From 572254befb5fdf3bfcd391e3e2a16f3570215b53 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Jaussoin?= Date: Wed, 8 Sep 2021 16:23:47 +0200 Subject: [PATCH] Complete README to add selinux rule about sendmail Complete README to add tombstone clearning command documentation Add a few logs when handling accounts as an admin in the web panel and the API Bump package number --- flexiapi/.env.example | 3 +++ flexiapi/README.md | 16 ++++++++++++++-- .../Controllers/Account/RegisterController.php | 1 - .../Controllers/Admin/AccountController.php | 17 +++++++++++++++++ .../Controllers/Api/Admin/AccountController.php | 6 ++++++ flexisip-account-manager.spec | 2 +- 6 files changed, 41 insertions(+), 4 deletions(-) diff --git a/flexiapi/.env.example b/flexiapi/.env.example index 69bca0b..d05e3a8 100644 --- a/flexiapi/.env.example +++ b/flexiapi/.env.example @@ -34,6 +34,7 @@ PRIVACY_POLICY_URL= # A URL pointing to the Privacy Policy LOG_CHANNEL=stack # External FlexiSIP database +# Ensure that you have the proper SELinux configuration to allow database connections, see the README DB_DRIVER=mysql DB_HOST=127.0.0.1 DB_PORT=3306 @@ -42,6 +43,7 @@ DB_USERNAME=flexisip DB_PASSWORD=flexisip # Logs +# Ensure that you have the proper SELinux configuration to write in the storage directory, see the README BROADCAST_DRIVER=log CACHE_DRIVER=file QUEUE_CONNECTION=sync @@ -49,6 +51,7 @@ SESSION_DRIVER=cookie SESSION_LIFETIME=120 # SMTP and emails +# Ensure that you have the proper SELinux configuration to allow emails sending, see the README MAIL_DRIVER= MAIL_HOST= MAIL_PORT=2525 diff --git a/flexiapi/README.md b/flexiapi/README.md index eaa91ba..c4a8e25 100644 --- a/flexiapi/README.md +++ b/flexiapi/README.md @@ -107,8 +107,12 @@ Allow the webserver user to write in the `storage/` directory: If your database is located on a remote machine, you should also allow your webserver user to connect to remote hosts: semanage port -a -t http_port_t -p tcp 3306 // Open remote connections on the MySQL port for example - setsebool httpd_can_network_connect 1 // Allow remote network connected - setsebool httpd_can_network_connect_db 1 // Allow remote database connection + setsebool -P httpd_can_network_connect 1 // Allow remote network connected + setsebool -P httpd_can_network_connect_db 1 // Allow remote database connection + +If you are planning to send emails using your account manager: + + setsebool -P httpd_can_sendmail 1 // Allow email to be sent ## Usage @@ -143,6 +147,14 @@ This request will remove the accounts that were not confirmed after `x days`. In The base request will not delete the related accounts by default. You need to add `--apply` to remove them. +### Remove deleted accounts tombstones + +This request will remove the deleted accounts tombstones created after `x days`. + + php artisan accounts:clear-accounts-tombstones {days} {--apply} + +The base request will not delete the related tombstones by default. You need to add `--apply` to remove them. + ### Set an account admin This command will set the admin role to any available Flexisip account (the external Flexisip database need to be configured beforehand). You need to use the account DB id as a parameter in this command. diff --git a/flexiapi/app/Http/Controllers/Account/RegisterController.php b/flexiapi/app/Http/Controllers/Account/RegisterController.php index 0c0bf49..a9ef57c 100644 --- a/flexiapi/app/Http/Controllers/Account/RegisterController.php +++ b/flexiapi/app/Http/Controllers/Account/RegisterController.php @@ -28,7 +28,6 @@ use Illuminate\Validation\Rule; use Carbon\Carbon; use App\Account; -use App\AccountTombstone; use App\Alias; use App\Rules\WithoutSpaces; use App\Helpers\Utils; diff --git a/flexiapi/app/Http/Controllers/Admin/AccountController.php b/flexiapi/app/Http/Controllers/Admin/AccountController.php index 0ed8bcb..a89fa27 100644 --- a/flexiapi/app/Http/Controllers/Admin/AccountController.php +++ b/flexiapi/app/Http/Controllers/Admin/AccountController.php @@ -22,6 +22,7 @@ namespace App\Http\Controllers\Admin; use App\Http\Controllers\Controller; use Illuminate\Http\Request; use Illuminate\Support\Str; +use Illuminate\Support\Facades\Log; use Carbon\Carbon; use App\Account; @@ -75,6 +76,8 @@ class AccountController extends Controller $this->fillPassword($request, $account); $this->fillPhone($request, $account); + Log::channel('events')->info('Web Admin: Account created', ['id' => $account->identifier]); + return redirect()->route('admin.account.show', $account->id); } @@ -95,6 +98,8 @@ class AccountController extends Controller $this->fillPassword($request, $account); $this->fillPhone($request, $account); + Log::channel('events')->info('Web Admin: Account updated', ['id' => $account->identifier]); + return redirect()->route('admin.account.show', $id); } @@ -108,6 +113,8 @@ class AccountController extends Controller $account->activated = true; $account->save(); + Log::channel('events')->info('Web Admin: Account activated', ['id' => $account->identifier]); + return redirect()->back(); } @@ -116,6 +123,8 @@ class AccountController extends Controller $account->activated = false; $account->save(); + Log::channel('events')->info('Web Admin: Account deactivated', ['id' => $account->identifier]); + return redirect()->back(); } @@ -124,6 +133,8 @@ class AccountController extends Controller $account->confirmation_key = Str::random(WebAuthenticateController::$emailCodeSize); $account->save(); + Log::channel('events')->info('Web Admin: Account provisioned', ['id' => $account->identifier]); + return redirect()->back(); } @@ -133,6 +144,8 @@ class AccountController extends Controller $admin->account_id = $account->id; $admin->save(); + Log::channel('events')->info('Web Admin: Account set as admin', ['id' => $account->identifier]); + return redirect()->back(); } @@ -145,6 +158,8 @@ class AccountController extends Controller if ($account->admin) $account->admin->delete(); + Log::channel('events')->info('Web Admin: Account unset as admin', ['id' => $account->identifier]); + return redirect()->back(); } @@ -162,6 +177,8 @@ class AccountController extends Controller $request->session()->flash('success', 'Account successfully destroyed'); + Log::channel('events')->info('Web Admin: Account deleted', ['id' => $account->identifier]); + return redirect()->route('admin.account.index'); } diff --git a/flexiapi/app/Http/Controllers/Api/Admin/AccountController.php b/flexiapi/app/Http/Controllers/Api/Admin/AccountController.php index fed0235..a7cfec1 100644 --- a/flexiapi/app/Http/Controllers/Api/Admin/AccountController.php +++ b/flexiapi/app/Http/Controllers/Api/Admin/AccountController.php @@ -57,6 +57,8 @@ class AccountController extends Controller $tombstone->save(); } + Log::channel('events')->info('API Admin: Account destroyed', ['id' => $account->identifier]); + $account->delete(); } @@ -66,6 +68,8 @@ class AccountController extends Controller $account->activated = true; $account->save(); + Log::channel('events')->info('API Admin: Account activated', ['id' => $account->identifier]); + return $account; } @@ -75,6 +79,8 @@ class AccountController extends Controller $account->activated = false; $account->save(); + Log::channel('events')->info('API Admin: Account deactivated', ['id' => $account->identifier]); + return $account; } diff --git a/flexisip-account-manager.spec b/flexisip-account-manager.spec index 68ddaa1..8f3075c 100644 --- a/flexisip-account-manager.spec +++ b/flexisip-account-manager.spec @@ -8,7 +8,7 @@ #%define _datadir %{_datarootdir} #%define _docdir %{_datadir}/doc -%define build_number 100 +%define build_number 101 %define var_dir /var/opt/belledonne-communications %define opt_dir /opt/belledonne-communications/share/flexisip-account-manager