From 5084fec43f8426fef5aef5439dfc9e41b9a7cf21 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adolfo=20G=C3=B3mez=20Garc=C3=ADa?= <dkmaster@dkmon.com>
Date: Tue, 22 Feb 2022 13:26:24 +0100
Subject: [PATCH 1/3] Fixed SQLITE DB problems

---
 server/src/uds/REST/methods/actor_v3.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/server/src/uds/REST/methods/actor_v3.py b/server/src/uds/REST/methods/actor_v3.py
index 7eaaf483..f72a9465 100644
--- a/server/src/uds/REST/methods/actor_v3.py
+++ b/server/src/uds/REST/methods/actor_v3.py
@@ -263,6 +263,8 @@ class Initialize(ActorV3Action):
 
             # Valid actor token, now validate access allowed. That is, look for a valid mac from the ones provided.
             try:
+                # Enforce lowecase ids for sqlite
+                idsList = [i.lower() for i in idsList]
                 # Set full filter
                 dbFilter = dbFilter.filter(
                     unique_id__in=idsList,
@@ -438,6 +440,9 @@ class LoginLogout(ActorV3Action):
                 x['mac'] for x in self._params['id']
             ][:10]
 
+            # Enforce lowercase for idList
+            idsList = [x.lower() for x in idsList]
+
             validId: typing.Optional[str] = service.getValidId(idsList)
 
             # Must be valid
@@ -648,6 +653,9 @@ class Unmanaged(ActorV3Action):
         ][:10]
         validId: typing.Optional[str] = service.getValidId(idsList)
 
+        # enforce lowercase idsList
+        idsList = [i.lower() for i in idsList]
+
         # Check if there is already an assigned user service
         # To notify it logout
         userService: typing.Optional[UserService]

From 1fba4d3f9f37d87600c644cb07b216b730898682 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adolfo=20G=C3=B3mez=20Garc=C3=ADa?= <dkmaster@dkmon.com>
Date: Wed, 23 Feb 2022 14:17:29 +0100
Subject: [PATCH 2/3] Fixed check of ip

---
 server/src/uds/auths/IP/authenticator.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/server/src/uds/auths/IP/authenticator.py b/server/src/uds/auths/IP/authenticator.py
index d1e155e2..9b321750 100644
--- a/server/src/uds/auths/IP/authenticator.py
+++ b/server/src/uds/auths/IP/authenticator.py
@@ -102,8 +102,11 @@ class IPAuth(auths.Authenticator):
         Used by the login interface to determine if the authenticator is visible on the login page.
         """
         validNets = self.visibleFromNets.value.strip()
-        if not validNets or net.ipInNetwork(request.ip, validNets):
-            return True
+        try:
+            if not validNets or net.ipInNetwork(request.ip, validNets):
+                return True
+        except Exception as e:
+            logger.error('Invalid network for IP auth: %s', e)
         return False
 
     def internalAuthenticate(self, username: str, credentials: str, groupsManager: 'auths.GroupsManager') -> bool:

From ee30ab46040a15202c37b2ded855a61a5e7403af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adolfo=20G=C3=B3mez=20Garc=C3=ADa?= <dkmaster@dkmon.com>
Date: Wed, 23 Feb 2022 21:54:23 +0100
Subject: [PATCH 3/3] Fixed authcallbacks

---
 server/src/uds/web/views/auth.py   | 27 ++++++++++++++-------------
 server/src/uds/web/views/modern.py | 18 +++++++++++++-----
 2 files changed, 27 insertions(+), 18 deletions(-)

diff --git a/server/src/uds/web/views/auth.py b/server/src/uds/web/views/auth.py
index f76e151e..0dec0616 100644
--- a/server/src/uds/web/views/auth.py
+++ b/server/src/uds/web/views/auth.py
@@ -32,6 +32,7 @@ import logging
 import typing
 
 from django.urls import reverse
+from django.db.models import Q
 from django.http import HttpRequest, HttpResponse, HttpResponseRedirect
 from django.utils.translation import ugettext as _
 from django.views.decorators.cache import never_cache
@@ -79,10 +80,19 @@ def authCallback(request: HttpRequest, authName: str) -> HttpResponse:
     an authenticator that has an authCallback
     """
     try:
-        authenticator = Authenticator.objects.get(name=authName)
-        params = request.GET.copy()
-        params.update(request.POST)
-        params['_query'] = request.META.get('QUERY_STRING', '')
+        authenticator = Authenticator.objects.filter(Q(name=authName) | Q(small_name=authName)).order_by('priority').first()
+        if not authenticator:
+            raise Exception('Authenticator not found')
+
+        params = {
+            'https': request.is_secure(),
+            'http_host': request.META['HTTP_HOST'],
+            'path_info': request.META['PATH_INFO'],
+            'server_port': request.META['SERVER_PORT'],
+            'get_data': request.GET.copy(),
+            'post_data': request.POST.copy(),
+            'query_string': request.META['QUERY_STRING'],
+        }
 
         logger.debug(
             'Auth callback for %s with params %s', authenticator, params.keys()
@@ -103,15 +113,6 @@ def authCallback_stage2(
         params: typing.Dict[str, typing.Any] = ticket['params']
         auth_uuid: str = ticket['auth']
         authenticator = Authenticator.objects.get(uuid=auth_uuid)
-        params['_request'] = request
-        # params['_session'] = request.session
-        # params['_user'] = request.user
-        logger.debug(
-            'Request session:%s -> %s, %s',
-            request.ip,
-            request.session.keys(),
-            request.session.session_key,
-        )
 
         user = authenticateViaCallback(authenticator, params)
 
diff --git a/server/src/uds/web/views/modern.py b/server/src/uds/web/views/modern.py
index f163602f..53cc4c16 100644
--- a/server/src/uds/web/views/modern.py
+++ b/server/src/uds/web/views/modern.py
@@ -36,7 +36,7 @@ from django.shortcuts import render
 from django.http import HttpRequest, HttpResponse, JsonResponse, HttpResponseRedirect
 from django.urls import reverse
 from uds.core.util.request import ExtendedHttpRequest, ExtendedHttpRequestWithUser
-from uds.core.auths import auth
+from uds.core.auths import auth, exceptions
 
 from uds.web.util import errors
 from uds.web.forms.LoginForm import LoginForm
@@ -103,10 +103,18 @@ def login(
 def logout(request: ExtendedHttpRequestWithUser) -> HttpResponse:
     auth.authLogLogout(request)
     request.session['restricted'] = False  # Remove restricted
-    logoutUrl = request.user.logout()
-    if logoutUrl is None:
-        logoutUrl = request.session.get('logouturl', None)
-    return auth.webLogout(request, logoutUrl)
+    try:
+        logoutUrl = request.user.logout()
+        if logoutUrl is None:
+            logoutUrl = request.session.get('logouturl', None)
+        return auth.webLogout(request, logoutUrl)
+    except exceptions.Redirect as e:
+        return HttpResponseRedirect(
+            request.build_absolute_uri(str(e)) if e.args and e.args[0] else '/'
+        )
+    except Exception as e:
+        logger.exception('Error logging out user')
+        return auth.webLogout(request, None)
 
 
 def js(request: ExtendedHttpRequest) -> HttpResponse: