コード例 #1
0
ファイル: test_rule.py プロジェクト: hokuto-fukunaga/oase
def get_adminstrator():
    """
    サイトにログインしwebページをクロールできるシステム管理者を返す
    ユーザデータの加工、セッションの保存の後ログインをしている。
    """
    password = '******'
    admin = User.objects.get(pk=1)
    admin.password = Common.oase_hash(password)
    admin.last_login = datetime.datetime.now(pytz.timezone('UTC'))
    admin.password_last_modified = datetime.datetime.now(pytz.timezone('UTC'))
    admin.save(force_update=True)

    PasswordHistory.objects.create(user_id=1,
                                   password=Common.oase_hash(password),
                                   last_update_timestamp=datetime.datetime.now(
                                       pytz.timezone('UTC')),
                                   last_update_user=admin.user_name)

    client = Client()
    session = client.session
    session['cookie_age'] = (
        datetime.datetime.now(pytz.timezone('UTC')) +
        datetime.timedelta(minutes=30)).strftime('%Y-%m-%d %H:%M:%S')
    session.save()

    _ = client.login(username='******', password=password)

    return client
コード例 #2
0
ファイル: personal_config.py プロジェクト: yuya0arai/oase
def _reverse_conv_login_id_mailaddr(hash_login, hash_maddr, now):
    """
    [メソッド概要]
      メールアドレス変更情報取得処理
    """
    rset = MailAddressModify.objects.filter(
        mail_address_hash=hash_maddr).values('login_id', 'mail_address',
                                             'url_expire')

    for r in rset:
        login_id = r['login_id']
        hash_login_db = OaseCommon.oase_hash(login_id)

        if hash_login == hash_login_db:
            logger.user_log('LOSI10007', login_id, r['mail_address'])

            # 有効期限チェック
            if now >= r['url_expire']:
                logger.logic_log('LOSI10008', now, r['url_expire'])
                raise OASEError('MOSJA31016', 'LOSM10000')

            mail_addr = r['mail_address']
            return login_id, mail_addr

    # メールアドレス変更情報取得失敗
    else:
        logger.user_log('LOSI10009', hash_maddr)
        raise OASEError('MOSJA31010', 'LOSM10000')
コード例 #3
0
ファイル: personal_config.py プロジェクト: yuya0arai/oase
def _check_password(request, mail_pass, uid):
    """
    [メソッド概要]
      パスワードチェック
    """
    error_msg = {}

    if len(mail_pass) <= 0:
        error_msg['mailPw'] = get_message('MOSJA10004',
                                          request.user.get_lang_mode())
        logger.user_log('LOSI10012', request=request)
        logger.logic_log('LOSM17015', request=request)

    else:
        password_hash = OaseCommon.oase_hash(mail_pass)

        user = User.objects.get(user_id=uid)

        if not user:
            error_msg['mailPw'] = get_message('MOSJA32010',
                                              request.user.get_lang_mode())
            logger.user_log('LOSI10013', request=request)
            logger.logic_log('LOSM17001', request=request)

        if user and user.password != password_hash:
            error_msg['mailPw'] = get_message('MOSJA32038',
                                              request.user.get_lang_mode())
            logger.user_log('LOSI10013', request=request)
            logger.logic_log('LOSM17016', request=request)

    return error_msg
コード例 #4
0
ファイル: pass_ch.py プロジェクト: y-koyama-git/oase
def _validate(request, data, user):
    """
    [メソッド概要]
      入力チェック
    """

    logger.logic_log(
        'LOSI00001', 'user_id: %s, session_key: %s' %
        (user.user_id, request.session.session_key))
    error_msg = {}

    if not user:
        error_msg['user'] = get_message('MOSJA32010',
                                        request.user.get_lang_mode())
        logger.user_log('LOSM17001', request=request)
        logger.logic_log(
            'LOSI00002', 'user_id: %s, session_key: %s' %
            (request.user.user_id, request.session.session_key))
        return error_msg

    # old_password_check
    input_old_password = data['user_info']['oldPw']
    if len(input_old_password) == 0:
        error_msg['oldPw'] = get_message('MOSJA32012',
                                         request.user.get_lang_mode())
        logger.user_log('LOSM17002', request=request)
    else:
        password_hash = Common.oase_hash(input_old_password)
        if user.password != password_hash:
            error_msg['oldPw'] = get_message('MOSJA32013',
                                             request.user.get_lang_mode())
            logger.user_log('LOSM17003', request=request)

    # new_password_check
    new_password = data['user_info']['newPw']
    if len(new_password) == 0:
        error_msg['newPw'] = get_message('MOSJA32014',
                                         request.user.get_lang_mode())
        logger.user_log('LOSM17004', request=request)

    else:
        re_obj = re.match(
            r'^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!#$%&()*+,-./;<=>?@\[\]^_{}|~]).{8,}$',
            new_password)
        if not re_obj:
            error_msg['newPw'] = get_message('MOSJA32015',
                                             request.user.get_lang_mode())
            logger.user_log('LOSM17005', request=request)

    new_password_conf = data['user_info']['newPwConf']
    if new_password != new_password_conf:
        error_msg['newPwConf'] = get_message('MOSJA32016',
                                             request.user.get_lang_mode())
        logger.user_log('LOSM17006', request=request)

    logger.logic_log(
        'LOSI00002', 'user_id: %s, session_key: %s' %
        (request.user.user_id, request.session.session_key))
    return error_msg
コード例 #5
0
def onetime_pass_exec(request):
    """
    [メソッド概要]
      ワンタイムパスワード発行処理
    """

    logger.logic_log('LOSI00001', 'None', request=request)

    ##################################################
    # requestデータ構造チェック
    ##################################################
    json_str = request.POST.get('user_info', None)

    if json_str == None:
        msg = get_message('MOSJA32009')
        logger.user_log('LOSM17011', request=request)
        return HttpResponseServerError(msg)

    data = json.loads(json_str)

    if not 'user_info' in data and \
        not 'loginId' in data['user_info'] and \
        not 'mailAddr' in data['user_info'] :
        msg = get_message('MOSJA32009')
        logger.user_log('LOSM17011', request=request)
        return HttpResponseServerError(msg)

    # request内容
    error_flag = False
    error_msg = {}
    user = {}
    password = ''
    ttl_hour = ''

    try:
        with transaction.atomic():
            ##################################################
            # 入力データチェック
            ##################################################
            login_id = data['user_info']['loginId']
            mail_address = data['user_info']['mailAddr']
            user, error_flag, error_msg = _validate(request, login_id, mail_address)

            ##################################################
            # ランダムパスワード生成
            ##################################################
            if error_flag == False:
                ttl_hour = int(System.objects.get(config_id='INITIAL_PASS_VALID_PERIOD').value)

                # ランダムパスワード生成
                password = RandomPassword().get_password()
                update_time = datetime.datetime.now(pytz.timezone('UTC'))

                user.password = Common.oase_hash(password)
                user.last_update_user = user.user_name
                user.last_update_timestamp = update_time
                user.password_last_modified = update_time
                password_expire = None
                if ttl_hour == 0:
                    # datetime supportで日時がずれoverflowするため9000年とした
                    password_expire = datetime.datetime.strptime('9000-12-31 23:59:59', '%Y-%m-%d %H:%M:%S')
                else:
                    password_expire = update_time + datetime.timedelta(hours=ttl_hour)
                user.password_expire = password_expire
                user.save()

    except User.DoesNotExist:
        error_flag = True
        error_msg['loginId'] = get_message('MOSJA32031')
        logger.user_log('LOSM17014', login_id, request=request)

    except Exception as e:
        error_flag = True
        logger.logic_log('LOSI00005', traceback.format_exc(), request=request)
        error_msg['db'] = get_message('MOSJA32019') + str('\n') + str(e.args)

    ##################################################
    # ユーザにワンタイムパスワードをメールで通知
    ##################################################

    # 署名用URL生成
    req_protcol = request.scheme
    req_host    = request.get_host()
    login_url   = reverse('web_app:top:login')
    inquiry_url = reverse('web_app:top:inquiry')
    login_url   = '%s://%s%s' % (req_protcol, req_host, login_url)
    inquiry_url = '%s://%s%s' % (req_protcol, req_host, inquiry_url)

    if error_flag == False:
        smtp = OASEMailSMTP()
        user_mail = OASEMailOnetimePasswd(
            mail_address, mail_address, user.user_name, password, ttl_hour, inquiry_url, login_url
        )

        send_result = smtp.send_mail(user_mail)
        if send_result:
            send_result = get_message(send_result)
            error_flag = True
            error_msg['mail'] = send_result
            logger.logic_log('LOSE17000', send_result, request=request)

    # 結果レスポンス
    response_data = {}
    response_data['status'] = 'success' if error_flag == False else 'failure'
    response_data['error_msg'] = error_msg

    response_json = json.dumps(response_data)
    logger.logic_log('LOSI00002', response_data['status'], request=request)

    return HttpResponse(response_json, content_type="application/json")
コード例 #6
0
    def authenticate(self, request, username=None, password=None, **kwargs):

        try:
            with transaction.atomic():
                password_hash = Common.oase_hash(password)
                now = datetime.datetime.now(pytz.timezone('UTC'))
                user = User.objects.select_for_update().get(
                    login_id=username,
                    login_id__contains=username,
                    disuse_flag='0',
                    sso_id=0)
                uid = user.user_id
                msg = None

                self.check_account_lock_parameter(now, user, uid, username)

                # パスワードが一致したらユーザ情報を返却し終了
                if user.password == password_hash:
                    # ミス回数,アカウントロック回数リセット
                    user.password_count = 0
                    user.account_lock_times = 0
                    user.save(force_update=True)
                    return user

                logger.logic_log('LOSI13014', username, user.password_count,
                                 user.account_lock_times)
                msg = 'MOSJA10006'

                pass_err_obj = System.objects.get(
                    config_id='PASS_ERROR_THRESHOLD')
                pass_err_int = int(pass_err_obj.value)
                if pass_err_int != 0 and uid > 0:
                    # ミス回数カウントアップ
                    if user.password_count is None:
                        user.password_count = 1
                    else:
                        user.password_count += 1

                    # 規定回数到達ならばロック
                    if user.password_count >= pass_err_int:

                        locktime_obj = System.objects.get(
                            config_id='ACCOUNT_LOCK_PERIOD')
                        locktime_int = int(locktime_obj.value)

                        user.account_lock_time = now + timedelta(
                            minutes=locktime_int)

                        logger.logic_log('LOSI13015', username,
                                         user.password_count, pass_err_int,
                                         user.account_lock_time)
                        msg = 'MOSJA10007'

                        # ロックタイミングでミス回数リセット
                        user.password_count = 0
                        user.account_lock_times += 1

                    # アカウントロック上限回数に達したらアカウントを永久ロック&メール通知
                    # アカウントロック上限回数が 0 の時はロックしない
                    acct_lock_max = int(
                        System.objects.get(
                            config_id='ACCOUNT_LOCK_MAX_TIMES').value)
                    if user.account_lock_times >= acct_lock_max >= 1 and user.pk != 1:
                        logger.logic_log('LOSI13016', username,
                                         user.account_lock_times,
                                         acct_lock_max)
                        user.account_lock_flag = True
                        self._send_user_locked_mail(user.login_id, request)
                        msg = 'MOSJA10017'

                    # ユーザデータ更新
                    user.save(force_update=True)

        except System.DoesNotExist:
            logger.system_log('LOSM00001', traceback.format_exc())
            msg = 'MOSJA10015'

        except OASELoginError as e:
            logger.user_log('LOSM00001', traceback.format_exc())
            msg = e.msg_id

        raise OASELoginError(msg)
コード例 #7
0
ファイル: pass_ch.py プロジェクト: y-koyama-git/oase
def pass_ch_exec(request):
    """
    [メソッド概要]
      パスワード変更処理
    """

    logger.logic_log(
        'LOSI00001', 'user_id: %s, session_key: %s' %
        (request.user.user_id, request.session.session_key))

    # requestデータ構造チェック
    json_str = request.POST.get('user_info', None)

    if json_str == None:
        msg = get_message('MOSJA32009', request.user.get_lang_mode())
        logger.user_log('LOSM17000')
        return HttpResponseServerError(msg)

    data = json.loads(json_str)

    if not 'user_info' in data and \
        not 'oldPw' in data['user_info'] and \
        not 'newPw' in data['user_info'] and \
        not 'newPwConf' in data['user_info'] :
        msg = get_message('MOSJA32009', request.user.get_lang_mode())
        logger.user_log('LOSM17000')
        return HttpResponseServerError(msg)

    uid = request.user.user_id

    if not 'loginId' in data['user_info'] and uid == '':
        msg = get_message('MOSJA32009', request.user.get_lang_mode())
        logger.user_log('LOSM17000')
        return HttpResponseServerError(msg)

    error_flag = False
    error_msg = {}

    try:
        with transaction.atomic():

            # request内容チェック
            update_time = datetime.datetime.now(pytz.timezone('UTC'))
            password_generation = 0
            pw_history_list = PasswordHistory.objects.filter(
                user_id=uid).order_by('last_update_timestamp')

            ##################################################
            # 入力値チェック
            ##################################################
            # Userの対象レコードをロック
            user = User.objects.select_for_update().get(user_id=uid)
            error_msg = _validate(request, data, user)

            ##################################################
            # パスワード判定
            ##################################################
            if len(error_msg) <= 0:
                # 同一パスワード設定不可世代数取得
                password_generation = int(
                    System.objects.get(config_id='Pass_generate_manage').value)

            new_password_hash = Common.oase_hash(data['user_info']['newPw'])

            # パスワード履歴テーブルが0以上かつパスワード履歴チェックフラグがTrueの場合、世代数分新パスワードと比較
            if len(pw_history_list) > 0 and user.pass_hist_check_flag:
                for pw_history in pw_history_list:
                    if pw_history.password == new_password_hash:
                        error_msg['newPw'] = get_message(
                            'MOSJA32018', request.user.get_lang_mode())
                        logger.user_log('LOSM17008', request=request)

            ##################################################
            # ユーザ情報更新
            ##################################################
            if len(error_msg) <= 0:

                logger.user_log('LOSI17000', uid, request.session.session_key,
                                password_generation, len(pw_history_list))

                user.password = new_password_hash
                user.last_update_user = user.user_name
                user.last_update_timestamp = update_time
                user.password_last_modified = update_time
                user.password_expire = None
                user.save(force_update=True)

                ##################################################
                # パスワード履歴の更新
                ##################################################
                if password_generation > 0:

                    pw_history_list_length = len(pw_history_list)
                    if password_generation <= pw_history_list_length:
                        loop = (pw_history_list_length -
                                password_generation) + 1
                        for i in range(loop):
                            pw_history_list[i].delete()

                    new_pw_history = PasswordHistory(
                        user_id=user.user_id,
                        password=new_password_hash,
                        last_update_timestamp=update_time,
                        last_update_user=user.user_name,
                    )
                    new_pw_history.save(force_insert=True)

    except User.DoesNotExist:
        error_msg['user'] = get_message('MOSJA32010',
                                        request.user.get_lang_mode())
        logger.logic_log('LOSM17001', request=request)

    except System.DoesNotExist:
        error_msg['system'] = get_message('MOSJA32011',
                                          request.user.get_lang_mode())
        logger.logic_log('LOSM17007', 'Pass_generate_manage', request=request)

    except Exception as e:
        traceback.print_exc()
        error_msg['db'] = get_message(
            'MOSJA32019', request.user.get_lang_mode()) + str(e.args)
        logger.logic_log('LOSM17009',
                         'traceback: %s' % (traceback.format_exc()),
                         request=request)

    if len(error_msg) > 0:
        error_flag = True

    # 結果レスポンス
    response_data = {}
    response_data['status'] = 'success' if error_flag == False else 'failure'
    response_data['error_msg'] = error_msg

    response_json = json.dumps(response_data, ensure_ascii=False)

    logger.logic_log(
        'LOSI00002', 'user_id: %s, session_key: %s' %
        (request.user.user_id, request.session.session_key))

    return HttpResponse(response_json, content_type="application/json")
コード例 #8
0
ファイル: personal_config.py プロジェクト: yuya0arai/oase
def modify_mailaddr(request):
    """
    [メソッド概要]
      メールアドレス変更処理
    """

    msg = {}
    error_msg = {}
    result = 'success'

    now = datetime.datetime.now(pytz.timezone('UTC'))

    mail_pass = request.POST.get('password', '')
    mail_addr = request.POST.get('mail', '')
    uid = request.user.user_id
    login_id = request.user.login_id
    emo_chk = UnicodeCheck()

    logger.logic_log('LOSI00001', mail_pass, mail_addr, request=request)

    if uid == '':
        error_msg = get_message('MOSJA32009', request.user.get_lang_mode())
        logger.user_log('LOSM17000')
        return HttpResponseServerError(error_msg)

    try:

        # パスワードチェック
        error_msg = _check_password(request, mail_pass, uid)

        # 値チェック
        if mail_addr == request.user.mail_address:
            error_msg['txtMailAddr'] = get_message(
                'MOSJA31008', request.user.get_lang_mode())
            logger.user_log('LOSI10001', login_id, mail_addr, request=request)
            logger.logic_log('LOSM10000', request=request)

        # バリデーションチェック
        dot_string = r'[\w!#$%&\'*+\-\/=?^`{|}~]+(\.[\w!#$%&\'*+\-\/=?^`{|}~]+)*'
        quoted_string = r'"([\w!#$%&\'*+\-\/=?^`{|}~. ()<>\[\]:;@,]|\\[\\"])+"'
        domain = r'([a-zA-Z\d\-]+\.)+[a-zA-Z]+'
        ip_v4 = r'(\d{1,3}(\.\d{1,3}){3}'
        ip_v6 = r'IPv6:[\da-fA-F]{0,4}(:[\da-fA-F]{0,4}){1,5}(:\d{1,3}(\.\d{1,3}){3}|(:[\da-fA-F]{0,4}){0,2}))'
        mail_ip_addr = r'\[' + ip_v4 + r'|' + ip_v6 + r'\]'

        mail_pattern = r'^(' + dot_string + r'|' + quoted_string + \
            r')@(' + domain + r'|' + mail_ip_addr + r')$'

        if len(mail_addr) <= 0:
            error_msg['txtMailAddr'] = get_message(
                'MOSJA31004', request.user.get_lang_mode())
            logger.user_log('LOSI10002', request=request)
            logger.logic_log('LOSM10000', request=request)

        elif len(mail_addr) > 256:
            error_msg['txtMailAddr'] = get_message(
                'MOSJA31005', request.user.get_lang_mode())
            logger.user_log('LOSI10003', request=request)
            logger.logic_log('LOSM10000', request=request)

        # 絵文字チェック
        value_list = emo_chk.is_emotion(mail_addr)
        if len(value_list) > 0:
            error_msg['txtMailAddr'] = get_message(
                'MOSJA31018', request.user.get_lang_mode())
            logger.user_log('LOSI10011', request=request)
            logger.logic_log('LOSM10000', request=request)

        elif not re.match(mail_pattern, mail_addr):
            error_msg['txtMailAddr'] = get_message(
                'MOSJA31006', request.user.get_lang_mode())
            logger.user_log('LOSI10004', request=request)
            logger.logic_log('LOSM10000', request=request)

        # 機密情報URL生成
        req_protcol = request.scheme
        req_host = request.get_host()
        modify_url = reverse('web_app:user:user_determ_mailaddr')
        hash_login = OaseCommon.oase_hash(login_id)
        hash_maddr = OaseCommon.oase_hash(mail_addr)
        modify_url = '%s://%s%s?arg=%s&tok=%s' % (
            req_protcol, req_host, modify_url, hash_login, hash_maddr)

        # 重複チェック
        error_msg = _check_duplication(request, error_msg, mail_addr, now,
                                       login_id)

        # DB保存
        hour_expire = int(
            System.objects.get(config_id='MAILADDR_URL_VALID_PERIOD').value)
        url_expire = now + datetime.timedelta(hours=hour_expire)

        rcnt = MailAddressModify.objects.filter(
            login_id=login_id, login_id__contains=login_id).count()
        if rcnt > 0:
            MailAddressModify.objects.filter(
                login_id=login_id, login_id__contains=login_id).update(
                    mail_address=mail_addr,
                    mail_address_hash=hash_maddr,
                    url_expire=url_expire,
                    last_update_timestamp=now,
                    last_update_user=request.user.user_name)

        else:
            MailAddressModify(login_id=login_id,
                              mail_address=mail_addr,
                              mail_address_hash=hash_maddr,
                              url_expire=url_expire,
                              last_update_timestamp=now,
                              last_update_user=request.user.user_name).save(
                                  force_insert=True)

        if len(error_msg) == 0:
            # 署名用URL生成
            req_protcol = request.scheme
            req_host = request.get_host()
            login_url = reverse('web_app:top:login')
            inquiry_url = reverse('web_app:top:inquiry')
            login_url = '%s://%s%s' % (req_protcol, req_host, login_url)
            inquiry_url = '%s://%s%s' % (req_protcol, req_host, inquiry_url)

            # メール送信
            obj_smtp = OASEMailSMTP(request=request)
            obj_mail = OASEMailModifyMailAddressNotify(mail_addr,
                                                       request.user.user_name,
                                                       hour_expire, modify_url,
                                                       inquiry_url, login_url)

            send_result = obj_smtp.send_mail(obj_mail)
            if send_result:
                error_msg['system'] = get_message(send_result,
                                                  request.user.get_lang_mode())
                logger.user_log('LOSI10006', request=request)
                logger.logic_log('LOSM10000', request=request)

    except Exception as e:
        logger.logic_log('LOSI00005', traceback.format_exc(), request=request)
        error_msg['system'] = get_message('MOSJA31014',
                                          request.user.get_lang_mode())

    if len(error_msg) > 0:
        result = 'failure'
    else:
        msg['system'] = get_message('MOSJA31017', request.user.get_lang_mode())

    data = {
        'status': result,
        'msg': msg,
        'error_msg': error_msg,
    }

    respdata = json.dumps(data)

    logger.logic_log('LOSI00002', result, request=request)

    return HttpResponse(respdata, content_type="application/json")
コード例 #9
0
def modify(request):
    """
    [メソッド概要]
      データ更新処理
    """
    #====アカウント追加時の初期値====#
    disp = defs.DISP_MODE.DEFAULT
    lang = defs.LANG_MODE.JP

    msg                  = ''
    error_msg            = ''
    error_msg_user_name  = ''
    error_msg_login_id   = ''
    error_msg_mail       = ''
    error_msg_user_group = ''

    json_str = request.POST.get('json_str',None)

    logger.logic_log('LOSI00001', 'json_str: %s' % json_str, request=request)

    if json_str is None:
        msg = get_message('MOSJA24001', request.user.get_lang_mode())
        logger.user_log('LOSM05002', request=request)
        raise Http404

    try:
        with transaction.atomic():
            json_str = json.loads(json_str)

            #=================ロック=============================#
            # リクエストされたグループIDを取得
            group_ids_req = []
            for rq in json_str['insertInfo']:
                for gid in rq['add_group_id']:
                    if len(gid) != 0:
                        gid = int(gid)
                        if gid not in group_ids_req:
                            group_ids_req.append(gid)

            for rq in json_str['updateInfo']:
                for gid in rq['add_group_id']:
                    if len(gid) != 0:
                        gid = int(gid)
                        if gid not in group_ids_req:
                            group_ids_req.append(gid)

                for gid in rq['del_group_id']:
                    if len(gid) != 0:
                        gid = int(gid)
                        if gid not in group_ids_req:
                            group_ids_req.append(gid)

            group_ids_req.sort()

            # グループ管理をロック
            group_ids_db = []
            for gid in group_ids_req:
                gr = Group.objects.select_for_update().filter(group_id=gid)
                if len(gr) <= 0:
                    logger.user_log('LOSM05005', 'group_id: %s' % gid , request=request)
                    continue

                group_ids_db.append(gr[0].group_id)

            group_ids_diff = list(set(group_ids_req) ^ set(group_ids_db))


            # 更新レコードのリスト作成(administrator除く)
            update_info = []
            update_userid_list = []
            for rq in json_str['updateInfo']:
                if int(rq['user_id']) != 1:
                    update_info.append(rq)
                    update_userid_list.append(int(rq['user_id']))
                else:
                    logger.user_log('LOSM05008', 'update_user_info: %s ' % rq , request=request)

            # 削除レコードのリスト作成(administrator除く)
            del_info = []
            del_userid_list = []
            for rq in json_str['delInfo']:
                if int(rq['user_id']) != 1:
                    del_info.append(rq)
                    del_userid_list.append(int(rq['user_id']))
                else:
                    logger.user_log('LOSM05008', 'delete_user_info: %s ' % rq , request=request)

            # 更新/削除ユーザをロック
            mod_user_list = update_userid_list + del_userid_list 
            mod_user_list.sort()
            for m in mod_user_list:
                User.objects.select_for_update().filter(pk=m)


