From c4bbeaaccc8c746637fb839f05c901bd2a679503 Mon Sep 17 00:00:00 2001 From: xinwen Date: Mon, 5 Jul 2021 16:20:42 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20rdp=20=E6=B7=BB=E5=8A=A0=E6=8E=88?= =?UTF-8?q?=E6=9D=83=E8=BF=87=E6=9C=9F=E8=87=AA=E5=8A=A8=E6=96=AD=E5=BC=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/authentication/api/connection_token.py | 21 ++++++++++++--------- apps/authentication/serializers.py | 1 + 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/apps/authentication/api/connection_token.py b/apps/authentication/api/connection_token.py index 1e23f36d8..d4824c355 100644 --- a/apps/authentication/api/connection_token.py +++ b/apps/authentication/api/connection_token.py @@ -216,6 +216,8 @@ class UserConnectionTokenViewSet(RootOrgViewMixin, SerializerMixin2, GenericView from users.models import User from assets.models import SystemUser, Asset from applications.models import Application + from perms.utils.asset.permission import validate_permission as asset_validate_permission + from perms.utils.application.permission import validate_permission as app_validate_permission key = self.CACHE_KEY_PREFIX.format(token) value = cache.get(key, None) @@ -232,23 +234,24 @@ class UserConnectionTokenViewSet(RootOrgViewMixin, SerializerMixin2, GenericView app = None if value.get('type') == 'asset': asset = get_object_or_404(Asset, id=value.get('asset')) + if not asset.is_active: + raise serializers.ValidationError("Asset disabled") + + has_perm, expired_at = asset_validate_permission(user, asset, system_user, 'connect') else: app = get_object_or_404(Application, id=value.get('application')) + has_perm, expired_at = app_validate_permission(user, app, system_user) - if asset and not asset.is_active: - raise serializers.ValidationError("Asset disabled") - - try: - self.check_resource_permission(user, asset, app, system_user) - except PermissionDenied: + if not has_perm: raise serializers.ValidationError('Permission expired or invalid') - return value, user, system_user, asset, app + + return value, user, system_user, asset, app, expired_at @action(methods=['POST'], detail=False, permission_classes=[IsSuperUserOrAppUser], url_path='secret-info/detail') def get_secret_detail(self, request, *args, **kwargs): token = request.data.get('token', '') try: - value, user, system_user, asset, app = self.valid_token(token) + value, user, system_user, asset, app, expired_at = self.valid_token(token) except serializers.ValidationError as e: post_auth_failed.send( sender=self.__class__, username='', request=self.request, @@ -256,7 +259,7 @@ class UserConnectionTokenViewSet(RootOrgViewMixin, SerializerMixin2, GenericView ) raise e - data = dict(user=user, system_user=system_user) + data = dict(user=user, system_user=system_user, expired_at=expired_at) if asset: asset_detail = self._get_asset_secret_detail(asset, user=user, system_user=system_user) system_user.load_asset_more_auth(asset.id, user.username, user.id) diff --git a/apps/authentication/serializers.py b/apps/authentication/serializers.py index 11381c4cb..e6932388b 100644 --- a/apps/authentication/serializers.py +++ b/apps/authentication/serializers.py @@ -196,6 +196,7 @@ class ConnectionTokenSecretSerializer(serializers.Serializer): system_user = ConnectionTokenSystemUserSerializer(read_only=True) gateway = ConnectionTokenGatewaySerializer(read_only=True) actions = ActionsField() + expired_at = serializers.IntegerField() class RDPFileSerializer(ConnectionTokenSerializer):