#!/usr/bin/env python3 # -*- coding: utf-8 -*- # @FileName: utils.py # @Software: # @Author: Leven Xiang # @Mail: xiangle0109@outlook.com # @Date: 2021/5/20 8:47 from django.shortcuts import render import logging from ldap3.core.exceptions import LDAPException from django.conf import settings import os from utils.tracecalls import decorator_logger APP_ENV = os.getenv('APP_ENV') if APP_ENV == 'dev': from conf.local_settings_dev import * else: from conf.local_settings import * logger = logging.getLogger(__name__) @decorator_logger(logger, log_head='AccountOps', pretty=True, indent=2, verbose=1) def code_2_user_detail(ops, home_url, code): """ 临时授权码换取userinfo """ _, s, e = ops.get_user_detail(code=code, home_url=home_url) return _, s, e @decorator_logger(logger, log_head='AccountOps', pretty=True, indent=2, verbose=1) def ops_account(ad_ops, request, msg_template, home_url, username, new_password): """ ad 账号操作,判断账号状态,重置密码或解锁账号 """ try: print("ops_account: {}".format(username)) _status, _account = ad_ops.ad_ensure_user_by_account(username=username) if not _status: context = { 'global_title': TITLE, 'msg': "账号[%s]在AD中不存在,请确认当前钉钉扫码账号绑定的邮箱是否和您正在使用的邮箱一致?或者该账号己被禁用!\n猜测:您的账号或邮箱是否是带有数字或其它字母区分?" % username, 'button_click': "window.location.href='%s'" % home_url, 'button_display': "返回主页" } return render(request, msg_template, context) _status, account_code = ad_ops.ad_get_user_status_by_account(username) if _status and account_code in settings.AD_ACCOUNT_DISABLE_CODE: context = { 'global_title': TITLE, 'msg': "此账号状态为己禁用,请联系HR确认账号是否正确。", 'button_click': "window.location.href='%s'" % home_url, 'button_display': "返回主页" } return render(request, msg_template, context) elif not _status: context = { 'global_title': TITLE, 'msg': "错误:{}".format(account_code), 'button_click': "window.location.href='%s'" % home_url, 'button_display': "返回主页" } return render(request, msg_template, context) if new_password: reset_status, result = ad_ops.ad_reset_user_pwd_by_account(username=username, new_password=new_password) if reset_status: # 重置密码并执行一次解锁,防止重置后账号还是锁定状态。 unlock_status, result = ad_ops.ad_unlock_user_by_account(username) if unlock_status: context = { 'global_title': TITLE, 'msg': "密码己修改成功,请妥善保管。你可以点击修改密码或直接关闭此页面!", 'button_click': "window.location.href='%s'" % home_url, 'button_display': "返回主页" } return render(request, msg_template, context) else: context = { 'global_title': TITLE, 'msg': "密码未修改/重置成功,错误信息:{}".format(result), 'button_click': "window.location.href='%s'" % '/auth', 'button_display': "重新认证授权" } return render(request, msg_template, context) else: unlock_status, result = ad_ops.ad_unlock_user_by_account(username) if unlock_status: context = { 'global_title': TITLE, 'msg': "账号己解锁成功。你可以点击返回主页或直接关闭此页面!", 'button_click': "window.location.href='%s'" % home_url, 'button_display': "返回主页" } return render(request, msg_template, context) else: context = { 'global_title': TITLE, 'msg': "账号未能解锁,错误信息:{}".format(result), 'button_click': "window.location.href='%s'" % '/auth', 'button_display': "重新认证授权" } return render(request, msg_template, context) except LDAPException as l_e: context = { 'global_title': TITLE, 'msg': "账号未能解锁,错误信息:{}".format(l_e), 'button_click': "window.location.href='%s'" % '/auth', 'button_display': "重新认证授权" } return render(request, msg_template, context)