improve authentication stability
This commit is contained in:
parent
a93a61d05b
commit
213a5c6d8f
53
hblink.py
53
hblink.py
@ -105,17 +105,6 @@ def acl_check(_id, _acl):
|
||||
return _acl[0]
|
||||
return not _acl[0]
|
||||
|
||||
def check_user_man(_id):
|
||||
#Change this to a config value
|
||||
user_man_url = _config['USE_USER_MAN']['URL']
|
||||
print(int(str(int_id(_id))[:7]))
|
||||
auth_check = {
|
||||
'id':int(str(int_id(_id))[:7])
|
||||
}
|
||||
json_object = json.dumps(auth_check, indent = 4)
|
||||
req = requests.post(user_man_url, data=json_object, headers={'Content-Type': 'application/json'})
|
||||
resp = json.loads(req.text)
|
||||
return resp
|
||||
|
||||
#************************************************
|
||||
# OPENBRIDGE CLASS
|
||||
@ -246,6 +235,20 @@ class HBSYSTEM(DatagramProtocol):
|
||||
self.maintenance_loop = self.peer_maintenance_loop
|
||||
self.datagramReceived = self.peer_datagramReceived
|
||||
self.dereg = self.peer_dereg
|
||||
def check_user_man(self, _id):
|
||||
#Change this to a config value
|
||||
user_man_url = self._CONFIG['USER_MANAGER']['URL']
|
||||
print(int(str(int_id(_id))[:7]))
|
||||
auth_check = {
|
||||
'id':int(str(int_id(_id))[:7])
|
||||
}
|
||||
json_object = json.dumps(auth_check, indent = 4)
|
||||
try:
|
||||
req = requests.post(user_man_url, data=json_object, headers={'Content-Type': 'application/json'})
|
||||
resp = json.loads(req.text)
|
||||
return resp
|
||||
except requests.ConnectionError:
|
||||
return {'allow':True}
|
||||
|
||||
def startProtocol(self):
|
||||
# Set up periodic loop for tracking pings from peers. Run every 'PING_TIME' seconds
|
||||
@ -426,18 +429,14 @@ class HBSYSTEM(DatagramProtocol):
|
||||
# Check to see if we've reached the maximum number of allowed peers
|
||||
if len(self._peers) < self._config['MAX_PEERS']:
|
||||
# Check for valid Radio ID
|
||||
#print(self.check_user_man(_peer_id))
|
||||
if self._config['USE_USER_MAN'] == True:
|
||||
try:
|
||||
self.ums_response = check_user_man(_peer_id)
|
||||
print(self.ums_response)
|
||||
if acl_check(_peer_id, self._CONFIG['GLOBAL']['REG_ACL']) and self.ums_response['allow']:
|
||||
user_auth = self.ums_response['allow']
|
||||
except Exception as e:
|
||||
if acl_check(_peer_id, self._CONFIG['GLOBAL']['REG_ACL']):
|
||||
user_auth = True
|
||||
logger.info(e)
|
||||
else:
|
||||
user_auth = False
|
||||
self.ums_response = self.check_user_man(_peer_id)
|
||||
## print(self.ums_response)
|
||||
if acl_check(_peer_id, self._CONFIG['GLOBAL']['REG_ACL']) and self.ums_response['allow']:
|
||||
user_auth = self.ums_response['allow']
|
||||
else:
|
||||
user_auth = False
|
||||
print(user_auth)
|
||||
if self._config['USE_USER_MAN'] == False:
|
||||
if acl_check(_peer_id, self._CONFIG['GLOBAL']['REG_ACL']) and acl_check(_peer_id, self._config['REG_ACL']):
|
||||
@ -490,7 +489,7 @@ class HBSYSTEM(DatagramProtocol):
|
||||
_this_peer['LAST_PING'] = time()
|
||||
_sent_hash = _data[8:]
|
||||
_salt_str = bytes_4(_this_peer['SALT'])
|
||||
#print(self.ums_response)
|
||||
print(self.ums_response)
|
||||
try:
|
||||
if self.ums_response['mode'] == 'legacy':
|
||||
_calc_hash = bhex(sha256(_salt_str+self._config['PASSPHRASE']).hexdigest())
|
||||
@ -499,13 +498,13 @@ class HBSYSTEM(DatagramProtocol):
|
||||
if self.ums_response['mode'] == 'normal':
|
||||
_new_peer_id = bytes_4(int(str(int_id(_peer_id))[:7]))
|
||||
## print(int_id(_new_peer_id))
|
||||
calc_passphrase = base64.b64encode((_new_peer_id) + _config['USE_USER_MAN']['APPEND_INT'].to_bytes(2, 'big'))
|
||||
## print(calc_passphrase)
|
||||
calc_passphrase = base64.b64encode((_new_peer_id) + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big'))
|
||||
print(calc_passphrase)
|
||||
_calc_hash = bhex(sha256(_salt_str+calc_passphrase).hexdigest())
|
||||
ums_down = False
|
||||
except Exception as e:
|
||||
# If UMS down, default to base 64 auth
|
||||
logger.info(e)
|
||||
## # If UMS down, default to base 64 auth
|
||||
## logger.info(e)
|
||||
calc_passphrase = base64.b64encode((_peer_id) + int(1).to_bytes(2, 'big'))
|
||||
_calc_hash = bhex(sha256(_salt_str+calc_passphrase).hexdigest())
|
||||
ums_down = True
|
||||
|
@ -1,7 +1,8 @@
|
||||
from flask import Flask, render_template, request, Response, Markup, jsonify, make_response
|
||||
|
||||
auth_dict = {
|
||||
3153591:''
|
||||
3153591:0,
|
||||
3153597:''
|
||||
}
|
||||
|
||||
|
||||
@ -18,7 +19,8 @@ def index():
|
||||
@app.route('/auth', methods=['POST'])
|
||||
def auth():
|
||||
hblink_req = request.json
|
||||
print((auth_dict[hblink_req['id']]))
|
||||
#print((auth_dict[hblink_req['id']]))
|
||||
#try:
|
||||
if hblink_req['id'] in auth_dict:
|
||||
if auth_dict[hblink_req['id']] == 0:
|
||||
response = jsonify(
|
||||
@ -37,8 +39,9 @@ def auth():
|
||||
mode='override',
|
||||
value=auth_dict[hblink_req['id']]
|
||||
)
|
||||
if hblink_req['id'] in auth_dict:
|
||||
esponse = jsonify(
|
||||
if hblink_req['id'] not in auth_dict:
|
||||
## except:
|
||||
response = jsonify(
|
||||
allow=False)
|
||||
return response
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user