Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(bk-login): support local login #1302

Merged
merged 26 commits into from
Nov 2, 2023
Merged
Show file tree
Hide file tree
Changes from 19 commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
0d9c37e
feat(bk-login): support local login
nannan00 Oct 16, 2023
7992dec
ci: github action for idp plugin
nannan00 Oct 16, 2023
b78875a
fix: ignore idp plugin symlinks file
nannan00 Oct 16, 2023
844c6d1
ci: git ignore idp plugin links
nannan00 Oct 16, 2023
30b54f9
ci: github action for idp plugins
nannan00 Oct 16, 2023
ab88e15
fix: load idp plugin in diff project
nannan00 Oct 16, 2023
7d9ea96
Merge remote-tracking branch 'blueking/ft_tenant' into ft_bk_login
nannan00 Oct 18, 2023
eab26b6
fix(bklogin): fix csrftoken verify
nannan00 Oct 23, 2023
31a116d
Merge remote-tracking branch 'blueking/ft_tenant' into ft_bk_login
nannan00 Oct 23, 2023
b1155ce
fix(docker): fix dockerfile about copy idp_plugin dir
nannan00 Oct 23, 2023
2e9abb7
Merge remote-tracking branch 'blueking/ft_tenant' into ft_bk_login
nannan00 Oct 23, 2023
5bdc383
refactor(bklogin): modify url
nannan00 Oct 24, 2023
63f6fe4
feat(bklogin): add wecom idp plugin
nannan00 Oct 24, 2023
4f7ba44
refactor(bklogin): bk_token\wecom
nannan00 Oct 25, 2023
cfd68db
fix(bklogin): modify plugin register
nannan00 Oct 25, 2023
6cb5fd8
fix: bkuser test
nannan00 Oct 25, 2023
aec8bed
fix: mypy
nannan00 Oct 26, 2023
f70043a
fix: mypy
nannan00 Oct 26, 2023
dfd9282
refactor(bklogin): plugin exception
nannan00 Oct 26, 2023
a49eb9b
fix: cr
nannan00 Oct 26, 2023
3140600
fix: unittest
nannan00 Oct 26, 2023
8971c74
feat(bklogin): adjust error message tips
nannan00 Oct 27, 2023
8a02faf
Merge remote-tracking branch 'blueking/ft_tenant' into ft_bk_login
nannan00 Oct 27, 2023
b20f789
fix: cr
nannan00 Oct 28, 2023
41a84dd
fix: cr
nannan00 Nov 2, 2023
cd5b9d4
fix: rebase merge
nannan00 Nov 2, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 9 additions & 1 deletion .github/workflows/bk-user.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,10 @@ jobs:
uses: actions/setup-python@v2
with:
python-version: "3.10"
- name: create idp plugin symbolic link
run: |
ln -s $(pwd)/src/idp-plugins/idp_plugins $(pwd)/src/bk-login/bklogin
ln -s $(pwd)/src/idp-plugins/idp_plugins $(pwd)/src/bk-user/bkuser
- name: Format with black
run: |
pip install black==23.7.0 click==8.1.6
Expand All @@ -28,7 +32,7 @@ jobs:
ruff src/bk-user --config=src/bk-user/pyproject.toml
- name: Lint with mypy
run: |
pip install mypy==1.5.1 types-requests==2.31.0.2 types-setuptools==57.4.18 types-dataclasses==0.1.7 types-redis==3.5.18 types-PyMySQL==1.1.0.1 types-six==0.1.9 types-toml==0.1.5 types-pytz==2023.3.0.0 types-urllib3==1.26.25.14
pip install mypy==1.6.1 types-requests==2.31.0.2 types-setuptools==57.4.18 types-dataclasses==0.1.7 types-redis==3.5.18 types-PyMySQL==1.1.0.1 types-six==0.1.9 types-toml==0.1.5 types-pytz==2023.3.0.0 types-urllib3==1.26.25.14
mypy src/bk-user --config-file=src/bk-user/pyproject.toml
test:
strategy:
Expand All @@ -52,6 +56,10 @@ jobs:
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: create idp plugin symbolic link
run: |
ln -s $(pwd)/src/idp-plugins/idp_plugins $(pwd)/src/bk-login/bklogin
ln -s $(pwd)/src/idp-plugins/idp_plugins $(pwd)/src/bk-user/bkuser
- name: Set up Poetry
uses: abatilo/actions-poetry@v2.3.0
with:
Expand Down
4 changes: 4 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -217,3 +217,7 @@ pre_commit_hooks
cliff.toml
.codecc
.idea

