Merge pull request #13236 from jumpserver/dev

v3.10.10-lts

apps/terminal/api/component/terminal.py

@@ -1,26 +1,24 @@
 # -*- coding: utf-8 -*-
 #
 import logging
-
-from django.conf import settings
 from django.db.models import Q
+from django.conf import settings
 from django.utils.translation import gettext_lazy as _
-from django_filters import rest_framework as filters
 from rest_framework import generics
 from rest_framework import status
 from rest_framework.views import APIView, Response
+from django_filters import rest_framework as filters
 
-from common.api import JMSBulkModelViewSet
 from common.drf.filters import BaseFilterSet
+from common.api import JMSBulkModelViewSet
 from common.exceptions import JMSException
-from common.permissions import WithBootstrapToken, IsServiceAccount
+from common.permissions import WithBootstrapToken
-from jumpserver.conf import ConfigCrypto
 from terminal import serializers
 from terminal.models import Terminal
 
 __all__ = [
     'TerminalViewSet', 'TerminalConfig',
-    'TerminalRegistrationApi', 'EncryptedTerminalConfig'
+    'TerminalRegistrationApi',
 ]
 logger = logging.getLogger(__file__)
 
@@ -91,17 +89,3 @@ class TerminalRegistrationApi(generics.CreateAPIView):
             return Response(data=data, status=status.HTTP_400_BAD_REQUEST)
         return super().create(request, *args, **kwargs)
 
-
-class EncryptedTerminalConfig(generics.CreateAPIView):
-    serializer_class = serializers.EncryptedConfigSerializer
-    permission_classes = [IsServiceAccount]
-    http_method_names = ['post']
-
-    def post(self, request, *args, **kwargs):
-        serializer = self.serializer_class(data=request.data)
-        serializer.is_valid(raise_exception=True)
-        encrypt_key = serializer.validated_data['secret_encrypt_key']
-        encrypted_value = serializer.validated_data['encrypted_value']
-        config_crypto = ConfigCrypto(encrypt_key)
-        value = config_crypto.decrypt(encrypted_value)
-        return Response(data={'value': value}, status=200)

apps/terminal/connect_methods.py

@@ -253,9 +253,8 @@ class ConnectMethodUtil:
     def _filter_disable_protocols_connect_methods(cls, methods):
         # 过滤一些特殊的协议方式
         if not getattr(settings, 'TERMINAL_KOKO_SSH_ENABLED'):
-            disable_ssh_client_protocols = [Protocol.ssh, Protocol.sftp, Protocol.telnet]
+            protocol = Protocol.ssh
-            for protocol in disable_ssh_client_protocols:
+            methods[protocol] = [m for m in methods[protocol] if m['type'] != 'native']
-                methods[protocol] = [m for m in methods[protocol] if m['type'] != 'native']
         return methods
 
     @classmethod

apps/terminal/serializers/terminal.py

@@ -147,8 +147,3 @@ class ConnectMethodSerializer(serializers.Serializer):
     type = serializers.CharField(max_length=128)
     endpoint_protocol = serializers.CharField(max_length=128)
     component = serializers.CharField(max_length=128)
-
-
-class EncryptedConfigSerializer(serializers.Serializer):
-    secret_encrypt_key = serializers.CharField(max_length=128)
-    encrypted_value = serializers.CharField(max_length=128)

apps/terminal/urls/api_urls.py

@@ -54,7 +54,6 @@ urlpatterns = [
     # components
     path('components/metrics/', api.ComponentsMetricsAPIView.as_view(), name='components-metrics'),
     path('components/connect-methods/', api.ConnectMethodListApi.as_view(), name='connect-methods'),
-    path('encrypted-config/', api.EncryptedTerminalConfig.as_view(), name='encrypted-terminal-config'),
 ]
 
 urlpatterns += router.urls