github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

添加用户后发送密码

pull/6/head
guanghongwei 2015-04-15 17:32:30 +08:00
parent 3424bef5d0
commit c08cee8052
7 changed files with 87 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
jperm/views.py
View File

@ -3,7 +3,6 @@ import sys
reload(sys)
sys.setdefaultencoding('utf8')
from django.core.mail import send_mail
from django.shortcuts import render_to_response
from django.template import RequestContext
from jperm.models import Perm, SudoPerm, CmdGroup, Apply
@ -11,12 +10,6 @@ from django.db.models import Q
from jumpserver.api import *
CONF = ConfigParser()
CONF.read('%s/jumpserver.conf' % BASE_DIR)
send_ip = CONF.get('base', 'ip')
send_port = CONF.get('base', 'port')
def asset_cmd_groups_get(asset_groups_select='', cmd_groups_select=''):
asset_groups_select_list = []
cmd_groups_select_list = []
@ -701,7 +694,7 @@ def perm_apply(request):
time_now = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
a = Apply.objects.create(applyer=applyer, dept=dept, bisgroup=group, date_add=datetime.datetime.now(), asset=hosts, status=0, comment=comment)
uuid = a.uuid
url = "http://%s:%s/jperm/apply_exec/?uuid=%s" % (send_ip, send_port, uuid)
url = "http://%s:%s/jperm/apply_exec/?uuid=%s" % (SEND_IP, SEND_PORT, uuid)
mail_msg = """
Hi,%s:
鏈夋柊鐨勬潈闄愮敵璇, 璇︽儏濡備笅:
@ -715,7 +708,7 @@ def perm_apply(request):
%s
""" % (da.username, applyer, group_lis, hosts_lis, time_now, comment, url)
send_mail(mail_title, mail_msg, 'jkfunshion@fun.tv', [mail_address], fail_silently=False)
send_mail(mail_title, mail_msg, MAIL_FROM, [mail_address], fail_silently=False)
smg = "鎻愪氦鎴愬姛,宸插彂閭欢閫氱煡閮ㄩ棬绠$悊鍛樸"
return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request))
return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request))

12
jumpserver.conf
View File

@ -3,6 +3,8 @@
[base]
ip = 192.168.173.129
port = 80
key = 88aaaf7ffe3c6c04
[db]
@ -25,13 +27,9 @@ root_pw = secret234
web_socket_host = 192.168.20.209:3000
[web]
key = 88aaaf7ffe3c6c04
[mail]
email_host = smtp.qq.com
email_host = smtp.exmail.qq.com
email_port = 25
email_host_user = jumpserver@qq.com
email_host_password = jumpserver.org
email_host_user = noreply@jumpserver.org
email_host_password = jumpserver123
email_use_tls = False

24
jumpserver/api.py
View File

@ -19,6 +19,7 @@ from jasset.models import Asset, BisGroup, IDC
from jlog.models import Log
from jasset.models import AssetAlias
from django.core.exceptions import ObjectDoesNotExist
from django.core.mail import send_mail
BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
@ -27,18 +28,12 @@ CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf'))
LOG_DIR = os.path.join(BASE_DIR, 'logs')
SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys')
SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server')
KEY = CONF.get('web', 'key')
KEY = CONF.get('base', 'key')
LOGIN_NAME = getpass.getuser()
LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable')
# def user_perm_group_api(username):
# user = User.objects.get(username=username)
# if user:
# perm_list = []
# user_group_all = user.group.all()
# for user_group in user_group_all:
# perm_list.extend(user_group.perm_set.all())
SEND_IP = CONF.get('base', 'ip')
SEND_PORT = CONF.get('base', 'port')
MAIL_FROM = CONF.get('mail', 'email_host_user')
class LDAPMgmt():
@ -201,6 +196,9 @@ def require_login(func):
def require_super_user(func):
def _deco(request, *args, **kwargs):
if not request.session.get('user_id'):
return HttpResponseRedirect('/login/')
if request.session.get('role_id', 0) != 2:
return HttpResponseRedirect('/')
return func(request, *args, **kwargs)
@ -209,6 +207,9 @@ def require_super_user(func):
def require_admin(func):
def _deco(request, *args, **kwargs):
if not request.session.get('user_id'):
return HttpResponseRedirect('/login/')
if request.session.get('role_id', 0) < 1:
return HttpResponseRedirect('/')
return func(request, *args, **kwargs)
@ -267,7 +268,8 @@ def view_splitter(request, su=None, adm=None):
return su(request)
elif is_group_admin(request):
return adm(request)
raise Http404
else:
return HttpResponseRedirect('/login/')
def user_perm_group_api(username):

2
jumpserver/views.py
View File

@ -50,7 +50,7 @@ def index_cu(request):
user = user[0]
login_types = {'L': 'LDAP', 'M': 'MAP'}
user_id = request.session.get('user_id')
username = User.objects.get(id=user_id).name
username = User.objects.get(id=user_id).username
posts = user_perm_asset_api(username)
host_count = len(posts)
new_posts = []

70
juser/views.py
View File

@ -68,6 +68,7 @@ def db_add_user(**kwargs):
group = UserGroup.objects.filter(id=group_id)
group_select.extend(group)
user.group = group_select
return user
def db_update_user(**kwargs):
@ -153,18 +154,8 @@ def ldap_add_user(username, ldap_pwd):
'userPassword': ['{crypt}x'],
'gidNumber': [str(user.id)]}
# sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN)
# sudo_attr = {'objectClass': ['top', 'sudoRole'],
# 'cn': ['%s' % str(username)],
# 'sudoCommand': ['/bin/pwd'],
# 'sudoHost': ['192.168.1.1'],
# 'sudoOption': ['!authenticate'],
# 'sudoRunAsUser': ['root'],
# 'sudoUser': ['%s' % str(username)]}
ldap_conn.add(user_dn, user_attr)
ldap_conn.add(group_dn, group_attr)
# ldap_conn.add(sudo_dn, sudo_attr)
def ldap_del_user(username):
@ -602,13 +593,13 @@ def user_add(request):
if request.method == 'POST':
username = request.POST.get('username', '')
password = request.POST.get('password', '')
password = gen_rand_pwd(16)
name = request.POST.get('name', '')
email = request.POST.get('email', '')
dept_id = request.POST.get('dept_id')
groups = request.POST.getlist('groups', [])
role_post = request.POST.get('role', 'CU')
ssh_key_pwd = request.POST.get('ssh_key_pwd', '')
ssh_key_pwd = gen_rand_pwd(16)
is_active = True if request.POST.get('is_active', '1') == '1' else False
ldap_pwd = gen_rand_pwd(16)
@ -632,19 +623,30 @@ def user_add(request):
pass
else:
try:
db_add_user(username=username,
password=md5_crypt(password),
name=name, email=email, dept=dept,
groups=groups, role=role_post,
ssh_key_pwd=CRYPTOR.encrypt(ssh_key_pwd),
ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
is_active=is_active,
date_joined=datetime.datetime.now())
user = db_add_user(username=username,
password=md5_crypt(password),
name=name, email=email, dept=dept,
groups=groups, role=role_post,
ssh_key_pwd=md5_crypt(ssh_key_pwd),
ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
is_active=is_active,
date_joined=datetime.datetime.now())
server_add_user(username, password, ssh_key_pwd)
if LDAP_ENABLE:
ldap_add_user(username, ldap_pwd)
msg = u'娣诲姞鐢ㄦ埛 %s 鎴愬姛锛' % username
mail_title = u'鎭枩浣犵殑璺虫澘鏈虹敤鎴锋坊鍔犳垚鍔 Jumpserver'
mail_msg = """
Hi, %s
鎮ㄧ殑鐢ㄦ埛鍚 %s
鎮ㄧ殑閮ㄩ棬: %s
鎮ㄧ殑瑙掕壊 %s
鎮ㄧ殑web鐧诲綍瀵嗙爜 %s
鎮ㄧ殑ssh鐧诲綍瀵嗙爜 %s
瀵嗛挜涓嬭浇鍦板潃 http://%s:%s/juser/down_key/?id=%s
璇存槑 璇风櫥闄嗗悗鍐嶄笅杞藉瘑閽
""" % (name, username, dept.name, user_role.get(role_post, ''),
password, ssh_key_pwd, SEND_IP, SEND_PORT, user.id)
except Exception, e:
error = u'娣诲姞鐢ㄦ埛 %s 澶辫触 %s ' % (username, e)
@ -655,6 +657,9 @@ def user_add(request):
ldap_del_user(username)
except Exception:
pass
else:
send_mail(mail_title, mail_msg, MAIL_FROM, [email], fail_silently=False)
msg = u'娣诲姞鐢ㄦ埛 %s 鎴愬姛锛 鐢ㄦ埛瀵嗙爜宸插彂閫佸埌 %s 閭锛' % (username, email)
return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
@ -668,11 +673,11 @@ def user_add_adm(request):
if request.method == 'POST':
username = request.POST.get('username', '')
password = request.POST.get('password', '')
password = gen_rand_pwd(16)
name = request.POST.get('name', '')
email = request.POST.get('email', '')
groups = request.POST.getlist('groups', [])
ssh_key_pwd = request.POST.get('ssh_key_pwd', '')
ssh_key_pwd = gen_rand_pwd(16)
is_active = True if request.POST.get('is_active', '1') == '1' else False
ldap_pwd = gen_rand_pwd(16)
@ -693,7 +698,7 @@ def user_add_adm(request):
password=md5_crypt(password),
name=name, email=email, dept=dept,
groups=groups, role='CU',
ssh_key_pwd=CRYPTOR.encrypt(ssh_key_pwd),
ssh_key_pwd=md5_crypt(ssh_key_pwd),
ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
is_active=is_active,
date_joined=datetime.datetime.now())
@ -701,7 +706,6 @@ def user_add_adm(request):
server_add_user(username, password, ssh_key_pwd)
if LDAP_ENABLE:
ldap_add_user(username, ldap_pwd)
msg = u'娣诲姞鐢ㄦ埛 %s 鎴愬姛锛' % username
except Exception, e:
error = u'娣诲姞鐢ㄦ埛 %s 澶辫触 %s ' % (username, e)
@ -712,6 +716,22 @@ def user_add_adm(request):
ldap_del_user(username)
except Exception:
pass
else:
mail_title = u'鎭枩浣犵殑璺虫澘鏈虹敤鎴锋坊鍔犳垚鍔 Jumpserver'
mail_msg = """
Hi, %s
鎮ㄧ殑鐢ㄦ埛鍚 %s
鎮ㄧ殑閮ㄩ棬: %s
鎮ㄧ殑瑙掕壊 %s
鎮ㄧ殑web鐧诲綍瀵嗙爜 %s
鎮ㄧ殑ssh鐧诲綍瀵嗙爜 %s
瀵嗛挜涓嬭浇鍦板潃 %s
璇存槑 璇风櫥闄嗗悗鍐嶄笅杞藉瘑閽
""" % (name, username, dept.name, '鏅氱敤鎴', password, ssh_key_pwd, ssh_key_pwd)
print MAIL_FROM
send_mail(mail_title, mail_msg, MAIL_FROM, [email], fail_silently=False)
msg = u'娣诲姞鐢ㄦ埛 %s 鎴愬姛锛 鐢ㄦ埛瀵嗙爜宸插彂閫佸埌 %s 閭锛' % (username, email)
return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))

40
templates/juser/user_add.html
View File

@ -42,26 +42,26 @@
<input id="username" name="username" placeholder="Username" type="text" class="form-control" {% if error %}value="{{ username }}" {% endif %}>
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="password" class="col-sm-2 control-label">瀵嗙爜<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<input id="password" name="password" placeholder="Password" type="password" class="form-control" {% if error %}value="{{ password }}" {% endif %}>
<span class="help-block m-b-none">
鐧婚檰web鐨勫瘑鐮
</span>
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="ssh_key_pwd" class="col-sm-2 control-label">瀵嗛挜瀵嗙爜<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<input id="ssh_key_pwd" name="ssh_key_pwd" placeholder="SSH Key Password" type="password" class="form-control" {% if error %}value="{{ ssh_key_pwd }}" {% endif %}>
<span class="help-block m-b-none">
鐧婚檰 Jumpserver 浣跨敤鐨凷SH瀵嗛挜鐨勫瘑鐮
</span>
</div>
</div>
{# <div class="hr-line-dashed"></div>#}
{# <div class="form-group">#}
{# <label for="password" class="col-sm-2 control-label">瀵嗙爜<span class="red-fonts">*</span></label>#}
{# <div class="col-sm-8">#}
{# <input id="password" name="password" placeholder="Password" type="password" class="form-control" {% if error %}value="{{ password }}" {% endif %}>#}
{# <span class="help-block m-b-none">#}
{# 鐧婚檰web鐨勫瘑鐮#}
{# </span>#}
{# </div>#}
{# </div>#}
{# <div class="hr-line-dashed"></div>#}
{# <div class="form-group">#}
{# <label for="ssh_key_pwd" class="col-sm-2 control-label">瀵嗛挜瀵嗙爜<span class="red-fonts">*</span></label>#}
{# <div class="col-sm-8">#}
{# <input id="ssh_key_pwd" name="ssh_key_pwd" placeholder="SSH Key Password" type="password" class="form-control" {% if error %}value="{{ ssh_key_pwd }}" {% endif %}>#}
{# <span class="help-block m-b-none">#}
{# 鐧婚檰 Jumpserver 浣跨敤鐨凷SH瀵嗛挜鐨勫瘑鐮#}
{# </span>#}
{# </div>#}
{# </div>#}
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="name" class="col-sm-2 control-label">濮撳悕<span class="red-fonts">*</span></label>

1
templates/login.html
View File

@ -14,6 +14,7 @@
<link href="/static/css/animate.css" rel="stylesheet">
<link href="/static/css/style.css" rel="stylesheet">
</head>
<body class="gray-bg">