diff --git a/lib/NGCP/Panel/Controller/Root.pm b/lib/NGCP/Panel/Controller/Root.pm index 9702f03c63..693533ccc4 100644 --- a/lib/NGCP/Panel/Controller/Root.pm +++ b/lib/NGCP/Panel/Controller/Root.pm @@ -519,6 +519,14 @@ sub login_jwt :Chained('/') :PathPart('login_jwt') :Args(0) :Method('POST') { return; } + if ($pass =~ /[^[:ascii:]]/) { + $c->response->status(HTTP_UNPROCESSABLE_ENTITY); + $c->response->body(encode_json({ code => HTTP_UNPROCESSABLE_ENTITY, + message => "'password' contains invalid characters" })."\n"); + $c->log->error("'password' contains invalid characters"); + return; + } + my ($u, $d, $t) = split(/\@/, $user, 3); if(defined $t) { # in case username is an email address @@ -642,6 +650,14 @@ sub admin_login_jwt :Chained('/') :PathPart('admin_login_jwt') :Args(0) :Method( return; } + if ($pass =~ /[^[:ascii:]]/) { + $c->response->status(HTTP_UNPROCESSABLE_ENTITY); + $c->response->body(encode_json({ code => HTTP_UNPROCESSABLE_ENTITY, + message => "'password' contains invalid characters" })."\n"); + $c->log->error("'password' contains invalid characters"); + return; + } + my $authrs = $c->model('DB')->resultset('admins')->search({ login => $user, is_active => 1, diff --git a/lib/NGCP/Panel/Utils/Auth.pm b/lib/NGCP/Panel/Utils/Auth.pm index 30a31c7cde..b559f883e7 100644 --- a/lib/NGCP/Panel/Utils/Auth.pm +++ b/lib/NGCP/Panel/Utils/Auth.pm @@ -47,6 +47,10 @@ sub perform_auth { my ($c, $user, $pass, $realm, $bcrypt_realm) = @_; my $res; + if ($pass =~ /[^[:ascii:]]/) { + return $res; + } + my $dbadmin; $dbadmin = $c->model('DB')->resultset('admins')->find({ login => $user, @@ -107,6 +111,10 @@ sub perform_subscriber_auth { my ($c, $user, $domain, $pass) = @_; my $res; + if ($pass =~ /[^[:ascii:]]/) { + return $res; + } + my $authrs = $c->model('DB')->resultset('provisioning_voip_subscribers')->search({ webusername => $user, 'voip_subscriber.status' => 'active',