Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
J
jumpserver
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ops
jumpserver
Commits
1159d949
Commit
1159d949
authored
Nov 01, 2016
by
ibuler
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update signer
parent
f1dfba6a
Hide whitespace changes
Inline
Side-by-side
Showing
9 changed files
with
71 additions
and
70 deletions
+71
-70
api.py
apps/assets/api.py
+25
-6
models.py
apps/assets/models.py
+12
-12
serializers.py
apps/assets/serializers.py
+1
-0
utils.py
apps/common/utils.py
+19
-26
api.py
apps/terminal/api.py
+2
-2
api.py
apps/users/api.py
+1
-2
backends.py
apps/users/backends.py
+2
-2
models.py
apps/users/models.py
+8
-8
serializers.py
apps/users/serializers.py
+1
-12
No files found.
apps/assets/api.py
View file @
1159d949
# ~*~ coding: utf-8 ~*~
from
rest_framework
import
serializers
from
rest_framework
import
viewsets
,
serializers
,
generics
from
.models
import
AssetGroup
,
Asset
,
IDC
,
AssetExtend
from
rest_framework
import
viewsets
,
serializers
,
generics
from
rest_framework.views
import
APIView
from
rest_framework_bulk
import
BulkListSerializer
,
BulkSerializerMixin
,
ListBulkCreateUpdateDestroyAPIView
from
common.mixins
import
BulkDeleteApiMixin
from
rest_framework_bulk
import
BulkListSerializer
,
BulkSerializerMixin
,
ListBulkCreateUpdateDestroyAPIView
from
.serializers
import
*
from
common.utils
import
get_object_or_none
from
.models
import
AssetGroup
,
Asset
,
IDC
,
AssetExtend
from
.serializers
import
AssetBulkUpdateSerializer
class
AssetGroupSerializer
(
serializers
.
ModelSerializer
):
class
Meta
:
model
=
AssetGroup
...
...
@@ -52,6 +57,21 @@ class IDCViewSet(viewsets.ReadOnlyModelViewSet):
queryset
=
IDC
.
objects
.
all
()
serializer_class
=
IDCSerializer
class
AssetListUpdateApi
(
BulkDeleteApiMixin
,
ListBulkCreateUpdateDestroyAPIView
):
queryset
=
Asset
.
objects
.
all
()
serializer_class
=
AssetBulkUpdateSerializer
\ No newline at end of file
serializer_class
=
AssetBulkUpdateSerializer
class
AssetSystemUserAuthApi
(
APIView
):
def
get
(
self
,
request
,
*
args
,
**
kwargs
):
system_user_id
=
request
.
data
.
get
(
'system_user_id'
,
-
1
)
system_user_username
=
request
.
data
.
get
(
'system_user_username'
,
''
)
system_user
=
get_object_or_none
(
Asset
,
id
=
system_user_id
,
username
=
system_user_username
)
if
system_user
:
password
=
system_user
.
password
private_key
=
system_user
.
private_key
apps/assets/models.py
View file @
1159d949
...
...
@@ -7,7 +7,7 @@ from django.core import serializers
import
logging
from
django.utils.translation
import
ugettext_lazy
as
_
from
common.utils
import
encrypt
,
decrypt
from
common.utils
import
signer
logger
=
logging
.
getLogger
(
__name__
)
...
...
@@ -111,23 +111,23 @@ class AdminUser(models.Model):
@password.setter
def
password
(
self
,
password_raw
):
self
.
_password
=
encrypt
(
password_raw
)
self
.
_password
=
signer
.
sign
(
password_raw
)
@property
def
private_key
(
self
):
return
decrypt
(
self
.
_private_key
)
return
signer
.
unsign
(
self
.
_private_key
)
@private_key.setter
def
private_key
(
self
,
private_key_raw
):
self
.
_private_key
=
encrypt
(
private_key_raw
)
self
.
_private_key
=
signer
.
sign
(
private_key_raw
)
@property
def
public_key
(
self
):
return
decrypt
(
self
.
_public_key
)
return
signer
.
unsign
(
self
.
_public_key
)
@public_key.setter
def
public_key
(
self
,
public_key_raw
):
self
.
_public_key
=
encrypt
(
public_key_raw
)
self
.
_public_key
=
signer
.
sign
(
public_key_raw
)
class
Meta
:
db_table
=
'admin_user'
...
...
@@ -179,27 +179,27 @@ class SystemUser(models.Model):
@property
def
password
(
self
):
return
decrypt
(
self
.
_password
)
return
signer
.
sign
(
self
.
_password
)
@password.setter
def
password
(
self
,
password_raw
):
self
.
_password
=
encrypt
(
password_raw
)
self
.
_password
=
signer
.
sign
(
password_raw
)
@property
def
private_key
(
self
):
return
decrypt
(
self
.
_private_key
)
return
signer
(
self
.
_private_key
)
@private_key.setter
def
private_key
(
self
,
private_key_raw
):
self
.
_private_key
=
encrypt
(
private_key_raw
)
self
.
_private_key
=
signer
(
private_key_raw
)
@property
def
public_key
(
self
):
return
decrypt
(
self
.
_public_key
)
return
signer
(
self
.
_public_key
)
@public_key.setter
def
public_key
(
self
,
public_key_raw
):
self
.
_public_key
=
encrypt
(
public_key_raw
)
self
.
_public_key
=
signer
(
public_key_raw
)
def
get_assets_inherit_from_asset_groups
(
self
):
assets
=
set
()
...
...
apps/assets/serializers.py
View file @
1159d949
...
...
@@ -5,6 +5,7 @@ from .models import AssetGroup, Asset, IDC, AssetExtend
from
common.mixins
import
BulkDeleteApiMixin
from
rest_framework_bulk
import
BulkListSerializer
,
BulkSerializerMixin
class
AssetBulkUpdateSerializer
(
BulkSerializerMixin
,
serializers
.
ModelSerializer
):
# group_display = serializers.SerializerMethodField()
# active_display = serializers.SerializerMethodField()
...
...
apps/common/utils.py
View file @
1159d949
...
...
@@ -8,7 +8,7 @@ import string
import
logging
import
datetime
from
itsdangerous
import
Signer
,
TimedJSONWebSignatureSerializer
,
JSONWebSignatureSerializer
,
TimestampSign
er
,
\
from
itsdangerous
import
TimedJSONWebSignatureSerializer
,
JSONWebSignatureSerializ
er
,
\
BadSignature
,
SignatureExpired
from
django.shortcuts
import
reverse
as
dj_reverse
from
django.conf
import
settings
...
...
@@ -34,31 +34,25 @@ def get_object_or_none(model, **kwargs):
return
obj
def
encrypt
(
*
args
,
**
kwargs
):
try
:
return
signing
.
dumps
(
*
args
,
**
kwargs
)
except
signing
.
BadSignature
:
return
''
def
decrypt
(
*
args
,
**
kwargs
):
try
:
return
signing
.
loads
(
*
args
,
**
kwargs
)
except
signing
.
BadSignature
:
return
''
class
Signer
(
object
):
def
__init__
(
self
,
secret_key
=
SECRET_KEY
):
self
.
secret_key
=
secret_key
def
sign
(
self
,
value
):
s
=
JSONWebSignatureSerializer
(
self
.
secret_key
)
return
s
.
dumps
(
value
)
def
sign
(
value
,
secret_key
=
SECRET_KEY
):
signer
=
TimestampSigner
(
secret_key
)
return
signer
.
sign
(
value
)
def
unsign
(
self
,
value
):
s
=
JSONWebSignatureSerializer
(
self
.
secret_key
)
return
s
.
loads
(
value
)
def
sign_t
(
self
,
value
,
expires_in
=
3600
):
s
=
TimedJSONWebSignatureSerializer
(
self
.
secret_key
,
expires_in
=
expires_in
)
return
s
.
dumps
(
value
)
def
unsign
(
value
,
max_age
=
3600
,
secret_key
=
SECRET_KEY
):
signer
=
TimestampSigner
(
secret_key
)
try
:
return
signer
.
unsign
(
value
,
max_age
=
max_age
)
except
(
BadSignature
,
SignatureExpired
):
return
''
def
unsign_t
(
self
,
value
):
s
=
TimedJSONWebSignatureSerializer
(
self
.
secret_key
)
return
s
.
loads
(
value
)
def
date_expired_default
():
...
...
@@ -69,10 +63,6 @@ def date_expired_default():
return
timezone
.
now
()
+
timezone
.
timedelta
(
days
=
365
*
years
)
def
sign
(
value
):
return
SIGNER
.
sign
(
value
)
def
combine_seq
(
s1
,
s2
,
callback
=
None
):
for
s
in
(
s1
,
s2
):
if
not
hasattr
(
s
,
'__iter__'
):
...
...
@@ -165,3 +155,5 @@ def timesince(dt, since='', default="just now"):
return
"
%
d
%
s"
%
(
period
,
singular
if
period
==
1
else
plural
)
return
default
signer
=
Signer
()
\ No newline at end of file
apps/terminal/api.py
View file @
1159d949
...
...
@@ -5,7 +5,7 @@ from rest_framework.generics import ListCreateAPIView, RetrieveUpdateDestroyAPIV
from
rest_framework.views
import
APIView
,
Response
from
rest_framework.permissions
import
AllowAny
from
common.utils
import
unsign
,
get_object_or_none
from
common.utils
import
signer
,
get_object_or_none
from
.models
import
Terminal
,
TerminalHeatbeat
from
.serializers
import
TerminalSerializer
,
TerminalHeatbeatSerializer
from
.hands
import
IsSuperUserOrTerminalUser
...
...
@@ -17,7 +17,7 @@ class TerminalCreateListApi(ListCreateAPIView):
permission_classes
=
(
AllowAny
,)
def
post
(
self
,
request
,
*
args
,
**
kwargs
):
name
=
unsign
(
request
.
data
.
get
(
'name'
,
''
))
name
=
signer
.
unsign
(
request
.
data
.
get
(
'name'
,
''
))
if
name
:
terminal
=
get_object_or_none
(
Terminal
,
name
=
name
)
if
terminal
:
...
...
apps/users/api.py
View file @
1159d949
...
...
@@ -138,7 +138,6 @@ class UserTokenApi(APIView):
cache
.
set
(
token
,
user
.
id
,
self
.
expiration
)
cache
.
set
(
'
%
s_
%
s'
%
(
user
.
id
,
remote_addr
),
token
,
self
.
expiration
)
return
Response
({
'token'
:
token
})
return
Response
({
'token'
:
token
,
'id'
:
user
.
id
,
'username'
:
user
.
username
,
'name'
:
user
.
name
})
else
:
return
Response
({
'msg'
:
'Invalid password or public key or user is not active or expired'
})
apps/users/backends.py
View file @
1159d949
...
...
@@ -9,7 +9,7 @@ from django.utils.translation import ugettext as _
from
rest_framework
import
authentication
,
exceptions
,
permissions
from
rest_framework.compat
import
is_authenticated
from
common.utils
import
unsign
,
get_object_or_none
from
common.utils
import
signer
,
get_object_or_none
from
.hands
import
Terminal
from
.models
import
User
...
...
@@ -39,7 +39,7 @@ class TerminalAuthentication(authentication.BaseAuthentication):
return
self
.
authenticate_credentials
(
sign
)
def
authenticate_credentials
(
self
,
sign
):
name
=
unsign
(
sign
,
max_age
=
300
)
name
=
signer
.
unsign
(
sign
)
if
name
:
terminal
=
get_object_or_none
(
self
.
model
,
name
=
name
)
else
:
...
...
apps/users/models.py
View file @
1159d949
...
...
@@ -15,7 +15,7 @@ from django.shortcuts import reverse
from
rest_framework.authtoken.models
import
Token
from
common.utils
import
encrypt
,
decrypt
,
date_expired_default
from
common.utils
import
signer
,
date_expired_default
from
common.mixins
import
NoDeleteModelMixin
...
...
@@ -120,19 +120,19 @@ class User(AbstractUser):
@property
def
private_key
(
self
):
return
decrypt
(
self
.
_private_key
)
return
signer
.
unsign
(
self
.
_private_key
)
@private_key.setter
def
private_key
(
self
,
private_key_raw
):
self
.
_private_key
=
encrypt
(
private_key_raw
)
self
.
_private_key
=
signer
.
sign
(
private_key_raw
)
@property
def
public_key
(
self
):
return
decrypt
(
self
.
_public_key
)
return
signer
.
unsign
(
self
.
_public_key
)
@public_key.setter
def
public_key
(
self
,
public_key_raw
):
self
.
_public_key
=
encrypt
(
public_key_raw
)
self
.
_public_key
=
signer
.
sign
(
public_key_raw
)
@property
def
is_superuser
(
self
):
...
...
@@ -199,12 +199,12 @@ class User(AbstractUser):
return
False
def
generate_reset_token
(
self
):
return
sign
ing
.
dumps
({
'reset'
:
self
.
id
,
'email'
:
self
.
email
}
)
return
sign
er
.
sign_t
({
'reset'
:
self
.
id
,
'email'
:
self
.
email
},
expires_in
=
3600
)
@classmethod
def
validate_reset_token
(
cls
,
token
,
max_age
=
3600
):
def
validate_reset_token
(
cls
,
token
):
try
:
data
=
sign
ing
.
loads
(
token
,
max_age
=
max_age
)
data
=
sign
er
.
unsign_t
(
token
)
user_id
=
data
.
get
(
'reset'
,
None
)
user_email
=
data
.
get
(
'email'
,
''
)
user
=
cls
.
objects
.
get
(
id
=
user_id
,
email
=
user_email
)
...
...
apps/users/serializers.py
View file @
1159d949
...
...
@@ -5,7 +5,7 @@ from django.utils.translation import ugettext_lazy as _
from
rest_framework
import
serializers
from
rest_framework_bulk
import
BulkListSerializer
,
BulkSerializerMixin
from
common.utils
import
unsign
from
common.utils
import
signer
from
.models
import
User
,
UserGroup
...
...
@@ -84,14 +84,3 @@ class GroupBulkUpdateSerializer(BulkSerializerMixin, serializers.ModelSerializer
def
get_user_amount
(
obj
):
return
obj
.
users
.
count
()
class
AppUserRegisterSerializer
(
serializers
.
Serializer
):
username
=
serializers
.
CharField
(
max_length
=
20
)
def
create
(
self
,
validated_data
):
sign
=
validated_data
(
'username'
,
''
)
username
=
unsign
(
sign
)
pass
def
update
(
self
,
instance
,
validated_data
):
pass
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment