diff --git a/config.py b/config.py index ca9b345..4cfcac3 100755 --- a/config.py +++ b/config.py @@ -156,6 +156,7 @@ def build_config(_config_file): elif section == 'USER_MANAGER': CONFIG['USER_MANAGER'].update({ + 'THIS_SERVER_NAME': config.get(section, 'THIS_SERVER_NAME'), 'URL': config.get(section, 'URL'), 'APPEND_INT': config.getint(section, 'APPEND_INT'), 'SHARED_SECRET': config.get(section, 'SHARED_SECRET'), diff --git a/hblink.py b/hblink.py index 9b43c1e..74666e9 100755 --- a/hblink.py +++ b/hblink.py @@ -254,14 +254,16 @@ class HBSYSTEM(DatagramProtocol): self.datagramReceived = self.peer_datagramReceived self.dereg = self.peer_dereg - def check_user_man(self, _id): + def check_user_man(self, _id, server_name, peer_ip): #Change this to a config value user_man_url = self._CONFIG['USER_MANAGER']['URL'] shared_secret = self._CONFIG['USER_MANAGER']['SHARED_SECRET'] #print(int(str(int_id(_id))[:7])) auth_check = { + 'secret':shared_secret, 'login_id':int(str(int_id(_id))[:7]), - 'secret':shared_secret + 'login_ip': peer_ip, + 'login_server': server_name } json_object = json.dumps(auth_check, indent = 4) try: @@ -271,6 +273,27 @@ class HBSYSTEM(DatagramProtocol): except requests.ConnectionError: return {'allow':True} + def send_login_conf(self, _id, server_name, peer_ip, old_auth): + #Change this to a config value + user_man_url = self._CONFIG['USER_MANAGER']['URL'] + shared_secret = self._CONFIG['USER_MANAGER']['SHARED_SECRET'] + #print(int(str(int_id(_id))[:7])) + auth_conf = { + 'secret':shared_secret, + 'login_id':int(str(int_id(_id))[:7]), + 'login_ip': peer_ip, + 'login_server': server_name, + 'login_confirmed': True, + 'old_auth': old_auth + } + json_object = json.dumps(auth_conf, indent = 4) + #try: + req = requests.post(user_man_url, data=json_object, headers={'Content-Type': 'application/json'}) + # resp = json.loads(req.text) + #return resp + #except requests.ConnectionError: + # return {'allow':True} + def calc_passphrase(self, peer_id, _salt_str): burn_id = ast.literal_eval(os.popen('cat ' + self._CONFIG['USER_MANAGER']['BURN_FILE']).read()) peer_id_trimmed = int(str(int_id(peer_id))[:7]) @@ -416,9 +439,6 @@ class HBSYSTEM(DatagramProtocol): # Keep This Line Commented Unless HEAVILY Debugging! # logger.debug('(%s) RX packet from %s -- %s', self._system, _sockaddr, ahex(_data)) - # Place holder for DB function - user_db = ast.literal_eval(os.popen('cat ./db.txt').read()) - # Extract the command, which is various length, all but one 4 significant characters -- RPTCL _command = _data[:4] @@ -497,7 +517,7 @@ class HBSYSTEM(DatagramProtocol): # Check for valid Radio ID #print(self.check_user_man(_peer_id)) if self._config['USE_USER_MAN'] == True: - self.ums_response = self.check_user_man(_peer_id) + self.ums_response = self.check_user_man(_peer_id, self._CONFIG['USER_MANAGER']['THIS_SERVER_NAME'], _sockaddr[0]) ## print(self.ums_response) if acl_check(_peer_id, self._CONFIG['GLOBAL']['REG_ACL']) and self.ums_response['allow']: user_auth = self.ums_response['allow'] @@ -540,6 +560,7 @@ class HBSYSTEM(DatagramProtocol): self.send_peer(_peer_id, b''.join([RPTACK, _salt_str])) self._peers[_peer_id]['CONNECTION'] = 'CHALLENGE_SENT' logger.info('(%s) Sent Challenge Response to %s for login: %s', self._system, int_id(_peer_id), self._peers[_peer_id]['SALT']) +## print(self._peers) else: self.transport.write(b''.join([MSTNAK, _peer_id]), _sockaddr) logger.warning('(%s) Invalid Login from %s Radio ID: %s Denied by Registation ACL', self._system, _sockaddr[0], int_id(_peer_id)) @@ -572,6 +593,11 @@ class HBSYSTEM(DatagramProtocol): _this_peer['CONNECTION'] = 'WAITING_CONFIG' self.send_peer(_peer_id, b''.join([RPTACK, _peer_id])) logger.info('(%s) Peer %s has completed the login exchange successfully', self._system, _this_peer['RADIO_ID']) + #self.send_login_conf(_peer_id, self._CONFIG['USER_MANAGER']['THIS_SERVER_NAME'], _sockaddr[0], False) + if _sent_hash == _ocalc_hash: + self.send_login_conf(_peer_id, self._CONFIG['USER_MANAGER']['THIS_SERVER_NAME'], _sockaddr[0], True) + else: + self.send_login_conf(_peer_id, self._CONFIG['USER_MANAGER']['THIS_SERVER_NAME'], _sockaddr[0], False) else: logger.info('(%s) Peer %s has FAILED the login exchange successfully', self._system, _this_peer['RADIO_ID']) self.transport.write(b''.join([MSTNAK, _peer_id]), _sockaddr) diff --git a/user_managment/app.py b/user_managment/app.py index 9bbbda4..abe9435 100644 --- a/user_managment/app.py +++ b/user_managment/app.py @@ -59,7 +59,7 @@ def get_ids(callsign): except: city = result['results'][0]['country'] for i in result['results']: - id_list[i['id']] = '' + id_list[i['id']] = 0 return str([id_list, f_name, l_name, city]) except: return str([{}, '', '', '']) @@ -146,6 +146,7 @@ def create_app(): last_name = db.Column(db.String(100, collation='NOCASE'), nullable=False, server_default='') dmr_ids = db.Column(db.String(100, collation='NOCASE'), nullable=False, server_default='') city = db.Column(db.String(100, collation='NOCASE'), nullable=False, server_default='') + notes = db.Column(db.String(100, collation='NOCASE'), nullable=False, server_default='') #Used for initial approval initial_admin_approved = db.Column('initial_admin_approved', db.Boolean(), nullable=False, server_default='1') # Define the relationship to Role via UserRoles @@ -167,6 +168,17 @@ def create_app(): __tablename__ = 'burn_list' dmr_id = db.Column(db.Integer(), unique=True, primary_key=True) version = db.Column(db.Integer(), primary_key=True) + class AuthLog(db.Model): + __tablename__ = 'auth_log' + login_dmr_id = db.Column(db.Integer(), primary_key=True) + login_time = db.Column(db.DateTime(), primary_key=True) + peer_ip = db.Column(db.String(100, collation='NOCASE'), nullable=False, server_default='') + server_name = db.Column(db.Integer(), primary_key=True) + login_auth_method = db.Column(db.String(100, collation='NOCASE'), nullable=False, server_default='') + portal_username = db.Column(db.String(100, collation='NOCASE'), nullable=False, server_default='') + login_type = db.Column(db.String(100, collation='NOCASE'), nullable=False, server_default='') + + # Customize Flask-User class CustomUserManager(UserManager): @@ -236,7 +248,8 @@ def create_app(): email='admin@no.reply', email_confirmed_at=datetime.datetime.utcnow(), password=user_manager.hash_password('admin'), - initial_admin_approved = True + initial_admin_approved = True, + notes='Default admin account created during installation.' ) user.roles.append(Role(name='Admin')) user.roles.append(Role(name='User')) @@ -481,37 +494,37 @@ def create_app(): - @app.route('/mmdvm_log', methods=['POST', 'GET']) - @login_required # User must be authenticated - @roles_required('Admin') - def mmdvm_auth_list(): - display_number = 200 - content = ''' -
Last ''' + str(display_number) + ''' logins or attempts.
-User | -DMR ID | -Authentication | -Time | -
''' + str(i[1]) + ''' | -''' + str(i[0]) + ''' | -Value: ''' + str(i[2]) + '''\n DB: ''' + str(i[3]) + ''' |
-''' + datetime.datetime.fromtimestamp(i[4]).strftime(time_format) + ''' | -
Last ''' + str(display_number) + ''' logins or attempts.
+##User | +##DMR ID | +##Authentication | +##Time | +##
''' + str(i[1]) + ''' | +##''' + str(i[0]) + ''' | +##Value: ''' + str(i[2]) + '''\n DB: ''' + str(i[3]) + ''' |
+##''' + datetime.datetime.fromtimestamp(i[4]).strftime(time_format) + ''' | +##
Changed email for user: ''' + str(user) + ''' to ''' + request.form.get('email') + '''
\n''' + if request.form.get('notes') != edit_user.notes: + edit_user.notes = request.form.get('notes') + content = content + '''Changed notes for user: ''' + str(user) + '''.
\n''' if request.form.get('password') != '': edit_user.password = user_manager.hash_password(request.form.get('password')) content = content + '''Changed password for user: ''' + str(user) + '''
\n''' @@ -757,6 +773,8 @@ def create_app(): +View auth log for: ''' + u.username + '''
+