Commit 0c611b64 authored by 江世峰's avatar 江世峰

Merge branch 'master' of code.simcu.com:jumpserver/jumpserver

merage
parents 2829445f aa02c211
......@@ -16,3 +16,4 @@ db.sqlite3
config.py
migrations/
*.log
host_rsa_key
# coding: utf-8
from django.db import models
from django.http import JsonResponse
from django.utils.timezone import now
from django.utils.translation import ugettext_lazy as _
......@@ -36,3 +37,27 @@ class NoDeleteModelMixin(models.Model):
self.is_discard = True
self.discard_time = now()
return self.save()
class JSONResponseMixin(object):
"""JSON mixin"""
def render_json_response(self, context):
return JsonResponse(context)
class BulkDeleteApiMixin(object):
def filter_queryset(self, queryset):
id_list = self.request.query_params.get('id__in')
if id_list:
import json
try:
ids = json.loads(id_list)
except Exception as e:
print e
return queryset
if isinstance(ids, list):
queryset = queryset.filter(id__in=ids)
return queryset
......@@ -30,11 +30,17 @@ def get_object_or_none(model, **kwargs):
def encrypt(*args, **kwargs):
return signing.dumps(*args, **kwargs)
try:
return signing.dumps(*args, **kwargs)
except signing.BadSignature:
return ''
def decrypt(*args, **kwargs):
return signing.loads(*args, **kwargs)
try:
return signing.loads(*args, **kwargs)
except signing.BadSignature:
return ''
def date_expired_default():
......
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -54,7 +54,7 @@ INSTALLED_APPS = [
'users.apps.UsersConfig',
'assets.apps.AssetsConfig',
'perms.apps.PermsConfig',
'webterminal.apps.WebterminalConfig',
# 'terminal.apps.TerminalConfig',
'ops.apps.OpsConfig',
'audits.apps.AuditsConfig',
'common.apps.CommonConfig',
......@@ -274,36 +274,36 @@ REST_FRAMEWORK = {
}
# This setting is required to override the Django's main loop, when running in
# development mode, such as ./manage runserver
WSGI_APPLICATION = 'ws4redis.django_runserver.application'
# WSGI_APPLICATION = 'ws4redis.django_runserver.application'
# URL that distinguishes websocket connections from normal requests
WEBSOCKET_URL = '/ws/'
# WEBSOCKET_URL = '/ws/'
# WebSocket Redis
WS4REDIS_CONNECTION = {
'host': CONFIG.REDIS_HOST or '127.0.0.1',
'port': CONFIG.REDIS_PORT or 6379,
'db': 2,
}
# WS4REDIS_CONNECTION = {
# 'host': CONFIG.REDIS_HOST or '127.0.0.1',
# 'port': CONFIG.REDIS_PORT or 6379,
# 'db': 2,
# }
# Set the number of seconds each message shall persisted
WS4REDIS_EXPIRE = 3600
# WS4REDIS_EXPIRE = 3600
WS4REDIS_HEARTBEAT = 'love you'
# WS4REDIS_HEARTBEAT = 'love you'
WS4REDIS_PREFIX = 'demo'
# WS4REDIS_PREFIX = 'demo'
SESSION_ENGINE = 'redis_sessions.session'
# SESSION_ENGINE = 'redis_sessions.session'
SESSION_REDIS_PREFIX = 'session'
# SESSION_REDIS_PREFIX = 'session'
SESSION_REDIS_HOST = CONFIG.REDIS_HOST
# SESSION_REDIS_HOST = CONFIG.REDIS_HOST
SESSION_REDIS_PORT = CONFIG.REDIS_PORT
# SESSION_REDIS_PORT = CONFIG.REDIS_PORT
SESSION_REDIS_PASSWORD = CONFIG.REDIS_PASSWORD
# SESSION_REDIS_PASSWORD = CONFIG.REDIS_PASSWORD
SESSION_REDIS_DB = CONFIG.REDIS_DB
# SESSION_REDIS_DB = CONFIG.REDIS_DB
# Custom User Auth model
......
......@@ -25,7 +25,6 @@ urlpatterns = [
url(r'^(api/)?users/', include('users.urls')),
url(r'^assets/', include('assets.urls')),
url(r'^perms/', include('perms.urls')),
url(r'^terminal/', include('webterminal.urls')),
]
......
This diff is collapsed.
......@@ -9,51 +9,28 @@ from rest_framework import generics, status
from rest_framework.response import Response
from rest_framework_bulk import ListBulkCreateUpdateDestroyAPIView
from .serializers import UserSerializer, UserGroupSerializer, UserAttributeSerializer, GroupUserEditSerializer, \
GroupEditSerializer, UserPKUpdateSerializer, UserBulkUpdateSerializer
from .models import User, UserGroup
from .serializers import UserDetailSerializer, UserAndGroupSerializer, \
GroupDetailSerializer, UserPKUpdateSerializer, UserBulkUpdateSerializer, GroupBulkUpdateSerializer
from common.mixins import BulkDeleteApiMixin
logger = logging.getLogger('jumpserver.users.api')
class UserListAddApi(generics.ListCreateAPIView):
class UserDetailApi(generics.RetrieveUpdateDestroyAPIView):
queryset = User.objects.all()
serializer_class = UserSerializer
serializer_class = UserDetailSerializer
class UserDetailDeleteUpdateApi(generics.RetrieveUpdateDestroyAPIView):
class UserAndGroupEditApi(generics.RetrieveUpdateAPIView):
queryset = User.objects.all()
serializer_class = UserSerializer
def delete(self, request, *args, **kwargs):
print(self.request.data)
return super(UserDetailDeleteUpdateApi, self).delete(request, *args, **kwargs)
class UserGroupListAddApi(generics.ListCreateAPIView):
queryset = UserGroup.objects.all()
serializer_class = UserGroupSerializer
class UserGroupDetailDeleteUpdateApi(generics.RetrieveUpdateDestroyAPIView):
queryset = UserGroup.objects.all()
serializer_class = UserGroupSerializer
class UserAttributeApi(generics.RetrieveUpdateDestroyAPIView):
queryset = User.objects.all()
serializer_class = UserAttributeSerializer
class GroupUserEditApi(generics.RetrieveUpdateAPIView):
queryset = User.objects.all()
serializer_class = GroupUserEditSerializer
serializer_class = UserAndGroupSerializer
class UserResetPasswordApi(generics.UpdateAPIView):
queryset = User.objects.all()
serializer_class = GroupUserEditSerializer
serializer_class = UserDetailSerializer
def perform_update(self, serializer):
# Note: we are not updating the user object here.
......@@ -68,7 +45,7 @@ class UserResetPasswordApi(generics.UpdateAPIView):
class UserResetPKApi(generics.UpdateAPIView):
queryset = User.objects.all()
serializer_class = GroupUserEditSerializer
serializer_class = UserDetailSerializer
def perform_update(self, serializer):
user = self.get_object()
......@@ -88,9 +65,9 @@ class UserUpdatePKApi(generics.UpdateAPIView):
user.save()
class GroupEditApi(generics.RetrieveUpdateDestroyAPIView):
class GroupDetailApi(generics.RetrieveUpdateDestroyAPIView):
queryset = UserGroup.objects.all()
serializer_class = GroupEditSerializer
serializer_class = GroupDetailSerializer
def perform_update(self, serializer):
users = serializer.validated_data.get('users')
......@@ -105,27 +82,19 @@ class GroupEditApi(generics.RetrieveUpdateDestroyAPIView):
serializer.save()
class UserBulkUpdateApi(ListBulkCreateUpdateDestroyAPIView):
class UserListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView):
queryset = User.objects.all()
serializer_class = UserBulkUpdateSerializer
def filter_queryset(self, queryset):
id_list = self.request.query_params.get('id__in')
if id_list:
import json
try:
ids = json.loads(id_list)
except Exception as e:
logger.error(str(e))
return queryset
if isinstance(ids, list):
queryset = queryset.filter(id__in=ids)
return queryset
class GroupListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView):
queryset = UserGroup.objects.all()
serializer_class = GroupBulkUpdateSerializer
class DeleteUserFromGroupApi(generics.DestroyAPIView):
queryset = UserGroup.objects.all()
serializer_class = GroupEditSerializer
serializer_class = GroupDetailSerializer
def destroy(self, request, *args, **kwargs):
group = self.get_object()
......
......@@ -34,6 +34,13 @@ class UserCreateForm(forms.ModelForm):
}
class UserBulkImportForm(forms.ModelForm):
class Meta:
model = User
fields = ['username', 'email', 'enable_otp', 'role']
class UserUpdateForm(forms.ModelForm):
class Meta:
......
......@@ -112,6 +112,12 @@ class User(AbstractUser):
else:
return True
@property
def is_valid(self):
if self.is_active and not self.is_expired:
return True
return False
@property
def private_key(self):
return decrypt(self._private_key)
......
......@@ -8,47 +8,13 @@ from rest_framework_bulk import BulkListSerializer, BulkSerializerMixin
from .models import User, UserGroup
class UserSerializer(serializers.ModelSerializer):
groups = serializers.HyperlinkedRelatedField(many=True, read_only=True, view_name='users:user-group-detail-api')
class Meta:
model = User
exclude = [
'password', 'first_name', 'last_name', 'secret_key_otp',
'private_key', 'public_key', 'avatar',
]
class UserGroupSerializer(serializers.ModelSerializer):
users = serializers.HyperlinkedRelatedField(many=True, read_only=True, view_name='users:user-detail-api')
class Meta:
model = UserGroup
fields = '__all__'
class GroupEditSerializer(serializers.ModelSerializer):
class Meta:
model = UserGroup
fields = ['id', 'name', 'comment', 'date_created', 'created_by', 'users']
class UserAttributeSerializer(serializers.ModelSerializer):
class UserDetailSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = ['avatar', 'wechat', 'phone', 'enable_otp', 'comment', 'is_active', 'name']
class GroupUserEditSerializer(serializers.ModelSerializer):
groups = serializers.PrimaryKeyRelatedField(many=True, queryset=UserGroup.objects.all())
class Meta:
model = User
fields = ['id', 'groups']
class UserPKUpdateSerializer(serializers.ModelSerializer):
class Meta:
......@@ -70,6 +36,21 @@ class UserPKUpdateSerializer(serializers.ModelSerializer):
return value
class UserAndGroupSerializer(serializers.ModelSerializer):
groups = serializers.PrimaryKeyRelatedField(many=True, queryset=UserGroup.objects.all())
class Meta:
model = User
fields = ['id', 'groups']
class GroupDetailSerializer(serializers.ModelSerializer):
class Meta:
model = UserGroup
fields = ['id', 'name', 'comment', 'date_created', 'created_by', 'users']
class UserBulkUpdateSerializer(BulkSerializerMixin, serializers.ModelSerializer):
group_display = serializers.SerializerMethodField()
active_display = serializers.SerializerMethodField()
......@@ -88,3 +69,16 @@ class UserBulkUpdateSerializer(BulkSerializerMixin, serializers.ModelSerializer)
def get_active_display(self, obj):
# TODO: user ative state
return not (obj.is_expired and obj.is_active)
class GroupBulkUpdateSerializer(BulkSerializerMixin, serializers.ModelSerializer):
user_amount = serializers.SerializerMethodField()
class Meta:
model = UserGroup
list_serializer_class = BulkListSerializer
fields = ['id', 'name', 'comment', 'user_amount']
def get_user_amount(self, obj):
return obj.users.count()
{% extends '_modal.html' %}
{% load i18n %}
{% block modal_id %}user_import_modal{% endblock %}
{% block modal_title%}{% trans "Import User" %}{% endblock %}
{% block modal_body %}
<p class="text-success text-center">{% trans "Hint: your excel should organized in the following format." %}</p>
<p class="text-success text-center">{% trans "* You should have a very worksheet named `users`." %}</p>
<p class="text-success text-center">{% trans "* Rows in this worksheet: username, email, enable_opt(0, 1), role(one of ['Admin', 'User'])" %}</p>
<form method="post" class="form-horizontal" action="{% url 'users:user-import' %}" id="fm_user_import" enctype="multipart/form-data">
{% csrf_token %}
<div class="form-group">
<label class="control-label col-sm-2 col-lg-2 " for="id_excel">{% trans "Excel" %}</label>
<div class=" col-sm-9 col-lg-9 ">
<input id="id_excel" type="file" name="excel" />
</div>
</div>
</form>
{% endblock %}
{% block modal_confirm_id %}btn_user_import{% endblock %}
......@@ -218,7 +218,7 @@ $(document).on('click', '.btn_remove', function(){
users: plain_id_list.map(Number)
};
$('#select_user_modal').modal('hide');
var the_url = "{% url 'users:user-group-edit-api' pk=object.id %}";
var the_url = "{% url 'users:user-group-detail-api' pk=object.id %}";
var success = function() {
toastr.success('{% trans "The selected users has been added to current group." %}');
var html = "";
......
{% extends '_base_list.html' %}
{% load i18n static %}
{% load common_tags %}
{% block custom_head_css_js %}
<link href="{% static "css/plugins/sweetalert/sweetalert.css" %}" rel="stylesheet">
<script src="{% static "js/plugins/sweetalert/sweetalert.min.js" %}"></script>
{% endblock %}
{% block content_left_head %}
<a href="{% url 'users:user-group-create' %}" class="btn btn-sm btn-primary ">{% trans "Add User Group" %}</a>
{% endblock %}
{{ block.super }}
<style>
div.dataTables_wrapper div.dataTables_filter,
.dataTables_length {
float: right !important;
}
{% block table_head %}
<th class="text-center">
<input type="checkbox" id="check_all" onclick="checkAll('check_all', 'checked')">
</th>
<th class="text-center"><a href="{% url 'users:user-group-list' %}?sort=name">{% trans "Name" %}</a></th>
<th class="text-center">{% trans "User Amount" %}</th>
<th class="text-center">{% trans "Asset Amount" %}</th>
<th class="text-center">{% trans "Comment" %}</th>
<th class="text-center"></th>
div.dataTables_wrapper div.dataTables_filter {
margin-left: 15px;
}
</style>
{% endblock %}
{% block table_body %}
{% for user_group in user_group_list %}
<tr class="gradeX">
<td class="text-center">
<input type="checkbox" name="checked" value="{{ user_group.id }}">
</td>
<td class="text-center">
<a href="{% url 'users:user-group-detail' pk=user_group.id %}">
{{ user_group.name }}
</a>
</td>
<td class="text-center">{{ user_group.users.count }}</td>
<td class="text-center">999</td>
<th class="text-center">{{ user_group.comment|truncatewords:8 }}</th>
<td class="text-center">
<a href="{% url 'users:user-group-update' pk=user_group.id %}" class="btn btn-xs btn-info">{% trans "Edit" %}</a>
<a href="javascript:void(0)" data-gid="{{ user_group.id }}"
class="btn btn-xs btn-danger del {% ifequal user_group.name 'Default' %}disabled{% else %}btn_delete_user_group{% endifequal %}">{% trans "Delete" %}</a>
</td>
{% block table_search %}{% endblock %}
{% block table_container %}
<div class="pull-left m-r-5"><a href="{% url 'users:user-group-create' %}" class="btn btn-sm btn-primary ">{% trans "Add User Group" %}</a></div>
<table class="table table-striped table-bordered table-hover " id="group_list_table" >
<thead>
<tr>
<th class="text-center">
<div class="checkbox checkbox-default"><input id="" type="checkbox" class="ipt_check_all"><label></label></div>
</th>
<th class="text-center">{% trans 'Name' %}</a></th>
<th class="text-center">{% trans 'User Amount' %}</a></th>
<th class="text-center">{% trans 'Asset Amount' %}</th>
<th class="text-center">{% trans 'Comment' %}</th>
<th class="text-center">{% trans 'Action' %}</th>
</tr>
{% endfor %}
{% endblock %}
{% block content_bottom_left %}
<form id="" method="get" action="" class=" mail-search">
<div class="input-group">
<select class="form-control m-b" style="width: auto">
<option>{% trans "Bulk Update" %}</option>
<option>{% trans "Bulk Export" %}</option>
<option>{% trans "Bulk Update" %}</option>
</select>
<div class="input-group-btn pull-left" style="padding-left: 5px;">
<button id='search_btn' type="submit" style="height: 32px;" class="btn btn-sm btn-primary">{% trans "Confirm" %}</button>
</div>
</thead>
</table>
<div id="actions" class="hide">
<div class="input-group">
<select class="form-control m-b" style="width: auto" id="slct_bulk_update">
<option value="delete">{% trans 'Delete selected' %}</option>
</select>
<div class="input-group-btn pull-left" style="padding-left: 5px;">
<button id='btn_bulk_update' style="height: 32px;" class="btn btn-sm btn-primary">
{% trans 'Submit' %}
</button>
</div>
</form>
</div>
</div>
{% endblock %}
{% block content_bottom_left %}{% endblock %}
{% block custom_foot_js %}
<script>
$(document).on('click', '.btn_delete_user_group', function(){
$(document).ready(function() {
var options = {
ele: $('#group_list_table'),
buttons: [],
columnDefs: [
{targets: 1, createdCell: function (td, cellData, rowData) {
