Merge pull request #1219 from jumpserver/dev

[Bugfix] 修复用户登录缓存设置问题

Merge pull request #1219 from jumpserver/dev
[Bugfix] 修复用户登录缓存设置问题
910f3cdd · 老广 · GitHub · 28acc6cc · f73fe1f3 · 910f3cdd
Unverified Commit 910f3cdd authored Apr 19, 2018 by 老广 Committed by GitHub Apr 19, 2018
6 changed files
--- a/apps/i18n/zh/LC_MESSAGES/django.mo
+++ b/apps/i18n/zh/LC_MESSAGES/django.mo
--- a/apps/i18n/zh/LC_MESSAGES/django.po
+++ b/apps/i18n/zh/LC_MESSAGES/django.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Jumpserver 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2018-04-18 20:14+0800\n"
+"POT-Creation-Date: 2018-04-19 12:44+0800\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: Jumpserver team<ibuler@qq.com>\n"
@@ -173,7 +173,7 @@ msgstr "密码或密钥密码"
 #: users/templates/users/login.html:59
 #: users/templates/users/reset_password.html:52
 #: users/templates/users/user_create.html:11
-#: users/templates/users/user_password_authentication.html:13
+#: users/templates/users/user_password_authentication.html:14
 #: users/templates/users/user_password_update.html:40
 #: users/templates/users/user_profile_update.html:40
 #: users/templates/users/user_pubkey_update.html:40
@@ -1916,7 +1916,7 @@ msgstr "关闭"
 #: templates/_nav.html:10 users/views/group.py:28 users/views/group.py:44
 #: users/views/group.py:62 users/views/group.py:79 users/views/group.py:95
-#: users/views/login.py:240 users/views/login.py:289 users/views/user.py:64
+#: users/views/login.py:241 users/views/login.py:290 users/views/user.py:64
 #: users/views/user.py:79 users/views/user.py:99 users/views/user.py:155
 #: users/views/user.py:310 users/views/user.py:357 users/views/user.py:379
 msgid "Users"
@@ -2417,9 +2417,9 @@ msgstr "上一步"
 #: users/templates/users/first_login.html:60
 #: users/templates/users/login_otp.html:66
 #: users/templates/users/user_otp_authentication.html:22
-#: users/templates/users/user_otp_enable_bind.html:25
+#: users/templates/users/user_otp_enable_bind.html:19
 #: users/templates/users/user_otp_enable_install_app.html:22
-#: users/templates/users/user_password_authentication.html:21
+#: users/templates/users/user_password_authentication.html:17
 msgid "Next"
 msgstr "下一步"
@@ -2462,13 +2462,13 @@ msgstr ""
 #: users/templates/users/login_otp.html:64
 #: users/templates/users/user_otp_authentication.html:19
-#: users/templates/users/user_otp_enable_bind.html:18
+#: users/templates/users/user_otp_enable_bind.html:16
 msgid "Six figures"
 msgstr "6位数字"
 #: users/templates/users/login_otp.html:69
-msgid "Can't provide security? Please contact the administrator"
+msgid "Can't provide security? Please contact the administrator!"
-msgstr "如果不能提供OTP码，请联系管理员"
+msgstr "如果不能提供OTP验证码，请联系管理员!"
 #: users/templates/users/reset_password.html:45
 #: users/templates/users/user_detail.html:343 users/utils.py:72
@@ -2816,52 +2816,52 @@ msgstr "用户组授权资产"
 msgid "Please enable cookies and try again."
 msgstr "设置你的浏览器支持cookie"
-#: users/views/login.py:106 users/views/user.py:460 users/views/user.py:485
+#: users/views/login.py:107 users/views/user.py:479 users/views/user.py:507
 msgid "Otp code invalid"
 msgstr "otp码认证失败"
-#: users/views/login.py:132
+#: users/views/login.py:133
 msgid "Logout success"
 msgstr "退出登录成功"
-#: users/views/login.py:133
+#: users/views/login.py:134
 msgid "Logout success, return login page"
 msgstr "退出登录成功，返回到登录页面"
-#: users/views/login.py:149
+#: users/views/login.py:150
 msgid "Email address invalid, please input again"
 msgstr "邮箱地址错误，重新输入"
-#: users/views/login.py:162
+#: users/views/login.py:163
 msgid "Send reset password message"
 msgstr "发送重置密码邮件"
-#: users/views/login.py:163
+#: users/views/login.py:164
 msgid "Send reset password mail success, login your mail box and follow it "
 msgstr ""
 "发送重置邮件成功, 请登录邮箱查看, 按照提示操作 (如果没收到,请等待3-5分钟)"
-#: users/views/login.py:177
+#: users/views/login.py:178
 msgid "Reset password success"
 msgstr "重置密码成功"
-#: users/views/login.py:178
+#: users/views/login.py:179
 msgid "Reset password success, return to login page"
 msgstr "重置密码成功，返回到登录页面"
-#: users/views/login.py:195 users/views/login.py:208
+#: users/views/login.py:196 users/views/login.py:209
 msgid "Token invalid or expired"
 msgstr "Token错误或失效"
-#: users/views/login.py:204
+#: users/views/login.py:205
 msgid "Password not same"
 msgstr "密码不一致"
-#: users/views/login.py:240
+#: users/views/login.py:241
 msgid "First login"
 msgstr "首次登陆"
-#: users/views/login.py:290
+#: users/views/login.py:291
 msgid "Login log list"
 msgstr "登录日志"
@@ -2889,23 +2889,23 @@ msgstr "密码更新"
 msgid "Public key update"
 msgstr "密钥更新"
-#: users/views/user.py:419
+#: users/views/user.py:430
 msgid "Password invalid"
 msgstr "用户名或密码无效"
-#: users/views/user.py:512
+#: users/views/user.py:535
 msgid "OTP enable success"
 msgstr "OTP 绑定成功"
-#: users/views/user.py:513
+#: users/views/user.py:536
 msgid "OTP enable success, return login page"
 msgstr "OTP 绑定成功，返回到登录页面"
-#: users/views/user.py:515
+#: users/views/user.py:538
 msgid "OTP disable success"
 msgstr "OTP 解绑成功"
-#: users/views/user.py:516
+#: users/views/user.py:539
 msgid "OTP disable success, return login page"
 msgstr "OTP 解绑成功，返回登录页面"

--- a/apps/users/templates/users/login_otp.html
+++ b/apps/users/templates/users/login_otp.html
@@ -51,7 +51,7 @@
                            <div class="text-center">
                                <img src="{% static 'img/otp_auth.png' %}" alt="" width="72px" height="117">
                            </div>
-                            <p style="margin: 30px auto">请在手机中打开Google Authenticator应用，输入6位动态码</p>
+                            <p style="margin: 30px auto">&nbsp;请打开手机Google Authenticator应用，输入6位动态码</p>
                        </div>
                        <form class="m-t" role="form" method="post" action="">
@@ -66,7 +66,7 @@
                            <button type="submit" class="btn btn-primary block full-width m-b">{% trans 'Next' %}</button>
                            <a href="#">
-                                <small>{% trans "Can't provide otp code? Please contact the administrator" %}</small>
+                                <small>{% trans "Can't provide security? Please contact the administrator!" %}</small>
                            </a>
                        </form>

--- a/apps/users/utils.py
+++ b/apps/users/utils.py
@@ -9,6 +9,7 @@ import uuid
 import requests
 import ipaddress
+from django.http import Http404
 from django.conf import settings
 from django.contrib.auth.mixins import UserPassesTestMixin
 from django.contrib.auth import authenticate, login as auth_login
@@ -224,14 +225,26 @@ def get_ip_city(ip, timeout=10):
    return city
-def get_tmp_user_from_session(request):
+def get_user_or_tmp_user(request):
-    user_id = request.session.get('tmp_user_id')
+    user = request.user
-    user = get_object_or_none(User, pk=user_id)
+    tmp_user = get_tmp_user_from_cache(request)
+    if user.is_authenticated:
        return user
+    elif tmp_user:
+        return tmp_user
+    else:
+        raise Http404("Not found this user")
-def set_tmp_user_to_session(request, user):
+def get_tmp_user_from_cache(request):
-    request.session['tmp_user_id'] = str(user.id)
+    if not request.session.session_key:
+        return None
+    user = cache.get(request.session.session_key+'user')
+    return user
+def set_tmp_user_to_cache(request, user):
+    cache.set(request.session.session_key+'user', user, 600)
 def redirect_user_first_login_or_index(request, redirect_field_name):
@@ -243,10 +256,7 @@ def redirect_user_first_login_or_index(request, redirect_field_name):
 def generate_otp_uri(request, issuer="Jumpserver"):
-    if request.user.is_authenticated:
+    user = get_user_or_tmp_user(request)
-        user = request.user
-    else:
-        user = get_tmp_user_from_session(request)
    otp_secret_key = cache.get(request.session.session_key+'otp_key', '')
    if not otp_secret_key:
        otp_secret_key = base64.b32encode(os.urandom(10)).decode('utf-8')

--- a/apps/users/views/login.py
+++ b/apps/users/views/login.py
@@ -24,7 +24,7 @@ from common.utils import get_object_or_none
 from common.mixins import DatetimeSearchMixin, AdminUserRequiredMixin
 from ..models import User, LoginLog
 from ..utils import send_reset_password_mail, check_otp_code, get_login_ip, redirect_user_first_login_or_index, \
-    get_tmp_user_from_session, set_tmp_user_to_session
+    get_user_or_tmp_user, set_tmp_user_to_cache
 from ..tasks import write_login_log_async
 from .. import forms
@@ -55,11 +55,11 @@ class UserLoginView(FormView):
        if not self.request.session.test_cookie_worked():
            return HttpResponse(_("Please enable cookies and try again."))
-        set_tmp_user_to_session(self.request, form.get_user())
+        set_tmp_user_to_cache(self.request, form.get_user())
        return redirect(self.get_success_url())
    def get_success_url(self):
-        user = get_tmp_user_from_session(self.request)
+        user = get_user_or_tmp_user(self.request)
        if user.otp_enabled and user.otp_secret_key:
            # 1,2 & T
@@ -95,7 +95,7 @@ class UserLoginOtpView(FormView):
    redirect_field_name = 'next'
    def form_valid(self, form):
-        user = get_tmp_user_from_session(self.request)
+        user = get_user_or_tmp_user(self.request)
        otp_code = form.cleaned_data.get('otp_code')
        otp_secret_key = user.otp_secret_key

--- a/apps/users/views/user.py
+++ b/apps/users/views/user.py
@@ -35,7 +35,7 @@ from common.mixins import JSONResponseMixin
 from common.utils import get_logger, get_object_or_none, is_uuid, ssh_key_gen
 from .. import forms
 from ..models import User, UserGroup
-from ..utils import AdminUserRequiredMixin, generate_otp_uri, check_otp_code, get_tmp_user_from_session
+from ..utils import AdminUserRequiredMixin, generate_otp_uri, check_otp_code, get_user_or_tmp_user
 from ..signals import post_user_create
 from ..tasks import write_login_log_async
@@ -400,19 +400,13 @@ class UserOtpEnableAuthenticationView(FormView):
    form_class = forms.UserCheckPasswordForm
    def get_form(self, form_class=None):
-        if self.request.user.is_authenticated:
+        user = get_user_or_tmp_user(self.request)
-            user = self.request.user
-        else:
-            user = get_tmp_user_from_session(self.request)
        form = super().get_form(form_class=form_class)
        form['username'].initial = user.username
        return form
    def get_context_data(self, **kwargs):
-        if self.request.user.is_authenticated:
+        user = get_user_or_tmp_user(self.request)
-            user = self.request.user
-        else:
-            user = get_tmp_user_from_session(self.request)
        context = {
            'user': user
        }
@@ -420,10 +414,7 @@ class UserOtpEnableAuthenticationView(FormView):
        return super().get_context_data(**kwargs)
    def form_valid(self, form):
-        if self.request.user.is_authenticated:
+        user = get_user_or_tmp_user(self.request)
-            user = self.request.user
-        else:
-            user = get_tmp_user_from_session(self.request)
        password = form.cleaned_data.get('password')
        user = authenticate(username=user.username, password=password)
        if not user:
@@ -439,10 +430,7 @@ class UserOtpEnableInstallAppView(TemplateView):
    template_name = 'users/user_otp_enable_install_app.html'
    def get_context_data(self, **kwargs):
-        if self.request.user.is_authenticated:
+        user = get_user_or_tmp_user(self.request)
-            user = self.request.user
-        else:
-            user = get_tmp_user_from_session(self.request)
        context = {
            'user': user
        }
@@ -456,10 +444,7 @@ class UserOtpEnableBindView(TemplateView, FormView):
    success_url = reverse_lazy('users:user-otp-settings-success')
    def get_context_data(self, **kwargs):
-        if self.request.user.is_authenticated:
+        user = get_user_or_tmp_user(self.request)
-            user = self.request.user
-        else:
-            user = get_tmp_user_from_session(self.request)
        context = {
            'otp_uri': generate_otp_uri(self.request),
            'user': user
@@ -480,10 +465,7 @@ class UserOtpEnableBindView(TemplateView, FormView):
            return self.form_invalid(form)
    def save_otp(self, otp_secret_key):
-        if self.request.user.is_authenticated:
+        user = get_user_or_tmp_user(self.request)
-            user = self.request.user
-        else:
-            user = get_tmp_user_from_session(self.request)
        user.enable_otp()
        user.otp_secret_key = otp_secret_key
        user.save()
@@ -527,11 +509,9 @@ class UserOtpSettingsSuccessView(TemplateView):
        return super().get_context_data(**kwargs)
    def get_title_describe(self):
+        user = get_user_or_tmp_user(self.request)
        if self.request.user.is_authenticated:
-            user = self.request.user
            auth_logout(self.request)
-        else:
-            user = get_tmp_user_from_session(self.request)
        title = _('OTP enable success')
        describe = _('OTP enable success, return login page')
        if not user.otp_enabled: