* Contract default sound set - subscriber propagation for cases:
- New customer sound set is created as default.
- Customer sound set is changed to default.
- New subscriber creation - setting contract default sound set id.
* The mentioned cases were implemented for both UI and API.
Change-Id: Ia4733c972ae388d3457d0336e3f85b85eec6e9a2
* Users with "system" role can change all items accross the system including the password changing for other users.
* Login "system" has persistant "system" role.
* "system" login name is restricted for the user input.
Change-Id: Ibaecba35a86f71fa8895ce9d9feab8e768b65d14
this fix addresses regression reported by dominik:
* $resource{_password}/{_webpassword} cannot be set before the
form validation as they are effectively removed by it,
causing /api/susbcribers returning no passwords at
all for 'subscriber' roles
* Having them after the patch makes no sense either as next
resource_from_item call will effectively remove them again (in PATCH)
(cherry picked from commit 5e9066c4fb)
Change-Id: I88c9ec40843f1e9a6983952b96c0b0e70fbb1bb1
* An attempt to change own role, login, flags
(except for can_reset_password) now returns
403 Forbidden, User cannot modify own permissions
* POST checks if the admin has necessarry permissions
to create another admin
* PUT/PATCH changing own role is now forbidden
* PUT/PATCH changing other's admin role now checks permissions
* DELETE checks role permissions
Change-Id: I990609985ae9cab6213cf47f5f5c8afba2efdda3
This reverts commit 5e9066c4fb.
This implementation breaks:
* $resource{_password}/{_webpassword} cannot be set before the
form validation as they are effectively removed by it,
causing /api/susbcribers returning no passwords at
all for 'subscriber' roles
* Having them after the patch makes no sense either as next
resource_from_item call will effectively remove them again (in PATCH)
Change-Id: I0e8389e8ab34ad72f1b87a684daba77f1030f8ba
- Optional "role" parameter is added for POST PUT PATCH.
If "role" is provided then the passed flags are ignored and are applied internally by the server according to the provided role.
If "role" is not provided then the former flags based approach is applied.
Change-Id: Ib6e591ff6dc50122e0ec49a348153ca820fc2e03
- Add Role column on /administrator table
- Add Role dropdown input on /administrator/:id/edit
- Add Role dropdown input on /administrator/create
- Implements logic to resolve flags and role id params:
1. role_id is passed(create/edit) then flags will be overrided according to the concrete role.
2. role_id is not passed(create/edit) then flags will be checked to determine role id according to the concrete flags pattern:
Role | Flags
----------- ---------------------------------
system | is_system = 1,
admin | is_superuser = 1
reseller | is_superuser = 0
ccareadmin | is_ccare = 1, is_superuser = 1
ccare | is_ccare = 1, is_superuser = 0
lintercept | lintercept = 1
Change-Id: Ia923a47f664a162d78a06efcc006f84dcd08701d
a multitude of issues popped after introducing bcrypted
webpasswords in the database. most recently the PATCH /api/susbcribers
rail was reported to reset the webpassword unintentionally.
subscriber login fails afterwards, which is a severe issue.
the bugs are adressed by this refactorings. the change also
introduces a global variable
$NGCP::Panel::Utils::Auth::ENCRYPT_SUBSCRIBER_WEBPASSWORDS
to control encrypting webpasswords. it is still enabled as of now,
but it's worth to consider disabling it. there other ways to have
a "cost" for an authentication request, eg. adding a simple
sleep(1sec).
Change-Id: I2d47d54a2d83568546ffdd2b211337a5f56be3a2
* when a domain is provisionined in prosody and there is
no connection to the host/port, the error is ignored and ok
response is returned instead. Prosody does not have a persistent
database and rather loads vhosts from kamailio.domain on startup
and if it is down during domain creation/removal where will be
no discrepancies when it starts. The new error checking behaviour
benefits the CARRIER setups where a proxy host is still in xmlhosts
but is not available (powered off) or prosody is not running there
for some reason.
Change-Id: Idaaaf2b31985873db9228958b60ff14fca5d1bf6
by default, re-rating CDRs of prepaid customers will
not update the contract balances.
in that case the total values on invoice PDFs become
out of sync with the zone details list.
