7x31
/
ad-password-self-service
mirror of https://github.com/capricornxl/ad-password-self-service.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: 7x31:master
Branches Tags
7x31:master
7x31:1.0.6.1
7x31:1.0.6
7x31:1.0.5.7
7x31:1.0.5.6
7x31:1.0.5.5
7x31:1.0.5.4
7x31:1.0.5.3
7x31:1.0.5.2
7x31:1.0.5.1
7x31:1.0.5
7x31:1.0.4
7x31:1.0.3
7x31:1.0.2
7x31:1.0.1
7x31:1.0.0
..
compare: 7x31:1.0.0
Branches Tags
7x31:master
7x31:1.0.6.1
7x31:1.0.6
7x31:1.0.5.7
7x31:1.0.5.6
7x31:1.0.5.5
7x31:1.0.5.4
7x31:1.0.5.3
7x31:1.0.5.2
7x31:1.0.5.1
7x31:1.0.5
7x31:1.0.4
7x31:1.0.3
7x31:1.0.2
7x31:1.0.1
7x31:1.0.0

No commits in common. "master" and "1.0.0" have entirely different histories.
master ... 1.0.0

112 changed files with 1524 additions and 3446 deletions
Show Stats Expand all files Collapse all files

11
.gitignore vendored
View File

@ -1,12 +1 @@
/.idea
.idea
jsLibraryMappings.xml
misc.xml
modules.xml
pwdselfservice.iml
remote-mappings.xml
workspace.xml
codeStyles
inspectionProfiles
deployment.xml
encodings.xml

201
LICENSE
View File

@ -1,201 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [Xiangle] [Xiangle]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

425
auto-install.sh
View File

@ -1,425 +0,0 @@
#!/bin/bash
SCRIPT=$(readlink -f $0)
CWD=$(dirname ${SCRIPT})
mkdir -p ${CWD}/.status
os_distro=''
os_version=''
get_selinux=''
gen_password=$(echo "$(hostname)$(date)" |base64 |cut -b 1-24)
function get_os_basic_info() {
if [[ -f /etc/lsb-release ]]; then
os_distro=$(lsb_release -d |awk '{print $2}')
os_version=$(lsb_release -d -s |awk '{print $2}')
os_version_prefix=$(echo ${os_version} |cut -b 1-2)
elif [[ -f /etc/redhat-release ]]; then
os_distro=$(cat /etc/redhat-release |awk '{print $1}')
os_version=$(cat /etc/redhat-release |awk '{print $4}')
os_version_prefix=$(echo ${os_version} |cut -b 1)
get_selinux=$(getenforce)
if [[ ${get_selinux} =~ enforcing|Enforcing ]];then
echo "请先禁用SELINUX~~! ..."
exit 1
fi
else
echo "不能识别的操作系统请选择使用Ubuntu或Centos! ..."
exit 1
fi
}
function check_ip() {
local IP=$1
VALID_CHECK=$(echo $IP|awk -F. '$1<=255&&$2<=255&&$3<=255&&$4<=255{print "yes"}')
if echo $IP|grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" >/dev/null; then
if [[ $VALID_CHECK == "yes" ]]; then
return 0
else
return 1
fi
else
return 1
fi
}
function check_domain() {
local DOMAIN=$1
if echo $DOMAIN |grep -P "(?=^.{4,253}$)(^(?:[a-zA-Z0-9](?:(?:[a-zA-Z0-9\-]){0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$)" >/dev/null; then
return 0
else
return 1
fi
}
function check_port() {
local PORT=$1
VALID_CHECK=$(echo $PORT|awk '$1<=65535&&$1>=1{print "yes"}')
if echo $PORT |grep -E "^([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]{1}|6553[0-5])$" >/dev/null; then
if [[ $VALID_CHECK == "yes" ]]; then
return 0
else
return 1
fi
else
return 1
fi
}
function safe_installer() {
local _run_cmd="$@"
if [[ ${os_distro} =~ (CentOS|Redhat) ]]; then
sudo yum makecache
sudo yum install -y ${_run_cmd}
elif [[ ${os_distro} =~ (Ubuntu|Debian) ]]; then
sudo apt-get update
sudo apt-get install -y ${_run_cmd}
else
echo "未适配的操作系统 ${os_distro}"
exit 1
fi
if [[ $? -ne 0 ]]; then
echo "安装 [${_run_cmd}] 失败"
exit 1
fi
}
check_status() {
local status=$1
if [[ ${status} -ne 0 ]]; then
echo "出现错误,请检查后再试 ..."
exit 1
fi
}
get_os_basic_info
echo "============================================================================="
echo " 此脚本为快速部署,支持[Ubuntu, Debian, Centos]
请准备一个新的环境运行,本脚本会快速安装相关的环境和所需要的服务
如果你运行脚本的服务器中已经存在如Nginx、Python3等可能会破坏掉原有的应用配置"
echo " 当前目录:${CWD}"
echo " 操作系统发行版本:${os_distro}, 系统版本:${os_version} ..."
echo "============================================================================="
while :; do echo
echo "请确认你此台服务器是全新干净的,以防此脚本相关操作对正在运行的服务造成影响(不可逆) ..."
read -p "请确认是否继续执行,输入 [y/n]: " ensure_yn
if [[ ! "${ensure_yn}" =~ ^[y,n]$ ]]; then
echo "输入有误,请输入 y 或 n ..."
else
break
fi
done
if [[ "${ensure_yn}" = n ]]; then
exit 0
fi
while :; do echo
read -p "请输入密码自助平台使用的本机IP: " PWD_SELF_SERVICE_IP
check_ip "${PWD_SELF_SERVICE_IP}"
if [[ $? -ne 0 ]]; then
echo "---输入的IP地址格式有误请重新输入 ..."
else
break
fi
done
while :; do echo
read -p "请输入密码自助平台使用的端口(不要和Nginx[80]一样): " PWD_SELF_SERVICE_PORT
check_port "${PWD_SELF_SERVICE_PORT}"
if [[ $? -ne 0 ]]; then
echo "---输入的端口有误,请重新输入 ..."
else
break
fi
done
while :; do echo
read -p "请输入密码自助平台使用域名例如pwd.abc.com不需要加http://或https:// " PWD_SELF_SERVICE_DOMAIN
check_domain "${PWD_SELF_SERVICE_DOMAIN}"
if [[ $? -ne 0 ]]; then
echo "---输入的域名格式有误,请重新输入 ..."
else
break
fi
done
echo
echo "==============================================="
echo "开始部署 ..."
if [[ ! -f "${CWD}/.status/.init_repo.Done" ]]; then
echo "处理源配置,改成国内源 ..."
if [[ ${os_distro} =~ (CentOS|Centos) ]]; then
if [[ ${os_version_prefix} -lt 9 ]];then
sudo cp -a /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.$(date '+%Y%m%d%H%M%S')
rm -f /etc/yum.repos.d/CentOS-Base.repo
cp -a ${CWD}/conf/CentOS-${os_version_prefix}-reg.repo /etc/yum.repos.d/CentOS-Base.repo
check_status $?
sudo yum makecache
sudo yum install --nogpgcheck -y epel-release
sed -i "s/#baseurl/baseurl/g" /etc/yum.repos.d/epel.repo
sed -i "s/metalink/#metalink/g" /etc/yum.repos.d/epel.repo
sed -i "s@https\?://download.fedoraproject.org/pub@https://repo.huaweicloud.com@g" /etc/yum.repos.d/epel.repo
check_status $?
fi
fi
if [[ ${os_distro} =~ (Ubuntu|ubuntu) ]]; then
sudo cp -a /etc/apt/sources.list /etc/apt/sources.list.bak
sudo sed -i "s@http://.*archive.ubuntu.com@http://repo.huaweicloud.com@g" /etc/apt/sources.list
sudo sed -i "s@http://.*security.ubuntu.com@http://repo.huaweicloud.com@g" /etc/apt/sources.list
check_status $?
fi
if [[ ${os_distro} =~ (Debian|debian) ]]; then
sudo cp -a /etc/apt/sources.list /etc/apt/sources.list.bak
sed -i "s@http://ftp.debian.org@https://repo.huaweicloud.com@g" /etc/apt/sources.list
sed -i "s@http://security.debian.org@https://repo.huaweicloud.com@g" /etc/apt/sources.list
check_status $?
fi
touch "${CWD}/.status/.init_repo.Done"
fi
if [[ ! -f "${CWD}/.status/.init_package.Done" ]]; then
echo "初始化依赖包 ..."
if [[ ${os_distro} =~ (CentOS|Redhat) ]]; then
sudo yum-complete-transaction --cleanup-only
sudo yum makecache
sudo yum install --nogpgcheck -y @development zlib-devel bzip2 bzip2-devel readline-devel \
sqlite-devel openssl-devel xz-devel libffi-devel ncurses-devel readline-devel tk-devel \
libpcap-devel findutils wget nginx tar initscripts
elif [[ ${os_distro} =~ (Ubuntu|Debian) ]]; then
sudo apt-get install apt-transport-https ca-certificates -y
sudo apt-get update
sudo apt-get install -y make build-essential libssl-dev zlib1g-dev libbz2-dev \
libreadline-dev libsqlite3-dev llvm libncurses5-dev libncursesw5-dev \
xz-utils tk-dev libffi-dev liblzma-dev python-openssl wget nginx tar initscripts
fi
if [[ $? -eq 0 ]]; then
echo "初始化依赖包完成 ..."
touch ${CWD}/.status/.init_package.Done
else
echo "初始化依赖包失败 ..."
exit 1
fi
fi
if [[ ! -f "${CWD}/.status/.redis.Done" ]]; then
safe_installer redis
if [[ $? -eq 0 ]]; then
if [[ -f /etc/redis.conf ]]; then
REDIS_CONF=/etc/redis.conf
else
REDIS_CONF=/etc/redis/redis.conf
fi
sed -i 's@^requirepass.*@@g' ${REDIS_CONF}
sed -i "/# requirepass foobared/a requirepass ${gen_password}" ${REDIS_CONF}
sed -i "s@REDIS_PASSWORD.*@REDIS_PASSWORD = r'${gen_password}'@g" ${CWD}/conf/local_settings.py
touch ${CWD}/.status/.redis.Done
echo "${gen_password}" >${CWD}/.status/.redis.Done
echo "安装 redis-server 成功"
else
echo "安装 redis-server 失败,请重新运行本脚本再试"
fi
else
gen_password=$(cat ${CWD}/.status/.redis.Done)
fi
redis_service=''
if [[ -f /usr/lib/systemd/system/redis.service ]];then
redis_service=redis
elif [[ -f /usr/lib/systemd/system/redis-server.service ]]; then
redis_service='redis-server'
fi
if [[ -z ${redis_service} ]]; then
echo "Redis服务名未能识别到请自行手动重启本机的Redis服务 ..."
else
rm -f /etc/nginx/conf.d/default.conf
rm -f /etc/nginx/sites-enabled/default.conf
systemctl restart ${redis_service}
fi
NGINX_USER=$(grep -E '^user' /etc/nginx/nginx.conf |sed 's@user @@g' |sed 's@;@@g' |awk '{print $1}')
cat <<'EOF' >/etc/nginx/nginx.conf
worker_processes auto;
pid /run/nginx.pid;
events {
use epoll;
worker_connections 2048;
}
http {
include mime.types;
default_type application/octet-stream;
server_tokens off;
client_header_buffer_size 16k;
client_body_buffer_size 128k;
keepalive_timeout 65;
keepalive_requests 120;
sendfile on;
tcp_nodelay on;
tcp_nopush on;
charset utf-8;
autoindex off;
# gzip
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 3;
gzip_disable "MSIE [1-6]\.";
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png application/json;
gzip_vary on;
gzip_static on;
# upload file
client_max_body_size 0;
proxy_buffering off;
proxy_send_timeout 10m;
proxy_read_timeout 10m;
proxy_connect_timeout 10m;
proxy_request_buffering off;
# log
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log;
# config file
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
}
EOF
sed -i "1i\user ${NGINX_USER};" /etc/nginx/nginx.conf
PYTHON_VER='3.8.16'
PYTHON_INSTALL_DIR=/usr/share/python-${PYTHON_VER}
PYTHON_VENV_DIR=${CWD}/pwd_venv
if [[ -f "${CWD}/.status/.python3.Done" ]];then
echo "Python3己部署跳过 ..."
else
if [[ -f "${CWD}/Python-${PYTHON_VER}.tar.xz" ]] && [[ -f "${CWD}/python.${PYTHON_VER}.md5" ]]; then
python3_md5=$(md5sum "${CWD}/Python-${PYTHON_VER}.tar.xz" |awk '{print $1}')
python3_md5_record=$(cat ${CWD}/python.${PYTHON_VER}.md5)
if [[ x"${python3_md5}" != x"${python3_md5_record}" ]]; then
rm -f "${CWD}/Python-${PYTHON_VER}.tar.xz"
rm -f "${CWD}/python.${PYTHON_VER}.md5"
fi
else
echo "无Python${PYTHON_VER}.tar.xz执行下载python ${PYTHON_VER} ..."
rm -f "${CWD}/Python-${PYTHON_VER}.tar.xz"
sudo wget -c -t 10 -T 120 https://repo.huaweicloud.com/python/${PYTHON_VER}/Python-${PYTHON_VER}.tar.xz -O ${CWD}/Python-${PYTHON_VER}.tar.xz
md5sum "${CWD}/Python-${PYTHON_VER}.tar.xz" |awk '{print $1}' > ${CWD}/python.${PYTHON_VER}.md5
if [[ $? -ne 0 ]]; then
echo "下载${PYTHON_VER}/Python-${PYTHON_VER}.tar.xz失败请重新运行本脚本再次重试 ..."
exit 1
fi
fi
echo "执行安装Python${PYTHON_VER} ..."
tar xf ${CWD}/Python-${PYTHON_VER}.tar.xz -C ${CWD}/
cd "${CWD}/Python-${PYTHON_VER}" || exit 1
sudo ./configure --prefix=${PYTHON_INSTALL_DIR} && make && make install
if [[ $? -eq 0 ]]; then
echo "创建python虚拟环境 -> ${PYTHON_VENV_DIR} ..."
rm -rf "${PYTHON_VENV_DIR}"
${PYTHON_INSTALL_DIR}/bin/python3 -m venv --copies "${PYTHON_VENV_DIR}"
touch ${CWD}/.status/.python3.Done
echo "Python3 安装成功 ..."
else
echo "Python3 安装失败,请重试 ..."
exit 1
fi
fi
##修改PIP源为国内
mkdir -p ~/.pip
cat <<'EOF' > ~/.pip/pip.conf
[global]
index-url=https://pypi.tuna.tsinghua.edu.cn/simple
[install]
trusted-host=pypi.tuna.tsinghua.edu.cn
EOF
if [[ ! -f "${CWD}/.status/.pip3.Done" ]]; then
echo "部署pip依赖 ..."
${PYTHON_VENV_DIR}/bin/pip3 install --upgrade pip
${PYTHON_VENV_DIR}/bin/pip3 install wheel setuptools
${PYTHON_VENV_DIR}/bin/pip3 install -r ${CWD}/requirement
if [[ $? -eq 0 ]]; then
touch ${CWD}/.status/.pip3.Done
echo "Pip3 Requirement 安装成功 ..."
else
echo "Pip3 Requirement 安装失败 ..."
exit 1
fi
fi
##处理配置文件
echo "处理uwsgi.ini配置文件 ..."
CPU_NUM=$(cat /proc/cpuinfo | grep processor | wc -l)
sed -i "s@CPU_NUM@${CPU_NUM}@g" ${CWD}/uwsgi.ini
sed -i "s@PYTHON_VENV_DIR@${PYTHON_VENV_DIR}@g" ${CWD}/uwsgi.ini
sed -i "s@PWD_SELF_SERVICE_HOME@${CWD}@g" ${CWD}/uwsgi.ini
sed -i "s@PWD_SELF_SERVICE_IP@${PWD_SELF_SERVICE_IP}@g" ${CWD}/uwsgi.ini
sed -i "s@PWD_SELF_SERVICE_PORT@${PWD_SELF_SERVICE_PORT}@g" ${CWD}/uwsgi.ini
echo "处理uwsgi.ini配置文件完成 ..."
echo
echo "处理uwsgiserver启动脚本 ..."
sed -i "s@PWD_SELF_SERVICE_HOME@${CWD}@g" ${CWD}/uwsgiserver
sed -i "s@PYTHON_VENV_DIR@${PYTHON_VENV_DIR}@g" ${CWD}/uwsgiserver
alias cp='cp'
cp -rfp ${CWD}/uwsgiserver /etc/init.d/uwsgiserver
chmod +x /etc/init.d/uwsgiserver
systemctl daemon-reload
systemctl enable uwsgiserver
echo "处理uwsgiserver启动脚本完成 ..."
echo
sed -i "s@PWD_SELF_SERVICE_DOMAIN@${PWD_SELF_SERVICE_DOMAIN}@g" ${CWD}/conf/local_settings.py
##Nginx vhost配置
mkdir -p /etc/nginx/conf.d
cat <<EOF >/etc/nginx/conf.d/pwdselfservice.conf
server {
listen 80;
server_name ${PWD_SELF_SERVICE_DOMAIN} ${PWD_SELF_SERVICE_IP};
location / {
proxy_pass http://${PWD_SELF_SERVICE_IP}:${PWD_SELF_SERVICE_PORT};
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
}
access_log off;
}
EOF
systemctl start nginx
systemctl start uwsgiserver
echo
echo
echo "密码自助服务平台的访问地址是http://${PWD_SELF_SERVICE_DOMAIN}或http://${PWD_SELF_SERVICE_IP} ..."
echo "请确保以上域名能正常解析,否则使用域名无法访问 ..."
echo "如果本机防火墙是开启状态,请自行放行端口: [80, ${PWD_SELF_SERVICE_PORT}]"
echo
echo "Uwsgi启动/etc/init.d/uwsgiserver start ..."
echo "Uwsgi停止/etc/init.d/uwsgiserver stop ..."
echo "Uwsgi重启/etc/init.d/uwsgiserver restart ..."
echo
echo "Redis Server密码是${gen_password},可在${REDIS_CONF}中查到 ..."
echo
echo "文件${CWD}/conf/local_setting.py中配置参数请自行确认下是否完整 ..."
echo

43
conf/CentOS-7-reg.repo
View File

@ -1,43 +0,0 @@
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[base]
name=CentOS-$releasever - Base - repo.huaweicloud.com
baseurl=https://repo.huaweicloud.com/centos/$releasever/os/$basearch/
#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-7
#released updates
[updates]
name=CentOS-$releasever - Updates - repo.huaweicloud.com
baseurl=https://repo.huaweicloud.com/centos/$releasever/updates/$basearch/
#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-7
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - repo.huaweicloud.com
baseurl=https://repo.huaweicloud.com/centos/$releasever/extras/$basearch/
#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-7
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - repo.huaweicloud.com
baseurl=https://repo.huaweicloud.com/centos/$releasever/centosplus/$basearch/
#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
gpgcheck=1
enabled=0
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-7

52
conf/CentOS-8-reg.repo
View File

@ -1,52 +0,0 @@
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[BaseOS]
name=CentOS-$releasever - Base - repo.huaweicloud.com
baseurl=https://repo.huaweicloud.com/centos-vault/8.5.2111/BaseOS/$basearch/os/
#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=BaseOS&infra=$infra
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-Official
#released updates
[AppStream]
name=CentOS-$releasever - AppStream - repo.huaweicloud.com
baseurl=https://repo.huaweicloud.com/centos-vault/8.5.2111/AppStream/$basearch/os/
#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=AppStream&infra=$infra
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-Official
[PowerTools]
name=CentOS-$releasever - PowerTools - repo.huaweicloud.com
baseurl=https://repo.huaweicloud.com/centos-vault/8.5.2111/PowerTools/$basearch/os/
#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=PowerTools&infra=$infra
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-Official
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - repo.huaweicloud.com
baseurl=https://repo.huaweicloud.com/centos-vault/8.5.2111/extras/$basearch/os/
#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-Official
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - repo.huaweicloud.com
baseurl=https://repo.huaweicloud.com/centos-vault/8.5.2111/centosplus/$basearch/os/
#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
gpgcheck=1
enabled=0
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-Official

74
conf/local_settings.py
View File

@ -1,74 +0,0 @@
# ##########################################################################
# 字符串前面的格式编码不要去掉了,主要是为了解决特殊字符被转义的问题。 #
# ##########################################################################
# ########## AD配置修改为自己的
# AD主机可以是IP或主机域名例如可以是: abc.com或172.16.122.1
LDAP_HOST = r'修改成自己的'
# AD域控的DOMAIN例如比如你的域名是abc.com那么这里的LDAP_DOMAIN就是abc
# NTLM认证必须是domain\username
LDAP_DOMAIN = r'修改成自己的'
# 用于登录AD做用户信息处理的账号需要有修改用户账号密码或信息的权限。
# AD账号例如pwdadmin
LDAP_LOGIN_USER = r'修改成自己的'
# 密码
LDAP_LOGIN_USER_PWD = r'修改为自己的'
# BASE DN账号的查找DN路径例如'DC=abc,DC=com'可以指定到OU之下例如'OU=RD,DC=abc,DC=com'。
# BASE_DN限制得越细搜索用户的目录也就越小一般情况下可以通过SEARCH_FILTER来过滤
BASE_DN = r'修改成自己的'
# ldap的search_filter如果需要修改请保持用户账号部分为 点位符{0} (代码中通过占位符引入账号)
# 例如AD的用户账号属性是sAMAccountName那么匹配的账号请配置成sAMAccountName={0}
# LDAP中用户账号属性可能是uuid那么匹配的账号请配置成uuid={0}
# 如果想限制用户在哪个组的才能使用,可以写成这样:
# r'(&(objectClass=user)(memberof=CN=mis,OU=Groups,OU=OnTheJob,DC=abc,DC=com)(sAMAccountName={0}))', memberof 是需要匹配的组
# 默认配置是AD环境的查询语句可以自行使用Apache Directory Studio测试后再配置
SEARCH_FILTER = r'(&(objectclass=user)(sAMAccountName={0}))'
# 是否启用SSL,
# 注意AD中必须使用SSL才能修改密码这里被坑了N久...,自行部署下AD的证书服务并颁发CA证书重启服务器生效。具体教程百度一下有很多。
# 如果使用Openldap这里根据实际情况调整
LDAP_USE_SSL = True
# 连接的端口如果启用SSL默认是636否则就是389
LDAP_CONN_PORT = 636
# 验证的类型
# 钉钉 / 企业微信,自行修改
# 值是DING / WEWORK
INTEGRATION_APP_TYPE = 'WEWORK'
# ########## 钉钉 《如果不使用钉钉,可不用配置》##########
# 钉钉企业ID <CorpId>,修改为自己的
DING_CORP_ID = '修改为自己的'
# 钉钉企业内部开发内部H5微应用或小程序用于读取企业内部用户信息
DING_AGENT_ID = r'修改为自己的'
DING_APP_KEY = r'修改为自己的'
DING_APP_SECRET = r'修改为自己的'
# 移动应用接入 主要为了实现通过扫码拿到用户的unionid
DING_MO_APP_ID = r'修改为自己的'
DING_MO_APP_SECRET = r'修改为自己的'
# ####### 企业微信《如果不使用企业微信,可不用配置》 ##########
# 企业微信的企业ID
WEWORK_CORP_ID = r'修改为自己的'
# 应用的AgentId
WEWORK_AGENT_ID = r'修改为自己的'
# 应用的Secret
WEWORK_AGNET_SECRET = r'修改为自己的'
# 主页域名钉钉跳转等需要指定域名格式pwd.abc.com。
# 如果是自定义安装,请修改成自己的域名
HOME_URL = 'PWD_SELF_SERVICE_DOMAIN'
# 平台显示的标题
TITLE = 'Self-Service'
# ####### Redis ##########
REDIS_LOCATION = r'127.0.0.1:6379'
REDIS_PASSWORD = r'PWD_SELF_REDIS_PASSWORD'

0
log/all.log → db.sqlite3
View File

1
manage.py
View File

@ -12,5 +12,4 @@ if __name__ == '__main__':
"available on your PYTHONPATH environment variable? Did you "
"forget to activate a virtual environment?"
) from exc
execute_from_command_line(sys.argv)

22
pwdselfservice/__init__.py
View File

@ -1,22 +0,0 @@
import datetime
import sys
import traceback
import logging
from django_redis import get_redis_connection
from utils.storage.kvstorage import KvStorage
logger = logging.getLogger(__name__)
try:
redis_conn = get_redis_connection()
cache_storage = KvStorage(redis_conn)
cache_storage.set('test_redis_connection', str(datetime.datetime))
cache_storage.get('test_redis_connection')
cache_storage.delete('test_redis_connection')
logger.info("Redis连接成功set/get/delete测试通过...")
except Exception as e:
cache_storage = None
logger.error("Redis无法连接请排查Redis配置...")
logger.error("{}".format(traceback.format_exc()))
sys.exit(1)

30
pwdselfservice/local_settings.py Normal file
View File

@ -0,0 +1,30 @@
# AD配置
AD_HOST = 'abc.com'
AD_LOGIN_USER = 'abc\pwdadmin'
AD_LOGIN_USER_PWD = 'gVykWgNNF0oBQzwmwPp8'
BASE_DN = 'OU=RD,DC=abc,DC=com'
# 钉钉配置
# 钉钉统一接口地址,不可修改。
DING_URL = "https://oapi.dingtalk.com/sns"
# 钉钉企业ID
DING_CORP_ID = 'ding0176902811df32'
# 钉钉E应用
DING_AGENT_ID = '25311eeee'
DING_APP_KEY = 'dingqdzmax324v'
DING_APP_SECRET = 'rnGRJhhw5kVmzykG9mrTDxewmI4e0myPAluMlguYQOaadsf2fhgfdfsx'
# 钉钉移动应用接入
DING_SELF_APP_ID = 'dingoabrzugusdfdf33fgfds'
DING_SELF_APP_SECRET = 'IrH2MedSgesguFjGvFCTjXYBRZDhA5AI4ADQU5710sgLffdsadf32uhgfdsfs'
# Crypty key 通过generate_key生成可不用修改如果需要自行生成请使用Crypto.generate_key自行生成用于加密页面提交的明文密码
CRYPTO_KEY = b'dp8U9y7NAhCD3MoNwPzPBhBtTZ1uI_WWSdpNs6wUDgs='
# COOKIE 超时,定义多长时间页面失效,单位秒。
TMPID_COOKIE_AGE = 300
# 主页域名index.html中的钉钉跳转等需要指定域名。
HOME_URL = 'https://pwd.abc.com'

146
pwdselfservice/settings.py
View File

@ -1,74 +1,95 @@
import logging.config
import os
from django.utils.log import DEFAULT_LOGGING
"""
Django settings for pwdselfservice project.
APP_ENV = os.getenv('APP_ENV')
if APP_ENV == 'dev':
DEBUG = True
from conf.local_settings_dev import REDIS_LOCATION, REDIS_PASSWORD
else:
DEBUG = False
from conf.local_settings import REDIS_LOCATION, REDIS_PASSWORD
Generated by 'django-admin startproject' using Django 2.1.8.
For more information on this file, see
https://docs.djangoproject.com/en/2.1/topics/settings/
For the full list of settings and their values, see
https://docs.djangoproject.com/en/2.1/ref/settings/
"""
import os
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/2.1/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'nxnm3#&2tat_c2i6%$y74a)t$(3irh^gpwaleoja1kdv30fmcm'
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = False
ALLOWED_HOSTS = ['*']
# 创建日志的路径
LOG_PATH = os.path.join(BASE_DIR, 'log')
# 如果地址不存在则会自动创建log文件夹
if not os.path.isdir(LOG_PATH):
os.mkdir(LOG_PATH)
# Disable Django's logging setup
LOGGING_CONFIG = None
LOGLEVEL = os.environ.get('LOGLEVEL', 'info').upper()
logging.config.dictConfig({
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'disable_existing_loggers': False,#此选项开启表示禁用部分日志不建议设置为True
'formatters': {
'default': {
# exact format is not important, this is the minimum information
"format": "%(asctime)s %(module)s %(levelname)s -%(thread)d- %(message)s"
'verbose': {
'format': '%(asctime)s %(levelname)s %(pathname)s %(module)s.%(funcName)s %(lineno)d: %(message)s'
#日志格式
},
'simple': {
'format': '%(asctime)s %(levelname)s %(pathname)s %(module)s.%(funcName)s %(lineno)d: %(message)s'
},
},
'filters': {
'require_debug_true': {
'()': 'django.utils.log.RequireDebugTrue',#过滤器只有当setting的DEBUG = True时生效
},
'django.server': DEFAULT_LOGGING['formatters']['django.server'],
},
'handlers': {
# console logs to stderr
'console': {
"level": "ERROR",
'level': 'DEBUG',
'filters': ['require_debug_true'],
'class': 'logging.StreamHandler',
'formatter': 'default',
'formatter': 'verbose'
},
'file': {
'level': "DEBUG",
'class': 'logging.handlers.RotatingFileHandler',
'filename': os.path.join(LOG_PATH, "all.log"),
'formatter': 'default',
'maxBytes': 1024 * 1024 * 50,
'backupCount': 24,
'encoding': 'utf-8',
},
'django.server': DEFAULT_LOGGING['handlers']['django.server'],
'file': {#重点配置部分
'level': 'DEBUG',
'class': 'logging.FileHandler',
'filename': '%s/log.log' % LOG_PATH,#日志保存文件
'formatter': 'verbose'#日志格式,与上边的设置对应选择
}
},
'loggers': {
# default for all undefined Python modules
'': {
'level': LOGLEVEL,
'handlers': ['console', 'file'],
},
# Default runserver request logging
'django.server': DEFAULT_LOGGING['loggers']['django.server'],
'django': {#日志记录器
'handlers': ['file'],
'level': 'DEBUG',
'propagate': True,
}
},
})
}
# SESSION
# 只有在settings.SESSION_SAVE_EVERY_REQUEST 为True时才有效
SESSION_SAVE_EVERY_REQUEST = True
# 过期时间分钟
SESSION_COOKIE_AGE = 300
# False 会话cookie可以在用户浏览器中保持有效期。True关闭浏览器则Cookie失效。
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
# 建议配置,阻止 javascript 对会话数据的访问,提高安全性。
# SESSION_COOKIE_HTTPONLY= True
# Application definition
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
@ -76,12 +97,12 @@ INSTALLED_APPS = [
'resetpwd',
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
@ -98,6 +119,7 @@ TEMPLATES = [
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
@ -106,22 +128,20 @@ TEMPLATES = [
WSGI_APPLICATION = 'pwdselfservice.wsgi.application'
CACHES = {
"default": {
"BACKEND": "django_redis.cache.RedisCache",
"LOCATION": "redis://{}/1".format(REDIS_LOCATION),
"OPTIONS": {
"CLIENT_CLASS": "django_redis.client.DefaultClient",
"PASSWORD": REDIS_PASSWORD,
"COMPRESSOR": "django_redis.compressors.zlib.ZlibCompressor",
"IGNORE_EXCEPTIONS": True,
}
# Database
# https://docs.djangoproject.com/en/2.1/ref/settings/#databases
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
}
}
# 514 66050是AD中账号被禁用的特定代码这个可以在微软官网查到。
# 可能不是太准确,如果使用者能确定还有其它状态码,可以自行在此处添加
AD_ACCOUNT_DISABLE_CODE = [514, 66050]
# Password validation
# https://docs.djangoproject.com/en/2.1/ref/settings/#auth-password-validators
AUTH_PASSWORD_VALIDATORS = [
{
@ -138,6 +158,10 @@ AUTH_PASSWORD_VALIDATORS = [
},
]
# Internationalization
# https://docs.djangoproject.com/en/2.1/topics/i18n/
LANGUAGE_CODE = 'zh-hans'
TIME_ZONE = 'Asia/Shanghai'
@ -146,11 +170,17 @@ USE_I18N = True
USE_L10N = True
USE_TZ = True
USE_TZ = False
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/2.1/howto/static-files/
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
STATIC_URL = '/static/'
# STATIC_ROOT = 'static'
STATIC_ROOT = 'static'
STATICFILES_DIRS = [
os.path.join(BASE_DIR, 'static'),
]

15
pwdselfservice/urls.py
View File

@ -1,12 +1,15 @@
from django.urls import path
from django.urls import path, include, re_path
from django.views.generic.base import RedirectView
from django.conf import urls
import resetpwd.views
from django.conf.urls.static import static
urlpatterns = {
# path('admin/', admin.site.urls)
path("favicon.ico", RedirectView.as_view(url='static/img/favicon.ico')),
path('', resetpwd.views.index, name='index'),
path('auth', resetpwd.views.auth, name='auth'),
path('resetPassword', resetpwd.views.reset_password, name='resetPassword'),
path('unlockAccount', resetpwd.views.unlock_account, name='unlockAccount'),
path('messages', resetpwd.views.messages, name='messages'),
path('', resetpwd.views.resetpwd_index, name='index'),
path('resetcheck', resetpwd.views.resetpwd_check_userinfo, name='resetcheck'),
path('resetpwd', resetpwd.views.resetpwd_reset, name='resetpwd'),
path('resetunlock', resetpwd.views.resetpwd_unlock, name='resetunlock'),
path('resetmsg', resetpwd.views.reset_msg, name='resetmsg'),
}

9
pwdselfservice/wsgi.py
View File

@ -1,3 +1,12 @@
"""
WSGI config for pwdselfservice project.
It exposes the WSGI callable as a module-level variable named ``application``.
For more information on this file, see
https://docs.djangoproject.com/en/2.1/howto/deployment/wsgi/
"""
import os
from django.core.wsgi import get_wsgi_application

270
readme.md
View File

@ -1,174 +1,160 @@
### 初学Django时碰到的一个需求因为公司中很多员工在修改密码之后有一些关联的客户端或网页中的旧密码没有更新导致密码在尝试多次之后账号被锁为了减少这种让人头疼的重置解锁密码的操蛋工作自己做了一个自助修改小平台。
### 代码结构不咋样,但是能用,有需要的可以直接拿去用。
# 初学Django时碰到的一个需求因为公司中很多员工在修改密码之后有一些关联的客户端或网页中的旧密码没有更新导致密码在尝试多次之后账号被锁为了减少这种让人头疼的重置解锁密码的操蛋工作自己做了一个自助修改小平台。
## 代码写得很LOW有需要的可以直接拿去用。
#### 场景说明:
因为本公司AD是早期已经在用用户的个人信息不是十分全面例如:用户手机号。
因为本公司AD是早期已经在用用户的个人信息不是十分全面例如:用户手机号。
钉钉是后来才开始使用,钉钉默认是使用手机号登录。
用户自行重置密码时如果通过手机号来进行钉钉与AD之间的验证就行不通了。
这样就造成如果通过手机号来进行钉钉与AD之间的验证视乎行不通。
在这里我就使用了通过扫码后提取钉钉账号的邮箱信息再将邮箱在AD中进行比对来验证用户(邮箱)是否同时在企业的钉钉和企业AD中同时存在并账号状态是激活的。
此处的配置可按自己的实际情况修改。
整个验证逻辑写在resetpwd/views.py
### 逻辑:
>已经与之前不同,现在改成内嵌小应用,不再支持直接通过网页开始,之前的扫码方式有点多此一举的味道。
## 截图
## <u>_**所能接受的账号规则**_ </u>
无论是钉钉、微信均是通过提取用户邮箱的前缀部分来作为关联AD的账号所以目前的识别逻辑就需要保证邮箱的前缀和AD的登录账号是一致的。
如果您的场景不是这样,请按自己的需求修改源代码适配。
![截图1](screenshot/Snipaste_2019-07-15_20-05-49.jpg)
![截图2](screenshot/Snipaste_2019-07-15_20-06-14.jpg)
### 提示:
```
AD必须使用SSL才能修改密码这里被坑了N久...
自行部署下AD的证书服务并颁发CA证书重启服务器生效。
具体教程百度一下,有很多。
```
### 本次升级、修复,请使用最新版:
+ 升级Python版本为3.8
+ 升级Django到3.2
+ 修复用户名中使用\被转义的问题
+ 重写了dingding模块因为dingding开发者平台接口鉴权的一些变动之前的一些接口不能再使用本次重写。
+ 重写了ad模块修改账号的一些判断逻辑。
+ 重写了用户账号的格式兼容现在用户账号可以兼容username、DOMAIN\username、username@abc.com这三种格式。
+ 优化了整体的代码逻辑,去掉一些冗余重复的代码。
### 2022/12/16 -- 更新:
+ 修改钉钉、企业微信直接通过企业内部免密登录授权或验证的方式实现用户信息的获取直接通过软件内部工作平台打开废弃扫码方式由于API接口的权限问题一些关键数据已经不再支持通过扫码获取
### 2023/01/15 -- 更新:
+ 兼容PC与移动端的显示使用Layui
+ 修复一些BUG
+ 移除auto-install.sh中的redis部署步骤
+ 抽出应用中的授权验证跳转的代码单独做成一个auth页面可实现选择首页是进入修改密码还是自动跳转重置页面。
+ 调整部分文件说明
+ 添加日志装饰器记录请求日志
+ 优化ad_ops中异常的处理
### 2023/02/10 -- 更新:
+ 修复一些BUG
+ auto-install.sh 重写支持Ubuntu\Centos
+ 添加Redis缓存之前使用内存缓存有问题
**如果想在点击应用之后自动跳转到重置页面请将回调接口配置成YOURDOMAIN.com/auth**
## 线上环境需要的基础环境:
+ Python 3.8.16 (可自行下载源码包放到项目目录下,使用一键安装)
+ Nginx
+ Uwsgi
+ Redis
### 界面效果
<img alt="截图10" width="500" src="screenshot/QQ截图20230116152954.png">
<img alt="截图10" width="500" src="screenshot/212473880-4a59c535-85bb-42d2-a99a-899265c83136.png">
<img alt="截图10" width="500" src="screenshot/212474222-e1c13e1b-bb6f-4523-b040-24a65055d681.png">
### 移动端
<img alt="截图10" width="500" src="screenshot/212474177-dd68b0c9-81cc-4eb0-9196-e760784e3f69.jpg">
<img alt="截图10" width="500" src="screenshot/212474293-0cd60898-22c3-4258-ac4c-dfee52a6cf1e.png">
## 需要的基础环境:
+ Python 3.6.x
* Nginx(建议)
* Uwsgi(建议)
## 钉钉必要条件:
#### 创建企业内部应用
* 在钉钉工作台中通过“自建应用”创建应用,选择“企业内部开发”创建H5微应用,在应用首页中获取应用的AgentId、AppKey、AppSecret。
* 应用需要权限:通讯录只读权限、邮箱等个人信息,范围是全部员工或自行选择
#### E应用配置
* 在钉钉工作台中通过“自建应用”创建应用选择“企业内部自主开发”在应用首页中获取应用的AgentId、AppKey、AppSecret。
* 应用需要权限:身份验证、消息通知、通讯录只读权限、手机号码信息、邮箱等个人信息、智能人事,范围是全部员工或自行选择
* 应用安全域名和IP一定要配置否则无法返回接口数据。
> **如果想实现进入应用就自动授权跳转重置页面可将回调域名指定向pwd.abc.com/auth**
参考截图配置:
![截图3](screenshot/h5微应用.png)
![截图4](screenshot/创建H5微应用03.png)
![截图5](screenshot/创建H5微应用04.png)
![截图5](screenshot/创建H5微应用--版本管理与发布.png)
#### 移动接入应用--登录权限:
> 废弃,已经不再需要,如果之前有配置,可以删除!!
#### 移动接入应用:
* 登录中开启扫码登录配置回调域名“https://pwd.abc.com/resetcheck”
其中pwd.abc.com请按自己实际域名来并记录相关的appId、appSecret。
## 企业微信必要条件
* 创建应用记录下企业的CorpId应用的ID和Secret。
## 按自己实际的配置修改项目配置参数:
修改pwdselfservice/local_settings.py中的参数按自己的实际参数修改
> **如果想实现进入应用就自动授权跳转重置页面可将回调域名指定向pwd.abc.com/auth**
```` python
# AD配置
AD_HOST = 'abc.com'
AD_LOGIN_USER = 'abc\pwdadmin'
AD_LOGIN_USER_PWD = 'gVykWgNNF0oBQzwmwPp8'
BASE_DN = 'OU=rd,DC=abc,DC=com'
# 钉钉配置
# 钉钉统一接口地址,不可修改
DING_URL = "https://oapi.dingtalk.com/sns"
# 钉钉企业ID
DING_CORP_ID = 'ding01769028f06d321'
# 钉钉E应用
DING_AGENT_ID = '25304321'
DING_APP_KEY = 'dingqdzmn611l5321321'
DING_APP_SECRET = 'rnGRJhhw5kVmzykG9mrTDxewmI4e0myP1123333221jzeKv3amQYWcInLV3x'
# 钉钉移动应用接入
DING_SELF_APP_ID = 'dingoabr112233xts'
DING_SELF_APP_SECRET = 'IrH2MedSgesguFjGvFCTjXYBRZD3322112233332211222'
# Crypty key 通过Crypty.generate_key生成
CRYPTO_KEY = b'dp8U9y7NAhCD3MoNwPzPBhBtTZ1uI_WWSdpNs6wUDgs='
# COOKIE 超时
TMPID_COOKIE_AGE = 300
# 主页域名
HOME_URL = 'https://pwd.abc.com'
````
参考截图:
![截图7](screenshot/微扫码13.png)
![截图8](screenshot/微信小应用01-应用主机.png)
![截图9](screenshot/微信小应用01-应用主页-配置.png)
![截图10](screenshot/微信小应用01-网页授权及J-SDK配置.png)
![截图10](screenshot/微信小应用01-企业可信IP.png)
## 飞书必要条件:
* 暂时没时间,做不了,已经剔除了!
## 如果你觉得这个小工具对你有帮忙的话,可以请我喝杯咖啡~😁😁😁
<img alt="截图10" height="400" src="screenshot/143fce31873f4d7a4ecd7a7b8c6a24c.png" width="300"/>
<img alt="截图10" height="400" src="screenshot/微信图片_20221220140900.png" width="300"/>
## 使用脚本自动部署:
使用脚本自动快速部署只适合Centos其它发行版本的Linux请自行修改相关命令。
### 把整个项目目录上传到新的服务器上
#### 先修改配置文件,按自己实际的配置修改项目配置文件:
修改conf/local_settings.py中的参数按自己的实际参数修改
### 执行部署脚本
```shell
chmod +x auto-install.sh
./auto-install.sh
```
等待所有安装完成。
#### 以上配置修改完成之后,则可以通过配置的域名直接访问。
# 手动部署:
#### 自行安装完python3之后使用python3目录下的pip3进行安装依赖
#### 我自行安装的Python路径为/usr/local/python3
### 自行安装完python3之后使用python3目录下的pip3进行安装依赖
### 我自行安装的Python路径为/usr/local/python3
项目目录下的requestment文件里记录了所依赖的相关python模块安装方法
>/usr/local/python3/bin/pip3 install -r requestment
* /usr/local/python3/bin/pip3 install -r requestment
等待所有模块安装完成之后进行下一步。
### 按自己实际的配置修改项目配置参数:
修改conf/local_settings.py中的参数按自己的实际参数修改
```
安装完依赖后,直接执行
/usr/local/python3/bin/python3 manager.py runserver x.x.x.x:8000
即可临时访问项目线上不适用这种方法线上环境请使用uwsgi。
即可访问正常访问项目
## 修改uwsig.ini配置:
IP和路径按自己实际路径修改
````ini
[uwsgi]
http-socket = 192.168.90.111:8000
```
# 项目目录
chdir = /usr/local/wwwroot/ad-password-self-service
## 通过uwsgiserver启动
# settings.py 里的app wsgi名称
module = pwdselfservice.wsgi:application
master = true
processes = 4
threads = 4
max-requests = 2000
chmod-socket = 755
vacuum = true
#设置缓冲大小
post-buffering = 4096
#设置静态文件目录映射
static-map = /static=/usr/local/wwwroot/ad-password-self-service/static
#设置日志保存目录
daemonize = /usr/local/wwwroot/log/uwsgi/uwsgi.log
````
## 通过uwsgi启动
/usr/local/python3/bin/uwsgi -d --ini /usr/local/wwwroot/ad-password-self-service/uwsgi.ini
其中/xxx/xxx/ad-password-self-service/uwsgi.ini是你自己的服务器中此文件的真实地址
启动之后也可以通过IP+端口访问了。
提供2个脚本让uwsgi在修改文件时能自动重载
uwsgi-start.sh:
```shell
请自行修改将脚本修改完之后
复制到/etc/init.d/,给予执行权限。
执行/etc/init.d/uwsigserver start 启动
#!/bin/sh
/usr/local/python3/bin/uwsgi -d --ini /usr/local/wwwroot/ad-password-self-service/uwsgi.ini --touch-reload "/usr/local/wwwroot/ad-password-self-service/reload.set"
```
## 自行部署Nginx然后添加Nginx配置
#### Nginx配置
uwsgi-autoreload.sh:
````shell
#!/bin/sh
objectdir="/usr/local/wwwroot/ad-password-self-service"
/usr/bin/inotifywait -mrq --exclude "(logs|\.swp|\.swx|\.log|\.pyc|\.sqlite3)" --timefmt '%d/%m/%y %H:%M' --format '%T %wf' --event modify,delete,move,create,attrib ${objectdir} | while read files
do
/bin/touch /usr/local/wwwroot/ad-password-self-service/reload.set
continue
done &
````
脚本内的路径按自己实际情况修改
## Nginx配置
Nginx Server配置
* proxy_pass的IP地址改成自己的服务器IP
* 配置可自己写一个vhost或直接加在nginx.conf中
``` nginx
```` nginx
server {
listen 80;
server_name pwd.abc.com;
@ -178,9 +164,11 @@ server {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
access_log off;
access_log /var/log/nginx/vhost/pwd.log access;
error_log /var/log/nginx/vhost/pwd.err error;
}
```
- 执行Nginx reload操作重新加载配置
````
- 执行Nginx reload操作重新加载配置

7
requestment Normal file
View File

@ -0,0 +1,7 @@
Django==2.1.8
dingtalk-sdk>=1.2.2
pycrypto==2.6
cryptography
ldap3
requests
uwsgi

9
requirement
View File

@ -1,9 +0,0 @@
Django==3.2
attrs==21.2.0
python-dateutil==2.8.1
dingtalk-sdk==1.3.8
cryptography==3.4.7
ldap3==2.9
django-redis==4.12.1
requests==2.28.1
uwsgi==2.0.21

3
resetpwd/admin.py Normal file
View File

@ -0,0 +1,3 @@
from django.contrib import admin
# Register your models here.

0
resetpwd/migrations/__init__.py Normal file
View File

4
resetpwd/models.py Normal file
View File

@ -0,0 +1,4 @@
from django.db import models
from django import forms
from django.contrib import auth

3
resetpwd/tests.py Normal file
View File

@ -0,0 +1,3 @@
from django.test import TestCase
# Create your tests here.

115
resetpwd/utils.py
View File

@ -1,115 +0,0 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# @FileName utils.py
# @Software:
# @Author: Leven Xiang
# @Mail: xiangle0109@outlook.com
# @Date 2021/5/20 8:47
from django.shortcuts import render
import logging
from ldap3.core.exceptions import LDAPException
from django.conf import settings
import os
from utils.tracecalls import decorator_logger
APP_ENV = os.getenv('APP_ENV')
if APP_ENV == 'dev':
from conf.local_settings_dev import *
else:
from conf.local_settings import *
logger = logging.getLogger(__name__)
@decorator_logger(logger, log_head='AccountOps', pretty=True, indent=2, verbose=1)
def code_2_user_detail(ops, home_url, code):
"""
临时授权码换取userinfo
"""
_, s, e = ops.get_user_detail(code=code, home_url=home_url)
return _, s, e
@decorator_logger(logger, log_head='AccountOps', pretty=True, indent=2, verbose=1)
def ops_account(ad_ops, request, msg_template, home_url, username, new_password):
"""
ad 账号操作判断账号状态重置密码或解锁账号
"""
try:
print("ops_account: {}".format(username))
_status, _account = ad_ops.ad_ensure_user_by_account(username=username)
if not _status:
context = {
'global_title': TITLE,
'msg': "账号[%s]在AD中不存在请确认当前钉钉扫码账号绑定的邮箱是否和您正在使用的邮箱一致或者该账号己被禁用\n猜测:您的账号或邮箱是否是带有数字或其它字母区分?" % username,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
_status, account_code = ad_ops.ad_get_user_status_by_account(username)
if _status and account_code in settings.AD_ACCOUNT_DISABLE_CODE:
context = {
'global_title': TITLE,
'msg': "此账号状态为己禁用请联系HR确认账号是否正确。",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
elif not _status:
context = {
'global_title': TITLE,
'msg': "错误:{}".format(account_code),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
if new_password:
reset_status, result = ad_ops.ad_reset_user_pwd_by_account(username=username, new_password=new_password)
if reset_status:
# 重置密码并执行一次解锁,防止重置后账号还是锁定状态。
unlock_status, result = ad_ops.ad_unlock_user_by_account(username)
if unlock_status:
context = {
'global_title': TITLE,
'msg': "密码己修改成功,请妥善保管。你可以点击修改密码或直接关闭此页面!",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
else:
context = {
'global_title': TITLE,
'msg': "密码未修改/重置成功,错误信息:{}".format(result),
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
else:
unlock_status, result = ad_ops.ad_unlock_user_by_account(username)
if unlock_status:
context = {
'global_title': TITLE,
'msg': "账号己解锁成功。你可以点击返回主页或直接关闭此页面!",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
else:
context = {
'global_title': TITLE,
'msg': "账号未能解锁,错误信息:{}".format(result),
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
except LDAPException as l_e:
context = {
'global_title': TITLE,
'msg': "账号未能解锁,错误信息:{}".format(l_e),
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)

0
resetpwd/utils/__init__.py Normal file
View File

99
resetpwd/utils/ad.py Normal file
View File

@ -0,0 +1,99 @@
from ldap3 import *
from pwdselfservice.local_settings import *
def __ad_connect():
username = str(AD_LOGIN_USER).lower()
server = Server(host=AD_HOST, use_ssl=True, port=636, get_info='ALL')
try:
conn = Connection(server, auto_bind=True, user=username, password=AD_LOGIN_USER_PWD, authentication='NTLM')
return conn
except Exception:
raise Exception('Server Error. Could not connect to Domain Controller')
def ad_ensure_user_by_sam(username):
"""
通过sAMAccountName查询某个用户是否在AD中
:param username: 除去@domain.com 的部分
:return: True or False
"""
conn = __ad_connect()
base_dn = BASE_DN
condition = '(&(objectclass=person)(mail=' + username + '))'
attributes = ['sAMAccountName']
return conn.search(base_dn, condition, attributes=attributes)
def ad_ensure_user_by_mail(user_mail_addr):
"""
通过mail查询某个用户是否在AD中
:param user_mail_addr:
:return: True or False
"""
conn = __ad_connect()
base_dn = BASE_DN
condition = '(&(objectclass=person)(mail=' + user_mail_addr + '))'
attributes = ['mail']
return conn.search(base_dn, condition, attributes=attributes)
def ad_get_user_displayname_by_mail(user_mail_addr):
conn = __ad_connect()
conn.search(BASE_DN, '(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=[
'displayName'])
user_displayname = conn.entries[0]['displayName']
conn.unbind()
return user_displayname
def ad_get_user_dn_by_mail(user_mail_addr):
conn = __ad_connect()
conn.search(BASE_DN,
'(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=['distinguishedName'])
user_dn = conn.entries[0]['distinguishedName']
return user_dn
def ad_get_user_status_by_mail(user_mail_addr):
conn = __ad_connect()
conn.search(BASE_DN,
'(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=['userAccountControl'])
user_account_control = conn.entries[0]['userAccountControl']
return user_account_control
def ad_unlock_user_by_mail(user_mail_addr):
conn = __ad_connect()
user_dn = ad_get_user_dn_by_mail(user_mail_addr)
result = conn.extend.microsoft.unlock_account(user="%s" % user_dn)
conn.unbind()
return result
def ad_reset_user_pwd_by_mail(user_mail_addr, new_password):
conn = __ad_connect()
user_dn = ad_get_user_dn_by_mail(user_mail_addr)
result = conn.extend.microsoft.modify_password(user="%s" % user_dn, new_password="%s" % new_password)
conn.unbind()
return result
def ad_modify_user_pwd_by_mail(user_mail_addr, old_password, new_password):
conn = __ad_connect()
user_dn = ad_get_user_dn_by_mail(user_mail_addr)
result = conn.extend.microsoft.modify_password(user="%s" % user_dn, new_password="%s" % new_password,
old_password="%s" % old_password)
conn.unbind()
return result
def ad_get_user_locked_status_by_mail(user_mail_addr):
conn = __ad_connect()
conn.search(BASE_DN, '(&(objectclass=person)(mail=' + user_mail_addr + '))', attributes=['lockoutTime'])
locked_status = conn.entries[0]['lockoutTime']
print(locked_status)
if '1601-01-01' in str(locked_status):
return 0
else:
return locked_status

22
resetpwd/utils/crypto.py Normal file
View File

@ -0,0 +1,22 @@
from cryptography.fernet import Fernet
class Crypto(object):
"""docstring for ClassName"""
def __init__(self, key):
self.factory = Fernet(key)
@staticmethod
def generate_key():
key = Fernet.generate_key()
print(key)
# 加密
def encrypt(self, string):
token = str(self.factory.encrypt(string.encode('utf-8')), 'utf-8')
return token
# 解密
def decrypt(self, token):
string = self.factory.decrypt(bytes(token.encode('utf-8'))).decode('utf-8')
return string

82
resetpwd/utils/dingding.py Normal file
View File

@ -0,0 +1,82 @@
from dingtalk.client import *
import requests
from pwdselfservice.local_settings import *
def ding_get_access_token():
resp = requests.get(
url=DING_URL + "/gettoken",
params=dict(appid=DING_SELF_APP_ID, appsecret=DING_SELF_APP_SECRET)
)
resp = resp.json()
if resp['access_token']:
return resp['access_token']
else:
return None
def ding_get_persistent_code(code, token):
resp = requests.post(
url="%s/get_persistent_code?access_token=%s" % (DING_URL, token),
json=dict(tmp_auth_code=code),
)
resp = resp.json()
if resp['unionid']:
return resp['unionid']
else:
return None
def ding_client_connect():
client = AppKeyClient(corp_id=DING_CORP_ID, app_key=DING_APP_KEY, app_secret=DING_APP_SECRET)
return client
def ding_get_dept_user_list_detail(dept_id, offset, size):
client = ding_client_connect()
result = client.user.list(department_id=dept_id, offset=offset, size=size)
return result
def ding_get_userinfo_by_code(code):
"""
:param code: requestAuthCode接口中获取的CODE
:return:
"""
client = ding_client_connect()
resutl = client.user.getuserinfo(code)
return resutl
def ding_get_userid_by_unionid(unionid):
"""
:param unionid: 用户在当前钉钉开放平台账号范围内的唯一标识
:return:
"""
client = ding_client_connect()
resutl = client.user.get_userid_by_unionid(unionid)
if resutl['userid']:
return resutl['userid']
else:
return None
def ding_get_org_user_count():
"""
企业员工数量
only_active 是否包含未激活钉钉的人员数量
:return:
"""
client = ding_client_connect()
resutl = client.user.get_org_user_count('only_active')
return resutl
def ding_get_userinfo_detail(user_id):
"""
user_id 用户ID
:return:
"""
client = ding_client_connect()
resutl = client.user.get(user_id)
return resutl

3
resetpwd/form.py → resetpwd/utils/form.py
View File

@ -1,5 +1,6 @@
from django.forms import fields as c_fields
from django import forms as c_forms
from django.core.exceptions import ValidationError
class CheckForm(c_forms.Form):
@ -16,7 +17,7 @@ class CheckForm(c_forms.Form):
)
old_password = c_fields.CharField(error_messages={'required': '确认密码不能为空'})
ensure_password = c_fields.CharField(error_messages={'required': '确认密码不能为空'})
username = c_fields.CharField(error_messages={'required': '账号不能为空', 'invalid': '账号格式错误'})
user_email = c_fields.CharField(error_messages={'required': '邮箱不能为空', 'invalid': '邮箱格式错误'})
def clean(self):
pwd0 = self.cleaned_data.get('old_password')

30
resetpwd/utils/pwdcheck.py Normal file
View File

@ -0,0 +1,30 @@
from django.shortcuts import render, reverse, HttpResponsePermanentRedirect, redirect
from django.http import *
from django.contrib import messages
from dingtalk import *
from resetpwd.models import *
from .crypto import Crypto
from .ad import ad_get_user_locked_status_by_mail, ad_unlock_user_by_mail, ad_reset_user_pwd_by_mail, \
ad_get_user_status_by_mail, ad_ensure_user_by_mail, ad_modify_user_pwd_by_mail
from .dingding import ding_get_userinfo_detail, ding_get_userid_by_unionid, ding_get_userinfo_by_code, \
ding_get_persistent_code, ding_get_access_token
from pwdselfservice.local_settings import *
from .form import *
class CustomPasswortValidator(object):
def __init__(self, min_length=1, max_length=30):
self.min_length = min_length
def validate(self, password):
special_characters = "[~\!@#\$%\^&\*\(\)_\+{}\":;'\[\]]"
if not any(char.isdigit() for char in password):
raise ValidationError(_('Password must contain at least %(min_length)d digit.') % {'min_length': self.min_length})
if not any(char.isalpha() for char in password):
raise ValidationError(_('Password must contain at least %(min_length)d letter.') % {'min_length': self.min_length})
if not any(char in special_characters for char in password):
raise ValidationError(_('Password must contain at least %(min_length)d special character.') % {'min_length': self.min_length})
def get_help_text(self):
return ""

527
resetpwd/views.py
View File

@ -1,304 +1,359 @@
import json
import logging
import os
import traceback
from django.shortcuts import render
from utils.ad_ops import AdOps
import urllib.parse as url_encode
from utils.format_username import format2username, get_user_is_active, get_email_from_userinfo
from .form import CheckForm
from .utils import code_2_user_detail, ops_account
from utils.tracecalls import decorator_logger
from pwdselfservice import cache_storage
APP_ENV = os.getenv('APP_ENV')
if APP_ENV == 'dev':
from conf.local_settings_dev import INTEGRATION_APP_TYPE, DING_MO_APP_ID, WEWORK_CORP_ID, WEWORK_AGENT_ID, HOME_URL, \
DING_CORP_ID, TITLE
else:
from conf.local_settings import INTEGRATION_APP_TYPE, DING_MO_APP_ID, WEWORK_CORP_ID, WEWORK_AGENT_ID, HOME_URL, \
DING_CORP_ID, TITLE
msg_template = 'messages.html'
logger = logging.getLogger(__name__)
from django.http import *
from resetpwd.utils.crypto import Crypto
from resetpwd.utils.ad import ad_get_user_locked_status_by_mail, ad_unlock_user_by_mail, ad_reset_user_pwd_by_mail, \
ad_get_user_status_by_mail, ad_ensure_user_by_mail, ad_modify_user_pwd_by_mail
from resetpwd.utils.dingding import ding_get_userinfo_detail, ding_get_userid_by_unionid, \
ding_get_persistent_code, ding_get_access_token
from pwdselfservice.local_settings import *
from resetpwd.utils.form import CheckForm
import logging
class PARAMS(object):
if INTEGRATION_APP_TYPE == 'DING':
corp_id = DING_CORP_ID
app_id = DING_MO_APP_ID
agent_id = None
AUTH_APP = '钉钉'
from utils.dingding_ops import DingDingOps
ops = DingDingOps()
elif INTEGRATION_APP_TYPE == 'WEWORK':
corp_id = None
app_id = WEWORK_CORP_ID
agent_id = WEWORK_AGENT_ID
AUTH_APP = '微信'
from utils.wework_ops import WeWorkOps
ops = WeWorkOps()
msg_template = 'msg.html'
home_url = HOME_URL
logger = logging.getLogger('django')
scan_params = PARAMS()
_ops = scan_params.ops
@decorator_logger(logger, log_head='Request', pretty=True, indent=2, verbose=1)
def auth(request):
home_url = '%s://%s' % (request.scheme, HOME_URL)
corp_id = scan_params.corp_id
app_id = scan_params.app_id
agent_id = scan_params.agent_id
scan_app = scan_params.AUTH_APP
redirect_url = url_encode.quote(home_url + '/resetPassword')
app_type = INTEGRATION_APP_TYPE
global_title = TITLE
if request.method == 'GET':
return render(request, 'auth.html', locals())
else:
logger.error('[异常] 请求方法:%s,请求路径%s' % (request.method, request.path))
@decorator_logger(logger, log_head='Request', pretty=True, indent=2, verbose=1)
def index(request):
home_url = '%s://%s' % (request.scheme, HOME_URL)
scan_app = scan_params.AUTH_APP
global_title = TITLE
def resetpwd_index(request):
home_url = HOME_URL
app_id = DING_SELF_APP_ID
if request.method == 'GET':
return render(request, 'index.html', locals())
else:
logger.error('[异常] 请求方法:%s,请求路径:%s' % (request.method, request.path))
elif request.method == 'POST':
# 对前端提交的数据进行二次验证,防止恶意提交简单密码或篡改账号。
if request.method == 'POST':
check_form = CheckForm(request.POST)
# 对前端提交的用户名、密码进行二次验证防止有人恶意修改前端JS提交简单密码或提交非法用户
if check_form.is_valid():
form_obj = check_form.cleaned_data
username = form_obj.get("username")
user_email = form_obj.get("user_email")
old_password = form_obj.get("old_password")
new_password = form_obj.get("new_password")
else:
_msg = check_form
logger.error('[异常] 请求方法:%s,请求路径:%s,错误信息:%s' % (request.method, request.path, _msg))
msg = check_form.as_p().errors
logger.error('[异常] 请求方法:%s,请求路径:%s,错误信息:%s' % (request.method, request.path, msg))
context = {
'global_title': TITLE,
'msg': _msg,
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
'msg': msg,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
# 格式化用户名
_, username = format2username(username)
if _ is False:
try:
# 判断账号是否被锁定
if ad_get_user_locked_status_by_mail(user_mail_addr=user_email) is not 0:
context = {
'msg': "此账号己被锁定,请先解锁账号。",
'button_click': "window.history.back()",
'button_display': "返回"
}
return render(request, msg_template, context)
# 判断账号状态是否禁用或锁定
if ad_get_user_status_by_mail(user_mail_addr=user_email) == 514 or ad_get_user_status_by_mail(
user_mail_addr=user_email) == 66050:
context = {
'msg': "此账号状态为己禁用请联系HR确认账号是否正确。",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
except IndexError:
context = {
'global_title': TITLE,
'msg': username,
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
'msg': "请确认邮箱账号[%s]是否正确未能在Active Directory中检索到相关信息。" % user_email,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
# 检测账号状态
auth_status, auth_result = AdOps().ad_auth_user(username=username, password=old_password)
if not auth_status:
except Exception as e:
context = {
'global_title': TITLE,
'msg': str(auth_result),
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e),
'button_click': "window.history.back()",
'button_display': "返回"
}
return render(request, msg_template, context)
return ops_account(AdOps(), request, msg_template, home_url, username, new_password)
# 修改密码
result = ad_modify_user_pwd_by_mail(user_mail_addr=user_email, old_password=old_password,
new_password=new_password)
if result is True:
context = {
'msg': "密码己修改成功,请妥善保管密码。你可直接关闭此页面!",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
else:
context = {
'msg': "密码未修改成功,请确认旧密码是否正确。",
'button_click': "window.history.back()",
'button_display': "返回"
}
return render(request, msg_template, context)
else:
context = {
'global_title': TITLE,
'msg': "不被接受的认证信息,请重新尝试认证授权。",
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
'msg': "请从主页进行修改密码操作或扫码验证用户信息。",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
@decorator_logger(logger, log_head='Request', pretty=True, indent=2, verbose=1)
def reset_password(request):
"""
钉钉扫码并验证信息通过之后在重置密码页面将用户账号进行绑定
:param request:
:return:
"""
home_url = '%s://%s' % (request.scheme, HOME_URL)
if request.method == 'GET':
code = request.GET.get('code')
username = request.GET.get('username')
# 如果从GET路径中提取到username、code并且在缓存中存在username对应的code值说明已经认证过
if username and code and cache_storage.get(username) == code:
def resetpwd_check_userinfo(request):
code = request.GET.get('code')
if code:
logger.info('[成功] 请求方法:%s,请求路径:%sCODE%s' % (request.method, request.path, code))
else:
logger.error('[异常] 请求方法:%s,请求路径:%s未能拿到CODE。' % (request.method, request.path))
try:
unionid = ding_get_persistent_code(code, ding_get_access_token())
# unionid 在钉钉企业中是否存在
if not unionid:
logger.error('[异常] 请求方法:%s,请求路径:%s未能拿到unionid。' % (request.method, request.path))
context = {
'global_title': TITLE,
'username': username,
'code': code,
'msg': '未能在钉钉企业通讯录中检索到相关信息,请确认当前登录钉钉的账号已在企业中注册!',
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, 'reset_password.html', context)
# 否则就是第一次认证用code换取用户信息
else:
if not code:
context = {
'global_title': TITLE,
'msg': "临时授权码己失效,请尝试重新认证授权...",
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
try:
_status, user_id, user_info = code_2_user_detail(_ops, home_url, code)
if not _status:
return render(request, msg_template, user_id)
# 账号在企业微信或钉钉中是否是激活的
_, res = get_user_is_active(user_info)
if not _:
context = {
'global_title': TITLE,
'msg': '当前扫码的用户未激活或可能己离职,用户信息如下:%s' % user_info,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
return render(request, msg_template, context)
# 通过user_info拿到用户邮箱并格式化为username
_, email = get_email_from_userinfo(user_info)
if not _:
context = {
'global_title': TITLE,
'msg': email,
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
_, username = format2username(email)
if _ is False:
context = {
'global_title': TITLE,
'msg': username,
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
if username:
cache_storage.set(username, code, ttl=300)
context = {
'global_title': TITLE,
'username': username,
'code': code,
}
return render(request, 'reset_password.html', context)
else:
context = {
'global_title': TITLE,
'msg': "{},您好,企业{}中未能找到您账号的邮箱配置请联系HR完善信息。".format(
user_info.get('name'), scan_params.AUTH_APP),
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
}
return render(request, msg_template, context)
except Exception as callback_e:
ding_user_info = ding_get_userinfo_detail(ding_get_userid_by_unionid(unionid))
try:
# 钉钉中此账号是否可用
if ding_user_info['active']:
crypto = Crypto(CRYPTO_KEY)
unionid_cryto = crypto.encrypt(unionid)
# 配置cookie并重定向到重置密码页面。
set_cookie = HttpResponseRedirect('resetpwd')
set_cookie.set_cookie('tmpid', unionid_cryto, expires=TMPID_COOKIE_AGE)
return set_cookie
else:
context = {
'global_title': TITLE,
'msg': "错误[%s],请与管理员联系." % str(callback_e),
'msg': '邮箱是[%s]的用户在钉钉中未激活或可能己离职' % ding_user_info['email'],
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
logger.error('[异常] %s' % str(callback_e))
return render(request, msg_template, context)
except IndexError:
context = {
'msg': "用户不存在或己离职",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
except Exception as e:
logger.error('[异常] %s' % str(e))
except KeyError:
context = {
'msg': "错误钉钉临时Code己失效请从主页重新扫码。",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
logger.error('[异常] %s' % str(KeyError))
return render(request, msg_template, context)
except Exception as e:
context = {
'msg': "错误[%s],请与管理员联系." % str(e),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
logger.error('[异常] %s' % str(e))
return render(request, msg_template, context)
def resetpwd_reset(request):
global unionid_crypto
if request.method == 'GET':
try:
unionid_crypto = request.COOKIES.get('tmpid')
except Exception as e:
logger.error('[异常] %s' % str(e))
if not unionid_crypto:
logger.error('[异常] 请求方法:%s,请求路径:%s未能拿到CODE或CODE己超时。' % (request.method, request.path))
context = {
'msg': "会话己超时,请重新扫码验证用户信息。",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
crypto = Crypto(CRYPTO_KEY)
unionid = crypto.decrypt(unionid_crypto)
user_email = ding_get_userinfo_detail(ding_get_userid_by_unionid(unionid))['email']
if user_email:
context = {
'user_email': user_email,
}
return render(request, 'resetpwd.html', context)
else:
context = {
'msg': "%s 您好企业钉钉中未能找到您账号的邮箱配置请联系HR完善信息。" % ding_get_userinfo_detail(ding_get_userid_by_unionid(
unionid))['name'],
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
# 重置密码页面,输入新密码后点击提交
elif request.method == 'POST':
username = request.POST.get('username')
code = request.POST.get('code')
if username and code and cache_storage.get(username) == code:
_new_password = request.POST.get('new_password').strip()
try:
return ops_account(ad_ops=AdOps(), request=request, msg_template=msg_template, home_url=home_url,
username=username, new_password=_new_password)
except Exception as reset_e:
context = {
'global_title': TITLE,
'msg': "错误[%s],请与管理员联系." % str(reset_e),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
logger.error('[异常] %s' % str(reset_e))
return render(request, msg_template, context)
else:
new_password = request.POST.get('new_password').strip()
unionid_crypto = request.COOKIES.get('tmpid')
if not unionid_crypto:
context = {
'global_title': TITLE,
'msg': "认证已经失效,可尝试从重新认证授权。",
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
'msg': "会话己超时,请重新扫码验证用户信息。",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
crypto = Crypto(CRYPTO_KEY)
unionid = crypto.decrypt(unionid_crypto)
user_email = ding_get_userinfo_detail(ding_get_userid_by_unionid(unionid))['email']
if ad_ensure_user_by_mail(user_mail_addr=user_email) is False:
context = {
'msg': "账号[%s]在AD中不存在请确认当前钉钉扫码账号绑定的邮箱是否和您正在使用的邮箱一致或者该邮箱账号己被禁用\n猜测:您的邮箱是否是带有数字或其它字母区分?" % user_email,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
if ad_get_user_status_by_mail(user_mail_addr=user_email) == 514 or ad_get_user_status_by_mail(
user_mail_addr=user_email) == 66050:
context = {
'msg': "此账号状态为己禁用请联系HR确认账号是否正确。",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
try:
result = ad_reset_user_pwd_by_mail(user_mail_addr=user_email, new_password=new_password)
if result:
# 重置密码并执行一次解锁,防止重置后账号还是锁定状态。
ad_unlock_user_by_mail(user_email)
context = {
'msg': "密码己重置成功,请妥善保管。你可以点击返回主页或直接关闭此页面!",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
else:
context = {
'msg': "密码未重置成功确认密码是否满足AD的复杂性要求。",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
except IndexError:
context = {
'msg': "请确认邮箱账号[%s]是否正确未能在AD中检索到相关信息。" % user_email,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
except Exception as e:
context = {
'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
else:
context = {
'msg': "请从主页开始进行操作。",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
@decorator_logger(logger, log_head='Request', pretty=True, indent=2, verbose=1)
def unlock_account(request):
"""
解锁账号
:param request:
:return:
"""
home_url = '%s://%s' % (request.scheme, HOME_URL)
def resetpwd_unlock(request):
if request.method == 'GET':
code = request.GET.get('code')
username = request.GET.get('username')
if username and code and cache_storage.get(username) == code:
unionid_crypto = request.COOKIES.get('tmpid')
if not unionid_crypto:
context = {
'global_title': TITLE,
'username': username,
'code': code,
'msg': "会话己超时,请重新扫码验证用户信息。",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, 'unlock.html', context)
else:
return render(request, msg_template, context)
crypto = Crypto(CRYPTO_KEY)
unionid = crypto.decrypt(unionid_crypto)
user_email = ding_get_userinfo_detail(ding_get_userid_by_unionid(unionid))['email']
context = {
'user_email': user_email,
}
return render(request, 'resetpwd.html', context)
elif request.method == 'POST':
unionid_crypto = request.COOKIES.get('tmpid')
if not unionid_crypto:
context = {
'global_title': TITLE,
'msg': "{},您好,当前会话可能已经过期,请再试一次吧。".format(username),
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
'msg': "会话己超时,请重新扫码验证用户信息。",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
crypto = Crypto(CRYPTO_KEY)
unionid = crypto.decrypt(unionid_crypto)
user_email = ding_get_userinfo_detail(ding_get_userid_by_unionid(unionid))['email']
if ad_ensure_user_by_mail(user_mail_addr=user_email) is False:
context = {
'msg': "账号[%s]在AD中未能正确检索到请确认当前钉钉扫码账号绑定的邮箱是否和您正在使用的邮箱一致或者该邮箱账号己被禁用\n猜测:您的邮箱是否是带有数字或其它字母区分?" %
user_email,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
if request.method == 'POST':
username = request.POST.get('username')
code = request.POST.get('code')
if username and code and cache_storage.get(username) == code:
try:
return ops_account(AdOps(), request, msg_template, home_url, username, None)
except Exception as reset_e:
try:
result = ad_unlock_user_by_mail(user_email)
if result:
context = {
'global_title': TITLE,
'msg': "错误[%s],请与管理员联系." % str(reset_e),
'msg': "账号己解锁成功。你可以点击返回主页或直接关闭此页面!",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
logger.error('{}' .format(traceback.format_exc()))
return render(request, msg_template, context)
else:
else:
context = {
'msg': "账号未能解锁请联系管理员确认该账号在AD的是否己禁用。",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
except IndexError:
context = {
'global_title': TITLE,
'msg': "认证已经失效,请尝试从重新进行认证授权。",
'button_click': "window.location.href='%s'" % '/auth',
'button_display': "重新认证授权"
'msg': "请确认邮箱账号[%s]是否正确未能在AD中检索到相关信息。" % user_email,
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
except Exception as e:
context = {
'msg': "出现未预期的错误[%s],请与管理员联系~" % str(e),
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
else:
context = {
'msg': "请从主页开始进行操作。",
'button_click': "window.location.href='%s'" % home_url,
'button_display': "返回主页"
}
return render(request, msg_template, context)
@decorator_logger(logger, log_head='Request', pretty=True, indent=2, verbose=1)
def messages(request):
_msg = request.GET.get('msg')
def reset_msg(request):
msg = request.GET.get('msg')
button_click = request.GET.get('button_click')
button_display = request.GET.get('button_display')
context = {
'global_title': TITLE,
'msg': _msg,
'msg': msg,
'button_click': button_click,
'button_display': button_display
}

BIN
screenshot/143fce31873f4d7a4ecd7a7b8c6a24c.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 164 KiB

BIN
screenshot/212473880-4a59c535-85bb-42d2-a99a-899265c83136.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 114 KiB

BIN
screenshot/212474177-dd68b0c9-81cc-4eb0-9196-e760784e3f69.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 422 KiB

BIN
screenshot/212474178-2214cfe0-d5a2-4f62-85bd-531705030200.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 422 KiB

BIN
screenshot/212474222-e1c13e1b-bb6f-4523-b040-24a65055d681.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 79 KiB

BIN
screenshot/212474233-44ed826b-dd3a-4d0f-b7ed-983e667a1a60.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 59 KiB

BIN
screenshot/212474293-0cd60898-22c3-4258-ac4c-dfee52a6cf1e.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 167 KiB

BIN
screenshot/QQ截图20230116152954.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 93 KiB

BIN
screenshot/Snipaste_2019-07-15_20-05-49.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 230 KiB

BIN
screenshot/Snipaste_2019-07-15_20-06-14.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 284 KiB

BIN
screenshot/h5微应用--开发管理.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 111 KiB

BIN
screenshot/h5微应用--权限管理.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 268 KiB

BIN
screenshot/h5微应用.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 168 KiB

BIN
screenshot/创建H5微应用--版本管理与发布.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 116 KiB

BIN
screenshot/创建H5微应用.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 133 KiB

BIN
screenshot/创建H5微应用01.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 122 KiB

BIN
screenshot/创建H5微应用02.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 153 KiB

BIN
screenshot/创建H5微应用03.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 42 KiB

BIN
screenshot/创建H5微应用04.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 162 KiB

BIN
screenshot/创建H5微应用05.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 74 KiB

BIN
screenshot/创建H5微应用06.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 238 KiB

BIN
screenshot/微信图片_20221220140900.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 112 KiB

BIN
screenshot/微信小应用01-企业可信IP.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 65 KiB

BIN
screenshot/微信小应用01-应用主机.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 82 KiB

BIN
screenshot/微信小应用01-应用主页-配置.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 69 KiB

BIN
screenshot/微信小应用01-网页授权及J-SDK配置.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 143 KiB

BIN
screenshot/微信小应用02.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 121 KiB

BIN
screenshot/微信小应用03.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 167 KiB

BIN
screenshot/微信小应用04.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 289 KiB

BIN
screenshot/微扫码13.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 116 KiB

BIN
screenshot/微扫码14.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 90 KiB

BIN
screenshot/微扫码15.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 158 KiB

BIN
screenshot/微扫码16.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 90 KiB

BIN
screenshot/扫码成功.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 194 KiB

135
static/css/load.css Normal file
View File

@ -0,0 +1,135 @@
.sk-fading-circle {
margin: 100px auto;
width: 40px;
height: 40px;
position: relative;
}
.sk-fading-circle .sk-circle {
width: 100%;
height: 100%;
position: absolute;
left: 0;
top: 0;
}
.sk-fading-circle .sk-circle:before {
content: '';
display: block;
margin: 0 auto;
width: 15%;
height: 15%;
background-color: #333;
border-radius: 100%;
-webkit-animation: sk-circleFadeDelay 1.2s infinite ease-in-out both;
animation: sk-circleFadeDelay 1.2s infinite ease-in-out both;
}
.sk-fading-circle .sk-circle2 {
-webkit-transform: rotate(30deg);
-ms-transform: rotate(30deg);
transform: rotate(30deg);
}
.sk-fading-circle .sk-circle3 {
-webkit-transform: rotate(60deg);
-ms-transform: rotate(60deg);
transform: rotate(60deg);
}
.sk-fading-circle .sk-circle4 {
-webkit-transform: rotate(90deg);
-ms-transform: rotate(90deg);
transform: rotate(90deg);
}
.sk-fading-circle .sk-circle5 {
-webkit-transform: rotate(120deg);
-ms-transform: rotate(120deg);
transform: rotate(120deg);
}
.sk-fading-circle .sk-circle6 {
-webkit-transform: rotate(150deg);
-ms-transform: rotate(150deg);
transform: rotate(150deg);
}
.sk-fading-circle .sk-circle7 {
-webkit-transform: rotate(180deg);
-ms-transform: rotate(180deg);
transform: rotate(180deg);
}
.sk-fading-circle .sk-circle8 {
-webkit-transform: rotate(210deg);
-ms-transform: rotate(210deg);
transform: rotate(210deg);
}
.sk-fading-circle .sk-circle9 {
-webkit-transform: rotate(240deg);
-ms-transform: rotate(240deg);
transform: rotate(240deg);
}
.sk-fading-circle .sk-circle10 {
-webkit-transform: rotate(270deg);
-ms-transform: rotate(270deg);
transform: rotate(270deg);
}
.sk-fading-circle .sk-circle11 {
-webkit-transform: rotate(300deg);
-ms-transform: rotate(300deg);
transform: rotate(300deg);
}
.sk-fading-circle .sk-circle12 {
-webkit-transform: rotate(330deg);
-ms-transform: rotate(330deg);
transform: rotate(330deg);
}
.sk-fading-circle .sk-circle2:before {
-webkit-animation-delay: -1.1s;
animation-delay: -1.1s;
}
.sk-fading-circle .sk-circle3:before {
-webkit-animation-delay: -1s;
animation-delay: -1s;
}
.sk-fading-circle .sk-circle4:before {
-webkit-animation-delay: -0.9s;
animation-delay: -0.9s;
}
.sk-fading-circle .sk-circle5:before {
-webkit-animation-delay: -0.8s;
animation-delay: -0.8s;
}
.sk-fading-circle .sk-circle6:before {
-webkit-animation-delay: -0.7s;
animation-delay: -0.7s;
}
.sk-fading-circle .sk-circle7:before {
-webkit-animation-delay: -0.6s;
animation-delay: -0.6s;
}
.sk-fading-circle .sk-circle8:before {
-webkit-animation-delay: -0.5s;
animation-delay: -0.5s;
}
.sk-fading-circle .sk-circle9:before {
-webkit-animation-delay: -0.4s;
animation-delay: -0.4s;
}
.sk-fading-circle .sk-circle10:before {
-webkit-animation-delay: -0.3s;
animation-delay: -0.3s;
}
.sk-fading-circle .sk-circle11:before {
-webkit-animation-delay: -0.2s;
animation-delay: -0.2s;
}
.sk-fading-circle .sk-circle12:before {
-webkit-animation-delay: -0.1s;
animation-delay: -0.1s;
}
@-webkit-keyframes sk-circleFadeDelay {
0%, 39%, 100% { opacity: 0; }
40% { opacity: 1; }
}
@keyframes sk-circleFadeDelay {
0%, 39%, 100% { opacity: 0; }
40% { opacity: 1; }
}

119
static/css/login.css Normal file
View File

@ -0,0 +1,119 @@
a, body, button, dd, div, dl, dt, h1, h2, h3, h4, h5, h6, input, li, ol, p, td, textarea, ul { margin: 0; padding: 0; }
body, button, input, select, textarea { font: 9pt/1.5 tahoma,arial,Hiragino Sans GB,\5b8b\4f53,sans-serif; }
button, h1, h2, h3, h4, h5, h6, input, select, textarea { font-size: 100%; }
/*background-image: linear-gradient(160deg, #2f548e 20%,#043559 80%);*/
html{height: 100%; background-image: linear-gradient(160deg, #2f548e 20%,#043559 80%);}
ol, ul { list-style: none;}
a { color: #666; text-decoration: none; }
a:hover { color: #043559; text-decoration: underline; }
body { font-size: 9pt; height: 100%;
font-family: 'microsoft yahei', sans-serif; min-width: 750pt; margin: 0; overflow: hidden}
img { border: 0; vertical-align: top; }
textarea { resize: none; }
a, button, input, select, textarea { outline: 0; }
a, button { cursor: pointer; }
button { border: none; }
.errorlist {font-size: 16px; color: #333333}
.pagewrap {height: 100% }
.main { position: relative; margin-top:0; width: 100%; height: 100%}
.header {height: 100px;margin-bottom: 5%;margin-left: 50px; background: url(/static/img/logo.png) left center no-repeat; }
.header h1 a { display: block; }
.content { overflow: hidden; margin-left: 10% }
.content .con_left { float: left; height: 450px; width: 50%; margin-top: 65px}
/*.content .con_left .box {position: absolute; width: 400px; height:400px; left: 50%; right: 50%; margin-left: -100px; margin-right: -100px;}*/
.content .con_left p { padding: 0 0 3px; width: 10pc; color: #040000; font-size: 1pc; font-family: 'microsoft yahei', sans-serif; }
.content .con_left a { padding: 0 0 0 2pc; color: #2f548e; text-decoration: underline; font-size: 1pc; font-family: 'microsoft yahei', sans-serif; }
.content .con_right { float: left; margin: 65px 0 0; width: 28pc; height: 450px; border: 1px solid #dedede; background: #fff; }
.content .con_right .con_r_top { padding: 0 0 0 39px; width: 409px; height: 110px; border-top: 8px solid #2e558e; }
.content .con_right .con_r_top .left, .content .con_right .con_r_top .right { float: left; padding: 35px 0 0; width: 186px; height: 35px; text-align: center; text-decoration: none; font-size: 18px; font-family: "微软雅黑"; }
.content .con_right .con_r_top .left { border-bottom: 2px solid #dedede; color: #999; }
.content .con_right ul .con_r_left .erweima { text-align: center; }
.content .con_right ul .con_r_left p {color: #2f548e; font-size: 25px; font-family: 'microsoft yahei', sans-serif; }
.content .con_right ul .con_r_left .user input { margin: 0 0 21px -1px; padding-left: 7px; width: 324px; height: 33px; border: 1px solid #dedede; color: #999; font-size: 14px; font-family: "微软雅黑"; line-height: 2pc; }
.content .con_right ul .con_r_left .user { padding: 0 0 0 39px; }
.content .con_right ul .con_r_left .user ul{font-size: 16px; color: #333333}
.content .con_right ul .con_r_left .user li{font-size: 16px; color: #333333}
.content .con_right ul .con_r_left .user .user-icon { float: left; width: 36px; height: 35px; background: url(../img/user-icon.jpg) left top no-repeat; }
.content .con_right ul .con_r_left .user .mima-icon { float: left; width: 36px; height: 35px; background: url(../img/mima-icon.jpg) left top no-repeat; }
.content .con_right ul .con_r_left .user .unlock-icon { float: left; width: 36px; height: 35px; background: url(../img/unlock.jpg) left top no-repeat; }
.content .con_right ul .con_r_left p { overflow: hidden; padding: 0 39px 37px; color: #666; font-size: 13px; font-family: 'microsoft yahei', sans-serif; }
.content .con_right ul .con_r_left p .mima { float: left; padding-left: 5px; text-decoration: none; }
.content .con_right ul .con_r_left p .zhuce { float: right; text-decoration: none; }
.content .con_right ul .con_r_left button { margin: 0 0 0 75pt; width: 250px; height: 44px; background: #2e558e; color: #fff; font-size: 1pc; font-family: 'microsoft yahei', sans-serif; }
.content .con_right .con_r_top .right { border-bottom: 2px solid #2e558e; color: #333; }
.content .con_right ul .con_r_right .user input { margin: 0 0 21px -1px; padding-left: 7px; width: 324px; height: 33px; border: 1px solid #dedede; color: #999; font-size: 14px; font-family: "微软雅黑"; line-height: 2pc; }
.content .con_right ul .con_r_right .user { padding: 0 0 0 39px; }
.content .con_right ul .con_r_right .user ul{font-size: 16px; color: #333333}
.content .con_right ul .con_r_right .user li{font-size: 16px; color: #333333}
.content .con_right ul .con_r_right .user .user-icon { float: left; width: 36px; height: 35px; background: url(../img/user-icon.jpg) left top no-repeat; }
.content .con_right ul .con_r_right .user .mima-icon { float: left; width: 36px; height: 35px; background: url(../img/mima-icon.jpg) left top no-repeat; }
.content .con_right ul .con_r_right .user .unlock-icon { float: left; width: 36px; height: 35px; background: url(../img/unlock.jpg) left top no-repeat; }
.content .con_right ul .con_r_right p { overflow: hidden; padding: 0 39px 37px; color: #666; font-size: 13px; font-family: 'microsoft yahei', sans-serif; }
.content .con_right ul .con_r_right p .mima { float: left; padding-left: 5px; text-decoration: none; }
.content .con_right ul .con_r_right p .zhuce { float: right; text-decoration: none; }
.content .con_right ul .con_r_right button { margin: 0 0 0 75pt; width: 250px; height: 44px; background: #2e558e; color: #fff; font-size: 1pc; font-family: 'microsoft yahei', sans-serif; }
.content .con_right ul .con_r_left { display: none; }
.con_right ul .con_r_left .erweima { position: relative; margin: 0 auto; width: 365px; height: 330px; }
.qrcode { position: absolute; top: 0; left: 0; width: 174px; height: 11pc; }
.divimg { position: absolute; top: 50%; left: 50%; z-index: 100; overflow: hidden; margin-top: -15px; margin-left: -30px; padding: 1px; width: 60px; height: 30px; border: 1px solid #eee; border-radius: .5rem; background: #fff; opacity: .9; filter: alpha(opacity=90); -moz-opacity: .9; }
.content .con_right ul .con_r_right .user .yanzheng { width: 150px; margin: 0 5px 10px 1px; padding-left: 5px; }
.content .con_right ul .con_r_right .user .next { font-size: 12px; width: 40px; height: 33px; float: right; margin-right: 40px; }
.content .con_right .con_r_top { *height: 90px; }
.autoWidth{margin:0 auto;min-width:1000px;max-width:1200px}
.auto{margin:0 auto;min-width:1000px;max-width:1200px}
@media screen and (max-width:1233px){.auto{padding-left:10px}
}
.clearfix:after,.clearfix:before{display:table;line-height:0;content:""}
.clearfix:after{clear:both}
.clear-float{clear:both}
.footer{background-color:#009fd9;font-family: 'microsoft yahei', sans-serif; }
.footer-floor1{width:100%;padding:36px 0 60px}
.footer-list{width:69%;height:100%;float:left}
.footer-list ul{float:left;margin-right:13%}
.footer-list .flist-4{margin-right:0}
.footer-list li{line-height:32px}
.footer-list li a{color:#b6e2f2;font-size:12px;text-decoration:none}
.footer-list li a:hover{text-decoration:underline;color:#fff}
.footer-list .flist-title{font-size:16px;color:#fff;margin-bottom:15px}
.footer-floor2{width:100%;border-top:1px solid #4cc3ed;padding:20px 0;text-align:center}
.footer-floor2 p{text-align:center;color:#b6e2f2;font-size:12px;line-height:30px}
.footer-floor2 p span{font-family:PingFangSC-Light,'helvetica neue','hiragino sans gb',tahoma,'microsoft yahei ui','microsoft yahei',sans-serif}
.footer-floor2 a{color:#b6e2f2}
.footer-floor2 a:hover{color:#a8d0e0;text-decoration:underline}
.foot-link{margin:0 15px;text-decoration:none;color:#b6e2f2}
.foot-link:hover{text-decoration:underline}
.footer-right{width:300px;float:right}
.telephone{width:100%;height:32px;line-height:32px;color:#fff}
.telephone .tel-number{font-size:30px;font-weight:400;text-align:right}
.official-plat{width:100%;height:100%;margin-top:20px;position:relative}
.official-plat ul{float:right;margin-top:7px}
.official-plat ul li{height:45px}
.official-plat ul a{display:inline-block;height:32px;width:100%;line-height:32px;color:#fff;text-decoration:none;font-size:12px}
.official-plat>p{display:inline-block;width:132px;height:132px;border:1px solid #ddd;background-color:#fff}
#wx-corner{border:10px solid transparent;border-left:10px solid #fff;position:absolute;top:12px;right:-20px;z-index:10}
#wb-corner{border:10px solid transparent;border-left:10px solid #fff;position:absolute;top:58px;right:-20px;z-index:10}
.five-superiority{width:100%;border-bottom:1px solid #27aede;padding:10px 0 20px}
.five-superiority-list li{float:left;width:20%;height:36px;text-align:center;border-left:1px solid #27aede}
.five-superiority-list li:first-child{border-left:none}
.five-superiority-list li a{display:inline-block;position:relative;width:100%;height:36px;line-height:36px;background:no-repeat 2% center;text-indent:2em;color:#fff;font-size:16px}
.five-superiority-list li a:hover{color:#bfe7f5}
.five-superiority-list li a.superiority-text{text-indent:4em}
.compensate_ico .superiority-icon{background-position:0 0}
.compensate_ico:hover .superiority-icon{background-position:0 -50px}
.retreat_ico .superiority-icon{background-position:0 -100px}
.retreat_ico:hover .superiority-icon{background-position:0 -150px}
.technology_ico .superiority-icon{background-position:0 -200px}
.technology_ico:hover .superiority-icon{background-position:0 -250px}
.prepare_ico .superiority-icon{background-position:0 -300px}
.prepare_ico:hover .superiority-icon{background-position:0 -350px}
.service_ico .superiority-icon{background-position:0 -400px}
.service_ico:hover .superiority-icon{background-position:0 -450px}
.marquee-box{overflow:hidden;width:100%;position:absolute;left:0;top:0}
.marquee{width:8000%;height:60px}
.wave-list-box{float:left}
.wave-list-box ul{float:left;height:60px;overflow:hidden;zoom:1}
.wave-list-box ul li{height:60px;width:100%;float:left;line-height:30px;list-style:none}
.wave-box{position:relative;height:60px;background:#fff}

112
static/css/style.css
View File

@ -1,54 +1,66 @@
html, body {
width: 100%;
height: 100%;
}
body {
font-family: "Microsoft Yahei", serif;
background: #fafafa;
}
a:link {
text-decoration: none;
}
a:hover {
cursor:pointer;
}
.a-middle-text {
text-align: center;
}
.grid {
padding: 1px;
line-height: 50px;
margin-bottom: 15px;
}
.middle-header {
margin-top: 30px;
line-height: 50px;
margin-bottom: 5%;
border-color: #b7b7b7;
font-weight: bold;
text-align: center;
}
.middle-header-title {
margin-top: 30px;
line-height: 50px;
border-color: #b7b7b7;
font-weight: bold;
*{margin:0;padding:0;box-sizing:border-box;list-style:none}
html{height: 100%; width:100%}
body{font-family:"Microsoft Yahei";min-width:1000px}
a{outline:0;text-decoration:none}
strong{font-weight:400}
.strong{font-weight:700}
::selection{background:#1EACDF;color:#fff}
img{border:0}
::-moz-selection{background:#1EACDF;color:#fff}
::-webkit-selection{background:#1EACDF;color:#fff}
.autoWidth{margin:0 auto;min-width:1000px;max-width:1200px}
.auto{margin:0 auto;min-width:1000px;max-width:1200px}
@media screen and (max-width:1233px){.auto{padding-left:10px}
}
.clearfix:after,.clearfix:before{display:table;line-height:0;content:""}
.clearfix:after{clear:both}
.clear-float{clear:both}
.layui-panel {
padding: 10px 20px;
}
.layui-elem-fieldset {
margin-top: 10%;
border-color: #b7b7b7;
border-radius: 6px;
background: #ffffff;
}
.footer{background-color:#009fd9;font-family:"Microsoft Yahei"}
.footer-floor1{width:100%;padding:36px 0 60px}
.footer-list{width:69%;height:100%;float:left}
.footer-list ul{float:left;margin-right:13%}
.footer-list .flist-4{margin-right:0}
.footer-list li{line-height:32px}
.footer-list li a{color:#b6e2f2;font-size:12px;text-decoration:none}
.footer-list li a:hover{text-decoration:underline;color:#fff}
.footer-list .flist-title{font-size:16px;color:#fff;margin-bottom:15px}
.footer-floor2{width:100%;border-top:1px solid #4cc3ed;padding:20px 0;text-align:center}
.footer-floor2 p{text-align:center;color:#b6e2f2;font-size:12px;line-height:30px}
.footer-floor2 p span{font-family:PingFangSC-Light,'helvetica neue','hiragino sans gb',tahoma,'microsoft yahei ui','microsoft yahei',simsun,sans-serif}
.footer-floor2 a{color:#b6e2f2}
.footer-floor2 a:hover{color:#a8d0e0;text-decoration:underline}
.foot-link{margin:0 15px;text-decoration:none;color:#b6e2f2}
.foot-link:hover{text-decoration:underline}
.footer-right{width:300px;float:right}
.official-plat{width:100%;height:100%;margin-top:20px;position:relative}
.official-plat ul{float:right;margin-top:7px}
.official-plat ul li{height:45px}
.official-plat ul a{display:inline-block;height:32px;width:100%;line-height:32px;color:#fff;text-decoration:none;font-size:12px}
.official-plat>p{display:inline-block;width:132px;height:132px;border:1px solid #ddd;background-color:#fff}
#wx-corner{border:10px solid transparent;border-left:10px solid #fff;position:absolute;top:12px;right:-20px;z-index:10}
#wb-corner{border:10px solid transparent;border-left:10px solid #fff;position:absolute;top:58px;right:-20px;z-index:10}
.five-superiority{width:100%;border-bottom:1px solid #27aede;padding:10px 0 20px}
.five-superiority-list li{float:left;width:20%;height:36px;text-align:center;border-left:1px solid #27aede}
.five-superiority-list li:first-child{border-left:none}
.five-superiority-list li a{display:inline-block;position:relative;width:100%;height:36px;line-height:36px;background:no-repeat 2% center;text-indent:2em;color:#fff;font-size:16px}
.five-superiority-list li a:hover{color:#bfe7f5}
.five-superiority-list li a.superiority-text{text-indent:4em}
.compensate_ico .superiority-icon{background-position:0 0}
.compensate_ico:hover .superiority-icon{background-position:0 -50px}
.retreat_ico .superiority-icon{background-position:0 -100px}
.retreat_ico:hover .superiority-icon{background-position:0 -150px}
.technology_ico .superiority-icon{background-position:0 -200px}
.technology_ico:hover .superiority-icon{background-position:0 -250px}
.prepare_ico .superiority-icon{background-position:0 -300px}
.prepare_ico:hover .superiority-icon{background-position:0 -350px}
.service_ico .superiority-icon{background-position:0 -400px}
.service_ico:hover .superiority-icon{background-position:0 -450px}
.marquee-box{overflow:hidden;width:100%;position:absolute;left:0;top:0}
.marquee{width:8000%;height:60px}
.wave-list-box{float:left}
.wave-list-box ul{float:left;height:60px;overflow:hidden;zoom:1}
.wave-list-box ul li{height:60px;width:100%;float:left;line-height:30px;list-style:none}
.wave-box{position:relative;height:60px;background:#fff}

BIN
static/img/logo.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 20 KiB

BIN
static/img/logo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.4 KiB

1
static/js/bubbly-bg.js Normal file
View File

@ -0,0 +1 @@
"use strict";window.bubbly=function(t){var n=t||{},o=function(){return Math.random()},r=n.canvas||document.createElement("canvas"),e=r.width,a=r.height;null===r.parentNode&&(r.setAttribute("style","position:fixed;z-index:-1;left:0;top:0;min-width:100vw;min-height:100vh;"),e=r.width=window.innerWidth,a=r.height=window.innerHeight,document.body.appendChild(r));var i=r.getContext("2d");i.shadowColor=n.shadowColor||"#fff",i.shadowBlur=n.blur||4;var l=i.createLinearGradient(0,0,e,a);l.addColorStop(0,n.colorStart||"#2AE"),l.addColorStop(1,n.colorStop||"#17B");for(var c=n.bubbles||Math.floor(.02*(e+a)),u=[],d=0;d<c;d++)u.push({f:(n.bubbleFunc||function(){return"hsla(0, 0%, 100%, "+.1*o()+")"}).call(),x:o()*e,y:o()*a,r:(n.radiusFunc||function(){return 4+o()*e/25}).call(),a:(n.angleFunc||function(){return o()*Math.PI*2}).call(),v:(n.velocityFunc||function(){return.1+.5*o()}).call()});!function t(){if(null===r.parentNode)return cancelAnimationFrame(t);!1!==n.animate&&requestAnimationFrame(t),i.globalCompositeOperation="source-over",i.fillStyle=l,i.fillRect(0,0,e,a),i.globalCompositeOperation=n.compose||"lighter",u.forEach(function(t){i.beginPath(),i.arc(t.x,t.y,t.r,0,2*Math.PI),i.fillStyle=t.f,i.fill(),t.x+=Math.cos(t.a)*t.v,t.y+=Math.sin(t.a)*t.v,t.x-t.r>e&&(t.x=-t.r),t.x+t.r<0&&(t.x=e+t.r),t.y-t.r>a&&(t.y=-t.r),t.y+t.r<0&&(t.y=a+t.r)})}()};

85
static/js/check.js Normal file
View File

@ -0,0 +1,85 @@
$(function () {
$(".content .con_right .left").click(function (e) {
$(this).css({ "color": "#333333", "border-bottom": "2px solid #2e558e" });
$(".content .con_right .right").css({ "color": "#999999", "border-bottom": "2px solid #dedede" });
$(".content .con_right ul .con_r_left").css("display", "block");
$(".content .con_right ul .con_r_right").css("display", "none");
});
$(".content .con_right .right").click(function (e) {
$(this).css({ "color": "#333333", "border-bottom": "2px solid #2e558e" });
$(".content .con_right .left").css({ "color": "#999999", "border-bottom": "2px solid #dedede" });
$(".content .con_right ul .con_r_right").css("display", "block");
$(".content .con_right ul .con_r_left").css("display", "none");
});
$('#btn_modify').click(function () {
// ^(?=.*[0-9])(?=.*[a-zA-Z])(?=.*[!@#$\%\^\&\*\(\)])[0-9a-zA-Z!@#$\%\^\&\*\(\)]{8,32}$ 要求密码了里面包含字母、数字、特殊字符。
// (?=.*[0-9])(?=.*[a-zA-Z])(?=.*[^a-zA-Z0-9]).{8,30} 密码必须同时包含大写、小写、数字和特殊字符其中三项且至少8位
// (?=.*?[a-z])(?=.*?[A-Z])(?=.*?\d)(?=.*?[!#@*&.])[a-zA-Z\d!#@*&.]*{8,30}$
// 判断密码满足大写字母,小写字母,数字和特殊字符,其中四种组合都需要包含
// (?=.*[0-9])(?=.*[a-zA-Z]).{8,30} 大小写字母+数字
regex_mail = new RegExp('^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+$')
regex_pwd = new RegExp('(?=.*[0-9])(?=.*[a-zA-Z])(?=.*[^a-zA-Z0-9]).{8,30}');
if ($.trim($('#user_email').val()) === '') {
alert('请输入邮箱账号');
return false;
} else if (!regex_mail.test($.trim($('#user_email').val()))) {
alert('请输入正确的邮箱账号。\n');
return false;
} else if ($.trim($('#old_password').val()) === '') {
alert('请输入旧密码');
return false;
} else if ($.trim($('#new_password').val()) === '') {
alert('请输入新密码');
return false;
} else if ($.trim($('#new_password').val()) === '1qaz@WSX') {
alert('密码1qaz@WSX为初始密码禁止使用请重新输入新密码。\n密码必须同时包含大写、小写、数字和特殊字符其中三项且至少8位。');
return false;
} else if (!regex_pwd.test($.trim($('#new_password').val()))) {
alert('密码不符合复杂度规则,请重新输入新密码。\n密码必须同时包含大写、小写、数字和特殊字符其中三项且至少8位。');
return false;
} else if ($.trim($('#ensure_password').val()) === '') {
alert('请再次输入新密码');
return false;
} else if ($.trim($('#new_password').val()) === $.trim($('#old_password').val())) {
alert('新旧密码不能一样');
return false;
} else if ($.trim($('#ensure_password').val()) !== $.trim($('#new_password').val())) {
alert('两次输入的新密码不一致');
return false;
} else {
return true;
}
});
$('#btn_reset').click(function () {
let regex_mail = new RegExp('^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+$')
let regex_pwd = new RegExp('(?=.*[0-9])(?=.*[a-zA-Z])(?=.*[^a-zA-Z0-9]).{8,30}');
if ($.trim($('#user_email').val()) === '') {
alert('请输入邮箱账号');
return false;
} else if (!regex_mail.test($.trim($('#user_email').val()))) {
alert('请输入正确的邮箱账号。\n');
return false;
} else if ($.trim($('#new_password').val()) === '') {
alert('请输入密码');
return false;
} else if ($.trim($('#ensure_password').val()) === '') {
alert('请再次输入新密码');
return false;
} else if ($.trim($('#new_password').val()) === '1qaz@WSX') {
alert('密码1qaz@WSX为初始密码禁止使用请重新输入新密码。\n密码必须同时包含大写、小写、数字和特殊字符其中三项且至少8位。');
return false;
} else if (!regex_pwd.test($.trim($('#new_password').val()))) {
alert('密码不符合复杂度规则,请重新输入新密码。\n密码必须同时包含大写、小写、数字和特殊字符其中三项且至少8位。\n例如1qaz@WSX');
return false;
} else if ($.trim($('#ensure_password').val()) !== $.trim($('#new_password').val())) {
alert('两次输入的新密码不一致');
return false;
} else {
return true;
}
});
})

18
static/js/ddLogin.js Normal file
View File

@ -0,0 +1,18 @@
!function (window, document) {
function d(a) {
var e, c = document.createElement("iframe"),
d = "https://login.dingtalk.com/login/qrcode.htm?goto=" + a.goto ;
d += a.style ? "&style=" + encodeURIComponent(a.style) : "",
d += a.href ? "&href=" + a.href : "",
c.src = d,
c.frameBorder = "0",
c.allowTransparency = "true",
c.scrolling = "no",
c.width = a.width ? a.width + 'px' : "365px",
c.height = a.height ? a.height + 'px' : "400px",
e = document.getElementById(a.id),
e.innerHTML = "",
e.appendChild(c)
}
window.DDLogin = d
}(window, document);

1
static/js/dingtalk.open.js
View File

File diff suppressed because one or more lines are too long

1
static/js/html5.min.js vendored
View File

@ -1 +0,0 @@
(function(e,t){function n(e,t){var n=e.createElement("p"),i=e.getElementsByTagName("head")[0]||e.documentElement;return n.innerHTML="x<style>"+t+"</style>",i.insertBefore(n.lastChild,i.firstChild)}function i(){var e=m.elements;return"string"==typeof e?e.split(" "):e}function r(e){var t={},n=e.createElement,r=e.createDocumentFragment,o=r();e.createElement=function(e){m.shivMethods||n(e);var i;return i=t[e]?t[e].cloneNode():g.test(e)?(t[e]=n(e)).cloneNode():n(e),i.canHaveChildren&&!f.test(e)?o.appendChild(i):i},e.createDocumentFragment=Function("h,f","return function(){var n=f.cloneNode(),c=n.createElement;h.shivMethods&&("+i().join().replace(/\w+/g,function(e){return t[e]=n(e),o.createElement(e),'c("'+e+'")'})+");return n}")(m,o)}function o(e){var t;return e.documentShived?e:(m.shivCSS&&!d&&(t=!!n(e,"article,aside,details,figcaption,figure,footer,header,hgroup,nav,section{display:block}audio{display:none}canvas,video{display:inline-block;*display:inline;*zoom:1}[hidden]{display:none}audio[controls]{display:inline-block;*display:inline;*zoom:1}mark{background:#FF0;color:#000}")),h||(t=!r(e)),t&&(e.documentShived=t),e)}function a(e){for(var t,n=e.getElementsByTagName("*"),r=n.length,o=RegExp("^(?:"+i().join("|")+")$","i"),a=[];r--;)t=n[r],o.test(t.nodeName)&&a.push(t.applyElement(s(t)));return a}function s(e){for(var t,n=e.attributes,i=n.length,r=e.ownerDocument.createElement(b+":"+e.nodeName);i--;)t=n[i],t.specified&&r.setAttribute(t.nodeName,t.nodeValue);return r.style.cssText=e.style.cssText,r}function l(e){for(var t,n=e.split("{"),r=n.length,o=RegExp("(^|[\\s,>+~])("+i().join("|")+")(?=[[\\s,>+~#.:]|$)","gi"),a="$1"+b+"\\:$2";r--;)t=n[r]=n[r].split("}"),t[t.length-1]=t[t.length-1].replace(o,a),n[r]=t.join("}");return n.join("{")}function c(e){for(var t=e.length;t--;)e[t].removeNode()}function u(e){var t,i,r=e.namespaces,o=e.parentWindow;return!y||e.printShived?e:(r[b]===void 0&&r.add(b),o.attachEvent("onbeforeprint",function(){for(var r,o,s,c=e.styleSheets,u=[],d=c.length,h=Array(d);d--;)h[d]=c[d];for(;s=h.pop();)if(!s.disabled&&v.test(s.media)){for(r=s.imports,d=0,o=r.length;o>d;d++)h.push(r[d]);try{u.push(s.cssText)}catch(p){}}u=l(u.reverse().join("")),i=a(e),t=n(e,u)}),o.attachEvent("onafterprint",function(){c(i),t.removeNode(!0)}),e.printShived=!0,e)}var d,h,p=e.html5||{},f=/^<|^(?:button|form|map|select|textarea|object|iframe)$/i,g=/^<|^(?:a|b|button|code|div|fieldset|form|h1|h2|h3|h4|h5|h6|i|iframe|img|input|label|li|link|ol|option|p|param|q|script|select|span|strong|style|table|tbody|td|textarea|tfoot|th|thead|tr|ul)$/i;(function(){var n=t.createElement("a");n.innerHTML="<xyz></xyz>",d="hidden"in n,d&&"function"==typeof injectElementWithStyles&&injectElementWithStyles("#modernizr{}",function(t){t.hidden=!0,d="none"==(e.getComputedStyle?getComputedStyle(t,null):t.currentStyle).display}),h=1==n.childNodes.length||function(){try{t.createElement("a")}catch(e){return!0}var n=t.createDocumentFragment();return n.cloneNode===void 0||n.createDocumentFragment===void 0||n.createElement===void 0}()})();var m={elements:p.elements||"abbr article aside audio bdi canvas data datalist details figcaption figure footer header hgroup mark meter nav output progress section summary time video",shivCSS:p.shivCSS!==!1,shivMethods:p.shivMethods!==!1,type:"default",shivDocument:o};e.html5=m,o(t);var v=/^$|\b(?:all|print)\b/,b="html5shiv",y=!h&&function(){var n=t.documentElement;return t.namespaces!==void 0&&t.parentWindow!==void 0&&n.applyElement!==void 0&&n.removeNode!==void 0&&e.attachEvent!==void 0}();m.type+=" print",m.shivPrint=u,u(t)})(this,document);

2
static/js/jquery-1.8.3.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

5
static/js/respond.min.js vendored
View File

@ -1,5 +0,0 @@
/*! Respond.js v1.4.2: min/max-width media query polyfill * Copyright 2013 Scott Jehl
* Licensed under https://github.com/scottjehl/Respond/blob/master/LICENSE-MIT
* */
!function(a){"use strict";a.matchMedia=a.matchMedia||function(a){var b,c=a.documentElement,d=c.firstElementChild||c.firstChild,e=a.createElement("body"),f=a.createElement("div");return f.id="mq-test-1",f.style.cssText="position:absolute;top:-100em",e.style.background="none",e.appendChild(f),function(a){return f.innerHTML='&shy;<style media="'+a+'"> #mq-test-1 { width: 42px; }</style>',c.insertBefore(e,d),b=42===f.offsetWidth,c.removeChild(e),{matches:b,media:a}}}(a.document)}(this),function(a){"use strict";function b(){u(!0)}var c={};a.respond=c,c.update=function(){};var d=[],e=function(){var b=!1;try{b=new a.XMLHttpRequest}catch(c){b=new a.ActiveXObject("Microsoft.XMLHTTP")}return function(){return b}}(),f=function(a,b){var c=e();c&&(c.open("GET",a,!0),c.onreadystatechange=function(){4!==c.readyState||200!==c.status&&304!==c.status||b(c.responseText)},4!==c.readyState&&c.send(null))};if(c.ajax=f,c.queue=d,c.regex={media:/@media[^\{]+\{([^\{\}]*\{[^\}\{]*\})+/gi,keyframes:/@(?:\-(?:o|moz|webkit)\-)?keyframes[^\{]+\{(?:[^\{\}]*\{[^\}\{]*\})+[^\}]*\}/gi,urls:/(url\()['"]?([^\/\)'"][^:\)'"]+)['"]?(\))/g,findStyles:/@media *([^\{]+)\{([\S\s]+?)$/,only:/(only\s+)?([a-zA-Z]+)\s?/,minw:/\([\s]*min\-width\s*:[\s]*([\s]*[0-9\.]+)(px|em)[\s]*\)/,maxw:/\([\s]*max\-width\s*:[\s]*([\s]*[0-9\.]+)(px|em)[\s]*\)/},c.mediaQueriesSupported=a.matchMedia&&null!==a.matchMedia("only all")&&a.matchMedia("only all").matches,!c.mediaQueriesSupported){var g,h,i,j=a.document,k=j.documentElement,l=[],m=[],n=[],o={},p=30,q=j.getElementsByTagName("head")[0]||k,r=j.getElementsByTagName("base")[0],s=q.getElementsByTagName("link"),t=function(){var a,b=j.createElement("div"),c=j.body,d=k.style.fontSize,e=c&&c.style.fontSize,f=!1;return b.style.cssText="position:absolute;font-size:1em;width:1em",c||(c=f=j.createElement("body"),c.style.background="none"),k.style.fontSize="100%",c.style.fontSize="100%",c.appendChild(b),f&&k.insertBefore(c,k.firstChild),a=b.offsetWidth,f?k.removeChild(c):c.removeChild(b),k.style.fontSize=d,e&&(c.style.fontSize=e),a=i=parseFloat(a)},u=function(b){var c="clientWidth",d=k[c],e="CSS1Compat"===j.compatMode&&d||j.body[c]||d,f={},o=s[s.length-1],r=(new Date).getTime();if(b&&g&&p>r-g)return a.clearTimeout(h),h=a.setTimeout(u,p),void 0;g=r;for(var v in l)if(l.hasOwnProperty(v)){var w=l[v],x=w.minw,y=w.maxw,z=null===x,A=null===y,B="em";x&&(x=parseFloat(x)*(x.indexOf(B)>-1?i||t():1)),y&&(y=parseFloat(y)*(y.indexOf(B)>-1?i||t():1)),w.hasquery&&(z&&A||!(z||e>=x)||!(A||y>=e))||(f[w.media]||(f[w.media]=[]),f[w.media].push(m[w.rules]))}for(var C in n)n.hasOwnProperty(C)&&n[C]&&n[C].parentNode===q&&q.removeChild(n[C]);n.length=0;for(var D in f)if(f.hasOwnProperty(D)){var E=j.createElement("style"),F=f[D].join("\n");E.type="text/css",E.media=D,q.insertBefore(E,o.nextSibling),E.styleSheet?E.styleSheet.cssText=F:E.appendChild(j.createTextNode(F)),n.push(E)}},v=function(a,b,d){var e=a.replace(c.regex.keyframes,"").match(c.regex.media),f=e&&e.length||0;b=b.substring(0,b.lastIndexOf("/"));var g=function(a){return a.replace(c.regex.urls,"$1"+b+"$2$3")},h=!f&&d;b.length&&(b+="/"),h&&(f=1);for(var i=0;f>i;i++){var j,k,n,o;h?(j=d,m.push(g(a))):(j=e[i].match(c.regex.findStyles)&&RegExp.$1,m.push(RegExp.$2&&g(RegExp.$2))),n=j.split(","),o=n.length;for(var p=0;o>p;p++)k=n[p],l.push({media:k.split("(")[0].match(c.regex.only)&&RegExp.$2||"all",rules:m.length-1,hasquery:k.indexOf("(")>-1,minw:k.match(c.regex.minw)&&parseFloat(RegExp.$1)+(RegExp.$2||""),maxw:k.match(c.regex.maxw)&&parseFloat(RegExp.$1)+(RegExp.$2||"")})}u()},w=function(){if(d.length){var b=d.shift();f(b.href,function(c){v(c,b.href,b.media),o[b.href]=!0,a.setTimeout(function(){w()},0)})}},x=function(){for(var b=0;b<s.length;b++){var c=s[b],e=c.href,f=c.media,g=c.rel&&"stylesheet"===c.rel.toLowerCase();e&&g&&!o[e]&&(c.styleSheet&&c.styleSheet.rawCssText?(v(c.styleSheet.rawCssText,e,f),o[e]=!0):(!/^([a-zA-Z:]*\/\/)/.test(e)&&!r||e.replace(RegExp.$1,"").split("/")[0]===a.location.host)&&("//"===e.substring(0,2)&&(e=a.location.protocol+e),d.push({href:e,media:f})))}w()};x(),c.update=x,c.getEmValue=t,a.addEventListener?a.addEventListener("resize",b,!1):a.attachEvent&&a.attachEvent("onresize",b)}}(this);

41
static/js/script.js Normal file
View File

@ -0,0 +1,41 @@
$(document).ready(function () {
$(".official-plat ul li:first-child").hover(function () {
$(".weixin").show();
$(".weibo").hide();
});
$("li[title='点击打开官方微博']").hover(function () {
$(".weixin").hide();
$(".weibo").show();
});
//href="#a_null"的统一设置为无效链接
$("a[href='#a_null']").click(function () {
return false;
});
});
//波浪动画
$(function () {
var marqueeScroll = function (id1, id2, id3, timer) {
var $parent = $("#" + id1);
var $goal = $("#" + id2);
var $closegoal = $("#" + id3);
$closegoal.html($goal.html());
function Marquee() {
if (parseInt($parent.scrollLeft()) - $closegoal.width() >= 0) {
$parent.scrollLeft(parseInt($parent.scrollLeft()) - $goal.width());
}
else {
$parent.scrollLeft($parent.scrollLeft() + 1);
}
}
setInterval(Marquee, timer);
}
var marqueeScroll1 = new marqueeScroll("marquee-box", "wave-list-box1", "wave-list-box2", 20);
var marqueeScroll2 = new marqueeScroll("marquee-box3", "wave-list-box4", "wave-list-box5", 40);
});

1
static/layui/css/layui.css
View File

File diff suppressed because one or more lines are too long

1
static/layui/css/modules/code.css
View File

@ -1 +0,0 @@
html #layuicss-skincodecss{display:none;position:absolute;width:1989px}.layui-code-view{display:block;position:relative;margin:10px 0;padding:0;border:1px solid #eee;border-left-width:6px;background-color:#fafafa;color:#333;font-family:Courier New;font-size:13px}.layui-code-title{position:relative;padding:0 10px;height:40px;line-height:40px;border-bottom:1px solid #eee;font-size:12px}.layui-code-title>.layui-code-about{position:absolute;right:10px;top:0;color:#b7b7b7}.layui-code-about>a{padding-left:10px}.layui-code-view>.layui-code-ol,.layui-code-view>.layui-code-ul{position:relative;overflow:auto}.layui-code-view>.layui-code-ol>li{position:relative;margin-left:45px;line-height:20px;padding:0 10px;border-left:1px solid #e2e2e2;list-style-type:decimal-leading-zero;*list-style-type:decimal;background-color:#fff}.layui-code-view>.layui-code-ol>li:first-child,.layui-code-view>.layui-code-ul>li:first-child{padding-top:10px}.layui-code-view>.layui-code-ol>li:last-child,.layui-code-view>.layui-code-ul>li:last-child{padding-bottom:10px}.layui-code-view>.layui-code-ul>li{position:relative;line-height:20px;padding:0 10px;list-style-type:none;*list-style-type:none;background-color:#fff}.layui-code-view pre{margin:0}.layui-code-dark{border:1px solid #0c0c0c;border-left-color:#3f3f3f;background-color:#0c0c0c;color:#c2be9e}.layui-code-dark>.layui-code-title{border-bottom:none}.layui-code-dark>.layui-code-ol>li,.layui-code-dark>.layui-code-ul>li{background-color:#3f3f3f;border-left:none}.layui-code-dark>.layui-code-ul>li{margin-left:6px}.layui-code-demo .layui-code{visibility:visible!important;margin:-15px;border-top:none;border-right:none;border-bottom:none}.layui-code-demo .layui-tab-content{padding:15px;border-top:none}

1
static/layui/css/modules/laydate/default/laydate.css
View File

File diff suppressed because one or more lines are too long

BIN
static/layui/css/modules/layer/default/icon-ext.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 5.8 KiB

BIN
static/layui/css/modules/layer/default/icon.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 11 KiB

1
static/layui/css/modules/layer/default/layer.css
View File

File diff suppressed because one or more lines are too long

BIN
static/layui/css/modules/layer/default/loading-0.gif
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 5.7 KiB

BIN
static/layui/css/modules/layer/default/loading-1.gif
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 701 B

BIN
static/layui/css/modules/layer/default/loading-2.gif
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.7 KiB

BIN
static/layui/font/iconfont.eot
View File

Binary file not shown.

554
static/layui/font/iconfont.svg
View File

File diff suppressed because one or more lines are too long
Side by Side

Before

Width:  |  Height:  |  Size: 299 KiB

BIN
static/layui/font/iconfont.ttf
View File

Binary file not shown.

BIN
static/layui/font/iconfont.woff
View File

Binary file not shown.

BIN
static/layui/font/iconfont.woff2
View File

Binary file not shown.

1
static/layui/layui.js
View File

File diff suppressed because one or more lines are too long

41
templates/auth.html
View File

@ -1,41 +0,0 @@
{% extends 'base.html' %}
{% load static %}
{% block headerjs %}<script type="text/javascript" src="{% static 'js/dingtalk.open.js' %}"></script>{% endblock %}
{% block paneltitle %}请稍后,授权信息认证中{% endblock %}
{% block middleblock %}
{% endblock %}
{% block footerjs %}
<script src="{% static 'layui/layui.js' %}"></script>
<script>
layui.use(['form', 'jquery', 'layer'], function () {
let layer = layui.layer,
$ = layui.jquery;
let re_url= ""
let index_load = layer.load(1, {shade: 0.4});
{% if app_type == 'DING' %}
dd.ready(() => {
dd.runtime.permission.requestAuthCode({corpId: '{{ corp_id }}'}).then((result) => {
re_url = '/resetPassword?code=' + result.code
window.parent.parent.location.href=re_url;
}).catch(err => {
layer.close(index_load)
layer.open({
title : '出错啦!'
,content: err
,btn: '关闭'
,btnAlign: 'c'
,yes: function(){
layer.closeAll();
}
});
});
});
{% elif app_type == 'WEWORK' %}
$(function () {
re_url = "https://open.weixin.qq.com/connect/oauth2/authorize?appid={{ app_id }}&agentid={{ agent_id }}&redirect_uri={{ redirect_url }}&response_type=code&scope=snsapi_privateinfo&state=#wechat_redirect"
window.parent.parent.location.href=re_url;
})
{% endif %}
});
</script>
{% endblock %}

57
templates/base.html
View File

@ -1,57 +0,0 @@
{% load static %}
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<meta http-equiv="Pragma" content= "no-cache" />
<meta http-equiv="Cache-Control" content= "no-cache" />
<meta http-equiv="Expires" content= "0" />
<title>{{ global_title }}</title>
<link rel="stylesheet" href="{% static 'layui/css/layui.css' %}">
<link rel="stylesheet" href="{% static 'css/style.css' %}">
{% block headercss %}{% endblock %}
{% block headerjs %}{% endblock %}
</head>
<body>
<!--[if lt IE 9]>
<script src="{% static 'js/html5.min.js' %}"></script>
<script src="{% static 'js/respond.min.js' %}"></script>
<![endif]-->
<div class="layui-container">
<div class="layui-row">
<div class="layui-hide-xs layui-col-md1">
<div class="grid"></div>
</div>
<div class="layui-col-xs12 layui-col-md10">
<div class="grid">
<div class="middle-header">
<h1>{{ global_title }}</h1>
</div>
<div class="layui-panel">
<div class="layui-row">
{% block upmiddleheader %}{% endblock %}
</div>
<fieldset class="layui-elem-field layui-field-title" style="margin-top: 20px;">
<legend>
{% block paneltitle %}{% endblock %}
</legend>
</fieldset>
{% block middleblock %}{% endblock %}
</div>
</div>
<div class="grid">
{% block middleblockfoot %}
{% endblock %}
</div>
</div>
<div class="layui-hide-xs layui-col-md1">
<div class="grid"></div>
</div>
</div>
</div>
<script src="{% static 'layui/layui.js' %}" charset="utf-8"></script>
{% block footercss %}{% endblock %}
{% block footerjs %}{% endblock %}
</body>
</html>

178
templates/index.html
View File

@ -1,72 +1,112 @@
{% extends 'base.html' %}
{% load static %}
{% block headerjs %}<script type="text/javascript" src="{% static 'js/dingtalk.open.js' %}"></script>{% endblock %}
{% block paneltitle %}修改密码{% endblock %}
{% block middleblock %}
<div class="layui-row">
<form class="layui-form layui-form-pane" action="/" method="post" autocomplete="off">{% csrf_token %}
<div class="layui-form-item">
<label class="layui-form-label">账号</label>
<div class="layui-input-block">
<input type="text" name="username" lay-verify="required" lay-verType="tips" autocomplete="off" placeholder="请输入账号" class="layui-input">
{% load staticfiles %}
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>密码自助服务</title>
<link type="text/css" rel="stylesheet" href="{% static 'css/login.css' %}">
<script type="text/javascript" src="{% static 'js/jquery-1.8.3.min.js' %}"></script>
<script type="text/javascript" src="{% static 'js/check.js' %}"></script>
<script src="//g.alicdn.com/dingding/dinglogin/0.0.5/ddLogin.js"></script>
</head>
<body>
<div class="pagewrap">
<div class="main">
<div class="header">
</div>
<div class="content">
<div class="con_left" >
<div style="margin: 0 auto; width:100%; height: 200px; line-height: 200px;" align="center" >
<p style="margin: 0 auto; color: #fdfdfe; font-size: 36px; width:100%; ">「域账号/邮箱」<small>密码自助平台</small></p>
</div>
<div style="margin: 0 auto; width:400px; height: 240px;">
<p style="margin: 0 auto; color: #fdfdfe; font-size: 16px; width:100%;
">提示新密码要求满足8至30位长度(不包含空格),至少包含大小写字母及数字组成。</p>
<p style="margin: 0 auto; color: #fdfdfe; font-size: 16px; width:100%;
">如果密码己遗忘,可点击[重置/解锁],使用钉钉扫描验证后直接重置密码。</p>
</div>
</div>
<div class="con_right">
<div class="con_r_top">
<a href="javascript:" class="right" style="color: rgb(51, 51, 51); border-bottom-width: 2px; border-bottom-style: solid; border-bottom-color: rgb(46, 85, 142);">修改密码</a>
<a href="javascript:" class="left" style="color: rgb(153, 153, 153); border-bottom-width: 2px; border-bottom-style: solid; border-bottom-color: rgb(222, 222, 222);">重置/解锁</a>
</div>
<ul>
<li class="con_r_right" style="display: block;">
<form name="modifypwd" method="post" action="" autocomplete="off">
{% csrf_token %}
<div class="user">
<div><span class="user-icon"></span>
<input type="text" id="user_email" name="user_email" placeholder=" 输入邮箱(例如user@abc.com)" value="">
</div>
<div><span class="mima-icon"></span>
<input type="password" id="old_password" name="old_password"
placeholder=" 输入旧密码" value="">
</div>
<div><span class="mima-icon"></span>
<input type="password" id="new_password" name="new_password"
placeholder=" 输入新密码" value="">
</div>
<div><span class="mima-icon"></span>
<input type="password" id="ensure_password" name="ensure_password"
placeholder=" 再次输入新密码" value="">
</div>
</div><br>
<button id="btn_modify" type="submit">修改密码</button>
</form>
</li>
<li class="con_r_left" style="display: none;">
<div style="margin-top: -30px" class="erweima">
<div style="width: 300px; height: 300px; margin: 0 auto" id="ding_code"></div>
<script type="text/javascript">
// 扫描之后需要跳转的域名填写自己的修改密码的域名地址http或https
var home_url = "{{ home_url }}";
// 钉钉移动应用接入ID
var appid = "{{ app_id }}";
// 钉钉回调域名
var url = encodeURIComponent(home_url + '/resetcheck');
var goto = encodeURIComponent('https://oapi.dingtalk.com/connect/oauth2/sns_authorize?appid=' + appid + '&response_type=code&scope=snsapi_login&state=STATE&redirect_uri=' + url);
var obj = DDLogin({
id: "ding_code",
goto: goto,
style: "border:none;background-color:#FFFFFF;",
width: "300",
height: "300"
});
// 获取loginTmpCode
const hanndleMessage = function (event) {
let origin = event.origin;
console.log("origin", event.origin)
//判断是否来自ddLogin扫码事件。
if (origin === "https://login.dingtalk.com") {
let loginTmpCode = event.data;
console.log("loginTmpCode", loginTmpCode);
if (loginTmpCode) {
location.href = "https://oapi.dingtalk.com/connect/oauth2/sns_authorize?appid=" + appid + "&response_type=code&scope=snsapi_login&state=STATE&redirect_uri=" + url + "&loginTmpCode=" + loginTmpCode;
}
}
};
if (typeof window.addEventListener !== 'undefined') {
window.addEventListener('message', hanndleMessage, false);
} else if (typeof window.attachEvent !== 'undefined') {
window.attachEvent('onmessage', hanndleMessage);
}
</script>
</div>
<div style="height: 70px; margin-top: -30px">
<p style="font-size: 18px; color: #2e558e" align="center">钉钉扫码验证用户信息</p>
</div>
</li>
</ul>
</div>
</div>
</div>
<div class="layui-form-item">
<label class="layui-form-label">旧密码</label>
<div class="layui-input-block">
<input type="password" lay-verify="required|newpass" lay-verType="tips" name="old_password" id="old_password" placeholder="请输入旧密码" autocomplete="off" class="layui-input">
</div>
</div>
<div class="layui-form-item">
<label class="layui-form-label">新密码</label>
<div class="layui-input-block">
<input type="password" lay-verify="pass" lay-verType="tips" name="new_password" id="new_password" placeholder="请输入新密码" autocomplete="off" class="layui-input">
</div>
</div>
<div class="layui-form-item">
<label class="layui-form-label">确认密码</label>
<div class="layui-input-block">
<input type="password" lay-verify="pass|repass" lay-verType="tips" name="ensure_password" id="ensure_password" placeholder="再次确认新密码" autocomplete="off" class="layui-input">
</div>
</div>
<div class="layui-form-item">
<button type="submit" lay-submit="" class="layui-btn layui-btn-normal layui-btn-fluid">立即提交</button>
</div>
<div class="layui-form-item a-middle-text">
<span class="layui-breadcrumb">
<a class="layui-text" id="redirect_url" href="/auth"><i class="layui-icon layui-icon-refresh-3"></i> 重置/解锁账号</a>
</span>
</div>
</form>
</div>
{% endblock %}
{% block middleblockfoot %}
<blockquote class="layui-elem-quote layui-quote-nm">
新密码8至30位长度要求包含大小写字母及数字。<br><br>
如果密码己遗忘,可点击上方<b>[<i class="layui-icon layui-icon-refresh-3"></i> 重置/解锁账号]</b>使用⌊{{ scan_app }}⌉应用内免登录授权并通过身份验证后进行重置/解锁账号。<br>
* 如果有当弹出提示<b>是否同意授权</b>时,请务必<b>全部同意</b>,否则无法获取关键信息,导致无法正常使用重置/解锁账号!
</blockquote>
{% endblock %}
{% block footercss %}{% endblock %}
{% block footerjs %}
<script src="{% static 'layui/layui.js' %}"></script>
<script>
layui.use(['form', 'jquery', 'layer'], function () {
let form = layui.form,
$ = layui.jquery;
form.verify({
pass: [
/^(?=.*[0-9])(?=.*[a-zA-Z])(?=.*[^a-zA-Z0-9]).{8,30}$/,
'密码必须8到30位要求包含大小写字母、数字与字符且不能出现空格'
],
repass: function (value,item) {
if ($('#ensure_password').val() !== $('#new_password').val()) {
return '两次输入密码不一致!';
}},
newpass: function (value,item) {
if ($('#old_password').val() === $('#password').val()) {
return '新旧密码不能重复使用,请修正!';
}}});
});
</div>
<script type="text/javascript">
window.onload=function() {
if (!!window.ActiveXObject || "ActiveXObject" in window)
alert("您当前使用的浏览器为IE或IE内核因为IE各种体验问题本网站不对IE兼容。\n为能正常使用密码自助修改服务请更换谷歌、火狐等非IE核心的浏览器。\n如果是360、Maxthon" +
"等这类双核心浏览器,请切换至[极速模式]亦可。")
}
</script>
{% endblock %}
</body></html>

15
templates/messages.html
View File

@ -1,15 +0,0 @@
{% extends 'base.html' %}
{% load static %}
{% block paneltitle %}结果{% endblock %}
{% block middleblock %}
<div class="layui-row">
<form class="layui-form layui-form-pane" method="get" autocomplete="off">{% csrf_token %}
<div class="layui-form-item">
{{ msg }}
</div>
<div class="layui-form-item">
<button type="button" class="layui-btn layui-btn-normal layui-btn-fluid" onclick="{{ button_click }}">{{ button_display }}</button>
</div>
</form>
</div>
{% endblock %}

45
templates/msg.html Normal file
View File

@ -0,0 +1,45 @@
{% load staticfiles %}
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>密码自助服务</title>
<link type="text/css" rel="stylesheet" href="{% static 'css/login.css' %}">
<script type="text/javascript" src="{% static 'js/jquery-1.8.3.min.js' %}"></script>
<script type="text/javascript" src="{% static 'js/check.js' %}"></script>
</head>
<body style="overflow: hidden">
<div class="pagewrap">
<div class="main">
<div class="header"></div>
<div class="content">
<div class="con_left" >
<div style="margin: 0 auto; width:100%; height: 200px; line-height: 200px;" align="center" >
<p style="margin: 0 auto; color: #fdfdfe; font-size: 36px; width:100%; ">「域账号/邮箱」
<small>密码自助平台</small></p>
</div>
<div style="margin: 0 auto; width:400px; height: 240px;">
<p style="margin: 0 auto; color: #fdfdfe; font-size: 16px; width:100%;
">提示新密码要求满足8至30位长度(不包含空格),至少包含大小写字母及数字组成。</p>
<p style="margin: 0 auto; color: #fdfdfe; font-size: 16px; width:100%;
">如果密码己遗忘,可点击[重置/解锁],使用钉钉扫描验证后直接重置密码。</p>
</div>
</div>
<div class="con_right">
<div class="con_r_top">
<p class="right" style="color: rgb(51, 51, 51); border-bottom: 2px solid rgb(46, 85, 142);">提示</p>
</div>
<form name="msg" method="get" action="" autocomplete="off">
<ul>
<li class="con_r_right" style="display: block;">
{% csrf_token %}
<div class="user" style="height: 220px;">
<p style="font-size: 16px;min-height: 1px; padding-left: 0; padding-right: 40px; margin:0">{{ msg }}</p>
</div><br>
<button id="btn_back" style="margin-top: 0" type="button" onclick="{{ button_click }}">{{ button_display }}</button>
</li>
</ul>
</form>
</div>
</div>
</div>
</div>
</body></html>

63
templates/reset_password.html
View File

@ -1,63 +0,0 @@
{% extends 'base.html' %}
{% load static %}
{% block paneltitle %}重置密码{% endblock %}
{% block middleblock %}
<div class="layui-row">
<form class="layui-form layui-form-pane" name="resetPassword" method="post" action="" autocomplete="off">{% csrf_token %}
<div class="layui-form-item">
<label class="layui-form-label">账号</label>
<div class="layui-input-block">
<input type="text" name="username" lay-verify="required" lay-verType="tips" autocomplete="off" readonly value="{{ username }}" class="layui-input">
<input type="hidden" id="code" name="code" readonly value="{{ code }}">
</div>
</div>
<div class="layui-form-item">
<label class="layui-form-label">新密码</label>
<div class="layui-input-block">
<input type="password" lay-verify="pass" lay-verType="tips" name="new_password" id="new_password" placeholder="请输入新密码" autocomplete="off" class="layui-input">
</div>
</div>
<div class="layui-form-item">
<label class="layui-form-label">确认密码</label>
<div class="layui-input-block">
<input type="password" lay-verify="pass|repass" lay-verType="tips" name="ensure_password" id="ensure_password" placeholder="再次确认新密码" autocomplete="off" class="layui-input">
</div>
</div>
<div class="layui-form-item">
<button type="submit" lay-submit="" class="layui-btn layui-btn-normal layui-btn-fluid">立即提交</button>
</div>
<div class="layui-form-item a-middle-text">
<span class="layui-breadcrumb">
<a class="layui-text" href="/"><i class="layui-icon layui-icon-prev"></i> 修改密码</a>
<a class="layui-text" id="redirect_url" href="/unlockAccount?code={{ code }}&username={{ username }}"><i class="layui-icon layui-icon-password"></i> 解锁账号</a>
</span>
</div>
</form>
</div>
{% endblock %}
{% block middleblockfoot %}
<blockquote class="layui-elem-quote layui-quote-nm">
新密码8至30位长度要求包含大小写字母及数字。
<p>会话有效期5分钟重置密码会自动解锁账号(己禁用的账号不会生效)</p>
</blockquote>
{% endblock %}
{% block footerjs %}
<script src="{% static 'layui/layui.js' %}"></script>
<script>
layui.use(['form', 'jquery',], function () {
let form = layui.form,
$ = layui.jquery;
form.verify({
pass: [
/^(?=.*[0-9])(?=.*[a-zA-Z])(?=.*[^a-zA-Z0-9]).{8,30}$/,
'密码必须8到30位要求包含大小写字母、数字与字符且不能出现空格'
],
repass: function (value,item) {
if ($('#ensure_password').val() !== $('#new_password').val()) {
return '两次输入密码不一致!';
}
}
});
});
</script>
{% endblock %}

15
templates/resetcheck.html Normal file
View File

@ -0,0 +1,15 @@
{% load staticfiles %}
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>密码自助服务</title>
<link type="text/css" rel="stylesheet" href="{% static 'css/login.css' %}">
<link type="text/css" rel="stylesheet" href="{% static 'css/load.css' %}">
<script type="text/javascript" src="{% static 'js/jquery-1.8.3.min.js' %}"></script>
<script type="text/javascript" src="{% static 'js/check.js' %}"></script>
</head>
<body style="overflow: hidden">
<form name="resetcheck" method="post" action="resetpwd" autocomplete="off">
{% csrf_token %}
</form>
</body></html>

72
templates/resetpwd.html Normal file
View File

@ -0,0 +1,72 @@
{% load staticfiles %}
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>密码自助服务</title>
<link type="text/css" rel="stylesheet" href="{% static 'css/login.css' %}">
<link type="text/css" rel="stylesheet" href="{% static 'css/load.css' %}">
<script type="text/javascript" src="{% static 'js/jquery-1.8.3.min.js' %}"></script>
<script type="text/javascript" src="{% static 'js/check.js' %}"></script>
</head>
<body style="overflow: hidden">
<div class="pagewrap">
<div class="main">
<div class="header"></div>
<div class="content">
<div class="con_left" >
<div style="margin: 0 auto; width:100%; height: 200px; line-height: 200px;" align="center" >
<p style="margin: 0 auto; color: #fdfdfe; font-size: 36px; width:100%; ">「域账号/邮箱」
<small>密码自助平台</small></p>
</div>
<div style="margin: 0 auto; width:400px; height: 240px;">
<p style="margin: 0 auto; color: #fdfdfe; font-size: 16px; width:100%;
">提示新密码要求满足8至30位长度包含大小写字母及数字。</p>
<p style="margin: 0 auto; color: #fdfdfe; font-size: 16px; width:100%;
">如果密码己遗忘,可点击[重置/解锁],使用钉钉扫描验证后直接重置密码。</p>
</div>
</div>
<div class="con_right">
<div class="con_r_top">
<p class="right" style="color: rgb(51, 51, 51); border-bottom: 2px solid rgb(46, 85, 142);">重置密码</p>
<a href="javascript:" class="left" style="color: rgb(153, 153, 153); border-bottom-width:2px; border-bottom-style: solid; border-bottom-color: rgb(222, 222, 222);">解锁账号</a>
</div>
<ul>
<li class="con_r_right" style="display: block;">
<form name="resetcheck" method="post" action="" autocomplete="off">
{% csrf_token %}
<div class="user">
<div><span class="user-icon"></span>
<input type="text" id="user_email" name="user_email" readonly placeholder="{{ user_email }}" value="{{ user_email }}">
</div>
<div><span class="mima-icon"></span>
<input type="password" id="new_password" name="new_password"
placeholder=" 输入新密码" value="">
</div>
<div><span class="mima-icon"></span>
<input type="password" id="ensure_password" name="ensure_password" placeholder=" 再次输入新密码" value="">
</div>
</div><br>
<p style="height: 20px">会话有效期5分钟重密码会自动解锁被锁定的账号。</p>
<button id="btn_reset" style="margin-top: 0" type="submit">重置密码</button>
</form>
</li>
<li class="con_r_left" style="display: none;">
<form name="resetunlock" method="post" action="resetunlock" autocomplete="off">
{% csrf_token %}
<div class="user" style="height: 168px">
<div><span class="user-icon"></span>
<input type="text" id="user_email" name="user_email" readonly placeholder="{{ user_email }}" value="{{ user_email }}">
</div>
<span class="msgs"></span>
</div><br>
<p style="height: 20px">会话有效期5分钟</p>
<button id="btn_unlock" style="margin-top: 0px" type="submit">解锁账号</button>
</form>
</li>
</ul>
</div>
</div>
</div>
</div>
</body></html>

31
templates/unlock.html
View File

@ -1,31 +0,0 @@
{% extends 'base.html' %}
{% load static %}
{% block paneltitle %}解锁账号{% endblock %}
{% block middleblock %}
<div class="layui-row">
<form class="layui-form layui-form-pane" name="unlockAccount" method="post" action="" autocomplete="off">{% csrf_token %}
<div class="layui-form-item">
<label class="layui-form-label">账号</label>
<div class="layui-input-block">
<input type="text" name="username" lay-verify="required" lay-verType="tips" autocomplete="off" readonly value="{{ username }}" class="layui-input">
<input type="hidden" id="code" name="code" readonly value="{{ code }}">
</div>
</div>
<div class="layui-form-item">
<button type="submit" lay-submit="" class="layui-btn layui-btn-normal layui-btn-fluid">立即提交</button>
</div>
<div class="layui-form-item a-middle-text">
<span class="layui-breadcrumb">
<a class="layui-text" href="/"><i class="layui-icon layui-icon-prev"></i> 修改密码</a>
<a class="layui-text" id="redirect_url" href="/resetPassword?code={{ code }}&username={{ username }}"><i class="layui-icon layui-icon-refresh-1"></i> 重置密码</a>
</span>
</div>
</form>
</div>
{% endblock %}
{% block middleblockfoot %}
<blockquote class="layui-elem-quote layui-quote-nm">
新密码8至30位长度要求包含大小写字母及数字。
<p>会话有效期5分钟</p>
</blockquote>
{% endblock %}

263
utils/ad_ops.py
View File

@ -1,263 +0,0 @@
from ldap3 import *
from ldap3.core.exceptions import LDAPInvalidCredentialsResult, LDAPOperationResult, LDAPExceptionError, LDAPException, \
LDAPSocketOpenError
from ldap3.core.results import *
from ldap3.utils.dn import safe_dn
import os
from utils.tracecalls import decorator_logger
import logging
APP_ENV = os.getenv('APP_ENV')
if APP_ENV == 'dev':
from conf.local_settings_dev import *
else:
from conf.local_settings import *
logger = logging.getLogger(__name__)
"""
根据以下网站的说明
https://docs.microsoft.com/zh-cn/troubleshoot/windows/win32/change-windows-active-directory-user-password
密码存储在 unicodePwd 属性中的用户对象的 AD LDS 数据库中 此属性可以在受限条件下写入但无法读取 只能修改属性;无法在对象创建时或由搜索查询时添加它
为了修改此属性客户端必须具有到服务器的 128 位传输层安全性 (TLS) /Secure Socket Layer (SSL) 连接
使用 SSP 创建的会话密钥使用 NTLM Kerberos的加密会话也可接受只要达到最小密钥长度
若要使用 TLS/SSL 实现此连接
服务器必须拥有 128 RSA 连接的服务器证书
客户端必须信任生成服务器证书 (CA) 证书颁发机构
客户端和服务器都必须能够进行 128 位加密
unicodePwd 属性的语法为 octet-string;但是目录服务预期八进制字符串将包含 UNICODE 字符串 (因为属性的名称指示)
这意味着在 LDAP 中传递的此属性的任何值都必须是 BER 编码的 UNICODE 字符串 (基本编码规则) 八进制字符串
此外UNICODE 字符串必须以引号开头和结尾这些引号不是所需密码的一部分
可通过两种方法修改 unicodePwd 属性 第一种操作类似于正常的 用户更改密码 操作
在这种情况下修改请求必须同时包含删除和添加操作 删除操作必须包含当前密码并包含其周围的引号
添加操作必须包含所需的新密码其周围必须有引号
修改此属性的第二种方法类似于管理员重置用户密码 为此客户端必须以具有修改其他用户密码的足够权限的用户进行绑定
此修改请求应包含单个替换操作其中包含用引号括起的新所需密码 如果客户端具有足够的权限则无论旧密码是什么此密码都将变为新密码
"""
class AdOps(object):
def __init__(self, auto_bind=True, use_ssl=LDAP_USE_SSL, port=LDAP_CONN_PORT, domain=LDAP_DOMAIN, user=LDAP_LOGIN_USER,
password=LDAP_LOGIN_USER_PWD,
authentication=NTLM):
"""
AD连接器 authentication [SIMPLE, ANONYMOUS, SASL, NTLM]
:return:
"""
self.use_ssl = use_ssl
self.port = port
# 如果doamin\\user中doamin部分被写成域名格式 只提取DOMAIN部分
self.domain = domain.split('.')[0] if domain is not None else None
self.user = user
self.password = password
self.authentication = authentication
self.auto_bind = auto_bind
self.server = None
self.conn = None
def __server(self):
if self.server is None:
try:
self.server = Server(host='%s' % LDAP_HOST, connect_timeout=1, use_ssl=self.use_ssl, port=self.port, get_info=ALL)
except LDAPInvalidCredentialsResult as lic_e:
return False, LDAPOperationResult("LDAPInvalidCredentialsResult: " + str(lic_e.message))
except LDAPOperationResult as lo_e:
return False, LDAPOperationResult("LDAPOperationResult: " + str(lo_e.message))
except LDAPException as l_e:
return False, LDAPException("LDAPException: " + str(l_e))
def __conn(self):
if self.conn is None:
try:
self.__server()
self.conn = Connection(self.server,
auto_bind=self.auto_bind, user=r'{}\{}'.format(self.domain, self.user),
password=self.password,
authentication=self.authentication,
raise_exceptions=True)
except LDAPInvalidCredentialsResult as lic_e:
return False, LDAPOperationResult("LDAPInvalidCredentialsResult: " + str(lic_e.message))
except LDAPOperationResult as lo_e:
return False, LDAPOperationResult("LDAPOperationResult: " + str(lo_e.message))
except LDAPException as l_e:
return False, LDAPException("LDAPException: " + str(l_e))
@decorator_logger(logger, log_head='AdOps', pretty=True, indent=2, verbose=1)
def ad_auth_user(self, username, password):
"""
验证账号
:param username:
:param password:
:return: True or False
"""
try:
self.__server()
c_auth = Connection(server=self.server, user=r'{}\{}'.format(self.domain, username), password=password,
auto_bind=True, raise_exceptions=True)
c_auth.unbind()
return True, '旧密码验证通过。'
except LDAPInvalidCredentialsResult as e:
if '52e' in e.message:
return False, u'账号或旧密码不正确!'
elif '775' in e.message:
return False, u'账号已锁定,请自行扫码解锁!'
elif '533' in e.message:
return False, u'账号已禁用!'
elif '525' in e.message:
return False, u'账号不存在!'
elif '532' in e.message:
return False, u'密码己过期!'
elif '701' in e.message:
return False, u'账号己过期!'
elif '773' in e.message:
# 如果仅仅使用普通凭据来绑定ldap用途请返回False, 让用户通过其他途径修改密码后再来验证登陆
# return False, '用户登陆前必须修改密码!'
# 设置该账号下次登陆不需要更改密码,再验证一次
self.__conn()
self.conn.search(search_base=BASE_DN, search_filter=SEARCH_FILTER.format(username),
attributes=['pwdLastSet'])
self.conn.modify(self.conn.entries[0].entry_dn, {'pwdLastSet': [(MODIFY_REPLACE, ['-1'])]})
return True, self.ad_auth_user(username, password)
else:
return False, u'旧密码认证失败,请确认账号的旧密码是否正确或使用重置密码功能。'
except LDAPException as e:
return False, "连接Ldap失败报错如下{}".format(e)
def ad_ensure_user_by_account(self, username):
"""
通过username查询某个用户是否在AD中
:param username:
:return: True or False
"""
try:
self.__conn()
return True, self.conn.search(BASE_DN, SEARCH_FILTER.format(username), attributes=['sAMAccountName'])
except IndexError:
return False, "AdOps Exception: Connect.search未能检索到任何信息当前账号可能被排除在<SEARCH_FILTER>之外,请联系管理员处理。"
except Exception as e:
return False, "AdOps Exception: {}".format(e)
@decorator_logger(logger, log_head='AdOps', pretty=True, indent=2, verbose=1)
def ad_get_user_dn_by_account(self, username):
"""
通过username查询某个用户的完整DN
:param username:
:return: DN
"""
try:
self.__conn()
self.conn.search(BASE_DN, SEARCH_FILTER.format(username),
attributes=['distinguishedName'])
return True, str(self.conn.entries[0]['distinguishedName'])
except IndexError:
logger.error("AdOps Exception: Connect.search未能检索到任何信息当前账号可能被排除在<SEARCH_FILTER>之外,请联系管理员处理。")
logger.error("self.conn.search(BASE_DN, {}, attributes=['distinguishedName'])".format(SEARCH_FILTER.format(username)))
return False, "AdOps Exception: Connect.search未能检索到任何信息当前账号可能被排除在<SEARCH_FILTER>之外,请联系管理员处理。"
except Exception as e:
logger.error("AdOps Exception: {}".format(e))
return False, "AdOps Exception: {}".format(e)
@decorator_logger(logger, log_head='AdOps', pretty=True, indent=2, verbose=1)
def ad_get_user_status_by_account(self, username):
"""
通过username查询某个用户的账号状态
:param username:
:return: user_account_control code
"""
try:
self.__conn()
self.conn.search(BASE_DN, SEARCH_FILTER.format(username), attributes=['userAccountControl'])
return True, self.conn.entries[0]['userAccountControl']
except IndexError:
logger.error("AdOps Exception: Connect.search未能检索到任何信息当前账号可能被排除在<SEARCH_FILTER>之外,请联系管理员处理。")
logger.error("self.conn.search({}, {}, attributes=['userAccountControl'])".format(BASE_DN, SEARCH_FILTER.format(username)))
logger.info("self.conn.entries -- {}".format(self.conn.entries))
return False, "AdOps Exception: Connect.search未能检索到任何信息当前账号可能被排除在<SEARCH_FILTER>之外,请联系管理员处理。"
except Exception as e:
logger.error("AdOps Exception: {}".format(e))
return False, "AdOps Exception: {}".format(e)
@decorator_logger(logger, log_head='AdOps', pretty=True, indent=2, verbose=1)
def ad_unlock_user_by_account(self, username):
"""
通过username解锁某个用户
:param username:
:return:
"""
_status, user_dn = self.ad_get_user_dn_by_account(username)
if _status:
try:
return True, self.conn.extend.microsoft.unlock_account(user='%s' % user_dn)
except IndexError:
return False, "AdOps Exception: Connect.search未能检索到任何信息当前账号可能被排除在<SEARCH_FILTER>之外,请联系管理员处理。"
except Exception as e:
logger.error("AdOps Exception: {}".format(e))
return False, "AdOps Exception: {}".format(e)
else:
return False, user_dn
@decorator_logger(logger, log_head='AdOps', pretty=True, indent=2, verbose=1)
def ad_reset_user_pwd_by_account(self, username, new_password):
"""
重置某个用户的密码
:param username:
:return:
"""
_status, user_dn = self.ad_get_user_dn_by_account(username)
if _status:
if self.conn.check_names:
user_dn = safe_dn(user_dn)
encoded_new_password = ('"%s"' % new_password).encode('utf-16-le')
result = self.conn.modify(user_dn,
{'unicodePwd': [(MODIFY_REPLACE, [encoded_new_password])]},
)
if not self.conn.strategy.sync:
_, result = self.conn.get_response(result)
else:
if self.conn.strategy.thread_safe:
_, result, _, _ = result
else:
result = self.conn.result
# change successful, returns True
if result['result'] == RESULT_SUCCESS:
return True, '密码己修改成功,请妥善保管!'
# change was not successful, raises exception if raise_exception = True in connection or returns the operation result, error code is in result['result']
if self.conn.raise_exceptions:
from ldap3.core.exceptions import LDAPOperationResult
_msg = LDAPOperationResult(result=result['result'], description=result['description'], dn=result['dn'],
message=result['message'],
response_type=result['type'])
return False, _msg
return False, result['result']
else:
return False, user_dn
@decorator_logger(logger, log_head='AdOps', pretty=True, indent=2, verbose=1)
def ad_get_user_locked_status_by_account(self, username):
"""
通过username获取某个用户账号是否被锁定
:param username:
:return: 如果结果是1601-01-01说明账号未锁定返回0
"""
try:
self.__conn()
self.conn.search(BASE_DN, SEARCH_FILTER.format(username),
attributes=['lockoutTime'])
locked_status = self.conn.entries[0]['lockoutTime']
if '1601-01-01' in str(locked_status):
return True, 'unlocked'
else:
return False, locked_status
except IndexError:
return False, "AdOps Exception: Connect.search未能检索到任何信息当前账号可能被排除在<SEARCH_FILTER>之外,请联系管理员处理。"
except Exception as e:
return False, "AdOps Exception: {}".format(e)

Some files were not shown because too many files have changed in this diff Show More