1.5.7 Merge to dev (#3766)

* [Update] 暂存，优化解决不了问题 * [Update] 待续（小白） * [Update] 修改asset user * [Update] 计划再次更改 * [Update] 修改asset user * [Update] 暂存与喜爱 * [Update] Add id in * [Update] 阶段性完成ops task该做 * [Update] 修改asset user api * [Update] 修改asset user 任务，查看认证等 * [Update] 基本完成asset user改造 * [Update] dynamic user only allow 1 * [Update] 修改asset user task * [Update] 修改node admin user task api * [Update] remove file header license * [Update] 添加sftp root * [Update] 暂存 * [Update] 暂存 * [Update] 修改翻译 * [Update] 修改系统用户改为同名后，用户名改为空 * [Update] 基本完成CAS调研 * [Update] 支持cas server * [Update] 支持cas server * [Update] 添加requirements * [Update] 为方便调试添加mysql ipython到包中 * [Update] 添加huaweiyun翻译 * [Update] 增加下载session 录像 * [Update] 只有第一次通知replay离线的使用方法 * [Update] 暂存一下 * [Bugfix] 获取系统用户信息报错 * [Bugfix] 修改system user info * [Update] 改成清理10天git status * [Update] 修改celery日志保留时间 * [Update]修复部分pip包依赖的版本不兼容问题 (#3672) * [Update] 修复用户更新页面会清空用户public_key的问题 * Fix broken dependencies Co-authored-by: BaiJiangJie <32935519+BaiJiangJie@users.noreply.github.com> * [Update] 修改获取系统用户auth info * [Update] Remove log * [Bugfix] 修复sftp home设置的bug * [Update] 授权的系统用户添加sftp root * [Update] 修改系统用户关联的用户 * [Update] 修改placeholder * [Update] 优化获取授权的系统用户 * [Update] 修改tasks * [Update] tree service update * [Update] 暂存 * [Update] 基本完成用户授权树和资产树改造 * [Update] Dashbaord perf * [update] Add huawei cloud sdk requirements * [Updte] 优化dashboard页面 * [Update] system user auth info 添加id * [Update] 修改系统用户serializer * [Update] 优化api * [Update] LDAP Test Util (#3720) * [Update] LDAPTestUtil 1 * [Update] LDAPTestUtil 2 * [Update] LDAPTestUtil 3 * [Update] LDAPTestUtil 4 * [Update] LDAPTestUtil 5 * [Update] LDAPTestUtil 6 * [Update] LDAPTestUtil 7 * [Update] session 已添加is success，并且添加display serializer * [Bugfix] 修复无法删除空节点的bug * [Update] 命令记录分组织显示 * [Update] Session is_success 添加迁移文件 * [Update] 批量命令添加org_id * [Update] 修复一些文案，修改不绑定MFA，不能ssh登录 * [Update] 修改replay api, 返回session信息 * [Update] 解决无效es导致访问命令记录页面失败的问题 * [Update] 拆分profile view * [Update] 修改一个翻译 * [Update] 修改aysnc api框架 * [Update] 命令列表添加risk level * [Update] 完成录像打包下载 * [Update] 更改登陆otp页面 * [Update] 修改command 存储redis_level * [Update] 修改翻译 * [Update] 修改系统用户的用户列表字段 * [Update] 使用新logo和统一Jumpserver为JumpServer * [Update] 优化cloud task * [Update] 统一period task * [Update] 统一period form serializer字段 * [Update] 修改period task * [Update] 修改资产网关信息 * [Update] 用户授权资产树资产信息添加domain * [Update] 修改翻译 * [Update] 测试可连接性 * 1.5.7 bai (#3764) * [Update] 修复index页面Bug；修复测试资产用户可连接性问题； * [Update] 修改测试资产用户可连接 * [Bugfix] 修复backends问题 * [Update] 修改marksafe依赖版本 * [Update] 修改测试资产用户可连接性 * [Update] 修改检测服务器性能时获取percent值 * [Update] 更新依赖boto3=1.12.14 Co-authored-by: Yanzhe Lee <lee.yanzhe@yanzhe.org> Co-authored-by: BaiJiangJie <32935519+BaiJiangJie@users.noreply.github.com> Co-authored-by: Bai <bugatti_it@163.com>
2025-09-16 15:28:38 +00:00 · 2020-03-12 16:24:38 +08:00
parent 1f6a8e8f02
commit 1fd2e782f8
204 changed files with 6463 additions and 3860 deletions
--- a/apps/authentication/backends/cas/init.py
+++ b/apps/authentication/backends/cas/init.py
@@ -0,0 +1,4 @@
+# -*- coding: utf-8 -*-
+#
+from .backends import *
+from .callback import *
--- a/apps/authentication/backends/cas/backends.py
+++ b/apps/authentication/backends/cas/backends.py
@@ -0,0 +1,11 @@
+# -*- coding: utf-8 -*-
+#
+from django_cas_ng.backends import CASBackend as _CASBackend
+
+
+__all__ = ['CASBackend']
+
+
+class CASBackend(_CASBackend):
+    def user_can_authenticate(self, user):
+        return True
--- a/apps/authentication/backends/cas/callback.py
+++ b/apps/authentication/backends/cas/callback.py
@@ -0,0 +1,16 @@
+# -*- coding: utf-8 -*-
+#
+from django.contrib.auth import get_user_model
+
+
+User = get_user_model()
+
+
+def cas_callback(response):
+    username = response['username']
+    user, user_created = User.objects.get_or_create(username=username)
+    profile, created = user.get_profile()
+
+    profile.role = response['attributes']['role']
+    profile.birth_date = response['attributes']['birth_date']
+    profile.save()
--- a/apps/authentication/backends/cas/urls.py
+++ b/apps/authentication/backends/cas/urls.py
@@ -0,0 +1,11 @@
+# -*- coding: utf-8 -*-
+#
+from django.urls import path
+import django_cas_ng.views
+
+
+urlpatterns = [
+    path('login/', django_cas_ng.views.LoginView.as_view(), name='cas-login'),
+    path('logout/', django_cas_ng.views.LogoutView.as_view(), name='cas-logout'),
+    path('callback/', django_cas_ng.views.CallbackView.as_view(), name='cas-proxy-callback'),
+]
--- a/apps/authentication/backends/ldap.py
+++ b/apps/authentication/backends/ldap.py
@@ -29,26 +29,27 @@ class LDAPAuthorizationBackend(LDAPBackend):

    def pre_check(self, username, password):
        if not settings.AUTH_LDAP:
-            return False
-        logger.info('Authentication LDAP backend')
+            error = 'Not enabled auth ldap'
+            return False, error
        if not username:
-            logger.info('Authenticate failed: username is None')
-            return False
+            error = 'Username is None'
+            return False, error
        if not password:
-            logger.info('Authenticate failed: password is None')
-            return False
+            error = 'Password is None'
+            return False, error
        if settings.AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS:
            user_model = self.get_user_model()
            exist = user_model.objects.filter(username=username).exists()
            if not exist:
-                msg = 'Authentication failed: user ({}) is not in the user list'
-                logger.info(msg.format(username))
-                return False
-        return True
+                error = 'user ({}) is not in the user list'.format(username)
+                return False, error
+        return True, ''

    def authenticate(self, request=None, username=None, password=None, **kwargs):
-        match = self.pre_check(username, password)
+        logger.info('Authentication LDAP backend')
+        match, msg = self.pre_check(username, password)
        if not match:
+            logger.info('Authenticate failed: {}'.format(msg))
            return None
        ldap_user = LDAPUser(self, username=username.strip(), request=request)
        user = self.authenticate_ldap_user(ldap_user, password)
@@ -130,5 +131,5 @@ class LDAPUser(_LDAPUser):
                setattr(self._user, field, value)

        email = getattr(self._user, 'email', '')
-        email = construct_user_email(email, self._user.username)
+        email = construct_user_email(self._user.username, email)
        setattr(self._user, 'email', email)
--- a/apps/authentication/backends/pubkey.py
+++ b/apps/authentication/backends/pubkey.py
@@ -19,7 +19,7 @@ class PublicKeyAuthBackend:
            return None
        else:
            if user.check_public_key(public_key) and \
-                    self.user_can_authenticate(user):
+                  self.user_can_authenticate(user):
                return user

    @staticmethod