mirror of
https://github.com/jumpserver/jumpserver.git
synced 2025-09-18 00:08:31 +00:00
[Update] 修改tickets
This commit is contained in:
ibuler
@@ -10,7 +10,7 @@ from common.utils import get_logger, get_object_or_none
|
||||
from common.permissions import IsOrgAdmin
|
||||
from ..models import LoginConfirmSetting
|
||||
from ..serializers import LoginConfirmSettingSerializer
|
||||
from .. import errors
|
||||
from .. import errors, mixins
|
||||
|
||||
__all__ = ['LoginConfirmSettingUpdateApi', 'LoginConfirmTicketStatusApi']
|
||||
logger = get_logger(__name__)
|
||||
@@ -31,7 +31,7 @@ class LoginConfirmSettingUpdateApi(UpdateAPIView):
|
||||
return s
|
||||
|
||||
|
||||
class LoginConfirmTicketStatusApi(APIView):
|
||||
class LoginConfirmTicketStatusApi(mixins.AuthMixin, APIView):
|
||||
permission_classes = ()
|
||||
|
||||
def get_ticket(self):
|
||||
@@ -45,24 +45,9 @@ class LoginConfirmTicketStatusApi(APIView):
|
||||
return ticket
|
||||
|
||||
def get(self, request, *args, **kwargs):
|
||||
ticket_id = self.request.session.get("auth_ticket_id")
|
||||
ticket = self.get_ticket()
|
||||
try:
|
||||
if not ticket:
|
||||
raise errors.LoginConfirmOtherError(ticket_id, _("not found"))
|
||||
if ticket.status == 'open':
|
||||
raise errors.LoginConfirmWaitError(ticket_id)
|
||||
elif ticket.action == ticket.ACTION_APPROVE:
|
||||
self.request.session["auth_confirm"] = "1"
|
||||
return Response({"msg": "ok"})
|
||||
elif ticket.action == ticket.ACTION_REJECT:
|
||||
raise errors.LoginConfirmOtherError(
|
||||
ticket_id, ticket.get_action_display()
|
||||
)
|
||||
else:
|
||||
raise errors.LoginConfirmOtherError(
|
||||
ticket_id, ticket.get_status_display()
|
||||
)
|
||||
self.check_user_login_confirm()
|
||||
return Response({"msg": "ok"})
|
||||
except errors.NeedMoreInfoError as e:
|
||||
return Response(e.as_data(), status=200)
|
||||
|
||||
|
||||
@@ -28,7 +28,7 @@ class TokenCreateApi(AuthMixin, CreateAPIView):
|
||||
self.create_session_if_need()
|
||||
# 如果认证没有过,检查账号密码
|
||||
try:
|
||||
user = self.check_user_auth()
|
||||
user = self.check_user_auth_if_need()
|
||||
self.check_user_mfa_if_need(user)
|
||||
self.check_user_login_confirm_if_need(user)
|
||||
self.send_auth_signal(success=True, user=user)
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
import time
|
||||
from django.conf import settings
|
||||
|
||||
from common.utils import get_object_or_none, get_request_ip, get_logger
|
||||
from users.models import User
|
||||
@@ -49,8 +50,8 @@ class AuthMixin:
|
||||
raise errors.BlockLoginError(username=username, ip=ip)
|
||||
|
||||
def check_user_auth(self):
|
||||
request = self.request
|
||||
self.check_is_block()
|
||||
request = self.request
|
||||
if hasattr(request, 'data'):
|
||||
username = request.data.get('username', '')
|
||||
password = request.data.get('password', '')
|
||||
@@ -73,11 +74,20 @@ class AuthMixin:
|
||||
request.session['user_id'] = str(user.id)
|
||||
return user
|
||||
|
||||
def check_user_auth_if_need(self):
|
||||
request = self.request
|
||||
if request.session.get('auth_password') and \
|
||||
request.session.get('user_id'):
|
||||
user = self.get_user_from_session()
|
||||
if user:
|
||||
return user
|
||||
return self.check_user_auth()
|
||||
|
||||
def check_user_mfa_if_need(self, user):
|
||||
if self.request.session.get('auth_mfa'):
|
||||
return True
|
||||
return
|
||||
if not user.otp_enabled or not user.otp_secret_key:
|
||||
return True
|
||||
return
|
||||
raise errors.MFARequiredError()
|
||||
|
||||
def check_user_mfa(self, code):
|
||||
@@ -90,28 +100,53 @@ class AuthMixin:
|
||||
return
|
||||
raise errors.MFAFailedError(username=user.username, request=self.request)
|
||||
|
||||
def check_user_login_confirm_if_need(self, user):
|
||||
def get_ticket(self):
|
||||
from tickets.models import LoginConfirmTicket
|
||||
confirm_setting = user.get_login_confirm_setting()
|
||||
if self.request.session.get('auth_confirm') or not confirm_setting:
|
||||
return
|
||||
ticket = None
|
||||
if self.request.session.get('auth_ticket_id'):
|
||||
ticket_id = self.request.session['auth_ticket_id']
|
||||
ticket_id = self.request.session.get("auth_ticket_id")
|
||||
logger.debug('Login confirm ticket id: {}'.format(ticket_id))
|
||||
if not ticket_id:
|
||||
ticket = None
|
||||
else:
|
||||
ticket = get_object_or_none(LoginConfirmTicket, pk=ticket_id)
|
||||
return ticket
|
||||
|
||||
def get_ticket_or_create(self, confirm_setting):
|
||||
ticket = self.get_ticket()
|
||||
if not ticket:
|
||||
ticket = confirm_setting.create_confirm_ticket(self.request)
|
||||
self.request.session['auth_ticket_id'] = str(ticket.id)
|
||||
return ticket
|
||||
|
||||
if ticket.status == "accepted":
|
||||
return
|
||||
elif ticket.status == "rejected":
|
||||
raise errors.LoginConfirmOtherError(ticket.id)
|
||||
else:
|
||||
def check_user_login_confirm(self):
|
||||
ticket = self.get_ticket()
|
||||
if not ticket:
|
||||
raise errors.LoginConfirmOtherError('', "Not found")
|
||||
if ticket.status == ticket.STATUS_OPEN:
|
||||
raise errors.LoginConfirmWaitError(ticket.id)
|
||||
elif ticket.action == ticket.ACTION_APPROVE:
|
||||
self.request.session["auth_confirm"] = "1"
|
||||
return
|
||||
elif ticket.action == ticket.ACTION_REJECT:
|
||||
raise errors.LoginConfirmOtherError(
|
||||
ticket.id, ticket.get_action_display()
|
||||
)
|
||||
else:
|
||||
raise errors.LoginConfirmOtherError(
|
||||
ticket.id, ticket.get_status_display()
|
||||
)
|
||||
|
||||
def check_user_login_confirm_if_need(self, user):
|
||||
if not settings.CONFIG.LOGIN_CONFIRM_ENABLE:
|
||||
return
|
||||
confirm_setting = user.get_login_confirm_setting()
|
||||
if self.request.session.get('auth_confirm') or not confirm_setting:
|
||||
return
|
||||
self.get_ticket_or_create(confirm_setting)
|
||||
self.check_user_login_confirm()
|
||||
|
||||
def clear_auth_mark(self):
|
||||
self.request.session['auth_password'] = ''
|
||||
self.request.session['auth_user_id'] = ''
|
||||
self.request.session['auth_mfa'] = ''
|
||||
self.request.session['auth_confirm'] = ''
|
||||
self.request.session['auth_ticket_id'] = ''
|
||||
|
||||
@@ -43,7 +43,7 @@
|
||||
</a>
|
||||
</div>
|
||||
<div class="col-lg-3">
|
||||
<a class="btn btn-primary btn-sm block btn-copy" data-link="{{ order_detail_url }}">
|
||||
<a class="btn btn-primary btn-sm block btn-copy" data-link="{{ ticket_detail_url }}">
|
||||
<i class="fa fa-clipboard"></i> {% trans 'Copy link' %}
|
||||
</a>
|
||||
</div>
|
||||
@@ -132,7 +132,11 @@ $(document).ready(function () {
|
||||
checkInterval = setInterval(doRequestAuth, 5000);
|
||||
doRequestAuth();
|
||||
initClipboard();
|
||||
window.onbeforeunload = function (e) {
|
||||
return "{% trans "Confirm" %}";
|
||||
};
|
||||
}).on('click', '.btn-refresh', function () {
|
||||
window.onbeforeunload = function() {};
|
||||
window.location.reload();
|
||||
})
|
||||
|
||||
|
||||
@@ -19,9 +19,7 @@ from django.conf import settings
|
||||
from django.urls import reverse_lazy
|
||||
|
||||
from common.utils import get_request_ip, get_object_or_none
|
||||
from users.models import User
|
||||
from users.utils import (
|
||||
get_user_or_tmp_user, increase_login_failed_count,
|
||||
redirect_user_first_login_or_index
|
||||
)
|
||||
from ..signals import post_auth_success, post_auth_failed
|
||||
@@ -117,42 +115,28 @@ class UserLoginGuardView(mixins.AuthMixin, RedirectView):
|
||||
return url
|
||||
|
||||
def get_redirect_url(self, *args, **kwargs):
|
||||
if not self.request.session.get('auth_password'):
|
||||
try:
|
||||
user = self.check_user_auth_if_need()
|
||||
self.check_user_mfa_if_need(user)
|
||||
self.check_user_login_confirm_if_need(user)
|
||||
except errors.CredentialError:
|
||||
return self.format_redirect_url(self.login_url)
|
||||
user = self.get_user_from_session()
|
||||
# 启用并设置了otp
|
||||
if user.otp_enabled and user.otp_secret_key and \
|
||||
not self.request.session.get('auth_mfa'):
|
||||
except errors.MFARequiredError:
|
||||
return self.format_redirect_url(self.login_otp_url)
|
||||
confirm_setting = user.get_login_confirm_setting()
|
||||
if confirm_setting and not self.request.session.get('auth_confirm'):
|
||||
ticket = confirm_setting.create_confirm_ticket(self.request)
|
||||
self.request.session['auth_ticket_id'] = str(ticket.id)
|
||||
url = self.format_redirect_url(self.login_confirm_url)
|
||||
return url
|
||||
self.login_success(user)
|
||||
self.clear_auth_mark()
|
||||
# 启用但是没有设置otp
|
||||
if user.otp_enabled and not user.otp_secret_key:
|
||||
# 1,2,mfa_setting & F
|
||||
return reverse('users:user-otp-enable-authentication')
|
||||
url = redirect_user_first_login_or_index(
|
||||
self.request, self.redirect_field_name
|
||||
)
|
||||
return url
|
||||
|
||||
def login_success(self, user):
|
||||
auth_login(self.request, user)
|
||||
self.send_auth_signal(success=True, user=user)
|
||||
|
||||
def send_auth_signal(self, success=True, user=None, username='', reason=''):
|
||||
if success:
|
||||
post_auth_success.send(sender=self.__class__, user=user, request=self.request)
|
||||
except errors.LoginConfirmBaseError:
|
||||
return self.format_redirect_url(self.login_confirm_url)
|
||||
else:
|
||||
post_auth_failed.send(
|
||||
sender=self.__class__, username=username,
|
||||
request=self.request, reason=reason
|
||||
auth_login(self.request, user)
|
||||
self.send_auth_signal(success=True, user=user)
|
||||
self.clear_auth_mark()
|
||||
# 启用但是没有设置otp
|
||||
if user.otp_enabled and not user.otp_secret_key:
|
||||
# 1,2,mfa_setting & F
|
||||
return reverse('users:user-otp-enable-authentication')
|
||||
url = redirect_user_first_login_or_index(
|
||||
self.request, self.redirect_field_name
|
||||
)
|
||||
return url
|
||||
|
||||
|
||||
class UserLoginWaitConfirmView(TemplateView):
|
||||
|
||||
Reference in New Issue
Block a user