github/jumpserver
1
0
Fork 0
mirror of https://github.com/jumpserver/jumpserver.git synced 2025-09-04 17:01:09 +00:00
Code Issues Projects Releases Wiki Activity

perf: 修改完成

Browse Source
This commit is contained in:
ibuler
2023-08-15 13:45:44 +08:00
parent 8e0c04c84c
commit c4528612d5
12 changed files with 203 additions and 165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

158
apps/settings/serializers/security.py
View File

@@ -3,8 +3,31 @@ from rest_framework import serializers
from acls.serializers.rules import ip_group_help_text, ip_group_child_validator
__all__ = [
'SecurityPasswordRuleSerializer', 'SecuritySessionSerializer',
'SecurityAuthSerializer', 'SecuritySettingSerializer',
'SecurityLoginLimitSerializer', 'SecurityBasicSerializer',
]
class SecurityPasswordRuleSerializer(serializers.Serializer):
SECURITY_PASSWORD_EXPIRATION_TIME = serializers.IntegerField(
min_value=1, max_value=99999, required=True,
label=_('User password expiration (day)'),
help_text=_(
'If the user does not update the password during the time, '
'the user password will expire failure;The password expiration reminder mail will be '
'automatic sent to the user by system within 5 days (daily) before the password expires'
)
)
OLD_PASSWORD_HISTORY_LIMIT_COUNT = serializers.IntegerField(
min_value=0, max_value=99999, required=True,
label=_('Number of repeated historical passwords'),
help_text=_(
'Tip: When the user resets the password, it cannot be '
'the previous n historical passwords of the user'
)
)
SECURITY_PASSWORD_MIN_LENGTH = serializers.IntegerField(
min_value=6, max_value=30, required=True,
label=_('Password minimum length')
@@ -33,20 +56,7 @@ login_ip_limit_time_help_text = _(
)
class SecurityAuthSerializer(serializers.Serializer):
SECURITY_MFA_AUTH = serializers.ChoiceField(
choices=(
[0, _('Not enabled')],
[1, _('All users')],
[2, _('Only admin users')],
),
required=False, label=_("Global MFA auth")
)
SECURITY_MFA_AUTH_ENABLED_FOR_THIRD_PARTY = serializers.BooleanField(
required=False, default=True,
label=_('Third-party login users perform MFA authentication'),
help_text=_('The third-party login modes include OIDC, CAS, and SAML2'),
)
class SecurityLoginLimitSerializer(serializers.Serializer):
SECURITY_LOGIN_LIMIT_COUNT = serializers.IntegerField(
min_value=3, max_value=99999,
label=_('Limit the number of user login failures')
@@ -56,6 +66,7 @@ class SecurityAuthSerializer(serializers.Serializer):
label=_('Block user login interval (minute)'),
help_text=login_ip_limit_time_help_text
)
SECURITY_LOGIN_IP_LIMIT_COUNT = serializers.IntegerField(
min_value=3, max_value=99999,
label=_('Limit the number of IP login failures')
@@ -75,23 +86,6 @@ class SecurityAuthSerializer(serializers.Serializer):
child=serializers.CharField(max_length=1024, validators=[ip_group_child_validator]),
help_text=ip_group_help_text
)
SECURITY_PASSWORD_EXPIRATION_TIME = serializers.IntegerField(
min_value=1, max_value=99999, required=True,
label=_('User password expiration (day)'),
help_text=_(
'If the user does not update the password during the time, '
'the user password will expire failure;The password expiration reminder mail will be '
'automatic sent to the user by system within 5 days (daily) before the password expires'
)
)
OLD_PASSWORD_HISTORY_LIMIT_COUNT = serializers.IntegerField(
min_value=0, max_value=99999, required=True,
label=_('Number of repeated historical passwords'),
help_text=_(
'Tip: When the user resets the password, it cannot be '
'the previous n historical passwords of the user'
)
)
USER_LOGIN_SINGLE_MACHINE_ENABLED = serializers.BooleanField(
required=False, default=False, label=_("Only single device login"),
help_text=_("After the user logs in on the new device, other logged-in devices will automatically log out")
@@ -113,6 +107,29 @@ class SecurityAuthSerializer(serializers.Serializer):
"they can log in directly"
)
)
class SecurityAuthSerializer(serializers.Serializer):
SECURITY_MFA_AUTH = serializers.ChoiceField(
choices=(
[0, _('Not enabled')],
[1, _('All users')],
[2, _('Only admin users')],
),
required=False, label=_("Global MFA auth")
)
SECURITY_MFA_AUTH_ENABLED_FOR_THIRD_PARTY = serializers.BooleanField(
required=False, default=True,
label=_('Third-party login users perform MFA authentication'),
help_text=_('The third-party login modes include OIDC, CAS, and SAML2'),
)
OTP_ISSUER_NAME = serializers.CharField(
required=False, max_length=16, label=_('OTP issuer name'),
)
OTP_VALID_WINDOW = serializers.IntegerField(
min_value=1, max_value=10,
label=_("OTP valid window")
)
SECURITY_MFA_VERIFY_TTL = serializers.IntegerField(
min_value=5, max_value=60 * 60 * 10,
label=_("MFA verify TTL"),
@@ -120,6 +137,11 @@ class SecurityAuthSerializer(serializers.Serializer):
"Unit: second, The verification MFA takes effect only when you view the account password"
)
)
SECURITY_MFA_IN_LOGIN_PAGE = serializers.BooleanField(
required=False, default=False,
label=_("MFA in login page"),
help_text=_("Eu security regulations(GDPR) require MFA to be on the login page")
)
VERIFY_CODE_TTL = serializers.IntegerField(
min_value=5, max_value=60 * 60 * 10,
label=_("Verify code TTL (second)"),
@@ -131,15 +153,22 @@ class SecurityAuthSerializer(serializers.Serializer):
help_text=_("The password and additional code are sent to a third party "
"authentication system for verification")
)
SECURITY_MFA_IN_LOGIN_PAGE = serializers.BooleanField(
required=False, default=False,
label=_("MFA in login page"),
help_text=_("Eu security regulations(GDPR) require MFA to be on the login page")
)
SECURITY_LOGIN_CAPTCHA_ENABLED = serializers.BooleanField(
required=False, default=False, label=_("Enable Login captcha"),
help_text=_("Enable captcha to prevent robot authentication")
)
SECURITY_CHECK_DIFFERENT_CITY_LOGIN = serializers.BooleanField(
required=False, label=_('Remote Login Protection'),
help_text=_(
'The system determines whether the login IP address belongs to a common login city. '
'If the account is logged in from a common login city, the system sends a remote login reminder'
)
)
SECURITY_UNCOMMON_USERS_TTL = serializers.IntegerField(
min_value=30, max_value=99999, required=False,
label=_('Unused user timeout (day)'),
help_text=_("Detect infrequent users daily and disable them if they exceed the predetermined time limit.")
)
def validate(self, attrs):
if attrs.get('SECURITY_MFA_AUTH') != 1:
@@ -156,15 +185,7 @@ class SecurityAuthSerializer(serializers.Serializer):
return data
class SecuritySettingSerializer(SecurityPasswordRuleSerializer, SecurityAuthSerializer):
PREFIX_TITLE = _('Security')
SECURITY_SERVICE_ACCOUNT_REGISTRATION = serializers.BooleanField(
required=True, label=_('Enable terminal register'),
help_text=_(
"Allow terminal register, after all terminal setup, you should disable this for security"
)
)
class SecuritySessionSerializer(serializers.Serializer):
SECURITY_WATERMARK_ENABLED = serializers.BooleanField(
required=True, label=_('Enable watermark'),
help_text=_('Enabled, the web session and replay contains watermark information')
@@ -182,6 +203,13 @@ class SecuritySettingSerializer(SecurityPasswordRuleSerializer, SecurityAuthSeri
SECURITY_LUNA_REMEMBER_AUTH = serializers.BooleanField(
label=_("Remember manual auth")
)
SECURITY_SESSION_SHARE = serializers.BooleanField(
required=True, label=_('Session share'),
help_text=_("Enabled, Allows user active session to be shared with other users")
)
class SecurityBasicSerializer(serializers.Serializer):
SECURITY_INSECURE_COMMAND = serializers.BooleanField(
required=False, label=_('Insecure command alert')
)
@@ -189,35 +217,11 @@ class SecuritySettingSerializer(SecurityPasswordRuleSerializer, SecurityAuthSeri
max_length=8192, required=False, allow_blank=True, label=_('Email recipient'),
help_text=_('Multiple user using , split')
)
SECURITY_COMMAND_EXECUTION = serializers.BooleanField(
required=False, label=_('Operation center'),
help_text=_('Allow user run batch command or not using ansible')
)
SECURITY_COMMAND_BLACKLIST = serializers.ListField(
child=serializers.CharField(max_length=1024, ),
label=_('Operation center command blacklist'),
help_text=_("Commands that are not allowed execute.")
)
SECURITY_SESSION_SHARE = serializers.BooleanField(
required=True, label=_('Session share'),
help_text=_("Enabled, Allows user active session to be shared with other users")
)
SECURITY_UNCOMMON_USERS_TTL = serializers.IntegerField(
min_value=30, max_value=99999, required=False,
label=_('Unused user timeout (day)'),
help_text=_("Detect infrequent users daily and disable them if they exceed the predetermined time limit.")
)
SECURITY_CHECK_DIFFERENT_CITY_LOGIN = serializers.BooleanField(
required=False, label=_('Remote Login Protection'),
help_text=_(
'The system determines whether the login IP address belongs to a common login city. '
'If the account is logged in from a common login city, the system sends a remote login reminder'
)
)
OTP_ISSUER_NAME = serializers.CharField(
required=False, max_length=16, label=_('OTP issuer name'),
)
OTP_VALID_WINDOW = serializers.IntegerField(
min_value=1, max_value=10,
label=_("OTP valid window")
)
class SecuritySettingSerializer(
SecurityPasswordRuleSerializer, SecurityAuthSerializer,
SecuritySessionSerializer, SecurityBasicSerializer,
SecurityLoginLimitSerializer,
):
PREFIX_TITLE = _('Security')