Add token

34a0a37b · ibuler · 1159d949 · 34a0a37b · 34a0a37b · 34a0a37b
Commit 34a0a37b authored Nov 01, 2016 by ibuler
8 changed files
--- a/apps/assets/api.py
+++ b/apps/assets/api.py
@@ -2,22 +2,20 @@

 from rest_framework import serializers
 from rest_framework import viewsets, serializers, generics
+from rest_framework.response import Response
 from rest_framework.views import APIView
 from rest_framework_bulk import BulkListSerializer, BulkSerializerMixin, ListBulkCreateUpdateDestroyAPIView

 from common.mixins import BulkDeleteApiMixin
-from common.utils import get_object_or_none
-from .models import AssetGroup, Asset, IDC, AssetExtend
+from common.utils import get_object_or_none, signer
+from .hands import IsSuperUserOrTerminalUser, IsSuperUser
+from .models import AssetGroup, Asset, IDC, SystemUser
 from .serializers import AssetBulkUpdateSerializer


 class AssetGroupSerializer(serializers.ModelSerializer):
    class Meta:
        model = AssetGroup
-        # exclude = [
-        #     'password', 'first_name', 'last_name', 'secret_key_otp',
-        #     'private_key', 'public_key', 'avatar',
-        # ]


 class AssetSerializer(serializers.ModelSerializer):
@@ -56,22 +54,36 @@ class IDCViewSet(viewsets.ReadOnlyModelViewSet):
    """
    queryset = IDC.objects.all()
    serializer_class = IDCSerializer
+    permission_classes = (IsSuperUser,)


 class AssetListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView):
    queryset = Asset.objects.all()
    serializer_class = AssetBulkUpdateSerializer
+    permission_classes = (IsSuperUser,)


-class AssetSystemUserAuthApi(APIView):
+class SystemUserAuthApi(APIView):
+    permission_classes = (IsSuperUserOrTerminalUser,)
+
    def get(self, request, *args, **kwargs):
-        system_user_id = request.data.get('system_user_id', -1)
-        system_user_username = request.data.get('system_user_username', '')
+        system_user_id = request.query_params.get('system_user_id', -1)
+        system_user_username = request.query_params.get('system_user_username', '')

-        system_user = get_object_or_none(Asset, id=system_user_id, username=system_user_username)
+        system_user = get_object_or_none(SystemUser, id=system_user_id, username=system_user_username)

        if system_user:
-            password = system_user.password
-            private_key = system_user.private_key
+            password = signer.sign(system_user.password)
+            private_key = signer.sign(system_user.private_key)
+
+            response = {
+                'id': system_user.id,
+                'password': password,
+                'private_key': private_key,
+            }
+
+            return Response(response)
+        else:
+            return Response({'msg': 'error system user id or username'}, status=401)


--- a/apps/assets/hands.py
+++ b/apps/assets/hands.py
@@ -12,4 +12,5 @@


 from users.utils import AdminUserRequiredMixin
+from users.backends import IsSuperUserOrTerminalUser, IsSuperUser
 from users.models import User, UserGroup
--- a/apps/assets/models.py
+++ b/apps/assets/models.py
@@ -179,7 +179,7 @@ class SystemUser(models.Model):

    @property
    def password(self):
-        return signer.sign(self._password)
+        return signer.unsign(self._password)

    @password.setter
    def password(self, password_raw):
@@ -187,19 +187,19 @@ class SystemUser(models.Model):

    @property
    def private_key(self):
-        return signer(self._private_key)
+        return signer.unsign(self._private_key)

    @private_key.setter
    def private_key(self, private_key_raw):
-        self._private_key = signer(private_key_raw)
+        self._private_key = signer.sign(private_key_raw)

    @property
    def public_key(self):
-        return signer(self._public_key)
+        return signer.unsign(self._public_key)

    @public_key.setter
    def public_key(self, public_key_raw):
-        self._public_key = signer(public_key_raw)
+        self._public_key = signer.sign(public_key_raw)

    def get_assets_inherit_from_asset_groups(self):
        assets = set()

--- a/apps/assets/urls.py
+++ b/apps/assets/urls.py
@@ -64,10 +64,10 @@ urlpatterns = [
 ]

 urlpatterns += [
-    #json
    url(r'^v1/assets/$', api.AssetViewSet.as_view({'get':'list'}), name='assets-list-api'),
    url(r'^v1/assets_bulk/$', api.AssetListUpdateApi.as_view(), name='asset-bulk-update-api'),
    url(r'^v1/idc/$', api.IDCViewSet.as_view({'get':'list'}), name='idc-list-json'),
+    url(r'^v1/system-user/auth/', api.SystemUserAuthApi.as_view(), name='system-user-auth'),
 ]


--- a/apps/common/utils.py
+++ b/apps/common/utils.py
@@ -44,7 +44,10 @@ class Signer(object):

    def unsign(self, value):
        s = JSONWebSignatureSerializer(self.secret_key)
-        return s.loads(value)
+        try:
+            return s.loads(value)
+        except BadSignature:
+            return None

    def sign_t(self, value, expires_in=3600):
        s = TimedJSONWebSignatureSerializer(self.secret_key, expires_in=expires_in)
@@ -52,7 +55,10 @@ class Signer(object):

    def unsign_t(self, value):
        s = TimedJSONWebSignatureSerializer(self.secret_key)
-        return s.loads(value)
+        try:
+            return s.loads(value)
+        except (BadSignature, SignatureExpired):
+            return None


 def date_expired_default():

--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@@ -269,9 +269,9 @@ REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'users.backends.TerminalAuthentication',
        'users.backends.AccessTokenAuthentication',
+        'rest_framework.authentication.TokenAuthentication',
        'rest_framework.authentication.BasicAuthentication',
        'rest_framework.authentication.SessionAuthentication',
-        'rest_framework.authentication.TokenAuthentication',
    ),
 }
 # This setting is required to override the Django's main loop, when running in

--- a/apps/jumpserver/urls.py
+++ b/apps/jumpserver/urls.py
@@ -23,7 +23,7 @@ urlpatterns = [
    url(r'^captcha/', include('captcha.urls')),
    url(r'^$', TemplateView.as_view(template_name='base.html'), name='index'),
    url(r'^(api/)?users/', include('users.urls')),
-    url(r'^assets/', include('assets.urls')),
+    url(r'^(api/)?assets/', include('assets.urls')),
    url(r'^(api/)?perms/', include('perms.urls')),
    url(r'^(api/)?audits/', include('audits.urls')),
    url(r'^(api/)?terminal/', include('terminal.urls')),

--- a/apps/users/urls.py
+++ b/apps/users/urls.py
@@ -36,7 +36,7 @@ urlpatterns = [

 urlpatterns += [
    url(r'^v1/users/$', api.UserListUpdateApi.as_view(), name='user-bulk-update-api'),
-    url(r'^v1/users/token$', api.UserTokenApi.as_view(), name='user-token-api'),
+    url(r'^v1/users/token/$', api.UserTokenApi.as_view(), name='user-token-api'),
    url(r'^v1/users/(?P<pk>\d+)/$', api.UserDetailApi.as_view(), name='user-patch-api'),
    url(r'^v1/users/(?P<pk>\d+)/reset-password/$', api.UserResetPasswordApi.as_view(), name='user-reset-password-api'),
    url(r'^v1/users/(?P<pk>\d+)/reset-pk/$', api.UserResetPKApi.as_view(), name='user-reset-pk-api'),