Updating OAuth UI Module

revert-70aa11f8
dilanua 8 years ago
parent 7017f6e32b
commit 020f35cb4e

@ -46,7 +46,7 @@ if (uriMatcher.match("/{context}/api/user/authenticate")) {
if (log.isDebugEnabled()) {
log.debug("User Logged In : " + user);
}
apiWrapperUtil.setupAccessTokenPairByPasswordGrantType(username, password);
apiWrapperUtil.setupTokenPairByPasswordGrantType(username, password);
}, function () {
response = responseProcessor.buildSuccessResponse(response, 200, {'sessionId': session.getId()});
});
@ -66,7 +66,7 @@ if (uriMatcher.match("/{context}/api/user/authenticate")) {
log.debug("User Logged In : " + user);
}
apiWrapperUtil.setupAccessTokenPairByPasswordGrantType(username, password);
apiWrapperUtil.setupTokenPairByPasswordGrantType(username, password);
var permissions = userModule.getUIPermissions();
if (permissions.VIEW_DASHBOARD) {
response.sendRedirect(constants.WEB_APP_CONTEXT);

@ -59,8 +59,8 @@ var USER_STORE_CONFIG_ADMIN_SERVICE_END_POINT =
var SOAP_VERSION = 1.2;
var WEB_SERVICE_ADDRESSING_VERSION = 1.0;
var ACCESS_TOKEN_PAIR_IDENTIFIER = "accessTokenPair";
var ENCODED_CLIENT_KEYS_IDENTIFIER = "encodedClientKey";
var TOKEN_PAIR = "tokenPair";
var ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS = "encodedTenantBasedClientAppCredentials";
var CONTENT_TYPE_IDENTIFIER = "Content-Type";
var CONTENT_DISPOSITION_IDENTIFIER = "Content-Disposition";
var APPLICATION_JSON = "application/json";

@ -26,9 +26,9 @@ var onFail;
var utility = require("/app/modules/utility.js").utility;
var apiWrapperUtil = require("/app/modules/oauth/token-handlers.js")["handlers"];
if (context.input.samlToken) {
apiWrapperUtil.setupAccessTokenPairBySamlGrantType(context.input.username, context.input.samlToken);
apiWrapperUtil.setupTokenPairBySamlGrantType(context.input.username, context.input.samlToken);
} else {
apiWrapperUtil.setupAccessTokenPairByPasswordGrantType(context.input.username, context.input.password);
apiWrapperUtil.setupTokenPairByPasswordGrantType(context.input.username, context.input.password);
}
var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
var carbonServer = require("carbon").server;

@ -29,125 +29,126 @@ var handlers = function () {
var constants = require("/app/modules/constants.js");
var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
var privateMethods = {};
var publicMethods = {};
var privateMethods = {};
privateMethods.setUpEncodedTenantBasedClientAppCredentials = function (username) {
if (!username) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " +
"client credentials to session context. No username is found as " +
"input - setUpEncodedTenantBasedClientAppCredentials(x)");
} else {
var dynamicClientAppCredentials = tokenUtil.getDynamicClientAppCredentials();
if (!dynamicClientAppCredentials) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " +
"client credentials to session context as the server is unable to obtain " +
"dynamic client credentials - setUpEncodedTenantBasedClientAppCredentials(x)");
} else {
var jwtToken = tokenUtil.getAccessTokenByJWTGrantType(dynamicClientAppCredentials);
if (!jwtToken) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " +
"client credentials to session context as the server is unable to obtain " +
"a jwt token - setUpEncodedTenantBasedClientAppCredentials(x)");
} else {
var tenantBasedClientCredentials = tokenUtil.
getTenantBasedClientAppCredentials(username, jwtToken);
if (!tenantBasedClientCredentials) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant " +
"based client credentials to session context as the server is unable " +
"to obtain such credentials - setUpEncodedTenantBasedClientAppCredentials(x)");
} else {
var encodedTenantBasedClientCredentials =
tokenUtil.encode(tenantBasedClientCredentials["clientId"] + ":" +
tenantBasedClientCredentials["clientSecret"]);
// setting up encoded tenant based client credentials to session context.
session.put(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"], encodedTenantBasedClientCredentials);
}
}
}
}
};
publicMethods.setupAccessTokenPairByPasswordGrantType = function (username, password) {
publicMethods.setupTokenPairByPasswordGrantType = function (username, password) {
if (!username || !password) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair by " +
"password grant type. Either username, password or both are missing as " +
"input - setupAccessTokenPairByPasswordGrantType(x, y)");
"password grant type. Either username of logged in user, password or both are missing " +
"as input - setupTokenPairByPasswordGrantType(x, y)");
} else {
privateMethods.setUpEncodedTenantBasedClientAppCredentials(username);
var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]);
if (!encodedClientCredentials) {
var encodedClientAppCredentials = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"]);
if (!encodedClientAppCredentials) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair by " +
"password grant type. Encoded client credentials are " +
"missing - setupAccessTokenPairByPasswordGrantType(x, y)");
"missing - setupTokenPairByPasswordGrantType(x, y)");
} else {
var accessTokenPair;
// accessTokenPair will include current access token as well as current refresh token
var tokenPair;
// tokenPair will include current access token as well as current refresh token
var arrayOfScopes = devicemgtProps["scopes"];
var stringOfScopes = "";
arrayOfScopes.forEach(function (entry) {
stringOfScopes += entry + " ";
});
accessTokenPair = tokenUtil.
tokenPair = tokenUtil.
getAccessTokenByPasswordGrantType(username,
encodeURIComponent(password), encodedClientCredentials, stringOfScopes);
if (!accessTokenPair) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access " +
encodeURIComponent(password), encodedClientAppCredentials, stringOfScopes);
if (!tokenPair) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up " +
"token pair by password grant type. Error in token " +
"retrieval - setupAccessTokenPairByPasswordGrantType(x, y)");
"retrieval - setupTokenPairByPasswordGrantType(x, y)");
} else {
// setting up access token pair into session context as a string
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(accessTokenPair));
session.put(constants["TOKEN_PAIR"], stringify(tokenPair));
}
}
}
};
publicMethods.setupAccessTokenPairBySamlGrantType = function (username, samlToken) {
publicMethods.setupTokenPairBySamlGrantType = function (username, samlToken) {
if (!username || !samlToken) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair by " +
"saml grant type. Either username, samlToken or both are missing as " +
"input - setupAccessTokenPairByPasswordGrantType(x, y)");
"saml grant type. Either username of logged in user, samlToken or both are missing " +
"as input - setupTokenPairByPasswordGrantType(x, y)");
} else {
privateMethods.setUpEncodedTenantBasedClientAppCredentials(username);
var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]);
if (!encodedClientCredentials) {
var encodedClientAppCredentials = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"]);
if (!encodedClientAppCredentials) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair " +
"by saml grant type. Encoded client credentials are " +
"missing - setupAccessTokenPairByPasswordGrantType(x, y)");
"missing - setupTokenPairByPasswordGrantType(x, y)");
} else {
var accessTokenPair;
var tokenPair;
// accessTokenPair will include current access token as well as current refresh token
accessTokenPair = tokenUtil.
getAccessTokenBySAMLGrantType(samlToken, encodedClientCredentials, "PRODUCTION");
if (!accessTokenPair) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token " +
tokenPair = tokenUtil.
getAccessTokenBySAMLGrantType(samlToken, encodedClientAppCredentials, "PRODUCTION");
if (!tokenPair) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up token " +
"pair by password grant type. Error in token " +
"retrieval - setupAccessTokenPairByPasswordGrantType(x, y)");
"retrieval - setupTokenPairByPasswordGrantType(x, y)");
} else {
// setting up access token pair into session context as a string
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(accessTokenPair));
session.put(constants["TOKEN_PAIR"], stringify(tokenPair));
}
}
}
};
publicMethods.refreshAccessToken = function () {
var accessTokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"]));
// accessTokenPair includes current access token as well as current refresh token
var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]);
if (!accessTokenPair || !encodedClientCredentials) {
throw new Error("{/app/modules/oauth/token-handlers.js} Error in refreshing tokens. Either the access " +
"token pair, encoded client credentials or both input are not found under " +
"session context - refreshAccessToken()");
publicMethods.refreshTokenPair = function () {
var currentTokenPair = parse(session.get(constants["TOKEN_PAIR"]));
// currentTokenPair includes current access token as well as current refresh token
var encodedClientAppCredentials = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"]);
if (!currentTokenPair || !encodedClientAppCredentials) {
throw new Error("{/app/modules/oauth/token-handlers.js} Error in refreshing tokens. Either the " +
"token pair, encoded client app credentials or both input are not found under " +
"session context - refreshTokenPair()");
} else {
var newTokenPair = tokenUtil.
getNewAccessTokenByRefreshToken(accessTokenPair["refreshToken"], encodedClientCredentials);
getNewAccessTokenByRefreshToken(currentTokenPair["refreshToken"], encodedClientAppCredentials);
if (!newTokenPair) {
log.error("{/app/modules/oauth/token-handlers.js} Error in refreshing access token. Unable to update " +
"session context with new access token pair - refreshAccessToken()");
log.error("{/app/modules/oauth/token-handlers.js} Error in refreshing token pair. " +
"Unable to update session context with new access token pair - refreshTokenPair()");
} else {
session.put(constants["TOKEN_PAIR"], stringify(newTokenPair));
}
}
};
privateMethods.setUpEncodedTenantBasedClientAppCredentials = function (username) {
if (!username) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " +
"client credentials to session context. No username of logged in user is found as " +
"input - setUpEncodedTenantBasedClientAppCredentials(x)");
} else {
var dynamicClientAppCredentials = tokenUtil.getDynamicClientAppCredentials();
if (!dynamicClientAppCredentials) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " +
"client credentials to session context as the server is unable to obtain " +
"dynamic client credentials - setUpEncodedTenantBasedClientAppCredentials(x)");
} else {
var jwtToken = tokenUtil.getAccessTokenByJWTGrantType(dynamicClientAppCredentials);
if (!jwtToken) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " +
"client credentials to session context as the server is unable to obtain " +
"a jwt token - setUpEncodedTenantBasedClientAppCredentials(x)");
} else {
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(newTokenPair));
var tenantBasedClientAppCredentials = tokenUtil.
getTenantBasedClientAppCredentials(username, jwtToken);
if (!tenantBasedClientAppCredentials) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant " +
"based client credentials to session context as the server is unable " +
"to obtain such credentials - setUpEncodedTenantBasedClientAppCredentials(x)");
} else {
var encodedTenantBasedClientAppCredentials =
tokenUtil.encode(tenantBasedClientAppCredentials["clientId"] + ":" +
tenantBasedClientAppCredentials["clientSecret"]);
// setting up encoded tenant based client credentials to session context.
session.put(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"],
encodedTenantBasedClientAppCredentials);
}
}
}
}
};

@ -42,10 +42,10 @@ var invokers = function () {
/**
* This method reads the token pair from the session and return the access token.
* If the token pair s not set in the session this will send a redirect to the login page.
* If the token pair is not set in the session, this will return null.
*/
privateMethods.getAccessToken = function () {
var tokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"]));
var tokenPair = parse(session.get(constants["TOKEN_PAIR"]));
if (tokenPair) {
return tokenPair["accessToken"];
} else {
@ -103,7 +103,7 @@ var invokers = function () {
if (xmlHttpRequest.status == 401 && (xmlHttpRequest.responseText == TOKEN_EXPIRED ||
xmlHttpRequest.responseText == TOKEN_INVALID ) && count < 5) {
tokenUtil.refreshAccessToken();
tokenUtil.refreshTokenPair();
return privateMethods.execute(httpMethod, requestPayload, endpoint, responseCallback, ++count);
} else {
return responseCallback(xmlHttpRequest);
@ -122,7 +122,7 @@ var invokers = function () {
};
/**
* This method invokes return initiateXMLHttpRequest for get calls
* This method invokes return initiateXMLHttpRequest for get calls.
* @param endpoint Backend REST API url.
* @param responseCallback a function to be called with response retrieved.
*/
@ -132,7 +132,7 @@ var invokers = function () {
};
/**
* This method invokes return initiateXMLHttpRequest for post calls
* This method invokes return initiateXMLHttpRequest for post calls.
* @param endpoint Backend REST API url.
* @param requestPayload payload/data if exists which is needed to be send.
* @param responseCallback a function to be called with response retrieved.
@ -142,7 +142,7 @@ var invokers = function () {
};
/**
* This method invokes return initiateXMLHttpRequest for put calls
* This method invokes return initiateXMLHttpRequest for put calls.
* @param endpoint Backend REST API url.
* @param requestPayload payload/data if exists which is needed to be send.
* @param responseCallback a function to be called with response retrieved.
@ -152,7 +152,7 @@ var invokers = function () {
};
/**
* This method invokes return initiateXMLHttpRequest for delete calls
* This method invokes return initiateXMLHttpRequest for delete calls.
* @param endpoint Backend REST API url.
* @param responseCallback a function to be called with response retrieved.
*/
@ -214,7 +214,7 @@ var invokers = function () {
};
/**
* This method invokes return initiateWSRequest for soap calls
* This method invokes return initiateWSRequest for soap calls.
* @param action describes particular soap action.
* @param requestPayload SOAP request payload which is needed to be send.
* @param endpoint service end point to be triggered.
@ -303,7 +303,7 @@ var invokers = function () {
};
/**
* This method invokes return initiateHTTPClientRequest for get calls
* This method invokes return initiateHTTPClientRequest for get calls.
* @param url target url.
* @param successCallback a function to be called if the respond if successful.
* @param errorCallback a function to be called if en error is reserved.
@ -315,7 +315,7 @@ var invokers = function () {
};
/**
* This method invokes return initiateHTTPClientRequest for post calls
* This method invokes return initiateHTTPClientRequest for post calls.
* @param url target url.
* @param payload payload/data which need to be send.
* @param successCallback a function to be called if the respond if successful.
@ -327,7 +327,7 @@ var invokers = function () {
};
/**
* This method invokes return initiateHTTPClientRequest for put calls
* This method invokes return initiateHTTPClientRequest for put calls.
* @param url target url.
* @param payload payload/data which need to be send.
* @param successCallback a function to be called if the respond if successful.
@ -339,7 +339,7 @@ var invokers = function () {
};
/**
* This method invokes return initiateHTTPClientRequest for delete calls
* This method invokes return initiateHTTPClientRequest for delete calls.
* @param url target url.
* @param successCallback a function to be called if the respond if successful.
* @param errorCallback a function to be called if en error is reserved.

Loading…
Cancel
Save