ngcp-panel

Commit Graph

Author	SHA1	Message	Date
Oleksandr Duts	e5dd7e5587	TT#129169 API: DELETE /api/admins/:id return wrong http 500 * Fix http code to 403 - Cannot delete own user Change-Id: I21225e112fd7e5b746381753b2e52474b6069c5c	4 years ago
Kirill Solomko	81ebdb8dcf	Revert "TT#151751 refactor persisting subscriber webpassword" This reverts commit `5e9066c4fb`. This implementation breaks: * $resource{_password}/{_webpassword} cannot be set before the form validation as they are effectively removed by it, causing /api/susbcribers returning no passwords at all for 'subscriber' roles * Having them after the patch makes no sense either as next resource_from_item call will effectively remove them again (in PATCH) Change-Id: I0e8389e8ab34ad72f1b87a684daba77f1030f8ba	4 years ago
Kirill Solomko	e95ed81ca7	TT#154500 improve admin users behaviour * admin users with is_master = 0, cannot see other admin users (this includes system users) and brings the is_master flag to the common behaviour * ccareadmin, ccare users can now access te UI Admins page as well as /api/admins but they are limited to see/manage only themselves * admin users cannot see system users (UI/API) * reseller users cannot see system/admin users (UI/API) * admin users cannot modify their own role and flags except for: email, password, can_reset_password (UI/API) * UI edit form now does not render fields that are not meant to be modified by a user (exception: "login") Change-Id: I82e1946437fd2ec4651abd24074470c695a40582	4 years ago
Rene Krenn	9a3c3cd42c	TT#153100 fix subscriber username queryparam search Change-Id: I56ca6601bb1abc38552561e0a110e875e9282a3b	4 years ago
Oleksandr Duts	9855b6ab45	TT#149461 Enhance /api/admins to accept the role data property - Optional "role" parameter is added for POST PUT PATCH. If "role" is provided then the passed flags are ignored and are applied internally by the server according to the provided role. If "role" is not provided then the former flags based approach is applied. Change-Id: Ib6e591ff6dc50122e0ec49a348153ca820fc2e03	4 years ago
Oleksandr Duts	206877a476	TT#149462 Enhance UI admins role usage - Add Role column on /administrator table - Add Role dropdown input on /administrator/:id/edit - Add Role dropdown input on /administrator/create - Implements logic to resolve flags and role id params: 1. role_id is passed(create/edit) then flags will be overrided according to the concrete role. 2. role_id is not passed(create/edit) then flags will be checked to determine role id according to the concrete flags pattern: Role \| Flags ----------- --------------------------------- system \| is_system = 1, admin \| is_superuser = 1 reseller \| is_superuser = 0 ccareadmin \| is_ccare = 1, is_superuser = 1 ccare \| is_ccare = 1, is_superuser = 0 lintercept \| lintercept = 1 Change-Id: Ia923a47f664a162d78a06efcc006f84dcd08701d	4 years ago
Rene Krenn	5e9066c4fb	TT#151751 refactor persisting subscriber webpassword a multitude of issues popped after introducing bcrypted webpasswords in the database. most recently the PATCH /api/susbcribers rail was reported to reset the webpassword unintentionally. subscriber login fails afterwards, which is a severe issue. the bugs are adressed by this refactorings. the change also introduces a global variable $NGCP::Panel::Utils::Auth::ENCRYPT_SUBSCRIBER_WEBPASSWORDS to control encrypting webpasswords. it is still enabled as of now, but it's worth to consider disabling it. there other ways to have a "cost" for an authentication request, eg. adding a simple sleep(1sec). Change-Id: I2d47d54a2d83568546ffdd2b211337a5f56be3a2	4 years ago
Oleksandr Duts	e58cb2cc39	TT#149456 Admins introduce role_id flag - role_id is taken from billing.acl_roles and written into the billing.admins table when a new admin user is created/updated via UI/API. This is the first step towards the role based admin user handling. Change-Id: I0804379cbbcab174cebbb292397a39cb3ea01a31	4 years ago
Rene Krenn	2172e50e6e	TT#147151 fix ajax rail for reseller contract selection Change-Id: Id45b15378a396d0c1d5fd8fe9d07be07b6015ae5	4 years ago
Rene Krenn	d786af1591	TT#147151 finish refactoring of avoiding JOIN billing.product follow up on TT#147151 (fast loading/paging/searching panel datatables), which broke restapi tests. Change-Id: I799cb9087b9405c71dec4c690e7a7bab5dfdbdde	4 years ago
Flaviu Mates	fe09f80224	TT#86652 Fix utf8 fax body encoding * decode utf8 on multipart/form-data request since we encode the json for this content type, and the fax body gets double encoded and ends up wrong Change-Id: I50d10879e5fe1ba99141e76d311641fcd5d568a1	4 years ago
Rene Krenn	f9ff14fab2	TT#146800 support decimal VAT rates Change-Id: I7222e012fbc6c848527f0f7a2a45c56894ae509b	4 years ago
Oleksandr Duts	ad6467561f	TT#149650 UI language handling * Change UI language workaround. Priority: 1. Parameter "lang". 2. Cookie "ngcp_panel_lang". 3. Default english - "i-default". * Add parameter "lang_save" - save the "lang" value at "ngcp_panel_lang" cookie. Change-Id: I0abc9e3ab564ba56d2e3f9b0dee47d32c27e0049	4 years ago
Oleksandr Duts	ddb7412d85	TT#134102 API language handling * Fix for language solving for API requests. Changed the sequence of language choosing: 1. Request parameter "lang" for API and UI. 2. Cookie value "ngcp_panel_lang" for UI only. 3. User agent/browser language for API and UI. Change-Id: Id5d814deead22eb7e2908fdc742b0c8474314d49	4 years ago
Rene Krenn	133bd43df4	TT#147151 fast loading/paging/searching panel datatables query refactoring an rowcount clipping for UI datatables that are slow when using millions of subscribers: contacts customers contracts subscribers billing profiles billing networks billing profile packages Change-Id: Ia50e3aa52684772548569b6908f0cbc08395a5a7	4 years ago
Oleksandr Duts	a65d00c3a8	TT#139800 Enable subscriber access to /api/autoattendants/:id * "subscriber" role can now retrieve own autoattendant data. This is needed for the CSC interface. Change-Id: Id10b302205fe458d5793ae8f7bd9201233f9a0d4	4 years ago
Oleksandr Duts	e058a15958	TT#139351 enable DELETE method in /api/invoicetemplates/:id Change-Id: I3be4c4cee36d459da03b883f38d2b6442dbc304b	4 years ago
Oleksandr Duts	8017805589	TT#124802 GET /api/admins/:id/journal - fixing * Admins with is_system and is_superuser are able to see the items for all roles. * Admin is able to see own journal. Change-Id: I3e5d459b08ff7ef218220f1ae11974351121c489	4 years ago
Rene Krenn	e73dd3ea27	TT#132650 api .csv upload for provisioningtemplates the POST /api/provicioningtemplates/<reseller>/<template> request will accept text/csv content type to provision many susbcribers at once. Change-Id: I59079ba8f2bacc0ce2b1367d2bd1a7251cf4763c	4 years ago
Kirill Solomko	e4cfb19a38	TT#139550 fix vmnotify play/delete * fix vmnotify play from the UI regression * fix vmnotify DELETE API method * fix vmnotify DELETE UI method Change-Id: Id1224eb425c75be9325b707311ed3d0ac82ef2b7	4 years ago
Rene Krenn	4c47920f2e	TT#132650 run provisioningtemplate from api provisioning templates with their dynamic forms can be executed by a entityitem POST request, ie. POST /api/provicioningtemplates/<reseller>/<template> or POST /api/provisioningtemplates/<readonly template> Change-Id: I77f6c9d42e1afdb49635d3f11e4d73bcf6269605	4 years ago
Kirill Solomko	b199ad3e1e	TT#139550 improve vmnotify behaviour * vmnotify() now accepts cli and uuid arguments * API handling of voicemails is now improved to: - send a notify if the item's INBOX/Old has been changed - correctly process DELETE to send vmnotify after the item's removal Change-Id: Ic00ae825cf091bce273e55aa37cd0a7ac80d8b0f	4 years ago
Kirill Solomko	da4278daa3	TT#145300 Adjust domains reseller_id handling * domains do not use billing.domain_resellers table anymore but instead the new domains.reseller_id field. That is to remove the unneeded many<>many relation through the additional table where the actual logic only supports one(reseller) to many(domains) relation Change-Id: I1b681543baf1901f19e10c2f6210e4cf6eeb8fbe	4 years ago
Alexander Lutay	8516d817c6	TT#141802 Add firmware 'tags' support for 'version' firmware endpoint Improve NGCP to return firmware using the 'Firmware tag' if not such 'Version' found: >> curl http://myserver.com:1445/device/autoprov/firmware/0004138aa403/version/10.12.22.1 > firmware 10.12.22.1 >> curl http://myserver.com:1445/device/autoprov/firmware/0004138aa403/version/tag1 > firmware 10.12.22.1 >> curl http://myserver.com:1445/device/autoprov/firmware/0004138aa403/version/10.32.1.0 > firmware 10.32.1.0 >> curl http://myserver.com:1445/device/autoprov/firmware/0004138aa403/version/mytag > firmware 10.32.1.0 Change-Id: Ie6a75d82887d4b9945a04e599991d8996ede00d6	4 years ago
Alexander Lutay	31d954dfa8	TT#141802 Add firmware 'tags' support for 'next' firmware endpoint Historically NGCP supported Firmware tags for endpoint 'latest' only: > http://<ngcp_fqdn>:<bootstrap_port>/device/autoprov/firmware/<mac>/from/<current_firmware_version>/latest/<tag> For example: NGCP has 7 firmwares configured for SNOM D715 with MAC 0004138aa403. For the simplicity let's call firmwares versions: 1, 2, 3, 4, 5, 6, 7. the firmwares '4' and '6' has the same tag 'mytag'. The latest firmware is firmware with id '7' and it has no tag set. The endpoint 'latest' gives access to firmware '6' only: >> curl http://myserver.com:1445/device/autoprov/firmware/0004138aa403/from/0/latest > firmware 7 >> curl http://myserver.com:1445/device/autoprov/firmware/0004138aa403/from/0/latest/mytag > firmware 6 This commit adds 'tags' support for enpoint 'next'. It allows to address the complete chain of firmwares using tags: >> curl http://myserver.com:1445/device/autoprov/firmware/0004138aa403/from/0/next > firmware 1 # the next firmware after version '0' is firmware '1' >> curl http://myserver.com:1445/device/autoprov/firmware/0004138aa403/from/0/next/mytag > firmware 4 # the next firmware after version '0' with tag 'mytag' is firmware '4' >> curl http://myserver.com:1445/device/autoprov/firmware/0004138aa403/from/2/next/mytag > firmware 4 # the same as above, the firmware after version '2' with tag 'mytag' is firmware '4' >> curl http://myserver.com:1445/device/autoprov/firmware/0004138aa403/from/4/next/mytag > firmware 6 # the next firmware after version '4' with tag 'mytag' is firmware '6' P.S. $tmp variable was not in use, removed. Also improve the 404 output for the 'tag' case. Change-Id: Ifb896e1aef7b57328ab6492236768bc15ca8cc9e	4 years ago
Flaviu Mates	9bb622a2bc	TT#117153 Improve /api/cfmappings performance * switch to 'populate' instead of using 'insert' for each destinations, sources, times, bnumbers, mappings and CF preferences * add API->check_patch_op_add_only - to check if the patch contains only "add" operations * improve /api/cfmappings, if all PATCH operations are "add" then the existing records are not fetched and not recreated, enabling very new mapping inserts Change-Id: I0b4e71565c11771026dbbc000aa57b2a613409fa	4 years ago
Rene Krenn	b6e696621b	TT#132650 /api/provisioning_templates CRUD rail the /api/provisionintemplates rail provides the operations to create, edit and delete "provisioning templates" know from the "batch provisioning" feature of admin panel. these templates can also be defined in config.yml, while it is however only possible to edit templates stored in the database. executing a template and/or uploading a .csv for bulk execution will be available in a separate part. Change-Id: If8627327270edfce5bca1be3b1f777c1bd44e90f	4 years ago
Alexander Lutay	3cc01922e7	TT#142402 Improve 'framed' session behaviour when users are using v1 and v2 in parallel The modern browsers (except Safari) supports 'Sec-Fetch-Dest': https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest In theory we can remove the current 'framed session' storage completely, but Safari will not be supported. Let's expand the current logic to provide extra protection here to backport the commit to mr9.5+. Change-Id: I9c070f77f427c81581f4d9ceeb1a57b274d77819	4 years ago
Kirill Solomko	fc8a16859f	TT#66577 use kamailo ids for sems_registrations * kamailio.sems_registrations now uses kamailio.lcr_gw.id -> peer_host_id kamailio.subscriber.id -> subscriber_id for foreign keys consistency withing the same database Change-Id: I4722729fdee07eb2a153473e85d64faa46eedca5	4 years ago
Donat Zenichev	f16a4e98de	TT#66577 Add a possibility to de-register on peering group deletion We need to de-register all subsequent peering hosts located under the peering group being deleted. Change-Id: I50bc25932e59d6b918f65c6525f2631cb9868fe4	4 years ago
Donat Zenichev	df30292c6b	TT#66577 Add support of outbound registrations for SIP peerings We need to add an improvement, which fulfills the work of the registration mechanism for SIP peerings. Not only do we add here a registration tirggering for peerings, but also a 'type' is introduced, which is mostly needed for XMLRPC commands being sent towards SEMS, to let it understand to whom the $sid is related to. Plus a list of improvements: - de-register peering host on deletion ; - de-register peering host on disable / register of peering host on enable ; Change-Id: I035dfadf6709acb4d106a70f6124f024e719044f	4 years ago
Victor Tsvetov	3cb71e4ceb	TT#130456 API Customers POST: show error if system template Throw descriptive error for attempt to create Customer with Template that does not belong to Contact’s Reseller. Cover the case when the Template belongs to System Contact (with no Reseller). Error example: 'subscriber_email_template_id' with value '1' does not belong to Reseller '1' that is assigned to Customer's Contact '1' Change-Id: Iffcef0339afc4490ecba81d4667cbb9225766af4	4 years ago
Kirill Solomko	cc10506b2e	TT#129162 fix subscriber webpassword field validation * 'webpassword' field is now also validated for invalid (non-ascii) characters * Fix multiple APP input field validation erros to comma joined. * Adjust 'webpassword' field validation errors to have better readability when there are multiple validation errors Change-Id: I21536f97a4da78cc5192a3abd8cd5adef1b819ec	5 years ago
Kirill Solomko	02f3f6b3a1	TT#133800 fix webpassword field removal * webpassword field was unconditionally deleted in API GET and DELETE methods, it now relies on resource_from_item for the common approach Change-Id: I703158fd2022b49a49470db28cb22f37e613f841	5 years ago
Kirill Solomko	c50b49db96	TT#133800 fix password fields behaviour in API * PATCH: password fields are not removed when resource is created for apply_patch(), they are removed under the same condititions later when hal is generated, that is to ensure that admin users without the 'show_passwords' flag as well as subscribers will not run into situation when they use PATCH and cannot apply it for "path": "/password" or/and "path": "/webpassword", as they were removed before apply_patch() * rework encrypted webpassword detection. webpasword is detected as encrypted if its length is 54 or 56 and it contains at least one '$' char, there is a chance for false positive detection when a user provides with a plain-text password with the same pattern but it's very unlikely, as well as since mr8.5 webpasswords are expected to be encrypted, and moreover worth case scenario is that the plain-text password will not be returned to the user Change-Id: I8ea739cbf728b2134f3ce00cee29da42ab3fb4a3	5 years ago
Flaviu Mates	b4bc1f2a71	TT#133053 Fix 500 error on /api/authtokens * fix typo 'users' to 'user' and 'role' to 'roles' which were causing the Internal Server Error Change-Id: I3cabadafe34d66a429038dcd2c5b0de797cc6ef1	5 years ago
Kirill Solomko	1cdae0b1e0	TT#125902 add Login CSC v2 support * Login CSC v2 button is shown on the subscriber's master data page if www_admin.http_csc.csc_js_enable == 1 or 2 * When the login is triggered an auth token is generated internally followed by a redirect to CSC as /?a=auth_token * move generate_auth_token() into Utils/Auth * improve generate_auth_token() arguments support * add /api/authtokens error handling Change-Id: Idd65400bf8ce6ce48979c736f6a199fb567ffaa4	5 years ago
Alexander Lutay	12c2911fe4	TT#130659 Improve path debug output in panel-debug.log It is much more usable to see the debug information as URLs: > Jul 22 08:24:53 sp1 ngcp-panel: DEBUG: * New GET request on path: / > Jul 22 08:24:53 sp1 ngcp-panel: DEBUG: * New GET request on path: /subscriber > Jul 22 08:24:53 sp1 ngcp-panel: DEBUG: * New GET request on path: /subscriber/ajax Instead of Catalyst oriented way: > Jul 22 08:24:53 sp1 ngcp-panel: DEBUG: * New GET request on path: > Jul 22 08:24:53 sp1 ngcp-panel: DEBUG: * New GET request on path: subscriber > Jul 22 08:24:53 sp1 ngcp-panel: DEBUG: * New GET request on path: subscriber/ajax Change-Id: I38699152e232c5f5aa2ef218db9bf61c692bbf33	5 years ago
Alexander Lutay	6fbf99e461	TT#130659 Improve debug log layout (common style, removing plus/star markers) It was close to impossible to read ngcp-panel debug log due to: * missing clear marker of the start reuqest processing, use '**' once only some personal markers (like '+++++++') have been removed as they have no meaning for other developers. Let's remove the personal markers and work to make the panel debug log well readable for all developers. Change-Id: I69faff3ab2258fc156e88c7b8da0edfef14c3e6e	5 years ago
Alexander Lutay	6263f167e2	TT#130659 Stop calling systemd openvpn status twice on every HTTP request The ngcp-panel<=>openvpn functionality has never been finished but on every HTTP requset ngcp-panel was asking systemd about openvpn status. Twice! From /var/log/ngcp/panel-debug.log : > Jul 19 09:36:32 sp1 ngcp-panel: DEBUG: Path: dashboard > Jul 19 09:36:32 sp1 ngcp-panel: DEBUG: systemctl list-unit-files openvpn.service > Jul 19 09:36:32 sp1 ngcp-panel: DEBUG: systemctl is-enabled openvpn@ovpn > ... > Jul 19 09:36:33 sp1 ngcp-panel: DEBUG: Path: dashboard/ajax/peering_sum > Jul 19 09:36:33 sp1 ngcp-panel: DEBUG: systemctl list-unit-files openvpn.service > Jul 19 09:36:33 sp1 ngcp-panel: DEBUG: systemctl is-enabled openvpn@ovpn > ... > Jul 19 09:36:33 sp1 ngcp-panel: DEBUG: Path: dashboard/ajax/emergency_mode > Jul 19 09:36:33 sp1 ngcp-panel: DEBUG: systemctl list-unit-files openvpn.service > Jul 19 09:36:33 sp1 ngcp-panel: DEBUG: systemctl is-enabled openvpn@ovpn It is unnecessary load, moreover for not-yet finished feature. Let's move openvpn WIP functionality into 'NGCP Support Status' page and finish it there one day. The goal of this commit is to stop DOS'ing systemd. Change-Id: I6c9ba9e1b218e58b5adffe741f4490b3729d17e7	5 years ago
Kirill Solomko	fc9c71a88e	TT#130203 unify admin and subscriber JWT tokens * /login_jwt is now the only endpoint to issue JWT tokens * JWT token admin/subscriber is provided based on the NGCP_REALM/NGCP_API_REALM fcgi env values (e.g.: https://localhost:1443/login_jwt = admin JWT token and https://localhost/login_jwt = subscriber JWT token) * Authorization: Bearer a= prefix is deprecated * Clients cannot use subscriber JWT token to access admin NGCP_API_REALM https://localhost:1443/api/... and vice-versa Change-Id: I46edf4c7aaf7bb835dc4ac6b7535aa2d6b5ac136	5 years ago
Alexander Lutay	42e63e5711	TT#130659 Remove rrd-related ngcp-panel code Change-Id: I76880ba12037f1653c4c969e442738cc7f3eb185	5 years ago
Kirill Solomko	53408c2e94	TT#130750 do not pack() jwt secret * the extra packing of the secret key during encode/decode conflicts with the API v2 implementation * move JWT "typ" from the payload to the header Change-Id: Ica5822d810d6eaf7b3ae017f7037f25637b6f861	5 years ago
Kirill Solomko	a4bf25a43d	TT#130203 add typ=JWT into the JWT payload * the 'typ' key is required for API v2 to accept the JWT Change-Id: I184a8acfeab6c66617ccaf0a46a28771f68bfa8f	5 years ago
Flaviu Mates	9b422ddabf	TT#126601 Implement /api/authtokens endpoint * the endpoint will receive "type" (expires\|onetime) and "expires" (positive integer representing seconds) * type will define the expiray method for the token; onetime: the token expires as soon as it's used, or after "expires" seconds if not used expires: the token can be used multiple times until it expires according to the "expires" param value * login_jwt endpoint for generating the JWT token for subscribers has been enhanced to accept the "token" param, containing the token generated using the /api/authtokens endpoint * admin_login_jwt endpoint for generating the JWT token for admins has been enhanced to accept the "token" param, containing the token generated using the /api/authtokens endpoint * login_jwt and amin_login_jwt will respond with 403 "Forbidden" if the token role stored in Redis does not match the role of the user that generated it * /api/authtokens is hidden from documentation for now Change-Id: I4eb76c2b08f2e24774fa84ba0ccf7412ce8670e8	5 years ago
Kirill Solomko	407490c101	TT#129162 respect framed setting for root default Change-Id: Ibced32326b213ba2d8cce90cc5d915e464b56027	5 years ago
Kirill Solomko	f4597b6ed7	TT#129162 add bcrypt password characters check Change-Id: I08723d02a7e4bc042351444b201d1f96cc986af3	5 years ago
Kirill Solomko	20e77c7b54	TT#129162 tighten user access checks * add additional centralised checks for inactive and read_only users. * use_userdata_from_session=0 now for all auth realms to cause the data re-fetched from the database, to avoid scenarios when a user is set as inactive or read_only and UI keeps using the cached data. the change only affects cookie and JWT subscriber based sessions as in all other cases, the auth data is fetched from the storage regardless. * add is_active=1 flag for the internal 'system' role, as otherwise access would be permanently denied for it. * default 403 error for denied api requests is changed to "Forbidden" instead of "Forbidden path". Change-Id: I1d6d3c765ca8e017e11845c1f5260243a3963c3b	5 years ago
Flaviu Mates	c1752e7e82	TT#128552 Add filtering by name for /api/billingprofiles Change-Id: I8b62b4b7ad4aec3d0538fb84a3b73e451fcb1db1	5 years ago
Kirill Solomko	d17c4be4a5	TT#121250 improve sip_lcr_reload and sip_domain_reload * sip_lcr_reload is now called after "commit" in all API endpoints, to correctly reflect updated DB changes. It was correct in /api/peeringrules POST but not correct in DELETE, as well as also not correct in /api/peeringservers and /api/peeringgroups * sip_domain_reload does not check if the domain is successfully reload in kamailio proxy as is logic is redundant, it fails however if domain reload XMLRPC request failed on any available proxy servers. Another reason is by default tcp_conn_wq_max in kamailio-proxy is 32KB by default and that causes an impact when domain.dump XMLRPC is used on very large domain sets (600+), as well as sip_domain_reload has improved performance with the removed XMLRPC domain.dump body parsing. Change-Id: I17c5718198b06b1ce78b2654f3d7c3bd2830f60b	5 years ago

1 2 3 4 5 ...

1811 Commits (e5dd7e558786a0a93c904d9ede27fdbc05df3893)