Skip to content

J
jumpserver
Unverified Commit 910f3cdd authored by 老广's avatar 老广 Committed by GitHub
Browse files
Options

Merge pull request #1219 from jumpserver/dev 

[Bugfix] 修复用户登录缓存设置问题
parents 28acc6cc f73fe1f3
Hide whitespace changes
Inline Side-by-side
Showing with 58 additions and 68 deletions
apps/i18n/zh/LC_MESSAGES/django.po
View file @ 910f3cdd
......@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Jumpserver 0.3.3\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2018-04-18 20:14+0800\n"
"POT-Creation-Date: 2018-04-19 12:44+0800\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: ibuler <ibuler@qq.com>\n"
"Language-Team: Jumpserver team<ibuler@qq.com>\n"
......@@ -173,7 +173,7 @@ msgstr "密码或密钥密码"
#: users/templates/users/login.html:59
#: users/templates/users/reset_password.html:52
#: users/templates/users/user_create.html:11
#: users/templates/users/user_password_authentication.html:13
#: users/templates/users/user_password_authentication.html:14
#: users/templates/users/user_password_update.html:40
#: users/templates/users/user_profile_update.html:40
#: users/templates/users/user_pubkey_update.html:40
......@@ -1916,7 +1916,7 @@ msgstr "关闭"
#: templates/_nav.html:10 users/views/group.py:28 users/views/group.py:44
#: users/views/group.py:62 users/views/group.py:79 users/views/group.py:95
#: users/views/login.py:240 users/views/login.py:289 users/views/user.py:64
#: users/views/login.py:241 users/views/login.py:290 users/views/user.py:64
#: users/views/user.py:79 users/views/user.py:99 users/views/user.py:155
#: users/views/user.py:310 users/views/user.py:357 users/views/user.py:379
msgid "Users"
......@@ -2417,9 +2417,9 @@ msgstr "上一步"
#: users/templates/users/first_login.html:60
#: users/templates/users/login_otp.html:66
#: users/templates/users/user_otp_authentication.html:22
#: users/templates/users/user_otp_enable_bind.html:25
#: users/templates/users/user_otp_enable_bind.html:19
#: users/templates/users/user_otp_enable_install_app.html:22
#: users/templates/users/user_password_authentication.html:21
#: users/templates/users/user_password_authentication.html:17
msgid "Next"
msgstr "下一步"
......@@ -2462,13 +2462,13 @@ msgstr ""
#: users/templates/users/login_otp.html:64
#: users/templates/users/user_otp_authentication.html:19
#: users/templates/users/user_otp_enable_bind.html:18
#: users/templates/users/user_otp_enable_bind.html:16
msgid "Six figures"
msgstr "6位数字"
#: users/templates/users/login_otp.html:69
msgid "Can't provide security? Please contact the administrator"
msgstr "如果不能提供OTP码,请联系管理员"
msgid "Can't provide security? Please contact the administrator!"
msgstr "如果不能提供OTP验证码,请联系管理员!"
#: users/templates/users/reset_password.html:45
#: users/templates/users/user_detail.html:343 users/utils.py:72
......@@ -2816,52 +2816,52 @@ msgstr "用户组授权资产"
msgid "Please enable cookies and try again."
msgstr "设置你的浏览器支持cookie"
#: users/views/login.py:106 users/views/user.py:460 users/views/user.py:485
#: users/views/login.py:107 users/views/user.py:479 users/views/user.py:507
msgid "Otp code invalid"
msgstr "otp码认证失败"
#: users/views/login.py:132
#: users/views/login.py:133
msgid "Logout success"
msgstr "退出登录成功"
#: users/views/login.py:133
#: users/views/login.py:134
msgid "Logout success, return login page"
msgstr "退出登录成功,返回到登录页面"
#: users/views/login.py:149
#: users/views/login.py:150
msgid "Email address invalid, please input again"
msgstr "邮箱地址错误,重新输入"
#: users/views/login.py:162
#: users/views/login.py:163
msgid "Send reset password message"
msgstr "发送重置密码邮件"
#: users/views/login.py:163
#: users/views/login.py:164
msgid "Send reset password mail success, login your mail box and follow it "
msgstr ""
"发送重置邮件成功, 请登录邮箱查看, 按照提示操作 (如果没收到,请等待3-5分钟)"
#: users/views/login.py:177
#: users/views/login.py:178
msgid "Reset password success"
msgstr "重置密码成功"
#: users/views/login.py:178
#: users/views/login.py:179
msgid "Reset password success, return to login page"
msgstr "重置密码成功,返回到登录页面"
#: users/views/login.py:195 users/views/login.py:208
#: users/views/login.py:196 users/views/login.py:209
msgid "Token invalid or expired"
msgstr "Token错误或失效"
#: users/views/login.py:204
#: users/views/login.py:205
msgid "Password not same"
msgstr "密码不一致"
#: users/views/login.py:240
#: users/views/login.py:241
msgid "First login"
msgstr "首次登陆"
#: users/views/login.py:290
#: users/views/login.py:291
msgid "Login log list"
msgstr "登录日志"
......@@ -2889,23 +2889,23 @@ msgstr "密码更新"
msgid "Public key update"
msgstr "密钥更新"
#: users/views/user.py:419
#: users/views/user.py:430
msgid "Password invalid"
msgstr "用户名或密码无效"
#: users/views/user.py:512
#: users/views/user.py:535
msgid "OTP enable success"
msgstr "OTP 绑定成功"
#: users/views/user.py:513
#: users/views/user.py:536
msgid "OTP enable success, return login page"
msgstr "OTP 绑定成功,返回到登录页面"
#: users/views/user.py:515
#: users/views/user.py:538
msgid "OTP disable success"
msgstr "OTP 解绑成功"
#: users/views/user.py:516
#: users/views/user.py:539
msgid "OTP disable success, return login page"
msgstr "OTP 解绑成功,返回登录页面"
......
apps/users/templates/users/login_otp.html
View file @ 910f3cdd
......@@ -51,7 +51,7 @@
<div class="text-center">
<img src="{% static 'img/otp_auth.png' %}" alt="" width="72px" height="117">
</div>
<p style="margin: 30px auto">请在手机中打开Google Authenticator应用,输入6位动态码</p>
<p style="margin: 30px auto">&nbsp;请打开手机Google Authenticator应用,输入6位动态码</p>
</div>
<form class="m-t" role="form" method="post" action="">
......@@ -66,7 +66,7 @@
<button type="submit" class="btn btn-primary block full-width m-b">{% trans 'Next' %}</button>
<a href="#">
<small>{% trans "Can't provide otp code? Please contact the administrator" %}</small>
<small>{% trans "Can't provide security? Please contact the administrator!" %}</small>
</a>
</form>
......
apps/users/utils.py
View file @ 910f3cdd
......@@ -9,6 +9,7 @@ import uuid
import requests
import ipaddress
from django.http import Http404
from django.conf import settings
from django.contrib.auth.mixins import UserPassesTestMixin
from django.contrib.auth import authenticate, login as auth_login
......@@ -224,14 +225,26 @@ def get_ip_city(ip, timeout=10):
return city
def get_tmp_user_from_session(request):
user_id = request.session.get('tmp_user_id')
user = get_object_or_none(User, pk=user_id)
def get_user_or_tmp_user(request):
user = request.user
tmp_user = get_tmp_user_from_cache(request)
if user.is_authenticated:
return user
elif tmp_user:
return tmp_user
else:
raise Http404("Not found this user")
def get_tmp_user_from_cache(request):
if not request.session.session_key:
return None
user = cache.get(request.session.session_key+'user')
return user
def set_tmp_user_to_session(request, user):
request.session['tmp_user_id'] = str(user.id)
def set_tmp_user_to_cache(request, user):
cache.set(request.session.session_key+'user', user, 600)
def redirect_user_first_login_or_index(request, redirect_field_name):
......@@ -243,10 +256,7 @@ def redirect_user_first_login_or_index(request, redirect_field_name):
def generate_otp_uri(request, issuer="Jumpserver"):
if request.user.is_authenticated:
user = request.user
else:
user = get_tmp_user_from_session(request)
user = get_user_or_tmp_user(request)
otp_secret_key = cache.get(request.session.session_key+'otp_key', '')
if not otp_secret_key:
otp_secret_key = base64.b32encode(os.urandom(10)).decode('utf-8')
......
apps/users/views/login.py
View file @ 910f3cdd
......@@ -24,7 +24,7 @@ from common.utils import get_object_or_none
from common.mixins import DatetimeSearchMixin, AdminUserRequiredMixin
from ..models import User, LoginLog
from ..utils import send_reset_password_mail, check_otp_code, get_login_ip, redirect_user_first_login_or_index, \
get_tmp_user_from_session, set_tmp_user_to_session
get_user_or_tmp_user, set_tmp_user_to_cache
from ..tasks import write_login_log_async
from .. import forms
......@@ -55,11 +55,11 @@ class UserLoginView(FormView):
if not self.request.session.test_cookie_worked():
return HttpResponse(_("Please enable cookies and try again."))
set_tmp_user_to_session(self.request, form.get_user())
set_tmp_user_to_cache(self.request, form.get_user())
return redirect(self.get_success_url())
def get_success_url(self):
user = get_tmp_user_from_session(self.request)
user = get_user_or_tmp_user(self.request)
if user.otp_enabled and user.otp_secret_key:
# 1,2 & T
......@@ -95,7 +95,7 @@ class UserLoginOtpView(FormView):
redirect_field_name = 'next'
def form_valid(self, form):
user = get_tmp_user_from_session(self.request)
user = get_user_or_tmp_user(self.request)
otp_code = form.cleaned_data.get('otp_code')
otp_secret_key = user.otp_secret_key
......
apps/users/views/user.py
View file @ 910f3cdd
......@@ -35,7 +35,7 @@ from common.mixins import JSONResponseMixin
from common.utils import get_logger, get_object_or_none, is_uuid, ssh_key_gen
from .. import forms
from ..models import User, UserGroup
from ..utils import AdminUserRequiredMixin, generate_otp_uri, check_otp_code, get_tmp_user_from_session
from ..utils import AdminUserRequiredMixin, generate_otp_uri, check_otp_code, get_user_or_tmp_user
from ..signals import post_user_create
from ..tasks import write_login_log_async
......@@ -400,19 +400,13 @@ class UserOtpEnableAuthenticationView(FormView):
form_class = forms.UserCheckPasswordForm
def get_form(self, form_class=None):
if self.request.user.is_authenticated:
user = self.request.user
else:
user = get_tmp_user_from_session(self.request)
user = get_user_or_tmp_user(self.request)
form = super().get_form(form_class=form_class)
form['username'].initial = user.username
return form
def get_context_data(self, **kwargs):
if self.request.user.is_authenticated:
user = self.request.user
else:
user = get_tmp_user_from_session(self.request)
user = get_user_or_tmp_user(self.request)
context = {
'user': user
}
......@@ -420,10 +414,7 @@ class UserOtpEnableAuthenticationView(FormView):
return super().get_context_data(**kwargs)
def form_valid(self, form):
if self.request.user.is_authenticated:
user = self.request.user
else:
user = get_tmp_user_from_session(self.request)
user = get_user_or_tmp_user(self.request)
password = form.cleaned_data.get('password')
user = authenticate(username=user.username, password=password)
if not user:
......@@ -439,10 +430,7 @@ class UserOtpEnableInstallAppView(TemplateView):
template_name = 'users/user_otp_enable_install_app.html'
def get_context_data(self, **kwargs):
if self.request.user.is_authenticated:
user = self.request.user
else:
user = get_tmp_user_from_session(self.request)
user = get_user_or_tmp_user(self.request)
context = {
'user': user
}
......@@ -456,10 +444,7 @@ class UserOtpEnableBindView(TemplateView, FormView):
success_url = reverse_lazy('users:user-otp-settings-success')
def get_context_data(self, **kwargs):
if self.request.user.is_authenticated:
user = self.request.user
else:
user = get_tmp_user_from_session(self.request)
user = get_user_or_tmp_user(self.request)
context = {
'otp_uri': generate_otp_uri(self.request),
'user': user
......@@ -480,10 +465,7 @@ class UserOtpEnableBindView(TemplateView, FormView):
return self.form_invalid(form)
def save_otp(self, otp_secret_key):
if self.request.user.is_authenticated:
user = self.request.user
else:
user = get_tmp_user_from_session(self.request)
user = get_user_or_tmp_user(self.request)
user.enable_otp()
user.otp_secret_key = otp_secret_key
user.save()
......@@ -527,11 +509,9 @@ class UserOtpSettingsSuccessView(TemplateView):
return super().get_context_data(**kwargs)
def get_title_describe(self):
user = get_user_or_tmp_user(self.request)
if self.request.user.is_authenticated:
user = self.request.user
auth_logout(self.request)
else:
user = get_tmp_user_from_session(self.request)
title = _('OTP enable success')
describe = _('OTP enable success, return login page')
if not user.otp_enabled:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment