ngcp-panel

Commit Graph

Author	SHA1	Message	Date
Kirill Solomko	124c343049	MT#63182 /api/subscribers add lockwait and deadlock detection * API::check_deadlock() add lockwait detection. * lockwait and deadlock detection is now in place for ALL /api/subscribers endpoint methods. because of logic complexity it uses own deadlock detection instead of relying on Entities. It however uses $self->check_deadlock() and similar logic. Change-Id: Idc1876910711563fe14c878541e350ad373d6d31 (cherry picked from commit `3bb3d9e4e4`) (cherry picked from commit `09d011af45`)	4 months ago
Rene Krenn	00a007da16	MT#62568 subscriber 2FA impl Change-Id: Iada4c3a6b0d61babe50178b31c773f5b5897c8c1	5 months ago
Marco Capetta	c4542d04a2	MT#61427 Remove quick access to the OLD CSC panel Removed quick access to the OLD CSC panel from the subscriber detail page. The old csc and the mixed mode (old + new) are not supported anymore. Additionally the parameter ngcp_panel config parameter csc_js_enable has been renamed to a more general 'enable'. Change-Id: Iec60e1aa3e7e1fcdb4a58ec7e922358a0bb596b7	5 months ago
Kirill Solomko	0ce365852d	MT#62890 fix and improve voicemailgreetings upload * any wav file is now accepted and converted to GSM 6.10, instead of having a strict requirement of GSM files only * provide error messages with single quotes instead of escaped double quotes * error messages do not contain code backtrace info anymore * temporary files are correctly removed on errors and on a successful upload Change-Id: I7b72dc623d231aa90d0a0f99f8d711c48d3d23f2	5 months ago
Guillem Jover	32b0cb1899	MT#62763 Suppress perlcritic false positives or intentional violations Warned-by: perlcritic Change-Id: I7466d820e8257165e55e1f500bb256dd697de963	6 months ago
Kirill Solomko	4d26ca5c9a	MT#62705 improve peer_auth registrations support * DELETE /api/peeringgroups and PUT/PATCH/DELETE /api/peeringservers now call sip_create_peer_registration or delete_peer_registration correspondingly to correctly reflect the registartion on related changes * rework Panel::Utils::Peering create_peer_registration() and delete_peer_registration() - use provisioning peer db object in the argument instead of a separate hash to simplify its logic - adjust related UI parts that call these functions as well as cleanup now unnesessary code from there * Panel::Utils::Peering: remove '_' prefix from _sip* functions as they are not private but rather public class methods * Panel::Utils::Preferences - add suport for 'peer_auth' updates for type='peerings' (was only supported for 'subscribers') - remove '_' prefix from _is_peer_auth_active() * Panel::Utils::Sems - simplify peer registration by using the the db object (same as for subscribers) - only create/delete peer registration when the peering is enabled, otherwise there will be errors related to unavailable $prov_peer->lcr_gw->id Change-Id: I0fc79a6580fd17aa34df870fb7a93e33edfff15b	6 months ago
Kirill Solomko	7a7c5cd364	MT#62600 fix UI invoice create/edit * fix Invoice create/edit operation error Couldn't render template "invoice/create.tt: file error - invoice/create.tt: not found"<BB> that was related to an incomplete restricted function call. Change-Id: Ic457f180ca99fcdacd51b2ba3bb5606719ea9bdd	6 months ago
Marco Capetta	1be3f5a257	MT#62546 Fix permanent registration nat flags Due to changes in how kamailio manage the NAT contacts and the corresponding natping, the flags that the API or web interface sets while a permanent registration is created have to be updated. Before: * Default cflag is set to 0 (natping disabled) * If nat option, then cflag is set to 64 New: * Default cflag is set to 256 (netping disabled) * If nat option, then cflag is set to 128 Change-Id: I39b1d7a697ef72267fd8a05edf0552d2c1403733	7 months ago
Rene Krenn	6600d7c949	MT#53706 enable_2fa option for /api/admins Change-Id: I7de37482fed913551fc0a1c9b18f789b51b67a05	7 months ago
Rene Krenn	f167a55a2f	MT#53706 OTP: reset show_info with jwt login Change-Id: Id2f76dca12b1b0242de6d0ab763ce2bde885f747	7 months ago
Rene Krenn	8820b4530d	MT#53706 exclude /api/otpsecret from apidocs Change-Id: I9e1f4923f728846783a4ab313a0f9b1ef284aa03	8 months ago
Rene Krenn	164a246745	MT#53706 update OTP registration info Change-Id: I55fff1bad315f22c31d6b857c301128e0568626b	8 months ago
Rene Krenn	0bd2c64b98	MT#53706 OTP: login, show registration info Change-Id: I20e6fba357b6bfed868edb8030009683b8df29ef	8 months ago
Rene Krenn	4bb352e1f8	MT#53706 rail for generating OTP secret QR code png Change-Id: I2d8d4ab1d3967a5c7ac720e09278443c0d098866	8 months ago
Rene Krenn	b0b646db5b	MT#53706 wire OTP secret validation - api, jwt Change-Id: I7f0205323811196eb0e319fcb2c888cf8a314f81	8 months ago
Rene Krenn	6c68438dc0	MT#59447 admin ldap authentication for JWT Change-Id: Id282680b4d82fd26238b4d2f64804f2dcb634349	8 months ago
Rene Krenn	764ab7d2d1	MT#62283 exclude "for update no lock" in tests Change-Id: I12ff4d1f8ba0b150a1918de40dafa1efd6a92c10	8 months ago
Rene Krenn	82af5cf518	MT#62283 "for update no lock" logic for GET /subscribers and /contracts to unblock the web UI on heavy loaded systems with call rating enabled, "select .. for update no lock" will no longer wait for acquiring locks when retrieving subscriber or contract contract pages. the contract_balance record creation is will be skipped for such contracts that are locked elsewhere. for rails such as /customerbalances, an explicit contract id row lock timeout is introduced, so it does not depend on the mariadb wait_timeout. Change-Id: I6e96342f3f761279a5876c871d2477977823a39e	8 months ago
Kirill Solomko	989e7b5640	MT#61572 allow subscriber to GET resellerbrandinglogos * 'subscriber' role can now GET resellerbrandinglogos * fix 'subscriberadmin' role access to POST resellerbrandinglogos Change-Id: I4002117e15e5557dfbfe887dea3773d8704aeb14	8 months ago
Kirill Solomko	97e457c92b	MT#62178 fix external_id, profile auto removal for subscriber roles * fix 'subscriber' and 'subscriberadmin' roles using PATCH to cause external_id, and profile fields removed. * remove profile_id field from the 'subscriber' and 'subscriberadmin' form Change-Id: Id8bb068ca7fcac2c0c5954f2ed79e841d18ac398	8 months ago
Kirill Solomko	ef4442feeb	MT#61805 add API phonebook support for top level inclusion * /api/customerphonebookentries now support "include" query param that can be either "include=all", "include=shared" or "include=reseller". With "include=all" - shared and reseller entries are included and merged as customer > shared > reseller. With "include=shared" - shared entries are included and merged as customer > shared. With "include=reseller" - reseller entries are included and merged as customer > reseller. * /api/subscriberphonebookentries now support "include" query param that can be either "include=all", "include=customer" or "include=reseller" With "include=all" - customer+shared+reseller entries are included, and merged as subscriber > customer > shared > reseller. With "include=customer" - customer+shared entries are included, and merged as subscriber > customer > shared. With "include=reseller" - customer+reseller entries are included, and merged as subscriber > reseller. * Shared numbers are considered belonging to the customer so when on the customer level the same number is provided, it takes precedence. * It is not possible to edit other level included numbers (they have composide ids). * It is possible to access an included number directly by the id. Change-Id: Ice06bc0961d42a9b64db59aa93029d7505b4805e	8 months ago
Kirill Solomko	e66c568efc	MT#61803 add /api/pbxusers endpoint * this endpoint is designed to provide with basic subscribers info such as display_name, primary_number, pbx_extension and only available for customers with product class 'pbxaccount'. * only GET methods are allowed for this endpoint. Change-Id: I181b863e2c3e5fad34c03a291f64fd7ddb587702	9 months ago
Kirill Solomko	4eace822b5	MT#62180 /api/subscribers prevent subscribers from POST/DELETE * regular subscribers should not be able to use POST as they are not allowed to create other subscribers, nor other PBX groups. resource. * they should not be able to use DELETE as they cannot delete themselves nor other subscribers, nor PBX groups. Change-Id: Idaacb344b65ff8c5da9f4c3649a9b4089938a82c	9 months ago
Rene Krenn	143bd0dba9	MT#62084 contract_id field for /api/topupcash and /api/topupvoucher so far the topup api rails had just a subscriber_id field. for the AUI migration a contract_id field is required. Change-Id: I2b53971ecd0abe06f7e0ff0e72b9bb83d12a4f6b	9 months ago
Kirill Solomko	d5fd8679fe	MT#62093 return 403 Banned for banned users * add banned user redirect for API requests * Urils/Auth move Redis composed keys into functions to increase consistency and avoid typos. Change-Id: I7a6f9b340ac53ffc2ee921410852e36a49587941	9 months ago
Richard Fuchs	b2b5600c16	MT#61630 invalidate rtpengine cached files Add class to make RPC calls to rtpengine. Add invokations to clear rtpengine audio cache where appropriate, whenever a file stored in DB is deleted or changed. Change-Id: I3660f9f67dfb0c68c1af80a5439982046be3b6f6	9 months ago
Rene Krenn	9f4c50c5dd	MT#61558 fix reseller (branding) license restriction some rails got disabled when introducing the fine-grained license restrictions in api/panel, ie. reseller branding. Change-Id: I0b3690d8e0353c31f2c8680db63c4dd4df7600fe	10 months ago
Rene Krenn	de0595c089	MT#59447 admin user LDAP authentication #1 Change-Id: Ic31236d933f022b567c74998959267ef9a549b7e	11 months ago
Rene Krenn	358139edee	MT#59447 admin user LDAP authentication Change-Id: I86005af30dee6285d80fe69f020f4a33cb23a608	11 months ago
Rene Krenn	1c09e2773a	MT#60197 support deleting call recordings per subscriber admin panel will no longer delete callrecordings for all parties of the call, but the single subscriber only. rest-api, behaves the same way, if the ?subscriber_id= parameter is provided. when a callrecording is deleted by all call parties, the remaining records and recording files will be dropped. Change-Id: I61f667bdb074a935a8a04473a3685b10e5e09222	1 year ago
Marco Capetta	97adbaf8e7	MT#60864 Fix Sync Email Templates button behavior The 'Sync Email Templates' button is shown in the Email Templates page in case some templates is missing for a reseller. The problem is that the button takes into consideration also resellers that are already terminated and for which the template is not needed anymore. Thus the query has been in fixed in order adding: r.status != 'terminated' Change-Id: I2dd551166ae777c8967eae3bda989b669b46b5c0	1 year ago
Kirill Solomko	55b27b3f2a	MT#61100 add pbx device/firmware search by type/tag Change-Id: Id41acdee57274d2791748f9e9d29f0d5f05b1965	1 year ago
Marco Capetta	d40126ef0a	MT#60756 Fix subscriberprofiles POST api call as reseller Administrators with reseller role were not able to create new subscriberprofiles because API was fialing with 500 error. In particular: LOG="«DBIx::Class::Row::store_column(): No such column 'reseller_id' on NGCP::Panel::Model::DB::voip_subscriber_profiles at /usr/share/perl5/NGCP/Panel/Controller/API/SubscriberProfiles.pm line 172» The error was caused by the addition of the reseller_id info in the $resourse even if not needed. Change-Id: I7970a2716d7af959639937a9a844160ab73a9176	1 year ago
Kirill Solomko	bbd44f16fa	MT#60858 add /api/passwordchange endpoint * the new endpoint accepts new_password fields and enables for authenticated user a mechanism to quickly change their password * the global password validation rules are enabled * returns 204 No Content * if user's password is expired, the endpoint is the only accessible for the user to change the password and unlock other endpoints. * a few fixes in validate_password() to correctly fetch provisioning subscriber for password change scenarios and webpassword field Change-Id: I906fcfe5c780b850d322b46b445b54c054767673	1 year ago
Kirill Solomko	46d297dec2	MT#60656 improve 403 Password Expired for expired passwords * 403 Password Expired is now correctly returned for POST /login_jwt when a password is expired, instead of returning the token. * 403 Password Expired is now correctly returned for API requests and redirect to /changepassword only happens for non API requests. * improve Utils::Auth::check_max_age() to accept also $auth_user and $ngcp_realm for cases (like /login_jwt) where there is an authenticated user but there is no $c->user. Change-Id: I302ad8654bdf16fe0882625fd6e9a8bba7a8ad42	1 year ago
Kirill Solomko	4b00a59d99	MT#60710 fix pbxdeviceprofiles allowed_roles typo Change-Id: I29e48ca8a8db9ab6751c0fef1399932d62195e48	1 year ago
Kirill Solomko	f3bc8097e7	MT#60710 add missing DELETE method for pbx endpoints * enable DELETE method for: - /api/pbxdevicefirmwares/ - /api/pbxdevicemodels/ - /api/pbxdeviceprofiles/ * /api/pbxdeviceprofiles fix allowed_roles for 'subscriberadmin' to only allow GET method Change-Id: I4ed8f591529e161aa08648c99093459128b55203	1 year ago
Kirill Solomko	b041888807	MT#60656 add max_age password validation support * UI: password are now validated against $c->config->{security}{password}{web_max_age_days} (unless it's 0) and if the password is expired the user is redirected automatically to /changepassword page, and after successful password change back to the original page. * API: if password is expired all API requests will be returning 403 Forbidden "Password expired", except PUT/PATCH to /api/admins or /api/subscribers with the new password in place. * successful login on the UI now redirects to /dashboard instead of / (to prevent unintended redirect to v2) Change-Id: I075f8e17cc9b0658d6b3b3d526ca5b379d050ce4	1 year ago
Marco Capetta	a2a01d4690	MT#59979 permit GET on resellers and billing profiles items even without license In some cases the UI requires to GET information from a specific reseller or billing profile because needed to show/created other endpoints (for example 'customers'). Due to that it has been added the possiiblity to do the GET not only of the list of the resellers and biling profiles, but also of each specific item. Change-Id: Iebbbbc494ce71e616d8e41ca20e97bebce7998b8	1 year ago
Kirill Solomko	0a9fb5d28b	MT#59449 fix subscriber auth attempts without username * subscriber login attempts without Basic Auth are now correctly intercepted and returned as 403 Forbidden Change-Id: I3deb60d8ac4f107bccd6422d27426e39a39e50f1	1 year ago
Kirill Solomko	e2e1776090	MT#60558 move max license checks for POST /api/subscribers * the relevant max license checkes are moved from Controller::API::Subscribers::POST to Utils::Subscribers::prepare_resource because there we fetch customer_id from the pilot subscriber in case of pbx subscriberadmin requests that is neccessary for PBX subscribers max license check. Change-Id: I2d1c212d73fe5b9295d1595b4fffebeb67b61e5a	1 year ago
Kirill Solomko	2972d3b62d	MT#59449 add progressive user bans support * users are now progressively banned. * ban_min_time is used to ban a user for the first time. * consecutive ban is ban_min_time + ban_increment * ban_increment_stage * ban_max_time is the absolute maximum ban time that is not increased any further. * a successful login resets the ban_increment_stage. Change-Id: I4d7e1a93d7a21d21a0dcf69d856a872d2ed75ea0	1 year ago
Kirill Solomko	e6b29d3e7b	MT#59449 fix password validation enabled/disabled, admins * correctly detect and skip password validation when sip_validatation or web_validation is not enabled respectively * better detect web password for admin users * /api/admins PUT/PATCH now also correctly checks last used passwords Change-Id: I9a6fa9b8e30ae2b81d2852dec0e1f9d858be13ef	1 year ago
Kirill Solomko	cfe0a44b8d	MT#60585 add user ban by IP address, ban JWT invalid attempts * ban users by IP addresses * ban invalid JWT attempts Change-Id: I0c7746aa751ca96cba0ce4d1388646ba4890a422	1 year ago
Kirill Solomko	60fa23cb68	MT#60585 add user ban support * users for admin/subscriber realms are now banned if failed to login X amount of times (UI/API). * rework Redis connection and it's now a Catalyst plugin NGCP::Redis accessed by $c->redis_get_connection({database => 19}), the connection per database, per worker process is established only once and then reused (with auto built-in reconnect support). * remove Utils::Redis.pm as it does not have any code/logic anymore. * ban values are taken from $config->{security}{login} as - ban_enable: 1 - ban_expire_time: 3600 ban expire time in seconds - max_attempts: 5 * if max_attempts set to 0, the ban functionality is disabled as it requires to be at least 1 to work. * upon successful login or ban, the failed attempts counter is removed * the failed attempts counter is also removed automatically with the expire time equals "ban_expire_time" or otherwise 3600 seconds. * user bans are logged into panel.log * banned user receives exactly the same return page/codes as per invalid logic. Change-Id: I05cc68c623ee289488fc64f1af50527004dcaae1	1 year ago
Kirill Solomko	d9f283cbc8	MT#59449 enhance password validation and handling * passwords are now validated based on - minlen - maxlen - min lower case chars - min uppper case chars - min digits - min special chars * Data::Password::zxcvbn is used to calculate password score and reject passwords with score < 3 as weak (this library is ported from the Dropbox password validation) * Add password journals and check last used passwords in the journals * Improve password generator javascript function to generate a password with at least 4 of each of the char group types. * Currently affected are subcriber and admin entry creation or modification via UI/API * NGCP::Utils::Auth add optional bcrypt_cost support as last argument for generate_salted_hash and get_usr_salted_pass Change-Id: I100c25107d91741d5101bc58d29a3fa558b0b017	1 year ago
Kirill Solomko	43d112bd5e	MT#60558 add max subscribers/groups license checks * max_subscribers, max_pbx_subscribers, max_pbx_groups license checks are added for subscriber/group creation in UI/API * new accessor $c->license_meta that returns meta license flags hashref * new accessor $c->license_max_subscribers * new accessor $c->license_max_pbx_subscribers * new accessor $c->license_max_pbx_groups * the new accessors (except license_meta) return -1 instead of 'unlimited' to ease off comprarsion * 403 Forbidden is returned by the API if a license is violated. Change-Id: I3f5a949efc84bf85b76b33404b37b362ec484d5f	1 year ago
Kirill Solomko	9d021be65a	MT#59979 add license control * UI and API parts are now under license control * new Util::License::get_license($c, $name) - fetches license status by name (1 if enabled, and also if /proc/ngcp/check if 'ok') * add Catalyst::Plugins::NGCP::License with license($name) to fetch valid license by name from anywhere using $c->license('pbx') or from the templates using c.license('pbx'). It internally uses Util::License::get_license($c, $name) * License::get_license_status($c) now requires $c as first argument as well logs license status check errors. * new ActionRoles::License that enables usage of :Does(License) RequiresLicense('pbx') LicenseDetachTo('/denied_page') in the Controller chains * Add license control for UI elements and return 403 Forbidden if a resource is covered by licenses and the license is not active * Hide UI elements if a license is not active * API/Entities/Entities new $c->set_config key: - per endpoint: $c->set_config({ required_licenses => [qw/pbx device_provisioning/] } - or per method: $c->set_config({ required_licenses => { POST => [qw/pbx device_provisioning/] } } } * In case if an API endpoint does not have a license: 403 Forbidden "Invalid license" reply is returned. * Add license based restrictions to API endpoints * /api documentation: - completely hide endpoints that do not have an active license - hide only methods that does not have an active license Change-Id: Iba45fc5068b02306a617fed7b5405f2210574b61	1 year ago
Rene Krenn	9c103302c8	MT#60575 dynamically load provisioning templates module Change-Id: Ibff509825f82a75c9b0221505a1673d78b401989	1 year ago
Kirill Solomko	10a88cf669	MT#58964 /api/platforminfo add license_meta * new Utils::License::get_license_meta($c) to fetch license meta ({} by default) that contains license related metadata such as current and max amount of subcsribers and license valid until date. currently the following data is fetched from /proc/ngcp check current_calls current_pbx_groups current_pbx_subscribers current_registered_subscribers current_subscribers license_valid_until max_calls max_pbx_groups max_pbx_subscribers max_registered_subscribers max_subscribers valid * Controller::API::Root platforminfo now also returns license_meta Change-Id: I323cdfd646335a408e0150ecd69ad950fa0461ab	1 year ago

1 2 3 4 5 ...

2004 Commits (124c343049d4020aac0e30d8dd74cc444a5d5b2e)