jumpserver/apps/assets/forms/user.py

# -*- coding: utf-8 -*-
#
from django import forms
from django.utils.translation import gettext_lazy as _

from ..models import AdminUser, SystemUser
from common.utils import validate_ssh_private_key, ssh_pubkey_gen, get_logger

logger = get_logger(__file__)
__all__ = [
    'FileForm', 'SystemUserForm', 'AdminUserForm',
]


class FileForm(forms.Form):
    file = forms.FileField()


class PasswordAndKeyAuthForm(forms.ModelForm):
    # Form field name can not start with `_`, so redefine it,
    password = forms.CharField(
        widget=forms.PasswordInput, max_length=128,
        strip=True, required=False,
        help_text=_('Password or private key passphrase'),
        label=_("Password"),
    )
    # Need use upload private key file except paste private key content
    private_key_file = forms.FileField(required=False, label=_("Private key"))

    def clean_private_key_file(self):
        private_key_file = self.cleaned_data['private_key_file']
        password = self.cleaned_data['password']

        if private_key_file:
            key_string = private_key_file.read()
            private_key_file.seek(0)
            if not validate_ssh_private_key(key_string, password):
                raise forms.ValidationError(_('Invalid private key'))
        return private_key_file

    def validate_password_key(self):
        password = self.cleaned_data['password']
        private_key_file = self.cleaned_data.get('private_key_file', '')

        if not password and not private_key_file:
            raise forms.ValidationError(_(
                'Password and private key file must be input one'
            ))

    def gen_keys(self):
        password = self.cleaned_data.get('password', '') or None
        private_key_file = self.cleaned_data['private_key_file']
        public_key = private_key = None

        if private_key_file:
            private_key = private_key_file.read().strip().decode('utf-8')
            public_key = ssh_pubkey_gen(private_key=private_key, password=password)
        return private_key, public_key


class AdminUserForm(PasswordAndKeyAuthForm):
    def save(self, commit=True):
        # Because we define custom field, so we need rewrite :method: `save`
        admin_user = super().save(commit=commit)
        password = self.cleaned_data.get('password', '') or None
        private_key, public_key = super().gen_keys()
        admin_user.set_auth(password=password, public_key=public_key, private_key=private_key)
        return admin_user

    def clean(self):
        super().clean()
        if not self.instance:
            super().validate_password_key()

    class Meta:
        model = AdminUser
        fields = ['name', 'username', 'password', 'private_key_file', 'comment']
        widgets = {
            'name': forms.TextInput(attrs={'placeholder': _('Name')}),
            'username': forms.TextInput(attrs={'placeholder': _('Username')}),
        }
        help_texts = {
            'name': '* required',
            'username': '* required',
        }


class SystemUserForm(PasswordAndKeyAuthForm):
    # Admin user assets define, let user select, save it in form not in view
    auto_generate_key = forms.BooleanField(initial=True, required=False)

    def save(self, commit=True):
        # Because we define custom field, so we need rewrite :method: `save`
        system_user = super().save()
        password = self.cleaned_data.get('password', '') or None
        auto_generate_key = self.cleaned_data.get('auto_generate_key', False)
        private_key, public_key = super().gen_keys()

        if auto_generate_key:
            logger.info('Auto generate key and set system user auth')
            system_user.auto_gen_auth()
        else:
            system_user.set_auth(password=password, private_key=private_key, public_key=public_key)
        return system_user

    def clean(self):
        super().clean()
        auto_generate = self.cleaned_data.get('auto_generate_key')
        if not self.instance and not auto_generate:
            super().validate_password_key()

    class Meta:
        model = SystemUser
        fields = [
            'name', 'username', 'protocol', 'auto_generate_key',
            'password', 'private_key_file', 'auto_push', 'sudo',
            'comment', 'shell', 'nodes', 'priority',
        ]
        widgets = {
            'name': forms.TextInput(attrs={'placeholder': _('Name')}),
            'username': forms.TextInput(attrs={'placeholder': _('Username')}),
            'nodes': forms.SelectMultiple(
                attrs={
                    'class': 'select2',
                    'data-placeholder': _('Nodes')
                }
            ),
        }
        help_texts = {
            'name': '* required',
            'username': '* required',
            'nodes': _('If auto push checked, system user will be create at node assets'),
            'auto_push': _('Auto push system user to asset'),
            'priority': _('High level will be using login asset as default, if user was granted more than 2 system user'),
        }
Merge to dev (#1051) * [Update] 修改 success message, 添加资产组时可以添加资产 * [Update] system user form add label * [Update] set default cluster * [Update] 修改一些翻译 * [Bugfix] 修复重置密码bug * [Bugfix] 默认default cluster * [Bugfix] 用户添加报错 * 修改tab样式 * [Bugfix] 修复了一些显示上的bug * 修复全选按钮在搜索后仍然选择全部的问题 * [Bugfix] 修复以下bug 1. 查看执行历史异常 2. 用户授权资产页显示message * [Update] api 返回platform, 并增加web terminal nav * [Feature] 添加setting页面 * [Feature] 添加basic settings * [Update] 修改翻译 * [Update] 修改config * [Update] 启动加载common setting * [Bugfix] 修复cluster创建的bug * [Bugfix] 修复title显示Jumpserver * [Bugfix] setting tables not found * [Bugfix] settings add option * [Feature] 添加后端paging * [Bugfix] 资产列表选择别的页会报错 * [Update] check all 只选择当前页面 * [Bugfix] user login ip * [Bugfix] for login ip * [Bugfix] 修复资产列表显示bug * [Remove] labels * [Bugfix] task运行失败，因为tasks没有设置 * [Feature] 增加标签 * [Bugfix] 读取不到prefix * For storage * [Change] 修改部分翻译 * [Update] 启用ldap移动位置 * [Update] 修改翻译 * [Feature] 支持es存储命令 * Update README.md * [Feature] 添加es支持 * [update] 修改用户创建时姓名和用户名的位置 * [Update] 修改install.md * [Update] remote default PAGE_SIZE stting * [Feature] terminal config load * [Feature] es support * [Update] 修改requirement * [Update] 修改requirements * [Update] 修改dictfiled * [Fix] 修改Logger * [Bugfix] 倒序显示 * [Update] 修改默认头像和logo * [Update] 修改django-celery-beat的版本 * [Feature] 添加修改用户密码api * add logo test * [Bugfix] 修复一些bug * [Update] 修改copyrite * [Update] 修改copyright * Update ISSUE_TEMPLATE.md * [Update] 修改禁止排序的颜色 * [Feature] 标签管理功能 * [Bugfix] git status * [Model] 修改create_by字段 * [Update] 修改位置 * [Update] 修改签名md5算法 * [Feature] 资产列表标签搜索 * [Feature] 添加资产详情标签 * [Bugfix] 修复资产搜索bug * [Update] ansible disk bug * [Update] ansible disk bug * [Bugfix] 修复获取kvmcpu的bug * [Bugfix] 修复bsd获取cpu数量bug * [Bugfix] 修改翻译 * [Bugfix] 资产model 太长 * [Bugfix] 修改项目结构描述修正"项目多语言目录" * Update project_structure.md * [Update] add debug log * refactor: rename folder i18n * [Feature] 添加链接token * [Feature] Label 删除修改 * [Update] 修改部分翻译 * [Update] 修改小bug * [Update] 修复获取资产信息异常bug * [Bugfix] 修复系统用户上传秘钥的bug * [Update] 修改获取资产信息产生的异常 * [Update] 删除部分资产属性 * [Bugfix] 资产批量便捷 * [Update] 修改认证 * [Feature] 支持popover * [Feature] tree * [Feature] 添加资产树 * [Feature] 使用ztree * [Feature] tree增删功能 * [Bugfix] 修复组详情bug * [Bugfix] 修复组详情bug * [Bugfix] 修改创建label时报错的bug * [Bugfix] 修改label api bug * [Update] 去掉资产组添加 * [Update] 修改ztrr * Update README.md * [Update] 修改资产创建 * [Bugfix] 修复ldap认证bug * [Update] 修改一处翻译 * [Update] 更改授权规则前commit * [Abandon] ... * Update README.md * Update README.md * Update README.md * [Feature] 完成资产授权和资产添加 * [Update] 修改授权 * [Bugfix] 修改创建系统用户的bug * feat: rdp support * [Update] 拆分asset api module * [Update] 资产列表选中和移除资产 * [Feature] 更改perms api * [Update] 使用资产树，去掉集群和资产组 * [Update] 修改系统用户推送，拆分assets的部分模块 * [Update] 完成树形改造 * [Update] 完成资产书 * [Update] 修改资产model * ubuntu16.04 deb_requirements.txt update (#1007) * Update run server.py (#915) Fix for not callable error when config.py not exists * [Update]一些修改 * [Update] 修改初始 * feat: replay setting page and api * 增加隐藏树功能 * [Update] 修改翻译 * 对齐菜单文字。修改英文 * feat: update app setting * fix: app get replay storage * [Update] 修改文案 * [Docs] 初始化doc * [Bugfix] 用户csv导入编码问题 * [Update] 修改设置的一些require * [Bugfix] 修复管理用户无法查看的bug * [Update] 修改授权api, windows资产只有rdp协议，linux只有ssh协议 * [Update] terminal可以更改名称 * [Update] 统一copyright * [Update] 修改文档 * [Bugfix] 修复资产禁用还可以登录 * [Update] 修改文案 * [Update] 支持拖拽更新 * [Bugfix] 修复bug，修改celery beat版本依赖 * [Update] 修改一些小问题 * 添加普通用户使用内容 * [Update] 修改一些文案 * Update README.md * Update README.md * Update README.md * 用户列表 * [Update] 修改一些bug和文案 * [Delete] 删除build 页面 * [Update] 修改conf * [Update] bugfix * [Update] 更新文档地址 * [Update] 修改部分翻译和文档 * [Update] 修改一些bug * [Update] 修改链接 * [Update] 增加批量终端session api * [Update] 修改Node value唯一 * [Bugfix] 修复首页无法显示数据的bug * feat: s3 replay file get * feat: update * [Update] 修改bug 2018-03-07 13:21:56 +00:00			`# -- coding: utf-8 --`
			`#`
			`from django import forms`
			`from django.utils.translation import gettext_lazy as _`

			`from ..models import AdminUser, SystemUser`
			`from common.utils import validate_ssh_private_key, ssh_pubkey_gen, get_logger`

			`logger = get_logger(__file__)`
			`__all__ = [`
			`'FileForm', 'SystemUserForm', 'AdminUserForm',`
			`]`


			`class FileForm(forms.Form):`
			`file = forms.FileField()`


			`class PasswordAndKeyAuthForm(forms.ModelForm):`
			# Form field name can not start with `_`, so redefine it,
			`password = forms.CharField(`
			`widget=forms.PasswordInput, max_length=128,`
			`strip=True, required=False,`
			`help_text=_('Password or private key passphrase'),`
			`label=_("Password"),`
			`)`
			`# Need use upload private key file except paste private key content`
			`private_key_file = forms.FileField(required=False, label=_("Private key"))`

			`def clean_private_key_file(self):`
			`private_key_file = self.cleaned_data['private_key_file']`
			`password = self.cleaned_data['password']`

			`if private_key_file:`
			`key_string = private_key_file.read()`
			`private_key_file.seek(0)`
			`if not validate_ssh_private_key(key_string, password):`
			`raise forms.ValidationError(_('Invalid private key'))`
			`return private_key_file`

			`def validate_password_key(self):`
			`password = self.cleaned_data['password']`
			`private_key_file = self.cleaned_data.get('private_key_file', '')`

			`if not password and not private_key_file:`
			`raise forms.ValidationError(_(`
			`'Password and private key file must be input one'`
			`))`

			`def gen_keys(self):`
			`password = self.cleaned_data.get('password', '') or None`
			`private_key_file = self.cleaned_data['private_key_file']`
			`public_key = private_key = None`

			`if private_key_file:`
			`private_key = private_key_file.read().strip().decode('utf-8')`
			`public_key = ssh_pubkey_gen(private_key=private_key, password=password)`
			`return private_key, public_key`


			`class AdminUserForm(PasswordAndKeyAuthForm):`
			`def save(self, commit=True):`
			# Because we define custom field, so we need rewrite :method: `save`
			`admin_user = super().save(commit=commit)`
			`password = self.cleaned_data.get('password', '') or None`
			`private_key, public_key = super().gen_keys()`
			`admin_user.set_auth(password=password, public_key=public_key, private_key=private_key)`
			`return admin_user`

			`def clean(self):`
			`super().clean()`
			`if not self.instance:`
			`super().validate_password_key()`

			`class Meta:`
			`model = AdminUser`
			`fields = ['name', 'username', 'password', 'private_key_file', 'comment']`
			`widgets = {`
			`'name': forms.TextInput(attrs={'placeholder': _('Name')}),`
			`'username': forms.TextInput(attrs={'placeholder': _('Username')}),`
			`}`
			`help_texts = {`
			`'name': '* required',`
			`'username': '* required',`
			`}`


			`class SystemUserForm(PasswordAndKeyAuthForm):`
			`# Admin user assets define, let user select, save it in form not in view`
			`auto_generate_key = forms.BooleanField(initial=True, required=False)`

			`def save(self, commit=True):`
			# Because we define custom field, so we need rewrite :method: `save`
			`system_user = super().save()`
			`password = self.cleaned_data.get('password', '') or None`
			`auto_generate_key = self.cleaned_data.get('auto_generate_key', False)`
			`private_key, public_key = super().gen_keys()`

			`if auto_generate_key:`
			`logger.info('Auto generate key and set system user auth')`
			`system_user.auto_gen_auth()`
			`else:`
			`system_user.set_auth(password=password, private_key=private_key, public_key=public_key)`
			`return system_user`

			`def clean(self):`
			`super().clean()`
			`auto_generate = self.cleaned_data.get('auto_generate_key')`
			`if not self.instance and not auto_generate:`
			`super().validate_password_key()`

			`class Meta:`
			`model = SystemUser`
			`fields = [`
			`'name', 'username', 'protocol', 'auto_generate_key',`
			`'password', 'private_key_file', 'auto_push', 'sudo',`
			`'comment', 'shell', 'nodes', 'priority',`
			`]`
			`widgets = {`
			`'name': forms.TextInput(attrs={'placeholder': _('Name')}),`
			`'username': forms.TextInput(attrs={'placeholder': _('Username')}),`
			`'nodes': forms.SelectMultiple(`
			`attrs={`
			`'class': 'select2',`
			`'data-placeholder': _('Nodes')`
			`}`
			`),`
			`}`
			`help_texts = {`
			`'name': '* required',`
			`'username': '* required',`
			`'nodes': _('If auto push checked, system user will be create at node assets'),`
			`'auto_push': _('Auto push system user to asset'),`
			`'priority': _('High level will be using login asset as default, if user was granted more than 2 system user'),`
			`}`