def user_add_success_next(user): subject = _('Create account successfully') recipient_list = [user.email] message = _(""" Hello %(name)s: </br> Your account has been created successfully </br> <a href="%(rest_password_url)s?token=%(rest_password_token)s">click here to set your password</a> </br> This link is valid for 1 hour. After it expires, <a href="%(forget_password_url)s?email=%(email)s">request new one</a> </br> --- </br> <a href="%(login_url)s">Login direct</a> </br> """) % { 'name': user.name, 'rest_password_url': reverse('users:reset-password', external=True), 'rest_password_token': user.generate_reset_token(), 'forget_password_url': reverse('users:forgot-password', external=True), 'email': user.email, 'login_url': reverse('users:login', external=True), } send_mail_async.delay(subject, message, recipient_list, html_message=message)
def send_reset_password_mail(user): subject = _('Reset password') recipient_list = [user.email] message = _(""" Hello %(name)s: <br> Please click the link below to reset your password, if not your request, concern your account security <br> <a href="%(rest_password_url)s?token=%(rest_password_token)s">Click here reset password</a> <br> This link is valid for 1 hour. After it expires, <a href="%(forget_password_url)s?email=%(email)s">request new one</a> <br> --- <br> <a href="%(login_url)s">Login direct</a> <br> """) % { 'name': user.name, 'rest_password_url': reverse('users:reset-password', external=True), 'rest_password_token': user.generate_reset_token(), 'forget_password_url': reverse('users:forgot-password', external=True), 'email': user.email, 'login_url': reverse('authentication:login', external=True), } if settings.DEBUG: logger.debug(message) send_mail_async.delay(subject, message, recipient_list, html_message=message)
def construct_user_created_email_body(user): default_body = _(""" <link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css"> <p style="text-indent:2em;"> <span> Username: %(username)s. </span> <span> <a href="%(rest_password_url)s?token=%(rest_password_token)s">click here to set your password</a> </span> <span> This link is valid for 1 hour. After it expires, <a href="%(forget_password_url)s?email=%(email)s">request new one</a> </span> <span> <a href="%(login_url)s">Login direct</a> </span> </p> """) % { 'username': user.username, 'rest_password_url': reverse('users:reset-password', external=True), 'rest_password_token': user.generate_reset_token(), 'forget_password_url': reverse('users:forgot-password', external=True), 'email': user.email, 'login_url': reverse('authentication:login', external=True), } if settings.EMAIL_CUSTOM_USER_CREATED_BODY: custom_body = '<p style="text-indent:2em">' + settings.EMAIL_CUSTOM_USER_CREATED_BODY + '</p>' else: custom_body = '' body = custom_body + default_body return body
def _get_response_data_of_need_confirm(self, acl): ticket = LoginAssetACL.create_login_asset_confirm_ticket( user=self.serializer.user, asset=self.serializer.asset, system_user=self.serializer.system_user, assignees=acl.reviewers.all(), org_id=self.serializer.org.id ) confirm_status_url = reverse( view_name='api-acls:login-asset-confirm-status', kwargs={'pk': str(ticket.id)} ) ticket_detail_url = reverse( view_name='api-tickets:ticket-detail', kwargs={'pk': str(ticket.id)}, external=True, api_to_ui=True ) ticket_detail_url = '{url}?type={type}'.format(url=ticket_detail_url, type=ticket.type) ticket_assignees = ticket.current_node.first().ticket_assignees.all() data = { 'check_confirm_status': {'method': 'GET', 'url': confirm_status_url}, 'close_confirm': {'method': 'DELETE', 'url': confirm_status_url}, 'ticket_detail_url': ticket_detail_url, 'reviewers': [str(ticket_assignee.assignee) for ticket_assignee in ticket_assignees] } return data
def get_html_msg(self) -> dict: user = self.user subject = str(settings.EMAIL_CUSTOM_USER_CREATED_SUBJECT) honorific = str(settings.EMAIL_CUSTOM_USER_CREATED_HONORIFIC) content = str(settings.EMAIL_CUSTOM_USER_CREATED_BODY) context = { 'honorific': honorific, 'content': content, 'user': user, 'rest_password_url': reverse('authentication:reset-password', external=True), 'rest_password_token': user.generate_reset_token(), 'forget_password_url': reverse('authentication:forgot-password', external=True), 'login_url': reverse('authentication:login', external=True), } message = render_to_string('users/_msg_user_created.html', context) return {'subject': subject, 'message': message}
def user_add_success_next(user): subject = _('帐号创建成功') recipient_list = [user.email] message = _(""" 您好 %(name)s: </br> 您的帐号已经创建成功。 </br> <a href="%(rest_password_url)s?token=%(rest_password_token)s">点击些链接设置登录密码</a> </br> 此链接一小时内有效, 已经失效? <a href="%(forget_password_url)s?email=%(email)s">重新发起请求</a> </br> --- </br> <a href="%(login_url)s">登录</a> </br> """) % { 'name': user.name, 'rest_password_url': reverse('users:reset-password', external=True), 'rest_password_token': user.generate_reset_token(), 'forget_password_url': reverse('users:forgot-password', external=True), 'email': user.email, 'login_url': reverse('users:login', external=True) } send_mail_async.delay(subject, message, recipient_list, html_message=message)
def get_response_data(ticket): confirm_status_url = reverse( view_name='api-assets:command-confirm-status', kwargs={'pk': str(ticket.id)}) ticket_detail_url = reverse(view_name='api-tickets:ticket-detail', kwargs={'pk': str(ticket.id)}, external=True, api_to_ui=True) ticket_detail_url = '{url}?type={type}'.format(url=ticket_detail_url, type=ticket.type) ticket_assignees = ticket.current_node.first().ticket_assignees.all() return { 'check_confirm_status': { 'method': 'GET', 'url': confirm_status_url }, 'close_confirm': { 'method': 'DELETE', 'url': confirm_status_url }, 'ticket_detail_url': ticket_detail_url, 'reviewers': [ str(ticket_assignee.assignee) for ticket_assignee in ticket_assignees ] }
def login(self, request: Request, *args, **kwargs): """ 此接口违反了 `Restful` 的规范 `GET` 应该是安全的方法,但此接口是不安全的 """ authkey = request.query_params.get(AUTH_KEY) next_url = request.query_params.get(NEXT_URL) if not next_url or not next_url.startswith('/'): next_url = reverse('index') try: authkey = UUID(authkey) token = SSOToken.objects.get(authkey=authkey, expired=False) # 先过期,只能访问这一次 token.expired = True token.save() except (ValueError, SSOToken.DoesNotExist): self.send_auth_signal(success=False, reason='authkey_invalid') return HttpResponseRedirect(reverse('authentication:login')) # 判断是否过期 if (utcnow().timestamp() - token.date_created.timestamp() ) > settings.AUTH_SSO_AUTHKEY_TTL: self.send_auth_signal(success=False, reason='authkey_timeout') return HttpResponseRedirect(reverse('authentication:login')) user = token.user login(self.request, user, 'authentication.backends.api.SSOAuthentication') self.send_auth_signal(success=True, user=user) return HttpResponseRedirect(next_url)
def send_user_created_mail(user): subject = _('Create account successfully') recipient_list = [user.email] message = _(""" Hello %(name)s: </br> Your account has been created successfully </br> <a href="%(rest_password_url)s?token=%(rest_password_token)s">click here to set your password</a> </br> This link is valid for 1 hour. After it expires, <a href="%(forget_password_url)s?email=%(email)s">request new one</a> </br> --- </br> <a href="%(login_url)s">Login direct</a> </br> """) % { 'name': user.name, 'rest_password_url': reverse('users:reset-password', external=True), 'rest_password_token': user.generate_reset_token(), 'forget_password_url': reverse('users:forgot-password', external=True), 'email': user.email, 'login_url': reverse('users:login', external=True), } if settings.DEBUG: print(message) send_mail_async.delay(subject, message, recipient_list, html_message=message)
def send_reset_password_mail(user): subject = _('Reset password') recipient_list = [user.email] message = _(""" Hello %(name)s: </br> Please click the link below to reset your password, if not your request, concern your account security </br> <a href="%(rest_password_url)s?token=%(rest_password_token)s">Click here reset password</a> </br> This link is valid for 1 hour. After it expires, <a href="%(forget_password_url)s?email=%(email)s">request new one</a> </br> --- </br> <a href="%(login_url)s">Login direct</a> </br> """) % { 'name': user.name, 'rest_password_url': reverse('users:reset-password', external=True), 'rest_password_token': user.generate_reset_token(), 'forget_password_url': reverse('users:forgot-password', external=True), 'email': user.email, 'login_url': reverse('users:login', external=True), } if settings.DEBUG: logger.debug(message) send_mail_async.delay(subject, message, recipient_list, html_message=message)
def get_html_msg(self) -> dict: user = self.user subject = _('Reset password') message = _(""" Hello %(name)s: <br> Please click the link below to reset your password, if not your request, concern your account security <br> <a href="%(rest_password_url)s?token=%(rest_password_token)s">Click here reset password</a> <br> This link is valid for 1 hour. After it expires, <a href="%(forget_password_url)s?email=%(email)s">request new one</a> <br> --- <br> <a href="%(login_url)s">Login direct</a> <br> """) % { 'name': user.name, 'rest_password_url': reverse('authentication:reset-password', external=True), 'rest_password_token': self.reset_passwd_token, 'forget_password_url': reverse('authentication:forgot-password', external=True), 'email': user.email, 'login_url': reverse('authentication:login', external=True), } return {'subject': subject, 'message': message}
def construct_user_created_email_body(user): default_body = _(""" <div> <p>Your account has been created successfully</p> <div> Username: %(username)s <br/> Password: <a href="%(rest_password_url)s?token=%(rest_password_token)s"> click here to set your password</a> (This link is valid for 1 hour. After it expires, <a href="%(forget_password_url)s?email=%(email)s">request new one</a>) </div> <div> <p>---</p> <a href="%(login_url)s">Login direct</a> </div> </div> """) % { 'username': user.username, 'rest_password_url': reverse('users:reset-password', external=True), 'rest_password_token': user.generate_reset_token(), 'forget_password_url': reverse('users:forgot-password', external=True), 'email': user.email, 'login_url': reverse('authentication:login', external=True), } if settings.EMAIL_CUSTOM_USER_CREATED_BODY: custom_body = '<p style="text-indent:2em">' + settings.EMAIL_CUSTOM_USER_CREATED_BODY + '</p>' else: custom_body = '' body = custom_body + default_body return body
def get_html_msg(self) -> dict: user = self.user subject = _('Password is about expire') date_password_expired_local = timezone.localtime( user.date_password_expired) update_password_url = urljoin( settings.SITE_URL, '/ui/#/users/profile/?activeTab=PasswordUpdate') date_password_expired = date_password_expired_local.strftime( '%Y-%m-%d %H:%M:%S') context = { 'name': user.name, 'date_password_expired': date_password_expired, 'update_password_url': update_password_url, 'forget_password_url': reverse('authentication:forgot-password', external=True), 'email': user.email, 'login_url': reverse('authentication:login', external=True), } message = render_to_string('users/_msg_password_expire_reminder.html', context) return {'subject': subject, 'message': message}
def redirect_user_first_login_or_index(request, redirect_field_name): if request.user.is_first_login: return reverse('users:user-first-login') url_in_post = request.POST.get(redirect_field_name) if url_in_post: return url_in_post url_in_get = request.GET.get(redirect_field_name, reverse('index')) return url_in_get
def get_html_msg(self) -> dict: user = self.user subject = _('Reset password') context = { 'user': user, 'rest_password_url': reverse('authentication:reset-password', external=True), 'rest_password_token': self.reset_passwd_token, 'forget_password_url': reverse('authentication:forgot-password', external=True), 'login_url': reverse('authentication:login', external=True), } message = render_to_string('authentication/_msg_reset_password.html', context) return { 'subject': subject, 'message': message }
def redirect_user_first_login_or_index(request, redirect_field_name): if request.user.is_first_login: print('redirect_user_first_login_or_index') return reverse('users:user-first-login') url_in_post = request.POST.get(redirect_field_name) if url_in_post: print('=' * 100) print('url_in_post=', url_in_post) print('=' * 100) return url_in_post url_in_get = request.GET.get(redirect_field_name, reverse('index')) print('*' * 100) print('url_in_get=', url_in_get) print('*' * 100) return url_in_get
def send_command_alert_mail(command): session_obj = Session.objects.get(id=command['session']) subject = _("Insecure Command Alert: [%(name)s->%(login_from)s@%(remote_addr)s] $%(command)s") % { 'name': command['user'], 'login_from': session_obj.get_login_from_display(), 'remote_addr': session_obj.remote_addr, 'command': command['input'] } recipient_list = settings.SECURITY_INSECURE_COMMAND_EMAIL_RECEIVER.split(',') message = _(""" Command: %(command)s <br> Asset: %(host_name)s (%(host_ip)s) <br> User: %(user)s <br> Level: %(risk_level)s <br> Session: <a href="%(session_detail_url)s">session detail</a> <br> """) % { 'command': command['input'], 'host_name': command['asset'], 'host_ip': session_obj.asset_obj.ip, 'user': command['user'], 'risk_level': Command.get_risk_level_str(command['risk_level']), 'session_detail_url': reverse('api-terminal:session-detail', kwargs={'pk': command['session']}, external=True, api_to_ui=True), } logger.debug(message) send_mail_async.delay(subject, message, recipient_list, html_message=message)
def get_html_msg(self) -> dict: command = self.command with tmp_to_root_org(): session = Session.objects.get(id=command['session']) session_detail_url = reverse('api-terminal:session-detail', kwargs={'pk': command['session']}, external=True, api_to_ui=True) message = _(""" Command: %(command)s <br> Asset: %(hostname)s (%(host_ip)s) <br> User: %(user)s <br> Level: %(risk_level)s <br> Session: <a href="%(session_detail_url)s?oid=%(oid)s">session detail</a> <br> """) % { 'command': command['input'], 'hostname': command['asset'], 'host_ip': session.asset_obj.ip, 'user': command['user'], 'risk_level': Command.get_risk_level_str(command['risk_level']), 'session_detail_url': session_detail_url, 'oid': session.org_id } return {'subject': self.subject, 'message': message}
def get_html_msg(self) -> dict: command = self.command assets_with_url = [] for asset in command['assets']: url = reverse('assets:asset-detail', kwargs={'pk': asset.id}, api_to_ui=True, external=True) + '?oid={}'.format(asset.org_id) assets_with_url.append([asset, url]) level = Command.get_risk_level_str(command['risk_level']) items = { _("User"): command['user'], _("Level"): level, _("Date"): local_now_display(), } context = { 'items': items, 'assets_with_url': assets_with_url, 'command': command['input'], } message = render_to_string('terminal/_msg_command_execute_alert.html', context) return {'subject': self.subject, 'message': message}
def _get_message(self): command = self.command session_obj = Session.objects.get(id=command['session']) message = _(""" Command: %(command)s <br> Asset: %(host_name)s (%(host_ip)s) <br> User: %(user)s <br> Level: %(risk_level)s <br> Session: <a href="%(session_detail_url)s">session detail</a> <br> """) % { 'command': command['input'], 'host_name': command['asset'], 'host_ip': session_obj.asset_obj.ip, 'user': command['user'], 'risk_level': Command.get_risk_level_str(command['risk_level']), 'session_detail_url': reverse('api-terminal:session-detail', kwargs={'pk': command['session']}, external=True, api_to_ui=True), } return message
def redirect_user_first_login_or_index(request, redirect_field_name): url = request.POST.get(redirect_field_name) if not url: url = request.GET.get(redirect_field_name) # 防止 next 地址为 None if not url or url.lower() in ['none']: url = reverse('index') return url
def send_password_expiration_reminder_mail(user): subject = _('Security notice') recipient_list = [user.email] message = _(""" Hello %(name)s: </br> Your password will expire in %(date_password_expired)s, </br> For your account security, please click on the link below to update your password in time </br> <a href="%(update_password_url)s">Click here update password</a> </br> If your password has expired, please click <a href="%(forget_password_url)s?email=%(email)s">Password expired</a> to apply for a password reset email. </br> --- </br> <a href="%(login_url)s">Login direct</a> </br> """) % { 'name': user.name, 'date_password_expired': datetime.fromtimestamp(datetime.timestamp( user.date_password_expired)).strftime('%Y-%m-%d %H:%M'), 'update_password_url': reverse('users:user-password-update', external=True), 'forget_password_url': reverse('users:forgot-password', external=True), 'email': user.email, 'login_url': reverse('users:login', external=True), } if settings.DEBUG: logger.debug(message) send_mail_async.delay(subject, message, recipient_list, html_message=message)
def get_html_msg(self) -> dict: subject = _('Reset MFA') context = { 'name': self.user.name, 'url': reverse('authentication:user-otp-enable-start', external=True), } message = render_to_string('users/_msg_reset_mfa.html', context) return {'subject': subject, 'message': message}
def send_password_expiration_reminder_mail(user): subject = _('Security notice') recipient_list = user.email message = loader.render_to_string( 'mail/send_password_expiration_reminder_mail.html', { 'name': user.name, 'date_password_expired': datetime.fromtimestamp(datetime.timestamp( user.date_password_expired)).strftime('%Y-%m-%d %H:%M'), 'update_password_url': reverse('users:user-password-update', external=True), 'forget_password_url': reverse('users:forgot-password', external=True), 'email': user.email, 'login_url': reverse('authentication:login', external=True), } ) if settings.DEBUG: logger.debug(message) send_ses_email.delay(RECIPIENT=recipient_list, SUBJECT=subject, BODY_TEXT=message, BODY_HTML=message)
def get_html_msg(self) -> dict: user = self.user subject = _('Security notice') message = _(""" Hello %(name)s: <br> Your password will expire in %(date_password_expired)s, <br> For your account security, please click on the link below to update your password in time <br> <a href="%(update_password_url)s">Click here update password</a> <br> If your password has expired, please click <a href="%(forget_password_url)s?email=%(email)s">Password expired</a> to apply for a password reset email. <br> --- <br> <a href="%(login_url)s">Login direct</a> <br> """) % { 'name': user.name, 'date_password_expired': datetime.fromtimestamp( datetime.timestamp( user.date_password_expired)).strftime('%Y-%m-%d %H:%M'), 'update_password_url': self.update_password_url, 'forget_password_url': reverse('authentication:forgot-password', external=True), 'email': user.email, 'login_url': reverse('authentication:login', external=True), } return {'subject': subject, 'message': message}
def send_user_created_mail(user): subject = _('Create account successfully') recipient_list = [user.email] message = _(""" Hello %(name)s: </br> Your account has been created successfully </br> Username: %(username)s </br> <a href="%(rest_password_url)s?token=%(rest_password_token)s">If you have forgotten your password, please click here to reset it.</a> </br> This link is valid for 1 hour. After it expires, <a href="%(forget_password_url)s?email=%(email)s">request new one</a> </br> --- </br> <a href="%(login_url)s">Login direct</a> </br> """) % { 'name': user.name, 'username': user.username, 'rest_password_url': reverse('users:reset-password', external=True), 'rest_password_token': user.generate_reset_token(), 'forget_password_url': reverse('users:forgot-password', external=True), 'email': user.email, 'login_url': reverse('users:login', external=True), } if settings.DEBUG: try: print(message) except OSError: pass send_mail_async.delay(subject, message, recipient_list, html_message=message)
def send_reset_ssh_key_mail(user): subject = _('SSH Key Reset') recipient_list = user.email message = loader.render_to_string( 'mail/send_reset_ssh_key_mail.html', { 'name': user.name, 'login_url': reverse('authentication:login', external=True), } ) if settings.DEBUG: logger.debug(message) send_ses_email.delay(RECIPIENT=recipient_list, SUBJECT=subject, BODY_TEXT=message, BODY_HTML=message)
def send_password_expiration_reminder_mail(user): subject = _('Security notice') recipient_list = [user.email] message = _(""" Hello %(name)s: </br> Your password will expire in %(date_password_expired)s, </br> For your account security, please click on the link below to update your password in time </br> <a href="%(update_password_url)s">Click here update password</a> </br> If your password has expired, please click <a href="%(forget_password_url)s?email=%(email)s">Password expired</a> to apply for a password reset email. </br> --- </br> <a href="%(login_url)s">Login direct</a> </br> """) % { 'name': user.name, 'date_password_expired': datetime.fromtimestamp(datetime.timestamp( user.date_password_expired)).strftime('%Y-%m-%d %H:%M'), 'update_password_url': reverse('users:user-password-update', external=True), 'forget_password_url': reverse('users:forgot-password', external=True), 'email': user.email, 'login_url': reverse('authentication:login', external=True), } if settings.DEBUG: logger.debug(message) send_mail_async.delay(subject, message, recipient_list, html_message=message)
def get_html_msg(self) -> dict: user = self.user subject = _('Create account successfully') if settings.EMAIL_CUSTOM_USER_CREATED_SUBJECT: subject = settings.EMAIL_CUSTOM_USER_CREATED_SUBJECT honorific = settings.EMAIL_CUSTOM_USER_CREATED_HONORIFIC or _('Hello {}').format(user.name) signature = settings.EMAIL_CUSTOM_USER_CREATED_SIGNATURE or 'JumpServer' context = { 'honorific': honorific, 'signature': signature, 'username': user.username, 'rest_password_url': reverse('authentication:reset-password', external=True), 'rest_password_token': user.generate_reset_token(), 'forget_password_url': reverse('authentication:forgot-password', external=True), 'email': user.email, 'login_url': reverse('authentication:login', external=True), } message = render_to_string('users/_msg_user_created.html', context) return { 'subject': subject, 'message': message }
def get_html_msg(self) -> dict: user = self.user mail_context = { 'subject': str(settings.EMAIL_CUSTOM_USER_CREATED_SUBJECT), 'honorific': str(settings.EMAIL_CUSTOM_USER_CREATED_HONORIFIC), 'content': str(settings.EMAIL_CUSTOM_USER_CREATED_BODY) } user_info = { 'username': user.username, 'name': user.name, 'email': user.email } # 转换成 defaultdict,否则 format 时会报 KeyError user_info = defaultdict(str, **user_info) mail_context = { k: v.format_map(user_info) for k, v in mail_context.items() } context = { **mail_context, 'user': user, 'rest_password_url': reverse('authentication:reset-password', external=True), 'rest_password_token': user.generate_reset_token(), 'forget_password_url': reverse('authentication:forgot-password', external=True), 'login_url': reverse('authentication:login', external=True), } message = render_to_string('users/_msg_user_created.html', context) return {'subject': mail_context['subject'], 'message': message}
def get_html_msg(self) -> dict: subject = _('MFA Reset') message = _(""" Hello %(name)s: <br> Your MFA has been reset by site administrator. Please login and reset your MFA. <br> <a href="%(login_url)s">Login direct</a> <br> """) % { 'name': self.user.name, 'login_url': reverse('authentication:login', external=True), } return {'subject': subject, 'message': message}
def get_text_msg(self) -> dict: subject = _('SSH Key Reset') message = _(""" Hello %(name)s: Your ssh public key has been reset by site administrator. Please login and reset your ssh public key. Login direct 👇 %(login_url)s """) % { 'name': self.user.name, 'login_url': reverse('authentication:login', external=True), } return {'subject': subject, 'message': message}
def send_reset_ssh_key_mail(user): subject = _('SSH Key Reset') recipient_list = [user.email] message = _(""" Hello %(name)s: <br> Your ssh public key has been reset by site administrator. Please login and reset your ssh public key. <br> <a href="%(login_url)s">Login direct</a> <br> """) % { 'name': user.name, 'login_url': reverse('authentication:login', external=True), } if settings.DEBUG: logger.debug(message) send_mail_async.delay(subject, message, recipient_list, html_message=message)
def send_reset_ssh_key_mail(user): subject = _('SSH Key Reset') recipient_list = [user.email] message = _(""" Hello %(name)s: </br> Your ssh public key has been reset by site administrator. Please login and reset your ssh public key. </br> <a href="%(login_url)s">Login direct</a> </br> """) % { 'name': user.name, 'login_url': reverse('users:login', external=True), } if settings.DEBUG: logger.debug(message) send_mail_async.delay(subject, message, recipient_list, html_message=message)
def redirect_user_first_login_or_index(request, redirect_field_name): if request.user.is_first_login: return reverse('users:user-first-login') return request.POST.get( redirect_field_name, request.GET.get(redirect_field_name, reverse('index')))