github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: Password reset is only required for AUTH_BACKEND_MODEL

v3.10.15-lts
wangruidong 2024-10-23 10:53:29 +08:00 committed by Bryan
parent 0918f5c6f6
commit 6686afcec1
2 changed files with 25 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
apps/authentication/mixins.py
View File

@ -319,20 +319,26 @@ class AuthPostCheckMixin:
@classmethod @classmethod
def _check_passwd_is_too_simple(cls, user: User, password): def _check_passwd_is_too_simple(cls, user: User, password):
if user.is_superuser and password == 'admin': if not user.is_auth_backend_model():
return
if user.check_passwd_too_simple(password):
message = _('Your password is too simple, please change it for security') message = _('Your password is too simple, please change it for security')
url = cls.generate_reset_password_url_with_flash_msg(user, message=message) url = cls.generate_reset_password_url_with_flash_msg(user, message=message)
raise errors.PasswordTooSimple(url) raise errors.PasswordTooSimple(url)
@classmethod @classmethod
def _check_passwd_need_update(cls, user: User): def _check_passwd_need_update(cls, user: User):
if user.need_update_password: if not user.is_auth_backend_model():
return
if user.check_need_update_password():
message = _('You should to change your password before login') message = _('You should to change your password before login')
url = cls.generate_reset_password_url_with_flash_msg(user, message) url = cls.generate_reset_password_url_with_flash_msg(user, message)
raise errors.PasswordNeedUpdate(url) raise errors.PasswordNeedUpdate(url)
@classmethod @classmethod
def _check_password_require_reset_or_not(cls, user: User): def _check_password_require_reset_or_not(cls, user: User):
if not user.is_auth_backend_model():
return
if user.password_has_expired: if user.password_has_expired:
message = _('Your password has expired, please reset before logging in') message = _('Your password has expired, please reset before logging in')
url = cls.generate_reset_password_url_with_flash_msg(user, message) url = cls.generate_reset_password_url_with_flash_msg(user, message)

18
apps/users/models/user.py
View File

@ -69,7 +69,7 @@ class AuthMixin:
if self.username: if self.username:
self.date_password_last_updated = timezone.now() self.date_password_last_updated = timezone.now()
post_user_change_password.send(self.__class__, user=self) post_user_change_password.send(self.__class__, user=self)
super().set_password(raw_password) # noqa super().set_password(raw_password) # noqa
def set_public_key(self, public_key): def set_public_key(self, public_key):
if self.can_update_ssh_key(): if self.can_update_ssh_key():
@ -160,6 +160,22 @@ class AuthMixin:
return True return True
return False return False
def check_need_update_password(self):
if self.is_local and self.need_update_password:
return True
return False
@staticmethod
def check_passwd_too_simple(password):
simple_passwords = ['admin', 'ChangeMe']
if password in simple_passwords:
return True
return False
def is_auth_backend_model(self):
backend = getattr(self, 'backend', None)
return backend == settings.AUTH_BACKEND_MODEL
@staticmethod @staticmethod
def get_public_key_md5(key): def get_public_key_md5(key):
try: try: