mirror of https://github.com/jumpserver/jumpserver
老广
BaiJiangJie
parent
382bb89e8e
commit
9d54baac09
|
|
@ -359,6 +359,7 @@ defaults = {
|
||||||
'TERMINAL_TELNET_REGEX': '',
|
'TERMINAL_TELNET_REGEX': '',
|
||||||
'TERMINAL_COMMAND_STORAGE': {},
|
'TERMINAL_COMMAND_STORAGE': {},
|
||||||
'SECURITY_MFA_AUTH': False,
|
'SECURITY_MFA_AUTH': False,
|
||||||
|
'SECURITY_SERVICE_ACCOUNT_REGISTRATION': True,
|
||||||
'SECURITY_LOGIN_LIMIT_COUNT': 7,
|
'SECURITY_LOGIN_LIMIT_COUNT': 7,
|
||||||
'SECURITY_LOGIN_LIMIT_TIME': 30,
|
'SECURITY_LOGIN_LIMIT_TIME': 30,
|
||||||
'SECURITY_MAX_IDLE_TIME': 30,
|
'SECURITY_MAX_IDLE_TIME': 30,
|
||||||
|
|
|
||||||
|
|
@ -568,7 +568,7 @@ SECURITY_PASSWORD_RULES = [
|
||||||
'SECURITY_PASSWORD_SPECIAL_CHAR'
|
'SECURITY_PASSWORD_SPECIAL_CHAR'
|
||||||
]
|
]
|
||||||
SECURITY_MFA_VERIFY_TTL = CONFIG.SECURITY_MFA_VERIFY_TTL
|
SECURITY_MFA_VERIFY_TTL = CONFIG.SECURITY_MFA_VERIFY_TTL
|
||||||
|
SECURITY_SERVICE_ACCOUNT_REGISTRATION = CONFIG.SECURITY_SERVICE_ACCOUNT_REGISTRATION
|
||||||
TERMINAL_PASSWORD_AUTH = CONFIG.TERMINAL_PASSWORD_AUTH
|
TERMINAL_PASSWORD_AUTH = CONFIG.TERMINAL_PASSWORD_AUTH
|
||||||
TERMINAL_PUBLIC_KEY_AUTH = CONFIG.TERMINAL_PUBLIC_KEY_AUTH
|
TERMINAL_PUBLIC_KEY_AUTH = CONFIG.TERMINAL_PUBLIC_KEY_AUTH
|
||||||
TERMINAL_HEARTBEAT_INTERVAL = CONFIG.TERMINAL_HEARTBEAT_INTERVAL
|
TERMINAL_HEARTBEAT_INTERVAL = CONFIG.TERMINAL_HEARTBEAT_INTERVAL
|
||||||
|
|
|
||||||
Binary file not shown.
File diff suppressed because it is too large
Load Diff
|
|
@ -192,6 +192,11 @@ class SecuritySettingForm(BaseForm):
|
||||||
required=False, label=_("Batch execute commands"),
|
required=False, label=_("Batch execute commands"),
|
||||||
help_text=_("Allow user batch execute commands")
|
help_text=_("Allow user batch execute commands")
|
||||||
)
|
)
|
||||||
|
SECURITY_SERVICE_ACCOUNT_REGISTRATION = forms.BooleanField(
|
||||||
|
required=False, label=_("Service account registration"),
|
||||||
|
help_text=_("Allow using bootstrap token register service account, "
|
||||||
|
"when terminal setup, can disable it")
|
||||||
|
)
|
||||||
# limit login count
|
# limit login count
|
||||||
SECURITY_LOGIN_LIMIT_COUNT = forms.IntegerField(
|
SECURITY_LOGIN_LIMIT_COUNT = forms.IntegerField(
|
||||||
min_value=3, max_value=99999,
|
min_value=3, max_value=99999,
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
#
|
#
|
||||||
|
from django.conf import settings
|
||||||
from rest_framework import serializers
|
from rest_framework import serializers
|
||||||
|
|
||||||
from common.utils import get_request_ip
|
from common.utils import get_request_ip
|
||||||
|
|
@ -27,6 +28,9 @@ class TerminalSerializer(serializers.ModelSerializer):
|
||||||
valid = super().is_valid(raise_exception=raise_exception)
|
valid = super().is_valid(raise_exception=raise_exception)
|
||||||
if not valid:
|
if not valid:
|
||||||
return valid
|
return valid
|
||||||
|
if not settings.SECURITY_SERVICE_ACCOUNT_REGISTRATION:
|
||||||
|
error = {"error": "service account registration disabled"}
|
||||||
|
raise serializers.ValidationError(error)
|
||||||
data = {'name': self.validated_data.get('name')}
|
data = {'name': self.validated_data.get('name')}
|
||||||
kwargs = {'data': data}
|
kwargs = {'data': data}
|
||||||
if self.instance and self.instance.user:
|
if self.instance and self.instance.user:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue