Beispiel #1
0
def get_user_detail_from_mb(no_or_email):
    external_user_email = [u['email'] for u in external_user]
    external_user_workno = [u['workNo'] for u in external_user]
    if no_or_email in external_user_email or no_or_email in external_user_workno:
        return {}
    if re.match(
            r'^[A-Za-z\d]+([-_.][A-Za-z\d]+)*@([A-Za-z\d]+[-.])+[A-Za-z\d]{2,4}$',
            no_or_email, re.I):
        url = email_url + no_or_email
    else:
        url = work_no_url + no_or_email
    http_request = HttpRequests()
    status, ret = http_request.get(url)
    if status is True:
        s = json.loads(ret)
        if s["code"] == 0:
            return {
                "name": s["data"]["name"],
                "user_id": s["data"]["userId"],
                "ding_user_id": s["data"]["dingDingId"],
                "avatar": s["data"]["avatar"],
                "email": s["data"]["email"],
                "work_no": s["data"]["workNo"],
                "dept_id": s["data"]["deptId"],
                "phone": s["data"]["phone"]
            }
        else:
            return None
    else:
        print(ret)
        return None
Beispiel #2
0
    def get(self, request, *args, **kwargs):
        sso_code = request.GET.get('code')
        url = '{0}/accessToken?client_id={1}&client_secret={2}&redirect_uri={3}&code={4}&grant_type=authorization_code'.format(
            self.oauth_api, self.client_id, self.client_secret,
            self.redirect_uri, sso_code)
        _, token = HttpRequests().get(url)
        try:
            access_token = json.loads(token)['access_token']
            _, user = HttpRequests().get('%s/profile?access_token=%s' %
                                         (self.oauth_api, access_token))
            user_info = json.loads(user)
            user_id = user_info['id']
            user_job_number = user_info['empid']
            user_email = user_info['email']
            user_name = user_info['name']
            user_display = user_info['username']

            import random
            password = "".join(
                random.sample(
                    'abcdefghijklmnopqrstuvwxyzAbcDfGijKnMnopqrStuvvxYZ0123456789',
                    8))

            if not User.objects.filter(username=user_job_number).exists():
                user = User()
                user.username = user_job_number
                user.password = make_password(password)
                user.password2 = cryptor.encrypt(password)
                user.display = user_display
                user.email = user_email
                user.save()

                try:
                    # 添加到默认组,默认组设置最小权限
                    group = Group.objects.get(id=1)
                    user.groups.add(group)
                except Exception:
                    print('无id=1的权限组,无法默认添加')
            user = User.objects.get(username=user_job_number)
            # 调用django内置登录方法,防止管理后台二次登录
            login(request, user)
            next_url = request.GET.get("next") if request.GET.get(
                "next", None) else reverse("accounts:profile")
            return HttpResponseRedirect(next_url)

        except:
            print(traceback.print_exc())
        return render(request, 'login.html')
Beispiel #3
0
def get_user_list_from_mb():
    http_request = HttpRequests()
    status, ret = http_request.get(user_list_url)
    if status is True:
        s = json.loads(ret)
        if s["code"] == 0:
            res = external_user
            for p in s["data"]:
                if "name" in p and "email" in p and "workNo" in p:
                    res.append({
                        "name": p["name"],
                        "email": p["email"],
                        "workNo": p["workNo"]
                    })
            return res
        else:
            print(ret)
            return list()
    else:
        print(ret)
        return list()
Beispiel #4
0
class DingSender(object):
    def __init__(self):
        self.headers = {'Content-Type': 'application/json'}
        self.request = HttpRequests()
        self.app_id = SysConfig().sys_config.get('ding_agent_id', None)

    def ding_to_person(self, ding_user_id, content):
        if self.app_id is None:
            return "No app id."
        data = {
            "touser": ding_user_id,
            "agentid": self.app_id,
            "msgtype": "text",
            "text": {
                "content": "{}".format(content)
            },
        }
        url = 'https://oapi.dingtalk.com/message/send?access_token=' + get_access_token(
        )
        # print(url, data)
        status, ret = self.request.post(url, data, self.headers)
        return status, ret

    def ding_to_group(self, url, content):
        try:
            data = {
                "msgtype": "text",
                "text": {
                    "content": "{}".format(content)
                },
            }
            status, ret = self.request.post(url, json.dumps(data),
                                            self.headers)
            print('ding_to_group', status, ret)
            return status, ret
        except Exception as e:
            print(traceback.format_exc())
            return False, str(e)
Beispiel #5
0
#!/usr/bin/env python
# -*- coding: utf-8 -*-

import json
from common.utils.http_api import HttpRequests
from common.utils.base import send_msg_to_admin

http_request = HttpRequests()


