MT#62093 return 403 Banned for banned users

* add banned user redirect for API requests

Change-Id: I0b09879c2e0802c8cc649c92c239449742314b56
(cherry picked from commit d5fd8679fe)
(cherry picked from commit f8be3dddca)
mr13.0.1
Kirill Solomko 3 months ago
parent 948cea0866
commit c4e1e5525e

@ -447,6 +447,17 @@ sub invalid_user : Private {
return;
}
sub banned_user : Private {
my ($self, $c, $user) = @_;
my $log_user = "'$user'" // '';
$self->error($c, HTTP_FORBIDDEN, "Banned");
$c->log->warn("banned user $log_user api login from '".$c->qs($c->req->address)."'");
return;
}
sub field_to_json : Private {
my ($self, $field) = @_;

@ -229,6 +229,10 @@ sub auto :Private {
}
my $res = NGCP::Panel::Utils::Auth::perform_subscriber_auth($c, $u, $d, $password);
if ($res && $res == -2) {
$c->detach(qw(API::Root banned_user), [$username]);
}
if($res && $c->user_exists) {
$d //= $c->req->uri->host;
$c->log->debug("checking '".$c->user->domain->domain."' against '$d'");
@ -256,6 +260,11 @@ sub auto :Private {
my ($user, $pass) = $c->req->headers->authorization_basic;
#$c->log->debug("user: " . $user . " pass: " . $pass);
my $res = NGCP::Panel::Utils::Auth::perform_auth($c, $user, $pass, "api_admin" , "api_admin_bcrypt");
if ($res && $res == -2) {
$c->detach(qw(API::Root banned_user), [$user]);
}
if($res and $c->user_exists and $c->user->is_active) {
$c->log->debug("admin '".$c->user->login."' authenticated via api_admin_http");
} else {
@ -553,7 +562,7 @@ sub login_jwt :Chained('/') :PathPart('login_jwt') :Args(0) :Method('POST') {
$c->response->status(HTTP_FORBIDDEN);
$c->response->body(encode_json({
code => HTTP_FORBIDDEN,
message => "Forbidden!" })."\n");
message => "Banned" })."\n");
$c->log->debug("Banned user=$log_user realm=$ngcp_realm ip=$ip login attempt");
return;
}

@ -57,7 +57,7 @@ sub perform_auth {
my $res;
return $res if !check_password($pass);
return $res if user_is_banned($c, $user, 'admin');
return -2 if user_is_banned($c, $user, 'admin');
my $dbadmin;
$dbadmin = $c->model('DB')->resultset('admins')->find({
@ -141,7 +141,7 @@ sub perform_subscriber_auth {
}
my $userdom = $domain ? $user . '@' . $domain : $user;
return $res if user_is_banned($c, $userdom, 'subscriber');
return -2 if user_is_banned($c, $userdom, 'subscriber');
my $authrs = $c->model('DB')->resultset('provisioning_voip_subscribers')->search({
webusername => $user,

Loading…
Cancel
Save