jumpserver/apps/authentication/models/connection_token.py

from datetime import timedelta

from django.conf import settings
from django.db import models
from django.utils import timezone
from django.utils.translation import ugettext_lazy as _
from rest_framework.exceptions import PermissionDenied

from assets.const import Protocol
from common.db.fields import EncryptCharField
from common.db.models import JMSBaseModel
from common.utils import lazyproperty, pretty_string
from common.utils.timezone import as_current_tz
from orgs.mixins.models import OrgModelMixin


def date_expired_default():
    return timezone.now() + timedelta(seconds=settings.CONNECTION_TOKEN_EXPIRATION)


class ConnectionToken(OrgModelMixin, JMSBaseModel):
    value = models.CharField(max_length=64, default='', verbose_name=_("Value"))
    user = models.ForeignKey(
        'users.User', on_delete=models.SET_NULL, null=True, blank=True,
        related_name='connection_tokens', verbose_name=_('User')
    )
    asset = models.ForeignKey(
        'assets.Asset', on_delete=models.SET_NULL, null=True, blank=True,
        related_name='connection_tokens', verbose_name=_('Asset'),
    )
    account_name = models.CharField(max_length=128, verbose_name=_("Account name"))  # 登录账号Name
    input_username = models.CharField(max_length=128, default='', blank=True, verbose_name=_("Input username"))
    input_secret = EncryptCharField(max_length=64, default='', blank=True, verbose_name=_("Input secret"))
    protocol = models.CharField(max_length=16, default=Protocol.ssh, verbose_name=_("Protocol"))
    connect_method = models.CharField(max_length=32, verbose_name=_("Connect method"))
    user_display = models.CharField(max_length=128, default='', verbose_name=_("User display"))
    asset_display = models.CharField(max_length=128, default='', verbose_name=_("Asset display"))
    date_expired = models.DateTimeField(default=date_expired_default, verbose_name=_("Date expired"))

    class Meta:
        ordering = ('-date_expired',)
        verbose_name = _('Connection token')
        permissions = [
            ('view_connectiontokensecret', _('Can view connection token secret'))
        ]

    @property
    def is_expired(self):
        return self.date_expired < timezone.now()

    @property
    def expire_time(self):
        interval = self.date_expired - timezone.now()
        seconds = interval.total_seconds()
        if seconds < 0:
            seconds = 0
        return int(seconds)

    def save(self, *args, **kwargs):
        self.asset_display = pretty_string(self.asset, max_length=128)
        self.user_display = pretty_string(self.user, max_length=128)
        return super().save(*args, **kwargs)

    def expire(self):
        self.date_expired = timezone.now()
        self.save()

    def renewal(self):
        """ 续期 Token，将来支持用户自定义创建 token 后，续期策略要修改 """
        self.date_expired = date_expired_default()
        self.save()

    @lazyproperty
    def permed_account(self):
        from perms.utils import PermAccountUtil
        permed_account = PermAccountUtil().validate_permission(
            self.user, self.asset, self.account_name
        )
        return permed_account

    @lazyproperty
    def actions(self):
        return self.permed_account.actions

    @lazyproperty
    def expire_at(self):
        return self.permed_account.date_expired.timestamp()

    def is_valid(self):
        if self.is_expired:
            error = _('Connection token expired at: {}').format(as_current_tz(self.date_expired))
            raise PermissionDenied(error)
        if not self.user or not self.user.is_valid:
            error = _('No user or invalid user')
            raise PermissionDenied(error)
        if not self.asset or not self.asset.is_active:
            is_valid = False
            error = _('No asset or inactive asset')
            return is_valid, error
        if not self.account_name:
            error = _('No account')
            raise PermissionDenied(error)

        if not self.permed_account or not self.permed_account.actions:
            msg = 'user `{}` not has asset `{}` permission for login `{}`'.format(
                self.user, self.asset, self.account_name
            )
            raise PermissionDenied(msg)

        if self.permed_account.date_expired < timezone.now():
            raise PermissionDenied('Expired')
        return True

    @lazyproperty
    def platform(self):
        return self.asset.platform

    @lazyproperty
    def account(self):
        from assets.models import Account
        if not self.asset:
            return None

        account = self.asset.accounts.filter(name=self.account_name).first()
        if self.account_name == '@INPUT' or not account:
            data = {
                'name': self.account_name,
                'username': self.input_username,
                'secret_type': 'password',
                'secret': self.input_secret,
                'su_from': None,
                'org_id': self.asset.org_id
            }
        else:
            data = {
                'name': account.name,
                'username': account.username,
                'secret_type': account.secret_type,
                'secret': account.secret or self.input_secret,
                'su_from': account.su_from,
                'org_id': account.org_id
            }
        return Account(**data)

    @lazyproperty
    def domain(self):
        domain = self.asset.domain if self.asset else None
        return domain

    @lazyproperty
    def gateway(self):
        from assets.models import Domain
        if not self.domain:
            return
        self.domain: Domain
        return self.domain.random_gateway()

