From 0a254c9d2080ce44e207196539572e99dfcc0f11 Mon Sep 17 00:00:00 2001
From: Simon Cloutier <simon@qic.ca>
Date: Tue, 8 Apr 2025 16:46:28 -0400
Subject: [PATCH] fixed some timezone log issues for auth

---
 app/db_interface.py          |  8 ++++--
 app/templates/user_list.html | 51 +++++++++++++++++-------------------
 radius/main.py               | 40 +++++++++++-----------------
 3 files changed, 45 insertions(+), 54 deletions(-)

diff --git a/app/db_interface.py b/app/db_interface.py
index 5db78a5..ada83c2 100644
--- a/app/db_interface.py
+++ b/app/db_interface.py
@@ -520,7 +520,8 @@ def get_latest_auth_logs(reply_type=None, limit=5, time_range=None, offset=0):
         print(f"Warning: Unknown timezone '{tz_str}', falling back to UTC.")
         app_tz = pytz.utc
     now = datetime.now(app_tz)
-
+    print(f"🕒 Using timezone: {tz_str} → Now: {now.isoformat()}")
+    
     query_base = "SELECT * FROM auth_logs"
     filters = []
     params = []
@@ -548,6 +549,7 @@ def get_latest_auth_logs(reply_type=None, limit=5, time_range=None, offset=0):
 
         if delta:
             time_filter_dt = now - delta
+            print(f"🕒 Filtering logs after: {time_filter_dt.isoformat()}")
             filters.append("timestamp >= %s")
             params.append(time_filter_dt)
 
@@ -575,7 +577,8 @@ def count_auth_logs(reply_type=None, time_range=None):
         print(f"Warning: Unknown timezone '{tz_str}', falling back to UTC.")
         app_tz = pytz.utc
     now = datetime.now(app_tz)
-
+    print(f"🕒 Using timezone: {tz_str} → Now: {now.isoformat()}")
+    
     query_base = "SELECT COUNT(*) FROM auth_logs"
     filters = []
     params = []
@@ -603,6 +606,7 @@ def count_auth_logs(reply_type=None, time_range=None):
 
         if delta:
             time_filter_dt = now - delta
+            print(f"🕒 Filtering logs after: {time_filter_dt.isoformat()}")
             filters.append("timestamp >= %s")
             params.append(time_filter_dt)
 
diff --git a/app/templates/user_list.html b/app/templates/user_list.html
index 5c59865..593ad26 100644
--- a/app/templates/user_list.html
+++ b/app/templates/user_list.html
@@ -31,40 +31,37 @@
     <tr>
       <td>{{ entry.mac_address }}</td>
 
-      <td>
-        <form method="POST" action="{{ url_for('user.update_description_route') }}">
+      <!-- Form spans Description and Actions columns -->
+      <form method="POST" action="{{ url_for('user.update_description_route') }}">
+        <td>
           <input type="hidden" name="mac_address" value="{{ entry.mac_address }}">
           <input type="text" name="description" value="{{ entry.description or '' }}">
-        </form>
-      </td>
+        </td>
 
-      <td>{{ entry.vendor or "..." }}</td>
+        <td>{{ entry.vendor or "..." }}</td>
 
-      <td>
-        <form method="POST" action="{{ url_for('user.update_vlan_route') }}" class="inline-form">
-          <input type="hidden" name="mac_address" value="{{ entry.mac_address }}">
-          <select name="group_id" onchange="this.form.submit()">
-            {% for group in available_groups %}
-            <option value="{{ group.vlan_id }}" {% if group.vlan_id == entry.vlan_id %}selected{% endif %}>
-              VLAN {{ group.vlan_id }}{% if group.description %} - {{ group.description }}{% endif %}
-            </option>
-            {% endfor %}
-          </select>
-        </form>
-      </td>
+        <td>
+          <form method="POST" action="{{ url_for('user.update_vlan_route') }}" class="inline-form">
+            <input type="hidden" name="mac_address" value="{{ entry.mac_address }}">
+            <select name="group_id" onchange="this.form.submit()">
+              {% for group in available_groups %}
+              <option value="{{ group.vlan_id }}" {% if group.vlan_id == entry.vlan_id %}selected{% endif %}>
+                VLAN {{ group.vlan_id }}{% if group.description %} - {{ group.description }}{% endif %}
+              </option>
+              {% endfor %}
+            </select>
+          </form>
+        </td>
 
-      <td>
-        <form method="POST" action="{{ url_for('user.update_description_route') }}" style="display:inline;">
-          <input type="hidden" name="mac_address" value="{{ entry.mac_address }}">
-          <input type="hidden" name="description" value="{{ entry.description }}">
+        <td>
           <button type="submit" title="Save">💾</button>
-        </form>
+      </form> <!-- Closing the description form here -->
 
-        <form method="POST" action="{{ url_for('user.delete') }}" style="display:inline;">
-          <input type="hidden" name="mac_address" value="{{ entry.mac_address }}">
-          <button type="submit" onclick="return confirm('Delete this MAC address?')">❌</button>
-        </form>
-      </td>
+          <form method="POST" action="{{ url_for('user.delete') }}" style="display:inline;">
+            <input type="hidden" name="mac_address" value="{{ entry.mac_address }}">
+            <button type="submit" onclick="return confirm('Delete this MAC address?')">❌</button>
+          </form>
+        </td>
     </tr>
     {% endfor %}
   </tbody>
diff --git a/radius/main.py b/radius/main.py
index 805a939..9cc52de 100644
--- a/radius/main.py
+++ b/radius/main.py
@@ -1,6 +1,7 @@
 from pyrad.server import Server, RemoteHost
 from pyrad.dictionary import Dictionary
 from pyrad.packet import AccessAccept, AccessReject
+from datetime import datetime, timezone
 import mysql.connector
 import os
 
@@ -22,6 +23,7 @@ class MacRadiusServer(Server):
     def HandleAuthPacket(self, pkt):
         username = pkt['User-Name'][0].upper()
         cursor = self.db.cursor(dictionary=True)
+        now_utc = datetime.now(timezone.utc)
         
         # Step 1: Check if the MAC exists in the users table
         cursor.execute("SELECT vlan_id FROM users WHERE mac_address = %s", (username,))
@@ -31,60 +33,48 @@ class MacRadiusServer(Server):
 
         # Step 2: Handle the Access-Accept or Access-Reject scenario
         if result:
-            # MAC found in users table
             vlan_id = result['vlan_id']
-
-            # Check if the VLAN is a denied VLAN
-            denied_vlan = os.getenv("DENIED_VLAN", "999")  # Get the denied VLAN from environment
+            denied_vlan = os.getenv("DENIED_VLAN", "999")
 
             if vlan_id == denied_vlan:
-                # Step 3: If the MAC is in a denied VLAN, reject the access
                 reply.code = AccessReject
                 cursor.execute("""
-                    INSERT INTO auth_logs (mac_address, reply, result)
-                    VALUES (%s, %s, %s)
-                """, (username, "Access-Reject", f"Denied due to VLAN {denied_vlan}"))
+                    INSERT INTO auth_logs (mac_address, reply, result, timestamp)
+                    VALUES (%s, %s, %s, %s)
+                """, (username, "Access-Reject", f"Denied due to VLAN {denied_vlan}", now_utc))
                 self.db.commit()
                 print(f"[INFO] MAC {username} rejected due to VLAN {denied_vlan}")
 
             else:
-                # Step 4: If the MAC is valid and not in the denied VLAN, accept access and assign VLAN
                 reply.code = AccessAccept
                 reply.AddAttribute("Tunnel-Type", 13)
                 reply.AddAttribute("Tunnel-Medium-Type", 6)
                 reply.AddAttribute("Tunnel-Private-Group-Id", vlan_id)
 
-                # Log successful access
                 cursor.execute("""
-                    INSERT INTO auth_logs (mac_address, reply, result)
-                    VALUES (%s, %s, %s)
-                """, (username, "Access-Accept", f"Assigned to VLAN {vlan_id}"))
+                    INSERT INTO auth_logs (mac_address, reply, result, timestamp)
+                    VALUES (%s, %s, %s, %s)
+                """, (username, "Access-Accept", f"Assigned to VLAN {vlan_id}", now_utc))
                 self.db.commit()
                 print(f"[INFO] MAC {username} accepted and assigned to VLAN {vlan_id}")
 
         else:
-            # Step 5: If the MAC is not found in the database, assign to fallback VLAN
-            reply.code = AccessAccept  # Still send Access-Accept even for fallback
-            reply["Tunnel-Type"] = 13  # VLAN
-            reply["Tunnel-Medium-Type"] = 6  # IEEE-802
+            reply.code = AccessAccept
+            reply["Tunnel-Type"] = 13
+            reply["Tunnel-Medium-Type"] = 6
             reply["Tunnel-Private-Group-Id"] = DEFAULT_VLAN_ID
 
-            # Log fallback assignment
             cursor.execute("""
-                INSERT INTO auth_logs (mac_address, reply, result)
-                VALUES (%s, %s, %s)
-            """, (username, "Access-Accept", f"Assigned to fallback VLAN {DEFAULT_VLAN_ID}"))
+                INSERT INTO auth_logs (mac_address, reply, result, timestamp)
+                VALUES (%s, %s, %s, %s)
+            """, (username, "Access-Accept", f"Assigned to fallback VLAN {DEFAULT_VLAN_ID}", now_utc))
             self.db.commit()
-
             print(f"[INFO] MAC {username} not found — assigned to fallback VLAN {DEFAULT_VLAN_ID}")
 
-        # Send the reply packet (whether accept or reject)
         self.SendReplyPacket(pkt.fd, reply)
         cursor.close()
 
 
-
-
 if __name__ == '__main__':
     srv = MacRadiusServer(dict=Dictionary("dictionary"))
     srv.hosts["0.0.0.0"] = RemoteHost("0.0.0.0", os.getenv("RADIUS_SECRET", "testing123").encode(), "localhost")