Merge pull request #2978 from jumpserver/dev

Dev 修改private key校验

apps/assets/forms/domain.py

@@ -64,7 +64,7 @@ class GatewayForm(PasswordAndKeyAuthForm, OrgModelForm):
         model = Gateway
         fields = [
             'name', 'ip', 'port', 'username', 'protocol', 'domain', 'password',
-            'private_key_file',  'is_active', 'comment',
+            'private_key',  'is_active', 'comment',
         ]
         help_texts = {
             'protocol': _("SSH gateway support proxy SSH,RDP,VNC")

apps/assets/forms/user.py

@@ -26,39 +26,39 @@ class PasswordAndKeyAuthForm(forms.ModelForm):
         label=_("Password"),
     )
     # Need use upload private key file except paste private key content
-    private_key_file = forms.FileField(required=False, label=_("Private key"))
+    private_key = forms.FileField(required=False, label=_("Private key"))
 
-    def clean_private_key_file(self):
-        private_key_file = self.cleaned_data['private_key_file']
+    def clean_private_key(self):
+        private_key_f = self.cleaned_data['private_key']
         password = self.cleaned_data['password']
 
-        if private_key_file:
-            key_string = private_key_file.read()
-            private_key_file.seek(0)
+        if private_key_f:
+            key_string = private_key_f.read()
+            private_key_f.seek(0)
             key_string = key_string.decode()
 
             if not validate_ssh_private_key(key_string, password):
                 msg = _('Invalid private key, Only support '
                         'RSA/DSA format key')
                 raise forms.ValidationError(msg)
-        return private_key_file
+        return private_key_f
 
     def validate_password_key(self):
         password = self.cleaned_data['password']
-        private_key_file = self.cleaned_data.get('private_key_file', '')
+        private_key_f = self.cleaned_data.get('private_key', '')
 
-        if not password and not private_key_file:
+        if not password and not private_key_f:
             raise forms.ValidationError(_(
                 'Password and private key file must be input one'
             ))
 
     def gen_keys(self):
         password = self.cleaned_data.get('password', '') or None
-        private_key_file = self.cleaned_data['private_key_file']
+        private_key_f = self.cleaned_data['private_key']
         public_key = private_key = None
 
-        if private_key_file:
-            private_key = private_key_file.read().strip().decode('utf-8')
+        if private_key_f:
+            private_key = private_key_f.read().strip().decode('utf-8')
             public_key = ssh_pubkey_gen(private_key=private_key, password=password)
         return private_key, public_key
 
@@ -69,7 +69,7 @@ class AdminUserForm(PasswordAndKeyAuthForm):
 
     class Meta:
         model = AdminUser
-        fields = ['name', 'username', 'password', 'private_key_file', 'comment']
+        fields = ['name', 'username', 'password', 'private_key', 'comment']
         widgets = {
             'name': forms.TextInput(attrs={'placeholder': _('Name')}),
             'username': forms.TextInput(attrs={'placeholder': _('Username')}),
@@ -87,7 +87,7 @@ class SystemUserForm(OrgModelForm, PasswordAndKeyAuthForm):
         model = SystemUser
         fields = [
             'name', 'username', 'protocol', 'auto_generate_key',
-            'password', 'private_key_file', 'auto_push', 'sudo',
+            'password', 'private_key', 'auto_push', 'sudo',
             'comment', 'shell', 'priority', 'login_mode', 'cmd_filters',
         ]
         widgets = {

apps/assets/serializers/base.py

@@ -40,6 +40,10 @@ class AuthSerializerMixin:
     def validate_private_key(self, private_key):
         if not private_key:
             return
+        if 'OPENSSH' in private_key:
+            msg = _("Not support openssh format key, using "
+                    "ssh-keygen -t rsa -m pem to generate")
+            raise serializers.ValidationError(msg)
         password = self.initial_data.get("password")
         valid = validate_ssh_private_key(private_key, password)
         if not valid:

