jumpserver/apps/users/api.py

# ~*~ coding: utf-8 ~*~
#

import base64

from django.core.cache import cache
from django.conf import settings
from rest_framework import generics, viewsets
from rest_framework.response import Response
from rest_framework.views import APIView
from rest_framework_bulk import BulkModelViewSet
from django_filters.rest_framework import DjangoFilterBackend

from common.mixins import IDInFilterMixin
from common.utils import get_logger
from .utils import check_user_valid, get_or_refresh_token
from .models import User, UserGroup
from .hands import write_login_log_async
from .permissions import IsSuperUser, IsAppUser, IsValidUser, IsSuperUserOrAppUser
from . import serializers


logger = get_logger(__name__)


class UserViewSet(IDInFilterMixin, BulkModelViewSet):
    queryset = User.objects.all()
    serializer_class = serializers.UserSerializer
    permission_classes = (IsSuperUser,)
    filter_backends = (DjangoFilterBackend,)
    filter_fields = ('username', 'email', 'name', 'id')


class UserUpdateGroupApi(generics.RetrieveUpdateAPIView):
    queryset = User.objects.all()
    serializer_class = serializers.UserUpdateGroupSerializer
    permission_classes = (IsSuperUser,)


class UserResetPasswordApi(generics.UpdateAPIView):
    queryset = User.objects.all()
    serializer_class = serializers.UserSerializer

    def perform_update(self, serializer):
        # Note: we are not updating the user object here.
        # We just do the reset-password staff.
        import uuid
        from .utils import send_reset_password_mail
        user = self.get_object()
        user.password_raw = str(uuid.uuid4())
        user.save()
        send_reset_password_mail(user)


class UserResetPKApi(generics.UpdateAPIView):
    queryset = User.objects.all()
    serializer_class = serializers.UserSerializer

    def perform_update(self, serializer):
        from .utils import send_reset_ssh_key_mail
        user = self.get_object()
        user.is_public_key_valid = False
        user.save()
        send_reset_ssh_key_mail(user)


class UserUpdatePKApi(generics.UpdateAPIView):
    queryset = User.objects.all()
    serializer_class = serializers.UserPKUpdateSerializer

    def perform_update(self, serializer):
        user = self.get_object()
        user.public_key = serializer.validated_data['_public_key']
        user.save()


class UserGroupViewSet(IDInFilterMixin, BulkModelViewSet):
    queryset = UserGroup.objects.all()
    serializer_class = serializers.UserGroupSerializer


class UserGroupUpdateUserApi(generics.RetrieveUpdateAPIView):
    queryset = UserGroup.objects.all()
    serializer_class = serializers.UserGroupUpdateMemeberSerializer
    permission_classes = (IsSuperUser,)


class UserToken(APIView):
    permission_classes = (IsValidUser,)

    def get(self, request):
        if not request.user:
            return Response({'error': 'unauthorized'})
        token = get_token(request)
        return Response({'token': token})


class UserProfile(APIView):
    permission_classes = (IsValidUser,)

    def get(self, request):
        return Response(request.user.to_json())


class UserAuthApi(APIView):
    permission_classes = ()
    expiration = settings.CONFIG.TOKEN_EXPIRATION or 3600

    def post(self, request, *args, **kwargs):
        username = request.data.get('username', '')
        password = request.data.get('password', '')
        public_key = request.data.get('public_key', '')
        remote_addr = request.data.get('remote_addr', '')
        terminal = request.data.get('terminal', '')
        login_type = request.data.get('login_type', 'T')
        user = check_user_valid(username=username, password=password, public_key=public_key)

        if user:
            token = cache.get('%s_%s' % (user.id, remote_addr))
            if not token:
                token = token_gen(user)

            cache.set(token, user.id, self.expiration)
            cache.set('%s_%s' % (user.id, remote_addr), token, self.expiration)
            write_login_log_async.delay(user.username, name=user.name, terminal=terminal,
                                        login_ip=remote_addr, login_type=login_type)
            return Response({'token': token, 'id': user.id, 'username': user.username,
                             'name': user.name, 'is_active': user.is_active})
        else:
            return Response({'msg': 'Invalid password or public key or user is not active or expired'}, status=401)
添加 utils和api样例文件 2016-08-09 09:27:37 +00:00			`# ~~ coding: utf-8 ~~`
Add api file 2016-08-23 16:11:13 +00:00			`#`
添加 utils和api样例文件 2016-08-09 09:27:37 +00:00
Update api 2016-12-16 11:32:05 +00:00			`import base64`
add user-list-delete support for user-group detail page 2016-09-26 13:22:48 +00:00
Finish token access api 2016-10-31 10:58:23 +00:00			`from django.core.cache import cache`
			`from django.conf import settings`
update asset 2016-11-25 14:45:47 +00:00			`from rest_framework import generics, viewsets`
add user-list-delete support for user-group detail page 2016-09-26 13:22:48 +00:00			`from rest_framework.response import Response`
Finish token access api 2016-10-31 10:58:23 +00:00			`from rest_framework.views import APIView`
update asset 2016-11-25 14:45:47 +00:00			`from rest_framework_bulk import BulkModelViewSet`
update bug 2016-11-24 11:36:49 +00:00			`from django_filters.rest_framework import DjangoFilterBackend`
Add api file 2016-08-23 16:11:13 +00:00
Base finish user 2016-11-25 03:00:51 +00:00			`from common.mixins import IDInFilterMixin`
Add auth and permission backends 2016-10-15 08:04:54 +00:00			`from common.utils import get_logger`
修改token获取，拆分认证文件和权限文件 2016-12-19 17:19:50 +00:00			`from .utils import check_user_valid, get_or_refresh_token`
Delete Model: Role 2016-08-24 09:14:21 +00:00			`from .models import User, UserGroup`
Add login log 2016-11-10 15:54:21 +00:00			`from .hands import write_login_log_async`
Finish access key auth 2016-12-25 05:15:28 +00:00			`from .permissions import IsSuperUser, IsAppUser, IsValidUser, IsSuperUserOrAppUser`
Add login log 2016-11-10 15:54:21 +00:00			`from . import serializers`
Add api file 2016-08-23 16:11:13 +00:00

Update table desgin doc and audit log 2016-10-07 15:54:29 +00:00			`logger = get_logger(__name__)`
Add Logger setting . 2016-08-26 08:56:50 +00:00

Base finish user 2016-11-25 03:00:51 +00:00			`class UserViewSet(IDInFilterMixin, BulkModelViewSet):`
Delete Model: Role 2016-08-24 09:14:21 +00:00			`queryset = User.objects.all()`
change user api 2016-11-09 11:29:15 +00:00			`serializer_class = serializers.UserSerializer`
Plan create a new app: terminal 2016-10-15 09:14:56 +00:00			`permission_classes = (IsSuperUser,)`
update bug 2016-11-24 11:36:49 +00:00			`filter_backends = (DjangoFilterBackend,)`
to Commpany 2016-11-25 00:39:24 +00:00			`filter_fields = ('username', 'email', 'name', 'id')`
[BugFix] update some user import bug 2016-11-24 09:08:20 +00:00
Delete Model: Role 2016-08-24 09:14:21 +00:00
User group detail 2016-11-14 16:48:48 +00:00			`class UserUpdateGroupApi(generics.RetrieveUpdateAPIView):`
update some user api 2016-11-09 15:49:10 +00:00			`queryset = User.objects.all()`
User group detail 2016-11-14 16:48:48 +00:00			`serializer_class = serializers.UserUpdateGroupSerializer`
update some user api 2016-11-09 15:49:10 +00:00			`permission_classes = (IsSuperUser,)`
reset user password and ssh pk implement 2016-09-13 13:45:10 +00:00

			`class UserResetPasswordApi(generics.UpdateAPIView):`
			`queryset = User.objects.all()`
change user api 2016-11-09 11:29:15 +00:00			`serializer_class = serializers.UserSerializer`
reset user password and ssh pk implement 2016-09-13 13:45:10 +00:00
			`def perform_update(self, serializer):`
			`# Note: we are not updating the user object here.`
			`# We just do the reset-password staff.`
change user ssh reset type from private key to public key 2016-09-15 08:54:00 +00:00			`import uuid`
change user api 2016-11-09 11:29:15 +00:00			`from .utils import send_reset_password_mail`
			`user = self.get_object()`
change user ssh reset type from private key to public key 2016-09-15 08:54:00 +00:00			`user.password_raw = str(uuid.uuid4())`
			`user.save()`
reset user password and ssh pk implement 2016-09-13 13:45:10 +00:00			`send_reset_password_mail(user)`


update some user api 2016-11-09 15:49:10 +00:00			`class UserResetPKApi(generics.UpdateAPIView):`
reset user password and ssh pk implement 2016-09-13 13:45:10 +00:00			`queryset = User.objects.all()`
change user api 2016-11-09 11:29:15 +00:00			`serializer_class = serializers.UserSerializer`
reset user password and ssh pk implement 2016-09-13 13:45:10 +00:00
			`def perform_update(self, serializer):`
change user api 2016-11-09 11:29:15 +00:00			`from .utils import send_reset_ssh_key_mail`
reset user password and ssh pk implement 2016-09-13 13:45:10 +00:00			`user = self.get_object()`
fix #14 2016-09-18 06:28:34 +00:00			`user.is_public_key_valid = False`
reset user password and ssh pk implement 2016-09-13 13:45:10 +00:00			`user.save()`
change user ssh reset type from private key to public key 2016-09-15 08:54:00 +00:00			`send_reset_ssh_key_mail(user)`
fix #14 2016-09-18 06:28:34 +00:00
update some user api 2016-11-09 15:49:10 +00:00
			`class UserUpdatePKApi(generics.UpdateAPIView):`
			`queryset = User.objects.all()`
			`serializer_class = serializers.UserPKUpdateSerializer`

			`def perform_update(self, serializer):`
			`user = self.get_object()`
			`user.public_key = serializer.validated_data['_public_key']`
			`user.save()`

User group detail 2016-11-14 16:48:48 +00:00
update asset 2016-11-25 14:45:47 +00:00			`class UserGroupViewSet(IDInFilterMixin, BulkModelViewSet):`
User group detail 2016-11-14 16:48:48 +00:00			`queryset = UserGroup.objects.all()`
			`serializer_class = serializers.UserGroupSerializer`


			`class UserGroupUpdateUserApi(generics.RetrieveUpdateAPIView):`
			`queryset = UserGroup.objects.all()`
			`serializer_class = serializers.UserGroupUpdateMemeberSerializer`
			`permission_classes = (IsSuperUser,)`

Plan create a new app: terminal 2016-10-15 09:14:56 +00:00
Update api 2016-12-16 11:32:05 +00:00			`class UserToken(APIView):`
			`permission_classes = (IsValidUser,)`

			`def get(self, request):`
			`if not request.user:`
			`return Response({'error': 'unauthorized'})`
修改token获取，拆分认证文件和权限文件 2016-12-19 17:19:50 +00:00			`token = get_token(request)`
Update api 2016-12-16 11:32:05 +00:00			`return Response({'token': token})`


			`class UserProfile(APIView):`
			`permission_classes = (IsValidUser,)`

			`def get(self, request):`
			`return Response(request.user.to_json())`


change user api 2016-11-09 11:29:15 +00:00			`class UserAuthApi(APIView):`
Finish token access api 2016-10-31 10:58:23 +00:00			`permission_classes = ()`
			`expiration = settings.CONFIG.TOKEN_EXPIRATION or 3600`

			`def post(self, request, args, *kwargs):`
			`username = request.data.get('username', '')`
			`password = request.data.get('password', '')`
			`public_key = request.data.get('public_key', '')`
Add login log 2016-11-10 15:54:21 +00:00			`remote_addr = request.data.get('remote_addr', '')`
			`terminal = request.data.get('terminal', '')`
			`login_type = request.data.get('login_type', 'T')`
Finish token access api 2016-10-31 10:58:23 +00:00			`user = check_user_valid(username=username, password=password, public_key=public_key)`
change user api 2016-11-09 11:29:15 +00:00
Finish token access api 2016-10-31 10:58:23 +00:00			`if user:`
			`token = cache.get('%s_%s' % (user.id, remote_addr))`
			`if not token:`
			`token = token_gen(user)`

			`cache.set(token, user.id, self.expiration)`
			`cache.set('%s_%s' % (user.id, remote_addr), token, self.expiration)`
Add login log 2016-11-10 15:54:21 +00:00			`write_login_log_async.delay(user.username, name=user.name, terminal=terminal,`
			`login_ip=remote_addr, login_type=login_type)`
Update api 2016-12-16 11:32:05 +00:00			`return Response({'token': token, 'id': user.id, 'username': user.username,`
			`'name': user.name, 'is_active': user.is_active})`
Finish token access api 2016-10-31 10:58:23 +00:00			`else:`
Fix pubkey auth bug 2016-11-07 08:59:52 +00:00			`return Response({'msg': 'Invalid password or public key or user is not active or expired'}, status=401)`