ngcp-panel

Commit Graph

Author	SHA1	Message	Date
Kirill Solomko	02f3f6b3a1	TT#133800 fix webpassword field removal * webpassword field was unconditionally deleted in API GET and DELETE methods, it now relies on resource_from_item for the common approach Change-Id: I703158fd2022b49a49470db28cb22f37e613f841	5 years ago
Kirill Solomko	c50b49db96	TT#133800 fix password fields behaviour in API * PATCH: password fields are not removed when resource is created for apply_patch(), they are removed under the same condititions later when hal is generated, that is to ensure that admin users without the 'show_passwords' flag as well as subscribers will not run into situation when they use PATCH and cannot apply it for "path": "/password" or/and "path": "/webpassword", as they were removed before apply_patch() * rework encrypted webpassword detection. webpasword is detected as encrypted if its length is 54 or 56 and it contains at least one '$' char, there is a chance for false positive detection when a user provides with a plain-text password with the same pattern but it's very unlikely, as well as since mr8.5 webpasswords are expected to be encrypted, and moreover worth case scenario is that the plain-text password will not be returned to the user Change-Id: I8ea739cbf728b2134f3ce00cee29da42ab3fb4a3	5 years ago
Flaviu Mates	b4bc1f2a71	TT#133053 Fix 500 error on /api/authtokens * fix typo 'users' to 'user' and 'role' to 'roles' which were causing the Internal Server Error Change-Id: I3cabadafe34d66a429038dcd2c5b0de797cc6ef1	5 years ago
Kirill Solomko	1cdae0b1e0	TT#125902 add Login CSC v2 support * Login CSC v2 button is shown on the subscriber's master data page if www_admin.http_csc.csc_js_enable == 1 or 2 * When the login is triggered an auth token is generated internally followed by a redirect to CSC as /?a=auth_token * move generate_auth_token() into Utils/Auth * improve generate_auth_token() arguments support * add /api/authtokens error handling Change-Id: Idd65400bf8ce6ce48979c736f6a199fb567ffaa4	5 years ago
Alexander Lutay	12c2911fe4	TT#130659 Improve path debug output in panel-debug.log It is much more usable to see the debug information as URLs: > Jul 22 08:24:53 sp1 ngcp-panel: DEBUG: * New GET request on path: / > Jul 22 08:24:53 sp1 ngcp-panel: DEBUG: * New GET request on path: /subscriber > Jul 22 08:24:53 sp1 ngcp-panel: DEBUG: * New GET request on path: /subscriber/ajax Instead of Catalyst oriented way: > Jul 22 08:24:53 sp1 ngcp-panel: DEBUG: * New GET request on path: > Jul 22 08:24:53 sp1 ngcp-panel: DEBUG: * New GET request on path: subscriber > Jul 22 08:24:53 sp1 ngcp-panel: DEBUG: * New GET request on path: subscriber/ajax Change-Id: I38699152e232c5f5aa2ef218db9bf61c692bbf33	5 years ago
Alexander Lutay	6fbf99e461	TT#130659 Improve debug log layout (common style, removing plus/star markers) It was close to impossible to read ngcp-panel debug log due to: * missing clear marker of the start reuqest processing, use '**' once only some personal markers (like '+++++++') have been removed as they have no meaning for other developers. Let's remove the personal markers and work to make the panel debug log well readable for all developers. Change-Id: I69faff3ab2258fc156e88c7b8da0edfef14c3e6e	5 years ago
Alexander Lutay	6263f167e2	TT#130659 Stop calling systemd openvpn status twice on every HTTP request The ngcp-panel<=>openvpn functionality has never been finished but on every HTTP requset ngcp-panel was asking systemd about openvpn status. Twice! From /var/log/ngcp/panel-debug.log : > Jul 19 09:36:32 sp1 ngcp-panel: DEBUG: Path: dashboard > Jul 19 09:36:32 sp1 ngcp-panel: DEBUG: systemctl list-unit-files openvpn.service > Jul 19 09:36:32 sp1 ngcp-panel: DEBUG: systemctl is-enabled openvpn@ovpn > ... > Jul 19 09:36:33 sp1 ngcp-panel: DEBUG: Path: dashboard/ajax/peering_sum > Jul 19 09:36:33 sp1 ngcp-panel: DEBUG: systemctl list-unit-files openvpn.service > Jul 19 09:36:33 sp1 ngcp-panel: DEBUG: systemctl is-enabled openvpn@ovpn > ... > Jul 19 09:36:33 sp1 ngcp-panel: DEBUG: Path: dashboard/ajax/emergency_mode > Jul 19 09:36:33 sp1 ngcp-panel: DEBUG: systemctl list-unit-files openvpn.service > Jul 19 09:36:33 sp1 ngcp-panel: DEBUG: systemctl is-enabled openvpn@ovpn It is unnecessary load, moreover for not-yet finished feature. Let's move openvpn WIP functionality into 'NGCP Support Status' page and finish it there one day. The goal of this commit is to stop DOS'ing systemd. Change-Id: I6c9ba9e1b218e58b5adffe741f4490b3729d17e7	5 years ago
Kirill Solomko	fc9c71a88e	TT#130203 unify admin and subscriber JWT tokens * /login_jwt is now the only endpoint to issue JWT tokens * JWT token admin/subscriber is provided based on the NGCP_REALM/NGCP_API_REALM fcgi env values (e.g.: https://localhost:1443/login_jwt = admin JWT token and https://localhost/login_jwt = subscriber JWT token) * Authorization: Bearer a= prefix is deprecated * Clients cannot use subscriber JWT token to access admin NGCP_API_REALM https://localhost:1443/api/... and vice-versa Change-Id: I46edf4c7aaf7bb835dc4ac6b7535aa2d6b5ac136	5 years ago
Alexander Lutay	42e63e5711	TT#130659 Remove rrd-related ngcp-panel code Change-Id: I76880ba12037f1653c4c969e442738cc7f3eb185	5 years ago
Kirill Solomko	53408c2e94	TT#130750 do not pack() jwt secret * the extra packing of the secret key during encode/decode conflicts with the API v2 implementation * move JWT "typ" from the payload to the header Change-Id: Ica5822d810d6eaf7b3ae017f7037f25637b6f861	5 years ago
Kirill Solomko	a4bf25a43d	TT#130203 add typ=JWT into the JWT payload * the 'typ' key is required for API v2 to accept the JWT Change-Id: I184a8acfeab6c66617ccaf0a46a28771f68bfa8f	5 years ago
Flaviu Mates	9b422ddabf	TT#126601 Implement /api/authtokens endpoint * the endpoint will receive "type" (expires\|onetime) and "expires" (positive integer representing seconds) * type will define the expiray method for the token; onetime: the token expires as soon as it's used, or after "expires" seconds if not used expires: the token can be used multiple times until it expires according to the "expires" param value * login_jwt endpoint for generating the JWT token for subscribers has been enhanced to accept the "token" param, containing the token generated using the /api/authtokens endpoint * admin_login_jwt endpoint for generating the JWT token for admins has been enhanced to accept the "token" param, containing the token generated using the /api/authtokens endpoint * login_jwt and amin_login_jwt will respond with 403 "Forbidden" if the token role stored in Redis does not match the role of the user that generated it * /api/authtokens is hidden from documentation for now Change-Id: I4eb76c2b08f2e24774fa84ba0ccf7412ce8670e8	5 years ago
Kirill Solomko	407490c101	TT#129162 respect framed setting for root default Change-Id: Ibced32326b213ba2d8cce90cc5d915e464b56027	5 years ago
Kirill Solomko	f4597b6ed7	TT#129162 add bcrypt password characters check Change-Id: I08723d02a7e4bc042351444b201d1f96cc986af3	5 years ago
Kirill Solomko	20e77c7b54	TT#129162 tighten user access checks * add additional centralised checks for inactive and read_only users. * use_userdata_from_session=0 now for all auth realms to cause the data re-fetched from the database, to avoid scenarios when a user is set as inactive or read_only and UI keeps using the cached data. the change only affects cookie and JWT subscriber based sessions as in all other cases, the auth data is fetched from the storage regardless. * add is_active=1 flag for the internal 'system' role, as otherwise access would be permanently denied for it. * default 403 error for denied api requests is changed to "Forbidden" instead of "Forbidden path". Change-Id: I1d6d3c765ca8e017e11845c1f5260243a3963c3b	5 years ago
Flaviu Mates	c1752e7e82	TT#128552 Add filtering by name for /api/billingprofiles Change-Id: I8b62b4b7ad4aec3d0538fb84a3b73e451fcb1db1	5 years ago
Kirill Solomko	d17c4be4a5	TT#121250 improve sip_lcr_reload and sip_domain_reload * sip_lcr_reload is now called after "commit" in all API endpoints, to correctly reflect updated DB changes. It was correct in /api/peeringrules POST but not correct in DELETE, as well as also not correct in /api/peeringservers and /api/peeringgroups * sip_domain_reload does not check if the domain is successfully reload in kamailio proxy as is logic is redundant, it fails however if domain reload XMLRPC request failed on any available proxy servers. Another reason is by default tcp_conn_wq_max in kamailio-proxy is 32KB by default and that causes an impact when domain.dump XMLRPC is used on very large domain sets (600+), as well as sip_domain_reload has improved performance with the removed XMLRPC domain.dump body parsing. Change-Id: I17c5718198b06b1ce78b2654f3d7c3bd2830f60b	5 years ago
Rene Krenn	40c4ade6ea	TT#118802 log raw perl catalyst request time (cherry picked from commit 05f2f1137d6d3ce1deb1880eb1427b94e409c691) Change-Id: I6bda815d2ccf2800a0a352c0d44aaee8039ee8d5	5 years ago
Flaviu Mates	a840fc5224	TT#125850 Add filtering by 'type' for /api/contracts Change-Id: Ibc1f1fe4558472523d949cdea30815a08637e138	5 years ago
Kirill Solomko	102e494708	TT#121250 /api/peeringrules fix lcr.reload * xmlrpc lcr.reload request is now sent after the transaction is committed, otherwise the reload operation is performed without the newly added changes in the peering rules Change-Id: I728605a8d277b00d02a3f864c84f172306f7b090	5 years ago
Flaviu Mates	e09c478ee1	TT#124275 Add 'Login to CSC' button in subscriber page * upon pressing the button, a new session object with selected subscriber's details will be inserted in Redis, and also a new ngcp-panel_subscriber cookie will be created containing the session id of the previously created session object; then the user will be redirected to CSC v1 address where the selected subscriber will be authenticated based on the cookie and Redis info * the new button will be available for admin, reseller, ccare and ccareadmin roles Change-Id: I03952efe4abe18e61884859c466d700a7885ead4	5 years ago
Kirill Solomko	85c7d7c071	TT#123550 add /api/platforminfo virtual endpoint * /api/platforminfo does not have its own endpoint file and therefore, does not appear in the rendered documentation. it only supports GET method and renders the template file. the endpoint is designed to provide with the prerendered JSON data containing the current platform configuration. * /api/platforminfo supports both authenticated and anonymous requests, where based on that, the template provides with the corresponding info withing the current scope. Change-Id: Idc8138595eda2c14e7f8dc7ed97cc50039fd1adc	5 years ago
Flaviu Mates	43abaeee4d	TT#119464 Add start_time and end_time filter params to callrecordings * the new filter params works as follows: * if start_time is provided, recordings with start time greater than provided value are displayed * if end_time is provided, recordings with end time less than provided value are displayed Change-Id: Ie9cfb88141506581e2b724d4502b88091f9c7a02	5 years ago
Flaviu Mates	884229fc74	TT#123650 Fix 500 error in Panel UI Email Templates * Replace wrong usage of 'reseller_id' filter for missed templates resultsedl use 'id' instead, because the query is made directly on resellers table Change-Id: I85bdcda79168979c8b1bb0503ab7bba91c5f8a78	5 years ago
Flaviu Mates	f4cb6933b4	TT#119550 Allow subscribers to manage their registrations * give access to subscribers roles to see, create and update own registrations * subscriberadmins can manage all registrations of subscribers under same customer Change-Id: I643121da901b0ed99fc718106a1632da4e1e1936	5 years ago
Flaviu Mates	35d9c3598a	TT#122001 Allow subscribers to access /api/subscriberprofiles * subscribers are now allowed to fetch their own subscriber profile, they can't modify them Change-Id: Iabf1244020d0f453257993cf24d4c9036a125397	5 years ago
Gerhard Jungwirth	64c120a5e5	TT#44168 create additional form for subadmin non-pbx subscriber edit The fix has been created by Gerhard Jungwirth three years ago for branch 'mr5.5' and was not merged into branch 'master'. It is a follow up master commit to address customer ticket TT#82306. The cherry-pick has been done AS IS, with one small trivial resolution: > + my $is_pbx_customer = $c->stash->{billing_mapping}->product->class eq "pbxaccount"; > my $base_number; > > ++<<<<<<< HEAD > + if($subscriber->contract->product->class eq "pbxaccount") { > ++======= > + if($is_pbx_customer) { > ++>>>>>>> 239d4a385... TT#44168 create additional form for subadmin non-pbx subscriber edit Change-Id: Ie242c4ad44fc21319cdaa29dcca423fe241aab20 (cherry picked from commit `239d4a3859`)	5 years ago
Kirill Solomko	1e06df3fdf	TT#114304 /api/resellers?status support multi values * /api/resellers 'status' query parameter now supports comma separated multi values e.g.: status=active,locked Change-Id: I16b7499079a7ac7b2070910141ba12fada52bbb4	5 years ago
Kirill Solomko	0484c0d15f	TT#114304 add status query param to /api/resellers * it's now possible to filter reselelers by their status (active, terminated), the default return of all resellers has not changed. Change-Id: I6e1f2b6745ac6c3c4a012fe261ee5db810084be3	5 years ago
Alexander Lutay	131e79fba6	TT#88903 Reset 'framed' session state if user open v1 as URL in browser If user is typing URL directly in the browser window, the request has no 'referer' header and we should reset the 'framed' session state to prevent corrupted 'framed=1' output which confuses endusers a lot. Change-Id: I8f381daec80dfd95fab6ecbaecfa66438f5d53f0	5 years ago
Kirill Solomko	3e207aa27b	TT#121250 /api/peeringrules use old model * PeeringRules.pm is back to the old model for consistency and to be backward compatible * it contains the duplicate check fix Change-Id: I2253f0e740bea7115efb7d1f072ec73498f20040	5 years ago
Kirill Solomko	ba82a55171	TT#121250 fix /api/peeringrules * PeeeringRules.pm now uses the Entities approach for fine transaction control that fixes the POST operations Change-Id: Ieb666d3009393404e04171966adc0912f55a8a4f	5 years ago
Rene Krenn	9aaf04efea	TT#120651 susbcriber datatable performance: fix initial page load time Change-Id: I76702dfeb73ed3e3125fd2c5663862e31f0c5b7f	5 years ago
Kirill Solomko	87bdb69560	TT#120309 fix datatable escape html rendering * in mRender (custom_renderers), "data" variable is a string, therefore data.escapeHtml could not be used * add new function argument "opt", where it is a dedicated hash containing custom passable options, so it now looks as function(data, type, full, opt) * adapted the existing code to include/use the new argument where applicable Change-Id: I4957eece3b2d0f6359cbc8f36caf5a350d7bad95	5 years ago
Flaviu Mates	a9817e52d8	TT#116900 Use multidomain when deleting a registration * deleting a registration would fail when the domain of the registrations would not exist due to the fact that multidomain is not enabled Change-Id: If512c0c9ce6c8f7a72deaa5b6a8ebe6737404f2a	5 years ago
Flaviu Mates	b13e487732	TT#118600 Fix /api/callrecordingstreams filter by recording_id * change 'call' to 'me.call' to avoid ambigous usage in SQL query, since 'call' is a column in other joined tables Change-Id: I3fb52aa7c42687b6be377e51f50779dd92f61ebe	5 years ago
Flaviu Mates	cece861d1e	TT#113513 Handle duplicate billingprofiles in API * Add handling of mysql duplicate billingprofile errors for reseller_id-handle and reseller_id-name combinations Change-Id: Ife81d723f4208202311ca8cf3c3a12e7bf4827a2	5 years ago
Flaviu Mates	bbc5468fa2	TT#108854 Implement /api/userinfo endpoint * it will return user's username, role and a structure where information about the user's permitted operations on all api endpoints and permitted operations on the fields of that entity can be found Change-Id: I11d2f5b60d24ca7b70ffc6dcf8ea94f9a3a221d1	5 years ago
Flaviu Mates	8bc9a3974c	TT#108162 Reseller branding primary and secondary colors * add color pickers and store the hex code of the colors inside the branding table in panel UI * implement /api/resellerbrandings endpoint, where all things related to reseller branding can be managed; the branding logo will still be retrieved using /api/resellerrandinglogos Change-Id: Ib7ed364811acf67ffd62252d9799a0af8b91e9bc	5 years ago
Alexander Lutay	a7d718cc28	TT#113765 AUI: Remove v1_auth from v1->v2 URL It is no longer necessary there (c) Hans-Peter. Change-Id: I7cbb3e18d2f82eec24f9ba4355a3192c7cbf5477	5 years ago
Alexander Lutay	6c86122c37	TT#113251 Create journal 'update' records for 'admins' REST API Change-Id: I6867a3e23e9e9c7e04ebb900e8eaf608f49732da	5 years ago
Flaviu Mates	055751eb81	TT#109604 Implement blob preferences upload in Panel UI * Create upload and content type form fields for 'blob' type preferences * Implement blob preference upload/download to database * Show blob content in read only text area if content is text Change-Id: Ic4b800f84324eab0aadbf8eeb55c03c770ecc94f	5 years ago
Flaviu Mates	0d0a2faf90	TT#100761 Allow subscribers to access /api/applyrewrites * Give subscribers permissions to apply rewrites but only for their own subscriber id Change-Id: I6fdb449190169802ba8d3ed71effb41c60b00125	5 years ago
Rene Krenn	92455d8566	TT#107051 enable "add" for PATCH /billingprofiles/x Change-Id: Ifc9e54987eacd5f4b09e15c8866c25e6537619d3	5 years ago
Rene Krenn	00f0614ef9	TT#107051 fix PATCH /billingprofiles/x - peaktimes Change-Id: I3d074976f15618d84cfd8ee4694a0fd4250fe091	5 years ago
Rene Krenn	be92558686	TT#105954 /api/invoices: accept 'application/pdf' type Change-Id: I5b01d2f627a17bdb527de0f92cf14de0d505aa0e	5 years ago
Kirill Solomko	88d91b8349	TT#106003 fix /api/peeringrules transaction control Change-Id: Ic00ad3e4a0f97808ec94b5b36e1b1e909fb00e07	5 years ago
Flaviu Mates	52cbca5430	TT#102054 Add original filename param to device configuration template * This will be used to diferentiate between configurations requested by the phone Change-Id: I423f0fe78f994d4c4dee00503dc66fc56e0b52f7	5 years ago
Flaviu Mates	551c8b39f9	TT#103401 Allow subscriber access to /api/mailtofaxsettings/{id} * Add subscriber roles to MailToFaxSettingsItem and allow them to only access their settings * Don't return the 'active' field on subsciber requests; instead, return 403 if mail2fax is not active Change-Id: I773df0c21fcba29f9e7b5172160178ff99482964	5 years ago
Kirill Solomko	35316221bf	TT#101300 /api/subscriberlocationmappings fix search by subscriber_id Change-Id: Ib2bd10d6537bf3267ee17a4fba16b25100748997	5 years ago

1 2 3 4 5 ...

1778 Commits (02f3f6b3a1979221eca06f836c2e4fa60e1444db)