github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perf: 用户临时密码支持加密传输

pull/7622/head
ibuler 2022-02-16 16:18:20 +08:00 committed by Jiangjie.Bai
parent 35c6b581e2
commit f548abcb87
1 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
apps/assets/api/system_user.py
View File

@ -1,18 +1,17 @@
# ~*~ coding: utf-8 ~*~ # ~*~ coding: utf-8 ~*~
from django.shortcuts import get_object_or_404 from django.shortcuts import get_object_or_404
from django.middleware import csrf
from rest_framework.response import Response from rest_framework.response import Response
from django.db.models import Q
from common.utils import get_logger, get_object_or_none from common.utils import get_logger, get_object_or_none
from common.utils.crypto import get_aes_crypto
from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser, IsValidUser from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser, IsValidUser
from orgs.mixins.api import OrgBulkModelViewSet from orgs.mixins.api import OrgBulkModelViewSet
from orgs.mixins import generics from orgs.mixins import generics
from common.mixins.api import SuggestionMixin from common.mixins.api import SuggestionMixin
from orgs.utils import tmp_to_root_org from orgs.utils import tmp_to_root_org
from rest_framework.decorators import action from rest_framework.decorators import action
from users.models import User, UserGroup from ..models import SystemUser, CommandFilterRule
from applications.models import Application
from ..models import SystemUser, Asset, CommandFilter, CommandFilterRule
from .. import serializers from .. import serializers
from ..serializers import SystemUserWithAuthInfoSerializer, SystemUserTempAuthSerializer from ..serializers import SystemUserWithAuthInfoSerializer, SystemUserTempAuthSerializer
from ..tasks import ( from ..tasks import (
@ -95,17 +94,27 @@ class SystemUserTempAuthInfoApi(generics.CreateAPIView):
permission_classes = (IsValidUser,) permission_classes = (IsValidUser,)
serializer_class = SystemUserTempAuthSerializer serializer_class = SystemUserTempAuthSerializer
def decrypt_data_if_need(self, data):
csrf_token = self.request.META.get('CSRF_COOKIE')
aes = get_aes_crypto(csrf_token, 'ECB')
password = data.get('password', '')
try:
data['password'] = aes.decrypt(password)
except:
pass
return data
def create(self, request, *args, **kwargs): def create(self, request, *args, **kwargs):
serializer = super().get_serializer(data=request.data) serializer = super().get_serializer(data=request.data)
serializer.is_valid(raise_exception=True) serializer.is_valid(raise_exception=True)
pk = kwargs.get('pk') pk = kwargs.get('pk')
user = self.request.user data = self.decrypt_data_if_need(serializer.validated_data)
data = serializer.validated_data
instance_id = data.get('instance_id') instance_id = data.get('instance_id')
with tmp_to_root_org(): with tmp_to_root_org():
instance = get_object_or_404(SystemUser, pk=pk) instance = get_object_or_404(SystemUser, pk=pk)
instance.set_temp_auth(instance_id, user.id, data) instance.set_temp_auth(instance_id, self.request.user, data)
return Response(serializer.data, status=201) return Response(serializer.data, status=201)