github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #4661 from jumpserver/dev 

Dev
pull/4698/head
Jiangjie.Bai 2020-09-16 19:03:38 +08:00 committed by GitHub
parent 1ef3f24465 95aa9781c3
commit b1c530bba8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 41 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/authentication/backends/api.py
View File

@ -202,4 +202,6 @@ class SSOAuthentication(ModelBackend):
"""
什么也不做呀😺
"""
pass
def authenticate(self, request, sso_token=None, **kwargs):
pass

14
apps/authentication/backends/radius.py
View File

@ -2,7 +2,7 @@
#
import traceback
from django.contrib.auth import get_user_model
from django.contrib.auth import get_user_model, authenticate
from radiusauth.backends import RADIUSBackend, RADIUSRealmBackend
from django.conf import settings
@ -38,16 +38,12 @@ class CreateUserMixin:
return [], False, False
return None
def authenticate(self, *args, **kwargs):
# 校验用户时会传入public_key参数父类authentication中不接受public_key参数所以要pop掉
# TODO:需要优化各backend的authenticate方法django进行调用前会检测各authenticate的参数
kwargs.pop('public_key', None)
return super().authenticate(*args, **kwargs)
class RadiusBackend(CreateUserMixin, RADIUSBackend):
pass
def authenticate(self, request, username='', password='', **kwargs):
return super().authenticate(request, username=username, password=password)
class RadiusRealmBackend(CreateUserMixin, RADIUSRealmBackend):
pass
def authenticate(self, request, username='', password='', realm=None, **kwargs):
return super().authenticate(request, username=username, password=password, realm=realm)

2
apps/authentication/models.py
View File

@ -53,7 +53,7 @@ class LoginConfirmSetting(CommonModelMixin):
def create_confirm_ticket(self, request=None):
from tickets.models import Ticket
title = _('Login confirm') + '{}'.format(self.user)
title = _('Login confirm') + ' {}'.format(self.user)
if request:
remote_addr = get_request_ip(request)
city = get_ip_city(remote_addr)

32
apps/authentication/templates/authentication/login.html
View File

@ -26,7 +26,8 @@
{% endif %}
</div>
<div class="form-group">
<input type="password" class="form-control" id="password" name="{{ form.password.html_name }}" placeholder="{% trans 'Password' %}" required="">
<input type="password" class="form-control" id="password" placeholder="{% trans 'Password' %}" required="">
<input id="password-hidden" type="text" style="display:none" name="{{ form.password.html_name }}">
{% if form.errors.password %}
<div class="help-block field-error">
<p class="red-fonts">{{ form.errors.password.as_text }}</p>
@ -82,27 +83,12 @@
return jsencrypt.encrypt(password); //加密
}
function doLogin() {
var rsaPublicKey = "{{ rsa_public_key }}";
var password =$('#password').val();
var passwordEncrypted = encryptLoginPassword(password, rsaPublicKey);
var serialize_array = $('#form').serializeArray();
$.each(serialize_array, function(index,obj){
if(obj.name=='password'){
obj.value=passwordEncrypted};
});
$.ajax({
type: 'POST',
url: '',
data: serialize_array,
success: function(data){
$('body').html(data);
},
error: function(data){
alert('服务器异常');
},
});
};
//公钥加密
var rsaPublicKey = "{{ rsa_public_key }}"
var password =$('#password').val(); //明文密码
var passwordEncrypted = encryptLoginPassword(password, rsaPublicKey)
$('#password-hidden').val(passwordEncrypted); //返回给密码输入input
$('#form').submit();//post提交
}
</script>
{% endblock %}

32
apps/authentication/templates/authentication/xpack_login.html
View File

@ -106,7 +106,8 @@
{% endif %}
</div>
<div class="form-group">
<input type="password" class="form-control" id="password" name="{{ form.password.html_name }}" placeholder="{% trans 'Password' %}" required="">
<input type="password" class="form-control" id="password" placeholder="{% trans 'Password' %}" required="">
<input id="password-hidden" type="text" style="display:none" name="{{ form.password.html_name }}">
{% if form.errors.password %}
<div class="help-block field-error">
<p class="red-fonts">{{ form.errors.password.as_text }}</p>
@ -153,28 +154,13 @@
return jsencrypt.encrypt(password); //加密
}
function doLogin() {
var rsaPublicKey = "{{ rsa_public_key }}";
var password =$('#password').val();
var passwordEncrypted = encryptLoginPassword(password, rsaPublicKey);
var serialize_array = $('#contact-form').serializeArray();
$.each(serialize_array, function(index,obj){
if(obj.name=='password'){
obj.value=passwordEncrypted};
});
$.ajax({
type: 'POST',
url: '',
data: serialize_array,
success: function(data){
$('body').html(data);
},
error: function(data){
alert('服务器异常');
},
});
};
//公钥加密
var rsaPublicKey = "{{ rsa_public_key }}"
var password =$('#password').val(); //明文密码
var passwordEncrypted = encryptLoginPassword(password, rsaPublicKey)
$('#password-hidden').val(passwordEncrypted); //返回给密码输入input
$('#contact-form').submit();//post提交
}
</script>
</html>

11
apps/authentication/views/login.py
View File

@ -17,6 +17,7 @@ from django.views.generic.base import TemplateView, RedirectView
from django.views.generic.edit import FormView
from django.conf import settings
from django.urls import reverse_lazy
from django.contrib.auth import BACKEND_SESSION_KEY
from common.const.front_urls import TICKET_DETAIL
from common.utils import get_request_ip, get_object_or_none
@ -205,12 +206,12 @@ class UserLoginWaitConfirmView(TemplateView):
class UserLogoutView(TemplateView):
template_name = 'flash_message_standalone.html'
@staticmethod
def get_backend_logout_url():
if settings.AUTH_OPENID:
def get_backend_logout_url(self):
backend = self.request.session.get(BACKEND_SESSION_KEY, '')
if 'OIDC' in backend:
return settings.AUTH_OPENID_AUTH_LOGOUT_URL_NAME
# if settings.AUTH_CAS:
# return settings.CAS_LOGOUT_URL_NAME
elif 'CAS' in backend:
return settings.CAS_LOGOUT_URL_NAME
return None
def get(self, request, *args, **kwargs):

6
apps/common/drf/filters.py
View File

@ -98,7 +98,11 @@ class IDSpmFilter(filters.BaseFilterBackend):
resources_id = cache.get(cache_key)
if resources_id is None or not isinstance(resources_id, list):
return queryset
queryset = queryset.filter(id__in=resources_id)
if isinstance(queryset, list):
# CommandViewSet
queryset = [q for q in queryset if q['id'] in resources_id]
else:
queryset = queryset.filter(id__in=resources_id)
return queryset

1
apps/jumpserver/settings/auth.py
View File

@ -90,6 +90,7 @@ CAS_LOGIN_URL_NAME = "authentication:cas:cas-login"
CAS_LOGOUT_URL_NAME = "authentication:cas:cas-logout"
CAS_LOGIN_MSG = None
CAS_LOGGED_MSG = None
CAS_IGNORE_REFERER = True
CAS_LOGOUT_COMPLETELY = CONFIG.CAS_LOGOUT_COMPLETELY
CAS_VERSION = CONFIG.CAS_VERSION
CAS_ROOT_PROXIED_AS = CONFIG.CAS_ROOT_PROXIED_AS

3
apps/terminal/api/command.py
View File

@ -13,6 +13,7 @@ from django.template import loader
from orgs.utils import current_org
from common.permissions import IsOrgAdminOrAppUser, IsOrgAuditor
from common.utils import get_logger
from common.mixins import ExtraFilterFieldsMixin
from ..backends import (
get_command_storage, get_multi_command_storage,
SessionCommandSerializer,
@ -86,7 +87,7 @@ class CommandQueryMixin:
return date_from_st, date_to_st
class CommandViewSet(CommandQueryMixin, viewsets.ModelViewSet):
class CommandViewSet(ExtraFilterFieldsMixin, CommandQueryMixin, viewsets.ModelViewSet):
"""接受app发送来的command log, 格式如下
{
"user": "admin",

2
apps/tickets/models/ticket.py
View File

@ -79,7 +79,6 @@ class Ticket(OrgModelMixin, CommonModelMixin):
)
self.status = status
self.assignee = user
self.assignees_display = str(user)
self.save()
def create_comment(self, action_display, user, extra_comment=None):
@ -97,7 +96,6 @@ class Ticket(OrgModelMixin, CommonModelMixin):
self.action = action
self.status = self.STATUS.CLOSED
self.assignee = user
self.assignees_display = str(user)
self.save()
def is_assignee(self, user):