diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/user-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/user-api.jag index a9665ac04ce..1d04e761af3 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/user-api.jag +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/user-api.jag @@ -46,7 +46,7 @@ if (uriMatcher.match("/{context}/api/user/authenticate")) { if (log.isDebugEnabled()) { log.debug("User Logged In : " + user); } - apiWrapperUtil.setupAccessTokenPairByPasswordGrantType(username, password); + apiWrapperUtil.setupTokenPairByPasswordGrantType(username, password); }, function () { response = responseProcessor.buildSuccessResponse(response, 200, {'sessionId': session.getId()}); }); @@ -66,7 +66,7 @@ if (uriMatcher.match("/{context}/api/user/authenticate")) { log.debug("User Logged In : " + user); } - apiWrapperUtil.setupAccessTokenPairByPasswordGrantType(username, password); + apiWrapperUtil.setupTokenPairByPasswordGrantType(username, password); var permissions = userModule.getUIPermissions(); if (permissions.VIEW_DASHBOARD) { response.sendRedirect(constants.WEB_APP_CONTEXT); diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/constants.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/constants.js index 890a7e500e9..f1ebedd948a 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/constants.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/constants.js @@ -59,8 +59,8 @@ var USER_STORE_CONFIG_ADMIN_SERVICE_END_POINT = var SOAP_VERSION = 1.2; var WEB_SERVICE_ADDRESSING_VERSION = 1.0; -var ACCESS_TOKEN_PAIR_IDENTIFIER = "accessTokenPair"; -var ENCODED_CLIENT_KEYS_IDENTIFIER = "encodedClientKey"; +var TOKEN_PAIR = "tokenPair"; +var ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS = "encodedTenantBasedClientAppCredentials"; var CONTENT_TYPE_IDENTIFIER = "Content-Type"; var CONTENT_DISPOSITION_IDENTIFIER = "Content-Disposition"; var APPLICATION_JSON = "application/json"; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js index 9c11436e2d6..c383e1e817d 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js @@ -26,9 +26,9 @@ var onFail; var utility = require("/app/modules/utility.js").utility; var apiWrapperUtil = require("/app/modules/oauth/token-handlers.js")["handlers"]; if (context.input.samlToken) { - apiWrapperUtil.setupAccessTokenPairBySamlGrantType(context.input.username, context.input.samlToken); + apiWrapperUtil.setupTokenPairBySamlGrantType(context.input.username, context.input.samlToken); } else { - apiWrapperUtil.setupAccessTokenPairByPasswordGrantType(context.input.username, context.input.password); + apiWrapperUtil.setupTokenPairByPasswordGrantType(context.input.username, context.input.password); } var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; var carbonServer = require("carbon").server; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js index 030b1cd11d3..867c1db8da1 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js @@ -29,125 +29,126 @@ var handlers = function () { var constants = require("/app/modules/constants.js"); var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; - var privateMethods = {}; var publicMethods = {}; + var privateMethods = {}; - privateMethods.setUpEncodedTenantBasedClientAppCredentials = function (username) { - if (!username) { - throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " + - "client credentials to session context. No username is found as " + - "input - setUpEncodedTenantBasedClientAppCredentials(x)"); - } else { - var dynamicClientAppCredentials = tokenUtil.getDynamicClientAppCredentials(); - if (!dynamicClientAppCredentials) { - throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " + - "client credentials to session context as the server is unable to obtain " + - "dynamic client credentials - setUpEncodedTenantBasedClientAppCredentials(x)"); - } else { - var jwtToken = tokenUtil.getAccessTokenByJWTGrantType(dynamicClientAppCredentials); - if (!jwtToken) { - throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " + - "client credentials to session context as the server is unable to obtain " + - "a jwt token - setUpEncodedTenantBasedClientAppCredentials(x)"); - } else { - var tenantBasedClientCredentials = tokenUtil. - getTenantBasedClientAppCredentials(username, jwtToken); - if (!tenantBasedClientCredentials) { - throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant " + - "based client credentials to session context as the server is unable " + - "to obtain such credentials - setUpEncodedTenantBasedClientAppCredentials(x)"); - } else { - var encodedTenantBasedClientCredentials = - tokenUtil.encode(tenantBasedClientCredentials["clientId"] + ":" + - tenantBasedClientCredentials["clientSecret"]); - // setting up encoded tenant based client credentials to session context. - session.put(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"], encodedTenantBasedClientCredentials); - } - } - } - } - }; - - publicMethods.setupAccessTokenPairByPasswordGrantType = function (username, password) { + publicMethods.setupTokenPairByPasswordGrantType = function (username, password) { if (!username || !password) { throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair by " + - "password grant type. Either username, password or both are missing as " + - "input - setupAccessTokenPairByPasswordGrantType(x, y)"); + "password grant type. Either username of logged in user, password or both are missing " + + "as input - setupTokenPairByPasswordGrantType(x, y)"); } else { privateMethods.setUpEncodedTenantBasedClientAppCredentials(username); - var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]); - if (!encodedClientCredentials) { + var encodedClientAppCredentials = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"]); + if (!encodedClientAppCredentials) { throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair by " + "password grant type. Encoded client credentials are " + - "missing - setupAccessTokenPairByPasswordGrantType(x, y)"); + "missing - setupTokenPairByPasswordGrantType(x, y)"); } else { - var accessTokenPair; - // accessTokenPair will include current access token as well as current refresh token + var tokenPair; + // tokenPair will include current access token as well as current refresh token var arrayOfScopes = devicemgtProps["scopes"]; var stringOfScopes = ""; arrayOfScopes.forEach(function (entry) { stringOfScopes += entry + " "; }); - accessTokenPair = tokenUtil. + tokenPair = tokenUtil. getAccessTokenByPasswordGrantType(username, - encodeURIComponent(password), encodedClientCredentials, stringOfScopes); - if (!accessTokenPair) { - throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access " + + encodeURIComponent(password), encodedClientAppCredentials, stringOfScopes); + if (!tokenPair) { + throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up " + "token pair by password grant type. Error in token " + - "retrieval - setupAccessTokenPairByPasswordGrantType(x, y)"); + "retrieval - setupTokenPairByPasswordGrantType(x, y)"); } else { // setting up access token pair into session context as a string - session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(accessTokenPair)); + session.put(constants["TOKEN_PAIR"], stringify(tokenPair)); } } } }; - publicMethods.setupAccessTokenPairBySamlGrantType = function (username, samlToken) { + publicMethods.setupTokenPairBySamlGrantType = function (username, samlToken) { if (!username || !samlToken) { throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair by " + - "saml grant type. Either username, samlToken or both are missing as " + - "input - setupAccessTokenPairByPasswordGrantType(x, y)"); + "saml grant type. Either username of logged in user, samlToken or both are missing " + + "as input - setupTokenPairByPasswordGrantType(x, y)"); } else { privateMethods.setUpEncodedTenantBasedClientAppCredentials(username); - var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]); - if (!encodedClientCredentials) { + var encodedClientAppCredentials = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"]); + if (!encodedClientAppCredentials) { throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair " + "by saml grant type. Encoded client credentials are " + - "missing - setupAccessTokenPairByPasswordGrantType(x, y)"); + "missing - setupTokenPairByPasswordGrantType(x, y)"); } else { - var accessTokenPair; + var tokenPair; // accessTokenPair will include current access token as well as current refresh token - accessTokenPair = tokenUtil. - getAccessTokenBySAMLGrantType(samlToken, encodedClientCredentials, "PRODUCTION"); - if (!accessTokenPair) { - throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token " + + tokenPair = tokenUtil. + getAccessTokenBySAMLGrantType(samlToken, encodedClientAppCredentials, "PRODUCTION"); + if (!tokenPair) { + throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up token " + "pair by password grant type. Error in token " + - "retrieval - setupAccessTokenPairByPasswordGrantType(x, y)"); + "retrieval - setupTokenPairByPasswordGrantType(x, y)"); } else { // setting up access token pair into session context as a string - session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(accessTokenPair)); + session.put(constants["TOKEN_PAIR"], stringify(tokenPair)); } } } }; - publicMethods.refreshAccessToken = function () { - var accessTokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"])); - // accessTokenPair includes current access token as well as current refresh token - var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]); - if (!accessTokenPair || !encodedClientCredentials) { - throw new Error("{/app/modules/oauth/token-handlers.js} Error in refreshing tokens. Either the access " + - "token pair, encoded client credentials or both input are not found under " + - "session context - refreshAccessToken()"); + publicMethods.refreshTokenPair = function () { + var currentTokenPair = parse(session.get(constants["TOKEN_PAIR"])); + // currentTokenPair includes current access token as well as current refresh token + var encodedClientAppCredentials = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"]); + if (!currentTokenPair || !encodedClientAppCredentials) { + throw new Error("{/app/modules/oauth/token-handlers.js} Error in refreshing tokens. Either the " + + "token pair, encoded client app credentials or both input are not found under " + + "session context - refreshTokenPair()"); } else { var newTokenPair = tokenUtil. - getNewAccessTokenByRefreshToken(accessTokenPair["refreshToken"], encodedClientCredentials); + getNewAccessTokenByRefreshToken(currentTokenPair["refreshToken"], encodedClientAppCredentials); if (!newTokenPair) { - log.error("{/app/modules/oauth/token-handlers.js} Error in refreshing access token. Unable to update " + - "session context with new access token pair - refreshAccessToken()"); + log.error("{/app/modules/oauth/token-handlers.js} Error in refreshing token pair. " + + "Unable to update session context with new access token pair - refreshTokenPair()"); + } else { + session.put(constants["TOKEN_PAIR"], stringify(newTokenPair)); + } + } + }; + + privateMethods.setUpEncodedTenantBasedClientAppCredentials = function (username) { + if (!username) { + throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " + + "client credentials to session context. No username of logged in user is found as " + + "input - setUpEncodedTenantBasedClientAppCredentials(x)"); + } else { + var dynamicClientAppCredentials = tokenUtil.getDynamicClientAppCredentials(); + if (!dynamicClientAppCredentials) { + throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " + + "client credentials to session context as the server is unable to obtain " + + "dynamic client credentials - setUpEncodedTenantBasedClientAppCredentials(x)"); } else { - session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(newTokenPair)); + var jwtToken = tokenUtil.getAccessTokenByJWTGrantType(dynamicClientAppCredentials); + if (!jwtToken) { + throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " + + "client credentials to session context as the server is unable to obtain " + + "a jwt token - setUpEncodedTenantBasedClientAppCredentials(x)"); + } else { + var tenantBasedClientAppCredentials = tokenUtil. + getTenantBasedClientAppCredentials(username, jwtToken); + if (!tenantBasedClientAppCredentials) { + throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant " + + "based client credentials to session context as the server is unable " + + "to obtain such credentials - setUpEncodedTenantBasedClientAppCredentials(x)"); + } else { + var encodedTenantBasedClientAppCredentials = + tokenUtil.encode(tenantBasedClientAppCredentials["clientId"] + ":" + + tenantBasedClientAppCredentials["clientSecret"]); + // setting up encoded tenant based client credentials to session context. + session.put(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"], + encodedTenantBasedClientAppCredentials); + } + } } } }; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-protected-service-invokers.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-protected-service-invokers.js index 0ff97f851ee..2b9a3d09c97 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-protected-service-invokers.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-protected-service-invokers.js @@ -42,10 +42,10 @@ var invokers = function () { /** * This method reads the token pair from the session and return the access token. - * If the token pair s not set in the session this will send a redirect to the login page. + * If the token pair is not set in the session, this will return null. */ privateMethods.getAccessToken = function () { - var tokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"])); + var tokenPair = parse(session.get(constants["TOKEN_PAIR"])); if (tokenPair) { return tokenPair["accessToken"]; } else { @@ -103,7 +103,7 @@ var invokers = function () { if (xmlHttpRequest.status == 401 && (xmlHttpRequest.responseText == TOKEN_EXPIRED || xmlHttpRequest.responseText == TOKEN_INVALID ) && count < 5) { - tokenUtil.refreshAccessToken(); + tokenUtil.refreshTokenPair(); return privateMethods.execute(httpMethod, requestPayload, endpoint, responseCallback, ++count); } else { return responseCallback(xmlHttpRequest); @@ -122,7 +122,7 @@ var invokers = function () { }; /** - * This method invokes return initiateXMLHttpRequest for get calls + * This method invokes return initiateXMLHttpRequest for get calls. * @param endpoint Backend REST API url. * @param responseCallback a function to be called with response retrieved. */ @@ -132,7 +132,7 @@ var invokers = function () { }; /** - * This method invokes return initiateXMLHttpRequest for post calls + * This method invokes return initiateXMLHttpRequest for post calls. * @param endpoint Backend REST API url. * @param requestPayload payload/data if exists which is needed to be send. * @param responseCallback a function to be called with response retrieved. @@ -142,7 +142,7 @@ var invokers = function () { }; /** - * This method invokes return initiateXMLHttpRequest for put calls + * This method invokes return initiateXMLHttpRequest for put calls. * @param endpoint Backend REST API url. * @param requestPayload payload/data if exists which is needed to be send. * @param responseCallback a function to be called with response retrieved. @@ -152,7 +152,7 @@ var invokers = function () { }; /** - * This method invokes return initiateXMLHttpRequest for delete calls + * This method invokes return initiateXMLHttpRequest for delete calls. * @param endpoint Backend REST API url. * @param responseCallback a function to be called with response retrieved. */ @@ -214,7 +214,7 @@ var invokers = function () { }; /** - * This method invokes return initiateWSRequest for soap calls + * This method invokes return initiateWSRequest for soap calls. * @param action describes particular soap action. * @param requestPayload SOAP request payload which is needed to be send. * @param endpoint service end point to be triggered. @@ -303,7 +303,7 @@ var invokers = function () { }; /** - * This method invokes return initiateHTTPClientRequest for get calls + * This method invokes return initiateHTTPClientRequest for get calls. * @param url target url. * @param successCallback a function to be called if the respond if successful. * @param errorCallback a function to be called if en error is reserved. @@ -315,7 +315,7 @@ var invokers = function () { }; /** - * This method invokes return initiateHTTPClientRequest for post calls + * This method invokes return initiateHTTPClientRequest for post calls. * @param url target url. * @param payload payload/data which need to be send. * @param successCallback a function to be called if the respond if successful. @@ -327,7 +327,7 @@ var invokers = function () { }; /** - * This method invokes return initiateHTTPClientRequest for put calls + * This method invokes return initiateHTTPClientRequest for put calls. * @param url target url. * @param payload payload/data which need to be send. * @param successCallback a function to be called if the respond if successful. @@ -339,7 +339,7 @@ var invokers = function () { }; /** - * This method invokes return initiateHTTPClientRequest for delete calls + * This method invokes return initiateHTTPClientRequest for delete calls. * @param url target url. * @param successCallback a function to be called if the respond if successful. * @param errorCallback a function to be called if en error is reserved.