improvements to radius patch

lib/App/Netdisco/DB.pm

@@ -11,7 +11,7 @@ __PACKAGE__->load_namespaces(
 );
 
 our # try to hide from kwalitee
-  $VERSION = 58; # schema version used for upgrades, keep as integer
+  $VERSION = 59; # schema version used for upgrades, keep as integer
 
 use Path::Class;
 use File::ShareDir 'dist_dir';

lib/App/Netdisco/DB/Result/User.pm

@@ -29,6 +29,8 @@ __PACKAGE__->add_columns(
   { data_type => "boolean", default_value => \"false", is_nullable => 1 },
   "ldap",
   { data_type => "boolean", default_value => \"false", is_nullable => 1 },
+  "radius",
+  { data_type => "boolean", default_value => \"false", is_nullable => 1 },
   "admin",
   { data_type => "boolean", default_value => \"false", is_nullable => 1 },
   "fullname",

lib/App/Netdisco/DB/Result/Virtual/UserRole.pm

@@ -20,6 +20,9 @@ __PACKAGE__->result_source_instance->view_definition(<<ENDSQL
   SELECT username, 'ldap' AS role FROM users
     WHERE ldap
   UNION
+  SELECT username, 'radius' AS role FROM users
+    WHERE radius
+  UNION
   SELECT username, 'api' AS role FROM users
     WHERE token IS NOT NULL AND token_from IS NOT NULL
 ENDSQL

lib/App/Netdisco/Web/Auth/Provider/DBIC.pm

@@ -13,12 +13,9 @@ use Dancer::Plugin::DBIC;
 use Dancer::Plugin::Passphrase;
 use Digest::MD5;
 use Net::LDAP;
+use Authen::Radius;
 use Try::Tiny;
 
-if (setting('radius') and ref {} eq ref setting('radius')) {
-    use Authen::Radius;
-    }
-
 sub authenticate_user {
     my ($self, $username, $password) = @_;
     return unless defined $username;
@@ -107,21 +104,20 @@ sub match_password {
     my $settings = $self->realm_settings;
     my $username_column = $settings->{users_username_column} || 'username';
 
-#    return $user->ldap
-#      ? $self->match_with_ldap($password, $user->$username_column)
-#      : $self->match_with_local_pass($password, $user);
-    my $pwmatch_result=0;
+    my $pwmatch_result = 0;
     my $username = $user->$username_column;
 
     if ($user->ldap) {
-      $pwmatch_result = $self->match_with_ldap($password, $user->$username_column);
-    } else {
-      if ( setting('radius') and ref {} eq ref setting('radius') ) {
-        $pwmatch_result =       ( $self->match_with_radius($password, $username) || $self->match_with_local_pass($password, $user) );
-      } else {
-        $pwmatch_result = $self->match_with_local_pass($password, $user);
-      }
-   }
+      $pwmatch_result = $self->match_with_ldap($password, $username);
+    }
+    elsif ($user->raidus) {
+      $pwmatch_result = $self->match_with_radius($password, $username);
+    }
+    else {
+      $pwmatch_result = $self->match_with_local_pass($password, $user);
+    }
+
+    return $pwmatch_result;
 }
 
 sub match_with_local_pass {
@@ -230,21 +226,27 @@ sub _ldap_search {
 
     return undef;
 }
+
 sub match_with_radius {
-   my($self, $pass, $user) = @_;
-   return unless setting('radius') and ref {} eq ref setting('radius');
-   my $conf = setting('radius');
-   my $radius = new Authen::Radius(Host => $conf->{server}, Secret => $conf->{secret});
-      Authen::Radius->load_dictionary();
-   $radius->add_attributes(
-      { Name=> 'User-Name', Value => $user },
-      { Name=> 'User-Password', Value => $pass },
-      { Name => 'h323-return-code', Value => '0' }, # Cisco AV pair
-      { Name => 'Digest-Attributes', Value => { Method => 'REGISTER' } }
-    );
-    $radius->send_packet(ACCESS_REQUEST);
-    my $type = $radius->recv_packet();
-    my $radius_return = ($type eq ACCESS_ACCEPT)?1:0;
-    return $radius_return;
+  my($self, $pass, $user) = @_;
+  return unless setting('radius') and ref {} eq ref setting('radius');
+
+  my $conf = setting('radius');
+  my $radius = Authen::Radius->new(Host => $conf->{server}, Secret => $conf->{secret});
+  Authen::Radius->load_dictionary();
+
+  $radius->add_attributes(
+     { Name => 'User-Name',         Value => $user },
+     { Name => 'User-Password',     Value => $pass },
+     { Name => 'h323-return-code',  Value => '0' }, # Cisco AV pair
+     { Name => 'Digest-Attributes', Value => { Method => 'REGISTER' } }
+  );
+  $radius->send_packet(ACCESS_REQUEST);
+
+  my $type = $radius->recv_packet();
+  my $radius_return = ($type eq ACCESS_ACCEPT) ? 1 : 0;
+
+  return $radius_return;
 }
+
 1;

lib/App/Netdisco/Web/Plugin/AdminTask/Users.pm

@@ -41,6 +41,7 @@ ajax '/ajax/control/admin/users/add' => require_role setting('defanged_admin') =
           password => _make_password(param('password')),
           fullname => param('fullname'),
           ldap => (param('ldap') ? \'true' : \'false'),
+          radius => (param('radius') ? \'true' : \'false'),
           port_control => (param('port_control') ? \'true' : \'false'),
           admin => (param('admin') ? \'true' : \'false'),
           note => param('note'),
@@ -71,6 +72,7 @@ ajax '/ajax/control/admin/users/update' => require_role setting('defanged_admin'
           : ()),
         fullname => param('fullname'),
         ldap => (param('ldap') ? \'true' : \'false'),
+        radius => (param('radius') ? \'true' : \'false'),
         port_control => (param('port_control') ? \'true' : \'false'),
         admin => (param('admin') ? \'true' : \'false'),
         note => param('note'),