diff --git a/apps/authentication/templates/authentication/login.html b/apps/authentication/templates/authentication/login.html index 521f3dbd2..e06567aa4 100644 --- a/apps/authentication/templates/authentication/login.html +++ b/apps/authentication/templates/authentication/login.html @@ -1,82 +1,179 @@ -{% extends '_base_only_msg_content.html' %} {% load static %} {% load i18n %} + + + + + + + + + {{ JMS_TITLE }} + + + + + + + -{% block content_title %} - {% trans 'Login' %} -{% endblock %} + + + + + -{% block content %} -
- {% csrf_token %} - {% if form.non_field_errors %} -
-

{{ form.non_field_errors.as_text }}

-
- {% elif form.errors.captcha %} -

{% trans 'Captcha invalid' %}

- {% endif %} + + -
-
- - {% trans 'Forgot password' %}? - + +
+
+
+
-
+
+
+ {% if form.challenge %} +
+ {% else %} +
+ {% endif %} + {{ JMS_TITLE }} +
+
+ {% trans 'Welcome back, please enter username and password to login' %} +
+
+
+
+
+ + {% csrf_token %} + {% if form.non_field_errors %} + {% if form.challenge %} +
+ {% else %} +
+ {% endif %} +

{{ form.non_field_errors.as_text }}

+
+ {% elif form.errors.captcha %} +

{% trans 'Captcha invalid' %}

+ {% else %} +
+ {% endif %} + +
+ + {% if form.errors.username %} +
+

{{ form.errors.username.as_text }}

+
+ {% endif %} +
+
+ + + {% if form.errors.password %} +
+

{{ form.errors.password.as_text }}

+
+ {% endif %} +
+ {% if form.challenge %} +
+ + {% if form.errors.challenge %} +
+

{{ form.errors.challenge.as_text }}

+
+ {% endif %} +
+ {% endif %} + {% if form.captcha %} +
+ {{ form.captcha }} +
+ {% else %} +
+ {% endif %} +
+ +
- {% if AUTH_OPENID %} -
-

{% trans "More login options" %}

-
- +
+ {% if AUTH_OPENID or AUTH_CAS %} +
+
+ {% trans "More login options" %} + {% if AUTH_OPENID %} + + {% trans 'OpenID' %} + + {% endif %} + {% if AUTH_CAS %} + + {% trans 'CAS' %} + + {% endif %} +
+
+ {% else %} +
+ {% endif %} + + {% trans 'Forgot password' %}? + +
+
+ +
+
+
+
+
- {% endif %} +
+
+
- - - + -{% endblock %} + + + diff --git a/apps/authentication/templates/authentication/xpack_login.html b/apps/authentication/templates/authentication/xpack_login.html deleted file mode 100644 index d566ce1f8..000000000 --- a/apps/authentication/templates/authentication/xpack_login.html +++ /dev/null @@ -1,179 +0,0 @@ -{% load static %} -{% load i18n %} - - - - - - - - - {{ JMS_TITLE }} - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
- {% if form.challenge %} -
- {% else %} -
- {% endif %} - {{ JMS_TITLE }} -
-
- {% trans 'Welcome back, please enter username and password to login' %} -
-
-
-
-
-
- {% csrf_token %} - {% if form.non_field_errors %} - {% if form.challenge %} -
- {% else %} -
- {% endif %} -

{{ form.non_field_errors.as_text }}

-
- {% elif form.errors.captcha %} -

{% trans 'Captcha invalid' %}

- {% else %} -
- {% endif %} - -
- - {% if form.errors.username %} -
-

{{ form.errors.username.as_text }}

-
- {% endif %} -
-
- - - {% if form.errors.password %} -
-

{{ form.errors.password.as_text }}

-
- {% endif %} -
- {% if form.challenge %} -
- - {% if form.errors.challenge %} -
-

{{ form.errors.challenge.as_text }}

-
- {% endif %} -
- {% endif %} -
- {{ form.captcha }} -
-
- -
- - -
-
-
-
-
-
-
-
-
- - - - - - diff --git a/apps/authentication/views/login.py b/apps/authentication/views/login.py index 48bb16fba..7d7f1e8da 100644 --- a/apps/authentication/views/login.py +++ b/apps/authentication/views/login.py @@ -41,42 +41,13 @@ __all__ = [ class UserLoginView(mixins.AuthMixin, FormView): key_prefix_captcha = "_LOGIN_INVALID_{}" redirect_field_name = 'next' - - def get_template_names(self): - template_name = 'authentication/login.html' - if not settings.XPACK_ENABLED: - return template_name - - from xpack.plugins.license.models import License - if not License.has_valid_license(): - return template_name - - template_name = 'authentication/xpack_login.html' - return template_name - - def get_redirect_url_if_need(self, request): - redirect_url = '' - # show jumpserver login page if request http://{JUMP-SERVER}/?admin=1 - if self.request.GET.get("admin", 0): - return None - if settings.AUTH_OPENID: - redirect_url = reverse(settings.AUTH_OPENID_AUTH_LOGIN_URL_NAME) - elif settings.AUTH_CAS: - redirect_url = reverse(settings.CAS_LOGIN_URL_NAME) - - if redirect_url: - query_string = request.GET.urlencode() - redirect_url = "{}?{}".format(redirect_url, query_string) - return redirect_url + template_name = 'authentication/login.html' def get(self, request, *args, **kwargs): if request.user.is_staff: return redirect(redirect_user_first_login_or_index( request, self.redirect_field_name) ) - redirect_url = self.get_redirect_url_if_need(request) - if redirect_url: - return redirect(redirect_url) request.session.set_test_cookie() return super().get(request, *args, **kwargs) @@ -131,8 +102,8 @@ class UserLoginView(mixins.AuthMixin, FormView): context = { 'demo_mode': os.environ.get("DEMO_MODE"), 'AUTH_OPENID': settings.AUTH_OPENID, + 'AUTH_CAS': settings.AUTH_CAS, 'rsa_public_key': rsa_public_key, - 'AUTH_DB': settings.AUTH_DB } kwargs.update(context) return super().get_context_data(**kwargs) diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index 4d8b7c0ce..602916cb6 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -461,9 +461,6 @@ class DynamicConfig: backends.insert(0, 'authentication.backends.api.SSOAuthentication') return backends - def AUTH_DB(self): - return len(self.AUTHENTICATION_BACKENDS()) == 2 - def XPACK_LICENSE_IS_VALID(self): if not HAS_XPACK: return False diff --git a/apps/jumpserver/context_processor.py b/apps/jumpserver/context_processor.py index cf0ea559d..7fdc7eab2 100644 --- a/apps/jumpserver/context_processor.py +++ b/apps/jumpserver/context_processor.py @@ -13,6 +13,7 @@ def jumpserver_processor(request): 'LOGO_TEXT_URL': static('img/logo_text.png'), 'LOGIN_IMAGE_URL': static('img/login_image.png'), 'FAVICON_URL': static('img/facio.ico'), + 'LOGIN_CAS_LOGO_URL': static('img/login_cas_logo.png'), 'JMS_TITLE': 'JumpServer', 'VERSION': settings.VERSION, 'COPYRIGHT': 'FIT2CLOUD 飞致云' + ' © 2014-2020', diff --git a/apps/jumpserver/settings/auth.py b/apps/jumpserver/settings/auth.py index 9f91cdb1d..4430aae2f 100644 --- a/apps/jumpserver/settings/auth.py +++ b/apps/jumpserver/settings/auth.py @@ -9,9 +9,6 @@ from ..const import CONFIG, DYNAMIC, PROJECT_DIR OTP_ISSUER_NAME = CONFIG.OTP_ISSUER_NAME OTP_VALID_WINDOW = CONFIG.OTP_VALID_WINDOW -# Auth DB -AUTH_DB = DYNAMIC.AUTH_DB - # Auth LDAP settings AUTH_LDAP = DYNAMIC.AUTH_LDAP AUTH_LDAP_SERVER_URI = DYNAMIC.AUTH_LDAP_SERVER_URI diff --git a/apps/static/img/login_cas_logo.png b/apps/static/img/login_cas_logo.png new file mode 100644 index 000000000..c6288af5b Binary files /dev/null and b/apps/static/img/login_cas_logo.png differ diff --git a/apps/templates/_base_only_msg_content.html b/apps/templates/_base_only_msg_content.html deleted file mode 100644 index 6d1e781eb..000000000 --- a/apps/templates/_base_only_msg_content.html +++ /dev/null @@ -1,66 +0,0 @@ -{% load static %} -{% load i18n %} - - - - - - - JumpServer - - {% include '_head_css_js.html' %} - - - - - - -
-
-
-

- {% block msg_title %} - {% trans 'Welcome to the JumpServer open source fortress' %} - {% endblock %} -

- {% block msg_content %} -

- {% trans "The world's first fully open source fortress, using the GNU GPL v2.0 open source protocol, is a professional operation and maintenance audit system in compliance with 4A." %} -

-

- {% trans "Developed using Python/Django, following the Web 2.0 specification and equipped with industry-leading Web Terminal solutions, with beautiful interactive interface and good user experience." %} -

-

- {% trans 'Distributed architecture is adopted to support multi-machine room deployment across regions, central node provides API, and each machine room deploys login node, which can be extended horizontally and without concurrent access restrictions.' %} -

-

- {% trans "Changes the world, starting with a little bit." %} -

- {% endblock %} -
-
-
-
- - - {% block content_title %} - {% trans 'Login' %} - {% endblock %} -
- {% block content %} {% endblock %} -
-
-
-
-
-
- {% include '_copyright.html' %} -
-
-
- - diff --git a/apps/users/views/profile/reset.py b/apps/users/views/profile/reset.py index c25726561..65c690339 100644 --- a/apps/users/views/profile/reset.py +++ b/apps/users/views/profile/reset.py @@ -39,20 +39,21 @@ class UserForgotPasswordView(FormView): form_class = forms.UserForgotPasswordForm def form_valid(self, form): - request = self.request email = form.cleaned_data['email'] user = get_object_or_none(User, email=email) if not user: error = _('Email address invalid, please input again') form.add_error('email', error) return self.form_invalid(form) - elif not user.can_update_password(): - error = _('User auth from {}, go there change password') - form.add_error('email', error.format(user.get_source_display())) + + if not user.is_local: + error = _('The user is from {} and goes there to change the password' + ''.format(user.get_source_display())) + form.add_error('email', error) return self.form_invalid(form) - else: - send_reset_password_mail(user) - return redirect('authentication:forgot-password-sendmail-success') + + send_reset_password_mail(user) + return redirect('authentication:forgot-password-sendmail-success') class UserForgotPasswordSendmailSuccessView(TemplateView):