pref: 修改 connect token

apps/assets/api/mixin.py

@@ -68,9 +68,6 @@ class SerializeToTreeNodeMixin:
                     'data': {
                         'id': asset.id,
                         'name': asset.name,
-                        'address': asset.address,
-                        'protocols': asset.protocols_as_list,
-                        'platform': asset.platform.id,
                         'org_name': asset.org_name
                     },
                 }

apps/assets/models/asset/common.py

@@ -160,10 +160,6 @@ class Asset(NodesRelationMixin, AbsConnectivity, JMSOrgBaseModel):
             return 0
         return self.primary_protocol.port
 
-    @property
-    def protocols_as_list(self):
-        return [{'name': p.name, 'port': p.port} for p in self.protocols.all()]
-
     @lazyproperty
     def type(self):
         return self.platform.type

apps/authentication/api/connection_token.py

@@ -15,8 +15,8 @@ from rest_framework.response import Response
 
 from common.drf.api import JMSModelViewSet
 from common.http import is_true
+from common.utils import random_string
 from orgs.mixins.api import RootOrgViewMixin
-from orgs.utils import tmp_to_root_org
 from perms.models import ActionChoices
 from terminal.models import EndpointRule
 from ..models import ConnectionToken
@@ -249,10 +249,6 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
         serializer = self.get_serializer(instance=token)
         return Response(serializer.data, status=status.HTTP_200_OK)
 
-    def dispatch(self, request, *args, **kwargs):
-        with tmp_to_root_org():
-            return super().dispatch(request, *args, **kwargs)
-
     def get_queryset(self):
         return ConnectionToken.objects.filter(user=self.request.user)
 
@@ -269,16 +265,17 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
         data = serializer.validated_data
         user = self.get_user(serializer)
         asset = data.get('asset')
-        login = data.get('login')
+        account_name = data.get('account_name')
         data['org_id'] = asset.org_id
         data['user'] = user
+        data['value'] = random_string(16)
 
         util = PermAccountUtil()
-        permed_account = util.validate_permission(user, asset, login)
+        permed_account = util.validate_permission(user, asset, account_name)
 
         if not permed_account or not permed_account.actions:
             msg = 'user `{}` not has asset `{}` permission for login `{}`'.format(
-                user, asset, login
+                user, asset, account_name
             )
             raise PermissionDenied(msg)
 
@@ -286,9 +283,9 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
             raise PermissionDenied('Expired')
 
         if permed_account.has_secret:
-            data['secret'] = ''
+            data['input_secret'] = ''
         if permed_account.username != '@INPUT':
-            data['username'] = ''
+            data['input_username'] = ''
         return permed_account
 
 

apps/authentication/api/temp_token.py

@@ -2,10 +2,10 @@ from django.utils import timezone
 from rest_framework.response import Response
 from rest_framework.decorators import action
 
+from rbac.permissions import RBACPermission
 from common.drf.api import JMSModelViewSet
 from ..models import TempToken
 from ..serializers import TempTokenSerializer
-from rbac.permissions import RBACPermission
 
 
 class TempTokenViewSet(JMSModelViewSet):

apps/authentication/migrations/0015_auto_20221125_2240.py

@@ -0,0 +1,49 @@
+# Generated by Django 3.2.14 on 2022-11-25 14:40
+
+import common.db.fields
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0014_auto_20221122_2152'),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name='connectiontoken',
+            old_name='login',
+            new_name='account_name'
+        ),
+        migrations.RenameField(
+            model_name='connectiontoken',
+            old_name='secret',
+            new_name='value',
+        ),
+        migrations.RenameField(
+            model_name='connectiontoken',
+            old_name='username',
+            new_name='input_username',
+        ),
+        migrations.AddField(
+            model_name='connectiontoken',
+            name='input_secret',
+            field=common.db.fields.EncryptCharField(default='', max_length=128, verbose_name='Input Secret'),
+        ),
+        migrations.AlterField(
+            model_name='connectiontoken',
+            name='account_name',
+            field=models.CharField(max_length=128, verbose_name='Account name'),
+        ),
+        migrations.AlterField(
+            model_name='connectiontoken',
+            name='input_username',
+            field=models.CharField(default='', max_length=128, verbose_name='Input Username'),
+        ),
+        migrations.AlterField(
+            model_name='connectiontoken',
+            name='value',
+            field=models.CharField(default='', max_length=64, verbose_name='Value'),
+        ),
+    ]

apps/authentication/models/connection_token.py

@@ -19,6 +19,7 @@ def date_expired_default():
 
 
 class ConnectionToken(OrgModelMixin, JMSBaseModel):
+    value = models.CharField(max_length=64, default='', verbose_name=_("Value"))
     user = models.ForeignKey(
         'users.User', on_delete=models.SET_NULL,  null=True, blank=True,
         related_name='connection_tokens', verbose_name=_('User')
@@ -27,9 +28,9 @@ class ConnectionToken(OrgModelMixin, JMSBaseModel):
         'assets.Asset', on_delete=models.SET_NULL, null=True, blank=True,
         related_name='connection_tokens', verbose_name=_('Asset'),
     )
-    login = models.CharField(max_length=128, verbose_name=_("Login account"))
-    username = models.CharField(max_length=128, default='', verbose_name=_("Username"))
-    secret = EncryptCharField(max_length=64, default='', verbose_name=_("Secret"))
+    account_name = models.CharField(max_length=128, verbose_name=_("Account name"))  # 登录账号Name
+    input_username = models.CharField(max_length=128, default='', verbose_name=_("Input Username"))
+    input_secret = EncryptCharField(max_length=64, default='', verbose_name=_("Input Secret"))
     protocol = models.CharField(
         choices=Protocol.choices, max_length=16, default=Protocol.ssh, verbose_name=_("Protocol")
     )

apps/authentication/serializers/connection_token.py

@@ -15,15 +15,14 @@ __all__ = [
 
 
 class ConnectionTokenSerializer(OrgResourceModelSerializerMixin):
-    username = serializers.CharField(max_length=128, label=_("Input username"),
-                                     allow_null=True, allow_blank=True)
     expire_time = serializers.IntegerField(read_only=True, label=_('Expired time'))
 
     class Meta:
         model = ConnectionToken
-        fields_mini = ['id']
+        fields_mini = ['id', 'value']
         fields_small = fields_mini + [
-            'protocol', 'login', 'secret', 'username',
+            'protocol', 'account_name',
+            'input_username', 'input_secret',
             'actions', 'date_expired', 'date_created',
             'date_updated', 'created_by',
             'updated_by', 'org_id', 'org_name',
@@ -37,6 +36,9 @@ class ConnectionTokenSerializer(OrgResourceModelSerializerMixin):
             'user_display', 'asset_display',
         ]
         fields = fields_small + fields_fk + read_only_fields
+        extra_kwargs = {
+            'value': {'read_only': True},
+        }
 
     def get_request_user(self):
         request = self.context.get('request')

apps/perms/api/perm_token.py

@@ -1,5 +0,0 @@
-from rest_framework.viewsets import ModelViewSet
-
-
-class PermTokenViewSet(ModelViewSet):
-    pass