[Update] 统一coco host key (#2336)

6 years ago · 50c1b3ed4a
8 changed files with 31 additions and 11 deletions
--- a/apps/common/signals_handler.py
+++ b/apps/common/signals_handler.py
@ -1,5 +1,7 @@
 # -*- coding: utf-8 -*-
 #
+import json
+
 from django.dispatch import receiver
 from django.db.models.signals import post_save, pre_save
 from django.conf import LazySettings, empty
@ -8,7 +10,7 @@ from django.core.cache import cache

 from jumpserver.utils import current_request
 from .models import Setting
-from .utils import get_logger
+from .utils import get_logger, ssh_key_gen
 from .signals import django_ready

 logger = get_logger(__file__)
@ -62,6 +64,15 @@ def refresh_all_settings_on_django_ready(sender, **kwargs):
        pass


+@receiver(django_ready)
+def auto_generate_terminal_host_key(sender, **kwargs):
+    if Setting.objects.filter(name='TERMINAL_HOST_KEY').exists():
+        return
+    private_key, public_key = ssh_key_gen()
+    value = json.dumps(private_key)
+    Setting.objects.create(name='TERMINAL_HOST_KEY', value=value)
+
+
@receiver(pre_save, dispatch_uid="my_unique_identifier")
 def on_create_set_created_by(sender, instance=None, **kwargs):
    if getattr(instance, '_ignore_auto_created_by', False) is True:
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@ -321,6 +321,7 @@ defaults = {
    'TERMINAL_ASSET_LIST_SORT_BY': 'hostname',
    'TERMINAL_ASSET_LIST_PAGE_SIZE': 'auto',
    'TERMINAL_SESSION_KEEP_DURATION': 9999,
+    'TERMINAL_HOST_KEY': '',
    'SECURITY_MFA_AUTH': False,
    'SECURITY_LOGIN_LIMIT_COUNT': 7,
    'SECURITY_LOGIN_LIMIT_TIME': 30,
--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@ -504,6 +504,7 @@ TERMINAL_HEARTBEAT_INTERVAL = CONFIG.TERMINAL_HEARTBEAT_INTERVAL
 TERMINAL_ASSET_LIST_SORT_BY = CONFIG.TERMINAL_ASSET_LIST_SORT_BY
 TERMINAL_ASSET_LIST_PAGE_SIZE = CONFIG.TERMINAL_ASSET_LIST_PAGE_SIZE
 TERMINAL_SESSION_KEEP_DURATION = CONFIG.TERMINAL_SESSION_KEEP_DURATION
+TERMINAL_HOST_KEY = CONFIG.TERMINAL_HOST_KEY

 # Django bootstrap3 setting, more see http://django-bootstrap3.readthedocs.io/en/latest/settings.html
 BOOTSTRAP3 = {
--- a/apps/locale/zh/LC_MESSAGES/django.mo
+++ b/apps/locale/zh/LC_MESSAGES/django.mo
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
@ -2989,7 +2989,7 @@ msgstr "一个月内历史汇总"

 #: templates/index.html:277 templates/index.html:301
 msgid "Login count"
-msgstr "登陆次数"
+msgstr "登录次数"

 #: templates/index.html:277 templates/index.html:308
 msgid "Active users"
@ -3009,7 +3009,7 @@ msgstr "禁用用户"

 #: templates/index.html:342 templates/index.html:394
 msgid "Month not logged in user"
-msgstr "月未登陆用户"
+msgstr "月未登录用户"

 #: templates/index.html:368 templates/index.html:444
 msgid "Access to the source"
@ -3017,7 +3017,7 @@ msgstr "访问来源"

 #: templates/index.html:418 templates/index.html:468
 msgid "Month is logged into the host"
-msgstr "月被登陆主机"
+msgstr "月被登录主机"

 #: templates/index.html:418 templates/index.html:469
 msgid "Disable host"
@ -3025,7 +3025,7 @@ msgstr "禁用主机"

 #: templates/index.html:418 templates/index.html:470
 msgid "Month not logged on host"
-msgstr "月未登陆主机"
+msgstr "月未登录主机"

 #: templates/rest_framework/base.html:128
 msgid "Filters"
@ -3583,7 +3583,7 @@ msgstr "更新ssh密钥"
 #: users/templates/users/first_login.html:19
 #: users/templates/users/first_login_done.html:19
 msgid "First Login"
-msgstr "首次登陆"
+msgstr "首次登录"

 #: users/templates/users/first_login.html:72
 msgid "I agree with the terms and conditions."
@ -4326,7 +4326,7 @@ msgstr "* 您的密码不符合要求"

 #: users/views/login.py:349
 msgid "First login"
-msgstr "首次登陆"
+msgstr "首次登录"

 #: users/views/user.py:145
 msgid "Bulk update user success"
--- a/apps/terminal/models.py
+++ b/apps/terminal/models.py
@ -61,8 +61,9 @@ class Terminal(models.Model):
    def config(self):
        configs = {}
        for k in dir(settings):
-            if k.startswith('TERMINAL'):
-                configs[k] = getattr(settings, k)
+            if not k.startswith('TERMINAL'):
+                continue
+            configs[k] = getattr(settings, k)
        configs.update(self.get_common_storage())
        configs.update(self.get_replay_storage())
        configs.update({
--- a/apps/users/api/user.py
+++ b/apps/users/api/user.py
@ -19,6 +19,7 @@ from orgs.utils import current_org
 from ..serializers import UserSerializer, UserPKUpdateSerializer, \
    UserUpdateGroupSerializer, ChangeUserPasswordSerializer
 from ..models import User
+from ..signals import post_user_create


 logger = get_logger(__name__)
@ -37,6 +38,10 @@ class UserViewSet(IDInFilterMixin, BulkModelViewSet):
    permission_classes = (IsOrgAdmin,)
    pagination_class = LimitOffsetPagination

+    def perform_create(self, serializer):
+        user = serializer.save()
+        post_user_create.send(self.__class__, user=user)
+
    def get_queryset(self):
        queryset = current_org.get_org_users()
        return queryset
--- a/config_example.yml
+++ b/config_example.yml
@ -1,5 +1,6 @@
 # SECURITY WARNING: keep the secret key used in production secret!
-# 加密秘钥 生产环境中请修改为随机字符串，请勿外泄
+# 加密秘钥 生产环境中请修改为随机字符串，请勿外泄, 可使用命令生成 
+# $ cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo
 SECRET_KEY:

 # SECURITY WARNING: keep the bootstrap token used in production secret!
@ -64,4 +65,4 @@ REDIS_PORT: 6379
 # OTP settings
 # OTP/MFA 配置
 # OTP_VALID_WINDOW: 0
-# OTP_ISSUER_NAME: Jumpserver
+# OTP_ISSUER_NAME: Jumpserver