From 126d7215c5cc9321030e9f8147dad1753dd3dcd6 Mon Sep 17 00:00:00 2001
From: oyurov <oyurov@thingsboard.org>
Date: Sun, 16 Oct 2022 15:50:42 +0200
Subject: [PATCH 1/7] Added generation an audit log for oauth2 login and with
 which provider was done an authorization

---
 .../server/controller/AuthController.java     | 45 +------------
 .../controller/TwoFactorAuthController.java   |  6 +-
 .../Oauth2AuthenticationSuccessHandler.java   |  3 +
 .../auth/rest/RestAuthenticationProvider.java |  8 ++-
 .../system/DefaultSystemSecurityService.java  | 50 ++++-----------
 .../system/SystemSecurityService.java         |  2 +-
 .../server/utils/AuthorizationDetails.java    | 28 +++++++++
 .../utils/RestAuthenticationDetailsUtils.java | 63 +++++++++++++++++++
 .../server/dao/audit/AuditLogServiceImpl.java |  2 +
 9 files changed, 118 insertions(+), 89 deletions(-)
 create mode 100644 application/src/main/java/org/thingsboard/server/utils/AuthorizationDetails.java
 create mode 100644 application/src/main/java/org/thingsboard/server/utils/RestAuthenticationDetailsUtils.java

diff --git a/application/src/main/java/org/thingsboard/server/controller/AuthController.java b/application/src/main/java/org/thingsboard/server/controller/AuthController.java
index 72be55a135..ba34edef81 100644
--- a/application/src/main/java/org/thingsboard/server/controller/AuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/AuthController.java
@@ -59,7 +59,6 @@ import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.UserPrincipal;
 import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
 import org.thingsboard.server.service.security.system.SystemSecurityService;
-import ua_parser.Client;
 
 import javax.servlet.http.HttpServletRequest;
 import java.net.URI;
@@ -324,49 +323,7 @@ public class AuthController extends BaseController {
 
     private void logLogoutAction(HttpServletRequest request) throws ThingsboardException {
         try {
-            SecurityUser user = getCurrentUser();
-            RestAuthenticationDetails details = new RestAuthenticationDetails(request);
-            String clientAddress = details.getClientAddress();
-            String browser = "Unknown";
-            String os = "Unknown";
-            String device = "Unknown";
-            if (details.getUserAgent() != null) {
-                Client userAgent = details.getUserAgent();
-                if (userAgent.userAgent != null) {
-                    browser = userAgent.userAgent.family;
-                    if (userAgent.userAgent.major != null) {
-                        browser += " " + userAgent.userAgent.major;
-                        if (userAgent.userAgent.minor != null) {
-                            browser += "." + userAgent.userAgent.minor;
-                            if (userAgent.userAgent.patch != null) {
-                                browser += "." + userAgent.userAgent.patch;
-                            }
-                        }
-                    }
-                }
-                if (userAgent.os != null) {
-                    os = userAgent.os.family;
-                    if (userAgent.os.major != null) {
-                        os += " " + userAgent.os.major;
-                        if (userAgent.os.minor != null) {
-                            os += "." + userAgent.os.minor;
-                            if (userAgent.os.patch != null) {
-                                os += "." + userAgent.os.patch;
-                                if (userAgent.os.patchMinor != null) {
-                                    os += "." + userAgent.os.patchMinor;
-                                }
-                            }
-                        }
-                    }
-                }
-                if (userAgent.device != null) {
-                    device = userAgent.device.family;
-                }
-            }
-            auditLogService.logEntityAction(
-                    user.getTenantId(), user.getCustomerId(), user.getId(),
-                    user.getName(), user.getId(), null, ActionType.LOGOUT, null, clientAddress, browser, os, device);
-
+            systemSecurityService.logLoginAction(getCurrentUser(), new RestAuthenticationDetails(request), ActionType.LOGOUT, null, "REST");
         } catch (Exception e) {
             throw handleException(e);
         }
diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
index 003b4ab450..122d3e85a6 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@@ -58,6 +58,8 @@ import static org.thingsboard.server.controller.ControllerConstants.NEW_LINE;
 @RequiredArgsConstructor
 public class TwoFactorAuthController extends BaseController {
 
+    private static final String TwoFA_PROVIDER = "2FA ";
+
     private final TwoFactorAuthService twoFactorAuthService;
     private final TwoFaConfigManager twoFaConfigManager;
     private final JwtTokenFactory tokenFactory;
@@ -92,12 +94,12 @@ public class TwoFactorAuthController extends BaseController {
         SecurityUser user = getCurrentUser();
         boolean verificationSuccess = twoFactorAuthService.checkVerificationCode(user, providerType, verificationCode, true);
         if (verificationSuccess) {
-            systemSecurityService.logLoginAction(user, new RestAuthenticationDetails(servletRequest), ActionType.LOGIN, null);
+            systemSecurityService.logLoginAction(user, new RestAuthenticationDetails(servletRequest), ActionType.LOGIN, null, TwoFA_PROVIDER + providerType);
             user = new SecurityUser(userService.findUserById(user.getTenantId(), user.getId()), true, user.getUserPrincipal());
             return tokenFactory.createTokenPair(user);
         } else {
             ThingsboardException error = new ThingsboardException("Verification code is incorrect", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
-            systemSecurityService.logLoginAction(user, new RestAuthenticationDetails(servletRequest), ActionType.LOGIN, error);
+            systemSecurityService.logLoginAction(user, new RestAuthenticationDetails(servletRequest), ActionType.LOGIN, error, TwoFA_PROVIDER + providerType);
             throw error;
         }
     }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java
index e2a78eb605..e5e24a9d87 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java
@@ -25,6 +25,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
 import org.springframework.stereotype.Component;
 import org.thingsboard.server.common.data.StringUtils;
+import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.id.CustomerId;
 import org.thingsboard.server.common.data.id.EntityId;
 import org.thingsboard.server.common.data.id.TenantId;
@@ -33,6 +34,7 @@ import org.thingsboard.server.common.data.security.model.JwtToken;
 import org.thingsboard.server.dao.oauth2.OAuth2Service;
 import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.auth.jwt.RefreshTokenRepository;
+import org.thingsboard.server.service.security.auth.rest.RestAuthenticationDetails;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
 import org.thingsboard.server.service.security.system.SystemSecurityService;
@@ -102,6 +104,7 @@ public class Oauth2AuthenticationSuccessHandler extends SimpleUrlAuthenticationS
 
             clearAuthenticationAttributes(request, response);
             getRedirectStrategy().sendRedirect(request, response, baseUrl + "/?accessToken=" + accessToken.getToken() + "&refreshToken=" + refreshToken.getToken());
+            systemSecurityService.logLoginAction(securityUser, new RestAuthenticationDetails(request), ActionType.LOGIN, null, "OAUTH2: " + registration.getName());
         } catch (Exception e) {
             log.debug("Error occurred during processing authentication success result. " +
                     "request [{}], response [{}], authentication [{}]", request, response, authentication, e);
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
index b3ef88dbff..1f8a49b803 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
@@ -53,6 +53,8 @@ import java.util.UUID;
 @TbCoreComponent
 public class RestAuthenticationProvider implements AuthenticationProvider {
 
+    private static final String REST_PROVIDER = "REST";
+
     private final SystemSecurityService systemSecurityService;
     private final UserService userService;
     private final CustomerService customerService;
@@ -87,7 +89,7 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
             if (twoFactorAuthService.isTwoFaEnabled(securityUser.getTenantId(), securityUser.getId())) {
                 return new MfaAuthenticationToken(securityUser);
             } else {
-                systemSecurityService.logLoginAction(securityUser, authentication.getDetails(), ActionType.LOGIN, null);
+                systemSecurityService.logLoginAction(securityUser, authentication.getDetails(), ActionType.LOGIN, null, REST_PROVIDER);
             }
         } else {
             String publicId = userPrincipal.getValue();
@@ -113,7 +115,7 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
             try {
                 systemSecurityService.validateUserCredentials(user.getTenantId(), userCredentials, username, password);
             } catch (LockedException e) {
-                systemSecurityService.logLoginAction(user, authentication.getDetails(), ActionType.LOCKOUT, null);
+                systemSecurityService.logLoginAction(user, authentication.getDetails(), ActionType.LOCKOUT, null, REST_PROVIDER);
                 throw e;
             }
 
@@ -122,7 +124,7 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
 
             return new SecurityUser(user, userCredentials.isEnabled(), userPrincipal);
         } catch (Exception e) {
-            systemSecurityService.logLoginAction(user, authentication.getDetails(), ActionType.LOGIN, e);
+            systemSecurityService.logLoginAction(user, authentication.getDetails(), ActionType.LOGIN, e, REST_PROVIDER);
             throw e;
         }
     }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
index 5e8965c140..1bd3ba5b88 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
@@ -59,8 +59,9 @@ import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.auth.rest.RestAuthenticationDetails;
 import org.thingsboard.server.service.security.exception.UserPasswordExpiredException;
 import org.thingsboard.server.service.security.model.SecurityUser;
+import org.thingsboard.server.utils.AuthorizationDetails;
 import org.thingsboard.server.utils.MiscUtils;
-import ua_parser.Client;
+import org.thingsboard.server.utils.RestAuthenticationDetailsUtils;
 
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
@@ -232,7 +233,8 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
             JsonNode additionalInfo = user.getAdditionalInfo();
             if (additionalInfo instanceof ObjectNode && additionalInfo.has(UserServiceImpl.USER_PASSWORD_HISTORY)) {
                 JsonNode userPasswordHistoryJson = additionalInfo.get(UserServiceImpl.USER_PASSWORD_HISTORY);
-                Map<String, String> userPasswordHistoryMap = JacksonUtil.convertValue(userPasswordHistoryJson, new TypeReference<>() {});
+                Map<String, String> userPasswordHistoryMap = JacksonUtil.convertValue(userPasswordHistoryJson, new TypeReference<>() {
+                });
                 for (Map.Entry<String, String> entry : userPasswordHistoryMap.entrySet()) {
                     if (encoder.matches(password, entry.getValue()) && Long.parseLong(entry.getKey()) > passwordReuseFrequencyTs) {
                         throw new DataValidationException("Password was already used for the last " + passwordPolicy.getPasswordReuseFrequencyDays() + " days");
@@ -262,54 +264,24 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
     }
 
     @Override
-    public void logLoginAction(User user, Object authenticationDetails, ActionType actionType, Exception e) {
+    public void logLoginAction(User user, Object authenticationDetails, ActionType actionType, Exception e, String provider) {
         String clientAddress = "Unknown";
         String browser = "Unknown";
         String os = "Unknown";
         String device = "Unknown";
         if (authenticationDetails instanceof RestAuthenticationDetails) {
-            RestAuthenticationDetails details = (RestAuthenticationDetails) authenticationDetails;
+            AuthorizationDetails details = RestAuthenticationDetailsUtils.getRestAuthenticationDetails((RestAuthenticationDetails) authenticationDetails);
             clientAddress = details.getClientAddress();
-            if (details.getUserAgent() != null) {
-                Client userAgent = details.getUserAgent();
-                if (userAgent.userAgent != null) {
-                    browser = userAgent.userAgent.family;
-                    if (userAgent.userAgent.major != null) {
-                        browser += " " + userAgent.userAgent.major;
-                        if (userAgent.userAgent.minor != null) {
-                            browser += "." + userAgent.userAgent.minor;
-                                if (userAgent.userAgent.patch != null) {
-                                    browser += "." + userAgent.userAgent.patch;
-                                }
-                            }
-                        }
-                    }
-                    if (userAgent.os != null) {
-                        os = userAgent.os.family;
-                        if (userAgent.os.major != null) {
-                            os += " " + userAgent.os.major;
-                            if (userAgent.os.minor != null) {
-                                os += "." + userAgent.os.minor;
-                                if (userAgent.os.patch != null) {
-                                    os += "." + userAgent.os.patch;
-                                    if (userAgent.os.patchMinor != null) {
-                                        os += "." + userAgent.os.patchMinor;
-                                    }
-                                }
-                            }
-                        }
-                    }
-                    if (userAgent.device != null) {
-                        device = userAgent.device.family;
-                    }
-                }
-            }
+            browser = details.getBrowser();
+            os = details.getOs();
+            device = details.getDevice();
+        }
         if (actionType == ActionType.LOGIN && e == null) {
             userService.setLastLoginTs(user.getTenantId(), user.getId());
         }
         auditLogService.logEntityAction(
                 user.getTenantId(), user.getCustomerId(), user.getId(),
-                user.getName(), user.getId(), null, actionType, e, clientAddress, browser, os, device);
+                user.getName(), user.getId(), null, actionType, e, clientAddress, browser, os, device, provider);
     }
 
     private static boolean isPositiveInteger(Integer val) {
diff --git a/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java b/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
index 6173d408c5..9dbb0d8630 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
@@ -42,6 +42,6 @@ public interface SystemSecurityService {
 
     String getBaseUrl(TenantId tenantId, CustomerId customerId, HttpServletRequest httpServletRequest);
 
-    void logLoginAction(User user, Object authenticationDetails, ActionType actionType, Exception e);
+    void logLoginAction(User user, Object authenticationDetails, ActionType actionType, Exception e, String provider);
 
 }
diff --git a/application/src/main/java/org/thingsboard/server/utils/AuthorizationDetails.java b/application/src/main/java/org/thingsboard/server/utils/AuthorizationDetails.java
new file mode 100644
index 0000000000..36f95c0bbf
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/utils/AuthorizationDetails.java
@@ -0,0 +1,28 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.utils;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+@Getter
+@AllArgsConstructor
+public class AuthorizationDetails {
+    private String clientAddress;
+    private String browser;
+    private String os;
+    private String device;
+}
diff --git a/application/src/main/java/org/thingsboard/server/utils/RestAuthenticationDetailsUtils.java b/application/src/main/java/org/thingsboard/server/utils/RestAuthenticationDetailsUtils.java
new file mode 100644
index 0000000000..d39d15ff63
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/utils/RestAuthenticationDetailsUtils.java
@@ -0,0 +1,63 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.utils;
+
+import org.thingsboard.server.service.security.auth.rest.RestAuthenticationDetails;
+import ua_parser.Client;
+
+public class RestAuthenticationDetailsUtils {
+
+    public static AuthorizationDetails getRestAuthenticationDetails(RestAuthenticationDetails details) {
+        String clientAddress = details.getClientAddress();
+        String browser = "Unknown";
+        String os = "Unknown";
+        String device = "Unknown";
+        if (details.getUserAgent() != null) {
+            Client userAgent = details.getUserAgent();
+            if (userAgent.userAgent != null) {
+                browser = userAgent.userAgent.family;
+                if (userAgent.userAgent.major != null) {
+                    browser += " " + userAgent.userAgent.major;
+                    if (userAgent.userAgent.minor != null) {
+                        browser += "." + userAgent.userAgent.minor;
+                        if (userAgent.userAgent.patch != null) {
+                            browser += "." + userAgent.userAgent.patch;
+                        }
+                    }
+                }
+            }
+            if (userAgent.os != null) {
+                os = userAgent.os.family;
+                if (userAgent.os.major != null) {
+                    os += " " + userAgent.os.major;
+                    if (userAgent.os.minor != null) {
+                        os += "." + userAgent.os.minor;
+                        if (userAgent.os.patch != null) {
+                            os += "." + userAgent.os.patch;
+                            if (userAgent.os.patchMinor != null) {
+                                os += "." + userAgent.os.patchMinor;
+                            }
+                        }
+                    }
+                }
+            }
+            if (userAgent.device != null) {
+                device = userAgent.device.family;
+            }
+        }
+        return new AuthorizationDetails(clientAddress, browser, os, device);
+    }
+}
diff --git a/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java b/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java
index da94141768..aa9c669ca5 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java
@@ -257,10 +257,12 @@ public class AuditLogServiceImpl implements AuditLogService {
                 String browser = extractParameter(String.class, 1, additionalInfo);
                 String os = extractParameter(String.class, 2, additionalInfo);
                 String device = extractParameter(String.class, 3, additionalInfo);
+                String provider = extractParameter(String.class, 4, additionalInfo);
                 actionData.put("clientAddress", clientAddress);
                 actionData.put("browser", browser);
                 actionData.put("os", os);
                 actionData.put("device", device);
+                actionData.put("provider", provider);
                 break;
             case PROVISION_SUCCESS:
             case PROVISION_FAILURE:

From df732a8f58f51c9b400e5c7baf6809ef110a8f6d Mon Sep 17 00:00:00 2001
From: oyurov <oyurov@thingsboard.org>
Date: Tue, 18 Oct 2022 20:25:20 +0200
Subject: [PATCH 2/7] Refactor

---
 .../server/controller/AuthController.java     |  2 +-
 .../controller/TwoFactorAuthController.java   |  6 +-
 .../oauth2/AbstractOAuth2ClientMapper.java    |  8 +++
 .../Oauth2AuthenticationSuccessHandler.java   |  2 +-
 .../auth/rest/RestAuthenticationProvider.java |  8 +--
 .../system/DefaultSystemSecurityService.java  | 45 ++++++++++---
 .../system/SystemSecurityService.java         |  2 +-
 .../server/utils/AuthorizationDetails.java    | 28 ---------
 .../utils/RestAuthenticationDetailsUtils.java | 63 -------------------
 .../server/dao/audit/AuditLogServiceImpl.java |  2 -
 10 files changed, 53 insertions(+), 113 deletions(-)
 delete mode 100644 application/src/main/java/org/thingsboard/server/utils/AuthorizationDetails.java
 delete mode 100644 application/src/main/java/org/thingsboard/server/utils/RestAuthenticationDetailsUtils.java

diff --git a/application/src/main/java/org/thingsboard/server/controller/AuthController.java b/application/src/main/java/org/thingsboard/server/controller/AuthController.java
index ba34edef81..6ce85c6d5c 100644
--- a/application/src/main/java/org/thingsboard/server/controller/AuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/AuthController.java
@@ -323,7 +323,7 @@ public class AuthController extends BaseController {
 
     private void logLogoutAction(HttpServletRequest request) throws ThingsboardException {
         try {
-            systemSecurityService.logLoginAction(getCurrentUser(), new RestAuthenticationDetails(request), ActionType.LOGOUT, null, "REST");
+            systemSecurityService.logLoginAction(getCurrentUser(), new RestAuthenticationDetails(request), ActionType.LOGOUT, null);
         } catch (Exception e) {
             throw handleException(e);
         }
diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
index 122d3e85a6..003b4ab450 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@@ -58,8 +58,6 @@ import static org.thingsboard.server.controller.ControllerConstants.NEW_LINE;
 @RequiredArgsConstructor
 public class TwoFactorAuthController extends BaseController {
 
-    private static final String TwoFA_PROVIDER = "2FA ";
-
     private final TwoFactorAuthService twoFactorAuthService;
     private final TwoFaConfigManager twoFaConfigManager;
     private final JwtTokenFactory tokenFactory;
@@ -94,12 +92,12 @@ public class TwoFactorAuthController extends BaseController {
         SecurityUser user = getCurrentUser();
         boolean verificationSuccess = twoFactorAuthService.checkVerificationCode(user, providerType, verificationCode, true);
         if (verificationSuccess) {
-            systemSecurityService.logLoginAction(user, new RestAuthenticationDetails(servletRequest), ActionType.LOGIN, null, TwoFA_PROVIDER + providerType);
+            systemSecurityService.logLoginAction(user, new RestAuthenticationDetails(servletRequest), ActionType.LOGIN, null);
             user = new SecurityUser(userService.findUserById(user.getTenantId(), user.getId()), true, user.getUserPrincipal());
             return tokenFactory.createTokenPair(user);
         } else {
             ThingsboardException error = new ThingsboardException("Verification code is incorrect", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
-            systemSecurityService.logLoginAction(user, new RestAuthenticationDetails(servletRequest), ActionType.LOGIN, error, TwoFA_PROVIDER + providerType);
+            systemSecurityService.logLoginAction(user, new RestAuthenticationDetails(servletRequest), ActionType.LOGIN, error);
             throw error;
         }
     }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/AbstractOAuth2ClientMapper.java b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/AbstractOAuth2ClientMapper.java
index cbb5fa7306..b32e762752 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/AbstractOAuth2ClientMapper.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/AbstractOAuth2ClientMapper.java
@@ -30,6 +30,7 @@ import org.thingsboard.server.common.data.DashboardInfo;
 import org.thingsboard.server.common.data.StringUtils;
 import org.thingsboard.server.common.data.Tenant;
 import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.id.CustomerId;
 import org.thingsboard.server.common.data.id.DashboardId;
 import org.thingsboard.server.common.data.id.IdBased;
@@ -47,6 +48,7 @@ import org.thingsboard.server.dao.oauth2.OAuth2User;
 import org.thingsboard.server.dao.tenant.TbTenantProfileCache;
 import org.thingsboard.server.dao.tenant.TenantService;
 import org.thingsboard.server.dao.user.UserService;
+import org.thingsboard.server.service.entitiy.TbNotificationEntityService;
 import org.thingsboard.server.service.install.InstallScripts;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.UserPrincipal;
@@ -81,6 +83,9 @@ public abstract class AbstractOAuth2ClientMapper {
     @Autowired
     private InstallScripts installScripts;
 
+    @Autowired
+    private TbNotificationEntityService notificationEntityService;
+
     @Autowired
     protected TbTenantProfileCache tenantProfileCache;
 
