From 8e0c04c84cbcb4bd4ffa962fed01f008b4a1d9db Mon Sep 17 00:00:00 2001 From: ibuler Date: Mon, 14 Aug 2023 19:40:21 +0800 Subject: [PATCH 1/3] =?UTF-8?q?perf:=20=E4=BC=98=E5=8C=96=E8=AE=BE?= =?UTF-8?q?=E7=BD=AE=E5=B8=83=E5=B1=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/locale/ja/LC_MESSAGES/django.mo | 4 +- apps/locale/ja/LC_MESSAGES/django.po | 115 ++++++++----- apps/locale/zh/LC_MESSAGES/django.mo | 4 +- apps/locale/zh/LC_MESSAGES/django.po | 234 +++++++++++++------------- apps/settings/serializers/basic.py | 2 +- apps/settings/serializers/email.py | 4 + apps/settings/serializers/other.py | 13 -- apps/settings/serializers/security.py | 26 ++- 8 files changed, 220 insertions(+), 182 deletions(-) diff --git a/apps/locale/ja/LC_MESSAGES/django.mo b/apps/locale/ja/LC_MESSAGES/django.mo index b0b33e499..2c4a07054 100644 --- a/apps/locale/ja/LC_MESSAGES/django.mo +++ b/apps/locale/ja/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:7bc2e996c082d5f9348277e69cd70b7b9884dc416d9d83e075656a4d8b9bc141 -size 152939 +oid sha256:762fb91213e28a5545cb4706bd0cd6097965b3bb4a234fa89d945428f36bab5d +size 152159 diff --git a/apps/locale/ja/LC_MESSAGES/django.po b/apps/locale/ja/LC_MESSAGES/django.po index d6f806295..3578823b7 100644 --- a/apps/locale/ja/LC_MESSAGES/django.po +++ b/apps/locale/ja/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2023-08-10 18:22+0800\n" +"POT-Creation-Date: 2023-08-14 16:56+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -1239,7 +1239,7 @@ msgstr "コンソールセッションに接続" msgid "Any" msgstr "任意" -#: assets/const/protocol.py:66 settings/serializers/security.py:153 +#: assets/const/protocol.py:66 settings/serializers/security.py:160 msgid "Security" msgstr "セキュリティ" @@ -4382,7 +4382,7 @@ msgid "View permission tree" msgstr "権限ツリーの表示" #: settings/api/dingtalk.py:31 settings/api/feishu.py:36 -#: settings/api/sms.py:155 settings/api/vault.py:39 settings/api/wecom.py:37 +#: settings/api/sms.py:155 settings/api/vault.py:40 settings/api/wecom.py:37 msgid "Test success" msgstr "テストの成功" @@ -4898,8 +4898,10 @@ msgid "Site url" msgstr "サイトURL" #: settings/serializers/basic.py:31 -msgid "eg: http://dev.jumpserver.org:8080" -msgstr "例えば: http://dev.jumpserver.org:8080" +msgid "" +"Email links or other system callbacks are used to access it, eg: http://dev." +"jumpserver.org:8080" +msgstr "" #: settings/serializers/basic.py:34 msgid "User guide url" @@ -5158,6 +5160,10 @@ msgid "Must contain special" msgstr "特別な" #: settings/serializers/security.py:31 +#, fuzzy +#| msgid "" +#| "If the user has failed to log in for a limited number of times, no login " +#| "is allowed during this time interval." msgid "" "If the user has failed to log in for a limited number of times, no login is " "allowed during this time interval." @@ -5269,11 +5275,11 @@ msgstr "" "ローカル認証方法を除く他の認証方法のユーザーはログインでき、ユーザーが自動的" "に作成されます (ユーザーが存在しない場合)。" -#: settings/serializers/security.py:105 +#: settings/serializers/security.py:108 msgid "Only from source login" msgstr "ソースログインからのみ" -#: settings/serializers/security.py:107 +#: settings/serializers/security.py:110 msgid "" "If it is enabled, the user will only authenticate to the source when logging " "in; if it is disabled, the user will authenticate all the enabled " @@ -5284,28 +5290,38 @@ msgstr "" "な場合、ユーザーはログイン時に、いずれかの認証方法が成功する限り、有効なすべ" "ての認証方法を特定の順序で認証します。 、直接ログインできます" -#: settings/serializers/security.py:111 -msgid "MFA verify TTL (secend)" +#: settings/serializers/security.py:118 +#, fuzzy +#| msgid "MFA verify TTL (secend)" +msgid "MFA verify TTL" msgstr "MFAはTTLを確認します(秒)" -#: settings/serializers/security.py:113 +#: settings/serializers/security.py:120 +#, fuzzy +#| msgid "" +#| "The verification MFA takes effect only when you view the account password" msgid "" -"The verification MFA takes effect only when you view the account password" +"Unit: second, The verification MFA takes effect only when you view the " +"account password" msgstr "検証MFAはアカウントのパスワードを表示したときにのみ有効になります。" -#: settings/serializers/security.py:118 -msgid "Verify code TTL" +#: settings/serializers/security.py:125 +#, fuzzy +#| msgid "Verify code TTL" +msgid "Verify code TTL (second)" msgstr "認証コード有効時間" -#: settings/serializers/security.py:119 -msgid "Unit: second, reset password and send SMS code expiration time" +#: settings/serializers/security.py:126 +#, fuzzy +#| msgid "Unit: second, reset password and send SMS code expiration time" +msgid "Reset password and send SMS code expiration time" msgstr "パスワードをリセットしてSMSコードの有効期限を送信します" -#: settings/serializers/security.py:123 +#: settings/serializers/security.py:130 msgid "Enable Login dynamic code" msgstr "ログイン動的コードの有効化" -#: settings/serializers/security.py:124 +#: settings/serializers/security.py:131 msgid "" "The password and additional code are sent to a third party authentication " "system for verification" @@ -5313,28 +5329,28 @@ msgstr "" "パスワードと追加コードは、検証のためにサードパーティの認証システムに送信され" "ます" -#: settings/serializers/security.py:129 +#: settings/serializers/security.py:136 msgid "MFA in login page" msgstr "ログインページのMFA" -#: settings/serializers/security.py:130 +#: settings/serializers/security.py:137 msgid "Eu security regulations(GDPR) require MFA to be on the login page" msgstr "" "Euセキュリティ規制 (GDPR) では、MFAがログインページにある必要があります" -#: settings/serializers/security.py:133 +#: settings/serializers/security.py:140 msgid "Enable Login captcha" msgstr "ログインcaptchaの有効化" -#: settings/serializers/security.py:134 +#: settings/serializers/security.py:141 msgid "Enable captcha to prevent robot authentication" msgstr "Captchaを有効にしてロボット認証を防止する" -#: settings/serializers/security.py:156 +#: settings/serializers/security.py:163 msgid "Enable terminal register" msgstr "ターミナルレジスタの有効化" -#: settings/serializers/security.py:158 +#: settings/serializers/security.py:165 msgid "" "Allow terminal register, after all terminal setup, you should disable this " "for security" @@ -5342,86 +5358,94 @@ msgstr "" "ターミナルレジスタを許可し、すべてのターミナルセットアップの後、セキュリティ" "のためにこれを無効にする必要があります" -#: settings/serializers/security.py:162 +#: settings/serializers/security.py:169 msgid "Enable watermark" msgstr "透かしの有効化" -#: settings/serializers/security.py:163 +#: settings/serializers/security.py:170 msgid "Enabled, the web session and replay contains watermark information" msgstr "Webセッションとリプレイには透かし情報が含まれています。" -#: settings/serializers/security.py:167 +#: settings/serializers/security.py:174 msgid "Connection max idle time (minute)" msgstr "接続最大アイドル時間(分)" -#: settings/serializers/security.py:168 +#: settings/serializers/security.py:175 msgid "If idle time more than it, disconnect connection." msgstr "この設定以上の操作がない場合、接続は切断されます" -#: settings/serializers/security.py:172 +#: settings/serializers/security.py:179 msgid "Session max connection time (hour)" msgstr "セッション最大接続時間(時間)" -#: settings/serializers/security.py:173 +#: settings/serializers/security.py:180 msgid "If session connection time more than it, disconnect connection." msgstr "セッション接続時間がこれを超えると、接続が切断されます" -#: settings/serializers/security.py:176 +#: settings/serializers/security.py:183 msgid "Remember manual auth" msgstr "手動入力パスワードの保存" -#: settings/serializers/security.py:179 +#: settings/serializers/security.py:186 msgid "Insecure command alert" msgstr "安全でないコマンドアラート" -#: settings/serializers/security.py:182 +#: settings/serializers/security.py:189 msgid "Email recipient" msgstr "メール受信者" -#: settings/serializers/security.py:183 +#: settings/serializers/security.py:190 msgid "Multiple user using , split" msgstr "複数のユーザーを使用して、分割" -#: settings/serializers/security.py:186 +#: settings/serializers/security.py:193 msgid "Operation center" msgstr "職業センター" -#: settings/serializers/security.py:187 +#: settings/serializers/security.py:194 msgid "Allow user run batch command or not using ansible" msgstr "ユーザー実行バッチコマンドを許可するか、ansibleを使用しない" -#: settings/serializers/security.py:191 +#: settings/serializers/security.py:198 msgid "Operation center command blacklist" msgstr "オペレーション センター コマンド ブラックリスト" -#: settings/serializers/security.py:192 +#: settings/serializers/security.py:199 msgid "Commands that are not allowed execute." msgstr "実行が許可されていないコマンド" -#: settings/serializers/security.py:195 +#: settings/serializers/security.py:202 msgid "Session share" msgstr "セッション共有" -#: settings/serializers/security.py:196 +#: settings/serializers/security.py:203 msgid "Enabled, Allows user active session to be shared with other users" msgstr "" "ユーザーのアクティブなセッションを他のユーザーと共有できるようにします。" -#: settings/serializers/security.py:200 +#: settings/serializers/security.py:207 +#, fuzzy +#| msgid "Unused user timeout (day)" msgid "Unused user timeout (day)" -msgstr "" +msgstr "未使用のユーザータイムアウト(日)" -#: settings/serializers/security.py:201 +#: settings/serializers/security.py:208 +#, fuzzy +#| msgid "" +#| "Detect infrequent users daily and disable them if they exceed the " +#| "predetermined time limit." msgid "" "Detect infrequent users daily and disable them if they exceed the " "predetermined time limit." msgstr "" +"毎日、頻度の低いユーザーを検出し、予め決められた時間制限を超えた場合は無効に" +"します。" -#: settings/serializers/security.py:204 +#: settings/serializers/security.py:211 msgid "Remote Login Protection" msgstr "リモートログイン保護" -#: settings/serializers/security.py:206 +#: settings/serializers/security.py:213 msgid "" "The system determines whether the login IP address belongs to a common login " "city. If the account is logged in from a common login city, the system sends " @@ -8120,6 +8144,9 @@ msgstr "究極のエディション" msgid "Community edition" msgstr "コミュニティ版" +#~ msgid "eg: http://dev.jumpserver.org:8080" +#~ msgstr "例えば: http://dev.jumpserver.org:8080" + #~ msgid "Strategy" #~ msgstr "戦略" diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo index eb66df73f..22a8b4239 100644 --- a/apps/locale/zh/LC_MESSAGES/django.mo +++ b/apps/locale/zh/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d1a6a042b4813d67922799caf3ac81ce3f1e831aed1a771dc9a16dab147a0692 -size 125568 +oid sha256:3656dfce61012412c97720e60c1134f39d0f5c1faed26bff88ca795ebce31f81 +size 125596 diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index 3c1119e4c..d6630142c 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: JumpServer 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2023-08-10 18:22+0800\n" +"POT-Creation-Date: 2023-08-14 16:56+0800\n" "PO-Revision-Date: 2021-05-20 10:54+0800\n" "Last-Translator: ibuler \n" "Language-Team: JumpServer team\n" @@ -1005,7 +1005,7 @@ msgid "" "support)" msgstr "" "* 表示匹配所有。例如: 192.168.10.1, 192.168.1.0/24, 10.1.1.1-10.1.1.20, 2001:" -"db8:2de::e13, 2001:db8:1a:1110::/64 (支持网域)" +"db8:2de::e13, 2001:db8:1a:1110::/64 (支持网域)" #: acls/serializers/base.py:41 assets/serializers/asset/host.py:19 msgid "IP/Host" @@ -1236,7 +1236,7 @@ msgstr "连接到控制台会话" msgid "Any" msgstr "任意" -#: assets/const/protocol.py:66 settings/serializers/security.py:153 +#: assets/const/protocol.py:66 settings/serializers/security.py:160 msgid "Security" msgstr "安全" @@ -2507,20 +2507,20 @@ msgid "" "You can also try {times_try} times (The account will be temporarily locked " "for {block_time} minutes)" msgstr "" -"您输入的用户名或密码不正确,请重新输入。 您还可以尝试 {times_try} 次(账号将" -"被临时 锁定 {block_time} 分钟)" +"您输入的用户名或密码不正确,请重新输入。 您还可以尝试 {times_try} 次 (账号将" +"被临时 锁定 {block_time} 分钟)" #: authentication/errors/const.py:47 authentication/errors/const.py:55 msgid "" "The account has been locked (please contact admin to unlock it or try again " "after {} minutes)" -msgstr "账号已被锁定(请联系管理员解锁或{}分钟后重试)" +msgstr "账号已被锁定 (请联系管理员解锁或{}分钟后重试)" #: authentication/errors/const.py:51 msgid "" "The address has been locked (please contact admin to unlock it or try again " "after {} minutes)" -msgstr "IP 已被锁定(请联系管理员解锁或 {} 分钟后重试)" +msgstr "IP 已被锁定 (请联系管理员解锁或 {} 分钟后重试)" #: authentication/errors/const.py:59 #, python-brace-format @@ -2528,7 +2528,7 @@ msgid "" "{error}, You can also try {times_try} times (The account will be temporarily " "locked for {block_time} minutes)" msgstr "" -"{error},您还可以尝试 {times_try} 次(账号将被临时锁定 {block_time} 分钟)" +"{error},您还可以尝试 {times_try} 次 (账号将被临时锁定 {block_time} 分钟)" #: authentication/errors/const.py:63 msgid "MFA required" @@ -2699,7 +2699,7 @@ msgstr "清空手机号码禁用" #: authentication/middleware.py:93 settings/utils/ldap.py:661 msgid "Authentication failed (before login check failed): {}" -msgstr "认证失败(登录前检查失败): {}" +msgstr "认证失败 (登录前检查失败): {}" #: authentication/mixins.py:91 msgid "" @@ -3816,7 +3816,7 @@ msgstr "运行目录" #: ops/models/job.py:126 msgid "Timeout (Seconds)" -msgstr "超时时间(秒)" +msgstr "超时时间 (秒)" #: ops/models/job.py:133 msgid "Use Parameter Define" @@ -4332,7 +4332,7 @@ msgid "View permission tree" msgstr "查看授权树" #: settings/api/dingtalk.py:31 settings/api/feishu.py:36 -#: settings/api/sms.py:155 settings/api/vault.py:39 settings/api/wecom.py:37 +#: settings/api/sms.py:155 settings/api/vault.py:40 settings/api/wecom.py:37 msgid "Test success" msgstr "测试成功" @@ -4843,11 +4843,13 @@ msgstr "更多信息 URL" #: settings/serializers/basic.py:30 msgid "Site url" -msgstr "当前站点URL" +msgstr "当前站点 URL" #: settings/serializers/basic.py:31 -msgid "eg: http://dev.jumpserver.org:8080" -msgstr "如: http://dev.jumpserver.org:8080" +msgid "" +"Email links or other system callbacks are used to access it, eg: http://dev." +"jumpserver.org:8080" +msgstr "" #: settings/serializers/basic.py:34 msgid "User guide url" @@ -4891,38 +4893,38 @@ msgstr "定時清掃" #: settings/serializers/cleaning.py:12 msgid "Login log keep days (day)" -msgstr "登录日志(天)" +msgstr "登录日志 (天)" #: settings/serializers/cleaning.py:16 msgid "Task log keep days (day)" -msgstr "任务日志(天)" +msgstr "任务日志 (天)" #: settings/serializers/cleaning.py:20 msgid "Operate log keep days (day)" -msgstr "操作日志(天)" +msgstr "操作日志 (天)" #: settings/serializers/cleaning.py:24 msgid "FTP log keep days (day)" -msgstr "上传下载(天)" +msgstr "上传下载 (天)" #: settings/serializers/cleaning.py:28 msgid "Cloud sync record keep days (day)" -msgstr "云同步记录(天)" +msgstr "云同步记录 (天)" #: settings/serializers/cleaning.py:31 msgid "Session keep duration (day)" -msgstr "会话日志(天)" +msgstr "会话日志 (天)" #: settings/serializers/cleaning.py:33 msgid "" "Session, record, command will be delete if more than duration, only in " "database, OSS will not be affected." msgstr "" -"会话、录像,命令记录超过该时长将会被清除(影响数据库存储,OSS 等不受影响)" +"会话、录像,命令记录超过该时长将会被清除 (影响数据库存储,OSS 等不受影响)" #: settings/serializers/cleaning.py:37 msgid "Activity log keep days (day)" -msgstr "活动记录(天)" +msgstr "活动记录 (天)" #: settings/serializers/email.py:21 msgid "SMTP host" @@ -5101,7 +5103,7 @@ msgstr "必须包含特殊字符" msgid "" "If the user has failed to log in for a limited number of times, no login is " "allowed during this time interval." -msgstr "当用户登录失败次数达到限制后,那么在此时间间隔内禁止登录" +msgstr "当用户登录失败次数达到限制后,那么在此间隔内禁止登录" #: settings/serializers/security.py:39 msgid "Not enabled" @@ -5121,7 +5123,7 @@ msgstr "全局启用 MFA 认证" #: settings/serializers/security.py:47 msgid "Third-party login users perform MFA authentication" -msgstr "第三方登录用户进行MFA认证" +msgstr "第三方认证开启 MFA" #: settings/serializers/security.py:48 msgid "The third-party login modes include OIDC, CAS, and SAML2" @@ -5133,7 +5135,7 @@ msgstr "限制用户登录失败次数" #: settings/serializers/security.py:56 msgid "Block user login interval (minute)" -msgstr "禁止用户登录时间间隔(分)" +msgstr "禁止用户登录间隔 (分)" #: settings/serializers/security.py:61 msgid "Limit the number of IP login failures" @@ -5141,7 +5143,7 @@ msgstr "限制 IP 登录失败次数" #: settings/serializers/security.py:65 msgid "Block IP login interval (minute)" -msgstr "禁止 IP 登录时间间隔(分)" +msgstr "禁止 IP 登录间隔 (分)" #: settings/serializers/security.py:69 msgid "Login IP White List" @@ -5153,7 +5155,7 @@ msgstr "IP 登录黑名单" #: settings/serializers/security.py:80 msgid "User password expiration (day)" -msgstr "用户密码过期时间(天)" +msgstr "用户密码过期时间 (天)" #: settings/serializers/security.py:82 msgid "" @@ -5162,7 +5164,7 @@ msgid "" "sent to the user by system within 5 days (daily) before the password expires" msgstr "" "如果用户在此期间没有更新密码,用户密码将过期失效; 密码过期提醒邮件将在密码过" -"期前5天内由系统(每天)自动发送给用户" +"期前5天内由系统 (每天)自动发送给用户" #: settings/serializers/security.py:89 msgid "Number of repeated historical passwords" @@ -5196,13 +5198,13 @@ msgid "" "exist)" msgstr "" "如果开启,不存在的用户将不被允许登录;如果关闭,除本地认证方式外,其他认证方" -"式的用户都允许登录并自动创建用户(如果用户不存在)" +"式的用户都允许登录并自动创建用户 (如果用户不存在)" -#: settings/serializers/security.py:105 +#: settings/serializers/security.py:108 msgid "Only from source login" msgstr "仅从用户来源登录" -#: settings/serializers/security.py:107 +#: settings/serializers/security.py:110 msgid "" "If it is enabled, the user will only authenticate to the source when logging " "in; if it is disabled, the user will authenticate all the enabled " @@ -5212,28 +5214,29 @@ msgstr "" "如果开启,用户登录时仅会向来源端进行认证;如果关闭,用户登录时会按照一定的顺" "序对所有已开启的认证方式进行顺序认证,只要有一个认证成功就可以直接登录" -#: settings/serializers/security.py:111 -msgid "MFA verify TTL (secend)" -msgstr "MFA 校验有效期(秒)" - -#: settings/serializers/security.py:113 -msgid "" -"The verification MFA takes effect only when you view the account password" -msgstr "目前仅在查看账号密码校验 MFA 时生效" - #: settings/serializers/security.py:118 -msgid "Verify code TTL" -msgstr "验证码有效时间" +msgid "MFA verify TTL" +msgstr "MFA 校验有效期" -#: settings/serializers/security.py:119 -msgid "Unit: second, reset password and send SMS code expiration time" +#: settings/serializers/security.py:120 +msgid "" +"Unit: second, The verification MFA takes effect only when you view the " +"account password" +msgstr "单位:秒,目前仅在查看账号密码校验 MFA 时生效" + +#: settings/serializers/security.py:125 +msgid "Verify code TTL (second)" +msgstr "验证码有效时间 (分)" + +#: settings/serializers/security.py:126 +msgid "Reset password and send SMS code expiration time" msgstr "重置密码的验证码及发送短信的验证码过期时间" -#: settings/serializers/security.py:123 +#: settings/serializers/security.py:130 msgid "Enable Login dynamic code" msgstr "启用登录附加码" -#: settings/serializers/security.py:124 +#: settings/serializers/security.py:131 msgid "" "The password and additional code are sent to a third party authentication " "system for verification" @@ -5241,111 +5244,111 @@ msgstr "" "密码和附加码一并发送给第三方认证系统进行校验, 如:有的第三方认证系统,需要 密" "码+6位数字 完成认证" -#: settings/serializers/security.py:129 +#: settings/serializers/security.py:136 msgid "MFA in login page" msgstr "MFA 在登录页面输入" -#: settings/serializers/security.py:130 +#: settings/serializers/security.py:137 msgid "Eu security regulations(GDPR) require MFA to be on the login page" msgstr "欧盟数据安全法规(GDPR) 要求 MFA 在登录页面,来确保系统登录安全" -#: settings/serializers/security.py:133 +#: settings/serializers/security.py:140 msgid "Enable Login captcha" msgstr "启用登录验证码" -#: settings/serializers/security.py:134 +#: settings/serializers/security.py:141 msgid "Enable captcha to prevent robot authentication" msgstr "开启验证码,防止机器人登录" -#: settings/serializers/security.py:156 +#: settings/serializers/security.py:163 msgid "Enable terminal register" msgstr "终端注册" -#: settings/serializers/security.py:158 +#: settings/serializers/security.py:165 msgid "" "Allow terminal register, after all terminal setup, you should disable this " "for security" msgstr "是否允许终端注册,当所有终端启动后,为了安全应该关闭" -#: settings/serializers/security.py:162 +#: settings/serializers/security.py:169 msgid "Enable watermark" msgstr "开启水印" -#: settings/serializers/security.py:163 +#: settings/serializers/security.py:170 msgid "Enabled, the web session and replay contains watermark information" msgstr "启用后,Web 会话和录像将包含水印信息" -#: settings/serializers/security.py:167 +#: settings/serializers/security.py:174 msgid "Connection max idle time (minute)" -msgstr "连接最大空闲时间(分)" +msgstr "连接最大空闲时间 (分)" -#: settings/serializers/security.py:168 +#: settings/serializers/security.py:175 msgid "If idle time more than it, disconnect connection." msgstr "提示:如果超过该配置没有操作,连接会被断开" -#: settings/serializers/security.py:172 +#: settings/serializers/security.py:179 msgid "Session max connection time (hour)" -msgstr "会话连接最大时间(时)" +msgstr "会话连接最大时间 (时)" -#: settings/serializers/security.py:173 +#: settings/serializers/security.py:180 msgid "If session connection time more than it, disconnect connection." msgstr "提示:如果会话连接超过该配置,连接会被断开" -#: settings/serializers/security.py:176 +#: settings/serializers/security.py:183 msgid "Remember manual auth" msgstr "保存手动输入密码" -#: settings/serializers/security.py:179 +#: settings/serializers/security.py:186 msgid "Insecure command alert" msgstr "危险命令告警" -#: settings/serializers/security.py:182 +#: settings/serializers/security.py:189 msgid "Email recipient" msgstr "邮件收件人" -#: settings/serializers/security.py:183 +#: settings/serializers/security.py:190 msgid "Multiple user using , split" msgstr "多个用户,使用 , 分割" -#: settings/serializers/security.py:186 +#: settings/serializers/security.py:193 msgid "Operation center" msgstr "作业中心" -#: settings/serializers/security.py:187 +#: settings/serializers/security.py:194 msgid "Allow user run batch command or not using ansible" msgstr "是否允许用户使用 ansible 执行批量命令" -#: settings/serializers/security.py:191 +#: settings/serializers/security.py:198 msgid "Operation center command blacklist" msgstr "作业中心命令黑名单" -#: settings/serializers/security.py:192 +#: settings/serializers/security.py:199 msgid "Commands that are not allowed execute." msgstr "不允许执行的命令" -#: settings/serializers/security.py:195 +#: settings/serializers/security.py:202 msgid "Session share" msgstr "会话分享" -#: settings/serializers/security.py:196 +#: settings/serializers/security.py:203 msgid "Enabled, Allows user active session to be shared with other users" msgstr "开启后允许用户分享已连接的资产会话给他人,协同工作" -#: settings/serializers/security.py:200 +#: settings/serializers/security.py:207 msgid "Unused user timeout (day)" -msgstr "" +msgstr "不活跃用户自动禁用 (天)" -#: settings/serializers/security.py:201 +#: settings/serializers/security.py:208 msgid "" "Detect infrequent users daily and disable them if they exceed the " "predetermined time limit." -msgstr "" +msgstr "每天检测一次,超过预设时间的用户自动禁用" -#: settings/serializers/security.py:204 +#: settings/serializers/security.py:211 msgid "Remote Login Protection" -msgstr "异地登录保护" +msgstr "异地登录通知" -#: settings/serializers/security.py:206 +#: settings/serializers/security.py:213 msgid "" "The system determines whether the login IP address belongs to a common login " "city. If the account is logged in from a common login city, the system sends " @@ -5479,27 +5482,27 @@ msgstr "LDAP认证没有启用" #: settings/utils/ldap.py:613 msgid "Error (Invalid LDAP server): {}" -msgstr "错误 (不合法的LDAP服务器地址): {}" +msgstr "错误 (不合法的LDAP服务器地址): {}" #: settings/utils/ldap.py:615 msgid "Error (Invalid Bind DN): {}" -msgstr "错误(不合法的绑定DN): {}" +msgstr "错误 (不合法的绑定DN): {}" #: settings/utils/ldap.py:617 msgid "Error (Invalid LDAP User attr map): {}" -msgstr "错误(不合法的LDAP属性映射): {}" +msgstr "错误 (不合法的LDAP属性映射): {}" #: settings/utils/ldap.py:619 msgid "Error (Invalid User OU or User search filter): {}" -msgstr "错误(不合法的用户OU或用户过滤器): {}" +msgstr "错误 (不合法的用户OU或用户过滤器): {}" #: settings/utils/ldap.py:621 msgid "Error (Not enabled LDAP authentication): {}" -msgstr "错误(没有启用LDAP认证): {}" +msgstr "错误 (没有启用LDAP认证): {}" #: settings/utils/ldap.py:623 msgid "Error (Unknown): {}" -msgstr "错误(未知): {}" +msgstr "错误 (未知): {}" #: settings/utils/ldap.py:626 msgid "Succeed: Match {} s user" @@ -5507,7 +5510,7 @@ msgstr "成功匹配 {} 个用户" #: settings/utils/ldap.py:659 msgid "Authentication failed (configuration incorrect): {}" -msgstr "认证失败(配置错误): {}" +msgstr "认证失败 (配置错误): {}" #: settings/utils/ldap.py:663 msgid "Authentication failed (username or password incorrect): {}" @@ -6349,8 +6352,8 @@ msgid "" "access address of the current browser will be used (the default endpoint " "does not allow modification of the host)" msgstr "" -"连接资产时访问的主机地址,如果为空则使用当前浏览器的访问地址(默认端点不允许" -"修改主机)" +"连接资产时访问的主机地址,如果为空则使用当前浏览器的访问地址 (默认端点不允许" +"修改主机)" #: terminal/serializers/endpoint.py:64 msgid "" @@ -6899,8 +6902,8 @@ msgid "" "in. you can also directly bind in \"personal information -> quick " "modification -> change MFA Settings\"!" msgstr "" -"启用之后您将会在下次登录时进入多因子认证绑定流程;您也可以在(个人信息->快速" -"修改->设置 MFA 多因子认证)中直接绑定!" +"启用之后您将会在下次登录时进入多因子认证绑定流程;您也可以在 (个人信息->快速" +"修改->设置 MFA 多因子认证)中直接绑定!" #: users/forms/profile.py:61 msgid "* Enable MFA to make the account more secure." @@ -6912,8 +6915,8 @@ msgid "" "and key sensitive information properly. (for example: setting complex " "password, enabling MFA)" msgstr "" -"为了保护您和公司的安全,请妥善保管您的账号、密码和密钥等重要敏感信息;(如:" -"设置复杂密码,并启用 MFA 多因子认证)" +"为了保护您和公司的安全,请妥善保管您的账号、密码和密钥等重要敏感信息; (如:" +"设置复杂密码,并启用 MFA 多因子认证)" #: users/forms/profile.py:77 msgid "Finish" @@ -7341,7 +7344,7 @@ msgstr "iPhone手机下载" msgid "" "After installation, click the next step to enter the binding page (if " "installed, go to the next step directly)." -msgstr "安装完成后点击下一步进入绑定页面(如已安装,直接进入下一步)" +msgstr "安装完成后点击下一步进入绑定页面 (如已安装,直接进入下一步)" #: users/templates/users/user_password_verify.html:8 #: users/templates/users/user_password_verify.html:9 @@ -7618,95 +7621,95 @@ msgstr "同步实例详情" #: xpack/plugins/cloud/providers/aws_international.py:18 msgid "China (Beijing)" -msgstr "中国(北京)" +msgstr "中国 (北京)" #: xpack/plugins/cloud/providers/aws_international.py:19 msgid "China (Ningxia)" -msgstr "中国(宁夏)" +msgstr "中国 (宁夏)" #: xpack/plugins/cloud/providers/aws_international.py:22 msgid "US East (Ohio)" -msgstr "美国东部(俄亥俄州)" +msgstr "美国东部 (俄亥俄州)" #: xpack/plugins/cloud/providers/aws_international.py:23 msgid "US East (N. Virginia)" -msgstr "美国东部(弗吉尼亚北部)" +msgstr "美国东部 (弗吉尼亚北部)" #: xpack/plugins/cloud/providers/aws_international.py:24 msgid "US West (N. California)" -msgstr "美国西部(加利福尼亚北部)" +msgstr "美国西部 (加利福尼亚北部)" #: xpack/plugins/cloud/providers/aws_international.py:25 msgid "US West (Oregon)" -msgstr "美国西部(俄勒冈)" +msgstr "美国西部 (俄勒冈)" #: xpack/plugins/cloud/providers/aws_international.py:26 msgid "Africa (Cape Town)" -msgstr "非洲(开普敦)" +msgstr "非洲 (开普敦)" #: xpack/plugins/cloud/providers/aws_international.py:27 msgid "Asia Pacific (Hong Kong)" -msgstr "亚太地区(香港)" +msgstr "亚太地区 (香港)" #: xpack/plugins/cloud/providers/aws_international.py:28 msgid "Asia Pacific (Mumbai)" -msgstr "亚太地区(孟买)" +msgstr "亚太地区 (孟买)" #: xpack/plugins/cloud/providers/aws_international.py:29 msgid "Asia Pacific (Osaka-Local)" -msgstr "亚太区域(大阪当地)" +msgstr "亚太区域 (大阪当地)" #: xpack/plugins/cloud/providers/aws_international.py:30 msgid "Asia Pacific (Seoul)" -msgstr "亚太区域(首尔)" +msgstr "亚太区域 (首尔)" #: xpack/plugins/cloud/providers/aws_international.py:31 msgid "Asia Pacific (Singapore)" -msgstr "亚太区域(新加坡)" +msgstr "亚太区域 (新加坡)" #: xpack/plugins/cloud/providers/aws_international.py:32 msgid "Asia Pacific (Sydney)" -msgstr "亚太区域(悉尼)" +msgstr "亚太区域 (悉尼)" #: xpack/plugins/cloud/providers/aws_international.py:33 msgid "Asia Pacific (Tokyo)" -msgstr "亚太区域(东京)" +msgstr "亚太区域 (东京)" #: xpack/plugins/cloud/providers/aws_international.py:34 msgid "Canada (Central)" -msgstr "加拿大(中部)" +msgstr "加拿大 (中部)" #: xpack/plugins/cloud/providers/aws_international.py:35 msgid "Europe (Frankfurt)" -msgstr "欧洲(法兰克福)" +msgstr "欧洲 (法兰克福)" #: xpack/plugins/cloud/providers/aws_international.py:36 msgid "Europe (Ireland)" -msgstr "欧洲(爱尔兰)" +msgstr "欧洲 (爱尔兰)" #: xpack/plugins/cloud/providers/aws_international.py:37 msgid "Europe (London)" -msgstr "欧洲(伦敦)" +msgstr "欧洲 (伦敦)" #: xpack/plugins/cloud/providers/aws_international.py:38 msgid "Europe (Milan)" -msgstr "欧洲(米兰)" +msgstr "欧洲 (米兰)" #: xpack/plugins/cloud/providers/aws_international.py:39 msgid "Europe (Paris)" -msgstr "欧洲(巴黎)" +msgstr "欧洲 (巴黎)" #: xpack/plugins/cloud/providers/aws_international.py:40 msgid "Europe (Stockholm)" -msgstr "欧洲(斯德哥尔摩)" +msgstr "欧洲 (斯德哥尔摩)" #: xpack/plugins/cloud/providers/aws_international.py:41 msgid "Middle East (Bahrain)" -msgstr "中东(巴林)" +msgstr "中东 (巴林)" #: xpack/plugins/cloud/providers/aws_international.py:42 msgid "South America (São Paulo)" -msgstr "南美洲(圣保罗)" +msgstr "南美洲 (圣保罗)" #: xpack/plugins/cloud/providers/baiducloud.py:54 #: xpack/plugins/cloud/providers/jdcloud.py:125 @@ -7995,6 +7998,9 @@ msgstr "旗舰版" msgid "Community edition" msgstr "社区版" +#~ msgid "eg: http://dev.jumpserver.org:8080" +#~ msgstr "如: http://dev.jumpserver.org:8080" + #~ msgid "Strategy" #~ msgstr "策略" diff --git a/apps/settings/serializers/basic.py b/apps/settings/serializers/basic.py index 91a81d45b..1201ee7cb 100644 --- a/apps/settings/serializers/basic.py +++ b/apps/settings/serializers/basic.py @@ -28,7 +28,7 @@ class BasicSettingSerializer(serializers.Serializer): SITE_URL = serializers.URLField( required=True, label=_("Site url"), - help_text=_('eg: http://dev.jumpserver.org:8080') + help_text=_('Email links or other system callbacks are used to access it, eg: http://dev.jumpserver.org:8080') ) USER_GUIDE_URL = serializers.URLField( required=False, allow_blank=True, allow_null=True, label=_("User guide url"), diff --git a/apps/settings/serializers/email.py b/apps/settings/serializers/email.py index ce4568b62..db8f7545e 100644 --- a/apps/settings/serializers/email.py +++ b/apps/settings/serializers/email.py @@ -44,6 +44,10 @@ class EmailSettingSerializer(serializers.Serializer): EMAIL_SUBJECT_PREFIX = serializers.CharField( max_length=1024, required=True, label=_('Subject prefix') ) + EMAIL_SUFFIX = serializers.CharField( + required=False, max_length=1024, label=_("Email suffix"), + help_text=_('This is used by default if no email is returned during SSO authentication') + ) class EmailContentSettingSerializer(serializers.Serializer): diff --git a/apps/settings/serializers/other.py b/apps/settings/serializers/other.py index 7cf447ef0..1bdfc9465 100644 --- a/apps/settings/serializers/other.py +++ b/apps/settings/serializers/other.py @@ -5,19 +5,6 @@ from rest_framework import serializers class OtherSettingSerializer(serializers.Serializer): PREFIX_TITLE = _('More...') - EMAIL_SUFFIX = serializers.CharField( - required=False, max_length=1024, label=_("Email suffix"), - help_text=_('This is used by default if no email is returned during SSO authentication') - ) - - OTP_ISSUER_NAME = serializers.CharField( - required=False, max_length=16, label=_('OTP issuer name'), - ) - OTP_VALID_WINDOW = serializers.IntegerField( - min_value=1, max_value=10, - label=_("OTP valid window") - ) - PERM_SINGLE_ASSET_TO_UNGROUP_NODE = serializers.BooleanField( required=False, label=_("Perm ungroup node"), help_text=_("Perm single to ungroup node") diff --git a/apps/settings/serializers/security.py b/apps/settings/serializers/security.py index bb1e2207c..c64791ca9 100644 --- a/apps/settings/serializers/security.py +++ b/apps/settings/serializers/security.py @@ -99,24 +99,31 @@ class SecurityAuthSerializer(serializers.Serializer): ONLY_ALLOW_EXIST_USER_AUTH = serializers.BooleanField( required=False, default=False, label=_("Only exist user login"), help_text=_( - "If enabled, non-existent users will not be allowed to log in; if disabled, users of other authentication methods except local authentication methods are allowed to log in and automatically create users (if the user does not exist)") + "If enabled, non-existent users will not be allowed to log in; if disabled, " + "users of other authentication methods except local authentication methods are allowed " + "to log in and automatically create users (if the user does not exist)" + ) ) ONLY_ALLOW_AUTH_FROM_SOURCE = serializers.BooleanField( required=False, default=False, label=_("Only from source login"), help_text=_( - "If it is enabled, the user will only authenticate to the source when logging in; if it is disabled, the user will authenticate all the enabled authentication methods in a certain order when logging in, and as long as one of the authentication methods is successful, they can log in directly") + "If it is enabled, the user will only authenticate to the source when logging in; " + "if it is disabled, the user will authenticate all the enabled authentication methods " + "in a certain order when logging in, and as long as one of the authentication methods is successful, " + "they can log in directly" + ) ) SECURITY_MFA_VERIFY_TTL = serializers.IntegerField( min_value=5, max_value=60 * 60 * 10, - label=_("MFA verify TTL (secend)"), + label=_("MFA verify TTL"), help_text=_( - "The verification MFA takes effect only when you view the account password" + "Unit: second, The verification MFA takes effect only when you view the account password" ) ) VERIFY_CODE_TTL = serializers.IntegerField( min_value=5, max_value=60 * 60 * 10, - label=_("Verify code TTL"), - help_text=_("Unit: second, reset password and send SMS code expiration time") + label=_("Verify code TTL (second)"), + help_text=_("Reset password and send SMS code expiration time") ) SECURITY_LOGIN_CHALLENGE_ENABLED = serializers.BooleanField( required=False, default=False, @@ -207,3 +214,10 @@ class SecuritySettingSerializer(SecurityPasswordRuleSerializer, SecurityAuthSeri 'If the account is logged in from a common login city, the system sends a remote login reminder' ) ) + OTP_ISSUER_NAME = serializers.CharField( + required=False, max_length=16, label=_('OTP issuer name'), + ) + OTP_VALID_WINDOW = serializers.IntegerField( + min_value=1, max_value=10, + label=_("OTP valid window") + ) From c4528612d5624e69c7c307dad889aa2557e2e1bf Mon Sep 17 00:00:00 2001 From: ibuler Date: Tue, 15 Aug 2023 13:45:44 +0800 Subject: [PATCH 2/3] =?UTF-8?q?perf:=20=E4=BF=AE=E6=94=B9=E5=AE=8C?= =?UTF-8?q?=E6=88=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/settings/api/settings.py | 8 + apps/settings/api/sms.py | 12 +- apps/settings/serializers/__init__.py | 6 +- apps/settings/serializers/basic.py | 32 +--- apps/settings/serializers/feature.py | 80 +++++++++ .../settings/serializers/{email.py => msg.py} | 10 +- apps/settings/serializers/other.py | 20 +-- apps/settings/serializers/security.py | 158 +++++++++--------- apps/settings/serializers/settings.py | 2 +- apps/settings/serializers/sms.py | 7 - apps/settings/serializers/terminal.py | 6 + apps/settings/serializers/vault.py | 27 --- 12 files changed, 203 insertions(+), 165 deletions(-) create mode 100644 apps/settings/serializers/feature.py rename apps/settings/serializers/{email.py => msg.py} (90%) delete mode 100644 apps/settings/serializers/sms.py delete mode 100644 apps/settings/serializers/vault.py diff --git a/apps/settings/api/settings.py b/apps/settings/api/settings.py index ab7be6e9b..31a25784c 100644 --- a/apps/settings/api/settings.py +++ b/apps/settings/api/settings.py @@ -28,6 +28,11 @@ class SettingsApi(generics.RetrieveUpdateAPIView): 'basic': serializers.BasicSettingSerializer, 'terminal': serializers.TerminalSettingSerializer, 'security': serializers.SecuritySettingSerializer, + 'security_auth': serializers.SecurityAuthSerializer, + 'security_basic': serializers.SecurityBasicSerializer, + 'security_session': serializers.SecuritySessionSerializer, + 'security_password': serializers.SecurityPasswordRuleSerializer, + 'security_login_limit': serializers.SecurityLoginLimitSerializer, 'ldap': serializers.LDAPSettingSerializer, 'email': serializers.EmailSettingSerializer, 'email_content': serializers.EmailContentSettingSerializer, @@ -51,6 +56,9 @@ class SettingsApi(generics.RetrieveUpdateAPIView): 'cmpp2': serializers.CMPP2SMSSettingSerializer, 'custom': serializers.CustomSMSSettingSerializer, 'vault': serializers.VaultSettingSerializer, + 'announcement': serializers.AnnouncementSettingSerializer, + 'ticket': serializers.TicketSettingSerializer, + } rbac_category_permissions = { diff --git a/apps/settings/api/sms.py b/apps/settings/api/sms.py index 01fca4436..ec767828d 100644 --- a/apps/settings/api/sms.py +++ b/apps/settings/api/sms.py @@ -1,18 +1,16 @@ import importlib - from collections import OrderedDict +from django.utils.translation import gettext_lazy as _ +from rest_framework import status +from rest_framework.exceptions import APIException from rest_framework.generics import ListAPIView, GenericAPIView from rest_framework.response import Response -from rest_framework.exceptions import APIException -from rest_framework import status -from django.utils.translation import gettext_lazy as _ -from common.sdk.sms import BACKENDS from common.exceptions import JMSException -from settings.serializers.sms import SMSBackendSerializer +from common.sdk.sms import BACKENDS from settings.models import Setting - +from settings.serializers import SMSBackendSerializer from .. import serializers diff --git a/apps/settings/serializers/__init__.py b/apps/settings/serializers/__init__.py index 7abfb74e3..fe94eb1da 100644 --- a/apps/settings/serializers/__init__.py +++ b/apps/settings/serializers/__init__.py @@ -4,11 +4,11 @@ from .auth import * from .basic import * from .cleaning import * -from .email import * +from .feature import * +from .msg import * +from .msg import * from .other import * from .public import * from .security import * from .settings import * from .terminal import * -from .vault import * - diff --git a/apps/settings/serializers/basic.py b/apps/settings/serializers/basic.py index 1201ee7cb..83c2b65ee 100644 --- a/apps/settings/serializers/basic.py +++ b/apps/settings/serializers/basic.py @@ -1,28 +1,7 @@ -import uuid - from django.utils.translation import gettext_lazy as _ from rest_framework import serializers -class AnnouncementSerializer(serializers.Serializer): - ID = serializers.CharField(required=False, allow_blank=True, allow_null=True) - SUBJECT = serializers.CharField(required=True, max_length=1024, label=_("Subject")) - CONTENT = serializers.CharField(label=_("Content")) - LINK = serializers.URLField( - required=False, allow_null=True, allow_blank=True, - label=_("More url"), default='', - ) - - def to_representation(self, instance): - defaults = {'ID': '', 'SUBJECT': '', 'CONTENT': '', 'LINK': '', 'ENABLED': False} - data = {**defaults, **instance} - return super().to_representation(data) - - def to_internal_value(self, data): - data['ID'] = str(uuid.uuid4()) - return super().to_internal_value(data) - - class BasicSettingSerializer(serializers.Serializer): PREFIX_TITLE = _('Basic') @@ -43,9 +22,14 @@ class BasicSettingSerializer(serializers.Serializer): required=False, max_length=1024, allow_blank=True, allow_null=True, label=_("Global organization name"), help_text=_('The name of global organization to display') ) - ANNOUNCEMENT_ENABLED = serializers.BooleanField(label=_('Enable announcement'), default=True) - ANNOUNCEMENT = AnnouncementSerializer(label=_("Announcement")) - TICKETS_ENABLED = serializers.BooleanField(required=False, default=True, label=_("Enable tickets")) + HELP_DOCUMENT_URL = serializers.URLField( + required=False, allow_blank=True, allow_null=True, label=_("Help Docs URL"), + help_text=_('default: http://docs.jumpserver.org') + ) + HELP_SUPPORT_URL = serializers.URLField( + required=False, allow_blank=True, allow_null=True, label=_("Help Support URL"), + help_text=_('default: http://www.jumpserver.org/support/') + ) @staticmethod def validate_SITE_URL(s): diff --git a/apps/settings/serializers/feature.py b/apps/settings/serializers/feature.py new file mode 100644 index 000000000..8d8f40c4e --- /dev/null +++ b/apps/settings/serializers/feature.py @@ -0,0 +1,80 @@ +import uuid + +from django.utils.translation import gettext_lazy as _ +from rest_framework import serializers + +from accounts.const import VaultTypeChoices +from common.serializers.fields import EncryptedField + +__all__ = [ + 'AnnouncementSettingSerializer', + 'VaultSettingSerializer', 'TicketSettingSerializer' +] + + +class AnnouncementSerializer(serializers.Serializer): + ID = serializers.CharField(required=False, allow_blank=True, allow_null=True) + SUBJECT = serializers.CharField(required=True, max_length=1024, label=_("Subject")) + CONTENT = serializers.CharField(label=_("Content")) + LINK = serializers.URLField( + required=False, allow_null=True, allow_blank=True, + label=_("More url"), default='', + ) + + def to_representation(self, instance): + defaults = {'ID': '', 'SUBJECT': '', 'CONTENT': '', 'LINK': '', 'ENABLED': False} + data = {**defaults, **instance} + return super().to_representation(data) + + def to_internal_value(self, data): + data['ID'] = str(uuid.uuid4()) + return super().to_internal_value(data) + + +class AnnouncementSettingSerializer(serializers.Serializer): + ANNOUNCEMENT_ENABLED = serializers.BooleanField(label=_('Enable announcement'), default=True) + ANNOUNCEMENT = AnnouncementSerializer(label=_("Announcement")) + + +class VaultSettingSerializer(serializers.Serializer): + VAULT_TYPE = serializers.ChoiceField( + default=VaultTypeChoices.local, choices=VaultTypeChoices.choices, + required=False, label=_('Type') + ) + VAULT_HCP_HOST = serializers.CharField( + max_length=256, allow_blank=True, required=False, label=_('Host') + ) + VAULT_HCP_TOKEN = EncryptedField( + max_length=256, allow_blank=True, required=False, label=_('Token'), default='' + ) + VAULT_HCP_MOUNT_POINT = serializers.CharField( + max_length=256, allow_blank=True, required=False, label=_('Mount Point') + ) + + def validate(self, attrs): + attrs.pop('VAULT_TYPE', None) + return attrs + + +class TicketSettingSerializer(serializers.Serializer): + TICKETS_ENABLED = serializers.BooleanField(required=False, default=True, label=_("Enable tickets")) + TICKET_AUTHORIZE_DEFAULT_TIME = serializers.IntegerField( + min_value=1, max_value=999999, required=False, + label=_("Ticket authorize default time") + ) + TICKET_AUTHORIZE_DEFAULT_TIME_UNIT = serializers.ChoiceField( + choices=[('day', _("day")), ('hour', _("hour"))], + label=_("Ticket authorize default time unit"), required=False, + ) + + +class OpsSettingSerializer(serializers.Serializer): + SECURITY_COMMAND_EXECUTION = serializers.BooleanField( + required=False, label=_('Operation center'), + help_text=_('Allow user run batch command or not using ansible') + ) + SECURITY_COMMAND_BLACKLIST = serializers.ListField( + child=serializers.CharField(max_length=1024, ), + label=_('Operation center command blacklist'), + help_text=_("Commands that are not allowed execute.") + ) diff --git a/apps/settings/serializers/email.py b/apps/settings/serializers/msg.py similarity index 90% rename from apps/settings/serializers/email.py rename to apps/settings/serializers/msg.py index db8f7545e..07e8e7205 100644 --- a/apps/settings/serializers/email.py +++ b/apps/settings/serializers/msg.py @@ -6,7 +6,10 @@ from rest_framework import serializers from common.serializers.fields import EncryptedField -__all__ = ['MailTestSerializer', 'EmailSettingSerializer', 'EmailContentSettingSerializer'] +__all__ = [ + 'MailTestSerializer', 'EmailSettingSerializer', + 'EmailContentSettingSerializer', 'SMSBackendSerializer', +] class MailTestSerializer(serializers.Serializer): @@ -73,3 +76,8 @@ class EmailContentSettingSerializer(serializers.Serializer): max_length=512, allow_blank=True, required=False, label=_('Signature'), help_text=_('Tips: Email signature (eg:jumpserver)') ) + + +class SMSBackendSerializer(serializers.Serializer): + name = serializers.CharField(max_length=256, required=True, label=_('Name')) + label = serializers.CharField(max_length=256, required=True, label=_('Label')) diff --git a/apps/settings/serializers/other.py b/apps/settings/serializers/other.py index 1bdfc9465..5b9ee654c 100644 --- a/apps/settings/serializers/other.py +++ b/apps/settings/serializers/other.py @@ -1,6 +1,8 @@ from django.utils.translation import gettext_lazy as _ from rest_framework import serializers +__all__ = ['OtherSettingSerializer'] + class OtherSettingSerializer(serializers.Serializer): PREFIX_TITLE = _('More...') @@ -10,24 +12,6 @@ class OtherSettingSerializer(serializers.Serializer): help_text=_("Perm single to ungroup node") ) - TICKET_AUTHORIZE_DEFAULT_TIME = serializers.IntegerField( - min_value=1, max_value=999999, required=False, - label=_("Ticket authorize default time") - ) - TICKET_AUTHORIZE_DEFAULT_TIME_UNIT = serializers.ChoiceField( - choices=[('day', _("day")), ('hour', _("hour"))], - label=_("Ticket authorize default time unit"), required=False, - ) - HELP_DOCUMENT_URL = serializers.URLField( - required=False, allow_blank=True, allow_null=True, label=_("Help Docs URL"), - help_text=_('default: http://docs.jumpserver.org') - ) - - HELP_SUPPORT_URL = serializers.URLField( - required=False, allow_blank=True, allow_null=True, label=_("Help Support URL"), - help_text=_('default: http://www.jumpserver.org/support/') - ) - # 准备废弃 # PERIOD_TASK_ENABLED = serializers.BooleanField( # required=False, label=_("Enable period task") diff --git a/apps/settings/serializers/security.py b/apps/settings/serializers/security.py index c64791ca9..a5c27f1a1 100644 --- a/apps/settings/serializers/security.py +++ b/apps/settings/serializers/security.py @@ -3,8 +3,31 @@ from rest_framework import serializers from acls.serializers.rules import ip_group_help_text, ip_group_child_validator +__all__ = [ + 'SecurityPasswordRuleSerializer', 'SecuritySessionSerializer', + 'SecurityAuthSerializer', 'SecuritySettingSerializer', + 'SecurityLoginLimitSerializer', 'SecurityBasicSerializer', +] + class SecurityPasswordRuleSerializer(serializers.Serializer): + SECURITY_PASSWORD_EXPIRATION_TIME = serializers.IntegerField( + min_value=1, max_value=99999, required=True, + label=_('User password expiration (day)'), + help_text=_( + 'If the user does not update the password during the time, ' + 'the user password will expire failure;The password expiration reminder mail will be ' + 'automatic sent to the user by system within 5 days (daily) before the password expires' + ) + ) + OLD_PASSWORD_HISTORY_LIMIT_COUNT = serializers.IntegerField( + min_value=0, max_value=99999, required=True, + label=_('Number of repeated historical passwords'), + help_text=_( + 'Tip: When the user resets the password, it cannot be ' + 'the previous n historical passwords of the user' + ) + ) SECURITY_PASSWORD_MIN_LENGTH = serializers.IntegerField( min_value=6, max_value=30, required=True, label=_('Password minimum length') @@ -33,20 +56,7 @@ login_ip_limit_time_help_text = _( ) -class SecurityAuthSerializer(serializers.Serializer): - SECURITY_MFA_AUTH = serializers.ChoiceField( - choices=( - [0, _('Not enabled')], - [1, _('All users')], - [2, _('Only admin users')], - ), - required=False, label=_("Global MFA auth") - ) - SECURITY_MFA_AUTH_ENABLED_FOR_THIRD_PARTY = serializers.BooleanField( - required=False, default=True, - label=_('Third-party login users perform MFA authentication'), - help_text=_('The third-party login modes include OIDC, CAS, and SAML2'), - ) +class SecurityLoginLimitSerializer(serializers.Serializer): SECURITY_LOGIN_LIMIT_COUNT = serializers.IntegerField( min_value=3, max_value=99999, label=_('Limit the number of user login failures') @@ -56,6 +66,7 @@ class SecurityAuthSerializer(serializers.Serializer): label=_('Block user login interval (minute)'), help_text=login_ip_limit_time_help_text ) + SECURITY_LOGIN_IP_LIMIT_COUNT = serializers.IntegerField( min_value=3, max_value=99999, label=_('Limit the number of IP login failures') @@ -75,23 +86,6 @@ class SecurityAuthSerializer(serializers.Serializer): child=serializers.CharField(max_length=1024, validators=[ip_group_child_validator]), help_text=ip_group_help_text ) - SECURITY_PASSWORD_EXPIRATION_TIME = serializers.IntegerField( - min_value=1, max_value=99999, required=True, - label=_('User password expiration (day)'), - help_text=_( - 'If the user does not update the password during the time, ' - 'the user password will expire failure;The password expiration reminder mail will be ' - 'automatic sent to the user by system within 5 days (daily) before the password expires' - ) - ) - OLD_PASSWORD_HISTORY_LIMIT_COUNT = serializers.IntegerField( - min_value=0, max_value=99999, required=True, - label=_('Number of repeated historical passwords'), - help_text=_( - 'Tip: When the user resets the password, it cannot be ' - 'the previous n historical passwords of the user' - ) - ) USER_LOGIN_SINGLE_MACHINE_ENABLED = serializers.BooleanField( required=False, default=False, label=_("Only single device login"), help_text=_("After the user logs in on the new device, other logged-in devices will automatically log out") @@ -113,6 +107,29 @@ class SecurityAuthSerializer(serializers.Serializer): "they can log in directly" ) ) + + +class SecurityAuthSerializer(serializers.Serializer): + SECURITY_MFA_AUTH = serializers.ChoiceField( + choices=( + [0, _('Not enabled')], + [1, _('All users')], + [2, _('Only admin users')], + ), + required=False, label=_("Global MFA auth") + ) + SECURITY_MFA_AUTH_ENABLED_FOR_THIRD_PARTY = serializers.BooleanField( + required=False, default=True, + label=_('Third-party login users perform MFA authentication'), + help_text=_('The third-party login modes include OIDC, CAS, and SAML2'), + ) + OTP_ISSUER_NAME = serializers.CharField( + required=False, max_length=16, label=_('OTP issuer name'), + ) + OTP_VALID_WINDOW = serializers.IntegerField( + min_value=1, max_value=10, + label=_("OTP valid window") + ) SECURITY_MFA_VERIFY_TTL = serializers.IntegerField( min_value=5, max_value=60 * 60 * 10, label=_("MFA verify TTL"), @@ -120,6 +137,11 @@ class SecurityAuthSerializer(serializers.Serializer): "Unit: second, The verification MFA takes effect only when you view the account password" ) ) + SECURITY_MFA_IN_LOGIN_PAGE = serializers.BooleanField( + required=False, default=False, + label=_("MFA in login page"), + help_text=_("Eu security regulations(GDPR) require MFA to be on the login page") + ) VERIFY_CODE_TTL = serializers.IntegerField( min_value=5, max_value=60 * 60 * 10, label=_("Verify code TTL (second)"), @@ -131,15 +153,22 @@ class SecurityAuthSerializer(serializers.Serializer): help_text=_("The password and additional code are sent to a third party " "authentication system for verification") ) - SECURITY_MFA_IN_LOGIN_PAGE = serializers.BooleanField( - required=False, default=False, - label=_("MFA in login page"), - help_text=_("Eu security regulations(GDPR) require MFA to be on the login page") - ) SECURITY_LOGIN_CAPTCHA_ENABLED = serializers.BooleanField( required=False, default=False, label=_("Enable Login captcha"), help_text=_("Enable captcha to prevent robot authentication") ) + SECURITY_CHECK_DIFFERENT_CITY_LOGIN = serializers.BooleanField( + required=False, label=_('Remote Login Protection'), + help_text=_( + 'The system determines whether the login IP address belongs to a common login city. ' + 'If the account is logged in from a common login city, the system sends a remote login reminder' + ) + ) + SECURITY_UNCOMMON_USERS_TTL = serializers.IntegerField( + min_value=30, max_value=99999, required=False, + label=_('Unused user timeout (day)'), + help_text=_("Detect infrequent users daily and disable them if they exceed the predetermined time limit.") + ) def validate(self, attrs): if attrs.get('SECURITY_MFA_AUTH') != 1: @@ -156,15 +185,7 @@ class SecurityAuthSerializer(serializers.Serializer): return data -class SecuritySettingSerializer(SecurityPasswordRuleSerializer, SecurityAuthSerializer): - PREFIX_TITLE = _('Security') - - SECURITY_SERVICE_ACCOUNT_REGISTRATION = serializers.BooleanField( - required=True, label=_('Enable terminal register'), - help_text=_( - "Allow terminal register, after all terminal setup, you should disable this for security" - ) - ) +class SecuritySessionSerializer(serializers.Serializer): SECURITY_WATERMARK_ENABLED = serializers.BooleanField( required=True, label=_('Enable watermark'), help_text=_('Enabled, the web session and replay contains watermark information') @@ -182,6 +203,13 @@ class SecuritySettingSerializer(SecurityPasswordRuleSerializer, SecurityAuthSeri SECURITY_LUNA_REMEMBER_AUTH = serializers.BooleanField( label=_("Remember manual auth") ) + SECURITY_SESSION_SHARE = serializers.BooleanField( + required=True, label=_('Session share'), + help_text=_("Enabled, Allows user active session to be shared with other users") + ) + + +class SecurityBasicSerializer(serializers.Serializer): SECURITY_INSECURE_COMMAND = serializers.BooleanField( required=False, label=_('Insecure command alert') ) @@ -189,35 +217,11 @@ class SecuritySettingSerializer(SecurityPasswordRuleSerializer, SecurityAuthSeri max_length=8192, required=False, allow_blank=True, label=_('Email recipient'), help_text=_('Multiple user using , split') ) - SECURITY_COMMAND_EXECUTION = serializers.BooleanField( - required=False, label=_('Operation center'), - help_text=_('Allow user run batch command or not using ansible') - ) - SECURITY_COMMAND_BLACKLIST = serializers.ListField( - child=serializers.CharField(max_length=1024, ), - label=_('Operation center command blacklist'), - help_text=_("Commands that are not allowed execute.") - ) - SECURITY_SESSION_SHARE = serializers.BooleanField( - required=True, label=_('Session share'), - help_text=_("Enabled, Allows user active session to be shared with other users") - ) - SECURITY_UNCOMMON_USERS_TTL = serializers.IntegerField( - min_value=30, max_value=99999, required=False, - label=_('Unused user timeout (day)'), - help_text=_("Detect infrequent users daily and disable them if they exceed the predetermined time limit.") - ) - SECURITY_CHECK_DIFFERENT_CITY_LOGIN = serializers.BooleanField( - required=False, label=_('Remote Login Protection'), - help_text=_( - 'The system determines whether the login IP address belongs to a common login city. ' - 'If the account is logged in from a common login city, the system sends a remote login reminder' - ) - ) - OTP_ISSUER_NAME = serializers.CharField( - required=False, max_length=16, label=_('OTP issuer name'), - ) - OTP_VALID_WINDOW = serializers.IntegerField( - min_value=1, max_value=10, - label=_("OTP valid window") - ) + + +class SecuritySettingSerializer( + SecurityPasswordRuleSerializer, SecurityAuthSerializer, + SecuritySessionSerializer, SecurityBasicSerializer, + SecurityLoginLimitSerializer, +): + PREFIX_TITLE = _('Security') diff --git a/apps/settings/serializers/settings.py b/apps/settings/serializers/settings.py index c0ff911a7..a0e022f77 100644 --- a/apps/settings/serializers/settings.py +++ b/apps/settings/serializers/settings.py @@ -14,7 +14,7 @@ from .auth import ( ) from .basic import BasicSettingSerializer from .cleaning import CleaningSerializer -from .email import EmailSettingSerializer, EmailContentSettingSerializer +from .msg import EmailSettingSerializer, EmailContentSettingSerializer from .other import OtherSettingSerializer from .security import SecuritySettingSerializer from .terminal import TerminalSettingSerializer diff --git a/apps/settings/serializers/sms.py b/apps/settings/serializers/sms.py deleted file mode 100644 index ec78993a6..000000000 --- a/apps/settings/serializers/sms.py +++ /dev/null @@ -1,7 +0,0 @@ -from django.utils.translation import gettext_lazy as _ -from rest_framework import serializers - - -class SMSBackendSerializer(serializers.Serializer): - name = serializers.CharField(max_length=256, required=True, label=_('Name')) - label = serializers.CharField(max_length=256, required=True, label=_('Label')) diff --git a/apps/settings/serializers/terminal.py b/apps/settings/serializers/terminal.py index ea1412cd1..17782a2e0 100644 --- a/apps/settings/serializers/terminal.py +++ b/apps/settings/serializers/terminal.py @@ -18,6 +18,12 @@ class TerminalSettingSerializer(serializers.Serializer): ('25', '25'), ('50', '50'), ) + SECURITY_SERVICE_ACCOUNT_REGISTRATION = serializers.BooleanField( + required=True, label=_('Enable terminal register'), + help_text=_( + "Allow terminal register, after all terminal setup, you should disable this for security" + ) + ) TERMINAL_PASSWORD_AUTH = serializers.BooleanField(required=False, label=_('Password auth')) TERMINAL_PUBLIC_KEY_AUTH = serializers.BooleanField( required=False, label=_('Public key auth'), diff --git a/apps/settings/serializers/vault.py b/apps/settings/serializers/vault.py deleted file mode 100644 index e25c73e6c..000000000 --- a/apps/settings/serializers/vault.py +++ /dev/null @@ -1,27 +0,0 @@ -from django.utils.translation import gettext_lazy as _ -from rest_framework import serializers - -from accounts.const import VaultTypeChoices -from common.serializers.fields import EncryptedField - -__all__ = ['VaultSettingSerializer'] - - -class VaultSettingSerializer(serializers.Serializer): - VAULT_TYPE = serializers.ChoiceField( - default=VaultTypeChoices.local, choices=VaultTypeChoices.choices, - required=False, label=_('Type') - ) - VAULT_HCP_HOST = serializers.CharField( - max_length=256, allow_blank=True, required=False, label=_('Host') - ) - VAULT_HCP_TOKEN = EncryptedField( - max_length=256, allow_blank=True, required=False, label=_('Token'), default='' - ) - VAULT_HCP_MOUNT_POINT = serializers.CharField( - max_length=256, allow_blank=True, required=False, label=_('Mount Point') - ) - - def validate(self, attrs): - attrs.pop('VAULT_TYPE', None) - return attrs From 663ccbca6febd91449043d67a405fc3806082991 Mon Sep 17 00:00:00 2001 From: ibuler Date: Tue, 15 Aug 2023 13:49:56 +0800 Subject: [PATCH 3/3] =?UTF-8?q?perf:=20=E4=BF=AE=E6=94=B9=E7=BF=BB?= =?UTF-8?q?=E8=AF=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/locale/zh/LC_MESSAGES/django.po | 4 ++-- apps/terminal/models/applet/host.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index d6630142c..39125c86a 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -5262,13 +5262,13 @@ msgstr "开启验证码,防止机器人登录" #: settings/serializers/security.py:163 msgid "Enable terminal register" -msgstr "终端注册" +msgstr "组件注册" #: settings/serializers/security.py:165 msgid "" "Allow terminal register, after all terminal setup, you should disable this " "for security" -msgstr "是否允许终端注册,当所有终端启动后,为了安全应该关闭" +msgstr "是否允许组件注册,当所有终端启动后,为了安全应该关闭" #: settings/serializers/security.py:169 msgid "Enable watermark" diff --git a/apps/terminal/models/applet/host.py b/apps/terminal/models/applet/host.py index 23af7f5ac..d7f5a9a6a 100644 --- a/apps/terminal/models/applet/host.py +++ b/apps/terminal/models/applet/host.py @@ -147,7 +147,7 @@ class AppletHostDeployment(JMSBaseModel): def start(self, **kwargs): # 重新初始化部署,applet host 关联的终端需要删除 - # 否则 tinker 会因终端注册名称相同,造成冲突,执行任务失败 + # 否则 tinker 会因组件注册名称相同,造成冲突,执行任务失败 if self.host.terminal: terminal = self.host.terminal self.host.terminal = None