From 172b6edd280934f2f97113c620e402020df9f053 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Mon, 7 Sep 2020 17:42:59 +0800 Subject: [PATCH] =?UTF-8?q?feat(user):=E5=90=8C=E4=B8=80=E4=B8=AA=E8=B4=A6?= =?UTF-8?q?=E5=8F=B7=E4=BB=85=E5=85=81=E8=AE=B8=E5=9C=A8=E4=B8=80=E5=8F=B0?= =?UTF-8?q?=E7=BB=88=E7=AB=AF=E8=AE=BE=E5=A4=87=E7=99=BB=E5=BD=95=20(#4590?= =?UTF-8?q?)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat(user):同一个账号仅允许在一台终端设备登录 * feat(user):同一个账号仅允许在一台终端设备登录 * feat(user):同一个账号仅允许在一台终端设备登录 * feat(user):同一个账号仅允许在一台终端设备登录 * feat(user):同一个账号仅允许在一台终端设备登录 Co-authored-by: peijianbo --- apps/authentication/signals_handlers.py | 16 ++++++++++++++++ apps/jumpserver/conf.py | 3 ++- apps/jumpserver/settings/custom.py | 3 +++ config_example.yml | 5 ++++- 4 files changed, 25 insertions(+), 2 deletions(-) diff --git a/apps/authentication/signals_handlers.py b/apps/authentication/signals_handlers.py index 461ddbb99..dc6bf5e27 100644 --- a/apps/authentication/signals_handlers.py +++ b/apps/authentication/signals_handlers.py @@ -1,3 +1,8 @@ +from importlib import import_module + +from django.conf import settings +from django.contrib.auth import user_logged_in +from django.core.cache import cache from django.dispatch import receiver from jms_oidc_rp.signals import openid_user_login_failed, openid_user_login_success @@ -5,6 +10,17 @@ from jms_oidc_rp.signals import openid_user_login_failed, openid_user_login_succ from .signals import post_auth_success, post_auth_failed +@receiver(user_logged_in) +def on_user_auth_login_success(sender, user, request, **kwargs): + if settings.USER_LOGIN_SINGLE_MACHINE_ENABLED: + user_id = 'single_machine_login_' + str(user.id) + session_key = cache.get(user_id) + if session_key and session_key != request.session.session_key: + session = import_module(settings.SESSION_ENGINE).SessionStore(session_key) + session.delete() + cache.set(user_id, request.session.session_key, None) + + @receiver(openid_user_login_success) def on_oidc_user_login_success(sender, request, user, **kwargs): post_auth_success.send(sender, user=user, request=request) diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index dcbf439da..0e186726e 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -266,7 +266,8 @@ class Config(dict): 'ORG_CHANGE_TO_URL': '', 'LANGUAGE_CODE': 'zh', 'TIME_ZONE': 'Asia/Shanghai', - 'CHANGE_AUTH_PLAN_SECURE_MODE_ENABLED': True + 'CHANGE_AUTH_PLAN_SECURE_MODE_ENABLED': True, + 'USER_LOGIN_SINGLE_MACHINE_ENABLED': False } def compatible_auth_openid_of_key(self): diff --git a/apps/jumpserver/settings/custom.py b/apps/jumpserver/settings/custom.py index b691d3ce5..5149c3d9c 100644 --- a/apps/jumpserver/settings/custom.py +++ b/apps/jumpserver/settings/custom.py @@ -70,6 +70,9 @@ FLOWER_URL = CONFIG.FLOWER_URL # Enable internal period task PERIOD_TASK_ENABLED = CONFIG.PERIOD_TASK_ENABLED +# only allow single machine login with the same account +USER_LOGIN_SINGLE_MACHINE_ENABLED = CONFIG.USER_LOGIN_SINGLE_MACHINE_ENABLED + # Email custom content EMAIL_SUBJECT_PREFIX = DYNAMIC.EMAIL_SUBJECT_PREFIX EMAIL_SUFFIX = DYNAMIC.EMAIL_SUFFIX diff --git a/config_example.yml b/config_example.yml index fd8710c78..f23b5c7e5 100644 --- a/config_example.yml +++ b/config_example.yml @@ -116,7 +116,10 @@ REDIS_PORT: 6379 # Perm show single asset to ungrouped node # 是否把未授权节点资产放入到 未分组 节点中 -# PERM_SINGLE_ASSET_TO_UNGROUP_NODE: false +# PERM_SINGLE_ASSET_TO_UNGROUP_NODE: False +# +# 同一账号仅允许在一台设备登录 +# USER_LOGIN_SINGLE_MACHINE_ENABLED: False # # 启用定时任务 # PERIOD_TASK_ENABLE: True