mirror of
https://github.com/jumpserver/jumpserver.git
synced 2025-10-22 16:31:33 +00:00
1fd2e782f8
* [Update] 暂存,优化解决不了问题 * [Update] 待续(小白) * [Update] 修改asset user * [Update] 计划再次更改 * [Update] 修改asset user * [Update] 暂存与喜爱 * [Update] Add id in * [Update] 阶段性完成ops task该做 * [Update] 修改asset user api * [Update] 修改asset user 任务,查看认证等 * [Update] 基本完成asset user改造 * [Update] dynamic user only allow 1 * [Update] 修改asset user task * [Update] 修改node admin user task api * [Update] remove file header license * [Update] 添加sftp root * [Update] 暂存 * [Update] 暂存 * [Update] 修改翻译 * [Update] 修改系统用户改为同名后,用户名改为空 * [Update] 基本完成CAS调研 * [Update] 支持cas server * [Update] 支持cas server * [Update] 添加requirements * [Update] 为方便调试添加mysql ipython到包中 * [Update] 添加huaweiyun翻译 * [Update] 增加下载session 录像 * [Update] 只有第一次通知replay离线的使用方法 * [Update] 暂存一下 * [Bugfix] 获取系统用户信息报错 * [Bugfix] 修改system user info * [Update] 改成清理10天git status * [Update] 修改celery日志保留时间 * [Update]修复部分pip包依赖的版本不兼容问题 (#3672) * [Update] 修复用户更新页面会清空用户public_key的问题 * Fix broken dependencies Co-authored-by: BaiJiangJie <32935519+BaiJiangJie@users.noreply.github.com> * [Update] 修改获取系统用户auth info * [Update] Remove log * [Bugfix] 修复sftp home设置的bug * [Update] 授权的系统用户添加sftp root * [Update] 修改系统用户关联的用户 * [Update] 修改placeholder * [Update] 优化获取授权的系统用户 * [Update] 修改tasks * [Update] tree service update * [Update] 暂存 * [Update] 基本完成用户授权树和资产树改造 * [Update] Dashbaord perf * [update] Add huawei cloud sdk requirements * [Updte] 优化dashboard页面 * [Update] system user auth info 添加id * [Update] 修改系统用户serializer * [Update] 优化api * [Update] LDAP Test Util (#3720) * [Update] LDAPTestUtil 1 * [Update] LDAPTestUtil 2 * [Update] LDAPTestUtil 3 * [Update] LDAPTestUtil 4 * [Update] LDAPTestUtil 5 * [Update] LDAPTestUtil 6 * [Update] LDAPTestUtil 7 * [Update] session 已添加is success,并且添加display serializer * [Bugfix] 修复无法删除空节点的bug * [Update] 命令记录分组织显示 * [Update] Session is_success 添加迁移文件 * [Update] 批量命令添加org_id * [Update] 修复一些文案,修改不绑定MFA,不能ssh登录 * [Update] 修改replay api, 返回session信息 * [Update] 解决无效es导致访问命令记录页面失败的问题 * [Update] 拆分profile view * [Update] 修改一个翻译 * [Update] 修改aysnc api框架 * [Update] 命令列表添加risk level * [Update] 完成录像打包下载 * [Update] 更改登陆otp页面 * [Update] 修改command 存储redis_level * [Update] 修改翻译 * [Update] 修改系统用户的用户列表字段 * [Update] 使用新logo和统一Jumpserver为JumpServer * [Update] 优化cloud task * [Update] 统一period task * [Update] 统一period form serializer字段 * [Update] 修改period task * [Update] 修改资产网关信息 * [Update] 用户授权资产树资产信息添加domain * [Update] 修改翻译 * [Update] 测试可连接性 * 1.5.7 bai (#3764) * [Update] 修复index页面Bug;修复测试资产用户可连接性问题; * [Update] 修改测试资产用户可连接 * [Bugfix] 修复backends问题 * [Update] 修改marksafe依赖版本 * [Update] 修改测试资产用户可连接性 * [Update] 修改检测服务器性能时获取percent值 * [Update] 更新依赖boto3=1.12.14 Co-authored-by: Yanzhe Lee <lee.yanzhe@yanzhe.org> Co-authored-by: BaiJiangJie <32935519+BaiJiangJie@users.noreply.github.com> Co-authored-by: Bai <bugatti_it@163.com>
623 lines
18 KiB
Python
623 lines
18 KiB
Python
#!/usr/bin/env python
|
|
# -*- coding: utf-8 -*-
|
|
#
|
|
import uuid
|
|
import base64
|
|
import string
|
|
import random
|
|
|
|
from django.conf import settings
|
|
from django.contrib.auth.hashers import make_password
|
|
from django.contrib.auth.models import AbstractUser
|
|
from django.core.cache import cache
|
|
from django.db import models
|
|
|
|
from django.utils.translation import ugettext_lazy as _
|
|
from django.utils import timezone
|
|
from django.shortcuts import reverse
|
|
|
|
from orgs.utils import current_org
|
|
from common.utils import signer, date_expired_default, get_logger, lazyproperty
|
|
from common import fields
|
|
from ..signals import post_user_change_password
|
|
|
|
|
|
__all__ = ['User']
|
|
|
|
logger = get_logger(__file__)
|
|
|
|
|
|
class AuthMixin:
|
|
@property
|
|
def password_raw(self):
|
|
raise AttributeError('Password raw is not a readable attribute')
|
|
|
|
#: Use this attr to set user object password, example
|
|
#: user = User(username='example', password_raw='password', ...)
|
|
#: It's equal:
|
|
#: user = User(username='example', ...)
|
|
#: user.set_password('password')
|
|
@password_raw.setter
|
|
def password_raw(self, password_raw_):
|
|
self.set_password(password_raw_)
|
|
|
|
def set_password(self, raw_password):
|
|
if self.can_update_password():
|
|
self.date_password_last_updated = timezone.now()
|
|
post_user_change_password.send(self.__class__, user=self)
|
|
super().set_password(raw_password)
|
|
|
|
def can_update_password(self):
|
|
return self.is_local
|
|
|
|
def can_update_ssh_key(self):
|
|
return self.can_use_ssh_key_login()
|
|
|
|
def can_use_ssh_key_login(self):
|
|
return settings.TERMINAL_PUBLIC_KEY_AUTH
|
|
|
|
def is_public_key_valid(self):
|
|
"""
|
|
Check if the user's ssh public key is valid.
|
|
This function is used in base.html.
|
|
"""
|
|
if self.public_key:
|
|
return True
|
|
return False
|
|
|
|
@property
|
|
def public_key_obj(self):
|
|
class PubKey(object):
|
|
def __getattr__(self, item):
|
|
return ''
|
|
|
|
if self.public_key:
|
|
import sshpubkeys
|
|
try:
|
|
return sshpubkeys.SSHKey(self.public_key)
|
|
except (TabError, TypeError):
|
|
pass
|
|
return PubKey()
|
|
|
|
def reset_password(self, new_password):
|
|
self.set_password(new_password)
|
|
self.save()
|
|
|
|
@property
|
|
def date_password_expired(self):
|
|
interval = settings.SECURITY_PASSWORD_EXPIRATION_TIME
|
|
date_expired = self.date_password_last_updated + timezone.timedelta(
|
|
days=int(interval))
|
|
return date_expired
|
|
|
|
@property
|
|
def password_expired_remain_days(self):
|
|
date_remain = self.date_password_expired - timezone.now()
|
|
return date_remain.days
|
|
|
|
@property
|
|
def password_has_expired(self):
|
|
if self.is_local and self.password_expired_remain_days < 0:
|
|
return True
|
|
return False
|
|
|
|
@property
|
|
def password_will_expired(self):
|
|
if self.is_local and 0 <= self.password_expired_remain_days < 5:
|
|
return True
|
|
return False
|
|
|
|
def get_login_confirm_setting(self):
|
|
if hasattr(self, 'login_confirm_setting'):
|
|
s = self.login_confirm_setting
|
|
if s.reviewers.all().count() and s.is_active:
|
|
return s
|
|
return False
|
|
|
|
@staticmethod
|
|
def get_public_key_body(key):
|
|
for i in key.split():
|
|
if len(i) > 256:
|
|
return i
|
|
return key
|
|
|
|
def check_public_key(self, key):
|
|
if not self.public_key:
|
|
return False
|
|
key = self.get_public_key_body(key)
|
|
key_saved = self.get_public_key_body(self.public_key)
|
|
if key == key_saved:
|
|
return True
|
|
else:
|
|
return False
|
|
|
|
|
|
class RoleMixin:
|
|
ROLE_ADMIN = 'Admin'
|
|
ROLE_USER = 'User'
|
|
ROLE_APP = 'App'
|
|
ROLE_AUDITOR = 'Auditor'
|
|
|
|
ROLE_CHOICES = (
|
|
(ROLE_ADMIN, _('Administrator')),
|
|
(ROLE_USER, _('User')),
|
|
(ROLE_APP, _('Application')),
|
|
(ROLE_AUDITOR, _("Auditor"))
|
|
)
|
|
role = ROLE_USER
|
|
|
|
@property
|
|
def role_display(self):
|
|
if not current_org.is_real():
|
|
return self.get_role_display()
|
|
roles = []
|
|
if self in current_org.get_org_admins():
|
|
roles.append(str(_('Org admin')))
|
|
if self in current_org.get_org_auditors():
|
|
roles.append(str(_('Org auditor')))
|
|
if self in current_org.get_org_users():
|
|
roles.append(str(_('User')))
|
|
return " | ".join(roles)
|
|
|
|
@property
|
|
def is_superuser(self):
|
|
if self.role == 'Admin':
|
|
return True
|
|
else:
|
|
return False
|
|
|
|
@is_superuser.setter
|
|
def is_superuser(self, value):
|
|
if value is True:
|
|
self.role = 'Admin'
|
|
else:
|
|
self.role = 'User'
|
|
|
|
@property
|
|
def is_super_auditor(self):
|
|
return self.role == 'Auditor'
|
|
|
|
@property
|
|
def is_common_user(self):
|
|
if self.is_org_admin:
|
|
return False
|
|
if self.is_org_auditor:
|
|
return False
|
|
if self.is_app:
|
|
return False
|
|
return True
|
|
|
|
@property
|
|
def is_app(self):
|
|
return self.role == 'App'
|
|
|
|
@lazyproperty
|
|
def user_orgs(self):
|
|
from orgs.models import Organization
|
|
return Organization.get_user_user_orgs(self)
|
|
|
|
@lazyproperty
|
|
def admin_orgs(self):
|
|
from orgs.models import Organization
|
|
return Organization.get_user_admin_orgs(self)
|
|
|
|
@lazyproperty
|
|
def audit_orgs(self):
|
|
from orgs.models import Organization
|
|
return Organization.get_user_audit_orgs(self)
|
|
|
|
@lazyproperty
|
|
def admin_or_audit_orgs(self):
|
|
from orgs.models import Organization
|
|
return Organization.get_user_admin_or_audit_orgs(self)
|
|
|
|
@lazyproperty
|
|
def is_org_admin(self):
|
|
if self.is_superuser or self.related_admin_orgs.exists():
|
|
return True
|
|
else:
|
|
return False
|
|
|
|
@lazyproperty
|
|
def is_org_auditor(self):
|
|
if self.is_super_auditor or self.related_audit_orgs.exists():
|
|
return True
|
|
else:
|
|
return False
|
|
|
|
@lazyproperty
|
|
def can_admin_current_org(self):
|
|
return current_org.can_admin_by(self)
|
|
|
|
@lazyproperty
|
|
def can_audit_current_org(self):
|
|
return current_org.can_audit_by(self)
|
|
|
|
@lazyproperty
|
|
def can_user_current_org(self):
|
|
return current_org.can_user_by(self)
|
|
|
|
@lazyproperty
|
|
def can_admin_or_audit_current_org(self):
|
|
return self.can_admin_current_org or self.can_audit_current_org
|
|
|
|
@property
|
|
def is_staff(self):
|
|
if self.is_authenticated and self.is_valid:
|
|
return True
|
|
else:
|
|
return False
|
|
|
|
@is_staff.setter
|
|
def is_staff(self, value):
|
|
pass
|
|
|
|
@classmethod
|
|
def create_app_user(cls, name, comment):
|
|
app = cls.objects.create(
|
|
username=name, name=name, email='{}@local.domain'.format(name),
|
|
is_active=False, role='App', comment=comment,
|
|
is_first_login=False, created_by='System'
|
|
)
|
|
access_key = app.create_access_key()
|
|
return app, access_key
|
|
|
|
def remove(self):
|
|
if not current_org.is_real():
|
|
return
|
|
if self.can_user_current_org:
|
|
current_org.users.remove(self)
|
|
if self.can_admin_current_org:
|
|
current_org.admins.remove(self)
|
|
if self.can_audit_current_org:
|
|
current_org.auditors.remove(self)
|
|
|
|
|
|
class TokenMixin:
|
|
CACHE_KEY_USER_RESET_PASSWORD_PREFIX = "_KEY_USER_RESET_PASSWORD_{}"
|
|
email = ''
|
|
id = None
|
|
|
|
@property
|
|
def private_token(self):
|
|
return self.create_private_token()
|
|
|
|
def create_private_token(self):
|
|
from authentication.models import PrivateToken
|
|
token, created = PrivateToken.objects.get_or_create(user=self)
|
|
return token
|
|
|
|
def delete_private_token(self):
|
|
from authentication.models import PrivateToken
|
|
PrivateToken.objects.filter(user=self).delete()
|
|
|
|
def refresh_private_token(self):
|
|
self.delete_private_token()
|
|
return self.create_private_token()
|
|
|
|
def create_bearer_token(self, request=None):
|
|
expiration = settings.TOKEN_EXPIRATION or 3600
|
|
if request:
|
|
remote_addr = request.META.get('REMOTE_ADDR', '')
|
|
else:
|
|
remote_addr = '0.0.0.0'
|
|
if not isinstance(remote_addr, bytes):
|
|
remote_addr = remote_addr.encode("utf-8")
|
|
remote_addr = base64.b16encode(remote_addr) # .replace(b'=', '')
|
|
cache_key = '%s_%s' % (self.id, remote_addr)
|
|
token = cache.get(cache_key)
|
|
if not token:
|
|
token = uuid.uuid4().hex
|
|
cache.set(token, self.id, expiration)
|
|
cache.set('%s_%s' % (self.id, remote_addr), token, expiration)
|
|
date_expired = timezone.now() + timezone.timedelta(seconds=expiration)
|
|
return token, date_expired
|
|
|
|
def refresh_bearer_token(self, token):
|
|
pass
|
|
|
|
def create_access_key(self):
|
|
access_key = self.access_keys.create()
|
|
return access_key
|
|
|
|
@property
|
|
def access_key(self):
|
|
return self.access_keys.first()
|
|
|
|
def generate_reset_token(self):
|
|
letter = string.ascii_letters + string.digits
|
|
token = ''.join([random.choice(letter) for _ in range(50)])
|
|
self.set_cache(token)
|
|
return token
|
|
|
|
@classmethod
|
|
def validate_reset_password_token(cls, token):
|
|
try:
|
|
key = cls.CACHE_KEY_USER_RESET_PASSWORD_PREFIX.format(token)
|
|
value = cache.get(key)
|
|
user_id = value.get('id', '')
|
|
email = value.get('email', '')
|
|
user = cls.objects.get(id=user_id, email=email)
|
|
except (AttributeError, cls.DoesNotExist) as e:
|
|
logger.error(e, exc_info=True)
|
|
user = None
|
|
return user
|
|
|
|
def set_cache(self, token):
|
|
key = self.CACHE_KEY_USER_RESET_PASSWORD_PREFIX.format(token)
|
|
cache.set(key, {'id': self.id, 'email': self.email}, 3600)
|
|
|
|
@classmethod
|
|
def expired_reset_password_token(cls, token):
|
|
key = cls.CACHE_KEY_USER_RESET_PASSWORD_PREFIX.format(token)
|
|
cache.delete(key)
|
|
|
|
|
|
class MFAMixin:
|
|
mfa_level = 0
|
|
otp_secret_key = ''
|
|
MFA_LEVEL_CHOICES = (
|
|
(0, _('Disable')),
|
|
(1, _('Enable')),
|
|
(2, _("Force enable")),
|
|
)
|
|
|
|
@property
|
|
def mfa_enabled(self):
|
|
return self.mfa_force_enabled or self.mfa_level > 0
|
|
|
|
@property
|
|
def mfa_force_enabled(self):
|
|
if settings.SECURITY_MFA_AUTH:
|
|
return True
|
|
return self.mfa_level == 2
|
|
|
|
def enable_mfa(self):
|
|
if not self.mfa_level == 2:
|
|
self.mfa_level = 1
|
|
|
|
def force_enable_mfa(self):
|
|
self.mfa_level = 2
|
|
|
|
def disable_mfa(self):
|
|
self.mfa_level = 0
|
|
self.otp_secret_key = None
|
|
|
|
def reset_mfa(self):
|
|
if self.mfa_is_otp():
|
|
self.otp_secret_key = ''
|
|
|
|
@staticmethod
|
|
def mfa_is_otp():
|
|
if settings.OTP_IN_RADIUS:
|
|
return False
|
|
return True
|
|
|
|
def check_radius(self, code):
|
|
from authentication.backends.radius import RadiusBackend
|
|
backend = RadiusBackend()
|
|
user = backend.authenticate(None, username=self.username, password=code)
|
|
if user:
|
|
return True
|
|
return False
|
|
|
|
def check_otp(self, code):
|
|
from ..utils import check_otp_code
|
|
return check_otp_code(self.otp_secret_key, code)
|
|
|
|
def check_mfa(self, code):
|
|
if settings.OTP_IN_RADIUS:
|
|
return self.check_radius(code)
|
|
else:
|
|
return self.check_otp(code)
|
|
|
|
def mfa_enabled_but_not_set(self):
|
|
if not self.mfa_enabled:
|
|
return False, None
|
|
if self.mfa_is_otp() and not self.otp_secret_key:
|
|
return True, reverse('users:user-otp-enable-start')
|
|
return False, None
|
|
|
|
|
|
class User(AuthMixin, TokenMixin, RoleMixin, MFAMixin, AbstractUser):
|
|
SOURCE_LOCAL = 'local'
|
|
SOURCE_LDAP = 'ldap'
|
|
SOURCE_OPENID = 'openid'
|
|
SOURCE_RADIUS = 'radius'
|
|
SOURCE_CAS = 'cas'
|
|
SOURCE_CHOICES = (
|
|
(SOURCE_LOCAL, _('Local')),
|
|
(SOURCE_LDAP, 'LDAP/AD'),
|
|
(SOURCE_OPENID, 'OpenID'),
|
|
(SOURCE_RADIUS, 'Radius'),
|
|
(SOURCE_CAS, 'CAS'),
|
|
)
|
|
|
|
id = models.UUIDField(default=uuid.uuid4, primary_key=True)
|
|
username = models.CharField(
|
|
max_length=128, unique=True, verbose_name=_('Username')
|
|
)
|
|
name = models.CharField(max_length=128, verbose_name=_('Name'))
|
|
email = models.EmailField(
|
|
max_length=128, unique=True, verbose_name=_('Email')
|
|
)
|
|
groups = models.ManyToManyField(
|
|
'users.UserGroup', related_name='users',
|
|
blank=True, verbose_name=_('User group')
|
|
)
|
|
role = models.CharField(
|
|
choices=RoleMixin.ROLE_CHOICES, default='User', max_length=10,
|
|
blank=True, verbose_name=_('Role')
|
|
)
|
|
avatar = models.ImageField(
|
|
upload_to="avatar", null=True, verbose_name=_('Avatar')
|
|
)
|
|
wechat = models.CharField(
|
|
max_length=128, blank=True, verbose_name=_('Wechat')
|
|
)
|
|
phone = models.CharField(
|
|
max_length=20, blank=True, null=True, verbose_name=_('Phone')
|
|
)
|
|
mfa_level = models.SmallIntegerField(
|
|
default=0, choices=MFAMixin.MFA_LEVEL_CHOICES, verbose_name=_('MFA')
|
|
)
|
|
otp_secret_key = fields.EncryptCharField(max_length=128, blank=True, null=True)
|
|
# Todo: Auto generate key, let user download
|
|
private_key = fields.EncryptTextField(
|
|
blank=True, null=True, verbose_name=_('Private key')
|
|
)
|
|
public_key = fields.EncryptTextField(
|
|
blank=True, null=True, verbose_name=_('Public key')
|
|
)
|
|
comment = models.TextField(
|
|
blank=True, null=True, verbose_name=_('Comment')
|
|
)
|
|
is_first_login = models.BooleanField(default=True)
|
|
date_expired = models.DateTimeField(
|
|
default=date_expired_default, blank=True, null=True,
|
|
db_index=True, verbose_name=_('Date expired')
|
|
)
|
|
created_by = models.CharField(
|
|
max_length=30, default='', blank=True, verbose_name=_('Created by')
|
|
)
|
|
source = models.CharField(
|
|
max_length=30, default=SOURCE_LOCAL, choices=SOURCE_CHOICES,
|
|
verbose_name=_('Source')
|
|
)
|
|
date_password_last_updated = models.DateTimeField(
|
|
auto_now_add=True, blank=True, null=True,
|
|
verbose_name=_('Date password last updated')
|
|
)
|
|
|
|
user_cache_key_prefix = '_User_{}'
|
|
|
|
def __str__(self):
|
|
return '{0.name}({0.username})'.format(self)
|
|
|
|
def get_absolute_url(self):
|
|
return reverse('users:user-detail', args=(self.id,))
|
|
|
|
@property
|
|
def groups_display(self):
|
|
return ' '.join([group.name for group in self.groups.all()])
|
|
|
|
@property
|
|
def source_display(self):
|
|
return self.get_source_display()
|
|
|
|
@property
|
|
def is_expired(self):
|
|
if self.date_expired and self.date_expired < timezone.now():
|
|
return True
|
|
else:
|
|
return False
|
|
|
|
@property
|
|
def expired_remain_days(self):
|
|
date_remain = self.date_expired - timezone.now()
|
|
return date_remain.days
|
|
|
|
@property
|
|
def will_expired(self):
|
|
if 0 <= self.expired_remain_days < 5:
|
|
return True
|
|
else:
|
|
return False
|
|
|
|
@property
|
|
def is_valid(self):
|
|
if self.is_active and not self.is_expired:
|
|
return True
|
|
return False
|
|
|
|
@property
|
|
def is_local(self):
|
|
return self.source == self.SOURCE_LOCAL
|
|
|
|
def set_unprovide_attr_if_need(self):
|
|
if not self.name:
|
|
self.name = self.username
|
|
if not self.email or '@' not in self.email:
|
|
email = '{}@{}'.format(self.username, settings.EMAIL_SUFFIX)
|
|
if '@' in self.username:
|
|
email = self.username
|
|
self.email = email
|
|
|
|
def save(self, *args, **kwargs):
|
|
self.set_unprovide_attr_if_need()
|
|
if self.username == 'admin':
|
|
self.role = 'Admin'
|
|
self.is_active = True
|
|
super().save(*args, **kwargs)
|
|
|
|
def is_member_of(self, user_group):
|
|
if user_group in self.groups.all():
|
|
return True
|
|
return False
|
|
|
|
def set_avatar(self, f):
|
|
self.avatar.save(self.username, f)
|
|
|
|
@classmethod
|
|
def get_avatar_url(cls, username):
|
|
user_default = settings.STATIC_URL + "img/avatar/user.png"
|
|
return user_default
|
|
|
|
def avatar_url(self):
|
|
admin_default = settings.STATIC_URL + "img/avatar/admin.png"
|
|
user_default = settings.STATIC_URL + "img/avatar/user.png"
|
|
if self.avatar:
|
|
return self.avatar.url
|
|
if self.is_superuser:
|
|
return admin_default
|
|
else:
|
|
return user_default
|
|
|
|
def delete(self, using=None, keep_parents=False):
|
|
if self.pk == 1 or self.username == 'admin':
|
|
return
|
|
return super(User, self).delete()
|
|
|
|
class Meta:
|
|
ordering = ['username']
|
|
verbose_name = _("User")
|
|
|
|
#: Use this method initial user
|
|
@classmethod
|
|
def initial(cls):
|
|
from .group import UserGroup
|
|
user = cls(username='admin',
|
|
email='admin@jumpserver.org',
|
|
name=_('Administrator'),
|
|
password_raw='admin',
|
|
role='Admin',
|
|
comment=_('Administrator is the super user of system'),
|
|
created_by=_('System'))
|
|
user.save()
|
|
user.groups.add(UserGroup.initial())
|
|
|
|
@classmethod
|
|
def generate_fake(cls, count=100):
|
|
from random import seed, choice
|
|
import forgery_py
|
|
from django.db import IntegrityError
|
|
from .group import UserGroup
|
|
|
|
seed()
|
|
for i in range(count):
|
|
user = cls(username=forgery_py.internet.user_name(True),
|
|
email=forgery_py.internet.email_address(),
|
|
name=forgery_py.name.full_name(),
|
|
password=make_password(forgery_py.lorem_ipsum.word()),
|
|
role=choice(list(dict(User.ROLE_CHOICES).keys())),
|
|
wechat=forgery_py.internet.user_name(True),
|
|
comment=forgery_py.lorem_ipsum.sentence(),
|
|
created_by=choice(cls.objects.all()).username)
|
|
try:
|
|
user.save()
|
|
except IntegrityError:
|
|
print('Duplicate Error, continue ...')
|
|
continue
|
|
user.groups.add(choice(UserGroup.objects.all()))
|
|
user.save()
|