jumpserver/apps/authentication/backends/radius/backends.py

# -*- coding: utf-8 -*-
#
import traceback

from django.conf import settings
from django.contrib.auth import get_user_model
from radiusauth.backends import RADIUSBackend, RADIUSRealmBackend

from authentication.backends.base import JMSBaseAuthBackend
from .signals import radius_create_user

User = get_user_model()


class CreateUserMixin:
    @staticmethod
    def get_django_user(username, password=None, *args, **kwargs):
        if isinstance(username, bytes):
            username = username.decode()
        user = User.objects.filter(username=username).first()
        if user:
            return user

        if '@' in username:
            email = username
        else:
            email_suffix = settings.EMAIL_SUFFIX
            email = '{}@{}'.format(username, email_suffix)

        user = User(username=username, name=username, email=email)
        user.save()
        radius_create_user.send(sender=user.__class__, user=user)
        return user

    def _perform_radius_auth(self, client, packet):
        # TODO: 等待官方库修复这个BUG
        try:
            return super()._perform_radius_auth(client, packet)
        except UnicodeError as e:
            import sys
            tb = ''.join(traceback.format_exception(*sys.exc_info(), limit=2, chain=False))
            if tb.find("cl.decode") != -1:
                return [], False, False
            return None


class RadiusBaseBackend(CreateUserMixin, JMSBaseAuthBackend):
    @staticmethod
    def is_enabled():
        return settings.AUTH_RADIUS


class RadiusBackend(RadiusBaseBackend, RADIUSBackend):
    def authenticate(self, request, username='', password='', **kwargs):
        return super().authenticate(request, username=username, password=password)


class RadiusRealmBackend(RadiusBaseBackend, RADIUSRealmBackend):
    def authenticate(self, request, username='', password='', realm=None, **kwargs):
        return super().authenticate(request, username=username, password=password, realm=realm)
[Update] 支持radius认证 (#2323) * [Update] 支持radius认证 * [Update] 支持radius * [Update] 增加requirements * [Update] 修改copyright * [Update] 修改migrations 2019-01-07 11:20:39 +00:00			`# -- coding: utf-8 --`
			`#`
fix(auth): 修复radius decode error的问题 2020-07-31 11:40:27 +00:00			`import traceback`
[Update] 支持radius认证 (#2323) * [Update] 支持radius认证 * [Update] 支持radius * [Update] 增加requirements * [Update] 修改copyright * [Update] 修改migrations 2019-01-07 11:20:39 +00:00
perf: Third-party user login settings default organization 2024-08-01 10:36:01 +00:00			`from django.conf import settings`
feat: 添加限制用户只能从source登录的功能 (#5592) * stash it * feat: 添加限制用户只能从source登录的功能 * fix: 修复小错误 Co-authored-by: ibuler <ibuler@qq.com> 2021-02-26 09:33:11 +00:00			`from django.contrib.auth import get_user_model`
[Update] 支持radius认证 (#2323) * [Update] 支持radius认证 * [Update] 支持radius * [Update] 增加requirements * [Update] 修改copyright * [Update] 修改migrations 2019-01-07 11:20:39 +00:00			`from radiusauth.backends import RADIUSBackend, RADIUSRealmBackend`
Fix rbac (#7699) * perf: 优化 suggesstion * perf: 修改 migrations * feat: 添加OIDC认证逻辑 * perf: 修改 backend * perf: 优化认证backends * perf: 优化认证backends * perf: 优化CAS认证, 用户多域名进行访问时回调到各自域名 Co-authored-by: ibuler <ibuler@qq.com> 2022-02-25 11:23:59 +00:00
perf: Third-party user login settings default organization 2024-08-01 10:36:01 +00:00			`from authentication.backends.base import JMSBaseAuthBackend`
			`from .signals import radius_create_user`
[Update] 修改radius MFA 2019-11-11 12:10:49 +00:00
[Update] 支持radius认证 (#2323) * [Update] 支持radius认证 * [Update] 支持radius * [Update] 增加requirements * [Update] 修改copyright * [Update] 修改migrations 2019-01-07 11:20:39 +00:00			`User = get_user_model()`


			`class CreateUserMixin:`
feat: 添加临时 password (#8035) * perf: 添加 template password * perf: 修改id * perf: 修改翻译 * perf: 修改 tmp token * perf: 修改 token Co-authored-by: ibuler <ibuler@qq.com> 2022-04-13 12:24:56 +00:00			`@staticmethod`
			`def get_django_user(username, password=None, args, *kwargs):`
[Update] 支持radius认证 (#2323) * [Update] 支持radius认证 * [Update] 支持radius * [Update] 增加requirements * [Update] 修改copyright * [Update] 修改migrations 2019-01-07 11:20:39 +00:00			`if isinstance(username, bytes):`
			`username = username.decode()`
feat: 添加临时 password (#8035) * perf: 添加 template password * perf: 修改id * perf: 修改翻译 * perf: 修改 tmp token * perf: 修改 token Co-authored-by: ibuler <ibuler@qq.com> 2022-04-13 12:24:56 +00:00			`user = User.objects.filter(username=username).first()`
			`if user:`
			`return user`

			`if '@' in username:`
			`email = username`
			`else:`
			`email_suffix = settings.EMAIL_SUFFIX`
			`email = '{}@{}'.format(username, email_suffix)`

			`user = User(username=username, name=username, email=email)`
			`user.save()`
perf: Third-party user login settings default organization 2024-08-01 10:36:01 +00:00			`radius_create_user.send(sender=user.__class__, user=user)`
[Update] 支持radius认证 (#2323) * [Update] 支持radius认证 * [Update] 支持radius * [Update] 增加requirements * [Update] 修改copyright * [Update] 修改migrations 2019-01-07 11:20:39 +00:00			`return user`

fix(auth): 修复radius decode error的问题 2020-07-31 11:40:27 +00:00			`def _perform_radius_auth(self, client, packet):`
			`# TODO: 等待官方库修复这个BUG`
			`try:`
			`return super()._perform_radius_auth(client, packet)`
			`except UnicodeError as e:`
			`import sys`
			`tb = ''.join(traceback.format_exception(*sys.exc_info(), limit=2, chain=False))`
			`if tb.find("cl.decode") != -1:`
			`return [], False, False`
			`return None`

[Update] 支持radius认证 (#2323) * [Update] 支持radius认证 * [Update] 支持radius * [Update] 增加requirements * [Update] 修改copyright * [Update] 修改migrations 2019-01-07 11:20:39 +00:00
Fix rbac (#7699) * perf: 优化 suggesstion * perf: 修改 migrations * feat: 添加OIDC认证逻辑 * perf: 修改 backend * perf: 优化认证backends * perf: 优化认证backends * perf: 优化CAS认证, 用户多域名进行访问时回调到各自域名 Co-authored-by: ibuler <ibuler@qq.com> 2022-02-25 11:23:59 +00:00			`class RadiusBaseBackend(CreateUserMixin, JMSBaseAuthBackend):`
			`@staticmethod`
			`def is_enabled():`
			`return settings.AUTH_RADIUS`


			`class RadiusBackend(RadiusBaseBackend, RADIUSBackend):`
fix: 再次修复 2020-09-16 03:05:52 +00:00			`def authenticate(self, request, username='', password='', **kwargs):`
fix(authentication): 修复同时开启radius, openid引起的问题 2020-09-16 02:52:50 +00:00			`return super().authenticate(request, username=username, password=password)`
[Update] 支持radius认证 (#2323) * [Update] 支持radius认证 * [Update] 支持radius * [Update] 增加requirements * [Update] 修改copyright * [Update] 修改migrations 2019-01-07 11:20:39 +00:00

Fix rbac (#7699) * perf: 优化 suggesstion * perf: 修改 migrations * feat: 添加OIDC认证逻辑 * perf: 修改 backend * perf: 优化认证backends * perf: 优化认证backends * perf: 优化CAS认证, 用户多域名进行访问时回调到各自域名 Co-authored-by: ibuler <ibuler@qq.com> 2022-02-25 11:23:59 +00:00			`class RadiusRealmBackend(RadiusBaseBackend, RADIUSRealmBackend):`
fix: 再次修复 2020-09-16 03:05:52 +00:00			`def authenticate(self, request, username='', password='', realm=None, **kwargs):`
fix(authentication): 修复同时开启radius, openid引起的问题 2020-09-16 02:52:50 +00:00			`return super().authenticate(request, username=username, password=password, realm=realm)`