def work_weixin_oauth_connect_callback(request): if not work_weixin_oauth_check(): return render_error(request, _('Feature is not enabled.')) code = request.GET.get('code', None) state = request.GET.get('state', None) if state != request.session.get('work_weixin_oauth_connect_state', None) or not code: logger.error('can not get right code or state from work weixin request') return render_error(request, _('Error, please contact administrator.')) access_token = get_work_weixin_access_token() if not access_token: logger.error('can not get work weixin access_token') return render_error(request, _('Error, please contact administrator.')) data = { 'access_token': access_token, 'code': code, } api_response = requests.get(WORK_WEIXIN_GET_USER_INFO_URL, params=data) api_response_dic = handler_work_weixin_api_response(api_response) if not api_response_dic: logger.error('can not get work weixin user info') return render_error(request, _('Error, please contact administrator.')) if not api_response_dic.get('UserId', None): logger.error('can not get UserId in work weixin user info response') return render_error(request, _('Error, please contact administrator.')) user_id = api_response_dic.get('UserId') uid = WORK_WEIXIN_UID_PREFIX + user_id email = request.user.username work_weixin_user = SocialAuthUser.objects.get_by_provider_and_uid(WORK_WEIXIN_PROVIDER, uid) if work_weixin_user: logger.error('work weixin account already exists %s' % user_id) return render_error(request, '出错了,此企业微信账号已被绑定') SocialAuthUser.objects.add(email, WORK_WEIXIN_PROVIDER, uid) # update user info if WORK_WEIXIN_USER_INFO_AUTO_UPDATE: user_info_data = { 'access_token': access_token, 'userid': user_id, } user_info_api_response = requests.get(WORK_WEIXIN_GET_USER_PROFILE_URL, params=user_info_data) user_info_api_response_dic = handler_work_weixin_api_response(user_info_api_response) if user_info_api_response_dic: api_user = user_info_api_response_dic api_user['username'] = email api_user['contact_email'] = api_user['email'] update_work_weixin_user_info(api_user) # redirect user to page response = HttpResponseRedirect(request.session.get('work_weixin_oauth_connect_redirect', '/')) return response
def get(self, request): if not admin_work_weixin_departments_check(): error_msg = 'Feature is not enabled.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) access_token = get_work_weixin_access_token() if not access_token: logger.error('can not get work weixin access_token') error_msg = '获取企业微信组织架构失败' return api_error(status.HTTP_404_NOT_FOUND, error_msg) data = { 'access_token': access_token, } department_id = request.GET.get('department_id', None) if department_id: data['id'] = department_id api_response = requests.get(WORK_WEIXIN_DEPARTMENTS_URL, params=data) api_response_dic = handler_work_weixin_api_response(api_response) if not api_response_dic: logger.error('can not get work weixin departments response') error_msg = '获取企业微信组织架构失败' return api_error(status.HTTP_404_NOT_FOUND, error_msg) if WORK_WEIXIN_DEPARTMENT_FIELD not in api_response_dic: logger.error(json.dumps(api_response_dic)) logger.error( 'can not get department list in work weixin departments response' ) error_msg = '获取企业微信组织架构失败' return api_error(status.HTTP_404_NOT_FOUND, error_msg) return Response(api_response_dic)
def get(self, request, department_id): if not admin_work_weixin_departments_check(): error_msg = 'Feature is not enabled.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if not request.user.admin_permissions.can_manage_user(): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') access_token = get_work_weixin_access_token() if not access_token: logger.error('can not get work weixin access_token') error_msg = '获取企业微信组织架构成员失败' return api_error(status.HTTP_404_NOT_FOUND, error_msg) data = { 'access_token': access_token, 'department_id': department_id, } fetch_child = request.GET.get('fetch_child', None) if fetch_child: if fetch_child not in ('true', 'false'): error_msg = 'fetch_child invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) data['fetch_child'] = 1 if fetch_child == 'true' else 0 api_response = requests.get(WORK_WEIXIN_DEPARTMENT_MEMBERS_URL, params=data) api_response_dic = handler_work_weixin_api_response(api_response) if not api_response_dic: logger.error('can not get work weixin department members response') error_msg = '获取企业微信组织架构成员失败' return api_error(status.HTTP_404_NOT_FOUND, error_msg) if WORK_WEIXIN_DEPARTMENT_MEMBERS_FIELD not in api_response_dic: logger.error(json.dumps(api_response_dic)) logger.error( 'can not get userlist in work weixin department members response' ) error_msg = '获取企业微信组织架构成员失败' return api_error(status.HTTP_404_NOT_FOUND, error_msg) api_user_list = api_response_dic[WORK_WEIXIN_DEPARTMENT_MEMBERS_FIELD] # todo filter ccnet User database social_auth_queryset = SocialAuthUser.objects.filter( provider=WORK_WEIXIN_PROVIDER, uid__contains=WORK_WEIXIN_UID_PREFIX) for api_user in api_user_list: uid = WORK_WEIXIN_UID_PREFIX + api_user.get('userid', '') api_user['contact_email'] = api_user['email'] # # determine the user exists if social_auth_queryset.filter(uid=uid).exists(): api_user['email'] = social_auth_queryset.get(uid=uid).username else: api_user['email'] = '' return Response(api_response_dic)
def _list_departments_from_work_weixin(self, access_token, department_id): data = { 'access_token': access_token, 'id': department_id, } api_response = requests.get(WORK_WEIXIN_DEPARTMENTS_URL, params=data) api_response_dic = handler_work_weixin_api_response(api_response) if not api_response_dic: logger.error('can not get work weixin departments response') return None if WORK_WEIXIN_DEPARTMENT_FIELD not in api_response_dic: logger.error(json.dumps(api_response_dic)) logger.error('can not get department list in work weixin departments response') return None return api_response_dic[WORK_WEIXIN_DEPARTMENT_FIELD]
def list_departments_from_work_weixin(self, access_token): # https://work.weixin.qq.com/api/doc/90000/90135/90208 data = { 'access_token': access_token, } api_response = requests.get(WORK_WEIXIN_DEPARTMENTS_URL, params=data) api_response_dic = handler_work_weixin_api_response(api_response) if not api_response_dic: self.log_error('can not get work weixin departments response') return None if 'department' not in api_response_dic: self.log_error(json.dumps(api_response_dic)) self.log_error( 'can not get department list in work weixin departments response' ) return None return api_response_dic['department']
def send_work_weixin_msg(self, uid, title, content, detail_url, notice_url): self.log_debug('Send wechat msg to user: %s, msg: %s' % (uid, content)) data = { "touser": uid, "agentid": WORK_WEIXIN_AGENT_ID, 'msgtype': 'textcard', 'textcard': { 'title': title, 'description': content, 'url': detail_url, }, } api_response = requests.post(notice_url, json=data) api_response_dic = handler_work_weixin_api_response(api_response) if api_response_dic: self.log_info(api_response_dic) else: self.log_error( 'Can not get work weixin notifications API response')
def work_weixin_oauth_callback(request): if not work_weixin_oauth_check(): return render_error(request, _('Feature is not enabled.')) code = request.GET.get('code', None) state = request.GET.get('state', None) if state != request.session.get('work_weixin_oauth_state', None) or not code: logger.error( 'can not get right code or state from work weixin request') return render_error(request, _('Error, please contact administrator.')) access_token = get_work_weixin_access_token() if not access_token: logger.error('can not get work weixin access_token') return render_error(request, _('Error, please contact administrator.')) data = { 'access_token': access_token, 'code': code, } api_response = requests.get(WORK_WEIXIN_GET_USER_INFO_URL, params=data) api_response_dic = handler_work_weixin_api_response(api_response) if not api_response_dic: logger.error('can not get work weixin user info') return render_error(request, _('Error, please contact administrator.')) if not api_response_dic.get('UserId', None): logger.error('can not get UserId in work weixin user info response') return render_error(request, _('Error, please contact administrator.')) user_id = api_response_dic.get('UserId') uid = WORK_WEIXIN_UID_PREFIX + user_id work_weixin_user = SocialAuthUser.objects.get_by_provider_and_uid( WORK_WEIXIN_PROVIDER, uid) if work_weixin_user: email = work_weixin_user.username is_new_user = False else: email = gen_user_virtual_id() SocialAuthUser.objects.add(email, WORK_WEIXIN_PROVIDER, uid) is_new_user = True try: user = auth.authenticate(remote_user=email) except User.DoesNotExist: user = None if not user: return render_error( request, _('Error, new user registration is not allowed, please contact administrator.' )) # update user info if is_new_user or WORK_WEIXIN_USER_INFO_AUTO_UPDATE: user_info_data = { 'access_token': access_token, 'userid': user_id, } user_info_api_response = requests.get(WORK_WEIXIN_GET_USER_PROFILE_URL, params=user_info_data) user_info_api_response_dic = handler_work_weixin_api_response( user_info_api_response) if user_info_api_response_dic: api_user = user_info_api_response_dic api_user['username'] = email api_user['contact_email'] = api_user['email'] update_work_weixin_user_info(api_user) if not user.is_active: return render_error( request, _('Your account is created successfully, please wait for administrator to activate your account.' )) # User is valid. Set request.user and persist user in the session # by logging the user in. request.user = user auth.login(request, user) # generate auth token for Seafile client api_token = get_api_token(request) # redirect user to page response = HttpResponseRedirect( request.session.get('work_weixin_oauth_redirect', '/')) response.set_cookie('seahub_auth', user.username + '@' + api_token.key) return response