From cefd712509b179ab4b09a846f93d1204dd656b4a Mon Sep 17 00:00:00 2001
From: Kirill Solomko <ksolomko@sipwise.com>
Date: Fri, 9 Jul 2021 16:57:21 +0200
Subject: [PATCH] TT#129162 add bcrypt password characters check

Change-Id: I08723d02a7e4bc042351444b201d1f96cc986af3
(cherry picked from commit f4597b6ed70064c7c53cde24c75ed4168b03378c)
---
 lib/NGCP/Panel/Controller/Root.pm | 16 ++++++++++++++++
 lib/NGCP/Panel/Utils/Auth.pm      |  8 ++++++++
 2 files changed, 24 insertions(+)

diff --git a/lib/NGCP/Panel/Controller/Root.pm b/lib/NGCP/Panel/Controller/Root.pm
index 9702f03c63..693533ccc4 100644
--- a/lib/NGCP/Panel/Controller/Root.pm
+++ b/lib/NGCP/Panel/Controller/Root.pm
@@ -519,6 +519,14 @@ sub login_jwt :Chained('/') :PathPart('login_jwt') :Args(0) :Method('POST') {
         return;
     }
 
+    if ($pass =~ /[^[:ascii:]]/) {
+        $c->response->status(HTTP_UNPROCESSABLE_ENTITY);
+        $c->response->body(encode_json({ code => HTTP_UNPROCESSABLE_ENTITY,
+            message => "'password' contains invalid characters" })."\n");
+        $c->log->error("'password' contains invalid characters");
+        return;
+    }
+
     my ($u, $d, $t) = split(/\@/, $user, 3);
     if(defined $t) {
         # in case username is an email address
@@ -642,6 +650,14 @@ sub admin_login_jwt :Chained('/') :PathPart('admin_login_jwt') :Args(0) :Method(
         return;
     }
 
+    if ($pass =~ /[^[:ascii:]]/) {
+        $c->response->status(HTTP_UNPROCESSABLE_ENTITY);
+        $c->response->body(encode_json({ code => HTTP_UNPROCESSABLE_ENTITY,
+            message => "'password' contains invalid characters" })."\n");
+        $c->log->error("'password' contains invalid characters");
+        return;
+    }
+
     my $authrs = $c->model('DB')->resultset('admins')->search({
         login => $user,
         is_active => 1,
diff --git a/lib/NGCP/Panel/Utils/Auth.pm b/lib/NGCP/Panel/Utils/Auth.pm
index 30a31c7cde..b559f883e7 100644
--- a/lib/NGCP/Panel/Utils/Auth.pm
+++ b/lib/NGCP/Panel/Utils/Auth.pm
@@ -47,6 +47,10 @@ sub perform_auth {
     my ($c, $user, $pass, $realm, $bcrypt_realm) = @_;
     my $res;
 
+    if ($pass =~ /[^[:ascii:]]/) {
+        return $res;
+    }
+
     my $dbadmin;
     $dbadmin = $c->model('DB')->resultset('admins')->find({
         login => $user,
@@ -107,6 +111,10 @@ sub perform_subscriber_auth {
     my ($c, $user, $domain, $pass) = @_;
     my $res;
 
+    if ($pass =~ /[^[:ascii:]]/) {
+        return $res;
+    }
+
     my $authrs = $c->model('DB')->resultset('provisioning_voip_subscribers')->search({
         webusername => $user,
         'voip_subscriber.status' => 'active',