Merge branch 'dev' of github.com:jumpserver/jumpserver into dev

4bc5eced · ibuler · bf7079df · b82a66c8 · 4bc5eced · 4bc5eced
Commit 4bc5eced authored Mar 28, 2019 by ibuler
9 changed files
--- a/apps/locale/zh/LC_MESSAGES/django.mo
+++ b/apps/locale/zh/LC_MESSAGES/django.mo
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
--- a/apps/settings/api.py
+++ b/apps/settings/api.py
@@ -5,18 +5,21 @@ import os
 import json
 import jms_storage

-from ldap3 import Server, Connection
 from rest_framework.views import Response, APIView
 from django.conf import settings
 from django.core.mail import send_mail
 from django.utils.translation import ugettext_lazy as _

 from .models import Setting
-from .utils import get_ldap_users_list, save_user
+from .utils import LDAPUtil
 from common.permissions import IsOrgAdmin, IsSuperUser
+from common.utils import get_logger
 from .serializers import MailTestSerializer, LDAPTestSerializer


+logger = get_logger(__file__)
+
+
 class MailTestingAPI(APIView):
    permission_classes = (IsOrgAdmin,)
    serializer_class = MailTestSerializer
@@ -46,78 +49,78 @@ class LDAPTestingAPI(APIView):
    serializer_class = LDAPTestSerializer
    success_message = _("Test ldap success")

+    @staticmethod
+    def get_ldap_util(serializer):
+        host = serializer.validated_data["AUTH_LDAP_SERVER_URI"]
+        bind_dn = serializer.validated_data["AUTH_LDAP_BIND_DN"]
+        password = serializer.validated_data["AUTH_LDAP_BIND_PASSWORD"]
+        use_ssl = serializer.validated_data.get("AUTH_LDAP_START_TLS", False)
+        search_ougroup = serializer.validated_data["AUTH_LDAP_SEARCH_OU"]
+        search_filter = serializer.validated_data["AUTH_LDAP_SEARCH_FILTER"]
+        attr_map = serializer.validated_data["AUTH_LDAP_USER_ATTR_MAP"]
+        try:
+            attr_map = json.loads(attr_map)
+        except json.JSONDecodeError:
+            return Response({"error": "AUTH_LDAP_USER_ATTR_MAP not valid"}, status=401)
+
+        util = LDAPUtil(
+            use_settings_config=False, server_uri=host, bind_dn=bind_dn,
+            password=password, use_ssl=use_ssl,
+            search_ougroup=search_ougroup, search_filter=search_filter,
+            attr_map=attr_map
+        )
+        return util
+
    def post(self, request):
        serializer = self.serializer_class(data=request.data)
-        if serializer.is_valid():
-            host = serializer.validated_data["AUTH_LDAP_SERVER_URI"]
-            bind_dn = serializer.validated_data["AUTH_LDAP_BIND_DN"]
-            password = serializer.validated_data["AUTH_LDAP_BIND_PASSWORD"]
-            use_ssl = serializer.validated_data.get("AUTH_LDAP_START_TLS", False)
-            search_ougroup = serializer.validated_data["AUTH_LDAP_SEARCH_OU"]
-            search_filter = serializer.validated_data["AUTH_LDAP_SEARCH_FILTER"]
-            attr_map = serializer.validated_data["AUTH_LDAP_USER_ATTR_MAP"]
+        if not serializer.is_valid():
+            return Response({"error": str(serializer.errors)}, status=401)

-            try:
-                attr_map = json.loads(attr_map)
-            except json.JSONDecodeError:
-                return Response({"error": "AUTH_LDAP_USER_ATTR_MAP not valid"}, status=401)
+        util = self.get_ldap_util(serializer)

-            server = Server(host, use_ssl=use_ssl)
-            conn = Connection(server, bind_dn, password)
-            try:
-                conn.bind()
-            except Exception as e:
-                return Response({"error": str(e)}, status=401)
+        try:
+            users = util.get_search_user_items()
+        except Exception as e:
+            return Response({"error": str(e)}, status=401)

-            users = []
-            for search_ou in str(search_ougroup).split("|"):
-                ok = conn.search(search_ou, search_filter % ({"user": "*"}),
-                                 attributes=list(attr_map.values()))
-                if not ok:
-                    return Response({"error": _("Search no entry matched in ou {}").format(search_ou)}, status=401)
-
-                for entry in conn.entries:
-                    user = {}
-                    for attr, mapping in attr_map.items():
-                        if hasattr(entry, mapping):
-                            user[attr] = getattr(entry, mapping)
-                    users.append(user)
-            if len(users) > 0:
-                return Response({"msg": _("Match {} s users").format(len(users))})
-            else:
-                return Response({"error": "Have user but attr mapping error"}, status=401)
+        if len(users) > 0:
+            return Response({"msg": _("Match {} s users").format(len(users))})
        else:
-            return Response({"error": str(serializer.errors)}, status=401)
+            return Response({"error": "Have user but attr mapping error"}, status=401)


-class LDAPSyncAPI(APIView):
+class LDAPUserListApi(APIView):
    permission_classes = (IsOrgAdmin,)

    def get(self, request):
-        ldap_users_list = get_ldap_users_list()
-        if not isinstance(ldap_users_list, list):
-            return Response(ldap_users_list, status=401)
-        return Response(ldap_users_list)
+        util = LDAPUtil()
+        try:
+            users = util.get_search_user_items()
+        except Exception as e:
+            users = []
+            logger.error(e, exc_info=True)
+        else:
+            users = sorted(users, key=lambda u: (u['existing'], u['username']))
+        return Response(users)


-class LDAPConfirmSyncAPI(APIView):
+class LDAPUserSyncAPI(APIView):
    permission_classes = (IsOrgAdmin,)

    def post(self, request):
        user_names = request.data.get('user_names', '')
-        if not user_names:
-            error = _('User is not currently selected, please check the user '
-                      'you want to import')
-            return Response({'error': error}, status=401)
-
-        ldap_users_list = get_ldap_users_list(user_names=user_names)
-        if not isinstance(ldap_users_list, list):
-            return Response(ldap_users_list, status=401)
-
-        save_result = save_user(ldap_users_list)
-        if 'error' in save_result.keys():
-            return Response(save_result, status=401)
-        return Response(save_result)
+
+        util = LDAPUtil()
+        try:
+            result = util.sync_users(username_set=user_names)
+        except Exception as e:
+            logger.error(e, exc_info=True)
+            return Response({'error': str(e)}, status=401)
+        else:
+            msg = _("succeed: {} failed: {} total: {}").format(
+                result['succeed'], result['failed'], result['total']
+            )
+            return Response({'msg': msg})


 class ReplayStorageCreateAPI(APIView):

--- a/apps/settings/models.py
+++ b/apps/settings/models.py
@@ -79,6 +79,8 @@ class Setting(models.Model):
            obj.cleaned_value = data
        else:
            value = obj.cleaned_value
+            if value is None:
+                value = {}
            value.update(data)
            obj.cleaned_value = value
        obj.save()

--- a/apps/settings/templates/settings/_ldap_list_users_modal.html
+++ b/apps/settings/templates/settings/_ldap_list_users_modal.html
@@ -4,7 +4,10 @@

 {% block modal_class %}modal-lg{% endblock %}
 {% block modal_id %}ldap_list_users_modal{% endblock %}
-{% block modal_title%}{% trans "Ldap users" %}{% endblock %}
+{% block modal_title%}{% trans "LDAP user list" %}{% endblock %}
+
+{% block modal_help_message%} <div class="alert alert-info help-message" style="width: 838px; margin-left: 30px">{% trans 'Please submit the LDAP configuration before import' %}</div>{% endblock %}
+
 {% block modal_body %}
 <link href="{% static 'css/plugins/ztree/awesomeStyle/awesome.css' %}" rel="stylesheet">
 <script type="text/javascript" src="{% static 'js/plugins/ztree/jquery.ztree.all.min.js' %}"></script>
@@ -34,7 +37,7 @@
                           <th class="text-center">{% trans 'Username' %}</th>
                           <th class="text-center">{% trans 'Name' %}</th>
                           <th class="text-center">{% trans 'Email' %}</th>
-                           <th class="text-center">{% trans 'Is imported' %}</th>
+                           <th class="text-center">{% trans 'Existing' %}</th>
                       </tr>
                   </thead>
                   <tbody>
@@ -47,16 +50,25 @@

 <script>
 var ldap_users_table = 0;
-function initLdapTable() {
+function initLdapUsersTable() {
    if(ldap_users_table){
        return
    }
    var options = {
        ele: $('#ldap_list_users_table'),
-        ajax_url: '{% url "api-settings:ldap-sync" %}',
+        ajax_url: '{% url "api-settings:ldap-user-list" %}',
+        columnDefs: [
+            {targets: 4, createdCell: function (td, cellData, rowData) {
+                if(cellData){
+                    $(td).html('<i class="fa fa-check text-navy"></i>')
+                }else{
+                    $(td).html('<i class="fa fa-times text-danger"></i>')
+                }
+            }}
+        ],
        columns: [
            {data: "username" },{data: "username" }, {data: "name" },
-            {data:"email"}, {data:'is_imported'}
+            {data:"email"}, {data:'existing'}
        ],
        pageLength: 10
    };
@@ -68,8 +80,7 @@ function initLdapTable() {

 $(document).ready(function(){
 }).on('show.bs.modal', function () {
-    initLdapTable();
-
+    initLdapUsersTable();
 })
 .on('click','.close_btn1',function () {
    window.location.reload()
@@ -82,9 +93,9 @@ $(document).ready(function(){
 {% endblock %}

 {% block modal_button %}
-    {{ block.super }}
+    <button data-dismiss="modal" class="btn btn-white close_btn2" type="button">{% trans "Close" %}</button>
+    <button class="btn btn-primary" type="button" id="{% block modal_confirm_id %}btn_ldap_modal_confirm{% endblock %}">{% trans 'Import' %}</button>
 {% endblock %}
-{% block modal_confirm_id %}btn_ldap_modal_confirm{% endblock %}



--- a/apps/settings/templates/settings/ldap_setting.html
+++ b/apps/settings/templates/settings/ldap_setting.html
@@ -58,11 +58,11 @@
                                    <div class="hr-line-dashed"></div>
                                    <div class="form-group">
                                        <div class="col-sm-4 col-sm-offset-2">
-                                            <button class="btn btn-default btn-test" type="button"> {% trans 'Test connection' %}</button>
                                            <button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
-                                            <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
+                                            <button class="btn btn-default btn-test" type="button"> {% trans 'Test connection' %}</button>
 {#                                            <button class="btn btn-primary sync_button " data-toggle="modal" data-target="#sync_users_modal" type="button">{% trans 'Synchronization' %}</button>#}
-                                            <button class="btn btn-primary sync_button " data-toggle="modal" data-target="#ldap_list_users_modal" type="button">{% trans 'Sync User' %}</button>
+                                            <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
+                                            <button class="btn btn-default sync_button " data-toggle="modal" data-target="#ldap_list_users_modal" type="button">{% trans 'Bulk import' %}</button>
                                        </div>
                                    </div>
                                    </form>
@@ -108,11 +108,17 @@ $(document).ready(function () {
 })
 .on("click","#btn_ldap_modal_confirm",function () {
    var user_names=[];
-    var cheked = $("tbody input[type='checkbox']:checked").each(function () {
+    $("tbody input[type='checkbox']:checked").each(function () {
        user_names.push($(this).attr('id'));
-
    });
-    var the_url =  "{% url "api-settings:ldap-comfirm-sync" %}";
+
+    if (user_names.length === 0){
+        var msg = "{% trans 'User is not currently selected, please check the user you want to import'%}"
+        toastr.error(msg);
+        return
+     }
+
+    var the_url =  "{% url "api-settings:ldap-user-sync" %}";

    function error(message) {
        toastr.error(message)

--- a/apps/settings/urls/api_urls.py
+++ b/apps/settings/urls/api_urls.py
@@ -9,8 +9,8 @@ app_name = 'common'
 urlpatterns = [
    path('mail/testing/', api.MailTestingAPI.as_view(), name='mail-testing'),
    path('ldap/testing/', api.LDAPTestingAPI.as_view(), name='ldap-testing'),
-    path('ldap/sync/', api.LDAPSyncAPI.as_view(), name='ldap-sync'),
-    path('ldap/comfirm/sync/', api.LDAPConfirmSyncAPI.as_view(), name='ldap-comfirm-sync'),
+    path('ldap/users/', api.LDAPUserListApi.as_view(), name='ldap-user-list'),
+    path('ldap/users/sync/', api.LDAPUserSyncAPI.as_view(), name='ldap-user-sync'),
    path('terminal/replay-storage/create/', api.ReplayStorageCreateAPI.as_view(), name='replay-storage-create'),
    path('terminal/replay-storage/delete/', api.ReplayStorageDeleteAPI.as_view(), name='replay-storage-delete'),
    path('terminal/command-storage/create/', api.CommandStorageCreateAPI.as_view(), name='command-storage-create'),

--- a/apps/settings/utils.py
+++ b/apps/settings/utils.py
--- a/apps/templates/_modal.html
+++ b/apps/templates/_modal.html
@@ -12,6 +12,7 @@
                <h4 class="modal-title">{% block modal_title %}{% endblock %}</h4>
                <small>{% block modal_comment %}{% endblock %}</small>
            </div>
+            {% block modal_help_message %}{% endblock %}
            <div class="modal-body">
              {% block modal_body %}
              {% endblock %}