apps/assets/templates/assets/_system_user.html

@@ -53,7 +53,7 @@
                             </div>
                             <div class="auth-fields">
                                 {% bootstrap_field form.password layout="horizontal" %}
-                                {% bootstrap_field form.private_key_file layout="horizontal" %}
+                                {% bootstrap_field form.private_key layout="horizontal" %}
                             </div>
                             <div class="form-group">
                                 <label for="{{ form.auto_push.id_for_label }}" class="col-sm-2 control-label">{% trans 'Auto push' %}</label>
@@ -90,7 +90,7 @@ var login_mode_id = '#' + '{{ form.login_mode.id_for_label }}';
 
 var auto_generate_key = '#'+'{{ form.auto_generate_key.id_for_label }}';
 var password_id = '#' + '{{ form.password.id_for_label }}';
-var private_key_id = '#' + '{{ form.private_key_file.id_for_label }}';
+var private_key_id = '#' + '{{ form.private_key.id_for_label }}';
 var auto_push_id = '#' + '{{ form.auto_push.id_for_label }}';
 var sudo_id = '#' + '{{ form.sudo.id_for_label }}';
 var shell_id = '#' + '{{ form.shell.id_for_label }}';
@@ -230,7 +230,7 @@ $(document).ready(function () {
 
     objectAttrsIsList(data, ['cmd_filters']);
     objectAttrsIsBool(data, ["auto_generate_key", "auto_push"]);
-    data["private_key"] = $("#id_private_key_file").data('file');
+    data["private_key"] = $("#id_private_key").data('file');
 
     var props = {
         url: the_url,
@@ -240,9 +240,9 @@ $(document).ready(function () {
         redirect_to: redirect_to
     };
     formSubmit(props);
-}).on('change', '#id_private_key_file', function () {
+}).on('change', '#id_private_key', function () {
     readFile($(this)).on("onload", function (evt, data) {
-         $(this).attr("data-file", data)
+         $(this).data("file", data)
     })
 })
 

apps/assets/templates/assets/admin_user_create_update.html

@@ -37,7 +37,7 @@
                             {% bootstrap_field form.name layout="horizontal" %}
                             {% bootstrap_field form.username layout="horizontal" %}
                             {% bootstrap_field form.password layout="horizontal" %}
-                            {% bootstrap_field form.private_key_file layout="horizontal" %}
+                            {% bootstrap_field form.private_key layout="horizontal" %}
                             {% bootstrap_field form.comment layout="horizontal" %}
 
                             <div class="form-group">
@@ -70,8 +70,9 @@ $(document).ready(function () {
     {% endif %}
     var form = $("form");
     var data = form.serializeObject();
+    console.log($("#id_private_key").data("file"));
 
-    data["private_key"] = $("#id_private_key_file").data('file');
+    data["private_key"] = $("#id_private_key").data('file');
 
     var props = {
         url: the_url,
@@ -82,9 +83,9 @@ $(document).ready(function () {
     };
     formSubmit(props);
 })
-.on('change', '#id_private_key_file', function () {
+.on('change', '#id_private_key', function () {
     readFile($(this)).on("onload", function (evt, data) {
-         $(this).attr("data-file", data)
+        $(this).data("file", data)
     })
 })
 </script>

apps/assets/templates/assets/gateway_create_update.html

@@ -46,7 +46,7 @@
                             <div class="auth-fields">
                                 {% bootstrap_field form.username layout="horizontal" %}
                                 {% bootstrap_field form.password layout="horizontal" %}
-                                {% bootstrap_field form.private_key_file layout="horizontal" %}
+                                {% bootstrap_field form.private_key layout="horizontal" %}
                             </div>
                             {% endblock %}
 
@@ -70,7 +70,7 @@
 {% block custom_foot_js %}
 <script>
 var protocol_id = '#' + '{{ form.protocol.id_for_label }}';
-var private_key_id = '#' + '{{ form.private_key_file.id_for_label }}';
+var private_key_id = '#' + '{{ form.private_key.id_for_label }}';
 var port = '#' + '{{ form.port.id_for_label }}';
 var username = '#' + '{{ form.username.id_for_label }}';
 var password = '#' + '{{ form.password.id_for_label }}';
@@ -99,7 +99,7 @@ $(document).ready(function(){
     evt.preventDefault();
     var form = $("form");
     var data = form.serializeObject();
-    data["private_key"] = $("#id_private_key_file").data('file');
+    data["private_key"] = $("#id_private_key").data('file');
     var method = "POST";
     var the_url = '{% url "api-assets:gateway-list" %}';
     var redirect_to = '{% url "assets:domain-gateway-list" pk=DEFAULT_PK %}'.replace("{{ DEFAULT_PK }}", data.domain);
@@ -116,9 +116,9 @@ $(document).ready(function(){
      };
     formSubmit(props);
 })
-.on('change', '#id_private_key_file', function () {
+.on('change', '#id_private_key', function () {
     readFile($(this)).on("onload", function (evt, data) {
-         $(this).attr("data-file", data)
+         $(this).data("file", data)
     })
 })
 .on('change', protocol_id, function(){

apps/assets/templates/assets/system_user_update.html

@@ -5,7 +5,7 @@
 
 {% block auth %}
     {% bootstrap_field form.password layout="horizontal" %}
-    {% bootstrap_field form.private_key_file layout="horizontal" %}
+    {% bootstrap_field form.private_key layout="horizontal" %}
     <div class="form-group">
         <label for="{{ form.as_push.id_for_label }}" class="col-sm-2 control-label">{% trans 'Auto push' %}</label>
         <div class="col-sm-8">

apps/jumpserver/middleware.py

@@ -56,4 +56,6 @@ class RequestMiddleware:
     def __call__(self, request):
         set_current_request(request)
         response = self.get_response(request)
+        age = request.session.get_expiry_age()
+        request.session.set_expiry(age)
         return response

apps/locale/zh/LC_MESSAGES/django.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Jumpserver 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2019-07-16 17:04+0800\n"
+"POT-Creation-Date: 2019-07-17 13:09+0800\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: Jumpserver team<ibuler@qq.com>\n"
@@ -695,7 +695,7 @@ msgstr "如果有多个的互相隔离的网络，设置资产属于的网域，
 msgid "Select assets"
 msgstr "选择资产"
 
-#: assets/forms/cmd_filter.py:38 assets/serializers/cmd_filter.py:43
+#: assets/forms/cmd_filter.py:38 assets/serializers/cmd_filter.py:44
 msgid "Content should not be contain: {}"
 msgstr "内容不能包含: {}"
 
@@ -1230,6 +1230,11 @@ msgid "Public key"
 msgstr "ssh公钥"
 
 #: assets/serializers/base.py:44
+msgid ""
+"Not support openssh format key, using ssh-keygen -t rsa -m pem to generate"
+msgstr "暂不支持OPENSSH格式的密钥，使用 ssh-keygen -t rsa -m pem生成"
+
+#: assets/serializers/base.py:50
 msgid "private key invalid"
 msgstr "密钥不合法"
 
@@ -1249,86 +1254,86 @@ msgstr "自动登录模式，必须填写用户名"
 msgid "Password or private key required"
 msgstr "密码或密钥密码需要一个"
 
-#: assets/tasks.py:34
+#: assets/tasks.py:33
 msgid "Asset has been disabled, skipped: {}"
 msgstr "资产或许不支持ansible, 跳过: {}"
 
-#: assets/tasks.py:38
+#: assets/tasks.py:37
 msgid "Asset may not be support ansible, skipped: {}"
 msgstr "资产或许不支持ansible, 跳过: {}"
 
-#: assets/tasks.py:51
+#: assets/tasks.py:50
 msgid "No assets matched, stop task"
 msgstr "没有匹配到资产，结束任务"
 
-#: assets/tasks.py:61
+#: assets/tasks.py:60
 msgid "No assets matched related system user protocol, stop task"
 msgstr "没有匹配到与系统用户协议相关的资产，结束任务"
 
-#: assets/tasks.py:87
+#: assets/tasks.py:86
 msgid "Get asset info failed: {}"
 msgstr "获取资产信息失败：{}"
 
-#: assets/tasks.py:137
+#: assets/tasks.py:136
 msgid "Update some assets hardware info"
 msgstr "更新资产硬件信息"
 
-#: assets/tasks.py:154
+#: assets/tasks.py:153
 msgid "Update asset hardware info: {}"
 msgstr "更新资产硬件信息: {}"
 
-#: assets/tasks.py:179
+#: assets/tasks.py:178
 msgid "Test assets connectivity"
 msgstr "测试资产可连接性"
 
-#: assets/tasks.py:233
+#: assets/tasks.py:232
 msgid "Test assets connectivity: {}"
 msgstr "测试资产可连接性: {}"
 
-#: assets/tasks.py:275
+#: assets/tasks.py:274
 msgid "Test admin user connectivity period: {}"
 msgstr "定期测试管理账号可连接性: {}"
 
-#: assets/tasks.py:282
+#: assets/tasks.py:281
 msgid "Test admin user connectivity: {}"
 msgstr "测试管理行号可连接性: {}"
 
-#: assets/tasks.py:350
+#: assets/tasks.py:349
 msgid "Test system user connectivity: {}"
 msgstr "测试系统用户可连接性: {}"
 
-#: assets/tasks.py:357
+#: assets/tasks.py:356
 msgid "Test system user connectivity: {} => {}"
 msgstr "测试系统用户可连接性: {} => {}"
 
-#: assets/tasks.py:370
+#: assets/tasks.py:369
 msgid "Test system user connectivity period: {}"
 msgstr "定期测试系统用户可连接性: {}"
 
-#: assets/tasks.py:471 assets/tasks.py:557
+#: assets/tasks.py:470 assets/tasks.py:556
 #: xpack/plugins/change_auth_plan/models.py:522
 msgid "The asset {} system platform {} does not support run Ansible tasks"
 msgstr "资产 {} 系统平台 {} 不支持运行 Ansible 任务"
 
-#: assets/tasks.py:483
+#: assets/tasks.py:482
 msgid ""
 "Push system user task skip, auto push not enable or protocol is not ssh or "
 "rdp: {}"
 msgstr "推送系统用户任务跳过，自动推送没有打开，或协议不是ssh或rdp: {}"
 
-#: assets/tasks.py:490
+#: assets/tasks.py:489
 msgid "For security, do not push user {}"
 msgstr "为了安全，禁止推送用户 {}"
 
-#: assets/tasks.py:518 assets/tasks.py:532
+#: assets/tasks.py:517 assets/tasks.py:531
 msgid "Push system users to assets: {}"
 msgstr "推送系统用户到入资产: {}"
 
-#: assets/tasks.py:524
+#: assets/tasks.py:523
 msgid "Push system users to asset: {} => {}"
 msgstr "推送系统用户到入资产: {} => {}"
 
-#: assets/tasks.py:604
+#: assets/tasks.py:603
 msgid "Test asset user connectivity: {}"
 msgstr "测试资产用户可连接性: {}"
 

apps/orgs/middleware.py

@@ -25,7 +25,8 @@ class OrgMiddleware:
     def __call__(self, request):
         self.set_permed_org_if_need(request)
         org = get_org_from_request(request)
-        request.current_org = org
-        set_current_org(org)
+        if org is not None:
+            request.current_org = org
+            set_current_org(org)
         response = self.get_response(request)
         return response