Merge pull request #216 from GPrathap/master

fixed some bugs which caused while enabling SSO in IoT Server
4.x.x
Ruwan 9 years ago
commit c6fbc8f1fe

@ -20,6 +20,7 @@ var apiWrapperUtil = function () {
var module = {}; var module = {};
var tokenUtil = require("/app/modules/util.js").util; var tokenUtil = require("/app/modules/util.js").util;
var constants = require("/app/modules/constants.js"); var constants = require("/app/modules/constants.js");
var constants = require("/app/modules/constants.js");
module.refreshToken = function () { module.refreshToken = function () {
var tokenPair = session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER); var tokenPair = session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER);
@ -32,12 +33,12 @@ var apiWrapperUtil = function () {
var clientData = tokenUtil.getDyanmicCredentials(properties); var clientData = tokenUtil.getDyanmicCredentials(properties);
var encodedClientKeys = tokenUtil.encode(clientData.clientId + ":" + clientData.clientSecret); var encodedClientKeys = tokenUtil.encode(clientData.clientId + ":" + clientData.clientSecret);
session.put(constants.ENCODED_CLIENT_KEYS_IDENTIFIER, encodedClientKeys); session.put(constants.ENCODED_CLIENT_KEYS_IDENTIFIER, encodedClientKeys);
if (type == "password") { if (type == constants.GRANT_TYPE_PASSWORD) {
tokenPair = tokenPair =
tokenUtil.getTokenWithPasswordGrantType(properties.username, encodeURIComponent(properties.password), encodedClientKeys); tokenUtil.getTokenWithPasswordGrantType(properties.username, encodeURIComponent(properties.password), encodedClientKeys);
} else if (type == "saml") { } else if (type == constants.GRANT_TYPE_SAML) {
tokenPair = tokenUtil. tokenPair = tokenUtil.
getTokenWithSAMLGrantType(properties.samlToken, encodedClientKeys, "PRODUCTION"); getTokenWithSAMLGrantType(properties.samlToken, encodedClientKeys, "PRODUCTION");
} }
session.put(constants.ACCESS_TOKEN_PAIR_IDENTIFIER, tokenPair); session.put(constants.ACCESS_TOKEN_PAIR_IDENTIFIER, tokenPair);
}; };

@ -48,8 +48,8 @@ var LANGUAGE_US = "en_US";
var VENDOR_APPLE = "Apple"; var VENDOR_APPLE = "Apple";
var ERRORS = { var ERRORS = {
"USER_NOT_FOUND": "USER_NOT_FOUND" "USER_NOT_FOUND": "USER_NOT_FOUND"
}; };
var USER_STORES_NOISY_CHAR = "\""; var USER_STORES_NOISY_CHAR = "\"";
var USER_STORES_SPLITTING_CHAR = "\\n"; var USER_STORES_SPLITTING_CHAR = "\\n";
@ -70,6 +70,9 @@ var HTTP_POST = "POST";
var HTTP_PUT = "PUT"; var HTTP_PUT = "PUT";
var HTTP_DELETE = "DELETE"; var HTTP_DELETE = "DELETE";
var GRANT_TYPE_PASSWORD = "password";
var GRANT_TYPE_SAML = "saml";
var MQTT_QUEUE_CONFIG_NAME = "MQTT"; var MQTT_QUEUE_CONFIG_NAME = "MQTT";
var HTTP_CONFLICT = 409; var HTTP_CONFLICT = 409;

@ -20,13 +20,19 @@ var onSuccess;
var onFail; var onFail;
(function () { (function () {
var log = new Log("api/user-api.jag"); var log = new Log("/app/modules/login.js");
var constants = require("/app/modules/constants.js");
onSuccess = function (context) { onSuccess = function (context) {
var properties;
var utility = require("/app/modules/utility.js").utility; var utility = require("/app/modules/utility.js").utility;
var apiWrapperUtil = require("/app/modules/api-wrapper-util.js").apiWrapperUtil; var apiWrapperUtil = require("/app/modules/api-wrapper-util.js").apiWrapperUtil;
var properties = {username: context.input.username, password: context.input.password}; if(context.input.samlToken){
apiWrapperUtil.setupAccessTokenPair("password", properties); properties = {samlToken: context.input.samlToken};
apiWrapperUtil.setupAccessTokenPair(constants.GRANT_TYPE_SAML, properties);
}else{
properties = {username: context.input.username, password: context.input.password};
apiWrapperUtil.setupAccessTokenPair(constants.GRANT_TYPE_PASSWORD, properties);
}
}; };
onFail = function (error) { onFail = function (error) {

@ -17,6 +17,7 @@
*/ */
var util = function () { var util = function () {
var log = new Log("/app/modules/util.js");
var module = {}; var module = {};
var Base64 = Packages.org.apache.commons.codec.binary.Base64; var Base64 = Packages.org.apache.commons.codec.binary.Base64;
var String = Packages.java.lang.String; var String = Packages.java.lang.String;
@ -123,7 +124,7 @@ var util = function () {
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.setRequestHeader("Authorization", "Basic " + clientKeys); xhr.setRequestHeader("Authorization", "Basic " + clientKeys);
xhr.send("grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion=" + xhr.send("grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion=" +
encodeURIComponent(encodedExtractedAssertion) + "&scope=" + "PRODUCTION"); encodeURIComponent(encodedExtractedAssertion) + "&scope=" + "PRODUCTION");
var tokenPair = {}; var tokenPair = {};
if (xhr.status == 200) { if (xhr.status == 200) {
var data = parse(xhr.responseText); var data = parse(xhr.responseText);

@ -56,7 +56,7 @@ var module = {};
cachedAuthModuleConfigs = authModuleConfigs; cachedAuthModuleConfigs = authModuleConfigs;
} else { } else {
log.error("Cannot find User module configurations in application configuration file '" log.error("Cannot find User module configurations in application configuration file '"
+ constants.FILE_APP_CONF + "'."); + constants.FILE_APP_CONF + "'.");
cachedAuthModuleConfigs = {}; cachedAuthModuleConfigs = {};
} }
return cachedAuthModuleConfigs; return cachedAuthModuleConfigs;
@ -85,7 +85,7 @@ var module = {};
return (rv) ? rv : {}; return (rv) ? rv : {};
} else { } else {
log.error("Cannot find login configurations in Auth module configurations in " log.error("Cannot find login configurations in Auth module configurations in "
+ "application configuration file '" + constants.FILE_APP_CONF + "'."); + "application configuration file '" + constants.FILE_APP_CONF + "'.");
return {}; return {};
} }
} }
@ -113,7 +113,7 @@ var module = {};
return (rv) ? rv : {}; return (rv) ? rv : {};
} else { } else {
log.error("Cannot find logout configurations in Auth module configurations in " log.error("Cannot find logout configurations in Auth module configurations in "
+ "application configuration file '" + constants.FILE_APP_CONF + "'."); + "application configuration file '" + constants.FILE_APP_CONF + "'.");
return {}; return {};
} }
} }
@ -133,7 +133,7 @@ var module = {};
cachedSsoConfigs = ssoConfigs; cachedSsoConfigs = ssoConfigs;
} else { } else {
log.error("Cannot find SSO configurations in Auth module configurations in application " log.error("Cannot find SSO configurations in Auth module configurations in application "
+ "configuration file '" + constants.FILE_APP_CONF + "'."); + "configuration file '" + constants.FILE_APP_CONF + "'.");
cachedSsoConfigs = {}; cachedSsoConfigs = {};
} }
return cachedSsoConfigs; return cachedSsoConfigs;
@ -156,13 +156,13 @@ var module = {};
if (operation == OPERATION_LOGIN) { if (operation == OPERATION_LOGIN) {
configs = getLoginConfigurations(event); configs = getLoginConfigurations(event);
pageFullName = (event == EVENT_SUCCESS) ? pageFullName = (event == EVENT_SUCCESS) ?
configs[constants.APP_CONF_AUTH_MODULE_LOGIN_ON_SUCCESS_PAGE] : configs[constants.APP_CONF_AUTH_MODULE_LOGIN_ON_SUCCESS_PAGE] :
configs[constants.APP_CONF_AUTH_MODULE_LOGIN_ON_FAIL_PAGE]; configs[constants.APP_CONF_AUTH_MODULE_LOGIN_ON_FAIL_PAGE];
} else { } else {
configs = getLogoutConfigurations(event); configs = getLogoutConfigurations(event);
pageFullName = (event == EVENT_SUCCESS) ? pageFullName = (event == EVENT_SUCCESS) ?
configs[constants.APP_CONF_AUTH_MODULE_LOGOUT_ON_SUCCESS_PAGE] : configs[constants.APP_CONF_AUTH_MODULE_LOGOUT_ON_SUCCESS_PAGE] :
configs[constants.APP_CONF_AUTH_MODULE_LOGOUT_ON_FAIL_PAGE]; configs[constants.APP_CONF_AUTH_MODULE_LOGOUT_ON_FAIL_PAGE];
} }
if (pageFullName) { if (pageFullName) {
@ -173,13 +173,13 @@ var module = {};
return page.definition[constants.PAGE_DEFINITION_URI]; return page.definition[constants.PAGE_DEFINITION_URI];
} }
log.warn("Page '" + pageFullName + "' mentioned in Auth module configurations in " log.warn("Page '" + pageFullName + "' mentioned in Auth module configurations in "
+ "application configuration file '" + constants.FILE_APP_CONF + "application configuration file '" + constants.FILE_APP_CONF
+ "' is disabled."); + "' is disabled.");
} else { } else {
log.error("Page '" + pageFullName + "' mentioned in Auth module configurations in " log.error("Page '" + pageFullName + "' mentioned in Auth module configurations in "
+ "application configuration file '" + constants.FILE_APP_CONF + "application configuration file '" + constants.FILE_APP_CONF
+ "' does not exists."); + "' does not exists.");
} }
} }
return "/"; return "/";
@ -207,13 +207,13 @@ var module = {};
if (operation == OPERATION_LOGIN) { if (operation == OPERATION_LOGIN) {
configs = getLoginConfigurations(event); configs = getLoginConfigurations(event);
scriptFilePath = (event == EVENT_SUCCESS) ? scriptFilePath = (event == EVENT_SUCCESS) ?
configs[constants.APP_CONF_AUTH_MODULE_LOGIN_ON_SUCCESS_SCRIPT] : configs[constants.APP_CONF_AUTH_MODULE_LOGIN_ON_SUCCESS_SCRIPT] :
configs[constants.APP_CONF_AUTH_MODULE_LOGIN_ON_FAIL_SCRIPT]; configs[constants.APP_CONF_AUTH_MODULE_LOGIN_ON_FAIL_SCRIPT];
} else { } else {
configs = getLogoutConfigurations(event); configs = getLogoutConfigurations(event);
scriptFilePath = (event == EVENT_SUCCESS) ? scriptFilePath = (event == EVENT_SUCCESS) ?
configs[constants.APP_CONF_AUTH_MODULE_LOGOUT_ON_SUCCESS_SCRIPT] : configs[constants.APP_CONF_AUTH_MODULE_LOGOUT_ON_SUCCESS_SCRIPT] :
configs[constants.APP_CONF_AUTH_MODULE_LOGOUT_ON_FAIL_SCRIPT]; configs[constants.APP_CONF_AUTH_MODULE_LOGOUT_ON_FAIL_SCRIPT];
} }
if (!scriptFilePath || (scriptFilePath.length == 0)) { if (!scriptFilePath || (scriptFilePath.length == 0)) {
@ -222,8 +222,8 @@ var module = {};
var scriptFile = new File(scriptFilePath); var scriptFile = new File(scriptFilePath);
if (!scriptFile.isExists() || scriptFile.isDirectory()) { if (!scriptFile.isExists() || scriptFile.isDirectory()) {
log.error("Script '" + scriptFilePath + "' mentioned in Auth module configurations in " log.error("Script '" + scriptFilePath + "' mentioned in Auth module configurations in "
+ "application configuration file '" + constants.FILE_APP_CONF + "application configuration file '" + constants.FILE_APP_CONF
+ "' does not exists."); + "' does not exists.");
return true; return true;
} }
@ -265,7 +265,7 @@ var module = {};
} else { } else {
// event == EVENT_FAIL // event == EVENT_FAIL
redirectUri = getRedirectUri(operation, EVENT_FAIL) + "?error=" + scriptArgument.message redirectUri = getRedirectUri(operation, EVENT_FAIL) + "?error=" + scriptArgument.message
+ "&" + constants.URL_PARAM_REFERER + "=" + getRelayState(operation); + "&" + constants.URL_PARAM_REFERER + "=" + getRelayState(operation);
} }
response.sendRedirect(encodeURI(module.getAppContext() + redirectUri)); response.sendRedirect(encodeURI(module.getAppContext() + redirectUri));
} }
@ -276,8 +276,8 @@ var module = {};
var identityProviderUrl = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_PROVIDER_URL]; var identityProviderUrl = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_PROVIDER_URL];
if (!identityProviderUrl || (identityProviderUrl.length == 0)) { if (!identityProviderUrl || (identityProviderUrl.length == 0)) {
var msg = "Identity Provider URL is not given in SSO configurations in Auth module " var msg = "Identity Provider URL is not given in SSO configurations in Auth module "
+ "configurations in application configuration file '" + "configurations in application configuration file '"
+ constants.FILE_APP_CONF + "'."; + constants.FILE_APP_CONF + "'.";
log.error(msg); log.error(msg);
response.sendError(500, msg); response.sendError(500, msg);
return null; return null;
@ -286,7 +286,7 @@ var module = {};
var issuer = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_ISSUER]; var issuer = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_ISSUER];
if (!issuer || (issuer.length == 0)) { if (!issuer || (issuer.length == 0)) {
var msg = "Issuer is not given in SSO configurations in Auth module configurations in " var msg = "Issuer is not given in SSO configurations in Auth module configurations in "
+ "application configuration file '" + constants.FILE_APP_CONF + "'."; + "application configuration file '" + constants.FILE_APP_CONF + "'.";
log.error(msg); log.error(msg);
response.sendError(500, msg); response.sendError(500, msg);
return null; return null;
@ -316,8 +316,8 @@ var module = {};
var identityProviderUrl = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_PROVIDER_URL]; var identityProviderUrl = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_PROVIDER_URL];
if (!identityProviderUrl || (identityProviderUrl.length == 0)) { if (!identityProviderUrl || (identityProviderUrl.length == 0)) {
var msg = "Identity Provider URL is not given in SSO configurations in Auth module " var msg = "Identity Provider URL is not given in SSO configurations in Auth module "
+ "configurations in application configuration file '" + "configurations in application configuration file '"
+ constants.FILE_APP_CONF + "'."; + constants.FILE_APP_CONF + "'.";
log.error(msg); log.error(msg);
response.sendError(500, msg); response.sendError(500, msg);
return null; return null;
@ -331,7 +331,7 @@ var module = {};
var issuer = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_ISSUER]; var issuer = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_ISSUER];
if (!issuer || (issuer.length == 0)) { if (!issuer || (issuer.length == 0)) {
var msg = "Issuer is not given in SSO configurations in Auth module configurations in " var msg = "Issuer is not given in SSO configurations in Auth module configurations in "
+ "application configuration file '" + constants.FILE_APP_CONF + "'."; + "application configuration file '" + constants.FILE_APP_CONF + "'.";
log.error(msg); log.error(msg);
response.sendError(500, msg); response.sendError(500, msg);
return null; return null;
@ -341,10 +341,10 @@ var module = {};
try { try {
var ssoClient = require("sso").client; var ssoClient = require("sso").client;
encodedSAMLAuthRequest = ssoClient.getEncodedSAMLLogoutRequest(username, encodedSAMLAuthRequest = ssoClient.getEncodedSAMLLogoutRequest(username,
ssoSessionIndex, issuer); ssoSessionIndex, issuer);
} catch (e) { } catch (e) {
log.error("Cannot create SAML logout authorization token for user '" + username log.error("Cannot create SAML logout authorization token for user '" + username
+ "' with issuer '" + issuer + "'."); + "' with issuer '" + issuer + "'.");
log.error(e.message, e); log.error(e.message, e);
response.sendError(500, e.message); response.sendError(500, e.message);
return null; return null;
@ -446,17 +446,17 @@ var module = {};
intermediatePage = utils.getFurthestChild(intermediatePage); intermediatePage = utils.getFurthestChild(intermediatePage);
if (!intermediatePage.disabled) { if (!intermediatePage.disabled) {
renderer.renderUiComponent(intermediatePage, requestParams, renderingContext, renderer.renderUiComponent(intermediatePage, requestParams, renderingContext,
lookupTable, response); lookupTable, response);
return; return;
} }
log.warn("Intermediate page '" + intermediatePageName + " mentioned in Auth module " log.warn("Intermediate page '" + intermediatePageName + " mentioned in Auth module "
+ "configurations in application configuration file '" + "configurations in application configuration file '"
+ constants.FILE_APP_CONF + "' is disabled."); + constants.FILE_APP_CONF + "' is disabled.");
} else { } else {
log.error("Intermediate page '" + intermediatePageName log.error("Intermediate page '" + intermediatePageName
+ " mentioned in Auth module " + " mentioned in Auth module "
+ "configurations in application configuration file '" + "configurations in application configuration file '"
+ constants.FILE_APP_CONF + "' does not exists."); + constants.FILE_APP_CONF + "' does not exists.");
} }
} }
@ -528,13 +528,13 @@ var module = {};
* string}} * string}}
*/ */
var ssoSession = ssoClient.decodeSAMLLoginResponse(samlResponseObj, samlResponse, var ssoSession = ssoClient.decodeSAMLLoginResponse(samlResponseObj, samlResponse,
session.getId()); session.getId());
if (ssoSession.sessionId) { if (ssoSession.sessionId) {
var ssoSessions = getSsoSessions(); var ssoSessions = getSsoSessions();
ssoSessions[ssoSession.sessionId] = ssoSession; ssoSessions[ssoSession.sessionId] = ssoSession;
var carbonUser = (require("carbon")).server.tenantUser(ssoSession.loggedInUser); var carbonUser = (require("carbon")).server.tenantUser(ssoSession.loggedInUser);
utils.setCurrentUser(carbonUser.username, carbonUser.domain, carbonUser.tenantId); utils.setCurrentUser(carbonUser.username, carbonUser.domain, carbonUser.tenantId);
var scriptArgument = {input: {}, user: module.getCurrentUser()}; var scriptArgument = {input: {samlToken: ssoSession.samlToken}, user: module.getCurrentUser()};
handleEvent(OPERATION_LOGIN, EVENT_SUCCESS, scriptArgument); handleEvent(OPERATION_LOGIN, EVENT_SUCCESS, scriptArgument);
} else { } else {
var msg = "Cannot decode SAML login response."; var msg = "Cannot decode SAML login response.";

Loading…
Cancel
Save