sipwise
/
ngcp-panel
mirror of https://github.com/sipwise/ngcp-panel.git
1
0
Fork 0
Code Issues Releases Wiki Activity

MT#64280 add ngcp_admin_ui_jwt realm and X-NGCP-Admin-UI header

Browse Source 
* ngcp_admin_ui_jwt is a copy of api_admin_jwt realm but with
  use_session: 1
* ngcp_admin_ui_jwt is used when X-NGCP-Admin-UI header is provided

Change-Id: Ia82f97df922a69866f7c7d63ad1566ff0fc4bc2a
master
Kirill Solomko 2 weeks ago
parent 10df50468b
commit 41fb2d22cc
3 changed files with 54 additions and 12 deletions
Show Stats Download Patch File Download Diff File

20
lib/NGCP/Panel.pm
Unescape View File

@ -327,7 +327,25 @@ __PACKAGE__->config(
store_user_class => 'NGCP::Panel::Authentication::Store::RoleFromRealm',
use_userdata_from_session => 0,
}
}
},
ngcp_admin_ui_jwt => {
credential => {
class => '+NGCP::Panel::Authentication::Credential::JWT',
username_jwt => 'username',
username_field => 'login',
id_jwt => 'id',
id_field => 'id',
jwt_key => _get_jwt_key(),
debug => 1,
alg => 'HS256',
},
store => {
class => 'DBIx::Class',
user_model => 'DB::admins',
store_user_class => 'NGCP::Panel::Authentication::Store::RoleFromRealm',
},
use_session => 1,
},
},
ngcp_version => get_ngcp_version(),
uploadtmp => $panel_config->{general}{tmpdir} // '/tmp',

2
lib/NGCP/Panel/Authentication/Store/RoleFromRealm.pm
Unescape View File

@ -6,7 +6,7 @@ sub roles {
my ($self) = @_;
if ($self->auth_realm) {
for my $auth_type (qw/admin_bcrypt admin admin_jwt api_admin_cert api_admin_http api_admin api_admin_bcrypt api_admin_jwt/) {
for my $auth_type (qw/admin_bcrypt admin admin_jwt api_admin_cert api_admin_http api_admin api_admin_bcrypt api_admin_jwt ngcp_admin_ui_jwt/) {
if ($auth_type eq $self->auth_realm) {
if ($self->_user->lawful_intercept) {
return "lintercept";

44
lib/NGCP/Panel/Controller/Root.pm
Unescape View File

@ -210,12 +210,24 @@ sub auto :Private {
$c->log->debug("Invalid api subscriber JWT login");
}
} else {
$c->log->debug("Root::auto API request with admin JWT");
my $realm = "api_admin_jwt";
my $res = $c->authenticate({}, $realm);
if ($c->req->headers->header("X-NGCP-Admin-UI") &&
$c->req->headers->header("X-NGCP-Admin-UI") eq "1") {
unless ($c->user_exists) {
$c->log->debug("Invalid api admin JWT login");
$c->log->debug("Root::auto API request from NGCP-Admin-UI with admin JWT");
my $realm = "ngcp_admin_ui_jwt";
my $res = $c->authenticate({}, $realm);
unless ($c->user_exists) {
$c->log->debug("Invalid api NGCP-Admin-UI admin JWT login");
}
} else {
$c->log->debug("Root::auto API request with admin JWT");
my $realm = "api_admin_jwt";
my $res = $c->authenticate({}, $realm);
unless ($c->user_exists) {
$c->log->debug("Invalid api admin JWT login");
}
}
}
@ -341,12 +353,24 @@ sub auto :Private {
$c->req->headers->header("Authorization") &&
$c->req->headers->header("Authorization") =~ m/^Bearer /) {
$c->log->debug("Root::auto UI request with admin JWT");
my $realm = "admin_jwt";
my $res = $c->authenticate({}, $realm);
if ($c->req->headers->header("X-NGCP-Admin-UI") &&
$c->req->headers->header("X-NGCP-Admin-UI") eq "1") {
unless ($c->user_exists) {
$c->log->debug("invalid UI admin JWT login");
$c->log->debug("Root::auto UI request from NGCP-Admin-UI with admin JWT");
my $realm = "ngcp_admin_ui_jwt";
my $res = $c->authenticate({}, $realm);
unless ($c->user_exists) {
$c->log->debug("Invalid NGCP-Admin-UI admin JWT login");
}
} else {
$c->log->debug("Root::auto UI request with admin JWT");
my $realm = "admin_jwt";
my $res = $c->authenticate({}, $realm);
unless ($c->user_exists) {
$c->log->debug("invalid UI admin JWT login");
}
}
$self->api_apply_fake_time($c);

Write Preview
Loading…
Cancel
Save