diff --git a/apps/assets/api/asset_user.py b/apps/assets/api/asset_user.py index c3dc518fa..7bbca679d 100644 --- a/apps/assets/api/asset_user.py +++ b/apps/assets/api/asset_user.py @@ -1,8 +1,6 @@ # -*- coding: utf-8 -*- # -import time - from rest_framework.response import Response from rest_framework import viewsets, status, generics from rest_framework.pagination import LimitOffsetPagination diff --git a/apps/assets/migrations/0032_auto_20190624_2108.py b/apps/assets/migrations/0032_auto_20190624_2108.py new file mode 100644 index 000000000..441f13cdb --- /dev/null +++ b/apps/assets/migrations/0032_auto_20190624_2108.py @@ -0,0 +1,75 @@ +# Generated by Django 2.1.7 on 2019-06-24 13:08 + +import assets.models.utils +import common.fields.model +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('assets', '0031_auto_20190621_1332'), + ] + + operations = [ + migrations.AlterField( + model_name='adminuser', + name='_password', + field=common.fields.model.EncryptCharField(blank=True, max_length=256, null=True, verbose_name='Password'), + ), + migrations.AlterField( + model_name='adminuser', + name='_private_key', + field=common.fields.model.EncryptTextField(blank=True, null=True, validators=[assets.models.utils.private_key_validator], verbose_name='SSH private key'), + ), + migrations.AlterField( + model_name='adminuser', + name='_public_key', + field=common.fields.model.EncryptTextField(blank=True, null=True, verbose_name='SSH public key'), + ), + migrations.AlterField( + model_name='authbook', + name='_password', + field=common.fields.model.EncryptCharField(blank=True, max_length=256, null=True, verbose_name='Password'), + ), + migrations.AlterField( + model_name='authbook', + name='_private_key', + field=common.fields.model.EncryptTextField(blank=True, null=True, validators=[assets.models.utils.private_key_validator], verbose_name='SSH private key'), + ), + migrations.AlterField( + model_name='authbook', + name='_public_key', + field=common.fields.model.EncryptTextField(blank=True, null=True, verbose_name='SSH public key'), + ), + migrations.AlterField( + model_name='gateway', + name='_password', + field=common.fields.model.EncryptCharField(blank=True, max_length=256, null=True, verbose_name='Password'), + ), + migrations.AlterField( + model_name='gateway', + name='_private_key', + field=common.fields.model.EncryptTextField(blank=True, null=True, validators=[assets.models.utils.private_key_validator], verbose_name='SSH private key'), + ), + migrations.AlterField( + model_name='gateway', + name='_public_key', + field=common.fields.model.EncryptTextField(blank=True, null=True, verbose_name='SSH public key'), + ), + migrations.AlterField( + model_name='systemuser', + name='_password', + field=common.fields.model.EncryptCharField(blank=True, max_length=256, null=True, verbose_name='Password'), + ), + migrations.AlterField( + model_name='systemuser', + name='_private_key', + field=common.fields.model.EncryptTextField(blank=True, null=True, validators=[assets.models.utils.private_key_validator], verbose_name='SSH private key'), + ), + migrations.AlterField( + model_name='systemuser', + name='_public_key', + field=common.fields.model.EncryptTextField(blank=True, null=True, verbose_name='SSH public key'), + ), + ] diff --git a/apps/assets/migrations/0033_auto_20190624_2108.py b/apps/assets/migrations/0033_auto_20190624_2108.py new file mode 100644 index 000000000..c9ac245d0 --- /dev/null +++ b/apps/assets/migrations/0033_auto_20190624_2108.py @@ -0,0 +1,74 @@ +# Generated by Django 2.1.7 on 2019-06-24 13:08 + +import common.fields.model +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('assets', '0032_auto_20190624_2108'), + ] + + operations = [ + migrations.RenameField( + model_name='adminuser', + old_name='_private_key', + new_name='private_key', + ), + migrations.RenameField( + model_name='adminuser', + old_name='_public_key', + new_name='public_key', + ), + migrations.RenameField( + model_name='authbook', + old_name='_private_key', + new_name='private_key', + ), + migrations.RenameField( + model_name='authbook', + old_name='_public_key', + new_name='public_key', + ), + migrations.RenameField( + model_name='gateway', + old_name='_private_key', + new_name='private_key', + ), + migrations.RenameField( + model_name='gateway', + old_name='_public_key', + new_name='public_key', + ), + migrations.RenameField( + model_name='systemuser', + old_name='_private_key', + new_name='private_key', + ), + migrations.RenameField( + model_name='systemuser', + old_name='_public_key', + new_name='public_key', + ), + migrations.RenameField( + model_name='adminuser', + old_name='_password', + new_name='password', + ), + migrations.RenameField( + model_name='authbook', + old_name='_password', + new_name='password', + ), + migrations.RenameField( + model_name='gateway', + old_name='_password', + new_name='password', + ), + migrations.RenameField( + model_name='systemuser', + old_name='_password', + new_name='password', + ), + ] diff --git a/apps/assets/models/base.py b/apps/assets/models/base.py index b8ae16f1e..6c089e14b 100644 --- a/apps/assets/models/base.py +++ b/apps/assets/models/base.py @@ -26,9 +26,9 @@ class AssetUser(OrgModelMixin): id = models.UUIDField(default=uuid.uuid4, primary_key=True) name = models.CharField(max_length=128, verbose_name=_('Name')) username = models.CharField(max_length=32, blank=True, verbose_name=_('Username'), validators=[alphanumeric]) - _password = fields.EncryptCharField(max_length=256, blank=True, null=True, verbose_name=_('Password')) - _private_key = models.TextField(max_length=4096, blank=True, null=True, verbose_name=_('SSH private key'), validators=[private_key_validator, ]) - _public_key = models.TextField(max_length=4096, blank=True, verbose_name=_('SSH public key')) + password = fields.EncryptCharField(max_length=256, blank=True, null=True, verbose_name=_('Password')) + private_key = fields.EncryptTextField(blank=True, null=True, verbose_name=_('SSH private key'), validators=[private_key_validator, ]) + public_key = fields.EncryptTextField(blank=True, null=True, verbose_name=_('SSH public key')) comment = models.TextField(blank=True, verbose_name=_('Comment')) date_created = models.DateTimeField(auto_now_add=True, verbose_name=_("Date created")) date_updated = models.DateTimeField(auto_now=True, verbose_name=_("Date updated")) @@ -38,28 +38,6 @@ class AssetUser(OrgModelMixin): _prefer = "system_user" - @property - def password(self): - if self._password: - return signer.unsign(self._password) - else: - return None - - @password.setter - def password(self, password_raw): - # raise AttributeError("Using set_auth do that") - self._password = signer.sign(password_raw) - - @property - def private_key(self): - if self._private_key: - return signer.unsign(self._private_key) - - @private_key.setter - def private_key(self, private_key_raw): - # raise AttributeError("Using set_auth do that") - self._private_key = signer.sign(private_key_raw) - @property def private_key_obj(self): if self._private_key: @@ -82,19 +60,6 @@ class AssetUser(OrgModelMixin): os.chmod(key_path, 0o400) return key_path - @property - def public_key(self): - key = signer.unsign(self._public_key) - if key: - return key - else: - return None - - @public_key.setter - def public_key(self, public_key_raw): - # raise AttributeError("Using set_auth do that") - self._public_key = signer.sign(public_key_raw) - @property def public_key_obj(self): if self.public_key: @@ -192,9 +157,9 @@ class AssetUser(OrgModelMixin): self.private_key = other.private_key def clear_auth(self): - self._password = '' - self._private_key = '' - self._public_key = '' + self.password = '' + self.private_key = '' + self.public_key = '' self.save() def auto_gen_auth(self): @@ -231,7 +196,7 @@ class AssetUser(OrgModelMixin): from . import AuthBook fields = [ 'name', 'username', 'comment', 'org_id', - '_password', '_private_key', '_public_key', + 'password', 'private_key', 'public_key', 'date_created', 'date_updated', 'created_by' ] i = self.generate_id_with_asset(asset) diff --git a/apps/common/fields/model.py b/apps/common/fields/model.py index c2bb1e0be..e1bd4e1e7 100644 --- a/apps/common/fields/model.py +++ b/apps/common/fields/model.py @@ -124,10 +124,27 @@ class EncryptTextField(EncryptMixin, models.TextField): class EncryptCharField(EncryptMixin, models.CharField): + @staticmethod + def change_max_length(kwargs): + kwargs.setdefault('max_length', 1024) + max_length = kwargs.get('max_length') + if max_length < 129: + max_length = 128 + max_length = max_length * 2 + kwargs['max_length'] = max_length + def __init__(self, *args, **kwargs): - kwargs['max_length'] = 2048 + self.change_max_length(kwargs) super().__init__(*args, **kwargs) + def deconstruct(self): + name, path, args, kwargs = super().deconstruct() + max_length = kwargs.pop('max_length') + if max_length > 255: + max_length = max_length // 2 + kwargs['max_length'] = max_length + return name, path, args, kwargs + class EncryptJsonDictTextField(EncryptMixin, JsonDictTextField): pass diff --git a/apps/common/tests.py b/apps/common/tests.py index 7ce503c2d..a9edb8f69 100644 --- a/apps/common/tests.py +++ b/apps/common/tests.py @@ -1,3 +1,16 @@ from django.test import TestCase # Create your tests here. + +from .utils import random_string, get_signer + + +def test_signer_len(): + signer = get_signer() + results = {} + for i in range(1, 4096): + s = random_string(i) + encs = signer.sign(s) + results[i] = (len(encs)/len(s)) + results = sorted(results.items(), key=lambda x: x[1], reverse=True) + print(results) diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index df9825fef..6183721f3 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Jumpserver 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2019-06-24 20:17+0800\n" +"POT-Creation-Date: 2019-06-24 21:38+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: ibuler \n" "Language-Team: Jumpserver team\n" @@ -411,7 +411,7 @@ msgstr "详情" #: applications/templates/applications/remote_app_detail.html:21 #: applications/templates/applications/remote_app_list.html:56 -#: assets/templates/assets/_asset_user_list.html:69 +#: assets/templates/assets/_asset_user_list.html:70 #: assets/templates/assets/admin_user_detail.html:24 #: assets/templates/assets/admin_user_list.html:29 #: assets/templates/assets/admin_user_list.html:114 @@ -1435,11 +1435,11 @@ msgstr "日期" msgid "Test datetime: " msgstr "测试日期: " -#: assets/templates/assets/_asset_user_list.html:68 +#: assets/templates/assets/_asset_user_list.html:69 msgid "View" msgstr "查看" -#: assets/templates/assets/_asset_user_list.html:70 +#: assets/templates/assets/_asset_user_list.html:71 #: assets/templates/assets/admin_user_assets.html:61 #: assets/templates/assets/asset_asset_user_list.html:57 #: assets/templates/assets/asset_detail.html:182 @@ -1448,7 +1448,7 @@ msgstr "查看" msgid "Test" msgstr "测试" -#: assets/templates/assets/_asset_user_list.html:71 +#: assets/templates/assets/_asset_user_list.html:72 #: assets/templates/assets/system_user_assets.html:72 #: assets/templates/assets/system_user_detail.html:142 msgid "Push" @@ -1632,7 +1632,7 @@ msgstr "比例" #: users/templates/users/user_group_list.html:194 #: users/templates/users/user_list.html:158 #: users/templates/users/user_list.html:190 -#: xpack/plugins/vault/templates/vault/vault.html:223 +#: xpack/plugins/vault/templates/vault/vault.html:224 msgid "Please select file" msgstr "选择文件"