jumpserver/apps/users/models.py

# ~*~ coding: utf-8 ~*~

from __future__ import unicode_literals

from django.conf import settings
from django.contrib.auth.hashers import make_password
from django.utils import timezone
from django.db import models
from django.contrib.auth.models import AbstractUser
from django.db.models.signals import post_save
from django.dispatch import receiver
from django.db import IntegrityError
from django.utils.translation import ugettext_lazy as _
from django.core import signing

from rest_framework.authtoken.models import Token

from common.utils import encrypt, decrypt, date_expired_default
from common.mixins import NoDeleteModelMixin


class UserGroup(NoDeleteModelMixin):
    name = models.CharField(max_length=100, unique=True, verbose_name=_('Name'))
    comment = models.TextField(blank=True, verbose_name=_('Comment'))
    date_created = models.DateTimeField(auto_now_add=True)
    created_by = models.CharField(max_length=100)

    def __unicode__(self):
        return self.name

    def has_member(self, user):
        if user in self.users.all():
            return True
        return False

    def delete(self):
        if self.name != 'Default':
            self.users.clear()
            return super(UserGroup, self).delete()
        return True

    class Meta:
        db_table = 'user_group'

    @classmethod
    def initial(cls):
        group, created = cls.objects.get_or_create(name='Default', comment='Default user group for all user',
                                                   created_by='System')
        return group

    @classmethod
    def generate_fake(cls, count=100):
        from random import seed, choice
        import forgery_py

        seed()
        for i in range(count):
            group = cls(name=forgery_py.name.full_name(),
                        comment=forgery_py.lorem_ipsum.sentence(),
                        created_by=choice(User.objects.all()).username)
            try:
                group.save()
            except IntegrityError:
                print('Error continue')
                continue


class User(AbstractUser):
    ROLE_CHOICES = (
        ('Admin', _('Administrator')),
        ('User', _('User')),
    )

    username = models.CharField(max_length=20, unique=True, verbose_name=_('Username'))
    name = models.CharField(max_length=20, blank=True, verbose_name=_('Name'))
    email = models.EmailField(max_length=30, unique=True, verbose_name=_('Email'))
    groups = models.ManyToManyField(UserGroup, related_name='users', blank=True, verbose_name=_('User group'))
    role = models.CharField(choices=ROLE_CHOICES, default='User', max_length=10, blank=True, verbose_name=_('Role'))
    avatar = models.ImageField(upload_to="avatar", verbose_name=_('Avatar'))
    wechat = models.CharField(max_length=30, blank=True, verbose_name=_('Wechat'))
    phone = models.CharField(max_length=20, blank=True, verbose_name=_('Phone'))
    enable_otp = models.BooleanField(default=False, verbose_name=_('Enable OTP'))
    secret_key_otp = models.CharField(max_length=16, blank=True)
    _private_key = models.CharField(max_length=5000, blank=True, verbose_name=_('ssh private key'))
    _public_key = models.CharField(max_length=1000, blank=True, verbose_name=_('ssh public key'))
    comment = models.TextField(max_length=200, blank=True, verbose_name=_('Comment'))
    is_first_login = models.BooleanField(default=False)
    date_expired = models.DateTimeField(default=date_expired_default, blank=True, null=True,
                                        verbose_name=_('Date expired'))
    created_by = models.CharField(max_length=30, default='', verbose_name=_('Created by'))

    @property
    def password_raw(self):
        raise AttributeError('Password raw is not readable attribute')

    #: Use this attr to set user object password, example
    #: user = User(username='example', password_raw='password', ...)
    #: It's equal:
    #: user = User(username='example', ...)
    #: user.set_password('password')
    @password_raw.setter
    def password_raw(self, password_raw_):
        self.set_password(password_raw_)

    @property
    def is_expired(self):
        if self.date_expired > timezone.now():
            return False
        else:
            return True

    @property
    def private_key(self):
        return decrypt(self._private_key)

    @private_key.setter
    def private_key(self, private_key_raw):
        self._private_key = encrypt(private_key_raw)

    @property
    def public_key(self):
        return decrypt(self._public_key)

    @public_key.setter
    def public_key(self, public_key_raw):
        self._public_key = encrypt(public_key_raw)

    @property
    def is_superuser(self):
        if self.role == 'Admin':
            return True
        else:
            return False

    @is_superuser.setter
    def is_superuser(self, value):
        if value is True:
            self.role = 'Admin'
        else:
            self.role = 'User'

    @property
    def is_staff(self):
        if self.is_authenticated and self.is_active and not self.is_expired and self.is_superuser:
            return True
        else:
            return False

    @is_staff.setter
    def is_staff(self, value):
        pass

    def save(self, *args, **kwargs):
        if not self.name:
            self.name = self.username

        super(User, self).save(*args, **kwargs)
        # Add the current user to the default group.
        group = UserGroup.initial()
        self.groups.add(group)

    @property
    def private_token(self):
        return self.get_private_token()

    def get_private_token(self):
        try:
            token = Token.objects.get(user=self)
        except Token.DoesNotExist:
            token = Token.objects.create(user=self)

        return token.key

    def refresh_private_token(self):
        Token.objects.filter(user=self).delete()
        return Token.objects.create(user=self)

    def generate_reset_token(self):
        return signing.dumps({'reset': self.id, 'email': self.email})

    def is_member_of(self, user_group):
        if user_group in self.groups.all():
            return True
        return False

    @classmethod
    def validate_reset_token(cls, token, max_age=3600):
        try:
            data = signing.loads(token, max_age=max_age)
            user_id = data.get('reset', None)
            user_email = data.get('email', '')
            user = cls.objects.get(id=user_id, email=user_email)

        except (signing.BadSignature, cls.DoesNotExist):
            user = None
        return user

    def reset_password(self, new_password):
        self.set_password(new_password)
        self.save()

    class Meta:
        db_table = 'user'

    #: Use this method initial user
    @classmethod
    def initial(cls):
        user = cls(username='admin',
                   email='admin@jumpserver.org',
                   name=_('Administrator'),
                   password_raw='admin',
                   role='Admin',
                   comment=_('Administrator is the super user of system'),
                   created_by=_('System'))
        user.save()
        user.groups.add(UserGroup.initial())

    def delete(self):
        if self.is_superuser:
            return
        return super(User, self).delete()

    @classmethod
    def generate_fake(cls, count=100):
        from random import seed, choice
        import forgery_py
        from django.db import IntegrityError

        seed()
        for i in range(count):
            user = cls(username=forgery_py.internet.user_name(True),
                       email=forgery_py.internet.email_address(),
                       name=forgery_py.name.full_name(),
                       password=make_password(forgery_py.lorem_ipsum.word()),
                       role=choice(dict(User.ROLE_CHOICES).keys()),
                       wechat=forgery_py.internet.user_name(True),
                       comment=forgery_py.lorem_ipsum.sentence(),
                       created_by=choice(cls.objects.all()).username)
            try:
                user.save()
            except IntegrityError:
                print('Duplicate Error, continue ...')
                continue
            user.groups.add(choice(UserGroup.objects.all()))
            user.save()


def init_all_models():
    for model in (UserGroup, User):
        if hasattr(model, 'initial'):
            model.initial()


def generate_fake():
    for model in (UserGroup, User):
        if hasattr(model, 'generate_fake'):
            model.generate_fake()


@receiver(post_save, sender=settings.AUTH_USER_MODEL)
def create_auth_token(sender, instance=None, created=False, **kwargs):
    if created:
        try:
            Token.objects.create(user=instance)
        except IntegrityError:
            pass
modify some issues 2016-08-13 16:40:21 +00:00			`# ~~ coding: utf-8 ~~`

Init project structure 2016-08-08 16:43:11 +00:00			`from __future__ import unicode_literals`

Add model user method: get_token set_token 2016-08-30 12:30:47 +00:00			`from django.conf import settings`
Add init data file 2016-08-20 17:16:30 +00:00			`from django.contrib.auth.hashers import make_password`
user-group delete implement 2016-09-19 07:47:58 +00:00			`from django.utils import timezone`
			`from django.db import models`
temp save for issue 8 2016-09-08 13:51:44 +00:00			`from django.contrib.auth.models import AbstractUser`
Add model user method: get_token set_token 2016-08-30 12:30:47 +00:00			`from django.db.models.signals import post_save`
			`from django.dispatch import receiver`
user-group delete implement 2016-09-19 07:47:58 +00:00			`from django.db import IntegrityError`
Add translation for support i18n 2016-09-03 16:51:36 +00:00			`from django.utils.translation import ugettext_lazy as _`
user-group delete implement 2016-09-19 07:47:58 +00:00			`from django.core import signing`

Add ssh-key-gen function 2016-08-30 17:00:20 +00:00			`from rest_framework.authtoken.models import Token`
添加 user 表结构，简单思考 2016-08-09 17:30:19 +00:00
Add user perm 2016-09-10 13:08:10 +00:00			`from common.utils import encrypt, decrypt, date_expired_default`
user-group delete implement 2016-09-19 07:47:58 +00:00			`from common.mixins import NoDeleteModelMixin`
Add user list view 2016-08-14 09:21:04 +00:00
modify some issues 2016-08-13 16:40:21 +00:00
user-group delete implement 2016-09-19 07:47:58 +00:00			`class UserGroup(NoDeleteModelMixin):`
Add translation for support i18n 2016-09-03 16:51:36 +00:00			`name = models.CharField(max_length=100, unique=True, verbose_name=_('Name'))`
			`comment = models.TextField(blank=True, verbose_name=_('Comment'))`
change date_added -> date_created 2016-09-06 08:50:19 +00:00			`date_created = models.DateTimeField(auto_now_add=True)`
modify some issues 2016-08-13 16:40:21 +00:00			`created_by = models.CharField(max_length=100)`
添加 user 表结构，简单思考 2016-08-09 17:30:19 +00:00
modify some issues 2016-08-13 16:40:21 +00:00			`def __unicode__(self):`
			`return self.name`

Add admin user list view 2016-09-07 16:40:59 +00:00			`def has_member(self, user):`
			`if user in self.users.all():`
			`return True`
			`return False`

user-group delete implement 2016-09-19 07:47:58 +00:00			`def delete(self):`
			`if self.name != 'Default':`
			`self.users.clear()`
			`return super(UserGroup, self).delete()`
			`return True`

modify some issues 2016-08-13 16:40:21 +00:00			`class Meta:`
Finish some bug 2016-09-19 17:13:50 +00:00			`db_table = 'user_group'`
modify some issues 2016-08-13 16:40:21 +00:00
Add common app common app used as write public api or templatetags modify user list view and user edit view 2016-08-15 16:09:48 +00:00			`@classmethod`
Add test case 2016-08-22 11:53:01 +00:00			`def initial(cls):`
user-group delete implement 2016-09-19 07:47:58 +00:00			`group, created = cls.objects.get_or_create(name='Default', comment='Default user group for all user',`
			`created_by='System')`
			`return group`
Add common app common app used as write public api or templatetags modify user list view and user edit view 2016-08-15 16:09:48 +00:00
Add UserGroup some View 2016-08-18 17:39:08 +00:00			`@classmethod`
			`def generate_fake(cls, count=100):`
temp save for issue 8 2016-09-08 13:51:44 +00:00			`from random import seed, choice`
Add UserGroup some View 2016-08-18 17:39:08 +00:00			`import forgery_py`

