fix: 系统用户的账号列表里修改密码后不能登录

apps/assets/models/base.py

@@ -67,7 +67,10 @@ class AuthMixin:
         if self.public_key:
             public_key = self.public_key
         elif self.private_key:
-            public_key = ssh_pubkey_gen(private_key=self.private_key, password=self.password)
+            try:
+                public_key = ssh_pubkey_gen(private_key=self.private_key, password=self.password)
+            except IOError as e:
+                return str(e)
         else:
             return ''
 

apps/assets/models/domain.py

@@ -10,7 +10,6 @@ from django.db import models
 from django.db.models import TextChoices
 from django.utils.translation import ugettext_lazy as _
 
-from common.utils.strings import no_special_chars
 from orgs.mixins.models import OrgModelMixin
 from .base import BaseUser
 
@@ -64,8 +63,6 @@ class Gateway(BaseUser):
     def test_connective(self, local_port=None):
         if local_port is None:
             local_port = self.port
-        if self.password and not no_special_chars(self.password):
-            return False, _("Password should not contains special characters")
 
         client = paramiko.SSHClient()
         client.set_missing_host_key_policy(paramiko.AutoAddPolicy())

apps/assets/serializers/account.py

@@ -25,6 +25,7 @@ class AccountSerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer):
             'private_key': {'write_only': True},
             'public_key': {'write_only': True},
         }
+        ref_name = 'AssetAccountSerializer'
 
     @classmethod
     def setup_eager_loading(cls, queryset):

apps/assets/serializers/domain.py

@@ -4,7 +4,6 @@ from rest_framework import serializers
 from django.utils.translation import ugettext_lazy as _
 
 from orgs.mixins.serializers import BulkOrgResourceModelSerializer
-from common.validators import NoSpecialChars
 from ..models import Domain, Gateway
 from .base import AuthSerializerMixin
 
@@ -58,7 +57,7 @@ class GatewaySerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer):
         fields_fk = ['domain']
         fields = fields_small + fields_fk
         extra_kwargs = {
-            'password': {'write_only': True, 'validators': [NoSpecialChars()]},
+            'password': {'write_only': True},
             'private_key': {"write_only": True},
             'public_key': {"write_only": True},
         }
@@ -67,7 +66,7 @@ class GatewaySerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer):
 class GatewayWithAuthSerializer(GatewaySerializer):
     class Meta(GatewaySerializer.Meta):
         extra_kwargs = {
-            'password': {'write_only': False, 'validators': [NoSpecialChars()]},
+            'password': {'write_only': False},
             'private_key': {"write_only": False},
             'public_key': {"write_only": False},
         }

apps/assets/tasks/push_system_user.py

@@ -4,7 +4,7 @@ from itertools import groupby
 from celery import shared_task
 from common.db.utils import get_object_if_need, get_objects
 from django.utils.translation import ugettext as _
-from django.db.models import Empty
+from django.db.models import Empty, Q
 
 from common.utils import encrypt_password, get_logger
 from assets.models import SystemUser, Asset, AuthBook
@@ -238,9 +238,12 @@ def push_system_user_util(system_user, assets, task_name, username=None):
         no_special_auth = []
         special_auth_set = set()
 
-        auth_books = AuthBook.objects.filter(username__in=usernames, asset_id__in=asset_ids)
+        auth_books = AuthBook.objects.filter(asset_id__in=asset_ids).filter(
+            Q(username__in=usernames) | Q(systemuser__username__in=usernames)
+        ).prefetch_related('systemuser')
 
         for auth_book in auth_books:
+            auth_book.load_auth()
             special_auth_set.add((auth_book.username, auth_book.asset_id))
 
         for _username in usernames:

apps/authentication/api/connection_token.py

@@ -97,10 +97,10 @@ class UserConnectionTokenViewSet(RootOrgViewMixin, SerializerMixin, GenericViewS
         options = {
             'full address:s': '',
             'username:s': '',
-            'screen mode id:i': '0',
+            'screen mode id:i': '1',
             # 'desktopwidth:i': '1280',
             # 'desktopheight:i': '800',
-            'use multimon:i': '1',
+            'use multimon:i': '0',
             'session bpp:i': '32',
             'audiomode:i': '0',
             'disable wallpaper:i': '0',

apps/locale/zh/LC_MESSAGES/django.po

@@ -412,7 +412,7 @@ msgstr "激活"
 #: assets/models/user.py:190 assets/models/user.py:325 templates/_nav.html:44
 #: xpack/plugins/cloud/models.py:92 xpack/plugins/cloud/serializers.py:179
 msgid "Admin user"
-msgstr "管理用户"
+msgstr "特权用户"
 
 #: assets/models/asset.py:196
 msgid "Public IP"
@@ -652,8 +652,8 @@ msgid "Gateway"
 msgstr "网关"
 
 #: assets/models/domain.py:68
-msgid "Password should not contains special characters"
-msgstr "密码不能包含特殊字符"
+msgid "Password cannot be empty"
+msgstr "密码不能为空"
 
 #: assets/models/gathered_user.py:16
 msgid "Present"
@@ -805,7 +805,7 @@ msgstr "组织名称"
 
 #: assets/serializers/asset.py:98
 msgid "Admin user display"
-msgstr "管理用户名称"
+msgstr "特权用户名称"
 
 #: assets/serializers/base.py:41
 msgid "private key invalid"

apps/locale/zh/LC_MESSAGES/djangojs.po

@@ -73,7 +73,7 @@ msgid ""
 "User list、User group、Asset list、Domain list、Admin user、System user、"
 "Labels、Asset permission"
 msgstr ""
-"用户列表、用户组、资产列表、网域列表、管理用户、系统用户、标签管理、资产授权"
+"用户列表、用户组、资产列表、网域列表、特权用户、系统用户、标签管理、资产授权"
 "规则"
 
 #: static/js/jumpserver.js:416

apps/terminal/backends/command/es.py

@@ -11,7 +11,7 @@ from django.utils.translation import gettext_lazy as _
 from django.db.models import QuerySet as DJQuerySet
 from elasticsearch import Elasticsearch
 from elasticsearch.helpers import bulk
-from elasticsearch.exceptions import RequestError
+from elasticsearch.exceptions import RequestError, NotFoundError
 
 from common.utils.common import lazyproperty
 from common.utils import get_logger
@@ -33,12 +33,43 @@ class CommandStore():
         kwargs = config.get("OTHER", {})
         self.index = config.get("INDEX") or 'jumpserver'
         self.doc_type = config.get("DOC_TYPE") or 'command_store'
+        self.exact_fields = {}
+        self.match_fields = {}
 
         ignore_verify_certs = kwargs.pop('IGNORE_VERIFY_CERTS', False)
         if ignore_verify_certs:
             kwargs['verify_certs'] = None
         self.es = Elasticsearch(hosts=hosts, max_retries=0, **kwargs)
 
+        self.exact_fields = set()
+        self.match_fields = {'input', 'risk_level', 'user', 'asset', 'system_user'}
+        may_exact_fields = {'session', 'org_id'}
+
+        if self.is_new_index_type():
+            self.exact_fields.update(may_exact_fields)
+            self.doc_type = '_doc'
+        else:
+            self.match_fields.update(may_exact_fields)
+
+    def is_new_index_type(self):
+        if not self.ping(timeout=3):
+            return False
+
+        try:
+            # 获取索引信息，如果没有定义，直接返回
+            data = self.es.indices.get_mapping(self.index)
+        except NotFoundError:
+            return False
+
+        try:
+            # 检测索引是不是新的类型
+            properties = data[self.index]['mappings']['properties']
+            if properties['session']['type'] == 'keyword' \
+                    and properties['org_id']['type'] == 'keyword':
+                return True
+        except KeyError:
+            return False
+
     def pre_use_check(self):
         if not self.ping(timeout=3):
             raise InvalidElasticsearch
@@ -110,15 +141,14 @@ class CommandStore():
         except Exception:
             return False
 
-    @staticmethod
-    def get_query_body(**kwargs):
+    def get_query_body(self, **kwargs):
         new_kwargs = {}
         for k, v in kwargs.items():
             new_kwargs[k] = str(v) if isinstance(v, UUID) else v
         kwargs = new_kwargs
 
-        exact_fields = {}
-        match_fields = {'session', 'input', 'org_id', 'risk_level', 'user', 'asset', 'system_user'}
+        exact_fields = self.exact_fields
+        match_fields = self.match_fields
 
         match = {}
         exact = {}

apps/terminal/serializers/storage.py

@@ -153,7 +153,7 @@ class CommandStorageTypeESSerializer(serializers.Serializer):
     INDEX = serializers.CharField(
         max_length=1024, default='jumpserver', label=_('Index'), allow_null=True
     )
-    DOC_TYPE = ReadableHiddenField(default='command', label=_('Doc type'), allow_null=True)
+    DOC_TYPE = ReadableHiddenField(default='_doc', label=_('Doc type'), allow_null=True)
     IGNORE_VERIFY_CERTS = serializers.BooleanField(
         default=False, label=_('Ignore Certificate Verification'),
         source='OTHER.IGNORE_VERIFY_CERTS', allow_null=True,

apps/tickets/serializers/ticket/meta/ticket_type/apply_application.py

@@ -146,7 +146,7 @@ class ApplyApplicationSerializer(ApplySerializer, ApproveSerializer):
         queries &= Q(type=apply_type)
 
         with tmp_to_org(self.root.instance.org_id):
-            application_ids = Application.objects.filter(queries).values_list('id', flat=True)[:5]
+            application_ids = Application.objects.filter(queries).values_list('id', flat=True)[:15]
             application_ids = [str(application_id) for application_id in application_ids]
             return application_ids
 

apps/tickets/serializers/ticket/meta/ticket_type/apply_asset.py

@@ -144,7 +144,7 @@ class ApplyAssetSerializer(ApplySerializer, ApproveSerializer):
         if not queries:
             return []
         with tmp_to_org(self.root.instance.org_id):
-            asset_ids = Asset.objects.filter(queries).values_list('id', flat=True)[:5]
+            asset_ids = Asset.objects.filter(queries).values_list('id', flat=True)[:100]
             asset_ids = [str(asset_id) for asset_id in asset_ids]
             return asset_ids