    @lazyproperty
    def acl_command_groups(self):
        from acls.models import CommandFilterACL
        kwargs = {
            'user': self.user,
            'asset': self.asset,
            'account': self.account,
        }
        command_groups = CommandFilterACL.filter_queryset(**kwargs).get_command_groups()
        return command_groups


class SuperConnectionToken(ConnectionToken):
    class Meta:
        proxy = True
        verbose_name = _("Super connection token")
-												refactor: 修改 authentication models 目录

											
										
										
											2 years ago
+								from datetime import timedelta
-												pref: 修改 connect token 一些 Url

											
										
										
											2 years ago
 								from django.conf import settings
 								from django.db import models
-												feat: 添加 临时 password (#8035)

* perf: 添加 template password

* perf: 修改id

* perf: 修改 翻译

* perf: 修改 tmp token

* perf: 修改 token

Co-authored-by: ibuler <ibuler@qq.com>
											
										
										
											3 years ago
+								from django.utils import timezone
-												feat: 首页的 chanlege 和 MFA 统一 (#6989)

* feat: 首页的 chanlege 和 MFA 统一

* 登陆样式调整

* mfa bug

* q

* m

* mfa封装组件 前端可修改配置

* perf: 添加翻译

* login css bug

* perf: 修改一些风格

* perf: 修改命名

* perf: 修改 mfa code 不是必填

* mfa 前端统一组件

* stash

* perf: 统一验证码

Co-authored-by: feng626 <1304903146@qq.com>
Co-authored-by: ibuler <ibuler@qq.com>
											
										
										
											3 years ago
+								from django.utils.translation import ugettext_lazy as _
-												perf: 修改 connection token

											
										
										
											2 years ago
+								from rest_framework.exceptions import PermissionDenied
-												[Update] 移动model

											
										
										
											6 years ago
-												pref: 修改 connect token 一些 Url

											
										
										
											2 years ago
+								from assets.const import Protocol
 								from common.db.fields import EncryptCharField
 								from common.db.models import JMSBaseModel
-												perf: 修改 connection token

											
										
										
											2 years ago
+								from common.utils import lazyproperty, pretty_string
-												refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑) (#8559)

* refactor: 重构 Connection Token 模块 (完成 Model 设计和创建 Token 的API逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Token 详细信息的 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 RDP 文件 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Client url API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection token 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection)

* refactor: 重构 Connection Token 模块 (完善序列类字段)

* refactor: 重构 Connection Token 模块 (完善expire API)

* refactor: 重构 Connection Token 模块 (完善迁移文件)

* refactor: 重构 Connection Token 模块 (完善翻译文件)

* refactor: 重构 Connection Token 模块 (拆分Connection ViewSet)

* refactor: 重构 Connection Token 模块 (修改翻译)

* refactor: 重构 Connection Token 模块 （优化)

Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
											
										
										
											2 years ago
+								from common.utils.timezone import as_current_tz
-												pref: 修改 connect token 一些 Url

											
										
										
											2 years ago
+								from orgs.mixins.models import OrgModelMixin
-												fix: fix rbac to dev (#7636)

* feat: 添加 RBAC 应用模块

* feat: 添加 RBAC Model、API

* feat: 添加 RBAC Model、API 2

* feat: 添加 RBAC Model、API 3

* feat: 添加 RBAC Model、API 4

* feat: RBAC

* feat: RBAC

* feat: RBAC

* feat: RBAC

* feat: RBAC

* feat: RBAC 整理权限位

* feat: RBAC 整理权限位2

* feat: RBAC 整理权限位2

* feat: RBAC 整理权限位

* feat: RBAC 添加默认角色

* feat: RBAC 添加迁移文件；迁移用户角色->用户角色绑定

* feat: RBAC 添加迁移文件；迁移用户角色->用户角色绑定

* feat: RBAC 修改用户模块API

* feat: RBAC 添加组织模块迁移文件 & 修改组织模块API

* feat: RBAC 添加组织模块迁移文件 & 修改组织模块API

* feat: RBAC 修改用户角色属性的使用

* feat: RBAC No.1

* xxx

* perf: 暂存

* perf: ...

* perf(rbac): 添加 perms 到 profile serializer 中

* stash

* perf: 使用init

* perf: 修改migrations

* perf: rbac

* stash

* stash

* pref: 修改rbac

* stash it

* stash: 先去修复其他bug

* perf: 修改 role 添加 users

* pref: 修改 RBAC Model

* feat: 添加权限的 tree api

* stash: 暂存一下

* stash: 暂存一下

* perf: 修改 model verbose name

* feat: 添加model各种 verbose name

* perf: 生成 migrations

* perf: 优化权限位

* perf: 添加迁移脚本

* feat: 添加组织角色迁移

* perf: 添加迁移脚本

* stash

* perf: 添加migrateion

* perf: 暂存一下

* perf: 修改rbac

* perf: stash it

* fix: 迁移冲突

* fix: 迁移冲突

* perf: 暂存一下

* perf: 修改 rbac 逻辑

* stash: 暂存一下

* perf: 修改内置角色

* perf: 解决 root 组织的问题

* perf: stash it

* perf: 优化 rbac

* perf: 优化 rolebinding 处理

* perf: 完成用户离开组织的问题

* perf: 暂存一下

* perf: 修改翻译

* perf: 去掉了 IsSuperUser

* perf: IsAppUser 去掉完成

* perf: 修改 connection token 的权限

* perf: 去掉导入的问题

* perf: perms define 格式，修改 app 用户 的全新啊

* perf: 修改 permission

* perf: 去掉一些 org admin

* perf: 去掉部分 org admin

* perf: 再去掉点 org admin role

* perf: 再去掉部分 org admin

* perf: user 角色搜索

* perf: 去掉很多 js

* perf: 添加权限位

* perf: 修改权限

* perf: 去掉一个 todo

* merge: with dev

* fix: 修复冲突

Co-authored-by: Bai <bugatti_it@163.com>
Co-authored-by: Michael Bai <baijiangjie@gmail.com>
Co-authored-by: ibuler <ibuler@qq.com>
											
										
										
											3 years ago
-												refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑) (#8559)

* refactor: 重构 Connection Token 模块 (完成 Model 设计和创建 Token 的API逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Token 详细信息的 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 RDP 文件 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Client url API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection token 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection)

* refactor: 重构 Connection Token 模块 (完善序列类字段)

* refactor: 重构 Connection Token 模块 (完善expire API)

* refactor: 重构 Connection Token 模块 (完善迁移文件)

* refactor: 重构 Connection Token 模块 (完善翻译文件)

* refactor: 重构 Connection Token 模块 (拆分Connection ViewSet)

* refactor: 重构 Connection Token 模块 (修改翻译)

* refactor: 重构 Connection Token 模块 （优化)

Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
											
										
										
											2 years ago
+								def date_expired_default():
 								    return timezone.now() + timedelta(seconds=settings.CONNECTION_TOKEN_EXPIRATION)
-												perf: merge with dev

											
										
										
											2 years ago
+								class ConnectionToken(OrgModelMixin, JMSBaseModel):
-												pref: 修改 connect token

											
										
										
											2 years ago
+								    value = models.CharField(max_length=64, default='', verbose_name=_("Value"))
-												refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑) (#8559)

* refactor: 重构 Connection Token 模块 (完成 Model 设计和创建 Token 的API逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Token 详细信息的 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 RDP 文件 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Client url API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection token 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection)

* refactor: 重构 Connection Token 模块 (完善序列类字段)

* refactor: 重构 Connection Token 模块 (完善expire API)

* refactor: 重构 Connection Token 模块 (完善迁移文件)

* refactor: 重构 Connection Token 模块 (完善翻译文件)

* refactor: 重构 Connection Token 模块 (拆分Connection ViewSet)

* refactor: 重构 Connection Token 模块 (修改翻译)

* refactor: 重构 Connection Token 模块 （优化)

Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
											
										
										
											2 years ago
+								    user = models.ForeignKey(
-												pref: 修改 connect token 一些 Url

											
										
										
											2 years ago
+								        'users.User', on_delete=models.SET_NULL, null=True, blank=True,
-												refactor: 修改 ConnectionToken 关联的逻辑(1)

											
										
										
											2 years ago
+								        related_name='connection_tokens', verbose_name=_('User')
-												refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑) (#8559)

* refactor: 重构 Connection Token 模块 (完成 Model 设计和创建 Token 的API逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Token 详细信息的 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 RDP 文件 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Client url API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection token 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection)

* refactor: 重构 Connection Token 模块 (完善序列类字段)

* refactor: 重构 Connection Token 模块 (完善expire API)

* refactor: 重构 Connection Token 模块 (完善迁移文件)

* refactor: 重构 Connection Token 模块 (完善翻译文件)

* refactor: 重构 Connection Token 模块 (拆分Connection ViewSet)

* refactor: 重构 Connection Token 模块 (修改翻译)

* refactor: 重构 Connection Token 模块 （优化)

Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
											
										
										
											2 years ago
+								    )
 								    asset = models.ForeignKey(
-												refactor: 修改 ConnectionToken 关联的逻辑(1)

											
										
										
											2 years ago
+								        'assets.Asset', on_delete=models.SET_NULL, null=True, blank=True,
 								        related_name='connection_tokens', verbose_name=_('Asset'),
-												refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑) (#8559)

* refactor: 重构 Connection Token 模块 (完成 Model 设计和创建 Token 的API逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Token 详细信息的 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 RDP 文件 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Client url API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection token 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection)

* refactor: 重构 Connection Token 模块 (完善序列类字段)

* refactor: 重构 Connection Token 模块 (完善expire API)

* refactor: 重构 Connection Token 模块 (完善迁移文件)

* refactor: 重构 Connection Token 模块 (完善翻译文件)

* refactor: 重构 Connection Token 模块 (拆分Connection ViewSet)

* refactor: 重构 Connection Token 模块 (修改翻译)

* refactor: 重构 Connection Token 模块 （优化)

Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
											
										
										
											2 years ago
+								    )
-												pref: 修改 connect token

											
										
										
											2 years ago
+								    account_name = models.CharField(max_length=128, verbose_name=_("Account name"))  # 登录账号Name
-												perf: 合并 connect token

											
										
										
											2 years ago
+								    input_username = models.CharField(max_length=128, default='', blank=True, verbose_name=_("Input username"))
 								    input_secret = EncryptCharField(max_length=64, default='', blank=True, verbose_name=_("Input secret"))
 								    protocol = models.CharField(max_length=16, default=Protocol.ssh, verbose_name=_("Protocol"))
-												pref: 暂存 客户端连接方式

											
										
										
											2 years ago
+								    connect_method = models.CharField(max_length=32, verbose_name=_("Connect method"))
-												refactor: ConnectionToken 修改表字段名称 account -> account_username

											
										
										
											2 years ago
+								    user_display = models.CharField(max_length=128, default='', verbose_name=_("User display"))
 								    asset_display = models.CharField(max_length=128, default='', verbose_name=_("Asset display"))
-												perf: 合并 connect token

											
										
										
											2 years ago
+								    date_expired = models.DateTimeField(default=date_expired_default, verbose_name=_("Date expired"))
-												fix: fix rbac to dev (#7636)

* feat: 添加 RBAC 应用模块

* feat: 添加 RBAC Model、API

* feat: 添加 RBAC Model、API 2

* feat: 添加 RBAC Model、API 3

* feat: 添加 RBAC Model、API 4

* feat: RBAC

* feat: RBAC

* feat: RBAC

* feat: RBAC

* feat: RBAC

* feat: RBAC 整理权限位

* feat: RBAC 整理权限位2

* feat: RBAC 整理权限位2

* feat: RBAC 整理权限位

* feat: RBAC 添加默认角色

* feat: RBAC 添加迁移文件；迁移用户角色->用户角色绑定

* feat: RBAC 添加迁移文件；迁移用户角色->用户角色绑定

* feat: RBAC 修改用户模块API

* feat: RBAC 添加组织模块迁移文件 & 修改组织模块API

* feat: RBAC 添加组织模块迁移文件 & 修改组织模块API

* feat: RBAC 修改用户角色属性的使用

* feat: RBAC No.1

* xxx

* perf: 暂存

* perf: ...

* perf(rbac): 添加 perms 到 profile serializer 中

* stash

* perf: 使用init

* perf: 修改migrations

* perf: rbac

* stash

* stash

* pref: 修改rbac

* stash it

* stash: 先去修复其他bug

* perf: 修改 role 添加 users

* pref: 修改 RBAC Model

* feat: 添加权限的 tree api

* stash: 暂存一下

* stash: 暂存一下

* perf: 修改 model verbose name

* feat: 添加model各种 verbose name

* perf: 生成 migrations

* perf: 优化权限位

* perf: 添加迁移脚本

* feat: 添加组织角色迁移

* perf: 添加迁移脚本

* stash

* perf: 添加migrateion

* perf: 暂存一下

* perf: 修改rbac

* perf: stash it

* fix: 迁移冲突

* fix: 迁移冲突

* perf: 暂存一下

* perf: 修改 rbac 逻辑

* stash: 暂存一下

* perf: 修改内置角色

* perf: 解决 root 组织的问题

* perf: stash it

* perf: 优化 rbac

* perf: 优化 rolebinding 处理

* perf: 完成用户离开组织的问题

* perf: 暂存一下

* perf: 修改翻译

* perf: 去掉了 IsSuperUser

* perf: IsAppUser 去掉完成

* perf: 修改 connection token 的权限

* perf: 去掉导入的问题

* perf: perms define 格式，修改 app 用户 的全新啊

* perf: 修改 permission

* perf: 去掉一些 org admin

* perf: 去掉部分 org admin

* perf: 再去掉点 org admin role

* perf: 再去掉部分 org admin

* perf: user 角色搜索

* perf: 去掉很多 js

* perf: 添加权限位

* perf: 修改权限

* perf: 去掉一个 todo

* merge: with dev

* fix: 修复冲突

Co-authored-by: Bai <bugatti_it@163.com>
Co-authored-by: Michael Bai <baijiangjie@gmail.com>
Co-authored-by: ibuler <ibuler@qq.com>
											
										
										
											3 years ago
 								    class Meta:
-												refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑) (#8559)

* refactor: 重构 Connection Token 模块 (完成 Model 设计和创建 Token 的API逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Token 详细信息的 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 RDP 文件 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Client url API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection token 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection)

* refactor: 重构 Connection Token 模块 (完善序列类字段)

* refactor: 重构 Connection Token 模块 (完善expire API)

* refactor: 重构 Connection Token 模块 (完善迁移文件)

* refactor: 重构 Connection Token 模块 (完善翻译文件)

* refactor: 重构 Connection Token 模块 (拆分Connection ViewSet)

* refactor: 重构 Connection Token 模块 (修改翻译)

* refactor: 重构 Connection Token 模块 （优化)

Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
											
										
										
											2 years ago
+								        ordering = ('-date_expired',)
-												Fix rbac (#7728)

* perf: 重命名 signal handlers

* fix: 修复 ticket processor 问题

* perf: 修改 ticket 处理人api

* fix: 修复创建系统账号bug

* fix: 升级celery_beat==2.2.1和flower==1.0.0;修改celery进程启动参数先后顺序

* perf: 修改 authentication token

* fix: 修复上传权限bug

* fix: 登录页面增加i18n切换;

* fix: 系统角色删除限制

* perf: 修改一下 permissions tree

* perf: 生成 i18n

* perf: 修改一点点

Co-authored-by: ibuler <ibuler@qq.com>
Co-authored-by: feng626 <1304903146@qq.com>
Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
											
										
										
											3 years ago
+								        verbose_name = _('Connection token')
-												Perf: 优化RBAC权限树 (#7782)

* fix: 优化权限树(1)

* fix: 优化权限树(2)

* fix: 优化权限树(3)

* fix: 优化权限树(4)

* fix: 优化权限树(5)

* fix: 优化权限树(添加迁移文件)

* fix: 优化权限树(6)

* fix: 优化权限树(7)

* fix: 优化权限树(8)

* fix: 优化权限树(9)
											
										
										
											3 years ago
+								        permissions = [
 								            ('view_connectiontokensecret', _('Can view connection token secret'))
 								        ]
-												Fix rbac (#7728)

* perf: 重命名 signal handlers

* fix: 修复 ticket processor 问题

* perf: 修改 ticket 处理人api

* fix: 修复创建系统账号bug

* fix: 升级celery_beat==2.2.1和flower==1.0.0;修改celery进程启动参数先后顺序

* perf: 修改 authentication token

* fix: 修复上传权限bug

* fix: 登录页面增加i18n切换;

* fix: 系统角色删除限制

* perf: 修改一下 permissions tree

* perf: 生成 i18n

* perf: 修改一点点

Co-authored-by: ibuler <ibuler@qq.com>
Co-authored-by: feng626 <1304903146@qq.com>
Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
											
										
										
											3 years ago
-												refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑) (#8559)

* refactor: 重构 Connection Token 模块 (完成 Model 设计和创建 Token 的API逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Token 详细信息的 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 RDP 文件 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Client url API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection token 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection)

* refactor: 重构 Connection Token 模块 (完善序列类字段)

* refactor: 重构 Connection Token 模块 (完善expire API)

* refactor: 重构 Connection Token 模块 (完善迁移文件)

* refactor: 重构 Connection Token 模块 (完善翻译文件)

* refactor: 重构 Connection Token 模块 (拆分Connection ViewSet)

* refactor: 重构 Connection Token 模块 (修改翻译)

* refactor: 重构 Connection Token 模块 （优化)

Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
											
										
										
											2 years ago
+								    @property
 								    def is_expired(self):
 								        return self.date_expired < timezone.now()
-												fix: 连接令牌添加 expire_time 和 is_valid 字段

											
										
										
											2 years ago
+								    @property
 								    def expire_time(self):
 								        interval = self.date_expired - timezone.now()
 								        seconds = interval.total_seconds()
 								        if seconds < 0:
 								            seconds = 0
 								        return int(seconds)
-												perf: 修改 connection token

											
										
										
											2 years ago
+								    def save(self, *args, **kwargs):
 								        self.asset_display = pretty_string(self.asset, max_length=128)
 								        self.user_display = pretty_string(self.user, max_length=128)
 								        return super().save(*args, **kwargs)
-												refactor: 修改 ConnectionToken 关联的逻辑(1)

											
										
										
											2 years ago
 								    def expire(self):
 								        self.date_expired = timezone.now()
 								        self.save()
-												refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑) (#8559)

* refactor: 重构 Connection Token 模块 (完成 Model 设计和创建 Token 的API逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Token 详细信息的 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 RDP 文件 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Client url API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection token 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection)

* refactor: 重构 Connection Token 模块 (完善序列类字段)

* refactor: 重构 Connection Token 模块 (完善expire API)

* refactor: 重构 Connection Token 模块 (完善迁移文件)

* refactor: 重构 Connection Token 模块 (完善翻译文件)

* refactor: 重构 Connection Token 模块 (拆分Connection ViewSet)

* refactor: 重构 Connection Token 模块 (修改翻译)

* refactor: 重构 Connection Token 模块 （优化)

Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
											
										
										
											2 years ago
 								    def renewal(self):
 								        """ 续期 Token，将来支持用户自定义创建 token 后，续期策略要修改 """
-												perf: 修改 connection token

											
										
										
											2 years ago
+								        self.date_expired = date_expired_default()
-												refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑) (#8559)

* refactor: 重构 Connection Token 模块 (完成 Model 设计和创建 Token 的API逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Token 详细信息的 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 RDP 文件 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Client url API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection token 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection)

* refactor: 重构 Connection Token 模块 (完善序列类字段)

* refactor: 重构 Connection Token 模块 (完善expire API)

* refactor: 重构 Connection Token 模块 (完善迁移文件)

* refactor: 重构 Connection Token 模块 (完善翻译文件)

* refactor: 重构 Connection Token 模块 (拆分Connection ViewSet)

* refactor: 重构 Connection Token 模块 (修改翻译)

* refactor: 重构 Connection Token 模块 （优化)

Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
											
										
										
											2 years ago
+								        self.save()
-												perf: 修改 connect token

											
										
										
											2 years ago
+								    @lazyproperty
 								    def permed_account(self):
 								        from perms.utils import PermAccountUtil
 								        permed_account = PermAccountUtil().validate_permission(
-												perf: 修改 connect token

											
										
										
											2 years ago
+								            self.user, self.asset, self.account_name
-												perf: 修改 connect token

											
										
										
											2 years ago
+								        )
 								        return permed_account
 								    @lazyproperty
 								    def actions(self):
 								        return self.permed_account.actions
 								    @lazyproperty
 								    def expire_at(self):
 								        return self.permed_account.date_expired.timestamp()
-												refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑) (#8559)

* refactor: 重构 Connection Token 模块 (完成 Model 设计和创建 Token 的API逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Token 详细信息的 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 RDP 文件 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Client url API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection token 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection)

* refactor: 重构 Connection Token 模块 (完善序列类字段)

* refactor: 重构 Connection Token 模块 (完善expire API)

* refactor: 重构 Connection Token 模块 (完善迁移文件)

* refactor: 重构 Connection Token 模块 (完善翻译文件)

* refactor: 重构 Connection Token 模块 (拆分Connection ViewSet)

* refactor: 重构 Connection Token 模块 (修改翻译)

* refactor: 重构 Connection Token 模块 （优化)

Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
											
										
										
											2 years ago
-												perf: 修改 connect token

											
										
										
											2 years ago
+								    def is_valid(self):
-												refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑) (#8559)

* refactor: 重构 Connection Token 模块 (完成 Model 设计和创建 Token 的API逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Token 详细信息的 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 RDP 文件 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Client url API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection token 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection)

* refactor: 重构 Connection Token 模块 (完善序列类字段)

* refactor: 重构 Connection Token 模块 (完善expire API)

* refactor: 重构 Connection Token 模块 (完善迁移文件)

* refactor: 重构 Connection Token 模块 (完善翻译文件)

* refactor: 重构 Connection Token 模块 (拆分Connection ViewSet)

* refactor: 重构 Connection Token 模块 (修改翻译)

* refactor: 重构 Connection Token 模块 （优化)

Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
											
										
										
											2 years ago
+								        if self.is_expired:
 								            error = _('Connection token expired at: {}').format(as_current_tz(self.date_expired))
-												perf: 修改 connect token

											
										
										
											2 years ago
+								            raise PermissionDenied(error)
-												refactor: ConnectionToken 修改表字段名称 account -> account_username

											
										
										
											2 years ago
+								        if not self.user or not self.user.is_valid:
 								            error = _('No user or invalid user')
-												perf: 修改 connect token

											
										
										
											2 years ago
+								            raise PermissionDenied(error)
-												perf: 优化 Connection Token API 逻辑处理

											
										
										
											2 years ago
+								        if not self.asset or not self.asset.is_active:
-												refactor: 修改 ConnectionToken 表结构

											
										
										
											2 years ago
+								            is_valid = False
-												refactor: ConnectionToken 修改表字段名称 account -> account_username

											
										
										
											2 years ago
+								            error = _('No asset or inactive asset')
-												refactor: 修改 ConnectionToken 表结构

											
										
										
											2 years ago
+								            return is_valid, error
-												perf: 修改 connect token

											
										
										
											2 years ago
+								        if not self.account_name:
-												refactor: ConnectionToken 修改表字段名称 account -> account_username

											
										
										
											2 years ago
+								            error = _('No account')
-												perf: 修改 connect token

											
										
										
											2 years ago
+								            raise PermissionDenied(error)
-												perf: 修改 connection token

											
										
										
											2 years ago
-												perf: 修改 connect token

											
										
										
											2 years ago
+								        if not self.permed_account or not self.permed_account.actions:
-												perf: 修改 connection token

											
										
										
											2 years ago
+								            msg = 'user `{}` not has asset `{}` permission for login `{}`'.format(
-												perf: 修改 connect token

											
										
										
											2 years ago
+								                self.user, self.asset, self.account_name
-												perf: 修改 connection token

											
										
										
											2 years ago
+								            )
 								            raise PermissionDenied(msg)
-												perf: 修改 connect token

											
										
										
											2 years ago
+								        if self.permed_account.date_expired < timezone.now():
-												perf: 修改 connection token

											
										
										
											2 years ago
+								            raise PermissionDenied('Expired')
-												perf: 修改 connect token

											
										
										
											2 years ago
+								        return True
-												refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑) (#8559)

* refactor: 重构 Connection Token 模块 (完成 Model 设计和创建 Token 的API逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Token 详细信息的 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 RDP 文件 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Client url API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection token 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection)

* refactor: 重构 Connection Token 模块 (完善序列类字段)

* refactor: 重构 Connection Token 模块 (完善expire API)

* refactor: 重构 Connection Token 模块 (完善迁移文件)

* refactor: 重构 Connection Token 模块 (完善翻译文件)

* refactor: 重构 Connection Token 模块 (拆分Connection ViewSet)

* refactor: 重构 Connection Token 模块 (修改翻译)

* refactor: 重构 Connection Token 模块 （优化)

Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
											
										
										
											2 years ago
-												refactor: ConnectionToken 修改 Model 和序列类

											
										
										
											2 years ago
+								    @lazyproperty
-												perf: 修改 connection token

											
										
										
											2 years ago
+								    def platform(self):
 								        return self.asset.platform
 								    @lazyproperty
-												perf: 修改 connect token

											
										
										
											2 years ago
+								    def account(self):
-												fix: 修改 ConnectionToken Serializer

											
										
										
											2 years ago
+								        from assets.models import Account
-												refactor: ConnectionToken 修改 Model 和序列类

											
										
										
											2 years ago
+								        if not self.asset:
 								            return None
-												perf: 修改 connection token

											
										
										
											2 years ago
-												perf: 修改 connect token

											
										
										
											2 years ago
+								        account = self.asset.accounts.filter(name=self.account_name).first()
 								        if self.account_name == '@INPUT' or not account:
-												fix: 修改 ConnectionToken Serializer

											
										
										
											2 years ago
+								            data = {
-												perf: 修改 connect token

											
										
										
											2 years ago
+								                'name': self.account_name,
-												pref: conneect token 支持 su from

											
										
										
											2 years ago
+								                'username': self.input_username,
-												perf: 修改 connection token

											
										
										
											2 years ago
+								                'secret_type': 'password',
-												pref: conneect token 支持 su from

											
										
										
											2 years ago
+								                'secret': self.input_secret,
-												fix: 修改 ConnectionToken Serializer

											
										
										
											2 years ago
+								                'su_from': None,
 								                'org_id': self.asset.org_id
-												perf: 修改 connect token

											
										
										
											2 years ago
+								            }
-												perf: 修改 connection token

											
										
										
											2 years ago
+								        else:
-												fix: 修改 ConnectionToken Serializer

											
										
										
											2 years ago
+								            data = {
-												perf: 修改 connect token

											
										
										
											2 years ago
+								                'name': account.name,
 								                'username': account.username,
 								                'secret_type': account.secret_type,
-												pref: conneect token 支持 su from

											
										
										
											2 years ago
+								                'secret': account.secret or self.input_secret,
 								                'su_from': account.su_from,
-												fix: 修改 ConnectionToken Serializer

											
										
										
											2 years ago
+								                'org_id': account.org_id
-												perf: 修改 connect token

											
										
										
											2 years ago
+								            }
-												fix: 修改 ConnectionToken Serializer

											
										
										
											2 years ago
+								        return Account(**data)
-												refactor: ConnectionToken 修改 Model 和序列类

											
										
										
											2 years ago
-												refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑) (#8559)

* refactor: 重构 Connection Token 模块 (完成 Model 设计和创建 Token 的API逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Token 详细信息的 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 RDP 文件 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Client url API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection token 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection)

* refactor: 重构 Connection Token 模块 (完善序列类字段)

* refactor: 重构 Connection Token 模块 (完善expire API)

* refactor: 重构 Connection Token 模块 (完善迁移文件)

* refactor: 重构 Connection Token 模块 (完善翻译文件)

* refactor: 重构 Connection Token 模块 (拆分Connection ViewSet)

* refactor: 重构 Connection Token 模块 (修改翻译)

* refactor: 重构 Connection Token 模块 （优化)

Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
											
										
										
											2 years ago
+								    @lazyproperty
 								    def domain(self):
-												refactor: 修改 ConnectionToken 关联的逻辑(1)

											
										
										
											2 years ago
+								        domain = self.asset.domain if self.asset else None
-												refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑) (#8559)

* refactor: 重构 Connection Token 模块 (完成 Model 设计和创建 Token 的API逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Token 详细信息的 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 RDP 文件 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Client url API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection token 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection)

* refactor: 重构 Connection Token 模块 (完善序列类字段)

* refactor: 重构 Connection Token 模块 (完善expire API)

* refactor: 重构 Connection Token 模块 (完善迁移文件)

* refactor: 重构 Connection Token 模块 (完善翻译文件)

* refactor: 重构 Connection Token 模块 (拆分Connection ViewSet)

* refactor: 重构 Connection Token 模块 (修改翻译)

* refactor: 重构 Connection Token 模块 （优化)

Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
											
										
										
											2 years ago
+								        return domain
 								    @lazyproperty
 								    def gateway(self):
 								        from assets.models import Domain
 								        if not self.domain:
 								            return
 								        self.domain: Domain
 								        return self.domain.random_gateway()
 								    @lazyproperty
-												fix: 修改 ConnectionToken Serializer 命令过滤器

											
										
										
											2 years ago
+								    def acl_command_groups(self):
 								        from acls.models import CommandFilterACL
-												refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑) (#8559)

* refactor: 重构 Connection Token 模块 (完成 Model 设计和创建 Token 的API逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Token 详细信息的 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 RDP 文件 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Client url API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection token 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection)

* refactor: 重构 Connection Token 模块 (完善序列类字段)

* refactor: 重构 Connection Token 模块 (完善expire API)

* refactor: 重构 Connection Token 模块 (完善迁移文件)

* refactor: 重构 Connection Token 模块 (完善翻译文件)

* refactor: 重构 Connection Token 模块 (拆分Connection ViewSet)

* refactor: 重构 Connection Token 模块 (修改翻译)

* refactor: 重构 Connection Token 模块 （优化)

Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
											
										
										
											2 years ago
+								        kwargs = {
-												perf: 修改命令过滤相关的Model, CommandFilterACL, CommandGroup; 修改Model QuerySet 相关的方法;

											
										
										
											2 years ago
+								            'user': self.user,
 								            'asset': self.asset,
-												refactor: 修改 ConnectionToken 关联的逻辑(1)

											
										
										
											2 years ago
+								            'account': self.account,
-												refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑) (#8559)

* refactor: 重构 Connection Token 模块 (完成 Model 设计和创建 Token 的API逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Token 详细信息的 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 RDP 文件 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Client url API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection token 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection)

* refactor: 重构 Connection Token 模块 (完善序列类字段)

* refactor: 重构 Connection Token 模块 (完善expire API)

* refactor: 重构 Connection Token 模块 (完善迁移文件)

* refactor: 重构 Connection Token 模块 (完善翻译文件)

* refactor: 重构 Connection Token 模块 (拆分Connection ViewSet)

* refactor: 重构 Connection Token 模块 (修改翻译)

* refactor: 重构 Connection Token 模块 （优化)

Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
											
										
										
											2 years ago
+								        }
-												perf: 修改命令过滤相关的Model, CommandFilterACL, CommandGroup; 修改Model QuerySet 相关的方法;

											
										
										
											2 years ago
+								        command_groups = CommandFilterACL.filter_queryset(**kwargs).get_command_groups()
 								        return command_groups
-												refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑) (#8559)

* refactor: 重构 Connection Token 模块 (完成 Model 设计和创建 Token 的API逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Token 详细信息的 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 RDP 文件 API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Client url API 逻辑)

* refactor: 重构 Connection Token 模块 (完成获取 Super connection token API 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection token 逻辑)

* refactor: 重构 Connection Token 模块 (完成删除原 Connection)

* refactor: 重构 Connection Token 模块 (完善序列类字段)

* refactor: 重构 Connection Token 模块 (完善expire API)

* refactor: 重构 Connection Token 模块 (完善迁移文件)

* refactor: 重构 Connection Token 模块 (完善翻译文件)

* refactor: 重构 Connection Token 模块 (拆分Connection ViewSet)

* refactor: 重构 Connection Token 模块 (修改翻译)

* refactor: 重构 Connection Token 模块 （优化)

Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
											
										
										
											2 years ago
-												Fix rbac (#7728)

* perf: 重命名 signal handlers

* fix: 修复 ticket processor 问题

* perf: 修改 ticket 处理人api

* fix: 修复创建系统账号bug

* fix: 升级celery_beat==2.2.1和flower==1.0.0;修改celery进程启动参数先后顺序

* perf: 修改 authentication token

* fix: 修复上传权限bug

* fix: 登录页面增加i18n切换;

* fix: 系统角色删除限制

* perf: 修改一下 permissions tree

* perf: 生成 i18n

* perf: 修改一点点

Co-authored-by: ibuler <ibuler@qq.com>
Co-authored-by: feng626 <1304903146@qq.com>
Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
											
										
										
											3 years ago
 								class SuperConnectionToken(ConnectionToken):
 								    class Meta:
 								        proxy = True
 								        verbose_name = _("Super connection token")