improve authentication stability

This commit is contained in:
KF7EEL 2021-05-06 18:14:20 -07:00
parent a93a61d05b
commit 213a5c6d8f
2 changed files with 34 additions and 32 deletions

View File

@ -105,17 +105,6 @@ def acl_check(_id, _acl):
return _acl[0]
return not _acl[0]
def check_user_man(_id):
#Change this to a config value
user_man_url = _config['USE_USER_MAN']['URL']
print(int(str(int_id(_id))[:7]))
auth_check = {
'id':int(str(int_id(_id))[:7])
}
json_object = json.dumps(auth_check, indent = 4)
req = requests.post(user_man_url, data=json_object, headers={'Content-Type': 'application/json'})
resp = json.loads(req.text)
return resp
#************************************************
# OPENBRIDGE CLASS
@ -246,6 +235,20 @@ class HBSYSTEM(DatagramProtocol):
self.maintenance_loop = self.peer_maintenance_loop
self.datagramReceived = self.peer_datagramReceived
self.dereg = self.peer_dereg
def check_user_man(self, _id):
#Change this to a config value
user_man_url = self._CONFIG['USER_MANAGER']['URL']
print(int(str(int_id(_id))[:7]))
auth_check = {
'id':int(str(int_id(_id))[:7])
}
json_object = json.dumps(auth_check, indent = 4)
try:
req = requests.post(user_man_url, data=json_object, headers={'Content-Type': 'application/json'})
resp = json.loads(req.text)
return resp
except requests.ConnectionError:
return {'allow':True}
def startProtocol(self):
# Set up periodic loop for tracking pings from peers. Run every 'PING_TIME' seconds
@ -426,16 +429,12 @@ class HBSYSTEM(DatagramProtocol):
# Check to see if we've reached the maximum number of allowed peers
if len(self._peers) < self._config['MAX_PEERS']:
# Check for valid Radio ID
#print(self.check_user_man(_peer_id))
if self._config['USE_USER_MAN'] == True:
try:
self.ums_response = check_user_man(_peer_id)
print(self.ums_response)
self.ums_response = self.check_user_man(_peer_id)
## print(self.ums_response)
if acl_check(_peer_id, self._CONFIG['GLOBAL']['REG_ACL']) and self.ums_response['allow']:
user_auth = self.ums_response['allow']
except Exception as e:
if acl_check(_peer_id, self._CONFIG['GLOBAL']['REG_ACL']):
user_auth = True
logger.info(e)
else:
user_auth = False
print(user_auth)
@ -490,7 +489,7 @@ class HBSYSTEM(DatagramProtocol):
_this_peer['LAST_PING'] = time()
_sent_hash = _data[8:]
_salt_str = bytes_4(_this_peer['SALT'])
#print(self.ums_response)
print(self.ums_response)
try:
if self.ums_response['mode'] == 'legacy':
_calc_hash = bhex(sha256(_salt_str+self._config['PASSPHRASE']).hexdigest())
@ -499,13 +498,13 @@ class HBSYSTEM(DatagramProtocol):
if self.ums_response['mode'] == 'normal':
_new_peer_id = bytes_4(int(str(int_id(_peer_id))[:7]))
## print(int_id(_new_peer_id))
calc_passphrase = base64.b64encode((_new_peer_id) + _config['USE_USER_MAN']['APPEND_INT'].to_bytes(2, 'big'))
## print(calc_passphrase)
calc_passphrase = base64.b64encode((_new_peer_id) + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big'))
print(calc_passphrase)
_calc_hash = bhex(sha256(_salt_str+calc_passphrase).hexdigest())
ums_down = False
except Exception as e:
# If UMS down, default to base 64 auth
logger.info(e)
## # If UMS down, default to base 64 auth
## logger.info(e)
calc_passphrase = base64.b64encode((_peer_id) + int(1).to_bytes(2, 'big'))
_calc_hash = bhex(sha256(_salt_str+calc_passphrase).hexdigest())
ums_down = True

View File

@ -1,7 +1,8 @@
from flask import Flask, render_template, request, Response, Markup, jsonify, make_response
auth_dict = {
3153591:''
3153591:0,
3153597:''
}
@ -18,7 +19,8 @@ def index():
@app.route('/auth', methods=['POST'])
def auth():
hblink_req = request.json
print((auth_dict[hblink_req['id']]))
#print((auth_dict[hblink_req['id']]))
#try:
if hblink_req['id'] in auth_dict:
if auth_dict[hblink_req['id']] == 0:
response = jsonify(
@ -37,8 +39,9 @@ def auth():
mode='override',
value=auth_dict[hblink_req['id']]
)
if hblink_req['id'] in auth_dict:
esponse = jsonify(
if hblink_req['id'] not in auth_dict:
## except:
response = jsonify(
allow=False)
return response