From 7c67d882aa884da6ea268427e5999db2560aa296 Mon Sep 17 00:00:00 2001
From: Bryan <bugatti_it@163.com>
Date: Mon, 25 Sep 2023 23:18:50 +0800
Subject: [PATCH] Revert "fix: pubkey auth require svc sign"

This reverts commit 9bde2ff6e1d8fe58ba070db61f098cafced515e9.
---
 apps/authentication/mixins.py |  6 ------
 apps/common/permissions.py    | 35 -----------------------------------
 2 files changed, 41 deletions(-)

diff --git a/apps/authentication/mixins.py b/apps/authentication/mixins.py
index a9b7a1838..9667e85c7 100644
--- a/apps/authentication/mixins.py
+++ b/apps/authentication/mixins.py
@@ -424,7 +424,6 @@ class AuthMixin(CommonMixin, AuthPreCheckMixin, AuthACLMixin, MFAMixin, AuthPost
     key_prefix_captcha = "_LOGIN_INVALID_{}"
 
     def _check_auth_user_is_valid(self, username, password, public_key):
-        from common.permissions import ServiceAccountSignaturePermission
         user = authenticate(
             self.request, username=username,
             password=password, public_key=public_key
@@ -432,11 +431,6 @@ class AuthMixin(CommonMixin, AuthPreCheckMixin, AuthACLMixin, MFAMixin, AuthPost
         if not user:
             self.raise_credential_error(errors.reason_password_failed)
 
-        if public_key:
-            permission = ServiceAccountSignaturePermission()
-            if not permission.has_permission(self.request, self):
-                self.raise_credential_error(errors.reason_password_failed)
-
         self.request.session['auth_backend'] = getattr(user, 'backend', settings.AUTH_BACKEND_MODEL)
 
         if user.is_expired:
diff --git a/apps/common/permissions.py b/apps/common/permissions.py
index 37c51de47..5c58de68e 100644
--- a/apps/common/permissions.py
+++ b/apps/common/permissions.py
@@ -86,38 +86,3 @@ class UserConfirmation(permissions.BasePermission):
         min_level = ConfirmType.values.index(confirm_type) + 1
         name = 'UserConfirmationLevel{}TTL{}'.format(min_level, ttl)
         return type(name, (cls,), {'min_level': min_level, 'ttl': ttl, 'confirm_type': confirm_type})
-
-
-class ServiceAccountSignaturePermission(permissions.BasePermission):
-    def has_permission(self, request, view):
-        from authentication.models import AccessKey
-        from common.utils.crypto import get_aes_crypto
-        signature = request.META.get('HTTP_X_JMS_SVC', '')
-        if not signature or not signature.startswith('Sign'):
-            return False
-        data = signature[4:].strip()
-        if not data or ':' not in data:
-            return False
-        ak_id, time_sign = data.split(':', 1)
-        if not ak_id or not time_sign:
-            return False
-        ak = AccessKey.objects.filter(id=ak_id).first()
-        if not ak or not ak.is_active:
-            return False
-        if not ak.user or not ak.user.is_active or not ak.user.is_service_account:
-            return False
-        aes = get_aes_crypto(str(ak.secret).replace('-', ''), mode='ECB')
-        try:
-            timestamp = aes.decrypt(time_sign)
-            if not timestamp or not timestamp.isdigit():
-                return False
-            timestamp = int(timestamp)
-            interval = abs(int(time.time()) - timestamp)
-            if interval > 30:
-                return False
-            return True
-        except Exception:
-            return False
-
-    def has_object_permission(self, request, view, obj):
-        return False