* add quotation with ~ for square brackets ([])
comming from the database, as it is needed for I18N
Change-Id: Ia1253e90d47858a930a4a9569c2d27993a0cd4bc
* /api/callists "type" field now contains the same call type
value as it is in the database, for flexibility so that
customers can implement their own logic around it, as well as
filtering by the query parameter "type" works as expected.
* For history: in /api/callists in case of direction "in", the type
was replaced with type=call regardless of the what was in the database
Change-Id: I1174b34747fe1b739cd6bfc050911c58c4b0964a
* sip_lcr_reload is now called after "commit" in all API endpoints,
to correctly reflect updated DB changes. It was correct in
/api/peeringrules POST but not correct in DELETE, as well as
also not correct in /api/peeringservers and /api/peeringgroups
* sip_domain_reload does not check if the domain is successfully
reload in kamailio proxy as is logic is redundant, it fails
however if domain reload XMLRPC request failed on any available
proxy servers. Another reason is by default tcp_conn_wq_max
in kamailio-proxy is 32KB by default and that causes an impact
when domain.dump XMLRPC is used on very large domain sets (600+),
as well as sip_domain_reload has improved performance with the removed
XMLRPC domain.dump body parsing.
Change-Id: I17c5718198b06b1ce78b2654f3d7c3bd2830f60b
* restore password field in prepare_resource after
it was deleted in resource_from_item for admins
without show_passwords flag
* the password is restored only in case it's missing
from resource and it's present in DB
Change-Id: I390fb8fb94f4546734cb899c741dc90e439df068
* when a target host times out, instead of generating an error,
the host is skipped, this is due to the fact that some proxy
hosts can be disabled but still present in the xmlhosts table
* introduce new code in $ret = distpach(...), -1 indicates that
the host was skipped because of the timeout.
Change-Id: I0f7b5c64124c6481a142c1821a88ab9c3a652bd1
* give access to subscribers roles to see,
create and update own registrations
* subscriberadmins can manage all registrations
of subscribers under same customer
Change-Id: I643121da901b0ed99fc718106a1632da4e1e1936
* Previous commit for full scan pagination
removed pagination for subscriber_id filter
which was anyway not working properly in
some corner cases
* Introduced usage of Data::Page which correctly
paginates through the results
Change-Id: Ic1c98c090b9e92362ab1f2d9b0de0c39660d9e20
* in mRender (custom_renderers), "data" variable is
a string, therefore data.escapeHtml could not be used
* add new function argument "opt", where it is a dedicated hash
containing custom passable options, so it now looks as
function(data, type, full, opt)
* adapted the existing code to include/use the new argument where
applicable
Change-Id: I4957eece3b2d0f6359cbc8f36caf5a350d7bad95
* blobs can now be uploaded for blob type
preferences using the following form:
"some_blob_preference":
{ "content_type": "/application/data",
"data": "<base64 encoded file content>" },
* upon requesting GET, the "data" field will
contain the string "#blob" to avoid showing
raw blob data; if GET is requested with query
param 'preference=some_blob_pref', the
blob will be downloaded
Change-Id: Idcb6496db1f3244e8f5bae4d06301a6caf35b73f
* Create upload and content type form fields for 'blob'
type preferences
* Implement blob preference upload/download to database
* Show blob content in read only text area if content
is text
Change-Id: Ic4b800f84324eab0aadbf8eeb55c03c770ecc94f
* predefined order_by in the resultset that is used in
Utils::CallLists::call_list_suppressions_rs caused
further $rs->union_all appliance to have an invalid syntax
with order_by inside each "select" where it should have been
outside "union all", therefore "order_by" is disabled
when using call_lists_suppresions_rs
* length(call_id) default order_by is not used when call_id
is specified in the query parameters in /api/calllists,
where explicit order_by and order_by_direction are correctly
applied now when specified
Change-Id: I26ae4f63ef40ba3b80bff9c35dfcda9274d5b81e
* Limit subscriber's extension to a predefined
customer extension range preference (both AP and api)
Change-Id: I0b6ac5c24b3838f07cc561e7ee6b7cfabe69385e
* Registration entries are now removed by
registration username + registration domain
instead of subscriber username + subscriber domain.
