Merge pull request #2904 from jumpserver/dev

Dev

Merge pull request #2904 from jumpserver/dev
Dev
8918da48 · 老广 · GitHub · 52d52861 · f3b5823c · 8918da48
Unverified Commit 8918da48 authored Jul 08, 2019 by 老广 Committed by GitHub Jul 08, 2019
18 changed files
--- a/apps/assets/forms/user.py
+++ b/apps/assets/forms/user.py
@@ -65,17 +65,7 @@ class PasswordAndKeyAuthForm(forms.ModelForm):
 class AdminUserForm(PasswordAndKeyAuthForm):
    def save(self, commit=True):
-        # Because we define custom field, so we need rewrite :method: `save`
+        raise forms.ValidationError("Use api to save")
-        admin_user = super().save(commit=commit)
-        password = self.cleaned_data.get('password', '') or None
-        private_key, public_key = super().gen_keys()
-        admin_user.set_auth(password=password, public_key=public_key, private_key=private_key)
-        return admin_user
-    def clean(self):
-        super().clean()
-        if not self.instance:
-            super().validate_password_key()
    class Meta:
        model = AdminUser
@@ -91,51 +81,7 @@ class SystemUserForm(OrgModelForm, PasswordAndKeyAuthForm):
    auto_generate_key = forms.BooleanField(initial=True, required=False)
    def save(self, commit=True):
-        # Because we define custom field, so we need rewrite :method: `save`
+        raise forms.ValidationError("Use api to save")
-        system_user = super().save()
-        password = self.cleaned_data.get('password', '') or None
-        login_mode = self.cleaned_data.get('login_mode', '') or None
-        protocol = self.cleaned_data.get('protocol') or None
-        auto_generate_key = self.cleaned_data.get('auto_generate_key', False)
-        private_key, public_key = super().gen_keys()
-        if login_mode == SystemUser.LOGIN_MANUAL or \
-                protocol in [SystemUser.PROTOCOL_TELNET,
-                             SystemUser.PROTOCOL_VNC]:
-            system_user.auto_push = 0
-            system_user.save()
-            auto_generate_key = False
-        if auto_generate_key:
-            logger.info('Auto generate key and set system user auth')
-            if protocol == SystemUser.PROTOCOL_SSH:
-                system_user.auto_gen_auth()
-            elif protocol == SystemUser.PROTOCOL_RDP:
-                system_user.auto_gen_auth_password()
-        else:
-            system_user.set_auth(password=password, private_key=private_key,
-                                 public_key=public_key)
-        return system_user
-    def clean(self):
-        super().clean()
-        auto_generate = self.cleaned_data.get('auto_generate_key')
-        if not self.instance and not auto_generate:
-            super().validate_password_key()
-    def clean_username(self):
-        username = self.data.get('username')
-        login_mode = self.data.get('login_mode')
-        protocol = self.data.get('protocol')
-        if username:
-            return username
-        if login_mode == SystemUser.LOGIN_AUTO and \
-                protocol != SystemUser.PROTOCOL_VNC:
-            msg = _('* Automatic login mode must fill in the username.')
-            raise forms.ValidationError(msg)
-        return username
    class Meta:
        model = SystemUser

--- a/apps/assets/models/base.py
+++ b/apps/assets/models/base.py
@@ -197,6 +197,17 @@ class AssetUser(OrgModelMixin):
        self.public_key = ''
        self.save()
+    @staticmethod
+    def gen_password():
+        return str(uuid.uuid4())
+    @staticmethod
+    def gen_key(username):
+        private_key, public_key = ssh_key_gen(
+            username=username
+        )
+        return private_key, public_key
    def auto_gen_auth(self):
        password = str(uuid.uuid4())
        private_key, public_key = ssh_key_gen(

--- a/apps/assets/serializers/admin_user.py
+++ b/apps/assets/serializers/admin_user.py
@@ -8,10 +8,10 @@ from common.serializers import AdaptedBulkListSerializer
 from ..models import Node, AdminUser
 from orgs.mixins import BulkOrgResourceModelSerializer
-from .base import AuthSerializer
+from .base import AuthSerializer, AuthSerializerMixin
-class AdminUserSerializer(BulkOrgResourceModelSerializer):
+class AdminUserSerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer):
    """
    管理用户
    """

--- a/apps/assets/serializers/asset_user.py
+++ b/apps/assets/serializers/asset_user.py
@@ -4,12 +4,11 @@
 from django.utils.translation import ugettext as _
 from rest_framework import serializers
-from common.utils import validate_ssh_private_key
 from common.serializers import AdaptedBulkListSerializer
 from orgs.mixins import BulkOrgResourceModelSerializer
 from ..models import AuthBook, Asset
 from ..backends import AssetUserManager
-from .base import ConnectivitySerializer
+from .base import ConnectivitySerializer, AuthSerializerMixin
 __all__ = [
@@ -24,7 +23,7 @@ class BasicAssetSerializer(serializers.ModelSerializer):
        fields = ['hostname', 'ip']
-class AssetUserSerializer(BulkOrgResourceModelSerializer):
+class AssetUserSerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer):
    hostname = serializers.CharField(read_only=True, label=_("Hostname"))
    ip = serializers.CharField(read_only=True, label=_("IP"))
    connectivity = ConnectivitySerializer(read_only=True, label=_("Connectivity"))
@@ -50,13 +49,6 @@ class AssetUserSerializer(BulkOrgResourceModelSerializer):
            'public_key': {'write_only': True},
        }
-    def validate_private_key(self, key):
-        password = self.initial_data.get("password")
-        valid = validate_ssh_private_key(key, password)
-        if not valid:
-            raise serializers.ValidationError(_("private key invalid"))
-        return key
    def create(self, validated_data):
        if not validated_data.get("name") and validated_data.get("username"):
            validated_data["name"] = validated_data["username"]

--- a/apps/assets/serializers/base.py
+++ b/apps/assets/serializers/base.py
@@ -2,7 +2,7 @@
 #
 from rest_framework import serializers
-from common.utils import ssh_pubkey_gen
+from common.utils import ssh_pubkey_gen, validate_ssh_private_key
 class AuthSerializer(serializers.ModelSerializer):
@@ -28,4 +28,38 @@ class AuthSerializer(serializers.ModelSerializer):
 class ConnectivitySerializer(serializers.Serializer):
    status = serializers.IntegerField()
    datetime = serializers.DateTimeField()
\ No newline at end of file
+class AuthSerializerMixin:
+    def validate_password(self, password):
+        return password
+    def validate_private_key(self, private_key):
+        if not private_key:
+            return
+        password = self.initial_data.get("password")
+        valid = validate_ssh_private_key(private_key, password)
+        if not valid:
+            raise serializers.ValidationError(_("private key invalid"))
+        return private_key
+    def validate_public_key(self, public_key):
+        return public_key
+    @staticmethod
+    def clean_auth_fields(validated_data):
+        for field in ('password', 'private_key', 'public_key'):
+            value = validated_data.get(field)
+            if not value:
+                validated_data.pop(field, None)
+        # print(validated_data)
+        # raise serializers.ValidationError(">>>>>>")
+    def create(self, validated_data):
+        self.clean_auth_fields(validated_data)
+        return super().create(validated_data)
+    def update(self, instance, validated_data):
+        self.clean_auth_fields(validated_data)
+        return super().update(instance, validated_data)
--- a/apps/assets/serializers/system_user.py
+++ b/apps/assets/serializers/system_user.py
@@ -5,13 +5,14 @@ from django.utils.translation import ugettext_lazy as _
 from common.serializers import AdaptedBulkListSerializer
 from orgs.mixins import BulkOrgResourceModelSerializer
 from ..models import SystemUser
-from .base import AuthSerializer
+from .base import AuthSerializer, AuthSerializerMixin
-class SystemUserSerializer(BulkOrgResourceModelSerializer):
+class SystemUserSerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer):
    """
    系统用户
    """
+    auto_generate_key = serializers.BooleanField(initial=True, required=False, write_only=True)
    class Meta:
        model = SystemUser
@@ -20,7 +21,7 @@ class SystemUserSerializer(BulkOrgResourceModelSerializer):
            'id', 'name', 'username', 'password', 'public_key', 'private_key',
            'login_mode', 'login_mode_display', 'priority', 'protocol',
            'auto_push', 'cmd_filters', 'sudo', 'shell', 'comment', 'nodes',
-            'assets_amount', 'connectivity_amount'
+            'assets_amount', 'connectivity_amount', 'auto_generate_key'
        ]
        extra_kwargs = {
            'password': {"write_only": True},
@@ -32,6 +33,63 @@ class SystemUserSerializer(BulkOrgResourceModelSerializer):
            'created_by': {'read_only': True},
        }
+    def validate_auto_push(self, value):
+        login_mode = self.initial_data.get("login_mode")
+        protocol = self.initial_data.get("protocol")
+        if login_mode == SystemUser.LOGIN_MANUAL or \
+                protocol in [SystemUser.PROTOCOL_TELNET,
+                             SystemUser.PROTOCOL_VNC]:
+            value = False
+        return value
+    def validate_auto_generate_key(self, value):
+        login_mode = self.initial_data.get("login_mode")
+        protocol = self.initial_data.get("protocol")
+        if self.context["request"].method.lower() != "post":
+            value = False
+        elif self.instance:
+            value = False
+        elif login_mode == SystemUser.LOGIN_MANUAL:
+            value = False
+        elif protocol in [SystemUser.PROTOCOL_TELNET, SystemUser.PROTOCOL_VNC]:
+            value = False
+        return value
+    def validate_username(self, username):
+        if username:
+            return username
+        login_mode = self.validated_data.get("login_mode")
+        protocol = self.validated_data.get("protocol")
+        if login_mode == SystemUser.LOGIN_AUTO and \
+                protocol != SystemUser.PROTOCOL_VNC:
+            msg = _('* Automatic login mode must fill in the username.')
+            raise serializers.ValidationError(msg)
+        return username
+    def validate_password(self, password):
+        super().validate_password(password)
+        auto_gen_key = self.initial_data.get("auto_generate_key", False)
+        private_key = self.initial_data.get("private_key")
+        if not self.instance and not auto_gen_key and not password and not private_key:
+            raise serializers.ValidationError(_("Password or private key required"))
+        return password
+    def validate(self, attrs):
+        username = attrs.get("username", "manual")
+        protocol = attrs.get("protocol")
+        auto_gen_key = attrs.get("auto_generate_key", False)
+        if auto_gen_key:
+            password = SystemUser.gen_password()
+            attrs["password"] = password
+            if protocol == SystemUser.PROTOCOL_SSH:
+                private_key, public_key = SystemUser.gen_key(username)
+                attrs["private_key"] = private_key
+                attrs["public_key"] = public_key
+        attrs.pop("auto_generate_key", None)
+        return attrs
    @classmethod
    def setup_eager_loading(cls, queryset):
        """ Perform necessary eager loading of data. """
@@ -52,7 +110,6 @@ class SystemUserAuthSerializer(AuthSerializer):
        ]
 class SystemUserSimpleSerializer(serializers.ModelSerializer):
    """
    系统用户最基本信息的数据结构

--- a/apps/assets/templates/assets/_system_user.html
+++ b/apps/assets/templates/assets/_system_user.html
@@ -218,6 +218,31 @@ $(document).ready(function () {
 })
 .on('change', protocol_id, function(){
    fieldDisplay();
+}).on("submit", "form", function (evt) {
+    evt.preventDefault();
+    {% block formUrl %}
+    var the_url = '{% url 'api-assets:system-user-list' %}';
+    var redirect_to = '{% url "assets:system-user-list" %}';
+    var method = "POST";
+    {% endblock %}
+    var form = $("form");
+    var data = form.serializeObject();
+    objectAttrsIsBool(data, ["auto_generate_key", "auto_push"]);
+    data["private_key"] = $("#id_private_key_file").data('file');
+    var props = {
+        url: the_url,
+        data: data,
+        method: method,
+        form: form,
+        redirect_to: redirect_to
+    };
+    formSubmit(props);
+}).on('change', '#id_private_key_file', function () {
+    readFile($(this)).on("onload", function (evt, data) {
+         $(this).attr("data-file", data)
+    })
 })
 </script>

--- a/apps/assets/templates/assets/admin_user_assets.html
+++ b/apps/assets/templates/assets/admin_user_assets.html
@@ -23,7 +23,7 @@
                        </ul>
                    </div>
                    <div class="tab-content">
-                        <div class="col-sm-9" style="padding-left: 0;">
+                        <div class="col-sm-8" style="padding-left: 0;">
                            <div class="ibox float-e-margins">
                                <div class="ibox-title">
                                    <span style="float: left">{% trans 'Asset list of ' %} <b>{{ admin_user.name }}</b></span>

--- a/apps/assets/templates/assets/admin_user_create_update.html
+++ b/apps/assets/templates/assets/admin_user_create_update.html
@@ -54,9 +54,38 @@
    </div>
 {% endblock %}
 {% block custom_foot_js %}
-    <script>
+<script>
-        $(document).ready(function () {
+$(document).ready(function () {
-            $('.select2').select2();
+    $('.select2').select2();
-        })
+})
-    </script>
+.on("submit", "form", function (evt) {
+    evt.preventDefault();
+    var the_url = '{% url 'api-assets:admin-user-list' %}';
+    var redirect_to = '{% url "assets:admin-user-list" %}';
+    var method = "POST";
+    {% if type == "update" %}
+        the_url = '{% url 'api-assets:admin-user-detail' pk=object.id %}';
+        redirect_to = '{% url "assets:admin-user-list" %}';
+        method = "PUT";
+    {% endif %}
+    var form = $("form");
+    var data = form.serializeObject();
+    data["private_key"] = $("#id_private_key_file").data('file');
+    var props = {
+        url: the_url,
+        data: data,
+        method: method,
+        form: form,
+        redirect_to: redirect_to
+    };
+    formSubmit(props);
+})
+.on('change', '#id_private_key_file', function () {
+    readFile($(this)).on("onload", function (evt, data) {
+         $(this).attr("data-file", data)
+    })
+})
+</script>
 {% endblock %}
\ No newline at end of file
--- a/apps/assets/templates/assets/system_user_update.html
+++ b/apps/assets/templates/assets/system_user_update.html
@@ -14,3 +14,9 @@
    </div>
 {% endblock %}
+{% block formUrl %}
+    var the_url = '{% url 'api-assets:system-user-detail' pk=object.pk %}';
+    var redirect_to = '{% url "assets:system-user-list" %}';
+    var method = "PUT";
+{% endblock %}
--- a/apps/assets/views/admin_user.py
+++ b/apps/assets/views/admin_user.py
@@ -47,7 +47,8 @@ class AdminUserCreateView(PermissionsMixin,
    def get_context_data(self, **kwargs):
        context = {
            'app': _('Assets'),
-            'action': _('Create admin user')
+            'action': _('Create admin user'),
+            "type": "create"
        }
        kwargs.update(context)
        return super().get_context_data(**kwargs)
@@ -65,6 +66,7 @@ class AdminUserUpdateView(PermissionsMixin, SuccessMessageMixin, UpdateView):
        context = {
            'app': _('Assets'),
            'action': _('Update admin user'),
+            "type": "update"
        }
        kwargs.update(context)
        return super().get_context_data(**kwargs)

--- a/apps/locale/zh/LC_MESSAGES/django.mo
+++ b/apps/locale/zh/LC_MESSAGES/django.mo
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
--- a/apps/ops/models/adhoc.py
+++ b/apps/ops/models/adhoc.py
@@ -220,7 +220,7 @@ class AdHoc(models.Model):
        time_start = time.time()
        try:
            date_start = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
-            history.date_start = date_start
+            history.date_start = timezone.now()
            print(_("{} Start task: {}").format(date_start, self.task.name))
            raw, summary = self._run_only()
            date_end = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')

--- a/apps/ops/templates/ops/command_execution_create.html
+++ b/apps/ops/templates/ops/command_execution_create.html
@@ -136,10 +136,12 @@ function getSelectedAssetsNode() {
 	nodes.forEach(function (node) {
 	    if (node.meta.type === 'asset' && !node.isHidden) {
 	        var protocols = node.meta.asset.protocols;
-	        if (assetsNodeId.indexOf(node.id) === -1 && protocols.indexOf("ssh") > -1) {
+            protocols.forEach(function (val) {
-	            assetsNodeId.push(node.id);
+                if (assetsNodeId.indexOf(node.id) === -1 && val.indexOf("ssh") > -1) {
-                assetsNode.push(node)
+	                assetsNodeId.push(node.id);
-            }
+                    assetsNode.push(node)
+                }
+            });
        }
    });
 	return assetsNode;

--- a/apps/perms/utils/asset_permission.py
+++ b/apps/perms/utils/asset_permission.py
@@ -470,7 +470,7 @@ class AssetPermissionUtil(AssetPermissionCacheMixin):
        assets = defaultdict(lambda: defaultdict(int))
        for perm in self.permissions:
            actions = [perm.actions]
-            _assets = perm.assets.all().only(*self.assets_only)
+            _assets = perm.assets.valid().only(*self.assets_only)
            system_users = perm.system_users.all()
            iterable = itertools.product(_assets, system_users, actions)
            for asset, system_user, action in iterable:
@@ -493,7 +493,7 @@ class AssetPermissionUtil(AssetPermissionCacheMixin):
            pattern.add(r'^{0}$|^{0}:'.format(node.key))
        pattern = '|'.join(list(pattern))
        if pattern:
-            assets = Asset.objects.filter(nodes__key__regex=pattern) \
+            assets = Asset.objects.filter(nodes__key__regex=pattern).valid() \
                .prefetch_related('nodes')\
                .only(*self.assets_only)\
                .distinct()

--- a/apps/static/js/jumpserver.js
+++ b/apps/static/js/jumpserver.js
@@ -1156,4 +1156,22 @@ function timeOffset(a, b) {
        return seconds.toFixed(1) + " " + getTimeUnits("s")
    }
    return ""
 }
\ No newline at end of file
+function readFile(ref) {
+    var files = ref.prop('files');
+    var hasFile = files && files.length > 0;
+    if (hasFile) {
+        var reader = new FileReader();//新建一个FileReader
+        console.log(typeof files[0]);
+        reader.readAsText(files[0], "UTF-8");//读取文件
+        reader.onload = function(evt){ //读取完文件之后会回来这里
+            ref.trigger("onload", evt.target.result);
+        };
+    } else {
+        ref.trigger("onload", null);
+    }
+    return ref
+}
--- a/apps/terminal/templates/terminal/session_list.html
+++ b/apps/terminal/templates/terminal/session_list.html
@@ -72,7 +72,7 @@
        <li><a class="search-item" data-value="asset">{% trans 'Asset' %}</a></li>
        <li><a class="search-item" data-value="system_user">{% trans 'System user' %}</a></li>
        <li><a class="search-item" data-value="remote_addr">{% trans 'Remote addr' %}</a></li>
-        <li><a class="search-item" data-value="protocol">{% trans 'Protocol' %}</a></li>
+{#        <li><a class="search-item" data-value="protocol">{% trans 'Protocol' %}</a></li>#}
    </ul>
 {% endblock %}