diff --git a/README.md b/README.md index df8324761..f0bceec9b 100644 --- a/README.md +++ b/README.md @@ -19,25 +19,25 @@ Jumpserver采纳分布式架构,支持多机房跨区域部署,中心节点 ---- ### 功能 - + ![Jumpserver功能](https://jumpserver-release.oss-cn-hangzhou.aliyuncs.com/Jumpserver13.jpg "Jumpserver功能") ### 开始使用 -快速开始文档 [Docker安装](http://docs.jumpserver.org/zh/latest/quickstart.html) +快速开始文档 [Docker安装](http://docs.jumpserver.org/zh/docs/dockerinstall.html) -一步一步安装文档 [详细部署](http://docs.jumpserver.org/zh/latest/step_by_step.html) +一步一步安装文档 [详细部署](http://docs.jumpserver.org/zh/docs/step_by_step.html) 也可以查看我们完整文档包括了使用和开发 [文档](http://docs.jumpserver.org) -### Demo 和 截图 +### Demo 和 截图 我们提供了DEMO和截图可以让你快速了解Jumpserver [DEMO](http://demo.jumpserver.org) [截图](http://docs.jumpserver.org/zh/docs/snapshot.html) -### SDK +### SDK 我们还编写了一些SDK,供你其它系统快速和Jumpserver APi交互, diff --git a/apps/__init__.py b/apps/__init__.py index 7e96164aa..be40e1dd2 100644 --- a/apps/__init__.py +++ b/apps/__init__.py @@ -2,4 +2,4 @@ # -*- coding: utf-8 -*- # -__version__ = "1.3.2" +__version__ = "1.3.3" diff --git a/apps/assets/models/asset.py b/apps/assets/models/asset.py index 4a3f49d99..3219ca75b 100644 --- a/apps/assets/models/asset.py +++ b/apps/assets/models/asset.py @@ -142,7 +142,7 @@ class Asset(OrgModelMixin): return False, warning def is_unixlike(self): - if self.platform not in ("Windows",): + if self.platform not in ("Windows", "Windows2016"): return True else: return False diff --git a/apps/assets/serializers/system_user.py b/apps/assets/serializers/system_user.py index 7a4e3aadc..a295f245c 100644 --- a/apps/assets/serializers/system_user.py +++ b/apps/assets/serializers/system_user.py @@ -53,7 +53,7 @@ class SystemUserAuthSerializer(AuthSerializer): model = SystemUser fields = [ "id", "name", "username", "protocol", - "password", "private_key", + "login_mode", "password", "private_key", ] diff --git a/apps/assets/templates/assets/gateway_create_update.html b/apps/assets/templates/assets/gateway_create_update.html index 7c1bf14b2..fea540385 100644 --- a/apps/assets/templates/assets/gateway_create_update.html +++ b/apps/assets/templates/assets/gateway_create_update.html @@ -42,7 +42,7 @@ {% bootstrap_field form.domain layout="horizontal" %} {% block auth %} -

{% trans 'Auth' %}

+

{% trans 'Auth' %}

{% bootstrap_field form.username layout="horizontal" %} {% bootstrap_field form.password layout="horizontal" %} @@ -72,14 +72,23 @@ var protocol_id = '#' + '{{ form.protocol.id_for_label }}'; var private_key_id = '#' + '{{ form.private_key_file.id_for_label }}'; var port = '#' + '{{ form.port.id_for_label }}'; +var username = '#' + '{{ form.username.id_for_label }}'; +var password = '#' + '{{ form.password.id_for_label }}'; +var auth_title = '#auth_title'; function protocolChange() { if ($(protocol_id + " option:selected").text() === 'rdp') { {#$(port).val(3389);#} - $(private_key_id).closest('.form-group').addClass('hidden') + $(private_key_id).closest('.form-group').addClass('hidden'); + $(username).closest('.form-group').addClass('hidden'); + $(password).closest('.form-group').addClass('hidden'); + $(auth_title).addClass('hidden'); } else { {#$(port).val(22);#} - $(private_key_id).closest('.form-group').removeClass('hidden') + $(private_key_id).closest('.form-group').removeClass('hidden'); + $(username).closest('.form-group').removeClass('hidden'); + $(password).closest('.form-group').removeClass('hidden'); + $(auth_title).removeClass('hidden'); } } diff --git a/apps/assets/templates/assets/system_user_detail.html b/apps/assets/templates/assets/system_user_detail.html index f0ed6030c..dd188bdab 100644 --- a/apps/assets/templates/assets/system_user_detail.html +++ b/apps/assets/templates/assets/system_user_detail.html @@ -152,15 +152,14 @@ - - - {% trans 'Clear auth' %}: - - - - - - +{# #} +{# {% trans 'Clear auth' %}:#} +{# #} +{# #} +{# #} +{# #} +{# #} +{# #} {# #} {# {% trans 'Change auth period' %}:#} diff --git a/apps/assets/urls/views_urls.py b/apps/assets/urls/views_urls.py index 418aa63a3..12c351154 100644 --- a/apps/assets/urls/views_urls.py +++ b/apps/assets/urls/views_urls.py @@ -50,4 +50,3 @@ urlpatterns = [ url(r'^domain/(?P[0-9a-zA-Z\-]{36})/gateway/create/$', views.DomainGatewayCreateView.as_view(), name='domain-gateway-create'), url(r'^domain/gateway/(?P[0-9a-zA-Z\-]{36})/update/$', views.DomainGatewayUpdateView.as_view(), name='domain-gateway-update'), ] - diff --git a/apps/common/mixins.py b/apps/common/mixins.py index a287391c9..bb21fe07e 100644 --- a/apps/common/mixins.py +++ b/apps/common/mixins.py @@ -92,7 +92,7 @@ class DatetimeSearchMixin: date_format = '%Y-%m-%d' date_from = date_to = None - def get(self, request, *args, **kwargs): + def get_date_range(self): date_from_s = self.request.GET.get('date_from') date_to_s = self.request.GET.get('date_to') @@ -112,6 +112,9 @@ class DatetimeSearchMixin: ) else: self.date_to = timezone.now() + + def get(self, request, *args, **kwargs): + self.get_date_range() return super().get(request, *args, **kwargs) diff --git a/apps/i18n/zh/LC_MESSAGES/django.mo b/apps/i18n/zh/LC_MESSAGES/django.mo index 78d56177e..bc860621d 100644 Binary files a/apps/i18n/zh/LC_MESSAGES/django.mo and b/apps/i18n/zh/LC_MESSAGES/django.mo differ diff --git a/apps/i18n/zh/LC_MESSAGES/django.po b/apps/i18n/zh/LC_MESSAGES/django.po index 0cf576ebe..b0ef3043f 100644 --- a/apps/i18n/zh/LC_MESSAGES/django.po +++ b/apps/i18n/zh/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Jumpserver 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2018-07-06 13:11+0800\n" +"POT-Creation-Date: 2018-07-19 18:29+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: ibuler \n" "Language-Team: Jumpserver team\n" @@ -32,7 +32,7 @@ msgstr "" #: assets/forms/asset.py:24 assets/models/asset.py:89 assets/models/user.py:112 #: assets/templates/assets/asset_detail.html:183 #: assets/templates/assets/asset_detail.html:191 -#: assets/templates/assets/system_user_detail.html:179 perms/models.py:33 +#: assets/templates/assets/system_user_detail.html:178 perms/models.py:33 msgid "Nodes" msgstr "节点管理" @@ -101,7 +101,7 @@ msgstr "端口" #: assets/forms/domain.py:14 assets/forms/label.py:13 #: assets/models/asset.py:237 assets/templates/assets/admin_user_list.html:25 #: assets/templates/assets/domain_detail.html:60 -#: assets/templates/assets/domain_list.html:15 +#: assets/templates/assets/domain_list.html:23 #: assets/templates/assets/label_list.html:16 #: assets/templates/assets/system_user_list.html:30 audits/models.py:11 #: audits/templates/audits/ftp_log_list.html:41 @@ -125,7 +125,7 @@ msgstr "资产" #: assets/templates/assets/admin_user_list.html:23 #: assets/templates/assets/domain_detail.html:56 #: assets/templates/assets/domain_gateway_list.html:56 -#: assets/templates/assets/domain_list.html:14 +#: assets/templates/assets/domain_list.html:22 #: assets/templates/assets/label_list.html:14 #: assets/templates/assets/system_user_detail.html:58 #: assets/templates/assets/system_user_list.html:26 common/models.py:26 @@ -356,7 +356,7 @@ msgstr "创建日期" #: assets/templates/assets/asset_detail.html:125 #: assets/templates/assets/domain_detail.html:76 #: assets/templates/assets/domain_gateway_list.html:61 -#: assets/templates/assets/domain_list.html:17 +#: assets/templates/assets/domain_list.html:25 #: assets/templates/assets/system_user_detail.html:104 #: assets/templates/assets/system_user_list.html:34 common/models.py:30 #: ops/models/adhoc.py:42 perms/models.py:40 perms/models.py:83 @@ -445,7 +445,7 @@ msgstr "默认资产组" #: terminal/templates/terminal/session_list.html:71 users/forms.py:282 #: users/models/user.py:31 users/models/user.py:333 #: users/templates/users/user_group_detail.html:78 -#: users/templates/users/user_group_list.html:13 users/views/user.py:361 +#: users/templates/users/user_group_list.html:13 users/views/user.py:367 msgid "User" msgstr "用户" @@ -685,6 +685,7 @@ msgstr "重置" #: common/templates/common/security_setting.html:71 #: common/templates/common/terminal_setting.html:108 #: perms/templates/perms/asset_permission_create_update.html:70 +#: terminal/templates/terminal/command_list.html:103 #: terminal/templates/terminal/session_list.html:126 #: terminal/templates/terminal/terminal_update.html:48 #: users/templates/users/_user.html:47 @@ -756,7 +757,7 @@ msgstr "测试" #: assets/templates/assets/domain_detail.html:24 #: assets/templates/assets/domain_detail.html:103 #: assets/templates/assets/domain_gateway_list.html:85 -#: assets/templates/assets/domain_list.html:42 +#: assets/templates/assets/domain_list.html:50 #: assets/templates/assets/label_list.html:38 #: assets/templates/assets/system_user_detail.html:26 #: assets/templates/assets/system_user_list.html:89 @@ -780,7 +781,7 @@ msgstr "更新" #: assets/templates/assets/domain_detail.html:28 #: assets/templates/assets/domain_detail.html:104 #: assets/templates/assets/domain_gateway_list.html:86 -#: assets/templates/assets/domain_list.html:43 +#: assets/templates/assets/domain_list.html:51 #: assets/templates/assets/label_list.html:39 #: assets/templates/assets/system_user_detail.html:30 #: assets/templates/assets/system_user_list.html:90 @@ -808,12 +809,13 @@ msgstr "选择节点" #: assets/templates/assets/admin_user_detail.html:100 #: assets/templates/assets/asset_detail.html:200 #: assets/templates/assets/asset_list.html:638 -#: assets/templates/assets/system_user_detail.html:196 +#: assets/templates/assets/system_user_detail.html:195 #: assets/templates/assets/system_user_list.html:139 templates/_modal.html:22 #: terminal/templates/terminal/session_detail.html:108 -#: users/templates/users/user_detail.html:366 -#: users/templates/users/user_detail.html:391 -#: users/templates/users/user_detail.html:414 +#: users/templates/users/user_detail.html:374 +#: users/templates/users/user_detail.html:399 +#: users/templates/users/user_detail.html:422 +#: users/templates/users/user_detail.html:466 #: users/templates/users/user_group_create_update.html:32 #: users/templates/users/user_group_list.html:86 #: users/templates/users/user_list.html:200 @@ -841,7 +843,7 @@ msgstr "比例" #: assets/templates/assets/admin_user_list.html:30 #: assets/templates/assets/asset_list.html:91 #: assets/templates/assets/domain_gateway_list.html:62 -#: assets/templates/assets/domain_list.html:18 +#: assets/templates/assets/domain_list.html:26 #: assets/templates/assets/label_list.html:17 #: assets/templates/assets/system_user_list.html:35 #: ops/templates/ops/adhoc_history.html:59 ops/templates/ops/task_adhoc.html:64 @@ -905,8 +907,8 @@ msgid "Refresh" msgstr "刷新" #: assets/templates/assets/asset_detail.html:300 -#: users/templates/users/user_detail.html:286 -#: users/templates/users/user_detail.html:313 +#: users/templates/users/user_detail.html:294 +#: users/templates/users/user_detail.html:321 msgid "Update successfully!" msgstr "更新成功" @@ -1002,8 +1004,9 @@ msgstr "存在资产,不能删除" #: assets/templates/assets/asset_list.html:633 #: assets/templates/assets/system_user_list.html:134 -#: users/templates/users/user_detail.html:361 -#: users/templates/users/user_detail.html:386 +#: users/templates/users/user_detail.html:369 +#: users/templates/users/user_detail.html:394 +#: users/templates/users/user_detail.html:461 #: users/templates/users/user_group_list.html:81 #: users/templates/users/user_list.html:195 msgid "Are you sure?" @@ -1043,7 +1046,7 @@ msgstr "您确定删除吗?" #: assets/templates/assets/domain_detail.html:21 #: assets/templates/assets/domain_detail.html:64 #: assets/templates/assets/domain_gateway_list.html:21 -#: assets/templates/assets/domain_list.html:16 +#: assets/templates/assets/domain_list.html:24 msgid "Gateway" msgstr "网关" @@ -1063,7 +1066,7 @@ msgstr "创建网关" msgid "Test connection" msgstr "测试连接" -#: assets/templates/assets/domain_list.html:6 assets/views/domain.py:46 +#: assets/templates/assets/domain_list.html:14 assets/views/domain.py:46 msgid "Create domain" msgstr "创建网域" @@ -1106,20 +1109,15 @@ msgstr "家目录" msgid "Uid" msgstr "Uid" -#: assets/templates/assets/system_user_detail.html:157 -#: assets/templates/assets/system_user_detail.html:343 -msgid "Clear auth" -msgstr "清除认证信息" - -#: assets/templates/assets/system_user_detail.html:160 -msgid "Clear" -msgstr "清除" - -#: assets/templates/assets/system_user_detail.html:187 +#: assets/templates/assets/system_user_detail.html:186 msgid "Add to node" msgstr "添加到节点" -#: assets/templates/assets/system_user_detail.html:343 +#: assets/templates/assets/system_user_detail.html:353 +msgid "Clear auth" +msgstr "清除认证信息" + +#: assets/templates/assets/system_user_detail.html:353 msgid "success" msgstr "成功" @@ -1238,6 +1236,7 @@ msgstr "文件名" #: audits/models.py:15 audits/templates/audits/ftp_log_list.html:77 #: ops/templates/ops/task_list.html:39 users/models/authentication.py:66 +#: users/templates/users/user_detail.html:443 msgid "Success" msgstr "成功" @@ -1854,7 +1853,7 @@ msgstr "选择用户" #: perms/templates/perms/asset_permission_list.html:136 templates/_nav.html:14 #: users/models/group.py:23 users/models/user.py:55 #: users/templates/users/_select_user_modal.html:16 -#: users/templates/users/user_detail.html:192 +#: users/templates/users/user_detail.html:200 #: users/templates/users/user_list.html:26 msgid "User group" msgstr "用户组" @@ -1907,7 +1906,7 @@ msgid "Add node to this permission" msgstr "添加节点" #: perms/templates/perms/asset_permission_asset.html:125 -#: users/templates/users/user_detail.html:209 +#: users/templates/users/user_detail.html:217 msgid "Join" msgstr "加入" @@ -2004,7 +2003,7 @@ msgstr "文档" #: users/templates/users/user_profile.html:17 #: users/templates/users/user_profile_update.html:37 #: users/templates/users/user_profile_update.html:57 -#: users/templates/users/user_pubkey_update.html:37 users/views/user.py:343 +#: users/templates/users/user_pubkey_update.html:37 users/views/user.py:349 msgid "Profile" msgstr "个人信息" @@ -2061,13 +2060,13 @@ msgstr "关闭" #: templates/_nav.html:10 users/views/group.py:28 users/views/group.py:44 #: users/views/group.py:62 users/views/group.py:79 users/views/group.py:95 -#: users/views/login.py:330 users/views/login.py:388 users/views/user.py:65 -#: users/views/user.py:80 users/views/user.py:102 users/views/user.py:175 -#: users/views/user.py:330 users/views/user.py:380 users/views/user.py:415 +#: users/views/login.py:332 users/views/login.py:390 users/views/user.py:67 +#: users/views/user.py:82 users/views/user.py:104 users/views/user.py:180 +#: users/views/user.py:336 users/views/user.py:386 users/views/user.py:421 msgid "Users" msgstr "用户管理" -#: templates/_nav.html:13 users/views/user.py:66 +#: templates/_nav.html:13 users/views/user.py:68 msgid "User list" msgstr "用户列表" @@ -2095,7 +2094,7 @@ msgstr "命令记录" msgid "Web terminal" msgstr "Web终端" -#: templates/_nav.html:51 terminal/views/command.py:47 +#: templates/_nav.html:51 terminal/views/command.py:49 #: terminal/views/session.py:75 terminal/views/session.py:93 #: terminal/views/session.py:115 terminal/views/terminal.py:31 #: terminal/views/terminal.py:46 terminal/views/terminal.py:58 @@ -2204,13 +2203,17 @@ msgstr "参数" msgid "Goto" msgstr "转到" +#: terminal/templates/terminal/command_list.html:99 +msgid "Export command" +msgstr "导出命令" + #: terminal/templates/terminal/session_detail.html:17 #: terminal/views/session.py:116 msgid "Session detail" msgstr "会话详情" #: terminal/templates/terminal/session_detail.html:28 -#: terminal/views/command.py:48 +#: terminal/views/command.py:50 msgid "Command list" msgstr "命令记录列表" @@ -2326,7 +2329,7 @@ msgid "" "You should use your ssh client tools connect terminal: {}

{}" msgstr "你可以使用ssh客户端工具连接终端" -#: users/api.py:208 users/templates/users/login.html:50 +#: users/api.py:226 users/templates/users/login.html:50 msgid "Log in frequently and try again later" msgstr "登录频繁, 稍后重试" @@ -2405,7 +2408,7 @@ msgstr "" msgid "Paste user id_rsa.pub here." msgstr "复制用户公钥到这里" -#: users/forms.py:73 users/templates/users/user_detail.html:200 +#: users/forms.py:73 users/templates/users/user_detail.html:208 msgid "Join user groups" msgstr "添加到用户组" @@ -2701,7 +2704,7 @@ msgid "Can't provide security? Please contact the administrator!" msgstr "如果不能提供MFA验证码,请联系管理员!" #: users/templates/users/reset_password.html:46 -#: users/templates/users/user_detail.html:352 users/utils.py:80 +#: users/templates/users/user_detail.html:360 users/utils.py:80 msgid "Reset password" msgstr "重置密码" @@ -2727,7 +2730,7 @@ msgid "Setting" msgstr "设置" #: users/templates/users/user_create.html:4 -#: users/templates/users/user_list.html:16 users/views/user.py:80 +#: users/templates/users/user_list.html:16 users/views/user.py:82 msgid "Create user" msgstr "创建用户" @@ -2736,7 +2739,7 @@ msgid "Reset link will be generated and sent to the user. " msgstr "生成重置密码连接,通过邮件发送给用户" #: users/templates/users/user_detail.html:19 -#: users/templates/users/user_granted_asset.html:18 users/views/user.py:176 +#: users/templates/users/user_granted_asset.html:18 users/views/user.py:181 msgid "User detail" msgstr "用户详情" @@ -2773,44 +2776,57 @@ msgstr "发送" msgid "Send reset ssh key mail" msgstr "发送重置密钥邮件" -#: users/templates/users/user_detail.html:295 +#: users/templates/users/user_detail.html:186 +#: users/templates/users/user_detail.html:446 +msgid "Unblock user" +msgstr "解除登录限制" + +#: users/templates/users/user_detail.html:189 +msgid "Unblock" +msgstr "解除" + +#: users/templates/users/user_detail.html:303 msgid "Goto profile page enable MFA" msgstr "请去个人信息页面启用自己的MFA" -#: users/templates/users/user_detail.html:351 +#: users/templates/users/user_detail.html:359 msgid "An e-mail has been sent to the user`s mailbox." msgstr "已发送邮件到用户邮箱" -#: users/templates/users/user_detail.html:362 +#: users/templates/users/user_detail.html:370 msgid "This will reset the user password and send a reset mail" msgstr "将失效用户当前密码,并发送重设密码邮件到用户邮箱" -#: users/templates/users/user_detail.html:376 +#: users/templates/users/user_detail.html:384 msgid "" "The reset-ssh-public-key E-mail has been sent successfully. Please inform " "the user to update his new ssh public key." msgstr "重设密钥邮件将会发送到用户邮箱" -#: users/templates/users/user_detail.html:377 +#: users/templates/users/user_detail.html:385 msgid "Reset SSH public key" msgstr "重置SSH密钥" -#: users/templates/users/user_detail.html:387 +#: users/templates/users/user_detail.html:395 msgid "This will reset the user public key and send a reset mail" msgstr "将会失效用户当前密钥,并发送重置邮件到用户邮箱" -#: users/templates/users/user_detail.html:404 +#: users/templates/users/user_detail.html:412 #: users/templates/users/user_profile.html:211 msgid "Successfully updated the SSH public key." msgstr "更新ssh密钥成功" -#: users/templates/users/user_detail.html:405 -#: users/templates/users/user_detail.html:409 +#: users/templates/users/user_detail.html:413 +#: users/templates/users/user_detail.html:417 #: users/templates/users/user_profile.html:212 #: users/templates/users/user_profile.html:217 msgid "User SSH public key update" msgstr "ssh密钥" +#: users/templates/users/user_detail.html:462 +msgid "After unlocking the user, the user can log in normally." +msgstr "解除用户登录限制后,此用户即可正常登录" + #: users/templates/users/user_group_create_update.html:31 msgid "Cancel" msgstr "取消" @@ -2867,8 +2883,8 @@ msgstr "用户删除失败" msgid "Administrator Settings force MFA login" msgstr "管理员设置强制使用MFA登录" -#: users/templates/users/user_profile.html:116 users/views/user.py:205 -#: users/views/user.py:259 +#: users/templates/users/user_profile.html:116 users/views/user.py:211 +#: users/views/user.py:265 msgid "User groups" msgstr "用户组" @@ -2914,7 +2930,7 @@ msgid "" "corresponding private key." msgstr "新的公钥已设置成功,请下载对应的私钥" -#: users/templates/users/user_update.html:4 users/views/user.py:103 +#: users/templates/users/user_update.html:4 users/views/user.py:105 msgid "Update user" msgstr "更新用户" @@ -3068,106 +3084,112 @@ msgstr "更新用户组" msgid "User group granted asset" msgstr "用户组授权资产" -#: users/views/login.py:75 +#: users/views/login.py:76 msgid "Please enable cookies and try again." msgstr "设置你的浏览器支持cookie" -#: users/views/login.py:178 users/views/user.py:500 users/views/user.py:525 +#: users/views/login.py:180 users/views/user.py:506 users/views/user.py:531 msgid "MFA code invalid" msgstr "MFA码认证失败" -#: users/views/login.py:207 +#: users/views/login.py:209 msgid "Logout success" msgstr "退出登录成功" -#: users/views/login.py:208 +#: users/views/login.py:210 msgid "Logout success, return login page" msgstr "退出登录成功,返回到登录页面" -#: users/views/login.py:224 +#: users/views/login.py:226 msgid "Email address invalid, please input again" msgstr "邮箱地址错误,重新输入" -#: users/views/login.py:237 +#: users/views/login.py:239 msgid "Send reset password message" msgstr "发送重置密码邮件" -#: users/views/login.py:238 +#: users/views/login.py:240 msgid "Send reset password mail success, login your mail box and follow it " msgstr "" "发送重置邮件成功, 请登录邮箱查看, 按照提示操作 (如果没收到,请等待3-5分钟)" -#: users/views/login.py:251 +#: users/views/login.py:253 msgid "Reset password success" msgstr "重置密码成功" -#: users/views/login.py:252 +#: users/views/login.py:254 msgid "Reset password success, return to login page" msgstr "重置密码成功,返回到登录页面" -#: users/views/login.py:273 users/views/login.py:286 +#: users/views/login.py:275 users/views/login.py:288 msgid "Token invalid or expired" msgstr "Token错误或失效" -#: users/views/login.py:282 +#: users/views/login.py:284 msgid "Password not same" msgstr "密码不一致" -#: users/views/login.py:292 users/views/user.py:118 users/views/user.py:398 +#: users/views/login.py:294 users/views/user.py:120 users/views/user.py:404 msgid "* Your password does not meet the requirements" msgstr "* 您的密码不符合要求" -#: users/views/login.py:330 +#: users/views/login.py:332 msgid "First login" msgstr "首次登陆" -#: users/views/login.py:389 +#: users/views/login.py:391 msgid "Login log list" msgstr "登录日志" -#: users/views/user.py:129 +#: users/views/user.py:131 msgid "Bulk update user success" msgstr "批量更新用户成功" -#: users/views/user.py:234 +#: users/views/user.py:240 msgid "Invalid file." msgstr "文件不合法" -#: users/views/user.py:331 +#: users/views/user.py:337 msgid "User granted assets" msgstr "用户授权资产" -#: users/views/user.py:362 +#: users/views/user.py:368 msgid "Profile setting" msgstr "个人信息设置" -#: users/views/user.py:381 +#: users/views/user.py:387 msgid "Password update" msgstr "密码更新" -#: users/views/user.py:416 +#: users/views/user.py:422 msgid "Public key update" msgstr "密钥更新" -#: users/views/user.py:457 +#: users/views/user.py:463 msgid "Password invalid" msgstr "用户名或密码无效" -#: users/views/user.py:551 +#: users/views/user.py:557 msgid "MFA enable success" msgstr "MFA 绑定成功" -#: users/views/user.py:552 +#: users/views/user.py:558 msgid "MFA enable success, return login page" msgstr "MFA 绑定成功,返回到登录页面" -#: users/views/user.py:554 +#: users/views/user.py:560 msgid "MFA disable success" msgstr "MFA 解绑成功" -#: users/views/user.py:555 +#: users/views/user.py:561 msgid "MFA disable success, return login page" msgstr "MFA 解绑成功,返回登录页面" +#~ msgid "Unblock user successfully. " +#~ msgstr "解除登录限制成功" + +#~ msgid "Clear" +#~ msgstr "清除" + #~ msgid "MFA setting" #~ msgstr "MFA 设置" diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py index 00bd788cd..5d60f7a15 100644 --- a/apps/jumpserver/settings.py +++ b/apps/jumpserver/settings.py @@ -341,6 +341,7 @@ AUTH_LDAP_GROUP_SEARCH = LDAPSearch( AUTH_LDAP_CONNECTION_OPTIONS = { ldap.OPT_TIMEOUT: 5 } +AUTH_LDAP_GROUP_CACHE_TIMEOUT = 1 AUTH_LDAP_ALWAYS_UPDATE_USER = True AUTH_LDAP_BACKEND = 'django_auth_ldap.backend.LDAPBackend' diff --git a/apps/jumpserver/views.py b/apps/jumpserver/views.py index d6d74a497..c2915ae0d 100644 --- a/apps/jumpserver/views.py +++ b/apps/jumpserver/views.py @@ -10,6 +10,7 @@ from users.models import User from assets.models import Asset from terminal.models import Session from common.permissions import AdminUserRequiredMixin +from orgs.utils import current_org class IndexView(AdminUserRequiredMixin, TemplateView): @@ -27,7 +28,7 @@ class IndexView(AdminUserRequiredMixin, TemplateView): @staticmethod def get_user_count(): - return User.objects.filter(role__in=('Admin', 'User')).count() + return current_org.get_org_users().count() @staticmethod def get_asset_count(): @@ -49,7 +50,6 @@ class IndexView(AdminUserRequiredMixin, TemplateView): def get_week_login_asset_count(self): return self.session_week.count() - # return self.session_week.values('asset').distinct().count() def get_month_day_metrics(self): month_str = [d.strftime('%m-%d') for d in self.session_month_dates] or ['0'] diff --git a/apps/orgs/models.py b/apps/orgs/models.py index ec94caaf7..5d3539ae1 100644 --- a/apps/orgs/models.py +++ b/apps/orgs/models.py @@ -55,9 +55,11 @@ class Organization(models.Model): def get_org_users(self): from users.models import User if self.is_default(): - return User.objects.filter(orgs__isnull=True) + users = User.objects.filter(orgs__isnull=True) else: - return self.users.all() + users = self.users.all() + users = users.exclude(role=User.ROLE_APP) + return users def get_org_admins(self): if self.is_real(): diff --git a/apps/perms/api.py b/apps/perms/api.py index 8b2e08fc5..3851d401a 100644 --- a/apps/perms/api.py +++ b/apps/perms/api.py @@ -5,6 +5,7 @@ from django.shortcuts import get_object_or_404 from rest_framework.views import APIView, Response from rest_framework.generics import ListAPIView, get_object_or_404, RetrieveUpdateAPIView from rest_framework import viewsets +from rest_framework.pagination import LimitOffsetPagination from common.utils import set_or_append_attr_bulk, get_object_or_none from common.permissions import IsValidUser, IsOrgAdmin, IsOrgAdminOrAppUser @@ -72,10 +73,7 @@ class UserGrantedAssetsApi(ListAPIView): util = AssetPermissionUtil(user) for k, v in util.get_assets().items(): - if k.is_unixlike(): - system_users_granted = [s for s in v if s.protocol in ['ssh', 'telnet']] - else: - system_users_granted = [s for s in v if s.protocol in ['rdp', 'telnet']] + system_users_granted = [s for s in v if s.protocol == k.protocol] k.system_users_granted = system_users_granted queryset.append(k) return queryset @@ -123,10 +121,7 @@ class UserGrantedNodesWithAssetsApi(ListAPIView): for node, _assets in nodes.items(): assets = _assets.keys() for k, v in _assets.items(): - if k.is_unixlike(): - system_users_granted = [s for s in v if s.protocol in ['ssh', 'telnet']] - else: - system_users_granted = [s for s in v if s.protocol in ['rdp', 'telnet']] + system_users_granted = [s for s in v if s.protocol == k.protocol] k.system_users_granted = system_users_granted node.assets_granted = assets queryset.append(node) diff --git a/apps/perms/urls/views_urls.py b/apps/perms/urls/views_urls.py index 5c3fa3b48..a3cf7ff42 100644 --- a/apps/perms/urls/views_urls.py +++ b/apps/perms/urls/views_urls.py @@ -6,13 +6,11 @@ from .. import views app_name = 'perms' urlpatterns = [ - url(r'^asset-permission$', views.AssetPermissionListView.as_view(), name='asset-permission-list'), - url(r'^asset-permission/create$', views.AssetPermissionCreateView.as_view(), name='asset-permission-create'), - url(r'^asset-permission/(?P[0-9a-zA-Z\-]{36})/update$', views.AssetPermissionUpdateView.as_view(), name='asset-permission-update'), - url(r'^asset-permission/(?P[0-9a-zA-Z\-]{36})$', views.AssetPermissionDetailView.as_view(),name='asset-permission-detail'), - url(r'^asset-permission/(?P[0-9a-zA-Z\-]{36})/delete$', views.AssetPermissionDeleteView.as_view(), name='asset-permission-delete'), - url(r'^asset-permission/(?P[0-9a-zA-Z\-]{36})/user$', views.AssetPermissionUserView.as_view(), name='asset-permission-user-list'), - url(r'^asset-permission/(?P[0-9a-zA-Z\-]{36})/asset$', views.AssetPermissionAssetView.as_view(), name='asset-permission-asset-list'), + url(r'^asset-permission/$', views.AssetPermissionListView.as_view(), name='asset-permission-list'), + url(r'^asset-permission/create/$', views.AssetPermissionCreateView.as_view(), name='asset-permission-create'), + url(r'^asset-permission/(?P[0-9a-zA-Z\-]{36})/update/$', views.AssetPermissionUpdateView.as_view(), name='asset-permission-update'), + url(r'^asset-permission/(?P[0-9a-zA-Z\-]{36})/$', views.AssetPermissionDetailView.as_view(),name='asset-permission-detail'), + url(r'^asset-permission/(?P[0-9a-zA-Z\-]{36})/delete/$', views.AssetPermissionDeleteView.as_view(), name='asset-permission-delete'), + url(r'^asset-permission/(?P[0-9a-zA-Z\-]{36})/user/$', views.AssetPermissionUserView.as_view(), name='asset-permission-user-list'), + url(r'^asset-permission/(?P[0-9a-zA-Z\-]{36})/asset/$', views.AssetPermissionAssetView.as_view(), name='asset-permission-asset-list'), ] - - diff --git a/apps/templates/_footer.html b/apps/templates/_footer.html index c78f0da33..70e0c8dcd 100644 --- a/apps/templates/_footer.html +++ b/apps/templates/_footer.html @@ -1,6 +1,6 @@
- Version 1.3.2-{% include '_build.html' %} GPLv2. + Version 1.3.3-{% include '_build.html' %} GPLv2.
diff --git a/apps/terminal/api.py b/apps/terminal/api.py index 3fe8340cf..2e7778514 100644 --- a/apps/terminal/api.py +++ b/apps/terminal/api.py @@ -4,6 +4,7 @@ from collections import OrderedDict import logging import os import uuid +import copy from django.core.cache import cache from django.shortcuts import get_object_or_404, redirect @@ -310,6 +311,7 @@ class SessionReplayViewSet(viewsets.ViewSet): def retrieve(self, request, *args, **kwargs): session_id = kwargs.get('pk') self.session = get_object_or_404(Session, id=session_id) + # 新版本和老版本的文件后缀不同 session_path = self.get_session_path() # 存在外部存储上的路径 local_path = self.get_local_path() diff --git a/apps/terminal/templates/terminal/command_list.html b/apps/terminal/templates/terminal/command_list.html index 6b55d787e..50daf682d 100644 --- a/apps/terminal/templates/terminal/command_list.html +++ b/apps/terminal/templates/terminal/command_list.html @@ -92,27 +92,52 @@ {% endfor %} + +
+
+ +
+ +
+
+
{% endblock %} {% block custom_foot_js %} {% endblock %} diff --git a/apps/terminal/templates/terminal/command_report.html b/apps/terminal/templates/terminal/command_report.html new file mode 100644 index 000000000..3542c1423 --- /dev/null +++ b/apps/terminal/templates/terminal/command_report.html @@ -0,0 +1,103 @@ +{% load common_tags %} +{% load static %} + + + + + Command Report + + + + +
+
+

Command Report

+
+

total: {{ total_count }}

+

date: {{ now | ts_to_date }}

+
+ +
+ +
+ {% for command in queryset %} +
+

+ [{{ command.user}} {{ command.system_user }}@{{ command.asset }} {{ command.timestamp | ts_to_date }}] + {{ forloop.counter }} +

+ +

$ {{ command.input }}

+ + 
{{ command.output }}
+
+ +
+ {% endfor %} +
+
+
+ + \ No newline at end of file diff --git a/apps/terminal/urls/views_urls.py b/apps/terminal/urls/views_urls.py index 834d0f39d..c5865cb2b 100644 --- a/apps/terminal/urls/views_urls.py +++ b/apps/terminal/urls/views_urls.py @@ -24,5 +24,6 @@ urlpatterns = [ # Command view url(r'^command/$', views.CommandListView.as_view(), name='command-list'), + url(r'^command/export/$', views.CommandExportView.as_view(), name='command-export') ] diff --git a/apps/terminal/views/command.py b/apps/terminal/views/command.py index b7f62f369..808dc9706 100644 --- a/apps/terminal/views/command.py +++ b/apps/terminal/views/command.py @@ -1,10 +1,12 @@ # -*- coding: utf-8 -*- # -from django.views.generic import ListView +from django.views.generic import ListView, View from django.conf import settings -from django.utils import timezone from django.utils.translation import ugettext as _ +from django.http import HttpResponse +from django.template import loader +import time from common.mixins import DatetimeSearchMixin from common.permissions import AdminUserRequiredMixin @@ -12,7 +14,7 @@ from ..models import Command from .. import utils from ..backends import get_multi_command_storage -__all__ = ['CommandListView'] +__all__ = ['CommandListView', 'CommandExportView'] common_storage = get_multi_command_storage() @@ -61,7 +63,43 @@ class CommandListView(DatetimeSearchMixin, AdminUserRequiredMixin, ListView): return super().get_context_data(**kwargs) +class CommandExportView(DatetimeSearchMixin, AdminUserRequiredMixin, View): + model = Command + command = user = asset = system_user = action = '' + date_from = date_to = None + def get(self, request, *args, **kwargs): + queryset = self.get_queryset() + template = 'terminal/command_report.html' + context = { + 'queryset': queryset, + 'total_count': len(queryset), + 'now': time.time(), + } + content = loader.render_to_string(template, context, request) + content_type = 'application/octet-stream' + response = HttpResponse(content, content_type) + filename = 'command-report-{}.html'.format(int(time.time())) + response['Content-Disposition'] = 'attachment; filename="%s"' % filename + return response - - + def get_queryset(self): + self.get_date_range() + self.action = self.request.GET.get('action', '') + self.command = self.request.GET.get('command', '') + self.user = self.request.GET.get("user", '') + self.asset = self.request.GET.get('asset', '') + self.system_user = self.request.GET.get('system_user', '') + filter_kwargs = dict() + filter_kwargs['date_from'] = self.date_from + filter_kwargs['date_to'] = self.date_to + if self.user: + filter_kwargs['user'] = self.user + if self.asset: + filter_kwargs['asset'] = self.asset + if self.system_user: + filter_kwargs['system_user'] = self.system_user + if self.command: + filter_kwargs['input'] = self.command + queryset = common_storage.filter(**filter_kwargs) + return queryset diff --git a/apps/users/api.py b/apps/users/api.py index f270f0161..012c2db1d 100644 --- a/apps/users/api.py +++ b/apps/users/api.py @@ -101,7 +101,23 @@ class UserUpdatePKApi(generics.UpdateAPIView): user.save() -class UserGroupViewSet(BulkModelViewSet): +class UserUnblockPKApi(generics.UpdateAPIView): + queryset = User.objects.all() + permission_classes = (IsSuperUser,) + serializer_class = UserSerializer + key_prefix_limit = "_LOGIN_LIMIT_{}_{}" + key_prefix_block = "_LOGIN_BLOCK_{}" + + def perform_update(self, serializer): + user = self.get_object() + username = user.username if user else '' + key_limit = self.key_prefix_limit.format(username, '*') + key_block = self.key_prefix_block.format(username) + cache.delete_pattern(key_limit) + cache.delete(key_block) + + +class UserGroupViewSet(IDInFilterMixin, BulkModelViewSet): queryset = UserGroup.objects.all() serializer_class = UserGroupSerializer permission_classes = (IsOrgAdmin,) @@ -203,13 +219,15 @@ class UserAuthApi(APIView): permission_classes = (AllowAny,) serializer_class = UserSerializer key_prefix_limit = "_LOGIN_LIMIT_{}_{}" + key_prefix_block = "_LOGIN_BLOCK_{}" def post(self, request): # limit login username = request.data.get('username') ip = request.data.get('remote_addr', None) ip = ip if ip else get_login_ip(request) - key_limit = self.key_prefix_limit.format(ip, username) + key_limit = self.key_prefix_limit.format(username, ip) + key_block = self.key_prefix_block.format(username) if is_block_login(key_limit): msg = _("Log in frequently and try again later") return Response({'msg': msg}, status=401) @@ -224,7 +242,7 @@ class UserAuthApi(APIView): } self.write_login_log(request, data) - set_user_login_failed_count_to_cache(key_limit) + set_user_login_failed_count_to_cache(key_limit, key_block) return Response({'msg': msg}, status=401) if not user.otp_enabled: diff --git a/apps/users/templates/users/user_detail.html b/apps/users/templates/users/user_detail.html index d40251563..b664d917f 100644 --- a/apps/users/templates/users/user_detail.html +++ b/apps/users/templates/users/user_detail.html @@ -182,6 +182,14 @@ + + {% trans 'Unblock user' %} + + + + + +
@@ -275,7 +283,7 @@ $(document).ready(function() { .on('select2:unselect', function(evt) { var data = evt.params.data; delete jumpserver.nodes_selected[data.id]; - }) + }); }) .on('click', '#is_active', function() { var the_url = "{% url 'api-users:user-detail' pk=user_object.id %}"; @@ -293,7 +301,7 @@ $(document).ready(function() { .on('click', '#force_enable_otp', function() { {% if request.user == user_object %} toastr.error("{% trans 'Goto profile page enable MFA' %}"); - return + return; {% endif %} var the_url = "{% url 'api-users:user-detail' pk=user_object.id %}"; @@ -426,6 +434,40 @@ $(document).ready(function() { var the_url = '{% url "api-users:user-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid); var redirect_url = "{% url 'users:user-list' %}"; objectDelete($this, name, the_url, redirect_url); +}).on('click', '#btn-unblock-user', function () { + function doReset() { + {#var the_url = '{% url "api-users:user-reset-password" pk=user_object.id %}';#} + var the_url = '{% url "api-users:user-unblock" pk=user_object.id %}'; + var body = {}; + var success = function() { + var msg = "{% trans "Success" %}"; + {#swal("{% trans 'Unblock user' %}", msg, "success");#} + swal({ + title: "{% trans 'Unblock user' %}", + text: msg, + type: "success" + }, function() { + location.reload() + } + ); + }; + APIUpdateAttr({ + url: the_url, + body: JSON.stringify(body), + success: success + }); + } + swal({ + title: "{% trans 'Are you sure?' %}", + text: "{% trans "After unlocking the user, the user can log in normally."%}", + type: "warning", + showCancelButton: true, + confirmButtonColor: "#DD6B55", + confirmButtonText: "{% trans 'Confirm' %}", + closeOnConfirm: false + }, function() { + doReset(); + }); }) {% endblock %} diff --git a/apps/users/templates/users/user_list.html b/apps/users/templates/users/user_list.html index 27c07c538..052c5b7c0 100644 --- a/apps/users/templates/users/user_list.html +++ b/apps/users/templates/users/user_list.html @@ -59,7 +59,7 @@ function initTable() { ele: $('#user_list_table'), columnDefs: [ {targets: 1, createdCell: function (td, cellData, rowData) { - var detail_btn = '' + escape(cellData) + ''; + var detail_btn = '' + cellData + ''; $(td).html(detail_btn.replace("{{ DEFAULT_PK }}", rowData.id)); }}, {targets: 4, createdCell: function (td, cellData) { diff --git a/apps/users/urls/api_urls.py b/apps/users/urls/api_urls.py index 58c7e43a2..a5736a12a 100644 --- a/apps/users/urls/api_urls.py +++ b/apps/users/urls/api_urls.py @@ -29,6 +29,8 @@ urlpatterns = [ api.UserResetPKApi.as_view(), name='user-public-key-reset'), url(r'^users/(?P[0-9a-zA-Z\-]{36})/pubkey/update/$', api.UserUpdatePKApi.as_view(), name='user-public-key-update'), + url(r'^users/(?P[0-9a-zA-Z\-]{36})/unblock/$', + api.UserUnblockPKApi.as_view(), name='user-unblock'), url(r'^users/(?P[0-9a-zA-Z\-]{36})/groups/$', api.UserUpdateGroupApi.as_view(), name='user-update-group'), url(r'^groups/(?P[0-9a-zA-Z\-]{36})/users/$', diff --git a/apps/users/urls/views_urls.py b/apps/users/urls/views_urls.py index 2aaf4a9ae..8052f1384 100644 --- a/apps/users/urls/views_urls.py +++ b/apps/users/urls/views_urls.py @@ -8,13 +8,13 @@ app_name = 'users' urlpatterns = [ # Login view - url(r'^login$', views.UserLoginView.as_view(), name='login'), - url(r'^logout$', views.UserLogoutView.as_view(), name='logout'), - url(r'^login/otp$', views.UserLoginOtpView.as_view(), name='login-otp'), - url(r'^password/forgot$', views.UserForgotPasswordView.as_view(), name='forgot-password'), - url(r'^password/forgot/sendmail-success$', views.UserForgotPasswordSendmailSuccessView.as_view(), name='forgot-password-sendmail-success'), - url(r'^password/reset$', views.UserResetPasswordView.as_view(), name='reset-password'), - url(r'^password/reset/success$', views.UserResetPasswordSuccessView.as_view(), name='reset-password-success'), + url(r'^login/$', views.UserLoginView.as_view(), name='login'), + url(r'^logout/$', views.UserLogoutView.as_view(), name='logout'), + url(r'^login/otp/$', views.UserLoginOtpView.as_view(), name='login-otp'), + url(r'^password/forgot/$', views.UserForgotPasswordView.as_view(), name='forgot-password'), + url(r'^password/forgot/sendmail-success/$', views.UserForgotPasswordSendmailSuccessView.as_view(), name='forgot-password-sendmail-success'), + url(r'^password/reset/$', views.UserResetPasswordView.as_view(), name='reset-password'), + url(r'^password/reset/success/$', views.UserResetPasswordSuccessView.as_view(), name='reset-password-success'), # Profile url(r'^profile/$', views.UserProfileView.as_view(), name='user-profile'), @@ -29,23 +29,23 @@ urlpatterns = [ url(r'^profile/otp/settings-success/$', views.UserOtpSettingsSuccessView.as_view(), name='user-otp-settings-success'), # User view - url(r'^user$', views.UserListView.as_view(), name='user-list'), - url(r'^user/export/', views.UserExportView.as_view(), name='user-export'), + url(r'^user/$', views.UserListView.as_view(), name='user-list'), + url(r'^user/export/$', views.UserExportView.as_view(), name='user-export'), url(r'^first-login/$', views.UserFirstLoginView.as_view(), name='user-first-login'), url(r'^user/import/$', views.UserBulkImportView.as_view(), name='user-import'), - url(r'^user/create$', views.UserCreateView.as_view(), name='user-create'), - url(r'^user/(?P[0-9a-zA-Z\-]{36})/update$', views.UserUpdateView.as_view(), name='user-update'), - url(r'^user/update$', views.UserBulkUpdateView.as_view(), name='user-bulk-update'), - url(r'^user/(?P[0-9a-zA-Z\-]{36})$', views.UserDetailView.as_view(), name='user-detail'), - url(r'^user/(?P[0-9a-zA-Z\-]{36})/assets', views.UserGrantedAssetView.as_view(), name='user-granted-asset'), - url(r'^user/(?P[0-9a-zA-Z\-]{36})/login-history', views.UserDetailView.as_view(), name='user-login-history'), + url(r'^user/create/$', views.UserCreateView.as_view(), name='user-create'), + url(r'^user/(?P[0-9a-zA-Z\-]{36})/update/$', views.UserUpdateView.as_view(), name='user-update'), + url(r'^user/update/$', views.UserBulkUpdateView.as_view(), name='user-bulk-update'), + url(r'^user/(?P[0-9a-zA-Z\-]{36})/$', views.UserDetailView.as_view(), name='user-detail'), + url(r'^user/(?P[0-9a-zA-Z\-]{36})/assets/$', views.UserGrantedAssetView.as_view(), name='user-granted-asset'), + url(r'^user/(?P[0-9a-zA-Z\-]{36})/login-history/$', views.UserDetailView.as_view(), name='user-login-history'), # User group view - url(r'^user-group$', views.UserGroupListView.as_view(), name='user-group-list'), - url(r'^user-group/(?P[0-9a-zA-Z\-]{36})$', views.UserGroupDetailView.as_view(), name='user-group-detail'), - url(r'^user-group/create$', views.UserGroupCreateView.as_view(), name='user-group-create'), - url(r'^user-group/(?P[0-9a-zA-Z\-]{36})/update$', views.UserGroupUpdateView.as_view(), name='user-group-update'), - url(r'^user-group/(?P[0-9a-zA-Z\-]{36})/assets', views.UserGroupGrantedAssetView.as_view(), name='user-group-granted-asset'), + url(r'^user-group/$', views.UserGroupListView.as_view(), name='user-group-list'), + url(r'^user-group/(?P[0-9a-zA-Z\-]{36})/$', views.UserGroupDetailView.as_view(), name='user-group-detail'), + url(r'^user-group/create/$', views.UserGroupCreateView.as_view(), name='user-group-create'), + url(r'^user-group/(?P[0-9a-zA-Z\-]{36})/update/$', views.UserGroupUpdateView.as_view(), name='user-group-update'), + url(r'^user-group/(?P[0-9a-zA-Z\-]{36})/assets/$', views.UserGroupGrantedAssetView.as_view(), name='user-group-granted-asset'), # Login log url(r'^login-log/$', views.LoginLogListView.as_view(), name='login-log-list'), diff --git a/apps/users/utils.py b/apps/users/utils.py index 937a90867..047cf8e71 100644 --- a/apps/users/utils.py +++ b/apps/users/utils.py @@ -212,10 +212,10 @@ def write_login_log(*args, **kwargs): def get_ip_city(ip, timeout=10): - # Taobao ip api: http://ip.taobao.com//service/getIpInfo.php?ip=8.8.8.8 + # Taobao ip api: http://ip.taobao.com/service/getIpInfo.php?ip=8.8.8.8 # Sina ip api: http://int.dpool.sina.com.cn/iplookup/iplookup.php?ip=8.8.8.8&format=json - url = 'http://int.dpool.sina.com.cn/iplookup/iplookup.php?ip=%s&format=json' % ip + url = 'http://ip.taobao.com/service/getIpInfo.php?ip=%s' % ip try: r = requests.get(url, timeout=timeout) except: @@ -224,8 +224,8 @@ def get_ip_city(ip, timeout=10): if r and r.status_code == 200: try: data = r.json() - if not isinstance(data, int) and data['ret'] == 1: - city = data['country'] + ' ' + data['city'] + if not isinstance(data, int) and data['code'] == 0: + city = data['data']['country'] + ' ' + data['data']['city'] except ValueError: pass return city @@ -333,7 +333,7 @@ def check_password_rules(password): return bool(match_obj) -def set_user_login_failed_count_to_cache(key_limit): +def set_user_login_failed_count_to_cache(key_limit, key_block): count = cache.get(key_limit) count = count + 1 if count else 1 @@ -343,6 +343,15 @@ def set_user_login_failed_count_to_cache(key_limit): limit_time = setting_limit_time.cleaned_value if setting_limit_time \ else settings.DEFAULT_LOGIN_LIMIT_TIME + setting_limit_count = Setting.objects.filter( + name='SECURITY_LOGIN_LIMIT_COUNT' + ).first() + limit_count = setting_limit_count.cleaned_value if setting_limit_count \ + else settings.DEFAULT_LOGIN_LIMIT_COUNT + + if count >= limit_count: + cache.set(key_block, 1, int(limit_time)*60) + cache.set(key_limit, count, int(limit_time)*60) @@ -357,3 +366,9 @@ def is_block_login(key_limit): if count and count >= limit_count: return True + + +def is_need_unblock(key_block): + if not cache.get(key_block): + return False + return True diff --git a/apps/users/views/login.py b/apps/users/views/login.py index e86af8ea7..4db1610fe 100644 --- a/apps/users/views/login.py +++ b/apps/users/views/login.py @@ -52,6 +52,7 @@ class UserLoginView(FormView): redirect_field_name = 'next' key_prefix_captcha = "_LOGIN_INVALID_{}" key_prefix_limit = "_LOGIN_LIMIT_{}_{}" + key_prefix_block = "_LOGIN_BLOCK_{}" def get(self, request, *args, **kwargs): if request.user.is_staff: @@ -65,7 +66,7 @@ class UserLoginView(FormView): # limit login authentication ip = get_login_ip(request) username = self.request.POST.get('username') - key_limit = self.key_prefix_limit.format(ip, username) + key_limit = self.key_prefix_limit.format(username, ip) if is_block_login(key_limit): return self.render_to_response(self.get_context_data(block_login=True)) @@ -91,8 +92,9 @@ class UserLoginView(FormView): # limit user login failed count ip = get_login_ip(self.request) - key_limit = self.key_prefix_limit.format(ip, username) - set_user_login_failed_count_to_cache(key_limit) + key_limit = self.key_prefix_limit.format(username, ip) + key_block = self.key_prefix_block.format(username) + set_user_login_failed_count_to_cache(key_limit, key_block) # show captcha cache.set(self.key_prefix_captcha.format(ip), 1, 3600) diff --git a/apps/users/views/user.py b/apps/users/views/user.py index 71d24dbc0..624ba3786 100644 --- a/apps/users/views/user.py +++ b/apps/users/views/user.py @@ -37,7 +37,9 @@ from common.models import Setting from common.permissions import AdminUserRequiredMixin from .. import forms from ..models import User, UserGroup -from ..utils import generate_otp_uri, check_otp_code, get_user_or_tmp_user, get_password_check_rules, check_password_rules +from ..utils import generate_otp_uri, check_otp_code, \ + get_user_or_tmp_user, get_password_check_rules, check_password_rules, \ + is_need_unblock from ..signals import post_user_create from ..tasks import write_login_log_async @@ -169,13 +171,17 @@ class UserDetailView(AdminUserRequiredMixin, DetailView): model = User template_name = 'users/user_detail.html' context_object_name = "user_object" + key_prefix_block = "_LOGIN_BLOCK_{}" def get_context_data(self, **kwargs): + user = self.get_object() + key_block = self.key_prefix_block.format(user.username) groups = UserGroup.objects.exclude(id__in=self.object.groups.all()) context = { 'app': _('Users'), 'action': _('User detail'), - 'groups': groups + 'groups': groups, + 'unblock': is_need_unblock(key_block), } kwargs.update(context) return super().get_context_data(**kwargs) diff --git a/docs/step_by_step.rst b/docs/step_by_step.rst index 484013e1b..300e1a3a2 100644 --- a/docs/step_by_step.rst +++ b/docs/step_by_step.rst @@ -228,7 +228,7 @@ Luna 已改为纯前端,需要 Nginx 来运行访问 -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \ -e JUMPSERVER_KEY_DIR=/config/guacamole/key \ -e JUMPSERVER_SERVER=http://<填写本机的IP地址>:8080 \ - registry.jumpserver.org/public/guacamole:1.0.0 + registry.jumpserver.org/public/guacamole:latest 这里所需要注意的是 guacamole 暴露出来的端口是 8081,若与主机上其他端口冲突请自定义一下。 diff --git a/jms b/jms index 47eb81859..5e334c926 100755 --- a/jms +++ b/jms @@ -122,8 +122,8 @@ def start_gunicorn(): cmd = [ 'gunicorn', 'jumpserver.wsgi', '-b', bind, - '-w', str(WORKERS), '-k', 'eventlet', + '-w', str(WORKERS), '--access-logformat', log_format, '-p', pid_file, ] diff --git a/requirements/requirements.txt b/requirements/requirements.txt index 44e9e555b..9d84d16cd 100644 --- a/requirements/requirements.txt +++ b/requirements/requirements.txt @@ -48,7 +48,7 @@ MarkupSafe==1.0 mysqlclient==1.3.12 olefile==0.44 openapi-codec==1.3.2 -paramiko==2.4.0 +paramiko==2.4.1 passlib==1.7.1 Pillow==4.3.0 pyasn1==0.4.2 diff --git a/utils/make_migrations.sh b/utils/make_migrations.sh index fbe3e577c..4fb8fdacf 100755 --- a/utils/make_migrations.sh +++ b/utils/make_migrations.sh @@ -5,4 +5,4 @@ python3 ../apps/manage.py makemigrations python3 ../apps/manage.py migrate -python3 ../apps/manage.py makemigrations –-merge +python3 ../apps/manage.py makemigrations --merge