[Update] 添加deb依赖，完善用户登录失败日志，修复资产标签bug (#1983)

* [Update] 修改deb依赖

* [Update] 修改记录用户登录失败日志，用户不存在的情况，但是显示登录日志列表还不全..

* [Update] 用户登录日志，记录用户名不存在的情况(Default组织显示所有用户的登录日志)

* [Bugfix] 修复标签名为search, limit时资产列表不显示的bug

apps/assets/templates/assets/user_asset_list.html

@@ -62,7 +62,7 @@
 
 {% block custom_foot_js %}
 <script>
-var zTree, asset_table;
+var zTree, asset_table, show=0;
 var inited = false;
 var url;
 function initTable() {
@@ -184,7 +184,7 @@ $(document).ready(function () {
 });
 
 function toggle() {
-    if ($("#split-left").is(':visible')) {
+    if (show === 0) {
         $("#split-left").hide(500, function () {
             $("#split-right").attr("class", "col-lg-12");
             $("#toggle-icon").attr("class", "fa fa-angle-right fa-x");

apps/assets/views/label.py

@@ -36,6 +36,7 @@ class LabelCreateView(AdminUserRequiredMixin, CreateView):
     form_class = LabelForm
     success_url = reverse_lazy('assets:label-list')
     success_message = create_success_msg
+    disable_name = ['draw', 'search', 'limit', 'offset', '_']
 
     def get_context_data(self, **kwargs):
         context = {
@@ -45,6 +46,16 @@ class LabelCreateView(AdminUserRequiredMixin, CreateView):
         kwargs.update(context)
         return super().get_context_data(**kwargs)
 
+    def form_valid(self, form):
+        name = form.cleaned_data.get('name')
+        if name in self.disable_name:
+            msg = _(
+                'Tips: Avoid using label names reserved internally: {}'
+            ).format(', '.join(self.disable_name))
+            form.add_error("name", msg)
+            return self.form_invalid(form)
+        return super().form_valid(form)
+
 
 class LabelUpdateView(AdminUserRequiredMixin, UpdateView):
     model = Label

apps/audits/views.py

@@ -160,8 +160,12 @@ class LoginLogListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
         return users
 
     def get_queryset(self):
-        users = self.get_org_users()
+        if current_org.is_default():
-        queryset = super().get_queryset().filter(username__in=users)
+            queryset = super().get_queryset()
+        else:
+            users = self.get_org_users()
+            queryset = super().get_queryset().filter(username__in=users)
+
         self.user = self.request.GET.get('user', '')
         self.keyword = self.request.GET.get("keyword", '')
 

apps/locale/zh/LC_MESSAGES/django.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Jumpserver 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2018-10-24 11:03+0800\n"
+"POT-Creation-Date: 2018-11-01 13:58+0800\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: Jumpserver team<ibuler@qq.com>\n"
@@ -191,7 +191,7 @@ msgstr "名称"
 #: assets/templates/assets/system_user_list.html:30
 #: audits/templates/audits/login_log_list.html:49
 #: perms/templates/perms/asset_permission_user.html:55 users/forms.py:15
-#: users/forms.py:33 users/models/authentication.py:70 users/models/user.py:49
+#: users/forms.py:33 users/models/authentication.py:72 users/models/user.py:49
 #: users/templates/users/_select_user_modal.html:14
 #: users/templates/users/login.html:62
 #: users/templates/users/user_detail.html:67
@@ -666,8 +666,8 @@ msgstr "手动登录"
 #: assets/views/domain.py:29 assets/views/domain.py:45
 #: assets/views/domain.py:61 assets/views/domain.py:74
 #: assets/views/domain.py:98 assets/views/domain.py:126
-#: assets/views/domain.py:145 assets/views/label.py:26 assets/views/label.py:42
+#: assets/views/domain.py:145 assets/views/label.py:26 assets/views/label.py:43
-#: assets/views/label.py:58 assets/views/system_user.py:28
+#: assets/views/label.py:69 assets/views/system_user.py:28
 #: assets/views/system_user.py:44 assets/views/system_user.py:60
 #: assets/views/system_user.py:74 templates/_nav.html:19
 msgid "Assets"
@@ -1059,7 +1059,7 @@ msgstr "选择节点"
 #: users/templates/users/user_detail.html:431
 #: users/templates/users/user_detail.html:476
 #: users/templates/users/user_group_create_update.html:32
-#: users/templates/users/user_group_list.html:87
+#: users/templates/users/user_group_list.html:88
 #: users/templates/users/user_list.html:201
 #: users/templates/users/user_profile.html:232
 #: xpack/plugins/cloud/templates/cloud/account_create_update.html:34
@@ -1276,7 +1276,7 @@ msgstr "重命名失败，不能更改root节点的名称"
 #: users/templates/users/user_detail.html:376
 #: users/templates/users/user_detail.html:402
 #: users/templates/users/user_detail.html:470
-#: users/templates/users/user_group_list.html:81
+#: users/templates/users/user_group_list.html:82
 #: users/templates/users/user_list.html:195
 msgid "Are you sure?"
 msgstr "你确认吗?"
@@ -1292,7 +1292,7 @@ msgstr "删除选择资产"
 #: users/templates/users/user_detail.html:406
 #: users/templates/users/user_detail.html:474
 #: users/templates/users/user_group_create_update.html:31
-#: users/templates/users/user_group_list.html:85
+#: users/templates/users/user_group_list.html:86
 #: users/templates/users/user_list.html:199
 #: xpack/plugins/orgs/templates/orgs/org_create_update.html:32
 msgid "Cancel"
@@ -1424,7 +1424,7 @@ msgstr "JMS => 网域网关 => 目标资产"
 msgid "Create domain"
 msgstr "创建网域"
 
-#: assets/templates/assets/label_list.html:6 assets/views/label.py:43
+#: assets/templates/assets/label_list.html:6 assets/views/label.py:44
 msgid "Create label"
 msgstr "创建标签"
 
@@ -1592,7 +1592,11 @@ msgstr "创建网关"
 msgid "Label list"
 msgstr "标签列表"
 
-#: assets/views/label.py:59
+#: assets/views/label.py:53
+msgid "Tips: Avoid using label names reserved internally: {}"
+msgstr "提示: 请避免使用内部预留标签名: {}"
+
+#: assets/views/label.py:70
 msgid "Update label"
 msgstr "更新标签"
 
@@ -1635,7 +1639,7 @@ msgid "Filename"
 msgstr "文件名"
 
 #: audits/models.py:22 audits/templates/audits/ftp_log_list.html:76
-#: ops/templates/ops/task_list.html:39 users/models/authentication.py:66
+#: ops/templates/ops/task_list.html:39 users/models/authentication.py:68
 #: users/templates/users/user_detail.html:452 xpack/plugins/cloud/api.py:61
 msgid "Success"
 msgstr "成功"
@@ -1703,19 +1707,19 @@ msgid "City"
 msgstr "城市"
 
 #: audits/templates/audits/login_log_list.html:54 users/forms.py:169
-#: users/models/authentication.py:75 users/models/user.py:73
+#: users/models/authentication.py:77 users/models/user.py:73
 #: users/templates/users/first_login.html:45
 msgid "MFA"
 msgstr "MFA"
 
 #: audits/templates/audits/login_log_list.html:55
-#: users/models/authentication.py:76 xpack/plugins/cloud/models.py:192
+#: users/models/authentication.py:78 xpack/plugins/cloud/models.py:192
 #: xpack/plugins/cloud/templates/cloud/sync_instance_task_history.html:69
 msgid "Reason"
 msgstr "原因"
 
 #: audits/templates/audits/login_log_list.html:56
-#: users/models/authentication.py:77 xpack/plugins/cloud/models.py:191
+#: users/models/authentication.py:79 xpack/plugins/cloud/models.py:191
 #: xpack/plugins/cloud/models.py:208
 #: xpack/plugins/cloud/templates/cloud/sync_instance_task_history.html:70
 #: xpack/plugins/cloud/templates/cloud/sync_instance_task_instance.html:67
@@ -1752,15 +1756,15 @@ msgstr "操作日志"
 msgid "Password change log"
 msgstr "改密日志"
 
-#: audits/views.py:183 templates/_nav.html:10 users/views/group.py:28
+#: audits/views.py:187 templates/_nav.html:10 users/views/group.py:28
 #: users/views/group.py:44 users/views/group.py:60 users/views/group.py:76
-#: users/views/group.py:92 users/views/login.py:328 users/views/user.py:68
+#: users/views/group.py:92 users/views/login.py:331 users/views/user.py:68
 #: users/views/user.py:83 users/views/user.py:111 users/views/user.py:193
 #: users/views/user.py:354 users/views/user.py:404 users/views/user.py:439
 msgid "Users"
 msgstr "用户管理"
 
-#: audits/views.py:184 templates/_nav.html:76
+#: audits/views.py:188 templates/_nav.html:76
 msgid "Login log"
 msgstr "登录日志"
 
@@ -1780,15 +1784,15 @@ msgstr "在ou:{}中没有匹配条目"
 msgid "Match {} s users"
 msgstr "匹配 {} 个用户"
 
-#: common/api.py:107 common/api.py:138
+#: common/api.py:107 common/api.py:139
 msgid "Error: Account invalid"
 msgstr ""
 
-#: common/api.py:110 common/api.py:141
+#: common/api.py:110 common/api.py:142
 msgid "Create succeed"
 msgstr "创建成功"
 
-#: common/api.py:127 common/api.py:161
+#: common/api.py:128 common/api.py:162
 #: common/templates/common/terminal_setting.html:151
 msgid "Delete succeed"
 msgstr "删除成功"
@@ -3084,19 +3088,19 @@ msgstr "你可以使用ssh客户端工具连接终端"
 msgid "Log in frequently and try again later"
 msgstr "登录频繁, 稍后重试"
 
-#: users/api/auth.py:79
+#: users/api/auth.py:82
 msgid "Please carry seed value and conduct MFA secondary certification"
 msgstr "请携带seed值, 进行MFA二次认证"
 
-#: users/api/auth.py:192
+#: users/api/auth.py:195
 msgid "Please verify the user name and password first"
 msgstr "请先进行用户名和密码验证"
 
-#: users/api/auth.py:204
+#: users/api/auth.py:207
 msgid "MFA certification failed"
 msgstr "MFA认证失败"
 
-#: users/api/user.py:135
+#: users/api/user.py:138
 msgid "Could not reset self otp, use profile reset instead"
 msgstr "不能再该页面重置MFA, 请去个人信息页面重置"
 
@@ -3265,40 +3269,44 @@ msgstr "ssh密钥"
 msgid "Disabled"
 msgstr "禁用"
 
-#: users/models/authentication.py:52 users/models/authentication.py:60
+#: users/models/authentication.py:52 users/models/authentication.py:61
 msgid "-"
 msgstr ""
 
-#: users/models/authentication.py:61
+#: users/models/authentication.py:62
 msgid "Username/password check failed"
 msgstr "用户名/密码 校验失败"
 
-#: users/models/authentication.py:62
+#: users/models/authentication.py:63
 msgid "MFA authentication failed"
 msgstr "MFA 认证失败"
 
-#: users/models/authentication.py:67 xpack/plugins/cloud/models.py:184
+#: users/models/authentication.py:64
+msgid "Username does not exist"
+msgstr "用户名不存在"
+
+#: users/models/authentication.py:69 xpack/plugins/cloud/models.py:184
 #: xpack/plugins/cloud/models.py:198
 msgid "Failed"
 msgstr "失败"
 
-#: users/models/authentication.py:71
+#: users/models/authentication.py:73
 msgid "Login type"
 msgstr "登录方式"
 
-#: users/models/authentication.py:72
+#: users/models/authentication.py:74
 msgid "Login ip"
 msgstr "登录IP"
 
-#: users/models/authentication.py:73
+#: users/models/authentication.py:75
 msgid "Login city"
 msgstr "登录城市"
 
-#: users/models/authentication.py:74
+#: users/models/authentication.py:76
 msgid "User agent"
 msgstr "Agent"
 
-#: users/models/authentication.py:78
+#: users/models/authentication.py:80
 msgid "Date login"
 msgstr "登录日期"
 
@@ -3731,20 +3739,20 @@ msgstr "添加用户"
 msgid "Create user group"
 msgstr "创建用户组"
 
-#: users/templates/users/user_group_list.html:82
+#: users/templates/users/user_group_list.html:83
 msgid "This will delete the selected groups !!!"
 msgstr "删除选择组"
 
-#: users/templates/users/user_group_list.html:91
+#: users/templates/users/user_group_list.html:92
 msgid "UserGroups Deleted."
 msgstr "用户组删除"
 
-#: users/templates/users/user_group_list.html:92
+#: users/templates/users/user_group_list.html:93
-#: users/templates/users/user_group_list.html:97
+#: users/templates/users/user_group_list.html:98
 msgid "UserGroups Delete"
 msgstr "用户组删除"
 
-#: users/templates/users/user_group_list.html:96
+#: users/templates/users/user_group_list.html:97
 msgid "UserGroup Deleting failed."
 msgstr "用户组删除失败"
 
@@ -4019,52 +4027,52 @@ msgstr "用户组授权资产"
 msgid "Please enable cookies and try again."
 msgstr "设置你的浏览器支持cookie"
 
-#: users/views/login.py:176 users/views/user.py:526 users/views/user.py:551
+#: users/views/login.py:179 users/views/user.py:526 users/views/user.py:551
 msgid "MFA code invalid, or ntp sync server time"
 msgstr "MFA验证码不正确，或者服务器端时间不对"
 
-#: users/views/login.py:205
+#: users/views/login.py:208
 msgid "Logout success"
 msgstr "退出登录成功"
 
