Config (#3502)

* [Update] 修改config * [Update] 移动存储设置到到terminal中 * [Update] 修改permission 查看 * [Update] pre merge * [Update] 录像存储 * [Update] 命令存储 * [Update] 添加存储测试可连接性 * [Update] 修改 meta 值的 key 为大写 * [Update] 修改 Terminal 相关 Storage 配置 * [Update] 删除之前获取录像/命令存储的代码 * [Update] 修改导入失败 * [Update] 迁移文件添加default存储 * [Update] 删除之前代码，添加help_text信息 * [Update] 删除之前代码 * [Update] 删除之前代码 * [Update] 抽象命令/录像存储 APIView * [Update] 抽象命令/录像存储 APIView 1 * [Update] 抽象命令/录像存储 DictField * [Update] 抽象命令/录像存储列表页面 * [Update] 修复CustomDictField的bug * [Update] RemoteApp 页面添加 hidden * [Update] 用户页面添加用户关联授权 * [Update] 修改存储测试可连接性 target * [Update] 修改配置 * [Update] 修改存储前端 Form 渲染逻辑 * [Update] 修改存储细节 * [Update] 统一存储类型到 const 文件 * [Update] 修改迁移文件及Model，创建默认存储 * [Update] 修改迁移文件及Model初始化默认数据 * [Update] 修改迁移文件 * [Update] 修改迁移文件 * [Update] 修改迁移文件 * [Update] 修改迁移文件 * [Update] 修改迁移文件 * [Update] 修改迁移文件 * [Update] 修改迁移文件 * [Update] 限制删除默认存储配置，只允许创建扩展的存储类型 * [Update] 修改ip字段长度 * [Update] 修改ip字段长度 * [Update] 修改一些css * [Update] 修改关联 * [Update] 添加操作日志定时清理 * [Update] 修改记录syslog的instance encoder * [Update] 忽略登录产生的操作日志 * [Update] 限制更新存储时不覆盖原有AK SK 等字段 * [Update] 修改迁移文件添加comment字段 * [Update] 修改迁移文件 * [Update] 添加 comment 字段 * [Update] 修改默认存储no -> null * [Update] 修改细节 * [Update] 更新翻译（存储配置 * [Update] 修改定时任务注册，修改系统用户资产、节点关系api * [Update] 添加监控磁盘任务 * [Update] 修改session * [Update] 拆分serializer * [Update] 还原setting原来的manager
2025-09-12 13:31:56 +00:00 · 2019-12-05 15:09:25 +08:00
parent fd1b9d97c0
commit 4944ac8e75
193 changed files with 5609 additions and 4357 deletions
--- a/apps/authentication/backends/api.py
+++ b/apps/authentication/backends/api.py
@@ -109,7 +109,7 @@ class AccessKeyAuthentication(authentication.BaseAuthentication):

 class AccessTokenAuthentication(authentication.BaseAuthentication):
    keyword = 'Bearer'
-    expiration = settings.TOKEN_EXPIRATION or 3600
+    # expiration = settings.TOKEN_EXPIRATION or 3600
    model = get_user_model()

    def authenticate(self, request):
--- a/apps/authentication/backends/ldap.py
+++ b/apps/authentication/backends/ldap.py
@@ -1,10 +1,11 @@
 # coding:utf-8
 #

+import warnings
 import ldap
 from django.conf import settings
 from django.core.exceptions import ImproperlyConfigured, ObjectDoesNotExist
-from django_auth_ldap.backend import _LDAPUser, LDAPBackend
+from django_auth_ldap.backend import _LDAPUser, LDAPBackend, LDAPSettings
 from django_auth_ldap.config import _LDAPConfig, LDAPSearch, LDAPSearchUnion

 from users.utils import construct_user_email
@@ -17,7 +18,6 @@ class LDAPAuthorizationBackend(LDAPBackend):
    """
    Override this class to override _LDAPUser to LDAPUser
    """
-
    @staticmethod
    def user_can_authenticate(user):
        """
@@ -27,18 +27,26 @@ class LDAPAuthorizationBackend(LDAPBackend):
        is_valid = getattr(user, 'is_valid', None)
        return is_valid or is_valid is None

-    def authenticate(self, request=None, username=None, password=None, **kwargs):
+    def pre_check(self, username):
+        if not settings.AUTH_LDAP:
+            return False
        logger.info('Authentication LDAP backend')
        if not username:
            logger.info('Authenticate failed: username is None')
-            return None
+            return False
        if settings.AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS:
            user_model = self.get_user_model()
            exist = user_model.objects.filter(username=username).exists()
            if not exist:
                msg = 'Authentication failed: user ({}) is not in the user list'
                logger.info(msg.format(username))
-                return None
+                return False
+        return True
+
+    def authenticate(self, request=None, username=None, password=None, **kwargs):
+        match = self.pre_check(username)
+        if not match:
+            return None
        ldap_user = LDAPUser(self, username=username.strip(), request=request)
        user = self.authenticate_ldap_user(ldap_user, password)
        logger.info('Authenticate user: {}'.format(user))
--- a/apps/authentication/backends/openid/views.py
+++ b/apps/authentication/backends/openid/views.py
@@ -25,7 +25,8 @@ __all__ = ['OpenIDLoginView', 'OpenIDLoginCompleteView']

 class OpenIDLoginView(RedirectView):
    def get_redirect_url(self, *args, **kwargs):
-        redirect_uri = settings.BASE_SITE_URL + str(settings.LOGIN_COMPLETE_URL)
+        redirect_uri = settings.BASE_SITE_URL + \
+                       str(settings.AUTH_OPENID_LOGIN_COMPLETE_URL)
        nonce = Nonce(
            redirect_uri=redirect_uri,
            next_path=self.request.GET.get('next')
--- a/apps/authentication/mixins.py
+++ b/apps/authentication/mixins.py
@@ -141,7 +141,7 @@ class AuthMixin:
            )

    def check_user_login_confirm_if_need(self, user):
-        if not settings.CONFIG.LOGIN_CONFIRM_ENABLE:
+        if not settings.LOGIN_CONFIRM_ENABLE:
            return
        confirm_setting = user.get_login_confirm_setting()
        if self.request.session.get('auth_confirm') or not confirm_setting:
--- a/apps/authentication/views/login.py
+++ b/apps/authentication/views/login.py
@@ -60,7 +60,8 @@ class UserLoginView(mixins.AuthMixin, FormView):
        # show jumpserver login page if request http://{JUMP-SERVER}/?admin=1
        if settings.AUTH_OPENID and not self.request.GET.get('admin', 0):
            query_string = request.GET.urlencode()
-            login_url = "{}?{}".format(settings.LOGIN_URL, query_string)
+            openid_login_url = reverse_lazy("authentication:openid:openid-login")
+            login_url = "{}?{}".format(openid_login_url, query_string)
            return redirect(login_url)
        request.session.set_test_cookie()
        return super().get(request, *args, **kwargs)