Merge pull request #8100 from jumpserver/dev

v2.21.0-rc5

apps/assets/serializers/cmd_filter.py

@@ -31,24 +31,24 @@ class CommandFilterSerializer(BulkOrgResourceModelSerializer):
 
 
 class CommandFilterRuleSerializer(BulkOrgResourceModelSerializer):
-    type_display = serializers.ReadOnlyField(source='get_type_display')
-    action_display = serializers.ReadOnlyField(source='get_action_display')
+    type_display = serializers.ReadOnlyField(source='get_type_display', label=_("Type display"))
+    action_display = serializers.ReadOnlyField(source='get_action_display', label=_("Action display"))
 
     class Meta:
         model = CommandFilterRule
         fields_mini = ['id']
         fields_small = fields_mini + [
-           'type', 'type_display', 'content', 'ignore_case', 'pattern', 'priority',
-           'action', 'action_display', 'reviewers',
-           'date_created', 'date_updated',
-           'comment', 'created_by',
+            'type', 'type_display', 'content', 'ignore_case', 'pattern',
+            'priority', 'action', 'action_display', 'reviewers',
+            'date_created', 'date_updated', 'comment', 'created_by',
         ]
         fields_fk = ['filter']
         fields = fields_small + fields_fk
         extra_kwargs = {
             'date_created': {'label': _("Date created")},
             'date_updated': {'label': _("Date updated")},
-            'action_display': {'label': _("Action display")}
+            'action_display': {'label': _("Action display")},
+            'pattern': {'label': _("Pattern")}
         }
 
     def __init__(self, *args, **kwargs):

apps/audits/tasks.py

@@ -7,7 +7,7 @@ from celery import shared_task
 from ops.celery.decorator import (
     register_as_period_task
 )
-from .models import UserLoginLog, OperateLog
+from .models import UserLoginLog, OperateLog, FTPLog
 from common.utils import get_log_keep_day
 
 
@@ -29,7 +29,7 @@ def clean_ftp_log_period():
     now = timezone.now()
     days = get_log_keep_day('FTP_LOG_KEEP_DAYS')
     expired_day = now - datetime.timedelta(days=days)
-    OperateLog.objects.filter(datetime__lt=expired_day).delete()
+    FTPLog.objects.filter(datetime__lt=expired_day).delete()
 
 
 @register_as_period_task(interval=3600*24)

apps/authentication/api/access_key.py

@@ -2,14 +2,14 @@
 #
 
 from rest_framework.viewsets import ModelViewSet
-
-from common.permissions import IsValidUser
 from .. import serializers
+from rbac.permissions import RBACPermission
 
 
 class AccessKeyViewSet(ModelViewSet):
     serializer_class = serializers.AccessKeySerializer
     search_fields = ['^id', '^secret']
+    permission_classes = [RBACPermission]
 
     def get_queryset(self):
         return self.request.user.access_keys.all()

apps/authentication/api/connection_token.py

@@ -70,8 +70,6 @@ class ClientProtocolMixin:
         system_user = serializer.validated_data['system_user']
 
         user = serializer.validated_data.get('user')
-        if not user or not self.request.user.is_superuser:
-            user = self.request.user
         return asset, application, system_user, user
 
     @staticmethod

apps/authentication/api/temp_token.py

@@ -3,15 +3,18 @@ from rest_framework.response import Response
 from rest_framework.decorators import action
 
 from common.drf.api import JMSModelViewSet
-from common.permissions import IsValidUser
 from ..models import TempToken
 from ..serializers import TempTokenSerializer
+from rbac.permissions import RBACPermission
 
 
 class TempTokenViewSet(JMSModelViewSet):
     serializer_class = TempTokenSerializer
-    permission_classes = [IsValidUser]
+    permission_classes = [RBACPermission]
     http_method_names = ['post', 'get', 'options', 'patch']
+    rbac_perms = {
+        'expire': 'authentication.change_temptoken',
+    }
 
     def get_queryset(self):
         username = self.request.user.username

apps/common/validators.py

@@ -42,7 +42,7 @@ class NoSpecialChars:
 
 
 class PhoneValidator:
-    pattern = re.compile(r"^1[356789]\d{9}$")
+    pattern = re.compile(r"^1[3456789]\d{9}$")
     message = _('The mobile phone number format is incorrect')
 
     def __call__(self, value):

apps/jumpserver/conf.py

@@ -317,6 +317,7 @@ class Config(dict):
         'TERMINAL_RDP_ADDR': '',
         # 保留(Luna还在用)
         'TERMINAL_MAGNUS_ENABLED': True,
+        'TERMINAL_KOKO_SSH_ENABLED': True,
         # 保留(Luna还在用)
         'XRDP_ENABLED': True,
 

apps/jumpserver/settings/custom.py

@@ -140,6 +140,7 @@ CLOUD_SYNC_TASK_EXECUTION_KEEP_DAYS = CONFIG.CLOUD_SYNC_TASK_EXECUTION_KEEP_DAYS
 
 XRDP_ENABLED = CONFIG.XRDP_ENABLED
 TERMINAL_MAGNUS_ENABLED = CONFIG.TERMINAL_MAGNUS_ENABLED
+TERMINAL_KOKO_SSH_ENABLED = CONFIG.TERMINAL_KOKO_SSH_ENABLED
 
