Revert "Revert "Simplify logic & improve readability. Harmonize log string language""

This reverts commit 782cb76769

freeradius_utils/authenticate_filaire.py

@@ -24,53 +24,49 @@ VLAN_NOK = RADIUS_VLAN_DECISION['VLAN_NOK']
 VLAN_OK = RADIUS_VLAN_DECISION['VLAN_OK']
 
 def decide_vlan(switch_ip, port_number, mac_address):
-        # Get port from switch and port number
-        switch = Switch.objects.filter(switch_interface=Interface.objects.filter(ipv4=IpList.objects.filter(ipv4=switch_ip)))
-        if switch:
-            sw_name = str(switch[0].switch_interface)
-            port = Port.objects.filter(switch=switch[0], port=port_number)
-            if port:
-                port = port[0]
-                if port.radius == 'NO':
-                # Aucune authentification sur ce port
-                    decision = (sw_name, "Pas d'authentification sur ce port", VLAN_OK)
-                elif port.radius == 'BLOQ':
-                    # Prise désactivée
-                    decision = (sw_name, 'Port desactive', VLAN_NOK)
-                elif port.radius == 'COMMON':
-		    # Authentification par mac
-                    interface = Interface.objects.filter(mac_address=mac_address)
-                    if not interface:
-                        decision = (sw_name, 'Mac not found', VLAN_NOK)
-                    elif not interface[0].is_active():
-                        decision = (sw_name, 'Machine non active / adherent non cotisant', VLAN_NOK)
-                    else:
-                        decision = (sw_name, 'Machine OK', VLAN_OK)
-                elif port.radius == 'STRICT':
-                    if port.room:
-                        user = User.objects.filter(room=Room.objects.filter(name=port.room))
-                        if not user:
-                            decision = (sw_name, 'Chambre non cotisante', VLAN_NOK)
-                        elif not user[0].has_access():
-                            decision = (sw_name, 'Resident desactive', VLAN_NOK)
-                        else:
-                            # Verification de la mac
-                            interface = Interface.objects.filter(mac_address=mac_address)
-                            if not interface:
-                                decision = (sw_name, 'Chambre Ok, but mac not found', VLAN_NOK)
-                            elif not interface[0].is_active():
-                                decision = (sw_name, 'Chambre Ok, but machine non active / adherent non cotisant', VLAN_NOK)
-                            else:
-                                decision = (sw_name, 'Machine OK, Proprio OK', VLAN_OK)
-                    else:
-                        decision = (sw_name, 'Chambre inconnue', VLAN_NOK)
-                else:
-                    decision = (sw_name, 'VLAN forced', int(port.radius))
-            else:
-                decision = (sw_name, 'port not found!', VLAN_OK)
+    # Get port from switch and port number
+    switch = Switch.objects.filter(switch_interface=Interface.objects.filter(ipv4=IpList.objects.filter(ipv4=switch_ip)))
+    if not switch:
+        return ('?', 'Switch inconnu', VLAN_OK)
+
+    sw_name = str(switch[0].switch_interface)
+
+    port = Port.objects.filter(switch=switch[0], port=port_number)
+    if not port:
+        return (sw_name, 'Port inconnu', VLAN_OK)
+
+    port = port[0]
+
+    if port.radius == 'NO':
+        return (sw_name, "Pas d'authentification sur ce port", VLAN_OK)
+
+    if port.radius == 'BLOQ':
+        return (sw_name, 'Port desactive', VLAN_NOK)
+
+    if port.radius == 'STRICT':
+        if not port.room:
+            return (sw_name, 'Chambre inconnue', VLAN_NOK)
+
+        room_user = User.objects.filter(room=Room.objects.filter(name=port.room))
+        if not room_user:
+            return (sw_name, 'Chambre non cotisante', VLAN_NOK)
+        elif not room_user[0].has_access():
+            return (sw_name, 'Chambre resident desactive', VLAN_NOK)
+        # else: user OK, on passe à la verif MAC
+
+    if port.radius == 'COMMON' or port.radius == 'STRICT':
+        # Authentification par mac
+        interface = Interface.objects.filter(mac_address=mac_address)
+        if not interface:
+            return (sw_name, 'Machine inconnue', VLAN_NOK)
+        elif not interface[0].is_active():
+            return (sw_name, 'Machine non active / adherent non cotisant', VLAN_NOK)
         else:
-            decision = ('?', 'switch not found!', VLAN_OK)
-        return decision
+            return (sw_name, 'Machine OK', VLAN_OK)
+
+    # On gere bien tous les autres états possibles, il ne reste que le VLAN en dur
+    return (sw_name, 'VLAN impose', int(port.radius))
+
 
 if __name__ == '__main__':
     parser = argparse.ArgumentParser(description='Decide radius vlan attribution')