perf: 优化公钥设置，让用户可以选择是否开启

2021-04-25 18:13:41 +08:00 · 2021-04-25 18:13:41 +08:00 · d9552c0038
parent ce8143c2ec
commit d9552c0038
5 changed files with 17 additions and 3 deletions
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@ -222,6 +222,7 @@ class Config(dict):
        'TERMINAL_PASSWORD_AUTH': True,
        'TERMINAL_PUBLIC_KEY_AUTH': True,
        'TERMINAL_ONLY_SOURCE_LOCAL_CAN_PUBLIC_KEY_AUTH': True,
        'TERMINAL_HEARTBEAT_INTERVAL': 20,
        'TERMINAL_ASSET_LIST_SORT_BY': 'hostname',
        'TERMINAL_ASSET_LIST_PAGE_SIZE': 'auto',
--- a/apps/jumpserver/settings/custom.py
+++ b/apps/jumpserver/settings/custom.py
@ -124,3 +124,4 @@ FORGOT_PASSWORD_URL = CONFIG.FORGOT_PASSWORD_URL
 # 自定义默认组织名
 GLOBAL_ORG_DISPLAY_NAME = CONFIG.GLOBAL_ORG_DISPLAY_NAME
 HEALTH_CHECK_TOKEN = CONFIG.HEALTH_CHECK_TOKEN
 TERMINAL_ONLY_SOURCE_LOCAL_CAN_PUBLIC_KEY_AUTH = CONFIG.TERMINAL_ONLY_SOURCE_LOCAL_CAN_PUBLIC_KEY_AUTH
--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@ -5,6 +5,7 @@ import uuid
 import base64
 import string
 import random
 import datetime
 from django.conf import settings
 from django.contrib.auth.models import AbstractUser
@ -32,6 +33,9 @@ logger = get_logger(__file__)
 class AuthMixin:
    date_password_last_updated: datetime.datetime
    is_local: bool
    @property
    def password_raw(self):
        raise AttributeError('Password raw is not a readable attribute')
@ -63,7 +67,12 @@ class AuthMixin:
        return self.can_use_ssh_key_login()
    def can_use_ssh_key_login(self):
-        return self.is_local and settings.TERMINAL_PUBLIC_KEY_AUTH
+        if not settings.TERMINAL_PUBLIC_KEY_AUTH:
            return False
        if self.is_local or settings.TERMINAL_ONLY_SOURCE_LOCAL_CAN_PUBLIC_KEY_AUTH:
            return True
        else:
            return False
    def is_public_key_valid(self):
        """
--- a/apps/users/serializers/profile.py
+++ b/apps/users/serializers/profile.py
@ -101,7 +101,8 @@ class UserProfileSerializer(UserSerializer):
    class Meta(UserSerializer.Meta):
        fields = UserSerializer.Meta.fields + [
-            'public_key_comment', 'public_key_hash_md5', 'admin_or_audit_orgs', 'current_org_roles',
+            'public_key_comment', 'public_key_hash_md5',
            'admin_or_audit_orgs', 'current_org_roles',
            'guide_url', 'user_all_orgs'
        ]
        read_only_fields = [
@ -164,6 +165,7 @@ class ChangeUserPasswordSerializer(serializers.ModelSerializer):
        model = User
        fields = ['password']
 class ResetOTPSerializer(serializers.Serializer):
    msg = serializers.CharField(read_only=True)
--- a/apps/users/serializers/user.py
+++ b/apps/users/serializers/user.py
@ -34,6 +34,7 @@ class UserSerializer(CommonBulkSerializerMixin, serializers.ModelSerializer):
    is_expired = serializers.BooleanField(read_only=True, label=_('Is expired'))
    can_update = serializers.SerializerMethodField(label=_('Can update'))
    can_delete = serializers.SerializerMethodField(label=_('Can delete'))
    can_public_key_auth = serializers.ReadOnlyField(source='can_use_ssh_key_login')
    org_roles = serializers.ListField(
        label=_('Organization role name'), allow_null=True, required=False,
        child=serializers.ChoiceField(choices=ORG_ROLE.choices), default=["User"]
@ -48,7 +49,7 @@ class UserSerializer(CommonBulkSerializerMixin, serializers.ModelSerializer):
            'password', 'email', 'public_key', 'wechat', 'phone', 'mfa_level', 'mfa_enabled',
            'mfa_level_display', 'mfa_force_enabled', 'role_display', 'org_role_display',
            'total_role_display', 'comment', 'source', 'is_valid', 'is_expired',
-            'is_active', 'created_by', 'is_first_login',
+            'is_active', 'created_by', 'is_first_login', 'can_public_key_auth',
            'password_strategy', 'date_password_last_updated', 'date_expired',
            'avatar_url', 'source_display', 'date_joined', 'last_login'
        ]