Refactor config update method to handle non-existing config values.

Added the option to strip domain part from radius

server/src/uds/REST/methods/config.py

@@ -39,6 +39,7 @@ from uds.REST import Handler
 
 logger = logging.getLogger(__name__)
 
+
 # Enclosed methods under /config path
 class Config(Handler):
     needs_admin = True  # By default, staff is lower level needed
@@ -59,6 +60,21 @@ class Config(Handler):
     def put(self):
         for section, secDict in self._params.items():
             for key, vals in secDict.items():
-                logger.info('Updating config value %s.%s to %s by %s', section, key, vals['value'], self._user.name)
-                CfgConfig.update(section, key, vals['value'])
+                config = CfgConfig.update(section, key, vals['value'])
+                if config is not None:
+                    logger.info(
+                        'Updating config value %s.%s to %s by %s',
+                        section,
+                        key,
+                        '********' if config.isCrypted() else vals['value'],
+                        self._user.name,
+                    )
+                else:
+                    logger.error(
+                        'Non existing config value %s.%s to %s by %s',
+                        section,
+                        key,
+                        vals['value'],
+                        self._user.name,
+                    )
         return 'done'

server/src/uds/core/util/config.py

@@ -268,21 +268,23 @@ class Config:
             yield val
 
     @staticmethod
-    def update(section, key, value, checkType=False) -> bool:
+    def update(section, key, value, checkType=False) -> typing.Optional['Config.Value']:
         # If cfg value does not exists, simply ignore request
         try:
             cfg = DBConfig.objects.filter(section=section, key=key)[0]  # @UndefinedVariable
             if checkType and cfg.field_type in (Config.READ_FIELD, Config.HIDDEN_FIELD):
-                return False  # Skip non writable elements
+                return None  # Skip non writable elements
 
             if cfg.crypt:
                 value = cryptoManager().encrypt(value)
             cfg.value = value
             cfg.save()
             logger.debug('Updated value for %s.%s to %s', section, key, value)
-            return True
+            if cfg.crypt:
+                return Config.section(section).valueCrypt(key)
+            return Config.section(section).value(key)
         except Exception:
-            return False
+            return None
 
     @staticmethod
     def getConfigValues(

server/src/uds/management/commands/config.py

@@ -58,9 +58,8 @@ class Command(BaseCommand):
                     mod, name = first
                 else:
                     mod, name = GLOBAL_SECTION, first[0]
-                if (
-                    Config.update(mod, name, value) is False
-                ):  # If not exists, try to store value without any special parameters
+                if not Config.update(mod, name, value):
+                    # If not exists, try to store value without any special parameters
                     Config.section(mod).value(name, value).get()
         except Exception as e:
             self.stderr.write('The command could not be processed: {}'.format(e))

server/src/uds/mfas/Radius/mfa.py

@@ -158,6 +158,18 @@ class RadiusOTP(mfas.MFA):
         tab=_('Config'),
     )
 
+    send_just_username = gui.CheckBoxField(
+        label=_('Send only username (without domain) to radius server'),
+        order=34,
+        defvalue=False,
+        tooltip=_(
+            'If unchecked, username will be sent as is to radius server. \n'
+            'If checked, domain part will be removed from username before sending it to radius server.'
+        ),
+        required=False,
+        tab=_('Config'),
+    )
+
     def initialize(self, values: 'Module.ValuesType') -> None:
         return super().initialize(values)
 
@@ -250,11 +262,14 @@ class RadiusOTP(mfas.MFA):
         '''
         if self.askForOTP(request) is False:
             return mfas.MFA.RESULT.ALLOWED
-        
+
         # if we are in a "all-users-otp" policy, avoid this step and go directly to ask for OTP
         if self.all_users_otp.isTrue():
             return mfas.MFA.RESULT.OK
 
+        if self.send_just_username.isTrue():
+            username = username.strip().split('@')[0].split('\\')[-1]
+
         web_pwd = webPassword(request)
         try:
             connection = self.radiusClient()
@@ -314,6 +329,9 @@ class RadiusOTP(mfas.MFA):
         '''
 
         try:
+            if self.send_just_username.isTrue():
+                username = username.strip().split('@')[0].split('\\')[-1]
+
             err = _('Invalid OTP code')
 
             web_pwd = webPassword(request)

server/src/uds/services/Xen/xen_client/__init__.py

@@ -485,17 +485,17 @@ class XenServer:  # pylint: disable=too-many-public-methods
                 if not all_VIFs:
                     raise XenException('No Network interfaces found!')
                 found = (all_VIFs[0], self.VIF.get_record(all_VIFs[0]))
-                for vifId in all_VIFs:
-                    vif = self.VIF.get_record(vifId)
+                for vif_id in all_VIFs:
+                    vif = self.VIF.get_record(vif_id)
                     logger.info('VIF: %s', vif)
 
                     if vif['network'] == mac['network']:
-                        found = (vifId, vif)
+                        found = (vif_id, vif)
                         break
 
                 logger.debug('Found VIF: %s', found[1])
-                vifId, vif = found
-                self.VIF.destroy(vifId)
+                vif_id, vif = found
+                self.VIF.destroy(vif_id)
 
                 vif['MAC'] = mac['mac']
                 vif['network'] = mac['network']