* UI: password are now validated against
$c->config->{security}{password}{web_max_age_days} (unless it's 0)
and if the password is expired the user is redirected automatically
to /changepassword page, and after successful password change back
to the original page.
* API: if password is expired all API requests will be returning
403 Forbidden "Password expired", except PUT/PATCH to /api/admins
or /api/subscribers with the new password in place.
* successful login on the UI now redirects to /dashboard instead of
/ (to prevent unintended redirect to v2)
Change-Id: I075f8e17cc9b0658d6b3b3d526ca5b379d050ce4
* users for admin/subscriber realms are now banned if failed
to login X amount of times (UI/API).
* rework Redis connection and it's now a Catalyst plugin NGCP::Redis
accessed by $c->redis_get_connection({database => 19}), the connection
per database, per worker process is established only once and then
reused (with auto built-in reconnect support).
* remove Utils::Redis.pm as it does not have any code/logic anymore.
* ban values are taken from $config->{security}{login} as
- ban_enable: 1
- ban_expire_time: 3600 ban expire time in seconds
- max_attempts: 5
* if max_attempts set to 0, the ban functionality is disabled as it
requires to be at least 1 to work.
* upon successful login or ban, the failed attempts counter is removed
* the failed attempts counter is also removed automatically with the
expire time equals "ban_expire_time" or otherwise 3600 seconds.
* user bans are logged into panel.log
* banned user receives exactly the same return page/codes as per
invalid logic.
Change-Id: I05cc68c623ee289488fc64f1af50527004dcaae1
It was close to impossible to read ngcp-panel debug log due to:
* missing clear marker of the start reuqest processing, use '***' once only
* some personal markers (like '+++++++') have been removed as they have no
meaning for other developers. Let's remove the personal markers and work to
make the panel debug log well readable for all developers.
Change-Id: I69faff3ab2258fc156e88c7b8da0edfef14c3e6e
* the extra packing of the secret key during encode/decode
conflicts with the API v2 implementation
* move JWT "typ" from the payload to the header
Change-Id: Ica5822d810d6eaf7b3ae017f7037f25637b6f861
* on administrator login, store said variables so
we can automatically log in to v2 without having
to redirect
Change-Id: I50d79996198561c54e555d264388d26610905ca6
* The new endpoint will only accept POSTs
* The request body should have two parameters
called 'type', 'username' and 'domain'
* 'type' will accept either 'administrator',
in which case only 'username' is needed,
or 'subscriber', in which case 'username'
and 'domain' will be needed
* The regular password reset email will be sent
to either the admin or the subscriber
Change-Id: If1457c8c625a95295e5e93b6637927e3905698d9
* Introduce endopint '/resetpassword' for asking for
password reset using admin username
* Create form for introducing username
* Create url with unique token pointing to '/recoverpassword'
where admin user can introduce new password and email
said url to admin's email address
* Create form for setting new password
* Store username and unique token in Redis expiring
in 5 minutes to store password reset attempt
and identify it when user accesses url in email
* Limit admin access to be able to only change own password
due to new password reset possibility as requested in
TT#76110
Change-Id: Ie3acb961444398afa5b2fdc85e3ca8ceccf9244a
* Change the way webpassword is handled accross
NGCP Panel UI/API to comply with new password
encryption
* At login, if password is not encrypted with
high cost due to the ngcp-bcrypt-webpassword
script, encrypt it with proper cost
* Accept old password format as well until all
webpasswords are encrypted
Change-Id: Iefa9584a62ab4b7d2a224d10bdd415e9cbb8dfb5
adds gdpr obfuscation quoting for:
+ subscriber numbers
+ subscriber ip addresses
+ subscriber usernames
+ any logmessage "DATA": query parameters, form data, response data
+ subscriber uuid's
+ call id's
+ callforward sip uri's
the quoting is centralized by $c->qs() ("quote sensitive"), using
catalyst plugin mechanism.
escape symbols are set to « (\x{ab}) and » (\x{bb}).
generate_logfile_data_inventory.pl was modified to mark loglines
with "gdpr affected" status, if $c->qs() was used in a log message.
Change-Id: I0f42d7992594232ae33e5666b0a64009211c5b76
inflate/deflate DateTime for simple (complete) timestamps
considering the correct timezone at the latest possible point
in the action chains: on form-level as well as in the DataTables json output.
Change-Id: Icfe94d6d5a9ac02d9fca0f4b8d048d86cf66cffa
This patch reuses existing forms by clearing them, rather than
re-instantiating them again and again.
Also, panel start time should be better due to less package
pre-loading.
Change-Id: Ia3e64fd4b4084bb5ec35a669c5840c9fc3c58f2e
For the migration of the admin pwd, the logic is as follows:
1. If the admin has a bcrypt password already, use this
2. If not, perform auth via md5, then clear the md5 column
and write a salted bcrypt hash instead.
For dropping the ssl client cert, we simply not store anymore
the client certificate in the DB. As a result, you cannot
download the certs (pem, p12) after creation anymore, so
we immediately download the two certs in a zip file after
creation.
A cost of 13 takes 500ms on an i7-5500U CPU @ 2.40GHz, which
seems to be a reasonable value.
Change-Id: I1ce21321c58d8c57d7ddce1541995f64821b0053
by using a relative target url (without the host part) we make sure,
that when logging in as an admin we don't get redirected to a subscriber
page or vice versa. also simplifying the login controller a bit.
Change-Id: Ib9f0cdf7c687b711f8b357816e17a175efdfd1fe
Cleanup unnecessary realms.
Use roles instead of realms for authz.
HTTP basic auth for api access.
Use admin/reseller roles instead of api_admin/api_reseller.
Fix API::Root invalid_user detaching.
Use is_superuser as admin indicator.
Only show admins, no resellers (will be handled in another view/ctrl).
Allow updates without reentering password.
Hide internal fields in view.
Set sane default values.
Actually use admins table for authentication of reseller and admin.
Save pass as md5 hash (should be bcrypt at some point!)
Display proper user name in view.
Kirill Solomko
Alexander Lutay
Flaviu Mates
Andreas Granig
Rene Krenn
Gerhard Jungwirth
Irina Peshinskaya
Lars Dieckow