@@ -151,6 +156,9 @@ public abstract class AbstractOAuth2ClientMapper {
                         UserCredentials userCredentials = userService.findUserCredentialsByUserId(user.getTenantId(), user.getId());
                         userService.activateUserCredentials(user.getTenantId(), userCredentials.getActivateToken(), passwordEncoder.encode(""));
                     }
+
+                    notificationEntityService.notifyCreateOrUpdateOrDelete(tenantId, customerId, user.getId(),
+                            user, user, ActionType.ADDED, true, null);
                 }
             } catch (Exception e) {
                 log.error("Can't get or create security user from oauth2 user", e);
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java
index e5e24a9d87..d41fba4ee5 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java
@@ -104,7 +104,7 @@ public class Oauth2AuthenticationSuccessHandler extends SimpleUrlAuthenticationS
 
             clearAuthenticationAttributes(request, response);
             getRedirectStrategy().sendRedirect(request, response, baseUrl + "/?accessToken=" + accessToken.getToken() + "&refreshToken=" + refreshToken.getToken());
-            systemSecurityService.logLoginAction(securityUser, new RestAuthenticationDetails(request), ActionType.LOGIN, null, "OAUTH2: " + registration.getName());
+            systemSecurityService.logLoginAction(securityUser, new RestAuthenticationDetails(request), ActionType.LOGIN, null);
         } catch (Exception e) {
             log.debug("Error occurred during processing authentication success result. " +
                     "request [{}], response [{}], authentication [{}]", request, response, authentication, e);
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
index 1f8a49b803..b3ef88dbff 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
@@ -53,8 +53,6 @@ import java.util.UUID;
 @TbCoreComponent
 public class RestAuthenticationProvider implements AuthenticationProvider {
 
-    private static final String REST_PROVIDER = "REST";
-
     private final SystemSecurityService systemSecurityService;
     private final UserService userService;
     private final CustomerService customerService;
@@ -89,7 +87,7 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
             if (twoFactorAuthService.isTwoFaEnabled(securityUser.getTenantId(), securityUser.getId())) {
                 return new MfaAuthenticationToken(securityUser);
             } else {
-                systemSecurityService.logLoginAction(securityUser, authentication.getDetails(), ActionType.LOGIN, null, REST_PROVIDER);
+                systemSecurityService.logLoginAction(securityUser, authentication.getDetails(), ActionType.LOGIN, null);
             }
         } else {
             String publicId = userPrincipal.getValue();
@@ -115,7 +113,7 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
             try {
                 systemSecurityService.validateUserCredentials(user.getTenantId(), userCredentials, username, password);
             } catch (LockedException e) {
-                systemSecurityService.logLoginAction(user, authentication.getDetails(), ActionType.LOCKOUT, null, REST_PROVIDER);
+                systemSecurityService.logLoginAction(user, authentication.getDetails(), ActionType.LOCKOUT, null);
                 throw e;
             }
 
@@ -124,7 +122,7 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
 
             return new SecurityUser(user, userCredentials.isEnabled(), userPrincipal);
         } catch (Exception e) {
-            systemSecurityService.logLoginAction(user, authentication.getDetails(), ActionType.LOGIN, e, REST_PROVIDER);
+            systemSecurityService.logLoginAction(user, authentication.getDetails(), ActionType.LOGIN, e);
             throw e;
         }
     }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
index 1bd3ba5b88..e7743f8218 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
@@ -59,9 +59,8 @@ import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.auth.rest.RestAuthenticationDetails;
 import org.thingsboard.server.service.security.exception.UserPasswordExpiredException;
 import org.thingsboard.server.service.security.model.SecurityUser;
-import org.thingsboard.server.utils.AuthorizationDetails;
 import org.thingsboard.server.utils.MiscUtils;
-import org.thingsboard.server.utils.RestAuthenticationDetailsUtils;
+import ua_parser.Client;
 
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
@@ -264,24 +263,54 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
     }
 
     @Override
-    public void logLoginAction(User user, Object authenticationDetails, ActionType actionType, Exception e, String provider) {
+    public void logLoginAction(User user, Object authenticationDetails, ActionType actionType, Exception e) {
         String clientAddress = "Unknown";
         String browser = "Unknown";
         String os = "Unknown";
         String device = "Unknown";
         if (authenticationDetails instanceof RestAuthenticationDetails) {
-            AuthorizationDetails details = RestAuthenticationDetailsUtils.getRestAuthenticationDetails((RestAuthenticationDetails) authenticationDetails);
+            RestAuthenticationDetails details = (RestAuthenticationDetails) authenticationDetails;
             clientAddress = details.getClientAddress();
-            browser = details.getBrowser();
-            os = details.getOs();
-            device = details.getDevice();
+            if (details.getUserAgent() != null) {
+                Client userAgent = details.getUserAgent();
+                if (userAgent.userAgent != null) {
+                    browser = userAgent.userAgent.family;
+                    if (userAgent.userAgent.major != null) {
+                        browser += " " + userAgent.userAgent.major;
+                        if (userAgent.userAgent.minor != null) {
+                            browser += "." + userAgent.userAgent.minor;
+                            if (userAgent.userAgent.patch != null) {
+                                browser += "." + userAgent.userAgent.patch;
+                            }
+                        }
+                    }
+                }
+                if (userAgent.os != null) {
+                    os = userAgent.os.family;
+                    if (userAgent.os.major != null) {
+                        os += " " + userAgent.os.major;
+                        if (userAgent.os.minor != null) {
+                            os += "." + userAgent.os.minor;
+                            if (userAgent.os.patch != null) {
+                                os += "." + userAgent.os.patch;
+                                if (userAgent.os.patchMinor != null) {
+                                    os += "." + userAgent.os.patchMinor;
+                                }
+                            }
+                        }
+                    }
+                }
+                if (userAgent.device != null) {
+                    device = userAgent.device.family;
+                }
+            }
         }
         if (actionType == ActionType.LOGIN && e == null) {
             userService.setLastLoginTs(user.getTenantId(), user.getId());
         }
         auditLogService.logEntityAction(
                 user.getTenantId(), user.getCustomerId(), user.getId(),
-                user.getName(), user.getId(), null, actionType, e, clientAddress, browser, os, device, provider);
+                user.getName(), user.getId(), null, actionType, e, clientAddress, browser, os, device);
     }
 
     private static boolean isPositiveInteger(Integer val) {
diff --git a/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java b/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
index 9dbb0d8630..6173d408c5 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
@@ -42,6 +42,6 @@ public interface SystemSecurityService {
 
     String getBaseUrl(TenantId tenantId, CustomerId customerId, HttpServletRequest httpServletRequest);
 
-    void logLoginAction(User user, Object authenticationDetails, ActionType actionType, Exception e, String provider);
+    void logLoginAction(User user, Object authenticationDetails, ActionType actionType, Exception e);
 
 }
diff --git a/application/src/main/java/org/thingsboard/server/utils/AuthorizationDetails.java b/application/src/main/java/org/thingsboard/server/utils/AuthorizationDetails.java
deleted file mode 100644
index 36f95c0bbf..0000000000
--- a/application/src/main/java/org/thingsboard/server/utils/AuthorizationDetails.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/**
- * Copyright © 2016-2022 The Thingsboard Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.thingsboard.server.utils;
-
-import lombok.AllArgsConstructor;
-import lombok.Getter;
-
-@Getter
-@AllArgsConstructor
-public class AuthorizationDetails {
-    private String clientAddress;
-    private String browser;
-    private String os;
-    private String device;
-}
diff --git a/application/src/main/java/org/thingsboard/server/utils/RestAuthenticationDetailsUtils.java b/application/src/main/java/org/thingsboard/server/utils/RestAuthenticationDetailsUtils.java
deleted file mode 100644
index d39d15ff63..0000000000
--- a/application/src/main/java/org/thingsboard/server/utils/RestAuthenticationDetailsUtils.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/**
- * Copyright © 2016-2022 The Thingsboard Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.thingsboard.server.utils;
-
-import org.thingsboard.server.service.security.auth.rest.RestAuthenticationDetails;
-import ua_parser.Client;
-
-public class RestAuthenticationDetailsUtils {
-
-    public static AuthorizationDetails getRestAuthenticationDetails(RestAuthenticationDetails details) {
-        String clientAddress = details.getClientAddress();
-        String browser = "Unknown";
-        String os = "Unknown";
-        String device = "Unknown";
-        if (details.getUserAgent() != null) {
-            Client userAgent = details.getUserAgent();
-            if (userAgent.userAgent != null) {
-                browser = userAgent.userAgent.family;
-                if (userAgent.userAgent.major != null) {
-                    browser += " " + userAgent.userAgent.major;
-                    if (userAgent.userAgent.minor != null) {
-                        browser += "." + userAgent.userAgent.minor;
-                        if (userAgent.userAgent.patch != null) {
-                            browser += "." + userAgent.userAgent.patch;
-                        }
-                    }
-                }
-            }
-            if (userAgent.os != null) {
-                os = userAgent.os.family;
-                if (userAgent.os.major != null) {
-                    os += " " + userAgent.os.major;
-                    if (userAgent.os.minor != null) {
-                        os += "." + userAgent.os.minor;
-                        if (userAgent.os.patch != null) {
-                            os += "." + userAgent.os.patch;
-                            if (userAgent.os.patchMinor != null) {
-                                os += "." + userAgent.os.patchMinor;
-                            }
-                        }
-                    }
-                }
-            }
-            if (userAgent.device != null) {
-                device = userAgent.device.family;
-            }
-        }
-        return new AuthorizationDetails(clientAddress, browser, os, device);
-    }
-}
diff --git a/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java b/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java
index aa9c669ca5..da94141768 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java
@@ -257,12 +257,10 @@ public class AuditLogServiceImpl implements AuditLogService {
                 String browser = extractParameter(String.class, 1, additionalInfo);
                 String os = extractParameter(String.class, 2, additionalInfo);
                 String device = extractParameter(String.class, 3, additionalInfo);
-                String provider = extractParameter(String.class, 4, additionalInfo);
                 actionData.put("clientAddress", clientAddress);
                 actionData.put("browser", browser);
                 actionData.put("os", os);
                 actionData.put("device", device);
-                actionData.put("provider", provider);
                 break;
             case PROVISION_SUCCESS:
             case PROVISION_FAILURE:

From 39b138d45b13c9d256c070d396c4a06c3e6965e2 Mon Sep 17 00:00:00 2001
From: oyurov <oyurov@thingsboard.org>
Date: Wed, 19 Oct 2022 11:55:27 +0200
Subject: [PATCH 3/7] Added audit log for provider oauth2

---
 .../service/security/system/DefaultSystemSecurityService.java | 2 +-
 .../org/thingsboard/server/dao/audit/AuditLogServiceImpl.java | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
index e7743f8218..2fe4c2d639 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
@@ -310,7 +310,7 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
         }
         auditLogService.logEntityAction(
                 user.getTenantId(), user.getCustomerId(), user.getId(),
-                user.getName(), user.getId(), null, actionType, e, clientAddress, browser, os, device);
+                user.getName(), user.getId(), null, actionType, e, clientAddress, browser, os, device, user.getAdditionalInfo());
     }
 
     private static boolean isPositiveInteger(Integer val) {
diff --git a/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java b/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java
index da94141768..b935307358 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java
@@ -257,10 +257,14 @@ public class AuditLogServiceImpl implements AuditLogService {
                 String browser = extractParameter(String.class, 1, additionalInfo);
                 String os = extractParameter(String.class, 2, additionalInfo);
                 String device = extractParameter(String.class, 3, additionalInfo);
+                JsonNode provider = extractParameter(JsonNode.class, 4, additionalInfo);
                 actionData.put("clientAddress", clientAddress);
                 actionData.put("browser", browser);
                 actionData.put("os", os);
                 actionData.put("device", device);
+                if (provider != null && provider.has("authProviderName")) {
+                    actionData.put("provider", provider.get("authProviderName").asText());
+                }
                 break;
             case PROVISION_SUCCESS:
             case PROVISION_FAILURE:

From f8158ee6aee6430b7c5a9999c6990e7fcb148c06 Mon Sep 17 00:00:00 2001
From: oyurov <oyurov@thingsboard.org>
Date: Wed, 19 Oct 2022 15:25:33 +0200
Subject: [PATCH 4/7] Refactor

---
 .../security/system/DefaultSystemSecurityService.java       | 6 +++++-
 .../thingsboard/server/dao/audit/AuditLogServiceImpl.java   | 6 +++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
index 2fe4c2d639..ed0e8eeb96 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
@@ -268,6 +268,7 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
         String browser = "Unknown";
         String os = "Unknown";
         String device = "Unknown";
+        String provider = null;
         if (authenticationDetails instanceof RestAuthenticationDetails) {
             RestAuthenticationDetails details = (RestAuthenticationDetails) authenticationDetails;
             clientAddress = details.getClientAddress();
@@ -308,9 +309,12 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
         if (actionType == ActionType.LOGIN && e == null) {
             userService.setLastLoginTs(user.getTenantId(), user.getId());
         }
+        if (user.getAdditionalInfo() != null && user.getAdditionalInfo().has("authProviderName")) {
+            provider = user.getAdditionalInfo().get("authProviderName").asText();
+        }
         auditLogService.logEntityAction(
                 user.getTenantId(), user.getCustomerId(), user.getId(),
-                user.getName(), user.getId(), null, actionType, e, clientAddress, browser, os, device, user.getAdditionalInfo());
+                user.getName(), user.getId(), null, actionType, e, clientAddress, browser, os, device, provider);
     }
 
     private static boolean isPositiveInteger(Integer val) {
diff --git a/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java b/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java
index b935307358..c3127b5278 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java
@@ -257,13 +257,13 @@ public class AuditLogServiceImpl implements AuditLogService {
                 String browser = extractParameter(String.class, 1, additionalInfo);
                 String os = extractParameter(String.class, 2, additionalInfo);
                 String device = extractParameter(String.class, 3, additionalInfo);
-                JsonNode provider = extractParameter(JsonNode.class, 4, additionalInfo);
+                String provider = extractParameter(String.class, 4, additionalInfo);
                 actionData.put("clientAddress", clientAddress);
                 actionData.put("browser", browser);
                 actionData.put("os", os);
                 actionData.put("device", device);
-                if (provider != null && provider.has("authProviderName")) {
-                    actionData.put("provider", provider.get("authProviderName").asText());
+                if (org.springframework.util.StringUtils.hasText(provider)) {
+                    actionData.put("provider", provider);
                 }
                 break;
             case PROVISION_SUCCESS:

From 0da086ff9e3dc4cf0e5d08137823f1e40644c79e Mon Sep 17 00:00:00 2001
From: oyurov <oyurov@thingsboard.org>
Date: Wed, 19 Oct 2022 15:26:24 +0200
Subject: [PATCH 5/7] Formatting

---
 .../service/security/system/DefaultSystemSecurityService.java  | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
index ed0e8eeb96..ca44b584fa 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
@@ -232,8 +232,7 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
             JsonNode additionalInfo = user.getAdditionalInfo();
             if (additionalInfo instanceof ObjectNode && additionalInfo.has(UserServiceImpl.USER_PASSWORD_HISTORY)) {
                 JsonNode userPasswordHistoryJson = additionalInfo.get(UserServiceImpl.USER_PASSWORD_HISTORY);
-                Map<String, String> userPasswordHistoryMap = JacksonUtil.convertValue(userPasswordHistoryJson, new TypeReference<>() {
-                });
+                Map<String, String> userPasswordHistoryMap = JacksonUtil.convertValue(userPasswordHistoryJson, new TypeReference<>() {});
                 for (Map.Entry<String, String> entry : userPasswordHistoryMap.entrySet()) {
                     if (encoder.matches(password, entry.getValue()) && Long.parseLong(entry.getKey()) > passwordReuseFrequencyTs) {
                         throw new DataValidationException("Password was already used for the last " + passwordPolicy.getPasswordReuseFrequencyDays() + " days");

From 87cd103ec89a16260b3d6494ead948ab899e4ac2 Mon Sep 17 00:00:00 2001
From: oyurov <oyurov@thingsboard.org>
Date: Tue, 1 Nov 2022 11:53:09 +0100
Subject: [PATCH 6/7] Refactor

---
 .../auth/oauth2/Oauth2AuthenticationSuccessHandler.java  | 2 +-
 .../security/system/DefaultSystemSecurityService.java    | 9 +++++----
 .../service/security/system/SystemSecurityService.java   | 1 +
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java
index d41fba4ee5..6aeba94d69 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java
@@ -104,7 +104,7 @@ public class Oauth2AuthenticationSuccessHandler extends SimpleUrlAuthenticationS
 
             clearAuthenticationAttributes(request, response);
             getRedirectStrategy().sendRedirect(request, response, baseUrl + "/?accessToken=" + accessToken.getToken() + "&refreshToken=" + refreshToken.getToken());
-            systemSecurityService.logLoginAction(securityUser, new RestAuthenticationDetails(request), ActionType.LOGIN, null);
+            systemSecurityService.logLoginAction(securityUser, new RestAuthenticationDetails(request), ActionType.LOGIN, registration.getName(), null);
         } catch (Exception e) {
             log.debug("Error occurred during processing authentication success result. " +
                     "request [{}], response [{}], authentication [{}]", request, response, authentication, e);
diff --git a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
index ca44b584fa..97b433661a 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
@@ -263,11 +263,15 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
 
     @Override
     public void logLoginAction(User user, Object authenticationDetails, ActionType actionType, Exception e) {
+        logLoginAction(user, authenticationDetails, actionType, null, e);
+    }
+
+    @Override
+    public void logLoginAction(User user, Object authenticationDetails, ActionType actionType, String provider, Exception e) {
         String clientAddress = "Unknown";
         String browser = "Unknown";
         String os = "Unknown";
         String device = "Unknown";
-        String provider = null;
         if (authenticationDetails instanceof RestAuthenticationDetails) {
             RestAuthenticationDetails details = (RestAuthenticationDetails) authenticationDetails;
             clientAddress = details.getClientAddress();
@@ -308,9 +312,6 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
         if (actionType == ActionType.LOGIN && e == null) {
             userService.setLastLoginTs(user.getTenantId(), user.getId());
         }
-        if (user.getAdditionalInfo() != null && user.getAdditionalInfo().has("authProviderName")) {
-            provider = user.getAdditionalInfo().get("authProviderName").asText();
-        }
         auditLogService.logEntityAction(
                 user.getTenantId(), user.getCustomerId(), user.getId(),
                 user.getName(), user.getId(), null, actionType, e, clientAddress, browser, os, device, provider);
diff --git a/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java b/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
index 6173d408c5..39d5935906 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
@@ -44,4 +44,5 @@ public interface SystemSecurityService {
 
     void logLoginAction(User user, Object authenticationDetails, ActionType actionType, Exception e);
 
+    void logLoginAction(User user, Object authenticationDetails, ActionType actionType, String provider, Exception e);
 }

From 4d271ff730a2cef9aca819ab9c3ff2c6786dc70c Mon Sep 17 00:00:00 2001
From: oyurov <oyurov@thingsboard.org>
Date: Tue, 1 Nov 2022 12:08:57 +0100
Subject: [PATCH 7/7] Refactor

---
 .../auth/oauth2/AbstractOAuth2ClientMapper.java        | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/AbstractOAuth2ClientMapper.java b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/AbstractOAuth2ClientMapper.java
index b32e762752..ba0e4aa0b4 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/AbstractOAuth2ClientMapper.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/AbstractOAuth2ClientMapper.java
@@ -30,7 +30,6 @@ import org.thingsboard.server.common.data.DashboardInfo;
 import org.thingsboard.server.common.data.StringUtils;
 import org.thingsboard.server.common.data.Tenant;
 import org.thingsboard.server.common.data.User;
-import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.id.CustomerId;
 import org.thingsboard.server.common.data.id.DashboardId;
 import org.thingsboard.server.common.data.id.IdBased;
@@ -48,7 +47,7 @@ import org.thingsboard.server.dao.oauth2.OAuth2User;
 import org.thingsboard.server.dao.tenant.TbTenantProfileCache;
 import org.thingsboard.server.dao.tenant.TenantService;
 import org.thingsboard.server.dao.user.UserService;
-import org.thingsboard.server.service.entitiy.TbNotificationEntityService;
+import org.thingsboard.server.service.entitiy.user.TbUserService;
 import org.thingsboard.server.service.install.InstallScripts;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.UserPrincipal;
@@ -84,7 +83,7 @@ public abstract class AbstractOAuth2ClientMapper {
     private InstallScripts installScripts;
 
     @Autowired
-    private TbNotificationEntityService notificationEntityService;
+    private TbUserService tbUserService;
 
     @Autowired
     protected TbTenantProfileCache tenantProfileCache;
@@ -151,14 +150,11 @@ public abstract class AbstractOAuth2ClientMapper {
 
                     user.setAdditionalInfo(additionalInfo);
 
-                    user = userService.saveUser(user);
+                    user = tbUserService.save(tenantId, customerId, user, false, null, null);
                     if (config.isActivateUser()) {
                         UserCredentials userCredentials = userService.findUserCredentialsByUserId(user.getTenantId(), user.getId());
                         userService.activateUserCredentials(user.getTenantId(), userCredentials.getActivateToken(), passwordEncoder.encode(""));
                     }
-
-                    notificationEntityService.notifyCreateOrUpdateOrDelete(tenantId, customerId, user.getId(),
-                            user, user, ActionType.ADDED, true, null);
                 }
             } catch (Exception e) {
                 log.error("Can't get or create security user from oauth2 user", e);