Merge pull request #5497 from jumpserver/dev

Dev

apps/assets/models/authbook.py

@@ -57,7 +57,7 @@ class AuthBook(BaseUser):
         同时设置自己的 is_latest=True, version=max_version + 1
         """
         username = kwargs['username']
-        asset = kwargs['asset']
+        asset = kwargs.get('asset') or kwargs.get('asset_id')
         with transaction.atomic():
             # 使用select_for_update限制并发创建相同的username、asset条目
             instances = cls.objects.select_for_update().filter(username=username, asset=asset)

apps/audits/signals_handler.py

@@ -125,7 +125,8 @@ def on_audits_log_create(sender, instance=None, **kwargs):
 
 
 def get_login_backend(request):
-    backend = request.session.get(BACKEND_SESSION_KEY, '')
+    backend = request.session.get('auth_backend', '') or request.session.get(BACKEND_SESSION_KEY, '')
+
     backend = backend.rsplit('.', maxsplit=1)[-1]
     if backend in LOGIN_BACKEND:
         return LOGIN_BACKEND[backend]

apps/authentication/models.py

@@ -69,17 +69,16 @@ class LoginConfirmSetting(CommonModelMixin):
         from tickets import const
         from tickets.models import Ticket
         ticket_title = _('Login confirm') + ' {}'.format(self.user)
-        ticket_applicant = self.user
         ticket_meta = self.construct_confirm_ticket_meta(request)
         ticket_assignees = self.reviewers.all()
         data = {
             'title': ticket_title,
             'type': const.TicketTypeChoices.login_confirm.value,
-            'applicant': ticket_applicant,
             'meta': ticket_meta,
         }
         ticket = Ticket.objects.create(**data)
         ticket.assignees.set(ticket_assignees)
+        ticket.open(self.user)
         return ticket
 
     def __str__(self):

apps/locale/zh/LC_MESSAGES/django.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: JumpServer 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2021-01-19 20:03+0800\n"
+"POT-Creation-Date: 2021-01-20 16:09+0800\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: JumpServer team<ibuler@qq.com>\n"
@@ -268,7 +268,7 @@ msgstr "主机名"
 
 #: assets/models/asset.py:194 assets/models/domain.py:54
 #: assets/models/user.py:120 terminal/serializers/session.py:29
-#: terminal/serializers/storage.py:68
+#: terminal/serializers/storage.py:69
 msgid "Protocol"
 msgstr "协议"
 
@@ -555,7 +555,7 @@ msgstr "默认资产组"
 
 #: assets/models/label.py:15 audits/models.py:36 audits/models.py:56
 #: audits/models.py:69 audits/serializers.py:81 authentication/models.py:44
-#: authentication/models.py:96 orgs/models.py:18 orgs/models.py:423
+#: authentication/models.py:95 orgs/models.py:18 orgs/models.py:423
 #: perms/models/asset_permission.py:173 perms/models/base.py:49
 #: templates/index.html:78 terminal/backends/command/models.py:18
 #: terminal/backends/command/serializers.py:12 terminal/models/session.py:37
@@ -653,7 +653,7 @@ msgstr "登录模式"
 msgid "SFTP Root"
 msgstr "SFTP根路径"
 
-#: assets/models/user.py:127 authentication/models.py:94
+#: assets/models/user.py:127 authentication/models.py:93
 msgid "Token"
 msgstr ""
 
@@ -726,7 +726,7 @@ msgstr "硬件信息"
 msgid "Org name"
 msgstr "组织名称"
 
-#: assets/serializers/asset.py:162 assets/serializers/asset.py:193
+#: assets/serializers/asset.py:162 assets/serializers/asset.py:201
 msgid "Connectivity"
 msgstr "连接"
 
@@ -1129,7 +1129,7 @@ msgstr "是否成功"
 msgid "Result"
 msgstr "结果"
 
-#: audits/serializers.py:79 terminal/serializers/storage.py:177
+#: audits/serializers.py:79 terminal/serializers/storage.py:178
 msgid "Hosts"
 msgstr "主机"
 
@@ -1324,7 +1324,7 @@ msgstr "审批人"
 msgid "Login confirm"
 msgstr "登录复核"
 
-#: authentication/models.py:95
+#: authentication/models.py:94
 msgid "Expired"
 msgstr "过期时间"
 
@@ -2714,60 +2714,60 @@ msgstr "是否可重放"
 msgid "Can join"
 msgstr "是否可加入"
 
-#: terminal/serializers/storage.py:20
+#: terminal/serializers/storage.py:21
 msgid "Endpoint invalid: remove path `{}`"
 msgstr "端点无效: 移除路径 `{}`"
 
-#: terminal/serializers/storage.py:26
+#: terminal/serializers/storage.py:27
 msgid "Bucket"
 msgstr "桶名称"
 
-#: terminal/serializers/storage.py:29
+#: terminal/serializers/storage.py:30
 msgid "Access key"
 msgstr ""
 
-#: terminal/serializers/storage.py:33
+#: terminal/serializers/storage.py:34
 msgid "Secret key"
 msgstr ""
 
-#: terminal/serializers/storage.py:38 terminal/serializers/storage.py:50
-#: terminal/serializers/storage.py:80
+#: terminal/serializers/storage.py:39 terminal/serializers/storage.py:51
+#: terminal/serializers/storage.py:81
 msgid "Endpoint"
 msgstr "端点"
 
-#: terminal/serializers/storage.py:65 xpack/plugins/cloud/models.py:276
+#: terminal/serializers/storage.py:66 xpack/plugins/cloud/models.py:276
 msgid "Region"
 msgstr "地域"
 
-#: terminal/serializers/storage.py:90
+#: terminal/serializers/storage.py:91
 msgid "Container name"
 msgstr "容器名称"
 
-#: terminal/serializers/storage.py:92
+#: terminal/serializers/storage.py:93
 msgid "Account name"
 msgstr "账户名称"
 
-#: terminal/serializers/storage.py:93
+#: terminal/serializers/storage.py:94
 msgid "Account key"
 msgstr "账户密钥"
 
-#: terminal/serializers/storage.py:96
+#: terminal/serializers/storage.py:97
 msgid "Endpoint suffix"
 msgstr "端点后缀"
 
-#: terminal/serializers/storage.py:154
+#: terminal/serializers/storage.py:155
 msgid "The address format is incorrect"
 msgstr "地址格式不正确"
 
-#: terminal/serializers/storage.py:161
+#: terminal/serializers/storage.py:162
 msgid "Host invalid"
 msgstr "主机无效"
 
-#: terminal/serializers/storage.py:164
+#: terminal/serializers/storage.py:165
 msgid "Port invalid"
 msgstr "端口无效"
 
-#: terminal/serializers/storage.py:180
+#: terminal/serializers/storage.py:181
 msgid "Index"
 msgstr "索引"
 
@@ -2911,8 +2911,8 @@ msgid "Approved actions"
 msgstr "批准的动作"
 
 #: tickets/handler/base.py:62
-msgid "User {} {} the ticket"
-msgstr "用户 {} {} 这个工单"
+msgid "{} {} the ticket"
+msgstr "{} {}工单"
 
 #: tickets/handler/base.py:91
 msgid "Ticket title"
@@ -3236,7 +3236,7 @@ msgid "Join user groups"
 msgstr "添加到用户组"
 
 #: users/forms/user.py:103 users/views/profile/password.py:59
-#: users/views/profile/reset.py:127
+#: users/views/profile/reset.py:126
 msgid "* Your password does not meet the requirements"
 msgstr "* 您的密码不符合要求"
 
@@ -3867,7 +3867,7 @@ msgstr "新的公钥已设置成功，请下载对应的私钥"
 msgid "Update user"
 msgstr "更新用户"
 
-#: users/templates/users/user_update.html:22 users/views/profile/reset.py:120
+#: users/templates/users/user_update.html:22 users/views/profile/reset.py:119
 msgid "User auth from {}, go there change password"
 msgstr "用户认证源来自 {}, 请去相应系统修改密码"
 
@@ -3975,7 +3975,7 @@ msgstr ""
 "    <br>\n"
 "    "
 
-#: users/utils.py:116 users/views/profile/reset.py:80
+#: users/utils.py:116 users/views/profile/reset.py:79
 msgid "Reset password success"
 msgstr "重置密码成功"
 
@@ -4188,20 +4188,20 @@ msgid ""
 "password"
 msgstr "用户来自 {} 请去相应系统修改密码"
 
-#: users/views/profile/reset.py:66
+#: users/views/profile/reset.py:65
 msgid "Send reset password message"
 msgstr "发送重置密码邮件"
 
-#: users/views/profile/reset.py:67
+#: users/views/profile/reset.py:66
 msgid "Send reset password mail success, login your mail box and follow it "
 msgstr ""
 "发送重置邮件成功, 请登录邮箱查看, 按照提示操作 (如果没收到,请等待3-5分钟)"
 
-#: users/views/profile/reset.py:81
+#: users/views/profile/reset.py:80
 msgid "Reset password success, return to login page"
 msgstr "重置密码成功，返回到登录页面"
 
-#: users/views/profile/reset.py:105 users/views/profile/reset.py:115
+#: users/views/profile/reset.py:104 users/views/profile/reset.py:114
 msgid "Token invalid or expired"
 msgstr "Token错误或失效"
 

apps/terminal/backends/command/serializers.py

@@ -9,7 +9,7 @@ class SessionCommandSerializer(serializers.Serializer):
     """使用这个类作为基础Command Log Serializer类, 用来序列化"""
 
     id = serializers.UUIDField(read_only=True)
-    user = serializers.CharField(max_length=64, label=_("User"))
+    user = serializers.CharField(label=_("User"))  # 限制 64 字符，见 validate_user
     asset = serializers.CharField(max_length=128, label=_("Asset"))
     system_user = serializers.CharField(max_length=64, label=_("System user"))
     input = serializers.CharField(max_length=128, label=_("Command"))
@@ -25,6 +25,11 @@ class SessionCommandSerializer(serializers.Serializer):
         risk_mapper = dict(AbstractSessionCommand.RISK_LEVEL_CHOICES)
         return risk_mapper.get(obj.risk_level)
 
+    def validate_user(self, value):
+        if len(value) > 64:
+            value = value[:32] + value[-32:]
+        return value
+
 
 class InsecureCommandAlertSerializer(serializers.Serializer):
     input = serializers.CharField()

apps/terminal/serializers/storage.py

@@ -6,6 +6,7 @@ from urllib.parse import urlparse
 from django.utils.translation import ugettext_lazy as _
 from django.db.models import TextChoices
 from common.drf.serializers import MethodSerializer
+from common.drf.fields import ReadableHiddenField
 from ..models import ReplayStorage, CommandStorage
 from .. import const
 
@@ -170,7 +171,7 @@ class CommandStorageTypeESSerializer(serializers.Serializer):
 
     hosts_help_text = '''
         Tip: If there are multiple hosts, use a comma (,) to separate them. 
-        (eg: http://www.jumpserver.a.com, http://www.jumpserver.b.com)
+        (eg: http://www.jumpserver.a.com:9100, http://www.jumpserver.b.com:9100)
     '''
     HOSTS = serializers.ListField(
         child=serializers.CharField(validators=[command_storage_es_host_format_validator]),
@@ -179,9 +180,8 @@ class CommandStorageTypeESSerializer(serializers.Serializer):
     INDEX = serializers.CharField(
         max_length=1024, default='jumpserver', label=_('Index'), allow_null=True
     )
-    DOC_TYPE = serializers.CharField(
-        max_length=1024, read_only=True, default='command', label=_('Doc type'), allow_null=True
-    )
+    DOC_TYPE = ReadableHiddenField(default='command', label=_('Doc type'), allow_null=True)
+
 
 # mapping
 

apps/tickets/handler/base.py

@@ -59,7 +59,7 @@ class BaseHandler(object):
         user_display = str(user)
         action_display = self.ticket.get_action_display()
         data = {
-            'body': _('User {} {} the ticket'.format(user_display, action_display)),
+            'body': _('{} {} the ticket').format(user_display, action_display),
             'user': user,
             'user_display': user_display
         }

apps/users/views/profile/reset.py

@@ -49,8 +49,7 @@ class UserForgotPasswordView(FormView):
         if not user.is_local:
             error = _(
                 'The user is from {}, please go to the corresponding system to change the password'
-                ''.format(user.get_source_display())
-            )
+            ).format(user.get_source_display())
             form.add_error('email', error)
             return self.form_invalid(form)