diff --git a/apps/authentication/backends/oauth2_provider/utils.py b/apps/authentication/backends/oauth2_provider/utils.py index 7ea3740cd..8c0175d2a 100644 --- a/apps/authentication/backends/oauth2_provider/utils.py +++ b/apps/authentication/backends/oauth2_provider/utils.py @@ -6,7 +6,7 @@ def get_or_create_jumpserver_client_application(): Application = get_application_model() application, created = Application.objects.get_or_create( - name='JumpServer Client', + name=settings.OAUTH2_PROVIDER_JUMPSERVER_CLIENT_NAME, defaults={ 'client_type': Application.CLIENT_PUBLIC, 'authorization_grant_type': Application.GRANT_AUTHORIZATION_CODE, diff --git a/apps/authentication/management/__init__.py b/apps/authentication/management/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/apps/authentication/management/commands/__init__.py b/apps/authentication/management/commands/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/apps/authentication/management/commands/init_oauth2_provider.py b/apps/authentication/management/commands/init_oauth2_provider.py new file mode 100644 index 000000000..0782c6483 --- /dev/null +++ b/apps/authentication/management/commands/init_oauth2_provider.py @@ -0,0 +1,75 @@ +# -*- coding: utf-8 -*- +# +from django.core.management.base import BaseCommand +from django.db.utils import OperationalError, ProgrammingError +from django.conf import settings + + +class Command(BaseCommand): + help = 'Initialize OAuth2 Provider - Create default JumpServer Client application' + + def add_arguments(self, parser): + parser.add_argument( + '--force', + action='store_true', + help='Force recreate the application even if it exists', + ) + + def handle(self, *args, **options): + force = options.get('force', False) + + try: + from authentication.backends.oauth2_provider.utils import ( + get_or_create_jumpserver_client_application + ) + from oauth2_provider.models import get_application_model + + Application = get_application_model() + + # 检查表是否存在 + try: + Application.objects.exists() + except (OperationalError, ProgrammingError) as e: + self.stdout.write( + self.style.ERROR( + f'OAuth2 Provider tables not found. Please run migrations first:\n' + f' python manage.py migrate oauth2_provider\n' + f'Error: {e}' + ) + ) + return + + # 如果强制重建,先删除已存在的应用 + if force: + deleted_count, _ = Application.objects.filter( + name=settings.OAUTH2_PROVIDER_JUMPSERVER_CLIENT_NAME + ).delete() + if deleted_count > 0: + self.stdout.write( + self.style.WARNING(f'Deleted {deleted_count} existing application(s)') + ) + + # 创建或获取应用 + application = get_or_create_jumpserver_client_application() + + if application: + self.stdout.write( + self.style.SUCCESS( + f'✓ OAuth2 JumpServer Client application initialized successfully\n' + f' - Client ID: {application.client_id}\n' + f' - Client Type: {application.get_client_type_display()}\n' + f' - Grant Type: {application.get_authorization_grant_type_display()}\n' + f' - Redirect URIs: {application.redirect_uris}\n' + f' - Skip Authorization: {application.skip_authorization}' + ) + ) + else: + self.stdout.write( + self.style.ERROR('Failed to create OAuth2 application') + ) + + except Exception as e: + self.stdout.write( + self.style.ERROR(f'Error initializing OAuth2 Provider: {e}') + ) + raise diff --git a/apps/common/apps.py b/apps/common/apps.py index 72722e2f7..23913256d 100644 --- a/apps/common/apps.py +++ b/apps/common/apps.py @@ -5,7 +5,6 @@ import sys from django.apps import AppConfig from django.db import close_old_connections -from django.conf import settings class CommonConfig(AppConfig): @@ -24,6 +23,3 @@ class CommonConfig(AppConfig): if not os.environ.get('DJANGO_DEBUG_SHELL'): django_ready.send(CommonConfig) close_old_connections() - - from authentication.backends.oauth2_provider import utils - utils.get_or_create_jumpserver_client_application() diff --git a/apps/jumpserver/settings/libs.py b/apps/jumpserver/settings/libs.py index 31c9f979d..41a153405 100644 --- a/apps/jumpserver/settings/libs.py +++ b/apps/jumpserver/settings/libs.py @@ -231,4 +231,5 @@ OAUTH2_PROVIDER = { 'ACCESS_TOKEN_EXPIRE_SECONDS': CONFIG.OAUTH2_PROVIDER_ACCESS_TOKEN_EXPIRE_SECONDS, 'REFRESH_TOKEN_EXPIRE_SECONDS': CONFIG.OAUTH2_PROVIDER_REFRESH_TOKEN_EXPIRE_SECONDS, } -OAUTH2_PROVIDER_CLIENT_REDIRECT_URI = 'jms://auth/callback' \ No newline at end of file +OAUTH2_PROVIDER_CLIENT_REDIRECT_URI = 'jms://auth/callback' +OAUTH2_PROVIDER_JUMPSERVER_CLIENT_NAME = 'JumpServer Client' \ No newline at end of file diff --git a/jms b/jms index 6797c6d59..6b26a7bbe 100755 --- a/jms +++ b/jms @@ -132,6 +132,13 @@ def install_builtin_applets(): logging.error("Install builtin applets err: {}".format(e)) +def init_oauth2_provider(): + logging.info("Initialize OAuth2 Provider") + try: + management.call_command('init_oauth2_provider', verbosity=0) + except Exception as e: + logging.error("Initialize OAuth2 Provider err: {}".format(e)) + def upgrade_db(): collect_static() perform_db_migrate() @@ -143,6 +150,7 @@ def prepare(): expire_caches() download_ip_db() install_builtin_applets() + init_oauth2_provider() def start_services():