Add token

apps/assets/api.py

@@ -2,22 +2,20 @@
 
 from rest_framework import serializers
 from rest_framework import viewsets, serializers, generics
+from rest_framework.response import Response
 from rest_framework.views import APIView
 from rest_framework_bulk import BulkListSerializer, BulkSerializerMixin, ListBulkCreateUpdateDestroyAPIView
 
 from common.mixins import BulkDeleteApiMixin
-from common.utils import get_object_or_none
-from .models import AssetGroup, Asset, IDC, AssetExtend
+from common.utils import get_object_or_none, signer
+from .hands import IsSuperUserOrTerminalUser, IsSuperUser
+from .models import AssetGroup, Asset, IDC, SystemUser
 from .serializers import AssetBulkUpdateSerializer
 
 
 class AssetGroupSerializer(serializers.ModelSerializer):
     class Meta:
         model = AssetGroup
-        # exclude = [
-        #     'password', 'first_name', 'last_name', 'secret_key_otp',
-        #     'private_key', 'public_key', 'avatar',
-        # ]
 
 
 class AssetSerializer(serializers.ModelSerializer):
@@ -56,22 +54,36 @@ class IDCViewSet(viewsets.ReadOnlyModelViewSet):
     """
     queryset = IDC.objects.all()
     serializer_class = IDCSerializer
+    permission_classes = (IsSuperUser,)
 
 
 class AssetListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView):
     queryset = Asset.objects.all()
     serializer_class = AssetBulkUpdateSerializer
+    permission_classes = (IsSuperUser,)
 
 
-class AssetSystemUserAuthApi(APIView):
+class SystemUserAuthApi(APIView):
+    permission_classes = (IsSuperUserOrTerminalUser,)
+
     def get(self, request, *args, **kwargs):
-        system_user_id = request.data.get('system_user_id', -1)
-        system_user_username = request.data.get('system_user_username', '')
+        system_user_id = request.query_params.get('system_user_id', -1)
+        system_user_username = request.query_params.get('system_user_username', '')
 
-        system_user = get_object_or_none(Asset, id=system_user_id, username=system_user_username)
+        system_user = get_object_or_none(SystemUser, id=system_user_id, username=system_user_username)
 
         if system_user:
-            password = system_user.password
-            private_key = system_user.private_key
+            password = signer.sign(system_user.password)
+            private_key = signer.sign(system_user.private_key)
+
+            response = {
+                'id': system_user.id,
+                'password': password,
+                'private_key': private_key,
+            }
+
+            return Response(response)
+        else:
+            return Response({'msg': 'error system user id or username'}, status=401)
 
 

apps/assets/hands.py

@@ -12,4 +12,5 @@
 
 
 from users.utils import AdminUserRequiredMixin
+from users.backends import IsSuperUserOrTerminalUser, IsSuperUser
 from users.models import User, UserGroup

apps/assets/models.py

@@ -179,7 +179,7 @@ class SystemUser(models.Model):
 
     @property
     def password(self):
-        return signer.sign(self._password)
+        return signer.unsign(self._password)
 
     @password.setter
     def password(self, password_raw):
@@ -187,19 +187,19 @@ class SystemUser(models.Model):
 
     @property
     def private_key(self):
-        return signer(self._private_key)
+        return signer.unsign(self._private_key)
 
     @private_key.setter
     def private_key(self, private_key_raw):
-        self._private_key = signer(private_key_raw)
+        self._private_key = signer.sign(private_key_raw)
 
     @property
     def public_key(self):
-        return signer(self._public_key)
+        return signer.unsign(self._public_key)
 
     @public_key.setter
     def public_key(self, public_key_raw):
-        self._public_key = signer(public_key_raw)
+        self._public_key = signer.sign(public_key_raw)
 
     def get_assets_inherit_from_asset_groups(self):
         assets = set()

apps/assets/urls.py

@@ -64,10 +64,10 @@ urlpatterns = [
 ]
 
 urlpatterns += [
-    #json
     url(r'^v1/assets/$', api.AssetViewSet.as_view({'get':'list'}), name='assets-list-api'),
     url(r'^v1/assets_bulk/$', api.AssetListUpdateApi.as_view(), name='asset-bulk-update-api'),
     url(r'^v1/idc/$', api.IDCViewSet.as_view({'get':'list'}), name='idc-list-json'),
+    url(r'^v1/system-user/auth/', api.SystemUserAuthApi.as_view(), name='system-user-auth'),
 ]
 
 

apps/common/utils.py

@@ -44,7 +44,10 @@ class Signer(object):
 
     def unsign(self, value):
         s = JSONWebSignatureSerializer(self.secret_key)
-        return s.loads(value)
+        try:
+            return s.loads(value)
+        except BadSignature:
+            return None
 
     def sign_t(self, value, expires_in=3600):
         s = TimedJSONWebSignatureSerializer(self.secret_key, expires_in=expires_in)
@@ -52,7 +55,10 @@ class Signer(object):
 
     def unsign_t(self, value):
         s = TimedJSONWebSignatureSerializer(self.secret_key)
-        return s.loads(value)
+        try:
+            return s.loads(value)
+        except (BadSignature, SignatureExpired):
+            return None
 
 
 def date_expired_default():

apps/jumpserver/settings.py

@@ -269,9 +269,9 @@ REST_FRAMEWORK = {
     'DEFAULT_AUTHENTICATION_CLASSES': (
         'users.backends.TerminalAuthentication',
         'users.backends.AccessTokenAuthentication',
+        'rest_framework.authentication.TokenAuthentication',
         'rest_framework.authentication.BasicAuthentication',
         'rest_framework.authentication.SessionAuthentication',
-        'rest_framework.authentication.TokenAuthentication',
     ),
 }
 # This setting is required to override the Django's main loop, when running in

apps/jumpserver/urls.py

@@ -23,7 +23,7 @@ urlpatterns = [
     url(r'^captcha/', include('captcha.urls')),
     url(r'^$', TemplateView.as_view(template_name='base.html'), name='index'),
     url(r'^(api/)?users/', include('users.urls')),
-    url(r'^assets/', include('assets.urls')),
+    url(r'^(api/)?assets/', include('assets.urls')),
     url(r'^(api/)?perms/', include('perms.urls')),
     url(r'^(api/)?audits/', include('audits.urls')),
     url(r'^(api/)?terminal/', include('terminal.urls')),

apps/users/urls.py

@@ -36,7 +36,7 @@ urlpatterns = [
 
 urlpatterns += [
     url(r'^v1/users/$', api.UserListUpdateApi.as_view(), name='user-bulk-update-api'),
-    url(r'^v1/users/token$', api.UserTokenApi.as_view(), name='user-token-api'),
+    url(r'^v1/users/token/$', api.UserTokenApi.as_view(), name='user-token-api'),
     url(r'^v1/users/(?P<pk>\d+)/$', api.UserDetailApi.as_view(), name='user-patch-api'),
     url(r'^v1/users/(?P<pk>\d+)/reset-password/$', api.UserResetPasswordApi.as_view(), name='user-reset-password-api'),
     url(r'^v1/users/(?P<pk>\d+)/reset-pk/$', api.UserResetPKApi.as_view(), name='user-reset-pk-api'),