ngcp-panel

Commit Graph

Author	SHA1	Message	Date
Kirill Solomko	d9f283cbc8	MT#59449 enhance password validation and handling * passwords are now validated based on - minlen - maxlen - min lower case chars - min uppper case chars - min digits - min special chars * Data::Password::zxcvbn is used to calculate password score and reject passwords with score < 3 as weak (this library is ported from the Dropbox password validation) * Add password journals and check last used passwords in the journals * Improve password generator javascript function to generate a password with at least 4 of each of the char group types. * Currently affected are subcriber and admin entry creation or modification via UI/API * NGCP::Utils::Auth add optional bcrypt_cost support as last argument for generate_salted_hash and get_usr_salted_pass Change-Id: I100c25107d91741d5101bc58d29a3fa558b0b017	1 year ago
Kirill Solomko	43d112bd5e	MT#60558 add max subscribers/groups license checks * max_subscribers, max_pbx_subscribers, max_pbx_groups license checks are added for subscriber/group creation in UI/API * new accessor $c->license_meta that returns meta license flags hashref * new accessor $c->license_max_subscribers * new accessor $c->license_max_pbx_subscribers * new accessor $c->license_max_pbx_groups * the new accessors (except license_meta) return -1 instead of 'unlimited' to ease off comprarsion * 403 Forbidden is returned by the API if a license is violated. Change-Id: I3f5a949efc84bf85b76b33404b37b362ec484d5f	1 year ago
Kirill Solomko	9d021be65a	MT#59979 add license control * UI and API parts are now under license control * new Util::License::get_license($c, $name) - fetches license status by name (1 if enabled, and also if /proc/ngcp/check if 'ok') * add Catalyst::Plugins::NGCP::License with license($name) to fetch valid license by name from anywhere using $c->license('pbx') or from the templates using c.license('pbx'). It internally uses Util::License::get_license($c, $name) * License::get_license_status($c) now requires $c as first argument as well logs license status check errors. * new ActionRoles::License that enables usage of :Does(License) RequiresLicense('pbx') LicenseDetachTo('/denied_page') in the Controller chains * Add license control for UI elements and return 403 Forbidden if a resource is covered by licenses and the license is not active * Hide UI elements if a license is not active * API/Entities/Entities new $c->set_config key: - per endpoint: $c->set_config({ required_licenses => [qw/pbx device_provisioning/] } - or per method: $c->set_config({ required_licenses => { POST => [qw/pbx device_provisioning/] } } } * In case if an API endpoint does not have a license: 403 Forbidden "Invalid license" reply is returned. * Add license based restrictions to API endpoints * /api documentation: - completely hide endpoints that do not have an active license - hide only methods that does not have an active license Change-Id: Iba45fc5068b02306a617fed7b5405f2210574b61	1 year ago
Rene Krenn	9c103302c8	MT#60575 dynamically load provisioning templates module Change-Id: Ibff509825f82a75c9b0221505a1673d78b401989	1 year ago
Marco Capetta	551cc2fb98	MT#60515 rename hm inbound/outbound directions to a_inbound/a_outbound inbound/outbound no longer represent the "full" direction and belong only to A leg, so they are renamed to a_inbound/a_outbound accordingly. Change-Id: I639b799c3649c9b3ca78eee831b49ef0cfa14287	1 year ago
Rene Krenn	0fd36ace55	MT#60520 prov templates: fix lookup of items item (contract, contact, subscriber) lookup will pick the first matching element (an arbitrary one if multiple are matching). ie. when lookup identifiers are too loose (f.ex. subscribers without domain in a multidomain setup) it might pick a wrong item - which is ok (supposed to bail out at a later step) unless that wrong item is a terminated one, causing to proceed checks on a terminated record (which can never happen from API or UI side since those hide terminated items), which produces a misleading 500 error in the end. we prevent this now by ensuring that looked up items are not terminated ones. even if the looked up items is not the desired one, becasue of an inaccurate template. Change-Id: I6691937c2e62b05915c7eac9980224abe2185b2c	1 year ago
Marco Capetta	fefa5ea173	MT#60511 Form/Header/Rule add direction "b_outbound" This is needed to perform manipulations to the SIP message just before it leaves the system on the B-Leg side. Change-Id: If93d0277582a086253b84088a93adc4ecfa187b1	1 year ago
Kirill Solomko	10a88cf669	MT#58964 /api/platforminfo add license_meta * new Utils::License::get_license_meta($c) to fetch license meta ({} by default) that contains license related metadata such as current and max amount of subcsribers and license valid until date. currently the following data is fetched from /proc/ngcp check current_calls current_pbx_groups current_pbx_subscribers current_registered_subscribers current_subscribers license_valid_until max_calls max_pbx_groups max_pbx_subscribers max_registered_subscribers max_subscribers valid * Controller::API::Root platforminfo now also returns license_meta Change-Id: I323cdfd646335a408e0150ecd69ad950fa0461ab	1 year ago
Kirill Solomko	524a264850	MT#60498 add search by not_null, change null param * add search by not_null for fields that ends with _id and integers, that adds "IS NOT NULL" to the SQL search query by the field. * null and not null values are expected now as $null and $not_null to avoid conflicts when user searches by null strings that may be a valid case. Change-Id: I8e8b8c9060e985dfe2b94cbfcca1587f05477fe9	1 year ago
Kirill Solomko	6cb38f0971	MT#58964 do not render licenses for public platforminfo * public access (no user) to /api/platforminfo gets only the default public json file without licenses rendering Change-Id: I636e042944c7c18a08db22e9142a8624c67332c7	1 year ago
Kirill Solomko	522fd97020	MT#58964 /api/platforminfo add licenses info * NGCP::Utils::License new function get_licenses() that reads /proc/ngcp/flags/ and returns all files with content 1. * api/platforminfo.tt template now calls a stashed callback (coderef) that decodes provided json file, includes licenses and returns encoded the json back. * ngcp-panel.service changes # Files + directories not directly associated are made invisible in the /proc/ file system # ProcSubset=pid # Disabled: MT#58964, to be able to read /proc/ngcp/flags/ # Processes owned by other users are hidden from /proc/ # ProtectProc=invisible # Disabled: MT#58964, to be able to read /proc/ngcp/flags/ Change-Id: I84b6707a918e3f4f271e32b9353f320753c5ae68	1 year ago
Kirill Solomko	ca908bf629	MT#60400 /api/soundsets remove null search detection * customer_id search param now has the same search logic as the rest as it had before 'null' detection and conversion => 'undef' whereas it's not needed anymore because it's now supported globally. The change also fixes an empty response issue. Change-Id: If95de44d16ca2871da72d0ee019850802a3a94dd	1 year ago
Kirill Solomko	5d26436c05	MT#60392 /api/ncoslnpcarriers fix reseller role typo * fix reseller role typo in allowed_roles Change-Id: Ia2da00f7317eb64cfbe0e2c5069a75a9b24e24e5	1 year ago
Kirill Solomko	244b4f786b	MT#60392 /api/ncoslnpcarriers allow reseller * resellers should be able to create/update and delete NCOS LNP Carrier entries using exising LNP Carriers. Change-Id: I85d900c194d46af8d888e2f854729a3ca52711fe	1 year ago
Kirill Solomko	f72f8291a7	MT#60393 /api/timesets fix reseller_id validation * fix reselelr_id for 'reseller' role and it's now automatically set to the user's reseller_id instead of throwing a validation error Change-Id: Ic732366aea6c4106c37961e599cd1e40fdaba5b2	1 year ago
Kirill Solomko	775ec90d5d	MT#60392 /api/lnpcarriers allow reseller GET * reseller role can use GET on the endpoint because it is needed for an NCOS Levels (which resellers can create). Change-Id: Ic793b0d74e767eb9e150a6ae3c67ff9f51c8cf6c	1 year ago
Kirill Solomko	18597efb87	MT#60378 accept null same way as NULL for search * search by value null is internally translated to undef to say search for records without a value, same way as it already works for NULL value, just null is more expected and easier to use by clients as it's how its represented in the resource Change-Id: Ia8a75bad95a34dd8167162d0f09a1ec7c4056105	1 year ago
Kirill Solomko	6543743992	MT#60162 improve expand functionality for collections * in general expand collection now performs only 1 sql query to per expand field to fetch all items by the ids instead of fetching them for every single collection item, that should significantly increase performance in case of large databases and reduce work for the database * introduce $c->stash->{expand_cache} that contains cached data for the expand fields to avoid multiple same calculations * expand_field() and expand_field_data() have been reworked to support expand_cache * new method expand_prepare_collection() is called for all API GET collection methods before preparing resource hal fields, to change the expand logic to only cache the data instead of fetching it from the database * new method expand_collection_fields() that is called in all API GET collection methods after the @embedded data is prepared to finalise the expand collection fields * for expand collection there is only 1 SQL request per expand field that fetches all items -in [ids to expand] and then the expand_collection_fields() uses the cached items_by_ids with O(1) fetch from the cache by id Change-Id: Ie7c6115472878febf0d8c9b4d833f5c23b15c78b	1 year ago
Kirill Solomko	9a2d66a00a	MT#60238 /api/customerpreferences allow subscriberadmin * subscriberadmin roles can now handle customer preferences belonging to the same customer and only those with expose_to_customer = '1' Change-Id: Iae9ab5d4a96a065b1a627d180dd523e805d954f3	1 year ago
Kirill Solomko	f81481ea66	MT#60236 disable mailtofaxsettings active state checks * disable active state checks for subscriber and subscriberadmin roles in mailtofaxsettings because they can now change it similar to how they could do it in the old csc. Change-Id: Ica8039e83d2acc5e162c7902afcd4b97ac1c5b6d	1 year ago
Kirill Solomko	0d8d68d9a5	MT#60236 /api/mailtofaxsettings allow subscriber roles * subscriberadmin and subscriber can now use /api/mailtofaxsettings * adapt item_rs query for subscriberadmin and subscriber so that subscriberadmin can have access to all 'own' subscribers Change-Id: If8e768c5c06bc4e5f0a6ef9d15e19f542d8b6a4d	1 year ago
Kirill Solomko	6926930b3a	MT#60227 handle Accept: application/json header * if Accept: applicaton/json header is provided for API request - the response's Content-Type header is set to application/json. The return content in this case is preserved as HAL but it's helpful for the clients that only expect aplication/json response Content-Type Change-Id: I8c60da4df7d639f45953d8ace699a59fefc88ddf	1 year ago
Kirill Solomko	a46ef5b9e2	MT#60160 improve same primary number detection * consider as the "same number" if old/new primary numbers are empty (undefined in the database as if a primary number exists at least cc and sn are mandatory). * check for new primary number "cc" existence when preparing comparsion to the existing primary number, as some clients may send an object value with null cc+ac+sn. Change-Id: I810cda7d7aa07f2d7e46dbca099bc327ef7b4963	1 year ago
Sipwise Jenkins Builder	4545987532	Release new version 12.5.0.0+0~mr12.5.0.0	1 year ago
Kirill Solomko	f2478178f0	MT#60119 allow pbxfielddeveicepreferences to subscriberadmin role * subscriberadmin role can now CRUD preferences for devices that are assigned to the customer. Change-Id: I09fe3c3b2ed670f0411970dc6402486a3cf6d4be	1 year ago
Rene Krenn	941c75ebe1	MT#59078 ?create_primary_acli= query param creating or updating subscriber (-aliases) will modify the allowedcli (acli) preference, if the auto_allow_cli config option is set. the primary number will also be part of the acli list. when specifying ?create_primary_acli=false or ?create_primary_acli=0, the primary alias will no longer be added to acli. Change-Id: I4641e2b973de2afe2e36805140b1546cac2a699a	2 years ago
Donat Zenichev	844a9e5920	MT#59011 Cleanup panel from the reference to "sip:localuser" An outdated and not used implementation for the "sip:localuser" in the ngcp-panel. Change-Id: I7c83bee0da07f7fafe7b1cb669a8c5080bc8565e	2 years ago
Marco Capetta	42f8747a6f	MT#59749 Add use_redirection flag to Call Forwards configuration This new flag controls wether the CF is processed as usual (flag with value 0, default) or generates a 302 redirect message back to the caller (flag with value 1). The implementation cover both the UI and the API. Change-Id: Idf945262e17de0d77bb612101d268fd6ea7a309e	2 years ago
Michael Prokop	c8766cd567	MT#48844 Minor typo fixes s/paramaters/parameters/ s/wihout/without/ s/If it mathes/If it matches/ s/ in in / in / s/the the/the/ (note: fixes translation issue which was introduced with commit `2b7a1a33` and fixed in `072e897c` for the original, but missed for the german translation) Change-Id: I4186bf3f42b1fac11bb7d7fe801f860d2d59adc1	2 years ago
Kirill Solomko	c6aaaddd87	MT#56301 move lock_provisioning_voip_subscriber before underrun_lock * POST /api/subscribers/ invoke lock_provisioning_voip_subscriber() before underrun_lock(), so that if the subscriber is about to be locked due to customer balance costs, the lock_provisioning_lock_subscriber() invocation will not unlock it back straight after Change-Id: I55020f844c9aa76df2e2f057a88b2ae7c9ebbfcc	2 years ago
Kirill Solomko	e4cda08bd4	MT#59835 /api/billingzones fix HAL ngcp:billingfees relation * billing fees relation was rendering all associated billing fees and that was causing huge data sets to be returned if a billing zones had many fees, now instead a single link is returned /api/billingfees/?billing_zone_id=:id. this is also on par with other links like /api/billingfees/:id Change-Id: Iabb7afb3bf43abf9a22c71750d45a1962a7f16ec	2 years ago
Rene Krenn	df670f501f	MT#56301 set locklevel of created subscribers only if specified Change-Id: I90f2d68dee50ab240de4eb5af7495ddd551c00d8	2 years ago
Marco Capetta	8945b8a5ac	MT#56301 Fix API creation of an active subscriber with lock Using API is possibile to edit an existing subscriber and set status: active and lock: 2. It is instead impossbile to create a new subscriber with the same configuration because the 'lock' param is not taken into account. The only way to properly setup lock level it is to set the status to 'locked' and this is in fact wrong. The fix address this issue and allow now to create a new subscriber with status: active and lock: 2. Change-Id: Id18e40bc001c5a7de30f5d148231bda93a3b1b3d	2 years ago
Kirill Solomko	c006e9efc1	MT#59806 add missing cfdestinationsets HAL link type * add missing: "_links" : { "ngcp:cftimesets" : [ .... ], in the collection representation Change-Id: I59fade61ae2679833c43fd5501d14ca45a376572	2 years ago
Kirill Solomko	b2a1bc00d1	MT#59806 adapt /api/cfdestinationsets to Entities * Entites logic is used for GET/POST/PUT/PATCH/DELETE * Utils::CallForwards::check_destinations() do not obfuscate destinations that are returned in the response as all logged data is obfuscated anyways Change-Id: Ia79f9e236c966410e2640d719c3a7f5784cc4c2a	2 years ago
Kirill Solomko	1872f342a0	MT#59478 Entities/EntitiesItem more $c->has_errors checks * additional $c->has_errors checks for post/patch/put/delete to cover all possible expected called inherited methods scenarios and returns. Change-Id: I0e09ba62bcaa51d582315d9cbb672a4cf11bacf0	2 years ago
Kirill Solomko	9e3653341a	MT#59478 adapt /api/cftimesets to global transactions, more fixes * /api/cftimesets now fully use Entities/EntitiesItem * EntitiesItem: delete(): fix delete_item() expression processing * Entities/EntitiesItem: post/put/patch/delete: go to TX_END in scenarios where after a method call (e.g. update_item()) there is a normal return from the function but errors in $c->error, so that they are also caught correctly Change-Id: I3bef409ded590796c2bba4f30acd28b02e99065b	2 years ago
Kirill Solomko	91f1dcf37e	MT#59478 /api/ root error handling * clear errors in Controller::API::Root::end so that they are not interfere with generated ones * API::error(): add $c->stash->{is_api_error_response} = 1 to track it in log_response() * API::log_response(): distinguish and correctly correct errors for cases when is_api_response == 1 and also when there were $c->error('error') calls in the code, to log them correctly in both cases Change-Id: Id922b8219832c1b99815d9d608309035b9b25cff	2 years ago
Kirill Solomko	4e2e141308	MT#59478 Entities fix non-existing $item handling in put/patch/delete * the error produced by item_id_is_valid() is returned instead of a new one is generated * fix incorrect expression on delete_item() in delete() Change-Id: Ic8e4e24c70bbcd99ec414d901eb2842ee39ae7de	2 years ago
Kirill Solomko	bf249f9d96	MT#59797 /api/headerruleconditions (actions) fix reseller role * fix resultset when user role is reseller so that reseller_id is joined correctly and a db error is not produced anymore. Change-Id: I2a1b357037d983f23770bb59519fc2cb8b68a7e4	2 years ago
Kirill Solomko	9d598d4502	MT#59478 improve MSG, LOG log string data storing * $c->error array now contains the $message as the first element instead, so that it's possible to obtain all the error data in the code when fetching it from @{$c->error}. the first element is not logged in the error log. * api_response $c->response_body part is now stored in MSG= and possible errors / other log data is now stored in LOG= to: - reduce amount of log lines when an API error response occurs from 2 to 1 - the message part usually contains either HTTP response message (e.g. Internal Server Error) or a validation message string, so it belongs to the MSG= part of the log line, where as the internal log data is more related to the LOG= part - both MSG= and LOG= parts are escaped for GDPR related obfuscation * Utils::Messag::info(): $msg is now also obfuscated if it's detected as a reference (also because logging is moved for the API part to $msg), as well as truncated for possible new-line char and white-spaces. Change-Id: I3b670b2251ec3060037ed6863f18d95975120b8d	2 years ago
Kirill Solomko	9dbd6b0e88	MT#59478 /api/contracts address $now and hal_from_contract * the following changes resolve an issue where $now in Role/Contracts resource_from_item appeared as an object and failed subsequent logic: - hal_from_contract is renamed to hal_from_item to match correctly the parent method - call hal_from_item and pass $now string there correctly as $params { now => $now } Change-Id: I5c02d5f7df5d9000550505ad120b9531f87e8d65	2 years ago
Rene Krenn	14e5b918b3	MT#59748 drop ngcp-provisioning-template test dbhost Change-Id: I7218ed36cff2f51f5a6f862f41e5da94ff0d464b	2 years ago
Kirill Solomko	205b27a267	MT#59478 API better transaction and error handling * Role/Entities: POST/PUT/PATCH/DELETE methods changes: - support deadlock detection and transaction retry (2 retry attempts at the moment) - improve transaction control, use local $guard instead of saving the ref to $c->stash, as in that case it went out of scope too late and also reported an error message into the log about abnormal $guard out of scope interruption - move all non transaction related code outside of the scope - add error handling when methods such as update_item, and a like do not return the expected data, instead of simply going out of scope and resulting in an uncontrolled reply Role/API: - rework transaction control: + get_transaction_control() is renamed to start_transaction() to better reflect what it does + complete_transaction() is renamed to commit_transaction() + remove unused %params arg + pass $guard into commit_transaction() instead of having it stored as $c->stash->{transaction_guard) that caused the $guard ref to be destroyed much late than expected (there was also a typo as transaction_quard, which is not relevant anymore with the changes + add check_deadlock() that is invoked when an exception is caught or an $c->errors contain an error, and if the error message represents a transaction error, the transaction block is re-invoked via "goto TX_START" - rework error(): + it now accepts args as following: ($self, $c, $code, $message, @errors) # code -> returned as HTTP code in the reply # message -> returned as HTTP message in the reply # errors -> contain errors for internal logging, last element often contains a DBIx exception + populates all @errors into $c->error so they are available on demend in the code via $c->error or $c->last_error + $c->log->error is not invoked now as the errors become printed in log_response() - log_response() now prints collected errors from $c->error correctly as a separate log line, that is alike to the other api logs so that those can be looked up by the request's tx_id, also all errors are now printed only into api.log * Adjust all $self->error() calls in catch($e) to include $e as the last argument, as well as the duplicate $c->log->error is removed from those ocassions * Remove all $c->log->error() calls as they are replaced with either $self->error() (that logs it correctly into api.log) or $c->error('err') that also adds it correctly into api.log * API::CallForwards: rework to use Entities/EntitiesItem * API::Contracts: rework POST to use Entities * API::PeeringGroups: rework POST to use Entities * API::SubscriberRegistrations: rework POST to use Entities * API::RewriteRuleSets: improve create_item() functionality * Utils/Message: add 'api_retry' log type * $c->session->{api_request_tx_id} is changed to $c->stash->{api_request_tx_id} because sometimes the session ref is different and a different tx_id becomes used Change-Id: I633ce7a8047b1bf00a2f6889003088edf0825dcd	2 years ago
Nico Schedel	1fdaa6bd47	MT#55677 fix all ngcp-panel-selenium tests Change-Id: I7f1f1e5fe9632dad233818b3a43b78a54ff97b98	2 years ago
Nico Schedel	b22d2d824c	MT#59624 update firefox in docker to fix segfaults Change-Id: I48690f8f2eddf7dc00df0f62437956d6d8f7c38e	2 years ago
Sipwise Jenkins Builder	e7b131247e	Release new version 12.4.0.0+0~mr12.4.0.0	2 years ago
Kirill Solomko	aef4c89197	MT#59662 enhance subscriber assigned header rules/sets handling * POST /api/headerrules now supports either 'set_id' or 'subscriber_id'. When 'subsriber_id' is specified, a subscriber assigned header rule set is automatically created if it does not exist, as well as automatically removed when its last header rule is deleted. * It is now possible to directly GET and DELETE /api/headerrules/:id where :id is a subscriber assigned header rule. * It is now possible to directly GET and DELETE /api/headerrulesets/:id where :id is a subscriber assigned header rule set. * Improve /api/headerrules data validation and duplicate header rule detection. * It is now possible to expand by /api/headerrules/?expand=set_id field Change-Id: I681bc61c2eed47a8e54847f07f31134f643930c2	2 years ago
Kirill Solomko	1fb8d04136	MT#59615 /api/subscribers skip primary number processing if unchanged * if the primary numner during /api/subscribers update request is unchanged, the primary number processing related logic is not invoked, as otherwise it's a redundant and in some cases (pilot subscriber) time consuming operation. Change-Id: I4cbb0387011f5241fcbdaab1efbb0d4a5caa2143	2 years ago
Rene Krenn	868e2657b6	MT#59597 fix remove trailing+leading % entirely for "wildcard" params Change-Id: I371e2d41ff27b2801ead391778d9a2bdef914563	2 years ago

1 2 3 4 5 ...

5550 Commits (328bce85cc40db0db22b8299a137f6b9eeca13fd) All Branches Search

5550 Commits (328bce85cc40db0db22b8299a137f6b9eeca13fd)

All Branches