MT#62093 return 403 Banned for banned users

* add banned user redirect for API requests Change-Id: I0b09879c2e0802c8cc649c92c239449742314b56 (cherry picked from commit d5fd8679fe)
3 months ago · 4127ca377c
parent 388eb892ee
commit 4127ca377c
3 changed files with 23 additions and 3 deletions
--- a/lib/NGCP/Panel/Controller/API/Root.pm
+++ b/lib/NGCP/Panel/Controller/API/Root.pm
@ -447,6 +447,17 @@ sub invalid_user : Private {
    return;
 }

+sub banned_user : Private {
+    my ($self, $c, $user) = @_;
+
+    my $log_user = "'$user'" // '';
+
+    $self->error($c, HTTP_FORBIDDEN, "Banned");
+    $c->log->warn("banned user $log_user api login from '".$c->qs($c->req->address)."'");
+
+    return;
+}
+
 sub field_to_json : Private {
    my ($self, $field) = @_;

--- a/lib/NGCP/Panel/Controller/Root.pm
+++ b/lib/NGCP/Panel/Controller/Root.pm
@ -229,6 +229,10 @@ sub auto :Private {
            }
            my $res = NGCP::Panel::Utils::Auth::perform_subscriber_auth($c, $u, $d, $password);

+            if ($res && $res == -2) {
+                $c->detach(qw(API::Root banned_user), [$username]);
+            }
+
            if($res && $c->user_exists) {
                $d //= $c->req->uri->host;
                $c->log->debug("checking '".$c->user->domain->domain."' against '$d'");
@ -256,6 +260,11 @@ sub auto :Private {
            my ($user, $pass) = $c->req->headers->authorization_basic;
            #$c->log->debug("user: " . $user . " pass: " . $pass);
            my $res = NGCP::Panel::Utils::Auth::perform_auth($c, $user, $pass, "api_admin" , "api_admin_bcrypt");
+
+            if ($res && $res == -2) {
+                $c->detach(qw(API::Root banned_user), [$user]);
+            }
+
            if($res and $c->user_exists and $c->user->is_active)  {
                $c->log->debug("admin '".$c->user->login."' authenticated via api_admin_http");
            } else {
@ -553,7 +562,7 @@ sub login_jwt :Chained('/') :PathPart('login_jwt') :Args(0) :Method('POST') {
        $c->response->status(HTTP_FORBIDDEN);
        $c->response->body(encode_json({
            code => HTTP_FORBIDDEN,
-            message => "Forbidden!" })."\n");
+            message => "Banned" })."\n");
        $c->log->debug("Banned user=$log_user realm=$ngcp_realm ip=$ip login attempt");
        return;
    }
--- a/lib/NGCP/Panel/Utils/Auth.pm
+++ b/lib/NGCP/Panel/Utils/Auth.pm
@ -76,7 +76,7 @@ sub perform_auth {
    my $log_failed_login_attempt = 1;

    return $res if !check_password($pass);
-    return $res if user_is_banned($c, $user, 'admin');
+    return -2 if user_is_banned($c, $user, 'admin');

    my $dbadmin;
    $dbadmin = $c->model('DB')->resultset('admins')->find({
@ -174,7 +174,7 @@ sub perform_subscriber_auth {
    }

    my $userdom = $domain ? $user . '@' . $domain : $user;
-    return $res if user_is_banned($c, $userdom, 'subscriber');
+    return -2 if user_is_banned($c, $userdom, 'subscriber');

    my $authrs = $c->model('DB')->resultset('provisioning_voip_subscribers')->search({
        webusername => $user,