ngcp-panel

Commit Graph

Author	SHA1	Message	Date
Kirill Solomko	d9f283cbc8	MT#59449 enhance password validation and handling * passwords are now validated based on - minlen - maxlen - min lower case chars - min uppper case chars - min digits - min special chars * Data::Password::zxcvbn is used to calculate password score and reject passwords with score < 3 as weak (this library is ported from the Dropbox password validation) * Add password journals and check last used passwords in the journals * Improve password generator javascript function to generate a password with at least 4 of each of the char group types. * Currently affected are subcriber and admin entry creation or modification via UI/API * NGCP::Utils::Auth add optional bcrypt_cost support as last argument for generate_salted_hash and get_usr_salted_pass Change-Id: I100c25107d91741d5101bc58d29a3fa558b0b017	9 months ago
Andreas Granig	8f8e1d5fc9	TT#78557 - Use bcrypt to hash webpassword * Change the way webpassword is handled accross NGCP Panel UI/API to comply with new password encryption * At login, if password is not encrypted with high cost due to the ngcp-bcrypt-webpassword script, encrypt it with proper cost * Accept old password format as well until all webpasswords are encrypted Change-Id: Iefa9584a62ab4b7d2a224d10bdd415e9cbb8dfb5	5 years ago
Kirill Solomko	2c8a11029a	TT#80305 add JWT authentication for admin users * /admin_login_jwt now returns a JWT token for admin users and also the JWT token is supported in the authorization process for the admin requests Change-Id: I987640d46bd8a339a959a6b2efb65b6dce06bf8c	5 years ago
Guillem Jover	467084705d	TT#71950 Fix typos Warned-by: codespell Change-Id: If7e52bf2fbf013586e802e5ebb77a272599d9c38	5 years ago
Rene Krenn	cf6ae55991	TT#60850 fix api cert unique serial generator the client cert serial was taken from epoch time in secs. if a computer is fast enough, there is the chance a subsequent POST /admincert did not invalidate the old cert properly (as expected by api-cert-auth.t), but created an identical one. Change-Id: Ifd906489029efd17df0997c5aceec3ac1db08fb1	6 years ago
Rene Krenn	76b88062a1	TT#56411 honor use_session => 0 for bcrypt auth Revert "Revert "TT#56411 honor use_session => 0 for bcrypt auth WIP"" This reverts commit `1cfc524f80`. Change-Id: I7eb0842bd61a4aaddbe50206fb974110ead8efb6	6 years ago
Rene Krenn	1cfc524f80	Revert "TT#56411 honor use_session => 0 for bcrypt auth WIP" This reverts commit `4789f6b61f`. Change-Id: I6b514443afe9e2a8dbc1ae4a527a38fd3fc1d1c6	6 years ago
Rene Krenn	4789f6b61f	TT#56411 honor use_session => 0 for bcrypt auth WIP Change-Id: I549c4e6fc18b7cb738e99b3a6e254a47db3af0cf	6 years ago
Irina Peshinskaya	4b2dc9a649	TT#52355 Use pattern for systemctl --list-unit-files openvpn search Change-Id: I51acca0d11bcdd86d57ab697fb57e5699b8e658b	6 years ago
Irina Peshinskaya	b27e4c5b87	TT#46856 Add openvpn toggle from admin panel Change-Id: I128e49117bd211edc44e2bf286c80cfc5a677b6a	6 years ago
Irina Peshinskaya	d7c6689b93	TT#22496 TT#22495 Disable "sipwise" admin edit and delete Change-Id: I33341247220c389f997ca02104ccfa6028e76ebb	8 years ago
Andreas Granig	b60b439220	TT#13249 Implement API to create admin client cert Admins can use this to generate a new ssl client certificate package in ZIP format containing a PEM and a P12 cert, the same way you can do it on the admin panel. Admins can generate that for themselves in all cases, or for others if they are master or superuser. If role is reseller, then masters can only do this within their own reseller. Change-Id: I32d5c1b5af5324d1c80b34bacecd7f2665cd91c7	8 years ago
Andreas Granig	5918c162e1	TT#12601 API must implement bcrypt auth/migration Not only the web login must support bcrypt auth, but also the API access. Change-Id: Iee7c5b7a073000e797725919a5752f9eaf77c958	8 years ago
Andreas Granig	8ad683d5ae	TT#12601 Move admin pass to bcrypt and drop cert For the migration of the admin pwd, the logic is as follows: 1. If the admin has a bcrypt password already, use this 2. If not, perform auth via md5, then clear the md5 column and write a salted bcrypt hash instead. For dropping the ssl client cert, we simply not store anymore the client certificate in the DB. As a result, you cannot download the certs (pem, p12) after creation anymore, so we immediately download the two certs in a zip file after creation. A cost of 13 takes 500ms on an i7-5500U CPU @ 2.40GHz, which seems to be a reasonable value. Change-Id: I1ce21321c58d8c57d7ddce1541995f64821b0053	8 years ago

14 Commits (master)