mirror of
https://github.com/jumpserver/jumpserver.git
synced 2026-07-16 08:54:41 +00:00
fix: replace CharField with EncryptedField for LDAP certificate fields (#17054)
Co-authored-by: wangruidong <940853815@qq.com>
This commit is contained in:
@@ -20,9 +20,9 @@ class LDAPTestConfigSerializer(serializers.Serializer):
|
||||
AUTH_LDAP_SEARCH_FILTER = serializers.CharField()
|
||||
AUTH_LDAP_USER_ATTR_MAP = serializers.JSONField()
|
||||
AUTH_LDAP_START_TLS = serializers.BooleanField(required=False)
|
||||
AUTH_LDAP_CACERT_CONTENT = serializers.CharField(required=False, allow_blank=True)
|
||||
AUTH_LDAP_CERT_CONTENT = serializers.CharField(required=False, allow_blank=True)
|
||||
AUTH_LDAP_KEY_CONTENT = serializers.CharField(required=False, allow_blank=True)
|
||||
AUTH_LDAP_CACERT_CONTENT = EncryptedField(required=False, allow_blank=True)
|
||||
AUTH_LDAP_CERT_CONTENT = EncryptedField(required=False, allow_blank=True)
|
||||
AUTH_LDAP_KEY_CONTENT = EncryptedField(required=False, allow_blank=True)
|
||||
AUTH_LDAP = serializers.BooleanField(required=False)
|
||||
|
||||
|
||||
@@ -118,17 +118,17 @@ class LDAPSettingSerializer(LDAPSerializerMixin, serializers.Serializer):
|
||||
required=False, label=_('StartTLS'),
|
||||
help_text=_('Use StartTLS to upgrade ldap:// connections to TLS')
|
||||
)
|
||||
AUTH_LDAP_CACERT_CONTENT = serializers.CharField(
|
||||
AUTH_LDAP_CACERT_CONTENT = EncryptedField(
|
||||
allow_blank=True, required=False, write_only=True,
|
||||
label=_('CA certificate'),
|
||||
help_text=_('CA certificate for verifying LDAPS/StartTLS server')
|
||||
)
|
||||
AUTH_LDAP_CERT_CONTENT = serializers.CharField(
|
||||
AUTH_LDAP_CERT_CONTENT = EncryptedField(
|
||||
allow_blank=True, required=False, write_only=True,
|
||||
label=_('Client certificate'),
|
||||
help_text=_('Client certificate for mutual TLS (optional)')
|
||||
)
|
||||
AUTH_LDAP_KEY_CONTENT = serializers.CharField(
|
||||
AUTH_LDAP_KEY_CONTENT = EncryptedField(
|
||||
allow_blank=True, required=False, write_only=True,
|
||||
label=_('Client private key'),
|
||||
help_text=_('Client private key for mutual TLS (optional)')
|
||||
|
||||
@@ -17,9 +17,9 @@ class LDAPHATestConfigSerializer(serializers.Serializer):
|
||||
AUTH_LDAP_HA_SEARCH_FILTER = serializers.CharField()
|
||||
AUTH_LDAP_HA_USER_ATTR_MAP = serializers.JSONField()
|
||||
AUTH_LDAP_HA_START_TLS = serializers.BooleanField(required=False)
|
||||
AUTH_LDAP_HA_CACERT_CONTENT = serializers.CharField(required=False, allow_blank=True)
|
||||
AUTH_LDAP_HA_CERT_CONTENT = serializers.CharField(required=False, allow_blank=True)
|
||||
AUTH_LDAP_HA_KEY_CONTENT = serializers.CharField(required=False, allow_blank=True)
|
||||
AUTH_LDAP_HA_CACERT_CONTENT = EncryptedField(required=False, allow_blank=True)
|
||||
AUTH_LDAP_HA_CERT_CONTENT = EncryptedField(required=False, allow_blank=True)
|
||||
AUTH_LDAP_HA_KEY_CONTENT = EncryptedField(required=False, allow_blank=True)
|
||||
AUTH_LDAP_HA = serializers.BooleanField(required=False)
|
||||
|
||||
|
||||
@@ -100,17 +100,17 @@ class LDAPHASettingSerializer(LDAPSerializerMixin, serializers.Serializer):
|
||||
required=False, label=_('StartTLS'),
|
||||
help_text=_('Use StartTLS to upgrade ldap:// connections to TLS')
|
||||
)
|
||||
AUTH_LDAP_HA_CACERT_CONTENT = serializers.CharField(
|
||||
AUTH_LDAP_HA_CACERT_CONTENT = EncryptedField(
|
||||
allow_blank=True, required=False, write_only=True,
|
||||
label=_('CA certificate'),
|
||||
help_text=_('CA certificate for verifying LDAPS/StartTLS server')
|
||||
)
|
||||
AUTH_LDAP_HA_CERT_CONTENT = serializers.CharField(
|
||||
AUTH_LDAP_HA_CERT_CONTENT = EncryptedField(
|
||||
allow_blank=True, required=False, write_only=True,
|
||||
label=_('Client certificate'),
|
||||
help_text=_('Client certificate for mutual TLS (optional)')
|
||||
)
|
||||
AUTH_LDAP_HA_KEY_CONTENT = serializers.CharField(
|
||||
AUTH_LDAP_HA_KEY_CONTENT = EncryptedField(
|
||||
allow_blank=True, required=False, write_only=True,
|
||||
label=_('Client private key'),
|
||||
help_text=_('Client private key for mutual TLS (optional)')
|
||||
|
||||
@@ -25,8 +25,12 @@ class LDAPSerializerMixin:
|
||||
cert_attrs = [f'{prefix}{suffix}' for suffix in self.cert_content_suffixes]
|
||||
if not any(k in self.validated_data for k in cert_attrs):
|
||||
return
|
||||
content_map = {
|
||||
attr: self.validated_data[attr]
|
||||
for attr in cert_attrs if attr in self.validated_data
|
||||
}
|
||||
tls_util = LDAPTLSUtil(category)
|
||||
tls_util.sync_files()
|
||||
tls_util.sync_files(content_map=content_map)
|
||||
tls_util.refresh_global_options()
|
||||
|
||||
def post_save(self):
|
||||
|
||||
@@ -198,7 +198,7 @@ class LdapWebsocket(AsyncJsonWebsocketConsumer, OrgMixin):
|
||||
if not serializer.is_valid():
|
||||
self.send_msg(msg=f'error: {str(serializer.errors)}')
|
||||
config = self.get_ldap_config(serializer)
|
||||
ok, msg = LDAPTestUtil(config).test_config()
|
||||
ok, msg = LDAPTestUtil(config, category=self.category).test_config()
|
||||
if ok:
|
||||
self.set_task_status_over(CACHE_KEY_LDAP_TEST_CONFIG_TASK_STATUS)
|
||||
return ok, msg
|
||||
|
||||
Reference in New Issue
Block a user