Change-Id: Iba78b6386140012bb087235997880e8c28cc0972
* NGCP::Panel::Utils::UserRole::_field_to_name now supports
both hash and object to parse the roles from
* NGCP::Panel::Utils::UserRole::resolve_role_id returns undef
if no roles has been passed or there are no entries for the
role in the database
* Fix NGCP::Panel::Utils::Journals to correctly fetch and set
$journal{$role_id}
* Adjust api-journals.t, remove tx_id, user_id, role_id from
checks
Change-Id: Ieff23bd4291f3b88ba92bbfc2b00b57f66bf76e1
- role_id is taken from billing.acl_roles and written into the billing.admins table when a new admin user is created/updated via UI/API. This is the first step towards the role based admin user handling.
Change-Id: I0804379cbbcab174cebbb292397a39cb3ea01a31
follow up on TT#147151 (fast loading/paging/searching panel
datatables), which broke restapi tests.
Change-Id: I799cb9087b9405c71dec4c690e7a7bab5dfdbdde
* restore the removed product table join in
get_contract_rs() as get_contract_rs() and product.class are used
in many places in the code that have their own filters by
product.class
Fixes: 133bd43df TT#147151 fast loading/paging/searching panel datatables
Change-Id: I56e20f240ccc08cf1c9a25947f67990691425549
query refactoring an rowcount clipping for UI datatables
that are slow when using millions of subscribers:
contacts
customers
contracts
subscribers
billing profiles
billing networks
billing profile packages
Change-Id: Ia50e3aa52684772548569b6908f0cbc08395a5a7
* Admins with is_system and is_superuser are able to see the items for all roles.
* Admin is able to see own journal.
Change-Id: I3e5d459b08ff7ef218220f1ae11974351121c489
the POST /api/provicioningtemplates/<reseller>/<template>
request will accept text/csv content type to provision
many susbcribers at once.
Change-Id: I59079ba8f2bacc0ce2b1367d2bd1a7251cf4763c
provisioning templates with their dynamic forms
can be executed by a entityitem POST request, ie.
POST /api/provicioningtemplates/<reseller>/<template>
or
POST /api/provisioningtemplates/<readonly template>
Change-Id: I77f6c9d42e1afdb49635d3f11e4d73bcf6269605
* vmnotify() now accepts cli and uuid arguments
* API handling of voicemails is now improved to:
- send a notify if the item's INBOX/Old has been changed
- correctly process DELETE to send vmnotify after the
item's removal
Change-Id: Ic00ae825cf091bce273e55aa37cd0a7ac80d8b0f
* improve select from voicemail_spool to avoid
sequental scan with like '%..'
* select now fetches all messages count
* add old messages count support
* old/new messages are reported as 0 if not returned
from voicemail_spool
Change-Id: I11ac1a407e8d22fe828a17cda55aa3298c6e6f02
* domains do not use billing.domain_resellers table anymore
but instead the new domains.reseller_id field. That is
to remove the unneeded many<>many relation through the
additional table where the actual logic only supports
one(reseller) to many(domains) relation
Change-Id: I1b681543baf1901f19e10c2f6210e4cf6eeb8fbe
* move to_log() and data_to_str() methods to the parent
VendorREST module
* rename send_request() to send_http_request()
* use common send_http_request method for HTTP requests
dispatching
* improve logging
* improve error handling
Change-Id: I403aa8053e4abfaf6992b62809f15ab72e3a06fc
The latest version of the 'ul.add' RPC command of Kamailio
has 11 parameters instead of 9, we have to fix that.
Change-Id: Ic70bde77eada095ddf127e18f3ef7e5b3d91478f
the /api/provisionintemplates rail provides the
operations to create, edit and delete "provisioning
templates" know from the "batch provisioning" feature
of admin panel.
these templates can also be defined in config.yml,
while it is however only possible to edit templates
stored in the database.
executing a template and/or uploading a .csv for bulk
execution will be available in a separate part.
Change-Id: If8627327270edfce5bca1be3b1f777c1bd44e90f
the G2k/LIMA implementation seems to have our error
messages hardcoded in their logic. it stareted to
fail since we added logline obfuscation, which was
also added to response messages in this place.
Change-Id: I36c2a74ed17db7013e692d7cbdccf0dbd44e814e
The ngcp-panel v1 codebase uses 'back=' GET parameters to record
all the navigation path and store it into the session array:
'$c->session->{redirect_targets}'.
On switch from v1 to v2 using the link 'GO TO NEW ADMIN PANEL',
the function 'login_to_v2' is not using the concept of 'back=' GET param,
but ngcp-panel still receives and stores the last value with 'empty' path:
> $VAR1 = bless( do{\(my $o = 'https://x.x.x.x:1443/')}, 'URI::https' );
> $VAR2 = bless( do{\(my $o = 'https://x.x.x.x:1443/subscriber/155/details')}, 'URI::https' );
> $VAR3 = bless( do{\(my $o = 'https://x.x.x.x:1443/subscriber')}, 'URI::https' );
> $VAR4 = bless( do{\(my $o = 'https://x.x.x.x:1443/dashboard')}, 'URI::https' );
The navigation above is a recorded browsing path on v1 (in a reverse order):
- login to ngcp-panel (dashboard page is opened),
- open 'Subscribers'
- open details for some subscriber with id 155
- open subscriber preferences
- click on link 'GO TO NEW ADMIN PANEL'.
As a result user is still located on the same page "Preferences",
but not on v1 but v2 interface. The empty value is inserted into
the array '$c->session->{redirect_targets}' (which is wrong).
The empty path 'https://x.x.x.x:1443/' brakes v2 navigation
for v1 'Back' button inside iframe.
It causes loading of iframe inside iframe,
which happens on v2 due to list of redirections:
- clicking on v1 button 'back' inside v2 iframe requests https://x.x.x.x:1443/back
- it triggers navigation to the top element array 'https://x.x.x.x:1443/' which is wrong/corrupted.
- loading '/' cause 302 redirect to '/v2/' (as 'v2' is a default UI for mr10.0+)
- loading '/v2/' inside iframe cause the issue with 'v2' content inside 'v2' iframe.
This is a commit to prevent inserting an empty 'back_uri' into
the session array '$c->session->{redirect_targets}'.
Change-Id: I69df4320fa8cde4d23a7d9dd18ffb5eb06ee8df1
* kamailio.sems_registrations now uses
kamailio.lcr_gw.id -> peer_host_id
kamailio.subscriber.id -> subscriber_id
for foreign keys consistency withing the same database
Change-Id: I4722729fdee07eb2a153473e85d64faa46eedca5
We need to add an improvement, which fulfills the work of the
registration mechanism for SIP peerings.
Not only do we add here a registration tirggering for peerings,
but also a 'type' is introduced, which is mostly needed for XMLRPC
commands being sent towards SEMS, to let it understand to whom the $sid is related to.
Plus a list of improvements:
- de-register peering host on deletion ;
- de-register peering host on disable / register of peering host on enable ;
Change-Id: I035dfadf6709acb4d106a70f6124f024e719044f
* 'webpassword' field is now also validated for invalid
(non-ascii) characters
* Fix multiple APP input field validation erros to comma joined.
* Adjust 'webpassword' field validation errors to have better
readability when there are multiple validation errors
Change-Id: I21536f97a4da78cc5192a3abd8cd5adef1b819ec
* PATCH: password fields are not removed when
resource is created for apply_patch(), they
are removed under the same condititions later
when hal is generated, that is to ensure that
admin users without the 'show_passwords' flag
as well as subscribers will not run into situation
when they use PATCH and cannot apply it for
"path": "/password" or/and "path": "/webpassword",
as they were removed before apply_patch()
* rework encrypted webpassword detection.
webpasword is detected as encrypted if its length
is 54 or 56 and it contains at least one '$' char,
there is a chance for false positive detection when
a user provides with a plain-text password with the
same pattern but it's very unlikely, as well as
since mr8.5 webpasswords are expected to be encrypted,
and moreover worth case scenario is that the
plain-text password will not be returned to the user
Change-Id: I8ea739cbf728b2134f3ce00cee29da42ab3fb4a3
* Login CSC v2 button is shown on the subscriber's master
data page if www_admin.http_csc.csc_js_enable == 1 or 2
* When the login is triggered an auth token
is generated internally followed by a redirect to
CSC as /?a=auth_token
* move generate_auth_token() into Utils/Auth
* improve generate_auth_token() arguments support
* add /api/authtokens error handling
Change-Id: Idd65400bf8ce6ce48979c736f6a199fb567ffaa4
It was close to impossible to read ngcp-panel debug log due to:
* missing clear marker of the start reuqest processing, use '***' once only
* some personal markers (like '+++++++') have been removed as they have no
meaning for other developers. Let's remove the personal markers and work to
make the panel debug log well readable for all developers.
Change-Id: I69faff3ab2258fc156e88c7b8da0edfef14c3e6e
* the endpoint will receive "type" (expires|onetime)
and "expires" (positive integer representing seconds)
* type will define the expiray method for the token;
onetime: the token expires as soon as it's used, or
after "expires" seconds if not used
expires: the token can be used multiple times until
it expires according to the "expires" param value
* login_jwt endpoint for generating the JWT token for
subscribers has been enhanced to accept the "token"
param, containing the token generated using the
/api/authtokens endpoint
* admin_login_jwt endpoint for generating the JWT token
for admins has been enhanced to accept the "token"
param, containing the token generated using the
/api/authtokens endpoint
* login_jwt and amin_login_jwt will respond with 403
"Forbidden" if the token role stored in Redis does
not match the role of the user that generated it
* /api/authtokens is hidden from documentation for now
Change-Id: I4eb76c2b08f2e24774fa84ba0ccf7412ce8670e8
* add quotation with ~ for square brackets ([])
comming from the database, as it is needed for I18N
Change-Id: Ia1253e90d47858a930a4a9569c2d27993a0cd4bc
* /api/callists "type" field now contains the same call type
value as it is in the database, for flexibility so that
customers can implement their own logic around it, as well as
filtering by the query parameter "type" works as expected.
* For history: in /api/callists in case of direction "in", the type
was replaced with type=call regardless of the what was in the database
Change-Id: I1174b34747fe1b739cd6bfc050911c58c4b0964a
* sip_lcr_reload is now called after "commit" in all API endpoints,
to correctly reflect updated DB changes. It was correct in
/api/peeringrules POST but not correct in DELETE, as well as
also not correct in /api/peeringservers and /api/peeringgroups
* sip_domain_reload does not check if the domain is successfully
reload in kamailio proxy as is logic is redundant, it fails
however if domain reload XMLRPC request failed on any available
proxy servers. Another reason is by default tcp_conn_wq_max
in kamailio-proxy is 32KB by default and that causes an impact
when domain.dump XMLRPC is used on very large domain sets (600+),
as well as sip_domain_reload has improved performance with the removed
XMLRPC domain.dump body parsing.
Change-Id: I17c5718198b06b1ce78b2654f3d7c3bd2830f60b
* restore password field in prepare_resource after
it was deleted in resource_from_item for admins
without show_passwords flag
* the password is restored only in case it's missing
from resource and it's present in DB
Change-Id: I390fb8fb94f4546734cb899c741dc90e439df068
* when a target host times out, instead of generating an error,
the host is skipped, this is due to the fact that some proxy
hosts can be disabled but still present in the xmlhosts table
* introduce new code in $ret = distpach(...), -1 indicates that
the host was skipped because of the timeout.
Change-Id: I0f7b5c64124c6481a142c1821a88ab9c3a652bd1
* give access to subscribers roles to see,
create and update own registrations
* subscriberadmins can manage all registrations
of subscribers under same customer
Change-Id: I643121da901b0ed99fc718106a1632da4e1e1936
* Previous commit for full scan pagination
removed pagination for subscriber_id filter
which was anyway not working properly in
some corner cases
* Introduced usage of Data::Page which correctly
paginates through the results
Change-Id: Ic1c98c090b9e92362ab1f2d9b0de0c39660d9e20
* in mRender (custom_renderers), "data" variable is
a string, therefore data.escapeHtml could not be used
* add new function argument "opt", where it is a dedicated hash
containing custom passable options, so it now looks as
function(data, type, full, opt)
* adapted the existing code to include/use the new argument where
applicable
Change-Id: I4957eece3b2d0f6359cbc8f36caf5a350d7bad95
* blobs can now be uploaded for blob type
preferences using the following form:
"some_blob_preference":
{ "content_type": "/application/data",
"data": "<base64 encoded file content>" },
* upon requesting GET, the "data" field will
contain the string "#blob" to avoid showing
raw blob data; if GET is requested with query
param 'preference=some_blob_pref', the
blob will be downloaded
Change-Id: Idcb6496db1f3244e8f5bae4d06301a6caf35b73f
* Create upload and content type form fields for 'blob'
type preferences
* Implement blob preference upload/download to database
* Show blob content in read only text area if content
is text
Change-Id: Ic4b800f84324eab0aadbf8eeb55c03c770ecc94f
* predefined order_by in the resultset that is used in
Utils::CallLists::call_list_suppressions_rs caused
further $rs->union_all appliance to have an invalid syntax
with order_by inside each "select" where it should have been
outside "union all", therefore "order_by" is disabled
when using call_lists_suppresions_rs
* length(call_id) default order_by is not used when call_id
is specified in the query parameters in /api/calllists,
where explicit order_by and order_by_direction are correctly
applied now when specified
Change-Id: I26ae4f63ef40ba3b80bff9c35dfcda9274d5b81e
* Limit subscriber's extension to a predefined
customer extension range preference (both AP and api)
Change-Id: I0b6ac5c24b3838f07cc561e7ee6b7cfabe69385e
* Registration entries are now removed by
registration username + registration domain
instead of subscriber username + subscriber domain.
That is to account registrations by the device.
Change-Id: I86a0d97fabc2dcd0eda6042a018ed35f64c3f031
* Include alias numbers in registrations removal when
subscriber is terminated, alongside registrations
by username
Change-Id: I5c913c56718e4b9f98f4677c7cd72722ee9f30d3
*Introduce pagination in redis scanning; previously
all the registrations where dumped in an array and
then spliced by page/rows; this was causing huge
loading time for big redis DB's hence the timeout
Change-Id: I1409c48b520d8d860cd8c11aea1a543286aa0334
* conference. subdomain was missing
* mod_sipwise_vhosts_sql module is now taking care of [de]activation
of the subdomains
* send quit command when leaving the console to avoid error in log
> Oct 19 19:22:43 sp1 (debug) prosody[25167]: socket: connection failed in read event: closed
Change-Id: If1d80652efba0a587f29ecc692282c8db067e450
* Remove bootstrap methods from forms and other code
* Delete SipwiseProfile and SipwiseRedirect modules
Change-Id: Iabf6c2730aae27af67830a9470ab176392c1ba50
* Only allow unique values for allowed_clis in
both Admin Panel and API PUT
* In case of PATCH, check only if new clis are
unique, since customers may have systems where
allowed_clis are duplicated already
* Fix tests
Change-Id: I7253271081e7ecc0eae9690a3545ddb5324edac7
* Remove old XMLRPC redirection logic
* Implement Hawk header generation for SRAPS authorization
* Implement bootstraping provisioning profile on SRAPS,
then add the device into said profile
* Implement deletion of device
* Add 'Profile' and 'Product family' fields in SNOM device
models
Change-Id: I44ecf5199a7c04c6b0cb2e969aaa7f75578d874c
* The new endpoint will only accept POSTs
* The request body should have two parameters
called 'new_password' and 'token'
* First, look for the token in redis (for admins),
if not found, look for it in DB (for subscribers),
if neither is found, return
Change-Id: I4163a0d5bd886961317b21aeca20c8ccfdeab0dd
* It will be used in case of devices that
don't need to contact any redirect server
for provisioning
Change-Id: I423993f52b72680d243394e8ca69bd7abdf5022b
* whenever webpassword was not PATCHed, the
request would fail because the resource would
have the encrypted webpassword from the DB
and form valdiation would complai it's too long
* the approach now is to remove the webpassword
from resource before form validation if the
resource has the same webpassword as the DB
(i.e. webpassword wasn't (PATCHed) and then
reassign it to the resource after form validation
Change-Id: I86fab0f4bf789bd3518a74d49daf1a0402f20125
Rene Krenn
Oleksandr Duts
Kirill Solomko
Alexander Lutay
Donat Zenichev
Victor Seva
Flaviu Mates
Marco Capetta