|
|
@ -17,45 +17,118 @@
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
var apiWrapperUtil = function () {
|
|
|
|
var apiWrapperUtil = function () {
|
|
|
|
// var log = new Log("/app/modules/api-wrapper-util.js");
|
|
|
|
var log = new Log("/app/modules/api-wrapper-util.js");
|
|
|
|
|
|
|
|
|
|
|
|
var tokenUtil = require("/app/modules/util.js")["util"];
|
|
|
|
var tokenUtil = require("/app/modules/util.js")["util"];
|
|
|
|
var constants = require("/app/modules/constants.js");
|
|
|
|
var constants = require("/app/modules/constants.js");
|
|
|
|
var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
|
|
|
|
var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
var privateMethods = {};
|
|
|
|
var publicMethods = {};
|
|
|
|
var publicMethods = {};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
privateMethods.setUpEncodedTenantBasedClientCredentials = function (username) {
|
|
|
|
|
|
|
|
if (!username) {
|
|
|
|
|
|
|
|
log.error("Could not set up encoded tenant based client credentials " +
|
|
|
|
|
|
|
|
"to session context. No username is found as input.");
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
var dynamicClientCredentials = tokenUtil.getDyanmicClientCredentials();
|
|
|
|
|
|
|
|
if (!dynamicClientCredentials) {
|
|
|
|
|
|
|
|
log.error("Could not set up encoded tenant based client credentials " +
|
|
|
|
|
|
|
|
"to session context as the server is unable to obtain dynamic client credentials.");
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
var jwtToken = tokenUtil.getTokenWithJWTGrantType(dynamicClientCredentials);
|
|
|
|
|
|
|
|
if (!jwtToken) {
|
|
|
|
|
|
|
|
log.error("Could not set up encoded tenant based client credentials " +
|
|
|
|
|
|
|
|
"to session context as the server is unable to obtain a jwt token.");
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
var tenantBasedClientCredentials = tokenUtil.getTenantBasedAppCredentials(username, jwtToken);
|
|
|
|
|
|
|
|
if (!tenantBasedClientCredentials) {
|
|
|
|
|
|
|
|
log.error("Could not set up encoded tenant based client credentials " +
|
|
|
|
|
|
|
|
"to session context as the server is unable to obtain such credentials.");
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
var encodedTenantBasedClientCredentials =
|
|
|
|
|
|
|
|
tokenUtil.encode(tenantBasedClientCredentials["clientId"] + ":" +
|
|
|
|
|
|
|
|
tenantBasedClientCredentials["clientSecret"]);
|
|
|
|
|
|
|
|
// setting up encoded tenant based client credentials to session context.
|
|
|
|
|
|
|
|
session.put(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"], encodedTenantBasedClientCredentials);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
publicMethods.refreshToken = function () {
|
|
|
|
publicMethods.refreshToken = function () {
|
|
|
|
var accessTokenPair = session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"]);
|
|
|
|
var accessTokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"]));
|
|
|
|
// accessTokenPair includes current access token as well as current refresh token
|
|
|
|
// accessTokenPair includes current access token as well as current refresh token
|
|
|
|
var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]);
|
|
|
|
var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]);
|
|
|
|
accessTokenPair = tokenUtil.refreshToken(accessTokenPair, encodedClientCredentials);
|
|
|
|
if (!accessTokenPair || !encodedClientCredentials) {
|
|
|
|
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], accessTokenPair);
|
|
|
|
log.error("Error in refreshing tokens. Either the access token pair, " +
|
|
|
|
|
|
|
|
"encoded client credentials or both input are not found under session context.");
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
var newAccessTokenPair = tokenUtil.refreshToken(accessTokenPair, encodedClientCredentials);
|
|
|
|
|
|
|
|
if (!newAccessTokenPair) {
|
|
|
|
|
|
|
|
log.error("Error in refreshing tokens. Unable to update " +
|
|
|
|
|
|
|
|
"session context with new access token pair.");
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(newAccessTokenPair));
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
publicMethods.setupAccessTokenPair = function (type, properties) {
|
|
|
|
publicMethods.setupAccessTokenPairByPasswordGrantType = function (username, password) {
|
|
|
|
var dynamicClientCredentials = tokenUtil.getDyanmicCredentials(properties);
|
|
|
|
if (!username || !password) {
|
|
|
|
var jwtToken = tokenUtil.getTokenWithJWTGrantType(dynamicClientCredentials);
|
|
|
|
log.error("Could not set up access token pair by password grant type. " +
|
|
|
|
var tenantBasedClientCredentials = tokenUtil.getTenantBasedAppCredentials(properties["username"], jwtToken);
|
|
|
|
"Either username, password or both are missing as input.");
|
|
|
|
var encodedTenantBasedClientCredentials = tokenUtil.
|
|
|
|
} else {
|
|
|
|
encode(tenantBasedClientCredentials["clientId"] + ":" + tenantBasedClientCredentials["clientSecret"]);
|
|
|
|
privateMethods.setUpEncodedTenantBasedClientCredentials(username);
|
|
|
|
|
|
|
|
var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]);
|
|
|
|
session.put(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"], encodedTenantBasedClientCredentials);
|
|
|
|
if (!encodedClientCredentials) {
|
|
|
|
|
|
|
|
log.error("Could not set up access token pair by password grant type. " +
|
|
|
|
var accessTokenPair;
|
|
|
|
"Encoded client credentials are missing.");
|
|
|
|
// accessTokenPair will include current access token as well as current refresh token
|
|
|
|
} else {
|
|
|
|
if (type == constants["GRANT_TYPE_PASSWORD"]) {
|
|
|
|
var accessTokenPair;
|
|
|
|
var arrayOfScopes = devicemgtProps["scopes"];
|
|
|
|
// accessTokenPair will include current access token as well as current refresh token
|
|
|
|
var stringOfScopes = "";
|
|
|
|
var arrayOfScopes = devicemgtProps["scopes"];
|
|
|
|
arrayOfScopes.forEach(function (entry) { stringOfScopes += entry + " "; });
|
|
|
|
var stringOfScopes = "";
|
|
|
|
accessTokenPair = tokenUtil.getTokenWithPasswordGrantType(properties["username"],
|
|
|
|
arrayOfScopes.forEach(function (entry) {
|
|
|
|
encodeURIComponent(properties["password"]), encodedTenantBasedClientCredentials, stringOfScopes);
|
|
|
|
stringOfScopes += entry + " ";
|
|
|
|
} else if (type == constants["GRANT_TYPE_SAML"]) {
|
|
|
|
});
|
|
|
|
accessTokenPair = tokenUtil.getTokenWithSAMLGrantType(properties["samlToken"],
|
|
|
|
accessTokenPair = tokenUtil.
|
|
|
|
encodedTenantBasedClientCredentials, "PRODUCTION");
|
|
|
|
getTokenWithPasswordGrantType(username,
|
|
|
|
|
|
|
|
encodeURIComponent(password), encodedClientCredentials, stringOfScopes);
|
|
|
|
|
|
|
|
if (!accessTokenPair) {
|
|
|
|
|
|
|
|
log.error("Could not set up access token pair by password grant type. Error in token retrieval.");
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
// setting up access token pair into session context as a string
|
|
|
|
|
|
|
|
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(accessTokenPair));
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], accessTokenPair);
|
|
|
|
publicMethods.setupAccessTokenPairBySamlGrantType = function (username, samlToken) {
|
|
|
|
|
|
|
|
if (!username || !samlToken) {
|
|
|
|
|
|
|
|
log.error("Could not set up access token pair by saml grant type. " +
|
|
|
|
|
|
|
|
"Either username, samlToken or both are missing as input.");
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
privateMethods.setUpEncodedTenantBasedClientCredentials(username);
|
|
|
|
|
|
|
|
var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]);
|
|
|
|
|
|
|
|
if (!encodedClientCredentials) {
|
|
|
|
|
|
|
|
log.error("Could not set up access token pair by saml grant type. " +
|
|
|
|
|
|
|
|
"Encoded client credentials are missing.");
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
var accessTokenPair;
|
|
|
|
|
|
|
|
// accessTokenPair will include current access token as well as current refresh token
|
|
|
|
|
|
|
|
accessTokenPair = tokenUtil.
|
|
|
|
|
|
|
|
getTokenWithSAMLGrantType(samlToken, encodedClientCredentials, "PRODUCTION");
|
|
|
|
|
|
|
|
if (!accessTokenPair) {
|
|
|
|
|
|
|
|
log.error("Could not set up access token pair by password grant type. Error in token retrieval.");
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
// setting up access token pair into session context as a string
|
|
|
|
|
|
|
|
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(accessTokenPair));
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
return publicMethods;
|
|
|
|
return publicMethods;
|
|
|
|