From df732a8f58f51c9b400e5c7baf6809ef110a8f6d Mon Sep 17 00:00:00 2001
From: oyurov <oyurov@thingsboard.org>
Date: Tue, 18 Oct 2022 20:25:20 +0200
Subject: [PATCH] Refactor

---
 .../server/controller/AuthController.java     |  2 +-
 .../controller/TwoFactorAuthController.java   |  6 +-
 .../oauth2/AbstractOAuth2ClientMapper.java    |  8 +++
 .../Oauth2AuthenticationSuccessHandler.java   |  2 +-
 .../auth/rest/RestAuthenticationProvider.java |  8 +--
 .../system/DefaultSystemSecurityService.java  | 45 ++++++++++---
 .../system/SystemSecurityService.java         |  2 +-
 .../server/utils/AuthorizationDetails.java    | 28 ---------
 .../utils/RestAuthenticationDetailsUtils.java | 63 -------------------
 .../server/dao/audit/AuditLogServiceImpl.java |  2 -
 10 files changed, 53 insertions(+), 113 deletions(-)
 delete mode 100644 application/src/main/java/org/thingsboard/server/utils/AuthorizationDetails.java
 delete mode 100644 application/src/main/java/org/thingsboard/server/utils/RestAuthenticationDetailsUtils.java

diff --git a/application/src/main/java/org/thingsboard/server/controller/AuthController.java b/application/src/main/java/org/thingsboard/server/controller/AuthController.java
index ba34edef81..6ce85c6d5c 100644
--- a/application/src/main/java/org/thingsboard/server/controller/AuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/AuthController.java
@@ -323,7 +323,7 @@ public class AuthController extends BaseController {
 
     private void logLogoutAction(HttpServletRequest request) throws ThingsboardException {
         try {
-            systemSecurityService.logLoginAction(getCurrentUser(), new RestAuthenticationDetails(request), ActionType.LOGOUT, null, "REST");
+            systemSecurityService.logLoginAction(getCurrentUser(), new RestAuthenticationDetails(request), ActionType.LOGOUT, null);
         } catch (Exception e) {
             throw handleException(e);
         }
diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
index 122d3e85a6..003b4ab450 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@@ -58,8 +58,6 @@ import static org.thingsboard.server.controller.ControllerConstants.NEW_LINE;
 @RequiredArgsConstructor
 public class TwoFactorAuthController extends BaseController {
 
-    private static final String TwoFA_PROVIDER = "2FA ";
-
     private final TwoFactorAuthService twoFactorAuthService;
     private final TwoFaConfigManager twoFaConfigManager;
     private final JwtTokenFactory tokenFactory;
@@ -94,12 +92,12 @@ public class TwoFactorAuthController extends BaseController {
         SecurityUser user = getCurrentUser();
         boolean verificationSuccess = twoFactorAuthService.checkVerificationCode(user, providerType, verificationCode, true);
         if (verificationSuccess) {
-            systemSecurityService.logLoginAction(user, new RestAuthenticationDetails(servletRequest), ActionType.LOGIN, null, TwoFA_PROVIDER + providerType);
+            systemSecurityService.logLoginAction(user, new RestAuthenticationDetails(servletRequest), ActionType.LOGIN, null);
             user = new SecurityUser(userService.findUserById(user.getTenantId(), user.getId()), true, user.getUserPrincipal());
             return tokenFactory.createTokenPair(user);
         } else {
             ThingsboardException error = new ThingsboardException("Verification code is incorrect", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
-            systemSecurityService.logLoginAction(user, new RestAuthenticationDetails(servletRequest), ActionType.LOGIN, error, TwoFA_PROVIDER + providerType);
+            systemSecurityService.logLoginAction(user, new RestAuthenticationDetails(servletRequest), ActionType.LOGIN, error);
             throw error;
         }
     }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/AbstractOAuth2ClientMapper.java b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/AbstractOAuth2ClientMapper.java
index cbb5fa7306..b32e762752 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/AbstractOAuth2ClientMapper.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/AbstractOAuth2ClientMapper.java
@@ -30,6 +30,7 @@ import org.thingsboard.server.common.data.DashboardInfo;
 import org.thingsboard.server.common.data.StringUtils;
 import org.thingsboard.server.common.data.Tenant;
 import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.id.CustomerId;
 import org.thingsboard.server.common.data.id.DashboardId;
 import org.thingsboard.server.common.data.id.IdBased;
@@ -47,6 +48,7 @@ import org.thingsboard.server.dao.oauth2.OAuth2User;
 import org.thingsboard.server.dao.tenant.TbTenantProfileCache;
 import org.thingsboard.server.dao.tenant.TenantService;
 import org.thingsboard.server.dao.user.UserService;
+import org.thingsboard.server.service.entitiy.TbNotificationEntityService;
 import org.thingsboard.server.service.install.InstallScripts;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.UserPrincipal;
@@ -81,6 +83,9 @@ public abstract class AbstractOAuth2ClientMapper {
     @Autowired
     private InstallScripts installScripts;
 
+    @Autowired
+    private TbNotificationEntityService notificationEntityService;
+
     @Autowired
     protected TbTenantProfileCache tenantProfileCache;
 
@@ -151,6 +156,9 @@ public abstract class AbstractOAuth2ClientMapper {
                         UserCredentials userCredentials = userService.findUserCredentialsByUserId(user.getTenantId(), user.getId());
                         userService.activateUserCredentials(user.getTenantId(), userCredentials.getActivateToken(), passwordEncoder.encode(""));
                     }
+
+                    notificationEntityService.notifyCreateOrUpdateOrDelete(tenantId, customerId, user.getId(),
+                            user, user, ActionType.ADDED, true, null);
                 }
             } catch (Exception e) {
                 log.error("Can't get or create security user from oauth2 user", e);
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java
index e5e24a9d87..d41fba4ee5 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java
@@ -104,7 +104,7 @@ public class Oauth2AuthenticationSuccessHandler extends SimpleUrlAuthenticationS
 
             clearAuthenticationAttributes(request, response);
             getRedirectStrategy().sendRedirect(request, response, baseUrl + "/?accessToken=" + accessToken.getToken() + "&refreshToken=" + refreshToken.getToken());
-            systemSecurityService.logLoginAction(securityUser, new RestAuthenticationDetails(request), ActionType.LOGIN, null, "OAUTH2: " + registration.getName());
+            systemSecurityService.logLoginAction(securityUser, new RestAuthenticationDetails(request), ActionType.LOGIN, null);
         } catch (Exception e) {
             log.debug("Error occurred during processing authentication success result. " +
                     "request [{}], response [{}], authentication [{}]", request, response, authentication, e);
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
index 1f8a49b803..b3ef88dbff 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
@@ -53,8 +53,6 @@ import java.util.UUID;
 @TbCoreComponent
 public class RestAuthenticationProvider implements AuthenticationProvider {
 
-    private static final String REST_PROVIDER = "REST";
-
     private final SystemSecurityService systemSecurityService;
     private final UserService userService;
     private final CustomerService customerService;
@@ -89,7 +87,7 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
             if (twoFactorAuthService.isTwoFaEnabled(securityUser.getTenantId(), securityUser.getId())) {
                 return new MfaAuthenticationToken(securityUser);
             } else {
-                systemSecurityService.logLoginAction(securityUser, authentication.getDetails(), ActionType.LOGIN, null, REST_PROVIDER);
+                systemSecurityService.logLoginAction(securityUser, authentication.getDetails(), ActionType.LOGIN, null);
             }
         } else {
             String publicId = userPrincipal.getValue();
@@ -115,7 +113,7 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
             try {
                 systemSecurityService.validateUserCredentials(user.getTenantId(), userCredentials, username, password);
             } catch (LockedException e) {
-                systemSecurityService.logLoginAction(user, authentication.getDetails(), ActionType.LOCKOUT, null, REST_PROVIDER);
+                systemSecurityService.logLoginAction(user, authentication.getDetails(), ActionType.LOCKOUT, null);
                 throw e;
             }
 
@@ -124,7 +122,7 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
 
             return new SecurityUser(user, userCredentials.isEnabled(), userPrincipal);
         } catch (Exception e) {
-            systemSecurityService.logLoginAction(user, authentication.getDetails(), ActionType.LOGIN, e, REST_PROVIDER);
+            systemSecurityService.logLoginAction(user, authentication.getDetails(), ActionType.LOGIN, e);
             throw e;
         }
     }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
index 1bd3ba5b88..e7743f8218 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
@@ -59,9 +59,8 @@ import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.auth.rest.RestAuthenticationDetails;
 import org.thingsboard.server.service.security.exception.UserPasswordExpiredException;
 import org.thingsboard.server.service.security.model.SecurityUser;
-import org.thingsboard.server.utils.AuthorizationDetails;
 import org.thingsboard.server.utils.MiscUtils;
-import org.thingsboard.server.utils.RestAuthenticationDetailsUtils;
+import ua_parser.Client;
 
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
@@ -264,24 +263,54 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
     }
 
     @Override
-    public void logLoginAction(User user, Object authenticationDetails, ActionType actionType, Exception e, String provider) {
+    public void logLoginAction(User user, Object authenticationDetails, ActionType actionType, Exception e) {
         String clientAddress = "Unknown";
         String browser = "Unknown";
         String os = "Unknown";
         String device = "Unknown";
         if (authenticationDetails instanceof RestAuthenticationDetails) {
-            AuthorizationDetails details = RestAuthenticationDetailsUtils.getRestAuthenticationDetails((RestAuthenticationDetails) authenticationDetails);
+            RestAuthenticationDetails details = (RestAuthenticationDetails) authenticationDetails;
             clientAddress = details.getClientAddress();
-            browser = details.getBrowser();
-            os = details.getOs();
-            device = details.getDevice();
+            if (details.getUserAgent() != null) {
+                Client userAgent = details.getUserAgent();
+                if (userAgent.userAgent != null) {
+                    browser = userAgent.userAgent.family;
+                    if (userAgent.userAgent.major != null) {
+                        browser += " " + userAgent.userAgent.major;
+                        if (userAgent.userAgent.minor != null) {
+                            browser += "." + userAgent.userAgent.minor;
+                            if (userAgent.userAgent.patch != null) {
+                                browser += "." + userAgent.userAgent.patch;
+                            }
+                        }
+                    }
+                }
+                if (userAgent.os != null) {
+                    os = userAgent.os.family;
+                    if (userAgent.os.major != null) {
+                        os += " " + userAgent.os.major;
+                        if (userAgent.os.minor != null) {
+                            os += "." + userAgent.os.minor;
+                            if (userAgent.os.patch != null) {
+                                os += "." + userAgent.os.patch;
+                                if (userAgent.os.patchMinor != null) {
+                                    os += "." + userAgent.os.patchMinor;
+                                }
+                            }
+                        }
+                    }
+                }
+                if (userAgent.device != null) {
+                    device = userAgent.device.family;
+                }
+            }
         }
         if (actionType == ActionType.LOGIN && e == null) {
             userService.setLastLoginTs(user.getTenantId(), user.getId());
         }
         auditLogService.logEntityAction(
                 user.getTenantId(), user.getCustomerId(), user.getId(),
-                user.getName(), user.getId(), null, actionType, e, clientAddress, browser, os, device, provider);
+                user.getName(), user.getId(), null, actionType, e, clientAddress, browser, os, device);
     }
 
     private static boolean isPositiveInteger(Integer val) {
diff --git a/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java b/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
index 9dbb0d8630..6173d408c5 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
@@ -42,6 +42,6 @@ public interface SystemSecurityService {
 
     String getBaseUrl(TenantId tenantId, CustomerId customerId, HttpServletRequest httpServletRequest);
 
-    void logLoginAction(User user, Object authenticationDetails, ActionType actionType, Exception e, String provider);
+    void logLoginAction(User user, Object authenticationDetails, ActionType actionType, Exception e);
 
 }
diff --git a/application/src/main/java/org/thingsboard/server/utils/AuthorizationDetails.java b/application/src/main/java/org/thingsboard/server/utils/AuthorizationDetails.java
deleted file mode 100644
index 36f95c0bbf..0000000000
--- a/application/src/main/java/org/thingsboard/server/utils/AuthorizationDetails.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/**
- * Copyright © 2016-2022 The Thingsboard Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.thingsboard.server.utils;
-
-import lombok.AllArgsConstructor;
-import lombok.Getter;
-
-@Getter
-@AllArgsConstructor
-public class AuthorizationDetails {
-    private String clientAddress;
-    private String browser;
-    private String os;
-    private String device;
-}
diff --git a/application/src/main/java/org/thingsboard/server/utils/RestAuthenticationDetailsUtils.java b/application/src/main/java/org/thingsboard/server/utils/RestAuthenticationDetailsUtils.java
deleted file mode 100644
index d39d15ff63..0000000000
--- a/application/src/main/java/org/thingsboard/server/utils/RestAuthenticationDetailsUtils.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/**
- * Copyright © 2016-2022 The Thingsboard Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.thingsboard.server.utils;
-
-import org.thingsboard.server.service.security.auth.rest.RestAuthenticationDetails;
-import ua_parser.Client;
-
-public class RestAuthenticationDetailsUtils {
-
-    public static AuthorizationDetails getRestAuthenticationDetails(RestAuthenticationDetails details) {
-        String clientAddress = details.getClientAddress();
-        String browser = "Unknown";
-        String os = "Unknown";
-        String device = "Unknown";
-        if (details.getUserAgent() != null) {
-            Client userAgent = details.getUserAgent();
-            if (userAgent.userAgent != null) {
-                browser = userAgent.userAgent.family;
-                if (userAgent.userAgent.major != null) {
-                    browser += " " + userAgent.userAgent.major;
-                    if (userAgent.userAgent.minor != null) {
-                        browser += "." + userAgent.userAgent.minor;
-                        if (userAgent.userAgent.patch != null) {
-                            browser += "." + userAgent.userAgent.patch;
-                        }
-                    }
-                }
-            }
-            if (userAgent.os != null) {
-                os = userAgent.os.family;
-                if (userAgent.os.major != null) {
-                    os += " " + userAgent.os.major;
-                    if (userAgent.os.minor != null) {
-                        os += "." + userAgent.os.minor;
-                        if (userAgent.os.patch != null) {
-                            os += "." + userAgent.os.patch;
-                            if (userAgent.os.patchMinor != null) {
-                                os += "." + userAgent.os.patchMinor;
-                            }
-                        }
-                    }
-                }
-            }
-            if (userAgent.device != null) {
-                device = userAgent.device.family;
-            }
-        }
-        return new AuthorizationDetails(clientAddress, browser, os, device);
-    }
-}
diff --git a/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java b/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java
index aa9c669ca5..da94141768 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java
@@ -257,12 +257,10 @@ public class AuditLogServiceImpl implements AuditLogService {
                 String browser = extractParameter(String.class, 1, additionalInfo);
                 String os = extractParameter(String.class, 2, additionalInfo);
                 String device = extractParameter(String.class, 3, additionalInfo);
-                String provider = extractParameter(String.class, 4, additionalInfo);
                 actionData.put("clientAddress", clientAddress);
                 actionData.put("browser", browser);
                 actionData.put("os", os);
                 actionData.put("device", device);
-                actionData.put("provider", provider);
                 break;
             case PROVISION_SUCCESS:
             case PROVISION_FAILURE: