diff --git a/flexiapi/app/Http/Controllers/Account/AuthenticateController.php b/flexiapi/app/Http/Controllers/Account/AuthenticateController.php index 359151e..6d7a080 100644 --- a/flexiapi/app/Http/Controllers/Account/AuthenticateController.php +++ b/flexiapi/app/Http/Controllers/Account/AuthenticateController.php @@ -59,7 +59,7 @@ class AuthenticateController extends Controller foreach ($account->passwords as $password) { if (hash_equals( $password->password, - Utils::bchash($request->get('username'), config('app.sip_domain'), $request->get('password'), $password->algorithm) + Utils::bchash($request->get('username'), $account->resolvedRealm, $request->get('password'), $password->algorithm) )) { Auth::login($account); return redirect()->route('account.panel'); diff --git a/flexiapi/app/Http/Controllers/Api/Admin/AccountController.php b/flexiapi/app/Http/Controllers/Api/Admin/AccountController.php index 831b0b9..b760c7f 100644 --- a/flexiapi/app/Http/Controllers/Api/Admin/AccountController.php +++ b/flexiapi/app/Http/Controllers/Api/Admin/AccountController.php @@ -40,7 +40,7 @@ class AccountController extends Controller public function show(Request $request, $id) { - return Account::without(['passwords', 'admin'])->findOrFail($id); + return Account::without(['passwords', 'admin'])->findOrFail($id)->makeVisible(['confirmation_key']); } public function destroy(Request $request, $id) @@ -111,6 +111,6 @@ class AccountController extends Controller $password->algorithm = $request->get('algorithm'); $password->save(); - return response()->json($account); + return response()->json($account->makeVisible(['confirmation_key'])); } } diff --git a/flexiapi/app/Http/Middleware/AuthenticateDigestOrKey.php b/flexiapi/app/Http/Middleware/AuthenticateDigestOrKey.php index e6e7ffc..037520f 100644 --- a/flexiapi/app/Http/Middleware/AuthenticateDigestOrKey.php +++ b/flexiapi/app/Http/Middleware/AuthenticateDigestOrKey.php @@ -51,7 +51,8 @@ class AuthenticateDigestOrKey $from = $this->extractFromHeader($request->header('From')); list($username, $domain) = explode('@', $from); - $account = Account::where('username', $username) + $account = Account::withoutGlobalScopes() + ->where('username', $username) ->where('domain', $domain) ->firstOrFail(); diff --git a/flexiapi/tests/Feature/AccountApiTest.php b/flexiapi/tests/Feature/AccountApiTest.php index 19c10e1..0fc11f5 100644 --- a/flexiapi/tests/Feature/AccountApiTest.php +++ b/flexiapi/tests/Feature/AccountApiTest.php @@ -106,6 +106,8 @@ class AccountApiTest extends TestCase 'domain' => $domain, 'activated' => false ]); + + $this->assertFalse(empty($response1['confirmation_key'])); } public function testUsernameNoDomain() @@ -174,6 +176,8 @@ class AccountApiTest extends TestCase 'domain' => config('app.sip_domain'), 'activated' => true, ]); + + $this->assertTrue(empty($response1['confirmation_key'])); } public function testNotActivated() @@ -201,6 +205,8 @@ class AccountApiTest extends TestCase 'domain' => config('app.sip_domain'), 'activated' => false, ]); + + $this->assertFalse(empty($response1['confirmation_key'])); } public function testSimpleAccount() diff --git a/flexisip-account-manager.spec b/flexisip-account-manager.spec index 44499d5..1f8e8b0 100644 --- a/flexisip-account-manager.spec +++ b/flexisip-account-manager.spec @@ -8,7 +8,7 @@ #%define _datadir %{_datarootdir} #%define _docdir %{_datadir}/doc -%define build_number 49 +%define build_number 50 %define var_dir /var/opt/belledonne-communications %define opt_dir /opt/belledonne-communications/share/flexisip-account-manager %define env_file "$RPM_BUILD_ROOT/etc/flexisip-account-manager/flexiapi.env"