def post(self, request):
'''
登录验证ldap账号密码以及验证码,成功则写cookie
'''
try:
data = json.loads(request.body)
ldap_username = data["ldap_username"]
password = data["password"]
captcha = data["captcha"]
# 比较验证码
if request.session["captcha"].lower() != captcha.lower():
return JsonResponse({"status": False, "msg": "验证码错误!"})
# 验证ldap账号密码
aes = Aes()
opt = options.objects.all()[0]
ldap_client = MyLdap(opt.ldap_url,
opt.base_dn,
opt.ldap_admin,
aes.decrypt(opt.ldap_pass))
if not ldap_client.ldap_get(uid=ldap_username, passwd=password):
return JsonResponse({"status": False, "msg": "账号或密码输入错误!"})
# 写cookie,设置cookie_domain
rsa = Rsa()
now = time.time()
public_key = rsakeys.objects.all()[0].public_key
user_info = "{0}|||||{1}".format(ldap_username, now)
response = JsonResponse({"status": True})
response.set_cookie('sso_user', rsa.crypto(
public_key, user_info), domain=options.objects.all()[0].cookie_domain)
# request.session.set_expiry(30*60)
return response
except Exception as e:
log().error(traceback.format_exc())
return JsonResponse({"status": False, "msg": str(e)})
def get(self, request):
try:
code = request.GET.get("code")
state = request.GET.get("state")
if state != weixin.objects.all()[0].state:
return 403
# 企业微信获取userid流程
if not cache.get("wx_token"):
set_wx_token()
wx_token = cache.get("wx_token")
payload = {
'access_token': wx_token,
'code': code
}
r = requests.get(
"https://qyapi.weixin.qq.com/cgi-bin/user/getuserinfo", params=payload)
if r.json()["errcode"] != 0:
return HttpResponseRedirect('/login/')
username = r.json()["UserId"]
# 写cookie
rsa = Rsa()
now = time.time()
public_key = rsakeys.objects.all()[0].public_key
user_info = "{0}|||||{1}".format(username, now)
response = HttpResponseRedirect('/dashboard/')
response.set_cookie('sso_user', rsa.crypto(
public_key, user_info), domain=options.objects.all()[0].cookie_domain)
return response
except Exception as e:
log().error(traceback.format_exc())
return HttpResponseRedirect('/login/')
def post(self, request):
'''
初始化sso系统,将ldap admin密码加密存放在数据库
生成rsa加解密密钥,经过aes加密后存放在数据库
'''
if start_up.objects.all().exists():
return HttpResponseRedirect('/login/')
else:
try:
data = json.loads(request.body)
ldap_url = data["ldap_url"]
base_dn = data["basedn"]
admin = data["admin"]
password = data["password"]
sys_admin = data["sys_admin"]
timeout = 10 * \
3600 if data["timeout"] == '' else int(
data["timeout"])*3600
domain = data["domain"]
# 验证ldap地址及管理员账号密码是否有效
ldap_client = MyLdap(ldap_url, base_dn, admin, password)
if ldap_client.status["status"]:
# 将ldap地址及管理员账号aes加密存放在数据库中
aes = Aes()
options.objects.create(
ldap_url=ldap_url,
base_dn=base_dn,
ldap_admin=admin,
ldap_pass=aes.encrypt(str(password)),
sys_admin=sys_admin,
cookie_domain=domain,
cookie_timeout=int(timeout),
)
start_up.objects.create(startup_status=True)
# 生成rsa公私钥,aes加密存放在数据库中
rsa = Rsa()
(pri, pub) = rsa.gen_rsa_keys()
rsakeys.objects.create(
private_key=aes.encrypt(pri),
public_key=pub
)
# 初始化空白的企业微信扫码登录数据库
weixin.objects.create()
return JsonResponse({"status": True, "msg": "系统初始化成功"})
else:
return JsonResponse({"status": False, "msg": ldap_client.status["msg"]})
except Exception as e:
# 有错误则删除生成的初始化信息
options.objects.all().delete()
start_up.objects.all().delete()
rsakeys.objects.all().delete()
weixin.objects.all().delete()
log().error(traceback.format_exc())
return JsonResponse({"status": False, "msg": str(e)})
def sso_decode(cookie):
'''
cookie解密
'''
try:
rsa = Rsa()
aes = Aes()
private_key = aes.decrypt(rsakeys.objects.all()[0].private_key)
user_info = rsa.decrypt(private_key, cookie)
# cookie超过有效期,返回error
if int(time.time()) - int(float(user_info.split("|||||")[1])) > options.objects.all()[0].cookie_timeout:
return "error"
username = user_info.split("|||||")[0]
return username
except Exception as e:
return 'error'