2018-01-11 12:10:27 +00:00
|
|
|
|
import json
|
|
|
|
|
|
2016-09-03 11:05:50 +00:00
|
|
|
|
from django.db import models
|
2018-01-22 03:38:40 +00:00
|
|
|
|
from django.db.utils import ProgrammingError, OperationalError
|
2018-01-11 12:10:27 +00:00
|
|
|
|
from django.utils.translation import ugettext_lazy as _
|
2021-01-26 09:54:12 +00:00
|
|
|
|
from django.conf import settings
|
2018-01-11 12:10:27 +00:00
|
|
|
|
|
2021-01-26 09:54:12 +00:00
|
|
|
|
from common.utils import signer, get_logger
|
|
|
|
|
|
|
|
|
|
logger = get_logger(__name__)
|
2018-09-03 03:24:25 +00:00
|
|
|
|
|
2018-01-11 12:10:27 +00:00
|
|
|
|
|
|
|
|
|
class SettingQuerySet(models.QuerySet):
|
|
|
|
|
def __getattr__(self, item):
|
2020-04-29 06:32:51 +00:00
|
|
|
|
queryset = list(self)
|
|
|
|
|
instances = [i for i in queryset if i.name == item]
|
2018-01-11 12:10:27 +00:00
|
|
|
|
if len(instances) == 1:
|
|
|
|
|
return instances[0]
|
|
|
|
|
else:
|
|
|
|
|
return Setting()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class SettingManager(models.Manager):
|
|
|
|
|
def get_queryset(self):
|
|
|
|
|
return SettingQuerySet(self.model, using=self._db)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class Setting(models.Model):
|
|
|
|
|
name = models.CharField(max_length=128, unique=True, verbose_name=_("Name"))
|
2021-09-09 06:00:50 +00:00
|
|
|
|
value = models.TextField(verbose_name=_("Value"), null=True, blank=True)
|
2018-01-20 14:22:09 +00:00
|
|
|
|
category = models.CharField(max_length=128, default="default")
|
2018-09-03 03:24:25 +00:00
|
|
|
|
encrypted = models.BooleanField(default=False)
|
2018-01-11 12:10:27 +00:00
|
|
|
|
enabled = models.BooleanField(verbose_name=_("Enabled"), default=True)
|
|
|
|
|
comment = models.TextField(verbose_name=_("Comment"))
|
|
|
|
|
|
|
|
|
|
objects = SettingManager()
|
2019-12-05 07:09:25 +00:00
|
|
|
|
cache_key_prefix = '_SETTING_'
|
2018-01-11 12:10:27 +00:00
|
|
|
|
|
|
|
|
|
def __str__(self):
|
|
|
|
|
return self.name
|
|
|
|
|
|
2018-01-12 07:43:26 +00:00
|
|
|
|
@property
|
2018-01-20 14:22:09 +00:00
|
|
|
|
def cleaned_value(self):
|
2018-01-12 07:43:26 +00:00
|
|
|
|
try:
|
2018-09-03 03:24:25 +00:00
|
|
|
|
value = self.value
|
|
|
|
|
if self.encrypted:
|
|
|
|
|
value = signer.unsign(value)
|
2018-12-21 07:47:52 +00:00
|
|
|
|
if not value:
|
|
|
|
|
return None
|
2018-09-03 03:24:25 +00:00
|
|
|
|
value = json.loads(value)
|
|
|
|
|
return value
|
2018-01-12 07:43:26 +00:00
|
|
|
|
except json.JSONDecodeError:
|
|
|
|
|
return None
|
|
|
|
|
|
2018-01-20 14:22:09 +00:00
|
|
|
|
@cleaned_value.setter
|
|
|
|
|
def cleaned_value(self, item):
|
|
|
|
|
try:
|
|
|
|
|
v = json.dumps(item)
|
2018-09-03 03:24:25 +00:00
|
|
|
|
if self.encrypted:
|
|
|
|
|
v = signer.sign(v)
|
2018-01-20 14:22:09 +00:00
|
|
|
|
self.value = v
|
|
|
|
|
except json.JSONDecodeError as e:
|
|
|
|
|
raise ValueError("Json dump error: {}".format(str(e)))
|
|
|
|
|
|
2018-01-11 12:10:27 +00:00
|
|
|
|
@classmethod
|
|
|
|
|
def refresh_all_settings(cls):
|
2018-01-22 03:38:40 +00:00
|
|
|
|
try:
|
|
|
|
|
settings_list = cls.objects.all()
|
|
|
|
|
for setting in settings_list:
|
|
|
|
|
setting.refresh_setting()
|
|
|
|
|
except (ProgrammingError, OperationalError):
|
|
|
|
|
pass
|
2018-01-11 12:10:27 +00:00
|
|
|
|
|
2021-01-26 09:54:12 +00:00
|
|
|
|
@classmethod
|
|
|
|
|
def refresh_item(cls, name):
|
|
|
|
|
item = cls.objects.filter(name=name).first()
|
|
|
|
|
if not item:
|
|
|
|
|
return
|
|
|
|
|
item.refresh_setting()
|
|
|
|
|
|
2018-01-11 12:10:27 +00:00
|
|
|
|
def refresh_setting(self):
|
2021-01-26 09:54:12 +00:00
|
|
|
|
if hasattr(self.__class__, f'refresh_{self.name}'):
|
|
|
|
|
getattr(self.__class__, f'refresh_{self.name}')()
|
|
|
|
|
else:
|
|
|
|
|
setattr(settings, self.name, self.cleaned_value)
|
2021-09-16 10:57:09 +00:00
|
|
|
|
self.refresh_keycloak_to_openid_if_need()
|
2021-01-26 09:54:12 +00:00
|
|
|
|
|
|
|
|
|
@classmethod
|
2021-09-13 13:25:11 +00:00
|
|
|
|
def refresh_authentications(cls, name):
|
|
|
|
|
setting = cls.objects.filter(name=name).first()
|
2021-01-26 09:54:12 +00:00
|
|
|
|
if not setting:
|
|
|
|
|
return
|
2021-09-13 13:25:11 +00:00
|
|
|
|
|
|
|
|
|
backends_map = {
|
|
|
|
|
'AUTH_LDAP': [settings.AUTH_BACKEND_LDAP],
|
|
|
|
|
'AUTH_OPENID': [settings.AUTH_BACKEND_OIDC_CODE, settings.AUTH_BACKEND_OIDC_PASSWORD],
|
|
|
|
|
'AUTH_RADIUS': [settings.AUTH_BACKEND_RADIUS],
|
|
|
|
|
'AUTH_CAS': [settings.AUTH_BACKEND_CAS],
|
2021-12-09 07:47:21 +00:00
|
|
|
|
'AUTH_SAML2': [settings.AUTH_BACKEND_SAML2],
|
2021-09-13 13:25:11 +00:00
|
|
|
|
}
|
|
|
|
|
setting_backends = backends_map[name]
|
|
|
|
|
auth_backends = settings.AUTHENTICATION_BACKENDS
|
|
|
|
|
|
|
|
|
|
for backend in setting_backends:
|
|
|
|
|
has = backend in auth_backends
|
|
|
|
|
|
|
|
|
|
# 添加
|
|
|
|
|
if setting.cleaned_value and not has:
|
2021-09-13 16:03:17 +00:00
|
|
|
|
logger.debug('Add auth backend: {}'.format(name))
|
2021-09-13 13:25:11 +00:00
|
|
|
|
settings.AUTHENTICATION_BACKENDS.insert(0, backend)
|
|
|
|
|
|
|
|
|
|
# 去掉
|
|
|
|
|
if not setting.cleaned_value and has:
|
|
|
|
|
index = auth_backends.index(backend)
|
2021-09-13 16:03:17 +00:00
|
|
|
|
logger.debug('Pop auth backend: {}'.format(name))
|
2021-09-13 13:25:11 +00:00
|
|
|
|
auth_backends.pop(index)
|
|
|
|
|
|
|
|
|
|
# 设置内存值
|
|
|
|
|
setattr(settings, name, setting.cleaned_value)
|
|
|
|
|
|
2021-09-14 08:38:47 +00:00
|
|
|
|
@classmethod
|
|
|
|
|
def refresh_AUTH_CAS(cls):
|
|
|
|
|
cls.refresh_authentications('AUTH_CAS')
|
|
|
|
|
|
2021-09-13 13:25:11 +00:00
|
|
|
|
@classmethod
|
|
|
|
|
def refresh_AUTH_LDAP(cls):
|
|
|
|
|
cls.refresh_authentications('AUTH_LDAP')
|
|
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
|
def refresh_AUTH_OPENID(cls):
|
|
|
|
|
cls.refresh_authentications('AUTH_OPENID')
|
|
|
|
|
|
2021-12-09 07:47:21 +00:00
|
|
|
|
@classmethod
|
|
|
|
|
def refresh_AUTH_SAML2(cls):
|
|
|
|
|
cls.refresh_authentications('AUTH_SAML2')
|
|
|
|
|
|
2021-09-16 10:57:09 +00:00
|
|
|
|
def refresh_keycloak_to_openid_if_need(self):
|
|
|
|
|
watch_config_names = [
|
|
|
|
|
'AUTH_OPENID', 'AUTH_OPENID_REALM_NAME', 'AUTH_OPENID_SERVER_URL',
|
|
|
|
|
'AUTH_OPENID_PROVIDER_ENDPOINT', 'AUTH_OPENID_KEYCLOAK'
|
|
|
|
|
]
|
|
|
|
|
if self.name not in watch_config_names:
|
|
|
|
|
# 不在监听的配置中, 不需要刷新
|
|
|
|
|
return
|
|
|
|
|
auth_keycloak = self.__class__.objects.filter(name='AUTH_OPENID_KEYCLOAK').first()
|
|
|
|
|
if not auth_keycloak or not auth_keycloak.cleaned_value:
|
|
|
|
|
# 关闭 Keycloak 方式的配置, 不需要刷新
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
from jumpserver.conf import Config
|
|
|
|
|
config_names = [
|
|
|
|
|
'AUTH_OPENID', 'AUTH_OPENID_REALM_NAME',
|
|
|
|
|
'AUTH_OPENID_SERVER_URL', 'AUTH_OPENID_PROVIDER_ENDPOINT'
|
|
|
|
|
]
|
|
|
|
|
# 获取当前 keycloak 配置
|
|
|
|
|
keycloak_config = {}
|
|
|
|
|
for name in config_names:
|
|
|
|
|
setting = self.__class__.objects.filter(name=name).first()
|
|
|
|
|
if not setting:
|
|
|
|
|
continue
|
|
|
|
|
value = setting.cleaned_value
|
|
|
|
|
keycloak_config[name] = value
|
|
|
|
|
|
|
|
|
|
# 转化 keycloak 配置为 openid 配置
|
|
|
|
|
openid_config = Config.convert_keycloak_to_openid(keycloak_config)
|
|
|
|
|
if not openid_config:
|
|
|
|
|
return
|
|
|
|
|
# 刷新 settings
|
|
|
|
|
for key, value in openid_config.items():
|
|
|
|
|
setattr(settings, key, value)
|
|
|
|
|
|
2021-09-13 13:25:11 +00:00
|
|
|
|
@classmethod
|
|
|
|
|
def refresh_AUTH_RADIUS(cls):
|
|
|
|
|
cls.refresh_authentications('AUTH_RADIUS')
|
2021-01-26 09:54:12 +00:00
|
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
|
def update_or_create(cls, name='', value='', encrypted=False, category=''):
|
|
|
|
|
"""
|
|
|
|
|
不能使用 Model 提供的,update_or_create 因为这里有 encrypted 和 cleaned_value
|
|
|
|
|
:return: (changed, instance)
|
|
|
|
|
"""
|
|
|
|
|
setting = cls.objects.filter(name=name).first()
|
|
|
|
|
changed = False
|
|
|
|
|
if not setting:
|
|
|
|
|
setting = Setting(name=name, encrypted=encrypted, category=category)
|
|
|
|
|
if setting.cleaned_value != value:
|
|
|
|
|
setting.encrypted = encrypted
|
|
|
|
|
setting.cleaned_value = value
|
|
|
|
|
setting.save()
|
|
|
|
|
changed = True
|
|
|
|
|
return changed, setting
|
2018-01-12 07:43:26 +00:00
|
|
|
|
|
2018-01-11 12:10:27 +00:00
|
|
|
|
class Meta:
|
2019-03-04 07:38:59 +00:00
|
|
|
|
db_table = "settings_setting"
|
2019-02-21 11:22:23 +00:00
|
|
|
|
verbose_name = _("Setting")
|