sipwise
/
ngcp-panel
mirror of https://github.com/sipwise/ngcp-panel.git
1
0
Fork 0
Code Issues Releases Wiki Activity

TT#129162 fix subscriber webpassword field validation

Browse Source 
* 'webpassword' field is now also validated for invalid
  (non-ascii) characters
* Fix multiple APP input field validation erros to comma joined.
* Adjust 'webpassword' field validation errors to have better
  readability when there are multiple validation errors

Change-Id: I21536f97a4da78cc5192a3abd8cd5adef1b819ec
mr10.0
Kirill Solomko 4 years ago
parent 44d0352ec6
commit cc10506b2e
16 changed files with 30 additions and 25 deletions
Show Stats Download Patch File Download Diff File

2
lib/NGCP/Panel/Controller/Root.pm
Unescape View File

@ -603,7 +603,7 @@ sub login_jwt :Chained('/') :PathPart('login_jwt') :Args(0) :Method('POST') {
return;
}
if ($pass =~ /[^[:ascii:]]/) {
unless (NGCP::Panel::Utils::Auth::check_password($pass)) {
$c->response->status(HTTP_UNPROCESSABLE_ENTITY);
$c->response->body(encode_json({ code => HTTP_UNPROCESSABLE_ENTITY,
message => "'password' contains invalid characters" })."\n");

2
lib/NGCP/Panel/Form/Administrator/LIntercept.pm
Unescape View File

@ -26,7 +26,7 @@ sub validate_password {
my $c = $self->form->ctx;
return unless $c;
NGCP::Panel::Utils::Form::validate_password(c => $c, field => $field);
NGCP::Panel::Utils::Form::validate_password(c => $c, field => $field, utf8 => 0);
}
1;

2
lib/NGCP/Panel/Form/Administrator/RecoverPassword.pm
Unescape View File

@ -49,7 +49,7 @@ sub validate_password {
my $c = $self->form->ctx;
return unless $c;
NGCP::Panel::Utils::Form::validate_password(c => $c, field => $field);
NGCP::Panel::Utils::Form::validate_password(c => $c, field => $field, utf8 => 0);
}
1;

2
lib/NGCP/Panel/Form/Administrator/Reseller.pm
Unescape View File

@ -33,7 +33,7 @@ sub validate_password {
my $c = $self->form->ctx;
return unless $c;
NGCP::Panel::Utils::Form::validate_password(c => $c, field => $field);
NGCP::Panel::Utils::Form::validate_password(c => $c, field => $field, utf8 => 0);
}
1;

2
lib/NGCP/Panel/Form/Customer/PbxSubscriber.pm
Unescape View File

@ -265,7 +265,7 @@ sub validate_webpassword {
my $c = $self->form->ctx;
return unless $c;
NGCP::Panel::Utils::Form::validate_password(c => $c, field => $field);
NGCP::Panel::Utils::Form::validate_password(c => $c, field => $field, utf8 => 0);
}
1;

2
lib/NGCP/Panel/Form/Customer/Subscriber.pm
Unescape View File

@ -190,7 +190,7 @@ sub validate_webpassword {
my $c = $self->form->ctx;
return unless $c;
NGCP::Panel::Utils::Form::validate_password(c => $c, field => $field);
NGCP::Panel::Utils::Form::validate_password(c => $c, field => $field, utf8 => 0);
}
1;

2
lib/NGCP/Panel/Form/PasswordRecoveryAPI.pm
Unescape View File

@ -28,7 +28,7 @@ sub validate_new_password {
my $c = $self->form->ctx;
return unless $c;
NGCP::Panel::Utils::Form::validate_password(c => $c, field => $field);
NGCP::Panel::Utils::Form::validate_password(c => $c, field => $field, utf8 => 0);
}
1;

2
lib/NGCP/Panel/Form/Subscriber.pm
Unescape View File

@ -197,7 +197,7 @@ sub validate_webpassword {
my $c = $self->form->ctx;
return unless $c;
NGCP::Panel::Utils::Form::validate_password(c => $c, field => $field);
NGCP::Panel::Utils::Form::validate_password(c => $c, field => $field, utf8 => 0);
}
sub update_fields {

2
lib/NGCP/Panel/Form/Subscriber/EditWebpass.pm
Unescape View File

@ -47,7 +47,7 @@ sub validate_webpassword {
my $c = $self->form->ctx;
return unless $c;
NGCP::Panel::Utils::Form::validate_password(c => $c, field => $field);
NGCP::Panel::Utils::Form::validate_password(c => $c, field => $field, utf8 => 0);
}
1;

2
lib/NGCP/Panel/Form/Subscriber/ResetPassword.pm
Unescape View File

@ -49,7 +49,7 @@ sub validate_password {
my $c = $self->form->ctx;
return unless $c;
NGCP::Panel::Utils::Form::validate_password(c => $c, field => $field);
NGCP::Panel::Utils::Form::validate_password(c => $c, field => $field, utf8 => 0);
}
1;

