Skip to content

J
jumpserver
Commit 5434b657 authored by BaiJiangJie's avatar BaiJiangJie
Browse files
Options

[Update] Merge branch dev to 1.5.5

parents a01126c6 200ca65d
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 344 additions and 352 deletions
apps/assets/models/node.py
View file @ 5434b657
......@@ -6,6 +6,7 @@ import time
from django.db import models, transaction
from django.db.models import Q
from django.db.utils import IntegrityError
from django.utils.translation import ugettext_lazy as _
from django.utils.translation import ugettext
from django.core.cache import cache
......@@ -67,7 +68,7 @@ class TreeMixin:
@classmethod
def refresh_node_assets(cls, t=None):
logger.debug("Refresh node tree assets")
logger.debug("Refresh node assets")
key = cls.tree_assets_cache_key
ttl = cls.tree_cache_time
if not t:
......@@ -336,6 +337,17 @@ class SomeNodesMixin:
else:
return False
@classmethod
def get_next_org_root_node_key(cls):
with tmp_to_org(Organization.root()):
org_nodes_roots = cls.objects.filter(key__regex=r'^[0-9]+$')
org_nodes_roots_keys = org_nodes_roots.values_list('key', flat=True)
if not org_nodes_roots_keys:
org_nodes_roots_keys = ['1']
max_key = max([int(k) for k in org_nodes_roots_keys])
key = str(max_key + 1) if max_key != 0 else '2'
return key
@classmethod
def create_org_root_node(cls):
# 如果使用current_org 在set_current_org时会死循环
......@@ -343,14 +355,7 @@ class SomeNodesMixin:
with transaction.atomic():
if not ori_org.is_real():
return cls.default_node()
set_current_org(Organization.root())
org_nodes_roots = cls.objects.filter(key__regex=r'^[0-9]+$')
org_nodes_roots_keys = org_nodes_roots.values_list('key', flat=True)
if not org_nodes_roots_keys:
org_nodes_roots_keys = ['1']
key = max([int(k) for k in org_nodes_roots_keys])
key = str(key + 1) if key != 0 else '2'
set_current_org(ori_org)
key = cls.get_next_org_root_node_key()
root = cls.objects.create(key=key, value=ori_org.name)
return root
......@@ -384,9 +389,16 @@ class SomeNodesMixin:
def default_node(cls):
with tmp_to_org(Organization.default()):
defaults = {'value': cls.default_value}
obj, created = cls.objects.get_or_create(
defaults=defaults, key=cls.default_key,
)
try:
obj, created = cls.objects.get_or_create(
defaults=defaults, key=cls.default_key,
)
except IntegrityError as e:
logger.error("Create default node failed: {}".format(e))
cls.modify_other_org_root_node_key()
obj, created = cls.objects.get_or_create(
defaults=defaults, key=cls.default_key,
)
return obj
@classmethod
......@@ -405,6 +417,35 @@ class SomeNodesMixin:
cls.ungrouped_node()
cls.favorite_node()
@classmethod
def modify_other_org_root_node_key(cls):
"""
解决创建 default 节点失败的问题,
因为在其他组织下存在 default 节点,故在 DEFAULT 组织下 get 不到 create 失败
"""
logger.info("Modify other org root node key")
with tmp_to_org(Organization.root()):
node_key1 = cls.objects.filter(key='1').first()
if not node_key1:
logger.info("Not found node that `key` = 1")
return
if not node_key1.org.is_real():
logger.info("Org is not real for node that `key` = 1")
return
with transaction.atomic():
with tmp_to_org(node_key1.org):
org_root_node_new_key = cls.get_next_org_root_node_key()
for n in cls.objects.all():
old_key = n.key
key_list = n.key.split(':')
key_list[0] = org_root_node_new_key
new_key = ':'.join(key_list)
n.key = new_key
n.save()
logger.info('Modify key ( {} > {} )'.format(old_key, new_key))
class Node(OrgModelMixin, SomeNodesMixin, TreeMixin, FamilyMixin, FullValueMixin, NodeAssetsMixin):
id = models.UUIDField(default=uuid.uuid4, primary_key=True)
......
apps/assets/templates/assets/asset_list.html
View file @ 5434b657
......@@ -426,13 +426,15 @@ $(document).ready(function(){
function success(data) {
url = setUrlParam(the_url, 'spm', data.spm);
requestApi({
url:url,
method:'DELETE',
success:refreshPage,
flash_message:false,
url: url,
method: 'DELETE',
success: function () {
var msg = "{% trans 'Asset Deleted.' %}";
swal("{% trans 'Asset Delete' %}", msg, "success");
refreshPage();
},
flash_message: false,
});
var msg = "{% trans 'Asset Deleted.' %}";
swal("{% trans 'Asset Delete' %}", msg, "success");
}
function fail() {
var msg = "{% trans 'Asset Deleting failed.' %}";
......@@ -440,10 +442,11 @@ $(document).ready(function(){
}
requestApi({
url: "{% url 'api-common:resources-cache' %}",
method:'POST',
body:JSON.stringify(data),
success:success,
error:fail
method: 'POST',
body: JSON.stringify(data),
success: success,
error: fail,
flash_message: false
})
})
}
......
apps/authentication/signals_handlers.py
View file @ 5434b657
......@@ -43,7 +43,7 @@ def on_openid_login_success(sender, user=None, request=None, **kwargs):
@receiver(populate_user)
def on_ldap_create_user(sender, user, ldap_user, **kwargs):
if user and user.username != 'admin':
if user and user.username not in ['admin']:
user.source = user.SOURCE_LDAP
user.save()
......
apps/locale/zh/LC_MESSAGES/django.po
View file @ 5434b657
This diff is collapsed.
apps/perms/signals_handler.py
View file @ 5434b657
......@@ -11,13 +11,6 @@ from .utils.asset_permission import AssetPermissionUtilV2
logger = get_logger(__file__)
permission_m2m_senders = (
AssetPermission.nodes.through,
AssetPermission.assets.through,
AssetPermission.users.through,
AssetPermission.user_groups.through,
)
@receiver([post_save, post_delete], sender=AssetPermission)
@on_transaction_commit
......
apps/settings/api.py
View file @ 5434b657
......@@ -12,21 +12,27 @@ from django.conf import settings
from django.core.mail import send_mail
from django.utils.translation import ugettext_lazy as _
from .models import Setting
from .utils import (
LDAPServerUtil, LDAPCacheUtil, LDAPImportUtil, LDAPSyncUtil,
LDAP_USE_CACHE_FLAGS
)
from .tasks import sync_ldap_user_task
from common.permissions import IsOrgAdmin, IsSuperUser
from common.utils import get_logger
from .models import Setting
from .utils import LDAPUtil
from .serializers import (
MailTestSerializer, LDAPTestSerializer, LDAPUserSerializer,
PublicSettingSerializer,
)
from users.models import User
logger = get_logger(__file__)
class MailTestingAPI(APIView):
permission_classes = (IsOrgAdmin,)
permission_classes = (IsSuperUser,)
serializer_class = MailTestSerializer
success_message = _("Test mail sent to {}, please check")
......@@ -65,70 +71,83 @@ class MailTestingAPI(APIView):
class LDAPTestingAPI(APIView):
permission_classes = (IsOrgAdmin,)
permission_classes = (IsSuperUser,)
serializer_class = LDAPTestSerializer
success_message = _("Test ldap success")
@staticmethod
def get_ldap_util(serializer):
host = serializer.validated_data["AUTH_LDAP_SERVER_URI"]
def get_ldap_config(serializer):
server_uri = serializer.validated_data["AUTH_LDAP_SERVER_URI"]
bind_dn = serializer.validated_data["AUTH_LDAP_BIND_DN"]
password = serializer.validated_data["AUTH_LDAP_BIND_PASSWORD"]
