[req-changes] Docs and comment changes

openwisp · Oct 26, 2023 · 7940faf · 7940faf
1 parent bca0224
commit 7940faf
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 9 deletions.
diff --git a/docs/source/user/settings.rst b/docs/source/user/settings.rst
@@ -627,7 +627,6 @@ then edit a specific organization and scroll down to
     if all the organization use the same configuration, we recommend
     changing the global setting.
 
-
 ``OPENWISP_RADIUS_NEEDS_IDENTITY_VERIFICATION``
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

diff --git a/openwisp_radius/api/freeradius_views.py b/openwisp_radius/api/freeradius_views.py
@@ -178,13 +178,14 @@ def authenticate(self, request):
                 username, request
             )
             if username is None and request is None:
-                # When using MAC roaming, the "username" attribute contains the
-                # MAC address (calling_station_id). If there's no open-session
-                # for the given MAC address, then don't authenticate the user.
-                #
-                # NOTE: We return "None" here instead of raising "AuthenticationFailed"
-                # to prevent unnecessary authentication rejected errors in freeradius
-                # logs.
+                # When using MAC auth roaming, the "username" attribute contains the MAC
+                # address (calling_station_id). When the user connects the first time,
+                # since it doesn't have any open session, the mac address authorization
+                # will fail, in order to avoid filling the log with failed mac address
+                # authorization requests we return "None" here
+                # (instead of raising "AuthenticationFailed").
+                # freeradius will take care of rejecting the authorization if no
+                # explicit "Auth-Type: Accept" is returned
                 return
             return self._radius_token_authenticate(username, request)
         if not uuid or not token:
@@ -261,7 +262,6 @@ def post(self, request, *args, **kwargs):
         serializer.is_valid(raise_exception=True)
         username = serializer.validated_data.get('username')
         password = serializer.validated_data.get('password')
-
         user = self.get_user(request, username, password)
         if user and self.authenticate_user(request, user, password):
             data, status = self.get_replies(user, organization_id=request.auth)