2
lib/NGCP/Panel/Form/Subscriber/SubscriberSubAdminAPI.pm
Unescape View File

@ -297,7 +297,7 @@ sub validate_webpassword {
my $c = $self->form->ctx;
return unless $c;
NGCP::Panel::Utils::Form::validate_password(c => $c, field => $field);
NGCP::Panel::Utils::Form::validate_password(c => $c, field => $field, utf8 => 0);
}
sub update_fields {

2
lib/NGCP/Panel/Form/SubscriberEdit.pm
Unescape View File

@ -206,7 +206,7 @@ sub validate_webpassword {
my $c = $self->form->ctx;
return unless $c;
NGCP::Panel::Utils::Form::validate_password(c => $c, field => $field);
NGCP::Panel::Utils::Form::validate_password(c => $c, field => $field, utf8 => 0);
}
1;

2
lib/NGCP/Panel/Role/API.pm
Unescape View File

@ -262,7 +262,7 @@ sub validate_form {
($_->parent->$_isa('HTML::FormHandler::Field') ? $_->parent->name . '_' : '') . $_->name,
$in, #for now, we dont change the error response text, even if causes sensitive data in the logs.
#(($_->$_can('todo') && $_->todo()) ? $c->qs($in) : $in),
join('', @{ $_->errors })
join(',', @{ $_->errors })
} $form->error_fields;
$self->error($c, HTTP_UNPROCESSABLE_ENTITY, "Validation failed. $e");
return;

6
lib/NGCP/Panel/Role/API/Admins.pm
Unescape View File

@ -83,12 +83,6 @@ sub process_form_resource{
NGCP::Panel::Utils::API::apply_resource_reseller_id($c, $resource);
my $pass = $resource->{password};
delete $resource->{password};
if(defined $pass) {
$resource->{md5pass} = undef;
$resource->{saltedpass} = NGCP::Panel::Utils::Auth::generate_salted_hash($pass);
}
foreach my $f(qw/billing_data call_data is_active is_master is_superuser is_ccare lawful_intercept read_only show_passwords/) {
$resource->{$f} = (ref $resource->{$f} eq 'JSON::true' || ( defined $resource->{$f} && ( $resource->{$f} eq 'true' || $resource->{$f} eq '1' ) ) ) ? 1 : 0;
}

12
lib/NGCP/Panel/Utils/Auth.pm
Unescape View File

@ -11,6 +11,14 @@ use NGCP::Panel::Utils::Redis;
our $SALT_LENGTH = 128;
sub check_password {
my $pass = shift // return;
return if $pass =~ /[^[:ascii:]]/;
return 1;
}
sub get_special_admin_login {
return 'sipwise';
}
@ -48,9 +56,7 @@ sub perform_auth {
my ($c, $user, $pass, $realm, $bcrypt_realm) = @_;
my $res;
if ($pass && $pass =~ /[^[:ascii:]]/) {
return $res;
}
return $res unless check_password($pass);
my $dbadmin;
$dbadmin = $c->model('DB')->resultset('admins')->find({

11
lib/NGCP/Panel/Utils/Form.pm
Unescape View File

@ -2,12 +2,14 @@ package NGCP::Panel::Utils::Form;
use Sipwise::Base;
use Crypt::Cracklib;
use NGCP::Panel::Utils::Auth;
sub validate_password {
my %params = @_;
my $c = $params{c};
my $field = $params{field};
my $r = $c->config->{security};
my $utf8 = $params{utf8} // 1;
my $pass = $field->value;
my $minlen = $r->{password_min_length} // 6;
@ -31,6 +33,9 @@ sub validate_password {
if($r->{password_musthave_specialchar} && $pass !~ /[^0-9a-zA-Z]/) {
$field->add_error($c->loc('Must contain special characters'));
}
if (!$utf8 && $pass && !NGCP::Panel::Utils::Auth::check_password($pass)) {
$field->add_error($c->loc('Contains invalid characters'));
}
if($field->name eq "password" && $r->{password_sip_validate}) {
my $user;
if($field->form->field('username')) {
@ -39,7 +44,7 @@ sub validate_password {
$user = $c->stash->{subscriber}->provisioning_voip_subscriber->username;
}
if(defined $user && $pass =~ /$user/i) {
$field->add_error($c->loc('Password must not contain username'));
$field->add_error($c->loc('Must not contain username'));
}
unless(Crypt::Cracklib::check($pass)) {
$field->add_error($c->loc('Password is too weak'));
@ -52,10 +57,10 @@ sub validate_password {
$user = $c->stash->{subscriber}->provisioning_voip_subscriber->webusername;
}
if(defined $user && $pass =~ /$user/i) {
$field->add_error($c->loc('Web password must not contain username'));
$field->add_error($c->loc('Must not contain username'));
}
unless(Crypt::Cracklib::check($pass)) {
$field->add_error($c->loc('Web password is too weak'));
$field->add_error($c->loc('Password is too weak'));
}
}
}

Write Preview
Loading…
Cancel
Save