ngcp-panel

Commit Graph

Author	SHA1	Message	Date
Kirill Solomko	4eace822b5	MT#62180 /api/subscribers prevent subscribers from POST/DELETE * regular subscribers should not be able to use POST as they are not allowed to create other subscribers, nor other PBX groups. resource. * they should not be able to use DELETE as they cannot delete themselves nor other subscribers, nor PBX groups. Change-Id: Idaacb344b65ff8c5da9f4c3649a9b4089938a82c	2 months ago
Richard Fuchs	015ee893d9	MT#59979 defuse license logs A missing license is allowable on CE systems. Don't log errors if license is missing. Don't die if sysopen() fails. Change-Id: I00c8ecf361548da6452f1b631d308d9aa8901368	2 months ago
Sipwise Jenkins Builder	60f8c731fb	TT#4166 I18N dump: snapshot 2025.02.13-23.23.38 Change-Id: I0948e6dc4fb346f95e69e9edb979095906a003c9	2 months ago
Rene Krenn	143bd0dba9	MT#62084 contract_id field for /api/topupcash and /api/topupvoucher so far the topup api rails had just a subscriber_id field. for the AUI migration a contract_id field is required. Change-Id: I2b53971ecd0abe06f7e0ff0e72b9bb83d12a4f6b	2 months ago
Kirill Solomko	d5fd8679fe	MT#62093 return 403 Banned for banned users * add banned user redirect for API requests * Urils/Auth move Redis composed keys into functions to increase consistency and avoid typos. Change-Id: I7a6f9b340ac53ffc2ee921410852e36a49587941	3 months ago
Kirill Solomko	9960cd152d	MT#62093 extend user ban keys in Redis * keys now have named fields separated by :: * admin keys now contain admin_id and reseller_id * subscriber keys now contain subscriber_id and reseller_id * this is to make it in line with API v2 implementation Change-Id: Ic32a173cad9b63e63e7754f02ac2649d142b099f	3 months ago
Richard Fuchs	b2b5600c16	MT#61630 invalidate rtpengine cached files Add class to make RPC calls to rtpengine. Add invokations to clear rtpengine audio cache where appropriate, whenever a file stored in DB is deleted or changed. Change-Id: I3660f9f67dfb0c68c1af80a5439982046be3b6f6	3 months ago
Richard Fuchs	1bcc6430a4	MT#61630 turn XMLDispatch into HTTPDispatcher Make the dispatcher content-type agnostic. Add wrapper class XMLDispatch so that existing code can remain unchanged. Extend serialised data in DB with method and content type. Make sure queued data from the DB remains compatible. Change-Id: I999ff715d6500e27ad60cdb3fa902117fa329c63	3 months ago
Rene Krenn	9f4c50c5dd	MT#61558 fix reseller (branding) license restriction some rails got disabled when introducing the fine-grained license restrictions in api/panel, ie. reseller branding. Change-Id: I0b3690d8e0353c31f2c8680db63c4dd4df7600fe	4 months ago
Rene Krenn	fc42ca7564	MT#59447 fix admin LDAP uri Change-Id: Ie9be0d5ea8428a8a96ebfbadb0d285f5082474b5	4 months ago
Sipwise Jenkins Builder	b64fbbe12a	TT#4166 I18N dump: snapshot 2024.12.04-23.23.17 Change-Id: I4f65e63356c5d21680c3700d712ec8e5cd2943c1	5 months ago
Kirill Solomko	1873193814	MT#61673 /api/calllists fix missing type response field * The 'type' field is now present in the reponse as it's described in the form and also the search params but was not rendered correctly because in the database it is as 'call_type' Change-Id: If7b69a33ed9578be6873462dbab79c9a2079b076	5 months ago
Sipwise Jenkins Builder	019f8e81a7	TT#4166 I18N dump: snapshot 2024.11.29-23.29.15 Change-Id: I3925b1d15ffbb1d104a80429d1866686fac8f8e3	5 months ago
Rene Krenn	de0595c089	MT#59447 admin user LDAP authentication #1 Change-Id: Ic31236d933f022b567c74998959267ef9a549b7e	5 months ago
Rene Krenn	358139edee	MT#59447 admin user LDAP authentication Change-Id: I86005af30dee6285d80fe69f020f4a33cb23a608	5 months ago
Guillem Jover	bdbd12613c	MT#61459 Do not use Perl indirect object syntax This syntax is discouraged, and it is not enabled by default any longer starting with the 5.36 feature bundles. Stop using it so that we can eventually bump our minimum required Perl version. Fixes: Objects::ProhibitIndirectSyntax Warned-by: perlcritic Ref: https://metacpan.org/pod/feature#The-'indirect'-feature Change-Id: I3f89ce74908a896027efa825d90eab3d2e53b1ee	5 months ago
Rene Krenn	598f7dbaf4	MT#61513 prevent duplicates in GET /api/callrecordings callrecording metakeys such as "uuid" for the involved call party is present multiple times by nature. the ?subscriber_id= query param will then narrow down the result. alongside an implicit role filtering (reseller/subscriber), the sql join and filtering for the uuid key is present 2 times however, and multiplied records slip through. this can be prevented with DISTINCT. to avoid performance impacts and consider other metakeys orrcuring multiple times, it will be applied only if a filter is present. Change-Id: I08047aaee265e2e0a706220e03fd4617da16d33c	5 months ago
Rene Krenn	1c09e2773a	MT#60197 support deleting call recordings per subscriber admin panel will no longer delete callrecordings for all parties of the call, but the single subscriber only. rest-api, behaves the same way, if the ?subscriber_id= parameter is provided. when a callrecording is deleted by all call parties, the remaining records and recording files will be dropped. Change-Id: I61f667bdb074a935a8a04473a3685b10e5e09222	6 months ago
Marco Capetta	97adbaf8e7	MT#60864 Fix Sync Email Templates button behavior The 'Sync Email Templates' button is shown in the Email Templates page in case some templates is missing for a reseller. The problem is that the button takes into consideration also resellers that are already terminated and for which the template is not needed anymore. Thus the query has been in fixed in order adding: r.status != 'terminated' Change-Id: I2dd551166ae777c8967eae3bda989b669b46b5c0	7 months ago
Kirill Solomko	e83588874b	MT#60553 handle API subscriber timezone field separately * timezone field for SubscriberSubAdminAPI form is now Text instead of +NGCP::Panel::Field::TimezoneSelect because the template => 'helpers/datatables_field.tt' produces a field validation error, as well as the Field is designed for UI and not API. * add validate_timezone() field validation to SubscriberAPI and SubscriberSubAdminAPI forms. Change-Id: I6391694284477976d8d6cee71a81e2241bd94937	7 months ago
Marco Capetta	f9a328f83d	MT#61065 Fix 'cli' preference removal In commit `b51c0c9698` the possibility to change the 'cli' preference by subscriber and subscriber_admin was added (under certain limits). On the other hand, the additiona of that part of code broke the possibility to remove the preference using the PATCH api. It is a very uncommon scenario though, but it seems anyway used by some customer. We may think to deprecate this possibility one day, but till then we don't have to create regression to customer. Change-Id: Ie695b567929eb79b1ba63d3c5a31ae5ce7b559bd	7 months ago
Kirill Solomko	55b27b3f2a	MT#61100 add pbx device/firmware search by type/tag Change-Id: Id41acdee57274d2791748f9e9d29f0d5f05b1965	7 months ago
Marco Capetta	d40126ef0a	MT#60756 Fix subscriberprofiles POST api call as reseller Administrators with reseller role were not able to create new subscriberprofiles because API was fialing with 500 error. In particular: LOG="«DBIx::Class::Row::store_column(): No such column 'reseller_id' on NGCP::Panel::Model::DB::voip_subscriber_profiles at /usr/share/perl5/NGCP/Panel/Controller/API/SubscriberProfiles.pm line 172» The error was caused by the addition of the reseller_id info in the $resourse even if not needed. Change-Id: I7970a2716d7af959639937a9a844160ab73a9176	8 months ago
Kirill Solomko	a7589aeba8	MT#60877 /api/preferencemetaentries accept default_val as boolean * default_val is now correctly accepted as either 1/0 or true/false * fix 500 error when default_val is provided as JSON true/false Change-Id: Id6db9c13ae458ddd61e5a68865249eb4e3e124bf	8 months ago
Kirill Solomko	a3945269fc	MT#59449 fix perform_auth to send correct realm to ban check * perform_auth $realm is in a form of a subrealm, e.g. api_admin_http api_admin_jwt, etc. where for bans check it's 'admin' realm. Therefore, user_is_banned() is now called from there using explicit 'admin' realm as the argument. Change-Id: I3a10a9b492bf9dbe83ddd34a8851e83b23f90587	8 months ago
Kirill Solomko	bbd44f16fa	MT#60858 add /api/passwordchange endpoint * the new endpoint accepts new_password fields and enables for authenticated user a mechanism to quickly change their password * the global password validation rules are enabled * returns 204 No Content * if user's password is expired, the endpoint is the only accessible for the user to change the password and unlock other endpoints. * a few fixes in validate_password() to correctly fetch provisioning subscriber for password change scenarios and webpassword field Change-Id: I906fcfe5c780b850d322b46b445b54c054767673	8 months ago
Kirill Solomko	e09de1e781	MT#60558 invoke max subscribers/group license check only on POST * max subscribers/group license check is invoked only on POST to enable clients to modify existing entries even if the threshold is reached. Change-Id: I858b42ada5c95c179f901e43837b15358027011b	8 months ago
Kirill Solomko	46d297dec2	MT#60656 improve 403 Password Expired for expired passwords * 403 Password Expired is now correctly returned for POST /login_jwt when a password is expired, instead of returning the token. * 403 Password Expired is now correctly returned for API requests and redirect to /changepassword only happens for non API requests. * improve Utils::Auth::check_max_age() to accept also $auth_user and $ngcp_realm for cases (like /login_jwt) where there is an authenticated user but there is no $c->user. Change-Id: I302ad8654bdf16fe0882625fd6e9a8bba7a8ad42	8 months ago
Kirill Solomko	4b00a59d99	MT#60710 fix pbxdeviceprofiles allowed_roles typo Change-Id: I29e48ca8a8db9ab6751c0fef1399932d62195e48	8 months ago
Kirill Solomko	f3bc8097e7	MT#60710 add missing DELETE method for pbx endpoints * enable DELETE method for: - /api/pbxdevicefirmwares/ - /api/pbxdevicemodels/ - /api/pbxdeviceprofiles/ * /api/pbxdeviceprofiles fix allowed_roles for 'subscriberadmin' to only allow GET method Change-Id: I4ed8f591529e161aa08648c99093459128b55203	8 months ago
Kirill Solomko	b97be4502d	MT#60709 add PBX expand by device_id,profile_id,config_id * device_id, profile_id (device related), config_id are now expandable in the respective /api/pbxdevice* endpoints. * fix expand collection logic to avoid ambiguous 'order by id'. Change-Id: I0b1f4b3da093fb04a30e5097881af6131c1afe46	8 months ago
Kirill Solomko	78dfb7f7d8	MT#60656 do not check max_age if user does not exist * prevent max age check if user does not exist (not logged in) and return 1 instead. Change-Id: I5d1af5f46eec6a3eea6df0d719a35d1fedb19b3e	9 months ago
Kirill Solomko	b041888807	MT#60656 add max_age password validation support * UI: password are now validated against $c->config->{security}{password}{web_max_age_days} (unless it's 0) and if the password is expired the user is redirected automatically to /changepassword page, and after successful password change back to the original page. * API: if password is expired all API requests will be returning 403 Forbidden "Password expired", except PUT/PATCH to /api/admins or /api/subscribers with the new password in place. * successful login on the UI now redirects to /dashboard instead of / (to prevent unintended redirect to v2) Change-Id: I075f8e17cc9b0658d6b3b3d526ca5b379d050ce4	9 months ago
Marco Capetta	a2a01d4690	MT#59979 permit GET on resellers and billing profiles items even without license In some cases the UI requires to GET information from a specific reseller or billing profile because needed to show/created other endpoints (for example 'customers'). Due to that it has been added the possiiblity to do the GET not only of the list of the resellers and biling profiles, but also of each specific item. Change-Id: Iebbbbc494ce71e616d8e41ca20e97bebce7998b8	9 months ago
Kirill Solomko	c7ae8c1dcf	MT#60300 fix sound sets list rendering for reseller * fix code typo that prevented correct rendering of the sound sets list for reseller roles Change-Id: I35ea38a37932b8dd563a0b95f7e2481a5c45cdbe	9 months ago
Kirill Solomko	0a9fb5d28b	MT#59449 fix subscriber auth attempts without username * subscriber login attempts without Basic Auth are now correctly intercepted and returned as 403 Forbidden Change-Id: I3deb60d8ac4f107bccd6422d27426e39a39e50f1	9 months ago
Kirill Solomko	c4c710e7dc	MT#60558 fix max_pbx_groups $c argument typo Change-Id: Id0c4d2078c98d20d236851e977439959624d1491	9 months ago
Kirill Solomko	e2e1776090	MT#60558 move max license checks for POST /api/subscribers * the relevant max license checkes are moved from Controller::API::Subscribers::POST to Utils::Subscribers::prepare_resource because there we fetch customer_id from the pilot subscriber in case of pbx subscriberadmin requests that is neccessary for PBX subscribers max license check. Change-Id: I2d1c212d73fe5b9295d1595b4fffebeb67b61e5a	9 months ago
Kirill Solomko	65ae07a97b	MT#60601 obfuscate password/webpassword in API valdiation errors * plain text passwords are obfuscated in validation errors returned by API Change-Id: Iff989696ce09faff34692eaa129aee6981340a97	9 months ago
Kirill Solomko	4a9a632da1	MT#59449 sub auth fix possible username without undef domain * perform_subscriber_auth(): check if domain is undefined and use only $user, otherwise $user . @ . $domain. Change-Id: I3d342fb2c4768c2b7b3e0c08ea41e429b83e9683	9 months ago
Kirill Solomko	2972d3b62d	MT#59449 add progressive user bans support * users are now progressively banned. * ban_min_time is used to ban a user for the first time. * consecutive ban is ban_min_time + ban_increment * ban_increment_stage * ban_max_time is the absolute maximum ban time that is not increased any further. * a successful login resets the ban_increment_stage. Change-Id: I4d7e1a93d7a21d21a0dcf69d856a872d2ed75ea0	9 months ago
Kirill Solomko	f383837ea9	MT#60595 add expand by package_id * package_id field can now be expanded Change-Id: I6555134fbc5c50aae49a64876712fcc8678385f2	9 months ago
Kirill Solomko	e6b29d3e7b	MT#59449 fix password validation enabled/disabled, admins * correctly detect and skip password validation when sip_validatation or web_validation is not enabled respectively * better detect web password for admin users * /api/admins PUT/PATCH now also correctly checks last used passwords Change-Id: I9a6fa9b8e30ae2b81d2852dec0e1f9d858be13ef	9 months ago
Kirill Solomko	cfe0a44b8d	MT#60585 add user ban by IP address, ban JWT invalid attempts * ban users by IP addresses * ban invalid JWT attempts Change-Id: I0c7746aa751ca96cba0ce4d1388646ba4890a422	9 months ago
Kirill Solomko	60fa23cb68	MT#60585 add user ban support * users for admin/subscriber realms are now banned if failed to login X amount of times (UI/API). * rework Redis connection and it's now a Catalyst plugin NGCP::Redis accessed by $c->redis_get_connection({database => 19}), the connection per database, per worker process is established only once and then reused (with auto built-in reconnect support). * remove Utils::Redis.pm as it does not have any code/logic anymore. * ban values are taken from $config->{security}{login} as - ban_enable: 1 - ban_expire_time: 3600 ban expire time in seconds - max_attempts: 5 * if max_attempts set to 0, the ban functionality is disabled as it requires to be at least 1 to work. * upon successful login or ban, the failed attempts counter is removed * the failed attempts counter is also removed automatically with the expire time equals "ban_expire_time" or otherwise 3600 seconds. * user bans are logged into panel.log * banned user receives exactly the same return page/codes as per invalid logic. Change-Id: I05cc68c623ee289488fc64f1af50527004dcaae1	9 months ago
