Merge pull request #7103 from jumpserver/dev

v2.15.0

apps/acls/models/login_acl.py

@@ -1,11 +1,10 @@
 from django.db import models
-from django.db.models import Q
-from django.utils import timezone
 from django.utils.translation import ugettext_lazy as _
 from .base import BaseACL, BaseACLQuerySet
 from common.utils import get_request_ip, get_ip_city
 from common.utils.ip import contains_ip
 from common.utils.time_period import contains_time_period
+from common.utils.timezone import local_now_display
 
 
 class ACLManager(models.Manager):
@@ -59,7 +58,9 @@ class LoginACL(BaseACL):
 
     @staticmethod
     def allow_user_confirm_if_need(user, ip):
-        acl = LoginACL.filter_acl(user).filter(action=LoginACL.ActionChoices.confirm).first()
+        acl = LoginACL.filter_acl(user).filter(
+            action=LoginACL.ActionChoices.confirm
+        ).first()
         acl = acl if acl and acl.reviewers.exists() else None
         if not acl:
             return False, acl
@@ -71,7 +72,9 @@ class LoginACL(BaseACL):
 
     @staticmethod
     def allow_user_to_login(user, ip):
-        acl = LoginACL.filter_acl(user).exclude(action=LoginACL.ActionChoices.confirm).first()
+        acl = LoginACL.filter_acl(user).exclude(
+            action=LoginACL.ActionChoices.confirm
+        ).first()
         if not acl:
             return True, ''
         ip_group = acl.rules.get('ip_group')
@@ -99,7 +102,7 @@ class LoginACL(BaseACL):
         login_ip = get_request_ip(request) if request else ''
         login_ip = login_ip or '0.0.0.0'
         login_city = get_ip_city(login_ip)
-        login_datetime = timezone.now().strftime('%Y-%m-%d %H:%M:%S')
+        login_datetime = local_now_display()
         ticket_meta = {
             'apply_login_ip': login_ip,
             'apply_login_city': login_city,

apps/acls/serializers/login_acl.py

@@ -11,7 +11,7 @@ common_help_text = _('Format for comma-delimited string, with * indicating a mat
 
 
 class LoginACLSerializer(BulkModelSerializer):
-    user_display = serializers.ReadOnlyField(source='user.name', label=_('Username'))
+    user_display = serializers.ReadOnlyField(source='user.username', label=_('Username'))
     reviewers_display = serializers.SerializerMethodField(label=_('Reviewers'))
     action_display = serializers.ReadOnlyField(source='get_action_display', label=_('Action'))
     reviewers_amount = serializers.IntegerField(read_only=True, source='reviewers.count')

apps/assets/signals_handler/authbook.py

@@ -37,8 +37,10 @@ def on_authbook_post_delete(sender, instance, **kwargs):
 def on_authbook_post_create(sender, instance, created, **kwargs):
     instance.sync_to_system_user_account()
     if created:
+        pass
+        # # 不再自动更新资产管理用户，只允许用户手动指定。
         # 只在创建时进行更新资产的管理用户
-        instance.update_asset_admin_user_if_need()
+        # instance.update_asset_admin_user_if_need()
 
 
 @receiver(pre_save, sender=AuthBook)

apps/assets/tasks/common.py

@@ -23,5 +23,6 @@ def add_nodes_assets_to_system_users(nodes_keys, system_users):
             instance, created = AuthBook.objects.update_or_create(
                 defaults=defaults, asset=asset, systemuser=system_user
             )
+            # # 不再自动更新资产管理用户，只允许用户手动指定。
             # 只要关联都需要更新资产的管理用户
-            instance.update_asset_admin_user_if_need()
+            # instance.update_asset_admin_user_if_need()

apps/authentication/templates/authentication/login_wait_confirm.html

@@ -159,7 +159,9 @@ $(document).ready(function () {
 }).on('click', '.btn-return', function () {
     cancelTicket();
     cancelCloseConfirm();
+    setTimeout(() => {
         window.location = "{% url 'authentication:login' %}"
+    }, 1000);
 })
 
 </script>

apps/common/sdk/im/dingtalk/__init__.py

@@ -38,6 +38,7 @@ class URL:
 
 class DingTalkRequests(BaseRequest):
     invalid_token_errcodes = (ErrorCode.INVALID_TOKEN,)
+    msg_key = 'errmsg'
 
     def __init__(self, appid, appsecret, agentid, timeout=None):
         self._appid = appid or ''

apps/locale/zh/LC_MESSAGES/django.mo

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:cc8a022ddc7438e50aa0cdb4ce24eec327638143731dbe0ed0ad783df06ecbaf
+oid sha256:bdad14124356449843ef2e77801fd1add5147862488baa2f24f5f14f1ad8f125
-size 89882
+size 90869

apps/locale/zh/LC_MESSAGES/django.po

@@ -98,7 +98,7 @@ msgstr "用户"
 
 #: acls/models/login_acl.py:29
 msgid "Rule"
-msgstr ""
+msgstr "规则"
 
 #: acls/models/login_acl.py:32 acls/models/login_asset_acl.py:26
 #: acls/serializers/login_acl.py:16 acls/serializers/login_asset_acl.py:75
@@ -240,7 +240,7 @@ msgstr ""
 
 #: acls/serializers/rules/rules.py:34
 msgid "Time Period"
-msgstr ""
+msgstr "时段"
 
 #: applications/api/mixin.py:20 templates/_nav_user.html:10
 msgid "My applications"
@@ -927,7 +927,7 @@ msgstr "Ad 网域"
 
 #: assets/serializers/system_user.py:60
 msgid "Is asset protocol"
-msgstr ""
+msgstr "资产协议"
 
 #: assets/serializers/system_user.py:100
 msgid "Username same with user with protocol {} only allow 1"
@@ -2427,7 +2427,7 @@ msgstr "监控告警"
 
 #: ops/notifications.py:22
 msgid "Terminal health check warning"
-msgstr ""
+msgstr "终端健康状况检查警告"
 
 #: ops/notifications.py:63
 #, python-brace-format
@@ -4392,7 +4392,7 @@ msgstr "忽略证书认证"
 
 #: terminal/serializers/terminal.py:44
 msgid "Load status"
-msgstr ""
+msgstr "负载状态"
 
 #: terminal/serializers/terminal.py:83 terminal/serializers/terminal.py:91
 msgid "Not found"

apps/settings/serializers/other.py

@@ -9,7 +9,7 @@ class OtherSettingSerializer(serializers.Serializer):
     )
 
     OTP_ISSUER_NAME = serializers.CharField(
-        required=False, max_length=1024, label=_('OTP issuer name'),
+        required=False, max_length=16, label=_('OTP issuer name'),
     )
     OTP_VALID_WINDOW = serializers.IntegerField(
         min_value=1, max_value=10,

apps/settings/utils/ldap.py

@@ -184,7 +184,7 @@ class LDAPServerUtil(object):
             if attr == 'is_active' and mapping.lower() == 'useraccountcontrol' \
                     and value:
                 value = int(value) & LDAP_AD_ACCOUNT_DISABLE != LDAP_AD_ACCOUNT_DISABLE
-            user[attr] = value
+            user[attr] = value.strip() if isinstance(value, str) else value
         return user
 
     def user_entries_to_dict(self, user_entries):

apps/templates/flash_message_standalone.html

@@ -31,7 +31,7 @@
                     {% if confirm_button %}
                         {{ confirm_button }}
                     {% else %}
-                        {% trans 'Go' %}
+                        {% trans 'Confirm' %}
                     {% endif %}
                 </a>
             </div>

apps/tickets/api/ticket.py

@@ -30,7 +30,7 @@ class TicketViewSet(CommonApiMixin, viewsets.ModelViewSet):
         'title', 'action', 'type', 'status', 'applicant_display'
     ]
     ordering_fields = ('title', 'applicant_display', 'status', 'state', 'action_display', 'date_created')
-    ordering = ('title', )
+    ordering = ('-date_created', )
 
     def create(self, request, *args, **kwargs):
         raise MethodNotAllowed(self.action)

apps/tickets/serializers/ticket/meta/ticket_type/apply_application.py

@@ -80,12 +80,11 @@ class ApplySerializer(serializers.Serializer):
             applications = Application.objects.filter(id__in=apply_applications, type=type).values_list('id', flat=True)
         return list(applications)
 
-    def validate_apply_date_expired(self, value):
+    def validate(self, attrs):
-        date_start = self.root.initial_data['meta'].get('apply_date_start')
+        apply_date_start = attrs['apply_date_start']
-        date_start = datetime.strptime(date_start, '%Y-%m-%dT%H:%M:%S.%fZ')
+        apply_date_expired = attrs['apply_date_expired']
-        date_expired = self.root.initial_data['meta'].get('apply_date_expired')
+
-        date_expired = datetime.strptime(date_expired, '%Y-%m-%dT%H:%M:%S.%fZ')
+        if apply_date_expired <= apply_date_start:
-        if date_expired <= date_start:
             error = _('The expiration date should be greater than the start date')
-            raise serializers.ValidationError(error)
+            raise serializers.ValidationError({'apply_date_expired': error})
-        return value
+        return attrs

apps/tickets/serializers/ticket/meta/ticket_type/apply_asset.py

@@ -63,12 +63,11 @@ class ApplySerializer(serializers.Serializer):
             'Permission named `{}` already exists'.format(permission_name)
         ))
 
-    def validate_apply_date_expired(self, value):
+    def validate(self, attrs):
-        date_start = self.root.initial_data['meta'].get('apply_date_start')
+        apply_date_start = attrs['apply_date_start']
-        date_start = datetime.strptime(date_start, '%Y-%m-%dT%H:%M:%S.%fZ')
+        apply_date_expired = attrs['apply_date_expired']
-        date_expired = self.root.initial_data['meta'].get('apply_date_expired')
+
-        date_expired = datetime.strptime(date_expired, '%Y-%m-%dT%H:%M:%S.%fZ')
+        if apply_date_expired <= apply_date_start:
-        if date_expired <= date_start:
             error = _('The expiration date should be greater than the start date')
-            raise serializers.ValidationError(error)
+            raise serializers.ValidationError({'apply_date_expired': error})
-        return value
+        return attrs

apps/tickets/serializers/ticket/ticket.py

@@ -160,7 +160,7 @@ class TicketFlowApproveSerializer(serializers.ModelSerializer):
     def validate(self, attrs):
         if attrs['strategy'] == TicketApprovalStrategy.custom_user and not attrs.get('assignees'):
             error = _('Please select the Assignees')
-            raise serializers.ValidationError(error)
+            raise serializers.ValidationError({'assignees': error})
         return super().validate(attrs)
 
 

apps/users/serializers/user.py

@@ -70,6 +70,7 @@ class UserSerializer(CommonBulkSerializerMixin, serializers.ModelSerializer):
 
         read_only_fields = [
             'date_joined', 'last_login', 'created_by', 'is_first_login',
+            'wecom_id', 'dingtalk_id', 'feishu_id'
         ]
         extra_kwargs = {
             'password': {'write_only': True, 'required': False, 'allow_null': True, 'allow_blank': True},