From 7c149fe91b8d78698be2b12537d060b8913f9a53 Mon Sep 17 00:00:00 2001
From: Michael Bai <baijiangjie@gmail.com>
Date: Mon, 25 Oct 2021 16:23:53 +0800
Subject: [PATCH 01/12] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E7=B3=BB?=
 =?UTF-8?q?=E7=BB=9F=E7=94=A8=E6=88=B7applications=5Famount=E5=AD=97?=
 =?UTF-8?q?=E6=AE=B5=E5=8F=AA=E8=AF=BB?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/assets/serializers/system_user.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/apps/assets/serializers/system_user.py b/apps/assets/serializers/system_user.py
index 85968ca25..b662d062c 100644
--- a/apps/assets/serializers/system_user.py
+++ b/apps/assets/serializers/system_user.py
@@ -26,7 +26,9 @@ class SystemUserSerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer):
     auto_generate_key = serializers.BooleanField(initial=True, required=False, write_only=True)
     type_display = serializers.ReadOnlyField(source='get_type_display', label=_('Type display'))
     ssh_key_fingerprint = serializers.ReadOnlyField(label=_('SSH key fingerprint'))
-    applications_amount = serializers.IntegerField(source='apps_amount', label=_('Apps amount'))
+    applications_amount = serializers.IntegerField(
+        source='apps_amount', read_only=True, label=_('Apps amount')
+    )
 
     class Meta:
         model = SystemUser

From f88e5de3c196fd0e8e9bc73a88e31c6ecfde909a Mon Sep 17 00:00:00 2001
From: fit2bot <68588906+fit2bot@users.noreply.github.com>
Date: Tue, 26 Oct 2021 10:52:23 +0800
Subject: [PATCH 02/12] =?UTF-8?q?perf:=20=E4=BC=98=E5=8C=96=E7=94=A8?=
 =?UTF-8?q?=E6=88=B7=E5=88=9B=E5=BB=BA=E9=82=AE=E4=BB=B6=20(#7072)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* perf: 优化通知中的连接点击

* perf: 优化用户创建邮件

* perf: 优化时间日期

Co-authored-by: ibuler <ibuler@qq.com>
---
 apps/common/utils/timezone.py                 |   2 +-
 apps/jumpserver/conf.py                       |   6 +
 apps/locale/zh/LC_MESSAGES/django.mo          |   4 +-
 apps/locale/zh/LC_MESSAGES/django.po          | 134 +++++++++---------
 apps/users/notifications.py                   |  13 +-
 .../templates/users/_msg_user_created.html    |  10 +-
 apps/users/utils.py                           |   2 +-
 7 files changed, 87 insertions(+), 84 deletions(-)

diff --git a/apps/common/utils/timezone.py b/apps/common/utils/timezone.py
index 6848e7428..c38fcdc92 100644
--- a/apps/common/utils/timezone.py
+++ b/apps/common/utils/timezone.py
@@ -25,7 +25,7 @@ def utc_now():
 
 
 def local_now():
-    return as_current_tz(utc_now())
+    return dj_timezone.localtime(dj_timezone.now())
 
 
 def local_now_display(fmt='%Y-%m-%d %H:%M:%S'):
diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py
index 9cc3284a2..b525dff3c 100644
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -18,6 +18,7 @@ import copy
 from importlib import import_module
 from django.urls import reverse_lazy
 from urllib.parse import urljoin, urlparse
+from django.utils.translation import ugettext_lazy as _
 
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 PROJECT_DIR = os.path.dirname(BASE_DIR)
@@ -263,6 +264,11 @@ class Config(dict):
         'TENCENT_VERIFY_SIGN_NAME': '',
         'TENCENT_VERIFY_TEMPLATE_CODE': '',
 
+        # Email
+        'EMAIL_CUSTOM_USER_CREATED_SUBJECT': _('Create account successfully'),
+        'EMAIL_CUSTOM_USER_CREATED_HONORIFIC': _('Hello'),
+        'EMAIL_CUSTOM_USER_CREATED_BODY': _('Your account has been created successfully'),
+
         'OTP_VALID_WINDOW': 2,
         'OTP_ISSUER_NAME': 'JumpServer',
         'EMAIL_SUFFIX': 'example.com',
diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo
index dac4a4b09..aa4a2071d 100644
--- a/apps/locale/zh/LC_MESSAGES/django.mo
+++ b/apps/locale/zh/LC_MESSAGES/django.mo
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:55a2062981ea7eef4ca28142f325f52e15cb7679ad0a2600234a5bdb6d005c87
-size 89996
+oid sha256:cc8a022ddc7438e50aa0cdb4ce24eec327638143731dbe0ed0ad783df06ecbaf
+size 89882
diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po
index 5dcdd8488..1649f5247 100644
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: JumpServer 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2021-10-25 14:56+0800\n"
+"POT-Creation-Date: 2021-10-25 16:48+0800\n"
 "PO-Revision-Date: 2021-05-20 10:54+0800\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: JumpServer team<ibuler@qq.com>\n"
@@ -123,7 +123,7 @@ msgstr "系统用户"
 #: acls/models/login_asset_acl.py:22
 #: applications/serializers/attrs/application_category/remote_app.py:37
 #: assets/models/asset.py:357 assets/models/authbook.py:18
-#: assets/models/gathered_user.py:14 assets/serializers/system_user.py:231
+#: assets/models/gathered_user.py:14 assets/serializers/system_user.py:230
 #: audits/models.py:38 perms/models/asset_permission.py:99
 #: templates/index.html:82 terminal/backends/command/models.py:19
 #: terminal/backends/command/serializers.py:13 terminal/models/session.py:40
@@ -747,7 +747,7 @@ msgstr "全称"
 msgid "Parent key"
 msgstr "ssh私钥"
 
-#: assets/models/node.py:559 assets/serializers/system_user.py:230
+#: assets/models/node.py:559 assets/serializers/system_user.py:229
 #: users/templates/users/user_asset_permission.html:41
 #: users/templates/users/user_asset_permission.html:73
 #: users/templates/users/user_asset_permission.html:158
@@ -848,7 +848,7 @@ msgstr "节点名称"
 msgid "Hardware info"
 msgstr "硬件信息"
 
-#: assets/serializers/asset.py:104 assets/serializers/system_user.py:249
+#: assets/serializers/asset.py:104 assets/serializers/system_user.py:248
 #: orgs/mixins/serializers.py:26
 msgid "Org name"
 msgstr "组织名称"
@@ -862,7 +862,7 @@ msgid "private key invalid"
 msgstr "密钥不合法"
 
 #: assets/serializers/domain.py:13 assets/serializers/label.py:12
-#: assets/serializers/system_user.py:54
+#: assets/serializers/system_user.py:53
 #: perms/serializers/asset/permission.py:72
 msgid "Assets amount"
 msgstr "资产数量"
@@ -892,52 +892,48 @@ msgstr "同级别节点名字不能重复"
 msgid "SSH key fingerprint"
 msgstr "密钥指纹"
 
-#: assets/serializers/system_user.py:29
-msgid "Apps amount"
-msgstr "应用数量"
-
-#: assets/serializers/system_user.py:53
+#: assets/serializers/system_user.py:52
 #: perms/serializers/asset/permission.py:73
 msgid "Nodes amount"
 msgstr "节点数量"
 
-#: assets/serializers/system_user.py:55 assets/serializers/system_user.py:232
+#: assets/serializers/system_user.py:54 assets/serializers/system_user.py:231
 msgid "Login mode display"
 msgstr "认证方式名称"
 
-#: assets/serializers/system_user.py:57
+#: assets/serializers/system_user.py:56
 msgid "Ad domain"
 msgstr "Ad 网域"
 
-#: assets/serializers/system_user.py:58
+#: assets/serializers/system_user.py:57
 msgid "Is asset protocol"
 msgstr ""
 
-#: assets/serializers/system_user.py:98
+#: assets/serializers/system_user.py:97
 msgid "Username same with user with protocol {} only allow 1"
 msgstr "用户名和用户相同的一种协议只允许存在一个"
 
-#: assets/serializers/system_user.py:108 common/validators.py:14
+#: assets/serializers/system_user.py:107 common/validators.py:14
 msgid "Special char not allowed"
 msgstr "不能包含特殊字符"
 
-#: assets/serializers/system_user.py:117
+#: assets/serializers/system_user.py:116
 msgid "* Automatic login mode must fill in the username."
 msgstr "自动登录模式，必须填写用户名"
 
-#: assets/serializers/system_user.py:132
+#: assets/serializers/system_user.py:131
 msgid "Path should starts with /"
 msgstr "路径应该以 / 开头"
 
-#: assets/serializers/system_user.py:144
+#: assets/serializers/system_user.py:143
 msgid "Password or private key required"
 msgstr "密码或密钥密码需要一个"
 
-#: assets/serializers/system_user.py:248
+#: assets/serializers/system_user.py:247
 msgid "System user name"
 msgstr "系统用户名称"
 
-#: assets/serializers/system_user.py:258
+#: assets/serializers/system_user.py:257
 msgid "Asset hostname"
 msgstr "资产主机名"
 
@@ -1629,35 +1625,35 @@ msgstr "等待登录复核处理"
 msgid "Login confirm ticket was {}"
 msgstr "登录复核 {}"
 
-#: authentication/errors.py:265
+#: authentication/errors.py:261
 msgid "IP is not allowed"
 msgstr "来源 IP 不被允许登录"
 
-#: authentication/errors.py:272
+#: authentication/errors.py:268
 msgid "Time Period is not allowed"
 msgstr "该 时间段 不被允许登录"
 
-#: authentication/errors.py:305
+#: authentication/errors.py:301
 msgid "SSO auth closed"
 msgstr "SSO 认证关闭了"
 
-#: authentication/errors.py:310 authentication/mixins.py:340
+#: authentication/errors.py:306 authentication/mixins.py:340
 msgid "Your password is too simple, please change it for security"
 msgstr "你的密码过于简单，为了安全，请修改"
 
-#: authentication/errors.py:319 authentication/mixins.py:347
+#: authentication/errors.py:315 authentication/mixins.py:347
 msgid "You should to change your password before login"
 msgstr "登录完成前，请先修改密码"
 
-#: authentication/errors.py:328 authentication/mixins.py:354
+#: authentication/errors.py:324 authentication/mixins.py:354
 msgid "Your password has expired, please reset before logging in"
 msgstr "您的密码已过期，先修改再登录"
 
-#: authentication/errors.py:362
+#: authentication/errors.py:358
 msgid "Your password is invalid"
 msgstr "您的密码无效"
 
-#: authentication/errors.py:368
+#: authentication/errors.py:364
 msgid "No upload or download permission"
 msgstr "没有上传下载权限"
 
@@ -1796,6 +1792,7 @@ msgstr "代码错误"
 #: authentication/templates/authentication/_msg_different_city.html:3
 #: authentication/templates/authentication/_msg_reset_password.html:3
 #: authentication/templates/authentication/_msg_rest_password_success.html:2
+#: jumpserver/conf.py:269
 #: perms/templates/perms/_msg_item_permissions_expire.html:3
 #: perms/templates/perms/_msg_permed_items_expire.html:3
 #: users/templates/users/_msg_account_expire_reminder.html:4
@@ -2207,6 +2204,15 @@ msgstr "不能包含特殊字符"
 msgid "The mobile phone number format is incorrect"
 msgstr "手机号格式不正确"
 
+#: jumpserver/conf.py:268 settings/serializers/email.py:51
+msgid "Create account successfully"
+msgstr "创建账户成功"
+
+#: jumpserver/conf.py:270 settings/serializers/email.py:63
+#: users/templates/users/_msg_user_created.html:8
+msgid "Your account has been created successfully"
+msgstr "你的账户已创建成功"
+
 #: jumpserver/context_processor.py:17
 msgid "JumpServer Open Source Bastion Host"
 msgstr "JumpServer 开源堡垒机"
@@ -2247,7 +2253,7 @@ msgstr "邮件"
 msgid "Site message"
 msgstr "站内信"
 
-#: notifications/notifications.py:172 ops/models/adhoc.py:246
+#: notifications/notifications.py:170 ops/models/adhoc.py:246
 #: xpack/plugins/change_auth_plan/models/base.py:108
 #: xpack/plugins/change_auth_plan/models/base.py:190
 #: xpack/plugins/gathered_user/models.py:79
@@ -2921,7 +2927,7 @@ msgid "SMS provider"
 msgstr "短信服务商"
 
 #: settings/serializers/auth/sms.py:17 settings/serializers/auth/sms.py:35
-#: settings/serializers/auth/sms.py:43 settings/serializers/email.py:63
+#: settings/serializers/auth/sms.py:43
 msgid "Signature"
 msgstr "签名"
 
@@ -3098,26 +3104,27 @@ msgid ""
 "successfully)"
 msgstr "提示: 创建用户时，发送设置密码邮件的主题 (例如: 创建用户成功)"
 
-#: settings/serializers/email.py:54
-msgid "Create user honorific"
-msgstr "邮件的敬语"
-
 #: settings/serializers/email.py:55
+msgid "Create user honorific"
+msgstr "邮件问候语"
+
+#: settings/serializers/email.py:56
+#, python-brace-format
+msgid "Hello {name}"
+msgstr "你好 {name}"
+
+#: settings/serializers/email.py:57
 msgid "Tips: When creating a user, send the honorific of the email (eg:Hello)"
 msgstr "提示: 创建用户时，发送设置密码邮件的敬语 (例如: 你好)"
 
-#: settings/serializers/email.py:59
+#: settings/serializers/email.py:61
 msgid "Create user email content"
 msgstr "邮件的内容"
 
-#: settings/serializers/email.py:60
+#: settings/serializers/email.py:62
 msgid "Tips:When creating a user, send the content of the email"
 msgstr "提示: 创建用户时，发送设置密码邮件的内容"
 
-#: settings/serializers/email.py:64
-msgid "Tips: Email signature (eg:jumpserver)"
-msgstr "邮件署名 (如:jumpserver)"
-
 #: settings/serializers/other.py:7
 msgid "Email suffix"
 msgstr "邮件后缀"
@@ -4466,35 +4473,35 @@ msgid ""
 msgstr ""
 "通过工单创建, 工单标题: {}, 工单申请人: {}, 工单处理人: {}, 工单 ID: {}"
 
-#: tickets/handler/base.py:88
+#: tickets/handler/base.py:86
 msgid "{} {} the ticket"
 msgstr "{} {} 工单"
 
-#: tickets/handler/base.py:116
+#: tickets/handler/base.py:114
 msgid "Ticket title"
 msgstr "工单标题"
 
-#: tickets/handler/base.py:117
+#: tickets/handler/base.py:115
 msgid "Ticket type"
 msgstr "工单类型"
 
-#: tickets/handler/base.py:118
+#: tickets/handler/base.py:116
 msgid "Ticket status"
 msgstr "工单状态"
 
-#: tickets/handler/base.py:119
+#: tickets/handler/base.py:117
 msgid "Ticket applicant"
 msgstr "工单申请人"
 
-#: tickets/handler/base.py:121
+#: tickets/handler/base.py:119
 msgid "Ticket basic info"
 msgstr "工单基本信息"
 
-#: tickets/handler/base.py:132
+#: tickets/handler/base.py:130
 msgid "No content"
 msgstr "无内容"
 
-#: tickets/handler/base.py:134
+#: tickets/handler/base.py:132
 msgid "Ticket applied info"
 msgstr "工单申请信息"
 
@@ -4908,38 +4915,30 @@ msgstr "管理员"
 msgid "Administrator is the super user of system"
 msgstr "Administrator是初始的超级管理员"
 
-#: users/notifications.py:15
-msgid "Create account successfully"
-msgstr "创建账户成功"
-
-#: users/notifications.py:19
-msgid "Hello {}"
-msgstr "你好"
-
-#: users/notifications.py:51
+#: users/notifications.py:56
 #: users/templates/users/_msg_password_expire_reminder.html:17
 #: users/templates/users/reset_password.html:5
 #: users/templates/users/reset_password.html:6
 msgid "Reset password"
 msgstr "重置密码"
 
-#: users/notifications.py:81 users/views/profile/reset.py:127
+#: users/notifications.py:86 users/views/profile/reset.py:127
 msgid "Reset password success"
 msgstr "重置密码成功"
 
-#: users/notifications.py:107
+#: users/notifications.py:112
 msgid "Password is about expire"
 msgstr "密码即将过期"
 
-#: users/notifications.py:135
+#: users/notifications.py:140
 msgid "Account is about expire"
 msgstr "账号即将过期"
 
-#: users/notifications.py:157
+#: users/notifications.py:162
 msgid "Reset SSH Key"
 msgstr "重置 SSH 密钥"
 
-#: users/notifications.py:178
+#: users/notifications.py:183
 msgid "Reset MFA"
 msgstr "重置 MFA"
 
@@ -5109,10 +5108,6 @@ msgstr "点击这里设置"
 msgid "Your ssh public key has been reset by site administrator"
 msgstr "你的 SSH 密钥已经被管理员重置"
 
-#: users/templates/users/_msg_user_created.html:8
-msgid "Your account has been created successfully"
-msgstr "您的账户已创建成功"
-
 #: users/templates/users/_msg_user_created.html:13
 msgid "click here to set your password"
 msgstr "点击这里设置密码"
@@ -5368,8 +5363,8 @@ msgstr "* 新密码不能是最近 {} 次的密码"
 msgid "Reset password success, return to login page"
 msgstr "重置密码成功，返回到登录页面"
 
-#: xpack/plugins/change_auth_plan/api/app.py:114
-#: xpack/plugins/change_auth_plan/api/asset.py:101
+#: xpack/plugins/change_auth_plan/api/app.py:113
+#: xpack/plugins/change_auth_plan/api/asset.py:100
 msgid "The parameter 'action' must be [{}]"
 msgstr "参数 'action' 必须是 [{}]"
 
@@ -5954,6 +5949,9 @@ msgstr "旗舰版"
 msgid "Community edition"
 msgstr "社区版"
 
+#~ msgid "Tips: Email signature (eg:jumpserver)"
+#~ msgstr "邮件署名 (如:jumpserver)"
+
 #~ msgid "Login direct"
 #~ msgstr "直接登录"
 
diff --git a/apps/users/notifications.py b/apps/users/notifications.py
index 83ab9c532..c97a5d690 100644
--- a/apps/users/notifications.py
+++ b/apps/users/notifications.py
@@ -12,21 +12,18 @@ from notifications.notifications import UserMessage
 class UserCreatedMsg(UserMessage):
     def get_html_msg(self) -> dict:
         user = self.user
-        subject = _('Create account successfully')
-        if settings.EMAIL_CUSTOM_USER_CREATED_SUBJECT:
-            subject = settings.EMAIL_CUSTOM_USER_CREATED_SUBJECT
 
-        honorific = settings.EMAIL_CUSTOM_USER_CREATED_HONORIFIC or _('Hello {}').format(user.name)
-        signature = settings.EMAIL_CUSTOM_USER_CREATED_SIGNATURE or 'JumpServer'
+        subject = str(settings.EMAIL_CUSTOM_USER_CREATED_SUBJECT)
+        honorific = str(settings.EMAIL_CUSTOM_USER_CREATED_HONORIFIC)
+        content = str(settings.EMAIL_CUSTOM_USER_CREATED_BODY)
 
         context = {
             'honorific': honorific,
-            'signature':  signature,
-            'username': user.username,
+            'content': content,
+            'user': user,
             'rest_password_url': reverse('authentication:reset-password', external=True),
             'rest_password_token': user.generate_reset_token(),
             'forget_password_url': reverse('authentication:forgot-password', external=True),
-            'email': user.email,
             'login_url': reverse('authentication:login', external=True),
         }
         message = render_to_string('users/_msg_user_created.html', context)
diff --git a/apps/users/templates/users/_msg_user_created.html b/apps/users/templates/users/_msg_user_created.html
index c0515e9f6..678ca237f 100644
--- a/apps/users/templates/users/_msg_user_created.html
+++ b/apps/users/templates/users/_msg_user_created.html
@@ -1,13 +1,15 @@
 {% load i18n %}
 
 <p>
-    {{ honorific }}:
+    {{ honorific }} {{ user }},
 </p>
 
 <div>
-    <p>{% trans 'Your account has been created successfully' %}</p>
     <p>
-        {% trans 'Username' %}: {{ username }} <br />
+        {{ content }}
+    </p>
+    <p>
+        {% trans 'Username' %}: {{ user.username }} <br />
         {% trans 'Password' %}:
         <a href="{{ rest_password_url}}?token={{ rest_password_token }}">
             {% trans 'click here to set your password' %}
@@ -15,6 +17,6 @@
     </p>
     <p>
           {% trans 'This link is valid for 1 hour. After it expires' %}
-          <a href="{{ forget_password_url }}?email={{ email }}">{% trans 'request new one' %}</a>
+          <a href="{{ forget_password_url }}?email={{ user.email }}">{% trans 'request new one' %}</a>
     </p>
 </div>
diff --git a/apps/users/utils.py b/apps/users/utils.py
index 8be6a4928..cadbe6790 100644
--- a/apps/users/utils.py
+++ b/apps/users/utils.py
@@ -22,7 +22,7 @@ def send_user_created_mail(user):
     from .notifications import UserCreatedMsg
 
     recipient_list = [user.email]
-    msg = UserCreatedMsg.html_msg
+    msg = UserCreatedMsg(user).html_msg
     subject = msg['subject']
     message = msg['message']
 

From 380226a7d2349919e411fe51436662dd8634305f Mon Sep 17 00:00:00 2001
From: feng626 <1304903146@qq.com>
Date: Mon, 25 Oct 2021 16:39:03 +0800
Subject: [PATCH 03/12] =?UTF-8?q?fix:=20=E7=94=A8=E6=88=B7=E7=99=BB?=
 =?UTF-8?q?=E9=99=86mfa=20code=E4=B8=BA=E7=A9=BA=E9=99=90=E5=88=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/authentication/errors.py      | 12 +++++++++++-
 apps/authentication/mixins.py      | 12 ++++++++++--
 apps/authentication/views/login.py | 11 ++++++-----
 3 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/apps/authentication/errors.py b/apps/authentication/errors.py
index a1c7dd427..8a6f219bd 100644
--- a/apps/authentication/errors.py
+++ b/apps/authentication/errors.py
@@ -372,9 +372,19 @@ class NotEnableMFAError(JMSException):
     default_detail = mfa_unset_msg
 
 
-class OTPRequiredError(JMSException):
+class OTPBindRequiredError(JMSException):
     default_detail = otp_unset_msg
 
     def __init__(self, url, *args, **kwargs):
         super().__init__(*args, **kwargs)
         self.url = url
+
+
+class OTPCodeRequiredError(AuthFailedError):
+    msg = _("Please enter MFA code")
+
+class SMSCodeRequiredError(AuthFailedError):
+    msg = _("Please enter SMS code")
+
+class UserPhoneNotSet(AuthFailedError):
+    msg = _('Phone not set')
diff --git a/apps/authentication/mixins.py b/apps/authentication/mixins.py
index 5a3fc4bbc..d07cfb0d7 100644
--- a/apps/authentication/mixins.py
+++ b/apps/authentication/mixins.py
@@ -242,7 +242,12 @@ class AuthMixin(PasswordEncryptionViewMixin):
             data = request.POST
         code = data.get('code')
         mfa_type = data.get('mfa_type')
-        if settings.SECURITY_MFA_IN_LOGIN_PAGE and code and mfa_type:
+        if settings.SECURITY_MFA_IN_LOGIN_PAGE and mfa_type:
+            if not code:
+                if mfa_type ==  MFAType.OTP and bool(user.otp_secret_key):
+                    raise errors.OTPCodeRequiredError
+                elif mfa_type ==  MFAType.SMS_CODE:
+                    raise errors.SMSCodeRequiredError
             self.check_user_mfa(code, mfa_type, user=user)
 
     def _check_login_acl(self, user, ip):
@@ -405,9 +410,12 @@ class AuthMixin(PasswordEncryptionViewMixin):
         if not user.mfa_enabled:
             return
 
+        if not bool(user.phone) and mfa_type == MFAType.SMS_CODE:
+            raise errors.UserPhoneNotSet
+
         if not bool(user.otp_secret_key) and mfa_type == MFAType.OTP:
             self.set_passwd_verify_on_session(user)
-            raise errors.OTPRequiredError(reverse_lazy('authentication:user-otp-enable-bind'))
+            raise errors.OTPBindRequiredError(reverse_lazy('authentication:user-otp-enable-bind'))
 
         ip = self.get_request_ip()
         self.check_mfa_is_block(user.username, ip)
diff --git a/apps/authentication/views/login.py b/apps/authentication/views/login.py
index c39f9b7ec..ab86f2a0b 100644
--- a/apps/authentication/views/login.py
+++ b/apps/authentication/views/login.py
@@ -124,18 +124,19 @@ class UserLoginView(mixins.AuthMixin, FormView):
         except (
                 errors.PasswdTooSimple,
                 errors.PasswordRequireResetError,
-                errors.PasswdNeedUpdate
+                errors.PasswdNeedUpdate,
+                errors.OTPBindRequiredError
         ) as e:
             return redirect(e.url)
         except (
-                errors.MFAUnsetError,
                 errors.MFAFailedError,
-                errors.BlockMFAError
+                errors.BlockMFAError,
+                errors.OTPCodeRequiredError,
+                errors.SMSCodeRequiredError,
+                errors.UserPhoneNotSet
         ) as e:
             form.add_error('code', e.msg)
             return super().form_invalid(form)
-        except errors.OTPRequiredError as e:
-            return redirect(e.url)
         self.clear_rsa_key()
         return self.redirect_to_guard_view()
 

From 3f72c020497fe0af9f43d21c2b87838b334f3a03 Mon Sep 17 00:00:00 2001
From: ibuler <ibuler@qq.com>
Date: Tue, 26 Oct 2021 11:48:49 +0800
Subject: [PATCH 04/12] =?UTF-8?q?perf:=20=E6=B7=BB=E5=8A=A0=E5=91=BD?=
 =?UTF-8?q?=E4=BB=A4org?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/terminal/serializers/command.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apps/terminal/serializers/command.py b/apps/terminal/serializers/command.py
index d1e14aa49..01343e825 100644
--- a/apps/terminal/serializers/command.py
+++ b/apps/terminal/serializers/command.py
@@ -8,3 +8,4 @@ class InsecureCommandAlertSerializer(serializers.Serializer):
     user = serializers.CharField()
     risk_level = serializers.IntegerField()
     session = serializers.UUIDField()
+    org_id = serializers.CharField()

From da79f8beab120d724a92925feea43f4c0882dba1 Mon Sep 17 00:00:00 2001
From: feng626 <1304903146@qq.com>
Date: Tue, 26 Oct 2021 13:34:59 +0800
Subject: [PATCH 05/12] =?UTF-8?q?fix:=20=E3=80=90=E3=80=90=E8=B4=A6?=
 =?UTF-8?q?=E5=8F=B7=E7=AE=A1=E7=90=86=E3=80=91=E5=BA=94=E7=94=A8=E8=B4=A6?=
 =?UTF-8?q?=E5=8F=B7=E5=AF=BC=E5=87=BA=E5=AD=97=E6=AE=B5=E5=AD=98=E5=9C=A8?=
 =?UTF-8?q?=E8=8B=B1=E6=96=87=E3=80=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/applications/serializers/application.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/apps/applications/serializers/application.py b/apps/applications/serializers/application.py
index 0eba3e3e9..6fecd3a67 100644
--- a/apps/applications/serializers/application.py
+++ b/apps/applications/serializers/application.py
@@ -104,7 +104,8 @@ class AppAccountSerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer):
         extra_kwargs = {
             'username': {'default': '', 'required': False},
             'password': {'write_only': True},
-            'app_display': {'label': _('Application display')}
+            'app_display': {'label': _('Application display')},
+            'systemuser_display': {'label': _('System User')}
         }
         use_model_bulk_create = True
         model_bulk_create_kwargs = {
@@ -134,4 +135,6 @@ class AppAccountSecretSerializer(AppAccountSerializer):
             'password': {'write_only': False},
             'private_key': {'write_only': False},
             'public_key': {'write_only': False},
+            'app_display': {'label': _('Application display')},
+            'systemuser_display': {'label': _('System User')}
         }

From 37fef6153a8b9bc54ce731fd342ee051c3ecf64d Mon Sep 17 00:00:00 2001
From: Michael Bai <baijiangjie@gmail.com>
Date: Tue, 26 Oct 2021 15:10:03 +0800
Subject: [PATCH 06/12] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E4=BE=9D?=
 =?UTF-8?q?=E8=B5=96=E5=8C=85=E7=89=88=E6=9C=AC:=20jumpserver-django-oidc-?=
 =?UTF-8?q?rp=3D=3D0.3.7.8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 requirements/requirements.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/requirements.txt b/requirements/requirements.txt
index 49d7c5a5e..b3873af1d 100644
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@@ -96,7 +96,7 @@ ipython
 huaweicloud-sdk-python==1.0.21
 django-redis==4.11.0
 python-redis-lock==3.5.0
-jumpserver-django-oidc-rp==0.3.7.7
+jumpserver-django-oidc-rp==0.3.7.8
 django-mysql==3.9.0
 gmssl==3.2.1
 azure-mgmt-compute==4.6.2
@@ -119,4 +119,4 @@ cx-Oracle==8.2.1
 psycopg2-binary==2.9.1
 alibabacloud_dysmsapi20170525==2.0.2
 geoip2==4.4.0
-html2text==2020.1.16
\ No newline at end of file
+html2text==2020.1.16

From 203a01240b490e0afb28eea23fb2546684b4d39d Mon Sep 17 00:00:00 2001
From: ibuler <ibuler@qq.com>
Date: Tue, 26 Oct 2021 15:46:43 +0800
Subject: [PATCH 07/12] =?UTF-8?q?perf:=20=E4=BC=98=E5=8C=96dockerfile?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .dockerignore | 3 ++-
 Dockerfile    | 5 +++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/.dockerignore b/.dockerignore
index cbc1f8c97..0353b6cd4 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -6,4 +6,5 @@ tmp/*
 django.db
 celerybeat.pid
 ### Vagrant ###
-.vagrant/
\ No newline at end of file
+.vagrant/
+apps/xpack/.git
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index cf70c1d19..f9cbb8e35 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,3 +1,4 @@
+# 编译代码
 FROM python:3.8.6-slim as stage-build
 MAINTAINER JumpServer Team <ibuler@qq.com>
 ARG VERSION
@@ -7,9 +8,12 @@ WORKDIR /opt/jumpserver
 ADD . .
 RUN cd utils && bash -ixeu build.sh
 
+# 构建运行时环境
 FROM python:3.8.6-slim
 ARG PIP_MIRROR=https://pypi.douban.com/simple
 ENV PIP_MIRROR=$PIP_MIRROR
+ARG PIP_JMS_MIRROR=https://pypi.douban.com/simple
+ENV PIP_JMS_MIRROR=$PIP_JMS_MIRROR
 
 WORKDIR /opt/jumpserver
 
@@ -27,6 +31,7 @@ RUN sed -i 's/deb.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list \
 
 COPY ./requirements/requirements.txt ./requirements/requirements.txt
 RUN pip install --upgrade pip==20.2.4 setuptools==49.6.0 wheel==0.34.2 -i ${PIP_MIRROR} \
+    && pip install --no-cache-dir $(grep -E 'jms|jumpserver' requirements/requirements.txt) -i ${PIP_JMS_MIRROR} \
     && pip install --no-cache-dir -r requirements/requirements.txt -i ${PIP_MIRROR} \
     && rm -rf ~/.cache/pip
 

From 8a413563beb8fc51fbf1e54df34994d697ec18c4 Mon Sep 17 00:00:00 2001
From: feng626 <1304903146@qq.com>
Date: Tue, 26 Oct 2021 16:23:58 +0800
Subject: [PATCH 08/12] =?UTF-8?q?fix:=20=E5=91=BD=E4=BB=A4=E8=AE=B0?=
 =?UTF-8?q?=E5=BD=95-=E5=AF=BC=E5=87=BA=E9=80=89=E6=8B=A9=E9=A1=B9?=
 =?UTF-8?q?=E5=91=BD=E4=BB=A4=EF=BC=9A=E5=8D=B4=E5=AF=BC=E5=87=BA=E4=BA=86?=
 =?UTF-8?q?=E6=89=80=E6=9C=89=E5=91=BD=E4=BB=A4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/terminal/backends/command/es.py | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/apps/terminal/backends/command/es.py b/apps/terminal/backends/command/es.py
index 678698ff6..7863dbbfb 100644
--- a/apps/terminal/backends/command/es.py
+++ b/apps/terminal/backends/command/es.py
@@ -131,10 +131,13 @@ class CommandStore():
             index=self.index, doc_type=self.doc_type, body=body, from_=from_, size=size,
             sort=sort
         )
+        source_data = []
+        for item in data['hits']['hits']:
+            if item:
+                item['_source'].update({'id': item['_id']})
+                source_data.append(item['_source'])
 
-        return AbstractSessionCommand.from_multi_dict(
-            [item['_source'] for item in data['hits']['hits'] if item]
-        )
+        return AbstractSessionCommand.from_multi_dict(source_data)
 
     def count(self, **query):
         body = self.get_query_body(**query)
@@ -160,11 +163,16 @@ class CommandStore():
             new_kwargs[k] = str(v) if isinstance(v, UUID) else v
         kwargs = new_kwargs
 
+        index_in_field = 'id__in'
         exact_fields = self.exact_fields
         match_fields = self.match_fields
 
         match = {}
         exact = {}
+        index = {}
+
+        if index_in_field in kwargs:
+            index['values'] = kwargs[index_in_field]
 
         for k, v in kwargs.items():
             if k in exact_fields:
@@ -221,6 +229,10 @@ class CommandStore():
                                 'timestamp': timestamp_range
                             }
                         }
+                    ] + [
+                        {
+                            'ids': {k: v}
+                        } for k, v in index.items()
                     ]
                 }
             },

From 1eb59b11da93b1956d57a6bbc8c56331bd3b559e Mon Sep 17 00:00:00 2001
From: Michael Bai <baijiangjie@gmail.com>
Date: Tue, 26 Oct 2021 17:17:10 +0800
Subject: [PATCH 09/12] =?UTF-8?q?fix:=20=E6=B7=BB=E5=8A=A0Model=E7=9A=84ve?=
 =?UTF-8?q?rbose=5Fname=E5=B1=9E=E6=80=A7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../migrations/0002_auto_20210926_1047.py     |   8 +
 apps/acls/models/login_acl.py                 |   1 +
 apps/acls/models/login_asset_acl.py           |   1 +
 .../migrations/0013_auto_20211026_1711.py     |  17 ++
 apps/applications/models/application.py       |   1 +
 apps/locale/zh/LC_MESSAGES/django.po          | 201 ++++++++++--------
 6 files changed, 136 insertions(+), 93 deletions(-)
 create mode 100644 apps/applications/migrations/0013_auto_20211026_1711.py

diff --git a/apps/acls/migrations/0002_auto_20210926_1047.py b/apps/acls/migrations/0002_auto_20210926_1047.py
index fa45cd25a..c43c4b807 100644
--- a/apps/acls/migrations/0002_auto_20210926_1047.py
+++ b/apps/acls/migrations/0002_auto_20210926_1047.py
@@ -86,4 +86,12 @@ class Migration(migrations.Migration):
             model_name='loginacl',
             name='ip_group',
         ),
+        migrations.AlterModelOptions(
+            name='loginacl',
+            options={'ordering': ('priority', '-date_updated', 'name'), 'verbose_name': 'Login acl'},
+        ),
+        migrations.AlterModelOptions(
+            name='loginassetacl',
+            options={'ordering': ('priority', '-date_updated', 'name'), 'verbose_name': 'Login asset acl'},
+        ),
     ]
diff --git a/apps/acls/models/login_acl.py b/apps/acls/models/login_acl.py
index bf69c1018..bdc1c8d9e 100644
--- a/apps/acls/models/login_acl.py
+++ b/apps/acls/models/login_acl.py
@@ -40,6 +40,7 @@ class LoginACL(BaseACL):
 
     class Meta:
         ordering = ('priority', '-date_updated', 'name')
+        verbose_name = _('Login acl')
 
     def __str__(self):
         return self.name
diff --git a/apps/acls/models/login_asset_acl.py b/apps/acls/models/login_asset_acl.py
index bf47fa578..0bde3c14f 100644
--- a/apps/acls/models/login_asset_acl.py
+++ b/apps/acls/models/login_asset_acl.py
@@ -37,6 +37,7 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
     class Meta:
         unique_together = ('name', 'org_id')
         ordering = ('priority', '-date_updated', 'name')
+        verbose_name = _('Login asset acl')
 
     def __str__(self):
         return self.name
diff --git a/apps/applications/migrations/0013_auto_20211026_1711.py b/apps/applications/migrations/0013_auto_20211026_1711.py
new file mode 100644
index 000000000..28d80cdbc
--- /dev/null
+++ b/apps/applications/migrations/0013_auto_20211026_1711.py
@@ -0,0 +1,17 @@
+# Generated by Django 3.1.13 on 2021-10-26 09:11
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('applications', '0012_auto_20211014_2209'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='application',
+            options={'ordering': ('name',), 'verbose_name': 'Application'},
+        ),
+    ]
diff --git a/apps/applications/models/application.py b/apps/applications/models/application.py
index 7b641b7c4..5df8e3dfd 100644
--- a/apps/applications/models/application.py
+++ b/apps/applications/models/application.py
@@ -180,6 +180,7 @@ class Application(CommonModelMixin, OrgModelMixin, ApplicationTreeNodeMixin):
     )
 
     class Meta:
+        verbose_name = _('Application')
         unique_together = [('org_id', 'name')]
         ordering = ('name',)
 
diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po
index 1649f5247..76db7d1d4 100644
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: JumpServer 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2021-10-25 16:48+0800\n"
+"POT-Creation-Date: 2021-10-26 17:16+0800\n"
 "PO-Revision-Date: 2021-05-20 10:54+0800\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: JumpServer team<ibuler@qq.com>\n"
@@ -74,7 +74,7 @@ msgstr "拒绝"
 msgid "Allow"
 msgstr "允许"
 
-#: acls/models/login_acl.py:21 acls/models/login_acl.py:113
+#: acls/models/login_acl.py:21 acls/models/login_acl.py:114
 #: acls/models/login_asset_acl.py:17 tickets/const.py:9
 msgid "Login confirm"
 msgstr "登录复核"
@@ -116,14 +116,20 @@ msgstr "动作"
 msgid "Reviewers"
 msgstr "审批人"
 
+#: acls/models/login_acl.py:43
+msgid "Login acl"
+msgstr "登录访问控制"
+
 #: acls/models/login_asset_acl.py:21
+#: applications/serializers/application.py:108
+#: applications/serializers/application.py:139
 msgid "System User"
 msgstr "系统用户"
 
 #: acls/models/login_asset_acl.py:22
 #: applications/serializers/attrs/application_category/remote_app.py:37
 #: assets/models/asset.py:357 assets/models/authbook.py:18
-#: assets/models/gathered_user.py:14 assets/serializers/system_user.py:230
+#: assets/models/gathered_user.py:14 assets/serializers/system_user.py:233
 #: audits/models.py:38 perms/models/asset_permission.py:99
 #: templates/index.html:82 terminal/backends/command/models.py:19
 #: terminal/backends/command/serializers.py:13 terminal/models/session.py:40
@@ -135,7 +141,11 @@ msgstr "系统用户"
 msgid "Asset"
 msgstr "资产"
 
-#: acls/models/login_asset_acl.py:89 tickets/const.py:12
+#: acls/models/login_asset_acl.py:40
+msgid "Login asset acl"
+msgstr "登录资产访问控制"
+
+#: acls/models/login_asset_acl.py:90 tickets/const.py:12
 msgid "Login asset confirm"
 msgstr "登录资产复核"
 
@@ -153,7 +163,7 @@ msgstr "格式为逗号分隔的字符串, * 表示匹配所有. "
 #: audits/models.py:105 authentication/forms.py:15 authentication/forms.py:17
 #: authentication/templates/authentication/_msg_different_city.html:9
 #: ops/models/adhoc.py:148 users/forms/profile.py:31 users/models/user.py:595
-#: users/templates/users/_msg_user_created.html:10
+#: users/templates/users/_msg_user_created.html:12
 #: users/templates/users/_select_user_modal.html:14
 #: xpack/plugins/change_auth_plan/models/asset.py:35
 #: xpack/plugins/change_auth_plan/models/asset.py:191
@@ -312,6 +322,11 @@ msgstr "网域"
 msgid "Attrs"
 msgstr ""
 
+#: applications/models/application.py:183
+#: perms/models/application_permission.py:27 users/models/user.py:174
+msgid "Application"
+msgstr "应用程序"
+
 #: applications/serializers/application.py:59
 #: applications/serializers/application.py:89 assets/serializers/label.py:13
 #: perms/serializers/application/permission.py:16
@@ -330,6 +345,7 @@ msgid "Type display"
 msgstr "类型名称"
 
 #: applications/serializers/application.py:107
+#: applications/serializers/application.py:138
 msgid "Application display"
 msgstr "应用名称"
 
@@ -384,7 +400,7 @@ msgstr "目标URL"
 #: authentication/forms.py:22
 #: authentication/templates/authentication/login.html:151
 #: settings/serializers/auth/ldap.py:44 users/forms/profile.py:21
-#: users/templates/users/_msg_user_created.html:11
+#: users/templates/users/_msg_user_created.html:13
 #: users/templates/users/user_otp_check_password.html:13
 #: users/templates/users/user_password_update.html:43
 #: users/templates/users/user_password_verify.html:18
@@ -747,7 +763,7 @@ msgstr "全称"
 msgid "Parent key"
 msgstr "ssh私钥"
 
-#: assets/models/node.py:559 assets/serializers/system_user.py:229
+#: assets/models/node.py:559 assets/serializers/system_user.py:232
 #: users/templates/users/user_asset_permission.html:41
 #: users/templates/users/user_asset_permission.html:73
 #: users/templates/users/user_asset_permission.html:158
@@ -848,7 +864,7 @@ msgstr "节点名称"
 msgid "Hardware info"
 msgstr "硬件信息"
 
-#: assets/serializers/asset.py:104 assets/serializers/system_user.py:248
+#: assets/serializers/asset.py:104 assets/serializers/system_user.py:251
 #: orgs/mixins/serializers.py:26
 msgid "Org name"
 msgstr "组织名称"
@@ -862,7 +878,7 @@ msgid "private key invalid"
 msgstr "密钥不合法"
 
 #: assets/serializers/domain.py:13 assets/serializers/label.py:12
-#: assets/serializers/system_user.py:53
+#: assets/serializers/system_user.py:56
 #: perms/serializers/asset/permission.py:72
 msgid "Assets amount"
 msgstr "资产数量"
@@ -892,48 +908,52 @@ msgstr "同级别节点名字不能重复"
 msgid "SSH key fingerprint"
 msgstr "密钥指纹"
 
-#: assets/serializers/system_user.py:52
+#: assets/serializers/system_user.py:30
+msgid "Apps amount"
+msgstr "应用数量"
+
+#: assets/serializers/system_user.py:55
 #: perms/serializers/asset/permission.py:73
 msgid "Nodes amount"
 msgstr "节点数量"
 
-#: assets/serializers/system_user.py:54 assets/serializers/system_user.py:231
+#: assets/serializers/system_user.py:57 assets/serializers/system_user.py:234
 msgid "Login mode display"
 msgstr "认证方式名称"
 
-#: assets/serializers/system_user.py:56
+#: assets/serializers/system_user.py:59
 msgid "Ad domain"
 msgstr "Ad 网域"
 
-#: assets/serializers/system_user.py:57
+#: assets/serializers/system_user.py:60
 msgid "Is asset protocol"
 msgstr ""
 
-#: assets/serializers/system_user.py:97
+#: assets/serializers/system_user.py:100
 msgid "Username same with user with protocol {} only allow 1"
 msgstr "用户名和用户相同的一种协议只允许存在一个"
 
-#: assets/serializers/system_user.py:107 common/validators.py:14
+#: assets/serializers/system_user.py:110 common/validators.py:14
 msgid "Special char not allowed"
 msgstr "不能包含特殊字符"
 
-#: assets/serializers/system_user.py:116
+#: assets/serializers/system_user.py:119
 msgid "* Automatic login mode must fill in the username."
 msgstr "自动登录模式，必须填写用户名"
 
-#: assets/serializers/system_user.py:131
+#: assets/serializers/system_user.py:134
 msgid "Path should starts with /"
 msgstr "路径应该以 / 开头"
 
-#: assets/serializers/system_user.py:143
+#: assets/serializers/system_user.py:146
 msgid "Password or private key required"
 msgstr "密码或密钥密码需要一个"
 
-#: assets/serializers/system_user.py:247
+#: assets/serializers/system_user.py:250
 msgid "System user name"
 msgstr "系统用户名称"
 
-#: assets/serializers/system_user.py:257
+#: assets/serializers/system_user.py:260
 msgid "Asset hostname"
 msgstr "资产主机名"
 
@@ -1253,12 +1273,12 @@ msgstr ""
 msgid "Auth Token"
 msgstr "认证令牌"
 
-#: audits/signals_handler.py:68 authentication/views/login.py:168
+#: audits/signals_handler.py:68 authentication/views/login.py:169
 #: notifications/backends/__init__.py:11 users/models/user.py:652
 msgid "WeCom"
 msgstr "企业微信"
 
-#: audits/signals_handler.py:69 authentication/views/login.py:174
+#: audits/signals_handler.py:69 authentication/views/login.py:175
 #: notifications/backends/__init__.py:12 users/models/user.py:653
 msgid "DingTalk"
 msgstr "钉钉"
@@ -1420,7 +1440,7 @@ msgstr "{ApplicationPermission} 移除 {UserGroup}"
 
 #: audits/signals_handler.py:157 perms/models/application_permission.py:37
 msgid "Application permission"
-msgstr "应用管理"
+msgstr "应用授权"
 
 #: audits/signals_handler.py:158
 #, python-brace-format
@@ -1625,38 +1645,50 @@ msgstr "等待登录复核处理"
 msgid "Login confirm ticket was {}"
 msgstr "登录复核 {}"
 
-#: authentication/errors.py:261
+#: authentication/errors.py:265
 msgid "IP is not allowed"
 msgstr "来源 IP 不被允许登录"
 
-#: authentication/errors.py:268
+#: authentication/errors.py:272
 msgid "Time Period is not allowed"
 msgstr "该 时间段 不被允许登录"
 
-#: authentication/errors.py:301
+#: authentication/errors.py:305
 msgid "SSO auth closed"
 msgstr "SSO 认证关闭了"
 
-#: authentication/errors.py:306 authentication/mixins.py:340
+#: authentication/errors.py:310 authentication/mixins.py:345
 msgid "Your password is too simple, please change it for security"
 msgstr "你的密码过于简单，为了安全，请修改"
 
-#: authentication/errors.py:315 authentication/mixins.py:347
+#: authentication/errors.py:319 authentication/mixins.py:352
 msgid "You should to change your password before login"
 msgstr "登录完成前，请先修改密码"
 
-#: authentication/errors.py:324 authentication/mixins.py:354
+#: authentication/errors.py:328 authentication/mixins.py:359
 msgid "Your password has expired, please reset before logging in"
 msgstr "您的密码已过期，先修改再登录"
 
-#: authentication/errors.py:358
+#: authentication/errors.py:362
 msgid "Your password is invalid"
 msgstr "您的密码无效"
 
-#: authentication/errors.py:364
+#: authentication/errors.py:368
 msgid "No upload or download permission"
 msgstr "没有上传下载权限"
 
+#: authentication/errors.py:384 templates/_mfa_otp_login.html:37
+msgid "Please enter MFA code"
+msgstr "请输入6位动态安全码"
+
+#: authentication/errors.py:387 templates/_mfa_otp_login.html:38
+msgid "Please enter SMS code"
+msgstr "请输入短信验证码"
+
+#: authentication/errors.py:390 users/exceptions.py:15
+msgid "Phone not set"
+msgstr "手机号没有设置"
+
 #: authentication/forms.py:35
 msgid "{} days auto login"
 msgstr "{} 天内自动登录"
@@ -1677,11 +1709,11 @@ msgstr "多因子认证验证码"
 msgid "Dynamic code"
 msgstr "动态码"
 
-#: authentication/mixins.py:330
+#: authentication/mixins.py:335
 msgid "Please change your password"
 msgstr "请修改密码"
 
-#: authentication/mixins.py:515
+#: authentication/mixins.py:523
 msgid "SMS"
 msgstr "短信"
 
@@ -1827,12 +1859,12 @@ msgid "Click here reset password"
 msgstr "点击这里重置密码"
 
 #: authentication/templates/authentication/_msg_reset_password.html:15
-#: users/templates/users/_msg_user_created.html:17
+#: users/templates/users/_msg_user_created.html:19
 msgid "This link is valid for 1 hour. After it expires"
 msgstr "这个链接有效期1小时, 超过时间您可以"
 
 #: authentication/templates/authentication/_msg_reset_password.html:17
-#: users/templates/users/_msg_user_created.html:18
+#: users/templates/users/_msg_user_created.html:20
 msgid "request new one"
 msgstr "重新申请"
 
@@ -1996,12 +2028,12 @@ msgstr "正在跳转到 {} 认证"
 msgid "Please enable cookies and try again."
 msgstr "设置你的浏览器支持cookie"
 
-#: authentication/views/login.py:180 notifications/backends/__init__.py:14
+#: authentication/views/login.py:181 notifications/backends/__init__.py:14
 #: users/models/user.py:654
 msgid "FeiShu"
 msgstr "飞书"
 
-#: authentication/views/login.py:268
+#: authentication/views/login.py:269
 msgid ""
 "Wait for <b>{}</b> confirm, You also can copy link to her/him <br/>\n"
 "                  Don't close this page"
@@ -2009,15 +2041,15 @@ msgstr ""
 "等待 <b>{}</b> 确认, 你也可以复制链接发给他/她 <br/>\n"
 "                  不要关闭本页面"
 
-#: authentication/views/login.py:273
+#: authentication/views/login.py:274
 msgid "No ticket found"
 msgstr "没有发现工单"
 
-#: authentication/views/login.py:305
+#: authentication/views/login.py:306
 msgid "Logout success"
 msgstr "退出登录成功"
 
-#: authentication/views/login.py:306
+#: authentication/views/login.py:307
 msgid "Logout success, return login page"
 msgstr "退出登录成功，返回到登录页面"
 
@@ -2204,12 +2236,11 @@ msgstr "不能包含特殊字符"
 msgid "The mobile phone number format is incorrect"
 msgstr "手机号格式不正确"
 
-#: jumpserver/conf.py:268 settings/serializers/email.py:51
+#: jumpserver/conf.py:268
 msgid "Create account successfully"
 msgstr "创建账户成功"
 
-#: jumpserver/conf.py:270 settings/serializers/email.py:63
-#: users/templates/users/_msg_user_created.html:8
+#: jumpserver/conf.py:270
 msgid "Your account has been created successfully"
 msgstr "你的账户已创建成功"
 
@@ -2253,7 +2284,7 @@ msgstr "邮件"
 msgid "Site message"
 msgstr "站内信"
 
-#: notifications/notifications.py:170 ops/models/adhoc.py:246
+#: notifications/notifications.py:172 ops/models/adhoc.py:246
 #: xpack/plugins/change_auth_plan/models/base.py:108
 #: xpack/plugins/change_auth_plan/models/base.py:190
 #: xpack/plugins/gathered_user/models.py:79
@@ -2473,10 +2504,6 @@ msgstr "管理员正在修改授权，请稍等"
 msgid "The authorization cannot be revoked for the time being"
 msgstr "该授权暂时不能撤销"
 
-#: perms/models/application_permission.py:27 users/models/user.py:174
-msgid "Application"
-msgstr "应用程序"
-
 #: perms/models/asset_permission.py:37 settings/serializers/terminal.py:12
 msgid "All"
 msgstr "全部"
@@ -2927,7 +2954,7 @@ msgid "SMS provider"
 msgstr "短信服务商"
 
 #: settings/serializers/auth/sms.py:17 settings/serializers/auth/sms.py:35
-#: settings/serializers/auth/sms.py:43
+#: settings/serializers/auth/sms.py:43 settings/serializers/email.py:63
 msgid "Signature"
 msgstr "签名"
 
@@ -3104,27 +3131,26 @@ msgid ""
 "successfully)"
 msgstr "提示: 创建用户时，发送设置密码邮件的主题 (例如: 创建用户成功)"
 
-#: settings/serializers/email.py:55
+#: settings/serializers/email.py:54
 msgid "Create user honorific"
 msgstr "邮件问候语"
 
-#: settings/serializers/email.py:56
-#, python-brace-format
-msgid "Hello {name}"
-msgstr "你好 {name}"
-
-#: settings/serializers/email.py:57
+#: settings/serializers/email.py:55
 msgid "Tips: When creating a user, send the honorific of the email (eg:Hello)"
 msgstr "提示: 创建用户时，发送设置密码邮件的敬语 (例如: 你好)"
 
-#: settings/serializers/email.py:61
+#: settings/serializers/email.py:59
 msgid "Create user email content"
 msgstr "邮件的内容"
 
-#: settings/serializers/email.py:62
+#: settings/serializers/email.py:60
 msgid "Tips:When creating a user, send the content of the email"
 msgstr "提示: 创建用户时，发送设置密码邮件的内容"
 
+#: settings/serializers/email.py:64
+msgid "Tips: Email signature (eg:jumpserver)"
+msgstr "邮件署名 (如:jumpserver)"
+
 #: settings/serializers/other.py:7
 msgid "Email suffix"
 msgstr "邮件后缀"
@@ -3678,14 +3704,6 @@ msgstr "请输入验证码"
 msgid "Send verification code"
 msgstr "发送验证码"
 
-#: templates/_mfa_otp_login.html:37
-msgid "Please enter MFA code"
-msgstr "请输入6位动态安全码"
-
-#: templates/_mfa_otp_login.html:38
-msgid "Please enter SMS code"
-msgstr "请输入短信验证码"
-
 #: templates/_mfa_otp_login.html:60 templates/_mfa_otp_login.html:65
 msgid "Wait: "
 msgstr "等待："
@@ -4473,35 +4491,35 @@ msgid ""
 msgstr ""
 "通过工单创建, 工单标题: {}, 工单申请人: {}, 工单处理人: {}, 工单 ID: {}"
 
-#: tickets/handler/base.py:86
+#: tickets/handler/base.py:88
 msgid "{} {} the ticket"
 msgstr "{} {} 工单"
 
-#: tickets/handler/base.py:114
+#: tickets/handler/base.py:116
 msgid "Ticket title"
 msgstr "工单标题"
 
-#: tickets/handler/base.py:115
+#: tickets/handler/base.py:117
 msgid "Ticket type"
 msgstr "工单类型"
 
-#: tickets/handler/base.py:116
+#: tickets/handler/base.py:118
 msgid "Ticket status"
 msgstr "工单状态"
 
-#: tickets/handler/base.py:117
+#: tickets/handler/base.py:119
 msgid "Ticket applicant"
 msgstr "工单申请人"
 
-#: tickets/handler/base.py:119
+#: tickets/handler/base.py:121
 msgid "Ticket basic info"
 msgstr "工单基本信息"
 
-#: tickets/handler/base.py:130
+#: tickets/handler/base.py:132
 msgid "No content"
 msgstr "无内容"
 
-#: tickets/handler/base.py:132
+#: tickets/handler/base.py:134
 msgid "Ticket applied info"
 msgstr "工单申请信息"
 
@@ -4783,10 +4801,6 @@ msgstr "设置密码"
 msgid "MFA not enabled"
 msgstr "MFA没有开启"
 
-#: users/exceptions.py:15
-msgid "Phone not set"
-msgstr "手机号没有设置"
-
 #: users/exceptions.py:20
 msgid "MFA method not support"
 msgstr "MFA 方法不支持"
@@ -4915,30 +4929,30 @@ msgstr "管理员"
 msgid "Administrator is the super user of system"
 msgstr "Administrator是初始的超级管理员"
 
-#: users/notifications.py:56
+#: users/notifications.py:48
 #: users/templates/users/_msg_password_expire_reminder.html:17
 #: users/templates/users/reset_password.html:5
 #: users/templates/users/reset_password.html:6
 msgid "Reset password"
 msgstr "重置密码"
 
-#: users/notifications.py:86 users/views/profile/reset.py:127
+#: users/notifications.py:78 users/views/profile/reset.py:127
 msgid "Reset password success"
 msgstr "重置密码成功"
 
-#: users/notifications.py:112
+#: users/notifications.py:104
 msgid "Password is about expire"
 msgstr "密码即将过期"
 
-#: users/notifications.py:140
+#: users/notifications.py:132
 msgid "Account is about expire"
 msgstr "账号即将过期"
 
-#: users/notifications.py:162
+#: users/notifications.py:154
 msgid "Reset SSH Key"
 msgstr "重置 SSH 密钥"
 
-#: users/notifications.py:183
+#: users/notifications.py:175
 msgid "Reset MFA"
 msgstr "重置 MFA"
 
@@ -5108,7 +5122,7 @@ msgstr "点击这里设置"
 msgid "Your ssh public key has been reset by site administrator"
 msgstr "你的 SSH 密钥已经被管理员重置"
 
-#: users/templates/users/_msg_user_created.html:13
+#: users/templates/users/_msg_user_created.html:15
 msgid "click here to set your password"
 msgstr "点击这里设置密码"
 
@@ -5363,8 +5377,8 @@ msgstr "* 新密码不能是最近 {} 次的密码"
 msgid "Reset password success, return to login page"
 msgstr "重置密码成功，返回到登录页面"
 
-#: xpack/plugins/change_auth_plan/api/app.py:113
-#: xpack/plugins/change_auth_plan/api/asset.py:100
+#: xpack/plugins/change_auth_plan/api/app.py:114
+#: xpack/plugins/change_auth_plan/api/asset.py:101
 msgid "The parameter 'action' must be [{}]"
 msgstr "参数 'action' 必须是 [{}]"
 
@@ -5495,15 +5509,15 @@ msgstr "* 请输入正确的密码长度"
 msgid "* Password length range 6-30 bits"
 msgstr "* 密码长度范围 6-30 位"
 
-#: xpack/plugins/change_auth_plan/task_handlers/base/handler.py:248
+#: xpack/plugins/change_auth_plan/task_handlers/base/handler.py:249
 msgid "Invalid/incorrect password"
 msgstr "无效/错误 密码"
 
-#: xpack/plugins/change_auth_plan/task_handlers/base/handler.py:250
+#: xpack/plugins/change_auth_plan/task_handlers/base/handler.py:251
 msgid "Failed to connect to the host"
 msgstr "连接主机失败"
 
-#: xpack/plugins/change_auth_plan/task_handlers/base/handler.py:252
+#: xpack/plugins/change_auth_plan/task_handlers/base/handler.py:253
 msgid "Data could not be sent to remote"
 msgstr "无法将数据发送到远程"
 
@@ -5861,7 +5875,7 @@ msgstr "执行次数"
 msgid "Instance count"
 msgstr "实例个数"
 
-#: xpack/plugins/cloud/utils.py:65
+#: xpack/plugins/cloud/utils.py:68
 msgid "Account unavailable"
 msgstr "账户无效"
 
@@ -5949,8 +5963,9 @@ msgstr "旗舰版"
 msgid "Community edition"
 msgstr "社区版"
 
-#~ msgid "Tips: Email signature (eg:jumpserver)"
-#~ msgstr "邮件署名 (如:jumpserver)"
+#, python-brace-format
+#~ msgid "Hello {name}"
+#~ msgstr "你好 {name}"
 
 #~ msgid "Login direct"
 #~ msgstr "直接登录"

From 11fd2afa3a50e18b24345d6fccb5fb01eb5bdff4 Mon Sep 17 00:00:00 2001
From: fit2bot <68588906+fit2bot@users.noreply.github.com>
Date: Tue, 26 Oct 2021 17:27:01 +0800
Subject: [PATCH 10/12] =?UTF-8?q?perf:=20=E4=BC=98=E5=8C=96=E4=B8=8B?=
 =?UTF-8?q?=E8=BD=BD=E9=A1=B5=E9=9D=A2=20(#7082)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: ibuler <ibuler@qq.com>
Co-authored-by: Jiangjie.Bai <32935519+BaiJiangJie@users.noreply.github.com>
---
 apps/locale/zh/LC_MESSAGES/django.po  | 21 ++++++++++++++++++++
 apps/templates/resource_download.html | 28 +++++++++++++++++++++++----
 2 files changed, 45 insertions(+), 4 deletions(-)

diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po
index 76db7d1d4..763d0a248 100644
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
@@ -4014,6 +4014,27 @@ msgstr "前"
 msgid "Login in "
 msgstr "登录了"
 
+#: templates/resource_download.html:15 templates/resource_download.html:21
+#: templates/resource_download.html:22 templates/resource_download.html:27
+msgid "Client"
+msgstr "客户端"
+
+#: templates/resource_download.html:17
+msgid ""
+"JumpServer Client, currently used to launch the client, now only support "
+"launch RDP client, The SSH client will next"
+msgstr "JumpServer 客户端，目前用来唤起 特定客户端程序 连接资产, 目前仅支持 RDP 客户端，SSH、Telnet 会在未来支持"
+
+#: templates/resource_download.html:27
+msgid "Official"
+msgstr "官方"
+
+#: templates/resource_download.html:29
+msgid ""
+"macOS needs to download the client to connect RDP asset, which comes with "
+"Windows"
+msgstr "macOS 需要下载客户端来连接 RDP 资产，Windows 系统默认安装了该程序"
+
 #: templates/rest_framework/base.html:128
 msgid "Filters"
 msgstr "过滤"
diff --git a/apps/templates/resource_download.html b/apps/templates/resource_download.html
index df1dbc31c..f03b20686 100644
--- a/apps/templates/resource_download.html
+++ b/apps/templates/resource_download.html
@@ -1,16 +1,36 @@
 {% extends '_without_nav_base.html' %}
+{% load i18n %}
 {% block body %}
+<style>
+li {
+    list-style: disc;
+}
+ul {
+    padding-left: 30px;
+    padding-top: 10px;
+}
+p {
+    padding-top: 10px;
+}
+</style>
 <div style="margin: 0 200px">
     <div class="group">
-        <h2>JumpServer Clients</h2>
+        <h2>JumpServer {% trans 'Client' %}</h2>
+        <p>
+            {% trans 'JumpServer Client, currently used to launch the client, now only support launch RDP client, The SSH client will next' %}
+{#            //JumpServer 客户端，支持 RDP 的本地拉起，后续会支持拉起 ssh。#}
+        </p>
         <ul>
-            <li><a href="/download/JumpServer-Client-Installer.msi">jumpserver-client-windows.msi</a></li>
-            <li><a href="/download/JumpServer-Client-Installer.dmg">jumpserver-client-macos.dmg</a></li>
+            <li> <a href="/download/JumpServer-Client-Installer.msi">Windows {% trans 'Client' %}</a></li>
+            <li> <a href="/download/JumpServer-Client-Installer.dmg">macOS {% trans 'Client' %}</a></li>
         </ul>
     </div>
 
     <div class="group">
-        <h2>RDP Clients</h2>
+        <h2>{% trans 'Microsoft' %} RDP {% trans 'Official' %}{% trans 'Client' %}</h2>
+        <p>
+            {% trans 'macOS needs to download the client to connect RDP asset, which comes with Windows' %}
+        </p>
         <ul>
             <li><a href="/download/Microsoft_Remote_Desktop_10.6.7_installer.pkg">Microsoft_Remote_Desktop_10.6.7_installer.pkg</a></li>
         </ul>

From 3fffd667dc94c360adc9e7aecfb9dca3aca13301 Mon Sep 17 00:00:00 2001
From: Michael Bai <baijiangjie@gmail.com>
Date: Wed, 27 Oct 2021 10:57:40 +0800
Subject: [PATCH 11/12] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E7=B3=BB?=
 =?UTF-8?q?=E7=BB=9F=E7=94=A8=E6=88=B7=E3=80=81=E5=B7=A5=E5=8D=95=E5=88=97?=
 =?UTF-8?q?=E8=A1=A8=E6=8E=92=E5=BA=8F=E5=AD=97=E6=AE=B5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/assets/api/system_user.py | 2 +-
 apps/tickets/api/ticket.py     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/assets/api/system_user.py b/apps/assets/api/system_user.py
index 01baf000b..213858e13 100644
--- a/apps/assets/api/system_user.py
+++ b/apps/assets/api/system_user.py
@@ -41,7 +41,7 @@ class SystemUserViewSet(SuggestionMixin, OrgBulkModelViewSet):
         'default': serializers.SystemUserSerializer,
         'suggestion': serializers.MiniSystemUserSerializer
     }
-    ordering_fields = ('name', 'protocol')
+    ordering_fields = ('name', 'protocol', 'login_mode')
     ordering = ('name', )
     permission_classes = (IsOrgAdminOrAppUser,)
 
diff --git a/apps/tickets/api/ticket.py b/apps/tickets/api/ticket.py
index 86d06f062..82fd8bd55 100644
--- a/apps/tickets/api/ticket.py
+++ b/apps/tickets/api/ticket.py
@@ -29,7 +29,7 @@ class TicketViewSet(CommonApiMixin, viewsets.ModelViewSet):
     search_fields = [
         'title', 'action', 'type', 'status', 'applicant_display'
     ]
-    ordering_fields = ('title',)
+    ordering_fields = ('title', 'applicant_display', 'status', 'state', 'action_display', 'date_created')
     ordering = ('title', )
 
     def create(self, request, *args, **kwargs):

From c93ab153512dadb018c26cd4d516fe9f7490fc1e Mon Sep 17 00:00:00 2001
From: feng626 <1304903146@qq.com>
Date: Wed, 27 Oct 2021 11:26:56 +0800
Subject: [PATCH 12/12] fix: acl migrate bug

---
 apps/acls/migrations/0002_auto_20210926_1047.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apps/acls/migrations/0002_auto_20210926_1047.py b/apps/acls/migrations/0002_auto_20210926_1047.py
index c43c4b807..45171a5f7 100644
--- a/apps/acls/migrations/0002_auto_20210926_1047.py
+++ b/apps/acls/migrations/0002_auto_20210926_1047.py
@@ -54,6 +54,7 @@ class Migration(migrations.Migration):
     dependencies = [
         migrations.swappable_dependency(settings.AUTH_USER_MODEL),
         ('acls', '0001_initial'),
+        ('authentication', '0004_ssotoken'),
     ]
 
     operations = [