forked from community/product-iots
parent
5ac84ae316
commit
73aaac46b0
@ -0,0 +1,116 @@
|
|||||||
|
<%
|
||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
|
||||||
|
* either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
var uri = request.getRequestURI();
|
||||||
|
var uriMatcher = new URIMatcher(String(uri));
|
||||||
|
|
||||||
|
var log = new Log("api/user-api.jag");
|
||||||
|
|
||||||
|
var constants = require("/modules/constants.js");
|
||||||
|
var mdmProps = require('/config/mdm-props.js').config();
|
||||||
|
var userModule = require("/modules/user.js").userModule;
|
||||||
|
var deviceModule = require("/modules/device.js").deviceModule;
|
||||||
|
var utility = require("/modules/utility.js").utility;
|
||||||
|
|
||||||
|
var result;
|
||||||
|
|
||||||
|
if (uriMatcher.match("/{context}/api/user/login/")) {
|
||||||
|
username = request.getParameter("username");
|
||||||
|
password = request.getParameter("password");
|
||||||
|
try {
|
||||||
|
userModule.login(username, password, function(user) {
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("User Logged In : " + user);
|
||||||
|
}
|
||||||
|
utility.insertAppPermissions(userModule, "login");
|
||||||
|
response.sendRedirect(constants.WEB_APP_CONTEXT);
|
||||||
|
}, function() {
|
||||||
|
response.sendRedirect(mdmProps.appContext + "login?#auth-failed");
|
||||||
|
});
|
||||||
|
} catch (e) {
|
||||||
|
log.error("Exception occurred while a user tried to login to MDM", e);
|
||||||
|
response.sendRedirect(mdmProps.appContext + "login?#error");
|
||||||
|
}
|
||||||
|
} else if (uriMatcher.match("/{context}/api/user/logout/")){
|
||||||
|
userModule.logout(function() {
|
||||||
|
response.sendRedirect(mdmProps.appContext + "login");
|
||||||
|
});
|
||||||
|
} else if (uriMatcher.match("/{context}/api/user/devices/")) {
|
||||||
|
if (userModule.isAuthorized("/permission/device-mgt/user/devices/list")) {
|
||||||
|
carbonUser = session.get(constants.USER_SESSION_KEY);
|
||||||
|
result = deviceModule.listDevicesForUser(carbonUser.username);
|
||||||
|
} else {
|
||||||
|
response.sendError(403);
|
||||||
|
}
|
||||||
|
} else if (uriMatcher.match("/{context}/api/users/{username}/invite")) {
|
||||||
|
if (userModule.isAuthorized("/permission/device-mgt/admin/users/invite")) {
|
||||||
|
elements = uriMatcher.elements();
|
||||||
|
username = elements.username;
|
||||||
|
userModule.inviteUser(username);
|
||||||
|
} else {
|
||||||
|
response.sendError(403);
|
||||||
|
}
|
||||||
|
} else if (uriMatcher.match("/{context}/api/users/add")) {
|
||||||
|
if (userModule.isAuthorized("/permission/device-mgt/admin/users/add")) {
|
||||||
|
addUserFormData = request.getContent();
|
||||||
|
|
||||||
|
username = addUserFormData.username;
|
||||||
|
firstname = addUserFormData.firstname;
|
||||||
|
lastname = addUserFormData.lastname;
|
||||||
|
emailAddress = addUserFormData.emailAddress;
|
||||||
|
|
||||||
|
if (!addUserFormData.userRoles) {
|
||||||
|
userRoles = null;
|
||||||
|
} else {
|
||||||
|
userRoles = String(addUserFormData.userRoles).split(",");
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
result = userModule.addUser(username, firstname, lastname, emailAddress, userRoles);
|
||||||
|
} catch (e) {
|
||||||
|
log.error("Exception occurred while trying to add a user to MDM User Store", e);
|
||||||
|
// http status code 400 refers to - Bad request.
|
||||||
|
result = 400;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// http status code 403 refers to - forbidden.
|
||||||
|
result = 403;
|
||||||
|
}
|
||||||
|
} else if (uriMatcher.match("/{context}/api/users/{username}/remove")) {
|
||||||
|
if (userModule.isAuthorized("/permission/device-mgt/admin/users/remove")) {
|
||||||
|
elements = uriMatcher.elements();
|
||||||
|
username = elements.username;
|
||||||
|
try {
|
||||||
|
result = userModule.removeUser(username);
|
||||||
|
} catch (e) {
|
||||||
|
log.error("Exception occurred while trying to remove a user from MDM User Store", e);
|
||||||
|
// http status code 400 refers to - Bad request.
|
||||||
|
result = 400;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// http status code 403 refers to - forbidden.
|
||||||
|
result = 403;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// returning the result.
|
||||||
|
if (result) {
|
||||||
|
print(result);
|
||||||
|
}
|
||||||
|
%>
|
@ -0,0 +1,27 @@
|
|||||||
|
{
|
||||||
|
"appContext" : "/mdm/",
|
||||||
|
"apiContext" : "api",
|
||||||
|
"httpsURL": "%https.ip%",
|
||||||
|
"httpURL": "%http.ip%",
|
||||||
|
"iOSConfigRoot": "%https.ip%/ios/",
|
||||||
|
"device": {
|
||||||
|
"ios": {
|
||||||
|
"location": "%http.ip%/mdm/public/asset-download-agent/asset/ios-agent.ipa",
|
||||||
|
"bundleid": "org.wso2.carbon.mdm.mobileservices.ios.agent.iOSMDMAgent",
|
||||||
|
"version": "1.0",
|
||||||
|
"appname": "MDM Agent"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"androidAgentApp" : "android-agent.apk",
|
||||||
|
"windowsConfigRoot": "http://10.10.10.198:9763/mdm-windows-api/services/federated/bst/authentication",
|
||||||
|
"ssoConfiguration": {
|
||||||
|
"enabled": false,
|
||||||
|
"issuer": "mdm",
|
||||||
|
"appName": "mdm",
|
||||||
|
"identityProviderURL": "%https.ip%/sso/samlsso.jag",
|
||||||
|
"responseSigningEnabled": "true",
|
||||||
|
"keyStorePassword": "wso2carbon",
|
||||||
|
"identityAlias": "wso2carbon",
|
||||||
|
"keyStoreName": "/repository/resources/security/wso2carbon.jks"
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,27 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
|
||||||
|
* either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
var carbonModule = require("carbon");
|
||||||
|
var carbonServer = new carbonModule.server.Server({
|
||||||
|
tenanted: true,
|
||||||
|
url: mdmProps.httpsURL + '/admin'
|
||||||
|
});
|
||||||
|
application.put("carbonServer", carbonServer);
|
||||||
|
var userModule = require("/modules/user.js").userModule;
|
||||||
|
var utility = require("/modules/utility.js").utility;
|
||||||
|
utility.insertAppPermissions(userModule, "init");
|
@ -0,0 +1,39 @@
|
|||||||
|
{
|
||||||
|
"displayName": "Device Cloud",
|
||||||
|
"logLevel": "info",
|
||||||
|
"initScripts": ["/config/init.js"],
|
||||||
|
"urlMappings": [
|
||||||
|
{
|
||||||
|
"url" : "/testb/*",
|
||||||
|
"path" : "test.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url" : "/test/*",
|
||||||
|
"path" : "test/testExecutor.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/api/user/*",
|
||||||
|
"path": "/api/user-api.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/api/users/*",
|
||||||
|
"path": "/api/user-api.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/sso/login",
|
||||||
|
"path": "/lib/login.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/sso/logout",
|
||||||
|
"path": "/lib/logout.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/sso/acs",
|
||||||
|
"path": "/lib/acs.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/*",
|
||||||
|
"path": "/lib/fuse.jag"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
@ -0,0 +1,36 @@
|
|||||||
|
<%
|
||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
(function(){
|
||||||
|
var constants = require('/modules/constants.js');
|
||||||
|
if (!session.get(constants.USER_SESSION_KEY)) {
|
||||||
|
var dataConfig = require('/config/mdm-props.js').config();
|
||||||
|
var sso = require('/modules/sso.js').sso;
|
||||||
|
var keyStoreParams = {
|
||||||
|
keyStoreName : dataConfig.ssoConfiguration.keyStoreName,
|
||||||
|
keyStorePassword : dataConfig.ssoConfiguration.keyStorePassword,
|
||||||
|
identityAlias : dataConfig.ssoConfiguration.identityAlias
|
||||||
|
}
|
||||||
|
sso.configure(dataConfig.ssoConfiguration.issuer, dataConfig.ssoConfiguration.appName, keyStoreParams,
|
||||||
|
dataConfig.ssoConfiguration.identityProviderURL);
|
||||||
|
sso.login();
|
||||||
|
}else{
|
||||||
|
response.sendRedirect(dataConfig.appContext);
|
||||||
|
}
|
||||||
|
}());
|
||||||
|
%>
|
@ -0,0 +1,37 @@
|
|||||||
|
<%
|
||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
var constants = require('/modules/constants.js');
|
||||||
|
var user = session.get(constants.USER_SESSION_KEY);
|
||||||
|
var dataConfig = require('/config/mdm-props.js').config();
|
||||||
|
var log = new Log();
|
||||||
|
if (user === null) {
|
||||||
|
log.debug("Cannot perform logout. No user session found.");
|
||||||
|
response.sendRedirect(dataConfig.appContext+'dashboard');
|
||||||
|
} else {
|
||||||
|
var sso = require('/modules/sso.js').sso;
|
||||||
|
var keyStoreParams = {
|
||||||
|
keyStoreName: dataConfig.ssoConfiguration.keyStoreName,
|
||||||
|
keyStorePassword: dataConfig.ssoConfiguration.keyStorePassword,
|
||||||
|
identityAlias: dataConfig.ssoConfiguration.identityAlias
|
||||||
|
}
|
||||||
|
sso.configure(dataConfig.ssoConfiguration.issuer, dataConfig.ssoConfiguration.appName, keyStoreParams,
|
||||||
|
dataConfig.ssoConfiguration.identityProviderURL);
|
||||||
|
sso.logout(user);
|
||||||
|
}
|
||||||
|
%>
|
@ -0,0 +1,23 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
|
||||||
|
* either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
var WEB_APP_TITLE = "WSO2 Device Cloud";
|
||||||
|
var WEB_APP_CONTEXT = "/iot";
|
||||||
|
var USER_SESSION_KEY = "USER";
|
||||||
|
var UNSPECIFIED = "Unspecified";
|
||||||
|
|
||||||
|
|
@ -0,0 +1,161 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http:www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
var sso = {};
|
||||||
|
var ssoMod = require("sso");
|
||||||
|
var log = new Log();
|
||||||
|
(function () {
|
||||||
|
var carbon = require("carbon");
|
||||||
|
var process = require("process");
|
||||||
|
var getSSOSessions = function () {
|
||||||
|
var sso_sessions = application.get('sso_sessions');
|
||||||
|
|
||||||
|
if (!sso_sessions) {
|
||||||
|
application.put('sso_sessions', {});
|
||||||
|
sso_sessions = application.get('sso_sessions');
|
||||||
|
}
|
||||||
|
return sso_sessions;
|
||||||
|
};
|
||||||
|
|
||||||
|
sso.configure = function (issuer, appName, keyStoreParams, address, transport, ssoService, responseSign) {
|
||||||
|
sso.issuer = issuer;
|
||||||
|
sso.appName = appName;
|
||||||
|
sso.relayState = "/" + appName;
|
||||||
|
sso.transport = (transport ? transport : "https");
|
||||||
|
sso.ssoService = (ssoService ? ssoService : "/samlsso");
|
||||||
|
sso.responseSign = (responseSign ? responseSign : true);
|
||||||
|
sso.log = new Log("SSO Module");
|
||||||
|
sso.address = carbon.server.address(sso.transport);
|
||||||
|
sso.keyStoreProps = {
|
||||||
|
KEY_STORE_NAME: process.getProperty('carbon.home') + keyStoreParams.keyStoreName,
|
||||||
|
KEY_STORE_PASSWORD: keyStoreParams.keyStorePassword,
|
||||||
|
IDP_ALIAS: keyStoreParams.identityAlias
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
sso.login = function () {
|
||||||
|
sso.sessionId = session.getId();
|
||||||
|
var referer = request.getHeader("referer");
|
||||||
|
sso.relayState = (referer ? referer : sso.relayState);
|
||||||
|
sso.relayState = sso.relayState;// append query string
|
||||||
|
var log = new Log();
|
||||||
|
|
||||||
|
if (request.getQueryString()) {
|
||||||
|
|
||||||
|
sso.relayState += request.getQueryString();
|
||||||
|
}
|
||||||
|
sso.encodedSAMLAuthRequest = ssoMod.client.getEncodedSAMLAuthRequest(sso.issuer);
|
||||||
|
var postUrl = sso.address + sso.ssoService;
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Request sent to IdP");
|
||||||
|
}
|
||||||
|
print("<div><p>You are now being redirected to SSO Provider. If the redirection fails, please click on the "+
|
||||||
|
"button below.</p> <form method='post' action='" + postUrl + "'><p><input type='hidden' " +
|
||||||
|
"name='SAMLRequest' value='" + sso.encodedSAMLAuthRequest + "'/><input type='hidden' " +
|
||||||
|
"name='RelayState' value='" + sso.relayState + "'/><input type='hidden' name='SSOAuthSessionID' " +
|
||||||
|
"value='" + sso.sessionId + "'/><button type='submit'>Redirect manually</button></p></form></div>" +
|
||||||
|
"<script type = 'text/javascript' >document.forms[0].submit();</script>");
|
||||||
|
};
|
||||||
|
|
||||||
|
sso.logout = function (user) {
|
||||||
|
var sso_sessions = getSSOSessions();
|
||||||
|
sso.sessionId = session.getId();
|
||||||
|
sso.sessionIndex = sso_sessions[sso.sessionId];
|
||||||
|
|
||||||
|
var referer = request.getHeader("referer");
|
||||||
|
sso.relayState = (referer ? referer : sso.relayState);
|
||||||
|
sso.relayState = sso.relayState + request.getQueryString(); // append query string
|
||||||
|
sso.encodedSAMLLogoutRequest = ssoMod.client.getEncodedSAMLLogoutRequest(user, sso.sessionIndex, sso.issuer);
|
||||||
|
var postUrl = sso.address + sso.ssoService;
|
||||||
|
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
sso.log.debug("Logout request recieved from session id ::: " + sso.sessionId);
|
||||||
|
}
|
||||||
|
print("<div><p>You are now redirected to Stratos Identity. If theredirection fails, please click the post " +
|
||||||
|
"button.</p> <form id='logoutForm' method='post' action='" + postUrl + "'> <p> <input type='hidden' " +
|
||||||
|
"name='SAMLRequest' value='" + sso.encodedSAMLLogoutRequest + "'/> <input type='hidden' " +
|
||||||
|
"name='RelayState' value='" + sso.relayState + "'/> <input type='hidden' name='SSOAuthSessionID' " +
|
||||||
|
"value='" + sso.sessionId + "'/> <button type='submit'>POST</button> </p> </form> </div> <script " +
|
||||||
|
"type = 'text/javascript' > document.forms[0].submit(); </script>");
|
||||||
|
};
|
||||||
|
|
||||||
|
sso.acs = function (loginCallback, logoutCallback) {
|
||||||
|
var sso_sessions = getSSOSessions();
|
||||||
|
sso.sessionId = session.getId();
|
||||||
|
var samlResponse = request.getParameter('SAMLResponse');
|
||||||
|
var samlRequest = request.getParameter('SAMLRequest');
|
||||||
|
var relayState = request.getParameter('RelayState');
|
||||||
|
var samlRespObj;
|
||||||
|
|
||||||
|
if (samlResponse != null) {
|
||||||
|
samlRespObj = ssoMod.client.getSamlObject(samlResponse);
|
||||||
|
if (ssoMod.client.isLogoutResponse(samlRespObj)) {
|
||||||
|
logoutCallback();
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
sso.log.debug('Session Id Invalidated :::' + sso.sessionId);
|
||||||
|
}
|
||||||
|
// Invalidating the session after the callback
|
||||||
|
session.invalidate();
|
||||||
|
} else {
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
sso.log.debug("Login request");
|
||||||
|
}
|
||||||
|
// validating the signature
|
||||||
|
if (sso.responseSign) {
|
||||||
|
if (ssoMod.client.validateSignature(samlRespObj, sso.keyStoreProps)) {
|
||||||
|
var sessionObj = ssoMod.client.decodeSAMLLoginResponse(samlRespObj, samlResponse,
|
||||||
|
sso.sessionId);
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
sso.log.debug("Saml object session ID :::" + sessionObj.sessionId);
|
||||||
|
}
|
||||||
|
if (sessionObj.sessionIndex != null || sessionObj.sessionIndex != 'undefined') {
|
||||||
|
sso_sessions[sso_sessions[sessionObj.sessionIndex] = sessionObj.sessionId] =
|
||||||
|
sessionObj.sessionIndex;
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
sso.log.debug("Login successful");
|
||||||
|
sso.log.debug('User is set :::' + sessionObj.loggedInUser);
|
||||||
|
}
|
||||||
|
loginCallback(sessionObj.loggedInUser);
|
||||||
|
} else {
|
||||||
|
sso.log.error("Session index invalid");
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
sso.log.error("Response Signing failed");
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
sso.log.debug("Response Signing is disabled");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
/*
|
||||||
|
Executed for single logout requests
|
||||||
|
*/
|
||||||
|
if (samlRequest != null) {
|
||||||
|
var index = ssoMod.client.decodeSAMLLogoutRequest(ssoMod.client.getSamlObject(samlRequest));
|
||||||
|
var jSessionId = getSSOSessions()[index];
|
||||||
|
delete getSSOSessions()[index];
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
sso.log.debug('Backend logout received from store. The index is :::' + index);
|
||||||
|
sso.log.debug('Session Id Invalidated :::' + jSessionId);
|
||||||
|
}
|
||||||
|
session.invalidate();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
})();
|
@ -0,0 +1,296 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
|
||||||
|
* either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
var userModule;
|
||||||
|
userModule = function () {
|
||||||
|
var log = new Log("modules/user.js");
|
||||||
|
|
||||||
|
var constants = require("/modules/constants.js");
|
||||||
|
var dataConfig = require("/config/mdm-props.js").config();
|
||||||
|
var utility = require("/modules/utility.js").utility;
|
||||||
|
|
||||||
|
var userManagementService = utility.getUserManagementService();
|
||||||
|
var deviceManagementService = utility.getDeviceManagementService();
|
||||||
|
var EmailMessageProperties = Packages.org.wso2.carbon.device.mgt.common.EmailMessageProperties;
|
||||||
|
|
||||||
|
var publicMethods = {};
|
||||||
|
var privateMethods = {};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Authenticate a user when he or she attempts to login to MDM.
|
||||||
|
*
|
||||||
|
* @param username Username of the user
|
||||||
|
* @param password Password of the user
|
||||||
|
* @param successCallback Function to be called at the event of successful authentication
|
||||||
|
* @param failureCallback Function to be called at the event of failed authentication
|
||||||
|
*/
|
||||||
|
publicMethods.login = function (username, password, successCallback, failureCallback) {
|
||||||
|
var carbonModule = require("carbon");
|
||||||
|
var carbonServer = application.get("carbonServer");
|
||||||
|
try {
|
||||||
|
// get tenant specific full user name.
|
||||||
|
username = username + "@" + carbonModule.server.tenantDomain();
|
||||||
|
// check if the user is an authenticated user.
|
||||||
|
var isAuthenticated = carbonServer.authenticate(username, password);
|
||||||
|
if (isAuthenticated) {
|
||||||
|
var tenantUser = carbonModule.server.tenantUser(username);
|
||||||
|
session.put(constants.USER_SESSION_KEY, tenantUser);
|
||||||
|
successCallback(tenantUser);
|
||||||
|
} else {
|
||||||
|
failureCallback();
|
||||||
|
}
|
||||||
|
} catch (e) {
|
||||||
|
throw e;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Add user to mdm-user-store.
|
||||||
|
*
|
||||||
|
* @param username Username of the user
|
||||||
|
* @param firstname First name of the user
|
||||||
|
* @param lastname Last name of the user
|
||||||
|
* @param emailAddress Email address of the user
|
||||||
|
* @param userRoles Roles assigned to the user
|
||||||
|
*
|
||||||
|
* @returns {number} HTTP Status code 201 if succeeded, 409 if user already exists
|
||||||
|
*/
|
||||||
|
publicMethods.addUser = function (username, firstname, lastname, emailAddress, userRoles) {
|
||||||
|
var carbon = require('carbon');
|
||||||
|
var tenantId = carbon.server.tenantId();
|
||||||
|
var url = carbon.server.address('https') + "/admin/services";
|
||||||
|
var server = new carbon.server.Server(url);
|
||||||
|
var userManager = new carbon.user.UserManager(server, tenantId);
|
||||||
|
|
||||||
|
try {
|
||||||
|
if (userManager.userExists(username)) {
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("A user with name '" + username + "' already exists.");
|
||||||
|
}
|
||||||
|
// http status code 409 refers to - conflict.
|
||||||
|
return 409;
|
||||||
|
} else {
|
||||||
|
var initialUserPassword = privateMethods.generateInitialUserPassword();
|
||||||
|
var defaultUserClaims = privateMethods.buildDefaultUserClaims(firstname, lastname, emailAddress);
|
||||||
|
|
||||||
|
userManager.addUser(username, initialUserPassword, userRoles, defaultUserClaims, "default");
|
||||||
|
privateMethods.inviteUserToEnroll(username, initialUserPassword);
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("A new user with name '" + username + "' was created.");
|
||||||
|
}
|
||||||
|
// http status code 201 refers to - created.
|
||||||
|
return 201;
|
||||||
|
}
|
||||||
|
} catch (e) {
|
||||||
|
throw e;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Remove an existing user from mdm-user-store.
|
||||||
|
*
|
||||||
|
* @param username Username of the user
|
||||||
|
* @returns {number} HTTP Status code 200 if succeeded, 409 if the user does not exist
|
||||||
|
*/
|
||||||
|
publicMethods.removeUser = function (username) {
|
||||||
|
var carbon = require('carbon');
|
||||||
|
var tenantId = carbon.server.tenantId();
|
||||||
|
var url = carbon.server.address('https') + "/admin/services";
|
||||||
|
var server = new carbon.server.Server(url);
|
||||||
|
var userManager = new carbon.user.UserManager(server, tenantId);
|
||||||
|
|
||||||
|
try {
|
||||||
|
if (userManager.userExists(username)) {
|
||||||
|
userManager.removeUser(username);
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("An existing user with name '" + username + "' was removed.");
|
||||||
|
}
|
||||||
|
// http status code 200 refers to - success.
|
||||||
|
return 200;
|
||||||
|
} else {
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("A user with name '" + username + "' does not exist to remove.");
|
||||||
|
}
|
||||||
|
// http status code 409 refers to - conflict.
|
||||||
|
return 409;
|
||||||
|
}
|
||||||
|
} catch (e) {
|
||||||
|
throw e;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Private method to be used by addUser() to
|
||||||
|
* generate an initial user password for a user.
|
||||||
|
* This will be the password used by a user for his initial login to the system.
|
||||||
|
*
|
||||||
|
* @returns {string} Initial User Password
|
||||||
|
*/
|
||||||
|
privateMethods.generateInitialUserPassword = function () {
|
||||||
|
var passwordLength = 6;
|
||||||
|
//defining the pool of characters to be used for initial password generation
|
||||||
|
var lowerCaseCharset = "abcdefghijklmnopqrstuvwxyz";
|
||||||
|
var upperCaseCharset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
|
||||||
|
var numericCharset = "0123456789";
|
||||||
|
|
||||||
|
var totalCharset = lowerCaseCharset + upperCaseCharset + numericCharset;
|
||||||
|
var totalCharsetLength = totalCharset.length;
|
||||||
|
|
||||||
|
var initialUserPassword = "";
|
||||||
|
for (var i = 0; i < passwordLength; ++i) {
|
||||||
|
initialUserPassword += totalCharset.charAt(Math.floor(Math.random() * totalCharsetLength));
|
||||||
|
}
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Initial password created for new user : " + initialUserPassword);
|
||||||
|
}
|
||||||
|
return String(initialUserPassword);
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Build default user claims.
|
||||||
|
*
|
||||||
|
* @param firstname First name of the user
|
||||||
|
* @param lastname Last name of the user
|
||||||
|
* @param emailAddress Email address of the user
|
||||||
|
*
|
||||||
|
* @returns {Object} Default user claims to be provided
|
||||||
|
*/
|
||||||
|
privateMethods.buildDefaultUserClaims = function (firstname, lastname, emailAddress) {
|
||||||
|
var defaultUserClaims = {
|
||||||
|
"http://wso2.org/claims/givenname": firstname,
|
||||||
|
"http://wso2.org/claims/lastname": lastname,
|
||||||
|
"http://wso2.org/claims/emailaddress": emailAddress
|
||||||
|
};
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("ClaimMap created for new user : " + stringify(defaultUserClaims));
|
||||||
|
}
|
||||||
|
return defaultUserClaims;
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Send an initial invitation email to a user with username/password attached
|
||||||
|
* for the very-first enrollment with WSO2 MDM.
|
||||||
|
*
|
||||||
|
* @param username Username of the user
|
||||||
|
* @param password Password of the user
|
||||||
|
*/
|
||||||
|
privateMethods.inviteUserToEnroll = function (username, password) {
|
||||||
|
var enrollmentURL = dataConfig.httpsURL + dataConfig.appContext + "download-agent";
|
||||||
|
var carbonUser = session.get(constants.USER_SESSION_KEY);
|
||||||
|
if (!carbonUser) {
|
||||||
|
log.error("User object was not found in the session");
|
||||||
|
throw constants.ERRORS.USER_NOT_FOUND;
|
||||||
|
}
|
||||||
|
var user = userManagementService.getUser(username, carbonUser.tenantId);
|
||||||
|
|
||||||
|
var emailTo = [];
|
||||||
|
emailTo[0] = user.getEmail();
|
||||||
|
var emailMessageProperties = new EmailMessageProperties();
|
||||||
|
emailMessageProperties.setMailTo(emailTo);
|
||||||
|
emailMessageProperties.setFirstName(user.getFirstName());
|
||||||
|
emailMessageProperties.setUserName(username);
|
||||||
|
emailMessageProperties.setPassword(password);
|
||||||
|
emailMessageProperties.setEnrolmentUrl(enrollmentURL);
|
||||||
|
deviceManagementService.sendRegistrationEmail(emailMessageProperties);
|
||||||
|
};
|
||||||
|
|
||||||
|
publicMethods.addPermissions = function (permissionList, path, init) {
|
||||||
|
var carbonModule = require("carbon");
|
||||||
|
var carbonServer = application.get("carbonServer");
|
||||||
|
var options = {system: true};
|
||||||
|
if (init == "login") {
|
||||||
|
var carbonUser = session.get(constants.USER_SESSION_KEY);
|
||||||
|
if (carbonUser) {
|
||||||
|
options.tenantId = carbonUser.tenantId;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
var registry = new carbonModule.registry.Registry(carbonServer, options);
|
||||||
|
var i, permission, resource;
|
||||||
|
for (i = 0; i < permissionList.length; i++) {
|
||||||
|
permission = permissionList[i];
|
||||||
|
resource = {
|
||||||
|
collection : true,
|
||||||
|
name : permission.name,
|
||||||
|
properties : {
|
||||||
|
name : permission.name
|
||||||
|
}
|
||||||
|
};
|
||||||
|
registry.put("/_system/governance/permission/" + path + "/" + permission.key, resource);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
publicMethods.inviteUser = function (username) {
|
||||||
|
var carbonUser = session.get(constants.USER_SESSION_KEY);
|
||||||
|
if (!carbonUser) {
|
||||||
|
log.error("User object was not found in the session");
|
||||||
|
throw constants.ERRORS.USER_NOT_FOUND;
|
||||||
|
}
|
||||||
|
var user = userManagementService.getUser(username, carbonUser.tenantId);
|
||||||
|
var enrollmentURL = dataConfig.httpsURL + dataConfig.appContext + "download-agent";
|
||||||
|
|
||||||
|
var emailProperties = new EmailMessageProperties();
|
||||||
|
var emailTo = [];
|
||||||
|
emailTo[0] = user.getEmail();
|
||||||
|
emailProperties.setMailTo(emailTo);
|
||||||
|
emailProperties.setFirstName(user.getFirstName());
|
||||||
|
emailProperties.setEnrolmentUrl(enrollmentURL);
|
||||||
|
deviceManagementService.sendEnrolmentInvitation(emailProperties);
|
||||||
|
};
|
||||||
|
|
||||||
|
publicMethods.getUsers = function () {
|
||||||
|
var users = [];
|
||||||
|
var carbonUser = session.get(constants.USER_SESSION_KEY);
|
||||||
|
if (!carbonUser) {
|
||||||
|
log.error("User object was not found in the session");
|
||||||
|
throw constants.ERRORS.USER_NOT_FOUND;
|
||||||
|
}
|
||||||
|
var userList = userManagementService.getUsersForTenant(carbonUser.tenantId);
|
||||||
|
var i, userObject;
|
||||||
|
for (i = 0; i < userList.size(); i++) {
|
||||||
|
userObject = userList.get(i);
|
||||||
|
users.push({
|
||||||
|
"username" : userObject.getUserName(),
|
||||||
|
"email" : userObject.getEmail(),
|
||||||
|
"name" : userObject.getFirstName() + " " + userObject.getLastName()
|
||||||
|
});
|
||||||
|
}
|
||||||
|
return users;
|
||||||
|
};
|
||||||
|
|
||||||
|
publicMethods.isAuthorized = function (permission) {
|
||||||
|
var carbonModule = require("carbon");
|
||||||
|
var carbonServer = application.get("carbonServer");
|
||||||
|
var carbonUser = session.get(constants.USER_SESSION_KEY);
|
||||||
|
if (!carbonUser) {
|
||||||
|
log.error("User object was not found in the session");
|
||||||
|
throw constants.ERRORS.USER_NOT_FOUND;
|
||||||
|
}
|
||||||
|
var userManager = new carbonModule.user.UserManager(carbonServer, carbonUser.tenantId);
|
||||||
|
var user = new carbonModule.user.User(userManager, carbonUser.username);
|
||||||
|
return user.isAuthorized(permission, "ui.execute");
|
||||||
|
};
|
||||||
|
|
||||||
|
publicMethods.logout = function (successCallback) {
|
||||||
|
session.invalidate();
|
||||||
|
successCallback();
|
||||||
|
};
|
||||||
|
|
||||||
|
return publicMethods;
|
||||||
|
}();
|
||||||
|
|
||||||
|
|
@ -0,0 +1,41 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
|
||||||
|
* either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
var utility;
|
||||||
|
utility = function () {
|
||||||
|
var JavaClass = Packages.java.lang.Class;
|
||||||
|
var PrivilegedCarbonContext = Packages.org.wso2.carbon.context.PrivilegedCarbonContext;
|
||||||
|
|
||||||
|
var getOsgiService = function (className) {
|
||||||
|
return PrivilegedCarbonContext.getThreadLocalCarbonContext().getOSGiService(JavaClass.forName(className));
|
||||||
|
};
|
||||||
|
|
||||||
|
var publicMethods = {};
|
||||||
|
|
||||||
|
publicMethods.getDeviceManagementService = function () {
|
||||||
|
return getOsgiService('org.wso2.carbon.device.mgt.core.service.DeviceManagementService');
|
||||||
|
};
|
||||||
|
|
||||||
|
publicMethods.getUserManagementService = function () {
|
||||||
|
return getOsgiService('org.wso2.carbon.device.mgt.user.core.service.UserManagementService');
|
||||||
|
};
|
||||||
|
|
||||||
|
return publicMethods;
|
||||||
|
}();
|
||||||
|
|
||||||
|
|
@ -0,0 +1,9 @@
|
|||||||
|
{{authorized}}
|
||||||
|
{{layout "fluid"}}
|
||||||
|
{{#zone "title"}}
|
||||||
|
WSO2 Device Cloud | Add User
|
||||||
|
{{/zone}}
|
||||||
|
{{#zone "body"}}
|
||||||
|
{{unit "appbar"}}
|
||||||
|
{{unit "add-user"}}
|
||||||
|
{{/zone}}
|
@ -0,0 +1,19 @@
|
|||||||
|
{{authorized}}
|
||||||
|
{{layout "fluid"}}
|
||||||
|
{{#zone "title"}}
|
||||||
|
WSO2 MDM | Device Management
|
||||||
|
{{/zone}}
|
||||||
|
{{#zone "body"}}
|
||||||
|
{{unit "appbar"}}
|
||||||
|
{{unit "extended-search-box"}}
|
||||||
|
<div class="row">
|
||||||
|
<div class="col-md-12">
|
||||||
|
<!-- content -->
|
||||||
|
<div class="container col-md-12 col-centered wr-content">
|
||||||
|
{{unit "operation-bar"}}
|
||||||
|
{{unit "device-listing"}}
|
||||||
|
</div>
|
||||||
|
<!-- /content -->
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
{{/zone}}
|
@ -0,0 +1,7 @@
|
|||||||
|
{{layout "fluid"}}
|
||||||
|
{{#zone "title"}}
|
||||||
|
WSO2 Mobile Device Manager | Login
|
||||||
|
{{/zone}}
|
||||||
|
{{#zone "body"}}
|
||||||
|
{{unit "login"}}
|
||||||
|
{{/zone}}
|
@ -0,0 +1,9 @@
|
|||||||
|
{{authorized}}
|
||||||
|
{{layout "fluid"}}
|
||||||
|
{{#zone "title"}}
|
||||||
|
User Management
|
||||||
|
{{/zone}}
|
||||||
|
{{#zone "body"}}
|
||||||
|
{{unit "appbar"}}
|
||||||
|
{{unit "user-listing"}}
|
||||||
|
{{/zone}}
|
@ -0,0 +1,12 @@
|
|||||||
|
<%
|
||||||
|
var userModule = require("/modules/user.js").userModule;
|
||||||
|
userModule.addPermissions([{key: "device-mgt/", name: "Device Management"}], "");
|
||||||
|
userModule.addPermissions([{key: "device-mgt/admin", name: "Device Management Admin"}], "");
|
||||||
|
userModule.addPermissions([{key: "device-mgt/user", name: "Device Management User"}], "");
|
||||||
|
|
||||||
|
userModule.addPermissions([{key: "devices", name: "Device"}], "device-mgt/admin");
|
||||||
|
userModule.addPermissions([{key: "devices", name: "Device"}], "device-mgt/user");
|
||||||
|
userModule.addPermissions([{key: "devices/list", name: "List all Devices"}], "device-mgt/admin");
|
||||||
|
userModule.addPermissions([{key: "devices/list", name: "List own Devices"}], "device-mgt/user");
|
||||||
|
new Log().info(userModule.isAuthorized("/permission/device-mgt/admin/devices/list"));
|
||||||
|
%>
|
@ -0,0 +1,20 @@
|
|||||||
|
<%
|
||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
require("jaggery-test").test.run();
|
||||||
|
%>
|
@ -0,0 +1,5 @@
|
|||||||
|
# Ignore everything in this directory.
|
||||||
|
# they are auto generated, should not be committed.
|
||||||
|
*
|
||||||
|
# Except this file
|
||||||
|
!.gitignore
|
@ -0,0 +1,56 @@
|
|||||||
|
{{#zone "main"}}
|
||||||
|
<!-- content/body -->
|
||||||
|
<div class="row">
|
||||||
|
<div class="col-md-12">
|
||||||
|
<!-- content -->
|
||||||
|
<div class="container col-centered wr-content">
|
||||||
|
<div class="wr-form">
|
||||||
|
<h1 class="wr-title">Add User</h1>
|
||||||
|
Please note that * sign represents required fields of data.
|
||||||
|
<hr />
|
||||||
|
<span class="wr-validation-summary hidden">
|
||||||
|
<p></p>
|
||||||
|
</span>
|
||||||
|
<div class="row">
|
||||||
|
<div class="col-lg-8">
|
||||||
|
<label class="wr-input-label">User Name *</label>
|
||||||
|
<div class="wr-input-control">
|
||||||
|
<input type="text" id="username" value="" placeholder="input text"/>
|
||||||
|
</div>
|
||||||
|
<label class="wr-input-label">First Name *</label>
|
||||||
|
<div class="wr-input-control">
|
||||||
|
<input type="text" id="firstname" value="" placeholder="input text"/>
|
||||||
|
</div>
|
||||||
|
<label class="wr-input-label">Last Name *</label>
|
||||||
|
<div class="wr-input-control">
|
||||||
|
<input type="text" id="lastname" value="" placeholder="input text"/>
|
||||||
|
</div>
|
||||||
|
<label class="wr-input-label">Email Address *</label>
|
||||||
|
<div class="wr-input-control">
|
||||||
|
<input type="email" id="email" value="" placeholder="input text"/>
|
||||||
|
</div>
|
||||||
|
<label class="wr-input-label">
|
||||||
|
User Roles
|
||||||
|
<span class="wr-help-tip glyphicon glyphicon-question-sign"></span>
|
||||||
|
</label>
|
||||||
|
<div class="wr-input-control">
|
||||||
|
<select id="roles" class="form-control select2" multiple="multiple">
|
||||||
|
{{#each roles}}
|
||||||
|
<option>{{this}}</option>
|
||||||
|
{{/each}}
|
||||||
|
</select>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<button id="add-user-btn" class="wr-btn">Add User</button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<!-- /content -->
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<!-- /content/body -->
|
||||||
|
{{/zone}}
|
||||||
|
{{#zone "bottomJs"}}
|
||||||
|
<script src="{{self.publicURL}}/js/bottomJs.js"></script>
|
||||||
|
{{/zone}}
|
||||||
|
|
@ -0,0 +1,26 @@
|
|||||||
|
/**
|
||||||
|
* Returns the dynamic state to be populated by add-user page.
|
||||||
|
*
|
||||||
|
* @param context Object that gets updated with the dynamic state of this page to be presented
|
||||||
|
* @returns {*} A context object that returns the dynamic state of this page to be presented
|
||||||
|
*/
|
||||||
|
function onRequest(context) {
|
||||||
|
var carbon = require('carbon');
|
||||||
|
var tenantId = carbon.server.tenantId();
|
||||||
|
var url = carbon.server.address('https') + "/admin/services/";
|
||||||
|
var server = new carbon.server.Server(url);
|
||||||
|
var userManager = new carbon.user.UserManager(server, tenantId);
|
||||||
|
|
||||||
|
var allRoles = userManager.allRoles();
|
||||||
|
var i = 0;
|
||||||
|
var filteredRoles = [];
|
||||||
|
while (allRoles[i]) {
|
||||||
|
if (allRoles[i] != "Internal/subscriber" && allRoles[i] != "Internal/everyone") {
|
||||||
|
filteredRoles.push(allRoles[i]);
|
||||||
|
}
|
||||||
|
i++;
|
||||||
|
}
|
||||||
|
|
||||||
|
context.roles = filteredRoles;
|
||||||
|
return context;
|
||||||
|
}
|
@ -0,0 +1,3 @@
|
|||||||
|
{
|
||||||
|
"predicate": false
|
||||||
|
}
|
@ -0,0 +1,91 @@
|
|||||||
|
$( document ).ready(function() {
|
||||||
|
$("select.select2").select2({
|
||||||
|
placeholder : "Select..."
|
||||||
|
});
|
||||||
|
|
||||||
|
$("select.select2[multiple=multiple]").select2({
|
||||||
|
placeholder : "Select...",
|
||||||
|
tags : true
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks if an email address has the valid format or not.
|
||||||
|
*
|
||||||
|
* @param email Email address
|
||||||
|
* @returns {boolean} true if email has the valid format, otherwise false.
|
||||||
|
*/
|
||||||
|
var emailIsValid = function(email) {
|
||||||
|
var atPosition = email.indexOf("@");
|
||||||
|
var dotPosition = email.lastIndexOf(".");
|
||||||
|
return !(atPosition < 1 || ( dotPosition - atPosition < 2 ));
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Following click function would execute
|
||||||
|
* when a user clicks on "Add User" button
|
||||||
|
* on Add User page in WSO2 MDM Console.
|
||||||
|
*/
|
||||||
|
$("button#add-user-btn").click(function() {
|
||||||
|
var username = $("input#username").val();
|
||||||
|
var firstname = $("input#firstname").val();
|
||||||
|
var lastname = $("input#lastname").val();
|
||||||
|
var emailAddress = $("input#email").val();
|
||||||
|
var userRoles = $("select#roles").val();
|
||||||
|
|
||||||
|
if (!username) {
|
||||||
|
$(".wr-validation-summary p").text("Username is a required field. It cannot be empty.");
|
||||||
|
$(".wr-validation-summary").removeClass("hidden");
|
||||||
|
} else if (!firstname) {
|
||||||
|
$(".wr-validation-summary p").text("Firstname is a required field. It cannot be empty.");
|
||||||
|
$(".wr-validation-summary").removeClass("hidden");
|
||||||
|
} else if (!lastname) {
|
||||||
|
$(".wr-validation-summary p").text("Lastname is a required field. It cannot be empty.");
|
||||||
|
$(".wr-validation-summary").removeClass("hidden");
|
||||||
|
} else if (!emailAddress) {
|
||||||
|
$(".wr-validation-summary p").text("Email is a required field. It cannot be empty.");
|
||||||
|
$(".wr-validation-summary").removeClass("hidden");
|
||||||
|
} else if (!emailIsValid(emailAddress)) {
|
||||||
|
$(".wr-validation-summary p").text("Email is not valid. Please enter a correct email address.");
|
||||||
|
$(".wr-validation-summary").removeClass("hidden");
|
||||||
|
} else {
|
||||||
|
var addUserFormData = {};
|
||||||
|
addUserFormData.username = username;
|
||||||
|
addUserFormData.firstname = firstname;
|
||||||
|
addUserFormData.lastname = lastname;
|
||||||
|
addUserFormData.emailAddress = emailAddress;
|
||||||
|
addUserFormData.userRoles = userRoles;
|
||||||
|
|
||||||
|
var addUserAPI = "/mdm/api/users/add";
|
||||||
|
|
||||||
|
$.ajax({
|
||||||
|
type : "POST",
|
||||||
|
url : addUserAPI,
|
||||||
|
contentType : "application/json",
|
||||||
|
data : JSON.stringify(addUserFormData),
|
||||||
|
success : function(data) {
|
||||||
|
if (data == 201) {
|
||||||
|
$(".wr-validation-summary p").text("User (" + username + ") was added. " +
|
||||||
|
"An invitation mail will also be sent to this user to initiate a device enrollment.");
|
||||||
|
// Clearing user input fields.
|
||||||
|
$("input#username").val("");
|
||||||
|
$("input#firstname").val("");
|
||||||
|
$("input#lastname").val("");
|
||||||
|
$("input#email").val("");
|
||||||
|
$("select#roles").select2("val", "");
|
||||||
|
} else if (data == 400) {
|
||||||
|
$(".wr-validation-summary p").text("Exception occurred at backend.");
|
||||||
|
} else if (data == 403) {
|
||||||
|
$(".wr-validation-summary p").text("Action was not permitted.");
|
||||||
|
} else if (data == 409) {
|
||||||
|
$(".wr-validation-summary p").text("Sorry, User already exists.");
|
||||||
|
}
|
||||||
|
$(".wr-validation-summary").removeClass("hidden");
|
||||||
|
},
|
||||||
|
error : function() {
|
||||||
|
$(".wr-validation-summary p").text("An unexpected error occurred.");
|
||||||
|
$(".wr-validation-summary").removeClass("hidden");
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
});
|
@ -0,0 +1,44 @@
|
|||||||
|
{{#zone "main"}}
|
||||||
|
|
||||||
|
<div id="nav" class="row wr-app-bar">
|
||||||
|
<div class="wr-action-container">
|
||||||
|
<div class="wr-action-btn-bar">
|
||||||
|
<!--<a href="javascript:history.go(-1)" class="cu-btn">
|
||||||
|
<i class="wso2icon wso2-c-left-arrow"></i>Go Back
|
||||||
|
</a>-->
|
||||||
|
{{#if permissions.ADD_USER}}
|
||||||
|
<a href="/mdm/add-user" class="cu-btn">
|
||||||
|
<span class="wso2icon-stack">
|
||||||
|
<i class="wso2icon wso2-ring wso2icon-stack-2x"></i>
|
||||||
|
<i class="wso2icon wso2-add wso2icon-stack-1x"></i>
|
||||||
|
</span>
|
||||||
|
Add User
|
||||||
|
</a>
|
||||||
|
{{/if}}
|
||||||
|
{{#if permissions.LIST_USERS}}
|
||||||
|
<a href="/mdm/users" class="cu-btn">
|
||||||
|
<span class="wso2icon-stack">
|
||||||
|
<i class="wso2icon wso2icon-stack-1x"></i>
|
||||||
|
</span>
|
||||||
|
User Management
|
||||||
|
</a>
|
||||||
|
{{/if}}
|
||||||
|
{{#if permissions.LIST_DEVICES}}
|
||||||
|
<a href="/mdm" class="cu-btn">
|
||||||
|
<span class="wso2icon-stack">
|
||||||
|
<i class="wso2icon wso2icon-stack-1x"></i>
|
||||||
|
</span>
|
||||||
|
Device Management
|
||||||
|
</a>
|
||||||
|
{{/if}}
|
||||||
|
<a href="javascript:openNotificationbar()" class="cu-btn wr-notification-toggle-btn">
|
||||||
|
<span class="wso2icon-stack-md">
|
||||||
|
<i class="wso2icon wso2-bell wso2icon-stack-1-5x"></i>
|
||||||
|
</span>
|
||||||
|
<span class="wr-notification-bubble">0</span>
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
{{/zone}}
|
@ -0,0 +1,16 @@
|
|||||||
|
function onRequest(context) {
|
||||||
|
var userModule = require("/modules/user.js").userModule;
|
||||||
|
var permissions = {};
|
||||||
|
if (userModule.isAuthorized("/permission/device-mgt/admin/devices/list") ||
|
||||||
|
userModule.isAuthorized("/permission/device-mgt/user/devices/list")) {
|
||||||
|
permissions.LIST_DEVICES = true;
|
||||||
|
}
|
||||||
|
if (userModule.isAuthorized("/permission/device-mgt/admin/users/list")) {
|
||||||
|
permissions.LIST_USERS = true;
|
||||||
|
}
|
||||||
|
if (userModule.isAuthorized("/permission/device-mgt/admin/users/add")) {
|
||||||
|
permissions.ADD_USER = true;
|
||||||
|
}
|
||||||
|
context.permissions = permissions;
|
||||||
|
return context;
|
||||||
|
}
|
@ -0,0 +1,3 @@
|
|||||||
|
{
|
||||||
|
"predicate": "true"
|
||||||
|
}
|
Loading…
Reference in new issue