[feature] Close stale sessions on Accounting-On #617

Eeshu-Yadav · Dhanus3133 · nemesifier · web-flow · commit 3c0c7cf8db36 · 2025-09-01T19:03:34.000-03:00
When NAS devices are cold rebooted, they may not close active RADIUS sessions, which can cause issues with Simultaneous-Use. For this reason, when an Accounting-On request is detected, we make sure to close any lingering open RADIUS accounting session from the same NAS. Close #617 --------- Co-authored-by: Dhanus <dhanus3133@gmail.com> Co-authored-by: Federico Capoano <f.capoano@openwisp.io>
diff --git a/openwisp_radius/api/freeradius_views.py b/openwisp_radius/api/freeradius_views.py
@@ -44,9 +44,9 @@
     "^{0}[:-]{0}[:-]{0}[:-]{0}[:-]{0}[:-]{0}".format("[a-f0-9]{2}"), re.I
 )
 _TOKEN_AUTH_FAILED = _("Token authentication failed")
-# Accounting-On and Accounting-Off are not implemented and
-# hence  ignored right now - may be implemented in the future
-UNSUPPORTED_STATUS_TYPES = ["Accounting-On", "Accounting-Off"]
+# Accounting-Off is not implemented and hence ignored right now
+# may be implemented in the future
+UNSUPPORTED_STATUS_TYPES = ["Accounting-Off"]
 logger = logging.getLogger(__name__)
 
 RadiusToken = load_model("RadiusToken")
@@ -502,7 +502,11 @@ def post(self, request, *args, **kwargs):
         if request.user.is_anonymous and request.auth is None:
             return Response(status=status.HTTP_200_OK)
         data = request.data.copy()
-        if data.get("status_type", None) in UNSUPPORTED_STATUS_TYPES:
+        status_type = data.get("status_type", None)
+        if status_type in UNSUPPORTED_STATUS_TYPES:
+            return Response(None)
+        if status_type == "Accounting-On":
+            self._handle_accounting_on(data)
             return Response(None)
         # Create or Update
         try:
@@ -533,6 +537,27 @@ def post(self, request, *args, **kwargs):
             self.send_radius_accounting_signal(serializer.validated_data)
             return Response(None)
 
+    def _handle_accounting_on(self, data):
+        """
+        When NAS devices are cold rebooted,
+        they may not close active sessions,
+        which can cause issues with Simultaneous-Use.
+        For this reason, OpenWISP closes any open session from
+        the same NAS when it receives an Accounting-On request.
+        """
+        called_station_id = data.get("called_station_id")
+        closed_count = RadiusAccounting._close_stale_sessions_on_nas_boot(
+            called_station_id=called_station_id,
+            organization_id=self.request.auth,
+        )
+        if closed_count:
+            logger.info(
+                f"Closed {closed_count} stale session(s) for device with "
+                f"Called-Station-Id {called_station_id} in organization "
+                f"{self.request.auth} due to receiving an "
+                "Accounting-On packet."
+            )
+
     def _is_interim_update_corner_case(self, error, data):
         """
         Handles "Interim-Updates" for RadiusAccounting sessions
diff --git a/openwisp_radius/api/serializers.py b/openwisp_radius/api/serializers.py
@@ -139,7 +139,7 @@ class Meta:
     ("Start", "Start"),
     ("Interim-Update", "Interim-Update"),
     ("Stop", "Stop"),
-    ("Accounting-On", "Accounting-On (ignored)"),
+    ("Accounting-On", "Accounting-On"),
     ("Accounting-Off", "Accounting-Off (ignored)"),
 )
 
diff --git a/openwisp_radius/base/models.py b/openwisp_radius/base/models.py
@@ -557,6 +557,23 @@ def close_stale_sessions(cls, days=None, hours=None):
             session.terminate_cause = "Session Timeout"
             session.save()
 
+    @classmethod
+    def _close_stale_sessions_on_nas_boot(cls, called_station_id, organization_id):
+        """
+        Called during RADIUS Accounting-On.
+        """
+        if not called_station_id or not organization_id:
+            return 0
+        stale_sessions = cls.objects.filter(
+            called_station_id=called_station_id,
+            organization_id=organization_id,
+            stop_time__isnull=True,
+        )
+        closed_count = stale_sessions.update(
+            stop_time=now(), terminate_cause="NAS-Reboot"
+        )
+        return closed_count
+
 
 class AbstractNas(OrgMixin, TimeStampedEditableModel):
     name = models.CharField(
diff --git a/openwisp_radius/tests/test_api/test_freeradius_api.py b/openwisp_radius/tests/test_api/test_freeradius_api.py
@@ -1221,6 +1221,7 @@ def test_accounting_when_nas_using_pfsense_started(self):
         response = self.client.post(
             self._acct_url,
             data=json.dumps(data),
+            HTTP_AUTHORIZATION=self.auth_header,
             content_type="application/json",
         )
         self.assertEqual(response.status_code, 200)
@@ -1278,6 +1279,52 @@ def test_user_accounting_list_empty_diff_organization(self):
             self.assertEqual(response.status_code, 200)
             self.assertEqual(len(response.json()), 0)
 
+    @freeze_time(START_DATE)
+    def test_accounting_on_closes_stale_sessions(self):
+        stale_user = self._create_user(username="stale_user", email="stale@user.com")
+        self._create_org_user(user=stale_user)
+        stale_session_data = self.acct_post_data.copy()
+        stale_session_data.update(
+            {
+                "unique_id": "stale-session-1",
+                "called_station_id": "AA-BB-CC-DD-EE-FF",
+                "username": stale_user.username,
+                "stop_time": None,
+            }
+        )
+        stale_session = self._create_radius_accounting(**stale_session_data)
+        self.assertIsNone(stale_session.stop_time)
+        other_user = self._create_user(username="other_user", email="other@user.com")
+        self._create_org_user(user=other_user)
+        other_session_data = self.acct_post_data.copy()
+        other_session_data.update(
+            {
+                "unique_id": "other-session-1",
+                "called_station_id": "11-22-33-44-55-66",
+                "username": other_user.username,
+                "stop_time": None,
+            }
+        )
+        other_session = self._create_radius_accounting(**other_session_data)
+        self.assertIsNone(other_session.stop_time)
+        self.assertEqual(RadiusAccounting.objects.count(), 2)
+        # Simulate Accounting-On packet from the first NAS
+        accounting_on_data = {
+            "status_type": "Accounting-On",
+            "called_station_id": "AA-BB-CC-DD-EE-FF",
+            "unique_id": "accounting-on-packet-id",
+        }
+        response = self.post_json(accounting_on_data)
+        self.assertEqual(response.status_code, 200)
+        self.assertIsNone(response.data)
+        self.assertEqual(RadiusAccounting.objects.count(), 2)
+        stale_session.refresh_from_db()
+        self.assertIsNotNone(stale_session.stop_time)
+        self.assertEqual(stale_session.terminate_cause, "NAS-Reboot")
+        # Session from other NAS unaffected
+        other_session.refresh_from_db()
+        self.assertIsNone(other_session.stop_time)
+
 
 class TestTransactionFreeradiusApi(
     AcctMixin,

Original file line number	Diff line number	Diff line change
`@@ -139,7 +139,7 @@ class Meta:`
`139`	`139`	`("Start", "Start"),`
`140`	`140`	`("Interim-Update", "Interim-Update"),`
`141`	`141`	`("Stop", "Stop"),`
`142`		`- ("Accounting-On", "Accounting-On (ignored)"),`
	`142`	`+ ("Accounting-On", "Accounting-On"),`
`143`	`143`	`("Accounting-Off", "Accounting-Off (ignored)"),`
`144`	`144`	`)`
`145`	`145`