diff --git a/apps/assets/api/domain.py b/apps/assets/api/domain.py index 13be62315..e6f6c0550 100644 --- a/apps/assets/api/domain.py +++ b/apps/assets/api/domain.py @@ -44,4 +44,4 @@ class GatewayTestConnectionApi(SingleObjectMixin, APIView): if ok: return Response("ok") else: - return Response({"failed": e}, status=404) + return Response({"error": e}, status=400) diff --git a/apps/assets/backends/base.py b/apps/assets/backends/base.py index 801bfbbb1..d46c67f70 100644 --- a/apps/assets/backends/base.py +++ b/apps/assets/backends/base.py @@ -38,6 +38,9 @@ class AssetUserQuerySet(list): if len(v) == 0: return self if k.find("__in") >= 0: + _k = k.split('__')[0] + in_kwargs[_k] = v + else: in_kwargs[k] = v for k in in_kwargs: kwargs.pop(k) @@ -45,17 +48,16 @@ class AssetUserQuerySet(list): if len(in_kwargs) == 0: return self for i in self: - matched = True + matched = False for k, v in in_kwargs.items(): - key = k.split('__')[0] - attr = getattr(i, key, None) + attr = getattr(i, k, None) # 如果属性或者value中是uuid,则转换成string if isinstance(v[0], uuid.UUID): v = [str(i) for i in v] if isinstance(attr, uuid.UUID): attr = str(attr) - if attr not in v: - matched = False + if v in attr: + matched = True if matched: queryset.append(i) return AssetUserQuerySet(queryset) diff --git a/apps/assets/models/domain.py b/apps/assets/models/domain.py index 2051181fe..99e677a07 100644 --- a/apps/assets/models/domain.py +++ b/apps/assets/models/domain.py @@ -3,9 +3,9 @@ import uuid import random +import re import paramiko - from django.db import models from django.utils.translation import ugettext_lazy as _ @@ -63,6 +63,9 @@ class Gateway(AssetUser): def test_connective(self, local_port=None): if local_port is None: local_port = self.port + if not re.match(r'\w+$', self.password): + return False, _("Password should not contain special characters") + client = paramiko.SSHClient() client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) proxy = paramiko.SSHClient() diff --git a/apps/assets/templates/assets/domain_gateway_list.html b/apps/assets/templates/assets/domain_gateway_list.html index ade46acc9..79636a2bc 100644 --- a/apps/assets/templates/assets/domain_gateway_list.html +++ b/apps/assets/templates/assets/domain_gateway_list.html @@ -139,7 +139,7 @@ $(document).ready(function(){ method: "POST", body: JSON.stringify({'port': parseInt(data.port)}), success_message: "{% trans 'Can be connected' %}", - fail_message: "{% trans 'The connection fails' %}" + {#fail_message: "{% trans 'The connection fails' %}"#} }) }); diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo index daba13c8f..1c086dd7f 100644 Binary files a/apps/locale/zh/LC_MESSAGES/django.mo and b/apps/locale/zh/LC_MESSAGES/django.mo differ diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index 43f218060..f09593c4f 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Jumpserver 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2019-11-19 10:29+0800\n" +"POT-Creation-Date: 2019-11-20 12:02+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: ibuler \n" "Language-Team: Jumpserver team\n" @@ -144,7 +144,7 @@ msgstr "资产" #: settings/templates/settings/terminal_setting.html:105 terminal/models.py:23 #: terminal/models.py:260 terminal/templates/terminal/terminal_detail.html:43 #: terminal/templates/terminal/terminal_list.html:29 users/forms.py:162 -#: users/models/group.py:14 users/models/user.py:428 +#: users/models/group.py:14 users/models/user.py:429 #: users/templates/users/_select_user_modal.html:13 #: users/templates/users/user_detail.html:63 #: users/templates/users/user_group_detail.html:55 @@ -198,7 +198,7 @@ msgstr "参数" #: orgs/models.py:16 perms/models/base.py:54 #: perms/templates/perms/asset_permission_detail.html:98 #: perms/templates/perms/remote_app_permission_detail.html:90 -#: users/models/user.py:469 users/serializers/group.py:32 +#: users/models/user.py:470 users/serializers/group.py:32 #: users/templates/users/user_detail.html:111 #: xpack/plugins/change_auth_plan/models.py:109 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:113 @@ -261,7 +261,7 @@ msgstr "创建日期" #: settings/models.py:34 terminal/models.py:33 #: terminal/templates/terminal/terminal_detail.html:63 #: tickets/templates/tickets/ticket_detail.html:104 users/models/group.py:15 -#: users/models/user.py:461 users/templates/users/user_detail.html:129 +#: users/models/user.py:462 users/templates/users/user_detail.html:129 #: users/templates/users/user_group_detail.html:67 #: users/templates/users/user_group_list.html:37 #: users/templates/users/user_profile.html:138 @@ -683,7 +683,7 @@ msgstr "选择资产" msgid "Content should not be contain: {}" msgstr "内容不能包含: {}" -#: assets/forms/domain.py:55 +#: assets/forms/domain.py:55 assets/models/domain.py:67 msgid "Password should not contain special characters" msgstr "不能包含特殊字符" @@ -708,7 +708,7 @@ msgstr "SSH网关,支持代理SSH,RDP和VNC" #: perms/templates/perms/asset_permission_user.html:55 #: perms/templates/perms/remote_app_permission_user.html:54 #: settings/templates/settings/_ldap_list_users_modal.html:31 users/forms.py:14 -#: users/forms.py:161 users/models/user.py:426 +#: users/forms.py:161 users/models/user.py:427 #: users/templates/users/_select_user_modal.html:14 #: users/templates/users/user_detail.html:67 #: users/templates/users/user_list.html:36 @@ -749,7 +749,7 @@ msgstr "密码" #: assets/forms/user.py:30 assets/serializers/asset_user.py:71 #: assets/templates/assets/_asset_user_auth_update_modal.html:27 -#: users/models/user.py:455 +#: users/models/user.py:456 msgid "Private key" msgstr "ssh私钥" @@ -964,7 +964,7 @@ msgstr "带宽" msgid "Contact" msgstr "联系人" -#: assets/models/cluster.py:22 users/models/user.py:447 +#: assets/models/cluster.py:22 users/models/user.py:448 #: users/templates/users/user_detail.html:76 msgid "Phone" msgstr "手机" @@ -990,7 +990,7 @@ msgid "Default" msgstr "默认" #: assets/models/cluster.py:36 assets/models/label.py:14 -#: users/models/user.py:567 +#: users/models/user.py:568 msgid "System" msgstr "系统" @@ -1133,7 +1133,7 @@ msgstr "默认资产组" #: tickets/models/ticket.py:128 tickets/templates/tickets/ticket_detail.html:32 #: tickets/templates/tickets/ticket_list.html:34 #: tickets/templates/tickets/ticket_list.html:100 users/forms.py:339 -#: users/models/user.py:148 users/models/user.py:164 users/models/user.py:555 +#: users/models/user.py:148 users/models/user.py:164 users/models/user.py:556 #: users/serializers/group.py:21 #: users/templates/users/user_group_detail.html:78 #: users/templates/users/user_group_list.html:36 users/views/user.py:250 @@ -1289,7 +1289,7 @@ msgid "Backend" msgstr "后端" #: assets/serializers/asset_user.py:67 users/forms.py:282 -#: users/models/user.py:458 users/templates/users/first_login.html:42 +#: users/models/user.py:459 users/templates/users/first_login.html:42 #: users/templates/users/user_password_update.html:49 #: users/templates/users/user_profile.html:69 #: users/templates/users/user_profile_update.html:46 @@ -2012,10 +2012,6 @@ msgstr "测试连接" msgid "Can be connected" msgstr "可连接" -#: assets/templates/assets/domain_gateway_list.html:142 -msgid "The connection fails" -msgstr "连接失败" - #: assets/templates/assets/domain_list.html:6 msgid "" "The domain function is added to address the fact that some environments " @@ -2293,7 +2289,7 @@ msgstr "Agent" #: audits/models.py:86 audits/templates/audits/login_log_list.html:62 #: authentication/templates/authentication/_mfa_confirm_modal.html:14 -#: users/forms.py:194 users/models/user.py:450 +#: users/forms.py:194 users/models/user.py:451 #: users/templates/users/first_login.html:45 msgid "MFA" msgstr "MFA" @@ -2807,7 +2803,7 @@ msgstr "" #: jumpserver/views.py:233 msgid "Websocket server run on port: {}, you should proxy it on nginx" -msgstr "" +msgstr "Websocket 服务运行在端口: {}, 请检查nginx是否代理是否设置" #: jumpserver/views.py:241 msgid "" @@ -3198,7 +3194,7 @@ msgstr "提示:RDP 协议不支持单独控制上传或下载文件" #: perms/templates/perms/asset_permission_list.html:211 #: perms/templates/perms/remote_app_permission_list.html:16 #: templates/_nav.html:21 users/forms.py:313 users/models/group.py:26 -#: users/models/user.py:434 users/templates/users/_select_user_modal.html:16 +#: users/models/user.py:435 users/templates/users/_select_user_modal.html:16 #: users/templates/users/user_detail.html:219 #: users/templates/users/user_list.html:38 #: xpack/plugins/orgs/templates/orgs/org_list.html:16 @@ -3241,7 +3237,7 @@ msgstr "资产授权" #: perms/models/base.py:53 #: perms/templates/perms/asset_permission_detail.html:90 #: perms/templates/perms/remote_app_permission_detail.html:82 -#: users/models/user.py:466 users/templates/users/user_detail.html:107 +#: users/models/user.py:467 users/templates/users/user_detail.html:107 #: users/templates/users/user_profile.html:120 msgid "Date expired" msgstr "失效日期" @@ -3816,7 +3812,7 @@ msgid "Refresh cache" msgstr "刷新缓存" #: settings/templates/settings/_ldap_list_users_modal.html:33 -#: users/models/user.py:430 users/templates/users/user_detail.html:71 +#: users/models/user.py:431 users/templates/users/user_detail.html:71 #: users/templates/users/user_profile.html:59 msgid "Email" msgstr "邮件" @@ -4757,11 +4753,11 @@ msgstr "工单列表" msgid "Ticket detail" msgstr "工单详情" -#: users/api/user.py:173 +#: users/api/user.py:174 msgid "Could not reset self otp, use profile reset instead" msgstr "不能再该页面重置MFA, 请去个人信息页面重置" -#: users/forms.py:47 users/models/user.py:438 +#: users/forms.py:47 users/models/user.py:439 #: users/templates/users/_select_user_modal.html:15 #: users/templates/users/user_detail.html:87 #: users/templates/users/user_list.html:37 @@ -4769,7 +4765,7 @@ msgstr "不能再该页面重置MFA, 请去个人信息页面重置" msgid "Role" msgstr "角色" -#: users/forms.py:51 users/models/user.py:473 +#: users/forms.py:51 users/models/user.py:474 #: users/templates/users/user_detail.html:103 #: users/templates/users/user_list.html:39 #: users/templates/users/user_profile.html:102 @@ -4797,7 +4793,7 @@ msgstr "添加到用户组" msgid "Public key should not be the same as your old one." msgstr "不能和原来的密钥相同" -#: users/forms.py:110 users/forms.py:271 users/serializers/user.py:109 +#: users/forms.py:110 users/forms.py:271 users/serializers/user.py:122 msgid "Not a valid ssh public key" msgstr "ssh密钥不合法" @@ -4887,7 +4883,7 @@ msgstr "选择用户" msgid "User auth from {}, go there change password" msgstr "用户认证源来自 {}, 请去相应系统修改密码" -#: users/models/user.py:147 users/models/user.py:563 +#: users/models/user.py:147 users/models/user.py:564 msgid "Administrator" msgstr "管理员" @@ -4912,23 +4908,23 @@ msgstr "组织审计员" msgid "Force enable" msgstr "强制启用" -#: users/models/user.py:418 +#: users/models/user.py:419 msgid "Local" msgstr "数据库" -#: users/models/user.py:441 +#: users/models/user.py:442 msgid "Avatar" msgstr "头像" -#: users/models/user.py:444 users/templates/users/user_detail.html:82 +#: users/models/user.py:445 users/templates/users/user_detail.html:82 msgid "Wechat" msgstr "微信" -#: users/models/user.py:477 +#: users/models/user.py:478 msgid "Date password last updated" msgstr "最后更新密码日期" -#: users/models/user.py:566 +#: users/models/user.py:567 msgid "Administrator is the super user of system" msgstr "Administrator是初始的超级管理员" @@ -4936,42 +4932,42 @@ msgstr "Administrator是初始的超级管理员" msgid "Auditors cannot be join in the user group" msgstr "审计员不能被加入到用户组" -#: users/serializers/user.py:39 -msgid "Groups name" -msgstr "用户组名" - -#: users/serializers/user.py:40 -msgid "Source name" -msgstr "用户来源名" - -#: users/serializers/user.py:41 +#: users/serializers/user.py:35 msgid "Is first login" msgstr "首次登录" -#: users/serializers/user.py:42 -msgid "Role name" -msgstr "角色名" - -#: users/serializers/user.py:43 +#: users/serializers/user.py:36 msgid "Is valid" msgstr "账户是否有效" -#: users/serializers/user.py:44 +#: users/serializers/user.py:37 msgid "Is expired" msgstr " 是否过期" -#: users/serializers/user.py:45 +#: users/serializers/user.py:38 msgid "Avatar url" msgstr "头像路径" -#: users/serializers/user.py:65 +#: users/serializers/user.py:46 msgid "Role limit to {}" msgstr "角色只能为 {}" -#: users/serializers/user.py:77 +#: users/serializers/user.py:58 msgid "Password does not match security rules" msgstr "密码不满足安全规则" +#: users/serializers/user.py:107 +msgid "Groups name" +msgstr "用户组名" + +#: users/serializers/user.py:108 +msgid "Source name" +msgstr "用户来源名" + +#: users/serializers/user.py:109 +msgid "Role name" +msgstr "角色名" + #: users/serializers_v2/user.py:36 msgid "name not unique" msgstr "名称重复" @@ -6431,6 +6427,9 @@ msgstr "密码匣子" msgid "vault create" msgstr "创建" +#~ msgid "The connection fails" +#~ msgstr "连接失败" + #~ msgid "Assigned ticket" #~ msgstr "处理人" diff --git a/apps/terminal/api_v2/terminal.py b/apps/terminal/api_v2/terminal.py index bad0aabc9..57b8ab3e3 100644 --- a/apps/terminal/api_v2/terminal.py +++ b/apps/terminal/api_v2/terminal.py @@ -3,6 +3,7 @@ from rest_framework import viewsets, generics from rest_framework import status from rest_framework.response import Response +from django.conf import settings from common.permissions import IsSuperUser, WithBootstrapToken @@ -17,6 +18,9 @@ class TerminalViewSet(viewsets.ModelViewSet): queryset = Terminal.objects.filter(is_deleted=False) serializer_class = serializers.TerminalSerializer permission_classes = [IsSuperUser] + http_method_names = [ + 'get', 'put', 'patch', 'delete', 'head', 'options', 'trace' + ] class TerminalRegistrationApi(generics.CreateAPIView): @@ -29,6 +33,9 @@ class TerminalRegistrationApi(generics.CreateAPIView): serializer = serializers.TerminalSerializer( data=data, context={'request': request} ) + if not settings.SECURITY_SERVICE_ACCOUNT_REGISTRATION: + data = {"error": "service account registration disabled"} + return Response(data=data, status=status.HTTP_400_BAD_REQUEST) serializer.is_valid(raise_exception=True) terminal = serializer.save() sa_serializer = serializer.sa_serializer_class(instance=terminal.user) diff --git a/apps/terminal/serializers_v2/terminal.py b/apps/terminal/serializers_v2/terminal.py index 021519564..f4e26b230 100644 --- a/apps/terminal/serializers_v2/terminal.py +++ b/apps/terminal/serializers_v2/terminal.py @@ -28,9 +28,6 @@ class TerminalSerializer(serializers.ModelSerializer): valid = super().is_valid(raise_exception=raise_exception) if not valid: return valid - if not settings.SECURITY_SERVICE_ACCOUNT_REGISTRATION: - error = {"error": "service account registration disabled"} - raise serializers.ValidationError(error) data = {'name': self.validated_data.get('name')} kwargs = {'data': data} if self.instance and self.instance.user: diff --git a/jms b/jms index 6331227fa..7d0c3d334 100755 --- a/jms +++ b/jms @@ -114,7 +114,7 @@ def check_pid(pid): """ Check For the existence of a unix pid. """ try: os.kill(pid, 0) - except OSError: + except (OSError, ProcessLookupError): return False else: return True @@ -231,6 +231,9 @@ def get_start_worker_kwargs(queue, num): if os.getuid() == 0: os.environ.setdefault('C_FORCE_ROOT', '1') + server_hostname = os.environ.get("SERVER_HOSTNAME") + if not server_hostname: + server_hostname = '%h' cmd = [ 'celery', 'worker', @@ -238,7 +241,7 @@ def get_start_worker_kwargs(queue, num): '-l', 'INFO', '-c', str(num), '-Q', queue, - '-n', '{}@%h'.format(queue) + '-n', '{}@{}'.format(queue, server_hostname) ] return {"cmd": cmd, "cwd": APPS_DIR} @@ -437,6 +440,12 @@ def stop_service(srv, sig=15): print("Stop service: {}".format(s), end='') pid = get_pid(s) os.kill(pid, sig) + with LOCK: + process = processes.pop(s, None) + if process is None: + print("\033[31m No process found\033[0m") + continue + process.wait(1) for i in range(STOP_TIMEOUT): if i == STOP_TIMEOUT - 1: print("\033[31m Error\033[0m") @@ -447,9 +456,6 @@ def stop_service(srv, sig=15): time.sleep(1) continue - with LOCK: - processes.pop(s, None) - if srv == "all": stop_daemon_service()