fix: minor

nannan00 · Nov 9, 2023 · c86f6ad · c86f6ad
1 parent abc5747
commit c86f6ad
Show file tree

Hide file tree

Showing 11 changed files with 123 additions and 44 deletions.
diff --git a/src/bk-login/bklogin/authentication/migrations/0001_initial.py b/src/bk-login/bklogin/authentication/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 3.2.21 on 2023-09-27 02:34
+# Generated by Django 3.2.21 on 2023-11-09 11:26
 
 from django.db import migrations, models
 
@@ -15,9 +15,14 @@ class Migration(migrations.Migration):
             name='BkToken',
             fields=[
                 ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
                 ('token', models.CharField(db_index=True, max_length=255, unique=True, verbose_name='登录票据')),
                 ('is_logout', models.BooleanField(default=False, verbose_name='票据是否已经执行过退出登录操作')),
                 ('inactive_expires_at', models.IntegerField(default=0, verbose_name='无操作失效时间戳')),
             ],
+            options={
+                'abstract': False,
+            },
         ),
     ]
diff --git a/src/bk-login/bklogin/authentication/models.py b/src/bk-login/bklogin/authentication/models.py
@@ -10,8 +10,10 @@
 """
 from django.db import models
 
+from bklogin.common.models import TimestampedModel
 
-class BkToken(models.Model):
+
+class BkToken(TimestampedModel):
     """
     登录票据
     """

diff --git a/src/bk-login/bklogin/authentication/urls.py b/src/bk-login/bklogin/authentication/urls.py
@@ -16,8 +16,10 @@
 urlpatterns = [
     # 登录入口
     path("", views.LoginView.as_view()),
+    # 登录小窗入口
+    path("plain/", views.LoginView.as_view()),
     # 前端页面（选择登录的用户）
-    path("pages/users", TemplateView.as_view(template_name="index.html")),
+    path("page/users/", TemplateView.as_view(template_name="index.html")),
     # ------------------------------------------ 租户 & 登录方式选择 ------------------------------------------
     # 租户配置
     path("tenant-global-settings/", views.TenantGlobalSettingRetrieveApi.as_view()),

diff --git a/src/bk-login/bklogin/authentication/views.py b/src/bk-login/bklogin/authentication/views.py
@@ -117,6 +117,8 @@ def get(self, request, *args, **kwargs):
         """
         tenant_id = kwargs["tenant_id"]
         data = bk_user_api.get_tenant(tenant_id)
+        if data is None:
+            raise error_codes.OBJECT_NOT_FOUND.f(f"租户 {tenant_id} 不存在", replace=True)
 
         return APISuccessResponse(data={"id": data["id"], "name": data["name"], "logo": data["logo"]})
 
@@ -331,7 +333,7 @@ def _dispatch_federation_idp_plugin(
             # 记录支持登录的租户用户
             request.session[ALLOWED_SIGN_IN_TENANT_USERS_SESSION_KEY] = tenant_users
             # 联邦认证则重定向到前端选择账号页面
-            return HttpResponseRedirect(redirect_to="pages/users")
+            return HttpResponseRedirect(redirect_to="page/users/")
 
         return self.wrap_plugin_error(
             plugin_error_context, plugin.dispatch_extension, action=action, http_method=http_method, request=request

diff --git a/src/bk-login/bklogin/common/error_codes.py b/src/bk-login/bklogin/common/error_codes.py
@@ -70,7 +70,7 @@ class ErrorCodes:
     NOT_SUPPORTED = ErrorCode(_("不支持"))
 
     # 调用外部系统API
-    REMOTE_REQUEST_ERROR = ErrorCode(_("调用外部系统API异常"))
+    REMOTE_REQUEST_ERROR = ErrorCode(_("调用系统API异常"))
 
 
 # 实例化一个全局对象

diff --git a/src/bk-login/bklogin/component/bk_user.py b/src/bk-login/bklogin/component/bk_user.py
@@ -9,20 +9,20 @@
 specific language governing permissions and limitations under the License.
 """
 import logging
-from typing import Any, Dict, List
+from typing import Any, Callable, Dict, List
 from urllib.parse import urljoin
 
 from django.conf import settings
 from requests.auth import HTTPBasicAuth
 
 from bklogin.common.error_codes import error_codes
 
-from .http import http_get, http_post
+from .http import HttpStatusCode, http_get, http_post
 
 logger = logging.getLogger(__name__)
 
 
-def _call_bk_user_api(http_func, url_path: str, **kwargs):
+def _call_bk_user_api(http_func, url_path: str, allow_error_status_func: Callable[[HttpStatusCode], bool], **kwargs):
     """调用用户管理接口"""
     url = urljoin(settings.BK_USER_API_URL, url_path)
     # 内部 API 认证
@@ -34,23 +34,28 @@ def _call_bk_user_api(http_func, url_path: str, **kwargs):
             "bk_user api failed, %s %s, kwargs: %s, error: %s", http_func.__name__, url, kwargs, resp_data["error"]
         )
         raise error_codes.REMOTE_REQUEST_ERROR.f(
-            f"request bk_user api fail! Request=[{http_func.__name__} {url} error={resp_data['error']}"
+            f"request bk_user api fail! Request=[{http_func.__name__} {url_path} error={resp_data['error']}"
         )
 
     # 对于预期内的状态码，这里不直接抛异常，直接返回
-    if status.is_success:
-        return resp_data["data"]
+    if allow_error_status_func(status) or status.is_success:
+        return resp_data
 
     error = resp_data.get("error")
     logger.error("bk_user api error,  %s %s, data: %s, error: %s", http_func.__name__, url, kwargs, error)
     raise error_codes.REMOTE_REQUEST_ERROR.f(
-        f"request bk_user api error! " f"Request=[{http_func.__name__} {url} Response[error={error}]"
+        f"request bk_user api error! " f"Request=[{http_func.__name__} {url_path} Response[error={error}]"
     )
 
 
+def _call_bk_user_api_20x(http_func, url_path: str, **kwargs):
+    """只允许20x的用户管理接口"""
+    return _call_bk_user_api(http_func, url_path, allow_error_status_func=lambda s: False, **kwargs)["data"]
+
+
 def get_global_setting() -> Dict[str, Any]:
     """获取全局配置"""
-    return _call_bk_user_api(http_get, "/api/v1/login/global-settings/")
+    return _call_bk_user_api_20x(http_get, "/api/v1/login/global-settings/")
 
 
 def list_tenant(tenant_ids: List[str] | None = None) -> List[Dict]:
@@ -59,27 +64,35 @@ def list_tenant(tenant_ids: List[str] | None = None) -> List[Dict]:
     if tenant_ids:
         params["tenant_ids"] = ",".join(tenant_ids)
 
-    return _call_bk_user_api(http_get, "/api/v1/login/tenants/", params=params)
+    return _call_bk_user_api_20x(http_get, "/api/v1/login/tenants/", params=params)
 
 
-def get_tenant(tenant_id: str) -> Dict:
+def get_tenant(tenant_id: str) -> Dict | None:
     """通过租户 ID 获取租户信息"""
-    return _call_bk_user_api(http_get, f"/api/v1/login/tenants/{tenant_id}/")
+    resp = _call_bk_user_api(
+        http_get,
+        f"/api/v1/login/tenants/{tenant_id}/",
+        allow_error_status_func=lambda s: s.is_not_found,
+    )
+    if resp.get("error"):
+        return None
+
+    return resp["data"]
 
 
 def list_idp(tenant_id: str) -> List[Dict]:
     """获取租户关联的认证源"""
-    return _call_bk_user_api(http_get, f"/api/v1/login/tenants/{tenant_id}/idps/")
+    return _call_bk_user_api_20x(http_get, f"/api/v1/login/tenants/{tenant_id}/idps/")
 
 
 def get_idp(idp_id: str) -> Dict:
     """获取IDP信息"""
-    return _call_bk_user_api(http_get, f"/api/v1/login/idps/{idp_id}/")
+    return _call_bk_user_api_20x(http_get, f"/api/v1/login/idps/{idp_id}/")
 
 
 def list_matched_tencent_user(tenant_id: str, idp_id: str, idp_users: List[Dict[str, Any]]) -> List[Dict[str, Any]]:
     """根据IDP用户查询匹配的租户用户"""
-    return _call_bk_user_api(
+    return _call_bk_user_api_20x(
         http_post,
         f"/api/v1/login/tenants/{tenant_id}/idps/{idp_id}/matched-tenant-users/",
         json={"idp_users": idp_users},
@@ -88,4 +101,4 @@ def list_matched_tencent_user(tenant_id: str, idp_id: str, idp_users: List[Dict[
 
 def get_tenant_user(tenant_user_id: str) -> Dict[str, Any]:
     """通过租户用户ID获取租户用户信息"""
-    return _call_bk_user_api(http_get, f"/api/v1/login/tenant-users/{tenant_user_id}/")
+    return _call_bk_user_api_20x(http_get, f"/api/v1/login/tenant-users/{tenant_user_id}/")
diff --git a/src/bk-login/bklogin/component/http.py b/src/bk-login/bklogin/component/http.py
@@ -10,7 +10,6 @@
 """
 import logging
 import time
-from functools import partial
 from typing import Dict, Tuple
 from urllib.parse import urlparse
 
@@ -161,15 +160,42 @@ def _http_request_only_20x(method: str, url: str, **kwargs) -> Tuple[bool, Dict]
 
 
 # 标准的 API 请求, JSON 响应
-http_get = partial(_http_request, "GET")
-http_post = partial(_http_request, "POST")
-http_put = partial(_http_request, "PUT")
-http_patch = partial(_http_request, "PATCH")
-http_delete = partial(_http_request, "DELETE")
+def http_get(url, **kwargs):
+    return _http_request(method="GET", url=url, **kwargs)
+
+
+def http_post(url, **kwargs):
+    return _http_request(method="POST", url=url, **kwargs)
+
+
+def http_put(url, **kwargs):
+    return _http_request(method="PUT", url=url, **kwargs)
+
+
+def http_patch(url, **kwargs):
+    return _http_request(method="PATCH", url=url, **kwargs)
+
+
+def http_delete(url, **kwargs):
+    return _http_request(method="DELETE", url=url, **kwargs)
+
 
 # 只允许 20x 的 API 请求，JSON响应
-http_get_20x = partial(_http_request_only_20x, "GET")
-http_post_20x = partial(_http_request_only_20x, "POST")
-http_put_20x = partial(_http_request_only_20x, "PUT")
-http_patch_20x = partial(_http_request_only_20x, "PATCH")
-http_delete_20x = partial(_http_request_only_20x, "DELETE")
+def http_get_20x(url, **kwargs):
+    return _http_request_only_20x(method="GET", url=url, **kwargs)
+
+
+def http_post_20x(url, **kwargs):
+    return _http_request_only_20x(method="POST", url=url, **kwargs)
+
+
+def http_put_20x(url, **kwargs):
+    return _http_request_only_20x(method="PUT", url=url, **kwargs)
+
+
+def http_patch_20x(url, **kwargs):
+    return _http_request_only_20x(method="PATCH", url=url, **kwargs)
+
+
+def http_delete_20x(url, **kwargs):
+    return _http_request_only_20x(method="DELETE", url=url, **kwargs)
diff --git a/src/bk-user/bkuser/apis/login/serializers.py b/src/bk-user/bkuser/apis/login/serializers.py
@@ -61,15 +61,15 @@ class IdpPluginOutputSLZ(serializers.Serializer):
 class IdpListOutputSLZ(serializers.Serializer):
     id = serializers.CharField(help_text="认证源 ID")
     name = serializers.CharField(help_text="认证源名称")
-    status = serializers.CharField(help_text="状态", choices=IdpStatus.get_choices())
+    status = serializers.ChoiceField(help_text="状态", choices=IdpStatus.get_choices())
     plugin = IdpPluginOutputSLZ(help_text="认证源插件")
 
 
 class IdpRetrieveOutputSLZ(serializers.Serializer):
     id = serializers.CharField(help_text="认证源 ID")
     name = serializers.CharField(help_text="认证源名称")
     owner_tenant_id = serializers.CharField(help_text="归属的租户 ID")
-    status = serializers.CharField(help_text="状态", choices=IdpStatus.get_choices())
+    status = serializers.ChoiceField(help_text="状态", choices=IdpStatus.get_choices())
 
     plugin = IdpPluginOutputSLZ(help_text="认证源插件")
     plugin_config = serializers.JSONField(help_text="认证源插件配置")

diff --git a/src/bk-user/bkuser/component/login.py b/src/bk-user/bkuser/component/login.py
@@ -34,7 +34,7 @@ def _call_login_api(http_func, url_path, **kwargs):
         }
     )
 
-    url = urljoin(settings.BK_LOGIN_URL, url_path)
+    url = urljoin(settings.BK_LOGIN_API_URL, url_path)
 
     ok, resp_data = http_func(url, **kwargs)
     if not ok:

diff --git a/src/bk-user/bkuser/settings.py b/src/bk-user/bkuser/settings.py
@@ -201,6 +201,8 @@
 BK_LOGIN_PLAIN_WINDOW_HEIGHT = env.int("BK_LOGIN_PLAIN_WINDOW_HEIGHT", default=415)
 # 登录回调地址参数Key
 BK_LOGIN_CALLBACK_URL_PARAM_KEY = env.str("BK_LOGIN_CALLBACK_URL_PARAM_KEY", default="c_url")
+# 登录API URL
+BK_LOGIN_API_URL = env.str("BK_LOGIN_API_URL", default="http://bk-login")
 
 # bk esb api url
 BK_COMPONENT_API_URL = env.str("BK_COMPONENT_API_URL")

diff --git a/src/idp-plugins/idp_plugins/http.py b/src/idp-plugins/idp_plugins/http.py
@@ -159,15 +159,42 @@ def _http_request_only_20x(method: str, url: str, **kwargs) -> Tuple[bool, Dict]
 
 
 # 标准的 API 请求, JSON 响应
-http_get = partial(_http_request, "GET")
-http_post = partial(_http_request, "POST")
-http_put = partial(_http_request, "PUT")
-http_patch = partial(_http_request, "PATCH")
-http_delete = partial(_http_request, "DELETE")
+def http_get(url, **kwargs):
+    return _http_request(method="GET", url=url, **kwargs)
+
+
+def http_post(url, **kwargs):
+    return _http_request(method="POST", url=url, **kwargs)
+
+
+def http_put(url, **kwargs):
+    return _http_request(method="PUT", url=url, **kwargs)
+
+
+def http_patch(url, **kwargs):
+    return _http_request(method="PATCH", url=url, **kwargs)
+
+
+def http_delete(url, **kwargs):
+    return _http_request(method="DELETE", url=url, **kwargs)
+
 
 # 只允许 20x 的 API 请求，JSON响应
-http_get_20x = partial(_http_request_only_20x, "GET")
-http_post_20x = partial(_http_request_only_20x, "POST")
-http_put_20x = partial(_http_request_only_20x, "PUT")
-http_patch_20x = partial(_http_request_only_20x, "PATCH")
-http_delete_20x = partial(_http_request_only_20x, "DELETE")
+def http_get_20x(url, **kwargs):
+    return _http_request_only_20x(method="GET", url=url, **kwargs)
+
+
+def http_post_20x(url, **kwargs):
+    return _http_request_only_20x(method="POST", url=url, **kwargs)
+
+
+def http_put_20x(url, **kwargs):
+    return _http_request_only_20x(method="PUT", url=url, **kwargs)
+
+
+def http_patch_20x(url, **kwargs):
+    return _http_request_only_20x(method="PATCH", url=url, **kwargs)
+
+
+def http_delete_20x(url, **kwargs):
+    return _http_request_only_20x(method="DELETE", url=url, **kwargs)