jumpserver/apps/authentication/backends/pubkey.py

# -*- coding: utf-8 -*-
#
from django.conf import settings
from django.contrib.auth import get_user_model

from common.permissions import ServiceAccountSignaturePermission
from .base import JMSBaseAuthBackend

UserModel = get_user_model()

__all__ = ['PublicKeyAuthBackend']


class PublicKeyAuthBackend(JMSBaseAuthBackend):
    @staticmethod
    def is_enabled():
        return settings.TERMINAL_PUBLIC_KEY_AUTH

    def authenticate(self, request, username=None, public_key=None, **kwargs):
        if not public_key:
            return None

        permission = ServiceAccountSignaturePermission()
        if not permission.has_permission(request, None):
            return None
        if username is None:
            username = kwargs.get(UserModel.USERNAME_FIELD)
        try:
            user = UserModel._default_manager.get_by_natural_key(username)
        except UserModel.DoesNotExist:
            return None
        else:
            if user.check_public_key(public_key) and \
                    self.user_can_authenticate(user):
                return user

    def get_user(self, user_id):
        try:
            user = UserModel._default_manager.get(pk=user_id)
        except UserModel.DoesNotExist:
            return None
        return user if self.user_can_authenticate(user) else None
[Update] 修改public key 校验 5 years ago			`# -- coding: utf-8 --`
			`#`
Fix rbac (#7699) * perf: 优化 suggesstion * perf: 修改 migrations * feat: 添加OIDC认证逻辑 * perf: 修改 backend * perf: 优化认证backends * perf: 优化认证backends * perf: 优化CAS认证, 用户多域名进行访问时回调到各自域名 Co-authored-by: ibuler <ibuler@qq.com> 3 years ago			`from django.conf import settings`
fix: pubkey auth require svc sign 1 year ago			`from django.contrib.auth import get_user_model`
Fix rbac (#7699) * perf: 优化 suggesstion * perf: 修改 migrations * feat: 添加OIDC认证逻辑 * perf: 修改 backend * perf: 优化认证backends * perf: 优化认证backends * perf: 优化CAS认证, 用户多域名进行访问时回调到各自域名 Co-authored-by: ibuler <ibuler@qq.com> 3 years ago
fix: pubkey auth require svc sign 1 year ago			`from common.permissions import ServiceAccountSignaturePermission`
Fix rbac (#7699) * perf: 优化 suggesstion * perf: 修改 migrations * feat: 添加OIDC认证逻辑 * perf: 修改 backend * perf: 优化认证backends * perf: 优化认证backends * perf: 优化CAS认证, 用户多域名进行访问时回调到各自域名 Co-authored-by: ibuler <ibuler@qq.com> 3 years ago			`from .base import JMSBaseAuthBackend`
[Update] 修改public key 校验 5 years ago
			`UserModel = get_user_model()`

			`__all__ = ['PublicKeyAuthBackend']`


Fix rbac (#7699) * perf: 优化 suggesstion * perf: 修改 migrations * feat: 添加OIDC认证逻辑 * perf: 修改 backend * perf: 优化认证backends * perf: 优化认证backends * perf: 优化CAS认证, 用户多域名进行访问时回调到各自域名 Co-authored-by: ibuler <ibuler@qq.com> 3 years ago			`class PublicKeyAuthBackend(JMSBaseAuthBackend):`
			`@staticmethod`
			`def is_enabled():`
			`return settings.TERMINAL_PUBLIC_KEY_AUTH`

[Update] 修改public key 校验 5 years ago			`def authenticate(self, request, username=None, public_key=None, **kwargs):`
			`if not public_key:`
			`return None`
fix: pubkey auth require svc sign 1 year ago
			`permission = ServiceAccountSignaturePermission()`
			`if not permission.has_permission(request, None):`
			`return None`
[Update] 修改public key 校验 5 years ago			`if username is None:`
			`username = kwargs.get(UserModel.USERNAME_FIELD)`
			`try:`
			`user = UserModel._default_manager.get_by_natural_key(username)`
			`except UserModel.DoesNotExist:`
			`return None`
			`else:`
			`if user.check_public_key(public_key) and \`
fix: pubkey auth require svc sign 1 year ago			`self.user_can_authenticate(user):`
[Update] 修改public key 校验 5 years ago			`return user`

			`def get_user(self, user_id):`
			`try:`
			`user = UserModel._default_manager.get(pk=user_id)`
			`except UserModel.DoesNotExist:`
			`return None`
			`return user if self.user_can_authenticate(user) else None`