diff --git a/apps/authentication/api/connection_token.py b/apps/authentication/api/connection_token.py index ef69890e5..acf8dea84 100644 --- a/apps/authentication/api/connection_token.py +++ b/apps/authentication/api/connection_token.py @@ -18,6 +18,7 @@ from rest_framework.viewsets import GenericViewSet from rest_framework.decorators import action from rest_framework.exceptions import PermissionDenied from rest_framework import serializers +from django.conf import settings from applications.models import Application from authentication.signals import post_auth_failed @@ -361,23 +362,7 @@ class TokenCacheMixin: """ endpoint smart view 用到此类来解析token中的资产、应用 """ CACHE_KEY_PREFIX = 'CONNECTION_TOKEN_{}' - def get_token_cache_key(self, token): - return self.CACHE_KEY_PREFIX.format(token) - - def get_token_ttl(self, token): - key = self.get_token_cache_key(token) - return cache.ttl(key) - - def set_token_to_cache(self, token, value, ttl=5 * 60): - key = self.get_token_cache_key(token) - cache.set(key, value, timeout=ttl) - - def get_token_from_cache(self, token): - key = self.get_token_cache_key(token) - value = cache.get(key, None) - return value - - def renewal_token(self, token, ttl=5 * 60): + def renewal_token(self, token, ttl=None): value = self.get_token_from_cache(token) if value: pre_ttl = self.get_token_ttl(token) @@ -394,6 +379,23 @@ class TokenCacheMixin: } return data + def get_token_ttl(self, token): + key = self.get_token_cache_key(token) + return cache.ttl(key) + + def set_token_to_cache(self, token, value, ttl=None): + key = self.get_token_cache_key(token) + ttl = ttl or settings.CONNECTION_TOKEN_EXPIRATION + cache.set(key, value, timeout=ttl) + + def get_token_from_cache(self, token): + key = self.get_token_cache_key(token) + value = cache.get(key, None) + return value + + def get_token_cache_key(self, token): + return self.CACHE_KEY_PREFIX.format(token) + class BaseUserConnectionTokenViewSet( RootOrgViewMixin, SerializerMixin, ClientProtocolMixin, @@ -415,7 +417,7 @@ class BaseUserConnectionTokenViewSet( raise PermissionDenied(error) return True - def create_token(self, user, asset, application, system_user, ttl=5 * 60): + def create_token(self, user, asset, application, system_user, ttl=None): self.check_resource_permission(user, asset, application, system_user) token = random_string(36) secret = random_string(16) diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index 85c3b4598..93aa46806 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -161,6 +161,7 @@ class Config(dict): 'SESSION_COOKIE_AGE': 3600 * 24, 'SESSION_EXPIRE_AT_BROWSER_CLOSE': False, 'LOGIN_URL': reverse_lazy('authentication:login'), + 'CONNECTION_TOKEN_EXPIRATION': 5 * 60, # Custom Config # Auth LDAP settings diff --git a/apps/jumpserver/settings/auth.py b/apps/jumpserver/settings/auth.py index 010e92f31..2a293cb48 100644 --- a/apps/jumpserver/settings/auth.py +++ b/apps/jumpserver/settings/auth.py @@ -149,6 +149,8 @@ AUTH_TEMP_TOKEN = CONFIG.AUTH_TEMP_TOKEN # Other setting TOKEN_EXPIRATION = CONFIG.TOKEN_EXPIRATION OTP_IN_RADIUS = CONFIG.OTP_IN_RADIUS +# Connection token +CONNECTION_TOKEN_EXPIRATION = CONFIG.CONNECTION_TOKEN_EXPIRATION RBAC_BACKEND = 'rbac.backends.RBACBackend'