var detail_btn = '<a href="{% url "users:user-group-detail" pk=99991937 %}">' + cellData + '</a>';
$(td).html(detail_btn.replace('99991937', rowData.id));
}},
{targets: 4, createdCell: function (td, cellData) {
var innerHtml = cellData.length > 18 ? cellData.substring(0, 18) + '...': cellData;
$(td).html('<a href="javascript:void(0);" data-toggle="tooltip" title="' + cellData + '">' + innerHtml + '</a>');
}},
{targets: 5, createdCell: function (td, cellData, rowData) {
var update_btn = '<a href="{% url "users:user-group-update" pk=99991937 %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'.replace('99991937', cellData);
var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_delete_user_group" data-uid="99991937">{% trans "Delete" %}</a>'.replace('99991937', cellData);
if (rowData.id === 1) {
$(td).html(update_btn)
} else {
$(td).html(update_btn + del_btn)
}
}}],
ajax_url: '{% url "users:user-group-bulk-update-api" %}',
columns: [{data: function(){return ""}}, {data: "name" }, {data: "user_amount"},
{data: function(){return 999}}, {data: "comment"}, {data: "id" }],
op_html: $('#actions').html()
};
jumpserver.initDataTable(options);
}).on('click', '.btn_delete_user_group', function(){
var $this = $(this);
function doDelete() {
var group_id = $this.data('gid');
var the_url = "{% url 'users:user-group-edit-api' 99991937 %}".replace('99991937', group_id);
var the_url = "{% url 'users:user-group-detail-api' 99991937 %}".replace('99991937', group_id);
var body = {};
var success = function() {
var msg = "{% trans 'Group Deleted.' %}";
......@@ -95,6 +109,48 @@ $(document).on('click', '.btn_delete_user_group', function(){
}, function() {
doDelete();
});
}).on('click', '#btn_bulk_update', function(){
var action = $('#slct_bulk_update').val();
var $data_table = $('#group_list_table').DataTable()
var plain_id_list = [];
$data_table.rows({selected: true}).every(function(){
plain_id_list.push(this.data().id);
});
if (plain_id_list === []) {
return false;
};
var the_url = "{% url 'users:user-group-bulk-update-api' %}";
function doDelete() {
swal({
title: "{% trans 'Are you sure?' %}",
text: "{% trans 'This will delete the selected groups !!!' %}",
type: "warning",
showCancelButton: true,
confirmButtonColor: "#DD6B55",
confirmButtonText: "{% trans 'Confirm' %}",
closeOnConfirm: false
}, function() {
var success = function() {
var msg = "{% trans 'UserGroups Deleted.' %}";
swal("{% trans 'UserGroups Delete' %}", msg, "success");
$data_table.ajax.reload();
};
var fail = function() {
var msg = "{% trans 'UserGroup Deleting failed.' %}";
swal("{% trans 'UserGroups Delete' %}", msg, "error");
};
var url_delete = the_url + '?id__in=' + JSON.stringify(plain_id_list);
APIUpdateAttr({url: url_delete, method: 'DELETE', success: success, error: fail});
jumpserver.checked = false;
});
}
switch(action) {
case 'delete':
doDelete();
break;
default:
break;
}
})
</script>
{% endblock %}
{% extends '_base_list.html' %}
{% load i18n static %}
{% get_current_language as LANGUAGE_CODE %}
{% load common_tags %}
{% block custom_head_css_js %}
{{ block.super }}
<style>
......@@ -17,7 +15,8 @@ div.dataTables_wrapper div.dataTables_filter {
{% endblock %}
{% block table_search %}{% endblock %}
{% block table_container %}
<div class="uc pull-left"><a href="{% url "users:user-create" %}" class="btn btn-sm btn-primary"> {% trans "Create user" %} </a></div>
<div class="uc pull-left"><a href="javascript:void(0);" class="btn btn-sm btn-primary" data-toggle="modal" data-target="#user_import_modal"> {% trans "Import user" %} </a></div>
<div class="uc pull-left m-l-5 m-r-5"><a href="{% url "users:user-create" %}" class="btn btn-sm btn-primary"> {% trans "Create user" %} </a></div>
<table class="table table-striped table-bordered table-hover " id="user_list_table" >
<thead>
<tr>
......@@ -51,10 +50,11 @@ div.dataTables_wrapper div.dataTables_filter {
</div>
</div>
{% include "users/_user_bulk_update_modal.html" %}
{% include "users/_user_import_modal.html" %}
{% endblock %}
{% block content_bottom_left %}
{% endblock %}
{% block content_bottom_left %}{% endblock %}
{% block custom_foot_js %}
<script src="{% static 'js/jquery.form.min.js' %}"></script>
<script>
$(document).ready(function(){
var options = {
......@@ -219,6 +219,23 @@ $(document).ready(function(){
}
APIUpdateAttr({url: the_url, method: 'PATCH', body: JSON.stringify(post_list), success: success});
$('#user_bulk_update_modal').modal('hide');
}).on('click', '#btn_user_import', function() {
var $form = $('#fm_user_import');
$form.find('.help-block').remove();
function success (data) {
if (data.success === false) {
var $help = $form.find('.help-block');
$('<span />', {class: 'help-block text-danger'}).html(data.msg).insertAfter($('#id_excel'));
} else {
$('#user_import_modal').modal('hide');
var $data_table = $('#user_list_table').DataTable();
toastr.success("{% trans 'Import User Success.' %}")
$data_table.ajax.reload();
}
}
$form.ajaxSubmit({success: success});
}).on('change', '#id_excel', function() {
$(this).siblings('.help-block').remove();
})
</script>
{% endblock %}
......
......@@ -23,6 +23,7 @@ urlpatterns = [
url(r'^user/(?P<pk>[0-9]+)/granted-asset', views.UserGrantedAssetView.as_view(), name='user-granted-asset'),
url(r'^user/(?P<pk>[0-9]+)/login-history', views.UserDetailView.as_view(), name='user-login-history'),
url(r'^first-login/$', views.UserFirstLoginView.as_view(), name='user-first-login'),
url(r'^import/$', views.BulkImportUserView.as_view(), name='user-import'),
url(r'^user/(?P<pk>[0-9]+)/assets-perm$', views.UserDetailView.as_view(), name='user-detail'),
url(r'^user/create$', views.UserCreateView.as_view(), name='user-create'),
url(r'^user/(?P<pk>[0-9]+)/update$', views.UserUpdateView.as_view(), name='user-update'),
......@@ -34,22 +35,15 @@ urlpatterns = [
urlpatterns += [
url(r'^v1/users$', api.UserListAddApi.as_view(), name='user-list-api'),
url(r'^v1/users/update/$', api.UserBulkUpdateApi.as_view(), name='user-bulk-update-api'),
url(r'^v1/users/(?P<pk>[0-9]+)$',
api.UserDetailDeleteUpdateApi.as_view(), name='user-detail-api'),
url(r'^v1/users/(?P<pk>[0-9]+)/patch$',
api.UserAttributeApi.as_view(), name='user-patch-api'),
url(r'^v1/users/$', api.UserListUpdateApi.as_view(), name='user-bulk-update-api'),
url(r'^v1/users/(?P<pk>\d+)/$', api.UserDetailApi.as_view(), name='user-patch-api'),
url(r'^v1/users/(?P<pk>\d+)/reset-password/$', api.UserResetPasswordApi.as_view(), name='user-reset-password-api'),
url(r'^v1/users/(?P<pk>\d+)/reset-pk/$', api.UserResetPKApi.as_view(), name='user-reset-pk-api'),
url(r'^v1/users/(?P<pk>\d+)/update-pk/$', api.UserUpdatePKApi.as_view(), name='user-update-pk-api'),
url(r'^v1/user-groups$', api.UserGroupListAddApi.as_view(), name='user-group-list-api'),
url(r'^v1/user-groups/(?P<pk>[0-9]+)$',
api.UserGroupDetailDeleteUpdateApi.as_view(), name='user-group-detail-api'),
url(r'^v1/user-groups/$', api.GroupListUpdateApi.as_view(), name='user-group-bulk-update-api'),
url(r'^v1/user-groups/(?P<pk>\d+)/$', api.GroupDetailApi.as_view(), name='user-group-detail-api'),
url(r'^v1/user-groups/(?P<pk>\d+)/user/(?P<uid>\d+)/$',
api.DeleteUserFromGroupApi.as_view(), name='delete-user-from-group-api'),
url(r'^v1/user-groups/(?P<pk>[0-9]+)/users/$',
api.GroupUserEditApi.as_view(), name='group-user-edit-api'),
url(r'^v1/user-groups/(?P<pk>[0-9]+)/edit/$', api.GroupEditApi.as_view(),
name='user-group-edit-api'),
url(r'^v1/user-groups/(?P<pk>\d+)/users/$',
api.UserAndGroupEditApi.as_view(), name='group-user-edit-api'),
]
......@@ -12,7 +12,8 @@ from django.utils.translation import ugettext as _
from paramiko.rsakey import RSAKey
from common.tasks import send_mail_async
from common.utils import reverse
from common.utils import reverse, get_object_or_none
from .models import User
try:
......@@ -147,3 +148,75 @@ def send_reset_ssh_key_mail(user):
logger.debug(message)
send_mail_async.delay(subject, message, recipient_list, html_message=message)
def validate_ssh_pk(text):
"""
Expects a SSH private key as string.
Returns a boolean and a error message.
If the text is parsed as private key successfully,
(True,'') is returned. Otherwise,
(False, <message describing the error>) is returned.
