diff --git a/jperm/views.py b/jperm/views.py index d9d19da74..2d63e0f1f 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -512,10 +512,10 @@ def perm_role_push(request): task = MyTask(push_resource) ret = {} - # 因为要先建立用户,所以password 是必选项,而push key是在 password也完成的情况下的 可选项 + # 因为要先建立用户,而push key是在 password也完成的情况下的 可选项 # 1. 以秘钥 方式推送角色 if key_push: - ret["pass_push"] = task.add_user(role.name, CRYPTOR.decrypt(role.password)) + ret["pass_push"] = task.add_user(role.name) ret["key_push"] = task.push_key(role.name, os.path.join(role.key_path, 'id_rsa.pub')) # 2. 推送账号密码 diff --git a/juser/user_api.py b/juser/user_api.py index 305a877fd..335dd2d96 100644 --- a/juser/user_api.py +++ b/juser/user_api.py @@ -137,7 +137,7 @@ def gen_ssh_key(username, password='', if authorized_keys: auth_key_dir = os.path.join(home, username, '.ssh') - mkdir(auth_key_dir, username=username , mode=0700) + mkdir(auth_key_dir, username=username, mode=0700) authorized_key_file = os.path.join(auth_key_dir, 'authorized_keys') with open(private_key_file+'.pub') as pub_f: with open(authorized_key_file, 'w') as auth_f: @@ -146,15 +146,13 @@ def gen_ssh_key(username, password='', chown(authorized_key_file, username) -def server_add_user(username, password, ssh_key_pwd='', ssh_key_login_need=True): +def server_add_user(username, ssh_key_pwd=''): """ add a system user in jumpserver 在jumpserver服务器上添加一个用户 """ - bash("useradd -s '%s' '%s'; echo '%s'; echo '%s:%s' | chpasswd " % - (os.path.join(BASE_DIR, 'init.sh'), username, password, username, password)) - if ssh_key_login_need: - gen_ssh_key(username, ssh_key_pwd) + bash("useradd -s '%s' '%s'" % (os.path.join(BASE_DIR, 'init.sh'), username)) + gen_ssh_key(username, ssh_key_pwd) def user_add_mail(user, kwargs): @@ -171,7 +169,7 @@ def user_add_mail(user, kwargs): 您的web登录密码: %s 您的ssh密钥文件密码: %s 密钥下载地址: %s/juser/key/down/?uuid=%s - 说明: 请登陆后再下载密钥! + 说明: 请登陆跳板机后台下载密钥, 然后使用密钥登陆跳板机! """ % (user.name, user.username, user_role.get(user.role, u'普通用户'), kwargs.get('password'), kwargs.get('ssh_key_pwd'), URL, user.uuid) send_mail(mail_title, mail_msg, MAIL_FROM, [user.email], fail_silently=False) @@ -185,27 +183,17 @@ def server_del_user(username): bash('userdel -r %s' % username) -def get_display_msg(user, password, ssh_key_pwd, ssh_key_login_need, send_mail_need): +def get_display_msg(user, password='', ssh_key_pwd='', send_mail_need=False): if send_mail_need: msg = u'添加用户 %s 成功! 用户密码已发送到 %s 邮箱!' % (user.name, user.email) - return msg - - if ssh_key_login_need: - msg = u""" - 跳板机地址: %s - 用户名:%s - 密码:%s - 密钥密码:%s - 密钥下载url: %s/juser/key/down/?uuid=%s - 该账号密码可以登陆web和跳板机。 - """ % (URL, user.username, password, ssh_key_pwd, URL, user.uuid) else: msg = u""" - 跳板机地址: %s \n - 用户名:%s \n - 密码:%s \n + 跳板机地址: %s
+ 用户名:%s
+ 密码:%s
+ 密钥密码:%s
+ 密钥下载url: %s/juser/key/down/?uuid=%s
该账号密码可以登陆web和跳板机。 - """ % (URL, user.username, password) - + """ % (URL, user.username, password, ssh_key_pwd, URL, user.uuid) return msg diff --git a/juser/views.py b/juser/views.py index 41baa7536..ba5f90708 100644 --- a/juser/views.py +++ b/juser/views.py @@ -153,8 +153,7 @@ def user_add(request): ssh_key_pwd = PyCrypt.gen_rand_pass(16) extra = request.POST.getlist('extra', []) is_active = False if '0' in extra else True - ssh_key_login_need = True - send_mail_need = True if '2' in extra else False + send_mail_need = True if '1' in extra else False try: if '' in [username, password, ssh_key_pwd, name, role]: @@ -176,7 +175,7 @@ def user_add(request): ssh_key_pwd=ssh_key_pwd, is_active=is_active, date_joined=datetime.datetime.now()) - server_add_user(username, password, ssh_key_pwd, ssh_key_login_need) + server_add_user(username=username, ssh_key_pwd=ssh_key_pwd) user = get_object(User, username=username) if groups: user_groups = [] @@ -193,7 +192,7 @@ def user_add(request): else: if MAIL_ENABLE and send_mail_need: user_add_mail(user, kwargs=locals()) - msg = get_display_msg(user, password, ssh_key_pwd, ssh_key_login_need, send_mail_need) + msg = get_display_msg(user, password=password, ssh_key_pwd=ssh_key_pwd, send_mail_need=send_mail_need) return my_render('juser/user_add.html', locals(), request) @@ -361,7 +360,7 @@ def user_edit(request): admin_groups = request.POST.getlist('admin_groups', []) extra = request.POST.getlist('extra', []) is_active = True if '0' in extra else False - email_need = True if '2' in extra else False + email_need = True if '1' in extra else False user_role = {'SU': u'超级管理员', 'GA': u'部门管理员', 'CU': u'普通用户'} if user_id: diff --git a/templates/jasset/asset_add.html b/templates/jasset/asset_add.html index ab8de9145..57c0c04d3 100644 --- a/templates/jasset/asset_add.html +++ b/templates/jasset/asset_add.html @@ -50,24 +50,23 @@
- +
-
-

Tips: 管理账号是服务器存在的root等高权限账号,用来推送新建系统用户

+

Tips: 管理用户是服务器存在的root或拥有sudo的用户,用来推送系统用户

-{#
#} -{#
#} -{# #} -{#
#} -{#
#}
- +
diff --git a/templates/juser/user_edit.html b/templates/juser/user_edit.html index 3613e6458..96da0079c 100644 --- a/templates/juser/user_edit.html +++ b/templates/juser/user_edit.html @@ -116,7 +116,7 @@
- +