ngcp-panel

Commit Graph

Author	SHA1	Message	Date
Rene Krenn	358139edee	MT#59447 admin user LDAP authentication Change-Id: I86005af30dee6285d80fe69f020f4a33cb23a608	5 months ago
Mykola Malkov	a8476ad20d	MT#58444 Set correct permissions/ownership for ssl files Key and csr files should be 640. All other files 644. Ownership for all files should be root:ssl-cert. Change-Id: Ie4c0c8070d856d881b9d47aa65f953869537ee1e	5 months ago
Guillem Jover	bdbd12613c	MT#61459 Do not use Perl indirect object syntax This syntax is discouraged, and it is not enabled by default any longer starting with the 5.36 feature bundles. Stop using it so that we can eventually bump our minimum required Perl version. Fixes: Objects::ProhibitIndirectSyntax Warned-by: perlcritic Ref: https://metacpan.org/pod/feature#The-'indirect'-feature Change-Id: I3f89ce74908a896027efa825d90eab3d2e53b1ee	5 months ago
Rene Krenn	598f7dbaf4	MT#61513 prevent duplicates in GET /api/callrecordings callrecording metakeys such as "uuid" for the involved call party is present multiple times by nature. the ?subscriber_id= query param will then narrow down the result. alongside an implicit role filtering (reseller/subscriber), the sql join and filtering for the uuid key is present 2 times however, and multiplied records slip through. this can be prevented with DISTINCT. to avoid performance impacts and consider other metakeys orrcuring multiple times, it will be applied only if a filter is present. Change-Id: I08047aaee265e2e0a706220e03fd4617da16d33c	5 months ago
Rene Krenn	1c09e2773a	MT#60197 support deleting call recordings per subscriber admin panel will no longer delete callrecordings for all parties of the call, but the single subscriber only. rest-api, behaves the same way, if the ?subscriber_id= parameter is provided. when a callrecording is deleted by all call parties, the remaining records and recording files will be dropped. Change-Id: I61f667bdb074a935a8a04473a3685b10e5e09222	6 months ago
Marco Capetta	97adbaf8e7	MT#60864 Fix Sync Email Templates button behavior The 'Sync Email Templates' button is shown in the Email Templates page in case some templates is missing for a reseller. The problem is that the button takes into consideration also resellers that are already terminated and for which the template is not needed anymore. Thus the query has been in fixed in order adding: r.status != 'terminated' Change-Id: I2dd551166ae777c8967eae3bda989b669b46b5c0	7 months ago
Kirill Solomko	e83588874b	MT#60553 handle API subscriber timezone field separately * timezone field for SubscriberSubAdminAPI form is now Text instead of +NGCP::Panel::Field::TimezoneSelect because the template => 'helpers/datatables_field.tt' produces a field validation error, as well as the Field is designed for UI and not API. * add validate_timezone() field validation to SubscriberAPI and SubscriberSubAdminAPI forms. Change-Id: I6391694284477976d8d6cee71a81e2241bd94937	7 months ago
Sipwise Jenkins Builder	d24d4c21c4	Release new version 13.1.0.0+0~mr13.1.0.0	7 months ago
Marco Capetta	f9a328f83d	MT#61065 Fix 'cli' preference removal In commit `b51c0c9698` the possibility to change the 'cli' preference by subscriber and subscriber_admin was added (under certain limits). On the other hand, the additiona of that part of code broke the possibility to remove the preference using the PATCH api. It is a very uncommon scenario though, but it seems anyway used by some customer. We may think to deprecate this possibility one day, but till then we don't have to create regression to customer. Change-Id: Ie695b567929eb79b1ba63d3c5a31ae5ce7b559bd	7 months ago
Kirill Solomko	55b27b3f2a	MT#61100 add pbx device/firmware search by type/tag Change-Id: Id41acdee57274d2791748f9e9d29f0d5f05b1965	7 months ago
Marco Capetta	d40126ef0a	MT#60756 Fix subscriberprofiles POST api call as reseller Administrators with reseller role were not able to create new subscriberprofiles because API was fialing with 500 error. In particular: LOG="«DBIx::Class::Row::store_column(): No such column 'reseller_id' on NGCP::Panel::Model::DB::voip_subscriber_profiles at /usr/share/perl5/NGCP/Panel/Controller/API/SubscriberProfiles.pm line 172» The error was caused by the addition of the reseller_id info in the $resourse even if not needed. Change-Id: I7970a2716d7af959639937a9a844160ab73a9176	7 months ago
Marco Capetta	a02cac37c3	MT#60860 Update new favicon in png format Firefox requires a png format of the favicon instead of an ico version, so this format has been added as well in all the possible supported sizes. Change-Id: I69ccb339f01953e32a89eeded6587030fe05cfeb	8 months ago
Marco Capetta	43a1be5aee	MT#60860 Update new sipwise logo The new sipwise logo has been updated in: * AUI header * CSC header * AUI/CSC favicon * AUI default invoice template Change-Id: I9367c72615d210c66f35ee27a378aa427021ab56	8 months ago
Kirill Solomko	13f9cd1489	MT#60858 add passwordchange to test links valid syntax checks Change-Id: Idf247b31cde94915c13cdb163cd5787e1f55697f	8 months ago
Kirill Solomko	a7589aeba8	MT#60877 /api/preferencemetaentries accept default_val as boolean * default_val is now correctly accepted as either 1/0 or true/false * fix 500 error when default_val is provided as JSON true/false Change-Id: Id6db9c13ae458ddd61e5a68865249eb4e3e124bf	8 months ago
Kirill Solomko	558fbcbb42	MT#60858 add /api/passwordchange endpoint to api-test root links Change-Id: I04993c82de58a04664ce90f38850bc461e8d7ca6	8 months ago
Kirill Solomko	a3945269fc	MT#59449 fix perform_auth to send correct realm to ban check * perform_auth $realm is in a form of a subrealm, e.g. api_admin_http api_admin_jwt, etc. where for bans check it's 'admin' realm. Therefore, user_is_banned() is now called from there using explicit 'admin' realm as the argument. Change-Id: I3a10a9b492bf9dbe83ddd34a8851e83b23f90587	8 months ago
Kirill Solomko	bbd44f16fa	MT#60858 add /api/passwordchange endpoint * the new endpoint accepts new_password fields and enables for authenticated user a mechanism to quickly change their password * the global password validation rules are enabled * returns 204 No Content * if user's password is expired, the endpoint is the only accessible for the user to change the password and unlock other endpoints. * a few fixes in validate_password() to correctly fetch provisioning subscriber for password change scenarios and webpassword field Change-Id: I906fcfe5c780b850d322b46b445b54c054767673	8 months ago
Kirill Solomko	e09de1e781	MT#60558 invoke max subscribers/group license check only on POST * max subscribers/group license check is invoked only on POST to enable clients to modify existing entries even if the threshold is reached. Change-Id: I858b42ada5c95c179f901e43837b15358027011b	8 months ago
Kirill Solomko	f4c5f229c3	MT#60710 add DELETE to pbxdevicemodels api-test allowed methods Change-Id: Ieda873026e0fbc75ef890d3844c6123c4d33cfc2	8 months ago
Kirill Solomko	46d297dec2	MT#60656 improve 403 Password Expired for expired passwords * 403 Password Expired is now correctly returned for POST /login_jwt when a password is expired, instead of returning the token. * 403 Password Expired is now correctly returned for API requests and redirect to /changepassword only happens for non API requests. * improve Utils::Auth::check_max_age() to accept also $auth_user and $ngcp_realm for cases (like /login_jwt) where there is an authenticated user but there is no $c->user. Change-Id: I302ad8654bdf16fe0882625fd6e9a8bba7a8ad42	8 months ago
Kirill Solomko	4b00a59d99	MT#60710 fix pbxdeviceprofiles allowed_roles typo Change-Id: I29e48ca8a8db9ab6751c0fef1399932d62195e48	8 months ago
Kirill Solomko	f3bc8097e7	MT#60710 add missing DELETE method for pbx endpoints * enable DELETE method for: - /api/pbxdevicefirmwares/ - /api/pbxdevicemodels/ - /api/pbxdeviceprofiles/ * /api/pbxdeviceprofiles fix allowed_roles for 'subscriberadmin' to only allow GET method Change-Id: I4ed8f591529e161aa08648c99093459128b55203	8 months ago
Marco Capetta	463969b2a8	MT#59449 Fix selenium tests after password enforcements Change-Id: I6f7b4c5598acf126008a6e72bc8021e1007ff2ac	8 months ago
Kirill Solomko	b97be4502d	MT#60709 add PBX expand by device_id,profile_id,config_id * device_id, profile_id (device related), config_id are now expandable in the respective /api/pbxdevice* endpoints. * fix expand collection logic to avoid ambiguous 'order by id'. Change-Id: I0b1f4b3da093fb04a30e5097881af6131c1afe46	8 months ago
Kirill Solomko	78dfb7f7d8	MT#60656 do not check max_age if user does not exist * prevent max age check if user does not exist (not logged in) and return 1 instead. Change-Id: I5d1af5f46eec6a3eea6df0d719a35d1fedb19b3e	9 months ago
Kirill Solomko	b041888807	MT#60656 add max_age password validation support * UI: password are now validated against $c->config->{security}{password}{web_max_age_days} (unless it's 0) and if the password is expired the user is redirected automatically to /changepassword page, and after successful password change back to the original page. * API: if password is expired all API requests will be returning 403 Forbidden "Password expired", except PUT/PATCH to /api/admins or /api/subscribers with the new password in place. * successful login on the UI now redirects to /dashboard instead of / (to prevent unintended redirect to v2) Change-Id: I075f8e17cc9b0658d6b3b3d526ca5b379d050ce4	9 months ago
Marco Capetta	a2a01d4690	MT#59979 permit GET on resellers and billing profiles items even without license In some cases the UI requires to GET information from a specific reseller or billing profile because needed to show/created other endpoints (for example 'customers'). Due to that it has been added the possiiblity to do the GET not only of the list of the resellers and biling profiles, but also of each specific item. Change-Id: Iebbbbc494ce71e616d8e41ca20e97bebce7998b8	9 months ago
Kirill Solomko	c7ae8c1dcf	MT#60300 fix sound sets list rendering for reseller * fix code typo that prevented correct rendering of the sound sets list for reseller roles Change-Id: I35ea38a37932b8dd563a0b95f7e2481a5c45cdbe	9 months ago
Kirill Solomko	0a9fb5d28b	MT#59449 fix subscriber auth attempts without username * subscriber login attempts without Basic Auth are now correctly intercepted and returned as 403 Forbidden Change-Id: I3deb60d8ac4f107bccd6422d27426e39a39e50f1	9 months ago
Kirill Solomko	c4c710e7dc	MT#60558 fix max_pbx_groups $c argument typo Change-Id: Id0c4d2078c98d20d236851e977439959624d1491	9 months ago
Kirill Solomko	e2e1776090	MT#60558 move max license checks for POST /api/subscribers * the relevant max license checkes are moved from Controller::API::Subscribers::POST to Utils::Subscribers::prepare_resource because there we fetch customer_id from the pilot subscriber in case of pbx subscriberadmin requests that is neccessary for PBX subscribers max license check. Change-Id: I2d1c212d73fe5b9295d1595b4fffebeb67b61e5a	9 months ago
Kirill Solomko	65ae07a97b	MT#60601 obfuscate password/webpassword in API valdiation errors * plain text passwords are obfuscated in validation errors returned by API Change-Id: Iff989696ce09faff34692eaa129aee6981340a97	9 months ago
Kirill Solomko	4a9a632da1	MT#59449 sub auth fix possible username without undef domain * perform_subscriber_auth(): check if domain is undefined and use only $user, otherwise $user . @ . $domain. Change-Id: I3d342fb2c4768c2b7b3e0c08ea41e429b83e9683	9 months ago
Kirill Solomko	2972d3b62d	MT#59449 add progressive user bans support * users are now progressively banned. * ban_min_time is used to ban a user for the first time. * consecutive ban is ban_min_time + ban_increment * ban_increment_stage * ban_max_time is the absolute maximum ban time that is not increased any further. * a successful login resets the ban_increment_stage. Change-Id: I4d7e1a93d7a21d21a0dcf69d856a872d2ed75ea0	9 months ago
Kirill Solomko	f383837ea9	MT#60595 add expand by package_id * package_id field can now be expanded Change-Id: I6555134fbc5c50aae49a64876712fcc8678385f2	9 months ago
Kirill Solomko	e6b29d3e7b	MT#59449 fix password validation enabled/disabled, admins * correctly detect and skip password validation when sip_validatation or web_validation is not enabled respectively * better detect web password for admin users * /api/admins PUT/PATCH now also correctly checks last used passwords Change-Id: I9a6fa9b8e30ae2b81d2852dec0e1f9d858be13ef	9 months ago
Sipwise Jenkins Builder	55cf852151	Release new version 13.0.0.0+0~mr13.0.0.0	9 months ago
Kirill Solomko	cfe0a44b8d	MT#60585 add user ban by IP address, ban JWT invalid attempts * ban users by IP addresses * ban invalid JWT attempts Change-Id: I0c7746aa751ca96cba0ce4d1388646ba4890a422	9 months ago
Kirill Solomko	60fa23cb68	MT#60585 add user ban support * users for admin/subscriber realms are now banned if failed to login X amount of times (UI/API). * rework Redis connection and it's now a Catalyst plugin NGCP::Redis accessed by $c->redis_get_connection({database => 19}), the connection per database, per worker process is established only once and then reused (with auto built-in reconnect support). * remove Utils::Redis.pm as it does not have any code/logic anymore. * ban values are taken from $config->{security}{login} as - ban_enable: 1 - ban_expire_time: 3600 ban expire time in seconds - max_attempts: 5 * if max_attempts set to 0, the ban functionality is disabled as it requires to be at least 1 to work. * upon successful login or ban, the failed attempts counter is removed * the failed attempts counter is also removed automatically with the expire time equals "ban_expire_time" or otherwise 3600 seconds. * user bans are logged into panel.log * banned user receives exactly the same return page/codes as per invalid logic. Change-Id: I05cc68c623ee289488fc64f1af50527004dcaae1	9 months ago
Kirill Solomko	d9f283cbc8	MT#59449 enhance password validation and handling * passwords are now validated based on - minlen - maxlen - min lower case chars - min uppper case chars - min digits - min special chars * Data::Password::zxcvbn is used to calculate password score and reject passwords with score < 3 as weak (this library is ported from the Dropbox password validation) * Add password journals and check last used passwords in the journals * Improve password generator javascript function to generate a password with at least 4 of each of the char group types. * Currently affected are subcriber and admin entry creation or modification via UI/API * NGCP::Utils::Auth add optional bcrypt_cost support as last argument for generate_salted_hash and get_usr_salted_pass Change-Id: I100c25107d91741d5101bc58d29a3fa558b0b017	9 months ago
Kirill Solomko	43d112bd5e	MT#60558 add max subscribers/groups license checks * max_subscribers, max_pbx_subscribers, max_pbx_groups license checks are added for subscriber/group creation in UI/API * new accessor $c->license_meta that returns meta license flags hashref * new accessor $c->license_max_subscribers * new accessor $c->license_max_pbx_subscribers * new accessor $c->license_max_pbx_groups * the new accessors (except license_meta) return -1 instead of 'unlimited' to ease off comprarsion * 403 Forbidden is returned by the API if a license is violated. Change-Id: I3f5a949efc84bf85b76b33404b37b362ec484d5f	9 months ago
Kirill Solomko	9d021be65a	MT#59979 add license control * UI and API parts are now under license control * new Util::License::get_license($c, $name) - fetches license status by name (1 if enabled, and also if /proc/ngcp/check if 'ok') * add Catalyst::Plugins::NGCP::License with license($name) to fetch valid license by name from anywhere using $c->license('pbx') or from the templates using c.license('pbx'). It internally uses Util::License::get_license($c, $name) * License::get_license_status($c) now requires $c as first argument as well logs license status check errors. * new ActionRoles::License that enables usage of :Does(License) RequiresLicense('pbx') LicenseDetachTo('/denied_page') in the Controller chains * Add license control for UI elements and return 403 Forbidden if a resource is covered by licenses and the license is not active * Hide UI elements if a license is not active * API/Entities/Entities new $c->set_config key: - per endpoint: $c->set_config({ required_licenses => [qw/pbx device_provisioning/] } - or per method: $c->set_config({ required_licenses => { POST => [qw/pbx device_provisioning/] } } } * In case if an API endpoint does not have a license: 403 Forbidden "Invalid license" reply is returned. * Add license based restrictions to API endpoints * /api documentation: - completely hide endpoints that do not have an active license - hide only methods that does not have an active license Change-Id: Iba45fc5068b02306a617fed7b5405f2210574b61	9 months ago
Rene Krenn	9c103302c8	MT#60575 dynamically load provisioning templates module Change-Id: Ibff509825f82a75c9b0221505a1673d78b401989	9 months ago
Marco Capetta	551cc2fb98	MT#60515 rename hm inbound/outbound directions to a_inbound/a_outbound inbound/outbound no longer represent the "full" direction and belong only to A leg, so they are renamed to a_inbound/a_outbound accordingly. Change-Id: I639b799c3649c9b3ca78eee831b49ef0cfa14287	9 months ago
Rene Krenn	0fd36ace55	MT#60520 prov templates: fix lookup of items item (contract, contact, subscriber) lookup will pick the first matching element (an arbitrary one if multiple are matching). ie. when lookup identifiers are too loose (f.ex. subscribers without domain in a multidomain setup) it might pick a wrong item - which is ok (supposed to bail out at a later step) unless that wrong item is a terminated one, causing to proceed checks on a terminated record (which can never happen from API or UI side since those hide terminated items), which produces a misleading 500 error in the end. we prevent this now by ensuring that looked up items are not terminated ones. even if the looked up items is not the desired one, becasue of an inaccurate template. Change-Id: I6691937c2e62b05915c7eac9980224abe2185b2c	9 months ago
Marco Capetta	fefa5ea173	MT#60511 Form/Header/Rule add direction "b_outbound" This is needed to perform manipulations to the SIP message just before it leaves the system on the B-Leg side. Change-Id: If93d0277582a086253b84088a93adc4ecfa187b1	9 months ago
Kirill Solomko	10a88cf669	MT#58964 /api/platforminfo add license_meta * new Utils::License::get_license_meta($c) to fetch license meta ({} by default) that contains license related metadata such as current and max amount of subcsribers and license valid until date. currently the following data is fetched from /proc/ngcp check current_calls current_pbx_groups current_pbx_subscribers current_registered_subscribers current_subscribers license_valid_until max_calls max_pbx_groups max_pbx_subscribers max_registered_subscribers max_subscribers valid * Controller::API::Root platforminfo now also returns license_meta Change-Id: I323cdfd646335a408e0150ecd69ad950fa0461ab	9 months ago
Kirill Solomko	524a264850	MT#60498 add search by not_null, change null param * add search by not_null for fields that ends with _id and integers, that adds "IS NOT NULL" to the SQL search query by the field. * null and not null values are expected now as $null and $not_null to avoid conflicts when user searches by null strings that may be a valid case. Change-Id: I8e8b8c9060e985dfe2b94cbfcca1587f05477fe9	9 months ago
Kirill Solomko	6cb38f0971	MT#58964 do not render licenses for public platforminfo * public access (no user) to /api/platforminfo gets only the default public json file without licenses rendering Change-Id: I636e042944c7c18a08db22e9142a8624c67332c7	9 months ago

1 2 3 4 5 ...

5540 Commits (master) All Branches Search

5540 Commits (master)

All Branches