Merge remote-tracking branch 'upstream/master'

components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java

@@ -166,7 +166,7 @@ public interface CertificateManagementAdminService {
             value = "Getting Details of Certificates",
             notes = "Get all the details of the certificates you have used for mutual SSL. In a situation where you wish to "
                     + "view all the certificate details, it is not feasible to show all the details on one "
-                    + "page therefore the details are paginated",
+                    + "page. Therefore, the details are paginated.",
             tags = "Certificate Management"
     )
     @ApiResponses(value = {
@@ -216,7 +216,7 @@ public interface CertificateManagementAdminService {
     Response getAllCertificates(
             @ApiParam(
                     name = "offset",
-                    value = "The starting pagination index for the complete list of qualified items",
+                    value = "The starting pagination index for the complete list of qualified items.",
                     required = false,
                     defaultValue = "0")
             @QueryParam("offset") int offset,
@@ -241,7 +241,7 @@ public interface CertificateManagementAdminService {
             produces = MediaType.APPLICATION_JSON,
             httpMethod = "DELETE",
             value = "Deleting an SSL Certificate",
-            notes = "Delete an SSL certificate that's on the client end",
+            notes = "Delete an SSL certificate that's on the client end.",
             tags = "Certificate Management")
     @ApiResponses(value = {
             @ApiResponse(
@@ -264,7 +264,7 @@ public interface CertificateManagementAdminService {
             @ApiParam(
                     name = "serialNumber",
                     value = "The serial number of the certificate.\n" +
-                            "NOTE: Make sure that a certificate with the serial number you provide exists in the server. If no, first add a certificate.",
+                            "NOTE: Make sure that a certificate with the serial number you provide exists in the server. If not, first add a certificate.",
                     required = true,
                     defaultValue = "12438035315552875930")
             @PathParam("serialNumber") String serialNumber);

components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/swagger/extension/SecurityDefinitionConfigurator.java

@@ -0,0 +1,60 @@
+/*
+ *   Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ *   WSO2 Inc. licenses this file to you under the Apache License,
+ *   Version 2.0 (the "License"); you may not use this file except
+ *   in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.wso2.carbon.certificate.mgt.cert.jaxrs.api.swagger.extension;
+
+import io.swagger.annotations.SwaggerDefinition;
+import io.swagger.jaxrs.Reader;
+import io.swagger.jaxrs.config.ReaderListener;
+import io.swagger.models.Swagger;
+import io.swagger.models.auth.OAuth2Definition;
+import io.swagger.models.auth.SecuritySchemeDefinition;
+
+import java.util.HashMap;
+import java.util.Map;
+
+@SwaggerDefinition(
+        basePath = "/api/certificate-mgt/v1.0",
+        host = "localhost:9443"
+)
+public class SecurityDefinitionConfigurator implements ReaderListener {
+
+    public static final String TOKEN_AUTH_SCHEME = "swagger_auth";
+
+    @Override
+    public void beforeScan(Reader reader, Swagger swagger) {
+
+    }
+
+    @Override
+    public void afterScan(Reader reader, Swagger swagger) {
+        OAuth2Definition tokenScheme = new OAuth2Definition();
+        tokenScheme.setType("oauth2");
+        tokenScheme.setFlow("application");
+        tokenScheme.setTokenUrl("https://" + swagger.getHost() + "/oauth2/token");
+        tokenScheme.setAuthorizationUrl("https://" + swagger.getHost() + "/oauth2/authorize");
+        tokenScheme.addScope("write:everything", "Full access");
+
+        Map<String, SecuritySchemeDefinition> schemes = new HashMap<>();
+        schemes.put(TOKEN_AUTH_SCHEME, tokenScheme);
+
+        swagger.setSecurityDefinitions(schemes);
+    }
+
+}
+

components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/webapp/WEB-INF/cxf-servlet.xml

@@ -29,6 +29,7 @@
             <ref bean="certificateServiceBean"/>
             <ref bean="swaggerResource"/>
         </jaxrs:serviceBeans>
+
         <jaxrs:providers>
             <ref bean="jsonProvider"/>
             <ref bean="errorHandler"/>

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java

@@ -655,7 +655,7 @@ public interface DeviceManagementService {
             produces = MediaType.APPLICATION_JSON,
             httpMethod = "GET",
             value = "Get the details of the policy that is enforced on a device.",
-            notes = "A policy is enforced on all the devices that registers with WSO2 EMM." +
+            notes = "A policy is enforced on all the devices that register with WSO2 EMM." +
                     "WSO2 EMM filters the policies based on the device platform (device type)," +
                     "the device ownership type, the user role or name and finally, the policy that matches these filters will be enforced on the device.",
             tags = "Device Management")

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/NotificationManagementService.java

@@ -112,13 +112,15 @@ public interface NotificationManagementService {
             @ApiParam(
                     name = "offset",
                     value = "The starting pagination index for the complete list of qualified items.",
-                    required = false)
+                    required = false,
+                    defaultValue = "0")
             @QueryParam("offset")
                     int offset,
             @ApiParam(
                     name = "limit",
                     value = "Provide how many notification details you require from the starting pagination index/offset.",
-                    required = false)
+                    required = false,
+                    defaultValue = "5")
             @QueryParam("limit")
                     int limit);
 

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/invoker-api.jag

@@ -27,6 +27,12 @@ var devicemgtProps = require("/app/modules/conf-reader/main.js")["conf"];
 var serviceInvokers = require("/app/modules/oauth/token-protected-service-invokers.js")["invokers"];
 
 if (uriMatcher.match("/{context}/api/invoker/execute/")) {
+    //NOTE: We are only interested in Content-Type headers. Appending all request headers to the back-end call
+    // will cause unforeseen security issues.
+    var contentType = request.getHeader(constants.CONTENT_TYPE_IDENTIFIER);
+    var requestHeaders = [];
+    requestHeaders.push({"name": constants.CONTENT_TYPE_IDENTIFIER, "value" : contentType});
+
     var restAPIRequestDetails = request.getContent();
 
     var requestMethod = restAPIRequestDetails["requestMethod"];
@@ -57,7 +63,8 @@ if (uriMatcher.match("/{context}/api/invoker/execute/")) {
                         if (restAPIResponse["responseText"]) {
                             response["content"] = restAPIResponse["responseText"];
                         }
-                    }
+                    },
+                    requestHeaders
                 );
                 break;
             case constants["HTTP_POST"]:
@@ -69,7 +76,8 @@ if (uriMatcher.match("/{context}/api/invoker/execute/")) {
                         if (restAPIResponse["responseText"]) {
                             response["content"] = restAPIResponse["responseText"];
                         }
-                    }
+                    },
+                    requestHeaders
                 );
                 break;
             case constants["HTTP_PUT"]:
@@ -81,7 +89,8 @@ if (uriMatcher.match("/{context}/api/invoker/execute/")) {
                         if (restAPIResponse["responseText"]) {
                             response["content"] = restAPIResponse["responseText"];
                         }
-                    }
+                    },
+                    requestHeaders
                 );
                 break;
             case constants["HTTP_DELETE"]:
@@ -92,11 +101,15 @@ if (uriMatcher.match("/{context}/api/invoker/execute/")) {
                         if (restAPIResponse["responseText"]) {
                             response["content"] = restAPIResponse["responseText"];
                         }
-                    }
+                    },
+                    requestHeaders
                 );
                 break;
         }
     } catch (e) {
+        //Since this is an API we'll log the error message.
+        log.error(e.message); // JavaScript error message
+        log.error(e.stack); // Executed JavaScript file stack
         throw new Error("Exception occurred while trying to access " +
                         "backend REST API services from Jaggery API invoker layer", e);
     }

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-protected-service-invokers.js

@@ -73,11 +73,26 @@ var invokers = function () {
         var xmlHttpRequest = new XMLHttpRequest();
 
         xmlHttpRequest.open(httpMethod, endpoint);
+
+        var contentTypeFound = false;
+        var acceptTypeFound = false;
         for (var i in headers) {
             xmlHttpRequest.setRequestHeader(headers[i].name, headers[i].value);
+            if(constants["CONTENT_TYPE_IDENTIFIER"] == headers[i].name){
+                contentTypeFound = true;
+            }
+            if(constants["ACCEPT_IDENTIFIER"] == headers[i].name){
+                acceptTypeFound = true;
             }
+        }
+
+        if (!contentTypeFound) {
             xmlHttpRequest.setRequestHeader(constants["CONTENT_TYPE_IDENTIFIER"], constants["APPLICATION_JSON"]);
+        }
+
+        if (!acceptTypeFound) {
             xmlHttpRequest.setRequestHeader(constants["ACCEPT_IDENTIFIER"], constants["APPLICATION_JSON"]);
+        }
 
         if (devicemgtProps["isOAuthEnabled"]) {
             var accessToken = privateMethods.getAccessToken();
@@ -284,23 +299,37 @@ var invokers = function () {
 
             //noinspection JSUnresolvedVariable
             var Header = Packages.org.apache.commons.httpclient.Header;
+            var contentTypeFound = false;
+            var acceptTypeFound = false;
             for (var i in headers) {
                 var header = new Header();
                 header.setName(headers[i].name);
                 header.setValue(headers[i].value);
                 httpMethodObject.addRequestHeader(header);
+
+                if(constants["CONTENT_TYPE_IDENTIFIER"] == headers[i].name){
+                    contentTypeFound = true;
+                }
+                if(constants["ACCEPT_IDENTIFIER"] == headers[i].name){
+                    acceptTypeFound = true;
+                }
             }
 
             var header = new Header();
+            if(!contentTypeFound){
                 header.setName(constants["CONTENT_TYPE_IDENTIFIER"]);
                 header.setValue(constants["APPLICATION_JSON"]);
                 //noinspection JSUnresolvedFunction
                 httpMethodObject.addRequestHeader(header);
+            }
+
+            if(!acceptTypeFound) {
                 header = new Header();
                 header.setName(constants["ACCEPT_IDENTIFIER"]);
                 header.setValue(constants["APPLICATION_JSON"]);
                 //noinspection JSUnresolvedFunction
                 httpMethodObject.addRequestHeader(header);
+            }
 
             if (devicemgtProps["isOAuthEnabled"]) {
                 var accessToken = privateMethods.getAccessToken();