 # SMS enabled
 SMS_ENABLED = CONFIG.SMS_ENABLED

apps/locale/ja/LC_MESSAGES/django.mo

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:54be66877253eed7bec1db706604af83a48f1c5fbc95eef1132c7f880fef154a
-size 125598
+oid sha256:4e6962699271d0f5402223321e65211f1c7ad0b7a9b43524f3a0fac7ea2541d9
+size 125623

apps/locale/ja/LC_MESSAGES/django.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2022-04-13 20:35+0800\n"
+"POT-Creation-Date: 2022-04-19 15:57+0800\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -88,12 +88,12 @@ msgstr "ログイン確認"
 #: assets/models/cmd_filter.py:30 assets/models/label.py:15 audits/models.py:37
 #: audits/models.py:60 audits/models.py:85 audits/serializers.py:100
 #: authentication/models.py:51 orgs/models.py:214 perms/models/base.py:84
-#: rbac/builtin.py:107 rbac/models/rolebinding.py:40
+#: rbac/builtin.py:110 rbac/models/rolebinding.py:40
 #: terminal/backends/command/models.py:20
 #: terminal/backends/command/serializers.py:12 terminal/models/session.py:44
 #: terminal/notifications.py:91 terminal/notifications.py:139
-#: tickets/models/comment.py:17 users/const.py:14 users/models/user.py:886
-#: users/models/user.py:917 users/serializers/group.py:19
+#: tickets/models/comment.py:17 users/const.py:14 users/models/user.py:883
+#: users/models/user.py:914 users/serializers/group.py:19
 msgid "User"
 msgstr "ユーザー"
 
@@ -327,7 +327,7 @@ msgstr "ツールバーの"
 msgid "Can match application"
 msgstr "アプリケーションを一致させることができます"
 
-#: applications/models/application.py:306
+#: applications/models/application.py:305
 msgid "Application user"
 msgstr "アプリケーションユーザー"
 
@@ -340,8 +340,8 @@ msgstr "カテゴリ表示"
 
 #: applications/serializers/application.py:71
 #: applications/serializers/application.py:102
-#: assets/serializers/system_user.py:27 audits/serializers.py:29
-#: perms/serializers/application/permission.py:19
+#: assets/serializers/cmd_filter.py:34 assets/serializers/system_user.py:27
+#: audits/serializers.py:29 perms/serializers/application/permission.py:19
 #: tickets/serializers/ticket/meta/ticket_type/apply_application.py:33
 #: tickets/serializers/ticket/ticket.py:21
 #: tickets/serializers/ticket/ticket.py:173
@@ -353,17 +353,17 @@ msgstr "タイプ表示"
 #: assets/models/domain.py:26 assets/models/gathered_user.py:19
 #: assets/models/group.py:22 assets/models/label.py:25
 #: assets/serializers/account.py:18 assets/serializers/cmd_filter.py:28
-#: assets/serializers/cmd_filter.py:49 common/db/models.py:113
+#: assets/serializers/cmd_filter.py:48 common/db/models.py:113
 #: common/mixins/models.py:50 ops/models/adhoc.py:39 ops/models/command.py:30
 #: orgs/models.py:67 orgs/models.py:217 perms/models/base.py:92
-#: users/models/group.py:18 users/models/user.py:918
+#: users/models/group.py:18 users/models/user.py:915
 #: xpack/plugins/cloud/models.py:125
 msgid "Date created"
 msgstr "作成された日付"
 
 #: applications/serializers/application.py:104 assets/models/base.py:182
 #: assets/models/gathered_user.py:20 assets/serializers/account.py:21
-#: assets/serializers/cmd_filter.py:29 assets/serializers/cmd_filter.py:50
+#: assets/serializers/cmd_filter.py:29 assets/serializers/cmd_filter.py:49
 #: common/db/models.py:114 common/mixins/models.py:51 ops/models/adhoc.py:40
 #: orgs/models.py:218
 msgid "Date updated"
@@ -815,7 +815,7 @@ msgid "Default"
 msgstr "デフォルト"
 
 #: assets/models/cluster.py:36 assets/models/label.py:14 rbac/const.py:6
-#: users/models/user.py:903
+#: users/models/user.py:900
 msgid "System"
 msgstr "システム"
 
@@ -1126,10 +1126,14 @@ msgstr "キーパスワード"
 msgid "private key invalid or passphrase error"
 msgstr "秘密鍵が無効またはpassphraseエラー"
 
-#: assets/serializers/cmd_filter.py:51
+#: assets/serializers/cmd_filter.py:35 assets/serializers/cmd_filter.py:50
 msgid "Action display"
 msgstr "アクション表示"
 
+#: assets/serializers/cmd_filter.py:51 ops/models/adhoc.py:155
+msgid "Pattern"
+msgstr "パターン"
+
 #: assets/serializers/domain.py:13 assets/serializers/label.py:12
 #: assets/serializers/system_user.py:59
 #: perms/serializers/asset/permission.py:49
@@ -1566,7 +1570,7 @@ msgstr "DingTalk"
 
 #: audits/signal_handlers.py:73 authentication/models.py:76
 msgid "Temporary token"
-msgstr "一時的なトークン"
+msgstr "仮パスワード"
 
