mirror of https://github.com/jumpserver/jumpserver
Jiangjie.Bai
GitHub
commit
b1c530bba8
|
|
@ -202,4 +202,6 @@ class SSOAuthentication(ModelBackend):
|
||||||
"""
|
"""
|
||||||
什么也不做呀😺
|
什么也不做呀😺
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
def authenticate(self, request, sso_token=None, **kwargs):
|
||||||
pass
|
pass
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,7 @@
|
||||||
#
|
#
|
||||||
import traceback
|
import traceback
|
||||||
|
|
||||||
from django.contrib.auth import get_user_model
|
from django.contrib.auth import get_user_model, authenticate
|
||||||
from radiusauth.backends import RADIUSBackend, RADIUSRealmBackend
|
from radiusauth.backends import RADIUSBackend, RADIUSRealmBackend
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
|
|
||||||
|
|
@ -38,16 +38,12 @@ class CreateUserMixin:
|
||||||
return [], False, False
|
return [], False, False
|
||||||
return None
|
return None
|
||||||
|
|
||||||
def authenticate(self, *args, **kwargs):
|
|
||||||
# 校验用户时,会传入public_key参数,父类authentication中不接受public_key参数,所以要pop掉
|
|
||||||
# TODO:需要优化各backend的authenticate方法,django进行调用前会检测各authenticate的参数
|
|
||||||
kwargs.pop('public_key', None)
|
|
||||||
return super().authenticate(*args, **kwargs)
|
|
||||||
|
|
||||||
|
|
||||||
class RadiusBackend(CreateUserMixin, RADIUSBackend):
|
class RadiusBackend(CreateUserMixin, RADIUSBackend):
|
||||||
pass
|
def authenticate(self, request, username='', password='', **kwargs):
|
||||||
|
return super().authenticate(request, username=username, password=password)
|
||||||
|
|
||||||
|
|
||||||
class RadiusRealmBackend(CreateUserMixin, RADIUSRealmBackend):
|
class RadiusRealmBackend(CreateUserMixin, RADIUSRealmBackend):
|
||||||
pass
|
def authenticate(self, request, username='', password='', realm=None, **kwargs):
|
||||||
|
return super().authenticate(request, username=username, password=password, realm=realm)
|
||||||
|
|
|
||||||
|
|
@ -53,7 +53,7 @@ class LoginConfirmSetting(CommonModelMixin):
|
||||||
|
|
||||||
def create_confirm_ticket(self, request=None):
|
def create_confirm_ticket(self, request=None):
|
||||||
from tickets.models import Ticket
|
from tickets.models import Ticket
|
||||||
title = _('Login confirm') + '{}'.format(self.user)
|
title = _('Login confirm') + ' {}'.format(self.user)
|
||||||
if request:
|
if request:
|
||||||
remote_addr = get_request_ip(request)
|
remote_addr = get_request_ip(request)
|
||||||
city = get_ip_city(remote_addr)
|
city = get_ip_city(remote_addr)
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,8 @@
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<input type="password" class="form-control" id="password" name="{{ form.password.html_name }}" placeholder="{% trans 'Password' %}" required="">
|
<input type="password" class="form-control" id="password" placeholder="{% trans 'Password' %}" required="">
|
||||||
|
<input id="password-hidden" type="text" style="display:none" name="{{ form.password.html_name }}">
|
||||||
{% if form.errors.password %}
|
{% if form.errors.password %}
|
||||||
<div class="help-block field-error">
|
<div class="help-block field-error">
|
||||||
<p class="red-fonts">{{ form.errors.password.as_text }}</p>
|
<p class="red-fonts">{{ form.errors.password.as_text }}</p>
|
||||||
|
|
@ -82,27 +83,12 @@
|
||||||
return jsencrypt.encrypt(password); //加密
|
return jsencrypt.encrypt(password); //加密
|
||||||
}
|
}
|
||||||
function doLogin() {
|
function doLogin() {
|
||||||
var rsaPublicKey = "{{ rsa_public_key }}";
|
//公钥加密
|
||||||
var password =$('#password').val();
|
var rsaPublicKey = "{{ rsa_public_key }}"
|
||||||
var passwordEncrypted = encryptLoginPassword(password, rsaPublicKey);
|
var password =$('#password').val(); //明文密码
|
||||||
var serialize_array = $('#form').serializeArray();
|
