGIN_USER = r'修改成自己的'
# 密码
AD_LOGIN_USER_PWD = r'修改为自己的'
LDAP_LOGIN_USER_PWD = r'修改为自己的'
# BASE DN账号的查找DN路径例如'DC=abc,DC=com'可以指定到OU之下例如'OU=RD,DC=abc,DC=com'。
# BASE_DN限制得越细搜索用户的目录也就越小一般情况下可以通过SEARCH_FILTER来过滤
BASE_DN = r'修改成自己的'
# ldap的search_filter如果需要修改请保持用户账号部分为 点位符{0} (代码中通过占位符引入账号)
# 例如AD的用户账号属性是sAMAccountName那么匹配的账号请配置成sAMAccountName={0}
# LDAP中用户账号属性可能是uuid那么匹配的账号请配置成uuid={0}
# 如果想限制用户在哪个组的才能使用,可以写成这样:
# r'(&(objectClass=user)(memberof=CN=mis,OU=Groups,OU=OnTheJob,DC=abc,DC=com)(sAMAccountName={0}))', memberof 是需要匹配的组
# 默认配置是AD环境的查询语句可以自行使用Apache Directory Studio测试后再配置
SEARCH_FILTER = r'(&(objectclass=user)(sAMAccountName={0}))'
# 是否启用SSL,
# 注意AD必须使用SSL才能修改密码这里被坑了N久...,自行部署下AD的证书服务并颁发CA证书重启服务器生效。具体教程百度一下有很多。
AD_USE_SSL = True
# 注意AD中必须使用SSL才能修改密码这里被坑了N久...,自行部署下AD的证书服务并颁发CA证书重启服务器生效。具体教程百度一下有很多。
# 如果使用Openldap这里根据实际情况调整
LDAP_USE_SSL = True
# 连接的端口如果启用SSL默认是636否则就是389
AD_CONN_PORT = 636
LDAP_CONN_PORT = 636
# 验证的类型
# 钉钉 / 企业微信,自行修改
# 值是DING / WEWORK
AUTH_CODE_TYPE = 'DING'
INTEGRATION_APP_TYPE = 'WEWORK'
# ########## 钉钉 《如果不使用钉钉,可不用配置》##########
# 钉钉企业ID <CorpId>,修改为自己的
@ -53,12 +63,12 @@ WEWORK_AGENT_ID = r'修改为自己的'
# 应用的Secret
WEWORK_AGNET_SECRET = r'修改为自己的'
# Redis配置
# redis的连接地址redis://<Ip/Host>:<Port>/<数据库>
REDIS_LOCATION = r'redis://127.0.0.1:6379'
REDIS_PASSWORD = r'修改为自己的'
# 主页域名钉钉跳转等需要指定域名格式pwd.abc.com。
# 如果是自定义安装,请修改成自己的域名
HOME_URL = 'PWD_SELF_SERVICE_DOMAIN'
# 平台显示的标题
TITLE = 'Self-Service'
# ####### Redis ##########
REDIS_LOCATION = r'127.0.0.1:6379'
REDIS_PASSWORD = r'PWD_SELF_REDIS_PASSWORD'

0
log/all.log Normal file
View File

33488
log/log.log
View File

File diff suppressed because it is too large Load Diff

19
pwdselfservice/__init__.py
View File

@ -1,17 +1,22 @@
import datetime
import sys
import traceback
import logging
from django_redis import get_redis_connection
from utils.storage.kvstorage import KvStorage
import datetime
from traceback import format_exc
logger = logging.getLogger(__name__)
try:
redis_conn = get_redis_connection()
cache_storage = KvStorage(redis_conn)
cache_storage.set('redis_connection', str(datetime.datetime.now()))
redis_get = cache_storage.get('redis_connection')
cache_storage.set('test_redis_connection', str(datetime.datetime))
cache_storage.get('test_redis_connection')
cache_storage.delete('test_redis_connection')
logger.info("Redis连接成功set/get/delete测试通过...")
except Exception as e:
print("请排查Redis配置错误信息如下")
print("Redis Exception: {}".format(format_exc()))
cache_storage = None
logger.error("Redis无法连接请排查Redis配置...")
logger.error("{}".format(traceback.format_exc()))
sys.exit(1)

110
pwdselfservice/settings.py
View File

@ -1,12 +1,14 @@
import logging.config
import os
from django.utils.log import DEFAULT_LOGGING
APP_ENV = os.getenv('APP_ENV')
if APP_ENV == 'dev':
from conf.local_settings_dev import REDIS_PASSWORD, REDIS_LOCATION
DEBUG = True
from conf.local_settings_dev import REDIS_LOCATION, REDIS_PASSWORD
else:
from conf.local_settings import REDIS_PASSWORD, REDIS_LOCATION
DEBUG = False
from conf.local_settings import REDIS_LOCATION, REDIS_PASSWORD
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
@ -16,78 +18,57 @@ SECRET_KEY = 'nxnm3#&2tat_c2i6%$y74a)t$(3irh^gpwaleoja1kdv30fmcm'
ALLOWED_HOSTS = ['*']
# 不安全的内部初始密码,用于检验新密码
UN_SEC_PASSWORD = ['1qaz@WSX', '1234@Abc']
# 创建日志的路径
LOG_PATH = os.path.join(BASE_DIR, 'log')
# 如果地址不存在则会自动创建log文件夹
if not os.path.isdir(LOG_PATH):
os.mkdir(LOG_PATH)
LOGGING = {
# Disable Django's logging setup
LOGGING_CONFIG = None
LOGLEVEL = os.environ.get('LOGLEVEL', 'info').upper()
logging.config.dictConfig({
'version': 1,
# 此选项开启表示禁用部分日志不建议设置为True
'disable_existing_loggers': False,
'formatters': {
'verbose': {
'format': '%(asctime)s %(levelname)s %(pathname)s %(module)s.%(funcName)s %(lineno)d: %(message)s'
# 日志格式
},
'simple': {
'format': '%(asctime)s %(levelname)s %(pathname)s %(module)s.%(funcName)s %(lineno)d: %(message)s'
},
},
'filters': {
'require_debug_true': {
# 过滤器只有当setting的DEBUG = True时生效
'()': 'django.utils.log.RequireDebugTrue',
'default': {
# exact format is not important, this is the minimum information
"format": "%(asctime)s %(module)s %(levelname)s -%(thread)d- %(message)s"
},
'django.server': DEFAULT_LOGGING['formatters']['django.server'],
},
'handlers': {
# console logs to stderr
'console': {
'level': 'DEBUG',
'filters': ['require_debug_true'],
"level": "ERROR",
'class': 'logging.StreamHandler',
'formatter': 'verbose'
'formatter': 'default',
},
'file': {
'level': 'DEBUG',
'class': 'logging.FileHandler',
# 日志保存文件
'filename': '%s/log.log' % LOG_PATH,
# 日志格式,与上边的设置对应选择
'formatter': 'verbose'
}
'level': "DEBUG",
'class': 'logging.handlers.RotatingFileHandler',
'filename': os.path.join(LOG_PATH, "all.log"),
'formatter': 'default',
'maxBytes': 1024 * 1024 * 50,
'backupCount': 24,
'encoding': 'utf-8',
},
'django.server': DEFAULT_LOGGING['handlers']['django.server'],
},
'loggers': {
'django': {
# 日志记录器
'handlers': ['file'],
'level': 'DEBUG',
'propagate': True,
}
# default for all undefined Python modules
'': {
'level': LOGLEVEL,
'handlers': ['console', 'file'],
},
# Default runserver request logging
'django.server': DEFAULT_LOGGING['loggers']['django.server'],
},
}
# SESSION
# 只有在settings.SESSION_SAVE_EVERY_REQUEST 为True时才有效
SESSION_SAVE_EVERY_REQUEST = True
# 过期时间分钟
SESSION_COOKIE_AGE = 300
# False 会话cookie可以在用户浏览器中保持有效期。True关闭浏览器则Cookie失效。
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
# session使用的存储方式
SESSION_ENGINE = "django.contrib.sessions.backends.cache"
# 指明使用哪一个库保存session数据
SESSION_CACHE_ALIAS = "session"
})
INSTALLED_APPS = [
# 'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
@ -95,12 +76,12 @@ INSTALLED_APPS = [
'resetpwd',
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
@ -117,7 +98,6 @@ TEMPLATES = [
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
@ -126,31 +106,23 @@ TEMPLATES = [
WSGI_APPLICATION = 'pwdselfservice.wsgi.application'
# 514 66050是AD中账号被禁用的特定代码这个可以在微软官网查到。
# 可能不是太准确,如果使用者能确定还有其它状态码,可以自行在此处添加
AD_ACCOUNT_DISABLE_CODE = [514, 66050]
CACHES = {
"default": {
"BACKEND": "django_redis.cache.RedisCache",
"LOCATION": "{}/1".format(REDIS_LOCATION),
"OPTIONS": {
"CLIENT_CLASS": "django_redis.client.DefaultClient",
"PASSWORD": REDIS_PASSWORD,
"IGNORE_EXCEPTIONS": True,
}
},
"session": {
"BACKEND": "django_redis.cache.RedisCache",
"LOCATION": "{}/3".format(REDIS_LOCATION), # 指明使用redis的3号数据库
"LOCATION": "redis://{}/1".format(REDIS_LOCATION),
"OPTIONS": {
"CLIENT_CLASS": "django_redis.client.DefaultClient",
"PASSWORD": REDIS_PASSWORD,
"COMPRESSOR": "django_redis.compressors.zlib.ZlibCompressor",
"IGNORE_EXCEPTIONS": True,
}
}
}
# 514 66050是AD中账号被禁用的特定代码这个可以在微软官网查到。
# 可能不是太准确,如果使用者能确定还有其它状态码,可以自行在此处添加
AD_ACCOUNT_DISABLE_CODE = [514, 66050]
AUTH_PASSWORD_VALIDATORS = [
{
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',

1
pwdselfservice/urls.py
View File

@ -5,6 +5,7 @@ import resetpwd.views
urlpatterns = {
path("favicon.ico", RedirectView.as_view(url='static/img/favicon.ico')),
path('', resetpwd.views.index, name='index'),
path('auth', resetpwd.views.auth, name='auth'),
path('resetPassword', resetpwd.views.reset_password, name='resetPassword'),
path('unlockAccount', resetpwd.views.unlock_account, name='unlockAccount'),
path('messages', resetpwd.views.messages, name='messages'),

9
pwdselfservice/wsgi.py
View File

@ -1,12 +1,3 @@
"""
WSGI config for pwdselfservice project.
It exposes the WSGI callable as a module-level variable named ``application``.
For more information on this file, see
https://docs.djangoproject.com/en/2.1/howto/deployment/wsgi/
"""
import os
from django.core.wsgi import get_wsgi_application

258
readme.md
View File

@ -1,5 +1,5 @@
### 初学Django时碰到的一个需求因为公司中很多员工在修改密码之后有一些关联的客户端或网页中的旧密码没有更新导致密码在尝试多次之后账号被锁为了减少这种让人头疼的重置解锁密码的操蛋工作自己做了一个自助修改小平台。
### 水平有限,代码写得不好,但是能用,有需要的可以直接拿去用。
### 代码结构不咋样,但是能用,有需要的可以直接拿去用。
#### 场景说明:
因为本公司AD是早期已经在用用户的个人信息不是十分全面例如:用户手机号。
钉钉是后来才开始使用,钉钉默认是使用手机号登录。
@ -14,11 +14,6 @@
如果您的场景不是这样,请按自己的需求修改源代码适配。
### 代码提交到:
```
master
```
### 提示:
```
AD必须使用SSL才能修改密码这里被坑了N久...
@ -35,26 +30,45 @@ AD必须使用SSL才能修改密码这里被坑了N久...
+ 重写了用户账号的格式兼容现在用户账号可以兼容username、DOMAIN\username、username@abc.com这三种格式。
+ 优化了整体的代码逻辑,去掉一些冗余重复的代码。
### 2022/12/16 -- 更新:
+ 修改钉钉、企业微信直接通过企业内部免密登录授权或验证的方式实现用户信息的获取直接通过软件内部工作平台打开废弃扫码方式由于API接口的权限问题一些关键数据已经不再支持通过扫码获取
其它没变化,只修复了这个问题~~~~
### 2023/01/15 -- 更新:
+ 兼容PC与移动端的显示使用Layui
+ 修复一些BUG
+ 移除auto-install.sh中的redis部署步骤
+ 抽出应用中的授权验证跳转的代码单独做成一个auth页面可实现选择首页是进入修改密码还是自动跳转重置页面。
+ 调整部分文件说明
+ 添加日志装饰器记录请求日志
+ 优化ad_ops中异常的处理
### 2023/02/10 -- 更新:
+ 修复一些BUG
+ auto-install.sh 重写支持Ubuntu\Centos
+ 添加Redis缓存之前使用内存缓存有问题
**如果想在点击应用之后自动跳转到重置页面请将回调接口配置成YOURDOMAIN.com/auth**
## 线上环境需要的基础环境:
+ Python 3.8.9 (可自行下载源码包放到项目目录下,使用一键安装)
+ Python 3.8.16 (可自行下载源码包放到项目目录下,使用一键安装)
+ Nginx
+ Uwsgi
+ Redis
### 钉钉
![截图2](screenshot/创建H5微应用06.png)
### 界面效果
### 微信
![截图11](screenshot/微信小应用04.png)
<img alt="截图10" width="500" src="screenshot/QQ截图20230116152954.png">
<img alt="截图10" width="500" src="screenshot/212473880-4a59c535-85bb-42d2-a99a-899265c83136.png">
#### 授权或验证成功之后:
![截图15](screenshot/扫码成功.png)
<img alt="截图10" width="500" src="screenshot/212474222-e1c13e1b-bb6f-4523-b040-24a65055d681.png">
### 移动端
<img alt="截图10" width="500" src="screenshot/212474177-dd68b0c9-81cc-4eb0-9196-e760784e3f69.jpg">
<img alt="截图10" width="500" src="screenshot/212474293-0cd60898-22c3-4258-ac4c-dfee52a6cf1e.png">
## 钉钉必要条件:
#### 创建企业内部应用
@ -62,6 +76,8 @@ AD必须使用SSL才能修改密码这里被坑了N久...
* 应用需要权限:通讯录只读权限、邮箱等个人信息,范围是全部员工或自行选择
* 应用安全域名和IP一定要配置否则无法返回接口数据。
> **如果想实现进入应用就自动授权跳转重置页面可将回调域名指定向pwd.abc.com/auth**
参考截图配置:
![截图3](screenshot/h5微应用.png)
@ -74,10 +90,12 @@ AD必须使用SSL才能修改密码这里被坑了N久...
> 废弃,已经不再需要,如果之前有配置,可以删除!!
## 企业微信必要条件:
* 创建应用记录下企业的CorpId应用的ID和Secret。
> **如果想实现进入应用就自动授权跳转重置页面可将回调域名指定向pwd.abc.com/auth**
参考截图:
![截图7](screenshot/微扫码13.png)
@ -100,70 +118,11 @@ AD必须使用SSL才能修改密码这里被坑了N久...
