jumpserver/apps/users/views/user.py

565 lines
19 KiB
Python
Raw Normal View History

2017-01-17 08:34:47 +00:00
# ~*~ coding: utf-8 ~*~
from __future__ import unicode_literals
2017-01-25 13:19:16 +00:00
2017-01-17 08:34:47 +00:00
import json
2017-01-25 13:19:16 +00:00
import uuid
2017-04-08 16:45:28 +00:00
import csv
import codecs
2018-02-27 04:18:36 +00:00
import chardet
2017-04-08 16:45:28 +00:00
from io import StringIO
2017-01-25 13:19:16 +00:00
2017-12-18 10:38:30 +00:00
from django.contrib import messages
2017-01-25 13:19:16 +00:00
from django.contrib.auth.mixins import LoginRequiredMixin
2018-04-18 04:48:07 +00:00
from django.contrib.auth import authenticate, login as auth_login
2017-01-25 13:19:16 +00:00
from django.contrib.messages.views import SuccessMessageMixin
2017-01-17 08:34:47 +00:00
from django.core.cache import cache
from django.http import HttpResponse, JsonResponse
2017-01-25 13:19:16 +00:00
from django.shortcuts import redirect
2017-01-17 08:34:47 +00:00
from django.urls import reverse_lazy, reverse
from django.utils import timezone
from django.utils.translation import ugettext as _
from django.utils.decorators import method_decorator
from django.views import View
from django.views.generic.base import TemplateView
2018-02-27 04:18:36 +00:00
from django.db import transaction
2017-07-10 02:26:17 +00:00
from django.views.generic.edit import (
CreateView, UpdateView, FormMixin, FormView
)
2017-01-17 08:34:47 +00:00
from django.views.generic.detail import DetailView, SingleObjectMixin
from django.views.decorators.csrf import csrf_exempt
2017-03-30 08:28:00 +00:00
from django.contrib.auth import logout as auth_logout
2017-01-17 08:34:47 +00:00
from common.const import create_success_msg, update_success_msg
from common.mixins import JSONResponseMixin
from common.utils import get_logger, get_object_or_none, is_uuid, ssh_key_gen
from common.models import Setting
from common.permissions import AdminUserRequiredMixin
2017-01-25 13:19:16 +00:00
from .. import forms
from ..models import User, UserGroup
2018-07-25 10:18:18 +00:00
from ..utils import generate_otp_uri, check_otp_code, \
get_user_or_tmp_user, get_password_check_rules, check_password_rules, \
is_need_unblock
2018-02-27 04:18:36 +00:00
from ..signals import post_user_create
2018-04-18 04:48:07 +00:00
from ..tasks import write_login_log_async
2017-01-17 08:34:47 +00:00
2017-07-10 02:26:17 +00:00
__all__ = [
'UserListView', 'UserCreateView', 'UserDetailView',
2017-12-18 10:38:30 +00:00
'UserUpdateView',
'UserGrantedAssetView',
2017-07-10 02:26:17 +00:00
'UserExportView', 'UserBulkImportView', 'UserProfileView',
'UserProfileUpdateView', 'UserPasswordUpdateView',
'UserPublicKeyUpdateView', 'UserBulkUpdateView',
'UserPublicKeyGenerateView',
2018-04-18 04:48:07 +00:00
'UserOtpEnableAuthenticationView', 'UserOtpEnableInstallAppView',
'UserOtpEnableBindView', 'UserOtpSettingsSuccessView',
'UserOtpDisableAuthenticationView',
2017-07-10 02:26:17 +00:00
]
2017-01-25 13:19:16 +00:00
2017-01-17 08:34:47 +00:00
logger = get_logger(__name__)
class UserListView(AdminUserRequiredMixin, TemplateView):
2017-01-17 08:34:47 +00:00
template_name = 'users/user_list.html'
def get_context_data(self, **kwargs):
2017-12-18 10:38:30 +00:00
context = super().get_context_data(**kwargs)
2017-01-17 08:34:47 +00:00
context.update({
'app': _('Users'),
'action': _('User list'),
})
return context
class UserCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateView):
model = User
form_class = forms.UserCreateUpdateForm
template_name = 'users/user_create.html'
success_url = reverse_lazy('users:user-list')
success_message = create_success_msg
2017-01-17 08:34:47 +00:00
def get_context_data(self, **kwargs):
2017-12-18 10:38:30 +00:00
context = super().get_context_data(**kwargs)
2017-01-17 08:34:47 +00:00
context.update({'app': _('Users'), 'action': _('Create user')})
return context
def form_valid(self, form):
user = form.save(commit=False)
user.created_by = self.request.user.username or 'System'
user.save()
2018-04-03 08:28:58 +00:00
post_user_create.send(self.__class__, user=user)
2017-12-18 10:38:30 +00:00
return super().form_valid(form)
2017-01-17 08:34:47 +00:00
class UserUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateView):
2017-01-17 08:34:47 +00:00
model = User
form_class = forms.UserCreateUpdateForm
template_name = 'users/user_update.html'
context_object_name = 'user_object'
success_url = reverse_lazy('users:user-list')
success_message = update_success_msg
2017-01-17 08:34:47 +00:00
def get_context_data(self, **kwargs):
check_rules, min_length = get_password_check_rules()
context = {
'app': _('Users'),
'action': _('Update user'),
'password_check_rules': check_rules,
'min_length': min_length
}
2017-12-18 10:38:30 +00:00
kwargs.update(context)
return super().get_context_data(**kwargs)
2017-01-17 08:34:47 +00:00
def form_valid(self, form):
password = form.cleaned_data.get('password')
2018-06-08 10:40:31 +00:00
if not password:
return super().form_valid(form)
2018-06-08 10:40:31 +00:00
is_ok = check_password_rules(password)
if not is_ok:
form.add_error(
"password", _("* Your password does not meet the requirements")
)
return self.form_invalid(form)
return super().form_valid(form)
2017-01-17 08:34:47 +00:00
2017-12-18 10:38:30 +00:00
class UserBulkUpdateView(AdminUserRequiredMixin, TemplateView):
2017-04-12 03:50:15 +00:00
model = User
form_class = forms.UserBulkUpdateForm
template_name = 'users/user_bulk_update.html'
success_url = reverse_lazy('users:user-list')
2017-12-18 10:38:30 +00:00
success_message = _("Bulk update user success")
form = None
id_list = None
2017-04-12 03:50:15 +00:00
def get(self, request, *args, **kwargs):
users_id = self.request.GET.get('users_id', '')
2017-12-18 10:38:30 +00:00
self.id_list = [i for i in users_id.split(',')]
2017-04-12 03:50:15 +00:00
if kwargs.get('form'):
self.form = kwargs['form']
elif users_id:
self.form = self.form_class(
initial={'users': self.id_list}
)
else:
self.form = self.form_class()
2017-12-18 10:38:30 +00:00
return super().get(request, *args, **kwargs)
2017-04-12 03:50:15 +00:00
def post(self, request, *args, **kwargs):
form = self.form_class(request.POST)
if form.is_valid():
form.save()
2017-12-18 10:38:30 +00:00
messages.success(request, self.success_message)
2017-04-12 03:50:15 +00:00
return redirect(self.success_url)
else:
return self.get(request, form=form, *args, **kwargs)
def get_context_data(self, **kwargs):
context = {
'app': 'Assets',
'action': 'Bulk update asset',
'form': self.form,
'users_selected': self.id_list,
}
kwargs.update(context)
2017-12-18 10:38:30 +00:00
return super().get_context_data(**kwargs)
2017-04-12 03:50:15 +00:00
2017-01-17 08:34:47 +00:00
class UserDetailView(AdminUserRequiredMixin, DetailView):
model = User
template_name = 'users/user_detail.html'
context_object_name = "user_object"
key_prefix_block = "_LOGIN_BLOCK_{}"
2017-01-17 08:34:47 +00:00
def get_context_data(self, **kwargs):
user = self.get_object()
key_block = self.key_prefix_block.format(user.username)
2017-01-17 08:34:47 +00:00
groups = UserGroup.objects.exclude(id__in=self.object.groups.all())
context = {
'app': _('Users'),
'action': _('User detail'),
'groups': groups,
'unblock': is_need_unblock(key_block),
2017-01-17 08:34:47 +00:00
}
kwargs.update(context)
2017-12-18 10:38:30 +00:00
return super().get_context_data(**kwargs)
2017-04-08 16:45:28 +00:00
2017-01-17 08:34:47 +00:00
@method_decorator(csrf_exempt, name='dispatch')
class UserExportView(View):
2017-01-20 12:13:22 +00:00
def get(self, request):
2017-04-09 09:59:14 +00:00
fields = [
User._meta.get_field(name)
for name in [
2017-12-18 10:38:30 +00:00
'id', 'name', 'username', 'email', 'role',
'wechat', 'phone', 'is_active', 'comment',
2017-04-09 09:59:14 +00:00
]
2017-04-08 16:45:28 +00:00
]
2017-01-17 08:34:47 +00:00
spm = request.GET.get('spm', '')
2017-12-18 10:38:30 +00:00
users_id = cache.get(spm, [])
2017-04-08 16:45:28 +00:00
filename = 'users-{}.csv'.format(
2017-12-18 10:38:30 +00:00
timezone.localtime(timezone.now()).strftime('%Y-%m-%d_%H-%M-%S')
)
2017-04-08 16:45:28 +00:00
response = HttpResponse(content_type='text/csv')
response['Content-Disposition'] = 'attachment; filename="%s"' % filename
response.write(codecs.BOM_UTF8)
2017-01-17 08:34:47 +00:00
users = User.objects.filter(id__in=users_id)
2017-04-08 16:45:28 +00:00
writer = csv.writer(response, dialect='excel', quoting=csv.QUOTE_MINIMAL)
2017-04-09 09:59:14 +00:00
header = [field.verbose_name for field in fields]
header.append(_('User groups'))
2017-04-08 16:45:28 +00:00
writer.writerow(header)
2017-01-17 08:34:47 +00:00
for user in users:
2017-04-08 16:45:28 +00:00
groups = ','.join([group.name for group in user.groups.all()])
2017-04-09 09:59:14 +00:00
data = [getattr(user, field.name) for field in fields]
data.append(groups)
writer.writerow(data)
2017-01-17 08:34:47 +00:00
return response
2017-01-20 12:13:22 +00:00
def post(self, request):
2017-01-17 08:34:47 +00:00
try:
users_id = json.loads(request.body).get('users_id', [])
except ValueError:
return HttpResponse('Json object not valid', status=400)
2017-04-08 16:45:28 +00:00
spm = uuid.uuid4().hex
2017-01-17 08:34:47 +00:00
cache.set(spm, users_id, 300)
url = reverse('users:user-export') + '?spm=%s' % spm
return JsonResponse({'redirect': url})
class UserBulkImportView(AdminUserRequiredMixin, JSONResponseMixin, FormView):
form_class = forms.FileForm
def form_invalid(self, form):
try:
error = form.errors.values()[-1][-1]
except Exception as e:
error = _('Invalid file.')
data = {
'success': False,
'msg': error
}
return self.render_json_response(data)
2017-12-18 10:38:30 +00:00
# todo: need be patch, method to long
2017-01-17 08:34:47 +00:00
def form_valid(self, form):
2018-02-27 04:18:36 +00:00
f = form.cleaned_data['file']
det_result = chardet.detect(f.read())
f.seek(0) # reset file seek index
data = f.read().decode(det_result['encoding']).strip(codecs.BOM_UTF8.decode())
2017-04-08 16:45:28 +00:00
csv_file = StringIO(data)
reader = csv.reader(csv_file)
csv_data = [row for row in reader]
header_ = csv_data[0]
2017-04-09 09:59:14 +00:00
fields = [
User._meta.get_field(name)
for name in [
2017-12-18 10:38:30 +00:00
'id', 'name', 'username', 'email', 'role',
'wechat', 'phone', 'is_active', 'comment',
2017-04-09 09:59:14 +00:00
]
]
mapping_reverse = {field.verbose_name: field.name for field in fields}
mapping_reverse[_('User groups')] = 'groups'
attr = [mapping_reverse.get(n, None) for n in header_]
if None in attr:
2017-04-08 16:45:28 +00:00
data = {'valid': False,
'msg': 'Must be same format as '
'template or export file'}
2017-01-17 08:34:47 +00:00
return self.render_json_response(data)
2017-04-08 16:45:28 +00:00
created, updated, failed = [], [], []
for row in csv_data[1:]:
if set(row) == {''}:
continue
2017-04-09 09:59:14 +00:00
user_dict = dict(zip(attr, row))
id_ = user_dict.pop('id')
2017-04-09 09:59:14 +00:00
for k, v in user_dict.items():
2017-12-18 10:38:30 +00:00
if k in ['is_active']:
2017-04-09 09:59:14 +00:00
if v.lower() == 'false':
v = False
else:
v = bool(v)
elif k == 'groups':
groups_name = v.split(',')
v = UserGroup.objects.filter(name__in=groups_name)
else:
continue
user_dict[k] = v
2018-02-27 04:18:36 +00:00
user = get_object_or_none(User, id=id_) if id_ and is_uuid(id_) else None
2017-04-08 16:45:28 +00:00
if not user:
try:
2018-02-27 04:18:36 +00:00
with transaction.atomic():
groups = user_dict.pop('groups')
user = User.objects.create(**user_dict)
user.groups.set(groups)
created.append(user_dict['username'])
post_user_create.send(self.__class__, user=user)
2017-04-08 16:45:28 +00:00
except Exception as e:
failed.append('%s: %s' % (user_dict['username'], str(e)))
else:
for k, v in user_dict.items():
2017-04-09 09:59:14 +00:00
if k == 'groups':
user.groups.set(v)
continue
2017-04-08 16:45:28 +00:00
if v:
setattr(user, k, v)
try:
user.save()
updated.append(user_dict['username'])
except Exception as e:
failed.append('%s: %s' % (user_dict['username'], str(e)))
2017-01-17 08:34:47 +00:00
data = {
'created': created,
'created_info': 'Created {}'.format(len(created)),
'updated': updated,
'updated_info': 'Updated {}'.format(len(updated)),
'failed': failed,
'failed_info': 'Failed {}'.format(len(failed)),
'valid': True,
'msg': 'Created: {}. Updated: {}, Error: {}'.format(
len(created), len(updated), len(failed))
}
return self.render_json_response(data)
class UserGrantedAssetView(AdminUserRequiredMixin, DetailView):
model = User
template_name = 'users/user_granted_asset.html'
2017-12-18 10:38:30 +00:00
object = None
2017-01-17 08:34:47 +00:00
def get_context_data(self, **kwargs):
context = {
2017-12-31 04:20:08 +00:00
'app': _('Users'),
'action': _('User granted assets'),
2017-01-17 08:34:47 +00:00
}
kwargs.update(context)
2017-12-18 10:38:30 +00:00
return super().get_context_data(**kwargs)
2017-01-25 13:19:16 +00:00
class UserProfileView(LoginRequiredMixin, TemplateView):
template_name = 'users/user_profile.html'
def get_context_data(self, **kwargs):
mfa_setting = Setting.objects.filter(name='SECURITY_MFA_AUTH').first()
2017-01-25 13:19:16 +00:00
context = {
2017-12-31 04:20:08 +00:00
'action': _('Profile'),
'mfa_setting': mfa_setting.cleaned_value if mfa_setting else False,
2017-01-25 13:19:16 +00:00
}
kwargs.update(context)
2017-12-18 10:38:30 +00:00
return super().get_context_data(**kwargs)
2017-03-29 16:51:36 +00:00
class UserProfileUpdateView(LoginRequiredMixin, UpdateView):
template_name = 'users/user_profile_update.html'
model = User
form_class = forms.UserProfileForm
success_url = reverse_lazy('users:user-profile')
def get_object(self, queryset=None):
return self.request.user
def get_context_data(self, **kwargs):
context = {
2017-12-31 04:20:08 +00:00
'app': _('User'),
'action': _('Profile setting'),
2017-03-30 08:28:00 +00:00
}
kwargs.update(context)
2017-12-18 10:38:30 +00:00
return super().get_context_data(**kwargs)
2017-03-30 08:28:00 +00:00
class UserPasswordUpdateView(LoginRequiredMixin, UpdateView):
template_name = 'users/user_password_update.html'
model = User
form_class = forms.UserPasswordForm
success_url = reverse_lazy('users:user-profile')
def get_object(self, queryset=None):
return self.request.user
def get_context_data(self, **kwargs):
check_rules, min_length = get_password_check_rules()
2017-03-30 08:28:00 +00:00
context = {
2017-12-31 04:20:08 +00:00
'app': _('Users'),
'action': _('Password update'),
'password_check_rules': check_rules,
'min_length': min_length,
2017-03-30 08:28:00 +00:00
}
kwargs.update(context)
2017-12-18 10:38:30 +00:00
return super().get_context_data(**kwargs)
2017-03-30 08:28:00 +00:00
def get_success_url(self):
auth_logout(self.request)
2017-12-18 10:38:30 +00:00
return super().get_success_url()
2017-03-30 08:28:00 +00:00
def form_valid(self, form):
password = form.cleaned_data.get('new_password')
is_ok = check_password_rules(password)
if not is_ok:
form.add_error(
"new_password",
_("* Your password does not meet the requirements")
)
return self.form_invalid(form)
return super().form_valid(form)
2017-03-30 08:28:00 +00:00
class UserPublicKeyUpdateView(LoginRequiredMixin, UpdateView):
template_name = 'users/user_pubkey_update.html'
model = User
form_class = forms.UserPublicKeyForm
success_url = reverse_lazy('users:user-profile')
def get_object(self, queryset=None):
return self.request.user
def get_context_data(self, **kwargs):
context = {
2017-12-31 04:20:08 +00:00
'app': _('Users'),
'action': _('Public key update'),
2017-03-29 16:51:36 +00:00
}
kwargs.update(context)
2017-12-18 10:38:30 +00:00
return super().get_context_data(**kwargs)
class UserPublicKeyGenerateView(LoginRequiredMixin, View):
2018-04-18 04:48:07 +00:00
def get(self, request, *args, **kwargs):
private, public = ssh_key_gen(username=request.user.username, hostname='jumpserver')
request.user.public_key = public
request.user.save()
response = HttpResponse(private, content_type='text/plain')
filename = "{0}-jumpserver.pem".format(request.user.username)
response['Content-Disposition'] = 'attachment; filename={}'.format(filename)
return response
2018-04-18 04:48:07 +00:00
class UserOtpEnableAuthenticationView(FormView):
template_name = 'users/user_password_authentication.html'
form_class = forms.UserCheckPasswordForm
def get_form(self, form_class=None):
user = get_user_or_tmp_user(self.request)
2018-04-18 04:48:07 +00:00
form = super().get_form(form_class=form_class)
2018-04-19 03:13:11 +00:00
form['username'].initial = user.username
2018-04-18 04:48:07 +00:00
return form
def get_context_data(self, **kwargs):
user = get_user_or_tmp_user(self.request)
2018-04-18 04:48:07 +00:00
context = {
2018-04-19 03:13:11 +00:00
'user': user
2018-04-18 04:48:07 +00:00
}
kwargs.update(context)
return super().get_context_data(**kwargs)
def form_valid(self, form):
user = get_user_or_tmp_user(self.request)
2018-04-18 04:48:07 +00:00
password = form.cleaned_data.get('password')
user = authenticate(username=user.username, password=password)
if not user:
form.add_error("password", _("Password invalid"))
return self.form_invalid(form)
return redirect(self.get_success_url())
def get_success_url(self):
return reverse('users:user-otp-enable-install-app')
class UserOtpEnableInstallAppView(TemplateView):
template_name = 'users/user_otp_enable_install_app.html'
def get_context_data(self, **kwargs):
user = get_user_or_tmp_user(self.request)
2018-04-18 04:48:07 +00:00
context = {
2018-04-19 03:13:11 +00:00
'user': user
2018-04-18 04:48:07 +00:00
}
kwargs.update(context)
return super().get_context_data(**kwargs)
class UserOtpEnableBindView(TemplateView, FormView):
template_name = 'users/user_otp_enable_bind.html'
form_class = forms.UserCheckOtpCodeForm
success_url = reverse_lazy('users:user-otp-settings-success')
def get_context_data(self, **kwargs):
user = get_user_or_tmp_user(self.request)
2018-04-18 04:48:07 +00:00
context = {
2018-04-19 03:13:11 +00:00
'otp_uri': generate_otp_uri(self.request),
'user': user
2018-04-18 04:48:07 +00:00
}
kwargs.update(context)
return super().get_context_data(**kwargs)
def form_valid(self, form):
otp_code = form.cleaned_data.get('otp_code')
2018-04-19 03:13:11 +00:00
otp_secret_key = cache.get(self.request.session.session_key+'otp_key', '')
2018-04-18 04:48:07 +00:00
if check_otp_code(otp_secret_key, otp_code):
self.save_otp(otp_secret_key)
return super().form_valid(form)
else:
2018-04-20 03:23:31 +00:00
form.add_error("otp_code", _("MFA code invalid"))
2018-04-18 04:48:07 +00:00
return self.form_invalid(form)
def save_otp(self, otp_secret_key):
user = get_user_or_tmp_user(self.request)
2018-04-18 04:48:07 +00:00
user.enable_otp()
user.otp_secret_key = otp_secret_key
user.save()
class UserOtpDisableAuthenticationView(FormView):
template_name = 'users/user_otp_authentication.html'
form_class = forms.UserCheckOtpCodeForm
success_url = reverse_lazy('users:user-otp-settings-success')
def form_valid(self, form):
user = self.request.user
otp_code = form.cleaned_data.get('otp_code')
otp_secret_key = user.otp_secret_key
if check_otp_code(otp_secret_key, otp_code):
user.disable_otp()
user.save()
return super().form_valid(form)
else:
2018-04-20 03:23:31 +00:00
form.add_error('otp_code', _('MFA code invalid'))
2018-04-18 04:48:07 +00:00
return super().form_invalid(form)
class UserOtpSettingsSuccessView(TemplateView):
template_name = 'flash_message_standalone.html'
2018-04-19 03:13:11 +00:00
# def get(self, request, *args, **kwargs):
# return super().get(request, *args, **kwargs)
2018-04-18 04:48:07 +00:00
def get_context_data(self, **kwargs):
title, describe = self.get_title_describe()
context = {
'title': title,
'messages': describe,
'interval': 1,
'redirect_url': reverse('users:login'),
'auto_redirect': True,
}
kwargs.update(context)
return super().get_context_data(**kwargs)
def get_title_describe(self):
user = get_user_or_tmp_user(self.request)
2018-04-19 03:13:11 +00:00
if self.request.user.is_authenticated:
auth_logout(self.request)
2018-04-20 03:23:31 +00:00
title = _('MFA enable success')
describe = _('MFA enable success, return login page')
2018-04-18 04:48:07 +00:00
if not user.otp_enabled:
2018-04-20 03:23:31 +00:00
title = _('MFA disable success')
describe = _('MFA disable success, return login page')
2018-04-18 04:48:07 +00:00
return title, describe