 #: audits/signal_handlers.py:107
 msgid "User and Group"
@@ -2177,7 +2181,7 @@ msgstr "コードエラー"
 #: authentication/templates/authentication/_msg_reset_password.html:3
 #: authentication/templates/authentication/_msg_rest_password_success.html:2
 #: authentication/templates/authentication/_msg_rest_public_key_success.html:2
-#: jumpserver/conf.py:298 ops/tasks.py:145 ops/tasks.py:148
+#: jumpserver/conf.py:299 ops/tasks.py:145 ops/tasks.py:148
 #: perms/templates/perms/_msg_item_permissions_expire.html:3
 #: perms/templates/perms/_msg_permed_items_expire.html:3
 #: users/templates/users/_msg_account_expire_reminder.html:4
@@ -2638,11 +2642,11 @@ msgstr "特殊文字を含むべきではない"
 msgid "The mobile phone number format is incorrect"
 msgstr "携帯電話番号の形式が正しくありません"
 
-#: jumpserver/conf.py:297
+#: jumpserver/conf.py:298
 msgid "Create account successfully"
 msgstr "アカウントを正常に作成"
 
-#: jumpserver/conf.py:299
+#: jumpserver/conf.py:300
 msgid "Your account has been created successfully"
 msgstr "アカウントが正常に作成されました"
 
@@ -2765,10 +2769,6 @@ msgstr "タスクモニターを表示できます"
 msgid "Tasks"
 msgstr "タスク"
 
-#: ops/models/adhoc.py:155
-msgid "Pattern"
-msgstr "パターン"
-
 #: ops/models/adhoc.py:156
 msgid "Options"
 msgstr "オプション"
@@ -3106,15 +3106,15 @@ msgstr "質問があったら、管理者に連絡して下さい"
 msgid "My applications"
 msgstr "私のアプリケーション"
 
-#: rbac/api/role.py:32
+#: rbac/api/role.py:33
 msgid "Internal role, can't be destroy"
 msgstr "内部の役割は、破壊することはできません"
 
-#: rbac/api/role.py:36
+#: rbac/api/role.py:37
 msgid "The role has been bound to users, can't be destroy"
 msgstr "ロールはユーザーにバインドされており、破壊することはできません"
 
-#: rbac/api/role.py:43
+#: rbac/api/role.py:44
 msgid "Internal role, can't be update"
 msgstr "内部ロール、更新できません"
 
@@ -3126,27 +3126,27 @@ msgstr "{} 少なくとも1つのシステムロール"
 msgid "RBAC"
 msgstr "RBAC"
 
-#: rbac/builtin.py:98
+#: rbac/builtin.py:101
 msgid "SystemAdmin"
 msgstr "システム管理者"
 
-#: rbac/builtin.py:101
+#: rbac/builtin.py:104
 msgid "SystemAuditor"
 msgstr "システム監査人"
 
-#: rbac/builtin.py:104
+#: rbac/builtin.py:107
 msgid "SystemComponent"
 msgstr "システムコンポーネント"
 
-#: rbac/builtin.py:110
+#: rbac/builtin.py:113
 msgid "OrgAdmin"
 msgstr "組織管理者"
 
-#: rbac/builtin.py:113
+#: rbac/builtin.py:116
 msgid "OrgAuditor"
 msgstr "監査員を組織する"
 
-#: rbac/builtin.py:116
+#: rbac/builtin.py:119
 msgid "OrgUser"
 msgstr "組織ユーザー"
 
@@ -3190,11 +3190,11 @@ msgstr "権限"
 msgid "Built-in"
 msgstr "内蔵"
 
-#: rbac/models/role.py:130
+#: rbac/models/role.py:144
 msgid "System role"
 msgstr "システムの役割"
 
-#: rbac/models/role.py:138
+#: rbac/models/role.py:152
 msgid "Organization role"
 msgstr "組織の役割"
 
@@ -3202,22 +3202,22 @@ msgstr "組織の役割"
 msgid "Role binding"
 msgstr "ロールバインディング"
 
-#: rbac/models/rolebinding.py:128
+#: rbac/models/rolebinding.py:150
 msgid ""
 "User last role in org, can not be delete, you can remove user from org "
 "instead"
 msgstr ""
 "ユーザーの最後のロールは削除できません。ユーザーを組織から削除できます。"
 
-#: rbac/models/rolebinding.py:135
+#: rbac/models/rolebinding.py:157
 msgid "Organization role binding"
 msgstr "組織の役割バインディング"
 
-#: rbac/models/rolebinding.py:150
+#: rbac/models/rolebinding.py:172
 msgid "System role binding"
 msgstr "システムロールバインディング"
 
-#: rbac/serializers/permission.py:26 users/serializers/profile.py:126
+#: rbac/serializers/permission.py:26 users/serializers/profile.py:127
 msgid "Perms"
 msgstr "パーマ"
 
@@ -4225,10 +4225,10 @@ msgstr "Telnetログインregex"
 
 #: settings/serializers/terminal.py:33
 msgid ""
-"The login success message varies with devices. if you cannot log in to the "
-"device through Telnet, set this parameter"
+"Tips: The login success message varies with devices. if you cannot log in to "
+"the device through Telnet, set this parameter"
 msgstr ""
-"ログイン成功メッセージはデバイスによって異なります。Telnet経由でデバイスにロ"
+"ヒント: ログイン成功メッセージはデバイスによって異なります。Telnet経由でデバイスにロ"
 "グインできない場合は、このパラメーターを設定します。"
 
 #: settings/serializers/terminal.py:36
@@ -4239,6 +4239,10 @@ msgstr "属性マップの有効化"
 msgid "Enable XRDP"
 msgstr "XRDPの有効化"
 
+#: settings/serializers/terminal.py:38
+msgid "Enable KoKo SSH"
+msgstr "KoKo SSHの有効化"
+
 #: settings/utils/ldap.py:417
 msgid "ldap:// or ldaps:// protocol is used."
 msgstr "ldap:// または ldaps:// プロトコルが使用されます。"
@@ -4541,11 +4545,11 @@ msgstr ""
 "WindowsはクライアントをダウンロードしてSSH資産に接続する必要があり、macOSシス"
 "テムは独自のTerminalを採用している。"
 
-#: templates/resource_download.html:51
+#: templates/resource_download.html:53
 msgid "Windows Remote application publisher tools"
 msgstr "Windowsリモートアプリケーション発行者ツール"
 
-#: templates/resource_download.html:52
+#: templates/resource_download.html:54
 msgid ""
 "Jmservisor is the program used to pull up remote applications in Windows "
 "Remote Application publisher"
@@ -4557,7 +4561,7 @@ msgstr ""
 msgid "Filters"
 msgstr "フィルター"
 
-#: terminal/api/endpoint.py:65
+#: terminal/api/endpoint.py:63
 msgid "Not found protocol query params"
 msgstr ""
 
@@ -5546,7 +5550,7 @@ msgid "Public key should not be the same as your old one."
 msgstr "公開鍵は古いものと同じであってはなりません。"
 
 #: users/forms/profile.py:149 users/serializers/profile.py:95
-#: users/serializers/profile.py:176 users/serializers/profile.py:203
+#: users/serializers/profile.py:178 users/serializers/profile.py:205
 msgid "Not a valid ssh public key"
 msgstr "有効なssh公開鍵ではありません"
 
@@ -5590,27 +5594,27 @@ msgstr "最終更新日パスワード"
 msgid "Need update password"
 msgstr "更新パスワードが必要"
 
-#: users/models/user.py:888
+#: users/models/user.py:885
 msgid "Can invite user"
 msgstr "ユーザーを招待できます"
 
-#: users/models/user.py:889
+#: users/models/user.py:886
 msgid "Can remove user"
 msgstr "ユーザーを削除できます"
 
-#: users/models/user.py:890
+#: users/models/user.py:887
 msgid "Can match user"
 msgstr "ユーザーに一致できます"
 
-#: users/models/user.py:899
+#: users/models/user.py:896
 msgid "Administrator"
 msgstr "管理者"
 
-#: users/models/user.py:902
+#: users/models/user.py:899
 msgid "Administrator is the super user of system"
 msgstr "管理者はシステムのスーパーユーザーです"
 
-#: users/models/user.py:927
+#: users/models/user.py:924
 msgid "User password history"
 msgstr "ユーザーパスワード履歴"
 
@@ -5649,7 +5653,7 @@ msgstr "MFAのリセット"
 msgid "The old password is incorrect"
 msgstr "古いパスワードが正しくありません"
 
-#: users/serializers/profile.py:36 users/serializers/profile.py:190
+#: users/serializers/profile.py:36 users/serializers/profile.py:192
 msgid "Password does not match security rules"
 msgstr "パスワードがセキュリティルールと一致しない"
 
@@ -5661,7 +5665,7 @@ msgstr "新しいパスワードを最後の {} 個のパスワードにする
 msgid "The newly set password is inconsistent"
 msgstr "新しく設定されたパスワードが一致しない"
 
-#: users/serializers/profile.py:142 users/serializers/user.py:140
+#: users/serializers/profile.py:144 users/serializers/user.py:140
 msgid "Is first login"
 msgstr "最初のログインです"
 
@@ -6721,20 +6725,3 @@ msgstr "究極のエディション"
 #: xpack/plugins/license/models.py:77
 msgid "Community edition"
 msgstr "コミュニティ版"
-
-#~ msgid "Inherit"
-#~ msgstr "継承"
-
-#~ msgid "Include"
-#~ msgstr "含める"
-
-#~ msgid "Exclude"
-#~ msgstr "除外"
-
-#~ msgid "DatabaseApp"
-#~ msgstr "データベースの適用"
-
-#, fuzzy
-#~| msgid "Connection token"
-#~ msgid "One time token"
-#~ msgstr "接続トークン"

apps/locale/zh/LC_MESSAGES/django.mo

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:fa084dd92472110d4bea1674d1e9a96599f42f094aab92f8d34152fdf5726321
-size 103771
+oid sha256:3462a9a3eef8f372bf341f2066a33d85e1f01aca5a8fe506528a1cd0a37e98b4
+size 103951

apps/locale/zh/LC_MESSAGES/django.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: JumpServer 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2022-04-13 20:35+0800\n"
+"POT-Creation-Date: 2022-04-19 15:57+0800\n"
 "PO-Revision-Date: 2021-05-20 10:54+0800\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: JumpServer team<ibuler@qq.com>\n"
@@ -87,12 +87,12 @@ msgstr "登录复核"
 #: assets/models/cmd_filter.py:30 assets/models/label.py:15 audits/models.py:37
 #: audits/models.py:60 audits/models.py:85 audits/serializers.py:100
 #: authentication/models.py:51 orgs/models.py:214 perms/models/base.py:84
-#: rbac/builtin.py:107 rbac/models/rolebinding.py:40
+#: rbac/builtin.py:110 rbac/models/rolebinding.py:40
 #: terminal/backends/command/models.py:20
 #: terminal/backends/command/serializers.py:12 terminal/models/session.py:44
 #: terminal/notifications.py:91 terminal/notifications.py:139
-#: tickets/models/comment.py:17 users/const.py:14 users/models/user.py:886
-#: users/models/user.py:917 users/serializers/group.py:19
+#: tickets/models/comment.py:17 users/const.py:14 users/models/user.py:883
+#: users/models/user.py:914 users/serializers/group.py:19
 msgid "User"
 msgstr "用户"
 
@@ -322,7 +322,7 @@ msgstr "属性"
 msgid "Can match application"
 msgstr "匹配应用"
 
-#: applications/models/application.py:306
+#: applications/models/application.py:305
 msgid "Application user"
 msgstr "应用用户"
 
@@ -335,8 +335,8 @@ msgstr "类别名称"
 
 #: applications/serializers/application.py:71
 #: applications/serializers/application.py:102
-#: assets/serializers/system_user.py:27 audits/serializers.py:29
-#: perms/serializers/application/permission.py:19
+#: assets/serializers/cmd_filter.py:34 assets/serializers/system_user.py:27
+#: audits/serializers.py:29 perms/serializers/application/permission.py:19
 #: tickets/serializers/ticket/meta/ticket_type/apply_application.py:33
 #: tickets/serializers/ticket/ticket.py:21
 #: tickets/serializers/ticket/ticket.py:173
@@ -348,17 +348,17 @@ msgstr "类型名称"
 #: assets/models/domain.py:26 assets/models/gathered_user.py:19
 #: assets/models/group.py:22 assets/models/label.py:25
 #: assets/serializers/account.py:18 assets/serializers/cmd_filter.py:28
-#: assets/serializers/cmd_filter.py:49 common/db/models.py:113
+#: assets/serializers/cmd_filter.py:48 common/db/models.py:113
 #: common/mixins/models.py:50 ops/models/adhoc.py:39 ops/models/command.py:30
 #: orgs/models.py:67 orgs/models.py:217 perms/models/base.py:92
-#: users/models/group.py:18 users/models/user.py:918
+#: users/models/group.py:18 users/models/user.py:915
 #: xpack/plugins/cloud/models.py:125
 msgid "Date created"
 msgstr "创建日期"
 
 #: applications/serializers/application.py:104 assets/models/base.py:182
 #: assets/models/gathered_user.py:20 assets/serializers/account.py:21
-#: assets/serializers/cmd_filter.py:29 assets/serializers/cmd_filter.py:50
+#: assets/serializers/cmd_filter.py:29 assets/serializers/cmd_filter.py:49
 #: common/db/models.py:114 common/mixins/models.py:51 ops/models/adhoc.py:40
 #: orgs/models.py:218
 msgid "Date updated"
@@ -810,7 +810,7 @@ msgid "Default"
 msgstr "默认"
 
 #: assets/models/cluster.py:36 assets/models/label.py:14 rbac/const.py:6
-#: users/models/user.py:903
+#: users/models/user.py:900
 msgid "System"
 msgstr "系统"
 
@@ -1118,9 +1118,13 @@ msgstr "密钥密码"
 msgid "private key invalid or passphrase error"
 msgstr "密钥不合法或密钥密码错误"
 
-#: assets/serializers/cmd_filter.py:51
+#: assets/serializers/cmd_filter.py:35 assets/serializers/cmd_filter.py:50
 msgid "Action display"
-msgstr "动作"
+msgstr "动作名称"
+
+#: assets/serializers/cmd_filter.py:51 ops/models/adhoc.py:155
+msgid "Pattern"
+msgstr "模式"
 
 #: assets/serializers/domain.py:13 assets/serializers/label.py:12
 #: assets/serializers/system_user.py:59
@@ -1554,7 +1558,7 @@ msgstr "钉钉"
 
 #: audits/signal_handlers.py:73 authentication/models.py:76
 msgid "Temporary token"
-msgstr "临时 Token"
+msgstr "临时密码"
 
 #: audits/signal_handlers.py:107
 msgid "User and Group"
@@ -2156,7 +2160,7 @@ msgstr "代码错误"
 #: authentication/templates/authentication/_msg_reset_password.html:3
 #: authentication/templates/authentication/_msg_rest_password_success.html:2
 #: authentication/templates/authentication/_msg_rest_public_key_success.html:2
-#: jumpserver/conf.py:298 ops/tasks.py:145 ops/tasks.py:148
+#: jumpserver/conf.py:299 ops/tasks.py:145 ops/tasks.py:148
 #: perms/templates/perms/_msg_item_permissions_expire.html:3
 #: perms/templates/perms/_msg_permed_items_expire.html:3
 #: users/templates/users/_msg_account_expire_reminder.html:4
@@ -2608,11 +2612,11 @@ msgstr "不能包含特殊字符"
 msgid "The mobile phone number format is incorrect"
 msgstr "手机号格式不正确"
 
-#: jumpserver/conf.py:297
+#: jumpserver/conf.py:298
 msgid "Create account successfully"
 msgstr "创建账号成功"
 
-#: jumpserver/conf.py:299
+#: jumpserver/conf.py:300
 msgid "Your account has been created successfully"
 msgstr "你的账号已创建成功"
 
@@ -2730,10 +2734,6 @@ msgstr "可以查看任务监控"
 msgid "Tasks"
 msgstr "任务"
 
-#: ops/models/adhoc.py:155
-msgid "Pattern"
-msgstr "模式"
-
 #: ops/models/adhoc.py:156
 msgid "Options"
 msgstr "选项"
@@ -3069,15 +3069,15 @@ msgstr "如果有疑问或需求，请联系系统管理员"
 msgid "My applications"
 msgstr "我的应用"
 
-#: rbac/api/role.py:32
+#: rbac/api/role.py:33
 msgid "Internal role, can't be destroy"
 msgstr "内部角色，不能删除"
 
-#: rbac/api/role.py:36
+#: rbac/api/role.py:37
 msgid "The role has been bound to users, can't be destroy"
 msgstr "角色已绑定用户，不能删除"
 
-#: rbac/api/role.py:43
+#: rbac/api/role.py:44
 msgid "Internal role, can't be update"
 msgstr "内部角色，不能更新"
 
@@ -3089,27 +3089,27 @@ msgstr "{} 至少有一个系统角色"
 msgid "RBAC"
 msgstr "RBAC"
 
-#: rbac/builtin.py:98
+#: rbac/builtin.py:101
 msgid "SystemAdmin"
 msgstr "系统管理员"
 
-#: rbac/builtin.py:101
+#: rbac/builtin.py:104
 msgid "SystemAuditor"
 msgstr "系统审计员"
 
-#: rbac/builtin.py:104
+#: rbac/builtin.py:107
 msgid "SystemComponent"
 msgstr "系统组件"
 
-#: rbac/builtin.py:110
+#: rbac/builtin.py:113
 msgid "OrgAdmin"
 msgstr "组织管理员"
 
-#: rbac/builtin.py:113
+#: rbac/builtin.py:116
 msgid "OrgAuditor"
 msgstr "组织审计员"
 
-#: rbac/builtin.py:116
+#: rbac/builtin.py:119
 msgid "OrgUser"
 msgstr "组织用户"
 
@@ -3153,11 +3153,11 @@ msgstr "授权"
 msgid "Built-in"
 msgstr "内置"
 
-#: rbac/models/role.py:130
+#: rbac/models/role.py:144
 msgid "System role"
 msgstr "系统角色"
 
-#: rbac/models/role.py:138
+#: rbac/models/role.py:152
 msgid "Organization role"
 msgstr "组织角色"
 
@@ -3165,21 +3165,21 @@ msgstr "组织角色"
 msgid "Role binding"
 msgstr "角色绑定"
 
-#: rbac/models/rolebinding.py:128
+#: rbac/models/rolebinding.py:150
 msgid ""
 "User last role in org, can not be delete, you can remove user from org "
 "instead"
 msgstr "用户最后一个角色，不能删除，你可以将用户从组织移除"
 
-#: rbac/models/rolebinding.py:135
+#: rbac/models/rolebinding.py:157
 msgid "Organization role binding"
 msgstr "组织角色绑定"
 
-#: rbac/models/rolebinding.py:150
+#: rbac/models/rolebinding.py:172
 msgid "System role binding"
 msgstr "系统角色绑定"
 
-#: rbac/serializers/permission.py:26 users/serializers/profile.py:126
+#: rbac/serializers/permission.py:26 users/serializers/profile.py:127
 msgid "Perms"
 msgstr "权限"
 
@@ -4165,9 +4165,9 @@ msgstr "Telnet 成功正则表达式"
 
 #: settings/serializers/terminal.py:33
 msgid ""
-"The login success message varies with devices. if you cannot log in to the "
-"device through Telnet, set this parameter"
-msgstr "不同设备登录成功提示不一样，所以如果 telnet 不能正常登录，可以这里设置"
+"Tips: The login success message varies with devices. if you cannot log in to "
+"the device through Telnet, set this parameter"
+msgstr "提示: 不同设备登录成功提示不一样，所以如果 telnet 不能正常登录，可以这里设置"
 
 #: settings/serializers/terminal.py:36
 msgid "Enable database proxy"
@@ -4177,6 +4177,10 @@ msgstr "启用数据库组件"
 msgid "Enable XRDP"
 msgstr "启用 XRDP 服务"
 
+#: settings/serializers/terminal.py:38
+msgid "Enable KoKo SSH"
+msgstr "启用 KoKo SSH"
+
 #: settings/utils/ldap.py:417
 msgid "ldap:// or ldaps:// protocol is used."
 msgstr "使用 ldap:// 或 ldaps:// 协议"
@@ -4446,8 +4450,8 @@ msgid ""
 "JumpServer Client, currently used to launch the client, now only support "
 "launch RDP SSH client, The Telnet client will next"
 msgstr ""
-"JumpServer 客户端，目前用来唤起 特定客户端程序 连接资产, 目前仅支持 RDP SSH 客户"
-"端，Telnet 会在未来支持"
+"JumpServer 客户端，目前用来唤起 特定客户端程序 连接资产, 目前仅支持 RDP SSH "
+"客户端，Telnet 会在未来支持"
 
 #: templates/resource_download.html:30
 msgid "Microsoft"
@@ -4469,11 +4473,11 @@ msgid ""
 "system uses its own terminal"
 msgstr "Windows 需要下载客户端来连接SSH资产，macOS系统采用自带的Terminal"
 
-#: templates/resource_download.html:51
+#: templates/resource_download.html:53
 msgid "Windows Remote application publisher tools"
 msgstr "Windows 远程应用发布服务器工具"
 
-#: templates/resource_download.html:52
+#: templates/resource_download.html:54
 msgid ""
 "Jmservisor is the program used to pull up remote applications in Windows "
 "Remote Application publisher"
@@ -4483,7 +4487,7 @@ msgstr "Jmservisor 是在 windows 远程应用发布服务器中用来拉起远
 msgid "Filters"
 msgstr "过滤"
 
-#: terminal/api/endpoint.py:65
+#: terminal/api/endpoint.py:63
 msgid "Not found protocol query params"
 msgstr ""
 
@@ -5468,7 +5472,7 @@ msgid "Public key should not be the same as your old one."
 msgstr "不能和原来的密钥相同"
 
 #: users/forms/profile.py:149 users/serializers/profile.py:95
-#: users/serializers/profile.py:176 users/serializers/profile.py:203
+#: users/serializers/profile.py:178 users/serializers/profile.py:205
 msgid "Not a valid ssh public key"
 msgstr "SSH密钥不合法"
 
@@ -5512,27 +5516,27 @@ msgstr "最后更新密码日期"
 msgid "Need update password"
 msgstr "需要更新密码"
 
-#: users/models/user.py:888
+#: users/models/user.py:885
 msgid "Can invite user"
 msgstr "可以邀请用户"
 
-#: users/models/user.py:889
+#: users/models/user.py:886
 msgid "Can remove user"
 msgstr "可以移除用户"
 
-#: users/models/user.py:890
+#: users/models/user.py:887
 msgid "Can match user"
 msgstr "可以匹配用户"
 
-#: users/models/user.py:899
+#: users/models/user.py:896
 msgid "Administrator"
 msgstr "管理员"
 
-#: users/models/user.py:902
+#: users/models/user.py:899
 msgid "Administrator is the super user of system"
 msgstr "Administrator是初始的超级管理员"
 
-#: users/models/user.py:927
+#: users/models/user.py:924
 msgid "User password history"
 msgstr "用户密码历史"
 
@@ -5571,7 +5575,7 @@ msgstr "重置 MFA"
 msgid "The old password is incorrect"
 msgstr "旧密码错误"
 
-#: users/serializers/profile.py:36 users/serializers/profile.py:190
+#: users/serializers/profile.py:36 users/serializers/profile.py:192
 msgid "Password does not match security rules"
 msgstr "密码不满足安全规则"
 
@@ -5583,7 +5587,7 @@ msgstr "新密码不能是最近 {} 次的密码"
 msgid "The newly set password is inconsistent"
 msgstr "两次密码不一致"
 
-#: users/serializers/profile.py:142 users/serializers/user.py:140
+#: users/serializers/profile.py:144 users/serializers/user.py:140
 msgid "Is first login"
 msgstr "首次登录"
 
@@ -6629,23 +6633,3 @@ msgstr "旗舰版"
 #: xpack/plugins/license/models.py:77
 msgid "Community edition"
 msgstr "社区版"
-
-#~ msgid "Inherit"
-#~ msgstr "继承"
-
-#~ msgid "Include"
-#~ msgstr "包含"
-
-#~ msgid "Exclude"
-#~ msgstr "不包含"
-
-#~ msgid "DatabaseApp"
-#~ msgstr "数据库应用"
-
-#~ msgid "Database proxy MySQL protocol listen port"
-#~ msgstr "MySQL 协议监听的端口"
-
-#, fuzzy
-#~| msgid "Database proxy PostgreSQL port"
-#~ msgid "Database proxy PostgreSQL listen port"
-#~ msgstr "数据库组件 PostgreSQL 协议监听的端口"

apps/perms/api/asset/user_permission/common.py

@@ -141,7 +141,6 @@ class UserGrantedAssetSystemUsersForAdminApi(ListAPIView):
         return queryset_list
 
 
-@method_decorator(tmp_to_root_org(), name='list')
 class MyGrantedAssetSystemUsersApi(UserGrantedAssetSystemUsersForAdminApi):
     permission_classes = (IsValidUser,)
 

apps/perms/api/asset/user_permission/user_permission_nodes_with_assets.py

@@ -65,7 +65,6 @@ class MyGrantedNodesWithAssetsAsTreeApi(SerializeToTreeNodeMixin, ListAPIView):
         all_assets = all_assets.annotate(parent_key=F('nodes__key')).prefetch_related('platform')
         data.extend(self.serialize_assets(all_assets))
 
-    @tmp_to_root_org()
     def list(self, request: Request, *args, **kwargs):
         """
         此算法依赖 UserGrantedMappingNode

apps/perms/api/system_user_permission.py

@@ -1,14 +1,11 @@
 from rest_framework import generics
-from django.utils.decorators import method_decorator
 
 from assets.models import SystemUser
 from common.permissions import IsValidUser
-from orgs.utils import tmp_to_root_org
 from perms.utils.asset.user_permission import get_user_all_asset_perm_ids
 from .. import serializers
 
 
-@method_decorator(tmp_to_root_org(), name='list')
 class SystemUserPermission(generics.ListAPIView):
     permission_classes = (IsValidUser,)
     serializer_class = serializers.SystemUserSerializer

apps/rbac/builtin.py

@@ -4,7 +4,8 @@ from .const import Scope, system_exclude_permissions, org_exclude_permissions
 
 system_user_perms = (
     ('authentication', 'connectiontoken', 'add', 'connectiontoken'),
-    ('authentication', 'temptoken', 'add', 'temptoken'),
+    ('authentication', 'temptoken', 'add,change,view', 'temptoken'),
+    ('authentication', 'accesskey', '*', '*'),
     ('tickets', 'ticket', 'view', 'ticket'),
     ('orgs', 'organization', 'view', 'rootorg'),
 )

apps/rbac/const.py

@@ -25,6 +25,7 @@ exclude_permissions = (
     ('authentication', 'connectiontoken', 'change,delete', 'connectiontoken'),
     ('authentication', 'ssotoken', '*', '*'),
     ('authentication', 'superconnectiontoken', 'change,delete', 'superconnectiontoken'),
+    ('authentication', 'temptoken', 'delete', 'temptoken'),
     ('users', 'userpasswordhistory', '*', '*'),
     ('applications', 'applicationuser', '*', '*'),
     ('applications', 'historicalaccount', '*', '*'),

apps/rbac/tree.py

@@ -86,6 +86,8 @@ special_pid_mapper = {
     'terminal.replaystorage': 'terminal_node',
     'terminal.status': 'terminal_node',
     'terminal.task': 'terminal_node',
+    'terminal.endpoint': 'terminal_node',
+    'terminal.endpointrule': 'terminal_node',
     'audits.ftplog': 'terminal',
     'perms.view_myassets': 'my_assets',
     'perms.view_myapps': 'my_apps',

apps/settings/api/public.py

@@ -65,6 +65,7 @@ class PublicSettingApi(generics.RetrieveAPIView):
                 # Terminal
                 "XRDP_ENABLED": settings.XRDP_ENABLED,
                 "TERMINAL_MAGNUS_ENABLED": settings.TERMINAL_MAGNUS_ENABLED,
+                "TERMINAL_KOKO_SSH_ENABLED": settings.TERMINAL_KOKO_SSH_ENABLED,
                 # Announcement
                 "ANNOUNCEMENT_ENABLED": settings.ANNOUNCEMENT_ENABLED,
                 "ANNOUNCEMENT": settings.ANNOUNCEMENT,

apps/settings/serializers/terminal.py

@@ -30,8 +30,9 @@ class TerminalSettingSerializer(serializers.Serializer):
     )
     TERMINAL_TELNET_REGEX = serializers.CharField(
         allow_blank=True, max_length=1024, required=False, label=_('Telnet login regex'),
-        help_text=_("The login success message varies with devices. "
+        help_text=_("Tips: The login success message varies with devices. "
                     "if you cannot log in to the device through Telnet, set this parameter")
     )
     TERMINAL_MAGNUS_ENABLED = serializers.BooleanField(label=_("Enable database proxy"))
     XRDP_ENABLED = serializers.BooleanField(label=_("Enable XRDP"))
+    TERMINAL_KOKO_SSH_ENABLED = serializers.BooleanField(label=_("Enable KoKo SSH"))

apps/static/js/jumpserver.js

@@ -125,8 +125,9 @@ function csrfSafeMethod(method) {
 }
 
 function setAjaxCSRFToken() {
-    var csrftoken = getCookie('csrftoken');
-    var sessionid = getCookie('sessionid');
+    const prefix = getCookie('SESSION_COOKIE_NAME_PREFIX', '')
+    var csrftoken = getCookie(`${prefix}csrftoken`);
+    var sessionid = getCookie(`${prefix}sessionid`);
 
     $.ajaxSetup({
         beforeSend: function (xhr, settings) {

apps/terminal/api/endpoint.py

@@ -2,7 +2,7 @@ from rest_framework.decorators import action
 from rest_framework.response import Response
 from rest_framework import status
 from common.drf.api import JMSBulkModelViewSet
-from common.utils import get_object_or_none
+from django.utils.translation import ugettext_lazy as _
 from django.shortcuts import get_object_or_404
 from assets.models import Asset
 from orgs.utils import tmp_to_root_org

apps/terminal/models/endpoint.py

@@ -31,8 +31,11 @@ class Endpoint(JMSModel):
     def get_port(self, protocol):
         return getattr(self, f'{protocol}_port', 0)
 
+    def is_default(self):
+        return self.id == self.default_id
+
     def delete(self, using=None, keep_parents=False):
-        if self.id == self.default_id:
+        if self.is_default():
             return
         return super().delete(using, keep_parents)
 
@@ -78,6 +81,8 @@ class EndpointRule(JMSModel):
                 continue
             if not endpoint_rule.endpoint:
                 continue
+            if endpoint_rule.endpoint.is_default():
+                return endpoint_rule
             if not endpoint_rule.endpoint.host:
                 continue
             if endpoint_rule.endpoint.get_port(protocol) == 0:

apps/users/models/user.py

@@ -455,7 +455,7 @@ class RoleMixin:
         if org is None:
             org = current_org
         if not org.is_root():
-            queryset = current_org.get_members()
+            queryset = org.get_members()
         queryset = cls.filter_not_service_account(queryset)
         return queryset