From 2efdc301774b36d9b80a80d7e759d8a58dac6644 Mon Sep 17 00:00:00 2001 From: dilanua Date: Fri, 29 Jul 2016 14:44:16 +0530 Subject: [PATCH] Refactoring OAuth utilities at UI Layer --- .../devicemgt/api/data-tables-invoker-api.jag | 2 +- .../jaggeryapps/devicemgt/api/device-api.jag | 2 +- .../jaggeryapps/devicemgt/api/group-api.jag | 2 +- .../jaggeryapps/devicemgt/api/invoker-api.jag | 6 +- .../devicemgt/api/operation-api.jag | 2 +- .../jaggeryapps/devicemgt/api/token.jag | 2 +- .../jaggeryapps/devicemgt/api/user-api.jag | 2 +- .../devicemgt/app/conf/config.json | 153 ++++--- .../devicemgt/app/modules/device.js | 2 +- .../devicemgt/app/modules/group.js | 2 +- .../app/modules/invoker-request-wrapper.js | 2 +- .../devicemgt/app/modules/login.js | 2 +- .../devicemgt/app/modules/operation.js | 2 +- .../devicemgt/app/modules/policy.js | 2 +- ...{api-wrapper-util.js => token-handlers.js} | 22 +- ...js => token-protected-service-invokers.js} | 4 +- .../jaggeryapps/devicemgt/app/modules/user.js | 2 +- .../jaggeryapps/devicemgt/app/modules/util.js | 403 ++++++++++-------- 18 files changed, 347 insertions(+), 267 deletions(-) rename components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/{api-wrapper-util.js => token-handlers.js} (91%) rename components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/{backend-service-invoker.js => token-protected-service-invokers.js} (99%) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/data-tables-invoker-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/data-tables-invoker-api.jag index e52746e9df..59c142ff2c 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/data-tables-invoker-api.jag +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/data-tables-invoker-api.jag @@ -23,7 +23,7 @@ var uri = request.getRequestURI(); var uriMatcher = new URIMatcher(String(uri)); var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; -var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"]; +var serviceInvokers = require("/app/modules/token-protected-service-invokers.js")["invokers"]; function appendQueryParam (url, queryParam , value) { if (url.indexOf("?") > 0) { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/device-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/device-api.jag index 1a163d76e4..a1d496f174 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/device-api.jag +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/device-api.jag @@ -26,7 +26,7 @@ var deviceModule = require("/app/modules/device.js").deviceModule; var utility = require("/app/modules/utility.js").utility; var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; var userModule = require("/app/modules/user.js").userModule; -var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"]; +var serviceInvokers = require("/app/modules/token-protected-service-invokers.js")["invokers"]; var user = session.get(constants.USER_SESSION_KEY); var result; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/group-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/group-api.jag index d5f9bb2628..46ac2913f5 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/group-api.jag +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/group-api.jag @@ -24,7 +24,7 @@ var log = new Log("api/device-api.jag"); var constants = require("/app/modules/constants.js"); var utility = require("/app/modules/utility.js").utility; var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; -var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"]; +var serviceInvokers = require("/app/modules/token-protected-service-invokers.js")["invokers"]; var user = session.get(constants.USER_SESSION_KEY); var result; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/invoker-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/invoker-api.jag index 6fa133523e..29da7a76b9 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/invoker-api.jag +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/invoker-api.jag @@ -24,7 +24,7 @@ var uriMatcher = new URIMatcher(String(uri)); var constants = require("/app/modules/constants.js"); var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; -var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"]; +var serviceInvokers = require("/app/modules/token-protected-service-invokers.js")["invokers"]; if (uriMatcher.match("/{context}/api/invoker/execute/")) { var restAPIRequestDetails = request.getContent(); @@ -97,8 +97,8 @@ if (uriMatcher.match("/{context}/api/invoker/execute/")) { break; } } catch (e) { - log.error("Exception occurred while trying to access backend " + - "REST API services from Jaggery API invoker layer", e); + throw new Error("Exception occurred while trying to access " + + "backend REST API services from Jaggery API invoker layer", e); } } %> diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/operation-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/operation-api.jag index 46b4595b66..a08a662588 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/operation-api.jag +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/operation-api.jag @@ -22,7 +22,7 @@ var uriMatcher = new URIMatcher(String(uri)); var log = new Log("api/operation-api.jag"); -var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"]; +var serviceInvokers = require("/app/modules/token-protected-service-invokers.js")["invokers"]; var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; if (uriMatcher.match("/{context}/api/operation/paginate")) { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/token.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/token.jag index 45210346bb..557d4f5a77 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/token.jag +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/token.jag @@ -21,7 +21,7 @@ @Deprecated - new */ -// var apiWrapperUtil = require("/app/modules/api-wrapper-util.js")["handlers"]; +// var apiWrapperUtil = require("/app/modules/token-handlers.js")["handlers"]; // var tokenCookie = apiWrapperUtil.refreshToken(); // print(tokenCookie); %> \ No newline at end of file diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/user-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/user-api.jag index cab3d3a32f..a797c2f3fa 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/user-api.jag +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/user-api.jag @@ -27,7 +27,7 @@ var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; var userModule = require("/app/modules/user.js").userModule; var deviceModule = require("/app/modules/device.js").deviceModule; var utility = require("/app/modules/utility.js").utility; -var apiWrapperUtil = require("/app/modules/api-wrapper-util.js")["handlers"]; +var apiWrapperUtil = require("/app/modules/token-handlers.js")["handlers"]; var util = require("/app/modules/util.js").util; var responseProcessor = require('utils').response; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json index 8c732e33cd..ad95aa01d6 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json @@ -1,68 +1,89 @@ { - "appContext" : "/devicemgt/", - "webAgentContext" : "/devicemgt-web-agent/", - "apiContext" : "api", - "httpsURL" : "https://localhost:8243", - "httpURL" : "%http.ip%", - "httpsWebURL" : "%https.ip%", - "wssURL" : "%https.ip%", - "wsURL" : "%http.ip%", - "dashboardserverURL" : "%https.ip%", - "enrollmentDir": "/emm-web-agent/enrollment", - "iOSConfigRoot" : "%https.ip%/ios-enrollment/", - "iOSAPIRoot" : "%https.ip%/ios/", - "dynamicClientRegistrationEndPoint" : "https://localhost:8243/dynamic-client-web/register/", - "adminService":"%https.ip%", - "idPServer":"https://localhost:8243", - "callBackUrl":"%https.ip%/devicemgt_admin", - "adminUser":"admin@carbon.super", - "adminRole":"admin", - "usernameLength":30, - "ssoConfiguration" : { - "enabled" : false, - "issuer" : "devicemgt", - "appName" : "devicemgt", - "identityProviderURL" : "%https.ip%/sso/samlsso.jag", - "responseSigningEnabled" : "true", - "keyStorePassword" : "wso2carbon", - "identityAlias" : "wso2carbon", - "keyStoreName" : "/repository/resources/security/wso2carbon.jks" - }, - "userValidationConfig" : { - "usernameJSRegEx" : "^[\\S]{3,30}$", - "usernameRegExViolationErrorMsg" : "Provided username is invalid.", - "usernameHelpMsg" : "Should be in minimum 3 characters long and do not include any whitespaces.", - "firstnameJSRegEx" : "^[\\S]{3,30}$", - "firstnameRegExViolationErrorMsg" : "Provided first name is invalid.", - "lastnameJSRegEx" : "^[\\S]{3,30}$", - "lastnameRegExViolationErrorMsg" : "Provided last name is invalid.", - "emailJSRegEx" : "/^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/", - "emailRegExViolationErrorMsg" : "Provided email is invalid." - }, - "groupValidationConfig": { - "groupNameJSRegEx": "^[\\S]{3,30}$", - "groupNameRegExViolationErrorMsg": "Provided group name is invalid.", - "groupNameHelpMsg": "Should be in minimum 3 characters long and should not include any whitespaces." - }, - "roleValidationConfig" : { - "rolenameJSRegEx" : "^[\\S]{3,30}$", - "rolenameRegExViolationErrorMsg" : "Provided role name is invalid.", - "rolenameHelpMsg" : "should be in minimum 3 characters long and do not include any whitespaces." - }, - "generalConfig" : { - "host" : "https://localhost:9443", - "companyName" : "WSO2 Carbon Device Manager", - "browserTitle" : "WSO2 Device Manager", - "copyrightPrefix" : "\u00A9 %date-year%, ", - "copyrightOwner" : "WSO2 Inc.", - "copyrightOwnersSite" : "http://www.wso2.org", - "copyrightSuffix" : " All Rights Reserved." - }, - "scopes" : ["license-add", "license-view", "device-view", "device-info", "device-list", "device-view-own", - "device-modify", "device-search", "operation-install", "operation-view", "operation-modify", "operation-uninstall", - "group-add", "group-share", "group-modify", "group-view", "group-remove", "certificate-modify", "certificate-view", - "configuration-view", "configuration-modify", "policy-view", "policy-modify", "device-notification-view", - "device-notification-modify", "feature-view", "arduino_device", "arduino_user", " android_sense_user", - "virtual_firealarm_user", "raspberrypi_user", "roles-view", "roles-modify", "roles-remove", "roles-add", - "user-password-reset", "user-password-modify", "user-modify", "user-view", "user-invite", "user-remove", "user-add"] + "appContext": "/emm/", + "webAgentContext" : "/emm-web-agent/", + "apiContext": "api", + "httpsURL" : "%https.ip%", + "httpURL" : "%http.ip%", + "httpsWebURL" : "%https.ip%", + "wssURL" : "%https.ip%", + "wsURL" : "%http.ip%", + "dashboardServerURL" : "%https.ip%", + "enrollmentDir": "/emm-web-agent/enrollment", + "iOSConfigRoot" : "%https.ip%/ios-enrollment/", + "iOSAPIRoot" : "%https.ip%/ios/", + "adminService": "%https.ip%", + "oauthProvider": { + "appRegistration": { + "appType": "webapp", + "clientName": "emm", + "owner": "admin@carbon.super", + "dynamicClientAppRegistrationServiceURL": "%https.ip%/dynamic-client-web/register", + "apiManagerClientAppRegistrationServiceURL": "%https.ip%/api-application-registration/register/tenants", + "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer", + "tokenScope": "admin", + "callbackUrl": "%https.ip%/api/device-mgt/v1.0" + }, + "tokenServiceURL": "%https.ip%/oauth2/token" + }, + "adminUser":"admin@carbon.super", + "adminRole":"admin", + "usernameLength":30, + "pageSize":10, + "ssoConfiguration" : { + "enabled" : false, + "issuer" : "devicemgt", + "appName" : "devicemgt", + "identityProviderURL" : "%https.ip%/sso/samlsso.jag", + "responseSigningEnabled" : "true", + "keyStorePassword" : "wso2carbon", + "identityAlias" : "wso2carbon", + "keyStoreName" : "/repository/resources/security/wso2carbon.jks" + }, + "userValidationConfig" : { + "usernameJSRegEx" : "^[\\S]{3,30}$", + "usernameRegExViolationErrorMsg" : "Provided username is invalid.", + "usernameHelpMsg" : "Should be in minimum 3 characters long and do not include any whitespaces.", + "firstnameJSRegEx" : "^[\\S]{3,30}$", + "firstnameRegExViolationErrorMsg" : "Provided first name is invalid.", + "lastnameJSRegEx" : "^[\\S]{3,30}$", + "lastnameRegExViolationErrorMsg" : "Provided last name is invalid.", + "emailJSRegEx" : "/^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/", + "emailRegExViolationErrorMsg" : "Provided email is invalid." + }, + "groupValidationConfig": { + "groupNameJSRegEx": "^[\\S]{3,30}$", + "groupNameRegExViolationErrorMsg": "Provided group name is invalid.", + "groupNameHelpMsg": "Should be in minimum 3 characters long and should not include any whitespaces." + }, + "roleValidationConfig" : { + "roleNameJSRegEx" : "^[\\S]{3,30}$", + "roleNameRegExViolationErrorMsg" : "Provided role name is invalid.", + "roleNameHelpMsg" : "should be in minimum 3 characters long and do not include any whitespaces." + }, + "generalConfig" : { + "host" : "https://localhost:9443", + "companyName" : "WSO2 Carbon Device Manager", + "browserTitle" : "WSO2 Device Manager", + "copyrightPrefix" : "\u00A9 %date-year%, ", + "copyrightOwner" : "WSO2 Inc.", + "copyrightOwnersSite" : "http://www.wso2.org", + "copyrightSuffix" : " All Rights Reserved." + }, + "scopes" : [ + "license-add", "license-view", "device-view", + "device-info", "device-list", "device-view-own", "device-modify", "device-search", + "operation-install", "operation-view", "operation-modify", "operation-uninstall", + "group-add", "group-share", "group-modify", "group-view", "group-remove", + "certificate-modify", "certificate-view", + "configuration-view", "configuration-modify", + "policy-view", "policy-modify", + "device-notification-view", "device-notification-modify", + "feature-view", + "roles-view", "roles-modify", "roles-remove", "roles-add", + "user-password-reset", "user-password-modify", "user-modify", "user-view", "user-invite", "user-remove", "user-add" + ], + "isOAuthEnabled" : true, + "backendRestEndpoints" : { + "deviceMgt" : "/api/device-mgt/v1.0" + } } \ No newline at end of file diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/device.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/device.js index 464093343d..d6f24bd913 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/device.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/device.js @@ -23,7 +23,7 @@ deviceModule = function () { var utility = require('/app/modules/utility.js').utility; var constants = require('/app/modules/constants.js'); var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; - var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"]; + var serviceInvokers = require("/app/modules/token-protected-service-invokers.js")["invokers"]; var ArrayList = Packages.java.util.ArrayList; var Properties = Packages.java.util.Properties; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/group.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/group.js index 61bfe9f4b7..06b8dcbf3d 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/group.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/group.js @@ -24,7 +24,7 @@ var groupModule = {}; var constants = require('/app/modules/constants.js'); var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; var utility = require("/app/modules/utility.js").utility; - var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"]; + var serviceInvokers = require("/app/modules/token-protected-service-invokers.js")["invokers"]; var groupServiceEndpoint = devicemgtProps["httpsURL"] + constants.ADMIN_SERVICE_CONTEXT + "/groups"; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/invoker-request-wrapper.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/invoker-request-wrapper.js index d191b1868d..cc88752ada 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/invoker-request-wrapper.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/invoker-request-wrapper.js @@ -26,7 +26,7 @@ //var invokerRequestWrapper = function () { // // var constants = require("/modules/constants.js"); -// var serviceInvokers = require("/modules/backend-service-invoker.js").backendServiceInvoker; +// var serviceInvokers = require("/modules/token-protected-service-invokers.js").backendServiceInvoker; // // var publicWrappers = []; // diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js index 429a6b9c1c..d282333644 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js @@ -24,7 +24,7 @@ var onFail; var constants = require("/app/modules/constants.js"); onSuccess = function (context) { var utility = require("/app/modules/utility.js").utility; - var apiWrapperUtil = require("/app/modules/api-wrapper-util.js")["handlers"]; + var apiWrapperUtil = require("/app/modules/token-handlers.js")["handlers"]; if (context.input.samlToken) { apiWrapperUtil.setupAccessTokenPairBySamlGrantType(context.input.username, context.input.samlToken); } else { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/operation.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/operation.js index 981a58f5ce..dac693543b 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/operation.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/operation.js @@ -21,7 +21,7 @@ var operationModule = function () { var utility = require('/app/modules/utility.js').utility; var constants = require('/app/modules/constants.js'); var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; - var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"];; + var serviceInvokers = require("/app/modules/token-protected-service-invokers.js")["invokers"];; var publicMethods = {}; var privateMethods = {}; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/policy.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/policy.js index a46ce90b7c..60e53b3ae3 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/policy.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/policy.js @@ -26,7 +26,7 @@ policyModule = function () { var constants = require('/app/modules/constants.js'); var utility = require("/app/modules/utility.js")["utility"]; var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; - var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"]; + var serviceInvokers = require("/app/modules/token-protected-service-invokers.js")["invokers"]; var publicMethods = {}; var privateMethods = {}; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/api-wrapper-util.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/token-handlers.js similarity index 91% rename from components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/api-wrapper-util.js rename to components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/token-handlers.js index 02df5fb3a1..8883cd6eed 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/api-wrapper-util.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/token-handlers.js @@ -17,11 +17,10 @@ */ /** - * ---------------------------------------------------------------------------- - * Following module includes invokers - * at Jaggery Layer for calling Backend Services, protected by OAuth Tokens. - * These Services include both REST and SOAP Services. - * ---------------------------------------------------------------------------- + * ----------------------------------------------------- + * Following module includes handlers + * at Jaggery Layer for handling OAuth tokens. + * ----------------------------------------------------- */ var handlers = function () { var log = new Log("/app/modules/token-handlers.js"); @@ -39,19 +38,20 @@ var handlers = function () { "client credentials to session context. No username is found as " + "input - setUpEncodedTenantBasedClientCredentials(x)"); } else { - var dynamicClientCredentials = tokenUtil.getDynamicClientCredentials(); + var dynamicClientCredentials = tokenUtil.getDynamicClientAppCredentials(); if (!dynamicClientCredentials) { throw new Error("{/app/modules/token-handlers.js} Could not set up encoded tenant based " + "client credentials to session context as the server is unable to obtain " + "dynamic client credentials - setUpEncodedTenantBasedClientCredentials(x)"); } else { - var jwtToken = tokenUtil.getTokenWithJWTGrantType(dynamicClientCredentials); + var jwtToken = tokenUtil.getAccessTokenByJWTGrantType(dynamicClientCredentials); if (!jwtToken) { throw new Error("{/app/modules/token-handlers.js} Could not set up encoded tenant based " + "client credentials to session context as the server is unable to obtain " + "a jwt token - setUpEncodedTenantBasedClientCredentials(x)"); } else { - var tenantBasedClientCredentials = tokenUtil.getTenantBasedAppCredentials(username, jwtToken); + var tenantBasedClientCredentials = tokenUtil. + getTenantBasedClientAppCredentials(username, jwtToken); if (!tenantBasedClientCredentials) { throw new Error("{/app/modules/token-handlers.js} Could not set up encoded tenant " + "based client credentials to session context as the server is unable " + @@ -89,7 +89,7 @@ var handlers = function () { stringOfScopes += entry + " "; }); accessTokenPair = tokenUtil. - getTokenWithPasswordGrantType(username, + getAccessTokenByPasswordGrantType(username, encodeURIComponent(password), encodedClientCredentials, stringOfScopes); if (!accessTokenPair) { throw new Error("{/app/modules/token-handlers.js} Could not set up access " + @@ -119,7 +119,7 @@ var handlers = function () { var accessTokenPair; // accessTokenPair will include current access token as well as current refresh token accessTokenPair = tokenUtil. - getTokenWithSAMLGrantType(samlToken, encodedClientCredentials, "PRODUCTION"); + getAccessTokenBySAMLGrantType(samlToken, encodedClientCredentials, "PRODUCTION"); if (!accessTokenPair) { throw new Error("{/app/modules/token-handlers.js} Could not set up access token " + "pair by password grant type. Error in token " + @@ -141,7 +141,7 @@ var handlers = function () { "token pair, encoded client credentials or both input are not found under " + "session context - refreshToken()"); } else { - var newAccessTokenPair = tokenUtil.refreshToken(accessTokenPair, encodedClientCredentials); + var newAccessTokenPair = tokenUtil.refreshToken(accessTokenPair["refreshToken"], encodedClientCredentials); if (!newAccessTokenPair) { log.error("{/app/modules/token-handlers.js} Error in refreshing tokens. Unable to update " + "session context with new access token pair - refreshToken()"); diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/backend-service-invoker.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/token-protected-service-invokers.js similarity index 99% rename from components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/backend-service-invoker.js rename to components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/token-protected-service-invokers.js index 5fd0277d5d..f4688327c7 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/backend-service-invoker.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/token-protected-service-invokers.js @@ -24,7 +24,7 @@ * ---------------------------------------------------------------------------- */ var invokers = function () { - var log = new Log("/app/modules/backend-service-invoker.js"); + var log = new Log("/app/modules/token-protected-service-invokers.js"); var publicXMLHTTPInvokers = {}; var publicHTTPClientInvokers = {}; @@ -38,7 +38,7 @@ var invokers = function () { var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; var constants = require("/app/modules/constants.js"); var userModule = require("/app/modules/user.js")["userModule"]; - var tokenUtil = require("/app/modules/api-wrapper-util.js")["handlers"]; + var tokenUtil = require("/app/modules/token-handlers.js")["handlers"]; /** * This method reads the token pair from the session and return the access token. diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/user.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/user.js index b2c840aae8..0cf67c3213 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/user.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/user.js @@ -25,7 +25,7 @@ var userModule = function () { var constants = require("/app/modules/constants.js"); var utility = require("/app/modules/utility.js")["utility"]; var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; - var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"]; + var serviceInvokers = require("/app/modules/token-protected-service-invokers.js")["invokers"]; /* Initializing user manager */ var carbon = require("carbon"); diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/util.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/util.js index d1afc795d3..f9b6bb77b7 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/util.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/util.js @@ -1,226 +1,285 @@ /* - * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ var util = function () { var log = new Log("/app/modules/util.js"); - var module = {}; + + var privateMethods = {}; + var publicMethods = {}; + var Base64 = Packages.org.apache.commons.codec.binary.Base64; var String = Packages.java.lang.String; - var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; - var carbon = require('carbon'); + var deviceMgtProps = require("/app/conf/reader/main.js")["conf"]; + + var adminUser = deviceMgtProps["adminUser"]; + var constants = require("/app/modules/constants.js"); - var adminUser = devicemgtProps["adminUser"]; - var clientName = devicemgtProps["clientName"]; - - module.getDynamicClientCredentials = function () { - var payload = { - "callbackUrl": devicemgtProps.callBackUrl, - "clientName": clientName, - "tokenScope": "admin", - "owner": adminUser, - "applicationType": "webapp", - "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer", - "saasApp" :true + var carbon = require("carbon"); + + publicMethods.encode = function (payload) { + return new String(Base64.encodeBase64(new String(payload).getBytes())); + }; + + publicMethods.decode = function (payload) { + return new String(Base64.decodeBase64(new String(payload).getBytes())); + }; + + publicMethods.getDynamicClientAppCredentials = function () { + // setting up dynamic client application properties + var dcAppProperties = { + "applicationType": deviceMgtProps["oauthProvider"]["appRegistration"]["appType"], + "clientName": deviceMgtProps["oauthProvider"]["appRegistration"]["clientName"], + "owner": deviceMgtProps["oauthProvider"]["appRegistration"]["owner"], + "tokenScope": deviceMgtProps["oauthProvider"]["appRegistration"]["tokenScope"], + "grantType": deviceMgtProps["oauthProvider"]["appRegistration"]["grantType"], + "callbackUrl": deviceMgtProps["oauthProvider"]["appRegistration"]["callbackUrl"], + "saasApp" : true }; + // calling dynamic client app registration service endpoint + var requestURL = deviceMgtProps["oauthProvider"]["appRegistration"] + ["dynamicClientAppRegistrationServiceURL"]; + var requestPayload = dcAppProperties; + var xhr = new XMLHttpRequest(); - var tokenEndpoint = devicemgtProps.dynamicClientRegistrationEndPoint; - xhr.open("POST", tokenEndpoint, false); + xhr.open("POST", requestURL, false); xhr.setRequestHeader("Content-Type", "application/json"); - xhr.send(payload); - var clientData = {}; - if (xhr.status == 201) { - var data = parse(xhr.responseText); - clientData.clientId = data.client_id; - clientData.clientSecret = data.client_secret; - - } else if (xhr.status == 400) { - throw "Invalid client meta data"; + xhr.send(stringify(requestPayload)); + + var dynamicClientCredentials = {}; + if (xhr["status"] == 201 && xhr["responseText"]) { + var responsePayload = parse(xhr["responseText"]); + dynamicClientCredentials["clientId"] = responsePayload["client_id"]; + dynamicClientCredentials["clientSecret"] = responsePayload["client_secret"]; + } else if (xhr["status"] == 400) { + log.error("{/app/modules/util.js - getDynamicClientAppCredentials()} " + + "Bad request. Invalid data provided as dynamic client application properties."); + dynamicClientCredentials = null; } else { - throw "Error in obtaining client id and secret"; + log.error("{/app/modules/util.js - getDynamicClientAppCredentials()} " + + "Error in retrieving dynamic client credentials."); + dynamicClientCredentials = null; } - return clientData; + // returning dynamic client credentials + return dynamicClientCredentials; }; - /** - * Encode the payload in Base64 - * @param payload - * @returns {Packages.java.lang.String} - */ - module.encode = function (payload) { - return new String(Base64.encodeBase64(new String(payload).getBytes())); - } - - module.decode = function (payload) { - return new String(Base64.decodeBase64(new String(payload).getBytes())); - } - - /** - * Get an AccessToken pair based on username and password - * @param username - * @param password - * @param clientId - * @param clientSecret - * @param scope - * @returns {{accessToken: "", refreshToken: ""}} - */ - module.getTokenWithPasswordGrantType = function (username, password, encodedClientKeys, scope) { - var xhr = new XMLHttpRequest(); - var tokenEndpoint = devicemgtProps.idPServer; - xhr.open("POST", tokenEndpoint, false); - xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); - xhr.setRequestHeader("Authorization", "Basic " + encodedClientKeys); - xhr.send("grant_type=password&username=" + username + "&password=" + password + "&scope=" + scope); - delete password, delete clientSecret, delete encodedClientKeys; - var tokenPair = {}; - if (xhr.status == 200) { - var data = parse(xhr.responseText); - tokenPair.refreshToken = data.refresh_token; - tokenPair.accessToken = data.access_token; - } else if (xhr.status == 403) { - log.error("Error in obtaining token with Password grant type"); + publicMethods.getAccessTokenByPasswordGrantType = function (username, password, encodedClientCredentials, scopes) { + if (!username || !password || !encodedClientCredentials || !scopes) { + log.error("{/app/modules/util.js} Error in retrieving access token by password " + + "grant type. No username, password, encoded client credentials or scopes are " + + "found - getAccessTokenByPasswordGrantType(a, b, c, d)"); return null; } else { - log.error("Error in obtaining token with Password grant type"); - return null; + // calling oauth provider token service endpoint + var requestURL = deviceMgtProps["oauthProvider"]["tokenServiceURL"]; + var requestPayload = "grant_type=password&username=" + + username + "&password=" + password + "&scope=" + scopes; + + var xhr = new XMLHttpRequest(); + xhr.open("POST", requestURL, false); + xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); + xhr.setRequestHeader("Authorization", "Basic " + encodedClientCredentials); + xhr.send(requestPayload); + + if (xhr["status"] == 200 && xhr["responseText"]) { + var responsePayload = parse(xhr["responseText"]); + var tokenPair = {}; + tokenPair["accessToken"] = responsePayload["access_token"]; + tokenPair["refreshToken"] = responsePayload["refresh_token"]; + return tokenPair; + } else { + log.error("{/app/modules/util.js} Error in retrieving access token by password " + + "grant type - getAccessTokenByPasswordGrantType(a, b, c, d)"); + return null; + } } - return tokenPair; }; - module.getTokenWithSAMLGrantType = function (assertion, clientKeys, scope) { - - var assertionXML = module.decode(assertion) ; - var encodedExtractedAssertion; - var extractedAssertion; - //TODO: make assertion extraction with proper parsing. Since Jaggery XML parser seem to add formatting - //which causes signature verification to fail. - var assertionStartMarker = "