diff --git a/.gitattributes b/.gitattributes index 35ca802a3..24d9e1cd5 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,2 +1,3 @@ *.mmdb filter=lfs diff=lfs merge=lfs -text *.mo filter=lfs diff=lfs merge=lfs -text +*.ipdb filter=lfs diff=lfs merge=lfs -text diff --git a/apps/assets/serializers/base.py b/apps/assets/serializers/base.py index 7c8760562..c20b1abb8 100644 --- a/apps/assets/serializers/base.py +++ b/apps/assets/serializers/base.py @@ -11,8 +11,8 @@ from assets.models import Type class AuthSerializer(serializers.ModelSerializer): - password = EncryptedField(required=False, allow_blank=True, allow_null=True, max_length=1024) - private_key = EncryptedField(required=False, allow_blank=True, allow_null=True, max_length=4096) + password = EncryptedField(required=False, allow_blank=True, allow_null=True, max_length=1024, label=_('Password')) + private_key = EncryptedField(required=False, allow_blank=True, allow_null=True, max_length=4096, label=_('Private key')) def gen_keys(self, private_key=None, password=None): if private_key is None: @@ -32,8 +32,12 @@ class AuthSerializer(serializers.ModelSerializer): class AuthSerializerMixin(serializers.ModelSerializer): - password = EncryptedField(required=False, allow_blank=True, allow_null=True, max_length=1024) - private_key = EncryptedField(required=False, allow_blank=True, allow_null=True, max_length=4096) + password = EncryptedField( + label=_('Password'), required=False, allow_blank=True, allow_null=True, max_length=1024 + ) + private_key = EncryptedField( + label=_('SSH private key'), required=False, allow_blank=True, allow_null=True, max_length=4096 + ) passphrase = serializers.CharField( allow_blank=True, allow_null=True, required=False, max_length=512, write_only=True, label=_('Key password') diff --git a/apps/common/drf/fields.py b/apps/common/drf/fields.py index 98919f2df..abddeca01 100644 --- a/apps/common/drf/fields.py +++ b/apps/common/drf/fields.py @@ -27,6 +27,10 @@ class ReadableHiddenField(serializers.HiddenField): class EncryptedField(serializers.CharField): + def __init__(self, **kwargs): + kwargs['write_only'] = True + super().__init__(**kwargs) + def to_internal_value(self, value): value = super().to_internal_value(value) return decrypt_password(value) diff --git a/apps/common/utils/__init__.py b/apps/common/utils/__init__.py index d76814506..87d36595b 100644 --- a/apps/common/utils/__init__.py +++ b/apps/common/utils/__init__.py @@ -9,4 +9,3 @@ from .crypto import * from .random import * from .jumpserver import * from .ip import * -from .geoip import * diff --git a/apps/common/utils/connection.py b/apps/common/utils/connection.py index 291d4516d..242b0cb21 100644 --- a/apps/common/utils/connection.py +++ b/apps/common/utils/connection.py @@ -19,7 +19,7 @@ def get_redis_client(db=0): 'password': CONFIG.REDIS_PASSWORD, 'db': db, "ssl": is_true(CONFIG.REDIS_USE_SSL), - 'ssl_cert_reqs': CONFIG.REDIS_SSL_REQUIRED, + 'ssl_cert_reqs': getattr(settings, 'REDIS_SSL_REQUIRED'), 'ssl_keyfile': getattr(settings, 'REDIS_SSL_KEYFILE'), 'ssl_certfile': getattr(settings, 'REDIS_SSL_CERTFILE'), 'ssl_ca_certs': getattr(settings, 'REDIS_SSL_CA_CERTS'), diff --git a/apps/common/utils/geoip/__init__.py b/apps/common/utils/ip/__init__.py similarity index 100% rename from apps/common/utils/geoip/__init__.py rename to apps/common/utils/ip/__init__.py diff --git a/apps/common/utils/geoip/GeoLite2-City.mmdb b/apps/common/utils/ip/geoip/GeoLite2-City.mmdb similarity index 100% rename from apps/common/utils/geoip/GeoLite2-City.mmdb rename to apps/common/utils/ip/geoip/GeoLite2-City.mmdb diff --git a/apps/common/utils/ip/geoip/__init__.py b/apps/common/utils/ip/geoip/__init__.py new file mode 100644 index 000000000..16281fe0b --- /dev/null +++ b/apps/common/utils/ip/geoip/__init__.py @@ -0,0 +1 @@ +from .utils import * diff --git a/apps/common/utils/geoip/utils.py b/apps/common/utils/ip/geoip/utils.py similarity index 69% rename from apps/common/utils/geoip/utils.py rename to apps/common/utils/ip/geoip/utils.py index e80c0b262..5e829f610 100644 --- a/apps/common/utils/geoip/utils.py +++ b/apps/common/utils/ip/geoip/utils.py @@ -8,11 +8,11 @@ from geoip2.errors import GeoIP2Error from django.utils.translation import ugettext_lazy as _ from django.conf import settings -__all__ = ['get_ip_city'] +__all__ = ['get_ip_city_by_geoip'] reader = None -def get_ip_city(ip): +def get_ip_city_by_geoip(ip): if not ip or '.' not in ip or not isinstance(ip, str): return _("Invalid ip") if ':' in ip: @@ -32,15 +32,13 @@ def get_ip_city(ip): try: response = reader.city(ip) except GeoIP2Error: - return _("Unknown ip") + return {} - names = response.city.names - if not names: - names = response.country.names + city_names = response.city.names or {} + lang = settings.LANGUAGE_CODE[:2] + if lang == 'zh': + lang = 'zh-CN' + city = city_names.get(lang, _("Unknown")) + return city - if 'en' in settings.LANGUAGE_CODE and 'en' in names: - return names['en'] - elif 'zh-CN' in names: - return names['zh-CN'] - return _("Unknown ip") diff --git a/apps/common/utils/ip/ipip/__init__.py b/apps/common/utils/ip/ipip/__init__.py new file mode 100644 index 000000000..103b36654 --- /dev/null +++ b/apps/common/utils/ip/ipip/__init__.py @@ -0,0 +1,3 @@ +# -*- coding: utf-8 -*- +# +from .utils import * diff --git a/apps/common/utils/ip/ipip/ipipfree.ipdb b/apps/common/utils/ip/ipip/ipipfree.ipdb new file mode 100644 index 000000000..ddd90522c --- /dev/null +++ b/apps/common/utils/ip/ipip/ipipfree.ipdb @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b82b874152c798dda407ffe7544e1f5ec67efa1f5c334efc0d3893b8053b4be1 +size 3649897 diff --git a/apps/common/utils/ip/ipip/utils.py b/apps/common/utils/ip/ipip/utils.py new file mode 100644 index 000000000..ef97f4794 --- /dev/null +++ b/apps/common/utils/ip/ipip/utils.py @@ -0,0 +1,23 @@ +# -*- coding: utf-8 -*- +# +import os +from django.utils.translation import ugettext as _ + +import ipdb + +__all__ = ['get_ip_city_by_ipip'] +ipip_db = None + + +def get_ip_city_by_ipip(ip): + global ipip_db + if not ip or not isinstance(ip, str): + return _("Invalid ip") + if ':' in ip: + return 'IPv6' + if ipip_db is None: + ipip_db_path = os.path.join(os.path.dirname(__file__), 'ipipfree.ipdb') + ipip_db = ipdb.City(ipip_db_path) + + info = ipip_db.find_info(ip, 'CN') + return {'city': info.city_name, 'country': info.country_name} diff --git a/apps/common/utils/ip.py b/apps/common/utils/ip/utils.py similarity index 75% rename from apps/common/utils/ip.py rename to apps/common/utils/ip/utils.py index 0000a5da7..e75ecb85c 100644 --- a/apps/common/utils/ip.py +++ b/apps/common/utils/ip/utils.py @@ -1,4 +1,9 @@ from ipaddress import ip_network, ip_address +from django.conf import settings +from django.utils.translation import gettext_lazy as _ + +from .ipip import get_ip_city_by_ipip +from .geoip import get_ip_city_by_geoip def is_ip_address(address): @@ -66,3 +71,16 @@ def contains_ip(ip, ip_group): return True return False + + +def get_ip_city(ip): + info = get_ip_city_by_ipip(ip) + city = info.get('city', _("Unknown")) + country = info.get('country') + + # 国内城市 并且 语言是中文就使用国内 + is_zh = settings.LANGUAGE_CODE.startswith('zh') + if country == '中国' and is_zh: + return city + else: + return get_ip_city_by_geoip(ip) diff --git a/apps/jumpserver/rewriting/session.py b/apps/jumpserver/rewriting/session.py index d7e0428aa..f3b432657 100644 --- a/apps/jumpserver/rewriting/session.py +++ b/apps/jumpserver/rewriting/session.py @@ -18,7 +18,7 @@ class RedisServer(_RedisServer): ssl_params = {} if CONFIG.REDIS_USE_SSL: ssl_params = { - 'ssl_cert_reqs': CONFIG.REDIS_SSL_REQUIRED, + 'ssl_cert_reqs': getattr(settings, 'REDIS_SSL_REQUIRED'), 'ssl_keyfile': getattr(settings, 'REDIS_SSL_KEYFILE'), 'ssl_certfile': getattr(settings, 'REDIS_SSL_CERTFILE'), 'ssl_ca_certs': getattr(settings, 'REDIS_SSL_CA_CERTS'), diff --git a/apps/jumpserver/settings/base.py b/apps/jumpserver/settings/base.py index 7c3657f35..327c3ea97 100644 --- a/apps/jumpserver/settings/base.py +++ b/apps/jumpserver/settings/base.py @@ -277,6 +277,11 @@ REDIS_SSL_CA_CERTS = os.path.join(PROJECT_DIR, 'data', 'certs', 'redis_ca.crt') if not os.path.exists(REDIS_SSL_CA_CERTS): REDIS_SSL_CA_CERTS = os.path.join(PROJECT_DIR, 'data', 'certs', 'redis_ca.pem') +if not os.path.exists(REDIS_SSL_CA_CERTS): + REDIS_SSL_CA_CERTS = None + +REDIS_SSL_REQUIRED = CONFIG.REDIS_SSL_REQUIRED or 'none' + CACHES = { 'default': { # 'BACKEND': 'redis_cache.RedisCache', @@ -291,7 +296,7 @@ CACHES = { 'OPTIONS': { "REDIS_CLIENT_KWARGS": {"health_check_interval": 30}, "CONNECTION_POOL_KWARGS": { - 'ssl_cert_reqs': CONFIG.REDIS_SSL_REQUIRED, + 'ssl_cert_reqs': REDIS_SSL_REQUIRED, "ssl_keyfile": REDIS_SSL_KEYFILE, "ssl_certfile": REDIS_SSL_CERTFILE, "ssl_ca_certs": REDIS_SSL_CA_CERTS diff --git a/apps/jumpserver/settings/libs.py b/apps/jumpserver/settings/libs.py index 59446b9de..c67c21f0b 100644 --- a/apps/jumpserver/settings/libs.py +++ b/apps/jumpserver/settings/libs.py @@ -3,7 +3,7 @@ import os import ssl -from .base import REDIS_SSL_CA_CERTS, REDIS_SSL_CERTFILE, REDIS_SSL_KEYFILE +from .base import REDIS_SSL_CA_CERTS, REDIS_SSL_CERTFILE, REDIS_SSL_KEYFILE, REDIS_SSL_REQUIRED from ..const import CONFIG, PROJECT_DIR REST_FRAMEWORK = { @@ -90,7 +90,8 @@ if not CONFIG.REDIS_USE_SSL: else: context = ssl.SSLContext() context.check_hostname = bool(CONFIG.REDIS_SSL_REQUIRED) - context.load_verify_locations(REDIS_SSL_CA_CERTS) + if REDIS_SSL_CA_CERTS: + context.load_verify_locations(REDIS_SSL_CA_CERTS) if REDIS_SSL_CERTFILE and REDIS_SSL_KEYFILE: context.load_cert_chain(REDIS_SSL_CERTFILE, REDIS_SSL_KEYFILE) @@ -140,7 +141,7 @@ CELERY_WORKER_REDIRECT_STDOUTS_LEVEL = "INFO" CELERY_TASK_SOFT_TIME_LIMIT = 3600 if CONFIG.REDIS_USE_SSL: CELERY_BROKER_USE_SSL = CELERY_REDIS_BACKEND_USE_SSL = { - 'ssl_cert_reqs': CONFIG.REDIS_SSL_REQUIRED, + 'ssl_cert_reqs': REDIS_SSL_REQUIRED, 'ssl_ca_certs': REDIS_SSL_CA_CERTS, 'ssl_certfile': REDIS_SSL_CERTFILE, 'ssl_keyfile': REDIS_SSL_KEYFILE diff --git a/apps/locale/ja/LC_MESSAGES/django.mo b/apps/locale/ja/LC_MESSAGES/django.mo index eba651a80..c78d49bb5 100644 --- a/apps/locale/ja/LC_MESSAGES/django.mo +++ b/apps/locale/ja/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:90a70c14fd3b546cb1ef6a96da4cd7a2acde947128bbb773527ed1845510511c -size 127420 +oid sha256:01a52223f421d736b00a600f623d28ac4a43e97a30f5e9cbebc3e6d18ed4527e +size 127324 diff --git a/apps/locale/ja/LC_MESSAGES/django.po b/apps/locale/ja/LC_MESSAGES/django.po index a8145faa8..287e88567 100644 --- a/apps/locale/ja/LC_MESSAGES/django.po +++ b/apps/locale/ja/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-05-12 14:39+0800\n" +"POT-Creation-Date: 2022-05-16 17:43+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -33,7 +33,7 @@ msgstr "Acls" #: terminal/models/storage.py:25 terminal/models/task.py:16 #: terminal/models/terminal.py:100 users/forms/profile.py:33 #: users/models/group.py:15 users/models/user.py:661 -#: xpack/plugins/cloud/models.py:27 +#: xpack/plugins/cloud/models.py:28 msgid "Name" msgstr "名前" @@ -66,12 +66,13 @@ msgstr "アクティブ" #: tickets/models/comment.py:24 tickets/models/ticket.py:154 #: users/models/group.py:16 users/models/user.py:698 #: xpack/plugins/change_auth_plan/models/base.py:44 -#: xpack/plugins/cloud/models.py:34 xpack/plugins/cloud/models.py:115 +#: xpack/plugins/cloud/models.py:35 xpack/plugins/cloud/models.py:116 #: xpack/plugins/gathered_user/models.py:26 msgid "Comment" msgstr "コメント" #: acls/models/login_acl.py:18 tickets/const.py:38 +#: tickets/templates/tickets/approve_check_password.html:39 msgid "Reject" msgstr "拒否" @@ -134,7 +135,7 @@ msgstr "システムユーザー" #: terminal/notifications.py:90 #: xpack/plugins/change_auth_plan/models/asset.py:199 #: xpack/plugins/change_auth_plan/serializers/asset.py:180 -#: xpack/plugins/cloud/models.py:222 +#: xpack/plugins/cloud/models.py:223 msgid "Asset" msgstr "資産" @@ -318,7 +319,7 @@ msgstr "タイプ" msgid "Domain" msgstr "ドメイン" -#: applications/models/application.py:228 xpack/plugins/cloud/models.py:32 +#: applications/models/application.py:228 xpack/plugins/cloud/models.py:33 #: xpack/plugins/cloud/serializers/account.py:59 msgid "Attrs" msgstr "ツールバーの" @@ -357,7 +358,7 @@ msgstr "タイプ表示" #: common/mixins/models.py:50 ops/models/adhoc.py:39 ops/models/command.py:30 #: orgs/models.py:67 orgs/models.py:217 perms/models/base.py:92 #: users/models/group.py:18 users/models/user.py:915 -#: xpack/plugins/cloud/models.py:124 +#: xpack/plugins/cloud/models.py:125 msgid "Date created" msgstr "作成された日付" @@ -572,7 +573,7 @@ msgstr "ホスト名生" #: assets/models/asset.py:215 assets/serializers/account.py:16 #: assets/serializers/asset.py:65 perms/serializers/asset/user_permission.py:41 -#: xpack/plugins/cloud/models.py:106 xpack/plugins/cloud/serializers/task.py:42 +#: xpack/plugins/cloud/models.py:107 xpack/plugins/cloud/serializers/task.py:42 msgid "Protocols" msgstr "プロトコル" @@ -612,7 +613,7 @@ msgstr "ラベル" #: orgs/models.py:219 perms/models/base.py:91 users/models/user.py:706 #: users/serializers/group.py:33 #: xpack/plugins/change_auth_plan/models/base.py:48 -#: xpack/plugins/cloud/models.py:121 xpack/plugins/gathered_user/models.py:30 +#: xpack/plugins/cloud/models.py:122 xpack/plugins/gathered_user/models.py:30 msgid "Created by" msgstr "によって作成された" @@ -716,7 +717,7 @@ msgstr "トリガーモード" #: xpack/plugins/change_auth_plan/models/base.py:201 #: xpack/plugins/change_auth_plan/serializers/app.py:66 #: xpack/plugins/change_auth_plan/serializers/asset.py:179 -#: xpack/plugins/cloud/models.py:178 +#: xpack/plugins/cloud/models.py:179 msgid "Reason" msgstr "理由" @@ -734,6 +735,7 @@ msgid "Account backup execution" msgstr "アカウントバックアップの実行" #: assets/models/base.py:30 assets/tasks/const.py:51 audits/const.py:5 +#: common/utils/ip/geoip/utils.py:41 common/utils/ip/utils.py:78 msgid "Unknown" msgstr "不明" @@ -954,7 +956,7 @@ msgid "Parent key" msgstr "親キー" #: assets/models/node.py:559 assets/serializers/system_user.py:263 -#: xpack/plugins/cloud/models.py:95 xpack/plugins/cloud/serializers/task.py:69 +#: xpack/plugins/cloud/models.py:96 xpack/plugins/cloud/serializers/task.py:69 msgid "Node" msgstr "ノード" @@ -1491,8 +1493,8 @@ msgid "MFA" msgstr "MFA" #: audits/models.py:128 terminal/models/status.py:33 -#: tickets/models/ticket.py:140 xpack/plugins/cloud/models.py:174 -#: xpack/plugins/cloud/models.py:226 +#: tickets/models/ticket.py:140 xpack/plugins/cloud/models.py:175 +#: xpack/plugins/cloud/models.py:227 msgid "Status" msgstr "ステータス" @@ -1529,7 +1531,7 @@ msgid "Hosts display" msgstr "ホスト表示" #: audits/serializers.py:96 ops/models/command.py:27 -#: xpack/plugins/cloud/models.py:172 +#: xpack/plugins/cloud/models.py:173 msgid "Result" msgstr "結果" @@ -2100,7 +2102,7 @@ msgstr "バインディングリマインダー" #: perms/serializers/application/permission.py:20 #: perms/serializers/application/permission.py:41 #: perms/serializers/asset/permission.py:19 -#: perms/serializers/asset/permission.py:45 users/serializers/user.py:141 +#: perms/serializers/asset/permission.py:45 users/serializers/user.py:143 msgid "Is valid" msgstr "有効です" @@ -2637,18 +2639,15 @@ msgstr "確認コードが正しくありません" msgid "Please wait {} seconds before sending" msgstr "{} 秒待ってから送信してください" -#: common/utils/geoip/utils.py:17 common/utils/geoip/utils.py:30 +#: common/utils/ip/geoip/utils.py:17 common/utils/ip/geoip/utils.py:30 +#: common/utils/ip/ipip/utils.py:15 msgid "Invalid ip" msgstr "無効なIP" -#: common/utils/geoip/utils.py:28 +#: common/utils/ip/geoip/utils.py:28 msgid "LAN" msgstr "LAN" -#: common/utils/geoip/utils.py:35 common/utils/geoip/utils.py:45 -msgid "Unknown ip" -msgstr "不明なip" - #: common/validators.py:32 msgid "This field must be unique." msgstr "このフィールドは一意である必要があります。" @@ -3063,8 +3062,8 @@ msgstr "Organization {} のアプリケーション権限" #: perms/serializers/application/permission.py:21 #: perms/serializers/application/permission.py:40 #: perms/serializers/asset/permission.py:20 -#: perms/serializers/asset/permission.py:44 users/serializers/user.py:86 -#: users/serializers/user.py:143 +#: perms/serializers/asset/permission.py:44 users/serializers/user.py:87 +#: users/serializers/user.py:145 msgid "Is expired" msgstr "期限切れです" @@ -4977,7 +4976,7 @@ msgstr "バケット" msgid "Secret key" msgstr "秘密キー" -#: terminal/serializers/storage.py:64 xpack/plugins/cloud/models.py:219 +#: terminal/serializers/storage.py:64 xpack/plugins/cloud/models.py:220 msgid "Region" msgstr "リージョン" @@ -5492,12 +5491,8 @@ msgid "Ticket approval" msgstr "作業指示の承認" #: tickets/templates/tickets/approve_check_password.html:35 -msgid "Ticket direct approval" -msgstr "作業指示の直接承認" - -#: tickets/templates/tickets/approve_check_password.html:39 -msgid "Ticket direct reject" -msgstr "作業指示の直接却下" +msgid "Approval" +msgstr "承認" #: tickets/templates/tickets/approve_check_password.html:44 msgid "Go Login" @@ -5645,7 +5640,7 @@ msgstr "強制有効" msgid "Local" msgstr "ローカル" -#: users/models/user.py:673 users/serializers/user.py:142 +#: users/models/user.py:673 users/serializers/user.py:144 msgid "Is service account" msgstr "サービスアカウントです" @@ -5744,101 +5739,101 @@ msgstr "新しいパスワードを最後の {} 個のパスワードにする msgid "The newly set password is inconsistent" msgstr "新しく設定されたパスワードが一致しない" -#: users/serializers/profile.py:147 users/serializers/user.py:140 +#: users/serializers/profile.py:147 users/serializers/user.py:142 msgid "Is first login" msgstr "最初のログインです" -#: users/serializers/user.py:25 users/serializers/user.py:32 +#: users/serializers/user.py:26 users/serializers/user.py:33 msgid "System roles" msgstr "システムの役割" -#: users/serializers/user.py:30 users/serializers/user.py:33 +#: users/serializers/user.py:31 users/serializers/user.py:34 msgid "Org roles" msgstr "組織ロール" -#: users/serializers/user.py:78 +#: users/serializers/user.py:79 #: xpack/plugins/change_auth_plan/models/base.py:35 #: xpack/plugins/change_auth_plan/serializers/base.py:22 msgid "Password strategy" msgstr "パスワード戦略" -#: users/serializers/user.py:80 +#: users/serializers/user.py:81 msgid "MFA enabled" msgstr "MFA有効化" -#: users/serializers/user.py:81 +#: users/serializers/user.py:82 msgid "MFA force enabled" msgstr "MFAフォース有効化" -#: users/serializers/user.py:83 +#: users/serializers/user.py:84 msgid "MFA level display" msgstr "MFAレベル表示" -#: users/serializers/user.py:85 +#: users/serializers/user.py:86 msgid "Login blocked" msgstr "ログインブロック" -#: users/serializers/user.py:88 +#: users/serializers/user.py:89 msgid "Can public key authentication" msgstr "公開鍵認証が可能" -#: users/serializers/user.py:144 +#: users/serializers/user.py:146 msgid "Avatar url" msgstr "アバターURL" -#: users/serializers/user.py:146 +#: users/serializers/user.py:148 msgid "Groups name" msgstr "グループ名" -#: users/serializers/user.py:147 +#: users/serializers/user.py:149 msgid "Source name" msgstr "ソース名" -#: users/serializers/user.py:148 +#: users/serializers/user.py:150 msgid "Organization role name" msgstr "組織の役割名" -#: users/serializers/user.py:149 +#: users/serializers/user.py:151 msgid "Super role name" msgstr "スーパーロール名" -#: users/serializers/user.py:150 +#: users/serializers/user.py:152 msgid "Total role name" msgstr "合計ロール名" -#: users/serializers/user.py:152 +#: users/serializers/user.py:154 msgid "Is wecom bound" msgstr "企業の微信をバインドしているかどうか" -#: users/serializers/user.py:153 +#: users/serializers/user.py:155 msgid "Is dingtalk bound" msgstr "ピンをバインドしているかどうか" -#: users/serializers/user.py:154 +#: users/serializers/user.py:156 msgid "Is feishu bound" msgstr "飛本を縛ったかどうか" -#: users/serializers/user.py:155 +#: users/serializers/user.py:157 msgid "Is OTP bound" msgstr "仮想MFAがバインドされているか" -#: users/serializers/user.py:157 +#: users/serializers/user.py:159 msgid "System role name" msgstr "システムロール名" -#: users/serializers/user.py:197 +#: users/serializers/user.py:199 msgid "User cannot self-update fields: {}" msgstr "ユーザーは自分のフィールドを更新できません: {}" -#: users/serializers/user.py:254 +#: users/serializers/user.py:256 msgid "Select users" msgstr "ユーザーの選択" -#: users/serializers/user.py:255 +#: users/serializers/user.py:257 msgid "For security, only list several users" msgstr "セキュリティのために、複数のユーザーのみをリストします" -#: users/serializers/user.py:290 +#: users/serializers/user.py:292 msgid "name not unique" msgstr "名前が一意ではない" @@ -6371,79 +6366,79 @@ msgstr "リリース済み" msgid "Cloud center" msgstr "クラウドセンター" -#: xpack/plugins/cloud/models.py:29 +#: xpack/plugins/cloud/models.py:30 msgid "Provider" msgstr "プロバイダー" -#: xpack/plugins/cloud/models.py:33 +#: xpack/plugins/cloud/models.py:34 msgid "Validity" msgstr "有効性" -#: xpack/plugins/cloud/models.py:38 +#: xpack/plugins/cloud/models.py:39 msgid "Cloud account" msgstr "クラウドアカウント" -#: xpack/plugins/cloud/models.py:40 +#: xpack/plugins/cloud/models.py:41 msgid "Test cloud account" msgstr "クラウドアカウントのテスト" -#: xpack/plugins/cloud/models.py:84 xpack/plugins/cloud/serializers/task.py:66 +#: xpack/plugins/cloud/models.py:85 xpack/plugins/cloud/serializers/task.py:66 msgid "Account" msgstr "アカウント" -#: xpack/plugins/cloud/models.py:87 xpack/plugins/cloud/serializers/task.py:37 +#: xpack/plugins/cloud/models.py:88 xpack/plugins/cloud/serializers/task.py:37 msgid "Regions" msgstr "リージョン" -#: xpack/plugins/cloud/models.py:90 +#: xpack/plugins/cloud/models.py:91 msgid "Hostname strategy" msgstr "ホスト名戦略" -#: xpack/plugins/cloud/models.py:99 xpack/plugins/cloud/serializers/task.py:67 +#: xpack/plugins/cloud/models.py:100 xpack/plugins/cloud/serializers/task.py:67 msgid "Unix admin user" msgstr "Unix adminユーザー" -#: xpack/plugins/cloud/models.py:103 xpack/plugins/cloud/serializers/task.py:68 +#: xpack/plugins/cloud/models.py:104 xpack/plugins/cloud/serializers/task.py:68 msgid "Windows admin user" msgstr "Windows管理者" -#: xpack/plugins/cloud/models.py:109 xpack/plugins/cloud/serializers/task.py:45 +#: xpack/plugins/cloud/models.py:110 xpack/plugins/cloud/serializers/task.py:45 msgid "IP network segment group" msgstr "IPネットワークセグメントグループ" -#: xpack/plugins/cloud/models.py:112 xpack/plugins/cloud/serializers/task.py:71 +#: xpack/plugins/cloud/models.py:113 xpack/plugins/cloud/serializers/task.py:71 msgid "Always update" msgstr "常に更新" -#: xpack/plugins/cloud/models.py:118 +#: xpack/plugins/cloud/models.py:119 msgid "Date last sync" msgstr "最終同期日" -#: xpack/plugins/cloud/models.py:129 xpack/plugins/cloud/models.py:170 +#: xpack/plugins/cloud/models.py:130 xpack/plugins/cloud/models.py:171 msgid "Sync instance task" msgstr "インスタンスの同期タスク" -#: xpack/plugins/cloud/models.py:181 xpack/plugins/cloud/models.py:229 +#: xpack/plugins/cloud/models.py:182 xpack/plugins/cloud/models.py:230 msgid "Date sync" msgstr "日付の同期" -#: xpack/plugins/cloud/models.py:185 +#: xpack/plugins/cloud/models.py:186 msgid "Sync instance task execution" msgstr "インスタンスタスクの同期実行" -#: xpack/plugins/cloud/models.py:209 +#: xpack/plugins/cloud/models.py:210 msgid "Sync task" msgstr "同期タスク" -#: xpack/plugins/cloud/models.py:213 +#: xpack/plugins/cloud/models.py:214 msgid "Sync instance task history" msgstr "インスタンスタスク履歴の同期" -#: xpack/plugins/cloud/models.py:216 +#: xpack/plugins/cloud/models.py:217 msgid "Instance" msgstr "インスタンス" -#: xpack/plugins/cloud/models.py:233 +#: xpack/plugins/cloud/models.py:234 msgid "Sync instance detail" msgstr "同期インスタンスの詳細" @@ -6805,6 +6800,9 @@ msgstr "究極のエディション" msgid "Community edition" msgstr "コミュニティ版" +#~ msgid "Unknown ip" +#~ msgstr "不明なip" + #~ msgid "" #~ "Windows needs to download the client to connect SSH assets, and the MacOS " #~ "system uses its own terminal" diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo index 5d4b3e1b9..3a91677a1 100644 --- a/apps/locale/zh/LC_MESSAGES/django.mo +++ b/apps/locale/zh/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:f181a41eb4dd8a30a576f7903e5c9f519da2042e5e095ac27146d7b4002ba3df -size 105303 +oid sha256:e4a00b4e1a3bc944c968987fd3c65798fb39fa552e91457693ec8fcb597820f0 +size 105225 diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index 9f099484e..feda0fbe7 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: JumpServer 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-05-12 14:39+0800\n" +"POT-Creation-Date: 2022-05-16 17:43+0800\n" "PO-Revision-Date: 2021-05-20 10:54+0800\n" "Last-Translator: ibuler \n" "Language-Team: JumpServer team\n" @@ -32,7 +32,7 @@ msgstr "访问控制" #: terminal/models/storage.py:25 terminal/models/task.py:16 #: terminal/models/terminal.py:100 users/forms/profile.py:33 #: users/models/group.py:15 users/models/user.py:661 -#: xpack/plugins/cloud/models.py:27 +#: xpack/plugins/cloud/models.py:28 msgid "Name" msgstr "名称" @@ -65,12 +65,13 @@ msgstr "激活中" #: tickets/models/comment.py:24 tickets/models/ticket.py:154 #: users/models/group.py:16 users/models/user.py:698 #: xpack/plugins/change_auth_plan/models/base.py:44 -#: xpack/plugins/cloud/models.py:34 xpack/plugins/cloud/models.py:115 +#: xpack/plugins/cloud/models.py:35 xpack/plugins/cloud/models.py:116 #: xpack/plugins/gathered_user/models.py:26 msgid "Comment" msgstr "备注" #: acls/models/login_acl.py:18 tickets/const.py:38 +#: tickets/templates/tickets/approve_check_password.html:39 msgid "Reject" msgstr "拒绝" @@ -133,7 +134,7 @@ msgstr "系统用户" #: terminal/notifications.py:90 #: xpack/plugins/change_auth_plan/models/asset.py:199 #: xpack/plugins/change_auth_plan/serializers/asset.py:180 -#: xpack/plugins/cloud/models.py:222 +#: xpack/plugins/cloud/models.py:223 msgid "Asset" msgstr "资产" @@ -313,7 +314,7 @@ msgstr "类型" msgid "Domain" msgstr "网域" -#: applications/models/application.py:228 xpack/plugins/cloud/models.py:32 +#: applications/models/application.py:228 xpack/plugins/cloud/models.py:33 #: xpack/plugins/cloud/serializers/account.py:59 msgid "Attrs" msgstr "属性" @@ -352,7 +353,7 @@ msgstr "类型名称" #: common/mixins/models.py:50 ops/models/adhoc.py:39 ops/models/command.py:30 #: orgs/models.py:67 orgs/models.py:217 perms/models/base.py:92 #: users/models/group.py:18 users/models/user.py:915 -#: xpack/plugins/cloud/models.py:124 +#: xpack/plugins/cloud/models.py:125 msgid "Date created" msgstr "创建日期" @@ -567,7 +568,7 @@ msgstr "主机名原始" #: assets/models/asset.py:215 assets/serializers/account.py:16 #: assets/serializers/asset.py:65 perms/serializers/asset/user_permission.py:41 -#: xpack/plugins/cloud/models.py:106 xpack/plugins/cloud/serializers/task.py:42 +#: xpack/plugins/cloud/models.py:107 xpack/plugins/cloud/serializers/task.py:42 msgid "Protocols" msgstr "协议组" @@ -607,7 +608,7 @@ msgstr "标签管理" #: orgs/models.py:219 perms/models/base.py:91 users/models/user.py:706 #: users/serializers/group.py:33 #: xpack/plugins/change_auth_plan/models/base.py:48 -#: xpack/plugins/cloud/models.py:121 xpack/plugins/gathered_user/models.py:30 +#: xpack/plugins/cloud/models.py:122 xpack/plugins/gathered_user/models.py:30 msgid "Created by" msgstr "创建者" @@ -711,7 +712,7 @@ msgstr "触发模式" #: xpack/plugins/change_auth_plan/models/base.py:201 #: xpack/plugins/change_auth_plan/serializers/app.py:66 #: xpack/plugins/change_auth_plan/serializers/asset.py:179 -#: xpack/plugins/cloud/models.py:178 +#: xpack/plugins/cloud/models.py:179 msgid "Reason" msgstr "原因" @@ -729,6 +730,7 @@ msgid "Account backup execution" msgstr "账号备份执行" #: assets/models/base.py:30 assets/tasks/const.py:51 audits/const.py:5 +#: common/utils/ip/geoip/utils.py:41 common/utils/ip/utils.py:78 msgid "Unknown" msgstr "未知" @@ -949,7 +951,7 @@ msgid "Parent key" msgstr "ssh私钥" #: assets/models/node.py:559 assets/serializers/system_user.py:263 -#: xpack/plugins/cloud/models.py:95 xpack/plugins/cloud/serializers/task.py:69 +#: xpack/plugins/cloud/models.py:96 xpack/plugins/cloud/serializers/task.py:69 msgid "Node" msgstr "节点" @@ -1479,8 +1481,8 @@ msgid "MFA" msgstr "MFA" #: audits/models.py:128 terminal/models/status.py:33 -#: tickets/models/ticket.py:140 xpack/plugins/cloud/models.py:174 -#: xpack/plugins/cloud/models.py:226 +#: tickets/models/ticket.py:140 xpack/plugins/cloud/models.py:175 +#: xpack/plugins/cloud/models.py:227 msgid "Status" msgstr "状态" @@ -1517,7 +1519,7 @@ msgid "Hosts display" msgstr "主机名称" #: audits/serializers.py:96 ops/models/command.py:27 -#: xpack/plugins/cloud/models.py:172 +#: xpack/plugins/cloud/models.py:173 msgid "Result" msgstr "结果" @@ -2079,7 +2081,7 @@ msgstr "绑定提醒" #: perms/serializers/application/permission.py:20 #: perms/serializers/application/permission.py:41 #: perms/serializers/asset/permission.py:19 -#: perms/serializers/asset/permission.py:45 users/serializers/user.py:141 +#: perms/serializers/asset/permission.py:45 users/serializers/user.py:143 msgid "Is valid" msgstr "账号是否有效" @@ -2607,18 +2609,15 @@ msgstr "验证码错误" msgid "Please wait {} seconds before sending" msgstr "请在 {} 秒后发送" -#: common/utils/geoip/utils.py:17 common/utils/geoip/utils.py:30 +#: common/utils/ip/geoip/utils.py:17 common/utils/ip/geoip/utils.py:30 +#: common/utils/ip/ipip/utils.py:15 msgid "Invalid ip" msgstr "无效IP" -#: common/utils/geoip/utils.py:28 +#: common/utils/ip/geoip/utils.py:28 msgid "LAN" msgstr "LAN" -#: common/utils/geoip/utils.py:35 common/utils/geoip/utils.py:45 -msgid "Unknown ip" -msgstr "未知ip" - #: common/validators.py:32 msgid "This field must be unique." msgstr "字段必须唯一" @@ -3027,8 +3026,8 @@ msgstr "组织 ({}) 的应用授权" #: perms/serializers/application/permission.py:21 #: perms/serializers/application/permission.py:40 #: perms/serializers/asset/permission.py:20 -#: perms/serializers/asset/permission.py:44 users/serializers/user.py:86 -#: users/serializers/user.py:143 +#: perms/serializers/asset/permission.py:44 users/serializers/user.py:87 +#: users/serializers/user.py:145 msgid "Is expired" msgstr "已过期" @@ -4905,7 +4904,7 @@ msgstr "桶名称" msgid "Secret key" msgstr "密钥" -#: terminal/serializers/storage.py:64 xpack/plugins/cloud/models.py:219 +#: terminal/serializers/storage.py:64 xpack/plugins/cloud/models.py:220 msgid "Region" msgstr "地域" @@ -5416,12 +5415,8 @@ msgid "Ticket approval" msgstr "工单审批" #: tickets/templates/tickets/approve_check_password.html:35 -msgid "Ticket direct approval" -msgstr "工单直接审批" - -#: tickets/templates/tickets/approve_check_password.html:39 -msgid "Ticket direct reject" -msgstr "工单直接拒绝" +msgid "Approval" +msgstr "同意" #: tickets/templates/tickets/approve_check_password.html:44 msgid "Go Login" @@ -5567,7 +5562,7 @@ msgstr "强制启用" msgid "Local" msgstr "数据库" -#: users/models/user.py:673 users/serializers/user.py:142 +#: users/models/user.py:673 users/serializers/user.py:144 msgid "Is service account" msgstr "服务账号" @@ -5666,101 +5661,101 @@ msgstr "新密码不能是最近 {} 次的密码" msgid "The newly set password is inconsistent" msgstr "两次密码不一致" -#: users/serializers/profile.py:147 users/serializers/user.py:140 +#: users/serializers/profile.py:147 users/serializers/user.py:142 msgid "Is first login" msgstr "首次登录" -#: users/serializers/user.py:25 users/serializers/user.py:32 +#: users/serializers/user.py:26 users/serializers/user.py:33 msgid "System roles" msgstr "系统角色" -#: users/serializers/user.py:30 users/serializers/user.py:33 +#: users/serializers/user.py:31 users/serializers/user.py:34 msgid "Org roles" msgstr "组织角色" -#: users/serializers/user.py:78 +#: users/serializers/user.py:79 #: xpack/plugins/change_auth_plan/models/base.py:35 #: xpack/plugins/change_auth_plan/serializers/base.py:22 msgid "Password strategy" msgstr "密码策略" -#: users/serializers/user.py:80 +#: users/serializers/user.py:81 msgid "MFA enabled" msgstr "MFA" -#: users/serializers/user.py:81 +#: users/serializers/user.py:82 msgid "MFA force enabled" msgstr "强制 MFA" -#: users/serializers/user.py:83 +#: users/serializers/user.py:84 msgid "MFA level display" msgstr "MFA 等级名称" -#: users/serializers/user.py:85 +#: users/serializers/user.py:86 msgid "Login blocked" msgstr "登录被阻塞" -#: users/serializers/user.py:88 +#: users/serializers/user.py:89 msgid "Can public key authentication" msgstr "能否公钥认证" -#: users/serializers/user.py:144 +#: users/serializers/user.py:146 msgid "Avatar url" msgstr "头像路径" -#: users/serializers/user.py:146 +#: users/serializers/user.py:148 msgid "Groups name" msgstr "用户组名" -#: users/serializers/user.py:147 +#: users/serializers/user.py:149 msgid "Source name" msgstr "用户来源名" -#: users/serializers/user.py:148 +#: users/serializers/user.py:150 msgid "Organization role name" msgstr "组织角色名称" -#: users/serializers/user.py:149 +#: users/serializers/user.py:151 msgid "Super role name" msgstr "超级角色名称" -#: users/serializers/user.py:150 +#: users/serializers/user.py:152 msgid "Total role name" msgstr "汇总角色名称" -#: users/serializers/user.py:152 +#: users/serializers/user.py:154 msgid "Is wecom bound" msgstr "是否绑定了企业微信" -#: users/serializers/user.py:153 +#: users/serializers/user.py:155 msgid "Is dingtalk bound" msgstr "是否绑定了钉钉" -#: users/serializers/user.py:154 +#: users/serializers/user.py:156 msgid "Is feishu bound" msgstr "是否绑定了飞书" -#: users/serializers/user.py:155 +#: users/serializers/user.py:157 msgid "Is OTP bound" msgstr "是否绑定了虚拟 MFA" -#: users/serializers/user.py:157 +#: users/serializers/user.py:159 msgid "System role name" msgstr "系统角色名称" -#: users/serializers/user.py:197 +#: users/serializers/user.py:199 msgid "User cannot self-update fields: {}" msgstr "用户不能更新自己的字段: {}" -#: users/serializers/user.py:254 +#: users/serializers/user.py:256 msgid "Select users" msgstr "选择用户" -#: users/serializers/user.py:255 +#: users/serializers/user.py:257 msgid "For security, only list several users" msgstr "为了安全,仅列出几个用户" -#: users/serializers/user.py:290 +#: users/serializers/user.py:292 msgid "name not unique" msgstr "名称重复" @@ -6280,79 +6275,79 @@ msgstr "已释放" msgid "Cloud center" msgstr "云管中心" -#: xpack/plugins/cloud/models.py:29 +#: xpack/plugins/cloud/models.py:30 msgid "Provider" msgstr "云服务商" -#: xpack/plugins/cloud/models.py:33 +#: xpack/plugins/cloud/models.py:34 msgid "Validity" msgstr "有效" -#: xpack/plugins/cloud/models.py:38 +#: xpack/plugins/cloud/models.py:39 msgid "Cloud account" msgstr "云账号" -#: xpack/plugins/cloud/models.py:40 +#: xpack/plugins/cloud/models.py:41 msgid "Test cloud account" msgstr "测试云账号" -#: xpack/plugins/cloud/models.py:84 xpack/plugins/cloud/serializers/task.py:66 +#: xpack/plugins/cloud/models.py:85 xpack/plugins/cloud/serializers/task.py:66 msgid "Account" msgstr "账号" -#: xpack/plugins/cloud/models.py:87 xpack/plugins/cloud/serializers/task.py:37 +#: xpack/plugins/cloud/models.py:88 xpack/plugins/cloud/serializers/task.py:37 msgid "Regions" msgstr "地域" -#: xpack/plugins/cloud/models.py:90 +#: xpack/plugins/cloud/models.py:91 msgid "Hostname strategy" msgstr "主机名策略" -#: xpack/plugins/cloud/models.py:99 xpack/plugins/cloud/serializers/task.py:67 +#: xpack/plugins/cloud/models.py:100 xpack/plugins/cloud/serializers/task.py:67 msgid "Unix admin user" msgstr "Unix 管理员" -#: xpack/plugins/cloud/models.py:103 xpack/plugins/cloud/serializers/task.py:68 +#: xpack/plugins/cloud/models.py:104 xpack/plugins/cloud/serializers/task.py:68 msgid "Windows admin user" msgstr "Windows 管理员" -#: xpack/plugins/cloud/models.py:109 xpack/plugins/cloud/serializers/task.py:45 +#: xpack/plugins/cloud/models.py:110 xpack/plugins/cloud/serializers/task.py:45 msgid "IP network segment group" msgstr "IP网段组" -#: xpack/plugins/cloud/models.py:112 xpack/plugins/cloud/serializers/task.py:71 +#: xpack/plugins/cloud/models.py:113 xpack/plugins/cloud/serializers/task.py:71 msgid "Always update" msgstr "总是更新" -#: xpack/plugins/cloud/models.py:118 +#: xpack/plugins/cloud/models.py:119 msgid "Date last sync" msgstr "最后同步日期" -#: xpack/plugins/cloud/models.py:129 xpack/plugins/cloud/models.py:170 +#: xpack/plugins/cloud/models.py:130 xpack/plugins/cloud/models.py:171 msgid "Sync instance task" msgstr "同步实例任务" -#: xpack/plugins/cloud/models.py:181 xpack/plugins/cloud/models.py:229 +#: xpack/plugins/cloud/models.py:182 xpack/plugins/cloud/models.py:230 msgid "Date sync" msgstr "同步日期" -#: xpack/plugins/cloud/models.py:185 +#: xpack/plugins/cloud/models.py:186 msgid "Sync instance task execution" msgstr "同步实例任务执行" -#: xpack/plugins/cloud/models.py:209 +#: xpack/plugins/cloud/models.py:210 msgid "Sync task" msgstr "同步任务" -#: xpack/plugins/cloud/models.py:213 +#: xpack/plugins/cloud/models.py:214 msgid "Sync instance task history" msgstr "同步实例任务历史" -#: xpack/plugins/cloud/models.py:216 +#: xpack/plugins/cloud/models.py:217 msgid "Instance" msgstr "实例" -#: xpack/plugins/cloud/models.py:233 +#: xpack/plugins/cloud/models.py:234 msgid "Sync instance detail" msgstr "同步实例详情" @@ -6713,6 +6708,9 @@ msgstr "旗舰版" msgid "Community edition" msgstr "社区版" +#~ msgid "Unknown ip" +#~ msgstr "未知ip" + #~ msgid "" #~ "Windows needs to download the client to connect SSH assets, and the MacOS " #~ "system uses its own terminal" diff --git a/apps/orgs/signal_handlers/cache.py b/apps/orgs/signal_handlers/cache.py index 546d11311..9de31bbb0 100644 --- a/apps/orgs/signal_handlers/cache.py +++ b/apps/orgs/signal_handlers/cache.py @@ -9,7 +9,7 @@ from users.models import UserGroup, User from users.signals import pre_user_leave_org from applications.models import Application from terminal.models import Session -from rbac.models import OrgRoleBinding, SystemRoleBinding +from rbac.models import OrgRoleBinding, SystemRoleBinding, RoleBinding from assets.models import Asset, SystemUser, Domain, Gateway from orgs.caches import OrgResourceStatisticsCache from orgs.utils import current_org @@ -85,6 +85,7 @@ class OrgResourceStatisticsRefreshUtil: Node: ['nodes_amount'], Asset: ['assets_amount'], UserGroup: ['groups_amount'], + RoleBinding: ['users_amount'] } @classmethod diff --git a/apps/settings/serializers/auth/ldap.py b/apps/settings/serializers/auth/ldap.py index 2278925c1..2f2d710c9 100644 --- a/apps/settings/serializers/auth/ldap.py +++ b/apps/settings/serializers/auth/ldap.py @@ -22,7 +22,7 @@ class LDAPTestConfigSerializer(serializers.Serializer): class LDAPTestLoginSerializer(serializers.Serializer): username = serializers.CharField(max_length=1024, required=True) - password = EncryptedField(max_length=2014, required=True) + password = EncryptedField(max_length=2014, required=True, label=_("Password")) class LDAPUserSerializer(serializers.Serializer): diff --git a/apps/settings/serializers/public.py b/apps/settings/serializers/public.py index 877230489..afc4fbec2 100644 --- a/apps/settings/serializers/public.py +++ b/apps/settings/serializers/public.py @@ -40,4 +40,4 @@ class PrivateSettingSerializer(PublicSettingSerializer): TERMINAL_KOKO_SSH_ENABLED = serializers.BooleanField() ANNOUNCEMENT_ENABLED = serializers.BooleanField() - ANNOUNCEMENT = serializers.CharField() + ANNOUNCEMENT = serializers.DictField() diff --git a/apps/tickets/templates/tickets/approve_check_password.html b/apps/tickets/templates/tickets/approve_check_password.html index 3e9d9afeb..d75e9f956 100644 --- a/apps/tickets/templates/tickets/approve_check_password.html +++ b/apps/tickets/templates/tickets/approve_check_password.html @@ -32,11 +32,11 @@ {% if user.is_authenticated %} {% else %}