github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

Update api

pull/530/head
ibuler 2016-12-29 00:29:59 +08:00
parent d80fec6e60
commit 92d854b971
7 changed files with 51 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/jumpserver/settings.py
View File

@ -278,7 +278,7 @@ REST_FRAMEWORK = {
'users.authentication.AccessKeyAuthentication',
'users.authentication.AccessTokenAuthentication',
'users.authentication.PrivateTokenAuthentication',
'rest_framework.authentication.SessionAuthentication',
'users.authentication.SessionAuthentication',
),
'DEFAULT_FILTER_BACKENDS': ('django_filters.rest_framework.DjangoFilterBackend',),
}

3
apps/perms/api.py
View File

@ -2,6 +2,7 @@
#
from rest_framework.views import APIView, Response
from rest_framework.decorators import api_view
from rest_framework.generics import ListAPIView, get_object_or_404
from rest_framework import viewsets
from users.permissions import IsValidUser, IsSuperUser
@ -127,7 +128,7 @@ class MyGrantedAssetsGroupsApi(APIView):
for asset in assets:
for asset_group in asset.groups.all():
if asset_group.id in asset_groups:
asset_groups[asset_group.id]['asset_amount'] += 1
asset_groups[asset_group.id]['assets_amount'] += 1
else:
asset_groups[asset_group.id] = {
'id': asset_group.id,

21
apps/users/api.py
View File

@ -8,6 +8,9 @@ from django.conf import settings
from rest_framework import generics, viewsets
from rest_framework.response import Response
from rest_framework.views import APIView
from rest_framework.decorators import api_view
from rest_framework.permissions import AllowAny
from rest_framework.authentication import SessionAuthentication
from rest_framework_bulk import BulkModelViewSet
from django_filters.rest_framework import DjangoFilterBackend
@ -86,13 +89,21 @@ class UserGroupUpdateUserApi(generics.RetrieveUpdateAPIView):
class UserToken(APIView):
permission_classes = (IsValidUser,)
permission_classes = (AllowAny,)
def get(self, request):
if not request.user:
return Response({'error': 'unauthorized'})
def post(self, request):
username = request.data.get('username', '')
email = request.data.get('email', '')
password = request.data.get('password', '')
public_key = request.data.get('public_key', '')
user, msg = check_user_valid(username=username, email=email,
password=password, public_key=public_key)
if user:
token = generate_token(request)
return Response({'token': token})
return Response({'Token': token, 'key': 'Bearer'}, status=200)
else:
return Response({'error': msg}, status=406)
class UserProfile(APIView):

5
apps/users/authentication.py
View File

@ -122,3 +122,8 @@ class AccessTokenAuthentication(authentication.BaseAuthentication):
class PrivateTokenAuthentication(authentication.TokenAuthentication):
model = PrivateToken
class SessionAuthentication(authentication.SessionAuthentication):
def enforce_csrf(self, request):
return None

2
apps/users/models/user.py
View File

@ -45,8 +45,6 @@ class User(AbstractUser):
verbose_name=_('Date expired'))
created_by = models.CharField(max_length=30, default='', verbose_name=_('Created by'))
@property
def password_raw(self):
raise AttributeError('Password raw is not a readable attribute')

15
apps/users/urls/api_urls.py
View File

@ -12,18 +12,17 @@ app_name = 'users'
router = BulkRouter()
router.register(r'v1/users', api.UserViewSet, 'user')
router.register(r'v1/user-groups', api.UserGroupViewSet, 'user-group')
# router.register(r'v1/user-groups', api.AssetViewSet, 'api-groups')
urlpatterns = [
url(r'^v1/token$', api.UserToken.as_view(), name='user-token'),
url(r'^v1/profile$', api.UserProfile.as_view(), name='user-profile'),
url(r'^v1/users/(?P<pk>\d+)/reset-password$', api.UserResetPasswordApi.as_view(), name='user-reset-password'),
url(r'^v1/users/(?P<pk>\d+)/reset-pk$', api.UserResetPKApi.as_view(), name='user-reset-pk'),
url(r'^v1/users/(?P<pk>\d+)/update-pk$', api.UserUpdatePKApi.as_view(), name='user-update-pk'),
url(r'^v1/users/(?P<pk>\d+)/groups$',
url(r'^v1/token/$', api.UserToken.as_view(), name='user-token'),
url(r'^v1/profile/$', api.UserProfile.as_view(), name='user-profile'),
url(r'^v1/users/(?P<pk>\d+)/password/reset/$', api.UserResetPasswordApi.as_view(), name='user-reset-password'),
url(r'^v1/users/(?P<pk>\d+)/public-key/reset/$', api.UserResetPKApi.as_view(), name='user-public-key-reset'),
url(r'^v1/users/(?P<pk>\d+)/public-key/update/$', api.UserUpdatePKApi.as_view(), name='user-public-key-update'),
url(r'^v1/users/(?P<pk>\d+)/groups/$',
api.UserUpdateGroupApi.as_view(), name='user-update-group'),
url(r'^v1/user-groups/(?P<pk>\d+)/users$',
url(r'^v1/user-groups/(?P<pk>\d+)/users/$',
api.UserGroupUpdateUserApi.as_view(), name='user-group-update-user'),
]

26
apps/users/utils.py
View File

@ -180,21 +180,33 @@ def send_reset_ssh_key_mail(user):
def check_user_valid(**kwargs):
password = kwargs.pop('password', None)
public_key = kwargs.pop('public_key', None)
user = get_object_or_none(User, **kwargs)
email = kwargs.pop('email')
username = kwargs.pop('username')
if username:
user = get_object_or_none(User, username=username)
elif email:
user = get_object_or_none(User, email=email)
else:
user = None
if user is None:
return None, _('User not exist')
elif not user.is_valid:
return None, _('Disabled or expired')
if user is None or not user.is_valid:
return None
if password and user.check_password(password):
return user
return user, ''
if public_key:
public_key_saved = user.public_key.split()
if len(public_key_saved) == 1:
if public_key == public_key_saved[0]:
return user
return user, ''
elif len(public_key_saved) > 1:
if public_key == public_key_saved[1]:
return user
return None
return user, ''
return None, _('Passowrd or SSH public key invalid')
def refresh_token(token, user):