mirror of
https://github.com/jumpserver/jumpserver.git
synced 2025-05-13 10:36:31 +00:00
3f4141ca0b
* perf: change i18n
* perf: pam
* perf: change translate
* perf: add check account
* perf: add date field
* perf: add account filter
* perf: remove some js
* perf: add account status action
* perf: update pam
* perf: 修改 discover account
* perf: update filter
* perf: update gathered account
* perf: 修改账号同步
* perf: squash migrations
* perf: update pam
* perf: change i18n
* perf: update account risk
* perf: 更新风险发现
* perf: remove css
* perf: Admin connection token
* perf: Add a switch to check connectivity after changing the password, and add a custom ssh command for push tasks
* perf: Modify account migration files
* perf: update pam
* perf: remove to check account dir
* perf: Admin connection token
* perf: update check account
* perf: 优化发送结果
* perf: update pam
* perf: update bulk update create
* perf: prepaire using thread timer for bulk_create_decorator
* perf: update bulk create decorator
* perf: 优化 playbook manager
* perf: 优化收集账号的报表
* perf: Update poetry
* perf: Update Dockerfile with new base image tag
* fix: Account migrate 0012 file
* perf: 修改备份
* perf: update pam
* fix: Expand resource_type filter to include raw type
* feat: PAM Service (#14552)
* feat: PAM Service
* perf: import package name
---------
Co-authored-by: jiangweidong <1053570670@qq.com>
* perf: Change secret dashboard (#14551)
Co-authored-by: feng <1304903146@qq.com>
* perf: update migrations
* perf: 修改支持 pam
* perf: Change secret record table dashboard
* perf: update status
* fix: Automation send report
* perf: Change secret report
* feat: windows accounts gather
* perf: update change status
* perf: Account backup
* perf: Account backup report
* perf: Account migrate
* perf: update service to application
* perf: update migrations
* perf: update logo
* feat: oracle accounts gather (#14571)
* feat: oracle accounts gather
* feat: sqlserver accounts gather
* feat: postgresql accounts gather
* feat: mysql accounts gather
---------
Co-authored-by: wangruidong <940853815@qq.com>
* feat: mongodb accounts gather
* perf: Change secret
* perf: Migrate
* perf: Merge conflicting migration files
* perf: Change secret
* perf: Automation filter org
* perf: Account push
* perf: Random secret string
* perf: Enhance SQL query and update risk handling in accounts
* perf: Ticket filter assignee_id
* perf: 修改 account remote
* perf: 修改一些 adhoc 任务
* perf: Change secret
* perf: Remove push account extra api
* perf: update status
* perf: The entire organization can view activity log
* fix: risk field check
* perf: add account details api
* perf: add demo mode
* perf: Delete gather_account
* perf: Perfect solution to account version problem
* perf: Update status action to handle multiple accounts
* perf: Add GatherAccountDetailField and update serializers
* perf: Display account history in combination with password change records
* perf: Lina translate
* fix: Update mysql_filter to handle nested user info
* perf: Admin connection token validate_permission account
* perf: copy move account
* perf: account filter risk
* perf: account risk filter
* perf: Copy move account failed message
* fix: gather account sync account to asset
* perf: Pam dashboard
* perf: Account dashboard total accounts
* perf: Pam dashboard
* perf: Change secret filter account secret_reset
* perf: 修改 risk filter
* perf: pam translate
* feat: Check for leaked duplicate passwords. (#14711)
* feat: Check for leaked duplicate passwords.
* perf: Use SQLite instead of txt as leak password database
---------
Co-authored-by: jiangweidong <1053570670@qq.com>
Co-authored-by: 老广 <ibuler@qq.com>
* perf: merge with remote
* perf: Add risk change_password_add handle
* perf: Pam dashboard
* perf: check account manager import
* perf: 重构扫描
* perf: 修改 db
* perf: Gather account manager
* perf: update change db lib
* perf: dashboard
* perf: Account gather
* perf: 修改 asset get queryset
* perf: automation report
* perf: Pam account
* perf: Pam dashboard api
* perf: risk add account
* perf: 修改 risk check
* perf: Risk account
* perf: update risk add reopen action
* perf: add pylintrc
* Revert "perf: automation report"
This reverts commit 22aee54207.
* perf: check account engine
* perf: Perf: Optimism Gather Report Style
* Perf: Remove unuser actions
* Perf: Perf push account
* perf: perf gather account
* perf: Automation report
* perf: Push account recorder
* perf: Push account record
* perf: Pam dashboard
* perf: perf
* perf: update intergration
* perf: integrations application detail add account tab page
* feat: Custom change password supports configuration of interactive items
* perf: Go and Python demo code
* perf: Custom secret change
* perf: add user filter
* perf: translate
* perf: Add demo code docs
* perf: update some i18n
* perf: update some i18n
* perf: Add Java, Node, Go, and cURL demo code
* perf: Translate
* perf: Change secret translate
* perf: Translate
* perf: update some i18n
* perf: translate
* perf: Ansible playbook
* perf: update some choice
* perf: update some choice
* perf: update account serializer remote unused code
* perf: conflict
* perf: update import
---------
Co-authored-by: ibuler <ibuler@qq.com>
Co-authored-by: feng <1304903146@qq.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: wangruidong <940853815@qq.com>
Co-authored-by: jiangweidong <1053570670@qq.com>
Co-authored-by: feng626 <57284900+feng626@users.noreply.github.com>
Co-authored-by: zhaojisen <1301338853@qq.com>
315 lines
11 KiB
Python
315 lines
11 KiB
Python
import os
|
|
import uuid
|
|
from datetime import timedelta
|
|
from importlib import import_module
|
|
|
|
from django.conf import settings
|
|
from django.core.cache import caches
|
|
from django.db import models
|
|
from django.db.models import Q
|
|
from django.utils import timezone
|
|
from django.utils.translation import gettext, gettext_lazy as _
|
|
|
|
from common.db.encoder import ModelJSONFieldEncoder
|
|
from common.sessions.cache import user_session_manager
|
|
from common.utils import lazyproperty, i18n_trans
|
|
from ops.models import JobExecution
|
|
from orgs.mixins.models import OrgModelMixin, Organization
|
|
from orgs.utils import current_org
|
|
from terminal.models import default_storage
|
|
from .const import (
|
|
OperateChoices,
|
|
ActionChoices,
|
|
ActivityChoices,
|
|
LoginTypeChoices,
|
|
MFAChoices,
|
|
LoginStatusChoices,
|
|
)
|
|
|
|
__all__ = [
|
|
"JobLog",
|
|
"FTPLog",
|
|
"OperateLog",
|
|
"UserSession",
|
|
"ActivityLog",
|
|
"UserLoginLog",
|
|
"PasswordChangeLog",
|
|
"IntegrationApplicationLog",
|
|
]
|
|
|
|
|
|
class JobLog(JobExecution):
|
|
@property
|
|
def creator_name(self):
|
|
return self.creator.name
|
|
|
|
class Meta:
|
|
proxy = True
|
|
verbose_name = _("Job audit log")
|
|
|
|
|
|
class FTPLog(OrgModelMixin):
|
|
upload_to = 'FTP_FILES'
|
|
|
|
id = models.UUIDField(default=uuid.uuid4, primary_key=True)
|
|
user = models.CharField(max_length=128, verbose_name=_("User"))
|
|
remote_addr = models.CharField(
|
|
max_length=128, verbose_name=_("Remote addr"), blank=True, null=True
|
|
)
|
|
asset = models.CharField(max_length=1024, verbose_name=_("Asset"))
|
|
account = models.CharField(max_length=128, verbose_name=_("Account"))
|
|
operate = models.CharField(
|
|
max_length=16, verbose_name=_("Operate"), choices=OperateChoices.choices
|
|
)
|
|
filename = models.CharField(max_length=1024, verbose_name=_("Filename"))
|
|
is_success = models.BooleanField(default=True, verbose_name=_("Success"))
|
|
date_start = models.DateTimeField(auto_now_add=True, verbose_name=_("Date start"), db_index=True)
|
|
has_file = models.BooleanField(default=False, verbose_name=_("Can Download"))
|
|
session = models.CharField(max_length=36, verbose_name=_("Session"), default=uuid.uuid4)
|
|
|
|
class Meta:
|
|
verbose_name = _("File transfer log")
|
|
|
|
@property
|
|
def filepath(self):
|
|
return os.path.join(self.upload_to, self.date_start.strftime('%Y-%m-%d'), str(self.id))
|
|
|
|
def save_file_to_storage(self, file):
|
|
try:
|
|
name = default_storage.save(self.filepath, file)
|
|
except OSError as e:
|
|
return None, e
|
|
|
|
if settings.SERVER_REPLAY_STORAGE:
|
|
from .tasks import upload_ftp_file_to_external_storage
|
|
upload_ftp_file_to_external_storage.delay(str(self.id), file.name)
|
|
return name, None
|
|
|
|
|
|
class OperateLog(OrgModelMixin):
|
|
id = models.UUIDField(default=uuid.uuid4, primary_key=True)
|
|
user = models.CharField(max_length=128, verbose_name=_("User"))
|
|
action = models.CharField(
|
|
max_length=16, choices=ActionChoices.choices, verbose_name=_("Action")
|
|
)
|
|
resource_type = models.CharField(max_length=64, verbose_name=_("Resource Type"))
|
|
resource = models.CharField(max_length=128, verbose_name=_("Resource"))
|
|
resource_id = models.CharField(
|
|
max_length=128, blank=True, default='', db_index=True,
|
|
verbose_name=_("Resource")
|
|
)
|
|
remote_addr = models.CharField(max_length=128, verbose_name=_("Remote addr"), blank=True, null=True)
|
|
datetime = models.DateTimeField(auto_now=True, verbose_name=_('Datetime'), db_index=True)
|
|
diff = models.JSONField(default=dict, encoder=ModelJSONFieldEncoder, null=True)
|
|
|
|
def __str__(self):
|
|
return "<{}> {} <{}>".format(self.user, self.action, self.resource)
|
|
|
|
@lazyproperty
|
|
def resource_type_display(self):
|
|
return gettext(self.resource_type)
|
|
|
|
def save(self, *args, **kwargs):
|
|
if current_org.is_root() and not self.org_id:
|
|
self.org_id = Organization.ROOT_ID
|
|
return super(OperateLog, self).save(*args, **kwargs)
|
|
|
|
@classmethod
|
|
def from_dict(cls, d):
|
|
self = cls()
|
|
for k, v in d.items():
|
|
setattr(self, k, v)
|
|
return self
|
|
|
|
@classmethod
|
|
def from_multi_dict(cls, l):
|
|
operate_logs = []
|
|
for d in l:
|
|
operate_log = cls.from_dict(d)
|
|
operate_logs.append(operate_log)
|
|
return operate_logs
|
|
|
|
class Meta:
|
|
verbose_name = _("Operate log")
|
|
ordering = ('-datetime',)
|
|
|
|
|
|
class ActivityLog(OrgModelMixin):
|
|
id = models.UUIDField(default=uuid.uuid4, primary_key=True)
|
|
type = models.CharField(
|
|
choices=ActivityChoices.choices, max_length=2,
|
|
null=True, default=None, verbose_name=_("Activity type"),
|
|
)
|
|
resource_id = models.CharField(
|
|
max_length=36, blank=True, default='',
|
|
db_index=True, verbose_name=_("Resource")
|
|
)
|
|
datetime = models.DateTimeField(
|
|
auto_now=True, verbose_name=_('Datetime'), db_index=True
|
|
)
|
|
# 日志的描述信息
|
|
detail = models.TextField(default='', blank=True, verbose_name=_('Detail'))
|
|
# 详情ID, 结合 type 来使用, (实例ID 和 CeleryTaskID)
|
|
detail_id = models.CharField(
|
|
max_length=36, default=None, null=True, verbose_name=_('Detail ID')
|
|
)
|
|
|
|
class Meta:
|
|
verbose_name = _("Activity log")
|
|
ordering = ('-datetime',)
|
|
|
|
def __str__(self):
|
|
detail = i18n_trans(self.detail)
|
|
return "{} {}".format(detail, self.resource_id)
|
|
|
|
def save(self, *args, **kwargs):
|
|
if current_org.is_root() and not self.org_id:
|
|
self.org_id = Organization.ROOT_ID
|
|
return super(ActivityLog, self).save(*args, **kwargs)
|
|
|
|
|
|
class PasswordChangeLog(models.Model):
|
|
id = models.UUIDField(default=uuid.uuid4, primary_key=True)
|
|
user = models.CharField(max_length=128, verbose_name=_("User"))
|
|
change_by = models.CharField(max_length=128, verbose_name=_("Change by"))
|
|
remote_addr = models.CharField(
|
|
max_length=128, verbose_name=_("Remote addr"), blank=True, null=True
|
|
)
|
|
datetime = models.DateTimeField(auto_now=True, verbose_name=_("Datetime"))
|
|
|
|
def __str__(self):
|
|
return "{} change {}'s password".format(self.change_by, self.user)
|
|
|
|
class Meta:
|
|
verbose_name = _("Password change log")
|
|
|
|
|
|
class UserLoginLog(models.Model):
|
|
id = models.UUIDField(default=uuid.uuid4, primary_key=True)
|
|
username = models.CharField(max_length=128, verbose_name=_("Username"))
|
|
type = models.CharField(
|
|
choices=LoginTypeChoices.choices, max_length=2, verbose_name=_("Login type")
|
|
)
|
|
ip = models.GenericIPAddressField(verbose_name=_("Login IP"))
|
|
city = models.CharField(
|
|
max_length=254, blank=True, null=True, verbose_name=_("Login city")
|
|
)
|
|
user_agent = models.CharField(
|
|
max_length=254, blank=True, null=True, verbose_name=_("User agent")
|
|
)
|
|
mfa = models.SmallIntegerField(
|
|
default=MFAChoices.unknown, choices=MFAChoices.choices, verbose_name=_("MFA")
|
|
)
|
|
reason = models.CharField(
|
|
default="", max_length=128, blank=True, verbose_name=_("Reason")
|
|
)
|
|
status = models.BooleanField(
|
|
default=LoginStatusChoices.success,
|
|
choices=LoginStatusChoices.choices,
|
|
verbose_name=_("Status"),
|
|
)
|
|
datetime = models.DateTimeField(default=timezone.now, verbose_name=_("Login Date"), db_index=True)
|
|
backend = models.CharField(
|
|
max_length=32, default="", verbose_name=_("Auth backend")
|
|
)
|
|
|
|
def __str__(self):
|
|
return '%s(%s)' % (self.username, self.city)
|
|
|
|
@property
|
|
def backend_display(self):
|
|
return gettext(self.backend)
|
|
|
|
@classmethod
|
|
def get_login_logs(cls, date_from=None, date_to=None, user=None, keyword=None):
|
|
login_logs = cls.objects.all()
|
|
if date_from and date_to:
|
|
date_from = "{} {}".format(date_from, "00:00:00")
|
|
date_to = "{} {}".format(date_to, "23:59:59")
|
|
login_logs = login_logs.filter(
|
|
datetime__gte=date_from, datetime__lte=date_to
|
|
)
|
|
if user:
|
|
login_logs = login_logs.filter(username=user)
|
|
if keyword:
|
|
login_logs = login_logs.filter(
|
|
Q(ip__contains=keyword)
|
|
| Q(city__contains=keyword)
|
|
| Q(username__contains=keyword)
|
|
)
|
|
if not current_org.is_root():
|
|
username_list = current_org.get_members().values_list("username", flat=True)
|
|
login_logs = login_logs.filter(username__in=username_list)
|
|
return login_logs
|
|
|
|
@property
|
|
def reason_display(self):
|
|
from authentication.errors import reason_choices, old_reason_choices
|
|
|
|
reason = reason_choices.get(self.reason)
|
|
if reason:
|
|
return reason
|
|
reason = old_reason_choices.get(self.reason, self.reason)
|
|
return reason
|
|
|
|
class Meta:
|
|
ordering = ["-datetime", "username"]
|
|
verbose_name = _("User login log")
|
|
|
|
|
|
class UserSession(models.Model):
|
|
_OPERATE_LOG_ACTION = {'delete': ActionChoices.finished}
|
|
|
|
id = models.UUIDField(default=uuid.uuid4, primary_key=True)
|
|
ip = models.GenericIPAddressField(verbose_name=_("Login IP"))
|
|
key = models.CharField(max_length=128, verbose_name=_("Session key"))
|
|
city = models.CharField(max_length=254, blank=True, null=True, verbose_name=_("Login city"))
|
|
user_agent = models.CharField(max_length=254, blank=True, null=True, verbose_name=_("User agent"))
|
|
type = models.CharField(choices=LoginTypeChoices.choices, max_length=2, verbose_name=_("Login type"))
|
|
backend = models.CharField(max_length=32, default="", verbose_name=_("Auth backend"))
|
|
date_created = models.DateTimeField(null=True, blank=True, verbose_name=_('Login date'))
|
|
user = models.ForeignKey(
|
|
'users.User', verbose_name=_('User'), related_name='sessions', on_delete=models.CASCADE
|
|
)
|
|
|
|
def __str__(self):
|
|
return '%s(%s)' % (self.user, self.ip)
|
|
|
|
@property
|
|
def backend_display(self):
|
|
return gettext(self.backend)
|
|
|
|
@property
|
|
def is_active(self):
|
|
return user_session_manager.check_active(self.key)
|
|
|
|
@property
|
|
def date_expired(self):
|
|
session_store_cls = import_module(settings.SESSION_ENGINE).SessionStore
|
|
session_store = session_store_cls(session_key=self.key)
|
|
cache_key = session_store.cache_key
|
|
ttl = caches[settings.SESSION_CACHE_ALIAS].ttl(cache_key)
|
|
return timezone.now() + timedelta(seconds=ttl)
|
|
|
|
@classmethod
|
|
def clear_expired_sessions(cls):
|
|
keys = user_session_manager.get_keys()
|
|
cls.objects.exclude(key__in=keys).delete()
|
|
|
|
class Meta:
|
|
ordering = ['-date_created']
|
|
verbose_name = _('User session')
|
|
permissions = [
|
|
('offline_usersession', _('Offline user session')),
|
|
]
|
|
|
|
|
|
class IntegrationApplicationLog(models.Model):
|
|
id = models.UUIDField(default=uuid.uuid4, primary_key=True)
|
|
remote_addr = models.GenericIPAddressField(verbose_name=_("Remote addr"))
|
|
service = models.CharField(max_length=128, verbose_name=_("Application"))
|
|
service_id = models.UUIDField(verbose_name=_("Application ID"))
|
|
asset = models.CharField(max_length=128, verbose_name=_("Asset"))
|
|
account = models.CharField(max_length=128, verbose_name=_("Account"))
|
|
datetime = models.DateTimeField(auto_now=True, verbose_name=_("Datetime"))
|