mirror of
https://github.com/jumpserver/jumpserver.git
synced 2026-07-02 07:01:30 +00:00
perf: custom input secret support ssh key
This commit is contained in:
@@ -54,13 +54,13 @@ class VirtualAccount(JMSOrgBaseModel):
|
||||
return cls.objects.all()
|
||||
|
||||
@classmethod
|
||||
def get_special_account(cls, alias, user, asset, input_username='', input_secret='', from_permed=True):
|
||||
def get_special_account(cls, alias, user, asset, input_username='', input_secret='', input_secret_type='', from_permed=True):
|
||||
if alias == AliasAccount.INPUT.value:
|
||||
account = cls.get_manual_account(input_username, input_secret, from_permed)
|
||||
account = cls.get_manual_account(input_username, input_secret, input_secret_type, from_permed)
|
||||
elif alias == AliasAccount.ANON.value:
|
||||
account = cls.get_anonymous_account()
|
||||
elif alias == AliasAccount.USER.value:
|
||||
account = cls.get_same_account(user, asset, input_secret=input_secret, from_permed=from_permed)
|
||||
account = cls.get_same_account(user, asset, input_secret=input_secret, input_secret_type=input_secret_type, from_permed=from_permed)
|
||||
else:
|
||||
account = cls(name=alias, username=alias, secret=None)
|
||||
account.alias = alias
|
||||
@@ -70,16 +70,18 @@ class VirtualAccount(JMSOrgBaseModel):
|
||||
return account
|
||||
|
||||
@classmethod
|
||||
def get_manual_account(cls, input_username='', input_secret='', from_permed=True):
|
||||
def get_manual_account(cls, input_username='', input_secret='', input_secret_type='', from_permed=True):
|
||||
""" @INPUT 手动登录的账号(any) """
|
||||
from .account import Account
|
||||
if from_permed:
|
||||
username = AliasAccount.INPUT.value
|
||||
secret = ''
|
||||
secret_type = 'password'
|
||||
else:
|
||||
username = input_username
|
||||
secret = input_secret
|
||||
return Account(name=AliasAccount.INPUT.label, username=username, secret=secret)
|
||||
secret_type = input_secret_type or 'password'
|
||||
return Account(name=AliasAccount.INPUT.label, username=username, secret=secret, secret_type=secret_type)
|
||||
|
||||
@classmethod
|
||||
def get_anonymous_account(cls):
|
||||
@@ -87,7 +89,7 @@ class VirtualAccount(JMSOrgBaseModel):
|
||||
return Account(name=AliasAccount.ANON.label, username=AliasAccount.ANON.value, secret=None)
|
||||
|
||||
@classmethod
|
||||
def get_same_account(cls, user, asset, input_secret='', from_permed=True):
|
||||
def get_same_account(cls, user, asset, input_secret='', input_secret_type='', from_permed=True):
|
||||
""" @USER 动态用户的账号(self) """
|
||||
from .account import Account
|
||||
username = user.username
|
||||
@@ -97,11 +99,13 @@ class VirtualAccount(JMSOrgBaseModel):
|
||||
same_account = cls.objects.filter(alias=alias).first()
|
||||
|
||||
secret = ''
|
||||
secret_type = 'password'
|
||||
if same_account and same_account.secret_from_login:
|
||||
secret = user.get_cached_password_if_has()
|
||||
|
||||
if not secret and not from_permed:
|
||||
secret = input_secret
|
||||
account = Account(name=AliasAccount.USER.label, username=username, secret=secret)
|
||||
secret_type = input_secret_type or 'password'
|
||||
account = Account(name=AliasAccount.USER.label, username=username, secret=secret, secret_type=secret_type)
|
||||
account.alias = alias
|
||||
return account
|
||||
|
||||
@@ -438,9 +438,11 @@ class ConnectionTokenViewSet(AuthFaceMixin, ExtraActionApiMixin, RootOrgViewMixi
|
||||
account = self._validate_perm(user, asset, account_alias, protocol)
|
||||
if account.has_secret:
|
||||
data['input_secret'] = ''
|
||||
data['input_secret_type'] = account.secret_type
|
||||
|
||||
if account.username != AliasAccount.INPUT:
|
||||
data['input_username'] = ''
|
||||
data['input_secret_type'] = ''
|
||||
|
||||
ticket = self._validate_acl(user, asset, account, connect_method, protocol)
|
||||
if ticket:
|
||||
|
||||
@@ -44,6 +44,7 @@ class ConnectionToken(JMSOrgBaseModel):
|
||||
account = models.CharField(max_length=128, verbose_name=_("Account name")) # 登录账号Name
|
||||
input_username = models.CharField(max_length=128, default='', blank=True, verbose_name=_("Input username"))
|
||||
input_secret = EncryptTextField(max_length=64, default='', blank=True, verbose_name=_("Input secret"))
|
||||
input_secret_type = models.CharField(max_length=16, default='password', blank=True, verbose_name=_("Input secret type"))
|
||||
protocol = models.CharField(max_length=16, default=Protocol.ssh, verbose_name=_("Protocol"))
|
||||
connect_method = models.CharField(max_length=32, verbose_name=_("Connect method"))
|
||||
connect_options = models.JSONField(default=dict, verbose_name=_("Connect options"))
|
||||
@@ -301,12 +302,14 @@ class ConnectionToken(JMSOrgBaseModel):
|
||||
if self.account.startswith('@'):
|
||||
account = VirtualAccount.get_special_account(
|
||||
self.account, self.user, self.asset, input_username=self.input_username,
|
||||
input_secret=self.input_secret, from_permed=False
|
||||
input_secret=self.input_secret, input_secret_type=self.input_secret_type,
|
||||
from_permed=False
|
||||
)
|
||||
else:
|
||||
account = self.get_asset_accounts_by_alias(self.asset, self.account)
|
||||
if not account.secret and self.input_secret:
|
||||
account.secret = self.input_secret
|
||||
account.secret_type = self.input_secret_type
|
||||
self.set_ad_domain_if_need(account)
|
||||
|
||||
return account
|
||||
|
||||
Reference in New Issue
Block a user