From d07a230ba6f9ed0618ce3a1c90a1e8f58d000f93 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Fri, 22 Jul 2022 15:23:16 +0800 Subject: [PATCH 01/33] =?UTF-8?q?feat:=20=E6=B7=BB=E5=8A=A0=E9=BB=98?= =?UTF-8?q?=E8=AE=A4=E5=B7=A5=E5=8D=95=E6=8E=88=E6=9D=83=E6=97=B6=E9=97=B4?= =?UTF-8?q?=20(#8649)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: feng626 <1304903146@qq.com> --- apps/jumpserver/conf.py | 1 + apps/jumpserver/settings/custom.py | 1 + apps/locale/ja/LC_MESSAGES/django.mo | 4 +- apps/locale/ja/LC_MESSAGES/django.po | 70 +++++++++++++++------------- apps/locale/zh/LC_MESSAGES/django.mo | 4 +- apps/locale/zh/LC_MESSAGES/django.po | 70 +++++++++++++++------------- apps/settings/serializers/other.py | 5 ++ apps/settings/serializers/public.py | 1 + 8 files changed, 86 insertions(+), 70 deletions(-) diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index 551076192..8ebc704d3 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -405,6 +405,7 @@ class Config(dict): 'CONNECTION_TOKEN_ENABLED': False, 'PERM_SINGLE_ASSET_TO_UNGROUP_NODE': False, + 'TICKET_AUTHORIZE_DEFAULT_TIME': 7, 'WINDOWS_SSH_DEFAULT_SHELL': 'cmd', 'PERIOD_TASK_ENABLED': True, diff --git a/apps/jumpserver/settings/custom.py b/apps/jumpserver/settings/custom.py index b6f6e9863..0bcdc77d9 100644 --- a/apps/jumpserver/settings/custom.py +++ b/apps/jumpserver/settings/custom.py @@ -85,6 +85,7 @@ TERMINAL_TELNET_REGEX = CONFIG.TERMINAL_TELNET_REGEX BACKEND_ASSET_USER_AUTH_VAULT = False PERM_SINGLE_ASSET_TO_UNGROUP_NODE = CONFIG.PERM_SINGLE_ASSET_TO_UNGROUP_NODE +TICKET_AUTHORIZE_DEFAULT_TIME = CONFIG.TICKET_AUTHORIZE_DEFAULT_TIME PERM_EXPIRED_CHECK_PERIODIC = CONFIG.PERM_EXPIRED_CHECK_PERIODIC WINDOWS_SSH_DEFAULT_SHELL = CONFIG.WINDOWS_SSH_DEFAULT_SHELL FLOWER_URL = CONFIG.FLOWER_URL diff --git a/apps/locale/ja/LC_MESSAGES/django.mo b/apps/locale/ja/LC_MESSAGES/django.mo index 7dbdfa16d..fd09548da 100644 --- a/apps/locale/ja/LC_MESSAGES/django.mo +++ b/apps/locale/ja/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:0f2fdd3a7bd34a26d068fc6ce521d0ea9983c477b13536ba3f51700a554d4ae3 -size 128706 +oid sha256:92c63243fd3c83321311ffa44fbd91d619969ce18221b629de6e14db90b3a0e8 +size 128842 diff --git a/apps/locale/ja/LC_MESSAGES/django.po b/apps/locale/ja/LC_MESSAGES/django.po index 2d5151877..e7c47e63d 100644 --- a/apps/locale/ja/LC_MESSAGES/django.po +++ b/apps/locale/ja/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-07-20 13:51+0800\n" +"POT-Creation-Date: 2022-07-22 14:49+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -27,7 +27,7 @@ msgstr "Acls" #: assets/models/base.py:175 assets/models/cluster.py:18 #: assets/models/cmd_filter.py:27 assets/models/domain.py:23 #: assets/models/group.py:20 assets/models/label.py:18 ops/mixin.py:24 -#: orgs/models.py:65 perms/models/base.py:83 rbac/models/role.py:29 +#: orgs/models.py:70 perms/models/base.py:83 rbac/models/role.py:29 #: settings/models.py:29 settings/serializers/sms.py:6 #: terminal/models/endpoint.py:10 terminal/models/endpoint.py:86 #: terminal/models/storage.py:26 terminal/models/task.py:16 @@ -59,7 +59,7 @@ msgstr "アクティブ" #: assets/models/cluster.py:29 assets/models/cmd_filter.py:48 #: assets/models/cmd_filter.py:96 assets/models/domain.py:24 #: assets/models/domain.py:65 assets/models/group.py:23 -#: assets/models/label.py:23 ops/models/adhoc.py:38 orgs/models.py:68 +#: assets/models/label.py:23 ops/models/adhoc.py:38 orgs/models.py:73 #: perms/models/base.py:93 rbac/models/role.py:37 settings/models.py:34 #: terminal/models/endpoint.py:23 terminal/models/endpoint.py:96 #: terminal/models/storage.py:29 terminal/models/terminal.py:114 @@ -88,7 +88,7 @@ msgstr "ログイン確認" #: acls/models/login_acl.py:24 acls/models/login_asset_acl.py:20 #: assets/models/cmd_filter.py:30 assets/models/label.py:15 audits/models.py:37 #: audits/models.py:62 audits/models.py:87 audits/serializers.py:100 -#: authentication/models.py:54 authentication/models.py:78 orgs/models.py:215 +#: authentication/models.py:54 authentication/models.py:78 orgs/models.py:220 #: perms/models/base.py:84 rbac/builtin.py:120 rbac/models/rolebinding.py:41 #: terminal/backends/command/models.py:20 #: terminal/backends/command/serializers.py:13 terminal/models/session.py:44 @@ -363,7 +363,7 @@ msgstr "タイプ表示" #: assets/serializers/account.py:18 assets/serializers/cmd_filter.py:28 #: assets/serializers/cmd_filter.py:48 common/db/models.py:114 #: common/mixins/models.py:50 ops/models/adhoc.py:39 ops/models/command.py:30 -#: orgs/models.py:67 orgs/models.py:218 perms/models/base.py:92 +#: orgs/models.py:72 orgs/models.py:223 perms/models/base.py:92 #: users/models/group.py:18 users/models/user.py:922 #: xpack/plugins/cloud/models.py:125 msgid "Date created" @@ -373,7 +373,7 @@ msgstr "作成された日付" #: assets/models/gathered_user.py:20 assets/serializers/account.py:21 #: assets/serializers/cmd_filter.py:29 assets/serializers/cmd_filter.py:49 #: common/db/models.py:115 common/mixins/models.py:51 ops/models/adhoc.py:40 -#: orgs/models.py:219 +#: orgs/models.py:224 msgid "Date updated" msgstr "更新日" @@ -627,8 +627,8 @@ msgstr "ラベル" #: assets/models/asset.py:229 assets/models/base.py:183 #: assets/models/cluster.py:28 assets/models/cmd_filter.py:52 #: assets/models/cmd_filter.py:99 assets/models/group.py:21 -#: common/db/models.py:112 common/mixins/models.py:49 orgs/models.py:66 -#: orgs/models.py:220 perms/models/base.py:91 users/models/user.py:706 +#: common/db/models.py:112 common/mixins/models.py:49 orgs/models.py:71 +#: orgs/models.py:225 perms/models/base.py:91 users/models/user.py:706 #: users/serializers/group.py:33 #: xpack/plugins/change_auth_plan/models/base.py:48 #: xpack/plugins/cloud/models.py:122 xpack/plugins/gathered_user/models.py:30 @@ -907,11 +907,11 @@ msgstr "家を無視する" msgid "Command filter rule" msgstr "コマンドフィルタルール" -#: assets/models/cmd_filter.py:144 +#: assets/models/cmd_filter.py:147 msgid "The generated regular expression is incorrect: {}" msgstr "生成された正規表現が正しくありません: {}" -#: assets/models/cmd_filter.py:170 tickets/const.py:13 +#: assets/models/cmd_filter.py:173 tickets/const.py:13 msgid "Command confirm" msgstr "コマンドの確認" @@ -2226,7 +2226,7 @@ msgstr "有効性" msgid "Expired time" msgstr "期限切れ時間" -#: authentication/serializers/connection_token.py:74 +#: authentication/serializers/connection_token.py:73 msgid "Asset or application required" msgstr "アセットまたはアプリが必要" @@ -3028,26 +3028,26 @@ msgstr "組織のリソース ({}) は削除できません" msgid "App organizations" msgstr "アプリ組織" -#: orgs/mixins/models.py:57 orgs/mixins/serializers.py:25 orgs/models.py:80 -#: orgs/models.py:212 rbac/const.py:7 rbac/models/rolebinding.py:48 +#: orgs/mixins/models.py:57 orgs/mixins/serializers.py:25 orgs/models.py:85 +#: orgs/models.py:217 rbac/const.py:7 rbac/models/rolebinding.py:48 #: rbac/serializers/rolebinding.py:40 settings/serializers/auth/ldap.py:62 #: tickets/models/ticket/general.py:300 tickets/serializers/ticket/ticket.py:71 msgid "Organization" msgstr "組織" -#: orgs/models.py:74 +#: orgs/models.py:79 msgid "GLOBAL" msgstr "グローバル組織" -#: orgs/models.py:82 +#: orgs/models.py:87 msgid "Can view root org" msgstr "グローバル組織を表示できます" -#: orgs/models.py:83 +#: orgs/models.py:88 msgid "Can view all joined org" msgstr "参加しているすべての組織を表示できます" -#: orgs/models.py:217 rbac/models/role.py:46 rbac/models/rolebinding.py:44 +#: orgs/models.py:222 rbac/models/role.py:46 rbac/models/rolebinding.py:44 #: users/models/user.py:671 msgid "Role" msgstr "ロール" @@ -3136,27 +3136,27 @@ msgstr "クリップボードコピーペースト" msgid "From ticket" msgstr "チケットから" -#: perms/notifications.py:18 +#: perms/notifications.py:15 msgid "You permed assets is about to expire" msgstr "パーマ資産の有効期限が近づいています" -#: perms/notifications.py:23 +#: perms/notifications.py:20 msgid "permed assets" msgstr "パーマ資産" -#: perms/notifications.py:62 +#: perms/notifications.py:59 msgid "Asset permissions is about to expire" msgstr "資産権限の有効期限が近づいています" -#: perms/notifications.py:67 +#: perms/notifications.py:64 msgid "asset permissions of organization {}" msgstr "組織 {} の資産権限" -#: perms/notifications.py:94 +#: perms/notifications.py:91 msgid "Your permed applications is about to expire" msgstr "パーマアプリケーションの有効期限が近づいています" -#: perms/notifications.py:98 +#: perms/notifications.py:95 msgid "permed applications" msgstr "Permedアプリケーション" @@ -3825,20 +3825,20 @@ msgstr "テンプレートコード" msgid "Test phone" msgstr "テスト電話" -#: settings/serializers/auth/sso.py:12 +#: settings/serializers/auth/sso.py:11 msgid "Enable SSO auth" msgstr "SSO Token認証の有効化" -#: settings/serializers/auth/sso.py:13 +#: settings/serializers/auth/sso.py:12 msgid "Other service can using SSO token login to JumpServer without password" msgstr "" "他のサービスはパスワードなしでJumpServerへのSSOトークンログインを使用できます" -#: settings/serializers/auth/sso.py:16 +#: settings/serializers/auth/sso.py:15 msgid "SSO auth key TTL" msgstr "Token有効期間" -#: settings/serializers/auth/sso.py:16 +#: settings/serializers/auth/sso.py:15 msgid "Unit: second" msgstr "単位: 秒" @@ -3904,7 +3904,7 @@ msgstr "ログインログは日数を保持します" #: settings/serializers/cleaning.py:10 settings/serializers/cleaning.py:14 #: settings/serializers/cleaning.py:18 settings/serializers/cleaning.py:22 -#: settings/serializers/cleaning.py:26 +#: settings/serializers/cleaning.py:26 settings/serializers/other.py:35 msgid "Unit: day" msgstr "単位: 日" @@ -4077,19 +4077,23 @@ msgstr "" "ノードが表示されないようにしますが、そのノードが許可されていないという質問に" "質問" -#: settings/serializers/other.py:34 +#: settings/serializers/other.py:35 +msgid "Ticket authorize default time" +msgstr "デフォルト製造オーダ承認時間" + +#: settings/serializers/other.py:39 msgid "Help Docs URL" msgstr "ドキュメントリンク" -#: settings/serializers/other.py:35 +#: settings/serializers/other.py:40 msgid "default: http://docs.jumpserver.org" msgstr "デフォルト: http://docs.jumpserver.org" -#: settings/serializers/other.py:39 +#: settings/serializers/other.py:44 msgid "Help Support URL" msgstr "サポートリンク" -#: settings/serializers/other.py:40 +#: settings/serializers/other.py:45 msgid "default: http://www.jumpserver.org/support/" msgstr "デフォルト: http://www.jumpserver.org/support/" @@ -4838,7 +4842,7 @@ msgstr "一括作成非サポート" msgid "Storage is invalid" msgstr "ストレージが無効です" -#: terminal/models/command.py:53 +#: terminal/models/command.py:66 msgid "Command record" msgstr "コマンドレコード" diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo index 33d7105d9..7daf33248 100644 --- a/apps/locale/zh/LC_MESSAGES/django.mo +++ b/apps/locale/zh/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:9c2b13f7242beec8786179e03de895bd3e9d8d6392b74c2398409c1bfa33d9f8 -size 106088 +oid sha256:c4c49c98910aa6e85894d1ba57217932e4e960de325785003749f32000d62657 +size 106197 diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index 808ca2b08..7d4780a26 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: JumpServer 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-07-20 13:51+0800\n" +"POT-Creation-Date: 2022-07-22 14:49+0800\n" "PO-Revision-Date: 2021-05-20 10:54+0800\n" "Last-Translator: ibuler \n" "Language-Team: JumpServer team\n" @@ -26,7 +26,7 @@ msgstr "访问控制" #: assets/models/base.py:175 assets/models/cluster.py:18 #: assets/models/cmd_filter.py:27 assets/models/domain.py:23 #: assets/models/group.py:20 assets/models/label.py:18 ops/mixin.py:24 -#: orgs/models.py:65 perms/models/base.py:83 rbac/models/role.py:29 +#: orgs/models.py:70 perms/models/base.py:83 rbac/models/role.py:29 #: settings/models.py:29 settings/serializers/sms.py:6 #: terminal/models/endpoint.py:10 terminal/models/endpoint.py:86 #: terminal/models/storage.py:26 terminal/models/task.py:16 @@ -58,7 +58,7 @@ msgstr "激活中" #: assets/models/cluster.py:29 assets/models/cmd_filter.py:48 #: assets/models/cmd_filter.py:96 assets/models/domain.py:24 #: assets/models/domain.py:65 assets/models/group.py:23 -#: assets/models/label.py:23 ops/models/adhoc.py:38 orgs/models.py:68 +#: assets/models/label.py:23 ops/models/adhoc.py:38 orgs/models.py:73 #: perms/models/base.py:93 rbac/models/role.py:37 settings/models.py:34 #: terminal/models/endpoint.py:23 terminal/models/endpoint.py:96 #: terminal/models/storage.py:29 terminal/models/terminal.py:114 @@ -87,7 +87,7 @@ msgstr "登录复核" #: acls/models/login_acl.py:24 acls/models/login_asset_acl.py:20 #: assets/models/cmd_filter.py:30 assets/models/label.py:15 audits/models.py:37 #: audits/models.py:62 audits/models.py:87 audits/serializers.py:100 -#: authentication/models.py:54 authentication/models.py:78 orgs/models.py:215 +#: authentication/models.py:54 authentication/models.py:78 orgs/models.py:220 #: perms/models/base.py:84 rbac/builtin.py:120 rbac/models/rolebinding.py:41 #: terminal/backends/command/models.py:20 #: terminal/backends/command/serializers.py:13 terminal/models/session.py:44 @@ -358,7 +358,7 @@ msgstr "类型名称" #: assets/serializers/account.py:18 assets/serializers/cmd_filter.py:28 #: assets/serializers/cmd_filter.py:48 common/db/models.py:114 #: common/mixins/models.py:50 ops/models/adhoc.py:39 ops/models/command.py:30 -#: orgs/models.py:67 orgs/models.py:218 perms/models/base.py:92 +#: orgs/models.py:72 orgs/models.py:223 perms/models/base.py:92 #: users/models/group.py:18 users/models/user.py:922 #: xpack/plugins/cloud/models.py:125 msgid "Date created" @@ -368,7 +368,7 @@ msgstr "创建日期" #: assets/models/gathered_user.py:20 assets/serializers/account.py:21 #: assets/serializers/cmd_filter.py:29 assets/serializers/cmd_filter.py:49 #: common/db/models.py:115 common/mixins/models.py:51 ops/models/adhoc.py:40 -#: orgs/models.py:219 +#: orgs/models.py:224 msgid "Date updated" msgstr "更新日期" @@ -622,8 +622,8 @@ msgstr "标签管理" #: assets/models/asset.py:229 assets/models/base.py:183 #: assets/models/cluster.py:28 assets/models/cmd_filter.py:52 #: assets/models/cmd_filter.py:99 assets/models/group.py:21 -#: common/db/models.py:112 common/mixins/models.py:49 orgs/models.py:66 -#: orgs/models.py:220 perms/models/base.py:91 users/models/user.py:706 +#: common/db/models.py:112 common/mixins/models.py:49 orgs/models.py:71 +#: orgs/models.py:225 perms/models/base.py:91 users/models/user.py:706 #: users/serializers/group.py:33 #: xpack/plugins/change_auth_plan/models/base.py:48 #: xpack/plugins/cloud/models.py:122 xpack/plugins/gathered_user/models.py:30 @@ -902,11 +902,11 @@ msgstr "忽略大小写" msgid "Command filter rule" msgstr "命令过滤规则" -#: assets/models/cmd_filter.py:144 +#: assets/models/cmd_filter.py:147 msgid "The generated regular expression is incorrect: {}" msgstr "生成的正则表达式有误" -#: assets/models/cmd_filter.py:170 tickets/const.py:13 +#: assets/models/cmd_filter.py:173 tickets/const.py:13 msgid "Command confirm" msgstr "命令复核" @@ -2201,7 +2201,7 @@ msgstr "有效" msgid "Expired time" msgstr "过期时间" -#: authentication/serializers/connection_token.py:74 +#: authentication/serializers/connection_token.py:73 msgid "Asset or application required" msgstr "资产或应用必填" @@ -2988,26 +2988,26 @@ msgstr "组织存在资源 ({}) 不能被删除" msgid "App organizations" msgstr "组织管理" -#: orgs/mixins/models.py:57 orgs/mixins/serializers.py:25 orgs/models.py:80 -#: orgs/models.py:212 rbac/const.py:7 rbac/models/rolebinding.py:48 +#: orgs/mixins/models.py:57 orgs/mixins/serializers.py:25 orgs/models.py:85 +#: orgs/models.py:217 rbac/const.py:7 rbac/models/rolebinding.py:48 #: rbac/serializers/rolebinding.py:40 settings/serializers/auth/ldap.py:62 #: tickets/models/ticket/general.py:300 tickets/serializers/ticket/ticket.py:71 msgid "Organization" msgstr "组织" -#: orgs/models.py:74 +#: orgs/models.py:79 msgid "GLOBAL" msgstr "全局组织" -#: orgs/models.py:82 +#: orgs/models.py:87 msgid "Can view root org" msgstr "可以查看全局组织" -#: orgs/models.py:83 +#: orgs/models.py:88 msgid "Can view all joined org" msgstr "可以查看所有加入的组织" -#: orgs/models.py:217 rbac/models/role.py:46 rbac/models/rolebinding.py:44 +#: orgs/models.py:222 rbac/models/role.py:46 rbac/models/rolebinding.py:44 #: users/models/user.py:671 msgid "Role" msgstr "角色" @@ -3096,27 +3096,27 @@ msgstr "剪贴板复制粘贴" msgid "From ticket" msgstr "来自工单" -#: perms/notifications.py:18 +#: perms/notifications.py:15 msgid "You permed assets is about to expire" msgstr "你授权的资产即将到期" -#: perms/notifications.py:23 +#: perms/notifications.py:20 msgid "permed assets" msgstr "授权的资产" -#: perms/notifications.py:62 +#: perms/notifications.py:59 msgid "Asset permissions is about to expire" msgstr "资产授权规则将要过期" -#: perms/notifications.py:67 +#: perms/notifications.py:64 msgid "asset permissions of organization {}" msgstr "组织 ({}) 的资产授权" -#: perms/notifications.py:94 +#: perms/notifications.py:91 msgid "Your permed applications is about to expire" msgstr "你授权的应用即将过期" -#: perms/notifications.py:98 +#: perms/notifications.py:95 msgid "permed applications" msgstr "授权的应用" @@ -3782,19 +3782,19 @@ msgstr "模板" msgid "Test phone" msgstr "测试手机号" -#: settings/serializers/auth/sso.py:12 +#: settings/serializers/auth/sso.py:11 msgid "Enable SSO auth" msgstr "启用 SSO Token 认证" -#: settings/serializers/auth/sso.py:13 +#: settings/serializers/auth/sso.py:12 msgid "Other service can using SSO token login to JumpServer without password" msgstr "其它系统可以使用 SSO Token 对接 JumpServer, 免去登录的过程" -#: settings/serializers/auth/sso.py:16 +#: settings/serializers/auth/sso.py:15 msgid "SSO auth key TTL" msgstr "Token 有效期" -#: settings/serializers/auth/sso.py:16 +#: settings/serializers/auth/sso.py:15 msgid "Unit: second" msgstr "单位: 秒" @@ -3860,7 +3860,7 @@ msgstr "登录日志" #: settings/serializers/cleaning.py:10 settings/serializers/cleaning.py:14 #: settings/serializers/cleaning.py:18 settings/serializers/cleaning.py:22 -#: settings/serializers/cleaning.py:26 +#: settings/serializers/cleaning.py:26 settings/serializers/other.py:35 msgid "Unit: day" msgstr "单位: 天" @@ -4025,19 +4025,23 @@ msgstr "" "放置单独授权的资产到未分组节点, 避免能看到资产所在节点,但该节点未被授权的问" "题" -#: settings/serializers/other.py:34 +#: settings/serializers/other.py:35 +msgid "Ticket authorize default time" +msgstr "默认工单授权时间" + +#: settings/serializers/other.py:39 msgid "Help Docs URL" msgstr "文档链接" -#: settings/serializers/other.py:35 +#: settings/serializers/other.py:40 msgid "default: http://docs.jumpserver.org" msgstr "默认: http://dev.jumpserver.org:8080" -#: settings/serializers/other.py:39 +#: settings/serializers/other.py:44 msgid "Help Support URL" msgstr "支持链接" -#: settings/serializers/other.py:40 +#: settings/serializers/other.py:45 msgid "default: http://www.jumpserver.org/support/" msgstr "默认: http://www.jumpserver.org/support/" @@ -4762,7 +4766,7 @@ msgstr "不支持批量创建" msgid "Storage is invalid" msgstr "存储无效" -#: terminal/models/command.py:53 +#: terminal/models/command.py:66 msgid "Command record" msgstr "命令记录" diff --git a/apps/settings/serializers/other.py b/apps/settings/serializers/other.py index 7d701756c..775e26dd7 100644 --- a/apps/settings/serializers/other.py +++ b/apps/settings/serializers/other.py @@ -30,6 +30,11 @@ class OtherSettingSerializer(serializers.Serializer): help_text=_("Perm single to ungroup node") ) + TICKET_AUTHORIZE_DEFAULT_TIME = serializers.IntegerField( + min_value=7, max_value=9999, required=False, + label=_("Ticket authorize default time"), help_text=_("Unit: day") + ) + HELP_DOCUMENT_URL = serializers.URLField( required=False, allow_blank=True, allow_null=True, label=_("Help Docs URL"), help_text=_('default: http://docs.jumpserver.org') diff --git a/apps/settings/serializers/public.py b/apps/settings/serializers/public.py index 73b61a3bc..04e2b85af 100644 --- a/apps/settings/serializers/public.py +++ b/apps/settings/serializers/public.py @@ -14,6 +14,7 @@ class PublicSettingSerializer(serializers.Serializer): class PrivateSettingSerializer(PublicSettingSerializer): WINDOWS_SKIP_ALL_MANUAL_PASSWORD = serializers.BooleanField() OLD_PASSWORD_HISTORY_LIMIT_COUNT = serializers.IntegerField() + TICKET_AUTHORIZE_DEFAULT_TIME = serializers.IntegerField() SECURITY_MAX_IDLE_TIME = serializers.IntegerField() SECURITY_VIEW_AUTH_NEED_MFA = serializers.BooleanField() SECURITY_MFA_VERIFY_TTL = serializers.IntegerField() From dc322242949224d2e137f388b3fcbf7f058ae714 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Fri, 22 Jul 2022 16:24:57 +0800 Subject: [PATCH 02/33] =?UTF-8?q?feat:=20=E5=BA=94=E7=94=A8=E5=B7=A5?= =?UTF-8?q?=E5=8D=95=E6=94=AF=E6=8C=81=E9=80=89=E6=8B=A9=E5=8A=A8=E4=BD=9C?= =?UTF-8?q?=20(#8651)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: feng626 <1304903146@qq.com> --- apps/tickets/handlers/apply_application.py | 4 +++- ...018_applyapplicationticket_apply_actions.py | 18 ++++++++++++++++++ .../tickets/models/ticket/apply_application.py | 13 ++++++++++++- .../serializers/ticket/apply_application.py | 7 +++++-- apps/tickets/serializers/ticket/apply_asset.py | 5 +++-- 5 files changed, 41 insertions(+), 6 deletions(-) create mode 100644 apps/tickets/migrations/0018_applyapplicationticket_apply_actions.py diff --git a/apps/tickets/handlers/apply_application.py b/apps/tickets/handlers/apply_application.py index 5b7712553..287c70c4a 100644 --- a/apps/tickets/handlers/apply_application.py +++ b/apps/tickets/handlers/apply_application.py @@ -1,6 +1,6 @@ from django.utils.translation import ugettext as _ -from orgs.utils import tmp_to_org, tmp_to_root_org +from orgs.utils import tmp_to_org from perms.models import ApplicationPermission from tickets.models import ApplyApplicationTicket from .base import BaseHandler @@ -26,6 +26,7 @@ class Handler(BaseHandler): apply_system_users = self.ticket.apply_system_users.all() apply_permission_name = self.ticket.apply_permission_name + apply_actions = self.ticket.apply_actions apply_category = self.ticket.apply_category apply_type = self.ticket.apply_type apply_date_start = self.ticket.apply_date_start @@ -50,6 +51,7 @@ class Handler(BaseHandler): 'name': apply_permission_name, 'from_ticket': True, 'category': apply_category, + 'actions': apply_actions, 'type': apply_type, 'comment': str(permission_comment), 'created_by': permission_created_by, diff --git a/apps/tickets/migrations/0018_applyapplicationticket_apply_actions.py b/apps/tickets/migrations/0018_applyapplicationticket_apply_actions.py new file mode 100644 index 000000000..74f5ed7a3 --- /dev/null +++ b/apps/tickets/migrations/0018_applyapplicationticket_apply_actions.py @@ -0,0 +1,18 @@ +# Generated by Django 3.1.14 on 2022-07-22 08:03 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('tickets', '0017_auto_20220623_1027'), + ] + + operations = [ + migrations.AddField( + model_name='applyapplicationticket', + name='apply_actions', + field=models.IntegerField(choices=[(255, 'All'), (1, 'Connect'), (2, 'Upload file'), (4, 'Download file'), (6, 'Upload download'), (8, 'Clipboard copy'), (16, 'Clipboard paste'), (24, 'Clipboard copy paste')], default=255, verbose_name='Actions'), + ), + ] diff --git a/apps/tickets/models/ticket/apply_application.py b/apps/tickets/models/ticket/apply_application.py index 6bd721677..378047db2 100644 --- a/apps/tickets/models/ticket/apply_application.py +++ b/apps/tickets/models/ticket/apply_application.py @@ -1,8 +1,9 @@ from django.db import models from django.utils.translation import gettext_lazy as _ -from .general import Ticket +from perms.models import Action from applications.const import AppCategory, AppType +from .general import Ticket __all__ = ['ApplyApplicationTicket'] @@ -22,6 +23,9 @@ class ApplyApplicationTicket(Ticket): apply_system_users = models.ManyToManyField( 'assets.SystemUser', verbose_name=_('Apply system users'), ) + apply_actions = models.IntegerField( + choices=Action.DB_CHOICES, default=Action.ALL, verbose_name=_('Actions') + ) apply_date_start = models.DateTimeField(verbose_name=_('Date start'), null=True) apply_date_expired = models.DateTimeField(verbose_name=_('Date expired'), null=True) @@ -32,3 +36,10 @@ class ApplyApplicationTicket(Ticket): @property def apply_type_display(self): return AppType.get_label(self.apply_type) + + @property + def apply_actions_display(self): + return Action.value_to_choices_display(self.apply_actions) + + def get_apply_actions_display(self): + return ', '.join(self.apply_actions_display) diff --git a/apps/tickets/serializers/ticket/apply_application.py b/apps/tickets/serializers/ticket/apply_application.py index c713f21d6..12b3f230d 100644 --- a/apps/tickets/serializers/ticket/apply_application.py +++ b/apps/tickets/serializers/ticket/apply_application.py @@ -2,6 +2,7 @@ from django.utils.translation import ugettext as _ from rest_framework import serializers from perms.models import ApplicationPermission +from perms.serializers.base import ActionsField from orgs.utils import tmp_to_org from applications.models import Application from tickets.models import ApplyApplicationTicket @@ -12,6 +13,7 @@ __all__ = ['ApplyApplicationSerializer', 'ApplyApplicationDisplaySerializer', 'A class ApplyApplicationSerializer(BaseApplyAssetApplicationSerializer, TicketApplySerializer): + apply_actions = ActionsField(required=True, allow_empty=False) permission_model = ApplicationPermission class Meta: @@ -19,9 +21,10 @@ class ApplyApplicationSerializer(BaseApplyAssetApplicationSerializer, TicketAppl writeable_fields = [ 'id', 'title', 'type', 'apply_category', 'apply_type', 'apply_applications', 'apply_system_users', - 'apply_date_start', 'apply_date_expired', 'org_id' + 'apply_actions', 'apply_date_start', 'apply_date_expired', 'org_id' ] - fields = TicketApplySerializer.Meta.fields + writeable_fields + ['apply_permission_name'] + fields = TicketApplySerializer.Meta.fields + \ + writeable_fields + ['apply_permission_name', 'apply_actions_display'] read_only_fields = list(set(fields) - set(writeable_fields)) ticket_extra_kwargs = TicketApplySerializer.Meta.extra_kwargs extra_kwargs = { diff --git a/apps/tickets/serializers/ticket/apply_asset.py b/apps/tickets/serializers/ticket/apply_asset.py index b8a007e8d..93a4026c1 100644 --- a/apps/tickets/serializers/ticket/apply_asset.py +++ b/apps/tickets/serializers/ticket/apply_asset.py @@ -23,10 +23,11 @@ class ApplyAssetSerializer(BaseApplyAssetApplicationSerializer, TicketApplySeria model = ApplyAssetTicket writeable_fields = [ 'id', 'title', 'type', 'apply_nodes', 'apply_assets', - 'apply_system_users', 'apply_actions', 'apply_actions_display', + 'apply_system_users', 'apply_actions', 'apply_date_start', 'apply_date_expired', 'org_id' ] - fields = TicketApplySerializer.Meta.fields + writeable_fields + ['apply_permission_name'] + fields = TicketApplySerializer.Meta.fields + \ + writeable_fields + ['apply_permission_name', 'apply_actions_display'] read_only_fields = list(set(fields) - set(writeable_fields)) ticket_extra_kwargs = TicketApplySerializer.Meta.extra_kwargs extra_kwargs = { From c4146744e5f31b7f9942511254b752e4f3e365a5 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Mon, 25 Jul 2022 14:02:07 +0800 Subject: [PATCH 03/33] =?UTF-8?q?perf:=20=E4=BC=98=E5=8C=96=E6=8E=88?= =?UTF-8?q?=E6=9D=83=E8=BF=87=E6=9C=9F=E6=8F=90=E9=86=92=20(#8654)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: feng626 <1304903146@qq.com> --- apps/locale/ja/LC_MESSAGES/django.mo | 4 ++-- apps/locale/ja/LC_MESSAGES/django.po | 26 ++++++++++++++++---------- apps/locale/zh/LC_MESSAGES/django.mo | 4 ++-- apps/locale/zh/LC_MESSAGES/django.po | 26 ++++++++++++++++---------- apps/perms/notifications.py | 14 +++++++------- 5 files changed, 43 insertions(+), 31 deletions(-) diff --git a/apps/locale/ja/LC_MESSAGES/django.mo b/apps/locale/ja/LC_MESSAGES/django.mo index fd09548da..a74e1daed 100644 --- a/apps/locale/ja/LC_MESSAGES/django.mo +++ b/apps/locale/ja/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:92c63243fd3c83321311ffa44fbd91d619969ce18221b629de6e14db90b3a0e8 -size 128842 +oid sha256:7ff3ae18c27279b8783eba9e85b270f9c3da63f812da315ba210877b33b960a8 +size 128908 diff --git a/apps/locale/ja/LC_MESSAGES/django.po b/apps/locale/ja/LC_MESSAGES/django.po index e7c47e63d..7bc904143 100644 --- a/apps/locale/ja/LC_MESSAGES/django.po +++ b/apps/locale/ja/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-07-22 14:49+0800\n" +"POT-Creation-Date: 2022-07-25 13:53+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -304,7 +304,7 @@ msgstr "アプリケーションアカウントの秘密を変更できます" #: applications/serializers/application.py:99 assets/models/label.py:21 #: perms/models/application_permission.py:21 #: perms/serializers/application/user_permission.py:33 -#: tickets/models/ticket/apply_application.py:14 +#: tickets/models/ticket/apply_application.py:15 #: xpack/plugins/change_auth_plan/models/app.py:25 msgid "Category" msgstr "カテゴリ" @@ -316,7 +316,7 @@ msgstr "カテゴリ" #: perms/serializers/application/user_permission.py:34 #: terminal/models/storage.py:58 terminal/models/storage.py:143 #: tickets/models/comment.py:26 tickets/models/flow.py:57 -#: tickets/models/ticket/apply_application.py:17 +#: tickets/models/ticket/apply_application.py:18 #: tickets/models/ticket/general.py:273 #: xpack/plugins/change_auth_plan/models/app.py:28 #: xpack/plugins/change_auth_plan/models/app.py:153 @@ -425,7 +425,7 @@ msgstr "アプリケーションパス" #: applications/serializers/attrs/application_category/remote_app.py:44 #: assets/serializers/system_user.py:167 -#: tickets/serializers/ticket/apply_application.py:35 +#: tickets/serializers/ticket/apply_application.py:38 #: tickets/serializers/ticket/common.py:59 #: xpack/plugins/change_auth_plan/serializers/asset.py:67 #: xpack/plugins/change_auth_plan/serializers/asset.py:70 @@ -711,7 +711,7 @@ msgstr "タイミングトリガー" #: assets/models/backup.py:105 audits/models.py:44 ops/models/command.py:31 #: perms/models/base.py:89 terminal/models/session.py:58 -#: tickets/models/ticket/apply_application.py:25 +#: tickets/models/ticket/apply_application.py:29 #: tickets/models/ticket/apply_asset.py:23 #: xpack/plugins/change_auth_plan/models/base.py:112 #: xpack/plugins/change_auth_plan/models/base.py:203 @@ -1141,6 +1141,7 @@ msgstr "CPU情報" #: perms/serializers/application/permission.py:42 #: perms/serializers/asset/permission.py:18 #: perms/serializers/asset/permission.py:46 +#: tickets/models/ticket/apply_application.py:27 #: tickets/models/ticket/apply_asset.py:21 msgid "Actions" msgstr "アクション" @@ -2144,7 +2145,7 @@ msgid "Secret" msgstr "ひみつ" #: authentication/models.py:74 authentication/models.py:264 -#: perms/models/base.py:90 tickets/models/ticket/apply_application.py:26 +#: perms/models/base.py:90 tickets/models/ticket/apply_application.py:30 #: tickets/models/ticket/apply_asset.py:24 users/models/user.py:703 msgid "Date expired" msgstr "期限切れの日付" @@ -3136,6 +3137,11 @@ msgstr "クリップボードコピーペースト" msgid "From ticket" msgstr "チケットから" +#: perms/notifications.py:12 perms/notifications.py:44 +#: perms/notifications.py:88 perms/notifications.py:119 +msgid "today" +msgstr "今" + #: perms/notifications.py:15 msgid "You permed assets is about to expire" msgstr "パーマ資産の有効期限が近づいています" @@ -5283,7 +5289,7 @@ msgstr "カスタムユーザー" msgid "Ticket already closed" msgstr "チケットはすでに閉じています" -#: tickets/handlers/apply_application.py:37 +#: tickets/handlers/apply_application.py:38 msgid "" "Created by the ticket, ticket title: {}, ticket applicant: {}, ticket " "processor: {}, ticket ID: {}" @@ -5369,16 +5375,16 @@ msgstr "チケットの流れ" msgid "Ticket session relation" msgstr "チケットセッションの関係" -#: tickets/models/ticket/apply_application.py:11 +#: tickets/models/ticket/apply_application.py:12 #: tickets/models/ticket/apply_asset.py:13 msgid "Permission name" msgstr "認可ルール名" -#: tickets/models/ticket/apply_application.py:20 +#: tickets/models/ticket/apply_application.py:21 msgid "Apply applications" msgstr "アプリケーションの適用" -#: tickets/models/ticket/apply_application.py:23 +#: tickets/models/ticket/apply_application.py:24 #: tickets/models/ticket/apply_asset.py:18 msgid "Apply system users" msgstr "システムユーザーの適用" diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo index 7daf33248..fbc1449e5 100644 --- a/apps/locale/zh/LC_MESSAGES/django.mo +++ b/apps/locale/zh/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c4c49c98910aa6e85894d1ba57217932e4e960de325785003749f32000d62657 -size 106197 +oid sha256:493d944976b6e1ad0daba8bae18bd0823aaab4a72b63916315601fd59e984a5a +size 106223 diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index 7d4780a26..025aa770b 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: JumpServer 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-07-22 14:49+0800\n" +"POT-Creation-Date: 2022-07-25 13:53+0800\n" "PO-Revision-Date: 2021-05-20 10:54+0800\n" "Last-Translator: ibuler \n" "Language-Team: JumpServer team\n" @@ -299,7 +299,7 @@ msgstr "可以查看应用账号密码" #: applications/serializers/application.py:99 assets/models/label.py:21 #: perms/models/application_permission.py:21 #: perms/serializers/application/user_permission.py:33 -#: tickets/models/ticket/apply_application.py:14 +#: tickets/models/ticket/apply_application.py:15 #: xpack/plugins/change_auth_plan/models/app.py:25 msgid "Category" msgstr "类别" @@ -311,7 +311,7 @@ msgstr "类别" #: perms/serializers/application/user_permission.py:34 #: terminal/models/storage.py:58 terminal/models/storage.py:143 #: tickets/models/comment.py:26 tickets/models/flow.py:57 -#: tickets/models/ticket/apply_application.py:17 +#: tickets/models/ticket/apply_application.py:18 #: tickets/models/ticket/general.py:273 #: xpack/plugins/change_auth_plan/models/app.py:28 #: xpack/plugins/change_auth_plan/models/app.py:153 @@ -420,7 +420,7 @@ msgstr "应用路径" #: applications/serializers/attrs/application_category/remote_app.py:44 #: assets/serializers/system_user.py:167 -#: tickets/serializers/ticket/apply_application.py:35 +#: tickets/serializers/ticket/apply_application.py:38 #: tickets/serializers/ticket/common.py:59 #: xpack/plugins/change_auth_plan/serializers/asset.py:67 #: xpack/plugins/change_auth_plan/serializers/asset.py:70 @@ -706,7 +706,7 @@ msgstr "定时触发" #: assets/models/backup.py:105 audits/models.py:44 ops/models/command.py:31 #: perms/models/base.py:89 terminal/models/session.py:58 -#: tickets/models/ticket/apply_application.py:25 +#: tickets/models/ticket/apply_application.py:29 #: tickets/models/ticket/apply_asset.py:23 #: xpack/plugins/change_auth_plan/models/base.py:112 #: xpack/plugins/change_auth_plan/models/base.py:203 @@ -1133,6 +1133,7 @@ msgstr "CPU信息" #: perms/serializers/application/permission.py:42 #: perms/serializers/asset/permission.py:18 #: perms/serializers/asset/permission.py:46 +#: tickets/models/ticket/apply_application.py:27 #: tickets/models/ticket/apply_asset.py:21 msgid "Actions" msgstr "动作" @@ -2123,7 +2124,7 @@ msgid "Secret" msgstr "密钥" #: authentication/models.py:74 authentication/models.py:264 -#: perms/models/base.py:90 tickets/models/ticket/apply_application.py:26 +#: perms/models/base.py:90 tickets/models/ticket/apply_application.py:30 #: tickets/models/ticket/apply_asset.py:24 users/models/user.py:703 msgid "Date expired" msgstr "失效日期" @@ -3096,6 +3097,11 @@ msgstr "剪贴板复制粘贴" msgid "From ticket" msgstr "来自工单" +#: perms/notifications.py:12 perms/notifications.py:44 +#: perms/notifications.py:88 perms/notifications.py:119 +msgid "today" +msgstr "今" + #: perms/notifications.py:15 msgid "You permed assets is about to expire" msgstr "你授权的资产即将到期" @@ -5205,7 +5211,7 @@ msgstr "自定义用户" msgid "Ticket already closed" msgstr "工单已经关闭" -#: tickets/handlers/apply_application.py:37 +#: tickets/handlers/apply_application.py:38 msgid "" "Created by the ticket, ticket title: {}, ticket applicant: {}, ticket " "processor: {}, ticket ID: {}" @@ -5289,16 +5295,16 @@ msgstr "工单流程" msgid "Ticket session relation" msgstr "工单会话" -#: tickets/models/ticket/apply_application.py:11 +#: tickets/models/ticket/apply_application.py:12 #: tickets/models/ticket/apply_asset.py:13 msgid "Permission name" msgstr "授权规则名称" -#: tickets/models/ticket/apply_application.py:20 +#: tickets/models/ticket/apply_application.py:21 msgid "Apply applications" msgstr "申请应用" -#: tickets/models/ticket/apply_application.py:23 +#: tickets/models/ticket/apply_application.py:24 #: tickets/models/ticket/apply_asset.py:18 msgid "Apply system users" msgstr "申请的系统用户" diff --git a/apps/perms/notifications.py b/apps/perms/notifications.py index 088fa107a..b40ccab7c 100644 --- a/apps/perms/notifications.py +++ b/apps/perms/notifications.py @@ -9,7 +9,7 @@ class PermedAssetsWillExpireUserMsg(UserMessage): def __init__(self, user, assets, day_count=0): super().__init__(user) self.assets = assets - self.day_count = day_count + self.day_count = _('today') if day_count == 0 else day_count def get_html_msg(self) -> dict: subject = _("You permed assets is about to expire") @@ -41,7 +41,7 @@ class AssetPermsWillExpireForOrgAdminMsg(UserMessage): super().__init__(user) self.perms = perms self.org = org - self.day_count = day_count + self.day_count = _('today') if day_count == 0 else day_count def get_items_with_url(self): items_with_url = [] @@ -59,7 +59,7 @@ class AssetPermsWillExpireForOrgAdminMsg(UserMessage): subject = _("Asset permissions is about to expire") context = { 'name': self.user.name, - 'count': self.day_count, + 'count': str(self.day_count), 'items_with_url': items_with_url, 'item_type': _('asset permissions of organization {}').format(self.org) } @@ -85,13 +85,13 @@ class PermedAppsWillExpireUserMsg(UserMessage): def __init__(self, user, apps, day_count=0): super().__init__(user) self.apps = apps - self.day_count = day_count + self.day_count = _('today') if day_count == 0 else day_count def get_html_msg(self) -> dict: subject = _("Your permed applications is about to expire") context = { 'name': self.user.name, - 'count': self.day_count, + 'count': str(self.day_count), 'item_type': _('permed applications'), 'items': [str(app) for app in self.apps] } @@ -116,7 +116,7 @@ class AppPermsWillExpireForOrgAdminMsg(UserMessage): super().__init__(user) self.perms = perms self.org = org - self.day_count = day_count + self.day_count = _('today') if day_count == 0 else day_count def get_items_with_url(self): items_with_url = [] @@ -134,7 +134,7 @@ class AppPermsWillExpireForOrgAdminMsg(UserMessage): subject = _('Application permissions is about to expire') context = { 'name': self.user.name, - 'count': self.day_count, + 'count': str(self.day_count), 'item_type': _('application permissions of organization {}').format(self.org), 'items_with_url': items } From 0f7b41d1776f2fc1dd9540f81f1879a0453685e5 Mon Sep 17 00:00:00 2001 From: feng626 <1304903146@qq.com> Date: Tue, 26 Jul 2022 15:01:47 +0800 Subject: [PATCH 04/33] fix: super ticket close bug --- apps/tickets/api/super_ticket.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/tickets/api/super_ticket.py b/apps/tickets/api/super_ticket.py index ea186bd1b..32c4a56c0 100644 --- a/apps/tickets/api/super_ticket.py +++ b/apps/tickets/api/super_ticket.py @@ -20,4 +20,4 @@ class SuperTicketStatusAPI(RetrieveDestroyAPIView): return Ticket.objects.all() def perform_destroy(self, instance): - instance.close(processor=instance.applicant) + instance.close() From e7229963bfc0c87167d50ce236acc24bf79b9647 Mon Sep 17 00:00:00 2001 From: jiangweidong Date: Mon, 18 Jul 2022 11:44:41 +0800 Subject: [PATCH 05/33] =?UTF-8?q?perf:=20=E6=9B=B4=E6=8D=A2oracle=E4=BE=9D?= =?UTF-8?q?=E8=B5=96=E5=8C=85?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- requirements/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/requirements.txt b/requirements/requirements.txt index 3de0de2eb..75d5b6c5c 100644 --- a/requirements/requirements.txt +++ b/requirements/requirements.txt @@ -127,7 +127,7 @@ kubernetes==21.7.0 # DB requirements mysqlclient==2.1.0 PyMySQL==1.0.2 -cx-Oracle==8.2.1 +oracledb==1.0.1 psycopg2-binary==2.9.1 pymssql==2.1.5 django-mysql==3.9.0 From ea7133dea01e19c4c04bcbe8de713e6f49780077 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Thu, 28 Jul 2022 13:47:32 +0800 Subject: [PATCH 06/33] fix: translate (#8664) Co-authored-by: feng626 <1304903146@qq.com> --- apps/locale/ja/LC_MESSAGES/django.po | 2 +- apps/locale/zh/LC_MESSAGES/django.mo | 2 +- apps/locale/zh/LC_MESSAGES/django.po | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/apps/locale/ja/LC_MESSAGES/django.po b/apps/locale/ja/LC_MESSAGES/django.po index 7bc904143..7668705cc 100644 --- a/apps/locale/ja/LC_MESSAGES/django.po +++ b/apps/locale/ja/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-07-25 13:53+0800\n" +"POT-Creation-Date: 2022-07-28 13:43+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo index fbc1449e5..841d1186d 100644 --- a/apps/locale/zh/LC_MESSAGES/django.mo +++ b/apps/locale/zh/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:493d944976b6e1ad0daba8bae18bd0823aaab4a72b63916315601fd59e984a5a +oid sha256:4c10c6bd05e79bc462db9863136e538978e5ca2644c6fd228050603135559d83 size 106223 diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index 025aa770b..dab498f08 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: JumpServer 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-07-25 13:53+0800\n" +"POT-Creation-Date: 2022-07-28 13:43+0800\n" "PO-Revision-Date: 2021-05-20 10:54+0800\n" "Last-Translator: ibuler \n" "Language-Team: JumpServer team\n" @@ -4271,7 +4271,7 @@ msgstr "会话分享" #: settings/serializers/security.py:180 msgid "Enabled, Allows user active session to be shared with other users" -msgstr "开启后允许用户分享已连接的资产会话给它人,协同工作" +msgstr "开启后允许用户分享已连接的资产会话给他人,协同工作" #: settings/serializers/security.py:183 msgid "Remote Login Protection" From ee1aff243c431d7b1eb94df270e2b93b57bfefb3 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Fri, 29 Jul 2022 10:02:23 +0800 Subject: [PATCH 07/33] =?UTF-8?q?feat:=20=E6=96=B0=E5=A2=9Eping=E3=80=81te?= =?UTF-8?q?lnet=E7=B3=BB=E7=BB=9F=E5=B7=A5=E5=85=B7=20(#8666)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: 新增ping、telnet系统工具 * perf: 消息返回 Co-authored-by: halo --- apps/jumpserver/routing.py | 4 +- apps/settings/urls/ws_urls.py | 9 ++ apps/settings/utils/__init__.py | 2 + apps/settings/utils/ping.py | 154 ++++++++++++++++++++++++++++++++ apps/settings/utils/telnet.py | 25 ++++++ apps/settings/ws.py | 77 ++++++++++++++++ 6 files changed, 269 insertions(+), 2 deletions(-) create mode 100644 apps/settings/urls/ws_urls.py create mode 100644 apps/settings/utils/ping.py create mode 100644 apps/settings/utils/telnet.py create mode 100644 apps/settings/ws.py diff --git a/apps/jumpserver/routing.py b/apps/jumpserver/routing.py index 1d1de2230..773baee99 100644 --- a/apps/jumpserver/routing.py +++ b/apps/jumpserver/routing.py @@ -4,10 +4,10 @@ from django.core.asgi import get_asgi_application from ops.urls.ws_urls import urlpatterns as ops_urlpatterns from notifications.urls.ws_urls import urlpatterns as notifications_urlpatterns +from settings.urls.ws_urls import urlpatterns as setting_urlpatterns urlpatterns = [] -urlpatterns += ops_urlpatterns \ - + notifications_urlpatterns +urlpatterns += ops_urlpatterns + notifications_urlpatterns + setting_urlpatterns application = ProtocolTypeRouter({ 'websocket': AuthMiddlewareStack( diff --git a/apps/settings/urls/ws_urls.py b/apps/settings/urls/ws_urls.py new file mode 100644 index 000000000..b1555c957 --- /dev/null +++ b/apps/settings/urls/ws_urls.py @@ -0,0 +1,9 @@ +from django.urls import path + +from .. import ws + +app_name = 'common' + +urlpatterns = [ + path('ws/setting/tools/', ws.ToolsWebsocket.as_asgi(), name='setting-tools-ws'), +] diff --git a/apps/settings/utils/__init__.py b/apps/settings/utils/__init__.py index e17c4e43c..0927bde18 100644 --- a/apps/settings/utils/__init__.py +++ b/apps/settings/utils/__init__.py @@ -3,3 +3,5 @@ from .ldap import * from .common import * +from .ping import * +from .telnet import * diff --git a/apps/settings/utils/ping.py b/apps/settings/utils/ping.py new file mode 100644 index 000000000..409edc83a --- /dev/null +++ b/apps/settings/utils/ping.py @@ -0,0 +1,154 @@ +# -*- coding: utf-8 -*- +# + +import os +import select +import socket +import struct +import time + +# From /usr/include/linux/icmp.h; your milage may vary. +ICMP_ECHO_REQUEST = 8 # Seems to be the same on Solaris. + + +def checksum(source_string): + """ + I'm not too confident that this is right but testing seems + to suggest that it gives the same answers as in_cksum in ping.c + """ + sum = 0 + count_to = int((len(source_string) / 2) * 2) + for count in range(0, count_to, 2): + this = source_string[count + 1] * 256 + source_string[count] + sum = sum + this + sum = sum & 0xffffffff # Necessary? + + if count_to < len(source_string): + sum = sum + ord(source_string[len(source_string) - 1]) + sum = sum & 0xffffffff # Necessary? + + sum = (sum >> 16) + (sum & 0xffff) + sum = sum + (sum >> 16) + answer = ~sum + answer = answer & 0xffff + + # Swap bytes. Bugger me if I know why. + answer = answer >> 8 | (answer << 8 & 0xff00) + + return answer + + +def receive_one_ping(my_socket, id, timeout): + """ + Receive the ping from the socket. + """ + time_left = timeout + while True: + started_select = time.time() + what_ready = select.select([my_socket], [], [], time_left) + how_long_in_select = time.time() - started_select + if not what_ready[0]: # Timeout + return + + time_received = time.time() + received_packet, addr = my_socket.recvfrom(1024) + icmpHeader = received_packet[20:28] + type, code, checksum, packet_id, sequence = struct.unpack("bbHHh", icmpHeader) + if packet_id == id: + bytes = struct.calcsize("d") + time_sent = struct.unpack("d", received_packet[28: 28 + bytes])[0] + return time_received - time_sent + + time_left = time_left - how_long_in_select + if time_left <= 0: + return + + +def send_one_ping(my_socket, dest_addr, id, psize): + """ + Send one ping to the given >dest_addr<. + """ + dest_addr = socket.gethostbyname(dest_addr) + + # Remove header size from packet size + # psize = psize - 8 + # laixintao edit: + # Do not need to remove header here. From BSD ping man: + # The default is 56, which translates into 64 ICMP data + # bytes when combined with the 8 bytes of ICMP header data. + + # Header is type (8), code (8), checksum (16), id (16), sequence (16) + my_checksum = 0 + + # Make a dummy heder with a 0 checksum. + header = struct.pack("bbHHh", ICMP_ECHO_REQUEST, 0, my_checksum, id, 1) + bytes = struct.calcsize("d") + data = (psize - bytes) * b"Q" + data = struct.pack("d", time.time()) + data + + # Calculate the checksum on the data and the dummy header. + my_checksum = checksum(header + data) + + # Now that we have the right checksum, we put that in. It's just easier + # to make up a new header than to stuff it into the dummy. + header = struct.pack( + "bbHHh", ICMP_ECHO_REQUEST, 0, socket.htons(my_checksum), id, 1 + ) + packet = header + data + my_socket.sendto(packet, (dest_addr, 1)) # Don't know about the 1 + + +def ping(dest_addr, timeout, psize, flag=0): + """ + Returns either the delay (in seconds) or none on timeout. + """ + icmp = socket.getprotobyname("icmp") + try: + if os.getuid() != 0: + my_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, icmp) + else: + my_socket = socket.socket(socket.AF_INET, socket.SOCK_RAW, icmp) + except socket.error as e: + if e.errno == 1: + # Operation not permitted + msg = str(e) + raise socket.error(msg) + raise # raise the original error + + process_pre = os.getpid() & 0xFF00 + flag = flag & 0x00FF + my_id = process_pre | flag + + send_one_ping(my_socket, dest_addr, my_id, psize) + delay = receive_one_ping(my_socket, my_id, timeout) + + my_socket.close() + return delay + + +def verbose_ping(dest_addr, timeout=2, count=5, psize=64): + """ + Send `count' ping with `psize' size to `dest_addr' with + the given `timeout' and display the result. + """ + for i in range(count): + print("ping %s with ..." % dest_addr, end="") + try: + delay = ping(dest_addr, timeout, psize) + except socket.gaierror as e: + print("failed. (socket error: '%s')" % str(e)) + break + + if delay is None: + print("failed. (timeout within %ssec.)" % timeout) + else: + delay = delay * 1000 + print("get ping in %0.4fms" % delay) + print() + + +if __name__ == "__main__": + verbose_ping("google.com") + verbose_ping("192.168.4.1") + verbose_ping("www.baidu.com") + verbose_ping("sssssss") diff --git a/apps/settings/utils/telnet.py b/apps/settings/utils/telnet.py new file mode 100644 index 000000000..9785b43ae --- /dev/null +++ b/apps/settings/utils/telnet.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# +import socket +import telnetlib + +PROMPT_REGEX = r'[\<|\[](.*)[\>|\]]' + + +def telnet(dest_addr, port_number=23, timeout=10): + try: + connection = telnetlib.Telnet(dest_addr, port_number, timeout) + except (ConnectionRefusedError, socket.timeout, socket.gaierror) as e: + return False, str(e) + expected_regexes = [bytes(PROMPT_REGEX, encoding='ascii')] + index, prompt_regex, output = connection.expect(expected_regexes, timeout=3) + return True, output.decode('ascii') + + +if __name__ == "__main__": + print(telnet(dest_addr='1.1.1.1', port_number=2222)) + print(telnet(dest_addr='baidu.com', port_number=80)) + print(telnet(dest_addr='baidu.com', port_number=8080)) + print(telnet(dest_addr='192.168.4.1', port_number=2222)) + print(telnet(dest_addr='192.168.4.1', port_number=2223)) + print(telnet(dest_addr='ssssss', port_number=-1)) diff --git a/apps/settings/ws.py b/apps/settings/ws.py new file mode 100644 index 000000000..3455abe2b --- /dev/null +++ b/apps/settings/ws.py @@ -0,0 +1,77 @@ +# -*- coding: utf-8 -*- +# + +import json + +from channels.generic.websocket import JsonWebsocketConsumer + +from common.db.utils import close_old_connections +from common.utils import get_logger +from .utils import ping, telnet + +logger = get_logger(__name__) + + +class ToolsWebsocket(JsonWebsocketConsumer): + + def connect(self): + user = self.scope["user"] + if user.is_authenticated: + self.accept() + else: + self.close() + + def imitate_ping(self, dest_addr, timeout=3, count=5, psize=64): + """ + Send `count' ping with `psize' size to `dest_addr' with + the given `timeout' and display the result. + """ + logger.info('receive request ping {}'.format(dest_addr)) + self.send_json({'msg': 'Trying {0}...\r\n'.format(dest_addr)}) + for i in range(count): + msg = 'ping {0} with ...{1}\r\n' + try: + delay = ping(dest_addr, timeout, psize) + except Exception as e: + msg = msg.format(dest_addr, 'failed. (socket error: {})'.format(str(e))) + logger.error(msg) + self.send_json({'msg': msg}) + break + if delay is None: + msg = msg.format(dest_addr, 'failed. (timeout within {}sec.)'.format(timeout)) + else: + delay = delay * 1000 + msg = msg.format(dest_addr, 'get ping in %0.4fms' % delay) + self.send_json({'msg': msg}) + + def imitate_telnet(self, dest_addr, port_num=23, timeout=10): + logger.info('receive request telnet {}'.format(dest_addr)) + self.send_json({'msg': 'Trying {0} {1}...\r\n'.format(dest_addr, port_num)}) + msg = 'Telnet: {}' + try: + is_connective, resp = telnet(dest_addr, port_num, timeout) + if is_connective: + msg = msg.format('Connected to {0} {1}\r\n{2}'.format(dest_addr, port_num, resp)) + else: + msg = msg.format('Connect to {0} {1} {2}\r\nTelnet: Unable to connect to remote host' + .format(dest_addr, port_num, resp)) + except Exception as e: + logger.error(msg) + msg = msg.format(str(e)) + finally: + self.send_json({'msg': msg}) + + def receive(self, text_data=None, bytes_data=None, **kwargs): + data = json.loads(text_data) + tool_type = data.get('tool_type', 'Ping') + dest_addr = data.get('dest_addr') + if tool_type == 'Ping': + self.imitate_ping(dest_addr) + else: + port_num = data.get('port_num') + self.imitate_telnet(dest_addr, port_num) + self.close() + + def disconnect(self, code): + self.close() + close_old_connections() From 429e83897397acff7d64c00f12cda281c20fdfcc Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Fri, 29 Jul 2022 11:37:16 +0800 Subject: [PATCH 08/33] =?UTF-8?q?perf:=20=E4=BC=98=E5=8C=96=E7=94=A8?= =?UTF-8?q?=E6=88=B7=E7=99=BB=E5=BD=95ACL=E6=A0=B9=E6=8D=AE=E8=A7=84?= =?UTF-8?q?=E5=88=99=E4=BC=98=E5=85=88=E7=BA=A7=E8=BF=9B=E8=A1=8C=E5=8C=B9?= =?UTF-8?q?=E9=85=8D=20(#8672)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * perf: 优化用户登录ACL根据规则优先级进行匹配 * perf: 修改冲突 Co-authored-by: Jiangjie.Bai Co-authored-by: Jiangjie.Bai <32935519+BaiJiangJie@users.noreply.github.com> --- apps/acls/models/login_acl.py | 61 +++++------------ apps/authentication/errors/failed.py | 11 +--- apps/authentication/mixins.py | 97 +++++++++++++++------------- apps/locale/ja/LC_MESSAGES/django.mo | 4 +- apps/locale/ja/LC_MESSAGES/django.po | 26 ++++---- apps/locale/zh/LC_MESSAGES/django.mo | 4 +- apps/locale/zh/LC_MESSAGES/django.po | 26 ++++---- 7 files changed, 98 insertions(+), 131 deletions(-) diff --git a/apps/acls/models/login_acl.py b/apps/acls/models/login_acl.py index 1887ecd33..6fcff0231 100644 --- a/apps/acls/models/login_acl.py +++ b/apps/acls/models/login_acl.py @@ -44,58 +44,29 @@ class LoginACL(BaseACL): def __str__(self): return self.name - @property - def action_reject(self): - return self.action == self.ActionChoices.reject - - @property - def action_allow(self): - return self.action == self.ActionChoices.allow + def is_action(self, action): + return self.action == action @classmethod def filter_acl(cls, user): return user.login_acls.all().valid().distinct() @staticmethod - def allow_user_confirm_if_need(user, ip): - acl = LoginACL.filter_acl(user).filter( - action=LoginACL.ActionChoices.confirm - ).first() - acl = acl if acl and acl.reviewers.exists() else None - if not acl: - return False, acl - ip_group = acl.rules.get('ip_group') - time_periods = acl.rules.get('time_period') - is_contain_ip = contains_ip(ip, ip_group) - is_contain_time_period = contains_time_period(time_periods) - return is_contain_ip and is_contain_time_period, acl + def match(user, ip): + acls = LoginACL.filter_acl(user) + if not acls: + return - @staticmethod - def allow_user_to_login(user, ip): - acl = LoginACL.filter_acl(user).exclude( - action=LoginACL.ActionChoices.confirm - ).first() - if not acl: - return True, '' - ip_group = acl.rules.get('ip_group') - time_periods = acl.rules.get('time_period') - is_contain_ip = contains_ip(ip, ip_group) - is_contain_time_period = contains_time_period(time_periods) - - reject_type = '' - if is_contain_ip and is_contain_time_period: - # 满足条件 - allow = acl.action_allow - if not allow: - reject_type = 'ip' if is_contain_ip else 'time' - else: - # 不满足条件 - # 如果acl本身允许,那就拒绝;如果本身拒绝,那就允许 - allow = not acl.action_allow - if not allow: - reject_type = 'ip' if not is_contain_ip else 'time' - - return allow, reject_type + for acl in acls: + if acl.is_action(LoginACL.ActionChoices.confirm) and not acl.reviewers.exists(): + continue + ip_group = acl.rules.get('ip_group') + time_periods = acl.rules.get('time_period') + is_contain_ip = contains_ip(ip, ip_group) + is_contain_time_period = contains_time_period(time_periods) + if is_contain_ip and is_contain_time_period: + # 满足条件,则返回 + return acl def create_confirm_ticket(self, request): from tickets import const diff --git a/apps/authentication/errors/failed.py b/apps/authentication/errors/failed.py index 118fd6d6e..cd3274094 100644 --- a/apps/authentication/errors/failed.py +++ b/apps/authentication/errors/failed.py @@ -138,18 +138,11 @@ class ACLError(AuthFailedNeedLogMixin, AuthFailedError): } -class LoginIPNotAllowed(ACLError): +class LoginACLNotAllowed(ACLError): def __init__(self, username, request, **kwargs): self.username = username self.request = request - super().__init__(_("IP is not allowed"), **kwargs) - - -class TimePeriodNotAllowed(ACLError): - def __init__(self, username, request, **kwargs): - self.username = username - self.request = request - super().__init__(_("Time Period is not allowed"), **kwargs) + super().__init__(_("ACL is not allowed"), **kwargs) class MFACodeRequiredError(AuthFailedError): diff --git a/apps/authentication/mixins.py b/apps/authentication/mixins.py index 403f7186d..af51f2f2d 100644 --- a/apps/authentication/mixins.py +++ b/apps/authentication/mixins.py @@ -328,13 +328,56 @@ class AuthACLMixin: def _check_login_acl(self, user, ip): # ACL 限制用户登录 - is_allowed, limit_type = LoginACL.allow_user_to_login(user, ip) - if is_allowed: + acl = LoginACL.match(user, ip) + if not acl: return - if limit_type == 'ip': - raise errors.LoginIPNotAllowed(username=user.username, request=self.request) - elif limit_type == 'time': - raise errors.TimePeriodNotAllowed(username=user.username, request=self.request) + + acl: LoginACL + if acl.is_action(acl.ActionChoices.allow): + return + + if acl.is_action(acl.ActionChoices.reject): + raise errors.LoginACLNotAllowed(username=user.username, request=self.request) + + if acl.is_action(acl.ActionChoices.confirm): + self.request.session['auth_confirm_required'] = '1' + self.request.session['auth_acl_id'] = str(acl.id) + return + + def check_user_login_confirm_if_need(self, user): + if not self.request.session.get("auth_confirm_required"): + return + acl_id = self.request.session.get('auth_acl_id') + logger.debug('Login confirm acl id: {}'.format(acl_id)) + if not acl_id: + return + acl = LoginACL.filter_acl(user).filter(id=acl_id).first() + if not acl: + return + if not acl.is_action(acl.ActionChoices.confirm): + return + self.get_ticket_or_create(acl) + self.check_user_login_confirm() + + def get_ticket_or_create(self, acl): + ticket = self.get_ticket() + if not ticket or ticket.is_state(ticket.State.closed): + ticket = acl.create_confirm_ticket(self.request) + self.request.session['auth_ticket_id'] = str(ticket.id) + return ticket + + def check_user_login_confirm(self): + ticket = self.get_ticket() + if not ticket: + raise errors.LoginConfirmOtherError('', "Not found") + elif ticket.is_state(ticket.State.approved): + self.request.session["auth_confirm_required"] = '' + return + elif ticket.is_status(ticket.Status.open): + raise errors.LoginConfirmWaitError(ticket.id) + else: + # rejected, closed + raise errors.LoginConfirmOtherError(ticket.id, ticket.get_state_display()) def get_ticket(self): from tickets.models import ApplyLoginTicket @@ -346,44 +389,6 @@ class AuthACLMixin: ticket = ApplyLoginTicket.all().filter(id=ticket_id).first() return ticket - def get_ticket_or_create(self, confirm_setting): - ticket = self.get_ticket() - if not ticket or ticket.is_status(ticket.Status.closed): - ticket = confirm_setting.create_confirm_ticket(self.request) - self.request.session['auth_ticket_id'] = str(ticket.id) - return ticket - - def check_user_login_confirm(self): - ticket = self.get_ticket() - if not ticket: - raise errors.LoginConfirmOtherError('', "Not found") - - if ticket.is_status(ticket.Status.open): - raise errors.LoginConfirmWaitError(ticket.id) - elif ticket.is_state(ticket.State.approved): - self.request.session["auth_confirm"] = "1" - return - elif ticket.is_state(ticket.State.rejected): - raise errors.LoginConfirmOtherError( - ticket.id, ticket.get_state_display() - ) - elif ticket.is_state(ticket.State.closed): - raise errors.LoginConfirmOtherError( - ticket.id, ticket.get_state_display() - ) - else: - raise errors.LoginConfirmOtherError( - ticket.id, ticket.get_status_display() - ) - - def check_user_login_confirm_if_need(self, user): - ip = self.get_request_ip() - is_allowed, confirm_setting = LoginACL.allow_user_confirm_if_need(user, ip) - if self.request.session.get('auth_confirm') or not is_allowed: - return - self.get_ticket_or_create(confirm_setting) - self.check_user_login_confirm() - class AuthMixin(CommonMixin, AuthPreCheckMixin, AuthACLMixin, MFAMixin, AuthPostCheckMixin): request = None @@ -482,7 +487,9 @@ class AuthMixin(CommonMixin, AuthPreCheckMixin, AuthACLMixin, MFAMixin, AuthPost return self.check_user_auth(valid_data) def clear_auth_mark(self): - keys = ['auth_password', 'user_id', 'auth_confirm', 'auth_ticket_id'] + keys = [ + 'auth_password', 'user_id', 'auth_confirm_required', 'auth_ticket_id', 'auth_acl_id' + ] for k in keys: self.request.session.pop(k, '') diff --git a/apps/locale/ja/LC_MESSAGES/django.mo b/apps/locale/ja/LC_MESSAGES/django.mo index a74e1daed..b3b599833 100644 --- a/apps/locale/ja/LC_MESSAGES/django.mo +++ b/apps/locale/ja/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:7ff3ae18c27279b8783eba9e85b270f9c3da63f812da315ba210877b33b960a8 -size 128908 +oid sha256:322701b975fe90b4b187c4a99ddd1837291150502c82accf0a4c6e32dddf91be +size 128721 diff --git a/apps/locale/ja/LC_MESSAGES/django.po b/apps/locale/ja/LC_MESSAGES/django.po index 7668705cc..3b3f1d7d6 100644 --- a/apps/locale/ja/LC_MESSAGES/django.po +++ b/apps/locale/ja/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-07-28 13:43+0800\n" +"POT-Creation-Date: 2022-07-29 10:56+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -80,7 +80,7 @@ msgstr "拒否" msgid "Allow" msgstr "許可" -#: acls/models/login_acl.py:20 acls/models/login_acl.py:104 +#: acls/models/login_acl.py:20 acls/models/login_acl.py:75 #: acls/models/login_asset_acl.py:17 tickets/const.py:9 msgid "Login confirm" msgstr "ログイン確認" @@ -1915,7 +1915,7 @@ msgstr "このアカウントは期限切れです" msgid "Auth backend not match" msgstr "Authバックエンドが一致しない" -#: authentication/errors/const.py:28 +#: authentication/errors/const.py:28 authentication/errors/failed.py:145 msgid "ACL is not allowed" msgstr "ACLは許可されません" @@ -1983,23 +1983,15 @@ msgstr "受け入れのためのログイン確認チケットを待つ" msgid "Login confirm ticket was {}" msgstr "ログイン確認チケットは {} でした" -#: authentication/errors/failed.py:145 -msgid "IP is not allowed" -msgstr "IPは許可されていません" - -#: authentication/errors/failed.py:152 -msgid "Time Period is not allowed" -msgstr "期間は許可されていません" - -#: authentication/errors/failed.py:157 +#: authentication/errors/failed.py:150 msgid "Please enter MFA code" msgstr "MFAコードを入力してください" -#: authentication/errors/failed.py:162 +#: authentication/errors/failed.py:155 msgid "Please enter SMS code" msgstr "SMSコードを入力してください" -#: authentication/errors/failed.py:167 users/exceptions.py:15 +#: authentication/errors/failed.py:160 users/exceptions.py:15 msgid "Phone not set" msgstr "電話が設定されていない" @@ -6863,5 +6855,11 @@ msgstr "究極のエディション" msgid "Community edition" msgstr "コミュニティ版" +#~ msgid "IP is not allowed" +#~ msgstr "IPは許可されていません" + +#~ msgid "Time Period is not allowed" +#~ msgstr "期間は許可されていません" + #~ msgid "User cannot self-update fields: {}" #~ msgstr "ユーザーは自分のフィールドを更新できません: {}" diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo index 841d1186d..26e44a3d7 100644 --- a/apps/locale/zh/LC_MESSAGES/django.mo +++ b/apps/locale/zh/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:4c10c6bd05e79bc462db9863136e538978e5ca2644c6fd228050603135559d83 -size 106223 +oid sha256:9ed12e275e241284573d49c752cf01bafddb912dfe38ae2888a62e62cdb30ebd +size 106084 diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index dab498f08..99fba8067 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: JumpServer 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-07-28 13:43+0800\n" +"POT-Creation-Date: 2022-07-29 10:56+0800\n" "PO-Revision-Date: 2021-05-20 10:54+0800\n" "Last-Translator: ibuler \n" "Language-Team: JumpServer team\n" @@ -79,7 +79,7 @@ msgstr "拒绝" msgid "Allow" msgstr "允许" -#: acls/models/login_acl.py:20 acls/models/login_acl.py:104 +#: acls/models/login_acl.py:20 acls/models/login_acl.py:75 #: acls/models/login_asset_acl.py:17 tickets/const.py:9 msgid "Login confirm" msgstr "登录复核" @@ -1901,7 +1901,7 @@ msgstr "此账号已过期" msgid "Auth backend not match" msgstr "没有匹配到认证后端" -#: authentication/errors/const.py:28 +#: authentication/errors/const.py:28 authentication/errors/failed.py:145 msgid "ACL is not allowed" msgstr "ACL 不被允许" @@ -1963,23 +1963,15 @@ msgstr "等待登录复核处理" msgid "Login confirm ticket was {}" msgstr "登录复核: {}" -#: authentication/errors/failed.py:145 -msgid "IP is not allowed" -msgstr "来源 IP 不被允许登录" - -#: authentication/errors/failed.py:152 -msgid "Time Period is not allowed" -msgstr "该 时间段 不被允许登录" - -#: authentication/errors/failed.py:157 +#: authentication/errors/failed.py:150 msgid "Please enter MFA code" msgstr "请输入 MFA 验证码" -#: authentication/errors/failed.py:162 +#: authentication/errors/failed.py:155 msgid "Please enter SMS code" msgstr "请输入短信验证码" -#: authentication/errors/failed.py:167 users/exceptions.py:15 +#: authentication/errors/failed.py:160 users/exceptions.py:15 msgid "Phone not set" msgstr "手机号没有设置" @@ -6766,5 +6758,11 @@ msgstr "旗舰版" msgid "Community edition" msgstr "社区版" +#~ msgid "IP is not allowed" +#~ msgstr "来源 IP 不被允许登录" + +#~ msgid "Time Period is not allowed" +#~ msgstr "该 时间段 不被允许登录" + #~ msgid "User cannot self-update fields: {}" #~ msgstr "用户不能更新自己的字段: {}" From e8b4ee5c40a55daf03f4633547153d5a55d8575f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=80=81=E5=B9=BF?= Date: Thu, 28 Jul 2022 15:36:09 +0800 Subject: [PATCH 09/33] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 70dac07d1..f46836725 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ -JumpServer 是全球首款开源的堡垒机,使用 GPLv3 开源协议,是符合 4A 规范的运维安全审计系统。 +JumpServer 是广受欢迎的开源堡垒机,是符合 4A 规范的专业运维安全审计系统。 JumpServer 使用 Python 开发,配备了业界领先的 Web Terminal 方案,交互界面美观、用户体验好。 From 9319c4748c001226aebaaf24272d17feec428102 Mon Sep 17 00:00:00 2001 From: "Jiangjie.Bai" Date: Tue, 2 Aug 2022 14:28:58 +0800 Subject: [PATCH 10/33] =?UTF-8?q?perf:=20=E4=BF=AE=E6=94=B9=E7=94=A8?= =?UTF-8?q?=E6=88=B7=E7=99=BB=E5=BD=95=20ACL=20=E7=BF=BB=E8=AF=91=E4=BF=A1?= =?UTF-8?q?=E6=81=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/authentication/errors/failed.py | 4 ++-- apps/authentication/mixins.py | 2 +- apps/locale/ja/LC_MESSAGES/django.po | 13 +++++++------ apps/locale/zh/LC_MESSAGES/django.po | 13 +++++++------ 4 files changed, 17 insertions(+), 15 deletions(-) diff --git a/apps/authentication/errors/failed.py b/apps/authentication/errors/failed.py index cd3274094..93efebf78 100644 --- a/apps/authentication/errors/failed.py +++ b/apps/authentication/errors/failed.py @@ -138,11 +138,11 @@ class ACLError(AuthFailedNeedLogMixin, AuthFailedError): } -class LoginACLNotAllowed(ACLError): +class LoginACLIPAndTimePeriodNotAllowed(ACLError): def __init__(self, username, request, **kwargs): self.username = username self.request = request - super().__init__(_("ACL is not allowed"), **kwargs) + super().__init__(_("Current IP and Time period is not allowed"), **kwargs) class MFACodeRequiredError(AuthFailedError): diff --git a/apps/authentication/mixins.py b/apps/authentication/mixins.py index af51f2f2d..739048d75 100644 --- a/apps/authentication/mixins.py +++ b/apps/authentication/mixins.py @@ -337,7 +337,7 @@ class AuthACLMixin: return if acl.is_action(acl.ActionChoices.reject): - raise errors.LoginACLNotAllowed(username=user.username, request=self.request) + raise errors.LoginACLIPAndTimePeriodNotAllowed(user.username, request=self.request) if acl.is_action(acl.ActionChoices.confirm): self.request.session['auth_confirm_required'] = '1' diff --git a/apps/locale/ja/LC_MESSAGES/django.po b/apps/locale/ja/LC_MESSAGES/django.po index 3b3f1d7d6..0dfe25a4a 100644 --- a/apps/locale/ja/LC_MESSAGES/django.po +++ b/apps/locale/ja/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-07-29 10:56+0800\n" +"POT-Creation-Date: 2022-08-02 11:39+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -1915,9 +1915,9 @@ msgstr "このアカウントは期限切れです" msgid "Auth backend not match" msgstr "Authバックエンドが一致しない" -#: authentication/errors/const.py:28 authentication/errors/failed.py:145 +#: authentication/errors/const.py:28 msgid "ACL is not allowed" -msgstr "ACLは許可されません" +msgstr "ログイン アクセス制御は許可されません" #: authentication/errors/const.py:29 msgid "Only local users are allowed" @@ -1983,6 +1983,10 @@ msgstr "受け入れのためのログイン確認チケットを待つ" msgid "Login confirm ticket was {}" msgstr "ログイン確認チケットは {} でした" +#: authentication/errors/failed.py:145 +msgid "Current IP and Time period is not allowed" +msgstr "現在の IP と期間はログインを許可されていません" + #: authentication/errors/failed.py:150 msgid "Please enter MFA code" msgstr "MFAコードを入力してください" @@ -6858,8 +6862,5 @@ msgstr "コミュニティ版" #~ msgid "IP is not allowed" #~ msgstr "IPは許可されていません" -#~ msgid "Time Period is not allowed" -#~ msgstr "期間は許可されていません" - #~ msgid "User cannot self-update fields: {}" #~ msgstr "ユーザーは自分のフィールドを更新できません: {}" diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index 99fba8067..c8320846f 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: JumpServer 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-07-29 10:56+0800\n" +"POT-Creation-Date: 2022-08-02 11:39+0800\n" "PO-Revision-Date: 2021-05-20 10:54+0800\n" "Last-Translator: ibuler \n" "Language-Team: JumpServer team\n" @@ -1901,9 +1901,9 @@ msgstr "此账号已过期" msgid "Auth backend not match" msgstr "没有匹配到认证后端" -#: authentication/errors/const.py:28 authentication/errors/failed.py:145 +#: authentication/errors/const.py:28 msgid "ACL is not allowed" -msgstr "ACL 不被允许" +msgstr "登录访问控制不被允许" #: authentication/errors/const.py:29 msgid "Only local users are allowed" @@ -1963,6 +1963,10 @@ msgstr "等待登录复核处理" msgid "Login confirm ticket was {}" msgstr "登录复核: {}" +#: authentication/errors/failed.py:145 +msgid "Current IP and Time period is not allowed" +msgstr "当前 IP 和时间段不被允许登录" + #: authentication/errors/failed.py:150 msgid "Please enter MFA code" msgstr "请输入 MFA 验证码" @@ -6761,8 +6765,5 @@ msgstr "社区版" #~ msgid "IP is not allowed" #~ msgstr "来源 IP 不被允许登录" -#~ msgid "Time Period is not allowed" -#~ msgstr "该 时间段 不被允许登录" - #~ msgid "User cannot self-update fields: {}" #~ msgstr "用户不能更新自己的字段: {}" From 9ff345747bbb0f7a2317e8743a2e76a240f1c2c8 Mon Sep 17 00:00:00 2001 From: "Jiangjie.Bai" Date: Tue, 2 Aug 2022 14:47:53 +0800 Subject: [PATCH 11/33] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E7=B3=BB?= =?UTF-8?q?=E7=BB=9F=E5=B9=B3=E5=8F=B0=E4=B8=8D=E8=83=BD=E5=AF=BC=E5=85=A5?= =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/assets/api/asset.py | 4 ++-- apps/assets/serializers/asset.py | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/apps/assets/api/asset.py b/apps/assets/api/asset.py index 3f4b7a209..f8c2ab179 100644 --- a/apps/assets/api/asset.py +++ b/apps/assets/api/asset.py @@ -6,7 +6,7 @@ from django.shortcuts import get_object_or_404 from django.db.models import Q from common.utils import get_logger, get_object_or_none -from common.mixins.api import SuggestionMixin +from common.mixins.api import SuggestionMixin, RenderToJsonMixin from users.models import User, UserGroup from users.serializers import UserSerializer, UserGroupSerializer from users.filters import UserFilter @@ -88,7 +88,7 @@ class AssetPlatformRetrieveApi(RetrieveAPIView): return asset.platform -class AssetPlatformViewSet(ModelViewSet): +class AssetPlatformViewSet(ModelViewSet, RenderToJsonMixin): queryset = Platform.objects.all() serializer_class = serializers.PlatformSerializer filterset_fields = ['name', 'base'] diff --git a/apps/assets/serializers/asset.py b/apps/assets/serializers/asset.py index 427d0e470..5211cfef6 100644 --- a/apps/assets/serializers/asset.py +++ b/apps/assets/serializers/asset.py @@ -189,6 +189,9 @@ class PlatformSerializer(serializers.ModelSerializer): 'id', 'name', 'base', 'charset', 'internal', 'meta', 'comment' ] + extra_kwargs = { + 'internal': {'read_only': True}, + } class AssetSimpleSerializer(serializers.ModelSerializer): From 40f8b99242faf1a3a0eefc76c8bdd66624217c41 Mon Sep 17 00:00:00 2001 From: "Jiangjie.Bai" Date: Tue, 2 Aug 2022 16:39:21 +0800 Subject: [PATCH 12/33] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E6=9B=B4?= =?UTF-8?q?=E6=96=B0=E8=B5=84=E4=BA=A7=E8=B4=A6=E5=8F=B7=E4=B8=8D=E6=88=90?= =?UTF-8?q?=E5=8A=9F=E7=9A=84=E9=97=AE=E9=A2=98(=E6=9C=AB=E5=B0=BE:)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/common/utils/crypto.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apps/common/utils/crypto.py b/apps/common/utils/crypto.py index 0c818ec5b..3922a5462 100644 --- a/apps/common/utils/crypto.py +++ b/apps/common/utils/crypto.py @@ -255,6 +255,8 @@ def decrypt_password(value): if len(cipher) != 2: return value key_cipher, password_cipher = cipher + if not all([key_cipher, password_cipher]): + return value aes_key = rsa_decrypt_by_session_pkey(key_cipher) aes = get_aes_crypto(aes_key, 'ECB') try: From 3e7f83d44e5f3a4313dafd15ed72c47b221aea80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Chuailei000=E2=80=9D?= <2280131253@qq.com> Date: Tue, 2 Aug 2022 16:31:46 +0800 Subject: [PATCH 13/33] =?UTF-8?q?fix=EF=BC=9A=E4=BF=AE=E5=A4=8D=E5=BF=98?= =?UTF-8?q?=E8=AE=B0=E5=AF=86=E7=A0=81=E9=A1=B5=E5=B8=83=E5=B1=80=E9=94=99?= =?UTF-8?q?=E4=BD=8D=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/users/templates/users/forgot_password.html | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/users/templates/users/forgot_password.html b/apps/users/templates/users/forgot_password.html index 8289726f3..16c784250 100644 --- a/apps/users/templates/users/forgot_password.html +++ b/apps/users/templates/users/forgot_password.html @@ -6,6 +6,7 @@ +
+

+

+ {% if error %} + {{ error }} + {% else %} + {{ message|safe }} + {% endif %} +
+

+ +
+ {% if has_cancel %} +
+ + {% trans 'Cancel' %} + +
+ {% endif %} +
+ + {% if confirm_button %} + {{ confirm_button }} + {% else %} + {% trans 'Confirm' %} + {% endif %} + +
+
+
+{% endblock %} + +{% block custom_foot_js %} + +{% endblock %} + diff --git a/apps/jumpserver/settings/auth.py b/apps/jumpserver/settings/auth.py index 803315f9c..9ab01b6a1 100644 --- a/apps/jumpserver/settings/auth.py +++ b/apps/jumpserver/settings/auth.py @@ -205,6 +205,7 @@ AUTHENTICATION_BACKENDS = [ AUTH_BACKEND_AUTH_TOKEN, AUTH_BACKEND_SSO, AUTH_BACKEND_TEMP_TOKEN ] +AUTHENTICATION_BACKENDS_THIRD_PARTY = [AUTH_BACKEND_OIDC_CODE, AUTH_BACKEND_CAS, AUTH_BACKEND_SAML2] ONLY_ALLOW_EXIST_USER_AUTH = CONFIG.ONLY_ALLOW_EXIST_USER_AUTH ONLY_ALLOW_AUTH_FROM_SOURCE = CONFIG.ONLY_ALLOW_AUTH_FROM_SOURCE diff --git a/apps/jumpserver/settings/base.py b/apps/jumpserver/settings/base.py index 547aa9c1b..a65266a1f 100644 --- a/apps/jumpserver/settings/base.py +++ b/apps/jumpserver/settings/base.py @@ -109,6 +109,7 @@ MIDDLEWARE = [ 'authentication.backends.oidc.middleware.OIDCRefreshIDTokenMiddleware', 'authentication.backends.cas.middleware.CASMiddleware', 'authentication.middleware.MFAMiddleware', + 'authentication.middleware.ThirdPartyLoginMiddleware', 'authentication.middleware.SessionCookieMiddleware', 'simple_history.middleware.HistoryRequestMiddleware', ] From 6a30e0739d37cc9a48103181508a919f0b770005 Mon Sep 17 00:00:00 2001 From: huangzhiwen Date: Tue, 9 Aug 2022 11:31:04 +0800 Subject: [PATCH 23/33] =?UTF-8?q?feat:=20OAuth2.0=E7=99=BB=E5=BD=95?= =?UTF-8?q?=E6=96=B9=E5=BC=8F=E5=8A=A0=E4=B8=8A=E7=94=A8=E6=88=B7=E7=99=BB?= =?UTF-8?q?=E5=BD=95=E8=A7=84=E5=88=99=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/jumpserver/settings/auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/jumpserver/settings/auth.py b/apps/jumpserver/settings/auth.py index 9ab01b6a1..0270913b0 100644 --- a/apps/jumpserver/settings/auth.py +++ b/apps/jumpserver/settings/auth.py @@ -205,7 +205,7 @@ AUTHENTICATION_BACKENDS = [ AUTH_BACKEND_AUTH_TOKEN, AUTH_BACKEND_SSO, AUTH_BACKEND_TEMP_TOKEN ] -AUTHENTICATION_BACKENDS_THIRD_PARTY = [AUTH_BACKEND_OIDC_CODE, AUTH_BACKEND_CAS, AUTH_BACKEND_SAML2] +AUTHENTICATION_BACKENDS_THIRD_PARTY = [AUTH_BACKEND_OIDC_CODE, AUTH_BACKEND_CAS, AUTH_BACKEND_SAML2, AUTH_BACKEND_OAUTH2] ONLY_ALLOW_EXIST_USER_AUTH = CONFIG.ONLY_ALLOW_EXIST_USER_AUTH ONLY_ALLOW_AUTH_FROM_SOURCE = CONFIG.ONLY_ALLOW_AUTH_FROM_SOURCE From 708a87c903384865adf966d37b02306474eada1b Mon Sep 17 00:00:00 2001 From: jiangweidong <80373698+F2C-Jiang@users.noreply.github.com> Date: Tue, 9 Aug 2022 16:09:20 +0800 Subject: [PATCH 24/33] =?UTF-8?q?feat:=20=E6=94=AF=E6=8C=81CMPPv2.0?= =?UTF-8?q?=E5=8D=8F=E8=AE=AE=E7=9F=AD=E4=BF=A1=E7=BD=91=E5=85=B3=20(#8591?= =?UTF-8?q?)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: 支持CMPPv2.0协议短信网关 * 修改翻译 Co-authored-by: Jiangjie.Bai <32935519+BaiJiangJie@users.noreply.github.com> --- apps/common/sdk/sms/base.py | 4 + apps/common/sdk/sms/cmpp2.py | 322 ++++++++++++++++++++++++++ apps/common/sdk/sms/endpoint.py | 3 +- apps/jumpserver/conf.py | 9 + apps/locale/ja/LC_MESSAGES/django.po | 153 +++++++----- apps/locale/zh/LC_MESSAGES/django.po | 152 +++++++----- apps/settings/api/__init__.py | 2 - apps/settings/api/alibaba_sms.py | 58 ----- apps/settings/api/settings.py | 1 + apps/settings/api/sms.py | 118 +++++++++- apps/settings/api/tencent_sms.py | 63 ----- apps/settings/serializers/auth/sms.py | 33 ++- apps/settings/serializers/settings.py | 3 +- apps/settings/urls/api_urls.py | 3 +- 14 files changed, 686 insertions(+), 238 deletions(-) create mode 100644 apps/common/sdk/sms/cmpp2.py delete mode 100644 apps/settings/api/alibaba_sms.py delete mode 100644 apps/settings/api/tencent_sms.py diff --git a/apps/common/sdk/sms/base.py b/apps/common/sdk/sms/base.py index 4d02370b1..77dcc669a 100644 --- a/apps/common/sdk/sms/base.py +++ b/apps/common/sdk/sms/base.py @@ -17,4 +17,8 @@ class BaseSMSClient: def send_sms(self, phone_numbers: list, sign_name: str, template_code: str, template_param: dict, **kwargs): raise NotImplementedError + @staticmethod + def need_pre_check(): + return True + diff --git a/apps/common/sdk/sms/cmpp2.py b/apps/common/sdk/sms/cmpp2.py new file mode 100644 index 000000000..8a6a4fe32 --- /dev/null +++ b/apps/common/sdk/sms/cmpp2.py @@ -0,0 +1,322 @@ +import hashlib +import socket +import struct +import time + +from django.conf import settings + +from common.utils import get_logger +from common.exceptions import JMSException +from .base import BaseSMSClient + + +logger = get_logger(__file__) + + +CMPP_CONNECT = 0x00000001 # 请求连接 +CMPP_CONNECT_RESP = 0x80000001 # 请求连接应答 +CMPP_TERMINATE = 0x00000002 # 终止连接 +CMPP_TERMINATE_RESP = 0x80000002 # 终止连接应答 +CMPP_SUBMIT = 0x00000004 # 提交短信 +CMPP_SUBMIT_RESP = 0x80000004 # 提交短信应答 +CMPP_DELIVER = 0x00000005 # 短信下发 +CMPP_DELIVER_RESP = 0x80000005 # 下发短信应答 + + +class CMPPBaseRequestInstance(object): + def __init__(self): + self.command_id = '' + self.body = b'' + self.length = 0 + + def get_header(self, sequence_id): + length = struct.pack('!L', 12 + self.length) + command_id = struct.pack('!L', self.command_id) + sequence_id = struct.pack('!L', sequence_id) + return length + command_id + sequence_id + + def get_message(self, sequence_id): + return self.get_header(sequence_id) + self.body + + +class CMPPConnectRequestInstance(CMPPBaseRequestInstance): + def __init__(self, sp_id, sp_secret): + if len(sp_id) != 6: + raise ValueError("sp_id and sp_secret are both 6 bits") + + super().__init__() + + source_addr = sp_id.encode('utf-8') + sp_secret = sp_secret.encode('utf-8') + version = struct.pack('!B', 0x02) + timestamp = struct.pack('!L', int(self.get_now())) + authenticator_source = source_addr + 9 * b'\x00' + sp_secret + self.get_now().encode('utf-8') + auth_source_md5 = hashlib.md5(authenticator_source).digest() + self.body = source_addr + auth_source_md5 + version + timestamp + self.length = len(self.body) + self.command_id = CMPP_CONNECT + + @staticmethod + def get_now(): + return time.strftime('%m%d%H%M%S', time.localtime(time.time())) + + +class CMPPSubmitRequestInstance(CMPPBaseRequestInstance): + def __init__(self, msg_src, dest_terminal_id, msg_content, src_id, + service_id='', dest_usr_tl=1): + if len(msg_content) >= 70: + raise JMSException('The message length should be within 70 characters') + if len(dest_terminal_id) > 100: + raise JMSException('The number of users receiving information should be less than 100') + + super().__init__() + + msg_id = 8 * b'\x00' + pk_total = struct.pack('!B', 1) + pk_number = struct.pack('!B', 1) + registered_delivery = struct.pack('!B', 0) + msg_level = struct.pack('!B', 0) + service_id = ((10 - len(service_id)) * '\x00' + service_id).encode('utf-8') + fee_user_type = struct.pack('!B', 2) + fee_terminal_id = ('0' * 21).encode('utf-8') + tp_pid = struct.pack('!B', 0) + tp_udhi = struct.pack('!B', 0) + msg_fmt = struct.pack('!B', 8) + fee_type = '01'.encode('utf-8') + fee_code = '000000'.encode('utf-8') + valid_time = ('\x00' * 17).encode('utf-8') + at_time = ('\x00' * 17).encode('utf-8') + src_id = ((21 - len(src_id)) * '\x00' + src_id).encode('utf-8') + reserve = b'\x00' * 8 + _msg_length = struct.pack('!B', len(msg_content) * 2) + _msg_src = msg_src.encode('utf-8') + _dest_usr_tl = struct.pack('!B', dest_usr_tl) + _msg_content = msg_content.encode('utf-16-be') + _dest_terminal_id = b''.join([ + (i + (21 - len(i)) * '\x00').encode('utf-8') for i in dest_terminal_id + ]) + self.length = 126 + 21 * dest_usr_tl + len(_msg_content) + self.command_id = CMPP_SUBMIT + self.body = msg_id + pk_total + pk_number + registered_delivery \ + + msg_level + service_id + fee_user_type + fee_terminal_id \ + + tp_pid + tp_udhi + msg_fmt + _msg_src + fee_type + fee_code \ + + valid_time + at_time + src_id + _dest_usr_tl + _dest_terminal_id \ + + _msg_length + _msg_content + reserve + + +class CMPPTerminateRequestInstance(CMPPBaseRequestInstance): + def __init__(self): + super().__init__() + self.body = b'' + self.command_id = CMPP_TERMINATE + + +class CMPPDeliverRespRequestInstance(CMPPBaseRequestInstance): + def __init__(self, msg_id, result=0): + super().__init__() + msg_id = struct.pack('!Q', msg_id) + result = struct.pack('!B', result) + self.length = len(self.body) + self.body = msg_id + result + + +class CMPPResponseInstance(object): + def __init__(self): + self.command_id = None + self.length = None + self.response_handler_map = { + CMPP_CONNECT_RESP: self.connect_response_parse, + CMPP_SUBMIT_RESP: self.submit_response_parse, + CMPP_DELIVER: self.deliver_request_parse, + } + + @staticmethod + def connect_response_parse(body): + status, = struct.unpack('!B', body[0:1]) + authenticator_ISMG = body[1:17] + version, = struct.unpack('!B', body[17:18]) + return { + 'Status': status, + 'AuthenticatorISMG': authenticator_ISMG, + 'Version': version + } + + @staticmethod + def submit_response_parse(body): + msg_id = body[:8] + result = struct.unpack('!B', body[8:9]) + return { + 'Msg_Id': msg_id, 'Result': result[0] + } + + @staticmethod + def deliver_request_parse(body): + msg_id, = struct.unpack('!Q', body[0:8]) + dest_id = body[8:29] + service_id = body[29:39] + tp_pid = struct.unpack('!B', body[39:40]) + tp_udhi = struct.unpack('!B', body[40:41]) + msg_fmt = struct.unpack('!B', body[41:42]) + src_terminal_id = body[42:63] + registered_delivery = struct.unpack('!B', body[63:64]) + msg_length = struct.unpack('!B', body[64:65]) + msg_content = body[65:msg_length[0]+65] + return { + 'Msg_Id': msg_id, 'Dest_Id': dest_id, 'Service_Id': service_id, + 'TP_pid': tp_pid, 'TP_udhi': tp_udhi, 'Msg_Fmt': msg_fmt, + 'Src_terminal_Id': src_terminal_id, 'Registered_Delivery': registered_delivery, + 'Msg_Length': msg_length, 'Msg_content': msg_content + } + + def parse_header(self, data): + self.command_id, = struct.unpack('!L', data[4:8]) + sequence_id, = struct.unpack('!L', data[8:12]) + return { + 'length': self.length, + 'command_id': hex(self.command_id), + 'sequence_id': sequence_id + } + + def parse_body(self, body): + response_body_func = self.response_handler_map.get(self.command_id) + if response_body_func is None: + raise JMSException('Unable to parse the returned result: %s' % body) + return response_body_func(body) + + def parse(self, data): + self.length, = struct.unpack('!L', data[0:4]) + header = self.parse_header(data) + body = self.parse_body(data[12:self.length]) + return header, body + + +class CMPPClient(object): + def __init__(self, host, port, sp_id, sp_secret, src_id, service_id): + self.ip = host + self.port = port + self.sp_id = sp_id + self.sp_secret = sp_secret + self.src_id = src_id + self.service_id = service_id + self._sequence_id = 0 + self._is_connect = False + self._times = 3 + self.__socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + self._connect() + + @property + def sequence_id(self): + s = self._sequence_id + self._sequence_id += 1 + return s + + def _connect(self): + self.__socket.settimeout(5) + for i in range(self._times): + try: + self.__socket.connect((self.ip, self.port)) + except socket.timeout: + time.sleep(1) + else: + self._is_connect = True + break + + def send(self, instance): + if isinstance(instance, CMPPBaseRequestInstance): + message = instance.get_message(sequence_id=self.sequence_id) + else: + message = instance + self.__socket.send(message) + + def recv(self): + raw_length = self.__socket.recv(4) + length, = struct.unpack('!L', raw_length) + header, body = CMPPResponseInstance().parse( + raw_length + self.__socket.recv(length - 4) + ) + return header, body + + def close(self): + if self._is_connect: + terminate_request = CMPPTerminateRequestInstance() + self.send(terminate_request) + self.__socket.close() + + def _cmpp_connect(self): + connect_request = CMPPConnectRequestInstance(self.sp_id, self.sp_secret) + self.send(connect_request) + header, body = self.recv() + if body['Status'] != 0: + raise JMSException('CMPPv2.0 authentication failed: %s' % body) + + def _cmpp_send_sms(self, dest, sign_name, template_code, template_param): + """ + 优先发送template_param中message的信息 + 若该内容不存在,则根据template_code构建验证码发送 + """ + message = template_param.get('message') + if message is None: + code = template_param.get('code') + message = template_code.replace('{code}', code) + msg = '【%s】 %s' % (sign_name, message) + submit_request = CMPPSubmitRequestInstance( + msg_src=self.sp_id, src_id=self.src_id, msg_content=msg, + dest_usr_tl=len(dest), dest_terminal_id=dest, + service_id=self.service_id + ) + self.send(submit_request) + header, body = self.recv() + command_id = header.get('command_id') + if command_id == CMPP_DELIVER: + deliver_request = CMPPDeliverRespRequestInstance( + msg_id=body['Msg_Id'], result=body['Result'] + ) + self.send(deliver_request) + + def send_sms(self, dest, sign_name, template_code, template_param): + try: + self._cmpp_connect() + self._cmpp_send_sms(dest, sign_name, template_code, template_param) + except Exception as e: + logger.error('CMPPv2.0 Error: %s', e) + self.close() + raise JMSException(e) + + +class CMPP2SMS(BaseSMSClient): + SIGN_AND_TMPL_SETTING_FIELD_PREFIX = 'CMPP2' + + @classmethod + def new_from_settings(cls): + return cls( + host=settings.CMPP2_HOST, port=settings.CMPP2_PORT, + sp_id=settings.CMPP2_SP_ID, sp_secret=settings.CMPP2_SP_SECRET, + service_id=settings.CMPP2_SERVICE_ID, src_id=getattr(settings, 'CMPP2_SRC_ID', ''), + ) + + def __init__(self, host: str, port: int, sp_id: str, sp_secret: str, service_id: str, src_id=''): + try: + self.client = CMPPClient( + host=host, port=port, sp_id=sp_id, sp_secret=sp_secret, src_id=src_id, service_id=service_id + ) + except socket.timeout: + self.client = None + logger.warning('CMPPv2.0 connect remote time out.') + + @staticmethod + def need_pre_check(): + return False + + def send_sms(self, phone_numbers: list, sign_name: str, template_code: str, template_param: dict, **kwargs): + try: + logger.info(f'CMPPv2.0 sms send: ' + f'phone_numbers={phone_numbers} ' + f'sign_name={sign_name} ' + f'template_code={template_code} ' + f'template_param={template_param}') + self.client.send_sms(phone_numbers, sign_name, template_code, template_param) + except Exception as e: + raise JMSException(e) + + +client = CMPP2SMS diff --git a/apps/common/sdk/sms/endpoint.py b/apps/common/sdk/sms/endpoint.py index 610bf2d99..3bcaa8559 100644 --- a/apps/common/sdk/sms/endpoint.py +++ b/apps/common/sdk/sms/endpoint.py @@ -15,6 +15,7 @@ logger = get_logger(__name__) class BACKENDS(TextChoices): ALIBABA = 'alibaba', _('Alibaba cloud') TENCENT = 'tencent', _('Tencent cloud') + CMPP2 = 'cmpp2', _('CMPP v2.0') class SMS: @@ -43,7 +44,7 @@ class SMS: sign_name = getattr(settings, f'{self.client.SIGN_AND_TMPL_SETTING_FIELD_PREFIX}_VERIFY_SIGN_NAME') template_code = getattr(settings, f'{self.client.SIGN_AND_TMPL_SETTING_FIELD_PREFIX}_VERIFY_TEMPLATE_CODE') - if not (sign_name and template_code): + if self.client.need_pre_check() and not (sign_name and template_code): raise JMSException( code='verify_code_sign_tmpl_invalid', detail=_('SMS verification code signature or template invalid') diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index 78e73ba6c..7b26b4ee2 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -376,6 +376,15 @@ class Config(dict): 'TENCENT_VERIFY_SIGN_NAME': '', 'TENCENT_VERIFY_TEMPLATE_CODE': '', + 'CMPP2_HOST': '', + 'CMPP2_PORT': 7890, + 'CMPP2_SP_ID': '', + 'CMPP2_SP_SECRET': '', + 'CMPP2_SRC_ID': '', + 'CMPP2_SERVICE_ID': '', + 'CMPP2_VERIFY_SIGN_NAME': '', + 'CMPP2_VERIFY_TEMPLATE_CODE': '{code}', + # Email 'EMAIL_CUSTOM_USER_CREATED_SUBJECT': _('Create account successfully'), 'EMAIL_CUSTOM_USER_CREATED_HONORIFIC': _('Hello'), diff --git a/apps/locale/ja/LC_MESSAGES/django.po b/apps/locale/ja/LC_MESSAGES/django.po index a1ae87cba..fb5b39b2f 100644 --- a/apps/locale/ja/LC_MESSAGES/django.po +++ b/apps/locale/ja/LC_MESSAGES/django.po @@ -88,8 +88,8 @@ msgstr "ログイン確認" #: acls/models/login_acl.py:24 acls/models/login_asset_acl.py:20 #: assets/models/cmd_filter.py:30 assets/models/label.py:15 audits/models.py:37 #: audits/models.py:62 audits/models.py:87 audits/serializers.py:100 -#: authentication/models.py:54 authentication/models.py:78 orgs/models.py:220 -#: perms/models/base.py:84 rbac/builtin.py:120 rbac/models/rolebinding.py:41 +#: authentication/models.py:54 authentication/models.py:78 orgs/models.py:214 +#: perms/models/base.py:84 rbac/builtin.py:117 rbac/models/rolebinding.py:41 #: terminal/backends/command/models.py:20 #: terminal/backends/command/serializers.py:13 terminal/models/session.py:44 #: terminal/models/sharing.py:33 terminal/notifications.py:91 @@ -393,8 +393,8 @@ msgstr "クラスター" #: applications/serializers/attrs/application_category/db.py:11 #: ops/models/adhoc.py:157 settings/serializers/auth/radius.py:14 -#: terminal/models/endpoint.py:11 -#: xpack/plugins/cloud/serializers/account_attrs.py:72 +#: settings/serializers/auth/sms.py:52 terminal/models/endpoint.py:11 +#: xpack/plugins/cloud/serializers/account_attrs.py:70 msgid "Host" msgstr "ホスト" @@ -407,8 +407,8 @@ msgstr "ホスト" #: applications/serializers/attrs/application_type/redis.py:10 #: applications/serializers/attrs/application_type/sqlserver.py:10 #: assets/models/asset.py:214 assets/models/domain.py:62 -#: settings/serializers/auth/radius.py:15 -#: xpack/plugins/cloud/serializers/account_attrs.py:73 +#: settings/serializers/auth/radius.py:15 settings/serializers/auth/sms.py:53 +#: xpack/plugins/cloud/serializers/account_attrs.py:71 msgid "Port" msgstr "ポート" @@ -591,7 +591,7 @@ msgstr "ホスト名生" #: assets/models/asset.py:215 assets/serializers/account.py:16 #: assets/serializers/asset.py:65 perms/serializers/asset/user_permission.py:41 -#: xpack/plugins/cloud/models.py:107 xpack/plugins/cloud/serializers/task.py:43 +#: xpack/plugins/cloud/models.py:107 xpack/plugins/cloud/serializers/task.py:42 msgid "Protocols" msgstr "プロトコル" @@ -990,7 +990,7 @@ msgid "Parent key" msgstr "親キー" #: assets/models/node.py:559 assets/serializers/system_user.py:267 -#: xpack/plugins/cloud/models.py:96 xpack/plugins/cloud/serializers/task.py:70 +#: xpack/plugins/cloud/models.py:96 xpack/plugins/cloud/serializers/task.py:69 msgid "Node" msgstr "ノード" @@ -2318,7 +2318,7 @@ msgstr "コードエラー" #: authentication/templates/authentication/_msg_reset_password.html:3 #: authentication/templates/authentication/_msg_rest_password_success.html:2 #: authentication/templates/authentication/_msg_rest_public_key_success.html:2 -#: jumpserver/conf.py:323 ops/tasks.py:145 ops/tasks.py:148 +#: jumpserver/conf.py:316 ops/tasks.py:145 ops/tasks.py:148 #: perms/templates/perms/_msg_item_permissions_expire.html:3 #: perms/templates/perms/_msg_permed_items_expire.html:3 #: tickets/templates/tickets/approve_check_password.html:33 @@ -2723,11 +2723,15 @@ msgstr "アリ雲" msgid "Tencent cloud" msgstr "テンセント雲" -#: common/sdk/sms/endpoint.py:28 +#: common/sdk/sms/endpoint.py:18 +msgid "CMPP v2.0" +msgstr "CMPP v2.0" + +#: common/sdk/sms/endpoint.py:29 msgid "SMS provider not support: {}" msgstr "SMSプロバイダーはサポートしていません: {}" -#: common/sdk/sms/endpoint.py:49 +#: common/sdk/sms/endpoint.py:50 msgid "SMS verification code signature or template invalid" msgstr "SMS検証コードの署名またはテンプレートが無効" @@ -2763,11 +2767,11 @@ msgstr "特殊文字を含むべきではない" msgid "The mobile phone number format is incorrect" msgstr "携帯電話番号の形式が正しくありません" -#: jumpserver/conf.py:322 +#: jumpserver/conf.py:315 msgid "Create account successfully" msgstr "アカウントを正常に作成" -#: jumpserver/conf.py:324 +#: jumpserver/conf.py:317 msgid "Your account has been created successfully" msgstr "アカウントが正常に作成されました" @@ -3026,8 +3030,8 @@ msgstr "組織のリソース ({}) は削除できません" msgid "App organizations" msgstr "アプリ組織" -#: orgs/mixins/models.py:57 orgs/mixins/serializers.py:25 orgs/models.py:85 -#: orgs/models.py:217 rbac/const.py:7 rbac/models/rolebinding.py:48 +#: orgs/mixins/models.py:57 orgs/mixins/serializers.py:25 orgs/models.py:80 +#: orgs/models.py:211 rbac/const.py:7 rbac/models/rolebinding.py:48 #: rbac/serializers/rolebinding.py:40 settings/serializers/auth/ldap.py:62 #: tickets/models/ticket/general.py:300 tickets/serializers/ticket/ticket.py:71 msgid "Organization" @@ -3271,27 +3275,27 @@ msgstr "{} 少なくとも1つのシステムロール" msgid "RBAC" msgstr "RBAC" -#: rbac/builtin.py:111 +#: rbac/builtin.py:108 msgid "SystemAdmin" msgstr "システム管理者" -#: rbac/builtin.py:114 +#: rbac/builtin.py:111 msgid "SystemAuditor" msgstr "システム監査人" -#: rbac/builtin.py:117 +#: rbac/builtin.py:114 msgid "SystemComponent" msgstr "システムコンポーネント" -#: rbac/builtin.py:123 +#: rbac/builtin.py:120 msgid "OrgAdmin" msgstr "組織管理者" -#: rbac/builtin.py:126 +#: rbac/builtin.py:123 msgid "OrgAuditor" msgstr "監査員を組織する" -#: rbac/builtin.py:129 +#: rbac/builtin.py:126 msgid "OrgUser" msgstr "組織ユーザー" @@ -3463,13 +3467,8 @@ msgstr "権限ツリーの表示" msgid "Execute batch command" msgstr "バッチ実行コマンド" -#: settings/api/alibaba_sms.py:31 settings/api/tencent_sms.py:35 -msgid "test_phone is required" -msgstr "携帯番号をテストこのフィールドは必須です" - -#: settings/api/alibaba_sms.py:52 settings/api/dingtalk.py:31 -#: settings/api/feishu.py:36 settings/api/tencent_sms.py:57 -#: settings/api/wecom.py:37 +#: settings/api/dingtalk.py:31 settings/api/feishu.py:36 +#: settings/api/sms.py:131 settings/api/wecom.py:37 msgid "Test success" msgstr "テストの成功" @@ -3497,6 +3496,14 @@ msgstr "Ldapユーザーを取得するにはNone" msgid "Imported {} users successfully (Organization: {})" msgstr "{} 人のユーザーを正常にインポートしました (組織: {})" +#: settings/api/sms.py:113 +msgid "Invalid SMS platform" +msgstr "無効なショートメッセージプラットフォーム" + +#: settings/api/sms.py:119 +msgid "test_phone is required" +msgstr "携帯番号をテストこのフィールドは必須です" + #: settings/apps.py:7 msgid "Settings" msgstr "設定" @@ -3821,29 +3828,69 @@ msgstr "SP プライベートキー" msgid "SP cert" msgstr "SP 証明書" -#: settings/serializers/auth/sms.py:11 +#: settings/serializers/auth/sms.py:14 msgid "Enable SMS" msgstr "SMSの有効化" -#: settings/serializers/auth/sms.py:13 -msgid "SMS provider" -msgstr "SMSプロバイダ" +#: settings/serializers/auth/sms.py:16 +msgid "SMS provider / Protocol" +msgstr "SMSプロバイダ / プロトコル" -#: settings/serializers/auth/sms.py:18 settings/serializers/auth/sms.py:36 -#: settings/serializers/auth/sms.py:44 settings/serializers/email.py:65 +#: settings/serializers/auth/sms.py:21 settings/serializers/auth/sms.py:39 +#: settings/serializers/auth/sms.py:47 settings/serializers/auth/sms.py:58 +#: settings/serializers/email.py:65 msgid "Signature" msgstr "署名" -#: settings/serializers/auth/sms.py:19 settings/serializers/auth/sms.py:37 -#: settings/serializers/auth/sms.py:45 +#: settings/serializers/auth/sms.py:22 settings/serializers/auth/sms.py:40 +#: settings/serializers/auth/sms.py:48 msgid "Template code" msgstr "テンプレートコード" -#: settings/serializers/auth/sms.py:23 +#: settings/serializers/auth/sms.py:26 msgid "Test phone" msgstr "テスト電話" -#: settings/serializers/auth/sso.py:11 +#: settings/serializers/auth/sms.py:54 +msgid "Gateway account(SP id)" +msgstr "ゲートウェイアカウント(SP id)" + +#: settings/serializers/auth/sms.py:55 +msgid "Gateway password(SP secret)" +msgstr "ゲートウェイパスワード(SP secret)" + +#: settings/serializers/auth/sms.py:56 +msgid "Original number(Src id)" +msgstr "元の番号(Src id)" + +#: settings/serializers/auth/sms.py:57 +msgid "Business type(Service id)" +msgstr "ビジネス・タイプ(Service id)" + +#: settings/serializers/auth/sms.py:60 +msgid "Template" +msgstr "テンプレート" + +#: settings/serializers/auth/sms.py:61 +msgid "" +"Template need contain {code} and Signature + template length does not exceed " +"67 words. For example, your verification code is {code}, which is valid for " +"5 minutes. Please do not disclose it to others." +msgstr "" +"テンプレートには{code}を含める必要があり、署名+テンプレートの長さは67ワード未" +"満です。たとえば、認証コードは{code}で、有効期間は5分です。他の人には言わない" +"でください。" + +#: settings/serializers/auth/sms.py:70 +#, python-brace-format +msgid "The template needs to contain {code}" +msgstr "テンプレートには{code}を含める必要があります" + +#: settings/serializers/auth/sms.py:73 +msgid "Signature + Template must not exceed 65 words" +msgstr "署名+テンプレートの長さは65文字以内" + +#: settings/serializers/auth/sso.py:12 msgid "Enable SSO auth" msgstr "SSO Token認証の有効化" @@ -6460,11 +6507,11 @@ msgstr "クラウドアカウント" msgid "Test cloud account" msgstr "クラウドアカウントのテスト" -#: xpack/plugins/cloud/models.py:85 xpack/plugins/cloud/serializers/task.py:67 +#: xpack/plugins/cloud/models.py:85 xpack/plugins/cloud/serializers/task.py:66 msgid "Account" msgstr "アカウント" -#: xpack/plugins/cloud/models.py:88 xpack/plugins/cloud/serializers/task.py:38 +#: xpack/plugins/cloud/models.py:88 xpack/plugins/cloud/serializers/task.py:37 msgid "Regions" msgstr "リージョン" @@ -6472,19 +6519,19 @@ msgstr "リージョン" msgid "Hostname strategy" msgstr "ホスト名戦略" -#: xpack/plugins/cloud/models.py:100 xpack/plugins/cloud/serializers/task.py:68 +#: xpack/plugins/cloud/models.py:100 xpack/plugins/cloud/serializers/task.py:67 msgid "Unix admin user" msgstr "Unix adminユーザー" -#: xpack/plugins/cloud/models.py:104 xpack/plugins/cloud/serializers/task.py:69 +#: xpack/plugins/cloud/models.py:104 xpack/plugins/cloud/serializers/task.py:68 msgid "Windows admin user" msgstr "Windows管理者" -#: xpack/plugins/cloud/models.py:110 xpack/plugins/cloud/serializers/task.py:46 +#: xpack/plugins/cloud/models.py:110 xpack/plugins/cloud/serializers/task.py:45 msgid "IP network segment group" msgstr "IPネットワークセグメントグループ" -#: xpack/plugins/cloud/models.py:113 xpack/plugins/cloud/serializers/task.py:72 +#: xpack/plugins/cloud/models.py:113 xpack/plugins/cloud/serializers/task.py:71 msgid "Always update" msgstr "常に更新" @@ -6790,11 +6837,9 @@ msgstr "テストポート" #: xpack/plugins/cloud/serializers/task.py:29 msgid "" -"Only instances matching the IP range will be synced.
If the instance " -"contains multiple IP addresses, the first IP address that matches will be " -"used as the IP for the created asset.
The default value of * means sync " -"all instances and randomly match IP addresses.
Format for comma-" -"delimited string, Such as: 192.168.1.0/24, 10.1.1.1-10.1.1.20" +"The IP address that is first matched to will be used as the IP of the " +"created asset.
The default * indicates a random match.
Format for " +"comma-delimited string, Such as: 192.168.1.0/24, 10.1.1.1-10.1.1.20" msgstr "" "IP範囲に一致するインスタンスのみが同期されます。
インスタンスに複数のIPア" "ドレスが含まれている場合、一致する最初のIPアドレスが作成されたアセットのIPと" @@ -6802,24 +6847,24 @@ msgstr "" "ドレスをランダムに一致させることを意味します。
形式はコンマ区切りの文字列" "です。例:192.168.1.0/24,10.1.1.1-10.1.1.20" -#: xpack/plugins/cloud/serializers/task.py:36 +#: xpack/plugins/cloud/serializers/task.py:35 msgid "History count" msgstr "実行回数" -#: xpack/plugins/cloud/serializers/task.py:37 +#: xpack/plugins/cloud/serializers/task.py:36 msgid "Instance count" msgstr "インスタンス数" -#: xpack/plugins/cloud/serializers/task.py:66 +#: xpack/plugins/cloud/serializers/task.py:65 msgid "Linux admin user" msgstr "Linux管理者" -#: xpack/plugins/cloud/serializers/task.py:71 +#: xpack/plugins/cloud/serializers/task.py:70 #: xpack/plugins/gathered_user/serializers.py:20 msgid "Periodic display" msgstr "定期的な表示" -#: xpack/plugins/cloud/utils.py:69 +#: xpack/plugins/cloud/utils.py:68 msgid "Account unavailable" msgstr "利用できないアカウント" diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index cce71cba7..34da7efb9 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -87,8 +87,8 @@ msgstr "登录复核" #: acls/models/login_acl.py:24 acls/models/login_asset_acl.py:20 #: assets/models/cmd_filter.py:30 assets/models/label.py:15 audits/models.py:37 #: audits/models.py:62 audits/models.py:87 audits/serializers.py:100 -#: authentication/models.py:54 authentication/models.py:78 orgs/models.py:220 -#: perms/models/base.py:84 rbac/builtin.py:120 rbac/models/rolebinding.py:41 +#: authentication/models.py:54 authentication/models.py:78 orgs/models.py:214 +#: perms/models/base.py:84 rbac/builtin.py:117 rbac/models/rolebinding.py:41 #: terminal/backends/command/models.py:20 #: terminal/backends/command/serializers.py:13 terminal/models/session.py:44 #: terminal/models/sharing.py:33 terminal/notifications.py:91 @@ -388,8 +388,8 @@ msgstr "集群" #: applications/serializers/attrs/application_category/db.py:11 #: ops/models/adhoc.py:157 settings/serializers/auth/radius.py:14 -#: terminal/models/endpoint.py:11 -#: xpack/plugins/cloud/serializers/account_attrs.py:72 +#: settings/serializers/auth/sms.py:52 terminal/models/endpoint.py:11 +#: xpack/plugins/cloud/serializers/account_attrs.py:70 msgid "Host" msgstr "主机" @@ -402,8 +402,8 @@ msgstr "主机" #: applications/serializers/attrs/application_type/redis.py:10 #: applications/serializers/attrs/application_type/sqlserver.py:10 #: assets/models/asset.py:214 assets/models/domain.py:62 -#: settings/serializers/auth/radius.py:15 -#: xpack/plugins/cloud/serializers/account_attrs.py:73 +#: settings/serializers/auth/radius.py:15 settings/serializers/auth/sms.py:53 +#: xpack/plugins/cloud/serializers/account_attrs.py:71 msgid "Port" msgstr "端口" @@ -586,7 +586,7 @@ msgstr "主机名原始" #: assets/models/asset.py:215 assets/serializers/account.py:16 #: assets/serializers/asset.py:65 perms/serializers/asset/user_permission.py:41 -#: xpack/plugins/cloud/models.py:107 xpack/plugins/cloud/serializers/task.py:43 +#: xpack/plugins/cloud/models.py:107 xpack/plugins/cloud/serializers/task.py:42 msgid "Protocols" msgstr "协议组" @@ -985,7 +985,7 @@ msgid "Parent key" msgstr "ssh私钥" #: assets/models/node.py:559 assets/serializers/system_user.py:267 -#: xpack/plugins/cloud/models.py:96 xpack/plugins/cloud/serializers/task.py:70 +#: xpack/plugins/cloud/models.py:96 xpack/plugins/cloud/serializers/task.py:69 msgid "Node" msgstr "节点" @@ -2293,7 +2293,7 @@ msgstr "代码错误" #: authentication/templates/authentication/_msg_reset_password.html:3 #: authentication/templates/authentication/_msg_rest_password_success.html:2 #: authentication/templates/authentication/_msg_rest_public_key_success.html:2 -#: jumpserver/conf.py:323 ops/tasks.py:145 ops/tasks.py:148 +#: jumpserver/conf.py:316 ops/tasks.py:145 ops/tasks.py:148 #: perms/templates/perms/_msg_item_permissions_expire.html:3 #: perms/templates/perms/_msg_permed_items_expire.html:3 #: tickets/templates/tickets/approve_check_password.html:33 @@ -2689,11 +2689,15 @@ msgstr "阿里云" msgid "Tencent cloud" msgstr "腾讯云" -#: common/sdk/sms/endpoint.py:28 +#: common/sdk/sms/endpoint.py:18 +msgid "CMPP v2.0" +msgstr "CMPP v2.0" + +#: common/sdk/sms/endpoint.py:29 msgid "SMS provider not support: {}" msgstr "短信服务商不支持:{}" -#: common/sdk/sms/endpoint.py:49 +#: common/sdk/sms/endpoint.py:50 msgid "SMS verification code signature or template invalid" msgstr "短信验证码签名或模版无效" @@ -2729,11 +2733,11 @@ msgstr "不能包含特殊字符" msgid "The mobile phone number format is incorrect" msgstr "手机号格式不正确" -#: jumpserver/conf.py:322 +#: jumpserver/conf.py:315 msgid "Create account successfully" msgstr "创建账号成功" -#: jumpserver/conf.py:324 +#: jumpserver/conf.py:317 msgid "Your account has been created successfully" msgstr "你的账号已创建成功" @@ -2986,8 +2990,8 @@ msgstr "组织存在资源 ({}) 不能被删除" msgid "App organizations" msgstr "组织管理" -#: orgs/mixins/models.py:57 orgs/mixins/serializers.py:25 orgs/models.py:85 -#: orgs/models.py:217 rbac/const.py:7 rbac/models/rolebinding.py:48 +#: orgs/mixins/models.py:57 orgs/mixins/serializers.py:25 orgs/models.py:80 +#: orgs/models.py:211 rbac/const.py:7 rbac/models/rolebinding.py:48 #: rbac/serializers/rolebinding.py:40 settings/serializers/auth/ldap.py:62 #: tickets/models/ticket/general.py:300 tickets/serializers/ticket/ticket.py:71 msgid "Organization" @@ -3229,27 +3233,27 @@ msgstr "{} 至少有一个系统角色" msgid "RBAC" msgstr "RBAC" -#: rbac/builtin.py:111 +#: rbac/builtin.py:108 msgid "SystemAdmin" msgstr "系统管理员" -#: rbac/builtin.py:114 +#: rbac/builtin.py:111 msgid "SystemAuditor" msgstr "系统审计员" -#: rbac/builtin.py:117 +#: rbac/builtin.py:114 msgid "SystemComponent" msgstr "系统组件" -#: rbac/builtin.py:123 +#: rbac/builtin.py:120 msgid "OrgAdmin" msgstr "组织管理员" -#: rbac/builtin.py:126 +#: rbac/builtin.py:123 msgid "OrgAuditor" msgstr "组织审计员" -#: rbac/builtin.py:129 +#: rbac/builtin.py:126 msgid "OrgUser" msgstr "组织用户" @@ -3420,13 +3424,8 @@ msgstr "查看授权树" msgid "Execute batch command" msgstr "执行批量命令" -#: settings/api/alibaba_sms.py:31 settings/api/tencent_sms.py:35 -msgid "test_phone is required" -msgstr "测试手机号 该字段是必填项。" - -#: settings/api/alibaba_sms.py:52 settings/api/dingtalk.py:31 -#: settings/api/feishu.py:36 settings/api/tencent_sms.py:57 -#: settings/api/wecom.py:37 +#: settings/api/dingtalk.py:31 settings/api/feishu.py:36 +#: settings/api/sms.py:131 settings/api/wecom.py:37 msgid "Test success" msgstr "测试成功" @@ -3454,6 +3453,14 @@ msgstr "获取 LDAP 用户为 None" msgid "Imported {} users successfully (Organization: {})" msgstr "成功导入 {} 个用户 ( 组织: {} )" +#: settings/api/sms.py:113 +msgid "Invalid SMS platform" +msgstr "无效的短信平台" + +#: settings/api/sms.py:119 +msgid "test_phone is required" +msgstr "测试手机号 该字段是必填项。" + #: settings/apps.py:7 msgid "Settings" msgstr "系统设置" @@ -3778,29 +3785,68 @@ msgstr "SP 密钥" msgid "SP cert" msgstr "SP 证书" -#: settings/serializers/auth/sms.py:11 +#: settings/serializers/auth/sms.py:14 msgid "Enable SMS" msgstr "启用 SMS" -#: settings/serializers/auth/sms.py:13 -msgid "SMS provider" -msgstr "短信服务商" +#: settings/serializers/auth/sms.py:16 +msgid "SMS provider / Protocol" +msgstr "短信服务商 / 协议" -#: settings/serializers/auth/sms.py:18 settings/serializers/auth/sms.py:36 -#: settings/serializers/auth/sms.py:44 settings/serializers/email.py:65 +#: settings/serializers/auth/sms.py:21 settings/serializers/auth/sms.py:39 +#: settings/serializers/auth/sms.py:47 settings/serializers/auth/sms.py:58 +#: settings/serializers/email.py:65 msgid "Signature" msgstr "签名" -#: settings/serializers/auth/sms.py:19 settings/serializers/auth/sms.py:37 -#: settings/serializers/auth/sms.py:45 +#: settings/serializers/auth/sms.py:22 settings/serializers/auth/sms.py:40 +#: settings/serializers/auth/sms.py:48 msgid "Template code" msgstr "模板" -#: settings/serializers/auth/sms.py:23 +#: settings/serializers/auth/sms.py:26 msgid "Test phone" msgstr "测试手机号" -#: settings/serializers/auth/sso.py:11 +#: settings/serializers/auth/sms.py:54 +msgid "Gateway account(SP id)" +msgstr "网关账号(SP id)" + +#: settings/serializers/auth/sms.py:55 +msgid "Gateway password(SP secret)" +msgstr "网关密码(SP secret)" + +#: settings/serializers/auth/sms.py:56 +msgid "Original number(Src id)" +msgstr "原始号码(Src id)" + +#: settings/serializers/auth/sms.py:57 +msgid "Business type(Service id)" +msgstr "业务类型(Service id)" + +#: settings/serializers/auth/sms.py:60 +msgid "Template" +msgstr "模板" + +#: settings/serializers/auth/sms.py:61 +msgid "" +"Template need contain {code} and Signature + template length does not exceed " +"67 words. For example, your verification code is {code}, which is valid for " +"5 minutes. Please do not disclose it to others." +msgstr "" +"模板需要包含 {code},并且模板+签名长度不能超过67个字。例如, 您的验证码是 " +"{code}, 有效期为5分钟。请不要泄露给其他人。" + +#: settings/serializers/auth/sms.py:70 +#, python-brace-format +msgid "The template needs to contain {code}" +msgstr "模板需要包含 {code}" + +#: settings/serializers/auth/sms.py:73 +msgid "Signature + Template must not exceed 65 words" +msgstr "模板+签名不能超过65个字" + +#: settings/serializers/auth/sso.py:12 msgid "Enable SSO auth" msgstr "启用 SSO Token 认证" @@ -6365,11 +6411,11 @@ msgstr "云账号" msgid "Test cloud account" msgstr "测试云账号" -#: xpack/plugins/cloud/models.py:85 xpack/plugins/cloud/serializers/task.py:67 +#: xpack/plugins/cloud/models.py:85 xpack/plugins/cloud/serializers/task.py:66 msgid "Account" msgstr "账号" -#: xpack/plugins/cloud/models.py:88 xpack/plugins/cloud/serializers/task.py:38 +#: xpack/plugins/cloud/models.py:88 xpack/plugins/cloud/serializers/task.py:37 msgid "Regions" msgstr "地域" @@ -6377,19 +6423,19 @@ msgstr "地域" msgid "Hostname strategy" msgstr "主机名策略" -#: xpack/plugins/cloud/models.py:100 xpack/plugins/cloud/serializers/task.py:68 +#: xpack/plugins/cloud/models.py:100 xpack/plugins/cloud/serializers/task.py:67 msgid "Unix admin user" msgstr "Unix 管理员" -#: xpack/plugins/cloud/models.py:104 xpack/plugins/cloud/serializers/task.py:69 +#: xpack/plugins/cloud/models.py:104 xpack/plugins/cloud/serializers/task.py:68 msgid "Windows admin user" msgstr "Windows 管理员" -#: xpack/plugins/cloud/models.py:110 xpack/plugins/cloud/serializers/task.py:46 +#: xpack/plugins/cloud/models.py:110 xpack/plugins/cloud/serializers/task.py:45 msgid "IP network segment group" msgstr "IP网段组" -#: xpack/plugins/cloud/models.py:113 xpack/plugins/cloud/serializers/task.py:72 +#: xpack/plugins/cloud/models.py:113 xpack/plugins/cloud/serializers/task.py:71 msgid "Always update" msgstr "总是更新" @@ -6694,34 +6740,32 @@ msgstr "测试端口" #: xpack/plugins/cloud/serializers/task.py:29 msgid "" -"Only instances matching the IP range will be synced.
If the instance " -"contains multiple IP addresses, the first IP address that matches will be " -"used as the IP for the created asset.
The default value of * means sync " -"all instances and randomly match IP addresses.
Format for comma-" -"delimited string, Such as: 192.168.1.0/24, 10.1.1.1-10.1.1.20" +"The IP address that is first matched to will be used as the IP of the " +"created asset.
The default * indicates a random match.
Format for " +"comma-delimited string, Such as: 192.168.1.0/24, 10.1.1.1-10.1.1.20" msgstr "" "只有匹配到 IP 段的实例会被同步。
如果实例包含多个 IP 地址,那么第一个匹配" "到的 IP 地址将被用作创建的资产的 IP。
默认值 * 表示同步所有实例和随机匹配 " "IP 地址。
格式为以逗号分隔的字符串,例如:192.168.1.0/24,10.1.1.1-10.1.1.20" -#: xpack/plugins/cloud/serializers/task.py:36 +#: xpack/plugins/cloud/serializers/task.py:35 msgid "History count" msgstr "执行次数" -#: xpack/plugins/cloud/serializers/task.py:37 +#: xpack/plugins/cloud/serializers/task.py:36 msgid "Instance count" msgstr "实例个数" -#: xpack/plugins/cloud/serializers/task.py:66 +#: xpack/plugins/cloud/serializers/task.py:65 msgid "Linux admin user" msgstr "Linux 管理员" -#: xpack/plugins/cloud/serializers/task.py:71 +#: xpack/plugins/cloud/serializers/task.py:70 #: xpack/plugins/gathered_user/serializers.py:20 msgid "Periodic display" msgstr "定时执行" -#: xpack/plugins/cloud/utils.py:69 +#: xpack/plugins/cloud/utils.py:68 msgid "Account unavailable" msgstr "账号无效" diff --git a/apps/settings/api/__init__.py b/apps/settings/api/__init__.py index 65438dda1..176a6c2c6 100644 --- a/apps/settings/api/__init__.py +++ b/apps/settings/api/__init__.py @@ -5,6 +5,4 @@ from .dingtalk import * from .feishu import * from .public import * from .email import * -from .alibaba_sms import * -from .tencent_sms import * from .sms import * diff --git a/apps/settings/api/alibaba_sms.py b/apps/settings/api/alibaba_sms.py deleted file mode 100644 index 8240ba0e0..000000000 --- a/apps/settings/api/alibaba_sms.py +++ /dev/null @@ -1,58 +0,0 @@ -from rest_framework.views import Response -from rest_framework.generics import GenericAPIView -from rest_framework.exceptions import APIException -from rest_framework import status -from django.utils.translation import gettext_lazy as _ - -from common.sdk.sms.alibaba import AlibabaSMS -from settings.models import Setting -from common.exceptions import JMSException - -from .. import serializers - - -class AlibabaSMSTestingAPI(GenericAPIView): - serializer_class = serializers.AlibabaSMSSettingSerializer - rbac_perms = { - 'POST': 'settings.change_sms' - } - - def post(self, request): - serializer = self.serializer_class(data=request.data) - serializer.is_valid(raise_exception=True) - - alibaba_access_key_id = serializer.validated_data['ALIBABA_ACCESS_KEY_ID'] - alibaba_access_key_secret = serializer.validated_data.get('ALIBABA_ACCESS_KEY_SECRET') - alibaba_verify_sign_name = serializer.validated_data['ALIBABA_VERIFY_SIGN_NAME'] - alibaba_verify_template_code = serializer.validated_data['ALIBABA_VERIFY_TEMPLATE_CODE'] - test_phone = serializer.validated_data.get('SMS_TEST_PHONE') - - if not test_phone: - raise JMSException(code='test_phone_required', detail=_('test_phone is required')) - - if not alibaba_access_key_secret: - secret = Setting.objects.filter(name='ALIBABA_ACCESS_KEY_SECRET').first() - if secret: - alibaba_access_key_secret = secret.cleaned_value - - alibaba_access_key_secret = alibaba_access_key_secret or '' - - try: - client = AlibabaSMS( - access_key_id=alibaba_access_key_id, - access_key_secret=alibaba_access_key_secret - ) - - client.send_sms( - phone_numbers=[test_phone], - sign_name=alibaba_verify_sign_name, - template_code=alibaba_verify_template_code, - template_param={'code': 'test'} - ) - return Response(status=status.HTTP_200_OK, data={'msg': _('Test success')}) - except APIException as e: - try: - error = e.detail['errmsg'] - except: - error = e.detail - return Response(status=status.HTTP_400_BAD_REQUEST, data={'error': error}) diff --git a/apps/settings/api/settings.py b/apps/settings/api/settings.py index 4cce5e718..0f487c280 100644 --- a/apps/settings/api/settings.py +++ b/apps/settings/api/settings.py @@ -40,6 +40,7 @@ class SettingsApi(generics.RetrieveUpdateAPIView): 'sms': serializers.SMSSettingSerializer, 'alibaba': serializers.AlibabaSMSSettingSerializer, 'tencent': serializers.TencentSMSSettingSerializer, + 'cmpp2': serializers.CMPP2SMSSettingSerializer, } rbac_category_permissions = { diff --git a/apps/settings/api/sms.py b/apps/settings/api/sms.py index bb30fa3aa..a886a3d8f 100644 --- a/apps/settings/api/sms.py +++ b/apps/settings/api/sms.py @@ -1,8 +1,19 @@ -from rest_framework.generics import ListAPIView +import importlib + +from collections import OrderedDict + +from rest_framework.generics import ListAPIView, GenericAPIView from rest_framework.response import Response +from rest_framework.exceptions import APIException +from rest_framework import status +from django.utils.translation import gettext_lazy as _ from common.sdk.sms import BACKENDS +from common.exceptions import JMSException from settings.serializers.sms import SMSBackendSerializer +from settings.models import Setting + +from .. import serializers class SMSBackendAPI(ListAPIView): @@ -21,3 +32,108 @@ class SMSBackendAPI(ListAPIView): ] return Response(data) + + +class SMSTestingAPI(GenericAPIView): + backends_serializer = { + 'alibaba': serializers.AlibabaSMSSettingSerializer, + 'tencent': serializers.TencentSMSSettingSerializer, + 'cmpp2': serializers.CMPP2SMSSettingSerializer + } + rbac_perms = { + 'POST': 'settings.change_sms' + } + + @staticmethod + def get_or_from_setting(key, value=''): + if not value: + secret = Setting.objects.filter(name=key).first() + if secret: + value = secret.cleaned_value + + return value or '' + + def get_alibaba_params(self, data): + init_params = { + 'access_key_id': data['ALIBABA_ACCESS_KEY_ID'], + 'access_key_secret': self.get_or_from_setting( + 'ALIBABA_ACCESS_KEY_SECRET', data.get('ALIBABA_ACCESS_KEY_SECRET') + ) + } + send_sms_params = { + 'sign_name': data['ALIBABA_VERIFY_SIGN_NAME'], + 'template_code': data['ALIBABA_VERIFY_TEMPLATE_CODE'], + 'template_param': {'code': '666666'} + } + return init_params, send_sms_params + + def get_tencent_params(self, data): + init_params = { + 'secret_id': data['TENCENT_SECRET_ID'], + 'secret_key': self.get_or_from_setting( + 'TENCENT_SECRET_KEY', data.get('TENCENT_SECRET_KEY') + ), + 'sdkappid': data['TENCENT_SDKAPPID'] + } + send_sms_params = { + 'sign_name': data['TENCENT_VERIFY_SIGN_NAME'], + 'template_code': data['TENCENT_VERIFY_TEMPLATE_CODE'], + 'template_param': OrderedDict(code='666666') + } + return init_params, send_sms_params + + def get_cmpp2_params(self, data): + init_params = { + 'host': data['CMPP2_HOST'], 'port': data['CMPP2_PORT'], + 'sp_id': data['CMPP2_SP_ID'], 'src_id': data['CMPP2_SRC_ID'], + 'sp_secret': self.get_or_from_setting( + 'CMPP2_SP_SECRET', data.get('CMPP2_SP_SECRET') + ), + 'service_id': data['CMPP2_SERVICE_ID'], + } + send_sms_params = { + 'sign_name': data['CMPP2_VERIFY_SIGN_NAME'], + 'template_code': data['CMPP2_VERIFY_TEMPLATE_CODE'], + 'template_param': OrderedDict(code='666666') + } + return init_params, send_sms_params + + def get_params_by_backend(self, backend, data): + """ + 返回两部分参数 + 1、实例化参数 + 2、发送测试短信参数 + """ + get_params_func = getattr(self, 'get_%s_params' % backend) + return get_params_func(data) + + def post(self, request, backend): + serializer_class = self.backends_serializer.get(backend) + if serializer_class is None: + raise JMSException(_('Invalid SMS platform')) + serializer = serializer_class(data=request.data) + serializer.is_valid(raise_exception=True) + + test_phone = serializer.validated_data.get('SMS_TEST_PHONE') + if not test_phone: + raise JMSException(code='test_phone_required', detail=_('test_phone is required')) + + init_params, send_sms_params = self.get_params_by_backend(backend, serializer.validated_data) + + m = importlib.import_module(f'common.sdk.sms.{backend}', __package__) + try: + client = m.client(**init_params) + client.send_sms( + phone_numbers=[test_phone], + **send_sms_params + ) + status_code = status.HTTP_200_OK + data = {'msg': _('Test success')} + except APIException as e: + try: + error = e.detail['errmsg'] + except: + error = e.detail + status_code = status.HTTP_400_BAD_REQUEST + data = {'error': error} + return Response(status=status_code, data=data) diff --git a/apps/settings/api/tencent_sms.py b/apps/settings/api/tencent_sms.py deleted file mode 100644 index 83a87a474..000000000 --- a/apps/settings/api/tencent_sms.py +++ /dev/null @@ -1,63 +0,0 @@ -from collections import OrderedDict - -from rest_framework.views import Response -from rest_framework.generics import GenericAPIView -from rest_framework.exceptions import APIException -from rest_framework import status -from django.utils.translation import gettext_lazy as _ - -from common.sdk.sms.tencent import TencentSMS -from settings.models import Setting -from common.exceptions import JMSException - -from .. import serializers - - -class TencentSMSTestingAPI(GenericAPIView): - serializer_class = serializers.TencentSMSSettingSerializer - rbac_perms = { - 'POST': 'settings.change_sms' - } - - def post(self, request): - serializer = self.serializer_class(data=request.data) - serializer.is_valid(raise_exception=True) - - tencent_secret_id = serializer.validated_data['TENCENT_SECRET_ID'] - tencent_secret_key = serializer.validated_data.get('TENCENT_SECRET_KEY') - tencent_verify_sign_name = serializer.validated_data['TENCENT_VERIFY_SIGN_NAME'] - tencent_verify_template_code = serializer.validated_data['TENCENT_VERIFY_TEMPLATE_CODE'] - tencent_sdkappid = serializer.validated_data.get('TENCENT_SDKAPPID') - - test_phone = serializer.validated_data.get('SMS_TEST_PHONE') - - if not test_phone: - raise JMSException(code='test_phone_required', detail=_('test_phone is required')) - - if not tencent_secret_key: - secret = Setting.objects.filter(name='TENCENT_SECRET_KEY').first() - if secret: - tencent_secret_key = secret.cleaned_value - - tencent_secret_key = tencent_secret_key or '' - - try: - client = TencentSMS( - secret_id=tencent_secret_id, - secret_key=tencent_secret_key, - sdkappid=tencent_sdkappid - ) - - client.send_sms( - phone_numbers=[test_phone], - sign_name=tencent_verify_sign_name, - template_code=tencent_verify_template_code, - template_param=OrderedDict(code='666666') - ) - return Response(status=status.HTTP_200_OK, data={'msg': _('Test success')}) - except APIException as e: - try: - error = e.detail['errmsg'] - except: - error = e.detail - return Response(status=status.HTTP_400_BAD_REQUEST, data={'error': error}) diff --git a/apps/settings/serializers/auth/sms.py b/apps/settings/serializers/auth/sms.py index cd3bef74c..8875f6437 100644 --- a/apps/settings/serializers/auth/sms.py +++ b/apps/settings/serializers/auth/sms.py @@ -4,13 +4,16 @@ from rest_framework import serializers from common.drf.fields import EncryptedField from common.sdk.sms import BACKENDS -__all__ = ['SMSSettingSerializer', 'AlibabaSMSSettingSerializer', 'TencentSMSSettingSerializer'] +__all__ = [ + 'SMSSettingSerializer', 'AlibabaSMSSettingSerializer', 'TencentSMSSettingSerializer', + 'CMPP2SMSSettingSerializer' +] class SMSSettingSerializer(serializers.Serializer): SMS_ENABLED = serializers.BooleanField(default=False, label=_('Enable SMS')) SMS_BACKEND = serializers.ChoiceField( - choices=BACKENDS.choices, default=BACKENDS.ALIBABA, label=_('SMS provider') + choices=BACKENDS.choices, default=BACKENDS.ALIBABA, label=_('SMS provider / Protocol') ) @@ -43,3 +46,29 @@ class TencentSMSSettingSerializer(BaseSMSSettingSerializer): TENCENT_SDKAPPID = serializers.CharField(max_length=256, required=True, label='SDK app id') TENCENT_VERIFY_SIGN_NAME = serializers.CharField(max_length=256, required=True, label=_('Signature')) TENCENT_VERIFY_TEMPLATE_CODE = serializers.CharField(max_length=256, required=True, label=_('Template code')) + + +class CMPP2SMSSettingSerializer(BaseSMSSettingSerializer): + CMPP2_HOST = serializers.CharField(max_length=256, required=True, label=_('Host')) + CMPP2_PORT = serializers.IntegerField(default=7890, label=_('Port')) + CMPP2_SP_ID = serializers.CharField(max_length=128, required=True, label=_('Gateway account(SP id)')) + CMPP2_SP_SECRET = EncryptedField(max_length=256, required=False, label=_('Gateway password(SP secret)')) + CMPP2_SRC_ID = serializers.CharField(max_length=256, required=False, label=_('Original number(Src id)')) + CMPP2_SERVICE_ID = serializers.CharField(max_length=256, required=True, label=_('Business type(Service id)')) + CMPP2_VERIFY_SIGN_NAME = serializers.CharField(max_length=256, required=True, label=_('Signature')) + CMPP2_VERIFY_TEMPLATE_CODE = serializers.CharField( + max_length=69, required=True, label=_('Template'), + help_text=_('Template need contain {code} and Signature + template length does not exceed 67 words. ' + 'For example, your verification code is {code}, which is valid for 5 minutes. ' + 'Please do not disclose it to others.') + ) + + def validate(self, attrs): + sign_name = attrs.get('CMPP2_VERIFY_SIGN_NAME', '') + template_code = attrs.get('CMPP2_VERIFY_TEMPLATE_CODE', '') + if template_code.find('{code}') == -1: + raise serializers.ValidationError(_('The template needs to contain {code}')) + if len(sign_name + template_code) > 65: + # 保证验证码内容在一条短信中(长度小于70字), 签名两边的括号和空格占3个字,再减去2个即可(验证码占用4个但占位符6个 + raise serializers.ValidationError(_('Signature + Template must not exceed 65 words')) + return attrs diff --git a/apps/settings/serializers/settings.py b/apps/settings/serializers/settings.py index 7baa19196..3152a5ef5 100644 --- a/apps/settings/serializers/settings.py +++ b/apps/settings/serializers/settings.py @@ -7,7 +7,7 @@ from .auth import ( LDAPSettingSerializer, OIDCSettingSerializer, KeycloakSettingSerializer, CASSettingSerializer, RadiusSettingSerializer, FeiShuSettingSerializer, WeComSettingSerializer, DingTalkSettingSerializer, AlibabaSMSSettingSerializer, - TencentSMSSettingSerializer, + TencentSMSSettingSerializer, CMPP2SMSSettingSerializer ) from .terminal import TerminalSettingSerializer from .security import SecuritySettingSerializer @@ -37,6 +37,7 @@ class SettingsSerializer( CleaningSerializer, AlibabaSMSSettingSerializer, TencentSMSSettingSerializer, + CMPP2SMSSettingSerializer, ): # encrypt_fields 现在使用 write_only 来判断了 pass diff --git a/apps/settings/urls/api_urls.py b/apps/settings/urls/api_urls.py index 728baf0ae..ba04f2a4b 100644 --- a/apps/settings/urls/api_urls.py +++ b/apps/settings/urls/api_urls.py @@ -16,8 +16,7 @@ urlpatterns = [ path('wecom/testing/', api.WeComTestingAPI.as_view(), name='wecom-testing'), path('dingtalk/testing/', api.DingTalkTestingAPI.as_view(), name='dingtalk-testing'), path('feishu/testing/', api.FeiShuTestingAPI.as_view(), name='feishu-testing'), - path('alibaba/testing/', api.AlibabaSMSTestingAPI.as_view(), name='alibaba-sms-testing'), - path('tencent/testing/', api.TencentSMSTestingAPI.as_view(), name='tencent-sms-testing'), + path('sms//testing/', api.SMSTestingAPI.as_view(), name='sms-testing'), path('sms/backend/', api.SMSBackendAPI.as_view(), name='sms-backend'), path('setting/', api.SettingsApi.as_view(), name='settings-setting'), From 30fe5214c781b1e2b59704af251ed1e8bd0de318 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Wed, 10 Aug 2022 11:03:51 +0800 Subject: [PATCH 25/33] =?UTF-8?q?fix:=20=E5=A2=9E=E5=8A=A0=E4=B8=8A?= =?UTF-8?q?=E4=BA=86=E7=AC=AC=E4=B8=89=E6=96=B9=E7=94=A8=E6=88=B7=E7=99=BB?= =?UTF-8?q?=E5=BD=95=E5=A4=B1=E8=B4=A5=E7=9A=84=E5=8E=9F=E5=9B=A0=20(#8714?= =?UTF-8?q?)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: OAuth2.0登录方式加上用户登录规则校验 * fix: 修复第三方用户登录规则(复核)问题 * fix: 增加上了第三方用户登录失败的原因 * fix: 修改变量名称 Co-authored-by: huangzhiwen --- apps/authentication/api/login_confirm.py | 2 ++ apps/authentication/middleware.py | 9 ++++++++- apps/authentication/signal_handlers.py | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/apps/authentication/api/login_confirm.py b/apps/authentication/api/login_confirm.py index 22594b88e..71613348c 100644 --- a/apps/authentication/api/login_confirm.py +++ b/apps/authentication/api/login_confirm.py @@ -17,8 +17,10 @@ class TicketStatusApi(mixins.AuthMixin, APIView): def get(self, request, *args, **kwargs): try: self.check_user_login_confirm() + self.request.session['auth_third_party_done'] = 1 return Response({"msg": "ok"}) except errors.NeedMoreInfoError as e: + self.send_auth_signal(success=False, reason=e.as_data().get('msg')) return Response(e.as_data(), status=200) def delete(self, request, *args, **kwargs): diff --git a/apps/authentication/middleware.py b/apps/authentication/middleware.py index 9411b09a6..9a55bdfa2 100644 --- a/apps/authentication/middleware.py +++ b/apps/authentication/middleware.py @@ -10,6 +10,7 @@ from django.contrib.auth import logout as auth_logout from apps.authentication import mixins from common.utils import gen_key_pair from common.utils import get_request_ip +from .signals import post_auth_failed class MFAMiddleware: @@ -62,8 +63,13 @@ class ThirdPartyLoginMiddleware(mixins.AuthMixin): return response ip = get_request_ip(request) try: + self.request = request self._check_login_acl(request.user, ip) except Exception as e: + post_auth_failed.send( + sender=self.__class__, username=request.user.username, + request=self.request, reason=e.msg + ) auth_logout(request) context = { 'title': _('Authentication failed'), @@ -72,7 +78,8 @@ class ThirdPartyLoginMiddleware(mixins.AuthMixin): 'redirect_url': reverse('authentication:login'), 'auto_redirect': True, } - response = render(request, 'authentication/auth_fail_flash_message_standalone.html', context) + response = render( + request, 'authentication/auth_fail_flash_message_standalone.html', context) else: guard_url = reverse('authentication:login-guard') args = request.META.get('QUERY_STRING', '') diff --git a/apps/authentication/signal_handlers.py b/apps/authentication/signal_handlers.py index 68d8c0531..e7be3465c 100644 --- a/apps/authentication/signal_handlers.py +++ b/apps/authentication/signal_handlers.py @@ -29,7 +29,7 @@ def on_user_auth_login_success(sender, user, request, **kwargs): and user.mfa_enabled \ and not request.session.get('auth_mfa'): request.session['auth_mfa_required'] = 1 - if request.session.get('auth_backend') in AUTHENTICATION_BACKENDS_THIRD_PARTY: + if not request.session.get("auth_third_party_done") and request.session.get('auth_backend') in AUTHENTICATION_BACKENDS_THIRD_PARTY: request.session['auth_third_party_required'] = 1 # 单点登录,超过了自动退出 if settings.USER_LOGIN_SINGLE_MACHINE_ENABLED: From abcd12f6452c994822fef8ed162a417a341f1655 Mon Sep 17 00:00:00 2001 From: jiangweidong <80373698+F2C-Jiang@users.noreply.github.com> Date: Wed, 10 Aug 2022 17:32:28 +0800 Subject: [PATCH 26/33] =?UTF-8?q?perf:=20=E8=A1=A5=E5=85=85cmpp2=E7=BF=BB?= =?UTF-8?q?=E8=AF=91=E5=8F=8A=E9=83=A8=E5=88=86=E6=8A=A5=E9=94=99=E6=8F=90?= =?UTF-8?q?=E7=A4=BA=20(#8717)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * 修改CMPPv2.0翻译内容 * perf: 捕捉连接网关出错问题 * perf: 测试短信验证失败提示错误信息 * perf: 修改翻译 --- apps/common/sdk/sms/cmpp2.py | 15 +++- apps/locale/ja/LC_MESSAGES/django.po | 114 +++++++++++++++----------- apps/locale/zh/LC_MESSAGES/django.po | 114 +++++++++++++++----------- apps/settings/api/sms.py | 3 + apps/settings/serializers/auth/sms.py | 4 +- 5 files changed, 144 insertions(+), 106 deletions(-) diff --git a/apps/common/sdk/sms/cmpp2.py b/apps/common/sdk/sms/cmpp2.py index 8a6a4fe32..4d81ee1a0 100644 --- a/apps/common/sdk/sms/cmpp2.py +++ b/apps/common/sdk/sms/cmpp2.py @@ -4,6 +4,7 @@ import struct import time from django.conf import settings +from django.utils.translation import ugettext_lazy as _ from common.utils import get_logger from common.exceptions import JMSException @@ -42,7 +43,7 @@ class CMPPBaseRequestInstance(object): class CMPPConnectRequestInstance(CMPPBaseRequestInstance): def __init__(self, sp_id, sp_secret): if len(sp_id) != 6: - raise ValueError("sp_id and sp_secret are both 6 bits") + raise ValueError(_("sp_id is 6 bits")) super().__init__() @@ -212,14 +213,19 @@ class CMPPClient(object): def _connect(self): self.__socket.settimeout(5) + error_msg = _('Failed to connect to the CMPP gateway server, err: {}') for i in range(self._times): try: self.