-#: users/views/login.py:206
+#: users/views/login.py:209
 msgid "Logout success, return login page"
 msgstr "退出登录成功，返回到登录页面"
 
-#: users/views/login.py:222
+#: users/views/login.py:225
 msgid "Email address invalid, please input again"
 msgstr "邮箱地址错误，重新输入"
 
-#: users/views/login.py:235
+#: users/views/login.py:238
 msgid "Send reset password message"
 msgstr "发送重置密码邮件"
 
-#: users/views/login.py:236
+#: users/views/login.py:239
 msgid "Send reset password mail success, login your mail box and follow it "
 msgstr ""
 "发送重置邮件成功, 请登录邮箱查看, 按照提示操作 (如果没收到,请等待3-5分钟)"
 
-#: users/views/login.py:249
+#: users/views/login.py:252
 msgid "Reset password success"
 msgstr "重置密码成功"
 
-#: users/views/login.py:250
+#: users/views/login.py:253
 msgid "Reset password success, return to login page"
 msgstr "重置密码成功，返回到登录页面"
 
-#: users/views/login.py:271 users/views/login.py:284
+#: users/views/login.py:274 users/views/login.py:287
 msgid "Token invalid or expired"
 msgstr "Token错误或失效"
 
-#: users/views/login.py:280
+#: users/views/login.py:283
 msgid "Password not same"
 msgstr "密码不一致"
 
-#: users/views/login.py:290 users/views/user.py:127 users/views/user.py:422
+#: users/views/login.py:293 users/views/user.py:127 users/views/user.py:422
 msgid "* Your password does not meet the requirements"
 msgstr "* 您的密码不符合要求"
 
-#: users/views/login.py:328
+#: users/views/login.py:331
 msgid "First login"
 msgstr "首次登陆"
 

apps/users/api/auth.py

@@ -43,10 +43,13 @@ class UserAuthApi(RootOrgViewMixin, APIView):
 
         user, msg = self.check_user_valid(request)
         if not user:
+            username = request.data.get('username', '')
+            exist = User.objects.filter(username=username).first()
+            reason = LoginLog.REASON_PASSWORD if exist else LoginLog.REASON_NOT_EXIST
             data = {
-                'username': request.data.get('username', ''),
+                'username': username,
                 'mfa': LoginLog.MFA_UNKNOWN,
-                'reason': LoginLog.REASON_PASSWORD,
+                'reason': reason,
                 'status': False
             }
             self.write_login_log(request, data)

apps/users/models/authentication.py

@@ -55,11 +55,13 @@ class LoginLog(models.Model):
     REASON_NOTHING = 0
     REASON_PASSWORD = 1
     REASON_MFA = 2
+    REASON_NOT_EXIST = 3
 
     REASON_CHOICE = (
         (REASON_NOTHING, _('-')),
         (REASON_PASSWORD, _('Username/password check failed')),
         (REASON_MFA, _('MFA authentication failed')),
+        (REASON_NOT_EXIST, _("Username does not exist")),
     )
 
     STATUS_CHOICE = (
@@ -67,7 +69,7 @@ class LoginLog(models.Model):
         (False, _('Failed'))
     )
     id = models.UUIDField(default=uuid.uuid4, primary_key=True)
-    username = models.CharField(max_length=20, verbose_name=_('Username'))
+    username = models.CharField(max_length=128, verbose_name=_('Username'))
     type = models.CharField(choices=LOGIN_TYPE_CHOICE, max_length=2, verbose_name=_('Login type'))
     ip = models.GenericIPAddressField(verbose_name=_('Login ip'))
     city = models.CharField(max_length=254, blank=True, null=True, verbose_name=_('Login city'))

apps/users/views/login.py

@@ -79,12 +79,15 @@ class UserLoginView(FormView):
     def form_invalid(self, form):
         # write login failed log
         username = form.cleaned_data.get('username')
+        exist = User.objects.filter(username=username).first()
+        reason = LoginLog.REASON_PASSWORD if exist else LoginLog.REASON_NOT_EXIST
         data = {
             'username': username,
             'mfa': LoginLog.MFA_UNKNOWN,
-            'reason': LoginLog.REASON_PASSWORD,
+            'reason': reason,
             'status': False
         }
+
         self.write_login_log(data)
 
         # limit user login failed count

requirements/deb_requirements.txt

@@ -1 +1 @@
-libtiff5-dev libjpeg8-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.5-dev tk8.5-dev python-tk python-dev openssl libssl-dev libldap2-dev libsasl2-dev sqlite gcc automake libkrb5-dev
+libtiff5-dev libjpeg8-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.5-dev tk8.5-dev python-tk python-dev openssl libssl-dev libldap2-dev libsasl2-dev sqlite gcc automake libkrb5-dev sshpass