github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

modify some

pull/26/head
ibuler 2015-07-03 20:45:45 +08:00
parent f3a0c390b1
commit 9e52e6a320
2 changed files with 64 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
jumpserver/api.py
View File

@ -40,6 +40,7 @@ LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable')
SEND_IP = CONF.get('base', 'ip') SEND_IP = CONF.get('base', 'ip')
SEND_PORT = CONF.get('base', 'port') SEND_PORT = CONF.get('base', 'port')
MAIL_FROM = CONF.get('mail', 'email_host_user') MAIL_FROM = CONF.get('mail', 'email_host_user')
log_level = CONF.get('base', 'log') log_level = CONF.get('base', 'log')
log_level_total = {'debug': logging.DEBUG, 'info': logging.INFO, 'warning': logging.WARN, 'error': logging.ERROR, log_level_total = {'debug': logging.DEBUG, 'info': logging.INFO, 'warning': logging.WARN, 'error': logging.ERROR,
'critical': logging.CRITICAL} 'critical': logging.CRITICAL}
@ -295,21 +296,21 @@ def api_user(request):
return HttpResponse(json_data) return HttpResponse(json_data)
def view_splitter(request, su=None, adm=None): # def view_splitter(request, su=None, adm=None):
if is_super_user(request): # if is_super_user(request):
return su(request) # return su(request)
elif is_group_admin(request): # elif is_group_admin(request):
return adm(request) # return adm(request)
else: # else:
return HttpResponseRedirect('/login/') # return HttpResponseRedirect('/login/')
def user_group_perm_asset_group_api(user_group): # def user_group_perm_asset_group_api(user_group):
asset_group_list = [] # asset_group_list = []
perm_list = user_group.perm_set.all() # perm_list = user_group.perm_set.all()
for perm in perm_list: # for perm in perm_list:
asset_group_list.append(perm.asset_group) # asset_group_list.append(perm.asset_group)
return asset_group_list # return asset_group_list
class Juser(object): class Juser(object):

