Skip to content

J
jumpserver
Commit c6fef203 authored by ibuler's avatar ibuler
Browse files
Options

Merge branch 'dev' of github.com:jumpserver/jumpserver into dev

parents 87d5b6c4 aebb9818
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 69 additions and 11 deletions
README.md
View file @ c6fef203
# Jumpserver 多云环境下更好用的堡垒机
![Total visitor](https://visitor-count-badge.herokuapp.com/total.svg?repo_id=jumpserver)
![Visitors in today](https://visitor-count-badge.herokuapp.com/today.svg?repo_id=jumpserver)
[![Python3](https://img.shields.io/badge/python-3.6-green.svg?style=plastic)](https://www.python.org/)
[![Django](https://img.shields.io/badge/django-2.1-brightgreen.svg?style=plastic)](https://www.djangoproject.com/)
[![Ansible](https://img.shields.io/badge/ansible-2.4.2.0-blue.svg?style=plastic)](https://www.ansible.com/)
......
apps/assets/serializers/node.py
View file @ c6fef203
......@@ -25,10 +25,12 @@ class NodeSerializer(BulkOrgResourceModelSerializer):
read_only_fields = ['key', 'org_id']
def validate_value(self, data):
if not self.instance and not data:
return data
instance = self.instance
siblings = instance.get_siblings()
if self.instance:
instance = self.instance
siblings = instance.get_siblings()
else:
instance = Node.org_root()
siblings = instance.get_children()
if siblings.filter(value=data):
raise serializers.ValidationError(
_('The same level node name cannot be the same')
......
apps/jumpserver/conf.py
View file @ c6fef203
......@@ -374,6 +374,10 @@ defaults = {
'RADIUS_SERVER': 'localhost',
'RADIUS_PORT': 1812,
'RADIUS_SECRET': '',
'AUTH_LDAP_SEARCH_PAGED_SIZE': 1000,
'AUTH_LDAP_SYNC_IS_PERIODIC': False,
'AUTH_LDAP_SYNC_INTERVAL': None,
'AUTH_LDAP_SYNC_CRONTAB': None,
'HTTP_BIND_HOST': '0.0.0.0',
'HTTP_LISTEN_PORT': 8080,
'WS_LISTEN_PORT': 8070,
......@@ -386,7 +390,6 @@ defaults = {
'PERM_SINGLE_ASSET_TO_UNGROUP_NODE': False,
'WINDOWS_SSH_DEFAULT_SHELL': 'cmd',
'FLOWER_URL': "127.0.0.1:5555",
'AUTH_LDAP_SEARCH_PAGED_SIZE': 1000,
'DEFAULT_ORG_SHOW_ALL_USERS': True,
}
......
apps/jumpserver/settings.py
View file @ c6fef203
......@@ -357,6 +357,7 @@ EMAIL_PORT = 25
EMAIL_HOST_USER = 'noreply@jumpserver.org'
EMAIL_HOST_PASSWORD = ''
EMAIL_FROM = ''
EMAIL_RECIPIENT = ''
EMAIL_USE_SSL = False
EMAIL_USE_TLS = False
EMAIL_SUBJECT_PREFIX = '[JMS] '
......@@ -425,6 +426,10 @@ OTP_VALID_WINDOW = CONFIG.OTP_VALID_WINDOW
# Auth LDAP settings
AUTH_LDAP = False
AUTH_LDAP_SEARCH_PAGED_SIZE = CONFIG.AUTH_LDAP_SEARCH_PAGED_SIZE
AUTH_LDAP_SYNC_IS_PERIODIC = CONFIG.AUTH_LDAP_SYNC_IS_PERIODIC
AUTH_LDAP_SYNC_INTERVAL = CONFIG.AUTH_LDAP_SYNC_INTERVAL
AUTH_LDAP_SYNC_CRONTAB = CONFIG.AUTH_LDAP_SYNC_CRONTAB
AUTH_LDAP_SERVER_URI = 'ldap://localhost:389'
AUTH_LDAP_BIND_DN = 'cn=admin,dc=jumpserver,dc=org'
AUTH_LDAP_BIND_PASSWORD = ''
......
apps/locale/zh/LC_MESSAGES/django.po
View file @ c6fef203
This diff is collapsed.
apps/settings/api.py
View file @ c6fef203
......@@ -30,6 +30,7 @@ class MailTestingAPI(APIView):
serializer = self.serializer_class(data=request.data)
if serializer.is_valid():
email_from = serializer.validated_data["EMAIL_FROM"]
email_recipient = serializer.validated_data["EMAIL_RECIPIENT"]
email_host_user = serializer.validated_data["EMAIL_HOST_USER"]
for k, v in serializer.validated_data.items():
if k.startswith('EMAIL'):
......@@ -38,11 +39,12 @@ class MailTestingAPI(APIView):
subject = "Test"
message = "Test smtp setting"
email_from = email_from or email_host_user
send_mail(subject, message, email_from, [email_from])
email_recipient = email_recipient or email_from
send_mail(subject, message, email_from, [email_recipient])
except Exception as e:
return Response({"error": str(e)}, status=401)
return Response({"msg": self.success_message.format(email_host_user)})
return Response({"msg": self.success_message.format(email_recipient)})
else:
return Response({"error": str(serializer.errors)}, status=401)
......
apps/settings/forms.py
View file @ c6fef203
......@@ -89,6 +89,10 @@ class EmailSettingForm(BaseForm):
"Tips: Send mail account, default SMTP account as the send account"
)
)
EMAIL_RECIPIENT = forms.CharField(
max_length=128, label=_("Test recipient"), initial='', required=False,
help_text=_("Tips: Used only as a test mail recipient")
)
EMAIL_USE_SSL = forms.BooleanField(
label=_("Use SSL"), initial=False, required=False,
help_text=_("If SMTP port is 465, may be select")
......
apps/settings/serializers.py
View file @ c6fef203
......@@ -7,6 +7,7 @@ class MailTestSerializer(serializers.Serializer):
EMAIL_HOST_USER = serializers.CharField(max_length=1024)
EMAIL_HOST_PASSWORD = serializers.CharField(required=False, allow_blank=True)
EMAIL_FROM = serializers.CharField(required=False, allow_blank=True)
EMAIL_RECIPIENT = serializers.CharField(required=False, allow_blank=True)
EMAIL_USE_SSL = serializers.BooleanField(default=False)
EMAIL_USE_TLS = serializers.BooleanField(default=False)
......
apps/settings/utils.py
View file @ c6fef203
......@@ -170,7 +170,7 @@ class LDAPUtil:
email = construct_user_email(username, email)
return email
def create_or_update_users(self, user_items, force_update=True):
def create_or_update_users(self, user_items):
succeed = failed = 0
for user_item in user_items:
exist = user_item.pop('existing', False)
......@@ -180,13 +180,14 @@ class LDAPUtil:
else:
ok, error = self.update_user(user_item)
if not ok:
logger.info("Failed User: {}".format(user_item))
failed += 1
else:
succeed += 1
result = {'total': len(user_items), 'succeed': succeed, 'failed': failed}
return result
def sync_users(self, username_list):
def sync_users(self, username_list=None):
user_items = self.search_filter_user_items(username_list)
result = self.create_or_update_users(user_items)
return result
apps/users/tasks.py
View file @ c6fef203
......@@ -2,6 +2,7 @@
#
from celery import shared_task
from django.conf import settings
from ops.celery.utils import create_or_update_celery_periodic_tasks
from ops.celery.decorator import after_app_ready_start
......@@ -10,6 +11,7 @@ from .models import User
from .utils import (
send_password_expiration_reminder_mail, send_user_expiration_reminder_mail
)
from settings.utils import LDAPUtil
logger = get_logger(__file__)
......@@ -66,3 +68,36 @@ def check_user_expired_periodic():
}
create_or_update_celery_periodic_tasks(tasks)
@shared_task
def sync_ldap_user():
logger.info("Start sync ldap user periodic task")
util = LDAPUtil()
result = util.sync_users()
logger.info("Result: {}".format(result))
@shared_task
@after_app_ready_start
def sync_ldap_user_periodic():
if not settings.AUTH_LDAP:
return
if not settings.AUTH_LDAP_SYNC_IS_PERIODIC:
return
interval = settings.AUTH_LDAP_SYNC_INTERVAL
if isinstance(interval, int):
interval = interval * 3600
else:
interval = None
crontab = settings.AUTH_LDAP_SYNC_CRONTAB
tasks = {
'sync_ldap_user_periodic': {
'task': sync_ldap_user.name,
'interval': interval,
'crontab': crontab,
'enabled': True,
}
}
create_or_update_celery_periodic_tasks(tasks)
config_example.yml
View file @ c6fef203
......@@ -72,6 +72,13 @@ REDIS_PORT: 6379
# RADIUS_PORT: 1812
# RADIUS_SECRET:
# LDAP/AD 设置定时同步参数
# 启用/禁用
# AUTH_LDAP_SYNC_IS_PERIODIC: True
# 单位: 时
# AUTH_LDAP_SYNC_INTERVAL: 12
# Crontab 表达式
# AUTH_LDAP_SYNC_CRONTAB: * 6 * * *
# OTP settings
# OTP/MFA 配置
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment