From 3f85c67aee0b5d695dd018a59adda1cda9851b0e Mon Sep 17 00:00:00 2001 From: wangruidong <940853815@qq.com> Date: Thu, 29 May 2025 15:19:30 +0800 Subject: [PATCH] perf: Add retention period for expired user tokens and implement cleanup task --- apps/authentication/tasks.py | 29 ++ apps/i18n/core/zh/LC_MESSAGES/django.po | 424 +++++++++++++----------- apps/jumpserver/conf.py | 1 + apps/jumpserver/settings/custom.py | 1 + apps/settings/serializers/public.py | 1 + apps/settings/serializers/security.py | 5 + 6 files changed, 267 insertions(+), 194 deletions(-) diff --git a/apps/authentication/tasks.py b/apps/authentication/tasks.py index acd940978..155bf4a3a 100644 --- a/apps/authentication/tasks.py +++ b/apps/authentication/tasks.py @@ -1,12 +1,18 @@ # -*- coding: utf-8 -*- # +import datetime +import logging from celery import shared_task +from django.conf import settings from django.contrib.sessions.models import Session from django.utils import timezone from django.utils.translation import gettext_lazy as _ +from authentication.models import ConnectionToken, TempToken +from common.const.crontab import CRONTAB_AT_AM_TWO from ops.celery.decorator import register_as_period_task +from orgs.utils import tmp_to_root_org @shared_task( @@ -18,3 +24,26 @@ from ops.celery.decorator import register_as_period_task @register_as_period_task(interval=3600 * 24) def clean_django_sessions(): Session.objects.filter(expire_date__lt=timezone.now()).delete() + + +@shared_task( + verbose_name=_('Clean expired temporary, connection tokens'), + description=_( + "When connecting to assets or generating temporary passwords, the system creates corresponding connection " + "tokens or temporary credential records. To maintain security and manage storage, the system automatically " + "deletes expired tokens every day at 2:00 AM based on the retention settings configured under System settings " + "> Security > User password > Token Retention Period" + ) +) +@register_as_period_task(crontab=CRONTAB_AT_AM_TWO) +def clean_expire_token(): + logging.info('Cleaning expired temporary and connection tokens...') + with tmp_to_root_org(): + now = timezone.now() + days = settings.SECURITY_EXPIRED_TOKEN_RECORD_KEEP_DAYS + expired_time = now - datetime.timedelta(days=days) + count = ConnectionToken.objects.filter(date_expired__lt=expired_time).delete() + logging.info('Deleted %d expired connection tokens.', count[0]) + count = TempToken.objects.filter(date_expired__lt=expired_time).delete() + logging.info('Deleted %d temporary tokens.', count[0]) + logging.info('Cleaned expired temporary and connection tokens.') diff --git a/apps/i18n/core/zh/LC_MESSAGES/django.po b/apps/i18n/core/zh/LC_MESSAGES/django.po index f75a5bb40..48281b251 100644 --- a/apps/i18n/core/zh/LC_MESSAGES/django.po +++ b/apps/i18n/core/zh/LC_MESSAGES/django.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: JumpServer 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-05-15 11:00+0800\n" +"POT-Creation-Date: 2025-05-29 15:08+0800\n" "PO-Revision-Date: 2021-05-20 10:54+0800\n" "Last-Translator: ibuler \n" "Language-Team: JumpServer team\n" @@ -17,14 +17,14 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Poedit 2.4.3\n" -#: accounts/api/account/account.py:131 +#: accounts/api/account/account.py:138 #: accounts/serializers/account/account.py:181 -#: accounts/serializers/account/account.py:344 +#: accounts/serializers/account/account.py:345 msgid "Account already exists" msgstr "账号已存在" #: accounts/api/account/application.py:77 -#: authentication/api/connection_token.py:451 +#: authentication/api/connection_token.py:452 msgid "Account not found" msgstr "账号未找到" @@ -136,6 +136,8 @@ msgstr ">>> 开始执行测试网关账号可连接性任务" #: users/templates/users/_msg_user_created.html:13 #: users/templates/users/user_password_verify.html:18 #: xpack/plugins/cloud/serializers/account_attrs.py:43 +#: xpack/plugins/cloud/serializers/account_attrs.py:105 +#: xpack/plugins/cloud/serializers/account_attrs.py:112 msgid "Password" msgstr "密码" @@ -192,7 +194,7 @@ msgstr "发现" msgid "Template" msgstr "模板" -#: accounts/const/account.py:32 ops/const.py:46 xpack/plugins/cloud/const.py:73 +#: accounts/const/account.py:32 ops/const.py:46 xpack/plugins/cloud/const.py:74 msgid "Skip" msgstr "跳过" @@ -204,7 +206,7 @@ msgstr "更新" #: accounts/const/account.py:34 accounts/const/automation.py:115 #: accounts/serializers/automations/change_secret.py:169 audits/const.py:66 #: audits/signal_handlers/activity_log.py:34 common/const/choices.py:66 -#: ops/const.py:76 terminal/const.py:81 xpack/plugins/cloud/const.py:52 +#: ops/const.py:76 terminal/const.py:81 xpack/plugins/cloud/const.py:53 msgid "Failed" msgstr "失败" @@ -391,7 +393,7 @@ msgstr "数据库" #: accounts/const/vault.py:8 assets/const/category.py:12 #: assets/models/asset/database.py:10 assets/models/asset/database.py:29 -#: xpack/plugins/cloud/const.py:38 +#: xpack/plugins/cloud/const.py:39 msgid "Database" msgstr "数据库" @@ -417,7 +419,7 @@ msgstr "Vault 操作失败,请重试,或者检查 Vault 上的账号信息 #: accounts/models/automations/check_account.py:59 #: accounts/models/automations/gather_account.py:17 #: accounts/serializers/account/account.py:227 -#: accounts/serializers/account/account.py:276 +#: accounts/serializers/account/account.py:277 #: accounts/serializers/automations/change_secret.py:113 #: accounts/serializers/automations/change_secret.py:145 #: accounts/serializers/automations/check_account.py:33 @@ -445,7 +447,7 @@ msgstr "资产" #: accounts/models/account.py:89 accounts/models/template.py:16 #: accounts/serializers/account/account.py:234 -#: accounts/serializers/account/account.py:286 +#: accounts/serializers/account/account.py:287 #: accounts/serializers/account/template.py:35 #: authentication/serializers/connect_token_secret.py:51 msgid "Su from" @@ -499,7 +501,7 @@ msgstr "改密状态" #: acls/serializers/base.py:131 #: acls/templates/acls/asset_login_reminder.html:10 #: assets/serializers/gateway.py:33 