def get_user_detail_from_mb(no_or_email):
external_user_email = [u['email'] for u in external_user]
external_user_workno = [u['workNo'] for u in external_user]
if no_or_email in external_user_email or no_or_email in external_user_workno:
return {}
if re.match(
r'^[A-Za-z\d]+([-_.][A-Za-z\d]+)*@([A-Za-z\d]+[-.])+[A-Za-z\d]{2,4}$',
no_or_email, re.I):
url = email_url + no_or_email
else:
url = work_no_url + no_or_email
http_request = HttpRequests()
status, ret = http_request.get(url)
if status is True:
s = json.loads(ret)
if s["code"] == 0:
return {
"name": s["data"]["name"],
"user_id": s["data"]["userId"],
"ding_user_id": s["data"]["dingDingId"],
"avatar": s["data"]["avatar"],
"email": s["data"]["email"],
"work_no": s["data"]["workNo"],
"dept_id": s["data"]["deptId"],
"phone": s["data"]["phone"]
}
else:
return None
else:
print(ret)
return None
def get(self, request, *args, **kwargs):
sso_code = request.GET.get('code')
url = '{0}/accessToken?client_id={1}&client_secret={2}&redirect_uri={3}&code={4}&grant_type=authorization_code'.format(
self.oauth_api, self.client_id, self.client_secret,
self.redirect_uri, sso_code)
_, token = HttpRequests().get(url)
try:
access_token = json.loads(token)['access_token']
_, user = HttpRequests().get('%s/profile?access_token=%s' %
(self.oauth_api, access_token))
user_info = json.loads(user)
user_id = user_info['id']
user_job_number = user_info['empid']
user_email = user_info['email']
user_name = user_info['name']
user_display = user_info['username']
import random
password = "".join(
random.sample(
'abcdefghijklmnopqrstuvwxyzAbcDfGijKnMnopqrStuvvxYZ0123456789',
8))
if not User.objects.filter(username=user_job_number).exists():
user = User()
user.username = user_job_number
user.password = make_password(password)
user.password2 = cryptor.encrypt(password)
user.display = user_display
user.email = user_email
user.save()
try:
# 添加到默认组,默认组设置最小权限
group = Group.objects.get(id=1)
user.groups.add(group)
except Exception:
print('无id=1的权限组,无法默认添加')
user = User.objects.get(username=user_job_number)
# 调用django内置登录方法,防止管理后台二次登录
login(request, user)
next_url = request.GET.get("next") if request.GET.get(
"next", None) else reverse("accounts:profile")
return HttpResponseRedirect(next_url)
except:
print(traceback.print_exc())
return render(request, 'login.html')
def get_user_list_from_mb():
http_request = HttpRequests()
status, ret = http_request.get(user_list_url)
if status is True:
s = json.loads(ret)
if s["code"] == 0:
res = external_user
for p in s["data"]:
if "name" in p and "email" in p and "workNo" in p:
res.append({
"name": p["name"],
"email": p["email"],
"workNo": p["workNo"]
})
return res
else:
print(ret)
return list()
else:
print(ret)
return list()
class DingSender(object):
def __init__(self):
self.headers = {'Content-Type': 'application/json'}
self.request = HttpRequests()
self.app_id = SysConfig().sys_config.get('ding_agent_id', None)
def ding_to_person(self, ding_user_id, content):
if self.app_id is None:
return "No app id."
data = {
"touser": ding_user_id,
"agentid": self.app_id,
"msgtype": "text",
"text": {
"content": "{}".format(content)
},
}
url = 'https://oapi.dingtalk.com/message/send?access_token=' + get_access_token(
)
# print(url, data)
status, ret = self.request.post(url, data, self.headers)
return status, ret
def ding_to_group(self, url, content):
try:
data = {
"msgtype": "text",
"text": {
"content": "{}".format(content)
},
}
status, ret = self.request.post(url, json.dumps(data),
self.headers)
print('ding_to_group', status, ret)
return status, ret
except Exception as e:
print(traceback.format_exc())
return False, str(e)
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import json
from common.utils.http_api import HttpRequests
from common.utils.base import send_msg_to_admin
http_request = HttpRequests()
def application_update(data):
url = "http://wex.yadoom.com/api/wex/api/application/update"
# data = {
# "app_code": data["app_code"],
# "app_name": data["app_name"],
# "app_type": data["app_type"],
# "tomcat_port": data["tomcat_port"],
# "scm_url": data["scm_url"],
# "importance": data["importance"],
# "domain_name": data["domain_name"],
# "primary": data["primary"],
# "secondary": data["secondary"],
# "comment": data["comment"]
# }
headers = {"Content-Type": "application/json; charset=UTF-8"}
status, ret = http_request.post(url=url,
params=json.dumps(data),
headers=headers)
if status is False:
send_msg_to_admin("wex更新应用接口调用出错:\n" + ret)
print(ret)
def login_authenticate(username, password):
"""登录认证,包含一个登录失败计数器,5分钟内连续失败5次的账号,会被锁定5分钟"""
sys_config = SysConfig().sys_config
if sys_config.get('lock_cnt_threshold'):
lock_cnt_threshold = int(sys_config.get('lock_cnt_threshold'))
else:
lock_cnt_threshold = 5
if sys_config.get('lock_time_threshold'):
lock_time_threshold = int(sys_config.get('lock_time_threshold'))
else:
lock_time_threshold = 300
# 服务端二次验证参数
if username == "" or password == "" or username is None or password is None:
result = {'status': 2, 'errmsg': '用户名或密码为空,请重新输入!'}
elif username in login_failure_counter and login_failure_counter[username]["cnt"] >= lock_cnt_threshold and (
datetime.datetime.now() - login_failure_counter[username]["last_failure_time"]).seconds \
<= lock_time_threshold:
result = {'status': 3, 'errmsg': '登录失败超过5次,该账号已被锁定5分钟!'}
else:
if username == 'admin':
# 调用 django 认证系统
user = authenticate(username=username, password=password)
else:
# 调用 Bim 统一身份认证系统
# {"token":{"tokenId":"......"},"roles":[],"attributes":[{"values":["WD44134"],"name":"uid"}]}
# {"exception":{"message":"密码无效","name":"com.bamboocloud.bam.idsvcs.InvalidPassword"}}
# {"exception":{"message":"验证失败","name":"com.bamboocloud.bam.idsvcs.InvalidCredentials"}}
url = 'http://bam.yadoom.com:8080/bam/identity/json/authenticateapi'
data = {
'uid': username,
'usercredential': password,
'app_id': 'oa',
'app_key': 'password',
'attributenames': 'uid',
'uri': 'realm=/',
'module': 'LDAP'
}
_, ret = HttpRequests().post(url, data)
ret = json.loads(ret)
print(ret)
if 'exception' not in ret:
# 认证成功
url = 'http://bam.yadoom.com:8080/bam/identity/json/attributesapi'
data = {
'tokenid': ret['token']['tokenId'],
'app_id': 'oa',
'app_key': 'password'
}
_, ret = HttpRequests().post(url, data)
ret = json.loads(ret)
display = ''
if 'exception' not in ret:
for item in ret['attributes']:
if item['name'] == 'sn':
display = item['values'][0]
if not User.objects.filter(username=username).exists():
user = User()
user.username = username
user.display = display
user.password = make_password(password)
user.password2 = cryptor.encrypt(password)
user.save()
try:
# 添加到默认组,默认组设置最小权限
group = Group.objects.get(id=1)
user.groups.add(group)
except Exception:
print('无id=1的权限组,无法默认添加')
else:
user = User.objects.get(username=username)
if user.password != make_password(password):
user.password = make_password(password)
user.password2 = cryptor.encrypt(password)
user.save(update_fields=['password'])
if display and user.display != display:
user.display = display
user.save(update_fields=['display'])
user = User.objects.get(username=username)
else:
user = None
if user:
# 登录成功
# 获取该用户的钉钉 userid,用于给他发钉钉消息
if sys_config.get(
"ding_to_person") == 'true' and username != 'admin':
get_ding_user_id(username)
# 如果登录失败计数器中存在该用户名,则清除之
if username in login_failure_counter:
login_failure_counter.pop(username)
result = {'status': 0, 'result': 'Successful'}
else:
# 登录失败
if username not in login_failure_counter:
# 第一次登录失败,登录失败计数器中不存在该用户,则创建一个该用户的计数器
login_failure_counter[username] = {
"cnt": 1,
"last_failure_time": datetime.datetime.now()
}
else:
if (datetime.datetime.now() -
login_failure_counter[username]["last_failure_time"]
).seconds <= lock_time_threshold:
login_failure_counter[username]["cnt"] += 1
else:
# 上一次登录失败时间早于5分钟前,则重新计数。以达到超过5分钟自动解锁的目的。
login_failure_counter[username]["cnt"] = 1
login_failure_counter[username][
"last_failure_time"] = datetime.datetime.now()
result = {'status': 1, 'errmsg': '用户名或密码错误,请重新输入!'}
return result
def __init__(self):
self.headers = {'Content-Type': 'application/json'}
self.request = HttpRequests()
self.app_id = SysConfig().sys_config.get('ding_agent_id', None)