That is to account registrations by the device.
Change-Id: I86a0d97fabc2dcd0eda6042a018ed35f64c3f031
* Include alias numbers in registrations removal when
subscriber is terminated, alongside registrations
by username
Change-Id: I5c913c56718e4b9f98f4677c7cd72722ee9f30d3
*Introduce pagination in redis scanning; previously
all the registrations where dumped in an array and
then spliced by page/rows; this was causing huge
loading time for big redis DB's hence the timeout
Change-Id: I1409c48b520d8d860cd8c11aea1a543286aa0334
* conference. subdomain was missing
* mod_sipwise_vhosts_sql module is now taking care of [de]activation
of the subdomains
* send quit command when leaving the console to avoid error in log
> Oct 19 19:22:43 sp1 (debug) prosody[25167]: socket: connection failed in read event: closed
Change-Id: If1d80652efba0a587f29ecc692282c8db067e450
* Remove bootstrap methods from forms and other code
* Delete SipwiseProfile and SipwiseRedirect modules
Change-Id: Iabf6c2730aae27af67830a9470ab176392c1ba50
* Only allow unique values for allowed_clis in
both Admin Panel and API PUT
* In case of PATCH, check only if new clis are
unique, since customers may have systems where
allowed_clis are duplicated already
* Fix tests
Change-Id: I7253271081e7ecc0eae9690a3545ddb5324edac7
* Remove old XMLRPC redirection logic
* Implement Hawk header generation for SRAPS authorization
* Implement bootstraping provisioning profile on SRAPS,
then add the device into said profile
* Implement deletion of device
* Add 'Profile' and 'Product family' fields in SNOM device
models
Change-Id: I44ecf5199a7c04c6b0cb2e969aaa7f75578d874c
* The new endpoint will only accept POSTs
* The request body should have two parameters
called 'new_password' and 'token'
* First, look for the token in redis (for admins),
if not found, look for it in DB (for subscribers),
if neither is found, return
Change-Id: I4163a0d5bd886961317b21aeca20c8ccfdeab0dd
* It will be used in case of devices that
don't need to contact any redirect server
for provisioning
Change-Id: I423993f52b72680d243394e8ca69bd7abdf5022b
* whenever webpassword was not PATCHed, the
request would fail because the resource would
have the encrypted webpassword from the DB
and form valdiation would complai it's too long
* the approach now is to remove the webpassword
from resource before form validation if the
resource has the same webpassword as the DB
(i.e. webpassword wasn't (PATCHed) and then
reassign it to the resource after form validation
Change-Id: I86fab0f4bf789bd3518a74d49daf1a0402f20125
On 8/21/20 7:17 AM, Zhang Jason wrote:
> For the RPS, we switched to new EDS domain:
> https://api.eds.al-enterprise.com
>
> And for the previous domain name,
> to keep compatibility, it’s still usable;
We need to switch to new URL as old one works in
backward compatibility mode only.
Change-Id: I9c0db38a9422f32c79940fb79581d47c75e8fce5
unfortunately, preference types were changed over time,
eg. some boolean prefs were turned into enum prefs.
this requires an api client to adopt accordinngly. if
this is not an option, this change allows to add simple
workarounds in the rest-api directly, by registration
of transformation functions for specific preferences.
