github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

[Update] 修改authentication backends

pull/2461/head
ibuler 2019-02-28 15:12:45 +08:00
parent 9b3509208d
commit 1969fb79fe
9 changed files with 15 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/audits/hands.py
View File

@ -1,4 +0,0 @@
# -*- coding: utf-8 -*-
#
from users.models import LoginLog

5
apps/authentication/api/auth.py
View File

@ -15,14 +15,15 @@ from rest_framework.views import APIView
from common.utils import get_logger, get_request_ip from common.utils import get_logger, get_request_ip
from common.permissions import IsOrgAdminOrAppUser from common.permissions import IsOrgAdminOrAppUser
from orgs.mixins import RootOrgViewMixin from orgs.mixins import RootOrgViewMixin
from authentication.signals import post_auth_success, post_auth_failed
from users.serializers import UserSerializer from users.serializers import UserSerializer
from users.models import User, LoginLog from users.models import User, LoginLog
from assets.models import Asset, SystemUser
from users.utils import ( from users.utils import (
check_user_valid, check_otp_code, increase_login_failed_count, check_user_valid, check_otp_code, increase_login_failed_count,
is_block_login, clean_failed_count is_block_login, clean_failed_count
) )
from users.hands import Asset, SystemUser
from ..signals import post_auth_success, post_auth_failed
logger = get_logger(__name__) logger = get_logger(__name__)
__all__ = [ __all__ = [

1
apps/authentication/backends/openid/backends.py
View File

@ -75,7 +75,6 @@ class OpenIDAuthorizationPasswordBackend(BaseOpenIDAuthorizationBackend):
if not settings.AUTH_OPENID: if not settings.AUTH_OPENID:
return None return None
elif not username: elif not username:
return None return None

14
apps/authentication/backends/openid/middleware.py
View File

@ -10,9 +10,7 @@ from common.utils import get_logger
from .utils import new_client from .utils import new_client
from .models import OIDT_ACCESS_TOKEN from .models import OIDT_ACCESS_TOKEN
BACKEND_OPENID_AUTH_CODE = \ BACKEND_OPENID_AUTH_CODE = 'OpenIDAuthorizationCodeBackend'
'authentication.backends.openid.OpenIDAuthorizationCodeBackend'
client = new_client()
logger = get_logger(__file__) logger = get_logger(__file__)
__all__ = ['OpenIDAuthenticationMiddleware'] __all__ = ['OpenIDAuthenticationMiddleware']
@ -23,22 +21,22 @@ class OpenIDAuthenticationMiddleware(MiddlewareMixin):
""" """
def process_request(self, request): def process_request(self, request):
# Don't need openid auth if AUTH_OPENID is False # Don't need openid auth if AUTH_OPENID is False
if not settings.AUTH_OPENID: if not settings.AUTH_OPENID:
return return
# Don't need check single logout if user not authenticated # Don't need check single logout if user not authenticated
if not request.user.is_authenticated: if not request.user.is_authenticated:
return return
elif request.session[BACKEND_SESSION_KEY].endswith(
elif request.session[BACKEND_SESSION_KEY] != BACKEND_OPENID_AUTH_CODE: BACKEND_OPENID_AUTH_CODE):
return return
# Check openid user single logout or not with access_token # Check openid user single logout or not with access_token
client = new_client()
try: try:
client.openid_connect_client.userinfo( client.openid_connect_client.userinfo(
token=request.session.get(OIDT_ACCESS_TOKEN)) token=request.session.get(OIDT_ACCESS_TOKEN)
)
except Exception as e: except Exception as e:
logout(request) logout(request)

5
apps/authentication/backends/openid/views.py
View File

@ -26,7 +26,6 @@ __all__ = ['OpenIDLoginView', 'OpenIDLoginCompleteView']
class OpenIDLoginView(RedirectView): class OpenIDLoginView(RedirectView):
def get_redirect_url(self, *args, **kwargs): def get_redirect_url(self, *args, **kwargs):
# Todo: 待优化
redirect_uri = settings.BASE_SITE_URL + settings.LOGIN_COMPLETE_URL redirect_uri = settings.BASE_SITE_URL + settings.LOGIN_COMPLETE_URL
nonce = Nonce( nonce = Nonce(
redirect_uri=redirect_uri, redirect_uri=redirect_uri,
@ -71,6 +70,8 @@ class OpenIDLoginCompleteView(RedirectView):
return HttpResponseBadRequest() return HttpResponseBadRequest()
login(self.request, user) login(self.request, user)
post_openid_login_success.send(sender=self.__class__, user=user, request=self.request) post_openid_login_success.send(
sender=self.__class__, user=user, request=self.request
)
return HttpResponseRedirect(nonce.next_path or '/') return HttpResponseRedirect(nonce.next_path or '/')

2
apps/authentication/migrations/__init__.py Normal file
View File

@ -0,0 +1,2 @@
# -*- coding: utf-8 -*-
#

1
apps/authentication/models.py
View File

@ -1 +0,0 @@

3
apps/users/urls/views_urls.py
View File

@ -46,7 +46,4 @@ urlpatterns = [
path('user-group/<uuid:pk>/update/', views.UserGroupUpdateView.as_view(), name='user-group-update'), path('user-group/<uuid:pk>/update/', views.UserGroupUpdateView.as_view(), name='user-group-update'),
path('user-group/<uuid:pk>/assets/', views.UserGroupGrantedAssetView.as_view(), name='user-group-granted-asset'), path('user-group/<uuid:pk>/assets/', views.UserGroupGrantedAssetView.as_view(), name='user-group-granted-asset'),
# Login log
# Abandon
# path('login-log/', views.LoginLogListView.as_view(), name='login-log-list'),
] ]

2
apps/users/utils.py
View File

@ -18,7 +18,7 @@ from datetime import datetime
from common.tasks import send_mail_async from common.tasks import send_mail_async
from common.utils import reverse, get_object_or_none, get_ip_city from common.utils import reverse, get_object_or_none, get_ip_city
from .models import User, LoginLog from .models import User
logger = logging.getLogger('jumpserver') logger = logging.getLogger('jumpserver')