capricornxl / ad-password-self-service Goto Github PK

View Code? Open in Web Editor NEW

135.0 6.0 74.0 29.49 MB

基于Python 3.8 + Django 3.2的密码自助平台，AD用户自助修改密码，结合<钉钉>/<企业微信>应用免密码授权后可自行重置密码、解锁自己的账号。

License: Apache License 2.0

Python 71.57% CSS 0.75% HTML 12.02% Shell 15.65%

active-directory dingding wework password password-reset

ad-password-self-service's People

Contributors

Stargazers

Watchers

Forkers

888hou ykj200788 funcy-boy redstory informationx littleant1111 wb1t gitblhekai wuyueheng shen518608 upbeat-backbone-bose mrggbond jimmyzhoujcc apple524 leovon ciscowh eddieeo seash0re 0x0021 itxingqing catbei2020 23171580 dennsya bondliu2020 qt-pay eekon heiye1024 ngocdoan puresoybean githubsectest jiefangit hujingguang wanglixiang90 xwuchen victors34 arsleeli nyanyamilk gcc-coder gzh540639382 greenyi1984 juanparker1 kekewind yzc811 imwangxuesen kenuoseclab cklxl ahratul hq-git nodiff song-sky-s mirsys skyshe kingsxw daniel3155 niitws dbsre z15858167 keivry beebol zcy0776 zhaowei2021 puluto wayne-gihub wanggl0113 maskertui advwei potatoone monitordb yyccfish xing-fax

ad-password-self-service's Issues

您好请问一下我放到环境中自动安装最后uwsgi 无法启动是什么原因

对于没有固定公网IP出口的场景，通过添加代理解决企业微信可信IP的问题

由于现在企业微信应用强制必须配置可信IP，但公司又没有固定公网IP出口的专线，都是动态公网IP，导致出口IP变化之后无法使用企业微信OAuth2认证重置密码，每次IP变化都必须手动在企业微信管理后台修改可信IP，虽然有固定公网IP的云服务器，但考虑到把程序部署到云服务器的话又无法直接访问到内网的域控，操作起来更复杂，在多次考虑和尝试之后决定使用正向代理的方式比较简单

需要有一台固定公网IP的云服务器，在上面搭建 Squid 代理（或其他），我是根据这个教程搭建（一定要加密防止被扫）：docker一键安装http代理服务器squid

修改程序的 utils/wework_api/abstract_api.py 文件，在开头的 class 前面添加代理信息：

# 代理服务器
proxy = {
    'http': 'http://username:[email protected]:port',
    'https': 'http://username:[email protected]:port'
}

然后往下找到 http_post 和 http_get 定义，在 requests 参数里使用代理 proxies=proxy

    def __http_post(self, url, args):
        real_url = self.__append_token(url)

        if DEBUG is True:
            print(real_url, args)

        return requests.post(real_url, proxies=proxy, data=json.dumps(args, ensure_ascii=False).encode('utf-8')).json()

    def __http_get(self, url):
        real_url = self.__append_token(url)

        if DEBUG is True:
            print(real_url)

        return requests.get(real_url, proxies=proxy).json()

最后直接重启服务器就可以了，这样程序就会通过代理使用云服务器的IP去访问企业微信的接口，将云服务器的IP加入到可信IP里即可

有同样需求的可以尝试这个操作，希望作者后续也能考虑添加一个代理选项，我只会点三脚猫功夫就只会手动改改代码了

Centos7.5 一键脚本部署后 nginx 502 error

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/share/python-3.8.9/lib/python3.8/site-packages/django/core/handlers/wsgi.py", line 133, in call
response = self.get_response(request)
File "/usr/share/python-3.8.9/lib/python3.8/site-packages/django/core/handlers/base.py", line 130, in get_response
response = self._middleware_chain(request)
File "/usr/share/python-3.8.9/lib/python3.8/site-packages/django/core/handlers/exception.py", line 49, in inner
response = response_for_exception(request, exc)
File "/usr/share/python-3.8.9/lib/python3.8/site-packages/django/core/handlers/exception.py", line 114, in response_for_exception
response = handle_uncaught_exception(request, get_resolver(get_urlconf()), sys.exc_info())
File "/usr/share/python-3.8.9/lib/python3.8/site-packages/django/core/handlers/exception.py", line 152, in handle_uncaught_exception
callback = resolver.resolve_error_handler(500)
File "/usr/share/python-3.8.9/lib/python3.8/site-packages/django/urls/resolvers.py", line 611, in resolve_error_handler
callback = getattr(self.urlconf_module, 'handler%s' % view_type, None)
File "/usr/share/python-3.8.9/lib/python3.8/site-packages/django/utils/functional.py", line 48, in get
res = instance.dict[self.name] = self.func(instance)
File "/usr/share/python-3.8.9/lib/python3.8/site-packages/django/urls/resolvers.py", line 591, in urlconf_module
return import_module(self.urlconf_name)
File "/usr/share/python-3.8.9/lib/python3.8/importlib/init.py", line 127, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "", line 1014, in _gcd_import
File "", line 991, in _find_and_load
File "", line 975, in _find_and_load_unlocked
File "", line 671, in _load_unlocked
File "", line 783, in exec_module
File "", line 219, in _call_with_frames_removed
File "./pwdselfservice/urls.py", line 3, in
import resetpwd.views
File "./resetpwd/views.py", line 15, in
from conf.local_settings import SCAN_CODE_TYPE, DING_MO_APP_ID, WEWORK_CORP_ID, WEWORK_AGENT_ID, HOME_URL, DING_CORP_ID
ImportError: cannot import name 'DING_MO_APP_ID' from 'conf.local_settings' (./conf/local_settings.py)
[pid: 5478|app: 0|req: 4/21] 192.168.230.56 () {38 vars in 694 bytes} [Wed Aug 4 01:07:12 2021] GET /favicon.ico => generated 0 bytes in 9 msecs (HTTP/1.0 500) 0 headers in 0 bytes (0 switches on core 3)

搭建完后的问题

搭建完后，尝试修改密码，但提示用户名或密码不正确，用企业微信扫码。扫码后能检索到用户名，但输入新密码后提示报错，报错内容为（错误[LDAPOperationResult - LDAPOperationResult: 0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0 - None - None - None - None - None]，请与管理员联系.）

钉钉接口权限问题

接口权限 {关联组织列表获取权限} 貌似不给开放了，我这就差这一个权限，
扫码登录后提示：
结果错误[Error code: 60011, message: 没有调用该接口的权限，接口权限申请参考：https://developers.dingtalk.com/document/app/add-api-permission]，请与管理员联系.

下边截图是我应用的所有权限

请大佬帮忙接入阿里云、腾讯云这类的短信平台

如题，大佬有没有可能实现：
基于企业微信、钉钉实现身份认证后，获取到用户绑定的手机号去实现即可以通过企业微信钉钉重置密码也能实现手机短信重置密码

再次感谢！

修改密码时Server Error (500)

修改密码时如果输入不存在的用户、错误密码、密码不匹配、密码不符合安全要求，就会报错Server Error (500)，请问是什么原因

扫码成功后提示None格式化失败，企业微信获取不到邮箱了

因为安全的问题，现在微信接口里获取不到邮箱地址，返回的user_info里email字段是空，提示"None格式化失败，注意：account用户账号是邮箱或DOMAIN\username或username格式！"

BN的问题

环境说明：
主域系统：windwos2008R2
AD域中以部门建立OU,公司的OU下面有各部门的OU
如果BN 写成：OU=gs,DC=abc,DC=com
连接AD域后,会报如下错误
LDAPInvalidCredentialsResult: 8009030C: LdapErr: DSID-0C0905DF, comment: AcceptSecurityContext error, data 52e, v1db1

错误信息如下：
2021-06-30 15:32:40,298 ERROR ./resetpwd/views.py views.index 68: [异常] 请求方法：POST，请求路径：/
2021-06-30 15:32:40,324 ERROR /usr/share/python-3.8.9/lib/python3.8/site-packages/django/utils/log.py log.log_response 224: Internal Server Error: /
Traceback (most recent call last):
File "./utils/ad_ops.py", line 56, in init
self.conn = Connection(server, auto_bind=self.auto_bind, user=r'{}{}'.format(self.domain, self.user), password=self.password,
File "/usr/share/python-3.8.9/lib/python3.8/site-packages/ldap3/core/connection.py", line 363, in init
self._do_auto_bind()
File "/usr/share/python-3.8.9/lib/python3.8/site-packages/ldap3/core/connection.py", line 389, in _do_auto_bind
self.bind(read_server_info=True)
File "/usr/share/python-3.8.9/lib/python3.8/site-packages/ldap3/core/connection.py", line 628, in bind
response = self.do_ntlm_bind(controls)
File "/usr/share/python-3.8.9/lib/python3.8/site-packages/ldap3/core/connection.py", line 1398, in do_ntlm_bind
response = self.post_send_single_response(self.send('bindRequest', request, controls))
File "/usr/share/python-3.8.9/lib/python3.8/site-packages/ldap3/strategy/sync.py", line 160, in post_send_single_response
responses, result = self.get_response(message_id)
File "/usr/share/python-3.8.9/lib/python3.8/site-packages/ldap3/strategy/base.py", line 403, in get_response
raise LDAPOperationResult(result=result['result'], description=result['description'], dn=result['dn'], message=result['message'], response_type=result['type'])
ldap3.core.exceptions.LDAPInvalidCredentialsResult: LDAPInvalidCredentialsResult - 49 - invalidCredentials - None - 8009030C: LdapErr: DSID-0C0905DF, comment: AcceptSecurityContext error, data 52e, v1db1^@ - bindResponse - None

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/share/python-3.8.9/lib/python3.8/site-packages/django/core/handlers/exception.py", line 47, in inner
response = get_response(request)
File "/usr/share/python-3.8.9/lib/python3.8/site-packages/django/core/handlers/base.py", line 181, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "./resetpwd/views.py", line 90, in index
auth_status, auth_result = AdOps().ad_auth_user(username=username, password=old_password)
File "./utils/ad_ops.py", line 59, in init
raise LDAPOperationResult("LDAPInvalidCredentialsResult: " + str(lic_e.message))
ldap3.core.exceptions.LDAPOperationResult: LDAPOperationResult - LDAPInvalidCredentialsResult: 8009030C: LdapErr: DSID-0C0905DF, comment: AcceptSecurityContext error, data 52e, v1db1^@ - None - None - None - None - None

AD连接错误

请问有测试测试工具么？部署好后进行修改等都提示无法连接域控。

关于域名与IP跳转的问题

就比如我现在是用ip访问的网址，但微信扫码后默认会跳转到域名的网址上去，请问是否在哪边能更改，还有一个问题就是我发现在一键部署内设置了端口后，其实80端口和该端口都是能访问此页面的

自动部署的，点击重置密码出来的是Server Error (500)

AD 域服务器安装证书服务了，里面也有颁发的证书。不知道这样是不是就可以使用636了。conf里的文件也修改了。授权的用户也添加了修改密码的权限。但我感觉server error 500应该是没跟AD域连接成功。

自动脚本部署成功后网址502

系统：centos 8
内核版本：4.18.0-240.el8.x86_64
安装版本：ad-password-self-service-master 2月10日更新版本
现象：使用一键部署脚本安装成功后，打开域名502。

一键安装的时候我是把ad-password-self-service-master这个目录放在/tmp下执行的部署脚本./auto-install.sh。是否需要把哪个目录复制到nginx所在的什么目录下才不会报502错误？

这边全部配置安装完成了，打开域名或ip提示502 Bad Gateway

不知道是nginx需要重新配置什么吗我用的一键安装，安装过程未报错。请求协助这是我的q 421381118

直接修改密码报错，扫码重置密码正常。

在页面直接输入原密码，新密码修改，确认后报用户名或原密码错误（确定原密码正确），扫码重置密码能正常修改，不知道大神还有没有空看看什么原因？谢谢。

无法修改密码问题

钉钉修改提示不符合复杂度，老密码修改提示老密码不对

密码复杂度限制

看到现在对密码的复杂度是至少十位，必须要数字+大小写字母+符号，这个判断规则是写在哪儿的，想改成任意三种组合十位即可

钉钉扫码后修改密码报错错误[cannot unpack non-iterable NoneType object]，请与管理员联系.

