diff --git a/apps/accounts/models/virtual.py b/apps/accounts/models/virtual.py index 10db508b4..66ce04660 100644 --- a/apps/accounts/models/virtual.py +++ b/apps/accounts/models/virtual.py @@ -54,13 +54,13 @@ class VirtualAccount(JMSOrgBaseModel): return cls.objects.all() @classmethod - def get_special_account(cls, alias, user, asset, input_username='', input_secret='', from_permed=True): + def get_special_account(cls, alias, user, asset, input_username='', input_secret='', input_secret_type='', from_permed=True): if alias == AliasAccount.INPUT.value: - account = cls.get_manual_account(input_username, input_secret, from_permed) + account = cls.get_manual_account(input_username, input_secret, input_secret_type, from_permed) elif alias == AliasAccount.ANON.value: account = cls.get_anonymous_account() elif alias == AliasAccount.USER.value: - account = cls.get_same_account(user, asset, input_secret=input_secret, from_permed=from_permed) + account = cls.get_same_account(user, asset, input_secret=input_secret, input_secret_type=input_secret_type, from_permed=from_permed) else: account = cls(name=alias, username=alias, secret=None) account.alias = alias @@ -70,16 +70,18 @@ class VirtualAccount(JMSOrgBaseModel): return account @classmethod - def get_manual_account(cls, input_username='', input_secret='', from_permed=True): + def get_manual_account(cls, input_username='', input_secret='', input_secret_type='', from_permed=True): """ @INPUT 手动登录的账号(any) """ from .account import Account if from_permed: username = AliasAccount.INPUT.value secret = '' + secret_type = 'password' else: username = input_username secret = input_secret - return Account(name=AliasAccount.INPUT.label, username=username, secret=secret) + secret_type = input_secret_type or 'password' + return Account(name=AliasAccount.INPUT.label, username=username, secret=secret, secret_type=secret_type) @classmethod def get_anonymous_account(cls): @@ -87,7 +89,7 @@ class VirtualAccount(JMSOrgBaseModel): return Account(name=AliasAccount.ANON.label, username=AliasAccount.ANON.value, secret=None) @classmethod - def get_same_account(cls, user, asset, input_secret='', from_permed=True): + def get_same_account(cls, user, asset, input_secret='', input_secret_type='', from_permed=True): """ @USER 动态用户的账号(self) """ from .account import Account username = user.username @@ -97,11 +99,13 @@ class VirtualAccount(JMSOrgBaseModel): same_account = cls.objects.filter(alias=alias).first() secret = '' + secret_type = 'password' if same_account and same_account.secret_from_login: secret = user.get_cached_password_if_has() if not secret and not from_permed: secret = input_secret - account = Account(name=AliasAccount.USER.label, username=username, secret=secret) + secret_type = input_secret_type or 'password' + account = Account(name=AliasAccount.USER.label, username=username, secret=secret, secret_type=secret_type) account.alias = alias return account diff --git a/apps/authentication/api/connection_token.py b/apps/authentication/api/connection_token.py index 54a326015..d90e841d2 100644 --- a/apps/authentication/api/connection_token.py +++ b/apps/authentication/api/connection_token.py @@ -438,9 +438,11 @@ class ConnectionTokenViewSet(AuthFaceMixin, ExtraActionApiMixin, RootOrgViewMixi account = self._validate_perm(user, asset, account_alias, protocol) if account.has_secret: data['input_secret'] = '' + data['input_secret_type'] = account.secret_type if account.username != AliasAccount.INPUT: data['input_username'] = '' + data['input_secret_type'] = '' ticket = self._validate_acl(user, asset, account, connect_method, protocol) if ticket: diff --git a/apps/authentication/models/connection_token.py b/apps/authentication/models/connection_token.py index f2bca5550..7dc4eefc6 100644 --- a/apps/authentication/models/connection_token.py +++ b/apps/authentication/models/connection_token.py @@ -44,6 +44,7 @@ class ConnectionToken(JMSOrgBaseModel): account = models.CharField(max_length=128, verbose_name=_("Account name")) # 登录账号Name input_username = models.CharField(max_length=128, default='', blank=True, verbose_name=_("Input username")) input_secret = EncryptTextField(max_length=64, default='', blank=True, verbose_name=_("Input secret")) + input_secret_type = models.CharField(max_length=16, default='password', blank=True, verbose_name=_("Input secret type")) protocol = models.CharField(max_length=16, default=Protocol.ssh, verbose_name=_("Protocol")) connect_method = models.CharField(max_length=32, verbose_name=_("Connect method")) connect_options = models.JSONField(default=dict, verbose_name=_("Connect options")) @@ -301,12 +302,14 @@ class ConnectionToken(JMSOrgBaseModel): if self.account.startswith('@'): account = VirtualAccount.get_special_account( self.account, self.user, self.asset, input_username=self.input_username, - input_secret=self.input_secret, from_permed=False + input_secret=self.input_secret, input_secret_type=self.input_secret_type, + from_permed=False ) else: account = self.get_asset_accounts_by_alias(self.asset, self.account) if not account.secret and self.input_secret: account.secret = self.input_secret + account.secret_type = self.input_secret_type self.set_ad_domain_if_need(account) return account