[Update] 修改查看auth info可以关闭mfa

apps/assets/api/asset_user.py

@@ -7,6 +7,7 @@ from rest_framework import filters
 from rest_framework_bulk import BulkModelViewSet
 from django.shortcuts import get_object_or_404
 from django.http import Http404
+from django.conf import settings
 
 from common.permissions import IsOrgAdminOrAppUser, NeedMFAVerify
 from common.utils import get_object_or_none, get_logger
@@ -110,12 +111,22 @@ class AssetUserViewSet(CommonApiMixin, BulkModelViewSet):
 class AssetUserExportViewSet(AssetUserViewSet):
     serializer_class = serializers.AssetUserExportSerializer
     http_method_names = ['get']
-    permission_classes = [IsOrgAdminOrAppUser, NeedMFAVerify]
+    permission_classes = [IsOrgAdminOrAppUser]
+
+    def get_permissions(self):
+        if settings.CONFIG.SECURITY_VIEW_AUTH_NEED_MFA:
+            self.permission_classes = [IsOrgAdminOrAppUser, NeedMFAVerify]
+        return super().get_permissions()
 
 
 class AssetUserAuthInfoApi(generics.RetrieveAPIView):
     serializer_class = serializers.AssetUserAuthInfoSerializer
-    permission_classes = [IsOrgAdminOrAppUser, NeedMFAVerify]
+    permission_classes = [IsOrgAdminOrAppUser]
+
+    def get_permissions(self):
+        if settings.CONFIG.SECURITY_VIEW_AUTH_NEED_MFA:
+            self.permission_classes = [IsOrgAdminOrAppUser, NeedMFAVerify]
+        return super().get_permissions()
 
     def get_object(self):
         query_params = self.request.query_params

apps/assets/backends/manager.py

@@ -41,8 +41,8 @@ class AssetUserManager:
         instances_map = {}
         instances = []
         for name, backend in self.backends:
-            if name != "db" and self._prefer != name:
-                continue
+            # if name != "db":
+            #     continue
             _instances = backend.filter(
                 username=username, assets=assets, latest=latest,
                 prefer=self._prefer, prefer_id=prefer_id,

apps/assets/templates/assets/_asset_user_list.html

@@ -40,6 +40,7 @@ var prefer = null;
 var lastMFATime = "{{ request.session.MFA_VERIFY_TIME }}";
 var testDatetime = "{% trans 'Test datetime: ' %}";
 var mfaVerifyTTL = "{{ SECURITY_MFA_VERIFY_TTL }}";
+var mfaNeedCheck = "{{ SECURITY_VIEW_AUTH_NEED_MFA }}";
 
 function initAssetUserTable() {
     var options = {
@@ -112,6 +113,10 @@ $(document).ready(function(){
     authAssetId = $(this).data("asset") ;
     authHostname = $(this).data("hostname");
     authUsername = $(this).data('user');
+    if (mfaNeedCheck !== 'True') {
+        $("#asset_user_auth_view").modal('show');
+        return
+    }
     var now = new Date();
     var nowTime = now.getTime() / 1000;
     if ( !lastMFATime || nowTime - lastMFATime > mfaVerifyTTL ) {

apps/jumpserver/conf.py

@@ -361,6 +361,7 @@ defaults = {
     'TERMINAL_COMMAND_STORAGE': {},
     'SECURITY_MFA_AUTH': False,
     'SECURITY_SERVICE_ACCOUNT_REGISTRATION': True,
+    'SECURITY_VIEW_AUTH_NEED_MFA': True,
     'SECURITY_LOGIN_LIMIT_COUNT': 7,
     'SECURITY_LOGIN_LIMIT_TIME': 30,
     'SECURITY_MAX_IDLE_TIME': 30,

apps/jumpserver/context_processor.py

@@ -18,6 +18,7 @@ def jumpserver_processor(request):
         'COPYRIGHT': 'FIT2CLOUD 飞致云' + ' © 2014-2019',
         'SECURITY_COMMAND_EXECUTION': settings.SECURITY_COMMAND_EXECUTION,
         'SECURITY_MFA_VERIFY_TTL': settings.SECURITY_MFA_VERIFY_TTL,
+        'SECURITY_VIEW_AUTH_NEED_MFA': settings.CONFIG.SECURITY_VIEW_AUTH_NEED_MFA,
     }
     return context