jumpserver/apps/users/utils.py

201 lines
5.8 KiB
Python
Raw Normal View History

2016-08-09 09:27:37 +00:00
# ~*~ coding: utf-8 ~*~
#
2016-08-31 17:12:02 +00:00
from __future__ import unicode_literals
2016-08-30 17:00:20 +00:00
import logging
2016-09-10 05:16:58 +00:00
import os
2016-10-09 11:27:49 +00:00
import re
2016-10-31 10:58:23 +00:00
import uuid
2016-08-30 17:00:20 +00:00
from django.conf import settings
2016-08-28 15:58:22 +00:00
from django.contrib.auth.mixins import UserPassesTestMixin
from django.urls import reverse_lazy
2016-09-03 16:51:36 +00:00
from django.utils.translation import ugettext as _
2016-08-28 15:58:22 +00:00
2016-09-10 05:16:58 +00:00
from paramiko.rsakey import RSAKey
2016-08-31 17:12:02 +00:00
from common.tasks import send_mail_async
2016-09-24 16:11:31 +00:00
from common.utils import reverse, get_object_or_none
from .models import User
2016-08-31 17:12:02 +00:00
2016-08-31 11:28:06 +00:00
2016-08-30 17:00:20 +00:00
try:
import cStringIO as StringIO
except ImportError:
import StringIO
logger = logging.getLogger('jumpserver')
2016-08-28 15:58:22 +00:00
class AdminUserRequiredMixin(UserPassesTestMixin):
login_url = reverse_lazy('users:login')
def test_func(self):
return self.request.user.is_staff
2016-08-30 17:00:20 +00:00
2016-08-31 17:12:02 +00:00
def user_add_success_next(user):
2016-09-03 16:51:36 +00:00
subject = _('Create account successfully')
2016-08-31 17:12:02 +00:00
recipient_list = [user.email]
2016-09-03 16:51:36 +00:00
message = _("""
Hello %(name)s:
2016-08-31 17:12:02 +00:00
</br>
2016-09-03 16:51:36 +00:00
Your account has been created successfully
2016-08-31 17:12:02 +00:00
</br>
2016-09-03 16:51:36 +00:00
<a href="%(rest_password_url)s?token=%(rest_password_token)s">click here to set your password</a>
2016-08-31 17:12:02 +00:00
</br>
2016-09-03 16:51:36 +00:00
This link is valid for 1 hour. After it expires, <a href="%(forget_password_url)s?email=%(email)s">request new one</a>
2016-08-31 17:12:02 +00:00
</br>
---
</br>
2016-09-03 16:51:36 +00:00
<a href="%(login_url)s">Login direct</a>
2016-08-31 17:12:02 +00:00
</br>
2016-09-03 16:51:36 +00:00
""") % {
2016-08-31 17:12:02 +00:00
'name': user.name,
'rest_password_url': reverse('users:reset-password', external=True),
2016-09-01 15:09:58 +00:00
'rest_password_token': user.generate_reset_token(),
2016-09-06 07:09:00 +00:00
'forget_password_url': reverse('users:forgot-password', external=True),
2016-09-01 15:09:58 +00:00
'email': user.email,
'login_url': reverse('users:login', external=True),
}
send_mail_async.delay(subject, message, recipient_list, html_message=message)
def send_reset_password_mail(user):
2016-09-03 16:51:36 +00:00
subject = _('Reset password')
2016-09-01 15:09:58 +00:00
recipient_list = [user.email]
2016-09-03 16:51:36 +00:00
message = _("""
Hello %(name)s:
2016-09-01 15:09:58 +00:00
</br>
2016-09-03 16:51:36 +00:00
Please click the link below to reset your password, if not your request, concern your account security
2016-09-01 15:09:58 +00:00
</br>
2016-09-03 16:51:36 +00:00
<a href="%(rest_password_url)s?token=%(rest_password_token)s">Click here reset password</a>
2016-09-01 15:09:58 +00:00
</br>
2016-11-09 11:29:15 +00:00
This link is valid for 1 hour. After it expires, <a href="%(forget_password_url)s?email=%(email)s">request new one</a>
2016-09-01 15:09:58 +00:00
</br>
---
</br>
2016-09-03 16:51:36 +00:00
<a href="%(login_url)s">Login direct</a>
2016-09-01 15:09:58 +00:00
</br>
2016-09-03 16:51:36 +00:00
""") % {
2016-09-01 15:09:58 +00:00
'name': user.name,
'rest_password_url': reverse('users:reset-password', external=True),
'rest_password_token': user.generate_reset_token(),
2016-09-06 07:09:00 +00:00
'forget_password_url': reverse('users:forgot-password', external=True),
2016-08-31 17:12:02 +00:00
'email': user.email,
'login_url': reverse('users:login', external=True),
}
if settings.DEBUG:
logger.debug(message)
2016-08-31 17:12:02 +00:00
send_mail_async.delay(subject, message, recipient_list, html_message=message)
2016-08-30 17:00:20 +00:00
def send_reset_ssh_key_mail(user):
subject = _('SSH Key Reset')
recipient_list = [user.email]
message = _("""
Hello %(name)s:
</br>
Your ssh public key has been reset by site administrator.
Please login and reset your ssh public key.
</br>
<a href="%(login_url)s">Login direct</a>
</br>
""") % {
'name': user.name,
'login_url': reverse('users:login', external=True),
}
if settings.DEBUG:
logger.debug(message)
send_mail_async.delay(subject, message, recipient_list, html_message=message)
2016-11-10 08:59:50 +00:00
# def validate_ssh_pk(text):
# """
# Expects a SSH private key as string.
# Returns a boolean and a error message.
# If the text is parsed as private key successfully,
# (True,'') is returned. Otherwise,
# (False, <message describing the error>) is returned.
#
# from https://github.com/githubnemo/SSH-private-key-validator/blob/master/validate.py
#
# """
#
# if not text:
# return False, 'No text given'
#
# startPattern = re.compile("^-----BEGIN [A-Z]+ PRIVATE KEY-----")
# optionPattern = re.compile("^.+: .+")
# contentPattern = re.compile("^([a-zA-Z0-9+/]{64}|[a-zA-Z0-9+/]{1,64}[=]{0,2})$")
# endPattern = re.compile("^-----END [A-Z]+ PRIVATE KEY-----")
#
# def contentState(text):
# for i in range(0, len(text)):
# line = text[i]
#
# if endPattern.match(line):
# if i == len(text) - 1 or len(text[i + 1]) == 0:
# return True, ''
# else:
# return False, 'At end but content coming'
#
# elif not contentPattern.match(line):
# return False, 'Wrong string in content section'
#
# return False, 'No content or missing end line'
#
# def optionState(text):
# for i in range(0, len(text)):
# line = text[i]
#
# if line[-1:] == '\\':
# return optionState(text[i + 2:])
#
# if not optionPattern.match(line):
# return contentState(text[i + 1:])
#
# return False, 'Expected option, found nothing'
# def startState(text):
# if len(text) == 0 or not startPattern.match(text[0]):
# return False, 'Header is wrong'
# return optionState(text[1:])
#
# return startState([n.strip() for n in text.splitlines()])
#
2016-09-24 16:11:31 +00:00
2016-10-31 10:58:23 +00:00
def check_user_valid(**kwargs):
2016-09-24 16:11:31 +00:00
password = kwargs.pop('password', None)
public_key = kwargs.pop('public_key', None)
user = get_object_or_none(User, **kwargs)
2016-10-31 10:58:23 +00:00
if user is None or not user.is_valid:
return None
if password and user.check_password(password):
return user
2016-11-07 08:59:52 +00:00
if public_key:
public_key_saved = user.public_key.split()
if len(public_key_saved) == 1:
if public_key == public_key_saved[0]:
return user
elif len(public_key_saved) > 1:
if public_key == public_key_saved[1]:
return user
2016-10-31 10:58:23 +00:00
return None
2016-09-24 16:11:31 +00:00
2016-10-31 10:58:23 +00:00
def token_gen(*args, **kwargs):
return uuid.uuid4().get_hex()
2016-09-24 16:11:31 +00:00