jumpserver/apps/authentication/utils.py

# -*- coding: utf-8 -*-
#
import ipaddress
from urllib.parse import urljoin, urlparse

from django.conf import settings
from django.utils.translation import gettext_lazy as _

from audits.const import DEFAULT_CITY
from users.models import User
from audits.models import UserLoginLog
from common.utils import get_logger, get_object_or_none
from common.utils import validate_ip, get_ip_city, get_request_ip
from .notifications import DifferentCityLoginMessage

logger = get_logger(__file__)


def check_different_city_login_if_need(user, request):
    if not settings.SECURITY_CHECK_DIFFERENT_CITY_LOGIN:
        return

    ip = get_request_ip(request) or '0.0.0.0'
    city_white = [_('LAN'), 'LAN']
    is_private = ipaddress.ip_address(ip).is_private
    if is_private:
        return
    usernames = [user.username, f"{user.name}({user.username})"]
    last_user_login = UserLoginLog.objects.exclude(
        city__in=city_white
    ).filter(username__in=usernames, status=True).first()
    if not last_user_login:
        return

    city = get_ip_city(ip)
    last_city = get_ip_city(last_user_login.ip)
    if city == last_city:
        return

    DifferentCityLoginMessage(user, ip, city).publish_async()


def build_absolute_uri(request, path=None):
    """ Build absolute redirect """
    if path is None:
        path = '/'
    site_url = urlparse(settings.SITE_URL)
    scheme = site_url.scheme or request.scheme
    host = request.get_host()
    url = f'{scheme}://{host}'
    redirect_uri = urljoin(url, path)
    return redirect_uri


def build_absolute_uri_for_oidc(request, path=None):
    """ Build absolute redirect uri for OIDC """
    if path is None:
        path = '/'
    if settings.BASE_SITE_URL:
        # OIDC 专用配置项
        redirect_uri = urljoin(settings.BASE_SITE_URL, path)
        return redirect_uri
    return build_absolute_uri(request, path=path)


def check_user_property_is_correct(username, **properties):
    user = get_object_or_none(User, username=username)
    for attr, value in properties.items():
        if getattr(user, attr, None) != value:
            user = None
            break
    return user
[Update] Stash 2019-02-27 00:45:00 +00:00			`# -- coding: utf-8 --`
			`#`
fix: 用户异地登陆bug 2022-08-12 10:36:17 +00:00			`import ipaddress`
fix: 修改认证重定向地址 scheme 取值逻辑 2022-08-17 07:20:42 +00:00			`from urllib.parse import urljoin, urlparse`
feat: 用户异地登陆 2021-09-27 11:06:26 +00:00
feat: 异地登录提醒可配置是否启用 2021-11-08 07:12:12 +00:00			`from django.conf import settings`
perf: 修改支持 Django4 2023-07-24 03:52:25 +00:00			`from django.utils.translation import gettext_lazy as _`
perf: password 等使用 rsa 加密传输 (#8188) * perf: 修改 model fields 路径 * stash it * pref: 统一加密方式，密码字段采用 rsa 加密 * pref: 临时密码使用 rsa * perf: 去掉 debug msg * perf: 去掉 Debug * perf: 去掉 debug * perf: 抽出来 Co-authored-by: ibuler <ibuler@qq.com> 2022-05-07 08:20:12 +00:00
			`from audits.const import DEFAULT_CITY`
fix: 解决手机号加密导致忘记密码判断总是失败问题 2024-01-08 09:50:09 +00:00			`from users.models import User`
perf: 修改支持 Django4 2023-07-24 03:52:25 +00:00			`from audits.models import UserLoginLog`
fix: 解决手机号加密导致忘记密码判断总是失败问题 2024-01-08 09:50:09 +00:00			`from common.utils import get_logger, get_object_or_none`
perf: 修改支持 Django4 2023-07-24 03:52:25 +00:00			`from common.utils import validate_ip, get_ip_city, get_request_ip`
perf: password 等使用 rsa 加密传输 (#8188) * perf: 修改 model fields 路径 * stash it * pref: 统一加密方式，密码字段采用 rsa 加密 * pref: 临时密码使用 rsa * perf: 去掉 debug msg * perf: 去掉 Debug * perf: 去掉 debug * perf: 抽出来 Co-authored-by: ibuler <ibuler@qq.com> 2022-05-07 08:20:12 +00:00			`from .notifications import DifferentCityLoginMessage`
feat(login password ecrypt): 登录密码加密传输 2020-06-30 09:12:38 +00:00
			`logger = get_logger(__file__)`


feat: 异地登录提醒可配置是否启用 2021-11-08 07:12:12 +00:00			`def check_different_city_login_if_need(user, request):`
			`if not settings.SECURITY_CHECK_DIFFERENT_CITY_LOGIN:`
			`return`

feat: 用户异地登陆 2021-09-27 11:06:26 +00:00			`ip = get_request_ip(request) or '0.0.0.0'`
fix: 用户异地登陆bug 2022-08-12 10:36:17 +00:00			`city_white = [_('LAN'), 'LAN']`
			`is_private = ipaddress.ip_address(ip).is_private`
perf: 优化校验登录城市名1 2023-10-09 06:39:13 +00:00			`if is_private:`
			`return`
fix: 登录日志不显示 2024-01-09 03:28:25 +00:00			`usernames = [user.username, f"{user.name}({user.username})"]`
perf: 优化校验登录城市名1 2023-10-09 06:39:13 +00:00			`last_user_login = UserLoginLog.objects.exclude(`
			`city__in=city_white`
fix: 登录日志不显示 2024-01-09 03:28:25 +00:00			`).filter(username__in=usernames, status=True).first()`
perf: 优化校验登录城市名1 2023-10-09 06:39:13 +00:00			`if not last_user_login:`
			`return`

			`city = get_ip_city(ip)`
			`last_city = get_ip_city(last_user_login.ip)`
			`if city == last_city:`
			`return`
perf: 异地登陆去掉本地判断 2021-11-02 07:41:25 +00:00
perf: 优化校验登录城市名1 2023-10-09 06:39:13 +00:00			`DifferentCityLoginMessage(user, ip, city).publish_async()`
feat: 认证方式支持OAuth2.0协议 (#8686) * feat: 认证方式支持OAuth2.0协议 * perf: 优化 OAuth2 认证逻辑和Logo (对接 Github) * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 Co-authored-by: Jiangjie.Bai <bugatti_it@163.com> 2022-08-04 06:40:33 +00:00

			`def build_absolute_uri(request, path=None):`
			`""" Build absolute redirect """`
			`if path is None:`
			`path = '/'`
fix: 修改认证重定向地址 scheme 取值逻辑 2022-08-17 07:20:42 +00:00			`site_url = urlparse(settings.SITE_URL)`
			`scheme = site_url.scheme or request.scheme`
			`host = request.get_host()`
			`url = f'{scheme}://{host}'`
			`redirect_uri = urljoin(url, path)`
feat: 认证方式支持OAuth2.0协议 (#8686) * feat: 认证方式支持OAuth2.0协议 * perf: 优化 OAuth2 认证逻辑和Logo (对接 Github) * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 Co-authored-by: Jiangjie.Bai <bugatti_it@163.com> 2022-08-04 06:40:33 +00:00			`return redirect_uri`


			`def build_absolute_uri_for_oidc(request, path=None):`
			`""" Build absolute redirect uri for OIDC """`
			`if path is None:`
			`path = '/'`
			`if settings.BASE_SITE_URL:`
			`# OIDC 专用配置项`
			`redirect_uri = urljoin(settings.BASE_SITE_URL, path)`
fix: 修改认证重定向地址 scheme 取值逻辑 2022-08-17 07:20:42 +00:00			`return redirect_uri`
			`return build_absolute_uri(request, path=path)`
fix: 解决手机号加密导致忘记密码判断总是失败问题 2024-01-08 09:50:09 +00:00

			`def check_user_property_is_correct(username, **properties):`
			`user = get_object_or_none(User, username=username)`
			`for attr, value in properties.items():`
			`if getattr(user, attr, None) != value:`
			`user = None`
			`break`
			`return user`