github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

Update signer

pull/530/head
ibuler 2016-11-01 17:21:16 +08:00
parent f1dfba6a93
commit 1159d9494c
9 changed files with 70 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
apps/assets/api.py
View File

@ -1,11 +1,16 @@
# ~*~ coding: utf-8 ~*~ # ~*~ coding: utf-8 ~*~
from rest_framework import serializers from rest_framework import serializers
from rest_framework import viewsets, serializers,generics from rest_framework import viewsets, serializers, generics
from .models import AssetGroup, Asset, IDC, AssetExtend from rest_framework.views import APIView
from rest_framework_bulk import BulkListSerializer, BulkSerializerMixin, ListBulkCreateUpdateDestroyAPIView
from common.mixins import BulkDeleteApiMixin from common.mixins import BulkDeleteApiMixin
from rest_framework_bulk import BulkListSerializer, BulkSerializerMixin,ListBulkCreateUpdateDestroyAPIView from common.utils import get_object_or_none
from .serializers import * from .models import AssetGroup, Asset, IDC, AssetExtend
from .serializers import AssetBulkUpdateSerializer
class AssetGroupSerializer(serializers.ModelSerializer): class AssetGroupSerializer(serializers.ModelSerializer):
class Meta: class Meta:
model = AssetGroup model = AssetGroup
@ -52,6 +57,21 @@ class IDCViewSet(viewsets.ReadOnlyModelViewSet):
queryset = IDC.objects.all() queryset = IDC.objects.all()
serializer_class = IDCSerializer serializer_class = IDCSerializer
class AssetListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView): class AssetListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView):
queryset = Asset.objects.all() queryset = Asset.objects.all()
serializer_class = AssetBulkUpdateSerializer serializer_class = AssetBulkUpdateSerializer
class AssetSystemUserAuthApi(APIView):
def get(self, request, *args, **kwargs):
system_user_id = request.data.get('system_user_id', -1)
system_user_username = request.data.get('system_user_username', '')
system_user = get_object_or_none(Asset, id=system_user_id, username=system_user_username)
if system_user:
password = system_user.password
private_key = system_user.private_key

24
apps/assets/models.py
View File

@ -7,7 +7,7 @@ from django.core import serializers
import logging import logging
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from common.utils import encrypt, decrypt from common.utils import signer
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -111,23 +111,23 @@ class AdminUser(models.Model):
@password.setter @password.setter
def password(self, password_raw): def password(self, password_raw):
self._password = encrypt(password_raw) self._password = signer.sign(password_raw)
@property @property
def private_key(self): def private_key(self):
return decrypt(self._private_key) return signer.unsign(self._private_key)
@private_key.setter @private_key.setter
def private_key(self, private_key_raw): def private_key(self, private_key_raw):
self._private_key = encrypt(private_key_raw) self._private_key = signer.sign(private_key_raw)
@property @property
def public_key(self): def public_key(self):
return decrypt(self._public_key) return signer.unsign(self._public_key)
@public_key.setter @public_key.setter
def public_key(self, public_key_raw): def public_key(self, public_key_raw):
self._public_key = encrypt(public_key_raw) self._public_key = signer.sign(public_key_raw)
class Meta: class Meta:
db_table = 'admin_user' db_table = 'admin_user'
@ -179,27 +179,27 @@ class SystemUser(models.Model):
@property @property
def password(self): def password(self):
return decrypt(self._password) return signer.sign(self._password)
@password.setter @password.setter
def password(self, password_raw): def password(self, password_raw):
self._password = encrypt(password_raw) self._password = signer.sign(password_raw)
@property @property
def private_key(self): def private_key(self):
return decrypt(self._private_key) return signer(self._private_key)
@private_key.setter @private_key.setter
def private_key(self, private_key_raw): def private_key(self, private_key_raw):
self._private_key = encrypt(private_key_raw) self._private_key = signer(private_key_raw)
@property @property
def public_key(self): def public_key(self):
return decrypt(self._public_key) return signer(self._public_key)
@public_key.setter @public_key.setter
def public_key(self, public_key_raw): def public_key(self, public_key_raw):
self._public_key = encrypt(public_key_raw) self._public_key = signer(public_key_raw)
def get_assets_inherit_from_asset_groups(self): def get_assets_inherit_from_asset_groups(self):
assets = set() assets = set()

1
apps/assets/serializers.py
View File

@ -5,6 +5,7 @@ from .models import AssetGroup, Asset, IDC, AssetExtend
from common.mixins import BulkDeleteApiMixin from common.mixins import BulkDeleteApiMixin
from rest_framework_bulk import BulkListSerializer, BulkSerializerMixin from rest_framework_bulk import BulkListSerializer, BulkSerializerMixin
class AssetBulkUpdateSerializer(BulkSerializerMixin, serializers.ModelSerializer): class AssetBulkUpdateSerializer(BulkSerializerMixin, serializers.ModelSerializer):
# group_display = serializers.SerializerMethodField() # group_display = serializers.SerializerMethodField()
# active_display = serializers.SerializerMethodField() # active_display = serializers.SerializerMethodField()

44
apps/common/utils.py
View File

@ -8,7 +8,7 @@ import string
import logging import logging
import datetime import datetime
from itsdangerous import Signer, TimedJSONWebSignatureSerializer, JSONWebSignatureSerializer, TimestampSigner, \ from itsdangerous import TimedJSONWebSignatureSerializer, JSONWebSignatureSerializer, \
BadSignature, SignatureExpired BadSignature, SignatureExpired
from django.shortcuts import reverse as dj_reverse from django.shortcuts import reverse as dj_reverse
from django.conf import settings from django.conf import settings
@ -34,31 +34,25 @@ def get_object_or_none(model, **kwargs):
return obj return obj
def encrypt(*args, **kwargs): class Signer(object):
try: def __init__(self, secret_key=SECRET_KEY):
return signing.dumps(*args, **kwargs) self.secret_key = secret_key
except signing.BadSignature:
return ''
def sign(self, value):
s = JSONWebSignatureSerializer(self.secret_key)
return s.dumps(value)
def decrypt(*args, **kwargs): def unsign(self, value):
try: s = JSONWebSignatureSerializer(self.secret_key)
return signing.loads(*args, **kwargs) return s.loads(value)
except signing.BadSignature:
return ''
def sign_t(self, value, expires_in=3600):
s = TimedJSONWebSignatureSerializer(self.secret_key, expires_in=expires_in)
return s.dumps(value)
def sign(value, secret_key=SECRET_KEY): def unsign_t(self, value):
signer = TimestampSigner(secret_key) s = TimedJSONWebSignatureSerializer(self.secret_key)
return signer.sign(value) return s.loads(value)
def unsign(value, max_age=3600, secret_key=SECRET_KEY):
signer = TimestampSigner(secret_key)
try:
return signer.unsign(value, max_age=max_age)
except (BadSignature, SignatureExpired):
return ''
def date_expired_default(): def date_expired_default():
@ -69,10 +63,6 @@ def date_expired_default():
return timezone.now() + timezone.timedelta(days=365*years) return timezone.now() + timezone.timedelta(days=365*years)
def sign(value):
return SIGNER.sign(value)
def combine_seq(s1, s2, callback=None): def combine_seq(s1, s2, callback=None):
for s in (s1, s2): for s in (s1, s2):
if not hasattr(s, '__iter__'): if not hasattr(s, '__iter__'):
@ -165,3 +155,5 @@ def timesince(dt, since='', default="just now"):
return "%d %s" % (period, singular if period == 1 else plural) return "%d %s" % (period, singular if period == 1 else plural)
return default return default
signer = Signer()

4
apps/terminal/api.py
View File

@ -5,7 +5,7 @@ from rest_framework.generics import ListCreateAPIView, RetrieveUpdateDestroyAPIV
from rest_framework.views import APIView, Response from rest_framework.views import APIView, Response
from rest_framework.permissions import AllowAny from rest_framework.permissions import AllowAny
from common.utils import unsign, get_object_or_none from common.utils import signer, get_object_or_none
from .models import Terminal, TerminalHeatbeat from .models import Terminal, TerminalHeatbeat
from .serializers import TerminalSerializer, TerminalHeatbeatSerializer from .serializers import TerminalSerializer, TerminalHeatbeatSerializer
from .hands import IsSuperUserOrTerminalUser from .hands import IsSuperUserOrTerminalUser
@ -17,7 +17,7 @@ class TerminalCreateListApi(ListCreateAPIView):
permission_classes = (AllowAny,) permission_classes = (AllowAny,)
def post(self, request, *args, **kwargs): def post(self, request, *args, **kwargs):
name = unsign(request.data.get('name', '')) name = signer.unsign(request.data.get('name', ''))
if name: if name:
terminal = get_object_or_none(Terminal, name=name) terminal = get_object_or_none(Terminal, name=name)
if terminal: if terminal:

