Merge pull request #2642 from jumpserver/dev

Dev

README.md

@@ -201,8 +201,7 @@ Jumpserver 采纳分布式架构，支持多机房跨区域部署，中心节点
 
 
 ### License & Copyright
-----
-Copyright (c) 2014-2019 Beijing Duizhan Tech, Inc., All rights reserved.
+Copyright (c) 2014-2019 飞致云 FIT2CLOUD, All rights reserved.
 
 Licensed under The GNU General Public License version 2 (GPLv2)  (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
 

apps/assets/api/asset.py

 # -*- coding: utf-8 -*-
 #
 
+import uuid
 import random
 
 from rest_framework import generics
+from rest_framework.views import APIView
 from rest_framework.response import Response
 from rest_framework_bulk import BulkModelViewSet
 from rest_framework_bulk import ListBulkCreateUpdateDestroyAPIView
 from rest_framework.pagination import LimitOffsetPagination
+from django.utils.translation import ugettext_lazy as _
 from django.shortcuts import get_object_or_404
+from django.urls import reverse_lazy
+from django.core.cache import cache
 from django.db.models import Q
 
 from common.mixins import IDInFilterMixin
 from common.utils import get_logger
 from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser
+from ..const import CACHE_KEY_ASSET_BULK_UPDATE_ID_PREFIX
 from ..models import Asset, AdminUser, Node
 from .. import serializers
 from ..tasks import update_asset_hardware_info_manual, \
@@ -25,7 +31,7 @@ logger = get_logger(__file__)
 __all__ = [
     'AssetViewSet', 'AssetListUpdateApi',
     'AssetRefreshHardwareApi', 'AssetAdminUserTestApi',
-    'AssetGatewayApi'
+    'AssetGatewayApi', 'AssetBulkUpdateSelectAPI'
 ]
 
 
@@ -92,6 +98,21 @@ class AssetListUpdateApi(IDInFilterMixin, ListBulkCreateUpdateDestroyAPIView):
     permission_classes = (IsOrgAdmin,)
 
 
+class AssetBulkUpdateSelectAPI(APIView):
+    permission_classes = (IsOrgAdmin,)
+
+    def post(self, request, *args, **kwargs):
+        assets_id = request.data.get('assets_id', '')
+        if assets_id:
+            spm = uuid.uuid4().hex
+            key = CACHE_KEY_ASSET_BULK_UPDATE_ID_PREFIX.format(spm)
+            cache.set(key, assets_id, 300)
+            url = reverse_lazy('assets:asset-bulk-update') + '?spm=%s' % spm
+            return Response({'url': url})
+        error = _('Please select assets that need to be updated')
+        return Response({'error': error}, status=400)
+
+
 class AssetRefreshHardwareApi(generics.RetrieveAPIView):
     """
     Refresh asset hardware info

apps/assets/const.py

@@ -48,3 +48,6 @@ TASK_OPTIONS = {
     'timeout': 10,
     'forks': 10,
 }
+
+CACHE_KEY_ASSET_BULK_UPDATE_ID_PREFIX = '_KEY_ASSET_BULK_UPDATE_ID_{}'
+

apps/assets/serializers/admin_user.py

@@ -3,6 +3,8 @@
 from django.core.cache import cache
 from rest_framework import serializers
 
+from common.serializers import AdaptedBulkListSerializer
+
 from ..models import Node, AdminUser
 from ..const import ADMIN_USER_CONN_CACHE_KEY
 
@@ -18,6 +20,7 @@ class AdminUserSerializer(serializers.ModelSerializer):
     reachable_amount = serializers.SerializerMethodField()
 
     class Meta:
+        list_serializer_class = AdaptedBulkListSerializer
         model = AdminUser
         fields = '__all__'
 

apps/assets/serializers/asset.py

 # -*- coding: utf-8 -*-
 #
 from rest_framework import serializers
-from rest_framework_bulk.serializers import BulkListSerializer
 
 from common.mixins import BulkSerializerMixin
+from common.serializers import AdaptedBulkListSerializer
 from ..models import Asset
 from .system_user import AssetSystemUserSerializer
 
@@ -19,7 +19,7 @@ class AssetSerializer(BulkSerializerMixin, serializers.ModelSerializer):
     """
     class Meta:
         model = Asset
-        list_serializer_class = BulkListSerializer
+        list_serializer_class = AdaptedBulkListSerializer
         fields = '__all__'
         validators = []
 

apps/assets/serializers/cmd_filter.py

@@ -3,6 +3,7 @@
 from rest_framework import serializers
 
 from common.fields import ChoiceDisplayField
+from common.serializers import AdaptedBulkListSerializer
 from ..models import CommandFilter, CommandFilterRule, SystemUser
 
 
@@ -12,6 +13,7 @@ class CommandFilterSerializer(serializers.ModelSerializer):
 
     class Meta:
         model = CommandFilter
+        list_serializer_class = AdaptedBulkListSerializer
         fields = '__all__'
 
 
@@ -21,3 +23,4 @@ class CommandFilterRuleSerializer(serializers.ModelSerializer):
     class Meta:
         model = CommandFilterRule
         fields = '__all__'
+        list_serializer_class = AdaptedBulkListSerializer

apps/assets/serializers/domain.py

@@ -2,6 +2,8 @@
 #
 from rest_framework import serializers
 
+from common.serializers import AdaptedBulkListSerializer
+
 from ..models import Domain, Gateway
 
 
@@ -12,6 +14,7 @@ class DomainSerializer(serializers.ModelSerializer):
     class Meta:
         model = Domain
         fields = '__all__'
+        list_serializer_class = AdaptedBulkListSerializer
 
     @staticmethod
     def get_asset_count(obj):
@@ -25,6 +28,7 @@ class DomainSerializer(serializers.ModelSerializer):
 class GatewaySerializer(serializers.ModelSerializer):
     class Meta:
         model = Gateway
+        list_serializer_class = AdaptedBulkListSerializer
         fields = [
             'id', 'name', 'ip', 'port', 'protocol', 'username',
             'domain', 'is_active', 'date_created', 'date_updated',

apps/assets/serializers/label.py

 # -*- coding: utf-8 -*-
 #
 from rest_framework import serializers
-from rest_framework_bulk.serializers import BulkListSerializer
+
+from common.serializers import AdaptedBulkListSerializer
 
 from ..models import Label
 
@@ -12,7 +13,7 @@ class LabelSerializer(serializers.ModelSerializer):
     class Meta:
         model = Label
         fields = '__all__'
-        list_serializer_class = BulkListSerializer
+        list_serializer_class = AdaptedBulkListSerializer
 
     @staticmethod
     def get_asset_count(obj):

apps/assets/serializers/system_user.py

 from rest_framework import serializers
 
+from common.serializers import AdaptedBulkListSerializer
+
 from ..models import SystemUser, Asset
 from .base import AuthSerializer
 
@@ -17,6 +19,7 @@ class SystemUserSerializer(serializers.ModelSerializer):
     class Meta:
         model = SystemUser
         exclude = ('_password', '_private_key', '_public_key')
+        list_serializer_class = AdaptedBulkListSerializer
 
     def get_field_names(self, declared_fields, info):
         fields = super(SystemUserSerializer, self).get_field_names(declared_fields, info)
@@ -61,13 +64,19 @@ class AssetSystemUserSerializer(serializers.ModelSerializer):
     """
     查看授权的资产系统用户的数据结构，这个和AssetSerializer不同，字段少
     """
+    actions = serializers.SerializerMethodField()
+
     class Meta:
         model = SystemUser
         fields = (
             'id', 'name', 'username', 'priority',
-            'protocol',  'comment', 'login_mode'
+            'protocol',  'comment', 'login_mode', 'actions',
         )
 
+    @staticmethod
+    def get_actions(obj):
+        return [action.name for action in obj.actions]
+
 
 class SystemUserSimpleSerializer(serializers.ModelSerializer):
     """

apps/assets/templates/assets/admin_user_assets.html

@@ -98,6 +98,7 @@ function initTable() {
 		order: [],
 		columnDefs: [
 			{targets: 0, createdCell: function (td, cellData, rowData) {
+			    cellData = htmlEscape(cellData);
 				var detail_btn = '<a href="{% url "assets:asset-detail" pk=DEFAULT_PK %}" data-aid="'+rowData.id+'">' + cellData + '</a>';
 				$(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
 			}},

apps/assets/templates/assets/admin_user_list.html

@@ -44,9 +44,10 @@ $(document).ready(function(){
     var options = {
         ele: $('#admin_user_list_table'),
         columnDefs: [
-            {targets: 1, createdCell: function (td, cellData, rowData) {
+            {targets: 1, render: function (cellData, tp, rowData, meta) {
+                cellData = htmlEscape(cellData);
                 var detail_btn = '<a href="{% url "assets:admin-user-detail" pk=DEFAULT_PK %}">' + cellData + '</a>';
-                $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
+                return detail_btn.replace('{{ DEFAULT_PK }}', rowData.id);
             }},
             {targets: 4, createdCell: function (td, cellData) {
                 var innerHtml = "";
@@ -82,7 +83,6 @@ $(document).ready(function(){
                     innerHtml = "<span class='text-danger'>" + num.toFixed(1) + "% </span>";
                 }
                 $(td).html('<span href="javascript:void(0);" data-toggle="tooltip" title="' + cellData + '">' + innerHtml + '</span>');
-
             }},
             {targets: 8, createdCell: function (td, cellData, rowData) {
                 var update_btn = '<a href="{% url "assets:admin-user-update" pk=DEFAULT_PK %}" class="btn btn-xs m-l-xs btn-info">{% trans "Update" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
@@ -90,8 +90,8 @@ $(document).ready(function(){
                 $(td).html(update_btn + del_btn)
              }}],
         ajax_url: '{% url "api-assets:admin-user-list" %}',
-        columns: [{data: function(){return ""}}, {data: "name" }, {data: "username" }, {data: "assets_amount" },
-                  {data: "reachable_amount"}, {data: "unreachable_amount"}, {data: "id"}, {data: "comment" }, {data: "id" }]
+        columns: [{data: function(){return ""}}, {data: "name"}, {data: "username" }, {data: "assets_amount" },
+                  {data: "reachable_amount"}, {data: "unreachable_amount"}, {data: "id"}, {data: "comment"}, {data: "id"}]
     };
     jumpserver.initServerSideDataTable(options)
 })

apps/assets/templates/assets/asset_list.html

@@ -156,6 +156,7 @@ function initTable() {
         ele: $('#asset_list_table'),
         columnDefs: [
             {targets: 1, createdCell: function (td, cellData, rowData) {
+                cellData = htmlEscape(cellData);
                 {% url 'assets:asset-detail' pk=DEFAULT_PK as the_url  %}
                 var detail_btn = '<a href="{{ the_url }}">' + cellData + '</a>';
                 $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
@@ -657,9 +658,23 @@ $(document).ready(function(){
         });
     }
     function doUpdate() {
-        var id_list_string = id_list.join(',');
-        var url = "{% url 'assets:asset-bulk-update' %}?assets_id=" + id_list_string;
-        location.href = url
+        var data = {
+            'assets_id':id_list
+        };
+        function error(data) {
+            toastr.error(JSON.parse(data).error)
+        }
+        function success(data) {
+            location.href = data.url;
+         }
+        APIUpdateAttr({
+            'url': "{% url 'api-assets:asset-bulk-update-select' %}",
+            'method': 'POST',
+            'body': JSON.stringify(data),
+            'flash_message': false,
+            'success': success,
+             'error': error,
+        })
     }
 
     function doRemove() {

apps/assets/templates/assets/cmd_filter_list.html

@@ -40,6 +40,7 @@ function initTable() {
         ele: $('#cmd_filter_list_table'),
         columnDefs: [
             {targets: 1, createdCell: function (td, cellData, rowData) {
+                cellData = htmlEscape(cellData);
                 var detail_btn = '<a href="{% url 'assets:cmd-filter-detail' pk=DEFAULT_PK %}">' + cellData + '</a>';
                 $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
             }},

apps/assets/templates/assets/domain_list.html

@@ -41,6 +41,7 @@ function initTable() {
         ele: $('#domain_list_table'),
         columnDefs: [
             {targets: 1, createdCell: function (td, cellData, rowData) {
+                cellData = htmlEscape(cellData);
                 var detail_btn = '<a href="{% url "assets:domain-detail" pk=DEFAULT_PK %}">' + cellData + '</a>';
                 $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
              }},

apps/assets/templates/assets/label_list.html

@@ -30,6 +30,7 @@ function initTable() {
         columnDefs: [
             {targets: 1, createdCell: function (td, cellData, rowData) {
 {#                var detail_btn = '<a href="{% url "assets:label-detail" pk=DEFAULT_PK %}">' + cellData + '</a>';#}
+                cellData = htmlEscape(cellData);
                 var detail_btn = '<a>' + cellData + '</a>';
                 $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
              }},

apps/assets/templates/assets/system_user_asset.html

@@ -144,6 +144,7 @@ function initAssetsTable() {
 		order: [],
 		columnDefs: [
 			{targets: 0, createdCell: function (td, cellData, rowData) {
+			    cellData = htmlEscape(cellData);
 				var detail_btn = '<a href="{% url "assets:asset-detail" pk=DEFAULT_PK %}" data-aid="'+rowData.id+'">' + cellData + '</a>';
 				$(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
 			}},

apps/assets/templates/assets/system_user_list.html

@@ -49,6 +49,7 @@ function initTable() {
         ele: $('#system_user_list_table'),
         columnDefs: [
             {targets: 1, createdCell: function (td, cellData, rowData) {
+                cellData = htmlEscape(cellData);
                 var detail_btn = '<a href="{% url "assets:system-user-detail" pk=DEFAULT_PK %}">' + cellData + '</a>';
                 $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
             }},

apps/assets/urls/api_urls.py

@@ -25,6 +25,8 @@ cmd_filter_router.register(r'rules', api.CommandFilterRuleViewSet, 'cmd-filter-r
 
 urlpatterns = [
     path('assets-bulk/', api.AssetListUpdateApi.as_view(), name='asset-bulk-update'),
+    path('asset/update/select/',
+         api.AssetBulkUpdateSelectAPI.as_view(), name='asset-bulk-update-select'),
     path('assets/<uuid:pk>/refresh/',
          api.AssetRefreshHardwareApi.as_view(), name='asset-refresh'),
     path('assets/<uuid:pk>/alive/',

apps/assets/views/asset.py

@@ -28,6 +28,7 @@ from common.mixins import JSONResponseMixin
 from common.utils import get_object_or_none, get_logger
 from common.permissions import AdminUserRequiredMixin
 from common.const import create_success_msg, update_success_msg
+from ..const import CACHE_KEY_ASSET_BULK_UPDATE_ID_PREFIX
 from orgs.utils import current_org
 from .. import forms
 from ..models import Asset, AdminUser, SystemUser, Label, Node, Domain
@@ -120,15 +121,12 @@ class AssetBulkUpdateView(AdminUserRequiredMixin, ListView):
     form = None
 
     def get(self, request, *args, **kwargs):
-        assets_id = self.request.GET.get('assets_id', '')
-        self.id_list = [i for i in assets_id.split(',')]
-
+        spm = request.GET.get('spm', '')
+        assets_id = cache.get(CACHE_KEY_ASSET_BULK_UPDATE_ID_PREFIX.format(spm))
         if kwargs.get('form'):
             self.form = kwargs['form']
         elif assets_id:
-            self.form = self.form_class(
-                initial={'assets': self.id_list}
-            )
+            self.form = self.form_class(initial={'assets': assets_id})
         else:
             self.form = self.form_class()
         return super().get(request, *args, **kwargs)

apps/authentication/backends/openid/middleware.py

@@ -23,15 +23,15 @@ class OpenIDAuthenticationMiddleware(MiddlewareMixin):
     def process_request(self, request):
         # Don't need openid auth if AUTH_OPENID is False
         if not settings.AUTH_OPENID:
-            logger.info("Not settings.AUTH_OPENID")
+            logger.debug("Not settings.AUTH_OPENID")
             return
         # Don't need check single logout if user not authenticated
         if not request.user.is_authenticated:
-            logger.info("User is not authenticated")
+            logger.debug("User is not authenticated")
             return
         elif not request.session[BACKEND_SESSION_KEY].endswith(
                 BACKEND_OPENID_AUTH_CODE):
-            logger.info("BACKEND_SESSION_KEY is not BACKEND_OPENID_AUTH_CODE")
+            logger.debug("BACKEND_SESSION_KEY is not BACKEND_OPENID_AUTH_CODE")
             return
 
         # Check openid user single logout or not with access_token
@@ -40,7 +40,6 @@ class OpenIDAuthenticationMiddleware(MiddlewareMixin):
             client.openid_connect_client.userinfo(
                 token=request.session.get(OIDT_ACCESS_TOKEN)
             )
-
         except Exception as e:
             logout(request)
             logger.error(e)