Secure (#2946)

* [Update] 修改assets * [Update] 添加关闭terminal注册的设置 * [Update] 去掉sql打印
2019-07-15 15:11:01 +08:00 · 2019-07-15 15:11:01 +08:00 · 9d54baac09
parent 382bb89e8e
commit 9d54baac09
6 changed files with 207 additions and 199 deletions
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@ -359,6 +359,7 @@ defaults = {
    'TERMINAL_TELNET_REGEX': '',
    'TERMINAL_COMMAND_STORAGE': {},
    'SECURITY_MFA_AUTH': False,
+    'SECURITY_SERVICE_ACCOUNT_REGISTRATION': True,
    'SECURITY_LOGIN_LIMIT_COUNT': 7,
    'SECURITY_LOGIN_LIMIT_TIME': 30,
    'SECURITY_MAX_IDLE_TIME': 30,
--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@ -568,7 +568,7 @@ SECURITY_PASSWORD_RULES = [
    'SECURITY_PASSWORD_SPECIAL_CHAR'
 ]
 SECURITY_MFA_VERIFY_TTL = CONFIG.SECURITY_MFA_VERIFY_TTL
-
+SECURITY_SERVICE_ACCOUNT_REGISTRATION = CONFIG.SECURITY_SERVICE_ACCOUNT_REGISTRATION
 TERMINAL_PASSWORD_AUTH = CONFIG.TERMINAL_PASSWORD_AUTH
 TERMINAL_PUBLIC_KEY_AUTH = CONFIG.TERMINAL_PUBLIC_KEY_AUTH
 TERMINAL_HEARTBEAT_INTERVAL = CONFIG.TERMINAL_HEARTBEAT_INTERVAL
--- a/apps/locale/zh/LC_MESSAGES/django.mo
+++ b/apps/locale/zh/LC_MESSAGES/django.mo
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
--- a/apps/settings/forms.py
+++ b/apps/settings/forms.py
@ -192,6 +192,11 @@ class SecuritySettingForm(BaseForm):
        required=False, label=_("Batch execute commands"),
        help_text=_("Allow user batch execute commands")
    )
+    SECURITY_SERVICE_ACCOUNT_REGISTRATION = forms.BooleanField(
+        required=False, label=_("Service account registration"),
+        help_text=_("Allow using bootstrap token register service account, "
+                    "when terminal setup, can disable it")
+    )
    # limit login count
    SECURITY_LOGIN_LIMIT_COUNT = forms.IntegerField(
        min_value=3, max_value=99999,
--- a/apps/terminal/serializers_v2/terminal.py
+++ b/apps/terminal/serializers_v2/terminal.py
@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 #
+from django.conf import settings
 from rest_framework import serializers

 from common.utils import get_request_ip
@ -27,6 +28,9 @@ class TerminalSerializer(serializers.ModelSerializer):
        valid = super().is_valid(raise_exception=raise_exception)
        if not valid:
            return valid
+        if not settings.SECURITY_SERVICE_ACCOUNT_REGISTRATION:
+            error = {"error": "service account registration disabled"}
+            raise serializers.ValidationError(error)
        data = {'name': self.validated_data.get('name')}
        kwargs = {'data': data}
        if self.instance and self.instance.user: