github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

Add token

pull/530/head
ibuler 2016-11-01 19:31:35 +08:00
parent 1159d9494c
commit 34a0a37b63
8 changed files with 42 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
apps/assets/api.py
View File

@ -2,22 +2,20 @@
from rest_framework import serializers from rest_framework import serializers
from rest_framework import viewsets, serializers, generics from rest_framework import viewsets, serializers, generics
from rest_framework.response import Response
from rest_framework.views import APIView from rest_framework.views import APIView
from rest_framework_bulk import BulkListSerializer, BulkSerializerMixin, ListBulkCreateUpdateDestroyAPIView from rest_framework_bulk import BulkListSerializer, BulkSerializerMixin, ListBulkCreateUpdateDestroyAPIView
from common.mixins import BulkDeleteApiMixin from common.mixins import BulkDeleteApiMixin
from common.utils import get_object_or_none from common.utils import get_object_or_none, signer
from .models import AssetGroup, Asset, IDC, AssetExtend from .hands import IsSuperUserOrTerminalUser, IsSuperUser
from .models import AssetGroup, Asset, IDC, SystemUser
from .serializers import AssetBulkUpdateSerializer from .serializers import AssetBulkUpdateSerializer
class AssetGroupSerializer(serializers.ModelSerializer): class AssetGroupSerializer(serializers.ModelSerializer):
class Meta: class Meta:
model = AssetGroup model = AssetGroup
# exclude = [
# 'password', 'first_name', 'last_name', 'secret_key_otp',
# 'private_key', 'public_key', 'avatar',
# ]
class AssetSerializer(serializers.ModelSerializer): class AssetSerializer(serializers.ModelSerializer):
@ -56,22 +54,36 @@ class IDCViewSet(viewsets.ReadOnlyModelViewSet):
""" """
queryset = IDC.objects.all() queryset = IDC.objects.all()
serializer_class = IDCSerializer serializer_class = IDCSerializer
permission_classes = (IsSuperUser,)
class AssetListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView): class AssetListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView):
queryset = Asset.objects.all() queryset = Asset.objects.all()
serializer_class = AssetBulkUpdateSerializer serializer_class = AssetBulkUpdateSerializer
permission_classes = (IsSuperUser,)
class AssetSystemUserAuthApi(APIView): class SystemUserAuthApi(APIView):
permission_classes = (IsSuperUserOrTerminalUser,)
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
system_user_id = request.data.get('system_user_id', -1) system_user_id = request.query_params.get('system_user_id', -1)
system_user_username = request.data.get('system_user_username', '') system_user_username = request.query_params.get('system_user_username', '')
system_user = get_object_or_none(Asset, id=system_user_id, username=system_user_username) system_user = get_object_or_none(SystemUser, id=system_user_id, username=system_user_username)
if system_user: if system_user:
password = system_user.password password = signer.sign(system_user.password)
private_key = system_user.private_key private_key = signer.sign(system_user.private_key)
response = {
'id': system_user.id,
'password': password,
'private_key': private_key,
}
return Response(response)
else:
return Response({'msg': 'error system user id or username'}, status=401)

1
apps/assets/hands.py
View File

@ -12,4 +12,5 @@
from users.utils import AdminUserRequiredMixin from users.utils import AdminUserRequiredMixin
from users.backends import IsSuperUserOrTerminalUser, IsSuperUser
from users.models import User, UserGroup from users.models import User, UserGroup

10
apps/assets/models.py
View File

@ -179,7 +179,7 @@ class SystemUser(models.Model):
@property @property
def password(self): def password(self):
return signer.sign(self._password) return signer.unsign(self._password)
@password.setter @password.setter
def password(self, password_raw): def password(self, password_raw):
@ -187,19 +187,19 @@ class SystemUser(models.Model):
@property @property
def private_key(self): def private_key(self):
return signer(self._private_key) return signer.unsign(self._private_key)
@private_key.setter @private_key.setter
def private_key(self, private_key_raw): def private_key(self, private_key_raw):
self._private_key = signer(private_key_raw) self._private_key = signer.sign(private_key_raw)
@property @property
def public_key(self): def public_key(self):
return signer(self._public_key) return signer.unsign(self._public_key)
@public_key.setter @public_key.setter
def public_key(self, public_key_raw): def public_key(self, public_key_raw):
self._public_key = signer(public_key_raw) self._public_key = signer.sign(public_key_raw)
def get_assets_inherit_from_asset_groups(self): def get_assets_inherit_from_asset_groups(self):
assets = set() assets = set()

2
apps/assets/urls.py
View File

@ -64,10 +64,10 @@ urlpatterns = [
] ]
urlpatterns += [ urlpatterns += [
#json
url(r'^v1/assets/$', api.AssetViewSet.as_view({'get':'list'}), name='assets-list-api'), url(r'^v1/assets/$', api.AssetViewSet.as_view({'get':'list'}), name='assets-list-api'),
url(r'^v1/assets_bulk/$', api.AssetListUpdateApi.as_view(), name='asset-bulk-update-api'), url(r'^v1/assets_bulk/$', api.AssetListUpdateApi.as_view(), name='asset-bulk-update-api'),
url(r'^v1/idc/$', api.IDCViewSet.as_view({'get':'list'}), name='idc-list-json'), url(r'^v1/idc/$', api.IDCViewSet.as_view({'get':'list'}), name='idc-list-json'),
url(r'^v1/system-user/auth/', api.SystemUserAuthApi.as_view(), name='system-user-auth'),
] ]

10
apps/common/utils.py
View File

@ -44,7 +44,10 @@ class Signer(object):
def unsign(self, value): def unsign(self, value):
s = JSONWebSignatureSerializer(self.secret_key) s = JSONWebSignatureSerializer(self.secret_key)
return s.loads(value) try:
return s.loads(value)
except BadSignature:
return None
def sign_t(self, value, expires_in=3600): def sign_t(self, value, expires_in=3600):
s = TimedJSONWebSignatureSerializer(self.secret_key, expires_in=expires_in) s = TimedJSONWebSignatureSerializer(self.secret_key, expires_in=expires_in)
@ -52,7 +55,10 @@ class Signer(object):
def unsign_t(self, value): def unsign_t(self, value):
s = TimedJSONWebSignatureSerializer(self.secret_key) s = TimedJSONWebSignatureSerializer(self.secret_key)
return s.loads(value) try:
return s.loads(value)
except (BadSignature, SignatureExpired):
return None
def date_expired_default(): def date_expired_default():

2
apps/jumpserver/settings.py
View File

@ -269,9 +269,9 @@ REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': ( 'DEFAULT_AUTHENTICATION_CLASSES': (
'users.backends.TerminalAuthentication', 'users.backends.TerminalAuthentication',
'users.backends.AccessTokenAuthentication', 'users.backends.AccessTokenAuthentication',
'rest_framework.authentication.TokenAuthentication',
'rest_framework.authentication.BasicAuthentication', 'rest_framework.authentication.BasicAuthentication',
'rest_framework.authentication.SessionAuthentication', 'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.TokenAuthentication',
), ),
} }
# This setting is required to override the Django's main loop, when running in # This setting is required to override the Django's main loop, when running in

2
apps/jumpserver/urls.py
View File

@ -23,7 +23,7 @@ urlpatterns = [
url(r'^captcha/', include('captcha.urls')), url(r'^captcha/', include('captcha.urls')),
url(r'^$', TemplateView.as_view(template_name='base.html'), name='index'), url(r'^$', TemplateView.as_view(template_name='base.html'), name='index'),
url(r'^(api/)?users/', include('users.urls')), url(r'^(api/)?users/', include('users.urls')),
url(r'^assets/', include('assets.urls')), url(r'^(api/)?assets/', include('assets.urls')),
url(r'^(api/)?perms/', include('perms.urls')), url(r'^(api/)?perms/', include('perms.urls')),
url(r'^(api/)?audits/', include('audits.urls')), url(r'^(api/)?audits/', include('audits.urls')),
url(r'^(api/)?terminal/', include('terminal.urls')), url(r'^(api/)?terminal/', include('terminal.urls')),

2
apps/users/urls.py
View File

@ -36,7 +36,7 @@ urlpatterns = [
urlpatterns += [ urlpatterns += [
url(r'^v1/users/$', api.UserListUpdateApi.as_view(), name='user-bulk-update-api'), url(r'^v1/users/$', api.UserListUpdateApi.as_view(), name='user-bulk-update-api'),
url(r'^v1/users/token$', api.UserTokenApi.as_view(), name='user-token-api'), url(r'^v1/users/token/$', api.UserTokenApi.as_view(), name='user-token-api'),
url(r'^v1/users/(?P<pk>\d+)/$', api.UserDetailApi.as_view(), name='user-patch-api'), url(r'^v1/users/(?P<pk>\d+)/$', api.UserDetailApi.as_view(), name='user-patch-api'),
url(r'^v1/users/(?P<pk>\d+)/reset-password/$', api.UserResetPasswordApi.as_view(), name='user-reset-password-api'), url(r'^v1/users/(?P<pk>\d+)/reset-password/$', api.UserResetPasswordApi.as_view(), name='user-reset-password-api'),
url(r'^v1/users/(?P<pk>\d+)/reset-pk/$', api.UserResetPKApi.as_view(), name='user-reset-pk-api'), url(r'^v1/users/(?P<pk>\d+)/reset-pk/$', api.UserResetPKApi.as_view(), name='user-reset-pk-api'),