sipwise
/
ngcp-panel
mirror of https://github.com/sipwise/ngcp-panel.git
1
0
Fork 0
Code Issues Releases Wiki Activity

MT#3927 custom auth

Browse Source
ldieckow/rest
Lars Dieckow 12 years ago
parent aba646f59b
commit f6e01fdbd6
4 changed files with 37 additions and 10 deletions
Show Stats Download Patch File Download Diff File

12
lib/NGCP/Panel.pm
Unescape View File

@ -123,6 +123,18 @@ __PACKAGE__->config(
store_user_class => 'NGCP::Panel::AuthenticationStore::RoleFromRealm', store_user_class => 'NGCP::Panel::AuthenticationStore::RoleFromRealm',
} }
}, },
api_admin => {
credential => {
class => 'NoPassword',
},
store => {
class => 'DBIx::Class',
user_model => 'DB::admins',
id_field => 'ssl_client_m_serial',
store_user_class => 'NGCP::Panel::AuthenticationStore::RoleFromRealm',
},
use_session => 0,
},
subscriber => { subscriber => {
credential => { credential => {
class => 'Password', class => 'Password',

24
lib/NGCP/Panel/Controller/Root.pm
Unescape View File

@ -18,19 +18,25 @@ sub auto :Private {
$c->log->debug("*** Root::auto called"); $c->log->debug("*** Root::auto called");
if($c->controller =~ /::Root\b/ if (
or $c->controller =~ /::Login\b/) { __PACKAGE__ eq $c->controller->catalyst_component_name
or 'NGCP::Panel::Controller::Login' eq $c->controller->catalyst_component_name
$c->log->debug("*** Root::auto grant access to " . $c->request->path); or $c->req->uri->path =~ m|^/device/autoprov/.+|
return 1; ) {
} elsif($c->req->uri->path =~ /^\/device\/autoprov\/.+/) { $c->log->debug("*** Root::auto skip authn, grant access to " . $c->request->path);
$c->log->debug("*** Root::auto grant access to " . $c->request->path);
return 1; return 1;
} }
unless($c->user_exists) { unless($c->user_exists) {
$c->log->debug("*** Root::auto user not authenticated"); $c->log->debug("*** Root::auto user not authenticated");
if (
exists $c->request->env->{SSL_CLIENT_M_SERIAL}
&& 0 == index $c->controller->catalyst_component_name, 'NGCP::Panel::Controller::API'
) {
my $ssl_client_m_serial = hex $c->request->env->{SSL_CLIENT_M_SERIAL};
$c->authenticate({ ssl_client_m_serial => $ssl_client_m_serial }, 'api_admin');
$c->detach(qw(API::Root invalid_user), [$ssl_client_m_serial]) unless $c->user_exists;
return 1;
}
# don't redirect to login page for ajax uris # don't redirect to login page for ajax uris
if($c->request->path =~ /\/ajax$/) { if($c->request->path =~ /\/ajax$/) {
$c->response->body("403 - Permission denied"); $c->response->body("403 - Permission denied");

2
share/layout/wrapper.tt
Unescape View File

@ -1,5 +1,5 @@
[% [%
IF template.name.match('(\.html$|\.css$|\.js$|\.txt$)'); IF template.name.match('^api|(\.html$|\.css$|\.js$|\.txt$)');
content; content;
ELSIF template.name.match('^login\/login\.tt$'); ELSIF template.name.match('^login\/login\.tt$');
content WRAPPER html.tt; content WRAPPER html.tt;

9
share/templates/api/invalid_user.tt
Unescape View File

@ -0,0 +1,9 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Invalid certificate serial number</title>
</head>
<body>
<p>Invalid certificate serial number <var>[% ssl_client_m_serial %]</var></p>
</body>
</html>
Write Preview
Loading…
Cancel
Save