## 使用脚本自动部署:
使用脚本自动快速部署只适合Centos其它发行版本的Linux请自行修改相关命令。
### 把整个项目目录上传到新的服务器上
#### 先修改配置文件,按自己实际的配置修改项目配置文件:
修改conf/local_settings.py中的参数按自己的实际参数修改
```` python
# ########## AD配置修改为自己的
# AD主机可以是IP或主机域名例如可以是: abc.com或172.16.122.1
AD_HOST = r'修改成自己的'
# AD域控的DOMAIN名例如abc
AD_DOMAIN = r'修改成自己的'
# 用于登录AD做用户信息处理的账号需要有修改用户账号密码或信息的权限。
# AD账号例如pwdadmin
AD_LOGIN_USER = r'修改成自己的'
# 密码
AD_LOGIN_USER_PWD = r'修改为自己的'
# BASE DN账号的查找DN路径例如'DC=abc,DC=com'可以指定到OU之下例如'OU=RD,DC=abc,DC=com'。
BASE_DN = r'修改成自己的'
# 是否启用SSL,
# 注意AD必须使用SSL才能修改密码这里被坑了N久...,自行部署下AD的证书服务并颁发CA证书重启服务器生效。具体教程百度一下有很多。
AD_USE_SSL = True
# 连接的端口如果启用SSL默认是636否则就是389
AD_CONN_PORT = 636
# 扫码验证的类型
# 钉钉 / 企业微信,自行修改
# 值是DING / WEWORK
AUTH_CODE_TYPE = 'DING'
# ########## 钉钉 《如果不使用钉钉扫码,可不用配置》##########
# 钉钉企业ID <CorpId>,修改为自己的
DING_CORP_ID = '修改为自己的'
# 钉钉企业内部开发内部H5微应用或小程序用于读取企业内部用户信息
DING_AGENT_ID = r'修改为自己的'
DING_APP_KEY = r'修改为自己的'
DING_APP_SECRET = r'修改为自己的'
# 移动应用接入 主要为了实现通过扫码拿到用户的unionid
DING_MO_APP_ID = r'修改为自己的'
DING_MO_APP_SECRET = r'修改为自己的'
# ####### 企业微信《如果不使用企业微信扫码,可不用配置》 ##########
# 企业微信的企业ID
WEWORK_CORP_ID = r'修改为自己的'
# 应用的AgentId
WEWORK_AGENT_ID = r'修改为自己的'
# 应用的Secret
WEWORK_AGNET_SECRET = r'修改为自己的'
# Redis配置
# redis的连接地址redis://<Ip/Host>:<Port>
REDIS_LOCATION = r'redis://127.0.0.1:6379'
REDIS_PASSWORD = r'12345678'
# 主页域名钉钉跳转等需要指定域名格式pwd.abc.com。
# 如果是自定义安装,请修改成自己的域名
HOME_URL = 'PWD_SELF_SERVICE_DOMAIN'
````
### 执行部署脚本
```shell
chmod +x auto-install.sh
@ -173,79 +132,19 @@ chmod +x auto-install.sh
#### 以上配置修改完成之后,则可以通过配置的域名直接访问。
# 手动部署:
#### 自行安装完python3之后使用python3目录下的pip3进行安装依赖
#### 我自行安装的Python路径为/usr/local/python3
项目目录下的requestment文件里记录了所依赖的相关python模块安装方法
>/usr/local/python3/bin/pip3 install -r requestment
>
等待所有模块安装完成之后进行下一步。
等待所有模块安装完成之后进行下一步。
### 按自己实际的配置修改项目配置参数:
修改conf/local_settings.py中的参数按自己的实际参数修改
```` python
# ########## AD配置修改为自己的
# AD主机可以是IP或主机域名例如可以是: abc.com或172.16.122.1
AD_HOST = r'修改成自己的'
# AD域控的DOMAIN名例如abc
AD_DOMAIN = r'修改成自己的'
# 用于登录AD做用户信息处理的账号需要有修改用户账号密码或信息的权限。
# AD账号例如pwdadmin
AD_LOGIN_USER = r'修改成自己的'
# 密码
AD_LOGIN_USER_PWD = r'修改为自己的'
# BASE DN账号的查找DN路径例如'DC=abc,DC=com'可以指定到OU之下例如'OU=RD,DC=abc,DC=com'。
BASE_DN = r'修改成自己的'
# 是否启用SSL,
# 注意AD必须使用SSL才能修改密码这里被坑了N久...,自行部署下AD的证书服务并颁发CA证书重启服务器生效。具体教程百度一下有很多。
AD_USE_SSL = True
# 连接的端口如果启用SSL默认是636否则就是389
AD_CONN_PORT = 636
# 扫码验证的类型
# 钉钉 / 企业微信,自行修改
# 值是DING / WEWORK
AUTH_CODE_TYPE = 'DING'
# ########## 钉钉 《如果不使用钉钉扫码,可不用配置》##########
# 钉钉企业ID <CorpId>,修改为自己的
DING_CORP_ID = '修改为自己的'
# 钉钉企业内部开发内部H5微应用或小程序用于读取企业内部用户信息
DING_AGENT_ID = r'修改为自己的'
DING_APP_KEY = r'修改为自己的'
DING_APP_SECRET = r'修改为自己的'
# 移动应用接入 主要为了实现通过扫码拿到用户的unionid
DING_MO_APP_ID = r'修改为自己的'
DING_MO_APP_SECRET = r'修改为自己的'
# ####### 企业微信《如果不使用企业微信扫码,可不用配置》 ##########
# 企业微信的企业ID
WEWORK_CORP_ID = r'修改为自己的'
# 应用的AgentId
WEWORK_AGENT_ID = r'修改为自己的'
# 应用的Secret
WEWORK_AGNET_SECRET = r'修改为自己的'
# Redis配置
# redis的连接地址redis://<Ip/Host>:<Port>
REDIS_LOCATION = r'redis://127.0.0.1:6379'
REDIS_PASSWORD = r'12345678'
# 主页域名钉钉跳转等需要指定域名格式pwd.abc.com。
# 如果是自定义安装,请修改成自己的域名
HOME_URL = 'PWD_SELF_SERVICE_DOMAIN'
````
```
安装完依赖后,直接执行
/usr/local/python3/bin/python3 manager.py runserver x.x.x.x:8000
@ -254,95 +153,22 @@ HOME_URL = 'PWD_SELF_SERVICE_DOMAIN'
## 修改uwsig.ini配置:
IP和路径按自己实际路径修改
````ini
[uwsgi]
http-socket = PWD_SELF_SERVICE_IP:PWD_SELF_SERVICE_PORT
chdir = PWD_SELF_SERVICE_HOME
module = pwdselfservice.wsgi:application
master = true
processes = 4
threads = 4
max-requests = 2000
chmod-socket = 755
vacuum = true
#设置缓冲
post-buffering = 4096
#设置静态文件
static-map = /static=PWD_SELF_SERVICE_HOME/static
#设置日志目录
daemonize = PWD_SELF_SERVICE_HOME/log/uwsgi.log
````
```
## 通过uwsgiserver启动
其中PWD_SELF_SERVICE_HOME是你自己的服务器当前项目的目录请自行修改
将以下脚本修改完之后,复制到/etc/init.d/,给予执行权限。
uwsgiserver:
```shell
#!/bin/sh
INI="PWD_SELF_SERVICE_HOME/uwsgi.ini"
UWSGI="/usr/share/python-3.6.9/bin/uwsgi"
PSID=`ps aux | grep "uwsgi"| grep -v "grep" | wc -l`
if [ ! -n "$1" ]
then
content="Usages: sh uwsgiserver [start|stop|restart]"
echo -e "\033[31m $content \033[0m"
exit 0
fi
if [ $1 = start ]
then
if [ `eval $PSID` -gt 4 ]
then
content="uwsgi is running!"
echo -e "\033[32m $content \033[0m"
exit 0
else
$UWSGI $INI
content="Start uwsgi service [OK]"
echo -e "\033[32m $content \033[0m"
fi
elif [ $1 = stop ];then
if [ `eval $PSID` -gt 4 ];then
killall -9 uwsgi
fi
content="Stop uwsgi service [OK]"
echo -e "\033[32m $content \033[0m"
elif [ $1 = restart ];then
if [ `eval $PSID` -gt 4 ];then
killall -9 uwsgi
fi
$UWSGI --ini $INI
content="Restart uwsgi service [OK]"
echo -e "\033[32m $content \033[0m"
else
content="Usages: sh uwsgiserver [start|stop|restart]"
echo -e "\033[31m $content \033[0m"
fi
````
脚本内的路径按自己实际情况修改
请自行修改将脚本修改完之后
复制到/etc/init.d/,给予执行权限。
执行/etc/init.d/uwsigserver start 启动
```
## 自行部署Nginx然后添加Nginx配置
#### Nginx配置
Nginx Server配置
* proxy_pass的IP地址改成自己的服务器IP
* 配置可自己写一个vhost或直接加在nginx.conf中
```` nginx
``` nginx
server {
listen 80;
server_name pwd.abc.com;
@ -356,5 +182,5 @@ server {
}
access_log off;
}
````
```
- 执行Nginx reload操作重新加载配置

2
requestment → requirement
View File

@ -1,11 +1,9 @@
Django==3.2
pycryptodome==3.10.1
attrs==21.2.0
python-dateutil==2.8.1
dingtalk-sdk==1.3.8
cryptography==3.4.7
ldap3==2.9
django-redis==4.12.1
django-redis==4.12.1
requests==2.28.1
uwsgi==2.0.21

68
resetpwd/utils.py
View File

@ -7,22 +7,22 @@
# @Date 2021/5/20 8:47
from django.shortcuts import render
from django.http import HttpResponseRedirect
import logging
from utils.crypto_ops import Crypto
from ldap3.core.exceptions import LDAPInvalidCredentialsResult, LDAPOperationResult, LDAPExceptionError, LDAPException
from ldap3.core.exceptions import LDAPException
from django.conf import settings
import os
from utils.tracecalls import decorator_logger
APP_ENV = os.getenv('APP_ENV')
if APP_ENV == 'dev':
from conf.local_settings_dev import *
else:
from conf.local_settings import *
logger = logging.getLogger('django')
logger = logging.getLogger(__name__)
@decorator_logger(logger, log_head='AccountOps', pretty=True, indent=2, verbose=1)
def code_2_user_detail(ops, home_url, code):
"""
临时授权码换取userinfo
@ -31,39 +31,17 @@ def code_2_user_detail(ops, home_url, code):
return _, s, e
def code_2_user_info_with_oauth2(ops, request, msg_template, home_url, code):
"""
临时授权码换取userinfo
"""
_status, user_id = ops.get_user_id_by_code(code)
# 判断 user_id 在本企业钉钉/微信中是否存在
if not _status:
context = {
'msg': '获取userid失败错误信息{}'.format(user_id),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return False, context, user_id
detail_status, user_info = ops.get_user_detail_by_user_id(user_id)
if not detail_status:
context = {
'msg': '获取用户信息失败,错误信息:{}'.format(user_info),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return False, context, user_info
return True, user_id, user_info
@decorator_logger(logger, log_head='AccountOps', pretty=True, indent=2, verbose=1)
def ops_account(ad_ops, request, msg_template, home_url, username, new_password):
"""
ad 账号操作判断账号状态重置密码或解锁账号
"""
try:
print("ops_account: {}" .format(username))
print("ops_account: {}".format(username))
_status, _account = ad_ops.ad_ensure_user_by_account(username=username)
if not _status:
context = {
'global_title': TITLE,
'msg': "账号[%s]在AD中不存在请确认当前钉钉扫码账号绑定的邮箱是否和您正在使用的邮箱一致或者该账号己被禁用\n猜测:您的账号或邮箱是否是带有数字或其它字母区分?" % username,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
@ -73,6 +51,7 @@ def ops_account(ad_ops, request, msg_template, home_url, username, new_password)
_status, account_code = ad_ops.ad_get_user_status_by_account(username)
if _status and account_code in settings.AD_ACCOUNT_DISABLE_CODE:
context = {
'global_title': TITLE,
'msg': "此账号状态为己禁用请联系HR确认账号是否正确。",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
@ -80,7 +59,8 @@ def ops_account(ad_ops, request, msg_template, home_url, username, new_password)
return render(request, msg_template, context)
elif not _status:
context = {
'msg': "错误:{}" .format(account_code),
'global_title': TITLE,
'msg': "错误:{}".format(account_code),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
@ -93,22 +73,25 @@ def ops_account(ad_ops, request, msg_template, home_url, username, new_password)
unlock_status, result = ad_ops.ad_unlock_user_by_account(username)
if unlock_status:
context = {
'msg': "密码己修改成功,请妥善保管。你可以点击返回主页或直接关闭此页面!",
'global_title': TITLE,
'msg': "密码己修改成功,请妥善保管。你可以点击修改密码或直接关闭此页面!",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
else:
context = {
'global_title': TITLE,
'msg': "密码未修改/重置成功,错误信息:{}".format(result),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
else:
unlock_status, result = ad_ops.ad_unlock_user_by_account(username)
if unlock_status:
context = {
'global_title': TITLE,
'msg': "账号己解锁成功。你可以点击返回主页或直接关闭此页面!",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
@ -116,14 +99,17 @@ def ops_account(ad_ops, request, msg_template, home_url, username, new_password)
return render(request, msg_template, context)
else:
context = {
'global_title': TITLE,
'msg': "账号未能解锁,错误信息:{}".format(result),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
except LDAPInvalidCredentialsResult as lic_e:
raise LDAPOperationResult("LDAPInvalidCredentialsResult: " + str(lic_e.message))
except LDAPOperationResult as lo_e:
raise LDAPOperationResult("LDAPOperationResult: " + str(lo_e.message))
except LDAPException as l_e:
raise LDAPException("LDAPException: " + str(l_e))
context = {
'global_title': TITLE,
'msg': "账号未能解锁,错误信息:{}".format(l_e),
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)

282
resetpwd/views.py
View File

@ -1,33 +1,38 @@
import json
import logging
import os
import traceback
from django.shortcuts import render
from utils.ad_ops import AdOps
from ldap3.core.exceptions import LDAPException
import urllib.parse as url_encode
from utils.format_username import format2username, get_user_is_active, get_email_from_userinfo
from .form import CheckForm
from .utils import code_2_user_detail, ops_account
from django.conf import settings
from utils.tracecalls import decorator_logger
from pwdselfservice import cache_storage
APP_ENV = os.getenv('APP_ENV')
if APP_ENV == 'dev':
from conf.local_settings_dev import AUTH_CODE_TYPE, DING_MO_APP_ID, WEWORK_CORP_ID, WEWORK_AGENT_ID, HOME_URL, DING_CORP_ID
from conf.local_settings_dev import INTEGRATION_APP_TYPE, DING_MO_APP_ID, WEWORK_CORP_ID, WEWORK_AGENT_ID, HOME_URL, \
DING_CORP_ID, TITLE
else:
from conf.local_settings import AUTH_CODE_TYPE, DING_MO_APP_ID, WEWORK_CORP_ID, WEWORK_AGENT_ID, HOME_URL, DING_CORP_ID
from conf.local_settings import INTEGRATION_APP_TYPE, DING_MO_APP_ID, WEWORK_CORP_ID, WEWORK_AGENT_ID, HOME_URL, \
DING_CORP_ID, TITLE
msg_template = 'messages.v1.html'
logger = logging.getLogger('django')
msg_template = 'messages.html'
logger = logging.getLogger(__name__)
class PARAMS(object):
if AUTH_CODE_TYPE == 'DING':
if INTEGRATION_APP_TYPE == 'DING':
corp_id = DING_CORP_ID
app_id = DING_MO_APP_ID
agent_id = None
AUTH_APP = '钉钉'
from utils.dingding_ops import DingDingOps
ops = DingDingOps()
elif AUTH_CODE_TYPE == 'WEWORK':
elif INTEGRATION_APP_TYPE == 'WEWORK':
corp_id = None
app_id = WEWORK_CORP_ID
agent_id = WEWORK_AGENT_ID
@ -40,29 +45,32 @@ scan_params = PARAMS()
_ops = scan_params.ops
def index(request):
"""
用户自行修改密码/首页
"""
@decorator_logger(logger, log_head='Request', pretty=True, indent=2, verbose=1)
def auth(request):
home_url = '%s://%s' % (request.scheme, HOME_URL)
corp_id = scan_params.corp_id
app_id = scan_params.app_id
agent_id = scan_params.agent_id
scan_app = scan_params.AUTH_APP
unsecpwd = settings.UN_SEC_PASSWORD
redirect_url = url_encode.quote(home_url + '/resetPassword')
if request.method == 'GET' and AUTH_CODE_TYPE == 'DING':
return render(request, 'ding_index.v1.html', locals())
elif request.method == 'GET' and AUTH_CODE_TYPE == 'WEWORK':
return render(request, 'we_index.v1.html', locals())
app_type = INTEGRATION_APP_TYPE
global_title = TITLE
if request.method == 'GET':
return render(request, 'auth.html', locals())
else:
logger.error('[异常] 请求方法:%s,请求路径%s' % (request.method, request.path))
#
# if request.method == 'GET':
# return render(request, 'index.v1.html', locals())
if request.method == 'POST':
@decorator_logger(logger, log_head='Request', pretty=True, indent=2, verbose=1)
def index(request):
home_url = '%s://%s' % (request.scheme, HOME_URL)
scan_app = scan_params.AUTH_APP
global_title = TITLE
if request.method == 'GET':
return render(request, 'index.html', locals())
elif request.method == 'POST':
# 对前端提交的数据进行二次验证,防止恶意提交简单密码或篡改账号。
check_form = CheckForm(request.POST)
if check_form.is_valid():
@ -71,42 +79,47 @@ def index(request):
old_password = form_obj.get("old_password")
new_password = form_obj.get("new_password")
else:
_msg = check_form.as_p().errors
_msg = check_form
logger.error('[异常] 请求方法:%s,请求路径:%s,错误信息:%s' % (request.method, request.path, _msg))
context = {
'global_title': TITLE,
'msg': _msg,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
# 格式化用户名
_, username = format2username(username)
if _ is False:
context = {
'global_title': TITLE,
'msg': username,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
# 检测账号状态
auth_status, auth_result = AdOps().ad_auth_user(username=username, password=old_password)
if not auth_status:
context = {
'global_title': TITLE,
'msg': str(auth_result),
'button_click': "window.history.back()",
'button_display': "返回"
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
return ops_account(AdOps(), request, msg_template, home_url, username, new_password)
else:
context = {
'msg': "请从主页进行修改密码操作或扫码验证用户信息。",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
'global_title': TITLE,
'msg': "不被接受的认证信息,请重新尝试认证授权。",
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
@decorator_logger(logger, log_head='Request', pretty=True, indent=2, verbose=1)
def reset_password(request):
"""
钉钉扫码并验证信息通过之后在重置密码页面将用户账号进行绑定
@ -116,102 +129,116 @@ def reset_password(request):
home_url = '%s://%s' % (request.scheme, HOME_URL)
if request.method == 'GET':
code = request.GET.get('code')
if code:
logger.info('[成功] 请求方法:%s,请求路径:%sCode%s' % (request.method, request.path, code))
else:
logger.error('[异常] 请求方法:%s,请求路径:%s未能拿到Code。' % (request.method, request.path))
context = {
'msg': "错误,临时授权码己失效,请从主页重新开始登录授权..",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
try:
# 用code换取用户基本信息
_status, user_id, user_info = code_2_user_detail(_ops, home_url, code)
if not _status:
return render(request, msg_template, user_id)
# 账号在企业微信或钉钉中是否是激活的
_, res = get_user_is_active(user_info)
if not _:
context = {
'msg': '当前扫码的用户未激活或可能己离职,用户信息如下:%s' % user_info,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
except Exception as callback_e:
context = {
'msg': "错误[%s],请与管理员联系." % str(callback_e),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
logger.error('[异常] %s' % str(callback_e))
return render(request, msg_template, context)
# 通过user_info拿到用户邮箱并格式化为username
_, email = get_email_from_userinfo(user_info)
if not _:
context = {
'msg': email,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
_, username = format2username(email)
if _ is False:
context = {
'msg': username,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
# 如果邮箱能提取到,则格式化之后,提取出账号提交到前端绑定
if username:
request.session[username] = code
username = request.GET.get('username')
# 如果从GET路径中提取到username、code并且在缓存中存在username对应的code值说明已经认证过
if username and code and cache_storage.get(username) == code:
context = {
'global_title': TITLE,
'username': username,
'code': code,
}
return render(request, 'resetPassword.v1.html', context)
return render(request, 'reset_password.html', context)
# 否则就是第一次认证用code换取用户信息
else:
context = {
'msg': "{},您好,企业{}中未能找到您账号的邮箱配置请联系HR完善信息。".format(user_info.get('name'), scan_params.AUTH_APP),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
if not code:
context = {
'global_title': TITLE,
'msg': "临时授权码己失效,请尝试重新认证授权...",
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
try:
_status, user_id, user_info = code_2_user_detail(_ops, home_url, code)
if not _status:
return render(request, msg_template, user_id)
# 账号在企业微信或钉钉中是否是激活的
_, res = get_user_is_active(user_info)
if not _:
context = {
'global_title': TITLE,
'msg': '当前扫码的用户未激活或可能己离职,用户信息如下:%s' % user_info,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
# 通过user_info拿到用户邮箱并格式化为username
_, email = get_email_from_userinfo(user_info)
if not _:
context = {
'global_title': TITLE,
'msg': email,
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
_, username = format2username(email)
if _ is False:
context = {
'global_title': TITLE,
'msg': username,
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
if username:
cache_storage.set(username, code, ttl=300)
context = {
'global_title': TITLE,
'username': username,
'code': code,
}
return render(request, 'reset_password.html', context)
else:
context = {
'global_title': TITLE,
'msg': "{},您好,企业{}中未能找到您账号的邮箱配置请联系HR完善信息。".format(
user_info.get('name'), scan_params.AUTH_APP),
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
except Exception as callback_e:
context = {
'global_title': TITLE,
'msg': "错误[%s],请与管理员联系." % str(callback_e),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
logger.error('[异常] %s' % str(callback_e))
return render(request, msg_template, context)
# 重置密码页面,输入新密码后点击提交
elif request.method == 'POST':
username = request.POST.get('username')
code = request.POST.get('code')
if request.session.get(username) and request.session.get(username) == code:
if username and code and cache_storage.get(username) == code:
_new_password = request.POST.get('new_password').strip()
try:
return ops_account(ad_ops=AdOps(), request=request, msg_template=msg_template, home_url=home_url, username=username, new_password=_new_password)
return ops_account(ad_ops=AdOps(), request=request, msg_template=msg_template, home_url=home_url,
username=username, new_password=_new_password)
except Exception as reset_e:
context = {
'global_title': TITLE,
'msg': "错误[%s],请与管理员联系." % str(reset_e),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
logger.error('[异常] %s' % str(reset_e))
return render(request, msg_template, context)
finally:
del request.session[username]
else:
context = {
'msg': "认证已经失效,请从主页重新进行操作。",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
else:
context = {
'global_title': TITLE,
'msg': "认证已经失效,可尝试从重新认证授权。",
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
@decorator_logger(logger, log_head='Request', pretty=True, indent=2, verbose=1)
def unlock_account(request):
"""
解锁账号
@ -220,36 +247,57 @@ def unlock_account(request):
"""
home_url = '%s://%s' % (request.scheme, HOME_URL)
if request.method == 'GET':
code = request.GET.get('code')
username = request.GET.get('username')
if username and code and cache_storage.get(username) == code:
context = {
'global_title': TITLE,
'username': username,
'code': code,
}
return render(request, 'unlock.html', context)
else:
context = {
'global_title': TITLE,
'msg': "{},您好,当前会话可能已经过期,请再试一次吧。".format(username),
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
if request.method == 'POST':
username = request.POST.get('username')
code = request.POST.get('code')
if request.session.get(username) and request.session.get(username) == code:
if username and code and cache_storage.get(username) == code:
try:
return ops_account(AdOps(), request, msg_template, home_url, username, None)
except Exception as reset_e:
context = {
'global_title': TITLE,
'msg': "错误[%s],请与管理员联系." % str(reset_e),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
logger.error('[异常] %s' % str(reset_e))
logger.error('{}' .format(traceback.format_exc()))
return render(request, msg_template, context)
finally:
del request.session[username]
else:
context = {
'msg': "认证已经失效,请从主页重新进行操作。",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
else:
context = {
'global_title': TITLE,
'msg': "认证已经失效,请尝试从重新进行认证授权。",
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
@decorator_logger(logger, log_head='Request', pretty=True, indent=2, verbose=1)
def messages(request):
_msg = request.GET.get('msg')
button_click = request.GET.get('button_click')
button_display = request.GET.get('button_display')
context = {
'global_title': TITLE,
'msg': _msg,
'button_click': button_click,
'button_display': button_display

BIN
screenshot/212473880-4a59c535-85bb-42d2-a99a-899265c83136.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 114 KiB

BIN
screenshot/212474177-dd68b0c9-81cc-4eb0-9196-e760784e3f69.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 422 KiB

BIN
screenshot/212474178-2214cfe0-d5a2-4f62-85bd-531705030200.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 422 KiB

BIN
screenshot/212474222-e1c13e1b-bb6f-4523-b040-24a65055d681.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 79 KiB

BIN
screenshot/212474233-44ed826b-dd3a-4d0f-b7ed-983e667a1a60.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 59 KiB

BIN
screenshot/212474293-0cd60898-22c3-4258-ac4c-dfee52a6cf1e.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 167 KiB

BIN
screenshot/QQ截图20230116152954.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 93 KiB

BIN
screenshot/微扫码11.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 868 KiB

BIN
screenshot/微扫码12.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 219 KiB

379
static/css/dmaku.css
View File

@ -1,379 +0,0 @@
* {
box-sizing: border-box;
}
body {
font-family: 'Montserrat', sans-serif;
background: #f6f5f7;
display: flex;
flex-direction: column;
justify-content: center;
align-items: center;
height: 100vh;
margin: -20px 0 50px;
}
h1 {
font-weight: bold;
margin: 0;
}
p {
font-size: 4px;
line-height: 20px;
letter-spacing: .5px;
margin: 20px 0 30px;
}
span {
font-size: 12px;
}
a {
color: #333;
font-size: 14px;
text-decoration: none;
margin: 15px 0;
}
.head-container {
background: url(/static/img/logo.png) left center no-repeat;
overflow: hidden;
width: 768px;
max-width: 100%;
height: 100px;
max-height: 100px;
color: #1b83d8;
vertical-align: middle;
display: inline-block;
}
.head-container p {
float: right;
margin-top: 28px;
padding: 10px 30px;
font-size: 28px;
vertical-align: middle;
text-shadow: 0 14px 28px rgba(0, 0, 0, .25), 0 5px 5px rgba(0, 0, 0, .22);
}
.middle-container {
background: #fff;
border-radius: 10px;
box-shadow: 0 14px 28px rgba(0, 0, 0, .25), 0 10px 10px rgba(0, 0, 0, .22);
position: relative;
overflow: hidden;
width: 768px;
max-width: 100%;
min-height: 480px;
}
.form-container form {
background: #fff;
display: flex;
flex-direction: column;
padding: 0 50px;
height: 100%;
justify-content: center;
align-items: center;
text-align: center;
}
.form-container a {
border-radius: 20px;
border: 1px solid #1b83d8;
background: #1b83d8;
color: #fff;
font-size: 12px;
font-weight: bold;
padding: 12px 45px;
letter-spacing: 1px;
text-transform: uppercase;
transition: transform 80ms ease-in;
cursor: pointer;
}
.form-container a:active {
transform: scale(.95);
}
.form-container a:focus {
outline: none;
}
.form-container a.ghost {
background: transparent;
border-color: #fff;
}
.social-container {
margin: 20px 0;
}
.social-container a {
border: 1px solid #ddd;
border-radius: 50%;
display: inline-flex;
justify-content: center;
align-items: center;
margin: 0 5px;
height: 40px;
width: 40px;
}
.social-container a:hover {
background-color: #eee;
}
.form-container input {
background: #eee;
border: none;
padding: 12px 15px;
margin: 8px 0;
width: 100%;
outline: none;
}
button {
border-radius: 20px;
border: 1px solid #1b83d8;
background: #1b83d8;
color: #fff;
font-size: 12px;
font-weight: bold;
padding: 12px 45px;
letter-spacing: 1px;
text-transform: uppercase;
transition: transform 80ms ease-in;
cursor: pointer;
}
button:active {
transform: scale(.95);
}
button:focus {
outline: none;
}
button.ghost {
background: transparent;
border-color: #fff;
}
.form-container {
position: absolute;
top: 0;
height: 100%;
transition: all .6s ease-in-out;
}
.left-content-container {
left: 0;
width: 50%;
z-index: 2;
}
.right-content-container {
left: 0;
width: 50%;
z-index: 1;
opacity: 0;
}
.overlay-container {
position: absolute;
top: 0;
left: 50%;
width: 50%;
height: 100%;
overflow: hidden;
transition: transform .6s ease-in-out;
z-index: 100;
}
.overlay {
background: #41aaff;
background: linear-gradient(to right, #1b83d8, #6ebbfa) no-repeat 0 0 / cover;
color: #fff;
position: relative;
left: -100%;
height: 100%;
width: 200%;
transform: translateY(0);
transition: transform .6s ease-in-out;
}
.overlay-panel {
position: absolute;
top: 0;
display: flex;
flex-direction: column;
justify-content: center;
align-items: center;
padding: 0 40px;
height: 100%;
width: 50%;
text-align: center;
transform: translateY(0);
transition: transform .6s ease-in-out;
}
.overlay-container a {
border-radius: 20px;
border: 1px solid #1b83d8;
background: #1b83d8;
color: #fff;
font-size: 12px;
font-weight: bold;
padding: 12px 45px;
letter-spacing: 1px;
text-transform: uppercase;
transition: transform 80ms ease-in;
cursor: pointer;
}
.overlay-container a:active {
transform: scale(.95);
}
.overlay-container a:focus {
outline: none;
}
.overlay-container a.ghost {
background: transparent;
border-color: #fff;
}
.overlay-right {
right: 0;
transform: translateY(0);
}
.overlay-left {
transform: translateY(-20%);
}
/* Move signin to right */
.middle-container.right-panel-active .left-content-container {
transform: translateY(100%);
}
/* Move overlay to left */
.middle-container.right-panel-active .overlay-container {
transform: translateX(-100%);
}
/* Bring signup over signin */
.middle-container.right-panel-active .right-content-container {
transform: translateX(100%);
opacity: 1;
z-index: 5;
}
/* Move overlay back to right */
.middle-container.right-panel-active .overlay {
transform: translateX(50%);
}
/* Bring back the text to center */
.middle-container.right-panel-active .overlay-left {
transform: translateY(0);
}
/* Same effect for right */
.middle-container.right-panel-active .overlay-right {
transform: translateY(20%);
}

135
static/css/load.css
View File

@ -1,135 +0,0 @@
.sk-fading-circle {
margin: 100px auto;
width: 40px;
height: 40px;
position: relative;
}
.sk-fading-circle .sk-circle {
width: 100%;
height: 100%;
position: absolute;
left: 0;
top: 0;
}
.sk-fading-circle .sk-circle:before {
content: '';
display: block;
margin: 0 auto;
width: 15%;
height: 15%;
background-color: #333;
border-radius: 100%;
-webkit-animation: sk-circleFadeDelay 1.2s infinite ease-in-out both;
animation: sk-circleFadeDelay 1.2s infinite ease-in-out both;
}
.sk-fading-circle .sk-circle2 {
-webkit-transform: rotate(30deg);
-ms-transform: rotate(30deg);
transform: rotate(30deg);
}
.sk-fading-circle .sk-circle3 {
-webkit-transform: rotate(60deg);
-ms-transform: rotate(60deg);
transform: rotate(60deg);
}
.sk-fading-circle .sk-circle4 {
-webkit-transform: rotate(90deg);
-ms-transform: rotate(90deg);
transform: rotate(90deg);
}
.sk-fading-circle .sk-circle5 {
-webkit-transform: rotate(120deg);
-ms-transform: rotate(120deg);
transform: rotate(120deg);
}
.sk-fading-circle .sk-circle6 {
-webkit-transform: rotate(150deg);
-ms-transform: rotate(150deg);
transform: rotate(150deg);
}
.sk-fading-circle .sk-circle7 {
-webkit-transform: rotate(180deg);
-ms-transform: rotate(180deg);
transform: rotate(180deg);
}
.sk-fading-circle .sk-circle8 {
-webkit-transform: rotate(210deg);
-ms-transform: rotate(210deg);
transform: rotate(210deg);
}
.sk-fading-circle .sk-circle9 {
-webkit-transform: rotate(240deg);
-ms-transform: rotate(240deg);
transform: rotate(240deg);
}
.sk-fading-circle .sk-circle10 {
-webkit-transform: rotate(270deg);
-ms-transform: rotate(270deg);
transform: rotate(270deg);
}
.sk-fading-circle .sk-circle11 {
-webkit-transform: rotate(300deg);
-ms-transform: rotate(300deg);
transform: rotate(300deg);
}
.sk-fading-circle .sk-circle12 {
-webkit-transform: rotate(330deg);
-ms-transform: rotate(330deg);
transform: rotate(330deg);
}
.sk-fading-circle .sk-circle2:before {
-webkit-animation-delay: -1.1s;
animation-delay: -1.1s;
}
.sk-fading-circle .sk-circle3:before {
-webkit-animation-delay: -1s;
animation-delay: -1s;
}
.sk-fading-circle .sk-circle4:before {
-webkit-animation-delay: -0.9s;
animation-delay: -0.9s;
}
.sk-fading-circle .sk-circle5:before {
-webkit-animation-delay: -0.8s;
animation-delay: -0.8s;
}
.sk-fading-circle .sk-circle6:before {
-webkit-animation-delay: -0.7s;
animation-delay: -0.7s;
}
.sk-fading-circle .sk-circle7:before {
-webkit-animation-delay: -0.6s;
animation-delay: -0.6s;
}
.sk-fading-circle .sk-circle8:before {
-webkit-animation-delay: -0.5s;
animation-delay: -0.5s;
}
.sk-fading-circle .sk-circle9:before {
-webkit-animation-delay: -0.4s;
animation-delay: -0.4s;
}
.sk-fading-circle .sk-circle10:before {
-webkit-animation-delay: -0.3s;
animation-delay: -0.3s;
}
.sk-fading-circle .sk-circle11:before {
-webkit-animation-delay: -0.2s;
animation-delay: -0.2s;
}
.sk-fading-circle .sk-circle12:before {
-webkit-animation-delay: -0.1s;
animation-delay: -0.1s;
}
@-webkit-keyframes sk-circleFadeDelay {
0%, 39%, 100% { opacity: 0; }
40% { opacity: 1; }
}
@keyframes sk-circleFadeDelay {
0%, 39%, 100% { opacity: 0; }
40% { opacity: 1; }
}

119
static/css/login.css
View File

@ -1,119 +0,0 @@
a, body, button, dd, div, dl, dt, h1, h2, h3, h4, h5, h6, input, li, ol, p, td, textarea, ul { margin: 0; padding: 0; }
body, button, input, select, textarea { font: 9pt/1.5 tahoma,arial,Hiragino Sans GB,\5b8b\4f53,sans-serif; }
button, h1, h2, h3, h4, h5, h6, input, select, textarea { font-size: 100%; }
/*background-image: linear-gradient(160deg, #2f548e 20%,#043559 80%);*/
html{height: 100%; background-image: linear-gradient(160deg, #2f548e 20%,#043559 80%);}
ol, ul { list-style: none;}
a { color: #666; text-decoration: none; }
a:hover { color: #043559; text-decoration: underline; }
body { font-size: 9pt; height: 100%;
font-family: 'microsoft yahei', sans-serif; min-width: 750pt; margin: 0; overflow: hidden}
img { border: 0; vertical-align: top; }
textarea { resize: none; }
a, button, input, select, textarea { outline: 0; }
a, button { cursor: pointer; }
button { border: none; }
.errorlist {font-size: 16px; color: #333333}
.pagewrap {height: 100% }
.main { position: relative; margin-top:0; width: 100%; height: 100%}
.header {height: 100px;margin-bottom: 5%;margin-left: 50px; background: url(/static/img/logo.png) left center no-repeat; }
.header h1 a { display: block; }
.content { overflow: hidden; margin-left: 10% }
.content .con_left { float: left; height: 450px; width: 50%; margin-top: 65px}
/*.content .con_left .box {position: absolute; width: 400px; height:400px; left: 50%; right: 50%; margin-left: -100px; margin-right: -100px;}*/
.content .con_left p { padding: 0 0 3px; width: 10pc; color: #040000; font-size: 1pc; font-family: 'microsoft yahei', sans-serif; }
.content .con_left a { padding: 0 0 0 2pc; color: #2f548e; text-decoration: underline; font-size: 1pc; font-family: 'microsoft yahei', sans-serif; }
.content .con_right { float: left; margin: 65px 0 0; width: 28pc; height: 450px; border: 1px solid #dedede; background: #fff; }
.content .con_right .con_r_top { padding: 0 0 0 39px; width: 409px; height: 110px; border-top: 8px solid #2e558e; }
.content .con_right .con_r_top .left, .content .con_right .con_r_top .right { float: left; padding: 35px 0 0; width: 186px; height: 35px; text-align: center; text-decoration: none; font-size: 18px; font-family: "微软雅黑"; }
.content .con_right .con_r_top .left { border-bottom: 2px solid #dedede; color: #999; }
.content .con_right ul .con_r_left .erweima { text-align: center; }
.content .con_right ul .con_r_left p {color: #2f548e; font-size: 25px; font-family: 'microsoft yahei', sans-serif; }
.content .con_right ul .con_r_left .user input { margin: 0 0 21px -1px; padding-left: 7px; width: 324px; height: 33px; border: 1px solid #dedede; color: #999; font-size: 14px; font-family: "微软雅黑"; line-height: 2pc; }
.content .con_right ul .con_r_left .user { padding: 0 0 0 39px; }
.content .con_right ul .con_r_left .user ul{font-size: 16px; color: #333333}
.content .con_right ul .con_r_left .user li{font-size: 16px; color: #333333}
.content .con_right ul .con_r_left .user .user-icon { float: left; width: 36px; height: 35px; background: url(../img/user-icon.jpg) left top no-repeat; }
.content .con_right ul .con_r_left .user .mima-icon { float: left; width: 36px; height: 35px; background: url(../img/mima-icon.jpg) left top no-repeat; }
.content .con_right ul .con_r_left .user .unlock-icon { float: left; width: 36px; height: 35px; background: url(../img/unlock.jpg) left top no-repeat; }
.content .con_right ul .con_r_left p { overflow: hidden; padding: 0 39px 37px; color: #666; font-size: 13px; font-family: 'microsoft yahei', sans-serif; }
.content .con_right ul .con_r_left p .mima { float: left; padding-left: 5px; text-decoration: none; }
.content .con_right ul .con_r_left p .zhuce { float: right; text-decoration: none; }
.content .con_right ul .con_r_left button { margin: 0 0 0 75pt; width: 250px; height: 44px; background: #2e558e; color: #fff; font-size: 1pc; font-family: 'microsoft yahei', sans-serif; }
.content .con_right .con_r_top .right { border-bottom: 2px solid #2e558e; color: #333; }
.content .con_right ul .con_r_right .user input { margin: 0 0 21px -1px; padding-left: 7px; width: 324px; height: 33px; border: 1px solid #dedede; color: #999; font-size: 14px; font-family: "微软雅黑"; line-height: 2pc; }
.content .con_right ul .con_r_right .user { padding: 0 0 0 39px; }
.content .con_right ul .con_r_right .user ul{font-size: 16px; color: #333333}
.content .con_right ul .con_r_right .user li{font-size: 16px; color: #333333}
.content .con_right ul .con_r_right .user .user-icon { float: left; width: 36px; height: 35px; background: url(../img/user-icon.jpg) left top no-repeat; }
.content .con_right ul .con_r_right .user .mima-icon { float: left; width: 36px; height: 35px; background: url(../img/mima-icon.jpg) left top no-repeat; }
.content .con_right ul .con_r_right .user .unlock-icon { float: left; width: 36px; height: 35px; background: url(../img/unlock.jpg) left top no-repeat; }
.content .con_right ul .con_r_right p { overflow: hidden; padding: 0 39px 37px; color: #666; font-size: 13px; font-family: 'microsoft yahei', sans-serif; }
.content .con_right ul .con_r_right p .mima { float: left; padding-left: 5px; text-decoration: none; }
.content .con_right ul .con_r_right p .zhuce { float: right; text-decoration: none; }
.content .con_right ul .con_r_right button { margin: 0 0 0 75pt; width: 250px; height: 44px; background: #2e558e; color: #fff; font-size: 1pc; font-family: 'microsoft yahei', sans-serif; }
.content .con_right ul .con_r_left { display: none; }
.con_right ul .con_r_left .erweima { position: relative; margin: 0 auto; width: 365px; height: 330px; }
.qrcode { position: absolute; top: 0; left: 0; width: 174px; height: 11pc; }
.divimg { position: absolute; top: 50%; left: 50%; z-index: 100; overflow: hidden; margin-top: -15px; margin-left: -30px; padding: 1px; width: 60px; height: 30px; border: 1px solid #eee; border-radius: .5rem; background: #fff; opacity: .9; filter: alpha(opacity=90); -moz-opacity: .9; }
.content .con_right ul .con_r_right .user .yanzheng { width: 150px; margin: 0 5px 10px 1px; padding-left: 5px; }
.content .con_right ul .con_r_right .user .next { font-size: 12px; width: 40px; height: 33px; float: right; margin-right: 40px; }
.content .con_right .con_r_top { *height: 90px; }
.autoWidth{margin:0 auto;min-width:1000px;max-width:1200px}
.auto{margin:0 auto;min-width:1000px;max-width:1200px}
@media screen and (max-width:1233px){.auto{padding-left:10px}
}
.clearfix:after,.clearfix:before{display:table;line-height:0;content:""}
.clearfix:after{clear:both}
.clear-float{clear:both}
.footer{background-color:#009fd9;font-family: 'microsoft yahei', sans-serif; }
.footer-floor1{width:100%;padding:36px 0 60px}
.footer-list{width:69%;height:100%;float:left}
.footer-list ul{float:left;margin-right:13%}
.footer-list .flist-4{margin-right:0}
.footer-list li{line-height:32px}
.footer-list li a{color:#b6e2f2;font-size:12px;text-decoration:none}
.footer-list li a:hover{text-decoration:underline;color:#fff}
.footer-list .flist-title{font-size:16px;color:#fff;margin-bottom:15px}
.footer-floor2{width:100%;border-top:1px solid #4cc3ed;padding:20px 0;text-align:center}
.footer-floor2 p{text-align:center;color:#b6e2f2;font-size:12px;line-height:30px}
.footer-floor2 p span{font-family:PingFangSC-Light,'helvetica neue','hiragino sans gb',tahoma,'microsoft yahei ui','microsoft yahei',sans-serif}
.footer-floor2 a{color:#b6e2f2}
.footer-floor2 a:hover{color:#a8d0e0;text-decoration:underline}
.foot-link{margin:0 15px;text-decoration:none;color:#b6e2f2}
.foot-link:hover{text-decoration:underline}
.footer-right{width:300px;float:right}
.telephone{width:100%;height:32px;line-height:32px;color:#fff}
.telephone .tel-number{font-size:30px;font-weight:400;text-align:right}
.official-plat{width:100%;height:100%;margin-top:20px;position:relative}
.official-plat ul{float:right;margin-top:7px}
.official-plat ul li{height:45px}
.official-plat ul a{display:inline-block;height:32px;width:100%;line-height:32px;color:#fff;text-decoration:none;font-size:12px}
.official-plat>p{display:inline-block;width:132px;height:132px;border:1px solid #ddd;background-color:#fff}
#wx-corner{border:10px solid transparent;border-left:10px solid #fff;position:absolute;top:12px;right:-20px;z-index:10}
#wb-corner{border:10px solid transparent;border-left:10px solid #fff;position:absolute;top:58px;right:-20px;z-index:10}
.five-superiority{width:100%;border-bottom:1px solid #27aede;padding:10px 0 20px}
.five-superiority-list li{float:left;width:20%;height:36px;text-align:center;border-left:1px solid #27aede}
.five-superiority-list li:first-child{border-left:none}
.five-superiority-list li a{display:inline-block;position:relative;width:100%;height:36px;line-height:36px;background:no-repeat 2% center;text-indent:2em;color:#fff;font-size:16px}
.five-superiority-list li a:hover{color:#bfe7f5}
.five-superiority-list li a.superiority-text{text-indent:4em}
.compensate_ico .superiority-icon{background-position:0 0}
.compensate_ico:hover .superiority-icon{background-position:0 -50px}
.retreat_ico .superiority-icon{background-position:0 -100px}
.retreat_ico:hover .superiority-icon{background-position:0 -150px}
.technology_ico .superiority-icon{background-position:0 -200px}
.technology_ico:hover .superiority-icon{background-position:0 -250px}
.prepare_ico .superiority-icon{background-position:0 -300px}
.prepare_ico:hover .superiority-icon{background-position:0 -350px}
.service_ico .superiority-icon{background-position:0 -400px}
.service_ico:hover .superiority-icon{background-position:0 -450px}
.marquee-box{overflow:hidden;width:100%;position:absolute;left:0;top:0}
.marquee{width:8000%;height:60px}
.wave-list-box{float:left}
.wave-list-box ul{float:left;height:60px;overflow:hidden;zoom:1}
.wave-list-box ul li{height:60px;width:100%;float:left;line-height:30px;list-style:none}
.wave-box{position:relative;height:60px;background:#fff}

112
static/css/style.css
View File

@ -1,66 +1,54 @@
*{margin:0;padding:0;box-sizing:border-box;list-style:none}
html{height: 100%; width:100%}
body{font-family:"Microsoft Yahei";min-width:1000px}
a{outline:0;text-decoration:none}
strong{font-weight:400}
.strong{font-weight:700}
::selection{background:#1EACDF;color:#fff}
img{border:0}
::-moz-selection{background:#1EACDF;color:#fff}
::-webkit-selection{background:#1EACDF;color:#fff}
.autoWidth{margin:0 auto;min-width:1000px;max-width:1200px}
.auto{margin:0 auto;min-width:1000px;max-width:1200px}
@media screen and (max-width:1233px){.auto{padding-left:10px}
html, body {
width: 100%;
height: 100%;
}
body {
font-family: "Microsoft Yahei", serif;
background: #fafafa;
}
a:link {
text-decoration: none;
}
a:hover {
cursor:pointer;
}
.a-middle-text {
text-align: center;
}
.grid {
padding: 1px;
line-height: 50px;
margin-bottom: 15px;
}
.middle-header {
margin-top: 30px;
line-height: 50px;
margin-bottom: 5%;
border-color: #b7b7b7;
font-weight: bold;
text-align: center;
}
.middle-header-title {
margin-top: 30px;
line-height: 50px;
border-color: #b7b7b7;
font-weight: bold;
}
.clearfix:after,.clearfix:before{display:table;line-height:0;content:""}
.clearfix:after{clear:both}
.clear-float{clear:both}
.layui-panel {
padding: 10px 20px;
}
.footer{background-color:#009fd9;font-family:"Microsoft Yahei"}
.footer-floor1{width:100%;padding:36px 0 60px}
.footer-list{width:69%;height:100%;float:left}
.footer-list ul{float:left;margin-right:13%}
.footer-list .flist-4{margin-right:0}
.footer-list li{line-height:32px}
.footer-list li a{color:#b6e2f2;font-size:12px;text-decoration:none}
.footer-list li a:hover{text-decoration:underline;color:#fff}
.footer-list .flist-title{font-size:16px;color:#fff;margin-bottom:15px}
.footer-floor2{width:100%;border-top:1px solid #4cc3ed;padding:20px 0;text-align:center}
.footer-floor2 p{text-align:center;color:#b6e2f2;font-size:12px;line-height:30px}
.footer-floor2 p span{font-family:PingFangSC-Light,'helvetica neue','hiragino sans gb',tahoma,'microsoft yahei ui','microsoft yahei',simsun,sans-serif}
.footer-floor2 a{color:#b6e2f2}
.footer-floor2 a:hover{color:#a8d0e0;text-decoration:underline}
.foot-link{margin:0 15px;text-decoration:none;color:#b6e2f2}
.foot-link:hover{text-decoration:underline}
.footer-right{width:300px;float:right}
.official-plat{width:100%;height:100%;margin-top:20px;position:relative}
.official-plat ul{float:right;margin-top:7px}
.official-plat ul li{height:45px}
.official-plat ul a{display:inline-block;height:32px;width:100%;line-height:32px;color:#fff;text-decoration:none;font-size:12px}
.official-plat>p{display:inline-block;width:132px;height:132px;border:1px solid #ddd;background-color:#fff}
#wx-corner{border:10px solid transparent;border-left:10px solid #fff;position:absolute;top:12px;right:-20px;z-index:10}
#wb-corner{border:10px solid transparent;border-left:10px solid #fff;position:absolute;top:58px;right:-20px;z-index:10}
.five-superiority{width:100%;border-bottom:1px solid #27aede;padding:10px 0 20px}
.five-superiority-list li{float:left;width:20%;height:36px;text-align:center;border-left:1px solid #27aede}
.five-superiority-list li:first-child{border-left:none}
.five-superiority-list li a{display:inline-block;position:relative;width:100%;height:36px;line-height:36px;background:no-repeat 2% center;text-indent:2em;color:#fff;font-size:16px}
.five-superiority-list li a:hover{color:#bfe7f5}
.five-superiority-list li a.superiority-text{text-indent:4em}
.compensate_ico .superiority-icon{background-position:0 0}
.compensate_ico:hover .superiority-icon{background-position:0 -50px}
.retreat_ico .superiority-icon{background-position:0 -100px}
.retreat_ico:hover .superiority-icon{background-position:0 -150px}
.technology_ico .superiority-icon{background-position:0 -200px}
.technology_ico:hover .superiority-icon{background-position:0 -250px}
.prepare_ico .superiority-icon{background-position:0 -300px}
.prepare_ico:hover .superiority-icon{background-position:0 -350px}
.service_ico .superiority-icon{background-position:0 -400px}
.service_ico:hover .superiority-icon{background-position:0 -450px}
.marquee-box{overflow:hidden;width:100%;position:absolute;left:0;top:0}
.marquee{width:8000%;height:60px}
.wave-list-box{float:left}
.wave-list-box ul{float:left;height:60px;overflow:hidden;zoom:1}
.wave-list-box ul li{height:60px;width:100%;float:left;line-height:30px;list-style:none}
.wave-box{position:relative;height:60px;background:#fff}
.layui-elem-fieldset {
margin-top: 10%;
border-color: #b7b7b7;
border-radius: 6px;
background: #ffffff;
}

39
static/js/check.js
View File

@ -1,39 +0,0 @@
function BtnClick(btn, type, unsecpwd) {
$(btn).click(function () {
// ^(?=.*[0-9])(?=.*[a-zA-Z])(?=.*[!@#$\%\^\&\*\(\)])[0-9a-zA-Z!@#$\%\^\&\*\(\)]{8,32}$ 要求密码了里面包含字母、数字、特殊字符。
// (?=.*[0-9])(?=.*[a-zA-Z])(?=.*[^a-zA-Z0-9]).{8,30} 密码必须同时包含大写、小写、数字和特殊字符其中三项且至少8位
// (?=.*?[a-z])(?=.*?[A-Z])(?=.*?\d)(?=.*?[!#@*&.])[a-zA-Z\d!#@*&.]*{8,30}$
// 判断密码满足大写字母,小写字母,数字和特殊字符,其中四种组合都需要包含
// (?=.*[0-9])(?=.*[a-zA-Z]).{8,30} 大小写字母+数字
let regex_mail = new RegExp('^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+$')
let regex_pwd = new RegExp('(?=.*[0-9])(?=.*[a-zA-Z])(?=.*[^a-zA-Z0-9]).{8,30}');
let new_password = $('#new_password').val()
let old_password = $('#old_password').val()
let ensure_password = $('#ensure_password').val()
if ($.trim(old_password) === '' && type === 'modify') {
$.alert('请输入旧密码');
return false;
} else if ($.trim(new_password) === '') {
$.alert('请输入新密码');
return false;
} else if (jQuery.inArray(new_password, unsecpwd) !== -1) {
$.alert('弱密码禁止使用,请重新输入新密码。\n密码必须同时包含大写、小写、数字和特殊字符其中三项且至少8位。');
return false;
} else if (!regex_pwd.test($.trim(new_password))) {
$.alert('密码不符合复杂度规则,请重新输入新密码。\n密码必须同时包含大写、小写、数字和特殊字符其中三项且至少8位。');
return false;
} else if ($.trim(ensure_password) === '') {
$.alert('请再次输入新密码');
return false;
} else if ($.trim(new_password) === $.trim(old_password)) {
$.alert('新旧密码不能一样');
return false;
} else if ($.trim(ensure_password) !== $.trim(new_password)) {
$.alert('两次输入的新密码不一致');
return false;
} else {
return true;
}
});
}

14
static/js/dmaku.js
View File

@ -1,14 +0,0 @@
var scanCodeButton = document.getElementById('scanCode')
var modifyPwdButton = document.getElementById('modifyPwd')
var container = document.getElementById('middle-container')
if (scanCodeButton !== null) {
scanCodeButton.addEventListener('click', function () {
container.classList.add('right-panel-active')
})
}
if (modifyPwdButton !== null) {
modifyPwdButton.addEventListener('click', function () {
container.classList.remove('right-panel-active')
});
}

1
static/js/html5.min.js vendored Normal file
View File

@ -0,0 +1 @@
(function(e,t){function n(e,t){var n=e.createElement("p"),i=e.getElementsByTagName("head")[0]||e.documentElement;return n.innerHTML="x<style>"+t+"</style>",i.insertBefore(n.lastChild,i.firstChild)}function i(){var e=m.elements;return"string"==typeof e?e.split(" "):e}function r(e){var t={},n=e.createElement,r=e.createDocumentFragment,o=r();e.createElement=function(e){m.shivMethods||n(e);var i;return i=t[e]?t[e].cloneNode():g.test(e)?(t[e]=n(e)).cloneNode():n(e),i.canHaveChildren&&!f.test(e)?o.appendChild(i):i},e.createDocumentFragment=Function("h,f","return function(){var n=f.cloneNode(),c=n.createElement;h.shivMethods&&("+i().join().replace(/\w+/g,function(e){return t[e]=n(e),o.createElement(e),'c("'+e+'")'})+");return n}")(m,o)}function o(e){var t;return e.documentShived?e:(m.shivCSS&&!d&&(t=!!n(e,"article,aside,details,figcaption,figure,footer,header,hgroup,nav,section{display:block}audio{display:none}canvas,video{display:inline-block;*display:inline;*zoom:1}[hidden]{display:none}audio[controls]{display:inline-block;*display:inline;*zoom:1}mark{background:#FF0;color:#000}")),h||(t=!r(e)),t&&(e.documentShived=t),e)}function a(e){for(var t,n=e.getElementsByTagName("*"),r=n.length,o=RegExp("^(?:"+i().join("|")+")$","i"),a=[];r--;)t=n[r],o.test(t.nodeName)&&a.push(t.applyElement(s(t)));return a}function s(e){for(var t,n=e.attributes,i=n.length,r=e.ownerDocument.createElement(b+":"+e.nodeName);i--;)t=n[i],t.specified&&r.setAttribute(t.nodeName,t.nodeValue);return r.style.cssText=e.style.cssText,r}function l(e){for(var t,n=e.split("{"),r=n.length,o=RegExp("(^|[\\s,>+~])("+i().join("|")+")(?=[[\\s,>+~#.:]|$)","gi"),a="$1"+b+"\\:$2";r--;)t=n[r]=n[r].split("}"),t[t.length-1]=t[t.length-1].replace(o,a),n[r]=t.join("}");return n.join("{")}function c(e){for(var t=e.length;t--;)e[t].removeNode()}function u(e){var t,i,r=e.namespaces,o=e.parentWindow;return!y||e.printShived?e:(r[b]===void 0&&r.add(b),o.attachEvent("onbeforeprint",function(){for(var r,o,s,c=e.styleSheets,u=[],d=c.length,h=Array(d);d--;)h[d]=c[d];for(;s=h.pop();)if(!s.disabled&&v.test(s.media)){for(r=s.imports,d=0,o=r.length;o>d;d++)h.push(r[d]);try{u.push(s.cssText)}catch(p){}}u=l(u.reverse().join("")),i=a(e),t=n(e,u)}),o.attachEvent("onafterprint",function(){c(i),t.removeNode(!0)}),e.printShived=!0,e)}var d,h,p=e.html5||{},f=/^<|^(?:button|form|map|select|textarea|object|iframe)$/i,g=/^<|^(?:a|b|button|code|div|fieldset|form|h1|h2|h3|h4|h5|h6|i|iframe|img|input|label|li|link|ol|option|p|param|q|script|select|span|strong|style|table|tbody|td|textarea|tfoot|th|thead|tr|ul)$/i;(function(){var n=t.createElement("a");n.innerHTML="<xyz></xyz>",d="hidden"in n,d&&"function"==typeof injectElementWithStyles&&injectElementWithStyles("#modernizr{}",function(t){t.hidden=!0,d="none"==(e.getComputedStyle?getComputedStyle(t,null):t.currentStyle).display}),h=1==n.childNodes.length||function(){try{t.createElement("a")}catch(e){return!0}var n=t.createDocumentFragment();return n.cloneNode===void 0||n.createDocumentFragment===void 0||n.createElement===void 0}()})();var m={elements:p.elements||"abbr article aside audio bdi canvas data datalist details figcaption figure footer header hgroup mark meter nav output progress section summary time video",shivCSS:p.shivCSS!==!1,shivMethods:p.shivMethods!==!1,type:"default",shivDocument:o};e.html5=m,o(t);var v=/^$|\b(?:all|print)\b/,b="html5shiv",y=!h&&function(){var n=t.documentElement;return t.namespaces!==void 0&&t.parentWindow!==void 0&&n.applyElement!==void 0&&n.removeNode!==void 0&&e.attachEvent!==void 0}();m.type+=" print",m.shivPrint=u,u(t)})(this,document);

2
static/js/jquery-1.8.3.min.js vendored
View File

File diff suppressed because one or more lines are too long

5
static/js/respond.min.js vendored Normal file
View File

@ -0,0 +1,5 @@
/*! Respond.js v1.4.2: min/max-width media query polyfill * Copyright 2013 Scott Jehl
* Licensed under https://github.com/scottjehl/Respond/blob/master/LICENSE-MIT
* */
!function(a){"use strict";a.matchMedia=a.matchMedia||function(a){var b,c=a.documentElement,d=c.firstElementChild||c.firstChild,e=a.createElement("body"),f=a.createElement("div");return f.id="mq-test-1",f.style.cssText="position:absolute;top:-100em",e.style.background="none",e.appendChild(f),function(a){return f.innerHTML='&shy;<style media="'+a+'"> #mq-test-1 { width: 42px; }</style>',c.insertBefore(e,d),b=42===f.offsetWidth,c.removeChild(e),{matches:b,media:a}}}(a.document)}(this),function(a){"use strict";function b(){u(!0)}var c={};a.respond=c,c.update=function(){};var d=[],e=function(){var b=!1;try{b=new a.XMLHttpRequest}catch(c){b=new a.ActiveXObject("Microsoft.XMLHTTP")}return function(){return b}}(),f=function(a,b){var c=e();c&&(c.open("GET",a,!0),c.onreadystatechange=function(){4!==c.readyState||200!==c.status&&304!==c.status||b(c.responseText)},4!==c.readyState&&c.send(null))};if(c.ajax=f,c.queue=d,c.regex={media:/@media[^\{]+\{([^\{\}]*\{[^\}\{]*\})+/gi,keyframes:/@(?:\-(?:o|moz|webkit)\-)?keyframes[^\{]+\{(?:[^\{\}]*\{[^\}\{]*\})+[^\}]*\}/gi,urls:/(url\()['"]?([^\/\)'"][^:\)'"]+)['"]?(\))/g,findStyles:/@media *([^\{]+)\{([\S\s]+?)$/,only:/(only\s+)?([a-zA-Z]+)\s?/,minw:/\([\s]*min\-width\s*:[\s]*([\s]*[0-9\.]+)(px|em)[\s]*\)/,maxw:/\([\s]*max\-width\s*:[\s]*([\s]*[0-9\.]+)(px|em)[\s]*\)/},c.mediaQueriesSupported=a.matchMedia&&null!==a.matchMedia("only all")&&a.matchMedia("only all").matches,!c.mediaQueriesSupported){var g,h,i,j=a.document,k=j.documentElement,l=[],m=[],n=[],o={},p=30,q=j.getElementsByTagName("head")[0]||k,r=j.getElementsByTagName("base")[0],s=q.getElementsByTagName("link"),t=function(){var a,b=j.createElement("div"),c=j.body,d=k.style.fontSize,e=c&&c.style.fontSize,f=!1;return b.style.cssText="position:absolute;font-size:1em;width:1em",c||(c=f=j.createElement("body"),c.style.background="none"),k.style.fontSize="100%",c.style.fontSize="100%",c.appendChild(b),f&&k.insertBefore(c,k.firstChild),a=b.offsetWidth,f?k.removeChild(c):c.removeChild(b),k.style.fontSize=d,e&&(c.style.fontSize=e),a=i=parseFloat(a)},u=function(b){var c="clientWidth",d=k[c],e="CSS1Compat"===j.compatMode&&d||j.body[c]||d,f={},o=s[s.length-1],r=(new Date).getTime();if(b&&g&&p>r-g)return a.clearTimeout(h),h=a.setTimeout(u,p),void 0;g=r;for(var v in l)if(l.hasOwnProperty(v)){var w=l[v],x=w.minw,y=w.maxw,z=null===x,A=null===y,B="em";x&&(x=parseFloat(x)*(x.indexOf(B)>-1?i||t():1)),y&&(y=parseFloat(y)*(y.indexOf(B)>-1?i||t():1)),w.hasquery&&(z&&A||!(z||e>=x)||!(A||y>=e))||(f[w.media]||(f[w.media]=[]),f[w.media].push(m[w.rules]))}for(var C in n)n.hasOwnProperty(C)&&n[C]&&n[C].parentNode===q&&q.removeChild(n[C]);n.length=0;for(var D in f)if(f.hasOwnProperty(D)){var E=j.createElement("style"),F=f[D].join("\n");E.type="text/css",E.media=D,q.insertBefore(E,o.nextSibling),E.styleSheet?E.styleSheet.cssText=F:E.appendChild(j.createTextNode(F)),n.push(E)}},v=function(a,b,d){var e=a.replace(c.regex.keyframes,"").match(c.regex.media),f=e&&e.length||0;b=b.substring(0,b.lastIndexOf("/"));var g=function(a){return a.replace(c.regex.urls,"$1"+b+"$2$3")},h=!f&&d;b.length&&(b+="/"),h&&(f=1);for(var i=0;f>i;i++){var j,k,n,o;h?(j=d,m.push(g(a))):(j=e[i].match(c.regex.findStyles)&&RegExp.$1,m.push(RegExp.$2&&g(RegExp.$2))),n=j.split(","),o=n.length;for(var p=0;o>p;p++)k=n[p],l.push({media:k.split("(")[0].match(c.regex.only)&&RegExp.$2||"all",rules:m.length-1,hasquery:k.indexOf("(")>-1,minw:k.match(c.regex.minw)&&parseFloat(RegExp.$1)+(RegExp.$2||""),maxw:k.match(c.regex.maxw)&&parseFloat(RegExp.$1)+(RegExp.$2||"")})}u()},w=function(){if(d.length){var b=d.shift();f(b.href,function(c){v(c,b.href,b.media),o[b.href]=!0,a.setTimeout(function(){w()},0)})}},x=function(){for(var b=0;b<s.length;b++){var c=s[b],e=c.href,f=c.media,g=c.rel&&"stylesheet"===c.rel.toLowerCase();e&&g&&!o[e]&&(c.styleSheet&&c.styleSheet.rawCssText?(v(c.styleSheet.rawCssText,e,f),o[e]=!0):(!/^([a-zA-Z:]*\/\/)/.test(e)&&!r||e.replace(RegExp.$1,"").split("/")[0]===a.location.host)&&("//"===e.substring(0,2)&&(e=a.location.protocol+e),d.push({href:e,media:f})))}w()};x(),c.update=x,c.getEmValue=t,a.addEventListener?a.addEventListener("resize",b,!1):a.attachEvent&&a.attachEvent("onresize",b)}}(this);

1
static/layui/css/layui.css Normal file
View File

File diff suppressed because one or more lines are too long

1
static/layui/css/modules/code.css Normal file
View File

@ -0,0 +1 @@
html #layuicss-skincodecss{display:none;position:absolute;width:1989px}.layui-code-view{display:block;position:relative;margin:10px 0;padding:0;border:1px solid #eee;border-left-width:6px;background-color:#fafafa;color:#333;font-family:Courier New;font-size:13px}.layui-code-title{position:relative;padding:0 10px;height:40px;line-height:40px;border-bottom:1px solid #eee;font-size:12px}.layui-code-title>.layui-code-about{position:absolute;right:10px;top:0;color:#b7b7b7}.layui-code-about>a{padding-left:10px}.layui-code-view>.layui-code-ol,.layui-code-view>.layui-code-ul{position:relative;overflow:auto}.layui-code-view>.layui-code-ol>li{position:relative;margin-left:45px;line-height:20px;padding:0 10px;border-left:1px solid #e2e2e2;list-style-type:decimal-leading-zero;*list-style-type:decimal;background-color:#fff}.layui-code-view>.layui-code-ol>li:first-child,.layui-code-view>.layui-code-ul>li:first-child{padding-top:10px}.layui-code-view>.layui-code-ol>li:last-child,.layui-code-view>.layui-code-ul>li:last-child{padding-bottom:10px}.layui-code-view>.layui-code-ul>li{position:relative;line-height:20px;padding:0 10px;list-style-type:none;*list-style-type:none;background-color:#fff}.layui-code-view pre{margin:0}.layui-code-dark{border:1px solid #0c0c0c;border-left-color:#3f3f3f;background-color:#0c0c0c;color:#c2be9e}.layui-code-dark>.layui-code-title{border-bottom:none}.layui-code-dark>.layui-code-ol>li,.layui-code-dark>.layui-code-ul>li{background-color:#3f3f3f;border-left:none}.layui-code-dark>.layui-code-ul>li{margin-left:6px}.layui-code-demo .layui-code{visibility:visible!important;margin:-15px;border-top:none;border-right:none;border-bottom:none}.layui-code-demo .layui-tab-content{padding:15px;border-top:none}

1
static/layui/css/modules/laydate/default/laydate.css Normal file
View File

File diff suppressed because one or more lines are too long

BIN
static/layui/css/modules/layer/default/icon-ext.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.8 KiB

BIN
static/layui/css/modules/layer/default/icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 KiB

1
static/layui/css/modules/layer/default/layer.css Normal file
View File

File diff suppressed because one or more lines are too long

BIN
static/layui/css/modules/layer/default/loading-0.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.7 KiB

BIN
static/layui/css/modules/layer/default/loading-1.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 701 B

BIN
static/layui/css/modules/layer/default/loading-2.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.7 KiB

BIN
static/layui/font/iconfont.eot Normal file
View File

Binary file not shown.

554
static/layui/font/iconfont.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 299 KiB

BIN
static/layui/font/iconfont.ttf Normal file
View File

Binary file not shown.

BIN
static/layui/font/iconfont.woff Normal file
View File

Binary file not shown.

BIN
static/layui/font/iconfont.woff2 Normal file
View File

Binary file not shown.

1
static/layui/layui.js Normal file
View File

File diff suppressed because one or more lines are too long

41
templates/auth.html Normal file
View File

@ -0,0 +1,41 @@
{% extends 'base.html' %}
{% load static %}
{% block headerjs %}<script type="text/javascript" src="{% static 'js/dingtalk.open.js' %}"></script>{% endblock %}
{% block paneltitle %}请稍后,授权信息认证中{% endblock %}
{% block middleblock %}
{% endblock %}
{% block footerjs %}
<script src="{% static 'layui/layui.js' %}"></script>
<script>
layui.use(['form', 'jquery', 'layer'], function () {
let layer = layui.layer,
$ = layui.jquery;
let re_url= ""
let index_load = layer.load(1, {shade: 0.4});
{% if app_type == 'DING' %}
dd.ready(() => {
dd.runtime.permission.requestAuthCode({corpId: '{{ corp_id }}'}).then((result) => {
re_url = '/resetPassword?code=' + result.code
window.parent.parent.location.href=re_url;
}).catch(err => {
layer.close(index_load)
layer.open({
title : '出错啦!'
,content: err
,btn: '关闭'
,btnAlign: 'c'
,yes: function(){
layer.closeAll();
}
});
});
});
{% elif app_type == 'WEWORK' %}
$(function () {
re_url = "https://open.weixin.qq.com/connect/oauth2/authorize?appid={{ app_id }}&agentid={{ agent_id }}&redirect_uri={{ redirect_url }}&response_type=code&scope=snsapi_privateinfo&state=#wechat_redirect"
window.parent.parent.location.href=re_url;
})
{% endif %}
});
</script>
{% endblock %}

57
templates/base.html Normal file
View File

@ -0,0 +1,57 @@
{% load static %}
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<meta http-equiv="Pragma" content= "no-cache" />
<meta http-equiv="Cache-Control" content= "no-cache" />
<meta http-equiv="Expires" content= "0" />
<title>{{ global_title }}</title>
<link rel="stylesheet" href="{% static 'layui/css/layui.css' %}">
<link rel="stylesheet" href="{% static 'css/style.css' %}">
{% block headercss %}{% endblock %}
{% block headerjs %}{% endblock %}
</head>
<body>
<!--[if lt IE 9]>
<script src="{% static 'js/html5.min.js' %}"></script>
<script src="{% static 'js/respond.min.js' %}"></script>
<![endif]-->
<div class="layui-container">
<div class="layui-row">
<div class="layui-hide-xs layui-col-md1">
<div class="grid"></div>
</div>
<div class="layui-col-xs12 layui-col-md10">
<div class="grid">
<div class="middle-header">
<h1>{{ global_title }}</h1>
</div>
<div class="layui-panel">
<div class="layui-row">
{% block upmiddleheader %}{% endblock %}
</div>
<fieldset class="layui-elem-field layui-field-title" style="margin-top: 20px;">
<legend>
{% block paneltitle %}{% endblock %}
</legend>
</fieldset>
{% block middleblock %}{% endblock %}
</div>
</div>
<div class="grid">
{% block middleblockfoot %}
{% endblock %}
</div>
</div>
<div class="layui-hide-xs layui-col-md1">
<div class="grid"></div>
</div>
</div>
</div>
<script src="{% static 'layui/layui.js' %}" charset="utf-8"></script>
{% block footercss %}{% endblock %}
{% block footerjs %}{% endblock %}
</body>
</html>

91
templates/ding_index.v1.html
View File

@ -1,91 +0,0 @@
{% load static %}
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="utf-8">
<title>自助密码平台</title>
<link rel="stylesheet" href="{% static 'css/dmaku.css' %}">
<script type="text/javascript" src="{% static 'js/jquery-1.8.3.min.js' %}"></script>
<script type="text/javascript" src="{% static 'js/alert.js' %}"></script>
<script type="text/javascript" src="{% static 'js/check.js' %}"></script>
<script type="text/javascript" src="{% static 'js/dingtalk.open.js' %}"></script>
</head>
<body>
<div class="head-container" id="head-container">
<p>
密码自助服务平台
</p>
</div>
<div class="middle-container" id="middle-container">
<div class="form-container right-content-container">
<form action="">
</form>
</div>
<div class="form-container left-content-container">
<form action="/" method="post" autocomplete="off">
{% csrf_token %}
<h1>修改密码</h1>
<span>新密码8至30位长度要求包含大小写字母及数字。</span>
<input type="text" id="username" name="username" placeholder="账号格式abc\lisi、lisi、lisi@abc.com">
<input type="password" id="old_password" name="old_password" placeholder="旧密码">
<input type="password" id="new_password" name="new_password" placeholder="新密码">
<input type="password" id="ensure_password" name="ensure_password" placeholder="再次确认新密码">
<p></p>
<button id="btn_modify" type="submit">提交</button>
</form>
</div>
<div class="overlay-container">
<div class="overlay">
<div class="overlay-panel overlay-left">
<h1>我要修改密码</h1>
<p>记得自己的旧密码,需要自行修改</p>
<p>⬇️⇓点它</p>
<button class="ghost" id="modifyPwd">我要修改密码</button>
</div>
<div class="overlay-panel overlay-right">
<h1>忘记密码或被锁</h1>
<p>如果密码己遗忘,可通过使用⌊{{ scan_app }}⌉免密登录授权通过身份验证后方可重置</p>
<p></p>
<p>⬇️点它</p>
<form action="/resetPassword" id="formDingLogin" name="formDingLogin" method="get">
<input type="hidden" name="code" value="" id="code">
<button class="ghost" id="dingLogin" type="submit">我要重置密码</button>
</form>
</div>
</div>
</div>
</div>
<script src="{% static 'js/dmaku.js' %}"></script>
<script>
BtnClick("#btn_modify", 'modify', {{ unsecpwd|safe }})
let code;
window.onload = function () {
if (dd.env.platform !== 'notInDingTalk') {
dd.ready(() => {
dd.runtime.permission.requestAuthCode({corpId: '{{ corp_id }}'}).then((result) => {
code = result.code;
}).catch(err => {
console.log(err);
}).finally(() => {
document.getElementById("code").setAttribute("value", code)
})
});
} else {
$.alert('请在钉钉中访问本应用!')
}
}
/** 回退事件 **/
dd.ready(function () {
document.addEventListener('backbutton', function (e) {
e.preventDefault();
dd.biz.navigation.close({
onSuccess: function (result) {
},
onFail: function (err) {
}
})
});
});
</script>
</body>
</html>

72
templates/index.html Normal file
View File

@ -0,0 +1,72 @@
{% extends 'base.html' %}
{% load static %}
{% block headerjs %}<script type="text/javascript" src="{% static 'js/dingtalk.open.js' %}"></script>{% endblock %}
{% block paneltitle %}修改密码{% endblock %}
{% block middleblock %}
<div class="layui-row">
<form class="layui-form layui-form-pane" action="/" method="post" autocomplete="off">{% csrf_token %}
<div class="layui-form-item">
<label class="layui-form-label">账号</label>
<div class="layui-input-block">
<input type="text" name="username" lay-verify="required" lay-verType="tips" autocomplete="off" placeholder="请输入账号" class="layui-input">
</div>
</div>
<div class="layui-form-item">
<label class="layui-form-label">旧密码</label>
<div class="layui-input-block">
<input type="password" lay-verify="required|newpass" lay-verType="tips" name="old_password" id="old_password" placeholder="请输入旧密码" autocomplete="off" class="layui-input">
</div>
</div>
<div class="layui-form-item">
<label class="layui-form-label">新密码</label>
<div class="layui-input-block">
<input type="password" lay-verify="pass" lay-verType="tips" name="new_password" id="new_password" placeholder="请输入新密码" autocomplete="off" class="layui-input">
</div>
</div>
<div class="layui-form-item">
<label class="layui-form-label">确认密码</label>
<div class="layui-input-block">
<input type="password" lay-verify="pass|repass" lay-verType="tips" name="ensure_password" id="ensure_password" placeholder="再次确认新密码" autocomplete="off" class="layui-input">
</div>
</div>
<div class="layui-form-item">
<button type="submit" lay-submit="" class="layui-btn layui-btn-normal layui-btn-fluid">立即提交</button>
</div>
<div class="layui-form-item a-middle-text">
<span class="layui-breadcrumb">
<a class="layui-text" id="redirect_url" href="/auth"><i class="layui-icon layui-icon-refresh-3"></i> 重置/解锁账号</a>
</span>
</div>
</form>
</div>
{% endblock %}
{% block middleblockfoot %}
<blockquote class="layui-elem-quote layui-quote-nm">
新密码8至30位长度要求包含大小写字母及数字。<br><br>
如果密码己遗忘,可点击上方<b>[<i class="layui-icon layui-icon-refresh-3"></i> 重置/解锁账号]</b>使用⌊{{ scan_app }}⌉应用内免登录授权并通过身份验证后进行重置/解锁账号。<br>
* 如果有当弹出提示<b>是否同意授权</b>时,请务必<b>全部同意</b>,否则无法获取关键信息,导致无法正常使用重置/解锁账号!
</blockquote>
{% endblock %}
{% block footercss %}{% endblock %}
{% block footerjs %}
<script src="{% static 'layui/layui.js' %}"></script>
<script>
layui.use(['form', 'jquery', 'layer'], function () {
let form = layui.form,
$ = layui.jquery;
form.verify({
pass: [
/^(?=.*[0-9])(?=.*[a-zA-Z])(?=.*[^a-zA-Z0-9]).{8,30}$/,
'密码必须8到30位要求包含大小写字母、数字与字符且不能出现空格'
],
repass: function (value,item) {
if ($('#ensure_password').val() !== $('#new_password').val()) {
return '两次输入密码不一致!';
}},
newpass: function (value,item) {
if ($('#old_password').val() === $('#password').val()) {
return '新旧密码不能重复使用,请修正!';
}}});
});
</script>
{% endblock %}

103
templates/index.v1.html
View File

@ -1,103 +0,0 @@
{% load static %}
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="utf-8">
<title>自助密码平台</title>
<link rel="stylesheet" href="{% static 'css/dmaku.css' %}">
<script type="text/javascript" src="{% static 'js/jquery-1.8.3.min.js' %}"></script>
<script type="text/javascript" src="{% static 'js/alert.js' %}"></script>
<script type="text/javascript" src="{% static 'js/check.js' %}"></script>
<script type="text/javascript" src="{% static 'js/ddLogin-0.0.5.js' %}"></script>
</head>
<body>
<div class="head-container" id="head-container">
<p>
密码自助服务平台
</p>
</div>
<div class="middle-container" id="middle-container">
<div class="form-container right-content-container">
<form action="">
<div style="width: 300px; height: 300px; margin: 0 auto" id="ding_code"></div>
<script type="text/javascript">
// 构造钉钉登录二唯码
var home_url = "{{ home_url }}";
var app_id = "{{ app_id }}";
var redirect_url = encodeURIComponent(home_url + '/callbackCheck');
var goto = encodeURIComponent('https://oapi.dingtalk.com/connect/qrconnect?appid='
+ app_id
+ '&response_type=code&scope=snsapi_login&state=STATE&redirect_uri='
+ redirect_url);
DDLogin({
id: "ding_code",
goto: goto,
style: "border:none;background-color:#FFFFFF;",
width: "300",
height: "300"
});
// 扫码后的操作
var hanndleMessage = function (event) {
var origin = event.origin;
console.log("origin", event.origin)
if (origin === "https://login.dingtalk.com") {
var loginTmpCode = event.data;
console.log("loginTmpCode", loginTmpCode);
if (loginTmpCode) {
//拿到loginTmpCode后就可以在这里构造跳转链接进行跳转了
location.href = 'https://oapi.dingtalk.com/connect/oauth2/sns_authorize?appid='
+ app_id
+ '&response_type=code&scope=snsapi_login&state=STATE&redirect_uri='
+ redirect_url
+ '&loginTmpCode=' + loginTmpCode;
}
}
};
if (typeof window.addEventListener !== 'undefined') {
window.addEventListener('message', hanndleMessage, false);
} else if (typeof window.attachEvent !== 'undefined') {
window.attachEvent('onmessage', hanndleMessage);
}
</script>
</form>
</div>
<div class="form-container left-content-container">
<form action="/" method="post" autocomplete="off">
{% csrf_token %}
<h1>修改密码</h1>
<span>新密码8至30位长度要求包含大小写字母及数字。</span>
<input type="text" id="username" name="username" placeholder="账号格式abc\lisi、lisi、lisi@abc.com">
<input type="password" id="old_password" name="old_password" placeholder="旧密码">
<input type="password" id="new_password" name="new_password" placeholder="新密码">
<input type="password" id="ensure_password" name="ensure_password" placeholder="再次确认新密码">
<p></p>
<button id="btn_modify" type="submit">提交</button>
</form>
</div>
<div class="overlay-container">
<div class="overlay">
<div class="overlay-panel overlay-left">
<h1>我要修改密码</h1>
<p>记得自己的旧密码,需要自行修改</p>
<p>⬇️点它</p>
<button class="ghost" id="modifyPwd">自助修改密码</button>
</div>
<div class="overlay-panel overlay-right">
<h1>忘记密码或被锁</h1>
<p>如果密码己遗忘,可点击[扫码验证],使用{{ scan_app }}扫码验证身份信息后进行重置</p>
<p>⬇️点它</p>
<button class="ghost" id="scanCode">扫码验证</button>
</div>
</div>
</div>
</div>
<script src="{% static 'js/dmaku.js' %}"></script>
<script>
let oauth2_inner = document.getElementsByClassName("form-container right-content-container")
console.log(oauth2_inner)
BtnClick("#btn_modify", 'modify', {{ unsecpwd|safe }})
</script>
</body>
</html>

15
templates/messages.html Normal file
View File

@ -0,0 +1,15 @@
{% extends 'base.html' %}
{% load static %}
{% block paneltitle %}结果{% endblock %}
{% block middleblock %}
<div class="layui-row">
<form class="layui-form layui-form-pane" method="get" autocomplete="off">{% csrf_token %}
<div class="layui-form-item">
{{ msg }}
</div>
<div class="layui-form-item">
<button type="button" class="layui-btn layui-btn-normal layui-btn-fluid" onclick="{{ button_click }}">{{ button_display }}</button>
</div>
</form>
</div>
{% endblock %}

41
templates/messages.v1.html
View File

@ -1,41 +0,0 @@
{% load static %}
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="utf-8">
<title>自助密码平台</title>
<link rel="stylesheet" href="{% static 'css/dmaku.css' %}">
<script type="text/javascript" src="{% static 'js/jquery-1.8.3.min.js' %}"></script>
<script type="text/javascript" src="{% static 'js/alert.js' %}"></script>
<script type="text/javascript" src="{% static 'js/check.js' %}"></script>
<script type="text/javascript" src="{% static 'js/ddLogin-0.0.5.js' %}"></script>
</head>
<body>
<div class="head-container" id="head-container">
<p>
密码自助服务平台
</p>
</div>
<div class="middle-container" id="middle-container">
<div class="form-container right-content-container"></div>
<div class="form-container left-content-container">
<form action="messages" method="get" autocomplete="off">
{% csrf_token %}
<h1>结果</h1>
<p style="font-size: 16px">{{ msg }}</p>
</form>
</div>
<div class="overlay-container">
<div class="overlay">
<div class="overlay-panel overlay-left"></div>
<div class="overlay-panel overlay-right">
<button class="ghost" id="btn_back" type="button" onclick="{{ button_click }}">{{ button_display }}</button>
</div>
</div>
</div>
</div>
<script src="{% static 'js/dmaku.js' %}"></script>
<script>
</script>
</body>
</html>

68
templates/resetPassword.v1.html
View File

@ -1,68 +0,0 @@
{% load static %}
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="utf-8">
<title>自助密码平台</title>
<link rel="stylesheet" href="{% static 'css/dmaku.css' %}">
<script type="text/javascript" src="{% static 'js/jquery-1.8.3.min.js' %}"></script>
<script type="text/javascript" src="{% static 'js/check.js' %}"></script>
</head>
<body>
<div class="head-container" id="head-container">
<p>
密码自助服务平台
</p>
</div>
<div class="middle-container" id="middle-container">
<div class="form-container right-content-container">
<form name="unlockAccount" method="post" action="unlockAccount" autocomplete="off">
{% csrf_token %}
<h1>重置</h1>
<input type="text" id="username" name="username" readonly placeholder="{{ username }}" value="{{ username }}">
<input type="hidden" id="code" name="code" readonly value="{{ code }}">
<p></p>
<p></p>
<button id="btn_unlock" type="submit">解锁账号</button>
<p>会话有效期5分钟</p>
</form>
</div>
<div class="form-container left-content-container">
<form name="resetPassword" method="post" action="" autocomplete="off">
{% csrf_token %}
<h1>重置</h1>
<span>新密码8至30位长度要求包含大小写字母及数字。</span>
<input type="text" id="username" name="username" readonly placeholder="{{ username }}" value="{{ username }}">
<input type="hidden" id="code" name="code" readonly value="{{ code }}">
<input type="password" id="new_password" name="new_password" placeholder="新密码">
<input type="password" id="ensure_password" name="ensure_password" placeholder="再次确认新密码">
<p></p>
<button id="btn_reset" type="submit">重置密码</button>
<p>会话有效期5分钟重密码会自动解锁账号</p>
</form>
</div>
<div class="overlay-container">
<div class="overlay">
<div class="overlay-panel overlay-left">
<h1>我要重置密码</h1>
<p></p>
<p>⬇️点它</p>
<button class="ghost" id="modifyPwd">点我重置密码</button>
<a class="ghost" href="/">返回主页</a>
</div>
<div class="overlay-panel overlay-right">
<h1>我要解锁账号</h1>
<p></p>
<p>⬇️点它</p>
<button class="ghost" id="scanCode">点我解锁账号</button>
<a class="ghost" href="/">返回主页</a>
</div>
</div>
</div>
</div>
<script src="{% static 'js/dmaku.js' %}"></script>
<script>
BtnClick("#btn_reset", 'reset', {{ unsecpwd|safe }})
</script>
</body>
</html>

63
templates/reset_password.html Normal file
View File

@ -0,0 +1,63 @@
{% extends 'base.html' %}
{% load static %}
{% block paneltitle %}重置密码{% endblock %}
{% block middleblock %}
<div class="layui-row">
<form class="layui-form layui-form-pane" name="resetPassword" method="post" action="" autocomplete="off">{% csrf_token %}
<div class="layui-form-item">
<label class="layui-form-label">账号</label>
<div class="layui-input-block">
<input type="text" name="username" lay-verify="required" lay-verType="tips" autocomplete="off" readonly value="{{ username }}" class="layui-input">
<input type="hidden" id="code" name="code" readonly value="{{ code }}">
</div>
</div>
<div class="layui-form-item">
<label class="layui-form-label">新密码</label>
<div class="layui-input-block">
<input type="password" lay-verify="pass" lay-verType="tips" name="new_password" id="new_password" placeholder="请输入新密码" autocomplete="off" class="layui-input">
</div>
</div>
<div class="layui-form-item">
<label class="layui-form-label">确认密码</label>
<div class="layui-input-block">
<input type="password" lay-verify="pass|repass" lay-verType="tips" name="ensure_password" id="ensure_password" placeholder="再次确认新密码" autocomplete="off" class="layui-input">
</div>
</div>
<div class="layui-form-item">
<button type="submit" lay-submit="" class="layui-btn layui-btn-normal layui-btn-fluid">立即提交</button>
</div>
<div class="layui-form-item a-middle-text">
<span class="layui-breadcrumb">
<a class="layui-text" href="/"><i class="layui-icon layui-icon-prev"></i> 修改密码</a>
<a class="layui-text" id="redirect_url" href="/unlockAccount?code={{ code }}&username={{ username }}"><i class="layui-icon layui-icon-password"></i> 解锁账号</a>
</span>
</div>
</form>
</div>
{% endblock %}
{% block middleblockfoot %}
<blockquote class="layui-elem-quote layui-quote-nm">
