Merge branch 'master' of github.com:ibuler/jumpserver

2016-01-04 16:38:20 +08:00 · 2016-01-04 16:38:20 +08:00 · bc2345ba14
parent c2818870d3 38b0f2f5f9
commit bc2345ba14
2 changed files with 13 additions and 5 deletions
--- a/install/install.py
+++ b/install/install.py
@ -12,6 +12,8 @@ import socket
 import fcntl
 import struct
 import readline
+import random
+import string

 jms_dir = os.path.dirname(os.path.abspath(os.path.dirname(__file__)))
 sys.path.append(jms_dir)
@ -71,12 +73,15 @@ class PreSetup(object):
        self.mail_addr = 'hello@jumpserver.org'
        self.mail_pass = ''
        self.ip = ''
+        self.key = ''.join(random.choice(string.ascii_lowercase + string.digits) \
+                           for _ in range(16))

    def write_conf(self, conf_file=os.path.join(jms_dir, 'jumpserver.conf')):
        color_print('开始写入配置文件', 'green')
        conf = ConfigParser.ConfigParser()
        conf.read(conf_file)
        conf.set('base', 'url', 'http://%s' % self.ip)
+        conf.set('base', 'key', self.key)
        conf.set('db', 'host', self.db_host)
        conf.set('db', 'port', self.db_port)
        conf.set('db', 'user', self.db_user)
--- a/juser/views.py
+++ b/juser/views.py
@ -313,6 +313,12 @@ def reset_password(request):
    hash_encode = request.GET.get('hash', '')
    action = '/juser/password/reset/?uuid=%s&timestamp=%s&hash=%s' % (uuid_r, timestamp, hash_encode)

+    if hash_encode == PyCrypt.md5_crypt(uuid_r + timestamp + KEY):
+        if int(time.time()) - int(timestamp) > 600:
+            return http_error(request, u'链接已超时')
+    else:
+        return HttpResponse('hash校验失败')
+
    if request.method == 'POST':
        password = request.POST.get('password')
        password_confirm = request.POST.get('password_confirm')
@ -328,11 +334,8 @@ def reset_password(request):
            else:
                return HttpResponse('用户不存在')

-    if hash_encode == PyCrypt.md5_crypt(uuid_r + timestamp + KEY):
-        if int(time.time()) - int(timestamp) > 600:
-            return http_error(request, u'链接已超时')
-        else:
-            return render_to_response('juser/reset_password.html', locals())
+    else:
+        return render_to_response('juser/reset_password.html', locals())

    return http_error(request, u'错误请求')