OMADA CONTROLLER external portal - query info
We use OMADA CONTROLLER v3.0.5 and EAP115. Users are redirected to an external portal for authentication. That's ok. But for security reasons I would like to check, whether the cid (MAC address) passed as a parameter is not a fake one (users can simply modify it in the url, so it is not fully trustable). The best would be if I could check it in the user list queried from the controller/eap. Is there any way to gather the list of the currenly active users from the controller?
for e.g. after I login with https://controller_server_ip:https_port/login I post a similar request as the auth to get the user list: https://controller_server_ip:https_port/extportal/site_name/auth?token=CSRFToken (like https://controller_server_ip:https_port/extportal/site_name/users?token=CSRFToken)
I would be happy if someone could help me.
Thanks.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Digizoli wrote
We use OMADA CONTROLLER v3.0.5 and EAP115. Users are redirected to an external portal for authentication. That's ok. But for security reasons I would like to check, whether the cid (MAC address) passed as a parameter is not a fake one (users can simply modify it in the url, so it is not fully trustable). The best would be if I could check it in the user list queried from the controller/eap. Is there any way to gather the list of the currenly active users from the controller?
for e.g. after I login with https://controller_server_ip:https_port/login I post a similar request as the auth to get the user list: https://controller_server_ip:https_port/extportal/site_name/auth?token=CSRFToken (like https://controller_server_ip:https_port/extportal/site_name/users?token=CSRFToken)
I would be happy if someone could help me.
Thanks.
Hi Digizoli,
Here is the API of Controller 3.0.x of how to get client information. You can refer to this document to get the client information.
- Copy Link
- Report Inappropriate Content
First of all, thank you for the quick answer and sorry for my late response - I thought that I will get notified by e-mail if someone replied to me, but did not.
I checked your attached doc, but need some additional help, because the solution does not work for me:
1. I supposed that first I should be logged in to the controller, so I did it with success: {"success":true,"message":"Log in successfully.","value":"416abda8363d4a99b73e5f36b58b414c"}
2. I posted the json encoded parameters '{"currentPage":1,"currentPageSize":10,"sortName":"name","sortOrder":"asc","searchKey":"","filters":{"type":"all"}}' to the controller via "https://10.10.10.207:8043/web/v1/controller?getGridActiveClients&token=416abda8363d4a99b73e5f36b58b414c", but the result is '{"errorCode":-1,"msg":"General error.","result":null}'
(formerly I tried similar requests based on the examination of the network traffic made by the controller's web surface with the same error result)
Could you please tell me what am I wrong doing?
On the other hand there is also an important question: I experienced that there is a (max. 30s) latency to get the active users updated on the controller's web site - does this latency exist also when I will query the user list with the method getGridActiveClients? If so, than I am disappointed, because I need to know if a new device connects at latest before the user will be redirected to my portal server (because my goal is to check whether the MAC passed in the URL is found in the list of the active users).
Fortunately meantime I found another way to get instantly informed about the network activity: I configured the log4j2.properties file to redirect the log entries also to a TCP socket and additionally set the log level to "trace" - so this way I can catch all the log entries - including the connection/disconnection relevant "messages". In this case I immediately get alerted if someone new connected to the network, and also will be prompted (with a latency) after a user has been disconnected or lost (this latency is ok). Furthermore, based on the logs I can also see the reason of the delayed update of the userlist on the web: the update will be occured only in the 2nd phase of the new user detection thread which runs in every 30s. Hope, this does not effect when using getGridActiveClients, because although trapping the logs seems to be a trustable way to be up to date on user activity, but I would be more glad to use an official solution if possible.
- Copy Link
- Report Inappropriate Content
I think the problem might be a cookie handling issue at our side.
p.s.: I could not figure out myself the reason of the "-1 - General error." - must be other than a cookie problem. Dear @jonas, could you please help me?
- Copy Link
- Report Inappropriate Content
Digizoli wrote
First of all, thank you for the quick answer and sorry for my late response - I thought that I will get notified by e-mail if someone replied to me, but did not.
I checked your attached doc, but need some additional help, because the solution does not work for me:
1. I supposed that first I should be logged in to the controller, so I did it with success: {"success":true,"message":"Log in successfully.","value":"416abda8363d4a99b73e5f36b58b414c"}
2. I posted the json encoded parameters '{"currentPage":1,"currentPageSize":10,"sortName":"name","sortOrder":"asc","searchKey":"","filters":{"type":"all"}}' to the controller via "https://10.10.10.207:8043/web/v1/controller?getGridActiveClients&token=416abda8363d4a99b73e5f36b58b414c", but the result is '{"errorCode":-1,"msg":"General error.","result":null}'
(formerly I tried similar requests based on the examination of the network traffic made by the controller's web surface with the same error result)
Could you please tell me what am I wrong doing?
On the other hand there is also an important question: I experienced that there is a (max. 30s) latency to get the active users updated on the controller's web site - does this latency exist also when I will query the user list with the method getGridActiveClients? If so, than I am disappointed, because I need to know if a new device connects at latest before the user will be redirected to my portal server (because my goal is to check whether the MAC passed in the URL is found in the list of the active users).
Fortunately meantime I found another way to get instantly informed about the network activity: I configured the log4j2.properties file to redirect the log entries also to a TCP socket and additionally set the log level to "trace" - so this way I can catch all the log entries - including the connection/disconnection relevant "messages". In this case I immediately get alerted if someone new connected to the network, and also will be prompted (with a latency) after a user has been disconnected or lost (this latency is ok). Furthermore, based on the logs I can also see the reason of the delayed update of the userlist on the web: the update will be occured only in the 2nd phase of the new user detection thread which runs in every 30s. Hope, this does not effect when using getGridActiveClients, because although trapping the logs seems to be a trustable way to be up to date on user activity, but I would be more glad to use an official solution if possible.
Hi,
Your URL and JSON code may have some error.
The correct URL is : https://10.10.10.207:8043/web/v1/controller?token={CSRFToken}
The correct JSON code of POST packets is:
{
"method": "getGridActiveClients",
"params": {
"currentPage": 1,
"currentPageSize": 10,
"sortName": "name",
"sortOrder": "asc",
"searchKey": "",
"filters": {
"type": "all"
}
}
}
The correct cookies is: TPEAP_SESSIONID:{sessionID}
The POST data is belong to "params" in API, and you don't need to add the method(getGridActiveClients) to the URL, you should add the method to the JSON.
- Copy Link
- Report Inappropriate Content
Dear @jonas,
sorry for the blindness, I did not realize this trivial mistake! I made the changes according to your reply, but unfortunately I get still the same error. Cookies and the CSRFToken must be OK, because if I tried without cookies or with a wrong token then I received a result with a redirection to the login page. I cannot imagine what am I still doing wrong ... Here is the dump of the process I run - maybe you will find the mistake - please take a look at here:
****************** LOGIN ****************
CURLOPT_URL=https://10.10.10.207:8043/login
--------------- result ------------------
HTTP/1.1 200 OK
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: TPEAP_SESSIONID=a97ac081-d99f-4642-a9eb-fce8a25bd0b5; Path=/; HttpOnly
Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Tue, 19-Mar-2019 08:12:11 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
{"success":true,"message":"Log in successfully.","value":"bc9561795df243fe99f6683338a45d2f"}
- - - - - - curl_getinfo - - - - - - - -
Array
(
[url] => https://10.10.10.207:8043/login
[content_type] => application/json;charset=UTF-8
[http_code] => 200
[header_size] => 351
[request_size] => 160
[filetime] => -1
[ssl_verify_result] => 18
[redirect_count] => 0
[total_time] => 1.625
[namelookup_time] => 0
[connect_time] => 0
[pretransfer_time] => 0.156
[size_upload] => 29
[size_download] => 92
[speed_download] => 56
[speed_upload] => 17
[download_content_length] => -1
[upload_content_length] => 29
[starttransfer_time] => 1.609
[redirect_time] => 0
[certinfo] => Array
(
)
[redirect_url] =>
)
- - - - - - - cookies - - - - - - - - -
Array
(
[PHPSESSID] => u2ge92sukeirje6trd1n7tnip0
)
CSRFToken=bc9561795df243fe99f6683338a45d2f
************** LOGIN - END *************
****************** QUERY ****************
CURLOPT_URL=https://10.10.10.207:8043/web/v1/controller?token=bc9561795df243fe99f6683338a45d2f
CURLOPT_POSTFIELDS={"method":"getGridActiveClients","params":{"currentPage":1,"currentPageSize":10,"sortName":"name","sortOrder":"asc","searchKey":"","filters":{"type":"all"}}}
--------------- result ------------------
HTTP/1.1 200 OK
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
{"errorCode":-1,"msg":"General error.","result":null}
- - - - - - curl_getinfo - - - - - - - -
Array
(
[url] => https://10.10.10.207:8043/web/v1/controller?token=bc9561795df243fe99f6683338a45d2f
[content_type] => application/json;charset=UTF-8
[http_code] => 200
[header_size] => 176
[request_size] => 402
[filetime] => -1
[ssl_verify_result] => 18
[redirect_count] => 0
[total_time] => 0.312
[namelookup_time] => 0
[connect_time] => 0
[pretransfer_time] => 0.172
[size_upload] => 157
[size_download] => 53
[speed_download] => 169
[speed_upload] => 503
[download_content_length] => -1
[upload_content_length] => 157
[starttransfer_time] => 0.297
[redirect_time] => 0
[certinfo] => Array
(
)
[redirect_url] =>
)
- - - - - - - cookies - - - - - - - - -
Array
(
[PHPSESSID] => u2ge92sukeirje6trd1n7tnip0
)
************** QUERY - END *************
****************** LOGOUT ****************
CURLOPT_URL=https://10.10.10.207:8043/logout
--------------- result ------------------
HTTP/1.1 100 Continue
HTTP/1.1 302 Found
Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Tue, 19-Mar-2019 08:12:12 GMT
Set-Cookie: TPEAP_SESSIONID=deleteMe; Path=/; Max-Age=0; Expires=Tue, 19-Mar-2019 08:12:12 GMT
Set-Cookie: TPEAP_SESSIONID=0ef0ca4b-3949-4469-b0d2-fe4d10ac0808; Path=/; HttpOnly
Location: https://10.10.10.207:8043/login;JSESSIONID=a97ac081-d99f-4642-a9eb-fce8a25bd0b5
Content-Length: 0
************** LOGOUT - END *************
Thank you for your kindness - in advance, too.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2610
Replies: 5
Voters 0
No one has voted for it yet.