mirror of
https://gitlab.linphone.org/BC/public/flexisip-account-manager.git
synced 2026-04-17 19:58:27 +00:00
Fix FLEXIAPI-149 Add a toggle to disable phone check on username for admin endpoints and forms
This commit is contained in:
Timothée Jaussoin
parent
f6ac67b8b1
commit
9d7618e9c4
9 changed files with 56 additions and 17 deletions
|
|
@ -5,6 +5,7 @@ v1.5
|
|||
- Fix FLEXIAPI-153 Add phone and email to be changed in the Activity panel
|
||||
- Fix FLEXIAPI-151 Migrate to hCaptcha
|
||||
- Fix FLEXIAPI-150 Use the same account_id parameter for both API and Web routes
|
||||
- Fix FLEXIAPI-149 Add a toggle to disable phone check on username for admin endpoints and forms
|
||||
- Fix FLEXIAPI-148 Reuse AccountService in the POST /api/accounts admin endpoint
|
||||
- FIX FLEXIAPI-146 Allow users to manage their own devices
|
||||
- Fix FLEXIAPI-145 Put back the 'code' parameter as an alias for the 'confirmation_key' for the activateEmail and activatePhone endpoints
|
||||
|
|
|
|||
|
|
@ -12,6 +12,8 @@ APP_FLEXISIP_PUSHER_FIREBASE_KEYSMAP= # Each pair is separated using a space and
|
|||
APP_API_KEY_EXPIRATION_MINUTES=60 # Number of minutes the generated API Keys are valid
|
||||
APP_API_ACCOUNT_CREATION_TOKEN_RETRY_MINUTES=60 # Number of minutes between two consecutive account_creation_token creation
|
||||
|
||||
APP_ALLOW_PHONE_NUMBER_USERNAME_ADMIN_API=false # Allow phone numbers to be set as username in admin account creation endpoints
|
||||
|
||||
# Risky toggles
|
||||
APP_ADMINS_MANAGE_MULTI_DOMAINS=false # Allow admins to handle all the accounts in the database
|
||||
APP_DANGEROUS_ENDPOINTS=false # Enable some dangerous endpoints used for XMLRPC like fallback usage
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ use Carbon\Carbon;
|
|||
|
||||
use App\Account;
|
||||
use App\ContactsList;
|
||||
use App\Http\Requests\CreateAccountRequest;
|
||||
use App\Http\Requests\CreateAccountWithoutUsernamePhoneCheck;
|
||||
use App\Http\Requests\UpdateAccountRequest;
|
||||
|
||||
class AccountController extends Controller
|
||||
|
|
@ -79,7 +79,7 @@ class AccountController extends Controller
|
|||
]);
|
||||
}
|
||||
|
||||
public function store(CreateAccountRequest $request)
|
||||
public function store(CreateAccountWithoutUsernamePhoneCheck $request)
|
||||
{
|
||||
$request->validate([
|
||||
'password' => 'confirmed'
|
||||
|
|
|
|||
|
|
@ -21,17 +21,14 @@ namespace App\Http\Controllers\Api\Admin;
|
|||
|
||||
use App\Http\Controllers\Controller;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Str;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
use Carbon\Carbon;
|
||||
|
||||
use App\Account;
|
||||
use App\AccountTombstone;
|
||||
use App\AccountType;
|
||||
use App\ActivationExpiration;
|
||||
use App\ContactsList;
|
||||
use App\Http\Controllers\Account\AuthenticateController as WebAuthenticateController;
|
||||
use App\Http\Requests\CreateAccountRequest;
|
||||
use App\Http\Requests\CreateAccountWithoutUsernamePhoneCheck;
|
||||
use App\Http\Requests\UpdateAccountRequest;
|
||||
use App\Rules\PasswordAlgorithm;
|
||||
use App\Services\AccountService;
|
||||
|
|
@ -129,7 +126,7 @@ class AccountController extends Controller
|
|||
return $account->makeVisible(['provisioning_token']);
|
||||
}
|
||||
|
||||
public function store(CreateAccountRequest $request)
|
||||
public function store(CreateAccountWithoutUsernamePhoneCheck $request)
|
||||
{
|
||||
return (new AccountService)->store($request, asAdmin: true)->makeVisible(['confirmation_key', 'provisioning_token']);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -32,9 +32,9 @@ class CreateAccountRequest extends FormRequest
|
|||
Rule::unique('accounts', 'username')->where(function ($query) {
|
||||
$query->where('domain', resolveDomain($this));
|
||||
}),
|
||||
/*Rule::unique('accounts_tombstones', 'username')->where(function ($query) use ($request) {
|
||||
$query->where('domain', config('app.sip_domain'));
|
||||
}),*/
|
||||
Rule::unique('accounts_tombstones', 'username')->where(function ($query) {
|
||||
$query->where('domain', resolveDomain($this));
|
||||
}),
|
||||
'filled',
|
||||
],
|
||||
'dictionary' => [new Dictionary],
|
||||
|
|
|
|||
|
|
@ -0,0 +1,28 @@
|
|||
<?php
|
||||
|
||||
namespace App\Http\Requests;
|
||||
|
||||
use App\Rules\IsNotPhoneNumber;
|
||||
|
||||
class CreateAccountWithoutUsernamePhoneCheck extends CreateAccountRequest
|
||||
{
|
||||
public function authorize()
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
public function rules()
|
||||
{
|
||||
$parentRules = parent::rules();
|
||||
|
||||
if (config('app.allow_phone_number_username_admin_api') == true) {
|
||||
array_splice(
|
||||
$parentRules['username'],
|
||||
array_search(new IsNotPhoneNumber(), $parentRules['username']),
|
||||
1
|
||||
);
|
||||
}
|
||||
|
||||
return $parentRules;
|
||||
}
|
||||
}
|
||||
|
|
@ -31,6 +31,7 @@ return [
|
|||
'transport_protocol_text' => env('ACCOUNT_TRANSPORT_PROTOCOL_TEXT', 'TLS (recommended), TCP or UDP'),
|
||||
|
||||
'account_email_unique' => env('ACCOUNT_EMAIL_UNIQUE', false),
|
||||
'allow_phone_number_username_admin_api' => env('APP_ALLOW_PHONE_NUMBER_USERNAME_ADMIN_API', false),
|
||||
'blacklisted_usernames' => env('ACCOUNT_BLACKLISTED_USERNAMES', ''),
|
||||
'account_username_regex' => env('ACCOUNT_USERNAME_REGEX', '^[a-z0-9+_.-]*$'),
|
||||
'account_default_password_algorithm' => env('ACCOUNT_DEFAULT_PASSWORD_ALGORITHM', 'SHA-256'),
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@
|
|||
<h2>Connexion</h2>
|
||||
<div>
|
||||
<input placeholder="Username" required="required" name="username" type="text"
|
||||
value="@if ($account->id){{ $account->username }}@else{{ old('username') }} @endif"
|
||||
value="@if($account->id){{ $account->username }}@else{{ old('username') }}@endif"
|
||||
@if ($account->id) readonly @endif>
|
||||
<label for="username">Username</label>
|
||||
@include('parts.errors', ['name' => 'username'])
|
||||
|
|
@ -53,7 +53,7 @@
|
|||
|
||||
<div>
|
||||
<input placeholder="John Doe" name="display_name" type="text"
|
||||
value="@if ($account->id){{ $account->display_name }}@else{{ old('display_name') }} @endif">
|
||||
value="@if($account->id){{ $account->display_name }}@else{{ old('display_name') }}@endif">
|
||||
<label for="display_name">Display Name</label>
|
||||
@include('parts.errors', ['name' => 'display_name'])
|
||||
</div>
|
||||
|
|
@ -75,14 +75,14 @@
|
|||
|
||||
<div>
|
||||
<input placeholder="Email" name="email" type="email"
|
||||
value="@if ($account->id) {{ $account->email }}@else{{ old('email') }} @endif">
|
||||
value="@if($account->id){{ $account->email }}@else{{ old('email') }}@endif">
|
||||
<label for="email">Email</label>
|
||||
@include('parts.errors', ['name' => 'email'])
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<input placeholder="+12123123" name="phone" type="text"
|
||||
value="@if ($account->id) {{ $account->phone }}@else{{ old('phone') }} @endif">
|
||||
value="@if($account->id){{ $account->phone }}@else{{ old('phone') }}@endif">
|
||||
<label for="phone">Phone</label>
|
||||
@include('parts.errors', ['name' => 'phone'])
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -86,15 +86,25 @@ class ApiAccountTest extends TestCase
|
|||
$username = '+33612121212';
|
||||
$domain = 'example.com';
|
||||
|
||||
$response = $this->keyAuthenticated($password->account)
|
||||
$this->keyAuthenticated($password->account)
|
||||
->json($this->method, $this->route, [
|
||||
'username' => $username,
|
||||
'domain' => $domain,
|
||||
'algorithm' => 'SHA-256',
|
||||
'password' => '123456',
|
||||
]);
|
||||
])
|
||||
->assertJsonValidationErrors(['username']);
|
||||
|
||||
$response->assertJsonValidationErrors(['username']);
|
||||
config()->set('app.allow_phone_number_username_admin_api', true);
|
||||
|
||||
$this->keyAuthenticated($password->account)
|
||||
->json($this->method, $this->route, [
|
||||
'username' => $username,
|
||||
'domain' => $domain,
|
||||
'algorithm' => 'SHA-256',
|
||||
'password' => '123456',
|
||||
])
|
||||
->assertStatus(200);
|
||||
}
|
||||
|
||||
public function testUsernameNotSIP()
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue