Unverified Commit 545d4fa6 authored by 老广's avatar 老广 Committed by GitHub

Merge pull request #2287 from jumpserver/dev

[Update] 禁用其他认证方式修改密码 (#2286)
parents e3db7462 560df502
This diff is collapsed.
......@@ -265,7 +265,6 @@ $(document).ready(function(){
systemUserId = $('#system-users-select').val();
$(".select2").select2({
dropdownAutoWidth : true,
width: 'auto'
}).on('select2:select', function(evt) {
var data = evt.params.data;
systemUserId = data.id;
......
......@@ -120,7 +120,14 @@ class User(AbstractUser):
def set_password(self, raw_password):
self._set_password = True
if self.can_update_password():
return super().set_password(raw_password)
else:
error = _("User auth from {}, go there change password").format(self.source)
raise PermissionError(error)
def can_update_password(self):
return self.is_local
@property
def otp_secret_key(self):
......
......@@ -177,6 +177,7 @@
</span>
</td>
</tr>
{% if user_object.can_update_password %}
<tr>
<td>{% trans 'Send reset password mail' %}:</td>
<td>
......@@ -185,6 +186,7 @@
</span>
</td>
</tr>
{% endif %}
<tr>
<td>{% trans 'Send reset ssh key mail' %}:</td>
<td>
......
......@@ -148,14 +148,6 @@
<div class="panel-body">
<table class="table">
<tbody>
<tr class="no-borders-tr">
<td>{% trans 'Update password' %}:</td>
<td>
<span class="pull-right">
<a type="button" class="btn btn-primary btn-xs" style="width: 54px" href="{% url 'users:user-password-update' %}">{% trans 'Update' %}</a>
</span>
</td>
</tr>
<tr class="no-borders-tr">
<td>{% trans 'Set MFA' %}:</td>
<td>
......@@ -177,6 +169,16 @@
</span>
</td>
</tr>
{% if request.user.can_update_password %}
<tr class="no-borders">
<td>{% trans 'Update password' %}:</td>
<td>
<span class="pull-right">
<a type="button" class="btn btn-primary btn-xs" style="width: 54px" href="{% url 'users:user-password-update' %}">{% trans 'Update' %}</a>
</span>
</td>
</tr>
{% endif %}
{% if request.user.otp_enabled and request.user.otp_secret_key %}
<tr>
<td>{% trans 'Update MFA' %}:</td>
......
......@@ -3,6 +3,7 @@
{% load bootstrap3 %}
{% block user_template_title %}{% trans "Update user" %}{% endblock %}
{% block password %}
{% if object.can_update_password %}
{% bootstrap_field form.password layout="horizontal" %}
{# 密码popover #}
<div id="container">
......@@ -14,13 +15,24 @@
<div class="popover-content"></div>
</div>
</div>
{% else %}
<div class="form-group">
<label class="col-sm-2 control-label">{% trans 'Password' %}</label>
<div class="col-sm-8 controls" style="margin-top: 8px;" id="password_help_text">
{% trans 'User auth from {}, go there change password' %}
</div>
</div>
{% endif %}
{% bootstrap_field form.public_key layout="horizontal" %}
{% endblock %}
{% block custom_foot_js %}
{{ block.super }}
<script>
$(document).ready(function(){
function passwordCheck() {
if ($('#id_password').length != 1) {
return
}
var el = $('#id_password_rules'),
idPassword = $('#id_password'),
idPopover = $('#popover777'),
......@@ -39,7 +51,7 @@
"veryStrong": "{% trans 'Very strong' %}"
};
jQuery.each(password_check_rules, function (idx, rules) {
$.each(password_check_rules, function (idx, rules) {
if(rules.key === 'id_security_password_min_length'){
minLength = rules.value
}
......@@ -61,6 +73,13 @@
var password = idPassword.val();
checkPasswordRules(password, minLength);
});
}
$(document).ready(function(){
passwordCheck();
var origin_text = $("#password_help_text").text();
var new_text = origin_text.replace('{}', "{{ object.source_display }}");
$("#password_help_text").html(new_text);
})
</script>
......
......@@ -239,7 +239,7 @@ class UserForgotPasswordView(TemplateView):
if not user:
error = _('Email address invalid, please input again')
return self.get(request, errors=error)
elif not user.is_local:
elif not user.can_update_password():
error = _('User auth from {}, go there change password'.format(user.source))
return self.get(request, errors=error)
else:
......@@ -298,6 +298,9 @@ class UserResetPasswordView(TemplateView):
return self.get(request, errors=_('Password not same'))
user = User.validate_reset_token(token)
if not user.can_update_password():
error = _('User auth from {}, go there change password'.format(user.source))
return self.get(request, errors=error)
if not user:
return self.get(request, errors=_('Token invalid or expired'))
......
......@@ -414,6 +414,12 @@ class UserPasswordUpdateView(LoginRequiredMixin, UpdateView):
return super().get_success_url()
def form_valid(self, form):
if not self.request.user.can_update_password():
error = _("User auth from {}, go there change password").format(
self.request.source_display
)
form.add_error("password", error)
return self.form_invalid(form)
password = form.cleaned_data.get('new_password')
is_ok = check_password_rules(password)
if not is_ok:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment