TT#130750 do not pack() jwt secret

* the extra packing of the secret key during encode/decode
  conflicts with the API v2 implementation
* move JWT "typ" from the payload to the header

Change-Id: Ica5822d810d6eaf7b3ae017f7037f25637b6f861

lib/NGCP/Panel/Authentication/Credential/JWT.pm

@@ -55,8 +55,7 @@ sub authenticate {
 
     my $jwt_data;
     try {
-        my $raw_key = pack('H*', $self->jwt_key);
-        $jwt_data = decode_jwt(token=>$token, key=>$raw_key, accepted_alg => $self->alg);
+        $jwt_data = decode_jwt(token=>$token, key=>$self->jwt_key, accepted_alg => $self->alg);
     } catch ($e) {
         # something happened
         $c->log->debug("Error decoding token: $e") if $self->debug;

lib/NGCP/Panel/Controller/Login.pm

@@ -64,15 +64,13 @@ sub login_index :Path Form {
                     );
                 }
 
-                my $raw_key = pack('H*', $key);
-
                 my $jwt_data = {
                     id => $c->user->id,
                     username => $c->user->login,
                 };
                 my $token = encode_jwt(
                     payload => $jwt_data,
-                    key => $raw_key,
+                    key => $key,
                     alg => $alg,
                     $relative_exp ? (relative_exp => $relative_exp) : (),
                 );

lib/NGCP/Panel/Controller/Root.pm

@@ -521,8 +521,6 @@ sub login_jwt :Chained('/') :PathPart('login_jwt') :Args(0) :Method('POST') {
         return;
     }
 
-    my $raw_key = pack('H*', $key);
-
     my $auth_user;
     if ($auth_token) {
         my $redis = NGCP::Panel::Utils::Redis::get_redis_connection($c, {database => $c->config->{'Plugin::Session'}->{redis_db}});
@@ -641,9 +639,10 @@ sub login_jwt :Chained('/') :PathPart('login_jwt') :Args(0) :Method('POST') {
         };
         $result->{jwt} = encode_jwt(
             payload => $jwt_data,
-            key => $raw_key,
+            key => $key,
             alg => $alg,
             $relative_exp ? (relative_exp => $relative_exp) : (),
+            extra_headers => { typ => 'JWT' },
         );
         $result->{subscriber_id} = int($auth_user->voip_subscriber->id // 0);
     } else {
@@ -684,8 +683,6 @@ sub admin_login_jwt :Chained('/') :PathPart('admin_login_jwt') :Args(0) :Method(
         return;
     }
 
-    my $raw_key = pack('H*', $key);
-
     my $auth_user;
     if ($auth_token) {
         my $redis = NGCP::Panel::Utils::Redis::get_redis_connection($c, {database => $c->config->{'Plugin::Session'}->{redis_db}});
@@ -759,9 +756,10 @@ sub admin_login_jwt :Chained('/') :PathPart('admin_login_jwt') :Args(0) :Method(
         };
         $result->{jwt} = 'a='.encode_jwt(
             payload => $jwt_data,
-            key => $raw_key,
+            key => $key,
             alg => $alg,
             $relative_exp ? (relative_exp => $relative_exp) : (),
+            extra_headers => { typ => 'JWT' },
         );
         $result->{id} = int($auth_user->id // 0);
     } else {
@@ -798,15 +796,13 @@ sub login_to_v2 :Chained('/') :PathPart('login_to_v2') :Args(0) {
         );
     }
 
-    my $raw_key = pack('H*', $key);
-
     my $jwt_data = {
         id => $c->user->id,
         username => $c->user->login,
     };
     my $token = encode_jwt(
         payload => $jwt_data,
-        key => $raw_key,
+        key => $key,
         alg => $alg,
         $relative_exp ? (relative_exp => $relative_exp) : (),
     );