var passwordEncrypted = encryptLoginPassword(password, rsaPublicKey)
|
||||||
$.each(serialize_array, function(index,obj){
|
$('#password-hidden').val(passwordEncrypted); //返回给密码输入input
|
||||||
if(obj.name=='password'){
|
$('#form').submit();//post提交
|
||||||
obj.value=passwordEncrypted};
|
}
|
||||||
});
|
|
||||||
|
|
||||||
$.ajax({
|
|
||||||
type: 'POST',
|
|
||||||
url: '',
|
|
||||||
data: serialize_array,
|
|
||||||
success: function(data){
|
|
||||||
$('body').html(data);
|
|
||||||
},
|
|
||||||
error: function(data){
|
|
||||||
alert('服务器异常');
|
|
||||||
},
|
|
||||||
});
|
|
||||||
};
|
|
||||||
|
|
||||||
</script>
|
</script>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
|
||||||
|
|
@ -106,7 +106,8 @@
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<input type="password" class="form-control" id="password" name="{{ form.password.html_name }}" placeholder="{% trans 'Password' %}" required="">
|
<input type="password" class="form-control" id="password" placeholder="{% trans 'Password' %}" required="">
|
||||||
|
<input id="password-hidden" type="text" style="display:none" name="{{ form.password.html_name }}">
|
||||||
{% if form.errors.password %}
|
{% if form.errors.password %}
|
||||||
<div class="help-block field-error">
|
<div class="help-block field-error">
|
||||||
<p class="red-fonts">{{ form.errors.password.as_text }}</p>
|
<p class="red-fonts">{{ form.errors.password.as_text }}</p>
|
||||||
|
|
@ -153,28 +154,13 @@
|
||||||
return jsencrypt.encrypt(password); //加密
|
return jsencrypt.encrypt(password); //加密
|
||||||
}
|
}
|
||||||
function doLogin() {
|
function doLogin() {
|
||||||
var rsaPublicKey = "{{ rsa_public_key }}";
|
//公钥加密
|
||||||
var password =$('#password').val();
|
var rsaPublicKey = "{{ rsa_public_key }}"
|
||||||
var passwordEncrypted = encryptLoginPassword(password, rsaPublicKey);
|
var password =$('#password').val(); //明文密码
|
||||||
var serialize_array = $('#contact-form').serializeArray();
|
var passwordEncrypted = encryptLoginPassword(password, rsaPublicKey)
|
||||||
$.each(serialize_array, function(index,obj){
|
$('#password-hidden').val(passwordEncrypted); //返回给密码输入input
|
||||||
if(obj.name=='password'){
|
$('#contact-form').submit();//post提交
|
||||||
obj.value=passwordEncrypted};
|
}
|
||||||
});
|
|
||||||
|
|
||||||
$.ajax({
|
|
||||||
type: 'POST',
|
|
||||||
url: '',
|
|
||||||
data: serialize_array,
|
|
||||||
success: function(data){
|
|
||||||
$('body').html(data);
|
|
||||||
},
|
|
||||||
error: function(data){
|
|
||||||
alert('服务器异常');
|
|
||||||
},
|
|
||||||
});
|
|
||||||
};
|
|
||||||
|
|
||||||
</script>
|
</script>
|
||||||
</html>
|
</html>
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,7 @@ from django.views.generic.base import TemplateView, RedirectView
|
||||||
from django.views.generic.edit import FormView
|
from django.views.generic.edit import FormView
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.urls import reverse_lazy
|
from django.urls import reverse_lazy
|
||||||
|
from django.contrib.auth import BACKEND_SESSION_KEY
|
||||||
|
|
||||||
from common.const.front_urls import TICKET_DETAIL
|
from common.const.front_urls import TICKET_DETAIL
|
||||||
from common.utils import get_request_ip, get_object_or_none
|
from common.utils import get_request_ip, get_object_or_none
|
||||||
|
|
@ -205,12 +206,12 @@ class UserLoginWaitConfirmView(TemplateView):
|
||||||
class UserLogoutView(TemplateView):
|
class UserLogoutView(TemplateView):
|
||||||
template_name = 'flash_message_standalone.html'
|
template_name = 'flash_message_standalone.html'
|
||||||
|
|
||||||
@staticmethod
|
def get_backend_logout_url(self):
|
||||||
def get_backend_logout_url():
|
backend = self.request.session.get(BACKEND_SESSION_KEY, '')
|
||||||
if settings.AUTH_OPENID:
|
if 'OIDC' in backend:
