Merge branch 'dev' into 1.5.5

23b777b2 · ibuler · fe235823 · 87247da0 · 23b777b2 · 23b777b2
Commit 23b777b2 authored Oct 31, 2019 by ibuler
9 changed files
--- a/apps/assets/utils.py
+++ b/apps/assets/utils.py
@@ -136,7 +136,10 @@ class TreeService(Tree):
        if assets:
            return assets
        assets = set(self.assets(nid))
-        children = self.children(nid)
+        try:
+            children = self.children(nid)
+        except NodeIDAbsentError:
+            children = []
        for child in children:
            assets.update(self.all_assets(child.identifier))
        self.all_nodes_assets_map[nid] = assets

--- a/apps/audits/models.py
+++ b/apps/audits/models.py
@@ -6,6 +6,7 @@ from django.utils.translation import ugettext_lazy as _
 from django.utils import timezone

 from orgs.mixins.models import OrgModelMixin
+from orgs.utils import current_org

 __all__ = [
    'FTPLog', 'OperateLog', 'PasswordChangeLog', 'UserLoginLog',
@@ -104,6 +105,9 @@ class UserLoginLog(models.Model):
                Q(city__contains=keyword) |
                Q(username__contains=keyword)
            )
+        if not current_org.is_root():
+            username_list = current_org.get_org_members().values_list('username', flat=True)
+            login_logs = login_logs.filter(username__in=username_list)
        return login_logs

    class Meta:

--- a/apps/authentication/signals_handlers.py
+++ b/apps/authentication/signals_handlers.py
@@ -47,7 +47,7 @@ def on_openid_login_success(sender, user=None, request=None, **kwargs):

 @receiver(populate_user)
 def on_ldap_create_user(sender, user, ldap_user, **kwargs):
-    if user and user.name != 'admin':
+    if user and user.username != 'admin':
        user.source = user.SOURCE_LDAP
        user.save()


--- a/apps/authentication/templates/authentication/_access_key_modal.html
+++ b/apps/authentication/templates/authentication/_access_key_modal.html
@@ -21,7 +21,7 @@
 <div class="uc pull-left m-r-0 m-t-10">
    <button class="btn btn-primary btn-sm" id="create-btn" href="#"> {% trans "Create" %} </button>
 </div>
-<table class="table table-striped table-bordered table-hover " id="access_key_list_table">
+<table class="table table-striped table-bordered table-hover " id="access_key_list_table" style="width: 100%">
    <thead>
    <tr>
        <th class="text-center">

--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -380,6 +380,7 @@ defaults = {
    'AUTH_LDAP_SYNC_INTERVAL': None,
    'AUTH_LDAP_SYNC_CRONTAB': None,
    'AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS': False,
+    'AUTH_LDAP_OPTIONS_OPT_REFERRALS': -1,
    'HTTP_BIND_HOST': '0.0.0.0',
    'HTTP_LISTEN_PORT': 8080,
    'WS_LISTEN_PORT': 8070,

--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@@ -441,6 +441,7 @@ AUTH_LDAP_START_TLS = False
 AUTH_LDAP_USER_ATTR_MAP = {"username": "cn", "name": "sn", "email": "mail"}
 AUTH_LDAP_GLOBAL_OPTIONS = {
    ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER,
+    ldap.OPT_REFERRALS: CONFIG.AUTH_LDAP_OPTIONS_OPT_REFERRALS
 }
 LDAP_CERT_FILE = os.path.join(PROJECT_DIR, "data", "certs", "ldap_ca.pem")
 if os.path.isfile(LDAP_CERT_FILE):

--- a/apps/perms/api/user_remote_app_permission.py
+++ b/apps/perms/api/user_remote_app_permission.py
@@ -53,6 +53,8 @@ class UserGrantedRemoteAppsAsTreeApi(UserGrantedRemoteAppsApi):
    permission_classes = (IsOrgAdminOrAppUser,)

    def get_serializer(self, remote_apps=None, *args, **kwargs):
+        if remote_apps is None:
+            remote_apps = []
        only_remote_app = self.request.query_params.get('only', '0') == '1'
        tree_root = None
        data = []

--- a/apps/terminal/api/command.py
+++ b/apps/terminal/api/command.py
@@ -29,6 +29,9 @@ class CommandQueryMixin:
    default_days_ago = 5

    def get_queryset(self):
+        # 解决访问 /docs/ 问题
+        if hasattr(self, 'swagger_fake_view'):
+            return self.command_store.model.objects.none()
        date_from, date_to = self.get_date_range()
        q = self.request.query_params
        multi_command_storage = get_multi_command_storage()

--- a/config_example.yml
+++ b/config_example.yml
@@ -73,16 +73,23 @@ REDIS_PORT: 6379
 # RADIUS_SECRET: 

 # LDAP/AD settings
+# LDAP 搜索分页数量
+# AUTH_LDAP_SEARCH_PAGED_SIZE: 1000
+#
 # 定时同步用户
-# 启用/禁用
+# 启用 / 禁用
 # AUTH_LDAP_SYNC_IS_PERIODIC: True
-# 单位: 时
+# 同步间隔 (单位: 时) (优先）
 # AUTH_LDAP_SYNC_INTERVAL: 12
 # Crontab 表达式
 # AUTH_LDAP_SYNC_CRONTAB: * 6 * * *
 #
 # LDAP 用户登录时仅允许在用户列表中的用户执行 LDAP Server 认证
 # AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS: False
+#
+# LDAP 认证时如果日志中出现以下信息将参数设置为 0 (详情参见：https://www.python-ldap.org/en/latest/faq.html)
+# In order to perform this operation a successful bind must be completed on the connection
+# AUTH_LDAP_OPTIONS_OPT_REFERRALS: -1


 # OTP settings