jumpserver/apps/users/utils.py

# ~*~ coding: utf-8 ~*~
#
from __future__ import unicode_literals
import logging
import os
import re
import uuid

from django.conf import settings
from django.contrib.auth.mixins import UserPassesTestMixin
from django.urls import reverse_lazy
from django.utils.translation import ugettext as _

from paramiko.rsakey import RSAKey

from common.tasks import send_mail_async
from common.utils import reverse, get_object_or_none
from .models import User


try:
    import cStringIO as StringIO
except ImportError:
    import StringIO


logger = logging.getLogger('jumpserver')


class AdminUserRequiredMixin(UserPassesTestMixin):
    login_url = reverse_lazy('users:login')

    def test_func(self):
        return self.request.user.is_staff


def user_add_success_next(user):
    subject = _('Create account successfully')
    recipient_list = [user.email]
    message = _("""
    Hello %(name)s:
    </br>
    Your account has been created successfully
    </br>
    <a href="%(rest_password_url)s?token=%(rest_password_token)s">click here to set your password</a>
    </br>
    This link is valid for 1 hour. After it expires, <a href="%(forget_password_url)s?email=%(email)s">request new one</a>

    </br>
    ---

    </br>
    <a href="%(login_url)s">Login direct</a>

    </br>
    """) % {
        'name': user.name,
        'rest_password_url': reverse('users:reset-password', external=True),
        'rest_password_token': user.generate_reset_token(),
        'forget_password_url': reverse('users:forgot-password', external=True),
        'email': user.email,
        'login_url': reverse('users:login', external=True),
    }

    send_mail_async.delay(subject, message, recipient_list, html_message=message)


def send_reset_password_mail(user):
    subject = _('Reset password')
    recipient_list = [user.email]
    message = _("""
    Hello %(name)s:
    </br>
    Please click the link below to reset your password, if not your request, concern your account security
    </br>
    <a href="%(rest_password_url)s?token=%(rest_password_token)s">Click here reset password</a>
    </br>
    This link is valid for 1 hour. After it expires, <a href="%(forget_password_url)s?email=%(email)s">request new one<</a>

    </br>
    ---

    </br>
    <a href="%(login_url)s">Login direct</a>

    </br>
    """) % {
        'name': user.name,
        'rest_password_url': reverse('users:reset-password', external=True),
        'rest_password_token': user.generate_reset_token(),
        'forget_password_url': reverse('users:forgot-password', external=True),
        'email': user.email,
        'login_url': reverse('users:login', external=True),
    }
    if settings.DEBUG:
        logger.debug(message)

    send_mail_async.delay(subject, message, recipient_list, html_message=message)


def send_reset_ssh_key_mail(user):
    subject = _('SSH Key Reset')
    recipient_list = [user.email]
    message = _("""
    Hello %(name)s:
    </br>
    Your ssh public key has been reset by site administrator.
    Please login and reset your ssh public key.
    </br>
    <a href="%(login_url)s">Login direct</a>

    </br>
    """) % {
        'name': user.name,
        'login_url': reverse('users:login', external=True),
    }
    if settings.DEBUG:
        logger.debug(message)

    send_mail_async.delay(subject, message, recipient_list, html_message=message)


def validate_ssh_pk(text):
    """
    Expects a SSH private key as string.
    Returns a boolean and a error message.
    If the text is parsed as private key successfully,
    (True,'') is returned. Otherwise,
    (False, <message describing the error>) is returned.

    from https://github.com/githubnemo/SSH-private-key-validator/blob/master/validate.py

    """

    if not text:
        return False, 'No text given'

    startPattern = re.compile("^-----BEGIN [A-Z]+ PRIVATE KEY-----")
    optionPattern = re.compile("^.+: .+")
    contentPattern = re.compile("^([a-zA-Z0-9+/]{64}|[a-zA-Z0-9+/]{1,64}[=]{0,2})$")
    endPattern = re.compile("^-----END [A-Z]+ PRIVATE KEY-----")

    def contentState(text):
        for i in range(0, len(text)):
            line = text[i]

            if endPattern.match(line):
                if i == len(text) - 1 or len(text[i + 1]) == 0:
                    return True, ''
                else:
                    return False, 'At end but content coming'

            elif not contentPattern.match(line):
                return False, 'Wrong string in content section'

        return False, 'No content or missing end line'

    def optionState(text):
        for i in range(0, len(text)):
            line = text[i]

            if line[-1:] == '\\':
                return optionState(text[i + 2:])

            if not optionPattern.match(line):
                return contentState(text[i + 1:])

        return False, 'Expected option, found nothing'

    def startState(text):
        if len(text) == 0 or not startPattern.match(text[0]):
            return False, 'Header is wrong'
        return optionState(text[1:])

    return startState([n.strip() for n in text.splitlines()])


def check_user_valid(**kwargs):
    password = kwargs.pop('password', None)
    public_key = kwargs.pop('public_key', None)
    user = get_object_or_none(User, **kwargs)

    if user is None or not user.is_valid:
        return None
    if password and user.check_password(password):
        return user
    if public_key:
        public_key_saved = user.public_key.split()
        if len(public_key_saved) == 1:
            if public_key == public_key_saved[0]:
                return user
        elif len(public_key_saved) > 1:
            if public_key == public_key_saved[1]:
                return user
    return None


def token_gen(*args, **kwargs):
    return uuid.uuid4().get_hex()
添加 utils和api样例文件 8 years ago			`# ~~ coding: utf-8 ~~`
			`#`
Add user and send mail 8 years ago			`from __future__ import unicode_literals`
Add ssh-key-gen function 8 years ago			`import logging`
#8 user first login view 8 years ago			`import os`
Modify some bug 8 years ago			`import re`
Finish token access api 8 years ago			`import uuid`
Add ssh-key-gen function 8 years ago
reset user password and ssh pk implement 8 years ago			`from django.conf import settings`
Fix some bug 8 years ago			`from django.contrib.auth.mixins import UserPassesTestMixin`
			`from django.urls import reverse_lazy`
Add translation for support i18n 8 years ago			`from django.utils.translation import ugettext as _`
Fix some bug 8 years ago
#8 user first login view 8 years ago			`from paramiko.rsakey import RSAKey`

Add user and send mail 8 years ago			`from common.tasks import send_mail_async`
Update ssh server 8 years ago			`from common.utils import reverse, get_object_or_none`
			`from .models import User`
Add user and send mail 8 years ago
Add user generate reset password token 8 years ago
Add ssh-key-gen function 8 years ago			`try:`
			`import cStringIO as StringIO`
			`except ImportError:`
			`import StringIO`


			`logger = logging.getLogger('jumpserver')`

Fix some bug 8 years ago
			`class AdminUserRequiredMixin(UserPassesTestMixin):`
			`login_url = reverse_lazy('users:login')`

			`def test_func(self):`
			`return self.request.user.is_staff`
Add ssh-key-gen function 8 years ago




Add user and send mail 8 years ago			`def user_add_success_next(user):`
Add translation for support i18n 8 years ago			`subject = _('Create account successfully')`
Add user and send mail 8 years ago			`recipient_list = [user.email]`
Add translation for support i18n 8 years ago			`message = _("""`
			`Hello %(name)s:`
Add user and send mail 8 years ago			`</br>`
Add translation for support i18n 8 years ago			`Your account has been created successfully`
Add user and send mail 8 years ago			`</br>`
Add translation for support i18n 8 years ago			`<a href="%(rest_password_url)s?token=%(rest_password_token)s">click here to set your password</a>`
Add user and send mail 8 years ago			`</br>`
Add translation for support i18n 8 years ago			`This link is valid for 1 hour. After it expires, <a href="%(forget_password_url)s?email=%(email)s">request new one</a>`
Add user and send mail 8 years ago
			`</br>`
			`---`

			`</br>`
Add translation for support i18n 8 years ago			`<a href="%(login_url)s">Login direct</a>`
Add user and send mail 8 years ago
			`</br>`
Add translation for support i18n 8 years ago			`""") % {`
Add user and send mail 8 years ago			`'name': user.name,`
			`'rest_password_url': reverse('users:reset-password', external=True),`
Add forget password and reset password 8 years ago			`'rest_password_token': user.generate_reset_token(),`
Merge with cmdb 8 years ago			`'forget_password_url': reverse('users:forgot-password', external=True),`
Add forget password and reset password 8 years ago			`'email': user.email,`
			`'login_url': reverse('users:login', external=True),`
			`}`

			`send_mail_async.delay(subject, message, recipient_list, html_message=message)`


			`def send_reset_password_mail(user):`
Add translation for support i18n 8 years ago			`subject = _('Reset password')`
Add forget password and reset password 8 years ago			`recipient_list = [user.email]`
Add translation for support i18n 8 years ago			`message = _("""`
			`Hello %(name)s:`
Add forget password and reset password 8 years ago			`</br>`
Add translation for support i18n 8 years ago			`Please click the link below to reset your password, if not your request, concern your account security`
Add forget password and reset password 8 years ago			`</br>`
Add translation for support i18n 8 years ago			`<a href="%(rest_password_url)s?token=%(rest_password_token)s">Click here reset password</a>`
Add forget password and reset password 8 years ago			`</br>`
Add translation for support i18n 8 years ago			`This link is valid for 1 hour. After it expires, <a href="%(forget_password_url)s?email=%(email)s">request new one<</a>`
Add forget password and reset password 8 years ago
			`</br>`
			`---`

			`</br>`
Add translation for support i18n 8 years ago			`<a href="%(login_url)s">Login direct</a>`
Add forget password and reset password 8 years ago
			`</br>`
Add translation for support i18n 8 years ago			`""") % {`
Add forget password and reset password 8 years ago			`'name': user.name,`
			`'rest_password_url': reverse('users:reset-password', external=True),`
			`'rest_password_token': user.generate_reset_token(),`
Merge with cmdb 8 years ago			`'forget_password_url': reverse('users:forgot-password', external=True),`
Add user and send mail 8 years ago			`'email': user.email,`
			`'login_url': reverse('users:login', external=True),`
			`}`
reset user password and ssh pk implement 8 years ago			`if settings.DEBUG:`
			`logger.debug(message)`
Add user and send mail 8 years ago
			`send_mail_async.delay(subject, message, recipient_list, html_message=message)`

Add ssh-key-gen function 8 years ago
change user ssh reset type from private key to public key 8 years ago			`def send_reset_ssh_key_mail(user):`
			`subject = _('SSH Key Reset')`
			`recipient_list = [user.email]`
			`message = _("""`
			`Hello %(name)s:`
			`</br>`
			`Your ssh public key has been reset by site administrator.`
			`Please login and reset your ssh public key.`
			`</br>`
			`<a href="%(login_url)s">Login direct</a>`

			`</br>`
			`""") % {`
			`'name': user.name,`
			`'login_url': reverse('users:login', external=True),`
			`}`
			`if settings.DEBUG:`
			`logger.debug(message)`

			`send_mail_async.delay(subject, message, recipient_list, html_message=message)`


#8 user first login view 8 years ago			`def validate_ssh_pk(text):`
			`"""`
			`Expects a SSH private key as string.`
			`Returns a boolean and a error message.`
			`If the text is parsed as private key successfully,`
			`(True,'') is returned. Otherwise,`
			`(False, <message describing the error>) is returned.`

			`from https://github.com/githubnemo/SSH-private-key-validator/blob/master/validate.py`

			`"""`

			`if not text:`
			`return False, 'No text given'`

			`startPattern = re.compile("^-----BEGIN [A-Z]+ PRIVATE KEY-----")`
			`optionPattern = re.compile("^.+: .+")`
			`contentPattern = re.compile("^([a-zA-Z0-9+/]{64}\|[a-zA-Z0-9+/]{1,64}[=]{0,2})$")`
			`endPattern = re.compile("^-----END [A-Z]+ PRIVATE KEY-----")`

			`def contentState(text):`
			`for i in range(0, len(text)):`
			`line = text[i]`

			`if endPattern.match(line):`
			`if i == len(text) - 1 or len(text[i + 1]) == 0:`
			`return True, ''`
			`else:`
			`return False, 'At end but content coming'`

			`elif not contentPattern.match(line):`
			`return False, 'Wrong string in content section'`

			`return False, 'No content or missing end line'`

			`def optionState(text):`
			`for i in range(0, len(text)):`
			`line = text[i]`

			`if line[-1:] == '\\':`
			`return optionState(text[i + 2:])`

			`if not optionPattern.match(line):`
			`return contentState(text[i + 1:])`

			`return False, 'Expected option, found nothing'`
Add ssh-key-gen function 8 years ago
#8 user first login view 8 years ago			`def startState(text):`
			`if len(text) == 0 or not startPattern.match(text[0]):`
			`return False, 'Header is wrong'`
			`return optionState(text[1:])`
Add ssh-key-gen function 8 years ago
#8 user first login view 8 years ago			`return startState([n.strip() for n in text.splitlines()])`
Update ssh server 8 years ago

Finish token access api 8 years ago			`def check_user_valid(**kwargs):`
Update ssh server 8 years ago			`password = kwargs.pop('password', None)`
			`public_key = kwargs.pop('public_key', None)`
			`user = get_object_or_none(User, **kwargs)`

Finish token access api 8 years ago			`if user is None or not user.is_valid:`
			`return None`
			`if password and user.check_password(password):`
			`return user`
Fix pubkey auth bug 8 years ago			`if public_key:`
			`public_key_saved = user.public_key.split()`
			`if len(public_key_saved) == 1:`
			`if public_key == public_key_saved[0]:`
			`return user`
			`elif len(public_key_saved) > 1:`
			`if public_key == public_key_saved[1]:`
			`return user`
Finish token access api 8 years ago			`return None`
Update ssh server 8 years ago

Finish token access api 8 years ago			`def token_gen(args, *kwargs):`
			`return uuid.uuid4().get_hex()`
Update ssh server 8 years ago