shaba/openuds
1
0
Fork 1
mirror of https://github.com/dkmstr/openuds.git synced 2025-01-11 05:17:55 +03:00
Code Issues Releases Wiki Activity

Removed optional parameter "transport" from ticket REST api creation. This is due to the fact than the transport needs to be checked on Client browser (user ip, SO, etc...)

Browse Source
This commit is contained in:
Adolfo Gómez García 2021-09-29 11:04:51 +02:00
parent d02974ad87
commit 41aa22fadd
2 changed files with 7 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
server/src/uds/REST/methods/tickets.py
View File

@ -44,6 +44,7 @@ from uds.core.util import tools
logger = logging.getLogger(__name__)
# Valid parameters accepted by ticket creation method
VALID_PARAMS = (
'authId',
'authTag',
@ -54,7 +55,7 @@ VALID_PARAMS = (
'password',
'groups',
'servicePool',
'transport',
'transport', # Admited to be backwards compatible, but not used. Will be removed on a future release.
'force',
'userIp',
)
@ -76,7 +77,7 @@ class Tickets(Handler):
password:
groups:
servicePool:
transport:
transport: Ignored. Transport must be auto-detected on ticket auth
force: If "1" or "true" will ensure that:
- Groups exists on authenticator
- servicePool has these groups in it's allowed list
@ -144,7 +145,6 @@ class Tickets(Handler):
try:
servicePoolId = None
transportId = None
authId = self._params.get('authId', None)
authName = self._params.get('auth', None)
@ -240,41 +240,7 @@ class Tickets(Handler):
):
pool.assignedGroups.add(auth.groups.get(uuid=addGrp))
if 'transport' in self._params:
transport: models.Transport = models.Transport.objects.get(
uuid=processUuid(self._params['transport'])
)
try:
pool.validateTransport(transport)
except Exception:
logger.error(
'Transport %s is not valid for Service Pool %s',
transport.name,
pool.name,
)
raise Exception('Invalid transport for Service Pool')
else:
transport = models.Transport(uuid=None)
if userIp:
for v in pool.transports.order_by('priority'):
if v.validForIp(userIp):
transport = v
break
if transport.uuid is None:
logger.error(
'Service pool %s does not has valid transports for ip %s',
pool.name,
userIp,
)
raise Exception(
'Service pool does not has any valid transports for ip {}'.format(
userIp
)
)
servicePoolId = 'F' + pool.uuid
transportId = transport.uuid
except models.Authenticator.DoesNotExist:
return Tickets.result(error='Authenticator does not exists')
@ -292,7 +258,6 @@ class Tickets(Handler):
'groups': groupIds,
'auth': auth.uuid,
'servicePool': servicePoolId,
'transport': transportId,
}
ticket = models.TicketStore.create(data)

10
server/src/uds/web/views/auth.py
View File

@ -213,7 +213,6 @@ def ticketAuth(
realname = data['realname']
poolUuid = data['servicePool']
password = cryptoManager().decrypt(data['password'])
transport = data['transport']
except Exception:
logger.error('Ticket stored is not valid')
raise auths.exceptions.InvalidUserException()
@ -247,16 +246,15 @@ def ticketAuth(
request.user = usr # Temporarily store this user as "authenticated" user, next requests will be done using session
request.session['ticket'] = '1' # Store that user access is done using ticket
# Override and recalc transport based on current os
transport = None
# Transport must always be automatic for ticket authentication
logger.debug("Service & transport: %s, %s", poolUuid, transport)
logger.debug("Service & transport: %s", poolUuid)
# Check if servicePool is part of the ticket
if poolUuid:
# If service pool is in there, also is transport
# Request service, with transport = None so it is automatic
res = userServiceManager().getService(
request.user, request.os, request.ip, poolUuid, transport, False
request.user, request.os, request.ip, poolUuid, None, False
)
_, userService, _, transport, _ = res