__socket.connect((self.ip, self.port)) - except socket.timeout: + except Exception as err: + error_msg = error_msg.format(str(err)) + logger.warning(error_msg) time.sleep(1) else: self._is_connect = True break + else: + raise JMSException(error_msg) def send(self, instance): if isinstance(instance, CMPPBaseRequestInstance): @@ -299,9 +305,10 @@ class CMPP2SMS(BaseSMSClient): self.client = CMPPClient( host=host, port=port, sp_id=sp_id, sp_secret=sp_secret, src_id=src_id, service_id=service_id ) - except socket.timeout: + except Exception as err: self.client = None - logger.warning('CMPPv2.0 connect remote time out.') + logger.warning(err) + raise JMSException(err) @staticmethod def need_pre_check(): diff --git a/apps/locale/ja/LC_MESSAGES/django.po b/apps/locale/ja/LC_MESSAGES/django.po index fb5b39b2f..29d6b9ec0 100644 --- a/apps/locale/ja/LC_MESSAGES/django.po +++ b/apps/locale/ja/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-08-05 14:42+0800\n" +"POT-Creation-Date: 2022-08-10 14:50+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -88,8 +88,8 @@ msgstr "ログイン確認" #: acls/models/login_acl.py:24 acls/models/login_asset_acl.py:20 #: assets/models/cmd_filter.py:30 assets/models/label.py:15 audits/models.py:37 #: audits/models.py:62 audits/models.py:87 audits/serializers.py:100 -#: authentication/models.py:54 authentication/models.py:78 orgs/models.py:214 -#: perms/models/base.py:84 rbac/builtin.py:117 rbac/models/rolebinding.py:41 +#: authentication/models.py:54 authentication/models.py:78 orgs/models.py:220 +#: perms/models/base.py:84 rbac/builtin.py:120 rbac/models/rolebinding.py:41 #: terminal/backends/command/models.py:20 #: terminal/backends/command/serializers.py:13 terminal/models/session.py:44 #: terminal/models/sharing.py:33 terminal/notifications.py:91 @@ -394,7 +394,7 @@ msgstr "クラスター" #: applications/serializers/attrs/application_category/db.py:11 #: ops/models/adhoc.py:157 settings/serializers/auth/radius.py:14 #: settings/serializers/auth/sms.py:52 terminal/models/endpoint.py:11 -#: xpack/plugins/cloud/serializers/account_attrs.py:70 +#: xpack/plugins/cloud/serializers/account_attrs.py:72 msgid "Host" msgstr "ホスト" @@ -408,7 +408,7 @@ msgstr "ホスト" #: applications/serializers/attrs/application_type/sqlserver.py:10 #: assets/models/asset.py:214 assets/models/domain.py:62 #: settings/serializers/auth/radius.py:15 settings/serializers/auth/sms.py:53 -#: xpack/plugins/cloud/serializers/account_attrs.py:71 +#: xpack/plugins/cloud/serializers/account_attrs.py:73 msgid "Port" msgstr "ポート" @@ -591,7 +591,7 @@ msgstr "ホスト名生" #: assets/models/asset.py:215 assets/serializers/account.py:16 #: assets/serializers/asset.py:65 perms/serializers/asset/user_permission.py:41 -#: xpack/plugins/cloud/models.py:107 xpack/plugins/cloud/serializers/task.py:42 +#: xpack/plugins/cloud/models.py:107 xpack/plugins/cloud/serializers/task.py:43 msgid "Protocols" msgstr "プロトコル" @@ -929,7 +929,8 @@ msgstr "テストゲートウェイ" msgid "Unable to connect to port {port} on {ip}" msgstr "{ip} でポート {port} に接続できません" -#: assets/models/domain.py:134 xpack/plugins/cloud/providers/fc.py:48 +#: assets/models/domain.py:134 authentication/middleware.py:75 +#: xpack/plugins/cloud/providers/fc.py:48 msgid "Authentication failed" msgstr "認証に失敗しました" @@ -990,7 +991,7 @@ msgid "Parent key" msgstr "親キー" #: assets/models/node.py:559 assets/serializers/system_user.py:267 -#: xpack/plugins/cloud/models.py:96 xpack/plugins/cloud/serializers/task.py:69 +#: xpack/plugins/cloud/models.py:96 xpack/plugins/cloud/serializers/task.py:70 msgid "Node" msgstr "ノード" @@ -1988,19 +1989,19 @@ msgstr "受け入れのためのログイン確認チケットを待つ" msgid "Login confirm ticket was {}" msgstr "ログイン確認チケットは {} でした" -#: authentication/errors/failed.py:145 +#: authentication/errors/failed.py:146 msgid "Current IP and Time period is not allowed" msgstr "現在の IP と期間はログインを許可されていません" -#: authentication/errors/failed.py:150 +#: authentication/errors/failed.py:151 msgid "Please enter MFA code" msgstr "MFAコードを入力してください" -#: authentication/errors/failed.py:155 +#: authentication/errors/failed.py:156 msgid "Please enter SMS code" msgstr "SMSコードを入力してください" -#: authentication/errors/failed.py:160 users/exceptions.py:15 +#: authentication/errors/failed.py:161 users/exceptions.py:15 msgid "Phone not set" msgstr "電話が設定されていない" @@ -2115,6 +2116,10 @@ msgstr "電話番号を設定して有効にする" msgid "Clear phone number to disable" msgstr "無効にする電話番号をクリアする" +#: authentication/middleware.py:76 settings/utils/ldap.py:652 +msgid "Authentication failed (before login check failed): {}" +msgstr "認証に失敗しました (ログインチェックが失敗する前): {}" + #: authentication/mixins.py:256 msgid "The MFA type ({}) is not enabled" msgstr "MFAタイプ ({}) が有効になっていない" @@ -2304,6 +2309,7 @@ msgid "Need MFA for view auth" msgstr "ビューオートのためにMFAが必要" #: authentication/templates/authentication/_mfa_confirm_modal.html:20 +#: authentication/templates/authentication/auth_fail_flash_message_standalone.html:37 #: templates/_modal.html:23 templates/flash_message_standalone.html:37 #: users/templates/users/user_password_verify.html:20 msgid "Confirm" @@ -2318,7 +2324,7 @@ msgstr "コードエラー" #: authentication/templates/authentication/_msg_reset_password.html:3 #: authentication/templates/authentication/_msg_rest_password_success.html:2 #: authentication/templates/authentication/_msg_rest_public_key_success.html:2 -#: jumpserver/conf.py:316 ops/tasks.py:145 ops/tasks.py:148 +#: jumpserver/conf.py:390 ops/tasks.py:145 ops/tasks.py:148 #: perms/templates/perms/_msg_item_permissions_expire.html:3 #: perms/templates/perms/_msg_permed_items_expire.html:3 #: tickets/templates/tickets/approve_check_password.html:33 @@ -2409,6 +2415,11 @@ msgstr "" "公開鍵の更新が開始されなかった場合、アカウントにセキュリティ上の問題がある可" "能性があります" +#: authentication/templates/authentication/auth_fail_flash_message_standalone.html:28 +#: templates/flash_message_standalone.html:28 tickets/const.py:20 +msgid "Cancel" +msgstr "キャンセル" + #: authentication/templates/authentication/login.html:221 msgid "Welcome back, please enter username and password to login" msgstr "" @@ -2715,6 +2726,14 @@ msgstr "企業微信エラー、システム管理者に連絡してください msgid "Signature does not match" msgstr "署名が一致しない" +#: common/sdk/sms/cmpp2.py:46 +msgid "sp_id is 6 bits" +msgstr "SP idは6ビット" + +#: common/sdk/sms/cmpp2.py:216 +msgid "Failed to connect to the CMPP gateway server, err: {}" +msgstr "接続ゲートウェイサーバエラー, 非: {}" + #: common/sdk/sms/endpoint.py:16 msgid "Alibaba cloud" msgstr "アリ雲" @@ -2767,11 +2786,11 @@ msgstr "特殊文字を含むべきではない" msgid "The mobile phone number format is incorrect" msgstr "携帯電話番号の形式が正しくありません" -#: jumpserver/conf.py:315 +#: jumpserver/conf.py:389 msgid "Create account successfully" msgstr "アカウントを正常に作成" -#: jumpserver/conf.py:317 +#: jumpserver/conf.py:391 msgid "Your account has been created successfully" msgstr "アカウントが正常に作成されました" @@ -3030,8 +3049,8 @@ msgstr "組織のリソース ({}) は削除できません" msgid "App organizations" msgstr "アプリ組織" -#: orgs/mixins/models.py:57 orgs/mixins/serializers.py:25 orgs/models.py:80 -#: orgs/models.py:211 rbac/const.py:7 rbac/models/rolebinding.py:48 +#: orgs/mixins/models.py:57 orgs/mixins/serializers.py:25 orgs/models.py:85 +#: orgs/models.py:217 rbac/const.py:7 rbac/models/rolebinding.py:48 #: rbac/serializers/rolebinding.py:40 settings/serializers/auth/ldap.py:62 #: tickets/models/ticket/general.py:300 tickets/serializers/ticket/ticket.py:71 msgid "Organization" @@ -3275,27 +3294,27 @@ msgstr "{} 少なくとも1つのシステムロール" msgid "RBAC" msgstr "RBAC" -#: rbac/builtin.py:108 +#: rbac/builtin.py:111 msgid "SystemAdmin" msgstr "システム管理者" -#: rbac/builtin.py:111 +#: rbac/builtin.py:114 msgid "SystemAuditor" msgstr "システム監査人" -#: rbac/builtin.py:114 +#: rbac/builtin.py:117 msgid "SystemComponent" msgstr "システムコンポーネント" -#: rbac/builtin.py:120 +#: rbac/builtin.py:123 msgid "OrgAdmin" msgstr "組織管理者" -#: rbac/builtin.py:123 +#: rbac/builtin.py:126 msgid "OrgAuditor" msgstr "監査員を組織する" -#: rbac/builtin.py:126 +#: rbac/builtin.py:129 msgid "OrgUser" msgstr "組織ユーザー" @@ -3852,12 +3871,12 @@ msgid "Test phone" msgstr "テスト電話" #: settings/serializers/auth/sms.py:54 -msgid "Gateway account(SP id)" -msgstr "ゲートウェイアカウント(SP id)" +msgid "Enterprise code(SP id)" +msgstr "企業コード(SP id)" #: settings/serializers/auth/sms.py:55 -msgid "Gateway password(SP secret)" -msgstr "ゲートウェイパスワード(SP secret)" +msgid "Shared secret(Shared secret)" +msgstr "パスワードを共有する(Shared secret)" #: settings/serializers/auth/sms.py:56 msgid "Original number(Src id)" @@ -3872,6 +3891,7 @@ msgid "Template" msgstr "テンプレート" #: settings/serializers/auth/sms.py:61 +#, python-brace-format msgid "" "Template need contain {code} and Signature + template length does not exceed " "67 words. For example, your verification code is {code}, which is valid for " @@ -3890,7 +3910,7 @@ msgstr "テンプレートには{code}を含める必要があります" msgid "Signature + Template must not exceed 65 words" msgstr "署名+テンプレートの長さは65文字以内" -#: settings/serializers/auth/sso.py:12 +#: settings/serializers/auth/sso.py:11 msgid "Enable SSO auth" msgstr "SSO Token認証の有効化" @@ -4547,10 +4567,6 @@ msgstr "成功: {} 人のユーザーに一致" msgid "Authentication failed (configuration incorrect): {}" msgstr "認証に失敗しました (設定が正しくありません): {}" -#: settings/utils/ldap.py:652 -msgid "Authentication failed (before login check failed): {}" -msgstr "認証に失敗しました (ログインチェックが失敗する前): {}" - #: settings/utils/ldap.py:654 msgid "Authentication failed (username or password incorrect): {}" msgstr "認証に失敗しました (ユーザー名またはパスワードが正しくありません): {}" @@ -4721,10 +4737,6 @@ msgstr "確認コードが送信されました" msgid "Home page" msgstr "ホームページ" -#: templates/flash_message_standalone.html:28 tickets/const.py:20 -msgid "Cancel" -msgstr "キャンセル" - #: templates/resource_download.html:18 templates/resource_download.html:31 msgid "Client" msgstr "クライアント" @@ -6507,11 +6519,11 @@ msgstr "クラウドアカウント" msgid "Test cloud account" msgstr "クラウドアカウントのテスト" -#: xpack/plugins/cloud/models.py:85 xpack/plugins/cloud/serializers/task.py:66 +#: xpack/plugins/cloud/models.py:85 xpack/plugins/cloud/serializers/task.py:67 msgid "Account" msgstr "アカウント" -#: xpack/plugins/cloud/models.py:88 xpack/plugins/cloud/serializers/task.py:37 +#: xpack/plugins/cloud/models.py:88 xpack/plugins/cloud/serializers/task.py:38 msgid "Regions" msgstr "リージョン" @@ -6519,19 +6531,19 @@ msgstr "リージョン" msgid "Hostname strategy" msgstr "ホスト名戦略" -#: xpack/plugins/cloud/models.py:100 xpack/plugins/cloud/serializers/task.py:67 +#: xpack/plugins/cloud/models.py:100 xpack/plugins/cloud/serializers/task.py:68 msgid "Unix admin user" msgstr "Unix adminユーザー" -#: xpack/plugins/cloud/models.py:104 xpack/plugins/cloud/serializers/task.py:68 +#: xpack/plugins/cloud/models.py:104 xpack/plugins/cloud/serializers/task.py:69 msgid "Windows admin user" msgstr "Windows管理者" -#: xpack/plugins/cloud/models.py:110 xpack/plugins/cloud/serializers/task.py:45 +#: xpack/plugins/cloud/models.py:110 xpack/plugins/cloud/serializers/task.py:46 msgid "IP network segment group" msgstr "IPネットワークセグメントグループ" -#: xpack/plugins/cloud/models.py:113 xpack/plugins/cloud/serializers/task.py:71 +#: xpack/plugins/cloud/models.py:113 xpack/plugins/cloud/serializers/task.py:72 msgid "Always update" msgstr "常に更新" @@ -6837,9 +6849,11 @@ msgstr "テストポート" #: xpack/plugins/cloud/serializers/task.py:29 msgid "" -"The IP address that is first matched to will be used as the IP of the " -"created asset.
The default * indicates a random match.
Format for " -"comma-delimited string, Such as: 192.168.1.0/24, 10.1.1.1-10.1.1.20" +"Only instances matching the IP range will be synced.
If the instance " +"contains multiple IP addresses, the first IP address that matches will be " +"used as the IP for the created asset.
The default value of * means sync " +"all instances and randomly match IP addresses.
Format for comma-" +"delimited string, Such as: 192.168.1.0/24, 10.1.1.1-10.1.1.20" msgstr "" "IP範囲に一致するインスタンスのみが同期されます。
インスタンスに複数のIPア" "ドレスが含まれている場合、一致する最初のIPアドレスが作成されたアセットのIPと" @@ -6847,24 +6861,24 @@ msgstr "" "ドレスをランダムに一致させることを意味します。
形式はコンマ区切りの文字列" "です。例:192.168.1.0/24,10.1.1.1-10.1.1.20" -#: xpack/plugins/cloud/serializers/task.py:35 +#: xpack/plugins/cloud/serializers/task.py:36 msgid "History count" msgstr "実行回数" -#: xpack/plugins/cloud/serializers/task.py:36 +#: xpack/plugins/cloud/serializers/task.py:37 msgid "Instance count" msgstr "インスタンス数" -#: xpack/plugins/cloud/serializers/task.py:65 +#: xpack/plugins/cloud/serializers/task.py:66 msgid "Linux admin user" msgstr "Linux管理者" -#: xpack/plugins/cloud/serializers/task.py:70 +#: xpack/plugins/cloud/serializers/task.py:71 #: xpack/plugins/gathered_user/serializers.py:20 msgid "Periodic display" msgstr "定期的な表示" -#: xpack/plugins/cloud/utils.py:68 +#: xpack/plugins/cloud/utils.py:69 msgid "Account unavailable" msgstr "利用できないアカウント" diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index 34da7efb9..42bacedf9 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: JumpServer 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-08-05 14:42+0800\n" +"POT-Creation-Date: 2022-08-10 14:50+0800\n" "PO-Revision-Date: 2021-05-20 10:54+0800\n" "Last-Translator: ibuler \n" "Language-Team: JumpServer team\n" @@ -87,8 +87,8 @@ msgstr "登录复核" #: acls/models/login_acl.py:24 acls/models/login_asset_acl.py:20 #: assets/models/cmd_filter.py:30 assets/models/label.py:15 audits/models.py:37 #: audits/models.py:62 audits/models.py:87 audits/serializers.py:100 -#: authentication/models.py:54 authentication/models.py:78 orgs/models.py:214 -#: perms/models/base.py:84 rbac/builtin.py:117 rbac/models/rolebinding.py:41 +#: authentication/models.py:54 authentication/models.py:78 orgs/models.py:220 +#: perms/models/base.py:84 rbac/builtin.py:120 rbac/models/rolebinding.py:41 #: terminal/backends/command/models.py:20 #: terminal/backends/command/serializers.py:13 terminal/models/session.py:44 #: terminal/models/sharing.py:33 terminal/notifications.py:91 @@ -389,7 +389,7 @@ msgstr "集群" #: applications/serializers/attrs/application_category/db.py:11 #: ops/models/adhoc.py:157 settings/serializers/auth/radius.py:14 #: settings/serializers/auth/sms.py:52 terminal/models/endpoint.py:11 -#: xpack/plugins/cloud/serializers/account_attrs.py:70 +#: xpack/plugins/cloud/serializers/account_attrs.py:72 msgid "Host" msgstr "主机" @@ -403,7 +403,7 @@ msgstr "主机" #: applications/serializers/attrs/application_type/sqlserver.py:10 #: assets/models/asset.py:214 assets/models/domain.py:62 #: settings/serializers/auth/radius.py:15 settings/serializers/auth/sms.py:53 -#: xpack/plugins/cloud/serializers/account_attrs.py:71 +#: xpack/plugins/cloud/serializers/account_attrs.py:73 msgid "Port" msgstr "端口" @@ -586,7 +586,7 @@ msgstr "主机名原始" #: assets/models/asset.py:215 assets/serializers/account.py:16 #: assets/serializers/asset.py:65 perms/serializers/asset/user_permission.py:41 -#: xpack/plugins/cloud/models.py:107 xpack/plugins/cloud/serializers/task.py:42 +#: xpack/plugins/cloud/models.py:107 xpack/plugins/cloud/serializers/task.py:43 msgid "Protocols" msgstr "协议组" @@ -924,7 +924,8 @@ msgstr "测试网关" msgid "Unable to connect to port {port} on {ip}" msgstr "无法连接到 {ip} 上的端口 {port}" -#: assets/models/domain.py:134 xpack/plugins/cloud/providers/fc.py:48 +#: assets/models/domain.py:134 authentication/middleware.py:75 +#: xpack/plugins/cloud/providers/fc.py:48 msgid "Authentication failed" msgstr "认证失败" @@ -985,7 +986,7 @@ msgid "Parent key" msgstr "ssh私钥" #: assets/models/node.py:559 assets/serializers/system_user.py:267 -#: xpack/plugins/cloud/models.py:96 xpack/plugins/cloud/serializers/task.py:69 +#: xpack/plugins/cloud/models.py:96 xpack/plugins/cloud/serializers/task.py:70 msgid "Node" msgstr "节点" @@ -1968,19 +1969,19 @@ msgstr "等待登录复核处理" msgid "Login confirm ticket was {}" msgstr "登录复核: {}" -#: authentication/errors/failed.py:145 +#: authentication/errors/failed.py:146 msgid "Current IP and Time period is not allowed" msgstr "当前 IP 和时间段不被允许登录" -#: authentication/errors/failed.py:150 +#: authentication/errors/failed.py:151 msgid "Please enter MFA code" msgstr "请输入 MFA 验证码" -#: authentication/errors/failed.py:155 +#: authentication/errors/failed.py:156 msgid "Please enter SMS code" msgstr "请输入短信验证码" -#: authentication/errors/failed.py:160 users/exceptions.py:15 +#: authentication/errors/failed.py:161 users/exceptions.py:15 msgid "Phone not set" msgstr "手机号没有设置" @@ -2094,6 +2095,10 @@ msgstr "设置手机号码启用" msgid "Clear phone number to disable" msgstr "清空手机号码禁用" +#: authentication/middleware.py:76 settings/utils/ldap.py:652 +msgid "Authentication failed (before login check failed): {}" +msgstr "认证失败(登录前检查失败): {}" + #: authentication/mixins.py:256 msgid "The MFA type ({}) is not enabled" msgstr "该 MFA ({}) 方式没有启用" @@ -2279,6 +2284,7 @@ msgid "Need MFA for view auth" msgstr "需要 MFA 认证来查看账号信息" #: authentication/templates/authentication/_mfa_confirm_modal.html:20 +#: authentication/templates/authentication/auth_fail_flash_message_standalone.html:37 #: templates/_modal.html:23 templates/flash_message_standalone.html:37 #: users/templates/users/user_password_verify.html:20 msgid "Confirm" @@ -2293,7 +2299,7 @@ msgstr "代码错误" #: authentication/templates/authentication/_msg_reset_password.html:3 #: authentication/templates/authentication/_msg_rest_password_success.html:2 #: authentication/templates/authentication/_msg_rest_public_key_success.html:2 -#: jumpserver/conf.py:316 ops/tasks.py:145 ops/tasks.py:148 +#: jumpserver/conf.py:390 ops/tasks.py:145 ops/tasks.py:148 #: perms/templates/perms/_msg_item_permissions_expire.html:3 #: perms/templates/perms/_msg_permed_items_expire.html:3 #: tickets/templates/tickets/approve_check_password.html:33 @@ -2376,6 +2382,11 @@ msgid "" "security issues" msgstr "如果这次公钥更新不是由你发起的,那么你的账号可能存在安全问题" +#: authentication/templates/authentication/auth_fail_flash_message_standalone.html:28 +#: templates/flash_message_standalone.html:28 tickets/const.py:20 +msgid "Cancel" +msgstr "取消" + #: authentication/templates/authentication/login.html:221 msgid "Welcome back, please enter username and password to login" msgstr "欢迎回来,请输入用户名和密码登录" @@ -2681,6 +2692,14 @@ msgstr "企业微信错误,请联系系统管理员" msgid "Signature does not match" msgstr "签名不匹配" +#: common/sdk/sms/cmpp2.py:46 +msgid "sp_id is 6 bits" +msgstr "SP_id 为6位" + +#: common/sdk/sms/cmpp2.py:216 +msgid "Failed to connect to the CMPP gateway server, err: {}" +msgstr "连接网关服务器错误,错误:{}" + #: common/sdk/sms/endpoint.py:16 msgid "Alibaba cloud" msgstr "阿里云" @@ -2733,11 +2752,11 @@ msgstr "不能包含特殊字符" msgid "The mobile phone number format is incorrect" msgstr "手机号格式不正确" -#: jumpserver/conf.py:315 +#: jumpserver/conf.py:389 msgid "Create account successfully" msgstr "创建账号成功" -#: jumpserver/conf.py:317 +#: jumpserver/conf.py:391 msgid "Your account has been created successfully" msgstr "你的账号已创建成功" @@ -2990,8 +3009,8 @@ msgstr "组织存在资源 ({}) 不能被删除" msgid "App organizations" msgstr "组织管理" -#: orgs/mixins/models.py:57 orgs/mixins/serializers.py:25 orgs/models.py:80 -#: orgs/models.py:211 rbac/const.py:7 rbac/models/rolebinding.py:48 +#: orgs/mixins/models.py:57 orgs/mixins/serializers.py:25 orgs/models.py:85 +#: orgs/models.py:217 rbac/const.py:7 rbac/models/rolebinding.py:48 #: rbac/serializers/rolebinding.py:40 settings/serializers/auth/ldap.py:62 #: tickets/models/ticket/general.py:300 tickets/serializers/ticket/ticket.py:71 msgid "Organization" @@ -3233,27 +3252,27 @@ msgstr "{} 至少有一个系统角色" msgid "RBAC" msgstr "RBAC" -#: rbac/builtin.py:108 +#: rbac/builtin.py:111 msgid "SystemAdmin" msgstr "系统管理员" -#: rbac/builtin.py:111 +#: rbac/builtin.py:114 msgid "SystemAuditor" msgstr "系统审计员" -#: rbac/builtin.py:114 +#: rbac/builtin.py:117 msgid "SystemComponent" msgstr "系统组件" -#: rbac/builtin.py:120 +#: rbac/builtin.py:123 msgid "OrgAdmin" msgstr "组织管理员" -#: rbac/builtin.py:123 +#: rbac/builtin.py:126 msgid "OrgAuditor" msgstr "组织审计员" -#: rbac/builtin.py:126 +#: rbac/builtin.py:129 msgid "OrgUser" msgstr "组织用户" @@ -3809,12 +3828,12 @@ msgid "Test phone" msgstr "测试手机号" #: settings/serializers/auth/sms.py:54 -msgid "Gateway account(SP id)" -msgstr "网关账号(SP id)" +msgid "Enterprise code(SP id)" +msgstr "企业代码(SP id)" #: settings/serializers/auth/sms.py:55 -msgid "Gateway password(SP secret)" -msgstr "网关密码(SP secret)" +msgid "Shared secret(Shared secret)" +msgstr "共享密码(Shared secret)" #: settings/serializers/auth/sms.py:56 msgid "Original number(Src id)" @@ -3829,6 +3848,7 @@ msgid "Template" msgstr "模板" #: settings/serializers/auth/sms.py:61 +#, python-brace-format msgid "" "Template need contain {code} and Signature + template length does not exceed " "67 words. For example, your verification code is {code}, which is valid for " @@ -3846,7 +3866,7 @@ msgstr "模板需要包含 {code}" msgid "Signature + Template must not exceed 65 words" msgstr "模板+签名不能超过65个字" -#: settings/serializers/auth/sso.py:12 +#: settings/serializers/auth/sso.py:11 msgid "Enable SSO auth" msgstr "启用 SSO Token 认证" @@ -4480,10 +4500,6 @@ msgstr "成功匹配 {} 个用户" msgid "Authentication failed (configuration incorrect): {}" msgstr "认证失败(配置错误): {}" -#: settings/utils/ldap.py:652 -msgid "Authentication failed (before login check failed): {}" -msgstr "认证失败(登录前检查失败): {}" - #: settings/utils/ldap.py:654 msgid "Authentication failed (username or password incorrect): {}" msgstr "认证失败 (用户名或密码不正确): {}" @@ -4649,10 +4665,6 @@ msgstr "验证码已发送" msgid "Home page" msgstr "首页" -#: templates/flash_message_standalone.html:28 tickets/const.py:20 -msgid "Cancel" -msgstr "取消" - #: templates/resource_download.html:18 templates/resource_download.html:31 msgid "Client" msgstr "客户端" @@ -6411,11 +6423,11 @@ msgstr "云账号" msgid "Test cloud account" msgstr "测试云账号" -#: xpack/plugins/cloud/models.py:85 xpack/plugins/cloud/serializers/task.py:66 +#: xpack/plugins/cloud/models.py:85 xpack/plugins/cloud/serializers/task.py:67 msgid "Account" msgstr "账号" -#: xpack/plugins/cloud/models.py:88 xpack/plugins/cloud/serializers/task.py:37 +#: xpack/plugins/cloud/models.py:88 xpack/plugins/cloud/serializers/task.py:38 msgid "Regions" msgstr "地域" @@ -6423,19 +6435,19 @@ msgstr "地域" msgid "Hostname strategy" msgstr "主机名策略" -#: xpack/plugins/cloud/models.py:100 xpack/plugins/cloud/serializers/task.py:67 +#: xpack/plugins/cloud/models.py:100 xpack/plugins/cloud/serializers/task.py:68 msgid "Unix admin user" msgstr "Unix 管理员" -#: xpack/plugins/cloud/models.py:104 xpack/plugins/cloud/serializers/task.py:68 +#: xpack/plugins/cloud/models.py:104 xpack/plugins/cloud/serializers/task.py:69 msgid "Windows admin user" msgstr "Windows 管理员" -#: xpack/plugins/cloud/models.py:110 xpack/plugins/cloud/serializers/task.py:45 +#: xpack/plugins/cloud/models.py:110 xpack/plugins/cloud/serializers/task.py:46 msgid "IP network segment group" msgstr "IP网段组" -#: xpack/plugins/cloud/models.py:113 xpack/plugins/cloud/serializers/task.py:71 +#: xpack/plugins/cloud/models.py:113 xpack/plugins/cloud/serializers/task.py:72 msgid "Always update" msgstr "总是更新" @@ -6740,32 +6752,34 @@ msgstr "测试端口" #: xpack/plugins/cloud/serializers/task.py:29 msgid "" -"The IP address that is first matched to will be used as the IP of the " -"created asset.
The default * indicates a random match.
Format for " -"comma-delimited string, Such as: 192.168.1.0/24, 10.1.1.1-10.1.1.20" +"Only instances matching the IP range will be synced.
If the instance " +"contains multiple IP addresses, the first IP address that matches will be " +"used as the IP for the created asset.
The default value of * means sync " +"all instances and randomly match IP addresses.
Format for comma-" +"delimited string, Such as: 192.168.1.0/24, 10.1.1.1-10.1.1.20" msgstr "" "只有匹配到 IP 段的实例会被同步。
如果实例包含多个 IP 地址,那么第一个匹配" "到的 IP 地址将被用作创建的资产的 IP。
默认值 * 表示同步所有实例和随机匹配 " "IP 地址。
格式为以逗号分隔的字符串,例如:192.168.1.0/24,10.1.1.1-10.1.1.20" -#: xpack/plugins/cloud/serializers/task.py:35 +#: xpack/plugins/cloud/serializers/task.py:36 msgid "History count" msgstr "执行次数" -#: xpack/plugins/cloud/serializers/task.py:36 +#: xpack/plugins/cloud/serializers/task.py:37 msgid "Instance count" msgstr "实例个数" -#: xpack/plugins/cloud/serializers/task.py:65 +#: xpack/plugins/cloud/serializers/task.py:66 msgid "Linux admin user" msgstr "Linux 管理员" -#: xpack/plugins/cloud/serializers/task.py:70 +#: xpack/plugins/cloud/serializers/task.py:71 #: xpack/plugins/gathered_user/serializers.py:20 msgid "Periodic display" msgstr "定时执行" -#: xpack/plugins/cloud/utils.py:68 +#: xpack/plugins/cloud/utils.py:69 msgid "Account unavailable" msgstr "账号无效" diff --git a/apps/settings/api/sms.py b/apps/settings/api/sms.py index a886a3d8f..668b5ec56 100644 --- a/apps/settings/api/sms.py +++ b/apps/settings/api/sms.py @@ -136,4 +136,7 @@ class SMSTestingAPI(GenericAPIView): error = e.detail status_code = status.HTTP_400_BAD_REQUEST data = {'error': error} + except Exception as e: + status_code = status.HTTP_400_BAD_REQUEST + data = {'error': str(e)} return Response(status=status_code, data=data) diff --git a/apps/settings/serializers/auth/sms.py b/apps/settings/serializers/auth/sms.py index 8875f6437..d3f96b33f 100644 --- a/apps/settings/serializers/auth/sms.py +++ b/apps/settings/serializers/auth/sms.py @@ -51,8 +51,8 @@ class TencentSMSSettingSerializer(BaseSMSSettingSerializer): class CMPP2SMSSettingSerializer(BaseSMSSettingSerializer): CMPP2_HOST = serializers.CharField(max_length=256, required=True, label=_('Host')) CMPP2_PORT = serializers.IntegerField(default=7890, label=_('Port')) - CMPP2_SP_ID = serializers.CharField(max_length=128, required=True, label=_('Gateway account(SP id)')) - CMPP2_SP_SECRET = EncryptedField(max_length=256, required=False, label=_('Gateway password(SP secret)')) + CMPP2_SP_ID = serializers.CharField(max_length=128, required=True, label=_('Enterprise code(SP id)')) + CMPP2_SP_SECRET = EncryptedField(max_length=256, required=False, label=_('Shared secret(Shared secret)')) CMPP2_SRC_ID = serializers.CharField(max_length=256, required=False, label=_('Original number(Src id)')) CMPP2_SERVICE_ID = serializers.CharField(max_length=256, required=True, label=_('Business type(Service id)')) CMPP2_VERIFY_SIGN_NAME = serializers.CharField(max_length=256, required=True, label=_('Signature')) From acf8b5798b9bd96356a4165b056e0a2e3a18d17e Mon Sep 17 00:00:00 2001 From: Eric Date: Wed, 10 Aug 2022 18:17:59 +0800 Subject: [PATCH 27/33] =?UTF-8?q?perf:=20=E4=BC=98=E5=8C=96rdp=E6=96=87?= =?UTF-8?q?=E4=BB=B6=E5=90=8D=E7=9A=84=E6=98=BE=E7=A4=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/authentication/api/connection_token.py | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/apps/authentication/api/connection_token.py b/apps/authentication/api/connection_token.py index ecd329af0..2b4ce7e2b 100644 --- a/apps/authentication/api/connection_token.py +++ b/apps/authentication/api/connection_token.py @@ -22,7 +22,6 @@ from ..serializers import ( ) from ..models import ConnectionToken - __all__ = ['ConnectionTokenViewSet', 'SuperConnectionTokenViewSet'] @@ -174,9 +173,8 @@ class ConnectionTokenMixin: rdp_options['remoteapplicationname:s'] = name else: name = '*' - - filename = "{}-{}-jumpserver".format(token.user.username, name) - filename = urllib.parse.quote(filename) + prefix_name = f'{token.user.username}-{name}' + filename = self.get_connect_filename(prefix_name) content = '' for k, v in rdp_options.items(): @@ -184,6 +182,15 @@ class ConnectionTokenMixin: return filename, content + @staticmethod + def get_connect_filename(prefix_name): + prefix_name = prefix_name.replace('/', '_') + prefix_name = prefix_name.replace('\\', '_') + prefix_name = prefix_name.replace('.', '_') + filename = f'{prefix_name}-jumpserver' + filename = urllib.parse.quote(filename) + return filename + def get_ssh_token(self, token: ConnectionToken): if token.asset: name = token.asset.hostname @@ -191,7 +198,8 @@ class ConnectionTokenMixin: name = token.application.name else: name = '*' - filename = f'{token.user.username}-{name}-jumpserver' + prefix_name = f'{token.user.username}-{name}' + filename = self.get_connect_filename(prefix_name) endpoint = self.get_smart_endpoint( protocol='ssh', asset=token.asset, application=token.application @@ -326,4 +334,3 @@ class SuperConnectionTokenViewSet(ConnectionTokenViewSet): 'msg': f'Token is renewed, date expired: {date_expired}' } return Response(data=data, status=status.HTTP_200_OK) - From 795d6e01dc821ea7524ab685332767b464309f1b Mon Sep 17 00:00:00 2001 From: "Jiangjie.Bai" Date: Wed, 10 Aug 2022 19:00:22 +0800 Subject: [PATCH 28/33] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E6=B5=8B?= =?UTF-8?q?=E8=AF=95IP=E5=9C=B0=E5=9D=80=E5=B7=A5=E5=85=B7=E7=9A=84?= =?UTF-8?q?=E9=BB=98=E8=AE=A4=E8=B6=85=E5=B8=82=E6=97=B6=E9=97=B4=E4=B8=BA?= =?UTF-8?q?=200.5s?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/common/utils/common.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/common/utils/common.py b/apps/common/utils/common.py index 0a177735d..44920a339 100644 --- a/apps/common/utils/common.py +++ b/apps/common/utils/common.py @@ -369,7 +369,7 @@ def group_by_count(it, count): return [it[i:i+count] for i in range(0, len(it), count)] -def test_ip_connectivity(host, port, timeout=3): +def test_ip_connectivity(host, port, timeout=0.5): """ timeout: seconds """ @@ -388,4 +388,4 @@ def static_or_direct(logo_path): if logo_path.startswith('img/'): return static(logo_path) else: - return logo_path \ No newline at end of file + return logo_path From 6af20d298dd2b2cdba303b95b406626df5741ccc Mon Sep 17 00:00:00 2001 From: "Jiangjie.Bai" Date: Wed, 10 Aug 2022 19:04:32 +0800 Subject: [PATCH 29/33] =?UTF-8?q?perf:=20=E4=BF=AE=E6=94=B9=E7=BF=BB?= =?UTF-8?q?=E8=AF=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/locale/ja/LC_MESSAGES/django.po | 9 +++++++-- apps/locale/zh/LC_MESSAGES/django.po | 9 +++++++-- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/apps/locale/ja/LC_MESSAGES/django.po b/apps/locale/ja/LC_MESSAGES/django.po index 29d6b9ec0..655e05db0 100644 --- a/apps/locale/ja/LC_MESSAGES/django.po +++ b/apps/locale/ja/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-08-10 14:50+0800\n" +"POT-Creation-Date: 2022-08-10 19:03+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -529,7 +529,7 @@ msgstr "内部" #: assets/models/asset.py:162 assets/models/asset.py:216 #: assets/serializers/account.py:15 assets/serializers/asset.py:63 #: perms/serializers/asset/user_permission.py:43 -#: xpack/plugins/cloud/serializers/account_attrs.py:159 +#: xpack/plugins/cloud/serializers/account_attrs.py:162 msgid "Platform" msgstr "プラットフォーム" @@ -3924,6 +3924,7 @@ msgid "SSO auth key TTL" msgstr "Token有効期間" #: settings/serializers/auth/sso.py:15 +#: xpack/plugins/cloud/serializers/account_attrs.py:159 msgid "Unit: second" msgstr "単位: 秒" @@ -6847,6 +6848,10 @@ msgstr "IP セグメント" msgid "Test port" msgstr "テストポート" +#: xpack/plugins/cloud/serializers/account_attrs.py:159 +msgid "Test timeout" +msgstr "テストタイムアウト" + #: xpack/plugins/cloud/serializers/task.py:29 msgid "" "Only instances matching the IP range will be synced.
If the instance " diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index 42bacedf9..d36c5f037 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: JumpServer 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-08-10 14:50+0800\n" +"POT-Creation-Date: 2022-08-10 19:03+0800\n" "PO-Revision-Date: 2021-05-20 10:54+0800\n" "Last-Translator: ibuler \n" "Language-Team: JumpServer team\n" @@ -524,7 +524,7 @@ msgstr "内部的" #: assets/models/asset.py:162 assets/models/asset.py:216 #: assets/serializers/account.py:15 assets/serializers/asset.py:63 #: perms/serializers/asset/user_permission.py:43 -#: xpack/plugins/cloud/serializers/account_attrs.py:159 +#: xpack/plugins/cloud/serializers/account_attrs.py:162 msgid "Platform" msgstr "系统平台" @@ -3879,6 +3879,7 @@ msgid "SSO auth key TTL" msgstr "Token 有效期" #: settings/serializers/auth/sso.py:15 +#: xpack/plugins/cloud/serializers/account_attrs.py:159 msgid "Unit: second" msgstr "单位: 秒" @@ -6750,6 +6751,10 @@ msgstr "IP 网段" msgid "Test port" msgstr "测试端口" +#: xpack/plugins/cloud/serializers/account_attrs.py:159 +msgid "Test timeout" +msgstr "测试超时时间" + #: xpack/plugins/cloud/serializers/task.py:29 msgid "" "Only instances matching the IP range will be synced.
If the instance " From a14ebc5f0f568af4dbbb2e136d601f1e5d0e0158 Mon Sep 17 00:00:00 2001 From: huangzhiwen Date: Wed, 10 Aug 2022 19:30:54 +0800 Subject: [PATCH 30/33] =?UTF-8?q?fix:=20=E8=A7=A3=E5=86=B3=E7=AC=AC?= =?UTF-8?q?=E4=B8=89=E6=96=B9=E7=99=BB=E5=BD=95=E6=97=A0=E9=99=90=E9=87=8D?= =?UTF-8?q?=E5=AE=9A=E5=90=91=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/authentication/middleware.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/apps/authentication/middleware.py b/apps/authentication/middleware.py index 9a55bdfa2..5b6d7c06f 100644 --- a/apps/authentication/middleware.py +++ b/apps/authentication/middleware.py @@ -78,9 +78,10 @@ class ThirdPartyLoginMiddleware(mixins.AuthMixin): 'redirect_url': reverse('authentication:login'), 'auto_redirect': True, } - response = render( - request, 'authentication/auth_fail_flash_message_standalone.html', context) + response = render(request, 'authentication/auth_fail_flash_message_standalone.html', context) else: + if not self.request.session['auth_confirm_required']: + return response guard_url = reverse('authentication:login-guard') args = request.META.get('QUERY_STRING', '') if args: From 28c8ec1fab98018b4835767a190b2fd708e7cc2e Mon Sep 17 00:00:00 2001 From: feng626 <1304903146@qq.com> Date: Tue, 9 Aug 2022 21:57:22 +0800 Subject: [PATCH 31/33] =?UTF-8?q?feat:=20=E6=B7=BB=E5=8A=A0app=20=E8=8E=B7?= =?UTF-8?q?=E5=8F=96=E5=AF=B9=E5=BA=94actions=E6=8E=A5=E5=8F=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../api/application/application_permission.py | 18 +++++++++++++++--- apps/perms/urls/application_permission.py | 2 ++ 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/apps/perms/api/application/application_permission.py b/apps/perms/api/application/application_permission.py index 798455053..bd8fb3452 100644 --- a/apps/perms/api/application/application_permission.py +++ b/apps/perms/api/application/application_permission.py @@ -1,8 +1,12 @@ # -*- coding: utf-8 -*- # -from applications.models import Application -from perms.models import ApplicationPermission +from rest_framework.response import Response +from rest_framework.generics import RetrieveAPIView + from perms import serializers +from perms.models import ApplicationPermission +from applications.models import Application +from common.permissions import IsValidUser from ..base import BasePermissionViewSet @@ -23,7 +27,7 @@ class ApplicationPermissionViewSet(BasePermissionViewSet): 'application_id', 'application', 'app', 'app_name' ] ordering_fields = ('name',) - ordering = ('name', ) + ordering = ('name',) def get_queryset(self): queryset = super().get_queryset().prefetch_related( @@ -53,3 +57,11 @@ class ApplicationPermissionViewSet(BasePermissionViewSet): queryset = self.filter_application(queryset) return queryset + +class ApplicationPermissionActionsApi(RetrieveAPIView): + permission_classes = (IsValidUser,) + + def retrieve(self, request, *args, **kwargs): + category = request.GET.get('category') + actions = ApplicationPermission.get_include_actions_choices(category=category) + return Response(data=actions) diff --git a/apps/perms/urls/application_permission.py b/apps/perms/urls/application_permission.py index 4ed9e6d37..50772a8d5 100644 --- a/apps/perms/urls/application_permission.py +++ b/apps/perms/urls/application_permission.py @@ -37,6 +37,8 @@ permission_urlpatterns = [ # 验证用户是否有某个应用的权限 path('user/validate/', api.ValidateUserApplicationPermissionApi.as_view(), name='validate-user-application-permission'), + + path('applications/actions/', api.ApplicationPermissionActionsApi.as_view(), name='application-actions'), ] application_permission_urlpatterns = [ From cfa5de13ab33252d1bc5f0b40defbc7b39bc83eb Mon Sep 17 00:00:00 2001 From: feng626 <1304903146@qq.com> Date: Thu, 11 Aug 2022 11:07:17 +0800 Subject: [PATCH 32/33] =?UTF-8?q?feat:=20=E8=8A=82=E7=82=B9=E6=A0=91?= =?UTF-8?q?=E6=90=9C=E7=B4=A2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/assets/api/mixin.py | 2 +- apps/assets/api/node.py | 11 ++++++++++- apps/assets/models/node.py | 11 +++++++++-- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/apps/assets/api/mixin.py b/apps/assets/api/mixin.py index 7f485bf29..43220a1a5 100644 --- a/apps/assets/api/mixin.py +++ b/apps/assets/api/mixin.py @@ -24,7 +24,7 @@ class SerializeToTreeNodeMixin: 'title': _name(node), 'pId': node.parent_key, 'isParent': True, - 'open': node.is_org_root(), + 'open': True, 'meta': { 'data': { "id": node.id, diff --git a/apps/assets/api/node.py b/apps/assets/api/node.py index 2bb77b60c..0ef3aecc6 100644 --- a/apps/assets/api/node.py +++ b/apps/assets/api/node.py @@ -101,6 +101,8 @@ class NodeListAsTreeApi(generics.ListAPIView): class NodeChildrenApi(generics.ListCreateAPIView): serializer_class = serializers.NodeSerializer + search_fields = ('value',) + instance = None is_initial = False @@ -179,8 +181,15 @@ class NodeChildrenAsTreeApi(SerializeToTreeNodeMixin, NodeChildrenApi): """ model = Node + def filter_queryset(self, queryset): + if not self.request.GET.get('search'): + return queryset + queryset = super().filter_queryset(queryset) + queryset = self.model.get_ancestor_queryset(queryset) + return queryset + def list(self, request, *args, **kwargs): - nodes = self.get_queryset().order_by('value') + nodes = self.filter_queryset(self.get_queryset()).order_by('value') nodes = self.serialize_nodes(nodes, with_asset_amount=True) assets = self.get_assets() data = [*nodes, *assets] diff --git a/apps/assets/models/node.py b/apps/assets/models/node.py index dcebab3eb..0e98bce14 100644 --- a/apps/assets/models/node.py +++ b/apps/assets/models/node.py @@ -25,7 +25,6 @@ from orgs.mixins.models import OrgModelMixin, OrgManager from orgs.utils import get_current_org, tmp_to_org, tmp_to_root_org from orgs.models import Organization - __all__ = ['Node', 'FamilyMixin', 'compute_parent_key', 'NodeQuerySet'] logger = get_logger(__name__) @@ -98,6 +97,14 @@ class FamilyMixin: q |= Q(key=self.key) return Node.objects.filter(q) + @classmethod + def get_ancestor_queryset(cls, queryset, with_self=True): + parent_keys = set() + for i in queryset: + parent_keys.update(set(i.get_ancestor_keys(with_self=with_self))) + queryset = queryset.model.objects.filter(key__in=list(parent_keys)).distinct() + return queryset + @property def children(self): return self.get_children(with_self=False) @@ -396,7 +403,7 @@ class NodeAllAssetsMappingMixin: mapping[ancestor_key].update(asset_ids) t3 = time.time() - logger.info('t1-t2(DB Query): {} s, t3-t2(Generate mapping): {} s'.format(t2-t1, t3-t2)) + logger.info('t1-t2(DB Query): {} s, t3-t2(Generate mapping): {} s'.format(t2 - t1, t3 - t2)) return mapping From 16634907b437cc4d53240b9331223f95f54d1c21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=90=B4=E5=B0=8F=E7=99=BD?= <296015668@qq.com> Date: Wed, 10 Aug 2022 19:07:54 +0800 Subject: [PATCH 33/33] =?UTF-8?q?perf:=20ldap=20=E6=94=AF=E6=8C=81?= =?UTF-8?q?=E5=AE=A2=E6=88=B7=E7=AB=AF=E8=AF=81=E4=B9=A6=E8=AE=A4=E8=AF=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/jumpserver/settings/auth.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/apps/jumpserver/settings/auth.py b/apps/jumpserver/settings/auth.py index 0270913b0..de43b03be 100644 --- a/apps/jumpserver/settings/auth.py +++ b/apps/jumpserver/settings/auth.py @@ -24,9 +24,15 @@ AUTH_LDAP_GLOBAL_OPTIONS = { ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER, ldap.OPT_REFERRALS: CONFIG.AUTH_LDAP_OPTIONS_OPT_REFERRALS } -LDAP_CERT_FILE = os.path.join(PROJECT_DIR, "data", "certs", "ldap_ca.pem") +LDAP_CACERT_FILE = os.path.join(PROJECT_DIR, "data", "certs", "ldap_ca.pem") +if os.path.isfile(LDAP_CACERT_FILE): + AUTH_LDAP_GLOBAL_OPTIONS[ldap.OPT_X_TLS_CACERTFILE] = LDAP_CACERT_FILE +LDAP_CERT_FILE = os.path.join(PROJECT_DIR, "data", "certs", "ldap_cert.pem") if os.path.isfile(LDAP_CERT_FILE): - AUTH_LDAP_GLOBAL_OPTIONS[ldap.OPT_X_TLS_CACERTFILE] = LDAP_CERT_FILE + AUTH_LDAP_GLOBAL_OPTIONS[ldap.OPT_X_TLS_CERTFILE] = LDAP_CERT_FILE +LDAP_KEY_FILE = os.path.join(PROJECT_DIR, "data", "certs", "ldap_cert.key") +if os.path.isfile(LDAP_KEY_FILE): + AUTH_LDAP_GLOBAL_OPTIONS[ldap.OPT_X_TLS_KEYFILE] = LDAP_KEY_FILE # AUTH_LDAP_GROUP_SEARCH_OU = CONFIG.AUTH_LDAP_GROUP_SEARCH_OU # AUTH_LDAP_GROUP_SEARCH_FILTER = CONFIG.AUTH_LDAP_GROUP_SEARCH_FILTER # AUTH_LDAP_GROUP_SEARCH = LDAPSearch(