diff --git a/application/src/main/data/upgrade/3.2.2/schema_update.sql b/application/src/main/data/upgrade/3.2.2/schema_update.sql index 9e94caf1af..30bc80a458 100644 --- a/application/src/main/data/upgrade/3.2.2/schema_update.sql +++ b/application/src/main/data/upgrade/3.2.2/schema_update.sql @@ -96,6 +96,7 @@ CREATE TABLE IF NOT EXISTS oauth2_registration ( authorization_uri varchar(255), token_uri varchar(255), scope varchar(255), + platforms varchar(255), user_info_uri varchar(255), user_name_attribute_name varchar(255), jwk_set_uri varchar(255), diff --git a/application/src/main/java/org/thingsboard/server/controller/OAuth2Controller.java b/application/src/main/java/org/thingsboard/server/controller/OAuth2Controller.java index 349c6de672..7497e20122 100644 --- a/application/src/main/java/org/thingsboard/server/controller/OAuth2Controller.java +++ b/application/src/main/java/org/thingsboard/server/controller/OAuth2Controller.java @@ -26,9 +26,11 @@ import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseStatus; import org.springframework.web.bind.annotation.RestController; +import org.thingsboard.server.common.data.StringUtils; import org.thingsboard.server.common.data.exception.ThingsboardException; import org.thingsboard.server.common.data.oauth2.OAuth2ClientInfo; import org.thingsboard.server.common.data.oauth2.OAuth2Info; +import org.thingsboard.server.common.data.oauth2.PlatformType; import org.thingsboard.server.dao.oauth2.OAuth2Configuration; import org.thingsboard.server.queue.util.TbCoreComponent; import org.thingsboard.server.service.security.permission.Operation; @@ -51,7 +53,8 @@ public class OAuth2Controller extends BaseController { @RequestMapping(value = "/noauth/oauth2Clients", method = RequestMethod.POST) @ResponseBody public List getOAuth2Clients(HttpServletRequest request, - @RequestParam(required = false) String pkgName) throws ThingsboardException { + @RequestParam(required = false) String pkgName, + @RequestParam(required = false) String platform) throws ThingsboardException { try { if (log.isDebugEnabled()) { log.debug("Executing getOAuth2Clients: [{}][{}][{}]", request.getScheme(), request.getServerName(), request.getServerPort()); @@ -61,7 +64,13 @@ public class OAuth2Controller extends BaseController { log.debug("Header: {} {}", header, request.getHeader(header)); } } - return oAuth2Service.getOAuth2Clients(MiscUtils.getScheme(request), MiscUtils.getDomainNameAndPort(request), pkgName); + PlatformType platformType = null; + if (StringUtils.isNotEmpty(platform)) { + try { + platformType = PlatformType.valueOf(platform); + } catch (Exception e) {} + } + return oAuth2Service.getOAuth2Clients(MiscUtils.getScheme(request), MiscUtils.getDomainNameAndPort(request), pkgName, platformType); } catch (Exception e) { throw handleException(e); } diff --git a/application/src/main/java/org/thingsboard/server/install/ThingsboardInstallService.java b/application/src/main/java/org/thingsboard/server/install/ThingsboardInstallService.java index 267fb31ad7..b3f0d644c7 100644 --- a/application/src/main/java/org/thingsboard/server/install/ThingsboardInstallService.java +++ b/application/src/main/java/org/thingsboard/server/install/ThingsboardInstallService.java @@ -199,6 +199,7 @@ public class ThingsboardInstallService { databaseEntitiesUpgradeService.upgradeDatabase("3.2.2"); dataUpdateService.updateData("3.2.2"); + systemDataLoaderService.createOAuth2Templates(); log.info("Updating system data..."); systemDataLoaderService.updateSystemWidgets(); diff --git a/common/dao-api/src/main/java/org/thingsboard/server/dao/oauth2/OAuth2Service.java b/common/dao-api/src/main/java/org/thingsboard/server/dao/oauth2/OAuth2Service.java index 158c3911b4..0e9a36c05e 100644 --- a/common/dao-api/src/main/java/org/thingsboard/server/dao/oauth2/OAuth2Service.java +++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/oauth2/OAuth2Service.java @@ -18,6 +18,7 @@ package org.thingsboard.server.dao.oauth2; import org.thingsboard.server.common.data.oauth2.OAuth2ClientInfo; import org.thingsboard.server.common.data.oauth2.OAuth2Info; import org.thingsboard.server.common.data.oauth2.OAuth2Registration; +import org.thingsboard.server.common.data.oauth2.PlatformType; import