feat(admin-ui): replace user-info with userInfoEndpoint endpoint

Signed-off-by: Jeet Viramgama <[email protected]>

Author: jv18creator

admin-ui/app/redux/api/backend-api.js

@@ -1,9 +1,8 @@
 import axios from '../api/axios'
 import axios_instance from 'axios'
 const JansConfigApi = require('jans_config_api')
-import { useSelector } from 'react-redux'
-// Get OAuth2 Configuration
 
+// Get OAuth2 Configuration
 export const fetchServerConfiguration = async (token) => {
   const headers = { Authorization: `Bearer ${token}` }
   return axios
@@ -30,20 +29,18 @@ export const getUserIpAndLocation = async () => {
 }
 
 // Retrieve user information
-export const fetchUserInformation = async (code, codeVerifier) => {
+export const fetchUserInformation = async ({ userInfoEndpoint, token_type, access_token }) => {
+  const headers = { Authorization: `${token_type} ${access_token}` }
   return axios
-    .post('/app/admin-ui/oauth2/user-info', {
-      code: code,
-      codeVerifier: codeVerifier,
-    })
-    .then((response) => response.data)
-    .catch((error) => {
-      console.error(
-        'Problems fetching user information with the provided code.',
-        error,
-      )
-      return -1
-    })
+  .get(userInfoEndpoint, { headers })
+  .then((response) => response.data)
+  .catch((error) => {
+    console.error(
+      'Problems fetching user information with the provided code.',
+      error,
+    )
+    return -1
+  })
 }
 
 // post user action

admin-ui/app/redux/features/authSlice.js

@@ -41,21 +41,20 @@ const authSlice = createSlice({
     },
     getUserInfo: (state, action) => {},
     getUserInfoResponse: (state, action) => {
-      if (action.payload?.uclaims) {
-        state.userinfo = action.payload.uclaims
+      if (action.payload?.ujwt) {
+        state.userinfo = action.payload.userinfo
         state.userinfo_jwt = action.payload.ujwt
-        state.permissions = action.payload.scopes
         state.isAuthenticated = true
       } else {
         state.isAuthenticated = true
       }
     },
     getAPIAccessToken: (state, action) => {},
     getAPIAccessTokenResponse: (state, action) => {
-      if (action.payload?.accessToken) {
-        state.token = action.payload.accessToken
-        state.issuer = action.payload.accessToken.issuer
-        state.permissions = action.payload.accessToken.scopes
+      if (action.payload?.access_token) {
+        state.token = { access_token: action.payload.access_token, scopes: action.payload.scopes }
+        state.issuer = action.payload.issuer
+        state.permissions = action.payload.scopes
         state.isAuthenticated = true
       }
     },
@@ -69,14 +68,6 @@ const authSlice = createSlice({
       state.defaultToken = action.payload
       state.issuer = action.payload.issuer
     },
-    getRandomChallengePair: (state, action) => {},
-    getRandomChallengePairResponse: (state, action) => {
-      if (action.payload?.codeChallenge) {
-        state.codeChallenge = action.payload.codeChallenge
-        state.codeVerifier = action.payload.codeVerifier
-        localStorage.setItem("codeVerifier", action.payload.codeVerifier)
-      }
-    },
   }
 })
 
@@ -92,8 +83,6 @@ export const {
   getUserLocation,
   getUserLocationResponse,
   setApiDefaultToken,
-  getRandomChallengePair,
-  getRandomChallengePairResponse,
 } = authSlice.actions
 export default authSlice.reducer
 reducerRegistry.register('authReducer', authSlice.reducer)

admin-ui/app/redux/sagas/AuthSaga.js

@@ -4,23 +4,17 @@
 import { all, call, fork, put, takeEvery } from 'redux-saga/effects'
 import {
   getOAuth2ConfigResponse,
-  getUserInfoResponse,
   getAPIAccessTokenResponse,
   getUserLocationResponse,
-  getRandomChallengePairResponse,
 } from '../features/authSlice'
 
 import {
   fetchServerConfiguration,
-  fetchUserInformation,
   fetchApiAccessToken,
   getUserIpAndLocation,
   fetchApiTokenWithDefaultScopes,
 } from '../api/backend-api'
 
-import {RandomHashGenerator} from  'Utils/RandomHashGenerator'
-import { checkLicensePresentResponse } from '../actions'
-
 function* getApiTokenWithDefaultScopes() {
   const response = yield call(fetchApiTokenWithDefaultScopes)
   return response.access_token
@@ -30,6 +24,7 @@ function* getOAuth2ConfigWorker({ payload }) {
   try {
     const token = !payload?.access_token ? yield* getApiTokenWithDefaultScopes() : payload.access_token
     const response = yield call(fetchServerConfiguration, token)
+    localStorage.setItem('postLogoutRedirectUri', response.postLogoutRedirectUri)
     if (response) {
       yield put(getOAuth2ConfigResponse({ config: response }))
       return
@@ -40,24 +35,12 @@ function* getOAuth2ConfigWorker({ payload }) {
   yield put(getOAuth2ConfigResponse())
 }
 
-function* getUserInformationWorker(code, codeVerifier) {
-  try {
-    const response = yield call(fetchUserInformation, code.payload, localStorage.getItem("codeVerifier"))
-    if (response) {
-      yield put(getUserInfoResponse({ uclaims: response.claims, ujwt: response.jwtUserInfo }))
-      yield put(checkLicensePresentResponse({ isLicenseValid: true }))
-      return
-    }
-  } catch (error) {
-    console.log('Problems getting user information.', error)
-  }
-}
 function* getAPIAccessTokenWorker(jwt) {
   try {
     if (jwt) {
       const response = yield call(fetchApiAccessToken, jwt.payload)
       if (response) {
-        yield put(getAPIAccessTokenResponse({ accessToken: response }))
+        yield put(getAPIAccessTokenResponse(response))
         return
       }
     }
@@ -66,19 +49,6 @@ function* getAPIAccessTokenWorker(jwt) {
   }
 }
 
-function* getRandomChallengePairWorker() {
-  try {
-      const response = yield call(RandomHashGenerator.generateRandomChallengePair, 'SHA-256')
-      if (response) {
-        yield put(getRandomChallengePairResponse(response))
-        return
-      }
-    
-  } catch (error) {
-    console.log('Problems getting API Access Token.', error)
-  }
-}
-
 function* getLocationWorker() {
   try {
     const response = yield call(getUserIpAndLocation)
@@ -96,29 +66,20 @@ export function* getApiTokenWatcher() {
   yield takeEvery('auth/getAPIAccessToken', getAPIAccessTokenWorker)
 }
 
-export function* userInfoWatcher() {
-  yield takeEvery('auth/getUserInfo', getUserInformationWorker)
-}
-
 export function* getOAuth2ConfigWatcher() {
   yield takeEvery('auth/getOAuth2Config', getOAuth2ConfigWorker)
 }
 export function* getLocationWatcher() {
   yield takeEvery('auth/getUserLocation', getLocationWorker)
 }
-export function* getRandomChallengePairWatcher() {
-  yield takeEvery('auth/getRandomChallengePair', getRandomChallengePairWorker)
-}
 
 /**
  * Auth Root Saga
  */
 export default function* rootSaga() {
   yield all([
     fork(getOAuth2ConfigWatcher),
-    fork(userInfoWatcher),
     fork(getApiTokenWatcher),
     fork(getLocationWatcher),
-    fork(getRandomChallengePairWatcher),
   ])
 }

admin-ui/app/utils/AppAuthProvider.js

@@ -2,24 +2,19 @@ import React, { useState, useEffect } from 'react'
 import ApiKeyRedirect from './ApiKeyRedirect'
 import { useLocation } from 'react-router'
 import {
-  saveState,
   NoHashQueryStringUtils,
-  saveConfigRequest,
-  getConfigRequest,
   saveIssuer,
   getIssuer
 } from './TokenController'
 import queryString from 'query-string'
 import { uuidv4 } from './Util'
 import { useSelector, useDispatch } from 'react-redux'
 import {
-  getUserInfo,
   getAPIAccessToken,
   checkLicensePresent,
-  getRandomChallengePair,
 } from 'Redux/actions'
 import SessionTimeout from 'Routes/Apps/Gluu/GluuSessionTimeout'
-import { checkLicenseConfigValid } from '../redux/actions'
+import { checkLicenseConfigValid, getOAuth2Config, getUserInfoResponse } from '../redux/actions'
 import GluuTimeoutModal from 'Routes/Apps/Gluu/GluuTimeoutModal'
 import GluuErrorModal from 'Routes/Apps/Gluu/GluuErrorModal'
 import {
@@ -34,21 +29,20 @@ import {
   AuthorizationNotifier,
   GRANT_TYPE_AUTHORIZATION_CODE,
 } from '@openid/appauth'
+import { fetchUserInformation } from 'Redux/api/backend-api'
+import jwt_decode from "jwt-decode";
 
 export default function AppAuthProvider(props) {
   const dispatch = useDispatch()
   const location = useLocation()
-  const [showContent, setShowContent] = useState(false)
   const [roleNotFound, setRoleNotFound] = useState(false)
+  const [showAdminUI, setShowAdminUI] = useState(false)
   const {
     config,
     userinfo,
     userinfo_jwt,
     token,
     backendIsUp,
-    codeChallenge,
-    codeVerifier,
-    codeChallengeMethod,
     issuer,
   } = useSelector((state) => state.authReducer)
   const {
@@ -63,7 +57,6 @@ export default function AppAuthProvider(props) {
     const params = queryString.parse(location.search)
     if (!(params.code && params.scope && params.state)) {
       dispatch(checkLicenseConfigValid())
-      // dispatch(getRandomChallengePair())
     }
   }, [])
 
@@ -102,7 +95,6 @@ export default function AppAuthProvider(props) {
             extras,
           })
           saveIssuer(issuer)
-          saveConfigRequest(authRequest)
           authorizationHandler.performAuthorizationRequest(
             response,
             authRequest
@@ -123,13 +115,10 @@ export default function AppAuthProvider(props) {
       new DefaultCrypto()
     )
     const notifier = new AuthorizationNotifier()
-    const config = getConfigRequest()
     const issuer = getIssuer()
 
     notifier.setAuthorizationListener((request, response, error) => {
-      console.log('the request', request)
       if (response) {
-        console.log(`Authorization Code  ${response.code}`)
 
         let extras = null
         if (request.internal) {
@@ -144,17 +133,41 @@ export default function AppAuthProvider(props) {
           code: response.code,
           extras: { code_verifier: request.internal.code_verifier, scope: request.scope },
         })
-        console.log(`tokenRequest`, tokenRequest)
+        let authConfigs
+        dispatch(getOAuth2Config())
 
         AuthorizationServiceConfiguration.fetchFromIssuer(
           issuer,
           new FetchRequestor()
         )
           .then((configuration) => {
+            authConfigs = configuration
             return tokenHandler.performTokenRequest(configuration, tokenRequest)
           })
           .then((token) => {
-            localStorage.setItem('access_token', token.accessToken)
+            return fetchUserInformation({ userInfoEndpoint: authConfigs.userInfoEndpoint, access_token: token.accessToken, token_type: token.tokenType })
+          })
+          .then((ujwt) => {
+            if(!userinfo) {
+              dispatch(getUserInfoResponse({ userinfo: jwt_decode(ujwt), ujwt: ujwt }))
+              dispatch(getAPIAccessToken(ujwt))
+              setShowAdminUI(true)
+            } else {
+              if (!userinfo.jansAdminUIRole || userinfo.jansAdminUIRole.length == 0) {
+                setShowAdminUI(false)
+                alert(
+                  'The logged-in user do not have valid role. Logging out of Admin UI'
+                )
+                setRoleNotFound(true)
+                const state = uuidv4()
+                const sessionEndpoint = `${authConfigs.endSessionEndpoint}?state=${state}&post_logout_redirect_uri=${localStorage.getItem('postLogoutRedirectUri')}`
+                window.location.href = sessionEndpoint
+                return null
+              }
+              if (!token) {
+                dispatch(getAPIAccessToken(userinfo_jwt))
+              }
+            }
           })
           .catch((oError) => {
             setError(oError)
@@ -177,7 +190,7 @@ export default function AppAuthProvider(props) {
 
   return (
     <React.Fragment>
-      <SessionTimeout isAuthenticated={showContent} />
+      <SessionTimeout isAuthenticated={showAdminUI} />
       <GluuTimeoutModal
         description={
           'The request has been terminated as there is no response from the server for more than 60 seconds.'
@@ -191,18 +204,17 @@ export default function AppAuthProvider(props) {
           }
         />
       )}
-      {showContent && props.children}
-      {!showContent && (
+      {showAdminUI && props.children}
+      {!showAdminUI && (
         <ApiKeyRedirect
           backendIsUp={backendIsUp}
           isLicenseValid={isLicenseValid}
-          redirectUrl={config.redirectUrl}
           isConfigValid={isConfigValid}
           islicenseCheckResultLoaded={islicenseCheckResultLoaded}
           isLicenseActivationResultLoaded={isLicenseActivationResultLoaded}
+          roleNotFound={roleNotFound}
         />
       )}
     </React.Fragment>
   )
-}
-
+}