            #=================チェック===========================#
            # 入力データチェック データ不正であればresponseを返す
            error_flag, error_msg_user_name, error_msg_login_id, error_msg_mail, error_msg_user_group = _validate(json_str, group_ids_diff, request=request)
            if error_flag:
                response_json = json.dumps({
                    'status'              : 'failure',
                    'error_msg_user_name' : error_msg_user_name,
                    'error_msg_login_id'  : error_msg_login_id,
                    'error_msg_mail'      : error_msg_mail,
                    'error_msg_user_group': error_msg_user_group,
                    'msg'                 : '',
                })

                logger.user_log('LOSM05004', 'error_msg_user_name: %s' % error_msg_user_name, request=request)
                logger.user_log('LOSM05004', 'error_msg_login_id: %s' % error_msg_login_id, request=request)
                logger.user_log('LOSM05004', 'error_msg_mail: %s' % error_msg_mail, request=request)
                logger.user_log('LOSM05004', 'error_msg_user_group: %s' % error_msg_user_group, request=request)
                logger.logic_log('LOSI00002', 'json_str: %s' % json_str, request=request)

                return HttpResponse(response_json, content_type="application/json")

            #=================更新===============================#
            update_list = []
            del_usergroup_list = {}
            add_usergroup_list = {}
            user_info = {}

            logger.user_log('LOSI05000', update_info, request=request)

            for rq in update_info:
                user_info[int(rq['user_id'])] = {
                    'user_name': rq['user_name'],
                    'login_id' : rq['login_id'], 
                    'mail'     : rq['mail'],
                    'add_group_id' : rq['add_group_id'],
                    'del_group_id' : rq['del_group_id'],
                }

            users = User.objects.filter(pk__in=update_userid_list, disuse_flag='0')
            for u in users:
                u.user_name    = user_info[u.pk]['user_name']
                u.login_id     = user_info[u.pk]['login_id'] if u.sso_id == 0 else u.login_id
                u.mail_address = user_info[u.pk]['mail']
                u.last_update_timestamp = datetime.datetime.now(pytz.timezone('UTC'))
                u.last_update_user = request.user.user_name

                add_usergroup_list[u.user_id] = [int(s) for s in user_info[u.pk]['add_group_id']]
                del_usergroup_list[u.user_id] = [int(s) for s in user_info[u.pk]['del_group_id']]
                update_list.append(u)

            for u in update_list:
                u.save()
                if u.pk in add_usergroup_list:
                    for g in add_usergroup_list[u.pk]:
                        ug = UserGroup(
                            user_id = u.pk,
                            group_id = g,
                            last_update_user = request.user.user_name,
                            )
                        ug.save(force_insert=True)
                if u.pk in del_usergroup_list:
                    UserGroup.objects.filter(user_id=u.pk, group_id__in=del_usergroup_list[u.pk]).delete()

            logger.user_log('LOSI05001', update_info, request=request)

            #=================削除===============================#
            logger.user_log('LOSI05002', del_info, request=request)

            User.objects.filter(pk__in=del_userid_list).delete()
            UserGroup.objects.filter(user_id__in=del_userid_list).delete()
            PasswordHistory.objects.filter(user_id__in=del_userid_list).delete()

            logger.user_log('LOSI05003', del_info, request=request)

            #==================新規追加===============================#
            insert_list = []
            insert_usergroup_list = {}
            insert_list_pwhist = []
            create_list = []
            create_err_flag = False
            ttl_hour = int(System.objects.get(config_id='INITIAL_PASS_VALID_PERIOD').value)

            for rq in json_str['insertInfo']:
                # ランダムパスワード生成
                password = RandomPassword().get_password()
                password_hash = Common.oase_hash(password)
                password_expire = None
                if ttl_hour == 0:
                    # datetime supportで日時がずれoverflowするため9000年とした
                    password_expire = datetime.datetime.strptime('9000-12-31 23:59:59', '%Y-%m-%d %H:%M:%S')
                else:
                    password_expire = datetime.datetime.now(pytz.timezone('UTC')) + datetime.timedelta(hours=ttl_hour)

                user = User( 
                    user_name    = rq['user_name'],
                    login_id     = rq['login_id'],
                    mail_address = rq['mail'],
                    password     = password_hash,
                    disp_mode_id = disp,
                    lang_mode_id = lang,
                    password_count = 0,
                    password_expire = password_expire,
                    last_update_user = request.user.user_name,
                    last_update_timestamp = datetime.datetime.now(pytz.timezone('UTC')),
                )

                insert_list.append(user)
                insert_usergroup_list[rq['login_id']] = rq['add_group_id']

                create_info = {
                    'name' : rq['user_name'],
                    'mail' : rq['mail'],
                    'pass' : password,
                    'id'   : rq['login_id'],
                }
                create_list.append(create_info)

            Pass_generate_manage = int(System.objects.get(config_id='Pass_generate_manage').value)
            logger.user_log('LOSI05004', json_str['insertInfo'], Pass_generate_manage, request=request)
            # create処理
            for i in insert_list:
                i.save(force_insert=True)
                # userが登録できたらusergroupを登録
                for j in insert_usergroup_list[i.login_id]:
                    usergroup = UserGroup(
                        user_id = i.pk,
                        group_id = j,
                        last_update_user = request.user.user_name,
                    )
                    usergroup.save(force_insert=True)

                if Pass_generate_manage > 0:
                    passwd_history = PasswordHistory(
                       user_id  = i.user_id,
                       password = password_hash,
                       last_update_timestamp = datetime.datetime.now(pytz.timezone('UTC')),
                       last_update_user = request.user.user_name,
                    )
                    insert_list_pwhist.append(passwd_history)

            if len(insert_list_pwhist) > 0:
                PasswordHistory.objects.bulk_create(insert_list_pwhist)

            logger.user_log('LOSI05005', json_str['insertInfo'], Pass_generate_manage, request=request)

            # 署名用URL生成
            req_protcol = request.scheme
            req_host    = request.get_host()
            login_url   = reverse('web_app:top:login')
            inquiry_url = reverse('web_app:top:inquiry')
            login_url   = '%s://%s%s' % (req_protcol, req_host, login_url)
            inquiry_url = '%s://%s%s' % (req_protcol, req_host, inquiry_url)

            # 新規登録ユーザに初期ユーザIDをメールで通知
            msg_ids = []
            if len(create_list) > 0 and create_err_flag == False:
                smtp = OASEMailSMTP(request=request)
                for u in create_list:
                    user_mail = OASEMailInitialLoginID(
                        request.user.mail_address, u['mail'], u['name'], u['id'], ttl_hour, inquiry_url, login_url
                    )
                    send_result = smtp.send_mail(user_mail)

                    logger.logic_log('LOSI05006', u['mail'], u['id'], request=request)
                    if send_result and send_result not in msg_ids:
                        msg_ids.append(send_result)
                        send_result = get_message(send_result, request.user.get_lang_mode())
                        error_flag = True
                        if msg:
                            msg += '\n'
                        msg += send_result

            # 新規登録ユーザに初期パスワードをメールで通知
            if len(create_list) > 0 and create_err_flag == False:
                smtp = OASEMailSMTP(request=request)
                for u in create_list:
                    user_mail = OASEMailInitialPasswd(
                        request.user.mail_address, u['mail'], u['name'], u['pass'], ttl_hour, inquiry_url, login_url
                    )
                    send_result = smtp.send_mail(user_mail)

                    logger.logic_log('LOSI05007', u['mail'], request=request)
                    if send_result and send_result not in msg_ids:
                        msg_ids.append(send_result)
                        send_result = get_message(send_result, request.user.get_lang_mode())
                        error_flag = True
                        if msg:
                            msg += '\n'
                        msg += send_result

    except Exception as e:
        error_flag = True
        logger.logic_log('LOSM05003', 'json_str: %s, traceback: %s' % (json_str, traceback.format_exc()), request=request)

    # 結果レスポンス
    response_data = {}

    # 異常処理
    if error_flag == True:

        response_data['status'] = 'failure'
        response_data['error_msg'] = error_msg
        response_data['msg'] = msg
        logger.logic_log('LOSM05007', 'json_str: %s, response_data: %s, traceback: %s' % (json_str, response_data, traceback.format_exc()), request=request)

    # 正常処理
    else:
        response_data['status'] = 'success'
        response_data['redirect_url'] = '/oase_web/system/user'

    response_json = json.dumps(response_data)

    logger.logic_log('LOSI00002', 'json_str: %s, response_json: %s' % (json_str, response_json), request=request)
    return HttpResponse(response_json, content_type="application/json")