jumpserver/apps/authentication/views/login.py

198 lines
7.2 KiB
Python
Raw Normal View History

2019-02-27 00:45:00 +00:00
# ~*~ coding: utf-8 ~*~
#
2019-02-27 00:45:00 +00:00
from __future__ import unicode_literals
import os
import datetime
2019-02-27 00:45:00 +00:00
from django.core.cache import cache
from django.contrib.auth import login as auth_login, logout as auth_logout
from django.http import HttpResponse
2019-02-27 00:45:00 +00:00
from django.shortcuts import reverse, redirect
from django.utils.decorators import method_decorator
from django.utils.translation import ugettext as _
from django.views.decorators.cache import never_cache
from django.views.decorators.csrf import csrf_protect
from django.views.decorators.debug import sensitive_post_parameters
from django.views.generic.base import TemplateView, RedirectView
2019-02-27 00:45:00 +00:00
from django.views.generic.edit import FormView
from django.conf import settings
2019-11-05 10:46:29 +00:00
from django.urls import reverse_lazy
2019-02-27 00:45:00 +00:00
from common.utils import get_request_ip, get_object_or_none
from users.utils import (
redirect_user_first_login_or_index, set_tmp_user_to_cache
)
2019-11-05 10:46:29 +00:00
from .. import forms, mixins, errors
2019-02-27 00:45:00 +00:00
__all__ = [
2019-11-05 10:46:29 +00:00
'UserLoginView', 'UserLogoutView',
'UserLoginGuardView', 'UserLoginWaitConfirmView',
2019-02-27 00:45:00 +00:00
]
@method_decorator(sensitive_post_parameters(), name='dispatch')
@method_decorator(csrf_protect, name='dispatch')
@method_decorator(never_cache, name='dispatch')
2019-11-05 10:46:29 +00:00
class UserLoginView(mixins.AuthMixin, FormView):
2019-02-27 00:45:00 +00:00
form_class = forms.UserLoginForm
form_class_captcha = forms.UserLoginCaptchaForm
key_prefix_captcha = "_LOGIN_INVALID_{}"
2019-11-05 10:46:29 +00:00
redirect_field_name = 'next'
2019-02-27 00:45:00 +00:00
def get_template_names(self):
2019-03-27 04:20:43 +00:00
template_name = 'authentication/login.html'
2019-02-27 00:45:00 +00:00
if not settings.XPACK_ENABLED:
return template_name
from xpack.plugins.license.models import License
if not License.has_valid_license():
return template_name
2019-10-25 11:20:28 +00:00
template_name = 'authentication/xpack_login.html'
2019-02-27 00:45:00 +00:00
return template_name
def get(self, request, *args, **kwargs):
if request.user.is_staff:
return redirect(redirect_user_first_login_or_index(
request, self.redirect_field_name)
)
# show jumpserver login page if request http://{JUMP-SERVER}/?admin=1
if settings.AUTH_OPENID and not self.request.GET.get('admin', 0):
query_string = request.GET.urlencode()
Config (#3502) * [Update] 修改config * [Update] 移动存储设置到到terminal中 * [Update] 修改permission 查看 * [Update] pre merge * [Update] 录像存储 * [Update] 命令存储 * [Update] 添加存储测试可连接性 * [Update] 修改 meta 值的 key 为大写 * [Update] 修改 Terminal 相关 Storage 配置 * [Update] 删除之前获取录像/命令存储的代码 * [Update] 修改导入失败 * [Update] 迁移文件添加default存储 * [Update] 删除之前代码,添加help_text信息 * [Update] 删除之前代码 * [Update] 删除之前代码 * [Update] 抽象命令/录像存储 APIView * [Update] 抽象命令/录像存储 APIView 1 * [Update] 抽象命令/录像存储 DictField * [Update] 抽象命令/录像存储列表页面 * [Update] 修复CustomDictField的bug * [Update] RemoteApp 页面添加 hidden * [Update] 用户页面添加用户关联授权 * [Update] 修改存储测试可连接性 target * [Update] 修改配置 * [Update] 修改存储前端 Form 渲染逻辑 * [Update] 修改存储细节 * [Update] 统一存储类型到 const 文件 * [Update] 修改迁移文件及Model,创建默认存储 * [Update] 修改迁移文件及Model初始化默认数据 * [Update] 修改迁移文件 * [Update] 修改迁移文件 * [Update] 修改迁移文件 * [Update] 修改迁移文件 * [Update] 修改迁移文件 * [Update] 修改迁移文件 * [Update] 修改迁移文件 * [Update] 限制删除默认存储配置,只允许创建扩展的存储类型 * [Update] 修改ip字段长度 * [Update] 修改ip字段长度 * [Update] 修改一些css * [Update] 修改关联 * [Update] 添加操作日志定时清理 * [Update] 修改记录syslog的instance encoder * [Update] 忽略登录产生的操作日志 * [Update] 限制更新存储时不覆盖原有AK SK 等字段 * [Update] 修改迁移文件添加comment字段 * [Update] 修改迁移文件 * [Update] 添加 comment 字段 * [Update] 修改默认存储no -> null * [Update] 修改细节 * [Update] 更新翻译(存储配置 * [Update] 修改定时任务注册,修改系统用户资产、节点关系api * [Update] 添加监控磁盘任务 * [Update] 修改session * [Update] 拆分serializer * [Update] 还原setting原来的manager
2019-12-05 07:09:25 +00:00
openid_login_url = reverse_lazy("authentication:openid:openid-login")
login_url = "{}?{}".format(openid_login_url, query_string)
return redirect(login_url)
2019-02-27 00:45:00 +00:00
request.session.set_test_cookie()
return super().get(request, *args, **kwargs)
def form_valid(self, form):
if not self.request.session.test_cookie_worked():
return HttpResponse(_("Please enable cookies and try again."))
2019-11-05 10:46:29 +00:00
try:
self.check_user_auth()
except errors.AuthFailedError as e:
form.add_error(None, e.msg)
ip = self.get_request_ip()
cache.set(self.key_prefix_captcha.format(ip), 1, 3600)
2019-11-11 02:58:11 +00:00
new_form = self.form_class_captcha(data=form.data)
new_form._errors = form.errors
context = self.get_context_data(form=new_form)
2019-11-05 10:46:29 +00:00
return self.render_to_response(context)
return self.redirect_to_guard_view()
2019-02-27 00:45:00 +00:00
2019-11-05 10:46:29 +00:00
def redirect_to_guard_view(self):
guard_url = reverse('authentication:login-guard')
args = self.request.META.get('QUERY_STRING', '')
2019-11-06 06:40:41 +00:00
if args:
2019-11-05 10:46:29 +00:00
guard_url = "%s?%s" % (guard_url, args)
return redirect(guard_url)
2019-10-25 11:20:28 +00:00
2019-02-27 00:45:00 +00:00
def get_form_class(self):
ip = get_request_ip(self.request)
if cache.get(self.key_prefix_captcha.format(ip)):
return self.form_class_captcha
else:
return self.form_class
def get_context_data(self, **kwargs):
context = {
'demo_mode': os.environ.get("DEMO_MODE"),
'AUTH_OPENID': settings.AUTH_OPENID,
}
kwargs.update(context)
return super().get_context_data(**kwargs)
2019-11-05 10:46:29 +00:00
class UserLoginGuardView(mixins.AuthMixin, RedirectView):
2019-10-25 11:20:28 +00:00
redirect_field_name = 'next'
2019-11-05 10:46:29 +00:00
login_url = reverse_lazy('authentication:login')
login_otp_url = reverse_lazy('authentication:login-otp')
login_confirm_url = reverse_lazy('authentication:login-wait-confirm')
def format_redirect_url(self, url):
args = self.request.META.get('QUERY_STRING', '')
if args and self.query_string:
url = "%s?%s" % (url, args)
return url
2019-10-25 11:20:28 +00:00
def get_redirect_url(self, *args, **kwargs):
2019-11-08 12:17:25 +00:00
try:
user = self.check_user_auth_if_need()
self.check_user_mfa_if_need(user)
self.check_user_login_confirm_if_need(user)
except errors.CredentialError:
2019-11-05 10:46:29 +00:00
return self.format_redirect_url(self.login_url)
2019-11-08 12:17:25 +00:00
except errors.MFARequiredError:
2019-11-05 10:46:29 +00:00
return self.format_redirect_url(self.login_otp_url)
2019-11-08 12:17:25 +00:00
except errors.LoginConfirmBaseError:
return self.format_redirect_url(self.login_confirm_url)
2019-02-27 00:45:00 +00:00
else:
2019-11-18 08:30:26 +00:00
# 启用但是没有设置otp, 排除radius
if user.mfa_enabled_but_not_set():
2019-11-08 12:17:25 +00:00
# 1,2,mfa_setting & F
set_tmp_user_to_cache(self.request, user)
2019-11-08 12:17:25 +00:00
return reverse('users:user-otp-enable-authentication')
auth_login(self.request, user)
self.send_auth_signal(success=True, user=user)
self.clear_auth_mark()
2019-11-08 12:17:25 +00:00
url = redirect_user_first_login_or_index(
self.request, self.redirect_field_name
2019-02-27 00:45:00 +00:00
)
2019-11-08 12:17:25 +00:00
return url
2019-02-27 00:45:00 +00:00
2019-10-25 11:20:28 +00:00
class UserLoginWaitConfirmView(TemplateView):
template_name = 'authentication/login_wait_confirm.html'
def get_context_data(self, **kwargs):
2019-11-15 10:55:35 +00:00
from tickets.models import Ticket
2019-11-07 10:06:58 +00:00
ticket_id = self.request.session.get("auth_ticket_id")
if not ticket_id:
ticket = None
else:
2019-11-15 10:55:35 +00:00
ticket = get_object_or_none(Ticket, pk=ticket_id)
context = super().get_context_data(**kwargs)
2019-11-07 10:06:58 +00:00
if ticket:
timestamp_created = datetime.datetime.timestamp(ticket.date_created)
2019-11-15 10:55:35 +00:00
ticket_detail_url = reverse('tickets:ticket-detail', kwargs={'pk': ticket_id})
msg = _("""Wait for <b>{}</b> confirm, You also can copy link to her/him <br/>
2019-11-07 10:06:58 +00:00
Don't close this page""").format(ticket.assignees_display)
else:
timestamp_created = 0
2019-11-07 10:06:58 +00:00
ticket_detail_url = ''
msg = _("No ticket found")
context.update({
"msg": msg,
"timestamp": timestamp_created,
2019-11-07 10:06:58 +00:00
"ticket_detail_url": ticket_detail_url
})
return context
2019-10-25 11:20:28 +00:00
2019-02-27 00:45:00 +00:00
@method_decorator(never_cache, name='dispatch')
class UserLogoutView(TemplateView):
template_name = 'flash_message_standalone.html'
def get(self, request, *args, **kwargs):
auth_logout(request)
next_uri = request.COOKIES.get("next")
if next_uri:
return redirect(next_uri)
response = super().get(request, *args, **kwargs)
return response
def get_context_data(self, **kwargs):
context = {
'title': _('Logout success'),
'messages': _('Logout success, return login page'),
'interval': 1,
'redirect_url': reverse('authentication:login'),
2019-02-27 00:45:00 +00:00
'auto_redirect': True,
}
kwargs.update(context)
return super().get_context_data(**kwargs)