perf: custom input secret support ssh key

This commit is contained in:
ibuler
2026-06-02 11:07:04 +08:00
committed by 老广
parent 4f16bd9e09
commit ab73892166
3 changed files with 17 additions and 8 deletions

View File

@@ -54,13 +54,13 @@ class VirtualAccount(JMSOrgBaseModel):
return cls.objects.all()
@classmethod
def get_special_account(cls, alias, user, asset, input_username='', input_secret='', from_permed=True):
def get_special_account(cls, alias, user, asset, input_username='', input_secret='', input_secret_type='', from_permed=True):
if alias == AliasAccount.INPUT.value:
account = cls.get_manual_account(input_username, input_secret, from_permed)
account = cls.get_manual_account(input_username, input_secret, input_secret_type, from_permed)
elif alias == AliasAccount.ANON.value:
account = cls.get_anonymous_account()
elif alias == AliasAccount.USER.value:
account = cls.get_same_account(user, asset, input_secret=input_secret, from_permed=from_permed)
account = cls.get_same_account(user, asset, input_secret=input_secret, input_secret_type=input_secret_type, from_permed=from_permed)
else:
account = cls(name=alias, username=alias, secret=None)
account.alias = alias
@@ -70,16 +70,18 @@ class VirtualAccount(JMSOrgBaseModel):
return account
@classmethod
def get_manual_account(cls, input_username='', input_secret='', from_permed=True):
def get_manual_account(cls, input_username='', input_secret='', input_secret_type='', from_permed=True):
""" @INPUT 手动登录的账号(any) """
from .account import Account
if from_permed:
username = AliasAccount.INPUT.value
secret = ''
secret_type = 'password'
else:
username = input_username
secret = input_secret
return Account(name=AliasAccount.INPUT.label, username=username, secret=secret)
secret_type = input_secret_type or 'password'
return Account(name=AliasAccount.INPUT.label, username=username, secret=secret, secret_type=secret_type)
@classmethod
def get_anonymous_account(cls):
@@ -87,7 +89,7 @@ class VirtualAccount(JMSOrgBaseModel):
return Account(name=AliasAccount.ANON.label, username=AliasAccount.ANON.value, secret=None)
@classmethod
def get_same_account(cls, user, asset, input_secret='', from_permed=True):
def get_same_account(cls, user, asset, input_secret='', input_secret_type='', from_permed=True):
""" @USER 动态用户的账号(self) """
from .account import Account
username = user.username
@@ -97,11 +99,13 @@ class VirtualAccount(JMSOrgBaseModel):
same_account = cls.objects.filter(alias=alias).first()
secret = ''
secret_type = 'password'
if same_account and same_account.secret_from_login:
secret = user.get_cached_password_if_has()
if not secret and not from_permed:
secret = input_secret
account = Account(name=AliasAccount.USER.label, username=username, secret=secret)
secret_type = input_secret_type or 'password'
account = Account(name=AliasAccount.USER.label, username=username, secret=secret, secret_type=secret_type)
account.alias = alias
return account

View File

@@ -438,9 +438,11 @@ class ConnectionTokenViewSet(AuthFaceMixin, ExtraActionApiMixin, RootOrgViewMixi
account = self._validate_perm(user, asset, account_alias, protocol)
if account.has_secret:
data['input_secret'] = ''
data['input_secret_type'] = account.secret_type
if account.username != AliasAccount.INPUT:
data['input_username'] = ''
data['input_secret_type'] = ''
ticket = self._validate_acl(user, asset, account, connect_method, protocol)
if ticket:

View File

@@ -44,6 +44,7 @@ class ConnectionToken(JMSOrgBaseModel):
account = models.CharField(max_length=128, verbose_name=_("Account name")) # 登录账号Name
input_username = models.CharField(max_length=128, default='', blank=True, verbose_name=_("Input username"))
input_secret = EncryptTextField(max_length=64, default='', blank=True, verbose_name=_("Input secret"))
input_secret_type = models.CharField(max_length=16, default='password', blank=True, verbose_name=_("Input secret type"))
protocol = models.CharField(max_length=16, default=Protocol.ssh, verbose_name=_("Protocol"))
connect_method = models.CharField(max_length=32, verbose_name=_("Connect method"))
connect_options = models.JSONField(default=dict, verbose_name=_("Connect options"))
@@ -301,12 +302,14 @@ class ConnectionToken(JMSOrgBaseModel):
if self.account.startswith('@'):
account = VirtualAccount.get_special_account(
self.account, self.user, self.asset, input_username=self.input_username,
input_secret=self.input_secret, from_permed=False
input_secret=self.input_secret, input_secret_type=self.input_secret_type,
from_permed=False
)
else:
account = self.get_asset_accounts_by_alias(self.asset, self.account)
if not account.secret and self.input_secret:
account.secret = self.input_secret
account.secret_type = self.input_secret_type
self.set_ad_domain_if_need(account)
return account