Created
June 10, 2020 09:06
-
-
Save nickfox-taterli/cf8649b83466755ace4746b32f8e63cc to your computer and use it in GitHub Desktop.
O365翻车查找
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import json | |
import os | |
import time | |
import yaml | |
from requests_oauthlib import OAuth2Session | |
# Azure SDK 必须这么做,因为Azure服务器可能不按顺序返回参数. | |
os.environ['OAUTHLIB_RELAX_TOKEN_SCOPE'] = '1' | |
os.environ['OAUTHLIB_IGNORE_SCOPE_CHANGE'] = '1' | |
# 调用端点地址 | |
graph_url = 'https://graph.microsoft.com/v1.0' | |
# 加载配置文件 | |
stream = open('oauth_settings.yml', 'r') | |
settings = yaml.load(stream, yaml.SafeLoader) | |
authorize_url = '{0}{1}'.format( | |
settings['authority'], settings['authorize_endpoint']) | |
token_url = '{0}{1}'.format(settings['authority'], settings['token_endpoint']) | |
# 这个函数获取认证URL | |
def get_sign_in_url(): | |
aad_auth = OAuth2Session(settings['app_id'], | |
scope=settings['scopes'], | |
redirect_uri=settings['redirect']) | |
sign_in_url, _ = aad_auth.authorization_url(authorize_url, prompt='login') | |
return sign_in_url | |
# 从返回URL中提取Token | |
def get_token_from_code(callback_url): | |
aad_auth = OAuth2Session(settings['app_id'], | |
scope=settings['scopes'], | |
redirect_uri=settings['redirect']) | |
token = aad_auth.fetch_token(token_url, | |
client_secret=settings['app_secret'], | |
authorization_response=callback_url) | |
with open('oauth_token.json', 'w', encoding='utf-8') as f: | |
json.dump(token, f, ensure_ascii=False, indent=4) | |
return token | |
# 运行这个管理Token | |
def get_token(): | |
try: | |
with open('oauth_token.json', 'r', encoding='utf-8') as f: | |
token = json.load(f) | |
except FileNotFoundError: | |
token = None | |
if token != None: | |
# 如果10分钟之后过期,那么就应该刷新他. | |
now = time.time() | |
expire_time = token['expires_at'] - 600 | |
if now >= expire_time: | |
# Token 刷新 | |
aad_auth = OAuth2Session(settings['app_id'], | |
token=token, | |
scope=settings['scopes'], | |
redirect_uri=settings['redirect']) | |
refresh_params = { | |
'client_id': settings['app_id'], | |
'client_secret': settings['app_secret'], | |
} | |
new_token = aad_auth.refresh_token(token_url, **refresh_params) | |
with open('oauth_token.json', 'w', encoding='utf-8') as f: | |
json.dump(token, f, ensure_ascii=False, indent=4) | |
return new_token | |
else: | |
# Token 未过期 | |
return token | |
else: | |
print('在浏览器中打开 => %s' % get_sign_in_url()) | |
s = input('请输入回调的URL:') | |
return get_token_from_code(s) | |
token = get_token() | |
graph_client = OAuth2Session(token=token) | |
r = graph_client.get("{0}/users?$select=userPrincipalName,AccountEnabled".format(graph_url)) | |
while True: | |
d = json.loads(r.text) | |
for value in d['value']: | |
if value['accountEnabled'] is False: | |
print(value['userPrincipalName'] + " 已翻车") | |
else: | |
print(value['userPrincipalName'] + " 未翻车") | |
if '@odata.nextLink' in d: | |
next_page = d['@odata.nextLink'] | |
r = graph_client.get(next_page) | |
else: | |
break |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment