mirror of
https://github.com/jumpserver/jumpserver.git
synced 2026-07-11 09:25:03 +00:00
perf: add SECURITY_DISABLE_VIEW_SECRET conf
This commit is contained in:
@@ -93,5 +93,5 @@ class IntegrationApplicationViewSet(OrgBulkModelViewSet):
|
||||
)
|
||||
|
||||
# 根据配置决定是否返回密码
|
||||
secret = account.secret if settings.SECURITY_ACCOUNT_SECRET_READ else None
|
||||
secret = None if settings.SECURITY_DISABLE_VIEW_SECRET else account.secret
|
||||
return Response(data={'id': request.user.id, 'secret': secret})
|
||||
|
||||
@@ -76,8 +76,8 @@ class BaseFileRenderer(LogMixin, BaseRenderer):
|
||||
|
||||
fields_unexport = getattr(meta, 'fields_unexport', [])
|
||||
fields = [v for v in fields if v.field_name not in fields_unexport]
|
||||
# 仅真实导出数据时过滤敏感字段,模板需保留这些字段供用户填写
|
||||
if self.template == 'export':
|
||||
# 仅真实导出数据且禁用查看密文时过滤敏感字段,模板需保留这些字段供用户填写
|
||||
if self.template == 'export' and settings.SECURITY_DISABLE_VIEW_SECRET:
|
||||
fields = [v for v in fields if not self.is_secret_field(v)]
|
||||
return fields
|
||||
|
||||
|
||||
@@ -39,14 +39,14 @@ __all__ = [
|
||||
|
||||
class SecretReadableCheckMixin(serializers.Serializer):
|
||||
"""
|
||||
根据 SECURITY_ACCOUNT_SECRET_READ 配置控制密码字段的可读性
|
||||
当配置为 False 时,密码字段返回 None
|
||||
根据 SECURITY_DISABLE_VIEW_SECRET 配置控制密码字段的可读性
|
||||
当配置为 True 时,密码字段返回 <REDACTED>
|
||||
"""
|
||||
|
||||
def to_representation(self, instance):
|
||||
ret = super().to_representation(instance)
|
||||
|
||||
if not settings.SECURITY_ACCOUNT_SECRET_READ:
|
||||
if settings.SECURITY_DISABLE_VIEW_SECRET:
|
||||
secret_fields = getattr(self.Meta, 'secret_fields', ['secret'])
|
||||
for field_name in secret_fields:
|
||||
if field_name in ret:
|
||||
|
||||
@@ -611,7 +611,7 @@ class Config(dict):
|
||||
'SECURITY_ACCOUNT_USERNAME_FORBIDDEN_CHARS': '{[\'"`;|<>',
|
||||
'SECURITY_SERVICE_ACCOUNT_REGISTRATION': 'auto',
|
||||
'SECURITY_VIEW_AUTH_NEED_MFA': True,
|
||||
'SECURITY_ACCOUNT_SECRET_READ': True,
|
||||
'SECURITY_DISABLE_VIEW_SECRET': False,
|
||||
'SECURITY_MAX_IDLE_TIME': 30,
|
||||
'SECURITY_MAX_SESSION_TIME': 24,
|
||||
'SECURITY_PASSWORD_EXPIRATION_TIME_ADMIN': 9999,
|
||||
@@ -1159,4 +1159,4 @@ class ConfigManager:
|
||||
|
||||
# 对config进行兼容处理
|
||||
config.compatible()
|
||||
return config
|
||||
return config
|
||||
|
||||
@@ -66,7 +66,7 @@ VERIFY_CODE_TTL = CONFIG.VERIFY_CODE_TTL
|
||||
SECURITY_MFA_VERIFY_TTL = CONFIG.SECURITY_MFA_VERIFY_TTL
|
||||
SECURITY_UNCOMMON_USERS_TTL = CONFIG.SECURITY_UNCOMMON_USERS_TTL
|
||||
SECURITY_VIEW_AUTH_NEED_MFA = CONFIG.SECURITY_VIEW_AUTH_NEED_MFA
|
||||
SECURITY_ACCOUNT_SECRET_READ = CONFIG.SECURITY_ACCOUNT_SECRET_READ
|
||||
SECURITY_DISABLE_VIEW_SECRET = CONFIG.SECURITY_DISABLE_VIEW_SECRET
|
||||
SECURITY_ACCOUNT_USERNAME_FORBIDDEN_CHARS = CONFIG.SECURITY_ACCOUNT_USERNAME_FORBIDDEN_CHARS
|
||||
SECURITY_SERVICE_ACCOUNT_REGISTRATION = CONFIG.SECURITY_SERVICE_ACCOUNT_REGISTRATION
|
||||
SECURITY_LOGIN_CAPTCHA_ENABLED = CONFIG.SECURITY_LOGIN_CAPTCHA_ENABLED
|
||||
|
||||
@@ -22,7 +22,7 @@ class PrivateSettingSerializer(PublicSettingSerializer):
|
||||
TICKET_AUTHORIZE_DEFAULT_TIME_UNIT = serializers.CharField()
|
||||
AUTH_LDAP_SYNC_ORG_IDS = serializers.ListField()
|
||||
SECURITY_MAX_IDLE_TIME = serializers.IntegerField()
|
||||
SECURITY_ACCOUNT_SECRET_READ = serializers.BooleanField()
|
||||
SECURITY_DISABLE_VIEW_SECRET = serializers.BooleanField()
|
||||
SECURITY_VIEW_AUTH_NEED_MFA = serializers.BooleanField()
|
||||
SECURITY_MFA_AUTH = serializers.IntegerField()
|
||||
SECURITY_MFA_VERIFY_TTL = serializers.IntegerField()
|
||||
|
||||
Reference in New Issue
Block a user