Falconieri configures Fanvil RPS putting a token in URL that is invalidated after first use to make sure that if someone scrapes Fanvil RPS service doesn't get valid tokens. But seems that V2 Fanvil phones have problems with Tancredi Tokens because of the "." char in it.
if provisioning URL configured in RPS is /foo/bar/MACADDRESS.cfg phone correctly request the /foo/bar/MACADDRESS.cfg URL, but if it is /foo/b.ar/MACADDRESS.cfg phone request the /foo/MACADDRESS.cfg file
Steps to reproduce
configure a Fanvil V2 phone with provisioning
check its first request in /var/log/httpd/ssl_access_log
Expected behavior
phone should ask for something like /provisioning/1234567896400c068100be0.11563334/0c383eaaaaaa.cfg
Actual behavior
phone should ask for /provisioning/0c383eaaaaaa.cfg
Proposed solution
Remove the "." from the token generated by Tancredi. It is useless since doesn't add entropy to the string (it's in a fixed position"). Also isn't necessary to update anything because already generated tokens should work.
Verify that provisioning using RPS with token (from a remote system that doesn't have phone network in its local networks) works for V2 Fanvil
Verify that provisioning with token (from a remote system that doesn't have phone network in its local networks) works for static files (like backgrounds)
Falconieri configures Fanvil RPS putting a token in URL that is invalidated after first use to make sure that if someone scrapes Fanvil RPS service doesn't get valid tokens. But seems that V2 Fanvil phones have problems with Tancredi Tokens because of the "." char in it. if provisioning URL configured in RPS is
/foo/bar/MACADDRESS.cfg
phone correctly request the/foo/bar/MACADDRESS.cfg
URL, but if it is/foo/b.ar/MACADDRESS.cfg
phone request the/foo/MACADDRESS.cfg
fileSteps to reproduce
Expected behavior
phone should ask for something like
/provisioning/1234567896400c068100be0.11563334/0c383eaaaaaa.cfg
Actual behavior
phone should ask for
/provisioning/0c383eaaaaaa.cfg
Proposed solution
Remove the "." from the token generated by Tancredi. It is useless since doesn't add entropy to the string (it's in a fixed position"). Also isn't necessary to update anything because already generated tokens should work.