github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

remove request.session user_id and role_id, about role_id need more think, now is dirty

pull/26/head
liuzheng712 2015-10-27 23:57:37 +08:00
parent f8c8c3deff 9d5c4dbb33
commit ca271900e6
16 changed files with 153 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1,7 +1,8 @@
*.py[cod]
.idea
test.py
.DS_Store
db.sqlite3
# C extensions
*.so

28
docs/initial_data.yaml Normal file
View File

@ -0,0 +1,28 @@
- model: juser.user
pk: 5000
fields:
username: admin
name: admin
password: pbkdf2_sha256$20000$jBIDGPB2j5JT$orxqGgzzjzykColYm1BswPjgHOiERjZkcgkuVIkD2Hc=
email: admin@jumpserver.org
role: SU
is_active: 1
- model: juser.user
pk: 5001
fields:
username: group_admin
name: group_admin
password: pbkdf2_sha256$20000$ttObUWd15q10$NJoyZf2OZz9oiw2g4j2TkTh9zGgyVDRFdUkhn8X0nB0=
email: group_admin@jumpserver.org
role: DA
is_active: 1
- model: juser.usergroup
pk: 1
fields:
name: ALL
comment: ALL
- model: juser.usergroup
pk: 2
fields:
name: 默认
comment: 默认

6
jasset/models.py
View File

@ -59,13 +59,13 @@ class AssetGroup(models.Model):
class Asset(models.Model):
ip = models.IPAddressField(unique=True)
port = models.IntegerField(max_length=6)
ip = models.GenericIPAddressField(unique=True)
port = models.IntegerField()
group = models.ManyToManyField(AssetGroup)
username = models.CharField(max_length=20, blank=True, null=True)
password = models.CharField(max_length=80, blank=True, null=True)
use_default_auth = models.BooleanField(default=True)
date_added = models.DateTimeField(auto_now=True, default=datetime.datetime.now(), null=True)
date_added = models.DateTimeField(auto_now_add=True)
is_active = models.BooleanField(default=True)
comment = models.CharField(max_length=100, blank=True, null=True)

2
jlog/models.py
View File

@ -8,7 +8,7 @@ class Log(models.Model):
dept_name = models.CharField(max_length=20)
log_path = models.CharField(max_length=100)
start_time = models.DateTimeField(null=True)
pid = models.IntegerField(max_length=10)
pid = models.IntegerField()
is_finished = models.BooleanField(default=False)
handle_finished = models.BooleanField(default=False)
end_time = models.DateTimeField(null=True)

7
jlog/views.py
View File

@ -6,10 +6,8 @@ from django.shortcuts import render_to_response
from jumpserver.api import *
from jasset.views import httperror
from django.http import HttpResponseNotFound
CONF = ConfigParser()
CONF.read('%s/jumpserver.conf' % BASE_DIR)
from models import Log
from jumpserver.settings import web_socket_host
def get_user_info(request, offset):
""" 获取用户信息及环境 """
@ -58,7 +56,6 @@ def log_list(request, offset):
""" 显示日志 """
header_title, path1, path2 = u'查看日志', u'查看日志', u'在线用户'
keyword = request.GET.get('keyword', '')
web_socket_host = CONF.get('websocket', 'web_socket_host')
posts = get_user_log(get_user_info(request, offset))
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)

40
jumpserver/api.py
View File

@ -1,8 +1,6 @@
# coding: utf-8
import os, sys, time
from ConfigParser import ConfigParser
import getpass
from Crypto.Cipher import AES
import crypt
from binascii import b2a_hex, a2b_hex
@ -11,14 +9,15 @@ import datetime
import random
import subprocess
import paramiko
import struct, fcntl, signal,socket, select, fnmatch
import struct, fcntl, signal, socket, select, fnmatch
from settings import JLOG_FILE, KEY, URL, log_dir, log_level
from django.core.paginator import Paginator, EmptyPage, InvalidPage
from django.http import HttpResponse, Http404
from django.template import RequestContext
from juser.models import User, UserGroup
from jasset.models import Asset, AssetGroup
from jlog.models import Log
# from jlog.models import Log
from jasset.models import AssetAlias
from django.core.exceptions import ObjectDoesNotExist, MultipleObjectsReturned
from django.http import HttpResponseRedirect
@ -36,22 +35,6 @@ except ImportError:
sys.exit()
BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
CONF = ConfigParser()
CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf'))
LOG_DIR = os.path.join(BASE_DIR, 'logs')
JLOG_FILE = os.path.join(LOG_DIR, 'jumpserver.log')
SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys')
# SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server')
KEY = CONF.get('base', 'key')
LOGIN_NAME = getpass.getuser()
# LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable')
URL = CONF.get('base', 'url')
MAIL_ENABLE = CONF.get('mail', 'mail_enable')
MAIL_FROM = CONF.get('mail', 'email_host_user')
log_dir = os.path.join(BASE_DIR, 'logs')
def set_log(level):
"""
return a log file object
@ -146,7 +129,7 @@ def page_list_return(total, current=1):
min_page = current - 2 if current - 4 > 0 else 1
max_page = min_page + 4 if min_page + 4 < total else total
return range(min_page, max_page+1)
return range(min_page, max_page + 1)
def pages(post_objects, request):
@ -186,6 +169,7 @@ class Jtty(object):
A virtual tty class
一个虚拟终端类实现连接ssh和记录日志
"""
def __init__(self, user, asset):
self.chan = None
self.username = user.username
@ -404,7 +388,7 @@ class PyCrypt(object):
symbol = '!@$%^&*()_'
salt_list = []
if especial:
for i in range(length-4):
for i in range(length - 4):
salt_list.append(random.choice(salt_key))
for i in range(4):
salt_list.append(random.choice(symbol))
@ -489,19 +473,24 @@ def require_role(role='user'):
decorator for require user role in ["super", "admin", "user"]
要求用户是某种角色 ["super", "admin", "user"]的装饰器
"""
def _deco(func):
def __deco(request, *args, **kwargs):
if role == 'user':
if not request.user.is_authenticated():
return HttpResponseRedirect('/login/')
elif role == 'admin':
if request.session.get('role_id', 0) < 1:
# if request.session.get('role_id', 0) < 1:
if request.user.role == 'CU':
return HttpResponseRedirect('/')
elif role == 'super':
if request.session.get('role_id', 0) < 2:
# if request.session.get('role_id', 0) < 2:
if request.user.role in ['CU', 'GA']:
return HttpResponseRedirect('/')
return func(request, *args, **kwargs)
return __deco
return _deco
@ -511,6 +500,7 @@ def is_role_request(request, role='user'):
要求请求角色正确
"""
role_all = {'user': 0, 'admin': 1, 'super': 2}
# TODO: liuzheng's work
if request.session.get('role_id') == role_all.get(role, 0):
return True
else:
@ -711,6 +701,4 @@ CRYPTOR = PyCrypt(KEY)
# ldap_conn = LDAPMgmt(LDAP_HOST_URL, LDAP_BASE_DN, LDAP_ROOT_DN, LDAP_ROOT_PW)
# else:
# ldap_conn = None
log_level = CONF.get('base', 'log')
logger = set_log(log_level)

5
jumpserver/context_processors.py
View File

@ -4,8 +4,9 @@ from jumpserver.api import *
def name_proc(request):
user_id = request.session.get('user_id')
role_id = request.session.get('role_id')
user_id = request.user.id
# role_id = request.session.get('role_id')
role_id = {'SU':2,'GA':1,'CU':0}.get(request.user.role,0)
# if role_id == 2:
user_total_num = User.objects.all().count()
user_active_num = User.objects.filter().count()

53
jumpserver/settings.py
View File

@ -11,6 +11,7 @@ https://docs.djangoproject.com/en/1.7/ref/settings/
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
import os
import ConfigParser
import getpass
config = ConfigParser.ConfigParser()
@ -22,7 +23,7 @@ DB_PORT = config.getint('db', 'port')
DB_USER = config.get('db', 'user')
DB_PASSWORD = config.get('db', 'password')
DB_DATABASE = config.get('db', 'database')
AUTH_USER_MODEL = 'juser.User'
# mail config
EMAIL_HOST = config.get('mail', 'email_host')
EMAIL_PORT = config.get('mail', 'email_port')
@ -30,6 +31,24 @@ EMAIL_HOST_USER = config.get('mail', 'email_host_user')
EMAIL_HOST_PASSWORD = config.get('mail', 'email_host_password')
EMAIL_USE_TLS = config.getboolean('mail', 'email_use_tls')
# ======== Log ==========
LOG = False
LOG_DIR = os.path.join(BASE_DIR, 'logs')
JLOG_FILE = os.path.join(LOG_DIR, 'jumpserver.log')
SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys')
# SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server')
KEY = config.get('base', 'key')
LOGIN_NAME = getpass.getuser()
# LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable')
URL = config.get('base', 'url')
MAIL_ENABLE = config.get('mail', 'mail_enable')
MAIL_FROM = config.get('mail', 'email_host_user')
log_dir = os.path.join(BASE_DIR, 'logs')
log_level = config.get('base', 'log')
web_socket_host = config.get('websocket', 'web_socket_host')
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/
@ -58,15 +77,15 @@ INSTALLED_APPS = (
'juser',
'jasset',
'jperm',
# 'jlog',
'jlog',
)
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
#'django.middleware.csrf.CsrfViewMiddleware',
# 'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
#'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
# 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
)
@ -79,17 +98,23 @@ WSGI_APPLICATION = 'jumpserver.wsgi.application'
# Database
# https://docs.djangoproject.com/en/1.7/ref/settings/#databases
# DATABASES = {
# 'default': {
# 'ENGINE': 'django.db.backends.mysql',
# 'NAME': DB_DATABASE,
# 'USER': DB_USER,
# 'PASSWORD': DB_PASSWORD,
# 'HOST': DB_HOST,
# 'PORT': DB_PORT,
# }
# }
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': DB_DATABASE,
'USER': DB_USER,
'PASSWORD': DB_PASSWORD,
'HOST': DB_HOST,
'PORT': DB_PORT,
'ENGINE': 'django.db.backends.sqlite3',
'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
}
}
TEMPLATE_CONTEXT_PROCESSORS = (
'django.contrib.auth.context_processors.auth',
'django.core.context_processors.debug',
@ -98,14 +123,14 @@ TEMPLATE_CONTEXT_PROCESSORS = (
'django.core.context_processors.static',
'django.core.context_processors.tz',
'django.contrib.messages.context_processors.messages',
'jumpserver.context_processors.name_proc'
'jumpserver.context_processors.name_proc',
)
TEMPLATE_DIRS = (
os.path.join(BASE_DIR, 'templates'),
)
#STATIC_ROOT = os.path.join(BASE_DIR, 'static')
# STATIC_ROOT = os.path.join(BASE_DIR, 'static')
STATICFILES_DIRS = (
os.path.join(BASE_DIR, "static"),
@ -128,5 +153,3 @@ USE_TZ = False
# https://docs.djangoproject.com/en/1.7/howto/static-files/
STATIC_URL = '/static/'

4
jumpserver/urls.py
View File

@ -8,8 +8,8 @@ urlpatterns = patterns('',
(r'^skin_config/$', 'jumpserver.views.skin_config'),
(r'^install/$', 'jumpserver.views.install'),
(r'^base/$', 'jumpserver.views.base'),
(r'^login/$', 'jumpserver.views.login'),
(r'^logout/$', 'jumpserver.views.logout'),
(r'^login/$', 'jumpserver.views.Login'),
(r'^logout/$', 'jumpserver.views.Logout'),
(r'^file/upload/$', 'jumpserver.views.upload'),
(r'^file/download/$', 'jumpserver.views.download'),
(r'^error/$', 'jumpserver.views.httperror'),

21
jumpserver/views.py
View File

@ -12,8 +12,10 @@ from django.http import HttpResponse
# from jperm.models import Apply
import paramiko
from jumpserver.api import *
from django.contrib.auth import authenticate,logout,login
from django.contrib.auth import authenticate, login, logout
from django.contrib.auth.decorators import login_required
from settings import BASE_DIR
from jlog.models import Log
def getDaysByNum(num):
today = datetime.date.today()
@ -64,7 +66,6 @@ def index_cu(request):
new_posts.append(post_five)
post_five = []
new_posts.append(post_five)
return render_to_response('index_cu.html', locals(), context_instance=RequestContext(request))
@ -195,7 +196,7 @@ def is_latest():
def Login(request):
"""登录界面"""
if not request.user.is_authenticated():
if request.user.is_authenticated():
return HttpResponseRedirect('/')
if request.method == 'GET':
return render_to_response('login.html')
@ -216,12 +217,12 @@ def Login(request):
# if PyCrypt.md5_crypt(password) == user.password:
# request.session['user_id'] = user.id
# user_filter.update(last_login=datetime.datetime.now())
if user.role == 'SU':
request.session['role_id'] = 2
elif user.role == 'GA':
request.session['role_id'] = 1
else:
request.session['role_id'] = 0
# if user.role == 'SU':
# request.session['role_id'] = 2
# elif user.role == 'GA':
# request.session['role_id'] = 1
# else:
# request.session['role_id'] = 0
return HttpResponseRedirect('/', )
# response.set_cookie('username', username, expires=604800)
# response.set_cookie('seed', PyCrypt.md5_crypt(password), expires=604800)

33
juser/models.py
View File

@ -1,6 +1,7 @@
#coding: utf-8
# coding: utf-8
from django.db import models
from django.contrib.auth.models import AbstractUser
class UserGroup(models.Model):
@ -19,23 +20,17 @@ class UserGroup(models.Model):
self.save()
class User(models.Model):
class User(AbstractUser):
USER_ROLE_CHOICES = (
('SU', 'SuperUser'),
('GA', 'GroupAdmin'),
('CU', 'CommonUser'),
)
username = models.CharField(max_length=80, unique=True)
password = models.CharField(max_length=100)
name = models.CharField(max_length=80)
email = models.EmailField(max_length=75)
role = models.CharField(max_length=2, choices=USER_ROLE_CHOICES, default='CU')
uuid = models.CharField(max_length=100)
role = models.CharField(max_length=2, choices=USER_ROLE_CHOICES, default='CU')
group = models.ManyToManyField(UserGroup)
ssh_key_pwd = models.CharField(max_length=200)
is_active = models.BooleanField(default=True)
last_login = models.DateTimeField(null=True)
date_joined = models.DateTimeField(null=True)
def __unicode__(self):
return self.username
@ -47,13 +42,11 @@ class User(models.Model):
"""
host_group_list = []
perm_list = []
user_group_all = self.group.all()
for user_group in user_group_all:
perm_list.extend(user_group.perm_set.all())
for perm in perm_list:
host_group_list.append(perm.asset_group)
# user_group_all = self.group.all()
# for user_group in user_group_all:
# perm_list.extend(user_group.perm_set.all())
# for perm in perm_list:
# host_group_list.append(perm.asset_group)
return host_group_list
def get_asset_group_info(self, printable=False):
@ -63,10 +56,8 @@ class User(models.Model):
"""
asset_groups_info = {}
asset_groups = self.get_asset_group()
for asset_group in asset_groups:
asset_groups_info[asset_group.id] = [asset_group.name, asset_group.comment]
if printable:
for group_id in asset_groups_info:
if asset_groups_info[group_id][1]:
@ -86,10 +77,8 @@ class User(models.Model):
"""
assets = []
asset_groups = self.get_asset_group()
for asset_group in asset_groups:
assets.extend(asset_group.asset_set.all())
return assets
def get_asset_info(self, printable=False):
@ -100,14 +89,12 @@ class User(models.Model):
from jasset.models import AssetAlias
assets_info = {}
assets = self.get_asset()
for asset in assets:
asset_alias = AssetAlias.objects.filter(user=self, asset=asset)
if asset_alias and asset_alias[0].alias != '':
assets_info[asset.ip] = [asset.id, asset.ip, str(asset_alias[0].alias)]
else:
assets_info[asset.ip] = [asset.id, asset.ip, str(asset.comment)]
if printable:
ips = assets_info.keys()
ips.sort()
@ -137,5 +124,3 @@ class AdminGroup(models.Model):
def __unicode__(self):
return '%s: %s' % (self.user.username, self.group.name)

7
juser/user_api.py
View File

@ -4,7 +4,7 @@ from Crypto.PublicKey import RSA
from juser.models import AdminGroup
from jumpserver.api import *
from jumpserver.settings import BASE_DIR
def group_add_user(group, user_id=None, username=None):
"""
@ -59,6 +59,7 @@ def db_add_user(**kwargs):
admin_groups = kwargs.pop('admin_groups')
role = kwargs.get('role', 'CU')
user = User(**kwargs)
user.set_password(kwargs.get('password'))
user.save()
if groups_post:
group_select = []
@ -83,10 +84,10 @@ def db_update_user(**kwargs):
groups_post = kwargs.pop('groups')
admin_groups_post = kwargs.pop('admin_groups')
user_id = kwargs.pop('user_id')
user = User.objects.filter(id=user_id)
user = User.objects.get(id=user_id)
if user:
user.update(**kwargs)
user = user[0]
user.set_password(kwargs.pop('password'))
user.save()
else:
return None

56
juser/views.py
View File

@ -2,20 +2,21 @@
# Author: Guanghongwei
# Email: ibuler@qq.com
import random
from Crypto.PublicKey import RSA
# import random
# from Crypto.PublicKey import RSA
import uuid as uuid_r
from django.db.models import Q
from django.template import RequestContext
from django.db.models import ObjectDoesNotExist
from jumpserver.settings import MAIL_FROM, MAIL_ENABLE
from juser.user_api import *
def chg_role(request):
role = {'SU': 2, 'DA': 1, 'CU': 0}
user, dept = get_session_user_dept(request)
# TODO: liuzheng's work
if request.session['role_id'] > 0:
request.session['role_id'] = 0
elif request.session['role_id'] == 0:
@ -240,8 +241,8 @@ def user_add(request):
if '' in [username, password, ssh_key_pwd, name, role]:
error = u'带*内容不能为空'
raise ServerError
user_test = get_object(User, username=username)
if user_test:
check_user_is_exist = User.objects.filter(username=username)
if check_user_is_exist:
error = u'用户 %s 已存在' % username
raise ServerError
@ -250,10 +251,10 @@ def user_add(request):
else:
try:
user = db_add_user(username=username, name=name,
password=CRYPTOR.md5_crypt(password),
password=password,
email=email, role=role, uuid=uuid,
groups=groups, admin_groups=admin_groups,
ssh_key_pwd=CRYPTOR.md5_crypt(ssh_key_pwd),
ssh_key_pwd=ssh_key_pwd,
is_active=is_active,
date_joined=datetime.datetime.now())
server_add_user(username, password, ssh_key_pwd, ssh_key_login_need)
@ -393,10 +394,10 @@ def user_list(request):
@require_role(role='user')
def user_detail(request):
header_title, path1, path2 = '用户详情', '用户管理', '用户详情'
if request.session.get('role_id') == 0:
user_id = request.user.id
else:
user_id = request.GET.get('id', '')
# if request.session.get('role_id') == 0:
# user_id = request.user.id
# else:
# user_id = request.GET.get('id', '')
# if request.session.get('role_id') == 1:
# user, dept = get_session_user_dept(request)
# if not validate(request, user=[user_id]):
@ -404,9 +405,9 @@ def user_detail(request):
# if not user_id:
# return HttpResponseRedirect('/juser/user_list/')
user = get_object(User, id=user_id)
if user:
pass
# user = get_object(User, id=user_id)
# if user:
# pass
# asset_group_permed = user.get_asset_group()
# logs_last = Log.objects.filter(user=user.name).order_by('-start_time')[0:10]
# logs_all = Log.objects.filter(user=user.name).order_by('-start_time')
@ -417,8 +418,14 @@ def user_detail(request):
@require_role(role='admin')
def user_del(request):
user_ids = request.GET.get('id', '')
user_id_list = user_ids.split(',')
if request.method == "GET":
user_ids = request.GET.get('id', '')
user_id_list = user_ids.split(',')
elif request.method == "POST":
user_ids = request.POST.get('id', '')
user_id_list = user_ids.split(',')
else:
return HttpResponse('错误请求')
for user_id in user_id_list:
User.objects.filter(id=user_id).delete()
@ -526,11 +533,11 @@ def user_edit(request):
else:
return HttpResponseRedirect('/juser/user_list/')
if password != user.password:
password_decode = password
password = CRYPTOR.md5_crypt(password)
else:
password_decode = None
# if password != user.password:
# password_decode = password
# password = CRYPTOR.md5_crypt(password)
# else:
# password_decode = None
db_update_user(user_id=user_id,
password=password,
@ -647,10 +654,11 @@ def change_info(request):
error = '密码须大于6位'
if not error:
if password != user.password:
password = CRYPTOR.md5_crypt(password)
# if password != user.password:
# password = CRYPTOR.md5_crypt(password)
user.update(name=name, password=password, email=email)
user.update(name=name, email=email)
user.set_password(password)
msg = '修改成功'
return render_to_response('juser/change_info.html', locals(), context_instance=RequestContext(request))

0
manage.py Normal file → Executable file
View File

BIN
static/.DS_Store vendored
View File

Binary file not shown.

4
templates/index_cu.html
View File

@ -72,7 +72,7 @@
<div class="col-lg-4">
<div class="ibox float-e-margins">
<div class="ibox-title">
<span class="label label-primary"><b>{{ user.name }}</b></span>
<span class="label label-primary"><b>{{ user.username }}</b></span>
<div class="ibox-tools">
<a class="collapse-link">
<i class="fa fa-chevron-up"></i>
@ -109,7 +109,7 @@
</tr>
<tr>
<td class="text-navy">角色</td>
<td>{{ user.id | get_role }}</td>
<td>{{ user.role }}</td>
</tr>
<tr>
<td class="text-navy">Email</td>