This repository has been archived by the owner on Sep 10, 2020. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[RadiusCheck] Password encryption in RadiusCheck #58
- RadiusCheckAdmin password value auto hash by enabled password type (default NT-Password) - RadiusCheckAdmin custom filters: find duplicates by username or value, find is_active true or false and find valid_until < or > then now() - RadiusCheck custom model manager - _encode_secret standalone funcion in base/models.py, still needs a better position! It should not be forget into models.py but moved in an apposite file. Should it be called helpers.py? - enhanced app_settings.py approach, nemesys revision - freeradius documentation, how to do to extend radiucheck query. A mysql dialect example Fixes #58 Improvements for #35 and #63
- Loading branch information
1 parent
25dc8d1
commit abfe593
Showing
15 changed files
with
473 additions
and
62 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
Contributing | ||
============ | ||
|
||
Thanks for your interest! Pllease read `our contributing guideliness | ||
Thanks for your interest! Please read `our contributing guideliness | ||
<http://django-freeradius.readthedocs.io/en/latest/general/contributing.html>`_ | ||
and submit a PR. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
from django.contrib import messages | ||
from django.contrib.admin.models import CHANGE, LogEntry | ||
from django.contrib.contenttypes.models import ContentType | ||
from django.utils.translation import ugettext_lazy as _ | ||
|
||
|
||
def disable_accounts(modeladmin, request, queryset): | ||
queryset.update(is_active=False) | ||
ct = ContentType.objects.get_for_model(queryset.model) | ||
for entry in queryset: | ||
LogEntry.objects.log_action(user_id=request.user.id, | ||
content_type_id=ct.pk, | ||
object_id=entry.pk, | ||
object_repr=entry.username, | ||
action_flag=CHANGE, | ||
change_message=_("Disabled")) | ||
messages.add_message(request, messages.INFO, '%d modifiche' % queryset.count()) | ||
|
||
|
||
disable_accounts.short_description = _('Disable') | ||
|
||
|
||
def enable_accounts(modeladmin, request, queryset): | ||
queryset.update(is_active=True) | ||
ct = ContentType.objects.get_for_model(queryset.model) | ||
for entry in queryset: | ||
LogEntry.objects.log_action(user_id=request.user.id, | ||
content_type_id=ct.pk, | ||
object_id=entry.pk, | ||
object_repr=entry.username, | ||
action_flag=CHANGE, | ||
change_message=_("Enabled")) | ||
messages.add_message(request, messages.INFO, '%d modifiche' % queryset.count()) | ||
|
||
|
||
enable_accounts.short_description = _('Enable') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
from django.contrib.admin import SimpleListFilter | ||
from django.utils.translation import ugettext_lazy as _ | ||
|
||
|
||
class DuplicateListFilter(SimpleListFilter): | ||
title = _('find duplicates') | ||
parameter_name = 'duplicates' | ||
|
||
def lookups(self, request, model_admin): | ||
return (('username', _('username')), ('value', _('value'))) | ||
|
||
def queryset(self, request, queryset): | ||
if self.value() == 'value': | ||
return queryset.filter_duplicate_value() | ||
elif self.value() == 'username': | ||
return queryset.filter_duplicate_username() | ||
|
||
|
||
class ExpiredListFilter(SimpleListFilter): | ||
title = _('find expired') | ||
parameter_name = 'expired' | ||
|
||
def lookups(self, request, model_admin): | ||
return (('expired', _('expired')), ('not_expired', _('not expired'))) | ||
|
||
def queryset(self, request, queryset): | ||
if self.value() == 'expired': | ||
return queryset.filter_expired() | ||
elif self.value() == 'not_expired': | ||
return queryset.filter_not_expired() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
import re | ||
|
||
from django import forms | ||
from django.core.exceptions import ValidationError | ||
from django.utils.translation import ugettext_lazy as _ | ||
|
||
from .. import settings as app_settings | ||
from .models import AbstractRadiusCheck | ||
|
||
|
||
class AbstractRadiusCheckAdminForm(forms.ModelForm): | ||
_secret_help_text = _('The secret must contains lowercase' | ||
' and uppercase characters, ' | ||
' number and at least one of these symbols:' | ||
'! % - _ + = [ ] { } : , . ? < > ( ) ; ') | ||
# custom field not backed by database | ||
new_value = forms.CharField(label=_('Value'), required=False, | ||
min_length=8, max_length=16, | ||
widget=forms.PasswordInput(), | ||
help_text=_secret_help_text) | ||
|
||
def clean_attribute(self): | ||
if self.data['attribute'] not in app_settings.DISABLED_SECRET_FORMATS: | ||
return self.cleaned_data["attribute"] | ||
|
||
def clean_new_value(self): | ||
if not self.data['new_value']: | ||
return None | ||
for regexp in app_settings.RADCHECK_SECRET_VALIDATORS.values(): | ||
found = re.findall(regexp, self.data['new_value']) | ||
if not found: | ||
raise ValidationError(self._secret_help_text) | ||
return self.cleaned_data["new_value"] | ||
|
||
class Meta: | ||
model = AbstractRadiusCheck | ||
fields = '__all__' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
# -*- coding: utf-8 -*- | ||
# Generated by Django 1.11.6 on 2017-11-03 11:18 | ||
from __future__ import unicode_literals | ||
|
||
from django.db import migrations, models | ||
|
||
|
||
class Migration(migrations.Migration): | ||
|
||
dependencies = [ | ||
('django_freeradius', '0008_auto_20171004_1003'), | ||
] | ||
|
||
operations = [ | ||
migrations.AddField( | ||
model_name='radiuscheck', | ||
name='expires', | ||
field=models.DateTimeField(blank=True, null=True), | ||
), | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
# -*- coding: utf-8 -*- | ||
# Generated by Django 1.11.6 on 2017-11-07 10:58 | ||
from __future__ import unicode_literals | ||
|
||
from django.db import migrations | ||
|
||
|
||
class Migration(migrations.Migration): | ||
|
||
dependencies = [ | ||
('django_freeradius', '0009_radiuscheck_expires'), | ||
] | ||
|
||
operations = [ | ||
migrations.RenameField( | ||
model_name='radiuscheck', | ||
old_name='expires', | ||
new_name='valid_until', | ||
), | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
# -*- coding: utf-8 -*- | ||
# Generated by Django 1.11.6 on 2017-11-08 14:46 | ||
from __future__ import unicode_literals | ||
|
||
from django.db import migrations, models | ||
|
||
|
||
class Migration(migrations.Migration): | ||
|
||
dependencies = [ | ||
('django_freeradius', '0010_auto_20171107_1158'), | ||
] | ||
|
||
operations = [ | ||
migrations.AddField( | ||
model_name='radiuscheck', | ||
name='note', | ||
field=models.TextField(blank=True, null=True), | ||
), | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# -*- coding: utf-8 -*- | ||
# Generated by Django 1.11.7 on 2017-12-06 14:46 | ||
from __future__ import unicode_literals | ||
|
||
from django.db import migrations, models | ||
|
||
|
||
class Migration(migrations.Migration): | ||
|
||
dependencies = [ | ||
('django_freeradius', '0011_radiuscheck_note'), | ||
] | ||
|
||
operations = [ | ||
migrations.AlterField( | ||
model_name='radiuscheck', | ||
name='attribute', | ||
field=models.CharField(blank=True, choices=[('Cleartext-Password', 'Cleartext-Password'), ('NT-Password', 'NT-Password'), ('LM-Password', 'LM-Password'), ('MD5-Password', 'MD5-Password'), ('SMD5-Password', 'SMD5-Password'), ('SSHA-Password', 'SSHA-Password'), ('Crypt-Password', 'Crypt-Password')], default='NT-Password', max_length=64, verbose_name='attribute'), | ||
), | ||
migrations.AlterField( | ||
model_name='radiuscheck', | ||
name='is_active', | ||
field=models.BooleanField(default=True), | ||
), | ||
] |
Oops, something went wrong.