* The succesful password recovering redirects to https://<host>/ which is translated to /#/login on CSC page.
Change-Id: If4e7ae510396e3852319c7e5c9d4915fdd214e95
* Contract default sound set - subscriber propagation for cases:
- New customer sound set is created as default.
- Customer sound set is changed to default.
- New subscriber creation - setting contract default sound set id.
* The mentioned cases were implemented for both UI and API.
Change-Id: Ia4733c972ae388d3457d0336e3f85b85eec6e9a2
* /login_jwt now accepts "jwt" key with an existing valid JWT as the
value
* upon successful authentication with the token a new token with
prolonged expiration time is issued for the authenticated user
and returned in the JSON response
* add "expires" value in the JSON response that contains a timestamp
integer when the issued token expires
* fix encode_json() calls formatting
* most of JWT related error messages are now appear in the log as INFO
instead of ERROR as they are not related to the system errors
Change-Id: Ie8e04534c8819dc756b3c64ebc4432ce442a1d31
* 'location' field is now optional, if not filled it it will always
default to an empty string instead of null. This is required for the
new mode 'forward' that has no use for this field. If the field
is empty in any other mode like 'add' or 'replace', the entry
will be skiped by the logic.
Change-Id: Ia964c3bb272c9772c51b836ac2418ee4cd7b7f42
WHAT: This fix allows the options: (a) Voicemail greeting "temp", and (b) Voicemail greeting "greet" to be displayed within Subscriber Preferences -> "Voicemail and Voicebox" on Admin Panel (Perl-based). Hence, an Admin can load 'greet' and 'temp' prompts via Admin Panel, similarly as 'unavail' and 'busy' options.
WHY: 'greet' and 'temp' options were added to be managed via API, but they were not available on Admin Panel.
Change-Id: Ie2d18f4d9a8e8369f3bbcb8593848ce6ee4b7d32
* Fetch recording_metakeys caller/callee for the certain record id(call).
* Add caller/callee fields to the resource and form.
* Frefetching recording_metakeys for the call recording.
Change-Id: I767ea32e19edfd7cbbc74956200343f680fdb2b4
this fix addresses regression reported by dominik:
* $resource{_password}/{_webpassword} cannot be set before the
form validation as they are effectively removed by it,
causing /api/susbcribers returning no passwords at
all for 'subscriber' roles
* Having them after the patch makes no sense either as next
resource_from_item call will effectively remove them again (in PATCH)
(cherry picked from commit 5e9066c4fb)
Change-Id: I88c9ec40843f1e9a6983952b96c0b0e70fbb1bb1
* An attempt to change own role, login, flags
(except for can_reset_password) now returns
403 Forbidden, User cannot modify own permissions
* POST checks if the admin has necessarry permissions
to create another admin
* PUT/PATCH changing own role is now forbidden
* PUT/PATCH changing other's admin role now checks permissions
* DELETE checks role permissions
Change-Id: I990609985ae9cab6213cf47f5f5c8afba2efdda3
This reverts commit 5e9066c4fb.
This implementation breaks:
* $resource{_password}/{_webpassword} cannot be set before the
form validation as they are effectively removed by it,
causing /api/susbcribers returning no passwords at
all for 'subscriber' roles
* Having them after the patch makes no sense either as next
resource_from_item call will effectively remove them again (in PATCH)
Change-Id: I0e8389e8ab34ad72f1b87a684daba77f1030f8ba
* admin users with is_master = 0, cannot see other admin users
(this includes system users) and brings the is_master flag
to the common behaviour
* ccareadmin, ccare users can now access te UI Admins page
as well as /api/admins but they are limited to see/manage
only themselves
* admin users cannot see system users (UI/API)
* reseller users cannot see system/admin users (UI/API)
* admin users cannot modify their own role and flags except for:
email, password, can_reset_password (UI/API)
* UI edit form now does not render fields that are not meant to be
modified by a user (exception: "login")
Change-Id: I82e1946437fd2ec4651abd24074470c695a40582
- Optional "role" parameter is added for POST PUT PATCH.
If "role" is provided then the passed flags are ignored and are applied internally by the server according to the provided role.
If "role" is not provided then the former flags based approach is applied.
Change-Id: Ib6e591ff6dc50122e0ec49a348153ca820fc2e03
- Add Role column on /administrator table
- Add Role dropdown input on /administrator/:id/edit
- Add Role dropdown input on /administrator/create
- Implements logic to resolve flags and role id params:
1. role_id is passed(create/edit) then flags will be overrided according to the concrete role.
2. role_id is not passed(create/edit) then flags will be checked to determine role id according to the concrete flags pattern:
Role | Flags
----------- ---------------------------------
system | is_system = 1,
admin | is_superuser = 1
reseller | is_superuser = 0
ccareadmin | is_ccare = 1, is_superuser = 1
ccare | is_ccare = 1, is_superuser = 0
lintercept | lintercept = 1
Change-Id: Ia923a47f664a162d78a06efcc006f84dcd08701d
a multitude of issues popped after introducing bcrypted
webpasswords in the database. most recently the PATCH /api/susbcribers
rail was reported to reset the webpassword unintentionally.
subscriber login fails afterwards, which is a severe issue.
the bugs are adressed by this refactorings. the change also
introduces a global variable
$NGCP::Panel::Utils::Auth::ENCRYPT_SUBSCRIBER_WEBPASSWORDS
to control encrypting webpasswords. it is still enabled as of now,
but it's worth to consider disabling it. there other ways to have
a "cost" for an authentication request, eg. adding a simple
sleep(1sec).
Change-Id: I2d47d54a2d83568546ffdd2b211337a5f56be3a2
- role_id is taken from billing.acl_roles and written into the billing.admins table when a new admin user is created/updated via UI/API. This is the first step towards the role based admin user handling.
Change-Id: I0804379cbbcab174cebbb292397a39cb3ea01a31
follow up on TT#147151 (fast loading/paging/searching panel
datatables), which broke restapi tests.
Change-Id: I799cb9087b9405c71dec4c690e7a7bab5dfdbdde
* decode utf8 on multipart/form-data request
since we encode the json for this content
type, and the fax body gets double encoded
and ends up wrong
Change-Id: I50d10879e5fe1ba99141e76d311641fcd5d568a1
* Fix for language solving for API requests. Changed the sequence of language choosing:
1. Request parameter "lang" for API and UI.
2. Cookie value "ngcp_panel_lang" for UI only.
3. User agent/browser language for API and UI.
Change-Id: Id5d814deead22eb7e2908fdc742b0c8474314d49
query refactoring an rowcount clipping for UI datatables
that are slow when using millions of subscribers:
contacts
customers
contracts
subscribers
billing profiles
billing networks
billing profile packages
Change-Id: Ia50e3aa52684772548569b6908f0cbc08395a5a7
* "subscriber" role can now retrieve own autoattendant data. This is needed for the CSC interface.
Change-Id: Id10b302205fe458d5793ae8f7bd9201233f9a0d4
* Admins with is_system and is_superuser are able to see the items for all roles.
* Admin is able to see own journal.
Change-Id: I3e5d459b08ff7ef218220f1ae11974351121c489
the POST /api/provicioningtemplates/<reseller>/<template>
request will accept text/csv content type to provision
many susbcribers at once.
Change-Id: I59079ba8f2bacc0ce2b1367d2bd1a7251cf4763c
provisioning templates with their dynamic forms
can be executed by a entityitem POST request, ie.
POST /api/provicioningtemplates/<reseller>/<template>
or
POST /api/provisioningtemplates/<readonly template>
Change-Id: I77f6c9d42e1afdb49635d3f11e4d73bcf6269605
* vmnotify() now accepts cli and uuid arguments
* API handling of voicemails is now improved to:
- send a notify if the item's INBOX/Old has been changed
- correctly process DELETE to send vmnotify after the
item's removal
Change-Id: Ic00ae825cf091bce273e55aa37cd0a7ac80d8b0f
* domains do not use billing.domain_resellers table anymore
but instead the new domains.reseller_id field. That is
to remove the unneeded many<>many relation through the
additional table where the actual logic only supports
one(reseller) to many(domains) relation
Change-Id: I1b681543baf1901f19e10c2f6210e4cf6eeb8fbe
* switch to 'populate' instead of using
'insert' for each destinations, sources,
times, bnumbers, mappings and CF preferences
* add API->check_patch_op_add_only - to check if
the patch contains only "add" operations
* improve /api/cfmappings, if all PATCH operations
are "add" then the existing records are not
fetched and not recreated, enabling very new mapping
inserts
Change-Id: I0b4e71565c11771026dbbc000aa57b2a613409fa
the /api/provisionintemplates rail provides the
operations to create, edit and delete "provisioning
templates" know from the "batch provisioning" feature
of admin panel.
these templates can also be defined in config.yml,
while it is however only possible to edit templates
stored in the database.
executing a template and/or uploading a .csv for bulk
execution will be available in a separate part.
Change-Id: If8627327270edfce5bca1be3b1f777c1bd44e90f
The modern browsers (except Safari) supports 'Sec-Fetch-Dest':
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest
In theory we can remove the current 'framed session' storage completely,
but Safari will not be supported. Let's expand the current logic to provide
extra protection here to backport the commit to mr9.5+.
Change-Id: I9c070f77f427c81581f4d9ceeb1a57b274d77819
* kamailio.sems_registrations now uses
kamailio.lcr_gw.id -> peer_host_id
kamailio.subscriber.id -> subscriber_id
for foreign keys consistency withing the same database
Change-Id: I4722729fdee07eb2a153473e85d64faa46eedca5
We need to de-register all subsequent peering hosts located under
the peering group being deleted.
Change-Id: I50bc25932e59d6b918f65c6525f2631cb9868fe4
We need to add an improvement, which fulfills the work of the
registration mechanism for SIP peerings.
Not only do we add here a registration tirggering for peerings,
but also a 'type' is introduced, which is mostly needed for XMLRPC
commands being sent towards SEMS, to let it understand to whom the $sid is related to.
Plus a list of improvements:
- de-register peering host on deletion ;
- de-register peering host on disable / register of peering host on enable ;
Change-Id: I035dfadf6709acb4d106a70f6124f024e719044f
Throw descriptive error for attempt to create Customer with Template
that does not belong to Contact’s Reseller. Cover the case when the
Template belongs to System Contact (with no Reseller).
Error example:
'subscriber_email_template_id' with value '1' does not belong to
Reseller '1' that is assigned to Customer's Contact '1'
Change-Id: Iffcef0339afc4490ecba81d4667cbb9225766af4
* 'webpassword' field is now also validated for invalid
(non-ascii) characters
* Fix multiple APP input field validation erros to comma joined.
* Adjust 'webpassword' field validation errors to have better
readability when there are multiple validation errors
Change-Id: I21536f97a4da78cc5192a3abd8cd5adef1b819ec
* webpassword field was unconditionally deleted
in API GET and DELETE methods, it now relies
on resource_from_item for the common approach
Change-Id: I703158fd2022b49a49470db28cb22f37e613f841
* PATCH: password fields are not removed when
resource is created for apply_patch(), they
are removed under the same condititions later
when hal is generated, that is to ensure that
admin users without the 'show_passwords' flag
as well as subscribers will not run into situation
when they use PATCH and cannot apply it for
"path": "/password" or/and "path": "/webpassword",
as they were removed before apply_patch()
* rework encrypted webpassword detection.
webpasword is detected as encrypted if its length
is 54 or 56 and it contains at least one '$' char,
there is a chance for false positive detection when
a user provides with a plain-text password with the
same pattern but it's very unlikely, as well as
since mr8.5 webpasswords are expected to be encrypted,
and moreover worth case scenario is that the
plain-text password will not be returned to the user
Change-Id: I8ea739cbf728b2134f3ce00cee29da42ab3fb4a3
* Login CSC v2 button is shown on the subscriber's master
data page if www_admin.http_csc.csc_js_enable == 1 or 2
* When the login is triggered an auth token
is generated internally followed by a redirect to
CSC as /?a=auth_token
* move generate_auth_token() into Utils/Auth
* improve generate_auth_token() arguments support
* add /api/authtokens error handling
Change-Id: Idd65400bf8ce6ce48979c736f6a199fb567ffaa4
It is much more usable to see the debug information as URLs:
> Jul 22 08:24:53 sp1 ngcp-panel: DEBUG: *** New GET request on path: /
> Jul 22 08:24:53 sp1 ngcp-panel: DEBUG: *** New GET request on path: /subscriber
> Jul 22 08:24:53 sp1 ngcp-panel: DEBUG: *** New GET request on path: /subscriber/ajax
Instead of Catalyst oriented way:
> Jul 22 08:24:53 sp1 ngcp-panel: DEBUG: *** New GET request on path:
> Jul 22 08:24:53 sp1 ngcp-panel: DEBUG: *** New GET request on path: subscriber
> Jul 22 08:24:53 sp1 ngcp-panel: DEBUG: *** New GET request on path: subscriber/ajax
Change-Id: I38699152e232c5f5aa2ef218db9bf61c692bbf33
It was close to impossible to read ngcp-panel debug log due to:
* missing clear marker of the start reuqest processing, use '***' once only
* some personal markers (like '+++++++') have been removed as they have no
meaning for other developers. Let's remove the personal markers and work to
make the panel debug log well readable for all developers.
Change-Id: I69faff3ab2258fc156e88c7b8da0edfef14c3e6e
* /login_jwt is now the only endpoint to issue JWT tokens
* JWT token admin/subscriber is provided based on the
NGCP_REALM/NGCP_API_REALM fcgi env values
(e.g.: https://localhost:1443/login_jwt = admin JWT token and
https://localhost/login_jwt = subscriber JWT token)
* Authorization: Bearer a= prefix is deprecated
* Clients cannot use subscriber JWT token to access admin
NGCP_API_REALM https://localhost:1443/api/...
and vice-versa
Change-Id: I46edf4c7aaf7bb835dc4ac6b7535aa2d6b5ac136
* the extra packing of the secret key during encode/decode
conflicts with the API v2 implementation
* move JWT "typ" from the payload to the header
Change-Id: Ica5822d810d6eaf7b3ae017f7037f25637b6f861
* the endpoint will receive "type" (expires|onetime)
and "expires" (positive integer representing seconds)
* type will define the expiray method for the token;
onetime: the token expires as soon as it's used, or
after "expires" seconds if not used
expires: the token can be used multiple times until
it expires according to the "expires" param value
* login_jwt endpoint for generating the JWT token for
subscribers has been enhanced to accept the "token"
param, containing the token generated using the
/api/authtokens endpoint
* admin_login_jwt endpoint for generating the JWT token
for admins has been enhanced to accept the "token"
param, containing the token generated using the
/api/authtokens endpoint
* login_jwt and amin_login_jwt will respond with 403
"Forbidden" if the token role stored in Redis does
not match the role of the user that generated it
* /api/authtokens is hidden from documentation for now
Change-Id: I4eb76c2b08f2e24774fa84ba0ccf7412ce8670e8
* add additional centralised checks for inactive and read_only users.
* use_userdata_from_session=0 now for all auth realms to cause the data
re-fetched from the database, to avoid scenarios when a user is set
as inactive or read_only and UI keeps using the cached data.
the change only affects cookie and JWT subscriber based sessions
as in all other cases, the auth data is fetched from the storage regardless.
* add is_active=1 flag for the internal 'system' role, as otherwise
access would be permanently denied for it.
* default 403 error for denied api requests is changed to "Forbidden"
instead of "Forbidden path".
Change-Id: I1d6d3c765ca8e017e11845c1f5260243a3963c3b
* sip_lcr_reload is now called after "commit" in all API endpoints,
to correctly reflect updated DB changes. It was correct in
/api/peeringrules POST but not correct in DELETE, as well as
also not correct in /api/peeringservers and /api/peeringgroups
* sip_domain_reload does not check if the domain is successfully
reload in kamailio proxy as is logic is redundant, it fails
however if domain reload XMLRPC request failed on any available
proxy servers. Another reason is by default tcp_conn_wq_max
in kamailio-proxy is 32KB by default and that causes an impact
when domain.dump XMLRPC is used on very large domain sets (600+),
as well as sip_domain_reload has improved performance with the removed
XMLRPC domain.dump body parsing.
Change-Id: I17c5718198b06b1ce78b2654f3d7c3bd2830f60b
* xmlrpc lcr.reload request is now sent after the transaction
is committed, otherwise the reload operation is performed without
the newly added changes in the peering rules
Change-Id: I728605a8d277b00d02a3f864c84f172306f7b090
* upon pressing the button, a new session object
with selected subscriber's details will be inserted
in Redis, and also a new ngcp-panel_subscriber
cookie will be created containing the session id
of the previously created session object; then
the user will be redirected to CSC v1 address
where the selected subscriber will be authenticated
based on the cookie and Redis info
* the new button will be available for admin,
reseller, ccare and ccareadmin roles
Change-Id: I03952efe4abe18e61884859c466d700a7885ead4
* /api/platforminfo does not have its own endpoint file
and therefore, does not appear in the rendered documentation.
it only supports GET method and renders the template file.
the endpoint is designed to provide with the prerendered JSON
data containing the current platform configuration.
* /api/platforminfo supports both authenticated and anonymous
requests, where based on that, the template provides with
the corresponding info withing the current scope.
Change-Id: Idc8138595eda2c14e7f8dc7ed97cc50039fd1adc
* the new filter params works as follows:
* if start_time is provided, recordings
with start time greater than provided value
are displayed
* if end_time is provided, recordings
with end time less than provided value
are displayed
Change-Id: Ie9cfb88141506581e2b724d4502b88091f9c7a02
* Replace wrong usage of 'reseller_id' filter
for missed templates resultsedl use 'id'
instead, because the query is made directly
on resellers table
Change-Id: I85bdcda79168979c8b1bb0503ab7bba91c5f8a78
* give access to subscribers roles to see,
create and update own registrations
* subscriberadmins can manage all registrations
of subscribers under same customer
Change-Id: I643121da901b0ed99fc718106a1632da4e1e1936
The fix has been created by Gerhard Jungwirth three years ago for
branch 'mr5.5' and was not merged into branch 'master'.
It is a follow up master commit to address customer ticket TT#82306.
The cherry-pick has been done AS IS, with one small trivial resolution:
> + my $is_pbx_customer = $c->stash->{billing_mapping}->product->class eq "pbxaccount";
> my $base_number;
>
> ++<<<<<<< HEAD
> + if($subscriber->contract->product->class eq "pbxaccount") {
> ++=======
> + if($is_pbx_customer) {
> ++>>>>>>> 239d4a385... TT#44168 create additional form for subadmin non-pbx subscriber edit
Change-Id: Ie242c4ad44fc21319cdaa29dcca423fe241aab20
(cherry picked from commit 239d4a3859)
* it's now possible to filter reselelers by their status
(active, terminated), the default return of all resellers
has not changed.
Change-Id: I6e1f2b6745ac6c3c4a012fe261ee5db810084be3
If user is typing URL directly in the browser window,
the request has no 'referer' header and we should reset the 'framed'
session state to prevent corrupted 'framed=1' output which confuses
endusers a lot.
Change-Id: I8f381daec80dfd95fab6ecbaecfa66438f5d53f0
* PeeringRules.pm is back to the old model for
consistency and to be backward compatible
* it contains the duplicate check fix
Change-Id: I2253f0e740bea7115efb7d1f072ec73498f20040
* PeeeringRules.pm now uses the Entities approach
for fine transaction control that fixes the POST operations
Change-Id: Ieb666d3009393404e04171966adc0912f55a8a4f
* in mRender (custom_renderers), "data" variable is
a string, therefore data.escapeHtml could not be used
* add new function argument "opt", where it is a dedicated hash
containing custom passable options, so it now looks as
function(data, type, full, opt)
* adapted the existing code to include/use the new argument where
applicable
Change-Id: I4957eece3b2d0f6359cbc8f36caf5a350d7bad95
* deleting a registration would fail when the domain
of the registrations would not exist due to the
fact that multidomain is not enabled
Change-Id: If512c0c9ce6c8f7a72deaa5b6a8ebe6737404f2a
* change 'call' to 'me.call' to avoid ambigous
usage in SQL query, since 'call' is a column
in other joined tables
Change-Id: I3fb52aa7c42687b6be377e51f50779dd92f61ebe
* Add handling of mysql duplicate billingprofile errors
for reseller_id-handle and reseller_id-name combinations
Change-Id: Ife81d723f4208202311ca8cf3c3a12e7bf4827a2
* it will return user's username, role
and a structure where information about
the user's permitted operations on all
api endpoints and permitted operations
on the fields of that entity can be found
Change-Id: I11d2f5b60d24ca7b70ffc6dcf8ea94f9a3a221d1
* add color pickers and store the hex code of the colors
inside the branding table in panel UI
* implement /api/resellerbrandings endpoint, where all things
related to reseller branding can be managed; the branding
logo will still be retrieved using /api/resellerrandinglogos
Change-Id: Ib7ed364811acf67ffd62252d9799a0af8b91e9bc
* Create upload and content type form fields for 'blob'
type preferences
* Implement blob preference upload/download to database
* Show blob content in read only text area if content
is text
Change-Id: Ic4b800f84324eab0aadbf8eeb55c03c770ecc94f
* Add subscriber roles to MailToFaxSettingsItem
and allow them to only access their settings
* Don't return the 'active' field on subsciber
requests; instead, return 403 if mail2fax is
not active
Change-Id: I773df0c21fcba29f9e7b5172160178ff99482964
* create /api/resellerbrandinglogos/ endpoint
which will return the reseller's branding logo
* the endpoint can be used directly with /{reseller_id}
or with /?subscriber_id={subscriber_id} to get
the logo of subscriber's customer contact reseller
Change-Id: I5db19e208ae21cf7c685d46aa77b5032c26554de
* Filtering by subscriber properties introduced a join
which confused the use of 'profile_id' for devices
Change-Id: I5e8fbdc0a83076b95183dbdb757921c8112e9e00
* Due to DB unique name constraint, enpoint was
returning 500 on duplicate source sets
* Proper 422 is now returned
Change-Id: I883fbe71aa77364645467941206ea6b272523c03
* Limit subscriber's extension to a predefined
customer extension range preference (both AP and api)
Change-Id: I0b6ac5c24b3838f07cc561e7ee6b7cfabe69385e
* Registration entries are now removed by
registration username + registration domain
instead of subscriber username + subscriber domain.
That is to account registrations by the device.
Change-Id: I86a0d97fabc2dcd0eda6042a018ed35f64c3f031
* When a customer is terminated all != terminated
subscribers are set to terminated using the common
Utils::Subscriber::terminate() call, so it's on
par when each subscriber is selectively terminated.
Change-Id: I77394804194ecdb352560047cc8d5b26e3eabc53
* Enable filtering by subscriber's pbx_extension
and display_name with wildcard at the end of string
Change-Id: Ibaee1eddf760be44d11f2df5a9dbc544fe35495c
*Introduce pagination in redis scanning; previously
all the registrations where dumped in an array and
then spliced by page/rows; this was causing huge
loading time for big redis DB's hence the timeout
Change-Id: I1409c48b520d8d860cd8c11aea1a543286aa0334
suppress executing "ul.flush" kamailio xmlrpc after
"ul.add" or "ul.rm", as it seems to be another source of timeouts.
Change-Id: I8faf907c4cbfd6adbe3e3645f5c32069df2eb999
* Access was restricted only for emergency containers
* Added user's reseller_id to DB query to only show
mappings from the same reseller for reseller admins
Change-Id: Ia5fe29e74fe71dbfa5dbc58088fae86a75ac6acc
* This fixes showing the framed v1 Admin Panel when
logging out from v2 and then switching to v1 and
logging back in from there
Change-Id: Idde09409f750f37dfc943c06baaa6a918f0624d3
Model is necessary inside the device configuration template
to provide the necessary flexibility inside the general template
for the several devices if the difference is minor.
For example, SNOM devices configs are perfectly matches
inside the one template for all the models, but firmware
URLs to download new firmware from SNOM SRAPS server are different.
In the past we had to create a different templates in this case,
now we can create a simple tt2 statement:
[% IF phone.model == "D715" -%]
<firmware perm="">https://....</firmware>
[% ELSE; -%]
...
Change-Id: I3cbeb57009f944902cf148e8d491a30235620551
* Request was failing with /?page=1&rows=10
because query params was an empty array
containing an empty hash; it should be
empty array only.
Change-Id: I69717ab589c78ebb27c4cc4825b78f6900800eaf
* on administrator login, store said variables so
we can automatically log in to v2 without having
to redirect
Change-Id: I50d79996198561c54e555d264388d26610905ca6
* The new endpoint will only accept POSTs
* The request body should have two parameters
called 'new_password' and 'token'
* First, look for the token in redis (for admins),
if not found, look for it in DB (for subscribers),
if neither is found, return
Change-Id: I4163a0d5bd886961317b21aeca20c8ccfdeab0dd
* this is needed in order to prevent error when
requesting api documentation
* add 'type' and 'domain' to field list in form
to show up in api documentation
Change-Id: I210ce214523a2c27f84098e630cbfeb5de227848
* The new endpoint will only accept POSTs
* The request body should have two parameters
called 'type', 'username' and 'domain'
* 'type' will accept either 'administrator',
in which case only 'username' is needed,
or 'subscriber', in which case 'username'
and 'domain' will be needed
* The regular password reset email will be sent
to either the admin or the subscriber
Change-Id: If1457c8c625a95295e5e93b6637927e3905698d9
* the GET request will show whether an admin
has or has not a certificate
* the DELETE request will remove an admin's
certificate
Change-Id: I2b233a76a4436a4d3a95749410e74aabd9fca531
* this endpoint will be used to logout from v1
automatically when logging out of v2
* allow unauthenticated acces to it
Change-Id: Ia40cb624f618ef0b0cada8f22dc2cc68f234af53
* Param 'number' is renamed to 'numbers'
* 'numbers' can be a single value like
it is currently used, or an array which
will result in all array elements having
the sub's rewriterule applied and returned
in the same order
Change-Id: Ic24179d2ecbec80cebd23e5af751df0ebbcc7141
* Admin with lawful intercept will no longer be able
to have any flags besides 'is_active', 'read_only',
'can_reset_password'
* Remove reseller filter on interceptions since LI
admins should see all interceptions
* Add permissions to /api/admincerts and reseller ajax
for LI admins
Change-Id: Id912424b9bbd3ab3cbbc373ac116fda035f81fd3
* The endpoint generates a jwt token and stores it in
Redis, then redirects to /v2/#/?v1_auth={token}
* Also added an id in DOM to indentify the Panel V1 login page
Change-Id: I307a3f457f88bbba04bb7735d60fa51bdc5d0438
* own_transaction_control is enabled for PUT method let the
changes be visible for dialplan.reload
Change-Id: Ie3f6d02e38fe769547b19053877db8b2c6d5aed7
* if there are no more *enabled* CFT left after editing
callforwards (simple/advanced) or if CFT is deleted,
the ringtimeout has to be removed.
Change-Id: Icfa2fb1db281a5a5b4b2edce28ad7b0d69ddf47c
* LI admins wil only be visible to the is_system
administrator.
* It's not possible for an andmin to be both ccare
and LI at the same time
* LI admins can only read/modify themselves
* Non-system admins cannot create/read/modify LI admins
Change-Id: I7b2189a87a5433d270380393d8e5ffec0283d9e5
* new c.users.role 'lintercept', that set to when an admin user has
enabled 'lawful_intercept' flag
* only Administrator page /api/admins and /api/interceptions are available for
the role
* 'lintercept' role can only see own user and only change password
and email
Change-Id: Iadcb022a124afbd77b224e734026f380af0170e8
* Allow ccareadmin access to reseller ajax;
it is needed when ccareadmins create a
customer contact
Change-Id: I5fff19ed8b19cfa3d1118a574455e136aa240236
This reverts commit ec674132df.
Reason for revert: Feature was partially backported and lawful intercept admins were deleted from databse. Feature needs redesign.
Change-Id: I500e66f3bd3b4a0c29fa05e1113568d3776eacf9
* LI Admins are no longer visible in NGCP Panel;
they will be managed via config.yml; creation,
deletion, email update ar all handled when
adding/removing/updating a LI admin in config.yml
* LI Admins can only change their password and
email via Panel UI and API
Change-Id: Idec849e52962b2d5c4cb2a4365cf8c90414c0431
* Introduce endopint '/resetpassword' for asking for
password reset using admin username
* Create form for introducing username
* Create url with unique token pointing to '/recoverpassword'
where admin user can introduce new password and email
said url to admin's email address
* Create form for setting new password
* Store username and unique token in Redis expiring
in 5 minutes to store password reset attempt
and identify it when user accesses url in email
* Limit admin access to be able to only change own password
due to new password reset possibility as requested in
TT#76110
Change-Id: Ie3acb961444398afa5b2fdc85e3ca8ceccf9244a
* there is a catch when changing the admin password;
first of all, according to TT#76110 only own admin
users can change the password via PUT/PATCH;
secondly, inside the code, for PATCH to work we need
a dummy 'password' key on the old resource which has
been set to the saltedpass; when updating the admin,
if the password is still equal to saltedpass, no change
is made to the password
Change-Id: I423ebe13988c58b527db65d666f09b73a483422d
* Remove headers, menu, site title and footer if
parameter 'framed' is sent
* Persist 'framed' in the session once it's sent
and only restore header/footer once 'framed' is
sent again with the value 0
Change-Id: Ie1dcc698b901ea3c659a05391ffcdc882113ef13
- persist prov tmeplates in the database: create, update
and permanently remove them again.
- prov templates from config.yml are still supported,
but cannot be edited though. the templates from
config.yml are merged with those from the db.
- each reseller can have their own prov templates,
while the prov templates from config.yml are visible
to all.
- YAML syntax highlighting and parse check when saving.
Scripting language (perl/javascript) is currently parsed
when executing a provisioning templates only. It is
possible to further extend the parsing checks.
- the prov template "name" + reseller is the unique
identifier. relevant also for the command line tool.
Change-Id: I58d7c54fa82fe512b263b3219bfc84d7e49c56a8
* add admin_jwt realm
* admin JWT tokens are now used to access all non /api
content
Change-Id: I711d6419f0b624b02b53876a8c9171ab638b5d09
(cherry picked from commit dc4d9ec84b5b1199f17631e9e1f9a39ab1996807)
Oleksandr Duts
Rene Krenn
Kirill Solomko
Javier Rodriguez
Michael Prokop
Flaviu Mates
Alexander Lutay
Donat Zenichev
Victor Tsvetov
Gerhard Jungwirth
Hans-Peter Herzog
Marco Capetta