Unverified Commit 50c1b3ed authored by 老广's avatar 老广 Committed by GitHub

[Update] 统一coco host key (#2336)

parent 131e588d
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# #
import json
from django.dispatch import receiver from django.dispatch import receiver
from django.db.models.signals import post_save, pre_save from django.db.models.signals import post_save, pre_save
from django.conf import LazySettings, empty from django.conf import LazySettings, empty
...@@ -8,7 +10,7 @@ from django.core.cache import cache ...@@ -8,7 +10,7 @@ from django.core.cache import cache
from jumpserver.utils import current_request from jumpserver.utils import current_request
from .models import Setting from .models import Setting
from .utils import get_logger from .utils import get_logger, ssh_key_gen
from .signals import django_ready from .signals import django_ready
logger = get_logger(__file__) logger = get_logger(__file__)
...@@ -62,6 +64,15 @@ def refresh_all_settings_on_django_ready(sender, **kwargs): ...@@ -62,6 +64,15 @@ def refresh_all_settings_on_django_ready(sender, **kwargs):
pass pass
@receiver(django_ready)
def auto_generate_terminal_host_key(sender, **kwargs):
if Setting.objects.filter(name='TERMINAL_HOST_KEY').exists():
return
private_key, public_key = ssh_key_gen()
value = json.dumps(private_key)
Setting.objects.create(name='TERMINAL_HOST_KEY', value=value)
@receiver(pre_save, dispatch_uid="my_unique_identifier") @receiver(pre_save, dispatch_uid="my_unique_identifier")
def on_create_set_created_by(sender, instance=None, **kwargs): def on_create_set_created_by(sender, instance=None, **kwargs):
if getattr(instance, '_ignore_auto_created_by', False) is True: if getattr(instance, '_ignore_auto_created_by', False) is True:
......
...@@ -321,6 +321,7 @@ defaults = { ...@@ -321,6 +321,7 @@ defaults = {
'TERMINAL_ASSET_LIST_SORT_BY': 'hostname', 'TERMINAL_ASSET_LIST_SORT_BY': 'hostname',
'TERMINAL_ASSET_LIST_PAGE_SIZE': 'auto', 'TERMINAL_ASSET_LIST_PAGE_SIZE': 'auto',
'TERMINAL_SESSION_KEEP_DURATION': 9999, 'TERMINAL_SESSION_KEEP_DURATION': 9999,
'TERMINAL_HOST_KEY': '',
'SECURITY_MFA_AUTH': False, 'SECURITY_MFA_AUTH': False,
'SECURITY_LOGIN_LIMIT_COUNT': 7, 'SECURITY_LOGIN_LIMIT_COUNT': 7,
'SECURITY_LOGIN_LIMIT_TIME': 30, 'SECURITY_LOGIN_LIMIT_TIME': 30,
......
...@@ -504,6 +504,7 @@ TERMINAL_HEARTBEAT_INTERVAL = CONFIG.TERMINAL_HEARTBEAT_INTERVAL ...@@ -504,6 +504,7 @@ TERMINAL_HEARTBEAT_INTERVAL = CONFIG.TERMINAL_HEARTBEAT_INTERVAL
TERMINAL_ASSET_LIST_SORT_BY = CONFIG.TERMINAL_ASSET_LIST_SORT_BY TERMINAL_ASSET_LIST_SORT_BY = CONFIG.TERMINAL_ASSET_LIST_SORT_BY
TERMINAL_ASSET_LIST_PAGE_SIZE = CONFIG.TERMINAL_ASSET_LIST_PAGE_SIZE TERMINAL_ASSET_LIST_PAGE_SIZE = CONFIG.TERMINAL_ASSET_LIST_PAGE_SIZE
TERMINAL_SESSION_KEEP_DURATION = CONFIG.TERMINAL_SESSION_KEEP_DURATION TERMINAL_SESSION_KEEP_DURATION = CONFIG.TERMINAL_SESSION_KEEP_DURATION
TERMINAL_HOST_KEY = CONFIG.TERMINAL_HOST_KEY
# Django bootstrap3 setting, more see http://django-bootstrap3.readthedocs.io/en/latest/settings.html # Django bootstrap3 setting, more see http://django-bootstrap3.readthedocs.io/en/latest/settings.html
BOOTSTRAP3 = { BOOTSTRAP3 = {
......
...@@ -2989,7 +2989,7 @@ msgstr "一个月内历史汇总" ...@@ -2989,7 +2989,7 @@ msgstr "一个月内历史汇总"
#: templates/index.html:277 templates/index.html:301 #: templates/index.html:277 templates/index.html:301
msgid "Login count" msgid "Login count"
msgstr "登次数" msgstr "登次数"
#: templates/index.html:277 templates/index.html:308 #: templates/index.html:277 templates/index.html:308
msgid "Active users" msgid "Active users"
...@@ -3009,7 +3009,7 @@ msgstr "禁用用户" ...@@ -3009,7 +3009,7 @@ msgstr "禁用用户"
#: templates/index.html:342 templates/index.html:394 #: templates/index.html:342 templates/index.html:394
msgid "Month not logged in user" msgid "Month not logged in user"
msgstr "月未登用户" msgstr "月未登用户"
#: templates/index.html:368 templates/index.html:444 #: templates/index.html:368 templates/index.html:444
msgid "Access to the source" msgid "Access to the source"
...@@ -3017,7 +3017,7 @@ msgstr "访问来源" ...@@ -3017,7 +3017,7 @@ msgstr "访问来源"
#: templates/index.html:418 templates/index.html:468 #: templates/index.html:418 templates/index.html:468
msgid "Month is logged into the host" msgid "Month is logged into the host"
msgstr "月被登主机" msgstr "月被登主机"
#: templates/index.html:418 templates/index.html:469 #: templates/index.html:418 templates/index.html:469
msgid "Disable host" msgid "Disable host"
...@@ -3025,7 +3025,7 @@ msgstr "禁用主机" ...@@ -3025,7 +3025,7 @@ msgstr "禁用主机"
#: templates/index.html:418 templates/index.html:470 #: templates/index.html:418 templates/index.html:470
msgid "Month not logged on host" msgid "Month not logged on host"
msgstr "月未登主机" msgstr "月未登主机"
#: templates/rest_framework/base.html:128 #: templates/rest_framework/base.html:128
msgid "Filters" msgid "Filters"
...@@ -3583,7 +3583,7 @@ msgstr "更新ssh密钥" ...@@ -3583,7 +3583,7 @@ msgstr "更新ssh密钥"
#: users/templates/users/first_login.html:19 #: users/templates/users/first_login.html:19
#: users/templates/users/first_login_done.html:19 #: users/templates/users/first_login_done.html:19
msgid "First Login" msgid "First Login"
msgstr "首次登" msgstr "首次登"
#: users/templates/users/first_login.html:72 #: users/templates/users/first_login.html:72
msgid "I agree with the terms and conditions." msgid "I agree with the terms and conditions."
...@@ -4326,7 +4326,7 @@ msgstr "* 您的密码不符合要求" ...@@ -4326,7 +4326,7 @@ msgstr "* 您的密码不符合要求"
#: users/views/login.py:349 #: users/views/login.py:349
msgid "First login" msgid "First login"
msgstr "首次登" msgstr "首次登"
#: users/views/user.py:145 #: users/views/user.py:145
msgid "Bulk update user success" msgid "Bulk update user success"
......
...@@ -61,8 +61,9 @@ class Terminal(models.Model): ...@@ -61,8 +61,9 @@ class Terminal(models.Model):
def config(self): def config(self):
configs = {} configs = {}
for k in dir(settings): for k in dir(settings):
if k.startswith('TERMINAL'): if not k.startswith('TERMINAL'):
configs[k] = getattr(settings, k) continue
configs[k] = getattr(settings, k)
configs.update(self.get_common_storage()) configs.update(self.get_common_storage())
configs.update(self.get_replay_storage()) configs.update(self.get_replay_storage())
configs.update({ configs.update({
......
...@@ -19,6 +19,7 @@ from orgs.utils import current_org ...@@ -19,6 +19,7 @@ from orgs.utils import current_org
from ..serializers import UserSerializer, UserPKUpdateSerializer, \ from ..serializers import UserSerializer, UserPKUpdateSerializer, \
UserUpdateGroupSerializer, ChangeUserPasswordSerializer UserUpdateGroupSerializer, ChangeUserPasswordSerializer
from ..models import User from ..models import User
from ..signals import post_user_create
logger = get_logger(__name__) logger = get_logger(__name__)
...@@ -37,6 +38,10 @@ class UserViewSet(IDInFilterMixin, BulkModelViewSet): ...@@ -37,6 +38,10 @@ class UserViewSet(IDInFilterMixin, BulkModelViewSet):
permission_classes = (IsOrgAdmin,) permission_classes = (IsOrgAdmin,)
pagination_class = LimitOffsetPagination pagination_class = LimitOffsetPagination
def perform_create(self, serializer):
user = serializer.save()
post_user_create.send(self.__class__, user=user)
def get_queryset(self): def get_queryset(self):
queryset = current_org.get_org_users() queryset = current_org.get_org_users()
return queryset return queryset
......
# SECURITY WARNING: keep the secret key used in production secret! # SECURITY WARNING: keep the secret key used in production secret!
# 加密秘钥 生产环境中请修改为随机字符串,请勿外泄 # 加密秘钥 生产环境中请修改为随机字符串,请勿外泄, 可使用命令生成
# $ cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo
SECRET_KEY: SECRET_KEY:
# SECURITY WARNING: keep the bootstrap token used in production secret! # SECURITY WARNING: keep the bootstrap token used in production secret!
...@@ -64,4 +65,4 @@ REDIS_PORT: 6379 ...@@ -64,4 +65,4 @@ REDIS_PORT: 6379
# OTP settings # OTP settings
# OTP/MFA 配置 # OTP/MFA 配置
# OTP_VALID_WINDOW: 0 # OTP_VALID_WINDOW: 0
# OTP_ISSUER_NAME: Jumpserver # OTP_ISSUER_NAME: Jumpserver
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment