Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
J
jumpserver
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ops
jumpserver
Commits
bb1349e9
Commit
bb1349e9
authored
Nov 18, 2019
by
ibuler
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[Update] 修改MFA
parent
c9ee8ede
Hide whitespace changes
Inline
Side-by-side
Showing
11 changed files
with
29 additions
and
38 deletions
+29
-38
mfa.py
apps/authentication/api/mfa.py
+2
-2
radius.py
apps/authentication/backends/radius.py
+0
-17
errors.py
apps/authentication/errors.py
+1
-2
mixins.py
apps/authentication/mixins.py
+1
-1
models.py
apps/authentication/models.py
+1
-1
mfa.py
apps/authentication/views/mfa.py
+1
-1
user.py
apps/users/api/user.py
+2
-2
forms.py
apps/users/forms.py
+2
-2
user.py
apps/users/models/user.py
+12
-4
user_detail.html
apps/users/templates/users/user_detail.html
+5
-4
user_profile.html
apps/users/templates/users/user_profile.html
+2
-2
No files found.
apps/authentication/api/mfa.py
View file @
bb1349e9
...
...
@@ -24,7 +24,7 @@ class MFAChallengeApi(AuthMixin, CreateAPIView):
try
:
user
=
self
.
get_user_from_session
()
code
=
serializer
.
validated_data
.
get
(
'code'
)
valid
=
user
.
check_
otp
(
code
)
valid
=
user
.
check_
mfa
(
code
)
if
not
valid
:
self
.
request
.
session
[
'auth_mfa'
]
=
''
raise
errors
.
MFAFailedError
(
...
...
@@ -52,7 +52,7 @@ class UserOtpVerifyApi(CreateAPIView):
serializer
.
is_valid
(
raise_exception
=
True
)
code
=
serializer
.
validated_data
[
"code"
]
if
request
.
user
.
check_
otp
(
code
):
if
request
.
user
.
check_
mfa
(
code
):
request
.
session
[
"MFA_VERIFY_TIME"
]
=
int
(
time
.
time
())
return
Response
({
"ok"
:
"1"
})
else
:
...
...
apps/authentication/backends/radius.py
View file @
bb1349e9
...
...
@@ -27,23 +27,6 @@ class CreateUserMixin:
user
.
save
()
return
user
def
_get_auth_packet
(
self
,
username
,
password
,
client
):
"""
Get the pyrad authentication packet for the username/password and the
given pyrad client.
"""
pkt
=
client
.
CreateAuthPacket
(
code
=
AccessRequest
,
User_Name
=
username
)
if
settings
.
CONFIG
.
RADIUS_ENCRYPT_PASSWORD
:
password
=
pkt
.
PwCrypt
(
password
)
else
:
password
=
password
pkt
[
"User-Password"
]
=
password
pkt
[
"NAS-Identifier"
]
=
'django-radius'
for
key
,
val
in
list
(
getattr
(
settings
,
'RADIUS_ATTRIBUTES'
,
{})
.
items
()):
pkt
[
key
]
=
val
return
pkt
class
RadiusBackend
(
CreateUserMixin
,
RADIUSBackend
):
pass
...
...
apps/authentication/errors.py
View file @
bb1349e9
...
...
@@ -109,8 +109,7 @@ class CredentialError(AuthFailedNeedLogMixin, AuthFailedNeedBlockMixin, AuthFail
class
MFAFailedError
(
AuthFailedNeedLogMixin
,
AuthFailedError
):
reason
=
reason_mfa_failed
error
=
'mfa_failed'
error
=
reason_mfa_failed
msg
=
mfa_failed_msg
def
__init__
(
self
,
username
,
request
):
...
...
apps/authentication/mixins.py
View file @
bb1349e9
...
...
@@ -97,7 +97,7 @@ class AuthMixin:
def
check_user_mfa
(
self
,
code
):
user
=
self
.
get_user_from_session
()
ok
=
user
.
check_
otp
(
code
)
ok
=
user
.
check_
mfa
(
code
)
if
ok
:
self
.
request
.
session
[
'auth_mfa'
]
=
1
self
.
request
.
session
[
'auth_mfa_time'
]
=
time
.
time
()
...
...
apps/authentication/models.py
View file @
bb1349e9
...
...
@@ -50,7 +50,7 @@ class LoginConfirmSetting(CommonModelMixin):
def
create_confirm_ticket
(
self
,
request
=
None
):
from
tickets.models
import
Ticket
title
=
'['
+
__
(
'Login confirm'
)
+
']:
{}'
.
format
(
self
.
user
)
title
=
_
(
'Login confirm'
)
+
'
{}'
.
format
(
self
.
user
)
if
request
:
remote_addr
=
get_request_ip
(
request
)
city
=
get_ip_city
(
remote_addr
)
...
...
apps/authentication/views/mfa.py
View file @
bb1349e9
...
...
@@ -20,6 +20,6 @@ class UserLoginOtpView(mixins.AuthMixin, FormView):
self
.
check_user_mfa
(
otp_code
)
return
redirect_to_guard_view
()
except
errors
.
MFAFailedError
as
e
:
form
.
add_error
(
'otp_code'
,
e
.
reason
)
form
.
add_error
(
'otp_code'
,
e
.
msg
)
return
super
()
.
form_invalid
(
form
)
apps/users/api/user.py
View file @
bb1349e9
...
...
@@ -172,8 +172,8 @@ class UserResetOTPApi(UserQuerysetMixin, generics.RetrieveAPIView):
if
user
==
request
.
user
:
msg
=
_
(
"Could not reset self otp, use profile reset instead"
)
return
Response
({
"error"
:
msg
},
status
=
401
)
if
user
.
mfa_enabled
and
user
.
otp_secret_key
:
user
.
otp_secret_key
=
''
if
user
.
mfa_enabled
:
user
.
reset_mfa
()
user
.
save
()
logout
(
request
)
return
Response
({
"msg"
:
"success"
})
apps/users/forms.py
View file @
bb1349e9
...
...
@@ -158,8 +158,8 @@ class UserUpdateForm(UserCreateUpdateFormMixin):
class
UserProfileForm
(
forms
.
ModelForm
):
username
=
forms
.
CharField
(
disabled
=
True
)
name
=
forms
.
CharField
(
disabled
=
True
)
username
=
forms
.
CharField
(
disabled
=
True
,
label
=
_
(
"Username"
)
)
name
=
forms
.
CharField
(
disabled
=
True
,
label
=
_
(
"Name"
)
)
email
=
forms
.
CharField
(
disabled
=
True
)
class
Meta
:
...
...
apps/users/models/user.py
View file @
bb1349e9
...
...
@@ -375,13 +375,17 @@ class MFAMixin:
self
.
mfa_level
=
0
self
.
otp_secret_key
=
None
def
reset_mfa
(
self
):
if
self
.
mfa_is_otp
():
self
.
otp_secret_key
=
''
@staticmethod
def
mfa_is_otp
():
if
settings
.
CONFIG
.
OTP_IN_RADIUS
:
return
False
return
True
def
check_
otp_on_
radius
(
self
,
code
):
def
check_radius
(
self
,
code
):
from
authentication.backends.radius
import
RadiusBackend
backend
=
RadiusBackend
()
user
=
backend
.
authenticate
(
None
,
username
=
self
.
username
,
password
=
code
)
...
...
@@ -391,13 +395,17 @@ class MFAMixin:
def
check_otp
(
self
,
code
):
from
..utils
import
check_otp_code
return
check_otp_code
(
self
.
otp_secret_key
,
code
)
def
check_mfa
(
self
,
code
):
if
settings
.
CONFIG
.
OTP_IN_RADIUS
:
return
self
.
check_
otp_on_
radius
(
code
)
return
self
.
check_radius
(
code
)
else
:
return
check_otp_code
(
self
.
otp_secret_key
,
code
)
return
self
.
check_otp
(
code
)
def
mfa_enabled_but_not_set
(
self
):
if
self
.
mfa_enabled
and
self
.
mfa_is_otp
()
and
not
self
.
otp_secret_key
:
if
self
.
mfa_enabled
and
\
self
.
mfa_is_otp
()
and
not
self
.
otp_secret_key
:
return
True
return
False
...
...
apps/users/templates/users/user_detail.html
View file @
bb1349e9
...
...
@@ -7,7 +7,6 @@
<link
href=
"{% static "
css
/
plugins
/
sweetalert
/
sweetalert
.
css
"
%}"
rel=
"stylesheet"
>
<script
src=
"{% static 'js/plugins/select2/select2.full.min.js' %}"
></script>
<script
src=
"{% static "
js
/
plugins
/
sweetalert
/
sweetalert
.
min
.
js
"
%}"
></script>
<script
src=
"{% static "
js
/
vue
.
min
.
js
"
%}"
></script>
{% endblock %}
{% block content %}
<div
class=
"wrapper wrapper-content animated fadeInRight"
>
...
...
@@ -158,8 +157,9 @@
</span></td>
</tr>
<tr>
<td>
{% trans 'Force enabled MFA' %}:
</td>
<td><span
class=
"pull-right"
>
<td>
{% trans 'Force enabled MFA' %}:
</td>
<td>
<span
class=
"pull-right"
>
<div
class=
"switch"
>
<div
class=
"onoffswitch"
>
<input
type=
"checkbox"
class=
"onoffswitch-checkbox"
{%
if
user_object
.
mfa_force_enabled
%}
checked
{%
endif
%}
...
...
@@ -170,7 +170,8 @@
</label>
</div>
</div>
</span></td>
</span>
</td>
</tr>
<tr>
<td>
{% trans 'Reset MFA' %}:
</td>
...
...
apps/users/templates/users/user_profile.html
View file @
bb1349e9
...
...
@@ -158,7 +158,7 @@
<span
class=
"pull-right"
>
<a
type=
"button"
class=
"btn btn-primary btn-xs"
style=
"width: 54px"
id=
""
href=
"
{% if request.user.mfa_enabled
and request.user.otp_secret_key
%}
{% if request.user.mfa_enabled %}
{% if request.user.mfa_force_enabled %}
"
disabled
>
{% trans 'Disable' %}
{% else %}
...
...
@@ -183,7 +183,7 @@
</td>
</tr>
{% endif %}
{% if request.user.mfa_enabled
and request.user.otp_secret_key
%}
{% if request.user.mfa_enabled %}
<tr>
<td>
{% trans 'Update MFA' %}:
</td>
<td>
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment