diff --git a/jumpserver.conf b/jumpserver.conf index 306da1e77..a0a489e54 100644 --- a/jumpserver.conf +++ b/jumpserver.conf @@ -28,8 +28,9 @@ web_socket_host = 192.168.40.140:3000 [mail] +mail_enable = 1 email_host = smtp.qq.com email_port = 25 -email_host_user = 1152704203@qq.com -email_host_password = xxxxx +email_host_user = xxxxxxxxxx@qq.com +email_host_password = xxxxxxxxx email_use_tls = False diff --git a/jumpserver/api.py b/jumpserver/api.py index 43cdf6aae..23988b781 100644 --- a/jumpserver/api.py +++ b/jumpserver/api.py @@ -51,6 +51,7 @@ LOGIN_NAME = getpass.getuser() LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable') SEND_IP = CONF.get('base', 'ip') SEND_PORT = CONF.get('base', 'port') +MAIL_ENABLE = CONF.get('mail', 'mail_enable') MAIL_FROM = CONF.get('mail', 'email_host_user') log_dir = os.path.join(BASE_DIR, 'logs') @@ -397,18 +398,22 @@ class PyCrypt(object): self.mode = AES.MODE_CBC @staticmethod - def random_pass(): + def random_pass(length, especial=False): """ random password 随机生成密码 """ - salt_key = '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@$%^&*()_' + salt_key = '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_' symbol = '!@$%^&*()_' salt_list = [] - for i in range(60): - salt_list.append(random.choice(salt_key)) - for i in range(4): - salt_list.append(random.choice(symbol)) + if especial: + for i in range(length-4): + salt_list.append(random.choice(salt_key)) + for i in range(4): + salt_list.append(random.choice(symbol)) + else: + for i in range(length): + salt_list.append(random.choice(salt_key)) salt = ''.join(salt_list) return salt diff --git a/juser/models.py b/juser/models.py index 1e18f6845..a7bd79943 100644 --- a/juser/models.py +++ b/juser/models.py @@ -119,3 +119,13 @@ class User(models.Model): print '' else: return assets_info + + +class AdminGroup(models.Model): + """ + under the user control group + 用户可以管理的用户组,或组的管理员是该用户 + """ + + user = models.ForeignKey(User) + group = models.ForeignKey(UserGroup) \ No newline at end of file diff --git a/juser/urls.py b/juser/urls.py index 5ff976839..0baa60576 100644 --- a/juser/urls.py +++ b/juser/urls.py @@ -11,7 +11,7 @@ urlpatterns = patterns('juser.views', (r'^group_list/$', group_list), (r'^group_del/$', group_del), (r'^group_del_ajax', group_del_ajax), - (r'^group_edit/$', view_splitter, {'su': group_edit, 'adm': group_edit_adm}), + (r'^group_edit/$',group_edit), (r'^user_add/$', view_splitter, {'su': user_add, 'adm': user_add_adm}), (r'^user_list/$', view_splitter, {'su': user_list, 'adm': user_list_adm}), (r'^user_detail/$', 'user_detail'), diff --git a/juser/user_api.py b/juser/user_api.py index 84c0f915f..c0307938d 100644 --- a/juser/user_api.py +++ b/juser/user_api.py @@ -2,6 +2,7 @@ from Crypto.PublicKey import RSA +from juser.models import AdminGroup from jumpserver.api import * @@ -55,6 +56,8 @@ def db_add_user(**kwargs): 数据库中添加用户 """ groups_post = kwargs.pop('groups') + admin_groups = kwargs.pop('admin_groups') + role = kwargs.get('role', 'CU') user = User(**kwargs) user.save() if groups_post: @@ -63,6 +66,12 @@ def db_add_user(**kwargs): group = UserGroup.objects.filter(id=group_id) group_select.extend(group) user.group = group_select + + if admin_groups and role == 'GA': # 如果是组管理员就要添加组管理员和组到管理组中 + for group_id in admin_groups: + group = get_object(UserGroup, id=group_id) + if group: + AdminGroup(user=user, group=group).save() return user @@ -132,6 +141,27 @@ def server_add_user(username, password, ssh_key_pwd): gen_ssh_key(username, ssh_key_pwd) +def user_add_mail(user, kwargs): + """ + add user send mail + 发送用户添加邮件 + """ + print kwargs + user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'} + mail_title = u'恭喜你的跳板机用户 %s 添加成功 Jumpserver' % user.name + mail_msg = u""" + Hi, %s + 您的用户名: %s + 您的角色: %s + 您的web登录密码: %s + 您的ssh密钥文件密码: %s + 密钥下载地址: http://%s:%s/juser/down_key/?id=%s + 说明: 请登陆后再下载密钥! + """ % (user.name, user.username, user_role.get(user.role, u'普通用户'), + kwargs.get('password'), kwargs.get('ssh_key_pwd'), SEND_IP, SEND_PORT, user.id) + send_mail(mail_title, mail_msg, MAIL_FROM, [user.email], fail_silently=False) + + def server_del_user(username): """ delete a user from jumpserver linux system @@ -146,11 +176,9 @@ def ldap_add_user(username, ldap_pwd): 在LDAP中添加用户 """ user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN) - password_sha512 = PyCrypt.gen_sha512(PyCrypt.gen_rand_pwd(6), ldap_pwd) - user = User.objects.filter(username=username) - if user: - user = user[0] - else: + password_sha512 = PyCrypt.gen_sha512(PyCrypt.random_pass(6), ldap_pwd) + user = get_object(UserGroup, username=username) + if not user: raise ServerError(u'用户 %s 不存在' % username) user_attr = {'uid': [str(username)], diff --git a/juser/views.py b/juser/views.py index 575f56530..1f02cf486 100644 --- a/juser/views.py +++ b/juser/views.py @@ -171,52 +171,52 @@ def group_edit(request): return render_to_response('juser/group_edit.html', locals(), context_instance=RequestContext(request)) -@require_role(role='admin') -def group_edit_adm(request): - error = '' - msg = '' - header_title, path1, path2 = '修改小组信息', '用户管理', '编辑小组' - user, dept = get_session_user_dept(request) - if request.method == 'GET': - group_id = request.GET.get('id', '') - if not validate(request, user_group=[group_id]): - return HttpResponseRedirect('/juser/group_list/') - group = UserGroup.objects.filter(id=group_id) - if group: - group = group[0] - users_all = dept.user_set.all() - users_selected = group.user_set.all() - users = [user for user in users_all if user not in users_selected] - - return render_to_response('juser/group_edit.html', locals(), context_instance=RequestContext(request)) - else: - group_id = request.POST.get('group_id', '') - group_name = request.POST.get('group_name', '') - comment = request.POST.get('comment', '') - users_selected = request.POST.getlist('users_selected') - - users = [] - try: - if not validate(request, user=users_selected): - raise ServerError(u'右侧非部门用户') - - if not validate(request, user_group=[group_id]): - raise ServerError(u'没有权限修改本组') - - for user_id in users_selected: - users.extend(User.objects.filter(id=user_id)) - - user_group = UserGroup.objects.filter(id=group_id) - if user_group: - user_group.update(name=group_name, comment=comment, dept=dept) - user_group = user_group[0] - user_group.user_set.clear() - user_group.user_set = users - - except ServerError, e: - error = e - - return HttpResponseRedirect('/juser/group_list/') +# @require_role(role='admin') +# def group_edit_adm(request): +# error = '' +# msg = '' +# header_title, path1, path2 = '修改小组信息', '用户管理', '编辑小组' +# user, dept = get_session_user_dept(request) +# if request.method == 'GET': +# group_id = request.GET.get('id', '') +# if not validate(request, user_group=[group_id]): +# return HttpResponseRedirect('/juser/group_list/') +# group = UserGroup.objects.filter(id=group_id) +# if group: +# group = group[0] +# users_all = dept.user_set.all() +# users_selected = group.user_set.all() +# users = [user for user in users_all if user not in users_selected] +# +# return render_to_response('juser/group_edit.html', locals(), context_instance=RequestContext(request)) +# else: +# group_id = request.POST.get('group_id', '') +# group_name = request.POST.get('group_name', '') +# comment = request.POST.get('comment', '') +# users_selected = request.POST.getlist('users_selected') +# +# users = [] +# try: +# if not validate(request, user=users_selected): +# raise ServerError(u'右侧非部门用户') +# +# if not validate(request, user_group=[group_id]): +# raise ServerError(u'没有权限修改本组') +# +# for user_id in users_selected: +# users.extend(User.objects.filter(id=user_id)) +# +# user_group = UserGroup.objects.filter(id=group_id) +# if user_group: +# user_group.update(name=group_name, comment=comment, dept=dept) +# user_group = user_group[0] +# user_group.user_set.clear() +# user_group.user_set = users +# +# except ServerError, e: +# error = e +# +# return HttpResponseRedirect('/juser/group_list/') @require_role(role='super') @@ -224,46 +224,39 @@ def user_add(request): error = '' msg = '' header_title, path1, path2 = '添加用户', '用户管理', '添加用户' - user_role = {'SU': u'超级管理员', 'DA': u'部门管理员', 'CU': u'普通用户'} - dept_all = DEPT.objects.all() + user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'} group_all = UserGroup.objects.all() if request.method == 'POST': username = request.POST.get('username', '') - password = PyCrypt.gen_rand_pwd(16) + password = PyCrypt.random_pass(16) name = request.POST.get('name', '') email = request.POST.get('email', '') dept_id = request.POST.get('dept_id') groups = request.POST.getlist('groups', []) - role_post = request.POST.get('role', 'CU') - ssh_key_pwd = PyCrypt.gen_rand_pwd(16) + admin_groups = request.POST.getlist('admin_groups', []) + role = request.POST.get('role', 'CU') + ssh_key_pwd = PyCrypt.random_pass(16) is_active = True if request.POST.get('is_active', '1') == '1' else False - ldap_pwd = PyCrypt.gen_rand_pwd(16) + ldap_pwd = PyCrypt.random_pass(32, especial=True) try: - if '' in [username, password, ssh_key_pwd, name, groups, role_post, is_active]: + if '' in [username, password, ssh_key_pwd, name, groups, role, is_active]: error = u'带*内容不能为空' raise ServerError - user = User.objects.filter(username=username) - if user: + user_test = get_object(User, username=username) + if user_test: error = u'用户 %s 已存在' % username raise ServerError - dept = DEPT.objects.filter(id=dept_id) - if dept: - dept = dept[0] - else: - error = u'部门不存在' - raise ServerError(error) - except ServerError: pass else: try: user = db_add_user(username=username, password=CRYPTOR.md5_crypt(password), - name=name, email=email, dept=dept, - groups=groups, role=role_post, + name=name, email=email, role=role, + groups=groups, admin_groups=admin_groups, ssh_key_pwd=CRYPTOR.md5_crypt(ssh_key_pwd), ldap_pwd=CRYPTOR.encrypt(ldap_pwd), is_active=is_active, @@ -272,18 +265,6 @@ def user_add(request): server_add_user(username, password, ssh_key_pwd) if LDAP_ENABLE: ldap_add_user(username, ldap_pwd) - mail_title = u'恭喜你的跳板机用户添加成功 Jumpserver' - mail_msg = """ - Hi, %s - 您的用户名: %s - 您的部门: %s - 您的角色: %s - 您的web登录密码: %s - 您的ssh密钥文件密码: %s - 密钥下载地址: http://%s:%s/juser/down_key/?id=%s - 说明: 请登陆后再下载密钥! - """ % (name, username, dept.name, user_role.get(role_post, ''), - password, ssh_key_pwd, SEND_IP, SEND_PORT, user.id) except Exception, e: error = u'添加用户 %s 失败 %s ' % (username, e) @@ -295,8 +276,9 @@ def user_add(request): except Exception: pass else: - send_mail(mail_title, mail_msg, MAIL_FROM, [email], fail_silently=False) - msg = u'添加用户 %s 成功! 用户密码已发送到 %s 邮箱!' % (username, email) + if MAIL_ENABLE: + user_add_mail(user, kwargs=locals()) + msg = u'添加用户 %s 成功! 用户密码已发送到 %s 邮箱!' % (username, email) return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request)) diff --git a/templates/juser/user_add.html b/templates/juser/user_add.html index 2a097fae8..c26c1fa5e 100644 --- a/templates/juser/user_add.html +++ b/templates/juser/user_add.html @@ -17,12 +17,6 @@ -
@@ -42,26 +36,6 @@ -{# #} -{#