merge: 合并dev

apps/applications/api/application.py

@@ -1,11 +1,11 @@
 # coding: utf-8
 #
-
 from orgs.mixins.api import OrgBulkModelViewSet
 
 from ..hands import IsOrgAdminOrAppUser
 from .. import serializers
 from ..models import Application
+from applications.filters import ApplicationFilter
 
 
 __all__ = ['ApplicationViewSet']
@@ -13,7 +13,7 @@ __all__ = ['ApplicationViewSet']
 
 class ApplicationViewSet(OrgBulkModelViewSet):
     model = Application
-    filterset_fields = ('name', 'type', 'category')
+    filterset_class = ApplicationFilter
-    search_fields = filterset_fields
+    search_fields = ('name', 'type', 'category')
     permission_classes = (IsOrgAdminOrAppUser,)
     serializer_class = serializers.ApplicationSerializer

apps/applications/filters.py

@@ -0,0 +1,12 @@
+from django_filters import rest_framework as filters
+
+from .models import Application
+from applications import const
+
+
+class ApplicationFilter(filters.FilterSet):
+    type = filters.MultipleChoiceFilter(choices=const.ApplicationTypeChoices.choices)
+
+    class Meta:
+        model = Application
+        fields = ['id', 'name', 'category', 'type', 'comment']

apps/authentication/api/connection_token.py

@@ -97,10 +97,10 @@ class UserConnectionTokenViewSet(RootOrgViewMixin, SerializerMixin, GenericViewS
         options = {
             'full address:s': '',
             'username:s': '',
-            'screen mode id:i': '0',
+            'screen mode id:i': '1',
             # 'desktopwidth:i': '1280',
             # 'desktopheight:i': '800',
-            'use multimon:i': '1',
+            'use multimon:i': '0',
             'session bpp:i': '32',
             'audiomode:i': '0',
             'disable wallpaper:i': '0',

apps/authentication/views/login.py

@@ -46,24 +46,44 @@ class UserLoginView(mixins.AuthMixin, FormView):
             return None
         next_url = request.GET.get('next') or '/'
         auth_type = ''
-        auth_url = ''
+
         if settings.AUTH_OPENID:
             auth_type = 'OIDC'
-            auth_url = reverse(settings.AUTH_OPENID_AUTH_LOGIN_URL_NAME) + f'?next={next_url}'
+            openid_auth_url = reverse(settings.AUTH_OPENID_AUTH_LOGIN_URL_NAME) + f'?next={next_url}'
-        elif settings.AUTH_CAS:
+        else:
+            openid_auth_url = None
+
+        if settings.AUTH_CAS:
             auth_type = 'CAS'
-            auth_url = reverse(settings.CAS_LOGIN_URL_NAME) + f'?next={next_url}'
+            cas_auth_url = reverse(settings.CAS_LOGIN_URL_NAME) + f'?next={next_url}'
-        if not auth_url:
+        else:
+            cas_auth_url = None
+
+        if not any([openid_auth_url, cas_auth_url]):
             return None
 
-        message_data = {
+        if settings.LOGIN_REDIRECT_TO_BACKEND == 'OPENID' and openid_auth_url:
-            'title': _('Redirecting'),
+            auth_url = openid_auth_url
-            'message': _("Redirecting to {} authentication").format(auth_type),
+
-            'redirect_url': auth_url,
+        elif settings.LOGIN_REDIRECT_TO_BACKEND == 'CAS' and cas_auth_url:
-            'has_cancel': True,
+            auth_url = cas_auth_url
-            'cancel_url': reverse('authentication:login') + '?admin=1'
+
-        }
+        else:
-        redirect_url = FlashMessageUtil.gen_message_url(message_data)
+            auth_url = openid_auth_url or cas_auth_url
+
+        if settings.LOGIN_REDIRECT_TO_BACKEND:
+            redirect_url = auth_url
+        else:
+            message_data = {
+                'title': _('Redirecting'),
+                'message': _("Redirecting to {} authentication").format(auth_type),
+                'redirect_url': auth_url,
+                'interval': 3,
+                'has_cancel': True,
+                'cancel_url': reverse('authentication:login') + '?admin=1'
+            }
+            redirect_url = FlashMessageUtil.gen_message_url(message_data)
+
         query_string = request.GET.urlencode()
         redirect_url = "{}&{}".format(redirect_url, query_string)
         return redirect_url

apps/jumpserver/conf.py

@@ -307,6 +307,7 @@ class Config(dict):
         'SESSION_EXPIRE_AT_BROWSER_CLOSE_FORCE': False,
         'FORGOT_PASSWORD_URL': '',
         'HEALTH_CHECK_TOKEN': '',
+        'LOGIN_REDIRECT_TO_BACKEND':  None,  # 'OPENID / CAS
 
         'TERMINAL_RDP_ADDR': ''
     }

apps/jumpserver/settings/custom.py

@@ -129,3 +129,5 @@ HEALTH_CHECK_TOKEN = CONFIG.HEALTH_CHECK_TOKEN
 TERMINAL_RDP_ADDR = CONFIG.TERMINAL_RDP_ADDR
 SECURITY_LUNA_REMEMBER_AUTH = CONFIG.SECURITY_LUNA_REMEMBER_AUTH
 SECURITY_WATERMARK_ENABLED = CONFIG.SECURITY_WATERMARK_ENABLED
+
+LOGIN_REDIRECT_TO_BACKEND = CONFIG.LOGIN_REDIRECT_TO_BACKEND

apps/locale/zh/LC_MESSAGES/django.po

@@ -4028,17 +4028,17 @@ msgid "name not unique"
 msgstr "名称重复"
 
 #: users/templates/users/_base_otp.html:14
-msgid "Security token validation"
+msgid "Please enter the password of"
-msgstr "安全令牌验证"
+msgstr "请输入"
 
 #: users/templates/users/_base_otp.html:14 xpack/plugins/cloud/models.py:78
 #: xpack/plugins/cloud/serializers.py:178
-msgid "Account"
+msgid "account"
 msgstr "账户"
 
 #: users/templates/users/_base_otp.html:14
-msgid "Follow these steps to complete the binding operation"
+msgid "to complete the binding operation"
-msgstr "请按照以下步骤完成绑定操作"
+msgstr "的密码完成绑定操作"
 
 #: users/templates/users/_granted_assets.html:7
 msgid "Loading"

apps/perms/api/application/application_permission.py

@@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
 #
 from applications.models import Application
+from applications.filters import ApplicationFilter
 from perms.models import ApplicationPermission
 from perms import serializers
 from ..base import BasePermissionViewSet
@@ -12,8 +13,8 @@ class ApplicationPermissionViewSet(BasePermissionViewSet):
     """
     model = ApplicationPermission
     serializer_class = serializers.ApplicationPermissionSerializer
-    filterset_fields = ['name', 'category', 'type']
+    filterset_class = ApplicationFilter
-    search_fields = filterset_fields
+    search_fields = ['name', 'category', 'type']
     custom_filter_fields = BasePermissionViewSet.custom_filter_fields + [
         'application_id', 'application'
     ]

apps/perms/api/application/user_permission/user_permission_applications.py

@@ -3,6 +3,7 @@
 from rest_framework.generics import ListAPIView
 from rest_framework.response import Response
 
+from applications.filters import ApplicationFilter
 from common.mixins.api import CommonApiMixin
 from applications.api.mixin import (
     SerializeApplicationToTreeNodeMixin
@@ -25,7 +26,7 @@ __all__ = [
 class AllGrantedApplicationsMixin(CommonApiMixin, ListAPIView):
     only_fields = serializers.ApplicationGrantedSerializer.Meta.only_fields
     serializer_class = serializers.ApplicationGrantedSerializer
-    filterset_fields = ['id', 'name', 'category', 'type', 'comment']
+    filterset_class = ApplicationFilter
     search_fields = ['name', 'comment']
     user: None
 

apps/users/templates/users/_base_otp.html

@@ -11,7 +11,7 @@
             </h2>
         </div>
         <div>
-            <div class="verify">{% trans 'Security token validation' %}&nbsp;&nbsp;{% trans 'Account' %}&nbsp;<span>{{ user.username }}</span>&nbsp;&nbsp;{% trans 'Follow these steps to complete the binding operation' %}</div>
+            <div class="verify">{% trans 'Please enter the password of' %}&nbsp;{% trans 'account' %}&nbsp;<span>{{ user.username }}</span>&nbsp;{% trans 'to complete the binding operation' %}</div>
             <hr style="width: 500px; margin: auto; margin-top: 10px;">
             {% block content %}
             {% endblock %}