perf: add SECURITY_DISABLE_VIEW_SECRET conf

This commit is contained in:
wangruidong
2026-07-08 16:19:00 +08:00
committed by 老广
parent 8ad8f78218
commit a99c89f5c8
6 changed files with 10 additions and 10 deletions

View File

@@ -93,5 +93,5 @@ class IntegrationApplicationViewSet(OrgBulkModelViewSet):
)
# 根据配置决定是否返回密码
secret = account.secret if settings.SECURITY_ACCOUNT_SECRET_READ else None
secret = None if settings.SECURITY_DISABLE_VIEW_SECRET else account.secret
return Response(data={'id': request.user.id, 'secret': secret})

View File

@@ -76,8 +76,8 @@ class BaseFileRenderer(LogMixin, BaseRenderer):
fields_unexport = getattr(meta, 'fields_unexport', [])
fields = [v for v in fields if v.field_name not in fields_unexport]
# 仅真实导出数据时过滤敏感字段,模板需保留这些字段供用户填写
if self.template == 'export':
# 仅真实导出数据且禁用查看密文时过滤敏感字段,模板需保留这些字段供用户填写
if self.template == 'export' and settings.SECURITY_DISABLE_VIEW_SECRET:
fields = [v for v in fields if not self.is_secret_field(v)]
return fields

View File

@@ -39,14 +39,14 @@ __all__ = [
class SecretReadableCheckMixin(serializers.Serializer):
"""
根据 SECURITY_ACCOUNT_SECRET_READ 配置控制密码字段的可读性
当配置为 False 时,密码字段返回 None
根据 SECURITY_DISABLE_VIEW_SECRET 配置控制密码字段的可读性
当配置为 True 时,密码字段返回 <REDACTED>
"""
def to_representation(self, instance):
ret = super().to_representation(instance)
if not settings.SECURITY_ACCOUNT_SECRET_READ:
if settings.SECURITY_DISABLE_VIEW_SECRET:
secret_fields = getattr(self.Meta, 'secret_fields', ['secret'])
for field_name in secret_fields:
if field_name in ret:

View File

@@ -611,7 +611,7 @@ class Config(dict):
'SECURITY_ACCOUNT_USERNAME_FORBIDDEN_CHARS': '{[\'"`;|<>',
'SECURITY_SERVICE_ACCOUNT_REGISTRATION': 'auto',
'SECURITY_VIEW_AUTH_NEED_MFA': True,
'SECURITY_ACCOUNT_SECRET_READ': True,
'SECURITY_DISABLE_VIEW_SECRET': False,
'SECURITY_MAX_IDLE_TIME': 30,
'SECURITY_MAX_SESSION_TIME': 24,
'SECURITY_PASSWORD_EXPIRATION_TIME_ADMIN': 9999,
@@ -1159,4 +1159,4 @@ class ConfigManager:
# 对config进行兼容处理
config.compatible()
return config
return config

View File

@@ -66,7 +66,7 @@ VERIFY_CODE_TTL = CONFIG.VERIFY_CODE_TTL
SECURITY_MFA_VERIFY_TTL = CONFIG.SECURITY_MFA_VERIFY_TTL
SECURITY_UNCOMMON_USERS_TTL = CONFIG.SECURITY_UNCOMMON_USERS_TTL
SECURITY_VIEW_AUTH_NEED_MFA = CONFIG.SECURITY_VIEW_AUTH_NEED_MFA
SECURITY_ACCOUNT_SECRET_READ = CONFIG.SECURITY_ACCOUNT_SECRET_READ
SECURITY_DISABLE_VIEW_SECRET = CONFIG.SECURITY_DISABLE_VIEW_SECRET
SECURITY_ACCOUNT_USERNAME_FORBIDDEN_CHARS = CONFIG.SECURITY_ACCOUNT_USERNAME_FORBIDDEN_CHARS
SECURITY_SERVICE_ACCOUNT_REGISTRATION = CONFIG.SECURITY_SERVICE_ACCOUNT_REGISTRATION
SECURITY_LOGIN_CAPTCHA_ENABLED = CONFIG.SECURITY_LOGIN_CAPTCHA_ENABLED

View File

@@ -22,7 +22,7 @@ class PrivateSettingSerializer(PublicSettingSerializer):
TICKET_AUTHORIZE_DEFAULT_TIME_UNIT = serializers.CharField()
AUTH_LDAP_SYNC_ORG_IDS = serializers.ListField()
SECURITY_MAX_IDLE_TIME = serializers.IntegerField()
SECURITY_ACCOUNT_SECRET_READ = serializers.BooleanField()
SECURITY_DISABLE_VIEW_SECRET = serializers.BooleanField()
SECURITY_VIEW_AUTH_NEED_MFA = serializers.BooleanField()
SECURITY_MFA_AUTH = serializers.IntegerField()
SECURITY_MFA_VERIFY_TTL = serializers.IntegerField()