auto-install.sh

@@ -1,33 +1,7 @@
 #!/bin/bash
+echo -e "此脚本为快速部署，目前只做了Centos版本的，如果是其它系统请自行修改下相关命令\n请准备一个新的环境运行\n本脚本会快速安装相关的环境和所需要的服务\n如果你运行脚本的服务器中已经存在如：Nginx、Python3等，可能会破坏掉原有的应用配置。"
 
-SCRIPT=$(readlink -f $0)
-CWD=$(dirname ${SCRIPT})
-mkdir -p ${CWD}/.status
-os_distro=''
-os_version=''
-get_selinux=''
-gen_password=$(echo "$(hostname)$(date)" |base64 |cut -b 1-24)
-
-function get_os_basic_info() {
-    if [[ -f /etc/lsb-release ]]; then
-        os_distro=$(lsb_release -d |awk '{print $2}')
-        os_version=$(lsb_release -d -s |awk '{print $2}')
-        os_version_prefix=$(echo ${os_version} |cut -b 1-2)
-    elif [[ -f /etc/redhat-release ]]; then
-        os_distro=$(cat /etc/redhat-release |awk '{print $1}')
-        os_version=$(cat /etc/redhat-release |awk '{print $4}')
-        os_version_prefix=$(echo ${os_version} |cut -b 1)
-        get_selinux=$(getenforce)
-        if [[ ${get_selinux} =~ enforcing|Enforcing ]];then
-            echo "请先禁用SELINUX~~! ..."
-            exit 1
-        fi
-    else
-        echo "不能识别的操作系统，请选择使用Ubuntu或Centos! ..."
-        exit 1
-    fi
-}
-
+##Check IP
 function check_ip() {
     local IP=$1
     VALID_CHECK=$(echo $IP|awk -F. '$1<=255&&$2<=255&&$3<=255&&$4<=255{print "yes"}')
@@ -42,6 +16,7 @@ function check_ip() {
     fi
 }
 
+##Check domain
 function check_domain() {
     local DOMAIN=$1
     if echo $DOMAIN |grep -P "(?=^.{4,253}$)(^(?:[a-zA-Z0-9](?:(?:[a-zA-Z0-9\-]){0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$)" >/dev/null; then
@@ -51,6 +26,7 @@ function check_domain() {
     fi
 }
 
+##Check Port
 function check_port() {
     local PORT=$1
     VALID_CHECK=$(echo $PORT|awk '$1<=65535&&$1>=1{print "yes"}')
@@ -65,46 +41,11 @@ function check_port() {
     fi
 }
 
-function safe_installer() {
-    local _run_cmd="$@"
-    if [[ ${os_distro} =~ (CentOS|Redhat) ]]; then
-        sudo yum makecache
-        sudo yum install -y ${_run_cmd}
-    elif [[ ${os_distro} =~ (Ubuntu|Debian) ]]; then
-        sudo apt-get update
-        sudo apt-get install -y ${_run_cmd}
-    else
-        echo "未适配的操作系统 ${os_distro}"
-        exit 1
-    fi
-    if [[ $? -ne 0 ]]; then
-        echo "安装 [${_run_cmd}] 失败"
-        exit 1
-    fi
-}
-
-check_status() {
-    local status=$1
-    if [[ ${status} -ne 0 ]]; then
-        echo "出现错误，请检查后再试 ..."
-        exit 1
-    fi
-}
-
-get_os_basic_info
-echo "============================================================================="
-echo "  此脚本为快速部署，支持[Ubuntu, Debian, Centos]
-  请准备一个新的环境运行,本脚本会快速安装相关的环境和所需要的服务
-  如果你运行脚本的服务器中已经存在如：Nginx、Python3等，可能会破坏掉原有的应用配置"
-echo "  当前目录：${CWD}"
-echo "  操作系统发行版本：${os_distro}, 系统版本：${os_version} ..."
-echo "============================================================================="
-
 while :; do echo
-    echo "请确认你此台服务器是全新干净的，以防此脚本相关操作对正在运行的服务造成影响（不可逆） ..."
+    echo "请确认你此台服务器是全新干净的，以防此脚本相关操作对正在运行的服务造成影响（不可逆）。"
     read -p "请确认是否继续执行，输入 [y/n]: " ensure_yn
     if [[ ! "${ensure_yn}" =~ ^[y,n]$ ]]; then
-      echo "输入有误，请输入 y 或 n ..."
+      echo "输入有误，请输入 y 或 n"
     else
       break
     fi
@@ -114,282 +55,173 @@ if [[ "${ensure_yn}" = n ]]; then
     exit 0
 fi
 
-
+echo "======================================================================="
 while :; do echo
     read -p "请输入密码自助平台使用的本机IP: " PWD_SELF_SERVICE_IP
-    check_ip "${PWD_SELF_SERVICE_IP}"
+    check_ip ${PWD_SELF_SERVICE_IP}
     if [[ $? -ne 0 ]]; then
-      echo "---输入的IP地址格式有误，请重新输入 ..."
+      echo "---输入的IP地址格式有误，请重新输入。"
     else
       break
     fi
 done
 
+echo "======================================================================="
 while :; do echo
-    read -p "请输入密码自助平台使用的端口(不要和Nginx[80]一样): " PWD_SELF_SERVICE_PORT
-    check_port "${PWD_SELF_SERVICE_PORT}"
+    read -p "请输入密码自助平台使用的端口: " PWD_SELF_SERVICE_PORT
+    check_port ${PWD_SELF_SERVICE_PORT}
     if [[ $? -ne 0 ]]; then
-      echo "---输入的端口有误，请重新输入 ..."
+      echo "---输入的端口有误，请重新输入。"
     else
       break
     fi
 done
 
+echo "======================================================================="
 while :; do echo
-    read -p "请输入密码自助平台使用域名，例如：pwd.abc.com（不需要加http://或https://） " PWD_SELF_SERVICE_DOMAIN
-    check_domain "${PWD_SELF_SERVICE_DOMAIN}"
+    read -p "请输入密码自助平台使用域名，例如：pwd.abc.com: " PWD_SELF_SERVICE_DOMAIN
+    check_domain ${PWD_SELF_SERVICE_DOMAIN}
     if [[ $? -ne 0 ]]; then
-      echo "---输入的域名格式有误，请重新输入 ..."
+      echo "---输入的域名格式有误，请重新输入。"
     else
       break
     fi
 done
 
-echo
-echo "==============================================="
-echo "开始部署 ..."
+##当前脚本的绝对路径
+SHELL_FOLDER=$(dirname $(readlink -f "$0"))
 
-if [[ ! -f "${CWD}/.status/.init_repo.Done" ]]; then
-    echo "处理源配置，改成国内源 ..."
-    if [[ ${os_distro} =~ (CentOS|Centos) ]]; then
-        if [[ ${os_version_prefix} -lt 9 ]];then
-            sudo cp -a /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.$(date '+%Y%m%d%H%M%S')
-            rm -f /etc/yum.repos.d/CentOS-Base.repo
-            cp -a ${CWD}/conf/CentOS-${os_version_prefix}-reg.repo /etc/yum.repos.d/CentOS-Base.repo
-            check_status $?
-            sudo yum makecache
-            sudo yum install --nogpgcheck -y epel-release
-            sed -i "s/#baseurl/baseurl/g" /etc/yum.repos.d/epel.repo
-            sed -i "s/metalink/#metalink/g" /etc/yum.repos.d/epel.repo
-            sed -i "s@https\?://download.fedoraproject.org/pub@https://repo.huaweicloud.com@g" /etc/yum.repos.d/epel.repo
-            check_status $?
-        fi
-    fi
-    if [[ ${os_distro} =~ (Ubuntu|ubuntu) ]]; then
-        sudo cp -a /etc/apt/sources.list /etc/apt/sources.list.bak
-        sudo sed -i "s@http://.*archive.ubuntu.com@http://repo.huaweicloud.com@g" /etc/apt/sources.list
-        sudo sed -i "s@http://.*security.ubuntu.com@http://repo.huaweicloud.com@g" /etc/apt/sources.list
-        check_status $?
-    fi
-    if [[ ${os_distro} =~ (Debian|debian) ]]; then
-        sudo cp -a /etc/apt/sources.list /etc/apt/sources.list.bak
-        sed -i "s@http://ftp.debian.org@https://repo.huaweicloud.com@g" /etc/apt/sources.list
-        sed -i "s@http://security.debian.org@https://repo.huaweicloud.com@g" /etc/apt/sources.list
-        check_status $?
-    fi
-    touch "${CWD}/.status/.init_repo.Done"
-fi
+echo "关闭SELINUX"
+sudo setenforce 0
+sudo sed -i 's@SELINUX=*@SELINUX=disabled@g' /etc/selinux/config
+echo "DONE....."
+echo "关闭防火墙"
+sudo systemctl disable firewalld
+sudo systemctl stop firewalld
+echo "DONE....."
 
-if [[ ! -f "${CWD}/.status/.init_package.Done" ]]; then
-    echo "初始化依赖包 ..."
-    if [[ ${os_distro} =~ (CentOS|Redhat) ]]; then
-        sudo yum-complete-transaction --cleanup-only
-        sudo yum makecache
-        sudo yum install --nogpgcheck -y @development zlib-devel bzip2 bzip2-devel readline-devel \
-    sqlite-devel openssl-devel xz-devel libffi-devel ncurses-devel readline-devel tk-devel \
-    libpcap-devel findutils wget nginx tar initscripts
-    elif [[ ${os_distro} =~ (Ubuntu|Debian) ]]; then
-        sudo apt-get install apt-transport-https ca-certificates -y
-        sudo apt-get update
-        sudo apt-get install -y make build-essential libssl-dev zlib1g-dev libbz2-dev \
-    libreadline-dev libsqlite3-dev llvm libncurses5-dev libncursesw5-dev \
-    xz-utils tk-dev libffi-dev liblzma-dev python-openssl wget nginx tar initscripts
-    fi
-    if [[ $? -eq 0 ]]; then
-        echo "初始化依赖包完成 ..."
-        touch ${CWD}/.status/.init_package.Done
-    else
-        echo "初始化依赖包失败 ..."
-        exit 1
-    fi
-fi
+echo "初始化编译环境----------"
+sudo yum install gcc patch libffi-devel python-devel zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel wget psmisc -y
+echo "======================================================================="
+echo "初始化编译环境完成"
+echo "======================================================================="
 
-if [[ ! -f "${CWD}/.status/.redis.Done" ]]; then
-    safe_installer redis
-    if [[ $? -eq 0 ]]; then
-        if [[ -f /etc/redis.conf ]]; then
-            REDIS_CONF=/etc/redis.conf
-        else
-            REDIS_CONF=/etc/redis/redis.conf
-        fi
-        sed -i 's@^requirepass.*@@g' ${REDIS_CONF}
-        sed -i "/# requirepass foobared/a requirepass ${gen_password}" ${REDIS_CONF}
-        sed -i "s@REDIS_PASSWORD.*@REDIS_PASSWORD = r'${gen_password}'@g" ${CWD}/conf/local_settings.py
-        touch ${CWD}/.status/.redis.Done
-        echo "${gen_password}" >${CWD}/.status/.redis.Done
-        echo "安装 redis-server 成功"
-    else
-        echo "安装 redis-server 失败，请重新运行本脚本再试"
-    fi
-else
-    gen_password=$(cat ${CWD}/.status/.redis.Done)
-fi
-
-redis_service=''
-if [[ -f /usr/lib/systemd/system/redis.service ]];then
-    redis_service=redis
-elif [[ -f /usr/lib/systemd/system/redis-server.service ]]; then
-    redis_service='redis-server'
-fi
-
-if [[ -z ${redis_service} ]]; then
-    echo "Redis服务名未能识别到，请自行手动重启本机的Redis服务 ..."
-else
-    rm -f /etc/nginx/conf.d/default.conf
-    rm -f /etc/nginx/sites-enabled/default.conf
-    systemctl restart ${redis_service}
-fi
-
-NGINX_USER=$(grep -E '^user' /etc/nginx/nginx.conf |sed 's@user @@g' |sed 's@;@@g' |awk '{print $1}')
-
-cat <<'EOF' >/etc/nginx/nginx.conf
-worker_processes auto;
-pid /run/nginx.pid;
-
-events {
-    use epoll;
-    worker_connections 2048;
-}
-
-http {
-    include mime.types;
-    default_type application/octet-stream;
-    server_tokens off;
-    client_header_buffer_size 16k;
-    client_body_buffer_size 128k;
-    keepalive_timeout 65;
-    keepalive_requests 120;
-    sendfile on;
-    tcp_nodelay on;
-    tcp_nopush on;
-    charset utf-8;
-    autoindex off;
-    # gzip
-    gzip on;
-    gzip_min_length 1k;
-    gzip_buffers 4 16k;
-    gzip_comp_level 3;
-    gzip_disable "MSIE [1-6]\.";
-    gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png application/json;
-    gzip_vary on;
-    gzip_static on;
-    # upload file
-    client_max_body_size 0;
-    proxy_buffering off;
-    proxy_send_timeout 10m;
-    proxy_read_timeout 10m;
-    proxy_connect_timeout 10m;
-    proxy_request_buffering off;
-    # log
-    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
-                    '$status $body_bytes_sent "$http_referer" '
-                    '"$http_user_agent" "$http_x_forwarded_for"';
-    access_log /var/log/nginx/access.log;
-    # config file
-    include /etc/nginx/conf.d/*.conf;
-    include /etc/nginx/sites-enabled/*.conf;
-}
+##Quick install nginx
+echo "======================================================================="
+echo "安装 Nginx"
+sudo cat << EOF > /etc/yum.repos.d/nginx.repo
+[nginx-stable]
+name=nginx stable repo
+baseurl=http://nginx.org/packages/centos/7/\$basearch/
+gpgcheck=1
+enabled=1
+gpgkey=https://nginx.org/keys/nginx_signing.key
+module_hotfixes=true
 EOF
-sed -i "1i\user ${NGINX_USER};" /etc/nginx/nginx.conf
 
-PYTHON_VER='3.8.16'
-PYTHON_INSTALL_DIR=/usr/share/python-${PYTHON_VER}
-PYTHON_VENV_DIR=${CWD}/pwd_venv
+sudo yum makecache fast
+sudo yum install nginx -y
 
-if [[ -f "${CWD}/.status/.python3.Done" ]];then
-    echo "Python3己部署，跳过 ..."
+if [[ $? -eq 0 ]]
+then
+  sudo systemctl enable nginx
+  sudo systemctl start nginx
+  echo "======================================================================="
+  echo "nginx 安装成功！"
+  echo "======================================================================="
 else
-    if [[ -f "${CWD}/Python-${PYTHON_VER}.tar.xz" ]] && [[ -f "${CWD}/python.${PYTHON_VER}.md5" ]]; then
-        python3_md5=$(md5sum "${CWD}/Python-${PYTHON_VER}.tar.xz" |awk '{print $1}')
-        python3_md5_record=$(cat ${CWD}/python.${PYTHON_VER}.md5)
-        if [[ x"${python3_md5}" != x"${python3_md5_record}" ]]; then
-            rm -f "${CWD}/Python-${PYTHON_VER}.tar.xz"
-            rm -f "${CWD}/python.${PYTHON_VER}.md5"
-        fi
-    else
-        echo "无Python${PYTHON_VER}.tar.xz，执行下载python ${PYTHON_VER} ..."
-        rm -f "${CWD}/Python-${PYTHON_VER}.tar.xz"
-
-        sudo wget -c -t 10 -T 120 https://repo.huaweicloud.com/python/${PYTHON_VER}/Python-${PYTHON_VER}.tar.xz -O ${CWD}/Python-${PYTHON_VER}.tar.xz
-
-        md5sum "${CWD}/Python-${PYTHON_VER}.tar.xz" |awk '{print $1}' > ${CWD}/python.${PYTHON_VER}.md5
-        if [[ $? -ne 0 ]]; then
-            echo "下载${PYTHON_VER}/Python-${PYTHON_VER}.tar.xz失败，请重新运行本脚本再次重试 ..."
+  echo "======================================================================="
+  echo "nginx 安装失败！"
+  echo "======================================================================="
   exit 1
-        fi
-    fi
-    echo "执行安装Python${PYTHON_VER} ..."
-    tar xf ${CWD}/Python-${PYTHON_VER}.tar.xz -C ${CWD}/
-    cd "${CWD}/Python-${PYTHON_VER}" || exit 1
-    sudo ./configure --prefix=${PYTHON_INSTALL_DIR} && make && make install
+fi
 
-    if [[ $? -eq 0 ]]; then
-      echo "创建python虚拟环境 -> ${PYTHON_VENV_DIR} ..."
-      rm -rf "${PYTHON_VENV_DIR}"
-      ${PYTHON_INSTALL_DIR}/bin/python3 -m venv --copies "${PYTHON_VENV_DIR}"
-      touch ${CWD}/.status/.python3.Done
-      echo "Python3 安装成功 ..."
+##install python3
+##如果之前用此脚本安装过python3，后续就不会再次安装。
+python_ver='3.8.9'
+if [[ -f "/usr/share/python-${python_ver}/bin/python3" ]]
+then
+    echo "己发现Python3，将不会安装。"
+else
+    if [[ -f "Python-${python_ver}.tar.xz" ]]
+    then
+        echo "将安装Python${python_ver}"
+        tar xf Python-${python_ver}.tar.xz
+        cd Python-${python_ver}
+        sudo ./configure --prefix=/usr/share/python-${python_ver} && make && make install
     else
-      echo "Python3 安装失败，请重试 ..."
+        echo "脚本目录下没有发现Python${python_ver}.tar.xz，将会下载python ${python_ver}"
+        sudo wget https://www.python.org/ftp/python/${python_ver}/Python-${python_ver}.tar.xz
+        tar xf Python-${python_ver}.tar.xz
+        cd Python-${python_ver}
+        sudo ./configure --prefix=/usr/share/python-${python_ver} && make && make install
+    fi
+
+    if [[ $? -eq 0 ]]
+    then
+      echo "创建python3和pip3的软件链接"
+      cd ${SHELL_FOLDER}
+      sudo ln -svf /usr/share/python-${python_ver}/bin/python3 /usr/bin/python3
+      sudo ln -svf /usr/share/python-${python_ver}/bin/pip3 /usr/bin/pip3
+      echo "======================================================================="
+      echo "Python3 安装成功！"
+      echo "======================================================================="
+    else
+      echo "======================================================================="
+      echo "Python3 安装失败！"
+      echo "======================================================================="
       exit 1
     fi
 fi
 
+
 ##修改PIP源为国内
 mkdir -p ~/.pip
-cat <<'EOF' > ~/.pip/pip.conf
+cat << EOF > ~/.pip/pip.conf
 [global]
-index-url=https://pypi.tuna.tsinghua.edu.cn/simple
+index-url = https://pypi.tuna.tsinghua.edu.cn/simple
 [install]
 trusted-host=pypi.tuna.tsinghua.edu.cn
 EOF
 
-if [[ ! -f "${CWD}/.status/.pip3.Done" ]]; then
-    echo "部署pip依赖 ..."
-    ${PYTHON_VENV_DIR}/bin/pip3 install --upgrade pip
-    ${PYTHON_VENV_DIR}/bin/pip3 install wheel setuptools
-    ${PYTHON_VENV_DIR}/bin/pip3 install -r ${CWD}/requirement
-    if [[ $? -eq 0 ]]; then
-        touch ${CWD}/.status/.pip3.Done
-        echo "Pip3 Requirement 安装成功 ..."
-    else
-        echo "Pip3 Requirement 安装失败 ..."
+cd ${SHELL_FOLDER}
+echo "====升级pip================"
+/usr/bin/pip3 install --upgrade pip
+/usr/bin/pip3 install -r requestment
+
+if [[ $? -eq 0 ]]
+then
+  echo "======================================================================="
+  echo "Pip3 requestment 安装成功！"
+  echo "======================================================================="
+else
+  echo "======================================================================="
+  echo "Pip3 requestment 安装失败！"
+  echo "======================================================================="
   exit 1
-    fi
 fi
 
 ##处理配置文件
-echo "处理uwsgi.ini配置文件 ..."
-CPU_NUM=$(cat /proc/cpuinfo | grep processor | wc -l)
-sed -i "s@CPU_NUM@${CPU_NUM}@g" ${CWD}/uwsgi.ini
-sed -i "s@PYTHON_VENV_DIR@${PYTHON_VENV_DIR}@g" ${CWD}/uwsgi.ini
-sed -i "s@PWD_SELF_SERVICE_HOME@${CWD}@g" ${CWD}/uwsgi.ini
-sed -i "s@PWD_SELF_SERVICE_IP@${PWD_SELF_SERVICE_IP}@g" ${CWD}/uwsgi.ini
-sed -i "s@PWD_SELF_SERVICE_PORT@${PWD_SELF_SERVICE_PORT}@g" ${CWD}/uwsgi.ini
-echo "处理uwsgi.ini配置文件完成 ..."
+echo "======================================================================="
+echo "处理uwsgi.ini配置文件"
+sed -i "s@PWD_SELF_SERVICE_HOME@${SHELL_FOLDER}@g" ${SHELL_FOLDER}/uwsgi.ini
+sed -i "s@PWD_SELF_SERVICE_IP@${PWD_SELF_SERVICE_IP}@g" ${SHELL_FOLDER}/uwsgi.ini
+sed -i "s@PWD_SELF_SERVICE_PORT@${PWD_SELF_SERVICE_PORT}@g" ${SHELL_FOLDER}/uwsgi.ini
+echo "处理uwsgi.ini配置文件完成"
 echo
-echo "处理uwsgiserver启动脚本 ..."
-sed -i "s@PWD_SELF_SERVICE_HOME@${CWD}@g" ${CWD}/uwsgiserver
-sed -i "s@PYTHON_VENV_DIR@${PYTHON_VENV_DIR}@g" ${CWD}/uwsgiserver
-
+echo "处理uwsgiserver启动脚本"
+sed -i "s@PWD_SELF_SERVICE_HOME@${SHELL_FOLDER}@g" ${SHELL_FOLDER}/uwsgiserver
 alias cp='cp'
-
-cp -rfp ${CWD}/uwsgiserver /etc/init.d/uwsgiserver
-
+cp -f ${SHELL_FOLDER}/uwsgiserver /etc/init.d/uwsgiserver
 chmod +x /etc/init.d/uwsgiserver
-
-systemctl daemon-reload
-
-systemctl enable uwsgiserver
-
-echo "处理uwsgiserver启动脚本完成 ..."
+chkconfig uwsgiserver on
+echo "处理uwsgiserver启动脚本完成"
 echo
 
-sed -i "s@PWD_SELF_SERVICE_DOMAIN@${PWD_SELF_SERVICE_DOMAIN}@g" ${CWD}/conf/local_settings.py
+sed -i "s@PWD_SELF_SERVICE_DOMAIN@${PWD_SELF_SERVICE_DOMAIN}@g" ${SHELL_FOLDER}/conf/local_settings.py
 
