-
Notifications
You must be signed in to change notification settings - Fork 275
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature/new status page #2337
Feature/new status page #2337
Conversation
conf/documentation.conf
Outdated
[device_registration.oses] | ||
type=fingerbank_select | ||
description=<<EOT | ||
Lists of OSES where the MAC vendor will be allowed to be registered via the device registration page. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't we just say "List of allowed devices to be registered via the device registration page." ? If we use Fingerbank's device, we don't need to tie this with OS/MAC vendors.
conf/pf.conf.defaults
Outdated
# device_registration.oses | ||
# | ||
# Lists of OSES where the MAC vendor will be allowed to be registered via the device registration page. | ||
oses= |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would prefer "operating_systems" or "operatingsystems" or I as said before, maybe just "allowed_devices"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 for allowed_devices
conf/violations.conf.defaults
Outdated
enabled=Y | ||
template=banned_devices | ||
auto_enable=N | ||
user_mail_message=Your devices %mac as been declared as lost or stolen. Please contact your system administrator to be able to use this device again on the network. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
*Your device
@@ -178,7 +178,7 @@ sub registerNode : Private { | |||
reevaluate_access($mac, 'manage_register'); | |||
} | |||
} else { | |||
$self->showError($c,"Please verify the provided MAC address."); | |||
$self->showError($c,"The provided MAC address is not allowed to be register."); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
*to be registered using this self-service page.
my $node = node_view($mac); | ||
my $owner = lc($node->{pid}); | ||
my $username = lc($c->user_session->{username}); | ||
my $vid = "1300005"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Put that in a constant in the violations constants
my ( $self, $c, $mac ) = @_; | ||
my $node = node_view($mac); | ||
my $owner = lc($node->{pid}); | ||
my $username = lc($c->user_session->{username}); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We'll need to see how we handle the case where the device was registered using a realm
Ex:
bobby@inverse.ca is the owner of the device
But when bobby uses the self-service portal, he logs in as bobby
I think the easiest way would be to strip $owner and $username and ignore the realm
|
||
if ($trigger) { | ||
$c->stash( | ||
mac => $mac, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
stash mac + template outside of your if and then just stash the status in the if{}else{}
Also stash a $TRUE/$FALSE versus a string and handle it accordingly in your templates/rendering
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just re-read the code and it seems you indeed need a string status since its not only boolean, so forget about my second comment
lib/pf/web/device_registration.pm
Outdated
my $endpoint = fingerbank::Model::Endpoint->new(name => $device_name, version => undef, score => undef); | ||
|
||
for my $id (@oses) { | ||
$logger->debug("The devices type ".$device_name." is authorized to be registered via the device-registration module"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That logging statement is only true if the condition on the line below is true so that statement is false...
Wrap your return + this logging in the if block
conf/pf.conf.defaults
Outdated
# device_registration.oses | ||
# | ||
# Lists of OSES where the MAC vendor will be allowed to be registered via the device registration page. | ||
oses= |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 for allowed_devices
conf/violations.conf.defaults
Outdated
@@ -251,6 +251,16 @@ template=bandwidth_expiration | |||
auto_enable=N | |||
enabled=N | |||
|
|||
[1300005] | |||
priority=1 | |||
actions=email_user,email_admin,log,role |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You need the reevaluate action on this instead of setting the role
conf/violations.conf.defaults
Outdated
template=banned_devices | ||
auto_enable=N | ||
user_mail_message=Your devices %mac as been declared as lost or stolen. Please contact your system administrator to be able to use this device again on the network. | ||
target_category=isolation |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And you can remove this when you use the reevaluate_access action
lib/pf/web/device_registration.pm
Outdated
use pf::web; | ||
use pf::web::custom; # called last to allow redefinitions | ||
|
||
use pf::authentication; | ||
use pf::Authentication::constants; | ||
use List::MoreUtils qw(any); | ||
|
||
Readonly our @DEVICE_OUI => _load_file_into_array($allowed_device_oui_file); | ||
Readonly our @DEVICE_TYPES => _load_file_into_array($allowed_device_types_file); | ||
|
||
=head1 SUBROUTINES |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A 💅 comment:
We're trying to move away from the lib/pf/web/ directory and remove things that are in it.
I think your code for the device validation would be better placed in the DeviceRegistration controller
098a2b7
to
7112468
Compare
@cgx might have some CSS improvements to add |
f9c01ba
to
f424f2e
Compare
@whitx rebase |
6ba4eff
to
301e55e
Compare
my @oses = @{$Config{'device_registration'}{'allowed_devices'}}; | ||
|
||
# If no oses are defined then it will not match any oses | ||
return $FALSE if @oses == 0; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't it be allowed if no OS is defined in the configuration ?
[% IF status == "success" %] | ||
<div class="media media--notice u-p u-mb"> | ||
<div class="media__img">[% flashIcon(level='notice') %]</div> | ||
<p class="media__body">[% i18n("Your password have been updated") %]</p> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
has been updated
[% ELSIF status == "error_match" %] | ||
<div class="media media--error u-p u-mb"> | ||
<div class="media__img">[% flashIcon(level='error') %]</div> | ||
<p class="media__body">[% i18n("The passwords you type do not match") %]</p> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The two entered passwords did not match
[% ELSIF status == "error_fill" %] | ||
<div class="media media--error u-p u-mb"> | ||
<div class="media__img">[% flashIcon(level='error') %]</div> | ||
<p class="media__body">[% i18n("A password field has not been fill") %]</p> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One of the password fields hasn't been filled
</div> | ||
[% END %] | ||
|
||
[% UNLESS ShowLogin %] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This variable doesn't seem to exist anymore
</div> | ||
[% END %] | ||
|
||
[% UNLESS showLogin %] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of not showing the form in the template if the user isn't logged in, it should instead redirect to the login page if he isn't logged in and then here you unconditionally display the form
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Make sense doing that right now
…, do not display time_balance for current device
480b08c
to
e2de551
Compare
Description
Status page and device-registration are merged together, and improvements to device-registration
Require
https://github.com/fingerbank/perl-client/pull/29 to be merged
Impacts
Status page
Device Registration page
Delete branch after merge
YES
NEWS file entries
New Features