def __init__(self):
mysqlallvalue = dbinfo_select_global_configuration()[0]
self.iisip = 'http://'+str(mysqlallvalue['iis_ip'])+':'+str(mysqlallvalue['iis_port'])+'/api/Adapi/'
self.testiisip = 'http://localhost:22238/api/Adapi/'
self.addomain = str(mysqlallvalue['ad_domain'])
self.exdomain = str(mysqlallvalue['ex_domain'])
self.skey = admd5()
def userisinitgroup(username):
mysqlallvalue = dbinfo_select_global_configuration()[0]
it_group = mysqlallvalue['it_group']
if it_group == '' or it_group == None or it_group == "None":
return False
else:
if sel_account_to_group(username, it_group):
return True
else:
return False
def serverip():
#ipvalue = 'http://localhost:55823/api/adapi/'
try:
mysqlallvalue = dbinfo_select_global_configuration()[0]
iisip = str(mysqlallvalue['iis_ip'])
iisport = str(mysqlallvalue['iis_port'])
ipvalue = 'http://' + iisip + ':' + iisport + '/api/Adapi/'
except Exception as e:
ipvalue = '没有获取到url'
return ipvalue
def __init__(self, adusername, level_id_list, read_m_list, account_list):
self.adusername = adusername #当前登陆用户的AD
self.level_id_list = level_id_list # 目录ID#
self.read_m_list = read_m_list ##list
self.account_list = account_list # AD账号
mysqlallvalue = dbinfo_select_global_configuration()
if mysqlallvalue:
self.domain = str(mysqlallvalue[0]['ad_domain'])
else:
self.domain = "test"
threading.Thread.__init__(self)
def adminconfig(request):
username = request.session.get('username')
if username.lower() != 'administrator':
return HttpResponseRedirect('/portal/', request)
displayname = request.session.get('displayname')
mysqlipvalue = readprofile('mysql', 'ip')
mysqlusernamevalue = readprofile('mysql', 'username')
mysqlPortevalue = readprofile('mysql', 'Port')
mysqlPasswordvalue = readprofile('mysql', 'Password')
if mysqlipvalue != 'None' and mysqlipvalue != "" and mysqlipvalue != None:
mysqlallvalue = dbinfo_select_global_configuration()[0]
iis_ip = mysqlallvalue['iis_ip']
if iis_ip == '' or iis_ip == None:
iis_ip = 'None'
iis_port = mysqlallvalue['iis_port']
if iis_port == '' or iis_port == None:
iis_port = 'None'
ad_ip = mysqlallvalue['ad_ip']
if ad_ip == '' or ad_ip == None:
ad_ip = 'None'
ad_account = mysqlallvalue['ad_account']
if ad_account == '' or ad_account == None:
ad_account = 'None'
ad_password = mysqlallvalue['ad_password']
if ad_password == '' or ad_password == None:
ad_password = '******'
ad_domain = mysqlallvalue['ad_domain']
if ad_domain == '' or ad_domain == None:
ad_domain = 'None'
ad_path = mysqlallvalue['ad_path']
if ad_path == '' or ad_path == None:
ad_path = 'None'
ex_ip = mysqlallvalue['ex_ip']
if ex_ip == '' or ex_ip == None:
ex_ip = 'None'
ex_account = mysqlallvalue['ex_account']
if ex_account == '' or ex_account == None:
ex_account = 'None'
ex_password = mysqlallvalue['ex_password']
if ex_password == '' or ex_password == None:
ex_password = '******'
ex_domain = mysqlallvalue['ex_domain']
if ex_domain == '' or ex_domain == None:
ex_domain = 'None'
it_group = mysqlallvalue['it_group']
if it_group == '' or it_group == None:
it_group = 'None'
# ad_ips = mysqlallvalue['ad_ips']
# if ad_ips == '' or ad_ips == None or ad_ips == "None":
# ad_ips = 'None'
# else:
# ad_ips = ad_ips.split(",")
return render_to_response('admin/adminindex.html', locals())
def updateconfigall(request):
post = request.POST
WiFiname = post.getlist("WiFiname")
WiFilist = post.getlist("WiFilist")
vnplist = post.getlist("vnplist")
vpnname = post.getlist("vpnname")
networklist = post.getlist("networklist")
networkname = post.getlist("networkname")
inputpubmailou = post.get("inputpubmailou")
inputmailgroupou = post.get("inputmailgroupou")
inputpwdlen = post.get("inputpwdlen")
inputjzou = post.get("inputjzou")
inputjzgroup = post.get("inputjzgroup")
inputunlockgroup = post.get("inputunlockgroup")
inputpubmailDB = post.get("inputpubmailDB")
inputpubmaillanwei = post.get("inputpubmaillanwei")
inputewge = 'regex:^(?![a-zA-Z]+$)(?![A-Z0-9]+$)(?![A-Z\W_]+$)(?![a-z0-9]+$)(?![a-z\W_]+$)(?![0-9\W_]+$)[a-zA-Z0-9\W_]{' + inputpwdlen + ',}$;'
inputips = '至少有' + inputpwdlen + '个字符长'
try:
ad_domain = dbinfo_select_global_configuration()[0]['ad_domain']
network = list()
vpn = list()
wifi = list()
for i in range(len(WiFiname)):
wifi.append({"description": WiFiname[i], "name": WiFilist[i]})
for i in range(len(vpnname)):
vpn.append({"description": vpnname[i], "name": vnplist[i]})
for i in range(len(networkname)):
network.append({
"description": networkname[i],
"name": networklist[i]
})
savecon = update_config(ad_domain, str(network), str(vpn), str(wifi),
inputpubmailou, inputmailgroupou, inputewge,
inputips, inputjzou, inputjzgroup,
inputunlockgroup, inputpubmailDB,
inputpubmaillanwei, inputpwdlen)
if savecon == ():
status = True
else:
status = False
except Exception as e:
status = False
result = {'status': status}
response = HttpResponse()
response['Content-Type'] = "text/javascript"
response.write(json.dumps(result))
return response
def __init__(self):
management_configuration = get_management_configuration()
self.dfs_api = management_configuration.get("dfs_api", "")
self.dfs_manager = management_configuration.get("dfs_manager", "")
self.dfs_group = management_configuration.get("dfs_group", "")
self.Basic_authority = management_configuration.get(
"Basic_authority", "")
self.AD_time = management_configuration.get("AD_time", "")
mysqlallvalue = dbinfo_select_global_configuration()
if mysqlallvalue:
mysqlallvalue = mysqlallvalue[0]
self.addomain = str(mysqlallvalue['ad_domain'])
self.exdomain = str(mysqlallvalue['ex_domain'])
self.dict = setkey()
self.signature = self.dict.get("signature", '')
self.timestamp = self.dict.get("timestamp", '')
self.nonce = self.dict.get("nonce", '')
def index(request):
try:
username = request.session.get('username')
displayname = request.session.get('displayname')
if username:
sel_account_to_groups = False
app_director_count = showmyapproval_count(username) #显示主管需要的审批数量
app_relation_count = showrelationapproval_count(
username) #显示文件夹管理员需要的审批数量
app_relation = showlevel2byusername(username) #是不是文件夹管理员
global_configuration = dbinfo_select_global_configuration() # 查找数据
if global_configuration:
it_group = global_configuration[0].get("it_group", '')
sel_account_to_groups = sel_account_to_group(
username, it_group) #是不是DFS管理员 True
return render_to_response('index.html', locals())
else:
return HttpResponseRedirect('/', request)
except:
return HttpResponseRedirect('/', request)
def changeadminpwd(request):
try:
post = request.POST
adminoldpwd = post.get("adminoldpwd")
adminnewpwd = post.get("adminnewpwd")
adminrealnewpwd = post.get("adminrealnewpwd")
username = request.session.get('username')
if username.lower() == "administrator":
if adminoldpwd != '' and adminnewpwd != '' and adminrealnewpwd != '':
if adminnewpwd == adminrealnewpwd:
adminsqlpassword = dbinfo_select_global_configuration(
)[0]['adminpwd']
if adminsqlpassword == '' or adminsqlpassword == None or adminsqlpassword == "None":
adminoldassword = administratorpassword
else:
adminoldassword = adminsqlpassword
if check_password(adminoldpwd, adminoldassword):
realpassword = make_password(adminnewpwd)
dbinfo_insert_adminvalue(realpassword)
isSuccess = 1
message = ''
