MT#62093 return 403 Banned for banned users

* add banned user redirect for API requests

Change-Id: I0b09879c2e0802c8cc649c92c239449742314b56
(cherry picked from commit d5fd8679fe)
(cherry picked from commit f8be3dddca)

lib/NGCP/Panel/Controller/API/Root.pm

@@ -447,6 +447,17 @@ sub invalid_user : Private {
     return;
 }
 
+sub banned_user : Private {
+    my ($self, $c, $user) = @_;
+
+    my $log_user = "'$user'" // '';
+
+    $self->error($c, HTTP_FORBIDDEN, "Banned");
+    $c->log->warn("banned user $log_user api login from '".$c->qs($c->req->address)."'");
+
+    return;
+}
+
 sub field_to_json : Private {
     my ($self, $field) = @_;
 

lib/NGCP/Panel/Controller/Root.pm

@@ -229,6 +229,10 @@ sub auto :Private {
             }
             my $res = NGCP::Panel::Utils::Auth::perform_subscriber_auth($c, $u, $d, $password);
 
+            if ($res && $res == -2) {
+                $c->detach(qw(API::Root banned_user), [$username]);
+            }
+
             if($res && $c->user_exists) {
                 $d //= $c->req->uri->host;
                 $c->log->debug("checking '".$c->user->domain->domain."' against '$d'");
@@ -256,6 +260,11 @@ sub auto :Private {
             my ($user, $pass) = $c->req->headers->authorization_basic;
             #$c->log->debug("user: " . $user . " pass: " . $pass);
             my $res = NGCP::Panel::Utils::Auth::perform_auth($c, $user, $pass, "api_admin" , "api_admin_bcrypt");
+
+            if ($res && $res == -2) {
+                $c->detach(qw(API::Root banned_user), [$user]);
+            }
+
             if($res and $c->user_exists and $c->user->is_active)  {
                 $c->log->debug("admin '".$c->user->login."' authenticated via api_admin_http");
             } else {
@@ -553,7 +562,7 @@ sub login_jwt :Chained('/') :PathPart('login_jwt') :Args(0) :Method('POST') {
         $c->response->status(HTTP_FORBIDDEN);
         $c->response->body(encode_json({
             code => HTTP_FORBIDDEN,
-            message => "Forbidden!" })."\n");
+            message => "Banned" })."\n");
         $c->log->debug("Banned user=$log_user realm=$ngcp_realm ip=$ip login attempt");
         return;
     }

lib/NGCP/Panel/Utils/Auth.pm

@@ -57,7 +57,7 @@ sub perform_auth {
     my $res;
 
     return $res if !check_password($pass);
-    return $res if user_is_banned($c, $user, 'admin');
+    return -2 if user_is_banned($c, $user, 'admin');
 
     my $dbadmin;
     $dbadmin = $c->model('DB')->resultset('admins')->find({
@@ -141,7 +141,7 @@ sub perform_subscriber_auth {
     }
 
     my $userdom = $domain ? $user . '@' . $domain : $user;
-    return $res if user_is_banned($c, $userdom, 'subscriber');
+    return -2 if user_is_banned($c, $userdom, 'subscriber');
 
     my $authrs = $c->model('DB')->resultset('provisioning_voip_subscribers')->search({
         webusername => $user,