org.thingsboard.server.common.data.oauth2.deprecated.OAuth2ClientRegistrationInfo; import org.thingsboard.server.common.data.oauth2.deprecated.OAuth2ClientsParams; @@ -25,7 +26,7 @@ import java.util.List; import java.util.UUID; public interface OAuth2Service { - List getOAuth2Clients(String domainScheme, String domainName, String pkgName); + List getOAuth2Clients(String domainScheme, String domainName, String pkgName, PlatformType platformType); @Deprecated void saveOAuth2Params(OAuth2ClientsParams oauth2Params); diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/oauth2/OAuth2Registration.java b/common/data/src/main/java/org/thingsboard/server/common/data/oauth2/OAuth2Registration.java index 5120e3202f..095462b16f 100644 --- a/common/data/src/main/java/org/thingsboard/server/common/data/oauth2/OAuth2Registration.java +++ b/common/data/src/main/java/org/thingsboard/server/common/data/oauth2/OAuth2Registration.java @@ -46,6 +46,7 @@ public class OAuth2Registration extends SearchTextBasedWithAdditionalInfo platforms; public OAuth2Registration(OAuth2Registration registration) { super(registration); @@ -62,6 +63,7 @@ public class OAuth2Registration extends SearchTextBasedWithAdditionalInfo platforms; private JsonNode additionalInfo; } diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/oauth2/PlatformType.java b/common/data/src/main/java/org/thingsboard/server/common/data/oauth2/PlatformType.java new file mode 100644 index 0000000000..9c775e86e7 --- /dev/null +++ b/common/data/src/main/java/org/thingsboard/server/common/data/oauth2/PlatformType.java @@ -0,0 +1,20 @@ +/** + * Copyright © 2016-2021 The Thingsboard Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.thingsboard.server.common.data.oauth2; + +public enum PlatformType { + WEB, ANDROID, IOS +} diff --git a/dao/src/main/java/org/thingsboard/server/dao/model/ModelConstants.java b/dao/src/main/java/org/thingsboard/server/dao/model/ModelConstants.java index 02c8db42d4..32b5afc9aa 100644 --- a/dao/src/main/java/org/thingsboard/server/dao/model/ModelConstants.java +++ b/dao/src/main/java/org/thingsboard/server/dao/model/ModelConstants.java @@ -433,6 +433,7 @@ public class ModelConstants { public static final String OAUTH2_AUTHORIZATION_URI_PROPERTY = "authorization_uri"; public static final String OAUTH2_TOKEN_URI_PROPERTY = "token_uri"; public static final String OAUTH2_SCOPE_PROPERTY = "scope"; + public static final String OAUTH2_PLATFORMS_PROPERTY = "platforms"; public static final String OAUTH2_USER_INFO_URI_PROPERTY = "user_info_uri"; public static final String OAUTH2_USER_NAME_ATTRIBUTE_NAME_PROPERTY = "user_name_attribute_name"; public static final String OAUTH2_JWK_SET_URI_PROPERTY = "jwk_set_uri"; diff --git a/dao/src/main/java/org/thingsboard/server/dao/model/sql/OAuth2RegistrationEntity.java b/dao/src/main/java/org/thingsboard/server/dao/model/sql/OAuth2RegistrationEntity.java index 9c6c260316..edcaa794a6 100644 --- a/dao/src/main/java/org/thingsboard/server/dao/model/sql/OAuth2RegistrationEntity.java +++ b/dao/src/main/java/org/thingsboard/server/dao/model/sql/OAuth2RegistrationEntity.java @@ -16,6 +16,7 @@ package org.thingsboard.server.dao.model.sql; import com.fasterxml.jackson.databind.JsonNode; +import io.micrometer.core.instrument.util.StringUtils; import lombok.Data; import lombok.EqualsAndHashCode; import org.hibernate.annotations.Type; @@ -27,6 +28,7 @@ import org.thingsboard.server.common.data.oauth2.OAuth2BasicMapperConfig; import org.thingsboard.server.common.data.oauth2.OAuth2CustomMapperConfig; import org.thingsboard.server.common.data.oauth2.OAuth2MapperConfig; import org.thingsboard.server.common.data.oauth2.OAuth2Registration; +import org.thingsboard.server.common.data.oauth2.PlatformType; import org.thingsboard.server.common.data.oauth2.TenantNameStrategyType; import org.thingsboard.server.dao.model.BaseSqlEntity; import org.thingsboard.server.dao.model.ModelConstants; @@ -38,7 +40,9 @@ import javax.persistence.EnumType; import javax.persistence.Enumerated; import javax.persistence.Table; import java.util.Arrays; +import java.util.Collections; import java.util.UUID; +import java.util.stream.Collectors; @Data @EqualsAndHashCode(callSuper = true) @@ -59,6 +63,8 @@ public class OAuth2RegistrationEntity extends BaseSqlEntity private String tokenUri; @Column(name = ModelConstants.OAUTH2_SCOPE_PROPERTY) private String scope; + @Column(name = ModelConstants.OAUTH2_PLATFORMS_PROPERTY) + private String platforms; @Column(name = ModelConstants.OAUTH2_USER_INFO_URI_PROPERTY) private String userInfoUri; @Column(name = ModelConstants.OAUTH2_USER_NAME_ATTRIBUTE_NAME_PROPERTY) @@ -125,6 +131,7 @@ public class OAuth2RegistrationEntity extends BaseSqlEntity this.authorizationUri = registration.getAuthorizationUri(); this.tokenUri = registration.getAccessTokenUri(); this.scope = registration.getScope().stream().reduce((result, element) -> result + "," + element).orElse(""); + this.platforms = registration.getPlatforms() != null ? registration.getPlatforms().stream().map(Enum::name).reduce((result, element) -> result + "," + element).orElse("") : ""; this.userInfoUri = registration.getUserInfoUri(); this.userNameAttributeName = registration.getUserNameAttributeName(); this.jwkSetUri = registration.getJwkSetUri(); @@ -201,6 +208,8 @@ public class OAuth2RegistrationEntity extends BaseSqlEntity registration.setAuthorizationUri(authorizationUri); registration.setAccessTokenUri(tokenUri); registration.setScope(Arrays.asList(scope.split(","))); + registration.setPlatforms(StringUtils.isNotEmpty(platforms) ? Arrays.stream(platforms.split(",")) + .map(str -> PlatformType.valueOf(str)).collect(Collectors.toList()) : Collections.emptyList()); registration.setUserInfoUri(userInfoUri); registration.setUserNameAttributeName(userNameAttributeName); registration.setJwkSetUri(jwkSetUri); diff --git a/dao/src/main/java/org/thingsboard/server/dao/oauth2/OAuth2RegistrationDao.java b/dao/src/main/java/org/thingsboard/server/dao/oauth2/OAuth2RegistrationDao.java index ad12b12e48..de80334577 100644 --- a/dao/src/main/java/org/thingsboard/server/dao/oauth2/OAuth2RegistrationDao.java +++ b/dao/src/main/java/org/thingsboard/server/dao/oauth2/OAuth2RegistrationDao.java @@ -16,6 +16,7 @@ package org.thingsboard.server.dao.oauth2; import org.thingsboard.server.common.data.oauth2.OAuth2Registration; +import org.thingsboard.server.common.data.oauth2.PlatformType; import org.thingsboard.server.common.data.oauth2.SchemeType; import org.thingsboard.server.dao.Dao; @@ -24,7 +25,7 @@ import java.util.UUID; public interface OAuth2RegistrationDao extends Dao { - List findEnabledByDomainSchemesDomainNameAndPkgName(List domainSchemes, String domainName, String pkgName); + List findEnabledByDomainSchemesDomainNameAndPkgNameAndPlatformType(List domainSchemes, String domainName, String pkgName, PlatformType platformType); List findByOAuth2ParamsId(UUID oauth2ParamsId); diff --git a/dao/src/main/java/org/thingsboard/server/dao/oauth2/OAuth2ServiceImpl.java b/dao/src/main/java/org/thingsboard/server/dao/oauth2/OAuth2ServiceImpl.java index 8d06adee0b..6c2126a005 100644 --- a/dao/src/main/java/org/thingsboard/server/dao/oauth2/OAuth2ServiceImpl.java +++ b/dao/src/main/java/org/thingsboard/server/dao/oauth2/OAuth2ServiceImpl.java @@ -65,8 +65,8 @@ public class OAuth2ServiceImpl extends AbstractEntityService implements OAuth2Se private OAuth2MobileDao oauth2MobileDao; @Override - public List getOAuth2Clients(String domainSchemeStr, String domainName, String pkgName) { - log.trace("Executing getOAuth2Clients [{}://{}]", domainSchemeStr, domainName); + public List getOAuth2Clients(String domainSchemeStr, String domainName, String pkgName, PlatformType platformType) { + log.trace("Executing getOAuth2Clients [{}://{}] pkgName=[{}] platformType=[{}]", domainSchemeStr, domainName, pkgName, platformType); if (domainSchemeStr == null) { throw new IncorrectParameterException(INCORRECT_DOMAIN_SCHEME); } @@ -77,7 +77,9 @@ public class OAuth2ServiceImpl extends AbstractEntityService implements OAuth2Se throw new IncorrectParameterException(INCORRECT_DOMAIN_SCHEME); } validateString(domainName, INCORRECT_DOMAIN_NAME + domainName); - return oauth2RegistrationDao.findEnabledByDomainSchemesDomainNameAndPkgName(Arrays.asList(domainScheme, SchemeType.MIXED), domainName, pkgName).stream() + return oauth2RegistrationDao.findEnabledByDomainSchemesDomainNameAndPkgNameAndPlatformType( + Arrays.asList(domainScheme, SchemeType.MIXED), domainName, pkgName, platformType) + .stream() .map(OAuth2Utils::toClientInfo) .collect(Collectors.toList()); } diff --git a/dao/src/main/java/org/thingsboard/server/dao/oauth2/OAuth2Utils.java b/dao/src/main/java/org/thingsboard/server/dao/oauth2/OAuth2Utils.java index dd128b435b..896c619c82 100644 --- a/dao/src/main/java/org/thingsboard/server/dao/oauth2/OAuth2Utils.java +++ b/dao/src/main/java/org/thingsboard/server/dao/oauth2/OAuth2Utils.java @@ -127,6 +127,7 @@ public class OAuth2Utils { .authorizationUri(registration.getAuthorizationUri()) .accessTokenUri(registration.getAccessTokenUri()) .scope(registration.getScope()) + .platforms(registration.getPlatforms()) .userInfoUri(registration.getUserInfoUri()) .userNameAttributeName(registration.getUserNameAttributeName()) .jwkSetUri(registration.getJwkSetUri()) @@ -167,6 +168,7 @@ public class OAuth2Utils { registration.setAuthorizationUri(registrationInfo.getAuthorizationUri()); registration.setAccessTokenUri(registrationInfo.getAccessTokenUri()); registration.setScope(registrationInfo.getScope()); + registration.setPlatforms(registrationInfo.getPlatforms()); registration.setUserInfoUri(registrationInfo.getUserInfoUri()); registration.setUserNameAttributeName(registrationInfo.getUserNameAttributeName()); registration.setJwkSetUri(registrationInfo.getJwkSetUri()); @@ -224,6 +226,7 @@ public class OAuth2Utils { .loginButtonLabel(clientRegistrationDto.getLoginButtonLabel()) .loginButtonIcon(clientRegistrationDto.getLoginButtonIcon()) .additionalInfo(clientRegistrationDto.getAdditionalInfo()) + .platforms(Collections.emptyList()) .build(); } diff --git a/dao/src/main/java/org/thingsboard/server/dao/sql/oauth2/JpaOAuth2RegistrationDao.java b/dao/src/main/java/org/thingsboard/server/dao/sql/oauth2/JpaOAuth2RegistrationDao.java index c3ee8a8c03..0b09f7ddea 100644 --- a/dao/src/main/java/org/thingsboard/server/dao/sql/oauth2/JpaOAuth2RegistrationDao.java +++ b/dao/src/main/java/org/thingsboard/server/dao/sql/oauth2/JpaOAuth2RegistrationDao.java @@ -19,6 +19,7 @@ import lombok.RequiredArgsConstructor; import org.springframework.data.repository.CrudRepository; import org.springframework.stereotype.Component; import org.thingsboard.server.common.data.oauth2.OAuth2Registration; +import org.thingsboard.server.common.data.oauth2.PlatformType; import org.thingsboard.server.common.data.oauth2.SchemeType; import org.thingsboard.server.dao.DaoUtil; import org.thingsboard.server.dao.model.sql.OAuth2RegistrationEntity; @@ -45,8 +46,9 @@ public class JpaOAuth2RegistrationDao extends JpaAbstractDao findEnabledByDomainSchemesDomainNameAndPkgName(List domainSchemes, String domainName, String pkgName) { - return DaoUtil.convertDataList(repository.findAllEnabledByDomainSchemesNameAndPkgName(domainSchemes, domainName, pkgName)); + public List findEnabledByDomainSchemesDomainNameAndPkgNameAndPlatformType(List domainSchemes, String domainName, String pkgName, PlatformType platformType) { + return DaoUtil.convertDataList(repository.findEnabledByDomainSchemesDomainNameAndPkgNameAndPlatformType(domainSchemes, domainName, pkgName, + platformType != null ? "%" + platformType.name() + "%" : null)); } @Override diff --git a/dao/src/main/java/org/thingsboard/server/dao/sql/oauth2/OAuth2RegistrationRepository.java b/dao/src/main/java/org/thingsboard/server/dao/sql/oauth2/OAuth2RegistrationRepository.java index 676df8adcc..dad50e6180 100644 --- a/dao/src/main/java/org/thingsboard/server/dao/sql/oauth2/OAuth2RegistrationRepository.java +++ b/dao/src/main/java/org/thingsboard/server/dao/sql/oauth2/OAuth2RegistrationRepository.java @@ -30,14 +30,15 @@ public interface OAuth2RegistrationRepository extends CrudRepository findAllEnabledByDomainSchemesNameAndPkgName(@Param("domainSchemes") List domainSchemes, - @Param("domainName") String domainName, - @Param("pkgName") String pkgName); + "AND (:pkgName IS NULL OR EXISTS (SELECT mobile FROM OAuth2MobileEntity mobile WHERE mobile.oauth2ParamsId = reg.oauth2ParamsId AND mobile.pkgName = :pkgName)) " + + "AND (:platformFilter IS NULL OR reg.platforms IS NULL OR reg.platforms = '' OR reg.platforms LIKE :platformFilter)") + List findEnabledByDomainSchemesDomainNameAndPkgNameAndPlatformType(@Param("domainSchemes") List domainSchemes, + @Param("domainName") String domainName, + @Param("pkgName") String pkgName, + @Param("platformFilter") String platformFilter); List findByOauth2ParamsId(UUID oauth2ParamsId); diff --git a/dao/src/main/resources/sql/schema-entities-hsql.sql b/dao/src/main/resources/sql/schema-entities-hsql.sql index 0e7aec5c19..ad3a023a41 100644 --- a/dao/src/main/resources/sql/schema-entities-hsql.sql +++ b/dao/src/main/resources/sql/schema-entities-hsql.sql @@ -391,6 +391,7 @@ CREATE TABLE IF NOT EXISTS oauth2_registration ( authorization_uri varchar(255), token_uri varchar(255), scope varchar(255), + platforms varchar(255), user_info_uri varchar(255), user_name_attribute_name varchar(255), jwk_set_uri varchar(255), diff --git a/dao/src/main/resources/sql/schema-entities.sql b/dao/src/main/resources/sql/schema-entities.sql index 377d140597..890d639a01 100644 --- a/dao/src/main/resources/sql/schema-entities.sql +++ b/dao/src/main/resources/sql/schema-entities.sql @@ -428,6 +428,7 @@ CREATE TABLE IF NOT EXISTS oauth2_registration ( authorization_uri varchar(255), token_uri varchar(255), scope varchar(255), + platforms varchar(255), user_info_uri varchar(255), user_name_attribute_name varchar(255), jwk_set_uri varchar(255), diff --git a/dao/src/test/java/org/thingsboard/server/dao/service/BaseOAuth2ServiceTest.java b/dao/src/test/java/org/thingsboard/server/dao/service/BaseOAuth2ServiceTest.java index fa79e32bea..ae2ff054ec 100644 --- a/dao/src/test/java/org/thingsboard/server/dao/service/BaseOAuth2ServiceTest.java +++ b/dao/src/test/java/org/thingsboard/server/dao/service/BaseOAuth2ServiceTest.java @@ -15,6 +15,7 @@ */ package org.thingsboard.server.dao.service; +import com.fasterxml.jackson.databind.node.ObjectNode; import com.google.common.collect.Lists; import org.junit.After; import org.junit.Assert; @@ -31,6 +32,7 @@ import org.thingsboard.server.common.data.oauth2.OAuth2MobileInfo; import org.thingsboard.server.common.data.oauth2.OAuth2ParamsInfo; import org.thingsboard.server.common.data.oauth2.OAuth2Registration; import org.thingsboard.server.common.data.oauth2.OAuth2RegistrationInfo; +import org.thingsboard.server.common.data.oauth2.PlatformType; import org.thingsboard.server.common.data.oauth2.SchemeType; import org.thingsboard.server.dao.exception.DataValidationException; import org.thingsboard.server.dao.oauth2.OAuth2Service; @@ -231,10 +233,10 @@ public class BaseOAuth2ServiceTest extends AbstractServiceTest { registrationInfo.getLoginButtonLabel(), registrationInfo.getLoginButtonIcon(), null)) .collect(Collectors.toList()); - List nonExistentDomainClients = oAuth2Service.getOAuth2Clients("http", "non-existent-domain", null); + List nonExistentDomainClients = oAuth2Service.getOAuth2Clients("http", "non-existent-domain", null, null); Assert.assertTrue(nonExistentDomainClients.isEmpty()); - List firstDomainHttpClients = oAuth2Service.getOAuth2Clients("http", "first-domain", null); + List firstDomainHttpClients = oAuth2Service.getOAuth2Clients("http", "first-domain", null, null); Assert.assertEquals(firstGroupClientInfos.size(), firstDomainHttpClients.size()); firstGroupClientInfos.forEach(firstGroupClientInfo -> { Assert.assertTrue( @@ -244,10 +246,10 @@ public class BaseOAuth2ServiceTest extends AbstractServiceTest { ); }); - List firstDomainHttpsClients = oAuth2Service.getOAuth2Clients("https", "first-domain", null); + List firstDomainHttpsClients = oAuth2Service.getOAuth2Clients("https", "first-domain", null, null); Assert.assertTrue(firstDomainHttpsClients.isEmpty()); - List fourthDomainHttpClients = oAuth2Service.getOAuth2Clients("http", "fourth-domain", null); + List fourthDomainHttpClients = oAuth2Service.getOAuth2Clients("http", "fourth-domain", null, null); Assert.assertEquals(secondGroupClientInfos.size(), fourthDomainHttpClients.size()); secondGroupClientInfos.forEach(secondGroupClientInfo -> { Assert.assertTrue( @@ -256,7 +258,7 @@ public class BaseOAuth2ServiceTest extends AbstractServiceTest { && clientInfo.getName().equals(secondGroupClientInfo.getName())) ); }); - List fourthDomainHttpsClients = oAuth2Service.getOAuth2Clients("https", "fourth-domain", null); + List fourthDomainHttpsClients = oAuth2Service.getOAuth2Clients("https", "fourth-domain", null, null); Assert.assertEquals(secondGroupClientInfos.size(), fourthDomainHttpsClients.size()); secondGroupClientInfos.forEach(secondGroupClientInfo -> { Assert.assertTrue( @@ -266,7 +268,7 @@ public class BaseOAuth2ServiceTest extends AbstractServiceTest { ); }); - List secondDomainHttpClients = oAuth2Service.getOAuth2Clients("http", "second-domain", null); + List secondDomainHttpClients = oAuth2Service.getOAuth2Clients("http", "second-domain", null, null); Assert.assertEquals(firstGroupClientInfos.size() + secondGroupClientInfos.size(), secondDomainHttpClients.size()); firstGroupClientInfos.forEach(firstGroupClientInfo -> { Assert.assertTrue( @@ -283,7 +285,7 @@ public class BaseOAuth2ServiceTest extends AbstractServiceTest { ); }); - List secondDomainHttpsClients = oAuth2Service.getOAuth2Clients("https", "second-domain", null); + List secondDomainHttpsClients = oAuth2Service.getOAuth2Clients("https", "second-domain", null, null); Assert.assertEquals(firstGroupClientInfos.size() + thirdGroupClientInfos.size(), secondDomainHttpsClients.size()); firstGroupClientInfos.forEach(firstGroupClientInfo -> { Assert.assertTrue( @@ -331,7 +333,7 @@ public class BaseOAuth2ServiceTest extends AbstractServiceTest { registrationInfo.getLoginButtonLabel(), registrationInfo.getLoginButtonIcon(), null)) .collect(Collectors.toList()); - List firstDomainHttpClients = oAuth2Service.getOAuth2Clients("http", "first-domain", null); + List firstDomainHttpClients = oAuth2Service.getOAuth2Clients("http", "first-domain", null, null); Assert.assertEquals(firstGroupClientInfos.size(), firstDomainHttpClients.size()); firstGroupClientInfos.forEach(firstGroupClientInfo -> { Assert.assertTrue( @@ -341,7 +343,7 @@ public class BaseOAuth2ServiceTest extends AbstractServiceTest { ); }); - List firstDomainHttpsClients = oAuth2Service.getOAuth2Clients("https", "first-domain", null); + List firstDomainHttpsClients = oAuth2Service.getOAuth2Clients("https", "first-domain", null, null); Assert.assertEquals(firstGroupClientInfos.size(), firstDomainHttpsClients.size()); firstGroupClientInfos.forEach(firstGroupClientInfo -> { Assert.assertTrue( @@ -381,13 +383,13 @@ public class BaseOAuth2ServiceTest extends AbstractServiceTest { oAuth2Service.saveOAuth2Info(oAuth2Info); - List secondDomainHttpClients = oAuth2Service.getOAuth2Clients("http", "second-domain", null); + List secondDomainHttpClients = oAuth2Service.getOAuth2Clients("http", "second-domain", null, null); Assert.assertEquals(5, secondDomainHttpClients.size()); oAuth2Info.setEnabled(false); oAuth2Service.saveOAuth2Info(oAuth2Info); - List secondDomainHttpDisabledClients = oAuth2Service.getOAuth2Clients("http", "second-domain", null); + List secondDomainHttpDisabledClients = oAuth2Service.getOAuth2Clients("http", "second-domain", null, null); Assert.assertEquals(0, secondDomainHttpDisabledClients.size()); } @@ -520,7 +522,7 @@ public class BaseOAuth2ServiceTest extends AbstractServiceTest { OAuth2Info foundOAuth2Info = oAuth2Service.findOAuth2Info(); Assert.assertEquals(oAuth2Info, foundOAuth2Info); - List firstDomainHttpClients = oAuth2Service.getOAuth2Clients("http", "first-domain", "com.test.pkg1"); + List firstDomainHttpClients = oAuth2Service.getOAuth2Clients("http", "first-domain", "com.test.pkg1", null); Assert.assertEquals(3, firstDomainHttpClients.size()); for (OAuth2ClientInfo clientInfo : firstDomainHttpClients) { String[] segments = clientInfo.getUrl().split("/"); @@ -536,6 +538,56 @@ public class BaseOAuth2ServiceTest extends AbstractServiceTest { } } + @Test + public void testFindClientsByPackageAndPlatform() { + OAuth2Info oAuth2Info = new OAuth2Info(true, Lists.newArrayList( + OAuth2ParamsInfo.builder() + .domainInfos(Lists.newArrayList( + OAuth2DomainInfo.builder().name("first-domain").scheme(SchemeType.HTTP).build(), + OAuth2DomainInfo.builder().name("second-domain").scheme(SchemeType.MIXED).build(), + OAuth2DomainInfo.builder().name("third-domain").scheme(SchemeType.HTTPS).build() + )) + .mobileInfos(Lists.newArrayList( + OAuth2MobileInfo.builder().pkgName("com.test.pkg1").callbackUrlScheme("testPkg1Callback").build(), + OAuth2MobileInfo.builder().pkgName("com.test.pkg2").callbackUrlScheme("testPkg2Callback").build() + )) + .clientRegistrations(Lists.newArrayList( + validRegistrationInfo("Google", Arrays.asList(PlatformType.WEB, PlatformType.ANDROID)), + validRegistrationInfo("Facebook", Arrays.asList(PlatformType.IOS)), + validRegistrationInfo("GitHub", Collections.emptyList()) + )) + .build(), + OAuth2ParamsInfo.builder() + .domainInfos(Lists.newArrayList( + OAuth2DomainInfo.builder().name("second-domain").scheme(SchemeType.HTTP).build(), + OAuth2DomainInfo.builder().name("fourth-domain").scheme(SchemeType.MIXED).build() + )) + .mobileInfos(Collections.emptyList()) + .clientRegistrations(Lists.newArrayList( + validRegistrationInfo(), + validRegistrationInfo() + )) + .build() + )); + oAuth2Service.saveOAuth2Info(oAuth2Info); + + OAuth2Info foundOAuth2Info = oAuth2Service.findOAuth2Info(); + Assert.assertEquals(oAuth2Info, foundOAuth2Info); + + List firstDomainHttpClients = oAuth2Service.getOAuth2Clients("http", "first-domain", null, null); + Assert.assertEquals(3, firstDomainHttpClients.size()); + List pkg1Clients = oAuth2Service.getOAuth2Clients("http", "first-domain", "com.test.pkg1", null); + Assert.assertEquals(3, pkg1Clients.size()); + List pkg1AndroidClients = oAuth2Service.getOAuth2Clients("http", "first-domain", "com.test.pkg1", PlatformType.ANDROID); + Assert.assertEquals(2, pkg1AndroidClients.size()); + Assert.assertTrue(pkg1AndroidClients.stream().anyMatch(client -> client.getName().equals("Google"))); + Assert.assertTrue(pkg1AndroidClients.stream().anyMatch(client -> client.getName().equals("GitHub"))); + List pkg1IOSClients = oAuth2Service.getOAuth2Clients("http", "first-domain", "com.test.pkg1", PlatformType.IOS); + Assert.assertEquals(2, pkg1IOSClients.size()); + Assert.assertTrue(pkg1IOSClients.stream().anyMatch(client -> client.getName().equals("Facebook"))); + Assert.assertTrue(pkg1IOSClients.stream().anyMatch(client -> client.getName().equals("GitHub"))); + } + private OAuth2Info createDefaultOAuth2Info() { return new OAuth2Info(true, Lists.newArrayList( OAuth2ParamsInfo.builder() @@ -567,17 +619,22 @@ public class BaseOAuth2ServiceTest extends AbstractServiceTest { } private OAuth2RegistrationInfo validRegistrationInfo() { + return validRegistrationInfo(null, Collections.emptyList()); + } + + private OAuth2RegistrationInfo validRegistrationInfo(String label, List platforms) { return OAuth2RegistrationInfo.builder() .clientId(UUID.randomUUID().toString()) .clientSecret(UUID.randomUUID().toString()) .authorizationUri(UUID.randomUUID().toString()) .accessTokenUri(UUID.randomUUID().toString()) .scope(Arrays.asList(UUID.randomUUID().toString(), UUID.randomUUID().toString())) + .platforms(platforms == null ? Collections.emptyList() : platforms) .userInfoUri(UUID.randomUUID().toString()) .userNameAttributeName(UUID.randomUUID().toString()) .jwkSetUri(UUID.randomUUID().toString()) .clientAuthenticationMethod(UUID.randomUUID().toString()) - .loginButtonLabel(UUID.randomUUID().toString()) + .loginButtonLabel(label != null ? label : UUID.randomUUID().toString()) .loginButtonIcon(UUID.randomUUID().toString()) .additionalInfo(mapper.createObjectNode().put(UUID.randomUUID().toString(), UUID.randomUUID().toString())) .mapperConfig( diff --git a/ui-ngx/src/app/core/auth/auth.service.ts b/ui-ngx/src/app/core/auth/auth.service.ts index 68724fa0dc..42b213f558 100644 --- a/ui-ngx/src/app/core/auth/auth.service.ts +++ b/ui-ngx/src/app/core/auth/auth.service.ts @@ -44,7 +44,7 @@ import { AdminService } from '@core/http/admin.service'; import { ActionNotificationShow } from '@core/notification/notification.actions'; import { MatDialog, MatDialogConfig } from '@angular/material/dialog'; import { AlertDialogComponent } from '@shared/components/dialog/alert-dialog.component'; -import { OAuth2ClientInfo } from '@shared/models/oauth2.models'; +import { OAuth2ClientInfo, PlatformType } from '@shared/models/oauth2.models'; import { isDefinedAndNotNull, isMobileApp } from '@core/utils'; @Injectable({ @@ -204,11 +204,8 @@ export class AuthService { } } - public loadOAuth2Clients(pkgName?: string): Observable> { - let url = '/api/noauth/oauth2Clients'; - if (isDefinedAndNotNull(pkgName)) { - url += `?pkgName=${pkgName}`; - } + public loadOAuth2Clients(): Observable> { + const url = '/api/noauth/oauth2Clients?platform=' + PlatformType.WEB; return this.http.post>(url, null, defaultHttpOptions()).pipe( catchError(err => of([])), diff --git a/ui-ngx/src/app/modules/home/pages/admin/oauth2-settings.component.html b/ui-ngx/src/app/modules/home/pages/admin/oauth2-settings.component.html index 3ea9a1ca11..c56dc6a793 100644 --- a/ui-ngx/src/app/modules/home/pages/admin/oauth2-settings.component.html +++ b/ui-ngx/src/app/modules/home/pages/admin/oauth2-settings.component.html @@ -201,18 +201,27 @@
-
- - admin.oauth2.login-provider - - - {{ provider }} +
+
+ + admin.oauth2.login-provider + + + {{ provider }} + + + +
+
+ + admin.oauth2.allowed-platforms + + + {{ platformTypeTranslations.get(platform) | translate }} -
-
- +
admin.oauth2.client-id diff --git a/ui-ngx/src/app/modules/home/pages/admin/oauth2-settings.component.ts b/ui-ngx/src/app/modules/home/pages/admin/oauth2-settings.component.ts index 39fb6ac6ff..3d4baaf59a 100644 --- a/ui-ngx/src/app/modules/home/pages/admin/oauth2-settings.component.ts +++ b/ui-ngx/src/app/modules/home/pages/admin/oauth2-settings.component.ts @@ -28,7 +28,8 @@ import { OAuth2DomainInfo, OAuth2Info, OAuth2MobileInfo, OAuth2ParamsInfo, - OAuth2RegistrationInfo, + OAuth2RegistrationInfo, PlatformType, + platformTypeTranslations, TenantNameStrategy } from '@shared/models/oauth2.models'; import { Store } from '@ngrx/store'; @@ -99,6 +100,8 @@ export class OAuth2SettingsComponent extends PageComponent implements OnInit, Ha tenantNameStrategies = Object.keys(TenantNameStrategy); protocols = Object.keys(DomainSchema); domainSchemaTranslations = domainSchemaTranslations; + platformTypes = Object.keys(PlatformType); + platformTypeTranslations = platformTypeTranslations; templateProvider = ['Custom']; @@ -293,6 +296,7 @@ export class OAuth2SettingsComponent extends PageComponent implements OnInit, Ha additionalInfo: this.fb.group({ providerName: [additionalInfo?.providerName ? additionalInfo?.providerName : defaultProviderName, Validators.required] }), + platforms: [registration?.platforms ? registration.platforms : []], loginButtonLabel: [registration?.loginButtonLabel ? registration.loginButtonLabel : null, Validators.required], loginButtonIcon: [registration?.loginButtonIcon ? registration.loginButtonIcon : null], clientId: [registration?.clientId ? registration.clientId : '', Validators.required], diff --git a/ui-ngx/src/app/shared/models/oauth2.models.ts b/ui-ngx/src/app/shared/models/oauth2.models.ts index 93b147c887..d334e89bdd 100644 --- a/ui-ngx/src/app/shared/models/oauth2.models.ts +++ b/ui-ngx/src/app/shared/models/oauth2.models.ts @@ -63,6 +63,20 @@ export enum TenantNameStrategy{ CUSTOM = 'CUSTOM' } +export enum PlatformType { + WEB = 'WEB', + ANDROID = 'ANDROID', + IOS = 'IOS' +} + +export const platformTypeTranslations = new Map( + [ + [PlatformType.WEB, 'admin.oauth2.platform-web'], + [PlatformType.ANDROID, 'admin.oauth2.platform-android'], + [PlatformType.IOS, 'admin.oauth2.platform-ios'] + ] +); + export interface OAuth2ClientRegistrationTemplate extends OAuth2RegistrationInfo{ comment: string; createdTime: number; @@ -80,6 +94,7 @@ export interface OAuth2RegistrationInfo { accessTokenUri: string; authorizationUri: string; scope: string[]; + platforms: PlatformType[]; jwkSetUri?: string; userInfoUri: string; clientAuthenticationMethod: ClientAuthenticationMethod; diff --git a/ui-ngx/src/assets/locale/locale.constant-en_US.json b/ui-ngx/src/assets/locale/locale.constant-en_US.json index 5fbb6ed3fb..d602241fbe 100644 --- a/ui-ngx/src/assets/locale/locale.constant-en_US.json +++ b/ui-ngx/src/assets/locale/locale.constant-en_US.json @@ -228,7 +228,12 @@ "mobile-callback-url-scheme": "Callback URL scheme", "add-mobile-app": "Add application", "delete-mobile-app": "Delete application info", - "providers": "Providers" + "providers": "Providers", + "platform-web": "Web", + "platform-android": "Android", + "platform-ios": "iOS", + "all-platforms": "All platforms", + "allowed-platforms": "Allowed platforms" } }, "alarm": {