From a99c89f5c8ae5abf41c7b46d01ce4c07c84d7699 Mon Sep 17 00:00:00 2001 From: wangruidong <940853815@qq.com> Date: Wed, 8 Jul 2026 16:19:00 +0800 Subject: [PATCH] perf: add SECURITY_DISABLE_VIEW_SECRET conf --- apps/accounts/api/account/application.py | 2 +- apps/common/drf/renders/base.py | 4 ++-- apps/common/serializers/mixin.py | 6 +++--- apps/jumpserver/conf.py | 4 ++-- apps/jumpserver/settings/custom.py | 2 +- apps/settings/serializers/public.py | 2 +- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/apps/accounts/api/account/application.py b/apps/accounts/api/account/application.py index b154bebb6..16f68f8d3 100644 --- a/apps/accounts/api/account/application.py +++ b/apps/accounts/api/account/application.py @@ -93,5 +93,5 @@ class IntegrationApplicationViewSet(OrgBulkModelViewSet): ) # 根据配置决定是否返回密码 - secret = account.secret if settings.SECURITY_ACCOUNT_SECRET_READ else None + secret = None if settings.SECURITY_DISABLE_VIEW_SECRET else account.secret return Response(data={'id': request.user.id, 'secret': secret}) diff --git a/apps/common/drf/renders/base.py b/apps/common/drf/renders/base.py index 91f86f910..eb9d6a713 100644 --- a/apps/common/drf/renders/base.py +++ b/apps/common/drf/renders/base.py @@ -76,8 +76,8 @@ class BaseFileRenderer(LogMixin, BaseRenderer): fields_unexport = getattr(meta, 'fields_unexport', []) fields = [v for v in fields if v.field_name not in fields_unexport] - # 仅真实导出数据时过滤敏感字段,模板需保留这些字段供用户填写 - if self.template == 'export': + # 仅真实导出数据且禁用查看密文时过滤敏感字段,模板需保留这些字段供用户填写 + if self.template == 'export' and settings.SECURITY_DISABLE_VIEW_SECRET: fields = [v for v in fields if not self.is_secret_field(v)] return fields diff --git a/apps/common/serializers/mixin.py b/apps/common/serializers/mixin.py index 09a95fffc..456c58513 100644 --- a/apps/common/serializers/mixin.py +++ b/apps/common/serializers/mixin.py @@ -39,14 +39,14 @@ __all__ = [ class SecretReadableCheckMixin(serializers.Serializer): """ - 根据 SECURITY_ACCOUNT_SECRET_READ 配置控制密码字段的可读性 - 当配置为 False 时,密码字段返回 None + 根据 SECURITY_DISABLE_VIEW_SECRET 配置控制密码字段的可读性 + 当配置为 True 时,密码字段返回 """ def to_representation(self, instance): ret = super().to_representation(instance) - if not settings.SECURITY_ACCOUNT_SECRET_READ: + if settings.SECURITY_DISABLE_VIEW_SECRET: secret_fields = getattr(self.Meta, 'secret_fields', ['secret']) for field_name in secret_fields: if field_name in ret: diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index 61051c8ba..9cbfccd79 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -611,7 +611,7 @@ class Config(dict): 'SECURITY_ACCOUNT_USERNAME_FORBIDDEN_CHARS': '{[\'"`;|<>', 'SECURITY_SERVICE_ACCOUNT_REGISTRATION': 'auto', 'SECURITY_VIEW_AUTH_NEED_MFA': True, - 'SECURITY_ACCOUNT_SECRET_READ': True, + 'SECURITY_DISABLE_VIEW_SECRET': False, 'SECURITY_MAX_IDLE_TIME': 30, 'SECURITY_MAX_SESSION_TIME': 24, 'SECURITY_PASSWORD_EXPIRATION_TIME_ADMIN': 9999, @@ -1159,4 +1159,4 @@ class ConfigManager: # 对config进行兼容处理 config.compatible() - return config \ No newline at end of file + return config diff --git a/apps/jumpserver/settings/custom.py b/apps/jumpserver/settings/custom.py index 14030e248..43377d4f1 100644 --- a/apps/jumpserver/settings/custom.py +++ b/apps/jumpserver/settings/custom.py @@ -66,7 +66,7 @@ VERIFY_CODE_TTL = CONFIG.VERIFY_CODE_TTL SECURITY_MFA_VERIFY_TTL = CONFIG.SECURITY_MFA_VERIFY_TTL SECURITY_UNCOMMON_USERS_TTL = CONFIG.SECURITY_UNCOMMON_USERS_TTL SECURITY_VIEW_AUTH_NEED_MFA = CONFIG.SECURITY_VIEW_AUTH_NEED_MFA -SECURITY_ACCOUNT_SECRET_READ = CONFIG.SECURITY_ACCOUNT_SECRET_READ +SECURITY_DISABLE_VIEW_SECRET = CONFIG.SECURITY_DISABLE_VIEW_SECRET SECURITY_ACCOUNT_USERNAME_FORBIDDEN_CHARS = CONFIG.SECURITY_ACCOUNT_USERNAME_FORBIDDEN_CHARS SECURITY_SERVICE_ACCOUNT_REGISTRATION = CONFIG.SECURITY_SERVICE_ACCOUNT_REGISTRATION SECURITY_LOGIN_CAPTCHA_ENABLED = CONFIG.SECURITY_LOGIN_CAPTCHA_ENABLED diff --git a/apps/settings/serializers/public.py b/apps/settings/serializers/public.py index d1edf6de5..3a5f9feca 100644 --- a/apps/settings/serializers/public.py +++ b/apps/settings/serializers/public.py @@ -22,7 +22,7 @@ class PrivateSettingSerializer(PublicSettingSerializer): TICKET_AUTHORIZE_DEFAULT_TIME_UNIT = serializers.CharField() AUTH_LDAP_SYNC_ORG_IDS = serializers.ListField() SECURITY_MAX_IDLE_TIME = serializers.IntegerField() - SECURITY_ACCOUNT_SECRET_READ = serializers.BooleanField() + SECURITY_DISABLE_VIEW_SECRET = serializers.BooleanField() SECURITY_VIEW_AUTH_NEED_MFA = serializers.BooleanField() SECURITY_MFA_AUTH = serializers.IntegerField() SECURITY_MFA_VERIFY_TTL = serializers.IntegerField()