From be7a93d81a427f78f9092cfe0f49c93dec134932 Mon Sep 17 00:00:00 2001
From: fit2bot <68588906+fit2bot@users.noreply.github.com>
Date: Sun, 17 Jan 2021 15:28:22 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E5=9C=A8=E7=99=BB=E5=BD=95=E9=A1=B5?=
 =?UTF-8?q?=E9=9D=A2=E6=B7=BB=E5=8A=A0CAS/OpenID=E7=AD=89=E7=AC=AC?=
 =?UTF-8?q?=E4=B8=89=E6=96=B9=E7=99=BB=E5=BD=95=E9=93=BE=E6=8E=A5;?=
 =?UTF-8?q?=E4=B8=8D=E5=86=8D=E8=87=AA=E5=8A=A8=E8=B7=B3=E8=BD=AC=E7=99=BB?=
 =?UTF-8?q?=E5=BD=95=E5=9C=B0=E5=9D=80;=E7=BB=9F=E4=B8=80=E5=BC=80?=
 =?UTF-8?q?=E6=BA=90/=E4=BC=81=E4=B8=9A=E7=89=88=E7=99=BB=E5=BD=95?=
 =?UTF-8?q?=E9=A1=B5=E9=9D=A2;=20(#5389)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* feat: 在登录页面添加CAS/OpenID等第三方登录链接;不再自动跳转登录地址;统一开源/企业版登录页面;

* feat: 登录页面<忘记密码>链接，不限制第三方用户; 在忘记密码页面进行判断与限制

* feat: 登录页面<忘记密码>链接，不限制第三方用户; 在忘记密码页面进行判断与限制 (2)

* fix: 调整样式

Co-authored-by: Bai <bugatti_it@163.com>
Co-authored-by: Orange <orangemtony@gmail.com>
---
 .../templates/authentication/login.html       | 249 ++++++++++++------
 .../templates/authentication/xpack_login.html | 179 -------------
 apps/authentication/views/login.py            |  33 +--
 apps/jumpserver/conf.py                       |   3 -
 apps/jumpserver/context_processor.py          |   1 +
 apps/jumpserver/settings/auth.py              |   3 -
 apps/static/img/login_cas_logo.png            | Bin 0 -> 7615 bytes
 apps/templates/_base_only_msg_content.html    |  66 -----
 apps/users/views/profile/reset.py             |  15 +-
 9 files changed, 180 insertions(+), 369 deletions(-)
 delete mode 100644 apps/authentication/templates/authentication/xpack_login.html
 create mode 100644 apps/static/img/login_cas_logo.png
 delete mode 100644 apps/templates/_base_only_msg_content.html

diff --git a/apps/authentication/templates/authentication/login.html b/apps/authentication/templates/authentication/login.html
index 521f3dbd2..e06567aa4 100644
--- a/apps/authentication/templates/authentication/login.html
+++ b/apps/authentication/templates/authentication/login.html
@@ -1,82 +1,179 @@
-{% extends '_base_only_msg_content.html' %}
 {% load static %}
 {% load i18n %}
+<!DOCTYPE html>
+<html>
+<!--/*@thymesVar id="LoginConstants" type="com.fit2cloud.support.common.constants.LoginConstants"*/-->
+<!--/*@thymesVar id="message" type="java.lang.String"*/-->
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+        <link rel="shortcut icon" href="{{ FAVICON_URL }}" type="image/x-icon">
+    <title>
+        {{ JMS_TITLE }}
+    </title>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <!-- Stylesheets -->
+    <link href="{% static 'css/bootstrap.min.css' %}" rel="stylesheet">
+    <link href="{% static 'css/font-awesome.min.css' %}" rel="stylesheet">
+    <link href="{% static 'css/bootstrap-style.css' %}" rel="stylesheet">
+    <link href="{% static 'css/login-style.css' %}" rel="stylesheet">
 
-{% block content_title %}
-    {% trans 'Login' %}
-{% endblock %}
+    <!-- scripts -->
+    <script src="{% static 'js/jquery-3.1.1.min.js' %}"></script>
+    <script src="{% static 'js/plugins/sweetalert/sweetalert.min.js' %}"></script>
+    <script src="{% static 'js/bootstrap.min.js' %}"></script>
+    <script src="{% static 'js/plugins/datatables/datatables.min.js' %}"></script>
 
-{% block content %}
-    <form id="form" class="m-t" role="form" method="post" action="">
-        {% csrf_token %}
-        {% if form.non_field_errors %}
-            <div style="line-height: 17px;">
-                <p class="red-fonts">{{ form.non_field_errors.as_text }}</p>
+    <style>
+
+        .box-1{
+            height: 472px;
+            width: 984px;
+            margin-right: auto;
+            margin-left: auto;
+            margin-top: calc((100vh - 470px)/2);
+
+        }
+        .box-2{
+            height: 100%;
+            width: 50%;
+            float: right;
+        }
+        .box-3{
+            text-align: center;
+            background-color: white;
+            height: 100%;
+            width: 50%;
+        }
+        .captcha {
+            float: right;
+        }
+
+        .red-fonts {
+            color: red;
+        }
+
+        .field-error {
+            text-align: left;
+        }
+
+    </style>
+</head>
+
+<body style="height: 100%;font-size: 13px">
+    <div>
+        <div class="box-1">
+            <div class="box-2">
+                <img src="{{ LOGIN_IMAGE_URL }}" style="height: 100%; width: 100%"/>
             </div>
-        {% elif form.errors.captcha %}
-            <p class="red-fonts">{% trans 'Captcha invalid' %}</p>
-        {% endif %}
-
-        <div class="form-group">
-            <input type="text" class="form-control" name="{{ form.username.html_name }}" placeholder="{% trans 'Username' %}" required="" value="{% if form.username.value %}{{ form.username.value }}{% endif %}">
-            {% if form.errors.username %}
-                <div class="help-block field-error">
-                    <p class="red-fonts">{{ form.errors.username.as_text }}</p>
-                </div>
-            {% endif %}
-        </div>
-        <div class="form-group">
-            <input type="password" class="form-control" id="password" placeholder="{% trans 'Password' %}" required="">
-            <input id="password-hidden" type="text" style="display:none" name="{{ form.password.html_name }}">
-            {% if form.errors.password %}
-                <div class="help-block field-error">
-                    <p class="red-fonts">{{ form.errors.password.as_text }}</p>
-                </div>
-            {% endif %}
-        </div>
-        {% if form.challenge %}
-            <div class="form-group">
-                <input type="challenge" class="form-control" id="challenge" name="{{ form.challenge.html_name }}" placeholder="{% trans 'MFA code' %}" >
-                {% if form.errors.challenge %}
-                    <div class="help-block field-error">
-                        <p class="red-fonts">{{ form.errors.challenge.as_text }}</p>
+            <div class="box-3">
+                <div style="background-color: white">
+                    {% if form.challenge %}
+                        <div style="margin-top: 20px;padding-top: 30px;padding-left: 20px;padding-right: 20px;height: 60px">
+                    {% else %}
+                        <div style="margin-top: 20px;padding-top: 40px;padding-left: 20px;padding-right: 20px;height: 80px">
+                    {% endif %}
+                            <span style="font-size: 21px;font-weight:400;color: #151515;letter-spacing: 0;">{{ JMS_TITLE }}</span>
+                        </div>
+                    <div style="font-size: 12px;color: #999999;letter-spacing: 0;line-height: 18px;margin-top: 18px">
+                        {% trans 'Welcome back, please enter username and password to login' %}
                     </div>
-                {% endif %}
-            </div>
-        {% endif %}
-        <div>
-            {{ form.captcha }}
-        </div>
-        <button type="submit" class="btn btn-primary block full-width m-b" onclick="doLogin();return false;">{% trans 'Login' %}</button>
+                    <div style="margin-bottom: 0px">
+                        <div>
+                            <div class="col-md-1"></div>
+                            <div class="contact-form col-md-10" style="margin-top: 0px;height: 35px">
+                                <form id="contact-form" action="" method="post" role="form" novalidate="novalidate">
+                                    {% csrf_token %}
+                                    {% if form.non_field_errors %}
+                                        {% if form.challenge %}
+                                            <div style="height: 50px;color: red;line-height: 17px;">
+                                        {% else %}
+                                            <div style="height: 70px;color: red;line-height: 17px;">
+                                        {% endif %}
+                                            <p class="red-fonts">{{ form.non_field_errors.as_text }}</p>
+                                        </div>
+                                    {% elif form.errors.captcha %}
+                                        <p class="red-fonts">{% trans 'Captcha invalid' %}</p>
+                                    {% else %}
+                                        <div style="height: 50px"></div>
+                                    {% endif %}
 
-        {% if demo_mode %}
-            <p class="text-muted font-bold" style="color: red">
-                Demo账号: admin 密码: admin
-            </p>
-        {% endif %}
+                                    <div class="form-group">
+                                        <input type="text" class="form-control" name="{{ form.username.html_name }}" placeholder="{% trans 'Username' %}" required="" value="{% if form.username.value %}{{ form.username.value }}{% endif %}" style="height: 35px">
+                                        {% if form.errors.username %}
+                                            <div class="help-block field-error">
+                                                <p class="red-fonts">{{ form.errors.username.as_text }}</p>
+                                            </div>
+                                        {% endif %}
+                                    </div>
+                                    <div class="form-group">
+                                        <input type="password" class="form-control" id="password" placeholder="{% trans 'Password' %}" required="">
+                                        <input id="password-hidden" type="text" style="display:none" name="{{ form.password.html_name }}">
+                                        {% if form.errors.password %}
+                                            <div class="help-block field-error">
+                                                <p class="red-fonts">{{ form.errors.password.as_text }}</p>
+                                            </div>
+                                        {% endif %}
+                                    </div>
+                                    {% if form.challenge %}
+                                        <div class="form-group">
+                                            <input type="challenge" class="form-control" id="challenge" name="{{ form.challenge.html_name }}" placeholder="{% trans 'MFA code' %}" >
+                                            {% if form.errors.challenge %}
+                                                <div class="help-block field-error">
+                                                    <p class="red-fonts">{{ form.errors.challenge.as_text }}</p>
+                                                </div>
+                                            {% endif %}
+                                        </div>
+                                    {% endif %}
+                                    {% if form.captcha %}
+                                    <div class="form-group" style="height: 50px;margin-bottom: 0;font-size: 13px">
+                                        {{ form.captcha }}
+                                    </div>
+                                    {% else %}
+                                    <div class="form-group" style="height: 25px;margin-bottom: 0;font-size: 13px"></div>
+                                    {% endif %}
+                                    <div class="form-group" style="margin-top: 10px">
+                                        <button type="submit" class="btn btn-transparent" onclick="doLogin();return false;">{% trans 'Login' %}</button>
+                                    </div>
 
-        <div class="text-muted text-center">
-            <div>
-                <a id="forgot_password" href="#">
-                    <small>{% trans 'Forgot password' %}?</small>
-                </a>
+                                    <div>
+                                        {% if AUTH_OPENID or AUTH_CAS %}
+                                            <div class="hr-line-dashed"></div>
+                                            <div style="display: inline-block; float: left">
+                                                <b class="text-muted text-left" style="margin-right: 10px">{% trans "More login options" %}</b>
+                                                {% if AUTH_OPENID %}
+                                                    <a href="{% url 'authentication:openid:login' %}">
+                                                        <i class="fa fa-openid"></i> {% trans 'OpenID' %}
+                                                    </a>
+                                                {% endif %}
+                                                {% if AUTH_CAS %}
+                                                    <a href="{% url 'authentication:cas:cas-login' %}">
+                                                        <i class="fa"><img src="{{ LOGIN_CAS_LOGO_URL }}" height="13" width="13"></i> {% trans 'CAS' %}
+                                                    </a>
+                                                {% endif %}
+                                            </div>
+                                            <div class="text-center" style="display: inline-block; float: right">
+                                        {% else %}
+                                            <div class="text-center" style="display: inline-block;">
+                                        {% endif %}
+                                            <a id="forgot_password" href="{% url 'authentication:forgot-password' %}">
+                                                <small>{% trans 'Forgot password' %}?</small>
+                                            </a>
+                                        </div>
+                                    </div>
+                                </form>
+                            </div>
+                            <div class="col-md-1"></div>
+                        </div>
+                    </div>
+                </div>
             </div>
         </div>
+    </div>
+    </div>
 
-        {% if AUTH_OPENID %}
-            <div class="hr-line-dashed"></div>
-            <p class="text-muted text-center">{% trans "More login options" %}</p>
-            <div>
-                <button type="button" class="btn btn-default btn-sm btn-block" onclick="location.href='{% url 'authentication:openid:login' %}'">
-                    <i class="fa fa-openid"></i>
-                    {% trans 'OpenID' %}
-                </button>
-            </div>
-        {% endif %}
-
-    </form>
-    <script type="text/javascript" src="/static/js/plugins/jsencrypt/jsencrypt.min.js"></script>
-    <script>
+</body>
+<script type="text/javascript" src="/static/js/plugins/jsencrypt/jsencrypt.min.js"></script>
+<script>
     function encryptLoginPassword(password, rsaPublicKey){
         var jsencrypt = new JSEncrypt(); //加密对象
         jsencrypt.setPublicKey(rsaPublicKey); // 设置密钥
@@ -88,19 +185,11 @@
         var password =$('#password').val(); //明文密码
         var passwordEncrypted = encryptLoginPassword(password, rsaPublicKey)
         $('#password-hidden').val(passwordEncrypted); //返回给密码输入input
-        $('#form').submit();//post提交
+        $('#contact-form').submit();//post提交
     }
 
-    var authDB = '{{ AUTH_DB }}';
-    var forgotPasswordUrl = "{% url 'authentication:forgot-password' %}";
     $(document).ready(function () {
-    }).on('click', '#forgot_password', function () {
-        if (authDB === 'True'){
-            window.open(forgotPasswordUrl, "_blank")
-        }
-        else{
-            alert("{% trans 'You are using another authentication server, please contact your administrator' %}")
-        }
     })
-    </script>
-{% endblock %}
+</script>
+</html>
+
diff --git a/apps/authentication/templates/authentication/xpack_login.html b/apps/authentication/templates/authentication/xpack_login.html
deleted file mode 100644
index d566ce1f8..000000000
--- a/apps/authentication/templates/authentication/xpack_login.html
+++ /dev/null
@@ -1,179 +0,0 @@
-{% load static %}
-{% load i18n %}
-<!DOCTYPE html>
-<html>
-<!--/*@thymesVar id="LoginConstants" type="com.fit2cloud.support.common.constants.LoginConstants"*/-->
-<!--/*@thymesVar id="message" type="java.lang.String"*/-->
-<head>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-        <link rel="shortcut icon" href="{{ FAVICON_URL }}" type="image/x-icon">
-    <title>
-        {{ JMS_TITLE }}
-    </title>
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <!-- Stylesheets -->
-    <link href="{% static 'css/bootstrap.min.css' %}" rel="stylesheet">
-    <link href="{% static 'css/font-awesome.min.css' %}" rel="stylesheet">
-    <link href="{% static 'css/bootstrap-style.css' %}" rel="stylesheet">
-    <link href="{% static 'css/login-style.css' %}" rel="stylesheet">
-
-    <!-- scripts -->
-    <script src="{% static 'js/jquery-3.1.1.min.js' %}"></script>
-    <script src="{% static 'js/plugins/sweetalert/sweetalert.min.js' %}"></script>
-    <script src="{% static 'js/bootstrap.min.js' %}"></script>
-    <script src="{% static 'js/plugins/datatables/datatables.min.js' %}"></script>
-
-    <style>
-
-        .box-1{
-            height: 472px;
-            width: 984px;
-            margin-right: auto;
-            margin-left: auto;
-            margin-top: calc((100vh - 470px)/2);
-
-        }
-        .box-2{
-            height: 100%;
-            width: 50%;
-            float: right;
-        }
-        .box-3{
-            text-align: center;
-            background-color: white;
-            height: 100%;
-            width: 50%;
-        }
-        .captcha {
-            float: right;
-        }
-
-        .red-fonts {
-            color: red;
-        }
-
-        .field-error {
-            text-align: left;
-        }
-
-    </style>
-</head>
-
-<body style="height: 100%;font-size: 13px">
-    <div>
-        <div class="box-1">
-            <div class="box-2">
-                <img src="{{ LOGIN_IMAGE_URL }}" style="height: 100%; width: 100%"/>
-            </div>
-            <div class="box-3">
-                <div style="background-color: white">
-                    {% if form.challenge %}
-                        <div style="margin-top: 20px;padding-top: 30px;padding-left: 20px;padding-right: 20px;height: 60px">
-                    {% else %}
-                        <div style="margin-top: 20px;padding-top: 40px;padding-left: 20px;padding-right: 20px;height: 80px">
-                    {% endif %}
-                            <span style="font-size: 21px;font-weight:400;color: #151515;letter-spacing: 0;">{{ JMS_TITLE }}</span>
-                        </div>
-                    <div style="font-size: 12px;color: #999999;letter-spacing: 0;line-height: 18px;margin-top: 18px">
-                        {% trans 'Welcome back, please enter username and password to login' %}
-                    </div>
-                    <div style="margin-bottom: 0px">
-                        <div>
-                            <div class="col-md-1"></div>
-                            <div class="contact-form col-md-10" style="margin-top: 0px;height: 35px">
-                                <form id="contact-form" action="" method="post" role="form" novalidate="novalidate">
-                                    {% csrf_token %}
-                                    {% if form.non_field_errors %}
-                                        {% if form.challenge %}
-                                            <div style="height: 50px;color: red;line-height: 17px;">
-                                        {% else %}
-                                            <div style="height: 70px;color: red;line-height: 17px;">
-                                        {% endif %}
-                                            <p class="red-fonts">{{ form.non_field_errors.as_text }}</p>
-                                        </div>
-                                    {% elif form.errors.captcha %}
-                                        <p class="red-fonts">{% trans 'Captcha invalid' %}</p>
-                                    {% else %}
-                                        <div style="height: 50px"></div>
-                                    {% endif %}
-
-                                    <div class="form-group">
-                                        <input type="text" class="form-control" name="{{ form.username.html_name }}" placeholder="{% trans 'Username' %}" required="" value="{% if form.username.value %}{{ form.username.value }}{% endif %}" style="height: 35px">
-                                        {% if form.errors.username %}
-                                            <div class="help-block field-error">
-                                                <p class="red-fonts">{{ form.errors.username.as_text }}</p>
-                                            </div>
-                                        {% endif %}
-                                    </div>
-                                    <div class="form-group">
-                                        <input type="password" class="form-control" id="password" placeholder="{% trans 'Password' %}" required="">
-                                        <input id="password-hidden" type="text" style="display:none" name="{{ form.password.html_name }}">
-                                        {% if form.errors.password %}
-                                            <div class="help-block field-error">
-                                                <p class="red-fonts">{{ form.errors.password.as_text }}</p>
-                                            </div>
-                                        {% endif %}
-                                    </div>
-                                    {% if form.challenge %}
-                                        <div class="form-group">
-                                            <input type="challenge" class="form-control" id="challenge" name="{{ form.challenge.html_name }}" placeholder="{% trans 'MFA code' %}" >
-                                            {% if form.errors.challenge %}
-                                                <div class="help-block field-error">
-                                                    <p class="red-fonts">{{ form.errors.challenge.as_text }}</p>
-                                                </div>
-                                            {% endif %}
-                                        </div>
-                                    {% endif %}
-                                    <div class="form-group" style="height: 50px;margin-bottom: 0;font-size: 13px">
-                                        {{ form.captcha }}
-                                    </div>
-                                    <div class="form-group" style="margin-top: 10px">
-                                        <button type="submit" class="btn btn-transparent" onclick="doLogin();return false;">{% trans 'Login' %}</button>
-                                    </div>
-                                    <div style="text-align: center">
-                                        <a id="forgot_password" href="#">
-                                            <small>{% trans 'Forgot password' %}?</small>
-                                        </a>
-                                    </div>
-                                </form>
-                            </div>
-                            <div class="col-md-1"></div>
-                        </div>
-                    </div>
-                </div>
-            </div>
-        </div>
-    </div>
-    </div>
-
-</body>
-<script type="text/javascript" src="/static/js/plugins/jsencrypt/jsencrypt.min.js"></script>
-<script>
-    function encryptLoginPassword(password, rsaPublicKey){
-        var jsencrypt = new JSEncrypt(); //加密对象
-        jsencrypt.setPublicKey(rsaPublicKey); // 设置密钥
-        return jsencrypt.encrypt(password); //加密
-    }
-    function doLogin() {
-        //公钥加密
-        var rsaPublicKey = "{{ rsa_public_key }}"
-        var password =$('#password').val(); //明文密码
-        var passwordEncrypted = encryptLoginPassword(password, rsaPublicKey)
-        $('#password-hidden').val(passwordEncrypted); //返回给密码输入input
-        $('#contact-form').submit();//post提交
-    }
-
-    var authDB = '{{ AUTH_DB }}';
-    var forgotPasswordUrl = "{% url 'authentication:forgot-password' %}";
-    $(document).ready(function () {
-    }).on('click', '#forgot_password', function () {
-        if (authDB === 'True'){
-            window.open(forgotPasswordUrl, "_blank")
-        }
-        else{
-            alert("{% trans 'You are using another authentication server, please contact your administrator' %}")
-        }
-    })
-</script>
-</html>
-
diff --git a/apps/authentication/views/login.py b/apps/authentication/views/login.py
index 48bb16fba..7d7f1e8da 100644
--- a/apps/authentication/views/login.py
+++ b/apps/authentication/views/login.py
@@ -41,42 +41,13 @@ __all__ = [
 class UserLoginView(mixins.AuthMixin, FormView):
     key_prefix_captcha = "_LOGIN_INVALID_{}"
     redirect_field_name = 'next'
-
-    def get_template_names(self):
-        template_name = 'authentication/login.html'
-        if not settings.XPACK_ENABLED:
-            return template_name
-
-        from xpack.plugins.license.models import License
-        if not License.has_valid_license():
-            return template_name
-
-        template_name = 'authentication/xpack_login.html'
-        return template_name
-
-    def get_redirect_url_if_need(self, request):
-        redirect_url = ''
-        # show jumpserver login page if request http://{JUMP-SERVER}/?admin=1
-        if self.request.GET.get("admin", 0):
-            return None
-        if settings.AUTH_OPENID:
-            redirect_url = reverse(settings.AUTH_OPENID_AUTH_LOGIN_URL_NAME)
-        elif settings.AUTH_CAS:
-            redirect_url = reverse(settings.CAS_LOGIN_URL_NAME)
-
-        if redirect_url:
-            query_string = request.GET.urlencode()
-            redirect_url = "{}?{}".format(redirect_url, query_string)
-        return redirect_url
+    template_name = 'authentication/login.html'
 
     def get(self, request, *args, **kwargs):
         if request.user.is_staff:
             return redirect(redirect_user_first_login_or_index(
                 request, self.redirect_field_name)
             )
-        redirect_url = self.get_redirect_url_if_need(request)
-        if redirect_url:
-            return redirect(redirect_url)
         request.session.set_test_cookie()
         return super().get(request, *args, **kwargs)
 
@@ -131,8 +102,8 @@ class UserLoginView(mixins.AuthMixin, FormView):
         context = {
             'demo_mode': os.environ.get("DEMO_MODE"),
             'AUTH_OPENID': settings.AUTH_OPENID,
+            'AUTH_CAS': settings.AUTH_CAS,
             'rsa_public_key': rsa_public_key,
-            'AUTH_DB': settings.AUTH_DB
         }
         kwargs.update(context)
         return super().get_context_data(**kwargs)
diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py
index 4d8b7c0ce..602916cb6 100644
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -461,9 +461,6 @@ class DynamicConfig:
             backends.insert(0, 'authentication.backends.api.SSOAuthentication')
         return backends
 
-    def AUTH_DB(self):
-        return len(self.AUTHENTICATION_BACKENDS()) == 2
-
     def XPACK_LICENSE_IS_VALID(self):
         if not HAS_XPACK:
             return False
diff --git a/apps/jumpserver/context_processor.py b/apps/jumpserver/context_processor.py
index cf0ea559d..7fdc7eab2 100644
--- a/apps/jumpserver/context_processor.py
+++ b/apps/jumpserver/context_processor.py
@@ -13,6 +13,7 @@ def jumpserver_processor(request):
         'LOGO_TEXT_URL': static('img/logo_text.png'),
         'LOGIN_IMAGE_URL': static('img/login_image.png'),
         'FAVICON_URL': static('img/facio.ico'),
+        'LOGIN_CAS_LOGO_URL': static('img/login_cas_logo.png'),
         'JMS_TITLE': 'JumpServer',
         'VERSION': settings.VERSION,
         'COPYRIGHT': 'FIT2CLOUD 飞致云' + ' © 2014-2020',
diff --git a/apps/jumpserver/settings/auth.py b/apps/jumpserver/settings/auth.py
index 9f91cdb1d..4430aae2f 100644
--- a/apps/jumpserver/settings/auth.py
+++ b/apps/jumpserver/settings/auth.py
@@ -9,9 +9,6 @@ from ..const import CONFIG, DYNAMIC, PROJECT_DIR
 OTP_ISSUER_NAME = CONFIG.OTP_ISSUER_NAME
 OTP_VALID_WINDOW = CONFIG.OTP_VALID_WINDOW
 
-# Auth DB
-AUTH_DB = DYNAMIC.AUTH_DB
-
 # Auth LDAP settings
 AUTH_LDAP = DYNAMIC.AUTH_LDAP
 AUTH_LDAP_SERVER_URI = DYNAMIC.AUTH_LDAP_SERVER_URI
diff --git a/apps/static/img/login_cas_logo.png b/apps/static/img/login_cas_logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..c6288af5b3fca0509421ea4fad7c5c9f09541161
GIT binary patch
literal 7615
zcmY*eWk6Kl)81Vg>G;vGQc@C2N-nZ2At2o)DIHRhOS+_lba!`yASn&fjf8ZkAmO|I
zzr7#sy&s-A=ggg%b7syw;i@Wf__)-#0001AK^~@#`VRhkurX2ZO5Lg~0Dvw`0Vb{K
zWqh3JlR+!nI1o@=>?1U?b#WFH8+$a$j36XRv<^WJVpAjKeIK+LnG7<6NTi>gxr8Ed
zfpz@#&%r$1k+<?^vOky+U(xwnkvbUUN)Y~ZD3K<%@w@tI3BQwKE8&z7i{^3$ehGfT
zY{I{>A5^p+4}6=;%FD~K4~ofDagQ{C>Pu`GUqE6yP+(r23_EWW2$v|4UJ;0a90nF5
zgfV8YH<g9AXIXLCpi2e$TKpaCIe_z`^b1>33^K68)MQ!e8ks7>Yg+kZV>k#mR%rkI
ztdbK-`0IYr*CiMbLq6TD!L~>kCA{XQVeF8H02L^U>I+V%qt<b13*DNne|M_lcgg+u
zfxuTN1Ei^`hZ3!ez_4dH)$?Stt5pEJ#dQ9odiw&Wq31bQ^K>{C8n=3Af+`fq_*@%Y
zBwVp7+^Ls7+GRnc3_2Sp-X!2P#~@A`us5##Xk5k<>s<n_Lh08MKa?G}*6vSIHg170
zo{9sCP+=hci?_KAqQ2jrr~m#S!y#$LK2MAi4T)u>Yu)TtaR~Xr+PyIZb_-R-1JvQ@
zb{|#z5ZGD^yjl?4_%hw8Mh=#~@@s0a#ybBc&Gw#zQVxSyTNHDP2W;F88#!L}@WI<X
zx(t}&`_e0fGKV;8NE|2K*!mDPZ>pM4(n7C!$&VH6hKz1bwjwFrREe9RAGo#~UARQa
znPRqTuk;$dAOb)chyHzNauqROzB|}D6t4RUF%H@}`rC}u<eHjQMI2T5IIgrrc78N<
z4q2xr8<1^#QOG&)8`wbWOy4+q{`pONb9gYwqC7^Z&Tb7~IlC`vsBd#4?Wz9d1!5Ab
z#}y<+R4y9&)JiJUAlq&vP*(}uKU(B1QoOO41JhUZH|!sC3)o>LVD;5Mqa`~sGT~VN
z%2eU;{wii^!5ASv*!I-knfsf#5$kXWa7euO5CEx(hjMlk@V(=Z7Nc5Ur8W}Alz4Mg
z0XRbzxx52QbXF$C8_>sk`5!+&>SGP;vn6FE<!zf(5Z3e$q~xUgp(vK1+n6u9-`cq)
zuvt2qf_t_xSt2ae^Wy|9WA+AGh<LL$HT7nw5=;Ix&2KYCD7F7hTer=0dtR(Ap152{
zqULsDqFU|!*<Dp~;eq?ul3#R-2PCBk1fo28xy=y72b|!q0l~f%*}A(I`uL8#WNAhR
z!yQ-Sl$OY%`3jo`a28lXd}9d|LVW0Ud<0#!wWmn4;t6=8f+sb^BLveFVK0L3B&5IJ
z&_^;bP0^P@$jkIC1$Sr{uHFod;S6dW-XJ~SYozdElstNt{8quAxtsuKL*5m3d|a<>
zQ<ie=7aqVF;Gfn66+vnOaw;##qW)s`beL8mQnYKVKHo<d^WuBhQbRZAt3J{Um<h6B
zGv~a&B}2;z;LAuvub8>I?L{*YS?9q&nb1Fncb+<1?J@(OAxQI7Ul8G%`bRbBJ`dB)
z4HyS1pO3w91M2ng`I+y-qHRXxU6hzb)6S*L8i#;VrcSScmkH@iYSo!qjK6!*w;q;Y
zbIuT3!h3mGPA3oFtu!xgj&8UAM?>J{Pz<zVO*K>=2;um>(!#N*(KSnoRjeY=G?|Al
zfvjTAyDw1;4Lqqb%Rl^8?3-`>NSt%v0&6T?81gs6*d2L`t&3Cz53u36eKw*ov=4}*
zCO~Grd<%0}`jvs~E=|~}RsedDuJWwCL6l?oxY?3hsR<%VCZE-|G?=Uug^&7zQi_B2
za<DZo$j$s`h&3Reo_P$MU>LTXexuf^{)6VaTJIDgHp_l=MuzB@KTm=S`j@+A6BEv(
zA5ZFP@mx*NO(z+=?6U>uC|j&|$V~8@fB%gy!Lrsm1E(BgNAI8(QNKSx8;qv$<ohF>
zJqCLb*ZU&q{qH!A|1Q3L)AsqG?4^tClsYu~JbB)Cqkj8wt3(C8KjvMHmq&Py;zl`G
zUpA(`P0_Gq$pd&v@Z^)S8HPJpVi##NOX-Ib@>b|!75&l)`wAeyp-D>?t02x$R8#q%
z!B@|~|HQ&tMHR%q0cOq|cmb7`I}=N(zhvI+({X^ko7_Oe)NUMD-vH~KONuxRTH37V
z%QZ0j=9YFYZ|{b&{1~7)W4$hXhl#on$X~<;H7tKiNc2wYSh>o9jMvGnq__Iewy`C5
zvVDWCMnVmMw$2Q2D$_|I2lsNm^hlD#HLE?ZR^`(ODA5@xarLO^;*OmA+*Cde3*#pS
z1C>gaP07H^H@#Lp>%on^Yzt=Wya_7>@q%r*NT=VQ;7Q?1BHVkcGq^<G6U;&Y9|DOC
zw1$}b{9jz#y~e<lQmyZUT)^Hh@k!g)*~>wnq;s?yDP(hkjP}{q^B#>IdVE#2=%s=A
z&2D(KNQ(YOEPue1*o!4>qE2I_%%$^kL0OU?i|spzGSc)xO&UFPuFY@60S;(LOI8^p
zS9&!YOColRD8ukoO?luZoW*k56?LpO9jXfkH5kU++s1-mz)j9T{Z&0+9>C_B_V=tL
z1`^b#18QumM?q5uuTIMSaEUOG)#$eF)+nf8_QQ(KJsB96$OLERU>pU>m+!Vz->^f;
zz?~!|vzg>z+*s`i7n5TR1RK<sMYUXv69rXfZFMdc1Jn?=iaFYz+9*h0V!*HQEo#;C
zL}=wn1qy2LMk$p2{}dXg{mjGBQ3w&cb6ZH%L5=DeukG5JCt#Ylp(0*2Qh3ox;srFo
z(ENvtR<D~!+Lc@{K!{>Uy2J056j|NX&M@%d|3il>*SEO6ygixLp0A7ex3703r7B^W
z<bZzRr<G|a_sG`+%(ypnea-La>A&)M%6)Uvv$_ZZC@!&vP)pBXlenpblDwTr41ldq
zhvARkHYF-#ky@ZqE^aLNlKqP=yz{|`H=sw$xk#)+X>+>D-iY#_LAa+1Tv*{vUi`@M
z#ENc0F8(_gg>1UCe+H5MrN+h=WnW7HtG5j1KO?>0?&BJLVKC?E<MYn}P6VNw3=@e}