Change-Id: I215f0e19cd861c67c51e42fd1ab6560e56132041
* The new endpoint will only accept POSTs
* The request body should have two parameters
called 'type', 'username' and 'domain'
* 'type' will accept either 'administrator',
in which case only 'username' is needed,
or 'subscriber', in which case 'username'
and 'domain' will be needed
* The regular password reset email will be sent
to either the admin or the subscriber
Change-Id: If1457c8c625a95295e5e93b6637927e3905698d9
* Add check for existence of webpassword on subscriber
log in to prevent the code from trying to use the
undefined password
* Subscribers with no webpassword cannot log in the old CSC
Change-Id: I7b82c014fa5f70fa36ee7282db94a747e54ce2ae
* new c.users.role 'lintercept', that set to when an admin user has
enabled 'lawful_intercept' flag
* only Administrator page /api/admins and /api/interceptions are available for
the role
* 'lintercept' role can only see own user and only change password
and email
Change-Id: Iadcb022a124afbd77b224e734026f380af0170e8
* As click2dial2 was implemented for pro versions,
the version of click2dial is now in ngcp_panel.conf
and it will be taken from there
Change-Id: Iee1d6eea2cae3a80616272bd3fd5bce9b35fc496
* Introduce endopint '/resetpassword' for asking for
password reset using admin username
* Create form for introducing username
* Create url with unique token pointing to '/recoverpassword'
where admin user can introduce new password and email
said url to admin's email address
* Create form for setting new password
* Store username and unique token in Redis expiring
in 5 minutes to store password reset attempt
and identify it when user accesses url in email
* Limit admin access to be able to only change own password
due to new password reset possibility as requested in
TT#76110
Change-Id: Ie3acb961444398afa5b2fdc85e3ca8ceccf9244a
- persist prov tmeplates in the database: create, update
and permanently remove them again.
- prov templates from config.yml are still supported,
but cannot be edited though. the templates from
config.yml are merged with those from the db.
- each reseller can have their own prov templates,
while the prov templates from config.yml are visible
to all.
- YAML syntax highlighting and parse check when saving.
Scripting language (perl/javascript) is currently parsed
when executing a provisioning templates only. It is
possible to further extend the parsing checks.
- the prov template "name" + reseller is the unique
identifier. relevant also for the command line tool.
Change-Id: I58d7c54fa82fe512b263b3219bfc84d7e49c56a8
* Change the way webpassword is handled accross
NGCP Panel UI/API to comply with new password
encryption
* At login, if password is not encrypted with
high cost due to the ngcp-bcrypt-webpassword
script, encrypt it with proper cost
* Accept old password format as well until all
webpasswords are encrypted
Change-Id: Iefa9584a62ab4b7d2a224d10bdd415e9cbb8dfb5
* /admin_login_jwt now returns a JWT token for admin
users and also the JWT token is supported in the
authorization process for the admin requests
Change-Id: I987640d46bd8a339a959a6b2efb65b6dce06bf8c
OWNER_VAT_SETTINGS = 1: apply the callist "owner's" VAT settings
(VAT rate and Add VAT Y/N) for each CDR displayed.
OWNER_VAT_SETTINGS = 0: apply the CDR's source/destination
account's VAT settings for each CDR individually.
Change-Id: I08cc88afeb0a0c7cc5592b9542dc9da25bb86286
* Deleting or diasbling a peering server was leaving
the peer_probe value in kamailio htable which was
falsely identifying peering server as up when it
was actually down
* Sending htable.delete peer_probe whenever deleting,
disabling or disabling 'probe' for a peering server
fixes the issue
Change-Id: Ie54fd4bd00391a0cc02544d8d7b55108240c74e8
acquire the billing.contract row lock *before* any
unordered billing.voip_numbers rowlocks by
sub manage_subscriber_numbers().
- "deadlock" waittimeout errors will cease when
creating subscribers concurrently via api
- max_subscribers, is_pilot and other per-contract
constraints will be respected accurately
Change-Id: I73bb7525b327bbb09217b790be9c14cc65ddebcc
* Obfuscate nubmers from the same customer which have
CLIR enabled if calllist_clir_scope is set to 'all'
Change-Id: I1953cb760fec5b4921adb2b3c25b7a2a2d2605a7
* A new endpoint is now available that will
return subscriber's preferences and also
the preferences that the subscriber inherits
from its domain
Change-Id: Iaa29fbe57d520f79ac7051dc8fd151d26df41384
- prevent unneccesary redis "scan"s
- avoid filter/scan (iterating all registrations) by properly
un-aliasing filednames
- ignore any registration of subs that no longer exists
- apply the fixes for ->search(), but also ->find()
Change-Id: I32c89482fc06e76b0369034cd8f3eda24ebbe1bf
* Implement checking/creation of server, profile
and prepare request for device creation on ALE
RPS
* Prepare request for device deletion on ALE RPS
* Changes in Panel to support provisioning via
the ALE RPS
Change-Id: I24b62c03b64c56fcbcabea71428d0b70b46706e6
This program allows to run a 'provisioning template' defined
in config.yml. This will produce a subscriber setup including
required billing contact, contract, preferences, etc. from an
input form defined by that template. The form fields can be
passed as command line options.
Change-Id: I9e155c5ad192937b859f0df97e206c1192e88770
* Change condition that was defaulting to
one banned user in case of looking by
a non-existent id; it now returns empty
array which is causing the correct
'entity not found' error
Change-Id: Id3191ae78e7804fb62420bf15b292207c087234d
* Add the new fields to the Billing fees form
* Add the new fields to the csv order for
download and upload to work
* Change tests to include the new fees fields
Change-Id: If45bfe4f39ccd0283c72071489f5930eab2c37e9
* Change DB fetch to get reseller based on
subscriber's customer rather than domain
* Added check for existence of field before
filtering by it. This was actually causing
non-superusers to not see registrations
Change-Id: I7bd39dfcd24a2bc8793a49ba58ab4b2f49f4c821
Let's encapsulate the knowledge about ngcp-collective-check into the
same perl module, instead of leaking the implementation details in
multiple places.
Change-Id: I3efe0b9704f9c149dae50bf4d323853b819127c8
* Create new 'Select' field type that includes
'translate' attribute which shows is a field
should be translated
* Change fields that should not be translated
to the new field type
Change-Id: I723e82e609a7b4fc879e4fe708227c012cba1923
* Retrieve statistics details from
ngcp-collective-check
* Restore statistics widget to display
either "All services running", "Errors"
or "Warnings" according to collective-
check result
* Create pop-up modal to display ngcp-
collective-check results
Change-Id: I094a51ad1905d2bf968775dd43480c94a7a440b8
* ccareadmin and ccare roles have full access to
Customers, Subscribers and their preferences/settings,
and read-only access to BillingProfiles,InvoceTemplates,
EmailTemplates
* ccare role is restricted to the related reseller
Change-Id: I6cf7d3adf912f0fa98d1ef5c02abea2f4331ec4b
* The timeout was defaulting to 300 for
any call forward besides URI. Removing
a sepcific validation for this case fixed
the issue
Change-Id: I2658d77cee08567047c40fb2b3711f5870b49d25
* make search by domain strict when redis usrloc is enabled
and multidomain=1 to omit entries without domain and
vice versa, omit entries with domain when multidomain=0
Change-Id: Ia64c87596ea02b9e5dcc9789751a639ef0c6a0b7
* Kamailio location accepts location based on
ngcp_panel.conf: sip.usrloc_expires_type option,
that is taken from config.yml
kamilio.proxy.usrloc_expires_type.
* adjust api-subscriberregistrations.t to support
sip.usrloc_expires_type
Change-Id: Ia040c63ef2e0cc711812f4a4d17093ae753531aa
for panel UI datatables such as callhistory, automatic rowcount
clipping comes into effect, to prevent pageloads taking minutes
with large calllists.
the clipping also requires special handling of any queries
with an OR clause, which we explicitly expressed as compound
queries (set operations eg. UNION) meanwhile (fortunately!).
this allows to improve the query speed in such cases, by injecting
the filter condition to each subset query.
when introducing this technique, it was clear to sacrifice
ordering of the result, since sorting is pointless when merging
clipped subsets with UNION. allthoug the UI provides a subtle
hint whenever clipping occurs, this is not intuitive to users
(what else).
this is an attempt to improve the situation by applying the
order clauses to the subsets. this way eg. the initial sorting
(timestamp descending) of the callhistory datatable should show the
recent items properly and effectively clip away the older entries.
Change-Id: Ia249e96ac4330cfcdb4905ce2cd0b925aace80f4
* switch from Moose to Moo reduced memory consumption
* rework RedisLocationResultSource to use AUTOLOAD
instead of creating accessors in BUILD (that is very expensive
considering the amount of rows, multiplied by the overall amount
of entries). Now the object creation takes sub 0.0001 sec from
0.017 sec as before.
Change-Id: I9917ff38266ce89297adf55d75c40dd5f16a435b
the client cert serial was taken from epoch time in secs.
if a computer is fast enough, there is the chance a
subsequent POST /admincert did not invalidate the old cert
properly (as expected by api-cert-auth.t), but created an
identical one.
Change-Id: Ifd906489029efd17df0997c5aceec3ac1db08fb1
adds gdpr obfuscation quoting for:
+ subscriber numbers
+ subscriber ip addresses
+ subscriber usernames
+ any logmessage "DATA": query parameters, form data, response data
+ subscriber uuid's
+ call id's
+ callforward sip uri's
the quoting is centralized by $c->qs() ("quote sensitive"), using
catalyst plugin mechanism.
escape symbols are set to « (\x{ab}) and » (\x{bb}).
generate_logfile_data_inventory.pl was modified to mark loglines
with "gdpr affected" status, if $c->qs() was used in a log message.
Change-Id: I0f42d7992594232ae33e5666b0a64009211c5b76
* Fix obfuscation in /api/conversations.
Suppresion columns were not retrieved
accordingly because of the need of
suppresion aliases. The issue was solved
by caching the aliases in the stash.
Change-Id: I5b438585fa6538085d4615dd1b98ab08bfb2ffe6
* due to Net::HTTP internal responses handling when
keep_alive is enabled that causes connections that
send an empty body back entering a blocking socket
read scenario and breaking the connection.
Change-Id: I9bb691299012f8e6b943a56e080edf7f73f827f1
* add a check in Subscriber::apply_rewrite that
the provisioning subscriber object exist,
to address cases when a subscriber is terminated
Change-Id: I1ad16f448c4efcf80eedb08ef3f6c014769ff5fd
It works well now for Panasonic, Polycom, Yealink
Snom works (403 response) if change current host
provisioning.snom.com to
secure-provisioning.snom.com
Without this change we need to disable name checking, and then the same get 403 response code with short html description (so, ssl works).
Change-Id: I1743d2dcb33557a7cf9898aef56f00074b9141a2
* subscriber_only UI header rule set is now
automatically created only when a first rule
is created and removed with the last rule
Change-Id: I7c0be5a3e89e050e97441c4baaf355769db9867b
The is_devid and devid_alias were not properly saved and re-loaded
in edit, nor was their status shown in the master data.
Change-Id: If3403b5baa6135b4171e7b523aaa56de0fc5cb10
* UI: subscriber Preferences" page now contains
a new "Header Manipulations" tab that enables
setting header manipulation rules per subscriber.
They are applied in the following order:
- domain header rule set is applied (if defined)
- subscriber header rules are applied (if defined)
An internal header rule set is now created per subscriber
automatically, if used from the UI
* API: /api/headerrulesets now supports "subsriber_id",
when a whole collection is fetched without ?subscriber_id
only records where subscriber_id = NULL are returned
by default
* fix "read only" UI elements representation in the datable
for header rule sets, rules, conditions, actions
Change-Id: I3e80d1899c577055f3603e80bb3a13d70c5b22cf
when passing the ?tz=Europe/Vienna with POST/PUT/PATCH, the
callforward timeset period definition input will be converted from
Europe/Vienna timezone to system timezone before persising to DB.
when passing the ?tz parameter with GET requests, the
callforward timeset period definition from DB will be converted
to the given timezone.
the ?use_owner_tz parameter will take the subscriber's inherited
timezone.
disarmed in code for now.
Change-Id: If4e130b241c28821844e0700231d1cd6883bcbfb
* kamailio does not accept non-sip tcp messages with an empty body,
therefore, also sending the invalidating set_id in the body
is correctly processed by the kamailio endpoint
Change-Id: I4e4f04bd5279e6f7e39f947d54e656737f81e0e5
- All item_rs modifications should be done before we get rows, so apply order_by before pager
- We can't distinguish if subscriberregistrations really has column or not if we return true for all columns.
We will use has_column only in cases when it returns something really meaningful.
- Subscriberregistrations can't order by nat and subscriber_id
Change-Id: I04b7bb719ee058590a7705c6411cb08bcfb15387
Kirill Solomko
Marco Capetta
Flaviu Mates
Rene Krenn
Victor Seva
Alexander Lutay
Guillem Jover
Andreas Granig
Irina Peshinskaya