[Update] 禁用其他认证方式修改密码 (#2286)

* [Update] 禁用其他认证方式修改密码

* [Update] 禁用其他认证方式修改密码

* [Update] 禁用其他认证方式修改密码

apps/ops/templates/ops/command_execution_create.html

@@ -265,7 +265,6 @@ $(document).ready(function(){
     systemUserId = $('#system-users-select').val();
     $(".select2").select2({
         dropdownAutoWidth : true,
-        width: 'auto'
     }).on('select2:select', function(evt) {
          var data = evt.params.data;
          systemUserId = data.id;

apps/users/models/user.py

@@ -120,7 +120,14 @@ class User(AbstractUser):
 
     def set_password(self, raw_password):
         self._set_password = True
-        return super().set_password(raw_password)
+        if self.can_update_password():
+            return super().set_password(raw_password)
+        else:
+            error = _("User auth from {}, go there change password").format(self.source)
+            raise PermissionError(error)
+
+    def can_update_password(self):
+        return self.is_local
 
     @property
     def otp_secret_key(self):

apps/users/templates/users/user_detail.html

@@ -177,6 +177,7 @@
                                                 </span>
                                             </td>
                                         </tr>
+                                        {% if user_object.can_update_password %}
                                         <tr>
                                             <td>{% trans 'Send reset password mail' %}:</td>
                                             <td>
@@ -185,6 +186,7 @@
                                                 </span>
                                             </td>
                                         </tr>
+                                        {% endif %}
                                         <tr>
                                             <td>{% trans 'Send reset ssh key mail' %}:</td>
                                             <td>

apps/users/templates/users/user_profile.html

@@ -148,14 +148,6 @@
                             <div class="panel-body">
                                 <table class="table">
                                     <tbody>
-                                    <tr class="no-borders-tr">
-                                        <td>{% trans 'Update password' %}:</td>
-                                        <td>
-                                            <span class="pull-right">
-                                                <a type="button" class="btn btn-primary btn-xs" style="width: 54px" href="{% url 'users:user-password-update' %}">{% trans 'Update' %}</a>
-                                            </span>
-                                        </td>
-                                    </tr>
                                     <tr class="no-borders-tr">
                                         <td>{% trans 'Set MFA' %}:</td>
                                         <td>
@@ -177,6 +169,16 @@
                                             </span>
                                         </td>
                                     </tr>
+                                    {% if request.user.can_update_password %}
+                                    <tr class="no-borders">
+                                        <td>{% trans 'Update password' %}:</td>
+                                        <td>
+                                            <span class="pull-right">
+                                                <a type="button" class="btn btn-primary btn-xs" style="width: 54px" href="{% url 'users:user-password-update' %}">{% trans 'Update' %}</a>
+                                            </span>
+                                        </td>
+                                    </tr>
+                                    {% endif %}
                                     {% if request.user.otp_enabled and request.user.otp_secret_key %}
                                     <tr>
                                         <td>{% trans 'Update MFA' %}:</td>

apps/users/templates/users/user_update.html

@@ -3,6 +3,7 @@
 {% load bootstrap3 %}
 {% block user_template_title %}{% trans "Update user" %}{% endblock %}
 {% block password %}
+    {% if object.can_update_password %}
     {% bootstrap_field form.password layout="horizontal" %}
     {#  密码popover  #}
     <div id="container">
@@ -14,13 +15,24 @@
             <div class="popover-content"></div>
         </div>
     </div>
+    {% else %}
+    <div class="form-group">
+        <label class="col-sm-2 control-label">{% trans 'Password' %}</label>
+        <div class="col-sm-8 controls" style="margin-top: 8px;" id="password_help_text">
+            {% trans 'User auth from {}, go there change password' %}
+        </div>
+    </div>
+    {% endif %}
     {% bootstrap_field form.public_key layout="horizontal" %}
 {% endblock %}
 
 {% block custom_foot_js %}
     {{ block.super }}
 <script>
-    $(document).ready(function(){
+    function passwordCheck() {
+        if ($('#id_password').length != 1) {
+            return
+        }
         var el = $('#id_password_rules'),
             idPassword = $('#id_password'),
             idPopover = $('#popover777'),
@@ -39,11 +51,11 @@
                 "veryStrong": "{% trans 'Very strong' %}"
             };
 
-         jQuery.each(password_check_rules, function (idx, rules) {
-             if(rules.key === 'id_security_password_min_length'){
-                 minLength = rules.value
-             }
-         });
+        $.each(password_check_rules, function (idx, rules) {
+            if(rules.key === 'id_security_password_min_length'){
+                minLength = rules.value
+            }
+        });
 
         // 初始化popover
         initPopover(container, progress, idPassword, el, password_check_rules, i18n_fallback);
@@ -61,6 +73,13 @@
             var password = idPassword.val();
             checkPasswordRules(password, minLength);
         });
+    }
+    $(document).ready(function(){
+        passwordCheck();
+
+        var origin_text = $("#password_help_text").text();
+        var new_text = origin_text.replace('{}', "{{ object.source_display }}");
+        $("#password_help_text").html(new_text);
 
     })
 </script>

apps/users/views/login.py

@@ -239,7 +239,7 @@ class UserForgotPasswordView(TemplateView):
         if not user:
             error = _('Email address invalid, please input again')
             return self.get(request, errors=error)
-        elif not user.is_local:
+        elif not user.can_update_password():
             error = _('User auth from {}, go there change password'.format(user.source))
             return self.get(request, errors=error)
         else:
@@ -298,6 +298,9 @@ class UserResetPasswordView(TemplateView):
             return self.get(request, errors=_('Password not same'))
 
         user = User.validate_reset_token(token)
+        if not user.can_update_password():
+            error = _('User auth from {}, go there change password'.format(user.source))
+            return self.get(request, errors=error)
         if not user:
             return self.get(request, errors=_('Token invalid or expired'))
 

apps/users/views/user.py

@@ -414,6 +414,12 @@ class UserPasswordUpdateView(LoginRequiredMixin, UpdateView):
         return super().get_success_url()
 
     def form_valid(self, form):
+        if not self.request.user.can_update_password():
+            error = _("User auth from {}, go there change password").format(
+                self.request.source_display
+            )
+            form.add_error("password", error)
+            return self.form_invalid(form)
         password = form.cleaned_data.get('new_password')
         is_ok = check_password_rules(password)
         if not is_ok: