mirror of https://github.com/jumpserver/jumpserver
Add token
parent
1159d9494c
commit
34a0a37b63
|
@ -2,22 +2,20 @@
|
|||
|
||||
from rest_framework import serializers
|
||||
from rest_framework import viewsets, serializers, generics
|
||||
from rest_framework.response import Response
|
||||
from rest_framework.views import APIView
|
||||
from rest_framework_bulk import BulkListSerializer, BulkSerializerMixin, ListBulkCreateUpdateDestroyAPIView
|
||||
|
||||
from common.mixins import BulkDeleteApiMixin
|
||||
from common.utils import get_object_or_none
|
||||
from .models import AssetGroup, Asset, IDC, AssetExtend
|
||||
from common.utils import get_object_or_none, signer
|
||||
from .hands import IsSuperUserOrTerminalUser, IsSuperUser
|
||||
from .models import AssetGroup, Asset, IDC, SystemUser
|
||||
from .serializers import AssetBulkUpdateSerializer
|
||||
|
||||
|
||||
class AssetGroupSerializer(serializers.ModelSerializer):
|
||||
class Meta:
|
||||
model = AssetGroup
|
||||
# exclude = [
|
||||
# 'password', 'first_name', 'last_name', 'secret_key_otp',
|
||||
# 'private_key', 'public_key', 'avatar',
|
||||
# ]
|
||||
|
||||
|
||||
class AssetSerializer(serializers.ModelSerializer):
|
||||
|
@ -56,22 +54,36 @@ class IDCViewSet(viewsets.ReadOnlyModelViewSet):
|
|||
"""
|
||||
queryset = IDC.objects.all()
|
||||
serializer_class = IDCSerializer
|
||||
permission_classes = (IsSuperUser,)
|
||||
|
||||
|
||||
class AssetListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView):
|
||||
queryset = Asset.objects.all()
|
||||
serializer_class = AssetBulkUpdateSerializer
|
||||
permission_classes = (IsSuperUser,)
|
||||
|
||||
|
||||
class AssetSystemUserAuthApi(APIView):
|
||||
class SystemUserAuthApi(APIView):
|
||||
permission_classes = (IsSuperUserOrTerminalUser,)
|
||||
|
||||
def get(self, request, *args, **kwargs):
|
||||
system_user_id = request.data.get('system_user_id', -1)
|
||||
system_user_username = request.data.get('system_user_username', '')
|
||||
system_user_id = request.query_params.get('system_user_id', -1)
|
||||
system_user_username = request.query_params.get('system_user_username', '')
|
||||
|
||||
system_user = get_object_or_none(Asset, id=system_user_id, username=system_user_username)
|
||||
system_user = get_object_or_none(SystemUser, id=system_user_id, username=system_user_username)
|
||||
|
||||
if system_user:
|
||||
password = system_user.password
|
||||
private_key = system_user.private_key
|
||||
password = signer.sign(system_user.password)
|
||||
private_key = signer.sign(system_user.private_key)
|
||||
|
||||
response = {
|
||||
'id': system_user.id,
|
||||
'password': password,
|
||||
'private_key': private_key,
|
||||
}
|
||||
|
||||
return Response(response)
|
||||
else:
|
||||
return Response({'msg': 'error system user id or username'}, status=401)
|
||||
|
||||
|
||||
|
|
|
@ -12,4 +12,5 @@
|
|||
|
||||
|
||||
from users.utils import AdminUserRequiredMixin
|
||||
from users.backends import IsSuperUserOrTerminalUser, IsSuperUser
|
||||
from users.models import User, UserGroup
|
||||
|
|
|
@ -179,7 +179,7 @@ class SystemUser(models.Model):
|
|||
|
||||
@property
|
||||
def password(self):
|
||||
return signer.sign(self._password)
|
||||
return signer.unsign(self._password)
|
||||
|
||||
@password.setter
|
||||
def password(self, password_raw):
|
||||
|
@ -187,19 +187,19 @@ class SystemUser(models.Model):
|
|||
|
||||
@property
|
||||
def private_key(self):
|
||||
return signer(self._private_key)
|
||||
return signer.unsign(self._private_key)
|
||||
|
||||
@private_key.setter
|
||||
def private_key(self, private_key_raw):
|
||||
self._private_key = signer(private_key_raw)
|
||||
self._private_key = signer.sign(private_key_raw)
|
||||
|
||||
@property
|
||||
def public_key(self):
|
||||
return signer(self._public_key)
|
||||
return signer.unsign(self._public_key)
|
||||
|
||||
@public_key.setter
|
||||
def public_key(self, public_key_raw):
|
||||
self._public_key = signer(public_key_raw)
|
||||
self._public_key = signer.sign(public_key_raw)
|
||||
|
||||
def get_assets_inherit_from_asset_groups(self):
|
||||
assets = set()
|
||||
|
|
|
@ -64,10 +64,10 @@ urlpatterns = [
|
|||
]
|
||||
|
||||
urlpatterns += [
|
||||
#json
|
||||
url(r'^v1/assets/$', api.AssetViewSet.as_view({'get':'list'}), name='assets-list-api'),
|
||||
url(r'^v1/assets_bulk/$', api.AssetListUpdateApi.as_view(), name='asset-bulk-update-api'),
|
||||
url(r'^v1/idc/$', api.IDCViewSet.as_view({'get':'list'}), name='idc-list-json'),
|
||||
url(r'^v1/system-user/auth/', api.SystemUserAuthApi.as_view(), name='system-user-auth'),
|
||||
]
|
||||
|
||||
|
||||
|
|
|
@ -44,7 +44,10 @@ class Signer(object):
|
|||
|
||||
def unsign(self, value):
|
||||
s = JSONWebSignatureSerializer(self.secret_key)
|
||||
return s.loads(value)
|
||||
try:
|
||||
return s.loads(value)
|
||||
except BadSignature:
|
||||
return None
|
||||
|
||||
def sign_t(self, value, expires_in=3600):
|
||||
s = TimedJSONWebSignatureSerializer(self.secret_key, expires_in=expires_in)
|
||||
|
@ -52,7 +55,10 @@ class Signer(object):
|
|||
|
||||
def unsign_t(self, value):
|
||||
s = TimedJSONWebSignatureSerializer(self.secret_key)
|
||||
return s.loads(value)
|
||||
try:
|
||||
return s.loads(value)
|
||||
except (BadSignature, SignatureExpired):
|
||||
return None
|
||||
|
||||
|
||||
def date_expired_default():
|
||||
|
|
|
@ -269,9 +269,9 @@ REST_FRAMEWORK = {
|
|||
'DEFAULT_AUTHENTICATION_CLASSES': (
|
||||
'users.backends.TerminalAuthentication',
|
||||
'users.backends.AccessTokenAuthentication',
|
||||
'rest_framework.authentication.TokenAuthentication',
|
||||
'rest_framework.authentication.BasicAuthentication',
|
||||
'rest_framework.authentication.SessionAuthentication',
|
||||
'rest_framework.authentication.TokenAuthentication',
|
||||
),
|
||||
}
|
||||
# This setting is required to override the Django's main loop, when running in
|
||||
|
|
|
@ -23,7 +23,7 @@ urlpatterns = [
|
|||
url(r'^captcha/', include('captcha.urls')),
|
||||
url(r'^$', TemplateView.as_view(template_name='base.html'), name='index'),
|
||||
url(r'^(api/)?users/', include('users.urls')),
|
||||
url(r'^assets/', include('assets.urls')),
|
||||
url(r'^(api/)?assets/', include('assets.urls')),
|
||||
url(r'^(api/)?perms/', include('perms.urls')),
|
||||
url(r'^(api/)?audits/', include('audits.urls')),
|
||||
url(r'^(api/)?terminal/', include('terminal.urls')),
|
||||
|
|
|
@ -36,7 +36,7 @@ urlpatterns = [
|
|||
|
||||
urlpatterns += [
|
||||
url(r'^v1/users/$', api.UserListUpdateApi.as_view(), name='user-bulk-update-api'),
|
||||
url(r'^v1/users/token$', api.UserTokenApi.as_view(), name='user-token-api'),
|
||||
url(r'^v1/users/token/$', api.UserTokenApi.as_view(), name='user-token-api'),
|
||||
url(r'^v1/users/(?P<pk>\d+)/$', api.UserDetailApi.as_view(), name='user-patch-api'),
|
||||
url(r'^v1/users/(?P<pk>\d+)/reset-password/$', api.UserResetPasswordApi.as_view(), name='user-reset-password-api'),
|
||||
url(r'^v1/users/(?P<pk>\d+)/reset-pk/$', api.UserResetPKApi.as_view(), name='user-reset-pk-api'),
|
||||
|
|
Loading…
Reference in New Issue