 ##Nginx vhost配置
-mkdir -p /etc/nginx/conf.d
-cat <<EOF >/etc/nginx/conf.d/pwdselfservice.conf
+cat << EOF > /etc/nginx/conf.d/pwdselfservice.conf
 server {
     listen  80;
     server_name ${PWD_SELF_SERVICE_DOMAIN} ${PWD_SELF_SERVICE_IP};
@@ -404,22 +236,20 @@ server {
 	access_log off;
 }
 EOF
-
-systemctl start nginx
-
-systemctl start uwsgiserver
+rm -f /etc/nginx/conf.d/default.conf
+systemctl restart nginx
 
 echo
+echo "======================================================================="
 echo
-echo "密码自助服务平台的访问地址是：http://${PWD_SELF_SERVICE_DOMAIN}或http://${PWD_SELF_SERVICE_IP} ..."
-echo "请确保以上域名能正常解析，否则使用域名无法访问 ..."
-echo "如果本机防火墙是开启状态，请自行放行端口: [80, ${PWD_SELF_SERVICE_PORT}]"
+echo "密码自助服务平台的访问地址是：http://${PWD_SELF_SERVICE_DOMAIN}或http://${PWD_SELF_SERVICE_IP}"
+echo "请确保以上域名能正常解析，否则使用域名无法访问。"
 echo
-echo "Uwsgi启动：/etc/init.d/uwsgiserver start ..."
-echo "Uwsgi停止：/etc/init.d/uwsgiserver stop ..."
-echo "Uwsgi重启：/etc/init.d/uwsgiserver restart ..."
+echo "Uwsgi启动：/etc/init.d/uwsgi start"
+echo "Uwsgi停止：/etc/init.d/uwsgi stop"
+echo "Uwsgi重启：/etc/init.d/uwsgi restart"
 echo
-echo "Redis Server密码是：${gen_password}，可在${REDIS_CONF}中查到 ..."
 echo
-echo "文件${CWD}/conf/local_setting.py中配置参数请自行确认下是否完整 ..."
+echo "文件${SHELL_FOLDER}/conf/local_setting.py中配置参数请自动确认下是否完整"
 echo
+echo "======================================================================="

conf/CentOS-7-reg.repo

@@ -1,43 +0,0 @@
-# CentOS-Base.repo
-#
-# The mirror system uses the connecting IP address of the client and the
-# update status of each mirror to pick mirrors that are updated to and
-# geographically close to the client.  You should use this for CentOS updates
-# unless you are manually picking other mirrors.
-#
-# If the mirrorlist= does not work for you, as a fall back you can try the 
-# remarked out baseurl= line instead.
-#
-#
- 
-[base]
-name=CentOS-$releasever - Base - repo.huaweicloud.com
-baseurl=https://repo.huaweicloud.com/centos/$releasever/os/$basearch/
-#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
-gpgcheck=1
-gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-7
- 
-#released updates 
-[updates]
-name=CentOS-$releasever - Updates - repo.huaweicloud.com
-baseurl=https://repo.huaweicloud.com/centos/$releasever/updates/$basearch/
-#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
-gpgcheck=1
-gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-7
- 
-#additional packages that may be useful
-[extras]
-name=CentOS-$releasever - Extras - repo.huaweicloud.com
-baseurl=https://repo.huaweicloud.com/centos/$releasever/extras/$basearch/
-#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
-gpgcheck=1
-gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-7
- 
-#additional packages that extend functionality of existing packages
-[centosplus]
-name=CentOS-$releasever - Plus - repo.huaweicloud.com
-baseurl=https://repo.huaweicloud.com/centos/$releasever/centosplus/$basearch/
-#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
-gpgcheck=1
-enabled=0
-gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-7

conf/CentOS-8-reg.repo

@@ -1,52 +0,0 @@
-# CentOS-Base.repo
-#
-# The mirror system uses the connecting IP address of the client and the
-# update status of each mirror to pick mirrors that are updated to and
-# geographically close to the client.  You should use this for CentOS updates
-# unless you are manually picking other mirrors.
-#
-# If the mirrorlist= does not work for you, as a fall back you can try the 
-# remarked out baseurl= line instead.
-#
-#
- 
-[BaseOS]
-name=CentOS-$releasever - Base - repo.huaweicloud.com
-baseurl=https://repo.huaweicloud.com/centos-vault/8.5.2111/BaseOS/$basearch/os/
-#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=BaseOS&infra=$infra
-gpgcheck=1
-gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-Official
- 
-#released updates 
-[AppStream]
-name=CentOS-$releasever - AppStream - repo.huaweicloud.com
-baseurl=https://repo.huaweicloud.com/centos-vault/8.5.2111/AppStream/$basearch/os/
-#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=AppStream&infra=$infra
-gpgcheck=1
-gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-Official
-
-[PowerTools]
-name=CentOS-$releasever - PowerTools - repo.huaweicloud.com
-baseurl=https://repo.huaweicloud.com/centos-vault/8.5.2111/PowerTools/$basearch/os/
-#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=PowerTools&infra=$infra
-gpgcheck=1
-gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-Official
-
-
-#additional packages that may be useful
-[extras]
-name=CentOS-$releasever - Extras - repo.huaweicloud.com
-baseurl=https://repo.huaweicloud.com/centos-vault/8.5.2111/extras/$basearch/os/
-#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
-gpgcheck=1
-gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-Official
-
-
-#additional packages that extend functionality of existing packages
-[centosplus]
-name=CentOS-$releasever - Plus - repo.huaweicloud.com
-baseurl=https://repo.huaweicloud.com/centos-vault/8.5.2111/centosplus/$basearch/os/
-#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
-gpgcheck=1
-enabled=0
-gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-Official

conf/local_settings.py

@@ -1,47 +1,34 @@
-
-# ##########################################################################
-#  字符串前面的格式编码不要去掉了，主要是为了解决特殊字符被转义的问题。  #
-# ##########################################################################
-
 # ########## AD配置，修改为自己的
 # AD主机，可以是IP或主机域名，例如可以是: abc.com或172.16.122.1
-LDAP_HOST = r'修改成自己的'
+AD_HOST = r'修改成自己的'
 
-# AD域控的DOMAIN，例如：比如你的域名是abc.com，那么这里的LDAP_DOMAIN就是：abc
-# NTLM认证必须是domain\username
-LDAP_DOMAIN = r'修改成自己的'
+# AD域控的DOMAIN名，例如：abc
+AD_DOMAIN = r'修改成自己的'
 
 # 用于登录AD做用户信息处理的账号，需要有修改用户账号密码或信息的权限。
 # AD账号，例如：pwdadmin
-LDAP_LOGIN_USER = r'修改成自己的'
+AD_LOGIN_USER = r'修改成自己的'
 # 密码
-LDAP_LOGIN_USER_PWD = r'修改为自己的'
+AD_LOGIN_USER_PWD = r'修改为自己的'
 
 # BASE DN，账号的查找DN路径，例如：'DC=abc,DC=com'，可以指定到OU之下，例如：'OU=RD,DC=abc,DC=com'。
-# BASE_DN限制得越细，搜索用户的目录也就越小，一般情况下可以通过SEARCH_FILTER来过滤
 BASE_DN = r'修改成自己的'
 
-# ldap的search_filter，如果需要修改，请保持用户账号部分为 点位符{0} (代码中通过占位符引入账号)
-# 例如，AD的用户账号属性是sAMAccountName，那么匹配的账号请配置成sAMAccountName={0}
-#       LDAP中用户账号属性可能是uuid，那么匹配的账号请配置成uuid={0}
-#       如果想限制用户在哪个组的才能使用，可以写成这样：
-#       r'(&(objectClass=user)(memberof=CN=mis,OU=Groups,OU=OnTheJob,DC=abc,DC=com)(sAMAccountName={0}))', memberof 是需要匹配的组
-# 默认配置是AD环境的，查询语句可以自行使用Apache Directory Studio测试后再配置
-SEARCH_FILTER = r'(&(objectclass=user)(sAMAccountName={0}))'
-
 # 是否启用SSL,
-# 注意：AD中必须使用SSL才能修改密码（这里被坑了N久...）,自行部署下AD的证书服务，并颁发CA证书，重启服务器生效。具体教程百度一下，有很多。
-# 如果使用Openldap，这里根据实际情况调整
-LDAP_USE_SSL = True
+# 注意：AD必须使用SSL才能修改密码（这里被坑了N久...）,自行部署下AD的证书服务，并颁发CA证书，重启服务器生效。具体教程百度一下，有很多。
+AD_USE_SSL = True
 # 连接的端口，如果启用SSL默认是636，否则就是389
-LDAP_CONN_PORT = 636
+AD_CONN_PORT = 636
 
-# 验证的类型
+# 扫码验证的类型
 #       钉钉 / 企业微信，自行修改
 # 值是：DING /  WEWORK
-INTEGRATION_APP_TYPE = 'WEWORK'
+SCAN_CODE_TYPE = 'DING'
+
+# ########## 钉钉 《如果不使用钉钉扫码，可不用配置》##########
+# 钉钉接口主地址，不可修改
+DING_URL = r'https://oapi.dingtalk.com'
 
-# ########## 钉钉 《如果不使用钉钉，可不用配置》##########
 # 钉钉企业ID <CorpId>，修改为自己的
 DING_CORP_ID = '修改为自己的'
 
@@ -55,7 +42,7 @@ DING_MO_APP_ID = r'修改为自己的'
 DING_MO_APP_SECRET = r'修改为自己的'
 
 
-# ####### 企业微信《如果不使用企业微信，可不用配置》 ##########
+# ####### 企业微信《如果不使用企业微信扫码，可不用配置》 ##########
 # 企业微信的企业ID
 WEWORK_CORP_ID = r'修改为自己的'
 # 应用的AgentId
@@ -63,12 +50,14 @@ WEWORK_AGENT_ID = r'修改为自己的'
 # 应用的Secret
 WEWORK_AGNET_SECRET = r'修改为自己的'
 
+# Redis配置
+# redis的连接地址，redis://<Ip/Host>:<Port>/<数据库>
+REDIS_LOCATION = r'redis://127.0.0.1:6379/1'
+REDIS_PASSWORD = r'12345678'
+
+# COOKIE超时时间，单位是秒，可不用修改
+TMPID_COOKIE_AGE = 300
+
 # 主页域名，钉钉跳转等需要指定域名，格式：pwd.abc.com。
 # 如果是自定义安装，请修改成自己的域名
 HOME_URL = 'PWD_SELF_SERVICE_DOMAIN'
-# 平台显示的标题
-TITLE = 'Self-Service'
-
-# ####### Redis ##########
-REDIS_LOCATION = r'127.0.0.1:6379'
-REDIS_PASSWORD = r'PWD_SELF_REDIS_PASSWORD'

pwdselfservice/__init__.py

@@ -1,22 +1,19 @@
 import datetime
-import sys
-import traceback
-import logging
+from cryptography.fernet import Fernet
 from django_redis import get_redis_connection
 from utils.storage.kvstorage import KvStorage
-
-logger = logging.getLogger(__name__)
+from utils.storage.memorystorage import MemoryStorage
 
 try:
     redis_conn = get_redis_connection()
     cache_storage = KvStorage(redis_conn)
-    cache_storage.set('test_redis_connection', str(datetime.datetime))
-    cache_storage.get('test_redis_connection')
-    cache_storage.delete('test_redis_connection')
-    logger.info("Redis连接成功，set/get/delete测试通过...")
+    cache_storage.set('redis_connection', str(datetime.datetime.now()))
+    redis_get = cache_storage.get('redis_connection')
+    # print("Redis连接成功，set/get测试通过--{}，Token缓存将使用Redis处理".format(redis_get))
 except Exception as e:
-    cache_storage = None
-    logger.error("Redis无法连接，请排查Redis配置...")
-    logger.error("{}".format(traceback.format_exc()))
-    sys.exit(1)
+    cache_storage = MemoryStorage()
+    print("Redis无法连接，Token缓存将使用MemoryStorage处理")
+    print("如果确定需要使用Redis作为缓存，请排查Redis配置，错误信息如下：")
+    print("Redis Exception: {}".format(e))
 
+crypto_key = Fernet.generate_key()

pwdselfservice/settings.py

@@ -1,14 +1,13 @@
-import logging.config
 import os
-from django.utils.log import DEFAULT_LOGGING
 
 APP_ENV = os.getenv('APP_ENV')
 if APP_ENV == 'dev':
+    from conf.local_settings_dev import REDIS_PASSWORD, REDIS_LOCATION
     DEBUG = True
-    from conf.local_settings_dev import REDIS_LOCATION, REDIS_PASSWORD
 else:
+    from conf.local_settings import REDIS_PASSWORD, REDIS_LOCATION
     DEBUG = False
-    from conf.local_settings import REDIS_LOCATION, REDIS_PASSWORD
+
 
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
@@ -20,55 +19,70 @@ ALLOWED_HOSTS = ['*']
 
 # 创建日志的路径
 LOG_PATH = os.path.join(BASE_DIR, 'log')
+# 如果地址不存在，则会自动创建log文件夹
 if not os.path.isdir(LOG_PATH):
     os.mkdir(LOG_PATH)
 
-# Disable Django's logging setup
-LOGGING_CONFIG = None
-
-LOGLEVEL = os.environ.get('LOGLEVEL', 'info').upper()
-
-logging.config.dictConfig({
+LOGGING = {
     'version': 1,
+    # 此选项开启表示禁用部分日志，不建议设置为True
     'disable_existing_loggers': False,
     'formatters': {
-        'default': {
-            # exact format is not important, this is the minimum information
-            "format": "%(asctime)s %(module)s %(levelname)s -%(thread)d- %(message)s"
+        'verbose': {
+            'format': '%(asctime)s %(levelname)s %(pathname)s %(module)s.%(funcName)s %(lineno)d: %(message)s'
+            # 日志格式
+        },
+        'simple': {
+            'format': '%(asctime)s %(levelname)s %(pathname)s %(module)s.%(funcName)s %(lineno)d: %(message)s'
+        },
+    },
+    'filters': {
+        'require_debug_true': {
+            # 过滤器，只有当setting的DEBUG = True时生效
+            '()': 'django.utils.log.RequireDebugTrue',
         },
-        'django.server': DEFAULT_LOGGING['formatters']['django.server'],
     },
     'handlers': {
-        # console logs to stderr
         'console': {
-            "level": "ERROR",
+            'level': 'DEBUG',
+            'filters': ['require_debug_true'],
             'class': 'logging.StreamHandler',
-            'formatter': 'default',
+            'formatter': 'verbose'
         },
         'file': {
-            'level': "DEBUG",
-            'class': 'logging.handlers.RotatingFileHandler',
-            'filename': os.path.join(LOG_PATH, "all.log"),
-            'formatter': 'default',
-            'maxBytes': 1024 * 1024 * 50,
-            'backupCount': 24,
-            'encoding': 'utf-8',
-        },
-        'django.server': DEFAULT_LOGGING['handlers']['django.server'],
+            'level': 'DEBUG',
+            'class': 'logging.FileHandler',
+            # 日志保存文件
+            'filename': '%s/log.log' % LOG_PATH,
+            # 日志格式，与上边的设置对应选择
+            'formatter': 'verbose'
+                }
     },
     'loggers': {
-        # default for all undefined Python modules
-        '': {
-            'level': LOGLEVEL,
-            'handlers': ['console', 'file'],
+        'django': {
+            # 日志记录器
+            'handlers': ['file'],
+            'level': 'DEBUG',
+            'propagate': True,
+        }
     },
-        # Default runserver request logging
-        'django.server': DEFAULT_LOGGING['loggers']['django.server'],
-    },
-})
+}
+
+
+# SESSION
+# 只有在settings.SESSION_SAVE_EVERY_REQUEST 为True时才有效
+SESSION_SAVE_EVERY_REQUEST = True
+# 过期时间分钟
+SESSION_COOKIE_AGE = 300
+# False 会话cookie可以在用户浏览器中保持有效期。True：关闭浏览器，则Cookie失效。
+SESSION_EXPIRE_AT_BROWSER_CLOSE = True
+# 建议配置，阻止 javascript 对会话数据的访问，提高安全性。
+# SESSION_COOKIE_HTTPONLY= True
 
 
 INSTALLED_APPS = [
+    # 'django.contrib.admin',
+    'django.contrib.auth',
     'django.contrib.contenttypes',
     'django.contrib.sessions',
     'django.contrib.messages',
@@ -76,12 +90,12 @@ INSTALLED_APPS = [
     'resetpwd',
 ]
 
-
 MIDDLEWARE = [
     'django.middleware.security.SecurityMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
+    'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
 ]
@@ -98,6 +112,7 @@ TEMPLATES = [
             'context_processors': [
                 'django.template.context_processors.debug',
                 'django.template.context_processors.request',
+                'django.contrib.auth.context_processors.auth',
                 'django.contrib.messages.context_processors.messages',
             ],
         },
@@ -106,10 +121,14 @@ TEMPLATES = [
 
 WSGI_APPLICATION = 'pwdselfservice.wsgi.application'
 
+# 514 66050是AD中账号被禁用的特定代码，这个可以在微软官网查到。
+# 可能不是太准确，如果使用者能确定还有其它状态码，可以自行在此处添加
+AD_ACCOUNT_DISABLE_CODE = [514, 66050]
+
 CACHES = {
     "default": {
         "BACKEND": "django_redis.cache.RedisCache",
-        "LOCATION": "redis://{}/1".format(REDIS_LOCATION),
+        "LOCATION": REDIS_LOCATION,
         "OPTIONS": {
             "CLIENT_CLASS": "django_redis.client.DefaultClient",
             "PASSWORD": REDIS_PASSWORD,
@@ -119,10 +138,6 @@ CACHES = {
     }
 }
 
-# 514 66050是AD中账号被禁用的特定代码，这个可以在微软官网查到。
-# 可能不是太准确，如果使用者能确定还有其它状态码，可以自行在此处添加
-AD_ACCOUNT_DISABLE_CODE = [514, 66050]
-
 AUTH_PASSWORD_VALIDATORS = [
     {
         'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',

pwdselfservice/urls.py

@@ -5,8 +5,8 @@ import resetpwd.views
 urlpatterns = {
     path("favicon.ico", RedirectView.as_view(url='static/img/favicon.ico')),
     path('', resetpwd.views.index, name='index'),
-    path('auth', resetpwd.views.auth, name='auth'),
-    path('resetPassword', resetpwd.views.reset_password, name='resetPassword'),
+    path('callbackCheck', resetpwd.views.callback_check, name='callbackCheck'),
+    path('resetPassword', resetpwd.views.reset_pwd_by_callback, name='resetPassword'),
     path('unlockAccount', resetpwd.views.unlock_account, name='unlockAccount'),
     path('messages', resetpwd.views.messages, name='messages'),
 }

pwdselfservice/wsgi.py

@@ -1,3 +1,12 @@
+"""
+WSGI config for pwdselfservice project.
+
+It exposes the WSGI callable as a module-level variable named ``application``.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/2.1/howto/deployment/wsgi/
+"""
+
 import os
 
 from django.core.wsgi import get_wsgi_application

readme.md

@@ -1,5 +1,5 @@
 ### 初学Django时碰到的一个需求，因为公司中很多员工在修改密码之后，有一些关联的客户端或网页中的旧密码没有更新，导致密码在尝试多次之后账号被锁，为了减少这种让人头疼的重置解锁密码的操蛋工作，自己做了一个自助修改小平台。  
-### 代码结构不咋样，但是能用，有需要的可以直接拿去用。
+### 水平有限，代码写得不好，但是能用，有需要的可以直接拿去用。
 #### 场景说明：
 因为本公司AD是早期已经在用，用户的个人信息不是十分全面，例如:用户手机号。  
 钉钉是后来才开始使用，钉钉默认是使用手机号登录。
@@ -7,12 +7,12 @@
 
 
 ### 逻辑：
->已经与之前不同，现在改成内嵌小应用，不再支持直接通过网页开始，之前的扫码方式有点多此一举的味道。
-
- ## <u>_**所能接受的账号规则**_ </u>
-无论是钉钉、微信，均是通过提取用户邮箱的前缀部分来作为关联AD的账号，所以目前的识别逻辑就需要保证邮箱的前缀和AD的登录账号是一致的。
-如果您的场景不是这样，请按自己的需求修改源代码适配。
+>用户扫码通过之后，通过临时授权码，提取用户的userid，再通过userid断用户在本企业中是否存在。如果存在，提取钉钉/企业微信用户的邮箱，通过邮箱转成账号，将账号拿到AD中进行比对来验证账号在AD中是否存在并账号状态是激活的。满足以上条件的账号就会视为可自行重置密码。
 
+### 代码提交到--新分支：
+```
+djaong3
+```
 
 ### 提示：
 ```
@@ -30,99 +30,143 @@ AD必须使用SSL才能修改密码（这里被坑了N久...）
 + 重写了用户账号的格式兼容，现在用户账号可以兼容：username、DOMAIN\username、username@abc.com这三种格式。
 + 优化了整体的代码逻辑，去掉一些冗余重复的代码。
 
+### 2021/05/19 -- 更新：
++ 添加了企业微信支持，修改pwdselfservice/local_settings.py中的SCAN_CODE_TYPE = 'DING'或SCAN_CODE_TYPE = 'WEWORK'，区分使用哪个应用扫码验证
++ 添加Reids缓存Token支持，如果不配置Redis则使用MemoryStorage缓存到内存中
 
-### 2022/12/16 -- 更新：
-+ 修改钉钉、企业微信直接通过企业内部免密登录授权或验证的方式实现用户信息的获取，直接通过软件内部工作平台打开，废弃扫码方式（由于API接口的权限问题，一些关键数据已经不再支持通过扫码获取）
-
-### 2023/01/15 -- 更新：
-+ 兼容PC与移动端的显示（使用Layui）
-+ 修复一些BUG
-+ 移除auto-install.sh中的redis部署步骤
-+ 抽出应用中的授权验证跳转的代码，单独做成一个auth页面，可实现选择首页是进入修改密码，还是自动跳转重置页面。
-+ 调整部分文件说明
-+ 添加日志装饰器记录请求日志
-+ 优化ad_ops中异常的处理
-
-
-### 2023/02/10 -- 更新：
-+ 修复一些BUG
-+ auto-install.sh 重写，支持Ubuntu\Centos
-+ 添加Redis缓存，之前使用内存缓存有问题
-
-**如果想在点击应用之后自动跳转到重置页面，请将回调接口配置成YOURDOMAIN.com/auth**
+Redis的安装和配置方法请自行百度，比较简单
+  > 切记Redis一定请配置密码，弱密码或没有密码的Redis如果不小心暴露到公网，极其容易导致机器被黑用来挖矿。
 
+整体验证逻辑不变，如果需要使用其它字段关联到AD验证的，请自行修改代码。
 
 ## 线上环境需要的基础环境：
-+ Python 3.8.16 (可自行下载源码包放到项目目录下，使用一键安装)
++ Python 3.8.9 (可自行下载源码包放到项目目录下，使用一键安装)
 + Nginx
 + Uwsgi
-+ Redis
 
-### 界面效果
+## 截图
+![截图1](screenshot/Snipaste_2019-07-15_20-05-49.jpg)
 
-<img alt="截图10" width="500" src="screenshot/QQ截图20230116152954.png">
+### 钉钉
+![截图2](screenshot/Snipaste_2019-07-15_20-06-14.jpg)
 
-<img alt="截图10" width="500" src="screenshot/212473880-4a59c535-85bb-42d2-a99a-899265c83136.png">
+### 微信
+![截图11](screenshot/微扫码11.png)
+![截图12](screenshot/微扫码12.png)
 
-<img alt="截图10" width="500" src="screenshot/212474222-e1c13e1b-bb6f-4523-b040-24a65055d681.png">
-
-### 移动端
-<img alt="截图10" width="500" src="screenshot/212474177-dd68b0c9-81cc-4eb0-9196-e760784e3f69.jpg">
-<img alt="截图10" width="500" src="screenshot/212474293-0cd60898-22c3-4258-ac4c-dfee52a6cf1e.png">
 
 ## 钉钉必要条件：
 #### 创建企业内部应用
-* 在钉钉工作台中通过“自建应用”创建应用，选择“企业内部开发”，创建H5微应用，在应用首页中获取应用的：AgentId、AppKey、AppSecret。
-* 应用需要权限：通讯录只读权限、邮箱等个人信息，范围是全部员工或自行选择
+* 在钉钉工作台中通过“自建应用”创建应用，选择“企业内部开发”，创建H5微应用或小程序，在应用首页中获取应用的：AgentId、AppKey、AppSecret。
+* 应用需要权限：身份验证、消息通知、通讯录只读权限、手机号码信息、邮箱等个人信息、智能人事，范围是全部员工或自行选择
 * 应用安全域名和IP一定要配置，否则无法返回接口数据。
 
-> **如果想实现进入应用就自动授权，跳转重置页面，可将回调域名指定向pwd.abc.com/auth**
-
 参考截图配置：
 ![截图3](screenshot/h5微应用.png)
 
-![截图4](screenshot/创建H5微应用03.png)
+![截图4](screenshot/h5微应用--开发管理.png)
 
-![截图5](screenshot/创建H5微应用04.png)
-![截图5](screenshot/创建H5微应用--版本管理与发布.png)
+![截图5](screenshot/h5微应用--权限管理.png)
 
 #### 移动接入应用--登录权限：
-> 废弃，已经不再需要，如果之前有配置，可以删除！！
+>登录中开启扫码登录，配置回调域名：“https://pwd.abc.com/callbackCheck”
+  其中pwd.abc.com请按自己实际域名来，并记录相关的：appId、appSecret。
+
+参考截图配置：
+![截图6](screenshot/移动应用接入--登录.png)
 
 
 ## 企业微信必要条件：
 * 创建应用，记录下企业的CorpId，应用的ID和Secret。
 
-> **如果想实现进入应用就自动授权，跳转重置页面，可将回调域名指定向pwd.abc.com/auth**
-
-
 参考截图：
 ![截图7](screenshot/微扫码13.png)
 
-![截图8](screenshot/微信小应用01-应用主机.png)
+![截图8](screenshot/微扫码14.png)
 
-![截图9](screenshot/微信小应用01-应用主页-配置.png)
+![截图9](screenshot/微扫码15.png)
 
-![截图10](screenshot/微信小应用01-网页授权及J-SDK配置.png)
-![截图10](screenshot/微信小应用01-企业可信IP.png)
-
-
-## 飞书必要条件：
- * 暂时没时间，做不了，已经剔除了！
-
-## 如果你觉得这个小工具对你有帮忙的话，可以请我喝杯咖啡~😁😁😁
-<img alt="截图10" height="400" src="screenshot/143fce31873f4d7a4ecd7a7b8c6a24c.png" width="300"/>
-<img alt="截图10" height="400" src="screenshot/微信图片_20221220140900.png" width="300"/>
+![截图10](screenshot/微扫码16.png)
 
 
 ## 使用脚本自动部署：
 使用脚本自动快速部署，只适合Centos，其它发行版本的Linux请自行修改相关命令。
 
+
 ### 把整个项目目录上传到新的服务器上
 
 #### 先修改配置文件，按自己实际的配置修改项目配置文件：
 修改conf/local_settings.py中的参数，按自己的实际参数修改
+```` python
+# ########## AD配置，修改为自己的
+# AD主机，可以是IP或主机域名，例如可以是: abc.com或172.16.122.1
+AD_HOST = r'修改成自己的'
 
+# AD域控的DOMAIN名，例如：abc
+AD_DOMAIN = r'修改成自己的'
+
+# 用于登录AD做用户信息处理的账号，需要有修改用户账号密码或信息的权限。
+# AD账号，例如：pwdadmin
+AD_LOGIN_USER = r'修改成自己的'
+# 密码
+AD_LOGIN_USER_PWD = r'修改为自己的'
+
+# BASE DN，账号的查找DN路径，例如：'DC=abc,DC=com'，可以指定到OU之下，例如：'OU=RD,DC=abc,DC=com'。
+BASE_DN = r'修改成自己的'
+
+# 是否启用SSL,
+# 注意：AD必须使用SSL才能修改密码（这里被坑了N久...）,自行部署下AD的证书服务，并颁发CA证书，重启服务器生效。具体教程百度一下，有很多。
+AD_USE_SSL = True
+# 连接的端口，如果启用SSL默认是636，否则就是389
+AD_CONN_PORT = 636
+
+# 扫码验证的类型
+#       钉钉 / 企业微信，自行修改
+# 值是：DING /  WEWORK
+SCAN_CODE_TYPE = 'DING'
+
+# ########## 钉钉 《如果不使用钉钉扫码，可不用配置》##########
+# 钉钉接口主地址，不可修改
+DING_URL = r'https://oapi.dingtalk.com'
+
+# 钉钉企业ID <CorpId>，修改为自己的
+DING_CORP_ID = '修改为自己的'
+
+# 钉钉企业内部开发，内部H5微应用或小程序，用于读取企业内部用户信息
+DING_AGENT_ID = r'修改为自己的'
+DING_APP_KEY = r'修改为自己的'
+DING_APP_SECRET = r'修改为自己的'
+
+# 移动应用接入 主要为了实现通过扫码拿到用户的unionid
+DING_MO_APP_ID = r'修改为自己的'
+DING_MO_APP_SECRET = r'修改为自己的'
+
+
+# ####### 企业微信《如果不使用企业微信扫码，可不用配置》 ##########
+# 企业微信的企业ID
+WEWORK_CORP_ID = r'修改为自己的'
+# 应用的AgentId
+WEWORK_AGENT_ID = r'修改为自己的'
+# 应用的Secret
+WEWORK_AGNET_SECRET = r'修改为自己的'
+
+# Redis配置
+# redis的连接地址，redis://<Ip/Host>:<Port>/<数据库>
+REDIS_LOCATION = r'redis://127.0.0.1:6379/1'
+REDIS_PASSWORD = r'12345678'
+
+# ##########################
+# 执行：python3 ./utils/crypto.py 生成
+# 可自行生成后替换
+CRYPTO_KEY = b'dp8U9y7NAhCD3MoNwPzPBhBtTZ1uI_WWSdpNs6wUDgs='
+
+# COOKIE 超时单位是秒，可不用修改
+TMPID_COOKIE_AGE = 300
+
+# 主页域名，钉钉跳转等需要指定域名，格式：pwd.abc.com。
+# 如果是自定义安装，请修改成自己的域名
+HOME_URL = 'PWD_SELF_SERVICE_DOMAIN'
+````
 ### 执行部署脚本  
 ```shell
 chmod +x auto-install.sh
@@ -132,19 +176,90 @@ chmod +x auto-install.sh
 #### 以上配置修改完成之后，则可以通过配置的域名直接访问。
 
 
+
 # 手动部署：
 #### 自行安装完python3之后，使用python3目录下的pip3进行安装依赖：
 #### 我自行安装的Python路径为/usr/local/python3
 
 项目目录下的requestment文件里记录了所依赖的相关python模块，安装方法：
 >/usr/local/python3/bin/pip3 install -r requestment
-
+> 
 等待所有模块安装完成之后进行下一步。
 
+
 ### 按自己实际的配置修改项目配置参数：
 修改conf/local_settings.py中的参数，按自己的实际参数修改
 
-```
+```` python
+# ########## AD配置，修改为自己的
+# AD主机，可以是IP或主机域名，例如可以是: abc.com或172.16.122.1
+AD_HOST = r'修改成自己的'
+
+# AD域控的DOMAIN名，例如：abc
+AD_DOMAIN = r'修改成自己的'
+
+# 用于登录AD做用户信息处理的账号，需要有修改用户账号密码或信息的权限。
+# AD账号，例如：pwdadmin
+AD_LOGIN_USER = r'修改成自己的'
+# 密码
+AD_LOGIN_USER_PWD = r'修改为自己的'
+
+# BASE DN，账号的查找DN路径，例如：'DC=abc,DC=com'，可以指定到OU之下，例如：'OU=RD,DC=abc,DC=com'。
+BASE_DN = r'修改成自己的'
+
+# 是否启用SSL,
+# 注意：AD必须使用SSL才能修改密码（这里被坑了N久...）,自行部署下AD的证书服务，并颁发CA证书，重启服务器生效。具体教程百度一下，有很多。
+AD_USE_SSL = True
+# 连接的端口，如果启用SSL默认是636，否则就是389
+AD_CONN_PORT = 636
+
+# 扫码验证的类型
+#       钉钉 / 企业微信，自行修改
+# 值是：DING /  WEWORK
+SCAN_CODE_TYPE = 'DING'
+
+# ########## 钉钉 《如果不使用钉钉扫码，可不用配置》##########
+# 钉钉接口主地址，不可修改
+DING_URL = r'https://oapi.dingtalk.com'
+
+# 钉钉企业ID <CorpId>，修改为自己的
+DING_CORP_ID = '修改为自己的'
+
+# 钉钉企业内部开发，内部H5微应用或小程序，用于读取企业内部用户信息
+DING_AGENT_ID = r'修改为自己的'
+DING_APP_KEY = r'修改为自己的'
+DING_APP_SECRET = r'修改为自己的'
+
+# 移动应用接入 主要为了实现通过扫码拿到用户的unionid
+DING_MO_APP_ID = r'修改为自己的'
+DING_MO_APP_SECRET = r'修改为自己的'
+
+
+# ####### 企业微信《如果不使用企业微信扫码，可不用配置》 ##########
+# 企业微信的企业ID
+WEWORK_CORP_ID = r'修改为自己的'
+# 应用的AgentId
+WEWORK_AGENT_ID = r'修改为自己的'
+# 应用的Secret
+WEWORK_AGNET_SECRET = r'修改为自己的'
+
+# Redis配置
+# redis的连接地址，redis://<Ip/Host>:<Port>/<数据库>
+REDIS_LOCATION = r'redis://127.0.0.1:6379/1'
+REDIS_PASSWORD = r'12345678'
+
+# ##########################
+# 执行：python3 ./utils/crypto.py 生成
+# 可自行生成后替换
+CRYPTO_KEY = b'dp8U9y7NAhCD3MoNwPzPBhBtTZ1uI_WWSdpNs6wUDgs='
+
+# COOKIE 超时单位是秒，可不用修改
+TMPID_COOKIE_AGE = 300
+
+# 主页域名，钉钉跳转等需要指定域名，格式：pwd.abc.com。
+# 如果是自定义安装，请修改成自己的域名
+HOME_URL = 'PWD_SELF_SERVICE_DOMAIN'
+````
 
 安装完依赖后，直接执行
 /usr/local/python3/bin/python3 manager.py runserver x.x.x.x:8000
@@ -153,22 +268,95 @@ chmod +x auto-install.sh
 
 ## 修改uwsig.ini配置:
 IP和路径按自己实际路径修改
+````ini
+[uwsgi]
+http-socket = PWD_SELF_SERVICE_IP:PWD_SELF_SERVICE_PORT
 
-```
+chdir = PWD_SELF_SERVICE_HOME
+ 
+module = pwdselfservice.wsgi:application
+
+master = true
+ 
+processes = 4
+ 
+threads = 4
+ 
+max-requests = 2000
+ 
+chmod-socket = 755
+ 
+vacuum = true
+
+#设置缓冲
+post-buffering = 4096
+
+#设置静态文件
+static-map = /static=PWD_SELF_SERVICE_HOME/static
+
+#设置日志目录
+daemonize = PWD_SELF_SERVICE_HOME/log/uwsgi.log
+````
 
 ## 通过uwsgiserver启动：
+其中PWD_SELF_SERVICE_HOME是你自己的服务器当前项目的目录，请自行修改
+将以下脚本修改完之后，复制到/etc/init.d/，给予执行权限。
+uwsgiserver:
 ```shell
-请自行修改将脚本修改完之后
-复制到/etc/init.d/，给予执行权限。
-执行/etc/init.d/uwsigserver start 启动
-```
+#!/bin/sh
+
+INI="PWD_SELF_SERVICE_HOME/uwsgi.ini"
+UWSGI="/usr/share/python-3.6.9/bin/uwsgi"
+PSID=`ps aux | grep "uwsgi"| grep -v "grep" | wc -l`
+
+if [ ! -n "$1" ]
+then
+    content="Usages: sh uwsgiserver [start|stop|restart]"
+    echo -e "\033[31m $content \033[0m"
+    exit 0
+fi
+
+if [ $1 = start ]
+then
+    if [ `eval $PSID` -gt 4 ]
+    then
+        content="uwsgi is running!"
+        echo -e "\033[32m $content \033[0m"
+        exit 0
+    else
+        $UWSGI $INI
+        content="Start uwsgi service [OK]"
+        echo -e "\033[32m $content \033[0m"
+    fi
+
+elif [ $1 = stop ];then
+    if [ `eval $PSID` -gt 4 ];then
+        killall -9 uwsgi
+    fi
+    content="Stop uwsgi service [OK]"
+    echo -e "\033[32m $content \033[0m"
+elif [ $1 = restart ];then
+    if [ `eval $PSID` -gt 4 ];then
+        killall -9 uwsgi
+    fi
+    $UWSGI --ini $INI
+    content="Restart uwsgi service [OK]"
+    echo -e "\033[32m $content \033[0m"
+
+else
+    content="Usages: sh uwsgiserver [start|stop|restart]"
+    echo -e "\033[31m $content \033[0m"
+fi
+
+````
+脚本内的路径按自己实际情况修改
 
 ## 自行部署Nginx，然后添加Nginx配置
 #### Nginx配置：
 Nginx Server配置：
 * proxy_pass的IP地址改成自己的服务器IP
 * 配置可自己写一个vhost或直接加在nginx.conf中
-``` nginx
+```` nginx
 server {
     listen  80;
     server_name pwd.abc.com;
@@ -182,5 +370,5 @@ server {
     }
 	access_log  off;
 }
-```
+````
 - 执行Nginx reload操作，重新加载配置

requestment

@@ -1,9 +1,10 @@
 Django==3.2
+pycryptodome==3.10.1
 attrs==21.2.0
 python-dateutil==2.8.1
 dingtalk-sdk==1.3.8
 cryptography==3.4.7
 ldap3==2.9
 django-redis==4.12.1
-requests==2.28.1
-uwsgi==2.0.21
+requests
+uwsgi

resetpwd/utils.py

@@ -7,41 +7,120 @@
 # @Date：          2021/5/20 8:47
 
 from django.shortcuts import render
+from django.http import HttpResponseRedirect
 import logging
-from ldap3.core.exceptions import LDAPException
-from django.conf import settings
-import os
-from utils.tracecalls import decorator_logger
+from utils.crypto_ops import Crypto
+from ldap3.core.exceptions import LDAPInvalidCredentialsResult, LDAPOperationResult, LDAPExceptionError, LDAPException
 
+from django.conf import settings
+from pwdselfservice import crypto_key
+import os
 APP_ENV = os.getenv('APP_ENV')
 if APP_ENV == 'dev':
     from conf.local_settings_dev import *
 else:
     from conf.local_settings import *
 
-logger = logging.getLogger(__name__)
+logger = logging.getLogger('django')
 
 
-@decorator_logger(logger, log_head='AccountOps', pretty=True, indent=2, verbose=1)
-def code_2_user_detail(ops, home_url, code):
+def code_2_user_info(ops, request, msg_template, home_url, code):
     """
     临时授权码换取userinfo
     """
-    _, s, e = ops.get_user_detail(code=code, home_url=home_url)
-    return _, s, e
+    _status, user_id = ops.get_user_id_by_code(code)
+    # 判断 user_id 在本企业钉钉/微信中是否存在
+    if not _status:
+        context = {
+            'msg': '获取钉钉userid失败，错误信息：{}'.format(user_id),
+            'button_click': "window.location.href='%s'" % home_url,
+            'button_display': "返回主页"
+        }
+        return False, context, user_id
+    detail_status, user_info = ops.get_user_detail_by_user_id(user_id)
+    if not detail_status:
+        context = {
+            'msg': '获取钉钉用户信息失败，错误信息：{}'.format(user_info),
+            'button_click': "window.location.href='%s'" % home_url,
+            'button_display': "返回主页"
+        }
+        return False, context, user_info
+    return True, user_id, user_info
+
+
+def crypto_id_2_user_info(ops, request, msg_template, home_url, scan_app_tag):
+    """
+    能过前端提交的加密的userid来获取用户信息<userinfo>
+    """
+    try:
+        crypto_tmp_id = request.COOKIES.get('tmpid')
+        if not crypto_tmp_id:
+            logger.error('[异常]  请求方法：%s，请求路径：%s，未能拿到TmpID或会话己超时。' % (request.method, request.path))
+            context = {
+                'msg': "会话己超时，请重新扫码验证用户信息。",
+                'button_click': "window.location.href='%s'" % home_url,
+                'button_display': "返回主页"
+            }
+            return False, context
+        # 解密
+        crypto = Crypto(crypto_key)
+        user_id = crypto.decrypt(crypto_tmp_id)
+        # 通过user_id拿到用户的邮箱，并格式化为username
+        userid_status, user_info = ops.get_user_detail_by_user_id(user_id)
+        if not userid_status:
+            context = {
+                'msg': '获取{}用户信息失败，错误信息：{}'.format(user_info, scan_app_tag),
+                'button_click': "window.location.href='%s'" % home_url,
+                'button_display': "返回主页"
+            }
+            return False, context
+        return True, user_info
+    except Exception as e:
+        return False, str(e)
+
+
+def crypto_user_id_2_cookie(user_id):
+    """
+    加密userid，写入到cookie
+    """
+    crypto = Crypto(crypto_key)
+    # 对user_id进行加密，因为user_id基本上固定不变的，为了防止user_id泄露而导致重复使用，进行加密后再传回。
+    _id_cryto = crypto.encrypt(user_id)
+    # 配置cookie，通过cookie把加密后的用户user_id传到重置密码页面，并重定向到重置密码页面。
+    set_cookie = HttpResponseRedirect('resetPassword')
+    set_cookie.set_cookie('tmpid', _id_cryto, expires=TMPID_COOKIE_AGE)
+    return set_cookie
+
+
+def crypto_id_2_user_id(request, msg_template, home_url):
+    """
+    前端提交的加密的userid，解密出真实的userid
+    """
+    try:
+        crypto_tmp_id = request.COOKIES.get('tmpid')
+        # 解密
+        crypto = Crypto(crypto_key)
+        return True, crypto.decrypt(crypto_tmp_id)
+    except Exception as e:
+        logger.error('[异常] ：%s' % str(e))
+        logger.error('[异常]  请求方法：%s，请求路径：%s，未能拿到TmpID或会话己超时。' % (request.method, request.path))
+        context = {
+            'msg': "会话己超时，请重新扫码验证用户信息。",
+            'button_click': "window.location.href='%s'" % home_url,
+            'button_display': "返回主页"
+        }
+        return False, context
 
 
-@decorator_logger(logger, log_head='AccountOps', pretty=True, indent=2, verbose=1)
 def ops_account(ad_ops, request, msg_template, home_url, username, new_password):
     """
     ad 账号操作，判断账号状态，重置密码或解锁账号
     """
     try:
-        print("ops_account: {}".format(username))
+        print("ops_account: {}" .format(username))
         _status, _account = ad_ops.ad_ensure_user_by_account(username=username)
         if not _status:
             context = {
-                'global_title': TITLE,
                 'msg': "账号[%s]在AD中不存在，请确认当前钉钉扫码账号绑定的邮箱是否和您正在使用的邮箱一致？或者该账号己被禁用！\n猜测：您的账号或邮箱是否是带有数字或其它字母区分？" % username,
                 'button_click': "window.location.href='%s'" % home_url,
                 'button_display': "返回主页"
@@ -51,7 +130,6 @@ def ops_account(ad_ops, request, msg_template, home_url, username, new_password)
         _status, account_code = ad_ops.ad_get_user_status_by_account(username)
         if _status and account_code in settings.AD_ACCOUNT_DISABLE_CODE:
             context = {
-                'global_title': TITLE,
                 'msg': "此账号状态为己禁用，请联系HR确认账号是否正确。",
                 'button_click': "window.location.href='%s'" % home_url,
                 'button_display': "返回主页"
@@ -59,8 +137,7 @@ def ops_account(ad_ops, request, msg_template, home_url, username, new_password)
             return render(request, msg_template, context)
         elif not _status:
             context = {
-                'global_title': TITLE,
-                'msg': "错误：{}".format(account_code),
+                'msg': "错误：{}" .format(account_code),
                 'button_click': "window.location.href='%s'" % home_url,
                 'button_display': "返回主页"
             }
@@ -73,25 +150,22 @@ def ops_account(ad_ops, request, msg_template, home_url, username, new_password)
                 unlock_status, result = ad_ops.ad_unlock_user_by_account(username)
                 if unlock_status:
                     context = {
-                        'global_title': TITLE,
-                        'msg': "密码己修改成功，请妥善保管。你可以点击修改密码或直接关闭此页面！",
+                        'msg': "密码己修改/重置成功，请妥善保管。你可以点击返回主页或直接关闭此页面！",
                         'button_click': "window.location.href='%s'" % home_url,
                         'button_display': "返回主页"
                     }
                     return render(request, msg_template, context)
             else:
                 context = {
-                    'global_title': TITLE,
                     'msg': "密码未修改/重置成功，错误信息：{}".format(result),
-                    'button_click': "window.location.href='%s'" % '/auth',
-                    'button_display': "重新认证授权"
+                    'button_click': "window.location.href='%s'" % home_url,
+                    'button_display': "返回主页"
                 }
                 return render(request, msg_template, context)
         else:
             unlock_status, result = ad_ops.ad_unlock_user_by_account(username)
             if unlock_status:
                 context = {
-                    'global_title': TITLE,
                     'msg': "账号己解锁成功。你可以点击返回主页或直接关闭此页面！",
                     'button_click': "window.location.href='%s'" % home_url,
                     'button_display': "返回主页"
@@ -99,17 +173,14 @@ def ops_account(ad_ops, request, msg_template, home_url, username, new_password)
                 return render(request, msg_template, context)
             else:
                 context = {
-                    'global_title': TITLE,
                     'msg': "账号未能解锁，错误信息：{}".format(result),
-                    'button_click': "window.location.href='%s'" % '/auth',
-                    'button_display': "重新认证授权"
+                    'button_click': "window.location.href='%s'" % home_url,
+                    'button_display': "返回主页"
                 }
                 return render(request, msg_template, context)
+    except LDAPInvalidCredentialsResult as lic_e:
+        raise LDAPOperationResult("LDAPInvalidCredentialsResult: " + str(lic_e.message))
+    except LDAPOperationResult as lo_e:
+        raise LDAPOperationResult("LDAPOperationResult: " + str(lo_e.message))
     except LDAPException as l_e:
-        context = {
-            'global_title': TITLE,
-            'msg': "账号未能解锁，错误信息：{}".format(l_e),
-            'button_click': "window.location.href='%s'" % '/auth',
-            'button_display': "重新认证授权"
-        }
-        return render(request, msg_template, context)
+        raise LDAPException("LDAPException: " + str(l_e))

resetpwd/views.py

@@ -1,76 +1,73 @@
-import json
 import logging
 import os
-import traceback
-
 from django.shortcuts import render
 from utils.ad_ops import AdOps
-import urllib.parse as url_encode
-from utils.format_username import format2username, get_user_is_active, get_email_from_userinfo
+from ldap3.core.exceptions import LDAPException
+from utils.format_username import format2username, get_user_is_active
 from .form import CheckForm
-from .utils import code_2_user_detail, ops_account
-from utils.tracecalls import decorator_logger
-from pwdselfservice import cache_storage
-
+from .utils import code_2_user_info, crypto_id_2_user_info, ops_account, crypto_id_2_user_id, crypto_user_id_2_cookie
 APP_ENV = os.getenv('APP_ENV')
 if APP_ENV == 'dev':
-    from conf.local_settings_dev import INTEGRATION_APP_TYPE, DING_MO_APP_ID, WEWORK_CORP_ID, WEWORK_AGENT_ID, HOME_URL, \
-        DING_CORP_ID, TITLE
+    from conf.local_settings_dev import SCAN_CODE_TYPE, DING_MO_APP_ID, WEWORK_CORP_ID, WEWORK_AGENT_ID, HOME_URL
 else:
-    from conf.local_settings import INTEGRATION_APP_TYPE, DING_MO_APP_ID, WEWORK_CORP_ID, WEWORK_AGENT_ID, HOME_URL, \
-        DING_CORP_ID, TITLE
+    from conf.local_settings import SCAN_CODE_TYPE, DING_MO_APP_ID, WEWORK_CORP_ID, WEWORK_AGENT_ID, HOME_URL
+
 
 msg_template = 'messages.html'
-logger = logging.getLogger(__name__)
+logger = logging.getLogger('django')
 
 
 class PARAMS(object):
-    if INTEGRATION_APP_TYPE == 'DING':
-        corp_id = DING_CORP_ID
+    if SCAN_CODE_TYPE == 'DING':
         app_id = DING_MO_APP_ID
         agent_id = None
-        AUTH_APP = '钉钉'
+        SCAN_APP = '钉钉'
         from utils.dingding_ops import DingDingOps
         ops = DingDingOps()
-    elif INTEGRATION_APP_TYPE == 'WEWORK':
-        corp_id = None
+    elif SCAN_CODE_TYPE == 'WEWORK':
         app_id = WEWORK_CORP_ID
         agent_id = WEWORK_AGENT_ID
-        AUTH_APP = '微信'
+        SCAN_APP = '微信'
+        from utils.wework_ops import WeWorkOps
+        ops = WeWorkOps()
+    else:
+        app_id = WEWORK_CORP_ID
+        agent_id = WEWORK_AGENT_ID
+        SCAN_APP = '微信'
         from utils.wework_ops import WeWorkOps
         ops = WeWorkOps()
 
 
 scan_params = PARAMS()
 _ops = scan_params.ops
+# try:
+#     AdOps() = AdOps()
+#     print("初始化Active Directory连接成功...")
+# except Exception as e:
+#     AdOps() = LDAPException("连接域控制器失败，无法访问到LDAP")
+#     print("初始化Active Directory连接失败...")
+#     print(str(e))
 
 
-@decorator_logger(logger, log_head='Request', pretty=True, indent=2, verbose=1)
-def auth(request):
+def index(request):
+    """
+    用户自行修改密码/首页
+    :param request:
+    :return:
+    """
     home_url = '%s://%s' % (request.scheme, HOME_URL)
-    corp_id = scan_params.corp_id
     app_id = scan_params.app_id
     agent_id = scan_params.agent_id
-    scan_app = scan_params.AUTH_APP
-    redirect_url = url_encode.quote(home_url + '/resetPassword')
-    app_type = INTEGRATION_APP_TYPE
-    global_title = TITLE
-    if request.method == 'GET':
-        return render(request, 'auth.html', locals())
+    if request.method == 'GET' and SCAN_CODE_TYPE == 'DING':
+        return render(request, 'ding_index.html', locals())
+    elif request.method == 'GET' and SCAN_CODE_TYPE == 'WEWORK':
+        return render(request, 'we_index.html', locals())
+    elif request.method == 'GET' and SCAN_CODE_TYPE == 'FEISHU':
+        return render(request, 'feishu_index.html', locals())
     else:
-        logger.error('[异常]  请求方法：%s，请求路径%s' % (request.method, request.path))
+        logger.error('[异常]  请求方法：%s，请求路径：%s' % (request.method, request.path))
 
-
-@decorator_logger(logger, log_head='Request', pretty=True, indent=2, verbose=1)
-def index(request):
-    home_url = '%s://%s' % (request.scheme, HOME_URL)
-    scan_app = scan_params.AUTH_APP
-    global_title = TITLE
-
-    if request.method == 'GET':
-        return render(request, 'index.html', locals())
-
-    elif request.method == 'POST':
+    if request.method == 'POST':
         # 对前端提交的数据进行二次验证，防止恶意提交简单密码或篡改账号。
         check_form = CheckForm(request.POST)
         if check_form.is_valid():
@@ -79,130 +76,70 @@ def index(request):
             old_password = form_obj.get("old_password")
             new_password = form_obj.get("new_password")
         else:
-            _msg = check_form
+            _msg = check_form.as_p().errors
             logger.error('[异常]  请求方法：%s，请求路径：%s，错误信息：%s' % (request.method, request.path, _msg))
             context = {
-                'global_title': TITLE,
                 'msg': _msg,
-                'button_click': "window.location.href='%s'" % '/auth',
-                'button_display': "重新认证授权"
+                'button_click': "window.location.href='%s'" % home_url,
+                'button_display': "返回主页"
             }
             return render(request, msg_template, context)
         # 格式化用户名
-        _, username = format2username(username)
-        if _ is False:
-            context = {
-                'global_title': TITLE,
-                'msg': username,
-                'button_click': "window.location.href='%s'" % '/auth',
-                'button_display': "重新认证授权"
-            }
-            return render(request, msg_template, context)
+        username = format2username(username)
         # 检测账号状态
         auth_status, auth_result = AdOps().ad_auth_user(username=username, password=old_password)
         if not auth_status:
             context = {
-                'global_title': TITLE,
                 'msg': str(auth_result),
-                'button_click': "window.location.href='%s'" % '/auth',
-                'button_display': "重新认证授权"
+                'button_click': "window.history.back()",
+                'button_display': "返回"
             }
             return render(request, msg_template, context)
         return ops_account(AdOps(), request, msg_template, home_url, username, new_password)
     else:
         context = {
-            'global_title': TITLE,
-            'msg': "不被接受的认证信息，请重新尝试认证授权。",
-            'button_click': "window.location.href='%s'" % '/auth',
-            'button_display': "重新认证授权"
-        }
-        return render(request, msg_template, context)
-
-
-@decorator_logger(logger, log_head='Request', pretty=True, indent=2, verbose=1)
-def reset_password(request):
-    """
-    钉钉扫码并验证信息通过之后，在重置密码页面将用户账号进行绑定
-    :param request:
-    :return:
-    """
-    home_url = '%s://%s' % (request.scheme, HOME_URL)
-    if request.method == 'GET':
-        code = request.GET.get('code')
-        username = request.GET.get('username')
-        # 如果从GET路径中提取到username、code，并且在缓存中存在username对应的code值，说明已经认证过
-        if username and code and cache_storage.get(username) == code:
-            context = {
-                'global_title': TITLE,
-                'username': username,
-                'code': code,
-            }
-            return render(request, 'reset_password.html', context)
-        # 否则就是第一次认证，用code换取用户信息
-        else:
-            if not code:
-                context = {
-                    'global_title': TITLE,
-                    'msg': "临时授权码己失效，请尝试重新认证授权...",
-                    'button_click': "window.location.href='%s'" % '/auth',
-                    'button_display': "重新认证授权"
-                }
-                return render(request, msg_template, context)
-            try:
-                _status, user_id, user_info = code_2_user_detail(_ops, home_url, code)
-                if not _status:
-                    return render(request, msg_template, user_id)
-                # 账号在企业微信或钉钉中是否是激活的
-                _, res = get_user_is_active(user_info)
-                if not _:
-                    context = {
-                        'global_title': TITLE,
-                        'msg': '当前扫码的用户未激活或可能己离职，用户信息如下：%s' % user_info,
+            'msg': "请从主页进行修改密码操作或扫码验证用户信息。",
             'button_click': "window.location.href='%s'" % home_url,
             'button_display': "返回主页"
         }
         return render(request, msg_template, context)
 
-                # 通过user_info拿到用户邮箱，并格式化为username
-                _, email = get_email_from_userinfo(user_info)
-                if not _:
+
+def callback_check(request):
+    """
+    钉钉扫码回调数据之后，将用户账号在AD中进行验证，如果通过，则返回钉钉中取出用户的union_id
+    :param request:
+    :return:
+    """
+    home_url = '%s://%s' % (request.scheme, HOME_URL)
+    code = request.GET.get('code')
+    if code:
+        logger.info('[成功]  请求方法：%s，请求路径：%s，CODE：%s' % (request.method, request.path, code))
+    else:
+        logger.error('[异常]  请求方法：%s，请求路径：%s，未能拿到CODE。' % (request.method, request.path))
         context = {
-                        'global_title': TITLE,
-                        'msg': email,
-                        'button_click': "window.location.href='%s'" % '/auth',
-                        'button_display': "重新认证授权"
+            'msg': "错误，临时授权码己失效，请从主页重新扫码验证。",
+            'button_click': "window.location.href='%s'" % home_url,
+            'button_display': "返回主页"
         }
         return render(request, msg_template, context)
-                _, username = format2username(email)
-                if _ is False:
-                    context = {
-                        'global_title': TITLE,
-                        'msg': username,
-                        'button_click': "window.location.href='%s'" % '/auth',
-                        'button_display': "重新认证授权"
-                    }
-                    return render(request, msg_template, context)
-                if username:
-                    cache_storage.set(username, code, ttl=300)
-                    context = {
-                        'global_title': TITLE,
-                        'username': username,
-                        'code': code,
-                    }
-                    return render(request, 'reset_password.html', context)
+    print("code: {}" .format(code))
+    try:
+        _status, user_id, user_info = code_2_user_info(_ops, request, msg_template, home_url, code)
+        if not _status:
+            return render(request, msg_template, user_id)
+        # 账号是否是激活的
+        if get_user_is_active(user_info):
+            return crypto_user_id_2_cookie(user_id)
         else:
             context = {
-                        'global_title': TITLE,
-                        'msg': "{}，您好，企业{}中未能找到您账号的邮箱配置，请联系HR完善信息。".format(
-                            user_info.get('name'), scan_params.AUTH_APP),
-                        'button_click': "window.location.href='%s'" % '/auth',
-                        'button_display': "重新认证授权"
+                'msg': '[%s]在钉钉中未激活或可能己离职' % format2username(user_info.get('name')),
+                'button_click': "window.location.href='%s'" % home_url,
+                'button_display': "返回主页"
             }
             return render(request, msg_template, context)
-
     except Exception as callback_e:
         context = {
-                    'global_title': TITLE,
             'msg': "错误[%s]，请与管理员联系." % str(callback_e),
             'button_click': "window.location.href='%s'" % home_url,
             'button_display': "返回主页"
@@ -210,18 +147,46 @@ def reset_password(request):
         logger.error('[异常] ：%s' % str(callback_e))
         return render(request, msg_template, context)
 
+
+def reset_pwd_by_callback(request):
+    """
+    钉钉扫码并验证信息通过之后，在重置密码页面将用户账号进行绑定
+    :param request:
+    :return:
+    """
+    home_url = '%s://%s' % (request.scheme, HOME_URL)
+    # 从cookie中提取union_id，并解密，然后对当前union_id的用户进行重置密码
+    if request.method == 'GET':
+        _status, user_info = crypto_id_2_user_info(_ops, request, msg_template, home_url, scan_params.SCAN_APP)
+        if not _status:
+            return render(request, msg_template, user_info)
+        # 通过user_id拿到用户信息，并格式化为username
+        username = format2username(user_info.get('email'))
+        # 如果邮箱能提取到，则格式化之后，提取出账号提交到前端绑定
+        if username:
+            context = {
+                'username': username,
+            }
+            return render(request, 'resetPassword.html', context)
+        else:
+            context = {
+                'msg': "{}，您好，企业{}中未能找到您账号的邮箱配置，请联系HR完善信息。".format(user_info.get('name'), scan_params.SCAN_APP),
+                'button_click': "window.location.href='%s'" % home_url,
+                'button_display': "返回主页"
+            }
+            return render(request, msg_template, context)
+
     # 重置密码页面，输入新密码后点击提交
     elif request.method == 'POST':
-        username = request.POST.get('username')
-        code = request.POST.get('code')
-        if username and code and cache_storage.get(username) == code:
-            _new_password = request.POST.get('new_password').strip()
         try:
-                return ops_account(ad_ops=AdOps(), request=request, msg_template=msg_template, home_url=home_url,
-                                   username=username, new_password=_new_password)
+            _new_password = request.POST.get('new_password').strip()
+            _status, user_info = crypto_id_2_user_info(_ops, request, msg_template, home_url, scan_params.SCAN_APP)
+            if not _status:
+                return render(request, msg_template, user_info)
+            username = format2username(user_info.get('email'))
+            return ops_account(ad_ops=AdOps(), request=request, msg_template=msg_template, home_url=home_url, username=username, new_password=_new_password)
         except Exception as reset_e:
             context = {
-                    'global_title': TITLE,
                 'msg': "错误[%s]，请与管理员联系." % str(reset_e),
                 'button_click': "window.location.href='%s'" % home_url,
                 'button_display': "返回主页"
@@ -230,15 +195,13 @@ def reset_password(request):
             return render(request, msg_template, context)
     else:
         context = {
-                'global_title': TITLE,
-                'msg': "认证已经失效，可尝试从重新认证授权。",
-                'button_click': "window.location.href='%s'" % '/auth',
-                'button_display': "重新认证授权"
+            'msg': "请从主页开始进行操作。",
+            'button_click': "window.location.href='%s'" % home_url,
+            'button_display': "返回主页"
         }
         return render(request, msg_template, context)
 
 
-@decorator_logger(logger, log_head='Request', pretty=True, indent=2, verbose=1)
 def unlock_account(request):
     """
     解锁账号
@@ -246,58 +209,36 @@ def unlock_account(request):
     :return:
     """
     home_url = '%s://%s' % (request.scheme, HOME_URL)
-
     if request.method == 'GET':
-        code = request.GET.get('code')
-        username = request.GET.get('username')
-        if username and code and cache_storage.get(username) == code:
+        _status, user_info = crypto_id_2_user_info(_ops, request, msg_template, home_url, scan_params.SCAN_APP)
+        if not _status:
+            return render(request, msg_template, user_info)
+        username = format2username(user_info.get('email'))
         context = {
-                'global_title': TITLE,
             'username': username,
-                'code': code,
         }
-            return render(request, 'unlock.html', context)
+        return render(request, 'resetPassword.html', context)
+
+    elif request.method == 'POST':
+        _status, user_info = crypto_id_2_user_info(_ops, request, msg_template, home_url, scan_params.SCAN_APP)
+        if not _status:
+            return render(request, msg_template, user_info)
+        username = format2username(user_info.get('email'))
+        return ops_account(AdOps(), request, msg_template, home_url, username, None)
     else:
         context = {
-                'global_title': TITLE,
-                'msg': "{}，您好，当前会话可能已经过期，请再试一次吧。".format(username),
-                'button_click': "window.location.href='%s'" % '/auth',
-                'button_display': "重新认证授权"
-            }
-            return render(request, msg_template, context)
-
-    if request.method == 'POST':
-        username = request.POST.get('username')
-        code = request.POST.get('code')
-        if username and code and cache_storage.get(username) == code:
-            try:
-                return ops_account(AdOps(), request, msg_template, home_url, username, None)
-            except Exception as reset_e:
-                context = {
-                    'global_title': TITLE,
-                    'msg': "错误[%s]，请与管理员联系." % str(reset_e),
+            'msg': "请从主页开始进行操作。",
             'button_click': "window.location.href='%s'" % home_url,
             'button_display': "返回主页"
         }
-                logger.error('{}' .format(traceback.format_exc()))
-                return render(request, msg_template, context)
-        else:
-            context = {
-                'global_title': TITLE,
-                'msg': "认证已经失效，请尝试从重新进行认证授权。",
-                'button_click': "window.location.href='%s'" % '/auth',
-                'button_display': "重新认证授权"
-            }
         return render(request, msg_template, context)
 
 
-@decorator_logger(logger, log_head='Request', pretty=True, indent=2, verbose=1)
 def messages(request):
     _msg = request.GET.get('msg')
     button_click = request.GET.get('button_click')
     button_display = request.GET.get('button_display')
     context = {
-        'global_title': TITLE,
         'msg': _msg,
         'button_click': button_click,
         'button_display': button_display

static/css/load.css

@@ -0,0 +1,135 @@
+.sk-fading-circle {
+  margin: 100px auto;
+  width: 40px;
+  height: 40px;
+  position: relative;
+}
+
+.sk-fading-circle .sk-circle {
+  width: 100%;
+  height: 100%;
+  position: absolute;
+  left: 0;
+  top: 0;
+}
+
+.sk-fading-circle .sk-circle:before {
+  content: '';
+  display: block;
+  margin: 0 auto;
+  width: 15%;
+  height: 15%;
+  background-color: #333;
+  border-radius: 100%;
+  -webkit-animation: sk-circleFadeDelay 1.2s infinite ease-in-out both;
+          animation: sk-circleFadeDelay 1.2s infinite ease-in-out both;
+}
+.sk-fading-circle .sk-circle2 {
+  -webkit-transform: rotate(30deg);
+      -ms-transform: rotate(30deg);
+          transform: rotate(30deg);
+}
+.sk-fading-circle .sk-circle3 {
+  -webkit-transform: rotate(60deg);
+      -ms-transform: rotate(60deg);
+          transform: rotate(60deg);
+}
+.sk-fading-circle .sk-circle4 {
+  -webkit-transform: rotate(90deg);
+      -ms-transform: rotate(90deg);
+          transform: rotate(90deg);
+}
+.sk-fading-circle .sk-circle5 {
+  -webkit-transform: rotate(120deg);
+      -ms-transform: rotate(120deg);
+          transform: rotate(120deg);
+}
+.sk-fading-circle .sk-circle6 {
+  -webkit-transform: rotate(150deg);
+      -ms-transform: rotate(150deg);
+          transform: rotate(150deg);
+}
+.sk-fading-circle .sk-circle7 {
+  -webkit-transform: rotate(180deg);
+      -ms-transform: rotate(180deg);
+          transform: rotate(180deg);
+}
+.sk-fading-circle .sk-circle8 {
+  -webkit-transform: rotate(210deg);
+      -ms-transform: rotate(210deg);
+          transform: rotate(210deg);
+}
+.sk-fading-circle .sk-circle9 {
+  -webkit-transform: rotate(240deg);
+      -ms-transform: rotate(240deg);
+          transform: rotate(240deg);
+}
+.sk-fading-circle .sk-circle10 {
+  -webkit-transform: rotate(270deg);
+      -ms-transform: rotate(270deg);
+          transform: rotate(270deg);
+}
+.sk-fading-circle .sk-circle11 {
+  -webkit-transform: rotate(300deg);
+      -ms-transform: rotate(300deg);
+          transform: rotate(300deg);
+}
+.sk-fading-circle .sk-circle12 {
+  -webkit-transform: rotate(330deg);
+      -ms-transform: rotate(330deg);
+          transform: rotate(330deg);
+}
+.sk-fading-circle .sk-circle2:before {
+  -webkit-animation-delay: -1.1s;
+          animation-delay: -1.1s;
+}
+.sk-fading-circle .sk-circle3:before {
+  -webkit-animation-delay: -1s;
+          animation-delay: -1s;
+}
+.sk-fading-circle .sk-circle4:before {
+  -webkit-animation-delay: -0.9s;
+          animation-delay: -0.9s;
+}
+.sk-fading-circle .sk-circle5:before {
+  -webkit-animation-delay: -0.8s;
+          animation-delay: -0.8s;
+}
+.sk-fading-circle .sk-circle6:before {
+  -webkit-animation-delay: -0.7s;
+          animation-delay: -0.7s;
+}
+.sk-fading-circle .sk-circle7:before {
+  -webkit-animation-delay: -0.6s;
+          animation-delay: -0.6s;
+}
+.sk-fading-circle .sk-circle8:before {
+  -webkit-animation-delay: -0.5s;
+          animation-delay: -0.5s;
+}
+.sk-fading-circle .sk-circle9:before {
+  -webkit-animation-delay: -0.4s;
+          animation-delay: -0.4s;
+}
+.sk-fading-circle .sk-circle10:before {
+  -webkit-animation-delay: -0.3s;
+          animation-delay: -0.3s;
+}
+.sk-fading-circle .sk-circle11:before {
+  -webkit-animation-delay: -0.2s;
+          animation-delay: -0.2s;
+}
+.sk-fading-circle .sk-circle12:before {
+  -webkit-animation-delay: -0.1s;
+          animation-delay: -0.1s;
+}
+
+@-webkit-keyframes sk-circleFadeDelay {
+  0%, 39%, 100% { opacity: 0; }
+  40% { opacity: 1; }
+}
+
+@keyframes sk-circleFadeDelay {
+  0%, 39%, 100% { opacity: 0; }
+  40% { opacity: 1; }
+}

static/css/login.css

@@ -0,0 +1,119 @@
+a, body, button, dd, div, dl, dt, h1, h2, h3, h4, h5, h6, input, li, ol, p, td, textarea, ul { margin: 0; padding: 0; }
+body, button, input, select, textarea { font: 9pt/1.5 tahoma,arial,Hiragino Sans GB,\5b8b\4f53,sans-serif; }
+button, h1, h2, h3, h4, h5, h6, input, select, textarea { font-size: 100%; }
+ /*background-image: linear-gradient(160deg, #2f548e 20%,#043559 80%);*/
+html{height: 100%; background-image: linear-gradient(160deg, #2f548e 20%,#043559 80%);}
+ol, ul { list-style: none;}
+a { color: #666; text-decoration: none; }
+a:hover { color: #043559; text-decoration: underline; }
+body {  font-size: 9pt; height: 100%;
+    font-family: 'microsoft yahei', sans-serif; min-width: 750pt; margin: 0; overflow: hidden}
+img { border: 0; vertical-align: top; }
+textarea { resize: none; }
+a, button, input, select, textarea { outline: 0; }
+a, button { cursor: pointer; }
+button { border: none; }
+.errorlist {font-size: 16px; color: #333333}
+.pagewrap {height: 100% }
+.main { position: relative; margin-top:0; width: 100%; height: 100%}
+.header {height: 100px;margin-bottom: 5%;margin-left: 50px; background: url(/static/img/logo.png) left center no-repeat; }
+.header h1 a { display: block; }
+.content { overflow: hidden; margin-left: 10% }
+.content .con_left { float: left; height: 450px; width: 50%; margin-top: 65px}
+/*.content .con_left .box {position: absolute; width: 400px; height:400px; left: 50%; right: 50%; margin-left: -100px; margin-right: -100px;}*/
+.content .con_left p { padding: 0 0 3px; width: 10pc; color: #040000; font-size: 1pc; font-family: 'microsoft yahei', sans-serif; }
+.content .con_left a { padding: 0 0 0 2pc; color: #2f548e; text-decoration: underline; font-size: 1pc; font-family: 'microsoft yahei', sans-serif; }
+.content .con_right { float: left; margin: 65px 0 0; width: 28pc; height: 450px; border: 1px solid #dedede; background: #fff; }
+.content .con_right .con_r_top { padding: 0 0 0 39px; width: 409px; height: 110px; border-top: 8px solid #2e558e; }
+.content .con_right .con_r_top .left, .content .con_right .con_r_top .right { float: left; padding: 35px 0 0; width: 186px; height: 35px; text-align: center; text-decoration: none; font-size: 18px; font-family: "微软雅黑"; }
+.content .con_right .con_r_top .left { border-bottom: 2px solid #dedede; color: #999; }
+.content .con_right ul .con_r_left .erweima { text-align: center; }
+.content .con_right ul .con_r_left p {color: #2f548e; font-size: 25px; font-family: 'microsoft yahei', sans-serif; }
+.content .con_right ul .con_r_left .user input { margin: 0 0 21px -1px; padding-left: 7px; width: 324px; height: 33px; border: 1px solid #dedede; color: #999; font-size: 14px; font-family: "微软雅黑"; line-height: 2pc; }
+.content .con_right ul .con_r_left .user { padding: 0 0 0 39px; }
+.content .con_right ul .con_r_left .user ul{font-size: 16px; color: #333333}
+.content .con_right ul .con_r_left .user li{font-size: 16px; color: #333333}
+.content .con_right ul .con_r_left .user .user-icon { float: left; width: 36px; height: 35px; background: url(../img/user-icon.jpg) left top no-repeat; }
+.content .con_right ul .con_r_left .user .mima-icon { float: left; width: 36px; height: 35px; background: url(../img/mima-icon.jpg) left top no-repeat; }
+.content .con_right ul .con_r_left .user .unlock-icon { float: left; width: 36px; height: 35px; background: url(../img/unlock.jpg) left top no-repeat; }
+.content .con_right ul .con_r_left p { overflow: hidden; padding: 0 39px 37px; color: #666; font-size: 13px; font-family: 'microsoft yahei', sans-serif;  }
+.content .con_right ul .con_r_left p .mima { float: left; padding-left: 5px; text-decoration: none; }
+.content .con_right ul .con_r_left p .zhuce { float: right; text-decoration: none; }
+.content .con_right ul .con_r_left button { margin: 0 0 0 75pt; width: 250px; height: 44px; background: #2e558e; color: #fff; font-size: 1pc; font-family: 'microsoft yahei', sans-serif; }
+.content .con_right .con_r_top .right { border-bottom: 2px solid #2e558e; color: #333; }
+.content .con_right ul .con_r_right .user input { margin: 0 0 21px -1px; padding-left: 7px; width: 324px; height: 33px; border: 1px solid #dedede; color: #999; font-size: 14px; font-family: "微软雅黑"; line-height: 2pc; }
+.content .con_right ul .con_r_right .user { padding: 0 0 0 39px; }
+.content .con_right ul .con_r_right .user ul{font-size: 16px; color: #333333}
+.content .con_right ul .con_r_right .user li{font-size: 16px; color: #333333}
+.content .con_right ul .con_r_right .user .user-icon { float: left; width: 36px; height: 35px; background: url(../img/user-icon.jpg) left top no-repeat; }
+.content .con_right ul .con_r_right .user .mima-icon { float: left; width: 36px; height: 35px; background: url(../img/mima-icon.jpg) left top no-repeat; }
+.content .con_right ul .con_r_right .user .unlock-icon { float: left; width: 36px; height: 35px; background: url(../img/unlock.jpg) left top no-repeat; }
+.content .con_right ul .con_r_right p { overflow: hidden; padding: 0 39px 37px; color: #666; font-size: 13px; font-family: 'microsoft yahei', sans-serif; }
+.content .con_right ul .con_r_right p .mima { float: left; padding-left: 5px; text-decoration: none; }
+.content .con_right ul .con_r_right p .zhuce { float: right; text-decoration: none; }
+.content .con_right ul .con_r_right button { margin: 0 0 0 75pt; width: 250px; height: 44px; background: #2e558e; color: #fff; font-size: 1pc; font-family: 'microsoft yahei', sans-serif;  }
+.content .con_right ul .con_r_left { display: none; }
+.con_right ul .con_r_left .erweima { position: relative; margin: 0 auto; width: 365px; height: 330px; }
+.qrcode { position: absolute; top: 0; left: 0; width: 174px; height: 11pc; }
+.divimg { position: absolute; top: 50%; left: 50%; z-index: 100; overflow: hidden; margin-top: -15px; margin-left: -30px; padding: 1px; width: 60px; height: 30px; border: 1px solid #eee; border-radius: .5rem; background: #fff; opacity: .9; filter: alpha(opacity=90); -moz-opacity: .9; }
+.content .con_right ul .con_r_right .user .yanzheng { width: 150px; margin: 0 5px 10px 1px; padding-left: 5px; }
+.content .con_right ul .con_r_right .user .next { font-size: 12px; width: 40px; height: 33px; float: right; margin-right: 40px; }
+.content .con_right .con_r_top { *height: 90px; }
+
+.autoWidth{margin:0 auto;min-width:1000px;max-width:1200px}
+.auto{margin:0 auto;min-width:1000px;max-width:1200px}
+@media screen and (max-width:1233px){.auto{padding-left:10px}
+}
+.clearfix:after,.clearfix:before{display:table;line-height:0;content:""}
+.clearfix:after{clear:both}
+.clear-float{clear:both}
+
+.footer{background-color:#009fd9;font-family: 'microsoft yahei', sans-serif; }
+.footer-floor1{width:100%;padding:36px 0 60px}
+.footer-list{width:69%;height:100%;float:left}
+.footer-list ul{float:left;margin-right:13%}
+.footer-list .flist-4{margin-right:0}
+.footer-list li{line-height:32px}
+.footer-list li a{color:#b6e2f2;font-size:12px;text-decoration:none}
+.footer-list li a:hover{text-decoration:underline;color:#fff}
+.footer-list .flist-title{font-size:16px;color:#fff;margin-bottom:15px}
+.footer-floor2{width:100%;border-top:1px solid #4cc3ed;padding:20px 0;text-align:center}
+.footer-floor2 p{text-align:center;color:#b6e2f2;font-size:12px;line-height:30px}
+.footer-floor2 p span{font-family:PingFangSC-Light,'helvetica neue','hiragino sans gb',tahoma,'microsoft yahei ui','microsoft yahei',sans-serif}
+.footer-floor2 a{color:#b6e2f2}
+.footer-floor2 a:hover{color:#a8d0e0;text-decoration:underline}
+.foot-link{margin:0 15px;text-decoration:none;color:#b6e2f2}
+.foot-link:hover{text-decoration:underline}
+.footer-right{width:300px;float:right}
+.telephone{width:100%;height:32px;line-height:32px;color:#fff}
+.telephone .tel-number{font-size:30px;font-weight:400;text-align:right}
+.official-plat{width:100%;height:100%;margin-top:20px;position:relative}
+.official-plat ul{float:right;margin-top:7px}
+.official-plat ul li{height:45px}
+.official-plat ul a{display:inline-block;height:32px;width:100%;line-height:32px;color:#fff;text-decoration:none;font-size:12px}
+.official-plat>p{display:inline-block;width:132px;height:132px;border:1px solid #ddd;background-color:#fff}
+#wx-corner{border:10px solid transparent;border-left:10px solid #fff;position:absolute;top:12px;right:-20px;z-index:10}
+#wb-corner{border:10px solid transparent;border-left:10px solid #fff;position:absolute;top:58px;right:-20px;z-index:10}
+.five-superiority{width:100%;border-bottom:1px solid #27aede;padding:10px 0 20px}
+.five-superiority-list li{float:left;width:20%;height:36px;text-align:center;border-left:1px solid #27aede}
+.five-superiority-list li:first-child{border-left:none}
+.five-superiority-list li a{display:inline-block;position:relative;width:100%;height:36px;line-height:36px;background:no-repeat 2% center;text-indent:2em;color:#fff;font-size:16px}
+.five-superiority-list li a:hover{color:#bfe7f5}
+.five-superiority-list li a.superiority-text{text-indent:4em}
+.compensate_ico .superiority-icon{background-position:0 0}
+.compensate_ico:hover .superiority-icon{background-position:0 -50px}
+.retreat_ico .superiority-icon{background-position:0 -100px}
+.retreat_ico:hover .superiority-icon{background-position:0 -150px}
+.technology_ico .superiority-icon{background-position:0 -200px}
+.technology_ico:hover .superiority-icon{background-position:0 -250px}
+.prepare_ico .superiority-icon{background-position:0 -300px}
+.prepare_ico:hover .superiority-icon{background-position:0 -350px}
+.service_ico .superiority-icon{background-position:0 -400px}
+.service_ico:hover .superiority-icon{background-position:0 -450px}
+.marquee-box{overflow:hidden;width:100%;position:absolute;left:0;top:0}
+.marquee{width:8000%;height:60px}
+.wave-list-box{float:left}
+.wave-list-box ul{float:left;height:60px;overflow:hidden;zoom:1}
+.wave-list-box ul li{height:60px;width:100%;float:left;line-height:30px;list-style:none}
+.wave-box{position:relative;height:60px;background:#fff}
+

static/css/style.css

@@ -1,54 +1,66 @@
-html, body {
-    width: 100%;
-    height: 100%;
-}
-
-body {
-    font-family: "Microsoft Yahei", serif;
-    background: #fafafa;
-}
-
-a:link {
-    text-decoration: none;
-}
-
-a:hover {
-    cursor:pointer;
-}
-
-.a-middle-text {
-    text-align: center;
-}
-
-.grid {
-    padding: 1px;
-    line-height: 50px;
-    margin-bottom: 15px;
-}
-
-.middle-header {
-    margin-top: 30px;
-    line-height: 50px;
-    margin-bottom: 5%;
-    border-color: #b7b7b7;
-    font-weight: bold;
-    text-align: center;
-}
-.middle-header-title {
-    margin-top: 30px;
-    line-height: 50px;
-    border-color: #b7b7b7;
-    font-weight: bold;
+*{margin:0;padding:0;box-sizing:border-box;list-style:none}
+html{height: 100%; width:100%}
+body{font-family:"Microsoft Yahei";min-width:1000px}
+a{outline:0;text-decoration:none}
+strong{font-weight:400}
+.strong{font-weight:700}
+::selection{background:#1EACDF;color:#fff}
+img{border:0}
+::-moz-selection{background:#1EACDF;color:#fff}
+::-webkit-selection{background:#1EACDF;color:#fff}
+.autoWidth{margin:0 auto;min-width:1000px;max-width:1200px}
+.auto{margin:0 auto;min-width:1000px;max-width:1200px}
+@media screen and (max-width:1233px){.auto{padding-left:10px}
 }
+.clearfix:after,.clearfix:before{display:table;line-height:0;content:""}
+.clearfix:after{clear:both}
+.clear-float{clear:both}
 
 
-.layui-panel {
-    padding: 10px 20px;
-}
 
-.layui-elem-fieldset {
-    margin-top: 10%;
-    border-color: #b7b7b7;
-    border-radius: 6px;
-    background: #ffffff;
-}
+.footer{background-color:#009fd9;font-family:"Microsoft Yahei"}
+.footer-floor1{width:100%;padding:36px 0 60px}
+.footer-list{width:69%;height:100%;float:left}
+.footer-list ul{float:left;margin-right:13%}
+.footer-list .flist-4{margin-right:0}
+.footer-list li{line-height:32px}
+.footer-list li a{color:#b6e2f2;font-size:12px;text-decoration:none}
+.footer-list li a:hover{text-decoration:underline;color:#fff}
+.footer-list .flist-title{font-size:16px;color:#fff;margin-bottom:15px}
+.footer-floor2{width:100%;border-top:1px solid #4cc3ed;padding:20px 0;text-align:center}
+.footer-floor2 p{text-align:center;color:#b6e2f2;font-size:12px;line-height:30px}
+.footer-floor2 p span{font-family:PingFangSC-Light,'helvetica neue','hiragino sans gb',tahoma,'microsoft yahei ui','microsoft yahei',simsun,sans-serif}
+.footer-floor2 a{color:#b6e2f2}
+.footer-floor2 a:hover{color:#a8d0e0;text-decoration:underline}
+.foot-link{margin:0 15px;text-decoration:none;color:#b6e2f2}
+.foot-link:hover{text-decoration:underline}
+.footer-right{width:300px;float:right}
+.official-plat{width:100%;height:100%;margin-top:20px;position:relative}
+.official-plat ul{float:right;margin-top:7px}
+.official-plat ul li{height:45px}
+.official-plat ul a{display:inline-block;height:32px;width:100%;line-height:32px;color:#fff;text-decoration:none;font-size:12px}
+.official-plat>p{display:inline-block;width:132px;height:132px;border:1px solid #ddd;background-color:#fff}
+#wx-corner{border:10px solid transparent;border-left:10px solid #fff;position:absolute;top:12px;right:-20px;z-index:10}
+#wb-corner{border:10px solid transparent;border-left:10px solid #fff;position:absolute;top:58px;right:-20px;z-index:10}
+.five-superiority{width:100%;border-bottom:1px solid #27aede;padding:10px 0 20px}
+.five-superiority-list li{float:left;width:20%;height:36px;text-align:center;border-left:1px solid #27aede}
+.five-superiority-list li:first-child{border-left:none}
+.five-superiority-list li a{display:inline-block;position:relative;width:100%;height:36px;line-height:36px;background:no-repeat 2% center;text-indent:2em;color:#fff;font-size:16px}
+.five-superiority-list li a:hover{color:#bfe7f5}
+.five-superiority-list li a.superiority-text{text-indent:4em}
+.compensate_ico .superiority-icon{background-position:0 0}
+.compensate_ico:hover .superiority-icon{background-position:0 -50px}
+.retreat_ico .superiority-icon{background-position:0 -100px}
+.retreat_ico:hover .superiority-icon{background-position:0 -150px}
+.technology_ico .superiority-icon{background-position:0 -200px}
+.technology_ico:hover .superiority-icon{background-position:0 -250px}
+.prepare_ico .superiority-icon{background-position:0 -300px}
+.prepare_ico:hover .superiority-icon{background-position:0 -350px}
+.service_ico .superiority-icon{background-position:0 -400px}
+.service_ico:hover .superiority-icon{background-position:0 -450px}
+.marquee-box{overflow:hidden;width:100%;position:absolute;left:0;top:0}
+.marquee{width:8000%;height:60px}
+.wave-list-box{float:left}
+.wave-list-box ul{float:left;height:60px;overflow:hidden;zoom:1}
+.wave-list-box ul li{height:60px;width:100%;float:left;line-height:30px;list-style:none}
+.wave-box{position:relative;height:60px;background:#fff}

static/js/check.js

@@ -0,0 +1,87 @@
+$(function () {
+    $(".content .con_right .left").click(function (e) {
+        $(this).css({ "color": "#333333", "border-bottom": "2px solid #2e558e" });
+        $(".content .con_right .right").css({ "color": "#999999", "border-bottom": "2px solid #dedede" });
+        $(".content .con_right ul .con_r_left").css("display", "block");
+        $(".content .con_right ul .con_r_right").css("display", "none");
+    });
+
+    $(".content .con_right .right").click(function (e) {
+        $(this).css({ "color": "#333333", "border-bottom": "2px solid #2e558e" });
+        $(".content .con_right .left").css({ "color": "#999999", "border-bottom": "2px solid #dedede" });
+        $(".content .con_right ul .con_r_right").css("display", "block");
+        $(".content .con_right ul .con_r_left").css("display", "none");
+    });
+
+
+    $('#btn_modify').click(function () {
+        // ^(?=.*[0-9])(?=.*[a-zA-Z])(?=.*[!@#$\%\^\&\*\(\)])[0-9a-zA-Z!@#$\%\^\&\*\(\)]{8,32}$ 要求密码了里面包含字母、数字、特殊字符。
+         // (?=.*[0-9])(?=.*[a-zA-Z])(?=.*[^a-zA-Z0-9]).{8,30}  密码必须同时包含大写、小写、数字和特殊字符其中三项且至少8位
+        //  (?=.*?[a-z])(?=.*?[A-Z])(?=.*?\d)(?=.*?[!#@*&.])[a-zA-Z\d!#@*&.]*{8,30}$
+        //    判断密码满足大写字母，小写字母，数字和特殊字符，其中四种组合都需要包含
+        // (?=.*[0-9])(?=.*[a-zA-Z]).{8,30}   大小写字母+数字
+        regex_mail = new RegExp('^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+$')
+        regex_pwd = new RegExp('(?=.*[0-9])(?=.*[a-zA-Z])(?=.*[^a-zA-Z0-9]).{8,30}');
+        //if ($.trim($('#user_email').val()) === '') {
+        //    alert('请输入邮箱账号');
+        //    return false;
+        //} else if (!regex_mail.test($.trim($('#user_email').val()))) {
+        //    alert('请输入正确的邮箱账号。\n');
+        //    return false;
+        //} else
+        if ($.trim($('#old_password').val()) === '') {
+            alert('请输入旧密码');
+            return false;
+        } else if ($.trim($('#new_password').val()) === '') {
+            alert('请输入新密码');
+            return false;
+        } else if ($.trim($('#new_password').val()) === '1qaz@WSX') {
+            alert('密码1qaz@WSX为初始密码，禁止使用，请重新输入新密码。\n密码必须同时包含大写、小写、数字和特殊字符其中三项且至少8位。');
+            return false;
+        } else if (!regex_pwd.test($.trim($('#new_password').val()))) {
+            alert('密码不符合复杂度规则，请重新输入新密码。\n密码必须同时包含大写、小写、数字和特殊字符其中三项且至少8位。');
+            return false;
+        } else if ($.trim($('#ensure_password').val()) === '') {
+            alert('请再次输入新密码');
+            return false;
+        } else if ($.trim($('#new_password').val()) === $.trim($('#old_password').val())) {
+            alert('新旧密码不能一样');
+            return false;
+        } else if ($.trim($('#ensure_password').val()) !== $.trim($('#new_password').val())) {
+            alert('两次输入的新密码不一致');
+            return false;
+        } else {
+            return true;
+        }
+    });     
+
+    $('#btn_reset').click(function () {
+        let regex_mail = new RegExp('^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+$')
+        let regex_pwd = new RegExp('(?=.*[0-9])(?=.*[a-zA-Z])(?=.*[^a-zA-Z0-9]).{8,30}');
+        //if ($.trim($('#user_email').val()) === '') {
+        //alert('请输入邮箱账号');
+        //    return false;
+        //} else if (!regex_mail.test($.trim($('#user_email').val()))) {
+        //    alert('请输入正确的邮箱账号。\n');
+        //    return false;
+        //} else
+        if ($.trim($('#new_password').val()) === '') {
+            alert('请输入密码');
+            return false;
+        } else if ($.trim($('#ensure_password').val()) === '') {
+            alert('请再次输入新密码');
+            return false;
+        } else if ($.trim($('#new_password').val()) === '1qaz@WSX') {
+            alert('密码1qaz@WSX为初始密码，禁止使用，请重新输入新密码。\n密码必须同时包含大写、小写、数字和特殊字符其中三项且至少8位。');
+            return false;
+        } else if (!regex_pwd.test($.trim($('#new_password').val()))) {
+            alert('密码不符合复杂度规则，请重新输入新密码。\n密码必须同时包含大写、小写、数字和特殊字符其中三项且至少8位。\n例如：1qaz@WSX');
+            return false;
+        } else if ($.trim($('#ensure_password').val()) !== $.trim($('#new_password').val())) {
+            alert('两次输入的新密码不一致');
+            return false;
+        } else {
+            return true;
+        }
+    });
+})

static/js/ddLogin.js

@@ -0,0 +1,18 @@
+!function (window, document) {
+    function d(a) {
+        var e, c = document.createElement("iframe"),
+            d = "https://login.dingtalk.com/login/qrcode.htm?goto=" + a.goto ;
+        d += a.style ? "&style=" + encodeURIComponent(a.style) : "",
+            d += a.href ? "&href=" + a.href : "",
+            c.src = d,
+            c.frameBorder = "0",
+            c.allowTransparency = "true",
+            c.scrolling = "no",
+            c.width =  a.width ? a.width + 'px' : "365px",
+            c.height = a.height ? a.height + 'px' : "400px",
+            e = document.getElementById(a.id),
+            e.innerHTML = "",
+            e.appendChild(c)
+    }
+    window.DDLogin = d
+}(window, document);

static/js/html5.min.js

@@ -1 +0,0 @@
-(function(e,t){function n(e,t){var n=e.createElement("p"),i=e.getElementsByTagName("head")[0]||e.documentElement;return n.innerHTML="x<style>"+t+"</style>",i.insertBefore(n.lastChild,i.firstChild)}function i(){var e=m.elements;return"string"==typeof e?e.split(" "):e}function r(e){var t={},n=e.createElement,r=e.createDocumentFragment,o=r();e.createElement=function(e){m.shivMethods||n(e);var i;return i=t[e]?t[e].cloneNode():g.test(e)?(t[e]=n(e)).cloneNode():n(e),i.canHaveChildren&&!f.test(e)?o.appendChild(i):i},e.createDocumentFragment=Function("h,f","return function(){var n=f.cloneNode(),c=n.createElement;h.shivMethods&&("+i().join().replace(/\w+/g,function(e){return t[e]=n(e),o.createElement(e),'c("'+e+'")'})+");return n}")(m,o)}function o(e){var t;return e.documentShived?e:(m.shivCSS&&!d&&(t=!!n(e,"article,aside,details,figcaption,figure,footer,header,hgroup,nav,section{display:block}audio{display:none}canvas,video{display:inline-block;*display:inline;*zoom:1}[hidden]{display:none}audio[controls]{display:inline-block;*display:inline;*zoom:1}mark{background:#FF0;color:#000}")),h||(t=!r(e)),t&&(e.documentShived=t),e)}function a(e){for(var t,n=e.getElementsByTagName("*"),r=n.length,o=RegExp("^(?:"+i().join("|")+")$","i"),a=[];r--;)t=n[r],o.test(t.nodeName)&&a.push(t.applyElement(s(t)));return a}function s(e){for(var t,n=e.attributes,i=n.length,r=e.ownerDocument.createElement(b+":"+e.nodeName);i--;)t=n[i],t.specified&&r.setAttribute(t.nodeName,t.nodeValue);return r.style.cssText=e.style.cssText,r}function l(e){for(var t,n=e.split("{"),r=n.length,o=RegExp("(^|[\\s,>+~])("+i().join("|")+")(?=[[\\s,>+~#.:]|$)","gi"),a="$1"+b+"\\:$2";r--;)t=n[r]=n[r].split("}"),t[t.length-1]=t[t.length-1].replace(o,a),n[r]=t.join("}");return n.join("{")}function c(e){for(var t=e.length;t--;)e[t].removeNode()}function u(e){var t,i,r=e.namespaces,o=e.parentWindow;return!y||e.printShived?e:(r[b]===void 0&&r.add(b),o.attachEvent("onbeforeprint",function(){for(var r,o,s,c=e.styleSheets,u=[],d=c.length,h=Array(d);d--;)h[d]=c[d];for(;s=h.pop();)if(!s.disabled&&v.test(s.media)){for(r=s.imports,d=0,o=r.length;o>d;d++)h.push(r[d]);try{u.push(s.cssText)}catch(p){}}u=l(u.reverse().join("")),i=a(e),t=n(e,u)}),o.attachEvent("onafterprint",function(){c(i),t.removeNode(!0)}),e.printShived=!0,e)}var d,h,p=e.html5||{},f=/^<|^(?:button|form|map|select|textarea|object|iframe)$/i,g=/^<|^(?:a|b|button|code|div|fieldset|form|h1|h2|h3|h4|h5|h6|i|iframe|img|input|label|li|link|ol|option|p|param|q|script|select|span|strong|style|table|tbody|td|textarea|tfoot|th|thead|tr|ul)$/i;(function(){var n=t.createElement("a");n.innerHTML="<xyz></xyz>",d="hidden"in n,d&&"function"==typeof injectElementWithStyles&&injectElementWithStyles("#modernizr{}",function(t){t.hidden=!0,d="none"==(e.getComputedStyle?getComputedStyle(t,null):t.currentStyle).display}),h=1==n.childNodes.length||function(){try{t.createElement("a")}catch(e){return!0}var n=t.createDocumentFragment();return n.cloneNode===void 0||n.createDocumentFragment===void 0||n.createElement===void 0}()})();var m={elements:p.elements||"abbr article aside audio bdi canvas data datalist details figcaption figure footer header hgroup mark meter nav output progress section summary time video",shivCSS:p.shivCSS!==!1,shivMethods:p.shivMethods!==!1,type:"default",shivDocument:o};e.html5=m,o(t);var v=/^$|\b(?:all|print)\b/,b="html5shiv",y=!h&&function(){var n=t.documentElement;return t.namespaces!==void 0&&t.parentWindow!==void 0&&n.applyElement!==void 0&&n.removeNode!==void 0&&e.attachEvent!==void 0}();m.type+=" print",m.shivPrint=u,u(t)})(this,document);

static/js/respond.min.js

@@ -1,5 +0,0 @@
-/*! Respond.js v1.4.2: min/max-width media query polyfill * Copyright 2013 Scott Jehl
- * Licensed under https://github.com/scottjehl/Respond/blob/master/LICENSE-MIT
- *  */
-
-!function(a){"use strict";a.matchMedia=a.matchMedia||function(a){var b,c=a.documentElement,d=c.firstElementChild||c.firstChild,e=a.createElement("body"),f=a.createElement("div");return f.id="mq-test-1",f.style.cssText="position:absolute;top:-100em",e.style.background="none",e.appendChild(f),function(a){return f.innerHTML='&shy;<style media="'+a+'"> #mq-test-1 { width: 42px; }</style>',c.insertBefore(e,d),b=42===f.offsetWidth,c.removeChild(e),{matches:b,media:a}}}(a.document)}(this),function(a){"use strict";function b(){u(!0)}var c={};a.respond=c,c.update=function(){};var d=[],e=function(){var b=!1;try{b=new a.XMLHttpRequest}catch(c){b=new a.ActiveXObject("Microsoft.XMLHTTP")}return function(){return b}}(),f=function(a,b){var c=e();c&&(c.open("GET",a,!0),c.onreadystatechange=function(){4!==c.readyState||200!==c.status&&304!==c.status||b(c.responseText)},4!==c.readyState&&c.send(null))};if(c.ajax=f,c.queue=d,c.regex={media:/@media[^\{]+\{([^\{\}]*\{[^\}\{]*\})+/gi,keyframes:/@(?:\-(?:o|moz|webkit)\-)?keyframes[^\{]+\{(?:[^\{\}]*\{[^\}\{]*\})+[^\}]*\}/gi,urls:/(url\()['"]?([^\/\)'"][^:\)'"]+)['"]?(\))/g,findStyles:/@media *([^\{]+)\{([\S\s]+?)$/,only:/(only\s+)?([a-zA-Z]+)\s?/,minw:/\([\s]*min\-width\s*:[\s]*([\s]*[0-9\.]+)(px|em)[\s]*\)/,maxw:/\([\s]*max\-width\s*:[\s]*([\s]*[0-9\.]+)(px|em)[\s]*\)/},c.mediaQueriesSupported=a.matchMedia&&null!==a.matchMedia("only all")&&a.matchMedia("only all").matches,!c.mediaQueriesSupported){var g,h,i,j=a.document,k=j.documentElement,l=[],m=[],n=[],o={},p=30,q=j.getElementsByTagName("head")[0]||k,r=j.getElementsByTagName("base")[0],s=q.getElementsByTagName("link"),t=function(){var a,b=j.createElement("div"),c=j.body,d=k.style.fontSize,e=c&&c.style.fontSize,f=!1;return b.style.cssText="position:absolute;font-size:1em;width:1em",c||(c=f=j.createElement("body"),c.style.background="none"),k.style.fontSize="100%",c.style.fontSize="100%",c.appendChild(b),f&&k.insertBefore(c,k.firstChild),a=b.offsetWidth,f?k.removeChild(c):c.removeChild(b),k.style.fontSize=d,e&&(c.style.fontSize=e),a=i=parseFloat(a)},u=function(b){var c="clientWidth",d=k[c],e="CSS1Compat"===j.compatMode&&d||j.body[c]||d,f={},o=s[s.length-1],r=(new Date).getTime();if(b&&g&&p>r-g)return a.clearTimeout(h),h=a.setTimeout(u,p),void 0;g=r;for(var v in l)if(l.hasOwnProperty(v)){var w=l[v],x=w.minw,y=w.maxw,z=null===x,A=null===y,B="em";x&&(x=parseFloat(x)*(x.indexOf(B)>-1?i||t():1)),y&&(y=parseFloat(y)*(y.indexOf(B)>-1?i||t():1)),w.hasquery&&(z&&A||!(z||e>=x)||!(A||y>=e))||(f[w.media]||(f[w.media]=[]),f[w.media].push(m[w.rules]))}for(var C in n)n.hasOwnProperty(C)&&n[C]&&n[C].parentNode===q&&q.removeChild(n[C]);n.length=0;for(var D in f)if(f.hasOwnProperty(D)){var E=j.createElement("style"),F=f[D].join("\n");E.type="text/css",E.media=D,q.insertBefore(E,o.nextSibling),E.styleSheet?E.styleSheet.cssText=F:E.appendChild(j.createTextNode(F)),n.push(E)}},v=function(a,b,d){var e=a.replace(c.regex.keyframes,"").match(c.regex.media),f=e&&e.length||0;b=b.substring(0,b.lastIndexOf("/"));var g=function(a){return a.replace(c.regex.urls,"$1"+b+"$2$3")},h=!f&&d;b.length&&(b+="/"),h&&(f=1);for(var i=0;f>i;i++){var j,k,n,o;h?(j=d,m.push(g(a))):(j=e[i].match(c.regex.findStyles)&&RegExp.$1,m.push(RegExp.$2&&g(RegExp.$2))),n=j.split(","),o=n.length;for(var p=0;o>p;p++)k=n[p],l.push({media:k.split("(")[0].match(c.regex.only)&&RegExp.$2||"all",rules:m.length-1,hasquery:k.indexOf("(")>-1,minw:k.match(c.regex.minw)&&parseFloat(RegExp.$1)+(RegExp.$2||""),maxw:k.match(c.regex.maxw)&&parseFloat(RegExp.$1)+(RegExp.$2||"")})}u()},w=function(){if(d.length){var b=d.shift();f(b.href,function(c){v(c,b.href,b.media),o[b.href]=!0,a.setTimeout(function(){w()},0)})}},x=function(){for(var b=0;b<s.length;b++){var c=s[b],e=c.href,f=c.media,g=c.rel&&"stylesheet"===c.rel.toLowerCase();e&&g&&!o[e]&&(c.styleSheet&&c.styleSheet.rawCssText?(v(c.styleSheet.rawCssText,e,f),o[e]=!0):(!/^([a-zA-Z:]*\/\/)/.test(e)&&!r||e.replace(RegExp.$1,"").split("/")[0]===a.location.host)&&("//"===e.substring(0,2)&&(e=a.location.protocol+e),d.push({href:e,media:f})))}w()};x(),c.update=x,c.getEmValue=t,a.addEventListener?a.addEventListener("resize",b,!1):a.attachEvent&&a.attachEvent("onresize",b)}}(this);

static/layui/css/modules/code.css

@@ -1 +0,0 @@
-html #layuicss-skincodecss{display:none;position:absolute;width:1989px}.layui-code-view{display:block;position:relative;margin:10px 0;padding:0;border:1px solid #eee;border-left-width:6px;background-color:#fafafa;color:#333;font-family:Courier New;font-size:13px}.layui-code-title{position:relative;padding:0 10px;height:40px;line-height:40px;border-bottom:1px solid #eee;font-size:12px}.layui-code-title>.layui-code-about{position:absolute;right:10px;top:0;color:#b7b7b7}.layui-code-about>a{padding-left:10px}.layui-code-view>.layui-code-ol,.layui-code-view>.layui-code-ul{position:relative;overflow:auto}.layui-code-view>.layui-code-ol>li{position:relative;margin-left:45px;line-height:20px;padding:0 10px;border-left:1px solid #e2e2e2;list-style-type:decimal-leading-zero;*list-style-type:decimal;background-color:#fff}.layui-code-view>.layui-code-ol>li:first-child,.layui-code-view>.layui-code-ul>li:first-child{padding-top:10px}.layui-code-view>.layui-code-ol>li:last-child,.layui-code-view>.layui-code-ul>li:last-child{padding-bottom:10px}.layui-code-view>.layui-code-ul>li{position:relative;line-height:20px;padding:0 10px;list-style-type:none;*list-style-type:none;background-color:#fff}.layui-code-view pre{margin:0}.layui-code-dark{border:1px solid #0c0c0c;border-left-color:#3f3f3f;background-color:#0c0c0c;color:#c2be9e}.layui-code-dark>.layui-code-title{border-bottom:none}.layui-code-dark>.layui-code-ol>li,.layui-code-dark>.layui-code-ul>li{background-color:#3f3f3f;border-left:none}.layui-code-dark>.layui-code-ul>li{margin-left:6px}.layui-code-demo .layui-code{visibility:visible!important;margin:-15px;border-top:none;border-right:none;border-bottom:none}.layui-code-demo .layui-tab-content{padding:15px;border-top:none}

templates/auth.html

@@ -1,41 +0,0 @@
-{% extends 'base.html' %}
-{% load static %}
-{% block headerjs %}<script type="text/javascript" src="{% static 'js/dingtalk.open.js' %}"></script>{% endblock %}
-{% block paneltitle %}请稍后，授权信息认证中{% endblock %}
-{% block middleblock %}
-{% endblock %}
-{% block footerjs %}
-<script src="{% static 'layui/layui.js' %}"></script>
-<script>
-layui.use(['form', 'jquery', 'layer'], function () {
-let layer = layui.layer,
-    $ = layui.jquery;
-let re_url= ""
-let index_load = layer.load(1, {shade: 0.4});
-{% if app_type == 'DING' %}
-dd.ready(() => {
-    dd.runtime.permission.requestAuthCode({corpId: '{{ corp_id }}'}).then((result) => {
-        re_url = '/resetPassword?code=' + result.code
-        window.parent.parent.location.href=re_url;
-    }).catch(err => {
-        layer.close(index_load)
-        layer.open({
-            title : '出错啦！'
-            ,content: err
-            ,btn: '关闭'
-            ,btnAlign: 'c'
-            ,yes: function(){
-              layer.closeAll();
-            }
-        });
-    });
-});
-{% elif app_type == 'WEWORK' %}
-$(function () {
-    re_url = "https://open.weixin.qq.com/connect/oauth2/authorize?appid={{ app_id }}&agentid={{ agent_id }}&redirect_uri={{ redirect_url }}&response_type=code&scope=snsapi_privateinfo&state=#wechat_redirect"
-    window.parent.parent.location.href=re_url;
-})
-{% endif %}
-});
-</script>
-{% endblock %}

templates/base.html

@@ -1,57 +0,0 @@
-{% load static %}
-<!DOCTYPE html>
-<html>
-<head>
-    <meta charset="utf-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
-    <meta http-equiv="Pragma" content= "no-cache" />
-    <meta http-equiv="Cache-Control" content= "no-cache" />
-    <meta http-equiv="Expires" content= "0" />
-    <title>{{ global_title }}</title>
-    <link rel="stylesheet" href="{% static 'layui/css/layui.css' %}">
-    <link rel="stylesheet" href="{% static 'css/style.css' %}">
-    {% block headercss %}{% endblock %}
-    {% block headerjs %}{% endblock %}
-</head>
-<body>
-<!--[if lt IE 9]>
-  <script src="{% static 'js/html5.min.js' %}"></script>
-  <script src="{% static 'js/respond.min.js' %}"></script>
-<![endif]-->
-<div class="layui-container">
-    <div class="layui-row">
-        <div class="layui-hide-xs layui-col-md1">
-            <div class="grid"></div>
-        </div>
-        <div class="layui-col-xs12 layui-col-md10">
-            <div class="grid">
-                <div class="middle-header">
-                    <h1>{{ global_title }}</h1>
-                </div>
-                <div class="layui-panel">
-                    <div class="layui-row">
-                        {% block upmiddleheader %}{% endblock %}
-                    </div>
-                    <fieldset class="layui-elem-field  layui-field-title" style="margin-top: 20px;">
-                        <legend>
-                            {% block paneltitle %}{% endblock %}
-                        </legend>
-                    </fieldset>
-                    {% block middleblock %}{% endblock %}
-                </div>
-            </div>
-            <div class="grid">
-                {% block middleblockfoot %}
-                {% endblock %}
-            </div>
-        </div>
-        <div class="layui-hide-xs layui-col-md1">
-            <div class="grid"></div>
-        </div>
-    </div>
-</div>
-<script src="{% static 'layui/layui.js' %}" charset="utf-8"></script>
-{% block footercss %}{% endblock %}
-{% block footerjs %}{% endblock %}
-</body>
-</html>

templates/callbackCheck.html

@@ -0,0 +1,15 @@
+{% load static %}
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>密码自助服务</title>
+    <link type="text/css" rel="stylesheet" href="{% static 'css/login.css' %}">
+    <link type="text/css" rel="stylesheet" href="{% static 'css/load.css' %}">
+    <script type="text/javascript" src="{% static 'js/jquery-1.8.3.min.js' %}"></script>
+    <script type="text/javascript" src="{% static 'js/check.js' %}"></script>
+</head>
+<body style="overflow: hidden">
+
+<form name="callbackCheck" method="post" action="resetPassword" autocomplete="off">
+    {% csrf_token %}
+</form>
+</body></html>

templates/ding_index.html

@@ -0,0 +1,118 @@
+{% load static %}
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>密码自助服务</title>
+    <link type="text/css" rel="stylesheet" href="{% static 'css/login.css' %}">
+    <script type="text/javascript" src="{% static 'js/jquery-1.8.3.min.js' %}"></script>
+    <script type="text/javascript" src="{% static 'js/check.js' %}"></script>
+    <script src="https://g.alicdn.com/dingding/dinglogin/0.0.5/ddLogin.js"></script>
+</head>
+<body>
+    <div class="pagewrap">
+        <div class="main">
+            <div class="header">
+
+            </div>
+            <div class="content">
+                <div class="con_left" >
+                    <div style="margin: 0 auto; width:100%; height: 200px; line-height: 200px;" align="center">
+                        <p style="margin: 0 auto; color: #fdfdfe; font-size: 36px; width:100%; ">「域账号或邮箱」<small>密码自助平台</small></p>
+                    </div>
+                     <div style="margin: 0 auto; width:400px; height: 240px;">
+                         <p style="margin: 0 auto; color: #fdfdfe; font-size: 16px; width:100%;
+">提示：新密码要求满足8至30位长度(不包含空格)，至少包含大小写字母及数字组成。</p>
+                         <p style="margin: 0 auto; color: #fdfdfe; font-size: 16px; width:100%;
+">如果密码己遗忘，可点击[重置/解锁]，使用钉钉扫描验证后直接重置密码。</p>
+                    </div>
+                </div>
+                <div class="con_right">
+                    <div class="con_r_top">
+                        <a href="javascript:" class="right" style="color: rgb(51, 51, 51); border-bottom-width: 2px; border-bottom-style: solid; border-bottom-color: rgb(46, 85, 142);">修改密码</a>
+                        <a href="javascript:" class="left" style="color: rgb(153, 153, 153); border-bottom-width: 2px; border-bottom-style: solid; border-bottom-color: rgb(222, 222, 222);">重置/解锁</a>
+                    </div>
+                    <ul>
+                        <li class="con_r_right" style="display: block;">
+                           <form name="modifypwd" method="post" action="" autocomplete="off">
+                               {% csrf_token %}
+                                <div class="user">
+                                    <div><span class="user-icon"></span>
+                                        <input type="text" id="username" name="username" placeholder="格式：abc\lisi、lisi、lisi@abc.com" value="">
+                                    </div>
+                                    <div><span class="mima-icon"></span>
+                                        <input type="password" id="old_password" name="old_password"
+                                               placeholder=" 输入旧密码" value="">
+                                    </div>
+                                    <div><span class="mima-icon"></span>
+                                        <input type="password" id="new_password" name="new_password"
+                                               placeholder=" 输入新密码" value="">
+                                    </div>
+                                    <div><span class="mima-icon"></span>
+                                        <input type="password" id="ensure_password" name="ensure_password"
+                                               placeholder=" 再次输入新密码" value="">
+                                    </div>
+                                </div><br>
+                               <button id="btn_modify" type="submit">修改密码</button>
+                            </form>
+                        </li>
+
+                        <li class="con_r_left" style="display: none;">
+                            <div style="margin-top: -30px" class="erweima">
+                                <div style="width: 300px; height: 300px; margin: 0 auto" id="ding_code"></div>
+                                <script type="text/javascript">
+                                    // 构造钉钉登录
+                                    // 扫描之后需要跳转的域名，填写自己的修改密码的域名地址http或https
+                                    var home_url = "{{ home_url }}";
+                                    // 钉钉移动应用接入ID
+                                    var app_id = "{{ app_id }}";
+                                    var redirect_url = encodeURIComponent(home_url + '/callbackCheck');
+                                    var goto = encodeURIComponent('https://oapi.dingtalk.com/connect/qrconnect?appid='
+                                        + app_id
+                                        + '&response_type=code&scope=snsapi_login&state=STATE&redirect_uri='
+                                        + redirect_url);
+                                    var obj = DDLogin({
+                                        id: "ding_code",
+                                        goto: goto,
+                                        style: "border:none;background-color:#FFFFFF;",
+                                        width: "300",
+                                        height: "300"
+                                    });
+                                    var hanndleMessage = function (event) {
+                                        var origin = event.origin;
+                                        console.log("origin", event.origin)
+                                        //判断是否来自ddLogin扫码事件。
+                                        if (origin === "https://login.dingtalk.com") {
+                                            var loginTmpCode = event.data;
+                                            console.log("loginTmpCode", loginTmpCode);
+                                            if (loginTmpCode) {
+                                                //拿到loginTmpCode后就可以在这里构造跳转链接进行跳转了
+                                                location.href = 'https://oapi.dingtalk.com/connect/oauth2/sns_authorize?appid='
+                                                    + app_id
+                                                    + '&response_type=code&scope=snsapi_login&state=STATE&redirect_uri='
+                                                    + redirect_url
+                                                    + '&loginTmpCode=' + loginTmpCode;
+                                            }
+                                        }
+                                    };
+                                    if (typeof window.addEventListener !== 'undefined') {
+                                        window.addEventListener('message', hanndleMessage, false);
+                                    } else if (typeof window.attachEvent !== 'undefined') {
+                                        window.attachEvent('onmessage', hanndleMessage);
+                                    }
+                                </script>
+                            </div>
+                            <div style="height: 70px; margin-top: -30px">
+                                <p style="font-size: 18px; color: #2e558e" align="center">钉钉扫码验证用户信息</p>
+                            </div>
+                        </li>
+                    </ul>
+                </div>
+            </div>
+        </div>
+    </div>
+<script type="text/javascript">
+window.onload=function() {
+if (!!window.ActiveXObject || "ActiveXObject" in window)
+  alert("您当前使用的浏览器为IE或IE内核，因为IE各种体验问题，本网站不对IE兼容。\n为能正常使用密码自助修改服务，请更换谷歌、火狐等非IE核心的浏览器。\n如果是360、Maxthon等这类双核心浏览器，请切换至[极速模式]亦可。")
+}
+</script>
+</body></html>

templates/index.html

@@ -1,72 +0,0 @@
-{% extends 'base.html' %}
-{% load static %}
-{% block headerjs %}<script type="text/javascript" src="{% static 'js/dingtalk.open.js' %}"></script>{% endblock %}
-{% block paneltitle %}修改密码{% endblock %}
-{% block middleblock %}
-<div class="layui-row">
-    <form class="layui-form  layui-form-pane" action="/" method="post" autocomplete="off">{% csrf_token %}
-        <div class="layui-form-item">
-            <label class="layui-form-label">账号</label>
-            <div class="layui-input-block">
-                <input type="text" name="username" lay-verify="required" lay-verType="tips" autocomplete="off" placeholder="请输入账号" class="layui-input">
-            </div>
-        </div>
-        <div class="layui-form-item">
-            <label class="layui-form-label">旧密码</label>
-            <div class="layui-input-block">
-                <input type="password" lay-verify="required|newpass" lay-verType="tips" name="old_password" id="old_password" placeholder="请输入旧密码" autocomplete="off" class="layui-input">
-            </div>
-        </div>
-        <div class="layui-form-item">
-            <label class="layui-form-label">新密码</label>
-            <div class="layui-input-block">
-                <input type="password" lay-verify="pass" lay-verType="tips" name="new_password" id="new_password" placeholder="请输入新密码"  autocomplete="off" class="layui-input">
-            </div>
-        </div>
-        <div class="layui-form-item">
-            <label class="layui-form-label">确认密码</label>
-            <div class="layui-input-block">
-                <input type="password" lay-verify="pass|repass" lay-verType="tips" name="ensure_password" id="ensure_password" placeholder="再次确认新密码" autocomplete="off" class="layui-input">
-            </div>
-        </div>
-        <div class="layui-form-item">
-            <button type="submit" lay-submit="" class="layui-btn layui-btn-normal layui-btn-fluid">立即提交</button>
-        </div>
-        <div class="layui-form-item a-middle-text">
-            <span class="layui-breadcrumb">
-            <a class="layui-text" id="redirect_url" href="/auth"><i class="layui-icon layui-icon-refresh-3"></i> 重置/解锁账号</a>
-            </span>
-        </div>
-    </form>
-</div>
-{% endblock %}
-{% block middleblockfoot %}
-<blockquote class="layui-elem-quote layui-quote-nm">
-    新密码8至30位长度，要求包含大小写字母及数字。<br><br>
-    如果密码己遗忘，可点击上方<b>[<i class="layui-icon layui-icon-refresh-3"></i> 重置/解锁账号]</b>使用⌊{{ scan_app }}⌉应用内免登录授权并通过身份验证后进行重置/解锁账号。<br>
-    * 如果有当弹出提示<b>是否同意授权</b>时，请务必<b>全部同意</b>，否则无法获取关键信息，导致无法正常使用重置/解锁账号！
-</blockquote>
-{% endblock %}
-{% block footercss %}{% endblock %}
-{% block footerjs %}
-<script src="{% static 'layui/layui.js' %}"></script>
-<script>
-layui.use(['form', 'jquery', 'layer'], function () {
-    let form = layui.form,
-        $ = layui.jquery;
-    form.verify({
-        pass: [
-            /^(?=.*[0-9])(?=.*[a-zA-Z])(?=.*[^a-zA-Z0-9]).{8,30}$/,
-            '密码必须8到30位，要求包含大小写字母、数字与字符，且不能出现空格！'
-        ],
-        repass: function (value,item) {
-            if ($('#ensure_password').val() !== $('#new_password').val()) {
-                return '两次输入密码不一致！';
-            }},
-        newpass: function (value,item) {
-            if ($('#old_password').val() === $('#password').val()) {
-                return '新旧密码不能重复使用，请修正！';
-            }}});
-});
-</script>
-{% endblock %}

templates/messages.html

@@ -1,15 +1,44 @@
-{% extends 'base.html' %}
 {% load static %}
-{% block paneltitle %}结果{% endblock %}
-{% block middleblock %}
-<div class="layui-row">
-    <form class="layui-form  layui-form-pane" method="get" autocomplete="off">{% csrf_token %}
-        <div class="layui-form-item">
-            {{ msg }}
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" lang="zh"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>密码自助服务</title>
+    <link type="text/css" rel="stylesheet" href="{% static 'css/login.css' %}">
+    <script type="text/javascript" src="{% static 'js/jquery-1.8.3.min.js' %}"></script>
+    <script type="text/javascript" src="{% static 'js/check.js' %}"></script>
+</head>
+<body style="overflow: hidden">
+    <div class="pagewrap">
+        <div class="main">
+            <div class="header"></div>
+            <div class="content">
+                <div class="con_left" >
+                    <div style="margin: 0 auto; width:100%; height: 200px; line-height: 200px;" align="center">
+                        <p style="margin: 0 auto; color: #fdfdfe; font-size: 36px; width:100%; ">「域账号或邮箱」<small>密码自助平台</small></p>
                     </div>
-        <div class="layui-form-item">
-            <button type="button" class="layui-btn layui-btn-normal layui-btn-fluid" onclick="{{ button_click }}">{{ button_display }}</button>
+                     <div style="margin: 0 auto; width:400px; height: 240px;">
+                        <p style="margin: 0 auto; color: #fdfdfe; font-size: 16px; width:100%;
+">提示：新密码要求满足8至30位长度(不包含空格)，至少包含大小写字母及数字组成。</p>
+                         <p style="margin: 0 auto; color: #fdfdfe; font-size: 16px; width:100%;
+">如果密码己遗忘，可点击[重置/解锁]，使用钉钉扫描验证后直接重置密码。</p>
                     </div>
+                 </div>
+                <div class="con_right">
+                    <div class="con_r_top">
+                        <p class="right" style="color: rgb(51, 51, 51); border-bottom: 2px solid rgb(46, 85, 142);">提示</p>
+                    </div>
+                    <form name="msg" method="get" action="" autocomplete="off">
+                    <ul>
+                        <li class="con_r_right" style="display: block;">
+                            {% csrf_token %}
+                            <div class="user" style="height: 220px;">
+                            <p style="font-size: 16px;min-height: 1px; padding-left: 0; padding-right: 40px; margin:0">{{ msg }}</p>
+                            </div><br>
+                           <button id="btn_back" style="margin-top: 0" type="button" onclick="{{ button_click }}">{{ button_display }}</button>
+                        </li>
+                    </ul>
                     </form>
-</div>
-{% endblock %}
+                </div>
+            </div>
+        </div>
+    </div>
+</body></html>

templates/resetPassword.html

@@ -0,0 +1,72 @@
+{% load static %}
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>密码自助服务</title>
+    <link type="text/css" rel="stylesheet" href="{% static 'css/login.css' %}">
+    <link type="text/css" rel="stylesheet" href="{% static 'css/load.css' %}">
+    <script type="text/javascript" src="{% static 'js/jquery-1.8.3.min.js' %}"></script>
+    <script type="text/javascript" src="{% static 'js/check.js' %}"></script>
+</head>
+<body style="overflow: hidden">
+    <div class="pagewrap">
+        <div class="main">
+            <div class="header"></div>
+            <div class="content">
+                <div class="con_left" >
+                    <div style="margin: 0 auto; width:100%; height: 200px; line-height: 200px;" align="center"  >
+                        <p style="margin: 0 auto; color: #fdfdfe; font-size: 36px; width:100%; ">「域账号或邮箱」
+                            <small>密码自助平台</small></p>
+                    </div>
+                     <div style="margin: 0 auto; width:400px; height: 240px;">
+                        <p style="margin: 0 auto; color: #fdfdfe; font-size: 16px; width:100%;
+">提示：新密码要求满足8至30位长度，包含大小写字母及数字。</p>
+                         <p style="margin: 0 auto; color: #fdfdfe; font-size: 16px; width:100%;
+">如果密码己遗忘，可点击[重置/解锁]，使用钉钉扫描验证后直接重置密码。</p>
+                    </div>
+                 </div>
+                <div class="con_right">
+                    <div class="con_r_top">
+                        <p class="right" style="color: rgb(51, 51, 51); border-bottom: 2px solid rgb(46, 85, 142);">重置密码</p>
+                        <a href="javascript:" class="left" style="color: rgb(153, 153, 153); border-bottom-width:2px; border-bottom-style: solid; border-bottom-color: rgb(222, 222, 222);">解锁账号</a>
+                    </div>
+                    <ul>
+                        <li class="con_r_right" style="display: block;">
+                           <form name="resetPassword" method="post" action="" autocomplete="off">
+                                {% csrf_token %}
+                                <div class="user">
+                                    <div><span class="user-icon"></span>
+                                        <input type="text" id="username" name="username" readonly placeholder="{{ username }}" value="{{ username }}">
+                                    </div>
+                                    <div><span class="mima-icon"></span>
+                                           <input type="password" id="new_password" name="new_password"
+                                                placeholder=" 输入新密码" value="">
+                                    </div>
+                                    <div><span class="mima-icon"></span>
+                                        <input type="password" id="ensure_password" name="ensure_password" placeholder=" 再次输入新密码" value="">
+                                    </div>
+                                </div><br>
+                               <p style="height: 20px">会话有效期5分钟，重密码会自动解锁被锁定的账号。</p>
+                               <button id="btn_reset" style="margin-top: 0" type="submit">重置密码</button>
+				            </form>
+                        </li>
+
+                         <li class="con_r_left" style="display: none;">
+                             <form name="unlockAccount" method="post" action="unlockAccount" autocomplete="off">
+                                {% csrf_token %}
+                                <div class="user" style="height: 168px">
+                                    <div><span class="user-icon"></span>
+                                        <input type="text" id="username" name="username" readonly placeholder="{{ username }}" value="{{ username }}">
+                                    </div>
+                                    <span class="msgs"></span>
+
+                                </div><br>
+                               <p style="height: 20px">会话有效期5分钟</p>
+                               <button id="btn_unlock" style="margin-top: 0px" type="submit">解锁账号</button>
+				            </form>
+                         </li>
+                    </ul>
+                </div>
+            </div>
+        </div>
+    </div>
+</body></html>

templates/reset_password.html

@@ -1,63 +0,0 @@
-{% extends 'base.html' %}
-{% load static %}
-{% block paneltitle %}重置密码{% endblock %}
-{% block middleblock %}
-<div class="layui-row">
-    <form class="layui-form  layui-form-pane" name="resetPassword" method="post" action="" autocomplete="off">{% csrf_token %}
-        <div class="layui-form-item">
-            <label class="layui-form-label">账号</label>
-            <div class="layui-input-block">
-                <input type="text" name="username" lay-verify="required" lay-verType="tips" autocomplete="off" readonly value="{{ username }}" class="layui-input">
-                <input type="hidden" id="code" name="code" readonly value="{{ code }}">
-            </div>
-        </div>
-        <div class="layui-form-item">
-            <label class="layui-form-label">新密码</label>
-            <div class="layui-input-block">
-                <input type="password" lay-verify="pass" lay-verType="tips" name="new_password" id="new_password" placeholder="请输入新密码"  autocomplete="off" class="layui-input">
-            </div>
-        </div>
-        <div class="layui-form-item">
-            <label class="layui-form-label">确认密码</label>
-            <div class="layui-input-block">
-                <input type="password" lay-verify="pass|repass" lay-verType="tips" name="ensure_password" id="ensure_password" placeholder="再次确认新密码" autocomplete="off" class="layui-input">
-            </div>
-        </div>
-        <div class="layui-form-item">
-            <button type="submit" lay-submit="" class="layui-btn layui-btn-normal layui-btn-fluid">立即提交</button>
-        </div>
-        <div class="layui-form-item a-middle-text">
-            <span class="layui-breadcrumb">
-            <a class="layui-text" href="/"><i class="layui-icon layui-icon-prev"></i> 修改密码</a>
-            <a class="layui-text" id="redirect_url" href="/unlockAccount?code={{ code }}&username={{ username }}"><i class="layui-icon layui-icon-password"></i> 解锁账号</a>
-            </span>
-        </div>
-    </form>
-</div>
-{% endblock %}
-{% block middleblockfoot %}
-<blockquote class="layui-elem-quote layui-quote-nm">
-    新密码8至30位长度，要求包含大小写字母及数字。
-    <p>会话有效期5分钟，重置密码会自动解锁账号(己禁用的账号不会生效)</p>
-</blockquote>
-{% endblock %}
-{% block footerjs %}
-<script src="{% static 'layui/layui.js' %}"></script>
-<script>
-layui.use(['form', 'jquery',], function () {
-    let form = layui.form,
-        $ = layui.jquery;
-    form.verify({
-        pass: [
-            /^(?=.*[0-9])(?=.*[a-zA-Z])(?=.*[^a-zA-Z0-9]).{8,30}$/,
-            '密码必须8到30位，要求包含大小写字母、数字与字符，且不能出现空格！'
-        ],
-        repass: function (value,item) {
-            if ($('#ensure_password').val() !== $('#new_password').val()) {
-                return '两次输入密码不一致！';
-            }
-        }
-        });
-});
-</script>
-{% endblock %}

templates/unlock.html

@@ -1,31 +0,0 @@
-{% extends 'base.html' %}
-{% load static %}
-{% block paneltitle %}解锁账号{% endblock %}
-{% block middleblock %}
-<div class="layui-row">
-    <form class="layui-form  layui-form-pane" name="unlockAccount" method="post" action="" autocomplete="off">{% csrf_token %}
-        <div class="layui-form-item">
-            <label class="layui-form-label">账号</label>
-            <div class="layui-input-block">
-                <input type="text" name="username" lay-verify="required" lay-verType="tips" autocomplete="off" readonly value="{{ username }}" class="layui-input">
-                <input type="hidden" id="code" name="code" readonly value="{{ code }}">
-            </div>
-        </div>
-        <div class="layui-form-item">
-            <button type="submit" lay-submit="" class="layui-btn layui-btn-normal layui-btn-fluid">立即提交</button>
-        </div>
-        <div class="layui-form-item a-middle-text">
-            <span class="layui-breadcrumb">
-            <a class="layui-text" href="/"><i class="layui-icon layui-icon-prev"></i> 修改密码</a>
-            <a class="layui-text" id="redirect_url" href="/resetPassword?code={{ code }}&username={{ username }}"><i class="layui-icon layui-icon-refresh-1"></i> 重置密码</a>
-            </span>
-        </div>
-    </form>
-</div>
-{% endblock %}
-{% block middleblockfoot %}
-<blockquote class="layui-elem-quote layui-quote-nm">
-    新密码8至30位长度，要求包含大小写字母及数字。
-    <p>会话有效期5分钟</p>
-</blockquote>
-{% endblock %}

templates/we_index.html

@@ -0,0 +1,98 @@
+{% load static %}
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+    <title>密码自助服务</title>
+    <link type="text/css" rel="stylesheet" href="{% static 'css/login.css' %}">
+    <script type="text/javascript" src="{% static 'js/jquery-1.8.3.min.js' %}"></script>
+    <script type="text/javascript" src="{% static 'js/check.js' %}"></script>
+    <script src="https://rescdn.qqmail.com/node/ww/wwopenmng/js/sso/wwLogin-1.0.0.js"></script>
+</head>
+<body>
+<div class="pagewrap">
+    <div class="main">
+        <div class="header">
+        </div>
+        <div class="content">
+            <div class="con_left">
+                <div style="margin: 0 auto; width:100%; height: 200px; line-height: 200px;" align="center">
+                    <p style="margin: 0 auto; color: #fdfdfe; font-size: 36px; width:100%; ">「域账号或邮箱」<small>密码自助平台</small></p>
+                </div>
+                <div style="margin: 0 auto; width:400px; height: 240px;">
+                    <p style="margin: 0 auto; color: #fdfdfe; font-size: 16px; width:100%;
+">提示：新密码要求满足8至30位长度(不包含空格)，至少包含大小写字母及数字组成。</p>
+                    <p style="margin: 0 auto; color: #fdfdfe; font-size: 16px; width:100%;
+">如果密码己遗忘，可点击[重置/解锁]，使用钉钉扫描验证后直接重置密码。</p>
+                </div>
+            </div>
+            <div class="con_right">
+                <div class="con_r_top">
+                    <a href="javascript:" class="right"
+                       style="color: rgb(51, 51, 51); border-bottom-width: 2px; border-bottom-style: solid; border-bottom-color: rgb(46, 85, 142);">修改密码</a>
+                    <a href="javascript:" class="left"
+                       style="color: rgb(153, 153, 153); border-bottom-width: 2px; border-bottom-style: solid; border-bottom-color: rgb(222, 222, 222);">重置/解锁</a>
+                </div>
+                <ul>
+                    <li class="con_r_right" style="display: block;">
+                        <form name="modifypwd" method="post" action="" autocomplete="off">
+                            {% csrf_token %}
+                            <div class="user">
+                                <div><span class="user-icon"></span>
+                                    <input type="text" id="username" name="username" placeholder="格式：abc\lisi、lisi、lisi@abc.com" value="">
+                                </div>
+                                <div><span class="mima-icon"></span>
+                                    <input type="password" id="old_password" name="old_password"
+                                           placeholder=" 输入旧密码" value="">
+                                </div>
+                                <div><span class="mima-icon"></span>
+                                    <input type="password" id="new_password" name="new_password"
+                                           placeholder=" 输入新密码" value="">
+                                </div>
+                                <div><span class="mima-icon"></span>
+                                    <input type="password" id="ensure_password" name="ensure_password"
+                                           placeholder=" 再次输入新密码" value="">
+                                </div>
+                            </div>
+                            <br>
+                            <button id="btn_modify" type="submit">修改密码</button>
+                        </form>
+                    </li>
+
+                    <li class="con_r_left" style="display: none;">
+                        <div style="margin-top: -30px" class="erweima">
+                            <div style="width: 300px; height: 300px; margin: 0 auto" id="we_code"></div>
+                            <script type="text/javascript">
+                                let home_url = "{{ home_url }}";
+                                let app_id = "{{ app_id }}";
+                                let agent_id = "{{ agent_id }}"
+                                let redirect_url = encodeURIComponent(home_url + '/callbackCheck');
+                                window.WwLogin({
+                                    id: "we_code",
+                                    appid: app_id,
+                                    agentid: agent_id,
+                                    redirect_uri: redirect_url,
+                                    // 样式使用base64加密，而不使用https的方式
+                                    href: 'data:text/css;base64, ' +
+                                        'LmltcG93ZXJCb3ggLnRpdGxlIHtkaXNwbGF5OiBub25lO30KLmltcG93ZXJCb3ggLnFyY29kZSB7d2lkdGg6IDIyMHB4O30KLmltcG93ZXJCb3ggLmluZm8ge3dpZHRoOiAyMjBweDt9Ci5zdGF0dXNfaWNvbiB7ZGlzcGxheTogbm9uZSAgIWltcG9ydGFudH0KLmltcG93ZXJCb3ggLnN0YXR1cy5zdGF0dXNfYnJvd3NlciB7ZGlzcGxheTogbm9uZTt9Ci5pbXBvd2VyQm94IC5zdGF0dXMge3RleHQtYWxpZ246IGNlbnRlcjt9'
+                                });
+                            </script>
+                        </div>
+                        <div style="height: 70px; margin-top: -30px">
+                            <p style="font-size: 18px; color: #2e558e" align="center">企业微信扫码验证用户信息</p>
+                        </div>
+
+                    </li>
+                </ul>
+            </div>
+        </div>
+    </div>
+</div>
+<script type="text/javascript">
+    window.onload = function () {
+        if (!!window.ActiveXObject || "ActiveXObject" in window)
+            alert("您当前使用的浏览器为IE或IE内核，因为IE各种体验问题，本网站不对IE兼容。\n为能正常使用密码自助修改服务，请更换谷歌、火狐等非IE核心的浏览器。\n如果是360、Maxthon等这类双核心浏览器，请切换至[极速模式]亦可。")
+    }
+</script>
+</body>
+</html>

utils/ad_ops.py

@@ -1,20 +1,15 @@
+import ldap3
 from ldap3 import *
-from ldap3.core.exceptions import LDAPInvalidCredentialsResult, LDAPOperationResult, LDAPExceptionError, LDAPException, \
-    LDAPSocketOpenError
+from ldap3.core.exceptions import LDAPInvalidCredentialsResult, LDAPOperationResult, LDAPExceptionError,LDAPException
 from ldap3.core.results import *
 from ldap3.utils.dn import safe_dn
 import os
-from utils.tracecalls import decorator_logger
-import logging
-
 APP_ENV = os.getenv('APP_ENV')
 if APP_ENV == 'dev':
     from conf.local_settings_dev import *
 else:
     from conf.local_settings import *
 
-logger = logging.getLogger(__name__)
-
 """
 根据以下网站的说明：
 https://docs.microsoft.com/zh-cn/troubleshoot/windows/win32/change-windows-active-directory-user-password
@@ -41,8 +36,7 @@ unicodePwd 属性的语法为 octet-string;但是，目录服务预期八进制
 
 class AdOps(object):
 
-    def __init__(self, auto_bind=True, use_ssl=LDAP_USE_SSL, port=LDAP_CONN_PORT, domain=LDAP_DOMAIN, user=LDAP_LOGIN_USER,
-                 password=LDAP_LOGIN_USER_PWD,
+    def __init__(self, auto_bind=True, use_ssl=AD_USE_SSL, port=AD_CONN_PORT, domain=AD_DOMAIN, user=AD_LOGIN_USER, password=AD_LOGIN_USER_PWD,
                  authentication=NTLM):
         """
         AD连接器 authentication  [SIMPLE, ANONYMOUS, SASL, NTLM]
@@ -51,45 +45,23 @@ class AdOps(object):
         """
         self.use_ssl = use_ssl
         self.port = port
-        # 如果doamin\\user中doamin部分被写成域名格式， 只提取DOMAIN部分
-        self.domain = domain.split('.')[0] if domain is not None else None
+        self.domain = domain
         self.user = user
         self.password = password
         self.authentication = authentication
         self.auto_bind = auto_bind
-        self.server = None
-        self.conn = None
 
-    def __server(self):
-        if self.server is None:
+        server = Server(host='%s' % AD_HOST, connect_timeout=1, use_ssl=self.use_ssl, port=port, get_info=ALL)
         try:
-                self.server = Server(host='%s' % LDAP_HOST, connect_timeout=1, use_ssl=self.use_ssl, port=self.port, get_info=ALL)
+            self.conn = Connection(server, auto_bind=self.auto_bind, user=r'{}\{}'.format(self.domain, self.user), password=self.password,
+                                   authentication=self.authentication, raise_exceptions=True)
         except LDAPInvalidCredentialsResult as lic_e:
-                return False, LDAPOperationResult("LDAPInvalidCredentialsResult: " + str(lic_e.message))
+            raise LDAPOperationResult("LDAPInvalidCredentialsResult: " + str(lic_e.message))
         except LDAPOperationResult as lo_e:
-                return False, LDAPOperationResult("LDAPOperationResult: " + str(lo_e.message))
+            raise LDAPOperationResult("LDAPOperationResult: " + str(lo_e.message))
         except LDAPException as l_e:
-                return False, LDAPException("LDAPException: " + str(l_e))
+            raise LDAPException("LDAPException: " + str(l_e))
 
-    def __conn(self):
-        if self.conn is None:
-            try:
-                self.__server()
-                self.conn = Connection(self.server,
-                                       auto_bind=self.auto_bind, user=r'{}\{}'.format(self.domain, self.user),
-                                       password=self.password,
-                                       authentication=self.authentication,
-                                       raise_exceptions=True)
-            except LDAPInvalidCredentialsResult as lic_e:
-                return False, LDAPOperationResult("LDAPInvalidCredentialsResult: " + str(lic_e.message))
-
-            except LDAPOperationResult as lo_e:
-                return False, LDAPOperationResult("LDAPOperationResult: " + str(lo_e.message))
-
-            except LDAPException as l_e:
-                return False, LDAPException("LDAPException: " + str(l_e))
-
-    @decorator_logger(logger, log_head='AdOps', pretty=True, indent=2, verbose=1)
     def ad_auth_user(self, username, password):
         """
         验证账号
@@ -98,9 +70,8 @@ class AdOps(object):
         :return: True or False
         """
         try:
-            self.__server()
-            c_auth = Connection(server=self.server, user=r'{}\{}'.format(self.domain, username), password=password,
-                                auto_bind=True, raise_exceptions=True)
+            server = Server(host='%s' % AD_HOST, use_ssl=self.use_ssl, port=self.port, get_info=ALL)
+            c_auth = Connection(server=server, user=r'{}\{}'.format(self.domain, username), password=password, auto_bind=True, raise_exceptions=True)
             c_auth.unbind()
             return True, '旧密码验证通过。'
         except LDAPInvalidCredentialsResult as e:
@@ -120,15 +91,11 @@ class AdOps(object):
                 # 如果仅仅使用普通凭据来绑定ldap用途，请返回False, 让用户通过其他途径修改密码后再来验证登陆
                 # return False, '用户登陆前必须修改密码！'
                 # 设置该账号下次登陆不需要更改密码，再验证一次
-                self.__conn()
-                self.conn.search(search_base=BASE_DN, search_filter=SEARCH_FILTER.format(username),
-                                 attributes=['pwdLastSet'])
+                self.conn.search(search_base=BASE_DN, search_filter='(sAMAccountName={}))'.format(username), attributes=['pwdLastSet'])
                 self.conn.modify(self.conn.entries[0].entry_dn, {'pwdLastSet': [(MODIFY_REPLACE, ['-1'])]})
-                return True, self.ad_auth_user(username, password)
+                return self.ad_auth_user(username, password)
             else:
                 return False, u'旧密码认证失败，请确认账号的旧密码是否正确或使用重置密码功能。'
-        except LDAPException as e:
-            return False, "连接Ldap失败，报错如下：{}".format(e)
 
     def ad_ensure_user_by_account(self, username):
         """
@@ -137,14 +104,22 @@ class AdOps(object):
         :return: True or False
         """
         try:
-            self.__conn()
-            return True, self.conn.search(BASE_DN, SEARCH_FILTER.format(username), attributes=['sAMAccountName'])
-        except IndexError:
-            return False, "AdOps Exception: Connect.search未能检索到任何信息，当前账号可能被排除在<SEARCH_FILTER>之外，请联系管理员处理。"
+            return True, self.conn.search(BASE_DN, '(&(objectclass=user)(sAMAccountName={}))'.format(username), attributes=['sAMAccountName'])
         except Exception as e:
-            return False, "AdOps Exception: {}".format(e)
+            return False, "AdOps Exception: {}" .format(e)
+
+    def ad_get_user_displayname_by_account(self, username):
+        """
+        通过username查询某个用户的显示名
+        :param username:
+        :return: user_displayname
+        """
+        try:
+            self.conn.search(BASE_DN, '(&(objectclass=user)(sAMAccountName={}))'.format(username), attributes=['name'])
+            return True, self.conn.entries[0]['name']
+        except Exception as e:
+            return False, "AdOps Exception: {}" .format(e)
 
-    @decorator_logger(logger, log_head='AdOps', pretty=True, indent=2, verbose=1)
     def ad_get_user_dn_by_account(self, username):
         """
         通过username查询某个用户的完整DN
@@ -152,19 +127,11 @@ class AdOps(object):
         :return: DN
         """
         try:
-            self.__conn()
-            self.conn.search(BASE_DN, SEARCH_FILTER.format(username),
-                             attributes=['distinguishedName'])
+            self.conn.search(BASE_DN, '(&(objectclass=user)(sAMAccountName={}))'.format(username), attributes=['distinguishedName'])
             return True, str(self.conn.entries[0]['distinguishedName'])
-        except IndexError:
-            logger.error("AdOps Exception: Connect.search未能检索到任何信息，当前账号可能被排除在<SEARCH_FILTER>之外，请联系管理员处理。")
-            logger.error("self.conn.search(BASE_DN, {}, attributes=['distinguishedName'])".format(SEARCH_FILTER.format(username)))
-            return False, "AdOps Exception: Connect.search未能检索到任何信息，当前账号可能被排除在<SEARCH_FILTER>之外，请联系管理员处理。"
         except Exception as e:
-            logger.error("AdOps Exception: {}".format(e))
-            return False, "AdOps Exception: {}".format(e)
+            return False, "AdOps Exception: {}" .format(e)
 
-    @decorator_logger(logger, log_head='AdOps', pretty=True, indent=2, verbose=1)
     def ad_get_user_status_by_account(self, username):
         """
         通过username查询某个用户的账号状态
@@ -172,19 +139,11 @@ class AdOps(object):
         :return: user_account_control code
         """
         try:
-            self.__conn()
-            self.conn.search(BASE_DN, SEARCH_FILTER.format(username), attributes=['userAccountControl'])
+            self.conn.search(BASE_DN, '(&(objectclass=user)(sAMAccountName={}))'.format(username), attributes=['userAccountControl'])
             return True, self.conn.entries[0]['userAccountControl']
-        except IndexError:
-            logger.error("AdOps Exception: Connect.search未能检索到任何信息，当前账号可能被排除在<SEARCH_FILTER>之外，请联系管理员处理。")
-            logger.error("self.conn.search({}, {}, attributes=['userAccountControl'])".format(BASE_DN, SEARCH_FILTER.format(username)))
-            logger.info("self.conn.entries -- {}".format(self.conn.entries))
-            return False, "AdOps Exception: Connect.search未能检索到任何信息，当前账号可能被排除在<SEARCH_FILTER>之外，请联系管理员处理。"
         except Exception as e:
-            logger.error("AdOps Exception: {}".format(e))
-            return False, "AdOps Exception: {}".format(e)
+            return False, "AdOps Exception: {}" .format(e)
 
-    @decorator_logger(logger, log_head='AdOps', pretty=True, indent=2, verbose=1)
     def ad_unlock_user_by_account(self, username):
         """
         通过username解锁某个用户
@@ -195,15 +154,11 @@ class AdOps(object):
         if _status:
             try:
                 return True, self.conn.extend.microsoft.unlock_account(user='%s' % user_dn)
-            except IndexError:
-                return False, "AdOps Exception: Connect.search未能检索到任何信息，当前账号可能被排除在<SEARCH_FILTER>之外，请联系管理员处理。"
             except Exception as e:
-                logger.error("AdOps Exception: {}".format(e))
                 return False, "AdOps Exception: {}".format(e)
         else:
             return False, user_dn
 
-    @decorator_logger(logger, log_head='AdOps', pretty=True, indent=2, verbose=1)
     def ad_reset_user_pwd_by_account(self, username, new_password):
         """
         重置某个用户的密码
@@ -233,15 +188,13 @@ class AdOps(object):
             # change was not successful, raises exception if raise_exception = True in connection or returns the operation result, error code is in result['result']
             if self.conn.raise_exceptions:
                 from ldap3.core.exceptions import LDAPOperationResult
-                _msg = LDAPOperationResult(result=result['result'], description=result['description'], dn=result['dn'],
-                                           message=result['message'],
+                _msg = LDAPOperationResult(result=result['result'], description=result['description'], dn=result['dn'], message=result['message'],
                                            response_type=result['type'])
                 return False, _msg
             return False, result['result']
         else:
             return False, user_dn
 
-    @decorator_logger(logger, log_head='AdOps', pretty=True, indent=2, verbose=1)
     def ad_get_user_locked_status_by_account(self, username):
         """
         通过username获取某个用户账号是否被锁定
@@ -249,15 +202,35 @@ class AdOps(object):
         :return: 如果结果是1601-01-01说明账号未锁定，返回0
         """
         try:
-            self.__conn()
-            self.conn.search(BASE_DN, SEARCH_FILTER.format(username),
-                             attributes=['lockoutTime'])
+            self.conn.search(BASE_DN, '(&(objectclass=user)(sAMAccountName={}))'.format(username), attributes=['lockoutTime'])
             locked_status = self.conn.entries[0]['lockoutTime']
             if '1601-01-01' in str(locked_status):
                 return True, 'unlocked'
             else:
                 return False, locked_status
-        except IndexError:
-            return False, "AdOps Exception: Connect.search未能检索到任何信息，当前账号可能被排除在<SEARCH_FILTER>之外，请联系管理员处理。"
         except Exception as e:
-            return False, "AdOps Exception: {}".format(e)
+            return False, "AdOps Exception: {}" .format(e)
+
+
+if __name__ == '__main__':
+    # server = Server(host='%s' % AD_HOST, use_ssl=AD_USE_SSL, port=AD_CONN_PORT, get_info=ALL)
+    # conn = Connection(server, auto_bind=True, user=str(AD_LOGIN_USER).lower(), password=AD_LOGIN_USER_PWD, authentication=SIMPLE)
+    # # conn.bind()
+    # # conn.search(BASE_DN, '(&(objectclass=user)(sAMAccountName=xiangle))', attributes=['name'])
+    # # print(conn.entries[0])
+    # print(conn.result)
+
+    # conn = _ad_connect()
+    # user = 'zhangsan'
+    # old_password = 'K2dhhuT1Zf11111cnJ1ollC3y'
+    # # old_password = 'L1qyrmZDUFeYW1OIualjlNhr4'
+    # new_password = 'K2dhhuT1Zf11111cnJ1ollC3y'
+    # ad_ops = AdOps()
+    # # ad_ops = AdOps(user=user, password=old_password)
+    # status, msg = ad_ops.ad_auth_user(username=user, password=old_password)
+    # print(msg)
+    # if status:
+    #     res = ad_ops.ad_reset_user_pwd_by_account(user, new_password)
+    #     print(res)
+    _ad = AdOps()
+    print(_ad.ad_ensure_user_by_account('le.xiang'))

utils/crypto_ops.py

@@ -0,0 +1,17 @@
+from cryptography.fernet import Fernet
+
+
+class Crypto(object):
+    """docstring for ClassName"""
+    def __init__(self, key):
+        self.factory = Fernet(key)
+
+    # 加密
+    def encrypt(self, string):
+        token = str(self.factory.encrypt(string.encode('utf-8')), 'utf-8')
+        return token
+
+    # 解密
+    def decrypt(self, token):
+        string = self.factory.decrypt(bytes(token.encode('utf-8'))).decode('utf-8')
+        return string

utils/dingding_ops.py

@@ -1,11 +1,17 @@
 # -*- coding: utf-8 -*-
 from __future__ import absolute_import, unicode_literals
 
+import base64
+import hmac
+import time
+from hashlib import sha256
+from urllib.parse import quote
+
+import requests
 from dingtalk.client import AppKeyClient
 from pwdselfservice import cache_storage
 
 import os
-
 APP_ENV = os.getenv('APP_ENV')
 
 if APP_ENV == 'dev':
@@ -15,8 +21,7 @@ else:
 
 
 class DingDingOps(AppKeyClient):
-    def __init__(self, corp_id=DING_CORP_ID, app_key=DING_APP_KEY, app_secret=DING_APP_SECRET, mo_app_id=DING_MO_APP_ID,
-                 mo_app_secret=DING_MO_APP_SECRET,
+    def __init__(self, corp_id=DING_CORP_ID, app_key=DING_APP_KEY, app_secret=DING_APP_SECRET, mo_app_id=DING_MO_APP_ID, mo_app_secret=DING_MO_APP_SECRET,
                  storage=cache_storage):
         super().__init__(corp_id, app_key, app_secret, storage)
         self.corp_id = corp_id
@@ -26,17 +31,44 @@ class DingDingOps(AppKeyClient):
         self.mo_app_secret = mo_app_secret
         self.storage = storage
 
+    def get_union_id_by_code(self, code):
+        """
+        通过移动应用接入扫码返回的临时授权码，使用临时授权码换取用户的 unionid
+        :param code: 临时授权码
+        :return: unionid
+        """
+        time_stamp = int(round(time.time() * 1000))
+        # 通过appSecret计算出来的签名值，该参数值在HTTP请求参数中需要urlEncode(因为签名中可能包含特殊字符+)。
+        signature = quote(base64.b64encode(hmac.new(
+            self.mo_app_secret.encode('utf-8'),
+            str(time_stamp).encode('utf-8'),
+            digestmod=sha256).digest()).decode("utf-8"))
+        # accessKey 是 登录开发者后台，选择应用开发 > 移动接入应用 > 登录所看到应用的appId。
+        url = '{}/sns/getuserinfo_bycode?accessKey={}&signature={}&timestamp={}'.format(DING_URL, self.mo_app_id, signature, time_stamp)
+        resp = requests.post(
+            url=url,
+            json=dict(tmp_auth_code=code),
+        )
+        try:
+            resp = resp.json()
+            if resp['errcode'] != 0:
+                return False, 'get_union_id_by_code: %s' % str(resp)
+            else:
+                return True, resp["user_info"]["unionid"]
+        except Exception:
+            return False, 'get_union_id_by_code: %s' % str(resp)
+
     def get_user_id_by_code(self, code):
         """
         通过code获取用户的 userid
+        :param id:  用户在当前钉钉开放平台账号范围内的唯一标识
         :return:
         """
-        user_id_data = self.user.getuserinfo(code)
-        if user_id_data.get('errcode') == 0:
-            user_id = user_id_data.get('userid')
-            return True, user_id
+        _status, union_id = self.get_union_id_by_code(code)
+        if _status:
+            return True, self.user.get_userid_by_unionid(union_id).get('userid')
         else:
-            return False, '通过临时Code换取用户ID失败: %s' % str(user_id_data)
+            return False, 'get_user_id_by_code: %s' % str(union_id)
 
     def get_user_detail_by_user_id(self, user_id):
         """
@@ -52,27 +84,3 @@ class DingDingOps(AppKeyClient):
         except (KeyError, IndexError) as k_error:
             return False, 'get_user_detail_by_user_id: %s' % str(k_error)
 
-    def get_user_detail(self, code, home_url):
-        """
-        临时授权码换取userinfo
-        """
-        _status, user_id = self.get_user_id_by_code(code)
-        # 判断 user_id 在本企业钉钉/微信中是否存在
-        if not _status:
-            context = {
-                'global_title': TITLE,
-                'msg': '获取userid失败，错误信息：{}'.format(user_id),
-                'button_click': "window.location.href='%s'" % home_url,
-                'button_display': "返回主页"
-            }
-            return False, context, user_id
-        detail_status, user_info = self.get_user_detail_by_user_id(user_id)
-        if not detail_status:
-            context = {
-                'global_title': TITLE,
-                'msg': '获取用户信息失败，错误信息：{}'.format(user_info),
-                'button_click': "window.location.href='%s'" % home_url,
-                'button_display': "返回主页"
-            }
-            return False, context, user_info
-        return True, user_id, user_info

utils/format_username.py

@@ -9,39 +9,24 @@
 import re
 
 
-def get_email_from_userinfo(user_info):
-    if user_info.get('email') not in ['', None]:
-        return True, user_info.get('email')
-    elif user_info.get('biz_mail') not in ['', None]:
-        return True, user_info.get('biz_mail')
-    elif user_info.get('orgEmail') not in ['', None]:
-        return True, user_info.get('orgEmail')
-    else:
-        return False, "当前用户的邮箱或企业邮箱均没配置，请先完善个人信息！"
-
-
 def format2username(account):
     """
     格式化账号，统一输出为用户名格式
     :param account 用户账号可以是邮箱、DOMAIN\\username、username格式。
     :return: username
     """
-
-    if account is None:
-        return False, NameError(
-            "传入的用户账号为空！".format(account))
-    try:
+    if account:
         mail_compile = re.compile(r'(.*)@(.*)')
         domain_compile = re.compile(r'(.*)\\(.*)')
 
         if re.fullmatch(mail_compile, account):
-            return True, re.fullmatch(mail_compile, account).group(1)
+            return re.fullmatch(mail_compile, account).group(1)
         elif re.fullmatch(domain_compile, account):
-            return True, re.fullmatch(domain_compile, account).group(2)
+            return re.fullmatch(domain_compile, account).group(2)
         else:
-            return True, account.lower()
-    except Exception as e:
-        return False, NameError("格式化失败，注意：account用户账号是邮箱或DOMAIN\\username或username格式，错误信息[{}]".format(account, e))
+            return account.lower()
+    else:
+        raise NameError("输入的账号不能为空..")
 
 
 def get_user_is_active(user_info):
@@ -53,3 +38,8 @@ def get_user_is_active(user_info):
     except (KeyError, IndexError) as k_error:
         return False, 'get_user_is_active: %s' % str(k_error)
 
+
+if __name__ == '__main__':
+    user = 'jf.com\XiangLe'
+    username = format2username(user)
+    print(username)

utils/logger_filter.py

@@ -1,42 +0,0 @@
-#!/usr/bin/env python3
-# -*- coding: utf-8 -*-
-from functools import wraps
-from traceback import format_exc
-
-
-def decorator_request_logger(logger):
-    def decorator(func):
-        @wraps(func)
-        def wrapper(request, *args, **kwargs):
-            try:
-                rsp = func(request, *args, **kwargs)
-                logger.info(
-                    f'Request Arguments: {args} {kwargs}')
-                # logger.info(
-                #     f'Request: {request.META["REMOTE_ADDR"]} {request.method} "{request.META["PATH_INFO"]}'
-                #     f'{request.META["QUERY_STRING"]} {request.META["SERVER_PROTOCOL"]}" {rsp.status_code} {rsp.content}')
-                logger.info(rsp)
-                return rsp
-            except Exception as e:
-                logger.error(format_exc())
-                raise e
-
-        return wrapper
-
-    return decorator
-
-
-def decorator_default_logger(logger):
-    def decorator(func):
-        @wraps(func)
-        def wrapper(*args, **kwargs):
-            logger.info(f'{args}, {kwargs}')
-            try:
-                return func(*args, **kwargs)
-            except Exception as e:
-                logger.error(format_exc())
-                raise e
-
-        return wrapper
-
-    return decorator

utils/storage/cache.py

@@ -56,7 +56,3 @@ class WeWorkCache(BaseCache):
     access_token = CacheItem()
 
 
-class DingDingCache(BaseCache):
-    access_token = CacheItem()
-
-

utils/storage/memorystorage.py

@@ -23,7 +23,7 @@ class MemoryStorage(BaseStorage):
             else:
                 return default
 
-    def set(self, key, value, ttl=3600):
+    def set(self, key, value, ttl=None):
         if value is None:
             return
         self._data[key] = (value, int(time.time()) + ttl)

utils/tracecalls.py

@@ -1,149 +0,0 @@
-# -*- coding: utf-8 -*-
-import os.path
-import re
-import sys
-from copy import deepcopy as dcopy
-from functools import wraps
-from traceback import format_exc
-from pwdselfservice.settings import BASE_DIR
-from pprint import pformat as cformat
-
-
-NOT_CHECK_CALL_FUNC_NAME = []
-
-DEBUG_FLAG_FILE_PATH = os.path.join(BASE_DIR, '/log')
-
-
-class TraceFuncContext:
-    def __init__(self, func_name, logger, log_head='Run function', debug_flag_name=None, verbose=1,
-                 pretty=False, indent=0, check_calls=None):
-        self.name = func_name
-        self.logger = logger
-        self.debug_flag_name = debug_flag_name
-        self.log_head = log_head
-        self.verbose = verbose
-        self.pretty = pretty
-        self.indent = indent
-        self.check_calls = check_calls
-        self.copied_verbose = dcopy(verbose)
-        self.is_exit = False
-        self.debug_flag_suffix = '.debug.flag'
-        if self.verbose is not None:
-            self.check_calls = None
-
-    def __enter__(self):
-        sys.settrace(self.get_callbacks)
-
-    def check_debug_flag(self):
-        if self.debug_flag_name:
-            if os.path.isfile(os.path.join(DEBUG_FLAG_FILE_PATH, '{}{}'.format(
-                    self.debug_flag_name, self.debug_flag_suffix))):
-                self.verbose = 2
-            else:
-                self.verbose = self.copied_verbose
-
-    @staticmethod
-    def check_in_excludes(func_name):
-        if len(NOT_CHECK_CALL_FUNC_NAME) > 0:
-            regex_gen = r'{0}'.format('|'.join(NOT_CHECK_CALL_FUNC_NAME))
-            re_c = re.compile(regex_gen, flags=re.IGNORECASE)
-            return re_c.search(func_name)
-        return False
-
-    def get_callbacks(self, frame, event, arg=None):
-        self.check_debug_flag()
-        __co_name = frame.f_code.co_name
-        if event != 'call':    # Only trace call
-            return
-        if self.verbose:
-            if self.verbose == 1 or self.verbose == 'v':
-                self.check_calls = [self.name]
-                if __co_name not in self.check_calls:
-                    return
-            elif self.verbose == 2 or self.verbose == 'vv':
-                if self.check_calls is None:
-                    self.check_calls = list(set(frame.f_code.co_names))
-                    self.check_calls.append(self.name)
-                if __co_name not in self.check_calls or self.check_in_excludes(__co_name):
-                    return
-            else:
-                raise ValueError("UNKNOWN VERBOSE VALUE: support verbose is 1/2 or v/vv...")
-        else:
-            if self.check_calls is None:
-                self.check_calls = [self.name]
-            else:
-                if isinstance(self.check_calls, list):
-                    self.check_calls.append(self.name)
-                else:
-                    raise ValueError("CHECK CALLS TYPE ERROR: check_calls need a list or tuple with function name.")
-            if __co_name not in self.check_calls:
-                return
-        return self.get_code_line
-
-    def get_code_line(self, frame, event, agr=None):
-        # 正常情况下只有line或return事件才做记录
-        if event not in ['line', 'return']:
-            return
-        __code = frame.f_code
-        __func_name = __code.co_name
-        __line_num = frame.f_lineno
-        __locals = frame.f_locals
-        if __func_name == self.name:
-            self.logger.info(
-                "{4} [{0}] trace detail "
-                "--- {1} {2}, locals as following: {5}{3}{5}".format(__func_name,
-                                                                     event,
-                                                                     __line_num,
-                                                                     cformat(__locals, indent=self.indent)
-                                                                     if self.pretty else __locals,
-                                                                     self.log_head,
-                                                                     '\n' if self.pretty else ''
-                                                                     ))
-        else:
-            self.logger.info(
-                "{5} [{0}] call [{1}] trace detail "
-                "--- {2} {3}, locals as following: {6}{4}{6}".format(self.name,
-                                                                     __func_name,
-                                                                     event,
-                                                                     __line_num,
-                                                                     cformat(__locals, indent=self.indent)
-                                                                     if self.pretty else __locals,
-                                                                     self.log_head,
-                                                                     '\n' if self.pretty else ''
-                                                                     ))
-
-    def __exit__(self, exc_type, exc_val, exc_tb):
-        sys.settrace(None)
-
-
-def decorator_logger(logger, log_head='Run function', debug_flag_name=None, verbose=1, check_calls=None,
-                     pretty=False, indent=0):
-    def decorator(func):
-        @wraps(func)
-        def wrapper(*args, **kwargs):
-            func_consts = func.__code__.co_consts
-            logger.debug("{4} [{0}] entering trace with --- consts-{3}, args-{1}, kwargs-{2}...".format(
-                func.__name__, args, kwargs, func_consts, log_head))
-
-            with TraceFuncContext(func.__name__, logger,
-                                  log_head=log_head,
-                                  debug_flag_name=debug_flag_name,
-                                  verbose=verbose,
-                                  check_calls=check_calls,
-                                  pretty=pretty,
-                                  indent=indent
-                                  ):
-                try:
-                    func_res = func(*args, **kwargs)
-                    logger.debug("{4} [{0}] exiting trace with --- consts-{3}, args-{1}, kwargs-{2}...".format(
-                        func.__name__, args, kwargs, func_consts, log_head))
-                    return func_res
-                except Exception as e:
-                    logger.error(
-                        "{4} [{0}] has exception, trace with --- consts-{3}, args-{1}, kwargs-{2}. Trackback as "
-                        "following: ".format(
-                            func.__name__, args, kwargs, func_consts, log_head))
-                    logger.error(format_exc())
-                    raise e
-        return wrapper
-    return decorator