github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: 过滤系统用户密码过滤ansible不支持的字符

pull/8395/head
Jiangjie.Bai 2022-06-14 18:04:53 +08:00 committed by Jiangjie.Bai
parent f91bfedc50
commit 2aebfa51b2
3 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/assets/serializers/base.py
View File

@ -8,7 +8,7 @@ from rest_framework import serializers
from common.utils import ssh_pubkey_gen, ssh_private_key_gen, validate_ssh_private_key from common.utils import ssh_pubkey_gen, ssh_private_key_gen, validate_ssh_private_key
from common.drf.fields import EncryptedField from common.drf.fields import EncryptedField
from assets.models import Type from assets.models import Type
from .utils import validate_password_contains_left_double_curly_bracket from .utils import validate_password_for_ansible
class AuthSerializer(serializers.ModelSerializer): class AuthSerializer(serializers.ModelSerializer):
@ -35,7 +35,7 @@ class AuthSerializer(serializers.ModelSerializer):
class AuthSerializerMixin(serializers.ModelSerializer): class AuthSerializerMixin(serializers.ModelSerializer):
password = EncryptedField( password = EncryptedField(
label=_('Password'), required=False, allow_blank=True, allow_null=True, max_length=1024, label=_('Password'), required=False, allow_blank=True, allow_null=True, max_length=1024,
validators=[validate_password_contains_left_double_curly_bracket] validators=[validate_password_for_ansible]
) )
private_key = EncryptedField( private_key = EncryptedField(
label=_('SSH private key'), required=False, allow_blank=True, allow_null=True, max_length=4096 label=_('SSH private key'), required=False, allow_blank=True, allow_null=True, max_length=4096

4
apps/assets/serializers/system_user.py
View File

@ -9,7 +9,7 @@ from common.drf.serializers import SecretReadableMixin
from common.validators import alphanumeric_re, alphanumeric_cn_re, alphanumeric_win_re from common.validators import alphanumeric_re, alphanumeric_cn_re, alphanumeric_win_re
from orgs.mixins.serializers import BulkOrgResourceModelSerializer from orgs.mixins.serializers import BulkOrgResourceModelSerializer
from ..models import SystemUser, Asset from ..models import SystemUser, Asset
from .utils import validate_password_contains_left_double_curly_bracket from .utils import validate_password_for_ansible
from .base import AuthSerializerMixin from .base import AuthSerializerMixin
__all__ = [ __all__ = [
@ -27,7 +27,7 @@ class SystemUserSerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer):
""" """
password = EncryptedField( password = EncryptedField(
label=_('Password'), required=False, allow_blank=True, allow_null=True, max_length=1024, label=_('Password'), required=False, allow_blank=True, allow_null=True, max_length=1024,
trim_whitespace=False, validators=[validate_password_contains_left_double_curly_bracket], trim_whitespace=False, validators=[validate_password_for_ansible],
write_only=True write_only=True
) )
auto_generate_key = serializers.BooleanField(initial=True, required=False, write_only=True) auto_generate_key = serializers.BooleanField(initial=True, required=False, write_only=True)

10
apps/assets/serializers/utils.py
View File

@ -2,8 +2,16 @@ from django.utils.translation import ugettext_lazy as _
from rest_framework import serializers from rest_framework import serializers
def validate_password_contains_left_double_curly_bracket(password): def validate_password_for_ansible(password):
""" 校验 Ansible 不支持的特殊字符 """
# validate password contains left double curly bracket # validate password contains left double curly bracket
# check password not contains `{{` # check password not contains `{{`
# Ansible 推送的时候不支持
if '{{' in password: if '{{' in password:
raise serializers.ValidationError(_('Password can not contains `{{` ')) raise serializers.ValidationError(_('Password can not contains `{{` '))
# Ansible Windows 推送的时候不支持
if "'" in password:
raise serializers.ValidationError(_("Password can not contains `'` "))
if '"' in password:
raise serializers.ValidationError(_('Password can not contains `"` '))