github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

[Update] 修改认证

pull/1007/head
ibuler 2018-01-30 16:12:33 +08:00
parent b4f833740e
commit 3e62a7f5b7
4 changed files with 48 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

152
apps/assets/forms.py
View File

@ -228,46 +228,29 @@ class ClusterForm(forms.ModelForm):
return instance return instance
class AdminUserForm(forms.ModelForm): class PasswordAndKeyAuthForm(forms.ModelForm):
# Form field name can not start with `_`, so redefine it, # Form field name can not start with `_`, so redefine it,
password = forms.CharField( password = forms.CharField(
widget=forms.PasswordInput, max_length=128, widget=forms.PasswordInput, max_length=128,
strip=True, required=False, strip=True, required=False,
help_text=_('Password or private key password'), help_text=_('Password or private key passphrase'),
label=_("Password"), label=_("Password"),
) )
# Need use upload private key file except paste private key content # Need use upload private key file except paste private key content
private_key_file = forms.FileField(required=False, label=_("Private key")) private_key_file = forms.FileField(required=False, label=_("Private key"))
def save(self, commit=True):
# Because we define custom field, so we need rewrite :method: `save`
admin_user = super().save(commit=commit)
password = self.cleaned_data['password']
private_key = self.cleaned_data['private_key_file']
public_key = None
if not password:
password = None
if private_key:
public_key = ssh_pubkey_gen(private_key, password=password)
admin_user.set_auth(password=password, public_key=public_key, private_key=private_key)
return admin_user
def clean_private_key_file(self): def clean_private_key_file(self):
private_key_file = self.cleaned_data['private_key_file'] private_key_file = self.cleaned_data['private_key_file']
password = self.cleaned_data['password'] password = self.cleaned_data['password']
if private_key_file: if private_key_file:
private_key = private_key_file.read() key_string = private_key_file.read()
if not validate_ssh_private_key(private_key, password): private_key_file.seek(0)
if not validate_ssh_private_key(key_string, password):
raise forms.ValidationError(_('Invalid private key')) raise forms.ValidationError(_('Invalid private key'))
return private_key
return private_key_file return private_key_file
def clean(self): def validate_password_key(self):
super().clean()
password = self.cleaned_data['password'] password = self.cleaned_data['password']
private_key_file = self.cleaned_data.get('private_key_file', '') private_key_file = self.cleaned_data.get('private_key_file', '')
@ -276,10 +259,34 @@ class AdminUserForm(forms.ModelForm):
'Password and private key file must be input one' 'Password and private key file must be input one'
)) ))
def gen_keys(self):
password = self.cleaned_data.get('password', '') or None
private_key_file = self.cleaned_data['private_key_file']
public_key = private_key = None
if private_key_file:
private_key = private_key_file.read().strip().decode('utf-8')
public_key = ssh_pubkey_gen(private_key=private_key, password=password)
return private_key, public_key
class AdminUserForm(PasswordAndKeyAuthForm):
def save(self, commit=True):
# Because we define custom field, so we need rewrite :method: `save`
admin_user = super().save(commit=commit)
password = self.cleaned_data.get('password', '') or None
private_key, public_key = super().gen_keys()
admin_user.set_auth(password=password, public_key=public_key, private_key=private_key)
return admin_user
def clean(self):
super().clean()
if not self.instance:
super().validate_password_key()
class Meta: class Meta:
model = AdminUser model = AdminUser
fields = ['name', 'username', 'password', fields = ['name', 'username', 'password', 'private_key_file', 'comment']
'private_key_file', 'comment']
widgets = { widgets = {
'name': forms.TextInput(attrs={'placeholder': _('Name')}), 'name': forms.TextInput(attrs={'placeholder': _('Name')}),
'username': forms.TextInput(attrs={'placeholder': _('Username')}), 'username': forms.TextInput(attrs={'placeholder': _('Username')}),
@ -290,54 +297,35 @@ class AdminUserForm(forms.ModelForm):
} }
class SystemUserForm(forms.ModelForm): class SystemUserForm(PasswordAndKeyAuthForm):
# Admin user assets define, let user select, save it in form not in view # Admin user assets define, let user select, save it in form not in view
auto_generate_key = forms.BooleanField(initial=True, required=False) auto_generate_key = forms.BooleanField(initial=True, required=False)
# Need use upload private key file except paste private key content
private_key_file = forms.FileField(required=False, label=_("Private key"))
# Form field name can not start with `_`, so redefine it,
password = forms.CharField(widget=forms.PasswordInput, required=False,
max_length=128, strip=True, label=_("Password"))
def save(self, commit=True): def save(self, commit=True):
# Because we define custom field, so we need rewrite :method: `save` # Because we define custom field, so we need rewrite :method: `save`
system_user = super().save() system_user = super().save()
password = self.cleaned_data.get('password', None) password = self.cleaned_data.get('password', '') or None
private_key_file = self.cleaned_data.get('private_key_file') auto_generate_key = self.cleaned_data.get('auto_generate_key', False)
auto_generate_key = self.cleaned_data.get('auto_generate_key') private_key, public_key = super().gen_keys()
private_key = None
public_key = None
if auto_generate_key: if not self.instance and auto_generate_key:
logger.info('Auto set system user auth') logger.info('Auto generate key and set system user auth')
system_user.auto_gen_auth() system_user.auto_gen_auth()
else: else:
if private_key_file:
private_key = private_key_file.read().strip().decode('utf-8')
public_key = ssh_pubkey_gen(private_key=private_key)
system_user.set_auth(password=password, private_key=private_key, public_key=public_key) system_user.set_auth(password=password, private_key=private_key, public_key=public_key)
return system_user return system_user
def clean_private_key_file(self): def clean(self):
if self.cleaned_data.get('private_key_file'): super().clean()
key_string = self.cleaned_data['private_key_file'].read() auto_generate = self.cleaned_data.get('auto_generate_key')
self.cleaned_data['private_key_file'].seek(0) if not self.instance and not auto_generate:
if not validate_ssh_private_key(key_string): super().validate_password_key()
raise forms.ValidationError(_('Invalid private key'))
return self.cleaned_data['private_key_file']
def clean_password(self):
if not self.cleaned_data.get('password') and \
not self.cleaned_data.get('private_key_file') and \
not self.cleaned_data.get('auto_generate_key'):
raise forms.ValidationError(_('Auth info required, private_key or password'))
return self.cleaned_data['password']
class Meta: class Meta:
model = SystemUser model = SystemUser
fields = [ fields = [
'name', 'username', 'protocol', 'auto_generate_key', 'name', 'username', 'protocol', 'auto_generate_key',
'private_key_file', 'password', 'auto_push', 'sudo', 'password', 'private_key_file', 'auto_push', 'sudo',
'comment', 'shell', 'cluster', 'priority', 'comment', 'shell', 'cluster', 'priority',
] ]
widgets = { widgets = {
@ -359,58 +347,6 @@ class SystemUserForm(forms.ModelForm):
} }
class SystemUserUpdateForm(SystemUserForm):
def save(self, commit=True):
# Because we define custom field, so we need rewrite :method: `save`
password = self.cleaned_data.get('password', None)
private_key_file = self.cleaned_data.get('private_key_file')
system_user = super(forms.ModelForm, self).save()
if private_key_file:
private_key = private_key_file.read().strip().decode('utf-8')
public_key = ssh_pubkey_gen(private_key=private_key)
else:
private_key = public_key = None
system_user.set_auth(password=password, private_key=private_key, public_key=public_key)
return system_user
def clean_password(self):
return self.cleaned_data['password']
class SystemUserAuthForm(forms.Form):
password = forms.CharField(widget=forms.PasswordInput, required=False, max_length=128, strip=True)
private_key_file = forms.FileField(required=False)
def clean_private_key_file(self):
if self.cleaned_data.get('private_key_file'):
key_string = self.cleaned_data['private_key_file'].read()
self.cleaned_data['private_key_file'].seek(0)
if not validate_ssh_private_key(key_string):
raise forms.ValidationError(_('Invalid private key'))
return self.cleaned_data['private_key_file']
def clean_password(self):
if not self.cleaned_data.get('password') and \
not self.cleaned_data.get('private_key_file'):
msg = _('Auth info required, private_key or password')
raise forms.ValidationError(msg)
return self.cleaned_data['password']
def update(self, system_user):
password = self.cleaned_data.get('password')
private_key_file = self.cleaned_data.get('private_key_file')
if private_key_file:
private_key = private_key_file.read().strip()
public_key = ssh_pubkey_gen(private_key=private_key)
else:
private_key = None
public_key = None
system_user.set_auth(password=password, private_key=private_key, public_key=public_key)
return system_user
class FileForm(forms.Form): class FileForm(forms.Form):
file = forms.FileField() file = forms.FileField()

2
apps/assets/templates/assets/_system_user.html
View File

@ -52,8 +52,8 @@
</div> </div>
</div> </div>
<div class="auth-fields"> <div class="auth-fields">
{% bootstrap_field form.private_key_file layout="horizontal" %}
{% bootstrap_field form.password layout="horizontal" %} {% bootstrap_field form.password layout="horizontal" %}
{% bootstrap_field form.private_key_file layout="horizontal" %}
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="{{ form.as_push.id_for_label }}" class="col-sm-2 control-label">{% trans 'Auto push' %}</label> <label for="{{ form.as_push.id_for_label }}" class="col-sm-2 control-label">{% trans 'Auto push' %}</label>

2
apps/assets/templates/assets/system_user_update.html
View File

@ -5,8 +5,8 @@
{% block auth %} {% block auth %}
<h3>{% trans 'Auth' %}</h3> <h3>{% trans 'Auth' %}</h3>
{% bootstrap_field form.private_key_file layout="horizontal" %}
{% bootstrap_field form.password layout="horizontal" %} {% bootstrap_field form.password layout="horizontal" %}
{% bootstrap_field form.private_key_file layout="horizontal" %}
<div class="form-group"> <div class="form-group">
<label for="{{ form.as_push.id_for_label }}" class="col-sm-2 control-label">{% trans 'Auto push' %}</label> <label for="{{ form.as_push.id_for_label }}" class="col-sm-2 control-label">{% trans 'Auto push' %}</label>
<div class="col-sm-8"> <div class="col-sm-8">

4
apps/assets/views/system_user.py
View File

@ -8,7 +8,7 @@ from django.contrib.messages.views import SuccessMessageMixin
from django.views.generic.detail import DetailView from django.views.generic.detail import DetailView
from common.const import create_success_msg, update_success_msg from common.const import create_success_msg, update_success_msg
from ..forms import SystemUserForm, SystemUserUpdateForm from ..forms import SystemUserForm
from ..models import SystemUser, Cluster from ..models import SystemUser, Cluster
from ..hands import AdminUserRequiredMixin from ..hands import AdminUserRequiredMixin
@ -50,7 +50,7 @@ class SystemUserCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateVi
class SystemUserUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateView): class SystemUserUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateView):
model = SystemUser model = SystemUser
form_class = SystemUserUpdateForm form_class = SystemUserForm
template_name = 'assets/system_user_update.html' template_name = 'assets/system_user_update.html'
success_url = reverse_lazy('assets:system-user-list') success_url = reverse_lazy('assets:system-user-list')
success_message = update_success_msg success_message = update_success_msg