mirror of https://github.com/jumpserver/jumpserver
Update signer
ibuler
parent
f1dfba6a93
commit
1159d9494c
|
|
@ -1,11 +1,16 @@
|
|||
# ~*~ coding: utf-8 ~*~
|
||||
|
||||
from rest_framework import serializers
|
||||
from rest_framework import viewsets, serializers,generics
|
||||
from .models import AssetGroup, Asset, IDC, AssetExtend
|
||||
from rest_framework import viewsets, serializers, generics
|
||||
from rest_framework.views import APIView
|
||||
from rest_framework_bulk import BulkListSerializer, BulkSerializerMixin, ListBulkCreateUpdateDestroyAPIView
|
||||
|
||||
from common.mixins import BulkDeleteApiMixin
|
||||
from rest_framework_bulk import BulkListSerializer, BulkSerializerMixin,ListBulkCreateUpdateDestroyAPIView
|
||||
from .serializers import *
|
||||
from common.utils import get_object_or_none
|
||||
from .models import AssetGroup, Asset, IDC, AssetExtend
|
||||
from .serializers import AssetBulkUpdateSerializer
|
||||
|
||||
|
||||
class AssetGroupSerializer(serializers.ModelSerializer):
|
||||
class Meta:
|
||||
model = AssetGroup
|
||||
|
|
@ -52,6 +57,21 @@ class IDCViewSet(viewsets.ReadOnlyModelViewSet):
|
|||
queryset = IDC.objects.all()
|
||||
serializer_class = IDCSerializer
|
||||
|
||||
|
||||
class AssetListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView):
|
||||
queryset = Asset.objects.all()
|
||||
serializer_class = AssetBulkUpdateSerializer
|
||||
serializer_class = AssetBulkUpdateSerializer
|
||||
|
||||
|
||||
class AssetSystemUserAuthApi(APIView):
|
||||
def get(self, request, *args, **kwargs):
|
||||
system_user_id = request.data.get('system_user_id', -1)
|
||||
system_user_username = request.data.get('system_user_username', '')
|
||||
|
||||
system_user = get_object_or_none(Asset, id=system_user_id, username=system_user_username)
|
||||
|
||||
if system_user:
|
||||
password = system_user.password
|
||||
private_key = system_user.private_key
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ from django.core import serializers
|
|||
import logging
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from common.utils import encrypt, decrypt
|
||||
from common.utils import signer
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
|
@ -111,23 +111,23 @@ class AdminUser(models.Model):
|
|||
|
||||
@password.setter
|
||||
def password(self, password_raw):
|
||||
self._password = encrypt(password_raw)
|
||||
self._password = signer.sign(password_raw)
|
||||
|
||||
@property
|
||||
def private_key(self):
|
||||
return decrypt(self._private_key)
|
||||
return signer.unsign(self._private_key)
|
||||
|
||||
@private_key.setter
|
||||
def private_key(self, private_key_raw):
|
||||
self._private_key = encrypt(private_key_raw)
|
||||
self._private_key = signer.sign(private_key_raw)
|
||||
|
||||
@property
|
||||
def public_key(self):
|
||||
return decrypt(self._public_key)
|
||||
return signer.unsign(self._public_key)
|
||||
|
||||
@public_key.setter
|
||||
def public_key(self, public_key_raw):
|
||||
self._public_key = encrypt(public_key_raw)
|
||||
self._public_key = signer.sign(public_key_raw)
|
||||
|
||||
class Meta:
|
||||
db_table = 'admin_user'
|
||||
|
|
@ -179,27 +179,27 @@ class SystemUser(models.Model):
|
|||
|
||||
@property
|
||||
def password(self):
|
||||
return decrypt(self._password)
|
||||
return signer.sign(self._password)
|
||||
|
||||
@password.setter
|
||||
def password(self, password_raw):
|
||||
self._password = encrypt(password_raw)
|
||||
self._password = signer.sign(password_raw)
|
||||
|
||||
@property
|
||||
def private_key(self):
|
||||
return decrypt(self._private_key)
|
||||
return signer(self._private_key)
|
||||
|
||||
@private_key.setter
|
||||
def private_key(self, private_key_raw):
|
||||
self._private_key = encrypt(private_key_raw)
|
||||
self._private_key = signer(private_key_raw)
|
||||
|
||||
@property
|
||||
def public_key(self):
|
||||
return decrypt(self._public_key)
|
||||
return signer(self._public_key)
|
||||
|
||||
@public_key.setter
|
||||
def public_key(self, public_key_raw):
|
||||
self._public_key = encrypt(public_key_raw)
|
||||
self._public_key = signer(public_key_raw)
|
||||
|
||||
def get_assets_inherit_from_asset_groups(self):
|
||||
assets = set()
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ from .models import AssetGroup, Asset, IDC, AssetExtend
|
|||
from common.mixins import BulkDeleteApiMixin
|
||||
from rest_framework_bulk import BulkListSerializer, BulkSerializerMixin
|
||||
|
||||
|
||||
class AssetBulkUpdateSerializer(BulkSerializerMixin, serializers.ModelSerializer):
|
||||
# group_display = serializers.SerializerMethodField()
|
||||
# active_display = serializers.SerializerMethodField()
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ import string
|
|||
import logging
|
||||
import datetime
|
||||
|
||||
from itsdangerous import Signer, TimedJSONWebSignatureSerializer, JSONWebSignatureSerializer, TimestampSigner, \
|
||||
from itsdangerous import TimedJSONWebSignatureSerializer, JSONWebSignatureSerializer, \
|
||||
BadSignature, SignatureExpired
|
||||
from django.shortcuts import reverse as dj_reverse
|
||||
from django.conf import settings
|
||||
|
|
@ -34,31 +34,25 @@ def get_object_or_none(model, **kwargs):
|
|||
return obj
|
||||
|
||||
|
||||
def encrypt(*args, **kwargs):
|
||||
try:
|
||||
return signing.dumps(*args, **kwargs)
|
||||
except signing.BadSignature:
|
||||
return ''
|
||||
class Signer(object):
|
||||
def __init__(self, secret_key=SECRET_KEY):
|
||||
self.secret_key = secret_key
|
||||
|
||||
def sign(self, value):
|
||||
s = JSONWebSignatureSerializer(self.secret_key)
|
||||
return s.dumps(value)
|
||||
|
||||
def decrypt(*args, **kwargs):
|
||||
try:
|
||||
return signing.loads(*args, **kwargs)
|
||||
except signing.BadSignature:
|
||||
return ''
|
||||
def unsign(self, value):
|
||||
s = JSONWebSignatureSerializer(self.secret_key)
|
||||
return s.loads(value)
|
||||
|
||||
def sign_t(self, value, expires_in=3600):
|
||||
s = TimedJSONWebSignatureSerializer(self.secret_key, expires_in=expires_in)
|
||||
return s.dumps(value)
|
||||
|
||||
def sign(value, secret_key=SECRET_KEY):
|
||||
signer = TimestampSigner(secret_key)
|
||||
return signer.sign(value)
|
||||
|
||||
|
||||
def unsign(value, max_age=3600, secret_key=SECRET_KEY):
|
||||
signer = TimestampSigner(secret_key)
|
||||
try:
|
||||
return signer.unsign(value, max_age=max_age)
|
||||
except (BadSignature, SignatureExpired):
|
||||
return ''
|
||||
def unsign_t(self, value):
|
||||
s = TimedJSONWebSignatureSerializer(self.secret_key)
|
||||
return s.loads(value)
|
||||
|
||||
|
||||
def date_expired_default():
|
||||
|
|
@ -69,10 +63,6 @@ def date_expired_default():
|
|||
return timezone.now() + timezone.timedelta(days=365*years)
|
||||
|
||||
|
||||
def sign(value):
|
||||
return SIGNER.sign(value)
|
||||
|
||||
|
||||
def combine_seq(s1, s2, callback=None):
|
||||
for s in (s1, s2):
|
||||
if not hasattr(s, '__iter__'):
|
||||
|
|
@ -165,3 +155,5 @@ def timesince(dt, since='', default="just now"):
|
|||
return "%d %s" % (period, singular if period == 1 else plural)
|
||||
return default
|
||||
|
||||
|
||||
signer = Signer()
|
||||
|
|
@ -5,7 +5,7 @@ from rest_framework.generics import ListCreateAPIView, RetrieveUpdateDestroyAPIV
|
|||
from rest_framework.views import APIView, Response
|
||||
from rest_framework.permissions import AllowAny
|
||||
|
||||
from common.utils import unsign, get_object_or_none
|
||||
from common.utils import signer, get_object_or_none
|
||||
from .models import Terminal, TerminalHeatbeat
|
||||
from .serializers import TerminalSerializer, TerminalHeatbeatSerializer
|
||||
from .hands import IsSuperUserOrTerminalUser
|
||||
|
|
@ -17,7 +17,7 @@ class TerminalCreateListApi(ListCreateAPIView):
|
|||
permission_classes = (AllowAny,)
|
||||
|
||||
def post(self, request, *args, **kwargs):
|
||||
name = unsign(request.data.get('name', ''))
|
||||
name = signer.unsign(request.data.get('name', ''))
|
||||
if name:
|
||||
terminal = get_object_or_none(Terminal, name=name)
|
||||
if terminal:
|
||||
|
|
|
|||
|
|
@ -138,7 +138,6 @@ class UserTokenApi(APIView):
|
|||
|
||||
cache.set(token, user.id, self.expiration)
|
||||
cache.set('%s_%s' % (user.id, remote_addr), token, self.expiration)
|
||||
return Response({'token': token})
|
||||
return Response({'token': token, 'id': user.id, 'username': user.username, 'name': user.name})
|
||||
else:
|
||||
return Response({'msg': 'Invalid password or public key or user is not active or expired'})
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ from django.utils.translation import ugettext as _
|
|||
from rest_framework import authentication, exceptions, permissions
|
||||
from rest_framework.compat import is_authenticated
|
||||
|
||||
from common.utils import unsign, get_object_or_none
|
||||
from common.utils import signer, get_object_or_none
|
||||
from .hands import Terminal
|
||||
from .models import User
|
||||
|
||||
|
|
@ -39,7 +39,7 @@ class TerminalAuthentication(authentication.BaseAuthentication):
|
|||
return self.authenticate_credentials(sign)
|
||||
|
||||
def authenticate_credentials(self, sign):
|
||||
name = unsign(sign, max_age=300)
|
||||
name = signer.unsign(sign)
|
||||
if name:
|
||||
terminal = get_object_or_none(self.model, name=name)
|
||||
else:
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ from django.shortcuts import reverse
|
|||
|
||||
from rest_framework.authtoken.models import Token
|
||||
|
||||
from common.utils import encrypt, decrypt, date_expired_default
|
||||
from common.utils import signer, date_expired_default
|
||||
from common.mixins import NoDeleteModelMixin
|
||||
|
||||
|
||||
|
|
@ -120,19 +120,19 @@ class User(AbstractUser):
|
|||
|
||||
@property
|
||||
def private_key(self):
|
||||
return decrypt(self._private_key)
|
||||
return signer.unsign(self._private_key)
|
||||
|
||||
@private_key.setter
|
||||
def private_key(self, private_key_raw):
|
||||
self._private_key = encrypt(private_key_raw)
|
||||
self._private_key = signer.sign(private_key_raw)
|
||||
|
||||
@property
|
||||
def public_key(self):
|
||||
return decrypt(self._public_key)
|
||||
return signer.unsign(self._public_key)
|
||||
|
||||
@public_key.setter
|
||||
def public_key(self, public_key_raw):
|
||||
self._public_key = encrypt(public_key_raw)
|
||||
self._public_key = signer.sign(public_key_raw)
|
||||
|
||||
@property
|
||||
def is_superuser(self):
|
||||
|
|
@ -199,12 +199,12 @@ class User(AbstractUser):
|
|||
return False
|
||||
|
||||
def generate_reset_token(self):
|
||||
return signing.dumps({'reset': self.id, 'email': self.email})
|
||||
return signer.sign_t({'reset': self.id, 'email': self.email}, expires_in=3600)
|
||||
|
||||
@classmethod
|
||||
def validate_reset_token(cls, token, max_age=3600):
|
||||
def validate_reset_token(cls, token):
|
||||
try:
|
||||
data = signing.loads(token, max_age=max_age)
|
||||
data = signer.unsign_t(token)
|
||||
user_id = data.get('reset', None)
|
||||
user_email = data.get('email', '')
|
||||
user = cls.objects.get(id=user_id, email=user_email)
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ from django.utils.translation import ugettext_lazy as _
|
|||
from rest_framework import serializers
|
||||
from rest_framework_bulk import BulkListSerializer, BulkSerializerMixin
|
||||
|
||||
from common.utils import unsign
|
||||
from common.utils import signer
|
||||
from .models import User, UserGroup
|
||||
|
||||
|
||||
|
|
@ -84,14 +84,3 @@ class GroupBulkUpdateSerializer(BulkSerializerMixin, serializers.ModelSerializer
|
|||
def get_user_amount(obj):
|
||||
return obj.users.count()
|
||||
|
||||
|
||||
class AppUserRegisterSerializer(serializers.Serializer):
|
||||
username = serializers.CharField(max_length=20)
|
||||
|
||||
def create(self, validated_data):
|
||||
sign = validated_data('username', '')
|
||||
username = unsign(sign)
|
||||
pass
|
||||
|
||||
def update(self, instance, validated_data):
|
||||
pass
|
||||
|
|
|
|||
Loading…
Reference in New Issue