Usage of IP addresses like 1.2.3.4 is not recommended, as they
might point to actually used and non-reserved IPs.
Quoting from RFC 5737 AKA "IPv4 Address Blocks Reserved for
Documentation" (see https://datatracker.ietf.org/doc/html/rfc5737):
| The blocks 192.0.2.0/24 (TEST-NET-1), 198.51.100.0/24 (TEST-NET-2), and
| 203.0.113.0/24 (TEST-NET-3) are provided for use in documentation.
So use 203.0.113.0/24 instead.
Change-Id: I4b85120e1409af306c52693211bd86ea01ec19df
This experimental perl construct has been marked as deprecated in
perl 5.38 and targeted for removal in a later release. Switch its
usage to a normal cascaded if/elsif and avoid future surprises.
Change-Id: I268f6e17482bfa356fed8d1e003b317d24324f2f
It was close to impossible to read ngcp-panel debug log due to:
* missing clear marker of the start reuqest processing, use '***' once only
* some personal markers (like '+++++++') have been removed as they have no
meaning for other developers. Let's remove the personal markers and work to
make the panel debug log well readable for all developers.
Change-Id: I69faff3ab2258fc156e88c7b8da0edfef14c3e6e
* Change the way webpassword is handled accross
NGCP Panel UI/API to comply with new password
encryption
* At login, if password is not encrypted with
high cost due to the ngcp-bcrypt-webpassword
script, encrypt it with proper cost
* Accept old password format as well until all
webpasswords are encrypted
Change-Id: Iefa9584a62ab4b7d2a224d10bdd415e9cbb8dfb5
adds gdpr obfuscation quoting for:
+ subscriber numbers
+ subscriber ip addresses
+ subscriber usernames
+ any logmessage "DATA": query parameters, form data, response data
+ subscriber uuid's
+ call id's
+ callforward sip uri's
the quoting is centralized by $c->qs() ("quote sensitive"), using
catalyst plugin mechanism.
escape symbols are set to « (\x{ab}) and » (\x{bb}).
generate_logfile_data_inventory.pl was modified to mark loglines
with "gdpr affected" status, if $c->qs() was used in a log message.
Change-Id: I0f42d7992594232ae33e5666b0a64009211c5b76
this tool automatically extracts any log message emmitted
by ngcp admin-panel/rest-api.
the script uses two approaches:
1. log messages emitted by catalyst logging facilities
($c->log) directly:
simple regex-based extraction of c->log->(debug|error|..)
invocations.
2. dynamic log messages emitted by invocations of the
Utils/Message.pm helper methods:
this was implemented using a static code analyzing technique.
the script creates a loginventory .yml file for each of the
channels currently defined in rsyslog.conf:
scan for $c->log:
method invocations: 815
identified messages: 815
distinct variables: 308
scan for NGCP::Panel::Utils::Message:
method invocations: 703
identified messages: 2100
distinct variables: 134
log inventory .yml output:
panel-debug.yml: 367 messages
api.yml: 5 messages
panel.yml: 2543 messages
Change-Id: Ia24632076421899a96819d8cf9c5da3bede13efb
Add executable bits for scripts. And remove them for assets.
We do this once in the repo and can then remove the code to do it
everytime at build-time via a dh_fixperms override.
Change-Id: I190123d8f7120e3684c1ecf7915b51ef946b950f
PATCH "remove by value" will from now remove values even if provided hash has less keys, than original value
Change-Id: I2ee04fa279580d662e167c3a0b160fe29d8d79ef
when passing the ?tz=Europe/Vienna with POST/PUT/PATCH, the
callforward timeset period definition input will be converted from
Europe/Vienna timezone to system timezone before persising to DB.
when passing the ?tz parameter with GET requests, the
callforward timeset period definition from DB will be converted
to the given timezone.
the ?use_owner_tz parameter will take the subscriber's inherited
timezone.
disarmed in code for now.
Change-Id: If4e130b241c28821844e0700231d1cd6883bcbfb
this is to fix the TAP tests of the sipwise QA chain
fixed (or ignored):
- ControlStructures::ProhibitMutatingListFunctions
- Documentation::RequirePodSections
- InputOutput::RequireEncodingWithUTF8Layer
- Subroutines::ProhibitSubroutinePrototypes
- BuiltinFunctions::ProhibitStringySplit
- TestingAndDebugging::ProhibitNoStrict
- TestingAndDebugging::ProhibitProlongedStrictureOverride
- InputOutput::ProhibitTwoArgOpen
- CodeLayout::ProhibitQuotedWordLists
Change-Id: I7dce4ce123bad40de2d9b51ba5b1a141e20c3783
by using strict where it wasn't used before
plus fix all bugs that were discovered along the way by enabling strict
Change-Id: I7f9a8bf0cee74014fd7551ec26f2ab3922715efc
* When enabling password_sip/web_validate, panel checks password
against username (web and sip, respectively), and runs it through
cracklib to enforce a reasonably strong password.
* Add auto-generate buttons next to web/sip password.
Change-Id: I11f5f6c2d69dc5658f298094f7d17d26d0a26ee1
If no locally cached API cert is available, download one and use it
throughout all of the tests. Speed-up factor is ~3x.
Change-Id: I083985f4e4ec7d8f7f4e0beec3a604be80a4bb59
For the migration of the admin pwd, the logic is as follows:
1. If the admin has a bcrypt password already, use this
2. If not, perform auth via md5, then clear the md5 column
and write a salted bcrypt hash instead.
For dropping the ssl client cert, we simply not store anymore
the client certificate in the DB. As a result, you cannot
download the certs (pem, p12) after creation anymore, so
we immediately download the two certs in a zip file after
creation.
A cost of 13 takes 500ms on an i7-5500U CPU @ 2.40GHz, which
seems to be a reasonable value.
Change-Id: I1ce21321c58d8c57d7ddce1541995f64821b0053
Until all LI vendors have migrated to REST later this year,
re-introduce a SOAP API for interceptions.
Change-Id: Ie8ef28e745b9f240547c3b6eb99fae4871287308
CAUTION: uses some optimized bulk-insert and truncate mechanisms
bypassing DBIC to make it reasonably fast (1M rows up in ~20s).
Optimized CSV download also to use partial writes to avoid
gateway timeouts on huge files.
Allows to handle LNP carriers in /api/lnpcarriers/.
Allows to handle LNP numbers and batch uploads in /api/lnpnumbers/.
Change-Id: I2f659bf5ee53270bedd3bb416a011bddc558b9ae
Michael Prokop
Guillem Jover
Rene Krenn
Marco Capetta
Alexander Lutay
Andreas Granig
Irina Peshinskaya
Gerhard Jungwirth