def application_update(data):
    url = "http://wex.yadoom.com/api/wex/api/application/update"
    # data = {
    #     "app_code": data["app_code"],
    #     "app_name": data["app_name"],
    #     "app_type": data["app_type"],
    #     "tomcat_port": data["tomcat_port"],
    #     "scm_url": data["scm_url"],
    #     "importance": data["importance"],
    #     "domain_name": data["domain_name"],
    #     "primary": data["primary"],
    #     "secondary": data["secondary"],
    #     "comment": data["comment"]
    # }
    headers = {"Content-Type": "application/json; charset=UTF-8"}
    status, ret = http_request.post(url=url,
                                    params=json.dumps(data),
                                    headers=headers)
    if status is False:
        send_msg_to_admin("wex更新应用接口调用出错:\n" + ret)
    print(ret)
Beispiel #6
0
def login_authenticate(username, password):
    """登录认证,包含一个登录失败计数器,5分钟内连续失败5次的账号,会被锁定5分钟"""
    sys_config = SysConfig().sys_config
    if sys_config.get('lock_cnt_threshold'):
        lock_cnt_threshold = int(sys_config.get('lock_cnt_threshold'))
    else:
        lock_cnt_threshold = 5
    if sys_config.get('lock_time_threshold'):
        lock_time_threshold = int(sys_config.get('lock_time_threshold'))
    else:
        lock_time_threshold = 300

    # 服务端二次验证参数
    if username == "" or password == "" or username is None or password is None:
        result = {'status': 2, 'errmsg': '用户名或密码为空,请重新输入!'}
    elif username in login_failure_counter and login_failure_counter[username]["cnt"] >= lock_cnt_threshold and (
            datetime.datetime.now() - login_failure_counter[username]["last_failure_time"]).seconds \
            <= lock_time_threshold:
        result = {'status': 3, 'errmsg': '登录失败超过5次,该账号已被锁定5分钟!'}
    else:
        if username == 'admin':
            # 调用 django 认证系统
            user = authenticate(username=username, password=password)
        else:
            # 调用 Bim 统一身份认证系统
            # {"token":{"tokenId":"......"},"roles":[],"attributes":[{"values":["WD44134"],"name":"uid"}]}
            # {"exception":{"message":"密码无效","name":"com.bamboocloud.bam.idsvcs.InvalidPassword"}}
            # {"exception":{"message":"验证失败","name":"com.bamboocloud.bam.idsvcs.InvalidCredentials"}}
            url = 'http://bam.yadoom.com:8080/bam/identity/json/authenticateapi'
            data = {
                'uid': username,
                'usercredential': password,
                'app_id': 'oa',
                'app_key': 'password',
                'attributenames': 'uid',
                'uri': 'realm=/',
                'module': 'LDAP'
            }
            _, ret = HttpRequests().post(url, data)
            ret = json.loads(ret)
            print(ret)
            if 'exception' not in ret:
                # 认证成功
                url = 'http://bam.yadoom.com:8080/bam/identity/json/attributesapi'
                data = {
                    'tokenid': ret['token']['tokenId'],
                    'app_id': 'oa',
                    'app_key': 'password'
                }
                _, ret = HttpRequests().post(url, data)
                ret = json.loads(ret)
                display = ''
                if 'exception' not in ret:
                    for item in ret['attributes']:
                        if item['name'] == 'sn':
                            display = item['values'][0]
                if not User.objects.filter(username=username).exists():
                    user = User()
                    user.username = username
                    user.display = display
                    user.password = make_password(password)
                    user.password2 = cryptor.encrypt(password)
                    user.save()

                    try:
                        # 添加到默认组,默认组设置最小权限
                        group = Group.objects.get(id=1)
                        user.groups.add(group)
                    except Exception:
                        print('无id=1的权限组,无法默认添加')
                else:
                    user = User.objects.get(username=username)
                    if user.password != make_password(password):
                        user.password = make_password(password)
                        user.password2 = cryptor.encrypt(password)
                        user.save(update_fields=['password'])
                    if display and user.display != display:
                        user.display = display
                        user.save(update_fields=['display'])
                user = User.objects.get(username=username)
            else:
                user = None
        if user:
            # 登录成功
            # 获取该用户的钉钉 userid,用于给他发钉钉消息
            if sys_config.get(
                    "ding_to_person") == 'true' and username != 'admin':
                get_ding_user_id(username)

            # 如果登录失败计数器中存在该用户名,则清除之
            if username in login_failure_counter:
                login_failure_counter.pop(username)

            result = {'status': 0, 'result': 'Successful'}
        else:
            # 登录失败
            if username not in login_failure_counter:
                # 第一次登录失败,登录失败计数器中不存在该用户,则创建一个该用户的计数器
                login_failure_counter[username] = {
                    "cnt": 1,
                    "last_failure_time": datetime.datetime.now()
                }
            else:
                if (datetime.datetime.now() -
                        login_failure_counter[username]["last_failure_time"]
                    ).seconds <= lock_time_threshold:
                    login_failure_counter[username]["cnt"] += 1
                else:
                    # 上一次登录失败时间早于5分钟前,则重新计数。以达到超过5分钟自动解锁的目的。
                    login_failure_counter[username]["cnt"] = 1
                login_failure_counter[username][
                    "last_failure_time"] = datetime.datetime.now()
            result = {'status': 1, 'errmsg': '用户名或密码错误,请重新输入!'}
    return result
Beispiel #7
0
 def __init__(self):
     self.headers = {'Content-Type': 'application/json'}
     self.request = HttpRequests()
     self.app_id = SysConfig().sys_config.get('ding_agent_id', None)