From e08d542c87c288f8e396c5abf4c369ba61de9550 Mon Sep 17 00:00:00 2001
From: ibuler <ibuler@qq.com>
Date: Tue, 25 Jun 2019 11:22:17 +0800
Subject: [PATCH] =?UTF-8?q?[Update]=20=E4=BF=AE=E6=94=B9users=20public=5Fk?=
 =?UTF-8?q?ey=E7=AD=89=E5=AD=97=E6=AE=B5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/assets/models/base.py                    | 12 +++---
 apps/users/api/user.py                        |  2 +-
 .../migrations/0021_auto_20190625_1104.py     | 29 +++++++++++++++
 .../migrations/0022_auto_20190625_1105.py     | 28 ++++++++++++++
 apps/users/models/user.py                     | 37 ++++---------------
 5 files changed, 71 insertions(+), 37 deletions(-)
 create mode 100644 apps/users/migrations/0021_auto_20190625_1104.py
 create mode 100644 apps/users/migrations/0022_auto_20190625_1105.py

diff --git a/apps/assets/models/base.py b/apps/assets/models/base.py
index 6c089e14b..1ad6d508d 100644
--- a/apps/assets/models/base.py
+++ b/apps/assets/models/base.py
@@ -76,14 +76,14 @@ class AssetUser(OrgModelMixin):
     def set_auth(self, password=None, private_key=None, public_key=None):
         update_fields = []
         if password:
-            self._password = signer.sign(password)
-            update_fields.append('_password')
+            self.password = password
+            update_fields.append('password')
         if private_key:
-            self._private_key = signer.sign(private_key)
-            update_fields.append('_private_key')
+            self.private_key = private_key
+            update_fields.append('private_key')
         if public_key:
-            self._public_key = signer.sign(public_key)
-            update_fields.append('_public_key')
+            self.public_key = public_key
+            update_fields.append('public_key')
 
         if update_fields:
             self.save(update_fields=update_fields)
diff --git a/apps/users/api/user.py b/apps/users/api/user.py
index 116819770..88be7d934 100644
--- a/apps/users/api/user.py
+++ b/apps/users/api/user.py
@@ -54,7 +54,7 @@ class UserViewSet(IDInCacheFilterMixin, BulkModelViewSet):
         self.send_created_signal(users)
 
     def get_queryset(self):
-        queryset = current_org.get_org_users()
+        queryset = current_org.get_org_users().prefetch_related('groups')
         return queryset
 
     def get_permissions(self):
diff --git a/apps/users/migrations/0021_auto_20190625_1104.py b/apps/users/migrations/0021_auto_20190625_1104.py
new file mode 100644
index 000000000..651b9632c
--- /dev/null
+++ b/apps/users/migrations/0021_auto_20190625_1104.py
@@ -0,0 +1,29 @@
+# Generated by Django 2.1.7 on 2019-06-25 03:04
+
+import common.fields.model
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('users', '0020_auto_20190612_1825'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='user',
+            name='_otp_secret_key',
+            field=common.fields.model.EncryptCharField(blank=True, max_length=128, null=True),
+        ),
+        migrations.AlterField(
+            model_name='user',
+            name='_private_key',
+            field=common.fields.model.EncryptTextField(blank=True, max_length=5000, verbose_name='Private key'),
+        ),
+        migrations.AlterField(
+            model_name='user',
+            name='_public_key',
+            field=common.fields.model.EncryptTextField(blank=True, max_length=5000, verbose_name='Public key'),
+        ),
+    ]
diff --git a/apps/users/migrations/0022_auto_20190625_1105.py b/apps/users/migrations/0022_auto_20190625_1105.py
new file mode 100644
index 000000000..1735e8376
--- /dev/null
+++ b/apps/users/migrations/0022_auto_20190625_1105.py
@@ -0,0 +1,28 @@
+# Generated by Django 2.1.7 on 2019-06-25 03:05
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('users', '0021_auto_20190625_1104'),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name='user',
+            old_name='_otp_secret_key',
+            new_name='otp_secret_key',
+        ),
+        migrations.RenameField(
+            model_name='user',
+            old_name='_private_key',
+            new_name='private_key',
+        ),
+        migrations.RenameField(
+            model_name='user',
+            old_name='_public_key',
+            new_name='public_key',
+        ),
+    ]
diff --git a/apps/users/models/user.py b/apps/users/models/user.py
index a0ceb6c51..bd15514f9 100644
--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@@ -17,6 +17,7 @@ from django.utils import timezone
 from django.shortcuts import reverse
 
 from common.utils import get_signer, date_expired_default, get_logger
+from common import fields
 
 
 __all__ = ['User']
@@ -84,12 +85,12 @@ class User(AbstractUser):
     otp_level = models.SmallIntegerField(
         default=0, choices=OTP_LEVEL_CHOICES, verbose_name=_('MFA')
     )
-    _otp_secret_key = models.CharField(max_length=128, blank=True, null=True)
+    otp_secret_key = fields.EncryptCharField(max_length=128, blank=True, null=True)
     # Todo: Auto generate key, let user download
-    _private_key = models.CharField(
+    private_key = fields.EncryptTextField(
         max_length=5000, blank=True, verbose_name=_('Private key')
     )
-    _public_key = models.CharField(
+    public_key = fields.EncryptTextField(
         max_length=5000, blank=True, verbose_name=_('Public key')
     )
     comment = models.TextField(
@@ -141,14 +142,6 @@ class User(AbstractUser):
     def can_update_password(self):
         return self.is_local
 
-    @property
-    def otp_secret_key(self):
-        return signer.unsign(self._otp_secret_key)
-
-    @otp_secret_key.setter
-    def otp_secret_key(self, item):
-        self._otp_secret_key = signer.sign(item)
-
     def check_otp(self, code):
         from ..utils import check_otp_code
         return check_otp_code(self.otp_secret_key, code)
@@ -161,13 +154,13 @@ class User(AbstractUser):
             Check if the user's ssh public key is valid.
             This function is used in base.html.
         """
-        if self._public_key:
+        if self.public_key:
             return True
         return False
 
     @property
     def groups_display(self):
-        return ' '.join(self.groups.all().values_list('name', flat=True))
+        return ' '.join([group.name for group in self.groups.all()])
 
     @property
     def role_display(self):
@@ -190,22 +183,6 @@ class User(AbstractUser):
             return True
         return False
 
-    @property
-    def private_key(self):
-        return signer.unsign(self._private_key)
-
-    @private_key.setter
-    def private_key(self, private_key_raw):
-        self._private_key = signer.sign(private_key_raw)
-
-    @property
-    def public_key(self):
-        return signer.unsign(self._public_key)
-
-    @public_key.setter
-    def public_key(self, public_key_raw):
-        self._public_key = signer.sign(public_key_raw)
-
     @property
     def public_key_obj(self):
         class PubKey(object):
@@ -364,7 +341,7 @@ class User(AbstractUser):
 
     def generate_reset_token(self):
         letter = string.ascii_letters + string.digits
-        token =''.join([random.choice(letter) for _ in range(50)])
+        token = ''.join([random.choice(letter) for _ in range(50)])
         self.set_cache(token)
         return token