97
juser/views.py
View File

@ -6,15 +6,18 @@ import random
from Crypto.PublicKey import RSA from Crypto.PublicKey import RSA
import crypt import crypt
from django.shortcuts import render_to_response
from django.db.models import Q from django.db.models import Q
from django.template import RequestContext from django.template import RequestContext
from django.db.models import ObjectDoesNotExist
from jumpserver.api import * from jumpserver.api import *
def gen_rand_pwd(num): def gen_rand_pwd(num):
"""生成随机密码""" """
generate random password
生成随机密码
"""
seed = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" seed = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
salt_list = [] salt_list = []
for i in range(num): for i in range(num):
@ -23,24 +26,24 @@ def gen_rand_pwd(num):
return salt return salt
class AddError(Exception):
pass
def gen_sha512(salt, password): def gen_sha512(salt, password):
"""
generate sha512 format password
生成sha512加密密码
"""
return crypt.crypt(password, '$6$%s$' % salt) return crypt.crypt(password, '$6$%s$' % salt)
def group_add_user(group, user_id=None, username=None): def group_add_user(group, user_id=None, username=None):
try: """
if user_id: 用户组中添加用户
user = User.objects.get(id=user_id) UserGroup Add a user
else: """
user = User.objects.get(username=username) if user_id:
except ObjectDoesNotExist: user = get_object(User, id=user_id)
raise AddError('用户获取失败')
else: else:
group.user_set.add(user) user = get_object(User, username=username)
group.user_set.add(user)
def db_add_group(**kwargs): def db_add_group(**kwargs):
@ -48,7 +51,7 @@ def db_add_group(**kwargs):
group = UserGroup.objects.filter(name=name) group = UserGroup.objects.filter(name=name)
users = kwargs.pop('users') users = kwargs.pop('users')
if group: if group:
raise AddError(u'用户组 %s 已经存在' % name) raise ServerError(u'用户组 %s 已经存在' % name)
group = UserGroup(**kwargs) group = UserGroup(**kwargs)
group.save() group.save()
for user_id in users: for user_id in users:
@ -129,7 +132,7 @@ def ldap_add_user(username, ldap_pwd):
if user: if user:
user = user[0] user = user[0]
else: else:
raise AddError(u'用户 %s 不存在' % username) raise ServerError(u'用户 %s 不存在' % username)
user_attr = {'uid': [str(username)], user_attr = {'uid': [str(username)],
'cn': [str(username)], 'cn': [str(username)],
@ -173,10 +176,10 @@ def dept_add(request):
try: try:
if not name: if not name:
raise AddError('部门名称不能为空') raise ServerError('部门名称不能为空')
if DEPT.objects.filter(name=name): if DEPT.objects.filter(name=name):
raise AddError(u'部门名称 %s 已存在' % name) raise ServerError(u'部门名称 %s 已存在' % name)
except AddError, e: except ServerError, e:
error = e error = e
else: else:
DEPT(name=name, comment=comment).save() DEPT(name=name, comment=comment).save()
@ -341,21 +344,21 @@ def group_add(request):
try: try:
if '' in [group_name, dept_id]: if '' in [group_name, dept_id]:
error = u'组名 或 部门 不能为空' error = u'组名 或 部门 不能为空'
raise AddError(error) raise ServerError(error)
if UserGroup.objects.filter(name=group_name): if UserGroup.objects.filter(name=group_name):
error = u'组名已存在' error = u'组名已存在'
raise AddError(error) raise ServerError(error)
dept = DEPT.objects.filter(id=dept_id) dept = DEPT.objects.filter(id=dept_id)
if dept: if dept:
dept = dept[0] dept = dept[0]
else: else:
error = u'部门不存在' error = u'部门不存在'
raise AddError(error) raise ServerError(error)
db_add_group(name=group_name, users=users_selected, dept=dept, comment=comment) db_add_group(name=group_name, users=users_selected, dept=dept, comment=comment)
except AddError: except ServerError:
pass pass
except TypeError: except TypeError:
error = u'保存小组失败' error = u'保存小组失败'
@ -380,13 +383,13 @@ def group_add_adm(request):
try: try:
if not validate(request, user=users_selected): if not validate(request, user=users_selected):
raise AddError('没有某用户权限') raise ServerError('没有某用户权限')
if '' in [group_name]: if '' in [group_name]:
error = u'组名不能为空' error = u'组名不能为空'
raise AddError(error) raise ServerError(error)
db_add_group(name=group_name, users=users_selected, dept=dept, comment=comment) db_add_group(name=group_name, users=users_selected, dept=dept, comment=comment)
except AddError: except ServerError:
pass pass
except TypeError: except TypeError:
error = u'保存小组失败' error = u'保存小组失败'
@ -509,12 +512,12 @@ def group_edit(request):
users = [] users = []
try: try:
if '' in [group_id, group_name]: if '' in [group_id, group_name]:
raise AddError('组名不能为空') raise ServerError('组名不能为空')
dept = DEPT.objects.filter(id=dept_id) dept = DEPT.objects.filter(id=dept_id)
if dept: if dept:
dept = dept[0] dept = dept[0]
else: else:
raise AddError('部门不存在') raise ServerError('部门不存在')
for user_id in users_selected: for user_id in users_selected:
users.extend(User.objects.filter(id=user_id)) users.extend(User.objects.filter(id=user_id))
@ -525,7 +528,7 @@ def group_edit(request):
user_group.user_set.clear() user_group.user_set.clear()
user_group.user_set = users user_group.user_set = users
except AddError, e: except ServerError, e:
error = e error = e
return HttpResponseRedirect('/juser/group_list/') return HttpResponseRedirect('/juser/group_list/')
@ -558,10 +561,10 @@ def group_edit_adm(request):
users = [] users = []
try: try:
if not validate(request, user=users_selected): if not validate(request, user=users_selected):
raise AddError(u'右侧非部门用户') raise ServerError(u'右侧非部门用户')
if not validate(request, user_group=[group_id]): if not validate(request, user_group=[group_id]):
raise AddError(u'没有权限修改本组') raise ServerError(u'没有权限修改本组')
for user_id in users_selected: for user_id in users_selected:
users.extend(User.objects.filter(id=user_id)) users.extend(User.objects.filter(id=user_id))
@ -573,7 +576,7 @@ def group_edit_adm(request):
user_group.user_set.clear() user_group.user_set.clear()
user_group.user_set = users user_group.user_set = users
except AddError, e: except ServerError, e:
error = e error = e
return HttpResponseRedirect('/juser/group_list/') return HttpResponseRedirect('/juser/group_list/')
@ -603,28 +606,28 @@ def user_add(request):
try: try:
if '' in [username, password, ssh_key_pwd, name, groups, role_post, is_active]: if '' in [username, password, ssh_key_pwd, name, groups, role_post, is_active]:
error = u'带*内容不能为空' error = u'带*内容不能为空'
raise AddError raise ServerError
user = User.objects.filter(username=username) user = User.objects.filter(username=username)
if user: if user:
error = u'用户 %s 已存在' % username error = u'用户 %s 已存在' % username
raise AddError raise ServerError
dept = DEPT.objects.filter(id=dept_id) dept = DEPT.objects.filter(id=dept_id)
if dept: if dept:
dept = dept[0] dept = dept[0]
else: else:
error = u'部门不存在' error = u'部门不存在'
raise AddError(error) raise ServerError(error)
except AddError: except ServerError:
pass pass
else: else:
try: try:
user = db_add_user(username=username, user = db_add_user(username=username,
password=md5_crypt(password), password=CRYPTOR.md5_crypt(password),
name=name, email=email, dept=dept, name=name, email=email, dept=dept,
groups=groups, role=role_post, groups=groups, role=role_post,
ssh_key_pwd=md5_crypt(ssh_key_pwd), ssh_key_pwd=CRYPTOR.md5_crypt(ssh_key_pwd),
ldap_pwd=CRYPTOR.encrypt(ldap_pwd), ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
is_active=is_active, is_active=is_active,
date_joined=datetime.datetime.now()) date_joined=datetime.datetime.now())
@ -681,21 +684,21 @@ def user_add_adm(request):
try: try:
if '' in [username, password, ssh_key_pwd, name, groups, is_active]: if '' in [username, password, ssh_key_pwd, name, groups, is_active]:
error = u'带*内容不能为空' error = u'带*内容不能为空'
raise AddError raise ServerError
user = User.objects.filter(username=username) user = User.objects.filter(username=username)
if user: if user:
error = u'用户 %s 已存在' % username error = u'用户 %s 已存在' % username
raise AddError raise ServerError
except AddError: except ServerError:
pass pass
else: else:
try: try:
user = db_add_user(username=username, user = db_add_user(username=username,
password=md5_crypt(password), password=CRYPTOR.md5_crypt(password),
name=name, email=email, dept=dept, name=name, email=email, dept=dept,
groups=groups, role='CU', groups=groups, role='CU',
ssh_key_pwd=md5_crypt(ssh_key_pwd), ssh_key_pwd=CRYPTOR.md5_crypt(ssh_key_pwd),
ldap_pwd=CRYPTOR.encrypt(ldap_pwd), ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
is_active=is_active, is_active=is_active,
date_joined=datetime.datetime.now()) date_joined=datetime.datetime.now())
@ -892,7 +895,7 @@ def user_edit(request):
return HttpResponseRedirect('/juser/user_list/') return HttpResponseRedirect('/juser/user_list/')
if password != user.password: if password != user.password:
password = md5_crypt(password) password = CRYPTOR.md5_crypt(password)
if ssh_key_pwd != user.ssh_key_pwd: if ssh_key_pwd != user.ssh_key_pwd:
gen_ssh_key(user.username, ssh_key_pwd) gen_ssh_key(user.username, ssh_key_pwd)
@ -951,7 +954,7 @@ def user_edit_adm(request):
return HttpResponseRedirect('/juser/user_list/') return HttpResponseRedirect('/juser/user_list/')
if password != user.password: if password != user.password:
password = md5_crypt(password) password = CRYPTOR.md5_crypt(password)
if ssh_key_pwd != user.ssh_key_pwd: if ssh_key_pwd != user.ssh_key_pwd:
ssh_key_pwd = CRYPTOR.encrypt(ssh_key_pwd) ssh_key_pwd = CRYPTOR.encrypt(ssh_key_pwd)
@ -1001,11 +1004,11 @@ def chg_info(request):
if not error: if not error:
if password != user.password: if password != user.password:
password = md5_crypt(password) password = CRYPTOR.md5_crypt(password)
if ssh_key_pwd != user.ssh_key_pwd: if ssh_key_pwd != user.ssh_key_pwd:
gen_ssh_key(user.username, ssh_key_pwd) gen_ssh_key(user.username, ssh_key_pwd)
ssh_key_pwd = md5_crypt(ssh_key_pwd) ssh_key_pwd = CRYPTOR.md5_crypt(ssh_key_pwd)
user_set.update(name=name, password=password, ssh_key_pwd=ssh_key_pwd, email=email) user_set.update(name=name, password=password, ssh_key_pwd=ssh_key_pwd, email=email)
msg = '修改成功' msg = '修改成功'