from https://github.com/githubnemo/SSH-private-key-validator/blob/master/validate.py
"""
if not text:
return False, 'No text given'
startPattern = re.compile("^-----BEGIN [A-Z]+ PRIVATE KEY-----")
optionPattern = re.compile("^.+: .+")
contentPattern = re.compile("^([a-zA-Z0-9+/]{64}|[a-zA-Z0-9+/]{1,64}[=]{0,2})$")
endPattern = re.compile("^-----END [A-Z]+ PRIVATE KEY-----")
def contentState(text):
for i in range(0, len(text)):
line = text[i]
if endPattern.match(line):
if i == len(text) - 1 or len(text[i + 1]) == 0:
return True, ''
else:
return False, 'At end but content coming'
elif not contentPattern.match(line):
return False, 'Wrong string in content section'
return False, 'No content or missing end line'
def optionState(text):
for i in range(0, len(text)):
line = text[i]
if line[-1:] == '\\':
return optionState(text[i + 2:])
if not optionPattern.match(line):
return contentState(text[i + 1:])
return False, 'Expected option, found nothing'
def startState(text):
if len(text) == 0 or not startPattern.match(text[0]):
return False, 'Header is wrong'
return optionState(text[1:])
return startState([n.strip() for n in text.splitlines()])
def check_user_is_valid(**kwargs):
password = kwargs.pop('password', None)
public_key = kwargs.pop('public_key', None)
user = get_object_or_none(User, **kwargs)
if password and not user.check_password(password):
user = None
if public_key and not user.public_key == public_key:
user = None
if user and user.is_valid:
return user
return None
......@@ -2,6 +2,7 @@
from __future__ import unicode_literals
from django import forms
from django.conf import settings
from django.contrib.auth import login as auth_login, logout as auth_logout
from django.contrib.auth.mixins import LoginRequiredMixin
......@@ -23,10 +24,11 @@ from django.views.generic.detail import DetailView
from formtools.wizard.views import SessionWizardView
from common.mixins import JSONResponseMixin
from common.utils import get_object_or_none, get_logger
from .models import User, UserGroup
from .forms import UserCreateForm, UserUpdateForm, UserGroupForm, UserLoginForm, UserInfoForm, UserKeyForm, \
UserPrivateAssetPermissionForm
UserPrivateAssetPermissionForm, UserBulkImportForm
from .utils import AdminUserRequiredMixin, user_add_success_next, send_reset_password_mail
from .hands import AssetPermission, get_user_granted_asset_groups, get_user_granted_assets
......@@ -149,27 +151,12 @@ class UserDetailView(AdminUserRequiredMixin, DetailView):
return super(UserDetailView, self).get_context_data(**kwargs)
class UserGroupListView(AdminUserRequiredMixin, ListView):
model = UserGroup
paginate_by = settings.CONFIG.DISPLAY_PER_PAGE
context_object_name = 'user_group_list'
class UserGroupListView(AdminUserRequiredMixin, TemplateView):
template_name = 'users/user_group_list.html'
ordering = '-date_created'
def get_queryset(self):
self.queryset = super(UserGroupListView, self).get_queryset()
self.keyword = keyword = self.request.GET.get('keyword', '')
self.sort = sort = self.request.GET.get('sort')
if keyword:
self.queryset = self.queryset.filter(name__icontains=keyword)
if sort:
self.queryset = self.queryset.order_by(sort)
return self.queryset
def get_context_data(self, **kwargs):
context = super(UserGroupListView, self).get_context_data(**kwargs)
context.update({'app': _('Users'), 'action': _('User group list'), 'keyword': self.keyword})
context.update({'app': _('Users'), 'action': _('User group list')})
return context
......@@ -443,3 +430,66 @@ class UserGrantedAssetView(AdminUserRequiredMixin, SingleObjectMixin, ListView):
}
kwargs.update(context)
return super(UserGrantedAssetView, self).get_context_data(**kwargs)
class FileForm(forms.Form):
excel = forms.FileField()
class BulkImportUserView(AdminUserRequiredMixin, JSONResponseMixin, FormView):
form_class = FileForm
def form_invalid(self, form):
try:
error = form.errors.values()[-1][-1]
except Exception as e:
print e
error = _('Invalid file.')
data = {
'success': False,
'msg': error
}
return self.render_json_response(data)
def form_valid(self, form):
from openpyxl import load_workbook
try:
wb = load_workbook(form.cleaned_data['excel'])
ws = wb['users']
except Exception as e:
print e
error = _('Not a valid Excel file.')
data = {
'success': False,
'msg': error
}
return self.render_json_response(data)
errors = []
for index, row in enumerate(ws.rows):
user_data = [cell.value for cell in row]
if len(user_data) != 4:
errors.append("Row {}: invalid user data format.".format(index))
continue
username, email, enable_otp, role = user_data
data = {
'username': username,
'email': email,
'enable_otp': True if enable_otp in ['T', '1', 1, True] else False,
'role': role
}
form = UserBulkImportForm(data, auto_id=False)
if form.is_valid():
form.save()
else:
form_errors = form.errors.as_data()
for key, err_list in form_errors.iteritems():
error_line = "{} :".format(key)
for errs in err_list:
error_line = "{}{}".format(error_line, ";".join([err for err in errs.messages]))
errors.append("Row {}: {}".format(index, error_line))
data = {
'success': True if not errors else False,
'msg': 'ok' if not errors else '<br />'.join(errors)
}
return self.render_json_response(data)
from django.contrib import admin
# Register your models here.
from __future__ import unicode_literals
from django.apps import AppConfig
class WebterminalConfig(AppConfig):
name = 'webterminal'
from __future__ import unicode_literals
from django.db import models
# Create your models here.
{% extends 'base.html' %}
{% block content %}
<div class="container">
<div id="term">
</div>
</div>
<div class="termChangBar">
<input type="number" min="100" value="100" placeholder="col" id="term-col"/>
<input type="number" min="35" value="35" placeholder="row" id="term-row"/>
<button id="col-row">修改窗口大小</button>
</div>
{% endblock %}
{% block custom_foot_js %}
<script type="application/javascript" src="/static/js/jquery-2.1.1.js"></script>
<script type="application/javascript" src="/static/js/term.js"></script>
<script>/**
* Created by liuzheng on 3/3/16.
*/
var rowHeight = 1;
var colWidth = 1;
function WSSHClient() {
}
WSSHClient.prototype._generateEndpoint = function (options) {
console.log(options);
if (window.location.protocol == 'https:') {
var protocol = 'wss://';
} else {
var protocol = 'ws://';
}
var endpoint = protocol + document.URL.match(RegExp('//(.*?)/'))[1] + '/ws/foobar?subscribe-broadcast&publish-broadcast&echo';
return endpoint;
};
WSSHClient.prototype.connect = function (options) {
var endpoint = this._generateEndpoint(options);
if (window.WebSocket) {
this._connection = new WebSocket(endpoint);
}
else if (window.MozWebSocket) {
this._connection = MozWebSocket(endpoint);
}
else {
options.onError('WebSocket Not Supported');
return;
}
this._connection.onopen = function () {
options.onConnect();
};
this._connection.onmessage = function (evt) {
try {
options.onData(evt.data);
} catch (e) {
var data = JSON.parse(evt.data.toString());
options.onError(data.error);
}
};
this._connection.onclose = function (evt) {
options.onClose();
};
};
WSSHClient.prototype.send = function (data) {
this._connection.send(JSON.stringify({'data': data}));
};
function openTerminal(options) {
var client = new WSSHClient();
var rowHeight, colWidth;
try {
rowHeight = localStorage.getItem('term-row');
colWidth = localStorage.getItem('term-col');
} catch (err) {
rowHeight = 35;
colWidth = 100
}
if (rowHeight) {
} else {
rowHeight = 35
}
if (colWidth) {
} else {
colWidth = 100
}
var term = new Terminal({
rows: rowHeight,
cols: colWidth,
useStyle: true,
screenKeys: true
});
term.open();
term.on('data', function (data) {
client.send(data)
});
$('.terminal').detach().appendTo('#term');
//term.resize(colWidth, rowHeight);
term.write('Connecting...');
client.connect($.extend(options, {
onError: function (error) {
term.write('Error: ' + error + '\r\n');
},
onConnect: function () {
// Erase our connecting message
client.send({'resize': {'rows': rowHeight, 'cols': colWidth}});
term.write('\r');
},
onClose: function () {
term.write('Connection Reset By Peer');
},
onData: function (data) {
if (data == "love you")
console.log(data);
else
term.write(data);
}
}));
//rowHeight = 0.0 + 1.00 * $('.terminal').height() / 24;
//colWidth = 0.0 + 1.00 * $('.terminal').width() / 80;
return {'term': term, 'client': client};
}
//function resize() {
// $('.terminal').css('width', window.innerWidth - 25);
// console.log(window.innerWidth);
// console.log(window.innerWidth - 10);
// var rows = Math.floor(window.innerHeight / rowHeight) - 2;
// var cols = Math.floor(window.innerWidth / colWidth) - 1;
//
// return {rows: rows, cols: cols};
//}
$(document).ready(function () {
var options = {};
$('#ssh').show();
var term_client = openTerminal(options);
console.log(rowHeight);
// by liuzheng712 because it will bring record bug
//window.onresize = function () {
// var geom = resize();
// console.log(geom);
// term_client.term.resize(geom.cols, geom.rows);
// term_client.client.send({'resize': {'rows': geom.rows, 'cols': geom.cols}});
// $('#ssh').show();
//}
try {
$('#term-row')[0].value = localStorage.getItem('term-row');
$('#term-col')[0].value = localStorage.getItem('term-col');
} catch (err) {
$('#term-row')[0].value = 35;
$('#term-col')[0].value = 100;
}
$('#col-row').click(function () {
var col = $('#term-col').val();
var row = $('#term-row').val();
localStorage.setItem('term-col', col);
localStorage.setItem('term-row', row);
term_client.term.resize(col, row);
term_client.client.send({'resize': {'rows': row, 'cols': col}});
$('#ssh').show();
});
$(".terminal").mouseleave(function () {
$(".termChangBar").slideDown();
});
$(".terminal").mouseenter(function () {
$(".termChangBar").slideUp();
})
});</script>
{% endblock %}
from django.test import TestCase
# Create your tests here.
# coding:utf-8
from django.conf.urls import url
from .views import *
from django.contrib import admin
admin.autodiscover()
app_name = 'webterminal'
urlpatterns = [
url(r'^$', TerminalView.as_view(), name='webterminal'),
]
\ No newline at end of file
from django.shortcuts import render
from django.urls import reverse_lazy
from django.db.models import Q
from django.views.generic.list import ListView
from django.views.generic.edit import CreateView, DeleteView, UpdateView
from django.views.generic.detail import DetailView
from django.views.generic.base import TemplateView
from django.views import View
from django.http import HttpResponse
from ws4redis.redis_store import RedisMessage
from ws4redis.publisher import RedisPublisher
from django.conf import settings
# Create your views here.
class TerminalView(TemplateView):
template_name = 'main.html'
def get(self, request, *args, **kwargs):
welcome = RedisMessage('Hello everybody') # create a welcome message to be sent to everybody
RedisPublisher(facility='foobar', broadcast=True).publish_message(welcome)
return super(TerminalView, self).get(request, *args, **kwargs)
def post(self, request, *args, **kwargs):
redis_publisher = RedisPublisher(facility='foobar', groups=[request.POST.get('group')])
message = RedisMessage(request.POST.get('message'))
redis_publisher.publish_message(message)
return HttpResponse('OK')
......@@ -70,6 +70,10 @@ class Config:
# EMAIL_USE_TLS = False # If port is 587, set True
# EMAIL_SUBJECT_PREFIX = '[Jumpserver] '
# SSH use password or public key for auth
SSH_PASSWORD_AUTH = False
SSH_PUBLIC_KEY_AUTH = True
def __init__(self):
pass
......
......@@ -13,6 +13,7 @@ wcwidth==0.1.7
websocket-client==0.37.0
djangorestframework==3.4.5
ForgeryPy==0.1
openpyxl==2.4.0
paramiko==2.0.2
celery==3.1.23
ansible==2.1.1.0
......@@ -20,3 +21,6 @@ django-simple-captcha==0.5.2
django-formtools==1.0
sshpubkeys==2.2.0
djangorestframework-bulk==0.2.1
python-gssapi==0.6.4
tornado==4.4.2
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
if __name__ == '__main__':
pass
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
import logging
import os
BASE_DIR = os.path.dirname(os.path.abspath(__name__))
class Config:
SSH_HOST = ''
SSH_PORT = 2200
LOG_LEVEL = 'INFO'
LOG_DIR = os.path.join(BASE_DIR, 'logs')
LOG_FILENAME = 'ssh_server.log'
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'formatters': {
'verbose': {
'format': '%(levelname)s %(asctime)s %(module)s %(process)d %(thread)d %(message)s'
},
'main': {
'datefmt': '%Y-%m-%d %H:%M:%S',
'format': '%(asctime)s [%(module)s %(levelname)s] %(message)s',
},
'simple': {
'format': '%(levelname)s %(message)s'
},
},
'handlers': {
'null': {
'level': 'DEBUG',
'class': 'logging.NullHandler',
},
'console': {
'level': 'DEBUG',
'class': 'logging.StreamHandler',
'formatter': 'main',
'stream': 'ext://sys.stdout',
},
'file': {
'level': 'DEBUG',
'class': 'logging.handlers.TimedRotatingFileHandler',
'formatter': 'main',
'filename': os.path.join(LOG_DIR, LOG_FILENAME),
'when': 'D',
'backupCount': 10,
},
},
'loggers': {
'jumpserver': {
'handlers': ['console', 'file'],
# 'level': LOG_LEVEL_CHOICES.get(LOG_LEVEL, None) or LOG_LEVEL_CHOICES.get('info')
'level': LOG_LEVEL,
'propagate': True,
},
'jumpserver.web_ssh_server': {
'handlers': ['console', 'file'],
# 'level': LOG_LEVEL_CHOICES.get(LOG_LEVEL, None) or LOG_LEVEL_CHOICES.get('info')
'level': LOG_LEVEL,
'propagate': True,
},
'jumpserver.ssh_server': {
'handlers': ['console', 'file'],
# 'level': LOG_LEVEL_CHOICES.get(LOG_LEVEL, None) or LOG_LEVEL_CHOICES.get('info')
'level': LOG_LEVEL,
'propagate': True,
}
}
}
def __init__(self):
pass
def __getattr__(self, item):
return None
class DevelopmentConfig(Config):
pass
class ProductionConfig(Config):
pass
class TestingConfig(Config):
pass
config = {
'development': DevelopmentConfig,
'production': ProductionConfig,
'testing': TestingConfig,
'default': DevelopmentConfig,
}
env = 'default'
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
import logging
import os
BASE_DIR = os.path.dirname(os.path.abspath(__name__))
class Config:
LOG_LEVEL = 'INFO'
LOG_DIR = os.path.join(BASE_DIR, 'logs')
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'formatters': {
'verbose': {
'format': '%(levelname)s %(asctime)s %(module)s %(process)d %(thread)d %(message)s'
},
'main': {
'datefmt': '%Y-%m-%d %H:%M:%S',
'format': '%(asctime)s [%(module)s %(levelname)s] %(message)s',
},
'simple': {
'format': '%(levelname)s %(message)s'
},
},
'handlers': {
'null': {
'level': 'DEBUG',
'class': 'logging.NullHandler',
},
'console': {
'level': 'DEBUG',
'class': 'logging.StreamHandler',
'formatter': 'main'
},
'file': {
'level': 'DEBUG',
'class': 'logging.FileHandler',
'formatter': 'main',
'filename': LOG_DIR,
},
},
'loggers': {
'jumpserver': {
'handlers': ['console', 'file'],
# 'level': LOG_LEVEL_CHOICES.get(LOG_LEVEL, None) or LOG_LEVEL_CHOICES.get('info')
'level': LOG_LEVEL,
},
'jumpserver.web_ssh_server': {
'handlers': ['console', 'file'],
# 'level': LOG_LEVEL_CHOICES.get(LOG_LEVEL, None) or LOG_LEVEL_CHOICES.get('info')
'level': LOG_LEVEL,
},
'jumpserver.ssh_server': {
'handlers': ['console', 'file'],
# 'level': LOG_LEVEL_CHOICES.get(LOG_LEVEL, None) or LOG_LEVEL_CHOICES.get('info')
'level': LOG_LEVEL,
}
}
}
def __init__(self):
pass
def __getattr__(self, item):
return None
class DevelopmentConfig(Config):
pass
class ProductionConfig(Config):
pass
class TestingConfig(Config):
pass
config = {
'development': DevelopmentConfig,
'production': ProductionConfig,
'testing': TestingConfig,
'default': DevelopmentConfig,
}
env = 'default'
if __name__ == '__main__':
pass
This diff is collapsed.
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
import logging
from logging.config import dictConfig
from ssh_config import config, env
CONFIG_SSH_SERVER = config.get(env)
def get_logger(name):
dictConfig(CONFIG_SSH_SERVER.LOGGING)
return logging.getLogger('jumpserver.%s' % name)
class ControlChar:
CHARS = {
'clear': '\x1b[H\x1b[2J',
}
def __init__(self):
pass
def __getattr__(self, item):
return self.__class__.CHARS.get(item, '')
class SSHServerException(Exception):
pass
control_char = ControlChar()
# -*- coding: utf-8 -*-
#
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment