github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #2904 from jumpserver/dev 

Dev
pull/3007/head
老广 2019-07-08 16:05:24 +08:00 committed by GitHub
parent 52d528613e f3b5823cce
commit 8918da48f8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
18 changed files with 422 additions and 285 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
apps/assets/forms/user.py
View File

@ -65,17 +65,7 @@ class PasswordAndKeyAuthForm(forms.ModelForm):
class AdminUserForm(PasswordAndKeyAuthForm):
def save(self, commit=True):
# Because we define custom field, so we need rewrite :method: `save`
admin_user = super().save(commit=commit)
password = self.cleaned_data.get('password', '') or None
private_key, public_key = super().gen_keys()
admin_user.set_auth(password=password, public_key=public_key, private_key=private_key)
return admin_user
def clean(self):
super().clean()
if not self.instance:
super().validate_password_key()
raise forms.ValidationError("Use api to save")
class Meta:
model = AdminUser
@ -91,51 +81,7 @@ class SystemUserForm(OrgModelForm, PasswordAndKeyAuthForm):
auto_generate_key = forms.BooleanField(initial=True, required=False)
def save(self, commit=True):
# Because we define custom field, so we need rewrite :method: `save`
system_user = super().save()
password = self.cleaned_data.get('password', '') or None
login_mode = self.cleaned_data.get('login_mode', '') or None
protocol = self.cleaned_data.get('protocol') or None
auto_generate_key = self.cleaned_data.get('auto_generate_key', False)
private_key, public_key = super().gen_keys()
if login_mode == SystemUser.LOGIN_MANUAL or \
protocol in [SystemUser.PROTOCOL_TELNET,
SystemUser.PROTOCOL_VNC]:
system_user.auto_push = 0
system_user.save()
auto_generate_key = False
if auto_generate_key:
logger.info('Auto generate key and set system user auth')
if protocol == SystemUser.PROTOCOL_SSH:
system_user.auto_gen_auth()
elif protocol == SystemUser.PROTOCOL_RDP:
system_user.auto_gen_auth_password()
else:
system_user.set_auth(password=password, private_key=private_key,
public_key=public_key)
return system_user
def clean(self):
super().clean()
auto_generate = self.cleaned_data.get('auto_generate_key')
if not self.instance and not auto_generate:
super().validate_password_key()
def clean_username(self):
username = self.data.get('username')
login_mode = self.data.get('login_mode')
protocol = self.data.get('protocol')
if username:
return username
if login_mode == SystemUser.LOGIN_AUTO and \
protocol != SystemUser.PROTOCOL_VNC:
msg = _('* Automatic login mode must fill in the username.')
raise forms.ValidationError(msg)
return username
raise forms.ValidationError("Use api to save")
class Meta:
model = SystemUser

11
apps/assets/models/base.py
View File

@ -197,6 +197,17 @@ class AssetUser(OrgModelMixin):
self.public_key = ''
self.save()
@staticmethod
def gen_password():
return str(uuid.uuid4())
@staticmethod
def gen_key(username):
private_key, public_key = ssh_key_gen(
username=username
)
return private_key, public_key
def auto_gen_auth(self):
password = str(uuid.uuid4())
private_key, public_key = ssh_key_gen(

4
apps/assets/serializers/admin_user.py
View File

@ -8,10 +8,10 @@ from common.serializers import AdaptedBulkListSerializer
from ..models import Node, AdminUser
from orgs.mixins import BulkOrgResourceModelSerializer
from .base import AuthSerializer
from .base import AuthSerializer, AuthSerializerMixin
class AdminUserSerializer(BulkOrgResourceModelSerializer):
class AdminUserSerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer):
"""
管理用户
"""

12
apps/assets/serializers/asset_user.py
View File

@ -4,12 +4,11 @@
from django.utils.translation import ugettext as _
from rest_framework import serializers
from common.utils import validate_ssh_private_key
from common.serializers import AdaptedBulkListSerializer
from orgs.mixins import BulkOrgResourceModelSerializer
from ..models import AuthBook, Asset
from ..backends import AssetUserManager
from .base import ConnectivitySerializer
from .base import ConnectivitySerializer, AuthSerializerMixin
__all__ = [
@ -24,7 +23,7 @@ class BasicAssetSerializer(serializers.ModelSerializer):
fields = ['hostname', 'ip']
class AssetUserSerializer(BulkOrgResourceModelSerializer):
class AssetUserSerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer):
hostname = serializers.CharField(read_only=True, label=_("Hostname"))
ip = serializers.CharField(read_only=True, label=_("IP"))
connectivity = ConnectivitySerializer(read_only=True, label=_("Connectivity"))
@ -50,13 +49,6 @@ class AssetUserSerializer(BulkOrgResourceModelSerializer):
'public_key': {'write_only': True},
}
def validate_private_key(self, key):
password = self.initial_data.get("password")
valid = validate_ssh_private_key(key, password)
if not valid:
raise serializers.ValidationError(_("private key invalid"))
return key
def create(self, validated_data):
if not validated_data.get("name") and validated_data.get("username"):
validated_data["name"] = validated_data["username"]

38
apps/assets/serializers/base.py
View File

@ -2,7 +2,7 @@
#
from rest_framework import serializers
from common.utils import ssh_pubkey_gen
from common.utils import ssh_pubkey_gen, validate_ssh_private_key
class AuthSerializer(serializers.ModelSerializer):
@ -28,4 +28,38 @@ class AuthSerializer(serializers.ModelSerializer):
class ConnectivitySerializer(serializers.Serializer):
status = serializers.IntegerField()
datetime = serializers.DateTimeField()
datetime = serializers.DateTimeField()
class AuthSerializerMixin:
def validate_password(self, password):
return password
def validate_private_key(self, private_key):
if not private_key:
return
password = self.initial_data.get("password")
valid = validate_ssh_private_key(private_key, password)
if not valid:
raise serializers.ValidationError(_("private key invalid"))
return private_key
def validate_public_key(self, public_key):
return public_key
@staticmethod
def clean_auth_fields(validated_data):
for field in ('password', 'private_key', 'public_key'):
value = validated_data.get(field)
if not value:
validated_data.pop(field, None)
# print(validated_data)
# raise serializers.ValidationError(">>>>>>")
def create(self, validated_data):
self.clean_auth_fields(validated_data)
return super().create(validated_data)
def update(self, instance, validated_data):
self.clean_auth_fields(validated_data)
return super().update(instance, validated_data)

65
apps/assets/serializers/system_user.py
View File

@ -5,13 +5,14 @@ from django.utils.translation import ugettext_lazy as _
from common.serializers import AdaptedBulkListSerializer
from orgs.mixins import BulkOrgResourceModelSerializer
from ..models import SystemUser
from .base import AuthSerializer
from .base import AuthSerializer, AuthSerializerMixin
class SystemUserSerializer(BulkOrgResourceModelSerializer):
class SystemUserSerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer):
"""
系统用户
"""
auto_generate_key = serializers.BooleanField(initial=True, required=False, write_only=True)
class Meta:
model = SystemUser
@ -20,7 +21,7 @@ class SystemUserSerializer(BulkOrgResourceModelSerializer):
'id', 'name', 'username', 'password', 'public_key', 'private_key',
'login_mode', 'login_mode_display', 'priority', 'protocol',
'auto_push', 'cmd_filters', 'sudo', 'shell', 'comment', 'nodes',
'assets_amount', 'connectivity_amount'
'assets_amount', 'connectivity_amount', 'auto_generate_key'
]
extra_kwargs = {
'password': {"write_only": True},
@ -32,6 +33,63 @@ class SystemUserSerializer(BulkOrgResourceModelSerializer):
'created_by': {'read_only': True},
}
def validate_auto_push(self, value):
login_mode = self.initial_data.get("login_mode")
protocol = self.initial_data.get("protocol")
if login_mode == SystemUser.LOGIN_MANUAL or \
protocol in [SystemUser.PROTOCOL_TELNET,
SystemUser.PROTOCOL_VNC]:
value = False
return value
def validate_auto_generate_key(self, value):
login_mode = self.initial_data.get("login_mode")
protocol = self.initial_data.get("protocol")
if self.context["request"].method.lower() != "post":
value = False
elif self.instance:
value = False
elif login_mode == SystemUser.LOGIN_MANUAL:
value = False
elif protocol in [SystemUser.PROTOCOL_TELNET, SystemUser.PROTOCOL_VNC]:
value = False
return value
def validate_username(self, username):
if username:
return username
login_mode = self.validated_data.get("login_mode")
protocol = self.validated_data.get("protocol")
if login_mode == SystemUser.LOGIN_AUTO and \
protocol != SystemUser.PROTOCOL_VNC:
msg = _('* Automatic login mode must fill in the username.')
raise serializers.ValidationError(msg)
return username
def validate_password(self, password):
super().validate_password(password)
auto_gen_key = self.initial_data.get("auto_generate_key", False)
private_key = self.initial_data.get("private_key")
if not self.instance and not auto_gen_key and not password and not private_key:
raise serializers.ValidationError(_("Password or private key required"))
return password
def validate(self, attrs):
username = attrs.get("username", "manual")
protocol = attrs.get("protocol")
auto_gen_key = attrs.get("auto_generate_key", False)
if auto_gen_key:
password = SystemUser.gen_password()
attrs["password"] = password
if protocol == SystemUser.PROTOCOL_SSH:
private_key, public_key = SystemUser.gen_key(username)
attrs["private_key"] = private_key
attrs["public_key"] = public_key
attrs.pop("auto_generate_key", None)
return attrs
@classmethod
def setup_eager_loading(cls, queryset):
""" Perform necessary eager loading of data. """
@ -52,7 +110,6 @@ class SystemUserAuthSerializer(AuthSerializer):
]
class SystemUserSimpleSerializer(serializers.ModelSerializer):
"""
系统用户最基本信息的数据结构

25
apps/assets/templates/assets/_system_user.html
View File

@ -218,6 +218,31 @@ $(document).ready(function () {
})
.on('change', protocol_id, function(){
fieldDisplay();
}).on("submit", "form", function (evt) {
evt.preventDefault();
{% block formUrl %}
var the_url = '{% url 'api-assets:system-user-list' %}';
var redirect_to = '{% url "assets:system-user-list" %}';
var method = "POST";
{% endblock %}
var form = $("form");
var data = form.serializeObject();
objectAttrsIsBool(data, ["auto_generate_key", "auto_push"]);
data["private_key"] = $("#id_private_key_file").data('file');
var props = {
url: the_url,
data: data,
method: method,
form: form,
redirect_to: redirect_to
};
formSubmit(props);
}).on('change', '#id_private_key_file', function () {
readFile($(this)).on("onload", function (evt, data) {
$(this).attr("data-file", data)
})
})
</script>

2
apps/assets/templates/assets/admin_user_assets.html
View File

@ -23,7 +23,7 @@
</ul>
</div>
<div class="tab-content">
<div class="col-sm-9" style="padding-left: 0;">
<div class="col-sm-8" style="padding-left: 0;">
<div class="ibox float-e-margins">
<div class="ibox-title">
<span style="float: left">{% trans 'Asset list of ' %} <b>{{ admin_user.name }}</b></span>

39
apps/assets/templates/assets/admin_user_create_update.html
View File

@ -54,9 +54,38 @@
</div>
{% endblock %}
{% block custom_foot_js %}
<script>
$(document).ready(function () {
$('.select2').select2();
})
</script>
<script>
$(document).ready(function () {
$('.select2').select2();
})
.on("submit", "form", function (evt) {
evt.preventDefault();
var the_url = '{% url 'api-assets:admin-user-list' %}';
var redirect_to = '{% url "assets:admin-user-list" %}';
var method = "POST";
{% if type == "update" %}
the_url = '{% url 'api-assets:admin-user-detail' pk=object.id %}';
redirect_to = '{% url "assets:admin-user-list" %}';
method = "PUT";
{% endif %}
var form = $("form");
var data = form.serializeObject();
data["private_key"] = $("#id_private_key_file").data('file');
var props = {
url: the_url,
data: data,
method: method,
form: form,
redirect_to: redirect_to
};
formSubmit(props);
})
.on('change', '#id_private_key_file', function () {
readFile($(this)).on("onload", function (evt, data) {
$(this).attr("data-file", data)
})
})
</script>
{% endblock %}

6
apps/assets/templates/assets/system_user_update.html
View File

@ -14,3 +14,9 @@
</div>
{% endblock %}
{% block formUrl %}
var the_url = '{% url 'api-assets:system-user-detail' pk=object.pk %}';
var redirect_to = '{% url "assets:system-user-list" %}';
var method = "PUT";
{% endblock %}

4
apps/assets/views/admin_user.py
View File

@ -47,7 +47,8 @@ class AdminUserCreateView(PermissionsMixin,
def get_context_data(self, **kwargs):
context = {
'app': _('Assets'),
'action': _('Create admin user')
'action': _('Create admin user'),
"type": "create"
}
kwargs.update(context)
return super().get_context_data(**kwargs)
@ -65,6 +66,7 @@ class AdminUserUpdateView(PermissionsMixin, SuccessMessageMixin, UpdateView):
context = {
'app': _('Assets'),
'action': _('Update admin user'),
"type": "update"
}
kwargs.update(context)
return super().get_context_data(**kwargs)

BIN
apps/locale/zh/LC_MESSAGES/django.mo
View File

Binary file not shown.

405
apps/locale/zh/LC_MESSAGES/django.po
View File

File diff suppressed because it is too large Load Diff

2
apps/ops/models/adhoc.py
View File

@ -220,7 +220,7 @@ class AdHoc(models.Model):
time_start = time.time()
try:
date_start = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
history.date_start = date_start
history.date_start = timezone.now()
print(_("{} Start task: {}").format(date_start, self.task.name))
raw, summary = self._run_only()
date_end = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')

10
apps/ops/templates/ops/command_execution_create.html
View File

@ -136,10 +136,12 @@ function getSelectedAssetsNode() {
nodes.forEach(function (node) {
if (node.meta.type === 'asset' && !node.isHidden) {
var protocols = node.meta.asset.protocols;
if (assetsNodeId.indexOf(node.id) === -1 && protocols.indexOf("ssh") > -1) {
assetsNodeId.push(node.id);
assetsNode.push(node)
}
protocols.forEach(function (val) {
if (assetsNodeId.indexOf(node.id) === -1 && val.indexOf("ssh") > -1) {
assetsNodeId.push(node.id);
assetsNode.push(node)
}
});
}
});
return assetsNode;

4
apps/perms/utils/asset_permission.py
View File

@ -470,7 +470,7 @@ class AssetPermissionUtil(AssetPermissionCacheMixin):
assets = defaultdict(lambda: defaultdict(int))
for perm in self.permissions:
actions = [perm.actions]
_assets = perm.assets.all().only(*self.assets_only)
_assets = perm.assets.valid().only(*self.assets_only)
system_users = perm.system_users.all()
iterable = itertools.product(_assets, system_users, actions)
for asset, system_user, action in iterable:
@ -493,7 +493,7 @@ class AssetPermissionUtil(AssetPermissionCacheMixin):
pattern.add(r'^{0}$|^{0}:'.format(node.key))
pattern = '|'.join(list(pattern))
if pattern:
assets = Asset.objects.filter(nodes__key__regex=pattern) \
assets = Asset.objects.filter(nodes__key__regex=pattern).valid() \
.prefetch_related('nodes')\
.only(*self.assets_only)\
.distinct()

20
apps/static/js/jumpserver.js
View File

@ -1156,4 +1156,22 @@ function timeOffset(a, b) {
return seconds.toFixed(1) + " " + getTimeUnits("s")
}
return ""
}
}
function readFile(ref) {
var files = ref.prop('files');
var hasFile = files && files.length > 0;
if (hasFile) {
var reader = new FileReader();//新建一个FileReader
console.log(typeof files[0]);
reader.readAsText(files[0], "UTF-8");//读取文件
reader.onload = function(evt){ //读取完文件之后会回来这里
ref.trigger("onload", evt.target.result);
};
} else {
ref.trigger("onload", null);
}
return ref
}

2
apps/terminal/templates/terminal/session_list.html
View File

@ -72,7 +72,7 @@
<li><a class="search-item" data-value="asset">{% trans 'Asset' %}</a></li>
<li><a class="search-item" data-value="system_user">{% trans 'System user' %}</a></li>
<li><a class="search-item" data-value="remote_addr">{% trans 'Remote addr' %}</a></li>
<li><a class="search-item" data-value="protocol">{% trans 'Protocol' %}</a></li>
{# <li><a class="search-item" data-value="protocol">{% trans 'Protocol' %}</a></li>#}
</ul>
{% endblock %}