Kirill Solomko	d9f283cbc8	MT#59449 enhance password validation and handling * passwords are now validated based on - minlen - maxlen - min lower case chars - min uppper case chars - min digits - min special chars * Data::Password::zxcvbn is used to calculate password score and reject passwords with score < 3 as weak (this library is ported from the Dropbox password validation) * Add password journals and check last used passwords in the journals * Improve password generator javascript function to generate a password with at least 4 of each of the char group types. * Currently affected are subcriber and admin entry creation or modification via UI/API * NGCP::Utils::Auth add optional bcrypt_cost support as last argument for generate_salted_hash and get_usr_salted_pass Change-Id: I100c25107d91741d5101bc58d29a3fa558b0b017	9 months ago
Kirill Solomko	43d112bd5e	MT#60558 add max subscribers/groups license checks * max_subscribers, max_pbx_subscribers, max_pbx_groups license checks are added for subscriber/group creation in UI/API * new accessor $c->license_meta that returns meta license flags hashref * new accessor $c->license_max_subscribers * new accessor $c->license_max_pbx_subscribers * new accessor $c->license_max_pbx_groups * the new accessors (except license_meta) return -1 instead of 'unlimited' to ease off comprarsion * 403 Forbidden is returned by the API if a license is violated. Change-Id: I3f5a949efc84bf85b76b33404b37b362ec484d5f	9 months ago
Kirill Solomko	9d021be65a	MT#59979 add license control * UI and API parts are now under license control * new Util::License::get_license($c, $name) - fetches license status by name (1 if enabled, and also if /proc/ngcp/check if 'ok') * add Catalyst::Plugins::NGCP::License with license($name) to fetch valid license by name from anywhere using $c->license('pbx') or from the templates using c.license('pbx'). It internally uses Util::License::get_license($c, $name) * License::get_license_status($c) now requires $c as first argument as well logs license status check errors. * new ActionRoles::License that enables usage of :Does(License) RequiresLicense('pbx') LicenseDetachTo('/denied_page') in the Controller chains * Add license control for UI elements and return 403 Forbidden if a resource is covered by licenses and the license is not active * Hide UI elements if a license is not active * API/Entities/Entities new $c->set_config key: - per endpoint: $c->set_config({ required_licenses => [qw/pbx device_provisioning/] } - or per method: $c->set_config({ required_licenses => { POST => [qw/pbx device_provisioning/] } } } * In case if an API endpoint does not have a license: 403 Forbidden "Invalid license" reply is returned. * Add license based restrictions to API endpoints * /api documentation: - completely hide endpoints that do not have an active license - hide only methods that does not have an active license Change-Id: Iba45fc5068b02306a617fed7b5405f2210574b61	9 months ago
Rene Krenn	9c103302c8	MT#60575 dynamically load provisioning templates module Change-Id: Ibff509825f82a75c9b0221505a1673d78b401989	9 months ago
Marco Capetta	551cc2fb98	MT#60515 rename hm inbound/outbound directions to a_inbound/a_outbound inbound/outbound no longer represent the "full" direction and belong only to A leg, so they are renamed to a_inbound/a_outbound accordingly. Change-Id: I639b799c3649c9b3ca78eee831b49ef0cfa14287	9 months ago

1 2 3 4 5 ...

3901 Commits (4eace822b5730e53e6fe99173e932e2b50a0c6d0)