From d1ac9ec8eb3e54f1faabfd12e9140a5ee68a27b8 Mon Sep 17 00:00:00 2001
From: chapeau <corentin.canebier@student-cs.fr>
Date: Sat, 23 Oct 2021 11:54:01 +0200
Subject: [PATCH] fix autocapture

---
 auth.py | 61 +++++++++++++++++++++++++++++++++++----------------------
 1 file changed, 38 insertions(+), 23 deletions(-)

diff --git a/auth.py b/auth.py
index 5fbfce5..c2a174a 100644
--- a/auth.py
+++ b/auth.py
@@ -159,22 +159,16 @@ def authorize(data):
 
     nas_type = data_from_api["nas"]
     user = data_from_api["user"]
-    user_interface = data_from_api["user_interface"]
 
     if not nas_type or nas_type and nas_type["port_access_mode"] == "802.1X":
-        result, log, password = check_user_machine_and_register(
-            nas_type, user, user_interface, nas, username, mac)
-        logger.info(log.encode("utf-8"))
+        password = user.get("pwd_ntlm", "")
         logger.info(username.encode("utf-8"))
 
-        if not result:
-            return radiusd.RLM_MODULE_REJECT
-        else:
-            return (
-                radiusd.RLM_MODULE_UPDATED,
-                (),
-                ((str("NT-Password"), str(password)),),
-            )
+        return (
+            radiusd.RLM_MODULE_UPDATED,
+            (),
+            ((str("NT-Password"), str(password)),),
+        )
 
     else:
         return (radiusd.RLM_MODULE_UPDATED, (), (("Auth-Type", "Accept"),))
@@ -188,6 +182,9 @@ def post_auth(data):
     nas = data.get("NAS-IP-Address", data.get("NAS-Identifier", None))
     nas_port = data.get("NAS-Port-Id", data.get("NAS-Port", None))
     mac = data.get("Calling-Station-Id", None)
+    username = data.get("User-Name", "")
+    # For proxified request, split
+    username = username.split("@", 1)[0]
 
     # Get all required objects from API
     data_from_api = api_client().view(
@@ -197,9 +194,28 @@ def post_auth(data):
             urllib.parse.quote(mac or "None", safe="")
         ))
 
+    data_from_api2 = api_client().view(
+        "radius/authorize/{0}/{1}/{2}".format(
+            urllib.parse.quote(nas or "None", safe=""),
+            urllib.parse.quote(username or "None", safe=""),
+            urllib.parse.quote(mac or "None", safe="")
+        ))
+
     nas_type = data_from_api["nas"]
     port = data_from_api["port"]
     switch = data_from_api["switch"]
+    nas_type = data_from_api2["nas"]
+    user = data_from_api2["user"]
+    user_interface = data_from_api2["user_interface"]
+
+    result, log = check_user_machine_and_register(
+            nas_type, user, user_interface, nas, username, mac)
+
+    logger.info(log.encode("utf-8"))
+    logger.info(username.encode("utf-8"))
+
+    if not result:
+        return radiusd.RLM_MODULE_REJECT
 
     # If proxified request
     if not nas_type:
@@ -258,10 +274,10 @@ def check_user_machine_and_register(nas_type, user, user_interface, nas_id, user
 
     if not user:
         # No username provided
-        return (False, "User unknown", "")
+        return (False, "User unknown")
 
     if not user["access"]:
-        return (False, "Invalid connexion (non-contributing user)", "")
+        return (False, "Invalid connexion (non-contributing user)")
 
     if user_interface:
         if user_interface["user_pk"] != user["pk"]:
@@ -272,7 +288,7 @@ def check_user_machine_and_register(nas_type, user, user_interface, nas_id, user
             )
 
         elif not user_interface["active"]:
-            return (False, "Interface/Machine disabled", "")
+            return (False, "Interface/Machine disabled")
 
         elif not user_interface["ipv4"]:
             # Try to autoassign ip
@@ -281,11 +297,11 @@ def check_user_machine_and_register(nas_type, user, user_interface, nas_id, user
                     "radius/assign_ip/{0}".format(
                         urllib.parse.quote(mac_address or "None", safe="")
                     ))
-                return (True, "Ok, new ipv4 assignement...", user.get("pwd_ntlm", ""))
+                return (True, "Ok, new ipv4 assignement...")
             except HTTPError as err:
-                return (False, "Error during ip assignement %s" % err.response.text, "")
+                return (False, "Error during ip assignement %s" % err.response.text)
         else:
-            return (True, "Access ok", user.get("pwd_ntlm", ""))
+            return (True, "Access ok")
 
     elif nas_type:
         # The interface is not yet registred, try to autoregister if enabled
@@ -297,14 +313,13 @@ def check_user_machine_and_register(nas_type, user, user_interface, nas_id, user
                         urllib.parse.quote(username or "None", safe=""),
                         urllib.parse.quote(mac_address or "None", safe="")
                     ))
-                return (True, "Access Ok, Registering mac...", user["pwd_ntlm"])
+                return (True, "Access Ok, Registering mac...")
             except HTTPError as err:
-                return (False, "Error during mac register %s" % err.response.text, "")
-            return (False, "Autoregistering is disabled", "")
+                return (False, "Error during mac register %s" % err.response.text)
         else:
-            return (False, "Unknown interface/machine", "")
+            return (False, "Autoregistering is disabled")
     else:
-        return (False, "Unknown interface/machine", "")
+        return (False, "Unknown interface/machine")
 
 
 def set_radius_attributes_values(attributes, values):