github/jumpserver
1
0
Fork 0
mirror of https://github.com/jumpserver/jumpserver.git synced 2025-06-25 06:21:58 +00:00
Code Issues Projects Releases Wiki Activity

perf: Add retention period for expired user tokens and implement cleanup task

Browse Source
This commit is contained in:
wangruidong 2025-05-29 15:19:30 +08:00 committed by 老广
parent 53a84850dc
commit 3f85c67aee
6 changed files with 267 additions and 194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
apps/authentication/tasks.py
View File

@ -1,12 +1,18 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# #
import datetime
import logging
from celery import shared_task from celery import shared_task
from django.conf import settings
from django.contrib.sessions.models import Session from django.contrib.sessions.models import Session
from django.utils import timezone from django.utils import timezone
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
from authentication.models import ConnectionToken, TempToken
from common.const.crontab import CRONTAB_AT_AM_TWO
from ops.celery.decorator import register_as_period_task from ops.celery.decorator import register_as_period_task
from orgs.utils import tmp_to_root_org
@shared_task( @shared_task(
@ -18,3 +24,26 @@ from ops.celery.decorator import register_as_period_task
@register_as_period_task(interval=3600 * 24) @register_as_period_task(interval=3600 * 24)
def clean_django_sessions(): def clean_django_sessions():
Session.objects.filter(expire_date__lt=timezone.now()).delete() Session.objects.filter(expire_date__lt=timezone.now()).delete()
@shared_task(
verbose_name=_('Clean expired temporary, connection tokens'),
description=_(
"When connecting to assets or generating temporary passwords, the system creates corresponding connection "
"tokens or temporary credential records. To maintain security and manage storage, the system automatically "
"deletes expired tokens every day at 2:00 AM based on the retention settings configured under System settings "
"> Security > User password > Token Retention Period"
)
)
@register_as_period_task(crontab=CRONTAB_AT_AM_TWO)
def clean_expire_token():
logging.info('Cleaning expired temporary and connection tokens...')
with tmp_to_root_org():
now = timezone.now()
days = settings.SECURITY_EXPIRED_TOKEN_RECORD_KEEP_DAYS
expired_time = now - datetime.timedelta(days=days)
count = ConnectionToken.objects.filter(date_expired__lt=expired_time).delete()
logging.info('Deleted %d expired connection tokens.', count[0])
count = TempToken.objects.filter(date_expired__lt=expired_time).delete()
logging.info('Deleted %d temporary tokens.', count[0])
logging.info('Cleaned expired temporary and connection tokens.')

424
apps/i18n/core/zh/LC_MESSAGES/django.po
View File

File diff suppressed because it is too large Load Diff

1
apps/jumpserver/conf.py
View File

@ -577,6 +577,7 @@ class Config(dict):
'SECURITY_MAX_IDLE_TIME': 30, 'SECURITY_MAX_IDLE_TIME': 30,
'SECURITY_MAX_SESSION_TIME': 24, 'SECURITY_MAX_SESSION_TIME': 24,
'SECURITY_PASSWORD_EXPIRATION_TIME': 9999, 'SECURITY_PASSWORD_EXPIRATION_TIME': 9999,
'SECURITY_EXPIRED_TOKEN_RECORD_KEEP_DAYS': 180,
'SECURITY_PASSWORD_MIN_LENGTH': 6, 'SECURITY_PASSWORD_MIN_LENGTH': 6,
'SECURITY_ADMIN_USER_PASSWORD_MIN_LENGTH': 6, 'SECURITY_ADMIN_USER_PASSWORD_MIN_LENGTH': 6,
'SECURITY_PASSWORD_UPPER_CASE': False, 'SECURITY_PASSWORD_UPPER_CASE': False,

1
apps/jumpserver/settings/custom.py
View File

@ -40,6 +40,7 @@ SECURITY_MAX_SESSION_TIME = CONFIG.SECURITY_MAX_SESSION_TIME # Unit: hour
SECURITY_COMMAND_EXECUTION = CONFIG.SECURITY_COMMAND_EXECUTION SECURITY_COMMAND_EXECUTION = CONFIG.SECURITY_COMMAND_EXECUTION
SECURITY_COMMAND_BLACKLIST = CONFIG.SECURITY_COMMAND_BLACKLIST SECURITY_COMMAND_BLACKLIST = CONFIG.SECURITY_COMMAND_BLACKLIST
SECURITY_PASSWORD_EXPIRATION_TIME = CONFIG.SECURITY_PASSWORD_EXPIRATION_TIME # Unit: day SECURITY_PASSWORD_EXPIRATION_TIME = CONFIG.SECURITY_PASSWORD_EXPIRATION_TIME # Unit: day
SECURITY_EXPIRED_TOKEN_RECORD_KEEP_DAYS = CONFIG.SECURITY_EXPIRED_TOKEN_RECORD_KEEP_DAYS
SECURITY_PASSWORD_MIN_LENGTH = CONFIG.SECURITY_PASSWORD_MIN_LENGTH # Unit: bit SECURITY_PASSWORD_MIN_LENGTH = CONFIG.SECURITY_PASSWORD_MIN_LENGTH # Unit: bit
SECURITY_ADMIN_USER_PASSWORD_MIN_LENGTH = CONFIG.SECURITY_ADMIN_USER_PASSWORD_MIN_LENGTH # Unit: bit SECURITY_ADMIN_USER_PASSWORD_MIN_LENGTH = CONFIG.SECURITY_ADMIN_USER_PASSWORD_MIN_LENGTH # Unit: bit
OLD_PASSWORD_HISTORY_LIMIT_COUNT = CONFIG.OLD_PASSWORD_HISTORY_LIMIT_COUNT OLD_PASSWORD_HISTORY_LIMIT_COUNT = CONFIG.OLD_PASSWORD_HISTORY_LIMIT_COUNT

1
apps/settings/serializers/public.py
View File

@ -27,6 +27,7 @@ class PrivateSettingSerializer(PublicSettingSerializer):
SECURITY_COMMAND_EXECUTION = serializers.BooleanField() SECURITY_COMMAND_EXECUTION = serializers.BooleanField()
SECURITY_COMMAND_BLACKLIST = serializers.ListField() SECURITY_COMMAND_BLACKLIST = serializers.ListField()
SECURITY_PASSWORD_EXPIRATION_TIME = serializers.IntegerField() SECURITY_PASSWORD_EXPIRATION_TIME = serializers.IntegerField()
SECURITY_EXPIRED_TOKEN_RECORD_KEEP_DAYS = serializers.IntegerField()
SECURITY_LUNA_REMEMBER_AUTH = serializers.BooleanField() SECURITY_LUNA_REMEMBER_AUTH = serializers.BooleanField()
SECURITY_WATERMARK_ENABLED = serializers.BooleanField() SECURITY_WATERMARK_ENABLED = serializers.BooleanField()
SECURITY_WATERMARK_SESSION_CONTENT = serializers.CharField() SECURITY_WATERMARK_SESSION_CONTENT = serializers.CharField()

5
apps/settings/serializers/security.py
View File

@ -23,6 +23,11 @@ class SecurityPasswordRuleSerializer(serializers.Serializer):
'automatic sent to the user by system within 5 days (daily) before the password expires' 'automatic sent to the user by system within 5 days (daily) before the password expires'
) )
) )
SECURITY_EXPIRED_TOKEN_RECORD_KEEP_DAYS = serializers.IntegerField(
min_value=1, max_value=99999, required=True,
label=_('User expired tokens record keep days'),
help_text=_("Retention period (in days) for expired user tokens before automatic cleanup.")
)
OLD_PASSWORD_HISTORY_LIMIT_COUNT = serializers.IntegerField( OLD_PASSWORD_HISTORY_LIMIT_COUNT = serializers.IntegerField(
min_value=0, max_value=99999, required=True, min_value=0, max_value=99999, required=True,
label=_('Recent password count'), label=_('Recent password count'),