mirror of
https://github.com/jumpserver/jumpserver.git
synced 2025-09-12 13:31:56 +00:00
feat: ACL (#5696)
* feature: acl (v0.1) * feature: acl (v0.2) * feature: acl (v0.3) * feature: acl (v0.4) * feature: acl (v0.5) * feature: acl (v0.6) * feature: acl (v0.7) * feature: acl (v0.8) * feature: acl (v0.9) * feature: acl (v1.0) * feature: acl (v1.1) * feature: acl (v1.2) * feature: acl (v1.3) * feature: acl (v1.4) * feature: acl (v1.5) * feature: acl (v1.6) * feature: acl (v1.7) * feature: acl (v1.8) * feature: acl (v1.9) * feature: acl (v2.0) * feature: acl (v2.1) * feature: acl (v2.2) * feature: acl (v2.3) * feature: acl (v2.4) * feature: acl (v2.5) * feature: acl (v2.6) * feature: acl (v2.7) * feature: acl (v2.8) * feature: acl (v2.9) * feature: acl (v3.0) * feature: acl (v3.1) * feature: acl (v3.2) * feature: acl (v3.3) * feature: acl (v3.4) * feature: acl (v3.5) * feature: acl (v3.6) * feature: acl (v3.7) * feature: acl (v3.8) * feature: acl (v3.9) * feature: acl (v4.0) * feature: acl (v4.1) * feature: acl (v4.2) * feature: acl (v4.3) * feature: acl (v4.4)
This commit is contained in:
Jiangjie.Bai
GitHub
@@ -19,6 +19,7 @@ reason_password_expired = 'password_expired'
|
||||
reason_user_invalid = 'user_invalid'
|
||||
reason_user_inactive = 'user_inactive'
|
||||
reason_backend_not_match = 'backend_not_match'
|
||||
reason_acl_not_allow = 'acl_not_allow'
|
||||
|
||||
reason_choices = {
|
||||
reason_password_failed: _('Username/password check failed'),
|
||||
@@ -29,7 +30,8 @@ reason_choices = {
|
||||
reason_password_expired: _("Password expired"),
|
||||
reason_user_invalid: _('Disabled or expired'),
|
||||
reason_user_inactive: _("This account is inactive."),
|
||||
reason_backend_not_match: _("Auth backend not match")
|
||||
reason_backend_not_match: _("Auth backend not match"),
|
||||
reason_acl_not_allow: _("ACL is not allowed")
|
||||
}
|
||||
old_reason_choices = {
|
||||
'0': '-',
|
||||
|
||||
@@ -128,6 +128,13 @@ class AuthMixin:
|
||||
if auth_backend not in auth_backends_allowed:
|
||||
self.raise_credential_error(error=errors.reason_backend_not_match)
|
||||
|
||||
def _check_login_acl(self, user, ip):
|
||||
# ACL 限制用户登录
|
||||
from acls.models import LoginACL
|
||||
is_allowed = LoginACL.allow_user_to_login(user, ip)
|
||||
if not is_allowed:
|
||||
raise self.raise_credential_error(error=errors.reason_acl_not_allow)
|
||||
|
||||
def check_user_auth(self, decrypt_passwd=False):
|
||||
self.check_is_block()
|
||||
request = self.request
|
||||
@@ -135,8 +142,9 @@ class AuthMixin:
|
||||
|
||||
self._check_only_allow_exists_user_auth(username)
|
||||
user = self._check_auth_user_is_valid(username, password, public_key)
|
||||
# 校验login-acl规则
|
||||
self._check_login_acl(user, ip)
|
||||
# 限制只能从认证来源登录
|
||||
|
||||
auth_backend = getattr(user, 'backend', 'django.contrib.auth.backends.ModelBackend')
|
||||
self._check_auth_source_is_valid(user, auth_backend)
|
||||
self._check_password_require_reset_or_not(user)
|
||||
|
||||
Reference in New Issue
Block a user