audits/models.py:60 audits/models.py:316 -#: audits/serializers.py:231 authentication/api/connection_token.py:463 +#: audits/serializers.py:231 authentication/api/connection_token.py:464 #: ops/models/base.py:18 perms/models/asset_permission.py:75 #: settings/serializers/msg.py:33 terminal/backends/command/models.py:18 #: terminal/models/session/session.py:36 terminal/serializers/command.py:72 @@ -731,7 +733,7 @@ msgstr "结束日期" #: assets/models/automations/base.py:137 #: assets/serializers/automations/base.py:45 audits/models.py:212 #: audits/serializers.py:77 ops/models/base.py:49 ops/models/job.py:233 -#: terminal/models/applet/applet.py:372 terminal/models/applet/host.py:140 +#: terminal/models/applet/applet.py:374 terminal/models/applet/host.py:140 #: terminal/models/component/status.py:30 #: terminal/models/virtualapp/virtualapp.py:99 #: terminal/serializers/applet.py:18 terminal/serializers/applet_host.py:163 @@ -743,7 +745,7 @@ msgid "Status" msgstr "状态" #: accounts/models/automations/change_secret.py:51 -#: accounts/serializers/account/account.py:278 +#: accounts/serializers/account/account.py:279 #: accounts/templates/accounts/change_secret_failed_info.html:13 #: assets/const/automation.py:9 #: authentication/templates/authentication/passkey.html:174 @@ -852,9 +854,11 @@ msgstr "重复密码" #: authentication/templates/authentication/login.html:408 #: terminal/serializers/storage.py:136 users/forms/profile.py:32 #: users/forms/profile.py:117 users/models/user/__init__.py:64 -#: users/serializers/profile.py:186 +#: users/serializers/profile.py:190 #: users/templates/users/_msg_user_created.html:12 #: xpack/plugins/cloud/serializers/account_attrs.py:41 +#: xpack/plugins/cloud/serializers/account_attrs.py:103 +#: xpack/plugins/cloud/serializers/account_attrs.py:110 msgid "Username" msgstr "用户名" @@ -965,7 +969,7 @@ msgid "Verify asset account" msgstr "账号验证" #: accounts/models/base.py:37 accounts/models/base.py:66 -#: accounts/serializers/account/account.py:471 +#: accounts/serializers/account/account.py:472 #: accounts/serializers/account/base.py:17 #: accounts/serializers/automations/change_secret.py:48 #: authentication/serializers/connect_token_secret.py:42 @@ -1156,7 +1160,7 @@ msgstr "账号存在策略" #: settings/models.py:41 tickets/models/ticket/apply_application.py:13 #: users/models/preference.py:12 xpack/plugins/cloud/models.py:41 #: xpack/plugins/cloud/models.py:326 -#: xpack/plugins/cloud/serializers/account.py:80 +#: xpack/plugins/cloud/serializers/account.py:81 msgid "Category" msgstr "类别" @@ -1189,26 +1193,26 @@ msgstr "资产不存在" msgid "Directory service" msgstr "目录服务" -#: accounts/serializers/account/account.py:267 +#: accounts/serializers/account/account.py:268 msgid "Has secret" msgstr "已托管密码" -#: accounts/serializers/account/account.py:277 ops/models/celery.py:84 +#: accounts/serializers/account/account.py:278 ops/models/celery.py:84 #: tickets/models/comment.py:13 tickets/models/ticket/general.py:49 #: tickets/models/ticket/general.py:280 tickets/serializers/super_ticket.py:14 msgid "State" msgstr "状态" -#: accounts/serializers/account/account.py:279 +#: accounts/serializers/account/account.py:280 msgid "Changed" msgstr "已修改" -#: accounts/serializers/account/account.py:289 acls/models/base.py:97 +#: accounts/serializers/account/account.py:290 acls/models/base.py:97 #: acls/templates/acls/asset_login_reminder.html:9 #: assets/models/automations/base.py:25 #: assets/serializers/automations/base.py:20 assets/serializers/domain.py:33 #: assets/serializers/platform.py:181 assets/serializers/platform.py:213 -#: authentication/api/connection_token.py:462 ops/models/base.py:17 +#: authentication/api/connection_token.py:463 ops/models/base.py:17 #: ops/models/job.py:157 ops/serializers/job.py:21 #: perms/serializers/permission.py:57 #: terminal/templates/terminal/_msg_command_execute_alert.html:16 @@ -1216,30 +1220,30 @@ msgstr "已修改" msgid "Assets" msgstr "资产" -#: accounts/serializers/account/account.py:394 +#: accounts/serializers/account/account.py:395 #, python-format msgid "Asset does not support this secret type: %s" msgstr "资产不支持账号类型: %s" -#: accounts/serializers/account/account.py:426 +#: accounts/serializers/account/account.py:427 msgid "Account has exist" msgstr "账号已存在" -#: accounts/serializers/account/account.py:463 +#: accounts/serializers/account/account.py:464 #: accounts/serializers/account/base.py:86 #: accounts/serializers/account/template.py:66 #: assets/serializers/asset/common.py:424 msgid "Spec info" msgstr "特殊信息" -#: accounts/serializers/account/account.py:472 +#: accounts/serializers/account/account.py:473 #: authentication/serializers/connect_token_secret.py:162 #: authentication/templates/authentication/_access_key_modal.html:30 #: perms/models/perm_node.py:21 users/serializers/group.py:33 msgid "ID" msgstr "ID" -#: accounts/serializers/account/account.py:482 acls/serializers/base.py:123 +#: accounts/serializers/account/account.py:483 acls/serializers/base.py:123 #: acls/templates/acls/asset_login_reminder.html:8 #: acls/templates/acls/user_login_reminder.html:8 #: assets/models/cmd_filter.py:24 assets/models/label.py:16 audits/models.py:55 @@ -1261,7 +1265,7 @@ msgstr "ID" msgid "User" msgstr "用户" -#: accounts/serializers/account/account.py:483 +#: accounts/serializers/account/account.py:484 #: authentication/templates/authentication/_access_key_modal.html:33 #: terminal/notifications.py:159 terminal/notifications.py:219 msgid "Date" @@ -1289,7 +1293,7 @@ msgstr "IP 白名单" #: assets/models/cmd_filter.py:88 common/db/models.py:36 ops/models/adhoc.py:25 #: ops/models/job.py:165 ops/models/playbook.py:31 rbac/models/role.py:37 #: settings/models.py:44 terminal/models/applet/applet.py:46 -#: terminal/models/applet/applet.py:373 terminal/models/applet/host.py:143 +#: terminal/models/applet/applet.py:375 terminal/models/applet/host.py:143 #: terminal/models/component/endpoint.py:28 #: terminal/models/component/endpoint.py:116 #: terminal/models/session/session.py:49 @@ -1310,12 +1314,12 @@ msgid "Password length" msgstr "密码长度" #: accounts/serializers/account/template.py:12 -#: settings/serializers/security.py:46 +#: settings/serializers/security.py:51 msgid "Lowercase" msgstr "小写字母" #: accounts/serializers/account/template.py:13 -#: settings/serializers/security.py:43 +#: settings/serializers/security.py:48 msgid "Uppercase" msgstr "大写字母" @@ -1905,8 +1909,8 @@ msgid "" "10.1.1.1-10.1.1.20, 2001:db8:2de::e13, 2001:db8:1a:1110::/64 (Domain name " "support)" msgstr "" -"* 表示匹配所有。例如: 192.168.10.1, 192.168.1.0/24, 10.1.1.1-10.1.1.20, 2001:" -"db8:2de::e13, 2001:db8:1a:1110::/64 (支持网域)" +"* 表示匹配所有。例如: 192.168.10.1, 192.168.1.0/24, 10.1.1.1-10.1.1.20, " +"2001:db8:2de::e13, 2001:db8:1a:1110::/64 (支持网域)" #: acls/serializers/base.py:41 assets/serializers/asset/host.py:19 msgid "IP/Host" @@ -1934,8 +1938,8 @@ msgid "" "With * indicating a match all. Such as: 192.168.10.1, 192.168.1.0/24, " "10.1.1.1-10.1.1.20, 2001:db8:2de::e13, 2001:db8:1a:1110::/64 " msgstr "" -"* 表示匹配所有。例如: 192.168.10.1, 192.168.1.0/24, 10.1.1.1-10.1.1.20, 2001:" -"db8:2de::e13, 2001:db8:1a:1110::/64" +"* 表示匹配所有。例如: 192.168.10.1, 192.168.1.0/24, 10.1.1.1-10.1.1.20, " +"2001:db8:2de::e13, 2001:db8:1a:1110::/64" #: acls/serializers/rules/rules.py:33 #: authentication/templates/authentication/_msg_oauth_bind.html:12 @@ -2094,8 +2098,8 @@ msgid ">>> Start executing the task to test gateway connectivity" msgstr ">>> 开始执行测试网关可连接性任务" #: assets/const/automation.py:6 audits/const.py:6 audits/const.py:48 -#: audits/signal_handlers/activity_log.py:63 common/utils/ip/geoip/utils.py:31 -#: common/utils/ip/geoip/utils.py:37 common/utils/ip/utils.py:104 +#: audits/signal_handlers/activity_log.py:63 common/utils/ip/geoip/utils.py:33 +#: common/utils/ip/geoip/utils.py:39 common/utils/ip/utils.py:104 msgid "Unknown" msgstr "未知" @@ -2150,6 +2154,7 @@ msgstr "禁用" #: assets/const/base.py:33 settings/serializers/basic.py:8 #: users/serializers/preference/koko.py:19 +#: users/serializers/preference/lina.py:51 #: users/serializers/preference/luna.py:85 msgid "Basic" msgstr "基本" @@ -2163,7 +2168,7 @@ msgstr "脚本" #: settings/serializers/auth/radius.py:17 settings/serializers/auth/sms.py:76 #: settings/serializers/feature.py:81 settings/serializers/feature.py:94 #: settings/serializers/msg.py:30 terminal/models/component/endpoint.py:14 -#: terminal/serializers/applet.py:17 xpack/plugins/cloud/const.py:37 +#: terminal/serializers/applet.py:17 xpack/plugins/cloud/const.py:38 #: xpack/plugins/cloud/manager.py:101 #: xpack/plugins/cloud/serializers/account_attrs.py:87 msgid "Host" @@ -2183,7 +2188,8 @@ msgstr "云服务" msgid "Web" msgstr "Web" -#: assets/const/category.py:16 common/sdk/sms/endpoint.py:20 +#: assets/const/category.py:16 common/sdk/sms/custom_file.py:47 +#: common/sdk/sms/endpoint.py:20 msgid "Custom type" msgstr "自定义类型" @@ -2245,7 +2251,7 @@ msgid "ChatGPT" msgstr "ChatGPT" #: assets/const/host.py:13 rbac/tree.py:28 rbac/tree.py:66 -#: xpack/plugins/cloud/const.py:74 +#: xpack/plugins/cloud/const.py:75 msgid "Other" msgstr "其它" @@ -2290,7 +2296,7 @@ msgid "Any" msgstr "任意" #: assets/const/protocol.py:88 rbac/tree.py:62 -#: settings/serializers/security.py:268 +#: settings/serializers/security.py:273 msgid "Security" msgstr "安全" @@ -2889,7 +2895,7 @@ msgstr "端口超出范围 (0-65535)" msgid "Protocol is required: {}" msgstr "协议是必填的: {}" -#: assets/serializers/asset/common.py:353 +#: assets/serializers/asset/common.py:353 labels/api.py:107 msgid "Invalid data" msgstr "无效的数据" @@ -3328,7 +3334,7 @@ msgstr "同意" #: audits/const.py:42 ops/models/celery.py:85 #: terminal/models/session/sharing.py:128 tickets/const.py:25 -#: xpack/plugins/cloud/const.py:72 +#: xpack/plugins/cloud/const.py:73 msgid "Finished" msgstr "结束" @@ -3353,7 +3359,7 @@ msgstr "登录日志" #: audits/const.py:55 rbac/tree.py:64 terminal/models/applet/host.py:144 #: terminal/models/component/task.py:22 -#: xpack/plugins/cloud/serializers/account.py:77 +#: xpack/plugins/cloud/serializers/account.py:78 msgid "Task" msgstr "任务" @@ -3644,35 +3650,35 @@ msgstr "该操作需要验证您的 MFA, 请先开启并配置" msgid "Reusable connection token is not allowed, global setting not enabled" msgstr "不允许使用可重复使用的连接令牌,未启用全局设置" -#: authentication/api/connection_token.py:424 +#: authentication/api/connection_token.py:425 msgid "Anonymous account is not supported for this asset" msgstr "匿名账号不支持当前资产" -#: authentication/api/connection_token.py:454 +#: authentication/api/connection_token.py:455 msgid "Permission expired" msgstr "授权已过期" -#: authentication/api/connection_token.py:487 +#: authentication/api/connection_token.py:488 msgid "ACL action is reject: {}({})" msgstr "ACL 动作是拒绝: {}({})" -#: authentication/api/connection_token.py:491 +#: authentication/api/connection_token.py:492 msgid "ACL action is review" msgstr "ACL 动作是复核" -#: authentication/api/connection_token.py:501 +#: authentication/api/connection_token.py:502 msgid "ACL action is face verify" msgstr "ACL 动作是人脸验证" -#: authentication/api/connection_token.py:506 +#: authentication/api/connection_token.py:507 msgid "ACL action not supported for this asset" msgstr "资产登录规则不支持当前资产" -#: authentication/api/connection_token.py:513 +#: authentication/api/connection_token.py:514 msgid "ACL action is face online" msgstr "ACL 动作是人脸在线" -#: authentication/api/connection_token.py:532 +#: authentication/api/connection_token.py:533 msgid "No available face feature" msgstr "没有可用的人脸特征" @@ -4194,13 +4200,13 @@ msgstr "私有令牌" #: authentication/models/ssh_key.py:15 terminal/serializers/storage.py:146 #: users/models/user/__init__.py:94 -#: xpack/plugins/cloud/serializers/account_attrs.py:229 +#: xpack/plugins/cloud/serializers/account_attrs.py:237 msgid "Private key" msgstr "ssh私钥" #: authentication/models/ssh_key.py:18 settings/serializers/terminal.py:38 #: users/forms/profile.py:175 users/models/user/__init__.py:97 -#: xpack/plugins/cloud/serializers/account_attrs.py:226 +#: xpack/plugins/cloud/serializers/account_attrs.py:234 msgid "Public key" msgstr "SSH公钥" @@ -4310,7 +4316,7 @@ msgid "" msgstr "创建完成后请下载私钥,每个私钥只有一次下载机会" #: authentication/serializers/ssh_key.py:57 users/forms/profile.py:164 -#: users/serializers/profile.py:129 users/serializers/profile.py:156 +#: users/serializers/profile.py:130 users/serializers/profile.py:160 msgid "Not a valid ssh public key" msgstr "SSH密钥不合法" @@ -4320,16 +4326,30 @@ msgstr "SSH密钥不合法" msgid "Is valid" msgstr "是否有效" -#: authentication/tasks.py:13 +#: authentication/tasks.py:19 msgid "Clean expired session" msgstr "清除过期会话" -#: authentication/tasks.py:15 +#: authentication/tasks.py:21 msgid "" "Since user logins create sessions, the system will clean up expired sessions " "every 24 hours" msgstr "由于用户登录系统会产生会话,系统会每24小时清理已经过期的会话" +#: authentication/tasks.py:30 +msgid "Clean expired temporary, connection tokens" +msgstr "清理过期的临时密码和连接令牌" + +#: authentication/tasks.py:32 +msgid "" +"When connecting to assets or generating temporary passwords, the system " +"creates corresponding connection tokens or temporary credential records. To " +"maintain security and manage storage, the system automatically deletes " +"expired tokens every day at 2:00 AM based on the retention settings " +"configured under System settings > Security > User password > Token " +"Retention Period" +msgstr "系统在连接资产或创建临时密码时,会生成相应的连接 Token 或临时密码记录。为了保障系统安全并控制数据存储量,系统会根据“安全设置 > 密码安全 > Token 保留时长”中的配置,每天凌晨 2 点自动清理所有已过期的 Token 记录" + #: authentication/templates/authentication/_access_key_modal.html:6 msgid "API key list" msgstr "API Key列表" @@ -4421,7 +4441,7 @@ msgid "Your account has just been bound to" msgstr "您的帐户刚刚绑定到" #: authentication/templates/authentication/_msg_oauth_bind.html:11 -#: notifications/notifications.py:202 +#: notifications/notifications.py:203 #: settings/templates/ldap/_msg_import_ldap_user.html:3 msgid "Time" msgstr "时间" @@ -4557,8 +4577,8 @@ msgstr "本页面未使用 HTTPS 协议,请使用 HTTPS 协议以确保您的 msgid "Do you want to retry ?" msgstr "是否重试 ?" -#: authentication/utils.py:27 common/utils/ip/geoip/utils.py:24 -#: xpack/plugins/cloud/const.py:33 +#: authentication/utils.py:27 common/utils/ip/geoip/utils.py:26 +#: xpack/plugins/cloud/const.py:34 msgid "LAN" msgstr "局域网" @@ -4835,7 +4855,7 @@ msgstr "无效的ID,应为列表" #: xpack/plugins/cloud/serializers/account_attrs.py:20 #: xpack/plugins/cloud/serializers/account_attrs.py:71 #: xpack/plugins/cloud/serializers/account_attrs.py:95 -#: xpack/plugins/cloud/serializers/account_attrs.py:166 +#: xpack/plugins/cloud/serializers/account_attrs.py:174 msgid "This field is required." msgstr "该字段是必填项。" @@ -5044,6 +5064,10 @@ msgstr "自定义短信文件无效" msgid "SMS sending failed[%s]: %s" msgstr "短信发送失败[%s]: %s" +#: common/sdk/sms/custom_file.py:47 common/serializers/common.py:98 +msgid "File" +msgstr "文件" + #: common/sdk/sms/endpoint.py:16 msgid "Alibaba cloud" msgstr "阿里云" @@ -5088,10 +5112,6 @@ msgstr "请在 {} 秒后发送" msgid "Children" msgstr "节点" -#: common/serializers/common.py:98 -msgid "File" -msgstr "文件" - #: common/serializers/fields.py:139 msgid "Invalid data type" msgstr "无效的数据" @@ -5111,7 +5131,7 @@ msgid "Invalid data type, should be list" msgstr "错误的数据类型,应该是列表" #: common/serializers/fields.py:237 -#: xpack/plugins/cloud/serializers/account.py:114 +#: xpack/plugins/cloud/serializers/account.py:115 #: xpack/plugins/cloud/serializers/task.py:122 msgid "Invalid choice: {}" msgstr "无效选项: {}" @@ -5153,7 +5173,7 @@ msgid "" "external storage (SFTP)" msgstr "当执行账号备份,需要到外部存储(sftp),执行该任务" -#: common/utils/ip/geoip/utils.py:26 +#: common/utils/ip/geoip/utils.py:28 msgid "Invalid ip" msgstr "无效 IP" @@ -5214,6 +5234,10 @@ msgstr "你的账号已创建成功" msgid "JumpServer - An open-source PAM" msgstr "JumpServer 开源堡垒机" +#: jumpserver/context_processor.py:28 +msgid "FIT2CLOUD" +msgstr "" + #: jumpserver/views/celery_flower.py:22 msgid "

Flower service unavailable, check it

" msgstr "Flower 服务不可用,请检查" @@ -5245,7 +5269,7 @@ msgstr "" msgid "App Labels" msgstr "标签管理" -#: labels/models.py:15 settings/serializers/security.py:207 +#: labels/models.py:15 settings/serializers/security.py:212 msgid "Color" msgstr "颜色" @@ -5293,11 +5317,11 @@ msgstr "{} 订阅" msgid "System message" msgstr "系统信息" -#: notifications/notifications.py:46 +#: notifications/notifications.py:47 msgid "Publish the station message" msgstr "发布站内消息" -#: notifications/notifications.py:48 +#: notifications/notifications.py:49 msgid "" "This task needs to be executed for sending internal messages for system " "alerts, \n" @@ -6304,7 +6328,7 @@ msgid "Storage" msgstr "存储" #: rbac/tree.py:61 terminal/models/applet/applet.py:53 -#: terminal/models/applet/applet.py:369 terminal/models/applet/host.py:30 +#: terminal/models/applet/applet.py:371 terminal/models/applet/host.py:30 #: terminal/serializers/applet.py:15 msgid "Applet" msgstr "远程应用" @@ -7061,7 +7085,7 @@ msgid "SSO auth key TTL" msgstr "令牌有效期" #: settings/serializers/auth/sso.py:20 -#: xpack/plugins/cloud/serializers/account_attrs.py:216 +#: xpack/plugins/cloud/serializers/account_attrs.py:224 msgid "Unit: second" msgstr "单位: 秒" @@ -7218,7 +7242,7 @@ msgstr "租户 ID" #: settings/serializers/feature.py:110 terminal/serializers/storage.py:68 #: xpack/plugins/cloud/manager.py:119 xpack/plugins/cloud/manager.py:124 -#: xpack/plugins/cloud/models.py:292 +#: xpack/plugins/cloud/manager.py:161 xpack/plugins/cloud/models.py:292 msgid "Region" msgstr "地域" @@ -7434,68 +7458,77 @@ msgstr "" "期前5天内由系统 (每天)自动发送给用户" #: settings/serializers/security.py:28 +msgid "User expired tokens record keep days" +msgstr "用户过期 Token 保留天数" + +#: settings/serializers/security.py:29 +msgid "" +"Retention period (in days) for expired user tokens before automatic cleanup." +msgstr "系统在每日清理任务中永久删除用户过期 token 记录之前,保留这些记录的天数" + +#: settings/serializers/security.py:33 msgid "Recent password count" msgstr "不能设置近几次密码" -#: settings/serializers/security.py:30 +#: settings/serializers/security.py:35 msgid "" "Tip: When the user resets the password, it cannot be the previous n " "historical passwords of the user" msgstr "提示:用户重置密码时,不能为该用户前几次使用过的密码" -#: settings/serializers/security.py:36 +#: settings/serializers/security.py:41 msgid "Minimum length (User)" msgstr "密码最小长度" -#: settings/serializers/security.py:40 +#: settings/serializers/security.py:45 msgid "Minimum length (Admin)" msgstr "管理员密码最小长度" -#: settings/serializers/security.py:49 +#: settings/serializers/security.py:54 msgid "Digits" msgstr "必须包含数字" -#: settings/serializers/security.py:52 +#: settings/serializers/security.py:57 msgid "Special characters" msgstr "必须包含特殊字符" -#: settings/serializers/security.py:57 +#: settings/serializers/security.py:62 msgid "" "If the user has failed to log in for a limited number of times, no login is " "allowed during this time interval." msgstr "当用户登录失败次数达到限制后,那么在此间隔内禁止登录" -#: settings/serializers/security.py:65 settings/serializers/security.py:75 +#: settings/serializers/security.py:70 settings/serializers/security.py:80 msgid "Login failures count" msgstr "限制用户登录失败次数" -#: settings/serializers/security.py:69 settings/serializers/security.py:79 +#: settings/serializers/security.py:74 settings/serializers/security.py:84 msgid "Login failure period (minute)" msgstr "禁止用户登录间隔 (分)" -#: settings/serializers/security.py:83 +#: settings/serializers/security.py:88 msgid "Login IP whitelist" msgstr "IP 登录白名单" -#: settings/serializers/security.py:88 +#: settings/serializers/security.py:93 msgid "Login IP blacklist" msgstr "IP 登录黑名单" -#: settings/serializers/security.py:93 +#: settings/serializers/security.py:98 msgid "Only single device login" msgstr "仅一台设备登录" -#: settings/serializers/security.py:94 +#: settings/serializers/security.py:99 msgid "" "After the user logs in on the new device, other logged-in devices will " "automatically log out" msgstr "用户在新设备登录后,其他已登录的设备会自动退出" -#: settings/serializers/security.py:97 +#: settings/serializers/security.py:102 msgid "Only exist user login" msgstr "仅已存在用户登录" -#: settings/serializers/security.py:99 +#: settings/serializers/security.py:104 msgid "" "If enabled, non-existent users will not be allowed to log in; if disabled, " "users of other authentication methods except local authentication methods " @@ -7505,11 +7538,11 @@ msgstr "" "如果开启,不存在的用户将不被允许登录;如果关闭,除本地认证方式外,其他认证方" "式的用户都允许登录并自动创建用户 (如果用户不存在)" -#: settings/serializers/security.py:105 +#: settings/serializers/security.py:110 msgid "Only from source login" msgstr "仅从用户来源登录" -#: settings/serializers/security.py:107 +#: settings/serializers/security.py:112 msgid "" "If it is enabled, the user will only authenticate to the source when logging " "in; if it is disabled, the user will authenticate all the enabled " @@ -7519,78 +7552,78 @@ msgstr "" "如果开启,用户登录时仅会向来源端进行认证;如果关闭,用户登录时会按照一定的顺" "序对所有已开启的认证方式进行顺序认证,只要有一个认证成功就可以直接登录" -#: settings/serializers/security.py:118 +#: settings/serializers/security.py:123 #: users/templates/users/mfa_setting.html:160 msgid "Not enabled" msgstr "未启用" -#: settings/serializers/security.py:119 +#: settings/serializers/security.py:124 msgid "All users" msgstr "所有用户" -#: settings/serializers/security.py:120 +#: settings/serializers/security.py:125 msgid "Only admin users" msgstr "仅管理员" -#: settings/serializers/security.py:122 +#: settings/serializers/security.py:127 msgid "Global MFA" msgstr "全局启用 MFA 认证" -#: settings/serializers/security.py:126 +#: settings/serializers/security.py:131 msgid "Third-party login MFA" msgstr "第三方认证开启 MFA" -#: settings/serializers/security.py:127 +#: settings/serializers/security.py:132 msgid "The third-party login modes include OIDC, CAS, and SAML2" msgstr "第三方登录方式包括: OIDC、CAS、SAML2" -#: settings/serializers/security.py:131 +#: settings/serializers/security.py:136 msgid "MFA via Email" msgstr "邮件验证 MFA" -#: settings/serializers/security.py:132 +#: settings/serializers/security.py:137 msgid "Email as a method for multi-factor authentication" msgstr "将电子邮件作为多因子认证的一种方式" -#: settings/serializers/security.py:135 +#: settings/serializers/security.py:140 msgid "OTP issuer name" msgstr "OTP 扫描后的名称" -#: settings/serializers/security.py:139 +#: settings/serializers/security.py:144 msgid "OTP valid window" msgstr "OTP 延迟有效次数" -#: settings/serializers/security.py:143 +#: settings/serializers/security.py:148 msgid "MFA verify TTL" msgstr "MFA 校验有效期" -#: settings/serializers/security.py:145 +#: settings/serializers/security.py:150 msgid "" "Unit: second, The verification MFA takes effect only when you view the " "account password" msgstr "单位:秒,目前仅在查看账号密码校验 MFA 时生效" -#: settings/serializers/security.py:150 +#: settings/serializers/security.py:155 msgid "MFA in login page" msgstr "MFA 在登录页面输入" -#: settings/serializers/security.py:151 +#: settings/serializers/security.py:156 msgid "Eu security regulations(GDPR) require MFA to be on the login page" msgstr "欧盟数据安全法规(GDPR) 要求 MFA 在登录页面,来确保系统登录安全" -#: settings/serializers/security.py:155 +#: settings/serializers/security.py:160 msgid "Verify code TTL (second)" msgstr "验证码有效时间 (分)" -#: settings/serializers/security.py:156 +#: settings/serializers/security.py:161 msgid "Reset password and send SMS code expiration time" msgstr "重置密码的验证码及发送短信的验证码过期时间" -#: settings/serializers/security.py:160 +#: settings/serializers/security.py:165 msgid "Login dynamic code" msgstr "启用登录附加码" -#: settings/serializers/security.py:161 +#: settings/serializers/security.py:166 msgid "" "The password and additional code are sent to a third party authentication " "system for verification" @@ -7598,19 +7631,19 @@ msgstr "" "密码和附加码一并发送给第三方认证系统进行校验, 如:有的第三方认证系统,需要 密" "码+6位数字 完成认证" -#: settings/serializers/security.py:165 +#: settings/serializers/security.py:170 msgid "Login captcha" msgstr "启用登录验证码" -#: settings/serializers/security.py:166 +#: settings/serializers/security.py:171 msgid "Enable captcha to prevent robot authentication" msgstr "开启验证码,防止机器人登录" -#: settings/serializers/security.py:169 +#: settings/serializers/security.py:174 msgid "Suspicious Login Verification" msgstr "异地登录通知" -#: settings/serializers/security.py:171 +#: settings/serializers/security.py:176 msgid "" "The system determines whether the login IP address belongs to a common login " "city. If the account is logged in from a common login city, the system sends " @@ -7619,101 +7652,101 @@ msgstr "" "根据登录 IP 是否所属常用登录城市进行判断,若账号在非常用城市登录,会发送异地" "登录提醒" -#: settings/serializers/security.py:177 +#: settings/serializers/security.py:182 msgid "Auto Disable Threshold (day)" msgstr "不活跃用户自动禁用 (天)" -#: settings/serializers/security.py:178 +#: settings/serializers/security.py:183 msgid "" "Detect infrequent users daily and disable them if they exceed the " "predetermined time limit" msgstr "每天检测一次,超过预设时间的用户自动禁用" -#: settings/serializers/security.py:198 +#: settings/serializers/security.py:203 msgid "Watermark" msgstr "开启水印" -#: settings/serializers/security.py:201 +#: settings/serializers/security.py:206 msgid "Watermark session content" msgstr "会话水印自定义内容" -#: settings/serializers/security.py:204 +#: settings/serializers/security.py:209 msgid "Watermark console content" msgstr "管理页面水印自定义内容" -#: settings/serializers/security.py:210 +#: settings/serializers/security.py:215 msgid "Watermark font size" msgstr "字体字号" -#: settings/serializers/security.py:213 +#: settings/serializers/security.py:218 msgid "Watermark height" msgstr "单个水印高度" -#: settings/serializers/security.py:216 +#: settings/serializers/security.py:221 msgid "Watermark width" msgstr "单个水印宽度" -#: settings/serializers/security.py:219 +#: settings/serializers/security.py:224 msgid "Watermark rotate" msgstr "水印旋转角度" -#: settings/serializers/security.py:223 +#: settings/serializers/security.py:228 msgid "Max idle time (minute)" msgstr "连接最大空闲时间 (分)" -#: settings/serializers/security.py:224 +#: settings/serializers/security.py:229 msgid "If idle time more than it, disconnect connection." msgstr "提示:如果超过该配置没有操作,连接会被断开" -#: settings/serializers/security.py:227 +#: settings/serializers/security.py:232 msgid "Session expire at browser closed" msgstr "会话在浏览器关闭时过期" -#: settings/serializers/security.py:228 +#: settings/serializers/security.py:233 msgid "Whether to expire the session when the user closes their browser." msgstr "当用户关闭浏览器时是否使会话过期。" -#: settings/serializers/security.py:233 +#: settings/serializers/security.py:238 msgid "Allow users to view asset session information" msgstr "允许用户查看资产在线会话信息" -#: settings/serializers/security.py:235 +#: settings/serializers/security.py:240 msgid "" "When a user connects to an asset, the account selection popup displays the " "number of active sessions for the current asset (RDP protocol only)." msgstr "" "当用户连接资产时,账号选择弹窗中显示当前资产的在线会话数量(仅 rdp 协议)" -#: settings/serializers/security.py:241 +#: settings/serializers/security.py:246 msgid "Max online time (hour)" msgstr "会话连接最大时间 (时)" -#: settings/serializers/security.py:242 +#: settings/serializers/security.py:247 msgid "If session connection time more than it, disconnect connection." msgstr "提示:如果会话连接超过该配置,连接会被断开" -#: settings/serializers/security.py:245 +#: settings/serializers/security.py:250 msgid "Remember manual auth" msgstr "保存手动输入密码" -#: settings/serializers/security.py:248 +#: settings/serializers/security.py:253 #: terminal/templates/terminal/_msg_session_sharing.html:10 msgid "Session share" msgstr "会话分享" -#: settings/serializers/security.py:249 +#: settings/serializers/security.py:254 msgid "Enabled, Allows user active session to be shared with other users" msgstr "开启后允许用户分享已连接的资产会话给他人,协同工作" -#: settings/serializers/security.py:255 +#: settings/serializers/security.py:260 msgid "Insecure command alert" msgstr "危险命令告警" -#: settings/serializers/security.py:258 +#: settings/serializers/security.py:263 msgid "Email recipient" msgstr "邮件收件人" -#: settings/serializers/security.py:259 +#: settings/serializers/security.py:264 msgid "Multiple user using , split" msgstr "多个用户,使用 , 分割" @@ -7973,7 +8006,7 @@ msgid ", disabled {}" msgstr ", 禁用 {}" #: templates/_csv_import_export.html:13 templates/_csv_import_modal.html:5 -#: xpack/plugins/cloud/const.py:70 +#: xpack/plugins/cloud/const.py:71 msgid "Import" msgstr "导入" @@ -8201,7 +8234,7 @@ msgstr "会话不存在: {}" msgid "Session is finished or the protocol not supported" msgstr "会话已经完成或协议不支持" -#: terminal/api/session/session.py:345 +#: terminal/api/session/session.py:345 tickets/api/ticket.py:140 msgid "User does not have permission" msgstr "用户没有权限" @@ -8386,12 +8419,12 @@ msgstr "只支持自定义平台" msgid "Missing type in platform.yml" msgstr "在 platform.yml 中缺少类型" -#: terminal/models/applet/applet.py:371 terminal/models/applet/host.py:36 +#: terminal/models/applet/applet.py:373 terminal/models/applet/host.py:36 #: terminal/models/applet/host.py:138 msgid "Hosting" msgstr "宿主机" -#: terminal/models/applet/applet.py:377 +#: terminal/models/applet/applet.py:379 msgid "Applet Publication" msgstr "应用发布" @@ -8691,8 +8724,8 @@ msgstr "命令及录像存储" #: terminal/notifications.py:258 terminal/tasks.py:212 #: xpack/plugins/cloud/api.py:182 -#: xpack/plugins/cloud/serializers/account.py:136 -#: xpack/plugins/cloud/serializers/account.py:138 +#: xpack/plugins/cloud/serializers/account.py:137 +#: xpack/plugins/cloud/serializers/account.py:139 msgid "Test failure: Account invalid" msgstr "测试失败: 账号无效" @@ -8749,9 +8782,9 @@ msgid "" "days. Detail" msgstr "" -"如果不存在,RDS 将处于试用模式,试用期为 120 天。详情" +"如果不存在,RDS 将处于试用模式,试用期为 120 天。详情" #: terminal/serializers/applet_host.py:55 msgid "RDS License Server" @@ -8900,7 +8933,7 @@ msgstr "是否可加入" msgid "Can terminate" msgstr "是否可中断" -#: terminal/serializers/session.py:51 users/serializers/profile.py:185 +#: terminal/serializers/session.py:51 users/serializers/profile.py:189 msgid "User ID" msgstr "用户 ID" @@ -8969,8 +9002,8 @@ msgid "" "If there are multiple hosts, use a comma (,) to separate them.
(For " "example: http://www.jumpserver.a.com:9100, http://www.jumpserver.b.com:9100)" msgstr "" -"如果有多个主机,请用逗号 (,) 分隔它们。
(例如:http://www.jumpserver.a." -"com:9100,http://www.jumpserver.b.com:9100)" +"如果有多个主机,请用逗号 (,) 分隔它们。
(例如:http://" +"www.jumpserver.a.com:9100,http://www.jumpserver.b.com:9100)" #: terminal/serializers/storage.py:199 msgid "Index by date" @@ -9723,7 +9756,7 @@ msgstr "OTP 密钥" # msgid "Private key" # msgstr "ssh私钥" -#: users/models/user/__init__.py:100 users/serializers/profile.py:85 +#: users/models/user/__init__.py:100 users/serializers/profile.py:86 #: users/serializers/user.py:256 msgid "Is first login" msgstr "首次登录" @@ -9822,7 +9855,7 @@ msgstr "" msgid "The newly set password is inconsistent" msgstr "两次密码不一致" -#: users/serializers/preference/lina.py:47 +#: users/serializers/preference/lina.py:47 users/serializers/profile.py:66 msgid "Language" msgstr "语言" @@ -9897,7 +9930,7 @@ msgstr "命令行" msgid "The old password is incorrect" msgstr "旧密码错误" -#: users/serializers/profile.py:29 users/serializers/profile.py:143 +#: users/serializers/profile.py:29 users/serializers/profile.py:144 msgid "Password does not match security rules" msgstr "密码不满足安全规则" @@ -9905,7 +9938,7 @@ msgstr "密码不满足安全规则" msgid "The new password cannot be the last {} passwords" msgstr "新密码不能是最近 {} 次的密码" -#: users/serializers/profile.py:190 +#: users/serializers/profile.py:194 msgid "Perms" msgstr "权限" @@ -10290,11 +10323,11 @@ msgstr "账号保护已开启,请根据提示完成以下操作" msgid "Open MFA Authenticator and enter the 6-bit dynamic code" msgstr "请打开 MFA 验证器,输入 6 位动态码" -#: users/utils.py:60 +#: users/utils.py:59 msgid "Auth success" msgstr "认证成功" -#: users/utils.py:61 +#: users/utils.py:60 msgid "Redirecting to JumpServer Client" msgstr "重定向到 JumpServer 客户端" @@ -10466,67 +10499,71 @@ msgstr "OpenStack" msgid "ZStack" msgstr "ZStack" -#: xpack/plugins/cloud/const.py:30 +#: xpack/plugins/cloud/const.py:30 xpack/plugins/cloud/providers/smartx.py:9 +msgid "SmartX CloudTower" +msgstr "" + +#: xpack/plugins/cloud/const.py:31 msgid "Fusion Compute" msgstr "融合计算" -#: xpack/plugins/cloud/const.py:31 +#: xpack/plugins/cloud/const.py:32 msgid "SCP" msgstr "深信服SCP" -#: xpack/plugins/cloud/const.py:32 +#: xpack/plugins/cloud/const.py:33 msgid "Apsara Stack" msgstr "阿里云专有云" -#: xpack/plugins/cloud/const.py:42 +#: xpack/plugins/cloud/const.py:43 msgid "Private IP" msgstr "私有IP" -#: xpack/plugins/cloud/const.py:43 +#: xpack/plugins/cloud/const.py:44 msgid "Public IP" msgstr "公网IP" -#: xpack/plugins/cloud/const.py:47 xpack/plugins/cloud/models.py:372 +#: xpack/plugins/cloud/const.py:48 xpack/plugins/cloud/models.py:372 msgid "Instance name" msgstr "实例名称" -#: xpack/plugins/cloud/const.py:48 +#: xpack/plugins/cloud/const.py:49 msgid "Instance name and Partial IP" msgstr "实例名称和部分IP" -#: xpack/plugins/cloud/const.py:53 +#: xpack/plugins/cloud/const.py:54 msgid "Succeed" msgstr "成功" -#: xpack/plugins/cloud/const.py:57 xpack/plugins/cloud/manager.py:107 +#: xpack/plugins/cloud/const.py:58 xpack/plugins/cloud/manager.py:107 msgid "Unsync" msgstr "未同步" -#: xpack/plugins/cloud/const.py:58 xpack/plugins/cloud/manager.py:106 +#: xpack/plugins/cloud/const.py:59 xpack/plugins/cloud/manager.py:106 msgid "New Sync" msgstr "新同步" -#: xpack/plugins/cloud/const.py:59 xpack/plugins/cloud/manager.py:106 +#: xpack/plugins/cloud/const.py:60 xpack/plugins/cloud/manager.py:106 msgid "Synced" msgstr "已同步" -#: xpack/plugins/cloud/const.py:60 xpack/plugins/cloud/manager.py:108 +#: xpack/plugins/cloud/const.py:61 xpack/plugins/cloud/manager.py:108 msgid "Released" msgstr "已释放" -#: xpack/plugins/cloud/const.py:64 +#: xpack/plugins/cloud/const.py:65 msgid "And" msgstr "与" -#: xpack/plugins/cloud/const.py:65 +#: xpack/plugins/cloud/const.py:66 msgid "Or" msgstr "或" -#: xpack/plugins/cloud/const.py:69 +#: xpack/plugins/cloud/const.py:70 msgid "Sync region" msgstr "已同步组织" -#: xpack/plugins/cloud/const.py:71 +#: xpack/plugins/cloud/const.py:72 msgid "Imported" msgstr "导入" @@ -10568,6 +10605,10 @@ msgstr "同步地区" msgid "Get instances of region \"%s\" error, error: %s" msgstr "获取区域 \"%s\" 的实例错误,错误:%s" +#: xpack/plugins/cloud/manager.py:161 xpack/plugins/cloud/models.py:289 +msgid "Instance" +msgstr "实例" + #: xpack/plugins/cloud/manager.py:187 #, python-format msgid "Failed to synchronize the instance \"%s\"" @@ -10629,7 +10670,7 @@ msgid "Cloud center" msgstr "云管中心" #: xpack/plugins/cloud/models.py:43 -#: xpack/plugins/cloud/serializers/account.py:98 +#: xpack/plugins/cloud/serializers/account.py:99 msgid "Attrs" msgstr "属性" @@ -10646,7 +10687,7 @@ msgid "Test cloud account" msgstr "测试云账号" #: xpack/plugins/cloud/models.py:109 -#: xpack/plugins/cloud/serializers/account.py:76 +#: xpack/plugins/cloud/serializers/account.py:77 #: xpack/plugins/cloud/serializers/task.py:170 #: xpack/plugins/cloud/serializers/task.py:171 msgid "Regions" @@ -10710,10 +10751,6 @@ msgstr "同步任务" msgid "Sync instance task history" msgstr "同步实例任务历史" -#: xpack/plugins/cloud/models.py:289 -msgid "Instance" -msgstr "实例" - #: xpack/plugins/cloud/models.py:306 msgid "Sync instance detail" msgstr "同步实例详情" @@ -10998,11 +11035,11 @@ msgstr "华东-宿迁" msgid "Port \"%(port)s\" of instance IP \"%(ip)s\" is not reachable" msgstr "实例 IP %(ip)s 的端口%(port)s 无法访问" -#: xpack/plugins/cloud/serializers/account.py:99 +#: xpack/plugins/cloud/serializers/account.py:100 msgid "Validity display" msgstr "有效性显示" -#: xpack/plugins/cloud/serializers/account.py:100 +#: xpack/plugins/cloud/serializers/account.py:101 msgid "Provider display" msgstr "服务商显示" @@ -11018,11 +11055,15 @@ msgstr "订阅 ID" msgid "Auto node classification" msgstr "自动节点分类" +#: xpack/plugins/cloud/serializers/account_attrs.py:108 +msgid "domain_name" +msgstr "域名称" + #: xpack/plugins/cloud/serializers/account_attrs.py:114 #: xpack/plugins/cloud/serializers/account_attrs.py:118 -#: xpack/plugins/cloud/serializers/account_attrs.py:142 -#: xpack/plugins/cloud/serializers/account_attrs.py:172 -#: xpack/plugins/cloud/serializers/account_attrs.py:222 +#: xpack/plugins/cloud/serializers/account_attrs.py:150 +#: xpack/plugins/cloud/serializers/account_attrs.py:180 +#: xpack/plugins/cloud/serializers/account_attrs.py:230 msgid "API Endpoint" msgstr "API 端点" @@ -11038,31 +11079,31 @@ msgstr "如: http://openstack.example.com:5000/v3" msgid "User domain" msgstr "用户域" -#: xpack/plugins/cloud/serializers/account_attrs.py:143 +#: xpack/plugins/cloud/serializers/account_attrs.py:151 msgid "Cert File" msgstr "证书文件" -#: xpack/plugins/cloud/serializers/account_attrs.py:144 +#: xpack/plugins/cloud/serializers/account_attrs.py:152 msgid "Key File" msgstr "密钥文件" -#: xpack/plugins/cloud/serializers/account_attrs.py:160 +#: xpack/plugins/cloud/serializers/account_attrs.py:168 msgid "Service account key" msgstr "服务账号密钥" -#: xpack/plugins/cloud/serializers/account_attrs.py:161 +#: xpack/plugins/cloud/serializers/account_attrs.py:169 msgid "The file is in JSON format" msgstr "JSON 格式的文件" -#: xpack/plugins/cloud/serializers/account_attrs.py:179 +#: xpack/plugins/cloud/serializers/account_attrs.py:187 msgid "IP address invalid `{}`, {}" msgstr "IP 地址无效: `{}`, {}" -#: xpack/plugins/cloud/serializers/account_attrs.py:195 +#: xpack/plugins/cloud/serializers/account_attrs.py:203 msgid "Such as: 192.168.1.0/24, 10.0.0.0-10.0.0.255" msgstr "例: 192.168.1.0/24,10.0.0.0-10.0.0.255" -#: xpack/plugins/cloud/serializers/account_attrs.py:198 +#: xpack/plugins/cloud/serializers/account_attrs.py:206 msgid "" "The port is used to detect the validity of the IP address. When the " "synchronization task is executed, only the valid IP address will be " @@ -11071,23 +11112,23 @@ msgstr "" "端口用来检测 IP 地址的有效性,在同步任务执行时,只会同步有效的 IP 地址。
" "如果端口为 0,则表示所有 IP 地址均有效。" -#: xpack/plugins/cloud/serializers/account_attrs.py:206 +#: xpack/plugins/cloud/serializers/account_attrs.py:214 msgid "Hostname prefix" msgstr "主机名前缀" -#: xpack/plugins/cloud/serializers/account_attrs.py:209 +#: xpack/plugins/cloud/serializers/account_attrs.py:217 msgid "IP segment" msgstr "IP 网段" -#: xpack/plugins/cloud/serializers/account_attrs.py:213 +#: xpack/plugins/cloud/serializers/account_attrs.py:221 msgid "Test port" msgstr "测试端口" -#: xpack/plugins/cloud/serializers/account_attrs.py:216 +#: xpack/plugins/cloud/serializers/account_attrs.py:224 msgid "Test timeout" msgstr "测试超时时间" -#: xpack/plugins/cloud/serializers/account_attrs.py:232 +#: xpack/plugins/cloud/serializers/account_attrs.py:240 msgid "Project" msgstr "project" @@ -11173,8 +11214,3 @@ msgstr "许可证导入成功" #: xpack/plugins/license/api.py:53 msgid "Invalid license" msgstr "许可证无效" - -#, fuzzy -#~| msgid "Domain name" -#~ msgid "domain_name" -#~ msgstr "域名称" diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index d4dfd1127..e9c67e4f4 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -577,6 +577,7 @@ class Config(dict): 'SECURITY_MAX_IDLE_TIME': 30, 'SECURITY_MAX_SESSION_TIME': 24, 'SECURITY_PASSWORD_EXPIRATION_TIME': 9999, + 'SECURITY_EXPIRED_TOKEN_RECORD_KEEP_DAYS': 180, 'SECURITY_PASSWORD_MIN_LENGTH': 6, 'SECURITY_ADMIN_USER_PASSWORD_MIN_LENGTH': 6, 'SECURITY_PASSWORD_UPPER_CASE': False, diff --git a/apps/jumpserver/settings/custom.py b/apps/jumpserver/settings/custom.py index 7c656d019..33c49913d 100644 --- a/apps/jumpserver/settings/custom.py +++ b/apps/jumpserver/settings/custom.py @@ -40,6 +40,7 @@ SECURITY_MAX_SESSION_TIME = CONFIG.SECURITY_MAX_SESSION_TIME # Unit: hour SECURITY_COMMAND_EXECUTION = CONFIG.SECURITY_COMMAND_EXECUTION SECURITY_COMMAND_BLACKLIST = CONFIG.SECURITY_COMMAND_BLACKLIST SECURITY_PASSWORD_EXPIRATION_TIME = CONFIG.SECURITY_PASSWORD_EXPIRATION_TIME # Unit: day +SECURITY_EXPIRED_TOKEN_RECORD_KEEP_DAYS = CONFIG.SECURITY_EXPIRED_TOKEN_RECORD_KEEP_DAYS SECURITY_PASSWORD_MIN_LENGTH = CONFIG.SECURITY_PASSWORD_MIN_LENGTH # Unit: bit SECURITY_ADMIN_USER_PASSWORD_MIN_LENGTH = CONFIG.SECURITY_ADMIN_USER_PASSWORD_MIN_LENGTH # Unit: bit OLD_PASSWORD_HISTORY_LIMIT_COUNT = CONFIG.OLD_PASSWORD_HISTORY_LIMIT_COUNT diff --git a/apps/settings/serializers/public.py b/apps/settings/serializers/public.py index 6e72e59e2..da047edfd 100644 --- a/apps/settings/serializers/public.py +++ b/apps/settings/serializers/public.py @@ -27,6 +27,7 @@ class PrivateSettingSerializer(PublicSettingSerializer): SECURITY_COMMAND_EXECUTION = serializers.BooleanField() SECURITY_COMMAND_BLACKLIST = serializers.ListField() SECURITY_PASSWORD_EXPIRATION_TIME = serializers.IntegerField() + SECURITY_EXPIRED_TOKEN_RECORD_KEEP_DAYS = serializers.IntegerField() SECURITY_LUNA_REMEMBER_AUTH = serializers.BooleanField() SECURITY_WATERMARK_ENABLED = serializers.BooleanField() SECURITY_WATERMARK_SESSION_CONTENT = serializers.CharField() diff --git a/apps/settings/serializers/security.py b/apps/settings/serializers/security.py index 0b83f0f99..6e6e1bf38 100644 --- a/apps/settings/serializers/security.py +++ b/apps/settings/serializers/security.py @@ -23,6 +23,11 @@ class SecurityPasswordRuleSerializer(serializers.Serializer): 'automatic sent to the user by system within 5 days (daily) before the password expires' ) ) + SECURITY_EXPIRED_TOKEN_RECORD_KEEP_DAYS = serializers.IntegerField( + min_value=1, max_value=99999, required=True, + label=_('User expired tokens record keep days'), + help_text=_("Retention period (in days) for expired user tokens before automatic cleanup.") + ) OLD_PASSWORD_HISTORY_LIMIT_COUNT = serializers.IntegerField( min_value=0, max_value=99999, required=True, label=_('Recent password count'),