mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-12-23 15:33:45 +00:00
Merge branch 'fix-autocapture' into 'dev'
fix: Fix autocapture See merge request re2o/re2o!623
This commit is contained in:
commit
8627c7d686
4 changed files with 32 additions and 25 deletions
|
@ -141,14 +141,10 @@ def authorize(data):
|
||||||
if not nas_type or nas_type.port_access_mode == "802.1X":
|
if not nas_type or nas_type.port_access_mode == "802.1X":
|
||||||
user = data.get("User-Name", "")
|
user = data.get("User-Name", "")
|
||||||
user = user.split("@", 1)[0]
|
user = user.split("@", 1)[0]
|
||||||
mac = data.get("Calling-Station-Id", "")
|
user = User.objects.filter(pseudo__iexact=user).first()
|
||||||
result, log, password = check_user_machine_and_register(nas_type, user, mac)
|
if not user:
|
||||||
logger.info(str(log))
|
return (False, "User unknown", "")
|
||||||
logger.info(str(user))
|
password = user.pwd_ntlm
|
||||||
|
|
||||||
if not result:
|
|
||||||
return radiusd.RLM_MODULE_REJECT
|
|
||||||
else:
|
|
||||||
return (
|
return (
|
||||||
radiusd.RLM_MODULE_UPDATED,
|
radiusd.RLM_MODULE_UPDATED,
|
||||||
(),
|
(),
|
||||||
|
@ -234,6 +230,14 @@ def post_auth(data):
|
||||||
return (radiusd.RLM_MODULE_REJECT, tuple(attributes), ())
|
return (radiusd.RLM_MODULE_REJECT, tuple(attributes), ())
|
||||||
|
|
||||||
else:
|
else:
|
||||||
|
user = data.get("User-Name", "")
|
||||||
|
user = user.split("@", 1)[0]
|
||||||
|
result, log, password = check_user_machine_and_register(nas_type, user, mac)
|
||||||
|
logger.info(str(log))
|
||||||
|
logger.info(str(user))
|
||||||
|
|
||||||
|
if not result:
|
||||||
|
return radiusd.RLM_MODULE_REJECT
|
||||||
return radiusd.RLM_MODULE_OK
|
return radiusd.RLM_MODULE_OK
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -110,7 +110,6 @@ class AuthorizeResponseSerializer(Serializer):
|
||||||
|
|
||||||
nas = NasSerializer(read_only=True)
|
nas = NasSerializer(read_only=True)
|
||||||
user = UserSerializer(read_only=True)
|
user = UserSerializer(read_only=True)
|
||||||
user_interface = InterfaceSerializer(read_only=True)
|
|
||||||
|
|
||||||
|
|
||||||
class PostAuthResponseSerializer(Serializer):
|
class PostAuthResponseSerializer(Serializer):
|
||||||
|
@ -123,6 +122,7 @@ class PostAuthResponseSerializer(Serializer):
|
||||||
port = PortSerializer()
|
port = PortSerializer()
|
||||||
port_profile = PortProfileSerializer(partial=True)
|
port_profile = PortProfileSerializer(partial=True)
|
||||||
switch = SwitchSerializer()
|
switch = SwitchSerializer()
|
||||||
|
user = UserSerializer(read_only=True)
|
||||||
user_interface = InterfaceSerializer()
|
user_interface = InterfaceSerializer()
|
||||||
radius_option = RadiusOptionSerializer()
|
radius_option = RadiusOptionSerializer()
|
||||||
EMAIL_STATE_UNVERIFIED = serializers.IntegerField()
|
EMAIL_STATE_UNVERIFIED = serializers.IntegerField()
|
||||||
|
|
|
@ -23,12 +23,12 @@ from . import views
|
||||||
|
|
||||||
urls_functional_view = [
|
urls_functional_view = [
|
||||||
(
|
(
|
||||||
r"radius/authorize/(?P<nas_id>[^/]+)/(?P<username>.+)/(?P<mac_address>[^/]{17})$",
|
r"radius/authorize/(?P<nas_id>[^/]+)/(?P<username>.+)$",
|
||||||
views.authorize,
|
views.authorize,
|
||||||
None,
|
None,
|
||||||
),
|
),
|
||||||
(
|
(
|
||||||
r"radius/post_auth/(?P<nas_id>[^/]+)/(?P<nas_port>.+)/(?P<user_mac>[^/]{17})$",
|
r"radius/post_auth/(?P<nas_id>[^/]+)/(?P<nas_port>.+)/(?P<user_mac>[^/]{17})/(?P<username>.+)$",
|
||||||
views.post_auth,
|
views.post_auth,
|
||||||
None,
|
None,
|
||||||
),
|
),
|
||||||
|
|
|
@ -37,10 +37,9 @@ from re2o.acl import can_view_all_api, can_edit_all_api, can_create_api
|
||||||
class AuthorizeResponse:
|
class AuthorizeResponse:
|
||||||
"""Contains objects the radius needs for the Authorize step"""
|
"""Contains objects the radius needs for the Authorize step"""
|
||||||
|
|
||||||
def __init__(self, nas, user, user_interface):
|
def __init__(self, nas, user):
|
||||||
self.nas = nas
|
self.nas = nas
|
||||||
self.user = user
|
self.user = user
|
||||||
self.user_interface = user_interface
|
|
||||||
|
|
||||||
def can_view(self, user):
|
def can_view(self, user):
|
||||||
"""Method to bypass api permissions, because we are using ACL decorators"""
|
"""Method to bypass api permissions, because we are using ACL decorators"""
|
||||||
|
@ -50,13 +49,12 @@ class AuthorizeResponse:
|
||||||
@api_view(["GET"])
|
@api_view(["GET"])
|
||||||
@login_required
|
@login_required
|
||||||
@can_view_all_api(Interface, Domain, IpList, Nas, User)
|
@can_view_all_api(Interface, Domain, IpList, Nas, User)
|
||||||
def authorize(request, nas_id, username, mac_address):
|
def authorize(request, nas_id, username):
|
||||||
"""Return objects the radius needs for the Authorize step
|
"""Return objects the radius needs for the Authorize step
|
||||||
|
|
||||||
Parameters:
|
Parameters:
|
||||||
nas_id (string): NAS name or ipv4
|
nas_id (string): NAS name or ipv4
|
||||||
username (string): username of the user who is trying to connect
|
username (string): username of the user who is trying to connect
|
||||||
mac_address (string): mac address of the device which is trying to connect
|
|
||||||
|
|
||||||
Return:
|
Return:
|
||||||
AuthorizeResponse: contains all required informations
|
AuthorizeResponse: contains all required informations
|
||||||
|
@ -74,11 +72,8 @@ def authorize(request, nas_id, username, mac_address):
|
||||||
# If no username was provided (wired connection), username="None"
|
# If no username was provided (wired connection), username="None"
|
||||||
user = User.objects.filter(pseudo__iexact=username).first()
|
user = User.objects.filter(pseudo__iexact=username).first()
|
||||||
|
|
||||||
# get the interface which is trying to connect (if already created)
|
|
||||||
user_interface = Interface.objects.filter(mac_address=mac_address).first()
|
|
||||||
|
|
||||||
serialized = serializers.AuthorizeResponseSerializer(
|
serialized = serializers.AuthorizeResponseSerializer(
|
||||||
AuthorizeResponse(nas_type, user, user_interface)
|
AuthorizeResponse(nas_type, user)
|
||||||
)
|
)
|
||||||
|
|
||||||
return Response(data=serialized.data)
|
return Response(data=serialized.data)
|
||||||
|
@ -94,6 +89,7 @@ class PostAuthResponse:
|
||||||
port,
|
port,
|
||||||
port_profile,
|
port_profile,
|
||||||
switch,
|
switch,
|
||||||
|
user,
|
||||||
user_interface,
|
user_interface,
|
||||||
radius_option,
|
radius_option,
|
||||||
EMAIL_STATE_UNVERIFIED,
|
EMAIL_STATE_UNVERIFIED,
|
||||||
|
@ -105,6 +101,7 @@ class PostAuthResponse:
|
||||||
self.port = port
|
self.port = port
|
||||||
self.port_profile = port_profile
|
self.port_profile = port_profile
|
||||||
self.switch = switch
|
self.switch = switch
|
||||||
|
self.user = user
|
||||||
self.user_interface = user_interface
|
self.user_interface = user_interface
|
||||||
self.radius_option = radius_option
|
self.radius_option = radius_option
|
||||||
self.EMAIL_STATE_UNVERIFIED = EMAIL_STATE_UNVERIFIED
|
self.EMAIL_STATE_UNVERIFIED = EMAIL_STATE_UNVERIFIED
|
||||||
|
@ -119,13 +116,14 @@ class PostAuthResponse:
|
||||||
@api_view(["GET"])
|
@api_view(["GET"])
|
||||||
@login_required
|
@login_required
|
||||||
@can_view_all_api(Interface, Domain, IpList, Nas, Switch, Port, User)
|
@can_view_all_api(Interface, Domain, IpList, Nas, Switch, Port, User)
|
||||||
def post_auth(request, nas_id, nas_port, user_mac):
|
def post_auth(request, nas_id, nas_port, user_mac, username):
|
||||||
"""Return objects the radius needs for the Post-Auth step
|
"""Return objects the radius needs for the Post-Auth step
|
||||||
|
|
||||||
Parameters:
|
Parameters:
|
||||||
nas_id (string): NAS name or ipv4
|
nas_id (string): NAS name or ipv4
|
||||||
nas_port (string): NAS port from wich the request came. Work with Cisco, HP and Juniper convention
|
nas_port (string): NAS port from wich the request came. Work with Cisco, HP and Juniper convention
|
||||||
user_mac (string): mac address of the device which is trying to connect
|
user_mac (string): mac address of the device which is trying to connect
|
||||||
|
username (string): username of the user who is trying to connect
|
||||||
|
|
||||||
Return:
|
Return:
|
||||||
PostAuthResponse: contains all required informations
|
PostAuthResponse: contains all required informations
|
||||||
|
@ -172,6 +170,10 @@ def post_auth(request, nas_id, nas_port, user_mac):
|
||||||
if port:
|
if port:
|
||||||
port_profile = port.get_port_profile
|
port_profile = port.get_port_profile
|
||||||
|
|
||||||
|
# get the User corresponding to the username in the URL
|
||||||
|
# If no username was provided (wired connection), username="None"
|
||||||
|
user = User.objects.filter(pseudo__iexact=username).first()
|
||||||
|
|
||||||
# get the interface which is trying to connect (if already created)
|
# get the interface which is trying to connect (if already created)
|
||||||
user_interface = (
|
user_interface = (
|
||||||
Interface.objects.filter(mac_address=user_mac)
|
Interface.objects.filter(mac_address=user_mac)
|
||||||
|
@ -202,6 +204,7 @@ def post_auth(request, nas_id, nas_port, user_mac):
|
||||||
port,
|
port,
|
||||||
port_profile,
|
port_profile,
|
||||||
switch,
|
switch,
|
||||||
|
user,
|
||||||
user_interface,
|
user_interface,
|
||||||
radius_option,
|
radius_option,
|
||||||
EMAIL_STATE_UNVERIFIED,
|
EMAIL_STATE_UNVERIFIED,
|
||||||
|
|
Loading…
Reference in a new issue