û

c08cee80 · guanghongwei · 3424bef5 · c08cee80 · c08cee80 · c08cee80
Commit c08cee80 authored Apr 15, 2015 by guanghongwei
7 changed files
--- a/jperm/views.py
+++ b/jperm/views.py
@@ -3,7 +3,6 @@ import sys
 reload(sys)
 sys.setdefaultencoding('utf8')
-from django.core.mail import send_mail
 from django.shortcuts import render_to_response
 from django.template import RequestContext
 from jperm.models import Perm, SudoPerm, CmdGroup, Apply
@@ -11,12 +10,6 @@ from django.db.models import Q
 from jumpserver.api import *
-CONF = ConfigParser()
-CONF.read('%s/jumpserver.conf' % BASE_DIR)
-send_ip = CONF.get('base', 'ip')
-send_port = CONF.get('base', 'port')
 def asset_cmd_groups_get(asset_groups_select='', cmd_groups_select=''):
    asset_groups_select_list = []
    cmd_groups_select_list = []
@@ -701,7 +694,7 @@ def perm_apply(request):
        time_now = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
        a = Apply.objects.create(applyer=applyer, dept=dept, bisgroup=group, date_add=datetime.datetime.now(), asset=hosts, status=0, comment=comment)
        uuid = a.uuid
-        url = "http://%s:%s/jperm/apply_exec/?uuid=%s" % (send_ip, send_port, uuid)
+        url = "http://%s:%s/jperm/apply_exec/?uuid=%s" % (SEND_IP, SEND_PORT, uuid)
        mail_msg = """
        Hi,%s:
            有新的权限申请, 详情如下:
@@ -715,7 +708,7 @@ def perm_apply(request):
            %s
        """ % (da.username, applyer, group_lis, hosts_lis, time_now, comment, url)
-        send_mail(mail_title, mail_msg, 'jkfunshion@fun.tv', [mail_address], fail_silently=False)
+        send_mail(mail_title, mail_msg, MAIL_FROM, [mail_address], fail_silently=False)
        smg = "提交成功,已发邮件通知部门管理员。"
        return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request))
    return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request))

--- a/jumpserver.conf
+++ b/jumpserver.conf
@@ -3,6 +3,8 @@
 [base]
 ip = 192.168.173.129
 port = 80
+key = 88aaaf7ffe3c6c04
 [db]
@@ -25,13 +27,9 @@ root_pw = secret234
 web_socket_host = 192.168.20.209:3000
-[web]
-key = 88aaaf7ffe3c6c04
 [mail]
-email_host = smtp.qq.com
+email_host = smtp.exmail.qq.com
 email_port = 25
-email_host_user = jumpserver@qq.com
+email_host_user = noreply@jumpserver.org
-email_host_password = jumpserver.org
+email_host_password = jumpserver123
 email_use_tls = False
--- a/jumpserver/api.py
+++ b/jumpserver/api.py
@@ -19,6 +19,7 @@ from jasset.models import Asset, BisGroup, IDC
 from jlog.models import Log
 from jasset.models import AssetAlias
 from django.core.exceptions import ObjectDoesNotExist
+from django.core.mail import send_mail
 BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
@@ -27,18 +28,12 @@ CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf'))
 LOG_DIR = os.path.join(BASE_DIR, 'logs')
 SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys')
 SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server')
-KEY = CONF.get('web', 'key')
+KEY = CONF.get('base', 'key')
 LOGIN_NAME = getpass.getuser()
 LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable')
+SEND_IP = CONF.get('base', 'ip')
+SEND_PORT = CONF.get('base', 'port')
-# def user_perm_group_api(username):
+MAIL_FROM = CONF.get('mail', 'email_host_user')
-#     user = User.objects.get(username=username)
-#     if user:
-#         perm_list = []
-#         user_group_all = user.group.all()
-#         for user_group in user_group_all:
-#             perm_list.extend(user_group.perm_set.all())
 class LDAPMgmt():
@@ -201,6 +196,9 @@ def require_login(func):
 def require_super_user(func):
    def _deco(request, *args, **kwargs):
+        if not request.session.get('user_id'):
+            return HttpResponseRedirect('/login/')
        if request.session.get('role_id', 0) != 2:
            return HttpResponseRedirect('/')
        return func(request, *args, **kwargs)
@@ -209,6 +207,9 @@ def require_super_user(func):
 def require_admin(func):
    def _deco(request, *args, **kwargs):
+        if not request.session.get('user_id'):
+            return HttpResponseRedirect('/login/')
        if request.session.get('role_id', 0) < 1:
            return HttpResponseRedirect('/')
        return func(request, *args, **kwargs)
@@ -267,7 +268,8 @@ def view_splitter(request, su=None, adm=None):
        return su(request)
    elif is_group_admin(request):
        return adm(request)
-    raise Http404
+    else:
+        return HttpResponseRedirect('/login/')
 def user_perm_group_api(username):

--- a/jumpserver/views.py
+++ b/jumpserver/views.py
@@ -50,7 +50,7 @@ def index_cu(request):
        user = user[0]
    login_types = {'L': 'LDAP', 'M': 'MAP'}
    user_id = request.session.get('user_id')
-    username = User.objects.get(id=user_id).name
+    username = User.objects.get(id=user_id).username
    posts = user_perm_asset_api(username)
    host_count = len(posts)
    new_posts = []

--- a/juser/views.py
+++ b/juser/views.py
@@ -68,6 +68,7 @@ def db_add_user(**kwargs):
            group = UserGroup.objects.filter(id=group_id)
            group_select.extend(group)
        user.group = group_select
+    return user
 def db_update_user(**kwargs):
@@ -153,18 +154,8 @@ def ldap_add_user(username, ldap_pwd):
                  'userPassword': ['{crypt}x'],
                  'gidNumber': [str(user.id)]}
-    # sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN)
-    # sudo_attr = {'objectClass': ['top', 'sudoRole'],
-    #              'cn': ['%s' % str(username)],
-    #              'sudoCommand': ['/bin/pwd'],
-    #              'sudoHost': ['192.168.1.1'],
-    #              'sudoOption': ['!authenticate'],
-    #              'sudoRunAsUser': ['root'],
-    #              'sudoUser': ['%s' % str(username)]}
    ldap_conn.add(user_dn, user_attr)
    ldap_conn.add(group_dn, group_attr)
-    # ldap_conn.add(sudo_dn, sudo_attr)
 def ldap_del_user(username):
@@ -602,13 +593,13 @@ def user_add(request):
    if request.method == 'POST':
        username = request.POST.get('username', '')
-        password = request.POST.get('password', '')
+        password = gen_rand_pwd(16)
        name = request.POST.get('name', '')
        email = request.POST.get('email', '')
        dept_id = request.POST.get('dept_id')
        groups = request.POST.getlist('groups', [])
        role_post = request.POST.get('role', 'CU')
-        ssh_key_pwd = request.POST.get('ssh_key_pwd', '')
+        ssh_key_pwd = gen_rand_pwd(16)
        is_active = True if request.POST.get('is_active', '1') == '1' else False
        ldap_pwd = gen_rand_pwd(16)
@@ -632,19 +623,30 @@ def user_add(request):
            pass
        else:
            try:
-                db_add_user(username=username,
+                user = db_add_user(username=username,
-                            password=md5_crypt(password),
+                                   password=md5_crypt(password),
-                            name=name, email=email, dept=dept,
+                                   name=name, email=email, dept=dept,
-                            groups=groups, role=role_post,
+                                   groups=groups, role=role_post,
-                            ssh_key_pwd=CRYPTOR.encrypt(ssh_key_pwd),
+                                   ssh_key_pwd=md5_crypt(ssh_key_pwd),
-                            ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
+                                   ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
-                            is_active=is_active,
+                                   is_active=is_active,
-                            date_joined=datetime.datetime.now())
+                                   date_joined=datetime.datetime.now())
                server_add_user(username, password, ssh_key_pwd)
                if LDAP_ENABLE:
                    ldap_add_user(username, ldap_pwd)
-                msg = u'添加用户 %s 成功！' % username
+                mail_title = u'恭喜你的跳板机用户添加成功 Jumpserver'
+                mail_msg = """
+                Hi, %s
+                    您的用户名： %s
+                    您的部门: %s
+                    您的角色： %s
+                    您的web登录密码： %s
+                    您的ssh登录密码： %s
+                    密钥下载地址： http://%s:%s/juser/down_key/?id=%s
+                    说明： 请登陆后再下载密钥！
+                """ % (name, username, dept.name, user_role.get(role_post, ''),
+                       password, ssh_key_pwd, SEND_IP, SEND_PORT, user.id)
            except Exception, e:
                error = u'添加用户 %s 失败 %s ' % (username, e)
@@ -655,6 +657,9 @@ def user_add(request):
                        ldap_del_user(username)
                except Exception:
                    pass
+            else:
+                send_mail(mail_title, mail_msg, MAIL_FROM, [email], fail_silently=False)
+                msg = u'添加用户 %s 成功！ 用户密码已发送到 %s 邮箱！' % (username, email)
    return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
@@ -668,11 +673,11 @@ def user_add_adm(request):
    if request.method == 'POST':
        username = request.POST.get('username', '')
-        password = request.POST.get('password', '')
+        password = gen_rand_pwd(16)
        name = request.POST.get('name', '')
        email = request.POST.get('email', '')
        groups = request.POST.getlist('groups', [])
-        ssh_key_pwd = request.POST.get('ssh_key_pwd', '')
+        ssh_key_pwd = gen_rand_pwd(16)
        is_active = True if request.POST.get('is_active', '1') == '1' else False
        ldap_pwd = gen_rand_pwd(16)
@@ -693,7 +698,7 @@ def user_add_adm(request):
                            password=md5_crypt(password),
                            name=name, email=email, dept=dept,
                            groups=groups, role='CU',
-                            ssh_key_pwd=CRYPTOR.encrypt(ssh_key_pwd),
+                            ssh_key_pwd=md5_crypt(ssh_key_pwd),
                            ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
                            is_active=is_active,
                            date_joined=datetime.datetime.now())
@@ -701,7 +706,6 @@ def user_add_adm(request):
                server_add_user(username, password, ssh_key_pwd)
                if LDAP_ENABLE:
                    ldap_add_user(username, ldap_pwd)
-                msg = u'添加用户 %s 成功！' % username
            except Exception, e:
                error = u'添加用户 %s 失败 %s ' % (username, e)
@@ -712,6 +716,22 @@ def user_add_adm(request):
                        ldap_del_user(username)
                except Exception:
                    pass
+            else:
+                mail_title = u'恭喜你的跳板机用户添加成功 Jumpserver'
+                mail_msg = """
+                Hi, %s
+                    您的用户名： %s
+                    您的部门: %s
+                    您的角色： %s
+                    您的web登录密码： %s
+                    您的ssh登录密码： %s
+                    密钥下载地址： %s
+                    说明： 请登陆后再下载密钥！
+                """ % (name, username, dept.name, '普通用户', password, ssh_key_pwd, ssh_key_pwd)
+                print MAIL_FROM
+                send_mail(mail_title, mail_msg, MAIL_FROM, [email], fail_silently=False)
+                msg = u'添加用户 %s 成功！ 用户密码已发送到 %s 邮箱！' % (username, email)
    return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))

--- a/templates/juser/user_add.html
+++ b/templates/juser/user_add.html
@@ -42,26 +42,26 @@
                                    <input id="username" name="username" placeholder="Username" type="text" class="form-control" {% if error %}value="{{ username }}" {% endif %}>
                                </div>
                            </div>
-                            <div class="hr-line-dashed"></div>
+{#                            <div class="hr-line-dashed"></div>#}
-                            <div class="form-group">
+{#                            <div class="form-group">#}
-                                <label for="password" class="col-sm-2 control-label">密码<span class="red-fonts">*</span></label>
+{#                                <label for="password" class="col-sm-2 control-label">密码<span class="red-fonts">*</span></label>#}
-                                <div class="col-sm-8">
+{#                                <div class="col-sm-8">#}
-                                    <input id="password" name="password" placeholder="Password" type="password" class="form-control" {% if error %}value="{{ password }}" {% endif %}>
+{#                                    <input id="password" name="password" placeholder="Password" type="password" class="form-control" {% if error %}value="{{ password }}" {% endif %}>#}
-                                    <span class="help-block m-b-none">
+{#                                    <span class="help-block m-b-none">#}
-                                        登陆web的密码
+{#                                        登陆web的密码#}
-                                    </span>
+{#                                    </span>#}
-                                </div>
+{#                                </div>#}
-                            </div>
+{#                            </div>#}
-                            <div class="hr-line-dashed"></div>
+{#                            <div class="hr-line-dashed"></div>#}
-                            <div class="form-group">
+{#                            <div class="form-group">#}
-                                <label for="ssh_key_pwd" class="col-sm-2 control-label">密钥密码<span class="red-fonts">*</span></label>
+{#                                <label for="ssh_key_pwd" class="col-sm-2 control-label">密钥密码<span class="red-fonts">*</span></label>#}
-                                <div class="col-sm-8">
+{#                                <div class="col-sm-8">#}
-                                    <input id="ssh_key_pwd" name="ssh_key_pwd" placeholder="SSH Key Password" type="password" class="form-control" {% if error %}value="{{ ssh_key_pwd }}" {% endif %}>
+{#                                    <input id="ssh_key_pwd" name="ssh_key_pwd" placeholder="SSH Key Password" type="password" class="form-control" {% if error %}value="{{ ssh_key_pwd }}" {% endif %}>#}
-                                    <span class="help-block m-b-none">
+{#                                    <span class="help-block m-b-none">#}
-                                        登陆 Jumpserver 使用的SSH密钥的密码
+{#                                        登陆 Jumpserver 使用的SSH密钥的密码#}
-                                    </span>
+{#                                    </span>#}
-                                </div>
+{#                                </div>#}
-                            </div>
+{#                            </div>#}
                            <div class="hr-line-dashed"></div>
                            <div class="form-group">
                                <label for="name" class="col-sm-2 control-label">姓名<span class="red-fonts">*</span></label>

--- a/templates/login.html
+++ b/templates/login.html
@@ -14,6 +14,7 @@
    <link href="/static/css/animate.css" rel="stylesheet">
    <link href="/static/css/style.css" rel="stylesheet">
 </head>
 <body class="gray-bg">