zX6q!2>*!q7l<niV2Pz*>5KIV5rg{Fda0Kbn`YDLMPQd5C9ok!A!cN<WZMZ<==pnrD
z%>K%E-^`5bO!c*NwYK&3L}pEQ@TrQ?40awIrSFgq7n4B-ex5O*w106Nza3b@*szFt
z@1HMl1aiM(^4Il$kanwYklL`By3$KrG|&EW<GzuD@=%L>g0u4G-38UCZ}BJfVW@qQ
zWsJ{Ca5X2zKb^JmLM+K9lC60!KTGrl1a{Zk^Is#eOy;@&#m}Jy&XVdxauLZi1mQlk
z@Ymv#_0npo56ff07%F0j_6u-&q)*xD-clz47mT>+4XDp1f&A{x8QH>i|K>K>xjln;
zN5}=r+Z+7U5yFe}@Mc+Ugw0Kqcl-+&K~M3!{>wwccg5a>*hW)8+6)`_7vGqUcYCG(
zMOd7qYZYC`;eeQmmQwi|$F5$z<WER~u=m;JHY(}?;A>ImE*&fMqpu@**ZGyU_%WVu
zKCz}~i>4;uJnNDMs#`-hTc;B7eA&Wo8^(50u7OwYu4D`so0BKm*K^D*IY+t*n^Ldp
zu3=3jbW5Dj1MESM<z^j&Gzp2pX!k%1*bixL&S=QZFH5kff{*|yck}enU7f%5KT&jK
z9OoM7$4z#yq=jDQwDY8YHRfWeT126Bq$la5+oC9OO^z8WPvZ5nC1W6o5crLVqdnJO
zVZ^lO%t!Qxym%EQG-9mP*60}PUy4!-dhMSoX_%ZW<E`=!d4_cmAvlAHem?zTnPOD8
zUCx<fFwe#PzEL)2n5sLkYvD2=WB>VDbW*DL&tMZaZrs>dz`s)F`&^k6;8sLOV!-!P
zq5_7;0-_uu1A$x=9(Kn{1${cB<IKDQY01A-V;ZCh!QTunjWIko#bRE&>6EG4WxSr(
zs5=q-z+_;Eo#$v{vcsay+SqGT;#L8mL+zs}Y)C`K;r4TWyHtfc^k=;6U&A7Hhjn;$
z|5O-ao-|=eCDNVgd+7TA)1~xLa4gx?RGuMRVcki4bSAm?;EH$ip!Fgd`vIS@_OxC!
zGgZXtfs@`>##0Ruf-R39Z+ORwkm6iU7`-AFOE`;nu9LlM5_T=bL(tzruSzg>^LaIR
z2JhzvWPl_Pu*~JfY0%*65Mp_*co~wg_@^MKSv|^k-<Q`h_V>;UGbM)A427g^zr)>J
zKq(ry<p`qu^Ki5f9WS8iDCSS5b6}#1f4M*VMkjNA@fFqkmer1d!=wO48ivx*XMaJo
zgzn4VWr6C1P#D$xgZq5TWWYRcaRT9V@&na~Qh0K7++F_%KYps1<Wq>EX@-?${I^IY
z^RQCX5o?S<x_W2-99SQF)9uvq)2z?%xpKN*>a_bjGR&P9x&5ce#<_3Yu#^E9V2RIP
z@oFgOi#b{}IrthKy{qIf!bmGU2_&Lk_7mqwWc<q3>S3br0VFhc>37Of)ji2h<xR?O
zwSY>V@&5RNI*1u6A~i#C1Ak7^XYy;@i}%%hlLBIyUaC_(L?0wf{0aG<iQFXNiLCRE
zl~|FCusl*bR{h&DdGbu(Zk%g6(bvBi{&)5hm}Z4a`mX*@715z~YyEtFR6uhJCgMq(
zM7PZsb^dBKItT%5BDIRFLot=$`Y(Zx%n9!#0*iG<XBe0t#Z%{-#(7VGljw_pK9T%*
z1%Hz{9*!H_SWJ+5a6$8}ziSOy&fi$22y202QHLC#9(@HV_Di)^_pP!YeGQ5pCR9+7
zWyKf$Rcl3$>`-bvB%5T`OTQExv!R*T(SpB%X0<leWAx2xQxlmVQAIGG9ECIO@%TGC
z&fV7|v;iGoO&Y|>z{G$8%<$byn|;3W?4qqmBOa_Y{mAU4u^JC@=L|4Sa_Y`fYRIR`
z7j-P5PSt>LY;YbmyvmoLt6APt?DA2&LiA<LY7KvK-{t^)t9=1shll1{tEY%e1;KuL
zh_EOplo1^jpS~_ax=%4tOGz&LAIs8J7>3{zN&YbAZ!g1AzNrlr6g0Pg*35=KwS$<=
z5XghQ)+rWr!|msMzCTZFe+_#A9u)5CY;rAGcZTj|mr*e+4Gp7T;j!+qq@UUq8d1tR
z?w+`u^F>rOkM@Nc4@b4V^#R12+|zF^m^+I0df&|wj7k-3eiyP&_p0(04CaaF{^V7g
zsNyI6ePS@NZz%MGg>RU>1loRX#h*6A8_kskI~^U9R}ihwjnkz5blMo~6<v%cC9>NV
zjl;6SmV0RuO#$P96K%DXpQ7Vl8e=i;e;Y?{D>7r{_Rx^4*5O7wlPLV4@eRJ{c2o7L
z%fn44Iq19DmnCsAHQe&5Tu{)mVt$m)kJGXXrB4Q_eNIM;b3=oJ$&MH@-b*m&PHnyc
zLNVp(4}K;rB2&c_kS*(`)Rf7H-H#6Y+Dr!i!pLmr>9INby*|C6F-QB3g^*{1>p;^@
ziS8^Wtr#4Jn&}~Orp4L&pV5X2_Vc$X_N~2{4&}SU6vVf-iz$6A%@@N`R_hl`#tGLB
ztoPkCHS1Qv+pHr>C*)Sk2f)GX6}onYj?W2A*wwplq*%fp)Va@TIWzSe+_9)zHz@#1
zJAYdbOm|H5?0qR$%}rb_fA+!QRkt>Xl@+-Q>k*~Sm!m~<Xt5?B5tjlu@1(4UsLQdu
z2mamf?$W##?<2pdZT^6{;R0Kp=h24ew1}@?V;`b(4~xT^8fDwmHbnRCF2v0`zss@{
z>RMfNa36`M&!7>xjGa+2&Bg|za!rO{yixB{hjs57rk-c;uWFK<rEX#^UOW0K!=hq=
zPbzeKC$5bPle~T)F5QX5B%<{l`Gr$GtErJ(+A2E(ENH|$NMK$$x?()W$YpJBaJ(8z
zM<*&9$Q3{pO#@srl{u8p*Wmcj)+f*?;V<mC(!a;x{P94Nr(smHghxRJi#dxka~vV!
z;M>PQENQIp!e}vul8ZSwCiIZN)of`3@Rg;2(e@qHg1n|gzv5fx#xznZqXR0jEFQlo
zs;W-&=j-O={CB;)hZLgVO-<t7y}!xnaF~CZ;0$(tvlk`pxzg*cm4=bvv60awH?isM
z1D5hnw{h-qDaPG(qMpz0W0KE+#6B6!+#e>RZ(E+84YYVG%nTaO)o+KxxZv@ApsE2Y
zkBohf-?#T@F*JA1nUUEvb_V1+^ILqE5U~VNmLvEq1`(5iI0a0&-41V}X>`W@#Gb}Z
z&}|Bdu$a%W&3olL4E0p}^FBLg*vW#nl;x~a8>_eCgApKZ(G_$?nv^QaI10z2YR@kg
zS)FXi236cezahvr-dFkfifr6zGVV;+wf`r;ttEXpq@&;B4c!3<$u>Hec#5^KnkIPu
zQCrkKfhIT4l&PMmcKVN~$n=3q+s9Y`g|cE9V=<XL(54u!4XAu;7!A4FE->aW5{CYY
z*>|c^E4aY|8;FvkS7WhcIHf8i4{a2t=btk1d-Lv%G^O5JN$6_{LotPO-U)WKm4^u~
zvOxqC{pr{HtCpJkk#V(<p^PtYBdOlR&<jz@&D)vVtpce2aHgZRb}SU#!HFl~5+)gP
zN{&qm2r830{vl2SuAhbJsM&MIh0o{6V`H)!NoilQs<66whFB#$xzBzmtR~?-()KWG
z%Zpd=)e=qDAMGAYQX*Pe>%WNK(fmwsuT)pbQpE|*TlcCG$Oblt*WyI6kGWd>o$Dd^
z%}2&(WH7}1>zl5<gvc6BkjSZ5-^6p+G|sJlzmoSI?NYs~I~MwU#p*n-ZN7YuawXMm
zsROHZOKo)87=cu=rLn!`FUgT;{q~@;&sm(0Aqc|uD4nK?gUOcnJ(1kUXnf^T;Kpg0
z;SV@R{&qeIDvh=iMt2uurjpHb22oB1slQ$YUKu7}#bxLRN?+RZ*Ve3!IbwtNjHch!
zbW%t48Va@86zd0<8x)Gk5~8G$%TGoJlQUNECT77#(8llo7Ui%!pxGhb(ZIf5pJ1yj
zTZJn*gA_%T%DzFLq(lYp)`ZFCEPOPJJ)Ux}T92Z8?H^-Fska$EK9*F1s0*13F%%-l
zwCb2TR8Kt{69$5C7$|CD>F^m!)DTu$aFwJCy`f=A;h1j+c{g3jG7f$P@(fUFP=B;^
zmjRYWGiEit|IwP1+A`~-!#?57nX@~hfxH8jy3&X=E~!t1p=~;pVZ;`7bW}>pCJtBZ
zQPC`J0+5>|f_8f|9O?+KRNHV&-F#9}D>bdxZk9^`3{=@e#Y+&+*0!Nhj=CuNm0{>c
zb;K$-#uJ&O&Zz;JO!P6n^Qp_iO>N0vLBoplH$4iXzNBpSn<w}daV}R`H4D3L7Xy+y
zT*d5ChfYcwBuFN}29deek#EBH^6NmQ)+BoUJ&nS3{nub>P7PfCpO)6@j^n-YIEN!b
zu80{p2~TgGbA?%+ps?OqA=34x60v-l(#(!jt(h7M?|eom0%ZnvkFxMRE->9=Q!*_Z
zf7%b8Rq7e*9;nMre3Zw%vfmRBxc>|2gF{yT{G{?4_dh!4=E@{*#Ylb+Vw`DjYse-Z
zxP-j^yPP!9IQqr=?WVH$TjTSr&gS|Z@$LS_GSdLVjE8cHpEZ7Y&ycqs1=g#%6*d89
zjG*AB5g}5O-<##WzsU9m$=|v_H*cBt8D5Qxajb4-fAOeDkSPEXQ}0RiD-=vJ(O<WW
z)jhqUp`hEjsL=Ub*if5()O77oq)qU)sa@k+M4fLO77R&odhA0ZHqIb{qu@m;R9x9w
z`qSq^M@3AlYcP=l$W?!ScC9;Bcd$T)xD5+AXB05BFI@h;QVM=GkHur%(KFV;BgWCJ
zw@&2lL=83m6p|_Td@al8E}WE4sKeVu({cKGDg=Iy=ZDXcbqrUS4?Tm#c^L8^=h|^V
zo2V81@zzcE38)_u&Uh)4b*<EWDXRUs$&uD0PVUHWDqS|*Moq##VFJeuRzdmu@Yt6T
zgpvtoB!tV9O(C~05RuD|0y53v+*L75KgjWpPUox*#QreZ2$V0bzt@Mt`o%5|2`t`s
zjHVn^PTLwc4^Upx+)2lLZu@j1+AyL|ThDYpyX*0uNSi3*725u}-Ro*+Yz%=_GCLZ4
zZu7B)_G*ezia$S!@V-C5{VtF4*K*qk{03RqogW)_X*ggF3*M!61Um_&ww5w@Ybyvm
zoP6tfcTyYw&mn60;a(T?4|q%SCC}SJ7gO!5zelbvDnHucKw*S^K8nS4Va5ReDp|Y3
zN#<BJG~KrZJDP0?S!)$?(M3tX0!#%|e>F<CTBK^G_=kgF8oHn@(j0~}`zrAY{jE=(
z?~NYY$x94*<>$5e0#-ceTcGTS#{TytKT4h_O*qw*{V{a=eEhrAr(nf^F!uS!=&a4%
zoJmkK78Bt#=gU`V=t8!D^z}0qZO_XUY*rc55fCGc*Y)r-dYKNIh&22Q-9i%ZsmQX(
z&=_`5-w?a{iCgQjuA028TT~LgkGpBq<?|=Q?XXZM8>nsB+F;nE$$zmaom#995tNa=
zonO~HB|J&MNr&l0xwfERCsl(RobmOdq!e4?bv<QHWSdQrV1pvVyD97Svsv)ceDxXZ
z>axt7r^<>|pg%cMhN<)xZR78m{SHO0+OqwFJq^@Wqbjt&mnfeHB(loGEc5i!I`8nv
zZF3&j|4d-CWTnkTE26NQYyHemSrEaHH>}e%U5w^{F_?4|x%)?Q=*SQ^=qOG=?9Dn&
zxY@kc)K*^Y*TwcC8EXlA)wC43`=Xe0ImY9%h{bE8pS5XRPy>+qVZOc1gvf?ECO1yW
z#2*~DOw6se|J}3uzYv%sOPOOaw~VI7#hk&W(xEO|?eydGod`UZ;4A~rjIae3ysZCV
zuYq2Hi+4%U3(<qj;`E}=O-O4K0Mz5ww@Y8|yt~oc2Bh5s9by7BJB2E@CT|e-`-)6D
zqJ*$y#49S;Z^$HEWH!AQlO>BMyZb1E?#D10R1<Uwx@PY({SVbG%ge2|?xhsdCXXE@
z0Fe;qW8&VjF6X9$Xw<mPR~Pc#gak+^Mg}u|#0-0p|LxB%1U;S9PGHPFS$)n2EJ_m|
zv`!5P+}dw?zMVguL<6!IEKP$mFls3I2yl4s=q*eG9awcRDeGBYvqQu7;SvTXtY*N7
zQ_mL$5sQ%Psod3*8=052FZ(b9B1(kJ&><MKWfPI34PE2RY5oS@x&j<fxN4L6Mq6-(
zu04HMHhvT7o)#h*(r~(HHSZ@DQMvnPP0o27@Se4+9n<h>Ouy0lxNGG+07uBtPF4fa
za`aZhAWNQ_8*o`{*fy9F-l5d&_>s5jB_&`}@|wvqsHKjjEtqb_)S9Fm)$wSJ1HmA`
zJ|iFJj0vCCym!Cy`byM&8VJ1_h)izJjeay79=p9ZOe;g3C@A`f%+{w~xAUQ!aw`b%
zGux|T=*)4`51!~OBba$B%ZAb5rHX-^Ac(OZDdu~XO?V^`GV$kOIWs_^!pH>GA*C`q
z*i}O@YH}M*o{`q`enH{ffV~C8Yj3>X&%~GbiKDk-5}2xv1}JI`M}#iQ@Q${NIER+r
zd5^f~oD|^^+$JTdJ4+7kKDhH1U^0-T>DvWi-|N?EnYQ&0Gk4OdYb=RYfS7-sFf8c@
zaAOZ(>62}}V?0jsSP7ypiD5$5K+Gr{dv!YfSI-3h^81eKqLZ3(zlue2i_Mb))k8Hz
zk`<u((H@vN*}bC-@!_13ml#I|oclOZapxLMPbf<4c6y?|*^9s0Mm&>hQ|yb3C&``y
z<I0vugHp%c4Ob(N90ro-F34rhC-StI!w)@VVwMr&xJmhUFe{-=IE6%$tok1z$UzZi
zg5t|w+OxK@N1bsLeMK>VAIHAP(V%|YCVyO8IT6J{GFGQvyl47HEzT^Km0qC6{Swrm
zcPK#7hS8!1f?CEXGk&!i&W}c^)u3iwUNp>^1Bjbf`q&Wnk9|C_pVj<`8hw$*{#i&J
z3Y>yxR;F=OBS0`?{_ROPYPzM8dM%A@lurlkio}=X1OH-;k-zhMq}<C!5widVSru5-
IYtx|r1DUB~;{X5v

literal 0
HcmV?d00001

diff --git a/apps/templates/_base_only_msg_content.html b/apps/templates/_base_only_msg_content.html
deleted file mode 100644
index 6d1e781eb..000000000
--- a/apps/templates/_base_only_msg_content.html
+++ /dev/null
@@ -1,66 +0,0 @@
-{% load static %}
-{% load i18n %}
-<!DOCTYPE html>
-<html>
-
-<head>
-    <meta charset="utf-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>JumpServer</title>
-    <link rel="shortcut icon" href="{{ FAVICON_URL }}" type="image/x-icon">
-    {% include '_head_css_js.html' %}
-    <link href="{% static "css/jumpserver.css" %}" rel="stylesheet">
-    <script src="{% static "js/jumpserver.js" %}"></script>
-    <style>
-        .captcha {
-            float: right;
-        }
-    </style>
-</head>
-
-<body class="gray-bg">
-<div class="loginColumns animated fadeInDown">
-    <div class="row">
-        <div class="col-md-6">
-            <h2 class="font-bold" style="text-align: center">
-                {% block msg_title %}
-                {% trans 'Welcome to the JumpServer open source fortress' %}
-                {% endblock %}
-            </h2>
-            {% block msg_content %}
-            <p>
-                {% trans "The world's first fully open source fortress, using the GNU GPL v2.0 open source protocol, is a professional operation and maintenance audit system in compliance with 4A." %}
-            </p>
-            <p>
-                {% trans "Developed using Python/Django, following the Web 2.0 specification and equipped with industry-leading Web Terminal solutions, with beautiful interactive interface and good user experience." %}
-            </p>
-            <p>
-                {% trans 'Distributed architecture is adopted to support multi-machine room deployment across regions, central node provides API, and each machine room deploys login node, which can be extended horizontally and without concurrent access restrictions.' %}
-            </p>
-            <p>
-                {% trans  "Changes the world, starting with a little bit." %}
-            </p>
-            {% endblock %}
-        </div>
-        <div class="col-md-6">
-            <div class="ibox-content">
-                <div>
-                    <img src="{{ LOGO_URL }}" width="60" height="60">
-                    <span class="font-bold text-center" style="font-size: 24px; font-family: inherit; margin-left: 20px">
-                    {% block content_title %}
-                        {% trans 'Login' %}</span>
-                    {% endblock %}
-                </div>
-                {% block content %} {% endblock %}
-            </div>
-        </div>
-    </div>
-    <hr/>
-    <div class="row">
-        <div class="col-md-12">
-            {% include '_copyright.html' %}
-        </div>
-    </div>
-</div>
-</body>
-</html>
diff --git a/apps/users/views/profile/reset.py b/apps/users/views/profile/reset.py
index c25726561..65c690339 100644
--- a/apps/users/views/profile/reset.py
+++ b/apps/users/views/profile/reset.py
@@ -39,20 +39,21 @@ class UserForgotPasswordView(FormView):
     form_class = forms.UserForgotPasswordForm
 
     def form_valid(self, form):
-        request = self.request
         email = form.cleaned_data['email']
         user = get_object_or_none(User, email=email)
         if not user:
             error = _('Email address invalid, please input again')
             form.add_error('email', error)
             return self.form_invalid(form)
-        elif not user.can_update_password():
-            error = _('User auth from {}, go there change password')
-            form.add_error('email', error.format(user.get_source_display()))
+
+        if not user.is_local:
+            error = _('The user is from {} and goes there to change the password'
+                      ''.format(user.get_source_display()))
+            form.add_error('email', error)
             return self.form_invalid(form)
-        else:
-            send_reset_password_mail(user)
-            return redirect('authentication:forgot-password-sendmail-success')
+
+        send_reset_password_mail(user)
+        return redirect('authentication:forgot-password-sendmail-success')
 
 
 class UserForgotPasswordSendmailSuccessView(TemplateView):