Handle default authdata in oauth2token handler

components/ui-request-interceptor/io.entgra.device.mgt.core.ui.request.interceptor/src/main/java/io/entgra/device/mgt/core/ui/request/interceptor/DefaultOauth2TokenHandler.java

@@ -22,6 +22,8 @@ import com.google.gson.Gson;
 import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
+import io.entgra.device.mgt.core.device.mgt.core.config.DeviceConfigurationManager;
+import io.entgra.device.mgt.core.device.mgt.core.config.DeviceManagementConfig;
 import io.entgra.device.mgt.core.ui.request.interceptor.beans.AuthData;
 import io.entgra.device.mgt.core.ui.request.interceptor.util.HandlerConstants;
 import io.entgra.device.mgt.core.ui.request.interceptor.util.HandlerUtil;
@@ -31,9 +33,11 @@ import org.apache.commons.logging.LogFactory;
 import org.apache.http.HttpHeaders;
 import org.apache.http.HttpStatus;
 import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpPost;
 import org.apache.http.client.utils.URIBuilder;
 import org.apache.http.entity.ContentType;
 import io.entgra.device.mgt.core.ui.request.interceptor.beans.ProxyResponse;
+import org.apache.http.entity.StringEntity;
 
 import javax.servlet.annotation.MultipartConfig;
 import javax.servlet.annotation.WebServlet;
@@ -42,32 +46,62 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import java.io.IOException;
+import java.util.Base64;
 
 @MultipartConfig
 @WebServlet("/default-oauth2-credentials")
 public class DefaultOauth2TokenHandler extends HttpServlet {
     private static final Log log = LogFactory.getLog(DefaultTokenHandler.class);
 
-
     @Override
     protected void doGet(HttpServletRequest req, HttpServletResponse resp) {
         try {
             HttpSession httpSession = req.getSession(false);
-
             if (httpSession != null) {
                 AuthData authData = (AuthData) httpSession.getAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY);
                 if (authData == null) {
                     HandlerUtil.sendUnAuthorizeResponse(resp);
                     return;
                 }
-
                 AuthData defaultAuthData = (AuthData) httpSession
                         .getAttribute(HandlerConstants.SESSION_DEFAULT_AUTH_DATA_KEY);
                 if (defaultAuthData != null) {
+                    String accessToken = defaultAuthData.getAccessToken();
+                    String accessTokenWithoutPrefix = accessToken.substring(accessToken.indexOf("_") + 1);
+
+                    HttpPost tokenEndpoint = new HttpPost(HandlerUtil.getKeyManagerUrl(req.getScheme()) + HandlerConstants.INTROSPECT_ENDPOINT);
+                    tokenEndpoint.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString());
+                    DeviceManagementConfig dmc = DeviceConfigurationManager.getInstance().getDeviceManagementConfig();
+                    String adminUsername = dmc.getKeyManagerConfigurations().getAdminUsername();
+                    String adminPassword = dmc.getKeyManagerConfigurations().getAdminPassword();
+                    tokenEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + Base64.getEncoder()
+                            .encodeToString((adminUsername + HandlerConstants.COLON + adminPassword).getBytes()));
+                    StringEntity tokenEPPayload = new StringEntity("token=" + accessTokenWithoutPrefix,
+                            ContentType.APPLICATION_FORM_URLENCODED);
+                    tokenEndpoint.setEntity(tokenEPPayload);
+                    ProxyResponse tokenStatus = HandlerUtil.execute(tokenEndpoint);
+
+                    if (HandlerConstants.DEFAULT_TOKEN_IS_EXPIRED.equals(tokenStatus.getData())) {
+                        tokenStatus = HandlerUtil.retryRequestWithRefreshedToken(req, tokenEndpoint, HandlerUtil.getKeyManagerUrl(req.getScheme()), true);
+                        if (!HandlerUtil.isResponseSuccessful(tokenStatus)) {
+                            HandlerUtil.handleError(resp, tokenStatus);
+                            return;
+                        }
+                    } else {
                         HandlerUtil.handleSuccess(resp, constructSuccessProxyResponse(defaultAuthData.getAccessToken()));
                         return;
                     }
+                }
+                processDefaultTokenRequest(httpSession, authData, req, resp);
+            } else {
+                HandlerUtil.sendUnAuthorizeResponse(resp);
+            }
+        } catch (IOException e) {
+            log.error("Error occurred when processing GET request to get default token.", e);
+        }
+    }
 
+    private void processDefaultTokenRequest(HttpSession httpSession, AuthData authData, HttpServletRequest req, HttpServletResponse resp) throws IOException {
         String clientId = authData.getClientId();
         String clientSecret = authData.getClientSecret();
 
@@ -121,12 +155,6 @@ public class DefaultOauth2TokenHandler extends HttpServlet {
 
             HandlerUtil.handleSuccess(resp, constructSuccessProxyResponse(defaultToken));
         }
-            } else {
-                HandlerUtil.sendUnAuthorizeResponse(resp);
-            }
-        } catch (IOException e) {
-            log.error("Error occurred when processing GET request to get default token.", e);
-        }
     }
 
     /**

components/ui-request-interceptor/io.entgra.device.mgt.core.ui.request.interceptor/src/main/java/io/entgra/device/mgt/core/ui/request/interceptor/util/HandlerConstants.java

@@ -52,6 +52,7 @@ public class HandlerConstants {
     public static final String API_COMMON_CONTEXT = "/api";
     public static final String EXECUTOR_EXCEPTION_PREFIX = "ExecutorException-";
     public static final String TOKEN_IS_EXPIRED = "ACCESS_TOKEN_IS_EXPIRED";
+    public static final String DEFAULT_TOKEN_IS_EXPIRED = "{\"active\":false}";
     public static final String REPORTS = "Reports";
     public static final String APP_NAME = "App-Name";
     public static final String[] SSO_LOGOUT_COOKIE_PATHS = new String[]{"/", "/entgra-ui-request-handler",

components/ui-request-interceptor/io.entgra.device.mgt.core.ui.request.interceptor/src/main/java/io/entgra/device/mgt/core/ui/request/interceptor/util/HandlerUtil.java

@@ -73,6 +73,7 @@ import java.io.PrintWriter;
 import java.io.StringWriter;
 import java.math.BigInteger;
 import java.security.SecureRandom;
+import java.util.Base64;
 import java.util.Enumeration;
 import java.util.List;
 
@@ -613,14 +614,15 @@ public class HandlerUtil {
      * @throws IOException If an error occurs when try to retry the request.
      */
     public static ProxyResponse retryRequestWithRefreshedToken(HttpServletRequest req, HttpRequestBase httpRequest,
-                                                               String apiEndpoint) throws IOException {
-        ProxyResponse retryResponse = refreshToken(req, apiEndpoint);
+                                                               String apiEndpoint, boolean isDefaultAuthToken) throws IOException {
+        ProxyResponse retryResponse = refreshToken(req, apiEndpoint, isDefaultAuthToken);
         if (isResponseSuccessful(retryResponse)) {
             HttpSession session = req.getSession(false);
             if (session == null) {
                 log.error("Unauthorized, You are not logged in. Please log in to the portal");
                 return constructProxyResponseByErrorCode(HttpStatus.SC_UNAUTHORIZED);
             }
+            if(!isDefaultAuthToken){
                 httpRequest.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BEARER + authData.getAccessToken());
                 ProxyResponse proxyResponse = HandlerUtil.execute(httpRequest);
                 if (proxyResponse.getExecutorResponse().contains(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX)) {
@@ -628,11 +630,16 @@ public class HandlerUtil {
                     return proxyResponse;
                 }
                 return proxyResponse;
-
+            }
         }
         return retryResponse;
     }
 
+    public static ProxyResponse retryRequestWithRefreshedToken(HttpServletRequest req, HttpRequestBase httpRequest,
+                                                               String apiEndpoint) throws IOException {
+        return retryRequestWithRefreshedToken(req, httpRequest, apiEndpoint, false);
+    }
+
     /***
      * This method is responsible to get the refresh token
      *
@@ -640,7 +647,7 @@ public class HandlerUtil {
      * @return If successfully renew tokens, returns TRUE otherwise return FALSE
      * @throws IOException If an error occurs while witting error response to client side or invoke token renewal API
      */
-    private static ProxyResponse refreshToken(HttpServletRequest req, String keymanagerUrl)
+    private static ProxyResponse refreshToken(HttpServletRequest req, String keymanagerUrl, boolean isDefaultAuthToken)
             throws IOException {
         if (log.isDebugEnabled()) {
             log.debug("refreshing the token");
@@ -653,8 +660,11 @@ public class HandlerUtil {
 //            handleError(resp, HttpStatus.SC_UNAUTHORIZED);
             return tokenResultResponse;
         }
-
+        if(isDefaultAuthToken){
+            authData = (AuthData) session.getAttribute(HandlerConstants.SESSION_DEFAULT_AUTH_DATA_KEY);
+        } else {
             authData = (AuthData) session.getAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY);
+        }
         tokenResultResponse = getTokenResult(authData, keymanagerUrl);
         if (tokenResultResponse.getExecutorResponse().contains(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX)) {
             log.error("Error occurred while refreshing access token.");
@@ -666,7 +676,11 @@ public class HandlerUtil {
         JsonElement jTokenResult = jsonParser.parse(tokenResultResponse.getData());
 
         if (jTokenResult.isJsonObject()) {
+            if(isDefaultAuthToken){
+                setNewDefaultAuthData(constructAuthDataFromTokenResult(jTokenResult, authData), session);
+            } else {
                 setNewAuthData(constructAuthDataFromTokenResult(jTokenResult, authData), session);
+            }
             return tokenResultResponse;
         }
 
@@ -675,6 +689,11 @@ public class HandlerUtil {
 //        handleError(resp, HttpStatus.SC_INTERNAL_SERVER_ERROR);
         return tokenResultResponse;
     }
+
+    private static ProxyResponse refreshToken(HttpServletRequest req, String keymanagerUrl) throws IOException {
+        return refreshToken(req, keymanagerUrl, false);
+    }
+
     public static ProxyResponse getTokenResult(AuthData authData, String keymanagerUrl) throws IOException {
         HttpPost tokenEndpoint = new HttpPost(keymanagerUrl + HandlerConstants.OAUTH2_TOKEN_ENDPOINT);
         StringEntity tokenEndpointPayload = new StringEntity(
@@ -683,6 +702,12 @@ public class HandlerUtil {
 
         tokenEndpoint.setEntity(tokenEndpointPayload);
         String encodedClientApp = authData.getEncodedClientApp();
+        if(encodedClientApp == null){
+            String clientId = authData.getClientId();
+            String clientSecret = authData.getClientSecret();
+            String toEncode = clientId + ":" + clientSecret;
+            encodedClientApp = Base64.getEncoder().encodeToString(toEncode.getBytes());
+        }
         tokenEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC +
                 encodedClientApp);
         tokenEndpoint.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString());
@@ -694,6 +719,11 @@ public class HandlerUtil {
         session.setAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY, newAuthData);
     }
 
+    public static void setNewDefaultAuthData(AuthData newAuthData, HttpSession session) {
+        authData = newAuthData;
+        session.setAttribute(HandlerConstants.SESSION_DEFAULT_AUTH_DATA_KEY, newAuthData);
+    }
+
     public static AuthData constructAuthDataFromTokenResult(JsonElement tokenResult, AuthData authData) {
         JsonObject jTokenResultAsJsonObject = tokenResult.getAsJsonObject();
         AuthData newAuthData = new AuthData();