else:
isSuccess = 0
message = "请输入正确的密码"
else:
isSuccess = 0
message = "两次密码不一致"
else:
isSuccess = 0
message = "请输入完整"
else:
isSuccess = 0
message = "越权"
except Exception as e:
isSuccess = 0
message = "系统异常"
result = {'isSuccess': isSuccess, "message": message}
response = HttpResponse()
response['Content-Type'] = "text/javascript"
response.write(json.dumps(result))
return response
def psdpubmailset(request):
log = logmanager()
ip = request.META.get('HTTP_X_FORWARDED_FOR', request.META['REMOTE_ADDR'])
username = request.session.get('username')
samcoun = request.POST.get('samcoun')
mailaddress = request.session.get('mail')
try:
configsql = getmailou_new()
publicmailconfig = configsql[0]['pubmailou']
pubmailfence = configsql[0]['pubmailfence']
if pubmailfence != "" and pubmailfence != None:
pubmailfencelastvalue = pubmailfence
else:
pubmailfencelastvalue = "physicalDeliveryOfficeName"
if publicmailconfig != "" and publicmailconfig != None:
ad_path = publicmailconfig
else:
ad_path = dbinfo_select_global_configuration()[0]['ad_path']
publicmailvalue = adapi().postapi(
'GetUserFromLdap',
ldaps=
'(&(objectCategory=person)(objectClass=user)(mail=*) (sAMAccountName='
+ samcoun + '))',
path=ad_path)
if publicmailvalue['isSuccess'] and publicmailvalue['Count'] != 0:
publicmailvaluemessage = publicmailvalue['message'][0]
managervalue = publicmailvaluemessage.get(
pubmailfencelastvalue.lower(), [None])[0]
if managervalue.lower() == username.lower():
passwd = genpwd()
message = adapi().Initialapi('ResetPasswordByOU',
username=samcoun,
newpassword=passwd)
if message['isSuccess']:
subject = u'公共邮箱密码重置'
emaillists = '您的公共邮箱:' + samcoun + '已经重置密码,新密码为' + passwd + ',请妥善保管密码,并同步给使用此公共邮箱的同事'
email_data = {'emaillists': emaillists}
template = "mailmould/sendmailpassword.html"
to_list = [mailaddress]
send_email_by_template(subject, template, email_data,
to_list)
log.log(returnid=1,
username=username,
ip=ip,
message=username + "重置公共邮箱密码",
returnparameters='密码修改成功',
issuccess=1,
methodname="psdpubmailset",
types="AD")
else:
message = {
'message': {
'message': '重置失败。'
},
'isSuccess': False
}
log.log(returnid=0,
username=username,
ip=ip,
message=username + "重置公共邮箱密码",
returnparameters=str(message),
issuccess=0,
methodname="psdpubmailset",
types="AD")
else:
message = {'message': {'message': '越权操作。'}, 'isSuccess': False}
except Exception as e:
message = {'message': {'message': '异常。'}, 'isSuccess': False}
print(e)
log.log(returnid=0,
username=username,
ip=ip,
message=username + "重置公共邮箱密码",
returnparameters=str(e),
issuccess=0,
methodname="psdpubmailset",
types="AD")
result = message
response = HttpResponse()
response['Content-Type'] = "text/javascript"
response.write(json.dumps(result))
return response
def updatepubmess(request):
log = logmanager()
username = request.session.get('username')
ip = request.META.get('HTTP_X_FORWARDED_FOR', request.META['REMOTE_ADDR'])
pubmailadd = request.POST.get('pubmailadd')
samcoun = request.POST.get('sancount')
displaypub = request.POST.get('displaypub')
pbmanger = request.POST.get('pbmanger')
oldmanger = request.POST.get('oldmanger')
try:
configsql = getmailou_new()
publicmailconfig = configsql[0]['pubmailou']
pubmailfence = configsql[0]['pubmailfence']
if pubmailfence != "" and pubmailfence != None:
pubmailfencelastvalue = pubmailfence
else:
pubmailfencelastvalue = "physicalDeliveryOfficeName"
if publicmailconfig != "" and publicmailconfig != None:
ad_path = publicmailconfig
else:
ad_path = dbinfo_select_global_configuration()[0]['ad_path']
publicmailvalue = adapi().postapi(
'GetUserFromLdap',
ldaps=
'(&(objectCategory=person)(objectClass=user)(mail=*) (sAMAccountName='
+ samcoun + '))',
path=ad_path)
if publicmailvalue['isSuccess'] and publicmailvalue['Count'] != 0:
publicmailvaluemessage = publicmailvalue['message'][0]
managervalue = publicmailvaluemessage.get(
pubmailfencelastvalue.lower(), [None])[0]
if managervalue.lower() == username.lower():
if oldmanger.lower() != pbmanger.lower():
usermail = adapi().Initialapi('GetobjectProperty',
objects=pbmanger.lower(),
objectClass='user')
pnmangermail = usermail['message'][0]['mail']
setdisname = adapi().Initialapi('SetuserProperty',
username=samcoun,
PropertyName='displayName',
PropertyValue=displaypub)
setmanger = adapi().Initialapi(
'SetuserProperty',
username=samcoun,
PropertyName='physicalDeliveryOfficeName',
PropertyValue=pbmanger)
if setdisname['isSuccess'] and setmanger['isSuccess']:
log.log(returnid=1,
ip=ip,
message=username + "修改公共邮箱属性,修改管理者为" +
pbmanger + '修改显示名称' + displaypub,
issuccess=1,
inparameters=str(setdisname) + str(setmanger),
methodname="updatepubmess",
types="exchange")
subject = u'公共邮箱更改'
emaillists = '您已经拥有公共邮箱:' + pubmailadd + '的权限,如果想要重置密码,请登录平台重置该公共邮箱的密码! '
email_data = {'emaillists': emaillists}
template = "mailmould/sendmailpassword.html"
to_list = [pnmangermail]
send_email_by_template(subject, template, email_data,
to_list)
status = 1
else:
log.log(returnid=0,
ip=ip,
message=username + "修改公共邮箱属性,修改管理者为" +
pbmanger + '修改显示名称' + displaypub,
issuccess=0,
inparameters=str(setdisname) + str(setmanger),
methodname="updatepubmess",
types="exchange")
status = 2
else:
setdisname = adapi().Initialapi('SetuserProperty',
username=samcoun,
PropertyName='displayName',
PropertyValue=displaypub)
if setdisname['isSuccess']:
log.log(returnid=1,
ip=ip,
message=username + "修改公共邮箱属性,修改显示名称" +
displaypub,
issuccess=1,
inparameters=str(setdisname),
methodname="updatepubmess",
types="exchange")
status = 1
else:
log.log(returnid=0,
ip=ip,
message=username + "修改公共邮箱属性,修改显示名称" +
displaypub,
issuccess=0,
inparameters=str(setdisname),
methodname="updatepubmess",
types="exchange")
status = 2
else:
status = 2
except Exception as e:
log.log(returnid=0,
ip=ip,
message=username + "修改公共邮箱属性,修改显示名称" + displaypub,
issuccess=0,
inparameters=str(e),
methodname="updatepubmess",
types="exchange")
print(e)
result = {'status': status}
response = HttpResponse()
response['Content-Type'] = "text/javascript"
response.write(json.dumps(result))
return response
def mailcountdel(request):
log = logmanager()
username = request.session.get('username')
ip = request.META.get('HTTP_X_FORWARDED_FOR', request.META['REMOTE_ADDR'])
count = request.POST.get('count')
try:
configsql = getmailou_new()
publicmailconfig = configsql[0]['pubmailou']
pubmailfence = configsql[0]['pubmailfence']
if pubmailfence != "" and pubmailfence != None:
pubmailfencelastvalue = pubmailfence
else:
pubmailfencelastvalue = "physicalDeliveryOfficeName"
if publicmailconfig != "" and publicmailconfig != None:
ad_path = publicmailconfig
else:
ad_path = dbinfo_select_global_configuration()[0]['ad_path']
publicmailvalue = adapi().postapi(
'GetUserFromLdap',
ldaps=
'(&(objectCategory=person)(objectClass=user)(mail=*) (sAMAccountName='
+ count + '))',
path=ad_path)
if publicmailvalue['isSuccess'] and publicmailvalue['Count'] != 0:
publicmailvaluemessage = publicmailvalue['message'][0]
managervalue = publicmailvaluemessage.get(
pubmailfencelastvalue.lower(), [None])[0]
if managervalue.lower() == username.lower():
message = adapi().Initialapi('SetuserProperty',
username=count,
PropertyName='userAccountControl',
PropertyValue=514)
if message['isSuccess']:
status = 1
log.log(returnid=0,
ip=ip,
message=username + "删除公共邮箱成功" + count,
issuccess=0,
inparameters=str(publicmailvalue),
methodname="mailcountdel",
types="exchange")
else:
log.log(returnid=0,
ip=ip,
message=username + "删除公共邮箱失败" + count,
issuccess=0,
inparameters=str(publicmailvalue),
methodname="mailcountdel",
types="exchange")
status = 2
else:
status = 2
log.log(returnid=0,
ip=ip,
message=username + "越权" + count,
issuccess=0,
inparameters=str(publicmailvalue),
methodname="mailcountdel",
types="exchange")
else:
status = 2
log.log(returnid=0,
ip=ip,
message=username + "为查询到公共邮箱,疑似越权" + count,
issuccess=0,
inparameters=str(publicmailvalue),
methodname="mailcountdel",
types="exchange")
except Exception as e:
status = 2
log.log(returnid=0,
ip=ip,
message=username + "删除公共邮箱异常" + count,
issuccess=0,
inparameters=str(e),
methodname="mailcountdel",
types="exchange")
print(e)
result = {'status': status}
response = HttpResponse()
response['Content-Type'] = "text/javascript"
response.write(json.dumps(result))
return response
def serverip_new():
mysqlallvalue = dbinfo_select_global_configuration()[0]
iisip = str(mysqlallvalue['iis_ip'])
iisport = str(mysqlallvalue['iis_port'])
ipvalue = 'http://'+iisip+':'+iisport+'/api/Adapi/'
return ipvalue
def admd5():
mysqlallvalue = dbinfo_select_global_configuration()[0]
skey = mysqlallvalue['skey']
return skey
def userlogin(request):
post = request.POST
username = post.get("Username")
password = post.get("Password")
returnbackurl = request.session.get("returnbackurl")
try:
if not returnbackurl:
returnbackurl = r'/'
if username:
if password:
if username.lower() == 'administrator':
# adminpassword = make_password('ITPortal...123')
if not dbinfo_select_global_configuration():
adminoldassword = administratorpassword
else:
adminsqlpassword = dbinfo_select_global_configuration(
)[0]['adminpwd']
if adminsqlpassword == '' or adminsqlpassword == None or adminsqlpassword == "None":
adminoldassword = administratorpassword
else:
adminoldassword = adminsqlpassword
if check_password(password, adminoldassword):
request.session['username'] = '******'
request.session['displayname'] = '超级管理员'
request.session['titleshow'] = 'IT开放平台'
status = {
'backurl': '/adminconfig/',
'status': 'success'
}
else:
status = {'backurl': '', 'status': 'errorpasswd'}
else:
loginvalue = adapi().Initialapi('VerifyUserLogin',
username=username,
password=password)
if loginvalue['isSuccess']:
request.session['username'] = username.lower()
request.session['displayname'] = loginvalue['message'][
'name']
# tltile = shwotitle()
# if tltile == None or tltile ==False :
# request.session['titleshow']='IT开放平台'
# else:
# request.session['titleshow'] = shwotitle()['title']
request.session['jobnumber'] = loginvalue['message'][
'jobnumber']
request.session['givenName'] = loginvalue['message'][
'givenName']
request.session['DN'] = loginvalue['message']['DN']
request.session['description'] = loginvalue['message'][
'description']
request.session['guid'] = loginvalue['message']['guid']
request.session['mail'] = loginvalue['message']['mail']
request.session['sn'] = loginvalue['message']['sn']
request.session['returnbackurl'] = ''
status = {
'backurl': returnbackurl,
'status': 'success'
}
else:
status = {'backurl': '', 'status': 'errorpasswd'}
else:
status = {'backurl': '', 'status': 'nopassword'}
else:
status = {'backurl': '', 'status': 'nouser'}
except Exception as e:
status = {'backurl': '', 'status': 'error'}
result = status
response = HttpResponse()
response['Content-Type'] = "text/javascript"
response.write(json.dumps(result))
return response
