diff --git a/apps/audits/hands.py b/apps/audits/hands.py deleted file mode 100644 index 6ec72c288..000000000 --- a/apps/audits/hands.py +++ /dev/null @@ -1,4 +0,0 @@ -# -*- coding: utf-8 -*- -# - -from users.models import LoginLog \ No newline at end of file diff --git a/apps/authentication/api/auth.py b/apps/authentication/api/auth.py index bca8e2144..3e2bc10b3 100644 --- a/apps/authentication/api/auth.py +++ b/apps/authentication/api/auth.py @@ -15,14 +15,15 @@ from rest_framework.views import APIView from common.utils import get_logger, get_request_ip from common.permissions import IsOrgAdminOrAppUser from orgs.mixins import RootOrgViewMixin -from authentication.signals import post_auth_success, post_auth_failed from users.serializers import UserSerializer from users.models import User, LoginLog +from assets.models import Asset, SystemUser from users.utils import ( check_user_valid, check_otp_code, increase_login_failed_count, is_block_login, clean_failed_count ) -from users.hands import Asset, SystemUser + +from ..signals import post_auth_success, post_auth_failed logger = get_logger(__name__) __all__ = [ diff --git a/apps/authentication/backends/openid/backends.py b/apps/authentication/backends/openid/backends.py index b1fa1a9b7..aeb611db5 100644 --- a/apps/authentication/backends/openid/backends.py +++ b/apps/authentication/backends/openid/backends.py @@ -75,7 +75,6 @@ class OpenIDAuthorizationPasswordBackend(BaseOpenIDAuthorizationBackend): if not settings.AUTH_OPENID: return None - elif not username: return None diff --git a/apps/authentication/backends/openid/middleware.py b/apps/authentication/backends/openid/middleware.py index ee9acb0a9..df5ee93c1 100644 --- a/apps/authentication/backends/openid/middleware.py +++ b/apps/authentication/backends/openid/middleware.py @@ -10,9 +10,7 @@ from common.utils import get_logger from .utils import new_client from .models import OIDT_ACCESS_TOKEN -BACKEND_OPENID_AUTH_CODE = \ - 'authentication.backends.openid.OpenIDAuthorizationCodeBackend' -client = new_client() +BACKEND_OPENID_AUTH_CODE = 'OpenIDAuthorizationCodeBackend' logger = get_logger(__file__) __all__ = ['OpenIDAuthenticationMiddleware'] @@ -23,22 +21,22 @@ class OpenIDAuthenticationMiddleware(MiddlewareMixin): """ def process_request(self, request): - # Don't need openid auth if AUTH_OPENID is False if not settings.AUTH_OPENID: return - # Don't need check single logout if user not authenticated if not request.user.is_authenticated: return - - elif request.session[BACKEND_SESSION_KEY] != BACKEND_OPENID_AUTH_CODE: + elif request.session[BACKEND_SESSION_KEY].endswith( + BACKEND_OPENID_AUTH_CODE): return # Check openid user single logout or not with access_token + client = new_client() try: client.openid_connect_client.userinfo( - token=request.session.get(OIDT_ACCESS_TOKEN)) + token=request.session.get(OIDT_ACCESS_TOKEN) + ) except Exception as e: logout(request) diff --git a/apps/authentication/backends/openid/views.py b/apps/authentication/backends/openid/views.py index 60e001434..bf15d8438 100644 --- a/apps/authentication/backends/openid/views.py +++ b/apps/authentication/backends/openid/views.py @@ -26,7 +26,6 @@ __all__ = ['OpenIDLoginView', 'OpenIDLoginCompleteView'] class OpenIDLoginView(RedirectView): def get_redirect_url(self, *args, **kwargs): - # Todo: 待优化 redirect_uri = settings.BASE_SITE_URL + settings.LOGIN_COMPLETE_URL nonce = Nonce( redirect_uri=redirect_uri, @@ -71,6 +70,8 @@ class OpenIDLoginCompleteView(RedirectView): return HttpResponseBadRequest() login(self.request, user) - post_openid_login_success.send(sender=self.__class__, user=user, request=self.request) + post_openid_login_success.send( + sender=self.__class__, user=user, request=self.request + ) return HttpResponseRedirect(nonce.next_path or '/') diff --git a/apps/authentication/migrations/__init__.py b/apps/authentication/migrations/__init__.py new file mode 100644 index 000000000..ec51c5a2b --- /dev/null +++ b/apps/authentication/migrations/__init__.py @@ -0,0 +1,2 @@ +# -*- coding: utf-8 -*- +# diff --git a/apps/authentication/models.py b/apps/authentication/models.py index 8b1378917..e69de29bb 100644 --- a/apps/authentication/models.py +++ b/apps/authentication/models.py @@ -1 +0,0 @@ - diff --git a/apps/users/urls/views_urls.py b/apps/users/urls/views_urls.py index 38e8f5cb6..f26300a04 100644 --- a/apps/users/urls/views_urls.py +++ b/apps/users/urls/views_urls.py @@ -46,7 +46,4 @@ urlpatterns = [ path('user-group//update/', views.UserGroupUpdateView.as_view(), name='user-group-update'), path('user-group//assets/', views.UserGroupGrantedAssetView.as_view(), name='user-group-granted-asset'), - # Login log - # Abandon - # path('login-log/', views.LoginLogListView.as_view(), name='login-log-list'), ] diff --git a/apps/users/utils.py b/apps/users/utils.py index 5a2985bc2..e8f361ffa 100644 --- a/apps/users/utils.py +++ b/apps/users/utils.py @@ -18,7 +18,7 @@ from datetime import datetime from common.tasks import send_mail_async from common.utils import reverse, get_object_or_none, get_ip_city -from .models import User, LoginLog +from .models import User logger = logging.getLogger('jumpserver')