def password_update(request):
changepasswd_form = ChangePasswdForm(request.POST)
if changepasswd_form.is_valid():
username = request.session.get('username')
oldpassword = changepasswd_form.cleaned_data.get('oldpasswd')
newpasswd = changepasswd_form.cleaned_data.get('newpasswd')
newpasswdagain = changepasswd_form.cleaned_data.get('newpasswdagain')
try:
user = User.objects.get(username=username)
if not user.enabled:
error_message = '用户已禁用!'
login_event_log(user, 4, '用户 [{}] 已禁用'.format(user.username), request.META.get('REMOTE_ADDR', None), request.META.get('HTTP_USER_AGENT', None))
return JsonResponse({"code": 401, "err": error_message})
if newpasswd != newpasswdagain:
error_message = '两次输入的新密码不一致'
login_event_log(user, 4, '两次输入的新密码不一致', request.META.get('REMOTE_ADDR', None), request.META.get('HTTP_USER_AGENT', None))
return JsonResponse({"code": 400, "err": error_message})
except Exception:
error_message = '用户不存在!'
login_event_log(None, 4, '用户 [{}] 不存在'.format(username), request.META.get('REMOTE_ADDR', None), request.META.get('HTTP_USER_AGENT', None))
return JsonResponse({"code": 403, "err": error_message})
if user.password == hash_code(oldpassword):
data = {'password': hash_code(newpasswd)}
User.objects.filter(username=username).update(**data)
login_event_log(user, 5, '用户 [{}] 修改密码成功'.format(user.username), request.META.get('REMOTE_ADDR', None), request.META.get('HTTP_USER_AGENT', None))
return JsonResponse({"code": 200, "err": ""})
else:
error_message = '当前密码错误!'
login_event_log(user, 4, '用户 [{}] 当前密码错误'.format(user.username), request.META.get('REMOTE_ADDR', None), request.META.get('HTTP_USER_AGENT', None))
return JsonResponse({"code": 404, "err": error_message})
else:
error_message = '请检查填写的内容!'
user = User.objects.get(username=request.session.get('username'))
login_event_log(user, 4, '修改密码表单验证错误', request.META.get('REMOTE_ADDR', None), request.META.get('HTTP_USER_AGENT', None))
return JsonResponse({"code": 406, "err": error_message})
def lockscreen(request):
if request.method == 'GET':
try:
request.session['locked'] = True # 锁定屏幕
if 'referer_url' not in request.session:
referer_url = request.META.get('HTTP_REFERER',
reverse('server:index'))
request.session['referer_url'] = referer_url
except Exception:
pass
return render(request, 'user/lockscreen.html')
elif request.method == 'POST':
try:
password = request.POST.get('password', None)
if password:
user = User.objects.get(pk=request.session['userid'])
if user.password == hash_code(password):
request.session['locked'] = False
return_url = request.session.get('referer_url',
reverse('server:index'))
try:
del request.session['referer_url']
except Exception:
pass
return redirect(return_url)
else:
return render(request, 'user/lockscreen.html',
{'error_message': '请输入正确的密码'})
else:
return render(request, 'user/lockscreen.html',
{'error_message': '请输入密码'})
except Exception:
pass
return redirect(reverse('user:lockscreen'))
def main():
# 使用django配置文件进行设置
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'devops.settings')
# 让django初始化
import django
django.setup()
from user.models import User
from util.tool import hash_code
print('初始化开始...')
username = '******'
nickname = '超级管理员'
password = hash_code('123456')
email = '*****@*****.**'
sex = 'male'
enabled = True
role = 1
if User.objects.filter(username=username).count() > 0:
print('已存在 {} 账号,无需初始化,退出...'.format(username))
else:
user = User()
user.username = username
user.nickname = nickname
user.password = password
user.email = email
user.sex = sex
user.enabled = enabled
user.role = role
user.save()
print('已创建账号:{0},密码:{1}'.format(username, password))
print('初始化结束...')
def login(request):
if request.session.get('islogin', None): # 不允许重复登录
return redirect(reverse('server:index'))
if request.method == "POST":
login_form = LoginForm(request.POST)
error_message = '请检查填写的内容!'
if login_form.is_valid():
username = login_form.cleaned_data.get('username')
password = login_form.cleaned_data.get('password')
try:
user = User.objects.get(username=username)
if not user.enabled:
error_message = '用户已禁用!'
event_log(user, 3, '用户 [{}] 已禁用'.format(username),
request.META.get('REMOTE_ADDR', None),
request.META.get('HTTP_USER_AGENT', None))
return render(request, 'user/login.html', locals())
except Exception:
error_message = '用户不存在!'
event_log(None, 3, '用户 [{}] 不存在'.format(username),
request.META.get('REMOTE_ADDR', None),
request.META.get('HTTP_USER_AGENT', None))
return render(request, 'user/login.html', locals())
# if user.password == password:
if user.password == hash_code(password):
data = {'last_login_time': timezone.now()}
User.objects.filter(username=username).update(**data)
request.session.set_expiry(0)
request.session['issuperuser'] = False
if user.role == 1: # 超级管理员
request.session['issuperuser'] = True
request.session['islogin'] = True
request.session['userid'] = user.id
request.session['username'] = user.username
request.session['nickname'] = user.nickname
request.session['locked'] = False # 锁定屏幕
now = int(time.time())
request.session['logintime'] = now
request.session['lasttime'] = now
event_log(user, 1, '用户 [{}] 登陆成功'.format(username),
request.META.get('REMOTE_ADDR', None),
request.META.get('HTTP_USER_AGENT', None))
return redirect(reverse('server:index'))
else:
error_message = '密码错误!'
event_log(user, 3, '用户 [{}] 密码错误'.format(username),
request.META.get('REMOTE_ADDR', None),
request.META.get('HTTP_USER_AGENT', None))
return render(request, 'user/login.html', locals())
else:
event_log(None, 3, '登陆表单验证错误',
request.META.get('REMOTE_ADDR', None),
request.META.get('HTTP_USER_AGENT', None))
return render(request, 'user/login.html', locals())
return render(request, 'user/login.html')
def login(request):
if request.session.get('islogin', None): # 不允许重复登录
return redirect(reverse('assets:index'))
if request.method == "POST":
login_form = LoginForm(request.POST)
error_message = '请检查填写的内容!'
if login_form.is_valid():
username = login_form.cleaned_data.get('username')
password = login_form.cleaned_data.get('password')
try:
user = User.objects.get(username=username)
if user.status == 1:
error_message = '用户已禁用!'
login_event_log(user, 3, '用户 {} 已禁用'.format(username),
request.META.get('REMOTE_ADDR', None),
request.META.get('HTTP_USER_AGENT', None))
return render(request, 'login/login.html', locals())
except BaseException:
error_message = '用户不存在!'
login_event_log(None, 3, '用户 {} 不存在'.format(username),
request.META.get('REMOTE_ADDR', None),
request.META.get('HTTP_USER_AGENT', None))
return render(request, 'login/login.html', locals())
if user.password == hash_code(password):
request.session.set_expiry(0)
request.session['islogin'] = True
request.session['userid'] = user.id
request.session['username'] = user.username
request.session['nickname'] = user.nickname
now = int(time.time())
request.session['logintime'] = now
request.session['lasttime'] = now
login_event_log(user, 1, '用户 {} 登陆成功'.format(username),
request.META.get('REMOTE_ADDR', None),
request.META.get('HTTP_USER_AGENT', None))
return redirect(reverse('assets:index'))
else:
error_message = '密码错误!'
login_event_log(user, 3, '用户 {} 密码错误'.format(username),
request.META.get('REMOTE_ADDR', None),
request.META.get('HTTP_USER_AGENT', None))
return render(request, 'login/login.html', locals())
else:
login_event_log(None, 3, '登陆表单验证错误',
request.META.get('REMOTE_ADDR', None),
request.META.get('HTTP_USER_AGENT', None))
return render(request, 'login/login.html', locals())
return render(request, 'login/login.html')
def main():
# 使用django配置文件进行设置
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'devops.settings')
# 让django初始化
import django
django.setup()
from user.models import User
from server.models import RemoteUser, RemoteUserBindHost
from util.tool import hash_code
from util.crypto import encrypt
print('初始化开始...')
username = '******'
nickname = '超级管理员'
password = hash_code('123456')
email = '*****@*****.**'
sex = 'male'
enabled = True
role = 1
if User.objects.filter(username=username).count() > 0:
print('已存在 {} 账号,无需初始化,退出...'.format(username))
else:
user = User()
user.username = username
user.nickname = nickname
user.password = password
user.email = email
user.sex = sex
user.enabled = enabled
user.role = role
user.save()
print('已创建管理员账号:root,密码:123456')
data = {
'username': '******',
'password': hash_code('123456'),
'nickname': '运维工程师',
'email': '*****@*****.**',
'sex': 'male',
'enabled': True,
'role': 2,
}
User.objects.create(**data)
print('已创建普通账号:leffss,密码:123456')
data = {
'name': '通用root账号',
'username': '******',
'password': encrypt('123456'),
'enabled': False,
}
remote_user = RemoteUser.objects.create(**data)
print('已创建远程账号:root,密码:123456')
hosts = {
'k8s1': '192.168.223.111',
'k8s2': '192.168.223.112',
'k8s3': '192.168.223.113',
'k8s4': '192.168.223.114',
'k8s5': '192.168.223.115',
'k8s6': '192.168.223.116',
'k8s7': '192.168.223.117',
'k8s8': '192.168.223.118',
}
for k, v in hosts.items():
data = {
'hostname': k,
'type': 6,
'ip': v,
'protocol': 1,
'env': 2,
'platform': 1,
'port': 22,
'release': 'CentOS 7',
'remote_user': remote_user
}
RemoteUserBindHost.objects.create(**data)
print('已创建远程主机:{}_{}'.format(k, v))
print('初始化结束...')
def user_add(request):
adduser_form = AddUserForm(request.POST)
if adduser_form.is_valid():
log_user = request.session.get('username')
username = adduser_form.cleaned_data.get('username')
newpasswd = adduser_form.cleaned_data.get('newpasswd')
newpasswdagain = adduser_form.cleaned_data.get('newpasswdagain')
if newpasswd != newpasswdagain:
error_message = '两次密码不一致!'
return JsonResponse({"code": 400, "err": error_message})
nickname = adduser_form.cleaned_data.get('nickname')
email = adduser_form.cleaned_data.get('email')
phone = adduser_form.cleaned_data.get('phone')
weixin = adduser_form.cleaned_data.get('weixin')
qq = adduser_form.cleaned_data.get('qq')
sex = adduser_form.cleaned_data.get('sex')
memo = adduser_form.cleaned_data.get('memo')
enabled = adduser_form.cleaned_data.get('enabled')
role = adduser_form.cleaned_data.get('role')
groups = adduser_form.cleaned_data.get('groups')
if groups:
try:
groups = [int(group) for group in groups.split(',')]
except Exception:
error_message = '请检查填写的内容!'
return JsonResponse({"code": 401, "err": error_message})
else:
groups = None
hosts = adduser_form.cleaned_data.get('hosts')
if hosts:
try:
hosts = [int(host) for host in hosts.split(',')]
except Exception:
error_message = '请检查填写的内容!'
return JsonResponse({"code": 401, "err": error_message})
else:
hosts = None
data = {
'username': username,
'password': hash_code(newpasswd),
'nickname': nickname,
'email': email,
'phone': phone,
'weixin': weixin,
'qq': qq,
'sex': sex,
'memo': memo,
'enabled': enabled,
'role': role,
}
try:
if User.objects.filter(username=username).count() > 0:
error_message = '用户名已存在'
return JsonResponse({"code": 402, "err": error_message})
user = User.objects.get(username=log_user)
update_user = User.objects.create(**data)
if groups: # 更新组多对多字段
update_groups = Group.objects.filter(id__in=groups)
update_user.groups.set(update_groups)
else:
update_user.groups.clear()
if hosts: # 更新主机多对多字段
update_hosts = RemoteUserBindHost.objects.filter(id__in=hosts)
update_user.remote_user_bind_hosts.set(update_hosts)
else:
update_user.remote_user_bind_hosts.clear()
update_user.save()
login_event_log(user, 6, '用户 [{}] 添加成功'.format(update_user.username), request.META.get('REMOTE_ADDR', None), request.META.get('HTTP_USER_AGENT', None))
return JsonResponse({"code": 200, "err": ""})
except Exception:
# print(traceback.format_exc())
error_message = '未知错误!'
return JsonResponse({"code": 403, "err": error_message})
else:
error_message = '请检查填写的内容!'
return JsonResponse({"code": 404, "err": error_message})
