Can't login with credentials in URL

dstu · Post by **dstu** » Fri Feb 03, 2017 3:00 am

1. Brekeke Product Name and Version:
Brekeke SIP Server, Version 3.6.3.0, Advanced

2. Java version:
1.8.0_121

3. OS type and the version:
Linux / Ubuntu 14.04

4. UA (phone), gateway or other hardware/software involved:

5. Your problem:
I can't login using the URL: http://server:8080/sip/gate/?bean=sipad ... &passwd=sa
It used to work in previous versions

Regards,

David

ambrosio · Post by **ambrosio** » Wed Feb 08, 2017 1:37 am

If you failed login multiple times (eg. invalid password), the SIP Server's GUI blocks your IP address for a while.

dstu · Post by **dstu** » Thu Feb 09, 2017 2:45 am

ambrosio wrote:If you failed login multiple times (eg. invalid password), the SIP Server's GUI blocks your IP address for a while.

Hi,

It's not a blocking issue. The URL (sipadmin.web.Login) doesn't work at all (from the 1st time) on this version.

I'm sure you can test it yourself. Either there's another page that we need to use, or this one broke during the recent upgrade

Kindly check and advise. We really need this.

Thanks,

David

Laurie · Post by **Laurie** » Fri Feb 10, 2017 1:04 pm

Is it the installation upgraded from a previous version of Brekeke SIP Server?
If so, browser's content cache may cause the issue you experienced.

Let you clear the browser cache or try another web browser.

Are there any error message on the browser screen?

dstu · Post by **dstu** » Fri Feb 10, 2017 8:25 pm

Laurie wrote:Is it the installation upgraded from a previous version of Brekeke SIP Server?
If so, browser's content cache may cause the issue you experienced.

Let you clear the browser cache or try another web browser.

Are there any error message on the browser screen?

No, it's not. It's a new installation. Did you test it yourself on this version and it worked for you? It's the easiest thing to emulate

Mike · Post by **Mike** » Mon Feb 13, 2017 3:22 pm

How did you install the Tomcat?

The pre-installed Tomcat in Ubuntu, or Tomcat installed from their package manager might not work.
http://wiki.brekeke.com/wiki/How-to-ins ... ian-Ubuntu

Please download the Tomcat from the official site.
https://tomcat.apache.org/download-70.cgi

dstu · Post by **dstu** » Tue Feb 14, 2017 3:19 am

Mike wrote:How did you install the Tomcat?

The pre-installed Tomcat in Ubuntu, or Tomcat installed from their package manager might not work.
http://wiki.brekeke.com/wiki/How-to-ins ... ian-Ubuntu

Please download the Tomcat from the official site.
https://tomcat.apache.org/download-70.cgi

Hi Mike,

How is it related to Tomcat? The server is working. It's only the login page that doesn't work as it did in previous versions.

I'm repeating my question to Laurie: Did you try to connect to a server with this version with the login info in the "sipadmin.web.Login" page yourself and succeed to connect?

Regards,

David

Laurie · Post by **Laurie** » Wed Feb 15, 2017 1:10 am

I don't have any issues with the 3.6.3.0.

Let you try another web browser.

dstu · Post by **dstu** » Wed Feb 15, 2017 4:46 am

Laurie wrote:I don't have any issues with the 3.6.3.0.

Let you try another web browser.

I tried with FF, IE and Chrome.

In FF, I get this message in the console:

Code: Select all

TypeError: framePage is null
Stack trace:
ContentPage<.onShowDocumentBody@http://server:8080/sip/common/js/common/ContentPage.js?25:105:6
_showDocumentBody/</<@http://server:8080/sip/gate?bean=sipadmin.web.Login&userid=sa&passwd=sa:178:8
.cache["dojo/ready"]/</dojo.addOnLoad/_879<@http://server:8080/sip/common/js/dojo/dojo/dojo_one.js:15:286183
.cache["dojo/ready"]/</_875@http://server:8080/sip/common/js/dojo/dojo/dojo_one.js:15:285808
req.signal/<@http://server:8080/sip/common/js/dojo/dojo/dojo_one.js:15:3358
_9@http://server:8080/sip/common/js/dojo/dojo/dojo_one.js:15:322
req.signal@http://server:8080/sip/common/js/dojo/dojo/dojo_one.js:15:3323
_37@http://server:8080/sip/common/js/dojo/dojo/dojo_one.js:15:13126
_7e@http://server:8080/sip/common/js/dojo/dojo/dojo_one.js:15:13175
_32/_f1@http://server:8080/sip/common/js/dojo/dojo/dojo_one.js:15:14898
req.injectUrl/_108@http://server:8080/sip/common/js/dojo/dojo/dojo_one.js:15:17794
  dojo_one.js:15:19953

In Chrome, I get this:

Code: Select all

gate?bean=sipadmin.web.Login&userid=sa&passwd=sa:423 Uncaught TypeError: Cannot read property 'getAdminFrame' of undefined
    at gate?bean=sipadmin.web.Login&userid=sa&passwd=sa:423
(anonymous) @ gate?bean=sipadmin.web.Login&userid=sa&passwd=sa:423
dojo_one.js:15 TypeError: Cannot read property 'onShowContentPageDocumentBody' of null
    at Object.onShowDocumentBody (ContentPage.js?25:105)
    at gate?bean=sipadmin.web.Login&userid=sa&passwd=sa:178
    at _879 (dojo_one.js:15)
    at _875 (dojo_one.js:15)
    at dojo_one.js:15
    at _9 (dojo_one.js:15)
    at req.signal (dojo_one.js:15)
    at _37 (dojo_one.js:15)
    at _7e (dojo_one.js:15)
    at _f1 (dojo_one.js:15)
(anonymous) @ dojo_one.js:15
(anonymous) @ dojo_one.js:15
_9 @ dojo_one.js:15
req.signal @ dojo_one.js:15
_875 @ dojo_one.js:15
(anonymous) @ dojo_one.js:15
_9 @ dojo_one.js:15
req.signal @ dojo_one.js:15
_37 @ dojo_one.js:15
_7e @ dojo_one.js:15
_f1 @ dojo_one.js:15
_108 @ dojo_one.js:15

Mike · Post by **Mike** » Wed Feb 15, 2017 11:16 am

> http://server:8080/sip/gate/?bean=sipad ... &passwd=sa

For security reason, we stopped accepting the above URI.
Please login to the server through "http://server:8080/sip"

Thanks

dstu · Post by **dstu** » Wed Feb 15, 2017 8:33 pm

Mike wrote:> http://server:8080/sip/gate/?bean=sipad ... &passwd=sa

For security reason, we stopped accepting the above URI.
Please login to the server through "http://server:8080/sip"

Thanks

That's a big problem for us. Why do you decide for your clients if they want to use it or not? At least set it as an option and let the customers the option to enable it in the config page/file (with a warning that it's risky).

For those who block the Tomcat 8080 port from the public interface and login only through the LAN interface, it's not as risky.

Please reconsider. I would hate to downgrade the server to older version because of that.

Thanks a lot

Mike · Post by **Mike** » Fri Feb 17, 2017 6:21 pm

I will report your comment to the developer.

Are you accessing to the SIP Server from a tool instead of manual browsing?

dstu · Post by **dstu** » Fri Feb 17, 2017 11:20 pm

Mike wrote:I will report your comment to the developer.

Are you accessing to the SIP Server from a tool instead of manual browsing?

Yes. From a provisioning Server/page.

Mike · Post by **Mike** » Sat Feb 18, 2017 8:19 pm

There is a special API to control SIP Server over HTTP without login.
Contact sales@brekeke.com for more details.

Thanks

dstu · Post by **dstu** » Tue Feb 21, 2017 11:29 pm

Mike wrote:There is a special API to control SIP Server over HTTP without login.
Contact sales@brekeke.com for more details.

Thanks

The API isn't relevant for our case, as it costs tens of thousands of $$.

Please re-enable the login feature on the current version. It's a shame to be forced to downgrade to v.3.2 in order to benefit from such a basic feature.

Thanks a lot,

David

Mike · Post by **Mike** » Wed Feb 22, 2017 11:15 am

We know the feature you requested caused several security issues.

I recommend that you use the Remote Management API which can be called from other tools over HTTP.
Because the API allows you to create custom GUI, it is only available to partner companies.

Thanks