Development

docker/routlin-dash/app/pages/radius/action.py

@@ -85,7 +85,7 @@ def auth_mode_save():
     if auth_mode == 'eap_password':
         after['eap_protocol']   = eap_protocol
         after['tunneled_reply'] = tunneled_reply and eap_protocol in ('eap_peap', 'eap_ttls')
-        after['mab_first']   = mab_first
+        after['mab_first']      = mab_first
         if eap_protocol in _valid_inner and inner_protocol in _valid_inner[eap_protocol]:
             after['inner_protocol'] = inner_protocol
         else:
@@ -94,18 +94,27 @@ def auth_mode_save():
             after['include_length'] = include_length
         else:
             after.pop('include_length', None)
+        try:
+            dur_n    = int(request.form.get('default_session_value', '0').strip() or '0')
+            dur_unit = request.form.get('default_session_unit', 'hours')
+            mult     = {'hours': 3600, 'days': 86400}.get(dur_unit, 3600)
+            after['default_session_seconds'] = dur_n * mult if dur_n > 0 else 0
+        except (ValueError, TypeError):
+            after['default_session_seconds'] = 0
     elif auth_mode == 'eap_credential':
         after['include_length'] = include_length
-        after['mab_first']   = mab_first
-        after.pop('eap_protocol',   None)
-        after.pop('tunneled_reply', None)
-        after.pop('inner_protocol', None)
+        after['mab_first']      = mab_first
+        after.pop('eap_protocol',            None)
+        after.pop('tunneled_reply',          None)
+        after.pop('inner_protocol',          None)
+        after.pop('default_session_seconds', None)
     else:  # mab
-        after.pop('eap_protocol',   None)
-        after.pop('tunneled_reply', None)
-        after.pop('inner_protocol', None)
-        after.pop('include_length', None)
-        after.pop('mab_first',   None)
+        after.pop('eap_protocol',            None)
+        after.pop('tunneled_reply',          None)
+        after.pop('inner_protocol',          None)
+        after.pop('include_length',          None)
+        after.pop('mab_first',               None)
+        after.pop('default_session_seconds', None)
     cfg.setdefault('radius', {})['options'] = after
 
     changes = config_utils.diff_fields(before, after)

docker/routlin-dash/app/pages/radius/content.json

@@ -210,6 +210,40 @@
               "type": "raw_html",
               "html": "</div>"
             },
+            {
+              "type": "raw_html",
+              "html": "<div id=\"eap-session-row\">"
+            },
+            {
+              "type": "field_row",
+              "cols": 2,
+              "items": [
+                {
+                  "type": "field",
+                  "label": "Default Session Duration",
+                  "name": "default_session_value",
+                  "input_type": "number",
+                  "min": 0,
+                  "value": "%RADIUS_DEFAULT_SESSION_VALUE%",
+                  "hint": "How long a client session lasts before reauthentication is required. 0 = no expiration."
+                },
+                {
+                  "type": "field",
+                  "label": "Unit",
+                  "name": "default_session_unit",
+                  "input_type": "select",
+                  "value": "%RADIUS_DEFAULT_SESSION_UNIT%",
+                  "options": [
+                    {"value": "hours", "label": "Hours"},
+                    {"value": "days",  "label": "Days"}
+                  ]
+                }
+              ]
+            },
+            {
+              "type": "raw_html",
+              "html": "</div>"
+            },
             {
               "type": "button_row",
               "items": [

docker/routlin-dash/app/pages/radius/view.py

@@ -123,9 +123,20 @@ def collect_tokens(cfg):
     tokens['RADIUS_LOGGING_HINT']   = 'Unchecking will clear logs.' if fr_gen.get('logging', False) else ''
     tokens['RADIUS_GEN_LOG_MAX_KB'] = str(fr_gen.get('log_max_kb', 1024))
 
-    tokens['RADIUS_TUNNELED_REPLY']  = 'true' if fr_opts.get('tunneled_reply', False) else ''
-    tokens['RADIUS_INCLUDE_LENGTH']  = 'true' if fr_opts.get('include_length', False) else ''
-    tokens['RADIUS_MAB_FIRST']    = 'true' if fr_opts.get('mab_first', True) else ''
+    tokens['RADIUS_TUNNELED_REPLY'] = 'true' if fr_opts.get('tunneled_reply', False) else ''
+    tokens['RADIUS_INCLUDE_LENGTH'] = 'true' if fr_opts.get('include_length', False) else ''
+    tokens['RADIUS_MAB_FIRST']      = 'true' if fr_opts.get('mab_first', True) else ''
+
+    secs = fr_opts.get('default_session_seconds', 0) or 0
+    if secs >= 86400 and secs % 86400 == 0:
+        tokens['RADIUS_DEFAULT_SESSION_VALUE'] = str(secs // 86400)
+        tokens['RADIUS_DEFAULT_SESSION_UNIT']  = 'days'
+    elif secs > 0:
+        tokens['RADIUS_DEFAULT_SESSION_VALUE'] = str(max(1, round(secs / 3600)))
+        tokens['RADIUS_DEFAULT_SESSION_UNIT']  = 'hours'
+    else:
+        tokens['RADIUS_DEFAULT_SESSION_VALUE'] = '0'
+        tokens['RADIUS_DEFAULT_SESSION_UNIT']  = 'hours'
 
     vlans = cfg.get('vlans', [])
     default_vlan = next((v['name'] for v in vlans if v.get('radius_default') is True), '')