diff --git a/cmdb-api/api/lib/perm/acl/audit.py b/cmdb-api/api/lib/perm/acl/audit.py index 1682e36..ed2bb99 100644 --- a/cmdb-api/api/lib/perm/acl/audit.py +++ b/cmdb-api/api/lib/perm/acl/audit.py @@ -376,7 +376,7 @@ class AuditCRUD(object): origin=origin, current=current, extra=extra, source=source.value) @classmethod - def add_login_log(cls, username, is_ok, description, _id=None, logout_at=None): + def add_login_log(cls, username, is_ok, description, _id=None, logout_at=None, ip=None, browser=None): if _id is not None: existed = AuditLoginLog.get_by_id(_id) if existed is not None: @@ -387,8 +387,8 @@ class AuditCRUD(object): is_ok=is_ok, description=description, logout_at=logout_at, - ip=request.headers.get('X-Real-IP') or request.remote_addr, - browser=request.headers.get('User-Agent'), + ip=ip or request.headers.get('X-Real-IP') or request.remote_addr, + browser=browser or request.headers.get('User-Agent'), channel=request.values.get('channel', 'web'), ) diff --git a/cmdb-api/api/views/acl/login.py b/cmdb-api/api/views/acl/login.py index f2fd246..d1669ce 100644 --- a/cmdb-api/api/views/acl/login.py +++ b/cmdb-api/api/views/acl/login.py @@ -1,7 +1,6 @@ # -*- coding:utf-8 -*- import datetime - import jwt import six from flask import abort @@ -17,10 +16,12 @@ from api.lib.decorator import args_required from api.lib.decorator import args_validate from api.lib.perm.acl.acl import ACLManager from api.lib.perm.acl.audit import AuditCRUD +from api.lib.perm.acl.cache import AppCache from api.lib.perm.acl.cache import RoleCache from api.lib.perm.acl.cache import User from api.lib.perm.acl.cache import UserCache from api.lib.perm.acl.resp_format import ErrFormat +from api.lib.perm.acl.role import RoleRelationCRUD from api.lib.perm.auth import auth_abandoned from api.lib.perm.auth import auth_with_app_token from api.models.acl import Role @@ -124,10 +125,17 @@ class AuthWithKeyView(APIView): if not user.get('username'): user['username'] = user.get('name') - return self.jsonify(user=user, - authenticated=authenticated, - rid=role and role.id, - can_proxy=can_proxy) + result = dict(user=user, + authenticated=authenticated, + rid=role and role.id, + can_proxy=can_proxy) + + if request.values.get('need_parentRoles') in current_app.config.get('BOOL_TRUE'): + app_id = AppCache.get(request.values.get('app_id')) + parent_ids = RoleRelationCRUD.recursive_parent_ids(role and role.id, app_id and app_id.id) + result['user']['parentRoles'] = [RoleCache.get(rid).name for rid in set(parent_ids) if RoleCache.get(rid)] + + return self.jsonify(result) class AuthWithTokenView(APIView): @@ -184,6 +192,8 @@ class LogoutView(APIView): def post(self): logout_user() - AuditCRUD.add_login_log(None, None, None, _id=session.get('LOGIN_ID'), logout_at=datetime.datetime.now()) + AuditCRUD.add_login_log(None, None, None, + _id=session.get('LOGIN_ID') or request.values.get('LOGIN_ID'), + logout_at=datetime.datetime.now()) self.jsonify(code=200) diff --git a/cmdb-api/api/views/acl/user.py b/cmdb-api/api/views/acl/user.py index fcf8a6a..51bcca5 100644 --- a/cmdb-api/api/views/acl/user.py +++ b/cmdb-api/api/views/acl/user.py @@ -11,6 +11,7 @@ from flask_login import current_user from api.lib.decorator import args_required from api.lib.decorator import args_validate from api.lib.perm.acl.acl import ACLManager +from api.lib.perm.acl.acl import AuditCRUD from api.lib.perm.acl.acl import role_required from api.lib.perm.acl.cache import AppCache from api.lib.perm.acl.cache import UserCache @@ -48,6 +49,13 @@ class GetUserInfoView(APIView): role=dict(permissions=user_info.get('parents')), avatar=user_info.get('avatar')) + if request.values.get('channel'): + _id = AuditCRUD.add_login_log(name, True, ErrFormat.login_succeed, + ip=request.values.get('ip'), + browser=request.values.get('browser')) + session['LOGIN_ID'] = _id + result['LOGIN_ID'] = _id + current_app.logger.info("get user info for3: {}".format(result)) return self.jsonify(result=result)