jumpserver/apps/authentication/serializers/connect_token.py

# -*- coding: utf-8 -*-
#
from rest_framework import serializers

from users.models import User
from assets.models import Asset, SystemUser, Gateway, Domain, CommandFilterRule
from applications.models import Application
from assets.serializers import ProtocolsField
from perms.serializers.base import ActionsField

__all__ = [
    'ConnectionTokenSerializer', 'ConnectionTokenApplicationSerializer',
    'ConnectionTokenUserSerializer', 'ConnectionTokenFilterRuleSerializer',
    'ConnectionTokenAssetSerializer', 'ConnectionTokenSystemUserSerializer',
    'ConnectionTokenDomainSerializer', 'ConnectionTokenRemoteAppSerializer',
    'ConnectionTokenGatewaySerializer', 'ConnectionTokenSecretSerializer',
    'SuperConnectionTokenSerializer'
]


class ConnectionTokenSerializer(serializers.Serializer):
    system_user = serializers.CharField(max_length=128, required=True)
    asset = serializers.CharField(max_length=128, required=False)
    application = serializers.CharField(max_length=128, required=False)

    @staticmethod
    def validate_system_user(system_user_id):
        from assets.models import SystemUser
        system_user = SystemUser.objects.filter(id=system_user_id).first()
        if system_user is None:
            raise serializers.ValidationError('system_user id not exist')
        return system_user

    @staticmethod
    def validate_asset(asset_id):
        from assets.models import Asset
        asset = Asset.objects.filter(id=asset_id).first()
        if asset is None:
            raise serializers.ValidationError('asset id not exist')
        return asset

    @staticmethod
    def validate_application(app_id):
        from applications.models import Application
        app = Application.objects.filter(id=app_id).first()
        if app is None:
            raise serializers.ValidationError('app id not exist')
        return app

    def validate(self, attrs):
        asset = attrs.get('asset')
        application = attrs.get('application')
        if not asset and not application:
            raise serializers.ValidationError('asset or application required')
        if asset and application:
            raise serializers.ValidationError('asset and application should only one')
        return super().validate(attrs)


class SuperConnectionTokenSerializer(ConnectionTokenSerializer):
    user = serializers.CharField(max_length=128, required=False, allow_blank=True)

    @staticmethod
    def validate_user(user_id):
        from users.models import User
        user = User.objects.filter(id=user_id).first()
        if user is None:
            raise serializers.ValidationError('user id not exist')
        return user


class ConnectionTokenUserSerializer(serializers.ModelSerializer):
    class Meta:
        model = User
        fields = ['id', 'name', 'username', 'email']


class ConnectionTokenAssetSerializer(serializers.ModelSerializer):
    protocols = ProtocolsField(label='Protocols', read_only=True)

    class Meta:
        model = Asset
        fields = ['id', 'hostname', 'ip', 'protocols', 'org_id']


class ConnectionTokenSystemUserSerializer(serializers.ModelSerializer):
    class Meta:
        model = SystemUser
        fields = ['id', 'name', 'username', 'password', 'private_key', 'protocol', 'ad_domain', 'org_id']


class ConnectionTokenGatewaySerializer(serializers.ModelSerializer):
    class Meta:
        model = Gateway
        fields = ['id', 'ip', 'port', 'username', 'password', 'private_key']


class ConnectionTokenRemoteAppSerializer(serializers.Serializer):
    program = serializers.CharField()
    working_directory = serializers.CharField()
    parameters = serializers.CharField()


class ConnectionTokenApplicationSerializer(serializers.ModelSerializer):
    attrs = serializers.JSONField(read_only=True)

    class Meta:
        model = Application
        fields = ['id', 'name', 'category', 'type', 'attrs', 'org_id']


class ConnectionTokenDomainSerializer(serializers.ModelSerializer):
    gateways = ConnectionTokenGatewaySerializer(many=True, read_only=True)

    class Meta:
        model = Domain
        fields = ['id', 'name', 'gateways']


class ConnectionTokenFilterRuleSerializer(serializers.ModelSerializer):
    class Meta:
        model = CommandFilterRule
        fields = [
            'id', 'type', 'content', 'ignore_case', 'pattern',
            'priority', 'action',
            'date_created',
        ]


class ConnectionTokenSecretSerializer(serializers.Serializer):
    id = serializers.CharField(read_only=True)
    secret = serializers.CharField(read_only=True)
    type = serializers.ChoiceField(choices=[('application', 'Application'), ('asset', 'Asset')])
    user = ConnectionTokenUserSerializer(read_only=True)
    asset = ConnectionTokenAssetSerializer(read_only=True)
    remote_app = ConnectionTokenRemoteAppSerializer(read_only=True)
    application = ConnectionTokenApplicationSerializer(read_only=True)
    system_user = ConnectionTokenSystemUserSerializer(read_only=True)
    cmd_filter_rules = ConnectionTokenFilterRuleSerializer(many=True)
    domain = ConnectionTokenDomainSerializer(read_only=True)
    gateway = ConnectionTokenGatewaySerializer(read_only=True)
    actions = ActionsField()
    expired_at = serializers.IntegerField()
[Update] 移动model 2019-02-28 09:58:53 +00:00			`# -- coding: utf-8 --`
			`#`
			`from rest_framework import serializers`

Dev beta (#3048) * [Update] 统一url地址 * [Update] 修改api * [Update] 使用规范的签名 * [Update] 修改url * [Update] 修改swagger * [Update] 添加serializer class避免报错 * [Update] 修改token * [Update] 支持api key * [Update] 支持生成api key * [Update] 修改api重定向 * [Update] 修改翻译 * [Update] 添加说明文档 * [Update] 修复浏览器关闭后session不失效的问题 * [Update] 修改一些内容 * [Update] 修改 jms脚本 * [Update] 修改重定向 * [Update] 修改搜索trim * [Update] 修改搜索trim * [Update] 添加sys log * [Bugfix] 修改登陆错误 * [Update] 优化User操作private_token的接口 (#3091) * [Update] 优化User操作private_token的接口 * [Update] 优化User操作private_token的接口 2 * [Bugfix] 解决授权了一个节点，当移动节点后，被移动的节点下的资产会放到未分组节点下的问题 * [Update] 升级jquery * [Update] 默认使用page * [Update] 修改使用Orgmodel view set * [Update] 支持 nv的硬盘 https://github.com/jumpserver/jumpserver/issues/1804 * [UPdate] 解决命令执行宽度问题 * [Update] 优化节点 * [Update] 修改nodes过多时创建比较麻烦 * [Update] 修改导入 * [Update] 节点获取更新 * [Update] 修改nodes * [Update] nodes显示full value * [Update] 统一使用nodes select2 函数 * [Update] 修改磁盘大小小数 * [Update] 修改 Node service * [Update] 优化授权节点 * [Update] 修改 node permission * [Update] 修改asset permission * [Stash] * [Update] 修改node assets api * [Update] 修改tree service，支持资产数量 * [Update] 修改暂时完成 * [Update] 修改一些bug 2019-08-21 12:27:21 +00:00			`from users.models import User`
Fix rbac (#7728) * perf: 重命名 signal handlers * fix: 修复 ticket processor 问题 * perf: 修改 ticket 处理人api * fix: 修复创建系统账号bug * fix: 升级celery_beat==2.2.1和flower==1.0.0;修改celery进程启动参数先后顺序 * perf: 修改 authentication token * fix: 修复上传权限bug * fix: 登录页面增加i18n切换; * fix: 系统角色删除限制 * perf: 修改一下 permissions tree * perf: 生成 i18n * perf: 修改一点点 Co-authored-by: ibuler <ibuler@qq.com> Co-authored-by: feng626 <1304903146@qq.com> Co-authored-by: Jiangjie.Bai <bugatti_it@163.com> 2022-03-02 12:48:43 +00:00			`from assets.models import Asset, SystemUser, Gateway, Domain, CommandFilterRule`
feat: 为rdp 添加一个api 2021-02-23 06:37:42 +00:00			`from applications.models import Application`
fix: 修改tokent中信息中没有返回 Protocols 的问题 fix: 优化protocols fix: session bpp token 时间加长 2021-04-29 06:18:52 +00:00			`from assets.serializers import ProtocolsField`
feat: 应用授权增加Action动作控制 2021-12-22 09:35:32 +00:00			`from perms.serializers.base import ActionsField`
[Update] 移动model 2019-02-28 09:58:53 +00:00
Dev beta (#3048) * [Update] 统一url地址 * [Update] 修改api * [Update] 使用规范的签名 * [Update] 修改url * [Update] 修改swagger * [Update] 添加serializer class避免报错 * [Update] 修改token * [Update] 支持api key * [Update] 支持生成api key * [Update] 修改api重定向 * [Update] 修改翻译 * [Update] 添加说明文档 * [Update] 修复浏览器关闭后session不失效的问题 * [Update] 修改一些内容 * [Update] 修改 jms脚本 * [Update] 修改重定向 * [Update] 修改搜索trim * [Update] 修改搜索trim * [Update] 添加sys log * [Bugfix] 修改登陆错误 * [Update] 优化User操作private_token的接口 (#3091) * [Update] 优化User操作private_token的接口 * [Update] 优化User操作private_token的接口 2 * [Bugfix] 解决授权了一个节点，当移动节点后，被移动的节点下的资产会放到未分组节点下的问题 * [Update] 升级jquery * [Update] 默认使用page * [Update] 修改使用Orgmodel view set * [Update] 支持 nv的硬盘 https://github.com/jumpserver/jumpserver/issues/1804 * [UPdate] 解决命令执行宽度问题 * [Update] 优化节点 * [Update] 修改nodes过多时创建比较麻烦 * [Update] 修改导入 * [Update] 节点获取更新 * [Update] 修改nodes * [Update] nodes显示full value * [Update] 统一使用nodes select2 函数 * [Update] 修改磁盘大小小数 * [Update] 修改 Node service * [Update] 优化授权节点 * [Update] 修改 node permission * [Update] 修改asset permission * [Stash] * [Update] 修改node assets api * [Update] 修改tree service，支持资产数量 * [Update] 修改暂时完成 * [Update] 修改一些bug 2019-08-21 12:27:21 +00:00			`__all__ = [`
feat: 添加临时 password (#8035) * perf: 添加 template password * perf: 修改id * perf: 修改翻译 * perf: 修改 tmp token * perf: 修改 token Co-authored-by: ibuler <ibuler@qq.com> 2022-04-13 12:24:56 +00:00			`'ConnectionTokenSerializer', 'ConnectionTokenApplicationSerializer',`
			`'ConnectionTokenUserSerializer', 'ConnectionTokenFilterRuleSerializer',`
			`'ConnectionTokenAssetSerializer', 'ConnectionTokenSystemUserSerializer',`
			`'ConnectionTokenDomainSerializer', 'ConnectionTokenRemoteAppSerializer',`
perf: connection token 分api权限 2022-04-24 09:00:48 +00:00			`'ConnectionTokenGatewaySerializer', 'ConnectionTokenSecretSerializer',`
			`'SuperConnectionTokenSerializer'`
Dev beta (#3048) * [Update] 统一url地址 * [Update] 修改api * [Update] 使用规范的签名 * [Update] 修改url * [Update] 修改swagger * [Update] 添加serializer class避免报错 * [Update] 修改token * [Update] 支持api key * [Update] 支持生成api key * [Update] 修改api重定向 * [Update] 修改翻译 * [Update] 添加说明文档 * [Update] 修复浏览器关闭后session不失效的问题 * [Update] 修改一些内容 * [Update] 修改 jms脚本 * [Update] 修改重定向 * [Update] 修改搜索trim * [Update] 修改搜索trim * [Update] 添加sys log * [Bugfix] 修改登陆错误 * [Update] 优化User操作private_token的接口 (#3091) * [Update] 优化User操作private_token的接口 * [Update] 优化User操作private_token的接口 2 * [Bugfix] 解决授权了一个节点，当移动节点后，被移动的节点下的资产会放到未分组节点下的问题 * [Update] 升级jquery * [Update] 默认使用page * [Update] 修改使用Orgmodel view set * [Update] 支持 nv的硬盘 https://github.com/jumpserver/jumpserver/issues/1804 * [UPdate] 解决命令执行宽度问题 * [Update] 优化节点 * [Update] 修改nodes过多时创建比较麻烦 * [Update] 修改导入 * [Update] 节点获取更新 * [Update] 修改nodes * [Update] nodes显示full value * [Update] 统一使用nodes select2 函数 * [Update] 修改磁盘大小小数 * [Update] 修改 Node service * [Update] 优化授权节点 * [Update] 修改 node permission * [Update] 修改asset permission * [Stash] * [Update] 修改node assets api * [Update] 修改tree service，支持资产数量 * [Update] 修改暂时完成 * [Update] 修改一些bug 2019-08-21 12:27:21 +00:00			`]`
[Update] 移动model 2019-02-28 09:58:53 +00:00

perf(authentication): 优化connection token的使用 2021-01-21 05:50:29 +00:00			`class ConnectionTokenSerializer(serializers.Serializer):`
			`system_user = serializers.CharField(max_length=128, required=True)`
feat: 为rdp 添加一个api 2021-02-23 06:37:42 +00:00			`asset = serializers.CharField(max_length=128, required=False)`
			`application = serializers.CharField(max_length=128, required=False)`
perf(authentication): 优化connection token的使用 2021-01-21 05:50:29 +00:00
			`@staticmethod`
			`def validate_system_user(system_user_id):`
			`from assets.models import SystemUser`
			`system_user = SystemUser.objects.filter(id=system_user_id).first()`
			`if system_user is None:`
			`raise serializers.ValidationError('system_user id not exist')`
			`return system_user`

			`@staticmethod`
			`def validate_asset(asset_id):`
			`from assets.models import Asset`
			`asset = Asset.objects.filter(id=asset_id).first()`
			`if asset is None:`
			`raise serializers.ValidationError('asset id not exist')`
			`return asset`
feat: 为rdp 添加一个api 2021-02-23 06:37:42 +00:00
			`@staticmethod`
			`def validate_application(app_id):`
			`from applications.models import Application`
			`app = Application.objects.filter(id=app_id).first()`
			`if app is None:`
			`raise serializers.ValidationError('app id not exist')`
			`return app`

			`def validate(self, attrs):`
			`asset = attrs.get('asset')`
			`application = attrs.get('application')`
			`if not asset and not application:`
			`raise serializers.ValidationError('asset or application required')`
			`if asset and application:`
			`raise serializers.ValidationError('asset and application should only one')`
			`return super().validate(attrs)`


perf: connection token 分api权限 2022-04-24 09:00:48 +00:00			`class SuperConnectionTokenSerializer(ConnectionTokenSerializer):`
			`user = serializers.CharField(max_length=128, required=False, allow_blank=True)`

			`@staticmethod`
			`def validate_user(user_id):`
			`from users.models import User`
			`user = User.objects.filter(id=user_id).first()`
			`if user is None:`
			`raise serializers.ValidationError('user id not exist')`
			`return user`


feat: 为rdp 添加一个api 2021-02-23 06:37:42 +00:00			`class ConnectionTokenUserSerializer(serializers.ModelSerializer):`
			`class Meta:`
			`model = User`
			`fields = ['id', 'name', 'username', 'email']`


			`class ConnectionTokenAssetSerializer(serializers.ModelSerializer):`
fix: 修改tokent中信息中没有返回 Protocols 的问题 fix: 优化protocols fix: session bpp token 时间加长 2021-04-29 06:18:52 +00:00			`protocols = ProtocolsField(label='Protocols', read_only=True)`

feat: 为rdp 添加一个api 2021-02-23 06:37:42 +00:00			`class Meta:`
			`model = Asset`
fix: 修改tokent中信息中没有返回 Protocols 的问题 fix: 优化protocols fix: session bpp token 时间加长 2021-04-29 06:18:52 +00:00			`fields = ['id', 'hostname', 'ip', 'protocols', 'org_id']`
feat: 为rdp 添加一个api 2021-02-23 06:37:42 +00:00

			`class ConnectionTokenSystemUserSerializer(serializers.ModelSerializer):`
			`class Meta:`
			`model = SystemUser`
Fix rbac (#7713) * fix: token 系统用户增加 protocol * fix: 修复清除orphan session时同时清除对应的 session_task * perf: 修改 connection token api * fix: 修复无法获取系统角色绑定的问题 * perf: 增加 db terminal 及 magnus 组件 * perf: 修改 migrations * fix: 修复AUTHENTICATION_BACKENDS相关的逻辑 * fix: 修改判断backend认证逻辑 * fix: 修复资产账号查看密码跳过mfa * fix: 修复用户组授权权限错误 * feat: 支持COS对象存储 * feat: 升级依赖 jms_storage==0.0.42 * fix: 修复 koko api 问题 * feat: 修改存储翻译信息 * perf: 修改 ticket 权限 * fix: 修复获取资产授权系统用户 get_queryset * perf: 抽取 ticket * perf: 修改 cmd filter 的权限 * fix: 修改 ticket perm * fix: 修复oidc依赖问题 Co-authored-by: Eric <xplzv@126.com> Co-authored-by: ibuler <ibuler@qq.com> Co-authored-by: 小冯 <xiaofeng@xiaofengdeMacBook-Pro.local> Co-authored-by: feng626 <1304903146@qq.com> 2022-02-28 11:28:58 +00:00			`fields = ['id', 'name', 'username', 'password', 'private_key', 'protocol', 'ad_domain', 'org_id']`
feat: 为rdp 添加一个api 2021-02-23 06:37:42 +00:00

			`class ConnectionTokenGatewaySerializer(serializers.ModelSerializer):`
			`class Meta:`
			`model = Gateway`
			`fields = ['id', 'ip', 'port', 'username', 'password', 'private_key']`


			`class ConnectionTokenRemoteAppSerializer(serializers.Serializer):`
			`program = serializers.CharField()`
			`working_directory = serializers.CharField()`
			`parameters = serializers.CharField()`


			`class ConnectionTokenApplicationSerializer(serializers.ModelSerializer):`
perf: 修改connection token domain perf: 添加 org_id 2022-02-18 03:24:57 +00:00			`attrs = serializers.JSONField(read_only=True)`

feat: 为rdp 添加一个api 2021-02-23 06:37:42 +00:00			`class Meta:`
			`model = Application`
perf: 修改connection token domain perf: 添加 org_id 2022-02-18 03:24:57 +00:00			`fields = ['id', 'name', 'category', 'type', 'attrs', 'org_id']`


			`class ConnectionTokenDomainSerializer(serializers.ModelSerializer):`
			`gateways = ConnectionTokenGatewaySerializer(many=True, read_only=True)`

			`class Meta:`
			`model = Domain`
			`fields = ['id', 'name', 'gateways']`
feat: 为rdp 添加一个api 2021-02-23 06:37:42 +00:00

Fix rbac (#7728) * perf: 重命名 signal handlers * fix: 修复 ticket processor 问题 * perf: 修改 ticket 处理人api * fix: 修复创建系统账号bug * fix: 升级celery_beat==2.2.1和flower==1.0.0;修改celery进程启动参数先后顺序 * perf: 修改 authentication token * fix: 修复上传权限bug * fix: 登录页面增加i18n切换; * fix: 系统角色删除限制 * perf: 修改一下 permissions tree * perf: 生成 i18n * perf: 修改一点点 Co-authored-by: ibuler <ibuler@qq.com> Co-authored-by: feng626 <1304903146@qq.com> Co-authored-by: Jiangjie.Bai <bugatti_it@163.com> 2022-03-02 12:48:43 +00:00			`class ConnectionTokenFilterRuleSerializer(serializers.ModelSerializer):`
			`class Meta:`
			`model = CommandFilterRule`
			`fields = [`
			`'id', 'type', 'content', 'ignore_case', 'pattern',`
			`'priority', 'action',`
			`'date_created',`
			`]`


feat: 为rdp 添加一个api 2021-02-23 06:37:42 +00:00			`class ConnectionTokenSecretSerializer(serializers.Serializer):`
pref: connection token 添加 secret 2022-02-14 09:38:30 +00:00			`id = serializers.CharField(read_only=True)`
			`secret = serializers.CharField(read_only=True)`
feat: 为rdp 添加一个api 2021-02-23 06:37:42 +00:00			`type = serializers.ChoiceField(choices=[('application', 'Application'), ('asset', 'Asset')])`
			`user = ConnectionTokenUserSerializer(read_only=True)`
			`asset = ConnectionTokenAssetSerializer(read_only=True)`
			`remote_app = ConnectionTokenRemoteAppSerializer(read_only=True)`
			`application = ConnectionTokenApplicationSerializer(read_only=True)`
			`system_user = ConnectionTokenSystemUserSerializer(read_only=True)`
Fix rbac (#7728) * perf: 重命名 signal handlers * fix: 修复 ticket processor 问题 * perf: 修改 ticket 处理人api * fix: 修复创建系统账号bug * fix: 升级celery_beat==2.2.1和flower==1.0.0;修改celery进程启动参数先后顺序 * perf: 修改 authentication token * fix: 修复上传权限bug * fix: 登录页面增加i18n切换; * fix: 系统角色删除限制 * perf: 修改一下 permissions tree * perf: 生成 i18n * perf: 修改一点点 Co-authored-by: ibuler <ibuler@qq.com> Co-authored-by: feng626 <1304903146@qq.com> Co-authored-by: Jiangjie.Bai <bugatti_it@163.com> 2022-03-02 12:48:43 +00:00			`cmd_filter_rules = ConnectionTokenFilterRuleSerializer(many=True)`
perf: 修改connection token domain perf: 添加 org_id 2022-02-18 03:24:57 +00:00			`domain = ConnectionTokenDomainSerializer(read_only=True)`
feat: 为rdp 添加一个api 2021-02-23 06:37:42 +00:00			`gateway = ConnectionTokenGatewaySerializer(read_only=True)`
			`actions = ActionsField()`
feat: rdp 添加授权过期自动断开 2021-07-05 08:20:42 +00:00			`expired_at = serializers.IntegerField()`