Merge branch 'master' of code.simcu.com:jumpserver/jumpserver

merage
2016-10-07 23:04:48 +08:00 · 2016-10-07 23:04:48 +08:00 · 0c611b6429
parent 2829445f4f aa02c211fe
commit 0c611b6429
36 changed files with 1085 additions and 430 deletions
--- a/.gitignore
+++ b/.gitignore
@ -16,3 +16,4 @@ db.sqlite3
 config.py
 migrations/
 *.log
+host_rsa_key
--- a/apps/common/mixins.py
+++ b/apps/common/mixins.py
@ -1,6 +1,7 @@
 # coding: utf-8

 from django.db import models
+from django.http import JsonResponse
 from django.utils.timezone import now
 from django.utils.translation import ugettext_lazy as _

@ -36,3 +37,27 @@ class NoDeleteModelMixin(models.Model):
        self.is_discard = True
        self.discard_time = now()
        return self.save()
+
+
+class JSONResponseMixin(object):
+
+    """JSON mixin"""
+
+    def render_json_response(self, context):
+        return JsonResponse(context)
+
+
+class BulkDeleteApiMixin(object):
+
+    def filter_queryset(self, queryset):
+        id_list = self.request.query_params.get('id__in')
+        if id_list:
+            import json
+            try:
+                ids = json.loads(id_list)
+            except Exception as e:
+                print e
+                return queryset
+            if isinstance(ids, list):
+                queryset = queryset.filter(id__in=ids)
+        return queryset
--- a/apps/common/utils.py
+++ b/apps/common/utils.py
@ -30,11 +30,17 @@ def get_object_or_none(model, **kwargs):


 def encrypt(*args, **kwargs):
-    return signing.dumps(*args, **kwargs)
+    try:
+        return signing.dumps(*args, **kwargs)
+    except signing.BadSignature:
+        return ''


 def decrypt(*args, **kwargs):
-    return signing.loads(*args, **kwargs)
+    try:
+        return signing.loads(*args, **kwargs)
+    except signing.BadSignature:
+        return ''


 def date_expired_default():
--- a/apps/fixtures/fake.json
+++ b/apps/fixtures/fake.json
--- a/apps/fixtures/init.json
+++ b/apps/fixtures/init.json
--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@ -54,7 +54,7 @@ INSTALLED_APPS = [
    'users.apps.UsersConfig',
    'assets.apps.AssetsConfig',
    'perms.apps.PermsConfig',
-    'webterminal.apps.WebterminalConfig',
+    # 'terminal.apps.TerminalConfig',
    'ops.apps.OpsConfig',
    'audits.apps.AuditsConfig',
    'common.apps.CommonConfig',
@ -274,36 +274,36 @@ REST_FRAMEWORK = {
 }
 # This setting is required to override the Django's main loop, when running in
 # development mode, such as ./manage runserver
-WSGI_APPLICATION = 'ws4redis.django_runserver.application'
+# WSGI_APPLICATION = 'ws4redis.django_runserver.application'

 # URL that distinguishes websocket connections from normal requests
-WEBSOCKET_URL = '/ws/'
+# WEBSOCKET_URL = '/ws/'

 # WebSocket Redis
-WS4REDIS_CONNECTION = {
-    'host': CONFIG.REDIS_HOST or '127.0.0.1',
-    'port': CONFIG.REDIS_PORT or 6379,
-    'db': 2,
-}
+# WS4REDIS_CONNECTION = {
+#     'host': CONFIG.REDIS_HOST or '127.0.0.1',
+#     'port': CONFIG.REDIS_PORT or 6379,
+#     'db': 2,
+# }

 # Set the number of seconds each message shall persisted
-WS4REDIS_EXPIRE = 3600
+# WS4REDIS_EXPIRE = 3600

-WS4REDIS_HEARTBEAT = 'love you'
+# WS4REDIS_HEARTBEAT = 'love you'

-WS4REDIS_PREFIX = 'demo'
+# WS4REDIS_PREFIX = 'demo'

-SESSION_ENGINE = 'redis_sessions.session'
+# SESSION_ENGINE = 'redis_sessions.session'

-SESSION_REDIS_PREFIX = 'session'
+# SESSION_REDIS_PREFIX = 'session'

-SESSION_REDIS_HOST = CONFIG.REDIS_HOST
+# SESSION_REDIS_HOST = CONFIG.REDIS_HOST

-SESSION_REDIS_PORT = CONFIG.REDIS_PORT
+# SESSION_REDIS_PORT = CONFIG.REDIS_PORT

-SESSION_REDIS_PASSWORD = CONFIG.REDIS_PASSWORD
+# SESSION_REDIS_PASSWORD = CONFIG.REDIS_PASSWORD

-SESSION_REDIS_DB = CONFIG.REDIS_DB
+# SESSION_REDIS_DB = CONFIG.REDIS_DB


 # Custom User Auth model
--- a/apps/jumpserver/urls.py
+++ b/apps/jumpserver/urls.py
@ -25,7 +25,6 @@ urlpatterns = [
    url(r'^(api/)?users/', include('users.urls')),
    url(r'^assets/', include('assets.urls')),
    url(r'^perms/', include('perms.urls')),
-    url(r'^terminal/', include('webterminal.urls')),
 ]


--- a/apps/terminal/migrations/init.py
+++ b/apps/terminal/migrations/init.py
--- a/apps/static/js/jquery.form.min.js
+++ b/apps/static/js/jquery.form.min.js
--- a/apps/users/api.py
+++ b/apps/users/api.py
@ -9,51 +9,28 @@ from rest_framework import generics, status
 from rest_framework.response import Response
 from rest_framework_bulk import ListBulkCreateUpdateDestroyAPIView

-from .serializers import UserSerializer, UserGroupSerializer, UserAttributeSerializer, GroupUserEditSerializer, \
-    GroupEditSerializer, UserPKUpdateSerializer, UserBulkUpdateSerializer
 from .models import User, UserGroup
+from .serializers import UserDetailSerializer, UserAndGroupSerializer, \
+    GroupDetailSerializer, UserPKUpdateSerializer, UserBulkUpdateSerializer, GroupBulkUpdateSerializer
+from common.mixins import BulkDeleteApiMixin


 logger = logging.getLogger('jumpserver.users.api')


-class UserListAddApi(generics.ListCreateAPIView):
+class UserDetailApi(generics.RetrieveUpdateDestroyAPIView):
    queryset = User.objects.all()
-    serializer_class = UserSerializer
+    serializer_class = UserDetailSerializer


-class UserDetailDeleteUpdateApi(generics.RetrieveUpdateDestroyAPIView):
+class UserAndGroupEditApi(generics.RetrieveUpdateAPIView):
    queryset = User.objects.all()
-    serializer_class = UserSerializer
-
-    def delete(self, request, *args, **kwargs):
-        print(self.request.data)
-        return super(UserDetailDeleteUpdateApi, self).delete(request, *args, **kwargs)
-
-
-class UserGroupListAddApi(generics.ListCreateAPIView):
-    queryset = UserGroup.objects.all()
-    serializer_class = UserGroupSerializer
-
-
-class UserGroupDetailDeleteUpdateApi(generics.RetrieveUpdateDestroyAPIView):
-    queryset = UserGroup.objects.all()
-    serializer_class = UserGroupSerializer
-
-
-class UserAttributeApi(generics.RetrieveUpdateDestroyAPIView):
-    queryset = User.objects.all()
-    serializer_class = UserAttributeSerializer
-
-
-class GroupUserEditApi(generics.RetrieveUpdateAPIView):
-    queryset = User.objects.all()
-    serializer_class = GroupUserEditSerializer
+    serializer_class = UserAndGroupSerializer


 class UserResetPasswordApi(generics.UpdateAPIView):
    queryset = User.objects.all()
-    serializer_class = GroupUserEditSerializer
+    serializer_class = UserDetailSerializer

    def perform_update(self, serializer):
        # Note: we are not updating the user object here.
@ -68,7 +45,7 @@ class UserResetPasswordApi(generics.UpdateAPIView):

 class UserResetPKApi(generics.UpdateAPIView):
    queryset = User.objects.all()
-    serializer_class = GroupUserEditSerializer
+    serializer_class = UserDetailSerializer

    def perform_update(self, serializer):
        user = self.get_object()
@ -88,9 +65,9 @@ class UserUpdatePKApi(generics.UpdateAPIView):
        user.save()


-class GroupEditApi(generics.RetrieveUpdateDestroyAPIView):
+class GroupDetailApi(generics.RetrieveUpdateDestroyAPIView):
    queryset = UserGroup.objects.all()
-    serializer_class = GroupEditSerializer
+    serializer_class = GroupDetailSerializer

    def perform_update(self, serializer):
        users = serializer.validated_data.get('users')
@ -105,27 +82,19 @@ class GroupEditApi(generics.RetrieveUpdateDestroyAPIView):
        serializer.save()


-class UserBulkUpdateApi(ListBulkCreateUpdateDestroyAPIView):
+class UserListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView):
    queryset = User.objects.all()
    serializer_class = UserBulkUpdateSerializer

-    def filter_queryset(self, queryset):
-        id_list = self.request.query_params.get('id__in')
-        if id_list:
-            import json
-            try:
-                ids = json.loads(id_list)
-            except Exception as e:
-                logger.error(str(e))
-                return queryset
-            if isinstance(ids, list):
-                queryset = queryset.filter(id__in=ids)
-        return queryset
+
+class GroupListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView):
+    queryset = UserGroup.objects.all()
+    serializer_class = GroupBulkUpdateSerializer


 class DeleteUserFromGroupApi(generics.DestroyAPIView):
    queryset = UserGroup.objects.all()
-    serializer_class = GroupEditSerializer
+    serializer_class = GroupDetailSerializer

    def destroy(self, request, *args, **kwargs):
        group = self.get_object()
--- a/apps/users/forms.py
+++ b/apps/users/forms.py
@ -34,6 +34,13 @@ class UserCreateForm(forms.ModelForm):
        }


+class UserBulkImportForm(forms.ModelForm):
+
+    class Meta:
+        model = User
+        fields = ['username', 'email', 'enable_otp', 'role']
+
+
 class UserUpdateForm(forms.ModelForm):

    class Meta:
--- a/apps/users/models.py
+++ b/apps/users/models.py
@ -112,6 +112,12 @@ class User(AbstractUser):
        else:
            return True

+    @property
+    def is_valid(self):
+        if self.is_active and not self.is_expired:
+            return True
+        return False
+
    @property
    def private_key(self):
        return decrypt(self._private_key)
--- a/apps/users/serializers.py
+++ b/apps/users/serializers.py
@ -8,47 +8,13 @@ from rest_framework_bulk import BulkListSerializer, BulkSerializerMixin
 from .models import User, UserGroup


-class UserSerializer(serializers.ModelSerializer):
-    groups = serializers.HyperlinkedRelatedField(many=True, read_only=True, view_name='users:user-group-detail-api')
-
-    class Meta:
-        model = User
-        exclude = [
-            'password', 'first_name', 'last_name', 'secret_key_otp',
-            'private_key', 'public_key', 'avatar',
-        ]
-
-
-class UserGroupSerializer(serializers.ModelSerializer):
-    users = serializers.HyperlinkedRelatedField(many=True, read_only=True, view_name='users:user-detail-api')
-
-    class Meta:
-        model = UserGroup
-        fields = '__all__'
-
-
-class GroupEditSerializer(serializers.ModelSerializer):
-
-    class Meta:
-        model = UserGroup
-        fields = ['id', 'name', 'comment', 'date_created', 'created_by', 'users']
-
-
-class UserAttributeSerializer(serializers.ModelSerializer):
+class UserDetailSerializer(serializers.ModelSerializer):

    class Meta:
        model = User
        fields = ['avatar', 'wechat', 'phone', 'enable_otp', 'comment', 'is_active', 'name']


-class GroupUserEditSerializer(serializers.ModelSerializer):
-    groups = serializers.PrimaryKeyRelatedField(many=True, queryset=UserGroup.objects.all())
-
-    class Meta:
-        model = User
-        fields = ['id', 'groups']
-
-
 class UserPKUpdateSerializer(serializers.ModelSerializer):

    class Meta:
@ -70,6 +36,21 @@ class UserPKUpdateSerializer(serializers.ModelSerializer):
        return value


+class UserAndGroupSerializer(serializers.ModelSerializer):
+    groups = serializers.PrimaryKeyRelatedField(many=True, queryset=UserGroup.objects.all())
+
+    class Meta:
+        model = User
+        fields = ['id', 'groups']
+
+
+class GroupDetailSerializer(serializers.ModelSerializer):
+
+    class Meta:
+        model = UserGroup
+        fields = ['id', 'name', 'comment', 'date_created', 'created_by', 'users']
+
+
 class UserBulkUpdateSerializer(BulkSerializerMixin, serializers.ModelSerializer):
    group_display = serializers.SerializerMethodField()
    active_display = serializers.SerializerMethodField()
@ -88,3 +69,16 @@ class UserBulkUpdateSerializer(BulkSerializerMixin, serializers.ModelSerializer)
    def get_active_display(self, obj):
        # TODO: user ative state
        return not (obj.is_expired and obj.is_active)
+
+
+class GroupBulkUpdateSerializer(BulkSerializerMixin, serializers.ModelSerializer):
+
+    user_amount = serializers.SerializerMethodField()
+
+    class Meta:
+        model = UserGroup
+        list_serializer_class = BulkListSerializer
+        fields = ['id', 'name', 'comment', 'user_amount']
+
+    def get_user_amount(self, obj):
+        return obj.users.count()
--- a/apps/users/templates/users/_user_import_modal.html
+++ b/apps/users/templates/users/_user_import_modal.html
@ -0,0 +1,19 @@
+{% extends '_modal.html' %}
+{% load i18n %}
+{% block modal_id %}user_import_modal{% endblock %}
+{% block modal_title%}{% trans "Import User" %}{% endblock %}
+{% block modal_body %}
+<p class="text-success text-center">{% trans "Hint: your excel should organized in the following format." %}</p>
+<p class="text-success text-center">{% trans "* You should have a very worksheet named `users`." %}</p>
+<p class="text-success text-center">{% trans "* Rows in this worksheet: username, email, enable_opt(0, 1), role(one of ['Admin', 'User'])" %}</p>
+<form method="post" class="form-horizontal" action="{% url 'users:user-import' %}" id="fm_user_import" enctype="multipart/form-data">
+    {% csrf_token %}
+    <div class="form-group">
+        <label class="control-label col-sm-2 col-lg-2 " for="id_excel">{% trans "Excel" %}</label>
+        <div class=" col-sm-9 col-lg-9 ">
+            <input id="id_excel" type="file" name="excel" />
+        </div>
+    </div>
+</form>
+{% endblock %}
+{% block modal_confirm_id %}btn_user_import{% endblock %}
--- a/apps/users/templates/users/user_group_detail.html
+++ b/apps/users/templates/users/user_group_detail.html
@ -218,7 +218,7 @@ $(document).on('click', '.btn_remove', function(){
        users: plain_id_list.map(Number)
    };
    $('#select_user_modal').modal('hide');
-    var the_url = "{% url 'users:user-group-edit-api' pk=object.id %}";
+    var the_url = "{% url 'users:user-group-detail-api' pk=object.id %}";
    var success = function() {
        toastr.success('{% trans "The selected users has been added to current group." %}');
        var html = "";
--- a/apps/users/templates/users/user_group_list.html
+++ b/apps/users/templates/users/user_group_list.html
@ -1,71 +1,85 @@
 {% extends '_base_list.html' %}
 {% load i18n static %}
-{% load common_tags %}
 {% block custom_head_css_js %}
-    <link href="{% static "css/plugins/sweetalert/sweetalert.css" %}" rel="stylesheet">
-    <script src="{% static "js/plugins/sweetalert/sweetalert.min.js" %}"></script>
-{% endblock %}
+{{ block.super }}
+<style>
+div.dataTables_wrapper div.dataTables_filter,
+.dataTables_length {
+    float: right !important;
+}

-{% block content_left_head %}
-<a href="{% url 'users:user-group-create' %}" class="btn btn-sm btn-primary ">{% trans "Add User Group" %}</a>
+div.dataTables_wrapper div.dataTables_filter {
+  margin-left: 15px;
+}
+</style>
 {% endblock %}
-
-{% block table_head %}
-     <th class="text-center">
-         <input type="checkbox" id="check_all" onclick="checkAll('check_all', 'checked')">
-     </th>
-     <th class="text-center"><a href="{% url 'users:user-group-list' %}?sort=name">{% trans "Name" %}</a></th>
-     <th class="text-center">{% trans "User Amount" %}</th>
-     <th class="text-center">{% trans "Asset Amount" %}</th>
-     <th class="text-center">{% trans "Comment" %}</th>
-     <th class="text-center"></th>
-{% endblock %}
-
-{% block table_body %}
-    {% for user_group in user_group_list %}
-        <tr class="gradeX">
-            <td class="text-center">
-                <input type="checkbox" name="checked" value="{{ user_group.id }}">
-            </td>
-            <td class="text-center">
-                <a href="{% url 'users:user-group-detail' pk=user_group.id %}">
-                    {{ user_group.name }}
-                </a>
-            </td>
-            <td class="text-center">{{ user_group.users.count }}</td>
-            <td class="text-center">999</td>
-            <th class="text-center">{{ user_group.comment|truncatewords:8 }}</th>
-            <td class="text-center">
-                <a href="{% url 'users:user-group-update' pk=user_group.id %}" class="btn btn-xs btn-info">{% trans "Edit" %}</a>
-                <a href="javascript:void(0)" data-gid="{{ user_group.id }}"
-                    class="btn btn-xs btn-danger del {% ifequal user_group.name 'Default' %}disabled{% else %}btn_delete_user_group{% endifequal %}">{% trans "Delete" %}</a>
-            </td>
+{% block table_search %}{% endblock %}
+{% block table_container %}
+<div class="pull-left m-r-5"><a href="{% url 'users:user-group-create' %}" class="btn btn-sm btn-primary ">{% trans "Add User Group" %}</a></div>
+<table class="table table-striped table-bordered table-hover " id="group_list_table" >
+    <thead>
+        <tr>
+            <th class="text-center">
+                <div class="checkbox checkbox-default"><input id="" type="checkbox" class="ipt_check_all"><label></label></div>
+            </th>
+            <th class="text-center">{% trans 'Name' %}</a></th>
+            <th class="text-center">{% trans 'User Amount' %}</a></th>
+            <th class="text-center">{% trans 'Asset Amount' %}</th>
+            <th class="text-center">{% trans 'Comment' %}</th>
+            <th class="text-center">{% trans 'Action' %}</th>
        </tr>
-    {% endfor %}
-{% endblock  %}
-
-{% block content_bottom_left %}
-    <form id="" method="get" action="" class=" mail-search">
-        <div class="input-group">
-            <select class="form-control m-b" style="width: auto">
-                <option>{% trans "Bulk Update" %}</option>
-                <option>{% trans "Bulk Export" %}</option>
-                <option>{% trans "Bulk Update" %}</option>
-            </select>
-            <div class="input-group-btn pull-left" style="padding-left: 5px;">
-                <button id='search_btn' type="submit" style="height: 32px;"  class="btn btn-sm btn-primary">{% trans "Confirm" %}</button>
-            </div>
+    </thead>
+</table>
+<div id="actions" class="hide">
+    <div class="input-group">
+        <select class="form-control m-b" style="width: auto" id="slct_bulk_update">
+            <option value="delete">{% trans 'Delete selected' %}</option>
+        </select>
+        <div class="input-group-btn pull-left" style="padding-left: 5px;">
+            <button id='btn_bulk_update' style="height: 32px;"  class="btn btn-sm btn-primary">
+             {% trans 'Submit' %}
+            </button>
        </div>
-   </form>
+    </div>
+</div>
 {% endblock %}

+{% block content_bottom_left %}{% endblock %}
 {% block custom_foot_js %}
 <script>
-$(document).on('click', '.btn_delete_user_group', function(){
+$(document).ready(function() {
+    var options = {
+        ele: $('#group_list_table'),
+        buttons: [],
+        columnDefs: [
+            {targets: 1, createdCell: function (td, cellData, rowData) {
+                var detail_btn = '<a href="{% url "users:user-group-detail" pk=99991937 %}">' + cellData + '</a>';
+                $(td).html(detail_btn.replace('99991937', rowData.id));
+             }},
+            {targets: 4, createdCell: function (td, cellData) {
+                var innerHtml = cellData.length > 18 ? cellData.substring(0, 18) + '...': cellData;
+                $(td).html('<a href="javascript:void(0);" data-toggle="tooltip" title="' + cellData + '">' + innerHtml + '</a>');
+             }},
+            {targets: 5, createdCell: function (td, cellData, rowData) {
+                var update_btn = '<a href="{% url "users:user-group-update" pk=99991937 %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'.replace('99991937', cellData);
+                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_delete_user_group" data-uid="99991937">{% trans "Delete" %}</a>'.replace('99991937', cellData);
+                if (rowData.id === 1) {
+                    $(td).html(update_btn)
+                } else {
+                    $(td).html(update_btn + del_btn)
+                }
+             }}],
+        ajax_url: '{% url "users:user-group-bulk-update-api" %}',
+        columns: [{data: function(){return ""}}, {data: "name" }, {data: "user_amount"},
+                  {data: function(){return 999}}, {data: "comment"}, {data: "id" }],
+        op_html: $('#actions').html()
+    };
+    jumpserver.initDataTable(options);
+}).on('click', '.btn_delete_user_group', function(){
    var $this = $(this);
    function doDelete() {
        var group_id = $this.data('gid');
-        var the_url = "{% url 'users:user-group-edit-api' 99991937 %}".replace('99991937', group_id);
+        var the_url = "{% url 'users:user-group-detail-api' 99991937 %}".replace('99991937', group_id);
        var body = {};
        var success = function() {
            var msg = "{% trans 'Group Deleted.' %}";
@ -95,6 +109,48 @@ $(document).on('click', '.btn_delete_user_group', function(){
    }, function() {
        doDelete();
    });
+}).on('click', '#btn_bulk_update', function(){
+    var action = $('#slct_bulk_update').val();
+    var $data_table = $('#group_list_table').DataTable()
+    var plain_id_list = [];
+    $data_table.rows({selected: true}).every(function(){
+        plain_id_list.push(this.data().id);
+    });
+    if (plain_id_list === []) {
+        return false;
+    };
+    var the_url = "{% url 'users:user-group-bulk-update-api' %}";
+    function doDelete() {
+        swal({
+            title: "{% trans 'Are you sure?' %}",
+            text: "{% trans 'This will delete the selected groups !!!' %}",
+            type: "warning",
+            showCancelButton: true,
+            confirmButtonColor: "#DD6B55",
+            confirmButtonText: "{% trans 'Confirm' %}",
+            closeOnConfirm: false
+        }, function() {
+            var success = function() {
+                var msg = "{% trans 'UserGroups Deleted.' %}";
+                swal("{% trans 'UserGroups Delete' %}", msg, "success");
+                $data_table.ajax.reload();
+            };
+            var fail = function() {
+                var msg = "{% trans 'UserGroup Deleting failed.' %}";
+                swal("{% trans 'UserGroups Delete' %}", msg, "error");
+            };
+            var url_delete = the_url + '?id__in=' + JSON.stringify(plain_id_list);
+            APIUpdateAttr({url: url_delete, method: 'DELETE', success: success, error: fail});
+            jumpserver.checked = false;
+        });
+    }
+    switch(action) {
+        case 'delete':
+            doDelete();
+            break;
+        default:
+            break;
+    }
 })
 </script>
 {% endblock %}
--- a/apps/users/templates/users/user_list.html
+++ b/apps/users/templates/users/user_list.html
@ -1,7 +1,5 @@
 {% extends '_base_list.html' %}
 {% load i18n static %}
-{% get_current_language as LANGUAGE_CODE %}
-{% load common_tags %}
 {% block custom_head_css_js %}
 {{ block.super }}
 <style>
@ -17,7 +15,8 @@ div.dataTables_wrapper div.dataTables_filter {
 {% endblock %}
 {% block table_search %}{% endblock %}
 {% block table_container %}
-<div class="uc pull-left"><a href="{% url "users:user-create" %}" class="btn btn-sm btn-primary"> {% trans "Create user" %} </a></div>
+<div class="uc pull-left"><a href="javascript:void(0);" class="btn btn-sm btn-primary" data-toggle="modal" data-target="#user_import_modal"> {% trans "Import user" %} </a></div>
+<div class="uc pull-left m-l-5 m-r-5"><a href="{% url "users:user-create" %}" class="btn btn-sm btn-primary"> {% trans "Create user" %} </a></div>
 <table class="table table-striped table-bordered table-hover " id="user_list_table" >
    <thead>
        <tr>
@ -51,10 +50,11 @@ div.dataTables_wrapper div.dataTables_filter {
    </div>
 </div>
 {% include "users/_user_bulk_update_modal.html" %}
+{% include "users/_user_import_modal.html" %}
 {% endblock %}
-{% block content_bottom_left %}
-{% endblock %}
+{% block content_bottom_left %}{% endblock %}
 {% block custom_foot_js %}
+<script src="{% static 'js/jquery.form.min.js' %}"></script>
 <script>
 $(document).ready(function(){
    var options = {
@ -219,6 +219,23 @@ $(document).ready(function(){
    }
    APIUpdateAttr({url: the_url, method: 'PATCH', body: JSON.stringify(post_list), success: success});
    $('#user_bulk_update_modal').modal('hide');
+}).on('click', '#btn_user_import', function() {
+    var $form = $('#fm_user_import');
+    $form.find('.help-block').remove();
+    function success (data) {
+        if (data.success === false) {
+            var $help = $form.find('.help-block');
+            $('<span />', {class: 'help-block text-danger'}).html(data.msg).insertAfter($('#id_excel'));
+        } else {
+            $('#user_import_modal').modal('hide');
+            var $data_table = $('#user_list_table').DataTable();
+            toastr.success("{% trans 'Import User Success.' %}")
+            $data_table.ajax.reload();
+        }
+    }
+    $form.ajaxSubmit({success: success});
+}).on('change', '#id_excel', function() {
+    $(this).siblings('.help-block').remove();
 })
 </script>
 {% endblock %}
--- a/apps/users/urls.py
+++ b/apps/users/urls.py
@ -23,6 +23,7 @@ urlpatterns = [
    url(r'^user/(?P<pk>[0-9]+)/granted-asset', views.UserGrantedAssetView.as_view(), name='user-granted-asset'),
    url(r'^user/(?P<pk>[0-9]+)/login-history', views.UserDetailView.as_view(), name='user-login-history'),
    url(r'^first-login/$', views.UserFirstLoginView.as_view(), name='user-first-login'),
+    url(r'^import/$', views.BulkImportUserView.as_view(), name='user-import'),
    url(r'^user/(?P<pk>[0-9]+)/assets-perm$', views.UserDetailView.as_view(), name='user-detail'),
    url(r'^user/create$', views.UserCreateView.as_view(), name='user-create'),
    url(r'^user/(?P<pk>[0-9]+)/update$', views.UserUpdateView.as_view(), name='user-update'),
@ -34,22 +35,15 @@ urlpatterns = [


 urlpatterns += [
-    url(r'^v1/users$', api.UserListAddApi.as_view(), name='user-list-api'),
-    url(r'^v1/users/update/$', api.UserBulkUpdateApi.as_view(), name='user-bulk-update-api'),
-    url(r'^v1/users/(?P<pk>[0-9]+)$',
-        api.UserDetailDeleteUpdateApi.as_view(), name='user-detail-api'),
-    url(r'^v1/users/(?P<pk>[0-9]+)/patch$',
-        api.UserAttributeApi.as_view(), name='user-patch-api'),
+    url(r'^v1/users/$', api.UserListUpdateApi.as_view(), name='user-bulk-update-api'),
+    url(r'^v1/users/(?P<pk>\d+)/$', api.UserDetailApi.as_view(), name='user-patch-api'),
    url(r'^v1/users/(?P<pk>\d+)/reset-password/$', api.UserResetPasswordApi.as_view(), name='user-reset-password-api'),
    url(r'^v1/users/(?P<pk>\d+)/reset-pk/$', api.UserResetPKApi.as_view(), name='user-reset-pk-api'),
    url(r'^v1/users/(?P<pk>\d+)/update-pk/$', api.UserUpdatePKApi.as_view(), name='user-update-pk-api'),
-    url(r'^v1/user-groups$', api.UserGroupListAddApi.as_view(), name='user-group-list-api'),
-    url(r'^v1/user-groups/(?P<pk>[0-9]+)$',
-        api.UserGroupDetailDeleteUpdateApi.as_view(), name='user-group-detail-api'),
+    url(r'^v1/user-groups/$', api.GroupListUpdateApi.as_view(), name='user-group-bulk-update-api'),
+    url(r'^v1/user-groups/(?P<pk>\d+)/$', api.GroupDetailApi.as_view(), name='user-group-detail-api'),
    url(r'^v1/user-groups/(?P<pk>\d+)/user/(?P<uid>\d+)/$',
        api.DeleteUserFromGroupApi.as_view(), name='delete-user-from-group-api'),
-    url(r'^v1/user-groups/(?P<pk>[0-9]+)/users/$',
-        api.GroupUserEditApi.as_view(), name='group-user-edit-api'),
-    url(r'^v1/user-groups/(?P<pk>[0-9]+)/edit/$', api.GroupEditApi.as_view(),
-        name='user-group-edit-api'),
+    url(r'^v1/user-groups/(?P<pk>\d+)/users/$',
+        api.UserAndGroupEditApi.as_view(), name='group-user-edit-api'),
 ]
--- a/apps/users/utils.py
+++ b/apps/users/utils.py
@ -12,7 +12,8 @@ from django.utils.translation import ugettext as _
 from paramiko.rsakey import RSAKey

 from common.tasks import send_mail_async
-from common.utils import reverse
+from common.utils import reverse, get_object_or_none
+from .models import User


 try:
@ -147,3 +148,75 @@ def send_reset_ssh_key_mail(user):
        logger.debug(message)

    send_mail_async.delay(subject, message, recipient_list, html_message=message)
+
+
+def validate_ssh_pk(text):
+    """
+    Expects a SSH private key as string.
+    Returns a boolean and a error message.
+    If the text is parsed as private key successfully,
+    (True,'') is returned. Otherwise,
+    (False, <message describing the error>) is returned.
+
+    from https://github.com/githubnemo/SSH-private-key-validator/blob/master/validate.py
+
+    """
+
+    if not text:
+        return False, 'No text given'
+
+    startPattern = re.compile("^-----BEGIN [A-Z]+ PRIVATE KEY-----")
+    optionPattern = re.compile("^.+: .+")
+    contentPattern = re.compile("^([a-zA-Z0-9+/]{64}|[a-zA-Z0-9+/]{1,64}[=]{0,2})$")
+    endPattern = re.compile("^-----END [A-Z]+ PRIVATE KEY-----")
+
+    def contentState(text):
+        for i in range(0, len(text)):
+            line = text[i]
+
+            if endPattern.match(line):
+                if i == len(text) - 1 or len(text[i + 1]) == 0:
+                    return True, ''
+                else:
+                    return False, 'At end but content coming'
+
+            elif not contentPattern.match(line):
+                return False, 'Wrong string in content section'
+
+        return False, 'No content or missing end line'
+
+    def optionState(text):
+        for i in range(0, len(text)):
+            line = text[i]
+
+            if line[-1:] == '\\':
+                return optionState(text[i + 2:])
+
+            if not optionPattern.match(line):
+                return contentState(text[i + 1:])
+
+        return False, 'Expected option, found nothing'
+
+    def startState(text):
+        if len(text) == 0 or not startPattern.match(text[0]):
+            return False, 'Header is wrong'
+        return optionState(text[1:])
+
+    return startState([n.strip() for n in text.splitlines()])
+
+
+def check_user_is_valid(**kwargs):
+    password = kwargs.pop('password', None)
+    public_key = kwargs.pop('public_key', None)
+    user = get_object_or_none(User, **kwargs)
+
+    if password and not user.check_password(password):
+        user = None
+
+    if public_key and not user.public_key == public_key:
+        user = None
+
+    if user and user.is_valid:
+        return user
+
+    return None
--- a/apps/users/views.py
+++ b/apps/users/views.py
@ -2,6 +2,7 @@

 from __future__ import unicode_literals

+from django import forms
 from django.conf import settings
 from django.contrib.auth import login as auth_login, logout as auth_logout
 from django.contrib.auth.mixins import LoginRequiredMixin
@ -23,10 +24,11 @@ from django.views.generic.detail import DetailView

 from formtools.wizard.views import SessionWizardView

+from common.mixins import JSONResponseMixin
 from common.utils import get_object_or_none, get_logger
 from .models import User, UserGroup
 from .forms import UserCreateForm, UserUpdateForm, UserGroupForm, UserLoginForm, UserInfoForm, UserKeyForm, \
-    UserPrivateAssetPermissionForm
+    UserPrivateAssetPermissionForm, UserBulkImportForm
 from .utils import AdminUserRequiredMixin, user_add_success_next, send_reset_password_mail
 from .hands import AssetPermission, get_user_granted_asset_groups, get_user_granted_assets

@ -149,27 +151,12 @@ class UserDetailView(AdminUserRequiredMixin, DetailView):
        return super(UserDetailView, self).get_context_data(**kwargs)


-class UserGroupListView(AdminUserRequiredMixin, ListView):
-    model = UserGroup
-    paginate_by = settings.CONFIG.DISPLAY_PER_PAGE
-    context_object_name = 'user_group_list'
+class UserGroupListView(AdminUserRequiredMixin, TemplateView):
    template_name = 'users/user_group_list.html'
-    ordering = '-date_created'
-
-    def get_queryset(self):
-        self.queryset = super(UserGroupListView, self).get_queryset()
-        self.keyword = keyword = self.request.GET.get('keyword', '')
-        self.sort = sort = self.request.GET.get('sort')
-        if keyword:
-            self.queryset = self.queryset.filter(name__icontains=keyword)
-
-        if sort:
-            self.queryset = self.queryset.order_by(sort)
-        return self.queryset

    def get_context_data(self, **kwargs):
        context = super(UserGroupListView, self).get_context_data(**kwargs)
-        context.update({'app': _('Users'), 'action': _('User group list'), 'keyword': self.keyword})
+        context.update({'app': _('Users'), 'action': _('User group list')})
        return context


@ -443,3 +430,66 @@ class UserGrantedAssetView(AdminUserRequiredMixin, SingleObjectMixin, ListView):
        }
        kwargs.update(context)
        return super(UserGrantedAssetView, self).get_context_data(**kwargs)
+
+
+class FileForm(forms.Form):
+    excel = forms.FileField()
+
+
+class BulkImportUserView(AdminUserRequiredMixin, JSONResponseMixin, FormView):
+    form_class = FileForm
+
+    def form_invalid(self, form):
+        try:
+            error = form.errors.values()[-1][-1]
+        except Exception as e:
+            print e
+            error = _('Invalid file.')
+        data = {
+            'success': False,
+            'msg': error
+        }
+        return self.render_json_response(data)
+
+    def form_valid(self, form):
+        from openpyxl import load_workbook
+        try:
+            wb = load_workbook(form.cleaned_data['excel'])
+            ws = wb['users']
+        except Exception as e:
+            print e
+            error = _('Not a valid Excel file.')
+            data = {
+                'success': False,
+                'msg': error
+            }
+            return self.render_json_response(data)
+
+        errors = []
+        for index, row in enumerate(ws.rows):
+            user_data = [cell.value for cell in row]
+            if len(user_data) != 4:
+                errors.append("Row {}: invalid user data format.".format(index))
+                continue
+            username, email, enable_otp, role = user_data
+            data = {
+                'username': username,
+                'email': email,
+                'enable_otp': True if enable_otp in ['T', '1', 1, True] else False,
+                'role': role
+            }
+            form = UserBulkImportForm(data, auto_id=False)
+            if form.is_valid():
+                form.save()
+            else:
+                form_errors = form.errors.as_data()
+                for key, err_list in form_errors.iteritems():
+                    error_line = "{} :".format(key)
+                    for errs in err_list:
+                        error_line = "{}{}".format(error_line, ";".join([err for err in errs.messages]))
+                    errors.append("Row {}: {}".format(index, error_line))
+        data = {
+            'success': True if not errors else False,
+            'msg': 'ok' if not errors else '<br />'.join(errors)
+        }
+        return self.render_json_response(data)
--- a/apps/webterminal/admin.py
+++ b/apps/webterminal/admin.py
@ -1,3 +0,0 @@
-from django.contrib import admin
-
-# Register your models here.
--- a/apps/webterminal/apps.py
+++ b/apps/webterminal/apps.py
@ -1,7 +0,0 @@
-from __future__ import unicode_literals
-
-from django.apps import AppConfig
-
-
-class WebterminalConfig(AppConfig):
-    name = 'webterminal'
--- a/apps/webterminal/models.py
+++ b/apps/webterminal/models.py
@ -1,5 +0,0 @@
-from __future__ import unicode_literals
-
-from django.db import models
-
-# Create your models here.
--- a/apps/webterminal/templates/main.html
+++ b/apps/webterminal/templates/main.html
@ -1,176 +0,0 @@
-{% extends 'base.html' %}
-{% block content %}
-
-    <div class="container">
-        <div id="term">
-        </div>
-    </div>
-    <div class="termChangBar">
-        <input type="number" min="100" value="100" placeholder="col" id="term-col"/>
-        <input type="number" min="35" value="35" placeholder="row" id="term-row"/>
-        <button id="col-row">修改窗口大小</button>
-    </div>
-{% endblock %}
-
-{% block custom_foot_js %}
-    <script type="application/javascript" src="/static/js/jquery-2.1.1.js"></script>
-    <script type="application/javascript" src="/static/js/term.js"></script>
-    <script>/**
-     * Created by liuzheng on 3/3/16.
-     */
-    var rowHeight = 1;
-    var colWidth = 1;
-    function WSSHClient() {
-    }
-    WSSHClient.prototype._generateEndpoint = function (options) {
-        console.log(options);
-        if (window.location.protocol == 'https:') {
-            var protocol = 'wss://';
-        } else {
-            var protocol = 'ws://';
-        }
-
-        var endpoint = protocol + document.URL.match(RegExp('//(.*?)/'))[1] + '/ws/foobar?subscribe-broadcast&publish-broadcast&echo';
-        return endpoint;
-    };
-    WSSHClient.prototype.connect = function (options) {
-        var endpoint = this._generateEndpoint(options);
-
-        if (window.WebSocket) {
-            this._connection = new WebSocket(endpoint);
-        }
-        else if (window.MozWebSocket) {
-            this._connection = MozWebSocket(endpoint);
-        }
-        else {
-            options.onError('WebSocket Not Supported');
-            return;
-        }
-
-        this._connection.onopen = function () {
-            options.onConnect();
-        };
-
-        this._connection.onmessage = function (evt) {
-            try {
-                options.onData(evt.data);
-            } catch (e) {
-                var data = JSON.parse(evt.data.toString());
-                options.onError(data.error);
-            }
-        };
-
-        this._connection.onclose = function (evt) {
-            options.onClose();
-        };
-    };
-
-    WSSHClient.prototype.send = function (data) {
-        this._connection.send(JSON.stringify({'data': data}));
-    };
-
-    function openTerminal(options) {
-        var client = new WSSHClient();
-        var rowHeight, colWidth;
-        try {
-            rowHeight = localStorage.getItem('term-row');
-            colWidth = localStorage.getItem('term-col');
-        } catch (err) {
-            rowHeight = 35;
-            colWidth = 100
-        }
-        if (rowHeight) {
-        } else {
-            rowHeight = 35
-        }
-        if (colWidth) {
-        } else {
-            colWidth = 100
-        }
-
-        var term = new Terminal({
-            rows: rowHeight,
-            cols: colWidth,
-            useStyle: true,
-            screenKeys: true
-        });
-        term.open();
-        term.on('data', function (data) {
-            client.send(data)
-        });
-        $('.terminal').detach().appendTo('#term');
-        //term.resize(colWidth, rowHeight);
-        term.write('Connecting...');
-        client.connect($.extend(options, {
-            onError: function (error) {
-                term.write('Error: ' + error + '\r\n');
-            },
-            onConnect: function () {
-                // Erase our connecting message
-                client.send({'resize': {'rows': rowHeight, 'cols': colWidth}});
-                term.write('\r');
-            },
-            onClose: function () {
-                term.write('Connection Reset By Peer');
-            },
-            onData: function (data) {
-                if (data == "love you")
-                    console.log(data);
-                else
-                    term.write(data);
-            }
-        }));
-        //rowHeight = 0.0 + 1.00 * $('.terminal').height() / 24;
-        //colWidth = 0.0 + 1.00 * $('.terminal').width() / 80;
-        return {'term': term, 'client': client};
-    }
-
-    //function resize() {
-    //    $('.terminal').css('width', window.innerWidth - 25);
-    //    console.log(window.innerWidth);
-    //    console.log(window.innerWidth - 10);
-    //    var rows = Math.floor(window.innerHeight / rowHeight) - 2;
-    //    var cols = Math.floor(window.innerWidth / colWidth) - 1;
-    //
-    //    return {rows: rows, cols: cols};
-    //}
-
-    $(document).ready(function () {
-        var options = {};
-
-        $('#ssh').show();
-        var term_client = openTerminal(options);
-        console.log(rowHeight);
-        // by liuzheng712 because it will bring record bug
-        //window.onresize = function () {
-        //    var geom = resize();
-        //    console.log(geom);
-        //    term_client.term.resize(geom.cols, geom.rows);
-        //    term_client.client.send({'resize': {'rows': geom.rows, 'cols': geom.cols}});
-        //    $('#ssh').show();
-        //}
-        try {
-            $('#term-row')[0].value = localStorage.getItem('term-row');
-            $('#term-col')[0].value = localStorage.getItem('term-col');
-        } catch (err) {
-            $('#term-row')[0].value = 35;
-            $('#term-col')[0].value = 100;
-        }
-        $('#col-row').click(function () {
-            var col = $('#term-col').val();
-            var row = $('#term-row').val();
-            localStorage.setItem('term-col', col);
-            localStorage.setItem('term-row', row);
-            term_client.term.resize(col, row);
-            term_client.client.send({'resize': {'rows': row, 'cols': col}});
-            $('#ssh').show();
-        });
-        $(".terminal").mouseleave(function () {
-            $(".termChangBar").slideDown();
-        });
-        $(".terminal").mouseenter(function () {
-            $(".termChangBar").slideUp();
-        })
-    });</script>
-
-{% endblock %}
--- a/apps/webterminal/tests.py
+++ b/apps/webterminal/tests.py
@ -1,3 +0,0 @@
-from django.test import TestCase
-
-# Create your tests here.
--- a/apps/webterminal/urls.py
+++ b/apps/webterminal/urls.py
@ -1,11 +0,0 @@
-# coding:utf-8
-from django.conf.urls import url
-from .views import *
-from django.contrib import admin
-admin.autodiscover()
-
-app_name = 'webterminal'
-
-urlpatterns = [
-    url(r'^$', TerminalView.as_view(), name='webterminal'),
-]
--- a/apps/webterminal/views.py
+++ b/apps/webterminal/views.py
@ -1,28 +0,0 @@
-from django.shortcuts import render
-from django.urls import reverse_lazy
-from django.db.models import Q
-from django.views.generic.list import ListView
-from django.views.generic.edit import CreateView, DeleteView, UpdateView
-from django.views.generic.detail import DetailView
-from django.views.generic.base import TemplateView
-from django.views import View
-from django.http import HttpResponse
-from ws4redis.redis_store import RedisMessage
-from ws4redis.publisher import RedisPublisher
-from django.conf import settings
-
-
-# Create your views here.
-class TerminalView(TemplateView):
-    template_name = 'main.html'
-
-    def get(self, request, *args, **kwargs):
-        welcome = RedisMessage('Hello everybody')  # create a welcome message to be sent to everybody
-        RedisPublisher(facility='foobar', broadcast=True).publish_message(welcome)
-        return super(TerminalView, self).get(request, *args, **kwargs)
-
-    def post(self, request, *args, **kwargs):
-        redis_publisher = RedisPublisher(facility='foobar', groups=[request.POST.get('group')])
-        message = RedisMessage(request.POST.get('message'))
-        redis_publisher.publish_message(message)
-        return HttpResponse('OK')
--- a/config_example.py
+++ b/config_example.py
@ -70,6 +70,10 @@ class Config:
    # EMAIL_USE_TLS = False  # If port is 587, set True
    # EMAIL_SUBJECT_PREFIX = '[Jumpserver] '

+    # SSH use password or public key for auth
+    SSH_PASSWORD_AUTH = False
+    SSH_PUBLIC_KEY_AUTH = True
+
    def __init__(self):
        pass

--- a/requirements.txt
+++ b/requirements.txt
@ -13,6 +13,7 @@ wcwidth==0.1.7
 websocket-client==0.37.0
 djangorestframework==3.4.5
 ForgeryPy==0.1
+openpyxl==2.4.0
 paramiko==2.0.2
 celery==3.1.23
 ansible==2.1.1.0
@ -20,3 +21,6 @@ django-simple-captcha==0.5.2
 django-formtools==1.0
 sshpubkeys==2.2.0
 djangorestframework-bulk==0.2.1
+python-gssapi==0.6.4
+tornado==4.4.2
+
--- a/terminal/init.py
+++ b/terminal/init.py
@ -0,0 +1,7 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# 
+
+
+if __name__ == '__main__':
+    pass
--- a/apps/webterminal/init.py
+++ b/apps/webterminal/init.py
--- a/terminal/ssh_config.py
+++ b/terminal/ssh_config.py
@ -0,0 +1,102 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+#
+
+import logging
+import os
+
+
+BASE_DIR = os.path.dirname(os.path.abspath(__name__))
+
+
+class Config:
+    SSH_HOST = ''
+    SSH_PORT = 2200
+    LOG_LEVEL = 'INFO'
+    LOG_DIR = os.path.join(BASE_DIR, 'logs')
+    LOG_FILENAME = 'ssh_server.log'
+    LOGGING = {
+        'version': 1,
+        'disable_existing_loggers': False,
+        'formatters': {
+            'verbose': {
+                'format': '%(levelname)s %(asctime)s %(module)s %(process)d %(thread)d %(message)s'
+            },
+            'main': {
+                'datefmt': '%Y-%m-%d %H:%M:%S',
+                'format': '%(asctime)s [%(module)s %(levelname)s] %(message)s',
+            },
+            'simple': {
+                'format': '%(levelname)s %(message)s'
+            },
+        },
+        'handlers': {
+            'null': {
+                'level': 'DEBUG',
+                'class': 'logging.NullHandler',
+            },
+            'console': {
+                'level': 'DEBUG',
+                'class': 'logging.StreamHandler',
+                'formatter': 'main',
+                'stream': 'ext://sys.stdout',
+            },
+            'file': {
+                'level': 'DEBUG',
+                'class': 'logging.handlers.TimedRotatingFileHandler',
+                'formatter': 'main',
+                'filename': os.path.join(LOG_DIR, LOG_FILENAME),
+                'when': 'D',
+                'backupCount': 10,
+            },
+        },
+        'loggers': {
+            'jumpserver': {
+                'handlers': ['console', 'file'],
+                # 'level': LOG_LEVEL_CHOICES.get(LOG_LEVEL, None) or LOG_LEVEL_CHOICES.get('info')
+                'level': LOG_LEVEL,
+                'propagate': True,
+            },
+            'jumpserver.web_ssh_server': {
+                'handlers': ['console', 'file'],
+                # 'level': LOG_LEVEL_CHOICES.get(LOG_LEVEL, None) or LOG_LEVEL_CHOICES.get('info')
+                'level': LOG_LEVEL,
+                'propagate': True,
+            },
+            'jumpserver.ssh_server': {
+                'handlers': ['console', 'file'],
+                # 'level': LOG_LEVEL_CHOICES.get(LOG_LEVEL, None) or LOG_LEVEL_CHOICES.get('info')
+                'level': LOG_LEVEL,
+                'propagate': True,
+            }
+        }
+    }
+
+    def __init__(self):
+        pass
+
+    def __getattr__(self, item):
+        return None
+
+
+class DevelopmentConfig(Config):
+    pass
+
+
+class ProductionConfig(Config):
+    pass
+
+
+class TestingConfig(Config):
+    pass
+
+
+config = {
+    'development': DevelopmentConfig,
+    'production': ProductionConfig,
+    'testing': TestingConfig,
+    'default': DevelopmentConfig,
+}
+
+env = 'default'
+
--- a/terminal/ssh_config_example.py
+++ b/terminal/ssh_config_example.py
@ -0,0 +1,96 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+#
+
+import logging
+import os
+
+
+BASE_DIR = os.path.dirname(os.path.abspath(__name__))
+
+
+class Config:
+    LOG_LEVEL = 'INFO'
+    LOG_DIR = os.path.join(BASE_DIR, 'logs')
+    LOGGING = {
+        'version': 1,
+        'disable_existing_loggers': False,
+        'formatters': {
+            'verbose': {
+                'format': '%(levelname)s %(asctime)s %(module)s %(process)d %(thread)d %(message)s'
+            },
+            'main': {
+                'datefmt': '%Y-%m-%d %H:%M:%S',
+                'format': '%(asctime)s [%(module)s %(levelname)s] %(message)s',
+            },
+            'simple': {
+                'format': '%(levelname)s %(message)s'
+            },
+        },
+        'handlers': {
+            'null': {
+                'level': 'DEBUG',
+                'class': 'logging.NullHandler',
+            },
+            'console': {
+                'level': 'DEBUG',
+                'class': 'logging.StreamHandler',
+                'formatter': 'main'
+            },
+            'file': {
+                'level': 'DEBUG',
+                'class': 'logging.FileHandler',
+                'formatter': 'main',
+                'filename': LOG_DIR,
+            },
+        },
+        'loggers': {
+            'jumpserver': {
+                'handlers': ['console', 'file'],
+                # 'level': LOG_LEVEL_CHOICES.get(LOG_LEVEL, None) or LOG_LEVEL_CHOICES.get('info')
+                'level': LOG_LEVEL,
+            },
+            'jumpserver.web_ssh_server': {
+                'handlers': ['console', 'file'],
+                # 'level': LOG_LEVEL_CHOICES.get(LOG_LEVEL, None) or LOG_LEVEL_CHOICES.get('info')
+                'level': LOG_LEVEL,
+            },
+            'jumpserver.ssh_server': {
+                'handlers': ['console', 'file'],
+                # 'level': LOG_LEVEL_CHOICES.get(LOG_LEVEL, None) or LOG_LEVEL_CHOICES.get('info')
+                'level': LOG_LEVEL,
+            }
+        }
+    }
+
+    def __init__(self):
+        pass
+
+    def __getattr__(self, item):
+        return None
+
+
+class DevelopmentConfig(Config):
+    pass
+
+
+class ProductionConfig(Config):
+    pass
+
+
+class TestingConfig(Config):
+    pass
+
+
+config = {
+    'development': DevelopmentConfig,
+    'production': ProductionConfig,
+    'testing': TestingConfig,
+    'default': DevelopmentConfig,
+}
+
+env = 'default'
+
+
+if __name__ == '__main__':
+    pass
--- a/terminal/ssh_server.py
+++ b/terminal/ssh_server.py
@ -0,0 +1,411 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+#
+
+__version__ = '0.3.3'
+
+import sys
+import os
+import base64
+import time
+from binascii import hexlify
+import sys
+import threading
+from multiprocessing.process import Process
+import traceback
+import tty
+import termios
+import struct
+import fcntl
+import signal
+import socket
+import select
+import errno
+import paramiko
+import django
+
+BASE_DIR = os.path.abspath(os.path.dirname(__file__))
+APP_DIR = os.path.join(os.path.dirname(BASE_DIR), 'apps')
+sys.path.append(APP_DIR)
+os.environ['DJANGO_SETTINGS_MODULE'] = 'jumpserver.settings'
+
+try:
+    django.setup()
+except IndexError:
+    pass
+
+from django.conf import settings
+from users.utils import ssh_key_gen, check_user_is_valid
+from utils import get_logger, SSHServerException, control_char
+
+
+logger = get_logger(__name__)
+
+paramiko.util.log_to_file(os.path.join(BASE_DIR, 'logs', 'paramiko.log'))
+
+
+class SSHServer(paramiko.ServerInterface):
+    host_key_path = os.path.join(BASE_DIR, 'host_rsa_key')
+    channel_pools = []
+
+    def __init__(self, client, addr):
+        self.event = threading.Event()
+        self.change_window_size_event = threading.Event()
+        self.client = client
+        self.addr = addr
+        self.username = None
+        self.user = None
+        self.channel_width = None
+        self.channel_height = None
+
+    @classmethod
+    def host_key(cls):
+        return cls.get_host_key()
+
+    @classmethod
+    def get_host_key(cls):
+        logger.debug("Get ssh server host key")
+        if not os.path.isfile(cls.host_key_path):
+            cls.host_key_gen()
+        return paramiko.RSAKey(filename=cls.host_key_path)
+
+    @classmethod
+    def host_key_gen(cls):
+        logger.debug("Generate ssh server host key")
+        ssh_key, ssh_pub_key = ssh_key_gen()
+        with open(cls.host_key_path, 'w') as f:
+            f.write(ssh_key)
+
+    def check_channel_request(self, kind, chanid):
+        if kind == 'session':
+            return paramiko.OPEN_SUCCEEDED
+        return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
+
+    def check_auth_password(self, username, password):
+        self.user = user = check_user_is_valid(username=username, password=password)
+        if self.user:
+            self.username = username = user.username
+            logger.info('Accepted password for %(username)s from %(host)s port %(port)s ' % {
+                'username': username,
+                'host': self.addr[0],
+                'port': self.addr[1],
+            })
+            return paramiko.AUTH_SUCCESSFUL
+        else:
+            logger.info('Authentication password failed for %(username)s from %(host)s port %(port)s ' % {
+                'username': username,
+                'host': self.addr[0],
+                'port': self.addr[1],
+            })
+        return paramiko.AUTH_FAILED
+
+    def check_auth_publickey(self, username, public_key):
+        self.user = user = check_user_is_valid(username=username, public_key=public_key)
+
+        if self.user:
+            self.username = username = user.username
+            logger.info('Accepted public key for %(username)s from %(host)s port %(port)s ' % {
+                'username': username,
+                'host': self.addr[0],
+                'port': self.addr[1],
+            })
+            return paramiko.AUTH_SUCCESSFUL
+        else:
+            logger.info('Authentication public key failed for %(username)s from %(host)s port %(port)s ' % {
+                'username': username,
+                'host': self.addr[0],
+                'port': self.addr[1],
+            })
+        return paramiko.AUTH_FAILED
+
+    def get_allowed_auths(self, username):
+        auth_method_list = []
+        if settings.CONFIG.SSH_PASSWORD_AUTH:
+            auth_method_list.append('password')
+        if settings.CONFIG.SSH_PUBLICK_KEY_AUTH:
+            auth_method_list.append('publickey')
+        return ','.join(auth_method_list)
+
+    def check_channel_shell_request(self, channel):
+        self.event.set()
+        self.__class__.channel_pools.append(channel)
+        channel.username = self.username
+        channel.addr = self.addr
+        return True
+
+    def check_channel_pty_request(self, channel, term, width, height, pixelwidth,
+                                     pixelheight, modes):
+        channel.change_window_size_event = threading.Event()
+        channel.width = width
+        channel.height = height
+        return True
+
+    def check_channel_window_change_request(self, channel, width, height, pixelwidth, pixelheight):
+        channel.change_window_size_event.set()
+        channel.width = width
+        channel.height = height
+        return True
+
+
+class BackendServer:
+    def __init__(self, host, port, username):
+        self.host = host
+        self.port = port
+        self.username = username
+        self.ssh = None
+        self.channel = None
+
+    def connect(self, term='xterm', width=80, height=24, timeout=10):
+        self.ssh = ssh = paramiko.SSHClient()
+        ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+
+        try:
+            ssh.connect(hostname=self.host, port=self.port, username=self.username, password=self.host_password,
+                        pkey=self.host_private_key, look_for_keys=False, allow_agent=True, compress=True, timeout=timeout)
+        except Exception:
+            logger.warning('Connect backend server %s failed' % self.host)
+            return None
+
+        self.channel = channel = ssh.invoke_shell(term=term, width=width, height=height)
+        logger.info('Connect backend server %(username)s@%(host)s:%(port)s successfully' % {
+            'username': self.username,
+            'host': self.host,
+            'port': self.port,
+        })
+        channel.settimeout(100)
+        channel.host = self.host
+        channel.port = self.port
+        channel.username = self.username
+        return channel
+
+    @property
+    def host_password(self):
+        return 'redhat'
+
+    @property
+    def host_private_key(self):
+        return None
+
+
+class Navigation:
+    def __init__(self, username, client_channel):
+        self.username = username
+        self.client_channel = client_channel
+
+    def display_banner(self):
+        client_channel = self.client_channel
+        client_channel.send(control_char.clear)
+        client_channel.send('\r\n\r\n\t\tWelcome to use Jumpserver open source system !\r\n\r\n')
+        client_channel.send('If you find some bug please contact us <ibuler@qq.com>\r\n')
+        client_channel.send('See more at https://www.jumpserver.org\r\n')
+        # client_channel.send(self.username)
+
+    def display(self):
+        self.display_banner()
+
+    def return_to_connect(self):
+        pass
+
+
+class ProxyChannel:
+    ENTER_CHAR = ['\r', '\n', '\r\n']
+    input_data = []
+    output_data = []
+
+    def __init__(self, client_channel, backend_channel, client_addr):
+        self.client_channel = client_channel
+        self.backend_channel = backend_channel
+        self.client_addr = client_addr
+        self.in_input_mode = True
+
+    def stream_flow(self, input_=None, output_=None):
+        if input_:
+            self.in_input_mode = True
+            if input_ in ['\r', '\n', '\r\n']:
+                self.in_input_mode = False
+
+        if output_:
+            print(''.join(self.__class__.output_data))
+            if not self.in_input_mode:
+                command = ''.join(self.__class__.output_data)
+                del self.__class__.output_data
+                self.__class__.output_data = []
+            self.__class__.output_data.append(output_)
+
+    def proxy(self):
+        client_channel = self.client_channel
+        backend_channel = self.backend_channel
+        client_addr = self.client_addr
+
+        while True:
+            r, w, x = select.select([client_channel, backend_channel], [], [])
+
+            if client_channel.change_window_size_event.is_set():
+                backend_channel.resize_pty(width=client_channel.width, height=client_channel.height)
+
+            if client_channel in r:
+                self.in_input_mode = True
+                client_data = client_channel.recv(1024)
+
+                if client_data in self.__class__.ENTER_CHAR:
+                    self.in_input_mode = False
+                    command = ''.join(self.__class__.output_data)
+                    print('########### command ##########')
+                    print(command)
+                    print('########### end command ##########')
+                    del self.__class__.output_data
+                    self.__class__.output_data = []
+                    backend_channel.send(client_data)
+                    output = ''.join(self.__class__.output_data)
+                    print('>>>>>>>>>>> output <<<<<<<<<<')
+                    print(output)
+                    print('>>>>>>>>>>> end output <<<<<<<<<<')
+                    continue
+
+                if len(client_data) == 0:
+                    logger.info('Logout from ssh server %(host)s: %(username)s' % {
+                        'host': client_addr[0],
+                        'username': client_channel.username,
+                    })
+                    break
+                backend_channel.send(client_data)
+
+            if backend_channel in r:
+                backend_data = backend_channel.recv(1024)
+                if len(backend_data) == 0:
+                    client_channel.send('Disconnect from %s \r\n' % backend_channel.host)
+                    client_channel.close()
+                    logger.info('Logout from backend server %(host)s: %(username)s' % {
+                        'host': backend_channel.host,
+                        'username': backend_channel.username,
+                    })
+                    break
+                self.__class__.output_data.append(backend_data)
+                client_channel.send(backend_data)
+
+
+class JumpServer:
+    backend_server_pools = []
+    backend_channel_pools = []
+    client_channel_pools = []
+
+    CONTROL_CHAR = {
+        'clear': ''
+    }
+
+    def __init__(self):
+        self.listen_host = '0.0.0.0'
+        self.listen_port = 2222
+
+    def display_navigation(self, username, client_channel):
+        nav = Navigation(username, client_channel)
+        nav.display()
+        return 'j', 22, 'root'
+
+    def get_client_channel(self, client, addr):
+        transport = paramiko.Transport(client, gss_kex=False)
+        transport.set_gss_host(socket.getfqdn(""))
+        try:
+            transport.load_server_moduli()
+        except:
+            logger.warning('Failed to load moduli -- gex will be unsupported.')
+            raise
+
+        transport.add_server_key(SSHServer.get_host_key())
+        ssh_server = SSHServer(client, addr)
+
+        try:
+            transport.start_server(server=ssh_server)
+        except paramiko.SSHException:
+            logger.warning('SSH negotiation failed.')
+
+        client_channel = transport.accept(20)
+        if client_channel is None:
+            logger.warning('No ssh channel get.')
+            return None
+
+        self.__class__.client_channel_pools.append(client_channel)
+        if not ssh_server.event.is_set():
+            logger.warning('Client never asked for a shell.')
+        return client_channel
+
+    def get_backend_channel(self, host, port, username, term='xterm', width=80, height=24):
+        backend_server = BackendServer(host, port, username)
+        backend_channel = backend_server.connect(term=term, width=width, height=height)
+
+        if backend_channel is None:
+            logger.warning('Connect %(username)s@%(host)s:%(port)s failed' % {
+                'username': username,
+                'host': host,
+                'port': port,
+            })
+            return None
+
+        self.__class__.backend_server_pools.append(backend_server)
+        self.__class__.backend_channel_pools.append(backend_channel)
+
+        return backend_channel
+
+    def command_flow(self, input_=None, output_=None):
+        pass
+
+    def handle_ssh_request(self, client, addr):
+        logger.info("Get ssh request from %(host)s:%(port)s" % {
+            'host': addr[0],
+            'port': addr[1],
+        })
+
+        try:
+            client_channel = self.get_client_channel(client, addr)
+            if client_channel is None:
+                client.close()
+                return
+
+            host, port, username = self.display_navigation('root', client_channel)
+            backend_channel = self.get_backend_channel(host, port, username,
+                                                       width=client_channel.width,
+                                                       height=client_channel.height)
+            if backend_channel is None:
+                client.shutdown()
+                client.close()
+                client.send('Close')
+                return
+
+            proxy_channel = ProxyChannel(client_channel, backend_channel, addr)
+            proxy_channel.proxy()
+
+        # Todo: catch other exception
+        except IndexError:
+            logger.info('Close with server %s from %s' % (addr[0], addr[1]))
+            sys.exit(100)
+
+    def listen(self):
+        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+        sock.bind((self.listen_host, self.listen_port))
+        sock.listen(5)
+
+        print(time.ctime())
+        print('Jumpserver version %s, more see https://www.jumpserver.org' % __version__)
+        print('Starting ssh server at %(host)s:%(port)s' % {'host': self.listen_host, 'port': self.listen_port})
+        print('Quit the server with CONTROL-C.')
+
+        while True:
+            try:
+                client, addr = sock.accept()
+                thread = threading.Thread(target=self.handle_ssh_request, args=(client, addr))
+                thread.daemon = True
+                thread.start()
+            except Exception as e:
+                logger.error('Bind failed: ' + str(e))
+                traceback.print_exc()
+                sys.exit(1)
+
+
+if __name__ == '__main__':
+    server = JumpServer()
+    try:
+        server.listen()
+    except KeyboardInterrupt:
+        sys.exit(1)
+
--- a/terminal/utils.py
+++ b/terminal/utils.py
@ -0,0 +1,34 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+#
+
+import logging
+from logging.config import dictConfig
+from ssh_config import config, env
+
+
+CONFIG_SSH_SERVER = config.get(env)
+
+
+def get_logger(name):
+    dictConfig(CONFIG_SSH_SERVER.LOGGING)
+    return logging.getLogger('jumpserver.%s' % name)
+
+
+class ControlChar:
+    CHARS = {
+        'clear': '\x1b[H\x1b[2J',
+    }
+
+    def __init__(self):
+        pass
+
+    def __getattr__(self, item):
+        return self.__class__.CHARS.get(item, '')
+
+
+class SSHServerException(Exception):
+    pass
+
+
+control_char = ControlChar()
--- a/terminal/web_ssh_server.py
+++ b/terminal/web_ssh_server.py
@ -0,0 +1,3 @@
+# -*- coding: utf-8 -*-
+#
+