From 50c1b3ed4a359d3639e9b9cb01614289b9f68e2d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=80=81=E5=B9=BF?= <ibuler@qq.com>
Date: Thu, 10 Jan 2019 11:50:08 +0800
Subject: [PATCH] =?UTF-8?q?[Update]=20=E7=BB=9F=E4=B8=80coco=20host=20key?=
 =?UTF-8?q?=20(#2336)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/common/signals_handler.py       |  13 ++++++++++++-
 apps/jumpserver/conf.py              |   1 +
 apps/jumpserver/settings.py          |   1 +
 apps/locale/zh/LC_MESSAGES/django.mo | Bin 60399 -> 60399 bytes
 apps/locale/zh/LC_MESSAGES/django.po |  12 ++++++------
 apps/terminal/models.py              |   5 +++--
 apps/users/api/user.py               |   5 +++++
 config_example.yml                   |   5 +++--
 8 files changed, 31 insertions(+), 11 deletions(-)

diff --git a/apps/common/signals_handler.py b/apps/common/signals_handler.py
index 96142e394..96355a771 100644
--- a/apps/common/signals_handler.py
+++ b/apps/common/signals_handler.py
@@ -1,5 +1,7 @@
 # -*- coding: utf-8 -*-
 #
+import json
+
 from django.dispatch import receiver
 from django.db.models.signals import post_save, pre_save
 from django.conf import LazySettings, empty
@@ -8,7 +10,7 @@ from django.core.cache import cache
 
 from jumpserver.utils import current_request
 from .models import Setting
-from .utils import get_logger
+from .utils import get_logger, ssh_key_gen
 from .signals import django_ready
 
 logger = get_logger(__file__)
@@ -62,6 +64,15 @@ def refresh_all_settings_on_django_ready(sender, **kwargs):
         pass
 
 
+@receiver(django_ready)
+def auto_generate_terminal_host_key(sender, **kwargs):
+    if Setting.objects.filter(name='TERMINAL_HOST_KEY').exists():
+        return
+    private_key, public_key = ssh_key_gen()
+    value = json.dumps(private_key)
+    Setting.objects.create(name='TERMINAL_HOST_KEY', value=value)
+
+
 @receiver(pre_save, dispatch_uid="my_unique_identifier")
 def on_create_set_created_by(sender, instance=None, **kwargs):
     if getattr(instance, '_ignore_auto_created_by', False) is True:
diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py
index b4f3ff0a1..c940337da 100644
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -321,6 +321,7 @@ defaults = {
     'TERMINAL_ASSET_LIST_SORT_BY': 'hostname',
     'TERMINAL_ASSET_LIST_PAGE_SIZE': 'auto',
     'TERMINAL_SESSION_KEEP_DURATION': 9999,
+    'TERMINAL_HOST_KEY': '',
     'SECURITY_MFA_AUTH': False,
     'SECURITY_LOGIN_LIMIT_COUNT': 7,
     'SECURITY_LOGIN_LIMIT_TIME': 30,
diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py
index db1822839..518b4617e 100644
--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@@ -504,6 +504,7 @@ TERMINAL_HEARTBEAT_INTERVAL = CONFIG.TERMINAL_HEARTBEAT_INTERVAL
 TERMINAL_ASSET_LIST_SORT_BY = CONFIG.TERMINAL_ASSET_LIST_SORT_BY
 TERMINAL_ASSET_LIST_PAGE_SIZE = CONFIG.TERMINAL_ASSET_LIST_PAGE_SIZE
 TERMINAL_SESSION_KEEP_DURATION = CONFIG.TERMINAL_SESSION_KEEP_DURATION
+TERMINAL_HOST_KEY = CONFIG.TERMINAL_HOST_KEY
 
 # Django bootstrap3 setting, more see http://django-bootstrap3.readthedocs.io/en/latest/settings.html
 BOOTSTRAP3 = {
diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo
index a6518874eff0d18bf78d4278827e25b5eb29bf5f..71cba8f0c095c95860932dac6c98b61f30f8d12d 100644
GIT binary patch
delta 100
zcmaEVo%#KB<_$r!+07LUO|48UHb>63loxoqcPhinWz(LmS@?YBZXjp#qFqHC%pivN
oVR<G^Amho7-OuLiVt6*E<Jp{55Jk_Yta#S39Ytt!{Lu+&0Bx~3GXMYp

delta 100
zcmaEVo%#KB<_$r!+07ITjjc?KHb>63loxn8vyI{9vT4uOEPOt5H;}V=(XJv6W)MUC
ouso9{knv>4?q_p$F+7{o@odg2h@$6HRy^z2jv}-<{^$fX06Ahf5C8xG

diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po
index 98e838293..c4289ffe0 100644
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
@@ -2989,7 +2989,7 @@ msgstr "一个月内历史汇总"
 
 #: templates/index.html:277 templates/index.html:301
 msgid "Login count"
-msgstr "登陆次数"
+msgstr "登录次数"
 
 #: templates/index.html:277 templates/index.html:308
 msgid "Active users"
@@ -3009,7 +3009,7 @@ msgstr "禁用用户"
 
 #: templates/index.html:342 templates/index.html:394
 msgid "Month not logged in user"
-msgstr "月未登陆用户"
+msgstr "月未登录用户"
 
 #: templates/index.html:368 templates/index.html:444
 msgid "Access to the source"
@@ -3017,7 +3017,7 @@ msgstr "访问来源"
 
 #: templates/index.html:418 templates/index.html:468
 msgid "Month is logged into the host"
-msgstr "月被登陆主机"
+msgstr "月被登录主机"
 
 #: templates/index.html:418 templates/index.html:469
 msgid "Disable host"
@@ -3025,7 +3025,7 @@ msgstr "禁用主机"
 
 #: templates/index.html:418 templates/index.html:470
 msgid "Month not logged on host"
-msgstr "月未登陆主机"
+msgstr "月未登录主机"
 
 #: templates/rest_framework/base.html:128
 msgid "Filters"
@@ -3583,7 +3583,7 @@ msgstr "更新ssh密钥"
 #: users/templates/users/first_login.html:19
 #: users/templates/users/first_login_done.html:19
 msgid "First Login"
-msgstr "首次登陆"
+msgstr "首次登录"
 
 #: users/templates/users/first_login.html:72
 msgid "I agree with the terms and conditions."
@@ -4326,7 +4326,7 @@ msgstr "* 您的密码不符合要求"
 
 #: users/views/login.py:349
 msgid "First login"
-msgstr "首次登陆"
+msgstr "首次登录"
 
 #: users/views/user.py:145
 msgid "Bulk update user success"
diff --git a/apps/terminal/models.py b/apps/terminal/models.py
index 880637efe..ad72dd583 100644
--- a/apps/terminal/models.py
+++ b/apps/terminal/models.py
@@ -61,8 +61,9 @@ class Terminal(models.Model):
     def config(self):
         configs = {}
         for k in dir(settings):
-            if k.startswith('TERMINAL'):
-                configs[k] = getattr(settings, k)
+            if not k.startswith('TERMINAL'):
+                continue
+            configs[k] = getattr(settings, k)
         configs.update(self.get_common_storage())
         configs.update(self.get_replay_storage())
         configs.update({
diff --git a/apps/users/api/user.py b/apps/users/api/user.py
index a1119e3a7..36050710e 100644
--- a/apps/users/api/user.py
+++ b/apps/users/api/user.py
@@ -19,6 +19,7 @@ from orgs.utils import current_org
 from ..serializers import UserSerializer, UserPKUpdateSerializer, \
     UserUpdateGroupSerializer, ChangeUserPasswordSerializer
 from ..models import User
+from ..signals import post_user_create
 
 
 logger = get_logger(__name__)
@@ -37,6 +38,10 @@ class UserViewSet(IDInFilterMixin, BulkModelViewSet):
     permission_classes = (IsOrgAdmin,)
     pagination_class = LimitOffsetPagination
 
+    def perform_create(self, serializer):
+        user = serializer.save()
+        post_user_create.send(self.__class__, user=user)
+
     def get_queryset(self):
         queryset = current_org.get_org_users()
         return queryset
diff --git a/config_example.yml b/config_example.yml
index 219a4f024..a88dc8596 100644
--- a/config_example.yml
+++ b/config_example.yml
@@ -1,5 +1,6 @@
 # SECURITY WARNING: keep the secret key used in production secret!
-# 加密秘钥 生产环境中请修改为随机字符串，请勿外泄
+# 加密秘钥 生产环境中请修改为随机字符串，请勿外泄, 可使用命令生成 
+# $ cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo
 SECRET_KEY:
 
 # SECURITY WARNING: keep the bootstrap token used in production secret!
@@ -64,4 +65,4 @@ REDIS_PORT: 6379
 # OTP settings
 # OTP/MFA 配置
 # OTP_VALID_WINDOW: 0
-# OTP_ISSUER_NAME: Jumpserver
\ No newline at end of file
+# OTP_ISSUER_NAME: Jumpserver