github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #4648 from jumpserver/dev 

chore: merge dev to master
pull/4698/head
Jiangjie.Bai 2020-09-15 17:23:48 +08:00 committed by GitHub
parent 12a86d7244 4090a0b123
commit 1ef3f24465
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 96 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
apps/assets/serializers/system_user.py
View File

@ -149,6 +149,7 @@ class SystemUserListSerializer(SystemUserSerializer):
class Meta(SystemUserSerializer.Meta): class Meta(SystemUserSerializer.Meta):
fields = [ fields = [
'id', 'name', 'username', 'protocol', 'id', 'name', 'username', 'protocol',
'password', 'public_key', 'private_key',
'login_mode', 'login_mode_display', 'login_mode', 'login_mode_display',
'priority', "username_same_with_user", 'priority', "username_same_with_user",
'auto_push', 'sudo', 'shell', 'comment', 'auto_push', 'sudo', 'shell', 'comment',
@ -157,6 +158,12 @@ class SystemUserListSerializer(SystemUserSerializer):
'sftp_root', 'sftp_root',
] ]
extra_kwargs = {
'password': {"write_only": True},
'public_key': {"write_only": True},
'private_key': {"write_only": True},
}
@classmethod @classmethod
def setup_eager_loading(cls, queryset): def setup_eager_loading(cls, queryset):
""" Perform necessary eager loading of data. """ """ Perform necessary eager loading of data. """

6
apps/authentication/signals_handlers.py
View File

@ -4,6 +4,7 @@ from django.conf import settings
from django.contrib.auth import user_logged_in from django.contrib.auth import user_logged_in
from django.core.cache import cache from django.core.cache import cache
from django.dispatch import receiver from django.dispatch import receiver
from django_cas_ng.signals import cas_user_authenticated
from jms_oidc_rp.signals import openid_user_login_failed, openid_user_login_success from jms_oidc_rp.signals import openid_user_login_failed, openid_user_login_success
@ -29,3 +30,8 @@ def on_oidc_user_login_success(sender, request, user, **kwargs):
@receiver(openid_user_login_failed) @receiver(openid_user_login_failed)
def on_oidc_user_login_failed(sender, username, request, reason, **kwargs): def on_oidc_user_login_failed(sender, username, request, reason, **kwargs):
post_auth_failed.send(sender, username=username, request=request, reason=reason) post_auth_failed.send(sender, username=username, request=request, reason=reason)
@receiver(cas_user_authenticated)
def on_cas_user_login_success(sender, request, user, **kwargs):
post_auth_success.send(sender, user=user, request=request)

29
apps/authentication/templates/authentication/login.html
View File

@ -82,12 +82,27 @@
return jsencrypt.encrypt(password); //加密 return jsencrypt.encrypt(password); //加密
} }
function doLogin() { function doLogin() {
//公钥加密 var rsaPublicKey = "{{ rsa_public_key }}";
var rsaPublicKey = "{{ rsa_public_key }}" var password =$('#password').val();
var password =$('#password').val(); //明文密码 var passwordEncrypted = encryptLoginPassword(password, rsaPublicKey);
var passwordEncrypted = encryptLoginPassword(password, rsaPublicKey) var serialize_array = $('#form').serializeArray();
$('#password').val(passwordEncrypted); //返回给密码输入input $.each(serialize_array, function(index,obj){
$('#form').submit();//post提交 if(obj.name=='password'){
} obj.value=passwordEncrypted};
});
$.ajax({
type: 'POST',
url: '',
data: serialize_array,
success: function(data){
$('body').html(data);
},
error: function(data){
alert('服务器异常');
},
});
};
</script> </script>
{% endblock %} {% endblock %}

29
apps/authentication/templates/authentication/xpack_login.html
View File

@ -153,13 +153,28 @@
return jsencrypt.encrypt(password); //加密 return jsencrypt.encrypt(password); //加密
} }
function doLogin() { function doLogin() {
//公钥加密 var rsaPublicKey = "{{ rsa_public_key }}";
var rsaPublicKey = "{{ rsa_public_key }}" var password =$('#password').val();
var password =$('#password').val(); //明文密码 var passwordEncrypted = encryptLoginPassword(password, rsaPublicKey);
var passwordEncrypted = encryptLoginPassword(password, rsaPublicKey) var serialize_array = $('#contact-form').serializeArray();
$('#password').val(passwordEncrypted); //返回给密码输入input $.each(serialize_array, function(index,obj){
$('#contact-form').submit();//post提交 if(obj.name=='password'){
} obj.value=passwordEncrypted};
});
$.ajax({
type: 'POST',
url: '',
data: serialize_array,
success: function(data){
$('body').html(data);
},
error: function(data){
alert('服务器异常');
},
});
};
</script> </script>
</html> </html>

5
apps/jumpserver/conf.py
View File

@ -163,7 +163,7 @@ class Config(dict):
'AUTH_LDAP_SEARCH_FILTER': '(cn=%(user)s)', 'AUTH_LDAP_SEARCH_FILTER': '(cn=%(user)s)',
'AUTH_LDAP_START_TLS': False, 'AUTH_LDAP_START_TLS': False,
'AUTH_LDAP_USER_ATTR_MAP': {"username": "cn", "name": "sn", "email": "mail"}, 'AUTH_LDAP_USER_ATTR_MAP': {"username": "cn", "name": "sn", "email": "mail"},
'AUTH_LDAP_CONNECT_TIMEOUT': 30, 'AUTH_LDAP_CONNECT_TIMEOUT': 10,
'AUTH_LDAP_SEARCH_PAGED_SIZE': 1000, 'AUTH_LDAP_SEARCH_PAGED_SIZE': 1000,
'AUTH_LDAP_SYNC_IS_PERIODIC': False, 'AUTH_LDAP_SYNC_IS_PERIODIC': False,
'AUTH_LDAP_SYNC_INTERVAL': None, 'AUTH_LDAP_SYNC_INTERVAL': None,
@ -267,7 +267,8 @@ class Config(dict):
'LANGUAGE_CODE': 'zh', 'LANGUAGE_CODE': 'zh',
'TIME_ZONE': 'Asia/Shanghai', 'TIME_ZONE': 'Asia/Shanghai',
'CHANGE_AUTH_PLAN_SECURE_MODE_ENABLED': True, 'CHANGE_AUTH_PLAN_SECURE_MODE_ENABLED': True,
'USER_LOGIN_SINGLE_MACHINE_ENABLED': False 'USER_LOGIN_SINGLE_MACHINE_ENABLED': False,
'TICKETS_ENABLED': True
} }
def compatible_auth_openid_of_key(self): def compatible_auth_openid_of_key(self):

3
apps/jumpserver/settings/auth.py
View File

@ -32,7 +32,8 @@ if os.path.isfile(LDAP_CERT_FILE):
# AUTH_LDAP_GROUP_SEARCH_OU, ldap.SCOPE_SUBTREE, AUTH_LDAP_GROUP_SEARCH_FILTER # AUTH_LDAP_GROUP_SEARCH_OU, ldap.SCOPE_SUBTREE, AUTH_LDAP_GROUP_SEARCH_FILTER
# ) # )
AUTH_LDAP_CONNECTION_OPTIONS = { AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_TIMEOUT: CONFIG.AUTH_LDAP_CONNECT_TIMEOUT ldap.OPT_TIMEOUT: CONFIG.AUTH_LDAP_CONNECT_TIMEOUT,
ldap.OPT_NETWORK_TIMEOUT: CONFIG.AUTH_LDAP_CONNECT_TIMEOUT
} }
AUTH_LDAP_CACHE_TIMEOUT = 1 AUTH_LDAP_CACHE_TIMEOUT = 1
AUTH_LDAP_ALWAYS_UPDATE_USER = True AUTH_LDAP_ALWAYS_UPDATE_USER = True

2
apps/jumpserver/settings/custom.py
View File

@ -101,3 +101,5 @@ LOGO_URLS = DYNAMIC.LOGO_URLS
CHANGE_AUTH_PLAN_SECURE_MODE_ENABLED = CONFIG.CHANGE_AUTH_PLAN_SECURE_MODE_ENABLED CHANGE_AUTH_PLAN_SECURE_MODE_ENABLED = CONFIG.CHANGE_AUTH_PLAN_SECURE_MODE_ENABLED
DATETIME_DISPLAY_FORMAT = '%Y-%m-%d %H:%M:%S' DATETIME_DISPLAY_FORMAT = '%Y-%m-%d %H:%M:%S'
TICKETS_ENABLED = CONFIG.TICKETS_ENABLED

6
apps/orgs/serializers.py
View File

@ -52,9 +52,9 @@ class OrgReadSerializer(OrgSerializer):
class OrgMemberSerializer(BulkModelSerializer): class OrgMemberSerializer(BulkModelSerializer):
org_display = serializers.CharField() org_display = serializers.CharField(read_only=True)
user_display = serializers.CharField() user_display = serializers.CharField(read_only=True)
role_display = serializers.CharField(source='get_role_display') role_display = serializers.CharField(source='get_role_display', read_only=True)
class Meta: class Meta:
model = OrganizationMember model = OrganizationMember

1
apps/settings/api.py
View File

@ -279,6 +279,7 @@ class PublicSettingApi(generics.RetrieveAPIView):
"SECURITY_MFA_VERIFY_TTL": settings.SECURITY_MFA_VERIFY_TTL, "SECURITY_MFA_VERIFY_TTL": settings.SECURITY_MFA_VERIFY_TTL,
"SECURITY_COMMAND_EXECUTION": settings.SECURITY_COMMAND_EXECUTION, "SECURITY_COMMAND_EXECUTION": settings.SECURITY_COMMAND_EXECUTION,
"LOGO_URLS": settings.LOGO_URLS, "LOGO_URLS": settings.LOGO_URLS,
"TICKETS_ENABLED": settings.TICKETS_ENABLED,
"PASSWORD_RULE": { "PASSWORD_RULE": {
'SECURITY_PASSWORD_MIN_LENGTH': settings.SECURITY_PASSWORD_MIN_LENGTH, 'SECURITY_PASSWORD_MIN_LENGTH': settings.SECURITY_PASSWORD_MIN_LENGTH,
'SECURITY_PASSWORD_UPPER_CASE': settings.SECURITY_PASSWORD_UPPER_CASE, 'SECURITY_PASSWORD_UPPER_CASE': settings.SECURITY_PASSWORD_UPPER_CASE,

29
apps/terminal/serializers/terminal.py
View File

@ -1,8 +1,10 @@
from rest_framework import serializers from rest_framework import serializers
from django.utils.translation import ugettext_lazy as _
from common.drf.serializers import BulkModelSerializer, AdaptedBulkListSerializer from common.drf.serializers import BulkModelSerializer, AdaptedBulkListSerializer
from common.utils import is_uuid
from ..models import ( from ..models import (
Terminal, Status, Session, Task Terminal, Status, Session, Task, CommandStorage, ReplayStorage
) )
@ -18,6 +20,31 @@ class TerminalSerializer(BulkModelSerializer):
'is_alive', 'date_created', 'command_storage', 'replay_storage' 'is_alive', 'date_created', 'command_storage', 'replay_storage'
] ]
@staticmethod
def get_kwargs_may_be_uuid(value):
kwargs = {}
if is_uuid(value):
kwargs['id'] = value
else:
kwargs['name'] = value
return kwargs
def validate_command_storage(self, value):
kwargs = self.get_kwargs_may_be_uuid(value)
storage = CommandStorage.objects.filter(**kwargs).first()
if storage:
return storage.name
else:
raise serializers.ValidationError(_('Not found'))
def validate_replay_storage(self, value):
kwargs = self.get_kwargs_may_be_uuid(value)
storage = ReplayStorage.objects.filter(**kwargs).first()
if storage:
return storage.name
else:
raise serializers.ValidationError(_('Not found'))
@staticmethod @staticmethod
def get_session_online(obj): def get_session_online(obj):
return Session.objects.filter(terminal=obj, is_finished=False).count() return Session.objects.filter(terminal=obj, is_finished=False).count()