diff --git a/apps/authentication/backends/ldap.py b/apps/authentication/backends/ldap.py index 3e58e08fa..9dd151561 100644 --- a/apps/authentication/backends/ldap.py +++ b/apps/authentication/backends/ldap.py @@ -8,6 +8,7 @@ from django_auth_ldap.backend import _LDAPUser, LDAPBackend from django_auth_ldap.config import _LDAPConfig, LDAPSearch, LDAPSearchUnion from users.utils import construct_user_email +from common.const import LDAP_AD_ACCOUNT_DISABLE logger = _LDAPConfig.get_logger() @@ -17,6 +18,15 @@ class LDAPAuthorizationBackend(LDAPBackend): Override this class to override _LDAPUser to LDAPUser """ + @staticmethod + def user_can_authenticate(user): + """ + Reject users with is_active=False. Custom user models that don't have + that attribute are allowed. + """ + is_valid = getattr(user, 'is_valid', None) + return is_valid or is_valid is None + def authenticate(self, request=None, username=None, password=None, **kwargs): logger.info('Authentication LDAP backend') if not username: @@ -25,34 +35,29 @@ class LDAPAuthorizationBackend(LDAPBackend): ldap_user = LDAPUser(self, username=username.strip(), request=request) user = self.authenticate_ldap_user(ldap_user, password) logger.info('Authenticate user: {}'.format(user)) - return user + return user if self.user_can_authenticate(user) else None def get_user(self, user_id): user = None - try: user = self.get_user_model().objects.get(pk=user_id) LDAPUser(self, user=user) # This sets user.ldap_user except ObjectDoesNotExist: pass - return user def get_group_permissions(self, user, obj=None): if not hasattr(user, 'ldap_user') and self.settings.AUTHORIZE_ALL_USERS: LDAPUser(self, user=user) # This sets user.ldap_user - if hasattr(user, 'ldap_user'): permissions = user.ldap_user.get_group_permissions() else: permissions = set() - return permissions def populate_user(self, username): ldap_user = LDAPUser(self, username=username) user = ldap_user.populate_user() - return user @@ -91,13 +96,19 @@ class LDAPUser(_LDAPUser): for field, attr in self.settings.USER_ATTR_MAP.items(): try: value = self.attrs[attr][0] + if attr.lower() == 'useraccountcontrol' \ + and field == 'is_active' and value: + value = int(value) & LDAP_AD_ACCOUNT_DISABLE \ + != LDAP_AD_ACCOUNT_DISABLE except LookupError: logger.warning("{} does not have a value for the attribute {}".format(self.dn, attr)) else: if not hasattr(self._user, field): continue if isinstance(getattr(self._user, field), bool): - value = value.lower() in ['true', '1'] + if isinstance(value, str): + value = value.lower() + value = value in ['true', '1', True] setattr(self._user, field, value) email = getattr(self._user, 'email', '') diff --git a/apps/authentication/backends/openid/backends.py b/apps/authentication/backends/openid/backends.py index f6285d1ed..938566e2a 100644 --- a/apps/authentication/backends/openid/backends.py +++ b/apps/authentication/backends/openid/backends.py @@ -26,8 +26,8 @@ class BaseOpenIDAuthorizationBackend(object): Reject users with is_active=False. Custom user models that don't have that attribute are allowed. """ - is_active = getattr(user, 'is_active', None) - return is_active or is_active is None + is_valid = getattr(user, 'is_valid', None) + return is_valid or is_valid is None def get_user(self, user_id): try: diff --git a/apps/authentication/signals_handlers.py b/apps/authentication/signals_handlers.py index e401b7dc1..7033cf777 100644 --- a/apps/authentication/signals_handlers.py +++ b/apps/authentication/signals_handlers.py @@ -1,3 +1,4 @@ +from rest_framework.request import Request from django.http.request import QueryDict from django.conf import settings from django.dispatch import receiver @@ -52,14 +53,15 @@ def on_ldap_create_user(sender, user, ldap_user, **kwargs): def generate_data(username, request): - if not request.user.is_anonymous and request.user.is_app: + user_agent = request.META.get('HTTP_USER_AGENT', '') + + if isinstance(request, Request): login_ip = request.data.get('remote_addr', None) login_type = request.data.get('login_type', '') - user_agent = request.data.get('HTTP_USER_AGENT', '') else: login_ip = get_request_ip(request) - user_agent = request.META.get('HTTP_USER_AGENT', '') login_type = 'W' + data = { 'username': username, 'ip': login_ip, diff --git a/apps/common/const.py b/apps/common/const.py index 72d92da81..65d445eec 100644 --- a/apps/common/const.py +++ b/apps/common/const.py @@ -8,3 +8,7 @@ update_success_msg = _("%(name)s was updated successfully") FILE_END_GUARD = ">>> Content End <<<" celery_task_pre_key = "CELERY_" KEY_CACHE_RESOURCES_ID = "RESOURCES_ID_{}" + +# AD User AccountDisable +# https://blog.csdn.net/bytxl/article/details/17763975 +LDAP_AD_ACCOUNT_DISABLE = 2 diff --git a/apps/common/permissions.py b/apps/common/permissions.py index bdc25fe21..8bea6b390 100644 --- a/apps/common/permissions.py +++ b/apps/common/permissions.py @@ -137,6 +137,16 @@ class PermissionsMixin(UserPassesTestMixin): return True +class UserCanUpdatePassword: + def has_permission(self, request, view): + return request.user.can_update_password() + + +class UserCanUpdateSSHKey: + def has_permission(self, request, view): + return request.user.can_update_ssh_key() + + class NeedMFAVerify(permissions.BasePermission): def has_permission(self, request, view): mfa_verify_time = request.session.get('MFA_VERIFY_TIME', 0) diff --git a/apps/common/renders/csv.py b/apps/common/renders/csv.py index 9bd60cfbc..f80498f55 100644 --- a/apps/common/renders/csv.py +++ b/apps/common/renders/csv.py @@ -58,8 +58,8 @@ class JMSCSVRender(BaseRenderer): template = request.query_params.get('template', 'export') view = renderer_context['view'] - if isinstance(data, dict) and data.get("count"): - data = data["results"] + if isinstance(data, dict): + data = data.get("results", []) if template == 'import': data = [data[0]] if data else data diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo index 10f1b3d14..404301ded 100644 Binary files a/apps/locale/zh/LC_MESSAGES/django.mo and b/apps/locale/zh/LC_MESSAGES/django.mo differ diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index 1ab425789..e6ebbd41b 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Jumpserver 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2019-07-18 13:18+0800\n" +"POT-Creation-Date: 2019-07-25 16:16+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: ibuler \n" "Language-Team: Jumpserver team\n" @@ -88,8 +88,8 @@ msgstr "运行参数" #: audits/templates/audits/ftp_log_list.html:71 #: perms/forms/asset_permission.py:69 perms/models/asset_permission.py:78 #: perms/templates/perms/asset_permission_create_update.html:45 -#: perms/templates/perms/asset_permission_list.html:48 -#: perms/templates/perms/asset_permission_list.html:117 +#: perms/templates/perms/asset_permission_list.html:52 +#: perms/templates/perms/asset_permission_list.html:121 #: terminal/backends/command/models.py:13 terminal/models.py:155 #: terminal/templates/terminal/command_list.html:30 #: terminal/templates/terminal/command_list.html:66 @@ -118,9 +118,9 @@ msgstr "资产" #: perms/forms/asset_permission.py:75 perms/models/asset_permission.py:80 #: perms/models/asset_permission.py:114 #: perms/templates/perms/asset_permission_detail.html:140 -#: perms/templates/perms/asset_permission_list.html:50 -#: perms/templates/perms/asset_permission_list.html:71 -#: perms/templates/perms/asset_permission_list.html:123 templates/_nav.html:25 +#: perms/templates/perms/asset_permission_list.html:54 +#: perms/templates/perms/asset_permission_list.html:75 +#: perms/templates/perms/asset_permission_list.html:127 templates/_nav.html:25 #: terminal/backends/command/models.py:14 terminal/models.py:156 #: terminal/templates/terminal/command_list.html:31 #: terminal/templates/terminal/command_list.html:67 @@ -152,8 +152,8 @@ msgstr "系统用户" #: ops/templates/ops/task_detail.html:60 ops/templates/ops/task_list.html:27 #: orgs/models.py:11 perms/models/base.py:35 #: perms/templates/perms/asset_permission_detail.html:62 -#: perms/templates/perms/asset_permission_list.html:45 -#: perms/templates/perms/asset_permission_list.html:64 +#: perms/templates/perms/asset_permission_list.html:49 +#: perms/templates/perms/asset_permission_list.html:68 #: perms/templates/perms/asset_permission_user.html:54 #: perms/templates/perms/remote_app_permission_detail.html:62 #: perms/templates/perms/remote_app_permission_list.html:14 @@ -167,13 +167,13 @@ msgstr "系统用户" #: settings/templates/settings/terminal_setting.html:105 terminal/models.py:22 #: terminal/models.py:258 terminal/templates/terminal/terminal_detail.html:43 #: terminal/templates/terminal/terminal_list.html:29 users/models/group.py:14 -#: users/models/user.py:324 users/templates/users/_select_user_modal.html:13 +#: users/models/user.py:327 users/templates/users/_select_user_modal.html:13 #: users/templates/users/user_detail.html:63 #: users/templates/users/user_group_detail.html:55 #: users/templates/users/user_group_list.html:35 #: users/templates/users/user_list.html:35 #: users/templates/users/user_profile.html:51 -#: users/templates/users/user_pubkey_update.html:53 +#: users/templates/users/user_pubkey_update.html:57 #: xpack/plugins/change_auth_plan/forms.py:98 #: xpack/plugins/change_auth_plan/models.py:61 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:61 @@ -218,7 +218,7 @@ msgstr "参数" #: perms/models/asset_permission.py:117 perms/models/base.py:41 #: perms/templates/perms/asset_permission_detail.html:98 #: perms/templates/perms/remote_app_permission_detail.html:90 -#: users/models/user.py:365 users/serializers/v1.py:120 +#: users/models/user.py:368 users/serializers/v1.py:120 #: users/templates/users/user_detail.html:111 #: xpack/plugins/change_auth_plan/models.py:106 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:113 @@ -279,10 +279,10 @@ msgstr "创建日期" #: perms/templates/perms/remote_app_permission_detail.html:94 #: settings/models.py:34 terminal/models.py:32 #: terminal/templates/terminal/terminal_detail.html:63 users/models/group.py:15 -#: users/models/user.py:357 users/templates/users/user_detail.html:127 +#: users/models/user.py:360 users/templates/users/user_detail.html:129 #: users/templates/users/user_group_detail.html:67 #: users/templates/users/user_group_list.html:37 -#: users/templates/users/user_profile.html:134 +#: users/templates/users/user_profile.html:138 #: xpack/plugins/change_auth_plan/models.py:102 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:117 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_list.html:19 @@ -330,12 +330,12 @@ msgstr "远程应用" #: terminal/templates/terminal/terminal_update.html:45 #: users/templates/users/_user.html:50 #: users/templates/users/user_bulk_update.html:23 -#: users/templates/users/user_detail.html:176 -#: users/templates/users/user_password_update.html:71 -#: users/templates/users/user_profile.html:204 -#: users/templates/users/user_profile_update.html:63 -#: users/templates/users/user_pubkey_update.html:70 -#: users/templates/users/user_pubkey_update.html:76 +#: users/templates/users/user_detail.html:178 +#: users/templates/users/user_password_update.html:75 +#: users/templates/users/user_profile.html:209 +#: users/templates/users/user_profile_update.html:67 +#: users/templates/users/user_pubkey_update.html:74 +#: users/templates/users/user_pubkey_update.html:80 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_create_update.html:71 #: xpack/plugins/cloud/templates/cloud/account_create_update.html:33 #: xpack/plugins/cloud/templates/cloud/sync_instance_task_create.html:35 @@ -373,9 +373,9 @@ msgstr "重置" #: users/templates/users/forgot_password.html:42 #: users/templates/users/user_bulk_update.html:24 #: users/templates/users/user_list.html:57 -#: users/templates/users/user_password_update.html:72 -#: users/templates/users/user_profile_update.html:64 -#: users/templates/users/user_pubkey_update.html:77 +#: users/templates/users/user_password_update.html:76 +#: users/templates/users/user_profile_update.html:68 +#: users/templates/users/user_pubkey_update.html:81 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_create_update.html:72 #: xpack/plugins/interface/templates/interface/interface.html:74 #: xpack/plugins/vault/templates/vault/vault_create.html:46 @@ -393,7 +393,7 @@ msgstr "提交" #: assets/templates/assets/system_user_detail.html:18 #: ops/templates/ops/adhoc_history.html:130 #: ops/templates/ops/task_adhoc.html:116 -#: ops/templates/ops/task_history.html:136 +#: ops/templates/ops/task_history.html:137 #: perms/templates/perms/asset_permission_asset.html:18 #: perms/templates/perms/asset_permission_detail.html:18 #: perms/templates/perms/asset_permission_user.html:18 @@ -410,13 +410,13 @@ msgstr "详情" #: applications/templates/applications/remote_app_detail.html:21 #: applications/templates/applications/remote_app_list.html:56 -#: assets/templates/assets/_asset_user_list.html:70 +#: assets/templates/assets/_asset_user_list.html:69 #: assets/templates/assets/admin_user_detail.html:24 #: assets/templates/assets/admin_user_list.html:26 #: assets/templates/assets/admin_user_list.html:111 #: assets/templates/assets/asset_detail.html:27 #: assets/templates/assets/asset_list.html:78 -#: assets/templates/assets/asset_list.html:169 +#: assets/templates/assets/asset_list.html:168 #: assets/templates/assets/cmd_filter_detail.html:29 #: assets/templates/assets/cmd_filter_list.html:58 #: assets/templates/assets/cmd_filter_rule_list.html:86 @@ -429,7 +429,7 @@ msgstr "详情" #: assets/templates/assets/system_user_list.html:33 #: assets/templates/assets/system_user_list.html:85 audits/models.py:33 #: perms/templates/perms/asset_permission_detail.html:30 -#: perms/templates/perms/asset_permission_list.html:173 +#: perms/templates/perms/asset_permission_list.html:177 #: perms/templates/perms/remote_app_permission_detail.html:30 #: perms/templates/perms/remote_app_permission_list.html:59 #: terminal/templates/terminal/terminal_detail.html:16 @@ -441,9 +441,9 @@ msgstr "详情" #: users/templates/users/user_list.html:20 #: users/templates/users/user_list.html:102 #: users/templates/users/user_list.html:105 -#: users/templates/users/user_profile.html:177 -#: users/templates/users/user_profile.html:187 -#: users/templates/users/user_profile.html:196 +#: users/templates/users/user_profile.html:181 +#: users/templates/users/user_profile.html:191 +#: users/templates/users/user_profile.html:201 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:29 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_list.html:55 #: xpack/plugins/cloud/templates/cloud/account_detail.html:23 @@ -458,7 +458,7 @@ msgstr "更新" #: assets/templates/assets/admin_user_detail.html:28 #: assets/templates/assets/admin_user_list.html:112 #: assets/templates/assets/asset_detail.html:31 -#: assets/templates/assets/asset_list.html:170 +#: assets/templates/assets/asset_list.html:169 #: assets/templates/assets/cmd_filter_detail.html:33 #: assets/templates/assets/cmd_filter_list.html:59 #: assets/templates/assets/cmd_filter_rule_list.html:87 @@ -471,7 +471,7 @@ msgstr "更新" #: assets/templates/assets/system_user_list.html:86 audits/models.py:34 #: ops/templates/ops/task_list.html:64 #: perms/templates/perms/asset_permission_detail.html:34 -#: perms/templates/perms/asset_permission_list.html:174 +#: perms/templates/perms/asset_permission_list.html:178 #: perms/templates/perms/remote_app_permission_detail.html:34 #: perms/templates/perms/remote_app_permission_list.html:60 #: settings/templates/settings/terminal_setting.html:93 @@ -529,8 +529,8 @@ msgstr "创建远程应用" #: ops/templates/ops/task_history.html:65 ops/templates/ops/task_list.html:34 #: perms/forms/asset_permission.py:21 #: perms/templates/perms/asset_permission_create_update.html:50 -#: perms/templates/perms/asset_permission_list.html:52 -#: perms/templates/perms/asset_permission_list.html:126 +#: perms/templates/perms/asset_permission_list.html:56 +#: perms/templates/perms/asset_permission_list.html:130 #: perms/templates/perms/remote_app_permission_list.html:19 #: settings/templates/settings/terminal_setting.html:85 #: settings/templates/settings/terminal_setting.html:107 @@ -657,9 +657,9 @@ msgstr "网域" #: assets/templates/assets/asset_create.html:42 #: perms/forms/asset_permission.py:72 perms/forms/asset_permission.py:79 #: perms/models/asset_permission.py:112 -#: perms/templates/perms/asset_permission_list.html:49 -#: perms/templates/perms/asset_permission_list.html:70 -#: perms/templates/perms/asset_permission_list.html:120 +#: perms/templates/perms/asset_permission_list.html:53 +#: perms/templates/perms/asset_permission_list.html:74 +#: perms/templates/perms/asset_permission_list.html:124 #: xpack/plugins/change_auth_plan/forms.py:116 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_list.html:55 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_list.html:15 @@ -719,11 +719,11 @@ msgstr "SSH网关,支持代理SSH,RDP和VNC" #: audits/templates/audits/login_log_list.html:51 authentication/forms.py:11 #: authentication/templates/authentication/login.html:64 #: authentication/templates/authentication/new_login.html:90 -#: ops/models/adhoc.py:164 perms/templates/perms/asset_permission_list.html:66 +#: ops/models/adhoc.py:164 perms/templates/perms/asset_permission_list.html:70 #: perms/templates/perms/asset_permission_user.html:55 #: perms/templates/perms/remote_app_permission_user.html:54 #: settings/templates/settings/_ldap_list_users_modal.html:37 users/forms.py:14 -#: users/models/user.py:322 users/templates/users/_select_user_modal.html:14 +#: users/models/user.py:325 users/templates/users/_select_user_modal.html:14 #: users/templates/users/user_detail.html:67 #: users/templates/users/user_list.html:36 #: users/templates/users/user_profile.html:47 @@ -751,9 +751,9 @@ msgstr "密码或密钥密码" #: settings/forms.py:110 users/forms.py:16 users/forms.py:28 #: users/templates/users/reset_password.html:53 #: users/templates/users/user_password_authentication.html:18 -#: users/templates/users/user_password_update.html:43 -#: users/templates/users/user_profile_update.html:40 -#: users/templates/users/user_pubkey_update.html:40 +#: users/templates/users/user_password_update.html:44 +#: users/templates/users/user_profile_update.html:41 +#: users/templates/users/user_pubkey_update.html:41 #: users/templates/users/user_update.html:20 #: xpack/plugins/change_auth_plan/models.py:93 #: xpack/plugins/change_auth_plan/models.py:264 @@ -762,7 +762,7 @@ msgstr "密码" #: assets/forms/user.py:29 assets/serializers/asset_user.py:70 #: assets/templates/assets/_asset_user_auth_update_modal.html:27 -#: users/models/user.py:351 +#: users/models/user.py:354 msgid "Private key" msgstr "ssh私钥" @@ -826,7 +826,7 @@ msgstr "IP" #: assets/templates/assets/asset_list.html:96 #: assets/templates/assets/user_asset_list.html:48 #: perms/templates/perms/asset_permission_asset.html:57 -#: perms/templates/perms/asset_permission_list.html:69 settings/forms.py:139 +#: perms/templates/perms/asset_permission_list.html:73 settings/forms.py:139 #: users/templates/users/_granted_assets.html:24 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_asset_list.html:50 msgid "Hostname" @@ -968,7 +968,7 @@ msgstr "带宽" msgid "Contact" msgstr "联系人" -#: assets/models/cluster.py:22 users/models/user.py:343 +#: assets/models/cluster.py:22 users/models/user.py:346 #: users/templates/users/user_detail.html:76 msgid "Phone" msgstr "手机" @@ -994,7 +994,7 @@ msgid "Default" msgstr "默认" #: assets/models/cluster.py:36 assets/models/label.py:14 -#: users/models/user.py:451 +#: users/models/user.py:454 msgid "System" msgstr "系统" @@ -1104,8 +1104,8 @@ msgstr "默认资产组" #: perms/forms/asset_permission.py:63 perms/forms/remote_app_permission.py:31 #: perms/models/base.py:36 #: perms/templates/perms/asset_permission_create_update.html:41 -#: perms/templates/perms/asset_permission_list.html:46 -#: perms/templates/perms/asset_permission_list.html:111 +#: perms/templates/perms/asset_permission_list.html:50 +#: perms/templates/perms/asset_permission_list.html:115 #: perms/templates/perms/remote_app_permission_create_update.html:43 #: perms/templates/perms/remote_app_permission_list.html:15 #: templates/index.html:87 terminal/backends/command/models.py:12 @@ -1113,9 +1113,9 @@ msgstr "默认资产组" #: terminal/templates/terminal/command_list.html:65 #: terminal/templates/terminal/session_list.html:27 #: terminal/templates/terminal/session_list.html:71 users/forms.py:316 -#: users/models/user.py:121 users/models/user.py:439 +#: users/models/user.py:124 users/models/user.py:442 #: users/serializers/v1.py:109 users/templates/users/user_group_detail.html:78 -#: users/templates/users/user_group_list.html:36 users/views/user.py:251 +#: users/templates/users/user_group_list.html:36 users/views/user.py:243 #: xpack/plugins/orgs/forms.py:26 #: xpack/plugins/orgs/templates/orgs/org_detail.html:113 #: xpack/plugins/orgs/templates/orgs/org_list.html:14 @@ -1153,9 +1153,9 @@ msgstr "手动登录" #: assets/templates/assets/system_user_detail.html:22 #: assets/views/admin_user.py:30 assets/views/admin_user.py:49 #: assets/views/admin_user.py:67 assets/views/admin_user.py:84 -#: assets/views/admin_user.py:109 assets/views/asset.py:40 -#: assets/views/asset.py:57 assets/views/asset.py:106 assets/views/asset.py:133 -#: assets/views/asset.py:173 assets/views/asset.py:203 +#: assets/views/admin_user.py:109 assets/views/asset.py:38 +#: assets/views/asset.py:55 assets/views/asset.py:104 assets/views/asset.py:131 +#: assets/views/asset.py:171 assets/views/asset.py:203 #: assets/views/cmd_filter.py:31 assets/views/cmd_filter.py:48 #: assets/views/cmd_filter.py:66 assets/views/cmd_filter.py:84 #: assets/views/cmd_filter.py:104 assets/views/cmd_filter.py:138 @@ -1220,11 +1220,11 @@ msgid "Backend" msgstr "后端" #: assets/serializers/asset_user.py:66 users/forms.py:263 -#: users/models/user.py:354 users/templates/users/first_login.html:42 -#: users/templates/users/user_password_update.html:46 -#: users/templates/users/user_profile.html:68 -#: users/templates/users/user_profile_update.html:43 -#: users/templates/users/user_pubkey_update.html:43 +#: users/models/user.py:357 users/templates/users/first_login.html:42 +#: users/templates/users/user_password_update.html:49 +#: users/templates/users/user_profile.html:69 +#: users/templates/users/user_profile_update.html:46 +#: users/templates/users/user_pubkey_update.html:46 msgid "Public key" msgstr "ssh公钥" @@ -1237,7 +1237,7 @@ msgstr "暂不支持OPENSSH格式的密钥,使用 ssh-keygen -t rsa -m pem生 msgid "private key invalid" msgstr "密钥不合法" -#: assets/serializers/node.py:32 +#: assets/serializers/node.py:33 msgid "The same level node name cannot be the same" msgstr "同级别节点名字不能重复" @@ -1375,7 +1375,7 @@ msgstr "启用MFA" msgid "Import assets" msgstr "导入资产" -#: assets/templates/assets/_asset_list_modal.html:7 assets/views/asset.py:41 +#: assets/templates/assets/_asset_list_modal.html:7 assets/views/asset.py:39 #: templates/_nav.html:22 xpack/plugins/change_auth_plan/views.py:116 msgid "Asset list" msgstr "资产列表" @@ -1395,8 +1395,8 @@ msgstr "请输入密码" #: assets/templates/assets/_asset_user_auth_update_modal.html:68 #: assets/templates/assets/asset_detail.html:307 -#: users/templates/users/user_detail.html:307 -#: users/templates/users/user_detail.html:334 +#: users/templates/users/user_detail.html:311 +#: users/templates/users/user_detail.html:338 #: xpack/plugins/interface/views.py:35 msgid "Update successfully!" msgstr "更新成功" @@ -1435,11 +1435,11 @@ msgstr "日期" msgid "Test datetime: " msgstr "测试日期: " -#: assets/templates/assets/_asset_user_list.html:69 +#: assets/templates/assets/_asset_user_list.html:68 msgid "View" msgstr "查看" -#: assets/templates/assets/_asset_user_list.html:71 +#: assets/templates/assets/_asset_user_list.html:70 #: assets/templates/assets/admin_user_assets.html:61 #: assets/templates/assets/asset_asset_user_list.html:57 #: assets/templates/assets/asset_detail.html:178 @@ -1448,7 +1448,7 @@ msgstr "查看" msgid "Test" msgstr "测试" -#: assets/templates/assets/_asset_user_list.html:72 +#: assets/templates/assets/_asset_user_list.html:71 #: assets/templates/assets/system_user_assets.html:72 #: assets/templates/assets/system_user_detail.html:142 msgid "Push" @@ -1478,19 +1478,19 @@ msgstr "重命名节点" msgid "Delete node" msgstr "删除节点" -#: assets/templates/assets/_node_tree.html:154 +#: assets/templates/assets/_node_tree.html:160 msgid "Create node failed" msgstr "创建节点失败" -#: assets/templates/assets/_node_tree.html:166 +#: assets/templates/assets/_node_tree.html:172 msgid "Have child node, cancel" msgstr "存在子节点,不能删除" -#: assets/templates/assets/_node_tree.html:168 +#: assets/templates/assets/_node_tree.html:174 msgid "Have assets, cancel" msgstr "存在资产,不能删除" -#: assets/templates/assets/_node_tree.html:242 +#: assets/templates/assets/_node_tree.html:248 msgid "Rename success" msgstr "重命名成功" @@ -1577,7 +1577,7 @@ msgstr "选择节点" #: assets/templates/assets/admin_user_detail.html:100 #: assets/templates/assets/asset_detail.html:207 -#: assets/templates/assets/asset_list.html:387 +#: assets/templates/assets/asset_list.html:386 #: assets/templates/assets/cmd_filter_detail.html:106 #: assets/templates/assets/system_user_assets.html:100 #: assets/templates/assets/system_user_detail.html:182 @@ -1585,10 +1585,10 @@ msgstr "选择节点" #: authentication/templates/authentication/_mfa_confirm_modal.html:20 #: settings/templates/settings/terminal_setting.html:168 #: templates/_modal.html:23 terminal/templates/terminal/session_detail.html:108 -#: users/templates/users/user_detail.html:388 -#: users/templates/users/user_detail.html:414 -#: users/templates/users/user_detail.html:437 -#: users/templates/users/user_detail.html:482 +#: users/templates/users/user_detail.html:392 +#: users/templates/users/user_detail.html:418 +#: users/templates/users/user_detail.html:441 +#: users/templates/users/user_detail.html:486 #: users/templates/users/user_group_create_update.html:32 #: users/templates/users/user_group_list.html:119 #: users/templates/users/user_list.html:255 @@ -1640,8 +1640,8 @@ msgstr "创建管理用户" #: assets/templates/assets/admin_user_list.html:162 #: assets/templates/assets/admin_user_list.html:193 -#: assets/templates/assets/asset_list.html:268 -#: assets/templates/assets/asset_list.html:305 +#: assets/templates/assets/asset_list.html:267 +#: assets/templates/assets/asset_list.html:304 #: assets/templates/assets/system_user_list.html:192 #: assets/templates/assets/system_user_list.html:223 #: users/templates/users/user_group_list.html:163 @@ -1653,7 +1653,7 @@ msgid "Please select file" msgstr "选择文件" #: assets/templates/assets/asset_asset_user_list.html:16 -#: assets/templates/assets/asset_detail.html:23 assets/views/asset.py:58 +#: assets/templates/assets/asset_detail.html:23 assets/views/asset.py:56 msgid "Asset user list" msgstr "资产用户列表" @@ -1664,8 +1664,8 @@ msgstr "资产用户" #: assets/templates/assets/asset_asset_user_list.html:47 #: assets/templates/assets/asset_detail.html:144 #: terminal/templates/terminal/session_detail.html:81 -#: users/templates/users/user_detail.html:138 -#: users/templates/users/user_profile.html:146 +#: users/templates/users/user_detail.html:140 +#: users/templates/users/user_profile.html:150 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:128 #: xpack/plugins/license/templates/license/license_detail.html:102 msgid "Quick modify" @@ -1691,7 +1691,7 @@ msgstr "硬盘" #: assets/templates/assets/asset_detail.html:128 #: users/templates/users/user_detail.html:115 -#: users/templates/users/user_profile.html:104 +#: users/templates/users/user_profile.html:106 msgid "Date joined" msgstr "创建日期" @@ -1703,7 +1703,7 @@ msgstr "创建日期" #: perms/templates/perms/remote_app_permission_detail.html:112 #: terminal/templates/terminal/terminal_list.html:34 #: users/templates/users/_select_user_modal.html:18 -#: users/templates/users/user_detail.html:144 +#: users/templates/users/user_detail.html:146 #: users/templates/users/user_profile.html:63 msgid "Active" msgstr "激活中" @@ -1725,7 +1725,7 @@ msgstr "" "左侧是资产树,右击可以新建、删除、更改树节点,授权资产也是以节点方式组织的," "右侧是属于该节点下的资产" -#: assets/templates/assets/asset_list.html:61 assets/views/asset.py:107 +#: assets/templates/assets/asset_list.html:61 assets/views/asset.py:105 msgid "Create asset" msgstr "创建资产" @@ -1757,51 +1757,51 @@ msgstr "禁用所选" msgid "Active selected" msgstr "激活所选" -#: assets/templates/assets/asset_list.html:191 +#: assets/templates/assets/asset_list.html:190 msgid "Add assets to node" msgstr "添加资产到节点" -#: assets/templates/assets/asset_list.html:192 +#: assets/templates/assets/asset_list.html:191 msgid "Move assets to node" msgstr "移动资产到节点" -#: assets/templates/assets/asset_list.html:194 +#: assets/templates/assets/asset_list.html:193 msgid "Refresh node hardware info" msgstr "更新节点资产硬件信息" -#: assets/templates/assets/asset_list.html:195 +#: assets/templates/assets/asset_list.html:194 msgid "Test node connective" msgstr "测试节点资产可连接性" -#: assets/templates/assets/asset_list.html:197 +#: assets/templates/assets/asset_list.html:196 msgid "Display only current node assets" msgstr "仅显示当前节点资产" -#: assets/templates/assets/asset_list.html:198 +#: assets/templates/assets/asset_list.html:197 msgid "Displays all child node assets" msgstr "显示所有子节点资产" -#: assets/templates/assets/asset_list.html:381 +#: assets/templates/assets/asset_list.html:380 #: assets/templates/assets/system_user_list.html:133 -#: users/templates/users/user_detail.html:382 -#: users/templates/users/user_detail.html:408 -#: users/templates/users/user_detail.html:476 +#: users/templates/users/user_detail.html:386 +#: users/templates/users/user_detail.html:412 +#: users/templates/users/user_detail.html:480 #: users/templates/users/user_group_list.html:113 #: users/templates/users/user_list.html:249 #: xpack/plugins/interface/templates/interface/interface.html:97 msgid "Are you sure?" msgstr "你确认吗?" -#: assets/templates/assets/asset_list.html:382 +#: assets/templates/assets/asset_list.html:381 msgid "This will delete the selected assets !!!" msgstr "删除选择资产" -#: assets/templates/assets/asset_list.html:385 +#: assets/templates/assets/asset_list.html:384 #: assets/templates/assets/system_user_list.html:137 #: settings/templates/settings/terminal_setting.html:166 -#: users/templates/users/user_detail.html:386 -#: users/templates/users/user_detail.html:412 -#: users/templates/users/user_detail.html:480 +#: users/templates/users/user_detail.html:390 +#: users/templates/users/user_detail.html:416 +#: users/templates/users/user_detail.html:484 #: users/templates/users/user_group_create_update.html:31 #: users/templates/users/user_group_list.html:117 #: users/templates/users/user_list.html:253 @@ -1810,16 +1810,16 @@ msgstr "删除选择资产" msgid "Cancel" msgstr "取消" -#: assets/templates/assets/asset_list.html:398 +#: assets/templates/assets/asset_list.html:397 msgid "Asset Deleted." msgstr "已被删除" -#: assets/templates/assets/asset_list.html:399 -#: assets/templates/assets/asset_list.html:403 +#: assets/templates/assets/asset_list.html:398 +#: assets/templates/assets/asset_list.html:402 msgid "Asset Delete" msgstr "删除" -#: assets/templates/assets/asset_list.html:402 +#: assets/templates/assets/asset_list.html:401 msgid "Asset Deleting failed." msgstr "删除失败" @@ -2024,19 +2024,19 @@ msgstr "管理用户列表" msgid "Admin user detail" msgstr "管理用户详情" -#: assets/views/asset.py:70 templates/_nav_user.html:4 +#: assets/views/asset.py:68 templates/_nav_user.html:4 msgid "My assets" msgstr "我的资产" -#: assets/views/asset.py:134 +#: assets/views/asset.py:132 msgid "Update asset" msgstr "更新资产" -#: assets/views/asset.py:146 +#: assets/views/asset.py:144 msgid "Bulk update asset success" msgstr "批量更新资产成功" -#: assets/views/asset.py:174 +#: assets/views/asset.py:172 msgid "Bulk update asset" msgstr "批量更新资产" @@ -2131,7 +2131,7 @@ msgstr "文件名" #: audits/templates/audits/ftp_log_list.html:76 #: ops/templates/ops/command_execution_list.html:65 #: ops/templates/ops/task_list.html:31 -#: users/templates/users/user_detail.html:458 +#: users/templates/users/user_detail.html:462 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_subtask_list.html:14 #: xpack/plugins/cloud/api.py:62 msgid "Success" @@ -2206,7 +2206,7 @@ msgstr "Agent" #: audits/models.py:99 audits/templates/audits/login_log_list.html:56 #: authentication/templates/authentication/_mfa_confirm_modal.html:14 -#: users/forms.py:175 users/models/user.py:346 +#: users/forms.py:175 users/models/user.py:349 #: users/templates/users/first_login.html:45 msgid "MFA" msgstr "MFA" @@ -2493,7 +2493,7 @@ msgstr "" #: authentication/templates/authentication/login_otp.html:46 #: users/templates/users/user_detail.html:91 -#: users/templates/users/user_profile.html:85 +#: users/templates/users/user_profile.html:87 msgid "MFA certification" msgstr "MFA认证" @@ -2516,7 +2516,7 @@ msgid "Six figures" msgstr "6位数字" #: authentication/templates/authentication/login_otp.html:67 -#: users/templates/users/first_login.html:105 +#: users/templates/users/first_login.html:108 #: users/templates/users/user_otp_authentication.html:26 #: users/templates/users/user_otp_enable_bind.html:29 #: users/templates/users/user_otp_enable_install_app.html:26 @@ -2536,8 +2536,8 @@ msgstr "欢迎回来,请输入用户名和密码登录" msgid "Please enable cookies and try again." msgstr "设置你的浏览器支持cookie" -#: authentication/views/login.py:172 users/views/user.py:399 -#: users/views/user.py:424 +#: authentication/views/login.py:172 users/views/user.py:386 +#: users/views/user.py:411 msgid "MFA code invalid, or ntp sync server time" msgstr "MFA验证码不正确,或者服务器端时间不对" @@ -2988,23 +2988,23 @@ msgstr "命令执行" msgid "Organization" msgstr "组织" -#: perms/api/mixin.py:142 +#: perms/api/mixin.py:148 msgid "ungrouped" msgstr "未分组" -#: perms/api/mixin.py:147 +#: perms/api/mixin.py:153 msgid "empty" msgstr "空" #: perms/forms/asset_permission.py:66 perms/forms/remote_app_permission.py:34 #: perms/models/asset_permission.py:113 perms/models/base.py:37 -#: perms/templates/perms/asset_permission_list.html:47 -#: perms/templates/perms/asset_permission_list.html:67 -#: perms/templates/perms/asset_permission_list.html:114 +#: perms/templates/perms/asset_permission_list.html:51 +#: perms/templates/perms/asset_permission_list.html:71 +#: perms/templates/perms/asset_permission_list.html:118 #: perms/templates/perms/remote_app_permission_list.html:16 #: templates/_nav.html:14 users/forms.py:286 users/models/group.py:26 -#: users/models/user.py:330 users/templates/users/_select_user_modal.html:16 -#: users/templates/users/user_detail.html:213 +#: users/models/user.py:333 users/templates/users/_select_user_modal.html:16 +#: users/templates/users/user_detail.html:217 #: users/templates/users/user_list.html:38 #: xpack/plugins/orgs/templates/orgs/org_list.html:15 msgid "User group" @@ -3052,8 +3052,8 @@ msgstr "资产授权" #: perms/models/asset_permission.py:116 perms/models/base.py:40 #: perms/templates/perms/asset_permission_detail.html:90 #: perms/templates/perms/remote_app_permission_detail.html:82 -#: users/models/user.py:362 users/templates/users/user_detail.html:107 -#: users/templates/users/user_profile.html:116 +#: users/models/user.py:365 users/templates/users/user_detail.html:107 +#: users/templates/users/user_profile.html:120 msgid "Date expired" msgstr "失效日期" @@ -3104,7 +3104,7 @@ msgid "Add node to this permission" msgstr "添加节点" #: perms/templates/perms/asset_permission_asset.html:112 -#: users/templates/users/user_detail.html:230 +#: users/templates/users/user_detail.html:234 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_asset_list.html:121 msgid "Join" msgstr "加入" @@ -3147,8 +3147,12 @@ msgstr "选择系统用户" msgid "Create permission" msgstr "创建授权规则" -#: perms/templates/perms/asset_permission_list.html:51 -#: perms/templates/perms/asset_permission_list.html:65 +#: perms/templates/perms/asset_permission_list.html:42 +msgid "Refresh permission cache" +msgstr "刷新授权缓存" + +#: perms/templates/perms/asset_permission_list.html:55 +#: perms/templates/perms/asset_permission_list.html:69 #: perms/templates/perms/remote_app_permission_list.html:18 #: users/templates/users/user_list.html:40 xpack/plugins/cloud/models.py:53 #: xpack/plugins/cloud/templates/cloud/account_detail.html:58 @@ -3156,6 +3160,10 @@ msgstr "创建授权规则" msgid "Validity" msgstr "有效" +#: perms/templates/perms/asset_permission_list.html:244 +msgid "Refresh success" +msgstr "刷新成功" + #: perms/templates/perms/asset_permission_user.html:35 #: perms/templates/perms/remote_app_permission_user.html:34 msgid "User list of " @@ -3198,9 +3206,9 @@ msgstr "添加用户" msgid "Add user group to this permission" msgstr "添加用户组" -#: perms/views/asset_permission.py:33 perms/views/asset_permission.py:64 -#: perms/views/asset_permission.py:81 perms/views/asset_permission.py:98 -#: perms/views/asset_permission.py:135 perms/views/asset_permission.py:169 +#: perms/views/asset_permission.py:34 perms/views/asset_permission.py:65 +#: perms/views/asset_permission.py:82 perms/views/asset_permission.py:99 +#: perms/views/asset_permission.py:136 perms/views/asset_permission.py:173 #: perms/views/remote_app_permission.py:33 #: perms/views/remote_app_permission.py:49 #: perms/views/remote_app_permission.py:66 @@ -3211,27 +3219,27 @@ msgstr "添加用户组" msgid "Perms" msgstr "权限管理" -#: perms/views/asset_permission.py:34 +#: perms/views/asset_permission.py:35 msgid "Asset permission list" msgstr "资产授权列表" -#: perms/views/asset_permission.py:65 +#: perms/views/asset_permission.py:66 msgid "Create asset permission" msgstr "创建权限规则" -#: perms/views/asset_permission.py:82 +#: perms/views/asset_permission.py:83 msgid "Update asset permission" msgstr "更新资产授权" -#: perms/views/asset_permission.py:99 +#: perms/views/asset_permission.py:100 msgid "Asset permission detail" msgstr "资产授权详情" -#: perms/views/asset_permission.py:136 +#: perms/views/asset_permission.py:137 msgid "Asset permission user list" msgstr "资产授权用户列表" -#: perms/views/asset_permission.py:170 +#: perms/views/asset_permission.py:174 msgid "Asset permission asset list" msgstr "资产授权资产列表" @@ -3598,7 +3606,7 @@ msgid "Please submit the LDAP configuration before import" msgstr "请先提交LDAP配置再进行导入" #: settings/templates/settings/_ldap_list_users_modal.html:39 -#: users/models/user.py:326 users/templates/users/user_detail.html:71 +#: users/models/user.py:329 users/templates/users/user_detail.html:71 #: users/templates/users/user_profile.html:59 msgid "Email" msgstr "邮件" @@ -3792,11 +3800,11 @@ msgstr "删除失败" msgid "Are you sure about deleting it?" msgstr "您确定删除吗?" -#: settings/utils.py:84 +#: settings/utils.py:90 msgid "Search no entry matched in ou {}" msgstr "在ou:{}中没有匹配条目" -#: settings/utils.py:112 +#: settings/utils.py:120 msgid "The user source is not LDAP" msgstr "用户来源不是LDAP" @@ -3837,8 +3845,8 @@ msgstr "商业支持" #: users/templates/users/user_password_update.html:40 #: users/templates/users/user_profile.html:17 #: users/templates/users/user_profile_update.html:37 -#: users/templates/users/user_profile_update.html:57 -#: users/templates/users/user_pubkey_update.html:37 users/views/user.py:232 +#: users/templates/users/user_profile_update.html:61 +#: users/templates/users/user_pubkey_update.html:37 users/views/user.py:224 msgid "Profile" msgstr "个人信息" @@ -3928,13 +3936,13 @@ msgstr "" #: templates/_nav.html:10 users/views/group.py:28 users/views/group.py:45 #: users/views/group.py:63 users/views/group.py:81 users/views/group.py:98 -#: users/views/login.py:154 users/views/user.py:68 users/views/user.py:85 -#: users/views/user.py:129 users/views/user.py:196 users/views/user.py:218 -#: users/views/user.py:270 users/views/user.py:311 +#: users/views/login.py:154 users/views/user.py:60 users/views/user.py:77 +#: users/views/user.py:121 users/views/user.py:188 users/views/user.py:210 +#: users/views/user.py:263 users/views/user.py:298 msgid "Users" msgstr "用户管理" -#: templates/_nav.html:13 users/views/user.py:69 +#: templates/_nav.html:13 users/views/user.py:61 msgid "User list" msgstr "用户列表" @@ -4253,7 +4261,7 @@ msgstr "参数" msgid "Export command" msgstr "导出命令" -#: terminal/templates/terminal/command_list.html:189 +#: terminal/templates/terminal/command_list.html:191 msgid "Goto" msgstr "转到" @@ -4381,7 +4389,7 @@ msgstr "你没有权限" msgid "Could not reset self otp, use profile reset instead" msgstr "不能再该页面重置MFA, 请去个人信息页面重置" -#: users/forms.py:33 users/models/user.py:334 +#: users/forms.py:33 users/models/user.py:337 #: users/templates/users/_select_user_modal.html:15 #: users/templates/users/user_detail.html:87 #: users/templates/users/user_list.html:37 @@ -4390,6 +4398,7 @@ msgid "Role" msgstr "角色" #: users/forms.py:36 users/forms.py:233 +#: users/templates/users/user_update.html:30 msgid "ssh public key" msgstr "ssh公钥" @@ -4401,7 +4410,7 @@ msgstr "" msgid "Paste user id_rsa.pub here." msgstr "复制用户公钥到这里" -#: users/forms.py:52 users/templates/users/user_detail.html:221 +#: users/forms.py:52 users/templates/users/user_detail.html:225 msgid "Join user groups" msgstr "添加到用户组" @@ -4413,7 +4422,7 @@ msgstr "不能和原来的密钥相同" msgid "Not a valid ssh public key" msgstr "ssh密钥不合法" -#: users/forms.py:104 users/views/login.py:114 users/views/user.py:293 +#: users/forms.py:104 users/views/login.py:114 users/views/user.py:280 msgid "* Your password does not meet the requirements" msgstr "* 您的密码不符合要求" @@ -4435,16 +4444,16 @@ msgstr "密码策略" #: users/forms.py:160 msgid "" -"Tip: when enabled, you will enter the MFA binding process the next time you " -"log in. you can also directly bind in \"personal information -> quick " +"When enabled, you will enter the MFA binding process the next time you log " +"in. you can also directly bind in \"personal information -> quick " "modification -> change MFA Settings\"!" msgstr "" -"提示:启用之后您将会在下次登录时进入MFA绑定流程;您也可以在(个人信息->快速修" -"改->更改MFA设置)中直接绑定!" +"启用之后您将会在下次登录时进入MFA绑定流程;您也可以在(个人信息->快速修改->更" +"改MFA设置)中直接绑定!" #: users/forms.py:170 msgid "* Enable MFA authentication to make the account more secure." -msgstr "* 启用MFA认证,使账号更加安全." +msgstr "* 启用MFA认证,使账号更加安全。" #: users/forms.py:180 msgid "" @@ -4456,8 +4465,8 @@ msgstr "" "设置复杂密码,启用MFA认证)" #: users/forms.py:187 users/templates/users/first_login.html:48 -#: users/templates/users/first_login.html:107 -#: users/templates/users/first_login.html:130 +#: users/templates/users/first_login.html:110 +#: users/templates/users/first_login.html:139 msgid "Finish" msgstr "完成" @@ -4495,56 +4504,56 @@ msgid "Select users" msgstr "选择用户" #: users/models/user.py:50 users/templates/users/user_update.html:22 -#: users/views/login.py:46 users/views/login.py:107 users/views/user.py:283 +#: users/views/login.py:46 users/views/login.py:107 msgid "User auth from {}, go there change password" msgstr "用户认证源来自 {}, 请去相应系统修改密码" -#: users/models/user.py:120 users/models/user.py:447 +#: users/models/user.py:123 users/models/user.py:450 msgid "Administrator" msgstr "管理员" -#: users/models/user.py:122 +#: users/models/user.py:125 msgid "Application" msgstr "应用程序" -#: users/models/user.py:123 +#: users/models/user.py:126 msgid "Auditor" msgstr "审计员" -#: users/models/user.py:281 users/templates/users/user_profile.html:92 -#: users/templates/users/user_profile.html:159 -#: users/templates/users/user_profile.html:162 +#: users/models/user.py:284 users/templates/users/user_profile.html:94 +#: users/templates/users/user_profile.html:163 +#: users/templates/users/user_profile.html:166 msgid "Disable" msgstr "禁用" -#: users/models/user.py:282 users/templates/users/user_profile.html:90 -#: users/templates/users/user_profile.html:166 +#: users/models/user.py:285 users/templates/users/user_profile.html:92 +#: users/templates/users/user_profile.html:170 msgid "Enable" msgstr "启用" -#: users/models/user.py:283 users/templates/users/user_profile.html:88 +#: users/models/user.py:286 users/templates/users/user_profile.html:90 msgid "Force enable" msgstr "强制启用" -#: users/models/user.py:337 +#: users/models/user.py:340 msgid "Avatar" msgstr "头像" -#: users/models/user.py:340 users/templates/users/user_detail.html:82 +#: users/models/user.py:343 users/templates/users/user_detail.html:82 msgid "Wechat" msgstr "微信" -#: users/models/user.py:369 users/templates/users/user_detail.html:103 +#: users/models/user.py:372 users/templates/users/user_detail.html:103 #: users/templates/users/user_list.html:39 -#: users/templates/users/user_profile.html:100 +#: users/templates/users/user_profile.html:102 msgid "Source" msgstr "用户来源" -#: users/models/user.py:373 +#: users/models/user.py:376 msgid "Date password last updated" msgstr "最后更新密码日期" -#: users/models/user.py:450 +#: users/models/user.py:453 msgid "Administrator is the super user of system" msgstr "Administrator是初始的超级管理员" @@ -4597,7 +4606,7 @@ msgid "Security token validation" msgstr "安全令牌验证" #: users/templates/users/_base_otp.html:44 users/templates/users/_user.html:13 -#: users/templates/users/user_profile_update.html:51 +#: users/templates/users/user_profile_update.html:55 #: xpack/plugins/cloud/models.py:120 #: xpack/plugins/cloud/templates/cloud/sync_instance_task_detail.html:57 #: xpack/plugins/cloud/templates/cloud/sync_instance_task_list.html:13 @@ -4634,7 +4643,7 @@ msgid "Import users" msgstr "导入用户" #: users/templates/users/_user_update_modal.html:4 -#: users/templates/users/user_update.html:4 users/views/user.py:130 +#: users/templates/users/user_update.html:4 users/views/user.py:122 msgid "Update user" msgstr "更新用户" @@ -4655,7 +4664,12 @@ msgstr "我同意条款和条件" msgid "Please choose the terms and conditions." msgstr "请选择同意条款和条件" -#: users/templates/users/first_login.html:101 +#: users/templates/users/first_login.html:77 +#: users/templates/users/user_update.html:32 +msgid "User auth from {}, ssh key login is not supported" +msgstr "用户认证源来自 {}, 不支持使用 SSH Key 登录" + +#: users/templates/users/first_login.html:104 msgid "Previous" msgstr "上一步" @@ -4707,20 +4721,20 @@ msgid "Always young, always with tears in my eyes. Stay foolish Stay hungry" msgstr "永远年轻,永远热泪盈眶 stay foolish stay hungry" #: users/templates/users/reset_password.html:46 -#: users/templates/users/user_detail.html:373 users/utils.py:88 +#: users/templates/users/user_detail.html:377 users/utils.py:88 msgid "Reset password" msgstr "重置密码" #: users/templates/users/reset_password.html:59 #: users/templates/users/user_create.html:13 -#: users/templates/users/user_password_update.html:61 +#: users/templates/users/user_password_update.html:65 #: users/templates/users/user_update.html:13 msgid "Your password must satisfy" msgstr "您的密码必须满足:" #: users/templates/users/reset_password.html:60 #: users/templates/users/user_create.html:14 -#: users/templates/users/user_password_update.html:62 +#: users/templates/users/user_password_update.html:66 #: users/templates/users/user_update.html:14 msgid "Password strength" msgstr "密码强度:" @@ -4731,53 +4745,53 @@ msgstr "再次输入密码" #: users/templates/users/reset_password.html:105 #: users/templates/users/user_create.html:33 -#: users/templates/users/user_password_update.html:99 -#: users/templates/users/user_update.html:46 +#: users/templates/users/user_password_update.html:103 +#: users/templates/users/user_update.html:55 msgid "Very weak" msgstr "很弱" #: users/templates/users/reset_password.html:106 #: users/templates/users/user_create.html:34 -#: users/templates/users/user_password_update.html:100 -#: users/templates/users/user_update.html:47 +#: users/templates/users/user_password_update.html:104 +#: users/templates/users/user_update.html:56 msgid "Weak" msgstr "弱" #: users/templates/users/reset_password.html:107 #: users/templates/users/user_create.html:35 -#: users/templates/users/user_password_update.html:101 -#: users/templates/users/user_update.html:48 +#: users/templates/users/user_password_update.html:105 +#: users/templates/users/user_update.html:57 msgid "Normal" msgstr "正常" #: users/templates/users/reset_password.html:108 #: users/templates/users/user_create.html:36 -#: users/templates/users/user_password_update.html:102 -#: users/templates/users/user_update.html:49 +#: users/templates/users/user_password_update.html:106 +#: users/templates/users/user_update.html:58 msgid "Medium" msgstr "一般" #: users/templates/users/reset_password.html:109 #: users/templates/users/user_create.html:37 -#: users/templates/users/user_password_update.html:103 -#: users/templates/users/user_update.html:50 +#: users/templates/users/user_password_update.html:107 +#: users/templates/users/user_update.html:59 msgid "Strong" msgstr "强" #: users/templates/users/reset_password.html:110 #: users/templates/users/user_create.html:38 -#: users/templates/users/user_password_update.html:104 -#: users/templates/users/user_update.html:51 +#: users/templates/users/user_password_update.html:108 +#: users/templates/users/user_update.html:60 msgid "Very strong" msgstr "很强" #: users/templates/users/user_create.html:4 -#: users/templates/users/user_list.html:28 users/views/user.py:86 +#: users/templates/users/user_list.html:28 users/views/user.py:78 msgid "Create user" msgstr "创建用户" #: users/templates/users/user_detail.html:19 -#: users/templates/users/user_granted_asset.html:18 users/views/user.py:197 +#: users/templates/users/user_granted_asset.html:18 users/views/user.py:189 msgid "User detail" msgstr "用户详情" @@ -4793,85 +4807,85 @@ msgid "Force enabled" msgstr "强制启用" #: users/templates/users/user_detail.html:119 -#: users/templates/users/user_profile.html:108 +#: users/templates/users/user_profile.html:110 msgid "Last login" msgstr "最后登录" -#: users/templates/users/user_detail.html:123 -#: users/templates/users/user_profile.html:112 +#: users/templates/users/user_detail.html:124 +#: users/templates/users/user_profile.html:115 msgid "Last password updated" msgstr "最后更新密码" -#: users/templates/users/user_detail.html:158 +#: users/templates/users/user_detail.html:160 msgid "Force enabled MFA" msgstr "强制启用MFA" -#: users/templates/users/user_detail.html:173 +#: users/templates/users/user_detail.html:175 msgid "Reset MFA" msgstr "重置MFA" -#: users/templates/users/user_detail.html:182 +#: users/templates/users/user_detail.html:184 msgid "Send reset password mail" msgstr "发送重置密码邮件" -#: users/templates/users/user_detail.html:185 -#: users/templates/users/user_detail.html:194 +#: users/templates/users/user_detail.html:187 +#: users/templates/users/user_detail.html:197 msgid "Send" msgstr "发送" -#: users/templates/users/user_detail.html:191 +#: users/templates/users/user_detail.html:194 msgid "Send reset ssh key mail" msgstr "发送重置密钥邮件" -#: users/templates/users/user_detail.html:199 -#: users/templates/users/user_detail.html:461 +#: users/templates/users/user_detail.html:203 +#: users/templates/users/user_detail.html:465 msgid "Unblock user" msgstr "解除登录限制" -#: users/templates/users/user_detail.html:202 +#: users/templates/users/user_detail.html:206 msgid "Unblock" msgstr "解除" -#: users/templates/users/user_detail.html:316 +#: users/templates/users/user_detail.html:320 msgid "Goto profile page enable MFA" msgstr "请去个人信息页面启用自己的MFA" -#: users/templates/users/user_detail.html:372 +#: users/templates/users/user_detail.html:376 msgid "An e-mail has been sent to the user`s mailbox." msgstr "已发送邮件到用户邮箱" -#: users/templates/users/user_detail.html:383 +#: users/templates/users/user_detail.html:387 msgid "This will reset the user password and send a reset mail" msgstr "将失效用户当前密码,并发送重设密码邮件到用户邮箱" -#: users/templates/users/user_detail.html:398 +#: users/templates/users/user_detail.html:402 msgid "" "The reset-ssh-public-key E-mail has been sent successfully. Please inform " "the user to update his new ssh public key." msgstr "重设密钥邮件将会发送到用户邮箱" -#: users/templates/users/user_detail.html:399 +#: users/templates/users/user_detail.html:403 msgid "Reset SSH public key" msgstr "重置SSH密钥" -#: users/templates/users/user_detail.html:409 +#: users/templates/users/user_detail.html:413 msgid "This will reset the user public key and send a reset mail" msgstr "将会失效用户当前密钥,并发送重置邮件到用户邮箱" -#: users/templates/users/user_detail.html:427 +#: users/templates/users/user_detail.html:431 msgid "Successfully updated the SSH public key." msgstr "更新ssh密钥成功" -#: users/templates/users/user_detail.html:428 #: users/templates/users/user_detail.html:432 +#: users/templates/users/user_detail.html:436 msgid "User SSH public key update" msgstr "ssh密钥" -#: users/templates/users/user_detail.html:477 +#: users/templates/users/user_detail.html:481 msgid "After unlocking the user, the user can log in normally." msgstr "解除用户登录限制后,此用户即可正常登录" -#: users/templates/users/user_detail.html:491 +#: users/templates/users/user_detail.html:495 msgid "Reset user MFA success" msgstr "重置用户MFA成功" @@ -4973,51 +4987,51 @@ msgid "" "installed, go to the next step directly)." msgstr "安装完成后点击下一步进入绑定页面(如已安装,直接进入下一步" -#: users/templates/users/user_profile.html:95 +#: users/templates/users/user_profile.html:97 msgid "Administrator Settings force MFA login" msgstr "管理员设置强制使用MFA登录" -#: users/templates/users/user_profile.html:120 +#: users/templates/users/user_profile.html:124 msgid "User groups" msgstr "用户组" -#: users/templates/users/user_profile.html:152 +#: users/templates/users/user_profile.html:156 msgid "Set MFA" msgstr "设置MFA" -#: users/templates/users/user_profile.html:174 +#: users/templates/users/user_profile.html:178 msgid "Update password" msgstr "更改密码" -#: users/templates/users/user_profile.html:184 +#: users/templates/users/user_profile.html:188 msgid "Update MFA" msgstr "更改MFA" -#: users/templates/users/user_profile.html:193 +#: users/templates/users/user_profile.html:198 msgid "Update SSH public key" msgstr "更改SSH密钥" -#: users/templates/users/user_profile.html:201 +#: users/templates/users/user_profile.html:206 msgid "Reset public key and download" msgstr "重置并下载SSH密钥" -#: users/templates/users/user_pubkey_update.html:51 +#: users/templates/users/user_pubkey_update.html:55 msgid "Old public key" msgstr "原来ssh密钥" -#: users/templates/users/user_pubkey_update.html:59 +#: users/templates/users/user_pubkey_update.html:63 msgid "Fingerprint" msgstr "指纹" -#: users/templates/users/user_pubkey_update.html:65 +#: users/templates/users/user_pubkey_update.html:69 msgid "Update public key" msgstr "更新密钥" -#: users/templates/users/user_pubkey_update.html:68 +#: users/templates/users/user_pubkey_update.html:72 msgid "Or reset by server" msgstr "或者重置并下载密钥" -#: users/templates/users/user_pubkey_update.html:94 +#: users/templates/users/user_pubkey_update.html:98 msgid "" "The new public key has been set successfully, Please download the " "corresponding private key." @@ -5256,47 +5270,47 @@ msgstr "密码不一致" msgid "First login" msgstr "首次登录" -#: users/views/user.py:148 +#: users/views/user.py:140 msgid "Bulk update user success" msgstr "批量更新用户成功" -#: users/views/user.py:176 +#: users/views/user.py:168 msgid "Bulk update user" msgstr "批量更新用户" -#: users/views/user.py:219 +#: users/views/user.py:211 msgid "User granted assets" msgstr "用户授权资产" -#: users/views/user.py:252 +#: users/views/user.py:244 msgid "Profile setting" msgstr "个人信息设置" -#: users/views/user.py:271 +#: users/views/user.py:264 msgid "Password update" msgstr "密码更新" -#: users/views/user.py:312 +#: users/views/user.py:299 msgid "Public key update" msgstr "密钥更新" -#: users/views/user.py:354 +#: users/views/user.py:341 msgid "Password invalid" msgstr "用户名或密码无效" -#: users/views/user.py:454 +#: users/views/user.py:441 msgid "MFA enable success" msgstr "MFA 绑定成功" -#: users/views/user.py:455 +#: users/views/user.py:442 msgid "MFA enable success, return login page" msgstr "MFA 绑定成功,返回到登录页面" -#: users/views/user.py:457 +#: users/views/user.py:444 msgid "MFA disable success" msgstr "MFA 解绑成功" -#: users/views/user.py:458 +#: users/views/user.py:445 msgid "MFA disable success, return login page" msgstr "MFA 解绑成功,返回登录页面" diff --git a/apps/perms/api/user_permission.py b/apps/perms/api/user_permission.py index f9aff53b8..993cf602b 100644 --- a/apps/perms/api/user_permission.py +++ b/apps/perms/api/user_permission.py @@ -9,13 +9,15 @@ from rest_framework.generics import ( ) from rest_framework.pagination import LimitOffsetPagination -from common.permissions import IsValidUser, IsOrgAdminOrAppUser +from common.permissions import IsValidUser, IsOrgAdminOrAppUser, IsOrgAdmin from common.tree import TreeNodeSerializer from common.utils import get_logger from ..utils import ( AssetPermissionUtil, ParserNode, ) -from .mixin import UserPermissionCacheMixin, GrantAssetsMixin, NodesWithUngroupMixin +from .mixin import ( + UserPermissionCacheMixin, GrantAssetsMixin, NodesWithUngroupMixin +) from .. import const from ..hands import User, Asset, Node, SystemUser, NodeSerializer from .. import serializers @@ -29,6 +31,7 @@ __all__ = [ 'UserGrantedNodesWithAssetsApi', 'UserGrantedNodeAssetsApi', 'ValidateUserAssetPermissionApi', 'UserGrantedNodesAsTreeApi', 'UserGrantedNodesWithAssetsAsTreeApi', 'GetUserAssetPermissionActionsApi', + 'RefreshAssetPermissionCacheApi' ] @@ -365,3 +368,12 @@ class GetUserAssetPermissionActionsApi(UserPermissionCacheMixin, RetrieveAPIView actions = asset["system_users"].get(system_id, 0) break return {"actions": actions} + + +class RefreshAssetPermissionCacheApi(RetrieveAPIView): + permission_classes = (IsOrgAdmin,) + + def retrieve(self, request, *args, **kwargs): + # expire all cache + AssetPermissionUtil.expire_all_cache() + return Response({'msg': True}, status=200) diff --git a/apps/perms/templates/perms/asset_permission_list.html b/apps/perms/templates/perms/asset_permission_list.html index 3336afe2c..122635763 100644 --- a/apps/perms/templates/perms/asset_permission_list.html +++ b/apps/perms/templates/perms/asset_permission_list.html @@ -33,10 +33,14 @@
-
- - {% trans "Create permission" %} - +
+ + +
@@ -232,6 +236,14 @@ $(document).ready(function(){ .replace('{{ DEFAULT_PK }}', uid); objectDelete($this, name, the_url); }) +.on('click', '.refresh-asset-permission-cache', function () { + var the_url = "{% url 'api-perms:refresh-asset-permission-cache' %}"; + requestApi({ + url: the_url, + method: 'GET', + success_message: "{% trans 'Refresh success' %}" + }); +}) .on('click', '.btn-create-permission', function () { var url = "{% url 'perms:asset-permission-create' %}"; var nodes = zTree.getSelectedNodes(); diff --git a/apps/perms/urls/api_urls.py b/apps/perms/urls/api_urls.py index 093692a15..e6b6fba43 100644 --- a/apps/perms/urls/api_urls.py +++ b/apps/perms/urls/api_urls.py @@ -57,6 +57,9 @@ asset_permission_urlpatterns = [ # 验证用户是否有某个资产和系统用户的权限 path('asset-permissions/user/validate/', api.ValidateUserAssetPermissionApi.as_view(), name='validate-user-asset-permission'), path('asset-permissions/user/actions/', api.GetUserAssetPermissionActionsApi.as_view(), name='get-user-asset-permission-actions'), + + # 刷新缓存 + path('asset-permissions/user/cache/refresh/', api.RefreshAssetPermissionCacheApi.as_view(), name='refresh-asset-permission-cache'), ] diff --git a/apps/perms/utils/asset_permission.py b/apps/perms/utils/asset_permission.py index 05669e152..42c4060e8 100644 --- a/apps/perms/utils/asset_permission.py +++ b/apps/perms/utils/asset_permission.py @@ -414,15 +414,12 @@ class AssetPermissionCacheMixin: cache.delete_pattern(key) self.expire_cache_meta() - @classmethod - def expire_all_cache_meta(cls): - key = cls.CACHE_META_KEY_PREFIX + '*' - cache.delete_pattern(key) - @classmethod def expire_all_cache(cls): key = cls.CACHE_KEY_PREFIX + '*' cache.delete_pattern(key) + meta_key = cls.CACHE_META_KEY_PREFIX + '*' + cache.delete_pattern(meta_key) class AssetPermissionUtil(AssetPermissionCacheMixin): diff --git a/apps/settings/utils.py b/apps/settings/utils.py index adcd2c839..232224dcc 100644 --- a/apps/settings/utils.py +++ b/apps/settings/utils.py @@ -7,6 +7,7 @@ from django.utils.translation import ugettext_lazy as _ from users.models import User from users.utils import construct_user_email from common.utils import get_logger +from common.const import LDAP_AD_ACCOUNT_DISABLE from .models import settings @@ -70,7 +71,12 @@ class LDAPUtil: for attr, mapping in self.attr_map.items(): if not hasattr(entry, mapping): continue - user_item[attr] = getattr(entry, mapping).value or '' + value = getattr(entry, mapping).value or '' + if mapping.lower() == 'useraccountcontrol' and attr == 'is_active'\ + and value: + value = int(value) & LDAP_AD_ACCOUNT_DISABLE \ + != LDAP_AD_ACCOUNT_DISABLE + user_item[attr] = value return user_item def search_user_items(self): @@ -102,7 +108,9 @@ class LDAPUtil: if not hasattr(user, field): continue if isinstance(getattr(user, field), bool): - value = value.lower() in ['true', 1] + if isinstance(value, str): + value = value.lower() + value = value in ['true', 1, True] setattr(user, field, value) user.save() diff --git a/apps/users/forms.py b/apps/users/forms.py index 96357c7b5..44044c434 100644 --- a/apps/users/forms.py +++ b/apps/users/forms.py @@ -157,7 +157,7 @@ UserProfileForm.verbose_name = _("Profile") class UserMFAForm(forms.ModelForm): mfa_description = _( - 'Tip: when enabled, ' + 'When enabled, ' 'you will enter the MFA binding process the next time you log in. ' 'you can also directly bind in ' '"personal information -> quick modification -> change MFA Settings"!') diff --git a/apps/users/models/user.py b/apps/users/models/user.py index 88abe4dd3..f6c083c56 100644 --- a/apps/users/models/user.py +++ b/apps/users/models/user.py @@ -54,6 +54,9 @@ class AuthMixin: def can_update_password(self): return self.is_local + def can_update_ssh_key(self): + return self.is_local + def check_otp(self, code): from ..utils import check_otp_code return check_otp_code(self.otp_secret_key, code) diff --git a/apps/users/templates/users/first_login.html b/apps/users/templates/users/first_login.html index 9687949d1..1038fb8c8 100644 --- a/apps/users/templates/users/first_login.html +++ b/apps/users/templates/users/first_login.html @@ -73,14 +73,17 @@ {% endif %} - {% bootstrap_form wizard.form %} + {% if wizard.steps.current == '1' and not request.user.can_update_ssh_key %} + {% trans 'User auth from {}, ssh key login is not supported' %} + {% else %} + {% bootstrap_form wizard.form %} + {% endif %} {% if form.mfa_description %} {{ form.mfa_description }} {% endif %} - {% if form.pubkey_description %} - 或者: + {% if form.pubkey_description and request.user.can_update_ssh_key %} {{ form.pubkey_description }} {% endif %} @@ -121,26 +124,33 @@ {% block custom_foot_js %} {% endblock %} diff --git a/apps/users/templates/users/user_detail.html b/apps/users/templates/users/user_detail.html index 929d7def4..b39671a73 100644 --- a/apps/users/templates/users/user_detail.html +++ b/apps/users/templates/users/user_detail.html @@ -119,10 +119,12 @@ + {% if user_object.can_update_password %} + {% endif %} @@ -187,6 +189,7 @@ {% endif %} + {% if user_object.can_update_ssh_key %} + {% endif %} + {% if user.can_update_ssh_key %}
{% trans 'Last login' %}: {{ user_object.last_login|date:"Y-m-j H:i:s" }}
{% trans 'Last password updated' %}: {{ user_object.date_password_last_updated|date:"Y-m-j H:i:s" }}
{% trans 'Comment' %}: {{ user_object.comment }}
{% trans 'Send reset ssh key mail' %}: @@ -195,6 +198,7 @@
{% trans 'Unblock user' %} diff --git a/apps/users/templates/users/user_password_update.html b/apps/users/templates/users/user_password_update.html index 8056edb87..7148dd622 100644 --- a/apps/users/templates/users/user_password_update.html +++ b/apps/users/templates/users/user_password_update.html @@ -39,12 +39,16 @@
  • {% trans 'Profile' %}
    • + {% if request.user.can_update_password %}
  • {% trans 'Password' %}
    • + {% endif %} + {% if request.user.can_update_ssh_key %}
  • {% trans 'Public key' %}
    • + {% endif %}
    diff --git a/apps/users/templates/users/user_profile.html b/apps/users/templates/users/user_profile.html index 7a06df4c9..9c6644baa 100644 --- a/apps/users/templates/users/user_profile.html +++ b/apps/users/templates/users/user_profile.html @@ -64,6 +64,7 @@
    		{{ user.is_active|yesno:"Yes,No,Unkown" }}
    {% trans 'Public key' %} @@ -81,6 +82,7 @@
    + {% endif %} {% trans 'MFA certification' %} @@ -108,10 +110,12 @@ {% trans 'Last login' %} {{ user.last_login|date:"Y-m-d H:i:s" }} + {% if user.can_update_password %} {% trans 'Last password updated' %} {{ user.date_password_last_updated|date:"Y-m-d H:i:s" }} + {% endif %} {% trans 'Date expired' %} {{ user.date_expired|date:"Y-m-d H:i:s" }} @@ -189,6 +193,7 @@ {% endif %} + {% if request.user.can_update_ssh_key %} {% trans 'Update SSH public key' %}: @@ -205,6 +210,7 @@ + {% endif %}
    diff --git a/apps/users/templates/users/user_profile_update.html b/apps/users/templates/users/user_profile_update.html index 15ba795f5..e59edeccc 100644 --- a/apps/users/templates/users/user_profile_update.html +++ b/apps/users/templates/users/user_profile_update.html @@ -36,12 +36,16 @@
  • {% trans 'Profile' %}
    • + {% if request.user.can_update_password %}
  • {% trans 'Password' %}
    • + {% endif %} + {% if request.user.can_update_ssh_key %}
  • {% trans 'Public key' %}
    • + {% endif %}
    diff --git a/apps/users/templates/users/user_pubkey_update.html b/apps/users/templates/users/user_pubkey_update.html index e90e51659..4ab03f01c 100644 --- a/apps/users/templates/users/user_pubkey_update.html +++ b/apps/users/templates/users/user_pubkey_update.html @@ -36,12 +36,16 @@
  • {% trans 'Profile' %}
    • + {% if request.user.can_update_password %}
  • {% trans 'Password' %}
    • + {% endif %} + {% if request.user.can_update_ssh_key %}
  • {% trans 'Public key' %}
    • + {% endif %}
    diff --git a/apps/users/templates/users/user_update.html b/apps/users/templates/users/user_update.html index 67c7c155c..182ec88aa 100644 --- a/apps/users/templates/users/user_update.html +++ b/apps/users/templates/users/user_update.html @@ -23,7 +23,16 @@
    {% endif %} + {% if object.can_update_ssh_key %} {% bootstrap_field form.public_key layout="horizontal" %} + {% else %} +
    + +
    + {% trans 'User auth from {}, ssh key login is not supported' %} +
    +
    + {% endif %} {% endblock %} {% block custom_foot_js %} @@ -77,9 +86,13 @@ function passwordCheck() { $(document).ready(function(){ passwordCheck(); - var origin_text = $("#password_help_text").text(); - var new_text = origin_text.replace('{}', "{{ object.source_display }}"); - $("#password_help_text").html(new_text); + var origin_password_text = $("#password_help_text").text(); + var new_password_text = origin_password_text.replace('{}', "{{ object.source_display }}"); + $("#password_help_text").html(new_password_text); + + var origin_ssh_key_text = $("#ssh_key_help_text").text(); + var new_ssh_key_text = origin_ssh_key_text.replace('{}', "{{ object.source_display }}"); + $("#ssh_key_help_text").html(new_ssh_key_text) }) .on("submit", "form", function (evt) { diff --git a/apps/users/utils.py b/apps/users/utils.py index 60f6dfbee..662ddedec 100644 --- a/apps/users/utils.py +++ b/apps/users/utils.py @@ -198,7 +198,7 @@ def check_user_valid(**kwargs): if password and authenticate(username=username, password=password): return user, '' - if public_key and user.public_key: + if public_key and user.public_key and user.is_local: public_key_saved = user.public_key.split() if len(public_key_saved) == 1: if public_key == public_key_saved[0]: diff --git a/apps/users/views/user.py b/apps/users/views/user.py index ea599225e..1a8c25f2e 100644 --- a/apps/users/views/user.py +++ b/apps/users/views/user.py @@ -2,40 +2,32 @@ from __future__ import unicode_literals -import json -import uuid -import csv -import codecs -import chardet -from io import StringIO from django.contrib import messages -from django.contrib.auth import authenticate, login as auth_login +from django.contrib.auth import authenticate from django.contrib.messages.views import SuccessMessageMixin from django.core.cache import cache from django.conf import settings -from django.http import HttpResponse, JsonResponse +from django.http import HttpResponse from django.shortcuts import redirect from django.urls import reverse_lazy, reverse -from django.utils import timezone from django.utils.translation import ugettext as _ -from django.utils.decorators import method_decorator from django.views import View from django.views.generic.base import TemplateView -from django.db import transaction from django.views.generic.edit import ( CreateView, UpdateView, FormView ) from django.views.generic.detail import DetailView -from django.views.decorators.csrf import csrf_exempt from django.contrib.auth import logout as auth_logout from common.const import ( create_success_msg, update_success_msg, KEY_CACHE_RESOURCES_ID ) -from common.mixins import JSONResponseMixin -from common.utils import get_logger, get_object_or_none, is_uuid, ssh_key_gen -from common.permissions import PermissionsMixin, IsOrgAdmin, IsValidUser +from common.utils import get_logger, ssh_key_gen +from common.permissions import ( + PermissionsMixin, IsOrgAdmin, IsValidUser, + UserCanUpdatePassword, UserCanUpdateSSHKey, +) from orgs.utils import current_org from .. import forms from ..models import User, UserGroup @@ -260,6 +252,7 @@ class UserPasswordUpdateView(PermissionsMixin, UpdateView): model = User form_class = forms.UserPasswordForm success_url = reverse_lazy('users:user-profile') + permission_classes = [IsValidUser, UserCanUpdatePassword] def get_object(self, queryset=None): return self.request.user @@ -279,12 +272,6 @@ class UserPasswordUpdateView(PermissionsMixin, UpdateView): return super().get_success_url() def form_valid(self, form): - if not self.request.user.can_update_password(): - error = _("User auth from {}, go there change password").format( - self.request.source_display - ) - form.add_error("password", error) - return self.form_invalid(form) password = form.cleaned_data.get('new_password') is_ok = check_password_rules(password) if not is_ok: @@ -300,7 +287,7 @@ class UserPublicKeyUpdateView(PermissionsMixin, UpdateView): template_name = 'users/user_pubkey_update.html' model = User form_class = forms.UserPublicKeyForm - permission_classes = [IsValidUser] + permission_classes = [IsValidUser, UserCanUpdateSSHKey] success_url = reverse_lazy('users:user-profile') def get_object(self, queryset=None):