From 9967d5241611ff244d8fc4cf52a3b54ecbc3b7e7 Mon Sep 17 00:00:00 2001
From: fit2bot <68588906+fit2bot@users.noreply.github.com>
Date: Thu, 14 Jul 2022 15:37:00 +0800
Subject: [PATCH 1/2] =?UTF-8?q?perf:=20=E6=9A=82=E6=97=B6=E5=8E=BB?=
 =?UTF-8?q?=E6=8E=89=E5=8E=86=E5=8F=B2=E8=B4=A6=E5=8F=B7=E6=9D=83=E9=99=90?=
 =?UTF-8?q?=20(#8594)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: feng626 <1304903146@qq.com>
---
 apps/rbac/const.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/apps/rbac/const.py b/apps/rbac/const.py
index 20038de19..f8789a110 100644
--- a/apps/rbac/const.py
+++ b/apps/rbac/const.py
@@ -40,6 +40,10 @@ exclude_permissions = (
     ('assets', 'gathereduser', 'add,delete,change', 'gathereduser'),
     ('assets', 'accountbackupplanexecution', 'delete,change', 'accountbackupplanexecution'),
     ('assets', 'authbook', 'change', 'authbook'),
+    # TODO 暂时去掉历史账号的权限
+    ('assets', 'authbook', '*', 'assethistoryaccount'),
+    ('assets', 'authbook', '*', 'assethistoryaccountsecret'),
+
     ('perms', 'userassetgrantedtreenoderelation', '*', '*'),
     ('perms', 'usergrantedmappingnode', '*', '*'),
     ('perms', 'permnode', '*', '*'),

From 395636296d70b5348ab64cf25de8ac9c906a5371 Mon Sep 17 00:00:00 2001
From: "Jiangjie.Bai" <bugatti_it@163.com>
Date: Thu, 14 Jul 2022 17:41:14 +0800
Subject: [PATCH 2/2] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E8=BF=9E=E6=8E=A5?=
 =?UTF-8?q?token=20secret=E9=95=BF=E5=BA=A6=E4=B8=BA16?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/authentication/serializers/connection_token.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/authentication/serializers/connection_token.py b/apps/authentication/serializers/connection_token.py
index 1b639bec6..0e811cbaa 100644
--- a/apps/authentication/serializers/connection_token.py
+++ b/apps/authentication/serializers/connection_token.py
@@ -61,7 +61,7 @@ class ConnectionTokenSerializer(OrgResourceModelSerializerMixin):
         system_user = attrs.get('system_user') or ''
         asset = attrs.get('asset') or ''
         application = attrs.get('application') or ''
-        secret = attrs.get('secret') or random_string(64)
+        secret = attrs.get('secret') or random_string(16)
         date_expired = attrs.get('date_expired') or ConnectionToken.get_default_date_expired()
 
         if isinstance(asset, Asset):