jumpserver/apps/users/api.py

# ~*~ coding: utf-8 ~*~
#

import base64

from django.shortcuts import get_object_or_404
from django.core.cache import cache
from django.conf import settings
from rest_framework import generics, status
from rest_framework.response import Response
from rest_framework.views import APIView
from rest_framework_bulk import ListBulkCreateUpdateDestroyAPIView
from rest_framework import authentication

from common.mixins import BulkDeleteApiMixin
from common.utils import get_logger
from .utils import check_user_valid, token_gen
from .models import User, UserGroup
from .serializers import UserDetailSerializer, UserAndGroupSerializer, \
    GroupDetailSerializer, UserPKUpdateSerializer, UserBulkUpdateSerializer, GroupBulkUpdateSerializer
from .backends import IsSuperUser, IsTerminalUser, IsValidUser, IsSuperUserOrTerminalUser


logger = get_logger(__name__)


class UserDetailApi(generics.RetrieveUpdateDestroyAPIView):
    queryset = User.objects.all()
    serializer_class = UserDetailSerializer
    permission_classes = (IsSuperUser,)


class UserAndGroupEditApi(generics.RetrieveUpdateAPIView):
    queryset = User.objects.all()
    serializer_class = UserAndGroupSerializer
    permission_classes = (IsSuperUser,)


class UserResetPasswordApi(generics.UpdateAPIView):
    queryset = User.objects.all()
    serializer_class = UserDetailSerializer

    def perform_update(self, serializer):
        # Note: we are not updating the user object here.
        # We just do the reset-password staff.
        user = self.get_object()
        import uuid
        user.password_raw = str(uuid.uuid4())
        user.save()
        from .utils import send_reset_password_mail
        send_reset_password_mail(user)


class UserResetPKApi(generics.UpdateAPIView):
    queryset = User.objects.all()
    serializer_class = UserDetailSerializer

    def perform_update(self, serializer):
        user = self.get_object()
        user.is_public_key_valid = False
        user.save()
        from .utils import send_reset_ssh_key_mail
        send_reset_ssh_key_mail(user)


class UserUpdatePKApi(generics.UpdateAPIView):
    queryset = User.objects.all()
    serializer_class = UserPKUpdateSerializer

    def perform_update(self, serializer):
        user = self.get_object()
        user.private_key = serializer.validated_data['_public_key']
        user.save()


class GroupDetailApi(generics.RetrieveUpdateDestroyAPIView):
    queryset = UserGroup.objects.all()
    serializer_class = GroupDetailSerializer

    def perform_update(self, serializer):
        users = serializer.validated_data.get('users')
        if users:
            group = self.get_object()
            # Note: use `list` method to force hitting the db.
            group_users = list(group.users.all())
            serializer.save()
            group.users.set(users + group_users)
            group.save()
            return
        serializer.save()


class UserListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView):
    queryset = User.objects.all()
    serializer_class = UserBulkUpdateSerializer
    permission_classes = (IsSuperUserOrTerminalUser,)

    # def get(self, request, *args, **kwargs):
    #     return super(UserListUpdateApi, self).get(request, *args, **kwargs)


class GroupListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView):
    queryset = UserGroup.objects.all()
    serializer_class = GroupBulkUpdateSerializer


class DeleteUserFromGroupApi(generics.DestroyAPIView):
    queryset = UserGroup.objects.all()
    serializer_class = GroupDetailSerializer

    def destroy(self, request, *args, **kwargs):
        group = self.get_object()
        self.perform_destroy(group, **kwargs)
        return Response(status=status.HTTP_204_NO_CONTENT)

    def perform_destroy(self, instance, **kwargs):
        user_id = kwargs.get('uid')
        user = get_object_or_404(User, id=user_id)
        instance.users.remove(user)


class UserTokenApi(APIView):
    permission_classes = ()
    expiration = settings.CONFIG.TOKEN_EXPIRATION or 3600

    def post(self, request, *args, **kwargs):
        username = request.data.get('username', '')
        password = request.data.get('password', '')
        public_key = request.data.get('public_key', '')
        remote_addr = request.META.get('REMOTE_ADDR', '')

        remote_addr = base64.b64encode(remote_addr).replace('=', '')
        user = check_user_valid(username=username, password=password, public_key=public_key)
        if user:
            token = cache.get('%s_%s' % (user.id, remote_addr))
            if not token:
                token = token_gen(user)

            cache.set(token, user.id, self.expiration)
            cache.set('%s_%s' % (user.id, remote_addr), token, self.expiration)
            return Response({'token': token, 'id': user.id, 'username': user.username, 'name': user.name})
        else:
            return Response({'msg': 'Invalid password or public key or user is not active or expired'})
添加 utils和api样例文件 2016-08-09 09:27:37 +00:00			`# ~~ coding: utf-8 ~~`
Add api file 2016-08-23 16:11:13 +00:00			`#`
添加 utils和api样例文件 2016-08-09 09:27:37 +00:00
Finish token access api 2016-10-31 10:58:23 +00:00			`import base64`
add user-list-delete support for user-group detail page 2016-09-26 13:22:48 +00:00
Finish token access api 2016-10-31 10:58:23 +00:00			`from django.shortcuts import get_object_or_404`
			`from django.core.cache import cache`
			`from django.conf import settings`
add user-list-delete support for user-group detail page 2016-09-26 13:22:48 +00:00			`from rest_framework import generics, status`
			`from rest_framework.response import Response`
Finish token access api 2016-10-31 10:58:23 +00:00			`from rest_framework.views import APIView`
temp 2016-09-21 07:48:21 +00:00			`from rest_framework_bulk import ListBulkCreateUpdateDestroyAPIView`
Finish token access api 2016-10-31 10:58:23 +00:00			`from rest_framework import authentication`
Add api file 2016-08-23 16:11:13 +00:00
Add auth and permission backends 2016-10-15 08:04:54 +00:00			`from common.mixins import BulkDeleteApiMixin`
			`from common.utils import get_logger`
Finish token access api 2016-10-31 10:58:23 +00:00			`from .utils import check_user_valid, token_gen`
Delete Model: Role 2016-08-24 09:14:21 +00:00			`from .models import User, UserGroup`
integrate the user-group list page with its api; 2016-10-02 03:09:27 +00:00			`from .serializers import UserDetailSerializer, UserAndGroupSerializer, \`
			`GroupDetailSerializer, UserPKUpdateSerializer, UserBulkUpdateSerializer, GroupBulkUpdateSerializer`
Change app name apps => terrminal 2016-10-17 07:24:41 +00:00			`from .backends import IsSuperUser, IsTerminalUser, IsValidUser, IsSuperUserOrTerminalUser`
Add api file 2016-08-23 16:11:13 +00:00

Update table desgin doc and audit log 2016-10-07 15:54:29 +00:00			`logger = get_logger(__name__)`
Add Logger setting . 2016-08-26 08:56:50 +00:00

integrate the user-group list page with its api; 2016-10-02 03:09:27 +00:00			`class UserDetailApi(generics.RetrieveUpdateDestroyAPIView):`
Delete Model: Role 2016-08-24 09:14:21 +00:00			`queryset = User.objects.all()`
integrate the user-group list page with its api; 2016-10-02 03:09:27 +00:00			`serializer_class = UserDetailSerializer`
Plan create a new app: terminal 2016-10-15 09:14:56 +00:00			`permission_classes = (IsSuperUser,)`
Delete Model: Role 2016-08-24 09:14:21 +00:00

integrate the user-group list page with its api; 2016-10-02 03:09:27 +00:00			`class UserAndGroupEditApi(generics.RetrieveUpdateAPIView):`
Add api file 2016-08-23 16:11:13 +00:00			`queryset = User.objects.all()`
integrate the user-group list page with its api; 2016-10-02 03:09:27 +00:00			`serializer_class = UserAndGroupSerializer`
Plan create a new app: terminal 2016-10-15 09:14:56 +00:00			`permission_classes = (IsSuperUser,)`
reset user password and ssh pk implement 2016-09-13 13:45:10 +00:00

			`class UserResetPasswordApi(generics.UpdateAPIView):`
			`queryset = User.objects.all()`
integrate the user-group list page with its api; 2016-10-02 03:09:27 +00:00			`serializer_class = UserDetailSerializer`
reset user password and ssh pk implement 2016-09-13 13:45:10 +00:00
			`def perform_update(self, serializer):`
			`# Note: we are not updating the user object here.`
			`# We just do the reset-password staff.`
			`user = self.get_object()`
change user ssh reset type from private key to public key 2016-09-15 08:54:00 +00:00			`import uuid`
			`user.password_raw = str(uuid.uuid4())`
			`user.save()`
reset user password and ssh pk implement 2016-09-13 13:45:10 +00:00			`from .utils import send_reset_password_mail`
			`send_reset_password_mail(user)`


			`class UserResetPKApi(generics.UpdateAPIView):`
			`queryset = User.objects.all()`
integrate the user-group list page with its api; 2016-10-02 03:09:27 +00:00			`serializer_class = UserDetailSerializer`
reset user password and ssh pk implement 2016-09-13 13:45:10 +00:00
			`def perform_update(self, serializer):`
			`user = self.get_object()`
fix #14 2016-09-18 06:28:34 +00:00			`user.is_public_key_valid = False`
reset user password and ssh pk implement 2016-09-13 13:45:10 +00:00			`user.save()`
change user ssh reset type from private key to public key 2016-09-15 08:54:00 +00:00			`from .utils import send_reset_ssh_key_mail`
			`send_reset_ssh_key_mail(user)`
fix #14 2016-09-18 06:28:34 +00:00

			`class UserUpdatePKApi(generics.UpdateAPIView):`
			`queryset = User.objects.all()`
			`serializer_class = UserPKUpdateSerializer`

			`def perform_update(self, serializer):`
			`user = self.get_object()`
			`user.private_key = serializer.validated_data['_public_key']`
			`user.save()`
user-group delete implement 2016-09-19 07:47:58 +00:00

integrate the user-group list page with its api; 2016-10-02 03:09:27 +00:00			`class GroupDetailApi(generics.RetrieveUpdateDestroyAPIView):`
user-group delete implement 2016-09-19 07:47:58 +00:00			`queryset = UserGroup.objects.all()`
integrate the user-group list page with its api; 2016-10-02 03:09:27 +00:00			`serializer_class = GroupDetailSerializer`
temp 2016-09-21 07:48:21 +00:00
user-group-detail: add users support 2016-09-29 08:41:55 +00:00			`def perform_update(self, serializer):`
			`users = serializer.validated_data.get('users')`
user-group-detail: user-adding frontend integration 2016-09-29 13:14:55 +00:00			`if users:`
user-group-detail: add users support 2016-09-29 08:41:55 +00:00			`group = self.get_object()`
user-group-detail: user-adding frontend integration 2016-09-29 13:14:55 +00:00			# Note: use `list` method to force hitting the db.
			`group_users = list(group.users.all())`
			`serializer.save()`
			`group.users.set(users + group_users)`
user-group-detail: add users support 2016-09-29 08:41:55 +00:00			`group.save()`
			`return`
user-group-detail: user-adding frontend integration 2016-09-29 13:14:55 +00:00			`serializer.save()`
user-group-detail: add users support 2016-09-29 08:41:55 +00:00
temp 2016-09-21 07:48:21 +00:00
integrate the user-group list page with its api; 2016-10-02 03:09:27 +00:00			`class UserListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView):`
temp 2016-09-21 07:48:21 +00:00			`queryset = User.objects.all()`
			`serializer_class = UserBulkUpdateSerializer`
Change app name apps => terrminal 2016-10-17 07:24:41 +00:00			`permission_classes = (IsSuperUserOrTerminalUser,)`
Add auth and permission backends 2016-10-15 08:04:54 +00:00
may be some wrong 2016-10-16 14:12:13 +00:00			`# def get(self, request, args, *kwargs):`
			`# return super(UserListUpdateApi, self).get(request, args, *kwargs)`
user bulk delete view 2016-09-23 08:30:59 +00:00
integrate the user-group list page with its api; 2016-10-02 03:09:27 +00:00
			`class GroupListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView):`
			`queryset = UserGroup.objects.all()`
			`serializer_class = GroupBulkUpdateSerializer`
add user-list-delete support for user-group detail page 2016-09-26 13:22:48 +00:00

			`class DeleteUserFromGroupApi(generics.DestroyAPIView):`
			`queryset = UserGroup.objects.all()`
integrate the user-group list page with its api; 2016-10-02 03:09:27 +00:00			`serializer_class = GroupDetailSerializer`
add user-list-delete support for user-group detail page 2016-09-26 13:22:48 +00:00
			`def destroy(self, request, args, *kwargs):`
			`group = self.get_object()`
			`self.perform_destroy(group, **kwargs)`
			`return Response(status=status.HTTP_204_NO_CONTENT)`

			`def perform_destroy(self, instance, **kwargs):`
			`user_id = kwargs.get('uid')`
			`user = get_object_or_404(User, id=user_id)`
			`instance.users.remove(user)`
Plan create a new app: terminal 2016-10-15 09:14:56 +00:00

Finish token access api 2016-10-31 10:58:23 +00:00			`class UserTokenApi(APIView):`
			`permission_classes = ()`
			`expiration = settings.CONFIG.TOKEN_EXPIRATION or 3600`

			`def post(self, request, args, *kwargs):`
			`username = request.data.get('username', '')`
			`password = request.data.get('password', '')`
			`public_key = request.data.get('public_key', '')`
			`remote_addr = request.META.get('REMOTE_ADDR', '')`

			`remote_addr = base64.b64encode(remote_addr).replace('=', '')`
			`user = check_user_valid(username=username, password=password, public_key=public_key)`
			`if user:`
			`token = cache.get('%s_%s' % (user.id, remote_addr))`
			`if not token:`
			`token = token_gen(user)`

			`cache.set(token, user.id, self.expiration)`
			`cache.set('%s_%s' % (user.id, remote_addr), token, self.expiration)`
Update signer 2016-11-01 09:21:16 +00:00			`return Response({'token': token, 'id': user.id, 'username': user.username, 'name': user.name})`
Finish token access api 2016-10-31 10:58:23 +00:00			`else:`
			`return Response({'msg': 'Invalid password or public key or user is not active or expired'})`