Merge pull request #5813 from jumpserver/master

v2.8.1

apps/authentication/backends/ldap.py

@@ -27,6 +27,39 @@ class LDAPAuthorizationBackend(LDAPBackend):
         is_valid = getattr(user, 'is_valid', None)
         return is_valid or is_valid is None
 
+    def get_or_build_user(self, username, ldap_user):
+        """
+                This must return a (User, built) 2-tuple for the given LDAP user.
+
+                username is the Django-friendly username of the user. ldap_user.dn is
+                the user's DN and ldap_user.attrs contains all of their LDAP
+                attributes.
+
+                The returned User object may be an unsaved model instance.
+
+                """
+        model = self.get_user_model()
+
+        if self.settings.USER_QUERY_FIELD:
+            query_field = self.settings.USER_QUERY_FIELD
+            query_value = ldap_user.attrs[self.settings.USER_ATTR_MAP[query_field]][0]
+            query_value = query_value.strip()
+            lookup = query_field
+        else:
+            query_field = model.USERNAME_FIELD
+            query_value = username.lower()
+            lookup = "{}__iexact".format(query_field)
+
+        try:
+            user = model.objects.get(**{lookup: query_value})
+        except model.DoesNotExist:
+            user = model(**{query_field: query_value})
+            built = True
+        else:
+            built = False
+
+        return (user, built)
+
     def pre_check(self, username, password):
         if not settings.AUTH_LDAP:
             error = 'Not enabled auth ldap'
@@ -128,6 +161,7 @@ class LDAPUser(_LDAPUser):
         for field, attr in self.settings.USER_ATTR_MAP.items():
             try:
                 value = self.attrs[attr][0]
+                value = value.strip()
                 if attr.lower() == 'useraccountcontrol' \
                         and field == 'is_active' and value:
                     value = int(value) & LDAP_AD_ACCOUNT_DISABLE \

apps/locale/zh/LC_MESSAGES/django.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: JumpServer 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2021-03-17 18:17+0800\n"
+"POT-Creation-Date: 2021-03-19 14:34+0800\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: JumpServer team<ibuler@qq.com>\n"
@@ -428,7 +428,7 @@ msgstr "激活"
 
 #: assets/models/asset.py:196 assets/models/cluster.py:19
 #: assets/models/user.py:66 templates/_nav.html:44
-#: xpack/plugins/cloud/models.py:92 xpack/plugins/cloud/serializers.py:137
+#: xpack/plugins/cloud/models.py:92 xpack/plugins/cloud/serializers.py:138
 msgid "Admin user"
 msgstr "管理用户"
 
@@ -693,7 +693,7 @@ msgstr "ssh私钥"
 #: users/templates/users/user_asset_permission.html:41
 #: users/templates/users/user_asset_permission.html:73
 #: users/templates/users/user_asset_permission.html:158
-#: xpack/plugins/cloud/models.py:89 xpack/plugins/cloud/serializers.py:138
+#: xpack/plugins/cloud/models.py:89 xpack/plugins/cloud/serializers.py:139
 msgid "Node"
 msgstr "节点"
 
@@ -1140,7 +1140,7 @@ msgstr "启用"
 msgid "-"
 msgstr ""
 
-#: audits/models.py:96 xpack/plugins/cloud/const.py:23
+#: audits/models.py:96 xpack/plugins/cloud/const.py:24
 msgid "Failed"
 msgstr "失败"
 
@@ -1879,10 +1879,6 @@ msgstr "`{model._meta.verbose_name}` 存在数据, 请先删除"
 msgid "The current organization cannot be deleted"
 msgstr "当前组织不能被删除"
 
-#: orgs/mixins/api.py:46
-msgid "Root organization only allow view and delete"
-msgstr "全局组织仅支持 查看和删除"
-
 #: orgs/mixins/models.py:45 orgs/mixins/serializers.py:25 orgs/models.py:36
 #: orgs/models.py:416 orgs/serializers.py:101
 #: tickets/serializers/ticket/ticket.py:81
@@ -3788,7 +3784,7 @@ msgstr "安全令牌验证"
 
 #: users/templates/users/_base_otp.html:14 users/templates/users/_user.html:13
 #: users/templates/users/user_profile_update.html:55
-#: xpack/plugins/cloud/models.py:78 xpack/plugins/cloud/serializers.py:136
+#: xpack/plugins/cloud/models.py:78 xpack/plugins/cloud/serializers.py:137
 msgid "Account"
 msgstr "账户"
 
@@ -4778,42 +4774,46 @@ msgid "Azure (China)"
 msgstr "Azure (中国)"
 
 #: xpack/plugins/cloud/const.py:12
+msgid "Azure (International)"
+msgstr "Azure (国际)"
+
+#: xpack/plugins/cloud/const.py:13
 msgid "Huawei Cloud"
 msgstr "华为云"
 
-#: xpack/plugins/cloud/const.py:13
+#: xpack/plugins/cloud/const.py:14
 msgid "Tencent Cloud"
 msgstr "腾讯云"
 
-#: xpack/plugins/cloud/const.py:14
+#: xpack/plugins/cloud/const.py:15
 msgid "VMware"
 msgstr ""
 
-#: xpack/plugins/cloud/const.py:18
+#: xpack/plugins/cloud/const.py:19
 msgid "Instance name"
 msgstr "实例名称"
 
-#: xpack/plugins/cloud/const.py:19
+#: xpack/plugins/cloud/const.py:20
 msgid "Instance name and Partial IP"
 msgstr "实例名称和部分IP"
 
-#: xpack/plugins/cloud/const.py:24
+#: xpack/plugins/cloud/const.py:25
 msgid "Succeed"
 msgstr "成功"
 
-#: xpack/plugins/cloud/const.py:28
+#: xpack/plugins/cloud/const.py:29
 msgid "Unsync"
 msgstr "未同步"
 
-#: xpack/plugins/cloud/const.py:29
+#: xpack/plugins/cloud/const.py:30
 msgid "New Sync"
 msgstr "新同步"
 
-#: xpack/plugins/cloud/const.py:30
+#: xpack/plugins/cloud/const.py:31
 msgid "Synced"
 msgstr "已同步"
 
-#: xpack/plugins/cloud/const.py:31
+#: xpack/plugins/cloud/const.py:32
 msgid "Released"
 msgstr "已释放"
 
@@ -4829,7 +4829,7 @@ msgstr "云服务商"
 msgid "Cloud account"
 msgstr "云账号"
 
-#: xpack/plugins/cloud/models.py:81 xpack/plugins/cloud/serializers.py:117
+#: xpack/plugins/cloud/models.py:81 xpack/plugins/cloud/serializers.py:118
 msgid "Regions"
 msgstr "地域"
 
@@ -4837,7 +4837,7 @@ msgstr "地域"
 msgid "Hostname strategy"
 msgstr "主机名策略"
 
-#: xpack/plugins/cloud/models.py:95 xpack/plugins/cloud/serializers.py:140
+#: xpack/plugins/cloud/models.py:95 xpack/plugins/cloud/serializers.py:141
 msgid "Always update"
 msgstr "总是更新"
 
@@ -5029,15 +5029,15 @@ msgstr ""
 msgid "Subscription ID"
 msgstr ""
 
-#: xpack/plugins/cloud/serializers.py:115
+#: xpack/plugins/cloud/serializers.py:116
 msgid "History count"
 msgstr "执行次数"
 
-#: xpack/plugins/cloud/serializers.py:116
+#: xpack/plugins/cloud/serializers.py:117
 msgid "Instance count"
 msgstr "实例个数"
 
-#: xpack/plugins/cloud/serializers.py:139
+#: xpack/plugins/cloud/serializers.py:140
 #: xpack/plugins/gathered_user/serializers.py:20
 msgid "Periodic display"
 msgstr "定时执行"
@@ -5130,6 +5130,9 @@ msgstr "旗舰版"
 msgid "Community edition"
 msgstr "社区版"
 
+#~ msgid "Root organization only allow view and delete"
+#~ msgstr "全局组织仅支持 查看和删除"
+
 #~ msgid ""
 #~ "Push system user task skip, auto push not enable or protocol is not ssh "
 #~ "or rdp: {}"

apps/perms/api/asset/user_permission/common.py

@@ -81,7 +81,7 @@ class ValidateUserAssetPermissionApi(APIView):
         except ValueError:
             return Response({'msg': False}, status=403)
 
-        asset = get_object_or_404(Asset, id=asset_id)
+        asset = get_object_or_404(Asset, id=asset_id, is_active=True)
         system_user = get_object_or_404(SystemUser, id=system_id)
 
         system_users_actions = get_asset_system_user_ids_with_actions_by_user(self.get_user(), asset)
@@ -116,7 +116,7 @@ class UserGrantedAssetSystemUsersForAdminApi(ListAPIView):
 
     def get_queryset(self):
         asset_id = self.kwargs.get('asset_id')
-        asset = get_object_or_404(Asset, id=asset_id)
+        asset = get_object_or_404(Asset, id=asset_id, is_active=True)
         system_users_with_actions = self.get_asset_system_user_ids_with_actions(asset)
         system_user_ids = system_users_with_actions.keys()
         system_users = SystemUser.objects.filter(id__in=system_user_ids)\

apps/perms/signals_handler/refresh_perms.py

@@ -27,8 +27,7 @@ def on_user_groups_change(sender, instance, action, reverse, pk_set, **kwargs):
     else:
         group_ids = pk_set
         user_ids = [instance.id]
-
-        group = UserGroup.objects.get(id=group_ids[0])
+        group = UserGroup.objects.get(id=list(group_ids)[0])
         org_id = group.org_id
 
     exists = AssetPermission.user_groups.through.objects.filter(usergroup_id__in=group_ids).exists()