From b72d0996418ba579cea86077efd0d150b7ad928e Mon Sep 17 00:00:00 2001 From: dilanua Date: Tue, 26 Jul 2016 11:14:46 +0530 Subject: [PATCH] Refactoring oauth token handling functions --- .../devicemgt/app/modules/api-wrapper-util.js | 123 ++++++++++++++---- 1 file changed, 98 insertions(+), 25 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/api-wrapper-util.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/api-wrapper-util.js index 1a2f7be25f2..0db3225031f 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/api-wrapper-util.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/api-wrapper-util.js @@ -17,45 +17,118 @@ */ var apiWrapperUtil = function () { - // var log = new Log("/app/modules/api-wrapper-util.js"); + var log = new Log("/app/modules/api-wrapper-util.js"); var tokenUtil = require("/app/modules/util.js")["util"]; var constants = require("/app/modules/constants.js"); var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; + var privateMethods = {}; var publicMethods = {}; + privateMethods.setUpEncodedTenantBasedClientCredentials = function (username) { + if (!username) { + log.error("Could not set up encoded tenant based client credentials " + + "to session context. No username is found as input."); + } else { + var dynamicClientCredentials = tokenUtil.getDyanmicClientCredentials(); + if (!dynamicClientCredentials) { + log.error("Could not set up encoded tenant based client credentials " + + "to session context as the server is unable to obtain dynamic client credentials."); + } else { + var jwtToken = tokenUtil.getTokenWithJWTGrantType(dynamicClientCredentials); + if (!jwtToken) { + log.error("Could not set up encoded tenant based client credentials " + + "to session context as the server is unable to obtain a jwt token."); + } else { + var tenantBasedClientCredentials = tokenUtil.getTenantBasedAppCredentials(username, jwtToken); + if (!tenantBasedClientCredentials) { + log.error("Could not set up encoded tenant based client credentials " + + "to session context as the server is unable to obtain such credentials."); + } else { + var encodedTenantBasedClientCredentials = + tokenUtil.encode(tenantBasedClientCredentials["clientId"] + ":" + + tenantBasedClientCredentials["clientSecret"]); + // setting up encoded tenant based client credentials to session context. + session.put(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"], encodedTenantBasedClientCredentials); + } + } + } + } + }; + publicMethods.refreshToken = function () { - var accessTokenPair = session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"]); + var accessTokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"])); // accessTokenPair includes current access token as well as current refresh token var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]); - accessTokenPair = tokenUtil.refreshToken(accessTokenPair, encodedClientCredentials); - session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], accessTokenPair); + if (!accessTokenPair || !encodedClientCredentials) { + log.error("Error in refreshing tokens. Either the access token pair, " + + "encoded client credentials or both input are not found under session context."); + } else { + var newAccessTokenPair = tokenUtil.refreshToken(accessTokenPair, encodedClientCredentials); + if (!newAccessTokenPair) { + log.error("Error in refreshing tokens. Unable to update " + + "session context with new access token pair."); + } else { + session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(newAccessTokenPair)); + } + } }; - publicMethods.setupAccessTokenPair = function (type, properties) { - var dynamicClientCredentials = tokenUtil.getDyanmicCredentials(properties); - var jwtToken = tokenUtil.getTokenWithJWTGrantType(dynamicClientCredentials); - var tenantBasedClientCredentials = tokenUtil.getTenantBasedAppCredentials(properties["username"], jwtToken); - var encodedTenantBasedClientCredentials = tokenUtil. - encode(tenantBasedClientCredentials["clientId"] + ":" + tenantBasedClientCredentials["clientSecret"]); - - session.put(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"], encodedTenantBasedClientCredentials); - - var accessTokenPair; - // accessTokenPair will include current access token as well as current refresh token - if (type == constants["GRANT_TYPE_PASSWORD"]) { - var arrayOfScopes = devicemgtProps["scopes"]; - var stringOfScopes = ""; - arrayOfScopes.forEach(function (entry) { stringOfScopes += entry + " "; }); - accessTokenPair = tokenUtil.getTokenWithPasswordGrantType(properties["username"], - encodeURIComponent(properties["password"]), encodedTenantBasedClientCredentials, stringOfScopes); - } else if (type == constants["GRANT_TYPE_SAML"]) { - accessTokenPair = tokenUtil.getTokenWithSAMLGrantType(properties["samlToken"], - encodedTenantBasedClientCredentials, "PRODUCTION"); + publicMethods.setupAccessTokenPairByPasswordGrantType = function (username, password) { + if (!username || !password) { + log.error("Could not set up access token pair by password grant type. " + + "Either username, password or both are missing as input."); + } else { + privateMethods.setUpEncodedTenantBasedClientCredentials(username); + var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]); + if (!encodedClientCredentials) { + log.error("Could not set up access token pair by password grant type. " + + "Encoded client credentials are missing."); + } else { + var accessTokenPair; + // accessTokenPair will include current access token as well as current refresh token + var arrayOfScopes = devicemgtProps["scopes"]; + var stringOfScopes = ""; + arrayOfScopes.forEach(function (entry) { + stringOfScopes += entry + " "; + }); + accessTokenPair = tokenUtil. + getTokenWithPasswordGrantType(username, + encodeURIComponent(password), encodedClientCredentials, stringOfScopes); + if (!accessTokenPair) { + log.error("Could not set up access token pair by password grant type. Error in token retrieval."); + } else { + // setting up access token pair into session context as a string + session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(accessTokenPair)); + } + } } + }; - session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], accessTokenPair); + publicMethods.setupAccessTokenPairBySamlGrantType = function (username, samlToken) { + if (!username || !samlToken) { + log.error("Could not set up access token pair by saml grant type. " + + "Either username, samlToken or both are missing as input."); + } else { + privateMethods.setUpEncodedTenantBasedClientCredentials(username); + var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]); + if (!encodedClientCredentials) { + log.error("Could not set up access token pair by saml grant type. " + + "Encoded client credentials are missing."); + } else { + var accessTokenPair; + // accessTokenPair will include current access token as well as current refresh token + accessTokenPair = tokenUtil. + getTokenWithSAMLGrantType(samlToken, encodedClientCredentials, "PRODUCTION"); + if (!accessTokenPair) { + log.error("Could not set up access token pair by password grant type. Error in token retrieval."); + } else { + // setting up access token pair into session context as a string + session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(accessTokenPair)); + } + } + } }; return publicMethods;