diff --git a/server/www/teleport/static/js/teleport.js b/server/www/teleport/static/js/teleport.js index ba33d5c..7a64248 100644 --- a/server/www/teleport/static/js/teleport.js +++ b/server/www/teleport/static/js/teleport.js @@ -49,20 +49,19 @@ var CALLBACK_STACK = { } }; - // self.check_error = function() { - // if (self.cb_stack.length > 0) { - // console.error('callback stack have '+ self.cb_stack.length + ' function not called.'); - // } - // }; - return self; } }; + +// console.log(window.location, window.location.protocol+'://'+window.location.host); + + // Teleport核心JS var $tp = { - server_host: window.location.hostname || '', - server_port: (window.location.port === "") ? 80 : parseInt(window.location.port), + // server_host: window.location.hostname || '', + // server_port: (window.location.port === "") ? 80 : parseInt(window.location.port), + web_server: window.location.protocol+'://'+window.location.host, // Teleport页面应用对象,放置页面自身特有的属性和函数 app: { diff --git a/server/www/teleport/static/js/user/user-list.js b/server/www/teleport/static/js/user/user-list.js index 8de8fdc..4e43f5e 100644 --- a/server/www/teleport/static/js/user/user-list.js +++ b/server/www/teleport/static/js/user/user-list.js @@ -991,7 +991,7 @@ $app.create_dlg_reset_password = function () { $tp.ajax_post_json('/user/reset-password', { id: dlg.field_id, mode: 1, - email: dlg.field_email, + // email: dlg.field_email, password: '' }, function (ret) { @@ -1022,7 +1022,7 @@ $app.create_dlg_reset_password = function () { $tp.ajax_post_json('/user/reset-password', { id: dlg.field_id, mode: 2, - email: '', + // email: '', password: dlg.field_password }, function (ret) { diff --git a/server/www/teleport/webroot/app/base/configs.py b/server/www/teleport/webroot/app/base/configs.py index 5f3b3e4..c84f5b3 100644 --- a/server/www/teleport/webroot/app/base/configs.py +++ b/server/www/teleport/webroot/app/base/configs.py @@ -455,7 +455,7 @@ class AppConfig(BaseAppConfig): if conf_data is None: log.w('system default config info is empty.\n') - return True + # return True # ===================================== # 密码策略相关 diff --git a/server/www/teleport/webroot/app/base/database/create.py b/server/www/teleport/webroot/app/base/database/create.py index 2a35f61..6b926b1 100644 --- a/server/www/teleport/webroot/app/base/database/create.py +++ b/server/www/teleport/webroot/app/base/database/create.py @@ -17,6 +17,7 @@ class DatabaseInit: self._create_config() self._create_role() self._create_user() + self._create_user_rpt() self._create_host() self._create_acc() self._create_acc_auth() @@ -160,6 +161,25 @@ class DatabaseInit: 'CREATE TABLE {}user ({});'.format(self.db.table_prefix, ','.join(f)) ) + def _create_user_rpt(self): + """ 用户忘记密码时重置需要进行验证的token,24小时有效 + """ + f = list() + + # id: 自增主键 + f.append('id integer PRIMARY KEY {}'.format(self.db.auto_increment)) + # user_id: user's id + f.append('user_id int(11) DEFAULT 0') + # token: token + f.append('token varchar(48) DEFAULT ""') + # create_time: 创建时间 + f.append('create_time int(11) DEFAULT 0') + + self._db_exec( + '创建用户找回密码表 user_rpt', + 'CREATE TABLE {}user_rpt ({});'.format(self.db.table_prefix, ','.join(f)) + ) + def _create_group(self): """ 组信息(各种组,包括用户组、主机组、账号组等) """ diff --git a/server/www/teleport/webroot/app/base/webapp.py b/server/www/teleport/webroot/app/base/webapp.py index 37888ad..e8676e7 100644 --- a/server/www/teleport/webroot/app/base/webapp.py +++ b/server/www/teleport/webroot/app/base/webapp.py @@ -74,6 +74,7 @@ class WebApp: if _db.need_create or _db.need_upgrade: cfg.app_mode = APP_MODE_MAINTENANCE + get_cfg().update_sys(None) else: cfg.app_mode = APP_MODE_NORMAL _db.load_system_config() diff --git a/server/www/teleport/webroot/app/controller/user.py b/server/www/teleport/webroot/app/controller/user.py index ddf9774..e3d8db8 100644 --- a/server/www/teleport/webroot/app/controller/user.py +++ b/server/www/teleport/webroot/app/controller/user.py @@ -19,6 +19,7 @@ from app.base.controller import TPBaseHandler, TPBaseJsonHandler class UserListHandler(TPBaseHandler): def get(self): + ret = self.check_privilege(TP_PRIVILEGE_USER_CREATE) if ret != TPE_OK: return @@ -446,7 +447,7 @@ class DoResetPasswordHandler(TPBaseJsonHandler): try: user_id = int(args['id']) mode = int(args['mode']) - email = args['email'].strip() + # email = args['email'].strip() password = args['password'] except: return self.write_json(TPE_PARAM) @@ -455,11 +456,17 @@ class DoResetPasswordHandler(TPBaseJsonHandler): return self.write_json(TPE_PARAM) if mode == 1: - if len(email) == 0: - return self.write_json(TPE_PARAM) + # if len(email) == 0: + # return self.write_json(TPE_PARAM) + + err, email, token = user.generate_reset_password_token(self, user_id) + + print(err, email, token) # 生成一个密码重置链接,24小时有效 - reset_url = 'http://127.0.0.1/user/validate-password-reset-token?token=G66LXH0EOJ47OXTH7O5KBQ0PHXRSBXBVVFALI6JBJ8HNWUALWI35QECPJ8UV8DEQ' + # token = tp_generate_random(16) + reset_url = '{}://{}/user/validate-password-reset-token?token={}'.format(self.request.protocol, self.request.host, token) + # reset_url = 'http://127.0.0.1/user/validate-password-reset-token?token=G66LXH0EOJ47OXTH7O5KBQ0PHXRSBXBVVFALI6JBJ8HNWUALWI35QECPJ8UV8DEQ' err, msg = yield mail.tp_send_mail( email, diff --git a/server/www/teleport/webroot/app/model/record.py b/server/www/teleport/webroot/app/model/record.py index 7222735..a4eebdc 100644 --- a/server/www/teleport/webroot/app/model/record.py +++ b/server/www/teleport/webroot/app/model/record.py @@ -309,10 +309,6 @@ def cleanup_storage(handler): msg = [] have_error = False - # for test. - # sto.keep_log = 5 - # sto.keep_record = 5 - s = SQL(db) chk_time = _now - sto.keep_log * 24 * 60 * 60 diff --git a/server/www/teleport/webroot/app/model/user.py b/server/www/teleport/webroot/app/model/user.py index cc4dafb..869a755 100644 --- a/server/www/teleport/webroot/app/model/user.py +++ b/server/www/teleport/webroot/app/model/user.py @@ -5,7 +5,7 @@ from app.base.configs import get_cfg from app.base.db import get_db, SQL from app.base.logger import log -from app.base.utils import tp_timestamp_utc_now +from app.base.utils import tp_timestamp_utc_now, tp_generate_random from app.const import * from app.model import syslog @@ -246,6 +246,50 @@ def set_password(handler, user_id, password): return TPE_OK +def generate_reset_password_token(handler, user_id): + db = get_db() + operator = handler.get_current_user() + s = SQL(db) + _time_now = tp_timestamp_utc_now() + + # 0. query user's email by user_id + err = s.select_from('user', ['email'], alt_name='u').where('u.id={user_id}'.format(user_id=user_id)).query() + if err != TPE_OK: + return err, None, None + if len(s.recorder) == 0: + return TPE_DATABASE, None, None + + email = s.recorder[0].email + + # 1. clean all timed out tokens. + s.reset().delete_from('user_rpt').where('create_time<{}'.format(_time_now - 24 * 60 * 60)).exec() + + # 2. find out if this user already have a token. + err = s.reset().select_from('user_rpt', ['id'], alt_name='u').where('u.user_id={}'.format(user_id)).query() + if err != TPE_OK: + return err, None, None + + token = tp_generate_random(16) + + if len(s.recorder) == 0: + sql = 'INSERT INTO `{dbtp}user_rpt` (user_id, token, create_time) VALUES ' \ + '({user_id}, "{token}", {create_time});' \ + ''.format(dbtp=db.table_prefix, user_id=user_id, token=token, create_time=_time_now) + db_ret = db.exec(sql) + if not db_ret: + return TPE_DATABASE, None, None + else: + sql = 'UPDATE `{dbtp}user_rpt` SET token="{token}", create_time={create_time} WHERE user_id={user_id};' \ + ''.format(dbtp=db.table_prefix, token=token, create_time=_time_now, user_id=user_id) + db_ret = db.exec(sql) + if not db_ret: + return TPE_DATABASE, None, None + + # syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "为用户 {} 手动重置了密码".format(name)) + + return TPE_OK, email, token + + def update_login_info(handler, user_id): db = get_db() _time_now = tp_timestamp_utc_now()