#!/usr/bin/env python3 # -*- coding: utf-8 -*- """ 使用系统 Chrome + 强制 Incognito 模式 + 禁用 Windows 集成认证 """ import os import sys # 强制立即输出 sys.stdout.reconfigure(line_buffering=True) sys.stderr.reconfigure(line_buffering=True) print("="*60) print(" 强制 Incognito + 禁用 Windows 集成认证") print("="*60) print() # 导入 print(">>> 导入模块...") from playwright.sync_api import sync_playwright import json import subprocess import time print("[OK] 所有模块已导入") print() # 加载配置 print(">>> 加载配置...") config_file = "config.json" with open(config_file, "r", encoding="utf-8") as f: config = json.load(f) # 兼容不同的配置文件格式 password_file = ( config.get('credentials', {}).get('password_file') or config.get('password_file') or 'password.enc' ) crm_url = ( config.get('crm', {}).get('url') or config.get('crm_url') ) username = sys.argv[2] if len(sys.argv) > 2 else None if not username: username = ( config.get('crm', {}).get('username') or config.get('crm_username') ) if not username: print("请提供 CRM 用户名") print("用法: python mdp_termination_test_with_incognito_args.py ") sys.exit(1) employee_id = sys.argv[1] if len(sys.argv) > 1 else "172034" print(f"[OK] 配置已加载") print(f" CRM URL: {crm_url}") print(f" 用户名: {username}") print(f" EmployeeId: {employee_id}") print() # 查询 AD print(f">>> 查询 AD: {employee_id}") try: ps_command = [ "powershell", "-Command", f"Import-Module ActiveDirectory; Get-ADUser -Filter \"EmployeeId -eq '{employee_id}'\" -Properties DisplayName, SamAccountName | ConvertTo-Json" ] result = subprocess.run( ps_command, capture_output=True, text=True, timeout=30, encoding='utf-8' ) if result.stderr and "Cannot find" in result.stderr: print(f"[ERROR] 用户不存在: {employee_id}") sys.exit(1) if not result.stdout.strip(): print(f"[ERROR] 用户不存在: {employee_id}") sys.exit(1) user_data = json.loads(result.stdout) if not user_data or not isinstance(user_data, dict): print(f"[ERROR] 用户不存在: {employee_id}") sys.exit(1) display_name = user_data.get('DisplayName') print(f"[OK] 找到用户: {display_name}") except Exception as e: print(f"[ERROR] AD 查询失败: {e}") sys.exit(1) print() # CRM 登录 print(">>> CRM 登录(即将打开浏览器)") print() print("注意:由于是 AD 集成登录,会自动使用 Windows 凭证") print(" 不需要手动输入用户名和密码") print() try: print(" [1/4] 启动 Playwright...") with sync_playwright() as p: print(" [2/4] 启动浏览器(强制 Incognito)...") # 关键:使用系统 Chrome,但添加 --incognito 参数 browser = p.chromium.launch( headless=False, channel="chrome", # 或 "msedge" slow_mo=100, args=[ # 最关键:强制 incognito 模式 '--incognito', # 禁用 Windows 集成认证(防止自动用旧凭证登录) '--disable-auth-negotiate', '--disable-sspi', '--disable-background-networking', # 其他安全参数 '--disable-blink-features=AutomationControlled', '--no-first-run', '--no-default-browser-check', '--disable-gpu', '--disable-dev-shm-usage', '--disable-web-security', '--disable-extensions', '--disable-plugins-discovery', '--disable-default-apps', # 禁用各种缓存 '--disable-cache', '--disable-databases', '--disable-local-storage', '--disable-session-storage', # 禁用保存密码和表单 '--disable-save-password-bubble', '--password-store=basic', # 其他 '--no-sandbox', '--disable-setuid-sandbox', ] ) print(" [OK] 浏览器已启动!(强制 Incognito 模式)") # 创建 context(虽然 launch 时用了 --incognito,但再创建一个 context 确保隔离) context = browser.new_context( ignore_https_errors=True, accept_downloads=False, storage_state=None, ) # 创建页面 page = context.new_page() print(" [3/4] 访问 CRM...") # 先访问空白页面,确保完全清空 page.goto("about:blank") page.evaluate("""() => { localStorage.clear(); sessionStorage.clear(); }""") context.clear_cookies() context.clear_permissions() # 访问 CRM login_url = f"{crm_url.rstrip('/')}/MDP/" print(f" URL: {login_url}") page.goto(login_url, wait_until="domcontentloaded", timeout=30000) print(f" [OK] 页面已加载") time.sleep(3) current_url = page.url print(f" 当前 URL: {current_url}") # 检查是否跳转到错误页面 if 'errorhandler.aspx' in current_url: print(f" [WARNING] 跳转到错误页面!") print(f" URL: {current_url}") # 尝试提取错误信息 try: error_text = page.inner_text("body") if "disabled" in error_text.lower(): print(f" 错误详情:用户被禁用") print(f" 这可能意味着 Windows 集成认证仍然使用了旧凭证") except: pass print() print(" 提示:如果仍然跳转到错误页面,请尝试:") print(" 1. 安装 Playwright Chromium: playwright install chromium") print(" 2. 使用 mdp_termination_test.py(它使用 Playwright Chromium)") elif 'main.aspx' in current_url: print(" [OK] 登录成功!(已跳转到主页面)") else: print(f" [INFO] 当前页面: {current_url}") # 检查是否需要手动登录 try: # 看看是否有登录表单 has_login = page.query_selector("input[type='password']") if has_login: print(" [INFO] 检测到登录表单,可能需要手动登录") else: print(" [INFO] 未检测到登录表单") except: pass print() print(" [4/4] 提取 cookies...") # 等待一下确保 cookies 设置完成 time.sleep(2) cookies = context.cookies() req_client_id = None org_id = None for cookie in cookies: if cookie['name'] == 'ReqClientId': req_client_id = cookie['value'] elif cookie['name'] == 'orgId': org_id = cookie['value'] if req_client_id: print(f" [OK] ReqClientId: {req_client_id[:20]}...") else: print(f" [WARNING] 未找到 ReqClientId") if org_id: print(f" [OK] orgId: {org_id[:20]}...") else: print(f" [WARNING] 未找到 orgId") print(f" 总 cookies 数: {len(cookies)}") print(f" Cookie 列表: {[c['name'] for c in cookies[:10]]}") print() print("="*60) print(" 测试完成") print("="*60) print() print("浏览器将保持打开 15 秒供你查看...") print("请检查浏览器窗口,确认:") print(" 1. 是否显示 'Incognito' 模式标识") print(" 2. 当前页面是什么") print(" 3. 是否能看到 CRM 主页面") time.sleep(15) print(" 关闭浏览器...") context.close() browser.close() print(" [OK] 完成") except Exception as e: print(f"[ERROR] 错误: {e}") import traceback traceback.print_exc() print() print("="*60) print(" [OK] 测试完成!") print("="*60) print() print("推荐方案:") print(" 1. 安装 Playwright Chromium(最干净)") print(" playwright install chromium") print(" 2. 然后运行: python mdp_termination_test.py 172034 \"macausjm-glp\\kyleleong\"") print() print("按回车退出...") input()