			`seed()`
			`for i in range(count):`
			`group = cls(name=forgery_py.name.full_name(),`
			`comment=forgery_py.lorem_ipsum.sentence(),`
user-group delete implement 2016-09-19 07:47:58 +00:00			`created_by=choice(User.objects.all()).username)`
Add UserGroup some View 2016-08-18 17:39:08 +00:00			`try:`
			`group.save()`
			`except IntegrityError:`
			`print('Error continue')`
			`continue`

modify some issues 2016-08-13 16:40:21 +00:00
			`class User(AbstractUser):`
Delete Model: Role 2016-08-24 09:14:21 +00:00			`ROLE_CHOICES = (`
Add translation for support i18n 2016-09-03 16:51:36 +00:00			`('Admin', _('Administrator')),`
			`('User', _('User')),`
Delete Model: Role 2016-08-24 09:14:21 +00:00			`)`

Add translation for support i18n 2016-09-03 16:51:36 +00:00			`username = models.CharField(max_length=20, unique=True, verbose_name=_('Username'))`
			`name = models.CharField(max_length=20, blank=True, verbose_name=_('Name'))`
			`email = models.EmailField(max_length=30, unique=True, verbose_name=_('Email'))`
Merge with cmdb 2016-09-06 07:09:00 +00:00			`groups = models.ManyToManyField(UserGroup, related_name='users', blank=True, verbose_name=_('User group'))`
Add translation for support i18n 2016-09-03 16:51:36 +00:00			`role = models.CharField(choices=ROLE_CHOICES, default='User', max_length=10, blank=True, verbose_name=_('Role'))`
			`avatar = models.ImageField(upload_to="avatar", verbose_name=_('Avatar'))`
			`wechat = models.CharField(max_length=30, blank=True, verbose_name=_('Wechat'))`
			`phone = models.CharField(max_length=20, blank=True, verbose_name=_('Phone'))`
			`enable_otp = models.BooleanField(default=False, verbose_name=_('Enable OTP'))`
Add init data file 2016-08-20 17:16:30 +00:00			`secret_key_otp = models.CharField(max_length=16, blank=True)`
Add admin user list view 2016-09-07 16:40:59 +00:00			`_private_key = models.CharField(max_length=5000, blank=True, verbose_name=_('ssh private key'))`
			`_public_key = models.CharField(max_length=1000, blank=True, verbose_name=_('ssh public key'))`
Add translation for support i18n 2016-09-03 16:51:36 +00:00			`comment = models.TextField(max_length=200, blank=True, verbose_name=_('Comment'))`
user-group delete implement 2016-09-19 07:47:58 +00:00			`is_first_login = models.BooleanField(default=False)`
Add translation for support i18n 2016-09-03 16:51:36 +00:00			`date_expired = models.DateTimeField(default=date_expired_default, blank=True, null=True,`
			`verbose_name=_('Date expired'))`
Asset add traslation 2016-09-04 09:15:26 +00:00			`created_by = models.CharField(max_length=30, default='', verbose_name=_('Created by'))`
添加 user 表结构，简单思考 2016-08-09 17:30:19 +00:00
Add test case 2016-08-22 11:53:01 +00:00			`@property`
			`def password_raw(self):`
			`raise AttributeError('Password raw is not readable attribute')`

			`#: Use this attr to set user object password, example`
			`#: user = User(username='example', password_raw='password', ...)`
			`#: It's equal:`
			`#: user = User(username='example', ...)`
			`#: user.set_password('password')`
			`@password_raw.setter`
Add admin user list view 2016-09-07 16:40:59 +00:00			`def password_raw(self, password_raw_):`
			`self.set_password(password_raw_)`
Add UserGroup some View 2016-08-18 17:39:08 +00:00
Delete Model: Role 2016-08-24 09:14:21 +00:00			`@property`
Add init data file 2016-08-20 17:16:30 +00:00			`def is_expired(self):`
			`if self.date_expired > timezone.now():`
			`return False`
			`else:`
			`return True`

Add admin user list view 2016-09-07 16:40:59 +00:00			`@property`
			`def private_key(self):`
			`return decrypt(self._private_key)`

			`@private_key.setter`
			`def private_key(self, private_key_raw):`
			`self._private_key = encrypt(private_key_raw)`

			`@property`
			`def public_key(self):`
			`return decrypt(self._public_key)`

			`@public_key.setter`
			`def public_key(self, public_key_raw):`
			`self._public_key = encrypt(public_key_raw)`

Delete Model: Role 2016-08-24 09:14:21 +00:00			`@property`
			`def is_superuser(self):`
			`if self.role == 'Admin':`
			`return True`
			`else:`
			`return False`

			`@is_superuser.setter`
			`def is_superuser(self, value):`
			`if value is True:`
			`self.role = 'Admin'`
			`else:`
			`self.role = 'User'`

			`@property`
			`def is_staff(self):`
Test permmision 2016-08-25 16:51:05 +00:00			`if self.is_authenticated and self.is_active and not self.is_expired and self.is_superuser:`
Delete Model: Role 2016-08-24 09:14:21 +00:00			`return True`
			`else:`
			`return False`

			`@is_staff.setter`
			`def is_staff(self, value):`
			`pass`

Add test case 2016-08-22 11:53:01 +00:00			`def save(self, args, *kwargs):`
			`if not self.name:`
			`self.name = self.username`
Delete Model: Role 2016-08-24 09:14:21 +00:00
Add user add view Test Case 2016-08-23 11:36:15 +00:00			`super(User, self).save(args, *kwargs)`
user-group delete implement 2016-09-19 07:47:58 +00:00			`# Add the current user to the default group.`
Add test case 2016-08-22 11:53:01 +00:00			`group = UserGroup.initial()`
user-group delete implement 2016-09-19 07:47:58 +00:00			`self.groups.add(group)`
Add test case 2016-08-22 11:53:01 +00:00
Add model user method: get_token set_token 2016-08-30 12:30:47 +00:00			`@property`
Add user generate reset password token 2016-08-31 11:28:06 +00:00			`def private_token(self):`
			`return self.get_private_token()`
Add model user method: get_token set_token 2016-08-30 12:30:47 +00:00
Add user generate reset password token 2016-08-31 11:28:06 +00:00			`def get_private_token(self):`
Add model user method: get_token set_token 2016-08-30 12:30:47 +00:00			`try:`
			`token = Token.objects.get(user=self)`
			`except Token.DoesNotExist:`
Add user generate reset password token 2016-08-31 11:28:06 +00:00			`token = Token.objects.create(user=self)`

			`return token.key`

			`def refresh_private_token(self):`
			`Token.objects.filter(user=self).delete()`
			`return Token.objects.create(user=self)`
Add model user method: get_token set_token 2016-08-30 12:30:47 +00:00
Add forget password and reset password 2016-09-01 15:09:58 +00:00			`def generate_reset_token(self):`
			`return signing.dumps({'reset': self.id, 'email': self.email})`
Add user generate reset password token 2016-08-31 11:28:06 +00:00
Add admin user list view 2016-09-07 16:40:59 +00:00			`def is_member_of(self, user_group):`
			`if user_group in self.groups.all():`
			`return True`
			`return False`

Add user generate reset password token 2016-08-31 11:28:06 +00:00			`@classmethod`
Add ico, Modify forget_password 2016-09-02 10:10:26 +00:00			`def validate_reset_token(cls, token, max_age=3600):`
Add user generate reset password token 2016-08-31 11:28:06 +00:00			`try:`
			`data = signing.loads(token, max_age=max_age)`
			`user_id = data.get('reset', None)`
			`user_email = data.get('email', '')`
			`user = cls.objects.get(id=user_id, email=user_email)`

Add translation for support i18n 2016-09-03 16:51:36 +00:00			`except (signing.BadSignature, cls.DoesNotExist):`
Add ico, Modify forget_password 2016-09-02 10:10:26 +00:00			`user = None`
			`return user`

			`def reset_password(self, new_password):`
			`self.set_password(new_password)`
			`self.save()`
Add model user method: get_token set_token 2016-08-30 12:30:47 +00:00
Add test case 2016-08-22 11:53:01 +00:00			`class Meta:`
			`db_table = 'user'`

Add model user method: get_token set_token 2016-08-30 12:30:47 +00:00			`#: Use this method initial user`
Add init data file 2016-08-20 17:16:30 +00:00			`@classmethod`
Add test case 2016-08-22 11:53:01 +00:00			`def initial(cls):`
Add init data file 2016-08-20 17:16:30 +00:00			`user = cls(username='admin',`
			`email='admin@jumpserver.org',`
Add translation for support i18n 2016-09-03 16:51:36 +00:00			`name=_('Administrator'),`
Add test case 2016-08-22 11:53:01 +00:00			`password_raw='admin',`
Delete Model: Role 2016-08-24 09:14:21 +00:00			`role='Admin',`
Add translation for support i18n 2016-09-03 16:51:36 +00:00			`comment=_('Administrator is the super user of system'),`
			`created_by=_('System'))`
Add init data file 2016-08-20 17:16:30 +00:00			`user.save()`
Add test case 2016-08-22 11:53:01 +00:00			`user.groups.add(UserGroup.initial())`
Add init data file 2016-08-20 17:16:30 +00:00
user bulk delete view 2016-09-23 08:30:59 +00:00			`def delete(self):`
			`if self.is_superuser:`
			`return`
			`return super(User, self).delete()`

Add UserGroup some View 2016-08-18 17:39:08 +00:00			`@classmethod`
			`def generate_fake(cls, count=100):`
Add init data file 2016-08-20 17:16:30 +00:00			`from random import seed, choice`
Add UserGroup some View 2016-08-18 17:39:08 +00:00			`import forgery_py`
			`from django.db import IntegrityError`

			`seed()`
			`for i in range(count):`
			`user = cls(username=forgery_py.internet.user_name(True),`
			`email=forgery_py.internet.email_address(),`
			`name=forgery_py.name.full_name(),`
			`password=make_password(forgery_py.lorem_ipsum.word()),`
Delete Model: Role 2016-08-24 09:14:21 +00:00			`role=choice(dict(User.ROLE_CHOICES).keys()),`
Add UserGroup some View 2016-08-18 17:39:08 +00:00			`wechat=forgery_py.internet.user_name(True),`
			`comment=forgery_py.lorem_ipsum.sentence(),`
user-group delete implement 2016-09-19 07:47:58 +00:00			`created_by=choice(cls.objects.all()).username)`
Add UserGroup some View 2016-08-18 17:39:08 +00:00			`try:`
			`user.save()`
			`except IntegrityError:`
Add test case 2016-08-22 11:53:01 +00:00			`print('Duplicate Error, continue ...')`
Add UserGroup some View 2016-08-18 17:39:08 +00:00			`continue`
			`user.groups.add(choice(UserGroup.objects.all()))`
			`user.save()`


Add init data file 2016-08-20 17:16:30 +00:00			`def init_all_models():`
Delete Model: Role 2016-08-24 09:14:21 +00:00			`for model in (UserGroup, User):`
user-group delete implement 2016-09-19 07:47:58 +00:00			`if hasattr(model, 'initial'):`
Add test case 2016-08-22 11:53:01 +00:00			`model.initial()`
Add UserGroup some View 2016-08-18 17:39:08 +00:00

Add init data file 2016-08-20 17:16:30 +00:00			`def generate_fake():`
Delete Model: Role 2016-08-24 09:14:21 +00:00			`for model in (UserGroup, User):`
user-group delete implement 2016-09-19 07:47:58 +00:00			`if hasattr(model, 'generate_fake'):`
Add init data file 2016-08-20 17:16:30 +00:00			`model.generate_fake()`
Add model user method: get_token set_token 2016-08-30 12:30:47 +00:00

			`@receiver(post_save, sender=settings.AUTH_USER_MODEL)`
			`def create_auth_token(sender, instance=None, created=False, **kwargs):`
			`if created:`
Add ssh-key-gen function 2016-08-30 17:00:20 +00:00			`try:`
			`Token.objects.create(user=instance)`
			`except IntegrityError:`
			`pass`