Exemple #1
0
    def _auth_push_thread(self):
        info = {"Server": self.server.name}

        platform_name = None
        if self.platform == "linux":
            platform_name = "Linux"
        elif self.platform == "mac" or self.platform == "ios":
            platform_name = "Apple"
        elif self.platform == "win":
            platform_name = "Windows"
        elif self.platform == "chrome":
            platform_name = "Chrome OS"

        if self.device_name:
            info["Device"] = "%s (%s)" % (self.device_name, platform_name)

        if self.push_type == DUO_AUTH:
            allow, _ = sso.auth_duo(self.user.name, ipaddr=self.remote_ip, type="Connection", info=info)
        elif self.push_type == SAML_OKTA_AUTH:
            allow = sso.auth_okta(self.user.name, ipaddr=self.remote_ip, type="Connection", info=info)
        else:
            raise ValueError("Unkown push auth type")

        if not allow:
            self.user.audit_event(
                "user_connection",
                ('User connection to "%s" denied. ' + "Push authentication failed") % (self.server.name),
                remote_addr=self.remote_ip,
            )
            raise AuthError("User failed push authentication")
Exemple #2
0
    def sso_auth_check(self, password):
        if GOOGLE_AUTH in self.auth_type:
            try:
                resp = utils.request.get(AUTH_SERVER +
                    '/update/google?user=%s&license=%s' % (
                        urllib.quote(self.email),
                        settings.app.license,
                    ))

                if resp.status_code == 200:
                    return True
            except:
                logger.exception('Google auth check error', 'user',
                    user_id=self.id,
                )
            return False
        elif SLACK_AUTH in self.auth_type:
            try:
                resp = utils.request.get(AUTH_SERVER +
                    '/update/slack?user=%s&team=%s&license=%s' % (
                        urllib.quote(self.name),
                        urllib.quote(settings.app.sso_match[0]),
                        settings.app.license,
                    ))

                if resp.status_code == 200:
                    return True
            except:
                logger.exception('Slack auth check error', 'user',
                    user_id=self.id,
                )
            return False
        elif SAML_ONELOGIN_AUTH in self.auth_type:
            try:
                return sso.auth_onelogin(self.name)
            except:
                logger.exception('OneLogin auth check error', 'user',
                    user_id=self.id,
                )
            return False
        elif SAML_OKTA_AUTH in self.auth_type:
            try:
                return sso.auth_okta(self.name)
            except:
                logger.exception('Okta auth check error', 'user',
                    user_id=self.id,
                )
            return False
        elif RADIUS_AUTH in self.auth_type:
            try:
                return sso.verify_radius(self.name, password)[0]
            except:
                logger.exception('Radius auth check error', 'user',
                    user_id=self.id,
                )
            return False

        return True
Exemple #3
0
    def _auth_push_thread(self):
        info={
            'Server': self.server.name,
        }

        platform_name = None
        if self.platform == 'linux':
            platform_name = 'Linux'
        elif self.platform == 'mac' or self.platform == 'ios':
            platform_name = 'Apple'
        elif self.platform == 'win':
            platform_name = 'Windows'
        elif self.platform == 'chrome':
            platform_name = 'Chrome OS'

        if self.device_name:
            info['Device'] = '%s (%s)' % (self.device_name, platform_name)

        if self.push_type == DUO_AUTH:
            allow, _ = sso.auth_duo(
                self.user.name,
                ipaddr=self.remote_ip,
                type='Connection',
                info=info,
            )
        elif self.push_type == SAML_OKTA_AUTH:
            allow = sso.auth_okta(
                self.user.name,
                ipaddr=self.remote_ip,
                type='Connection',
                info=info,
            )
        else:
            raise ValueError('Unkown push auth type')

        if not allow:
            self.user.audit_event('user_connection',
                ('User connection to "%s" denied. ' +
                 'Push authentication failed') % (
                    self.server.name),
                remote_addr=self.remote_ip,
            )
            raise AuthError('User failed push authentication')
Exemple #4
0
    def _auth_push_thread(self):
        info = {
            'Server': self.server.name,
        }

        platform_name = None
        if self.platform == 'linux':
            platform_name = 'Linux'
        elif self.platform == 'mac' or self.platform == 'ios':
            platform_name = 'Apple'
        elif self.platform == 'win':
            platform_name = 'Windows'
        elif self.platform == 'chrome':
            platform_name = 'Chrome OS'

        if self.device_name:
            info['Device'] = '%s (%s)' % (self.device_name, platform_name)

        if self.push_type == DUO_AUTH:
            allow, _ = sso.auth_duo(
                self.user.name,
                ipaddr=self.remote_ip,
                type='Connection',
                info=info,
            )
        elif self.push_type == SAML_OKTA_AUTH:
            allow = sso.auth_okta(
                self.user.name,
                ipaddr=self.remote_ip,
                type='Connection',
                info=info,
            )
        else:
            raise ValueError('Unkown push auth type')

        if not allow:
            self.user.audit_event(
                'user_connection',
                ('User connection to "%s" denied. ' +
                 'Push authentication failed') % (self.server.name),
                remote_addr=self.remote_ip,
            )
            raise AuthError('User failed push authentication')
Exemple #5
0
    def sso_auth_check(self, password, remote_ip):
        sso_mode = settings.app.sso or ''
        auth_server = AUTH_SERVER
        if settings.app.dedicated:
            auth_server = settings.app.dedicated

        if GOOGLE_AUTH in self.auth_type and GOOGLE_AUTH in sso_mode:
            if settings.user.skip_remote_sso_check:
                return True

            try:
                resp = requests.get(auth_server +
                                    '/update/google?user=%s&license=%s' % (
                                        urllib.quote(self.email),
                                        settings.app.license,
                                    ))

                if resp.status_code != 200:
                    logger.error(
                        'Google auth check request error',
                        'user',
                        user_id=self.id,
                        user_name=self.name,
                        status_code=resp.status_code,
                        content=resp.content,
                    )
                    return False

                valid, google_groups = sso.verify_google(self.email)
                if not valid:
                    logger.error(
                        'Google auth check failed',
                        'user',
                        user_id=self.id,
                        user_name=self.name,
                    )
                    return False

                if settings.app.sso_google_mode == 'groups':
                    cur_groups = set(self.groups)
                    new_groups = set(google_groups)

                    if cur_groups != new_groups:
                        self.groups = list(new_groups)
                        self.commit('groups')

                return True
            except:
                logger.exception(
                    'Google auth check error',
                    'user',
                    user_id=self.id,
                    user_name=self.name,
                )
            return False
        elif AZURE_AUTH in self.auth_type and AZURE_AUTH in sso_mode:
            if settings.user.skip_remote_sso_check:
                return True

            try:
                resp = requests.get(
                    auth_server + ('/update/azure?user=%s&license=%s&' +
                                   'directory_id=%s&app_id=%s&app_secret=%s') %
                    (
                        urllib.quote(self.name),
                        settings.app.license,
                        urllib.quote(settings.app.sso_azure_directory_id),
                        urllib.quote(settings.app.sso_azure_app_id),
                        urllib.quote(settings.app.sso_azure_app_secret),
                    ))

                if resp.status_code != 200:
                    logger.error(
                        'Azure auth check request error',
                        'user',
                        user_id=self.id,
                        user_name=self.name,
                        status_code=resp.status_code,
                        content=resp.content,
                    )
                    return False

                valid, azure_groups = sso.verify_azure(self.name)
                if not valid:
                    logger.error(
                        'Azure auth check failed',
                        'user',
                        user_id=self.id,
                        user_name=self.name,
                    )
                    return False

                if settings.app.sso_azure_mode == 'groups':
                    cur_groups = set(self.groups)
                    new_groups = set(azure_groups)

                    if cur_groups != new_groups:
                        self.groups = list(new_groups)
                        self.commit('groups')

                return True
            except:
                logger.exception(
                    'Azure auth check error',
                    'user',
                    user_id=self.id,
                    user_name=self.name,
                )
            return False
        elif SLACK_AUTH in self.auth_type and SLACK_AUTH in sso_mode:
            if settings.user.skip_remote_sso_check:
                return True

            if not isinstance(settings.app.sso_match, list):
                raise TypeError('Invalid sso match')

            try:
                resp = requests.get(
                    auth_server + '/update/slack?user=%s&team=%s&license=%s' %
                    (
                        urllib.quote(self.name),
                        urllib.quote(settings.app.sso_match[0]),
                        settings.app.license,
                    ))

                if resp.status_code != 200:
                    logger.error(
                        'Slack auth check request error',
                        'user',
                        user_id=self.id,
                        user_name=self.name,
                        status_code=resp.status_code,
                        content=resp.content,
                    )
                    return False

                return True
            except:
                logger.exception(
                    'Slack auth check error',
                    'user',
                    user_id=self.id,
                    user_name=self.name,
                )
            return False
        elif SAML_ONELOGIN_AUTH in self.auth_type and \
                SAML_ONELOGIN_AUTH in sso_mode:
            if settings.user.skip_remote_sso_check:
                return True

            try:
                return sso.auth_onelogin(self.name)
            except:
                logger.exception(
                    'OneLogin auth check error',
                    'user',
                    user_id=self.id,
                    user_name=self.name,
                )
            return False
        elif SAML_OKTA_AUTH in self.auth_type and \
                SAML_OKTA_AUTH in sso_mode:
            if settings.user.skip_remote_sso_check:
                return True

            try:
                return sso.auth_okta(self.name)
            except:
                logger.exception(
                    'Okta auth check error',
                    'user',
                    user_id=self.id,
                    user_name=self.name,
                )
            return False
        elif RADIUS_AUTH in self.auth_type and RADIUS_AUTH in sso_mode:
            try:
                return sso.verify_radius(self.name, password)[0]
            except:
                logger.exception(
                    'Radius auth check error',
                    'user',
                    user_id=self.id,
                    user_name=self.name,
                )
            return False
        elif PLUGIN_AUTH in self.auth_type:
            try:
                return sso.plugin_login_authenticate(
                    user_name=self.name,
                    password=password,
                    remote_ip=remote_ip,
                )[0]
            except:
                logger.exception(
                    'Plugin auth check error',
                    'user',
                    user_id=self.id,
                    user_name=self.name,
                )
            return False

        return True
Exemple #6
0
    def sso_auth_check(self, password, remote_ip):
        sso_mode = settings.app.sso or ''
        auth_server = AUTH_SERVER
        if settings.app.dedicated:
            auth_server = settings.app.dedicated

        if GOOGLE_AUTH in self.auth_type and GOOGLE_AUTH in sso_mode:
            if settings.user.skip_remote_sso_check:
                return True

            try:
                resp = requests.get(auth_server +
                                    '/update/google?user=%s&license=%s' % (
                                        urllib.quote(self.email),
                                        settings.app.license,
                                    ))

                if resp.status_code == 200:
                    return True
            except:
                logger.exception(
                    'Google auth check error',
                    'user',
                    user_id=self.id,
                )
            return False
        elif SLACK_AUTH in self.auth_type and SLACK_AUTH in sso_mode:
            if settings.user.skip_remote_sso_check:
                return True

            if not isinstance(settings.app.sso_match, list):
                raise TypeError('Invalid sso match')

            try:
                resp = requests.get(
                    auth_server + '/update/slack?user=%s&team=%s&license=%s' %
                    (
                        urllib.quote(self.name),
                        urllib.quote(settings.app.sso_match[0]),
                        settings.app.license,
                    ))

                if resp.status_code == 200:
                    return True
            except:
                logger.exception(
                    'Slack auth check error',
                    'user',
                    user_id=self.id,
                )
            return False
        elif SAML_ONELOGIN_AUTH in self.auth_type and \
                SAML_ONELOGIN_AUTH in sso_mode:
            if settings.user.skip_remote_sso_check:
                return True

            try:
                return sso.auth_onelogin(self.name)
            except:
                logger.exception(
                    'OneLogin auth check error',
                    'user',
                    user_id=self.id,
                )
            return False
        elif SAML_OKTA_AUTH in self.auth_type and \
                SAML_OKTA_AUTH in sso_mode:
            if settings.user.skip_remote_sso_check:
                return True

            try:
                return sso.auth_okta(self.name)
            except:
                logger.exception(
                    'Okta auth check error',
                    'user',
                    user_id=self.id,
                )
            return False
        elif RADIUS_AUTH in self.auth_type and RADIUS_AUTH in sso_mode:
            try:
                return sso.verify_radius(self.name, password)[0]
            except:
                logger.exception(
                    'Radius auth check error',
                    'user',
                    user_id=self.id,
                )
            return False
        elif PLUGIN_AUTH in self.auth_type:
            try:
                return sso.plugin_login_authenticate(
                    user_name=self.name,
                    password=password,
                    remote_ip=remote_ip,
                )[0]
            except:
                logger.exception(
                    'Plugin auth check error',
                    'user',
                    user_id=self.id,
                )
            return False

        return True
Exemple #7
0
    def sso_auth_check(self, password, remote_ip):
        sso_mode = settings.app.sso or ''

        if GOOGLE_AUTH in self.auth_type and GOOGLE_AUTH in sso_mode:
            if settings.user.skip_remote_sso_check:
                return True

            try:
                resp = requests.get(AUTH_SERVER +
                    '/update/google?user=%s&license=%s' % (
                        urllib.quote(self.email),
                        settings.app.license,
                    ))

                if resp.status_code == 200:
                    return True
            except:
                logger.exception('Google auth check error', 'user',
                    user_id=self.id,
                )
            return False
        elif SLACK_AUTH in self.auth_type and SLACK_AUTH in sso_mode:
            if settings.user.skip_remote_sso_check:
                return True

            if not isinstance(settings.app.sso_match, list):
                raise TypeError('Invalid sso match')

            try:
                resp = requests.get(AUTH_SERVER +
                    '/update/slack?user=%s&team=%s&license=%s' % (
                        urllib.quote(self.name),
                        urllib.quote(settings.app.sso_match[0]),
                        settings.app.license,
                    ))

                if resp.status_code == 200:
                    return True
            except:
                logger.exception('Slack auth check error', 'user',
                    user_id=self.id,
                )
            return False
        elif SAML_ONELOGIN_AUTH in self.auth_type and \
                SAML_ONELOGIN_AUTH in sso_mode:
            if settings.user.skip_remote_sso_check:
                return True

            try:
                return sso.auth_onelogin(self.name)
            except:
                logger.exception('OneLogin auth check error', 'user',
                    user_id=self.id,
                )
            return False
        elif SAML_OKTA_AUTH in self.auth_type and \
                SAML_OKTA_AUTH in sso_mode:
            if settings.user.skip_remote_sso_check:
                return True

            try:
                return sso.auth_okta(self.name)
            except:
                logger.exception('Okta auth check error', 'user',
                    user_id=self.id,
                )
            return False
        elif RADIUS_AUTH in self.auth_type and RADIUS_AUTH in sso_mode:
            try:
                return sso.verify_radius(self.name, password)[0]
            except:
                logger.exception('Radius auth check error', 'user',
                    user_id=self.id,
                )
            return False
        elif PLUGIN_AUTH in self.auth_type:
            try:
                return sso.plugin_login_authenticate(
                    user_name=self.name,
                    password=password,
                    remote_ip=remote_ip,
                )[0]
            except:
                logger.exception('Plugin auth check error', 'user',
                    user_id=self.id,
                )
            return False

        return True
Exemple #8
0
    def sso_auth_check(self, password, remote_ip):
        sso_mode = settings.app.sso or ''
        auth_server = AUTH_SERVER
        if settings.app.dedicated:
            auth_server = settings.app.dedicated

        if GOOGLE_AUTH in self.auth_type and GOOGLE_AUTH in sso_mode:
            if settings.user.skip_remote_sso_check:
                return True

            try:
                resp = requests.get(auth_server +
                    '/update/google?user=%s&license=%s' % (
                        urllib.quote(self.email),
                        settings.app.license,
                    ))

                if resp.status_code != 200:
                    logger.error('Google auth check request error', 'user',
                        user_id=self.id,
                        user_name=self.name,
                        status_code=resp.status_code,
                        content=resp.content,
                    )
                    return False

                valid, google_groups = sso.verify_google(self.email)
                if not valid:
                    logger.error('Google auth check failed', 'user',
                        user_id=self.id,
                        user_name=self.name,
                    )
                    return False

                if settings.app.sso_google_mode == 'groups':
                    cur_groups = set(self.groups)
                    new_groups = set(google_groups)

                    if cur_groups != new_groups:
                        self.groups = list(new_groups)
                        self.commit('groups')

                return True
            except:
                logger.exception('Google auth check error', 'user',
                    user_id=self.id,
                    user_name=self.name,
                )
            return False
        elif AZURE_AUTH in self.auth_type and AZURE_AUTH in sso_mode:
            if settings.user.skip_remote_sso_check:
                return True

            try:
                resp = requests.get(auth_server +
                    ('/update/azure?user=%s&license=%s&' +
                    'directory_id=%s&app_id=%s&app_secret=%s') % (
                        urllib.quote(self.name),
                        settings.app.license,
                        urllib.quote(settings.app.sso_azure_directory_id),
                        urllib.quote(settings.app.sso_azure_app_id),
                        urllib.quote(settings.app.sso_azure_app_secret),
                ))

                if resp.status_code != 200:
                    logger.error('Azure auth check request error', 'user',
                        user_id=self.id,
                        user_name=self.name,
                        status_code=resp.status_code,
                        content=resp.content,
                    )
                    return False

                valid, azure_groups = sso.verify_azure(self.name)
                if not valid:
                    logger.error('Azure auth check failed', 'user',
                        user_id=self.id,
                        user_name=self.name,
                    )
                    return False

                if settings.app.sso_azure_mode == 'groups':
                    cur_groups = set(self.groups)
                    new_groups = set(azure_groups)

                    if cur_groups != new_groups:
                        self.groups = list(new_groups)
                        self.commit('groups')

                return True
            except:
                logger.exception('Azure auth check error', 'user',
                    user_id=self.id,
                    user_name=self.name,
                )
            return False
        elif AUTHZERO_AUTH in self.auth_type and AUTHZERO_AUTH in sso_mode:
            if settings.user.skip_remote_sso_check:
                return True

            try:
                resp = requests.get(auth_server +
                    ('/update/authzero?user=%s&license=%s&' +
                     'app_domain=%s&app_id=%s&app_secret=%s') % (
                        urllib.quote(self.name),
                        settings.app.license,
                        urllib.quote(settings.app.sso_authzero_domain),
                        urllib.quote(settings.app.sso_authzero_app_id),
                        urllib.quote(settings.app.sso_authzero_app_secret),
                ))

                if resp.status_code != 200:
                    logger.error('Auth0 auth check request error', 'user',
                        user_id=self.id,
                        user_name=self.name,
                        status_code=resp.status_code,
                        content=resp.content,
                    )
                    return False

                valid, authzero_groups = sso.verify_authzero(self.name)
                if not valid:
                    logger.error('Auth0 auth check failed', 'user',
                        user_id=self.id,
                        user_name=self.name,
                    )
                    return False

                if settings.app.sso_authzero_mode == 'groups':
                    cur_groups = set(self.groups)
                    new_groups = set(authzero_groups)

                    if cur_groups != new_groups:
                        self.groups = list(new_groups)
                        self.commit('groups')

                return True
            except:
                logger.exception('Auth0 auth check error', 'user',
                    user_id=self.id,
                    user_name=self.name,
                )
            return False
        elif SLACK_AUTH in self.auth_type and SLACK_AUTH in sso_mode:
            if settings.user.skip_remote_sso_check:
                return True

            if not isinstance(settings.app.sso_match, list):
                raise TypeError('Invalid sso match')

            try:
                resp = requests.get(auth_server +
                    '/update/slack?user=%s&team=%s&license=%s' % (
                        urllib.quote(self.name),
                        urllib.quote(settings.app.sso_match[0]),
                        settings.app.license,
                    ))

                if resp.status_code != 200:
                    logger.error('Slack auth check request error', 'user',
                        user_id=self.id,
                        user_name=self.name,
                        status_code=resp.status_code,
                        content=resp.content,
                    )
                    return False

                return True
            except:
                logger.exception('Slack auth check error', 'user',
                    user_id=self.id,
                    user_name=self.name,
                )
            return False
        elif SAML_ONELOGIN_AUTH in self.auth_type and \
                SAML_ONELOGIN_AUTH in sso_mode:
            if settings.user.skip_remote_sso_check:
                return True

            try:
                return sso.auth_onelogin(self.name)
            except:
                logger.exception('OneLogin auth check error', 'user',
                    user_id=self.id,
                    user_name=self.name,
                )
            return False
        elif SAML_OKTA_AUTH in self.auth_type and \
                SAML_OKTA_AUTH in sso_mode:
            if settings.user.skip_remote_sso_check:
                return True

            try:
                return sso.auth_okta(self.name)
            except:
                logger.exception('Okta auth check error', 'user',
                    user_id=self.id,
                    user_name=self.name,
                )
            return False
        elif RADIUS_AUTH in self.auth_type and RADIUS_AUTH in sso_mode:
            try:
                return sso.verify_radius(self.name, password)[0]
            except:
                logger.exception('Radius auth check error', 'user',
                    user_id=self.id,
                    user_name=self.name,
                )
            return False
        elif PLUGIN_AUTH in self.auth_type:
            try:
                return sso.plugin_login_authenticate(
                    user_name=self.name,
                    password=password,
                    remote_ip=remote_ip,
                )[1]
            except:
                logger.exception('Plugin auth check error', 'user',
                    user_id=self.id,
                    user_name=self.name,
                )
            return False

        return True
Exemple #9
0
        def auth_thread():
            info={
                'Server': self.server.name,
            }

            platform_name = None
            if platform == 'linux':
                platform_name = 'Linux'
            elif platform == 'mac':
                platform_name = 'Apple'
            elif platform == 'win':
                platform_name = 'Windows'
            elif platform == 'chrome':
                platform_name = 'Chrome OS'

            if device_name:
                info['Device'] = '%s (%s)' % (device_name, platform_name)

            allow = False
            try:
                if type == DUO_AUTH:
                    allow, _ = sso.auth_duo(
                        user.name,
                        ipaddr=remote_ip,
                        type='Connection',
                        info=info,
                    )
                elif type == SAML_OKTA_AUTH:
                    allow = sso.auth_okta(
                        user.name,
                        ipaddr=remote_ip,
                        type='Connection',
                        info=info,
                    )
                else:
                    raise ValueError('Unkown push auth type')
            except:
                logger.exception('Push auth server error', 'server',
                    client_id=client_id,
                    user_id=user.id,
                    username=user.name,
                    server_id=self.server.id,
                )
                self.instance_com.push_output(
                    'ERROR Push auth server error client_id=%s' % client_id)
            try:
                if allow:
                    self.allow_client(client, org, user, reauth)
                else:
                    logger.LogEntry(message='User failed push ' +
                        'authentication "%s".' % user.name)
                    user.audit_event('user_connection',
                        ('User connection to "%s" denied. ' +
                         'Push authentication failed') % (
                            self.server.name),
                        remote_addr=remote_ip,
                    )
                    self.instance_com.send_client_deny(
                        client_id,
                        key_id,
                        'User failed push authentication',
                    )
            except:
                logger.exception('Push auth error', 'server',
                    client_id=client_id,
                    user_id=user.id,
                    server_id=self.server.id,
                )
                self.instance_com.push_output(
                    'ERROR Push auth error client_id=%s' % client_id)
Exemple #10
0
    def sso_auth_check(self, password):
        if GOOGLE_AUTH in self.auth_type:
            try:
                resp = utils.request.get(AUTH_SERVER +
                                         '/update/google?user=%s&license=%s' %
                                         (
                                             urllib.quote(self.email),
                                             settings.app.license,
                                         ))

                if resp.status_code == 200:
                    return True
            except:
                logger.exception(
                    'Google auth check error',
                    'user',
                    user_id=self.id,
                )
            return False
        elif SLACK_AUTH in self.auth_type:
            try:
                resp = utils.request.get(
                    AUTH_SERVER + '/update/slack?user=%s&team=%s&license=%s' %
                    (
                        urllib.quote(self.name),
                        urllib.quote(settings.app.sso_match[0]),
                        settings.app.license,
                    ))

                if resp.status_code == 200:
                    return True
            except:
                logger.exception(
                    'Slack auth check error',
                    'user',
                    user_id=self.id,
                )
            return False
        elif SAML_ONELOGIN_AUTH in self.auth_type:
            try:
                return sso.auth_onelogin(self.name)
            except:
                logger.exception(
                    'OneLogin auth check error',
                    'user',
                    user_id=self.id,
                )
            return False
        elif SAML_OKTA_AUTH in self.auth_type:
            try:
                return sso.auth_okta(self.name)
            except:
                logger.exception(
                    'Okta auth check error',
                    'user',
                    user_id=self.id,
                )
            return False
        elif RADIUS_AUTH in self.auth_type:
            try:
                return sso.verify_radius(self.name, password)[0]
            except:
                logger.exception(
                    'Radius auth check error',
                    'user',
                    user_id=self.id,
                )
            return False

        return True