TT#80550 enable admin jwt token for the whole UI

* add admin_jwt realm
    * admin JWT tokens are now used to access all non /api
      content

Change-Id: I711d6419f0b624b02b53876a8c9171ab638b5d09
(cherry picked from commit dc4d9ec84b5b1199f17631e9e1f9a39ab1996807)

lib/NGCP/Panel.pm

@@ -156,6 +156,24 @@ __PACKAGE__->config(
                 use_userdata_from_session => 1,
             }
         },
+        admin_jwt => {
+            credential => {
+                class => '+NGCP::Panel::Authentication::Credential::JWT',
+                username_jwt => 'username',
+                username_field => 'login',
+                id_jwt => 'id',
+                id_field => 'id',
+                jwt_key => _get_jwt_key(),
+                debug => 1,
+                alg => 'HS256',
+            },
+            store => {
+                class => 'DBIx::Class',
+                user_model => 'DB::admins',
+                store_user_class => 'NGCP::Panel::Authentication::Store::RoleFromRealm',
+            },
+            use_session => 0,
+        },
         api_admin => {
             credential => {
                 class => 'Password',

lib/NGCP/Panel/Authentication/Store/RoleFromRealm.pm

@@ -6,7 +6,7 @@ sub roles {
     my ($self) = @_;
 
     if ($self->auth_realm) {
-        for my $auth_type (qw/admin_bcrypt admin api_admin_cert api_admin_http api_admin api_admin_bcrypt api_admin_jwt/) {
+        for my $auth_type (qw/admin_bcrypt admin admin_jwt api_admin_cert api_admin_http api_admin api_admin_bcrypt api_admin_jwt/) {
             if ($auth_type eq $self->auth_realm) {
                 if ($self->_user->is_ccare) {
                     $self->_user->is_superuser ? return "ccareadmin"

lib/NGCP/Panel/Controller/Root.pm

@@ -279,15 +279,14 @@ sub auto :Private {
         }
     } elsif (!$c->user_exists &&
             $c->req->headers->header("Authorization") &&
-            $c->req->headers->header("Authorization") =~ m/^Bearer(\s+)a=/ &&
-            $c->request->path =~ /ajax/) {
+            $c->req->headers->header("Authorization") =~ m/^Bearer(\s+)a=/) {
 
-        $c->log->debug("++++++ Root::auto ajax request with admin JWT");
-        my $realm = "api_admin_jwt";
+        $c->log->debug("++++++ Root::auto UI request with admin JWT");
+        my $realm = "admin_jwt";
         my $res = $c->authenticate({}, $realm);
 
         unless ($c->user_exists) {
-            $c->log->debug("+++++ invalid ajax admin JWT login");
+            $c->log->debug("+++++ invalid UI admin JWT login");
         }
 
         $self->api_apply_fake_time($c);