Updating OAuth UI Module

revert-70aa11f8
dilanua 8 years ago
parent 7017f6e32b
commit 020f35cb4e

@ -46,7 +46,7 @@ if (uriMatcher.match("/{context}/api/user/authenticate")) {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("User Logged In : " + user); log.debug("User Logged In : " + user);
} }
apiWrapperUtil.setupAccessTokenPairByPasswordGrantType(username, password); apiWrapperUtil.setupTokenPairByPasswordGrantType(username, password);
}, function () { }, function () {
response = responseProcessor.buildSuccessResponse(response, 200, {'sessionId': session.getId()}); response = responseProcessor.buildSuccessResponse(response, 200, {'sessionId': session.getId()});
}); });
@ -66,7 +66,7 @@ if (uriMatcher.match("/{context}/api/user/authenticate")) {
log.debug("User Logged In : " + user); log.debug("User Logged In : " + user);
} }
apiWrapperUtil.setupAccessTokenPairByPasswordGrantType(username, password); apiWrapperUtil.setupTokenPairByPasswordGrantType(username, password);
var permissions = userModule.getUIPermissions(); var permissions = userModule.getUIPermissions();
if (permissions.VIEW_DASHBOARD) { if (permissions.VIEW_DASHBOARD) {
response.sendRedirect(constants.WEB_APP_CONTEXT); response.sendRedirect(constants.WEB_APP_CONTEXT);

@ -59,8 +59,8 @@ var USER_STORE_CONFIG_ADMIN_SERVICE_END_POINT =
var SOAP_VERSION = 1.2; var SOAP_VERSION = 1.2;
var WEB_SERVICE_ADDRESSING_VERSION = 1.0; var WEB_SERVICE_ADDRESSING_VERSION = 1.0;
var ACCESS_TOKEN_PAIR_IDENTIFIER = "accessTokenPair"; var TOKEN_PAIR = "tokenPair";
var ENCODED_CLIENT_KEYS_IDENTIFIER = "encodedClientKey"; var ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS = "encodedTenantBasedClientAppCredentials";
var CONTENT_TYPE_IDENTIFIER = "Content-Type"; var CONTENT_TYPE_IDENTIFIER = "Content-Type";
var CONTENT_DISPOSITION_IDENTIFIER = "Content-Disposition"; var CONTENT_DISPOSITION_IDENTIFIER = "Content-Disposition";
var APPLICATION_JSON = "application/json"; var APPLICATION_JSON = "application/json";

@ -26,9 +26,9 @@ var onFail;
var utility = require("/app/modules/utility.js").utility; var utility = require("/app/modules/utility.js").utility;
var apiWrapperUtil = require("/app/modules/oauth/token-handlers.js")["handlers"]; var apiWrapperUtil = require("/app/modules/oauth/token-handlers.js")["handlers"];
if (context.input.samlToken) { if (context.input.samlToken) {
apiWrapperUtil.setupAccessTokenPairBySamlGrantType(context.input.username, context.input.samlToken); apiWrapperUtil.setupTokenPairBySamlGrantType(context.input.username, context.input.samlToken);
} else { } else {
apiWrapperUtil.setupAccessTokenPairByPasswordGrantType(context.input.username, context.input.password); apiWrapperUtil.setupTokenPairByPasswordGrantType(context.input.username, context.input.password);
} }
var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
var carbonServer = require("carbon").server; var carbonServer = require("carbon").server;

@ -29,125 +29,126 @@ var handlers = function () {
var constants = require("/app/modules/constants.js"); var constants = require("/app/modules/constants.js");
var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
var privateMethods = {};
var publicMethods = {}; var publicMethods = {};
var privateMethods = {};
privateMethods.setUpEncodedTenantBasedClientAppCredentials = function (username) { publicMethods.setupTokenPairByPasswordGrantType = function (username, password) {
if (!username) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " +
"client credentials to session context. No username is found as " +
"input - setUpEncodedTenantBasedClientAppCredentials(x)");
} else {
var dynamicClientAppCredentials = tokenUtil.getDynamicClientAppCredentials();
if (!dynamicClientAppCredentials) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " +
"client credentials to session context as the server is unable to obtain " +
"dynamic client credentials - setUpEncodedTenantBasedClientAppCredentials(x)");
} else {
var jwtToken = tokenUtil.getAccessTokenByJWTGrantType(dynamicClientAppCredentials);
if (!jwtToken) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " +
"client credentials to session context as the server is unable to obtain " +
"a jwt token - setUpEncodedTenantBasedClientAppCredentials(x)");
} else {
var tenantBasedClientCredentials = tokenUtil.
getTenantBasedClientAppCredentials(username, jwtToken);
if (!tenantBasedClientCredentials) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant " +
"based client credentials to session context as the server is unable " +
"to obtain such credentials - setUpEncodedTenantBasedClientAppCredentials(x)");
} else {
var encodedTenantBasedClientCredentials =
tokenUtil.encode(tenantBasedClientCredentials["clientId"] + ":" +
tenantBasedClientCredentials["clientSecret"]);
// setting up encoded tenant based client credentials to session context.
session.put(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"], encodedTenantBasedClientCredentials);
}
}
}
}
};
publicMethods.setupAccessTokenPairByPasswordGrantType = function (username, password) {
if (!username || !password) { if (!username || !password) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair by " + throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair by " +
"password grant type. Either username, password or both are missing as " + "password grant type. Either username of logged in user, password or both are missing " +
"input - setupAccessTokenPairByPasswordGrantType(x, y)"); "as input - setupTokenPairByPasswordGrantType(x, y)");
} else { } else {
privateMethods.setUpEncodedTenantBasedClientAppCredentials(username); privateMethods.setUpEncodedTenantBasedClientAppCredentials(username);
var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]); var encodedClientAppCredentials = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"]);
if (!encodedClientCredentials) { if (!encodedClientAppCredentials) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair by " + throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair by " +
"password grant type. Encoded client credentials are " + "password grant type. Encoded client credentials are " +
"missing - setupAccessTokenPairByPasswordGrantType(x, y)"); "missing - setupTokenPairByPasswordGrantType(x, y)");
} else { } else {
var accessTokenPair; var tokenPair;
// accessTokenPair will include current access token as well as current refresh token // tokenPair will include current access token as well as current refresh token
var arrayOfScopes = devicemgtProps["scopes"]; var arrayOfScopes = devicemgtProps["scopes"];
var stringOfScopes = ""; var stringOfScopes = "";
arrayOfScopes.forEach(function (entry) { arrayOfScopes.forEach(function (entry) {
stringOfScopes += entry + " "; stringOfScopes += entry + " ";
}); });
accessTokenPair = tokenUtil. tokenPair = tokenUtil.
getAccessTokenByPasswordGrantType(username, getAccessTokenByPasswordGrantType(username,
encodeURIComponent(password), encodedClientCredentials, stringOfScopes); encodeURIComponent(password), encodedClientAppCredentials, stringOfScopes);
if (!accessTokenPair) { if (!tokenPair) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access " + throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up " +
"token pair by password grant type. Error in token " + "token pair by password grant type. Error in token " +
"retrieval - setupAccessTokenPairByPasswordGrantType(x, y)"); "retrieval - setupTokenPairByPasswordGrantType(x, y)");
} else { } else {
// setting up access token pair into session context as a string // setting up access token pair into session context as a string
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(accessTokenPair)); session.put(constants["TOKEN_PAIR"], stringify(tokenPair));
} }
} }
} }
}; };
publicMethods.setupAccessTokenPairBySamlGrantType = function (username, samlToken) { publicMethods.setupTokenPairBySamlGrantType = function (username, samlToken) {
if (!username || !samlToken) { if (!username || !samlToken) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair by " + throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair by " +
"saml grant type. Either username, samlToken or both are missing as " + "saml grant type. Either username of logged in user, samlToken or both are missing " +
"input - setupAccessTokenPairByPasswordGrantType(x, y)"); "as input - setupTokenPairByPasswordGrantType(x, y)");
} else { } else {
privateMethods.setUpEncodedTenantBasedClientAppCredentials(username); privateMethods.setUpEncodedTenantBasedClientAppCredentials(username);
var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]); var encodedClientAppCredentials = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"]);
if (!encodedClientCredentials) { if (!encodedClientAppCredentials) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair " + throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair " +
"by saml grant type. Encoded client credentials are " + "by saml grant type. Encoded client credentials are " +
"missing - setupAccessTokenPairByPasswordGrantType(x, y)"); "missing - setupTokenPairByPasswordGrantType(x, y)");
} else { } else {
var accessTokenPair; var tokenPair;
// accessTokenPair will include current access token as well as current refresh token // accessTokenPair will include current access token as well as current refresh token
accessTokenPair = tokenUtil. tokenPair = tokenUtil.
getAccessTokenBySAMLGrantType(samlToken, encodedClientCredentials, "PRODUCTION"); getAccessTokenBySAMLGrantType(samlToken, encodedClientAppCredentials, "PRODUCTION");
if (!accessTokenPair) { if (!tokenPair) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token " + throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up token " +
"pair by password grant type. Error in token " + "pair by password grant type. Error in token " +
"retrieval - setupAccessTokenPairByPasswordGrantType(x, y)"); "retrieval - setupTokenPairByPasswordGrantType(x, y)");
} else { } else {
// setting up access token pair into session context as a string // setting up access token pair into session context as a string
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(accessTokenPair)); session.put(constants["TOKEN_PAIR"], stringify(tokenPair));
} }
} }
} }
}; };
publicMethods.refreshAccessToken = function () { publicMethods.refreshTokenPair = function () {
var accessTokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"])); var currentTokenPair = parse(session.get(constants["TOKEN_PAIR"]));
// accessTokenPair includes current access token as well as current refresh token // currentTokenPair includes current access token as well as current refresh token
var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]); var encodedClientAppCredentials = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"]);
if (!accessTokenPair || !encodedClientCredentials) { if (!currentTokenPair || !encodedClientAppCredentials) {
throw new Error("{/app/modules/oauth/token-handlers.js} Error in refreshing tokens. Either the access " + throw new Error("{/app/modules/oauth/token-handlers.js} Error in refreshing tokens. Either the " +
"token pair, encoded client credentials or both input are not found under " + "token pair, encoded client app credentials or both input are not found under " +
"session context - refreshAccessToken()"); "session context - refreshTokenPair()");
} else { } else {
var newTokenPair = tokenUtil. var newTokenPair = tokenUtil.
getNewAccessTokenByRefreshToken(accessTokenPair["refreshToken"], encodedClientCredentials); getNewAccessTokenByRefreshToken(currentTokenPair["refreshToken"], encodedClientAppCredentials);
if (!newTokenPair) { if (!newTokenPair) {
log.error("{/app/modules/oauth/token-handlers.js} Error in refreshing access token. Unable to update " + log.error("{/app/modules/oauth/token-handlers.js} Error in refreshing token pair. " +
"session context with new access token pair - refreshAccessToken()"); "Unable to update session context with new access token pair - refreshTokenPair()");
} else {
session.put(constants["TOKEN_PAIR"], stringify(newTokenPair));
}
}
};
privateMethods.setUpEncodedTenantBasedClientAppCredentials = function (username) {
if (!username) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " +
"client credentials to session context. No username of logged in user is found as " +
"input - setUpEncodedTenantBasedClientAppCredentials(x)");
} else {
var dynamicClientAppCredentials = tokenUtil.getDynamicClientAppCredentials();
if (!dynamicClientAppCredentials) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " +
"client credentials to session context as the server is unable to obtain " +
"dynamic client credentials - setUpEncodedTenantBasedClientAppCredentials(x)");
} else {
var jwtToken = tokenUtil.getAccessTokenByJWTGrantType(dynamicClientAppCredentials);
if (!jwtToken) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " +
"client credentials to session context as the server is unable to obtain " +
"a jwt token - setUpEncodedTenantBasedClientAppCredentials(x)");
} else { } else {
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(newTokenPair)); var tenantBasedClientAppCredentials = tokenUtil.
getTenantBasedClientAppCredentials(username, jwtToken);
if (!tenantBasedClientAppCredentials) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant " +
"based client credentials to session context as the server is unable " +
"to obtain such credentials - setUpEncodedTenantBasedClientAppCredentials(x)");
} else {
var encodedTenantBasedClientAppCredentials =
tokenUtil.encode(tenantBasedClientAppCredentials["clientId"] + ":" +
tenantBasedClientAppCredentials["clientSecret"]);
// setting up encoded tenant based client credentials to session context.
session.put(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"],
encodedTenantBasedClientAppCredentials);
}
}
} }
} }
}; };

@ -42,10 +42,10 @@ var invokers = function () {
/** /**
* This method reads the token pair from the session and return the access token. * This method reads the token pair from the session and return the access token.
* If the token pair s not set in the session this will send a redirect to the login page. * If the token pair is not set in the session, this will return null.
*/ */
privateMethods.getAccessToken = function () { privateMethods.getAccessToken = function () {
var tokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"])); var tokenPair = parse(session.get(constants["TOKEN_PAIR"]));
if (tokenPair) { if (tokenPair) {
return tokenPair["accessToken"]; return tokenPair["accessToken"];
} else { } else {
@ -103,7 +103,7 @@ var invokers = function () {
if (xmlHttpRequest.status == 401 && (xmlHttpRequest.responseText == TOKEN_EXPIRED || if (xmlHttpRequest.status == 401 && (xmlHttpRequest.responseText == TOKEN_EXPIRED ||
xmlHttpRequest.responseText == TOKEN_INVALID ) && count < 5) { xmlHttpRequest.responseText == TOKEN_INVALID ) && count < 5) {
tokenUtil.refreshAccessToken(); tokenUtil.refreshTokenPair();
return privateMethods.execute(httpMethod, requestPayload, endpoint, responseCallback, ++count); return privateMethods.execute(httpMethod, requestPayload, endpoint, responseCallback, ++count);
} else { } else {
return responseCallback(xmlHttpRequest); return responseCallback(xmlHttpRequest);
@ -122,7 +122,7 @@ var invokers = function () {
}; };
/** /**
* This method invokes return initiateXMLHttpRequest for get calls * This method invokes return initiateXMLHttpRequest for get calls.
* @param endpoint Backend REST API url. * @param endpoint Backend REST API url.
* @param responseCallback a function to be called with response retrieved. * @param responseCallback a function to be called with response retrieved.
*/ */
@ -132,7 +132,7 @@ var invokers = function () {
}; };
/** /**
* This method invokes return initiateXMLHttpRequest for post calls * This method invokes return initiateXMLHttpRequest for post calls.
* @param endpoint Backend REST API url. * @param endpoint Backend REST API url.
* @param requestPayload payload/data if exists which is needed to be send. * @param requestPayload payload/data if exists which is needed to be send.
* @param responseCallback a function to be called with response retrieved. * @param responseCallback a function to be called with response retrieved.
@ -142,7 +142,7 @@ var invokers = function () {
}; };
/** /**
* This method invokes return initiateXMLHttpRequest for put calls * This method invokes return initiateXMLHttpRequest for put calls.
* @param endpoint Backend REST API url. * @param endpoint Backend REST API url.
* @param requestPayload payload/data if exists which is needed to be send. * @param requestPayload payload/data if exists which is needed to be send.
* @param responseCallback a function to be called with response retrieved. * @param responseCallback a function to be called with response retrieved.
@ -152,7 +152,7 @@ var invokers = function () {
}; };
/** /**
* This method invokes return initiateXMLHttpRequest for delete calls * This method invokes return initiateXMLHttpRequest for delete calls.
* @param endpoint Backend REST API url. * @param endpoint Backend REST API url.
* @param responseCallback a function to be called with response retrieved. * @param responseCallback a function to be called with response retrieved.
*/ */
@ -214,7 +214,7 @@ var invokers = function () {
}; };
/** /**
* This method invokes return initiateWSRequest for soap calls * This method invokes return initiateWSRequest for soap calls.
* @param action describes particular soap action. * @param action describes particular soap action.
* @param requestPayload SOAP request payload which is needed to be send. * @param requestPayload SOAP request payload which is needed to be send.
* @param endpoint service end point to be triggered. * @param endpoint service end point to be triggered.
@ -303,7 +303,7 @@ var invokers = function () {
}; };
/** /**
* This method invokes return initiateHTTPClientRequest for get calls * This method invokes return initiateHTTPClientRequest for get calls.
* @param url target url. * @param url target url.
* @param successCallback a function to be called if the respond if successful. * @param successCallback a function to be called if the respond if successful.
* @param errorCallback a function to be called if en error is reserved. * @param errorCallback a function to be called if en error is reserved.
@ -315,7 +315,7 @@ var invokers = function () {
}; };
/** /**
* This method invokes return initiateHTTPClientRequest for post calls * This method invokes return initiateHTTPClientRequest for post calls.
* @param url target url. * @param url target url.
* @param payload payload/data which need to be send. * @param payload payload/data which need to be send.
* @param successCallback a function to be called if the respond if successful. * @param successCallback a function to be called if the respond if successful.
@ -327,7 +327,7 @@ var invokers = function () {
}; };
/** /**
* This method invokes return initiateHTTPClientRequest for put calls * This method invokes return initiateHTTPClientRequest for put calls.
* @param url target url. * @param url target url.
* @param payload payload/data which need to be send. * @param payload payload/data which need to be send.
* @param successCallback a function to be called if the respond if successful. * @param successCallback a function to be called if the respond if successful.
@ -339,7 +339,7 @@ var invokers = function () {
}; };
/** /**
* This method invokes return initiateHTTPClientRequest for delete calls * This method invokes return initiateHTTPClientRequest for delete calls.
* @param url target url. * @param url target url.
* @param successCallback a function to be called if the respond if successful. * @param successCallback a function to be called if the respond if successful.
* @param errorCallback a function to be called if en error is reserved. * @param errorCallback a function to be called if en error is reserved.

Loading…
Cancel
Save