2020-09-07 09:42:59 +00:00
|
|
|
|
from django.conf import settings
|
|
|
|
|
from django.contrib.auth import user_logged_in
|
|
|
|
|
from django.core.cache import cache
|
2018-11-27 02:21:47 +00:00
|
|
|
|
from django.dispatch import receiver
|
2020-09-14 03:22:45 +00:00
|
|
|
|
from django_cas_ng.signals import cas_user_authenticated
|
2019-02-27 00:45:00 +00:00
|
|
|
|
|
2022-08-09 03:24:28 +00:00
|
|
|
|
from apps.jumpserver.settings.auth import AUTHENTICATION_BACKENDS_THIRD_PARTY
|
2023-09-18 08:20:55 +00:00
|
|
|
|
from audits.models import UserSession
|
2024-04-03 08:41:37 +00:00
|
|
|
|
from common.sessions.cache import user_session_manager
|
2022-08-24 03:41:48 +00:00
|
|
|
|
from .signals import post_auth_success, post_auth_failed, user_auth_failed, user_auth_success
|
2018-11-09 06:54:38 +00:00
|
|
|
|
|
|
|
|
|
|
2020-09-07 09:42:59 +00:00
|
|
|
|
@receiver(user_logged_in)
|
|
|
|
|
def on_user_auth_login_success(sender, user, request, **kwargs):
|
2022-03-08 05:35:40 +00:00
|
|
|
|
# 失效 perms 缓存
|
2022-03-17 06:08:16 +00:00
|
|
|
|
user.expire_rbac_perms_cache()
|
2022-03-08 05:35:40 +00:00
|
|
|
|
|
2021-11-10 03:30:48 +00:00
|
|
|
|
# 开启了 MFA,且没有校验过, 可以全局校验, middleware 中可以全局管理 oidc 等第三方认证的 MFA
|
2022-02-08 09:33:18 +00:00
|
|
|
|
if settings.SECURITY_MFA_AUTH_ENABLED_FOR_THIRD_PARTY \
|
|
|
|
|
and user.mfa_enabled \
|
|
|
|
|
and not request.session.get('auth_mfa'):
|
2021-08-26 07:01:43 +00:00
|
|
|
|
request.session['auth_mfa_required'] = 1
|
2022-08-24 03:41:48 +00:00
|
|
|
|
if not request.session.get("auth_third_party_done") and \
|
|
|
|
|
request.session.get('auth_backend') in AUTHENTICATION_BACKENDS_THIRD_PARTY:
|
2022-08-09 03:24:28 +00:00
|
|
|
|
request.session['auth_third_party_required'] = 1
|
2023-09-18 08:20:55 +00:00
|
|
|
|
|
|
|
|
|
user_session_id = request.session.get('user_session_id')
|
|
|
|
|
UserSession.objects.filter(id=user_session_id).update(key=request.session.session_key)
|
2021-11-10 03:30:48 +00:00
|
|
|
|
# 单点登录,超过了自动退出
|
2020-09-07 09:42:59 +00:00
|
|
|
|
if settings.USER_LOGIN_SINGLE_MACHINE_ENABLED:
|
2022-03-08 05:35:40 +00:00
|
|
|
|
lock_key = 'single_machine_login_' + str(user.id)
|
|
|
|
|
session_key = cache.get(lock_key)
|
2020-09-07 09:42:59 +00:00
|
|
|
|
if session_key and session_key != request.session.session_key:
|
2024-04-03 08:41:37 +00:00
|
|
|
|
user_session_manager.remove(session_key)
|
2023-09-18 08:20:55 +00:00
|
|
|
|
UserSession.objects.filter(key=session_key).delete()
|
2022-03-08 05:35:40 +00:00
|
|
|
|
cache.set(lock_key, request.session.session_key, None)
|
2020-09-07 09:42:59 +00:00
|
|
|
|
|
|
|
|
|
|
2020-09-14 03:22:45 +00:00
|
|
|
|
@receiver(cas_user_authenticated)
|
|
|
|
|
def on_cas_user_login_success(sender, request, user, **kwargs):
|
2021-03-15 09:03:43 +00:00
|
|
|
|
request.session['auth_backend'] = settings.AUTH_BACKEND_CAS
|
2020-12-15 10:12:27 +00:00
|
|
|
|
post_auth_success.send(sender, user=user, request=request)
|
2021-12-09 07:47:21 +00:00
|
|
|
|
|
|
|
|
|
|
2022-08-24 03:41:48 +00:00
|
|
|
|
@receiver(user_auth_success)
|
|
|
|
|
def on_user_login_success(sender, request, user, backend, create=False, **kwargs):
|
|
|
|
|
request.session['auth_backend'] = backend
|
2022-08-04 06:40:33 +00:00
|
|
|
|
post_auth_success.send(sender, user=user, request=request)
|
|
|
|
|
|
|
|
|
|
|
2022-08-24 03:41:48 +00:00
|
|
|
|
@receiver(user_auth_failed)
|
|
|
|
|
def on_user_login_failed(sender, username, request, reason, backend, **kwargs):
|
|
|
|
|
request.session['auth_backend'] = backend
|
2022-08-04 06:40:33 +00:00
|
|
|
|
post_auth_failed.send(sender, username=username, request=request, reason=reason)
|