github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

Add user backend

pull/530/head
ibuler 2016-10-15 00:49:59 +08:00
parent f038423ce2
commit a62a2178d0
2 changed files with 69 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
apps/common/utils.py
View File

@ -7,15 +7,19 @@ from itertools import chain
import string import string
import logging import logging
from itsdangerous import TimedJSONWebSignatureSerializer from itsdangerous import Signer, TimedJSONWebSignatureSerializer, JSONWebSignatureSerializer, TimestampSigner, \
BadSignature, SignatureExpired
from django.shortcuts import reverse as dj_reverse from django.shortcuts import reverse as dj_reverse
from django.conf import settings from django.conf import settings
from django.core import signing from django.core import signing
from django.utils import timezone from django.utils import timezone
SECRET_KEY = settings.SECRET_KEY
SIGNER = TimestampSigner(SECRET_KEY)
def reverse(viewname, urlconf=None, args=None, kwargs=None, current_app=None, external=False):
url = dj_reverse(viewname, urlconf=urlconf, args=args, kwargs=kwargs, current_app=current_app) def reverse(view_name, urlconf=None, args=None, kwargs=None, current_app=None, external=False):
url = dj_reverse(view_name, urlconf=urlconf, args=args, kwargs=kwargs, current_app=current_app)
if external: if external:
url = settings.SITE_URL.strip('/') + url url = settings.SITE_URL.strip('/') + url
@ -44,13 +48,27 @@ def decrypt(*args, **kwargs):
return '' return ''
def sign(value):
return SIGNER.sign(value)
def unsign(value, max_age=3600):
try:
return SIGNER.unsign(value, max_age=max_age)
except (BadSignature, SignatureExpired):
return None
def date_expired_default(): def date_expired_default():
try: try:
years = int(settings.CONFIG.DEFAULT_EXPIRED_YEARS) years = int(settings.CONFIG.DEFAULT_EXPIRED_YEARS)
except TypeError: except TypeError:
years = 70 years = 70
return timezone.now() + timezone.timedelta(days=365*years)
return timezone.now() + timezone.timedelta(days=365 * years)
def sign(value):
return SIGNER.sign(value)
def combine_seq(s1, s2, callback=None): def combine_seq(s1, s2, callback=None):

47
apps/users/backends.py Normal file
View File

@ -0,0 +1,47 @@
# -*- coding: utf-8 -*-
#
from rest_framework import authentication, exceptions
from django.utils.translation import ugettext as _
from common.utils import unsign
from .models import User
class APPSignAuthentication(authentication.BaseAuthentication):
keyword = 'Sign'
model = User
def authenticate(self, request):
auth = authentication.get_authorization_header(request).split()
if not auth or auth[0].lower() != self.keyword.lower().encode():
return None
if len(auth) == 1:
msg = _('Invalid sign header. No credentials provided.')
raise exceptions.AuthenticationFailed(msg)
elif len(auth) > 2:
msg = _('Invalid sign header. Sign string should not contain spaces.')
raise exceptions.AuthenticationFailed(msg)
try:
sign = auth[1].decode()
except UnicodeError:
msg = _('Invalid token header. Sign string should not contain invalid characters.')
raise exceptions.AuthenticationFailed(msg)
return self.authenticate_credentials(sign)
def authenticate_credentials(self, key):
try:
token = self.model.objects.select_related('user').get(key=key)
except self.model.DoesNotExist:
raise exceptions.AuthenticationFailed(_('Invalid token.'))
if not token.user.is_active:
raise exceptions.AuthenticationFailed(_('User inactive or deleted.'))
if __name__ == '__main__':
pass