fix(auth): 修复radius decode error的问题

- 更新了 jms-storage版本依赖

.github/workflows/jms-generic-action-handler.yml

@@ -0,0 +1,12 @@
+on: [push, pull_request, release]
+
+name: JumpServer repos generic handler
+
+jobs:
+  generic_handler:
+    name: Run generic handler
+    runs-on: ubuntu-latest
+    steps:
+      - uses: jumpserver/action-generic-handler@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.PRIVATE_TOKEN }}

Dockerfile

@@ -9,18 +9,23 @@ RUN cd utils && bash -ixeu build.sh
 
 
 FROM registry.fit2cloud.com/public/python:v3
+ARG PIP_MIRROR=https://pypi.douban.com/simple
+ENV PIP_MIRROR=$PIP_MIRROR
+ARG MYSQL_MIRROR=https://mirrors.tuna.tsinghua.edu.cn/mysql/yum/mysql57-community-el6/
+ENV MYSQL_MIRROR=$MYSQL_MIRROR
+
 WORKDIR /opt/jumpserver
-COPY --from=stage-build /opt/jumpserver/release/jumpserver /opt/jumpserver
 
+COPY ./requirements ./requirements
 RUN useradd jumpserver
-
 RUN yum -y install epel-release && \
-      echo -e "[mysql]\nname=mysql\nbaseurl=https://mirrors.tuna.tsinghua.edu.cn/mysql/yum/mysql57-community-el6/\ngpgcheck=0\nenabled=1" > /etc/yum.repos.d/mysql.repo
-
-COPY . .
+      echo -e "[mysql]\nname=mysql\nbaseurl=${MYSQL_MIRROR}\ngpgcheck=0\nenabled=1" > /etc/yum.repos.d/mysql.repo
 RUN yum -y install $(cat requirements/rpm_requirements.txt)
-RUN pip install --upgrade pip setuptools && pip install wheel && \
-    pip install -i https://pypi.tuna.tsinghua.edu.cn/simple -r requirements/requirements.txt || pip install -r requirements/requirements.txt
+RUN pip install --upgrade pip setuptools wheel -i ${PIP_MIRROR} && \
+    pip config set global.index-url ${PIP_MIRROR}
+RUN pip install -r requirements/requirements.txt || pip install -r requirements/requirements.txt
+
+COPY --from=stage-build /opt/jumpserver/release/jumpserver /opt/jumpserver
 RUN mkdir -p /root/.ssh/ && echo -e "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null" > /root/.ssh/config
 
 RUN echo > config.yml

apps/authentication/backends/radius.py

@@ -1,11 +1,11 @@
 # -*- coding: utf-8 -*-
 #
+import traceback
 
 from django.contrib.auth import get_user_model
 from radiusauth.backends import RADIUSBackend, RADIUSRealmBackend
 from django.conf import settings
 
-from pyrad.packet import AccessRequest
 
 User = get_user_model()
 
@@ -27,11 +27,22 @@ class CreateUserMixin:
             user.save()
         return user
 
+    def _perform_radius_auth(self, client, packet):
+        # TODO: 等待官方库修复这个BUG
+        try:
+            return super()._perform_radius_auth(client, packet)
+        except UnicodeError as e:
+            import sys
+            tb = ''.join(traceback.format_exception(*sys.exc_info(), limit=2, chain=False))
+            if tb.find("cl.decode") != -1:
+                return [], False, False
+            return None
+
     def authenticate(self, *args, **kwargs):
         # 校验用户时，会传入public_key参数，父类authentication中不接受public_key参数，所以要pop掉
         # TODO:需要优化各backend的authenticate方法，django进行调用前会检测各authenticate的参数
         kwargs.pop('public_key', None)
-        return super().authenticate(*args, *kwargs)
+        return super().authenticate(*args, **kwargs)
 
 
 class RadiusBackend(CreateUserMixin, RADIUSBackend):

apps/jumpserver/settings/auth.py

@@ -92,6 +92,7 @@ CAS_LOGGED_MSG = None
 CAS_LOGOUT_COMPLETELY = CONFIG.CAS_LOGOUT_COMPLETELY
 CAS_VERSION = CONFIG.CAS_VERSION
 CAS_ROOT_PROXIED_AS = CONFIG.CAS_ROOT_PROXIED_AS
+CAS_CHECK_NEXT = lambda: lambda _next_page: True
 
 
 # Other setting

apps/perms/api/mixin.py

@@ -21,7 +21,7 @@ class UserPermissionMixin:
     obj = None
 
     def initial(self, *args, **kwargs):
-        super().initial(*args, *kwargs)
+        super().initial(*args, **kwargs)
         self.obj = self.get_obj()
 
     def get_obj(self):

requirements/requirements.txt

@@ -61,7 +61,7 @@ pytz==2018.3
 PyYAML==5.1
 redis==3.2.0
 requests==2.22.0
-jms-storage==0.0.29
+jms-storage==0.0.31
 s3transfer==0.3.3
 simplejson==3.13.2
 six==1.11.0