github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

feat: rdp 添加授权过期自动断开

pull/6236/head
xinwen 2021-07-05 16:20:42 +08:00 committed by 老广
parent 0fd5ab02e9
commit c4bbeaaccc
2 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
apps/authentication/api/connection_token.py
View File

@ -216,6 +216,8 @@ class UserConnectionTokenViewSet(RootOrgViewMixin, SerializerMixin2, GenericView
from users.models import User from users.models import User
from assets.models import SystemUser, Asset from assets.models import SystemUser, Asset
from applications.models import Application from applications.models import Application
from perms.utils.asset.permission import validate_permission as asset_validate_permission
from perms.utils.application.permission import validate_permission as app_validate_permission
key = self.CACHE_KEY_PREFIX.format(token) key = self.CACHE_KEY_PREFIX.format(token)
value = cache.get(key, None) value = cache.get(key, None)
@ -232,23 +234,24 @@ class UserConnectionTokenViewSet(RootOrgViewMixin, SerializerMixin2, GenericView
app = None app = None
if value.get('type') == 'asset': if value.get('type') == 'asset':
asset = get_object_or_404(Asset, id=value.get('asset')) asset = get_object_or_404(Asset, id=value.get('asset'))
if not asset.is_active:
raise serializers.ValidationError("Asset disabled")
has_perm, expired_at = asset_validate_permission(user, asset, system_user, 'connect')
else: else:
app = get_object_or_404(Application, id=value.get('application')) app = get_object_or_404(Application, id=value.get('application'))
has_perm, expired_at = app_validate_permission(user, app, system_user)
if asset and not asset.is_active: if not has_perm:
raise serializers.ValidationError("Asset disabled")
try:
self.check_resource_permission(user, asset, app, system_user)
except PermissionDenied:
raise serializers.ValidationError('Permission expired or invalid') raise serializers.ValidationError('Permission expired or invalid')
return value, user, system_user, asset, app
return value, user, system_user, asset, app, expired_at
@action(methods=['POST'], detail=False, permission_classes=[IsSuperUserOrAppUser], url_path='secret-info/detail') @action(methods=['POST'], detail=False, permission_classes=[IsSuperUserOrAppUser], url_path='secret-info/detail')
def get_secret_detail(self, request, *args, **kwargs): def get_secret_detail(self, request, *args, **kwargs):
token = request.data.get('token', '') token = request.data.get('token', '')
try: try:
value, user, system_user, asset, app = self.valid_token(token) value, user, system_user, asset, app, expired_at = self.valid_token(token)
except serializers.ValidationError as e: except serializers.ValidationError as e:
post_auth_failed.send( post_auth_failed.send(
sender=self.__class__, username='', request=self.request, sender=self.__class__, username='', request=self.request,
@ -256,7 +259,7 @@ class UserConnectionTokenViewSet(RootOrgViewMixin, SerializerMixin2, GenericView
) )
raise e raise e
data = dict(user=user, system_user=system_user) data = dict(user=user, system_user=system_user, expired_at=expired_at)
if asset: if asset:
asset_detail = self._get_asset_secret_detail(asset, user=user, system_user=system_user) asset_detail = self._get_asset_secret_detail(asset, user=user, system_user=system_user)
system_user.load_asset_more_auth(asset.id, user.username, user.id) system_user.load_asset_more_auth(asset.id, user.username, user.id)

1
apps/authentication/serializers.py
View File

@ -196,6 +196,7 @@ class ConnectionTokenSecretSerializer(serializers.Serializer):
system_user = ConnectionTokenSystemUserSerializer(read_only=True) system_user = ConnectionTokenSystemUserSerializer(read_only=True)
gateway = ConnectionTokenGatewaySerializer(read_only=True) gateway = ConnectionTokenGatewaySerializer(read_only=True)
actions = ActionsField() actions = ActionsField()
expired_at = serializers.IntegerField()
class RDPFileSerializer(ConnectionTokenSerializer): class RDPFileSerializer(ConnectionTokenSerializer):