mirror of https://github.com/jumpserver/jumpserver
feat(user):同一个账号仅允许在一台终端设备登录 (#4590)
* feat(user):同一个账号仅允许在一台终端设备登录 * feat(user):同一个账号仅允许在一台终端设备登录 * feat(user):同一个账号仅允许在一台终端设备登录 * feat(user):同一个账号仅允许在一台终端设备登录 * feat(user):同一个账号仅允许在一台终端设备登录 Co-authored-by: peijianbo <peijainbo3006@163.com>pull/4595/head
fit2bot
GitHub
parent
e6f248bfa0
commit
172b6edd28
|
|
@ -1,3 +1,8 @@
|
||||||
|
from importlib import import_module
|
||||||
|
|
||||||
|
from django.conf import settings
|
||||||
|
from django.contrib.auth import user_logged_in
|
||||||
|
from django.core.cache import cache
|
||||||
from django.dispatch import receiver
|
from django.dispatch import receiver
|
||||||
|
|
||||||
from jms_oidc_rp.signals import openid_user_login_failed, openid_user_login_success
|
from jms_oidc_rp.signals import openid_user_login_failed, openid_user_login_success
|
||||||
|
|
@ -5,6 +10,17 @@ from jms_oidc_rp.signals import openid_user_login_failed, openid_user_login_succ
|
||||||
from .signals import post_auth_success, post_auth_failed
|
from .signals import post_auth_success, post_auth_failed
|
||||||
|
|
||||||
|
|
||||||
|
@receiver(user_logged_in)
|
||||||
|
def on_user_auth_login_success(sender, user, request, **kwargs):
|
||||||
|
if settings.USER_LOGIN_SINGLE_MACHINE_ENABLED:
|
||||||
|
user_id = 'single_machine_login_' + str(user.id)
|
||||||
|
session_key = cache.get(user_id)
|
||||||
|
if session_key and session_key != request.session.session_key:
|
||||||
|
session = import_module(settings.SESSION_ENGINE).SessionStore(session_key)
|
||||||
|
session.delete()
|
||||||
|
cache.set(user_id, request.session.session_key, None)
|
||||||
|
|
||||||
|
|
||||||
@receiver(openid_user_login_success)
|
@receiver(openid_user_login_success)
|
||||||
def on_oidc_user_login_success(sender, request, user, **kwargs):
|
def on_oidc_user_login_success(sender, request, user, **kwargs):
|
||||||
post_auth_success.send(sender, user=user, request=request)
|
post_auth_success.send(sender, user=user, request=request)
|
||||||
|
|
|
||||||
|
|
@ -266,7 +266,8 @@ class Config(dict):
|
||||||
'ORG_CHANGE_TO_URL': '',
|
'ORG_CHANGE_TO_URL': '',
|
||||||
'LANGUAGE_CODE': 'zh',
|
'LANGUAGE_CODE': 'zh',
|
||||||
'TIME_ZONE': 'Asia/Shanghai',
|
'TIME_ZONE': 'Asia/Shanghai',
|
||||||
'CHANGE_AUTH_PLAN_SECURE_MODE_ENABLED': True
|
'CHANGE_AUTH_PLAN_SECURE_MODE_ENABLED': True,
|
||||||
|
'USER_LOGIN_SINGLE_MACHINE_ENABLED': False
|
||||||
}
|
}
|
||||||
|
|
||||||
def compatible_auth_openid_of_key(self):
|
def compatible_auth_openid_of_key(self):
|
||||||
|
|
|
||||||
|
|
@ -70,6 +70,9 @@ FLOWER_URL = CONFIG.FLOWER_URL
|
||||||
# Enable internal period task
|
# Enable internal period task
|
||||||
PERIOD_TASK_ENABLED = CONFIG.PERIOD_TASK_ENABLED
|
PERIOD_TASK_ENABLED = CONFIG.PERIOD_TASK_ENABLED
|
||||||
|
|
||||||
|
# only allow single machine login with the same account
|
||||||
|
USER_LOGIN_SINGLE_MACHINE_ENABLED = CONFIG.USER_LOGIN_SINGLE_MACHINE_ENABLED
|
||||||
|
|
||||||
# Email custom content
|
# Email custom content
|
||||||
EMAIL_SUBJECT_PREFIX = DYNAMIC.EMAIL_SUBJECT_PREFIX
|
EMAIL_SUBJECT_PREFIX = DYNAMIC.EMAIL_SUBJECT_PREFIX
|
||||||
EMAIL_SUFFIX = DYNAMIC.EMAIL_SUFFIX
|
EMAIL_SUFFIX = DYNAMIC.EMAIL_SUFFIX
|
||||||
|
|
|
||||||
|
|
@ -116,7 +116,10 @@ REDIS_PORT: 6379
|
||||||
|
|
||||||
# Perm show single asset to ungrouped node
|
# Perm show single asset to ungrouped node
|
||||||
# 是否把未授权节点资产放入到 未分组 节点中
|
# 是否把未授权节点资产放入到 未分组 节点中
|
||||||
# PERM_SINGLE_ASSET_TO_UNGROUP_NODE: false
|
# PERM_SINGLE_ASSET_TO_UNGROUP_NODE: False
|
||||||
|
#
|
||||||
|
# 同一账号仅允许在一台设备登录
|
||||||
|
# USER_LOGIN_SINGLE_MACHINE_ENABLED: False
|
||||||
#
|
#
|
||||||
# 启用定时任务
|
# 启用定时任务
|
||||||
# PERIOD_TASK_ENABLE: True
|
# PERIOD_TASK_ENABLE: True
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue