Refactoring OAuth utilities at UI Layer

merge-requests/7/head
dilanua 8 years ago
parent 76385a1c9b
commit 70074e2f3e

@ -132,22 +132,22 @@ var handlers = function () {
} }
}; };
publicMethods.refreshToken = function () { publicMethods.refreshAccessToken = function () {
var accessTokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"])); var accessTokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"]));
// accessTokenPair includes current access token as well as current refresh token // accessTokenPair includes current access token as well as current refresh token
var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]); var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]);
if (!accessTokenPair || !encodedClientCredentials) { if (!accessTokenPair || !encodedClientCredentials) {
throw new Error("{/app/modules/token-handlers.js} Error in refreshing tokens. Either the access " + throw new Error("{/app/modules/token-handlers.js} Error in refreshing tokens. Either the access " +
"token pair, encoded client credentials or both input are not found under " + "token pair, encoded client credentials or both input are not found under " +
"session context - refreshToken()"); "session context - refreshAccessToken()");
} else { } else {
var newAccessTokenPair = tokenUtil. var newTokenPair = tokenUtil.
getNewAccessTokenByRefreshToken(accessTokenPair["refreshToken"], encodedClientCredentials); getNewAccessTokenByRefreshToken(accessTokenPair["refreshToken"], encodedClientCredentials);
if (!newAccessTokenPair) { if (!newTokenPair) {
log.error("{/app/modules/token-handlers.js} Error in refreshing tokens. Unable to update " + log.error("{/app/modules/token-handlers.js} Error in refreshing access token. Unable to update " +
"session context with new access token pair - refreshToken()"); "session context with new access token pair - refreshAccessToken()");
} else { } else {
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(newAccessTokenPair)); session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(newTokenPair));
} }
} }
}; };

@ -103,7 +103,7 @@ var invokers = function () {
if (xmlHttpRequest.status == 401 && (xmlHttpRequest.responseText == TOKEN_EXPIRED || if (xmlHttpRequest.status == 401 && (xmlHttpRequest.responseText == TOKEN_EXPIRED ||
xmlHttpRequest.responseText == TOKEN_INVALID ) && count < 5) { xmlHttpRequest.responseText == TOKEN_INVALID ) && count < 5) {
tokenUtil.refreshToken(); tokenUtil.refreshAccessToken();
return privateMethods.execute(httpMethod, requestPayload, endpoint, responseCallback, ++count); return privateMethods.execute(httpMethod, requestPayload, endpoint, responseCallback, ++count);
} else { } else {
return responseCallback(xmlHttpRequest); return responseCallback(xmlHttpRequest);

@ -58,28 +58,28 @@ var util = function () {
xhr.setRequestHeader("Content-Type", "application/json"); xhr.setRequestHeader("Content-Type", "application/json");
xhr.send(stringify(requestPayload)); xhr.send(stringify(requestPayload));
var dynamicClientCredentials = {}; var dynamicClientAppCredentials = {};
if (xhr["status"] == 201 && xhr["responseText"]) { if (xhr["status"] == 201 && xhr["responseText"]) {
var responsePayload = parse(xhr["responseText"]); var responsePayload = parse(xhr["responseText"]);
dynamicClientCredentials["clientId"] = responsePayload["client_id"]; dynamicClientAppCredentials["clientId"] = responsePayload["client_id"];
dynamicClientCredentials["clientSecret"] = responsePayload["client_secret"]; dynamicClientAppCredentials["clientSecret"] = responsePayload["client_secret"];
} else if (xhr["status"] == 400) { } else if (xhr["status"] == 400) {
log.error("{/app/modules/util.js - getDynamicClientAppCredentials()} " + log.error("{/app/modules/util.js - getDynamicClientAppCredentials()} " +
"Bad request. Invalid data provided as dynamic client application properties."); "Bad request. Invalid data provided as dynamic client application properties.");
dynamicClientCredentials = null; dynamicClientAppCredentials = null;
} else { } else {
log.error("{/app/modules/util.js - getDynamicClientAppCredentials()} " + log.error("{/app/modules/util.js - getDynamicClientAppCredentials()} " +
"Error in retrieving dynamic client credentials."); "Error in retrieving dynamic client credentials.");
dynamicClientCredentials = null; dynamicClientAppCredentials = null;
} }
// returning dynamic client credentials // returning dynamic client credentials
return dynamicClientCredentials; return dynamicClientAppCredentials;
}; };
publicMethods.getAccessTokenByPasswordGrantType = function (username, password, encodedClientCredentials, scopes) { publicMethods.getAccessTokenByPasswordGrantType = function (username, password, encodedClientAppCredentials, scopes) {
if (!username || !password || !encodedClientCredentials || !scopes) { if (!username || !password || !encodedClientAppCredentials || !scopes) {
log.error("{/app/modules/util.js} Error in retrieving access token by password " + log.error("{/app/modules/util.js} Error in retrieving access token by password " +
"grant type. No username, password, encoded client credentials or scopes are " + "grant type. No username, password, encoded client app credentials or scopes are " +
"found - getAccessTokenByPasswordGrantType(a, b, c, d)"); "found - getAccessTokenByPasswordGrantType(a, b, c, d)");
return null; return null;
} else { } else {
@ -91,7 +91,7 @@ var util = function () {
var xhr = new XMLHttpRequest(); var xhr = new XMLHttpRequest();
xhr.open("POST", requestURL, false); xhr.open("POST", requestURL, false);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.setRequestHeader("Authorization", "Basic " + encodedClientCredentials); xhr.setRequestHeader("Authorization", "Basic " + encodedClientAppCredentials);
xhr.send(requestPayload); xhr.send(requestPayload);
if (xhr["status"] == 200 && xhr["responseText"]) { if (xhr["status"] == 200 && xhr["responseText"]) {
@ -108,10 +108,10 @@ var util = function () {
} }
}; };
publicMethods.getAccessTokenBySAMLGrantType = function (assertion, encodedClientCredentials, scopes) { publicMethods.getAccessTokenBySAMLGrantType = function (assertion, encodedClientAppCredentials, scopes) {
if (!assertion || !encodedClientCredentials || !scopes) { if (!assertion || !encodedClientAppCredentials || !scopes) {
log.error("{/app/modules/util.js} Error in retrieving access token by saml " + log.error("{/app/modules/util.js} Error in retrieving access token by saml " +
"grant type. No assertion, encoded client credentials or scopes are " + "grant type. No assertion, encoded client app credentials or scopes are " +
"found - getAccessTokenBySAMLGrantType(x, y, z)"); "found - getAccessTokenBySAMLGrantType(x, y, z)");
return null; return null;
} else { } else {
@ -143,7 +143,7 @@ var util = function () {
var xhr = new XMLHttpRequest(); var xhr = new XMLHttpRequest();
xhr.open("POST", requestURL, false); xhr.open("POST", requestURL, false);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.setRequestHeader("Authorization", "Basic " + encodedClientCredentials); xhr.setRequestHeader("Authorization", "Basic " + encodedClientAppCredentials);
xhr.send(requestPayload); xhr.send(requestPayload);
if (xhr["status"] == 200 && xhr["responseText"]) { if (xhr["status"] == 200 && xhr["responseText"]) {
@ -161,10 +161,10 @@ var util = function () {
} }
}; };
publicMethods.getNewAccessTokenByRefreshToken = function (refreshToken, encodedClientCredentials, scopes) { publicMethods.getNewAccessTokenByRefreshToken = function (refreshToken, encodedClientAppCredentials, scopes) {
if (!refreshToken || !encodedClientCredentials) { if (!refreshToken || !encodedClientAppCredentials) {
log.error("{/app/modules/util.js} Error in retrieving new access token by current " + log.error("{/app/modules/util.js} Error in retrieving new access token by current " +
"refresh token. No refresh token or encoded client credentials are " + "refresh token. No refresh token or encoded client app credentials are " +
"found - getNewAccessTokenByRefreshToken(x, y, z)"); "found - getNewAccessTokenByRefreshToken(x, y, z)");
return null; return null;
} else { } else {
@ -177,7 +177,7 @@ var util = function () {
var xhr = new XMLHttpRequest(); var xhr = new XMLHttpRequest();
xhr.open("POST", requestURL, false); xhr.open("POST", requestURL, false);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.setRequestHeader("Authorization", "Basic " + encodedClientCredentials); xhr.setRequestHeader("Authorization", "Basic " + encodedClientAppCredentials);
xhr.send(requestPayload); xhr.send(requestPayload);
if (xhr["status"] == 200 && xhr["responseText"]) { if (xhr["status"] == 200 && xhr["responseText"]) {
@ -194,10 +194,10 @@ var util = function () {
} }
}; };
publicMethods.getAccessTokenByJWTGrantType = function (clientCredentials) { publicMethods.getAccessTokenByJWTGrantType = function (clientAppCredentials) {
if (!clientCredentials) { if (!clientAppCredentials) {
log.error("{/app/modules/util.js} Error in retrieving new access token by current refresh " + log.error("{/app/modules/util.js} Error in retrieving new access token by current refresh token. " +
"token. No client credentials are found as input - getAccessTokenByJWTGrantType(x)"); "No client app credentials are found as input - getAccessTokenByJWTGrantType(x)");
return null; return null;
} else { } else {
var JWTClientManagerServicePackagePath = var JWTClientManagerServicePackagePath =
@ -205,15 +205,15 @@ var util = function () {
var JWTClientManagerService = carbon.server.osgiService(JWTClientManagerServicePackagePath); var JWTClientManagerService = carbon.server.osgiService(JWTClientManagerServicePackagePath);
var jwtClient = JWTClientManagerService.getJWTClient(); var jwtClient = JWTClientManagerService.getJWTClient();
// returning access token by JWT grant type // returning access token by JWT grant type
return jwtClient.getAccessToken(clientCredentials["clientId"], clientCredentials["clientSecret"], return jwtClient.getAccessToken(clientAppCredentials["clientId"], clientAppCredentials["clientSecret"],
deviceMgtProps["oauthProvider"]["appRegistration"]["owner"], null)["accessToken"]; deviceMgtProps["oauthProvider"]["appRegistration"]["owner"], null)["accessToken"];
} }
}; };
publicMethods.getTenantBasedClientAppCredentials = function (username, jwtToken) { publicMethods.getTenantBasedClientAppCredentials = function (username, jwtToken) {
if (!username || !jwtToken) { if (!username || !jwtToken) {
log.error("{/app/modules/util.js} Error in retrieving tenant based client application credentials. " + log.error("{/app/modules/util.js} Error in retrieving tenant based client app " +
"No username or jwt token is found as input - getTenantBasedClientAppCredentials(x, y)"); "credentials. No username or jwt token is found as input - getTenantBasedClientAppCredentials(x, y)");
return null; return null;
} else { } else {
var tenantDomain = carbon.server.tenantDomain({username: username}); var tenantDomain = carbon.server.tenantDomain({username: username});
@ -258,14 +258,14 @@ var util = function () {
} }
}; };
privateMethods.setCachedTenantBasedClientAppCredentials = function (tenantDomain, clientCredentials) { privateMethods.setCachedTenantBasedClientAppCredentials = function (tenantDomain, clientAppCredentials) {
var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS"]); var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS"]);
if (!cachedTenantBasedClientAppCredentialsMap) { if (!cachedTenantBasedClientAppCredentialsMap) {
cachedTenantBasedClientAppCredentialsMap = {}; cachedTenantBasedClientAppCredentialsMap = {};
cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientCredentials; cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientAppCredentials;
application.put(constants["CACHED_CREDENTIALS"], cachedTenantBasedClientAppCredentialsMap); application.put(constants["CACHED_CREDENTIALS"], cachedTenantBasedClientAppCredentialsMap);
} else if (!cachedTenantBasedClientAppCredentialsMap[tenantDomain]) { } else if (!cachedTenantBasedClientAppCredentialsMap[tenantDomain]) {
cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientCredentials; cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientAppCredentials;
} }
}; };

Loading…
Cancel
Save