Re-develop the Jumpserver user authentication module and invoke the independent authentication interface (i.)

I. Overview

Jumpserver uses Python's Django framework development, so there are two main things to do:

1, the development of their own certification background

An authentication daemon is a class that implements the following two methods : Get_user (ID) and authenticate (**credentials).

The Get_user method returns a user object with the parameter ID either a username or a database ID.

method Authenticate (**credentials) can use a password, token, or an existing authentication interface to implement authentication and return the user object. If the user model of your authentication backend is not inherited from the abstractuser of the Django self-certified backend , each user also needs to create a corresponding Django user object so that it can continue to follow the other powerful features of the Django Authentication daemon.

2, the designated authentication background     

Django maintains a background list to check for authentication. When Django.contrib.auth.authenticate () is called, Django attempts to pass authentication to its authentication background. If the first authentication method fails, Django tries to authenticate the second, and so on, until the attempt is complete.

The authentication background list is specified in the Authentication_backends settings.

The following starts to implement the Jumpserver user authentication module two times development

Second, modify the Juser\models class User (Increase attribute according to your needs)

Class User (Abstractuser):

    User_role_choices = (
        (' SU ', ' SuperUser '),
        (' GA ', ' groupadmin '),
        (' CU ', ' commonuser '),
    )
    Name = models. Charfield (max_length=80)
    UUID = models. Charfield (max_length=100)
    Role = models. Charfield (max_length=2, choices=user_role_choices, default= ' CU ')
    Group = models. Manytomanyfield (UserGroup)
    Phone = models. Charfield (max_length=64, Null=true)
    Department = models. Charfield (max_length=255, Null=true)
    Ssh_key_pwd = models. Charfield (max_length=200)

Third, modify the setting1. Add Authentication interface URL Configuration

# Myauth Use SSO
Sso_url= ' http://192.168.40.133:8080 '
Django_auth_token = ' Xhiehiuxgey&nnhyauxermiuixtr^oqxt '

2, Authentication_backend (designated authentication background)

# Define Authentic Use Myauth
Authentication_backends= (

)

3, Installed_apps increase Myauth

installed_apps= ('Django.contrib.admin','Django.contrib.auth','Django.contrib.contenttypes','django.contrib.sessions','django.contrib.messages','Django.contrib.staticfiles','django.contrib.humanize','Django_crontab','Bootstrapform','Jumpserver','Juser','Jasset','jperm','Jlog', 'myauth' ,)

iv. Modification of Jumpserver urls.py

Urlpatterns = Patterns ('jumpserver.views',    #Examples:URL (r'^$','Index', name='Index'),    #URL (r ' ^api/user/$ ', ' Api_user '),URL (r'^skin_config/$','Skin_config', name='Skin_config'), URL (r  '^admin/login', 'admin_login', name='  Admin_login'), url (r'^admin/logout', ' Admin_logout ', Name='admin_logout'  ), URL (r'^exec_cmd/$','Exec_cmd', name='Exec_cmd'), url (r'^file/upload/$','Upload', name='File_upload'), url (r'^file/download/$','Download', name='File_download'), url (r'^setting','setting', name='setting'), url (r'^terminal/$','web_terminal', name='Terminal'), url (r'^juser/', Include ('Juser.urls')), url (r'^jasset/', Include ('Jasset.urls')), url (r'^jlog/', Include ('Jlog.urls')), url (r'^jperm/', Include ('Jperm.urls')), URL (r "   , include ('myauth.urls')),  )

v. Modify the original login module to allow admin to log on locally only1, jumpserver\view.py

defAdmin_login (Request):"""Login Interface"""Error="'    ifrequest.user.is_authenticated ():returnHttpresponseredirect (Reverse ('Index'))    ifRequest.method = ='GET':        returnRender_to_response ('login.html')    Else: Username= Request. Post.get ('username') Password= Request. Post.get ('Password')        if username = = 'admin'   andPassword:user= Authenticate (Username=username, Password=password)

2, modify the jumpserver\urls.py (see part Fourth) 3, modify the setting in the authentication background configuration

# Define Authentic Use Myauth
= (
' Myauth.myauth_backend. myauthbackend 'django.contrib.auth.backends.ModelBackend ',
)

Six, the authentication module code in the message content to remove the Web login password1, change the juser\user_api.py user_add_mail function, the message content to remove the Web login password

mail_msg = u"" "    Hi,%s        your user name:%s        your permissions:%s        your ssh key file password:%s        key:%s/juser/key/down/? uuid=%s        Description: Please log in to the springboard machine background download key, and then use the key to landing board machine!      "" "% (User.Name, User.username, User_role.get (user.role, u' Normal user '),           kwargs.get ('ssh_key_pwd'), URL, User.uuid)    Send_mail (Mail_title, Mail_msg, Mail_from, [User.email], fail_silently=false)

VII. Certification Background Writing

Re-develop the Jumpserver user authentication module and invoke the independent authentication interface (i.)