Merge branch 'dev' of github.com:jumpserver/jumpserver into dev

106abc24 · ibuler · d2516cc3 · ab520ee3 · 106abc24 · 106abc24
Commit 106abc24 authored 5 years ago by ibuler
14 changed files
--- a/apps/applications/templates/applications/remote_app_create_update.html
+++ b/apps/applications/templates/applications/remote_app_create_update.html
@@ -107,6 +107,21 @@ function hiddenFields(){
    });
    $('.' + app_type + '-fields').removeClass('hidden');
 }
+function constructParams(data) {
+    var typeList = ['chrome', 'mysql_workbench', 'vmware_client', 'custom'];
+    var params = {};
+    for (var type in typeList){
+        if (data.type === type){
+            for (var k in data){
+                if (k.startsWith(data.type)){
+                    params[k] = data[k]
+                }
+            }
+            break
+        }
+    }
+    return params;
+}
 $(document).ready(function () {
    $('.select2').select2({
        closeOnSelect: true
@@ -118,6 +133,28 @@ $(document).ready(function () {
 .on('change', app_type_id, function(){
    hiddenFields();
    setDefaultValue();
-});
+})
+.on("submit", "form", function (evt) {
+    evt.preventDefault();
+    var the_url = '{% url "api-applications:remote-app-list" %}';
+    var redirect_to = '{% url "applications:remote-app-list" %}';
+    var method = "POST";
+    {% if type == "update" %}
+        the_url = '{% url "api-applications:remote-app-detail" object.id %}';
+        method = "PUT";
+    {% endif %}
+    var form = $("form");
+    var data = form.serializeObject();
+    data["params"] = constructParams(data);
+    var props = {
+        url: the_url,
+        data: data,
+        method: method,
+        form: form,
+        redirect_to: redirect_to
+     };
+    formSubmit(props);
+ })
+;
 </script>
 {% endblock %}
\ No newline at end of file
--- a/apps/applications/views/remote_app.py
+++ b/apps/applications/views/remote_app.py
@@ -46,6 +46,7 @@ class RemoteAppCreateView(PermissionsMixin, SuccessMessageMixin, CreateView):
        context = {
            'app': _('Applications'),
            'action': _('Create RemoteApp'),
+            'type': 'create'
        }
        kwargs.update(context)
        return super().get_context_data(**kwargs)
@@ -68,6 +69,7 @@ class RemoteAppUpdateView(PermissionsMixin, SuccessMessageMixin, UpdateView):
        context = {
            'app': _('Applications'),
            'action': _('Update RemoteApp'),
+            'type': 'update'
        }
        kwargs.update(context)
        return super().get_context_data(**kwargs)

--- a/apps/assets/api/asset.py
+++ b/apps/assets/api/asset.py
@@ -85,7 +85,7 @@ class AssetViewSet(LabelFilter, OrgBulkModelViewSet):
            queryset = queryset.filter(
                nodes__key__regex='^{}(:[0-9]+)*$'.format(node.key),
            )
-        return queryset
+        return queryset.distinct()

    def filter_admin_user_id(self, queryset):
        admin_user_id = self.request.query_params.get('admin_user_id')

--- a/apps/assets/forms/cmd_filter.py
+++ b/apps/assets/forms/cmd_filter.py
@@ -2,6 +2,7 @@
 #
 from django import forms
 from django.core.exceptions import ValidationError
+from django.utils.translation import ugettext_lazy as _
 import re

 from orgs.mixins import OrgModelForm

--- a/apps/assets/serializers/cmd_filter.py
+++ b/apps/assets/serializers/cmd_filter.py
@@ -2,6 +2,7 @@
 #
 import re
 from rest_framework import serializers
+from django.utils.translation import ugettext_lazy as _

 from common.fields import ChoiceDisplayField
 from common.serializers import AdaptedBulkListSerializer

--- a/apps/assets/templates/assets/admin_user_list.html
+++ b/apps/assets/templates/assets/admin_user_list.html
@@ -115,7 +115,7 @@ function initTable() {
             }}],
        ajax_url: '{% url "api-assets:admin-user-list" %}',
        columns: [
-            {data: function(){return ""}}, {data: "name"}, {data: "username" }, {data: "assets_amount" },
+            {data: function(){return ""}}, {data: "name"}, {data: "username" }, {data: "assets_amount", orderable: false},
            {#{data: "connectivity_amount"}, {data: "connectivity_amount"}, {data: "connectivity_amount"},#}
            {data: "comment"}, {data: "id"}
        ]

--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -359,6 +359,7 @@ defaults = {
    'TERMINAL_TELNET_REGEX': '',
    'TERMINAL_COMMAND_STORAGE': {},
    'SECURITY_MFA_AUTH': False,
+    'SECURITY_SERVICE_ACCOUNT_REGISTRATION': True,
    'SECURITY_LOGIN_LIMIT_COUNT': 7,
    'SECURITY_LOGIN_LIMIT_TIME': 30,
    'SECURITY_MAX_IDLE_TIME': 30,

--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@@ -568,7 +568,7 @@ SECURITY_PASSWORD_RULES = [
    'SECURITY_PASSWORD_SPECIAL_CHAR'
 ]
 SECURITY_MFA_VERIFY_TTL = CONFIG.SECURITY_MFA_VERIFY_TTL
-
+SECURITY_SERVICE_ACCOUNT_REGISTRATION = CONFIG.SECURITY_SERVICE_ACCOUNT_REGISTRATION
 TERMINAL_PASSWORD_AUTH = CONFIG.TERMINAL_PASSWORD_AUTH
 TERMINAL_PUBLIC_KEY_AUTH = CONFIG.TERMINAL_PUBLIC_KEY_AUTH
 TERMINAL_HEARTBEAT_INTERVAL = CONFIG.TERMINAL_HEARTBEAT_INTERVAL

--- a/apps/locale/zh/LC_MESSAGES/django.mo
+++ b/apps/locale/zh/LC_MESSAGES/django.mo
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
--- a/apps/perms/api/user_permission.py
+++ b/apps/perms/api/user_permission.py
@@ -344,6 +344,12 @@ class GetUserAssetPermissionActionsApi(UserPermissionCacheMixin, RetrieveAPIView
        user_id = self.request.query_params.get('user_id', '')
        asset_id = self.request.query_params.get('asset_id', '')
        system_id = self.request.query_params.get('system_user_id', '')
+        try:
+            user_id = uuid.UUID(user_id)
+            asset_id = uuid.UUID(asset_id)
+            system_id = uuid.UUID(system_id)
+        except ValueError:
+            return Response({'msg': False}, status=403)

        user = get_object_or_404(User, id=user_id)


--- a/apps/settings/forms.py
+++ b/apps/settings/forms.py
@@ -192,6 +192,11 @@ class SecuritySettingForm(BaseForm):
        required=False, label=_("Batch execute commands"),
        help_text=_("Allow user batch execute commands")
    )
+    SECURITY_SERVICE_ACCOUNT_REGISTRATION = forms.BooleanField(
+        required=False, label=_("Service account registration"),
+        help_text=_("Allow using bootstrap token register service account, "
+                    "when terminal setup, can disable it")
+    )
    # limit login count
    SECURITY_LOGIN_LIMIT_COUNT = forms.IntegerField(
        min_value=3, max_value=99999,

--- a/apps/terminal/serializers_v2/terminal.py
+++ b/apps/terminal/serializers_v2/terminal.py
 # -*- coding: utf-8 -*-
 #
+from django.conf import settings
 from rest_framework import serializers

 from common.utils import get_request_ip
@@ -27,6 +28,9 @@ class TerminalSerializer(serializers.ModelSerializer):
        valid = super().is_valid(raise_exception=raise_exception)
        if not valid:
            return valid
+        if not settings.SECURITY_SERVICE_ACCOUNT_REGISTRATION:
+            error = {"error": "service account registration disabled"}
+            raise serializers.ValidationError(error)
        data = {'name': self.validated_data.get('name')}
        kwargs = {'data': data}
        if self.instance and self.instance.user:

--- a/apps/users/templates/users/_base_otp.html
+++ b/apps/users/templates/users/_base_otp.html
@@ -42,8 +42,7 @@
            </div>
 		 	<div >
                <div class="verify">{% trans 'Security token validation' %}&nbsp;&nbsp;{% trans 'Account' %}&nbsp;<span>{{ user.username }}</span>&nbsp;&nbsp;{% trans 'Follow these steps to complete the binding operation' %}</div>
-		 		<div class="line"></div>
-
+                <hr style="width: 500px; margin: auto; margin-top: 10px;">
                {% block content %}
                {% endblock %}
 		 	</div>