def get(self):
is_chap = self.settings.is_chap
if not self.current_user:
self.clear_all_cookies()
self.redirect("/login")
return
try:
qstr = self.get_secure_cookie("portal_qstr")
wlan_params = self.get_wlan_params(qstr)
self.syslog.info("wlan params:" + utils.safestr(wlan_params))
userIp = wlan_params.get("wlanuserip","")
cli = PortalClient(secret=self.settings.share_secret)
rl_req = PortalV2.newReqLogout(
userIp,self.settings.share_secret,self.settings.ac_addr[0],chap=is_chap)
rl_resp = yield cli.sendto(rl_req,self.settings.ac_addr)
if rl_resp and rl_resp.errCode > 0:
print cmcc.AckLogoutErrs[rl_resp.errCode]
self.syslog.info('logout success')
except Exception as err:
self.syslog.error(u"disconnect error %s" % utils.safestr(err))
import traceback
traceback.print_exc()
finally:
cli.close()
self.clear_all_cookies()
self.redirect("/login?%s"%(qstr),permanent=False)
def get(self):
qstr = self.request.query
wlan_params = self.get_wlan_params(qstr)
if self.settings.debug:
self.syslog.debug("Open portal auth page, wlan params:{0}".format(utils.safestr(wlan_params)))
tpl = yield self.get_template_attrs(wlan_params.get("ssid", "default"))
self.render(self.get_login_template(tpl['tpl_name']), msg=None, tpl=tpl, qstr=qstr, **wlan_params)
def get_policy_server(self):
cache_key = "get_policy_server"
_resp = portal_cache.get(cache_key)
if _resp:
if self.settings.debug:
self.syslog.debug("query policy server request hit cache; key=%s" % cache_key)
defer.returnValue(_resp)
return
nonce = str(time.time())
sign = self.mksign(params=[nonce])
reqdata = json.dumps(dict(nonce=nonce, sign=sign))
apiurl = "%s/plserver/query" % self.settings.apiurl
if self.settings.debug:
self.syslog.debug("start query policy server request (%s): %s" % (apiurl, reqdata))
resp = yield requests.post(apiurl, data=reqdata, headers={"Content-Type": ["application/json"]})
jsonresp = yield resp.json()
if jsonresp['code'] == 1:
log.err(jsonresp['msg'])
defer.returnValue({})
if jsonresp['code'] == 0:
self.syslog.info("query policy server success,{0}".format(utils.safestr(jsonresp)))
portal_cache.set(cache_key, jsonresp, expire=60)
defer.returnValue(jsonresp)
def get_ikuai_nas(self, gwid):
cache_key = '{0}{1}'.format('get_ik_nas', gwid)
_resp = portal_cache.get(cache_key)
if _resp:
if self.settings.debug:
self.syslog.debug("query ik_nas request hit cache; key=%s" % cache_key)
defer.returnValue(_resp)
return
sign = self.mksign(params=[gwid])
reqdata = json.dumps(dict(gwid=gwid, sign=sign))
apiurl = "%s/ikuai/query" % self.settings.apiurl
if self.settings.debug:
self.syslog.debug("start query ikuai nas request (%s): %s" % (apiurl, reqdata))
resp = yield requests.post(apiurl, data=reqdata, headers={"Content-Type": ["application/json"]})
jsonresp = yield resp.json()
if jsonresp['code'] == 1:
log.err(jsonresp['msg'])
defer.returnValue({})
if jsonresp['code'] == 0:
self.syslog.info("query ikuai nas success,{0}".format(utils.safestr(jsonresp)))
portal_cache.set(cache_key, jsonresp['data'], expire=60)
defer.returnValue(jsonresp['data'])
def papAuth():
try:
cli = PortalClient(secret=secret, syslog=self.syslog)
# req auth
ra_req = PortalV2.newReqAuth(
userIp,
username,
password,
0,
None,
secret,
ac_addr[0],
chap=False
)
ra_resp = yield cli.sendto(ra_req, ac_addr)
if ra_resp.errCode > 0:
if ra_resp.errCode == 2:
set_user_cookie()
self.redirect(firsturl)
return
_err_msg = "{0},{1}".format(cmcc.AckAuthErrs[ra_resp.errCode], ra_resp.get_text_info()[0] or "")
raise PortalError(_err_msg)
# aff_ack
aa_req = PortalV2.newAffAckAuth(userIp, secret, ac_addr[0], ra_req.serialNo, 0, chap=False)
yield cli.sendto(aa_req, ac_addr, recv=False)
self.syslog.info('Portal [username:%s] pap auth success' % _username)
if self.settings.debug:
self.syslog.debug('Portal [username:%s] pap auth login [cast:%s ms]' % (
_username, (time.time() - start_time) * 1000))
set_user_cookie()
self.redirect(firsturl)
except Exception as err:
try:
self.syslog.error("portal [username:%s] pap auth catch exception,%s" % (
_username, utils.safestr(err.message)))
back_login(msg=u"portal pap auth error,%s" % utils.safestr(err.message))
except:
back_login(msg=u"portal pap auth error,server process error")
import traceback
traceback.print_exc()
finally:
cli.close()
def chapAuth():
try:
cli = PortalClient(secret=secret, syslog=self.syslog)
rc_req = PortalV2.newReqChallenge(userIp,secret, chap=is_chap)
rc_resp = yield cli.sendto(rc_req,ac_addr)
if rc_resp.errCode > 0:
if rc_resp.errCode == 2:
set_user_cookie()
self.redirect(firsturl)
return
raise PortalError(cmcc.AckChallengeErrs[rc_resp.errCode])
# req auth
ra_req = PortalV2.newReqAuth(
userIp,
username,
password,
rc_resp.reqId,
rc_resp.get_challenge(),
secret,
ac_addr[0],
serialNo=rc_req.serialNo,
chap=is_chap
)
ra_resp = yield cli.sendto(ra_req,ac_addr)
if ra_resp.errCode > 0:
if ra_resp.errCode == 2:
set_user_cookie()
self.redirect(firsturl)
return
_err_msg = "{0},{1}".format(cmcc.AckAuthErrs[ra_resp.errCode], ra_resp.get_text_info()[0] or "")
raise PortalError(_err_msg)
# aff_ack
aa_req = PortalV2.newAffAckAuth(userIp,secret,ac_addr[0],ra_req.serialNo,rc_resp.reqId, chap=is_chap)
yield cli.sendto(aa_req,ac_addr,recv=False)
self.syslog.info('Portal [username:{0}] chap auth success'.format(_username))
if self.settings.debug:
self.syslog.debug('Portal [username:%s] chap auth login [cast:%s ms]' % (
_username, (time.time() - start_time) * 1000))
set_user_cookie()
self.redirect(firsturl)
except Exception as err:
try:
self.syslog.exception("Portal [username:%s] chap auth catch exception, %s" % (
_username, utils.safestr(err.message)))
back_login(msg=u"Portal chap auth error,%s" % err.message)
except:
back_login(msg=u"Portal chap auth error,server process error")
finally:
cli.close()
def render_string(self, template_name, **template_vars):
template_vars["xsrf_form_html"] = self.xsrf_form_html
template_vars["current_user"] = self.current_user
template_vars["login_time"] = self.get_secure_cookie("portal_logintime")
template_vars["request"] = self.request
template_vars["requri"] = "{0}://{1}".format(self.request.protocol, self.request.host)
template_vars["handler"] = self
template_vars["utils"] = utils
try:
mytemplate = self.tp_lookup.get_template(template_name)
return mytemplate.render(**template_vars)
except Exception as err:
self.syslog.error("Render template error {0}".format(utils.safestr(err)))
raise
def get(self):
session_id = self.get_argument("session_id", None)
if not session_id:
self.write('20001')
sign = self.mksign([session_id])
apiurl = "%s/session/exists" % self.settings.apiurl
reqdata = json.dumps(dict(session_id=session_id,sign=sign), ensure_ascii=False)
headers = {"Content-Type": ["application/json"]}
resp = yield requests.post(apiurl, data=reqdata, headers=headers)
if resp.code != 200:
self.syslog.error("ikuai session exists error : {0}".format(repr(resp)))
self.write("20001")
return
jsonresp = yield resp.json()
if jsonresp['code'] == 1:
self.syslog.error("ikuai session exists error : {0}".format(utils.safestr(jsonresp['msg'])))
self.write("20001")
return
self.write('20000')
return
for attempt in range(self.retry):
self.syslog.info("Send portal packet times %s" % attempt)
self.transport.write(str(req),(host,port))
now = time.time()
waitto = now + self.timeout
while now < waitto:
if req.sid in self.results:
defer.returnValue(self.results.pop(req.sid))
return
else:
now = time.time()
yield sleep(0.002)
continue
raise Timeout("send packet timeout")
def datagramReceived(self, datagram, (host, port)):
try:
if self.debug:
print ":: Hexdump > %s"%hexdump(datagram,len(datagram))
resp = PortalV2(packet=datagram,secret=self.secret)
self.results[resp.sid] = resp
self.syslog.info(":: Received packet from AC %s >> %s " % ((host, port), repr(resp)))
except Exception as err:
self.syslog.error('Process packet error %s >> %s' % ((host, port), utils.safestr(err)))
def post(self):
start_time = time.time()
secret = self.settings.share_secret
ac_addr = self.settings.ac_addr
is_chap = self.settings.is_chap
qstr = self.get_argument("qstr","")
wlan_params = self.get_wlan_params(qstr)
username = self.get_argument("username", None)
password = self.get_argument("password", None)
_username = username
if self.settings.debug:
self.syslog.debug("Start [username:%s] portal auth, wlan params:%s" % (_username, utils.safestr(wlan_params)))
userIp = wlan_params.get('wlanuserip','')
tpl = yield self.get_template_attrs(wlan_params.get("ssid", "default"))
firsturl = tpl.get("home_page", "/?tpl_name=%s" % tpl.get('tpl_name', 'default'))
def set_user_cookie():
self.set_secure_cookie("portal_user", _username, expires_days=1)
self.set_secure_cookie("portal_logintime", utils.get_currtime(), expires_days=1)
self.set_secure_cookie("portal_qstr", qstr, expires_days=1)
@defer.inlineCallbacks
def get_domain(ssid):
sign = self.mksign(params=[ssid])
reqdata = json.dumps(dict(ssid=ssid, sign=sign))
apiurl = "%s/domain/query" % self.settings.apiurl
if self.settings.debug:
self.syslog.debug("start query domain request (%s): %s" % (apiurl, reqdata))
resp = yield httpclient.fetch(apiurl,postdata=reqdata, headers={"Content-Type": ["application/json"]})
jsonresp = json.loads(resp.body)
if jsonresp['code'] == 1:
self.syslog.error(jsonresp['msg'])
defer.returnValue(jsonresp['domain'])
return
if jsonresp['code'] == 0:
if self.settings.debug:
self.syslog.debug("query domain success")
defer.returnValue(jsonresp['domain'])
def back_login(msg=u''):
self.render(self.get_login_template(tpl['tpl_name']),tpl=tpl, msg=msg,qstr=qstr, **wlan_params)
if not username or not password:
back_login(msg=u"请输入用户名和密码")
return
# checkos
cli_dev, cli_os = self.chk_os
domain = yield get_domain(wlan_params.get("ssid", "default"))
username = "******" % (username, cli_dev, cli_os, domain)
####################################################################################
## portal chap auth
####################################################################################
@defer.inlineCallbacks
def chapAuth():
try:
cli = PortalClient(secret=secret, syslog=self.syslog)
rc_req = PortalV2.newReqChallenge(userIp,secret, chap=is_chap)
rc_resp = yield cli.sendto(rc_req,ac_addr)
if rc_resp.errCode > 0:
if rc_resp.errCode == 2:
set_user_cookie()
self.redirect(firsturl)
return
raise PortalError(cmcc.AckChallengeErrs[rc_resp.errCode])
# req auth
ra_req = PortalV2.newReqAuth(
userIp,
username,
password,
rc_resp.reqId,
rc_resp.get_challenge(),
secret,
ac_addr[0],
serialNo=rc_req.serialNo,
chap=is_chap
)
ra_resp = yield cli.sendto(ra_req,ac_addr)
if ra_resp.errCode > 0:
if ra_resp.errCode == 2:
set_user_cookie()
self.redirect(firsturl)
return
_err_msg = "{0},{1}".format(cmcc.AckAuthErrs[ra_resp.errCode], ra_resp.get_text_info()[0] or "")
raise PortalError(_err_msg)
# aff_ack
aa_req = PortalV2.newAffAckAuth(userIp,secret,ac_addr[0],ra_req.serialNo,rc_resp.reqId, chap=is_chap)
yield cli.sendto(aa_req,ac_addr,recv=False)
self.syslog.info('Portal [username:{0}] chap auth success'.format(_username))
if self.settings.debug:
self.syslog.debug('Portal [username:%s] chap auth login [cast:%s ms]' % (
_username, (time.time() - start_time) * 1000))
set_user_cookie()
self.redirect(firsturl)
except Exception as err:
try:
self.syslog.exception("Portal [username:%s] chap auth catch exception, %s" % (
_username, utils.safestr(err.message)))
back_login(msg=u"Portal chap auth error,%s" % err.message)
except:
back_login(msg=u"Portal chap auth error,server process error")
finally:
cli.close()
####################################################################################
## portal pap auth
####################################################################################
@defer.inlineCallbacks
def papAuth():
try:
cli = PortalClient(secret=secret, syslog=self.syslog)
# req auth
ra_req = PortalV2.newReqAuth(
userIp,
username,
password,
0,
None,
secret,
ac_addr[0],
chap=False
)
ra_resp = yield cli.sendto(ra_req, ac_addr)
if ra_resp.errCode > 0:
if ra_resp.errCode == 2:
set_user_cookie()
self.redirect(firsturl)
return
_err_msg = "{0},{1}".format(cmcc.AckAuthErrs[ra_resp.errCode], ra_resp.get_text_info()[0] or "")
raise PortalError(_err_msg)
# aff_ack
aa_req = PortalV2.newAffAckAuth(userIp, secret, ac_addr[0], ra_req.serialNo, 0, chap=False)
yield cli.sendto(aa_req, ac_addr, recv=False)
self.syslog.info('Portal [username:%s] pap auth success' % _username)
if self.settings.debug:
self.syslog.debug('Portal [username:%s] pap auth login [cast:%s ms]' % (
_username, (time.time() - start_time) * 1000))
set_user_cookie()
self.redirect(firsturl)
except Exception as err:
try:
self.syslog.error("portal [username:%s] pap auth catch exception,%s" % (
_username, utils.safestr(err.message)))
back_login(msg=u"portal pap auth error,%s" % utils.safestr(err.message))
except:
back_login(msg=u"portal pap auth error,server process error")
import traceback
traceback.print_exc()
finally:
cli.close()
if is_chap:
yield chapAuth()
else:
yield papAuth()
def post(url,data=None,**kwargs):
return treq.post(url, data=safestr(data), pool=pool,data_to_body_producer=StringProducer,**kwargs)
def on_exception(self, err):
self.syslog.error('Packet process error:%s' % utils.safestr(err))
self.transport.write(str(resp), (host, port))
except:
pass
def datagramReceived(self, datagram, (host, port)):
ac = self.validAc(host)
if not ac:
return self.syslog.info('Dropping packet from unknown ac host ' + host)
try:
req = cmcc.PortalV2(
secret=self.secret,
packet=datagram,
source=(host, port)
)
self.syslog.info("Received portal packet from %s:%s: %s"%(host,port,utils.safestr(req)))
if req.type in self.actions:
self.actions[req.type](req,(host, port))
else:
self.syslog.error('Not support packet from ac host ' + host)
except Exception as err:
self.syslog.error('Dropping invalid packet from %s: %s' % ((host, port), utils.safestr(err)))
def on_exception(self, err):
self.syslog.error('Packet process error:%s' % utils.safestr(err))
def run_normal(self):
log.startLogging(sys.stdout)
self.syslog.info('portal server listen %s' % self.portal_host)
reactor.listenUDP(self.listen_port, self,interface=self.portal_host)