# igonre symlinks
src/bk-user/bkuser/idp_plugins
src/bk-login/bklogin/idp_plugins
70 changes: 68 additions & 2 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,20 +11,41 @@ repos:
- id: debug-statements
- id: detect-private-key
- id: end-of-file-fixer
exclude: ^(src/pages/|src/bk-login/pages)
- id: trailing-whitespace
exclude: ^(src/pages/|src/bk-login/pages)
- repo: local
hooks:
- id: Name check
name: Check sensitive info of name
verbose: true
language: system
entry: bash -c "if [[ -d pre_commit_hooks ]]; then pre_commit_hooks/rtx.sh $@; fi"
exclude: ^(.*/\.env|.*/poetry\.lock|.*/pyproject\.toml|src/bk-user/logs|src/pages/node_modules/)
exclude: >
(?x)^(
.*/\.env|
.*/poetry\.lock|
.*/pyproject\.toml|
src/bk-user/logs|
src/pages/node_modules/
)$
- id: IP check
name: Check sensitive info of ip
verbose: true
language: system
exclude: ^(.*/\.env|.*/poetry\.lock|.*/pyproject\.toml|\.github/workflows/bk-user.yml|src/bk-user/logs|src/pages/node_modules/)
exclude: >
(?x)^(
.*/\.env|
.*/poetry\.lock|
.*/pyproject\.toml|
\.github/workflows/bk-user.yml|
src/bk-user/logs|src/pages/node_modules/|
src/bk-login/pages/src/views/components/protocol.vue|
src/pages/static/bk_icon_font/iconcool.json|
src/pages/static/bk_icon_font/iconcool.js|
src/pages/paas-server/index.js|
src/bk-login/pages/paas-server/index.js
)$
entry: bash -c "if [[ -d pre_commit_hooks ]]; then pre_commit_hooks/ip.sh $@; fi"
- repo: local
hooks:
Expand All @@ -51,3 +72,48 @@ repos:
require_serial: true
language: system
entry: bash -c "cd src/bk-user && lint-imports"
- repo: local
hooks:
- id: black
name: black
language: python
types: [python]
entry: black --config=src/bk-login/pyproject.toml
files: src/bk-login/
- id: ruff
name: ruff
language: python
types: [python]
entry: ruff --config=src/bk-login/pyproject.toml --force-exclude --fix
files: src/bk-login/
- id: mypy
name: mypy
language: python
types: [python]
entry: mypy --config-file=src/bk-login/pyproject.toml
files: src/bk-login/
- id: import-linter
name: import-linter
require_serial: true
language: system
entry: bash -c "cd src/bk-login && lint-imports"
- repo: local
hooks:
- id: black
name: black
language: python
types: [python]
entry: black --config=src/idp-plugins/pyproject.toml
files: src/idp-plugins/
- id: ruff
name: ruff
language: python
types: [python]
entry: ruff --config=src/idp-plugins/pyproject.toml --force-exclude --fix
files: src/bk-login/
- id: mypy
name: mypy
language: python
types: [python]
entry: mypy --config-file=src/idp-plugins/pyproject.toml
files: src/idp-plugins/
40 changes: 40 additions & 0 deletions src/bk-login/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
FROM node:18.17.1-bullseye-slim AS StaticBuilding
ENV NPM_VERSION 9.6.7

COPY src/bk-login/pages /
WORKDIR /
RUN npm install
RUN npm run build

FROM python:3.10.12-slim-bullseye
USER root

RUN rm /etc/apt/sources.list && \
echo "deb https://mirrors.tencent.com/debian bullseye main" >> /etc/apt/sources.list && \
echo "deb https://mirrors.tencent.com/debian-security bullseye-security main" >> /etc/apt/sources.list && \
echo "deb https://mirrors.tencent.com/debian bullseye-updates main" >> /etc/apt/sources.list

RUN mkdir ~/.pip && printf '[global]\nindex-url = https://mirrors.tencent.com/pypi/simple/' > ~/.pip/pip.conf

RUN apt-get update && apt-get install -y default-libmysqlclient-dev build-essential pkg-config

ENV LC_ALL=C.UTF-8 \
LANG=C.UTF-8

RUN pip install --upgrade pip setuptools
RUN pip install poetry==1.5.1

WORKDIR /app
COPY src/bk-login/pyproject.toml /app
COPY src/bk-login/poetry.lock /app
RUN poetry config virtualenvs.create false && poetry install --only main
nannan00 marked this conversation as resolved.
Show resolved Hide resolved

COPY src/bk-login/bklogin /app/bklogin
COPY src/bk-login/bin /app/bin
COPY src/bk-login/manage.py /app
COPY src/idp-plugins/idp_plugins /app/bklogin/idp_plugins

COPY --from=StaticBuilding /dist /app/staticfiles
COPY --from=StaticBuilding /dist/index.html /app/templates/index.html

CMD ["bash", "/app/bin/start.sh"]
4 changes: 4 additions & 0 deletions src/bk-login/bin/start.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
#!/bin/bash

LISTEN_PORT="${PORT:=8000}"
gunicorn bklogin.wsgi -w 8 --threads 2 --max-requests 1024 --max-requests-jitter 50 --worker-class gevent -b [::]:$LISTEN_PORT --access-logfile - --error-logfile - --access-logformat '[%(h)s] %({request_id}i)s %(u)s %(t)s "%(r)s" %(s)s %(D)s %(b)s "%(f)s" "%(a)s"'
10 changes: 10 additions & 0 deletions src/bk-login/bklogin/authentication/__init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# -*- coding: utf-8 -*-
"""
TencentBlueKing is pleased to support the open source community by making 蓝鲸智云-用户管理(Bk-User) available.
Copyright (C) 2017-2021 THL A29 Limited, a Tencent company. All rights reserved.
Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
You may obtain a copy of the License at http://opensource.org/licenses/MIT
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
specific language governing permissions and limitations under the License.
"""
54 changes: 54 additions & 0 deletions src/bk-login/bklogin/authentication/api_views.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
# -*- coding: utf-8 -*-
"""
TencentBlueKing is pleased to support the open source community by making 蓝鲸智云-用户管理(Bk-User) available.
Copyright (C) 2017-2021 THL A29 Limited, a Tencent company. All rights reserved.
Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
You may obtain a copy of the License at http://opensource.org/licenses/MIT
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
specific language governing permissions and limitations under the License.
"""
from django.conf import settings
from django.utils.translation import gettext_lazy as _
from django.views.generic import View

from bklogin.bkuser.models import TenantUser
from bklogin.common.error_codes import error_codes
from bklogin.common.response import APISuccessResponse

from .manager import BkTokenManager


class CheckTokenApi(View):
nannan00 marked this conversation as resolved.
Show resolved Hide resolved
def get(self, request, *args, **kwargs):
bk_token = request.GET.get(settings.BK_TOKEN_COOKIE_NAME)

ok, username, msg = BkTokenManager().is_bk_token_valid(bk_token)
if not ok:
raise error_codes.VALIDATION_ERROR.f(msg)

return APISuccessResponse({"bk_username": username})


class GetUserApi(View):
def get(self, request, *args, **kwargs):
bk_token = request.GET.get(settings.BK_TOKEN_COOKIE_NAME)

ok, username, msg = BkTokenManager().is_bk_token_valid(bk_token)
if not ok:
raise error_codes.VALIDATION_ERROR.f(msg)

user = TenantUser.objects.filter(id=username).first()
if not user:
raise error_codes.OBJECT_NOT_FOUND.f(_("用户({})查询不到").format(username))

return APISuccessResponse(
{
"bk_username": username,
"tenant_id": user.tenant_id,
"full_name": user.data_source_user.full_name,
"source_username": user.data_source_user.username,
"language": user.language,
"time_zone": user.time_zone,
}
)
16 changes: 16 additions & 0 deletions src/bk-login/bklogin/authentication/apps.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
## -*- coding: utf-8 -*-
"""
TencentBlueKing is pleased to support the open source community by making 蓝鲸智云-用户管理(Bk-User) available.
Copyright (C) 2017-2021 THL A29 Limited, a Tencent company. All rights reserved.
Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
You may obtain a copy of the License at http://opensource.org/licenses/MIT
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
specific language governing permissions and limitations under the License.
"""
from django.apps import AppConfig


class AuthenticationConfig(AppConfig):
default_auto_field = "django.db.models.BigAutoField"
name = "bklogin.authentication"
15 changes: 15 additions & 0 deletions src/bk-login/bklogin/authentication/constants.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# -*- coding: utf-8 -*-
"""
TencentBlueKing is pleased to support the open source community by making 蓝鲸智云-用户管理(Bk-User) available.
Copyright (C) 2017-2021 THL A29 Limited, a Tencent company. All rights reserved.
Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
You may obtain a copy of the License at http://opensource.org/licenses/MIT
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
specific language governing permissions and limitations under the License.
"""
REDIRECT_FIELD_NAME = "c_url"

SIGN_IN_TENANT_ID_SESSION_KEY = "sign_in_tenant_id"

ALLOWED_SIGN_IN_TENANT_USER_IDS_SESSION_KEY = "allowed_sign_in_tenant_user_ids"
Loading
Loading