diff --git a/lib/NGCP/Panel.pm b/lib/NGCP/Panel.pm index e265678ed6..390808d343 100644 --- a/lib/NGCP/Panel.pm +++ b/lib/NGCP/Panel.pm @@ -133,13 +133,16 @@ __PACKAGE__->config( } }, api_admin => { + # TODO: should be NoPassword, but it's not available in our catalyst version yet credential => { - class => 'NoPassword', + class => 'Password', + password_field => 'is_superuser', + password_type => 'clear', }, store => { class => 'DBIx::Class', user_model => 'DB::admins', - id_field => 'ssl_client_m_serial', + id_field => 'id', store_user_class => 'NGCP::Panel::AuthenticationStore::RoleFromRealm', }, use_session => 0, diff --git a/lib/NGCP/Panel/Controller/Root.pm b/lib/NGCP/Panel/Controller/Root.pm index 7058201a34..9a21da1615 100644 --- a/lib/NGCP/Panel/Controller/Root.pm +++ b/lib/NGCP/Panel/Controller/Root.pm @@ -45,8 +45,17 @@ sub auto :Private { && 0 == index $c->controller->catalyst_component_name, 'NGCP::Panel::Controller::API' ) { my $ssl_client_m_serial = hex $c->request->env->{SSL_CLIENT_M_SERIAL}; - $c->authenticate({ ssl_client_m_serial => $ssl_client_m_serial }, 'api_admin'); - $c->detach(qw(API::Root invalid_user), [$ssl_client_m_serial]) unless $c->user_exists; + my $res = $c->authenticate({ + ssl_client_m_serial => $ssl_client_m_serial, + is_superuser => 1, # TODO: abused as password until NoPassword handler is available + }, 'api_admin'); + unless($c->user_exists) { + use Data::Printer; p $res; + $c->log->debug("+++++ invalid api login"); + $c->detach(qw(API::Root invalid_user), [$ssl_client_m_serial]) unless $c->user_exists; + } else { + $c->log->debug("api_admin '".$c->user->login."' authenticated"); + } return 1; } # don't redirect to login page for ajax uris