|
||||||
return settings.AUTH_OPENID_AUTH_LOGOUT_URL_NAME
|
return settings.AUTH_OPENID_AUTH_LOGOUT_URL_NAME
|
||||||
# if settings.AUTH_CAS:
|
elif 'CAS' in backend:
|
||||||
# return settings.CAS_LOGOUT_URL_NAME
|
return settings.CAS_LOGOUT_URL_NAME
|
||||||
return None
|
return None
|
||||||
|
|
||||||
def get(self, request, *args, **kwargs):
|
def get(self, request, *args, **kwargs):
|
||||||
|
|
|
||||||
|
|
@ -98,6 +98,10 @@ class IDSpmFilter(filters.BaseFilterBackend):
|
||||||
resources_id = cache.get(cache_key)
|
resources_id = cache.get(cache_key)
|
||||||
if resources_id is None or not isinstance(resources_id, list):
|
if resources_id is None or not isinstance(resources_id, list):
|
||||||
return queryset
|
return queryset
|
||||||
|
if isinstance(queryset, list):
|
||||||
|
# CommandViewSet
|
||||||
|
queryset = [q for q in queryset if q['id'] in resources_id]
|
||||||
|
else:
|
||||||
queryset = queryset.filter(id__in=resources_id)
|
queryset = queryset.filter(id__in=resources_id)
|
||||||
return queryset
|
return queryset
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -90,6 +90,7 @@ CAS_LOGIN_URL_NAME = "authentication:cas:cas-login"
|
||||||
CAS_LOGOUT_URL_NAME = "authentication:cas:cas-logout"
|
CAS_LOGOUT_URL_NAME = "authentication:cas:cas-logout"
|
||||||
CAS_LOGIN_MSG = None
|
CAS_LOGIN_MSG = None
|
||||||
CAS_LOGGED_MSG = None
|
CAS_LOGGED_MSG = None
|
||||||
|
CAS_IGNORE_REFERER = True
|
||||||
CAS_LOGOUT_COMPLETELY = CONFIG.CAS_LOGOUT_COMPLETELY
|
CAS_LOGOUT_COMPLETELY = CONFIG.CAS_LOGOUT_COMPLETELY
|
||||||
CAS_VERSION = CONFIG.CAS_VERSION
|
CAS_VERSION = CONFIG.CAS_VERSION
|
||||||
CAS_ROOT_PROXIED_AS = CONFIG.CAS_ROOT_PROXIED_AS
|
CAS_ROOT_PROXIED_AS = CONFIG.CAS_ROOT_PROXIED_AS
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,7 @@ from django.template import loader
|
||||||
from orgs.utils import current_org
|
from orgs.utils import current_org
|
||||||
from common.permissions import IsOrgAdminOrAppUser, IsOrgAuditor
|
from common.permissions import IsOrgAdminOrAppUser, IsOrgAuditor
|
||||||
from common.utils import get_logger
|
from common.utils import get_logger
|
||||||
|
from common.mixins import ExtraFilterFieldsMixin
|
||||||
from ..backends import (
|
from ..backends import (
|
||||||
get_command_storage, get_multi_command_storage,
|
get_command_storage, get_multi_command_storage,
|
||||||
SessionCommandSerializer,
|
SessionCommandSerializer,
|
||||||
|
|
@ -86,7 +87,7 @@ class CommandQueryMixin:
|
||||||
return date_from_st, date_to_st
|
return date_from_st, date_to_st
|
||||||
|
|
||||||
|
|
||||||
class CommandViewSet(CommandQueryMixin, viewsets.ModelViewSet):
|
class CommandViewSet(ExtraFilterFieldsMixin, CommandQueryMixin, viewsets.ModelViewSet):
|
||||||
"""接受app发送来的command log, 格式如下
|
"""接受app发送来的command log, 格式如下
|
||||||
{
|
{
|
||||||
"user": "admin",
|
"user": "admin",
|
||||||
|
|
|
||||||
|
|
@ -79,7 +79,6 @@ class Ticket(OrgModelMixin, CommonModelMixin):
|
||||||
)
|
)
|
||||||
self.status = status
|
self.status = status
|
||||||
self.assignee = user
|
self.assignee = user
|
||||||
self.assignees_display = str(user)
|
|
||||||
self.save()
|
self.save()
|
||||||
|
|
||||||
def create_comment(self, action_display, user, extra_comment=None):
|
def create_comment(self, action_display, user, extra_comment=None):
|
||||||
|
|
@ -97,7 +96,6 @@ class Ticket(OrgModelMixin, CommonModelMixin):
|
||||||
self.action = action
|
self.action = action
|
||||||
self.status = self.STATUS.CLOSED
|
self.status = self.STATUS.CLOSED
|
||||||
self.assignee = user
|
self.assignee = user
|
||||||
self.assignees_display = str(user)
|
|
||||||
self.save()
|
self.save()
|
||||||
|
|
||||||
def is_assignee(self, user):
|
def is_assignee(self, user):
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue