mirror of
https://github.com/jumpserver/jumpserver.git
synced 2025-12-21 03:26:03 +00:00
Compare commits
7 Commits
v3.10.19
...
rdp-patch-
| Author | SHA1 | Date | |
|---|---|---|---|
|
ab777aeb18 | ||
|
a497b3cf94 | ||
|
|
8548b73063 | ||
|
|
182320f492 | ||
|
|
40d326d6a6 | ||
|
b87554f9db | ||
|
3c255f9fa6 |
@@ -66,6 +66,8 @@ class RDPFileClientProtocolURLMixin:
|
||||
'autoreconnection enabled:i': '1',
|
||||
'bookmarktype:i': '3',
|
||||
'use redirection server name:i': '0',
|
||||
'bitmapcachepersistenable:i': '0',
|
||||
'bitmapcachesize:i': '1500',
|
||||
}
|
||||
# 设置多屏显示
|
||||
multi_mon = is_true(self.request.query_params.get('multi_mon'))
|
||||
@@ -472,6 +474,8 @@ class SuperConnectionTokenViewSet(ConnectionTokenViewSet):
|
||||
rbac_perms = {
|
||||
'create': 'authentication.add_superconnectiontoken',
|
||||
'renewal': 'authentication.add_superconnectiontoken',
|
||||
'list': 'authentication.view_superconnectiontoken',
|
||||
'retrieve': 'authentication.view_superconnectiontoken',
|
||||
'get_secret_detail': 'authentication.view_superconnectiontokensecret',
|
||||
'get_applet_info': 'authentication.view_superconnectiontoken',
|
||||
'release_applet_account': 'authentication.view_superconnectiontoken',
|
||||
@@ -479,7 +483,12 @@ class SuperConnectionTokenViewSet(ConnectionTokenViewSet):
|
||||
}
|
||||
|
||||
def get_queryset(self):
|
||||
return ConnectionToken.objects.all()
|
||||
return ConnectionToken.objects.none()
|
||||
|
||||
def get_object(self):
|
||||
pk = self.kwargs.get(self.lookup_field)
|
||||
token = get_object_or_404(ConnectionToken, pk=pk)
|
||||
return token
|
||||
|
||||
def get_user(self, serializer):
|
||||
return serializer.validated_data.get('user')
|
||||
|
||||
@@ -128,7 +128,7 @@ class SignatureAuthentication(signature.SignatureAuthentication):
|
||||
# example implementation:
|
||||
try:
|
||||
key = AccessKey.objects.get(id=key_id)
|
||||
if not key.is_active:
|
||||
if not key.is_valid:
|
||||
return None, None
|
||||
user, secret = key.user, str(key.secret)
|
||||
after_authenticate_update_date(user, key)
|
||||
|
||||
@@ -36,7 +36,7 @@ class MFAMiddleware:
|
||||
# 这个是 mfa 登录页需要的请求, 也得放出来, 用户其实已经在 CAS/OIDC 中完成登录了
|
||||
white_urls = [
|
||||
'login/mfa', 'mfa/select', 'jsi18n/', '/static/',
|
||||
'/profile/otp', '/logout/',
|
||||
'/profile/otp', '/logout/', '/media/'
|
||||
]
|
||||
for url in white_urls:
|
||||
if request.path.find(url) > -1:
|
||||
|
||||
@@ -26,6 +26,10 @@ class AccessKey(models.Model):
|
||||
date_last_used = models.DateTimeField(null=True, blank=True, verbose_name=_('Date last used'))
|
||||
date_created = models.DateTimeField(auto_now_add=True)
|
||||
|
||||
@property
|
||||
def is_valid(self):
|
||||
return self.is_active and self.user.is_valid
|
||||
|
||||
def get_id(self):
|
||||
return str(self.id)
|
||||
|
||||
|
||||
@@ -3,10 +3,10 @@
|
||||
import json
|
||||
import os
|
||||
import re
|
||||
import time
|
||||
from urllib.parse import urlparse, quote
|
||||
|
||||
import pytz
|
||||
import time
|
||||
from django.conf import settings
|
||||
from django.core.exceptions import MiddlewareNotUsed
|
||||
from django.http.response import HttpResponseForbidden
|
||||
@@ -162,9 +162,16 @@ class SafeRedirectMiddleware:
|
||||
target_host = parsed.netloc
|
||||
if target_host in [*settings.ALLOWED_HOSTS]:
|
||||
return response
|
||||
origin = f"{request.scheme}://{request.get_host()}"
|
||||
target_origin = f"{parsed.scheme}://{target_host}"
|
||||
if not target_origin.startswith(origin):
|
||||
target_host, target_port = self._split_host_port(parsed.netloc)
|
||||
origin_host, origin_port = self._split_host_port(request.get_host())
|
||||
if target_host != origin_host:
|
||||
safe_redirect_url = '%s?%s' % (reverse('redirect-confirm'), f'next={quote(location)}')
|
||||
return redirect(safe_redirect_url)
|
||||
return response
|
||||
|
||||
@staticmethod
|
||||
def _split_host_port(netloc):
|
||||
if ':' in netloc:
|
||||
host, port = netloc.split(':', 1)
|
||||
return host, port
|
||||
return netloc, '80'
|
||||
|
||||
30
apps/orgs/mixins/ws.py
Normal file
30
apps/orgs/mixins/ws.py
Normal file
@@ -0,0 +1,30 @@
|
||||
from http.cookies import SimpleCookie
|
||||
|
||||
from asgiref.sync import sync_to_async
|
||||
|
||||
from orgs.utils import tmp_to_org
|
||||
|
||||
|
||||
class OrgMixin:
|
||||
cookie = None
|
||||
org = None
|
||||
|
||||
def get_cookie(self):
|
||||
try:
|
||||
headers = self.scope['headers']
|
||||
headers_dict = {key.decode('utf-8'): value.decode('utf-8') for key, value in headers}
|
||||
cookie = SimpleCookie(headers_dict.get('cookie', ''))
|
||||
except Exception as e:
|
||||
cookie = SimpleCookie()
|
||||
return cookie
|
||||
|
||||
def get_current_org(self):
|
||||
oid = self.cookie.get('X-JMS-ORG')
|
||||
return oid.value if oid else None
|
||||
|
||||
@sync_to_async
|
||||
def has_perms(self, user, perms):
|
||||
self.cookie = self.get_cookie()
|
||||
self.org = self.get_current_org()
|
||||
with tmp_to_org(self.org):
|
||||
return user.has_perms(perms)
|
||||
@@ -1,21 +1,22 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
import json
|
||||
import asyncio
|
||||
import json
|
||||
|
||||
from channels.generic.websocket import AsyncJsonWebsocketConsumer
|
||||
from django.core.cache import cache
|
||||
from django.conf import settings
|
||||
from django.core.cache import cache
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
|
||||
from common.db.utils import close_old_connections
|
||||
from common.utils import get_logger
|
||||
from orgs.mixins.ws import OrgMixin
|
||||
from orgs.models import Organization
|
||||
from orgs.utils import current_org
|
||||
from settings.serializers import (
|
||||
LDAPTestConfigSerializer,
|
||||
LDAPTestLoginSerializer
|
||||
)
|
||||
from orgs.models import Organization
|
||||
from orgs.utils import current_org
|
||||
from settings.tasks import sync_ldap_user
|
||||
from settings.utils import (
|
||||
LDAPServerUtil, LDAPCacheUtil, LDAPImportUtil, LDAPSyncUtil,
|
||||
@@ -97,10 +98,10 @@ class ToolsWebsocket(AsyncJsonWebsocketConsumer):
|
||||
close_old_connections()
|
||||
|
||||
|
||||
class LdapWebsocket(AsyncJsonWebsocketConsumer):
|
||||
class LdapWebsocket(AsyncJsonWebsocketConsumer, OrgMixin):
|
||||
async def connect(self):
|
||||
user = self.scope["user"]
|
||||
if user.is_authenticated:
|
||||
if user.is_authenticated and await self.has_perms(user, ['settings.view_setting']):
|
||||
await self.accept()
|
||||
else:
|
||||
await self.close()
|
||||
@@ -133,7 +134,7 @@ class LdapWebsocket(AsyncJsonWebsocketConsumer):
|
||||
attr_map = serializer.validated_data["AUTH_LDAP_USER_ATTR_MAP"]
|
||||
auth_ldap = serializer.validated_data.get('AUTH_LDAP', False)
|
||||
|
||||
if not password:
|
||||
if not password and server_uri == settings.AUTH_LDAP_SERVER_URI:
|
||||
password = settings.AUTH_LDAP_BIND_PASSWORD
|
||||
|
||||
config = {
|
||||
|
||||
@@ -147,7 +147,7 @@ mistune = "2.0.3"
|
||||
openai = "^1.29.0"
|
||||
xlsxwriter = "^3.1.9"
|
||||
exchangelib = "^5.1.0"
|
||||
xmlsec = "1.3.13"
|
||||
xmlsec = "1.3.14"
|
||||
lxml = "5.2.1"
|
||||
receptorctl = "^1.4.5"
|
||||
pydantic = "^2.7.4"
|
||||
|
||||
Reference in New Issue
Block a user