use_ssl = serializer.validated_data.get("AUTH_LDAP_START_TLS", False)
search_ougroup = serializer.validated_data["AUTH_LDAP_SEARCH_OU"]
search_filter = serializer.validated_data["AUTH_LDAP_SEARCH_FILTER"]
attr_map = serializer.validated_data["AUTH_LDAP_USER_ATTR_MAP"]
try:
attr_map = json.loads(attr_map)
except json.JSONDecodeError:
return Response({"error": "AUTH_LDAP_USER_ATTR_MAP not valid"}, status=401)
util = LDAPUtil(
use_settings_config=False, server_uri=host, bind_dn=bind_dn,
password=password, use_ssl=use_ssl,
search_ougroup=search_ougroup, search_filter=search_filter,
attr_map=attr_map
)
return util
config = {
'server_uri': server_uri,
'bind_dn': bind_dn,
'password': password,
'use_ssl': use_ssl,
'search_ougroup': search_ougroup,
'search_filter': search_filter,
'attr_map': json.loads(attr_map),
}
return config
def post(self, request):
serializer = self.serializer_class(data=request.data)
if not serializer.is_valid():
return Response({"error": str(serializer.errors)}, status=401)
util = self.get_ldap_util(serializer)
attr_map = serializer.validated_data["AUTH_LDAP_USER_ATTR_MAP"]
try:
json.loads(attr_map)
except json.JSONDecodeError:
return Response({"error": _("LDAP attr map not valid")}, status=401)
config = self.get_ldap_config(serializer)
util = LDAPServerUtil(config=config)
try:
users = util.search_user_items()
users = util.search()
except Exception as e:
return Response({"error": str(e)}, status=401)
if len(users) > 0:
return Response({"msg": _("Match {} s users").format(len(users))})
else:
return Response({"error": "Have user but attr mapping error"}, status=401)
return Response({"msg": _("Match {} s users").format(len(users))})
class LDAPUserListApi(generics.ListAPIView):
permission_classes = (IsOrgAdmin,)
permission_classes = (IsSuperUser,)
serializer_class = LDAPUserSerializer
def get_queryset_from_cache(self):
search_value = self.request.query_params.get('search')
users = LDAPCacheUtil().search(search_value=search_value)
return users
def get_queryset_from_server(self):
search_value = self.request.query_params.get('search')
users = LDAPServerUtil().search(search_value=search_value)
return users
def get_queryset(self):
if hasattr(self, 'swagger_fake_view'):
return []
q = self.request.query_params.get('search')
try:
util = LDAPUtil()
extra_filter = util.construct_extra_filter(util.SEARCH_FIELD_ALL, q)
users = util.search_user_items(extra_filter)
except Exception as e:
users = []
logger.error(e)
# 前端data_table会根据row.id对table.selected值进行操作
for user in users:
user['id'] = user['username']
cache_police = self.request.query_params.get('cache_police', True)
if cache_police in LDAP_USE_CACHE_FLAGS:
users = self.get_queryset_from_cache()
else:
users = self.get_queryset_from_server()
return users
@staticmethod
def processing_queryset(queryset):
db_username_list = User.objects.all().values_list('username', flat=True)
for q in queryset:
q['id'] = q['username']
q['existing'] = q['username'] in db_username_list
return queryset
def sort_queryset(self, queryset):
order_by = self.request.query_params.get('order')
if not order_by:
......@@ -141,32 +160,87 @@ class LDAPUserListApi(generics.ListAPIView):
queryset = sorted(queryset, key=lambda x: x[order_by], reverse=reverse)
return queryset
def list(self, request, *args, **kwargs):
queryset = self.get_queryset()
def filter_queryset(self, queryset):
if queryset is None:
return queryset
queryset = self.processing_queryset(queryset)
queryset = self.sort_queryset(queryset)
page = self.paginate_queryset(queryset)
if page is not None:
return self.get_paginated_response(page)
return Response(queryset)
return queryset
def list(self, request, *args, **kwargs):
cache_police = self.request.query_params.get('cache_police', True)
# 不是用缓存
if cache_police not in LDAP_USE_CACHE_FLAGS:
return super().list(request, *args, **kwargs)
try:
queryset = self.get_queryset()
except Exception as e:
data = {'error': str(e)}
return Response(data=data, status=400)
# 缓存有数据
if queryset is not None:
return super().list(request, *args, **kwargs)
sync_util = LDAPSyncUtil()
# 还没有同步任务
if sync_util.task_no_start:
task = sync_ldap_user_task.delay()
data = {'msg': 'Cache no data, sync task {} started.'.format(task.id)}
return Response(data=data, status=409)
# 同步任务正在执行
if sync_util.task_is_running:
data = {'msg': 'synchronization is running.'}
return Response(data=data, status=409)
# 同步任务执行结束
if sync_util.task_is_over:
msg = sync_util.get_task_error_msg()
data = {'error': 'Synchronization task report error: {}'.format(msg)}
return Response(data=data, status=400)
return super().list(request, *args, **kwargs)
class LDAPUserImportAPI(APIView):
permission_classes = (IsSuperUser,)
class LDAPUserSyncAPI(APIView):
permission_classes = (IsOrgAdmin,)
def get_ldap_users(self):
username_list = self.request.data.get('username_list', [])
cache_police = self.request.query_params.get('cache_police', True)
if cache_police in LDAP_USE_CACHE_FLAGS:
users = LDAPCacheUtil().search(search_users=username_list)
else:
users = LDAPServerUtil().search(search_users=username_list)
return users
def post(self, request):
username_list = request.data.get('username_list', [])
util = LDAPUtil()
try:
result = util.sync_users(username_list)
users = self.get_ldap_users()
except Exception as e:
logger.error(e, exc_info=True)
return Response({'error': str(e)}, status=401)
else:
msg = _("succeed: {} failed: {} total: {}").format(
result['succeed'], result['failed'], result['total']
)
return Response({'msg': msg})
if users is None:
return Response({'msg': _('Get ldap users is None')}, status=401)
errors = LDAPImportUtil().perform_import(users)
if errors:
return Response({'errors': errors}, status=401)
count = users if users is None else len(users)
return Response({'msg': _('Imported {} users successfully').format(count)})
class LDAPCacheRefreshAPI(generics.RetrieveAPIView):
permission_classes = (IsSuperUser,)
def retrieve(self, request, *args, **kwargs):
try:
LDAPSyncUtil().clear_cache()
except Exception as e:
logger.error(str(e))
return Response(data={'msg': str(e)}, status=400)
return Response(data={'msg': 'success'})
class ReplayStorageCreateAPI(APIView):
......
apps/settings/serializers.py
View file @ 5434b657
......@@ -25,6 +25,7 @@ class LDAPTestSerializer(serializers.Serializer):
class LDAPUserSerializer(serializers.Serializer):
id = serializers.CharField()
username = serializers.CharField()
name = serializers.CharField()
email = serializers.CharField()
existing = serializers.BooleanField(read_only=True)
......
apps/settings/tasks/__init__.py 0 → 100644
View file @ 5434b657
# coding: utf-8
#
from .ldap import *
apps/settings/tasks/ldap.py 0 → 100644
View file @ 5434b657
# coding: utf-8
#
from celery import shared_task
from common.utils import get_logger
from ..utils import LDAPSyncUtil
__all__ = ['sync_ldap_user_task']
logger = get_logger(__file__)
@shared_task
def sync_ldap_user_task():
LDAPSyncUtil().perform_sync()
apps/settings/templates/settings/_ldap_list_users_modal.html
View file @ 5434b657
......@@ -23,6 +23,7 @@
<div class="row">
<div class="col-lg-12 animated fadeInRight" id="split-right">
<div class="mail-box-header">
<div class="uc pull-left m-r-5"><a id="id_refresh_cache" class="btn btn-sm btn-primary"> {% trans "Refresh cache" %} </a></div>
<table class="table table-striped table-bordered table-hover " id="ldap_list_users_table" style="width: 100%">
<thead>
<tr>
......@@ -36,6 +37,9 @@
<tbody>
</tbody>
</table>
<div id="fake_datatable_wrapper_loading" class="dataTables_wrapper" style="display: block;">
<div id="ldap_list_users_table_processing" class="dataTables_processing panel panel-default">{% trans 'Loading' %}...</div>
</div>
</div>
</div>
</div>
......@@ -43,8 +47,11 @@
<script>
var ldap_users_table = 0;
var interval;
function initLdapUsersTable() {
if(ldap_users_table){
ldap_users_table.ajax.reload(null, false);
return ldap_users_table
}
var options = {
......@@ -68,21 +75,93 @@ function initLdapUsersTable() {
],
pageLength: 15
};
ldap_users_table = jumpserver.initServerSideDataTable(options);
return ldap_users_table
}
function testRequestLdapUser(){
$("#fake_datatable_wrapper_loading").css('display', 'block');
var the_url = "{% url 'api-settings:ldap-user-list' %}";
var error = function (data, status) {
if (status === 409){
console.log(data);
return
}
if (status === 400){
toastr.error(data);
$("#fake_datatable_wrapper_loading").css('display', 'none');
clearInterval(interval);
interval = undefined;
return
}
console.log(data, status)
};
var success = function() {
$("#fake_datatable_wrapper_loading").css('display', 'none');
initLdapUsersTable();
clearInterval(interval);
interval = undefined
};
requestApi({
url: the_url,
method: 'GET',
flash_message: false,
error: error,
success: success
});
}
function timingTestRequestLdapUser(){
if (interval !== undefined){
return
}
interval = setInterval(testRequestLdapUser, 2000);
}
$(document).ready(function(){
}).on('show.bs.modal', function () {
initLdapUsersTable();
timingTestRequestLdapUser()
})
.on('click','.close_btn1',function () {
window.location.reload()
.on('click', '#id_refresh_cache', function () {
var the_url = "{% url "api-settings:ldap-cache-refresh" %}";
function error(data) {
toastr.error(data)
}
function success(){
timingTestRequestLdapUser();
}
requestApi({
url: the_url,
method: 'GET',
error: error,
success: success
})
})
.on('click','.close_btn2',function () {
window.location.reload()
.on("click","#btn_ldap_modal_confirm",function () {
var username_list = ldap_users_table.selected;
if (username_list.length === 0){
var msg = "{% trans 'User is not currently selected, please check the user you want to import'%}";
toastr.error(msg);
return
}
var the_url = "{% url "api-settings:ldap-user-import" %}";
function error(message) {
toastr.error(message)
}
function success(message) {
toastr.success(message.msg);
ldap_users_table.selected = [];
timingTestRequestLdapUser();
}
requestApi({
url: the_url,
body: JSON.stringify({'username_list':username_list}),
method: "POST",
flash_message: false,
success: success,
error: error
});
})
</script>
......
apps/settings/templates/settings/ldap_setting.html
View file @ 5434b657
......@@ -63,9 +63,8 @@
<div class="col-sm-4 col-sm-offset-2">
<button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
<button class="btn btn-default btn-test" type="button"> {% trans 'Test connection' %}</button>
{# <button class="btn btn-primary sync_button " data-toggle="modal" data-target="#sync_users_modal" type="button">{% trans 'Synchronization' %}</button>#}
<button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
<button class="btn btn-default sync_button " data-toggle="modal" data-target="#ldap_list_users_modal" type="button">{% trans 'Bulk import' %}</button>
<button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
</div>
</div>
</form>
......@@ -109,33 +108,6 @@ $(document).ready(function () {
error: error
});
})
.on("click","#btn_ldap_modal_confirm",function () {
var username_list = ldap_users_table.selected;
if (username_list.length === 0){
var msg = "{% trans 'User is not currently selected, please check the user you want to import'%}";
toastr.error(msg);
return
}
var the_url = "{% url "api-settings:ldap-user-sync" %}";
function error(message) {
toastr.error(message)
}
function success(message) {
toastr.success(message.msg)
}
requestApi({
url: the_url,
body: JSON.stringify({'username_list':username_list}),
method: "POST",
flash_message: false,
success: success,
error: error
});
})
</script>
{% endblock %}
apps/settings/urls/api_urls.py
View file @ 5434b657
......@@ -10,7 +10,8 @@ urlpatterns = [
path('mail/testing/', api.MailTestingAPI.as_view(), name='mail-testing'),
path('ldap/testing/', api.LDAPTestingAPI.as_view(), name='ldap-testing'),
path('ldap/users/', api.LDAPUserListApi.as_view(), name='ldap-user-list'),
path('ldap/users/sync/', api.LDAPUserSyncAPI.as_view(), name='ldap-user-sync'),
path('ldap/users/import/', api.LDAPUserImportAPI.as_view(), name='ldap-user-import'),
path('ldap/cache/refresh/', api.LDAPCacheRefreshAPI.as_view(), name='ldap-cache-refresh'),
path('terminal/replay-storage/create/', api.ReplayStorageCreateAPI.as_view(), name='replay-storage-create'),
path('terminal/replay-storage/delete/', api.ReplayStorageDeleteAPI.as_view(), name='replay-storage-delete'),
path('terminal/command-storage/create/', api.CommandStorageCreateAPI.as_view(), name='command-storage-create'),
......
apps/settings/utils.py deleted 100644 → 0
View file @ a01126c6
# -*- coding: utf-8 -*-
#
from ldap3 import Server, Connection
from django.utils.translation import ugettext_lazy as _
from users.models import User
from users.utils import construct_user_email
from common.utils import get_logger
from common.const import LDAP_AD_ACCOUNT_DISABLE
from .models import settings
logger = get_logger(__file__)
class LDAPOUGroupException(Exception):
pass
class LDAPUtil:
_conn = None
SEARCH_FIELD_ALL = 'all'
SEARCH_FIELD_USERNAME = 'username'
def __init__(self, use_settings_config=True, server_uri=None, bind_dn=None,
password=None, use_ssl=None, search_ougroup=None,
search_filter=None, attr_map=None, auth_ldap=None):
# config
self.paged_size = settings.AUTH_LDAP_SEARCH_PAGED_SIZE
if use_settings_config:
self._load_config_from_settings()
else:
self.server_uri = server_uri
self.bind_dn = bind_dn
self.password = password
self.use_ssl = use_ssl
self.search_ougroup = search_ougroup
self.search_filter = search_filter
self.attr_map = attr_map
self.auth_ldap = auth_ldap
def _load_config_from_settings(self):
self.server_uri = settings.AUTH_LDAP_SERVER_URI
self.bind_dn = settings.AUTH_LDAP_BIND_DN
self.password = settings.AUTH_LDAP_BIND_PASSWORD
self.use_ssl = settings.AUTH_LDAP_START_TLS
self.search_ougroup = settings.AUTH_LDAP_SEARCH_OU
self.search_filter = settings.AUTH_LDAP_SEARCH_FILTER
self.attr_map = settings.AUTH_LDAP_USER_ATTR_MAP
self.auth_ldap = settings.AUTH_LDAP
@property
def connection(self):
if self._conn is None:
server = Server(self.server_uri, use_ssl=self.use_ssl)
conn = Connection(server, self.bind_dn, self.password)
conn.bind()
self._conn = conn
return self._conn
@staticmethod
def get_user_by_username(username):
try:
user = User.objects.get(username=username)
except Exception as e:
return None
else:
return user
def _ldap_entry_to_user_item(self, entry):
user_item = {}
for attr, mapping in self.attr_map.items():
if not hasattr(entry, mapping):
continue
value = getattr(entry, mapping).value or ''
if mapping.lower() == 'useraccountcontrol' and attr == 'is_active'\
and value:
value = int(value) & LDAP_AD_ACCOUNT_DISABLE \
!= LDAP_AD_ACCOUNT_DISABLE
user_item[attr] = value
return user_item
def _search_user_items_ou(self, search_ou, extra_filter=None, cookie=None):
search_filter = self.search_filter % {"user": "*"}
if extra_filter:
search_filter = '(&{}{})'.format(search_filter, extra_filter)
ok = self.connection.search(
search_ou, search_filter,
attributes=list(self.attr_map.values()),
paged_size=self.paged_size, paged_cookie=cookie
)
if not ok:
error = _("Search no entry matched in ou {}".format(search_ou))
raise LDAPOUGroupException(error)
user_items = []
for entry in self.connection.entries:
user_item = self._ldap_entry_to_user_item(entry)
user = self.get_user_by_username(user_item['username'])
user_item['existing'] = bool(user)
if user_item in user_items:
continue
user_items.append(user_item)
return user_items
def _cookie(self):
if self.paged_size is None:
cookie = None
else:
cookie = self.connection.result['controls']['1.2.840.113556.1.4.319']['value']['cookie']
return cookie
def search_user_items(self, extra_filter=None):
user_items = []
logger.info("Search user items")
for search_ou in str(self.search_ougroup).split("|"):
logger.info("Search user search ou: {}".format(search_ou))
_user_items = self._search_user_items_ou(search_ou, extra_filter=extra_filter)
user_items.extend(_user_items)
while self._cookie():
logger.info("Page Search user search ou: {}".format(search_ou))
_user_items = self._search_user_items_ou(search_ou, extra_filter, self._cookie())
user_items.extend(_user_items)
logger.info("Search user items end")
return user_items
def construct_extra_filter(self, field, q):
if not q:
return None
extra_filter = ''
if field == self.SEARCH_FIELD_ALL:
for attr in self.attr_map.values():
extra_filter += '({}={})'.format(attr, q)
extra_filter = '(|{})'.format(extra_filter)
return extra_filter
if field == self.SEARCH_FIELD_USERNAME and isinstance(q, list):
attr = self.attr_map.get('username')
for username in q:
extra_filter += '({}={})'.format(attr, username)
extra_filter = '(|{})'.format(extra_filter)
return extra_filter
def search_filter_user_items(self, username_list):
extra_filter = self.construct_extra_filter(
self.SEARCH_FIELD_USERNAME, username_list
)
user_items = self.search_user_items(extra_filter)
return user_items
@staticmethod
def save_user(user, user_item):
for field, value in user_item.items():
if not hasattr(user, field):
continue
if isinstance(getattr(user, field), bool):
if isinstance(value, str):
value = value.lower()
value = value in ['true', 1, True]
setattr(user, field, value)
user.save()
def update_user(self, user_item):
user = self.get_user_by_username(user_item['username'])
if user.source != User.SOURCE_LDAP:
msg = _('The user source is not LDAP')
return False, msg
try:
self.save_user(user, user_item)
except Exception as e:
logger.error(e, exc_info=True)
return False, str(e)
else:
return True, None
def create_user(self, user_item):
user = User(source=User.SOURCE_LDAP)
try:
self.save_user(user, user_item)
except Exception as e:
logger.error(e, exc_info=True)
return False, str(e)
else:
return True, None
@staticmethod
def construct_user_email(user_item):
username = user_item['username']
email = user_item.get('email', '')
email = construct_user_email(username, email)
return email
def create_or_update_users(self, user_items):
succeed = failed = 0
for user_item in user_items:
exist = user_item.pop('existing', False)
user_item['email'] = self.construct_user_email(user_item)
if not exist:
ok, error = self.create_user(user_item)
else:
ok, error = self.update_user(user_item)
if not ok:
logger.info("Failed User: {}".format(user_item))
failed += 1
else:
succeed += 1
result = {'total': len(user_items), 'succeed': succeed, 'failed': failed}
return result
def sync_users(self, username_list=None):
user_items = self.search_filter_user_items(username_list)
result = self.create_or_update_users(user_items)
return result
apps/settings/utils/__init__.py 0 → 100644
View file @ 5434b657
# coding: utf-8
#
from .ldap import *
apps/settings/utils/ldap.py 0 → 100644
View file @ 5434b657
This diff is collapsed.
apps/settings/views.py
View file @ 5434b657
......@@ -5,6 +5,7 @@ from django.utils.translation import ugettext as _
from common.permissions import PermissionsMixin, IsSuperUser
from common import utils
from .utils import LDAPSyncUtil
from .forms import EmailSettingForm, LDAPSettingForm, BasicSettingForm, \
TerminalSettingForm, SecuritySettingForm, EmailContentSettingForm
......@@ -83,6 +84,7 @@ class LDAPSettingView(PermissionsMixin, TemplateView):
form.save()
msg = _("Update setting successfully")
messages.success(request, msg)
LDAPSyncUtil().clear_cache()
return redirect('settings:ldap-setting')
else:
context = self.get_context_data()
......
apps/users/signals_handler.py
View file @ 5434b657
......@@ -2,11 +2,11 @@
#
from django.dispatch import receiver
# from django.db.models.signals import post_save
from django.db.models.signals import post_save, m2m_changed
from common.utils import get_logger
from .signals import post_user_create
# from .models import User
from .models import User
logger = get_logger(__file__)
......@@ -28,3 +28,14 @@ def on_user_create(sender, user=None, **kwargs):
logger.info(" - Sending welcome mail ...".format(user.name))
if user.email:
send_user_created_mail(user)
@receiver(m2m_changed, sender=User.groups.through)
def on_user_groups_change(sender, instance=None, action='', **kwargs):
"""
资产节点发生变化时,刷新节点
"""
if action.startswith('post'):
logger.debug("User group member change signal recv: {}".format(instance))
from perms.utils import AssetPermissionUtilV2
AssetPermissionUtilV2.expire_all_user_tree_cache()
apps/users/tasks.py
View file @ 5434b657
# -*- coding: utf-8 -*-
#
import sys
from celery import shared_task
from django.conf import settings
from ops.celery.utils import create_or_update_celery_periodic_tasks
from ops.celery.utils import (
create_or_update_celery_periodic_tasks, disable_celery_periodic_task
)
from ops.celery.decorator import after_app_ready_start
from common.utils import get_logger
from .models import User
from .utils import (
send_password_expiration_reminder_mail, send_user_expiration_reminder_mail
)
from settings.utils import LDAPUtil
from settings.utils import LDAPServerUtil, LDAPImportUtil
logger = get_logger(__file__)
......@@ -70,19 +73,26 @@ def check_user_expired_periodic():
@shared_task
def sync_ldap_user():
logger.info("Start sync ldap user periodic task")
util = LDAPUtil()
result = util.sync_users()
logger.info("Result: {}".format(result))
def import_ldap_user():
logger.info("Start import ldap user task")
util_server = LDAPServerUtil()
util_import = LDAPImportUtil()
users = util_server.search()
errors = util_import.perform_import(users)
if errors:
logger.error("Imported LDAP users errors: {}".format(errors))
else:
logger.info('Imported {} users successfully'.format(len(users)))
@shared_task
@after_app_ready_start
def sync_ldap_user_periodic():
def import_ldap_user_periodic():
if not settings.AUTH_LDAP:
return
if not settings.AUTH_LDAP_SYNC_IS_PERIODIC:
task_name = sys._getframe().f_code.co_name
disable_celery_periodic_task(task_name)
return
interval = settings.AUTH_LDAP_SYNC_INTERVAL
......@@ -91,10 +101,9 @@ def sync_ldap_user_periodic():
else:
interval = None
crontab = settings.AUTH_LDAP_SYNC_CRONTAB
tasks = {
'sync_ldap_user_periodic': {
'task': sync_ldap_user.name,
'import_ldap_user_periodic': {
'task': import_ldap_user.name,
'interval': interval,
'crontab': crontab,
'enabled': True,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment