2016-08-09 09:27:37 +00:00
|
|
|
# ~*~ coding: utf-8 ~*~
|
|
|
|
|
#
|
2016-08-31 17:12:02 +00:00
|
|
|
from __future__ import unicode_literals
|
2016-12-19 17:19:50 +00:00
|
|
|
import base64
|
2016-08-30 17:00:20 +00:00
|
|
|
import logging
|
2016-10-31 10:58:23 +00:00
|
|
|
import uuid
|
2016-08-30 17:00:20 +00:00
|
|
|
|
2017-03-31 03:25:25 +00:00
|
|
|
from paramiko.rsakey import RSAKey
|
2016-09-13 13:45:10 +00:00
|
|
|
from django.conf import settings
|
2016-08-28 15:58:22 +00:00
|
|
|
from django.contrib.auth.mixins import UserPassesTestMixin
|
|
|
|
|
from django.urls import reverse_lazy
|
2016-09-03 16:51:36 +00:00
|
|
|
from django.utils.translation import ugettext as _
|
2016-12-19 17:19:50 +00:00
|
|
|
from django.core.cache import cache
|
2016-08-28 15:58:22 +00:00
|
|
|
|
2016-08-31 17:12:02 +00:00
|
|
|
from common.tasks import send_mail_async
|
2016-09-24 16:11:31 +00:00
|
|
|
from common.utils import reverse, get_object_or_none
|
|
|
|
|
from .models import User
|
2016-08-31 17:12:02 +00:00
|
|
|
|
2016-08-31 11:28:06 +00:00
|
|
|
|
2016-08-30 17:00:20 +00:00
|
|
|
try:
|
|
|
|
|
import cStringIO as StringIO
|
|
|
|
|
except ImportError:
|
|
|
|
|
import StringIO
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
logger = logging.getLogger('jumpserver')
|
|
|
|
|
|
2016-08-28 15:58:22 +00:00
|
|
|
|
|
|
|
|
class AdminUserRequiredMixin(UserPassesTestMixin):
|
|
|
|
|
def test_func(self):
|
2017-03-31 03:25:25 +00:00
|
|
|
if not self.request.user.is_authenticated:
|
|
|
|
|
return False
|
|
|
|
|
elif not self.request.user.is_superuser:
|
|
|
|
|
self.raise_exception = True
|
|
|
|
|
return False
|
|
|
|
|
return True
|
2016-08-30 17:00:20 +00:00
|
|
|
|
|
|
|
|
|
2016-08-31 17:12:02 +00:00
|
|
|
def user_add_success_next(user):
|
2016-09-03 16:51:36 +00:00
|
|
|
subject = _('Create account successfully')
|
2016-08-31 17:12:02 +00:00
|
|
|
recipient_list = [user.email]
|
2016-09-03 16:51:36 +00:00
|
|
|
message = _("""
|
|
|
|
|
Hello %(name)s:
|
2016-08-31 17:12:02 +00:00
|
|
|
</br>
|
2016-09-03 16:51:36 +00:00
|
|
|
Your account has been created successfully
|
2016-08-31 17:12:02 +00:00
|
|
|
</br>
|
2016-09-03 16:51:36 +00:00
|
|
|
<a href="%(rest_password_url)s?token=%(rest_password_token)s">click here to set your password</a>
|
2016-08-31 17:12:02 +00:00
|
|
|
</br>
|
2016-09-03 16:51:36 +00:00
|
|
|
This link is valid for 1 hour. After it expires, <a href="%(forget_password_url)s?email=%(email)s">request new one</a>
|
2016-08-31 17:12:02 +00:00
|
|
|
|
|
|
|
|
</br>
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
</br>
|
2016-09-03 16:51:36 +00:00
|
|
|
<a href="%(login_url)s">Login direct</a>
|
2016-08-31 17:12:02 +00:00
|
|
|
|
|
|
|
|
</br>
|
2016-09-03 16:51:36 +00:00
|
|
|
""") % {
|
2016-08-31 17:12:02 +00:00
|
|
|
'name': user.name,
|
|
|
|
|
'rest_password_url': reverse('users:reset-password', external=True),
|
2016-09-01 15:09:58 +00:00
|
|
|
'rest_password_token': user.generate_reset_token(),
|
2016-09-06 07:09:00 +00:00
|
|
|
'forget_password_url': reverse('users:forgot-password', external=True),
|
2016-09-01 15:09:58 +00:00
|
|
|
'email': user.email,
|
|
|
|
|
'login_url': reverse('users:login', external=True),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
send_mail_async.delay(subject, message, recipient_list, html_message=message)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def send_reset_password_mail(user):
|
2016-09-03 16:51:36 +00:00
|
|
|
subject = _('Reset password')
|
2016-09-01 15:09:58 +00:00
|
|
|
recipient_list = [user.email]
|
2016-09-03 16:51:36 +00:00
|
|
|
message = _("""
|
|
|
|
|
Hello %(name)s:
|
2016-09-01 15:09:58 +00:00
|
|
|
</br>
|
2016-09-03 16:51:36 +00:00
|
|
|
Please click the link below to reset your password, if not your request, concern your account security
|
2016-09-01 15:09:58 +00:00
|
|
|
</br>
|
2016-09-03 16:51:36 +00:00
|
|
|
<a href="%(rest_password_url)s?token=%(rest_password_token)s">Click here reset password</a>
|
2016-09-01 15:09:58 +00:00
|
|
|
</br>
|
2016-11-09 11:29:15 +00:00
|
|
|
This link is valid for 1 hour. After it expires, <a href="%(forget_password_url)s?email=%(email)s">request new one</a>
|
2016-09-01 15:09:58 +00:00
|
|
|
|
|
|
|
|
</br>
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
</br>
|
2016-09-03 16:51:36 +00:00
|
|
|
<a href="%(login_url)s">Login direct</a>
|
2016-09-01 15:09:58 +00:00
|
|
|
|
|
|
|
|
</br>
|
2016-09-03 16:51:36 +00:00
|
|
|
""") % {
|
2016-09-01 15:09:58 +00:00
|
|
|
'name': user.name,
|
|
|
|
|
'rest_password_url': reverse('users:reset-password', external=True),
|
|
|
|
|
'rest_password_token': user.generate_reset_token(),
|
2016-09-06 07:09:00 +00:00
|
|
|
'forget_password_url': reverse('users:forgot-password', external=True),
|
2016-08-31 17:12:02 +00:00
|
|
|
'email': user.email,
|
|
|
|
|
'login_url': reverse('users:login', external=True),
|
|
|
|
|
}
|
2016-09-13 13:45:10 +00:00
|
|
|
if settings.DEBUG:
|
|
|
|
|
logger.debug(message)
|
2016-08-31 17:12:02 +00:00
|
|
|
|
|
|
|
|
send_mail_async.delay(subject, message, recipient_list, html_message=message)
|
|
|
|
|
|
2016-08-30 17:00:20 +00:00
|
|
|
|
2016-09-15 08:54:00 +00:00
|
|
|
def send_reset_ssh_key_mail(user):
|
|
|
|
|
subject = _('SSH Key Reset')
|
|
|
|
|
recipient_list = [user.email]
|
|
|
|
|
message = _("""
|
|
|
|
|
Hello %(name)s:
|
|
|
|
|
</br>
|
|
|
|
|
Your ssh public key has been reset by site administrator.
|
|
|
|
|
Please login and reset your ssh public key.
|
|
|
|
|
</br>
|
|
|
|
|
<a href="%(login_url)s">Login direct</a>
|
|
|
|
|
|
|
|
|
|
</br>
|
|
|
|
|
""") % {
|
|
|
|
|
'name': user.name,
|
|
|
|
|
'login_url': reverse('users:login', external=True),
|
|
|
|
|
}
|
|
|
|
|
if settings.DEBUG:
|
|
|
|
|
logger.debug(message)
|
|
|
|
|
|
|
|
|
|
send_mail_async.delay(subject, message, recipient_list, html_message=message)
|
|
|
|
|
|
|
|
|
|
|
2016-10-31 10:58:23 +00:00
|
|
|
def check_user_valid(**kwargs):
|
2016-09-24 16:11:31 +00:00
|
|
|
password = kwargs.pop('password', None)
|
|
|
|
|
public_key = kwargs.pop('public_key', None)
|
2016-12-29 11:17:00 +00:00
|
|
|
email = kwargs.pop('email', None)
|
|
|
|
|
username = kwargs.pop('username', None)
|
2016-12-28 16:29:59 +00:00
|
|
|
|
|
|
|
|
if username:
|
|
|
|
|
user = get_object_or_none(User, username=username)
|
|
|
|
|
elif email:
|
|
|
|
|
user = get_object_or_none(User, email=email)
|
|
|
|
|
else:
|
|
|
|
|
user = None
|
|
|
|
|
|
|
|
|
|
if user is None:
|
|
|
|
|
return None, _('User not exist')
|
|
|
|
|
elif not user.is_valid:
|
|
|
|
|
return None, _('Disabled or expired')
|
2016-09-24 16:11:31 +00:00
|
|
|
|
2017-01-02 16:11:44 +00:00
|
|
|
if password and user.password and user.check_password(password):
|
2016-12-28 16:29:59 +00:00
|
|
|
return user, ''
|
|
|
|
|
|
2017-01-02 16:11:44 +00:00
|
|
|
if public_key and user.public_key:
|
2016-11-07 08:59:52 +00:00
|
|
|
public_key_saved = user.public_key.split()
|
|
|
|
|
if len(public_key_saved) == 1:
|
|
|
|
|
if public_key == public_key_saved[0]:
|
2016-12-28 16:29:59 +00:00
|
|
|
return user, ''
|
2016-11-07 08:59:52 +00:00
|
|
|
elif len(public_key_saved) > 1:
|
|
|
|
|
if public_key == public_key_saved[1]:
|
2016-12-28 16:29:59 +00:00
|
|
|
return user, ''
|
2016-12-29 11:17:00 +00:00
|
|
|
return None, _('Password or SSH public key invalid')
|
2016-09-24 16:11:31 +00:00
|
|
|
|
|
|
|
|
|
2016-12-29 11:17:00 +00:00
|
|
|
def refresh_token(token, user, expiration=3600):
|
2016-12-25 15:10:53 +00:00
|
|
|
cache.set(token, user.id, expiration)
|
|
|
|
|
|
|
|
|
|
|
2016-12-29 11:17:00 +00:00
|
|
|
def generate_token(request, user):
|
2016-12-19 17:19:50 +00:00
|
|
|
expiration = settings.CONFIG.TOKEN_EXPIRATION or 3600
|
|
|
|
|
remote_addr = request.META.get('REMOTE_ADDR', '')
|
|
|
|
|
remote_addr = base64.b16encode(remote_addr).replace('=', '')
|
2016-12-29 11:17:00 +00:00
|
|
|
token = cache.get('%s_%s' % (user.id, remote_addr))
|
2016-12-19 17:19:50 +00:00
|
|
|
if not token:
|
|
|
|
|
token = uuid.uuid4().get_hex()
|
2016-12-25 15:10:53 +00:00
|
|
|
print('Set cache: %s' % token)
|
2016-12-29 11:17:00 +00:00
|
|
|
cache.set(token, user.id, expiration)
|
|
|
|
|
cache.set('%s_%s' % (user.id, remote_addr), token, expiration)
|
2016-12-25 15:10:53 +00:00
|
|
|
return token
|
|
|
|
|
|
|
|
|
|
|