3
apps/users/api.py
View File

@ -138,7 +138,6 @@ class UserTokenApi(APIView):
cache.set(token, user.id, self.expiration) cache.set(token, user.id, self.expiration)
cache.set('%s_%s' % (user.id, remote_addr), token, self.expiration) cache.set('%s_%s' % (user.id, remote_addr), token, self.expiration)
return Response({'token': token}) return Response({'token': token, 'id': user.id, 'username': user.username, 'name': user.name})
else: else:
return Response({'msg': 'Invalid password or public key or user is not active or expired'}) return Response({'msg': 'Invalid password or public key or user is not active or expired'})

4
apps/users/backends.py
View File

@ -9,7 +9,7 @@ from django.utils.translation import ugettext as _
from rest_framework import authentication, exceptions, permissions from rest_framework import authentication, exceptions, permissions
from rest_framework.compat import is_authenticated from rest_framework.compat import is_authenticated
from common.utils import unsign, get_object_or_none from common.utils import signer, get_object_or_none
from .hands import Terminal from .hands import Terminal
from .models import User from .models import User
@ -39,7 +39,7 @@ class TerminalAuthentication(authentication.BaseAuthentication):
return self.authenticate_credentials(sign) return self.authenticate_credentials(sign)
def authenticate_credentials(self, sign): def authenticate_credentials(self, sign):
name = unsign(sign, max_age=300) name = signer.unsign(sign)
if name: if name:
terminal = get_object_or_none(self.model, name=name) terminal = get_object_or_none(self.model, name=name)
else: else:

16
apps/users/models.py
View File

@ -15,7 +15,7 @@ from django.shortcuts import reverse
from rest_framework.authtoken.models import Token from rest_framework.authtoken.models import Token
from common.utils import encrypt, decrypt, date_expired_default from common.utils import signer, date_expired_default
from common.mixins import NoDeleteModelMixin from common.mixins import NoDeleteModelMixin
@ -120,19 +120,19 @@ class User(AbstractUser):
@property @property
def private_key(self): def private_key(self):
return decrypt(self._private_key) return signer.unsign(self._private_key)
@private_key.setter @private_key.setter
def private_key(self, private_key_raw): def private_key(self, private_key_raw):
self._private_key = encrypt(private_key_raw) self._private_key = signer.sign(private_key_raw)
@property @property
def public_key(self): def public_key(self):
return decrypt(self._public_key) return signer.unsign(self._public_key)
@public_key.setter @public_key.setter
def public_key(self, public_key_raw): def public_key(self, public_key_raw):
self._public_key = encrypt(public_key_raw) self._public_key = signer.sign(public_key_raw)
@property @property
def is_superuser(self): def is_superuser(self):
@ -199,12 +199,12 @@ class User(AbstractUser):
return False return False
def generate_reset_token(self): def generate_reset_token(self):
return signing.dumps({'reset': self.id, 'email': self.email}) return signer.sign_t({'reset': self.id, 'email': self.email}, expires_in=3600)
@classmethod @classmethod
def validate_reset_token(cls, token, max_age=3600): def validate_reset_token(cls, token):
try: try:
data = signing.loads(token, max_age=max_age) data = signer.unsign_t(token)
user_id = data.get('reset', None) user_id = data.get('reset', None)
user_email = data.get('email', '') user_email = data.get('email', '')
user = cls.objects.get(id=user_id, email=user_email) user = cls.objects.get(id=user_id, email=user_email)

13
apps/users/serializers.py
View File

@ -5,7 +5,7 @@ from django.utils.translation import ugettext_lazy as _
from rest_framework import serializers from rest_framework import serializers
from rest_framework_bulk import BulkListSerializer, BulkSerializerMixin from rest_framework_bulk import BulkListSerializer, BulkSerializerMixin
from common.utils import unsign from common.utils import signer
from .models import User, UserGroup from .models import User, UserGroup
@ -84,14 +84,3 @@ class GroupBulkUpdateSerializer(BulkSerializerMixin, serializers.ModelSerializer
def get_user_amount(obj): def get_user_amount(obj):
return obj.users.count() return obj.users.count()
class AppUserRegisterSerializer(serializers.Serializer):
username = serializers.CharField(max_length=20)
def create(self, validated_data):
sign = validated_data('username', '')
username = unsign(sign)
pass
def update(self, instance, validated_data):
pass