新密码8至30位长度要求包含大小写字母及数字。
<p>会话有效期5分钟重置密码会自动解锁账号(己禁用的账号不会生效)</p>
</blockquote>
{% endblock %}
{% block footerjs %}
<script src="{% static 'layui/layui.js' %}"></script>
<script>
layui.use(['form', 'jquery',], function () {
let form = layui.form,
$ = layui.jquery;
form.verify({
pass: [
/^(?=.*[0-9])(?=.*[a-zA-Z])(?=.*[^a-zA-Z0-9]).{8,30}$/,
'密码必须8到30位要求包含大小写字母、数字与字符且不能出现空格'
],
repass: function (value,item) {
if ($('#ensure_password').val() !== $('#new_password').val()) {
return '两次输入密码不一致!';
}
}
});
});
</script>
{% endblock %}

31
templates/unlock.html Normal file
View File

@ -0,0 +1,31 @@
{% extends 'base.html' %}
{% load static %}
{% block paneltitle %}解锁账号{% endblock %}
{% block middleblock %}
<div class="layui-row">
<form class="layui-form layui-form-pane" name="unlockAccount" method="post" action="" autocomplete="off">{% csrf_token %}
<div class="layui-form-item">
<label class="layui-form-label">账号</label>
<div class="layui-input-block">
<input type="text" name="username" lay-verify="required" lay-verType="tips" autocomplete="off" readonly value="{{ username }}" class="layui-input">
<input type="hidden" id="code" name="code" readonly value="{{ code }}">
</div>
</div>
<div class="layui-form-item">
<button type="submit" lay-submit="" class="layui-btn layui-btn-normal layui-btn-fluid">立即提交</button>
</div>
<div class="layui-form-item a-middle-text">
<span class="layui-breadcrumb">
<a class="layui-text" href="/"><i class="layui-icon layui-icon-prev"></i> 修改密码</a>
<a class="layui-text" id="redirect_url" href="/resetPassword?code={{ code }}&username={{ username }}"><i class="layui-icon layui-icon-refresh-1"></i> 重置密码</a>
</span>
</div>
</form>
</div>
{% endblock %}
{% block middleblockfoot %}
<blockquote class="layui-elem-quote layui-quote-nm">
新密码8至30位长度要求包含大小写字母及数字。
<p>会话有效期5分钟</p>
</blockquote>
{% endblock %}

60
templates/we_index.v1.html
View File

@ -1,60 +0,0 @@
{% load static %}
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="utf-8">
<title>自助密码平台</title>
<link rel="stylesheet" href="{% static 'css/dmaku.css' %}">
<script type="text/javascript" src="{% static 'js/jquery-1.8.3.min.js' %}"></script>
<script type="text/javascript" src="{% static 'js/alert.js' %}"></script>
<script type="text/javascript" src="{% static 'js/check.js' %}"></script>
</head>
<body>
<div class="head-container" id="head-container">
<p>
密码自助服务平台
</p>
</div>
<div class="middle-container" id="middle-container">
<div class="form-container right-content-container">
<form action="">
</form>
</div>
<div class="form-container left-content-container">
<form action="/" method="post" autocomplete="off">
{% csrf_token %}
<h1>修改密码</h1>
<span>新密码8至30位长度要求包含大小写字母及数字。</span>
<input type="text" id="username" name="username" placeholder="账号格式abc\lisi、lisi、lisi@abc.com">
<input type="password" id="old_password" name="old_password" placeholder="旧密码">
<input type="password" id="new_password" name="new_password" placeholder="新密码">
<input type="password" id="ensure_password" name="ensure_password" placeholder="再次确认新密码">
<p></p>
<button id="btn_modify" type="submit">提交</button>
</form>
</div>
<div class="overlay-container">
<div class="overlay">
<div class="overlay-panel overlay-left">
<h1>我要修改密码</h1>
<p>记得自己的旧密码,需要自行修改</p>
<p>⬇️⇓点它</p>
<button class="ghost" id="modifyPwd">我要修改密码</button>
</div>
<div class="overlay-panel overlay-right">
<h1>忘记密码或被锁</h1>
<p>如果密码己遗忘,可通过使用⌊{{ scan_app }}⌉OAuth2授权通过身份验证后方可重置</p>
<p>当弹出<b>是否同意授权</b>时,请务必<b>全部同意</b>,否则无法获取关键信息,导致无法正常重置/解锁账号!</p>
<p>⬇️点它</p>
<a class="ghost" href="https://open.weixin.qq.com/connect/oauth2/authorize?appid={{ app_id }}&agentid={{ agent_id }}&redirect_uri={{ redirect_url }}&response_type=code&scope=snsapi_privateinfo&state=#wechat_redirect">我要重置密码</a>
</div>
</div>
</div>
</div>
<script src="{% static 'js/dmaku.js' %}"></script>
<script>
let oauth2_inner = document.getElementsByClassName("form-container right-content-container")
BtnClick("#btn_modify", 'modify',{{ unsecpwd|safe }})
</script>
</body>
</html>

150
utils/ad_ops.py
View File

@ -1,15 +1,20 @@
import ldap3
from ldap3 import *
from ldap3.core.exceptions import LDAPInvalidCredentialsResult, LDAPOperationResult, LDAPExceptionError,LDAPException
from ldap3.core.exceptions import LDAPInvalidCredentialsResult, LDAPOperationResult, LDAPExceptionError, LDAPException, \
LDAPSocketOpenError
from ldap3.core.results import *
from ldap3.utils.dn import safe_dn
import os
from utils.tracecalls import decorator_logger
import logging
APP_ENV = os.getenv('APP_ENV')
if APP_ENV == 'dev':
from conf.local_settings_dev import *
else:
from conf.local_settings import *
logger = logging.getLogger(__name__)
"""
根据以下网站的说明
https://docs.microsoft.com/zh-cn/troubleshoot/windows/win32/change-windows-active-directory-user-password
@ -36,7 +41,8 @@ unicodePwd 属性的语法为 octet-string;但是,目录服务预期八进制
class AdOps(object):
def __init__(self, auto_bind=True, use_ssl=AD_USE_SSL, port=AD_CONN_PORT, domain=AD_DOMAIN, user=AD_LOGIN_USER, password=AD_LOGIN_USER_PWD,
def __init__(self, auto_bind=True, use_ssl=LDAP_USE_SSL, port=LDAP_CONN_PORT, domain=LDAP_DOMAIN, user=LDAP_LOGIN_USER,
password=LDAP_LOGIN_USER_PWD,
authentication=NTLM):
"""
AD连接器 authentication [SIMPLE, ANONYMOUS, SASL, NTLM]
@ -51,18 +57,39 @@ class AdOps(object):
self.password = password
self.authentication = authentication
self.auto_bind = auto_bind
self.server = None
self.conn = None
server = Server(host='%s' % AD_HOST, connect_timeout=1, use_ssl=self.use_ssl, port=port, get_info=ALL)
try:
self.conn = Connection(server, auto_bind=self.auto_bind, user=r'{}\{}'.format(self.domain, self.user), password=self.password,
authentication=self.authentication, raise_exceptions=True)
except LDAPInvalidCredentialsResult as lic_e:
raise LDAPOperationResult("LDAPInvalidCredentialsResult: " + str(lic_e.message))
except LDAPOperationResult as lo_e:
raise LDAPOperationResult("LDAPOperationResult: " + str(lo_e.message))
except LDAPException as l_e:
raise LDAPException("LDAPException: " + str(l_e))
def __server(self):
if self.server is None:
try:
self.server = Server(host='%s' % LDAP_HOST, connect_timeout=1, use_ssl=self.use_ssl, port=self.port, get_info=ALL)
except LDAPInvalidCredentialsResult as lic_e:
return False, LDAPOperationResult("LDAPInvalidCredentialsResult: " + str(lic_e.message))
except LDAPOperationResult as lo_e:
return False, LDAPOperationResult("LDAPOperationResult: " + str(lo_e.message))
except LDAPException as l_e:
return False, LDAPException("LDAPException: " + str(l_e))
def __conn(self):
if self.conn is None:
try:
self.__server()
self.conn = Connection(self.server,
auto_bind=self.auto_bind, user=r'{}\{}'.format(self.domain, self.user),
password=self.password,
authentication=self.authentication,
raise_exceptions=True)
except LDAPInvalidCredentialsResult as lic_e:
return False, LDAPOperationResult("LDAPInvalidCredentialsResult: " + str(lic_e.message))
except LDAPOperationResult as lo_e:
return False, LDAPOperationResult("LDAPOperationResult: " + str(lo_e.message))
except LDAPException as l_e:
return False, LDAPException("LDAPException: " + str(l_e))
@decorator_logger(logger, log_head='AdOps', pretty=True, indent=2, verbose=1)
def ad_auth_user(self, username, password):
"""
验证账号
@ -71,8 +98,9 @@ class AdOps(object):
:return: True or False
"""
try:
server = Server(host='%s' % AD_HOST, use_ssl=self.use_ssl, port=self.port, get_info=ALL)
c_auth = Connection(server=server, user=r'{}\{}'.format(self.domain, username), password=password, auto_bind=True, raise_exceptions=True)
self.__server()
c_auth = Connection(server=self.server, user=r'{}\{}'.format(self.domain, username), password=password,
auto_bind=True, raise_exceptions=True)
c_auth.unbind()
return True, '旧密码验证通过。'
except LDAPInvalidCredentialsResult as e:
@ -92,11 +120,15 @@ class AdOps(object):
# 如果仅仅使用普通凭据来绑定ldap用途请返回False, 让用户通过其他途径修改密码后再来验证登陆
# return False, '用户登陆前必须修改密码!'
# 设置该账号下次登陆不需要更改密码,再验证一次
self.conn.search(search_base=BASE_DN, search_filter='(sAMAccountName={}))'.format(username), attributes=['pwdLastSet'])
self.__conn()
self.conn.search(search_base=BASE_DN, search_filter=SEARCH_FILTER.format(username),
attributes=['pwdLastSet'])
self.conn.modify(self.conn.entries[0].entry_dn, {'pwdLastSet': [(MODIFY_REPLACE, ['-1'])]})
return self.ad_auth_user(username, password)
return True, self.ad_auth_user(username, password)
else:
return False, u'旧密码认证失败,请确认账号的旧密码是否正确或使用重置密码功能。'
except LDAPException as e:
return False, "连接Ldap失败报错如下{}".format(e)
def ad_ensure_user_by_account(self, username):
"""
@ -105,22 +137,14 @@ class AdOps(object):
:return: True or False
"""
try:
return True, self.conn.search(BASE_DN, '(&(objectclass=user)(sAMAccountName={}))'.format(username), attributes=['sAMAccountName'])
self.__conn()
return True, self.conn.search(BASE_DN, SEARCH_FILTER.format(username), attributes=['sAMAccountName'])
except IndexError:
return False, "AdOps Exception: Connect.search未能检索到任何信息当前账号可能被排除在<SEARCH_FILTER>之外,请联系管理员处理。"
except Exception as e:
return False, "AdOps Exception: {}" .format(e)
def ad_get_user_displayname_by_account(self, username):
"""
通过username查询某个用户的显示名
:param username:
:return: user_displayname
"""
try:
self.conn.search(BASE_DN, '(&(objectclass=user)(sAMAccountName={}))'.format(username), attributes=['name'])
return True, self.conn.entries[0]['name']
except Exception as e:
return False, "AdOps Exception: {}" .format(e)
return False, "AdOps Exception: {}".format(e)
@decorator_logger(logger, log_head='AdOps', pretty=True, indent=2, verbose=1)
def ad_get_user_dn_by_account(self, username):
"""
通过username查询某个用户的完整DN
@ -128,11 +152,19 @@ class AdOps(object):
:return: DN
"""
try:
self.conn.search(BASE_DN, '(&(objectclass=user)(sAMAccountName={}))'.format(username), attributes=['distinguishedName'])
self.__conn()
self.conn.search(BASE_DN, SEARCH_FILTER.format(username),
attributes=['distinguishedName'])
return True, str(self.conn.entries[0]['distinguishedName'])
except IndexError:
logger.error("AdOps Exception: Connect.search未能检索到任何信息当前账号可能被排除在<SEARCH_FILTER>之外,请联系管理员处理。")
logger.error("self.conn.search(BASE_DN, {}, attributes=['distinguishedName'])".format(SEARCH_FILTER.format(username)))
return False, "AdOps Exception: Connect.search未能检索到任何信息当前账号可能被排除在<SEARCH_FILTER>之外,请联系管理员处理。"
except Exception as e:
return False, "AdOps Exception: {}" .format(e)
logger.error("AdOps Exception: {}".format(e))
return False, "AdOps Exception: {}".format(e)
@decorator_logger(logger, log_head='AdOps', pretty=True, indent=2, verbose=1)
def ad_get_user_status_by_account(self, username):
"""
通过username查询某个用户的账号状态
@ -140,11 +172,19 @@ class AdOps(object):
:return: user_account_control code
"""
try:
self.conn.search(BASE_DN, '(&(objectclass=user)(sAMAccountName={}))'.format(username), attributes=['userAccountControl'])
self.__conn()
self.conn.search(BASE_DN, SEARCH_FILTER.format(username), attributes=['userAccountControl'])
return True, self.conn.entries[0]['userAccountControl']
except IndexError:
logger.error("AdOps Exception: Connect.search未能检索到任何信息当前账号可能被排除在<SEARCH_FILTER>之外,请联系管理员处理。")
logger.error("self.conn.search({}, {}, attributes=['userAccountControl'])".format(BASE_DN, SEARCH_FILTER.format(username)))
logger.info("self.conn.entries -- {}".format(self.conn.entries))
return False, "AdOps Exception: Connect.search未能检索到任何信息当前账号可能被排除在<SEARCH_FILTER>之外,请联系管理员处理。"
except Exception as e:
return False, "AdOps Exception: {}" .format(e)
logger.error("AdOps Exception: {}".format(e))
return False, "AdOps Exception: {}".format(e)
@decorator_logger(logger, log_head='AdOps', pretty=True, indent=2, verbose=1)
def ad_unlock_user_by_account(self, username):
"""
通过username解锁某个用户
@ -155,11 +195,15 @@ class AdOps(object):
if _status:
try:
return True, self.conn.extend.microsoft.unlock_account(user='%s' % user_dn)
except IndexError:
return False, "AdOps Exception: Connect.search未能检索到任何信息当前账号可能被排除在<SEARCH_FILTER>之外,请联系管理员处理。"
except Exception as e:
logger.error("AdOps Exception: {}".format(e))
return False, "AdOps Exception: {}".format(e)
else:
return False, user_dn
@decorator_logger(logger, log_head='AdOps', pretty=True, indent=2, verbose=1)
def ad_reset_user_pwd_by_account(self, username, new_password):
"""
重置某个用户的密码
@ -189,13 +233,15 @@ class AdOps(object):
# change was not successful, raises exception if raise_exception = True in connection or returns the operation result, error code is in result['result']
if self.conn.raise_exceptions:
from ldap3.core.exceptions import LDAPOperationResult
_msg = LDAPOperationResult(result=result['result'], description=result['description'], dn=result['dn'], message=result['message'],
_msg = LDAPOperationResult(result=result['result'], description=result['description'], dn=result['dn'],
message=result['message'],
response_type=result['type'])
return False, _msg
return False, result['result']
else:
return False, user_dn
@decorator_logger(logger, log_head='AdOps', pretty=True, indent=2, verbose=1)
def ad_get_user_locked_status_by_account(self, username):
"""
通过username获取某个用户账号是否被锁定
@ -203,35 +249,15 @@ class AdOps(object):
:return: 如果结果是1601-01-01说明账号未锁定返回0
"""
try:
self.conn.search(BASE_DN, '(&(objectclass=user)(sAMAccountName={}))'.format(username), attributes=['lockoutTime'])
self.__conn()
self.conn.search(BASE_DN, SEARCH_FILTER.format(username),
attributes=['lockoutTime'])
locked_status = self.conn.entries[0]['lockoutTime']
if '1601-01-01' in str(locked_status):
return True, 'unlocked'
else:
return False, locked_status
except IndexError:
return False, "AdOps Exception: Connect.search未能检索到任何信息当前账号可能被排除在<SEARCH_FILTER>之外,请联系管理员处理。"
except Exception as e:
return False, "AdOps Exception: {}" .format(e)
if __name__ == '__main__':
# server = Server(host='%s' % AD_HOST, use_ssl=AD_USE_SSL, port=AD_CONN_PORT, get_info=ALL)
# conn = Connection(server, auto_bind=True, user=str(AD_LOGIN_USER).lower(), password=AD_LOGIN_USER_PWD, authentication=SIMPLE)
# # conn.bind()
# # conn.search(BASE_DN, '(&(objectclass=user)(sAMAccountName=xiangle))', attributes=['name'])
# # print(conn.entries[0])
# print(conn.result)
# conn = _ad_connect()
# user = 'zhangsan'
# old_password = 'K2dhhuT1Zf11111cnJ1ollC3y'
# # old_password = 'L1qyrmZDUFeYW1OIualjlNhr4'
# new_password = 'K2dhhuT1Zf11111cnJ1ollC3y'
# ad_ops = AdOps()
# # ad_ops = AdOps(user=user, password=old_password)
# status, msg = ad_ops.ad_auth_user(username=user, password=old_password)
# print(msg)
# if status:
# res = ad_ops.ad_reset_user_pwd_by_account(user, new_password)
# print(res)
_ad = AdOps()
print(_ad.ad_ensure_user_by_account('le.xiang'))
return False, "AdOps Exception: {}".format(e)

17
utils/crypto_ops.py
View File

@ -1,17 +0,0 @@
from cryptography.fernet import Fernet
class Crypto(object):
"""docstring for ClassName"""
def __init__(self, key):
self.factory = Fernet(key)
# 加密
def encrypt(self, string):
token = str(self.factory.encrypt(string.encode('utf-8')), 'utf-8')
return token
# 解密
def decrypt(self, token):
string = self.factory.decrypt(bytes(token.encode('utf-8'))).decode('utf-8')
return string

7
utils/dingding_ops.py
View File

@ -4,8 +4,8 @@ from __future__ import absolute_import, unicode_literals
from dingtalk.client import AppKeyClient
from pwdselfservice import cache_storage
import os
APP_ENV = os.getenv('APP_ENV')
if APP_ENV == 'dev':
@ -15,7 +15,8 @@ else:
class DingDingOps(AppKeyClient):
def __init__(self, corp_id=DING_CORP_ID, app_key=DING_APP_KEY, app_secret=DING_APP_SECRET, mo_app_id=DING_MO_APP_ID, mo_app_secret=DING_MO_APP_SECRET,
def __init__(self, corp_id=DING_CORP_ID, app_key=DING_APP_KEY, app_secret=DING_APP_SECRET, mo_app_id=DING_MO_APP_ID,
mo_app_secret=DING_MO_APP_SECRET,
storage=cache_storage):
super().__init__(corp_id, app_key, app_secret, storage)
self.corp_id = corp_id
@ -59,6 +60,7 @@ class DingDingOps(AppKeyClient):
# 判断 user_id 在本企业钉钉/微信中是否存在
if not _status:
context = {
'global_title': TITLE,
'msg': '获取userid失败错误信息{}'.format(user_id),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
@ -67,6 +69,7 @@ class DingDingOps(AppKeyClient):
detail_status, user_info = self.get_user_detail_by_user_id(user_id)
if not detail_status:
context = {
'global_title': TITLE,
'msg': '获取用户信息失败,错误信息:{}'.format(user_info),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"

7
utils/format_username.py
View File

@ -14,6 +14,8 @@ def get_email_from_userinfo(user_info):
return True, user_info.get('email')
elif user_info.get('biz_mail') not in ['', None]:
return True, user_info.get('biz_mail')
elif user_info.get('orgEmail') not in ['', None]:
return True, user_info.get('orgEmail')
else:
return False, "当前用户的邮箱或企业邮箱均没配置,请先完善个人信息!"
@ -51,8 +53,3 @@ def get_user_is_active(user_info):
except (KeyError, IndexError) as k_error:
return False, 'get_user_is_active: %s' % str(k_error)
if __name__ == '__main__':
user = 'jf.com\XiangLe'
username = format2username(user)
print(username)

42
utils/logger_filter.py Normal file
View File

@ -0,0 +1,42 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from functools import wraps
from traceback import format_exc
def decorator_request_logger(logger):
def decorator(func):
@wraps(func)
def wrapper(request, *args, **kwargs):
try:
rsp = func(request, *args, **kwargs)
logger.info(
f'Request Arguments: {args} {kwargs}')
# logger.info(
# f'Request: {request.META["REMOTE_ADDR"]} {request.method} "{request.META["PATH_INFO"]}'
# f'{request.META["QUERY_STRING"]} {request.META["SERVER_PROTOCOL"]}" {rsp.status_code} {rsp.content}')
logger.info(rsp)
return rsp
except Exception as e:
logger.error(format_exc())
raise e
return wrapper
return decorator
def decorator_default_logger(logger):
def decorator(func):
@wraps(func)
def wrapper(*args, **kwargs):
logger.info(f'{args}, {kwargs}')
try:
return func(*args, **kwargs)
except Exception as e:
logger.error(format_exc())
raise e
return wrapper
return decorator

2
utils/storage/memorystorage.py
View File

@ -23,7 +23,7 @@ class MemoryStorage(BaseStorage):
else:
return default
def set(self, key, value, ttl=None):
def set(self, key, value, ttl=3600):
if value is None:
return
self._data[key] = (value, int(time.time()) + ttl)

149
utils/tracecalls.py Normal file
View File

@ -0,0 +1,149 @@
# -*- coding: utf-8 -*-
import os.path
import re
import sys
from copy import deepcopy as dcopy
from functools import wraps
from traceback import format_exc
from pwdselfservice.settings import BASE_DIR
from pprint import pformat as cformat
NOT_CHECK_CALL_FUNC_NAME = []
DEBUG_FLAG_FILE_PATH = os.path.join(BASE_DIR, '/log')
class TraceFuncContext:
def __init__(self, func_name, logger, log_head='Run function', debug_flag_name=None, verbose=1,
pretty=False, indent=0, check_calls=None):
self.name = func_name
self.logger = logger
self.debug_flag_name = debug_flag_name
self.log_head = log_head
self.verbose = verbose
self.pretty = pretty
self.indent = indent
self.check_calls = check_calls
self.copied_verbose = dcopy(verbose)
self.is_exit = False
self.debug_flag_suffix = '.debug.flag'
if self.verbose is not None:
self.check_calls = None
def __enter__(self):
sys.settrace(self.get_callbacks)
def check_debug_flag(self):
if self.debug_flag_name:
if os.path.isfile(os.path.join(DEBUG_FLAG_FILE_PATH, '{}{}'.format(
self.debug_flag_name, self.debug_flag_suffix))):
self.verbose = 2
else:
self.verbose = self.copied_verbose
@staticmethod
def check_in_excludes(func_name):
if len(NOT_CHECK_CALL_FUNC_NAME) > 0:
regex_gen = r'{0}'.format('|'.join(NOT_CHECK_CALL_FUNC_NAME))
re_c = re.compile(regex_gen, flags=re.IGNORECASE)
return re_c.search(func_name)
return False
def get_callbacks(self, frame, event, arg=None):
self.check_debug_flag()
__co_name = frame.f_code.co_name
if event != 'call': # Only trace call
return
if self.verbose:
if self.verbose == 1 or self.verbose == 'v':
self.check_calls = [self.name]
if __co_name not in self.check_calls:
return
elif self.verbose == 2 or self.verbose == 'vv':
if self.check_calls is None:
self.check_calls = list(set(frame.f_code.co_names))
self.check_calls.append(self.name)
if __co_name not in self.check_calls or self.check_in_excludes(__co_name):
return
else:
raise ValueError("UNKNOWN VERBOSE VALUE: support verbose is 1/2 or v/vv...")
else:
if self.check_calls is None:
self.check_calls = [self.name]
else:
if isinstance(self.check_calls, list):
self.check_calls.append(self.name)
else:
raise ValueError("CHECK CALLS TYPE ERROR: check_calls need a list or tuple with function name.")
if __co_name not in self.check_calls:
return
return self.get_code_line
def get_code_line(self, frame, event, agr=None):
# 正常情况下只有line或return事件才做记录
if event not in ['line', 'return']:
return
__code = frame.f_code
__func_name = __code.co_name
__line_num = frame.f_lineno
__locals = frame.f_locals
if __func_name == self.name:
self.logger.info(
"{4} [{0}] trace detail "
"--- {1} {2}, locals as following: {5}{3}{5}".format(__func_name,
event,
__line_num,
cformat(__locals, indent=self.indent)
if self.pretty else __locals,
self.log_head,
'\n' if self.pretty else ''
))
else:
self.logger.info(
"{5} [{0}] call [{1}] trace detail "
"--- {2} {3}, locals as following: {6}{4}{6}".format(self.name,
__func_name,
event,
__line_num,
cformat(__locals, indent=self.indent)
if self.pretty else __locals,
self.log_head,
'\n' if self.pretty else ''
))
def __exit__(self, exc_type, exc_val, exc_tb):
sys.settrace(None)
def decorator_logger(logger, log_head='Run function', debug_flag_name=None, verbose=1, check_calls=None,
pretty=False, indent=0):
def decorator(func):
@wraps(func)
def wrapper(*args, **kwargs):
func_consts = func.__code__.co_consts
logger.debug("{4} [{0}] entering trace with --- consts-{3}, args-{1}, kwargs-{2}...".format(
func.__name__, args, kwargs, func_consts, log_head))
with TraceFuncContext(func.__name__, logger,
log_head=log_head,
debug_flag_name=debug_flag_name,
verbose=verbose,
check_calls=check_calls,
pretty=pretty,
indent=indent
):
try:
func_res = func(*args, **kwargs)
logger.debug("{4} [{0}] exiting trace with --- consts-{3}, args-{1}, kwargs-{2}...".format(
func.__name__, args, kwargs, func_consts, log_head))
return func_res
except Exception as e:
logger.error(
"{4} [{0}] has exception, trace with --- consts-{3}, args-{1}, kwargs-{2}. Trackback as "
"following: ".format(
func.__name__, args, kwargs, func_consts, log_head))
logger.error(format_exc())
raise e
return wrapper
return decorator

36
utils/wework_ops.py
View File

@ -22,8 +22,6 @@ else:
CORP_API_TYPE = {
'GET_USER_TICKET_OAUTH2': ['/cgi-bin/auth/getuserinfo?access_token=ACCESS_TOKEN', 'GET'],
'GET_USER_INFO_OAUTH2': ['/cgi-bin/auth/getuserdetail?access_token=ACCESS_TOKEN', 'POST'],
'GET_ACCESS_TOKEN': ['/cgi-bin/gettoken', 'GET'],
'USER_CREATE': ['/cgi-bin/user/create?access_token=ACCESS_TOKEN', 'POST'],
'USER_GET': ['/cgi-bin/user/get?access_token=ACCESS_TOKEN', 'GET'],
@ -35,12 +33,10 @@ CORP_API_TYPE = {
'USERID_TO_OPENID': ['/cgi-bin/user/convert_to_openid?access_token=ACCESS_TOKEN', 'POST'],
'OPENID_TO_USERID': ['/cgi-bin/user/convert_to_userid?access_token=ACCESS_TOKEN', 'POST'],
'USER_AUTH_SUCCESS': ['/cgi-bin/user/authsucc?access_token=ACCESS_TOKEN', 'GET'],
'DEPARTMENT_CREATE': ['/cgi-bin/department/create?access_token=ACCESS_TOKEN', 'POST'],
'DEPARTMENT_UPDATE': ['/cgi-bin/department/update?access_token=ACCESS_TOKEN', 'POST'],
'DEPARTMENT_DELETE': ['/cgi-bin/department/delete?access_token=ACCESS_TOKEN', 'GET'],
'DEPARTMENT_LIST': ['/cgi-bin/department/list?access_token=ACCESS_TOKEN', 'GET'],
'TAG_CREATE': ['/cgi-bin/tag/create?access_token=ACCESS_TOKEN', 'POST'],
'TAG_UPDATE': ['/cgi-bin/tag/update?access_token=ACCESS_TOKEN', 'POST'],
'TAG_DELETE': ['/cgi-bin/tag/delete?access_token=ACCESS_TOKEN', 'GET'],
@ -48,34 +44,24 @@ CORP_API_TYPE = {
'TAG_ADD_USER': ['/cgi-bin/tag/addtagusers?access_token=ACCESS_TOKEN', 'POST'],
'TAG_DELETE_USER': ['/cgi-bin/tag/deltagusers?access_token=ACCESS_TOKEN', 'POST'],
'TAG_GET_LIST': ['/cgi-bin/tag/list?access_token=ACCESS_TOKEN', 'GET'],
'BATCH_JOB_GET_RESULT': ['/cgi-bin/batch/getresult?access_token=ACCESS_TOKEN', 'GET'],
'BATCH_INVITE': ['/cgi-bin/batch/invite?access_token=ACCESS_TOKEN', 'POST'],
'AGENT_GET': ['/cgi-bin/agent/get?access_token=ACCESS_TOKEN', 'GET'],
'AGENT_SET': ['/cgi-bin/agent/set?access_token=ACCESS_TOKEN', 'POST'],
'AGENT_GET_LIST': ['/cgi-bin/agent/list?access_token=ACCESS_TOKEN', 'GET'],
'MENU_CREATE': ['/cgi-bin/menu/create?access_token=ACCESS_TOKEN', 'POST'],
'MENU_GET': ['/cgi-bin/menu/get?access_token=ACCESS_TOKEN', 'GET'],
'MENU_DELETE': ['/cgi-bin/menu/delete?access_token=ACCESS_TOKEN', 'GET'],
'MESSAGE_SEND': ['/cgi-bin/message/send?access_token=ACCESS_TOKEN', 'POST'],
'MESSAGE_REVOKE': ['/cgi-bin/message/revoke?access_token=ACCESS_TOKEN', 'POST'],
'MEDIA_GET': ['/cgi-bin/media/get?access_token=ACCESS_TOKEN', 'GET'],
'GET_USER_INFO_BY_CODE': ['/cgi-bin/user/getuserinfo?access_token=ACCESS_TOKEN', 'GET'],
'GET_USER_DETAIL': ['/cgi-bin/user/getuserdetail?access_token=ACCESS_TOKEN', 'POST'],
'GET_TICKET': ['/cgi-bin/ticket/get?access_token=ACCESS_TOKEN', 'GET'],
'GET_JSAPI_TICKET': ['/cgi-bin/get_jsapi_ticket?access_token=ACCESS_TOKEN', 'GET'],
'GET_CHECKIN_OPTION': ['/cgi-bin/checkin/getcheckinoption?access_token=ACCESS_TOKEN', 'POST'],
'GET_CHECKIN_DATA': ['/cgi-bin/checkin/getcheckindata?access_token=ACCESS_TOKEN', 'POST'],
'GET_APPROVAL_DATA': ['/cgi-bin/corp/getapprovaldata?access_token=ACCESS_TOKEN', 'POST'],
'GET_INVOICE_INFO': ['/cgi-bin/card/invoice/reimburse/getinvoiceinfo?access_token=ACCESS_TOKEN', 'POST'],
'UPDATE_INVOICE_STATUS':
['/cgi-bin/card/invoice/reimburse/updateinvoicestatus?access_token=ACCESS_TOKEN', 'POST'],
@ -94,7 +80,8 @@ CORP_API_TYPE = {
class WeWorkOps(AbstractApi):
def __init__(self, corp_id=WEWORK_CORP_ID, agent_id=WEWORK_AGENT_ID, agent_secret=WEWORK_AGNET_SECRET, storage=cache_storage, prefix='wework'):
def __init__(self, corp_id=WEWORK_CORP_ID, agent_id=WEWORK_AGENT_ID, agent_secret=WEWORK_AGNET_SECRET,
storage=cache_storage, prefix='wework'):
super().__init__()
self.corp_id = corp_id
self.agent_id = agent_id
@ -172,22 +159,23 @@ class WeWorkOps(AbstractApi):
临时授权码换取userinfo
"""
_status, ticket_data = self.get_user_ticket_by_code_with_oauth2(code)
print('ticket_data ----------- ', ticket_data)
# 判断 user_ticket 是否存在
if not _status:
context = {
'global_title': TITLE,
'msg': '获取userid失败错误信息{}'.format(ticket_data),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return False, context, ticket_data
user_id = ticket_data.get('userid')
if ticket_data.get('user_ticket') is None:
context = {
'global_title': TITLE,
'msg': '获取用户Ticket失败当前扫码用户[{}]可能未加入企业!'.format(user_id),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
'button_display': "返回修改密码"
}
return False, context, user_id
@ -196,14 +184,10 @@ class WeWorkOps(AbstractApi):
print("get_user_info_by_ticket_with_oauth2 --- ", user_info)
if not detail_status:
context = {
'global_title': TITLE,
'msg': '获取用户信息失败,错误信息:{}'.format(user_id),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return False, context
return True, user_id, user_info
if __name__ == '__main__':
wx = WeWorkOps()
print(wx.get_user_detail_by_user_id('XiangLe'))

5
uwsgi.ini
View File

@ -3,7 +3,10 @@ http-socket = PWD_SELF_SERVICE_IP:PWD_SELF_SERVICE_PORT
chdir = PWD_SELF_SERVICE_HOME
module = pwdselfservice.wsgi:application
env=DJANGO_SETTINGS_MODULE=pwdselfservice.settings
;module = pwdselfservice.wsgi:application
wsgi-file = PWD_SELF_SERVICE_HOME/pwdselfservice/wsgi.py
master = true

4
uwsgiserver Normal file → Executable file
View File

@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
# Startup script for the uwsgi server
# chkconfig: - 85 15
# description: uwsgi server is Web Server
@ -6,7 +6,7 @@
# processname: uwsgiserver
INI="PWD_SELF_SERVICE_HOME/uwsgi.ini"
UWSGI="PYTHON_INSTALL_DIR/bin/uwsgi"
UWSGI="PYTHON_VENV_DIR/bin/uwsgi"
PSID="ps aux | grep "uwsgi"| grep -v "grep" | wc -l"
if [ ! -n "$1" ]