[Update] Merge it

apps/assets/api/domain.py

@@ -44,4 +44,4 @@ class GatewayTestConnectionApi(SingleObjectMixin, APIView):
         if ok:
             return Response("ok")
         else:
-            return Response({"failed": e}, status=404)
+            return Response({"error": e}, status=400)

apps/assets/backends/base.py

@@ -38,6 +38,9 @@ class AssetUserQuerySet(list):
             if len(v) == 0:
                 return self
             if k.find("__in") >= 0:
+                _k = k.split('__')[0]
+                in_kwargs[_k] = v
+            else:
                 in_kwargs[k] = v
         for k in in_kwargs:
             kwargs.pop(k)
@@ -45,17 +48,16 @@ class AssetUserQuerySet(list):
         if len(in_kwargs) == 0:
             return self
         for i in self:
-            matched = True
+            matched = False
             for k, v in in_kwargs.items():
-                key = k.split('__')[0]
-                attr = getattr(i, key, None)
+                attr = getattr(i, k, None)
                 # 如果属性或者value中是uuid,则转换成string
                 if isinstance(v[0], uuid.UUID):
                     v = [str(i) for i in v]
                 if isinstance(attr, uuid.UUID):
                     attr = str(attr)
-                if attr not in v:
-                    matched = False
+                if v in attr:
+                    matched = True
             if matched:
                 queryset.append(i)
         return AssetUserQuerySet(queryset)

apps/assets/models/domain.py

@@ -3,9 +3,9 @@
 
 import uuid
 import random
+import re
 
 import paramiko
-
 from django.db import models
 from django.utils.translation import ugettext_lazy as _
 
@@ -63,6 +63,9 @@ class Gateway(AssetUser):
     def test_connective(self, local_port=None):
         if local_port is None:
             local_port = self.port
+        if not re.match(r'\w+$', self.password):
+            return False, _("Password should not contain special characters")
+
         client = paramiko.SSHClient()
         client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
         proxy = paramiko.SSHClient()

apps/assets/templates/assets/domain_gateway_list.html

@@ -139,7 +139,7 @@ $(document).ready(function(){
         method: "POST",
         body: JSON.stringify({'port': parseInt(data.port)}),
         success_message: "{% trans 'Can be connected' %}",
-        fail_message: "{% trans 'The connection fails' %}"
+        {#fail_message: "{% trans 'The connection fails' %}"#}
      })
 });
 </script>

apps/locale/zh/LC_MESSAGES/django.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Jumpserver 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2019-11-19 10:29+0800\n"
+"POT-Creation-Date: 2019-11-20 12:02+0800\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: Jumpserver team<ibuler@qq.com>\n"
@@ -144,7 +144,7 @@ msgstr "资产"
 #: settings/templates/settings/terminal_setting.html:105 terminal/models.py:23
 #: terminal/models.py:260 terminal/templates/terminal/terminal_detail.html:43
 #: terminal/templates/terminal/terminal_list.html:29 users/forms.py:162
-#: users/models/group.py:14 users/models/user.py:428
+#: users/models/group.py:14 users/models/user.py:429
 #: users/templates/users/_select_user_modal.html:13
 #: users/templates/users/user_detail.html:63
 #: users/templates/users/user_group_detail.html:55
@@ -198,7 +198,7 @@ msgstr "参数"
 #: orgs/models.py:16 perms/models/base.py:54
 #: perms/templates/perms/asset_permission_detail.html:98
 #: perms/templates/perms/remote_app_permission_detail.html:90
-#: users/models/user.py:469 users/serializers/group.py:32
+#: users/models/user.py:470 users/serializers/group.py:32
 #: users/templates/users/user_detail.html:111
 #: xpack/plugins/change_auth_plan/models.py:109
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:113
@@ -261,7 +261,7 @@ msgstr "创建日期"
 #: settings/models.py:34 terminal/models.py:33
 #: terminal/templates/terminal/terminal_detail.html:63
 #: tickets/templates/tickets/ticket_detail.html:104 users/models/group.py:15
-#: users/models/user.py:461 users/templates/users/user_detail.html:129
+#: users/models/user.py:462 users/templates/users/user_detail.html:129
 #: users/templates/users/user_group_detail.html:67
 #: users/templates/users/user_group_list.html:37
 #: users/templates/users/user_profile.html:138
@@ -683,7 +683,7 @@ msgstr "选择资产"
 msgid "Content should not be contain: {}"
 msgstr "内容不能包含: {}"
 
-#: assets/forms/domain.py:55
+#: assets/forms/domain.py:55 assets/models/domain.py:67
 msgid "Password should not contain special characters"
 msgstr "不能包含特殊字符"
 
@@ -708,7 +708,7 @@ msgstr "SSH网关，支持代理SSH,RDP和VNC"
 #: perms/templates/perms/asset_permission_user.html:55
 #: perms/templates/perms/remote_app_permission_user.html:54
 #: settings/templates/settings/_ldap_list_users_modal.html:31 users/forms.py:14
-#: users/forms.py:161 users/models/user.py:426
+#: users/forms.py:161 users/models/user.py:427
 #: users/templates/users/_select_user_modal.html:14
 #: users/templates/users/user_detail.html:67
 #: users/templates/users/user_list.html:36
@@ -749,7 +749,7 @@ msgstr "密码"
 
 #: assets/forms/user.py:30 assets/serializers/asset_user.py:71
 #: assets/templates/assets/_asset_user_auth_update_modal.html:27
-#: users/models/user.py:455
+#: users/models/user.py:456
 msgid "Private key"
 msgstr "ssh私钥"
 
@@ -964,7 +964,7 @@ msgstr "带宽"
 msgid "Contact"
 msgstr "联系人"
 
-#: assets/models/cluster.py:22 users/models/user.py:447
+#: assets/models/cluster.py:22 users/models/user.py:448
 #: users/templates/users/user_detail.html:76
 msgid "Phone"
 msgstr "手机"
@@ -990,7 +990,7 @@ msgid "Default"
 msgstr "默认"
 
 #: assets/models/cluster.py:36 assets/models/label.py:14
-#: users/models/user.py:567
+#: users/models/user.py:568
 msgid "System"
 msgstr "系统"
 
@@ -1133,7 +1133,7 @@ msgstr "默认资产组"
 #: tickets/models/ticket.py:128 tickets/templates/tickets/ticket_detail.html:32
 #: tickets/templates/tickets/ticket_list.html:34
 #: tickets/templates/tickets/ticket_list.html:100 users/forms.py:339
-#: users/models/user.py:148 users/models/user.py:164 users/models/user.py:555
+#: users/models/user.py:148 users/models/user.py:164 users/models/user.py:556
 #: users/serializers/group.py:21
 #: users/templates/users/user_group_detail.html:78
 #: users/templates/users/user_group_list.html:36 users/views/user.py:250
@@ -1289,7 +1289,7 @@ msgid "Backend"
 msgstr "后端"
 
 #: assets/serializers/asset_user.py:67 users/forms.py:282
-#: users/models/user.py:458 users/templates/users/first_login.html:42
+#: users/models/user.py:459 users/templates/users/first_login.html:42
 #: users/templates/users/user_password_update.html:49
 #: users/templates/users/user_profile.html:69
 #: users/templates/users/user_profile_update.html:46
@@ -2012,10 +2012,6 @@ msgstr "测试连接"
 msgid "Can be connected"
 msgstr "可连接"
 
-#: assets/templates/assets/domain_gateway_list.html:142
-msgid "The connection fails"
-msgstr "连接失败"
-
 #: assets/templates/assets/domain_list.html:6
 msgid ""
 "The domain function is added to address the fact that some environments "
@@ -2293,7 +2289,7 @@ msgstr "Agent"
 
 #: audits/models.py:86 audits/templates/audits/login_log_list.html:62
 #: authentication/templates/authentication/_mfa_confirm_modal.html:14
-#: users/forms.py:194 users/models/user.py:450
+#: users/forms.py:194 users/models/user.py:451
 #: users/templates/users/first_login.html:45
 msgid "MFA"
 msgstr "MFA"
@@ -2807,7 +2803,7 @@ msgstr ""
 
 #: jumpserver/views.py:233
 msgid "Websocket server run on port: {}, you should proxy it on nginx"
-msgstr ""
+msgstr "Websocket 服务运行在端口: {}, 请检查nginx是否代理是否设置"
 
 #: jumpserver/views.py:241
 msgid ""
@@ -3198,7 +3194,7 @@ msgstr "提示：RDP 协议不支持单独控制上传或下载文件"
 #: perms/templates/perms/asset_permission_list.html:211
 #: perms/templates/perms/remote_app_permission_list.html:16
 #: templates/_nav.html:21 users/forms.py:313 users/models/group.py:26
-#: users/models/user.py:434 users/templates/users/_select_user_modal.html:16
+#: users/models/user.py:435 users/templates/users/_select_user_modal.html:16
 #: users/templates/users/user_detail.html:219
 #: users/templates/users/user_list.html:38
 #: xpack/plugins/orgs/templates/orgs/org_list.html:16
@@ -3241,7 +3237,7 @@ msgstr "资产授权"
 #: perms/models/base.py:53
 #: perms/templates/perms/asset_permission_detail.html:90
 #: perms/templates/perms/remote_app_permission_detail.html:82
-#: users/models/user.py:466 users/templates/users/user_detail.html:107
+#: users/models/user.py:467 users/templates/users/user_detail.html:107
 #: users/templates/users/user_profile.html:120
 msgid "Date expired"
 msgstr "失效日期"
@@ -3816,7 +3812,7 @@ msgid "Refresh cache"
 msgstr "刷新缓存"
 
 #: settings/templates/settings/_ldap_list_users_modal.html:33
-#: users/models/user.py:430 users/templates/users/user_detail.html:71
+#: users/models/user.py:431 users/templates/users/user_detail.html:71
 #: users/templates/users/user_profile.html:59
 msgid "Email"
 msgstr "邮件"
@@ -4757,11 +4753,11 @@ msgstr "工单列表"
 msgid "Ticket detail"
 msgstr "工单详情"
 
-#: users/api/user.py:173
+#: users/api/user.py:174
 msgid "Could not reset self otp, use profile reset instead"
 msgstr "不能再该页面重置MFA, 请去个人信息页面重置"
 
-#: users/forms.py:47 users/models/user.py:438
+#: users/forms.py:47 users/models/user.py:439
 #: users/templates/users/_select_user_modal.html:15
 #: users/templates/users/user_detail.html:87
 #: users/templates/users/user_list.html:37
@@ -4769,7 +4765,7 @@ msgstr "不能再该页面重置MFA, 请去个人信息页面重置"
 msgid "Role"
 msgstr "角色"
 
-#: users/forms.py:51 users/models/user.py:473
+#: users/forms.py:51 users/models/user.py:474
 #: users/templates/users/user_detail.html:103
 #: users/templates/users/user_list.html:39
 #: users/templates/users/user_profile.html:102
@@ -4797,7 +4793,7 @@ msgstr "添加到用户组"
 msgid "Public key should not be the same as your old one."
 msgstr "不能和原来的密钥相同"
 
-#: users/forms.py:110 users/forms.py:271 users/serializers/user.py:109
+#: users/forms.py:110 users/forms.py:271 users/serializers/user.py:122
 msgid "Not a valid ssh public key"
 msgstr "ssh密钥不合法"
 
@@ -4887,7 +4883,7 @@ msgstr "选择用户"
 msgid "User auth from {}, go there change password"
 msgstr "用户认证源来自 {}, 请去相应系统修改密码"
 
-#: users/models/user.py:147 users/models/user.py:563
+#: users/models/user.py:147 users/models/user.py:564
 msgid "Administrator"
 msgstr "管理员"
 
@@ -4912,23 +4908,23 @@ msgstr "组织审计员"
 msgid "Force enable"
 msgstr "强制启用"
 
-#: users/models/user.py:418
+#: users/models/user.py:419
 msgid "Local"
 msgstr "数据库"
 
-#: users/models/user.py:441
+#: users/models/user.py:442
 msgid "Avatar"
 msgstr "头像"
 
-#: users/models/user.py:444 users/templates/users/user_detail.html:82
+#: users/models/user.py:445 users/templates/users/user_detail.html:82
 msgid "Wechat"
 msgstr "微信"
 
-#: users/models/user.py:477
+#: users/models/user.py:478
 msgid "Date password last updated"
 msgstr "最后更新密码日期"
 
-#: users/models/user.py:566
+#: users/models/user.py:567
 msgid "Administrator is the super user of system"
 msgstr "Administrator是初始的超级管理员"
 
@@ -4936,42 +4932,42 @@ msgstr "Administrator是初始的超级管理员"
 msgid "Auditors cannot be join in the user group"
 msgstr "审计员不能被加入到用户组"
 
-#: users/serializers/user.py:39
-msgid "Groups name"
-msgstr "用户组名"
-
-#: users/serializers/user.py:40
-msgid "Source name"
-msgstr "用户来源名"
-
-#: users/serializers/user.py:41
+#: users/serializers/user.py:35
 msgid "Is first login"
 msgstr "首次登录"
 
-#: users/serializers/user.py:42
-msgid "Role name"
-msgstr "角色名"
-
-#: users/serializers/user.py:43
+#: users/serializers/user.py:36
 msgid "Is valid"
 msgstr "账户是否有效"
 
-#: users/serializers/user.py:44
+#: users/serializers/user.py:37
 msgid "Is expired"
 msgstr " 是否过期"
 
-#: users/serializers/user.py:45
+#: users/serializers/user.py:38
 msgid "Avatar url"
 msgstr "头像路径"
 
-#: users/serializers/user.py:65
+#: users/serializers/user.py:46
 msgid "Role limit to {}"
 msgstr "角色只能为 {}"
 
-#: users/serializers/user.py:77
+#: users/serializers/user.py:58
 msgid "Password does not match security rules"
 msgstr "密码不满足安全规则"
 
+#: users/serializers/user.py:107
+msgid "Groups name"
+msgstr "用户组名"
+
+#: users/serializers/user.py:108
+msgid "Source name"
+msgstr "用户来源名"
+
+#: users/serializers/user.py:109
+msgid "Role name"
+msgstr "角色名"
+
 #: users/serializers_v2/user.py:36
 msgid "name not unique"
 msgstr "名称重复"
@@ -6431,6 +6427,9 @@ msgstr "密码匣子"
 msgid "vault create"
 msgstr "创建"
 
+#~ msgid "The connection fails"
+#~ msgstr "连接失败"
+
 #~ msgid "Assigned ticket"
 #~ msgstr "处理人"
 

apps/terminal/api_v2/terminal.py

@@ -3,6 +3,7 @@
 from rest_framework import viewsets, generics
 from rest_framework import status
 from rest_framework.response import Response
+from django.conf import settings
 
 from common.permissions import IsSuperUser, WithBootstrapToken
 
@@ -17,6 +18,9 @@ class TerminalViewSet(viewsets.ModelViewSet):
     queryset = Terminal.objects.filter(is_deleted=False)
     serializer_class = serializers.TerminalSerializer
     permission_classes = [IsSuperUser]
+    http_method_names = [
+        'get', 'put', 'patch', 'delete', 'head', 'options', 'trace'
+    ]
 
 
 class TerminalRegistrationApi(generics.CreateAPIView):
@@ -29,6 +33,9 @@ class TerminalRegistrationApi(generics.CreateAPIView):
         serializer = serializers.TerminalSerializer(
             data=data, context={'request': request}
         )
+        if not settings.SECURITY_SERVICE_ACCOUNT_REGISTRATION:
+            data = {"error": "service account registration disabled"}
+            return Response(data=data, status=status.HTTP_400_BAD_REQUEST)
         serializer.is_valid(raise_exception=True)
         terminal = serializer.save()
         sa_serializer = serializer.sa_serializer_class(instance=terminal.user)

apps/terminal/serializers_v2/terminal.py

@@ -28,9 +28,6 @@ class TerminalSerializer(serializers.ModelSerializer):
         valid = super().is_valid(raise_exception=raise_exception)
         if not valid:
             return valid
-        if not settings.SECURITY_SERVICE_ACCOUNT_REGISTRATION:
-            error = {"error": "service account registration disabled"}
-            raise serializers.ValidationError(error)
         data = {'name': self.validated_data.get('name')}
         kwargs = {'data': data}
         if self.instance and self.instance.user:

jms

@@ -114,7 +114,7 @@ def check_pid(pid):
     """ Check For the existence of a unix pid. """
     try:
         os.kill(pid, 0)
-    except OSError:
+    except (OSError, ProcessLookupError):
         return False
     else:
         return True
@@ -231,6 +231,9 @@ def get_start_worker_kwargs(queue, num):
 
     if os.getuid() == 0:
         os.environ.setdefault('C_FORCE_ROOT', '1')
+    server_hostname = os.environ.get("SERVER_HOSTNAME")
+    if not server_hostname:
+        server_hostname = '%h'
 
     cmd = [
         'celery', 'worker',
@@ -238,7 +241,7 @@ def get_start_worker_kwargs(queue, num):
         '-l', 'INFO',
         '-c', str(num),
         '-Q', queue,
-        '-n', '{}@%h'.format(queue)
+        '-n', '{}@{}'.format(queue, server_hostname)
     ]
     return {"cmd": cmd, "cwd": APPS_DIR}
 
@@ -437,6 +440,12 @@ def stop_service(srv, sig=15):
         print("Stop service: {}".format(s), end='')
         pid = get_pid(s)
         os.kill(pid, sig)
+        with LOCK:
+            process = processes.pop(s, None)
+        if process is None:
+            print("\033[31m No process found\033[0m")
+            continue
+        process.wait(1)
         for i in range(STOP_TIMEOUT):
             if i == STOP_TIMEOUT - 1:
                 print("\033[31m Error\033[0m")
@@ -447,9 +456,6 @@ def stop_service(srv, sig=15):
                 time.sleep(1)
                 continue
 
-        with LOCK:
-            processes.pop(s, None)
-
     if srv == "all":
         stop_daemon_service()