mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-05 17:36:27 +00:00
Merge branch 'fix-autocapture' into 'dev'
fix: Fix autocapture See merge request re2o/re2o!623
This commit is contained in:
commit
8627c7d686
4 changed files with 32 additions and 25 deletions
|
@ -141,19 +141,15 @@ def authorize(data):
|
|||
if not nas_type or nas_type.port_access_mode == "802.1X":
|
||||
user = data.get("User-Name", "")
|
||||
user = user.split("@", 1)[0]
|
||||
mac = data.get("Calling-Station-Id", "")
|
||||
result, log, password = check_user_machine_and_register(nas_type, user, mac)
|
||||
logger.info(str(log))
|
||||
logger.info(str(user))
|
||||
|
||||
if not result:
|
||||
return radiusd.RLM_MODULE_REJECT
|
||||
else:
|
||||
return (
|
||||
radiusd.RLM_MODULE_UPDATED,
|
||||
(),
|
||||
((str("NT-Password"), str(password)),),
|
||||
)
|
||||
user = User.objects.filter(pseudo__iexact=user).first()
|
||||
if not user:
|
||||
return (False, "User unknown", "")
|
||||
password = user.pwd_ntlm
|
||||
return (
|
||||
radiusd.RLM_MODULE_UPDATED,
|
||||
(),
|
||||
((str("NT-Password"), str(password)),),
|
||||
)
|
||||
|
||||
else:
|
||||
return (radiusd.RLM_MODULE_UPDATED, (), (("Auth-Type", "Accept"),))
|
||||
|
@ -234,6 +230,14 @@ def post_auth(data):
|
|||
return (radiusd.RLM_MODULE_REJECT, tuple(attributes), ())
|
||||
|
||||
else:
|
||||
user = data.get("User-Name", "")
|
||||
user = user.split("@", 1)[0]
|
||||
result, log, password = check_user_machine_and_register(nas_type, user, mac)
|
||||
logger.info(str(log))
|
||||
logger.info(str(user))
|
||||
|
||||
if not result:
|
||||
return radiusd.RLM_MODULE_REJECT
|
||||
return radiusd.RLM_MODULE_OK
|
||||
|
||||
|
||||
|
|
|
@ -110,7 +110,6 @@ class AuthorizeResponseSerializer(Serializer):
|
|||
|
||||
nas = NasSerializer(read_only=True)
|
||||
user = UserSerializer(read_only=True)
|
||||
user_interface = InterfaceSerializer(read_only=True)
|
||||
|
||||
|
||||
class PostAuthResponseSerializer(Serializer):
|
||||
|
@ -123,6 +122,7 @@ class PostAuthResponseSerializer(Serializer):
|
|||
port = PortSerializer()
|
||||
port_profile = PortProfileSerializer(partial=True)
|
||||
switch = SwitchSerializer()
|
||||
user = UserSerializer(read_only=True)
|
||||
user_interface = InterfaceSerializer()
|
||||
radius_option = RadiusOptionSerializer()
|
||||
EMAIL_STATE_UNVERIFIED = serializers.IntegerField()
|
||||
|
|
|
@ -23,12 +23,12 @@ from . import views
|
|||
|
||||
urls_functional_view = [
|
||||
(
|
||||
r"radius/authorize/(?P<nas_id>[^/]+)/(?P<username>.+)/(?P<mac_address>[^/]{17})$",
|
||||
r"radius/authorize/(?P<nas_id>[^/]+)/(?P<username>.+)$",
|
||||
views.authorize,
|
||||
None,
|
||||
),
|
||||
(
|
||||
r"radius/post_auth/(?P<nas_id>[^/]+)/(?P<nas_port>.+)/(?P<user_mac>[^/]{17})$",
|
||||
r"radius/post_auth/(?P<nas_id>[^/]+)/(?P<nas_port>.+)/(?P<user_mac>[^/]{17})/(?P<username>.+)$",
|
||||
views.post_auth,
|
||||
None,
|
||||
),
|
||||
|
|
|
@ -37,10 +37,9 @@ from re2o.acl import can_view_all_api, can_edit_all_api, can_create_api
|
|||
class AuthorizeResponse:
|
||||
"""Contains objects the radius needs for the Authorize step"""
|
||||
|
||||
def __init__(self, nas, user, user_interface):
|
||||
def __init__(self, nas, user):
|
||||
self.nas = nas
|
||||
self.user = user
|
||||
self.user_interface = user_interface
|
||||
|
||||
def can_view(self, user):
|
||||
"""Method to bypass api permissions, because we are using ACL decorators"""
|
||||
|
@ -50,13 +49,12 @@ class AuthorizeResponse:
|
|||
@api_view(["GET"])
|
||||
@login_required
|
||||
@can_view_all_api(Interface, Domain, IpList, Nas, User)
|
||||
def authorize(request, nas_id, username, mac_address):
|
||||
def authorize(request, nas_id, username):
|
||||
"""Return objects the radius needs for the Authorize step
|
||||
|
||||
Parameters:
|
||||
nas_id (string): NAS name or ipv4
|
||||
username (string): username of the user who is trying to connect
|
||||
mac_address (string): mac address of the device which is trying to connect
|
||||
|
||||
Return:
|
||||
AuthorizeResponse: contains all required informations
|
||||
|
@ -74,11 +72,8 @@ def authorize(request, nas_id, username, mac_address):
|
|||
# If no username was provided (wired connection), username="None"
|
||||
user = User.objects.filter(pseudo__iexact=username).first()
|
||||
|
||||
# get the interface which is trying to connect (if already created)
|
||||
user_interface = Interface.objects.filter(mac_address=mac_address).first()
|
||||
|
||||
serialized = serializers.AuthorizeResponseSerializer(
|
||||
AuthorizeResponse(nas_type, user, user_interface)
|
||||
AuthorizeResponse(nas_type, user)
|
||||
)
|
||||
|
||||
return Response(data=serialized.data)
|
||||
|
@ -94,6 +89,7 @@ class PostAuthResponse:
|
|||
port,
|
||||
port_profile,
|
||||
switch,
|
||||
user,
|
||||
user_interface,
|
||||
radius_option,
|
||||
EMAIL_STATE_UNVERIFIED,
|
||||
|
@ -105,6 +101,7 @@ class PostAuthResponse:
|
|||
self.port = port
|
||||
self.port_profile = port_profile
|
||||
self.switch = switch
|
||||
self.user = user
|
||||
self.user_interface = user_interface
|
||||
self.radius_option = radius_option
|
||||
self.EMAIL_STATE_UNVERIFIED = EMAIL_STATE_UNVERIFIED
|
||||
|
@ -119,13 +116,14 @@ class PostAuthResponse:
|
|||
@api_view(["GET"])
|
||||
@login_required
|
||||
@can_view_all_api(Interface, Domain, IpList, Nas, Switch, Port, User)
|
||||
def post_auth(request, nas_id, nas_port, user_mac):
|
||||
def post_auth(request, nas_id, nas_port, user_mac, username):
|
||||
"""Return objects the radius needs for the Post-Auth step
|
||||
|
||||
Parameters:
|
||||
nas_id (string): NAS name or ipv4
|
||||
nas_port (string): NAS port from wich the request came. Work with Cisco, HP and Juniper convention
|
||||
user_mac (string): mac address of the device which is trying to connect
|
||||
username (string): username of the user who is trying to connect
|
||||
|
||||
Return:
|
||||
PostAuthResponse: contains all required informations
|
||||
|
@ -172,6 +170,10 @@ def post_auth(request, nas_id, nas_port, user_mac):
|
|||
if port:
|
||||
port_profile = port.get_port_profile
|
||||
|
||||
# get the User corresponding to the username in the URL
|
||||
# If no username was provided (wired connection), username="None"
|
||||
user = User.objects.filter(pseudo__iexact=username).first()
|
||||
|
||||
# get the interface which is trying to connect (if already created)
|
||||
user_interface = (
|
||||
Interface.objects.filter(mac_address=user_mac)
|
||||
|
@ -202,6 +204,7 @@ def post_auth(request, nas_id, nas_port, user_mac):
|
|||
port,
|
||||
port_profile,
|
||||
switch,
|
||||
user,
|
||||
user_interface,
|
||||
radius_option,
|
||||
EMAIL_STATE_UNVERIFIED,
|
||||
|
|
Loading…
Reference in a new issue