Andrii Shvaika
5 years ago
58 changed files with 806 additions and 402 deletions
@ -0,0 +1,24 @@ |
|||
{ |
|||
"providerId": "Apple", |
|||
"additionalInfo": null, |
|||
"accessTokenUri": "https://appleid.apple.com/auth/token", |
|||
"authorizationUri": "https://appleid.apple.com/auth/authorize?response_mode=form_post", |
|||
"scope": ["email","openid","name"], |
|||
"jwkSetUri": "https://appleid.apple.com/auth/keys", |
|||
"userInfoUri": null, |
|||
"clientAuthenticationMethod": "POST", |
|||
"userNameAttributeName": "email", |
|||
"mapperConfig": { |
|||
"type": "APPLE", |
|||
"basic": { |
|||
"emailAttributeKey": "email", |
|||
"firstNameAttributeKey": "firstName", |
|||
"lastNameAttributeKey": "lastName", |
|||
"tenantNameStrategy": "DOMAIN" |
|||
} |
|||
}, |
|||
"comment": null, |
|||
"loginButtonIcon": "apple-logo", |
|||
"loginButtonLabel": "Apple", |
|||
"helpLink": "https://developer.apple.com/sign-in-with-apple/get-started/" |
|||
} |
|||
@ -0,0 +1,101 @@ |
|||
/** |
|||
* Copyright © 2016-2021 The Thingsboard Authors |
|||
* |
|||
* Licensed under the Apache License, Version 2.0 (the "License"); |
|||
* you may not use this file except in compliance with the License. |
|||
* You may obtain a copy of the License at |
|||
* |
|||
* http://www.apache.org/licenses/LICENSE-2.0
|
|||
* |
|||
* Unless required by applicable law or agreed to in writing, software |
|||
* distributed under the License is distributed on an "AS IS" BASIS, |
|||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|||
* See the License for the specific language governing permissions and |
|||
* limitations under the License. |
|||
*/ |
|||
package org.thingsboard.server.service.security.auth.oauth2; |
|||
|
|||
import com.fasterxml.jackson.databind.JsonNode; |
|||
import lombok.extern.slf4j.Slf4j; |
|||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; |
|||
import org.springframework.stereotype.Service; |
|||
import org.springframework.util.LinkedMultiValueMap; |
|||
import org.springframework.util.MultiValueMap; |
|||
import org.springframework.util.StringUtils; |
|||
import org.thingsboard.common.util.JacksonUtil; |
|||
import org.thingsboard.server.common.data.oauth2.OAuth2MapperConfig; |
|||
import org.thingsboard.server.common.data.oauth2.OAuth2Registration; |
|||
import org.thingsboard.server.dao.oauth2.OAuth2User; |
|||
import org.thingsboard.server.service.security.model.SecurityUser; |
|||
|
|||
import javax.servlet.http.HttpServletRequest; |
|||
import java.util.HashMap; |
|||
import java.util.Map; |
|||
|
|||
@Service(value = "appleOAuth2ClientMapper") |
|||
@Slf4j |
|||
public class AppleOAuth2ClientMapper extends AbstractOAuth2ClientMapper implements OAuth2ClientMapper { |
|||
|
|||
private static final String USER = "user"; |
|||
private static final String NAME = "name"; |
|||
private static final String FIRST_NAME = "firstName"; |
|||
private static final String LAST_NAME = "lastName"; |
|||
private static final String EMAIL = "email"; |
|||
|
|||
@Override |
|||
public SecurityUser getOrCreateUserByClientPrincipal(HttpServletRequest request, OAuth2AuthenticationToken token, String providerAccessToken, OAuth2Registration registration) { |
|||
OAuth2MapperConfig config = registration.getMapperConfig(); |
|||
Map<String, Object> attributes = updateAttributesFromRequestParams(request, token.getPrincipal().getAttributes()); |
|||
String email = BasicMapperUtils.getStringAttributeByKey(attributes, config.getBasic().getEmailAttributeKey()); |
|||
OAuth2User oauth2User = BasicMapperUtils.getOAuth2User(email, attributes, config); |
|||
|
|||
return getOrCreateSecurityUserFromOAuth2User(oauth2User, registration); |
|||
} |
|||
|
|||
private static Map<String, Object> updateAttributesFromRequestParams(HttpServletRequest request, Map<String, Object> attributes) { |
|||
Map<String, Object> updated = attributes; |
|||
