fix: 修复资产系统用户auth-info获取流程及创建时手动登录方式的校验

2021-10-22 14:27:54 +08:00 · 2021-10-22 14:27:54 +08:00 · 06de6c3575
parent c341d01e5a
commit 06de6c3575
13 changed files with 77 additions and 50 deletions
--- a/apps/assets/api/admin_user.py
+++ b/apps/assets/api/admin_user.py
@ -21,6 +21,8 @@ class AdminUserViewSet(OrgBulkModelViewSet):
    search_fields = filterset_fields
    serializer_class = serializers.AdminUserSerializer
    permission_classes = (IsOrgAdmin,)
+    ordering_fields = ('name',)
+    ordering = ('name', )

    def get_queryset(self):
        queryset = super().get_queryset().filter(type=SystemUser.Type.admin)
--- a/apps/assets/api/asset.py
+++ b/apps/assets/api/asset.py
@ -50,6 +50,7 @@ class AssetViewSet(SuggestionMixin, FilterAssetByNodeMixin, OrgBulkModelViewSet)
    }
    search_fields = ("hostname", "ip")
    ordering_fields = ("hostname", "ip", "port", "cpu_cores")
+    ordering = ('hostname', )
    serializer_classes = {
        'default': serializers.AssetSerializer,
        'suggestion': serializers.MiniAssetSerializer
--- a/apps/assets/api/domain.py
+++ b/apps/assets/api/domain.py
@ -22,6 +22,8 @@ class DomainViewSet(OrgBulkModelViewSet):
    search_fields = filterset_fields
    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = serializers.DomainSerializer
+    ordering_fields = ('name',)
+    ordering = ('name', )

    def get_serializer_class(self):
        if self.request.query_params.get('gateway'):
--- a/apps/assets/api/system_user.py
+++ b/apps/assets/api/system_user.py
@ -41,6 +41,8 @@ class SystemUserViewSet(SuggestionMixin, OrgBulkModelViewSet):
        'default': serializers.SystemUserSerializer,
        'suggestion': serializers.MiniSystemUserSerializer
    }
+    ordering_fields = ('name', 'protocol')
+    ordering = ('name', )
    permission_classes = (IsOrgAdminOrAppUser,)


@ -73,7 +75,7 @@ class SystemUserTempAuthInfoApi(generics.CreateAPIView):

        with tmp_to_root_org():
            instance = get_object_or_404(SystemUser, pk=pk)
-            instance.set_temp_auth(instance_id, user, data)
+            instance.set_temp_auth(instance_id, user.id, data)
        return Response(serializer.data, status=201)


--- a/apps/assets/models/user.py
+++ b/apps/assets/models/user.py
@ -103,16 +103,23 @@ class AuthMixin:
        password = cache.get(key)
        return password

-    def load_tmp_auth_if_has(self, asset_or_app_id, user):
-        if not asset_or_app_id or not user:
-            return
+    def _clean_auth_info_if_manual_login_mode(self):
+        if self.login_mode == self.LOGIN_MANUAL:
+            self.password = ''
+            self.private_key = ''
+            self.public_key = ''

+    def _load_tmp_auth_if_has(self, asset_or_app_id, user_id):
        if self.login_mode != self.LOGIN_MANUAL:
            return

-        auth = self.get_temp_auth(asset_or_app_id, user)
+        if not asset_or_app_id or not user_id:
+            return
+
+        auth = self.get_temp_auth(asset_or_app_id, user_id)
        if not auth:
            return
+
        username = auth.get('username')
        password = auth.get('password')

@ -122,17 +129,11 @@ class AuthMixin:
            self.password = password

    def load_app_more_auth(self, app_id=None, user_id=None):
-        from users.models import User
-
+        self._clean_auth_info_if_manual_login_mode()
+        # 加载临时认证信息
        if self.login_mode == self.LOGIN_MANUAL:
-            self.password = ''
-            self.private_key = ''
-        if not user_id:
+            self._load_tmp_auth_if_has(app_id, user_id)
            return
-        user = get_object_or_none(User, pk=user_id)
-        if not user:
-            return
-        self.load_tmp_auth_if_has(app_id, user)

    def load_asset_special_auth(self, asset, username=''):
        """
@ -152,34 +153,25 @@ class AuthMixin:

    def load_asset_more_auth(self, asset_id=None, username=None, user_id=None):
        from users.models import User
-
+        self._clean_auth_info_if_manual_login_mode()
+        # 加载临时认证信息
        if self.login_mode == self.LOGIN_MANUAL:
-            self.password = ''
-            self.private_key = ''
-
-        asset = None
-        if asset_id:
-            asset = get_object_or_none(Asset, pk=asset_id)
-        # 没有资产就没有必要继续了
-        if not asset:
-            logger.debug('Asset not found, pass')
+            self._load_tmp_auth_if_has(asset_id, user_id)
            return
-
-        user = None
-        if user_id:
-            user = get_object_or_none(User, pk=user_id)
-
-        _username = self.username
+        # 更新用户名
+        user = get_object_or_none(User, pk=user_id) if user_id else None
        if self.username_same_with_user:
            if user and not username:
                _username = user.username
            else:
                _username = username
            self.username = _username
-
        # 加载某个资产的特殊配置认证信息
-        self.load_asset_special_auth(asset, _username)
-        self.load_tmp_auth_if_has(asset_id, user)
+        asset = get_object_or_none(Asset, pk=asset_id) if asset_id else None
+        if not asset:
+            logger.debug('Asset not found, pass')
+            return
+        self.load_asset_special_auth(asset, self.username)


 class SystemUser(ProtocolMixin, AuthMixin, BaseUser):
--- a/apps/assets/serializers/system_user.py
+++ b/apps/assets/serializers/system_user.py
@ -123,7 +123,8 @@ class SystemUserSerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer):
            return ''
        return home

