github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perf: 优化 匿名账号

pull/10829/head
ibuler 2023-06-27 15:22:18 +08:00
parent a22f36a06a
commit 4737e2cf4a
2 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
apps/authentication/api/connection_token.py
View File

@ -10,10 +10,11 @@ from django.utils import timezone
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from rest_framework import status from rest_framework import status
from rest_framework.decorators import action from rest_framework.decorators import action
from rest_framework.exceptions import PermissionDenied from rest_framework.exceptions import PermissionDenied, ValidationError
from rest_framework.request import Request from rest_framework.request import Request
from rest_framework.response import Response from rest_framework.response import Response
from accounts.const import AliasAccount
from common.api import JMSModelViewSet from common.api import JMSModelViewSet
from common.exceptions import JMSException from common.exceptions import JMSException
from common.utils import random_string, get_logger, get_request_ip from common.utils import random_string, get_logger, get_request_ip
@ -282,13 +283,17 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
data['org_id'] = asset.org_id data['org_id'] = asset.org_id
data['user'] = user data['user'] = user
data['value'] = random_string(16) data['value'] = random_string(16)
if account_name == AliasAccount.ANON and asset.category not in ['web', 'custom']:
raise ValidationError(_('Anonymous account is not supported for this asset'))
account = self._validate_perm(user, asset, account_name) account = self._validate_perm(user, asset, account_name)
if account.has_secret: if account.has_secret:
data['input_secret'] = '' data['input_secret'] = ''
if account.username != '@INPUT': if account.username != AliasAccount.INPUT:
data['input_username'] = '' data['input_username'] = ''
if account.username == '@USER': elif account.username == AliasAccount.USER:
data['input_username'] = user.username data['input_username'] = user.username
ticket = self._validate_acl(user, asset, account) ticket = self._validate_acl(user, asset, account)

14
apps/authentication/models/connection_token.py
View File

@ -210,16 +210,18 @@ class ConnectionToken(JMSOrgBaseModel):
if not self.asset: if not self.asset:
return None return None
if self.account == AliasAccount.ANON and self.asset.category not in ['web', 'custom']:
raise JMSException({'error': 'Anonymous account is not supported in {}'.format(self.asset.category)})
if self.account.startswith('@'): if self.account.startswith('@'):
account = Account.get_special_account(self.account) account = Account.get_special_account(self.account)
account.asset = self.asset
account.org_id = self.asset.org_id
if self.account == AliasAccount.INPUT:
account.username = self.input_username
account.secret = self.input_secret
else: else:
account = self.asset.accounts.filter(name=self.account).first() account = self.asset.accounts.filter(name=self.account).first()
if not account.secret and self.input_secret:
account.asset = self.asset account.secret = self.input_secret
account.secret = account.secret or self.input_secret
return account return account
@lazyproperty @lazyproperty