错误[cannot unpack non-iterable NoneType object]，请与管理员联系.
log.log日志报错信息：
2022-06-24 10:03:05,025 INFO ./resetpwd/views.py views.callback_check 127: [成功] 请求方法：GET，请求路径：/callbackCheck，CODE：ac63e37ee0383316b34e876d82446a72
2022-06-24 10:03:05,275 DEBUG /usr/share/python-3.8.9/lib/python3.8/site-packages/django/template/base.py base._resolve_lookup 869: Exception while resolving variable 'unsecpwd' in template 'resetPassword.v1.html'.
Traceback (most recent call last):
File "/usr/share/python-3.8.9/lib/python3.8/site-packages/django/template/base.py", line 829, in _resolve_lookup
current = current[bit]
File "/usr/share/python-3.8.9/lib/python3.8/site-packages/django/template/context.py", line 83, in getitem
raise KeyError(key)
KeyError: 'unsecpwd'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/share/python-3.8.9/lib/python3.8/site-packages/django/template/base.py", line 835, in _resolve_lookup
if isinstance(current, BaseContext) and getattr(type(current), bit):
AttributeError: type object 'RequestContext' has no attribute 'unsecpwd'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/share/python-3.8.9/lib/python3.8/site-packages/django/template/base.py", line 843, in _resolve_lookup
current = current[int(bit)]
ValueError: invalid literal for int() with base 10: 'unsecpwd'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/share/python-3.8.9/lib/python3.8/site-packages/django/template/base.py", line 848, in _resolve_lookup
raise VariableDoesNotExist("Failed lookup for key "
django.template.base.VariableDoesNotExist: Failed lookup for key [unsecpwd] in [{'True': True, 'False': False, 'None': None}, {'csrf_token': <SimpleLazyObject: 'ztZtQV5e4cpnSFl8CUqSxnL4pp37QHuRMNzhqKx8d3sBy8DsCHWtatBGbIYdVWTn'>, 'request': <WSGIRequest: GET '/resetPassword'>, 'user': <SimpleLazyObject: <function AuthenticationMiddleware.process_request.. at 0x7f068cab6f70>>, 'perms': <django.contrib.auth.context_processors.PermWrapper object at 0x7f068ca54670>, 'messages': <django.contrib.messages.storage.fallback.FallbackStorage object at 0x7f068ca54a90>, 'DEFAULT_MESSAGE_LEVELS': {'DEBUG': 10, 'INFO': 20, 'SUCCESS': 25, 'WARNING': 30, 'ERROR': 40}}, {}, {'username': 'zhaowei'}]
2022-06-24 10:03:30,888 ERROR ./resetpwd/views.py views.reset_pwd_by_callback 221: [异常] ：cannot unpack non-iterable NoneType object

自动脚本部署成功后网址502

系统：centos7.9
内核版本：3.10.0-1160.81.1.el7.x86_64
安装版本：1.0.7.6
现象：使用一键部署脚本安装成功后，打开域名502
请问我该如何修正该错误呢。谢谢

能否不用输入域名，只输入用户名？

比如默认输入的用户名为：domain\username或者邮箱地址

能否实现输入的用户名为：username （不用加domain或邮箱地址）

这种情况是因为公司邮箱和域控是一个域名，而邮箱是外面租用那种，分开的

capricornxl / ad-password-self-service Goto Github PK

ad-password-self-service's People

Contributors

Stargazers

Watchers

Forkers

ad-password-self-service's Issues

Recommend Projects

Recommend Topics

Recommend Org