sipwise
/
ngcp-panel
mirror of https://github.com/sipwise/ngcp-panel.git
1
0
Fork 0
Code Issues Releases Wiki Activity

MT#19765 add subscriberlogin for API

Browse Source 
in line with the web-login, a domain can be specified or defaults to
the request host.
because validating the format "username@domain" is not supported natively
by the catalyst HTTP auth plugin, the domain is checked manually at the
appropriate place.

Change-Id: Ifcc86234bc27598244788d1b4b07c2611c2e593b
changes/36/6136/6
Gerhard Jungwirth 10 years ago
parent bb4f87e62c
commit 1c2c8cf4fd
6 changed files with 61 additions and 5 deletions
Show Stats Download Patch File Download Diff File

17
lib/NGCP/Panel.pm
Unescape View File

@ -153,6 +153,23 @@ __PACKAGE__->config(
},
use_session => 0,
},
api_subscriber_http => {
credential => {
class => 'HTTP',
#type => 'digest',
type => 'basic',
username_field => 'webusername',
password_field => 'webpassword',
password_type => 'clear',
},
store => {
class => 'DBIx::Class',
user_model => 'DB::provisioning_voip_subscribers',
store_user_class => 'NGCP::Panel::AuthenticationStore::RoleFromRealm',
# use_userdata_from_session => 1,
},
use_session => 0,
},
api_admin_system => {
credential => {
class => 'HTTP',

2
lib/NGCP/Panel/AuthenticationStore/RoleFromRealm.pm
Unescape View File

@ -12,7 +12,7 @@ sub roles {
: return "reseller";
}
}
foreach my $auth_type (qw/subscriber api_subscriber/) {
foreach my $auth_type (qw/subscriber api_subscriber_http/) {
if ($auth_type eq $self->auth_realm) {
$self->_user->admin ? return "subscriberadmin"
: return "subscriber";

4
lib/NGCP/Panel/Controller/API/RtcSessions.pm
Unescape View File

@ -41,7 +41,7 @@ __PACKAGE__->config(
action => {
map { $_ => {
ACLDetachTo => '/api/root/invalid_user',
AllowedRole => [qw/admin reseller/],
AllowedRole => [qw/admin reseller subscriber subscriberadmin/],
Args => 0,
Does => [qw(ACL CheckTrailingSlash RequireSSL)],
Method => $_,
@ -143,7 +143,7 @@ sub POST :Allow {
} elsif($c->user->roles eq "reseller") {
$resource->{reseller_id} = $c->user->reseller_id; # TODO: ?
} else {
$resource->{subscriber_id} = $c->user->id;
$resource->{subscriber_id} = $c->user->voip_subscriber->id;
}
my $subscriber_item = $c->model('DB')->resultset('voip_subscribers')->search_rs({

2
lib/NGCP/Panel/Controller/API/RtcSessionsItem.pm
Unescape View File

@ -39,7 +39,7 @@ __PACKAGE__->config(
action => {
(map { $_ => {
ACLDetachTo => '/api/root/invalid_user',
AllowedRole => [qw/admin reseller/],
AllowedRole => [qw/admin reseller subscriber subscriberadmin/],
Args => 1,
Does => [qw(ACL RequireSSL)],
Method => $_,

35
lib/NGCP/Panel/Controller/Root.pm
Unescape View File

@ -68,6 +68,7 @@ sub auto :Private {
$c->log->debug("++++++ Root::auto unauthenticated API request");
my $ssl_dn = $c->request->env->{SSL_CLIENT_M_DN} // "";
my $ssl_sn = hex ($c->request->env->{SSL_CLIENT_M_SERIAL} // 0);
my $ngcp_api_realm = $c->request->env->{NGCP_API_REALM} // "";
if($ssl_sn) {
$c->log->debug("++++++ Root::auto API request with client auth sn '$ssl_sn'");
unless($ssl_dn eq "/CN=Sipwise NGCP API client certificate") {
@ -113,10 +114,42 @@ sub auto :Private {
$c->log->warn("invalid api system login from '".$c->req->address."'");
}
$self->api_apply_fake_time($c);
return 1;
} elsif ($ngcp_api_realm eq "subscriber") {
$c->log->debug("++++++ Root::auto API subscriber request with http auth");
my $realm = "api_subscriber_http";
my ($username,$password) = $c->req->headers->authorization_basic;
my ($u,$d) = split(/\@/,$username);
if ($d) {
$c->req->headers->authorization_basic($u,$password);
}
my $res = $c->authenticate({}, $realm);
if($c->user_exists) {
$d //= $c->req->uri->host;
$c->log->debug("++++++ checking '".$c->user->domain->domain."' against '$d'");
if ($c->user->domain->domain ne $d) {
$c->user->logout;
$c->log->debug("+++++ invalid api subscriber http login (domain check failed)");
$c->log->warn("invalid api http login from '".$c->req->address."'");
my $r = $c->get_auth_realm($realm);
$r->credential->authorization_required_response($c, $r);
return;
}
$c->log->debug("++++++ subscriber '".$c->user->webusername."' authenticated via api_subscriber_http");
} else {
$c->user->logout if($c->user);
$c->log->debug("+++++ invalid api subscriber http login");
$c->log->warn("invalid api http login from '".$c->req->address."'");
my $r = $c->get_auth_realm($realm);
$r->credential->authorization_required_response($c, $r);
return;
}
$self->api_apply_fake_time($c);
return 1;
} else {
$c->log->debug("++++++ Root::auto API request with http auth");
$c->log->debug("++++++ Root::auto API admin request with http auth");
my $realm = "api_admin_http";
my $res = $c->authenticate({}, $realm);

6
lib/NGCP/Panel/Role/API/RtcSessions.pm
Unescape View File

@ -75,6 +75,12 @@ sub item_rs {
},{
join => {subscriber => { voip_subscriber => { contract => 'contact' }}},
});
} else {
$item_rs = $item_rs->search({
'subscriber.id' => $c->user->id,
},{
join => 'subscriber',
});
}
return $item_rs;

Write Preview
Loading…
Cancel
Save