From 180842ba2936178621096410021cad3b9a20574b Mon Sep 17 00:00:00 2001
From: wangruidong <940853815@qq.com>
Date: Wed, 8 Jan 2025 14:22:12 +0800
Subject: [PATCH] perf: Add risk change_password_add handle

---
 apps/accounts/risk_handlers.py | 41 +++++++++++++++++++++++++++++-----
 1 file changed, 35 insertions(+), 6 deletions(-)

diff --git a/apps/accounts/risk_handlers.py b/apps/accounts/risk_handlers.py
index 2dd8c8d53..f6370494a 100644
--- a/apps/accounts/risk_handlers.py
+++ b/apps/accounts/risk_handlers.py
@@ -1,14 +1,15 @@
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 
-from accounts.const import AutomationTypes
+from accounts.const import AutomationTypes, Source
 from accounts.models import (
     GatheredAccount,
     AccountRisk,
     SecretType,
-    AutomationExecution, RiskChoice,
+    AutomationExecution, RiskChoice, Account
 )
 from common.const import ConfirmOrIgnore
+from common.utils import random_string
 
 TYPE_CHOICES = [
     ("ignore", _("Ignore")),
@@ -17,7 +18,7 @@ TYPE_CHOICES = [
     ("delete_both", _("Delete remote")),
     ("add_account", _("Add account")),
     ("change_password_add", _("Change password and Add")),
-    ("change_password", _("Change password")),
+    ("change_password", _("Change password"))
 ]
 
 
@@ -107,9 +108,6 @@ class RiskHandler:
     def handle_delete_both(self):
         self._handle_delete(delete="both")
 
-    def handle_change_password_add(self):
-        pass
-
     def handle_change_password(self):
         asset = self.asset
         execution = AutomationExecution()
@@ -124,3 +122,34 @@ class RiskHandler:
         execution.save()
         execution.start()
         return execution.summary
+
+    def handle_change_password_add(self):
+        asset = self.asset
+        secret_type = SecretType.PASSWORD
+        secret = random_string(30)
+        account_data = {
+            "username": self.username,
+            "name": f'{self.username}-{secret_type}',
+            "secret_type": SecretType.PASSWORD,
+            "source": Source.DISCOVERY,
+            "asset": asset,
+            "secret": secret
+        }
+        account, _ = self.asset.accounts.get_or_create(defaults=account_data, username=self.username)
+        execution = AutomationExecution()
+        execution.snapshot = {
+            "assets": [str(asset.id)],
+            "accounts": [str(account.id)],
+            "type": AutomationTypes.push_account,
+            "secret_type": secret_type,
+            'nodes': [],
+            'org_id': self.asset.org_id,
+            "secret_strategy": "random",
+            "secret": secret,
+            'ssh_key_change_strategy': 'set_jms',
+            'check_conn_after_change': True,
+            "name": "Push account password: {}@{}".format(self.username, asset.name),
+        }
+        execution.save()
+        execution.start()
+        return execution.summary