修改密钥密码后重新生成key, 普通用户首页

2035a49c · guanghongwei · bd0fd90e · 2035a49c · 2035a49c · 2035a49c
Commit 2035a49c authored Apr 08, 2015 by guanghongwei
13 changed files
--- a/jasset/views.py
+++ b/jasset/views.py
@@ -3,15 +3,11 @@
 import ast
 from django.db.models import Q
-from django.http import Http404
-from django.http import HttpResponseRedirect
 from django.template import RequestContext
 from django.shortcuts import render_to_response
 from models import IDC, Asset, BisGroup
 from juser.models import UserGroup, DEPT
-from connect import PyCrypt, KEY
-from jlog.models import Log
 from jumpserver.views import jasset_host_edit, pages
 from jumpserver.api import *

--- a/jumpserver/api.py
+++ b/jumpserver/api.py
@@ -281,6 +281,7 @@ def user_perm_asset_api(username):
            asset_list.extend(asset_group.asset_set.all())
        return asset_list
+    return []
 def asset_perm_api(asset):

--- a/jumpserver/settings.py
+++ b/jumpserver/settings.py
@@ -108,7 +108,6 @@ TEMPLATE_DIRS = (
 STATICFILES_DIRS = (
    os.path.join(BASE_DIR, "static"),
-    os.path.join(BASE_DIR, "keys"),
 )
 # Internationalization
 # https://docs.djangoproject.com/en/1.7/topics/i18n/

--- a/jumpserver/urls.py
+++ b/jumpserver/urls.py
@@ -12,9 +12,12 @@ urlpatterns = patterns('',
    (r'^base/$', 'jumpserver.views.base'),
    (r'^login/$', 'jumpserver.views.login'),
    (r'^logout/$', 'jumpserver.views.logout'),
+    (r'^upload/$', 'jumpserver.views.upload'),
+    (r'^download/$', 'jumpserver.views.download'),
    (r'^juser/', include('juser.urls')),
    (r'^jasset/', include('jasset.urls')),
    (r'^jlog/', include('jlog.urls')),
    (r'^jperm/', include('jperm.urls')),
 )
--- a/jumpserver/views.py
+++ b/jumpserver/views.py
@@ -44,6 +44,25 @@ def get_data(data, items, option):
 @require_login
 def index_cu(request):
+    user_id = request.session.get('user_id')
+    user = User.objects.filter(id=user_id)
+    if user:
+        user = user[0]
+    login_types = {'L': 'LDAP', 'M': 'MAP'}
+    user_id = request.session.get('user_id')
+    username = User.objects.get(id=user_id).name
+    posts = user_perm_asset_api(username)
+    host_count = len(posts)
+    new_posts = []
+    post_five = []
+    for post in posts:
+        if len(post_five) < 5:
+            post_five.append(post)
+        else:
+            new_posts.append(post_five)
+            post_five = []
+    new_posts.append(post_five)
    return render_to_response('index_cu.html', locals(), context_instance=RequestContext(request))
@@ -237,3 +256,6 @@ def install(request):
         name='group_admin', email='group_admin@jumpserver.org', role='DA', is_active=True, dept=dept2).save()
    return HttpResponse('Ok')
+def upload(request):
+    pass
--- a/juser/urls.py
+++ b/juser/urls.py
@@ -29,4 +29,5 @@ urlpatterns = patterns('juser.views',
    (r'^profile/$', 'profile'),
    (r'^chg_info/$', 'chg_info'),
    (r'^chg_role/$', 'chg_role'),
+    (r'^down_key/$', 'down_key'),
 )
--- a/juser/views.py
+++ b/juser/views.py
@@ -6,7 +6,6 @@ import random
 import subprocess
 from Crypto.PublicKey import RSA
 import crypt
-import datetime
 from django.shortcuts import render_to_response
 from django.core.exceptions import ObjectDoesNotExist
@@ -32,9 +31,10 @@ def bash(cmd):
    return subprocess.call(cmd, shell=True)
-def is_dir(dir_name, mode=0755):
+def is_dir(dir_name, username='root', mode=0755):
    if not os.path.isdir(dir_name):
        os.makedirs(dir_name)
+        bash("chown %s:%s '%s'" % (username, username, dir_name))
    os.chmod(dir_name, mode)
@@ -113,7 +113,7 @@ def gen_ssh_key(username, password=None, length=2048):
    public_key_dir = '/home/%s/.ssh/' % username
    public_key_file = os.path.join(public_key_dir, 'authorized_keys')
    is_dir(private_key_dir)
-    is_dir(public_key_dir, mode=0700)
+    is_dir(public_key_dir, username, mode=0700)
    key = RSA.generate(length)
    with open(private_key_file, 'w') as pri_f:
@@ -128,7 +128,7 @@ def gen_ssh_key(username, password=None, length=2048):
 def server_add_user(username, password, ssh_key_pwd):
-    bash('useradd %s; echo %s | passwd --stdin %s' % (username, password, username))
+    bash("useradd '%s'; echo '%s' | passwd --stdin '%s'" % (username, password, username))
    gen_ssh_key(username, ssh_key_pwd)
@@ -883,6 +883,7 @@ def user_edit(request):
            password = md5_crypt(password)
        if ssh_key_pwd != user.ssh_key_pwd:
+            gen_ssh_key(user.username, ssh_key_pwd)
            ssh_key_pwd = CRYPTOR.encrypt(ssh_key_pwd)
        db_update_user(user_id=user_id,
@@ -991,9 +992,42 @@ def chg_info(request):
                password = md5_crypt(password)
            if ssh_key_pwd != user.ssh_key_pwd:
+                gen_ssh_key(user.username, ssh_key_pwd)
                ssh_key_pwd = md5_crypt(ssh_key_pwd)
            user_set.update(name=name, password=password, ssh_key_pwd=ssh_key_pwd, email=email)
            msg = '修改成功'
    return render_to_response('juser/chg_info.html', locals(), context_instance=RequestContext(request))
+@require_login
+def down_key(request):
+    user_id = ''
+    if is_super_user(request):
+        user_id = request.GET.get('id')
+    if is_group_admin(request):
+        user_id = request.GET.get('id')
+        if not validate(request, user=[user_id]):
+            user_id = request.session.get('user_id')
+    if is_common_user(request):
+        user_id = request.session.get('user_id')
+    if user_id:
+        user = User.objects.filter(id=user_id)
+        if user:
+            user = user[0]
+            username = user.username
+            private_key_dir = os.path.join(BASE_DIR, 'keys/jumpserver/')
+            private_key_file = os.path.join(private_key_dir, username+".pem")
+            if os.path.isfile(private_key_file):
+                f = open(private_key_file)
+                data = f.read()
+                f.close()
+                response = HttpResponse(data, content_type='application/octet-stream')
+                response['Content-Disposition'] = 'attachment; filename=%s' % os.path.basename(private_key_file)
+                return response
+    return HttpResponse('No Key File. Contact Admin.')
\ No newline at end of file
--- a/templates/index_cu.html
+++ b/templates/index_cu.html
 {% extends 'base.html' %}
+{% load mytags %}
 {% block content %}
 {% include 'nav_cat_bar.html' %}
-<div class="wrapper wrapper-content">
+<div class="wrapper wrapper-content" xmlns="http://www.w3.org/1999/html">
    <div class="row">
        <div class="col-lg-8">
            <div class="ibox float-e-margins">
@@ -27,9 +28,132 @@
                    </div>
                </div>
+                <div class="ibox-content" style="line-height: 26px">
+                    <span style="font-size: large">欢</span>迎使用<span class="text-navy"><b>Jumpserver</b></span>跳板机系统，
+                    首先需要 <b><a href="/juser/down_key/?id={{ user.id }}">下载</a></b> 登录跳板机的SSH密钥文件，然后导入到工具或者ssh命令指定密钥文件(确保密钥文件权限600)，输入收到的密钥密码，登录跳板机。
+                    登录后根据提示进行操作。跳板机web界面支持修改密码、个人信息和上传下载文件等功能，可以向管理员申请权限。
+                </div>
+            </div>
+            <div class="ibox float-e-margins">
+                <div class="ibox-title">
+                    <h5> 已授权主机 </h5>
+                    <div class="ibox-tools">
+                        <div class="label label-primary float-left"><b>总共：{{ host_count }}</b></div>
+                        <a class="collapse-link">
+                            <i class="fa fa-chevron-up"></i>
+                        </a>
+                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                            <i class="fa fa-wrench"></i>
+                        </a>
+                        <ul class="dropdown-menu dropdown-user">
+                            <li><a href="#">未启用 1</a>
+                            </li>
+                            <li><a href="#">未启用 2</a>
+                            </li>
+                        </ul>
+                        <a class="close-link">
+                            <i class="fa fa-times"></i>
+                        </a>
+                    </div>
+                </div>
                <div class="ibox-content">
-                    helo
+                    <table class="table table-striped">
+                        {% for host_five in new_posts %}
+                        <tr>
+                            {% for host in host_five %}
+                            <td>{{ host.ip }}</td>
+                            {% endfor %}
+                        </tr>
+                        {% endfor %}
+                    </table>
+                    {% ifequal host_count 0 %}
+                        (空)
+                    {% endifequal %}
+                </div>
+            </div>
+        </div>
+        <div class="col-lg-4">
+            <div class="ibox float-e-margins">
+                <div class="ibox-title">
+                    <span class="label label-primary"><b>{{ user.name }}</b></span>
+                    <div class="ibox-tools">
+                        <a class="collapse-link">
+                            <i class="fa fa-chevron-up"></i>
+                        </a>
+                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                            <i class="fa fa-wrench"></i>
+                        </a>
+                        <ul class="dropdown-menu dropdown-user">
+                            <li><a href="#"></a>
+                            </li>
+                            <li><a href="#"></a>
+                            </li>
+                        </ul>
+                        <a class="close-link">
+                            <i class="fa fa-times"></i>
+                        </a>
+                    </div>
+                </div>
+                <div class="ibox-content">
+                    <div>
+                        <div class="text-left">
+                            <table class="table">
+                                <tr>
+                                    <td class="text-navy">ID</td>
+                                    <td>{{ user.id }}</td>
+                                </tr>
+                                <tr>
+                                    <td class="text-navy">用户名</td>
+                                    <td>{{ user.username }}</td>
+                                </tr>
+                                <tr>
+                                    <td class="text-navy">姓名</td>
+                                    <td>{{ user.name }}</td>
+                                </tr>
+                                <tr>
+                                    <td class="text-navy">角色</td>
+                                    <td>{{ user.id | get_role }}</td>
+                                </tr>
+                                <tr>
+                                    <td class="text-navy">部门</td>
+                                    <td>{{ user.dept.name }}</td>
+                                </tr>
+                                <tr>
+                                    <td class="text-navy">Email</td>
+                                    <td>{{ user.email }}</td>
+                                </tr>
+                                <tr>
+                                    <td class="text-navy">激活</td>
+                                    <td>{{ user.is_active|bool2str }}</td>
+                                </tr>
+                                <tr>
+                                    <td class="text-navy">添加日期</td>
+                                    <td>{{ user.date_joined|date:"Y-m-d H:i:s" }}</td>
+                                </tr>
+                                <tr>
+                                    <td class="text-navy">最后登录</td>
+                                    <td>{{ user.last_login|date:"Y-m-d H:i:s" }}</td>
+                                </tr>
+                                <tr>
+                                    <td class="text-navy">所在用户组</td>
+                                    <td>
+                                         <table class="table">
+                                             {% for group in user.group.all %}
+                                                <tr>
+                                                    <td>{{ group.name }}</td>
+                                                </tr>
+                                             {% endfor %}
+                                         </table>
+                                    </td>
+                                </tr>
+                            </table>
+                        </div>
+                    </div>
                </div>
+            </div>
        </div>
    </div>
 </div>

--- a/templates/juser/chg_info.html
+++ b/templates/juser/chg_info.html
@@ -63,7 +63,7 @@
                                <div class="col-sm-8">
                                    <input id="ssh_key_pwd" name="ssh_key_pwd" placeholder="SSH Key Password" type="password" class="form-control" value="{{ user.ssh_key_pwd }}">
                                    <span class="help-block m-b-none">
-                                        登陆 Jumpserver 使用的SSH密钥的密码
+                                        登陆 Jumpserver 使用的SSH密钥的密码,更改密钥密码需要重新下载密钥
                                    </span>
                                </div>
                            </div>

--- a/templates/juser/user_detail.html
+++ b/templates/juser/user_detail.html
@@ -136,6 +136,9 @@
                                </div>
                            </div>
                        {% endfor %}
+                        {% if not user|get_user_asset_group %}
+                            (无)
+                        {% endif %}
                    </div>
                </div>
            </div>
@@ -164,6 +167,9 @@
                                            </div>
                                        </div>
                                    {% endfor %}
+                                    {% if not logs_last %}
+                                        (无)
+                                    {% endif %}
                                </div>
                                <button id="show" class="btn btn-primary btn-block m-t"><i class="fa fa-arrow-down"></i> Show All</button>

--- a/templates/juser/user_edit.html
+++ b/templates/juser/user_edit.html
@@ -59,7 +59,7 @@
                                <div class="col-sm-8">
                                    <input id="ssh_key_pwd" name="ssh_key_pwd" placeholder="SSH Key Password" type="password" class="form-control" value="{{ user.ssh_key_pwd }}">
                                    <span class="help-block m-b-none">
-                                        登陆 Jumpserver 使用的SSH密钥的密码
+                                        登陆 Jumpserver 使用的SSH密钥的密码，更改密钥密码需要重新下载密钥
                                    </span>
                                </div>
                            </div>

--- a/templates/juser/user_list.html
+++ b/templates/juser/user_list.html
@@ -72,7 +72,7 @@
                                <td class="text-center" title="{% for user_group in user.group.all %} {{ user_group.name }} {% endfor %}"> {{ user.group.all | group_str2  }} </td>
                                <td class="text-center"> {{ user.id | get_role }}</td>
                                <td class="text-center">{{ user.is_active|bool2str }}</td>
-                                <td class="text-center"><a href="/static/jumpserver/{{ user.username }}.pem">下载</a></td>
+                                <td class="text-center"><a href="/juser/down_key/?id={{ user.id }}">下载</a></td>
                                <td class="text-center">
                                    <a href="../user_detail/?id={{ user.id }}" class="btn btn-xs btn-primary">详情</a>
                                    {% ifequal session_role_id 2 %}

--- a/templates/nav.html
+++ b/templates/nav.html
@@ -136,7 +136,7 @@
            <li>
               <a href="/"><i class="fa fa-th-large"></i> <span class="nav-label">仪表盘</span><span class="label label-info pull-right"></span></a>
            </li>
-            <li>
+            <li class="user_detail">
               <a href="/juser/user_detail/?id={{ session_user_id }}"><i class="fa fa-rebel"></i> <span class="nav-label">个人信息</span><span class="label label-info pull-right"></span></a>
            </li>
            <li id="jasset">
@@ -156,13 +156,10 @@
            <li>
                <a href="#"><i class="fa fa-download"></i> <span class="nav-label">上传下载</span><span class="fa arrow"></span></a>
                <ul class="nav nav-second-level">
-                    <li><a href="/file/upload/">文件上传</a></li>
+                    <li><a href="/upload/">文件上传</a></li>
-                    <li><a href="/file/download/">文件下载</a></li>
+                    <li><a href="/download/">文件下载</a></li>
                </ul>
            </li>
-            <li>
-               <a href="/"><i class="fa fa-files-o"></i> <span class="nav-label">使用说明</span><span class="label label-info pull-right"></span></a>
-            </li>
            <li class="special_link">
                <a href="http://www.jumpserver.org" target="_blank"><i class="fa fa-database"></i> <span class="nav-label">访问官网</span></a>