KAZOO-5449: reset api for private key, identity secrets and get publi…

…c key (#4042) * KAZOO-5449: api for reset JWT private key, identity secrets and get the public key * KAZOO-5449: correctly authorize to reset or fetch keys/identity * KAZOO-5449: allow to download pem file * KAZOO-5449: getpublic from new private key and put in the cache * should return props, found when a error happend when getting profile * KAZOO-5449: let actually get public key * KAZOO-5449: fix schema name * KAZOO-5449: finish doc, fix missing authorize func headers * KAZOO-5449: put schema in doc manually * KAZOO-5449: rename back to nouns and paths * KAZOO-5449: get owner_id from cb_context:user_id and update doc * remove auth.reset_identity schema * KAZOO-5449: get keys, do reset/get on key_id * get key document directly and get public key from private * KAZOO-5449: delete private key attachment instead of generating new kid * KAZOO-5449: fix paths * fix typos in document * erase PK_CACHE manually * delete the doc instead * PUT with action
2600hz · Aug 11, 2017 · 7311b01 · 7311b01
1 parent 21cc1ea
commit 7311b01
Show file tree

Hide file tree

Showing 16 changed files with 1,122 additions and 163 deletions.
diff --git a/applications/crossbar/doc/auth.md b/applications/crossbar/doc/auth.md
diff --git a/applications/crossbar/doc/ref/auth.md b/applications/crossbar/doc/ref/auth.md
@@ -6,24 +6,34 @@
 
 
 
-#### Fetch
+#### Create
 
-> GET /v2/auth/keys
+> PUT /v2/auth
 
 ```shell
-curl -v -X GET \
+curl -v -X PUT \
     -H "X-Auth-Token: {AUTH_TOKEN}" \
-    http://{SERVER}:8000/v2/auth/keys
+    http://{SERVER}:8000/v2/auth
 ```
 
 #### Fetch
 
-> GET /v2/auth/apps
+> GET /v2/auth/tokeninfo
 
 ```shell
 curl -v -X GET \
     -H "X-Auth-Token: {AUTH_TOKEN}" \
-    http://{SERVER}:8000/v2/auth/apps
+    http://{SERVER}:8000/v2/auth/tokeninfo
+```
+
+#### Change
+
+> POST /v2/auth/tokeninfo
+
+```shell
+curl -v -X POST \
+    -H "X-Auth-Token: {AUTH_TOKEN}" \
+    http://{SERVER}:8000/v2/auth/tokeninfo
 ```
 
 #### Fetch
@@ -46,6 +56,16 @@ curl -v -X GET \
     http://{SERVER}:8000/v2/auth/links
 ```
 
+#### Fetch
+
+> GET /v2/auth/keys
+
+```shell
+curl -v -X GET \
+    -H "X-Auth-Token: {AUTH_TOKEN}" \
+    http://{SERVER}:8000/v2/auth/keys
+```
+
 #### Create
 
 > PUT /v2/auth/callback
@@ -68,141 +88,121 @@ curl -v -X PUT \
 
 #### Fetch
 
-> GET /v2/auth/tokeninfo
+> GET /v2/auth/apps
 
 ```shell
 curl -v -X GET \
     -H "X-Auth-Token: {AUTH_TOKEN}" \
-    http://{SERVER}:8000/v2/auth/tokeninfo
-```
-
-#### Change
-
-> POST /v2/auth/tokeninfo
-
-```shell
-curl -v -X POST \
-    -H "X-Auth-Token: {AUTH_TOKEN}" \
-    http://{SERVER}:8000/v2/auth/tokeninfo
+    http://{SERVER}:8000/v2/auth/apps
 ```
 
 #### Fetch
 
-> GET /v2/auth/keys/{KEY_ID}
+> GET /v2/auth/providers/{PROVIDER_ID}
 
 ```shell
 curl -v -X GET \
     -H "X-Auth-Token: {AUTH_TOKEN}" \
-    http://{SERVER}:8000/v2/auth/keys/{KEY_ID}
+    http://{SERVER}:8000/v2/auth/providers/{PROVIDER_ID}
 ```
 
 #### Change
 
-> POST /v2/auth/keys/{KEY_ID}
+> POST /v2/auth/providers/{PROVIDER_ID}
 
 ```shell
 curl -v -X POST \
     -H "X-Auth-Token: {AUTH_TOKEN}" \
-    http://{SERVER}:8000/v2/auth/keys/{KEY_ID}
+    http://{SERVER}:8000/v2/auth/providers/{PROVIDER_ID}
 ```
 
 #### Remove
 
-> DELETE /v2/auth/keys/{KEY_ID}
+> DELETE /v2/auth/providers/{PROVIDER_ID}
 
 ```shell
 curl -v -X DELETE \
     -H "X-Auth-Token: {AUTH_TOKEN}" \
-    http://{SERVER}:8000/v2/auth/keys/{KEY_ID}
+    http://{SERVER}:8000/v2/auth/providers/{PROVIDER_ID}
 ```
 
 #### Fetch
 
-> GET /v2/auth/apps/{APP_ID}
+> GET /v2/auth/links/{LINK_ID}
 
 ```shell
 curl -v -X GET \
     -H "X-Auth-Token: {AUTH_TOKEN}" \
-    http://{SERVER}:8000/v2/auth/apps/{APP_ID}
+    http://{SERVER}:8000/v2/auth/links/{LINK_ID}
 ```
 
-#### Change
+#### Create
 
-> POST /v2/auth/apps/{APP_ID}
+> PUT /v2/auth/links/{LINK_ID}
 
 ```shell
-curl -v -X POST \
+curl -v -X PUT \
     -H "X-Auth-Token: {AUTH_TOKEN}" \
-    http://{SERVER}:8000/v2/auth/apps/{APP_ID}
+    http://{SERVER}:8000/v2/auth/links/{LINK_ID}
 ```
 
 #### Remove
 
-> DELETE /v2/auth/apps/{APP_ID}
+> DELETE /v2/auth/links/{LINK_ID}
 
 ```shell
 curl -v -X DELETE \
     -H "X-Auth-Token: {AUTH_TOKEN}" \
-    http://{SERVER}:8000/v2/auth/apps/{APP_ID}
+    http://{SERVER}:8000/v2/auth/links/{LINK_ID}
 ```
 
 #### Fetch
 
-> GET /v2/auth/providers/{PROVIDER_ID}
+> GET /v2/auth/keys/{KEY_ID}
 
 ```shell
 curl -v -X GET \
     -H "X-Auth-Token: {AUTH_TOKEN}" \
-    http://{SERVER}:8000/v2/auth/providers/{PROVIDER_ID}
-```
-
-#### Change
-
-> POST /v2/auth/providers/{PROVIDER_ID}
-
-```shell
-curl -v -X POST \
-    -H "X-Auth-Token: {AUTH_TOKEN}" \
-    http://{SERVER}:8000/v2/auth/providers/{PROVIDER_ID}
+    http://{SERVER}:8000/v2/auth/keys/{KEY_ID}
 ```
 
-#### Remove
+#### Create
 
-> DELETE /v2/auth/providers/{PROVIDER_ID}
+> PUT /v2/auth/keys/{KEY_ID}
 
 ```shell
-curl -v -X DELETE \
+curl -v -X PUT \
     -H "X-Auth-Token: {AUTH_TOKEN}" \
-    http://{SERVER}:8000/v2/auth/providers/{PROVIDER_ID}
+    http://{SERVER}:8000/v2/auth/keys/{KEY_ID}
 ```
 
 #### Fetch
 
-> GET /v2/auth/links/{LINK_ID}
+> GET /v2/auth/apps/{APP_ID}
 
 ```shell
 curl -v -X GET \
     -H "X-Auth-Token: {AUTH_TOKEN}" \
-    http://{SERVER}:8000/v2/auth/links/{LINK_ID}
+    http://{SERVER}:8000/v2/auth/apps/{APP_ID}
 ```
 
-#### Create
+#### Change
 
-> PUT /v2/auth/links/{LINK_ID}
+> POST /v2/auth/apps/{APP_ID}
 
 ```shell
-curl -v -X PUT \
+curl -v -X POST \
     -H "X-Auth-Token: {AUTH_TOKEN}" \
-    http://{SERVER}:8000/v2/auth/links/{LINK_ID}
+    http://{SERVER}:8000/v2/auth/apps/{APP_ID}
 ```
 
 #### Remove
 
-> DELETE /v2/auth/links/{LINK_ID}
+> DELETE /v2/auth/apps/{APP_ID}
 
 ```shell
 curl -v -X DELETE \
     -H "X-Auth-Token: {AUTH_TOKEN}" \
-    http://{SERVER}:8000/v2/auth/links/{LINK_ID}
+    http://{SERVER}:8000/v2/auth/apps/{APP_ID}
 ```
 
diff --git a/applications/crossbar/doc/voicemail.md b/applications/crossbar/doc/voicemail.md
@@ -4,7 +4,7 @@
 
 Voicemail boxes store messages, recorded from the caller, for the voicemail box owner to listen to at a later time.
 
-#### Differences between version 1 and 2 of Voicemail box
+#### Differences between Kazoo version 3.x and 4.x
 
 As of Kazoo 4.0 all new voicemail messages will be stored in the account MODbs.
 

diff --git a/applications/crossbar/priv/api/swagger.json b/applications/crossbar/priv/api/swagger.json
@@ -41015,6 +41015,15 @@
                 }
             }
         },
+        "/auth": {
+            "put": {
+                "responses": {
+                    "200": {
+                        "description": "request succeeded"
+                    }
+                }
+            }
+        },
         "/auth/apps": {
             "get": {
                 "responses": {
@@ -41090,18 +41099,6 @@
             }
         },
         "/auth/keys/{KEY_ID}": {
-            "delete": {
-                "parameters": [
-                    {
-                        "$ref": "#/parameters/KEY_ID"
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "request succeeded"
-                    }
-                }
-            },
             "get": {
                 "parameters": [
                     {
@@ -41114,7 +41111,7 @@
                     }
                 }
             },
-            "post": {
+            "put": {
                 "parameters": [
                     {
                         "$ref": "#/parameters/KEY_ID"

diff --git a/applications/crossbar/src/cb_context.erl b/applications/crossbar/src/cb_context.erl
@@ -278,7 +278,17 @@ is_superduper_admin(Context) ->
 
 -spec is_account_admin(context()) -> boolean().
 is_account_admin(Context) ->
-    kzd_user:is_account_admin(auth_account_id(Context), auth_user_id(Context)).
+    AuthAccountId = auth_account_id(Context),
+    AuthUserId = auth_user_id(Context),
+    lager:debug("checking if user ~s is account admin of ~s", [AuthAccountId, AuthUserId]),
+    case kzd_user:is_account_admin(AuthAccountId, AuthUserId) of
+        'true' ->
+            lager:debug("the requestor is an account admin"),
+            'true';
+        'false' ->
+            lager:debug("the requestor is an superduper admin"),
+            'false'
+    end.
 
 auth_token_type(#cb_context{auth_token_type=AuthTokenType}) -> AuthTokenType.
 auth_token(#cb_context{auth_token=AuthToken}) -> AuthToken.

diff --git a/applications/crossbar/src/crossbar_util.erl b/applications/crossbar/src/crossbar_util.erl
@@ -1238,13 +1238,11 @@ maybe_validate_quickcall(Context) ->
     end.
 
 maybe_validate_quickcall(Context, 'success') ->
-    AllowAnon = kz_json:get_value(<<"allow_anonymous_quickcalls">>, cb_context:doc(Context)),
+    AllowAnon = kz_json:is_true(<<"allow_anonymous_quickcalls">>, cb_context:doc(Context)),
 
-    case kz_term:is_true(AllowAnon)
+    case AllowAnon
         orelse cb_context:is_authenticated(Context)
-        orelse (AllowAnon =:= 'undefined'
-                andalso kapps_config:get_is_true(?CONFIG_CAT, <<"default_allow_anonymous_quickcalls">>, 'true')
-               )
+        orelse kapps_config:get_is_true(?CONFIG_CAT, <<"default_allow_anonymous_quickcalls">>, 'true')
     of
         'false' -> cb_context:add_system_error('invalid_credentials', Context);
         'true' -> Context