MultiValueMap<String, String> params = toMultiMap(request.getParameterMap()); |
|||
String userValue = params.getFirst(USER); |
|||
if (StringUtils.hasText(userValue)) { |
|||
JsonNode user = null; |
|||
try { |
|||
user = JacksonUtil.toJsonNode(userValue); |
|||
} catch (Exception e) {} |
|||
if (user != null) { |
|||
updated = new HashMap<>(attributes); |
|||
if (user.has(NAME)) { |
|||
JsonNode name = user.get(NAME); |
|||
if (name.isObject()) { |
|||
JsonNode firstName = name.get(FIRST_NAME); |
|||
if (firstName != null && firstName.isTextual()) { |
|||
updated.put(FIRST_NAME, firstName.asText()); |
|||
} |
|||
JsonNode lastName = name.get(LAST_NAME); |
|||
if (lastName != null && lastName.isTextual()) { |
|||
updated.put(LAST_NAME, lastName.asText()); |
|||
} |
|||
} |
|||
} |
|||
if (user.has(EMAIL)) { |
|||
JsonNode email = user.get(EMAIL); |
|||
if (email != null && email.isTextual()) { |
|||
updated.put(EMAIL, email.asText()); |
|||
} |
|||
} |
|||
} |
|||
} |
|||
return updated; |
|||
} |
|||
|
|||
private static MultiValueMap<String, String> toMultiMap(Map<String, String[]> map) { |
|||
MultiValueMap<String, String> params = new LinkedMultiValueMap<>(map.size()); |
|||
map.forEach((key, values) -> { |
|||
if (values.length > 0) { |
|||
for (String value : values) { |
|||
params.add(key, value); |
|||
} |
|||
} |
|||
}); |
|||
return params; |
|||
} |
|||
} |
|||
@ -0,0 +1,144 @@ |
|||
/** |
|||
* Copyright © 2016-2021 The Thingsboard Authors |
|||
* |
|||
* Licensed under the Apache License, Version 2.0 (the "License"); |
|||
* you may not use this file except in compliance with the License. |
|||
* You may obtain a copy of the License at |
|||
* |
|||
* http://www.apache.org/licenses/LICENSE-2.0
|
|||
* |
|||
* Unless required by applicable law or agreed to in writing, software |
|||
* distributed under the License is distributed on an "AS IS" BASIS, |
|||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|||
* See the License for the specific language governing permissions and |
|||
* limitations under the License. |
|||
*/ |
|||
package org.thingsboard.server.transport.coap; |
|||
|
|||
import lombok.extern.slf4j.Slf4j; |
|||
import org.eclipse.californium.core.coap.CoAP; |
|||
import org.eclipse.californium.core.coap.Request; |
|||
import org.eclipse.californium.core.coap.Response; |
|||
import org.eclipse.californium.core.network.Exchange; |
|||
import org.eclipse.californium.core.server.resources.CoapExchange; |
|||
import org.eclipse.californium.core.server.resources.Resource; |
|||
import org.thingsboard.server.common.data.DeviceTransportType; |
|||
import org.thingsboard.server.common.data.StringUtils; |
|||
import org.thingsboard.server.common.data.ota.OtaPackageType; |
|||
import org.thingsboard.server.common.data.security.DeviceTokenCredentials; |
|||
import org.thingsboard.server.common.transport.TransportServiceCallback; |
|||
import org.thingsboard.server.gen.transport.TransportProtos; |
|||
|
|||
import java.util.List; |
|||
import java.util.Optional; |
|||
import java.util.UUID; |
|||
|
|||
@Slf4j |
|||
public class OtaPackageTransportResource extends AbstractCoapTransportResource { |
|||
private static final int ACCESS_TOKEN_POSITION = 2; |
|||
|
|||
private final OtaPackageType otaPackageType; |
|||
|
|||
public OtaPackageTransportResource(CoapTransportContext ctx, OtaPackageType otaPackageType) { |
|||
super(ctx, otaPackageType.getKeyPrefix()); |
|||
this.otaPackageType = otaPackageType; |
|||
} |
|||
|
|||
@Override |
|||
protected void processHandleGet(CoapExchange exchange) { |
|||
log.trace("Processing {}", exchange.advanced().getRequest()); |
|||
exchange.accept(); |
|||
Exchange advanced = exchange.advanced(); |
|||
Request request = advanced.getRequest(); |
|||
processAccessTokenRequest(exchange, request); |
|||
} |
|||
|
|||
@Override |
|||
protected void processHandlePost(CoapExchange exchange) { |
|||
exchange.respond(CoAP.ResponseCode.METHOD_NOT_ALLOWED); |
|||
} |
|||
|
|||
private void processAccessTokenRequest(CoapExchange exchange, Request request) { |
|||
Optional<DeviceTokenCredentials> credentials = decodeCredentials(request); |
|||
if (credentials.isEmpty()) { |
|||
exchange.respond(CoAP.ResponseCode.UNAUTHORIZED); |
|||
return; |
|||
} |
|||
transportService.process(DeviceTransportType.COAP, TransportProtos.ValidateDeviceTokenRequestMsg.newBuilder().setToken(credentials.get().getCredentialsId()).build(), |
|||
new CoapDeviceAuthCallback(transportContext, exchange, (sessionInfo, deviceProfile) -> { |
|||
getOtaPackageCallback(sessionInfo, exchange, otaPackageType); |
|||
})); |
|||
} |
|||
|
|||
private void getOtaPackageCallback(TransportProtos.SessionInfoProto sessionInfo, CoapExchange exchange, OtaPackageType firmwareType) { |
|||
TransportProtos.GetOtaPackageRequestMsg requestMsg = TransportProtos.GetOtaPackageRequestMsg.newBuilder() |
|||
.setTenantIdMSB(sessionInfo.getTenantIdMSB()) |
|||
.setTenantIdLSB(sessionInfo.getTenantIdLSB()) |
|||
.setDeviceIdMSB(sessionInfo.getDeviceIdMSB()) |
|||
.setDeviceIdLSB(sessionInfo.getDeviceIdLSB()) |
|||
.setType(firmwareType.name()).build(); |
|||
transportContext.getTransportService().process(sessionInfo, requestMsg, new OtaPackageCallback(exchange)); |
|||
} |
|||
|
|||
private Optional<DeviceTokenCredentials> decodeCredentials(Request request) { |
|||
List<String> uriPath = request.getOptions().getUriPath(); |
|||
if (uriPath.size() == ACCESS_TOKEN_POSITION) { |
|||
return Optional.of(new DeviceTokenCredentials(uriPath.get(ACCESS_TOKEN_POSITION - 1))); |
|||
} else { |
|||
return Optional.empty(); |
|||
} |
|||
} |
|||
|
|||
@Override |
|||
public Resource getChild(String name) { |
|||
return this; |
|||
} |
|||
|
|||
private class OtaPackageCallback implements TransportServiceCallback<TransportProtos.GetOtaPackageResponseMsg> { |
|||
private final CoapExchange exchange; |
|||
|
|||
OtaPackageCallback(CoapExchange exchange) { |
|||
this.exchange = exchange; |
|||
} |
|||
|
|||
@Override |
|||
public void onSuccess(TransportProtos.GetOtaPackageResponseMsg msg) { |
|||
String title = exchange.getQueryParameter("title"); |
|||
String version = exchange.getQueryParameter("version"); |
|||
if (msg.getResponseStatus().equals(TransportProtos.ResponseStatus.SUCCESS)) { |
|||
String firmwareId = new UUID(msg.getOtaPackageIdMSB(), msg.getOtaPackageIdLSB()).toString(); |
|||
if ((title == null || msg.getTitle().equals(title)) && (version == null || msg.getVersion().equals(version))) { |
|||
String strChunkSize = exchange.getQueryParameter("size"); |
|||
String strChunk = exchange.getQueryParameter("chunk"); |
|||
int chunkSize = StringUtils.isEmpty(strChunkSize) ? 0 : Integer.parseInt(strChunkSize); |
|||
int chunk = StringUtils.isEmpty(strChunk) ? 0 : Integer.parseInt(strChunk); |
|||
respondOtaPackage(exchange, transportContext.getOtaPackageDataCache().get(firmwareId, chunkSize, chunk)); |
|||
} else { |
|||
exchange.respond(CoAP.ResponseCode.BAD_REQUEST); |
|||
} |
|||
} else { |
|||
exchange.respond(CoAP.ResponseCode.NOT_FOUND); |
|||
} |
|||
} |
|||
|
|||
@Override |
|||
public void onError(Throwable e) { |
|||
log.warn("Failed to process request", e); |
|||
exchange.respond(CoAP.ResponseCode.INTERNAL_SERVER_ERROR); |
|||
} |
|||
} |
|||
|
|||
private void respondOtaPackage(CoapExchange exchange, byte[] data) { |
|||
Response response = new Response(CoAP.ResponseCode.CONTENT); |
|||
if (data != null && data.length > 0) { |
|||
response.setPayload(data); |
|||
if (exchange.getRequestOptions().getBlock2() != null) { |
|||
int chunkSize = exchange.getRequestOptions().getBlock2().getSzx(); |
|||
boolean moreFlag = data.length > chunkSize; |
|||
response.getOptions().setBlock2(chunkSize, moreFlag, 0); |
|||
} |
|||
exchange.respond(response); |
|||
} |
|||
} |
|||
|
|||
} |
|||
Loading…
Reference in new issue