From ac7c50332ac9272c467dca27f508eb756fb71a3b Mon Sep 17 00:00:00 2001
From: Kirill Solomko <ksolomko@sipwise.com>
Date: Tue, 28 Apr 2020 11:07:02 +0200
Subject: [PATCH] TT#80550 enable admin JWT auth for ajax requests

    * non-API requests with "ajax" in the path can now
      be authenticated with the admin JWT token

Change-Id: Ide7f092b62cf36deb5a2e99599fbfaac0b751747
---
 lib/NGCP/Panel/Controller/Root.pm | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/lib/NGCP/Panel/Controller/Root.pm b/lib/NGCP/Panel/Controller/Root.pm
index d5d2ade9d9..90a3bea090 100644
--- a/lib/NGCP/Panel/Controller/Root.pm
+++ b/lib/NGCP/Panel/Controller/Root.pm
@@ -275,7 +275,22 @@ sub auto :Private {
             #$c->log->debug("return 1");
             return 1;
         }
-    } elsif (not $c->user_exists) {
+    } elsif (!$c->user_exists &&
+            $c->req->headers->header("Authorization") &&
+            $c->req->headers->header("Authorization") =~ m/^Bearer(\s+)a=/ &&
+            $c->request->path =~ /ajax/) {
+
+        $c->log->debug("++++++ Root::auto ajax request with admin JWT");
+        my $realm = "api_admin_jwt";
+        my $res = $c->authenticate({}, $realm);
+
+        unless ($c->user_exists) {
+            $c->log->debug("+++++ invalid ajax admin JWT login");
+        }
+
+        $self->api_apply_fake_time($c);
+        return 1;
+    } elsif (!$c->user_exists) {
 
         # don't redirect to login page for ajax uris
         if($c->request->path =~ /\/ajax$/) {