merge: with v3

apps/authentication/serializers/__init__.py

@@ -1,4 +1,5 @@
-from .token import *
+from .confirm import *
+from .connect_token_secret import *
 from .connection_token import *
 from .password_mfa import *
-from .confirm import *
+from .token import *

apps/authentication/serializers/connect_token_secret.py

@@ -0,0 +1,117 @@
+from django.utils.translation import ugettext_lazy as _
+from rest_framework import serializers
+
+from acls.models import CommandGroup
+from assets.models import Asset, Account, Platform
+from assets.serializers import PlatformSerializer, AssetProtocolsSerializer
+from authentication.models import ConnectionToken
+from orgs.mixins.serializers import OrgResourceModelSerializerMixin
+from perms.serializers.permission import ActionChoicesField
+from users.models import User
+
+__all__ = [
+    'ConnectionTokenSecretSerializer',
+]
+
+
+class _ConnectionTokenUserSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = User
+        fields = ['id', 'name', 'username', 'email']
+
+
+class _ConnectionTokenAssetSerializer(serializers.ModelSerializer):
+    protocols = AssetProtocolsSerializer(many=True, required=False, label=_('Protocols'))
+
+    class Meta:
+        model = Asset
+        fields = [
+            'id', 'name', 'address', 'protocols',
+            'category', 'type', 'org_id', 'specific'
+        ]
+
+
+class _SimpleAccountSerializer(serializers.ModelSerializer):
+    """ Account """
+
+    class Meta:
+        model = Account
+        fields = ['name', 'username', 'secret_type', 'secret']
+
+
+class _ConnectionTokenAccountSerializer(serializers.ModelSerializer):
+    """ Account """
+    su_from = _SimpleAccountSerializer(required=False, label=_('Su from'))
+
+    class Meta:
+        model = Account
+        fields = [
+            'name', 'username', 'secret_type', 'secret', 'su_from',
+        ]
+
+
+class _ConnectionTokenGatewaySerializer(serializers.ModelSerializer):
+    """ Gateway """
+
+    class Meta:
+        model = Asset
+        fields = [
+            'id', 'address', 'port',
+            # 'username', 'password', 'private_key'
+        ]
+
+
+class _ConnectionTokenACLCmdGroupSerializer(serializers.ModelSerializer):
+    """ ACL command group"""
+
+    class Meta:
+        model = CommandGroup
+        fields = [
+            'id', 'type', 'content', 'ignore_case', 'pattern'
+        ]
+
+
+class _ConnectionTokenPlatformSerializer(PlatformSerializer):
+    class Meta(PlatformSerializer.Meta):
+        model = Platform
+
+    def get_field_names(self, declared_fields, info):
+        names = super().get_field_names(declared_fields, info)
+        names = [n for n in names if n not in ['automation']]
+        return names
+
+
+class ConnectionTokenSecretSerializer(OrgResourceModelSerializerMixin):
+    user = _ConnectionTokenUserSerializer(read_only=True)
+    asset = _ConnectionTokenAssetSerializer(read_only=True)
+    account = _ConnectionTokenAccountSerializer(read_only=True, source='account_object')
+    gateway = _ConnectionTokenGatewaySerializer(read_only=True)
+    platform = _ConnectionTokenPlatformSerializer(read_only=True)
+    acl_command_groups = _ConnectionTokenACLCmdGroupSerializer(read_only=True, many=True)
+    actions = ActionChoicesField()
+    expire_at = serializers.IntegerField()
+    expire_now = serializers.BooleanField(label=_('Expired now'), write_only=True, default=True)
+    connect_method = serializers.SerializerMethodField(label=_('Connect method'))
+
+    class Meta:
+        model = ConnectionToken
+        fields = [
+            'id', 'value', 'user', 'asset', 'account',
+            'platform', 'acl_command_groups', 'protocol',
+            'gateway', 'actions', 'expire_at', 'expire_now',
+            'connect_method'
+        ]
+        extra_kwargs = {
+            'value': {'read_only': True},
+        }
+
+    def get_connect_method(self, obj):
+        from terminal.const import TerminalType
+        from common.utils import get_request_os
+        request = self.context.get('request')
+        if request:
+            os = get_request_os(request)
+        else:
+            os = 'windows'
+        method = TerminalType.get_connect_method(obj.connect_method, protocol=obj.protocol, os=os)
+        return method

apps/authentication/serializers/connection_token.py

@@ -1,194 +1,45 @@
+from django.utils.translation import ugettext_lazy as _
 from rest_framework import serializers
 
-from django.utils.translation import ugettext_lazy as _
-from orgs.mixins.serializers import OrgResourceModelSerializerMixin
 from authentication.models import ConnectionToken
-from common.utils import pretty_string
-from common.utils.random import random_string
-from assets.models import Asset, SystemUser, Gateway, Domain, CommandFilterRule
-from users.models import User
-from applications.models import Application
-from assets.serializers import ProtocolsField
-from perms.serializers.base import ActionsField
-
+from orgs.mixins.serializers import OrgResourceModelSerializerMixin
 
 __all__ = [
-    'ConnectionTokenSerializer', 'ConnectionTokenSecretSerializer',
-    'SuperConnectionTokenSerializer', 'ConnectionTokenDisplaySerializer'
+    'ConnectionTokenSerializer', 'SuperConnectionTokenSerializer',
 ]
 
 
 class ConnectionTokenSerializer(OrgResourceModelSerializerMixin):
-    type_display = serializers.ReadOnlyField(source='get_type_display', label=_("Type display"))
-    is_valid = serializers.BooleanField(read_only=True, label=_('Validity'))
     expire_time = serializers.IntegerField(read_only=True, label=_('Expired time'))
 
     class Meta:
         model = ConnectionToken
-        fields_mini = ['id', 'type']
+        fields_mini = ['id', 'value']
         fields_small = fields_mini + [
-            'secret', 'date_expired', 'date_created', 'date_updated',
-            'created_by', 'updated_by', 'org_id', 'org_name',
-        ]
-        fields_fk = [
-            'user', 'system_user', 'asset', 'application',
+            'user', 'asset', 'account', 'input_username',
+            'input_secret', 'connect_method', 'protocol', 'actions',
+            'date_expired', 'date_created', 'date_updated', 'created_by',
+            'updated_by', 'org_id', 'org_name',
         ]
         read_only_fields = [
             # 普通 Token 不支持指定 user
-            'user', 'is_valid', 'expire_time',
-            'type_display', 'user_display', 'system_user_display',
-            'asset_display', 'application_display',
+            'user', 'expire_time',
+            'user_display', 'asset_display',
         ]
-        fields = fields_small + fields_fk + read_only_fields
-
-    def validate(self, attrs):
-        fields_attrs = self.construct_internal_fields_attrs(attrs)
-        attrs.update(fields_attrs)
-        return attrs
-
-    @property
-    def request_user(self):
-        request = self.context.get('request')
-        if request:
-            return request.user
+        fields = fields_small + read_only_fields
+        extra_kwargs = {
+            'value': {'read_only': True},
+        }
 
     def get_user(self, attrs):
-        return self.request_user
-
-    def construct_internal_fields_attrs(self, attrs):
-        user = self.get_user(attrs)
-        system_user = attrs.get('system_user') or ''
-        asset = attrs.get('asset') or ''
-        application = attrs.get('application') or ''
-        secret = attrs.get('secret') or random_string(16)
-        date_expired = attrs.get('date_expired') or ConnectionToken.get_default_date_expired()
-
-        if isinstance(asset, Asset):
-            tp = ConnectionToken.Type.asset
-            org_id = asset.org_id
-        elif isinstance(application, Application):
-            tp = ConnectionToken.Type.application
-            org_id = application.org_id
-        else:
-            raise serializers.ValidationError(_('Asset or application required'))
-
-        return {
-            'type': tp,
-            'user': user,
-            'secret': secret,
-            'date_expired': date_expired,
-            'user_display': pretty_string(str(user), max_length=128),
-            'system_user_display': pretty_string(str(system_user), max_length=128),
-            'asset_display': pretty_string(str(asset), max_length=128),
-            'application_display': pretty_string(str(application), max_length=128),
-            'org_id': org_id,
-        }
-
-
-class ConnectionTokenDisplaySerializer(ConnectionTokenSerializer):
-    class Meta(ConnectionTokenSerializer.Meta):
-        extra_kwargs = {
-            'secret': {'write_only': True},
-        }
-
-
-#
-# SuperConnectionTokenSerializer
-#
+        request = self.context.get('request')
+        user = request.user if request else None
+        return user
 
 
 class SuperConnectionTokenSerializer(ConnectionTokenSerializer):
-
     class Meta(ConnectionTokenSerializer.Meta):
-        read_only_fields = [
-            'validity', 'user_display', 'system_user_display',
-            'asset_display', 'application_display',
-        ]
+        read_only_fields = list(set(ConnectionTokenSerializer.Meta.read_only_fields) - {'user'})
 
     def get_user(self, attrs):
-        return attrs.get('user') or self.request_user
-
-
-#
-# Connection Token Secret
-#
-
-
-class ConnectionTokenUserSerializer(serializers.ModelSerializer):
-    class Meta:
-        model = User
-        fields = ['id', 'name', 'username', 'email']
-
-
-class ConnectionTokenAssetSerializer(serializers.ModelSerializer):
-    protocols = ProtocolsField(label='Protocols', read_only=True)
-
-    class Meta:
-        model = Asset
-        fields = ['id', 'hostname', 'ip', 'protocols', 'org_id']
-
-
-class ConnectionTokenSystemUserSerializer(serializers.ModelSerializer):
-    class Meta:
-        model = SystemUser
-        fields = [
-            'id', 'name', 'username', 'password', 'private_key',
-            'protocol', 'ad_domain', 'org_id'
-        ]
-
-
-class ConnectionTokenGatewaySerializer(serializers.ModelSerializer):
-    class Meta:
-        model = Gateway
-        fields = ['id', 'ip', 'port', 'username', 'password', 'private_key']
-
-
-class ConnectionTokenRemoteAppSerializer(serializers.Serializer):
-    program = serializers.CharField(allow_null=True, allow_blank=True)
-    working_directory = serializers.CharField(allow_null=True, allow_blank=True)
-    parameters = serializers.CharField(allow_null=True, allow_blank=True)
-
-
-class ConnectionTokenApplicationSerializer(serializers.ModelSerializer):
-    attrs = serializers.JSONField(read_only=True)
-
-    class Meta:
-        model = Application
-        fields = ['id', 'name', 'category', 'type', 'attrs', 'org_id']
-
-
-class ConnectionTokenDomainSerializer(serializers.ModelSerializer):
-    gateways = ConnectionTokenGatewaySerializer(many=True, read_only=True)
-
-    class Meta:
-        model = Domain
-        fields = ['id', 'name', 'gateways']
-
-
-class ConnectionTokenCmdFilterRuleSerializer(serializers.ModelSerializer):
-    class Meta:
-        model = CommandFilterRule
-        fields = [
-            'id', 'type', 'content', 'ignore_case', 'pattern',
-            'priority', 'action', 'date_created',
-        ]
-
-
-class ConnectionTokenSecretSerializer(OrgResourceModelSerializerMixin):
-    user = ConnectionTokenUserSerializer(read_only=True)
-    asset = ConnectionTokenAssetSerializer(read_only=True, source='asset_or_remote_app_asset')
-    application = ConnectionTokenApplicationSerializer(read_only=True)
-    remote_app = ConnectionTokenRemoteAppSerializer(read_only=True)
-    system_user = ConnectionTokenSystemUserSerializer(read_only=True)
-    gateway = ConnectionTokenGatewaySerializer(read_only=True)
-    domain = ConnectionTokenDomainSerializer(read_only=True)
-    cmd_filter_rules = ConnectionTokenCmdFilterRuleSerializer(many=True)
-    actions = ActionsField()
-    expired_at = serializers.IntegerField()
-
-    class Meta:
-        model = ConnectionToken
-        fields = [
-            'id', 'secret', 'type', 'user', 'asset', 'application', 'system_user',
-            'remote_app', 'cmd_filter_rules', 'domain', 'gateway', 'actions', 'expired_at',
-        ]
+        return attrs.get('user')