-    def validate_sftp_root(self, value):
+    @staticmethod
+    def validate_sftp_root(value):
        if value in ['home', 'tmp']:
            return value
        if not value.startswith('/'):
@ -131,19 +132,6 @@ class SystemUserSerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer):
            raise serializers.ValidationError(error)
        return value

-    def validate_admin_user(self, attrs):
-        if self.instance:
-            tp = self.instance.type
-        else:
-            tp = attrs.get('type')
-        if tp != SystemUser.Type.admin:
-            return attrs
-        attrs['protocol'] = SystemUser.Protocol.ssh
-        attrs['login_mode'] = SystemUser.LOGIN_AUTO
-        attrs['username_same_with_user'] = False
-        attrs['auto_push'] = False
-        return attrs
-
    def validate_password(self, password):
        super().validate_password(password)
        auto_gen_key = self.get_initial_value("auto_generate_key", False)
@ -155,7 +143,20 @@ class SystemUserSerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer):
            raise serializers.ValidationError(_("Password or private key required"))
        return password

-    def validate_gen_key(self, attrs):
+    def _validate_admin_user(self, attrs):
+        if self.instance:
+            tp = self.instance.type
+        else:
+            tp = attrs.get('type')
+        if tp != SystemUser.Type.admin:
+            return attrs
+        attrs['protocol'] = SystemUser.Protocol.ssh
+        attrs['login_mode'] = SystemUser.LOGIN_AUTO
+        attrs['username_same_with_user'] = False
+        attrs['auto_push'] = False
+        return attrs
+
+    def _validate_gen_key(self, attrs):
        username = attrs.get("username", "manual")
        auto_gen_key = attrs.pop("auto_generate_key", False)
        protocol = attrs.get("protocol")
@ -179,9 +180,23 @@ class SystemUserSerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer):
            attrs["public_key"] = public_key
        return attrs

+    def _validate_login_mode(self, attrs):
+        if 'login_mode' in attrs:
+            login_mode = attrs['login_mode']
+        else:
+            login_mode = self.instance.login_mode if self.instance else SystemUser.LOGIN_AUTO
+
+        if login_mode == SystemUser.LOGIN_MANUAL:
+            attrs['password'] = ''
+            attrs['private_key'] = ''
+            attrs['public_key'] = ''
+
+        return attrs
+
    def validate(self, attrs):
-        attrs = self.validate_admin_user(attrs)
-        attrs = self.validate_gen_key(attrs)
+        attrs = self._validate_admin_user(attrs)
+        attrs = self._validate_gen_key(attrs)
+        attrs = self._validate_login_mode(attrs)
        return attrs

    @classmethod
--- a/apps/orgs/api.py
+++ b/apps/orgs/api.py
@ -48,6 +48,8 @@ class OrgViewSet(BulkModelViewSet):
    queryset = Organization.objects.all()
    serializer_class = OrgSerializer
    permission_classes = (IsSuperUserOrAppUser,)
+    ordering_fields = ('name',)
+    ordering = ('name', )

    def get_serializer_class(self):
        mapper = {
--- a/apps/perms/api/application/application_permission.py
+++ b/apps/perms/api/application/application_permission.py
@ -22,6 +22,8 @@ class ApplicationPermissionViewSet(BasePermissionViewSet):
    custom_filter_fields = BasePermissionViewSet.custom_filter_fields + [
        'application_id', 'application', 'app', 'app_name'
    ]
+    ordering_fields = ('name',)
+    ordering = ('name', )

    def get_queryset(self):
        queryset = super().get_queryset().prefetch_related(
--- a/apps/perms/api/asset/asset_permission.py
+++ b/apps/perms/api/asset/asset_permission.py
@ -21,3 +21,5 @@ class AssetPermissionViewSet(OrgBulkModelViewSet):
    serializer_class = serializers.AssetPermissionSerializer
    filterset_class = AssetPermissionFilter
    search_fields = ('name',)
+    ordering_fields = ('name',)
+    ordering = ('name', )
--- a/apps/terminal/api/task.py
+++ b/apps/terminal/api/task.py
@ -17,6 +17,7 @@ logger = logging.getLogger(__file__)
 class TaskViewSet(BulkModelViewSet):
    queryset = Task.objects.all()
    serializer_class = serializers.TaskSerializer
+    filterset_fields = ('is_finished',)
    permission_classes = (IsOrgAdminOrAppUser,)


--- a/apps/tickets/api/ticket.py
+++ b/apps/tickets/api/ticket.py
@ -29,6 +29,8 @@ class TicketViewSet(CommonApiMixin, viewsets.ModelViewSet):
    search_fields = [
        'title', 'action', 'type', 'status', 'applicant_display'
    ]
+    ordering_fields = ('title',)
+    ordering = ('title', )

    def create(self, request, *args, **kwargs):
        raise MethodNotAllowed(self.action)
--- a/apps/users/api/group.py
+++ b/apps/users/api/group.py
@ -16,3 +16,5 @@ class UserGroupViewSet(OrgBulkModelViewSet):
    search_fields = filterset_fields
    permission_classes = (IsOrgAdmin,)
    serializer_class = UserGroupSerializer
+    ordering_fields = ('name', )
+    ordering = ('name', )
--- a/apps/users/api/user.py
+++ b/apps/users/api/user.py
@ -42,6 +42,8 @@ class UserViewSet(CommonApiMixin, UserQuerysetMixin, BulkModelViewSet):
        'invite': InviteSerializer,
    }
    extra_filter_backends = [OrgRoleUserFilterBackend]
+    ordering_fields = ('name',)
+    ordering = ('name', )

    def get_queryset(self):
        queryset = super().get_queryset().prefetch_related(