github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: fixed an issue where auth backend could pass inspect

pull/14620/head
Bai 2024-12-09 14:13:44 +08:00 committed by 老广
parent 3796af78a6
commit 817957dbac
9 changed files with 42 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
apps/authentication/backends/custom.py
View File

@ -5,7 +5,7 @@ from django.utils.translation import gettext_lazy as _
from authentication.signals import user_auth_failed, user_auth_success from authentication.signals import user_auth_failed, user_auth_success
from common.utils import get_logger from common.utils import get_logger
from .base import JMSModelBackend from .base import JMSBaseAuthBackend
logger = get_logger(__file__) logger = get_logger(__file__)
@ -20,9 +20,10 @@ if settings.AUTH_CUSTOM:
logger.warning('Import custom auth method failed: {}, Maybe not enabled'.format(e)) logger.warning('Import custom auth method failed: {}, Maybe not enabled'.format(e))
class CustomAuthBackend(JMSModelBackend): class CustomAuthBackend(JMSBaseAuthBackend):
def is_enabled(self): @staticmethod
def is_enabled():
return settings.AUTH_CUSTOM and callable(custom_authenticate_method) return settings.AUTH_CUSTOM and callable(custom_authenticate_method)
@staticmethod @staticmethod
@ -35,10 +36,10 @@ class CustomAuthBackend(JMSModelBackend):
) )
return user, created return user, created
def authenticate(self, request, username=None, password=None, **kwargs): def authenticate(self, request, username=None, password=None):
try: try:
userinfo: dict = custom_authenticate_method( userinfo: dict = custom_authenticate_method(
username=username, password=password, **kwargs username=username, password=password
) )
user, created = self.get_or_create_user_from_userinfo(userinfo) user, created = self.get_or_create_user_from_userinfo(userinfo)
except Exception as e: except Exception as e:

6
apps/authentication/backends/oauth2/backends.py
View File

@ -18,7 +18,7 @@ from common.exceptions import JMSException
from .signals import ( from .signals import (
oauth2_create_or_update_user oauth2_create_or_update_user
) )
from ..base import JMSModelBackend from ..base import JMSBaseAuthBackend
__all__ = ['OAuth2Backend'] __all__ = ['OAuth2Backend']
@ -26,7 +26,7 @@ __all__ = ['OAuth2Backend']
logger = get_logger(__name__) logger = get_logger(__name__)
class OAuth2Backend(JMSModelBackend): class OAuth2Backend(JMSBaseAuthBackend):
@staticmethod @staticmethod
def is_enabled(): def is_enabled():
return settings.AUTH_OAUTH2 return settings.AUTH_OAUTH2
@ -68,7 +68,7 @@ class OAuth2Backend(JMSModelBackend):
response_data = response_data['data'] response_data = response_data['data']
return response_data return response_data
def authenticate(self, request, code=None, **kwargs): def authenticate(self, request, code=None):
log_prompt = "Process authenticate [OAuth2Backend]: {}" log_prompt = "Process authenticate [OAuth2Backend]: {}"
logger.debug(log_prompt.format('Start')) logger.debug(log_prompt.format('Start'))
if code is None: if code is None:

8
apps/authentication/backends/oidc/backends.py
View File

@ -86,7 +86,7 @@ class OIDCAuthCodeBackend(OIDCBaseBackend):
""" """
@ssl_verification @ssl_verification
def authenticate(self, request, nonce=None, code_verifier=None, **kwargs): def authenticate(self, request, nonce=None, code_verifier=None):
""" Authenticates users in case of the OpenID Connect Authorization code flow. """ """ Authenticates users in case of the OpenID Connect Authorization code flow. """
log_prompt = "Process authenticate [OIDCAuthCodeBackend]: {}" log_prompt = "Process authenticate [OIDCAuthCodeBackend]: {}"
logger.debug(log_prompt.format('start')) logger.debug(log_prompt.format('start'))
@ -233,15 +233,15 @@ class OIDCAuthCodeBackend(OIDCBaseBackend):
class OIDCAuthPasswordBackend(OIDCBaseBackend): class OIDCAuthPasswordBackend(OIDCBaseBackend):
@ssl_verification @ssl_verification
def authenticate(self, request, username=None, password=None, **kwargs): def authenticate(self, request, username=None, password=None):
try: try:
return self._authenticate(request, username, password, **kwargs) return self._authenticate(request, username, password)
except Exception as e: except Exception as e:
error = f'Authenticate exception: {e}' error = f'Authenticate exception: {e}'
logger.error(error, exc_info=True) logger.error(error, exc_info=True)
return return
def _authenticate(self, request, username=None, password=None, **kwargs): def _authenticate(self, request, username=None, password=None):
""" """
https://oauth.net/2/ https://oauth.net/2/
https://aaronparecki.com/oauth-2-simplified/#password https://aaronparecki.com/oauth-2-simplified/#password

3
apps/authentication/backends/oidc/decorator.py
View File

@ -4,7 +4,9 @@
import warnings import warnings
import contextlib import contextlib
import requests import requests
import inspect
from functools import wraps
from django.conf import settings from django.conf import settings
from urllib3.exceptions import InsecureRequestWarning from urllib3.exceptions import InsecureRequestWarning
@ -52,6 +54,7 @@ def no_ssl_verification():
def ssl_verification(func): def ssl_verification(func):
@wraps(func)
def wrapper(*args, **kwargs): def wrapper(*args, **kwargs):
if not settings.AUTH_OPENID_IGNORE_SSL_VERIFICATION: if not settings.AUTH_OPENID_IGNORE_SSL_VERIFICATION:
return func(*args, **kwargs) return func(*args, **kwargs)

4
apps/authentication/backends/radius/backends.py
View File

@ -51,10 +51,10 @@ class RadiusBaseBackend(CreateUserMixin, JMSBaseAuthBackend):
class RadiusBackend(RadiusBaseBackend, RADIUSBackend): class RadiusBackend(RadiusBaseBackend, RADIUSBackend):
def authenticate(self, request, username='', password='', **kwargs): def authenticate(self, request, username='', password=''):
return super().authenticate(request, username=username, password=password) return super().authenticate(request, username=username, password=password)
class RadiusRealmBackend(RadiusBaseBackend, RADIUSRealmBackend): class RadiusRealmBackend(RadiusBaseBackend, RADIUSRealmBackend):
def authenticate(self, request, username='', password='', realm=None, **kwargs): def authenticate(self, request, username='', password='', realm=None):
return super().authenticate(request, username=username, password=password, realm=realm) return super().authenticate(request, username=username, password=password, realm=realm)

6
apps/authentication/backends/saml2/backends.py
View File

@ -10,14 +10,14 @@ from .signals import (
saml2_create_or_update_user saml2_create_or_update_user
) )
from authentication.signals import user_auth_failed, user_auth_success from authentication.signals import user_auth_failed, user_auth_success
from ..base import JMSModelBackend from ..base import JMSBaseAuthBackend
__all__ = ['SAML2Backend'] __all__ = ['SAML2Backend']
logger = get_logger(__name__) logger = get_logger(__name__)
class SAML2Backend(JMSModelBackend): class SAML2Backend(JMSBaseAuthBackend):
@staticmethod @staticmethod
def is_enabled(): def is_enabled():
return settings.AUTH_SAML2 return settings.AUTH_SAML2
@ -42,7 +42,7 @@ class SAML2Backend(JMSModelBackend):
) )
return user, created return user, created
def authenticate(self, request, saml_user_data=None, **kwargs): def authenticate(self, request, saml_user_data=None):
log_prompt = "Process authenticate [SAML2Backend]: {}" log_prompt = "Process authenticate [SAML2Backend]: {}"
logger.debug(log_prompt.format('Start')) logger.debug(log_prompt.format('Start'))
if saml_user_data is None: if saml_user_data is None:

50
apps/authentication/backends/sso.py
View File

@ -1,57 +1,41 @@
from django.conf import settings from django.conf import settings
from .base import JMSModelBackend from .base import JMSBaseAuthBackend
class SSOAuthentication(JMSModelBackend): class SSOAuthentication(JMSBaseAuthBackend):
"""
什么也不做呀😺
"""
@staticmethod @staticmethod
def is_enabled(): def is_enabled():
return settings.AUTH_SSO return settings.AUTH_SSO
def authenticate(self, request, sso_token=None, **kwargs): def authenticate(self):
pass pass
class WeComAuthentication(JMSModelBackend): class WeComAuthentication(JMSBaseAuthBackend):
"""
什么也不做呀😺
"""
@staticmethod @staticmethod
def is_enabled(): def is_enabled():
return settings.AUTH_WECOM return settings.AUTH_WECOM
def authenticate(self, request, **kwargs): def authenticate(self):
pass pass
class DingTalkAuthentication(JMSModelBackend): class DingTalkAuthentication(JMSBaseAuthBackend):
"""
什么也不做呀😺
"""
@staticmethod @staticmethod
def is_enabled(): def is_enabled():
return settings.AUTH_DINGTALK return settings.AUTH_DINGTALK
def authenticate(self, request, **kwargs): def authenticate(self):
pass pass
class FeiShuAuthentication(JMSModelBackend): class FeiShuAuthentication(JMSBaseAuthBackend):
"""
什么也不做呀😺
"""
@staticmethod @staticmethod
def is_enabled(): def is_enabled():
return settings.AUTH_FEISHU return settings.AUTH_FEISHU
def authenticate(self, request, **kwargs): def authenticate(self):
pass pass
@ -61,23 +45,15 @@ class LarkAuthentication(FeiShuAuthentication):
return settings.AUTH_LARK return settings.AUTH_LARK
class SlackAuthentication(JMSModelBackend): class SlackAuthentication(JMSBaseAuthBackend):
"""
什么也不做呀😺
"""
@staticmethod @staticmethod
def is_enabled(): def is_enabled():
return settings.AUTH_SLACK return settings.AUTH_SLACK
def authenticate(self, request, **kwargs): def authenticate(self):
pass pass
class AuthorizationTokenAuthentication(JMSModelBackend): class AuthorizationTokenAuthentication(JMSBaseAuthBackend):
""" def authenticate(self):
什么也不做呀😺
"""
def authenticate(self, request, **kwargs):
pass pass

13
apps/authentication/backends/token.py
View File

@ -3,13 +3,17 @@ from django.conf import settings
from django.core.exceptions import PermissionDenied from django.core.exceptions import PermissionDenied
from authentication.models import TempToken from authentication.models import TempToken
from .base import JMSModelBackend from .base import JMSBaseAuthBackend
class TempTokenAuthBackend(JMSModelBackend): class TempTokenAuthBackend(JMSBaseAuthBackend):
model = TempToken model = TempToken
def authenticate(self, request, username='', password='', *args, **kwargs): @staticmethod
def is_enabled():
return settings.AUTH_TEMP_TOKEN
def authenticate(self, request, username='', password=''):
token = self.model.objects.filter(username=username, secret=password).first() token = self.model.objects.filter(username=username, secret=password).first()
if not token: if not token:
return None return None
@ -21,6 +25,3 @@ class TempTokenAuthBackend(JMSModelBackend):
token.save() token.save()
return token.user return token.user
@staticmethod
def is_enabled():
return settings.AUTH_TEMP_TOKEN

2
apps/rbac/backends.py
View File

@ -9,7 +9,7 @@ class RBACBackend(JMSBaseAuthBackend):
def is_enabled(): def is_enabled():
return True return True
def authenticate(self, *args, **kwargs): def authenticate(self):
return None return None
def username_allow_authenticate(self, username): def username_allow_authenticate(self, username):