From d58b8f1f5364f758f9d5f4d065322c923d43d854 Mon Sep 17 00:00:00 2001
From: Rasika Perera <info.rasika@gmail.com>
Date: Mon, 3 Oct 2016 16:03:55 +0530
Subject: [PATCH] Fixing realtime analytics websocket authentication

---
 .../analytics-view.js                         | 31 ++++++++++++++-----
 .../analytics-view.js                         | 28 ++++++++++++-----
 .../analytics-view.js                         | 28 ++++++++++++-----
 3 files changed, 65 insertions(+), 22 deletions(-)

diff --git a/components/iot-plugins/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android_sense.realtime.analytics-view/analytics-view.js b/components/iot-plugins/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android_sense.realtime.analytics-view/analytics-view.js
index 8d783f1ab..9bc4c8654 100644
--- a/components/iot-plugins/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android_sense.realtime.analytics-view/analytics-view.js
+++ b/components/iot-plugins/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android_sense.realtime.analytics-view/analytics-view.js
@@ -17,16 +17,31 @@
  */
 
 function onRequest(context) {
+    var log = new Log("stats.js");
+    var carbonServer = require("carbon").server;
     var device = context.unit.params.device;
     var devicemgtProps = require("/app/modules/conf-reader/main.js")["conf"];
     var constants = require("/app/modules/constants.js");
-    var websocketEndpoint = devicemgtProps["httpsURL"].replace("https", "wss");
-    var tokenPair = session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER);
-    var token = "";
-    if (tokenPair) {
-        token =  tokenPair.accessToken;
+
+    var websocketEndpoint = devicemgtProps["wssURL"].replace("https", "wss");
+    var jwtService = carbonServer.osgiService(
+        'org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService');
+    var jwtClient = jwtService.getJWTClient();
+    var encodedClientKeys = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"]);
+    if (encodedClientKeys) {
+        var tokenUtil = require("/app/modules/oauth/token-handler-utils.js")["utils"];
+        var resp = tokenUtil.decode(encodedClientKeys).split(":");
+        var deviceParam = "{\"scope\":\"stats\",\"deviceIdentifiers\":[{\"id\":\"" + device.deviceIdentifier
+                          + "\", \"type\":\"" + device.type + "\"}]}";
+        var encodedScope = tokenUtil.encode(deviceParam);
+        var tokenPair = jwtClient.getAccessToken(resp[0], resp[1], context.user.username,"default",
+                                                 {"device": encodedScope});
+        var token = "";
+        if (tokenPair) {
+            token = tokenPair.accessToken;
+        }
+        websocketEndpoint = websocketEndpoint + "/secured-outputui/org.wso2.iot.android.sense/1.0.0?" +
+                            "token="+ token +"&deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type;
     }
-    websocketEndpoint = websocketEndpoint + "/secured-outputui/org.wso2.iot.android.sense/1.0.0?" +
-    "token="+ token +"&deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type;
-    return {"device": device, "websocketEndpoint" : websocketEndpoint};
+    return {"device": device, "websocketEndpoint": websocketEndpoint};
 }
\ No newline at end of file
diff --git a/components/iot-plugins/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.arduino.realtime.analytics-view/analytics-view.js b/components/iot-plugins/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.arduino.realtime.analytics-view/analytics-view.js
index 655c182d1..0132400b2 100644
--- a/components/iot-plugins/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.arduino.realtime.analytics-view/analytics-view.js
+++ b/components/iot-plugins/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.arduino.realtime.analytics-view/analytics-view.js
@@ -18,16 +18,30 @@
 
 function onRequest(context) {
     var log = new Log("stats.js");
+    var carbonServer = require("carbon").server;
     var device = context.unit.params.device;
     var devicemgtProps = require("/app/modules/conf-reader/main.js")["conf"];
     var constants = require("/app/modules/constants.js");
+
     var websocketEndpoint = devicemgtProps["wssURL"].replace("https", "wss");
-    var tokenPair = session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER);
-    var token = "";
-    if (tokenPair) {
-        token =  tokenPair.accessToken;
+    var jwtService = carbonServer.osgiService(
+        'org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService');
+    var jwtClient = jwtService.getJWTClient();
+    var encodedClientKeys = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"]);
+    if (encodedClientKeys) {
+        var tokenUtil = require("/app/modules/oauth/token-handler-utils.js")["utils"];
+        var resp = tokenUtil.decode(encodedClientKeys).split(":");
+        var deviceParam = "{\"scope\":\"stats\",\"deviceIdentifiers\":[{\"id\":\"" + device.deviceIdentifier
+                          + "\", \"type\":\"" + device.type + "\"}]}";
+        var encodedScope = tokenUtil.encode(deviceParam);
+        var tokenPair = jwtClient.getAccessToken(resp[0], resp[1], context.user.username,"default",
+                                                 {"device": encodedScope});
+        var token = "";
+        if (tokenPair) {
+            token = tokenPair.accessToken;
+        }
+        websocketEndpoint = websocketEndpoint + "/secured-outputui/org.wso2.iot.devices.temperature/1.0.0?" +
+                            "token="+ token +"&deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type;
     }
-    websocketEndpoint = websocketEndpoint + "/secured-outputui/org.wso2.iot.devices.temperature/1.0.0?" +
-    "token="+ token +"&deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type;
-    return {"device": device, "websocketEndpoint" : websocketEndpoint};
+    return {"device": device, "websocketEndpoint": websocketEndpoint};
 }
\ No newline at end of file
diff --git a/components/iot-plugins/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.raspberrypi.realtime.analytics-view/analytics-view.js b/components/iot-plugins/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.raspberrypi.realtime.analytics-view/analytics-view.js
index 655c182d1..0132400b2 100644
--- a/components/iot-plugins/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.raspberrypi.realtime.analytics-view/analytics-view.js
+++ b/components/iot-plugins/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.raspberrypi.realtime.analytics-view/analytics-view.js
@@ -18,16 +18,30 @@
 
 function onRequest(context) {
     var log = new Log("stats.js");
+    var carbonServer = require("carbon").server;
     var device = context.unit.params.device;
     var devicemgtProps = require("/app/modules/conf-reader/main.js")["conf"];
     var constants = require("/app/modules/constants.js");
+
     var websocketEndpoint = devicemgtProps["wssURL"].replace("https", "wss");
-    var tokenPair = session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER);
-    var token = "";
-    if (tokenPair) {
-        token =  tokenPair.accessToken;
+    var jwtService = carbonServer.osgiService(
+        'org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService');
+    var jwtClient = jwtService.getJWTClient();
+    var encodedClientKeys = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"]);
+    if (encodedClientKeys) {
+        var tokenUtil = require("/app/modules/oauth/token-handler-utils.js")["utils"];
+        var resp = tokenUtil.decode(encodedClientKeys).split(":");
+        var deviceParam = "{\"scope\":\"stats\",\"deviceIdentifiers\":[{\"id\":\"" + device.deviceIdentifier
+                          + "\", \"type\":\"" + device.type + "\"}]}";
+        var encodedScope = tokenUtil.encode(deviceParam);
+        var tokenPair = jwtClient.getAccessToken(resp[0], resp[1], context.user.username,"default",
+                                                 {"device": encodedScope});
+        var token = "";
+        if (tokenPair) {
+            token = tokenPair.accessToken;
+        }
+        websocketEndpoint = websocketEndpoint + "/secured-outputui/org.wso2.iot.devices.temperature/1.0.0?" +
+                            "token="+ token +"&deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type;
     }
-    websocketEndpoint = websocketEndpoint + "/secured-outputui/org.wso2.iot.devices.temperature/1.0.0?" +
-    "token="+ token +"&deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type;
-    return {"device": device, "websocketEndpoint" : websocketEndpoint};
+    return {"device": device, "websocketEndpoint": websocketEndpoint};
 }
\ No newline at end of file