perf(auth): 授权token形式登录，支持记录登录日志

2025-09-03 08:25:04 +00:00 · 2021-06-10 18:02:55 +08:00
parent 7dddf0c3c2
commit db99ab80db
6 changed files with 40 additions and 14 deletions
--- a/apps/authentication/api/connection_token.py
+++ b/apps/authentication/api/connection_token.py
@@ -6,12 +6,14 @@ from django.conf import settings
 from django.core.cache import cache
 from django.shortcuts import get_object_or_404
 from django.http import HttpResponse
+from django.utils.translation import ugettext as _
 from rest_framework.response import Response
 from rest_framework.viewsets import GenericViewSet
 from rest_framework.decorators import action
 from rest_framework.exceptions import PermissionDenied
 from rest_framework import serializers

+from authentication.signals import post_auth_failed, post_auth_success
 from common.utils import get_logger, random_string
 from common.drf.api import SerializerMixin2
 from common.permissions import IsSuperUserOrAppUser, IsValidUser, IsSuperUser
@@ -51,10 +53,6 @@ class UserConnectionTokenViewSet(RootOrgViewMixin, SerializerMixin2, GenericView
        return True

    def create_token(self, user, asset, application, system_user, ttl=5*60):
-        if not settings.CONNECTION_TOKEN_ENABLED:
-            raise PermissionDenied('Connection token disabled')
-        if not user:
-            user = self.request.user
        if not self.request.user.is_superuser and user != self.request.user:
            raise PermissionDenied('Only super user can create user token')
        self.check_resource_permission(user, asset, application, system_user)
@@ -238,7 +236,14 @@ class UserConnectionTokenViewSet(RootOrgViewMixin, SerializerMixin2, GenericView
    @action(methods=['POST'], detail=False, permission_classes=[IsSuperUserOrAppUser], url_path='secret-info/detail')
    def get_secret_detail(self, request, *args, **kwargs):
        token = request.data.get('token', '')
-        value, user, system_user, asset, app = self.valid_token(token)
+        try:
+            value, user, system_user, asset, app = self.valid_token(token)
+        except serializers.ValidationError as e:
+            post_auth_failed.send(
+                sender=self.__class__, username='', request=self.request,
+                reason=_('Invalid token')
+            )
+            raise e

        data = dict(user=user, system_user=system_user)
        if asset:
@@ -252,6 +257,9 @@ class UserConnectionTokenViewSet(RootOrgViewMixin, SerializerMixin2, GenericView
            data['type'] = 'application'
            data.update(app_detail)

+        self.request.session['auth_backend'] = settings.AUTH_BACKEND_AUTH_TOKEN
+        post_auth_success.send(sender=self.__class__, user=user, request=self.request, login_type='T')
+
        serializer = self.get_serializer(data)
        return Response(data=serializer.data, status=200)

--- a/apps/authentication/backends/api.py
+++ b/apps/authentication/backends/api.py
@@ -228,3 +228,11 @@ class DingTalkAuthentication(ModelBackend):

    def authenticate(self, request, **kwargs):
        pass
+
+
+class AuthorizationTokenAuthentication(ModelBackend):
+    """
+    什么也不做呀😺
+    """
+    def authenticate(self, request, **kwargs):
+        pass