[Update] 统一coco host key (#2336)

apps/common/signals_handler.py

@@ -1,5 +1,7 @@
 # -*- coding: utf-8 -*-
 #
+import json
+
 from django.dispatch import receiver
 from django.db.models.signals import post_save, pre_save
 from django.conf import LazySettings, empty
@@ -8,7 +10,7 @@ from django.core.cache import cache
 
 from jumpserver.utils import current_request
 from .models import Setting
-from .utils import get_logger
+from .utils import get_logger, ssh_key_gen
 from .signals import django_ready
 
 logger = get_logger(__file__)
@@ -62,6 +64,15 @@ def refresh_all_settings_on_django_ready(sender, **kwargs):
         pass
 
 
+@receiver(django_ready)
+def auto_generate_terminal_host_key(sender, **kwargs):
+    if Setting.objects.filter(name='TERMINAL_HOST_KEY').exists():
+        return
+    private_key, public_key = ssh_key_gen()
+    value = json.dumps(private_key)
+    Setting.objects.create(name='TERMINAL_HOST_KEY', value=value)
+
+
 @receiver(pre_save, dispatch_uid="my_unique_identifier")
 def on_create_set_created_by(sender, instance=None, **kwargs):
     if getattr(instance, '_ignore_auto_created_by', False) is True:

apps/jumpserver/conf.py

@@ -321,6 +321,7 @@ defaults = {
     'TERMINAL_ASSET_LIST_SORT_BY': 'hostname',
     'TERMINAL_ASSET_LIST_PAGE_SIZE': 'auto',
     'TERMINAL_SESSION_KEEP_DURATION': 9999,
+    'TERMINAL_HOST_KEY': '',
     'SECURITY_MFA_AUTH': False,
     'SECURITY_LOGIN_LIMIT_COUNT': 7,
     'SECURITY_LOGIN_LIMIT_TIME': 30,

apps/jumpserver/settings.py

@@ -504,6 +504,7 @@ TERMINAL_HEARTBEAT_INTERVAL = CONFIG.TERMINAL_HEARTBEAT_INTERVAL
 TERMINAL_ASSET_LIST_SORT_BY = CONFIG.TERMINAL_ASSET_LIST_SORT_BY
 TERMINAL_ASSET_LIST_PAGE_SIZE = CONFIG.TERMINAL_ASSET_LIST_PAGE_SIZE
 TERMINAL_SESSION_KEEP_DURATION = CONFIG.TERMINAL_SESSION_KEEP_DURATION
+TERMINAL_HOST_KEY = CONFIG.TERMINAL_HOST_KEY
 
 # Django bootstrap3 setting, more see http://django-bootstrap3.readthedocs.io/en/latest/settings.html
 BOOTSTRAP3 = {

apps/locale/zh/LC_MESSAGES/django.po

@@ -2989,7 +2989,7 @@ msgstr "一个月内历史汇总"
 
 #: templates/index.html:277 templates/index.html:301
 msgid "Login count"
-msgstr "登陆次数"
+msgstr "登录次数"
 
 #: templates/index.html:277 templates/index.html:308
 msgid "Active users"
@@ -3009,7 +3009,7 @@ msgstr "禁用用户"
 
 #: templates/index.html:342 templates/index.html:394
 msgid "Month not logged in user"
-msgstr "月未登陆用户"
+msgstr "月未登录用户"
 
 #: templates/index.html:368 templates/index.html:444
 msgid "Access to the source"
@@ -3017,7 +3017,7 @@ msgstr "访问来源"
 
 #: templates/index.html:418 templates/index.html:468
 msgid "Month is logged into the host"
-msgstr "月被登陆主机"
+msgstr "月被登录主机"
 
 #: templates/index.html:418 templates/index.html:469
 msgid "Disable host"
@@ -3025,7 +3025,7 @@ msgstr "禁用主机"
 
 #: templates/index.html:418 templates/index.html:470
 msgid "Month not logged on host"
-msgstr "月未登陆主机"
+msgstr "月未登录主机"
 
 #: templates/rest_framework/base.html:128
 msgid "Filters"
@@ -3583,7 +3583,7 @@ msgstr "更新ssh密钥"
 #: users/templates/users/first_login.html:19
 #: users/templates/users/first_login_done.html:19
 msgid "First Login"
-msgstr "首次登陆"
+msgstr "首次登录"
 
 #: users/templates/users/first_login.html:72
 msgid "I agree with the terms and conditions."
@@ -4326,7 +4326,7 @@ msgstr "* 您的密码不符合要求"
 
 #: users/views/login.py:349
 msgid "First login"
-msgstr "首次登陆"
+msgstr "首次登录"
 
 #: users/views/user.py:145
 msgid "Bulk update user success"

apps/terminal/models.py

@@ -61,8 +61,9 @@ class Terminal(models.Model):
     def config(self):
         configs = {}
         for k in dir(settings):
-            if k.startswith('TERMINAL'):
+            if not k.startswith('TERMINAL'):
-                configs[k] = getattr(settings, k)
+                continue
+            configs[k] = getattr(settings, k)
         configs.update(self.get_common_storage())
         configs.update(self.get_replay_storage())
         configs.update({

apps/users/api/user.py

@@ -19,6 +19,7 @@ from orgs.utils import current_org
 from ..serializers import UserSerializer, UserPKUpdateSerializer, \
     UserUpdateGroupSerializer, ChangeUserPasswordSerializer
 from ..models import User
+from ..signals import post_user_create
 
 
 logger = get_logger(__name__)
@@ -37,6 +38,10 @@ class UserViewSet(IDInFilterMixin, BulkModelViewSet):
     permission_classes = (IsOrgAdmin,)
     pagination_class = LimitOffsetPagination
 
+    def perform_create(self, serializer):
+        user = serializer.save()
+        post_user_create.send(self.__class__, user=user)
+
     def get_queryset(self):
         queryset = current_org.get_org_users()
         return queryset

config_example.yml

@@ -1,5 +1,6 @@
 # SECURITY WARNING: keep the secret key used in production secret!
-# 加密秘钥 生产环境中请修改为随机字符串，请勿外泄
+# 加密秘钥 生产环境中请修改为随机字符串，请勿外泄, 可使用命令生成 
+# $ cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo
 SECRET_KEY:
 
 # SECURITY WARNING: keep the bootstrap token used in production secret!
@@ -64,4 +65,4 @@ REDIS_PORT: 6379
 # OTP settings
 # OTP/MFA 配置
 # OTP_VALID_WINDOW: 0
-# OTP_ISSUER_NAME: Jumpserver
+# OTP_ISSUER_NAME: Jumpserver