keep eap state when refreshing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-16 22:59:16 +02:00
parent 50c50c4109
commit 8cf8f1e199
3 changed files with 16 additions and 17 deletions
--- a/internal/outpost/radius/api.go
+++ b/internal/outpost/radius/api.go
@ -42,10 +42,15 @@ func (rs *RadiusServer) Refresh() error {
 	if len(apiProviders) < 1 {
 		return errors.New("no radius provider defined")
 	}
-	providers := make([]*ProviderInstance, len(apiProviders))
-	for idx, provider := range apiProviders {
+	providers := make(map[int32]*ProviderInstance)
+	for _, provider := range apiProviders {
+		existing, ok := rs.providers[provider.Pk]
+		state := map[string]*eap.State{}
+		if ok {
+			state = existing.eapState
+		}
 		logger := log.WithField("logger", "authentik.outpost.radius").WithField("provider", provider.Name)
-		providers[idx] = &ProviderInstance{
+		providers[provider.Pk] = &ProviderInstance{
 			SharedSecret:   []byte(provider.GetSharedSecret()),
 			ClientNetworks: parseCIDRs(provider.GetClientNetworks()),
 			MFASupport:     provider.GetMfaSupport(),
@ -55,15 +60,10 @@ func (rs *RadiusServer) Refresh() error {
 			providerId:     provider.Pk,
 			s:              rs,
 			log:            logger,
-			eapState:       map[string]*eap.State{},
+			eapState:       state,
 		}
 	}
 	rs.providers = providers
 	rs.log.Info("Update providers")
 	return nil
 }
-
-func (rs *RadiusServer) StartRadiusServer() error {
-	rs.log.WithField("listen", rs.s.Addr).Info("Starting radius server")
-	return rs.s.ListenAndServe()
-}
--- a/internal/outpost/radius/radius.go
+++ b/internal/outpost/radius/radius.go
@ -35,14 +35,14 @@ type RadiusServer struct {
 	ac          *ak.APIController
 	cryptoStore *ak.CryptoStore

-	providers []*ProviderInstance
+	providers map[int32]*ProviderInstance
 }

 func NewServer(ac *ak.APIController) ak.Outpost {
 	rs := &RadiusServer{
 		log:         log.WithField("logger", "authentik.outpost.radius"),
 		ac:          ac,
-		providers:   []*ProviderInstance{},
+		providers:   map[int32]*ProviderInstance{},
 		cryptoStore: ak.NewCryptoStore(ac.Client.CryptoApi),
 	}
 	rs.s = radius.PacketServer{
@ -103,7 +103,8 @@ func (rs *RadiusServer) Start() error {
 	}()
 	go func() {
 		defer wg.Done()
-		err := rs.StartRadiusServer()
+		rs.log.WithField("listen", rs.s.Addr).Info("Starting radius server")
+		err := rs.s.ListenAndServe()
 		if err != nil {
 			panic(err)
 		}