From 4f7ab695082a644d24dd7cd70006a36e6a09a328 Mon Sep 17 00:00:00 2001 From: BaiJiangJie Date: Thu, 31 Oct 2019 18:05:52 +0800 Subject: [PATCH 1/6] =?UTF-8?q?[Bugfix]=20=E4=BF=AE=E5=A4=8D=E6=89=A7?= =?UTF-8?q?=E8=A1=8C=E4=BB=BB=E5=8A=A1=EF=BC=8C=E6=B2=A1=E6=9C=89=E4=BF=9D?= =?UTF-8?q?=E5=AD=98=20history=20=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/ops/models/adhoc.py | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/ops/models/adhoc.py b/apps/ops/models/adhoc.py index 6cc802488..b9c1c4a74 100644 --- a/apps/ops/models/adhoc.py +++ b/apps/ops/models/adhoc.py @@ -242,6 +242,7 @@ class AdHoc(models.Model): except AttributeError: hid = str(uuid.uuid4()) history = AdHocRunHistory(id=hid, adhoc=self, task=self.task) + history.save() time_start = time.time() date_start = timezone.now() is_success = False From 28ad362b8d77d2f8d099573a270b22165c1232d4 Mon Sep 17 00:00:00 2001 From: ibuler Date: Fri, 1 Nov 2019 14:09:44 +0800 Subject: [PATCH 2/6] =?UTF-8?q?[Update]=20=E4=BF=AE=E6=94=B9=E8=AE=BE?= =?UTF-8?q?=E7=BD=AE=E6=9C=80=E6=96=B0=E7=89=88=E6=9C=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/assets/backends/db.py | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/assets/backends/db.py b/apps/assets/backends/db.py index 40fa41444..f702060fb 100644 --- a/apps/assets/backends/db.py +++ b/apps/assets/backends/db.py @@ -26,4 +26,5 @@ class AuthBookBackend(BaseBackend): } obj = AuthBook.objects.create(**kwargs) obj.set_auth(**auth_info) + obj.set_version_and_latest() return obj From c25335cf951f9f842a994a9d6d479706021d95f1 Mon Sep 17 00:00:00 2001 From: ibuler Date: Fri, 1 Nov 2019 14:52:37 +0800 Subject: [PATCH 3/6] =?UTF-8?q?[Update]=20=E4=BF=AE=E6=94=B9authbook?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/assets/backends/db.py | 1 - apps/assets/models/authbook.py | 4 ---- apps/assets/serializers/asset_user.py | 2 +- apps/assets/signals_handler.py | 8 +++++++- 4 files changed, 8 insertions(+), 7 deletions(-) diff --git a/apps/assets/backends/db.py b/apps/assets/backends/db.py index f702060fb..40fa41444 100644 --- a/apps/assets/backends/db.py +++ b/apps/assets/backends/db.py @@ -26,5 +26,4 @@ class AuthBookBackend(BaseBackend): } obj = AuthBook.objects.create(**kwargs) obj.set_auth(**auth_info) - obj.set_version_and_latest() return obj diff --git a/apps/assets/models/authbook.py b/apps/assets/models/authbook.py index 991729250..0243b43fb 100644 --- a/apps/assets/models/authbook.py +++ b/apps/assets/models/authbook.py @@ -60,10 +60,6 @@ class AuthBook(AssetUser): self.version = 1 self.save() - def set_version_and_latest(self): - self.set_version() - self.set_to_latest() - def get_related_assets(self): return [self.asset] diff --git a/apps/assets/serializers/asset_user.py b/apps/assets/serializers/asset_user.py index 18b5ea982..1e05b8f5b 100644 --- a/apps/assets/serializers/asset_user.py +++ b/apps/assets/serializers/asset_user.py @@ -53,7 +53,7 @@ class AssetUserSerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer): if not validated_data.get("name") and validated_data.get("username"): validated_data["name"] = validated_data["username"] instance = AssetUserManager.create(**validated_data) - instance.set_version_and_latest() + instance.set_to_latest() return instance diff --git a/apps/assets/signals_handler.py b/apps/assets/signals_handler.py index ea5f8f4ad..594da38b7 100644 --- a/apps/assets/signals_handler.py +++ b/apps/assets/signals_handler.py @@ -9,7 +9,7 @@ from django.dispatch import receiver from common.utils import get_logger, timeit from common.decorator import on_transaction_commit -from .models import Asset, SystemUser, Node +from .models import Asset, SystemUser, Node, AuthBook from .tasks import ( update_assets_hardware_info_util, test_asset_connectivity_util, @@ -189,3 +189,9 @@ def on_asset_nodes_remove(sender, instance=None, action='', model=None, def on_node_update_or_created(sender, **kwargs): # 刷新节点 Node.refresh_nodes() + + +@receiver(post_save, sender=AuthBook) +def on_authbook_created(sender, instance=None, created=True, **kwargs): + if created and instance: + instance.set_version() From bae438706893ca68b664f91c3d5ee0e2ca5dde4b Mon Sep 17 00:00:00 2001 From: ibuler Date: Tue, 5 Nov 2019 19:44:34 +0800 Subject: [PATCH 4/6] =?UTF-8?q?[Update]=20tree=E5=87=BA=E7=8E=B0=E6=BB=9A?= =?UTF-8?q?=E5=8A=A8=E6=9D=A1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/assets/templates/assets/_node_tree.html | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/assets/templates/assets/_node_tree.html b/apps/assets/templates/assets/_node_tree.html index c76d3d685..803c29c13 100644 --- a/apps/assets/templates/assets/_node_tree.html +++ b/apps/assets/templates/assets/_node_tree.html @@ -32,8 +32,7 @@ } - -
+
@@ -306,6 +305,7 @@ function defaultCallback(action) { $(document).ready(function () { + $('.treebox').css('height', window.innerHeight - 180); }) .on('click', '.btn-show-current-asset', function(){ hideRMenu(); @@ -322,4 +322,4 @@ $(document).ready(function () { location.reload(); }) - \ No newline at end of file + From eedaaddbf547c2f2de212f77ebe76f2e0bc160a1 Mon Sep 17 00:00:00 2001 From: ibuler Date: Wed, 6 Nov 2019 11:57:00 +0800 Subject: [PATCH 5/6] =?UTF-8?q?[Update]=20=E7=94=A8=E6=88=B7=E5=88=9B?= =?UTF-8?q?=E5=BB=BA=E6=94=AF=E6=8C=81=E4=BF=AE=E6=94=B9source?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../templates/assets/_asset_list_modal.html | 2 +- apps/jumpserver/conf.py | 1 + apps/settings/api.py | 25 ++++++- apps/settings/serializers.py | 3 + apps/settings/urls/api_urls.py | 1 + apps/users/forms.py | 22 +++++- apps/users/serializers/__init__.py | 3 +- apps/users/serializers/group.py | 69 +++++++++++++++++++ apps/users/serializers/{v1.py => user.py} | 60 +--------------- apps/users/templates/users/_user.html | 1 + 10 files changed, 122 insertions(+), 65 deletions(-) create mode 100644 apps/users/serializers/group.py rename apps/users/serializers/{v1.py => user.py} (69%) diff --git a/apps/assets/templates/assets/_asset_list_modal.html b/apps/assets/templates/assets/_asset_list_modal.html index 8d8c3f0ba..4c6eb7199 100644 --- a/apps/assets/templates/assets/_asset_list_modal.html +++ b/apps/assets/templates/assets/_asset_list_modal.html @@ -25,7 +25,7 @@
-
+
diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index 58ca170c6..b76dac415 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -395,6 +395,7 @@ defaults = { 'FLOWER_URL': "127.0.0.1:5555", 'DEFAULT_ORG_SHOW_ALL_USERS': True, 'PERIOD_TASK_ENABLED': True, + 'WINDOWS_SKIP_ALL_MANUAL_PASSWORD': True, } diff --git a/apps/settings/api.py b/apps/settings/api.py index 22a295b68..426cdf76d 100644 --- a/apps/settings/api.py +++ b/apps/settings/api.py @@ -12,11 +12,14 @@ from django.conf import settings from django.core.mail import send_mail from django.utils.translation import ugettext_lazy as _ -from .models import Setting -from .utils import LDAPUtil from common.permissions import IsOrgAdmin, IsSuperUser from common.utils import get_logger -from .serializers import MailTestSerializer, LDAPTestSerializer, LDAPUserSerializer +from .models import Setting +from .utils import LDAPUtil +from .serializers import ( + MailTestSerializer, LDAPTestSerializer, LDAPUserSerializer, + PublicSettingSerializer, +) logger = get_logger(__file__) @@ -245,3 +248,19 @@ class CommandStorageDeleteAPI(APIView): storage_name = str(request.data.get('name')) Setting.delete_storage('TERMINAL_COMMAND_STORAGE', storage_name) return Response({"msg": _('Delete succeed')}, status=200) + + +class PublicSettingApi(generics.RetrieveAPIView): + permission_classes = () + serializer_class = PublicSettingSerializer + + def get_object(self): + c = settings.CONFIG + instance = { + "data": { + "WINDOWS_SKIP_ALL_MANUAL_PASSWORD": c.WINDOWS_SKIP_ALL_MANUAL_PASSWORD + } + } + return instance + + diff --git a/apps/settings/serializers.py b/apps/settings/serializers.py index eb8a61679..f29b514d7 100644 --- a/apps/settings/serializers.py +++ b/apps/settings/serializers.py @@ -28,3 +28,6 @@ class LDAPUserSerializer(serializers.Serializer): email = serializers.CharField() existing = serializers.BooleanField(read_only=True) + +class PublicSettingSerializer(serializers.Serializer): + data = serializers.DictField(read_only=True) diff --git a/apps/settings/urls/api_urls.py b/apps/settings/urls/api_urls.py index bc2e4731f..026598206 100644 --- a/apps/settings/urls/api_urls.py +++ b/apps/settings/urls/api_urls.py @@ -15,4 +15,5 @@ urlpatterns = [ path('terminal/replay-storage/delete/', api.ReplayStorageDeleteAPI.as_view(), name='replay-storage-delete'), path('terminal/command-storage/create/', api.CommandStorageCreateAPI.as_view(), name='command-storage-create'), path('terminal/command-storage/delete/', api.CommandStorageDeleteAPI.as_view(), name='command-storage-delete'), + path('public/', api.PublicSettingApi.as_view(), name='public-setting'), ] diff --git a/apps/users/forms.py b/apps/users/forms.py index 98d7c9e09..649f66ab9 100644 --- a/apps/users/forms.py +++ b/apps/users/forms.py @@ -2,6 +2,7 @@ from django import forms from django.utils.translation import gettext_lazy as _ +from django.conf import settings from common.utils import validate_ssh_public_key from orgs.mixins.forms import OrgModelForm @@ -21,6 +22,20 @@ class UserCheckOtpCodeForm(forms.Form): otp_code = forms.CharField(label=_('MFA code'), max_length=6) +def get_source_choices(): + choices_all = dict(User.SOURCE_CHOICES) + choices = [ + (User.SOURCE_LOCAL, choices_all[User.SOURCE_LOCAL]), + ] + if settings.AUTH_LDAP: + choices.append((User.SOURCE_LDAP, choices_all[User.SOURCE_LDAP])) + if settings.AUTH_OPENID: + choices.append((User.SOURCE_OPENID, choices_all[User.SOURCE_OPENID])) + if settings.AUTH_RADIUS: + choices.append((User.SOURCE_RADIUS, choices_all[User.SOURCE_RADIUS])) + return choices + + class UserCreateUpdateFormMixin(OrgModelForm): role_choices = ((i, n) for i, n in User.ROLE_CHOICES if i != User.ROLE_APP) password = forms.CharField( @@ -31,6 +46,10 @@ class UserCreateUpdateFormMixin(OrgModelForm): choices=role_choices, required=True, initial=User.ROLE_USER, label=_("Role") ) + source = forms.ChoiceField( + choices=get_source_choices, required=True, + initial=User.SOURCE_LOCAL, label=_("Source") + ) public_key = forms.CharField( label=_('ssh public key'), max_length=5000, required=False, widget=forms.Textarea(attrs={'placeholder': _('ssh-rsa AAAA...')}), @@ -41,7 +60,8 @@ class UserCreateUpdateFormMixin(OrgModelForm): model = User fields = [ 'username', 'name', 'email', 'groups', 'wechat', - 'phone', 'role', 'date_expired', 'comment', 'otp_level' + 'source', 'phone', 'role', 'date_expired', + 'comment', 'otp_level' ] widgets = { 'otp_level': forms.RadioSelect(), diff --git a/apps/users/serializers/__init__.py b/apps/users/serializers/__init__.py index 94ef71f28..78a695e51 100644 --- a/apps/users/serializers/__init__.py +++ b/apps/users/serializers/__init__.py @@ -1,3 +1,4 @@ # -*- coding: utf-8 -*- # -from .v1 import * \ No newline at end of file +from .user import * +from .group import * diff --git a/apps/users/serializers/group.py b/apps/users/serializers/group.py new file mode 100644 index 000000000..d27ddc19a --- /dev/null +++ b/apps/users/serializers/group.py @@ -0,0 +1,69 @@ +# -*- coding: utf-8 -*- +# +from django.utils.translation import ugettext_lazy as _ +from rest_framework import serializers + +from common.fields import StringManyToManyField +from common.serializers import AdaptedBulkListSerializer +from orgs.mixins.serializers import BulkOrgResourceModelSerializer +from ..models import User, UserGroup +from .. import utils + + +__all__ = [ + 'UserGroupSerializer', 'UserGroupListSerializer', + 'UserGroupUpdateMemberSerializer' +] + + +class UserGroupSerializer(BulkOrgResourceModelSerializer): + users = serializers.PrimaryKeyRelatedField( + required=False, many=True, queryset=User.objects, label=_('User') + ) + + class Meta: + model = UserGroup + list_serializer_class = AdaptedBulkListSerializer + fields = [ + 'id', 'name', 'users', 'comment', 'date_created', + 'created_by', + ] + extra_kwargs = { + 'created_by': {'label': _('Created by'), 'read_only': True} + } + + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + self.set_fields_queryset() + + def set_fields_queryset(self): + users_field = self.fields['users'] + users_field.child_relation.queryset = utils.get_current_org_members() + + def validate_users(self, users): + for user in users: + if user.is_super_auditor: + msg = _('Auditors cannot be join in the user group') + raise serializers.ValidationError(msg) + return users + + +class UserGroupListSerializer(UserGroupSerializer): + users = StringManyToManyField(many=True, read_only=True) + + +class UserGroupUpdateMemberSerializer(serializers.ModelSerializer): + users = serializers.PrimaryKeyRelatedField(many=True, queryset=User.objects) + + class Meta: + model = UserGroup + fields = ['id', 'users'] + + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + self.set_fields_queryset() + + def set_fields_queryset(self): + users_field = self.fields['users'] + users_field.child_relation.queryset = utils.get_current_org_members() + diff --git a/apps/users/serializers/v1.py b/apps/users/serializers/user.py similarity index 69% rename from apps/users/serializers/v1.py rename to apps/users/serializers/user.py index 847afe885..57e2f43fa 100644 --- a/apps/users/serializers/v1.py +++ b/apps/users/serializers/user.py @@ -6,19 +6,14 @@ from rest_framework import serializers from common.utils import validate_ssh_public_key from common.mixins import BulkSerializerMixin -from common.fields import StringManyToManyField from common.serializers import AdaptedBulkListSerializer from common.permissions import CanUpdateDeleteUser -from orgs.mixins.serializers import BulkOrgResourceModelSerializer from ..models import User, UserGroup -from .. import utils __all__ = [ 'UserSerializer', 'UserPKUpdateSerializer', 'UserUpdateGroupSerializer', - 'UserGroupSerializer', 'UserGroupListSerializer', - 'UserGroupUpdateMemberSerializer', 'ChangeUserPasswordSerializer', - 'ResetOTPSerializer', + 'ChangeUserPasswordSerializer', 'ResetOTPSerializer', ] @@ -49,7 +44,6 @@ class UserSerializer(BulkSerializerMixin, serializers.ModelSerializer): 'is_valid': {'label': _('Is valid')}, 'is_expired': {'label': _('Is expired')}, 'avatar_url': {'label': _('Avatar url')}, - 'source': {'read_only': True}, 'created_by': {'read_only': True, 'allow_blank': True}, 'can_update': {'read_only': True}, 'can_delete': {'read_only': True}, @@ -127,58 +121,6 @@ class UserUpdateGroupSerializer(serializers.ModelSerializer): fields = ['id', 'groups'] -class UserGroupSerializer(BulkOrgResourceModelSerializer): - users = serializers.PrimaryKeyRelatedField( - required=False, many=True, queryset=User.objects, label=_('User') - ) - - class Meta: - model = UserGroup - list_serializer_class = AdaptedBulkListSerializer - fields = [ - 'id', 'name', 'users', 'comment', 'date_created', - 'created_by', - ] - extra_kwargs = { - 'created_by': {'label': _('Created by'), 'read_only': True} - } - - def __init__(self, *args, **kwargs): - super().__init__(*args, **kwargs) - self.set_fields_queryset() - - def set_fields_queryset(self): - users_field = self.fields['users'] - users_field.child_relation.queryset = utils.get_current_org_members() - - def validate_users(self, users): - for user in users: - if user.is_super_auditor: - msg = _('Auditors cannot be join in the user group') - raise serializers.ValidationError(msg) - return users - - -class UserGroupListSerializer(UserGroupSerializer): - users = StringManyToManyField(many=True, read_only=True) - - -class UserGroupUpdateMemberSerializer(serializers.ModelSerializer): - users = serializers.PrimaryKeyRelatedField(many=True, queryset=User.objects) - - class Meta: - model = UserGroup - fields = ['id', 'users'] - - def __init__(self, *args, **kwargs): - super().__init__(*args, **kwargs) - self.set_fields_queryset() - - def set_fields_queryset(self): - users_field = self.fields['users'] - users_field.child_relation.queryset = utils.get_current_org_members() - - class ChangeUserPasswordSerializer(serializers.ModelSerializer): class Meta: diff --git a/apps/users/templates/users/_user.html b/apps/users/templates/users/_user.html index 192dbfb70..ea0f76854 100644 --- a/apps/users/templates/users/_user.html +++ b/apps/users/templates/users/_user.html @@ -21,6 +21,7 @@

{% trans 'Auth' %}

{% block password %}{% endblock %} {% bootstrap_field form.otp_level layout="horizontal" %} + {% bootstrap_field form.source layout="horizontal" %}

{% trans 'Security and Role' %}

From ed5a57042a2cafa5a8bb7b0e753181f05dc4c2d8 Mon Sep 17 00:00:00 2001 From: ibuler Date: Wed, 6 Nov 2019 14:28:49 +0800 Subject: [PATCH 6/6] =?UTF-8?q?[Update]=20windows=E8=B7=B3=E8=BF=87?= =?UTF-8?q?=E6=89=8B=E5=8A=A8=E8=BE=93=E5=85=A5=E5=AF=86=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/jumpserver/conf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index b76dac415..f7f35c215 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -395,7 +395,7 @@ defaults = { 'FLOWER_URL': "127.0.0.1:5555", 'DEFAULT_ORG_SHOW_ALL_USERS': True, 'PERIOD_TASK_ENABLED': True, - 'WINDOWS_SKIP_ALL_MANUAL_PASSWORD': True, + 'WINDOWS_SKIP_ALL_MANUAL_PASSWORD': False, }