From e2c9a5ffdf2c86f3267d752398a0e024113ebca7 Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Thu, 10 Mar 2022 17:59:59 +0200
Subject: [PATCH 01/92] TOTP and SMS 2FA providers; 2FA set-up API

---
 application/pom.xml                           |  16 ++
 .../controller/TwoFactorAuthController.java   | 128 +++++++++++++
 .../auth/mfa/TwoFactorAuthService.java        | 179 ++++++++++++++++++
 .../mfa/config/TwoFactorAuthSettings.java     |  40 ++++
 .../SmsTwoFactorAuthAccountConfig.java        |  34 ++++
 .../TotpTwoFactorAuthAccountConfig.java       |  34 ++++
 .../account/TwoFactorAuthAccountConfig.java   |  37 ++++
 .../SmsTwoFactorAuthProviderConfig.java       |  36 ++++
 .../TotpTwoFactorAuthProviderConfig.java      |  34 ++++
 .../provider/TwoFactorAuthProviderConfig.java |  37 ++++
 .../mfa/provider/TwoFactorAuthProvider.java   |  34 ++++
 .../provider/TwoFactorAuthProviderType.java   |  21 ++
 .../impl/SmsTwoFactorAuthProvider.java        | 110 +++++++++++
 .../impl/TotpTwoFactorAuthProvider.java       |  73 +++++++
 .../common/util/TripleFunction.java           |  21 ++
 .../dao/service/ConstraintValidator.java      |   2 +-
 pom.xml                                       |   6 +
 .../rule/engine/api/util/TbNodeUtils.java     |   8 +
 18 files changed, 849 insertions(+), 1 deletion(-)
 create mode 100644 application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/SmsTwoFactorAuthAccountConfig.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TotpTwoFactorAuthAccountConfig.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TotpTwoFactorAuthProviderConfig.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TwoFactorAuthProviderConfig.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProvider.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProviderType.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFactorAuthProvider.java
 create mode 100644 common/util/src/main/java/org/thingsboard/common/util/TripleFunction.java

diff --git a/application/pom.xml b/application/pom.xml
index efbc35dc6c..303cd6013b 100644
--- a/application/pom.xml
+++ b/application/pom.xml
@@ -337,6 +337,22 @@
             <artifactId>Java-WebSocket</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.jboss.aerogear</groupId>
+            <artifactId>aerogear-otp-java</artifactId>
+        </dependency>
+        <!-- TMP -->
+        <dependency>
+            <groupId>com.google.zxing</groupId>
+            <artifactId>core</artifactId>
+            <version>3.3.0</version>
+        </dependency>
+        <dependency>
+            <groupId>com.google.zxing</groupId>
+            <artifactId>javase</artifactId>
+            <version>3.3.0</version>
+        </dependency>
+        <!-- TMP -->
     </dependencies>
 
     <build>
diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
new file mode 100644
index 0000000000..ec07ae2058
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@@ -0,0 +1,128 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.controller;
+
+import com.google.zxing.BarcodeFormat;
+import com.google.zxing.client.j2se.MatrixToImageWriter;
+import com.google.zxing.common.BitMatrix;
+import com.google.zxing.qrcode.QRCodeWriter;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+import org.thingsboard.common.util.JacksonUtil;
+import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
+import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
+import org.thingsboard.server.service.security.auth.mfa.config.account.TotpTwoFactorAuthAccountConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.service.security.model.SecurityUser;
+import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
+
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.HttpServletResponse;
+
+@RestController
+@RequestMapping("/api")
+@RequiredArgsConstructor
+public class TwoFactorAuthController extends BaseController {
+
+    private final TwoFactorAuthService twoFactorAuthService;
+    private final JwtTokenFactory tokenFactory;
+
+
+    @GetMapping("/2fa/account/config")
+    @PreAuthorize("isAuthenticated()")
+    public TwoFactorAuthAccountConfig getTwoFactorAuthAccountConfig() throws ThingsboardException {
+        SecurityUser user = getCurrentUser();
+
+        return twoFactorAuthService.getTwoFaAccountConfig(user.getTenantId(), user.getId()).orElse(null);
+    }
+
+    @PostMapping("/2fa/account/config/generate")
+    @PreAuthorize("isAuthenticated()")
+    public TwoFactorAuthAccountConfig generateTwoFactorAuthAccountConfig(@RequestParam TwoFactorAuthProviderType providerType) throws ThingsboardException {
+        SecurityUser user = getCurrentUser();
+
+        return twoFactorAuthService.processByTwoFaProvider(user.getTenantId(), providerType,
+                (provider, providerConfig) -> {
+                    return provider.generateNewAccountConfig(user, providerConfig);
+                });
+    }
+
+    // temporary endpoint for testing purposes
+    @PostMapping("/2fa/account/config/generate/qr")
+    @PreAuthorize("isAuthenticated()")
+    public void generateTwoFactorAuthAccountConfigWithQr(@RequestParam TwoFactorAuthProviderType providerType, HttpServletResponse response) throws Exception {
+        TwoFactorAuthAccountConfig config = generateTwoFactorAuthAccountConfig(providerType);
+        if (providerType == TwoFactorAuthProviderType.TOTP) {
+            BitMatrix qr = new QRCodeWriter().encode(((TotpTwoFactorAuthAccountConfig) config).getAuthUrl(), BarcodeFormat.QR_CODE, 200, 200);
+            try (ServletOutputStream outputStream = response.getOutputStream()) {
+                MatrixToImageWriter.writeToStream(qr, "PNG", outputStream);
+            }
+        }
+        response.setHeader("body", JacksonUtil.toString(config));
+    }
+
+    @PostMapping("/2fa/account/config/submit")
+    @PreAuthorize("isAuthenticated()")
+    public void submitTwoFactorAuthAccountConfig(@RequestBody TwoFactorAuthAccountConfig accountConfig) throws ThingsboardException {
+        SecurityUser user = getCurrentUser();
+
+        twoFactorAuthService.processByTwoFaProvider(user.getTenantId(), accountConfig.getProviderType(),
+                (provider, providerConfig) -> {
+                    provider.prepareVerificationCode(user, providerConfig, accountConfig);
+                });
+    }
+
+    @PostMapping("/2fa/account/config")
+    @PreAuthorize("isAuthenticated()")
+    public void verifyAndSaveTwoFactorAuthAccountConfig(@RequestBody TwoFactorAuthAccountConfig accountConfig,
+                                                        @RequestParam String verificationCode) throws ThingsboardException {
+        SecurityUser user = getCurrentUser();
+
+        boolean verificationSuccess = twoFactorAuthService.processByTwoFaProvider(user.getTenantId(), accountConfig.getProviderType(),
+                (provider, providerConfig) -> {
+                    return provider.checkVerificationCode(user, verificationCode, accountConfig);
+                });
+
+        if (verificationSuccess) {
+            twoFactorAuthService.saveTwoFaAccountConfig(user.getTenantId(), user.getId(), accountConfig);
+        } else {
+            throw new ThingsboardException("Verification code is incorrect", ThingsboardErrorCode.INVALID_ARGUMENTS);
+        }
+    }
+
+
+    @GetMapping("/2fa/settings")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
+    public TwoFactorAuthSettings getTwoFactorAuthSettings() throws ThingsboardException {
+        return twoFactorAuthService.getTwoFaSettings(getTenantId()).orElse(null);
+    }
+
+    @PostMapping("/2fa/settings")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
+    public void saveTwoFactorAuthSettings(@RequestBody TwoFactorAuthSettings twoFactorAuthSettings) throws ThingsboardException {
+        twoFactorAuthService.saveTwoFaSettings(getTenantId(), twoFactorAuthSettings);
+    }
+
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
new file mode 100644
index 0000000000..51d4af28fd
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
@@ -0,0 +1,179 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.mfa;
+
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import lombok.RequiredArgsConstructor;
+import lombok.SneakyThrows;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.thingsboard.common.util.JacksonUtil;
+import org.thingsboard.common.util.TripleFunction;
+import org.thingsboard.server.common.data.AdminSettings;
+import org.thingsboard.server.common.data.DataConstants;
+import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
+import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.TenantId;
+import org.thingsboard.server.common.data.id.UserId;
+import org.thingsboard.server.common.data.kv.BaseAttributeKvEntry;
+import org.thingsboard.server.common.data.kv.JsonDataEntry;
+import org.thingsboard.server.dao.attributes.AttributesService;
+import org.thingsboard.server.dao.service.ConstraintValidator;
+import org.thingsboard.server.dao.settings.AdminSettingsService;
+import org.thingsboard.server.dao.user.UserService;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
+import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.provider.TwoFactorAuthProviderConfig;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProvider;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.EnumMap;
+import java.util.Map;
+import java.util.Optional;
+import java.util.function.BiConsumer;
+import java.util.function.BiFunction;
+
+@Service
+@RequiredArgsConstructor
+public class TwoFactorAuthService {
+
+    private final UserService userService;
+    private final AdminSettingsService adminSettingsService;
+    private final AttributesService attributesService;
+    private final Map<TwoFactorAuthProviderType, TwoFactorAuthProvider<?, ?>> providers = new EnumMap<>(TwoFactorAuthProviderType.class);
+
+    protected static final String TWO_FACTOR_AUTH_ACCOUNT_CONFIG_KEY = "twoFaConfig";
+    protected static final String TWO_FACTOR_AUTH_SETTINGS_KEY = "twoFaSettings";
+
+
+    @Autowired
+    private void setProviders(Collection<TwoFactorAuthProvider<?, ?>> providers) {
+        providers.forEach(provider -> {
+            this.providers.put(provider.getType(), provider);
+        });
+    }
+
+    private <A extends TwoFactorAuthAccountConfig, C extends TwoFactorAuthProviderConfig> Optional<TwoFactorAuthProvider<C, A>> getTwoFaProvider(TwoFactorAuthProviderType providerType) {
+        return Optional.of((TwoFactorAuthProvider<C, A>) providers.get(providerType));
+    }
+
+    private <C extends TwoFactorAuthProviderConfig> Optional<C> getTwoFaProviderConfig(TenantId tenantId, TwoFactorAuthProviderType providerType) {
+        return getTwoFaSettings(tenantId)
+                .flatMap(twoFaSettings -> twoFaSettings.getProviderConfig(providerType))
+                .map(providerConfig -> (C) providerConfig);
+    }
+
+
+    public <R> R processByTwoFaProvider(TenantId tenantId, TwoFactorAuthProviderType providerType, BiFunction<TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig>, TwoFactorAuthProviderConfig, R> function) throws ThingsboardException {
+        TwoFactorAuthProviderConfig providerConfig = getTwoFaProviderConfig(tenantId, providerType)
+                .orElseThrow(() -> new ThingsboardException("2FA provider is not configured", ThingsboardErrorCode.BAD_REQUEST_PARAMS));
+        TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig> provider = getTwoFaProvider(providerType)
+                .orElseThrow(() -> new ThingsboardException("2FA provider is not available", ThingsboardErrorCode.ITEM_NOT_FOUND));
+
+        return function.apply(provider, providerConfig);
+    }
+
+    public void processByTwoFaProvider(TenantId tenantId, TwoFactorAuthProviderType providerType, BiConsumer<TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig>, TwoFactorAuthProviderConfig> function) throws ThingsboardException {
+        processByTwoFaProvider(tenantId, providerType, (provider, providerConfig) -> {
+            function.accept(provider, providerConfig);
+            return null;
+        });
+    }
+
+    public <R> R processByTwoFaProvider(TenantId tenantId, UserId userId, TripleFunction<TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig>, TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig, R> function) throws ThingsboardException {
+        TwoFactorAuthAccountConfig accountConfig = getTwoFaAccountConfig(tenantId, userId)
+                .orElseThrow(() -> new ThingsboardException("2FA is not configured for user", ThingsboardErrorCode.BAD_REQUEST_PARAMS));
+
+        TwoFactorAuthProviderConfig providerConfig = getTwoFaProviderConfig(tenantId, accountConfig.getProviderType())
+                .orElseThrow(() -> new ThingsboardException("2FA provider is not configured", ThingsboardErrorCode.BAD_REQUEST_PARAMS));
+        TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig> provider = getTwoFaProvider(accountConfig.getProviderType())
+                .orElseThrow(() -> new ThingsboardException("2FA provider is not available", ThingsboardErrorCode.ITEM_NOT_FOUND));
+
+        return function.apply(provider, providerConfig, accountConfig);
+    }
+
+
+    public Optional<TwoFactorAuthAccountConfig> getTwoFaAccountConfig(TenantId tenantId, UserId userId) {
+        User user = userService.findUserById(tenantId, userId);
+        return Optional.ofNullable(user.getAdditionalInfo())
+                .flatMap(additionalInfo -> Optional.ofNullable(additionalInfo.get(TWO_FACTOR_AUTH_ACCOUNT_CONFIG_KEY)).filter(jsonNode -> !jsonNode.isNull()))
+                .map(jsonNode -> JacksonUtil.treeToValue(jsonNode, TwoFactorAuthAccountConfig.class))
+                .filter(twoFactorAuthAccountConfig -> {
+                    return getTwoFaProviderConfig(tenantId, twoFactorAuthAccountConfig.getProviderType()).isPresent();
+                });
+    }
+
+    public void saveTwoFaAccountConfig(TenantId tenantId, UserId userId, TwoFactorAuthAccountConfig accountConfig) throws ThingsboardException {
+        ConstraintValidator.validateFields(accountConfig);
+        getTwoFaProviderConfig(tenantId, accountConfig.getProviderType())
+                .orElseThrow(() -> new ThingsboardException("2FA provider is not configured", ThingsboardErrorCode.BAD_REQUEST_PARAMS));
+
+        User user = userService.findUserById(tenantId, userId);
+        ObjectNode additionalInfo = (ObjectNode) Optional.ofNullable(user.getAdditionalInfo())
+                .orElseGet(JacksonUtil::newObjectNode);
+        additionalInfo.set(TWO_FACTOR_AUTH_ACCOUNT_CONFIG_KEY, JacksonUtil.valueToTree(accountConfig));
+        user.setAdditionalInfo(additionalInfo);
+
+        userService.saveUser(user);
+    }
+
+    public void deleteTwoFaAccountConfig(TenantId tenantId, UserId userId) {
+        User user = userService.findUserById(tenantId, userId);
+        ObjectNode additionalInfo = (ObjectNode) Optional.ofNullable(user.getAdditionalInfo())
+                .orElseGet(JacksonUtil::newObjectNode);
+        additionalInfo.remove(TWO_FACTOR_AUTH_ACCOUNT_CONFIG_KEY);
+        user.setAdditionalInfo(additionalInfo);
+
+        userService.saveUser(user);
+    }
+
+
+    @SneakyThrows
+    public Optional<TwoFactorAuthSettings> getTwoFaSettings(TenantId tenantId) {
+        if (tenantId.equals(TenantId.SYS_TENANT_ID)) {
+            return Optional.ofNullable(adminSettingsService.findAdminSettingsByKey(tenantId, TWO_FACTOR_AUTH_SETTINGS_KEY))
+                    .map(adminSettings -> JacksonUtil.treeToValue(adminSettings.getJsonValue(), TwoFactorAuthSettings.class));
+        } else {
+            return attributesService.find(TenantId.SYS_TENANT_ID, tenantId, DataConstants.SERVER_SCOPE, TWO_FACTOR_AUTH_SETTINGS_KEY).get()
+                    .map(adminSettingsAttribute -> JacksonUtil.fromString(adminSettingsAttribute.getJsonValue().get(), TwoFactorAuthSettings.class))
+                    .filter(tenantTwoFactorAuthSettings -> !tenantTwoFactorAuthSettings.isUseSystemTwoFactorAuthSettings())
+                    .or(() -> getTwoFaSettings(TenantId.SYS_TENANT_ID));
+        }
+    }
+
+    @SneakyThrows
+    public void saveTwoFaSettings(TenantId tenantId, TwoFactorAuthSettings twoFactorAuthSettings) {
+        ConstraintValidator.validateFields(twoFactorAuthSettings);
+        if (tenantId.equals(TenantId.SYS_TENANT_ID)) {
+            AdminSettings settings = Optional.ofNullable(adminSettingsService.findAdminSettingsByKey(tenantId, TWO_FACTOR_AUTH_SETTINGS_KEY))
+                    .orElseGet(() -> {
+                        AdminSettings newSettings = new AdminSettings();
+                        newSettings.setKey(TWO_FACTOR_AUTH_SETTINGS_KEY);
+                        return newSettings;
+                    });
+            settings.setJsonValue(JacksonUtil.valueToTree(twoFactorAuthSettings));
+            adminSettingsService.saveAdminSettings(tenantId, settings);
+        } else {
+            attributesService.save(TenantId.SYS_TENANT_ID, tenantId, DataConstants.SERVER_SCOPE, Collections.singletonList(
+                    new BaseAttributeKvEntry(new JsonDataEntry(TWO_FACTOR_AUTH_SETTINGS_KEY, JacksonUtil.toString(twoFactorAuthSettings)), System.currentTimeMillis())
+            )).get();
+        }
+    }
+
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
new file mode 100644
index 0000000000..a0620ec96e
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
@@ -0,0 +1,40 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.mfa.config;
+
+import lombok.Data;
+import org.thingsboard.server.service.security.auth.mfa.config.provider.TwoFactorAuthProviderConfig;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+
+import javax.validation.Valid;
+import java.util.List;
+import java.util.Optional;
+
+@Data
+public class TwoFactorAuthSettings {
+
+    private boolean useSystemTwoFactorAuthSettings;
+    @Valid
+    private List<TwoFactorAuthProviderConfig> providers;
+
+    public Optional<TwoFactorAuthProviderConfig> getProviderConfig(TwoFactorAuthProviderType providerType) {
+        return Optional.ofNullable(providers)
+                .flatMap(providersConfigs -> providersConfigs.stream()
+                        .filter(providerConfig -> providerConfig.getProviderType() == providerType)
+                        .findFirst());
+    }
+
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/SmsTwoFactorAuthAccountConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/SmsTwoFactorAuthAccountConfig.java
new file mode 100644
index 0000000000..6f3ef06775
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/SmsTwoFactorAuthAccountConfig.java
@@ -0,0 +1,34 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.mfa.config.account;
+
+import lombok.Data;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+
+import javax.validation.constraints.NotBlank;
+
+@Data
+public class SmsTwoFactorAuthAccountConfig implements TwoFactorAuthAccountConfig {
+
+    @NotBlank
+    private String phoneNumber;
+
+    @Override
+    public TwoFactorAuthProviderType getProviderType() {
+        return TwoFactorAuthProviderType.SMS;
+    }
+
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TotpTwoFactorAuthAccountConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TotpTwoFactorAuthAccountConfig.java
new file mode 100644
index 0000000000..a48cf162a0
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TotpTwoFactorAuthAccountConfig.java
@@ -0,0 +1,34 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.mfa.config.account;
+
+import lombok.Data;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+
+import javax.validation.constraints.NotBlank;
+
+@Data
+public class TotpTwoFactorAuthAccountConfig implements TwoFactorAuthAccountConfig {
+
+    @NotBlank
+    private String authUrl;
+
+    @Override
+    public TwoFactorAuthProviderType getProviderType() {
+        return TwoFactorAuthProviderType.TOTP;
+    }
+
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java
new file mode 100644
index 0000000000..141535eea8
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java
@@ -0,0 +1,37 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.mfa.config.account;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonSubTypes;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+@JsonTypeInfo(
+        use = JsonTypeInfo.Id.NAME,
+        property = "providerType")
+@JsonSubTypes({
+        @JsonSubTypes.Type(value = TotpTwoFactorAuthAccountConfig.class, name = "TOTP"),
+        @JsonSubTypes.Type(value = SmsTwoFactorAuthAccountConfig.class, name = "SMS"),
+})
+public interface TwoFactorAuthAccountConfig {
+
+    @JsonIgnore
+    TwoFactorAuthProviderType getProviderType();
+
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java
new file mode 100644
index 0000000000..a036e47574
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java
@@ -0,0 +1,36 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.mfa.config.provider;
+
+import lombok.Data;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.Pattern;
+
+@Data
+public class SmsTwoFactorAuthProviderConfig implements TwoFactorAuthProviderConfig {
+
+    @NotBlank
+    @Pattern(regexp = ".*\\$\\{verificationCode}.*", message = "Template must contain verification code")
+    private String smsVerificationMessageTemplate;
+
+    @Override
+    public TwoFactorAuthProviderType getProviderType() {
+        return TwoFactorAuthProviderType.SMS;
+    }
+
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TotpTwoFactorAuthProviderConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TotpTwoFactorAuthProviderConfig.java
new file mode 100644
index 0000000000..2d6cc5ddf5
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TotpTwoFactorAuthProviderConfig.java
@@ -0,0 +1,34 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.mfa.config.provider;
+
+import lombok.Data;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+
+import javax.validation.constraints.NotBlank;
+
+@Data
+public class TotpTwoFactorAuthProviderConfig implements TwoFactorAuthProviderConfig {
+
+    @NotBlank(message = "Issuer name must not be blank")
+    private String issuerName;
+
+    @Override
+    public TwoFactorAuthProviderType getProviderType() {
+        return TwoFactorAuthProviderType.TOTP;
+    }
+
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TwoFactorAuthProviderConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TwoFactorAuthProviderConfig.java
new file mode 100644
index 0000000000..a86bcee222
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TwoFactorAuthProviderConfig.java
@@ -0,0 +1,37 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.mfa.config.provider;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonSubTypes;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+@JsonTypeInfo(
+        use = JsonTypeInfo.Id.NAME,
+        property = "providerType")
+@JsonSubTypes({
+        @JsonSubTypes.Type(value = TotpTwoFactorAuthProviderConfig.class, name = "TOTP"),
+        @JsonSubTypes.Type(value = SmsTwoFactorAuthProviderConfig.class, name = "SMS"),
+})
+public interface TwoFactorAuthProviderConfig {
+
+    @JsonIgnore
+    TwoFactorAuthProviderType getProviderType();
+
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProvider.java
new file mode 100644
index 0000000000..82122a9163
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProvider.java
@@ -0,0 +1,34 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.mfa.provider;
+
+import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.provider.TwoFactorAuthProviderConfig;
+import org.thingsboard.server.service.security.model.SecurityUser;
+
+public interface TwoFactorAuthProvider<C extends TwoFactorAuthProviderConfig, A extends TwoFactorAuthAccountConfig> {
+
+    A generateNewAccountConfig(User user, C providerConfig);
+
+    default void prepareVerificationCode(SecurityUser user, C providerConfig, A accountConfig) {}
+
+    boolean checkVerificationCode(SecurityUser user, String verificationCode, A accountConfig);
+
+
+    TwoFactorAuthProviderType getType();
+
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProviderType.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProviderType.java
new file mode 100644
index 0000000000..9a4a3672a7
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProviderType.java
@@ -0,0 +1,21 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.mfa.provider;
+
+public enum TwoFactorAuthProviderType {
+    TOTP,
+    SMS
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java
new file mode 100644
index 0000000000..7d4a0b9ab7
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java
@@ -0,0 +1,110 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.mfa.provider.impl;
+
+import lombok.RequiredArgsConstructor;
+import lombok.SneakyThrows;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.springframework.stereotype.Service;
+import org.thingsboard.rule.engine.api.SmsService;
+import org.thingsboard.rule.engine.api.util.TbNodeUtils;
+import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.common.data.kv.BaseDeleteTsKvQuery;
+import org.thingsboard.server.common.data.kv.BasicTsKvEntry;
+import org.thingsboard.server.common.data.kv.StringDataEntry;
+import org.thingsboard.server.dao.service.ConstraintValidator;
+import org.thingsboard.server.dao.timeseries.TimeseriesService;
+import org.thingsboard.server.queue.util.TbCoreComponent;
+import org.thingsboard.server.service.security.auth.mfa.config.account.SmsTwoFactorAuthAccountConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.provider.SmsTwoFactorAuthProviderConfig;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProvider;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.service.security.model.SecurityUser;
+
+import java.util.Collections;
+import java.util.Map;
+
+@Service
+@RequiredArgsConstructor
+@TbCoreComponent
+public class SmsTwoFactorAuthProvider implements TwoFactorAuthProvider<SmsTwoFactorAuthProviderConfig, SmsTwoFactorAuthAccountConfig> {
+
+    private final SmsService smsService;
+    private final TimeseriesService timeseriesService;
+
+    @Override
+    public SmsTwoFactorAuthAccountConfig generateNewAccountConfig(User user, SmsTwoFactorAuthProviderConfig providerConfig) {
+        return new SmsTwoFactorAuthAccountConfig();
+    }
+
+    @Override
+    @SneakyThrows // fixme
+    public void prepareVerificationCode(SecurityUser user, SmsTwoFactorAuthProviderConfig providerConfig, SmsTwoFactorAuthAccountConfig accountConfig) {
+        ConstraintValidator.validateFields(accountConfig);
+
+        String verificationCode = RandomStringUtils.randomNumeric(6);
+        saveVerificationCode(user, verificationCode);
+
+        String phoneNumber = accountConfig.getPhoneNumber();
+
+        Map<String, String> data = Map.of(
+                "verificationCode", verificationCode,
+                "userEmail", user.getEmail()
+        );
+        String message = TbNodeUtils.processTemplate(providerConfig.getSmsVerificationMessageTemplate(), data);
+
+        smsService.sendSms(user.getTenantId(), user.getCustomerId(), new String[]{phoneNumber}, message);
+    }
+
+    @Override
+    public boolean checkVerificationCode(SecurityUser user, String verificationCode, SmsTwoFactorAuthAccountConfig accountConfig) {
+        if (verificationCode.equals(getVerificationCode(user))) {
+            removeVerificationCode(user);
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+
+    @SneakyThrows
+    private void saveVerificationCode(SecurityUser user, String verificationCode) {
+        timeseriesService.save(user.getTenantId(), user.getId(),
+                new BasicTsKvEntry(System.currentTimeMillis(), new StringDataEntry("twoFaVerificationCode:" + user.getSessionId(), verificationCode))
+        ).get();
+    }
+
+    @SneakyThrows
+    private String getVerificationCode(SecurityUser user) {
+        return timeseriesService.findLatest(user.getTenantId(), user.getId(),
+                Collections.singletonList("twoFaVerificationCode:" + user.getSessionId())).get().stream().findFirst()
+                .map(codeTs -> codeTs.getStrValue().get())
+                .orElse(null);
+    }
+
+    private void removeVerificationCode(SecurityUser user) {
+        timeseriesService.remove(user.getTenantId(), user.getId(), Collections.singletonList(
+                new BaseDeleteTsKvQuery("twoFaVerificationCode:" + user.getSessionId(), 0, System.currentTimeMillis())
+        ));
+    }
+
+
+    @Override
+    public TwoFactorAuthProviderType getType() {
+        return TwoFactorAuthProviderType.SMS;
+    }
+
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFactorAuthProvider.java
new file mode 100644
index 0000000000..d7747521c1
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFactorAuthProvider.java
@@ -0,0 +1,73 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.mfa.provider.impl;
+
+import lombok.RequiredArgsConstructor;
+import lombok.SneakyThrows;
+import org.apache.commons.lang3.RandomUtils;
+import org.apache.http.client.utils.URIBuilder;
+import org.jboss.aerogear.security.otp.Totp;
+import org.jboss.aerogear.security.otp.api.Base32;
+import org.springframework.stereotype.Service;
+import org.springframework.web.util.UriComponentsBuilder;
+import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.queue.util.TbCoreComponent;
+import org.thingsboard.server.service.security.auth.mfa.config.account.TotpTwoFactorAuthAccountConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.provider.TotpTwoFactorAuthProviderConfig;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProvider;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.service.security.model.SecurityUser;
+
+@Service
+@RequiredArgsConstructor
+@TbCoreComponent
+public class TotpTwoFactorAuthProvider implements TwoFactorAuthProvider<TotpTwoFactorAuthProviderConfig, TotpTwoFactorAuthAccountConfig> {
+
+    @Override
+    public final TotpTwoFactorAuthAccountConfig generateNewAccountConfig(User user, TotpTwoFactorAuthProviderConfig providerConfig) {
+        TotpTwoFactorAuthAccountConfig config = new TotpTwoFactorAuthAccountConfig();
+        String secretKey = generateSecretKey();
+        config.setAuthUrl(getTotpAuthUrl(user, secretKey, providerConfig));
+        return config;
+    }
+
+    @Override
+    public final boolean checkVerificationCode(SecurityUser user, String verificationCode, TotpTwoFactorAuthAccountConfig accountConfig) {
+        String secretKey = UriComponentsBuilder.fromUriString(accountConfig.getAuthUrl()).build().getQueryParams().getFirst("secret");
+        return new Totp(secretKey).verify(verificationCode);
+    }
+
+    @SneakyThrows
+    private String getTotpAuthUrl(User user, String secretKey, TotpTwoFactorAuthProviderConfig providerConfig) {
+        URIBuilder uri = new URIBuilder()
+                .setScheme("otpauth")
+                .setHost("totp")
+                .setParameter("issuer", providerConfig.getIssuerName())
+                .setPath("/" + providerConfig.getIssuerName() + ":" + user.getEmail())
+                .setParameter("secret", secretKey);
+        return uri.build().toASCIIString();
+    }
+
+    private String generateSecretKey() {
+        return Base32.encode(RandomUtils.nextBytes(20));
+    }
+
+    @Override
+    public TwoFactorAuthProviderType getType() {
+        return TwoFactorAuthProviderType.TOTP;
+    }
+
+}
diff --git a/common/util/src/main/java/org/thingsboard/common/util/TripleFunction.java b/common/util/src/main/java/org/thingsboard/common/util/TripleFunction.java
new file mode 100644
index 0000000000..5134703cd3
--- /dev/null
+++ b/common/util/src/main/java/org/thingsboard/common/util/TripleFunction.java
@@ -0,0 +1,21 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.common.util;
+
+@FunctionalInterface
+public interface TripleFunction<A, B, C, R> {
+    R apply(A a, B b, C c);
+}
diff --git a/dao/src/main/java/org/thingsboard/server/dao/service/ConstraintValidator.java b/dao/src/main/java/org/thingsboard/server/dao/service/ConstraintValidator.java
index 0e8b71abee..da7537ae75 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/service/ConstraintValidator.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/service/ConstraintValidator.java
@@ -46,7 +46,7 @@ public class ConstraintValidator {
                 .distinct()
                 .collect(Collectors.toList());
         if (!validationErrors.isEmpty()) {
-            throw new ValidationException("Validation error: " + String.join(", ", validationErrors));
+            throw new ValidationException(String.join(", ", validationErrors));
         }
     }
 
diff --git a/pom.xml b/pom.xml
index 295e01f2d3..d339c644c9 100755
--- a/pom.xml
+++ b/pom.xml
@@ -132,6 +132,7 @@
         <!--      BLACKBOX TEST SCOPE     -->
         <testcontainers.version>1.16.0</testcontainers.version>
         <zeroturnaround.version>1.12</zeroturnaround.version>
+        <aerogear-otp.version>1.0.0</aerogear-otp.version>
     </properties>
 
     <modules>
@@ -1872,6 +1873,11 @@
                 <version>${zeroturnaround.version}</version>
                 <scope>test</scope>
             </dependency>
+            <dependency>
+                <groupId>org.jboss.aerogear</groupId>
+                <artifactId>aerogear-otp-java</artifactId>
+                <version>${aerogear-otp.version}</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 
diff --git a/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/util/TbNodeUtils.java b/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/util/TbNodeUtils.java
index 9b0f0e9f0a..32ee585820 100644
--- a/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/util/TbNodeUtils.java
+++ b/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/util/TbNodeUtils.java
@@ -101,6 +101,14 @@ public class TbNodeUtils {
         return result;
     }
 
+    public static String processTemplate(String template, Map<String, String> data) {
+        String result = template;
+        for (Map.Entry<String, String> kv : data.entrySet()) {
+            result = processVar(result, kv.getKey(), kv.getValue());
+        }
+        return result;
+    }
+
     private static String processVar(String pattern, String key, String val) {
         return pattern.replace(formatMetadataVarTemplate(key), val);
     }

From 1ad769048cee05f287f1efd7efcea39a74a8bfbe Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Thu, 10 Mar 2022 18:15:42 +0200
Subject: [PATCH 02/92] 2FA support for platform authentication

---
 .../server/config/JwtSettings.java            |  42 ++----
 .../controller/TwoFactorAuthController.java   |  19 +++
 .../RefreshTokenAuthenticationProvider.java   |   1 +
 ...RestAwareAuthenticationSuccessHandler.java |  46 ++++---
 .../service/security/model/JwtTokenPair.java  |   2 +
 .../service/security/model/SecurityUser.java  |  11 ++
 .../security/model/token/AccessJwtToken.java  |  12 +-
 .../security/model/token/JwtTokenFactory.java | 128 +++++++++++-------
 .../src/main/resources/thingsboard.yml        |   5 +
 .../common/data/security/Authority.java       |   5 +-
 10 files changed, 157 insertions(+), 114 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/config/JwtSettings.java b/application/src/main/java/org/thingsboard/server/config/JwtSettings.java
index 31dbfc68e8..1c15c4c150 100644
--- a/application/src/main/java/org/thingsboard/server/config/JwtSettings.java
+++ b/application/src/main/java/org/thingsboard/server/config/JwtSettings.java
@@ -15,12 +15,14 @@
  */
 package org.thingsboard.server.config;
 
+import lombok.Data;
 import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.context.annotation.Configuration;
+import org.springframework.stereotype.Component;
 import org.thingsboard.server.common.data.security.model.JwtToken;
 
-@Configuration
+@Component
 @ConfigurationProperties(prefix = "security.jwt")
+@Data
 public class JwtSettings {
     /**
      * {@link JwtToken} will expire after this time.
@@ -42,34 +44,10 @@ public class JwtSettings {
      */
     private Integer refreshTokenExpTime;
 
-    public Integer getRefreshTokenExpTime() {
-        return refreshTokenExpTime;
-    }
-
-    public void setRefreshTokenExpTime(Integer refreshTokenExpTime) {
-        this.refreshTokenExpTime = refreshTokenExpTime;
-    }
-
-    public Integer getTokenExpirationTime() {
-        return tokenExpirationTime;
-    }
-
-    public void setTokenExpirationTime(Integer tokenExpirationTime) {
-        this.tokenExpirationTime = tokenExpirationTime;
-    }
-
-    public String getTokenIssuer() {
-        return tokenIssuer;
-    }
-    public void setTokenIssuer(String tokenIssuer) {
-        this.tokenIssuer = tokenIssuer;
-    }
-
-    public String getTokenSigningKey() {
-        return tokenSigningKey;
-    }
+    /**
+    * Issued when 2FA is being used.
+    * Valid only for 2FA verification code checking.
+    * */
+    private Integer preVerificationTokenExpirationTime;
 
-    public void setTokenSigningKey(String tokenSigningKey) {
-        this.tokenSigningKey = tokenSigningKey;
-    }
-}
\ No newline at end of file
+}
diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
index ec07ae2058..1355337127 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@@ -35,6 +35,7 @@ import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSett
 import org.thingsboard.server.service.security.auth.mfa.config.account.TotpTwoFactorAuthAccountConfig;
 import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.service.security.model.JwtTokenPair;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
 
@@ -125,4 +126,22 @@ public class TwoFactorAuthController extends BaseController {
         twoFactorAuthService.saveTwoFaSettings(getTenantId(), twoFactorAuthSettings);
     }
 
+
+    @PostMapping("/auth/2fa/verification/check")
+    @PreAuthorize("hasAuthority('PRE_VERIFICATION_TOKEN')")
+    public JwtTokenPair checkTwoFaVerificationCode(@RequestParam String verificationCode) throws ThingsboardException {
+        SecurityUser user = getCurrentUser();
+
+        boolean verificationSuccess = twoFactorAuthService.processByTwoFaProvider(user.getTenantId(), user.getId(),
+                (provider, providerConfig, accountConfig) -> {
+                    return provider.checkVerificationCode(user, verificationCode, accountConfig);
+                });
+
+        if (verificationSuccess) {
+            return tokenFactory.createTokenPair(user);
+        } else {
+            throw new ThingsboardException("Verification code is incorrect", ThingsboardErrorCode.AUTHENTICATION);
+        }
+    }
+
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/RefreshTokenAuthenticationProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/RefreshTokenAuthenticationProvider.java
index 8003cfd012..b744adcdaf 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/RefreshTokenAuthenticationProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/RefreshTokenAuthenticationProvider.java
@@ -66,6 +66,7 @@ public class RefreshTokenAuthenticationProvider implements AuthenticationProvide
         } else {
             securityUser = authenticateByPublicId(principal.getValue());
         }
+        securityUser.setSessionId(unsafeUser.getSessionId());
 
         if (tokenOutdatingService.isOutdated(rawAccessToken, securityUser.getId())) {
             throw new CredentialsExpiredException("Token is outdated");
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
index 057577fdca..ca2f15953a 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
@@ -16,15 +16,18 @@
 package org.thingsboard.server.service.security.auth.rest;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
-import org.springframework.beans.factory.annotation.Autowired;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.WebAttributes;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.stereotype.Component;
-import org.thingsboard.server.common.data.security.model.JwtToken;
 import org.thingsboard.server.service.security.auth.jwt.RefreshTokenRepository;
+import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
+import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
+import org.thingsboard.server.service.security.model.JwtTokenPair;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
 
@@ -33,37 +36,44 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import java.io.IOException;
-import java.util.HashMap;
-import java.util.Map;
+import java.util.Optional;
 
 @Component(value = "defaultAuthenticationSuccessHandler")
+@RequiredArgsConstructor
+@Slf4j
 public class RestAwareAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
     private final ObjectMapper mapper;
     private final JwtTokenFactory tokenFactory;
-    private final RefreshTokenRepository refreshTokenRepository;
-
-    @Autowired
-    public RestAwareAuthenticationSuccessHandler(final ObjectMapper mapper, final JwtTokenFactory tokenFactory, final RefreshTokenRepository refreshTokenRepository) {
-        this.mapper = mapper;
-        this.tokenFactory = tokenFactory;
-        this.refreshTokenRepository = refreshTokenRepository;
-    }
+    private final TwoFactorAuthService twoFactorAuthService;
 
     @Override
     public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
                                         Authentication authentication) throws IOException, ServletException {
         SecurityUser securityUser = (SecurityUser) authentication.getPrincipal();
 
-        JwtToken accessToken = tokenFactory.createAccessJwtToken(securityUser);
-        JwtToken refreshToken = refreshTokenRepository.requestRefreshToken(securityUser);
+        JwtTokenPair tokenPair;
 
-        Map<String, String> tokenMap = new HashMap<String, String>();
-        tokenMap.put("token", accessToken.getToken());
-        tokenMap.put("refreshToken", refreshToken.getToken());
+        Optional<TwoFactorAuthAccountConfig> twoFaAccountConfig = twoFactorAuthService.getTwoFaAccountConfig(securityUser.getTenantId(), securityUser.getId());
+        if (twoFaAccountConfig.isPresent()) {
+            try {
+                twoFactorAuthService.processByTwoFaProvider(securityUser.getTenantId(), twoFaAccountConfig.get().getProviderType(),
+                        (provider, providerConfig) -> {
+                            provider.prepareVerificationCode(securityUser, providerConfig, twoFaAccountConfig.get());
+                        });
+                tokenPair = new JwtTokenPair();
+                tokenPair.setToken(tokenFactory.createPreVerificationToken(securityUser).getToken());
+            } catch (Exception e) {
+                log.error("Failed to process 2FA for user {}. Falling back to plain auth", securityUser.getId(), e);
+                tokenPair = tokenFactory.createTokenPair(securityUser);
+            }
+        } else {
+            tokenPair = tokenFactory.createTokenPair(securityUser);
+        }
 
         response.setStatus(HttpStatus.OK.value());
         response.setContentType(MediaType.APPLICATION_JSON_VALUE);
-        mapper.writeValue(response.getWriter(), tokenMap);
+
+        mapper.writeValue(response.getWriter(), tokenPair);
 
         clearAuthenticationAttributes(request);
     }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/model/JwtTokenPair.java b/application/src/main/java/org/thingsboard/server/service/security/model/JwtTokenPair.java
index 7a9c339fc2..57964570c1 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/model/JwtTokenPair.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/model/JwtTokenPair.java
@@ -19,10 +19,12 @@ import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.AllArgsConstructor;
 import lombok.Data;
+import lombok.NoArgsConstructor;
 
 @ApiModel(value = "JWT Token Pair")
 @Data
 @AllArgsConstructor
+@NoArgsConstructor
 public class JwtTokenPair {
 
     @ApiModelProperty(position = 1, value = "The JWT Access Token. Used to perform API calls.", example = "AAB254FF67D..")
diff --git a/application/src/main/java/org/thingsboard/server/service/security/model/SecurityUser.java b/application/src/main/java/org/thingsboard/server/service/security/model/SecurityUser.java
index 380d6537f2..3698282489 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/model/SecurityUser.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/model/SecurityUser.java
@@ -21,6 +21,7 @@ import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.id.UserId;
 
 import java.util.Collection;
+import java.util.UUID;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
@@ -31,6 +32,7 @@ public class SecurityUser extends User {
     private Collection<GrantedAuthority> authorities;
     private boolean enabled;
     private UserPrincipal userPrincipal;
+    private String sessionId;
 
     public SecurityUser() {
         super();
@@ -44,6 +46,7 @@ public class SecurityUser extends User {
         super(user);
         this.enabled = enabled;
         this.userPrincipal = userPrincipal;
+        this.sessionId = UUID.randomUUID().toString();
     }
 
     public Collection<GrantedAuthority> getAuthorities() {
@@ -71,4 +74,12 @@ public class SecurityUser extends User {
         this.userPrincipal = userPrincipal;
     }
 
+    public String getSessionId() {
+        return sessionId;
+    }
+
+    public void setSessionId(String sessionId) {
+        this.sessionId = sessionId;
+    }
+
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/model/token/AccessJwtToken.java b/application/src/main/java/org/thingsboard/server/service/security/model/token/AccessJwtToken.java
index 639bd2a347..f96e0bfc33 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/model/token/AccessJwtToken.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/model/token/AccessJwtToken.java
@@ -15,25 +15,17 @@
  */
 package org.thingsboard.server.service.security.model.token;
 
-import com.fasterxml.jackson.annotation.JsonIgnore;
-import io.jsonwebtoken.Claims;
 import org.thingsboard.server.common.data.security.model.JwtToken;
 
 public final class AccessJwtToken implements JwtToken {
     private final String rawToken;
-    @JsonIgnore
-    private transient Claims claims;
 
-    protected AccessJwtToken(final String token, Claims claims) {
-        this.rawToken = token;
-        this.claims = claims;
+    public AccessJwtToken(String rawToken) {
+        this.rawToken = rawToken;
     }
 
     public String getToken() {
         return this.rawToken;
     }
 
-    public Claims getClaims() {
-        return claims;
-    }
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/model/token/JwtTokenFactory.java b/application/src/main/java/org/thingsboard/server/service/security/model/token/JwtTokenFactory.java
index 24e49f9db0..b2bc3add26 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/model/token/JwtTokenFactory.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/model/token/JwtTokenFactory.java
@@ -18,6 +18,7 @@ package org.thingsboard.server.service.security.model.token;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.ExpiredJwtException;
 import io.jsonwebtoken.Jws;
+import io.jsonwebtoken.JwtBuilder;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.MalformedJwtException;
 import io.jsonwebtoken.SignatureAlgorithm;
@@ -36,6 +37,7 @@ import org.thingsboard.server.common.data.security.Authority;
 import org.thingsboard.server.common.data.security.model.JwtToken;
 import org.thingsboard.server.config.JwtSettings;
 import org.thingsboard.server.service.security.exception.JwtExpiredTokenException;
+import org.thingsboard.server.service.security.model.JwtTokenPair;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.UserPrincipal;
 
@@ -58,6 +60,7 @@ public class JwtTokenFactory {
     private static final String IS_PUBLIC = "isPublic";
     private static final String TENANT_ID = "tenantId";
     private static final String CUSTOMER_ID = "customerId";
+    private static final String SESSION_ID = "sessionId";
 
     private final JwtSettings settings;
 
@@ -70,39 +73,28 @@ public class JwtTokenFactory {
      * Factory method for issuing new JWT Tokens.
      */
     public AccessJwtToken createAccessJwtToken(SecurityUser securityUser) {
-        if (StringUtils.isBlank(securityUser.getEmail()))
-            throw new IllegalArgumentException("Cannot create JWT Token without username/email");
-
-        if (securityUser.getAuthority() == null)
+        if (securityUser.getAuthority() == null) {
             throw new IllegalArgumentException("User doesn't have any privileges");
+        }
 
         UserPrincipal principal = securityUser.getUserPrincipal();
-        String subject = principal.getValue();
-        Claims claims = Jwts.claims().setSubject(subject);
-        claims.put(SCOPES, securityUser.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList()));
-        claims.put(USER_ID, securityUser.getId().getId().toString());
-        claims.put(FIRST_NAME, securityUser.getFirstName());
-        claims.put(LAST_NAME, securityUser.getLastName());
-        claims.put(ENABLED, securityUser.isEnabled());
-        claims.put(IS_PUBLIC, principal.getType() == UserPrincipal.Type.PUBLIC_ID);
+
+        JwtBuilder jwtBuilder = setUpToken(securityUser, securityUser.getAuthorities().stream()
+                .map(GrantedAuthority::getAuthority).collect(Collectors.toList()), settings.getTokenExpirationTime());
+        jwtBuilder.claim(FIRST_NAME, securityUser.getFirstName())
+                .claim(LAST_NAME, securityUser.getLastName())
+                .claim(ENABLED, securityUser.isEnabled())
+                .claim(IS_PUBLIC, principal.getType() == UserPrincipal.Type.PUBLIC_ID);
         if (securityUser.getTenantId() != null) {
-            claims.put(TENANT_ID, securityUser.getTenantId().getId().toString());
+            jwtBuilder.claim(TENANT_ID, securityUser.getTenantId().getId().toString());
         }
         if (securityUser.getCustomerId() != null) {
-            claims.put(CUSTOMER_ID, securityUser.getCustomerId().getId().toString());
+            jwtBuilder.claim(CUSTOMER_ID, securityUser.getCustomerId().getId().toString());
         }
 
-        ZonedDateTime currentTime = ZonedDateTime.now();
+        String token = jwtBuilder.compact();
 
-        String token = Jwts.builder()
-                .setClaims(claims)
-                .setIssuer(settings.getTokenIssuer())
-                .setIssuedAt(Date.from(currentTime.toInstant()))
-                .setExpiration(Date.from(currentTime.plusSeconds(settings.getTokenExpirationTime()).toInstant()))
-                .signWith(SignatureAlgorithm.HS512, settings.getTokenSigningKey())
-                .compact();
-
-        return new AccessJwtToken(token, claims);
+        return new AccessJwtToken(token);
     }
 
     public SecurityUser parseAccessJwtToken(RawAccessJwtToken rawAccessToken) {
@@ -118,47 +110,40 @@ public class JwtTokenFactory {
         SecurityUser securityUser = new SecurityUser(new UserId(UUID.fromString(claims.get(USER_ID, String.class))));
         securityUser.setEmail(subject);
         securityUser.setAuthority(Authority.parse(scopes.get(0)));
-        securityUser.setFirstName(claims.get(FIRST_NAME, String.class));
-        securityUser.setLastName(claims.get(LAST_NAME, String.class));
-        securityUser.setEnabled(claims.get(ENABLED, Boolean.class));
-        boolean isPublic = claims.get(IS_PUBLIC, Boolean.class);
-        UserPrincipal principal = new UserPrincipal(isPublic ? UserPrincipal.Type.PUBLIC_ID : UserPrincipal.Type.USER_NAME, subject);
-        securityUser.setUserPrincipal(principal);
         String tenantId = claims.get(TENANT_ID, String.class);
         if (tenantId != null) {
             securityUser.setTenantId(TenantId.fromUUID(UUID.fromString(tenantId)));
+        } else if (securityUser.getAuthority() == Authority.SYS_ADMIN) {
+            securityUser.setTenantId(TenantId.SYS_TENANT_ID);
         }
-        String customerId = claims.get(CUSTOMER_ID, String.class);
-        if (customerId != null) {
-            securityUser.setCustomerId(new CustomerId(UUID.fromString(customerId)));
+        securityUser.setSessionId(claims.get(SESSION_ID, String.class));
+
+        if (securityUser.getAuthority() != Authority.PRE_VERIFICATION_TOKEN) {
+            securityUser.setFirstName(claims.get(FIRST_NAME, String.class));
+            securityUser.setLastName(claims.get(LAST_NAME, String.class));
+            securityUser.setEnabled(claims.get(ENABLED, Boolean.class));
+            boolean isPublic = claims.get(IS_PUBLIC, Boolean.class);
+            UserPrincipal principal = new UserPrincipal(isPublic ? UserPrincipal.Type.PUBLIC_ID : UserPrincipal.Type.USER_NAME, subject);
+            securityUser.setUserPrincipal(principal);
+            String customerId = claims.get(CUSTOMER_ID, String.class);
+            if (customerId != null) {
+                securityUser.setCustomerId(new CustomerId(UUID.fromString(customerId)));
+            }
+        } else {
+            securityUser.setUserPrincipal(new UserPrincipal(UserPrincipal.Type.USER_NAME, subject));
         }
 
         return securityUser;
     }
 
     public JwtToken createRefreshToken(SecurityUser securityUser) {
-        if (StringUtils.isBlank(securityUser.getEmail())) {
-            throw new IllegalArgumentException("Cannot create JWT Token without username/email");
-        }
-
-        ZonedDateTime currentTime = ZonedDateTime.now();
-
         UserPrincipal principal = securityUser.getUserPrincipal();
-        Claims claims = Jwts.claims().setSubject(principal.getValue());
-        claims.put(SCOPES, Collections.singletonList(Authority.REFRESH_TOKEN.name()));
-        claims.put(USER_ID, securityUser.getId().getId().toString());
-        claims.put(IS_PUBLIC, principal.getType() == UserPrincipal.Type.PUBLIC_ID);
 
-        String token = Jwts.builder()
-                .setClaims(claims)
-                .setIssuer(settings.getTokenIssuer())
-                .setId(UUID.randomUUID().toString())
-                .setIssuedAt(Date.from(currentTime.toInstant()))
-                .setExpiration(Date.from(currentTime.plusSeconds(settings.getRefreshTokenExpTime()).toInstant()))
-                .signWith(SignatureAlgorithm.HS512, settings.getTokenSigningKey())
-                .compact();
+        String token = setUpToken(securityUser, Collections.singletonList(Authority.REFRESH_TOKEN.name()), settings.getRefreshTokenExpTime())
+                .claim(IS_PUBLIC, principal.getType() == UserPrincipal.Type.PUBLIC_ID)
+                .setId(UUID.randomUUID().toString()).compact();
 
-        return new AccessJwtToken(token, claims);
+        return new AccessJwtToken(token);
     }
 
     public SecurityUser parseRefreshToken(RawAccessJwtToken rawAccessToken) {
@@ -177,9 +162,41 @@ public class JwtTokenFactory {
         UserPrincipal principal = new UserPrincipal(isPublic ? UserPrincipal.Type.PUBLIC_ID : UserPrincipal.Type.USER_NAME, subject);
         SecurityUser securityUser = new SecurityUser(new UserId(UUID.fromString(claims.get(USER_ID, String.class))));
         securityUser.setUserPrincipal(principal);
+        securityUser.setSessionId(claims.get(SESSION_ID, String.class));
         return securityUser;
     }
 
+    public JwtToken createPreVerificationToken(SecurityUser user) {
+        String token = setUpToken(user, Collections.singletonList(Authority.PRE_VERIFICATION_TOKEN.name()), settings.getPreVerificationTokenExpirationTime())
+                .claim(TENANT_ID, user.getTenantId().toString())
+                .compact();
+        return new AccessJwtToken(token);
+    }
+
+    private JwtBuilder setUpToken(SecurityUser securityUser, List<String> scopes, long expirationTime) {
+        if (StringUtils.isBlank(securityUser.getEmail())) {
+            throw new IllegalArgumentException("Cannot create JWT Token without username/email");
+        }
+
+        UserPrincipal principal = securityUser.getUserPrincipal();
+
+        Claims claims = Jwts.claims().setSubject(principal.getValue());
+        claims.put(USER_ID, securityUser.getId().getId().toString());
+        claims.put(SCOPES, scopes);
+        if (securityUser.getSessionId() != null) {
+            claims.put(SESSION_ID, securityUser.getSessionId());
+        }
+
+        ZonedDateTime currentTime = ZonedDateTime.now();
+
+        return Jwts.builder()
+                .setClaims(claims)
+                .setIssuer(settings.getTokenIssuer())
+                .setIssuedAt(Date.from(currentTime.toInstant()))
+                .setExpiration(Date.from(currentTime.plusSeconds(expirationTime).toInstant()))
+                .signWith(SignatureAlgorithm.HS512, settings.getTokenSigningKey());
+    }
+
     public Jws<Claims> parseTokenClaims(JwtToken token) {
         try {
             return Jwts.parser()
@@ -193,4 +210,11 @@ public class JwtTokenFactory {
             throw new JwtExpiredTokenException(token, "JWT Token expired", expiredEx);
         }
     }
+
+    public JwtTokenPair createTokenPair(SecurityUser securityUser) {
+        JwtToken accessToken = createAccessJwtToken(securityUser);
+        JwtToken refreshToken = createRefreshToken(securityUser);
+        return new JwtTokenPair(accessToken.getToken(), refreshToken.getToken());
+    }
+
 }
diff --git a/application/src/main/resources/thingsboard.yml b/application/src/main/resources/thingsboard.yml
index 51494484db..e79d8979ce 100644
--- a/application/src/main/resources/thingsboard.yml
+++ b/application/src/main/resources/thingsboard.yml
@@ -127,6 +127,8 @@ security:
   jwt:
     tokenExpirationTime: "${JWT_TOKEN_EXPIRATION_TIME:9000}" # Number of seconds (2.5 hours)
     refreshTokenExpTime: "${JWT_REFRESH_TOKEN_EXPIRATION_TIME:604800}" # Number of seconds (1 week)
+    # Number of seconds. Issued when 2FA is being used; valid only for checking 2FA verification code after which usual token pair is issued
+    preVerificationTokenExpirationTime: "${JWT_PRE_VERIFICATION_TOKEN_EXPIRATION_TIME:30}"
     tokenIssuer: "${JWT_TOKEN_ISSUER:thingsboard.io}"
     tokenSigningKey: "${JWT_TOKEN_SIGNING_KEY:thingsboardDefaultSigningKey}"
   # Enable/disable access to Tenant Administrators JWT token by System Administrator or Customer Users JWT token by Tenant Administrator
@@ -425,6 +427,9 @@ caffeine:
     edges:
       timeToLiveInMinutes: "${CACHE_SPECS_EDGES_TTL:1440}"
       maxSize: "${CACHE_SPECS_EDGES_MAX_SIZE:10000}"
+    twoFaVerificationCodes:
+      timeToLiveInMinutes: "1"
+      maxSize: "100000"
 
 redis:
   # standalone or cluster
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/Authority.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/Authority.java
index e30d481118..06efb4240b 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/Authority.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/Authority.java
@@ -16,11 +16,12 @@
 package org.thingsboard.server.common.data.security;
 
 public enum Authority {
-    
+
     SYS_ADMIN(0),
     TENANT_ADMIN(1),
     CUSTOMER_USER(2),
-    REFRESH_TOKEN(10);
+    REFRESH_TOKEN(10),
+    PRE_VERIFICATION_TOKEN(11);
 
     private int code;
 

From 9eb03950fa78215b3411d6e903568cdfc1b2a8fb Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Thu, 17 Mar 2022 18:49:08 +0200
Subject: [PATCH 03/92] 2FA: refactoring, tests

---
 .../server/controller/BaseController.java     |  20 ++
 .../controller/TwoFactorAuthController.java   |   7 +-
 .../auth/mfa/TwoFactorAuthService.java        |   5 +-
 .../impl/SmsTwoFactorAuthProvider.java        |  59 ++--
 ...RestAwareAuthenticationSuccessHandler.java |   3 +
 .../service/security/model/JwtTokenPair.java  |  10 +-
 .../src/main/resources/thingsboard.yml        |   4 +-
 .../server/controller/AbstractWebTest.java    |   4 +
 .../server/controller/TwoFactorAuthTest.java  | 256 ++++++++++++++++++
 .../controller/sql/TwoFactorAuthSqlTest.java  |  23 ++
 .../server/common/data/CacheConstants.java    |   1 +
 .../dao/service/ConstraintValidator.java      |   3 +-
 .../service/BaseOtaPackageServiceTest.java    |   2 +-
 13 files changed, 352 insertions(+), 45 deletions(-)
 create mode 100644 application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
 create mode 100644 application/src/test/java/org/thingsboard/server/controller/sql/TwoFactorAuthSqlTest.java

diff --git a/application/src/main/java/org/thingsboard/server/controller/BaseController.java b/application/src/main/java/org/thingsboard/server/controller/BaseController.java
index 3ed2d4a47d..6dee3b6114 100644
--- a/application/src/main/java/org/thingsboard/server/controller/BaseController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/BaseController.java
@@ -283,11 +283,31 @@ public abstract class BaseController {
     @Getter
     protected boolean edgesEnabled;
 
+    @ExceptionHandler(Exception.class)
+    public void handleControllerException(Exception e, HttpServletResponse response) {
+        ThingsboardException thingsboardException = handleException(e);
+        handleThingsboardException(thingsboardException, response);
+    }
+
     @ExceptionHandler(ThingsboardException.class)
     public void handleThingsboardException(ThingsboardException ex, HttpServletResponse response) {
         errorResponseHandler.handle(ex, response);
     }
 
+    /**
+     * @deprecated Exceptions that are not of {@link ThingsboardException} type
+     * are now caught and mapped to {@link ThingsboardException} by
+     * {@link ExceptionHandler} {@link BaseController#handleControllerException(Exception, HttpServletResponse)}
+     * which basically acts like the following boilerplate:
+     * {@code
+     *  try {
+     *      someExceptionThrowingMethod();
+     *  } catch (Exception e) {
+     *      throw handleException(e);
+     *  }
+     * }
+     * */
+    @Deprecated
     ThingsboardException handleException(Exception exception) {
         return handleException(exception, true);
     }
diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
index 1355337127..f0d50c2600 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@@ -30,6 +30,7 @@ import org.springframework.web.bind.annotation.RestController;
 import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.dao.service.ConstraintValidator;
 import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
 import org.thingsboard.server.service.security.auth.mfa.config.account.TotpTwoFactorAuthAccountConfig;
@@ -42,6 +43,9 @@ import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
 import javax.servlet.ServletOutputStream;
 import javax.servlet.http.HttpServletResponse;
 
+// FIXME: Swagger documentation
+// FIXME: tests for 2FA
+
 @RestController
 @RequestMapping("/api")
 @RequiredArgsConstructor
@@ -81,7 +85,7 @@ public class TwoFactorAuthController extends BaseController {
                 MatrixToImageWriter.writeToStream(qr, "PNG", outputStream);
             }
         }
-        response.setHeader("body", JacksonUtil.toString(config));
+        response.setHeader("config", JacksonUtil.toString(config));
     }
 
     @PostMapping("/2fa/account/config/submit")
@@ -91,6 +95,7 @@ public class TwoFactorAuthController extends BaseController {
 
         twoFactorAuthService.processByTwoFaProvider(user.getTenantId(), accountConfig.getProviderType(),
                 (provider, providerConfig) -> {
+                    ConstraintValidator.validateFields(accountConfig);
                     provider.prepareVerificationCode(user, providerConfig, accountConfig);
                 });
     }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
index 51d4af28fd..2b44fddeb5 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
@@ -46,6 +46,7 @@ import java.util.Collections;
 import java.util.EnumMap;
 import java.util.Map;
 import java.util.Optional;
+import java.util.concurrent.ExecutionException;
 import java.util.function.BiConsumer;
 import java.util.function.BiFunction;
 
@@ -144,7 +145,7 @@ public class TwoFactorAuthService {
     }
 
 
-    @SneakyThrows
+    @SneakyThrows({InterruptedException.class, ExecutionException.class})
     public Optional<TwoFactorAuthSettings> getTwoFaSettings(TenantId tenantId) {
         if (tenantId.equals(TenantId.SYS_TENANT_ID)) {
             return Optional.ofNullable(adminSettingsService.findAdminSettingsByKey(tenantId, TWO_FACTOR_AUTH_SETTINGS_KEY))
@@ -157,7 +158,7 @@ public class TwoFactorAuthService {
         }
     }
 
-    @SneakyThrows
+    @SneakyThrows({InterruptedException.class, ExecutionException.class})
     public void saveTwoFaSettings(TenantId tenantId, TwoFactorAuthSettings twoFactorAuthSettings) {
         ConstraintValidator.validateFields(twoFactorAuthSettings);
         if (tenantId.equals(TenantId.SYS_TENANT_ID)) {
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java
index 7d4a0b9ab7..2dda68899b 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java
@@ -15,18 +15,16 @@
  */
 package org.thingsboard.server.service.security.auth.mfa.provider.impl;
 
-import lombok.RequiredArgsConstructor;
+import lombok.Data;
 import lombok.SneakyThrows;
 import org.apache.commons.lang3.RandomStringUtils;
+import org.springframework.cache.Cache;
+import org.springframework.cache.CacheManager;
 import org.springframework.stereotype.Service;
 import org.thingsboard.rule.engine.api.SmsService;
 import org.thingsboard.rule.engine.api.util.TbNodeUtils;
+import org.thingsboard.server.common.data.CacheConstants;
 import org.thingsboard.server.common.data.User;
-import org.thingsboard.server.common.data.kv.BaseDeleteTsKvQuery;
-import org.thingsboard.server.common.data.kv.BasicTsKvEntry;
-import org.thingsboard.server.common.data.kv.StringDataEntry;
-import org.thingsboard.server.dao.service.ConstraintValidator;
-import org.thingsboard.server.dao.timeseries.TimeseriesService;
 import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.auth.mfa.config.account.SmsTwoFactorAuthAccountConfig;
 import org.thingsboard.server.service.security.auth.mfa.config.provider.SmsTwoFactorAuthProviderConfig;
@@ -34,16 +32,20 @@ import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthPr
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
-import java.util.Collections;
 import java.util.Map;
 
 @Service
-@RequiredArgsConstructor
 @TbCoreComponent
 public class SmsTwoFactorAuthProvider implements TwoFactorAuthProvider<SmsTwoFactorAuthProviderConfig, SmsTwoFactorAuthAccountConfig> {
 
     private final SmsService smsService;
-    private final TimeseriesService timeseriesService;
+    private final Cache verificationCodesCache;
+
+    public SmsTwoFactorAuthProvider(SmsService smsService, CacheManager cacheManager) {
+        this.smsService = smsService;
+        this.verificationCodesCache = cacheManager.getCache(CacheConstants.TWO_FA_VERIFICATION_CODES_CACHE);
+    }
+
 
     @Override
     public SmsTwoFactorAuthAccountConfig generateNewAccountConfig(User user, SmsTwoFactorAuthProviderConfig providerConfig) {
@@ -53,10 +55,8 @@ public class SmsTwoFactorAuthProvider implements TwoFactorAuthProvider<SmsTwoFac
     @Override
     @SneakyThrows // fixme
     public void prepareVerificationCode(SecurityUser user, SmsTwoFactorAuthProviderConfig providerConfig, SmsTwoFactorAuthAccountConfig accountConfig) {
-        ConstraintValidator.validateFields(accountConfig);
-
         String verificationCode = RandomStringUtils.randomNumeric(6);
-        saveVerificationCode(user, verificationCode);
+        verificationCodesCache.put(user.getSessionId(), new VerificationCode(System.currentTimeMillis(), verificationCode));
 
         String phoneNumber = accountConfig.getPhoneNumber();
 
@@ -71,40 +71,25 @@ public class SmsTwoFactorAuthProvider implements TwoFactorAuthProvider<SmsTwoFac
 
     @Override
     public boolean checkVerificationCode(SecurityUser user, String verificationCode, SmsTwoFactorAuthAccountConfig accountConfig) {
-        if (verificationCode.equals(getVerificationCode(user))) {
-            removeVerificationCode(user);
+        VerificationCode correctVerificationCode = verificationCodesCache.get(user.getSessionId(), VerificationCode.class);
+        if (correctVerificationCode != null && verificationCode.equals(correctVerificationCode.getValue())) {
+            verificationCodesCache.evict(user.getSessionId());
             return true;
         } else {
             return false;
         }
     }
 
-
-    @SneakyThrows
-    private void saveVerificationCode(SecurityUser user, String verificationCode) {
-        timeseriesService.save(user.getTenantId(), user.getId(),
-                new BasicTsKvEntry(System.currentTimeMillis(), new StringDataEntry("twoFaVerificationCode:" + user.getSessionId(), verificationCode))
-        ).get();
-    }
-
-    @SneakyThrows
-    private String getVerificationCode(SecurityUser user) {
-        return timeseriesService.findLatest(user.getTenantId(), user.getId(),
-                Collections.singletonList("twoFaVerificationCode:" + user.getSessionId())).get().stream().findFirst()
-                .map(codeTs -> codeTs.getStrValue().get())
-                .orElse(null);
-    }
-
-    private void removeVerificationCode(SecurityUser user) {
-        timeseriesService.remove(user.getTenantId(), user.getId(), Collections.singletonList(
-                new BaseDeleteTsKvQuery("twoFaVerificationCode:" + user.getSessionId(), 0, System.currentTimeMillis())
-        ));
-    }
-
-
     @Override
     public TwoFactorAuthProviderType getType() {
         return TwoFactorAuthProviderType.SMS;
     }
 
+
+    @Data
+    private static class VerificationCode {
+        private final long timestamp;
+        private final String value;
+    }
+
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
index ca2f15953a..bb5feb9af6 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
@@ -24,6 +24,7 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.web.WebAttributes;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.stereotype.Component;
+import org.thingsboard.server.common.data.security.Authority;
 import org.thingsboard.server.service.security.auth.jwt.RefreshTokenRepository;
 import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
 import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
@@ -53,6 +54,7 @@ public class RestAwareAuthenticationSuccessHandler implements AuthenticationSucc
 
         JwtTokenPair tokenPair;
 
+        // fixme: check if this handler is not called when token is refreshed
         Optional<TwoFactorAuthAccountConfig> twoFaAccountConfig = twoFactorAuthService.getTwoFaAccountConfig(securityUser.getTenantId(), securityUser.getId());
         if (twoFaAccountConfig.isPresent()) {
             try {
@@ -62,6 +64,7 @@ public class RestAwareAuthenticationSuccessHandler implements AuthenticationSucc
                         });
                 tokenPair = new JwtTokenPair();
                 tokenPair.setToken(tokenFactory.createPreVerificationToken(securityUser).getToken());
+                tokenPair.setScope(Authority.PRE_VERIFICATION_TOKEN);
             } catch (Exception e) {
                 log.error("Failed to process 2FA for user {}. Falling back to plain auth", securityUser.getId(), e);
                 tokenPair = tokenFactory.createTokenPair(securityUser);
diff --git a/application/src/main/java/org/thingsboard/server/service/security/model/JwtTokenPair.java b/application/src/main/java/org/thingsboard/server/service/security/model/JwtTokenPair.java
index 57964570c1..02e28cd885 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/model/JwtTokenPair.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/model/JwtTokenPair.java
@@ -20,10 +20,10 @@ import io.swagger.annotations.ApiModelProperty;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.NoArgsConstructor;
+import org.thingsboard.server.common.data.security.Authority;
 
 @ApiModel(value = "JWT Token Pair")
 @Data
-@AllArgsConstructor
 @NoArgsConstructor
 public class JwtTokenPair {
 
@@ -31,4 +31,12 @@ public class JwtTokenPair {
     private String token;
     @ApiModelProperty(position = 1, value = "The JWT Refresh Token. Used to get new JWT Access Token if old one has expired.", example = "AAB254FF67D..")
     private String refreshToken;
+
+    private Authority scope;
+
+    public JwtTokenPair(String token, String refreshToken) {
+        this.token = token;
+        this.refreshToken = refreshToken;
+    }
+
 }
diff --git a/application/src/main/resources/thingsboard.yml b/application/src/main/resources/thingsboard.yml
index e79d8979ce..ba6dc222ab 100644
--- a/application/src/main/resources/thingsboard.yml
+++ b/application/src/main/resources/thingsboard.yml
@@ -428,8 +428,8 @@ caffeine:
       timeToLiveInMinutes: "${CACHE_SPECS_EDGES_TTL:1440}"
       maxSize: "${CACHE_SPECS_EDGES_MAX_SIZE:10000}"
     twoFaVerificationCodes:
-      timeToLiveInMinutes: "1"
-      maxSize: "100000"
+      timeToLiveInMinutes: "${CACHE_SPECS_TWO_FA_VERIFICATION_CODES_TTL:1}"
+      maxSize: "${CACHE_SPECS_TWO_FA_VERIFICATION_CODES_MAX_SIZE:100000}"
 
 redis:
   # standalone or cluster
diff --git a/application/src/test/java/org/thingsboard/server/controller/AbstractWebTest.java b/application/src/test/java/org/thingsboard/server/controller/AbstractWebTest.java
index 6cbf5d82d0..32d55a71dd 100644
--- a/application/src/test/java/org/thingsboard/server/controller/AbstractWebTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/AbstractWebTest.java
@@ -584,6 +584,10 @@ public abstract class AbstractWebTest extends AbstractInMemoryStorageTest {
         return mapper.readerFor(type).readValue(content);
     }
 
+    protected String getErrorMessage(ResultActions result) throws Exception {
+        return readResponse(result, JsonNode.class).get("message").asText();
+    }
+
     public class IdComparator<D extends HasId> implements Comparator<D> {
         @Override
         public int compare(D o1, D o2) {
diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
new file mode 100644
index 0000000000..fcc2c8bcdf
--- /dev/null
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
@@ -0,0 +1,256 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.controller;
+
+import org.jboss.aerogear.security.otp.Totp;
+import org.jboss.aerogear.security.otp.api.Base32;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.boot.test.mock.mockito.SpyBean;
+import org.springframework.web.util.UriComponents;
+import org.springframework.web.util.UriComponentsBuilder;
+import org.thingsboard.rule.engine.api.SmsService;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
+import org.thingsboard.server.service.security.auth.mfa.config.account.SmsTwoFactorAuthAccountConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.account.TotpTwoFactorAuthAccountConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.provider.SmsTwoFactorAuthProviderConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.provider.TotpTwoFactorAuthProviderConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.provider.TwoFactorAuthProviderConfig;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.service.security.auth.mfa.provider.impl.TotpTwoFactorAuthProvider;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.stream.Collectors;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.argThat;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.verify;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+public abstract class TwoFactorAuthTest extends AbstractControllerTest {
+
+    @SpyBean
+    private TotpTwoFactorAuthProvider totpTwoFactorAuthProvider;
+    @MockBean
+    private SmsService smsService;
+
+    @Before
+    public void beforeEach() throws Exception {
+        loginSysAdmin();
+    }
+
+
+    @Test
+    public void testSaveTwoFaSettings() throws Exception {
+        loginSysAdmin();
+        testSaveTestTwoFaSettings();
+
+        loginTenantAdmin();
+        testSaveTestTwoFaSettings();
+    }
+
+    private void testSaveTestTwoFaSettings() throws Exception {
+        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = new TotpTwoFactorAuthProviderConfig();
+        totpTwoFaProviderConfig.setIssuerName("tb");
+        SmsTwoFactorAuthProviderConfig smsTwoFaProviderConfig = new SmsTwoFactorAuthProviderConfig();
+        smsTwoFaProviderConfig.setSmsVerificationMessageTemplate("${verificationCode}");
+
+        saveProvidersConfigs(totpTwoFaProviderConfig, smsTwoFaProviderConfig);
+
+        TwoFactorAuthSettings savedTwoFaSettings = readResponse(doGet("/api/2fa/settings").andExpect(status().isOk()), TwoFactorAuthSettings.class);
+
+        assertThat(savedTwoFaSettings.getProviders()).hasSize(2);
+        assertThat(savedTwoFaSettings.getProviders()).contains(totpTwoFaProviderConfig, smsTwoFaProviderConfig);
+    }
+
+    @Test
+    public void testSaveTotpTwoFaProviderConfig_validationError() throws Exception {
+        TotpTwoFactorAuthProviderConfig invalidTotpTwoFaProviderConfig = new TotpTwoFactorAuthProviderConfig();
+        invalidTotpTwoFaProviderConfig.setIssuerName("   ");
+
+        String errorResponse = saveTwoFaSettingsAndGetError(invalidTotpTwoFaProviderConfig);
+        assertThat(errorResponse).containsIgnoringCase("issuer name must not be blank");
+    }
+
+    @Test
+    public void testSaveSmsTwoFaProviderConfig_validationError() throws Exception {
+        SmsTwoFactorAuthProviderConfig invalidSmsTwoFaProviderConfig = new SmsTwoFactorAuthProviderConfig();
+        invalidSmsTwoFaProviderConfig.setSmsVerificationMessageTemplate("does not contain verification code");
+
+        String errorResponse = saveTwoFaSettingsAndGetError(invalidSmsTwoFaProviderConfig);
+        assertThat(errorResponse).containsIgnoringCase("must contain verification code");
+    }
+
+    private String saveTwoFaSettingsAndGetError(TwoFactorAuthProviderConfig invalidTwoFaProviderConfig) throws Exception {
+        TwoFactorAuthSettings twoFaSettings = new TwoFactorAuthSettings();
+        twoFaSettings.setProviders(Collections.singletonList(invalidTwoFaProviderConfig));
+
+        return getErrorMessage(doPost("/api/2fa/settings", twoFaSettings)
+                .andExpect(status().isBadRequest()));
+    }
+
+    @Test
+    public void testSaveTwoFaAccountConfig_providerNotConfigured() throws Exception {
+        configureSmsTwoFaProvider("${verificationCode}");
+
+        loginTenantAdmin();
+
+        TwoFactorAuthProviderType notConfiguredProviderType = TwoFactorAuthProviderType.TOTP;
+        String errorMessage = getErrorMessage(doPost("/api/2fa/account/config/generate?providerType=" + notConfiguredProviderType)
+                .andExpect(status().isBadRequest()));
+        assertThat(errorMessage).containsIgnoringCase("provider is not configured");
+
+        TotpTwoFactorAuthAccountConfig notConfiguredProviderAccountConfig = new TotpTwoFactorAuthAccountConfig();
+        notConfiguredProviderAccountConfig.setAuthUrl("aba");
+        errorMessage = getErrorMessage(doPost("/api/2fa/account/config/submit", notConfiguredProviderAccountConfig));
+        assertThat(errorMessage).containsIgnoringCase("provider is not configured");
+    }
+
+    @Test
+    public void testGenerateTotpTwoFaAccountConfig() throws Exception {
+        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = configureTotpTwoFaProvider();
+
+        loginTenantAdmin();
+
+        assertThat(readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), String.class)).isNullOrEmpty();
+        generateTotpTwoFaAccountConfig(totpTwoFaProviderConfig);
+    }
+
+    @Test
+    public void testSubmitTotpTwoFaAccountConfig() throws Exception {
+        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = configureTotpTwoFaProvider();
+
+        loginTenantAdmin();
+
+        TotpTwoFactorAuthAccountConfig generatedTotpTwoFaAccountConfig = generateTotpTwoFaAccountConfig(totpTwoFaProviderConfig);
+        doPost("/api/2fa/account/config/submit", generatedTotpTwoFaAccountConfig).andExpect(status().isOk());
+        verify(totpTwoFactorAuthProvider).prepareVerificationCode(argThat(user -> user.getEmail().equals(TENANT_ADMIN_EMAIL)),
+                eq(totpTwoFaProviderConfig), eq(generatedTotpTwoFaAccountConfig));
+    }
+
+    @Test
+    public void testVerifyAndSaveTotpTwoFaAccountConfig() throws Exception {
+        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = configureTotpTwoFaProvider();
+
+        loginTenantAdmin();
+
+        TotpTwoFactorAuthAccountConfig generatedTotpTwoFaAccountConfig = generateTotpTwoFaAccountConfig(totpTwoFaProviderConfig);
+
+        String secret = UriComponentsBuilder.fromUriString(generatedTotpTwoFaAccountConfig.getAuthUrl()).build()
+                .getQueryParams().getFirst("secret");
+        String correctVerificationCode = new Totp(secret).now();
+
+        doPost("/api/2fa/account/config?verificationCode=" + correctVerificationCode, generatedTotpTwoFaAccountConfig)
+                .andExpect(status().isOk());
+
+        TwoFactorAuthAccountConfig twoFaAccountConfig = readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), TwoFactorAuthAccountConfig.class);
+        assertThat(twoFaAccountConfig).isEqualTo(generatedTotpTwoFaAccountConfig);
+    }
+
+    @Test
+    public void testVerifyAndSaveTotpTwoFaAccountConfig_incorrectVerificationCode() throws Exception {
+        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = configureTotpTwoFaProvider();
+
+        loginTenantAdmin();
+
+        TotpTwoFactorAuthAccountConfig generatedTotpTwoFaAccountConfig = generateTotpTwoFaAccountConfig(totpTwoFaProviderConfig);
+
+        String incorrectVerificationCode = "100000";
+        String errorMessage = getErrorMessage(doPost("/api/2fa/account/config?verificationCode=" + incorrectVerificationCode, generatedTotpTwoFaAccountConfig)
+                .andExpect(status().isBadRequest()));
+
+        assertThat(errorMessage).containsIgnoringCase("verification code is incorrect");
+    }
+
+    private TotpTwoFactorAuthAccountConfig generateTotpTwoFaAccountConfig(TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig) throws Exception {
+        TwoFactorAuthAccountConfig generatedTwoFaAccountConfig = readResponse(doPost("/api/2fa/account/config/generate?providerType=TOTP")
+                .andExpect(status().isOk()), TwoFactorAuthAccountConfig.class);
+        assertThat(generatedTwoFaAccountConfig).isInstanceOf(TotpTwoFactorAuthAccountConfig.class);
+
+        assertThat(((TotpTwoFactorAuthAccountConfig) generatedTwoFaAccountConfig)).satisfies(accountConfig -> {
+            UriComponents otpAuthUrl = UriComponentsBuilder.fromUriString(accountConfig.getAuthUrl()).build();
+            assertThat(otpAuthUrl.getScheme()).isEqualTo("otpauth");
+            assertThat(otpAuthUrl.getHost()).isEqualTo("totp");
+            assertThat(otpAuthUrl.getQueryParams().getFirst("issuer")).isEqualTo(totpTwoFaProviderConfig.getIssuerName());
+            assertThat(otpAuthUrl.getPath()).isEqualTo("/%s:%s", totpTwoFaProviderConfig.getIssuerName(), TENANT_ADMIN_EMAIL);
+            assertThat(otpAuthUrl.getQueryParams().getFirst("secret")).satisfies(secretKey -> {
+                assertDoesNotThrow(() -> Base32.decode(secretKey));
+            });
+        });
+        return (TotpTwoFactorAuthAccountConfig) generatedTwoFaAccountConfig;
+    }
+
+
+    @Test
+    public void testGetTwoFaAccountConfig_whenProviderNotConfigured() throws Exception {
+        testVerifyAndSaveTotpTwoFaAccountConfig();
+        assertThat(readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()),
+                TotpTwoFactorAuthAccountConfig.class)).isNotNull();
+
+        loginSysAdmin();
+
+        saveProvidersConfigs();
+
+        assertThat(readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), String.class))
+                .isNullOrEmpty();
+    }
+
+//    @Test
+//    public void testSubmitSmsTwoFaAccountConfig() throws Exception {
+//        String verificationMessageTemplate = "Here is your verification code: ${verificationCode}";
+//        SmsTwoFactorAuthProviderConfig smsTwoFaProviderConfig = configureSmsTwoFaProvider(verificationMessageTemplate);
+//
+//        SmsTwoFactorAuthAccountConfig smsTwoFaAccountConfig = new SmsTwoFactorAuthAccountConfig();
+//        smsTwoFaAccountConfig.setPhoneNumber("+38054159785");
+//
+//        String verificationCode = ""; ?
+//
+//        verify(smsService).sendSms(eq(tenantId), any(), argThat(phoneNumbers -> {
+//            return phoneNumbers[0].equals(smsTwoFaAccountConfig.getPhoneNumber())
+//        }), eq("Here is your verification code: " + verificationCode));
+//    }
+
+
+
+    private TotpTwoFactorAuthProviderConfig configureTotpTwoFaProvider() throws Exception {
+        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = new TotpTwoFactorAuthProviderConfig();
+        totpTwoFaProviderConfig.setIssuerName("tb");
+
+        saveProvidersConfigs(totpTwoFaProviderConfig);
+        return totpTwoFaProviderConfig;
+    }
+
+    private SmsTwoFactorAuthProviderConfig configureSmsTwoFaProvider(String verificationMessageTemplate) throws Exception {
+        SmsTwoFactorAuthProviderConfig smsTwoFaProviderConfig = new SmsTwoFactorAuthProviderConfig();
+        smsTwoFaProviderConfig.setSmsVerificationMessageTemplate(verificationMessageTemplate);
+
+        saveProvidersConfigs(smsTwoFaProviderConfig);
+        return smsTwoFaProviderConfig;
+    }
+
+    private void saveProvidersConfigs(TwoFactorAuthProviderConfig... providerConfigs) throws Exception {
+        TwoFactorAuthSettings twoFaSettings = new TwoFactorAuthSettings();
+        twoFaSettings.setProviders(Arrays.stream(providerConfigs).collect(Collectors.toList()));
+        doPost("/api/2fa/settings", twoFaSettings).andExpect(status().isOk());
+    }
+
+}
diff --git a/application/src/test/java/org/thingsboard/server/controller/sql/TwoFactorAuthSqlTest.java b/application/src/test/java/org/thingsboard/server/controller/sql/TwoFactorAuthSqlTest.java
new file mode 100644
index 0000000000..62024fc64e
--- /dev/null
+++ b/application/src/test/java/org/thingsboard/server/controller/sql/TwoFactorAuthSqlTest.java
@@ -0,0 +1,23 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.controller.sql;
+
+import org.thingsboard.server.controller.TwoFactorAuthTest;
+import org.thingsboard.server.dao.service.DaoSqlTest;
+
+@DaoSqlTest
+public class TwoFactorAuthSqlTest extends TwoFactorAuthTest {
+}
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/CacheConstants.java b/common/data/src/main/java/org/thingsboard/server/common/data/CacheConstants.java
index 571af34086..49db7befd3 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/CacheConstants.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/CacheConstants.java
@@ -31,4 +31,5 @@ public class CacheConstants {
     public static final String TOKEN_OUTDATAGE_TIME_CACHE = "tokensOutdatageTime";
     public static final String OTA_PACKAGE_CACHE = "otaPackages";
     public static final String OTA_PACKAGE_DATA_CACHE = "otaPackagesData";
+    public static final String TWO_FA_VERIFICATION_CODES_CACHE = "twoFaVerificationCodes";
 }
diff --git a/dao/src/main/java/org/thingsboard/server/dao/service/ConstraintValidator.java b/dao/src/main/java/org/thingsboard/server/dao/service/ConstraintValidator.java
index da7537ae75..404eeb44cc 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/service/ConstraintValidator.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/service/ConstraintValidator.java
@@ -21,6 +21,7 @@ import org.hibernate.validator.HibernateValidatorConfiguration;
 import org.hibernate.validator.cfg.ConstraintMapping;
 import org.thingsboard.server.common.data.validation.Length;
 import org.thingsboard.server.common.data.validation.NoXss;
+import org.thingsboard.server.dao.exception.DataValidationException;
 
 import javax.validation.ConstraintViolation;
 import javax.validation.Validation;
@@ -46,7 +47,7 @@ public class ConstraintValidator {
                 .distinct()
                 .collect(Collectors.toList());
         if (!validationErrors.isEmpty()) {
-            throw new ValidationException(String.join(", ", validationErrors));
+            throw new DataValidationException("Validation error: " + String.join(", ", validationErrors));
         }
     }
 
diff --git a/dao/src/test/java/org/thingsboard/server/dao/service/BaseOtaPackageServiceTest.java b/dao/src/test/java/org/thingsboard/server/dao/service/BaseOtaPackageServiceTest.java
index d49594a955..b750d5f1c3 100644
--- a/dao/src/test/java/org/thingsboard/server/dao/service/BaseOtaPackageServiceTest.java
+++ b/dao/src/test/java/org/thingsboard/server/dao/service/BaseOtaPackageServiceTest.java
@@ -675,7 +675,7 @@ public abstract class BaseOtaPackageServiceTest extends AbstractServiceTest {
         firmwareInfo.setUrl(URL);
         firmwareInfo.setTenantId(tenantId);
 
-        thrown.expect(ValidationException.class);
+        thrown.expect(DataValidationException.class);
         thrown.expectMessage("length of title must be equal or less than 255");
 
         otaPackageService.saveOtaPackageInfo(firmwareInfo, true);

From b5afb32f569c88ec56a77a9359578d2f0bd36a0d Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Fri, 18 Mar 2022 11:05:17 +0200
Subject: [PATCH 04/92] 2FA: validation and error handling refactoring

---
 .../server/controller/BaseController.java     | 15 ++++++
 .../controller/TwoFactorAuthController.java   | 47 ++++++++++++++-----
 .../auth/mfa/TwoFactorAuthService.java        | 23 +++++----
 .../TotpTwoFactorAuthAccountConfig.java       |  2 +
 .../SmsTwoFactorAuthProviderConfig.java       |  2 +-
 .../TotpTwoFactorAuthProviderConfig.java      |  2 +-
 .../mfa/provider/TwoFactorAuthProvider.java   |  3 +-
 .../impl/SmsTwoFactorAuthProvider.java        |  4 +-
 .../auth/rest/RestAuthenticationProvider.java |  1 +
 ...RestAwareAuthenticationSuccessHandler.java | 33 ++++++++-----
 .../common/util/ThrowingBiConsumer.java       | 21 +++++++++
 ...eFunction.java => ThrowingBiFunction.java} |  4 +-
 .../common/util/ThrowingTripleConsumer.java   | 21 +++++++++
 .../common/util/ThrowingTripleFunction.java   | 21 +++++++++
 14 files changed, 159 insertions(+), 40 deletions(-)
 create mode 100644 common/util/src/main/java/org/thingsboard/common/util/ThrowingBiConsumer.java
 rename common/util/src/main/java/org/thingsboard/common/util/{TripleFunction.java => ThrowingBiFunction.java} (88%)
 create mode 100644 common/util/src/main/java/org/thingsboard/common/util/ThrowingTripleConsumer.java
 create mode 100644 common/util/src/main/java/org/thingsboard/common/util/ThrowingTripleFunction.java

diff --git a/application/src/main/java/org/thingsboard/server/controller/BaseController.java b/application/src/main/java/org/thingsboard/server/controller/BaseController.java
index 6dee3b6114..fdef4cbc0c 100644
--- a/application/src/main/java/org/thingsboard/server/controller/BaseController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/BaseController.java
@@ -23,9 +23,11 @@ import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.support.DefaultMessageSourceResolvable;
 import org.springframework.http.MediaType;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.bind.MethodArgumentNotValidException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.thingsboard.server.cluster.TbClusterService;
 import org.thingsboard.server.common.data.Customer;
@@ -145,6 +147,7 @@ import java.util.List;
 import java.util.Optional;
 import java.util.Set;
 import java.util.UUID;
+import java.util.stream.Collectors;
 
 import static org.thingsboard.server.controller.ControllerConstants.DEFAULT_PAGE_SIZE;
 import static org.thingsboard.server.controller.ControllerConstants.INCORRECT_TENANT_ID;
@@ -334,6 +337,18 @@ public abstract class BaseController {
         }
     }
 
+    /**
+     * Handles validation error for controller method arguments annotated with @{@link javax.validation.Valid}
+     * */
+    @ExceptionHandler(MethodArgumentNotValidException.class)
+    public void handleValidationError(MethodArgumentNotValidException e, HttpServletResponse response) {
+        String errorMessage = "Validation error: " + e.getBindingResult().getAllErrors().stream()
+                .map(DefaultMessageSourceResolvable::getDefaultMessage)
+                .collect(Collectors.joining(", "));
+        ThingsboardException thingsboardException = new ThingsboardException(errorMessage, ThingsboardErrorCode.BAD_REQUEST_PARAMS);
+        handleThingsboardException(thingsboardException, response);
+    }
+
     <T> T checkNotNull(T reference) throws ThingsboardException {
         return checkNotNull(reference, "Requested item wasn't found!");
     }
diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
index f0d50c2600..b6ad9626b1 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@@ -30,7 +30,7 @@ import org.springframework.web.bind.annotation.RestController;
 import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
-import org.thingsboard.server.dao.service.ConstraintValidator;
+import org.thingsboard.server.service.security.auth.TokenOutdatingService;
 import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
 import org.thingsboard.server.service.security.auth.mfa.config.account.TotpTwoFactorAuthAccountConfig;
@@ -42,10 +42,25 @@ import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
 
 import javax.servlet.ServletOutputStream;
 import javax.servlet.http.HttpServletResponse;
+import javax.validation.Valid;
 
-// FIXME: Swagger documentation
-// FIXME: tests for 2FA
-
+/*
+ *
+ * TODO [viacheslav]:
+ *  - 2FA should be mandatory when logging in and must be rolled out to all existing users when 2FA is activated.
+ *  - Rate limits should be implemented to protect against brute force leaked accounts to prevent SMS cost explosion.
+ *  - Configurable softlock after XX (3) attempts: XX (15) mins
+ *  - Configurable hardlock (user blocking) after a total of XX (10) unsuccessful attempts.
+ *  - The OTP token should only be valid for XX (5) minutes.
+ *  - Disable 2FA only possible after successful 2FA auth - it is possible with simple password resest
+ *  - 2FA entries should be secured against code injection by code validation.
+ *  - Email 2FA provider
+ *
+ * FIXME [viacheslav]:
+ *  - Tests for 2FA
+ *  - Swagger documentation
+ *
+ * */
 @RestController
 @RequestMapping("/api")
 @RequiredArgsConstructor
@@ -65,7 +80,7 @@ public class TwoFactorAuthController extends BaseController {
 
     @PostMapping("/2fa/account/config/generate")
     @PreAuthorize("isAuthenticated()")
-    public TwoFactorAuthAccountConfig generateTwoFactorAuthAccountConfig(@RequestParam TwoFactorAuthProviderType providerType) throws ThingsboardException {
+    public TwoFactorAuthAccountConfig generateTwoFactorAuthAccountConfig(@RequestParam TwoFactorAuthProviderType providerType) throws Exception {
         SecurityUser user = getCurrentUser();
 
         return twoFactorAuthService.processByTwoFaProvider(user.getTenantId(), providerType,
@@ -90,20 +105,19 @@ public class TwoFactorAuthController extends BaseController {
 
     @PostMapping("/2fa/account/config/submit")
     @PreAuthorize("isAuthenticated()")
-    public void submitTwoFactorAuthAccountConfig(@RequestBody TwoFactorAuthAccountConfig accountConfig) throws ThingsboardException {
+    public void submitTwoFactorAuthAccountConfig(@Valid @RequestBody TwoFactorAuthAccountConfig accountConfig) throws Exception {
         SecurityUser user = getCurrentUser();
 
         twoFactorAuthService.processByTwoFaProvider(user.getTenantId(), accountConfig.getProviderType(),
                 (provider, providerConfig) -> {
-                    ConstraintValidator.validateFields(accountConfig);
                     provider.prepareVerificationCode(user, providerConfig, accountConfig);
                 });
     }
 
     @PostMapping("/2fa/account/config")
     @PreAuthorize("isAuthenticated()")
-    public void verifyAndSaveTwoFactorAuthAccountConfig(@RequestBody TwoFactorAuthAccountConfig accountConfig,
-                                                        @RequestParam String verificationCode) throws ThingsboardException {
+    public void verifyAndSaveTwoFactorAuthAccountConfig(@Valid @RequestBody TwoFactorAuthAccountConfig accountConfig,
+                                                        @RequestParam String verificationCode) throws Exception {
         SecurityUser user = getCurrentUser();
 
         boolean verificationSuccess = twoFactorAuthService.processByTwoFaProvider(user.getTenantId(), accountConfig.getProviderType(),
@@ -127,14 +141,14 @@ public class TwoFactorAuthController extends BaseController {
 
     @PostMapping("/2fa/settings")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
-    public void saveTwoFactorAuthSettings(@RequestBody TwoFactorAuthSettings twoFactorAuthSettings) throws ThingsboardException {
+    public void saveTwoFactorAuthSettings(@Valid @RequestBody TwoFactorAuthSettings twoFactorAuthSettings) throws ThingsboardException {
         twoFactorAuthService.saveTwoFaSettings(getTenantId(), twoFactorAuthSettings);
     }
 
 
     @PostMapping("/auth/2fa/verification/check")
     @PreAuthorize("hasAuthority('PRE_VERIFICATION_TOKEN')")
-    public JwtTokenPair checkTwoFaVerificationCode(@RequestParam String verificationCode) throws ThingsboardException {
+    public JwtTokenPair checkTwoFaVerificationCode(@RequestParam String verificationCode) throws Exception {
         SecurityUser user = getCurrentUser();
 
         boolean verificationSuccess = twoFactorAuthService.processByTwoFaProvider(user.getTenantId(), user.getId(),
@@ -149,4 +163,15 @@ public class TwoFactorAuthController extends BaseController {
         }
     }
 
+    @PostMapping("/auth/2fa/verification/resend")
+    @PreAuthorize("hasAuthority('PRE_VERIFICATION_TOKEN')")
+    public void resendTwoFaVerificationCode() throws Exception {
+        SecurityUser user = getCurrentUser();
+
+        twoFactorAuthService.processByTwoFaProvider(user.getTenantId(), user.getId(),
+                (provider, providerConfig, accountConfig) -> {
+                    provider.prepareVerificationCode(user, providerConfig, accountConfig);
+                });
+    }
+
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
index 2b44fddeb5..580a12ce44 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
@@ -21,7 +21,10 @@ import lombok.SneakyThrows;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.thingsboard.common.util.JacksonUtil;
-import org.thingsboard.common.util.TripleFunction;
+import org.thingsboard.common.util.ThrowingBiConsumer;
+import org.thingsboard.common.util.ThrowingBiFunction;
+import org.thingsboard.common.util.ThrowingTripleConsumer;
+import org.thingsboard.common.util.ThrowingTripleFunction;
 import org.thingsboard.server.common.data.AdminSettings;
 import org.thingsboard.server.common.data.DataConstants;
 import org.thingsboard.server.common.data.User;
@@ -32,7 +35,6 @@ import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.kv.BaseAttributeKvEntry;
 import org.thingsboard.server.common.data.kv.JsonDataEntry;
 import org.thingsboard.server.dao.attributes.AttributesService;
-import org.thingsboard.server.dao.service.ConstraintValidator;
 import org.thingsboard.server.dao.settings.AdminSettingsService;
 import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
@@ -47,8 +49,6 @@ import java.util.EnumMap;
 import java.util.Map;
 import java.util.Optional;
 import java.util.concurrent.ExecutionException;
-import java.util.function.BiConsumer;
-import java.util.function.BiFunction;
 
 @Service
 @RequiredArgsConstructor
@@ -81,7 +81,7 @@ public class TwoFactorAuthService {
     }
 
 
-    public <R> R processByTwoFaProvider(TenantId tenantId, TwoFactorAuthProviderType providerType, BiFunction<TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig>, TwoFactorAuthProviderConfig, R> function) throws ThingsboardException {
+    public <R> R processByTwoFaProvider(TenantId tenantId, TwoFactorAuthProviderType providerType, ThrowingBiFunction<TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig>, TwoFactorAuthProviderConfig, R> function) throws Exception {
         TwoFactorAuthProviderConfig providerConfig = getTwoFaProviderConfig(tenantId, providerType)
                 .orElseThrow(() -> new ThingsboardException("2FA provider is not configured", ThingsboardErrorCode.BAD_REQUEST_PARAMS));
         TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig> provider = getTwoFaProvider(providerType)
@@ -90,14 +90,14 @@ public class TwoFactorAuthService {
         return function.apply(provider, providerConfig);
     }
 
-    public void processByTwoFaProvider(TenantId tenantId, TwoFactorAuthProviderType providerType, BiConsumer<TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig>, TwoFactorAuthProviderConfig> function) throws ThingsboardException {
+    public void processByTwoFaProvider(TenantId tenantId, TwoFactorAuthProviderType providerType, ThrowingBiConsumer<TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig>, TwoFactorAuthProviderConfig> function) throws Exception {
         processByTwoFaProvider(tenantId, providerType, (provider, providerConfig) -> {
             function.accept(provider, providerConfig);
             return null;
         });
     }
 
-    public <R> R processByTwoFaProvider(TenantId tenantId, UserId userId, TripleFunction<TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig>, TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig, R> function) throws ThingsboardException {
+    public <R> R processByTwoFaProvider(TenantId tenantId, UserId userId, ThrowingTripleFunction<TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig>, TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig, R> function) throws Exception {
         TwoFactorAuthAccountConfig accountConfig = getTwoFaAccountConfig(tenantId, userId)
                 .orElseThrow(() -> new ThingsboardException("2FA is not configured for user", ThingsboardErrorCode.BAD_REQUEST_PARAMS));
 
@@ -109,6 +109,13 @@ public class TwoFactorAuthService {
         return function.apply(provider, providerConfig, accountConfig);
     }
 
+    public void processByTwoFaProvider(TenantId tenantId, UserId userId, ThrowingTripleConsumer<TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig>, TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig> function) throws Exception {
+        processByTwoFaProvider(tenantId, userId, (provider, providerConfig, accountConfig) -> {
+            function.accept(provider, providerConfig, accountConfig);
+            return null;
+        });
+    }
+
 
     public Optional<TwoFactorAuthAccountConfig> getTwoFaAccountConfig(TenantId tenantId, UserId userId) {
         User user = userService.findUserById(tenantId, userId);
@@ -121,7 +128,6 @@ public class TwoFactorAuthService {
     }
 
     public void saveTwoFaAccountConfig(TenantId tenantId, UserId userId, TwoFactorAuthAccountConfig accountConfig) throws ThingsboardException {
-        ConstraintValidator.validateFields(accountConfig);
         getTwoFaProviderConfig(tenantId, accountConfig.getProviderType())
                 .orElseThrow(() -> new ThingsboardException("2FA provider is not configured", ThingsboardErrorCode.BAD_REQUEST_PARAMS));
 
@@ -160,7 +166,6 @@ public class TwoFactorAuthService {
 
     @SneakyThrows({InterruptedException.class, ExecutionException.class})
     public void saveTwoFaSettings(TenantId tenantId, TwoFactorAuthSettings twoFactorAuthSettings) {
-        ConstraintValidator.validateFields(twoFactorAuthSettings);
         if (tenantId.equals(TenantId.SYS_TENANT_ID)) {
             AdminSettings settings = Optional.ofNullable(adminSettingsService.findAdminSettingsByKey(tenantId, TWO_FACTOR_AUTH_SETTINGS_KEY))
                     .orElseGet(() -> {
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TotpTwoFactorAuthAccountConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TotpTwoFactorAuthAccountConfig.java
index a48cf162a0..78ab4cf80b 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TotpTwoFactorAuthAccountConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TotpTwoFactorAuthAccountConfig.java
@@ -19,11 +19,13 @@ import lombok.Data;
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
 
 import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.Pattern;
 
 @Data
 public class TotpTwoFactorAuthAccountConfig implements TwoFactorAuthAccountConfig {
 
     @NotBlank
+//    @Pattern(regexp = ) // TODO [viacheslav]: validate otp auth url by pattern
     private String authUrl;
 
     @Override
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java
index a036e47574..2d15a07ad1 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java
@@ -25,7 +25,7 @@ import javax.validation.constraints.Pattern;
 public class SmsTwoFactorAuthProviderConfig implements TwoFactorAuthProviderConfig {
 
     @NotBlank
-    @Pattern(regexp = ".*\\$\\{verificationCode}.*", message = "Template must contain verification code")
+    @Pattern(regexp = ".*\\$\\{verificationCode}.*", message = "template must contain verification code")
     private String smsVerificationMessageTemplate;
 
     @Override
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TotpTwoFactorAuthProviderConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TotpTwoFactorAuthProviderConfig.java
index 2d6cc5ddf5..e1604bb618 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TotpTwoFactorAuthProviderConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TotpTwoFactorAuthProviderConfig.java
@@ -23,7 +23,7 @@ import javax.validation.constraints.NotBlank;
 @Data
 public class TotpTwoFactorAuthProviderConfig implements TwoFactorAuthProviderConfig {
 
-    @NotBlank(message = "Issuer name must not be blank")
+    @NotBlank(message = "issuer name must not be blank")
     private String issuerName;
 
     @Override
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProvider.java
index 82122a9163..011404268c 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProvider.java
@@ -16,6 +16,7 @@
 package org.thingsboard.server.service.security.auth.mfa.provider;
 
 import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
 import org.thingsboard.server.service.security.auth.mfa.config.provider.TwoFactorAuthProviderConfig;
 import org.thingsboard.server.service.security.model.SecurityUser;
@@ -24,7 +25,7 @@ public interface TwoFactorAuthProvider<C extends TwoFactorAuthProviderConfig, A
 
     A generateNewAccountConfig(User user, C providerConfig);
 
-    default void prepareVerificationCode(SecurityUser user, C providerConfig, A accountConfig) {}
+    default void prepareVerificationCode(SecurityUser user, C providerConfig, A accountConfig) throws ThingsboardException {}
 
     boolean checkVerificationCode(SecurityUser user, String verificationCode, A accountConfig);
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java
index 2dda68899b..c4b51ab16a 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java
@@ -25,6 +25,7 @@ import org.thingsboard.rule.engine.api.SmsService;
 import org.thingsboard.rule.engine.api.util.TbNodeUtils;
 import org.thingsboard.server.common.data.CacheConstants;
 import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.auth.mfa.config.account.SmsTwoFactorAuthAccountConfig;
 import org.thingsboard.server.service.security.auth.mfa.config.provider.SmsTwoFactorAuthProviderConfig;
@@ -53,8 +54,7 @@ public class SmsTwoFactorAuthProvider implements TwoFactorAuthProvider<SmsTwoFac
     }
 
     @Override
-    @SneakyThrows // fixme
-    public void prepareVerificationCode(SecurityUser user, SmsTwoFactorAuthProviderConfig providerConfig, SmsTwoFactorAuthAccountConfig accountConfig) {
+    public void prepareVerificationCode(SecurityUser user, SmsTwoFactorAuthProviderConfig providerConfig, SmsTwoFactorAuthAccountConfig accountConfig) throws ThingsboardException {
         String verificationCode = RandomStringUtils.randomNumeric(6);
         verificationCodesCache.put(user.getSessionId(), new VerificationCode(System.currentTimeMillis(), verificationCode));
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
index 16e189c424..be85115af1 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
@@ -111,6 +111,7 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
                 throw new InsufficientAuthenticationException("User has no authority assigned");
 
             SecurityUser securityUser = new SecurityUser(user, userCredentials.isEnabled(), userPrincipal);
+            // FIXME [viacheslav]: must not yet log login action if 2FA is used !
             logLoginAction(user, authentication, ActionType.LOGIN, null);
             return new UsernamePasswordAuthenticationToken(securityUser, null, securityUser.getAuthorities());
         } catch (Exception e) {
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
index bb5feb9af6..343c7a23ba 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
@@ -20,12 +20,12 @@ import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.WebAttributes;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.stereotype.Component;
 import org.thingsboard.server.common.data.security.Authority;
-import org.thingsboard.server.service.security.auth.jwt.RefreshTokenRepository;
 import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
 import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
 import org.thingsboard.server.service.security.model.JwtTokenPair;
@@ -53,8 +53,22 @@ public class RestAwareAuthenticationSuccessHandler implements AuthenticationSucc
         SecurityUser securityUser = (SecurityUser) authentication.getPrincipal();
 
         JwtTokenPair tokenPair;
+        if (authentication instanceof UsernamePasswordAuthenticationToken) {
+            // TODO [viacheslav]: or maybe create another AuthenticationProvider and put it after rest authentication provider ?
+            tokenPair = processTwoFa(securityUser);
+        } else {
+            tokenPair = tokenFactory.createTokenPair(securityUser);
+        }
+
+        response.setStatus(HttpStatus.OK.value());
+        response.setContentType(MediaType.APPLICATION_JSON_VALUE);
+
+        mapper.writeValue(response.getWriter(), tokenPair);
+
+        clearAuthenticationAttributes(request);
+    }
 
-        // fixme: check if this handler is not called when token is refreshed
+    private JwtTokenPair processTwoFa(SecurityUser securityUser) {
         Optional<TwoFactorAuthAccountConfig> twoFaAccountConfig = twoFactorAuthService.getTwoFaAccountConfig(securityUser.getTenantId(), securityUser.getId());
         if (twoFaAccountConfig.isPresent()) {
             try {
@@ -62,23 +76,16 @@ public class RestAwareAuthenticationSuccessHandler implements AuthenticationSucc
                         (provider, providerConfig) -> {
                             provider.prepareVerificationCode(securityUser, providerConfig, twoFaAccountConfig.get());
                         });
-                tokenPair = new JwtTokenPair();
+                JwtTokenPair tokenPair = new JwtTokenPair();
                 tokenPair.setToken(tokenFactory.createPreVerificationToken(securityUser).getToken());
                 tokenPair.setScope(Authority.PRE_VERIFICATION_TOKEN);
+                return tokenPair;
             } catch (Exception e) {
+                // TODO [viacheslav]: write audit log
                 log.error("Failed to process 2FA for user {}. Falling back to plain auth", securityUser.getId(), e);
-                tokenPair = tokenFactory.createTokenPair(securityUser);
             }
-        } else {
-            tokenPair = tokenFactory.createTokenPair(securityUser);
         }
-
-        response.setStatus(HttpStatus.OK.value());
-        response.setContentType(MediaType.APPLICATION_JSON_VALUE);
-
-        mapper.writeValue(response.getWriter(), tokenPair);
-
-        clearAuthenticationAttributes(request);
+        return tokenFactory.createTokenPair(securityUser);
     }
 
     /**
diff --git a/common/util/src/main/java/org/thingsboard/common/util/ThrowingBiConsumer.java b/common/util/src/main/java/org/thingsboard/common/util/ThrowingBiConsumer.java
new file mode 100644
index 0000000000..269f9f75cb
--- /dev/null
+++ b/common/util/src/main/java/org/thingsboard/common/util/ThrowingBiConsumer.java
@@ -0,0 +1,21 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.common.util;
+
+@FunctionalInterface
+public interface ThrowingBiConsumer<A, B> {
+    void accept(A a, B b) throws Exception;
+}
diff --git a/common/util/src/main/java/org/thingsboard/common/util/TripleFunction.java b/common/util/src/main/java/org/thingsboard/common/util/ThrowingBiFunction.java
similarity index 88%
rename from common/util/src/main/java/org/thingsboard/common/util/TripleFunction.java
rename to common/util/src/main/java/org/thingsboard/common/util/ThrowingBiFunction.java
index 5134703cd3..32058df26e 100644
--- a/common/util/src/main/java/org/thingsboard/common/util/TripleFunction.java
+++ b/common/util/src/main/java/org/thingsboard/common/util/ThrowingBiFunction.java
@@ -16,6 +16,6 @@
 package org.thingsboard.common.util;
 
 @FunctionalInterface
-public interface TripleFunction<A, B, C, R> {
-    R apply(A a, B b, C c);
+public interface ThrowingBiFunction<A, B, R> {
+    R apply(A a, B b) throws Exception;
 }
diff --git a/common/util/src/main/java/org/thingsboard/common/util/ThrowingTripleConsumer.java b/common/util/src/main/java/org/thingsboard/common/util/ThrowingTripleConsumer.java
new file mode 100644
index 0000000000..5230da4863
--- /dev/null
+++ b/common/util/src/main/java/org/thingsboard/common/util/ThrowingTripleConsumer.java
@@ -0,0 +1,21 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.common.util;
+
+@FunctionalInterface
+public interface ThrowingTripleConsumer<A, B, C> {
+    void accept(A a, B b, C c) throws Exception;
+}
diff --git a/common/util/src/main/java/org/thingsboard/common/util/ThrowingTripleFunction.java b/common/util/src/main/java/org/thingsboard/common/util/ThrowingTripleFunction.java
new file mode 100644
index 0000000000..cade9d1717
--- /dev/null
+++ b/common/util/src/main/java/org/thingsboard/common/util/ThrowingTripleFunction.java
@@ -0,0 +1,21 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.common.util;
+
+@FunctionalInterface
+public interface ThrowingTripleFunction<A, B, C, R> {
+    R apply(A a, B b, C c) throws Exception;
+}

From 1a006285095750704e9a5e66b40f99f1442f4b51 Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Fri, 18 Mar 2022 18:08:45 +0200
Subject: [PATCH 05/92] Email 2FA provider, refactoring

---
 .../controller/TwoFactorAuthController.java   | 77 +++++++++++++------
 .../security/auth/MfaAuthenticationToken.java | 24 ++++++
 .../auth/mfa/TwoFactorAuthService.java        | 36 ++++-----
 .../mfa/config/TwoFactorAuthSettings.java     | 15 +++-
 .../EmailTwoFactorAuthAccountConfig.java      | 34 ++++++++
 .../OtpBasedTwoFactorAuthAccountConfig.java   | 19 +++++
 .../SmsTwoFactorAuthAccountConfig.java        |  4 +-
 .../EmailTwoFactorAuthProviderConfig.java     | 33 ++++++++
 .../OtpBasedTwoFactorAuthProviderConfig.java  | 23 ++++++
 .../SmsTwoFactorAuthProviderConfig.java       |  4 +-
 .../mfa/provider/TwoFactorAuthProvider.java   |  2 +-
 .../provider/TwoFactorAuthProviderType.java   |  3 +-
 .../impl/EmailTwoFactorAuthProvider.java      | 67 ++++++++++++++++
 .../impl/OtpBasedTwoFactorAuthProvider.java   | 70 +++++++++++++++++
 .../impl/SmsTwoFactorAuthProvider.java        | 40 ++--------
 .../impl/TotpTwoFactorAuthProvider.java       |  3 +-
 .../auth/rest/RestAuthenticationProvider.java | 31 +++++---
 ...RestAwareAuthenticationSuccessHandler.java | 42 +++-------
 .../security/model/token/JwtTokenFactory.java |  4 +-
 .../server/controller/TwoFactorAuthTest.java  |  3 +-
 20 files changed, 408 insertions(+), 126 deletions(-)
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/MfaAuthenticationToken.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/EmailTwoFactorAuthAccountConfig.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/OtpBasedTwoFactorAuthAccountConfig.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/EmailTwoFactorAuthProviderConfig.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/OtpBasedTwoFactorAuthProviderConfig.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFactorAuthProvider.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java

diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
index b6ad9626b1..bf8f2a7054 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@@ -28,9 +28,10 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 import org.thingsboard.common.util.JacksonUtil;
+import org.thingsboard.server.common.data.StringUtils;
 import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
-import org.thingsboard.server.service.security.auth.TokenOutdatingService;
+import org.thingsboard.server.common.msg.tools.TbRateLimits;
 import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
 import org.thingsboard.server.service.security.auth.mfa.config.account.TotpTwoFactorAuthAccountConfig;
@@ -43,24 +44,30 @@ import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
 import javax.servlet.ServletOutputStream;
 import javax.servlet.http.HttpServletResponse;
 import javax.validation.Valid;
+import java.util.HashMap;
+import java.util.Map;
 
 /*
  *
  * TODO [viacheslav]:
- *  - 2FA should be mandatory when logging in and must be rolled out to all existing users when 2FA is activated.
- *  - Rate limits should be implemented to protect against brute force leaked accounts to prevent SMS cost explosion.
- *  - Configurable softlock after XX (3) attempts: XX (15) mins
- *  - Configurable hardlock (user blocking) after a total of XX (10) unsuccessful attempts.
- *  - The OTP token should only be valid for XX (5) minutes.
- *  - Disable 2FA only possible after successful 2FA auth - it is possible with simple password resest
- *  - 2FA entries should be secured against code injection by code validation.
- *  - Email 2FA provider
+ *  - Configurable softlock after XX (3) attempts: XX (15) mins - on session level
+ *  - Configurable hardlock (user blocking) after a total of XX (10) unsuccessful attempts - on user level
  *
  * FIXME [viacheslav]:
  *  - Tests for 2FA
  *  - Swagger documentation
  *
  * */
+// TODO [viacheslav]: maybe get rid of sessionId concept..
+
+/*
+ *
+ *
+ * TODO (later):
+ *  - 2FA entries should be secured against code injection by code validation
+ *  - ability to force users to use 2FA (maybe on log in, do not give them token pair but to give temporary
+ *      token to configure 2FA account config); also will need to make users configure 2FA during activation and password setup...
+ * */
 @RestController
 @RequestMapping("/api")
 @RequiredArgsConstructor
@@ -122,7 +129,7 @@ public class TwoFactorAuthController extends BaseController {
 
         boolean verificationSuccess = twoFactorAuthService.processByTwoFaProvider(user.getTenantId(), accountConfig.getProviderType(),
                 (provider, providerConfig) -> {
-                    return provider.checkVerificationCode(user, verificationCode, accountConfig);
+                    return provider.checkVerificationCode(user, verificationCode, providerConfig, accountConfig);
                 });
 
         if (verificationSuccess) {
@@ -146,32 +153,58 @@ public class TwoFactorAuthController extends BaseController {
     }
 
 
+    private final Map<String, TbRateLimits> verificationCodeSendRateLimits = new HashMap<>();
+    private final Map<String, TbRateLimits> verificationCodeCheckRateLimits = new HashMap<>();
+
+    @PostMapping("/auth/2fa/verification/send")
+    @PreAuthorize("hasAuthority('PRE_VERIFICATION_TOKEN')")
+    public void sendTwoFaVerificationCode() throws Exception {
+        SecurityUser user = getCurrentUser();
+
+        TwoFactorAuthSettings twoFaSettings = twoFactorAuthService.getTwoFaSettings(user.getTenantId()).get();
+        if (StringUtils.isNotEmpty(twoFaSettings.getVerificationCodeSendRateLimit())) {
+            TbRateLimits rateLimits = verificationCodeSendRateLimits.computeIfAbsent(user.getSessionId(), sessionId -> {
+                return new TbRateLimits(twoFaSettings.getVerificationCodeSendRateLimit());
+            });
+            if (!rateLimits.tryConsume()) {
+                throw new ThingsboardException(ThingsboardErrorCode.TOO_MANY_REQUESTS);
+            }
+        }
+
+        twoFactorAuthService.processByTwoFaProvider(user.getTenantId(), user.getId(),
+                (provider, providerConfig, accountConfig) -> {
+                    provider.prepareVerificationCode(user, providerConfig, accountConfig);
+                });
+    }
+
     @PostMapping("/auth/2fa/verification/check")
     @PreAuthorize("hasAuthority('PRE_VERIFICATION_TOKEN')")
     public JwtTokenPair checkTwoFaVerificationCode(@RequestParam String verificationCode) throws Exception {
         SecurityUser user = getCurrentUser();
 
+
+
+        // FIXME [viacheslav]: rate limits for verification code check
         boolean verificationSuccess = twoFactorAuthService.processByTwoFaProvider(user.getTenantId(), user.getId(),
                 (provider, providerConfig, accountConfig) -> {
-                    return provider.checkVerificationCode(user, verificationCode, accountConfig);
+                    return provider.checkVerificationCode(user, verificationCode, providerConfig, accountConfig);
                 });
 
+
         if (verificationSuccess) {
             return tokenFactory.createTokenPair(user);
         } else {
+            TwoFactorAuthSettings twoFaSettings = twoFactorAuthService.getTwoFaSettings(user.getTenantId()).get();
+            if (StringUtils.isNotEmpty(twoFaSettings.getVerificationCodeSendRateLimit())) {
+                TbRateLimits rateLimits = verificationCodeSendRateLimits.computeIfAbsent(user.getSessionId(), sessionId -> {
+                    return new TbRateLimits(twoFaSettings.getVerificationCodeSendRateLimit());
+                });
+                if (!rateLimits.tryConsume()) {
+                    throw new ThingsboardException(ThingsboardErrorCode.TOO_MANY_REQUESTS);
+                }
+            }
             throw new ThingsboardException("Verification code is incorrect", ThingsboardErrorCode.AUTHENTICATION);
         }
     }
 
-    @PostMapping("/auth/2fa/verification/resend")
-    @PreAuthorize("hasAuthority('PRE_VERIFICATION_TOKEN')")
-    public void resendTwoFaVerificationCode() throws Exception {
-        SecurityUser user = getCurrentUser();
-
-        twoFactorAuthService.processByTwoFaProvider(user.getTenantId(), user.getId(),
-                (provider, providerConfig, accountConfig) -> {
-                    provider.prepareVerificationCode(user, providerConfig, accountConfig);
-                });
-    }
-
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/MfaAuthenticationToken.java b/application/src/main/java/org/thingsboard/server/service/security/auth/MfaAuthenticationToken.java
new file mode 100644
index 0000000000..8c70e69179
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/MfaAuthenticationToken.java
@@ -0,0 +1,24 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth;
+
+import org.thingsboard.server.service.security.model.SecurityUser;
+
+public class MfaAuthenticationToken extends AbstractJwtAuthenticationToken {
+    public MfaAuthenticationToken(SecurityUser securityUser) {
+        super(securityUser);
+    }
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
index 580a12ce44..501517ca88 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
@@ -63,24 +63,6 @@ public class TwoFactorAuthService {
     protected static final String TWO_FACTOR_AUTH_SETTINGS_KEY = "twoFaSettings";
 
 
-    @Autowired
-    private void setProviders(Collection<TwoFactorAuthProvider<?, ?>> providers) {
-        providers.forEach(provider -> {
-            this.providers.put(provider.getType(), provider);
-        });
-    }
-
-    private <A extends TwoFactorAuthAccountConfig, C extends TwoFactorAuthProviderConfig> Optional<TwoFactorAuthProvider<C, A>> getTwoFaProvider(TwoFactorAuthProviderType providerType) {
-        return Optional.of((TwoFactorAuthProvider<C, A>) providers.get(providerType));
-    }
-
-    private <C extends TwoFactorAuthProviderConfig> Optional<C> getTwoFaProviderConfig(TenantId tenantId, TwoFactorAuthProviderType providerType) {
-        return getTwoFaSettings(tenantId)
-                .flatMap(twoFaSettings -> twoFaSettings.getProviderConfig(providerType))
-                .map(providerConfig -> (C) providerConfig);
-    }
-
-
     public <R> R processByTwoFaProvider(TenantId tenantId, TwoFactorAuthProviderType providerType, ThrowingBiFunction<TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig>, TwoFactorAuthProviderConfig, R> function) throws Exception {
         TwoFactorAuthProviderConfig providerConfig = getTwoFaProviderConfig(tenantId, providerType)
                 .orElseThrow(() -> new ThingsboardException("2FA provider is not configured", ThingsboardErrorCode.BAD_REQUEST_PARAMS));
@@ -182,4 +164,22 @@ public class TwoFactorAuthService {
         }
     }
 
+
+    private <A extends TwoFactorAuthAccountConfig, C extends TwoFactorAuthProviderConfig> Optional<TwoFactorAuthProvider<C, A>> getTwoFaProvider(TwoFactorAuthProviderType providerType) {
+        return Optional.of((TwoFactorAuthProvider<C, A>) providers.get(providerType));
+    }
+
+    private <C extends TwoFactorAuthProviderConfig> Optional<C> getTwoFaProviderConfig(TenantId tenantId, TwoFactorAuthProviderType providerType) {
+        return getTwoFaSettings(tenantId)
+                .flatMap(twoFaSettings -> twoFaSettings.getProviderConfig(providerType))
+                .map(providerConfig -> (C) providerConfig);
+    }
+
+    @Autowired
+    private void setProviders(Collection<TwoFactorAuthProvider<?, ?>> providers) {
+        providers.forEach(provider -> {
+            this.providers.put(provider.getType(), provider);
+        });
+    }
+
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
index a0620ec96e..8b8927f721 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
@@ -16,20 +16,33 @@
 package org.thingsboard.server.service.security.auth.mfa.config;
 
 import lombok.Data;
+import org.checkerframework.checker.index.qual.NonNegative;
 import org.thingsboard.server.service.security.auth.mfa.config.provider.TwoFactorAuthProviderConfig;
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
 
 import javax.validation.Valid;
+import javax.validation.constraints.Min;
+import javax.validation.constraints.NotNull;
+import javax.validation.constraints.Pattern;
 import java.util.List;
 import java.util.Optional;
 
 @Data
 public class TwoFactorAuthSettings {
 
-    private boolean useSystemTwoFactorAuthSettings;
+    @NotNull
+    private Boolean useSystemTwoFactorAuthSettings;
     @Valid
     private List<TwoFactorAuthProviderConfig> providers;
 
+    @Pattern(regexp = "\\d+:\\d+")
+    private String verificationCodeSendRateLimit; // 1:60 - one time in a minute
+    @Pattern(regexp = "\\d+:\\d+")
+    private String verificationCodeCheckRateLimit; // soft lockout, on session level
+    @Min(0)
+    private Integer maxVerificationCodeSubmitAttemptsBeforeUserBlocking;
+
+
     public Optional<TwoFactorAuthProviderConfig> getProviderConfig(TwoFactorAuthProviderType providerType) {
         return Optional.ofNullable(providers)
                 .flatMap(providersConfigs -> providersConfigs.stream()
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/EmailTwoFactorAuthAccountConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/EmailTwoFactorAuthAccountConfig.java
new file mode 100644
index 0000000000..c18e4c41c1
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/EmailTwoFactorAuthAccountConfig.java
@@ -0,0 +1,34 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.mfa.config.account;
+
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+
+@EqualsAndHashCode(callSuper = true)
+@Data
+public class EmailTwoFactorAuthAccountConfig extends OtpBasedTwoFactorAuthAccountConfig {
+
+    private boolean useAccountEmail; // TODO [viacheslav]: validate
+    private String email;
+
+    @Override
+    public TwoFactorAuthProviderType getProviderType() {
+        return TwoFactorAuthProviderType.EMAIL;
+    }
+
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/OtpBasedTwoFactorAuthAccountConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/OtpBasedTwoFactorAuthAccountConfig.java
new file mode 100644
index 0000000000..80b832a831
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/OtpBasedTwoFactorAuthAccountConfig.java
@@ -0,0 +1,19 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.mfa.config.account;
+
+public abstract class OtpBasedTwoFactorAuthAccountConfig implements TwoFactorAuthAccountConfig {
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/SmsTwoFactorAuthAccountConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/SmsTwoFactorAuthAccountConfig.java
index 6f3ef06775..82e3760e35 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/SmsTwoFactorAuthAccountConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/SmsTwoFactorAuthAccountConfig.java
@@ -16,12 +16,14 @@
 package org.thingsboard.server.service.security.auth.mfa.config.account;
 
 import lombok.Data;
+import lombok.EqualsAndHashCode;
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
 
 import javax.validation.constraints.NotBlank;
 
+@EqualsAndHashCode(callSuper = true)
 @Data
-public class SmsTwoFactorAuthAccountConfig implements TwoFactorAuthAccountConfig {
+public class SmsTwoFactorAuthAccountConfig extends OtpBasedTwoFactorAuthAccountConfig {
 
     @NotBlank
     private String phoneNumber;
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/EmailTwoFactorAuthProviderConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/EmailTwoFactorAuthProviderConfig.java
new file mode 100644
index 0000000000..a782f73a68
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/EmailTwoFactorAuthProviderConfig.java
@@ -0,0 +1,33 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.mfa.config.provider;
+
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+
+@EqualsAndHashCode(callSuper = true)
+@Data
+public class EmailTwoFactorAuthProviderConfig extends OtpBasedTwoFactorAuthProviderConfig{
+
+    private String emailVerificationMessageTemplate; // FIXME [viacheslav]:
+
+    @Override
+    public TwoFactorAuthProviderType getProviderType() {
+        return TwoFactorAuthProviderType.EMAIL;
+    }
+
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/OtpBasedTwoFactorAuthProviderConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/OtpBasedTwoFactorAuthProviderConfig.java
new file mode 100644
index 0000000000..c7169def48
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/OtpBasedTwoFactorAuthProviderConfig.java
@@ -0,0 +1,23 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.mfa.config.provider;
+
+import lombok.Data;
+
+@Data
+public abstract class OtpBasedTwoFactorAuthProviderConfig implements TwoFactorAuthProviderConfig {
+    private Integer verificationCodeLifetime; // seconds
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java
index 2d15a07ad1..3fe9e77ce7 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java
@@ -16,13 +16,15 @@
 package org.thingsboard.server.service.security.auth.mfa.config.provider;
 
 import lombok.Data;
+import lombok.EqualsAndHashCode;
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
 
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.Pattern;
 
+@EqualsAndHashCode(callSuper = true)
 @Data
-public class SmsTwoFactorAuthProviderConfig implements TwoFactorAuthProviderConfig {
+public class SmsTwoFactorAuthProviderConfig extends OtpBasedTwoFactorAuthProviderConfig {
 
     @NotBlank
     @Pattern(regexp = ".*\\$\\{verificationCode}.*", message = "template must contain verification code")
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProvider.java
index 011404268c..858b5995f7 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProvider.java
@@ -27,7 +27,7 @@ public interface TwoFactorAuthProvider<C extends TwoFactorAuthProviderConfig, A
 
     default void prepareVerificationCode(SecurityUser user, C providerConfig, A accountConfig) throws ThingsboardException {}
 
-    boolean checkVerificationCode(SecurityUser user, String verificationCode, A accountConfig);
+    boolean checkVerificationCode(SecurityUser user, String verificationCode, C providerConfig, A accountConfig);
 
 
     TwoFactorAuthProviderType getType();
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProviderType.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProviderType.java
index 9a4a3672a7..4ddaf836e1 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProviderType.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProviderType.java
@@ -17,5 +17,6 @@ package org.thingsboard.server.service.security.auth.mfa.provider;
 
 public enum TwoFactorAuthProviderType {
     TOTP,
-    SMS
+    SMS,
+    EMAIL
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFactorAuthProvider.java
new file mode 100644
index 0000000000..aa34d5b2d6
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFactorAuthProvider.java
@@ -0,0 +1,67 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.mfa.provider.impl;
+
+import org.springframework.cache.CacheManager;
+import org.springframework.stereotype.Service;
+import org.thingsboard.rule.engine.api.MailService;
+import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.queue.util.TbCoreComponent;
+import org.thingsboard.server.service.security.auth.mfa.config.account.EmailTwoFactorAuthAccountConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.provider.EmailTwoFactorAuthProviderConfig;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.service.security.model.SecurityUser;
+
+@Service
+@TbCoreComponent
+public class EmailTwoFactorAuthProvider extends OtpBasedTwoFactorAuthProvider<EmailTwoFactorAuthProviderConfig, EmailTwoFactorAuthAccountConfig> {
+
+    private final MailService mailService;
+
+    protected EmailTwoFactorAuthProvider(CacheManager cacheManager, MailService mailService) {
+        super(cacheManager);
+        this.mailService = mailService;
+    }
+
+
+    @Override
+    public EmailTwoFactorAuthAccountConfig generateNewAccountConfig(User user, EmailTwoFactorAuthProviderConfig providerConfig) {
+        EmailTwoFactorAuthAccountConfig accountConfig = new EmailTwoFactorAuthAccountConfig();
+        accountConfig.setUseAccountEmail(true);
+        return accountConfig;
+    }
+
+    @Override
+    protected void sendVerificationCode(SecurityUser user, String verificationCode, EmailTwoFactorAuthProviderConfig providerConfig, EmailTwoFactorAuthAccountConfig accountConfig) throws ThingsboardException {
+        String email;
+        if (accountConfig.isUseAccountEmail()) {
+            email = user.getEmail();
+        } else {
+            email = accountConfig.getEmail();
+        }
+
+        // FIXME [viacheslav]: mail template for 2FA verification
+        mailService.sendEmail(user.getTenantId(), email, "subject", "");
+    }
+
+
+    @Override
+    public TwoFactorAuthProviderType getType() {
+        return TwoFactorAuthProviderType.EMAIL;
+    }
+
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java
new file mode 100644
index 0000000000..f8d07aedb2
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java
@@ -0,0 +1,70 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.mfa.provider.impl;
+
+import lombok.Data;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.springframework.cache.Cache;
+import org.springframework.cache.CacheManager;
+import org.thingsboard.server.common.data.CacheConstants;
+import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.service.security.auth.mfa.config.account.OtpBasedTwoFactorAuthAccountConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.provider.OtpBasedTwoFactorAuthProviderConfig;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProvider;
+import org.thingsboard.server.service.security.model.SecurityUser;
+
+import java.util.concurrent.TimeUnit;
+
+public abstract class OtpBasedTwoFactorAuthProvider<C extends OtpBasedTwoFactorAuthProviderConfig, A extends OtpBasedTwoFactorAuthAccountConfig> implements TwoFactorAuthProvider<C, A> {
+
+    private final Cache verificationCodesCache;
+
+    protected OtpBasedTwoFactorAuthProvider(CacheManager cacheManager) {
+        this.verificationCodesCache = cacheManager.getCache(CacheConstants.TWO_FA_VERIFICATION_CODES_CACHE);
+    }
+
+
+    @Override
+    public final void prepareVerificationCode(SecurityUser user, C providerConfig, A accountConfig) throws ThingsboardException {
+        String verificationCode = RandomStringUtils.randomNumeric(6);
+        verificationCodesCache.put(user.getSessionId(), new Otp(System.currentTimeMillis(), verificationCode));
+
+        sendVerificationCode(user, verificationCode, providerConfig, accountConfig);
+    }
+
+    protected abstract void sendVerificationCode(SecurityUser user, String verificationCode, C providerConfig, A accountConfig) throws ThingsboardException;
+
+
+    @Override
+    public final boolean checkVerificationCode(SecurityUser user, String verificationCode, C providerConfig, A accountConfig) {
+        Otp correctVerificationCode = verificationCodesCache.get(user.getSessionId(), Otp.class);
+        if (correctVerificationCode != null && verificationCode.equals(correctVerificationCode.getValue())) {
+            if (System.currentTimeMillis() - correctVerificationCode.getTimestamp() <= TimeUnit.SECONDS.toMillis(providerConfig.getVerificationCodeLifetime())) {
+                verificationCodesCache.evict(user.getSessionId());
+                return true;
+            }
+        }
+        return false;
+    }
+
+
+    @Data
+    private static class Otp {
+        private final long timestamp;
+        private final String value;
+    }
+
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java
index c4b51ab16a..e633a0afd1 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java
@@ -15,21 +15,15 @@
  */
 package org.thingsboard.server.service.security.auth.mfa.provider.impl;
 
-import lombok.Data;
-import lombok.SneakyThrows;
-import org.apache.commons.lang3.RandomStringUtils;
-import org.springframework.cache.Cache;
 import org.springframework.cache.CacheManager;
 import org.springframework.stereotype.Service;
 import org.thingsboard.rule.engine.api.SmsService;
 import org.thingsboard.rule.engine.api.util.TbNodeUtils;
-import org.thingsboard.server.common.data.CacheConstants;
 import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.auth.mfa.config.account.SmsTwoFactorAuthAccountConfig;
 import org.thingsboard.server.service.security.auth.mfa.config.provider.SmsTwoFactorAuthProviderConfig;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProvider;
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
@@ -37,14 +31,13 @@ import java.util.Map;
 
 @Service
 @TbCoreComponent
-public class SmsTwoFactorAuthProvider implements TwoFactorAuthProvider<SmsTwoFactorAuthProviderConfig, SmsTwoFactorAuthAccountConfig> {
+public class SmsTwoFactorAuthProvider extends OtpBasedTwoFactorAuthProvider<SmsTwoFactorAuthProviderConfig, SmsTwoFactorAuthAccountConfig> {
 
     private final SmsService smsService;
-    private final Cache verificationCodesCache;
 
     public SmsTwoFactorAuthProvider(SmsService smsService, CacheManager cacheManager) {
+        super(cacheManager);
         this.smsService = smsService;
-        this.verificationCodesCache = cacheManager.getCache(CacheConstants.TWO_FA_VERIFICATION_CODES_CACHE);
     }
 
 
@@ -54,42 +47,21 @@ public class SmsTwoFactorAuthProvider implements TwoFactorAuthProvider<SmsTwoFac
     }
 
     @Override
-    public void prepareVerificationCode(SecurityUser user, SmsTwoFactorAuthProviderConfig providerConfig, SmsTwoFactorAuthAccountConfig accountConfig) throws ThingsboardException {
-        String verificationCode = RandomStringUtils.randomNumeric(6);
-        verificationCodesCache.put(user.getSessionId(), new VerificationCode(System.currentTimeMillis(), verificationCode));
-
-        String phoneNumber = accountConfig.getPhoneNumber();
-
-        Map<String, String> data = Map.of(
+    protected void sendVerificationCode(SecurityUser user, String verificationCode, SmsTwoFactorAuthProviderConfig providerConfig, SmsTwoFactorAuthAccountConfig accountConfig) throws ThingsboardException {
+        Map<String, String> messageData = Map.of(
                 "verificationCode", verificationCode,
                 "userEmail", user.getEmail()
         );
-        String message = TbNodeUtils.processTemplate(providerConfig.getSmsVerificationMessageTemplate(), data);
+        String message = TbNodeUtils.processTemplate(providerConfig.getSmsVerificationMessageTemplate(), messageData);
+        String phoneNumber = accountConfig.getPhoneNumber();
 
         smsService.sendSms(user.getTenantId(), user.getCustomerId(), new String[]{phoneNumber}, message);
     }
 
-    @Override
-    public boolean checkVerificationCode(SecurityUser user, String verificationCode, SmsTwoFactorAuthAccountConfig accountConfig) {
-        VerificationCode correctVerificationCode = verificationCodesCache.get(user.getSessionId(), VerificationCode.class);
-        if (correctVerificationCode != null && verificationCode.equals(correctVerificationCode.getValue())) {
-            verificationCodesCache.evict(user.getSessionId());
-            return true;
-        } else {
-            return false;
-        }
-    }
 
     @Override
     public TwoFactorAuthProviderType getType() {
         return TwoFactorAuthProviderType.SMS;
     }
 
-
-    @Data
-    private static class VerificationCode {
-        private final long timestamp;
-        private final String value;
-    }
-
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFactorAuthProvider.java
index d7747521c1..65574fc760 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFactorAuthProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFactorAuthProvider.java
@@ -45,7 +45,7 @@ public class TotpTwoFactorAuthProvider implements TwoFactorAuthProvider<TotpTwoF
     }
 
     @Override
-    public final boolean checkVerificationCode(SecurityUser user, String verificationCode, TotpTwoFactorAuthAccountConfig accountConfig) {
+    public final boolean checkVerificationCode(SecurityUser user, String verificationCode, TotpTwoFactorAuthProviderConfig providerConfig, TotpTwoFactorAuthAccountConfig accountConfig) {
         String secretKey = UriComponentsBuilder.fromUriString(accountConfig.getAuthUrl()).build().getQueryParams().getFirst("secret");
         return new Totp(secretKey).verify(verificationCode);
     }
@@ -65,6 +65,7 @@ public class TotpTwoFactorAuthProvider implements TwoFactorAuthProvider<TotpTwoF
         return Base32.encode(RandomUtils.nextBytes(20));
     }
 
+
     @Override
     public TwoFactorAuthProviderType getType() {
         return TwoFactorAuthProviderType.TOTP;
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
index be85115af1..a9493a45c3 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
@@ -39,6 +39,8 @@ import org.thingsboard.server.common.data.security.UserCredentials;
 import org.thingsboard.server.dao.audit.AuditLogService;
 import org.thingsboard.server.dao.customer.CustomerService;
 import org.thingsboard.server.dao.user.UserService;
+import org.thingsboard.server.service.security.auth.MfaAuthenticationToken;
+import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.UserPrincipal;
 import org.thingsboard.server.service.security.system.SystemSecurityService;
@@ -55,16 +57,19 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
     private final UserService userService;
     private final CustomerService customerService;
     private final AuditLogService auditLogService;
+    private final TwoFactorAuthService twoFactorAuthService;
 
     @Autowired
     public RestAuthenticationProvider(final UserService userService,
                                       final CustomerService customerService,
                                       final SystemSecurityService systemSecurityService,
-                                      final AuditLogService auditLogService) {
+                                      final AuditLogService auditLogService,
+                                      TwoFactorAuthService twoFactorAuthService) {
         this.userService = userService;
         this.customerService = customerService;
         this.systemSecurityService = systemSecurityService;
         this.auditLogService = auditLogService;
+        this.twoFactorAuthService = twoFactorAuthService;
     }
 
     @Override
@@ -77,17 +82,24 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
         }
 
         UserPrincipal userPrincipal =  (UserPrincipal) principal;
+        SecurityUser securityUser;
         if (userPrincipal.getType() == UserPrincipal.Type.USER_NAME) {
             String username = userPrincipal.getValue();
             String password = (String) authentication.getCredentials();
-            return authenticateByUsernameAndPassword(authentication, userPrincipal, username, password);
+            securityUser = authenticateByUsernameAndPassword(authentication, userPrincipal, username, password);
+            if (twoFactorAuthService.getTwoFaAccountConfig(securityUser.getTenantId(), securityUser.getId()).isPresent()) {
+                return new MfaAuthenticationToken(securityUser);
+            }
+            logLoginAction((User) authentication.getPrincipal(), authentication, ActionType.LOGIN, null);
         } else {
             String publicId = userPrincipal.getValue();
-            return authenticateByPublicId(userPrincipal, publicId);
+            securityUser = authenticateByPublicId(userPrincipal, publicId);
         }
+
+        return new UsernamePasswordAuthenticationToken(securityUser, null, securityUser.getAuthorities());
     }
 
-    private Authentication authenticateByUsernameAndPassword(Authentication authentication, UserPrincipal userPrincipal, String username, String password) {
+    private SecurityUser authenticateByUsernameAndPassword(Authentication authentication, UserPrincipal userPrincipal, String username, String password) {
         User user = userService.findUserByEmail(TenantId.SYS_TENANT_ID, username);
         if (user == null) {
             throw new UsernameNotFoundException("User not found: " + username);
@@ -110,17 +122,14 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
             if (user.getAuthority() == null)
                 throw new InsufficientAuthenticationException("User has no authority assigned");
 
-            SecurityUser securityUser = new SecurityUser(user, userCredentials.isEnabled(), userPrincipal);
-            // FIXME [viacheslav]: must not yet log login action if 2FA is used !
-            logLoginAction(user, authentication, ActionType.LOGIN, null);
-            return new UsernamePasswordAuthenticationToken(securityUser, null, securityUser.getAuthorities());
+            return new SecurityUser(user, userCredentials.isEnabled(), userPrincipal);
         } catch (Exception e) {
             logLoginAction(user, authentication, ActionType.LOGIN, e);
             throw e;
         }
     }
 
-    private Authentication authenticateByPublicId(UserPrincipal userPrincipal, String publicId) {
+    private SecurityUser authenticateByPublicId(UserPrincipal userPrincipal, String publicId) {
         CustomerId customerId;
         try {
             customerId = new CustomerId(UUID.fromString(publicId));
@@ -142,9 +151,7 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
         user.setFirstName("Public");
         user.setLastName("Public");
 
-        SecurityUser securityUser = new SecurityUser(user, true, userPrincipal);
-
-        return new UsernamePasswordAuthenticationToken(securityUser, null, securityUser.getAuthorities());
+        return new SecurityUser(user, true, userPrincipal);
     }
 
     @Override
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
index 343c7a23ba..08587d8dee 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
@@ -20,14 +20,14 @@ import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.WebAttributes;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.stereotype.Component;
-import org.thingsboard.server.common.data.security.Authority;
+import org.thingsboard.server.service.security.auth.MfaAuthenticationToken;
+import org.thingsboard.server.service.security.auth.jwt.RefreshTokenRepository;
 import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
-import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
 import org.thingsboard.server.service.security.model.JwtTokenPair;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
@@ -37,7 +37,6 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import java.io.IOException;
-import java.util.Optional;
 
 @Component(value = "defaultAuthenticationSuccessHandler")
 @RequiredArgsConstructor
@@ -46,48 +45,31 @@ public class RestAwareAuthenticationSuccessHandler implements AuthenticationSucc
     private final ObjectMapper mapper;
     private final JwtTokenFactory tokenFactory;
     private final TwoFactorAuthService twoFactorAuthService;
+    private final RefreshTokenRepository refreshTokenRepository;
 
     @Override
     public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
                                         Authentication authentication) throws IOException, ServletException {
         SecurityUser securityUser = (SecurityUser) authentication.getPrincipal();
+        JwtTokenPair tokenPair = new JwtTokenPair();
 
-        JwtTokenPair tokenPair;
-        if (authentication instanceof UsernamePasswordAuthenticationToken) {
-            // TODO [viacheslav]: or maybe create another AuthenticationProvider and put it after rest authentication provider ?
-            tokenPair = processTwoFa(securityUser);
+        if (authentication instanceof MfaAuthenticationToken) {
+            TwoFactorAuthSettings twoFaSettings = twoFactorAuthService.getTwoFaSettings(securityUser.getTenantId()).get();
+            // FIXME [viacheslav]: define the logic: pre-verification token lifetime,
+            tokenPair.setToken(tokenFactory.createTwoFaPreVerificationToken(securityUser, ).getToken());
+            tokenPair.setRefreshToken(null);
         } else {
-            tokenPair = tokenFactory.createTokenPair(securityUser);
+            tokenPair.setToken(tokenFactory.createAccessJwtToken(securityUser).getToken());
+            tokenPair.setRefreshToken(refreshTokenRepository.requestRefreshToken(securityUser).getToken());
         }
 
         response.setStatus(HttpStatus.OK.value());
         response.setContentType(MediaType.APPLICATION_JSON_VALUE);
-
         mapper.writeValue(response.getWriter(), tokenPair);
 
         clearAuthenticationAttributes(request);
     }
 
-    private JwtTokenPair processTwoFa(SecurityUser securityUser) {
-        Optional<TwoFactorAuthAccountConfig> twoFaAccountConfig = twoFactorAuthService.getTwoFaAccountConfig(securityUser.getTenantId(), securityUser.getId());
-        if (twoFaAccountConfig.isPresent()) {
-            try {
-                twoFactorAuthService.processByTwoFaProvider(securityUser.getTenantId(), twoFaAccountConfig.get().getProviderType(),
-                        (provider, providerConfig) -> {
-                            provider.prepareVerificationCode(securityUser, providerConfig, twoFaAccountConfig.get());
-                        });
-                JwtTokenPair tokenPair = new JwtTokenPair();
-                tokenPair.setToken(tokenFactory.createPreVerificationToken(securityUser).getToken());
-                tokenPair.setScope(Authority.PRE_VERIFICATION_TOKEN);
-                return tokenPair;
-            } catch (Exception e) {
-                // TODO [viacheslav]: write audit log
-                log.error("Failed to process 2FA for user {}. Falling back to plain auth", securityUser.getId(), e);
-            }
-        }
-        return tokenFactory.createTokenPair(securityUser);
-    }
-
     /**
      * Removes temporary authentication-related data which may have been stored
      * in the session during the authentication process..
diff --git a/application/src/main/java/org/thingsboard/server/service/security/model/token/JwtTokenFactory.java b/application/src/main/java/org/thingsboard/server/service/security/model/token/JwtTokenFactory.java
index b2bc3add26..36f64b3566 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/model/token/JwtTokenFactory.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/model/token/JwtTokenFactory.java
@@ -166,8 +166,8 @@ public class JwtTokenFactory {
         return securityUser;
     }
 
-    public JwtToken createPreVerificationToken(SecurityUser user) {
-        String token = setUpToken(user, Collections.singletonList(Authority.PRE_VERIFICATION_TOKEN.name()), settings.getPreVerificationTokenExpirationTime())
+    public JwtToken createTwoFaPreVerificationToken(SecurityUser user, Integer expirationTime) {
+        String token = setUpToken(user, Collections.singletonList(Authority.PRE_VERIFICATION_TOKEN.name()), expirationTime)
                 .claim(TENANT_ID, user.getTenantId().toString())
                 .compact();
         return new AccessJwtToken(token);
diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
index fcc2c8bcdf..a12c7ec0e8 100644
--- a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
@@ -25,7 +25,6 @@ import org.springframework.web.util.UriComponents;
 import org.springframework.web.util.UriComponentsBuilder;
 import org.thingsboard.rule.engine.api.SmsService;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
-import org.thingsboard.server.service.security.auth.mfa.config.account.SmsTwoFactorAuthAccountConfig;
 import org.thingsboard.server.service.security.auth.mfa.config.account.TotpTwoFactorAuthAccountConfig;
 import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
 import org.thingsboard.server.service.security.auth.mfa.config.provider.SmsTwoFactorAuthProviderConfig;
@@ -40,12 +39,12 @@ import java.util.stream.Collectors;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
-import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.argThat;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.verify;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
+// TODO [viacheslav]: test sessionId
 public abstract class TwoFactorAuthTest extends AbstractControllerTest {
 
     @SpyBean

From 0c36d4809c0e4d4cf7c680d839b42f5ed4f8d42b Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Sat, 19 Mar 2022 19:34:45 +0200
Subject: [PATCH 06/92] 2FA: rate limiting, validation, refactoring

---
 .../config/RateLimitProcessingFilter.java     |   3 +
 .../TwoFactorAuthConfigController.java        | 124 +++++++++++++
 .../controller/TwoFactorAuthController.java   | 142 +--------------
 .../auth/mfa/DefaultTwoFactorAuthService.java | 151 ++++++++++++++++
 .../auth/mfa/TwoFactorAuthService.java        | 163 +-----------------
 .../DefaultTwoFactorAuthConfigManager.java    | 139 +++++++++++++++
 .../config/TwoFactorAuthConfigManager.java    |  41 +++++
 .../mfa/config/TwoFactorAuthSettings.java     |  20 ++-
 .../EmailTwoFactorAuthAccountConfig.java      |  13 +-
 .../SmsTwoFactorAuthAccountConfig.java        |   2 +
 .../account/TwoFactorAuthAccountConfig.java   |   6 +-
 .../OtpBasedTwoFactorAuthProviderConfig.java  |   7 +-
 .../provider/TwoFactorAuthProviderConfig.java |   7 +-
 .../impl/OtpBasedTwoFactorAuthProvider.java   |  14 +-
 .../auth/rest/RestAuthenticationProvider.java |  10 +-
 ...RestAwareAuthenticationSuccessHandler.java |  10 +-
 .../system/DefaultSystemSecurityService.java  |  54 ++++--
 .../system/SystemSecurityService.java         |   4 +
 .../server/controller/TwoFactorAuthTest.java  |   1 +
 .../server/dao/user/UserServiceImpl.java      |   2 +-
 20 files changed, 583 insertions(+), 330 deletions(-)
 create mode 100644 application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFactorAuthConfigManager.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthConfigManager.java

diff --git a/application/src/main/java/org/thingsboard/server/config/RateLimitProcessingFilter.java b/application/src/main/java/org/thingsboard/server/config/RateLimitProcessingFilter.java
index e2e6f8d982..2756b9a647 100644
--- a/application/src/main/java/org/thingsboard/server/config/RateLimitProcessingFilter.java
+++ b/application/src/main/java/org/thingsboard/server/config/RateLimitProcessingFilter.java
@@ -15,8 +15,11 @@
  */
 package org.thingsboard.server.config;
 
+import io.github.bucket4j.Bucket4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.cache.Cache;
+import org.springframework.cache.jcache.JCacheCacheManager;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java
new file mode 100644
index 0000000000..12f0824ff1
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java
@@ -0,0 +1,124 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.controller;
+
+import com.google.zxing.BarcodeFormat;
+import com.google.zxing.client.j2se.MatrixToImageWriter;
+import com.google.zxing.common.BitMatrix;
+import com.google.zxing.qrcode.QRCodeWriter;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+import org.thingsboard.common.util.JacksonUtil;
+import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
+import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
+import org.thingsboard.server.service.security.auth.mfa.config.account.TotpTwoFactorAuthAccountConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
+import org.thingsboard.server.service.security.model.SecurityUser;
+
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.HttpServletResponse;
+import javax.validation.Valid;
+
+@RestController
+@RequestMapping("/api/2fa")
+@RequiredArgsConstructor
+public class TwoFactorAuthConfigController extends BaseController {
+
+    private final TwoFactorAuthConfigManager twoFactorAuthConfigManager;
+    private final TwoFactorAuthService twoFactorAuthService;
+
+
+    @GetMapping("/account/config")
+    @PreAuthorize("isAuthenticated()")
+    public TwoFactorAuthAccountConfig getTwoFaAccountConfig() throws ThingsboardException {
+        SecurityUser user = getCurrentUser();
+        return twoFactorAuthConfigManager.getTwoFaAccountConfig(user.getTenantId(), user.getId()).orElse(null);
+    }
+
+    @PostMapping("/account/config/generate")
+    @PreAuthorize("isAuthenticated()")
+    public TwoFactorAuthAccountConfig generateTwoFaAccountConfig(@RequestParam TwoFactorAuthProviderType providerType) throws Exception {
+        SecurityUser user = getCurrentUser();
+        return twoFactorAuthService.generateNewAccountConfig(user, providerType);
+    }
+
+    /* TMP */
+    @PostMapping("/account/config/generate/qr")
+    @PreAuthorize("isAuthenticated()")
+    public void generateTwoFaAccountConfigWithQr(@RequestParam TwoFactorAuthProviderType providerType, HttpServletResponse response) throws Exception {
+        TwoFactorAuthAccountConfig config = generateTwoFaAccountConfig(providerType);
+        if (providerType == TwoFactorAuthProviderType.TOTP) {
+            BitMatrix qr = new QRCodeWriter().encode(((TotpTwoFactorAuthAccountConfig) config).getAuthUrl(), BarcodeFormat.QR_CODE, 200, 200);
+            try (ServletOutputStream outputStream = response.getOutputStream()) {
+                MatrixToImageWriter.writeToStream(qr, "PNG", outputStream);
+            }
+        }
+        response.setHeader("config", JacksonUtil.toString(config));
+    }
+    /* TMP */
+
+    @PostMapping("/account/config/submit")
+    @PreAuthorize("isAuthenticated()")
+    public void submitTwoFaAccountConfig(@Valid @RequestBody TwoFactorAuthAccountConfig accountConfig) throws Exception {
+        SecurityUser user = getCurrentUser();
+        twoFactorAuthService.prepareVerificationCode(user, accountConfig, false);
+    }
+
+    @PostMapping("/account/config")
+    @PreAuthorize("isAuthenticated()")
+    public void verifyAndSaveTwoFaAccountConfig(@Valid @RequestBody TwoFactorAuthAccountConfig accountConfig,
+                                                @RequestParam String verificationCode) throws Exception {
+        SecurityUser user = getCurrentUser();
+        boolean verificationSuccess = twoFactorAuthService.checkVerificationCode(user, verificationCode, accountConfig, false);
+        if (verificationSuccess) {
+            twoFactorAuthConfigManager.saveTwoFaAccountConfig(user.getTenantId(), user.getId(), accountConfig);
+        } else {
+            throw new ThingsboardException("Verification code is incorrect", ThingsboardErrorCode.INVALID_ARGUMENTS);
+        }
+    }
+
+    @DeleteMapping("/account/config")
+    @PreAuthorize("isAuthenticated()")
+    public void deleteTwoFactorAuthAccountConfig() throws ThingsboardException {
+        SecurityUser user = getCurrentUser();
+        twoFactorAuthConfigManager.deleteTwoFaAccountConfig(user.getTenantId(), user.getId());
+    }
+
+
+    @GetMapping("/settings")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
+    public TwoFactorAuthSettings getTwoFactorAuthSettings() throws ThingsboardException {
+        return twoFactorAuthConfigManager.getTwoFaSettings(getTenantId()).orElse(null);
+    }
+
+    @PostMapping("/settings")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
+    public void saveTwoFactorAuthSettings(@RequestBody TwoFactorAuthSettings twoFactorAuthSettings) throws ThingsboardException {
+        twoFactorAuthConfigManager.saveTwoFaSettings(getTenantId(), twoFactorAuthSettings);
+    }
+
+}
diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
index bf8f2a7054..58a7af3d7a 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@@ -15,42 +15,22 @@
  */
 package org.thingsboard.server.controller;
 
-import com.google.zxing.BarcodeFormat;
-import com.google.zxing.client.j2se.MatrixToImageWriter;
-import com.google.zxing.common.BitMatrix;
-import com.google.zxing.qrcode.QRCodeWriter;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
-import org.thingsboard.common.util.JacksonUtil;
-import org.thingsboard.server.common.data.StringUtils;
 import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
-import org.thingsboard.server.common.msg.tools.TbRateLimits;
 import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
-import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
-import org.thingsboard.server.service.security.auth.mfa.config.account.TotpTwoFactorAuthAccountConfig;
-import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
 import org.thingsboard.server.service.security.model.JwtTokenPair;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
 
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletResponse;
-import javax.validation.Valid;
-import java.util.HashMap;
-import java.util.Map;
-
 /*
  *
  * TODO [viacheslav]:
- *  - Configurable softlock after XX (3) attempts: XX (15) mins - on session level
  *  - Configurable hardlock (user blocking) after a total of XX (10) unsuccessful attempts - on user level
  *
  * FIXME [viacheslav]:
@@ -69,7 +49,7 @@ import java.util.Map;
  *      token to configure 2FA account config); also will need to make users configure 2FA during activation and password setup...
  * */
 @RestController
-@RequestMapping("/api")
+@RequestMapping("/api/auth/2fa")
 @RequiredArgsConstructor
 public class TwoFactorAuthController extends BaseController {
 
@@ -77,132 +57,22 @@ public class TwoFactorAuthController extends BaseController {
     private final JwtTokenFactory tokenFactory;
 
 
-    @GetMapping("/2fa/account/config")
-    @PreAuthorize("isAuthenticated()")
-    public TwoFactorAuthAccountConfig getTwoFactorAuthAccountConfig() throws ThingsboardException {
-        SecurityUser user = getCurrentUser();
-
-        return twoFactorAuthService.getTwoFaAccountConfig(user.getTenantId(), user.getId()).orElse(null);
-    }
-
-    @PostMapping("/2fa/account/config/generate")
-    @PreAuthorize("isAuthenticated()")
-    public TwoFactorAuthAccountConfig generateTwoFactorAuthAccountConfig(@RequestParam TwoFactorAuthProviderType providerType) throws Exception {
-        SecurityUser user = getCurrentUser();
-
-        return twoFactorAuthService.processByTwoFaProvider(user.getTenantId(), providerType,
-                (provider, providerConfig) -> {
-                    return provider.generateNewAccountConfig(user, providerConfig);
-                });
-    }
-
-    // temporary endpoint for testing purposes
-    @PostMapping("/2fa/account/config/generate/qr")
-    @PreAuthorize("isAuthenticated()")
-    public void generateTwoFactorAuthAccountConfigWithQr(@RequestParam TwoFactorAuthProviderType providerType, HttpServletResponse response) throws Exception {
-        TwoFactorAuthAccountConfig config = generateTwoFactorAuthAccountConfig(providerType);
-        if (providerType == TwoFactorAuthProviderType.TOTP) {
-            BitMatrix qr = new QRCodeWriter().encode(((TotpTwoFactorAuthAccountConfig) config).getAuthUrl(), BarcodeFormat.QR_CODE, 200, 200);
-            try (ServletOutputStream outputStream = response.getOutputStream()) {
-                MatrixToImageWriter.writeToStream(qr, "PNG", outputStream);
-            }
-        }
-        response.setHeader("config", JacksonUtil.toString(config));
-    }
-
-    @PostMapping("/2fa/account/config/submit")
-    @PreAuthorize("isAuthenticated()")
-    public void submitTwoFactorAuthAccountConfig(@Valid @RequestBody TwoFactorAuthAccountConfig accountConfig) throws Exception {
-        SecurityUser user = getCurrentUser();
-
-        twoFactorAuthService.processByTwoFaProvider(user.getTenantId(), accountConfig.getProviderType(),
-                (provider, providerConfig) -> {
-                    provider.prepareVerificationCode(user, providerConfig, accountConfig);
-                });
-    }
-
-    @PostMapping("/2fa/account/config")
-    @PreAuthorize("isAuthenticated()")
-    public void verifyAndSaveTwoFactorAuthAccountConfig(@Valid @RequestBody TwoFactorAuthAccountConfig accountConfig,
-                                                        @RequestParam String verificationCode) throws Exception {
-        SecurityUser user = getCurrentUser();
-
-        boolean verificationSuccess = twoFactorAuthService.processByTwoFaProvider(user.getTenantId(), accountConfig.getProviderType(),
-                (provider, providerConfig) -> {
-                    return provider.checkVerificationCode(user, verificationCode, providerConfig, accountConfig);
-                });
-
-        if (verificationSuccess) {
-            twoFactorAuthService.saveTwoFaAccountConfig(user.getTenantId(), user.getId(), accountConfig);
-        } else {
-            throw new ThingsboardException("Verification code is incorrect", ThingsboardErrorCode.INVALID_ARGUMENTS);
-        }
-    }
-
-
-    @GetMapping("/2fa/settings")
-    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
-    public TwoFactorAuthSettings getTwoFactorAuthSettings() throws ThingsboardException {
-        return twoFactorAuthService.getTwoFaSettings(getTenantId()).orElse(null);
-    }
-
-    @PostMapping("/2fa/settings")
-    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
-    public void saveTwoFactorAuthSettings(@Valid @RequestBody TwoFactorAuthSettings twoFactorAuthSettings) throws ThingsboardException {
-        twoFactorAuthService.saveTwoFaSettings(getTenantId(), twoFactorAuthSettings);
-    }
-
-
-    private final Map<String, TbRateLimits> verificationCodeSendRateLimits = new HashMap<>();
-    private final Map<String, TbRateLimits> verificationCodeCheckRateLimits = new HashMap<>();
-
-    @PostMapping("/auth/2fa/verification/send")
+    @PostMapping("/verification/send")
     @PreAuthorize("hasAuthority('PRE_VERIFICATION_TOKEN')")
     public void sendTwoFaVerificationCode() throws Exception {
         SecurityUser user = getCurrentUser();
-
-        TwoFactorAuthSettings twoFaSettings = twoFactorAuthService.getTwoFaSettings(user.getTenantId()).get();
-        if (StringUtils.isNotEmpty(twoFaSettings.getVerificationCodeSendRateLimit())) {
-            TbRateLimits rateLimits = verificationCodeSendRateLimits.computeIfAbsent(user.getSessionId(), sessionId -> {
-                return new TbRateLimits(twoFaSettings.getVerificationCodeSendRateLimit());
-            });
-            if (!rateLimits.tryConsume()) {
-                throw new ThingsboardException(ThingsboardErrorCode.TOO_MANY_REQUESTS);
-            }
-        }
-
-        twoFactorAuthService.processByTwoFaProvider(user.getTenantId(), user.getId(),
-                (provider, providerConfig, accountConfig) -> {
-                    provider.prepareVerificationCode(user, providerConfig, accountConfig);
-                });
+        twoFactorAuthService.prepareVerificationCode(user, true);
     }
 
-    @PostMapping("/auth/2fa/verification/check")
+    @PostMapping("/verification/check")
     @PreAuthorize("hasAuthority('PRE_VERIFICATION_TOKEN')")
     public JwtTokenPair checkTwoFaVerificationCode(@RequestParam String verificationCode) throws Exception {
         SecurityUser user = getCurrentUser();
-
-
-
-        // FIXME [viacheslav]: rate limits for verification code check
-        boolean verificationSuccess = twoFactorAuthService.processByTwoFaProvider(user.getTenantId(), user.getId(),
-                (provider, providerConfig, accountConfig) -> {
-                    return provider.checkVerificationCode(user, verificationCode, providerConfig, accountConfig);
-                });
-
-
+        boolean verificationSuccess = twoFactorAuthService.checkVerificationCode(user, verificationCode, true);
         if (verificationSuccess) {
+            // FIXME [viacheslav]: log login action
             return tokenFactory.createTokenPair(user);
         } else {
-            TwoFactorAuthSettings twoFaSettings = twoFactorAuthService.getTwoFaSettings(user.getTenantId()).get();
-            if (StringUtils.isNotEmpty(twoFaSettings.getVerificationCodeSendRateLimit())) {
-                TbRateLimits rateLimits = verificationCodeSendRateLimits.computeIfAbsent(user.getSessionId(), sessionId -> {
-                    return new TbRateLimits(twoFaSettings.getVerificationCodeSendRateLimit());
-                });
-                if (!rateLimits.tryConsume()) {
-                    throw new ThingsboardException(ThingsboardErrorCode.TOO_MANY_REQUESTS);
-                }
-            }
             throw new ThingsboardException("Verification code is incorrect", ThingsboardErrorCode.AUTHENTICATION);
         }
     }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
new file mode 100644
index 0000000000..e54a39951f
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
@@ -0,0 +1,151 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.mfa;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.thingsboard.server.common.data.StringUtils;
+import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
+import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.TenantId;
+import org.thingsboard.server.common.msg.tools.TbRateLimits;
+import org.thingsboard.server.dao.user.UserService;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
+import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.provider.TwoFactorAuthProviderConfig;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProvider;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.service.security.model.SecurityUser;
+import org.thingsboard.server.service.security.system.SystemSecurityService;
+
+import java.util.Collection;
+import java.util.EnumMap;
+import java.util.Map;
+import java.util.Optional;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+
+@Service
+@RequiredArgsConstructor
+public class DefaultTwoFactorAuthService implements TwoFactorAuthService {
+
+    private final TwoFactorAuthConfigManager configManager;
+    private final SystemSecurityService systemSecurityService;
+    private final UserService userService;
+    private final Map<TwoFactorAuthProviderType, TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig>> providers = new EnumMap<>(TwoFactorAuthProviderType.class);
+
+    // FIXME [viacheslav]: remove from the map
+    // TODO [viacheslav]: these rate limits are local, and will work bad in the cluster
+    private final ConcurrentMap<String, TbRateLimits> verificationCodeSendingRateLimits = new ConcurrentHashMap<>();
+    private final ConcurrentMap<String, TbRateLimits> verificationCodeCheckingRateLimits = new ConcurrentHashMap<>();
+
+    private static final ThingsboardException ACCOUNT_NOT_CONFIGURED = new ThingsboardException("2FA is not configured for account", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
+    private static final ThingsboardException PROVIDER_NOT_CONFIGURED = new ThingsboardException("2FA provider is not configured", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
+    private static final ThingsboardException PROVIDER_NOT_AVAILABLE = new ThingsboardException("2FA provider is not available", ThingsboardErrorCode.GENERAL);
+
+
+    @Override
+    public void prepareVerificationCode(SecurityUser securityUser, boolean rateLimit) throws Exception {
+        TwoFactorAuthAccountConfig accountConfig = configManager.getTwoFaAccountConfig(securityUser.getTenantId(), securityUser.getId())
+                .orElseThrow(() -> ACCOUNT_NOT_CONFIGURED);
+        prepareVerificationCode(securityUser, accountConfig, rateLimit);
+    }
+
+    @Override
+    public void prepareVerificationCode(SecurityUser securityUser, TwoFactorAuthAccountConfig accountConfig, boolean rateLimit) throws ThingsboardException {
+        TwoFactorAuthSettings twoFaSettings = configManager.getTwoFaSettings(securityUser.getTenantId())
+                .orElseThrow(() -> PROVIDER_NOT_CONFIGURED);
+        if (rateLimit) {
+            if (StringUtils.isNotEmpty(twoFaSettings.getVerificationCodeSendRateLimit())) {
+                TbRateLimits rateLimits = verificationCodeSendingRateLimits.computeIfAbsent(securityUser.getSessionId(), sessionId -> {
+                    return new TbRateLimits(twoFaSettings.getVerificationCodeSendRateLimit());
+                });
+                if (!rateLimits.tryConsume()) {
+                    throw new ThingsboardException("Too many verification code sending requests", ThingsboardErrorCode.TOO_MANY_REQUESTS);
+                }
+            }
+        }
+
+        TwoFactorAuthProviderConfig providerConfig = twoFaSettings.getProviderConfig(accountConfig.getProviderType())
+                .orElseThrow(() -> PROVIDER_NOT_CONFIGURED);
+        getTwoFaProvider(accountConfig.getProviderType()).prepareVerificationCode(securityUser, providerConfig, accountConfig);
+    }
+
+    @Override
+    public boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, boolean rateLimit) throws ThingsboardException {
+        TwoFactorAuthAccountConfig accountConfig = configManager.getTwoFaAccountConfig(securityUser.getTenantId(), securityUser.getId())
+                .orElseThrow(() -> ACCOUNT_NOT_CONFIGURED);
+        return checkVerificationCode(securityUser, verificationCode, accountConfig, rateLimit);
+    }
+
+    @Override
+    public boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, TwoFactorAuthAccountConfig accountConfig, boolean rateLimit) throws ThingsboardException {
+        if (!userService.findUserCredentialsByUserId(securityUser.getTenantId(), securityUser.getId()).isEnabled()) {
+            throw new ThingsboardException("User is disabled", ThingsboardErrorCode.AUTHENTICATION);
+        }
+
+        TwoFactorAuthSettings twoFaSettings = configManager.getTwoFaSettings(securityUser.getTenantId())
+                .orElseThrow(() -> PROVIDER_NOT_CONFIGURED);
+        if (rateLimit) {
+            if (StringUtils.isNotEmpty(twoFaSettings.getVerificationCodeCheckRateLimit())) {
+                TbRateLimits rateLimits = verificationCodeCheckingRateLimits.computeIfAbsent(securityUser.getSessionId(), sessionId -> {
+                    return new TbRateLimits(twoFaSettings.getVerificationCodeCheckRateLimit());
+                });
+                if (!rateLimits.tryConsume()) {
+                    throw new ThingsboardException("Too many verification code checking requests", ThingsboardErrorCode.TOO_MANY_REQUESTS);
+                }
+            }
+        }
+
+        TwoFactorAuthProviderConfig providerConfig = twoFaSettings.getProviderConfig(accountConfig.getProviderType())
+                .orElseThrow(() -> PROVIDER_NOT_CONFIGURED);
+        boolean verificationSuccess = getTwoFaProvider(accountConfig.getProviderType()).checkVerificationCode(securityUser, verificationCode, providerConfig, accountConfig);
+        if (rateLimit) {
+            systemSecurityService.validateTwoFaVerification(securityUser.getTenantId(), securityUser.getId(), verificationSuccess, twoFaSettings);
+        }
+        return verificationSuccess;
+    }
+
+    @Override
+    public TwoFactorAuthAccountConfig generateNewAccountConfig(User user, TwoFactorAuthProviderType providerType) throws ThingsboardException {
+        TwoFactorAuthProviderConfig providerConfig = getTwoFaProviderConfig(user.getTenantId(), providerType);
+        return getTwoFaProvider(providerType).generateNewAccountConfig(user, providerConfig);
+    }
+
+
+    private TwoFactorAuthProviderConfig getTwoFaProviderConfig(TenantId tenantId, TwoFactorAuthProviderType providerType) throws ThingsboardException {
+        return configManager.getTwoFaSettings(tenantId)
+                .flatMap(twoFaSettings -> twoFaSettings.getProviderConfig(providerType))
+                .orElseThrow(() -> PROVIDER_NOT_CONFIGURED);
+    }
+
+    private TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig> getTwoFaProvider(TwoFactorAuthProviderType providerType) throws ThingsboardException {
+        return Optional.ofNullable(providers.get(providerType))
+                .orElseThrow(() -> PROVIDER_NOT_AVAILABLE);
+    }
+
+    @Autowired
+    private void setProviders(Collection<TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig>> providers) {
+        providers.forEach(provider -> {
+            this.providers.put(provider.getType(), provider);
+        });
+    }
+
+}
+
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
index 501517ca88..ec2511e62a 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
@@ -15,171 +15,22 @@
  */
 package org.thingsboard.server.service.security.auth.mfa;
 
-import com.fasterxml.jackson.databind.node.ObjectNode;
-import lombok.RequiredArgsConstructor;
-import lombok.SneakyThrows;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-import org.thingsboard.common.util.JacksonUtil;
-import org.thingsboard.common.util.ThrowingBiConsumer;
-import org.thingsboard.common.util.ThrowingBiFunction;
-import org.thingsboard.common.util.ThrowingTripleConsumer;
-import org.thingsboard.common.util.ThrowingTripleFunction;
-import org.thingsboard.server.common.data.AdminSettings;
-import org.thingsboard.server.common.data.DataConstants;
 import org.thingsboard.server.common.data.User;
-import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
-import org.thingsboard.server.common.data.id.TenantId;
-import org.thingsboard.server.common.data.id.UserId;
-import org.thingsboard.server.common.data.kv.BaseAttributeKvEntry;
-import org.thingsboard.server.common.data.kv.JsonDataEntry;
-import org.thingsboard.server.dao.attributes.AttributesService;
-import org.thingsboard.server.dao.settings.AdminSettingsService;
-import org.thingsboard.server.dao.user.UserService;
-import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
 import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
-import org.thingsboard.server.service.security.auth.mfa.config.provider.TwoFactorAuthProviderConfig;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProvider;
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.service.security.model.SecurityUser;
 
-import java.util.Collection;
-import java.util.Collections;
-import java.util.EnumMap;
-import java.util.Map;
-import java.util.Optional;
-import java.util.concurrent.ExecutionException;
+public interface TwoFactorAuthService {
 
-@Service
-@RequiredArgsConstructor
-public class TwoFactorAuthService {
+    void prepareVerificationCode(SecurityUser securityUser, boolean rateLimit) throws Exception;
 
-    private final UserService userService;
-    private final AdminSettingsService adminSettingsService;
-    private final AttributesService attributesService;
-    private final Map<TwoFactorAuthProviderType, TwoFactorAuthProvider<?, ?>> providers = new EnumMap<>(TwoFactorAuthProviderType.class);
+    void prepareVerificationCode(SecurityUser securityUser, TwoFactorAuthAccountConfig accountConfig, boolean rateLimit) throws ThingsboardException;
 
-    protected static final String TWO_FACTOR_AUTH_ACCOUNT_CONFIG_KEY = "twoFaConfig";
-    protected static final String TWO_FACTOR_AUTH_SETTINGS_KEY = "twoFaSettings";
+    boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, boolean rateLimit) throws ThingsboardException;
 
+    boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, TwoFactorAuthAccountConfig accountConfig, boolean rateLimit) throws ThingsboardException;
 
-    public <R> R processByTwoFaProvider(TenantId tenantId, TwoFactorAuthProviderType providerType, ThrowingBiFunction<TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig>, TwoFactorAuthProviderConfig, R> function) throws Exception {
-        TwoFactorAuthProviderConfig providerConfig = getTwoFaProviderConfig(tenantId, providerType)
-                .orElseThrow(() -> new ThingsboardException("2FA provider is not configured", ThingsboardErrorCode.BAD_REQUEST_PARAMS));
-        TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig> provider = getTwoFaProvider(providerType)
-                .orElseThrow(() -> new ThingsboardException("2FA provider is not available", ThingsboardErrorCode.ITEM_NOT_FOUND));
-
-        return function.apply(provider, providerConfig);
-    }
-
-    public void processByTwoFaProvider(TenantId tenantId, TwoFactorAuthProviderType providerType, ThrowingBiConsumer<TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig>, TwoFactorAuthProviderConfig> function) throws Exception {
-        processByTwoFaProvider(tenantId, providerType, (provider, providerConfig) -> {
-            function.accept(provider, providerConfig);
-            return null;
-        });
-    }
-
-    public <R> R processByTwoFaProvider(TenantId tenantId, UserId userId, ThrowingTripleFunction<TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig>, TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig, R> function) throws Exception {
-        TwoFactorAuthAccountConfig accountConfig = getTwoFaAccountConfig(tenantId, userId)
-                .orElseThrow(() -> new ThingsboardException("2FA is not configured for user", ThingsboardErrorCode.BAD_REQUEST_PARAMS));
-
-        TwoFactorAuthProviderConfig providerConfig = getTwoFaProviderConfig(tenantId, accountConfig.getProviderType())
-                .orElseThrow(() -> new ThingsboardException("2FA provider is not configured", ThingsboardErrorCode.BAD_REQUEST_PARAMS));
-        TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig> provider = getTwoFaProvider(accountConfig.getProviderType())
-                .orElseThrow(() -> new ThingsboardException("2FA provider is not available", ThingsboardErrorCode.ITEM_NOT_FOUND));
-
-        return function.apply(provider, providerConfig, accountConfig);
-    }
-
-    public void processByTwoFaProvider(TenantId tenantId, UserId userId, ThrowingTripleConsumer<TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig>, TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig> function) throws Exception {
-        processByTwoFaProvider(tenantId, userId, (provider, providerConfig, accountConfig) -> {
-            function.accept(provider, providerConfig, accountConfig);
-            return null;
-        });
-    }
-
-
-    public Optional<TwoFactorAuthAccountConfig> getTwoFaAccountConfig(TenantId tenantId, UserId userId) {
-        User user = userService.findUserById(tenantId, userId);
-        return Optional.ofNullable(user.getAdditionalInfo())
-                .flatMap(additionalInfo -> Optional.ofNullable(additionalInfo.get(TWO_FACTOR_AUTH_ACCOUNT_CONFIG_KEY)).filter(jsonNode -> !jsonNode.isNull()))
-                .map(jsonNode -> JacksonUtil.treeToValue(jsonNode, TwoFactorAuthAccountConfig.class))
-                .filter(twoFactorAuthAccountConfig -> {
-                    return getTwoFaProviderConfig(tenantId, twoFactorAuthAccountConfig.getProviderType()).isPresent();
-                });
-    }
-
-    public void saveTwoFaAccountConfig(TenantId tenantId, UserId userId, TwoFactorAuthAccountConfig accountConfig) throws ThingsboardException {
-        getTwoFaProviderConfig(tenantId, accountConfig.getProviderType())
-                .orElseThrow(() -> new ThingsboardException("2FA provider is not configured", ThingsboardErrorCode.BAD_REQUEST_PARAMS));
-
-        User user = userService.findUserById(tenantId, userId);
-        ObjectNode additionalInfo = (ObjectNode) Optional.ofNullable(user.getAdditionalInfo())
-                .orElseGet(JacksonUtil::newObjectNode);
-        additionalInfo.set(TWO_FACTOR_AUTH_ACCOUNT_CONFIG_KEY, JacksonUtil.valueToTree(accountConfig));
-        user.setAdditionalInfo(additionalInfo);
-
-        userService.saveUser(user);
-    }
-
-    public void deleteTwoFaAccountConfig(TenantId tenantId, UserId userId) {
-        User user = userService.findUserById(tenantId, userId);
-        ObjectNode additionalInfo = (ObjectNode) Optional.ofNullable(user.getAdditionalInfo())
-                .orElseGet(JacksonUtil::newObjectNode);
-        additionalInfo.remove(TWO_FACTOR_AUTH_ACCOUNT_CONFIG_KEY);
-        user.setAdditionalInfo(additionalInfo);
-
-        userService.saveUser(user);
-    }
-
-
-    @SneakyThrows({InterruptedException.class, ExecutionException.class})
-    public Optional<TwoFactorAuthSettings> getTwoFaSettings(TenantId tenantId) {
-        if (tenantId.equals(TenantId.SYS_TENANT_ID)) {
-            return Optional.ofNullable(adminSettingsService.findAdminSettingsByKey(tenantId, TWO_FACTOR_AUTH_SETTINGS_KEY))
-                    .map(adminSettings -> JacksonUtil.treeToValue(adminSettings.getJsonValue(), TwoFactorAuthSettings.class));
-        } else {
-            return attributesService.find(TenantId.SYS_TENANT_ID, tenantId, DataConstants.SERVER_SCOPE, TWO_FACTOR_AUTH_SETTINGS_KEY).get()
-                    .map(adminSettingsAttribute -> JacksonUtil.fromString(adminSettingsAttribute.getJsonValue().get(), TwoFactorAuthSettings.class))
-                    .filter(tenantTwoFactorAuthSettings -> !tenantTwoFactorAuthSettings.isUseSystemTwoFactorAuthSettings())
-                    .or(() -> getTwoFaSettings(TenantId.SYS_TENANT_ID));
-        }
-    }
-
-    @SneakyThrows({InterruptedException.class, ExecutionException.class})
-    public void saveTwoFaSettings(TenantId tenantId, TwoFactorAuthSettings twoFactorAuthSettings) {
-        if (tenantId.equals(TenantId.SYS_TENANT_ID)) {
-            AdminSettings settings = Optional.ofNullable(adminSettingsService.findAdminSettingsByKey(tenantId, TWO_FACTOR_AUTH_SETTINGS_KEY))
-                    .orElseGet(() -> {
-                        AdminSettings newSettings = new AdminSettings();
-                        newSettings.setKey(TWO_FACTOR_AUTH_SETTINGS_KEY);
-                        return newSettings;
-                    });
-            settings.setJsonValue(JacksonUtil.valueToTree(twoFactorAuthSettings));
-            adminSettingsService.saveAdminSettings(tenantId, settings);
-        } else {
-            attributesService.save(TenantId.SYS_TENANT_ID, tenantId, DataConstants.SERVER_SCOPE, Collections.singletonList(
-                    new BaseAttributeKvEntry(new JsonDataEntry(TWO_FACTOR_AUTH_SETTINGS_KEY, JacksonUtil.toString(twoFactorAuthSettings)), System.currentTimeMillis())
-            )).get();
-        }
-    }
-
-
-    private <A extends TwoFactorAuthAccountConfig, C extends TwoFactorAuthProviderConfig> Optional<TwoFactorAuthProvider<C, A>> getTwoFaProvider(TwoFactorAuthProviderType providerType) {
-        return Optional.of((TwoFactorAuthProvider<C, A>) providers.get(providerType));
-    }
-
-    private <C extends TwoFactorAuthProviderConfig> Optional<C> getTwoFaProviderConfig(TenantId tenantId, TwoFactorAuthProviderType providerType) {
-        return getTwoFaSettings(tenantId)
-                .flatMap(twoFaSettings -> twoFaSettings.getProviderConfig(providerType))
-                .map(providerConfig -> (C) providerConfig);
-    }
-
-    @Autowired
-    private void setProviders(Collection<TwoFactorAuthProvider<?, ?>> providers) {
-        providers.forEach(provider -> {
-            this.providers.put(provider.getType(), provider);
-        });
-    }
+    TwoFactorAuthAccountConfig generateNewAccountConfig(User user, TwoFactorAuthProviderType providerType) throws ThingsboardException;
 
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFactorAuthConfigManager.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFactorAuthConfigManager.java
new file mode 100644
index 0000000000..a96d25e520
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFactorAuthConfigManager.java
@@ -0,0 +1,139 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.mfa.config;
+
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import lombok.RequiredArgsConstructor;
+import lombok.SneakyThrows;
+import org.springframework.stereotype.Service;
+import org.thingsboard.common.util.JacksonUtil;
+import org.thingsboard.server.common.data.AdminSettings;
+import org.thingsboard.server.common.data.DataConstants;
+import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
+import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.TenantId;
+import org.thingsboard.server.common.data.id.UserId;
+import org.thingsboard.server.common.data.kv.BaseAttributeKvEntry;
+import org.thingsboard.server.common.data.kv.JsonDataEntry;
+import org.thingsboard.server.dao.attributes.AttributesService;
+import org.thingsboard.server.dao.service.ConstraintValidator;
+import org.thingsboard.server.dao.settings.AdminSettingsService;
+import org.thingsboard.server.dao.user.UserService;
+import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.provider.TwoFactorAuthProviderConfig;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+
+import java.util.Collections;
+import java.util.Optional;
+import java.util.concurrent.ExecutionException;
+
+@Service
+@RequiredArgsConstructor
+public class DefaultTwoFactorAuthConfigManager implements TwoFactorAuthConfigManager {
+
+    private final UserService userService;
+    private final AdminSettingsService adminSettingsService;
+    private final AttributesService attributesService;
+
+    protected static final String TWO_FACTOR_AUTH_ACCOUNT_CONFIG_KEY = "twoFaConfig";
+    protected static final String TWO_FACTOR_AUTH_SETTINGS_KEY = "twoFaSettings";
+
+
+    @Override
+    public boolean isTwoFaEnabled(User user) {
+        return getTwoFaAccountConfig(user.getTenantId(), user.getId()).isPresent();
+    }
+
+    @Override
+    public Optional<TwoFactorAuthAccountConfig> getTwoFaAccountConfig(TenantId tenantId, UserId userId) {
+        User user = userService.findUserById(tenantId, userId);
+        return Optional.ofNullable(user.getAdditionalInfo())
+                .flatMap(additionalInfo -> Optional.ofNullable(additionalInfo.get(TWO_FACTOR_AUTH_ACCOUNT_CONFIG_KEY)).filter(jsonNode -> !jsonNode.isNull()))
+                .map(jsonNode -> JacksonUtil.treeToValue(jsonNode, TwoFactorAuthAccountConfig.class))
+                .filter(twoFactorAuthAccountConfig -> {
+                    return getTwoFaProviderConfig(tenantId, twoFactorAuthAccountConfig.getProviderType()).isPresent();
+                });
+    }
+
+    @Override
+    public void saveTwoFaAccountConfig(TenantId tenantId, UserId userId, TwoFactorAuthAccountConfig accountConfig) throws ThingsboardException {
+        getTwoFaProviderConfig(tenantId, accountConfig.getProviderType())
+                .orElseThrow(() -> new ThingsboardException("2FA provider is not configured", ThingsboardErrorCode.BAD_REQUEST_PARAMS));
+
+        User user = userService.findUserById(tenantId, userId);
+        ObjectNode additionalInfo = (ObjectNode) Optional.ofNullable(user.getAdditionalInfo())
+                .orElseGet(JacksonUtil::newObjectNode);
+        additionalInfo.set(TWO_FACTOR_AUTH_ACCOUNT_CONFIG_KEY, JacksonUtil.valueToTree(accountConfig));
+        user.setAdditionalInfo(additionalInfo);
+
+        userService.saveUser(user);
+    }
+
+    @Override
+    public void deleteTwoFaAccountConfig(TenantId tenantId, UserId userId) {
+        User user = userService.findUserById(tenantId, userId);
+        ObjectNode additionalInfo = (ObjectNode) Optional.ofNullable(user.getAdditionalInfo())
+                .orElseGet(JacksonUtil::newObjectNode);
+        additionalInfo.remove(TWO_FACTOR_AUTH_ACCOUNT_CONFIG_KEY);
+        user.setAdditionalInfo(additionalInfo);
+
+        userService.saveUser(user);
+    }
+
+
+    private Optional<TwoFactorAuthProviderConfig> getTwoFaProviderConfig(TenantId tenantId, TwoFactorAuthProviderType providerType) {
+        return getTwoFaSettings(tenantId)
+                .flatMap(twoFaSettings -> twoFaSettings.getProviderConfig(providerType));
+    }
+
+    @SneakyThrows({InterruptedException.class, ExecutionException.class})
+    @Override
+    public Optional<TwoFactorAuthSettings> getTwoFaSettings(TenantId tenantId) {
+        if (tenantId.equals(TenantId.SYS_TENANT_ID)) {
+            return Optional.ofNullable(adminSettingsService.findAdminSettingsByKey(tenantId, TWO_FACTOR_AUTH_SETTINGS_KEY))
+                    .map(adminSettings -> JacksonUtil.treeToValue(adminSettings.getJsonValue(), TwoFactorAuthSettings.class));
+        } else {
+            return attributesService.find(TenantId.SYS_TENANT_ID, tenantId, DataConstants.SERVER_SCOPE, TWO_FACTOR_AUTH_SETTINGS_KEY).get()
+                    .map(adminSettingsAttribute -> JacksonUtil.fromString(adminSettingsAttribute.getJsonValue().get(), TwoFactorAuthSettings.class))
+                    .filter(tenantTwoFactorAuthSettings -> !tenantTwoFactorAuthSettings.isUseSystemTwoFactorAuthSettings())
+                    .or(() -> getTwoFaSettings(TenantId.SYS_TENANT_ID));
+        }
+    }
+
+    @SneakyThrows({InterruptedException.class, ExecutionException.class})
+    @Override
+    public void saveTwoFaSettings(TenantId tenantId, TwoFactorAuthSettings twoFactorAuthSettings) {
+        if (tenantId.equals(TenantId.SYS_TENANT_ID) || !twoFactorAuthSettings.isUseSystemTwoFactorAuthSettings()) {
+            ConstraintValidator.validateFields(twoFactorAuthSettings);
+        }
+        if (tenantId.equals(TenantId.SYS_TENANT_ID)) {
+            AdminSettings settings = Optional.ofNullable(adminSettingsService.findAdminSettingsByKey(tenantId, TWO_FACTOR_AUTH_SETTINGS_KEY))
+                    .orElseGet(() -> {
+                        AdminSettings newSettings = new AdminSettings();
+                        newSettings.setKey(TWO_FACTOR_AUTH_SETTINGS_KEY);
+                        return newSettings;
+                    });
+            settings.setJsonValue(JacksonUtil.valueToTree(twoFactorAuthSettings));
+            adminSettingsService.saveAdminSettings(tenantId, settings);
+        } else {
+            attributesService.save(TenantId.SYS_TENANT_ID, tenantId, DataConstants.SERVER_SCOPE, Collections.singletonList(
+                    new BaseAttributeKvEntry(new JsonDataEntry(TWO_FACTOR_AUTH_SETTINGS_KEY, JacksonUtil.toString(twoFactorAuthSettings)), System.currentTimeMillis())
+            )).get();
+        }
+    }
+
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthConfigManager.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthConfigManager.java
new file mode 100644
index 0000000000..94c18aa999
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthConfigManager.java
@@ -0,0 +1,41 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.mfa.config;
+
+import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.TenantId;
+import org.thingsboard.server.common.data.id.UserId;
+import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
+
+import java.util.Optional;
+
+public interface TwoFactorAuthConfigManager {
+
+    boolean isTwoFaEnabled(User user);
+
+    Optional<TwoFactorAuthAccountConfig> getTwoFaAccountConfig(TenantId tenantId, UserId userId);
+
+    void saveTwoFaAccountConfig(TenantId tenantId, UserId userId, TwoFactorAuthAccountConfig accountConfig) throws ThingsboardException;
+
+    void deleteTwoFaAccountConfig(TenantId tenantId, UserId userId);
+
+
+    Optional<TwoFactorAuthSettings> getTwoFaSettings(TenantId tenantId);
+
+    void saveTwoFaSettings(TenantId tenantId, TwoFactorAuthSettings twoFactorAuthSettings);
+
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
index 8b8927f721..e70742267b 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
@@ -15,12 +15,14 @@
  */
 package org.thingsboard.server.service.security.auth.mfa.config;
 
+import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import org.checkerframework.checker.index.qual.NonNegative;
 import org.thingsboard.server.service.security.auth.mfa.config.provider.TwoFactorAuthProviderConfig;
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
 
 import javax.validation.Valid;
+import javax.validation.constraints.AssertTrue;
 import javax.validation.constraints.Min;
 import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Pattern;
@@ -30,17 +32,21 @@ import java.util.Optional;
 @Data
 public class TwoFactorAuthSettings {
 
-    @NotNull
-    private Boolean useSystemTwoFactorAuthSettings;
+    private boolean useSystemTwoFactorAuthSettings;
     @Valid
     private List<TwoFactorAuthProviderConfig> providers;
 
-    @Pattern(regexp = "\\d+:\\d+")
-    private String verificationCodeSendRateLimit; // 1:60 - one time in a minute
-    @Pattern(regexp = "\\d+:\\d+")
-    private String verificationCodeCheckRateLimit; // soft lockout, on session level
+    @ApiModelProperty(example = "1:60 (1 request per minute)")
+    @Pattern(regexp = "[^0]\\d+:[^0]\\d+", message = "Rate limit configuration is invalid")
+    private String verificationCodeSendRateLimit;
+    @ApiModelProperty(example = "3:900 (3 requests per 15 minutes)")
+    @Pattern(regexp = "[^0]\\d+:[^0]\\d+", message = "Rate limit configuration is invalid")
+    private String verificationCodeCheckRateLimit;
     @Min(0)
-    private Integer maxVerificationCodeSubmitAttemptsBeforeUserBlocking;
+    private int maxCodeVerificationFailuresBeforeUserLockout;
+    @ApiModelProperty(value = "in seconds")
+    @Min(1)
+    private int totalAllowedTimeForVerification;
 
 
     public Optional<TwoFactorAuthProviderConfig> getProviderConfig(TwoFactorAuthProviderType providerType) {
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/EmailTwoFactorAuthAccountConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/EmailTwoFactorAuthAccountConfig.java
index c18e4c41c1..dfbba22113 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/EmailTwoFactorAuthAccountConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/EmailTwoFactorAuthAccountConfig.java
@@ -17,13 +17,18 @@ package org.thingsboard.server.service.security.auth.mfa.config.account;
 
 import lombok.Data;
 import lombok.EqualsAndHashCode;
+import org.apache.commons.lang3.StringUtils;
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
 
+import javax.validation.constraints.AssertTrue;
+import javax.validation.constraints.Email;
+
 @EqualsAndHashCode(callSuper = true)
 @Data
 public class EmailTwoFactorAuthAccountConfig extends OtpBasedTwoFactorAuthAccountConfig {
 
-    private boolean useAccountEmail; // TODO [viacheslav]: validate
+    private boolean useAccountEmail;
+    @Email(message = "Email is not valid")
     private String email;
 
     @Override
@@ -31,4 +36,10 @@ public class EmailTwoFactorAuthAccountConfig extends OtpBasedTwoFactorAuthAccoun
         return TwoFactorAuthProviderType.EMAIL;
     }
 
+
+    @AssertTrue(message = "Email must be specified") // TODO [viacheslav]: test !
+    private boolean isValid() {
+        return useAccountEmail || StringUtils.isNotEmpty(email);
+    }
+
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/SmsTwoFactorAuthAccountConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/SmsTwoFactorAuthAccountConfig.java
index 82e3760e35..40e94899a7 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/SmsTwoFactorAuthAccountConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/SmsTwoFactorAuthAccountConfig.java
@@ -20,12 +20,14 @@ import lombok.EqualsAndHashCode;
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
 
 import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.Pattern;
 
 @EqualsAndHashCode(callSuper = true)
 @Data
 public class SmsTwoFactorAuthAccountConfig extends OtpBasedTwoFactorAuthAccountConfig {
 
     @NotBlank
+    @Pattern(regexp = "^\\+[1-9]\\d{1,14}$", message = "Phone number is not of E.164 format")
     private String phoneNumber;
 
     @Override
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java
index 141535eea8..44774bb2a3 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java
@@ -18,6 +18,7 @@ package org.thingsboard.server.service.security.auth.mfa.config.account;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonSubTypes;
+import com.fasterxml.jackson.annotation.JsonSubTypes.Type;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
 
@@ -26,8 +27,9 @@ import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthPr
         use = JsonTypeInfo.Id.NAME,
         property = "providerType")
 @JsonSubTypes({
-        @JsonSubTypes.Type(value = TotpTwoFactorAuthAccountConfig.class, name = "TOTP"),
-        @JsonSubTypes.Type(value = SmsTwoFactorAuthAccountConfig.class, name = "SMS"),
+        @Type(name = "TOTP", value = TotpTwoFactorAuthAccountConfig.class ),
+        @Type(name = "SMS", value = SmsTwoFactorAuthAccountConfig.class),
+        @Type(name = "EMAIL", value = EmailTwoFactorAuthAccountConfig.class)
 })
 public interface TwoFactorAuthAccountConfig {
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/OtpBasedTwoFactorAuthProviderConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/OtpBasedTwoFactorAuthProviderConfig.java
index c7169def48..fa1e5d7b43 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/OtpBasedTwoFactorAuthProviderConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/OtpBasedTwoFactorAuthProviderConfig.java
@@ -15,9 +15,14 @@
  */
 package org.thingsboard.server.service.security.auth.mfa.config.provider;
 
+import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 
+import javax.validation.constraints.Min;
+
 @Data
 public abstract class OtpBasedTwoFactorAuthProviderConfig implements TwoFactorAuthProviderConfig {
-    private Integer verificationCodeLifetime; // seconds
+    @ApiModelProperty(value = "in seconds", example = "60")
+    @Min(1) // TODO [viacheslav]: test
+    private int verificationCodeLifetime;
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TwoFactorAuthProviderConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TwoFactorAuthProviderConfig.java
index a86bcee222..c94c403fd8 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TwoFactorAuthProviderConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TwoFactorAuthProviderConfig.java
@@ -18,7 +18,9 @@ package org.thingsboard.server.service.security.auth.mfa.config.provider;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonSubTypes;
+import com.fasterxml.jackson.annotation.JsonSubTypes.Type;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import org.thingsboard.server.service.security.auth.mfa.config.account.EmailTwoFactorAuthAccountConfig;
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
 
 @JsonIgnoreProperties(ignoreUnknown = true)
@@ -26,8 +28,9 @@ import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthPr
         use = JsonTypeInfo.Id.NAME,
         property = "providerType")
 @JsonSubTypes({
-        @JsonSubTypes.Type(value = TotpTwoFactorAuthProviderConfig.class, name = "TOTP"),
-        @JsonSubTypes.Type(value = SmsTwoFactorAuthProviderConfig.class, name = "SMS"),
+        @Type(name = "TOTP", value = TotpTwoFactorAuthProviderConfig.class),
+        @Type(name = "SMS", value = SmsTwoFactorAuthProviderConfig.class),
+        @Type(name = "EMAIL", value = EmailTwoFactorAuthAccountConfig.class)
 })
 public interface TwoFactorAuthProviderConfig {
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java
index f8d07aedb2..e13e0925d5 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java
@@ -40,8 +40,7 @@ public abstract class OtpBasedTwoFactorAuthProvider<C extends OtpBasedTwoFactorA
     @Override
     public final void prepareVerificationCode(SecurityUser user, C providerConfig, A accountConfig) throws ThingsboardException {
         String verificationCode = RandomStringUtils.randomNumeric(6);
-        verificationCodesCache.put(user.getSessionId(), new Otp(System.currentTimeMillis(), verificationCode));
-
+        verificationCodesCache.put(user.getSessionId(), new Otp(System.currentTimeMillis(), verificationCode, accountConfig));
         sendVerificationCode(user, verificationCode, providerConfig, accountConfig);
     }
 
@@ -51,8 +50,14 @@ public abstract class OtpBasedTwoFactorAuthProvider<C extends OtpBasedTwoFactorA
     @Override
     public final boolean checkVerificationCode(SecurityUser user, String verificationCode, C providerConfig, A accountConfig) {
         Otp correctVerificationCode = verificationCodesCache.get(user.getSessionId(), Otp.class);
-        if (correctVerificationCode != null && verificationCode.equals(correctVerificationCode.getValue())) {
-            if (System.currentTimeMillis() - correctVerificationCode.getTimestamp() <= TimeUnit.SECONDS.toMillis(providerConfig.getVerificationCodeLifetime())) {
+        if (correctVerificationCode != null) {
+            if (System.currentTimeMillis() - correctVerificationCode.getTimestamp()
+                    > TimeUnit.SECONDS.toMillis(providerConfig.getVerificationCodeLifetime())) {
+                verificationCodesCache.evict(user.getSessionId());
+                return false;
+            }
+            if (verificationCode.equals(correctVerificationCode.getValue())
+                    && correctVerificationCode.getConfig().equals(accountConfig)) {
                 verificationCodesCache.evict(user.getSessionId());
                 return true;
             }
@@ -65,6 +70,7 @@ public abstract class OtpBasedTwoFactorAuthProvider<C extends OtpBasedTwoFactorA
     private static class Otp {
         private final long timestamp;
         private final String value;
+        private final OtpBasedTwoFactorAuthAccountConfig config;
     }
 
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
index a9493a45c3..c4f550b9ba 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
@@ -40,7 +40,7 @@ import org.thingsboard.server.dao.audit.AuditLogService;
 import org.thingsboard.server.dao.customer.CustomerService;
 import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.service.security.auth.MfaAuthenticationToken;
-import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.UserPrincipal;
 import org.thingsboard.server.service.security.system.SystemSecurityService;
@@ -57,19 +57,19 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
     private final UserService userService;
     private final CustomerService customerService;
     private final AuditLogService auditLogService;
-    private final TwoFactorAuthService twoFactorAuthService;
+    private final TwoFactorAuthConfigManager twoFactorAuthConfigManager;
 
     @Autowired
     public RestAuthenticationProvider(final UserService userService,
                                       final CustomerService customerService,
                                       final SystemSecurityService systemSecurityService,
                                       final AuditLogService auditLogService,
-                                      TwoFactorAuthService twoFactorAuthService) {
+                                      TwoFactorAuthConfigManager twoFactorAuthConfigManager) {
         this.userService = userService;
         this.customerService = customerService;
         this.systemSecurityService = systemSecurityService;
         this.auditLogService = auditLogService;
-        this.twoFactorAuthService = twoFactorAuthService;
+        this.twoFactorAuthConfigManager = twoFactorAuthConfigManager;
     }
 
     @Override
@@ -87,7 +87,7 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
             String username = userPrincipal.getValue();
             String password = (String) authentication.getCredentials();
             securityUser = authenticateByUsernameAndPassword(authentication, userPrincipal, username, password);
-            if (twoFactorAuthService.getTwoFaAccountConfig(securityUser.getTenantId(), securityUser.getId()).isPresent()) {
+            if (twoFactorAuthConfigManager.isTwoFaEnabled(securityUser)) {
                 return new MfaAuthenticationToken(securityUser);
             }
             logLoginAction((User) authentication.getPrincipal(), authentication, ActionType.LOGIN, null);
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
index 08587d8dee..205fb9a391 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
@@ -26,7 +26,7 @@ import org.springframework.security.web.authentication.AuthenticationSuccessHand
 import org.springframework.stereotype.Component;
 import org.thingsboard.server.service.security.auth.MfaAuthenticationToken;
 import org.thingsboard.server.service.security.auth.jwt.RefreshTokenRepository;
-import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
 import org.thingsboard.server.service.security.model.JwtTokenPair;
 import org.thingsboard.server.service.security.model.SecurityUser;
@@ -44,7 +44,7 @@ import java.io.IOException;
 public class RestAwareAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
     private final ObjectMapper mapper;
     private final JwtTokenFactory tokenFactory;
-    private final TwoFactorAuthService twoFactorAuthService;
+    private final TwoFactorAuthConfigManager twoFactorAuthConfigManager;
     private final RefreshTokenRepository refreshTokenRepository;
 
     @Override
@@ -54,9 +54,9 @@ public class RestAwareAuthenticationSuccessHandler implements AuthenticationSucc
         JwtTokenPair tokenPair = new JwtTokenPair();
 
         if (authentication instanceof MfaAuthenticationToken) {
-            TwoFactorAuthSettings twoFaSettings = twoFactorAuthService.getTwoFaSettings(securityUser.getTenantId()).get();
-            // FIXME [viacheslav]: define the logic: pre-verification token lifetime,
-            tokenPair.setToken(tokenFactory.createTwoFaPreVerificationToken(securityUser, ).getToken());
+            int preVerificationTokenLifetime = twoFactorAuthConfigManager.getTwoFaSettings(securityUser.getTenantId())
+                    .map(TwoFactorAuthSettings::getTotalAllowedTimeForVerification).orElse(30);
+            tokenPair.setToken(tokenFactory.createTwoFaPreVerificationToken(securityUser, preVerificationTokenLifetime).getToken());
             tokenPair.setRefreshToken(null);
         } else {
             tokenPair.setToken(tokenFactory.createAccessJwtToken(securityUser).getToken());
diff --git a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
index 9a998544f3..646562f9ed 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
@@ -37,12 +37,14 @@ import org.springframework.security.authentication.LockedException;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
+import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.rule.engine.api.MailService;
 import org.thingsboard.server.common.data.AdminSettings;
 import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.CustomerId;
 import org.thingsboard.server.common.data.id.TenantId;
+import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.security.UserCredentials;
 import org.thingsboard.server.common.data.security.model.SecuritySettings;
 import org.thingsboard.server.common.data.security.model.UserPasswordPolicy;
@@ -50,7 +52,7 @@ import org.thingsboard.server.dao.exception.DataValidationException;
 import org.thingsboard.server.dao.settings.AdminSettingsService;
 import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.dao.user.UserServiceImpl;
-import org.thingsboard.common.util.JacksonUtil;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
 import org.thingsboard.server.service.security.exception.UserPasswordExpiredException;
 import org.thingsboard.server.utils.MiscUtils;
 
@@ -59,6 +61,7 @@ import javax.servlet.http.HttpServletRequest;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 import java.util.concurrent.TimeUnit;
 
 import static org.thingsboard.server.common.data.CacheConstants.SECURITY_SETTINGS_CACHE;
@@ -122,17 +125,10 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
     public void validateUserCredentials(TenantId tenantId, UserCredentials userCredentials, String username, String password) throws AuthenticationException {
         if (!encoder.matches(password, userCredentials.getPassword())) {
             int failedLoginAttempts = userService.onUserLoginIncorrectCredentials(tenantId, userCredentials.getUserId());
-            SecuritySettings securitySettings = getSecuritySettings(tenantId);
+            SecuritySettings securitySettings = self.getSecuritySettings(tenantId);
             if (securitySettings.getMaxFailedLoginAttempts() != null && securitySettings.getMaxFailedLoginAttempts() > 0) {
                 if (failedLoginAttempts > securitySettings.getMaxFailedLoginAttempts() && userCredentials.isEnabled()) {
-                    userService.setUserCredentialsEnabled(TenantId.SYS_TENANT_ID, userCredentials.getUserId(), false);
-                    if (StringUtils.isNoneBlank(securitySettings.getUserLockoutNotificationEmail())) {
-                        try {
-                            mailService.sendAccountLockoutEmail(username, securitySettings.getUserLockoutNotificationEmail(), securitySettings.getMaxFailedLoginAttempts());
-                        } catch (ThingsboardException e) {
-                            log.warn("Can't send email regarding user account [{}] lockout to provided email [{}]", username, securitySettings.getUserLockoutNotificationEmail(), e);
-                        }
-                    }
+                    lockAccount(userCredentials.getUserId(), username, securitySettings);
                     throw new LockedException("Authentication Failed. Username was locked due to security policy.");
                 }
             }
@@ -143,6 +139,7 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
             throw new DisabledException("User is not active");
         }
 
+        // FIXME [viacheslav]: don't do that in case of 2FA. maybe just move underlying setLastLoginTs to logLoginAction ?
         userService.onUserLoginSuccessful(tenantId, userCredentials.getUserId());
 
         SecuritySettings securitySettings = self.getSecuritySettings(tenantId);
@@ -156,6 +153,43 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
         }
     }
 
+    @Override
+    public void validateTwoFaVerification(TenantId tenantId, UserId userId, boolean verificationSuccess, TwoFactorAuthSettings twoFaSettings) {
+        User user = userService.findUserById(tenantId, userId);
+        ObjectNode additionalInfo = (ObjectNode) Optional.ofNullable(user.getAdditionalInfo())
+                .filter(jsonNode -> jsonNode instanceof ObjectNode)
+                .orElseGet(JacksonUtil::newObjectNode);
+        // TODO [viacheslav]: test !
+        int failedVerificationAttempts = Optional.ofNullable(additionalInfo.get("failedTwoFaVerificationAttempts"))
+                .map(JsonNode::asInt).orElse(0);
+
+        if (!verificationSuccess) {
+            failedVerificationAttempts++;
+            // TODO [viacheslav]: maybe use userService.onUserLoginIncorrectCredentials()
+        } else {
+            failedVerificationAttempts = 0;
+            // and set last login ts
+        }
+
+        if (twoFaSettings.getMaxCodeVerificationFailuresBeforeUserLockout() > 0
+                && failedVerificationAttempts >= twoFaSettings.getMaxCodeVerificationFailuresBeforeUserLockout()) {
+            userService.setUserCredentialsEnabled(TenantId.SYS_TENANT_ID, userId, false);
+            lockAccount(userId, user.getEmail(), self.getSecuritySettings(tenantId));
+            throw new LockedException("User account was locked due to exceeded 2FA verification attempts");
+        }
+    }
+
+    private void lockAccount(UserId userId, String username, SecuritySettings securitySettings) {
+        userService.setUserCredentialsEnabled(TenantId.SYS_TENANT_ID, userId, false);
+        if (StringUtils.isNoneBlank(securitySettings.getUserLockoutNotificationEmail())) {
+            try {
+                mailService.sendAccountLockoutEmail(username, securitySettings.getUserLockoutNotificationEmail(), securitySettings.getMaxFailedLoginAttempts());
+            } catch (ThingsboardException e) {
+                log.warn("Can't send email regarding user account [{}] lockout to provided email [{}]", username, securitySettings.getUserLockoutNotificationEmail(), e);
+            }
+        }
+    }
+
     @Override
     public void validatePassword(TenantId tenantId, String password, UserCredentials userCredentials) throws DataValidationException {
         SecuritySettings securitySettings = self.getSecuritySettings(tenantId);
diff --git a/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java b/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
index 2cc19ccac6..453251bf03 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
@@ -18,9 +18,11 @@ package org.thingsboard.server.service.security.system;
 import org.springframework.security.core.AuthenticationException;
 import org.thingsboard.server.common.data.id.CustomerId;
 import org.thingsboard.server.common.data.id.TenantId;
+import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.security.UserCredentials;
 import org.thingsboard.server.dao.exception.DataValidationException;
 import org.thingsboard.server.common.data.security.model.SecuritySettings;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
 
 import javax.servlet.http.HttpServletRequest;
 
@@ -32,6 +34,8 @@ public interface SystemSecurityService {
 
     void validateUserCredentials(TenantId tenantId, UserCredentials userCredentials, String username, String password) throws AuthenticationException;
 
+    void validateTwoFaVerification(TenantId tenantId, UserId userId, boolean verificationSuccess, TwoFactorAuthSettings twoFaSettings);
+
     void validatePassword(TenantId tenantId, String password, UserCredentials userCredentials) throws DataValidationException;
 
     String getBaseUrl(TenantId tenantId, CustomerId customerId, HttpServletRequest httpServletRequest);
diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
index a12c7ec0e8..b338d0d99d 100644
--- a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
@@ -45,6 +45,7 @@ import static org.mockito.Mockito.verify;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 // TODO [viacheslav]: test sessionId
+// TODO [viacheslav]: test validation for all account configs, provider configs and two factor auth settings
 public abstract class TwoFactorAuthTest extends AbstractControllerTest {
 
     @SpyBean
diff --git a/dao/src/main/java/org/thingsboard/server/dao/user/UserServiceImpl.java b/dao/src/main/java/org/thingsboard/server/dao/user/UserServiceImpl.java
index d48520648e..1ee78d4068 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/user/UserServiceImpl.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/user/UserServiceImpl.java
@@ -301,7 +301,7 @@ public class UserServiceImpl extends AbstractEntityService implements UserServic
     public void onUserLoginSuccessful(TenantId tenantId, UserId userId) {
         log.trace("Executing onUserLoginSuccessful [{}]", userId);
         User user = findUserById(tenantId, userId);
-        setLastLoginTs(user);
+        setLastLoginTs(user); // FIXME [viacheslav]: move to logLoginAction ?
         resetFailedLoginAttempts(user);
         saveUser(user);
     }

From 052068d7f48cd1639355fc6bb89bece6d0b9b7ee Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Sun, 20 Mar 2022 09:21:41 +0200
Subject: [PATCH 07/92] Remove 2FA with email message

---
 .../controller/TwoFactorAuthController.java   |  4 --
 .../auth/mfa/DefaultTwoFactorAuthService.java |  3 +-
 .../EmailTwoFactorAuthAccountConfig.java      | 45 -------------
 .../account/TwoFactorAuthAccountConfig.java   |  3 +-
 .../EmailTwoFactorAuthProviderConfig.java     | 33 ---------
 .../provider/TwoFactorAuthProviderConfig.java |  4 +-
 .../impl/EmailTwoFactorAuthProvider.java      | 67 -------------------
 7 files changed, 3 insertions(+), 156 deletions(-)
 delete mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/EmailTwoFactorAuthAccountConfig.java
 delete mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/EmailTwoFactorAuthProviderConfig.java
 delete mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFactorAuthProvider.java

diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
index 58a7af3d7a..76cc8f2f14 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@@ -29,11 +29,7 @@ import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
 
 /*
- *
  * TODO [viacheslav]:
- *  - Configurable hardlock (user blocking) after a total of XX (10) unsuccessful attempts - on user level
- *
- * FIXME [viacheslav]:
  *  - Tests for 2FA
  *  - Swagger documentation
  *
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
index e54a39951f..98cbeb0786 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
@@ -141,11 +141,10 @@ public class DefaultTwoFactorAuthService implements TwoFactorAuthService {
     }
 
     @Autowired
-    private void setProviders(Collection<TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig>> providers) {
+    private void setProviders(Collection<TwoFactorAuthProvider> providers) {
         providers.forEach(provider -> {
             this.providers.put(provider.getType(), provider);
         });
     }
 
 }
-
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/EmailTwoFactorAuthAccountConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/EmailTwoFactorAuthAccountConfig.java
deleted file mode 100644
index dfbba22113..0000000000
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/EmailTwoFactorAuthAccountConfig.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/**
- * Copyright © 2016-2022 The Thingsboard Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.thingsboard.server.service.security.auth.mfa.config.account;
-
-import lombok.Data;
-import lombok.EqualsAndHashCode;
-import org.apache.commons.lang3.StringUtils;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
-
-import javax.validation.constraints.AssertTrue;
-import javax.validation.constraints.Email;
-
-@EqualsAndHashCode(callSuper = true)
-@Data
-public class EmailTwoFactorAuthAccountConfig extends OtpBasedTwoFactorAuthAccountConfig {
-
-    private boolean useAccountEmail;
-    @Email(message = "Email is not valid")
-    private String email;
-
-    @Override
-    public TwoFactorAuthProviderType getProviderType() {
-        return TwoFactorAuthProviderType.EMAIL;
-    }
-
-
-    @AssertTrue(message = "Email must be specified") // TODO [viacheslav]: test !
-    private boolean isValid() {
-        return useAccountEmail || StringUtils.isNotEmpty(email);
-    }
-
-}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java
index 44774bb2a3..d1947a72be 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java
@@ -28,8 +28,7 @@ import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthPr
         property = "providerType")
 @JsonSubTypes({
         @Type(name = "TOTP", value = TotpTwoFactorAuthAccountConfig.class ),
-        @Type(name = "SMS", value = SmsTwoFactorAuthAccountConfig.class),
-        @Type(name = "EMAIL", value = EmailTwoFactorAuthAccountConfig.class)
+        @Type(name = "SMS", value = SmsTwoFactorAuthAccountConfig.class)
 })
 public interface TwoFactorAuthAccountConfig {
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/EmailTwoFactorAuthProviderConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/EmailTwoFactorAuthProviderConfig.java
deleted file mode 100644
index a782f73a68..0000000000
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/EmailTwoFactorAuthProviderConfig.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/**
- * Copyright © 2016-2022 The Thingsboard Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.thingsboard.server.service.security.auth.mfa.config.provider;
-
-import lombok.Data;
-import lombok.EqualsAndHashCode;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
-
-@EqualsAndHashCode(callSuper = true)
-@Data
-public class EmailTwoFactorAuthProviderConfig extends OtpBasedTwoFactorAuthProviderConfig{
-
-    private String emailVerificationMessageTemplate; // FIXME [viacheslav]:
-
-    @Override
-    public TwoFactorAuthProviderType getProviderType() {
-        return TwoFactorAuthProviderType.EMAIL;
-    }
-
-}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TwoFactorAuthProviderConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TwoFactorAuthProviderConfig.java
index c94c403fd8..f912f43144 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TwoFactorAuthProviderConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TwoFactorAuthProviderConfig.java
@@ -20,7 +20,6 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonSubTypes;
 import com.fasterxml.jackson.annotation.JsonSubTypes.Type;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
-import org.thingsboard.server.service.security.auth.mfa.config.account.EmailTwoFactorAuthAccountConfig;
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
 
 @JsonIgnoreProperties(ignoreUnknown = true)
@@ -29,8 +28,7 @@ import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthPr
         property = "providerType")
 @JsonSubTypes({
         @Type(name = "TOTP", value = TotpTwoFactorAuthProviderConfig.class),
-        @Type(name = "SMS", value = SmsTwoFactorAuthProviderConfig.class),
-        @Type(name = "EMAIL", value = EmailTwoFactorAuthAccountConfig.class)
+        @Type(name = "SMS", value = SmsTwoFactorAuthProviderConfig.class)
 })
 public interface TwoFactorAuthProviderConfig {
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFactorAuthProvider.java
deleted file mode 100644
index aa34d5b2d6..0000000000
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFactorAuthProvider.java
+++ /dev/null
@@ -1,67 +0,0 @@
-/**
- * Copyright © 2016-2022 The Thingsboard Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.thingsboard.server.service.security.auth.mfa.provider.impl;
-
-import org.springframework.cache.CacheManager;
-import org.springframework.stereotype.Service;
-import org.thingsboard.rule.engine.api.MailService;
-import org.thingsboard.server.common.data.User;
-import org.thingsboard.server.common.data.exception.ThingsboardException;
-import org.thingsboard.server.queue.util.TbCoreComponent;
-import org.thingsboard.server.service.security.auth.mfa.config.account.EmailTwoFactorAuthAccountConfig;
-import org.thingsboard.server.service.security.auth.mfa.config.provider.EmailTwoFactorAuthProviderConfig;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
-import org.thingsboard.server.service.security.model.SecurityUser;
-
-@Service
-@TbCoreComponent
-public class EmailTwoFactorAuthProvider extends OtpBasedTwoFactorAuthProvider<EmailTwoFactorAuthProviderConfig, EmailTwoFactorAuthAccountConfig> {
-
-    private final MailService mailService;
-
-    protected EmailTwoFactorAuthProvider(CacheManager cacheManager, MailService mailService) {
-        super(cacheManager);
-        this.mailService = mailService;
-    }
-
-
-    @Override
-    public EmailTwoFactorAuthAccountConfig generateNewAccountConfig(User user, EmailTwoFactorAuthProviderConfig providerConfig) {
-        EmailTwoFactorAuthAccountConfig accountConfig = new EmailTwoFactorAuthAccountConfig();
-        accountConfig.setUseAccountEmail(true);
-        return accountConfig;
-    }
-
-    @Override
-    protected void sendVerificationCode(SecurityUser user, String verificationCode, EmailTwoFactorAuthProviderConfig providerConfig, EmailTwoFactorAuthAccountConfig accountConfig) throws ThingsboardException {
-        String email;
-        if (accountConfig.isUseAccountEmail()) {
-            email = user.getEmail();
-        } else {
-            email = accountConfig.getEmail();
-        }
-
-        // FIXME [viacheslav]: mail template for 2FA verification
-        mailService.sendEmail(user.getTenantId(), email, "subject", "");
-    }
-
-
-    @Override
-    public TwoFactorAuthProviderType getType() {
-        return TwoFactorAuthProviderType.EMAIL;
-    }
-
-}

From 20a4f3cc4c3f15a3d9114cb3cb60613bade4ce36 Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Sun, 20 Mar 2022 14:13:54 +0200
Subject: [PATCH 08/92] 2FA: lock account after X unsuccessful verification
 attempts; refactoring

---
 .../controller/TwoFactorAuthController.java   | 15 ++--
 .../RefreshTokenAuthenticationProvider.java   |  3 +-
 .../auth/mfa/DefaultTwoFactorAuthService.java | 38 ++++----
 .../mfa/config/TwoFactorAuthSettings.java     |  6 +-
 .../mfa/provider/TwoFactorAuthProvider.java   |  4 +-
 .../impl/OtpBasedTwoFactorAuthProvider.java   | 14 +--
 .../impl/TotpTwoFactorAuthProvider.java       |  2 +-
 .../auth/rest/RestAuthenticationProvider.java | 60 +------------
 ...RestAwareAuthenticationSuccessHandler.java |  5 +-
 .../service/security/model/SecurityUser.java  | 11 ---
 .../security/model/token/JwtTokenFactory.java |  6 --
 .../system/DefaultSystemSecurityService.java  | 88 +++++++++++++++----
 .../system/SystemSecurityService.java         | 11 ++-
 .../server/dao/user/UserService.java          | 11 ++-
 .../server/dao/user/UserServiceImpl.java      | 15 ++--
 15 files changed, 145 insertions(+), 144 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
index 76cc8f2f14..125febeb6a 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@@ -17,24 +17,25 @@ package org.thingsboard.server.controller;
 
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
+import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
 import org.thingsboard.server.service.security.model.JwtTokenPair;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
+import org.thingsboard.server.service.security.system.SystemSecurityService;
 
 /*
  * TODO [viacheslav]:
  *  - Tests for 2FA
  *  - Swagger documentation
- *
  * */
-// TODO [viacheslav]: maybe get rid of sessionId concept..
 
 /*
  *
@@ -51,6 +52,7 @@ public class TwoFactorAuthController extends BaseController {
 
     private final TwoFactorAuthService twoFactorAuthService;
     private final JwtTokenFactory tokenFactory;
+    private final SystemSecurityService systemSecurityService;
 
 
     @PostMapping("/verification/send")
@@ -62,14 +64,17 @@ public class TwoFactorAuthController extends BaseController {
 
     @PostMapping("/verification/check")
     @PreAuthorize("hasAuthority('PRE_VERIFICATION_TOKEN')")
-    public JwtTokenPair checkTwoFaVerificationCode(@RequestParam String verificationCode) throws Exception {
+    public JwtTokenPair checkTwoFaVerificationCode(@RequestParam String verificationCode, Authentication authentication) throws Exception {
         SecurityUser user = getCurrentUser();
         boolean verificationSuccess = twoFactorAuthService.checkVerificationCode(user, verificationCode, true);
         if (verificationSuccess) {
-            // FIXME [viacheslav]: log login action
+            systemSecurityService.logLoginAction(user, authentication, ActionType.LOGIN, null);
             return tokenFactory.createTokenPair(user);
         } else {
-            throw new ThingsboardException("Verification code is incorrect", ThingsboardErrorCode.AUTHENTICATION);
+            ThingsboardException error = new ThingsboardException("Verification code is incorrect", ThingsboardErrorCode.AUTHENTICATION);
+            // FIXME [viacheslav]: log login action: no authentication details
+            systemSecurityService.logLoginAction(user, authentication, ActionType.LOGIN, error);
+            throw error;
         }
     }
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/RefreshTokenAuthenticationProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/RefreshTokenAuthenticationProvider.java
index b744adcdaf..665451b61f 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/RefreshTokenAuthenticationProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/RefreshTokenAuthenticationProvider.java
@@ -33,11 +33,11 @@ import org.thingsboard.server.common.data.id.EntityId;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.security.Authority;
-import org.thingsboard.server.service.security.auth.TokenOutdatingService;
 import org.thingsboard.server.common.data.security.UserCredentials;
 import org.thingsboard.server.dao.customer.CustomerService;
 import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.service.security.auth.RefreshAuthenticationToken;
+import org.thingsboard.server.service.security.auth.TokenOutdatingService;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.UserPrincipal;
 import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
@@ -66,7 +66,6 @@ public class RefreshTokenAuthenticationProvider implements AuthenticationProvide
         } else {
             securityUser = authenticateByPublicId(principal.getValue());
         }
-        securityUser.setSessionId(unsafeUser.getSessionId());
 
         if (tokenOutdatingService.isOutdated(rawAccessToken, securityUser.getId())) {
             throw new CredentialsExpiredException("Token is outdated");
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
index 98cbeb0786..a06184ff6c 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
@@ -23,6 +23,7 @@ import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.TenantId;
+import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.msg.tools.TbRateLimits;
 import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
@@ -50,30 +51,29 @@ public class DefaultTwoFactorAuthService implements TwoFactorAuthService {
     private final UserService userService;
     private final Map<TwoFactorAuthProviderType, TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig>> providers = new EnumMap<>(TwoFactorAuthProviderType.class);
 
-    // FIXME [viacheslav]: remove from the map
     // TODO [viacheslav]: these rate limits are local, and will work bad in the cluster
-    private final ConcurrentMap<String, TbRateLimits> verificationCodeSendingRateLimits = new ConcurrentHashMap<>();
-    private final ConcurrentMap<String, TbRateLimits> verificationCodeCheckingRateLimits = new ConcurrentHashMap<>();
+    private final ConcurrentMap<UserId, TbRateLimits> verificationCodeSendingRateLimits = new ConcurrentHashMap<>();
+    private final ConcurrentMap<UserId, TbRateLimits> verificationCodeCheckingRateLimits = new ConcurrentHashMap<>();
 
-    private static final ThingsboardException ACCOUNT_NOT_CONFIGURED = new ThingsboardException("2FA is not configured for account", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
-    private static final ThingsboardException PROVIDER_NOT_CONFIGURED = new ThingsboardException("2FA provider is not configured", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
-    private static final ThingsboardException PROVIDER_NOT_AVAILABLE = new ThingsboardException("2FA provider is not available", ThingsboardErrorCode.GENERAL);
+    private static final ThingsboardException ACCOUNT_NOT_CONFIGURED_ERROR = new ThingsboardException("2FA is not configured for account", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
+    private static final ThingsboardException PROVIDER_NOT_CONFIGURED_ERROR = new ThingsboardException("2FA provider is not configured", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
+    private static final ThingsboardException PROVIDER_NOT_AVAILABLE_ERROR = new ThingsboardException("2FA provider is not available", ThingsboardErrorCode.GENERAL);
 
 
     @Override
     public void prepareVerificationCode(SecurityUser securityUser, boolean rateLimit) throws Exception {
         TwoFactorAuthAccountConfig accountConfig = configManager.getTwoFaAccountConfig(securityUser.getTenantId(), securityUser.getId())
-                .orElseThrow(() -> ACCOUNT_NOT_CONFIGURED);
+                .orElseThrow(() -> ACCOUNT_NOT_CONFIGURED_ERROR);
         prepareVerificationCode(securityUser, accountConfig, rateLimit);
     }
 
     @Override
     public void prepareVerificationCode(SecurityUser securityUser, TwoFactorAuthAccountConfig accountConfig, boolean rateLimit) throws ThingsboardException {
         TwoFactorAuthSettings twoFaSettings = configManager.getTwoFaSettings(securityUser.getTenantId())
-                .orElseThrow(() -> PROVIDER_NOT_CONFIGURED);
+                .orElseThrow(() -> PROVIDER_NOT_CONFIGURED_ERROR);
         if (rateLimit) {
             if (StringUtils.isNotEmpty(twoFaSettings.getVerificationCodeSendRateLimit())) {
-                TbRateLimits rateLimits = verificationCodeSendingRateLimits.computeIfAbsent(securityUser.getSessionId(), sessionId -> {
+                TbRateLimits rateLimits = verificationCodeSendingRateLimits.computeIfAbsent(securityUser.getId(), sessionId -> {
                     return new TbRateLimits(twoFaSettings.getVerificationCodeSendRateLimit());
                 });
                 if (!rateLimits.tryConsume()) {
@@ -83,14 +83,14 @@ public class DefaultTwoFactorAuthService implements TwoFactorAuthService {
         }
 
         TwoFactorAuthProviderConfig providerConfig = twoFaSettings.getProviderConfig(accountConfig.getProviderType())
-                .orElseThrow(() -> PROVIDER_NOT_CONFIGURED);
+                .orElseThrow(() -> PROVIDER_NOT_CONFIGURED_ERROR);
         getTwoFaProvider(accountConfig.getProviderType()).prepareVerificationCode(securityUser, providerConfig, accountConfig);
     }
 
     @Override
     public boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, boolean rateLimit) throws ThingsboardException {
         TwoFactorAuthAccountConfig accountConfig = configManager.getTwoFaAccountConfig(securityUser.getTenantId(), securityUser.getId())
-                .orElseThrow(() -> ACCOUNT_NOT_CONFIGURED);
+                .orElseThrow(() -> ACCOUNT_NOT_CONFIGURED_ERROR);
         return checkVerificationCode(securityUser, verificationCode, accountConfig, rateLimit);
     }
 
@@ -101,10 +101,10 @@ public class DefaultTwoFactorAuthService implements TwoFactorAuthService {
         }
 
         TwoFactorAuthSettings twoFaSettings = configManager.getTwoFaSettings(securityUser.getTenantId())
-                .orElseThrow(() -> PROVIDER_NOT_CONFIGURED);
+                .orElseThrow(() -> PROVIDER_NOT_CONFIGURED_ERROR);
         if (rateLimit) {
             if (StringUtils.isNotEmpty(twoFaSettings.getVerificationCodeCheckRateLimit())) {
-                TbRateLimits rateLimits = verificationCodeCheckingRateLimits.computeIfAbsent(securityUser.getSessionId(), sessionId -> {
+                TbRateLimits rateLimits = verificationCodeCheckingRateLimits.computeIfAbsent(securityUser.getId(), sessionId -> {
                     return new TbRateLimits(twoFaSettings.getVerificationCodeCheckRateLimit());
                 });
                 if (!rateLimits.tryConsume()) {
@@ -114,10 +114,14 @@ public class DefaultTwoFactorAuthService implements TwoFactorAuthService {
         }
 
         TwoFactorAuthProviderConfig providerConfig = twoFaSettings.getProviderConfig(accountConfig.getProviderType())
-                .orElseThrow(() -> PROVIDER_NOT_CONFIGURED);
+                .orElseThrow(() -> PROVIDER_NOT_CONFIGURED_ERROR);
         boolean verificationSuccess = getTwoFaProvider(accountConfig.getProviderType()).checkVerificationCode(securityUser, verificationCode, providerConfig, accountConfig);
         if (rateLimit) {
-            systemSecurityService.validateTwoFaVerification(securityUser.getTenantId(), securityUser.getId(), verificationSuccess, twoFaSettings);
+            systemSecurityService.validateTwoFaVerification(securityUser, verificationSuccess, twoFaSettings);
+            if (verificationSuccess) {
+                verificationCodeCheckingRateLimits.remove(securityUser.getId());
+                verificationCodeSendingRateLimits.remove(securityUser.getId());
+            }
         }
         return verificationSuccess;
     }
@@ -132,12 +136,12 @@ public class DefaultTwoFactorAuthService implements TwoFactorAuthService {
     private TwoFactorAuthProviderConfig getTwoFaProviderConfig(TenantId tenantId, TwoFactorAuthProviderType providerType) throws ThingsboardException {
         return configManager.getTwoFaSettings(tenantId)
                 .flatMap(twoFaSettings -> twoFaSettings.getProviderConfig(providerType))
-                .orElseThrow(() -> PROVIDER_NOT_CONFIGURED);
+                .orElseThrow(() -> PROVIDER_NOT_CONFIGURED_ERROR);
     }
 
     private TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig> getTwoFaProvider(TwoFactorAuthProviderType providerType) throws ThingsboardException {
         return Optional.ofNullable(providers.get(providerType))
-                .orElseThrow(() -> PROVIDER_NOT_AVAILABLE);
+                .orElseThrow(() -> PROVIDER_NOT_AVAILABLE_ERROR);
     }
 
     @Autowired
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
index e70742267b..0866aafbe1 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
@@ -17,14 +17,11 @@ package org.thingsboard.server.service.security.auth.mfa.config;
 
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
-import org.checkerframework.checker.index.qual.NonNegative;
 import org.thingsboard.server.service.security.auth.mfa.config.provider.TwoFactorAuthProviderConfig;
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
 
 import javax.validation.Valid;
-import javax.validation.constraints.AssertTrue;
 import javax.validation.constraints.Min;
-import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Pattern;
 import java.util.List;
 import java.util.Optional;
@@ -42,9 +39,10 @@ public class TwoFactorAuthSettings {
     @ApiModelProperty(example = "3:900 (3 requests per 15 minutes)")
     @Pattern(regexp = "[^0]\\d+:[^0]\\d+", message = "Rate limit configuration is invalid")
     private String verificationCodeCheckRateLimit;
+    @ApiModelProperty(example = "10")
     @Min(0)
     private int maxCodeVerificationFailuresBeforeUserLockout;
-    @ApiModelProperty(value = "in seconds")
+    @ApiModelProperty(value = "in minutes", example = "60")
     @Min(1)
     private int totalAllowedTimeForVerification;
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProvider.java
index 858b5995f7..030482ac6d 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProvider.java
@@ -25,9 +25,9 @@ public interface TwoFactorAuthProvider<C extends TwoFactorAuthProviderConfig, A
 
     A generateNewAccountConfig(User user, C providerConfig);
 
-    default void prepareVerificationCode(SecurityUser user, C providerConfig, A accountConfig) throws ThingsboardException {}
+    default void prepareVerificationCode(SecurityUser securityUser, C providerConfig, A accountConfig) throws ThingsboardException {}
 
-    boolean checkVerificationCode(SecurityUser user, String verificationCode, C providerConfig, A accountConfig);
+    boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, C providerConfig, A accountConfig);
 
 
     TwoFactorAuthProviderType getType();
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java
index e13e0925d5..0438c53e15 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java
@@ -38,27 +38,27 @@ public abstract class OtpBasedTwoFactorAuthProvider<C extends OtpBasedTwoFactorA
 
 
     @Override
-    public final void prepareVerificationCode(SecurityUser user, C providerConfig, A accountConfig) throws ThingsboardException {
+    public final void prepareVerificationCode(SecurityUser securityUser, C providerConfig, A accountConfig) throws ThingsboardException {
         String verificationCode = RandomStringUtils.randomNumeric(6);
-        verificationCodesCache.put(user.getSessionId(), new Otp(System.currentTimeMillis(), verificationCode, accountConfig));
-        sendVerificationCode(user, verificationCode, providerConfig, accountConfig);
+        verificationCodesCache.put(securityUser.getId(), new Otp(System.currentTimeMillis(), verificationCode, accountConfig));
+        sendVerificationCode(securityUser, verificationCode, providerConfig, accountConfig);
     }
 
     protected abstract void sendVerificationCode(SecurityUser user, String verificationCode, C providerConfig, A accountConfig) throws ThingsboardException;
 
 
     @Override
-    public final boolean checkVerificationCode(SecurityUser user, String verificationCode, C providerConfig, A accountConfig) {
-        Otp correctVerificationCode = verificationCodesCache.get(user.getSessionId(), Otp.class);
+    public final boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, C providerConfig, A accountConfig) {
+        Otp correctVerificationCode = verificationCodesCache.get(securityUser.getId(), Otp.class);
         if (correctVerificationCode != null) {
             if (System.currentTimeMillis() - correctVerificationCode.getTimestamp()
                     > TimeUnit.SECONDS.toMillis(providerConfig.getVerificationCodeLifetime())) {
-                verificationCodesCache.evict(user.getSessionId());
+                verificationCodesCache.evict(securityUser.getId());
                 return false;
             }
             if (verificationCode.equals(correctVerificationCode.getValue())
                     && correctVerificationCode.getConfig().equals(accountConfig)) {
-                verificationCodesCache.evict(user.getSessionId());
+                verificationCodesCache.evict(securityUser.getId());
                 return true;
             }
         }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFactorAuthProvider.java
index 65574fc760..83767ee3d8 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFactorAuthProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFactorAuthProvider.java
@@ -45,7 +45,7 @@ public class TotpTwoFactorAuthProvider implements TwoFactorAuthProvider<TotpTwoF
     }
 
     @Override
-    public final boolean checkVerificationCode(SecurityUser user, String verificationCode, TotpTwoFactorAuthProviderConfig providerConfig, TotpTwoFactorAuthAccountConfig accountConfig) {
+    public final boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, TotpTwoFactorAuthProviderConfig providerConfig, TotpTwoFactorAuthAccountConfig accountConfig) {
         String secretKey = UriComponentsBuilder.fromUriString(accountConfig.getAuthUrl()).build().getQueryParams().getFirst("secret");
         return new Totp(secretKey).verify(verificationCode);
     }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
index c4f550b9ba..8429c70506 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
@@ -36,7 +36,6 @@ import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.security.Authority;
 import org.thingsboard.server.common.data.security.UserCredentials;
-import org.thingsboard.server.dao.audit.AuditLogService;
 import org.thingsboard.server.dao.customer.CustomerService;
 import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.service.security.auth.MfaAuthenticationToken;
@@ -44,7 +43,6 @@ import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConf
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.UserPrincipal;
 import org.thingsboard.server.service.security.system.SystemSecurityService;
-import ua_parser.Client;
 
 import java.util.UUID;
 
@@ -56,19 +54,16 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
     private final SystemSecurityService systemSecurityService;
     private final UserService userService;
     private final CustomerService customerService;
-    private final AuditLogService auditLogService;
     private final TwoFactorAuthConfigManager twoFactorAuthConfigManager;
 
     @Autowired
     public RestAuthenticationProvider(final UserService userService,
                                       final CustomerService customerService,
                                       final SystemSecurityService systemSecurityService,
-                                      final AuditLogService auditLogService,
                                       TwoFactorAuthConfigManager twoFactorAuthConfigManager) {
         this.userService = userService;
         this.customerService = customerService;
         this.systemSecurityService = systemSecurityService;
-        this.auditLogService = auditLogService;
         this.twoFactorAuthConfigManager = twoFactorAuthConfigManager;
     }
 
@@ -89,8 +84,9 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
             securityUser = authenticateByUsernameAndPassword(authentication, userPrincipal, username, password);
             if (twoFactorAuthConfigManager.isTwoFaEnabled(securityUser)) {
                 return new MfaAuthenticationToken(securityUser);
+            } else {
+                systemSecurityService.logLoginAction((User) authentication.getPrincipal(), authentication, ActionType.LOGIN, null);
             }
-            logLoginAction((User) authentication.getPrincipal(), authentication, ActionType.LOGIN, null);
         } else {
             String publicId = userPrincipal.getValue();
             securityUser = authenticateByPublicId(userPrincipal, publicId);
@@ -115,7 +111,7 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
             try {
                 systemSecurityService.validateUserCredentials(user.getTenantId(), userCredentials, username, password);
             } catch (LockedException e) {
-                logLoginAction(user, authentication, ActionType.LOCKOUT, null);
+                systemSecurityService.logLoginAction(user, authentication, ActionType.LOCKOUT, null);
                 throw e;
             }
 
@@ -124,7 +120,7 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
 
             return new SecurityUser(user, userCredentials.isEnabled(), userPrincipal);
         } catch (Exception e) {
-            logLoginAction(user, authentication, ActionType.LOGIN, e);
+            systemSecurityService.logLoginAction(user, authentication, ActionType.LOGIN, e);
             throw e;
         }
     }
@@ -159,52 +155,4 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
         return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
     }
 
-    private void logLoginAction(User user, Authentication authentication, ActionType actionType, Exception e) {
-        String clientAddress = "Unknown";
-        String browser = "Unknown";
-        String os = "Unknown";
-        String device = "Unknown";
-        if (authentication != null && authentication.getDetails() != null) {
-            if (authentication.getDetails() instanceof RestAuthenticationDetails) {
-                RestAuthenticationDetails details = (RestAuthenticationDetails)authentication.getDetails();
-                clientAddress = details.getClientAddress();
-                if (details.getUserAgent() != null) {
-                    Client userAgent = details.getUserAgent();
-                    if (userAgent.userAgent != null) {
-                        browser = userAgent.userAgent.family;
-                        if (userAgent.userAgent.major != null) {
-                            browser += " " + userAgent.userAgent.major;
-                            if (userAgent.userAgent.minor != null) {
-                                browser += "." + userAgent.userAgent.minor;
-                                if (userAgent.userAgent.patch != null) {
-                                    browser += "." + userAgent.userAgent.patch;
-                                }
-                            }
-                        }
-                    }
-                    if (userAgent.os != null) {
-                        os = userAgent.os.family;
-                        if (userAgent.os.major != null) {
-                            os += " " + userAgent.os.major;
-                            if (userAgent.os.minor != null) {
-                                os += "." + userAgent.os.minor;
-                                if (userAgent.os.patch != null) {
-                                    os += "." + userAgent.os.patch;
-                                    if (userAgent.os.patchMinor != null) {
-                                        os += "." + userAgent.os.patchMinor;
-                                    }
-                                }
-                            }
-                        }
-                    }
-                    if (userAgent.device != null) {
-                        device = userAgent.device.family;
-                    }
-                }
-            }
-        }
-        auditLogService.logEntityAction(
-                user.getTenantId(), user.getCustomerId(), user.getId(),
-                user.getName(), user.getId(), null, actionType, e, clientAddress, browser, os, device);
-    }
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
index 205fb9a391..33c0c23f72 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
@@ -37,6 +37,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import java.io.IOException;
+import java.util.concurrent.TimeUnit;
 
 @Component(value = "defaultAuthenticationSuccessHandler")
 @RequiredArgsConstructor
@@ -54,8 +55,8 @@ public class RestAwareAuthenticationSuccessHandler implements AuthenticationSucc
         JwtTokenPair tokenPair = new JwtTokenPair();
 
         if (authentication instanceof MfaAuthenticationToken) {
-            int preVerificationTokenLifetime = twoFactorAuthConfigManager.getTwoFaSettings(securityUser.getTenantId())
-                    .map(TwoFactorAuthSettings::getTotalAllowedTimeForVerification).orElse(30);
+            int preVerificationTokenLifetime = (int) TimeUnit.MINUTES.toSeconds(twoFactorAuthConfigManager.getTwoFaSettings(securityUser.getTenantId())
+                    .map(TwoFactorAuthSettings::getTotalAllowedTimeForVerification).orElse(30));
             tokenPair.setToken(tokenFactory.createTwoFaPreVerificationToken(securityUser, preVerificationTokenLifetime).getToken());
             tokenPair.setRefreshToken(null);
         } else {
diff --git a/application/src/main/java/org/thingsboard/server/service/security/model/SecurityUser.java b/application/src/main/java/org/thingsboard/server/service/security/model/SecurityUser.java
index 3698282489..380d6537f2 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/model/SecurityUser.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/model/SecurityUser.java
@@ -21,7 +21,6 @@ import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.id.UserId;
 
 import java.util.Collection;
-import java.util.UUID;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
@@ -32,7 +31,6 @@ public class SecurityUser extends User {
     private Collection<GrantedAuthority> authorities;
     private boolean enabled;
     private UserPrincipal userPrincipal;
-    private String sessionId;
 
     public SecurityUser() {
         super();
@@ -46,7 +44,6 @@ public class SecurityUser extends User {
         super(user);
         this.enabled = enabled;
         this.userPrincipal = userPrincipal;
-        this.sessionId = UUID.randomUUID().toString();
     }
 
     public Collection<GrantedAuthority> getAuthorities() {
@@ -74,12 +71,4 @@ public class SecurityUser extends User {
         this.userPrincipal = userPrincipal;
     }
 
-    public String getSessionId() {
-        return sessionId;
-    }
-
-    public void setSessionId(String sessionId) {
-        this.sessionId = sessionId;
-    }
-
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/model/token/JwtTokenFactory.java b/application/src/main/java/org/thingsboard/server/service/security/model/token/JwtTokenFactory.java
index 36f64b3566..8121ebf834 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/model/token/JwtTokenFactory.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/model/token/JwtTokenFactory.java
@@ -60,7 +60,6 @@ public class JwtTokenFactory {
     private static final String IS_PUBLIC = "isPublic";
     private static final String TENANT_ID = "tenantId";
     private static final String CUSTOMER_ID = "customerId";
-    private static final String SESSION_ID = "sessionId";
 
     private final JwtSettings settings;
 
@@ -116,7 +115,6 @@ public class JwtTokenFactory {
         } else if (securityUser.getAuthority() == Authority.SYS_ADMIN) {
             securityUser.setTenantId(TenantId.SYS_TENANT_ID);
         }
-        securityUser.setSessionId(claims.get(SESSION_ID, String.class));
 
         if (securityUser.getAuthority() != Authority.PRE_VERIFICATION_TOKEN) {
             securityUser.setFirstName(claims.get(FIRST_NAME, String.class));
@@ -162,7 +160,6 @@ public class JwtTokenFactory {
         UserPrincipal principal = new UserPrincipal(isPublic ? UserPrincipal.Type.PUBLIC_ID : UserPrincipal.Type.USER_NAME, subject);
         SecurityUser securityUser = new SecurityUser(new UserId(UUID.fromString(claims.get(USER_ID, String.class))));
         securityUser.setUserPrincipal(principal);
-        securityUser.setSessionId(claims.get(SESSION_ID, String.class));
         return securityUser;
     }
 
@@ -183,9 +180,6 @@ public class JwtTokenFactory {
         Claims claims = Jwts.claims().setSubject(principal.getValue());
         claims.put(USER_ID, securityUser.getId().getId().toString());
         claims.put(SCOPES, scopes);
-        if (securityUser.getSessionId() != null) {
-            claims.put(SESSION_ID, securityUser.getSessionId());
-        }
 
         ZonedDateTime currentTime = ZonedDateTime.now();
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
index 646562f9ed..6e6815ff5e 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
@@ -34,6 +34,7 @@ import org.springframework.cache.annotation.Cacheable;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.DisabledException;
 import org.springframework.security.authentication.LockedException;
+import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
@@ -41,6 +42,7 @@ import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.rule.engine.api.MailService;
 import org.thingsboard.server.common.data.AdminSettings;
 import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.CustomerId;
 import org.thingsboard.server.common.data.id.TenantId;
@@ -48,20 +50,23 @@ import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.security.UserCredentials;
 import org.thingsboard.server.common.data.security.model.SecuritySettings;
 import org.thingsboard.server.common.data.security.model.UserPasswordPolicy;
+import org.thingsboard.server.dao.audit.AuditLogService;
 import org.thingsboard.server.dao.exception.DataValidationException;
 import org.thingsboard.server.dao.settings.AdminSettingsService;
 import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.dao.user.UserServiceImpl;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
+import org.thingsboard.server.service.security.auth.rest.RestAuthenticationDetails;
 import org.thingsboard.server.service.security.exception.UserPasswordExpiredException;
+import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.utils.MiscUtils;
+import ua_parser.Client;
 
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
-import java.util.Optional;
 import java.util.concurrent.TimeUnit;
 
 import static org.thingsboard.server.common.data.CacheConstants.SECURITY_SETTINGS_CACHE;
@@ -82,6 +87,9 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
     @Autowired
     private MailService mailService;
 
+    @Autowired
+    private AuditLogService auditLogService;
+
     @Resource
     private SystemSecurityService self;
 
@@ -124,7 +132,7 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
     @Override
     public void validateUserCredentials(TenantId tenantId, UserCredentials userCredentials, String username, String password) throws AuthenticationException {
         if (!encoder.matches(password, userCredentials.getPassword())) {
-            int failedLoginAttempts = userService.onUserLoginIncorrectCredentials(tenantId, userCredentials.getUserId());
+            int failedLoginAttempts = userService.increaseFailedLoginAttempts(tenantId, userCredentials.getUserId());
             SecuritySettings securitySettings = self.getSecuritySettings(tenantId);
             if (securitySettings.getMaxFailedLoginAttempts() != null && securitySettings.getMaxFailedLoginAttempts() > 0) {
                 if (failedLoginAttempts > securitySettings.getMaxFailedLoginAttempts() && userCredentials.isEnabled()) {
@@ -139,8 +147,7 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
             throw new DisabledException("User is not active");
         }
 
-        // FIXME [viacheslav]: don't do that in case of 2FA. maybe just move underlying setLastLoginTs to logLoginAction ?
-        userService.onUserLoginSuccessful(tenantId, userCredentials.getUserId());
+        userService.resetFailedLoginAttempts(tenantId, userCredentials.getUserId());
 
         SecuritySettings securitySettings = self.getSecuritySettings(tenantId);
         if (isPositiveInteger(securitySettings.getPasswordPolicy().getPasswordExpirationPeriodDays())) {
@@ -154,27 +161,21 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
     }
 
     @Override
-    public void validateTwoFaVerification(TenantId tenantId, UserId userId, boolean verificationSuccess, TwoFactorAuthSettings twoFaSettings) {
-        User user = userService.findUserById(tenantId, userId);
-        ObjectNode additionalInfo = (ObjectNode) Optional.ofNullable(user.getAdditionalInfo())
-                .filter(jsonNode -> jsonNode instanceof ObjectNode)
-                .orElseGet(JacksonUtil::newObjectNode);
-        // TODO [viacheslav]: test !
-        int failedVerificationAttempts = Optional.ofNullable(additionalInfo.get("failedTwoFaVerificationAttempts"))
-                .map(JsonNode::asInt).orElse(0);
+    public void validateTwoFaVerification(SecurityUser securityUser, boolean verificationSuccess, TwoFactorAuthSettings twoFaSettings) {
+        TenantId tenantId = securityUser.getTenantId();
+        UserId userId = securityUser.getId();
 
+        int failedVerificationAttempts = 0;
         if (!verificationSuccess) {
-            failedVerificationAttempts++;
-            // TODO [viacheslav]: maybe use userService.onUserLoginIncorrectCredentials()
+            failedVerificationAttempts = userService.increaseFailedLoginAttempts(tenantId, userId);
         } else {
-            failedVerificationAttempts = 0;
-            // and set last login ts
+            userService.resetFailedLoginAttempts(tenantId, userId);
         }
 
         if (twoFaSettings.getMaxCodeVerificationFailuresBeforeUserLockout() > 0
                 && failedVerificationAttempts >= twoFaSettings.getMaxCodeVerificationFailuresBeforeUserLockout()) {
             userService.setUserCredentialsEnabled(TenantId.SYS_TENANT_ID, userId, false);
-            lockAccount(userId, user.getEmail(), self.getSecuritySettings(tenantId));
+            lockAccount(userId, securityUser.getEmail(), self.getSecuritySettings(tenantId));
             throw new LockedException("User account was locked due to exceeded 2FA verification attempts");
         }
     }
@@ -255,6 +256,59 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
         return baseUrl;
     }
 
+    @Override
+    public void logLoginAction(User user, Authentication authentication, ActionType actionType, Exception e) {
+        String clientAddress = "Unknown";
+        String browser = "Unknown";
+        String os = "Unknown";
+        String device = "Unknown";
+        if (authentication != null && authentication.getDetails() != null) {
+            if (authentication.getDetails() instanceof RestAuthenticationDetails) {
+                RestAuthenticationDetails details = (RestAuthenticationDetails) authentication.getDetails();
+                clientAddress = details.getClientAddress();
+                if (details.getUserAgent() != null) {
+                    Client userAgent = details.getUserAgent();
+                    if (userAgent.userAgent != null) {
+                        browser = userAgent.userAgent.family;
+                        if (userAgent.userAgent.major != null) {
+                            browser += " " + userAgent.userAgent.major;
+                            if (userAgent.userAgent.minor != null) {
+                                browser += "." + userAgent.userAgent.minor;
+                                if (userAgent.userAgent.patch != null) {
+                                    browser += "." + userAgent.userAgent.patch;
+                                }
+                            }
+                        }
+                    }
+                    if (userAgent.os != null) {
+                        os = userAgent.os.family;
+                        if (userAgent.os.major != null) {
+                            os += " " + userAgent.os.major;
+                            if (userAgent.os.minor != null) {
+                                os += "." + userAgent.os.minor;
+                                if (userAgent.os.patch != null) {
+                                    os += "." + userAgent.os.patch;
+                                    if (userAgent.os.patchMinor != null) {
+                                        os += "." + userAgent.os.patchMinor;
+                                    }
+                                }
+                            }
+                        }
+                    }
+                    if (userAgent.device != null) {
+                        device = userAgent.device.family;
+                    }
+                }
+            }
+        }
+        if (actionType == ActionType.LOGIN && e == null) {
+            userService.setLastLoginTs(user.getTenantId(), user.getId());
+        }
+        auditLogService.logEntityAction(
+                user.getTenantId(), user.getCustomerId(), user.getId(),
+                user.getName(), user.getId(), null, actionType, e, clientAddress, browser, os, device);
+    }
+
     private static boolean isPositiveInteger(Integer val) {
         return val != null && val.intValue() > 0;
     }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java b/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
index 453251bf03..f6b401da4e 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
@@ -15,14 +15,17 @@
  */
 package org.thingsboard.server.service.security.system;
 
+import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
+import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.id.CustomerId;
 import org.thingsboard.server.common.data.id.TenantId;
-import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.security.UserCredentials;
-import org.thingsboard.server.dao.exception.DataValidationException;
 import org.thingsboard.server.common.data.security.model.SecuritySettings;
+import org.thingsboard.server.dao.exception.DataValidationException;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
+import org.thingsboard.server.service.security.model.SecurityUser;
 
 import javax.servlet.http.HttpServletRequest;
 
@@ -34,10 +37,12 @@ public interface SystemSecurityService {
 
     void validateUserCredentials(TenantId tenantId, UserCredentials userCredentials, String username, String password) throws AuthenticationException;
 
-    void validateTwoFaVerification(TenantId tenantId, UserId userId, boolean verificationSuccess, TwoFactorAuthSettings twoFaSettings);
+    void validateTwoFaVerification(SecurityUser securityUser, boolean verificationSuccess, TwoFactorAuthSettings twoFaSettings);
 
     void validatePassword(TenantId tenantId, String password, UserCredentials userCredentials) throws DataValidationException;
 
     String getBaseUrl(TenantId tenantId, CustomerId customerId, HttpServletRequest httpServletRequest);
 
+    void logLoginAction(User user, Authentication authentication, ActionType actionType, Exception e);
+
 }
diff --git a/common/dao-api/src/main/java/org/thingsboard/server/dao/user/UserService.java b/common/dao-api/src/main/java/org/thingsboard/server/dao/user/UserService.java
index e8ddce587e..d5d29efa40 100644
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/user/UserService.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/user/UserService.java
@@ -56,16 +56,19 @@ public interface UserService {
     PageData<User> findUsersByTenantId(TenantId tenantId, PageLink pageLink);
 
     PageData<User> findTenantAdmins(TenantId tenantId, PageLink pageLink);
-	
+
 	void deleteTenantAdmins(TenantId tenantId);
 
     PageData<User> findCustomerUsers(TenantId tenantId, CustomerId customerId, PageLink pageLink);
-	    
+
 	void deleteCustomerUsers(TenantId tenantId, CustomerId customerId);
 
 	void setUserCredentialsEnabled(TenantId tenantId, UserId userId, boolean enabled);
 
-	void onUserLoginSuccessful(TenantId tenantId, UserId userId);
+	void resetFailedLoginAttempts(TenantId tenantId, UserId userId);
+
+	int increaseFailedLoginAttempts(TenantId tenantId, UserId userId);
+
+	void setLastLoginTs(TenantId tenantId, UserId userId);
 
-	int onUserLoginIncorrectCredentials(TenantId tenantId, UserId userId);
 }
diff --git a/dao/src/main/java/org/thingsboard/server/dao/user/UserServiceImpl.java b/dao/src/main/java/org/thingsboard/server/dao/user/UserServiceImpl.java
index 1ee78d4068..b8c7b8e9f9 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/user/UserServiceImpl.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/user/UserServiceImpl.java
@@ -298,34 +298,35 @@ public class UserServiceImpl extends AbstractEntityService implements UserServic
 
 
     @Override
-    public void onUserLoginSuccessful(TenantId tenantId, UserId userId) {
+    public void resetFailedLoginAttempts(TenantId tenantId, UserId userId) {
         log.trace("Executing onUserLoginSuccessful [{}]", userId);
         User user = findUserById(tenantId, userId);
-        setLastLoginTs(user); // FIXME [viacheslav]: move to logLoginAction ?
         resetFailedLoginAttempts(user);
         saveUser(user);
     }
 
-    private void setLastLoginTs(User user) {
+    private void resetFailedLoginAttempts(User user) {
         JsonNode additionalInfo = user.getAdditionalInfo();
         if (!(additionalInfo instanceof ObjectNode)) {
             additionalInfo = JacksonUtil.newObjectNode();
         }
-        ((ObjectNode) additionalInfo).put(LAST_LOGIN_TS, System.currentTimeMillis());
+        ((ObjectNode) additionalInfo).put(FAILED_LOGIN_ATTEMPTS, 0);
         user.setAdditionalInfo(additionalInfo);
     }
 
-    private void resetFailedLoginAttempts(User user) {
+    @Override
+    public void setLastLoginTs(TenantId tenantId, UserId userId) {
+        User user = findUserById(tenantId, userId);
         JsonNode additionalInfo = user.getAdditionalInfo();
         if (!(additionalInfo instanceof ObjectNode)) {
             additionalInfo = JacksonUtil.newObjectNode();
         }
-        ((ObjectNode) additionalInfo).put(FAILED_LOGIN_ATTEMPTS, 0);
+        ((ObjectNode) additionalInfo).put(LAST_LOGIN_TS, System.currentTimeMillis());
         user.setAdditionalInfo(additionalInfo);
     }
 
     @Override
-    public int onUserLoginIncorrectCredentials(TenantId tenantId, UserId userId) {
+    public int increaseFailedLoginAttempts(TenantId tenantId, UserId userId) {
         log.trace("Executing onUserLoginIncorrectCredentials [{}]", userId);
         User user = findUserById(tenantId, userId);
         int failedLoginAttempts = increaseFailedLoginAttempts(user);

From ea7f559e23bd8429f6d10835b99318dd77f17c33 Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Sun, 20 Mar 2022 14:59:25 +0200
Subject: [PATCH 09/92] 2FA: log login action, fix user lockout

---
 .../controller/TwoFactorAuthController.java   | 10 +++--
 .../mfa/config/TwoFactorAuthSettings.java     |  2 +-
 .../TotpTwoFactorAuthAccountConfig.java       |  2 +-
 .../auth/rest/RestAuthenticationProvider.java |  6 +--
 .../system/DefaultSystemSecurityService.java  | 44 +++++++++----------
 .../system/SystemSecurityService.java         |  3 +-
 .../resources/templates/account.lockout.ftl   |  2 +-
 .../server/controller/TwoFactorAuthTest.java  |  2 +-
 8 files changed, 35 insertions(+), 36 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
index 125febeb6a..1b1983cdf8 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@@ -26,11 +26,14 @@ import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
+import org.thingsboard.server.service.security.auth.rest.RestAuthenticationDetails;
 import org.thingsboard.server.service.security.model.JwtTokenPair;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
 import org.thingsboard.server.service.security.system.SystemSecurityService;
 
+import javax.servlet.http.HttpServletRequest;
+
 /*
  * TODO [viacheslav]:
  *  - Tests for 2FA
@@ -64,16 +67,15 @@ public class TwoFactorAuthController extends BaseController {
 
     @PostMapping("/verification/check")
     @PreAuthorize("hasAuthority('PRE_VERIFICATION_TOKEN')")
-    public JwtTokenPair checkTwoFaVerificationCode(@RequestParam String verificationCode, Authentication authentication) throws Exception {
+    public JwtTokenPair checkTwoFaVerificationCode(@RequestParam String verificationCode, HttpServletRequest servletRequest) throws Exception {
         SecurityUser user = getCurrentUser();
         boolean verificationSuccess = twoFactorAuthService.checkVerificationCode(user, verificationCode, true);
         if (verificationSuccess) {
-            systemSecurityService.logLoginAction(user, authentication, ActionType.LOGIN, null);
+            systemSecurityService.logLoginAction(user, new RestAuthenticationDetails(servletRequest), ActionType.LOGIN, null);
             return tokenFactory.createTokenPair(user);
         } else {
             ThingsboardException error = new ThingsboardException("Verification code is incorrect", ThingsboardErrorCode.AUTHENTICATION);
-            // FIXME [viacheslav]: log login action: no authentication details
-            systemSecurityService.logLoginAction(user, authentication, ActionType.LOGIN, error);
+            systemSecurityService.logLoginAction(user, new RestAuthenticationDetails(servletRequest), ActionType.LOGIN, error);
             throw error;
         }
     }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
index 0866aafbe1..ae39065e74 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
@@ -41,7 +41,7 @@ public class TwoFactorAuthSettings {
     private String verificationCodeCheckRateLimit;
     @ApiModelProperty(example = "10")
     @Min(0)
-    private int maxCodeVerificationFailuresBeforeUserLockout;
+    private int maxVerificationFailuresBeforeUserLockout;
     @ApiModelProperty(value = "in minutes", example = "60")
     @Min(1)
     private int totalAllowedTimeForVerification;
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TotpTwoFactorAuthAccountConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TotpTwoFactorAuthAccountConfig.java
index 78ab4cf80b..93975d49ad 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TotpTwoFactorAuthAccountConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TotpTwoFactorAuthAccountConfig.java
@@ -25,7 +25,7 @@ import javax.validation.constraints.Pattern;
 public class TotpTwoFactorAuthAccountConfig implements TwoFactorAuthAccountConfig {
 
     @NotBlank
-//    @Pattern(regexp = ) // TODO [viacheslav]: validate otp auth url by pattern
+//    @Pattern(regexp = "otpauth://totp/") // FIXME [viacheslav]: validate otp auth url by pattern
     private String authUrl;
 
     @Override
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
index 8429c70506..71d16d46d0 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
@@ -85,7 +85,7 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
             if (twoFactorAuthConfigManager.isTwoFaEnabled(securityUser)) {
                 return new MfaAuthenticationToken(securityUser);
             } else {
-                systemSecurityService.logLoginAction((User) authentication.getPrincipal(), authentication, ActionType.LOGIN, null);
+                systemSecurityService.logLoginAction((User) authentication.getPrincipal(), authentication.getDetails(), ActionType.LOGIN, null);
             }
         } else {
             String publicId = userPrincipal.getValue();
@@ -111,7 +111,7 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
             try {
                 systemSecurityService.validateUserCredentials(user.getTenantId(), userCredentials, username, password);
             } catch (LockedException e) {
-                systemSecurityService.logLoginAction(user, authentication, ActionType.LOCKOUT, null);
+                systemSecurityService.logLoginAction(user, authentication.getDetails(), ActionType.LOCKOUT, null);
                 throw e;
             }
 
@@ -120,7 +120,7 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
 
             return new SecurityUser(user, userCredentials.isEnabled(), userPrincipal);
         } catch (Exception e) {
-            systemSecurityService.logLoginAction(user, authentication, ActionType.LOGIN, e);
+            systemSecurityService.logLoginAction(user, authentication.getDetails(), ActionType.LOGIN, e);
             throw e;
         }
     }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
index 6e6815ff5e..1f19b9c19b 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
@@ -34,7 +34,6 @@ import org.springframework.cache.annotation.Cacheable;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.DisabledException;
 import org.springframework.security.authentication.LockedException;
-import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
@@ -136,7 +135,7 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
             SecuritySettings securitySettings = self.getSecuritySettings(tenantId);
             if (securitySettings.getMaxFailedLoginAttempts() != null && securitySettings.getMaxFailedLoginAttempts() > 0) {
                 if (failedLoginAttempts > securitySettings.getMaxFailedLoginAttempts() && userCredentials.isEnabled()) {
-                    lockAccount(userCredentials.getUserId(), username, securitySettings);
+                    lockAccount(userCredentials.getUserId(), username, securitySettings.getUserLockoutNotificationEmail(), securitySettings.getMaxFailedLoginAttempts());
                     throw new LockedException("Authentication Failed. Username was locked due to security policy.");
                 }
             }
@@ -172,21 +171,22 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
             userService.resetFailedLoginAttempts(tenantId, userId);
         }
 
-        if (twoFaSettings.getMaxCodeVerificationFailuresBeforeUserLockout() > 0
-                && failedVerificationAttempts >= twoFaSettings.getMaxCodeVerificationFailuresBeforeUserLockout()) {
+        if (twoFaSettings.getMaxVerificationFailuresBeforeUserLockout() > 0
+                && failedVerificationAttempts >= twoFaSettings.getMaxVerificationFailuresBeforeUserLockout()) {
             userService.setUserCredentialsEnabled(TenantId.SYS_TENANT_ID, userId, false);
-            lockAccount(userId, securityUser.getEmail(), self.getSecuritySettings(tenantId));
+            SecuritySettings securitySettings = self.getSecuritySettings(tenantId);
+            lockAccount(userId, securityUser.getEmail(), securitySettings.getUserLockoutNotificationEmail(), twoFaSettings.getMaxVerificationFailuresBeforeUserLockout());
             throw new LockedException("User account was locked due to exceeded 2FA verification attempts");
         }
     }
 
-    private void lockAccount(UserId userId, String username, SecuritySettings securitySettings) {
+    private void lockAccount(UserId userId, String username, String userLockoutNotificationEmail, Integer maxFailedLoginAttempts) {
         userService.setUserCredentialsEnabled(TenantId.SYS_TENANT_ID, userId, false);
-        if (StringUtils.isNoneBlank(securitySettings.getUserLockoutNotificationEmail())) {
+        if (StringUtils.isNotBlank(userLockoutNotificationEmail)) {
             try {
-                mailService.sendAccountLockoutEmail(username, securitySettings.getUserLockoutNotificationEmail(), securitySettings.getMaxFailedLoginAttempts());
+                mailService.sendAccountLockoutEmail(username, userLockoutNotificationEmail, maxFailedLoginAttempts);
             } catch (ThingsboardException e) {
-                log.warn("Can't send email regarding user account [{}] lockout to provided email [{}]", username, securitySettings.getUserLockoutNotificationEmail(), e);
+                log.warn("Can't send email regarding user account [{}] lockout to provided email [{}]", username, userLockoutNotificationEmail, e);
             }
         }
     }
@@ -257,23 +257,22 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
     }
 
     @Override
-    public void logLoginAction(User user, Authentication authentication, ActionType actionType, Exception e) {
+    public void logLoginAction(User user, Object authenticationDetails, ActionType actionType, Exception e) {
         String clientAddress = "Unknown";
         String browser = "Unknown";
         String os = "Unknown";
         String device = "Unknown";
-        if (authentication != null && authentication.getDetails() != null) {
-            if (authentication.getDetails() instanceof RestAuthenticationDetails) {
-                RestAuthenticationDetails details = (RestAuthenticationDetails) authentication.getDetails();
-                clientAddress = details.getClientAddress();
-                if (details.getUserAgent() != null) {
-                    Client userAgent = details.getUserAgent();
-                    if (userAgent.userAgent != null) {
-                        browser = userAgent.userAgent.family;
-                        if (userAgent.userAgent.major != null) {
-                            browser += " " + userAgent.userAgent.major;
-                            if (userAgent.userAgent.minor != null) {
-                                browser += "." + userAgent.userAgent.minor;
+        if (authenticationDetails instanceof RestAuthenticationDetails) {
+            RestAuthenticationDetails details = (RestAuthenticationDetails) authenticationDetails;
+            clientAddress = details.getClientAddress();
+            if (details.getUserAgent() != null) {
+                Client userAgent = details.getUserAgent();
+                if (userAgent.userAgent != null) {
+                    browser = userAgent.userAgent.family;
+                    if (userAgent.userAgent.major != null) {
+                        browser += " " + userAgent.userAgent.major;
+                        if (userAgent.userAgent.minor != null) {
+                            browser += "." + userAgent.userAgent.minor;
                                 if (userAgent.userAgent.patch != null) {
                                     browser += "." + userAgent.userAgent.patch;
                                 }
@@ -300,7 +299,6 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
                     }
                 }
             }
-        }
         if (actionType == ActionType.LOGIN && e == null) {
             userService.setLastLoginTs(user.getTenantId(), user.getId());
         }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java b/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
index f6b401da4e..4c14e45ae6 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
@@ -15,7 +15,6 @@
  */
 package org.thingsboard.server.service.security.system;
 
-import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.audit.ActionType;
@@ -43,6 +42,6 @@ public interface SystemSecurityService {
 
     String getBaseUrl(TenantId tenantId, CustomerId customerId, HttpServletRequest httpServletRequest);
 
-    void logLoginAction(User user, Authentication authentication, ActionType actionType, Exception e);
+    void logLoginAction(User user, Object authenticationDetails, ActionType actionType, Exception e);
 
 }
diff --git a/application/src/main/resources/templates/account.lockout.ftl b/application/src/main/resources/templates/account.lockout.ftl
index 9832f8323d..fa21653cb9 100644
--- a/application/src/main/resources/templates/account.lockout.ftl
+++ b/application/src/main/resources/templates/account.lockout.ftl
@@ -88,7 +88,7 @@ background-color: #f6f6f6;
 								</tr>
 								<tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
 									<td class="content-block" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;" valign="top">
-										Thingsboard user account ${lockoutAccount} has been lockout due to failed credentials were provided more than ${maxFailedLoginAttempts} times.
+										Thingsboard user account ${lockoutAccount} has been locked out due to multiple authentication failures (more than ${maxFailedLoginAttempts}).
 									</td>
 								</tr>
 								<tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
index b338d0d99d..69bd49f6f5 100644
--- a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
@@ -44,8 +44,8 @@ import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.verify;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
-// TODO [viacheslav]: test sessionId
 // TODO [viacheslav]: test validation for all account configs, provider configs and two factor auth settings
+// TODO [viacheslav]: test authentication details, log login action, last login ts, rate limiting, user blocking, etc
 public abstract class TwoFactorAuthTest extends AbstractControllerTest {
 
     @SpyBean

From 062af3af810f47f10dc719f7be883e420968e800 Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Sun, 20 Mar 2022 15:43:38 +0200
Subject: [PATCH 10/92] 2FA: cleanup code

---
 .../server/config/JwtSettings.java            |  6 ------
 .../config/RateLimitProcessingFilter.java     |  3 ---
 .../TwoFactorAuthConfigController.java        |  2 ++
 .../controller/TwoFactorAuthController.java   |  2 ++
 .../RefreshTokenAuthenticationProvider.java   |  2 +-
 .../auth/mfa/DefaultTwoFactorAuthService.java | 20 ++++++++++--------
 .../auth/mfa/TwoFactorAuthService.java        |  8 +++----
 .../provider/TwoFactorAuthProviderType.java   |  3 +--
 .../impl/OtpBasedTwoFactorAuthProvider.java   |  5 +++--
 .../auth/rest/RestAuthenticationProvider.java |  2 +-
 ...RestAwareAuthenticationSuccessHandler.java |  6 +++---
 .../security/model/token/JwtTokenFactory.java |  2 +-
 .../system/DefaultSystemSecurityService.java  |  3 ++-
 .../src/main/resources/thingsboard.yml        |  4 +---
 .../common/util/ThrowingBiConsumer.java       | 21 -------------------
 .../common/util/ThrowingBiFunction.java       | 21 -------------------
 .../common/util/ThrowingTripleConsumer.java   | 21 -------------------
 .../common/util/ThrowingTripleFunction.java   | 21 -------------------
 .../rule/engine/api/util/TbNodeUtils.java     |  6 +-----
 19 files changed, 33 insertions(+), 125 deletions(-)
 delete mode 100644 common/util/src/main/java/org/thingsboard/common/util/ThrowingBiConsumer.java
 delete mode 100644 common/util/src/main/java/org/thingsboard/common/util/ThrowingBiFunction.java
 delete mode 100644 common/util/src/main/java/org/thingsboard/common/util/ThrowingTripleConsumer.java
 delete mode 100644 common/util/src/main/java/org/thingsboard/common/util/ThrowingTripleFunction.java

diff --git a/application/src/main/java/org/thingsboard/server/config/JwtSettings.java b/application/src/main/java/org/thingsboard/server/config/JwtSettings.java
index 1c15c4c150..95e510612a 100644
--- a/application/src/main/java/org/thingsboard/server/config/JwtSettings.java
+++ b/application/src/main/java/org/thingsboard/server/config/JwtSettings.java
@@ -44,10 +44,4 @@ public class JwtSettings {
      */
     private Integer refreshTokenExpTime;
 
-    /**
-    * Issued when 2FA is being used.
-    * Valid only for 2FA verification code checking.
-    * */
-    private Integer preVerificationTokenExpirationTime;
-
 }
diff --git a/application/src/main/java/org/thingsboard/server/config/RateLimitProcessingFilter.java b/application/src/main/java/org/thingsboard/server/config/RateLimitProcessingFilter.java
index 2756b9a647..e2e6f8d982 100644
--- a/application/src/main/java/org/thingsboard/server/config/RateLimitProcessingFilter.java
+++ b/application/src/main/java/org/thingsboard/server/config/RateLimitProcessingFilter.java
@@ -15,11 +15,8 @@
  */
 package org.thingsboard.server.config;
 
-import io.github.bucket4j.Bucket4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.cache.Cache;
-import org.springframework.cache.jcache.JCacheCacheManager;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java
index 12f0824ff1..5d3e3bf116 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java
@@ -31,6 +31,7 @@ import org.springframework.web.bind.annotation.RestController;
 import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
 import org.thingsboard.server.service.security.auth.mfa.config.account.TotpTwoFactorAuthAccountConfig;
@@ -45,6 +46,7 @@ import javax.validation.Valid;
 
 @RestController
 @RequestMapping("/api/2fa")
+@TbCoreComponent
 @RequiredArgsConstructor
 public class TwoFactorAuthConfigController extends BaseController {
 
diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
index 1b1983cdf8..ff6417a3aa 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@@ -25,6 +25,7 @@ import org.springframework.web.bind.annotation.RestController;
 import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
 import org.thingsboard.server.service.security.auth.rest.RestAuthenticationDetails;
 import org.thingsboard.server.service.security.model.JwtTokenPair;
@@ -50,6 +51,7 @@ import javax.servlet.http.HttpServletRequest;
  * */
 @RestController
 @RequestMapping("/api/auth/2fa")
+@TbCoreComponent
 @RequiredArgsConstructor
 public class TwoFactorAuthController extends BaseController {
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/RefreshTokenAuthenticationProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/RefreshTokenAuthenticationProvider.java
index 665451b61f..8003cfd012 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/RefreshTokenAuthenticationProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/RefreshTokenAuthenticationProvider.java
@@ -33,11 +33,11 @@ import org.thingsboard.server.common.data.id.EntityId;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.security.Authority;
+import org.thingsboard.server.service.security.auth.TokenOutdatingService;
 import org.thingsboard.server.common.data.security.UserCredentials;
 import org.thingsboard.server.dao.customer.CustomerService;
 import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.service.security.auth.RefreshAuthenticationToken;
-import org.thingsboard.server.service.security.auth.TokenOutdatingService;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.UserPrincipal;
 import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
index a06184ff6c..c8117ec792 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
@@ -26,6 +26,7 @@ import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.msg.tools.TbRateLimits;
 import org.thingsboard.server.dao.user.UserService;
+import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
 import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
@@ -44,6 +45,7 @@ import java.util.concurrent.ConcurrentMap;
 
 @Service
 @RequiredArgsConstructor
+@TbCoreComponent
 public class DefaultTwoFactorAuthService implements TwoFactorAuthService {
 
     private final TwoFactorAuthConfigManager configManager;
@@ -61,17 +63,17 @@ public class DefaultTwoFactorAuthService implements TwoFactorAuthService {
 
 
     @Override
-    public void prepareVerificationCode(SecurityUser securityUser, boolean rateLimit) throws Exception {
+    public void prepareVerificationCode(SecurityUser securityUser, boolean checkLimits) throws Exception {
         TwoFactorAuthAccountConfig accountConfig = configManager.getTwoFaAccountConfig(securityUser.getTenantId(), securityUser.getId())
                 .orElseThrow(() -> ACCOUNT_NOT_CONFIGURED_ERROR);
-        prepareVerificationCode(securityUser, accountConfig, rateLimit);
+        prepareVerificationCode(securityUser, accountConfig, checkLimits);
     }
 
     @Override
-    public void prepareVerificationCode(SecurityUser securityUser, TwoFactorAuthAccountConfig accountConfig, boolean rateLimit) throws ThingsboardException {
+    public void prepareVerificationCode(SecurityUser securityUser, TwoFactorAuthAccountConfig accountConfig, boolean checkLimits) throws ThingsboardException {
         TwoFactorAuthSettings twoFaSettings = configManager.getTwoFaSettings(securityUser.getTenantId())
                 .orElseThrow(() -> PROVIDER_NOT_CONFIGURED_ERROR);
-        if (rateLimit) {
+        if (checkLimits) {
             if (StringUtils.isNotEmpty(twoFaSettings.getVerificationCodeSendRateLimit())) {
                 TbRateLimits rateLimits = verificationCodeSendingRateLimits.computeIfAbsent(securityUser.getId(), sessionId -> {
                     return new TbRateLimits(twoFaSettings.getVerificationCodeSendRateLimit());
@@ -88,21 +90,21 @@ public class DefaultTwoFactorAuthService implements TwoFactorAuthService {
     }
 
     @Override
-    public boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, boolean rateLimit) throws ThingsboardException {
+    public boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, boolean checkLimits) throws ThingsboardException {
         TwoFactorAuthAccountConfig accountConfig = configManager.getTwoFaAccountConfig(securityUser.getTenantId(), securityUser.getId())
                 .orElseThrow(() -> ACCOUNT_NOT_CONFIGURED_ERROR);
-        return checkVerificationCode(securityUser, verificationCode, accountConfig, rateLimit);
+        return checkVerificationCode(securityUser, verificationCode, accountConfig, checkLimits);
     }
 
     @Override
-    public boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, TwoFactorAuthAccountConfig accountConfig, boolean rateLimit) throws ThingsboardException {
+    public boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, TwoFactorAuthAccountConfig accountConfig, boolean checkLimits) throws ThingsboardException {
         if (!userService.findUserCredentialsByUserId(securityUser.getTenantId(), securityUser.getId()).isEnabled()) {
             throw new ThingsboardException("User is disabled", ThingsboardErrorCode.AUTHENTICATION);
         }
 
         TwoFactorAuthSettings twoFaSettings = configManager.getTwoFaSettings(securityUser.getTenantId())
                 .orElseThrow(() -> PROVIDER_NOT_CONFIGURED_ERROR);
-        if (rateLimit) {
+        if (checkLimits) {
             if (StringUtils.isNotEmpty(twoFaSettings.getVerificationCodeCheckRateLimit())) {
                 TbRateLimits rateLimits = verificationCodeCheckingRateLimits.computeIfAbsent(securityUser.getId(), sessionId -> {
                     return new TbRateLimits(twoFaSettings.getVerificationCodeCheckRateLimit());
@@ -116,7 +118,7 @@ public class DefaultTwoFactorAuthService implements TwoFactorAuthService {
         TwoFactorAuthProviderConfig providerConfig = twoFaSettings.getProviderConfig(accountConfig.getProviderType())
                 .orElseThrow(() -> PROVIDER_NOT_CONFIGURED_ERROR);
         boolean verificationSuccess = getTwoFaProvider(accountConfig.getProviderType()).checkVerificationCode(securityUser, verificationCode, providerConfig, accountConfig);
-        if (rateLimit) {
+        if (checkLimits) {
             systemSecurityService.validateTwoFaVerification(securityUser, verificationSuccess, twoFaSettings);
             if (verificationSuccess) {
                 verificationCodeCheckingRateLimits.remove(securityUser.getId());
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
index ec2511e62a..e07ac2b2fa 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
@@ -23,13 +23,13 @@ import org.thingsboard.server.service.security.model.SecurityUser;
 
 public interface TwoFactorAuthService {
 
-    void prepareVerificationCode(SecurityUser securityUser, boolean rateLimit) throws Exception;
+    void prepareVerificationCode(SecurityUser securityUser, boolean checkLimits) throws Exception;
 
-    void prepareVerificationCode(SecurityUser securityUser, TwoFactorAuthAccountConfig accountConfig, boolean rateLimit) throws ThingsboardException;
+    void prepareVerificationCode(SecurityUser securityUser, TwoFactorAuthAccountConfig accountConfig, boolean checkLimits) throws ThingsboardException;
 
-    boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, boolean rateLimit) throws ThingsboardException;
+    boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, boolean checkLimits) throws ThingsboardException;
 
-    boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, TwoFactorAuthAccountConfig accountConfig, boolean rateLimit) throws ThingsboardException;
+    boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, TwoFactorAuthAccountConfig accountConfig, boolean checkLimits) throws ThingsboardException;
 
     TwoFactorAuthAccountConfig generateNewAccountConfig(User user, TwoFactorAuthProviderType providerType) throws ThingsboardException;
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProviderType.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProviderType.java
index 4ddaf836e1..9a4a3672a7 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProviderType.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProviderType.java
@@ -17,6 +17,5 @@ package org.thingsboard.server.service.security.auth.mfa.provider;
 
 public enum TwoFactorAuthProviderType {
     TOTP,
-    SMS,
-    EMAIL
+    SMS
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java
index 0438c53e15..ab6c15e56b 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java
@@ -57,7 +57,7 @@ public abstract class OtpBasedTwoFactorAuthProvider<C extends OtpBasedTwoFactorA
                 return false;
             }
             if (verificationCode.equals(correctVerificationCode.getValue())
-                    && correctVerificationCode.getConfig().equals(accountConfig)) {
+                    && correctVerificationCode.getAccountConfig().equals(accountConfig)) {
                 verificationCodesCache.evict(securityUser.getId());
                 return true;
             }
@@ -65,12 +65,13 @@ public abstract class OtpBasedTwoFactorAuthProvider<C extends OtpBasedTwoFactorA
         return false;
     }
 
+    // TODO [viacheslav]: periodically clean up codes cache
 
     @Data
     private static class Otp {
         private final long timestamp;
         private final String value;
-        private final OtpBasedTwoFactorAuthAccountConfig config;
+        private final OtpBasedTwoFactorAuthAccountConfig accountConfig;
     }
 
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
index 71d16d46d0..5e5bee55f7 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
@@ -85,7 +85,7 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
             if (twoFactorAuthConfigManager.isTwoFaEnabled(securityUser)) {
                 return new MfaAuthenticationToken(securityUser);
             } else {
-                systemSecurityService.logLoginAction((User) authentication.getPrincipal(), authentication.getDetails(), ActionType.LOGIN, null);
+                systemSecurityService.logLoginAction(securityUser, authentication.getDetails(), ActionType.LOGIN, null);
             }
         } else {
             String publicId = userPrincipal.getValue();
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
index 33c0c23f72..8fbdda6248 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
@@ -17,13 +17,13 @@ package org.thingsboard.server.service.security.auth.rest;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import lombok.RequiredArgsConstructor;
-import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.WebAttributes;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.stereotype.Component;
+import org.thingsboard.server.common.data.security.Authority;
 import org.thingsboard.server.service.security.auth.MfaAuthenticationToken;
 import org.thingsboard.server.service.security.auth.jwt.RefreshTokenRepository;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
@@ -41,7 +41,6 @@ import java.util.concurrent.TimeUnit;
 
 @Component(value = "defaultAuthenticationSuccessHandler")
 @RequiredArgsConstructor
-@Slf4j
 public class RestAwareAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
     private final ObjectMapper mapper;
     private final JwtTokenFactory tokenFactory;
@@ -57,8 +56,9 @@ public class RestAwareAuthenticationSuccessHandler implements AuthenticationSucc
         if (authentication instanceof MfaAuthenticationToken) {
             int preVerificationTokenLifetime = (int) TimeUnit.MINUTES.toSeconds(twoFactorAuthConfigManager.getTwoFaSettings(securityUser.getTenantId())
                     .map(TwoFactorAuthSettings::getTotalAllowedTimeForVerification).orElse(30));
-            tokenPair.setToken(tokenFactory.createTwoFaPreVerificationToken(securityUser, preVerificationTokenLifetime).getToken());
+            tokenPair.setToken(tokenFactory.createPreVerificationToken(securityUser, preVerificationTokenLifetime).getToken());
             tokenPair.setRefreshToken(null);
+            tokenPair.setScope(Authority.PRE_VERIFICATION_TOKEN);
         } else {
             tokenPair.setToken(tokenFactory.createAccessJwtToken(securityUser).getToken());
             tokenPair.setRefreshToken(refreshTokenRepository.requestRefreshToken(securityUser).getToken());
diff --git a/application/src/main/java/org/thingsboard/server/service/security/model/token/JwtTokenFactory.java b/application/src/main/java/org/thingsboard/server/service/security/model/token/JwtTokenFactory.java
index 8121ebf834..5cfb461b44 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/model/token/JwtTokenFactory.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/model/token/JwtTokenFactory.java
@@ -163,7 +163,7 @@ public class JwtTokenFactory {
         return securityUser;
     }
 
-    public JwtToken createTwoFaPreVerificationToken(SecurityUser user, Integer expirationTime) {
+    public JwtToken createPreVerificationToken(SecurityUser user, Integer expirationTime) {
         String token = setUpToken(user, Collections.singletonList(Authority.PRE_VERIFICATION_TOKEN.name()), expirationTime)
                 .claim(TENANT_ID, user.getTenantId().toString())
                 .compact();
diff --git a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
index 1f19b9c19b..c164ff04b4 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
@@ -164,11 +164,12 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
         TenantId tenantId = securityUser.getTenantId();
         UserId userId = securityUser.getId();
 
-        int failedVerificationAttempts = 0;
+        int failedVerificationAttempts;
         if (!verificationSuccess) {
             failedVerificationAttempts = userService.increaseFailedLoginAttempts(tenantId, userId);
         } else {
             userService.resetFailedLoginAttempts(tenantId, userId);
+            return;
         }
 
         if (twoFaSettings.getMaxVerificationFailuresBeforeUserLockout() > 0
diff --git a/application/src/main/resources/thingsboard.yml b/application/src/main/resources/thingsboard.yml
index ba6dc222ab..188d2bfe26 100644
--- a/application/src/main/resources/thingsboard.yml
+++ b/application/src/main/resources/thingsboard.yml
@@ -127,8 +127,6 @@ security:
   jwt:
     tokenExpirationTime: "${JWT_TOKEN_EXPIRATION_TIME:9000}" # Number of seconds (2.5 hours)
     refreshTokenExpTime: "${JWT_REFRESH_TOKEN_EXPIRATION_TIME:604800}" # Number of seconds (1 week)
-    # Number of seconds. Issued when 2FA is being used; valid only for checking 2FA verification code after which usual token pair is issued
-    preVerificationTokenExpirationTime: "${JWT_PRE_VERIFICATION_TOKEN_EXPIRATION_TIME:30}"
     tokenIssuer: "${JWT_TOKEN_ISSUER:thingsboard.io}"
     tokenSigningKey: "${JWT_TOKEN_SIGNING_KEY:thingsboardDefaultSigningKey}"
   # Enable/disable access to Tenant Administrators JWT token by System Administrator or Customer Users JWT token by Tenant Administrator
@@ -428,7 +426,7 @@ caffeine:
       timeToLiveInMinutes: "${CACHE_SPECS_EDGES_TTL:1440}"
       maxSize: "${CACHE_SPECS_EDGES_MAX_SIZE:10000}"
     twoFaVerificationCodes:
-      timeToLiveInMinutes: "${CACHE_SPECS_TWO_FA_VERIFICATION_CODES_TTL:1}"
+      timeToLiveInMinutes: "${CACHE_SPECS_TWO_FA_VERIFICATION_CODES_TTL:60}"
       maxSize: "${CACHE_SPECS_TWO_FA_VERIFICATION_CODES_MAX_SIZE:100000}"
 
 redis:
diff --git a/common/util/src/main/java/org/thingsboard/common/util/ThrowingBiConsumer.java b/common/util/src/main/java/org/thingsboard/common/util/ThrowingBiConsumer.java
deleted file mode 100644
index 269f9f75cb..0000000000
--- a/common/util/src/main/java/org/thingsboard/common/util/ThrowingBiConsumer.java
+++ /dev/null
@@ -1,21 +0,0 @@
-/**
- * Copyright © 2016-2022 The Thingsboard Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.thingsboard.common.util;
-
-@FunctionalInterface
-public interface ThrowingBiConsumer<A, B> {
-    void accept(A a, B b) throws Exception;
-}
diff --git a/common/util/src/main/java/org/thingsboard/common/util/ThrowingBiFunction.java b/common/util/src/main/java/org/thingsboard/common/util/ThrowingBiFunction.java
deleted file mode 100644
index 32058df26e..0000000000
--- a/common/util/src/main/java/org/thingsboard/common/util/ThrowingBiFunction.java
+++ /dev/null
@@ -1,21 +0,0 @@
-/**
- * Copyright © 2016-2022 The Thingsboard Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.thingsboard.common.util;
-
-@FunctionalInterface
-public interface ThrowingBiFunction<A, B, R> {
-    R apply(A a, B b) throws Exception;
-}
diff --git a/common/util/src/main/java/org/thingsboard/common/util/ThrowingTripleConsumer.java b/common/util/src/main/java/org/thingsboard/common/util/ThrowingTripleConsumer.java
deleted file mode 100644
index 5230da4863..0000000000
--- a/common/util/src/main/java/org/thingsboard/common/util/ThrowingTripleConsumer.java
+++ /dev/null
@@ -1,21 +0,0 @@
-/**
- * Copyright © 2016-2022 The Thingsboard Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.thingsboard.common.util;
-
-@FunctionalInterface
-public interface ThrowingTripleConsumer<A, B, C> {
-    void accept(A a, B b, C c) throws Exception;
-}
diff --git a/common/util/src/main/java/org/thingsboard/common/util/ThrowingTripleFunction.java b/common/util/src/main/java/org/thingsboard/common/util/ThrowingTripleFunction.java
deleted file mode 100644
index cade9d1717..0000000000
--- a/common/util/src/main/java/org/thingsboard/common/util/ThrowingTripleFunction.java
+++ /dev/null
@@ -1,21 +0,0 @@
-/**
- * Copyright © 2016-2022 The Thingsboard Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.thingsboard.common.util;
-
-@FunctionalInterface
-public interface ThrowingTripleFunction<A, B, C, R> {
-    R apply(A a, B b, C c) throws Exception;
-}
diff --git a/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/util/TbNodeUtils.java b/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/util/TbNodeUtils.java
index 32ee585820..bc38db7fd6 100644
--- a/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/util/TbNodeUtils.java
+++ b/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/util/TbNodeUtils.java
@@ -94,11 +94,7 @@ public class TbNodeUtils {
     }
 
     public static String processPattern(String pattern, TbMsgMetaData metaData) {
-        String result = pattern;
-        for (Map.Entry<String, String> keyVal : metaData.values().entrySet()) {
-            result = processVar(result, keyVal.getKey(), keyVal.getValue());
-        }
-        return result;
+        return processTemplate(pattern, metaData.values());
     }
 
     public static String processTemplate(String template, Map<String, String> data) {

From 1250fa2ba077c57329a30f20b8a8f7c4691a18d7 Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Mon, 21 Mar 2022 14:09:51 +0200
Subject: [PATCH 11/92] Tests for 2FA config management; refactoring

---
 .../TwoFactorAuthConfigController.java        |   2 +-
 .../controller/TwoFactorAuthController.java   |   7 +-
 .../auth/mfa/DefaultTwoFactorAuthService.java |   6 +-
 .../DefaultTwoFactorAuthConfigManager.java    |  37 +-
 .../config/TwoFactorAuthConfigManager.java    |   7 +-
 .../mfa/config/TwoFactorAuthSettings.java     |  10 +-
 .../OtpBasedTwoFactorAuthAccountConfig.java   |   3 +
 .../SmsTwoFactorAuthAccountConfig.java        |   4 +-
 .../TotpTwoFactorAuthAccountConfig.java       |   6 +-
 .../OtpBasedTwoFactorAuthProviderConfig.java  |   2 +-
 .../SmsTwoFactorAuthProviderConfig.java       |   2 +-
 .../impl/OtpBasedTwoFactorAuthProvider.java   |   6 +-
 .../auth/rest/RestAuthenticationProvider.java |   2 +-
 ...RestAwareAuthenticationSuccessHandler.java |   6 +-
 .../server/controller/AbstractWebTest.java    |   5 +-
 .../controller/TwoFactorAuthConfigTest.java   | 525 ++++++++++++++++++
 .../server/controller/TwoFactorAuthTest.java  | 245 +-------
 .../sql/TwoFactorAuthConfigSqlTest.java       |  23 +
 18 files changed, 621 insertions(+), 277 deletions(-)
 create mode 100644 application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
 create mode 100644 application/src/test/java/org/thingsboard/server/controller/sql/TwoFactorAuthConfigSqlTest.java

diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java
index 5d3e3bf116..527c862c95 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java
@@ -114,7 +114,7 @@ public class TwoFactorAuthConfigController extends BaseController {
     @GetMapping("/settings")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
     public TwoFactorAuthSettings getTwoFactorAuthSettings() throws ThingsboardException {
-        return twoFactorAuthConfigManager.getTwoFaSettings(getTenantId()).orElse(null);
+        return twoFactorAuthConfigManager.getTwoFaSettings(getTenantId(), false).orElse(null);
     }
 
     @PostMapping("/settings")
diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
index ff6417a3aa..d858f64899 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@@ -37,14 +37,9 @@ import javax.servlet.http.HttpServletRequest;
 
 /*
  * TODO [viacheslav]:
- *  - Tests for 2FA
  *  - Swagger documentation
- * */
-
-/*
- *
  *
- * TODO (later):
+ * TODO [viacheslav] (later):
  *  - 2FA entries should be secured against code injection by code validation
  *  - ability to force users to use 2FA (maybe on log in, do not give them token pair but to give temporary
  *      token to configure 2FA account config); also will need to make users configure 2FA during activation and password setup...
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
index c8117ec792..1012f27d25 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
@@ -71,7 +71,7 @@ public class DefaultTwoFactorAuthService implements TwoFactorAuthService {
 
     @Override
     public void prepareVerificationCode(SecurityUser securityUser, TwoFactorAuthAccountConfig accountConfig, boolean checkLimits) throws ThingsboardException {
-        TwoFactorAuthSettings twoFaSettings = configManager.getTwoFaSettings(securityUser.getTenantId())
+        TwoFactorAuthSettings twoFaSettings = configManager.getTwoFaSettings(securityUser.getTenantId(), true)
                 .orElseThrow(() -> PROVIDER_NOT_CONFIGURED_ERROR);
         if (checkLimits) {
             if (StringUtils.isNotEmpty(twoFaSettings.getVerificationCodeSendRateLimit())) {
@@ -102,7 +102,7 @@ public class DefaultTwoFactorAuthService implements TwoFactorAuthService {
             throw new ThingsboardException("User is disabled", ThingsboardErrorCode.AUTHENTICATION);
         }
 
-        TwoFactorAuthSettings twoFaSettings = configManager.getTwoFaSettings(securityUser.getTenantId())
+        TwoFactorAuthSettings twoFaSettings = configManager.getTwoFaSettings(securityUser.getTenantId(), true)
                 .orElseThrow(() -> PROVIDER_NOT_CONFIGURED_ERROR);
         if (checkLimits) {
             if (StringUtils.isNotEmpty(twoFaSettings.getVerificationCodeCheckRateLimit())) {
@@ -136,7 +136,7 @@ public class DefaultTwoFactorAuthService implements TwoFactorAuthService {
 
 
     private TwoFactorAuthProviderConfig getTwoFaProviderConfig(TenantId tenantId, TwoFactorAuthProviderType providerType) throws ThingsboardException {
-        return configManager.getTwoFaSettings(tenantId)
+        return configManager.getTwoFaSettings(tenantId, true)
                 .flatMap(twoFaSettings -> twoFaSettings.getProviderConfig(providerType))
                 .orElseThrow(() -> PROVIDER_NOT_CONFIGURED_ERROR);
     }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFactorAuthConfigManager.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFactorAuthConfigManager.java
index a96d25e520..bd486a6af0 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFactorAuthConfigManager.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFactorAuthConfigManager.java
@@ -31,6 +31,7 @@ import org.thingsboard.server.common.data.kv.BaseAttributeKvEntry;
 import org.thingsboard.server.common.data.kv.JsonDataEntry;
 import org.thingsboard.server.dao.attributes.AttributesService;
 import org.thingsboard.server.dao.service.ConstraintValidator;
+import org.thingsboard.server.dao.settings.AdminSettingsDao;
 import org.thingsboard.server.dao.settings.AdminSettingsService;
 import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
@@ -47,6 +48,7 @@ public class DefaultTwoFactorAuthConfigManager implements TwoFactorAuthConfigMan
 
     private final UserService userService;
     private final AdminSettingsService adminSettingsService;
+    private final AdminSettingsDao adminSettingsDao;
     private final AttributesService attributesService;
 
     protected static final String TWO_FACTOR_AUTH_ACCOUNT_CONFIG_KEY = "twoFaConfig";
@@ -54,8 +56,8 @@ public class DefaultTwoFactorAuthConfigManager implements TwoFactorAuthConfigMan
 
 
     @Override
-    public boolean isTwoFaEnabled(User user) {
-        return getTwoFaAccountConfig(user.getTenantId(), user.getId()).isPresent();
+    public boolean isTwoFaEnabled(TenantId tenantId, UserId userId) {
+        return getTwoFaAccountConfig(tenantId, userId).isPresent();
     }
 
     @Override
@@ -96,21 +98,26 @@ public class DefaultTwoFactorAuthConfigManager implements TwoFactorAuthConfigMan
 
 
     private Optional<TwoFactorAuthProviderConfig> getTwoFaProviderConfig(TenantId tenantId, TwoFactorAuthProviderType providerType) {
-        return getTwoFaSettings(tenantId)
+        return getTwoFaSettings(tenantId, true)
                 .flatMap(twoFaSettings -> twoFaSettings.getProviderConfig(providerType));
     }
 
     @SneakyThrows({InterruptedException.class, ExecutionException.class})
     @Override
-    public Optional<TwoFactorAuthSettings> getTwoFaSettings(TenantId tenantId) {
+    public Optional<TwoFactorAuthSettings> getTwoFaSettings(TenantId tenantId, boolean sysadminSettingsAsDefault) {
         if (tenantId.equals(TenantId.SYS_TENANT_ID)) {
-            return Optional.ofNullable(adminSettingsService.findAdminSettingsByKey(tenantId, TWO_FACTOR_AUTH_SETTINGS_KEY))
+            return Optional.ofNullable(adminSettingsService.findAdminSettingsByKey(TenantId.SYS_TENANT_ID, TWO_FACTOR_AUTH_SETTINGS_KEY))
                     .map(adminSettings -> JacksonUtil.treeToValue(adminSettings.getJsonValue(), TwoFactorAuthSettings.class));
         } else {
-            return attributesService.find(TenantId.SYS_TENANT_ID, tenantId, DataConstants.SERVER_SCOPE, TWO_FACTOR_AUTH_SETTINGS_KEY).get()
-                    .map(adminSettingsAttribute -> JacksonUtil.fromString(adminSettingsAttribute.getJsonValue().get(), TwoFactorAuthSettings.class))
-                    .filter(tenantTwoFactorAuthSettings -> !tenantTwoFactorAuthSettings.isUseSystemTwoFactorAuthSettings())
-                    .or(() -> getTwoFaSettings(TenantId.SYS_TENANT_ID));
+            Optional<TwoFactorAuthSettings> tenantTwoFaSettings = attributesService.find(TenantId.SYS_TENANT_ID, tenantId,
+                    DataConstants.SERVER_SCOPE, TWO_FACTOR_AUTH_SETTINGS_KEY).get()
+                    .map(adminSettingsAttribute -> JacksonUtil.fromString(adminSettingsAttribute.getJsonValue().get(), TwoFactorAuthSettings.class));
+            if (sysadminSettingsAsDefault) {
+                if (tenantTwoFaSettings.isEmpty() || tenantTwoFaSettings.get().isUseSystemTwoFactorAuthSettings()) {
+                    return getTwoFaSettings(TenantId.SYS_TENANT_ID, false);
+                }
+            }
+            return tenantTwoFaSettings;
         }
     }
 
@@ -136,4 +143,16 @@ public class DefaultTwoFactorAuthConfigManager implements TwoFactorAuthConfigMan
         }
     }
 
+    @SneakyThrows({InterruptedException.class, ExecutionException.class})
+    @Override
+    public void deleteTwoFaSettings(TenantId tenantId) {
+        if (tenantId.equals(TenantId.SYS_TENANT_ID)) {
+            Optional.ofNullable(adminSettingsService.findAdminSettingsByKey(tenantId, TWO_FACTOR_AUTH_SETTINGS_KEY))
+                    .ifPresent(adminSettings -> adminSettingsDao.removeById(tenantId, adminSettings.getId().getId()));
+        } else {
+            attributesService.removeAll(TenantId.SYS_TENANT_ID, tenantId, DataConstants.SERVER_SCOPE,
+                    Collections.singletonList(TWO_FACTOR_AUTH_SETTINGS_KEY)).get();
+        }
+    }
+
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthConfigManager.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthConfigManager.java
index 94c18aa999..96189bf584 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthConfigManager.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthConfigManager.java
@@ -15,7 +15,6 @@
  */
 package org.thingsboard.server.service.security.auth.mfa.config;
 
-import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.id.UserId;
@@ -25,7 +24,7 @@ import java.util.Optional;
 
 public interface TwoFactorAuthConfigManager {
 
-    boolean isTwoFaEnabled(User user);
+    boolean isTwoFaEnabled(TenantId tenantId, UserId userId);
 
     Optional<TwoFactorAuthAccountConfig> getTwoFaAccountConfig(TenantId tenantId, UserId userId);
 
@@ -34,8 +33,10 @@ public interface TwoFactorAuthConfigManager {
     void deleteTwoFaAccountConfig(TenantId tenantId, UserId userId);
 
 
-    Optional<TwoFactorAuthSettings> getTwoFaSettings(TenantId tenantId);
+    Optional<TwoFactorAuthSettings> getTwoFaSettings(TenantId tenantId, boolean sysadminSettingsAsDefault);
 
     void saveTwoFaSettings(TenantId tenantId, TwoFactorAuthSettings twoFactorAuthSettings);
 
+    void deleteTwoFaSettings(TenantId tenantId);
+
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
index ae39065e74..72da35e744 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
@@ -34,17 +34,17 @@ public class TwoFactorAuthSettings {
     private List<TwoFactorAuthProviderConfig> providers;
 
     @ApiModelProperty(example = "1:60 (1 request per minute)")
-    @Pattern(regexp = "[^0]\\d+:[^0]\\d+", message = "Rate limit configuration is invalid")
+    @Pattern(regexp = "[1-9]\\d*:[1-9]\\d*", message = "verification code send rate limit configuration is invalid")
     private String verificationCodeSendRateLimit;
     @ApiModelProperty(example = "3:900 (3 requests per 15 minutes)")
-    @Pattern(regexp = "[^0]\\d+:[^0]\\d+", message = "Rate limit configuration is invalid")
+    @Pattern(regexp = "[1-9]\\d*:[1-9]\\d*", message = "verification code check rate limit configuration is invalid")
     private String verificationCodeCheckRateLimit;
     @ApiModelProperty(example = "10")
-    @Min(0)
+    @Min(value = 0, message = "maximum number of verification failure before user lockout must be positive")
     private int maxVerificationFailuresBeforeUserLockout;
     @ApiModelProperty(value = "in minutes", example = "60")
-    @Min(1)
-    private int totalAllowedTimeForVerification;
+    @Min(value = 1, message = "total amount of time allotted for verification must be greater than 0")
+    private Integer totalAllowedTimeForVerification;
 
 
     public Optional<TwoFactorAuthProviderConfig> getProviderConfig(TwoFactorAuthProviderType providerType) {
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/OtpBasedTwoFactorAuthAccountConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/OtpBasedTwoFactorAuthAccountConfig.java
index 80b832a831..ef090c63b4 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/OtpBasedTwoFactorAuthAccountConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/OtpBasedTwoFactorAuthAccountConfig.java
@@ -15,5 +15,8 @@
  */
 package org.thingsboard.server.service.security.auth.mfa.config.account;
 
+import lombok.Data;
+
+@Data
 public abstract class OtpBasedTwoFactorAuthAccountConfig implements TwoFactorAuthAccountConfig {
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/SmsTwoFactorAuthAccountConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/SmsTwoFactorAuthAccountConfig.java
index 40e94899a7..c921c5aafe 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/SmsTwoFactorAuthAccountConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/SmsTwoFactorAuthAccountConfig.java
@@ -26,8 +26,8 @@ import javax.validation.constraints.Pattern;
 @Data
 public class SmsTwoFactorAuthAccountConfig extends OtpBasedTwoFactorAuthAccountConfig {
 
-    @NotBlank
-    @Pattern(regexp = "^\\+[1-9]\\d{1,14}$", message = "Phone number is not of E.164 format")
+    @NotBlank(message = "phone number cannot be blank")
+    @Pattern(regexp = "^\\+[1-9]\\d{1,14}$", message = "phone number is not of E.164 format")
     private String phoneNumber;
 
     @Override
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TotpTwoFactorAuthAccountConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TotpTwoFactorAuthAccountConfig.java
index 93975d49ad..7c92955043 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TotpTwoFactorAuthAccountConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TotpTwoFactorAuthAccountConfig.java
@@ -15,6 +15,7 @@
  */
 package org.thingsboard.server.service.security.auth.mfa.config.account;
 
+import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
 
@@ -24,8 +25,9 @@ import javax.validation.constraints.Pattern;
 @Data
 public class TotpTwoFactorAuthAccountConfig implements TwoFactorAuthAccountConfig {
 
-    @NotBlank
-//    @Pattern(regexp = "otpauth://totp/") // FIXME [viacheslav]: validate otp auth url by pattern
+    @ApiModelProperty(example = "otpauth://totp/ThingsBoard:tenant@thingsboard.org?issuer=ThingsBoard&secret=FUNBIM3CXFNNGQR6ZIPVWHP65PPFWDII")
+    @NotBlank(message = "OTP auth URL cannot be blank")
+    @Pattern(regexp = "otpauth://totp/(\\S+?):(\\S+?)\\?issuer=(\\S+?)&secret=(\\w+?)", message = "OTP auth url is invalid")
     private String authUrl;
 
     @Override
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/OtpBasedTwoFactorAuthProviderConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/OtpBasedTwoFactorAuthProviderConfig.java
index fa1e5d7b43..597c3e1e46 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/OtpBasedTwoFactorAuthProviderConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/OtpBasedTwoFactorAuthProviderConfig.java
@@ -23,6 +23,6 @@ import javax.validation.constraints.Min;
 @Data
 public abstract class OtpBasedTwoFactorAuthProviderConfig implements TwoFactorAuthProviderConfig {
     @ApiModelProperty(value = "in seconds", example = "60")
-    @Min(1) // TODO [viacheslav]: test
+    @Min(value = 1, message = "verification code lifetime is required")
     private int verificationCodeLifetime;
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java
index 3fe9e77ce7..8b34419041 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java
@@ -26,7 +26,7 @@ import javax.validation.constraints.Pattern;
 @Data
 public class SmsTwoFactorAuthProviderConfig extends OtpBasedTwoFactorAuthProviderConfig {
 
-    @NotBlank
+    @NotBlank(message = "verification message template is required")
     @Pattern(regexp = ".*\\$\\{verificationCode}.*", message = "template must contain verification code")
     private String smsVerificationMessageTemplate;
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java
index ab6c15e56b..db6653ffe9 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java
@@ -57,7 +57,7 @@ public abstract class OtpBasedTwoFactorAuthProvider<C extends OtpBasedTwoFactorA
                 return false;
             }
             if (verificationCode.equals(correctVerificationCode.getValue())
-                    && correctVerificationCode.getAccountConfig().equals(accountConfig)) {
+                    && accountConfig.equals(correctVerificationCode.getAccountConfig())) {
                 verificationCodesCache.evict(securityUser.getId());
                 return true;
             }
@@ -65,10 +65,10 @@ public abstract class OtpBasedTwoFactorAuthProvider<C extends OtpBasedTwoFactorA
         return false;
     }
 
-    // TODO [viacheslav]: periodically clean up codes cache
+    // FIXME [viacheslav]: periodically clean up codes cache
 
     @Data
-    private static class Otp {
+    public static class Otp {
         private final long timestamp;
         private final String value;
         private final OtpBasedTwoFactorAuthAccountConfig accountConfig;
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
index 5e5bee55f7..8b0781fa7e 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
@@ -82,7 +82,7 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
             String username = userPrincipal.getValue();
             String password = (String) authentication.getCredentials();
             securityUser = authenticateByUsernameAndPassword(authentication, userPrincipal, username, password);
-            if (twoFactorAuthConfigManager.isTwoFaEnabled(securityUser)) {
+            if (twoFactorAuthConfigManager.isTwoFaEnabled(securityUser.getTenantId(), securityUser.getId())) {
                 return new MfaAuthenticationToken(securityUser);
             } else {
                 systemSecurityService.logLoginAction(securityUser, authentication.getDetails(), ActionType.LOGIN, null);
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
index 8fbdda6248..5d4aa20f1a 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
@@ -27,7 +27,6 @@ import org.thingsboard.server.common.data.security.Authority;
 import org.thingsboard.server.service.security.auth.MfaAuthenticationToken;
 import org.thingsboard.server.service.security.auth.jwt.RefreshTokenRepository;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
-import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
 import org.thingsboard.server.service.security.model.JwtTokenPair;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
@@ -37,6 +36,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import java.io.IOException;
+import java.util.Optional;
 import java.util.concurrent.TimeUnit;
 
 @Component(value = "defaultAuthenticationSuccessHandler")
@@ -54,8 +54,8 @@ public class RestAwareAuthenticationSuccessHandler implements AuthenticationSucc
         JwtTokenPair tokenPair = new JwtTokenPair();
 
         if (authentication instanceof MfaAuthenticationToken) {
-            int preVerificationTokenLifetime = (int) TimeUnit.MINUTES.toSeconds(twoFactorAuthConfigManager.getTwoFaSettings(securityUser.getTenantId())
-                    .map(TwoFactorAuthSettings::getTotalAllowedTimeForVerification).orElse(30));
+            int preVerificationTokenLifetime = (int) TimeUnit.MINUTES.toSeconds(twoFactorAuthConfigManager.getTwoFaSettings(securityUser.getTenantId(), true)
+                    .flatMap(settings -> Optional.ofNullable(settings.getTotalAllowedTimeForVerification())).orElse(30));
             tokenPair.setToken(tokenFactory.createPreVerificationToken(securityUser, preVerificationTokenLifetime).getToken());
             tokenPair.setRefreshToken(null);
             tokenPair.setScope(Authority.PRE_VERIFICATION_TOKEN);
diff --git a/application/src/test/java/org/thingsboard/server/controller/AbstractWebTest.java b/application/src/test/java/org/thingsboard/server/controller/AbstractWebTest.java
index 32d55a71dd..efae835421 100644
--- a/application/src/test/java/org/thingsboard/server/controller/AbstractWebTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/AbstractWebTest.java
@@ -66,6 +66,7 @@ import org.thingsboard.server.common.data.device.profile.TransportPayloadTypeCon
 import org.thingsboard.server.common.data.edge.Edge;
 import org.thingsboard.server.common.data.id.HasId;
 import org.thingsboard.server.common.data.id.TenantId;
+import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.page.PageData;
 import org.thingsboard.server.common.data.page.PageLink;
 import org.thingsboard.server.common.data.page.TimePageLink;
@@ -124,6 +125,7 @@ public abstract class AbstractWebTest extends AbstractInMemoryStorageTest {
     protected String username;
 
     protected TenantId tenantId;
+    protected UserId tenantAdminUserId;
 
     @SuppressWarnings("rawtypes")
     private HttpMessageConverter mappingJackson2HttpMessageConverter;
@@ -186,7 +188,8 @@ public abstract class AbstractWebTest extends AbstractInMemoryStorageTest {
         tenantAdmin.setTenantId(tenantId);
         tenantAdmin.setEmail(TENANT_ADMIN_EMAIL);
 
-        createUserAndLogin(tenantAdmin, TENANT_ADMIN_PASSWORD);
+        tenantAdmin = createUserAndLogin(tenantAdmin, TENANT_ADMIN_PASSWORD);
+        tenantAdminUserId = tenantAdmin.getId();
 
         Customer customer = new Customer();
         customer.setTitle("Customer");
diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
new file mode 100644
index 0000000000..01e2bc496e
--- /dev/null
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
@@ -0,0 +1,525 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.controller;
+
+import org.jboss.aerogear.security.otp.Totp;
+import org.jboss.aerogear.security.otp.api.Base32;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.ArgumentCaptor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.boot.test.mock.mockito.SpyBean;
+import org.springframework.cache.CacheManager;
+import org.springframework.web.util.UriComponents;
+import org.springframework.web.util.UriComponentsBuilder;
+import org.thingsboard.rule.engine.api.SmsService;
+import org.thingsboard.server.common.data.CacheConstants;
+import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.TenantId;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
+import org.thingsboard.server.service.security.auth.mfa.config.account.SmsTwoFactorAuthAccountConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.account.TotpTwoFactorAuthAccountConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.provider.SmsTwoFactorAuthProviderConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.provider.TotpTwoFactorAuthProviderConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.provider.TwoFactorAuthProviderConfig;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.service.security.auth.mfa.provider.impl.OtpBasedTwoFactorAuthProvider;
+import org.thingsboard.server.service.security.auth.mfa.provider.impl.TotpTwoFactorAuthProvider;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.stream.Collectors;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.argThat;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.verify;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
+
+    @SpyBean
+    private TotpTwoFactorAuthProvider totpTwoFactorAuthProvider;
+    @MockBean
+    private SmsService smsService;
+    @Autowired
+    private CacheManager cacheManager;
+    @Autowired
+    private TwoFactorAuthConfigManager twoFactorAuthConfigManager;
+
+    @Before
+    public void beforeEach() throws Exception {
+        loginSysAdmin();
+    }
+
+    @After
+    public void afterEach() {
+        twoFactorAuthConfigManager.deleteTwoFaSettings(TenantId.SYS_TENANT_ID);
+        twoFactorAuthConfigManager.deleteTwoFaSettings(tenantId);
+    }
+
+
+    @Test
+    public void testSaveTwoFaSettings() throws Exception {
+        loginSysAdmin();
+        testSaveTestTwoFaSettings();
+
+        loginTenantAdmin();
+        testSaveTestTwoFaSettings();
+    }
+
+    private void testSaveTestTwoFaSettings() throws Exception {
+        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = new TotpTwoFactorAuthProviderConfig();
+        totpTwoFaProviderConfig.setIssuerName("tb");
+        SmsTwoFactorAuthProviderConfig smsTwoFaProviderConfig = new SmsTwoFactorAuthProviderConfig();
+        smsTwoFaProviderConfig.setSmsVerificationMessageTemplate("${verificationCode}");
+        smsTwoFaProviderConfig.setVerificationCodeLifetime(60);
+
+        TwoFactorAuthSettings twoFaSettings = new TwoFactorAuthSettings();
+        twoFaSettings.setProviders(List.of(totpTwoFaProviderConfig, smsTwoFaProviderConfig));
+        twoFaSettings.setVerificationCodeSendRateLimit("1:60");
+        twoFaSettings.setVerificationCodeCheckRateLimit("3:900");
+        twoFaSettings.setMaxVerificationFailuresBeforeUserLockout(10);
+        twoFaSettings.setTotalAllowedTimeForVerification(60);
+
+        doPost("/api/2fa/settings", twoFaSettings).andExpect(status().isOk());
+
+        TwoFactorAuthSettings savedTwoFaSettings = readResponse(doGet("/api/2fa/settings").andExpect(status().isOk()), TwoFactorAuthSettings.class);
+
+        assertThat(savedTwoFaSettings.getProviders()).hasSize(2);
+        assertThat(savedTwoFaSettings.getProviders()).contains(totpTwoFaProviderConfig, smsTwoFaProviderConfig);
+    }
+
+    @Test
+    public void testSaveTwoFaSettings_validationError() throws Exception {
+        loginTenantAdmin();
+
+        TwoFactorAuthSettings twoFaSettings = new TwoFactorAuthSettings();
+        twoFaSettings.setProviders(Collections.emptyList());
+        twoFaSettings.setVerificationCodeSendRateLimit("ab:aba");
+        twoFaSettings.setVerificationCodeCheckRateLimit("0:12");
+        twoFaSettings.setMaxVerificationFailuresBeforeUserLockout(-1);
+        twoFaSettings.setTotalAllowedTimeForVerification(0);
+
+        String errorMessage = getErrorMessage(doPost("/api/2fa/settings", twoFaSettings)
+                .andExpect(status().isBadRequest()));
+
+        assertThat(errorMessage).contains(
+                "verification code send rate limit configuration is invalid",
+                "verification code check rate limit configuration is invalid",
+                "maximum number of verification failure before user lockout must be positive",
+                "total amount of time allotted for verification must be greater than 0"
+        );
+
+        twoFaSettings.setUseSystemTwoFactorAuthSettings(true);
+        doPost("/api/2fa/settings", twoFaSettings)
+                .andExpect(status().isOk());
+
+        twoFaSettings.setVerificationCodeSendRateLimit(null);
+        twoFaSettings.setVerificationCodeCheckRateLimit(null);
+        twoFaSettings.setMaxVerificationFailuresBeforeUserLockout(0);
+        twoFaSettings.setTotalAllowedTimeForVerification(null);
+
+        doPost("/api/2fa/settings", twoFaSettings)
+                .andExpect(status().isOk());
+    }
+
+    @Test
+    public void testGetTwoFaSettings_useSysadminSettingsAsDefault() throws Exception {
+        loginSysAdmin();
+        TwoFactorAuthSettings sysadminTwoFaSettings = new TwoFactorAuthSettings();
+        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = new TotpTwoFactorAuthProviderConfig();
+        totpTwoFaProviderConfig.setIssuerName("tb");
+        sysadminTwoFaSettings.setProviders(Collections.singletonList(totpTwoFaProviderConfig));
+        sysadminTwoFaSettings.setMaxVerificationFailuresBeforeUserLockout(25);
+        doPost("/api/2fa/settings", sysadminTwoFaSettings).andExpect(status().isOk());
+
+        loginTenantAdmin();
+        TwoFactorAuthSettings tenantTwoFaSettings = new TwoFactorAuthSettings();
+        tenantTwoFaSettings.setUseSystemTwoFactorAuthSettings(true);
+        tenantTwoFaSettings.setProviders(Collections.emptyList());
+        doPost("/api/2fa/settings", tenantTwoFaSettings).andExpect(status().isOk());
+        TwoFactorAuthSettings twoFaSettings = readResponse(doGet("/api/2fa/settings").andExpect(status().isOk()), TwoFactorAuthSettings.class);
+        assertThat(twoFaSettings).isEqualTo(tenantTwoFaSettings);
+
+        doPost("/api/2fa/account/config/generate?providerType=TOTP")
+                .andExpect(status().isOk());
+
+        tenantTwoFaSettings.setUseSystemTwoFactorAuthSettings(false);
+        tenantTwoFaSettings.setProviders(Collections.emptyList());
+        tenantTwoFaSettings.setMaxVerificationFailuresBeforeUserLockout(10);
+        doPost("/api/2fa/settings", tenantTwoFaSettings).andExpect(status().isOk());
+        twoFaSettings = readResponse(doGet("/api/2fa/settings").andExpect(status().isOk()), TwoFactorAuthSettings.class);
+        assertThat(twoFaSettings).isEqualTo(tenantTwoFaSettings);
+
+        assertThat(getErrorMessage(doPost("/api/2fa/account/config/generate?providerType=TOTP")
+                .andExpect(status().isBadRequest()))).containsIgnoringCase("provider is not configured");
+
+        loginSysAdmin();
+        sysadminTwoFaSettings.setProviders(Collections.emptyList());
+        doPost("/api/2fa/settings", sysadminTwoFaSettings).andExpect(status().isOk());
+        loginTenantAdmin();
+        tenantTwoFaSettings.setUseSystemTwoFactorAuthSettings(true);
+        tenantTwoFaSettings.setProviders(Collections.singletonList(totpTwoFaProviderConfig));
+        doPost("/api/2fa/settings", tenantTwoFaSettings).andExpect(status().isOk());
+
+        assertThat(getErrorMessage(doPost("/api/2fa/account/config/generate?providerType=TOTP")
+                .andExpect(status().isBadRequest()))).containsIgnoringCase("provider is not configured");
+
+        tenantTwoFaSettings.setUseSystemTwoFactorAuthSettings(false);
+        doPost("/api/2fa/settings", tenantTwoFaSettings).andExpect(status().isOk());
+
+        doPost("/api/2fa/account/config/generate?providerType=TOTP")
+                .andExpect(status().isOk());
+
+        loginSysAdmin();
+        twoFaSettings = readResponse(doGet("/api/2fa/settings").andExpect(status().isOk()), TwoFactorAuthSettings.class);
+        assertThat(twoFaSettings).isEqualTo(sysadminTwoFaSettings);
+    }
+
+    @Test
+    public void testSaveTotpTwoFaProviderConfig_validationError() throws Exception {
+        TotpTwoFactorAuthProviderConfig invalidTotpTwoFaProviderConfig = new TotpTwoFactorAuthProviderConfig();
+        invalidTotpTwoFaProviderConfig.setIssuerName("   ");
+
+        String errorResponse = saveTwoFaSettingsAndGetError(invalidTotpTwoFaProviderConfig);
+        assertThat(errorResponse).containsIgnoringCase("issuer name must not be blank");
+    }
+
+    @Test
+    public void testSaveSmsTwoFaProviderConfig_validationError() throws Exception {
+        SmsTwoFactorAuthProviderConfig invalidSmsTwoFaProviderConfig = new SmsTwoFactorAuthProviderConfig();
+        invalidSmsTwoFaProviderConfig.setSmsVerificationMessageTemplate("does not contain verification code");
+        invalidSmsTwoFaProviderConfig.setVerificationCodeLifetime(60);
+
+        String errorResponse = saveTwoFaSettingsAndGetError(invalidSmsTwoFaProviderConfig);
+        assertThat(errorResponse).containsIgnoringCase("must contain verification code");
+
+        invalidSmsTwoFaProviderConfig.setSmsVerificationMessageTemplate(null);
+        invalidSmsTwoFaProviderConfig.setVerificationCodeLifetime(0);
+        errorResponse = saveTwoFaSettingsAndGetError(invalidSmsTwoFaProviderConfig);
+        assertThat(errorResponse).containsIgnoringCase("verification message template is required");
+        assertThat(errorResponse).containsIgnoringCase("verification code lifetime is required");
+    }
+
+    private String saveTwoFaSettingsAndGetError(TwoFactorAuthProviderConfig invalidTwoFaProviderConfig) throws Exception {
+        TwoFactorAuthSettings twoFaSettings = new TwoFactorAuthSettings();
+        twoFaSettings.setProviders(Collections.singletonList(invalidTwoFaProviderConfig));
+
+        return getErrorMessage(doPost("/api/2fa/settings", twoFaSettings)
+                .andExpect(status().isBadRequest()));
+    }
+
+    @Test
+    public void testSaveTwoFaAccountConfig_providerNotConfigured() throws Exception {
+        configureSmsTwoFaProvider("${verificationCode}");
+
+        loginTenantAdmin();
+
+        TwoFactorAuthProviderType notConfiguredProviderType = TwoFactorAuthProviderType.TOTP;
+        String errorMessage = getErrorMessage(doPost("/api/2fa/account/config/generate?providerType=" + notConfiguredProviderType)
+                .andExpect(status().isBadRequest()));
+        assertThat(errorMessage).containsIgnoringCase("provider is not configured");
+
+        TotpTwoFactorAuthAccountConfig notConfiguredProviderAccountConfig = new TotpTwoFactorAuthAccountConfig();
+        notConfiguredProviderAccountConfig.setAuthUrl("otpauth://totp/aba:aba?issuer=aba&secret=ABA");
+        errorMessage = getErrorMessage(doPost("/api/2fa/account/config/submit", notConfiguredProviderAccountConfig));
+        assertThat(errorMessage).containsIgnoringCase("provider is not configured");
+    }
+
+    @Test
+    public void testGenerateTotpTwoFaAccountConfig() throws Exception {
+        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = configureTotpTwoFaProvider();
+
+        loginTenantAdmin();
+
+        assertThat(readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), String.class)).isNullOrEmpty();
+        generateTotpTwoFaAccountConfig(totpTwoFaProviderConfig);
+    }
+
+    @Test
+    public void testSubmitTotpTwoFaAccountConfig() throws Exception {
+        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = configureTotpTwoFaProvider();
+
+        loginTenantAdmin();
+
+        TotpTwoFactorAuthAccountConfig generatedTotpTwoFaAccountConfig = generateTotpTwoFaAccountConfig(totpTwoFaProviderConfig);
+        doPost("/api/2fa/account/config/submit", generatedTotpTwoFaAccountConfig).andExpect(status().isOk());
+        verify(totpTwoFactorAuthProvider).prepareVerificationCode(argThat(user -> user.getEmail().equals(TENANT_ADMIN_EMAIL)),
+                eq(totpTwoFaProviderConfig), eq(generatedTotpTwoFaAccountConfig));
+    }
+
+    @Test
+    public void testSubmitTotpTwoFaAccountConfig_validationError() throws Exception {
+        configureTotpTwoFaProvider();
+
+        loginTenantAdmin();
+
+        TotpTwoFactorAuthAccountConfig totpTwoFaAccountConfig = new TotpTwoFactorAuthAccountConfig();
+        totpTwoFaAccountConfig.setAuthUrl(null);
+
+        String errorMessage = getErrorMessage(doPost("/api/2fa/account/config/submit", totpTwoFaAccountConfig)
+                .andExpect(status().isBadRequest()));
+        assertThat(errorMessage).containsIgnoringCase("otp auth url cannot be blank");
+
+        totpTwoFaAccountConfig.setAuthUrl("otpauth://totp/T B: aba");
+        errorMessage = getErrorMessage(doPost("/api/2fa/account/config/submit", totpTwoFaAccountConfig)
+                .andExpect(status().isBadRequest()));
+        assertThat(errorMessage).containsIgnoringCase("otp auth url is invalid");
+
+        totpTwoFaAccountConfig.setAuthUrl("otpauth://totp/ThingsBoard%20(Tenant):tenant@thingsboard.org?issuer=ThingsBoard+%28Tenant%29&secret=FUNBIM3CXFNNGQR6ZIPVWHP65PPFWDII");
+        doPost("/api/2fa/account/config/submit", totpTwoFaAccountConfig)
+                .andExpect(status().isOk());
+    }
+
+    @Test
+    public void testVerifyAndSaveTotpTwoFaAccountConfig() throws Exception {
+        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = configureTotpTwoFaProvider();
+
+        loginTenantAdmin();
+
+        TotpTwoFactorAuthAccountConfig generatedTotpTwoFaAccountConfig = generateTotpTwoFaAccountConfig(totpTwoFaProviderConfig);
+
+        String secret = UriComponentsBuilder.fromUriString(generatedTotpTwoFaAccountConfig.getAuthUrl()).build()
+                .getQueryParams().getFirst("secret");
+        String correctVerificationCode = new Totp(secret).now();
+
+        doPost("/api/2fa/account/config?verificationCode=" + correctVerificationCode, generatedTotpTwoFaAccountConfig)
+                .andExpect(status().isOk());
+
+        TwoFactorAuthAccountConfig twoFaAccountConfig = readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), TwoFactorAuthAccountConfig.class);
+        assertThat(twoFaAccountConfig).isEqualTo(generatedTotpTwoFaAccountConfig);
+    }
+
+    @Test
+    public void testVerifyAndSaveTotpTwoFaAccountConfig_incorrectVerificationCode() throws Exception {
+        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = configureTotpTwoFaProvider();
+
+        loginTenantAdmin();
+
+        TotpTwoFactorAuthAccountConfig generatedTotpTwoFaAccountConfig = generateTotpTwoFaAccountConfig(totpTwoFaProviderConfig);
+
+        String incorrectVerificationCode = "100000";
+        String errorMessage = getErrorMessage(doPost("/api/2fa/account/config?verificationCode=" + incorrectVerificationCode, generatedTotpTwoFaAccountConfig)
+                .andExpect(status().isBadRequest()));
+
+        assertThat(errorMessage).containsIgnoringCase("verification code is incorrect");
+    }
+
+    private TotpTwoFactorAuthAccountConfig generateTotpTwoFaAccountConfig(TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig) throws Exception {
+        TwoFactorAuthAccountConfig generatedTwoFaAccountConfig = readResponse(doPost("/api/2fa/account/config/generate?providerType=TOTP")
+                .andExpect(status().isOk()), TwoFactorAuthAccountConfig.class);
+        assertThat(generatedTwoFaAccountConfig).isInstanceOf(TotpTwoFactorAuthAccountConfig.class);
+
+        assertThat(((TotpTwoFactorAuthAccountConfig) generatedTwoFaAccountConfig)).satisfies(accountConfig -> {
+            UriComponents otpAuthUrl = UriComponentsBuilder.fromUriString(accountConfig.getAuthUrl()).build();
+            assertThat(otpAuthUrl.getScheme()).isEqualTo("otpauth");
+            assertThat(otpAuthUrl.getHost()).isEqualTo("totp");
+            assertThat(otpAuthUrl.getQueryParams().getFirst("issuer")).isEqualTo(totpTwoFaProviderConfig.getIssuerName());
+            assertThat(otpAuthUrl.getPath()).isEqualTo("/%s:%s", totpTwoFaProviderConfig.getIssuerName(), TENANT_ADMIN_EMAIL);
+            assertThat(otpAuthUrl.getQueryParams().getFirst("secret")).satisfies(secretKey -> {
+                assertDoesNotThrow(() -> Base32.decode(secretKey));
+            });
+        });
+        return (TotpTwoFactorAuthAccountConfig) generatedTwoFaAccountConfig;
+    }
+
+    @Test
+    public void testGetTwoFaAccountConfig_whenProviderNotConfigured() throws Exception {
+        testVerifyAndSaveTotpTwoFaAccountConfig();
+        assertThat(readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()),
+                TotpTwoFactorAuthAccountConfig.class)).isNotNull();
+
+        loginSysAdmin();
+
+        saveProvidersConfigs();
+
+        assertThat(readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), String.class))
+                .isNullOrEmpty();
+    }
+
+    @Test
+    public void testGenerateSmsTwoFaAccountConfig() throws Exception {
+        configureSmsTwoFaProvider("${verificationCode}");
+        doPost("/api/2fa/account/config/generate?providerType=SMS")
+                .andExpect(status().isOk());
+    }
+
+    @Test
+    public void testSubmitSmsTwoFaAccountConfig() throws Exception {
+        String verificationMessageTemplate = "Here is your verification code: ${verificationCode}";
+        configureSmsTwoFaProvider(verificationMessageTemplate);
+
+        loginTenantAdmin();
+
+        SmsTwoFactorAuthAccountConfig smsTwoFaAccountConfig = new SmsTwoFactorAuthAccountConfig();
+        smsTwoFaAccountConfig.setPhoneNumber("+38054159785");
+
+        doPost("/api/2fa/account/config/submit", smsTwoFaAccountConfig).andExpect(status().isOk());
+
+        String verificationCode = cacheManager.getCache(CacheConstants.TWO_FA_VERIFICATION_CODES_CACHE)
+                .get(tenantAdminUserId, OtpBasedTwoFactorAuthProvider.Otp.class).getValue();
+
+        verify(smsService).sendSms(eq(tenantId), any(), argThat(phoneNumbers -> {
+            return phoneNumbers[0].equals(smsTwoFaAccountConfig.getPhoneNumber());
+        }), eq("Here is your verification code: " + verificationCode));
+    }
+
+    @Test
+    public void testSubmitSmsTwoFaAccountConfig_validationError() throws Exception {
+        configureSmsTwoFaProvider("${verificationCode}");
+
+        SmsTwoFactorAuthAccountConfig smsTwoFaAccountConfig = new SmsTwoFactorAuthAccountConfig();
+        String blankPhoneNumber = "";
+        smsTwoFaAccountConfig.setPhoneNumber(blankPhoneNumber);
+
+        String errorMessage = getErrorMessage(doPost("/api/2fa/account/config/submit", smsTwoFaAccountConfig)
+                .andExpect(status().isBadRequest()));
+        assertThat(errorMessage).containsIgnoringCase("phone number cannot be blank");
+
+        String nonE164PhoneNumber = "8754868";
+        smsTwoFaAccountConfig.setPhoneNumber(nonE164PhoneNumber);
+
+        errorMessage = getErrorMessage(doPost("/api/2fa/account/config/submit", smsTwoFaAccountConfig)
+                .andExpect(status().isBadRequest()));
+        assertThat(errorMessage).containsIgnoringCase("phone number is not of E.164 format");
+    }
+
+    @Test
+    public void testVerifyAndSaveSmsTwoFaAccountConfig() throws Exception {
+        configureSmsTwoFaProvider("${verificationCode}");
+
+        loginTenantAdmin();
+
+        SmsTwoFactorAuthAccountConfig smsTwoFaAccountConfig = new SmsTwoFactorAuthAccountConfig();
+        smsTwoFaAccountConfig.setPhoneNumber("+38051889445");
+
+        ArgumentCaptor<String> verificationCodeCaptor = ArgumentCaptor.forClass(String.class);
+        doPost("/api/2fa/account/config/submit", smsTwoFaAccountConfig).andExpect(status().isOk());
+
+        verify(smsService).sendSms(eq(tenantId), any(), argThat(phoneNumbers -> {
+            return phoneNumbers[0].equals(smsTwoFaAccountConfig.getPhoneNumber());
+        }), verificationCodeCaptor.capture());
+
+        String correctVerificationCode = verificationCodeCaptor.getValue();
+        doPost("/api/2fa/account/config?verificationCode=" + correctVerificationCode, smsTwoFaAccountConfig)
+                .andExpect(status().isOk());
+
+        TwoFactorAuthAccountConfig accountConfig = readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), TwoFactorAuthAccountConfig.class);
+        assertThat(accountConfig).isEqualTo(smsTwoFaAccountConfig);
+    }
+
+    @Test
+    public void testVerifyAndSaveSmsTwoFaAccountConfig_incorrectVerificationCode() throws Exception {
+        configureSmsTwoFaProvider("${verificationCode}");
+
+        loginTenantAdmin();
+
+        SmsTwoFactorAuthAccountConfig smsTwoFaAccountConfig = new SmsTwoFactorAuthAccountConfig();
+        smsTwoFaAccountConfig.setPhoneNumber("+38051889445");
+
+        String errorMessage = getErrorMessage(doPost("/api/2fa/account/config?verificationCode=100000", smsTwoFaAccountConfig)
+                .andExpect(status().isBadRequest()));
+        assertThat(errorMessage).containsIgnoringCase("verification code is incorrect");
+    }
+
+    @Test
+    public void testVerifyAndSaveSmsTwoFaAccountConfig_differentAccountConfigs() throws Exception {
+        configureSmsTwoFaProvider("${verificationCode}");
+        loginTenantAdmin();
+
+        SmsTwoFactorAuthAccountConfig initialSmsTwoFaAccountConfig = new SmsTwoFactorAuthAccountConfig();
+        initialSmsTwoFaAccountConfig.setPhoneNumber("+38051889445");
+
+        ArgumentCaptor<String> verificationCodeCaptor = ArgumentCaptor.forClass(String.class);
+        doPost("/api/2fa/account/config/submit", initialSmsTwoFaAccountConfig).andExpect(status().isOk());
+
+        verify(smsService).sendSms(eq(tenantId), any(), argThat(phoneNumbers -> {
+            return phoneNumbers[0].equals(initialSmsTwoFaAccountConfig.getPhoneNumber());
+        }), verificationCodeCaptor.capture());
+
+        String correctVerificationCode = verificationCodeCaptor.getValue();
+
+        SmsTwoFactorAuthAccountConfig anotherSmsTwoFaAccountConfig = new SmsTwoFactorAuthAccountConfig();
+        anotherSmsTwoFaAccountConfig.setPhoneNumber("+38111111111");
+        String errorMessage = getErrorMessage(doPost("/api/2fa/account/config?verificationCode=" + correctVerificationCode, anotherSmsTwoFaAccountConfig)
+                .andExpect(status().isBadRequest()));
+        assertThat(errorMessage).containsIgnoringCase("verification code is incorrect");
+
+        doPost("/api/2fa/account/config?verificationCode=" + correctVerificationCode, initialSmsTwoFaAccountConfig)
+                .andExpect(status().isOk());
+        TwoFactorAuthAccountConfig accountConfig = readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), TwoFactorAuthAccountConfig.class);
+        assertThat(accountConfig).isEqualTo(initialSmsTwoFaAccountConfig);
+    }
+
+    private TotpTwoFactorAuthProviderConfig configureTotpTwoFaProvider() throws Exception {
+        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = new TotpTwoFactorAuthProviderConfig();
+        totpTwoFaProviderConfig.setIssuerName("tb");
+
+        saveProvidersConfigs(totpTwoFaProviderConfig);
+        return totpTwoFaProviderConfig;
+    }
+
+    private SmsTwoFactorAuthProviderConfig configureSmsTwoFaProvider(String verificationMessageTemplate) throws Exception {
+        SmsTwoFactorAuthProviderConfig smsTwoFaProviderConfig = new SmsTwoFactorAuthProviderConfig();
+        smsTwoFaProviderConfig.setSmsVerificationMessageTemplate(verificationMessageTemplate);
+        smsTwoFaProviderConfig.setVerificationCodeLifetime(60);
+
+        saveProvidersConfigs(smsTwoFaProviderConfig);
+        return smsTwoFaProviderConfig;
+    }
+
+    private void saveProvidersConfigs(TwoFactorAuthProviderConfig... providerConfigs) throws Exception {
+        TwoFactorAuthSettings twoFaSettings = new TwoFactorAuthSettings();
+
+        twoFaSettings.setProviders(Arrays.stream(providerConfigs).collect(Collectors.toList()));
+        doPost("/api/2fa/settings", twoFaSettings).andExpect(status().isOk());
+    }
+
+    @Test
+    public void testIsTwoFaEnabled() throws ThingsboardException {
+        SmsTwoFactorAuthAccountConfig accountConfig = new SmsTwoFactorAuthAccountConfig();
+        accountConfig.setPhoneNumber("+380505050");
+        twoFactorAuthConfigManager.saveTwoFaAccountConfig(tenantId, tenantAdminUserId, accountConfig);
+
+        assertThat(twoFactorAuthConfigManager.isTwoFaEnabled(tenantId, tenantAdminUserId)).isTrue();
+    }
+
+    @Test
+    public void testDeleteTwoFaAccountConfig() throws Exception {
+        SmsTwoFactorAuthAccountConfig accountConfig = new SmsTwoFactorAuthAccountConfig();
+        accountConfig.setPhoneNumber("+380505050");
+        twoFactorAuthConfigManager.saveTwoFaAccountConfig(tenantId, tenantAdminUserId, accountConfig);
+
+        loginTenantAdmin();
+
+        TwoFactorAuthAccountConfig savedAccountConfig = readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), TwoFactorAuthAccountConfig.class);
+        assertThat(savedAccountConfig).isEqualTo(accountConfig);
+
+        doDelete("/api/2fa/account/config").andExpect(status().isOk());
+
+        assertThat(readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), String.class))
+                .isNullOrEmpty();
+    }
+
+}
diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
index 69bd49f6f5..4a9888ada1 100644
--- a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
@@ -15,242 +15,15 @@
  */
 package org.thingsboard.server.controller;
 
-import org.jboss.aerogear.security.otp.Totp;
-import org.jboss.aerogear.security.otp.api.Base32;
-import org.junit.Before;
-import org.junit.Test;
-import org.springframework.boot.test.mock.mockito.MockBean;
-import org.springframework.boot.test.mock.mockito.SpyBean;
-import org.springframework.web.util.UriComponents;
-import org.springframework.web.util.UriComponentsBuilder;
-import org.thingsboard.rule.engine.api.SmsService;
-import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
-import org.thingsboard.server.service.security.auth.mfa.config.account.TotpTwoFactorAuthAccountConfig;
-import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
-import org.thingsboard.server.service.security.auth.mfa.config.provider.SmsTwoFactorAuthProviderConfig;
-import org.thingsboard.server.service.security.auth.mfa.config.provider.TotpTwoFactorAuthProviderConfig;
-import org.thingsboard.server.service.security.auth.mfa.config.provider.TwoFactorAuthProviderConfig;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
-import org.thingsboard.server.service.security.auth.mfa.provider.impl.TotpTwoFactorAuthProvider;
-
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.stream.Collectors;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
-import static org.mockito.ArgumentMatchers.argThat;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.verify;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
-
-// TODO [viacheslav]: test validation for all account configs, provider configs and two factor auth settings
-// TODO [viacheslav]: test authentication details, log login action, last login ts, rate limiting, user blocking, etc
+/*
+* TODO [viacheslav]
+*  check validation of the verification code
+*  test rate limits
+*  test code expiration
+*  test pre-verification token lifetime
+*  test user blocking
+*  test log login action, lastLoginTs, and authentication details
+* */
 public abstract class TwoFactorAuthTest extends AbstractControllerTest {
 
-    @SpyBean
-    private TotpTwoFactorAuthProvider totpTwoFactorAuthProvider;
-    @MockBean
-    private SmsService smsService;
-
-    @Before
-    public void beforeEach() throws Exception {
-        loginSysAdmin();
-    }
-
-
-    @Test
-    public void testSaveTwoFaSettings() throws Exception {
-        loginSysAdmin();
-        testSaveTestTwoFaSettings();
-
-        loginTenantAdmin();
-        testSaveTestTwoFaSettings();
-    }
-
-    private void testSaveTestTwoFaSettings() throws Exception {
-        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = new TotpTwoFactorAuthProviderConfig();
-        totpTwoFaProviderConfig.setIssuerName("tb");
-        SmsTwoFactorAuthProviderConfig smsTwoFaProviderConfig = new SmsTwoFactorAuthProviderConfig();
-        smsTwoFaProviderConfig.setSmsVerificationMessageTemplate("${verificationCode}");
-
-        saveProvidersConfigs(totpTwoFaProviderConfig, smsTwoFaProviderConfig);
-
-        TwoFactorAuthSettings savedTwoFaSettings = readResponse(doGet("/api/2fa/settings").andExpect(status().isOk()), TwoFactorAuthSettings.class);
-
-        assertThat(savedTwoFaSettings.getProviders()).hasSize(2);
-        assertThat(savedTwoFaSettings.getProviders()).contains(totpTwoFaProviderConfig, smsTwoFaProviderConfig);
-    }
-
-    @Test
-    public void testSaveTotpTwoFaProviderConfig_validationError() throws Exception {
-        TotpTwoFactorAuthProviderConfig invalidTotpTwoFaProviderConfig = new TotpTwoFactorAuthProviderConfig();
-        invalidTotpTwoFaProviderConfig.setIssuerName("   ");
-
-        String errorResponse = saveTwoFaSettingsAndGetError(invalidTotpTwoFaProviderConfig);
-        assertThat(errorResponse).containsIgnoringCase("issuer name must not be blank");
-    }
-
-    @Test
-    public void testSaveSmsTwoFaProviderConfig_validationError() throws Exception {
-        SmsTwoFactorAuthProviderConfig invalidSmsTwoFaProviderConfig = new SmsTwoFactorAuthProviderConfig();
-        invalidSmsTwoFaProviderConfig.setSmsVerificationMessageTemplate("does not contain verification code");
-
-        String errorResponse = saveTwoFaSettingsAndGetError(invalidSmsTwoFaProviderConfig);
-        assertThat(errorResponse).containsIgnoringCase("must contain verification code");
-    }
-
-    private String saveTwoFaSettingsAndGetError(TwoFactorAuthProviderConfig invalidTwoFaProviderConfig) throws Exception {
-        TwoFactorAuthSettings twoFaSettings = new TwoFactorAuthSettings();
-        twoFaSettings.setProviders(Collections.singletonList(invalidTwoFaProviderConfig));
-
-        return getErrorMessage(doPost("/api/2fa/settings", twoFaSettings)
-                .andExpect(status().isBadRequest()));
-    }
-
-    @Test
-    public void testSaveTwoFaAccountConfig_providerNotConfigured() throws Exception {
-        configureSmsTwoFaProvider("${verificationCode}");
-
-        loginTenantAdmin();
-
-        TwoFactorAuthProviderType notConfiguredProviderType = TwoFactorAuthProviderType.TOTP;
-        String errorMessage = getErrorMessage(doPost("/api/2fa/account/config/generate?providerType=" + notConfiguredProviderType)
-                .andExpect(status().isBadRequest()));
-        assertThat(errorMessage).containsIgnoringCase("provider is not configured");
-
-        TotpTwoFactorAuthAccountConfig notConfiguredProviderAccountConfig = new TotpTwoFactorAuthAccountConfig();
-        notConfiguredProviderAccountConfig.setAuthUrl("aba");
-        errorMessage = getErrorMessage(doPost("/api/2fa/account/config/submit", notConfiguredProviderAccountConfig));
-        assertThat(errorMessage).containsIgnoringCase("provider is not configured");
-    }
-
-    @Test
-    public void testGenerateTotpTwoFaAccountConfig() throws Exception {
-        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = configureTotpTwoFaProvider();
-
-        loginTenantAdmin();
-
-        assertThat(readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), String.class)).isNullOrEmpty();
-        generateTotpTwoFaAccountConfig(totpTwoFaProviderConfig);
-    }
-
-    @Test
-    public void testSubmitTotpTwoFaAccountConfig() throws Exception {
-        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = configureTotpTwoFaProvider();
-
-        loginTenantAdmin();
-
-        TotpTwoFactorAuthAccountConfig generatedTotpTwoFaAccountConfig = generateTotpTwoFaAccountConfig(totpTwoFaProviderConfig);
-        doPost("/api/2fa/account/config/submit", generatedTotpTwoFaAccountConfig).andExpect(status().isOk());
-        verify(totpTwoFactorAuthProvider).prepareVerificationCode(argThat(user -> user.getEmail().equals(TENANT_ADMIN_EMAIL)),
-                eq(totpTwoFaProviderConfig), eq(generatedTotpTwoFaAccountConfig));
-    }
-
-    @Test
-    public void testVerifyAndSaveTotpTwoFaAccountConfig() throws Exception {
-        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = configureTotpTwoFaProvider();
-
-        loginTenantAdmin();
-
-        TotpTwoFactorAuthAccountConfig generatedTotpTwoFaAccountConfig = generateTotpTwoFaAccountConfig(totpTwoFaProviderConfig);
-
-        String secret = UriComponentsBuilder.fromUriString(generatedTotpTwoFaAccountConfig.getAuthUrl()).build()
-                .getQueryParams().getFirst("secret");
-        String correctVerificationCode = new Totp(secret).now();
-
-        doPost("/api/2fa/account/config?verificationCode=" + correctVerificationCode, generatedTotpTwoFaAccountConfig)
-                .andExpect(status().isOk());
-
-        TwoFactorAuthAccountConfig twoFaAccountConfig = readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), TwoFactorAuthAccountConfig.class);
-        assertThat(twoFaAccountConfig).isEqualTo(generatedTotpTwoFaAccountConfig);
-    }
-
-    @Test
-    public void testVerifyAndSaveTotpTwoFaAccountConfig_incorrectVerificationCode() throws Exception {
-        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = configureTotpTwoFaProvider();
-
-        loginTenantAdmin();
-
-        TotpTwoFactorAuthAccountConfig generatedTotpTwoFaAccountConfig = generateTotpTwoFaAccountConfig(totpTwoFaProviderConfig);
-
-        String incorrectVerificationCode = "100000";
-        String errorMessage = getErrorMessage(doPost("/api/2fa/account/config?verificationCode=" + incorrectVerificationCode, generatedTotpTwoFaAccountConfig)
-                .andExpect(status().isBadRequest()));
-
-        assertThat(errorMessage).containsIgnoringCase("verification code is incorrect");
-    }
-
-    private TotpTwoFactorAuthAccountConfig generateTotpTwoFaAccountConfig(TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig) throws Exception {
-        TwoFactorAuthAccountConfig generatedTwoFaAccountConfig = readResponse(doPost("/api/2fa/account/config/generate?providerType=TOTP")
-                .andExpect(status().isOk()), TwoFactorAuthAccountConfig.class);
-        assertThat(generatedTwoFaAccountConfig).isInstanceOf(TotpTwoFactorAuthAccountConfig.class);
-
-        assertThat(((TotpTwoFactorAuthAccountConfig) generatedTwoFaAccountConfig)).satisfies(accountConfig -> {
-            UriComponents otpAuthUrl = UriComponentsBuilder.fromUriString(accountConfig.getAuthUrl()).build();
-            assertThat(otpAuthUrl.getScheme()).isEqualTo("otpauth");
-            assertThat(otpAuthUrl.getHost()).isEqualTo("totp");
-            assertThat(otpAuthUrl.getQueryParams().getFirst("issuer")).isEqualTo(totpTwoFaProviderConfig.getIssuerName());
-            assertThat(otpAuthUrl.getPath()).isEqualTo("/%s:%s", totpTwoFaProviderConfig.getIssuerName(), TENANT_ADMIN_EMAIL);
-            assertThat(otpAuthUrl.getQueryParams().getFirst("secret")).satisfies(secretKey -> {
-                assertDoesNotThrow(() -> Base32.decode(secretKey));
-            });
-        });
-        return (TotpTwoFactorAuthAccountConfig) generatedTwoFaAccountConfig;
-    }
-
-
-    @Test
-    public void testGetTwoFaAccountConfig_whenProviderNotConfigured() throws Exception {
-        testVerifyAndSaveTotpTwoFaAccountConfig();
-        assertThat(readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()),
-                TotpTwoFactorAuthAccountConfig.class)).isNotNull();
-
-        loginSysAdmin();
-
-        saveProvidersConfigs();
-
-        assertThat(readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), String.class))
-                .isNullOrEmpty();
-    }
-
-//    @Test
-//    public void testSubmitSmsTwoFaAccountConfig() throws Exception {
-//        String verificationMessageTemplate = "Here is your verification code: ${verificationCode}";
-//        SmsTwoFactorAuthProviderConfig smsTwoFaProviderConfig = configureSmsTwoFaProvider(verificationMessageTemplate);
-//
-//        SmsTwoFactorAuthAccountConfig smsTwoFaAccountConfig = new SmsTwoFactorAuthAccountConfig();
-//        smsTwoFaAccountConfig.setPhoneNumber("+38054159785");
-//
-//        String verificationCode = ""; ?
-//
-//        verify(smsService).sendSms(eq(tenantId), any(), argThat(phoneNumbers -> {
-//            return phoneNumbers[0].equals(smsTwoFaAccountConfig.getPhoneNumber())
-//        }), eq("Here is your verification code: " + verificationCode));
-//    }
-
-
-
-    private TotpTwoFactorAuthProviderConfig configureTotpTwoFaProvider() throws Exception {
-        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = new TotpTwoFactorAuthProviderConfig();
-        totpTwoFaProviderConfig.setIssuerName("tb");
-
-        saveProvidersConfigs(totpTwoFaProviderConfig);
-        return totpTwoFaProviderConfig;
-    }
-
-    private SmsTwoFactorAuthProviderConfig configureSmsTwoFaProvider(String verificationMessageTemplate) throws Exception {
-        SmsTwoFactorAuthProviderConfig smsTwoFaProviderConfig = new SmsTwoFactorAuthProviderConfig();
-        smsTwoFaProviderConfig.setSmsVerificationMessageTemplate(verificationMessageTemplate);
-
-        saveProvidersConfigs(smsTwoFaProviderConfig);
-        return smsTwoFaProviderConfig;
-    }
-
-    private void saveProvidersConfigs(TwoFactorAuthProviderConfig... providerConfigs) throws Exception {
-        TwoFactorAuthSettings twoFaSettings = new TwoFactorAuthSettings();
-        twoFaSettings.setProviders(Arrays.stream(providerConfigs).collect(Collectors.toList()));
-        doPost("/api/2fa/settings", twoFaSettings).andExpect(status().isOk());
-    }
-
 }
diff --git a/application/src/test/java/org/thingsboard/server/controller/sql/TwoFactorAuthConfigSqlTest.java b/application/src/test/java/org/thingsboard/server/controller/sql/TwoFactorAuthConfigSqlTest.java
new file mode 100644
index 0000000000..591f995e9d
--- /dev/null
+++ b/application/src/test/java/org/thingsboard/server/controller/sql/TwoFactorAuthConfigSqlTest.java
@@ -0,0 +1,23 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.controller.sql;
+
+import org.thingsboard.server.dao.service.DaoSqlTest;
+import org.thingsboard.server.controller.TwoFactorAuthConfigTest;
+
+@DaoSqlTest
+public class TwoFactorAuthConfigSqlTest extends TwoFactorAuthConfigTest {
+}

From bc6c38c36cfc269ac3a8d0b98d48337e661a1fa0 Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Tue, 22 Mar 2022 15:46:30 +0200
Subject: [PATCH 12/92] Change `isAuthenticated()` check to
 `hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')` in
 controllers

---
 .../server/controller/AuthController.java          |  6 +++---
 .../server/controller/DashboardController.java     |  4 ++--
 .../controller/TwoFactorAuthConfigController.java  | 14 +++++++-------
 3 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/AuthController.java b/application/src/main/java/org/thingsboard/server/controller/AuthController.java
index 4887bc205d..72be55a135 100644
--- a/application/src/main/java/org/thingsboard/server/controller/AuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/AuthController.java
@@ -82,7 +82,7 @@ public class AuthController extends BaseController {
 
     @ApiOperation(value = "Get current User (getUser)",
             notes = "Get the information about the User which credentials are used to perform this REST API call.")
-    @PreAuthorize("isAuthenticated()")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
     @RequestMapping(value = "/auth/user", method = RequestMethod.GET)
     public @ResponseBody
     User getUser() throws ThingsboardException {
@@ -96,7 +96,7 @@ public class AuthController extends BaseController {
 
     @ApiOperation(value = "Logout (logout)",
             notes = "Special API call to record the 'logout' of the user to the Audit Logs. Since platform uses [JWT](https://jwt.io/), the actual logout is the procedure of clearing the [JWT](https://jwt.io/) token on the client side. ")
-    @PreAuthorize("isAuthenticated()")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
     @RequestMapping(value = "/auth/logout", method = RequestMethod.POST)
     @ResponseStatus(value = HttpStatus.OK)
     public void logout(HttpServletRequest request) throws ThingsboardException {
@@ -105,7 +105,7 @@ public class AuthController extends BaseController {
 
     @ApiOperation(value = "Change password for current User (changePassword)",
             notes = "Change the password for the User which credentials are used to perform this REST API call. Be aware that previously generated [JWT](https://jwt.io/) tokens will be still valid until they expire.")
-    @PreAuthorize("isAuthenticated()")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
     @RequestMapping(value = "/auth/changePassword", method = RequestMethod.POST)
     @ResponseStatus(value = HttpStatus.OK)
     public ObjectNode changePassword(
diff --git a/application/src/main/java/org/thingsboard/server/controller/DashboardController.java b/application/src/main/java/org/thingsboard/server/controller/DashboardController.java
index 49c33045a5..72b0aaa76e 100644
--- a/application/src/main/java/org/thingsboard/server/controller/DashboardController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/DashboardController.java
@@ -671,7 +671,7 @@ public class DashboardController extends BaseController {
                     "If 'homeDashboardId' parameter is not set on the User and Customer levels then checks the same parameter for the Tenant that owns the user. "
                     + DASHBOARD_DEFINITION + TENANT_OR_CUSTOMER_AUTHORITY_PARAGRAPH,
             produces = MediaType.APPLICATION_JSON_VALUE)
-    @PreAuthorize("isAuthenticated()")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
     @RequestMapping(value = "/dashboard/home", method = RequestMethod.GET)
     @ResponseBody
     public HomeDashboard getHomeDashboard() throws ThingsboardException {
@@ -708,7 +708,7 @@ public class DashboardController extends BaseController {
                     "If 'homeDashboardId' parameter is not set on the User and Customer levels then checks the same parameter for the Tenant that owns the user. " +
                     TENANT_OR_CUSTOMER_AUTHORITY_PARAGRAPH,
             produces = MediaType.APPLICATION_JSON_VALUE)
-    @PreAuthorize("isAuthenticated()")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
     @RequestMapping(value = "/dashboard/home/info", method = RequestMethod.GET)
     @ResponseBody
     public HomeDashboardInfo getHomeDashboardInfo() throws ThingsboardException {
diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java
index 527c862c95..85991aab32 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java
@@ -32,12 +32,12 @@ import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.queue.util.TbCoreComponent;
+import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
 import org.thingsboard.server.service.security.auth.mfa.config.account.TotpTwoFactorAuthAccountConfig;
 import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
-import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 import javax.servlet.ServletOutputStream;
@@ -55,14 +55,14 @@ public class TwoFactorAuthConfigController extends BaseController {
 
 
     @GetMapping("/account/config")
-    @PreAuthorize("isAuthenticated()")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
     public TwoFactorAuthAccountConfig getTwoFaAccountConfig() throws ThingsboardException {
         SecurityUser user = getCurrentUser();
         return twoFactorAuthConfigManager.getTwoFaAccountConfig(user.getTenantId(), user.getId()).orElse(null);
     }
 
     @PostMapping("/account/config/generate")
-    @PreAuthorize("isAuthenticated()")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
     public TwoFactorAuthAccountConfig generateTwoFaAccountConfig(@RequestParam TwoFactorAuthProviderType providerType) throws Exception {
         SecurityUser user = getCurrentUser();
         return twoFactorAuthService.generateNewAccountConfig(user, providerType);
@@ -70,7 +70,7 @@ public class TwoFactorAuthConfigController extends BaseController {
 
     /* TMP */
     @PostMapping("/account/config/generate/qr")
-    @PreAuthorize("isAuthenticated()")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
     public void generateTwoFaAccountConfigWithQr(@RequestParam TwoFactorAuthProviderType providerType, HttpServletResponse response) throws Exception {
         TwoFactorAuthAccountConfig config = generateTwoFaAccountConfig(providerType);
         if (providerType == TwoFactorAuthProviderType.TOTP) {
@@ -84,14 +84,14 @@ public class TwoFactorAuthConfigController extends BaseController {
     /* TMP */
 
     @PostMapping("/account/config/submit")
-    @PreAuthorize("isAuthenticated()")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
     public void submitTwoFaAccountConfig(@Valid @RequestBody TwoFactorAuthAccountConfig accountConfig) throws Exception {
         SecurityUser user = getCurrentUser();
         twoFactorAuthService.prepareVerificationCode(user, accountConfig, false);
     }
 
     @PostMapping("/account/config")
-    @PreAuthorize("isAuthenticated()")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
     public void verifyAndSaveTwoFaAccountConfig(@Valid @RequestBody TwoFactorAuthAccountConfig accountConfig,
                                                 @RequestParam String verificationCode) throws Exception {
         SecurityUser user = getCurrentUser();
@@ -104,7 +104,7 @@ public class TwoFactorAuthConfigController extends BaseController {
     }
 
     @DeleteMapping("/account/config")
-    @PreAuthorize("isAuthenticated()")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
     public void deleteTwoFactorAuthAccountConfig() throws ThingsboardException {
         SecurityUser user = getCurrentUser();
         twoFactorAuthConfigManager.deleteTwoFaAccountConfig(user.getTenantId(), user.getId());

From 8bbe6bafd8f1127bfd047f16cc9b349de59eabd2 Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Tue, 22 Mar 2022 15:49:57 +0200
Subject: [PATCH 13/92] Refactor 2FA; add refilling setting to TbRateLimits

---
 .../controller/TwoFactorAuthController.java   |  6 +++--
 .../auth/mfa/DefaultTwoFactorAuthService.java | 24 +++++++++++++-----
 .../mfa/config/TwoFactorAuthSettings.java     |  2 +-
 .../impl/OtpBasedTwoFactorAuthProvider.java   |  1 -
 .../impl/SmsTwoFactorAuthProvider.java        |  2 +-
 ...RestAwareAuthenticationSuccessHandler.java |  4 +--
 .../security/model/token/JwtTokenFactory.java | 25 +++++++++++--------
 .../server/common/msg/tools/TbRateLimits.java | 10 +++++---
 .../server/dao/user/UserServiceImpl.java      |  1 +
 9 files changed, 48 insertions(+), 27 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
index d858f64899..b95e1d6099 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@@ -17,7 +17,6 @@ package org.thingsboard.server.controller;
 
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -25,6 +24,7 @@ import org.springframework.web.bind.annotation.RestController;
 import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
 import org.thingsboard.server.service.security.auth.rest.RestAuthenticationDetails;
@@ -53,6 +53,7 @@ public class TwoFactorAuthController extends BaseController {
     private final TwoFactorAuthService twoFactorAuthService;
     private final JwtTokenFactory tokenFactory;
     private final SystemSecurityService systemSecurityService;
+    private final UserService userService;
 
 
     @PostMapping("/verification/send")
@@ -69,9 +70,10 @@ public class TwoFactorAuthController extends BaseController {
         boolean verificationSuccess = twoFactorAuthService.checkVerificationCode(user, verificationCode, true);
         if (verificationSuccess) {
             systemSecurityService.logLoginAction(user, new RestAuthenticationDetails(servletRequest), ActionType.LOGIN, null);
+            user = new SecurityUser(userService.findUserById(user.getTenantId(), user.getId()), true, user.getUserPrincipal());
             return tokenFactory.createTokenPair(user);
         } else {
-            ThingsboardException error = new ThingsboardException("Verification code is incorrect", ThingsboardErrorCode.AUTHENTICATION);
+            ThingsboardException error = new ThingsboardException("Verification code is incorrect", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
             systemSecurityService.logLoginAction(user, new RestAuthenticationDetails(servletRequest), ActionType.LOGIN, error);
             throw error;
         }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
index 1012f27d25..ee9e252831 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
@@ -16,9 +16,10 @@
 package org.thingsboard.server.service.security.auth.mfa;
 
 import lombok.RequiredArgsConstructor;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.LockedException;
 import org.springframework.stereotype.Service;
-import org.thingsboard.server.common.data.StringUtils;
 import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
@@ -76,7 +77,7 @@ public class DefaultTwoFactorAuthService implements TwoFactorAuthService {
         if (checkLimits) {
             if (StringUtils.isNotEmpty(twoFaSettings.getVerificationCodeSendRateLimit())) {
                 TbRateLimits rateLimits = verificationCodeSendingRateLimits.computeIfAbsent(securityUser.getId(), sessionId -> {
-                    return new TbRateLimits(twoFaSettings.getVerificationCodeSendRateLimit());
+                    return new TbRateLimits(twoFaSettings.getVerificationCodeSendRateLimit(), true);
                 });
                 if (!rateLimits.tryConsume()) {
                     throw new ThingsboardException("Too many verification code sending requests", ThingsboardErrorCode.TOO_MANY_REQUESTS);
@@ -107,19 +108,30 @@ public class DefaultTwoFactorAuthService implements TwoFactorAuthService {
         if (checkLimits) {
             if (StringUtils.isNotEmpty(twoFaSettings.getVerificationCodeCheckRateLimit())) {
                 TbRateLimits rateLimits = verificationCodeCheckingRateLimits.computeIfAbsent(securityUser.getId(), sessionId -> {
-                    return new TbRateLimits(twoFaSettings.getVerificationCodeCheckRateLimit());
+                    return new TbRateLimits(twoFaSettings.getVerificationCodeCheckRateLimit(), true);
                 });
                 if (!rateLimits.tryConsume()) {
                     throw new ThingsboardException("Too many verification code checking requests", ThingsboardErrorCode.TOO_MANY_REQUESTS);
                 }
             }
         }
-
         TwoFactorAuthProviderConfig providerConfig = twoFaSettings.getProviderConfig(accountConfig.getProviderType())
                 .orElseThrow(() -> PROVIDER_NOT_CONFIGURED_ERROR);
-        boolean verificationSuccess = getTwoFaProvider(accountConfig.getProviderType()).checkVerificationCode(securityUser, verificationCode, providerConfig, accountConfig);
+
+        boolean verificationSuccess;
+        if (StringUtils.isNumeric(verificationCode) && verificationCode.length() == 6) {
+            verificationSuccess = getTwoFaProvider(accountConfig.getProviderType()).checkVerificationCode(securityUser, verificationCode, providerConfig, accountConfig);
+        } else {
+            verificationSuccess = false;
+        }
         if (checkLimits) {
-            systemSecurityService.validateTwoFaVerification(securityUser, verificationSuccess, twoFaSettings);
+            try {
+                systemSecurityService.validateTwoFaVerification(securityUser, verificationSuccess, twoFaSettings);
+            } catch (LockedException e) {
+                verificationCodeCheckingRateLimits.remove(securityUser.getId());
+                verificationCodeSendingRateLimits.remove(securityUser.getId());
+                throw new ThingsboardException(e.getMessage(), ThingsboardErrorCode.AUTHENTICATION);
+            }
             if (verificationSuccess) {
                 verificationCodeCheckingRateLimits.remove(securityUser.getId());
                 verificationCodeSendingRateLimits.remove(securityUser.getId());
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
index 72da35e744..65e7ce2c04 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
@@ -42,7 +42,7 @@ public class TwoFactorAuthSettings {
     @ApiModelProperty(example = "10")
     @Min(value = 0, message = "maximum number of verification failure before user lockout must be positive")
     private int maxVerificationFailuresBeforeUserLockout;
-    @ApiModelProperty(value = "in minutes", example = "60")
+    @ApiModelProperty(value = "in seconds", example = "3600 (60 minutes)")
     @Min(value = 1, message = "total amount of time allotted for verification must be greater than 0")
     private Integer totalAllowedTimeForVerification;
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java
index db6653ffe9..edeaf7ba3d 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java
@@ -65,7 +65,6 @@ public abstract class OtpBasedTwoFactorAuthProvider<C extends OtpBasedTwoFactorA
         return false;
     }
 
-    // FIXME [viacheslav]: periodically clean up codes cache
 
     @Data
     public static class Otp {
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java
index e633a0afd1..d6d99d03e8 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java
@@ -35,7 +35,7 @@ public class SmsTwoFactorAuthProvider extends OtpBasedTwoFactorAuthProvider<SmsT
 
     private final SmsService smsService;
 
-    public SmsTwoFactorAuthProvider(SmsService smsService, CacheManager cacheManager) {
+    public SmsTwoFactorAuthProvider(CacheManager cacheManager, SmsService smsService) {
         super(cacheManager);
         this.smsService = smsService;
     }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
index 5d4aa20f1a..c930dfffe9 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
@@ -54,8 +54,8 @@ public class RestAwareAuthenticationSuccessHandler implements AuthenticationSucc
         JwtTokenPair tokenPair = new JwtTokenPair();
 
         if (authentication instanceof MfaAuthenticationToken) {
-            int preVerificationTokenLifetime = (int) TimeUnit.MINUTES.toSeconds(twoFactorAuthConfigManager.getTwoFaSettings(securityUser.getTenantId(), true)
-                    .flatMap(settings -> Optional.ofNullable(settings.getTotalAllowedTimeForVerification())).orElse(30));
+            int preVerificationTokenLifetime = twoFactorAuthConfigManager.getTwoFaSettings(securityUser.getTenantId(), true)
+                    .flatMap(settings -> Optional.ofNullable(settings.getTotalAllowedTimeForVerification())).orElse((int) TimeUnit.MINUTES.toSeconds(30));
             tokenPair.setToken(tokenFactory.createPreVerificationToken(securityUser, preVerificationTokenLifetime).getToken());
             tokenPair.setRefreshToken(null);
             tokenPair.setScope(Authority.PRE_VERIFICATION_TOKEN);
diff --git a/application/src/main/java/org/thingsboard/server/service/security/model/token/JwtTokenFactory.java b/application/src/main/java/org/thingsboard/server/service/security/model/token/JwtTokenFactory.java
index 5cfb461b44..a8e6f9cb5c 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/model/token/JwtTokenFactory.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/model/token/JwtTokenFactory.java
@@ -115,21 +115,22 @@ public class JwtTokenFactory {
         } else if (securityUser.getAuthority() == Authority.SYS_ADMIN) {
             securityUser.setTenantId(TenantId.SYS_TENANT_ID);
         }
+        String customerId = claims.get(CUSTOMER_ID, String.class);
+        if (customerId != null) {
+            securityUser.setCustomerId(new CustomerId(UUID.fromString(customerId)));
+        }
 
+        UserPrincipal principal;
         if (securityUser.getAuthority() != Authority.PRE_VERIFICATION_TOKEN) {
             securityUser.setFirstName(claims.get(FIRST_NAME, String.class));
             securityUser.setLastName(claims.get(LAST_NAME, String.class));
             securityUser.setEnabled(claims.get(ENABLED, Boolean.class));
             boolean isPublic = claims.get(IS_PUBLIC, Boolean.class);
-            UserPrincipal principal = new UserPrincipal(isPublic ? UserPrincipal.Type.PUBLIC_ID : UserPrincipal.Type.USER_NAME, subject);
-            securityUser.setUserPrincipal(principal);
-            String customerId = claims.get(CUSTOMER_ID, String.class);
-            if (customerId != null) {
-                securityUser.setCustomerId(new CustomerId(UUID.fromString(customerId)));
-            }
+            principal = new UserPrincipal(isPublic ? UserPrincipal.Type.PUBLIC_ID : UserPrincipal.Type.USER_NAME, subject);
         } else {
-            securityUser.setUserPrincipal(new UserPrincipal(UserPrincipal.Type.USER_NAME, subject));
+            principal = new UserPrincipal(UserPrincipal.Type.USER_NAME, subject);
         }
+        securityUser.setUserPrincipal(principal);
 
         return securityUser;
     }
@@ -164,10 +165,12 @@ public class JwtTokenFactory {
     }
 
     public JwtToken createPreVerificationToken(SecurityUser user, Integer expirationTime) {
-        String token = setUpToken(user, Collections.singletonList(Authority.PRE_VERIFICATION_TOKEN.name()), expirationTime)
-                .claim(TENANT_ID, user.getTenantId().toString())
-                .compact();
-        return new AccessJwtToken(token);
+        JwtBuilder jwtBuilder = setUpToken(user, Collections.singletonList(Authority.PRE_VERIFICATION_TOKEN.name()), expirationTime)
+                .claim(TENANT_ID, user.getTenantId().toString());
+        if (user.getCustomerId() != null) {
+            jwtBuilder.claim(CUSTOMER_ID, user.getCustomerId().toString());
+        }
+        return new AccessJwtToken(jwtBuilder.compact());
     }
 
     private JwtBuilder setUpToken(SecurityUser securityUser, List<String> scopes, long expirationTime) {
diff --git a/common/message/src/main/java/org/thingsboard/server/common/msg/tools/TbRateLimits.java b/common/message/src/main/java/org/thingsboard/server/common/msg/tools/TbRateLimits.java
index afcbe1b3b9..f7a75381c9 100644
--- a/common/message/src/main/java/org/thingsboard/server/common/msg/tools/TbRateLimits.java
+++ b/common/message/src/main/java/org/thingsboard/server/common/msg/tools/TbRateLimits.java
@@ -17,6 +17,7 @@ package org.thingsboard.server.common.msg.tools;
 
 import io.github.bucket4j.Bandwidth;
 import io.github.bucket4j.Bucket4j;
+import io.github.bucket4j.Refill;
 import io.github.bucket4j.local.LocalBucket;
 import io.github.bucket4j.local.LocalBucketBuilder;
 
@@ -29,12 +30,17 @@ public class TbRateLimits {
     private final LocalBucket bucket;
 
     public TbRateLimits(String limitsConfiguration) {
+        this(limitsConfiguration, false);
+    }
+
+    public TbRateLimits(String limitsConfiguration, boolean refillIntervally) {
         LocalBucketBuilder builder = Bucket4j.builder();
         boolean initialized = false;
         for (String limitSrc : limitsConfiguration.split(",")) {
             long capacity = Long.parseLong(limitSrc.split(":")[0]);
             long duration = Long.parseLong(limitSrc.split(":")[1]);
-            builder.addLimit(Bandwidth.simple(capacity, Duration.ofSeconds(duration)));
+            Refill refill = refillIntervally ? Refill.intervally(capacity, Duration.ofSeconds(duration)) : Refill.greedy(capacity, Duration.ofSeconds(duration));
+            builder.addLimit(Bandwidth.classic(capacity, refill));
             initialized = true;
         }
         if (initialized) {
@@ -42,8 +48,6 @@ public class TbRateLimits {
         } else {
             throw new IllegalArgumentException("Failed to parse rate limits configuration: " + limitsConfiguration);
         }
-
-
     }
 
     public boolean tryConsume() {
diff --git a/dao/src/main/java/org/thingsboard/server/dao/user/UserServiceImpl.java b/dao/src/main/java/org/thingsboard/server/dao/user/UserServiceImpl.java
index b8c7b8e9f9..869a4b4700 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/user/UserServiceImpl.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/user/UserServiceImpl.java
@@ -323,6 +323,7 @@ public class UserServiceImpl extends AbstractEntityService implements UserServic
         }
         ((ObjectNode) additionalInfo).put(LAST_LOGIN_TS, System.currentTimeMillis());
         user.setAdditionalInfo(additionalInfo);
+        saveUser(user);
     }
 
     @Override

From 5ed306881f3d934b57d43cea9b0ffd4bd4e1032e Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Tue, 22 Mar 2022 15:54:11 +0200
Subject: [PATCH 14/92] Tests for 2FA

---
 .../controller/TwoFactorAuthController.java   |   8 +-
 .../controller/TwoFactorAuthConfigTest.java   |  14 +-
 .../server/controller/TwoFactorAuthTest.java  | 375 +++++++++++++++++-
 3 files changed, 375 insertions(+), 22 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
index b95e1d6099..b93df6e751 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@@ -36,13 +36,7 @@ import org.thingsboard.server.service.security.system.SystemSecurityService;
 import javax.servlet.http.HttpServletRequest;
 
 /*
- * TODO [viacheslav]:
- *  - Swagger documentation
- *
- * TODO [viacheslav] (later):
- *  - 2FA entries should be secured against code injection by code validation
- *  - ability to force users to use 2FA (maybe on log in, do not give them token pair but to give temporary
- *      token to configure 2FA account config); also will need to make users configure 2FA during activation and password setup...
+ * FIXME [viacheslav]: Swagger documentation
  * */
 @RestController
 @RequestMapping("/api/auth/2fa")
diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
index 01e2bc496e..38ff2e0702 100644
--- a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
@@ -29,7 +29,6 @@ import org.springframework.web.util.UriComponents;
 import org.springframework.web.util.UriComponentsBuilder;
 import org.thingsboard.rule.engine.api.SmsService;
 import org.thingsboard.server.common.data.CacheConstants;
-import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
@@ -100,7 +99,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
         twoFaSettings.setVerificationCodeSendRateLimit("1:60");
         twoFaSettings.setVerificationCodeCheckRateLimit("3:900");
         twoFaSettings.setMaxVerificationFailuresBeforeUserLockout(10);
-        twoFaSettings.setTotalAllowedTimeForVerification(60);
+        twoFaSettings.setTotalAllowedTimeForVerification(3600);
 
         doPost("/api/2fa/settings", twoFaSettings).andExpect(status().isOk());
 
@@ -497,9 +496,10 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
     }
 
     @Test
-    public void testIsTwoFaEnabled() throws ThingsboardException {
+    public void testIsTwoFaEnabled() throws Exception {
+        configureSmsTwoFaProvider("${verificationCode}");
         SmsTwoFactorAuthAccountConfig accountConfig = new SmsTwoFactorAuthAccountConfig();
-        accountConfig.setPhoneNumber("+380505050");
+        accountConfig.setPhoneNumber("+38050505050");
         twoFactorAuthConfigManager.saveTwoFaAccountConfig(tenantId, tenantAdminUserId, accountConfig);
 
         assertThat(twoFactorAuthConfigManager.isTwoFaEnabled(tenantId, tenantAdminUserId)).isTrue();
@@ -507,12 +507,14 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
     @Test
     public void testDeleteTwoFaAccountConfig() throws Exception {
+        configureSmsTwoFaProvider("${verificationCode}");
         SmsTwoFactorAuthAccountConfig accountConfig = new SmsTwoFactorAuthAccountConfig();
-        accountConfig.setPhoneNumber("+380505050");
-        twoFactorAuthConfigManager.saveTwoFaAccountConfig(tenantId, tenantAdminUserId, accountConfig);
+        accountConfig.setPhoneNumber("+38050505050");
 
         loginTenantAdmin();
 
+        twoFactorAuthConfigManager.saveTwoFaAccountConfig(tenantId, tenantAdminUserId, accountConfig);
+
         TwoFactorAuthAccountConfig savedAccountConfig = readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), TwoFactorAuthAccountConfig.class);
         assertThat(savedAccountConfig).isEqualTo(accountConfig);
 
diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
index 4a9888ada1..09d1208df3 100644
--- a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
@@ -15,15 +15,372 @@
  */
 package org.thingsboard.server.controller;
 
-/*
-* TODO [viacheslav]
-*  check validation of the verification code
-*  test rate limits
-*  test code expiration
-*  test pre-verification token lifetime
-*  test user blocking
-*  test log login action, lastLoginTs, and authentication details
-* */
+import com.fasterxml.jackson.databind.JsonNode;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.jboss.aerogear.security.otp.Totp;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.ArgumentCaptor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.mock.mockito.MockBean;
+import org.thingsboard.rule.engine.api.SmsService;
+import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.common.data.audit.ActionStatus;
+import org.thingsboard.server.common.data.audit.ActionType;
+import org.thingsboard.server.common.data.audit.AuditLog;
+import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.TenantId;
+import org.thingsboard.server.common.data.page.PageLink;
+import org.thingsboard.server.common.data.page.SortOrder;
+import org.thingsboard.server.common.data.page.TimePageLink;
+import org.thingsboard.server.common.data.security.Authority;
+import org.thingsboard.server.dao.audit.AuditLogService;
+import org.thingsboard.server.dao.user.UserService;
+import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
+import org.thingsboard.server.service.security.auth.mfa.config.account.SmsTwoFactorAuthAccountConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.account.TotpTwoFactorAuthAccountConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.provider.SmsTwoFactorAuthProviderConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.provider.TotpTwoFactorAuthProviderConfig;
+import org.thingsboard.server.service.security.auth.mfa.config.provider.TwoFactorAuthProviderConfig;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.service.security.auth.rest.LoginRequest;
+import org.thingsboard.server.service.security.model.JwtTokenPair;
+
+import java.time.Duration;
+import java.util.Arrays;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+import java.util.function.Consumer;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.awaitility.Awaitility.await;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.junit.jupiter.api.Assertions.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.verify;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
 public abstract class TwoFactorAuthTest extends AbstractControllerTest {
 
+    @Autowired
+    private TwoFactorAuthConfigManager twoFactorAuthConfigManager;
+    @Autowired
+    private TwoFactorAuthService twoFactorAuthService;
+    @MockBean
+    private SmsService smsService;
+    @Autowired
+    private AuditLogService auditLogService;
+    @Autowired
+    private UserService userService;
+
+    private User user;
+    private String username;
+    private String password;
+
+    @Before
+    public void beforeEach() throws Exception {
+        username = "mfa@tb.io";
+        password = "psswrd";
+
+        user = new User();
+        user.setAuthority(Authority.TENANT_ADMIN);
+        user.setEmail(username);
+        user.setTenantId(tenantId);
+
+        loginSysAdmin();
+        user = createUser(user, password);
+    }
+
+    @After
+    public void afterEach() {
+        twoFactorAuthConfigManager.deleteTwoFaSettings(tenantId);
+        twoFactorAuthConfigManager.deleteTwoFaSettings(TenantId.SYS_TENANT_ID);
+    }
+
+    @Test
+    public void testTwoFa_totp() throws Exception {
+        TotpTwoFactorAuthAccountConfig totpTwoFaAccountConfig = configureTotpTwoFa();
+
+        logInWithPreVerificationToken();
+
+        doPost("/api/auth/2fa/verification/send")
+                .andExpect(status().isOk());
+
+        String correctVerificationCode = getCorrectTotp(totpTwoFaAccountConfig);
+
+        JsonNode tokenPair = readResponse(doPost("/api/auth/2fa/verification/check?verificationCode=" + correctVerificationCode)
+                .andExpect(status().isOk()), JsonNode.class);
+        validateAndSetJwtToken(tokenPair, username);
+
+        User currentUser = readResponse(doGet("/api/auth/user")
+                .andExpect(status().isOk()), User.class);
+        assertThat(currentUser.getId()).isEqualTo(user.getId());
+    }
+
+    @Test
+    public void testTwoFa_sms() throws Exception {
+        configureSmsTwoFa();
+
+        logInWithPreVerificationToken();
+
+        doPost("/api/auth/2fa/verification/send")
+                .andExpect(status().isOk());
+
+        ArgumentCaptor<String> verificationCodeCaptor = ArgumentCaptor.forClass(String.class);
+        verify(smsService).sendSms(eq(tenantId), any(), any(), verificationCodeCaptor.capture());
+        String correctVerificationCode = verificationCodeCaptor.getValue();
+
+        JsonNode tokenPair = readResponse(doPost("/api/auth/2fa/verification/check?verificationCode=" + correctVerificationCode)
+                .andExpect(status().isOk()), JsonNode.class);
+        validateAndSetJwtToken(tokenPair, username);
+
+        User currentUser = readResponse(doGet("/api/auth/user")
+                .andExpect(status().isOk()), User.class);
+        assertThat(currentUser.getId()).isEqualTo(user.getId());
+    }
+
+    @Test
+    public void testTwoFaPreVerificationTokenLifetime() throws Exception {
+        configureTotpTwoFa(twoFaSettings -> {
+            twoFaSettings.setTotalAllowedTimeForVerification(5);
+        });
+
+        logInWithPreVerificationToken();
+
+        await("expiration of the pre-verification token")
+                .atLeast(Duration.ofSeconds(3).plusMillis(500))
+                .atMost(Duration.ofSeconds(6))
+                .untilAsserted(() -> {
+                    doPost("/api/auth/2fa/verification/send")
+                            .andExpect(status().isUnauthorized());
+                });
+    }
+
+    @Test
+    public void testCheckVerificationCode_userBlocked() throws Exception {
+        configureTotpTwoFa(twoFaSettings -> {
+            twoFaSettings.setMaxVerificationFailuresBeforeUserLockout(10);
+        });
+
+        logInWithPreVerificationToken();
+
+        Stream.generate(() -> RandomStringUtils.randomNumeric(6))
+                .limit(9)
+                .forEach(incorrectVerificationCode -> {
+                    try {
+                        String errorMessage = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=" + incorrectVerificationCode)
+                                .andExpect(status().isBadRequest()));
+                        assertThat(errorMessage).containsIgnoringCase("verification code is incorrect");
+                    } catch (Exception e) {
+                        fail();
+                    }
+                });
+
+        String errorMessage = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=" + RandomStringUtils.randomNumeric(6))
+                .andExpect(status().isUnauthorized()));
+        assertThat(errorMessage).containsIgnoringCase("account was locked due to exceeded 2fa verification attempts");
+
+        errorMessage = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=" + RandomStringUtils.randomNumeric(6))
+                .andExpect(status().isUnauthorized()));
+        assertThat(errorMessage).containsIgnoringCase("user is disabled");
+    }
+
+    @Test
+    public void testSendVerificationCode_rateLimit() throws Exception {
+        configureTotpTwoFa(twoFaSettings -> {
+            twoFaSettings.setVerificationCodeSendRateLimit("3:10");
+        });
+
+        logInWithPreVerificationToken();
+
+        for (int i = 0; i < 3; i++) {
+            doPost("/api/auth/2fa/verification/send")
+                    .andExpect(status().isOk());
+        }
+
+        String rateLimitExceededError = getErrorMessage(doPost("/api/auth/2fa/verification/send")
+                .andExpect(status().isTooManyRequests()));
+        assertThat(rateLimitExceededError).containsIgnoringCase("too many verification code sending requests");
+
+        await("verification code sending rate limit resetting")
+                .atLeast(Duration.ofSeconds(8))
+                .atMost(Duration.ofSeconds(12))
+                .untilAsserted(() -> {
+                    doPost("/api/auth/2fa/verification/send")
+                            .andExpect(status().isOk());
+                });
+    }
+
+    @Test
+    public void testCheckVerificationCode_rateLimit() throws Exception {
+        TotpTwoFactorAuthAccountConfig totpTwoFaAccountConfig = configureTotpTwoFa(twoFaSettings -> {
+            twoFaSettings.setVerificationCodeCheckRateLimit("3:10");
+        });
+
+        logInWithPreVerificationToken();
+
+        for (int i = 0; i < 3; i++) {
+            String incorrectVerificationCodeError = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=incorrect")
+                    .andExpect(status().isBadRequest()));
+            assertThat(incorrectVerificationCodeError).containsIgnoringCase("verification code is incorrect");
+        }
+
+        String rateLimitExceededError = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=incorrect")
+                .andExpect(status().isTooManyRequests()));
+        assertThat(rateLimitExceededError).containsIgnoringCase("too many verification code checking requests");
+
+        await("verification code checking rate limit resetting")
+                .atLeast(Duration.ofSeconds(8))
+                .atMost(Duration.ofSeconds(12))
+                .untilAsserted(() -> {
+                    String incorrectVerificationCodeError = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=incorrect")
+                            .andExpect(status().isBadRequest()));
+                    assertThat(incorrectVerificationCodeError).containsIgnoringCase("verification code is incorrect");
+                });
+
+        doPost("/api/auth/2fa/verification/check?verificationCode=" + getCorrectTotp(totpTwoFaAccountConfig))
+                .andExpect(status().isOk());
+    }
+
+    @Test
+    public void testCheckVerificationCode_invalidVerificationCode() throws Exception {
+        configureTotpTwoFa();
+        logInWithPreVerificationToken();
+
+        for (String invalidVerificationCode : new String[]{"1234567", "ab1212", "12311 ", "oewkriwejqf"}) {
+            String errorMessage = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=" + invalidVerificationCode)
+                    .andExpect(status().isBadRequest()));
+            assertThat(errorMessage).containsIgnoringCase("verification code is incorrect");
+        }
+    }
+
+    @Test
+    public void testCheckVerificationCode_codeExpiration() throws Exception {
+        configureSmsTwoFa(smsTwoFaProviderConfig -> {
+            smsTwoFaProviderConfig.setVerificationCodeLifetime(10);
+        });
+
+        logInWithPreVerificationToken();
+
+        ArgumentCaptor<String> verificationCodeCaptor = ArgumentCaptor.forClass(String.class);
+        doPost("/api/auth/2fa/verification/send").andExpect(status().isOk());
+        verify(smsService).sendSms(eq(tenantId), any(), any(), verificationCodeCaptor.capture());
+
+        String correctVerificationCode = verificationCodeCaptor.getValue();
+
+        await("verification code expiration")
+                .pollDelay(10, TimeUnit.SECONDS)
+                .atLeast(10, TimeUnit.SECONDS)
+                .atMost(12, TimeUnit.SECONDS)
+                .untilAsserted(() -> {
+                    String incorrectVerificationCodeError = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=" + correctVerificationCode)
+                            .andExpect(status().isBadRequest()));
+                    assertThat(incorrectVerificationCodeError).containsIgnoringCase("verification code is incorrect");
+                });
+    }
+
+    @Test
+    public void testTwoFa_logLoginAction() throws Exception {
+        TotpTwoFactorAuthAccountConfig totpTwoFaAccountConfig = configureTotpTwoFa();
+
+        logInWithPreVerificationToken();
+        await("async audit log saving").during(1, TimeUnit.SECONDS);
+        assertThat(getLogInAuditLogs()).isEmpty();
+        assertThat(userService.findUserById(tenantId, user.getId()).getAdditionalInfo()
+                .get("lastLoginTs")).isNull();
+
+        doPost("/api/auth/2fa/verification/check?verificationCode=incorrect")
+                .andExpect(status().isBadRequest());
+
+        await("async audit log saving").atMost(1, TimeUnit.SECONDS)
+                .until(() -> getLogInAuditLogs().size() == 1);
+        assertThat(getLogInAuditLogs().get(0)).satisfies(failedLogInAuditLog -> {
+            assertThat(failedLogInAuditLog.getActionStatus()).isEqualTo(ActionStatus.FAILURE);
+            assertThat(failedLogInAuditLog.getActionFailureDetails()).containsIgnoringCase("verification code is incorrect");
+            assertThat(failedLogInAuditLog.getUserName()).isEqualTo(username);
+        });
+
+        doPost("/api/auth/2fa/verification/check?verificationCode=" + getCorrectTotp(totpTwoFaAccountConfig))
+                .andExpect(status().isOk());
+        await("async audit log saving").atMost(1, TimeUnit.SECONDS)
+                .until(() -> getLogInAuditLogs().size() == 2);
+        assertThat(getLogInAuditLogs().get(0)).satisfies(successfulLogInAuditLog -> {
+            assertThat(successfulLogInAuditLog.getActionStatus()).isEqualTo(ActionStatus.SUCCESS);
+            assertThat(successfulLogInAuditLog.getUserName()).isEqualTo(username);
+        });
+        assertThat(userService.findUserById(tenantId, user.getId()).getAdditionalInfo()
+                .get("lastLoginTs").asLong())
+                .isGreaterThan(System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(3));
+    }
+
+    private List<AuditLog> getLogInAuditLogs() {
+        return auditLogService.findAuditLogsByTenantIdAndUserId(tenantId, user.getId(), List.of(ActionType.LOGIN),
+                new TimePageLink(new PageLink(10, 0, null, new SortOrder("createdTime", SortOrder.Direction.DESC)), 0L, System.currentTimeMillis())).getData();
+    }
+
+    @Test
+    public void testAuthWithoutTwoFaAccountConfig() throws ThingsboardException {
+        configureTotpTwoFa();
+        twoFactorAuthConfigManager.deleteTwoFaAccountConfig(tenantId, user.getId());
+
+        assertDoesNotThrow(() -> {
+            login(username, password);
+        });
+    }
+
+    private void logInWithPreVerificationToken() throws Exception {
+        LoginRequest loginRequest = new LoginRequest(username, password);
+
+        JwtTokenPair response = readResponse(doPost("/api/auth/login", loginRequest).andExpect(status().isOk()), JwtTokenPair.class);
+        assertThat(response.getToken()).isNotNull();
+        assertThat(response.getRefreshToken()).isNull();
+        assertThat(response.getScope()).isEqualTo(Authority.PRE_VERIFICATION_TOKEN);
+
+        this.token = response.getToken();
+    }
+
+    private TotpTwoFactorAuthAccountConfig configureTotpTwoFa(Consumer<TwoFactorAuthSettings>... customizer) throws ThingsboardException {
+        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = new TotpTwoFactorAuthProviderConfig();
+        totpTwoFaProviderConfig.setIssuerName("tb");
+
+        TwoFactorAuthSettings twoFaSettings = new TwoFactorAuthSettings();
+        twoFaSettings.setUseSystemTwoFactorAuthSettings(false);
+        twoFaSettings.setProviders(Arrays.stream(new TwoFactorAuthProviderConfig[]{totpTwoFaProviderConfig}).collect(Collectors.toList()));
+        Arrays.stream(customizer).forEach(c -> c.accept(twoFaSettings));
+        twoFactorAuthConfigManager.saveTwoFaSettings(tenantId, twoFaSettings);
+
+        TotpTwoFactorAuthAccountConfig totpTwoFaAccountConfig = (TotpTwoFactorAuthAccountConfig) twoFactorAuthService.generateNewAccountConfig(user, TwoFactorAuthProviderType.TOTP);
+        twoFactorAuthConfigManager.saveTwoFaAccountConfig(tenantId, user.getId(), totpTwoFaAccountConfig);
+        return totpTwoFaAccountConfig;
+    }
+
+    private SmsTwoFactorAuthAccountConfig configureSmsTwoFa(Consumer<SmsTwoFactorAuthProviderConfig>... customizer) throws ThingsboardException {
+        SmsTwoFactorAuthProviderConfig smsTwoFaProviderConfig = new SmsTwoFactorAuthProviderConfig();
+        smsTwoFaProviderConfig.setVerificationCodeLifetime(60);
+        smsTwoFaProviderConfig.setSmsVerificationMessageTemplate("${verificationCode}");
+        Arrays.stream(customizer).forEach(c -> c.accept(smsTwoFaProviderConfig));
+
+        TwoFactorAuthSettings twoFaSettings = new TwoFactorAuthSettings();
+        twoFaSettings.setUseSystemTwoFactorAuthSettings(false);
+        twoFaSettings.setProviders(Arrays.stream(new TwoFactorAuthProviderConfig[]{smsTwoFaProviderConfig}).collect(Collectors.toList()));
+        twoFactorAuthConfigManager.saveTwoFaSettings(tenantId, twoFaSettings);
+
+        SmsTwoFactorAuthAccountConfig smsTwoFaAccountConfig = new SmsTwoFactorAuthAccountConfig();
+        smsTwoFaAccountConfig.setPhoneNumber("+38050505050");
+        twoFactorAuthConfigManager.saveTwoFaAccountConfig(tenantId, user.getId(), smsTwoFaAccountConfig);
+        return smsTwoFaAccountConfig;
+    }
+
+    private String getCorrectTotp(TotpTwoFactorAuthAccountConfig totpTwoFaAccountConfig) {
+        String secret = StringUtils.substringAfterLast(totpTwoFaAccountConfig.getAuthUrl(), "secret=");
+        return new Totp(secret).now();
+    }
+
 }

From 472edc8409d5edc2f488dc7d8e627f807719e5c1 Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Wed, 23 Mar 2022 12:07:52 +0200
Subject: [PATCH 15/92] Refactor controller exceptions handling

---
 .../org/thingsboard/server/controller/BaseController.java | 8 +++++++-
 .../server/dao/service/ConstraintValidator.java           | 1 -
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/BaseController.java b/application/src/main/java/org/thingsboard/server/controller/BaseController.java
index f33767d9db..02810cc0d9 100644
--- a/application/src/main/java/org/thingsboard/server/controller/BaseController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/BaseController.java
@@ -285,7 +285,13 @@ public abstract class BaseController {
     @ExceptionHandler(Exception.class)
     public void handleControllerException(Exception e, HttpServletResponse response) {
         ThingsboardException thingsboardException = handleException(e);
-        handleThingsboardException(thingsboardException, response);
+        if (thingsboardException.getErrorCode() == ThingsboardErrorCode.GENERAL && thingsboardException.getCause() instanceof Exception
+                && StringUtils.equals(thingsboardException.getCause().getMessage(), thingsboardException.getMessage())) {
+            e = (Exception) thingsboardException.getCause();
+        } else {
+            e = thingsboardException;
+        }
+        errorResponseHandler.handle(e, response);
     }
 
     @ExceptionHandler(ThingsboardException.class)
diff --git a/dao/src/main/java/org/thingsboard/server/dao/service/ConstraintValidator.java b/dao/src/main/java/org/thingsboard/server/dao/service/ConstraintValidator.java
index 404eeb44cc..5faa605863 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/service/ConstraintValidator.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/service/ConstraintValidator.java
@@ -25,7 +25,6 @@ import org.thingsboard.server.dao.exception.DataValidationException;
 
 import javax.validation.ConstraintViolation;
 import javax.validation.Validation;
-import javax.validation.ValidationException;
 import javax.validation.Validator;
 import java.util.List;
 import java.util.Set;

From 6eb8a41f9a2607469b5adbd39f9fd1e046cc76ca Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Wed, 23 Mar 2022 19:38:44 +0200
Subject: [PATCH 16/92] Swagger docs for TwoFactorAuthConfigController and
 config classes

---
 .../TwoFactorAuthConfigController.java        | 78 +++++++++++++++++--
 .../mfa/config/TwoFactorAuthSettings.java     | 16 +++-
 .../SmsTwoFactorAuthAccountConfig.java        |  4 +
 .../TotpTwoFactorAuthAccountConfig.java       |  5 +-
 .../account/TwoFactorAuthAccountConfig.java   |  2 +-
 .../OtpBasedTwoFactorAuthProviderConfig.java  |  3 +-
 .../SmsTwoFactorAuthProviderConfig.java       |  5 ++
 .../TotpTwoFactorAuthProviderConfig.java      |  5 ++
 8 files changed, 104 insertions(+), 14 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java
index 85991aab32..29df21bca4 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java
@@ -19,6 +19,8 @@ import com.google.zxing.BarcodeFormat;
 import com.google.zxing.client.j2se.MatrixToImageWriter;
 import com.google.zxing.common.BitMatrix;
 import com.google.zxing.qrcode.QRCodeWriter;
+import io.swagger.annotations.ApiOperation;
+import io.swagger.annotations.ApiParam;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.DeleteMapping;
@@ -44,6 +46,8 @@ import javax.servlet.ServletOutputStream;
 import javax.servlet.http.HttpServletResponse;
 import javax.validation.Valid;
 
+import static org.thingsboard.server.controller.ControllerConstants.NEW_LINE;
+
 @RestController
 @RequestMapping("/api/2fa")
 @TbCoreComponent
@@ -54,6 +58,20 @@ public class TwoFactorAuthConfigController extends BaseController {
     private final TwoFactorAuthService twoFactorAuthService;
 
 
+    @ApiOperation(value = "Get 2FA account config (getTwoFaAccountConfig)",
+            notes = "Get user's account 2FA configuration. Returns empty result if user did not configured 2FA, " +
+                    "or if a provider for previously set up account config is not now configured." + NEW_LINE +
+                    ControllerConstants.AVAILABLE_FOR_ANY_AUTHORIZED_USER + NEW_LINE +
+                    "Response example for TOTP 2FA: " + NEW_LINE +
+                    "{\n" +
+                    "  \"providerType\": \"TOTP\",\n" +
+                    "  \"authUrl\": \"otpauth://totp/ThingsBoard:tenant@thingsboard.org?issuer=ThingsBoard&secret=FUNBIM3CXFNNGQR6ZIPVWHP65PPFWDII\"\n" +
+                    "}" + NEW_LINE +
+                    "Response example for SMS 2FA: " + NEW_LINE +
+                    "{\n" +
+                    "  \"providerType\": \"SMS\",\n" +
+                    "  \"phoneNumber\": \"+380505005050\"\n" +
+                    "}")
     @GetMapping("/account/config")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
     public TwoFactorAuthAccountConfig getTwoFaAccountConfig() throws ThingsboardException {
@@ -61,9 +79,29 @@ public class TwoFactorAuthConfigController extends BaseController {
         return twoFactorAuthConfigManager.getTwoFaAccountConfig(user.getTenantId(), user.getId()).orElse(null);
     }
 
+    @ApiOperation(value = "Generate 2FA account config (generateTwoFaAccountConfig)",
+            notes = "Generate new 2FA account config for specified provider type. " +
+                    "This method is only useful for TOTP 2FA, as there is nothing to generate for other provider types. " +
+                    "For TOTP, this will return a corresponding account config template " +
+                    "with a generated OTP auth URL (with new random secret key for each API call) that can be then " +
+                    "converted to a QR code to scan with an authenticator app. " +
+                    "For other provider types, this method will return an empty config. " + NEW_LINE +
+                    "Will throw an error (Bad Request) if the provider is not configured for usage. " +
+                    ControllerConstants.AVAILABLE_FOR_ANY_AUTHORIZED_USER + NEW_LINE +
+                    "Example of a generated account config for TOTP 2FA: " + NEW_LINE +
+                    "{\n" +
+                    "  \"providerType\": \"TOTP\",\n" +
+                    "  \"authUrl\": \"otpauth://totp/ThingsBoard:tenant@thingsboard.org?issuer=ThingsBoard&secret=FUNBIM3CXFNNGQR6ZIPVWHP65PPFWDII\"\n" +
+                    "}" + NEW_LINE +
+                    "For SMS provider type it will return something like: " + NEW_LINE +
+                    "{\n" +
+                    "  \"providerType\": \"SMS\",\n" +
+                    "  \"phoneNumber\": null\n" +
+                    "}")
     @PostMapping("/account/config/generate")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
-    public TwoFactorAuthAccountConfig generateTwoFaAccountConfig(@RequestParam TwoFactorAuthProviderType providerType) throws Exception {
+    public TwoFactorAuthAccountConfig generateTwoFaAccountConfig(@ApiParam(value = "2FA provider type to generate new account config for", defaultValue = "TOTP", required = true)
+                                                                 @RequestParam TwoFactorAuthProviderType providerType) throws Exception {
         SecurityUser user = getCurrentUser();
         return twoFactorAuthService.generateNewAccountConfig(user, providerType);
     }
@@ -83,16 +121,32 @@ public class TwoFactorAuthConfigController extends BaseController {
     }
     /* TMP */
 
+    @ApiOperation(value = "Submit 2FA account config (submitTwoFaAccountConfig)",
+            notes = "Submit 2FA account config to prepare for a future verification. " +
+                    "Basically, this method will send a verification code for a given account config, if this has " +
+                    "sense for a chosen 2FA provider. This code is needed to then verify and save the account config." + NEW_LINE +
+                    "Will throw an error (Bad Request) if submitted account config is not valid, " +
+                    "or if the provider is not configured for usage. " +
+                    ControllerConstants.AVAILABLE_FOR_ANY_AUTHORIZED_USER)
     @PostMapping("/account/config/submit")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
-    public void submitTwoFaAccountConfig(@Valid @RequestBody TwoFactorAuthAccountConfig accountConfig) throws Exception {
+    public void submitTwoFaAccountConfig(@ApiParam(value = "2FA account config value. For TOTP 2FA config, authUrl value must not be blank and must match specific pattern. " +
+            "For SMS 2FA, phoneNumber property must not be blank and must be of E.164 phone number format.", required = true)
+                                         @Valid @RequestBody TwoFactorAuthAccountConfig accountConfig) throws Exception {
         SecurityUser user = getCurrentUser();
         twoFactorAuthService.prepareVerificationCode(user, accountConfig, false);
     }
 
+    @ApiOperation(value = "Verify and save 2FA account config (verifyAndSaveTwoFaAccountConfig)",
+            notes = "Checks the verification code for submitted config, and if it is correct, saves the provided account config. " +
+                    "The config is stored in the user's additionalInfo. " + NEW_LINE +
+                    "Will throw an error (Bad Request) if the provider is not configured for usage. " +
+                    ControllerConstants.AVAILABLE_FOR_ANY_AUTHORIZED_USER)
     @PostMapping("/account/config")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
-    public void verifyAndSaveTwoFaAccountConfig(@Valid @RequestBody TwoFactorAuthAccountConfig accountConfig,
+    public void verifyAndSaveTwoFaAccountConfig(@ApiParam(value = "2FA account config to save. Validation rules are the same as in submitTwoFaAccountConfig API method", required = true)
+                                                @Valid @RequestBody TwoFactorAuthAccountConfig accountConfig,
+                                                @ApiParam(value = "6-digit code from an authenticator app in case of TOTP 2FA, or the one sent via an SMS message in case of SMS 2FA", required = true)
                                                 @RequestParam String verificationCode) throws Exception {
         SecurityUser user = getCurrentUser();
         boolean verificationSuccess = twoFactorAuthService.checkVerificationCode(user, verificationCode, accountConfig, false);
@@ -103,24 +157,34 @@ public class TwoFactorAuthConfigController extends BaseController {
         }
     }
 
+    @ApiOperation(value = "Delete 2FA account config (deleteTwoFaAccountConfig)",
+            notes = "Delete user's 2FA config. " + ControllerConstants.AVAILABLE_FOR_ANY_AUTHORIZED_USER)
     @DeleteMapping("/account/config")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
-    public void deleteTwoFactorAuthAccountConfig() throws ThingsboardException {
+    public void deleteTwoFaAccountConfig() throws ThingsboardException {
         SecurityUser user = getCurrentUser();
         twoFactorAuthConfigManager.deleteTwoFaAccountConfig(user.getTenantId(), user.getId());
     }
 
 
+    @ApiOperation(value = "Get 2FA settings (getTwoFaSettings)",
+            notes = "Get settings for 2FA. If 2FA is not configured, then an empty response will be returned." +
+                    ControllerConstants.SYSTEM_OR_TENANT_AUTHORITY_PARAGRAPH)
     @GetMapping("/settings")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
-    public TwoFactorAuthSettings getTwoFactorAuthSettings() throws ThingsboardException {
+    public TwoFactorAuthSettings getTwoFaSettings() throws ThingsboardException {
         return twoFactorAuthConfigManager.getTwoFaSettings(getTenantId(), false).orElse(null);
     }
 
+    @ApiOperation(value = "Save 2FA settings (saveTwoFaSettings)",
+            notes = "Save settings for 2FA. If a user is sysadmin - the settings are saved as AdminSettings; " +
+                    "if it is a tenant admin - as a tenant attribute." +
+                    ControllerConstants.SYSTEM_OR_TENANT_AUTHORITY_PARAGRAPH)
     @PostMapping("/settings")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
-    public void saveTwoFactorAuthSettings(@RequestBody TwoFactorAuthSettings twoFactorAuthSettings) throws ThingsboardException {
-        twoFactorAuthConfigManager.saveTwoFaSettings(getTenantId(), twoFactorAuthSettings);
+    public void saveTwoFaSettings(@ApiParam(value = "Settings value", required = true)
+                                  @RequestBody TwoFactorAuthSettings twoFaSettings) throws ThingsboardException {
+        twoFactorAuthConfigManager.saveTwoFaSettings(getTenantId(), twoFaSettings);
     }
 
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
index 65e7ce2c04..a39cfd1e37 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
@@ -15,6 +15,7 @@
  */
 package org.thingsboard.server.service.security.auth.mfa.config;
 
+import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import org.thingsboard.server.service.security.auth.mfa.config.provider.TwoFactorAuthProviderConfig;
@@ -27,22 +28,29 @@ import java.util.List;
 import java.util.Optional;
 
 @Data
+@ApiModel
 public class TwoFactorAuthSettings {
 
+    @ApiModelProperty(value = "Option for tenant admins to use 2FA settings configured by sysadmin. " +
+            "If this param is set to true, then the settings will not be validated for constraints " +
+            "(if it is a tenant admin; for sysadmin this param is ignored)")
     private boolean useSystemTwoFactorAuthSettings;
+    @ApiModelProperty(value = "The list of 2FA providers' configs. Users will only be allowed to use 2FA providers from this list.")
     @Valid
     private List<TwoFactorAuthProviderConfig> providers;
 
-    @ApiModelProperty(example = "1:60 (1 request per minute)")
+    @ApiModelProperty(value = "Rate limit configuration for verification code sending. The format is standard: 'amountOfRequests:periodInSeconds'. " +
+            "The value of '1:60' would limit verification code sending requests to one per minute.", example = "1:60", required = false)
     @Pattern(regexp = "[1-9]\\d*:[1-9]\\d*", message = "verification code send rate limit configuration is invalid")
     private String verificationCodeSendRateLimit;
-    @ApiModelProperty(example = "3:900 (3 requests per 15 minutes)")
+    @ApiModelProperty(value = "Rate limit configuration for verification code checking.", example = "3:900", required = false)
     @Pattern(regexp = "[1-9]\\d*:[1-9]\\d*", message = "verification code check rate limit configuration is invalid")
     private String verificationCodeCheckRateLimit;
-    @ApiModelProperty(example = "10")
+    @ApiModelProperty(value = "Maximum number of verification failures before a user gets disabled.", example = "10", required = false)
     @Min(value = 0, message = "maximum number of verification failure before user lockout must be positive")
     private int maxVerificationFailuresBeforeUserLockout;
-    @ApiModelProperty(value = "in seconds", example = "3600 (60 minutes)")
+    @ApiModelProperty(value = "Total amount of time in seconds allotted for verification. " +
+            "Basically, this property sets a lifetime for pre-verification token. If not set, default value of 30 minutes is used.", example = "3600", required = false)
     @Min(value = 1, message = "total amount of time allotted for verification must be greater than 0")
     private Integer totalAllowedTimeForVerification;
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/SmsTwoFactorAuthAccountConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/SmsTwoFactorAuthAccountConfig.java
index c921c5aafe..ece6b780a4 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/SmsTwoFactorAuthAccountConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/SmsTwoFactorAuthAccountConfig.java
@@ -15,6 +15,8 @@
  */
 package org.thingsboard.server.service.security.auth.mfa.config.account;
 
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
@@ -22,10 +24,12 @@ import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthPr
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.Pattern;
 
+@ApiModel
 @EqualsAndHashCode(callSuper = true)
 @Data
 public class SmsTwoFactorAuthAccountConfig extends OtpBasedTwoFactorAuthAccountConfig {
 
+    @ApiModelProperty(value = "Phone number to use for 2FA. Must no be blank and must be of E.164 number format.", required = true)
     @NotBlank(message = "phone number cannot be blank")
     @Pattern(regexp = "^\\+[1-9]\\d{1,14}$", message = "phone number is not of E.164 format")
     private String phoneNumber;
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TotpTwoFactorAuthAccountConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TotpTwoFactorAuthAccountConfig.java
index 7c92955043..c67b1ee345 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TotpTwoFactorAuthAccountConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TotpTwoFactorAuthAccountConfig.java
@@ -15,6 +15,7 @@
  */
 package org.thingsboard.server.service.security.auth.mfa.config.account;
 
+import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
@@ -22,10 +23,12 @@ import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthPr
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.Pattern;
 
+@ApiModel
 @Data
 public class TotpTwoFactorAuthAccountConfig implements TwoFactorAuthAccountConfig {
 
-    @ApiModelProperty(example = "otpauth://totp/ThingsBoard:tenant@thingsboard.org?issuer=ThingsBoard&secret=FUNBIM3CXFNNGQR6ZIPVWHP65PPFWDII")
+    @ApiModelProperty(value = "OTP auth URL used to generate a QR code to scan with an authenticator app. Must not be blank and must follow specific pattern.",
+            example = "otpauth://totp/ThingsBoard:tenant@thingsboard.org?issuer=ThingsBoard&secret=FUNBIM3CXFNNGQR6ZIPVWHP65PPFWDII", required = true)
     @NotBlank(message = "OTP auth URL cannot be blank")
     @Pattern(regexp = "otpauth://totp/(\\S+?):(\\S+?)\\?issuer=(\\S+?)&secret=(\\w+?)", message = "OTP auth url is invalid")
     private String authUrl;
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java
index d1947a72be..31ee1e2807 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java
@@ -27,7 +27,7 @@ import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthPr
         use = JsonTypeInfo.Id.NAME,
         property = "providerType")
 @JsonSubTypes({
-        @Type(name = "TOTP", value = TotpTwoFactorAuthAccountConfig.class ),
+        @Type(name = "TOTP", value = TotpTwoFactorAuthAccountConfig.class),
         @Type(name = "SMS", value = SmsTwoFactorAuthAccountConfig.class)
 })
 public interface TwoFactorAuthAccountConfig {
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/OtpBasedTwoFactorAuthProviderConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/OtpBasedTwoFactorAuthProviderConfig.java
index 597c3e1e46..6b4ef92cda 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/OtpBasedTwoFactorAuthProviderConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/OtpBasedTwoFactorAuthProviderConfig.java
@@ -22,7 +22,8 @@ import javax.validation.constraints.Min;
 
 @Data
 public abstract class OtpBasedTwoFactorAuthProviderConfig implements TwoFactorAuthProviderConfig {
-    @ApiModelProperty(value = "in seconds", example = "60")
+    @ApiModelProperty(value = "Verification code lifetime in seconds. Verification codes with a lifetime bigger than this param " +
+            "will be considered incorrect", example = "60", required = true)
     @Min(value = 1, message = "verification code lifetime is required")
     private int verificationCodeLifetime;
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java
index 8b34419041..a589905292 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java
@@ -15,6 +15,8 @@
  */
 package org.thingsboard.server.service.security.auth.mfa.config.provider;
 
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
@@ -22,10 +24,13 @@ import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthPr
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.Pattern;
 
+@ApiModel(parent = OtpBasedTwoFactorAuthProviderConfig.class)
 @EqualsAndHashCode(callSuper = true)
 @Data
 public class SmsTwoFactorAuthProviderConfig extends OtpBasedTwoFactorAuthProviderConfig {
 
+    @ApiModelProperty(value = "SMS verification message template. Available template variables are ${verificationCode} and ${userEmail}. " +
+            "It must not be blank and must contain verification code variable.", required = true)
     @NotBlank(message = "verification message template is required")
     @Pattern(regexp = ".*\\$\\{verificationCode}.*", message = "template must contain verification code")
     private String smsVerificationMessageTemplate;
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TotpTwoFactorAuthProviderConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TotpTwoFactorAuthProviderConfig.java
index e1604bb618..8c0c324ae0 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TotpTwoFactorAuthProviderConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TotpTwoFactorAuthProviderConfig.java
@@ -15,14 +15,19 @@
  */
 package org.thingsboard.server.service.security.auth.mfa.config.provider;
 
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
 
 import javax.validation.constraints.NotBlank;
 
+@ApiModel
 @Data
 public class TotpTwoFactorAuthProviderConfig implements TwoFactorAuthProviderConfig {
 
+    @ApiModelProperty(value = "Issuer name that will be displayed in an authenticator app near a username. " +
+            "Must not be blank.", example = "ThingsBoard", required = true)
     @NotBlank(message = "issuer name must not be blank")
     private String issuerName;
 

From 0915113a24c02262accfda8c2c63faae30be0019 Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Wed, 23 Mar 2022 19:57:18 +0200
Subject: [PATCH 17/92] Swagger docs for TwoFactorAuthController

---
 .../controller/TwoFactorAuthController.java   | 25 +++++++++++++++----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
index b93df6e751..5339c7a6a8 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@@ -15,6 +15,8 @@
  */
 package org.thingsboard.server.controller;
 
+import io.swagger.annotations.ApiOperation;
+import io.swagger.annotations.ApiParam;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -35,9 +37,8 @@ import org.thingsboard.server.service.security.system.SystemSecurityService;
 
 import javax.servlet.http.HttpServletRequest;
 
-/*
- * FIXME [viacheslav]: Swagger documentation
- * */
+import static org.thingsboard.server.controller.ControllerConstants.NEW_LINE;
+
 @RestController
 @RequestMapping("/api/auth/2fa")
 @TbCoreComponent
@@ -50,16 +51,30 @@ public class TwoFactorAuthController extends BaseController {
     private final UserService userService;
 
 
+    @ApiOperation(value = "Request 2FA verification code (requestTwoFaVerificationCode)",
+            notes = "Request 2FA verification code." + NEW_LINE +
+                    "To make a request to this endpoint, you need an access token with the scope of PRE_VERIFICATION_TOKEN, " +
+                    "which is issued on username/password auth if 2FA is enabled." + NEW_LINE +
+                    "The API method is rate limited (using rate limit config from TwoFactorAuthSettings). " +
+                    "Will return a Bad Request error if provider is not configured for usage, " +
+                    "and Too Many Requests error if rate limits are exceeded.")
     @PostMapping("/verification/send")
     @PreAuthorize("hasAuthority('PRE_VERIFICATION_TOKEN')")
-    public void sendTwoFaVerificationCode() throws Exception {
+    public void requestTwoFaVerificationCode() throws Exception {
         SecurityUser user = getCurrentUser();
         twoFactorAuthService.prepareVerificationCode(user, true);
     }
 
+    @ApiOperation(value = "Check 2FA verification code (checkTwoFaVerificationCode)",
+            notes = "Checks 2FA verification code, and if it is correct the method returns a regular access and refresh token pair." + NEW_LINE +
+                    "The API method is rate limited (using rate limit config from TwoFactorAuthSettings), and also will block a user " +
+                    "after X unsuccessful verification attempts if such behavior is configured (in TwoFactorAuthSettings)." + NEW_LINE +
+                    "Will return a Bad Request error if provider is not configured for usage, " +
+                    "and Too Many Requests error if rate limits are exceeded.")
     @PostMapping("/verification/check")
     @PreAuthorize("hasAuthority('PRE_VERIFICATION_TOKEN')")
-    public JwtTokenPair checkTwoFaVerificationCode(@RequestParam String verificationCode, HttpServletRequest servletRequest) throws Exception {
+    public JwtTokenPair checkTwoFaVerificationCode(@ApiParam(value = "6-digit verification code", required = true)
+                                                   @RequestParam String verificationCode, HttpServletRequest servletRequest) throws Exception {
         SecurityUser user = getCurrentUser();
         boolean verificationSuccess = twoFactorAuthService.checkVerificationCode(user, verificationCode, true);
         if (verificationSuccess) {

From b7db4ed60415133ef5342412598d6e87d052314b Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Thu, 24 Mar 2022 14:00:17 +0200
Subject: [PATCH 18/92] Minor 2FA refactoring

---
 .../server/controller/TwoFactorAuthController.java | 14 ++++++++++++++
 .../provider/SmsTwoFactorAuthProviderConfig.java   |  3 ++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
index 5339c7a6a8..1575673dcf 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@@ -19,6 +19,7 @@ import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -29,6 +30,9 @@ import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
+import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
 import org.thingsboard.server.service.security.auth.rest.RestAuthenticationDetails;
 import org.thingsboard.server.service.security.model.JwtTokenPair;
 import org.thingsboard.server.service.security.model.SecurityUser;
@@ -46,6 +50,7 @@ import static org.thingsboard.server.controller.ControllerConstants.NEW_LINE;
 public class TwoFactorAuthController extends BaseController {
 
     private final TwoFactorAuthService twoFactorAuthService;
+    private final TwoFactorAuthConfigManager twoFactorAuthConfigManager;
     private final JwtTokenFactory tokenFactory;
     private final SystemSecurityService systemSecurityService;
     private final UserService userService;
@@ -88,4 +93,13 @@ public class TwoFactorAuthController extends BaseController {
         }
     }
 
+    @ApiOperation(value = "Get currently used 2FA provider type (getCurrentlyUsedTwoFaProviderType)")
+    @GetMapping("/provider/type")
+    @PreAuthorize("hasAuthority('PRE_VERIFICATION_TOKEN')")
+    public TwoFactorAuthProviderType getCurrentlyUsedTwoFaProviderType() throws ThingsboardException {
+        SecurityUser user = getCurrentUser();
+        return twoFactorAuthConfigManager.getTwoFaAccountConfig(user.getTenantId(), user.getId())
+                .map(TwoFactorAuthAccountConfig::getProviderType).orElse(null);
+    }
+
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java
index a589905292..88eca4cb2c 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java
@@ -30,7 +30,8 @@ import javax.validation.constraints.Pattern;
 public class SmsTwoFactorAuthProviderConfig extends OtpBasedTwoFactorAuthProviderConfig {
 
     @ApiModelProperty(value = "SMS verification message template. Available template variables are ${verificationCode} and ${userEmail}. " +
-            "It must not be blank and must contain verification code variable.", required = true)
+            "It must not be blank and must contain verification code variable.",
+            example = "Here is your verification code: ${verificationCode}", required = true)
     @NotBlank(message = "verification message template is required")
     @Pattern(regexp = ".*\\$\\{verificationCode}.*", message = "template must contain verification code")
     private String smsVerificationMessageTemplate;

From 95f41810ac347e782baf7e00d3ad90dc3be27e22 Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Tue, 29 Mar 2022 11:32:27 +0300
Subject: [PATCH 19/92] Store 2FA account config is UserCredentials'
 additionalInfo

---
 .../DefaultTwoFactorAuthConfigManager.java    | 42 ++++++++++++-------
 .../server/dao/user/UserService.java          | 14 +++----
 .../common/data/security/UserCredentials.java |  9 +++-
 .../dao/model/sql/UserCredentialsEntity.java  | 11 +++++
 .../main/resources/sql/schema-entities.sql    |  3 +-
 5 files changed, 53 insertions(+), 26 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFactorAuthConfigManager.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFactorAuthConfigManager.java
index bd486a6af0..ebdd03d734 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFactorAuthConfigManager.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFactorAuthConfigManager.java
@@ -15,6 +15,7 @@
  */
 package org.thingsboard.server.service.security.auth.mfa.config;
 
+import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.node.ObjectNode;
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
@@ -22,13 +23,13 @@ import org.springframework.stereotype.Service;
 import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.server.common.data.AdminSettings;
 import org.thingsboard.server.common.data.DataConstants;
-import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.kv.BaseAttributeKvEntry;
 import org.thingsboard.server.common.data.kv.JsonDataEntry;
+import org.thingsboard.server.common.data.security.UserCredentials;
 import org.thingsboard.server.dao.attributes.AttributesService;
 import org.thingsboard.server.dao.service.ConstraintValidator;
 import org.thingsboard.server.dao.settings.AdminSettingsDao;
@@ -41,6 +42,7 @@ import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthPr
 import java.util.Collections;
 import java.util.Optional;
 import java.util.concurrent.ExecutionException;
+import java.util.function.Consumer;
 
 @Service
 @RequiredArgsConstructor
@@ -62,9 +64,8 @@ public class DefaultTwoFactorAuthConfigManager implements TwoFactorAuthConfigMan
 
     @Override
     public Optional<TwoFactorAuthAccountConfig> getTwoFaAccountConfig(TenantId tenantId, UserId userId) {
-        User user = userService.findUserById(tenantId, userId);
-        return Optional.ofNullable(user.getAdditionalInfo())
-                .flatMap(additionalInfo -> Optional.ofNullable(additionalInfo.get(TWO_FACTOR_AUTH_ACCOUNT_CONFIG_KEY)).filter(jsonNode -> !jsonNode.isNull()))
+        return Optional.ofNullable(getAccountInfo(tenantId, userId).get(TWO_FACTOR_AUTH_ACCOUNT_CONFIG_KEY))
+                .filter(JsonNode::isObject)
                 .map(jsonNode -> JacksonUtil.treeToValue(jsonNode, TwoFactorAuthAccountConfig.class))
                 .filter(twoFactorAuthAccountConfig -> {
                     return getTwoFaProviderConfig(tenantId, twoFactorAuthAccountConfig.getProviderType()).isPresent();
@@ -76,24 +77,33 @@ public class DefaultTwoFactorAuthConfigManager implements TwoFactorAuthConfigMan
         getTwoFaProviderConfig(tenantId, accountConfig.getProviderType())
                 .orElseThrow(() -> new ThingsboardException("2FA provider is not configured", ThingsboardErrorCode.BAD_REQUEST_PARAMS));
 
-        User user = userService.findUserById(tenantId, userId);
-        ObjectNode additionalInfo = (ObjectNode) Optional.ofNullable(user.getAdditionalInfo())
-                .orElseGet(JacksonUtil::newObjectNode);
-        additionalInfo.set(TWO_FACTOR_AUTH_ACCOUNT_CONFIG_KEY, JacksonUtil.valueToTree(accountConfig));
-        user.setAdditionalInfo(additionalInfo);
-
-        userService.saveUser(user);
+        updateAccountInfo(tenantId, userId, accountInfo -> {
+            accountInfo.set(TWO_FACTOR_AUTH_ACCOUNT_CONFIG_KEY, JacksonUtil.valueToTree(accountConfig));
+        });
     }
 
     @Override
     public void deleteTwoFaAccountConfig(TenantId tenantId, UserId userId) {
-        User user = userService.findUserById(tenantId, userId);
-        ObjectNode additionalInfo = (ObjectNode) Optional.ofNullable(user.getAdditionalInfo())
+        updateAccountInfo(tenantId, userId, accountInfo -> {
+            accountInfo.remove(TWO_FACTOR_AUTH_ACCOUNT_CONFIG_KEY);
+        });
+    }
+
+    private ObjectNode getAccountInfo(TenantId tenantId, UserId userId) {
+        return (ObjectNode) Optional.ofNullable(userService.findUserCredentialsByUserId(tenantId, userId).getAdditionalInfo())
+                .filter(JsonNode::isObject)
                 .orElseGet(JacksonUtil::newObjectNode);
-        additionalInfo.remove(TWO_FACTOR_AUTH_ACCOUNT_CONFIG_KEY);
-        user.setAdditionalInfo(additionalInfo);
+    }
 
-        userService.saveUser(user);
+    // FIXME [viacheslav]: upgrade script for credentials' additional info
+    private void updateAccountInfo(TenantId tenantId, UserId userId, Consumer<ObjectNode> updater) {
+        UserCredentials credentials = userService.findUserCredentialsByUserId(tenantId, userId);
+        ObjectNode additionalInfo = (ObjectNode) Optional.ofNullable(credentials.getAdditionalInfo())
+                .filter(JsonNode::isObject)
+                .orElseGet(JacksonUtil::newObjectNode);
+        updater.accept(additionalInfo);
+        credentials.setAdditionalInfo(additionalInfo);
+        userService.saveUserCredentials(tenantId, credentials);
     }
 
 
diff --git a/common/dao-api/src/main/java/org/thingsboard/server/dao/user/UserService.java b/common/dao-api/src/main/java/org/thingsboard/server/dao/user/UserService.java
index d5d29efa40..93da1ecd6c 100644
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/user/UserService.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/user/UserService.java
@@ -51,24 +51,24 @@ public interface UserService {
 
     UserCredentials replaceUserCredentials(TenantId tenantId, UserCredentials userCredentials);
 
-	void deleteUser(TenantId tenantId, UserId userId);
+    void deleteUser(TenantId tenantId, UserId userId);
 
     PageData<User> findUsersByTenantId(TenantId tenantId, PageLink pageLink);
 
     PageData<User> findTenantAdmins(TenantId tenantId, PageLink pageLink);
 
-	void deleteTenantAdmins(TenantId tenantId);
+    void deleteTenantAdmins(TenantId tenantId);
 
     PageData<User> findCustomerUsers(TenantId tenantId, CustomerId customerId, PageLink pageLink);
 
-	void deleteCustomerUsers(TenantId tenantId, CustomerId customerId);
+    void deleteCustomerUsers(TenantId tenantId, CustomerId customerId);
 
-	void setUserCredentialsEnabled(TenantId tenantId, UserId userId, boolean enabled);
+    void setUserCredentialsEnabled(TenantId tenantId, UserId userId, boolean enabled);
 
-	void resetFailedLoginAttempts(TenantId tenantId, UserId userId);
+    void resetFailedLoginAttempts(TenantId tenantId, UserId userId);
 
-	int increaseFailedLoginAttempts(TenantId tenantId, UserId userId);
+    int increaseFailedLoginAttempts(TenantId tenantId, UserId userId);
 
-	void setLastLoginTs(TenantId tenantId, UserId userId);
+    void setLastLoginTs(TenantId tenantId, UserId userId);
 
 }
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/UserCredentials.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/UserCredentials.java
index 3816d27131..9f8dab575b 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/UserCredentials.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/UserCredentials.java
@@ -16,12 +16,12 @@
 package org.thingsboard.server.common.data.security;
 
 import lombok.EqualsAndHashCode;
-import org.thingsboard.server.common.data.BaseData;
+import org.thingsboard.server.common.data.SearchTextBasedWithAdditionalInfo;
 import org.thingsboard.server.common.data.id.UserCredentialsId;
 import org.thingsboard.server.common.data.id.UserId;
 
 @EqualsAndHashCode(callSuper = true)
-public class UserCredentials extends BaseData<UserCredentialsId> {
+public class UserCredentials extends SearchTextBasedWithAdditionalInfo<UserCredentialsId> {
 
     private static final long serialVersionUID = -2108436378880529163L;
 
@@ -87,6 +87,11 @@ public class UserCredentials extends BaseData<UserCredentialsId> {
     public void setResetToken(String resetToken) {
         this.resetToken = resetToken;
     }
+    
+    @Override
+    public String getSearchText() {
+        return null;
+    }
 
     @Override
     public String toString() {
diff --git a/dao/src/main/java/org/thingsboard/server/dao/model/sql/UserCredentialsEntity.java b/dao/src/main/java/org/thingsboard/server/dao/model/sql/UserCredentialsEntity.java
index 4379af14e7..211977122a 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/model/sql/UserCredentialsEntity.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/model/sql/UserCredentialsEntity.java
@@ -15,14 +15,18 @@
  */
 package org.thingsboard.server.dao.model.sql;
 
+import com.fasterxml.jackson.databind.JsonNode;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
+import org.hibernate.annotations.Type;
+import org.hibernate.annotations.TypeDef;
 import org.thingsboard.server.common.data.id.UserCredentialsId;
 import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.security.UserCredentials;
 import org.thingsboard.server.dao.model.BaseEntity;
 import org.thingsboard.server.dao.model.BaseSqlEntity;
 import org.thingsboard.server.dao.model.ModelConstants;
+import org.thingsboard.server.dao.util.mapping.JsonStringType;
 
 import javax.persistence.Column;
 import javax.persistence.Entity;
@@ -31,6 +35,7 @@ import java.util.UUID;
 
 @Data
 @EqualsAndHashCode(callSuper = true)
+@TypeDef(name = "json", typeClass = JsonStringType.class)
 @Entity
 @Table(name = ModelConstants.USER_CREDENTIALS_COLUMN_FAMILY_NAME)
 public final class UserCredentialsEntity extends BaseSqlEntity<UserCredentials> implements BaseEntity<UserCredentials> {
@@ -50,6 +55,10 @@ public final class UserCredentialsEntity extends BaseSqlEntity<UserCredentials>
     @Column(name = ModelConstants.USER_CREDENTIALS_RESET_TOKEN_PROPERTY, unique = true)
     private String resetToken;
 
+    @Type(type = "json")
+    @Column(name = ModelConstants.ADDITIONAL_INFO_PROPERTY)
+    private JsonNode additionalInfo;
+
     public UserCredentialsEntity() {
         super();
     }
@@ -66,6 +75,7 @@ public final class UserCredentialsEntity extends BaseSqlEntity<UserCredentials>
         this.password = userCredentials.getPassword();
         this.activateToken = userCredentials.getActivateToken();
         this.resetToken = userCredentials.getResetToken();
+        this.additionalInfo = userCredentials.getAdditionalInfo();
     }
 
     @Override
@@ -79,6 +89,7 @@ public final class UserCredentialsEntity extends BaseSqlEntity<UserCredentials>
         userCredentials.setPassword(password);
         userCredentials.setActivateToken(activateToken);
         userCredentials.setResetToken(resetToken);
+        userCredentials.setAdditionalInfo(additionalInfo);
         return userCredentials;
     }
 
diff --git a/dao/src/main/resources/sql/schema-entities.sql b/dao/src/main/resources/sql/schema-entities.sql
index 4e2596485b..34bee652e2 100644
--- a/dao/src/main/resources/sql/schema-entities.sql
+++ b/dao/src/main/resources/sql/schema-entities.sql
@@ -370,7 +370,8 @@ CREATE TABLE IF NOT EXISTS user_credentials (
     enabled boolean,
     password varchar(255),
     reset_token varchar(255) UNIQUE,
-    user_id uuid UNIQUE
+    user_id uuid UNIQUE,
+    additional_info varchar
 );
 
 CREATE TABLE IF NOT EXISTS widget_type (

From 922436d38b6d2b57cb5e7de73ee9434e7a84d8fe Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Tue, 29 Mar 2022 16:30:57 +0300
Subject: [PATCH 20/92] Tests for rate limits with different refill strategy

---
 .../common/msg/tools/RateLimitsTest.java      | 87 +++++++++++++++++++
 1 file changed, 87 insertions(+)
 create mode 100644 common/message/src/test/java/org/thingsboard/server/common/msg/tools/RateLimitsTest.java

diff --git a/common/message/src/test/java/org/thingsboard/server/common/msg/tools/RateLimitsTest.java b/common/message/src/test/java/org/thingsboard/server/common/msg/tools/RateLimitsTest.java
new file mode 100644
index 0000000000..d4cc408558
--- /dev/null
+++ b/common/message/src/test/java/org/thingsboard/server/common/msg/tools/RateLimitsTest.java
@@ -0,0 +1,87 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.common.msg.tools;
+
+import org.junit.Test;
+
+import java.util.concurrent.TimeUnit;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.awaitility.Awaitility.await;
+
+public class RateLimitsTest {
+
+    @Test
+    public void testRateLimits_greedyRefill() {
+        for (int period = 1; period <= 5; period++) {
+            for (int capacity = 1; capacity <= 5; capacity++) {
+                testRateLimitWithGreedyRefill(capacity, period);
+            }
+        }
+    }
+
+    private void testRateLimitWithGreedyRefill(int capacity, int period) {
+        String rateLimitConfig = capacity + ":" + period;
+        TbRateLimits rateLimits = new TbRateLimits(rateLimitConfig);
+
+        rateLimits.tryConsume(capacity);
+        assertThat(rateLimits.tryConsume()).as("new token is available").isFalse();
+
+        int expectedRefillTime = (int) (((double) period / capacity) * 1000);
+        int gap = 100;
+
+        for (int i = 0; i < capacity; i++) {
+            await("token refill for rate limit " + rateLimitConfig)
+                    .atLeast(expectedRefillTime - gap, TimeUnit.MILLISECONDS)
+                    .atMost(expectedRefillTime + gap, TimeUnit.MILLISECONDS)
+                    .untilAsserted(() -> {
+                        assertThat(rateLimits.tryConsume()).as("token is available").isTrue();
+                    });
+            assertThat(rateLimits.tryConsume()).as("new token is available").isFalse();
+        }
+    }
+
+    @Test
+    public void testRateLimits_intervalRefill() {
+        for (int period = 1; period <= 3; period++) {
+            for (int capacity = 1; capacity <= 3; capacity++) {
+                testRateLimitWithIntervalRefill(capacity, period);
+            }
+        }
+    }
+
+    private void testRateLimitWithIntervalRefill(int capacity, int period) {
+        String rateLimitConfig = capacity + ":" + period;
+        TbRateLimits rateLimits = new TbRateLimits(rateLimitConfig, true);
+
+        rateLimits.tryConsume(capacity);
+        assertThat(rateLimits.tryConsume()).as("new token is available").isFalse();
+
+        int expectedRefillTime = period * 1000;
+        int gap = 100;
+
+        await("tokens refill for rate limit " + rateLimitConfig)
+                .atLeast(expectedRefillTime - gap, TimeUnit.MILLISECONDS)
+                .atMost(expectedRefillTime + gap, TimeUnit.MILLISECONDS)
+                .untilAsserted(() -> {
+                    for (int i = 0; i < capacity; i++) {
+                        assertThat(rateLimits.tryConsume()).as("token is available").isTrue();
+                    }
+                    assertThat(rateLimits.tryConsume()).as("new token is available").isFalse();
+                });
+    }
+
+}

From 190430ffc45da3971fcc652795d546b71adcec13 Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Tue, 29 Mar 2022 19:18:00 +0300
Subject: [PATCH 21/92] Store 2FA account config in UserAuthSettings table

---
 .../TwoFactorAuthConfigController.java        |  8 +-
 .../controller/TwoFactorAuthController.java   |  4 +-
 .../auth/mfa/DefaultTwoFactorAuthService.java |  8 +-
 .../auth/mfa/TwoFactorAuthService.java        |  4 +-
 .../DefaultTwoFactorAuthConfigManager.java    | 62 ++++++--------
 .../config/TwoFactorAuthConfigManager.java    |  3 +-
 .../mfa/provider/TwoFactorAuthProvider.java   |  5 +-
 .../impl/OtpBasedTwoFactorAuthProvider.java   |  4 +-
 .../impl/SmsTwoFactorAuthProvider.java        |  6 +-
 .../impl/TotpTwoFactorAuthProvider.java       |  6 +-
 .../system/DefaultSystemSecurityService.java  |  2 +-
 .../system/SystemSecurityService.java         |  2 +-
 .../controller/TwoFactorAuthConfigTest.java   | 16 ++--
 .../server/controller/TwoFactorAuthTest.java  | 14 ++--
 .../common/data/id/UserAuthSettingsId.java    | 26 ++++++
 .../data/security/UserAuthSettings.java       | 34 ++++++++
 .../model/mfa}/TwoFactorAuthSettings.java     |  6 +-
 .../OtpBasedTwoFactorAuthAccountConfig.java   |  2 +-
 .../SmsTwoFactorAuthAccountConfig.java        |  4 +-
 .../TotpTwoFactorAuthAccountConfig.java       |  4 +-
 .../account/TwoFactorAuthAccountConfig.java   |  4 +-
 .../OtpBasedTwoFactorAuthProviderConfig.java  |  2 +-
 .../SmsTwoFactorAuthProviderConfig.java       |  3 +-
 .../TotpTwoFactorAuthProviderConfig.java      |  3 +-
 .../provider/TwoFactorAuthProviderConfig.java |  3 +-
 .../provider/TwoFactorAuthProviderType.java   |  2 +-
 .../server/dao/model/ModelConstants.java      |  7 ++
 .../dao/model/sql/UserAuthSettingsEntity.java | 80 +++++++++++++++++++
 .../dao/sql/user/JpaUserAuthSettingsDao.java  | 56 +++++++++++++
 .../sql/user/UserAuthSettingsRepository.java  | 33 ++++++++
 .../server/dao/user/UserAuthSettingsDao.java  | 28 +++++++
 .../server/dao/user/UserServiceImpl.java      |  5 +-
 .../main/resources/sql/schema-entities.sql    |  8 ++
 33 files changed, 356 insertions(+), 98 deletions(-)
 create mode 100644 common/data/src/main/java/org/thingsboard/server/common/data/id/UserAuthSettingsId.java
 create mode 100644 common/data/src/main/java/org/thingsboard/server/common/data/security/UserAuthSettings.java
 rename {application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config => common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa}/TwoFactorAuthSettings.java (92%)
 rename {application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config => common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa}/account/OtpBasedTwoFactorAuthAccountConfig.java (91%)
 rename {application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config => common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa}/account/SmsTwoFactorAuthAccountConfig.java (89%)
 rename {application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config => common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa}/account/TotpTwoFactorAuthAccountConfig.java (90%)
 rename {application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config => common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa}/account/TwoFactorAuthAccountConfig.java (88%)
 rename {application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config => common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa}/provider/OtpBasedTwoFactorAuthProviderConfig.java (93%)
 rename {application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config => common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa}/provider/SmsTwoFactorAuthProviderConfig.java (91%)
 rename {application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config => common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa}/provider/TotpTwoFactorAuthProviderConfig.java (88%)
 rename {application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config => common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa}/provider/TwoFactorAuthProviderConfig.java (88%)
 rename {application/src/main/java/org/thingsboard/server/service/security/auth => common/data/src/main/java/org/thingsboard/server/common/data/security/model}/mfa/provider/TwoFactorAuthProviderType.java (90%)
 create mode 100644 dao/src/main/java/org/thingsboard/server/dao/model/sql/UserAuthSettingsEntity.java
 create mode 100644 dao/src/main/java/org/thingsboard/server/dao/sql/user/JpaUserAuthSettingsDao.java
 create mode 100644 dao/src/main/java/org/thingsboard/server/dao/sql/user/UserAuthSettingsRepository.java
 create mode 100644 dao/src/main/java/org/thingsboard/server/dao/user/UserAuthSettingsDao.java

diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java
index 29df21bca4..d4cc690604 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java
@@ -36,10 +36,10 @@ import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
-import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
-import org.thingsboard.server.service.security.auth.mfa.config.account.TotpTwoFactorAuthAccountConfig;
-import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.common.data.security.model.mfa.TwoFactorAuthSettings;
+import org.thingsboard.server.common.data.security.model.mfa.account.TotpTwoFactorAuthAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.account.TwoFactorAuthAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 import javax.servlet.ServletOutputStream;
diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
index 1575673dcf..2a74d565b5 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@@ -31,8 +31,8 @@ import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
-import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.common.data.security.model.mfa.account.TwoFactorAuthAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
 import org.thingsboard.server.service.security.auth.rest.RestAuthenticationDetails;
 import org.thingsboard.server.service.security.model.JwtTokenPair;
 import org.thingsboard.server.service.security.model.SecurityUser;
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
index ee9e252831..9b2b0b90bd 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
@@ -25,15 +25,15 @@ import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.id.UserId;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
 import org.thingsboard.server.common.msg.tools.TbRateLimits;
 import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
-import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
-import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
-import org.thingsboard.server.service.security.auth.mfa.config.provider.TwoFactorAuthProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.TwoFactorAuthSettings;
+import org.thingsboard.server.common.data.security.model.mfa.account.TwoFactorAuthAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderConfig;
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProvider;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.system.SystemSecurityService;
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
index e07ac2b2fa..d84236cfb5 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
@@ -17,8 +17,8 @@ package org.thingsboard.server.service.security.auth.mfa;
 
 import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
-import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.common.data.security.model.mfa.account.TwoFactorAuthAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 public interface TwoFactorAuthService {
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFactorAuthConfigManager.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFactorAuthConfigManager.java
index ebdd03d734..a74b8374af 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFactorAuthConfigManager.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFactorAuthConfigManager.java
@@ -15,8 +15,6 @@
  */
 package org.thingsboard.server.service.security.auth.mfa.config;
 
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.node.ObjectNode;
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
 import org.springframework.stereotype.Service;
@@ -29,31 +27,30 @@ import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.kv.BaseAttributeKvEntry;
 import org.thingsboard.server.common.data.kv.JsonDataEntry;
-import org.thingsboard.server.common.data.security.UserCredentials;
+import org.thingsboard.server.common.data.security.UserAuthSettings;
+import org.thingsboard.server.common.data.security.model.mfa.TwoFactorAuthSettings;
+import org.thingsboard.server.common.data.security.model.mfa.account.TwoFactorAuthAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
 import org.thingsboard.server.dao.attributes.AttributesService;
 import org.thingsboard.server.dao.service.ConstraintValidator;
 import org.thingsboard.server.dao.settings.AdminSettingsDao;
 import org.thingsboard.server.dao.settings.AdminSettingsService;
-import org.thingsboard.server.dao.user.UserService;
-import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
-import org.thingsboard.server.service.security.auth.mfa.config.provider.TwoFactorAuthProviderConfig;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.dao.user.UserAuthSettingsDao;
 
 import java.util.Collections;
 import java.util.Optional;
 import java.util.concurrent.ExecutionException;
-import java.util.function.Consumer;
 
 @Service
 @RequiredArgsConstructor
 public class DefaultTwoFactorAuthConfigManager implements TwoFactorAuthConfigManager {
 
-    private final UserService userService;
+    private final UserAuthSettingsDao userAuthSettingsDao;
     private final AdminSettingsService adminSettingsService;
     private final AdminSettingsDao adminSettingsDao;
     private final AttributesService attributesService;
 
-    protected static final String TWO_FACTOR_AUTH_ACCOUNT_CONFIG_KEY = "twoFaConfig";
     protected static final String TWO_FACTOR_AUTH_SETTINGS_KEY = "twoFaSettings";
 
 
@@ -64,12 +61,9 @@ public class DefaultTwoFactorAuthConfigManager implements TwoFactorAuthConfigMan
 
     @Override
     public Optional<TwoFactorAuthAccountConfig> getTwoFaAccountConfig(TenantId tenantId, UserId userId) {
-        return Optional.ofNullable(getAccountInfo(tenantId, userId).get(TWO_FACTOR_AUTH_ACCOUNT_CONFIG_KEY))
-                .filter(JsonNode::isObject)
-                .map(jsonNode -> JacksonUtil.treeToValue(jsonNode, TwoFactorAuthAccountConfig.class))
-                .filter(twoFactorAuthAccountConfig -> {
-                    return getTwoFaProviderConfig(tenantId, twoFactorAuthAccountConfig.getProviderType()).isPresent();
-                });
+        return Optional.ofNullable(userAuthSettingsDao.findByUserId(userId))
+                .flatMap(userAuthSettings -> Optional.ofNullable(userAuthSettings.getTwoFaAccountConfig()))
+                .filter(twoFaAccountConfig -> getTwoFaProviderConfig(tenantId, twoFaAccountConfig.getProviderType()).isPresent());
     }
 
     @Override
@@ -77,33 +71,23 @@ public class DefaultTwoFactorAuthConfigManager implements TwoFactorAuthConfigMan
         getTwoFaProviderConfig(tenantId, accountConfig.getProviderType())
                 .orElseThrow(() -> new ThingsboardException("2FA provider is not configured", ThingsboardErrorCode.BAD_REQUEST_PARAMS));
 
-        updateAccountInfo(tenantId, userId, accountInfo -> {
-            accountInfo.set(TWO_FACTOR_AUTH_ACCOUNT_CONFIG_KEY, JacksonUtil.valueToTree(accountConfig));
-        });
+        UserAuthSettings userAuthSettings = Optional.ofNullable(userAuthSettingsDao.findByUserId(userId))
+                .orElseGet(() -> {
+                    UserAuthSettings newUserAuthSettings = new UserAuthSettings();
+                    newUserAuthSettings.setUserId(userId);
+                    return newUserAuthSettings;
+                });
+        userAuthSettings.setTwoFaAccountConfig(accountConfig);
+        userAuthSettingsDao.save(tenantId, userAuthSettings);
     }
 
     @Override
     public void deleteTwoFaAccountConfig(TenantId tenantId, UserId userId) {
-        updateAccountInfo(tenantId, userId, accountInfo -> {
-            accountInfo.remove(TWO_FACTOR_AUTH_ACCOUNT_CONFIG_KEY);
-        });
-    }
-
-    private ObjectNode getAccountInfo(TenantId tenantId, UserId userId) {
-        return (ObjectNode) Optional.ofNullable(userService.findUserCredentialsByUserId(tenantId, userId).getAdditionalInfo())
-                .filter(JsonNode::isObject)
-                .orElseGet(JacksonUtil::newObjectNode);
-    }
-
-    // FIXME [viacheslav]: upgrade script for credentials' additional info
-    private void updateAccountInfo(TenantId tenantId, UserId userId, Consumer<ObjectNode> updater) {
-        UserCredentials credentials = userService.findUserCredentialsByUserId(tenantId, userId);
-        ObjectNode additionalInfo = (ObjectNode) Optional.ofNullable(credentials.getAdditionalInfo())
-                .filter(JsonNode::isObject)
-                .orElseGet(JacksonUtil::newObjectNode);
-        updater.accept(additionalInfo);
-        credentials.setAdditionalInfo(additionalInfo);
-        userService.saveUserCredentials(tenantId, credentials);
+        Optional.ofNullable(userAuthSettingsDao.findByUserId(userId))
+                .ifPresent(userAuthSettings -> {
+                    userAuthSettings.setTwoFaAccountConfig(null);
+                    userAuthSettingsDao.save(tenantId, userAuthSettings);
+                });
     }
 
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthConfigManager.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthConfigManager.java
index 96189bf584..d1c5999e7e 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthConfigManager.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthConfigManager.java
@@ -18,7 +18,8 @@ package org.thingsboard.server.service.security.auth.mfa.config;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.id.UserId;
-import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.TwoFactorAuthSettings;
+import org.thingsboard.server.common.data.security.model.mfa.account.TwoFactorAuthAccountConfig;
 
 import java.util.Optional;
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProvider.java
index 030482ac6d..6961aeeaec 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProvider.java
@@ -17,8 +17,9 @@ package org.thingsboard.server.service.security.auth.mfa.provider;
 
 import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
-import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
-import org.thingsboard.server.service.security.auth.mfa.config.provider.TwoFactorAuthProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.account.TwoFactorAuthAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 public interface TwoFactorAuthProvider<C extends TwoFactorAuthProviderConfig, A extends TwoFactorAuthAccountConfig> {
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java
index edeaf7ba3d..ce03f38230 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java
@@ -21,8 +21,8 @@ import org.springframework.cache.Cache;
 import org.springframework.cache.CacheManager;
 import org.thingsboard.server.common.data.CacheConstants;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
-import org.thingsboard.server.service.security.auth.mfa.config.account.OtpBasedTwoFactorAuthAccountConfig;
-import org.thingsboard.server.service.security.auth.mfa.config.provider.OtpBasedTwoFactorAuthProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.account.OtpBasedTwoFactorAuthAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.OtpBasedTwoFactorAuthProviderConfig;
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProvider;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java
index d6d99d03e8..9044762585 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java
@@ -21,10 +21,10 @@ import org.thingsboard.rule.engine.api.SmsService;
 import org.thingsboard.rule.engine.api.util.TbNodeUtils;
 import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.security.model.mfa.account.SmsTwoFactorAuthAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.SmsTwoFactorAuthProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
 import org.thingsboard.server.queue.util.TbCoreComponent;
-import org.thingsboard.server.service.security.auth.mfa.config.account.SmsTwoFactorAuthAccountConfig;
-import org.thingsboard.server.service.security.auth.mfa.config.provider.SmsTwoFactorAuthProviderConfig;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 import java.util.Map;
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFactorAuthProvider.java
index 83767ee3d8..9a30ea1fef 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFactorAuthProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFactorAuthProvider.java
@@ -24,11 +24,11 @@ import org.jboss.aerogear.security.otp.api.Base32;
 import org.springframework.stereotype.Service;
 import org.springframework.web.util.UriComponentsBuilder;
 import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
 import org.thingsboard.server.queue.util.TbCoreComponent;
-import org.thingsboard.server.service.security.auth.mfa.config.account.TotpTwoFactorAuthAccountConfig;
-import org.thingsboard.server.service.security.auth.mfa.config.provider.TotpTwoFactorAuthProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.account.TotpTwoFactorAuthAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TotpTwoFactorAuthProviderConfig;
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProvider;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 @Service
diff --git a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
index c164ff04b4..82607cf70b 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
@@ -54,7 +54,7 @@ import org.thingsboard.server.dao.exception.DataValidationException;
 import org.thingsboard.server.dao.settings.AdminSettingsService;
 import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.dao.user.UserServiceImpl;
-import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
+import org.thingsboard.server.common.data.security.model.mfa.TwoFactorAuthSettings;
 import org.thingsboard.server.service.security.auth.rest.RestAuthenticationDetails;
 import org.thingsboard.server.service.security.exception.UserPasswordExpiredException;
 import org.thingsboard.server.service.security.model.SecurityUser;
diff --git a/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java b/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
index 4c14e45ae6..90241f723b 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
@@ -23,7 +23,7 @@ import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.security.UserCredentials;
 import org.thingsboard.server.common.data.security.model.SecuritySettings;
 import org.thingsboard.server.dao.exception.DataValidationException;
-import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
+import org.thingsboard.server.common.data.security.model.mfa.TwoFactorAuthSettings;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
index 38ff2e0702..6e3f11160f 100644
--- a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
@@ -31,14 +31,14 @@ import org.thingsboard.rule.engine.api.SmsService;
 import org.thingsboard.server.common.data.CacheConstants;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
-import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
-import org.thingsboard.server.service.security.auth.mfa.config.account.SmsTwoFactorAuthAccountConfig;
-import org.thingsboard.server.service.security.auth.mfa.config.account.TotpTwoFactorAuthAccountConfig;
-import org.thingsboard.server.service.security.auth.mfa.config.account.TwoFactorAuthAccountConfig;
-import org.thingsboard.server.service.security.auth.mfa.config.provider.SmsTwoFactorAuthProviderConfig;
-import org.thingsboard.server.service.security.auth.mfa.config.provider.TotpTwoFactorAuthProviderConfig;
-import org.thingsboard.server.service.security.auth.mfa.config.provider.TwoFactorAuthProviderConfig;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.common.data.security.model.mfa.TwoFactorAuthSettings;
+import org.thingsboard.server.common.data.security.model.mfa.account.SmsTwoFactorAuthAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.account.TotpTwoFactorAuthAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.account.TwoFactorAuthAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.SmsTwoFactorAuthProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TotpTwoFactorAuthProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
 import org.thingsboard.server.service.security.auth.mfa.provider.impl.OtpBasedTwoFactorAuthProvider;
 import org.thingsboard.server.service.security.auth.mfa.provider.impl.TotpTwoFactorAuthProvider;
 
diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
index 09d1208df3..41ddd05c1b 100644
--- a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
@@ -40,13 +40,13 @@ import org.thingsboard.server.dao.audit.AuditLogService;
 import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
-import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthSettings;
-import org.thingsboard.server.service.security.auth.mfa.config.account.SmsTwoFactorAuthAccountConfig;
-import org.thingsboard.server.service.security.auth.mfa.config.account.TotpTwoFactorAuthAccountConfig;
-import org.thingsboard.server.service.security.auth.mfa.config.provider.SmsTwoFactorAuthProviderConfig;
-import org.thingsboard.server.service.security.auth.mfa.config.provider.TotpTwoFactorAuthProviderConfig;
-import org.thingsboard.server.service.security.auth.mfa.config.provider.TwoFactorAuthProviderConfig;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.common.data.security.model.mfa.TwoFactorAuthSettings;
+import org.thingsboard.server.common.data.security.model.mfa.account.SmsTwoFactorAuthAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.account.TotpTwoFactorAuthAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.SmsTwoFactorAuthProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TotpTwoFactorAuthProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
 import org.thingsboard.server.service.security.auth.rest.LoginRequest;
 import org.thingsboard.server.service.security.model.JwtTokenPair;
 
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/id/UserAuthSettingsId.java b/common/data/src/main/java/org/thingsboard/server/common/data/id/UserAuthSettingsId.java
new file mode 100644
index 0000000000..ae89bad915
--- /dev/null
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/id/UserAuthSettingsId.java
@@ -0,0 +1,26 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.common.data.id;
+
+import java.util.UUID;
+
+public class UserAuthSettingsId extends UUIDBased {
+
+    public UserAuthSettingsId(UUID id) {
+        super(id);
+    }
+
+}
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/UserAuthSettings.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/UserAuthSettings.java
new file mode 100644
index 0000000000..769f861435
--- /dev/null
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/UserAuthSettings.java
@@ -0,0 +1,34 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.common.data.security;
+
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import org.thingsboard.server.common.data.BaseData;
+import org.thingsboard.server.common.data.id.UserAuthSettingsId;
+import org.thingsboard.server.common.data.id.UserId;
+import org.thingsboard.server.common.data.security.model.mfa.account.TwoFactorAuthAccountConfig;
+
+@Data
+@EqualsAndHashCode(callSuper = true)
+public class UserAuthSettings extends BaseData<UserAuthSettingsId> {
+
+    private static final long serialVersionUID = 2628320657987010348L;
+
+    private UserId userId;
+    private TwoFactorAuthAccountConfig twoFaAccountConfig;
+
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/TwoFactorAuthSettings.java
similarity index 92%
rename from application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
rename to common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/TwoFactorAuthSettings.java
index a39cfd1e37..49d5b64b4b 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthSettings.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/TwoFactorAuthSettings.java
@@ -13,13 +13,13 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.thingsboard.server.service.security.auth.mfa.config;
+package org.thingsboard.server.common.data.security.model.mfa;
 
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
-import org.thingsboard.server.service.security.auth.mfa.config.provider.TwoFactorAuthProviderConfig;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderConfig;
 
 import javax.validation.Valid;
 import javax.validation.constraints.Min;
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/OtpBasedTwoFactorAuthAccountConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/OtpBasedTwoFactorAuthAccountConfig.java
similarity index 91%
rename from application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/OtpBasedTwoFactorAuthAccountConfig.java
rename to common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/OtpBasedTwoFactorAuthAccountConfig.java
index ef090c63b4..c58287556b 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/OtpBasedTwoFactorAuthAccountConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/OtpBasedTwoFactorAuthAccountConfig.java
@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.thingsboard.server.service.security.auth.mfa.config.account;
+package org.thingsboard.server.common.data.security.model.mfa.account;
 
 import lombok.Data;
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/SmsTwoFactorAuthAccountConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/SmsTwoFactorAuthAccountConfig.java
similarity index 89%
rename from application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/SmsTwoFactorAuthAccountConfig.java
rename to common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/SmsTwoFactorAuthAccountConfig.java
index ece6b780a4..2863f3f42e 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/SmsTwoFactorAuthAccountConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/SmsTwoFactorAuthAccountConfig.java
@@ -13,13 +13,13 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.thingsboard.server.service.security.auth.mfa.config.account;
+package org.thingsboard.server.common.data.security.model.mfa.account;
 
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
 
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.Pattern;
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TotpTwoFactorAuthAccountConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TotpTwoFactorAuthAccountConfig.java
similarity index 90%
rename from application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TotpTwoFactorAuthAccountConfig.java
rename to common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TotpTwoFactorAuthAccountConfig.java
index c67b1ee345..cc1171a713 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TotpTwoFactorAuthAccountConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TotpTwoFactorAuthAccountConfig.java
@@ -13,12 +13,12 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.thingsboard.server.service.security.auth.mfa.config.account;
+package org.thingsboard.server.common.data.security.model.mfa.account;
 
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
 
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.Pattern;
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TwoFactorAuthAccountConfig.java
similarity index 88%
rename from application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java
rename to common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TwoFactorAuthAccountConfig.java
index 31ee1e2807..fc1c9bc636 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TwoFactorAuthAccountConfig.java
@@ -13,14 +13,14 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.thingsboard.server.service.security.auth.mfa.config.account;
+package org.thingsboard.server.common.data.security.model.mfa.account;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonSubTypes;
 import com.fasterxml.jackson.annotation.JsonSubTypes.Type;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
 
 @JsonIgnoreProperties(ignoreUnknown = true)
 @JsonTypeInfo(
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/OtpBasedTwoFactorAuthProviderConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/OtpBasedTwoFactorAuthProviderConfig.java
similarity index 93%
rename from application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/OtpBasedTwoFactorAuthProviderConfig.java
rename to common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/OtpBasedTwoFactorAuthProviderConfig.java
index 6b4ef92cda..655816fcc6 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/OtpBasedTwoFactorAuthProviderConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/OtpBasedTwoFactorAuthProviderConfig.java
@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.thingsboard.server.service.security.auth.mfa.config.provider;
+package org.thingsboard.server.common.data.security.model.mfa.provider;
 
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/SmsTwoFactorAuthProviderConfig.java
similarity index 91%
rename from application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java
rename to common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/SmsTwoFactorAuthProviderConfig.java
index 88eca4cb2c..4096fe36f4 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/SmsTwoFactorAuthProviderConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/SmsTwoFactorAuthProviderConfig.java
@@ -13,13 +13,12 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.thingsboard.server.service.security.auth.mfa.config.provider;
+package org.thingsboard.server.common.data.security.model.mfa.provider;
 
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
 
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.Pattern;
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TotpTwoFactorAuthProviderConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TotpTwoFactorAuthProviderConfig.java
similarity index 88%
rename from application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TotpTwoFactorAuthProviderConfig.java
rename to common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TotpTwoFactorAuthProviderConfig.java
index 8c0c324ae0..df44a662ec 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TotpTwoFactorAuthProviderConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TotpTwoFactorAuthProviderConfig.java
@@ -13,12 +13,11 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.thingsboard.server.service.security.auth.mfa.config.provider;
+package org.thingsboard.server.common.data.security.model.mfa.provider;
 
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
 
 import javax.validation.constraints.NotBlank;
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TwoFactorAuthProviderConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFactorAuthProviderConfig.java
similarity index 88%
rename from application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TwoFactorAuthProviderConfig.java
rename to common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFactorAuthProviderConfig.java
index f912f43144..24458af562 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TwoFactorAuthProviderConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFactorAuthProviderConfig.java
@@ -13,14 +13,13 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.thingsboard.server.service.security.auth.mfa.config.provider;
+package org.thingsboard.server.common.data.security.model.mfa.provider;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonSubTypes;
 import com.fasterxml.jackson.annotation.JsonSubTypes.Type;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
 
 @JsonIgnoreProperties(ignoreUnknown = true)
 @JsonTypeInfo(
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProviderType.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFactorAuthProviderType.java
similarity index 90%
rename from application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProviderType.java
rename to common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFactorAuthProviderType.java
index 9a4a3672a7..04e4401395 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProviderType.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFactorAuthProviderType.java
@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.thingsboard.server.service.security.auth.mfa.provider;
+package org.thingsboard.server.common.data.security.model.mfa.provider;
 
 public enum TwoFactorAuthProviderType {
     TOTP,
diff --git a/dao/src/main/java/org/thingsboard/server/dao/model/ModelConstants.java b/dao/src/main/java/org/thingsboard/server/dao/model/ModelConstants.java
index 8f692d5a12..d054b2b051 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/model/ModelConstants.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/model/ModelConstants.java
@@ -559,6 +559,13 @@ public class ModelConstants {
 
     public static final String EDGE_EVENT_BY_ID_VIEW_NAME = "edge_event_by_id";
 
+    /**
+     * User auth settings constants.
+     * */
+    public static final String USER_AUTH_SETTINGS_COLUMN_FAMILY_NAME = "user_auth_settings";
+    public static final String USER_AUTH_SETTINGS_USER_ID_PROPERTY = USER_ID_PROPERTY;
+    public static final String USER_AUTH_SETTINGS_TWO_FA_ACCOUNT_CONFIG_PROPERTY = "mfa_account_config";
+
     /**
      * Cassandra attributes and timeseries constants.
      */
diff --git a/dao/src/main/java/org/thingsboard/server/dao/model/sql/UserAuthSettingsEntity.java b/dao/src/main/java/org/thingsboard/server/dao/model/sql/UserAuthSettingsEntity.java
new file mode 100644
index 0000000000..59c24c3405
--- /dev/null
+++ b/dao/src/main/java/org/thingsboard/server/dao/model/sql/UserAuthSettingsEntity.java
@@ -0,0 +1,80 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.dao.model.sql;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import lombok.NoArgsConstructor;
+import org.hibernate.annotations.Type;
+import org.hibernate.annotations.TypeDef;
+import org.thingsboard.common.util.JacksonUtil;
+import org.thingsboard.server.common.data.id.UserAuthSettingsId;
+import org.thingsboard.server.common.data.id.UserId;
+import org.thingsboard.server.common.data.security.UserAuthSettings;
+import org.thingsboard.server.common.data.security.model.mfa.account.TwoFactorAuthAccountConfig;
+import org.thingsboard.server.dao.model.BaseEntity;
+import org.thingsboard.server.dao.model.BaseSqlEntity;
+import org.thingsboard.server.dao.model.ModelConstants;
+import org.thingsboard.server.dao.util.mapping.JsonStringType;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.Table;
+import java.util.UUID;
+
+@EqualsAndHashCode(callSuper = true)
+@Data
+@NoArgsConstructor
+@TypeDef(name = "json", typeClass = JsonStringType.class)
+@Entity
+@Table(name = ModelConstants.USER_AUTH_SETTINGS_COLUMN_FAMILY_NAME) // FIXME [viacheslav]: add to upgrade script
+public class UserAuthSettingsEntity extends BaseSqlEntity<UserAuthSettings> implements BaseEntity<UserAuthSettings> {
+
+    @Column(name = ModelConstants.USER_AUTH_SETTINGS_USER_ID_PROPERTY, nullable = false, unique = true)
+    private UUID userId;
+    @Type(type = "json")
+    @Column(name = ModelConstants.USER_AUTH_SETTINGS_TWO_FA_ACCOUNT_CONFIG_PROPERTY)
+    private JsonNode twoFaAccountConfig;
+
+    public UserAuthSettingsEntity(UserAuthSettings userAuthSettings) {
+        if (userAuthSettings.getId() != null) {
+            this.setId(userAuthSettings.getId().getId());
+        }
+        this.setCreatedTime(userAuthSettings.getCreatedTime());
+        if (userAuthSettings.getUserId() != null) {
+            this.userId = userAuthSettings.getUserId().getId();
+        }
+        if (userAuthSettings.getTwoFaAccountConfig() != null) {
+            this.twoFaAccountConfig = JacksonUtil.valueToTree(userAuthSettings.getTwoFaAccountConfig());
+        }
+    }
+
+    @Override
+    public UserAuthSettings toData() {
+        UserAuthSettings userAuthSettings = new UserAuthSettings();
+        userAuthSettings.setId(new UserAuthSettingsId(id));
+        userAuthSettings.setCreatedTime(createdTime);
+        if (userId != null) {
+            userAuthSettings.setUserId(new UserId(userId));
+        }
+        if (twoFaAccountConfig != null) {
+            userAuthSettings.setTwoFaAccountConfig(JacksonUtil.treeToValue(twoFaAccountConfig, TwoFactorAuthAccountConfig.class));
+        }
+        return userAuthSettings;
+    }
+
+}
diff --git a/dao/src/main/java/org/thingsboard/server/dao/sql/user/JpaUserAuthSettingsDao.java b/dao/src/main/java/org/thingsboard/server/dao/sql/user/JpaUserAuthSettingsDao.java
new file mode 100644
index 0000000000..55cc195f6b
--- /dev/null
+++ b/dao/src/main/java/org/thingsboard/server/dao/sql/user/JpaUserAuthSettingsDao.java
@@ -0,0 +1,56 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.dao.sql.user;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Component;
+import org.thingsboard.server.common.data.id.UserId;
+import org.thingsboard.server.common.data.security.UserAuthSettings;
+import org.thingsboard.server.dao.DaoUtil;
+import org.thingsboard.server.dao.model.sql.UserAuthSettingsEntity;
+import org.thingsboard.server.dao.sql.JpaAbstractDao;
+import org.thingsboard.server.dao.user.UserAuthSettingsDao;
+
+import java.util.UUID;
+
+@Component
+@RequiredArgsConstructor
+public class JpaUserAuthSettingsDao extends JpaAbstractDao<UserAuthSettingsEntity, UserAuthSettings> implements UserAuthSettingsDao {
+
+    private final UserAuthSettingsRepository repository;
+
+    @Override
+    public UserAuthSettings findByUserId(UserId userId) {
+        return DaoUtil.getData(repository.findByUserId(userId.getId()));
+    }
+
+    @Override
+    public void removeByUserId(UserId userId) {
+        repository.deleteByUserId(userId.getId());
+    }
+
+    @Override
+    protected Class<UserAuthSettingsEntity> getEntityClass() {
+        return UserAuthSettingsEntity.class;
+    }
+
+    @Override
+    protected JpaRepository<UserAuthSettingsEntity, UUID> getRepository() {
+        return repository;
+    }
+
+}
diff --git a/dao/src/main/java/org/thingsboard/server/dao/sql/user/UserAuthSettingsRepository.java b/dao/src/main/java/org/thingsboard/server/dao/sql/user/UserAuthSettingsRepository.java
new file mode 100644
index 0000000000..38642a0161
--- /dev/null
+++ b/dao/src/main/java/org/thingsboard/server/dao/sql/user/UserAuthSettingsRepository.java
@@ -0,0 +1,33 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.dao.sql.user;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Repository;
+import org.springframework.transaction.annotation.Transactional;
+import org.thingsboard.server.dao.model.sql.UserAuthSettingsEntity;
+
+import java.util.UUID;
+
+@Repository
+public interface UserAuthSettingsRepository extends JpaRepository<UserAuthSettingsEntity, UUID> {
+
+    UserAuthSettingsEntity findByUserId(UUID userId);
+
+    @Transactional
+    void deleteByUserId(UUID userId);
+
+}
diff --git a/dao/src/main/java/org/thingsboard/server/dao/user/UserAuthSettingsDao.java b/dao/src/main/java/org/thingsboard/server/dao/user/UserAuthSettingsDao.java
new file mode 100644
index 0000000000..50bc21d6f2
--- /dev/null
+++ b/dao/src/main/java/org/thingsboard/server/dao/user/UserAuthSettingsDao.java
@@ -0,0 +1,28 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.dao.user;
+
+import org.thingsboard.server.common.data.id.UserId;
+import org.thingsboard.server.common.data.security.UserAuthSettings;
+import org.thingsboard.server.dao.Dao;
+
+public interface UserAuthSettingsDao extends Dao<UserAuthSettings> {
+
+    UserAuthSettings findByUserId(UserId userId);
+
+    void removeByUserId(UserId userId);
+
+}
diff --git a/dao/src/main/java/org/thingsboard/server/dao/user/UserServiceImpl.java b/dao/src/main/java/org/thingsboard/server/dao/user/UserServiceImpl.java
index 218f604709..24b5dc837e 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/user/UserServiceImpl.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/user/UserServiceImpl.java
@@ -19,7 +19,6 @@ import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.node.ObjectNode;
 import com.google.common.util.concurrent.ListenableFuture;
-import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.springframework.beans.factory.annotation.Value;
@@ -69,17 +68,20 @@ public class UserServiceImpl extends AbstractEntityService implements UserServic
 
     private final UserDao userDao;
     private final UserCredentialsDao userCredentialsDao;
+    private final UserAuthSettingsDao userAuthSettingsDao;
     private final DataValidator<User> userValidator;
     private final DataValidator<UserCredentials> userCredentialsValidator;
     private final ApplicationEventPublisher eventPublisher;
 
     public UserServiceImpl(UserDao userDao,
                            UserCredentialsDao userCredentialsDao,
+                           UserAuthSettingsDao userAuthSettingsDao,
                            DataValidator<User> userValidator,
                            DataValidator<UserCredentials> userCredentialsValidator,
                            ApplicationEventPublisher eventPublisher) {
         this.userDao = userDao;
         this.userCredentialsDao = userCredentialsDao;
+        this.userAuthSettingsDao = userAuthSettingsDao;
         this.userValidator = userValidator;
         this.userCredentialsValidator = userCredentialsValidator;
         this.eventPublisher = eventPublisher;
@@ -216,6 +218,7 @@ public class UserServiceImpl extends AbstractEntityService implements UserServic
         validateId(userId, INCORRECT_USER_ID + userId);
         UserCredentials userCredentials = userCredentialsDao.findByUserId(tenantId, userId.getId());
         userCredentialsDao.removeById(tenantId, userCredentials.getUuidId());
+        userAuthSettingsDao.removeByUserId(userId);
         deleteEntityRelations(tenantId, userId);
         userDao.removeById(tenantId, userId.getId());
         eventPublisher.publishEvent(new UserAuthDataChangedEvent(userId));
diff --git a/dao/src/main/resources/sql/schema-entities.sql b/dao/src/main/resources/sql/schema-entities.sql
index 34bee652e2..da4bcc5bec 100644
--- a/dao/src/main/resources/sql/schema-entities.sql
+++ b/dao/src/main/resources/sql/schema-entities.sql
@@ -694,3 +694,11 @@ BEGIN
     deleted := ttl_deleted_count;
 END
 $$;
+
+
+CREATE TABLE IF NOT EXISTS user_auth_settings (
+    id uuid NOT NULL CONSTRAINT user_auth_settings_pkey PRIMARY KEY,
+    created_time bigint NOT NULL,
+    user_id uuid UNIQUE NOT NULL CONSTRAINT fk_user_auth_settings_user_id REFERENCES tb_user(id),
+    mfa_account_config varchar
+);

From b58be41083444b68afd45c86a17e60100ad06999 Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Wed, 30 Mar 2022 10:44:21 +0300
Subject: [PATCH 22/92] Tests for JwtTokenFactory

---
 .../security/auth/JwtTokenFactoryTest.java    | 165 ++++++++++++++++++
 1 file changed, 165 insertions(+)
 create mode 100644 application/src/test/java/org/thingsboard/server/service/security/auth/JwtTokenFactoryTest.java

diff --git a/application/src/test/java/org/thingsboard/server/service/security/auth/JwtTokenFactoryTest.java b/application/src/test/java/org/thingsboard/server/service/security/auth/JwtTokenFactoryTest.java
new file mode 100644
index 0000000000..f865c9b5e0
--- /dev/null
+++ b/application/src/test/java/org/thingsboard/server/service/security/auth/JwtTokenFactoryTest.java
@@ -0,0 +1,165 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth;
+
+import io.jsonwebtoken.Claims;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.thingsboard.server.common.data.id.CustomerId;
+import org.thingsboard.server.common.data.id.TenantId;
+import org.thingsboard.server.common.data.id.UserId;
+import org.thingsboard.server.common.data.security.Authority;
+import org.thingsboard.server.common.data.security.model.JwtToken;
+import org.thingsboard.server.config.JwtSettings;
+import org.thingsboard.server.service.security.model.SecurityUser;
+import org.thingsboard.server.service.security.model.UserPrincipal;
+import org.thingsboard.server.service.security.model.token.AccessJwtToken;
+import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
+import org.thingsboard.server.service.security.model.token.RawAccessJwtToken;
+
+import java.util.Calendar;
+import java.util.Date;
+import java.util.UUID;
+import java.util.concurrent.TimeUnit;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class JwtTokenFactoryTest {
+
+    private static JwtTokenFactory tokenFactory;
+    private static JwtSettings jwtSettings;
+
+    @BeforeClass
+    public static void beforeAll() {
+        jwtSettings = new JwtSettings();
+        jwtSettings.setTokenIssuer("tb");
+        jwtSettings.setTokenSigningKey("abewafaf");
+        jwtSettings.setTokenExpirationTime((int) TimeUnit.HOURS.toSeconds(2));
+        jwtSettings.setRefreshTokenExpTime((int) TimeUnit.DAYS.toSeconds(7));
+
+        tokenFactory = new JwtTokenFactory(jwtSettings);
+    }
+
+    @Test
+    public void testCreateAndParseAccessJwtToken() {
+        SecurityUser securityUser = new SecurityUser();
+        securityUser.setId(new UserId(UUID.randomUUID()));
+        securityUser.setEmail("tenant@thingsboard.org");
+        securityUser.setAuthority(Authority.TENANT_ADMIN);
+        securityUser.setTenantId(new TenantId(UUID.randomUUID()));
+        securityUser.setEnabled(true);
+        securityUser.setFirstName("A");
+        securityUser.setLastName("B");
+        securityUser.setUserPrincipal(new UserPrincipal(UserPrincipal.Type.USER_NAME, securityUser.getEmail()));
+        securityUser.setCustomerId(new CustomerId(UUID.randomUUID()));
+
+        testCreateAndParseAccessJwtToken(securityUser);
+
+        securityUser = new SecurityUser(securityUser, true, new UserPrincipal(UserPrincipal.Type.PUBLIC_ID, securityUser.getEmail()));
+        securityUser.setFirstName(null);
+        securityUser.setLastName(null);
+        securityUser.setCustomerId(null);
+
+        testCreateAndParseAccessJwtToken(securityUser);
+    }
+
+    public void testCreateAndParseAccessJwtToken(SecurityUser securityUser) {
+        AccessJwtToken accessToken = tokenFactory.createAccessJwtToken(securityUser);
+        checkExpirationTime(accessToken, jwtSettings.getTokenExpirationTime());
+
+        SecurityUser parsedSecurityUser = tokenFactory.parseAccessJwtToken(new RawAccessJwtToken(accessToken.getToken()));
+        assertThat(parsedSecurityUser.getId()).isEqualTo(securityUser.getId());
+        assertThat(parsedSecurityUser.getEmail()).isEqualTo(securityUser.getEmail());
+        assertThat(parsedSecurityUser.getUserPrincipal()).matches(userPrincipal -> {
+            return userPrincipal.getType().equals(securityUser.getUserPrincipal().getType())
+                    && userPrincipal.getValue().equals(securityUser.getUserPrincipal().getValue());
+        });
+        assertThat(parsedSecurityUser.getAuthorities()).isEqualTo(securityUser.getAuthorities());
+        assertThat(parsedSecurityUser.isEnabled()).isEqualTo(securityUser.isEnabled());
+        assertThat(parsedSecurityUser.getTenantId()).isEqualTo(securityUser.getTenantId());
+        assertThat(parsedSecurityUser.getCustomerId()).isEqualTo(securityUser.getCustomerId());
+        assertThat(parsedSecurityUser.getFirstName()).isEqualTo(securityUser.getFirstName());
+        assertThat(parsedSecurityUser.getLastName()).isEqualTo(securityUser.getLastName());
+    }
+
+    @Test
+    public void testCreateAndParseRefreshJwtToken() {
+        SecurityUser securityUser = new SecurityUser();
+        securityUser.setId(new UserId(UUID.randomUUID()));
+        securityUser.setEmail("tenant@thingsboard.org");
+        securityUser.setAuthority(Authority.TENANT_ADMIN);
+        securityUser.setUserPrincipal(new UserPrincipal(UserPrincipal.Type.USER_NAME, securityUser.getEmail()));
+        securityUser.setEnabled(true);
+        securityUser.setTenantId(new TenantId(UUID.randomUUID()));
+        securityUser.setCustomerId(new CustomerId(UUID.randomUUID()));
+
+        JwtToken refreshToken = tokenFactory.createRefreshToken(securityUser);
+        checkExpirationTime(refreshToken, jwtSettings.getRefreshTokenExpTime());
+
+        SecurityUser parsedSecurityUser = tokenFactory.parseRefreshToken(new RawAccessJwtToken(refreshToken.getToken()));
+        assertThat(parsedSecurityUser.getId()).isEqualTo(securityUser.getId());
+        assertThat(parsedSecurityUser.getUserPrincipal()).matches(userPrincipal -> {
+            return userPrincipal.getType().equals(securityUser.getUserPrincipal().getType())
+                    && userPrincipal.getValue().equals(securityUser.getUserPrincipal().getValue());
+        });
+        assertThat(parsedSecurityUser.getAuthority()).isNull();
+    }
+
+    @Test
+    public void testCreateAndParsePreVerificationJwtToken() {
+        SecurityUser securityUser = new SecurityUser();
+        securityUser.setId(new UserId(UUID.randomUUID()));
+        securityUser.setEmail("tenant@thingsboard.org");
+        securityUser.setAuthority(Authority.TENANT_ADMIN);
+        securityUser.setUserPrincipal(new UserPrincipal(UserPrincipal.Type.USER_NAME, securityUser.getEmail()));
+        securityUser.setEnabled(true);
+        securityUser.setTenantId(new TenantId(UUID.randomUUID()));
+        securityUser.setCustomerId(new CustomerId(UUID.randomUUID()));
+
+        int tokenLifetime = (int) TimeUnit.MINUTES.toSeconds(30);
+        JwtToken preVerificationToken = tokenFactory.createPreVerificationToken(securityUser, tokenLifetime);
+        checkExpirationTime(preVerificationToken, tokenLifetime);
+
+        SecurityUser parsedSecurityUser = tokenFactory.parseAccessJwtToken(new RawAccessJwtToken(preVerificationToken.getToken()));
+        assertThat(parsedSecurityUser.getId()).isEqualTo(securityUser.getId());
+        assertThat(parsedSecurityUser.getAuthority()).isEqualTo(Authority.PRE_VERIFICATION_TOKEN);
+        assertThat(parsedSecurityUser.getTenantId()).isEqualTo(securityUser.getTenantId());
+        assertThat(parsedSecurityUser.getCustomerId()).isEqualTo(securityUser.getCustomerId());
+        assertThat(parsedSecurityUser.getUserPrincipal()).matches(userPrincipal -> {
+            return userPrincipal.getType() == UserPrincipal.Type.USER_NAME
+                    && userPrincipal.getValue().equals(securityUser.getUserPrincipal().getValue());
+        });
+    }
+
+    private void checkExpirationTime(JwtToken jwtToken, int tokenLifetime) {
+        Claims claims = tokenFactory.parseTokenClaims(jwtToken).getBody();
+        assertThat(claims.getExpiration()).matches(actualExpirationTime -> {
+            Calendar expirationTime = Calendar.getInstance();
+            expirationTime.setTime(new Date());
+            expirationTime.add(Calendar.SECOND, tokenLifetime);
+            if (actualExpirationTime.equals(expirationTime.getTime())) {
+                return true;
+            } else if (actualExpirationTime.before(expirationTime.getTime())) {
+                int gap = 2;
+                expirationTime.add(Calendar.SECOND, -gap);
+                return actualExpirationTime.after(expirationTime.getTime());
+            } else {
+                return false;
+            }
+        });
+    }
+
+}

From de16eca0a5fa7a401b39886ecd31f93de2f80ada Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Wed, 30 Mar 2022 10:48:56 +0300
Subject: [PATCH 23/92] Fix RateLimitsTest

---
 .../server/common/msg/tools/RateLimitsTest.java  | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/common/message/src/test/java/org/thingsboard/server/common/msg/tools/RateLimitsTest.java b/common/message/src/test/java/org/thingsboard/server/common/msg/tools/RateLimitsTest.java
index d4cc408558..3878d64ec9 100644
--- a/common/message/src/test/java/org/thingsboard/server/common/msg/tools/RateLimitsTest.java
+++ b/common/message/src/test/java/org/thingsboard/server/common/msg/tools/RateLimitsTest.java
@@ -26,11 +26,9 @@ public class RateLimitsTest {
 
     @Test
     public void testRateLimits_greedyRefill() {
-        for (int period = 1; period <= 5; period++) {
-            for (int capacity = 1; capacity <= 5; capacity++) {
-                testRateLimitWithGreedyRefill(capacity, period);
-            }
-        }
+        testRateLimitWithGreedyRefill(3, 10);
+        testRateLimitWithGreedyRefill(3, 3);
+        testRateLimitWithGreedyRefill(4, 2);
     }
 
     private void testRateLimitWithGreedyRefill(int capacity, int period) {
@@ -56,11 +54,9 @@ public class RateLimitsTest {
 
     @Test
     public void testRateLimits_intervalRefill() {
-        for (int period = 1; period <= 3; period++) {
-            for (int capacity = 1; capacity <= 3; capacity++) {
-                testRateLimitWithIntervalRefill(capacity, period);
-            }
-        }
+        testRateLimitWithIntervalRefill(10, 5);
+        testRateLimitWithIntervalRefill(3, 3);
+        testRateLimitWithIntervalRefill(4, 2);
     }
 
     private void testRateLimitWithIntervalRefill(int capacity, int period) {

From 8eb68ff7a6bd154985eac32a9e60418a061b3245 Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Wed, 30 Mar 2022 10:50:57 +0300
Subject: [PATCH 24/92] Revert changes to UserCredentials

---
 .../server/common/data/security/UserCredentials.java  |  9 ++-------
 .../server/dao/model/sql/UserCredentialsEntity.java   | 11 -----------
 dao/src/main/resources/sql/schema-entities.sql        |  3 +--
 3 files changed, 3 insertions(+), 20 deletions(-)

diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/UserCredentials.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/UserCredentials.java
index 9f8dab575b..3816d27131 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/UserCredentials.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/UserCredentials.java
@@ -16,12 +16,12 @@
 package org.thingsboard.server.common.data.security;
 
 import lombok.EqualsAndHashCode;
-import org.thingsboard.server.common.data.SearchTextBasedWithAdditionalInfo;
+import org.thingsboard.server.common.data.BaseData;
 import org.thingsboard.server.common.data.id.UserCredentialsId;
 import org.thingsboard.server.common.data.id.UserId;
 
 @EqualsAndHashCode(callSuper = true)
-public class UserCredentials extends SearchTextBasedWithAdditionalInfo<UserCredentialsId> {
+public class UserCredentials extends BaseData<UserCredentialsId> {
 
     private static final long serialVersionUID = -2108436378880529163L;
 
@@ -87,11 +87,6 @@ public class UserCredentials extends SearchTextBasedWithAdditionalInfo<UserCrede
     public void setResetToken(String resetToken) {
         this.resetToken = resetToken;
     }
-    
-    @Override
-    public String getSearchText() {
-        return null;
-    }
 
     @Override
     public String toString() {
diff --git a/dao/src/main/java/org/thingsboard/server/dao/model/sql/UserCredentialsEntity.java b/dao/src/main/java/org/thingsboard/server/dao/model/sql/UserCredentialsEntity.java
index 211977122a..4379af14e7 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/model/sql/UserCredentialsEntity.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/model/sql/UserCredentialsEntity.java
@@ -15,18 +15,14 @@
  */
 package org.thingsboard.server.dao.model.sql;
 
-import com.fasterxml.jackson.databind.JsonNode;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
-import org.hibernate.annotations.Type;
-import org.hibernate.annotations.TypeDef;
 import org.thingsboard.server.common.data.id.UserCredentialsId;
 import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.security.UserCredentials;
 import org.thingsboard.server.dao.model.BaseEntity;
 import org.thingsboard.server.dao.model.BaseSqlEntity;
 import org.thingsboard.server.dao.model.ModelConstants;
-import org.thingsboard.server.dao.util.mapping.JsonStringType;
 
 import javax.persistence.Column;
 import javax.persistence.Entity;
@@ -35,7 +31,6 @@ import java.util.UUID;
 
 @Data
 @EqualsAndHashCode(callSuper = true)
-@TypeDef(name = "json", typeClass = JsonStringType.class)
 @Entity
 @Table(name = ModelConstants.USER_CREDENTIALS_COLUMN_FAMILY_NAME)
 public final class UserCredentialsEntity extends BaseSqlEntity<UserCredentials> implements BaseEntity<UserCredentials> {
@@ -55,10 +50,6 @@ public final class UserCredentialsEntity extends BaseSqlEntity<UserCredentials>
     @Column(name = ModelConstants.USER_CREDENTIALS_RESET_TOKEN_PROPERTY, unique = true)
     private String resetToken;
 
-    @Type(type = "json")
-    @Column(name = ModelConstants.ADDITIONAL_INFO_PROPERTY)
-    private JsonNode additionalInfo;
-
     public UserCredentialsEntity() {
         super();
     }
@@ -75,7 +66,6 @@ public final class UserCredentialsEntity extends BaseSqlEntity<UserCredentials>
         this.password = userCredentials.getPassword();
         this.activateToken = userCredentials.getActivateToken();
         this.resetToken = userCredentials.getResetToken();
-        this.additionalInfo = userCredentials.getAdditionalInfo();
     }
 
     @Override
@@ -89,7 +79,6 @@ public final class UserCredentialsEntity extends BaseSqlEntity<UserCredentials>
         userCredentials.setPassword(password);
         userCredentials.setActivateToken(activateToken);
         userCredentials.setResetToken(resetToken);
-        userCredentials.setAdditionalInfo(additionalInfo);
         return userCredentials;
     }
 
diff --git a/dao/src/main/resources/sql/schema-entities.sql b/dao/src/main/resources/sql/schema-entities.sql
index da4bcc5bec..8ee0854ae9 100644
--- a/dao/src/main/resources/sql/schema-entities.sql
+++ b/dao/src/main/resources/sql/schema-entities.sql
@@ -370,8 +370,7 @@ CREATE TABLE IF NOT EXISTS user_credentials (
     enabled boolean,
     password varchar(255),
     reset_token varchar(255) UNIQUE,
-    user_id uuid UNIQUE,
-    additional_info varchar
+    user_id uuid UNIQUE
 );
 
 CREATE TABLE IF NOT EXISTS widget_type (

From 2cb6b6d425110f48da8a9971fb289adb96cbee6d Mon Sep 17 00:00:00 2001
From: Vladyslav Prykhodko <vlad.pryhodko@icloud.com>
Date: Thu, 28 Apr 2022 23:03:37 +0300
Subject: [PATCH 25/92] UI: Add page setting fb2

---
 .../http/two-factor-authentication.service.ts |  25 +++
 ui-ngx/src/app/core/services/menu.service.ts  |  16 +-
 .../home/pages/admin/admin-routing.module.ts  |  15 ++
 .../modules/home/pages/admin/admin.module.ts  |   4 +-
 .../two-factor-auth-settings.component.html   | 142 ++++++++++++++++
 .../two-factor-auth-settings.component.scss   |   0
 .../two-factor-auth-settings.component.ts     | 155 ++++++++++++++++++
 .../shared/models/two-factor-auth.models.ts   |  30 ++++
 .../assets/locale/locale.constant-en_US.json  |  16 ++
 9 files changed, 401 insertions(+), 2 deletions(-)
 create mode 100644 ui-ngx/src/app/core/http/two-factor-authentication.service.ts
 create mode 100644 ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
 create mode 100644 ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss
 create mode 100644 ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
 create mode 100644 ui-ngx/src/app/shared/models/two-factor-auth.models.ts

diff --git a/ui-ngx/src/app/core/http/two-factor-authentication.service.ts b/ui-ngx/src/app/core/http/two-factor-authentication.service.ts
new file mode 100644
index 0000000000..d608d3b362
--- /dev/null
+++ b/ui-ngx/src/app/core/http/two-factor-authentication.service.ts
@@ -0,0 +1,25 @@
+import { Injectable } from '@angular/core';
+import { HttpClient } from '@angular/common/http';
+import { defaultHttpOptionsFromConfig, RequestConfig } from '@core/http/http-utils';
+import { Observable } from 'rxjs';
+import { TwoFactorAuthSettings } from '@shared/models/two-factor-auth.models';
+
+@Injectable({
+  providedIn: 'root'
+})
+export class TwoFactorAuthenticationService {
+
+  constructor(
+    private http: HttpClient
+  ) {
+  }
+
+  getTwoFaSettings(config?: RequestConfig): Observable<TwoFactorAuthSettings> {
+    return this.http.get<TwoFactorAuthSettings>(`/api/2fa/settings`, defaultHttpOptionsFromConfig(config));
+  }
+
+  saveTwoFaSettings(settings: TwoFactorAuthSettings, config?: RequestConfig): Observable<TwoFactorAuthSettings> {
+    return this.http.post<TwoFactorAuthSettings>(`/api/2fa/settings`, settings, defaultHttpOptionsFromConfig(config));
+  }
+
+}
diff --git a/ui-ngx/src/app/core/services/menu.service.ts b/ui-ngx/src/app/core/services/menu.service.ts
index 4a52fc66f6..294513c782 100644
--- a/ui-ngx/src/app/core/services/menu.service.ts
+++ b/ui-ngx/src/app/core/services/menu.service.ts
@@ -108,7 +108,7 @@ export class MenuService {
         name: 'admin.system-settings',
         type: 'toggle',
         path: '/settings',
-        height: '240px',
+        height: '280px',
         icon: 'settings',
         pages: [
           {
@@ -146,6 +146,14 @@ export class MenuService {
             path: '/settings/oauth2',
             icon: 'security'
           },
+          {
+            id: guid(),
+            name: 'admin.2fa.2fa',
+            type: 'link',
+            path: '/settings/2fa',
+            icon: 'mdi:two-factor-authentication',
+            isMdiIcon: true
+          },
           {
             id: guid(),
             name: 'resource.resources-library',
@@ -216,6 +224,12 @@ export class MenuService {
             icon: 'security',
             path: '/settings/oauth2'
           },
+          {
+            name: 'admin.2fa.2fa',
+            icon: 'mdi:two-factor-authentication',
+            isMdiIcon: true,
+            path: '/settings/2fa'
+          },
           {
             name: 'resource.resources-library',
             icon: 'folder',
diff --git a/ui-ngx/src/app/modules/home/pages/admin/admin-routing.module.ts b/ui-ngx/src/app/modules/home/pages/admin/admin-routing.module.ts
index ddccbb4da4..e63eec7b52 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/admin-routing.module.ts
+++ b/ui-ngx/src/app/modules/home/pages/admin/admin-routing.module.ts
@@ -32,6 +32,7 @@ import { ResourcesLibraryTableConfigResolver } from '@home/pages/admin/resource/
 import { EntityDetailsPageComponent } from '@home/components/entity/entity-details-page.component';
 import { entityDetailsPageBreadcrumbLabelFunction } from '@home/pages/home-pages.models';
 import { BreadCrumbConfig } from '@shared/components/breadcrumb';
+import { TwoFactorAuthSettingsComponent } from '@home/pages/admin/two-factor-auth-settings.component';
 
 @Injectable()
 export class OAuth2LoginProcessingUrlResolver implements Resolve<string> {
@@ -183,6 +184,20 @@ const routes: Routes = [
             }
           }
         ]
+      },
+      {
+        path: '2fa',
+        component: TwoFactorAuthSettingsComponent,
+        canDeactivate: [ConfirmOnExitGuard],
+        data: {
+          auth: [Authority.SYS_ADMIN, Authority.TENANT_ADMIN],
+          title: 'admin.2fa.2fa',
+          breadcrumb: {
+            label: 'admin.2fa.2fa',
+            icon: 'mdi:two-factor-authentication',
+            isMdiIcon: true
+          }
+        }
       }
     ]
   }
diff --git a/ui-ngx/src/app/modules/home/pages/admin/admin.module.ts b/ui-ngx/src/app/modules/home/pages/admin/admin.module.ts
index 326b16f950..37214d7ce5 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/admin.module.ts
+++ b/ui-ngx/src/app/modules/home/pages/admin/admin.module.ts
@@ -28,6 +28,7 @@ import { SmsProviderComponent } from '@home/pages/admin/sms-provider.component';
 import { SendTestSmsDialogComponent } from '@home/pages/admin/send-test-sms-dialog.component';
 import { HomeSettingsComponent } from '@home/pages/admin/home-settings.component';
 import { ResourcesLibraryComponent } from '@home/pages/admin/resource/resources-library.component';
+import { TwoFactorAuthSettingsComponent } from '@home/pages/admin/two-factor-auth-settings.component';
 
 @NgModule({
   declarations:
@@ -39,7 +40,8 @@ import { ResourcesLibraryComponent } from '@home/pages/admin/resource/resources-
       SecuritySettingsComponent,
       OAuth2SettingsComponent,
       HomeSettingsComponent,
-      ResourcesLibraryComponent
+      ResourcesLibraryComponent,
+      TwoFactorAuthSettingsComponent
     ],
   imports: [
     CommonModule,
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
new file mode 100644
index 0000000000..9a507e45f2
--- /dev/null
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
@@ -0,0 +1,142 @@
+<div>
+  <mat-card class="settings-card">
+    <mat-card-title>
+      <div fxLayout="row">
+        <span class="mat-headline" translate>admin.2fa.2fa</span>
+        <span fxFlex></span>
+<!--        <div tb-help="twoFactorAuthSettings"></div>-->
+      </div>
+    </mat-card-title>
+    <mat-progress-bar color="warn" mode="indeterminate" *ngIf="isLoading$ | async">
+    </mat-progress-bar>
+    <div style="height: 4px;" *ngIf="!(isLoading$ | async)"></div>
+    <mat-card-content style="padding-top: 16px;">
+      <form [formGroup]="twoFaFormGroup" (ngSubmit)="save()" fxLayout="column">
+        <mat-checkbox *ngIf="isTenantAdmin()" formControlName="useSystemTwoFactorAuthSettings" style="padding-bottom: 16px;">
+          {{ 'admin.2fa.use-system-two-factor-auth-settings' | translate }}
+        </mat-checkbox>
+        <ng-container *ngIf="!isTenantAdmin() || twoFaFormGroup.get('useSystemTwoFactorAuthSettings').value">
+          <mat-form-field>
+            <mat-label translate>admin.2fa.total-allowed-time-for-verification</mat-label>
+            <input matInput required formControlName="totalAllowedTimeForVerification" type="number" step="1" min="1">
+            <mat-error *ngIf="twoFaFormGroup.get('totalAllowedTimeForVerification').hasError('required')">
+              {{ 'admin.2fa.total-allowed-time-for-verification-required' | translate }}
+            </mat-error>
+            <mat-error *ngIf="twoFaFormGroup.get('totalAllowedTimeForVerification').hasError('pattern')
+                || twoFaFormGroup.get('totalAllowedTimeForVerification').hasError('min')">
+              {{ 'admin.2fa.total-allowed-time-for-verification-pattern' | translate }}
+            </mat-error>
+          </mat-form-field>
+          <mat-form-field>
+            <mat-label translate>admin.2fa.max-verification-failures-before-user-lockout</mat-label>
+            <input matInput required formControlName="maxVerificationFailuresBeforeUserLockout" type="number" step="1" min="0" max="65535">
+            <mat-error *ngIf="twoFaFormGroup.get('maxVerificationFailuresBeforeUserLockout').hasError('required')">
+              {{ 'admin.2fa.max-verification-failures-before-user-lockout-required' | translate }}
+            </mat-error>
+            <mat-error *ngIf="twoFaFormGroup.get('maxVerificationFailuresBeforeUserLockout').hasError('pattern')
+                || twoFaFormGroup.get('maxVerificationFailuresBeforeUserLockout').hasError('min')
+                || twoFaFormGroup.get('maxVerificationFailuresBeforeUserLockout').hasError('max')">
+              {{ 'admin.2fa.max-verification-failures-before-user-lockout-pattern' | translate }}
+            </mat-error>
+          </mat-form-field>
+          <mat-form-field>
+            <mat-label translate>admin.2fa.verification-code-send-rate-limit</mat-label>
+            <input matInput formControlName="verificationCodeSendRateLimit">
+            <mat-hint translate>admin.2fa.verification-code-send-rate-limit-hint</mat-hint>
+            <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimit').hasError('pattern')">
+              {{ 'admin.2fa.verification-code-send-rate-limit-pattern' | translate }}
+            </mat-error>
+          </mat-form-field>
+          <mat-form-field>
+            <mat-label translate>admin.2fa.verification-code-check-rate-limit</mat-label>
+            <input matInput formControlName="verificationCodeCheckRateLimit">
+            <mat-hint translate>admin.2fa.verification-code-check-rate-limit-hint</mat-hint>
+            <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimit').hasError('pattern')">
+              {{ 'admin.2fa.verification-code-check-rate-limit-pattern' | translate }}
+            </mat-error>
+          </mat-form-field>
+          <div class="mat-h3">Providers</div>
+          <ng-container formArrayName="providers">
+            <div class="container">
+              <mat-expansion-panel *ngFor="let provider of providersForm.controls; let j = index; trackBy: trackByParams"
+                                   class="registration-card mat-elevation-z0">
+                <mat-expansion-panel-header>
+                  <mat-panel-title fxLayoutAlign="start center">
+                    {{ provider.value.providerType }}
+                  </mat-panel-title>
+                  <mat-panel-description fxLayoutAlign="end center">
+                    <button mat-icon-button
+                            type="button"
+                            [disabled]="providersForm.controls.length < 2"
+                            (click)="removeProviders($event, j)"
+                            matTooltip="{{ 'admin.oauth2.delete-provider' | translate }}"
+                            matTooltipPosition="above">
+                      <mat-icon>delete</mat-icon>
+                    </button>
+                  </mat-panel-description>
+                </mat-expansion-panel-header>
+
+                <ng-template matExpansionPanelContent>
+                  <section [formGroupName]="j">
+                    <div fxLayout="row" fxLayout.xs="column" fxLayoutGap.gt-xs="8px">
+                      <section fxFlex formGroupName="additionalInfo" fxLayout="row">
+                        <mat-form-field fxFlex class="mat-block">
+                          <mat-label translate>admin.oauth2.login-provider</mat-label>
+                          <mat-select formControlName="providerName">
+                            <mat-option *ngFor="let provider of templateProvider" [value]="provider">
+                              {{ provider }}
+                            </mat-option>
+                          </mat-select>
+                        </mat-form-field>
+                      </section>
+                      <mat-form-field floatLabel="always" fxFlex class="mat-block">
+                        <mat-label translate>admin.oauth2.allowed-platforms</mat-label>
+                        <mat-select formControlName="platforms" multiple placeholder="{{ 'admin.oauth2.all-platforms' | translate }}">
+                          <mat-option *ngFor="let platform of platformTypes" [value]="platform">
+                            {{ platformTypeTranslations.get(platform) | translate }}
+                          </mat-option>
+                        </mat-select>
+                      </mat-form-field>
+                    </div>
+                    <div fxLayout="row" fxLayout.xs="column" fxLayoutGap.gt-xs="8px">
+                      <mat-form-field fxFlex class="mat-block">
+                        <mat-label translate>admin.oauth2.client-id</mat-label>
+                        <input matInput formControlName="clientId" required>
+                        <mat-error *ngIf="registration.get('clientId').hasError('required')">
+                          {{ 'admin.oauth2.client-id-required' | translate }}
+                        </mat-error>
+                        <mat-error *ngIf="registration.get('clientId').hasError('maxlength')">
+                          {{ 'admin.oauth2.client-id-max-length' | translate }}
+                        </mat-error>
+                      </mat-form-field>
+
+                      <mat-form-field fxFlex class="mat-block">
+                        <mat-label translate>admin.oauth2.client-secret</mat-label>
+                        <input matInput formControlName="clientSecret" required>
+                        <mat-error *ngIf="registration.get('clientSecret').hasError('required')">
+                          {{ 'admin.oauth2.client-secret-required' | translate }}
+                        </mat-error>
+                        <mat-error *ngIf="registration.get('clientSecret').hasError('maxlength')">
+                          {{ 'admin.oauth2.client-secret-max-length' | translate }}
+                        </mat-error>
+                      </mat-form-field>
+                    </div>
+
+                  </section>
+                </ng-template>
+              </mat-expansion-panel>
+            </div>
+          </ng-container>
+
+        </ng-container>
+        <div fxLayout="row" fxLayoutAlign="end center" fxLayoutGap="8px">
+          <button mat-button mat-raised-button color="primary"
+                  [disabled]="(isLoading$ | async) || twoFaFormGroup.invalid || !twoFaFormGroup.dirty"
+                  type="submit">
+            {{'action.save' | translate}}
+          </button>
+        </div>
+      </form>
+    </mat-card-content>
+  </mat-card>
+</div>
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
new file mode 100644
index 0000000000..1995605786
--- /dev/null
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
@@ -0,0 +1,155 @@
+import { Component, Inject, OnDestroy, OnInit } from '@angular/core';
+import { PageComponent } from '@shared/components/page.component';
+import { HasConfirmForm } from '@core/guards/confirm-on-exit.guard';
+import { Store } from '@ngrx/store';
+import { AppState } from '@core/core.state';
+import { ActivatedRoute } from '@angular/router';
+import { AbstractControl, FormArray, FormBuilder, FormGroup, Validators } from '@angular/forms';
+import { DialogService } from '@core/services/dialog.service';
+import { TranslateService } from '@ngx-translate/core';
+import { WINDOW } from '@core/services/window.service';
+import { TwoFactorAuthenticationService } from '@core/http/two-factor-authentication.service';
+import { AuthState } from '@core/auth/auth.models';
+import { getCurrentAuthState } from '@core/auth/auth.selectors';
+import { Authority } from '@shared/models/authority.enum';
+import {
+  TwoFactorAuthProviderType,
+  TwoFactorAuthSettings,
+  TwoFactorAuthSettingsForm
+} from '@shared/models/two-factor-auth.models';
+
+@Component({
+  selector: 'tb-2fa-settings',
+  templateUrl: './two-factor-auth-settings.component.html',
+  styleUrls: ['./two-factor-auth-settings.component.scss', './settings-card.scss']
+})
+export class TwoFactorAuthSettingsComponent extends PageComponent implements OnInit, HasConfirmForm, OnDestroy {
+
+  private authState: AuthState = getCurrentAuthState(this.store);
+  private authUser = this.authState.authUser;
+
+  twoFaFormGroup: FormGroup;
+
+  constructor(protected store: Store<AppState>,
+              private route: ActivatedRoute,
+              private twoFaService: TwoFactorAuthenticationService,
+              private fb: FormBuilder,
+              private dialogService: DialogService,
+              private translate: TranslateService,
+              @Inject(WINDOW) private window: Window) {
+    super(store);
+  }
+
+  ngOnInit() {
+    this.build2faSettingsForm();
+    this.twoFaService.getTwoFaSettings().subscribe((setting) => {
+      console.log(this.formDataPreprocessing(setting));
+    });
+  }
+
+  ngOnDestroy() {
+    super.ngOnDestroy();
+  }
+
+  confirmForm(): FormGroup {
+    return this.twoFaFormGroup;
+  }
+
+  isTenantAdmin(): boolean {
+    return this.authUser.authority === Authority.TENANT_ADMIN;
+  }
+
+  save() {
+
+  }
+
+  private build2faSettingsForm(): void {
+    this.twoFaFormGroup = this.fb.group({
+      useSystemTwoFactorAuthSettings: [false],
+      maxVerificationFailuresBeforeUserLockout: [30, [
+        Validators.required,
+        Validators.pattern(/^\d*$/),
+        Validators.min(0),
+        Validators.max(65535)
+      ]],
+      totalAllowedTimeForVerification: [3600, [
+        Validators.required,
+        Validators.min(1),
+        Validators.pattern(/^\d*$/)
+      ]],
+      verificationCodeCheckRateLimit: ['', Validators.pattern(/^[1-9]\d*:[1-9]\d*$/)],
+      verificationCodeSendRateLimit: ['', Validators.pattern(/^[1-9]\d*:[1-9]\d*$/)],
+      providers: this.fb.array([])
+    });
+  }
+
+  addProviders() {
+    const newProviders = this.fb.group({
+      providerType: [TwoFactorAuthProviderType.TOTP],
+      issuerName: ['', Validators.required],
+      smsVerificationMessageTemplate: [{
+        value: 'Verification code: ${verificationCode}',
+        disabled: true
+      }, [
+        Validators.required,
+        Validators.pattern(/\${verificationCode}/)
+      ]],
+      verificationCodeLifetime: [{
+        value: 120,
+        disabled: true
+      }, [
+        Validators.required,
+        Validators.min(1),
+        Validators.pattern(/^\d*$/)
+      ]]
+    });
+    newProviders.get('providerType').valueChanges.subscribe(type => {
+      switch (type) {
+        case TwoFactorAuthProviderType.SMS:
+          newProviders.get('issuerName').disable({emitEvent: false});
+          newProviders.get('smsVerificationMessageTemplate').enable({emitEvent: false});
+          newProviders.get('verificationCodeLifetime').enable({emitEvent: false});
+          break;
+        case TwoFactorAuthProviderType.TOTP:
+          newProviders.get('issuerName').enable({emitEvent: false});
+          newProviders.get('smsVerificationMessageTemplate').disable({emitEvent: false});
+          newProviders.get('verificationCodeLifetime').disable({emitEvent: false});
+          break;
+      }
+    });
+    if (this.providersForm.length) {
+      const selectProvidersType = this.providersForm.value[0].providerType;
+      if (selectProvidersType !== TwoFactorAuthProviderType.TOTP) {
+        newProviders.get('providerType').patchValue(TwoFactorAuthProviderType.SMS, {emitEvents: true})
+      }
+    }
+    this.providersForm.push(newProviders);
+  }
+
+  removeProviders($event: Event, index: number): void {
+    if ($event) {
+      $event.stopPropagation();
+      $event.preventDefault();
+    }
+    this.providersForm.removeAt(index);
+    this.providersForm.markAsTouched();
+    this.providersForm.markAsDirty();
+  }
+
+  get providersForm(): FormArray {
+    return this.twoFaFormGroup.get('providers') as FormArray;
+  }
+
+  private formDataPreprocessing(data: TwoFactorAuthSettings): TwoFactorAuthSettingsForm {
+    return data;
+  }
+
+  private formDataPostprocessing(data: TwoFactorAuthSettingsForm): TwoFactorAuthSettings{
+    return data;
+  }
+
+  trackByParams(index: number): number {
+    return index;
+  }
+
+}
diff --git a/ui-ngx/src/app/shared/models/two-factor-auth.models.ts b/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
new file mode 100644
index 0000000000..b2c32e6156
--- /dev/null
+++ b/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
@@ -0,0 +1,30 @@
+export interface TwoFactorAuthSettings {
+  maxVerificationFailuresBeforeUserLockout: number;
+  providers: Array<TwoFactorAuthProviderConfig>;
+  totalAllowedTimeForVerification: number;
+  useSystemTwoFactorAuthSettings: boolean;
+  verificationCodeCheckRateLimit: string;
+  verificationCodeSendRateLimit: string;
+}
+
+export type TwoFactorAuthProviderConfig = Partial<TotpTwoFactorAuthProviderConfig | SmsTwoFactorAuthProviderConfig>
+
+export interface TotpTwoFactorAuthProviderConfig {
+  providerType: TwoFactorAuthProviderType;
+  issuerName: string;
+}
+
+export interface SmsTwoFactorAuthProviderConfig {
+  providerType: TwoFactorAuthProviderType;
+  smsVerificationMessageTemplate: string;
+  verificationCodeLifetime: number;
+}
+
+export enum TwoFactorAuthProviderType{
+  TOTP = 'TOTP',
+  SMS = 'SMS'
+}
+
+export interface TwoFactorAuthSettingsForm extends TwoFactorAuthSettings {
+
+}
diff --git a/ui-ngx/src/assets/locale/locale.constant-en_US.json b/ui-ngx/src/assets/locale/locale.constant-en_US.json
index aab433c992..642592b669 100644
--- a/ui-ngx/src/assets/locale/locale.constant-en_US.json
+++ b/ui-ngx/src/assets/locale/locale.constant-en_US.json
@@ -252,6 +252,22 @@
           "platform-ios": "iOS",
           "all-platforms": "All platforms",
           "allowed-platforms": "Allowed platforms"
+        },
+        "2fa":  {
+          "2fa": "Two-factor authentication",
+          "use-system-two-factor-auth-settings": "Use system two factor auth settings",
+          "total-allowed-time-for-verification": "Total allowed time for verification",
+          "total-allowed-time-for-verification-required": "Total allowed time is required.",
+          "total-allowed-time-for-verification-pattern": "Total allowed time must be a positive integer.",
+          "max-verification-failures-before-user-lockout": "Max verification failures before user lockout",
+          "max-verification-failures-before-user-lockout-required": "Max verification failures is required.",
+          "max-verification-failures-before-user-lockout-pattern": "Max verification failures must be a positive integer.",
+          "verification-code-check-rate-limit": "Verification code check rate limit",
+          "verification-code-check-rate-limit-hint": "If empty field, the limit not be apply",
+          "verification-code-check-rate-limit-pattern": "Verification code check limit has invalid format",
+          "verification-code-send-rate-limit": "Verification code send rate limit",
+          "verification-code-send-rate-limit-hint": "If empty field, the limit not be apply",
+          "verification-code-send-rate-limit-pattern": "Verification code send limit has invalid format"
         }
       },
     "alarm": {

From d9a2495ea43c4bc246dc7a2433d2b7d4d0d1288b Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Fri, 29 Apr 2022 17:25:06 +0300
Subject: [PATCH 26/92] Add upgrade script for 2FA

---
 .../main/data/upgrade/3.3.4/schema_update.sql | 22 +++++++++++++++++++
 .../install/ThingsboardInstallService.java    |  1 +
 .../install/SqlDatabaseUpgradeService.java    | 14 ++++++++++++
 3 files changed, 37 insertions(+)
 create mode 100644 application/src/main/data/upgrade/3.3.4/schema_update.sql

diff --git a/application/src/main/data/upgrade/3.3.4/schema_update.sql b/application/src/main/data/upgrade/3.3.4/schema_update.sql
new file mode 100644
index 0000000000..d2134bdc48
--- /dev/null
+++ b/application/src/main/data/upgrade/3.3.4/schema_update.sql
@@ -0,0 +1,22 @@
+--
+-- Copyright © 2016-2022 The Thingsboard Authors
+--
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
+--
+--     http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+
+CREATE TABLE IF NOT EXISTS user_auth_settings (
+    id uuid NOT NULL CONSTRAINT user_auth_settings_pkey PRIMARY KEY,
+    created_time bigint NOT NULL,
+    user_id uuid UNIQUE NOT NULL CONSTRAINT fk_user_auth_settings_user_id REFERENCES tb_user(id),
+    mfa_account_config varchar
+);
diff --git a/application/src/main/java/org/thingsboard/server/install/ThingsboardInstallService.java b/application/src/main/java/org/thingsboard/server/install/ThingsboardInstallService.java
index ebab403149..e728c004c0 100644
--- a/application/src/main/java/org/thingsboard/server/install/ThingsboardInstallService.java
+++ b/application/src/main/java/org/thingsboard/server/install/ThingsboardInstallService.java
@@ -219,6 +219,7 @@ public class ThingsboardInstallService {
                             databaseEntitiesUpgradeService.upgradeDatabase("3.3.3");
                         case "3.3.4":
                             log.info("Upgrading ThingsBoard from version 3.3.4 to 3.4.0 ...");
+                            databaseEntitiesUpgradeService.upgradeDatabase("3.3.4");
                             log.info("Updating system data...");
                             systemDataLoaderService.updateSystemWidgets();
                             break;
diff --git a/application/src/main/java/org/thingsboard/server/service/install/SqlDatabaseUpgradeService.java b/application/src/main/java/org/thingsboard/server/service/install/SqlDatabaseUpgradeService.java
index f7b9e5cad1..7be899f995 100644
--- a/application/src/main/java/org/thingsboard/server/service/install/SqlDatabaseUpgradeService.java
+++ b/application/src/main/java/org/thingsboard/server/service/install/SqlDatabaseUpgradeService.java
@@ -534,6 +534,20 @@ public class SqlDatabaseUpgradeService implements DatabaseEntitiesUpgradeService
                     log.error("Failed updating schema!!!", e);
                 }
                 break;
+            case "3.3.4":
+                try (Connection conn = DriverManager.getConnection(dbUrl, dbUserName, dbPassword)) {
+                    log.info("Updating schema ...");
+
+                    schemaUpdateFile = Paths.get(installScripts.getDataDir(), "upgrade", "3.3.4", SCHEMA_UPDATE_SQL);
+                    loadSql(schemaUpdateFile, conn);
+
+                    log.info("Updating schema settings...");
+                    conn.createStatement().execute("UPDATE tb_schema_settings SET schema_version = 3004000;");
+                    log.info("Schema updated.");
+                } catch (Exception e) {
+                    log.error("Failed updating schema!!!", e);
+                }
+                break;
             default:
                 throw new RuntimeException("Unable to upgrade SQL database, unsupported fromVersion: " + fromVersion);
         }

From e29be2bdedb4a86d159a608d5fb67010b2d270a8 Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Fri, 29 Apr 2022 18:12:35 +0300
Subject: [PATCH 27/92] UI: Add 2FA general setting form

---
 .../http/two-factor-authentication.service.ts |  16 ++
 ui-ngx/src/app/core/services/menu.service.ts  |  16 +-
 .../two-factor-auth-settings.component.html   | 266 ++++++++++--------
 .../two-factor-auth-settings.component.scss   |  21 ++
 .../two-factor-auth-settings.component.ts     |  71 +++--
 .../shared/models/two-factor-auth.models.ts   |  22 +-
 .../assets/locale/locale.constant-en_US.json  |  26 +-
 7 files changed, 283 insertions(+), 155 deletions(-)

diff --git a/ui-ngx/src/app/core/http/two-factor-authentication.service.ts b/ui-ngx/src/app/core/http/two-factor-authentication.service.ts
index d608d3b362..230eddd208 100644
--- a/ui-ngx/src/app/core/http/two-factor-authentication.service.ts
+++ b/ui-ngx/src/app/core/http/two-factor-authentication.service.ts
@@ -1,3 +1,19 @@
+///
+/// Copyright © 2016-2022 The Thingsboard Authors
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     http://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+///
+
 import { Injectable } from '@angular/core';
 import { HttpClient } from '@angular/common/http';
 import { defaultHttpOptionsFromConfig, RequestConfig } from '@core/http/http-utils';
diff --git a/ui-ngx/src/app/core/services/menu.service.ts b/ui-ngx/src/app/core/services/menu.service.ts
index 294513c782..15ab552d53 100644
--- a/ui-ngx/src/app/core/services/menu.service.ts
+++ b/ui-ngx/src/app/core/services/menu.service.ts
@@ -364,7 +364,7 @@ export class MenuService {
         name: 'admin.system-settings',
         type: 'toggle',
         path: '/settings',
-        height: '80px',
+        height: '120px',
         icon: 'settings',
         pages: [
           {
@@ -374,6 +374,14 @@ export class MenuService {
             path: '/settings/home',
             icon: 'settings_applications'
           },
+          {
+            id: guid(),
+            name: 'admin.2fa.2fa',
+            type: 'link',
+            path: '/settings/2fa',
+            icon: 'mdi:two-factor-authentication',
+            isMdiIcon: true
+          },
           {
             id: guid(),
             name: 'resource.resources-library',
@@ -510,6 +518,12 @@ export class MenuService {
             icon: 'settings_applications',
             path: '/settings/home'
           },
+          {
+            name: 'admin.2fa.2fa',
+            icon: 'mdi:two-factor-authentication',
+            isMdiIcon: true,
+            path: '/settings/2fa'
+          },
           {
             name: 'resource.resources-library',
             icon: 'folder',
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
index 9a507e45f2..c92fe6de74 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
@@ -1,3 +1,20 @@
+<!--
+
+    Copyright © 2016-2022 The Thingsboard Authors
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+-->
 <div>
   <mat-card class="settings-card">
     <mat-card-title>
@@ -11,131 +28,146 @@
     </mat-progress-bar>
     <div style="height: 4px;" *ngIf="!(isLoading$ | async)"></div>
     <mat-card-content style="padding-top: 16px;">
-      <form [formGroup]="twoFaFormGroup" (ngSubmit)="save()" fxLayout="column">
-        <mat-checkbox *ngIf="isTenantAdmin()" formControlName="useSystemTwoFactorAuthSettings" style="padding-bottom: 16px;">
-          {{ 'admin.2fa.use-system-two-factor-auth-settings' | translate }}
-        </mat-checkbox>
-        <ng-container *ngIf="!isTenantAdmin() || twoFaFormGroup.get('useSystemTwoFactorAuthSettings').value">
-          <mat-form-field>
-            <mat-label translate>admin.2fa.total-allowed-time-for-verification</mat-label>
-            <input matInput required formControlName="totalAllowedTimeForVerification" type="number" step="1" min="1">
-            <mat-error *ngIf="twoFaFormGroup.get('totalAllowedTimeForVerification').hasError('required')">
-              {{ 'admin.2fa.total-allowed-time-for-verification-required' | translate }}
-            </mat-error>
-            <mat-error *ngIf="twoFaFormGroup.get('totalAllowedTimeForVerification').hasError('pattern')
-                || twoFaFormGroup.get('totalAllowedTimeForVerification').hasError('min')">
-              {{ 'admin.2fa.total-allowed-time-for-verification-pattern' | translate }}
-            </mat-error>
-          </mat-form-field>
-          <mat-form-field>
-            <mat-label translate>admin.2fa.max-verification-failures-before-user-lockout</mat-label>
-            <input matInput required formControlName="maxVerificationFailuresBeforeUserLockout" type="number" step="1" min="0" max="65535">
-            <mat-error *ngIf="twoFaFormGroup.get('maxVerificationFailuresBeforeUserLockout').hasError('required')">
-              {{ 'admin.2fa.max-verification-failures-before-user-lockout-required' | translate }}
-            </mat-error>
-            <mat-error *ngIf="twoFaFormGroup.get('maxVerificationFailuresBeforeUserLockout').hasError('pattern')
-                || twoFaFormGroup.get('maxVerificationFailuresBeforeUserLockout').hasError('min')
-                || twoFaFormGroup.get('maxVerificationFailuresBeforeUserLockout').hasError('max')">
-              {{ 'admin.2fa.max-verification-failures-before-user-lockout-pattern' | translate }}
-            </mat-error>
-          </mat-form-field>
-          <mat-form-field>
-            <mat-label translate>admin.2fa.verification-code-send-rate-limit</mat-label>
-            <input matInput formControlName="verificationCodeSendRateLimit">
-            <mat-hint translate>admin.2fa.verification-code-send-rate-limit-hint</mat-hint>
-            <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimit').hasError('pattern')">
-              {{ 'admin.2fa.verification-code-send-rate-limit-pattern' | translate }}
-            </mat-error>
-          </mat-form-field>
-          <mat-form-field>
-            <mat-label translate>admin.2fa.verification-code-check-rate-limit</mat-label>
-            <input matInput formControlName="verificationCodeCheckRateLimit">
-            <mat-hint translate>admin.2fa.verification-code-check-rate-limit-hint</mat-hint>
-            <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimit').hasError('pattern')">
-              {{ 'admin.2fa.verification-code-check-rate-limit-pattern' | translate }}
-            </mat-error>
-          </mat-form-field>
-          <div class="mat-h3">Providers</div>
-          <ng-container formArrayName="providers">
-            <div class="container">
-              <mat-expansion-panel *ngFor="let provider of providersForm.controls; let j = index; trackBy: trackByParams"
-                                   class="registration-card mat-elevation-z0">
-                <mat-expansion-panel-header>
-                  <mat-panel-title fxLayoutAlign="start center">
-                    {{ provider.value.providerType }}
-                  </mat-panel-title>
-                  <mat-panel-description fxLayoutAlign="end center">
-                    <button mat-icon-button
-                            type="button"
-                            [disabled]="providersForm.controls.length < 2"
-                            (click)="removeProviders($event, j)"
-                            matTooltip="{{ 'admin.oauth2.delete-provider' | translate }}"
-                            matTooltipPosition="above">
-                      <mat-icon>delete</mat-icon>
-                    </button>
-                  </mat-panel-description>
-                </mat-expansion-panel-header>
+      <form [formGroup]="twoFaFormGroup" (ngSubmit)="save()">
+        <fieldset [disabled]="isLoading$ | async">
+          <mat-checkbox *ngIf="isTenantAdmin()" formControlName="useSystemTwoFactorAuthSettings" style="padding-bottom: 16px;">
+            {{ 'admin.2fa.use-system-two-factor-auth-settings' | translate }}
+          </mat-checkbox>
+          <ng-container *ngIf="!isTenantAdmin() || !twoFaFormGroup.get('useSystemTwoFactorAuthSettings').value">
+            <mat-form-field fxFlex class="mat-block">
+              <mat-label translate>admin.2fa.total-allowed-time-for-verification</mat-label>
+              <input matInput required formControlName="totalAllowedTimeForVerification" type="number" step="1" min="1">
+              <mat-error *ngIf="twoFaFormGroup.get('totalAllowedTimeForVerification').hasError('required')">
+                {{ 'admin.2fa.total-allowed-time-for-verification-required' | translate }}
+              </mat-error>
+              <mat-error *ngIf="twoFaFormGroup.get('totalAllowedTimeForVerification').hasError('pattern')
+                  || twoFaFormGroup.get('totalAllowedTimeForVerification').hasError('min')">
+                {{ 'admin.2fa.total-allowed-time-for-verification-pattern' | translate }}
+              </mat-error>
+            </mat-form-field>
+            <mat-form-field fxFlex class="mat-block">
+              <mat-label translate>admin.2fa.max-verification-failures-before-user-lockout</mat-label>
+              <input matInput required formControlName="maxVerificationFailuresBeforeUserLockout" type="number" step="1" min="0" max="65535">
+              <mat-error *ngIf="twoFaFormGroup.get('maxVerificationFailuresBeforeUserLockout').hasError('required')">
+                {{ 'admin.2fa.max-verification-failures-before-user-lockout-required' | translate }}
+              </mat-error>
+              <mat-error *ngIf="twoFaFormGroup.get('maxVerificationFailuresBeforeUserLockout').hasError('pattern')
+                  || twoFaFormGroup.get('maxVerificationFailuresBeforeUserLockout').hasError('min')
+                  || twoFaFormGroup.get('maxVerificationFailuresBeforeUserLockout').hasError('max')">
+                {{ 'admin.2fa.max-verification-failures-before-user-lockout-pattern' | translate }}
+              </mat-error>
+            </mat-form-field>
+            <mat-form-field fxFlex class="mat-block">
+              <mat-label translate>admin.2fa.verification-code-send-rate-limit</mat-label>
+              <input matInput formControlName="verificationCodeSendRateLimit" required>
+              <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimit').hasError('required')">
+                {{ 'admin.2fa.verification-code-send-rate-limit-required' | translate }}
+              </mat-error>
+              <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimit').hasError('pattern')">
+                {{ 'admin.2fa.verification-code-send-rate-limit-pattern' | translate }}
+              </mat-error>
+            </mat-form-field>
+            <mat-form-field fxFlex class="mat-block">
+              <mat-label translate>admin.2fa.verification-code-check-rate-limit</mat-label>
+              <input matInput formControlName="verificationCodeCheckRateLimit" required>
+              <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimit').hasError('required')">
+                {{ 'admin.2fa.verification-code-check-rate-limit-required' | translate }}
+              </mat-error>
+              <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimit').hasError('pattern')">
+                {{ 'admin.2fa.verification-code-check-rate-limit-pattern' | translate }}
+              </mat-error>
+            </mat-form-field>
+            <div class="mat-h3" translate>admin.2fa.available-providers</div>
+            <ng-container formArrayName="providers">
+              <div class="container">
+                <mat-accordion multi>
+                  <mat-expansion-panel *ngFor="let provider of providersForm.controls; let i = index">
+                    <mat-expansion-panel-header>
+                      <mat-panel-title fxLayoutAlign="start center">
+                        {{ provider.value.providerType }}
+                      </mat-panel-title>
+                      <mat-panel-description fxLayoutAlign="end center">
+                        <button mat-icon-button
+                                type="button"
+                                (click)="removeProviders($event, i)"
+                                matTooltip="{{ 'admin.oauth2.delete-provider' | translate }}"
+                                matTooltipPosition="above">
+                          <mat-icon>delete</mat-icon>
+                        </button>
+                      </mat-panel-description>
+                    </mat-expansion-panel-header>
 
-                <ng-template matExpansionPanelContent>
-                  <section [formGroupName]="j">
-                    <div fxLayout="row" fxLayout.xs="column" fxLayoutGap.gt-xs="8px">
-                      <section fxFlex formGroupName="additionalInfo" fxLayout="row">
+                    <ng-template matExpansionPanelContent>
+                      <section [formGroupName]="i">
                         <mat-form-field fxFlex class="mat-block">
-                          <mat-label translate>admin.oauth2.login-provider</mat-label>
-                          <mat-select formControlName="providerName">
-                            <mat-option *ngFor="let provider of templateProvider" [value]="provider">
-                              {{ provider }}
+                          <mat-label translate>admin.2fa.provider</mat-label>
+                          <mat-select formControlName="providerType">
+                            <mat-option *ngFor="let twoFactorAuthProviderType of twoFactorAuthProviderTypes"
+                                        [value]="twoFactorAuthProviderType"
+                                        [disabled]="selectedTypes(twoFactorAuthProviderType[twoFactorAuthProviderType], i)">
+                              {{ twoFactorAuthProviderType }}
                             </mat-option>
                           </mat-select>
                         </mat-form-field>
-                      </section>
-                      <mat-form-field floatLabel="always" fxFlex class="mat-block">
-                        <mat-label translate>admin.oauth2.allowed-platforms</mat-label>
-                        <mat-select formControlName="platforms" multiple placeholder="{{ 'admin.oauth2.all-platforms' | translate }}">
-                          <mat-option *ngFor="let platform of platformTypes" [value]="platform">
-                            {{ platformTypeTranslations.get(platform) | translate }}
-                          </mat-option>
-                        </mat-select>
-                      </mat-form-field>
-                    </div>
-                    <div fxLayout="row" fxLayout.xs="column" fxLayoutGap.gt-xs="8px">
-                      <mat-form-field fxFlex class="mat-block">
-                        <mat-label translate>admin.oauth2.client-id</mat-label>
-                        <input matInput formControlName="clientId" required>
-                        <mat-error *ngIf="registration.get('clientId').hasError('required')">
-                          {{ 'admin.oauth2.client-id-required' | translate }}
-                        </mat-error>
-                        <mat-error *ngIf="registration.get('clientId').hasError('maxlength')">
-                          {{ 'admin.oauth2.client-id-max-length' | translate }}
-                        </mat-error>
-                      </mat-form-field>
+                        <ng-container [ngSwitch]="provider.get('providerType').value">
+                          <ng-container *ngSwitchCase="twoFactorAuthProviderType.TOTP">
+                            <mat-form-field fxFlex class="mat-block">
+                              <mat-label translate>admin.2fa.issuer-name</mat-label>
+                              <input matInput formControlName="issuerName" required>
+                              <mat-error *ngIf="provider.get('issuerName').hasError('required')">
+                                {{ "admin.2fa.issuer-name-required" | translate }}
+                              </mat-error>
+                            </mat-form-field>
+                          </ng-container>
+                          <div *ngSwitchCase="twoFactorAuthProviderType.SMS"
+                               fxLayout="row" fxLayout.xs="column" fxLayoutGap.gt-xs="8px">
+                            <mat-form-field fxFlex class="mat-block">
+                              <mat-label translate>admin.2fa.verification-message-template</mat-label>
+                              <input matInput formControlName="smsVerificationMessageTemplate" required>
+                              <mat-error *ngIf="provider.get('smsVerificationMessageTemplate').hasError('required')">
+                                {{ "admin.2fa.verification-message-template-required" | translate }}
+                              </mat-error>
+                              <mat-error *ngIf="provider.get('smsVerificationMessageTemplate').hasError('pattern')">
+                                {{ "admin.2fa.verification-message-template-pattern" | translate }}
+                              </mat-error>
+                            </mat-form-field>
 
-                      <mat-form-field fxFlex class="mat-block">
-                        <mat-label translate>admin.oauth2.client-secret</mat-label>
-                        <input matInput formControlName="clientSecret" required>
-                        <mat-error *ngIf="registration.get('clientSecret').hasError('required')">
-                          {{ 'admin.oauth2.client-secret-required' | translate }}
-                        </mat-error>
-                        <mat-error *ngIf="registration.get('clientSecret').hasError('maxlength')">
-                          {{ 'admin.oauth2.client-secret-max-length' | translate }}
-                        </mat-error>
-                      </mat-form-field>
-                    </div>
+                            <mat-form-field fxFlex class="mat-block">
+                              <mat-label translate>admin.2fa.verification-code-lifetime</mat-label>
+                              <input matInput formControlName="verificationCodeLifetime" type="number" step="1" min="1" required>
+                              <mat-error *ngIf="provider.get('verificationCodeLifetime').hasError('required')">
+                                {{ "admin.2fa.verification-code-lifetime-required" | translate }}
+                              </mat-error>
+                              <mat-error *ngIf="provider.get('verificationCodeLifetime').hasError('min') ||
+                                                provider.get('verificationCodeLifetime').hasError('pattern')">
+                                {{ "admin.2fa.verification-code-lifetime-pattern" | translate }}
+                              </mat-error>
+                            </mat-form-field>
+                          </div>
+                        </ng-container>
+                      </section>
+                    </ng-template>
+                  </mat-expansion-panel>
+                </mat-accordion>
+              </div>
+            </ng-container>
 
-                  </section>
-                </ng-template>
-              </mat-expansion-panel>
-            </div>
           </ng-container>
-
-        </ng-container>
-        <div fxLayout="row" fxLayoutAlign="end center" fxLayoutGap="8px">
-          <button mat-button mat-raised-button color="primary"
-                  [disabled]="(isLoading$ | async) || twoFaFormGroup.invalid || !twoFaFormGroup.dirty"
-                  type="submit">
-            {{'action.save' | translate}}
-          </button>
-        </div>
+          <div fxLayout="row" fxLayoutAlign="end center" fxLayoutGap="8px">
+            <button type="button" mat-raised-button color="primary"
+                    [disabled]="twoFaFormGroup.get('useSystemTwoFactorAuthSettings').value
+                    || providersForm.length == twoFactorAuthProviderTypes.length || (isLoading$ | async)"
+                    (click)="addProvider()">
+              <mat-icon>add</mat-icon>
+              <span translate>action.add</span>
+            </button>
+            <button mat-button mat-raised-button color="primary"
+                    [disabled]="(isLoading$ | async) || twoFaFormGroup.invalid || !twoFaFormGroup.dirty"
+                    type="submit">
+              {{'action.save' | translate}}
+            </button>
+          </div>
+        </fieldset>
       </form>
     </mat-card-content>
   </mat-card>
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss
index e69de29bb2..8fb412f648 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss
@@ -0,0 +1,21 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+:host{
+  .container {
+    margin-bottom: 1em;
+  }
+}
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
index 1995605786..992c1c8ae4 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
@@ -1,10 +1,26 @@
+///
+/// Copyright © 2016-2022 The Thingsboard Authors
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     http://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+///
+
 import { Component, Inject, OnDestroy, OnInit } from '@angular/core';
 import { PageComponent } from '@shared/components/page.component';
 import { HasConfirmForm } from '@core/guards/confirm-on-exit.guard';
 import { Store } from '@ngrx/store';
 import { AppState } from '@core/core.state';
 import { ActivatedRoute } from '@angular/router';
-import { AbstractControl, FormArray, FormBuilder, FormGroup, Validators } from '@angular/forms';
+import { FormArray, FormBuilder, FormGroup, Validators } from '@angular/forms';
 import { DialogService } from '@core/services/dialog.service';
 import { TranslateService } from '@ngx-translate/core';
 import { WINDOW } from '@core/services/window.service';
@@ -12,11 +28,7 @@ import { TwoFactorAuthenticationService } from '@core/http/two-factor-authentica
 import { AuthState } from '@core/auth/auth.models';
 import { getCurrentAuthState } from '@core/auth/auth.selectors';
 import { Authority } from '@shared/models/authority.enum';
-import {
-  TwoFactorAuthProviderType,
-  TwoFactorAuthSettings,
-  TwoFactorAuthSettingsForm
-} from '@shared/models/two-factor-auth.models';
+import { TwoFactorAuthProviderType, TwoFactorAuthSettings } from '@shared/models/two-factor-auth.models';
 
 @Component({
   selector: 'tb-2fa-settings',
@@ -29,6 +41,8 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
   private authUser = this.authState.authUser;
 
   twoFaFormGroup: FormGroup;
+  twoFactorAuthProviderTypes = Object.keys(TwoFactorAuthProviderType);
+  twoFactorAuthProviderType = TwoFactorAuthProviderType;
 
   constructor(protected store: Store<AppState>,
               private route: ActivatedRoute,
@@ -43,7 +57,7 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
   ngOnInit() {
     this.build2faSettingsForm();
     this.twoFaService.getTwoFaSettings().subscribe((setting) => {
-      console.log(this.formDataPreprocessing(setting));
+      this.initTwoFactorAuthForm(setting);
     });
   }
 
@@ -60,12 +74,19 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
   }
 
   save() {
-
+    const setting = this.twoFaFormGroup.value;
+    this.twoFaService.saveTwoFaSettings(setting).subscribe(
+      (twoFactorAuthSettings) => {
+        this.twoFaFormGroup.patchValue(twoFactorAuthSettings, {emitEvent: false});
+        this.twoFaFormGroup.markAsUntouched();
+        this.twoFaFormGroup.markAsPristine();
+      }
+    );
   }
 
   private build2faSettingsForm(): void {
     this.twoFaFormGroup = this.fb.group({
-      useSystemTwoFactorAuthSettings: [false],
+      useSystemTwoFactorAuthSettings: [this.isTenantAdmin()],
       maxVerificationFailuresBeforeUserLockout: [30, [
         Validators.required,
         Validators.pattern(/^\d*$/),
@@ -77,13 +98,20 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
         Validators.min(1),
         Validators.pattern(/^\d*$/)
       ]],
-      verificationCodeCheckRateLimit: ['', Validators.pattern(/^[1-9]\d*:[1-9]\d*$/)],
-      verificationCodeSendRateLimit: ['', Validators.pattern(/^[1-9]\d*:[1-9]\d*$/)],
+      verificationCodeCheckRateLimit: ['3:900', [Validators.required, Validators.pattern(/^[1-9]\d*:[1-9]\d*$/)]],
+      verificationCodeSendRateLimit: ['1:60', [Validators.required, Validators.pattern(/^[1-9]\d*:[1-9]\d*$/)]],
       providers: this.fb.array([])
     });
   }
 
-  addProviders() {
+  private initTwoFactorAuthForm(settings: TwoFactorAuthSettings) {
+    settings.providers.forEach(() => {
+      this.addProvider();
+    });
+    this.twoFaFormGroup.patchValue(settings, {emitEvent: false});
+  }
+
+  addProvider() {
     const newProviders = this.fb.group({
       providerType: [TwoFactorAuthProviderType.TOTP],
       issuerName: ['', Validators.required],
@@ -119,8 +147,9 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
     });
     if (this.providersForm.length) {
       const selectProvidersType = this.providersForm.value[0].providerType;
-      if (selectProvidersType !== TwoFactorAuthProviderType.TOTP) {
-        newProviders.get('providerType').patchValue(TwoFactorAuthProviderType.SMS, {emitEvents: true})
+      if (selectProvidersType === TwoFactorAuthProviderType.TOTP) {
+        newProviders.get('providerType').setValue(TwoFactorAuthProviderType.SMS);
+        newProviders.updateValueAndValidity();
       }
     }
     this.providersForm.push(newProviders);
@@ -140,16 +169,10 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
     return this.twoFaFormGroup.get('providers') as FormArray;
   }
 
-  private formDataPreprocessing(data: TwoFactorAuthSettings): TwoFactorAuthSettingsForm {
-    return data;
-  }
-
-  private formDataPostprocessing(data: TwoFactorAuthSettingsForm): TwoFactorAuthSettings{
-    return data;
-  }
-
-  trackByParams(index: number): number {
-    return index;
+  selectedTypes(type: TwoFactorAuthProviderType, index: number): boolean {
+    const selectedProviderTypes: TwoFactorAuthProviderType[] = this.providersForm.value.map(providers => providers.providerType);
+    selectedProviderTypes.splice(index, 1);
+    return selectedProviderTypes.includes(type);
   }
 
 }
diff --git a/ui-ngx/src/app/shared/models/two-factor-auth.models.ts b/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
index b2c32e6156..ab64143a66 100644
--- a/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
+++ b/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
@@ -1,3 +1,19 @@
+///
+/// Copyright © 2016-2022 The Thingsboard Authors
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     http://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+///
+
 export interface TwoFactorAuthSettings {
   maxVerificationFailuresBeforeUserLockout: number;
   providers: Array<TwoFactorAuthProviderConfig>;
@@ -7,7 +23,7 @@ export interface TwoFactorAuthSettings {
   verificationCodeSendRateLimit: string;
 }
 
-export type TwoFactorAuthProviderConfig = Partial<TotpTwoFactorAuthProviderConfig | SmsTwoFactorAuthProviderConfig>
+export type TwoFactorAuthProviderConfig = Partial<TotpTwoFactorAuthProviderConfig | SmsTwoFactorAuthProviderConfig>;
 
 export interface TotpTwoFactorAuthProviderConfig {
   providerType: TwoFactorAuthProviderType;
@@ -24,7 +40,3 @@ export enum TwoFactorAuthProviderType{
   TOTP = 'TOTP',
   SMS = 'SMS'
 }
-
-export interface TwoFactorAuthSettingsForm extends TwoFactorAuthSettings {
-
-}
diff --git a/ui-ngx/src/assets/locale/locale.constant-en_US.json b/ui-ngx/src/assets/locale/locale.constant-en_US.json
index 642592b669..89b9bc5d2d 100644
--- a/ui-ngx/src/assets/locale/locale.constant-en_US.json
+++ b/ui-ngx/src/assets/locale/locale.constant-en_US.json
@@ -255,19 +255,29 @@
         },
         "2fa":  {
           "2fa": "Two-factor authentication",
-          "use-system-two-factor-auth-settings": "Use system two factor auth settings",
-          "total-allowed-time-for-verification": "Total allowed time for verification",
-          "total-allowed-time-for-verification-required": "Total allowed time is required.",
-          "total-allowed-time-for-verification-pattern": "Total allowed time must be a positive integer.",
+          "available-providers": "Available providers:",
+          "issuer-name": "Issuer name",
+          "issuer-name-required": "Issuer name is required.",
           "max-verification-failures-before-user-lockout": "Max verification failures before user lockout",
-          "max-verification-failures-before-user-lockout-required": "Max verification failures is required.",
           "max-verification-failures-before-user-lockout-pattern": "Max verification failures must be a positive integer.",
+          "max-verification-failures-before-user-lockout-required": "Max verification failures is required.",
+          "provider": "Provider",
+          "total-allowed-time-for-verification": "Total allowed time for verification",
+          "total-allowed-time-for-verification-pattern": "Total allowed time must be a positive integer.",
+          "total-allowed-time-for-verification-required": "Total allowed time is required.",
+          "use-system-two-factor-auth-settings": "Use system two factor auth settings",
           "verification-code-check-rate-limit": "Verification code check rate limit",
-          "verification-code-check-rate-limit-hint": "If empty field, the limit not be apply",
           "verification-code-check-rate-limit-pattern": "Verification code check limit has invalid format",
+          "verification-code-check-rate-limit-required": "Verification code check rate limit is required.",
+          "verification-code-lifetime": "Verification code lifetime",
+          "verification-code-lifetime-pattern": "Verification code lifetime must be a positive integer.",
+          "verification-code-lifetime-required": "Verification code lifetime is required.",
           "verification-code-send-rate-limit": "Verification code send rate limit",
-          "verification-code-send-rate-limit-hint": "If empty field, the limit not be apply",
-          "verification-code-send-rate-limit-pattern": "Verification code send limit has invalid format"
+          "verification-code-send-rate-limit-pattern": "Verification code send limit has invalid format",
+          "verification-code-send-rate-limit-required": "Verification code send rate limit is required.",
+          "verification-message-template": "Verification message template",
+          "verification-message-template-pattern": "Verification message need to contains pattern: ${verificationCode}",
+          "verification-message-template-required": "Verification message template is required."
         }
       },
     "alarm": {

From 812e3490a6a2c29fdc8f034df2baea376447ceb0 Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Mon, 2 May 2022 12:27:49 +0300
Subject: [PATCH 28/92] API to get the list of available 2FA providers for user

---
 .../TwoFactorAuthConfigController.java        | 32 ++++++++++++++-----
 1 file changed, 24 insertions(+), 8 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java
index d4cc690604..f35f7a231a 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java
@@ -33,6 +33,7 @@ import org.springframework.web.bind.annotation.RestController;
 import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderConfig;
 import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
@@ -46,6 +47,10 @@ import javax.servlet.ServletOutputStream;
 import javax.servlet.http.HttpServletResponse;
 import javax.validation.Valid;
 
+import java.util.Collections;
+import java.util.List;
+import java.util.stream.Collectors;
+
 import static org.thingsboard.server.controller.ControllerConstants.NEW_LINE;
 
 @RestController
@@ -63,15 +68,15 @@ public class TwoFactorAuthConfigController extends BaseController {
                     "or if a provider for previously set up account config is not now configured." + NEW_LINE +
                     ControllerConstants.AVAILABLE_FOR_ANY_AUTHORIZED_USER + NEW_LINE +
                     "Response example for TOTP 2FA: " + NEW_LINE +
-                    "{\n" +
+                    "```\n{\n" +
                     "  \"providerType\": \"TOTP\",\n" +
                     "  \"authUrl\": \"otpauth://totp/ThingsBoard:tenant@thingsboard.org?issuer=ThingsBoard&secret=FUNBIM3CXFNNGQR6ZIPVWHP65PPFWDII\"\n" +
-                    "}" + NEW_LINE +
+                        "}\n```" + NEW_LINE +
                     "Response example for SMS 2FA: " + NEW_LINE +
-                    "{\n" +
+                    "```\n{\n" +
                     "  \"providerType\": \"SMS\",\n" +
                     "  \"phoneNumber\": \"+380505005050\"\n" +
-                    "}")
+                    "}\n```")
     @GetMapping("/account/config")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
     public TwoFactorAuthAccountConfig getTwoFaAccountConfig() throws ThingsboardException {
@@ -79,6 +84,17 @@ public class TwoFactorAuthConfigController extends BaseController {
         return twoFactorAuthConfigManager.getTwoFaAccountConfig(user.getTenantId(), user.getId()).orElse(null);
     }
 
+
+    @GetMapping("/providers")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
+    public List<TwoFactorAuthProviderType> getAvailableTwoFaProviders() throws ThingsboardException {
+        return twoFactorAuthConfigManager.getTwoFaSettings(getTenantId(), true)
+                .map(TwoFactorAuthSettings::getProviders).orElse(Collections.emptyList()).stream()
+                .map(TwoFactorAuthProviderConfig::getProviderType)
+                .collect(Collectors.toList());
+    }
+
+
     @ApiOperation(value = "Generate 2FA account config (generateTwoFaAccountConfig)",
             notes = "Generate new 2FA account config for specified provider type. " +
                     "This method is only useful for TOTP 2FA, as there is nothing to generate for other provider types. " +
@@ -89,15 +105,15 @@ public class TwoFactorAuthConfigController extends BaseController {
                     "Will throw an error (Bad Request) if the provider is not configured for usage. " +
                     ControllerConstants.AVAILABLE_FOR_ANY_AUTHORIZED_USER + NEW_LINE +
                     "Example of a generated account config for TOTP 2FA: " + NEW_LINE +
-                    "{\n" +
+                    "```\n{\n" +
                     "  \"providerType\": \"TOTP\",\n" +
                     "  \"authUrl\": \"otpauth://totp/ThingsBoard:tenant@thingsboard.org?issuer=ThingsBoard&secret=FUNBIM3CXFNNGQR6ZIPVWHP65PPFWDII\"\n" +
-                    "}" + NEW_LINE +
+                    "}\n```" + NEW_LINE +
                     "For SMS provider type it will return something like: " + NEW_LINE +
-                    "{\n" +
+                    "```\n{\n" +
                     "  \"providerType\": \"SMS\",\n" +
                     "  \"phoneNumber\": null\n" +
-                    "}")
+                    "}\n```")
     @PostMapping("/account/config/generate")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
     public TwoFactorAuthAccountConfig generateTwoFaAccountConfig(@ApiParam(value = "2FA provider type to generate new account config for", defaultValue = "TOTP", required = true)

From bcc736991ed9bf789053dc0b0a051691946723e7 Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Wed, 4 May 2022 14:29:36 +0300
Subject: [PATCH 29/92] Multiple used 2FA providers for account

---
 .../main/data/upgrade/3.3.4/schema_update.sql |   2 +-
 ...roller.java => TwoFaConfigController.java} | 107 +--
 .../controller/TwoFactorAuthController.java   |  44 +-
 .../auth/mfa/DefaultTwoFactorAuthService.java | 120 ++--
 .../auth/mfa/TwoFactorAuthService.java        |  21 +-
 ...er.java => DefaultTwoFaConfigManager.java} |  89 ++-
 .../auth/mfa/config/TwoFaConfigManager.java   |  45 ++
 .../config/TwoFactorAuthConfigManager.java    |  43 --
 ...orAuthProvider.java => TwoFaProvider.java} |  10 +-
 ...ovider.java => OtpBasedTwoFaProvider.java} |  12 +-
 ...uthProvider.java => SmsTwoFaProvider.java} |  20 +-
 ...thProvider.java => TotpTwoFaProvider.java} |  22 +-
 .../auth/rest/RestAuthenticationProvider.java |  10 +-
 ...RestAwareAuthenticationSuccessHandler.java |   6 +-
 .../system/DefaultSystemSecurityService.java  |   4 +-
 .../system/SystemSecurityService.java         |   4 +-
 .../controller/TwoFactorAuthConfigTest.java   | 141 ++--
 .../server/controller/TwoFactorAuthTest.java  | 644 +++++++++---------
 .../data/security/UserAuthSettings.java       |   4 +-
 ...ttings.java => PlatformTwoFaSettings.java} |  10 +-
 .../mfa/account/AccountTwoFaSettings.java     |  26 +
 ...g.java => OtpBasedTwoFaAccountConfig.java} |   4 +-
 ...Config.java => SmsTwoFaAccountConfig.java} |   8 +-
 ...onfig.java => TotpTwoFaAccountConfig.java} |  13 +-
 ...untConfig.java => TwoFaAccountConfig.java} |  14 +-
 ....java => OtpBasedTwoFaProviderConfig.java} |   2 +-
 ...onfig.java => SmsTwoFaProviderConfig.java} |   8 +-
 ...nfig.java => TotpTwoFaProviderConfig.java} |   6 +-
 ...erConfig.java => TwoFaProviderConfig.java} |   8 +-
 ...oviderType.java => TwoFaProviderType.java} |   2 +-
 .../server/common/msg/tools/TbRateLimits.java |   6 +
 .../server/dao/model/ModelConstants.java      |   2 +-
 .../dao/model/sql/UserAuthSettingsEntity.java |  15 +-
 .../main/resources/sql/schema-entities.sql    |   2 +-
 34 files changed, 799 insertions(+), 675 deletions(-)
 rename application/src/main/java/org/thingsboard/server/controller/{TwoFactorAuthConfigController.java => TwoFaConfigController.java} (70%)
 rename application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/{DefaultTwoFactorAuthConfigManager.java => DefaultTwoFaConfigManager.java} (62%)
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFaConfigManager.java
 delete mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthConfigManager.java
 rename application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/{TwoFactorAuthProvider.java => TwoFaProvider.java} (84%)
 rename application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/{OtpBasedTwoFactorAuthProvider.java => OtpBasedTwoFaProvider.java} (87%)
 rename application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/{SmsTwoFactorAuthProvider.java => SmsTwoFaProvider.java} (73%)
 rename application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/{TotpTwoFactorAuthProvider.java => TotpTwoFaProvider.java} (76%)
 rename common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/{TwoFactorAuthSettings.java => PlatformTwoFaSettings.java} (92%)
 create mode 100644 common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/AccountTwoFaSettings.java
 rename common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/{OtpBasedTwoFactorAuthAccountConfig.java => OtpBasedTwoFaAccountConfig.java} (82%)
 rename common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/{SmsTwoFactorAuthAccountConfig.java => SmsTwoFaAccountConfig.java} (86%)
 rename common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/{TotpTwoFactorAuthAccountConfig.java => TotpTwoFaAccountConfig.java} (84%)
 rename common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/{TwoFactorAuthAccountConfig.java => TwoFaAccountConfig.java} (79%)
 rename common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/{OtpBasedTwoFactorAuthProviderConfig.java => OtpBasedTwoFaProviderConfig.java} (91%)
 rename common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/{SmsTwoFactorAuthProviderConfig.java => SmsTwoFaProviderConfig.java} (85%)
 rename common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/{TotpTwoFactorAuthProviderConfig.java => TotpTwoFaProviderConfig.java} (85%)
 rename common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/{TwoFactorAuthProviderConfig.java => TwoFaProviderConfig.java} (82%)
 rename common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/{TwoFactorAuthProviderType.java => TwoFaProviderType.java} (94%)

diff --git a/application/src/main/data/upgrade/3.3.4/schema_update.sql b/application/src/main/data/upgrade/3.3.4/schema_update.sql
index d2134bdc48..2b1524fcb3 100644
--- a/application/src/main/data/upgrade/3.3.4/schema_update.sql
+++ b/application/src/main/data/upgrade/3.3.4/schema_update.sql
@@ -18,5 +18,5 @@ CREATE TABLE IF NOT EXISTS user_auth_settings (
     id uuid NOT NULL CONSTRAINT user_auth_settings_pkey PRIMARY KEY,
     created_time bigint NOT NULL,
     user_id uuid UNIQUE NOT NULL CONSTRAINT fk_user_auth_settings_user_id REFERENCES tb_user(id),
-    mfa_account_config varchar
+    two_fa_settings varchar
 );
diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
similarity index 70%
rename from application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java
rename to application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
index f35f7a231a..6eb192b7e2 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthConfigController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
@@ -21,11 +21,13 @@ import com.google.zxing.common.BitMatrix;
 import com.google.zxing.qrcode.QRCodeWriter;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
+import lombok.Data;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -33,20 +35,20 @@ import org.springframework.web.bind.annotation.RestController;
 import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.PlatformTwoFaSettings;
+import org.thingsboard.server.common.data.security.model.mfa.account.AccountTwoFaSettings;
+import org.thingsboard.server.common.data.security.model.mfa.account.TotpTwoFaAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.account.TwoFaAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
 import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
-import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
-import org.thingsboard.server.common.data.security.model.mfa.TwoFactorAuthSettings;
-import org.thingsboard.server.common.data.security.model.mfa.account.TotpTwoFactorAuthAccountConfig;
-import org.thingsboard.server.common.data.security.model.mfa.account.TwoFactorAuthAccountConfig;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFaConfigManager;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 import javax.servlet.ServletOutputStream;
 import javax.servlet.http.HttpServletResponse;
 import javax.validation.Valid;
-
 import java.util.Collections;
 import java.util.List;
 import java.util.stream.Collectors;
@@ -57,9 +59,9 @@ import static org.thingsboard.server.controller.ControllerConstants.NEW_LINE;
 @RequestMapping("/api/2fa")
 @TbCoreComponent
 @RequiredArgsConstructor
-public class TwoFactorAuthConfigController extends BaseController {
+public class TwoFaConfigController extends BaseController {
 
-    private final TwoFactorAuthConfigManager twoFactorAuthConfigManager;
+    private final TwoFaConfigManager twoFaConfigManager;
     private final TwoFactorAuthService twoFactorAuthService;
 
 
@@ -71,27 +73,17 @@ public class TwoFactorAuthConfigController extends BaseController {
                     "```\n{\n" +
                     "  \"providerType\": \"TOTP\",\n" +
                     "  \"authUrl\": \"otpauth://totp/ThingsBoard:tenant@thingsboard.org?issuer=ThingsBoard&secret=FUNBIM3CXFNNGQR6ZIPVWHP65PPFWDII\"\n" +
-                        "}\n```" + NEW_LINE +
+                    "}\n```" + NEW_LINE +
                     "Response example for SMS 2FA: " + NEW_LINE +
                     "```\n{\n" +
                     "  \"providerType\": \"SMS\",\n" +
                     "  \"phoneNumber\": \"+380505005050\"\n" +
                     "}\n```")
-    @GetMapping("/account/config")
+    @GetMapping("/account/settings")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
-    public TwoFactorAuthAccountConfig getTwoFaAccountConfig() throws ThingsboardException {
+    public AccountTwoFaSettings getAccountTwoFaSettings() throws ThingsboardException {
         SecurityUser user = getCurrentUser();
-        return twoFactorAuthConfigManager.getTwoFaAccountConfig(user.getTenantId(), user.getId()).orElse(null);
-    }
-
-
-    @GetMapping("/providers")
-    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
-    public List<TwoFactorAuthProviderType> getAvailableTwoFaProviders() throws ThingsboardException {
-        return twoFactorAuthConfigManager.getTwoFaSettings(getTenantId(), true)
-                .map(TwoFactorAuthSettings::getProviders).orElse(Collections.emptyList()).stream()
-                .map(TwoFactorAuthProviderConfig::getProviderType)
-                .collect(Collectors.toList());
+        return twoFaConfigManager.getAccountTwoFaSettings(user.getTenantId(), user.getId()).orElse(null);
     }
 
 
@@ -116,19 +108,19 @@ public class TwoFactorAuthConfigController extends BaseController {
                     "}\n```")
     @PostMapping("/account/config/generate")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
-    public TwoFactorAuthAccountConfig generateTwoFaAccountConfig(@ApiParam(value = "2FA provider type to generate new account config for", defaultValue = "TOTP", required = true)
-                                                                 @RequestParam TwoFactorAuthProviderType providerType) throws Exception {
+    public TwoFaAccountConfig generateTwoFaAccountConfig(@ApiParam(value = "2FA provider type to generate new account config for", defaultValue = "TOTP", required = true)
+                                                         @RequestParam TwoFaProviderType providerType) throws Exception {
         SecurityUser user = getCurrentUser();
         return twoFactorAuthService.generateNewAccountConfig(user, providerType);
     }
 
     /* TMP */
-    @PostMapping("/account/config/generate/qr")
+    @PostMapping("/account/config/tmp/generate/qr")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
-    public void generateTwoFaAccountConfigWithQr(@RequestParam TwoFactorAuthProviderType providerType, HttpServletResponse response) throws Exception {
-        TwoFactorAuthAccountConfig config = generateTwoFaAccountConfig(providerType);
-        if (providerType == TwoFactorAuthProviderType.TOTP) {
-            BitMatrix qr = new QRCodeWriter().encode(((TotpTwoFactorAuthAccountConfig) config).getAuthUrl(), BarcodeFormat.QR_CODE, 200, 200);
+    public void generateTwoFaAccountConfigWithQr(@RequestParam TwoFaProviderType providerType, HttpServletResponse response) throws Exception {
+        TwoFaAccountConfig config = generateTwoFaAccountConfig(providerType);
+        if (providerType == TwoFaProviderType.TOTP) {
+            BitMatrix qr = new QRCodeWriter().encode(((TotpTwoFaAccountConfig) config).getAuthUrl(), BarcodeFormat.QR_CODE, 200, 200);
             try (ServletOutputStream outputStream = response.getOutputStream()) {
                 MatrixToImageWriter.writeToStream(qr, "PNG", outputStream);
             }
@@ -148,7 +140,7 @@ public class TwoFactorAuthConfigController extends BaseController {
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
     public void submitTwoFaAccountConfig(@ApiParam(value = "2FA account config value. For TOTP 2FA config, authUrl value must not be blank and must match specific pattern. " +
             "For SMS 2FA, phoneNumber property must not be blank and must be of E.164 phone number format.", required = true)
-                                         @Valid @RequestBody TwoFactorAuthAccountConfig accountConfig) throws Exception {
+                                         @Valid @RequestBody TwoFaAccountConfig accountConfig) throws Exception {
         SecurityUser user = getCurrentUser();
         twoFactorAuthService.prepareVerificationCode(user, accountConfig, false);
     }
@@ -160,36 +152,57 @@ public class TwoFactorAuthConfigController extends BaseController {
                     ControllerConstants.AVAILABLE_FOR_ANY_AUTHORIZED_USER)
     @PostMapping("/account/config")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
-    public void verifyAndSaveTwoFaAccountConfig(@ApiParam(value = "2FA account config to save. Validation rules are the same as in submitTwoFaAccountConfig API method", required = true)
-                                                @Valid @RequestBody TwoFactorAuthAccountConfig accountConfig,
-                                                @ApiParam(value = "6-digit code from an authenticator app in case of TOTP 2FA, or the one sent via an SMS message in case of SMS 2FA", required = true)
-                                                @RequestParam String verificationCode) throws Exception {
+    public AccountTwoFaSettings verifyAndSaveTwoFaAccountConfig(@ApiParam(value = "2FA account config to save. Validation rules are the same as in submitTwoFaAccountConfig API method", required = true)
+                                                                @Valid @RequestBody TwoFaAccountConfig accountConfig,
+                                                                @ApiParam(value = "6-digit code from an authenticator app in case of TOTP 2FA, or the one sent via an SMS message in case of SMS 2FA", required = true)
+                                                                @RequestParam String verificationCode) throws Exception {
         SecurityUser user = getCurrentUser();
         boolean verificationSuccess = twoFactorAuthService.checkVerificationCode(user, verificationCode, accountConfig, false);
         if (verificationSuccess) {
-            twoFactorAuthConfigManager.saveTwoFaAccountConfig(user.getTenantId(), user.getId(), accountConfig);
+            return twoFaConfigManager.saveTwoFaAccountConfig(user.getTenantId(), user.getId(), accountConfig);
         } else {
             throw new ThingsboardException("Verification code is incorrect", ThingsboardErrorCode.INVALID_ARGUMENTS);
         }
     }
 
+    @PutMapping("/account/config")
+    public AccountTwoFaSettings updateTwoFaAccountConfig(@RequestParam TwoFaProviderType providerType,
+                                                         @RequestBody TwoFaAccountConfigUpdateRequest updateRequest) throws ThingsboardException {
+        SecurityUser user = getCurrentUser();
+        TwoFaAccountConfig accountConfig = twoFaConfigManager.getTwoFaAccountConfig(user.getTenantId(), user.getId(), providerType)
+                .orElseThrow(() -> new IllegalArgumentException("No 2FA config for provider " + providerType));
+
+        accountConfig.setUseByDefault(updateRequest.isUseByDefault());
+        return twoFaConfigManager.saveTwoFaAccountConfig(user.getTenantId(), user.getId(), accountConfig);
+    }
+
     @ApiOperation(value = "Delete 2FA account config (deleteTwoFaAccountConfig)",
             notes = "Delete user's 2FA config. " + ControllerConstants.AVAILABLE_FOR_ANY_AUTHORIZED_USER)
     @DeleteMapping("/account/config")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
-    public void deleteTwoFaAccountConfig() throws ThingsboardException {
+    public AccountTwoFaSettings deleteTwoFaAccountConfig(@RequestParam TwoFaProviderType providerType) throws ThingsboardException {
         SecurityUser user = getCurrentUser();
-        twoFactorAuthConfigManager.deleteTwoFaAccountConfig(user.getTenantId(), user.getId());
+        return twoFaConfigManager.deleteTwoFaAccountConfig(user.getTenantId(), user.getId(), providerType);
+    }
+
+
+    @GetMapping("/providers")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
+    public List<TwoFaProviderType> getAvailableTwoFaProviders() throws ThingsboardException {
+        return twoFaConfigManager.getPlatformTwoFaSettings(getTenantId(), true)
+                .map(PlatformTwoFaSettings::getProviders).orElse(Collections.emptyList()).stream()
+                .map(TwoFaProviderConfig::getProviderType)
+                .collect(Collectors.toList());
     }
 
 
-    @ApiOperation(value = "Get 2FA settings (getTwoFaSettings)",
+    @ApiOperation(value = "Get 2FA settings (getTwoFaSettings)", // FIXME [viacheslav]
             notes = "Get settings for 2FA. If 2FA is not configured, then an empty response will be returned." +
                     ControllerConstants.SYSTEM_OR_TENANT_AUTHORITY_PARAGRAPH)
     @GetMapping("/settings")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
-    public TwoFactorAuthSettings getTwoFaSettings() throws ThingsboardException {
-        return twoFactorAuthConfigManager.getTwoFaSettings(getTenantId(), false).orElse(null);
+    public PlatformTwoFaSettings getPlatformTwoFaSettings() throws ThingsboardException {
+        return twoFaConfigManager.getPlatformTwoFaSettings(getTenantId(), false).orElse(null);
     }
 
     @ApiOperation(value = "Save 2FA settings (saveTwoFaSettings)",
@@ -198,9 +211,15 @@ public class TwoFactorAuthConfigController extends BaseController {
                     ControllerConstants.SYSTEM_OR_TENANT_AUTHORITY_PARAGRAPH)
     @PostMapping("/settings")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
-    public void saveTwoFaSettings(@ApiParam(value = "Settings value", required = true)
-                                  @RequestBody TwoFactorAuthSettings twoFaSettings) throws ThingsboardException {
-        twoFactorAuthConfigManager.saveTwoFaSettings(getTenantId(), twoFaSettings);
+    public void savePlatformTwoFaSettings(@ApiParam(value = "Settings value", required = true)
+                                          @RequestBody PlatformTwoFaSettings twoFaSettings) throws ThingsboardException {
+        twoFaConfigManager.savePlatformTwoFaSettings(getTenantId(), twoFaSettings);
+    }
+
+
+    @Data
+    public static class TwoFaAccountConfigUpdateRequest {
+        private boolean useByDefault;
     }
 
 }
diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
index 2a74d565b5..a1fe5a7cfc 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@@ -17,6 +17,9 @@ package org.thingsboard.server.controller;
 
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -30,9 +33,8 @@ import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
-import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
-import org.thingsboard.server.common.data.security.model.mfa.account.TwoFactorAuthAccountConfig;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFaConfigManager;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
 import org.thingsboard.server.service.security.auth.rest.RestAuthenticationDetails;
 import org.thingsboard.server.service.security.model.JwtTokenPair;
 import org.thingsboard.server.service.security.model.SecurityUser;
@@ -41,6 +43,10 @@ import org.thingsboard.server.service.security.system.SystemSecurityService;
 
 import javax.servlet.http.HttpServletRequest;
 
+import java.util.Collections;
+import java.util.List;
+import java.util.stream.Collectors;
+
 import static org.thingsboard.server.controller.ControllerConstants.NEW_LINE;
 
 @RestController
@@ -50,7 +56,7 @@ import static org.thingsboard.server.controller.ControllerConstants.NEW_LINE;
 public class TwoFactorAuthController extends BaseController {
 
     private final TwoFactorAuthService twoFactorAuthService;
-    private final TwoFactorAuthConfigManager twoFactorAuthConfigManager;
+    private final TwoFaConfigManager twoFaConfigManager;
     private final JwtTokenFactory tokenFactory;
     private final SystemSecurityService systemSecurityService;
     private final UserService userService;
@@ -65,9 +71,9 @@ public class TwoFactorAuthController extends BaseController {
                     "and Too Many Requests error if rate limits are exceeded.")
     @PostMapping("/verification/send")
     @PreAuthorize("hasAuthority('PRE_VERIFICATION_TOKEN')")
-    public void requestTwoFaVerificationCode() throws Exception {
+    public void requestTwoFaVerificationCode(@RequestParam TwoFaProviderType providerType) throws Exception {
         SecurityUser user = getCurrentUser();
-        twoFactorAuthService.prepareVerificationCode(user, true);
+        twoFactorAuthService.prepareVerificationCode(user, providerType, true);
     }
 
     @ApiOperation(value = "Check 2FA verification code (checkTwoFaVerificationCode)",
@@ -79,9 +85,10 @@ public class TwoFactorAuthController extends BaseController {
     @PostMapping("/verification/check")
     @PreAuthorize("hasAuthority('PRE_VERIFICATION_TOKEN')")
     public JwtTokenPair checkTwoFaVerificationCode(@ApiParam(value = "6-digit verification code", required = true)
+                                                   @RequestParam TwoFaProviderType providerType,
                                                    @RequestParam String verificationCode, HttpServletRequest servletRequest) throws Exception {
         SecurityUser user = getCurrentUser();
-        boolean verificationSuccess = twoFactorAuthService.checkVerificationCode(user, verificationCode, true);
+        boolean verificationSuccess = twoFactorAuthService.checkVerificationCode(user, providerType, verificationCode, true);
         if (verificationSuccess) {
             systemSecurityService.logLoginAction(user, new RestAuthenticationDetails(servletRequest), ActionType.LOGIN, null);
             user = new SecurityUser(userService.findUserById(user.getTenantId(), user.getId()), true, user.getUserPrincipal());
@@ -93,13 +100,26 @@ public class TwoFactorAuthController extends BaseController {
         }
     }
 
-    @ApiOperation(value = "Get currently used 2FA provider type (getCurrentlyUsedTwoFaProviderType)")
-    @GetMapping("/provider/type")
+
+    @GetMapping("/providers")
     @PreAuthorize("hasAuthority('PRE_VERIFICATION_TOKEN')")
-    public TwoFactorAuthProviderType getCurrentlyUsedTwoFaProviderType() throws ThingsboardException {
+    public List<TwoFaProviderInfo> getAvailableTwoFaProviders() throws ThingsboardException {
         SecurityUser user = getCurrentUser();
-        return twoFactorAuthConfigManager.getTwoFaAccountConfig(user.getTenantId(), user.getId())
-                .map(TwoFactorAuthAccountConfig::getProviderType).orElse(null);
+        return twoFaConfigManager.getAccountTwoFaSettings(user.getTenantId(), user.getId())
+                .map(settings -> settings.getConfigs().values()).orElse(Collections.emptyList())
+                .stream().map(config -> TwoFaProviderInfo.builder()
+                        .type(config.getProviderType())
+                        .isDefault(config.isUseByDefault())
+                        .build())
+                .collect(Collectors.toList());
+    }
+
+    @Data
+    @AllArgsConstructor
+    @Builder
+    public static class TwoFaProviderInfo {
+        private TwoFaProviderType type;
+        private boolean isDefault;
     }
 
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
index 9b2b0b90bd..fd4f16ccdb 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
@@ -25,15 +25,15 @@ import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.id.UserId;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
 import org.thingsboard.server.common.msg.tools.TbRateLimits;
 import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.queue.util.TbCoreComponent;
-import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
-import org.thingsboard.server.common.data.security.model.mfa.TwoFactorAuthSettings;
-import org.thingsboard.server.common.data.security.model.mfa.account.TwoFactorAuthAccountConfig;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderConfig;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProvider;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFaConfigManager;
+import org.thingsboard.server.common.data.security.model.mfa.PlatformTwoFaSettings;
+import org.thingsboard.server.common.data.security.model.mfa.account.TwoFaAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderConfig;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFaProvider;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.system.SystemSecurityService;
 
@@ -49,117 +49,129 @@ import java.util.concurrent.ConcurrentMap;
 @TbCoreComponent
 public class DefaultTwoFactorAuthService implements TwoFactorAuthService {
 
-    private final TwoFactorAuthConfigManager configManager;
+    private final TwoFaConfigManager configManager;
     private final SystemSecurityService systemSecurityService;
     private final UserService userService;
-    private final Map<TwoFactorAuthProviderType, TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig>> providers = new EnumMap<>(TwoFactorAuthProviderType.class);
-
-    // TODO [viacheslav]: these rate limits are local, and will work bad in the cluster
-    private final ConcurrentMap<UserId, TbRateLimits> verificationCodeSendingRateLimits = new ConcurrentHashMap<>();
-    private final ConcurrentMap<UserId, TbRateLimits> verificationCodeCheckingRateLimits = new ConcurrentHashMap<>();
+    private final Map<TwoFaProviderType, TwoFaProvider<TwoFaProviderConfig, TwoFaAccountConfig>> providers = new EnumMap<>(TwoFaProviderType.class);
 
     private static final ThingsboardException ACCOUNT_NOT_CONFIGURED_ERROR = new ThingsboardException("2FA is not configured for account", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
     private static final ThingsboardException PROVIDER_NOT_CONFIGURED_ERROR = new ThingsboardException("2FA provider is not configured", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
     private static final ThingsboardException PROVIDER_NOT_AVAILABLE_ERROR = new ThingsboardException("2FA provider is not available", ThingsboardErrorCode.GENERAL);
 
+    private final ConcurrentMap<UserId, ConcurrentMap<TwoFaProviderType, TbRateLimits>> verificationCodeSendingRateLimits = new ConcurrentHashMap<>();
+    private final ConcurrentMap<UserId, ConcurrentMap<TwoFaProviderType, TbRateLimits>> verificationCodeCheckingRateLimits = new ConcurrentHashMap<>();
+
+    @Override
+    public boolean isTwoFaEnabled(TenantId tenantId, UserId userId) {
+        return configManager.getAccountTwoFaSettings(tenantId, userId)
+                .map(settings -> !settings.getConfigs().isEmpty())
+                .orElse(false);
+    }
+
 
     @Override
-    public void prepareVerificationCode(SecurityUser securityUser, boolean checkLimits) throws Exception {
-        TwoFactorAuthAccountConfig accountConfig = configManager.getTwoFaAccountConfig(securityUser.getTenantId(), securityUser.getId())
+    public void prepareVerificationCode(SecurityUser user, TwoFaProviderType providerType, boolean checkLimits) throws Exception {
+        TwoFaAccountConfig accountConfig = configManager.getTwoFaAccountConfig(user.getTenantId(), user.getId(), providerType)
                 .orElseThrow(() -> ACCOUNT_NOT_CONFIGURED_ERROR);
-        prepareVerificationCode(securityUser, accountConfig, checkLimits);
+        prepareVerificationCode(user, accountConfig, checkLimits);
     }
 
     @Override
-    public void prepareVerificationCode(SecurityUser securityUser, TwoFactorAuthAccountConfig accountConfig, boolean checkLimits) throws ThingsboardException {
-        TwoFactorAuthSettings twoFaSettings = configManager.getTwoFaSettings(securityUser.getTenantId(), true)
+    public void prepareVerificationCode(SecurityUser user, TwoFaAccountConfig accountConfig, boolean checkLimits) throws ThingsboardException {
+        PlatformTwoFaSettings twoFaSettings = configManager.getPlatformTwoFaSettings(user.getTenantId(), true)
                 .orElseThrow(() -> PROVIDER_NOT_CONFIGURED_ERROR);
         if (checkLimits) {
-            if (StringUtils.isNotEmpty(twoFaSettings.getVerificationCodeSendRateLimit())) {
-                TbRateLimits rateLimits = verificationCodeSendingRateLimits.computeIfAbsent(securityUser.getId(), sessionId -> {
-                    return new TbRateLimits(twoFaSettings.getVerificationCodeSendRateLimit(), true);
-                });
-                if (!rateLimits.tryConsume()) {
-                    throw new ThingsboardException("Too many verification code sending requests", ThingsboardErrorCode.TOO_MANY_REQUESTS);
-                }
-            }
+            checkRateLimits(user.getId(), accountConfig.getProviderType(), twoFaSettings.getVerificationCodeSendRateLimit(), verificationCodeSendingRateLimits);
         }
 
-        TwoFactorAuthProviderConfig providerConfig = twoFaSettings.getProviderConfig(accountConfig.getProviderType())
+        TwoFaProviderConfig providerConfig = twoFaSettings.getProviderConfig(accountConfig.getProviderType())
                 .orElseThrow(() -> PROVIDER_NOT_CONFIGURED_ERROR);
-        getTwoFaProvider(accountConfig.getProviderType()).prepareVerificationCode(securityUser, providerConfig, accountConfig);
+        getTwoFaProvider(accountConfig.getProviderType()).prepareVerificationCode(user, providerConfig, accountConfig);
     }
 
+
     @Override
-    public boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, boolean checkLimits) throws ThingsboardException {
-        TwoFactorAuthAccountConfig accountConfig = configManager.getTwoFaAccountConfig(securityUser.getTenantId(), securityUser.getId())
+    public boolean checkVerificationCode(SecurityUser user, TwoFaProviderType providerType, String verificationCode, boolean checkLimits) throws ThingsboardException {
+        TwoFaAccountConfig accountConfig = configManager.getTwoFaAccountConfig(user.getTenantId(), user.getId(), providerType)
                 .orElseThrow(() -> ACCOUNT_NOT_CONFIGURED_ERROR);
-        return checkVerificationCode(securityUser, verificationCode, accountConfig, checkLimits);
+        return checkVerificationCode(user, verificationCode, accountConfig, checkLimits);
     }
 
     @Override
-    public boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, TwoFactorAuthAccountConfig accountConfig, boolean checkLimits) throws ThingsboardException {
-        if (!userService.findUserCredentialsByUserId(securityUser.getTenantId(), securityUser.getId()).isEnabled()) {
+    public boolean checkVerificationCode(SecurityUser user, String verificationCode, TwoFaAccountConfig accountConfig, boolean checkLimits) throws ThingsboardException {
+        if (!userService.findUserCredentialsByUserId(user.getTenantId(), user.getId()).isEnabled()) {
             throw new ThingsboardException("User is disabled", ThingsboardErrorCode.AUTHENTICATION);
         }
 
-        TwoFactorAuthSettings twoFaSettings = configManager.getTwoFaSettings(securityUser.getTenantId(), true)
+        PlatformTwoFaSettings twoFaSettings = configManager.getPlatformTwoFaSettings(user.getTenantId(), true)
                 .orElseThrow(() -> PROVIDER_NOT_CONFIGURED_ERROR);
         if (checkLimits) {
-            if (StringUtils.isNotEmpty(twoFaSettings.getVerificationCodeCheckRateLimit())) {
-                TbRateLimits rateLimits = verificationCodeCheckingRateLimits.computeIfAbsent(securityUser.getId(), sessionId -> {
-                    return new TbRateLimits(twoFaSettings.getVerificationCodeCheckRateLimit(), true);
-                });
-                if (!rateLimits.tryConsume()) {
-                    throw new ThingsboardException("Too many verification code checking requests", ThingsboardErrorCode.TOO_MANY_REQUESTS);
-                }
-            }
+            checkRateLimits(user.getId(), accountConfig.getProviderType(), twoFaSettings.getVerificationCodeCheckRateLimit(), verificationCodeCheckingRateLimits);
         }
-        TwoFactorAuthProviderConfig providerConfig = twoFaSettings.getProviderConfig(accountConfig.getProviderType())
+        TwoFaProviderConfig providerConfig = twoFaSettings.getProviderConfig(accountConfig.getProviderType())
                 .orElseThrow(() -> PROVIDER_NOT_CONFIGURED_ERROR);
 
         boolean verificationSuccess;
         if (StringUtils.isNumeric(verificationCode) && verificationCode.length() == 6) {
-            verificationSuccess = getTwoFaProvider(accountConfig.getProviderType()).checkVerificationCode(securityUser, verificationCode, providerConfig, accountConfig);
+            verificationSuccess = getTwoFaProvider(accountConfig.getProviderType()).checkVerificationCode(user, verificationCode, providerConfig, accountConfig);
         } else {
             verificationSuccess = false;
         }
         if (checkLimits) {
             try {
-                systemSecurityService.validateTwoFaVerification(securityUser, verificationSuccess, twoFaSettings);
+                systemSecurityService.validateTwoFaVerification(user, verificationSuccess, twoFaSettings);
             } catch (LockedException e) {
-                verificationCodeCheckingRateLimits.remove(securityUser.getId());
-                verificationCodeSendingRateLimits.remove(securityUser.getId());
+                verificationCodeCheckingRateLimits.remove(user.getId());
+                verificationCodeSendingRateLimits.remove(user.getId());
                 throw new ThingsboardException(e.getMessage(), ThingsboardErrorCode.AUTHENTICATION);
             }
             if (verificationSuccess) {
-                verificationCodeCheckingRateLimits.remove(securityUser.getId());
-                verificationCodeSendingRateLimits.remove(securityUser.getId());
+                verificationCodeCheckingRateLimits.remove(user.getId());
+                verificationCodeSendingRateLimits.remove(user.getId());
             }
         }
         return verificationSuccess;
     }
 
+    private void checkRateLimits(UserId userId, TwoFaProviderType providerType, String rateLimitConfig,
+                                 ConcurrentMap<UserId, ConcurrentMap<TwoFaProviderType, TbRateLimits>> rateLimits) throws ThingsboardException {
+        if (StringUtils.isNotEmpty(rateLimitConfig)) {
+            ConcurrentMap<TwoFaProviderType, TbRateLimits> providersRateLimits = rateLimits.computeIfAbsent(userId, i -> new ConcurrentHashMap<>());
+
+            TbRateLimits rateLimit = providersRateLimits.get(providerType);
+            if (rateLimit == null || !rateLimit.getConfig().equals(rateLimitConfig)) {
+                rateLimit = new TbRateLimits(rateLimitConfig, true);
+                providersRateLimits.put(providerType, rateLimit);
+            }
+            if (!rateLimit.tryConsume()) {
+                throw new ThingsboardException("Too many requests", ThingsboardErrorCode.TOO_MANY_REQUESTS);
+            }
+        } else {
+            rateLimits.remove(userId);
+        }
+    }
+
+
     @Override
-    public TwoFactorAuthAccountConfig generateNewAccountConfig(User user, TwoFactorAuthProviderType providerType) throws ThingsboardException {
-        TwoFactorAuthProviderConfig providerConfig = getTwoFaProviderConfig(user.getTenantId(), providerType);
+    public TwoFaAccountConfig generateNewAccountConfig(User user, TwoFaProviderType providerType) throws ThingsboardException {
+        TwoFaProviderConfig providerConfig = getTwoFaProviderConfig(user.getTenantId(), providerType);
         return getTwoFaProvider(providerType).generateNewAccountConfig(user, providerConfig);
     }
 
 
-    private TwoFactorAuthProviderConfig getTwoFaProviderConfig(TenantId tenantId, TwoFactorAuthProviderType providerType) throws ThingsboardException {
-        return configManager.getTwoFaSettings(tenantId, true)
+    private TwoFaProviderConfig getTwoFaProviderConfig(TenantId tenantId, TwoFaProviderType providerType) throws ThingsboardException {
+        return configManager.getPlatformTwoFaSettings(tenantId, true)
                 .flatMap(twoFaSettings -> twoFaSettings.getProviderConfig(providerType))
                 .orElseThrow(() -> PROVIDER_NOT_CONFIGURED_ERROR);
     }
 
-    private TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig> getTwoFaProvider(TwoFactorAuthProviderType providerType) throws ThingsboardException {
+    private TwoFaProvider<TwoFaProviderConfig, TwoFaAccountConfig> getTwoFaProvider(TwoFaProviderType providerType) throws ThingsboardException {
         return Optional.ofNullable(providers.get(providerType))
                 .orElseThrow(() -> PROVIDER_NOT_AVAILABLE_ERROR);
     }
 
     @Autowired
-    private void setProviders(Collection<TwoFactorAuthProvider> providers) {
+    private void setProviders(Collection<TwoFaProvider> providers) {
         providers.forEach(provider -> {
             this.providers.put(provider.getType(), provider);
         });
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
index d84236cfb5..b959f94acb 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
@@ -17,20 +17,27 @@ package org.thingsboard.server.service.security.auth.mfa;
 
 import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
-import org.thingsboard.server.common.data.security.model.mfa.account.TwoFactorAuthAccountConfig;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.common.data.id.TenantId;
+import org.thingsboard.server.common.data.id.UserId;
+import org.thingsboard.server.common.data.security.model.mfa.account.TwoFaAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 public interface TwoFactorAuthService {
 
-    void prepareVerificationCode(SecurityUser securityUser, boolean checkLimits) throws Exception;
+    boolean isTwoFaEnabled(TenantId tenantId, UserId userId);
 
-    void prepareVerificationCode(SecurityUser securityUser, TwoFactorAuthAccountConfig accountConfig, boolean checkLimits) throws ThingsboardException;
 
-    boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, boolean checkLimits) throws ThingsboardException;
+    void prepareVerificationCode(SecurityUser user, TwoFaProviderType providerType, boolean checkLimits) throws Exception;
 
-    boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, TwoFactorAuthAccountConfig accountConfig, boolean checkLimits) throws ThingsboardException;
+    void prepareVerificationCode(SecurityUser user, TwoFaAccountConfig accountConfig, boolean checkLimits) throws ThingsboardException;
 
-    TwoFactorAuthAccountConfig generateNewAccountConfig(User user, TwoFactorAuthProviderType providerType) throws ThingsboardException;
+
+    boolean checkVerificationCode(SecurityUser user, TwoFaProviderType providerType, String verificationCode, boolean checkLimits) throws ThingsboardException;
+
+    boolean checkVerificationCode(SecurityUser user, String verificationCode, TwoFaAccountConfig accountConfig, boolean checkLimits) throws ThingsboardException;
+
+
+    TwoFaAccountConfig generateNewAccountConfig(User user, TwoFaProviderType providerType) throws ThingsboardException;
 
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFactorAuthConfigManager.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java
similarity index 62%
rename from application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFactorAuthConfigManager.java
rename to application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java
index a74b8374af..9f9b4e4b0a 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFactorAuthConfigManager.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java
@@ -21,17 +21,16 @@ import org.springframework.stereotype.Service;
 import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.server.common.data.AdminSettings;
 import org.thingsboard.server.common.data.DataConstants;
-import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
-import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.kv.BaseAttributeKvEntry;
 import org.thingsboard.server.common.data.kv.JsonDataEntry;
 import org.thingsboard.server.common.data.security.UserAuthSettings;
-import org.thingsboard.server.common.data.security.model.mfa.TwoFactorAuthSettings;
-import org.thingsboard.server.common.data.security.model.mfa.account.TwoFactorAuthAccountConfig;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderConfig;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.common.data.security.model.mfa.PlatformTwoFaSettings;
+import org.thingsboard.server.common.data.security.model.mfa.account.AccountTwoFaSettings;
+import org.thingsboard.server.common.data.security.model.mfa.account.TwoFaAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
 import org.thingsboard.server.dao.attributes.AttributesService;
 import org.thingsboard.server.dao.service.ConstraintValidator;
 import org.thingsboard.server.dao.settings.AdminSettingsDao;
@@ -39,12 +38,15 @@ import org.thingsboard.server.dao.settings.AdminSettingsService;
 import org.thingsboard.server.dao.user.UserAuthSettingsDao;
 
 import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.Map;
 import java.util.Optional;
 import java.util.concurrent.ExecutionException;
+import java.util.function.Consumer;
 
 @Service
 @RequiredArgsConstructor
-public class DefaultTwoFactorAuthConfigManager implements TwoFactorAuthConfigManager {
+public class DefaultTwoFaConfigManager implements TwoFaConfigManager {
 
     private final UserAuthSettingsDao userAuthSettingsDao;
     private final AdminSettingsService adminSettingsService;
@@ -55,60 +57,77 @@ public class DefaultTwoFactorAuthConfigManager implements TwoFactorAuthConfigMan
 
 
     @Override
-    public boolean isTwoFaEnabled(TenantId tenantId, UserId userId) {
-        return getTwoFaAccountConfig(tenantId, userId).isPresent();
+    public Optional<AccountTwoFaSettings> getAccountTwoFaSettings(TenantId tenantId, UserId userId) {
+        return Optional.ofNullable(userAuthSettingsDao.findByUserId(userId))
+                .flatMap(userAuthSettings -> Optional.ofNullable(userAuthSettings.getTwoFaSettings()))
+                .map(twoFaSettings -> {
+                    twoFaSettings.getConfigs().keySet().removeIf(providerType -> {
+                        return getTwoFaProviderConfig(tenantId, providerType).isEmpty();
+                    });
+                    return twoFaSettings;
+                });
     }
 
     @Override
-    public Optional<TwoFactorAuthAccountConfig> getTwoFaAccountConfig(TenantId tenantId, UserId userId) {
-        return Optional.ofNullable(userAuthSettingsDao.findByUserId(userId))
-                .flatMap(userAuthSettings -> Optional.ofNullable(userAuthSettings.getTwoFaAccountConfig()))
-                .filter(twoFaAccountConfig -> getTwoFaProviderConfig(tenantId, twoFaAccountConfig.getProviderType()).isPresent());
+    public Optional<TwoFaAccountConfig> getTwoFaAccountConfig(TenantId tenantId, UserId userId, TwoFaProviderType providerType) {
+        return getAccountTwoFaSettings(tenantId, userId)
+                .map(AccountTwoFaSettings::getConfigs)
+                .flatMap(configs -> Optional.ofNullable(configs.get(providerType)));
     }
 
     @Override
-    public void saveTwoFaAccountConfig(TenantId tenantId, UserId userId, TwoFactorAuthAccountConfig accountConfig) throws ThingsboardException {
+    public AccountTwoFaSettings saveTwoFaAccountConfig(TenantId tenantId, UserId userId, TwoFaAccountConfig accountConfig) {
         getTwoFaProviderConfig(tenantId, accountConfig.getProviderType())
-                .orElseThrow(() -> new ThingsboardException("2FA provider is not configured", ThingsboardErrorCode.BAD_REQUEST_PARAMS));
+                .orElseThrow(() -> new IllegalArgumentException("2FA provider is not configured"));
+
+        return createOrUpdateAccountTwoFaSettings(tenantId, userId, accountTwoFaSettings -> {
+            Map<TwoFaProviderType, TwoFaAccountConfig> configs = accountTwoFaSettings.getConfigs();
+            configs.put(accountConfig.getProviderType(), accountConfig);
+        });
+    }
+
+    @Override
+    public AccountTwoFaSettings deleteTwoFaAccountConfig(TenantId tenantId, UserId userId, TwoFaProviderType providerType) {
+        return createOrUpdateAccountTwoFaSettings(tenantId, userId, accountTwoFaSettings -> {
+            accountTwoFaSettings.getConfigs().keySet().removeIf(providerType::equals);
+        });
+    }
 
+    private AccountTwoFaSettings createOrUpdateAccountTwoFaSettings(TenantId tenantId, UserId userId, Consumer<AccountTwoFaSettings> updater) {
         UserAuthSettings userAuthSettings = Optional.ofNullable(userAuthSettingsDao.findByUserId(userId))
                 .orElseGet(() -> {
                     UserAuthSettings newUserAuthSettings = new UserAuthSettings();
                     newUserAuthSettings.setUserId(userId);
+
+                    AccountTwoFaSettings newAccountTwoFaSettings = new AccountTwoFaSettings();
+                    newAccountTwoFaSettings.setConfigs(new LinkedHashMap<>());
+                    newUserAuthSettings.setTwoFaSettings(newAccountTwoFaSettings);
                     return newUserAuthSettings;
                 });
-        userAuthSettings.setTwoFaAccountConfig(accountConfig);
+        updater.accept(userAuthSettings.getTwoFaSettings());
         userAuthSettingsDao.save(tenantId, userAuthSettings);
-    }
-
-    @Override
-    public void deleteTwoFaAccountConfig(TenantId tenantId, UserId userId) {
-        Optional.ofNullable(userAuthSettingsDao.findByUserId(userId))
-                .ifPresent(userAuthSettings -> {
-                    userAuthSettings.setTwoFaAccountConfig(null);
-                    userAuthSettingsDao.save(tenantId, userAuthSettings);
-                });
+        return userAuthSettings.getTwoFaSettings();
     }
 
 
-    private Optional<TwoFactorAuthProviderConfig> getTwoFaProviderConfig(TenantId tenantId, TwoFactorAuthProviderType providerType) {
-        return getTwoFaSettings(tenantId, true)
+    private Optional<TwoFaProviderConfig> getTwoFaProviderConfig(TenantId tenantId, TwoFaProviderType providerType) {
+        return getPlatformTwoFaSettings(tenantId, true)
                 .flatMap(twoFaSettings -> twoFaSettings.getProviderConfig(providerType));
     }
 
     @SneakyThrows({InterruptedException.class, ExecutionException.class})
     @Override
-    public Optional<TwoFactorAuthSettings> getTwoFaSettings(TenantId tenantId, boolean sysadminSettingsAsDefault) {
+    public Optional<PlatformTwoFaSettings> getPlatformTwoFaSettings(TenantId tenantId, boolean sysadminSettingsAsDefault) {
         if (tenantId.equals(TenantId.SYS_TENANT_ID)) {
             return Optional.ofNullable(adminSettingsService.findAdminSettingsByKey(TenantId.SYS_TENANT_ID, TWO_FACTOR_AUTH_SETTINGS_KEY))
-                    .map(adminSettings -> JacksonUtil.treeToValue(adminSettings.getJsonValue(), TwoFactorAuthSettings.class));
+                    .map(adminSettings -> JacksonUtil.treeToValue(adminSettings.getJsonValue(), PlatformTwoFaSettings.class));
         } else {
-            Optional<TwoFactorAuthSettings> tenantTwoFaSettings = attributesService.find(TenantId.SYS_TENANT_ID, tenantId,
-                    DataConstants.SERVER_SCOPE, TWO_FACTOR_AUTH_SETTINGS_KEY).get()
-                    .map(adminSettingsAttribute -> JacksonUtil.fromString(adminSettingsAttribute.getJsonValue().get(), TwoFactorAuthSettings.class));
+            Optional<PlatformTwoFaSettings> tenantTwoFaSettings = attributesService.find(TenantId.SYS_TENANT_ID, tenantId,
+                            DataConstants.SERVER_SCOPE, TWO_FACTOR_AUTH_SETTINGS_KEY).get()
+                    .map(adminSettingsAttribute -> JacksonUtil.fromString(adminSettingsAttribute.getJsonValue().get(), PlatformTwoFaSettings.class));
             if (sysadminSettingsAsDefault) {
                 if (tenantTwoFaSettings.isEmpty() || tenantTwoFaSettings.get().isUseSystemTwoFactorAuthSettings()) {
-                    return getTwoFaSettings(TenantId.SYS_TENANT_ID, false);
+                    return getPlatformTwoFaSettings(TenantId.SYS_TENANT_ID, false);
                 }
             }
             return tenantTwoFaSettings;
@@ -117,7 +136,7 @@ public class DefaultTwoFactorAuthConfigManager implements TwoFactorAuthConfigMan
 
     @SneakyThrows({InterruptedException.class, ExecutionException.class})
     @Override
-    public void saveTwoFaSettings(TenantId tenantId, TwoFactorAuthSettings twoFactorAuthSettings) {
+    public void savePlatformTwoFaSettings(TenantId tenantId, PlatformTwoFaSettings twoFactorAuthSettings) {
         if (tenantId.equals(TenantId.SYS_TENANT_ID) || !twoFactorAuthSettings.isUseSystemTwoFactorAuthSettings()) {
             ConstraintValidator.validateFields(twoFactorAuthSettings);
         }
@@ -139,7 +158,7 @@ public class DefaultTwoFactorAuthConfigManager implements TwoFactorAuthConfigMan
 
     @SneakyThrows({InterruptedException.class, ExecutionException.class})
     @Override
-    public void deleteTwoFaSettings(TenantId tenantId) {
+    public void deletePlatformTwoFaSettings(TenantId tenantId) {
         if (tenantId.equals(TenantId.SYS_TENANT_ID)) {
             Optional.ofNullable(adminSettingsService.findAdminSettingsByKey(tenantId, TWO_FACTOR_AUTH_SETTINGS_KEY))
                     .ifPresent(adminSettings -> adminSettingsDao.removeById(tenantId, adminSettings.getId().getId()));
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFaConfigManager.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFaConfigManager.java
new file mode 100644
index 0000000000..b0073338b7
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFaConfigManager.java
@@ -0,0 +1,45 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.mfa.config;
+
+import org.thingsboard.server.common.data.id.TenantId;
+import org.thingsboard.server.common.data.id.UserId;
+import org.thingsboard.server.common.data.security.model.mfa.PlatformTwoFaSettings;
+import org.thingsboard.server.common.data.security.model.mfa.account.AccountTwoFaSettings;
+import org.thingsboard.server.common.data.security.model.mfa.account.TwoFaAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
+
+import java.util.Optional;
+
+public interface TwoFaConfigManager {
+
+
+    Optional<AccountTwoFaSettings> getAccountTwoFaSettings(TenantId tenantId, UserId userId);
+
+    Optional<TwoFaAccountConfig> getTwoFaAccountConfig(TenantId tenantId, UserId userId, TwoFaProviderType providerType);
+
+    AccountTwoFaSettings saveTwoFaAccountConfig(TenantId tenantId, UserId userId, TwoFaAccountConfig accountConfig);
+
+    AccountTwoFaSettings deleteTwoFaAccountConfig(TenantId tenantId, UserId userId, TwoFaProviderType providerType);
+
+
+    Optional<PlatformTwoFaSettings> getPlatformTwoFaSettings(TenantId tenantId, boolean sysadminSettingsAsDefault);
+
+    void savePlatformTwoFaSettings(TenantId tenantId, PlatformTwoFaSettings twoFactorAuthSettings);
+
+    void deletePlatformTwoFaSettings(TenantId tenantId);
+
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthConfigManager.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthConfigManager.java
deleted file mode 100644
index d1c5999e7e..0000000000
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFactorAuthConfigManager.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Copyright © 2016-2022 The Thingsboard Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.thingsboard.server.service.security.auth.mfa.config;
-
-import org.thingsboard.server.common.data.exception.ThingsboardException;
-import org.thingsboard.server.common.data.id.TenantId;
-import org.thingsboard.server.common.data.id.UserId;
-import org.thingsboard.server.common.data.security.model.mfa.TwoFactorAuthSettings;
-import org.thingsboard.server.common.data.security.model.mfa.account.TwoFactorAuthAccountConfig;
-
-import java.util.Optional;
-
-public interface TwoFactorAuthConfigManager {
-
-    boolean isTwoFaEnabled(TenantId tenantId, UserId userId);
-
-    Optional<TwoFactorAuthAccountConfig> getTwoFaAccountConfig(TenantId tenantId, UserId userId);
-
-    void saveTwoFaAccountConfig(TenantId tenantId, UserId userId, TwoFactorAuthAccountConfig accountConfig) throws ThingsboardException;
-
-    void deleteTwoFaAccountConfig(TenantId tenantId, UserId userId);
-
-
-    Optional<TwoFactorAuthSettings> getTwoFaSettings(TenantId tenantId, boolean sysadminSettingsAsDefault);
-
-    void saveTwoFaSettings(TenantId tenantId, TwoFactorAuthSettings twoFactorAuthSettings);
-
-    void deleteTwoFaSettings(TenantId tenantId);
-
-}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFaProvider.java
similarity index 84%
rename from application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProvider.java
rename to application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFaProvider.java
index 6961aeeaec..4d4db92af1 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFactorAuthProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFaProvider.java
@@ -17,12 +17,12 @@ package org.thingsboard.server.service.security.auth.mfa.provider;
 
 import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
-import org.thingsboard.server.common.data.security.model.mfa.account.TwoFactorAuthAccountConfig;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderConfig;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.common.data.security.model.mfa.account.TwoFaAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
-public interface TwoFactorAuthProvider<C extends TwoFactorAuthProviderConfig, A extends TwoFactorAuthAccountConfig> {
+public interface TwoFaProvider<C extends TwoFaProviderConfig, A extends TwoFaAccountConfig> {
 
     A generateNewAccountConfig(User user, C providerConfig);
 
@@ -31,6 +31,6 @@ public interface TwoFactorAuthProvider<C extends TwoFactorAuthProviderConfig, A
     boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, C providerConfig, A accountConfig);
 
 
-    TwoFactorAuthProviderType getType();
+    TwoFaProviderType getType();
 
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFaProvider.java
similarity index 87%
rename from application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java
rename to application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFaProvider.java
index ce03f38230..30f6fe4f50 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFactorAuthProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFaProvider.java
@@ -21,18 +21,18 @@ import org.springframework.cache.Cache;
 import org.springframework.cache.CacheManager;
 import org.thingsboard.server.common.data.CacheConstants;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
-import org.thingsboard.server.common.data.security.model.mfa.account.OtpBasedTwoFactorAuthAccountConfig;
-import org.thingsboard.server.common.data.security.model.mfa.provider.OtpBasedTwoFactorAuthProviderConfig;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProvider;
+import org.thingsboard.server.common.data.security.model.mfa.account.OtpBasedTwoFaAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.OtpBasedTwoFaProviderConfig;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFaProvider;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 import java.util.concurrent.TimeUnit;
 
-public abstract class OtpBasedTwoFactorAuthProvider<C extends OtpBasedTwoFactorAuthProviderConfig, A extends OtpBasedTwoFactorAuthAccountConfig> implements TwoFactorAuthProvider<C, A> {
+public abstract class OtpBasedTwoFaProvider<C extends OtpBasedTwoFaProviderConfig, A extends OtpBasedTwoFaAccountConfig> implements TwoFaProvider<C, A> {
 
     private final Cache verificationCodesCache;
 
-    protected OtpBasedTwoFactorAuthProvider(CacheManager cacheManager) {
+    protected OtpBasedTwoFaProvider(CacheManager cacheManager) {
         this.verificationCodesCache = cacheManager.getCache(CacheConstants.TWO_FA_VERIFICATION_CODES_CACHE);
     }
 
@@ -70,7 +70,7 @@ public abstract class OtpBasedTwoFactorAuthProvider<C extends OtpBasedTwoFactorA
     public static class Otp {
         private final long timestamp;
         private final String value;
-        private final OtpBasedTwoFactorAuthAccountConfig accountConfig;
+        private final OtpBasedTwoFaAccountConfig accountConfig;
     }
 
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFaProvider.java
similarity index 73%
rename from application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java
rename to application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFaProvider.java
index 9044762585..9ab8bb40ec 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFactorAuthProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFaProvider.java
@@ -21,9 +21,9 @@ import org.thingsboard.rule.engine.api.SmsService;
 import org.thingsboard.rule.engine.api.util.TbNodeUtils;
 import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
-import org.thingsboard.server.common.data.security.model.mfa.account.SmsTwoFactorAuthAccountConfig;
-import org.thingsboard.server.common.data.security.model.mfa.provider.SmsTwoFactorAuthProviderConfig;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.common.data.security.model.mfa.account.SmsTwoFaAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.SmsTwoFaProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
 import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
@@ -31,23 +31,23 @@ import java.util.Map;
 
 @Service
 @TbCoreComponent
-public class SmsTwoFactorAuthProvider extends OtpBasedTwoFactorAuthProvider<SmsTwoFactorAuthProviderConfig, SmsTwoFactorAuthAccountConfig> {
+public class SmsTwoFaProvider extends OtpBasedTwoFaProvider<SmsTwoFaProviderConfig, SmsTwoFaAccountConfig> {
 
     private final SmsService smsService;
 
-    public SmsTwoFactorAuthProvider(CacheManager cacheManager, SmsService smsService) {
+    public SmsTwoFaProvider(CacheManager cacheManager, SmsService smsService) {
         super(cacheManager);
         this.smsService = smsService;
     }
 
 
     @Override
-    public SmsTwoFactorAuthAccountConfig generateNewAccountConfig(User user, SmsTwoFactorAuthProviderConfig providerConfig) {
-        return new SmsTwoFactorAuthAccountConfig();
+    public SmsTwoFaAccountConfig generateNewAccountConfig(User user, SmsTwoFaProviderConfig providerConfig) {
+        return new SmsTwoFaAccountConfig();
     }
 
     @Override
-    protected void sendVerificationCode(SecurityUser user, String verificationCode, SmsTwoFactorAuthProviderConfig providerConfig, SmsTwoFactorAuthAccountConfig accountConfig) throws ThingsboardException {
+    protected void sendVerificationCode(SecurityUser user, String verificationCode, SmsTwoFaProviderConfig providerConfig, SmsTwoFaAccountConfig accountConfig) throws ThingsboardException {
         Map<String, String> messageData = Map.of(
                 "verificationCode", verificationCode,
                 "userEmail", user.getEmail()
@@ -60,8 +60,8 @@ public class SmsTwoFactorAuthProvider extends OtpBasedTwoFactorAuthProvider<SmsT
 
 
     @Override
-    public TwoFactorAuthProviderType getType() {
-        return TwoFactorAuthProviderType.SMS;
+    public TwoFaProviderType getType() {
+        return TwoFaProviderType.SMS;
     }
 
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFaProvider.java
similarity index 76%
rename from application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFactorAuthProvider.java
rename to application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFaProvider.java
index 9a30ea1fef..9b251e5b4a 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFactorAuthProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFaProvider.java
@@ -24,34 +24,34 @@ import org.jboss.aerogear.security.otp.api.Base32;
 import org.springframework.stereotype.Service;
 import org.springframework.web.util.UriComponentsBuilder;
 import org.thingsboard.server.common.data.User;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
 import org.thingsboard.server.queue.util.TbCoreComponent;
-import org.thingsboard.server.common.data.security.model.mfa.account.TotpTwoFactorAuthAccountConfig;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TotpTwoFactorAuthProviderConfig;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProvider;
+import org.thingsboard.server.common.data.security.model.mfa.account.TotpTwoFaAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TotpTwoFaProviderConfig;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFaProvider;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 @Service
 @RequiredArgsConstructor
 @TbCoreComponent
-public class TotpTwoFactorAuthProvider implements TwoFactorAuthProvider<TotpTwoFactorAuthProviderConfig, TotpTwoFactorAuthAccountConfig> {
+public class TotpTwoFaProvider implements TwoFaProvider<TotpTwoFaProviderConfig, TotpTwoFaAccountConfig> {
 
     @Override
-    public final TotpTwoFactorAuthAccountConfig generateNewAccountConfig(User user, TotpTwoFactorAuthProviderConfig providerConfig) {
-        TotpTwoFactorAuthAccountConfig config = new TotpTwoFactorAuthAccountConfig();
+    public final TotpTwoFaAccountConfig generateNewAccountConfig(User user, TotpTwoFaProviderConfig providerConfig) {
+        TotpTwoFaAccountConfig config = new TotpTwoFaAccountConfig();
         String secretKey = generateSecretKey();
         config.setAuthUrl(getTotpAuthUrl(user, secretKey, providerConfig));
         return config;
     }
 
     @Override
-    public final boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, TotpTwoFactorAuthProviderConfig providerConfig, TotpTwoFactorAuthAccountConfig accountConfig) {
+    public final boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, TotpTwoFaProviderConfig providerConfig, TotpTwoFaAccountConfig accountConfig) {
         String secretKey = UriComponentsBuilder.fromUriString(accountConfig.getAuthUrl()).build().getQueryParams().getFirst("secret");
         return new Totp(secretKey).verify(verificationCode);
     }
 
     @SneakyThrows
-    private String getTotpAuthUrl(User user, String secretKey, TotpTwoFactorAuthProviderConfig providerConfig) {
+    private String getTotpAuthUrl(User user, String secretKey, TotpTwoFaProviderConfig providerConfig) {
         URIBuilder uri = new URIBuilder()
                 .setScheme("otpauth")
                 .setHost("totp")
@@ -67,8 +67,8 @@ public class TotpTwoFactorAuthProvider implements TwoFactorAuthProvider<TotpTwoF
 
 
     @Override
-    public TwoFactorAuthProviderType getType() {
-        return TwoFactorAuthProviderType.TOTP;
+    public TwoFaProviderType getType() {
+        return TwoFaProviderType.TOTP;
     }
 
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
index 8b0781fa7e..cb12ada559 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
@@ -39,7 +39,7 @@ import org.thingsboard.server.common.data.security.UserCredentials;
 import org.thingsboard.server.dao.customer.CustomerService;
 import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.service.security.auth.MfaAuthenticationToken;
-import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
+import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.UserPrincipal;
 import org.thingsboard.server.service.security.system.SystemSecurityService;
@@ -54,17 +54,17 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
     private final SystemSecurityService systemSecurityService;
     private final UserService userService;
     private final CustomerService customerService;
-    private final TwoFactorAuthConfigManager twoFactorAuthConfigManager;
+    private final TwoFactorAuthService twoFactorAuthService;
 
     @Autowired
     public RestAuthenticationProvider(final UserService userService,
                                       final CustomerService customerService,
                                       final SystemSecurityService systemSecurityService,
-                                      TwoFactorAuthConfigManager twoFactorAuthConfigManager) {
+                                      TwoFactorAuthService twoFactorAuthService) {
         this.userService = userService;
         this.customerService = customerService;
         this.systemSecurityService = systemSecurityService;
-        this.twoFactorAuthConfigManager = twoFactorAuthConfigManager;
+        this.twoFactorAuthService = twoFactorAuthService;
     }
 
     @Override
@@ -82,7 +82,7 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
             String username = userPrincipal.getValue();
             String password = (String) authentication.getCredentials();
             securityUser = authenticateByUsernameAndPassword(authentication, userPrincipal, username, password);
-            if (twoFactorAuthConfigManager.isTwoFaEnabled(securityUser.getTenantId(), securityUser.getId())) {
+            if (twoFactorAuthService.isTwoFaEnabled(securityUser.getTenantId(), securityUser.getId())) {
                 return new MfaAuthenticationToken(securityUser);
             } else {
                 systemSecurityService.logLoginAction(securityUser, authentication.getDetails(), ActionType.LOGIN, null);
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
index c930dfffe9..4ab4069b61 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
@@ -26,7 +26,7 @@ import org.springframework.stereotype.Component;
 import org.thingsboard.server.common.data.security.Authority;
 import org.thingsboard.server.service.security.auth.MfaAuthenticationToken;
 import org.thingsboard.server.service.security.auth.jwt.RefreshTokenRepository;
-import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFaConfigManager;
 import org.thingsboard.server.service.security.model.JwtTokenPair;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
@@ -44,7 +44,7 @@ import java.util.concurrent.TimeUnit;
 public class RestAwareAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
     private final ObjectMapper mapper;
     private final JwtTokenFactory tokenFactory;
-    private final TwoFactorAuthConfigManager twoFactorAuthConfigManager;
+    private final TwoFaConfigManager twoFaConfigManager;
     private final RefreshTokenRepository refreshTokenRepository;
 
     @Override
@@ -54,7 +54,7 @@ public class RestAwareAuthenticationSuccessHandler implements AuthenticationSucc
         JwtTokenPair tokenPair = new JwtTokenPair();
 
         if (authentication instanceof MfaAuthenticationToken) {
-            int preVerificationTokenLifetime = twoFactorAuthConfigManager.getTwoFaSettings(securityUser.getTenantId(), true)
+            int preVerificationTokenLifetime = twoFaConfigManager.getPlatformTwoFaSettings(securityUser.getTenantId(), true)
                     .flatMap(settings -> Optional.ofNullable(settings.getTotalAllowedTimeForVerification())).orElse((int) TimeUnit.MINUTES.toSeconds(30));
             tokenPair.setToken(tokenFactory.createPreVerificationToken(securityUser, preVerificationTokenLifetime).getToken());
             tokenPair.setRefreshToken(null);
diff --git a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
index 82607cf70b..57d009070c 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
@@ -54,7 +54,7 @@ import org.thingsboard.server.dao.exception.DataValidationException;
 import org.thingsboard.server.dao.settings.AdminSettingsService;
 import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.dao.user.UserServiceImpl;
-import org.thingsboard.server.common.data.security.model.mfa.TwoFactorAuthSettings;
+import org.thingsboard.server.common.data.security.model.mfa.PlatformTwoFaSettings;
 import org.thingsboard.server.service.security.auth.rest.RestAuthenticationDetails;
 import org.thingsboard.server.service.security.exception.UserPasswordExpiredException;
 import org.thingsboard.server.service.security.model.SecurityUser;
@@ -160,7 +160,7 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
     }
 
     @Override
-    public void validateTwoFaVerification(SecurityUser securityUser, boolean verificationSuccess, TwoFactorAuthSettings twoFaSettings) {
+    public void validateTwoFaVerification(SecurityUser securityUser, boolean verificationSuccess, PlatformTwoFaSettings twoFaSettings) {
         TenantId tenantId = securityUser.getTenantId();
         UserId userId = securityUser.getId();
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java b/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
index 90241f723b..6173d408c5 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
@@ -23,7 +23,7 @@ import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.security.UserCredentials;
 import org.thingsboard.server.common.data.security.model.SecuritySettings;
 import org.thingsboard.server.dao.exception.DataValidationException;
-import org.thingsboard.server.common.data.security.model.mfa.TwoFactorAuthSettings;
+import org.thingsboard.server.common.data.security.model.mfa.PlatformTwoFaSettings;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 import javax.servlet.http.HttpServletRequest;
@@ -36,7 +36,7 @@ public interface SystemSecurityService {
 
     void validateUserCredentials(TenantId tenantId, UserCredentials userCredentials, String username, String password) throws AuthenticationException;
 
-    void validateTwoFaVerification(SecurityUser securityUser, boolean verificationSuccess, TwoFactorAuthSettings twoFaSettings);
+    void validateTwoFaVerification(SecurityUser securityUser, boolean verificationSuccess, PlatformTwoFaSettings twoFaSettings);
 
     void validatePassword(TenantId tenantId, String password, UserCredentials userCredentials) throws DataValidationException;
 
diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
index 6e3f11160f..954d313480 100644
--- a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
@@ -30,17 +30,18 @@ import org.springframework.web.util.UriComponentsBuilder;
 import org.thingsboard.rule.engine.api.SmsService;
 import org.thingsboard.server.common.data.CacheConstants;
 import org.thingsboard.server.common.data.id.TenantId;
-import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
-import org.thingsboard.server.common.data.security.model.mfa.TwoFactorAuthSettings;
-import org.thingsboard.server.common.data.security.model.mfa.account.SmsTwoFactorAuthAccountConfig;
-import org.thingsboard.server.common.data.security.model.mfa.account.TotpTwoFactorAuthAccountConfig;
-import org.thingsboard.server.common.data.security.model.mfa.account.TwoFactorAuthAccountConfig;
-import org.thingsboard.server.common.data.security.model.mfa.provider.SmsTwoFactorAuthProviderConfig;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TotpTwoFactorAuthProviderConfig;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderConfig;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
-import org.thingsboard.server.service.security.auth.mfa.provider.impl.OtpBasedTwoFactorAuthProvider;
-import org.thingsboard.server.service.security.auth.mfa.provider.impl.TotpTwoFactorAuthProvider;
+import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFaConfigManager;
+import org.thingsboard.server.common.data.security.model.mfa.PlatformTwoFaSettings;
+import org.thingsboard.server.common.data.security.model.mfa.account.SmsTwoFaAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.account.TotpTwoFaAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.account.TwoFaAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.SmsTwoFaProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TotpTwoFaProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
+import org.thingsboard.server.service.security.auth.mfa.provider.impl.OtpBasedTwoFaProvider;
+import org.thingsboard.server.service.security.auth.mfa.provider.impl.TotpTwoFaProvider;
 
 import java.util.Arrays;
 import java.util.Collections;
@@ -58,13 +59,15 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
     @SpyBean
-    private TotpTwoFactorAuthProvider totpTwoFactorAuthProvider;
+    private TotpTwoFaProvider totpTwoFactorAuthProvider;
     @MockBean
     private SmsService smsService;
     @Autowired
     private CacheManager cacheManager;
     @Autowired
-    private TwoFactorAuthConfigManager twoFactorAuthConfigManager;
+    private TwoFaConfigManager twoFaConfigManager;
+    @Autowired
+    private TwoFactorAuthService twoFactorAuthService;
 
     @Before
     public void beforeEach() throws Exception {
@@ -73,8 +76,8 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
     @After
     public void afterEach() {
-        twoFactorAuthConfigManager.deleteTwoFaSettings(TenantId.SYS_TENANT_ID);
-        twoFactorAuthConfigManager.deleteTwoFaSettings(tenantId);
+        twoFaConfigManager.deletePlatformTwoFaSettings(TenantId.SYS_TENANT_ID);
+        twoFaConfigManager.deletePlatformTwoFaSettings(tenantId);
     }
 
 
@@ -88,13 +91,13 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
     }
 
     private void testSaveTestTwoFaSettings() throws Exception {
-        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = new TotpTwoFactorAuthProviderConfig();
+        TotpTwoFaProviderConfig totpTwoFaProviderConfig = new TotpTwoFaProviderConfig();
         totpTwoFaProviderConfig.setIssuerName("tb");
-        SmsTwoFactorAuthProviderConfig smsTwoFaProviderConfig = new SmsTwoFactorAuthProviderConfig();
+        SmsTwoFaProviderConfig smsTwoFaProviderConfig = new SmsTwoFaProviderConfig();
         smsTwoFaProviderConfig.setSmsVerificationMessageTemplate("${verificationCode}");
         smsTwoFaProviderConfig.setVerificationCodeLifetime(60);
 
-        TwoFactorAuthSettings twoFaSettings = new TwoFactorAuthSettings();
+        PlatformTwoFaSettings twoFaSettings = new PlatformTwoFaSettings();
         twoFaSettings.setProviders(List.of(totpTwoFaProviderConfig, smsTwoFaProviderConfig));
         twoFaSettings.setVerificationCodeSendRateLimit("1:60");
         twoFaSettings.setVerificationCodeCheckRateLimit("3:900");
@@ -103,7 +106,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
         doPost("/api/2fa/settings", twoFaSettings).andExpect(status().isOk());
 
-        TwoFactorAuthSettings savedTwoFaSettings = readResponse(doGet("/api/2fa/settings").andExpect(status().isOk()), TwoFactorAuthSettings.class);
+        PlatformTwoFaSettings savedTwoFaSettings = readResponse(doGet("/api/2fa/settings").andExpect(status().isOk()), PlatformTwoFaSettings.class);
 
         assertThat(savedTwoFaSettings.getProviders()).hasSize(2);
         assertThat(savedTwoFaSettings.getProviders()).contains(totpTwoFaProviderConfig, smsTwoFaProviderConfig);
@@ -113,7 +116,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
     public void testSaveTwoFaSettings_validationError() throws Exception {
         loginTenantAdmin();
 
-        TwoFactorAuthSettings twoFaSettings = new TwoFactorAuthSettings();
+        PlatformTwoFaSettings twoFaSettings = new PlatformTwoFaSettings();
         twoFaSettings.setProviders(Collections.emptyList());
         twoFaSettings.setVerificationCodeSendRateLimit("ab:aba");
         twoFaSettings.setVerificationCodeCheckRateLimit("0:12");
@@ -146,19 +149,19 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
     @Test
     public void testGetTwoFaSettings_useSysadminSettingsAsDefault() throws Exception {
         loginSysAdmin();
-        TwoFactorAuthSettings sysadminTwoFaSettings = new TwoFactorAuthSettings();
-        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = new TotpTwoFactorAuthProviderConfig();
+        PlatformTwoFaSettings sysadminTwoFaSettings = new PlatformTwoFaSettings();
+        TotpTwoFaProviderConfig totpTwoFaProviderConfig = new TotpTwoFaProviderConfig();
         totpTwoFaProviderConfig.setIssuerName("tb");
         sysadminTwoFaSettings.setProviders(Collections.singletonList(totpTwoFaProviderConfig));
         sysadminTwoFaSettings.setMaxVerificationFailuresBeforeUserLockout(25);
         doPost("/api/2fa/settings", sysadminTwoFaSettings).andExpect(status().isOk());
 
         loginTenantAdmin();
-        TwoFactorAuthSettings tenantTwoFaSettings = new TwoFactorAuthSettings();
+        PlatformTwoFaSettings tenantTwoFaSettings = new PlatformTwoFaSettings();
         tenantTwoFaSettings.setUseSystemTwoFactorAuthSettings(true);
         tenantTwoFaSettings.setProviders(Collections.emptyList());
         doPost("/api/2fa/settings", tenantTwoFaSettings).andExpect(status().isOk());
-        TwoFactorAuthSettings twoFaSettings = readResponse(doGet("/api/2fa/settings").andExpect(status().isOk()), TwoFactorAuthSettings.class);
+        PlatformTwoFaSettings twoFaSettings = readResponse(doGet("/api/2fa/settings").andExpect(status().isOk()), PlatformTwoFaSettings.class);
         assertThat(twoFaSettings).isEqualTo(tenantTwoFaSettings);
 
         doPost("/api/2fa/account/config/generate?providerType=TOTP")
@@ -168,7 +171,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
         tenantTwoFaSettings.setProviders(Collections.emptyList());
         tenantTwoFaSettings.setMaxVerificationFailuresBeforeUserLockout(10);
         doPost("/api/2fa/settings", tenantTwoFaSettings).andExpect(status().isOk());
-        twoFaSettings = readResponse(doGet("/api/2fa/settings").andExpect(status().isOk()), TwoFactorAuthSettings.class);
+        twoFaSettings = readResponse(doGet("/api/2fa/settings").andExpect(status().isOk()), PlatformTwoFaSettings.class);
         assertThat(twoFaSettings).isEqualTo(tenantTwoFaSettings);
 
         assertThat(getErrorMessage(doPost("/api/2fa/account/config/generate?providerType=TOTP")
@@ -192,13 +195,13 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
                 .andExpect(status().isOk());
 
         loginSysAdmin();
-        twoFaSettings = readResponse(doGet("/api/2fa/settings").andExpect(status().isOk()), TwoFactorAuthSettings.class);
+        twoFaSettings = readResponse(doGet("/api/2fa/settings").andExpect(status().isOk()), PlatformTwoFaSettings.class);
         assertThat(twoFaSettings).isEqualTo(sysadminTwoFaSettings);
     }
 
     @Test
     public void testSaveTotpTwoFaProviderConfig_validationError() throws Exception {
-        TotpTwoFactorAuthProviderConfig invalidTotpTwoFaProviderConfig = new TotpTwoFactorAuthProviderConfig();
+        TotpTwoFaProviderConfig invalidTotpTwoFaProviderConfig = new TotpTwoFaProviderConfig();
         invalidTotpTwoFaProviderConfig.setIssuerName("   ");
 
         String errorResponse = saveTwoFaSettingsAndGetError(invalidTotpTwoFaProviderConfig);
@@ -207,7 +210,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
     @Test
     public void testSaveSmsTwoFaProviderConfig_validationError() throws Exception {
-        SmsTwoFactorAuthProviderConfig invalidSmsTwoFaProviderConfig = new SmsTwoFactorAuthProviderConfig();
+        SmsTwoFaProviderConfig invalidSmsTwoFaProviderConfig = new SmsTwoFaProviderConfig();
         invalidSmsTwoFaProviderConfig.setSmsVerificationMessageTemplate("does not contain verification code");
         invalidSmsTwoFaProviderConfig.setVerificationCodeLifetime(60);
 
@@ -221,8 +224,8 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
         assertThat(errorResponse).containsIgnoringCase("verification code lifetime is required");
     }
 
-    private String saveTwoFaSettingsAndGetError(TwoFactorAuthProviderConfig invalidTwoFaProviderConfig) throws Exception {
-        TwoFactorAuthSettings twoFaSettings = new TwoFactorAuthSettings();
+    private String saveTwoFaSettingsAndGetError(TwoFaProviderConfig invalidTwoFaProviderConfig) throws Exception {
+        PlatformTwoFaSettings twoFaSettings = new PlatformTwoFaSettings();
         twoFaSettings.setProviders(Collections.singletonList(invalidTwoFaProviderConfig));
 
         return getErrorMessage(doPost("/api/2fa/settings", twoFaSettings)
@@ -235,12 +238,12 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
         loginTenantAdmin();
 
-        TwoFactorAuthProviderType notConfiguredProviderType = TwoFactorAuthProviderType.TOTP;
+        TwoFaProviderType notConfiguredProviderType = TwoFaProviderType.TOTP;
         String errorMessage = getErrorMessage(doPost("/api/2fa/account/config/generate?providerType=" + notConfiguredProviderType)
                 .andExpect(status().isBadRequest()));
         assertThat(errorMessage).containsIgnoringCase("provider is not configured");
 
-        TotpTwoFactorAuthAccountConfig notConfiguredProviderAccountConfig = new TotpTwoFactorAuthAccountConfig();
+        TotpTwoFaAccountConfig notConfiguredProviderAccountConfig = new TotpTwoFaAccountConfig();
         notConfiguredProviderAccountConfig.setAuthUrl("otpauth://totp/aba:aba?issuer=aba&secret=ABA");
         errorMessage = getErrorMessage(doPost("/api/2fa/account/config/submit", notConfiguredProviderAccountConfig));
         assertThat(errorMessage).containsIgnoringCase("provider is not configured");
@@ -248,7 +251,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
     @Test
     public void testGenerateTotpTwoFaAccountConfig() throws Exception {
-        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = configureTotpTwoFaProvider();
+        TotpTwoFaProviderConfig totpTwoFaProviderConfig = configureTotpTwoFaProvider();
 
         loginTenantAdmin();
 
@@ -258,11 +261,11 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
     @Test
     public void testSubmitTotpTwoFaAccountConfig() throws Exception {
-        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = configureTotpTwoFaProvider();
+        TotpTwoFaProviderConfig totpTwoFaProviderConfig = configureTotpTwoFaProvider();
 
         loginTenantAdmin();
 
-        TotpTwoFactorAuthAccountConfig generatedTotpTwoFaAccountConfig = generateTotpTwoFaAccountConfig(totpTwoFaProviderConfig);
+        TotpTwoFaAccountConfig generatedTotpTwoFaAccountConfig = generateTotpTwoFaAccountConfig(totpTwoFaProviderConfig);
         doPost("/api/2fa/account/config/submit", generatedTotpTwoFaAccountConfig).andExpect(status().isOk());
         verify(totpTwoFactorAuthProvider).prepareVerificationCode(argThat(user -> user.getEmail().equals(TENANT_ADMIN_EMAIL)),
                 eq(totpTwoFaProviderConfig), eq(generatedTotpTwoFaAccountConfig));
@@ -274,7 +277,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
         loginTenantAdmin();
 
-        TotpTwoFactorAuthAccountConfig totpTwoFaAccountConfig = new TotpTwoFactorAuthAccountConfig();
+        TotpTwoFaAccountConfig totpTwoFaAccountConfig = new TotpTwoFaAccountConfig();
         totpTwoFaAccountConfig.setAuthUrl(null);
 
         String errorMessage = getErrorMessage(doPost("/api/2fa/account/config/submit", totpTwoFaAccountConfig)
@@ -293,11 +296,11 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
     @Test
     public void testVerifyAndSaveTotpTwoFaAccountConfig() throws Exception {
-        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = configureTotpTwoFaProvider();
+        TotpTwoFaProviderConfig totpTwoFaProviderConfig = configureTotpTwoFaProvider();
 
         loginTenantAdmin();
 
-        TotpTwoFactorAuthAccountConfig generatedTotpTwoFaAccountConfig = generateTotpTwoFaAccountConfig(totpTwoFaProviderConfig);
+        TotpTwoFaAccountConfig generatedTotpTwoFaAccountConfig = generateTotpTwoFaAccountConfig(totpTwoFaProviderConfig);
 
         String secret = UriComponentsBuilder.fromUriString(generatedTotpTwoFaAccountConfig.getAuthUrl()).build()
                 .getQueryParams().getFirst("secret");
@@ -306,17 +309,17 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
         doPost("/api/2fa/account/config?verificationCode=" + correctVerificationCode, generatedTotpTwoFaAccountConfig)
                 .andExpect(status().isOk());
 
-        TwoFactorAuthAccountConfig twoFaAccountConfig = readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), TwoFactorAuthAccountConfig.class);
+        TwoFaAccountConfig twoFaAccountConfig = readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), TwoFaAccountConfig.class);
         assertThat(twoFaAccountConfig).isEqualTo(generatedTotpTwoFaAccountConfig);
     }
 
     @Test
     public void testVerifyAndSaveTotpTwoFaAccountConfig_incorrectVerificationCode() throws Exception {
-        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = configureTotpTwoFaProvider();
+        TotpTwoFaProviderConfig totpTwoFaProviderConfig = configureTotpTwoFaProvider();
 
         loginTenantAdmin();
 
-        TotpTwoFactorAuthAccountConfig generatedTotpTwoFaAccountConfig = generateTotpTwoFaAccountConfig(totpTwoFaProviderConfig);
+        TotpTwoFaAccountConfig generatedTotpTwoFaAccountConfig = generateTotpTwoFaAccountConfig(totpTwoFaProviderConfig);
 
         String incorrectVerificationCode = "100000";
         String errorMessage = getErrorMessage(doPost("/api/2fa/account/config?verificationCode=" + incorrectVerificationCode, generatedTotpTwoFaAccountConfig)
@@ -325,12 +328,12 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
         assertThat(errorMessage).containsIgnoringCase("verification code is incorrect");
     }
 
-    private TotpTwoFactorAuthAccountConfig generateTotpTwoFaAccountConfig(TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig) throws Exception {
-        TwoFactorAuthAccountConfig generatedTwoFaAccountConfig = readResponse(doPost("/api/2fa/account/config/generate?providerType=TOTP")
-                .andExpect(status().isOk()), TwoFactorAuthAccountConfig.class);
-        assertThat(generatedTwoFaAccountConfig).isInstanceOf(TotpTwoFactorAuthAccountConfig.class);
+    private TotpTwoFaAccountConfig generateTotpTwoFaAccountConfig(TotpTwoFaProviderConfig totpTwoFaProviderConfig) throws Exception {
+        TwoFaAccountConfig generatedTwoFaAccountConfig = readResponse(doPost("/api/2fa/account/config/generate?providerType=TOTP")
+                .andExpect(status().isOk()), TwoFaAccountConfig.class);
+        assertThat(generatedTwoFaAccountConfig).isInstanceOf(TotpTwoFaAccountConfig.class);
 
-        assertThat(((TotpTwoFactorAuthAccountConfig) generatedTwoFaAccountConfig)).satisfies(accountConfig -> {
+        assertThat(((TotpTwoFaAccountConfig) generatedTwoFaAccountConfig)).satisfies(accountConfig -> {
             UriComponents otpAuthUrl = UriComponentsBuilder.fromUriString(accountConfig.getAuthUrl()).build();
             assertThat(otpAuthUrl.getScheme()).isEqualTo("otpauth");
             assertThat(otpAuthUrl.getHost()).isEqualTo("totp");
@@ -340,14 +343,14 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
                 assertDoesNotThrow(() -> Base32.decode(secretKey));
             });
         });
-        return (TotpTwoFactorAuthAccountConfig) generatedTwoFaAccountConfig;
+        return (TotpTwoFaAccountConfig) generatedTwoFaAccountConfig;
     }
 
     @Test
     public void testGetTwoFaAccountConfig_whenProviderNotConfigured() throws Exception {
         testVerifyAndSaveTotpTwoFaAccountConfig();
         assertThat(readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()),
-                TotpTwoFactorAuthAccountConfig.class)).isNotNull();
+                TotpTwoFaAccountConfig.class)).isNotNull();
 
         loginSysAdmin();
 
@@ -371,13 +374,13 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
         loginTenantAdmin();
 
-        SmsTwoFactorAuthAccountConfig smsTwoFaAccountConfig = new SmsTwoFactorAuthAccountConfig();
+        SmsTwoFaAccountConfig smsTwoFaAccountConfig = new SmsTwoFaAccountConfig();
         smsTwoFaAccountConfig.setPhoneNumber("+38054159785");
 
         doPost("/api/2fa/account/config/submit", smsTwoFaAccountConfig).andExpect(status().isOk());
 
         String verificationCode = cacheManager.getCache(CacheConstants.TWO_FA_VERIFICATION_CODES_CACHE)
-                .get(tenantAdminUserId, OtpBasedTwoFactorAuthProvider.Otp.class).getValue();
+                .get(tenantAdminUserId, OtpBasedTwoFaProvider.Otp.class).getValue();
 
         verify(smsService).sendSms(eq(tenantId), any(), argThat(phoneNumbers -> {
             return phoneNumbers[0].equals(smsTwoFaAccountConfig.getPhoneNumber());
@@ -388,7 +391,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
     public void testSubmitSmsTwoFaAccountConfig_validationError() throws Exception {
         configureSmsTwoFaProvider("${verificationCode}");
 
-        SmsTwoFactorAuthAccountConfig smsTwoFaAccountConfig = new SmsTwoFactorAuthAccountConfig();
+        SmsTwoFaAccountConfig smsTwoFaAccountConfig = new SmsTwoFaAccountConfig();
         String blankPhoneNumber = "";
         smsTwoFaAccountConfig.setPhoneNumber(blankPhoneNumber);
 
@@ -410,7 +413,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
         loginTenantAdmin();
 
-        SmsTwoFactorAuthAccountConfig smsTwoFaAccountConfig = new SmsTwoFactorAuthAccountConfig();
+        SmsTwoFaAccountConfig smsTwoFaAccountConfig = new SmsTwoFaAccountConfig();
         smsTwoFaAccountConfig.setPhoneNumber("+38051889445");
 
         ArgumentCaptor<String> verificationCodeCaptor = ArgumentCaptor.forClass(String.class);
@@ -424,7 +427,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
         doPost("/api/2fa/account/config?verificationCode=" + correctVerificationCode, smsTwoFaAccountConfig)
                 .andExpect(status().isOk());
 
-        TwoFactorAuthAccountConfig accountConfig = readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), TwoFactorAuthAccountConfig.class);
+        TwoFaAccountConfig accountConfig = readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), TwoFaAccountConfig.class);
         assertThat(accountConfig).isEqualTo(smsTwoFaAccountConfig);
     }
 
@@ -434,7 +437,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
         loginTenantAdmin();
 
-        SmsTwoFactorAuthAccountConfig smsTwoFaAccountConfig = new SmsTwoFactorAuthAccountConfig();
+        SmsTwoFaAccountConfig smsTwoFaAccountConfig = new SmsTwoFaAccountConfig();
         smsTwoFaAccountConfig.setPhoneNumber("+38051889445");
 
         String errorMessage = getErrorMessage(doPost("/api/2fa/account/config?verificationCode=100000", smsTwoFaAccountConfig)
@@ -447,7 +450,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
         configureSmsTwoFaProvider("${verificationCode}");
         loginTenantAdmin();
 
-        SmsTwoFactorAuthAccountConfig initialSmsTwoFaAccountConfig = new SmsTwoFactorAuthAccountConfig();
+        SmsTwoFaAccountConfig initialSmsTwoFaAccountConfig = new SmsTwoFaAccountConfig();
         initialSmsTwoFaAccountConfig.setPhoneNumber("+38051889445");
 
         ArgumentCaptor<String> verificationCodeCaptor = ArgumentCaptor.forClass(String.class);
@@ -459,7 +462,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
         String correctVerificationCode = verificationCodeCaptor.getValue();
 
-        SmsTwoFactorAuthAccountConfig anotherSmsTwoFaAccountConfig = new SmsTwoFactorAuthAccountConfig();
+        SmsTwoFaAccountConfig anotherSmsTwoFaAccountConfig = new SmsTwoFaAccountConfig();
         anotherSmsTwoFaAccountConfig.setPhoneNumber("+38111111111");
         String errorMessage = getErrorMessage(doPost("/api/2fa/account/config?verificationCode=" + correctVerificationCode, anotherSmsTwoFaAccountConfig)
                 .andExpect(status().isBadRequest()));
@@ -467,20 +470,20 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
         doPost("/api/2fa/account/config?verificationCode=" + correctVerificationCode, initialSmsTwoFaAccountConfig)
                 .andExpect(status().isOk());
-        TwoFactorAuthAccountConfig accountConfig = readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), TwoFactorAuthAccountConfig.class);
+        TwoFaAccountConfig accountConfig = readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), TwoFaAccountConfig.class);
         assertThat(accountConfig).isEqualTo(initialSmsTwoFaAccountConfig);
     }
 
-    private TotpTwoFactorAuthProviderConfig configureTotpTwoFaProvider() throws Exception {
-        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = new TotpTwoFactorAuthProviderConfig();
+    private TotpTwoFaProviderConfig configureTotpTwoFaProvider() throws Exception {
+        TotpTwoFaProviderConfig totpTwoFaProviderConfig = new TotpTwoFaProviderConfig();
         totpTwoFaProviderConfig.setIssuerName("tb");
 
         saveProvidersConfigs(totpTwoFaProviderConfig);
         return totpTwoFaProviderConfig;
     }
 
-    private SmsTwoFactorAuthProviderConfig configureSmsTwoFaProvider(String verificationMessageTemplate) throws Exception {
-        SmsTwoFactorAuthProviderConfig smsTwoFaProviderConfig = new SmsTwoFactorAuthProviderConfig();
+    private SmsTwoFaProviderConfig configureSmsTwoFaProvider(String verificationMessageTemplate) throws Exception {
+        SmsTwoFaProviderConfig smsTwoFaProviderConfig = new SmsTwoFaProviderConfig();
         smsTwoFaProviderConfig.setSmsVerificationMessageTemplate(verificationMessageTemplate);
         smsTwoFaProviderConfig.setVerificationCodeLifetime(60);
 
@@ -488,8 +491,8 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
         return smsTwoFaProviderConfig;
     }
 
-    private void saveProvidersConfigs(TwoFactorAuthProviderConfig... providerConfigs) throws Exception {
-        TwoFactorAuthSettings twoFaSettings = new TwoFactorAuthSettings();
+    private void saveProvidersConfigs(TwoFaProviderConfig... providerConfigs) throws Exception {
+        PlatformTwoFaSettings twoFaSettings = new PlatformTwoFaSettings();
 
         twoFaSettings.setProviders(Arrays.stream(providerConfigs).collect(Collectors.toList()));
         doPost("/api/2fa/settings", twoFaSettings).andExpect(status().isOk());
@@ -498,24 +501,24 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
     @Test
     public void testIsTwoFaEnabled() throws Exception {
         configureSmsTwoFaProvider("${verificationCode}");
-        SmsTwoFactorAuthAccountConfig accountConfig = new SmsTwoFactorAuthAccountConfig();
+        SmsTwoFaAccountConfig accountConfig = new SmsTwoFaAccountConfig();
         accountConfig.setPhoneNumber("+38050505050");
-        twoFactorAuthConfigManager.saveTwoFaAccountConfig(tenantId, tenantAdminUserId, accountConfig);
+        twoFaConfigManager.saveTwoFaAccountConfig(tenantId, tenantAdminUserId, accountConfig);
 
-        assertThat(twoFactorAuthConfigManager.isTwoFaEnabled(tenantId, tenantAdminUserId)).isTrue();
+        assertThat(twoFactorAuthService.isTwoFaEnabled(tenantId, tenantAdminUserId)).isTrue();
     }
 
     @Test
     public void testDeleteTwoFaAccountConfig() throws Exception {
         configureSmsTwoFaProvider("${verificationCode}");
-        SmsTwoFactorAuthAccountConfig accountConfig = new SmsTwoFactorAuthAccountConfig();
+        SmsTwoFaAccountConfig accountConfig = new SmsTwoFaAccountConfig();
         accountConfig.setPhoneNumber("+38050505050");
 
         loginTenantAdmin();
 
-        twoFactorAuthConfigManager.saveTwoFaAccountConfig(tenantId, tenantAdminUserId, accountConfig);
+        twoFaConfigManager.saveTwoFaAccountConfig(tenantId, tenantAdminUserId, accountConfig);
 
-        TwoFactorAuthAccountConfig savedAccountConfig = readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), TwoFactorAuthAccountConfig.class);
+        TwoFaAccountConfig savedAccountConfig = readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), TwoFaAccountConfig.class);
         assertThat(savedAccountConfig).isEqualTo(accountConfig);
 
         doDelete("/api/2fa/account/config").andExpect(status().isOk());
diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
index 41ddd05c1b..17910c4f16 100644
--- a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
@@ -39,14 +39,14 @@ import org.thingsboard.server.common.data.security.Authority;
 import org.thingsboard.server.dao.audit.AuditLogService;
 import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
-import org.thingsboard.server.service.security.auth.mfa.config.TwoFactorAuthConfigManager;
-import org.thingsboard.server.common.data.security.model.mfa.TwoFactorAuthSettings;
-import org.thingsboard.server.common.data.security.model.mfa.account.SmsTwoFactorAuthAccountConfig;
-import org.thingsboard.server.common.data.security.model.mfa.account.TotpTwoFactorAuthAccountConfig;
-import org.thingsboard.server.common.data.security.model.mfa.provider.SmsTwoFactorAuthProviderConfig;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TotpTwoFactorAuthProviderConfig;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderConfig;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFaConfigManager;
+import org.thingsboard.server.common.data.security.model.mfa.PlatformTwoFaSettings;
+import org.thingsboard.server.common.data.security.model.mfa.account.SmsTwoFaAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.account.TotpTwoFaAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.SmsTwoFaProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TotpTwoFaProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
 import org.thingsboard.server.service.security.auth.rest.LoginRequest;
 import org.thingsboard.server.service.security.model.JwtTokenPair;
 
@@ -68,319 +68,319 @@ import static org.mockito.Mockito.verify;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 public abstract class TwoFactorAuthTest extends AbstractControllerTest {
-
-    @Autowired
-    private TwoFactorAuthConfigManager twoFactorAuthConfigManager;
-    @Autowired
-    private TwoFactorAuthService twoFactorAuthService;
-    @MockBean
-    private SmsService smsService;
-    @Autowired
-    private AuditLogService auditLogService;
-    @Autowired
-    private UserService userService;
-
-    private User user;
-    private String username;
-    private String password;
-
-    @Before
-    public void beforeEach() throws Exception {
-        username = "mfa@tb.io";
-        password = "psswrd";
-
-        user = new User();
-        user.setAuthority(Authority.TENANT_ADMIN);
-        user.setEmail(username);
-        user.setTenantId(tenantId);
-
-        loginSysAdmin();
-        user = createUser(user, password);
-    }
-
-    @After
-    public void afterEach() {
-        twoFactorAuthConfigManager.deleteTwoFaSettings(tenantId);
-        twoFactorAuthConfigManager.deleteTwoFaSettings(TenantId.SYS_TENANT_ID);
-    }
-
-    @Test
-    public void testTwoFa_totp() throws Exception {
-        TotpTwoFactorAuthAccountConfig totpTwoFaAccountConfig = configureTotpTwoFa();
-
-        logInWithPreVerificationToken();
-
-        doPost("/api/auth/2fa/verification/send")
-                .andExpect(status().isOk());
-
-        String correctVerificationCode = getCorrectTotp(totpTwoFaAccountConfig);
-
-        JsonNode tokenPair = readResponse(doPost("/api/auth/2fa/verification/check?verificationCode=" + correctVerificationCode)
-                .andExpect(status().isOk()), JsonNode.class);
-        validateAndSetJwtToken(tokenPair, username);
-
-        User currentUser = readResponse(doGet("/api/auth/user")
-                .andExpect(status().isOk()), User.class);
-        assertThat(currentUser.getId()).isEqualTo(user.getId());
-    }
-
-    @Test
-    public void testTwoFa_sms() throws Exception {
-        configureSmsTwoFa();
-
-        logInWithPreVerificationToken();
-
-        doPost("/api/auth/2fa/verification/send")
-                .andExpect(status().isOk());
-
-        ArgumentCaptor<String> verificationCodeCaptor = ArgumentCaptor.forClass(String.class);
-        verify(smsService).sendSms(eq(tenantId), any(), any(), verificationCodeCaptor.capture());
-        String correctVerificationCode = verificationCodeCaptor.getValue();
-
-        JsonNode tokenPair = readResponse(doPost("/api/auth/2fa/verification/check?verificationCode=" + correctVerificationCode)
-                .andExpect(status().isOk()), JsonNode.class);
-        validateAndSetJwtToken(tokenPair, username);
-
-        User currentUser = readResponse(doGet("/api/auth/user")
-                .andExpect(status().isOk()), User.class);
-        assertThat(currentUser.getId()).isEqualTo(user.getId());
-    }
-
-    @Test
-    public void testTwoFaPreVerificationTokenLifetime() throws Exception {
-        configureTotpTwoFa(twoFaSettings -> {
-            twoFaSettings.setTotalAllowedTimeForVerification(5);
-        });
-
-        logInWithPreVerificationToken();
-
-        await("expiration of the pre-verification token")
-                .atLeast(Duration.ofSeconds(3).plusMillis(500))
-                .atMost(Duration.ofSeconds(6))
-                .untilAsserted(() -> {
-                    doPost("/api/auth/2fa/verification/send")
-                            .andExpect(status().isUnauthorized());
-                });
-    }
-
-    @Test
-    public void testCheckVerificationCode_userBlocked() throws Exception {
-        configureTotpTwoFa(twoFaSettings -> {
-            twoFaSettings.setMaxVerificationFailuresBeforeUserLockout(10);
-        });
-
-        logInWithPreVerificationToken();
-
-        Stream.generate(() -> RandomStringUtils.randomNumeric(6))
-                .limit(9)
-                .forEach(incorrectVerificationCode -> {
-                    try {
-                        String errorMessage = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=" + incorrectVerificationCode)
-                                .andExpect(status().isBadRequest()));
-                        assertThat(errorMessage).containsIgnoringCase("verification code is incorrect");
-                    } catch (Exception e) {
-                        fail();
-                    }
-                });
-
-        String errorMessage = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=" + RandomStringUtils.randomNumeric(6))
-                .andExpect(status().isUnauthorized()));
-        assertThat(errorMessage).containsIgnoringCase("account was locked due to exceeded 2fa verification attempts");
-
-        errorMessage = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=" + RandomStringUtils.randomNumeric(6))
-                .andExpect(status().isUnauthorized()));
-        assertThat(errorMessage).containsIgnoringCase("user is disabled");
-    }
-
-    @Test
-    public void testSendVerificationCode_rateLimit() throws Exception {
-        configureTotpTwoFa(twoFaSettings -> {
-            twoFaSettings.setVerificationCodeSendRateLimit("3:10");
-        });
-
-        logInWithPreVerificationToken();
-
-        for (int i = 0; i < 3; i++) {
-            doPost("/api/auth/2fa/verification/send")
-                    .andExpect(status().isOk());
-        }
-
-        String rateLimitExceededError = getErrorMessage(doPost("/api/auth/2fa/verification/send")
-                .andExpect(status().isTooManyRequests()));
-        assertThat(rateLimitExceededError).containsIgnoringCase("too many verification code sending requests");
-
-        await("verification code sending rate limit resetting")
-                .atLeast(Duration.ofSeconds(8))
-                .atMost(Duration.ofSeconds(12))
-                .untilAsserted(() -> {
-                    doPost("/api/auth/2fa/verification/send")
-                            .andExpect(status().isOk());
-                });
-    }
-
-    @Test
-    public void testCheckVerificationCode_rateLimit() throws Exception {
-        TotpTwoFactorAuthAccountConfig totpTwoFaAccountConfig = configureTotpTwoFa(twoFaSettings -> {
-            twoFaSettings.setVerificationCodeCheckRateLimit("3:10");
-        });
-
-        logInWithPreVerificationToken();
-
-        for (int i = 0; i < 3; i++) {
-            String incorrectVerificationCodeError = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=incorrect")
-                    .andExpect(status().isBadRequest()));
-            assertThat(incorrectVerificationCodeError).containsIgnoringCase("verification code is incorrect");
-        }
-
-        String rateLimitExceededError = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=incorrect")
-                .andExpect(status().isTooManyRequests()));
-        assertThat(rateLimitExceededError).containsIgnoringCase("too many verification code checking requests");
-
-        await("verification code checking rate limit resetting")
-                .atLeast(Duration.ofSeconds(8))
-                .atMost(Duration.ofSeconds(12))
-                .untilAsserted(() -> {
-                    String incorrectVerificationCodeError = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=incorrect")
-                            .andExpect(status().isBadRequest()));
-                    assertThat(incorrectVerificationCodeError).containsIgnoringCase("verification code is incorrect");
-                });
-
-        doPost("/api/auth/2fa/verification/check?verificationCode=" + getCorrectTotp(totpTwoFaAccountConfig))
-                .andExpect(status().isOk());
-    }
-
-    @Test
-    public void testCheckVerificationCode_invalidVerificationCode() throws Exception {
-        configureTotpTwoFa();
-        logInWithPreVerificationToken();
-
-        for (String invalidVerificationCode : new String[]{"1234567", "ab1212", "12311 ", "oewkriwejqf"}) {
-            String errorMessage = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=" + invalidVerificationCode)
-                    .andExpect(status().isBadRequest()));
-            assertThat(errorMessage).containsIgnoringCase("verification code is incorrect");
-        }
-    }
-
-    @Test
-    public void testCheckVerificationCode_codeExpiration() throws Exception {
-        configureSmsTwoFa(smsTwoFaProviderConfig -> {
-            smsTwoFaProviderConfig.setVerificationCodeLifetime(10);
-        });
-
-        logInWithPreVerificationToken();
-
-        ArgumentCaptor<String> verificationCodeCaptor = ArgumentCaptor.forClass(String.class);
-        doPost("/api/auth/2fa/verification/send").andExpect(status().isOk());
-        verify(smsService).sendSms(eq(tenantId), any(), any(), verificationCodeCaptor.capture());
-
-        String correctVerificationCode = verificationCodeCaptor.getValue();
-
-        await("verification code expiration")
-                .pollDelay(10, TimeUnit.SECONDS)
-                .atLeast(10, TimeUnit.SECONDS)
-                .atMost(12, TimeUnit.SECONDS)
-                .untilAsserted(() -> {
-                    String incorrectVerificationCodeError = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=" + correctVerificationCode)
-                            .andExpect(status().isBadRequest()));
-                    assertThat(incorrectVerificationCodeError).containsIgnoringCase("verification code is incorrect");
-                });
-    }
-
-    @Test
-    public void testTwoFa_logLoginAction() throws Exception {
-        TotpTwoFactorAuthAccountConfig totpTwoFaAccountConfig = configureTotpTwoFa();
-
-        logInWithPreVerificationToken();
-        await("async audit log saving").during(1, TimeUnit.SECONDS);
-        assertThat(getLogInAuditLogs()).isEmpty();
-        assertThat(userService.findUserById(tenantId, user.getId()).getAdditionalInfo()
-                .get("lastLoginTs")).isNull();
-
-        doPost("/api/auth/2fa/verification/check?verificationCode=incorrect")
-                .andExpect(status().isBadRequest());
-
-        await("async audit log saving").atMost(1, TimeUnit.SECONDS)
-                .until(() -> getLogInAuditLogs().size() == 1);
-        assertThat(getLogInAuditLogs().get(0)).satisfies(failedLogInAuditLog -> {
-            assertThat(failedLogInAuditLog.getActionStatus()).isEqualTo(ActionStatus.FAILURE);
-            assertThat(failedLogInAuditLog.getActionFailureDetails()).containsIgnoringCase("verification code is incorrect");
-            assertThat(failedLogInAuditLog.getUserName()).isEqualTo(username);
-        });
-
-        doPost("/api/auth/2fa/verification/check?verificationCode=" + getCorrectTotp(totpTwoFaAccountConfig))
-                .andExpect(status().isOk());
-        await("async audit log saving").atMost(1, TimeUnit.SECONDS)
-                .until(() -> getLogInAuditLogs().size() == 2);
-        assertThat(getLogInAuditLogs().get(0)).satisfies(successfulLogInAuditLog -> {
-            assertThat(successfulLogInAuditLog.getActionStatus()).isEqualTo(ActionStatus.SUCCESS);
-            assertThat(successfulLogInAuditLog.getUserName()).isEqualTo(username);
-        });
-        assertThat(userService.findUserById(tenantId, user.getId()).getAdditionalInfo()
-                .get("lastLoginTs").asLong())
-                .isGreaterThan(System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(3));
-    }
-
-    private List<AuditLog> getLogInAuditLogs() {
-        return auditLogService.findAuditLogsByTenantIdAndUserId(tenantId, user.getId(), List.of(ActionType.LOGIN),
-                new TimePageLink(new PageLink(10, 0, null, new SortOrder("createdTime", SortOrder.Direction.DESC)), 0L, System.currentTimeMillis())).getData();
-    }
-
-    @Test
-    public void testAuthWithoutTwoFaAccountConfig() throws ThingsboardException {
-        configureTotpTwoFa();
-        twoFactorAuthConfigManager.deleteTwoFaAccountConfig(tenantId, user.getId());
-
-        assertDoesNotThrow(() -> {
-            login(username, password);
-        });
-    }
-
-    private void logInWithPreVerificationToken() throws Exception {
-        LoginRequest loginRequest = new LoginRequest(username, password);
-
-        JwtTokenPair response = readResponse(doPost("/api/auth/login", loginRequest).andExpect(status().isOk()), JwtTokenPair.class);
-        assertThat(response.getToken()).isNotNull();
-        assertThat(response.getRefreshToken()).isNull();
-        assertThat(response.getScope()).isEqualTo(Authority.PRE_VERIFICATION_TOKEN);
-
-        this.token = response.getToken();
-    }
-
-    private TotpTwoFactorAuthAccountConfig configureTotpTwoFa(Consumer<TwoFactorAuthSettings>... customizer) throws ThingsboardException {
-        TotpTwoFactorAuthProviderConfig totpTwoFaProviderConfig = new TotpTwoFactorAuthProviderConfig();
-        totpTwoFaProviderConfig.setIssuerName("tb");
-
-        TwoFactorAuthSettings twoFaSettings = new TwoFactorAuthSettings();
-        twoFaSettings.setUseSystemTwoFactorAuthSettings(false);
-        twoFaSettings.setProviders(Arrays.stream(new TwoFactorAuthProviderConfig[]{totpTwoFaProviderConfig}).collect(Collectors.toList()));
-        Arrays.stream(customizer).forEach(c -> c.accept(twoFaSettings));
-        twoFactorAuthConfigManager.saveTwoFaSettings(tenantId, twoFaSettings);
-
-        TotpTwoFactorAuthAccountConfig totpTwoFaAccountConfig = (TotpTwoFactorAuthAccountConfig) twoFactorAuthService.generateNewAccountConfig(user, TwoFactorAuthProviderType.TOTP);
-        twoFactorAuthConfigManager.saveTwoFaAccountConfig(tenantId, user.getId(), totpTwoFaAccountConfig);
-        return totpTwoFaAccountConfig;
-    }
-
-    private SmsTwoFactorAuthAccountConfig configureSmsTwoFa(Consumer<SmsTwoFactorAuthProviderConfig>... customizer) throws ThingsboardException {
-        SmsTwoFactorAuthProviderConfig smsTwoFaProviderConfig = new SmsTwoFactorAuthProviderConfig();
-        smsTwoFaProviderConfig.setVerificationCodeLifetime(60);
-        smsTwoFaProviderConfig.setSmsVerificationMessageTemplate("${verificationCode}");
-        Arrays.stream(customizer).forEach(c -> c.accept(smsTwoFaProviderConfig));
-
-        TwoFactorAuthSettings twoFaSettings = new TwoFactorAuthSettings();
-        twoFaSettings.setUseSystemTwoFactorAuthSettings(false);
-        twoFaSettings.setProviders(Arrays.stream(new TwoFactorAuthProviderConfig[]{smsTwoFaProviderConfig}).collect(Collectors.toList()));
-        twoFactorAuthConfigManager.saveTwoFaSettings(tenantId, twoFaSettings);
-
-        SmsTwoFactorAuthAccountConfig smsTwoFaAccountConfig = new SmsTwoFactorAuthAccountConfig();
-        smsTwoFaAccountConfig.setPhoneNumber("+38050505050");
-        twoFactorAuthConfigManager.saveTwoFaAccountConfig(tenantId, user.getId(), smsTwoFaAccountConfig);
-        return smsTwoFaAccountConfig;
-    }
-
-    private String getCorrectTotp(TotpTwoFactorAuthAccountConfig totpTwoFaAccountConfig) {
-        String secret = StringUtils.substringAfterLast(totpTwoFaAccountConfig.getAuthUrl(), "secret=");
-        return new Totp(secret).now();
-    }
+//
+//    @Autowired
+//    private TwoFaConfigManager twoFaConfigManager;
+//    @Autowired
+//    private TwoFactorAuthService twoFactorAuthService;
+//    @MockBean
+//    private SmsService smsService;
+//    @Autowired
+//    private AuditLogService auditLogService;
+//    @Autowired
+//    private UserService userService;
+//
+//    private User user;
+//    private String username;
+//    private String password;
+//
+//    @Before
+//    public void beforeEach() throws Exception {
+//        username = "mfa@tb.io";
+//        password = "psswrd";
+//
+//        user = new User();
+//        user.setAuthority(Authority.TENANT_ADMIN);
+//        user.setEmail(username);
+//        user.setTenantId(tenantId);
+//
+//        loginSysAdmin();
+//        user = createUser(user, password);
+//    }
+//
+//    @After
+//    public void afterEach() {
+//        twoFaConfigManager.deletePlatformTwoFaSettings(tenantId);
+//        twoFaConfigManager.deletePlatformTwoFaSettings(TenantId.SYS_TENANT_ID);
+//    }
+//
+//    @Test
+//    public void testTwoFa_totp() throws Exception {
+//        TotpTwoFaAccountConfig totpTwoFaAccountConfig = configureTotpTwoFa();
+//
+//        logInWithPreVerificationToken();
+//
+//        doPost("/api/auth/2fa/verification/send")
+//                .andExpect(status().isOk());
+//
+//        String correctVerificationCode = getCorrectTotp(totpTwoFaAccountConfig);
+//
+//        JsonNode tokenPair = readResponse(doPost("/api/auth/2fa/verification/check?verificationCode=" + correctVerificationCode)
+//                .andExpect(status().isOk()), JsonNode.class);
+//        validateAndSetJwtToken(tokenPair, username);
+//
+//        User currentUser = readResponse(doGet("/api/auth/user")
+//                .andExpect(status().isOk()), User.class);
+//        assertThat(currentUser.getId()).isEqualTo(user.getId());
+//    }
+//
+//    @Test
+//    public void testTwoFa_sms() throws Exception {
+//        configureSmsTwoFa();
+//
+//        logInWithPreVerificationToken();
+//
+//        doPost("/api/auth/2fa/verification/send")
+//                .andExpect(status().isOk());
+//
+//        ArgumentCaptor<String> verificationCodeCaptor = ArgumentCaptor.forClass(String.class);
+//        verify(smsService).sendSms(eq(tenantId), any(), any(), verificationCodeCaptor.capture());
+//        String correctVerificationCode = verificationCodeCaptor.getValue();
+//
+//        JsonNode tokenPair = readResponse(doPost("/api/auth/2fa/verification/check?verificationCode=" + correctVerificationCode)
+//                .andExpect(status().isOk()), JsonNode.class);
+//        validateAndSetJwtToken(tokenPair, username);
+//
+//        User currentUser = readResponse(doGet("/api/auth/user")
+//                .andExpect(status().isOk()), User.class);
+//        assertThat(currentUser.getId()).isEqualTo(user.getId());
+//    }
+//
+//    @Test
+//    public void testTwoFaPreVerificationTokenLifetime() throws Exception {
+//        configureTotpTwoFa(twoFaSettings -> {
+//            twoFaSettings.setTotalAllowedTimeForVerification(5);
+//        });
+//
+//        logInWithPreVerificationToken();
+//
+//        await("expiration of the pre-verification token")
+//                .atLeast(Duration.ofSeconds(3).plusMillis(500))
+//                .atMost(Duration.ofSeconds(6))
+//                .untilAsserted(() -> {
+//                    doPost("/api/auth/2fa/verification/send")
+//                            .andExpect(status().isUnauthorized());
+//                });
+//    }
+//
+//    @Test
+//    public void testCheckVerificationCode_userBlocked() throws Exception {
+//        configureTotpTwoFa(twoFaSettings -> {
+//            twoFaSettings.setMaxVerificationFailuresBeforeUserLockout(10);
+//        });
+//
+//        logInWithPreVerificationToken();
+//
+//        Stream.generate(() -> RandomStringUtils.randomNumeric(6))
+//                .limit(9)
+//                .forEach(incorrectVerificationCode -> {
+//                    try {
+//                        String errorMessage = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=" + incorrectVerificationCode)
+//                                .andExpect(status().isBadRequest()));
+//                        assertThat(errorMessage).containsIgnoringCase("verification code is incorrect");
+//                    } catch (Exception e) {
+//                        fail();
+//                    }
+//                });
+//
+//        String errorMessage = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=" + RandomStringUtils.randomNumeric(6))
+//                .andExpect(status().isUnauthorized()));
+//        assertThat(errorMessage).containsIgnoringCase("account was locked due to exceeded 2fa verification attempts");
+//
+//        errorMessage = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=" + RandomStringUtils.randomNumeric(6))
+//                .andExpect(status().isUnauthorized()));
+//        assertThat(errorMessage).containsIgnoringCase("user is disabled");
+//    }
+//
+//    @Test
+//    public void testSendVerificationCode_rateLimit() throws Exception {
+//        configureTotpTwoFa(twoFaSettings -> {
+//            twoFaSettings.setVerificationCodeSendRateLimit("3:10");
+//        });
+//
+//        logInWithPreVerificationToken();
+//
+//        for (int i = 0; i < 3; i++) {
+//            doPost("/api/auth/2fa/verification/send")
+//                    .andExpect(status().isOk());
+//        }
+//
+//        String rateLimitExceededError = getErrorMessage(doPost("/api/auth/2fa/verification/send")
+//                .andExpect(status().isTooManyRequests()));
+//        assertThat(rateLimitExceededError).containsIgnoringCase("too many verification code sending requests");
+//
+//        await("verification code sending rate limit resetting")
+//                .atLeast(Duration.ofSeconds(8))
+//                .atMost(Duration.ofSeconds(12))
+//                .untilAsserted(() -> {
+//                    doPost("/api/auth/2fa/verification/send")
+//                            .andExpect(status().isOk());
+//                });
+//    }
+//
+//    @Test
+//    public void testCheckVerificationCode_rateLimit() throws Exception {
+//        TotpTwoFaAccountConfig totpTwoFaAccountConfig = configureTotpTwoFa(twoFaSettings -> {
+//            twoFaSettings.setVerificationCodeCheckRateLimit("3:10");
+//        });
+//
+//        logInWithPreVerificationToken();
+//
+//        for (int i = 0; i < 3; i++) {
+//            String incorrectVerificationCodeError = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=incorrect")
+//                    .andExpect(status().isBadRequest()));
+//            assertThat(incorrectVerificationCodeError).containsIgnoringCase("verification code is incorrect");
+//        }
+//
+//        String rateLimitExceededError = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=incorrect")
+//                .andExpect(status().isTooManyRequests()));
+//        assertThat(rateLimitExceededError).containsIgnoringCase("too many verification code checking requests");
+//
+//        await("verification code checking rate limit resetting")
+//                .atLeast(Duration.ofSeconds(8))
+//                .atMost(Duration.ofSeconds(12))
+//                .untilAsserted(() -> {
+//                    String incorrectVerificationCodeError = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=incorrect")
+//                            .andExpect(status().isBadRequest()));
+//                    assertThat(incorrectVerificationCodeError).containsIgnoringCase("verification code is incorrect");
+//                });
+//
+//        doPost("/api/auth/2fa/verification/check?verificationCode=" + getCorrectTotp(totpTwoFaAccountConfig))
+//                .andExpect(status().isOk());
+//    }
+//
+//    @Test
+//    public void testCheckVerificationCode_invalidVerificationCode() throws Exception {
+//        configureTotpTwoFa();
+//        logInWithPreVerificationToken();
+//
+//        for (String invalidVerificationCode : new String[]{"1234567", "ab1212", "12311 ", "oewkriwejqf"}) {
+//            String errorMessage = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=" + invalidVerificationCode)
+//                    .andExpect(status().isBadRequest()));
+//            assertThat(errorMessage).containsIgnoringCase("verification code is incorrect");
+//        }
+//    }
+//
+//    @Test
+//    public void testCheckVerificationCode_codeExpiration() throws Exception {
+//        configureSmsTwoFa(smsTwoFaProviderConfig -> {
+//            smsTwoFaProviderConfig.setVerificationCodeLifetime(10);
+//        });
+//
+//        logInWithPreVerificationToken();
+//
+//        ArgumentCaptor<String> verificationCodeCaptor = ArgumentCaptor.forClass(String.class);
+//        doPost("/api/auth/2fa/verification/send").andExpect(status().isOk());
+//        verify(smsService).sendSms(eq(tenantId), any(), any(), verificationCodeCaptor.capture());
+//
+//        String correctVerificationCode = verificationCodeCaptor.getValue();
+//
+//        await("verification code expiration")
+//                .pollDelay(10, TimeUnit.SECONDS)
+//                .atLeast(10, TimeUnit.SECONDS)
+//                .atMost(12, TimeUnit.SECONDS)
+//                .untilAsserted(() -> {
+//                    String incorrectVerificationCodeError = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=" + correctVerificationCode)
+//                            .andExpect(status().isBadRequest()));
+//                    assertThat(incorrectVerificationCodeError).containsIgnoringCase("verification code is incorrect");
+//                });
+//    }
+//
+//    @Test
+//    public void testTwoFa_logLoginAction() throws Exception {
+//        TotpTwoFaAccountConfig totpTwoFaAccountConfig = configureTotpTwoFa();
+//
+//        logInWithPreVerificationToken();
+//        await("async audit log saving").during(1, TimeUnit.SECONDS);
+//        assertThat(getLogInAuditLogs()).isEmpty();
+//        assertThat(userService.findUserById(tenantId, user.getId()).getAdditionalInfo()
+//                .get("lastLoginTs")).isNull();
+//
+//        doPost("/api/auth/2fa/verification/check?verificationCode=incorrect")
+//                .andExpect(status().isBadRequest());
+//
+//        await("async audit log saving").atMost(1, TimeUnit.SECONDS)
+//                .until(() -> getLogInAuditLogs().size() == 1);
+//        assertThat(getLogInAuditLogs().get(0)).satisfies(failedLogInAuditLog -> {
+//            assertThat(failedLogInAuditLog.getActionStatus()).isEqualTo(ActionStatus.FAILURE);
+//            assertThat(failedLogInAuditLog.getActionFailureDetails()).containsIgnoringCase("verification code is incorrect");
+//            assertThat(failedLogInAuditLog.getUserName()).isEqualTo(username);
+//        });
+//
+//        doPost("/api/auth/2fa/verification/check?verificationCode=" + getCorrectTotp(totpTwoFaAccountConfig))
+//                .andExpect(status().isOk());
+//        await("async audit log saving").atMost(1, TimeUnit.SECONDS)
+//                .until(() -> getLogInAuditLogs().size() == 2);
+//        assertThat(getLogInAuditLogs().get(0)).satisfies(successfulLogInAuditLog -> {
+//            assertThat(successfulLogInAuditLog.getActionStatus()).isEqualTo(ActionStatus.SUCCESS);
+//            assertThat(successfulLogInAuditLog.getUserName()).isEqualTo(username);
+//        });
+//        assertThat(userService.findUserById(tenantId, user.getId()).getAdditionalInfo()
+//                .get("lastLoginTs").asLong())
+//                .isGreaterThan(System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(3));
+//    }
+//
+//    private List<AuditLog> getLogInAuditLogs() {
+//        return auditLogService.findAuditLogsByTenantIdAndUserId(tenantId, user.getId(), List.of(ActionType.LOGIN),
+//                new TimePageLink(new PageLink(10, 0, null, new SortOrder("createdTime", SortOrder.Direction.DESC)), 0L, System.currentTimeMillis())).getData();
+//    }
+//
+//    @Test
+//    public void testAuthWithoutTwoFaAccountConfig() throws ThingsboardException {
+//        configureTotpTwoFa();
+//        twoFaConfigManager.deleteTwoFaAccountConfig(tenantId, user.getId(), );
+//
+//        assertDoesNotThrow(() -> {
+//            login(username, password);
+//        });
+//    }
+//
+//    private void logInWithPreVerificationToken() throws Exception {
+//        LoginRequest loginRequest = new LoginRequest(username, password);
+//
+//        JwtTokenPair response = readResponse(doPost("/api/auth/login", loginRequest).andExpect(status().isOk()), JwtTokenPair.class);
+//        assertThat(response.getToken()).isNotNull();
+//        assertThat(response.getRefreshToken()).isNull();
+//        assertThat(response.getScope()).isEqualTo(Authority.PRE_VERIFICATION_TOKEN);
+//
+//        this.token = response.getToken();
+//    }
+//
+//    private TotpTwoFaAccountConfig configureTotpTwoFa(Consumer<PlatformTwoFaSettings>... customizer) throws ThingsboardException {
+//        TotpTwoFaProviderConfig totpTwoFaProviderConfig = new TotpTwoFaProviderConfig();
+//        totpTwoFaProviderConfig.setIssuerName("tb");
+//
+//        PlatformTwoFaSettings twoFaSettings = new PlatformTwoFaSettings();
+//        twoFaSettings.setUseSystemTwoFactorAuthSettings(false);
+//        twoFaSettings.setProviders(Arrays.stream(new TwoFaProviderConfig[]{totpTwoFaProviderConfig}).collect(Collectors.toList()));
+//        Arrays.stream(customizer).forEach(c -> c.accept(twoFaSettings));
+//        twoFaConfigManager.savePlatformTwoFaSettings(tenantId, twoFaSettings);
+//
+//        TotpTwoFaAccountConfig totpTwoFaAccountConfig = (TotpTwoFaAccountConfig) twoFactorAuthService.generateNewAccountConfig(user, TwoFaProviderType.TOTP);
+//        twoFaConfigManager.saveTwoFaAccountConfig(tenantId, user.getId(), totpTwoFaAccountConfig);
+//        return totpTwoFaAccountConfig;
+//    }
+//
+//    private SmsTwoFaAccountConfig configureSmsTwoFa(Consumer<SmsTwoFaProviderConfig>... customizer) throws ThingsboardException {
+//        SmsTwoFaProviderConfig smsTwoFaProviderConfig = new SmsTwoFaProviderConfig();
+//        smsTwoFaProviderConfig.setVerificationCodeLifetime(60);
+//        smsTwoFaProviderConfig.setSmsVerificationMessageTemplate("${verificationCode}");
+//        Arrays.stream(customizer).forEach(c -> c.accept(smsTwoFaProviderConfig));
+//
+//        PlatformTwoFaSettings twoFaSettings = new PlatformTwoFaSettings();
+//        twoFaSettings.setUseSystemTwoFactorAuthSettings(false);
+//        twoFaSettings.setProviders(Arrays.stream(new TwoFaProviderConfig[]{smsTwoFaProviderConfig}).collect(Collectors.toList()));
+//        twoFaConfigManager.savePlatformTwoFaSettings(tenantId, twoFaSettings);
+//
+//        SmsTwoFaAccountConfig smsTwoFaAccountConfig = new SmsTwoFaAccountConfig();
+//        smsTwoFaAccountConfig.setPhoneNumber("+38050505050");
+//        twoFaConfigManager.saveTwoFaAccountConfig(tenantId, user.getId(), smsTwoFaAccountConfig);
+//        return smsTwoFaAccountConfig;
+//    }
+//
+//    private String getCorrectTotp(TotpTwoFaAccountConfig totpTwoFaAccountConfig) {
+//        String secret = StringUtils.substringAfterLast(totpTwoFaAccountConfig.getAuthUrl(), "secret=");
+//        return new Totp(secret).now();
+//    }
 
 }
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/UserAuthSettings.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/UserAuthSettings.java
index 769f861435..1c4eba8a5d 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/UserAuthSettings.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/UserAuthSettings.java
@@ -20,7 +20,7 @@ import lombok.EqualsAndHashCode;
 import org.thingsboard.server.common.data.BaseData;
 import org.thingsboard.server.common.data.id.UserAuthSettingsId;
 import org.thingsboard.server.common.data.id.UserId;
-import org.thingsboard.server.common.data.security.model.mfa.account.TwoFactorAuthAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.account.AccountTwoFaSettings;
 
 @Data
 @EqualsAndHashCode(callSuper = true)
@@ -29,6 +29,6 @@ public class UserAuthSettings extends BaseData<UserAuthSettingsId> {
     private static final long serialVersionUID = 2628320657987010348L;
 
     private UserId userId;
-    private TwoFactorAuthAccountConfig twoFaAccountConfig;
+    private AccountTwoFaSettings twoFaSettings;
 
 }
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/TwoFactorAuthSettings.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
similarity index 92%
rename from common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/TwoFactorAuthSettings.java
rename to common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
index 49d5b64b4b..749eb08329 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/TwoFactorAuthSettings.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
@@ -18,8 +18,8 @@ package org.thingsboard.server.common.data.security.model.mfa;
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderConfig;
 
 import javax.validation.Valid;
 import javax.validation.constraints.Min;
@@ -29,7 +29,7 @@ import java.util.Optional;
 
 @Data
 @ApiModel
-public class TwoFactorAuthSettings {
+public class PlatformTwoFaSettings {
 
     @ApiModelProperty(value = "Option for tenant admins to use 2FA settings configured by sysadmin. " +
             "If this param is set to true, then the settings will not be validated for constraints " +
@@ -37,7 +37,7 @@ public class TwoFactorAuthSettings {
     private boolean useSystemTwoFactorAuthSettings;
     @ApiModelProperty(value = "The list of 2FA providers' configs. Users will only be allowed to use 2FA providers from this list.")
     @Valid
-    private List<TwoFactorAuthProviderConfig> providers;
+    private List<TwoFaProviderConfig> providers;
 
     @ApiModelProperty(value = "Rate limit configuration for verification code sending. The format is standard: 'amountOfRequests:periodInSeconds'. " +
             "The value of '1:60' would limit verification code sending requests to one per minute.", example = "1:60", required = false)
@@ -55,7 +55,7 @@ public class TwoFactorAuthSettings {
     private Integer totalAllowedTimeForVerification;
 
 
-    public Optional<TwoFactorAuthProviderConfig> getProviderConfig(TwoFactorAuthProviderType providerType) {
+    public Optional<TwoFaProviderConfig> getProviderConfig(TwoFaProviderType providerType) {
         return Optional.ofNullable(providers)
                 .flatMap(providersConfigs -> providersConfigs.stream()
                         .filter(providerConfig -> providerConfig.getProviderType() == providerType)
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/AccountTwoFaSettings.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/AccountTwoFaSettings.java
new file mode 100644
index 0000000000..d621f47a71
--- /dev/null
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/AccountTwoFaSettings.java
@@ -0,0 +1,26 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.common.data.security.model.mfa.account;
+
+import lombok.Data;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
+
+import java.util.LinkedHashMap;
+
+@Data
+public class AccountTwoFaSettings {
+    private LinkedHashMap<TwoFaProviderType, TwoFaAccountConfig> configs;
+}
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/OtpBasedTwoFactorAuthAccountConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/OtpBasedTwoFaAccountConfig.java
similarity index 82%
rename from common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/OtpBasedTwoFactorAuthAccountConfig.java
rename to common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/OtpBasedTwoFaAccountConfig.java
index c58287556b..67e66d3886 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/OtpBasedTwoFactorAuthAccountConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/OtpBasedTwoFaAccountConfig.java
@@ -16,7 +16,9 @@
 package org.thingsboard.server.common.data.security.model.mfa.account;
 
 import lombok.Data;
+import lombok.EqualsAndHashCode;
 
 @Data
-public abstract class OtpBasedTwoFactorAuthAccountConfig implements TwoFactorAuthAccountConfig {
+@EqualsAndHashCode(callSuper = true)
+public abstract class OtpBasedTwoFaAccountConfig extends TwoFaAccountConfig {
 }
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/SmsTwoFactorAuthAccountConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/SmsTwoFaAccountConfig.java
similarity index 86%
rename from common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/SmsTwoFactorAuthAccountConfig.java
rename to common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/SmsTwoFaAccountConfig.java
index 2863f3f42e..67d9d499ae 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/SmsTwoFactorAuthAccountConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/SmsTwoFaAccountConfig.java
@@ -19,7 +19,7 @@ import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
 
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.Pattern;
@@ -27,7 +27,7 @@ import javax.validation.constraints.Pattern;
 @ApiModel
 @EqualsAndHashCode(callSuper = true)
 @Data
-public class SmsTwoFactorAuthAccountConfig extends OtpBasedTwoFactorAuthAccountConfig {
+public class SmsTwoFaAccountConfig extends OtpBasedTwoFaAccountConfig {
 
     @ApiModelProperty(value = "Phone number to use for 2FA. Must no be blank and must be of E.164 number format.", required = true)
     @NotBlank(message = "phone number cannot be blank")
@@ -35,8 +35,8 @@ public class SmsTwoFactorAuthAccountConfig extends OtpBasedTwoFactorAuthAccountC
     private String phoneNumber;
 
     @Override
-    public TwoFactorAuthProviderType getProviderType() {
-        return TwoFactorAuthProviderType.SMS;
+    public TwoFaProviderType getProviderType() {
+        return TwoFaProviderType.SMS;
     }
 
 }
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TotpTwoFactorAuthAccountConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TotpTwoFaAccountConfig.java
similarity index 84%
rename from common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TotpTwoFactorAuthAccountConfig.java
rename to common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TotpTwoFaAccountConfig.java
index cc1171a713..ecafde86ce 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TotpTwoFactorAuthAccountConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TotpTwoFaAccountConfig.java
@@ -18,14 +18,16 @@ package org.thingsboard.server.common.data.security.model.mfa.account;
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
+import lombok.EqualsAndHashCode;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
 
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.Pattern;
 
-@ApiModel
+@ApiModel // FIXME [viacheslav]
 @Data
-public class TotpTwoFactorAuthAccountConfig implements TwoFactorAuthAccountConfig {
+@EqualsAndHashCode(callSuper = true)
+public class TotpTwoFaAccountConfig extends TwoFaAccountConfig {
 
     @ApiModelProperty(value = "OTP auth URL used to generate a QR code to scan with an authenticator app. Must not be blank and must follow specific pattern.",
             example = "otpauth://totp/ThingsBoard:tenant@thingsboard.org?issuer=ThingsBoard&secret=FUNBIM3CXFNNGQR6ZIPVWHP65PPFWDII", required = true)
@@ -34,8 +36,9 @@ public class TotpTwoFactorAuthAccountConfig implements TwoFactorAuthAccountConfi
     private String authUrl;
 
     @Override
-    public TwoFactorAuthProviderType getProviderType() {
-        return TwoFactorAuthProviderType.TOTP;
+    public TwoFaProviderType getProviderType() {
+        return TwoFaProviderType.TOTP;
     }
 
 }
+
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TwoFactorAuthAccountConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TwoFaAccountConfig.java
similarity index 79%
rename from common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TwoFactorAuthAccountConfig.java
rename to common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TwoFaAccountConfig.java
index fc1c9bc636..5d366205cd 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TwoFactorAuthAccountConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TwoFaAccountConfig.java
@@ -20,19 +20,23 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonSubTypes;
 import com.fasterxml.jackson.annotation.JsonSubTypes.Type;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFactorAuthProviderType;
+import lombok.Data;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
 
 @JsonIgnoreProperties(ignoreUnknown = true)
 @JsonTypeInfo(
         use = JsonTypeInfo.Id.NAME,
         property = "providerType")
 @JsonSubTypes({
-        @Type(name = "TOTP", value = TotpTwoFactorAuthAccountConfig.class),
-        @Type(name = "SMS", value = SmsTwoFactorAuthAccountConfig.class)
+        @Type(name = "TOTP", value = TotpTwoFaAccountConfig.class),
+        @Type(name = "SMS", value = SmsTwoFaAccountConfig.class)
 })
-public interface TwoFactorAuthAccountConfig {
+@Data
+public abstract class TwoFaAccountConfig {
+
+    private boolean useByDefault;
 
     @JsonIgnore
-    TwoFactorAuthProviderType getProviderType();
+    public abstract TwoFaProviderType getProviderType();
 
 }
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/OtpBasedTwoFactorAuthProviderConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/OtpBasedTwoFaProviderConfig.java
similarity index 91%
rename from common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/OtpBasedTwoFactorAuthProviderConfig.java
rename to common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/OtpBasedTwoFaProviderConfig.java
index 655816fcc6..23d64c79aa 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/OtpBasedTwoFactorAuthProviderConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/OtpBasedTwoFaProviderConfig.java
@@ -21,7 +21,7 @@ import lombok.Data;
 import javax.validation.constraints.Min;
 
 @Data
-public abstract class OtpBasedTwoFactorAuthProviderConfig implements TwoFactorAuthProviderConfig {
+public abstract class OtpBasedTwoFaProviderConfig implements TwoFaProviderConfig {
     @ApiModelProperty(value = "Verification code lifetime in seconds. Verification codes with a lifetime bigger than this param " +
             "will be considered incorrect", example = "60", required = true)
     @Min(value = 1, message = "verification code lifetime is required")
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/SmsTwoFactorAuthProviderConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/SmsTwoFaProviderConfig.java
similarity index 85%
rename from common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/SmsTwoFactorAuthProviderConfig.java
rename to common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/SmsTwoFaProviderConfig.java
index 4096fe36f4..81efb7058e 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/SmsTwoFactorAuthProviderConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/SmsTwoFaProviderConfig.java
@@ -23,10 +23,10 @@ import lombok.EqualsAndHashCode;
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.Pattern;
 
-@ApiModel(parent = OtpBasedTwoFactorAuthProviderConfig.class)
+@ApiModel(parent = OtpBasedTwoFaProviderConfig.class)
 @EqualsAndHashCode(callSuper = true)
 @Data
-public class SmsTwoFactorAuthProviderConfig extends OtpBasedTwoFactorAuthProviderConfig {
+public class SmsTwoFaProviderConfig extends OtpBasedTwoFaProviderConfig {
 
     @ApiModelProperty(value = "SMS verification message template. Available template variables are ${verificationCode} and ${userEmail}. " +
             "It must not be blank and must contain verification code variable.",
@@ -36,8 +36,8 @@ public class SmsTwoFactorAuthProviderConfig extends OtpBasedTwoFactorAuthProvide
     private String smsVerificationMessageTemplate;
 
     @Override
-    public TwoFactorAuthProviderType getProviderType() {
-        return TwoFactorAuthProviderType.SMS;
+    public TwoFaProviderType getProviderType() {
+        return TwoFaProviderType.SMS;
     }
 
 }
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TotpTwoFactorAuthProviderConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TotpTwoFaProviderConfig.java
similarity index 85%
rename from common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TotpTwoFactorAuthProviderConfig.java
rename to common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TotpTwoFaProviderConfig.java
index df44a662ec..b631d367e5 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TotpTwoFactorAuthProviderConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TotpTwoFaProviderConfig.java
@@ -23,7 +23,7 @@ import javax.validation.constraints.NotBlank;
 
 @ApiModel
 @Data
-public class TotpTwoFactorAuthProviderConfig implements TwoFactorAuthProviderConfig {
+public class TotpTwoFaProviderConfig implements TwoFaProviderConfig {
 
     @ApiModelProperty(value = "Issuer name that will be displayed in an authenticator app near a username. " +
             "Must not be blank.", example = "ThingsBoard", required = true)
@@ -31,8 +31,8 @@ public class TotpTwoFactorAuthProviderConfig implements TwoFactorAuthProviderCon
     private String issuerName;
 
     @Override
-    public TwoFactorAuthProviderType getProviderType() {
-        return TwoFactorAuthProviderType.TOTP;
+    public TwoFaProviderType getProviderType() {
+        return TwoFaProviderType.TOTP;
     }
 
 }
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFactorAuthProviderConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFaProviderConfig.java
similarity index 82%
rename from common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFactorAuthProviderConfig.java
rename to common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFaProviderConfig.java
index 24458af562..69d9989af4 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFactorAuthProviderConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFaProviderConfig.java
@@ -26,12 +26,12 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
         use = JsonTypeInfo.Id.NAME,
         property = "providerType")
 @JsonSubTypes({
-        @Type(name = "TOTP", value = TotpTwoFactorAuthProviderConfig.class),
-        @Type(name = "SMS", value = SmsTwoFactorAuthProviderConfig.class)
+        @Type(name = "TOTP", value = TotpTwoFaProviderConfig.class),
+        @Type(name = "SMS", value = SmsTwoFaProviderConfig.class)
 })
-public interface TwoFactorAuthProviderConfig {
+public interface TwoFaProviderConfig {
 
     @JsonIgnore
-    TwoFactorAuthProviderType getProviderType();
+    TwoFaProviderType getProviderType();
 
 }
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFactorAuthProviderType.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFaProviderType.java
similarity index 94%
rename from common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFactorAuthProviderType.java
rename to common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFaProviderType.java
index 04e4401395..7e6f25195e 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFactorAuthProviderType.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFaProviderType.java
@@ -15,7 +15,7 @@
  */
 package org.thingsboard.server.common.data.security.model.mfa.provider;
 
-public enum TwoFactorAuthProviderType {
+public enum TwoFaProviderType {
     TOTP,
     SMS
 }
diff --git a/common/message/src/main/java/org/thingsboard/server/common/msg/tools/TbRateLimits.java b/common/message/src/main/java/org/thingsboard/server/common/msg/tools/TbRateLimits.java
index f7a75381c9..90df7fb266 100644
--- a/common/message/src/main/java/org/thingsboard/server/common/msg/tools/TbRateLimits.java
+++ b/common/message/src/main/java/org/thingsboard/server/common/msg/tools/TbRateLimits.java
@@ -28,6 +28,7 @@ import java.time.Duration;
  */
 public class TbRateLimits {
     private final LocalBucket bucket;
+    private final String config;
 
     public TbRateLimits(String limitsConfiguration) {
         this(limitsConfiguration, false);
@@ -48,6 +49,7 @@ public class TbRateLimits {
         } else {
             throw new IllegalArgumentException("Failed to parse rate limits configuration: " + limitsConfiguration);
         }
+        this.config = limitsConfiguration;
     }
 
     public boolean tryConsume() {
@@ -58,4 +60,8 @@ public class TbRateLimits {
         return bucket.tryConsume(number);
     }
 
+    public String getConfig() {
+        return config;
+    }
+
 }
diff --git a/dao/src/main/java/org/thingsboard/server/dao/model/ModelConstants.java b/dao/src/main/java/org/thingsboard/server/dao/model/ModelConstants.java
index d054b2b051..a5da95ca37 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/model/ModelConstants.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/model/ModelConstants.java
@@ -564,7 +564,7 @@ public class ModelConstants {
      * */
     public static final String USER_AUTH_SETTINGS_COLUMN_FAMILY_NAME = "user_auth_settings";
     public static final String USER_AUTH_SETTINGS_USER_ID_PROPERTY = USER_ID_PROPERTY;
-    public static final String USER_AUTH_SETTINGS_TWO_FA_ACCOUNT_CONFIG_PROPERTY = "mfa_account_config";
+    public static final String USER_AUTH_SETTINGS_TWO_FA_SETTINGS = "two_fa_settings";
 
     /**
      * Cassandra attributes and timeseries constants.
diff --git a/dao/src/main/java/org/thingsboard/server/dao/model/sql/UserAuthSettingsEntity.java b/dao/src/main/java/org/thingsboard/server/dao/model/sql/UserAuthSettingsEntity.java
index 59c24c3405..1728fca936 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/model/sql/UserAuthSettingsEntity.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/model/sql/UserAuthSettingsEntity.java
@@ -25,7 +25,8 @@ import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.server.common.data.id.UserAuthSettingsId;
 import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.security.UserAuthSettings;
-import org.thingsboard.server.common.data.security.model.mfa.account.TwoFactorAuthAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.account.AccountTwoFaSettings;
+import org.thingsboard.server.common.data.security.model.mfa.account.TwoFaAccountConfig;
 import org.thingsboard.server.dao.model.BaseEntity;
 import org.thingsboard.server.dao.model.BaseSqlEntity;
 import org.thingsboard.server.dao.model.ModelConstants;
@@ -47,8 +48,8 @@ public class UserAuthSettingsEntity extends BaseSqlEntity<UserAuthSettings> impl
     @Column(name = ModelConstants.USER_AUTH_SETTINGS_USER_ID_PROPERTY, nullable = false, unique = true)
     private UUID userId;
     @Type(type = "json")
-    @Column(name = ModelConstants.USER_AUTH_SETTINGS_TWO_FA_ACCOUNT_CONFIG_PROPERTY)
-    private JsonNode twoFaAccountConfig;
+    @Column(name = ModelConstants.USER_AUTH_SETTINGS_TWO_FA_SETTINGS)
+    private JsonNode twoFaSettings;
 
     public UserAuthSettingsEntity(UserAuthSettings userAuthSettings) {
         if (userAuthSettings.getId() != null) {
@@ -58,8 +59,8 @@ public class UserAuthSettingsEntity extends BaseSqlEntity<UserAuthSettings> impl
         if (userAuthSettings.getUserId() != null) {
             this.userId = userAuthSettings.getUserId().getId();
         }
-        if (userAuthSettings.getTwoFaAccountConfig() != null) {
-            this.twoFaAccountConfig = JacksonUtil.valueToTree(userAuthSettings.getTwoFaAccountConfig());
+        if (userAuthSettings.getTwoFaSettings() != null) {
+            this.twoFaSettings = JacksonUtil.valueToTree(userAuthSettings.getTwoFaSettings());
         }
     }
 
@@ -71,8 +72,8 @@ public class UserAuthSettingsEntity extends BaseSqlEntity<UserAuthSettings> impl
         if (userId != null) {
             userAuthSettings.setUserId(new UserId(userId));
         }
-        if (twoFaAccountConfig != null) {
-            userAuthSettings.setTwoFaAccountConfig(JacksonUtil.treeToValue(twoFaAccountConfig, TwoFactorAuthAccountConfig.class));
+        if (twoFaSettings != null) {
+            userAuthSettings.setTwoFaSettings(JacksonUtil.treeToValue(twoFaSettings, AccountTwoFaSettings.class));
         }
         return userAuthSettings;
     }
diff --git a/dao/src/main/resources/sql/schema-entities.sql b/dao/src/main/resources/sql/schema-entities.sql
index 8ee0854ae9..9f9348dc55 100644
--- a/dao/src/main/resources/sql/schema-entities.sql
+++ b/dao/src/main/resources/sql/schema-entities.sql
@@ -699,5 +699,5 @@ CREATE TABLE IF NOT EXISTS user_auth_settings (
     id uuid NOT NULL CONSTRAINT user_auth_settings_pkey PRIMARY KEY,
     created_time bigint NOT NULL,
     user_id uuid UNIQUE NOT NULL CONSTRAINT fk_user_auth_settings_user_id REFERENCES tb_user(id),
-    mfa_account_config varchar
+    two_fa_settings varchar
 );

From 4480badd7862b546b471e29e5542ffb75fcc05d2 Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Thu, 5 May 2022 18:08:54 +0300
Subject: [PATCH 30/92] Email 2FA provider; 2FA API improvements

---
 .../controller/TwoFaConfigController.java     | 168 +++++++++++++-----
 .../controller/TwoFactorAuthController.java   |  11 +-
 .../service/mail/DefaultMailService.java      |   9 +-
 .../mfa/config/DefaultTwoFaConfigManager.java |  46 ++---
 .../auth/mfa/config/TwoFaConfigManager.java   |   3 +-
 .../auth/mfa/provider/TwoFaProvider.java      |   4 +-
 .../mfa/provider/impl/EmailTwoFaProvider.java |  57 ++++++
 .../provider/impl/OtpBasedTwoFaProvider.java  |  14 +-
 .../mfa/provider/impl/TotpTwoFaProvider.java  |   2 +-
 .../model/mfa/PlatformTwoFaSettings.java      |  15 +-
 .../mfa/account/EmailTwoFaAccountConfig.java  |  38 ++++
 .../mfa/account/SmsTwoFaAccountConfig.java    |   4 -
 .../mfa/account/TotpTwoFaAccountConfig.java   |   5 -
 .../model/mfa/account/TwoFaAccountConfig.java |   3 +-
 .../provider/EmailTwoFaProviderConfig.java    |  30 ++++
 .../provider/OtpBasedTwoFaProviderConfig.java |   5 +-
 .../mfa/provider/SmsTwoFaProviderConfig.java  |   6 -
 .../mfa/provider/TotpTwoFaProviderConfig.java |   5 -
 .../mfa/provider/TwoFaProviderConfig.java     |   3 +-
 .../model/mfa/provider/TwoFaProviderType.java |   3 +-
 .../rule/engine/api/MailService.java          |   4 +-
 21 files changed, 313 insertions(+), 122 deletions(-)
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFaProvider.java
 create mode 100644 common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/EmailTwoFaAccountConfig.java
 create mode 100644 common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/EmailTwoFaProviderConfig.java

diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
index 6eb192b7e2..60541b1ce4 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
@@ -33,7 +33,6 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 import org.thingsboard.common.util.JacksonUtil;
-import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.security.model.mfa.PlatformTwoFaSettings;
 import org.thingsboard.server.common.data.security.model.mfa.account.AccountTwoFaSettings;
@@ -51,6 +50,7 @@ import javax.servlet.http.HttpServletResponse;
 import javax.validation.Valid;
 import java.util.Collections;
 import java.util.List;
+import java.util.Map;
 import java.util.stream.Collectors;
 
 import static org.thingsboard.server.controller.ControllerConstants.NEW_LINE;
@@ -65,20 +65,15 @@ public class TwoFaConfigController extends BaseController {
     private final TwoFactorAuthService twoFactorAuthService;
 
 
-    @ApiOperation(value = "Get 2FA account config (getTwoFaAccountConfig)",
-            notes = "Get user's account 2FA configuration. Returns empty result if user did not configured 2FA, " +
-                    "or if a provider for previously set up account config is not now configured." + NEW_LINE +
-                    ControllerConstants.AVAILABLE_FOR_ANY_AUTHORIZED_USER + NEW_LINE +
-                    "Response example for TOTP 2FA: " + NEW_LINE +
-                    "```\n{\n" +
-                    "  \"providerType\": \"TOTP\",\n" +
-                    "  \"authUrl\": \"otpauth://totp/ThingsBoard:tenant@thingsboard.org?issuer=ThingsBoard&secret=FUNBIM3CXFNNGQR6ZIPVWHP65PPFWDII\"\n" +
-                    "}\n```" + NEW_LINE +
-                    "Response example for SMS 2FA: " + NEW_LINE +
-                    "```\n{\n" +
-                    "  \"providerType\": \"SMS\",\n" +
-                    "  \"phoneNumber\": \"+380505005050\"\n" +
-                    "}\n```")
+    @ApiOperation(value = "Get account 2FA settings (getAccountTwoFaSettings)",
+            notes = "Get user's account 2FA configuration. Configuration contains configs for different 2FA providers." + NEW_LINE +
+                    "Example:\n" +
+                    "```\n{\n  \"configs\": {\n" +
+                    "    \"EMAIL\": {\n      \"providerType\": \"EMAIL\",\n      \"useByDefault\": true,\n      \"email\": \"tenant@thingsboard.org\"\n    },\n" +
+                    "    \"TOTP\": {\n      \"providerType\": \"TOTP\",\n      \"useByDefault\": false,\n      \"authUrl\": \"otpauth://totp/TB%202FA:tenant@thingsboard.org?issuer=TB+2FA&secret=P6Z2TLYTASOGP6LCJZAD24ETT5DACNNX\"\n    },\n" +
+                    "    \"SMS\": {\n      \"providerType\": \"SMS\",\n      \"useByDefault\": false,\n      \"phoneNumber\": \"+380501253652\"\n    }\n" +
+                    "  }\n}\n```" +
+                    ControllerConstants.AVAILABLE_FOR_ANY_AUTHORIZED_USER)
     @GetMapping("/account/settings")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
     public AccountTwoFaSettings getAccountTwoFaSettings() throws ThingsboardException {
@@ -88,24 +83,29 @@ public class TwoFaConfigController extends BaseController {
 
 
     @ApiOperation(value = "Generate 2FA account config (generateTwoFaAccountConfig)",
-            notes = "Generate new 2FA account config for specified provider type. " +
-                    "This method is only useful for TOTP 2FA, as there is nothing to generate for other provider types. " +
+            notes = "Generate new 2FA account config template for specified provider type. " + NEW_LINE +
                     "For TOTP, this will return a corresponding account config template " +
                     "with a generated OTP auth URL (with new random secret key for each API call) that can be then " +
-                    "converted to a QR code to scan with an authenticator app. " +
-                    "For other provider types, this method will return an empty config. " + NEW_LINE +
-                    "Will throw an error (Bad Request) if the provider is not configured for usage. " +
-                    ControllerConstants.AVAILABLE_FOR_ANY_AUTHORIZED_USER + NEW_LINE +
-                    "Example of a generated account config for TOTP 2FA: " + NEW_LINE +
+                    "converted to a QR code to scan with an authenticator app. Example:\n" +
                     "```\n{\n" +
                     "  \"providerType\": \"TOTP\",\n" +
-                    "  \"authUrl\": \"otpauth://totp/ThingsBoard:tenant@thingsboard.org?issuer=ThingsBoard&secret=FUNBIM3CXFNNGQR6ZIPVWHP65PPFWDII\"\n" +
+                    "  \"useByDefault\": false,\n" +
+                    "  \"authUrl\": \"otpauth://totp/TB%202FA:tenant@thingsboard.org?issuer=TB+2FA&secret=PNJDNWJVAK4ZTUYT7RFGPQLXA7XGU7PX\"\n" +
                     "}\n```" + NEW_LINE +
-                    "For SMS provider type it will return something like: " + NEW_LINE +
+                    "For EMAIL, the generated config will contain email from user's account:\n" +
+                    "```\n{\n" +
+                    "  \"providerType\": \"EMAIL\",\n" +
+                    "  \"useByDefault\": false,\n" +
+                    "  \"email\": \"tenant@thingsboard.org\"\n" +
+                    "}\n```" + NEW_LINE +
+                    "For SMS 2FA this method will just return a config with empty/default values as there is nothing to generate/preset:\n" +
                     "```\n{\n" +
                     "  \"providerType\": \"SMS\",\n" +
+                    "  \"useByDefault\": false,\n" +
                     "  \"phoneNumber\": null\n" +
-                    "}\n```")
+                    "}\n```" + NEW_LINE +
+                    "Will throw an error (Bad Request) if the provider is not configured for usage. " +
+                    ControllerConstants.AVAILABLE_FOR_ANY_AUTHORIZED_USER)
     @PostMapping("/account/config/generate")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
     public TwoFaAccountConfig generateTwoFaAccountConfig(@ApiParam(value = "2FA provider type to generate new account config for", defaultValue = "TOTP", required = true)
@@ -133,51 +133,84 @@ public class TwoFaConfigController extends BaseController {
             notes = "Submit 2FA account config to prepare for a future verification. " +
                     "Basically, this method will send a verification code for a given account config, if this has " +
                     "sense for a chosen 2FA provider. This code is needed to then verify and save the account config." + NEW_LINE +
+                    "Example of EMAIL 2FA account config:\n" +
+                    "```\n{\n" +
+                    "  \"providerType\": \"EMAIL\",\n" +
+                    "  \"useByDefault\": true,\n" +
+                    "  \"email\": \"separate-email-for-2fa@thingsboard.org\"\n" +
+                    "}\n```" + NEW_LINE +
+                    "Example of SMS 2FA account config:\n" +
+                    "```\n{\n" +
+                    "  \"providerType\": \"SMS\",\n" +
+                    "  \"useByDefault\": false,\n" +
+                    "  \"phoneNumber\": \"+38012312321\"\n" +
+                    "}\n```" + NEW_LINE +
+                    "For TOTP this method does nothing." + NEW_LINE +
                     "Will throw an error (Bad Request) if submitted account config is not valid, " +
                     "or if the provider is not configured for usage. " +
                     ControllerConstants.AVAILABLE_FOR_ANY_AUTHORIZED_USER)
     @PostMapping("/account/config/submit")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
-    public void submitTwoFaAccountConfig(@ApiParam(value = "2FA account config value. For TOTP 2FA config, authUrl value must not be blank and must match specific pattern. " +
-            "For SMS 2FA, phoneNumber property must not be blank and must be of E.164 phone number format.", required = true)
-                                         @Valid @RequestBody TwoFaAccountConfig accountConfig) throws Exception {
+    public void submitTwoFaAccountConfig(@Valid @RequestBody TwoFaAccountConfig accountConfig) throws Exception {
         SecurityUser user = getCurrentUser();
         twoFactorAuthService.prepareVerificationCode(user, accountConfig, false);
     }
 
     @ApiOperation(value = "Verify and save 2FA account config (verifyAndSaveTwoFaAccountConfig)",
-            notes = "Checks the verification code for submitted config, and if it is correct, saves the provided account config. " +
-                    "The config is stored in the user's additionalInfo. " + NEW_LINE +
+            notes = "Checks the verification code for submitted config, and if it is correct, saves the provided account config. " + NEW_LINE +
+                    "Returns whole account's 2FA settings object.\n" +
                     "Will throw an error (Bad Request) if the provider is not configured for usage. " +
                     ControllerConstants.AVAILABLE_FOR_ANY_AUTHORIZED_USER)
     @PostMapping("/account/config")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
-    public AccountTwoFaSettings verifyAndSaveTwoFaAccountConfig(@ApiParam(value = "2FA account config to save. Validation rules are the same as in submitTwoFaAccountConfig API method", required = true)
-                                                                @Valid @RequestBody TwoFaAccountConfig accountConfig,
-                                                                @ApiParam(value = "6-digit code from an authenticator app in case of TOTP 2FA, or the one sent via an SMS message in case of SMS 2FA", required = true)
+    public AccountTwoFaSettings verifyAndSaveTwoFaAccountConfig(@Valid @RequestBody TwoFaAccountConfig accountConfig,
+                                                                @ApiParam(value = "6-digit code from an authenticator app in case of TOTP 2FA, or the one sent via an SMS or email message in case of SMS or EMAIL 2FA", required = true)
                                                                 @RequestParam String verificationCode) throws Exception {
         SecurityUser user = getCurrentUser();
+        if (twoFaConfigManager.getTwoFaAccountConfig(user.getTenantId(), user.getId(), accountConfig.getProviderType()).isPresent()) {
+            throw new IllegalArgumentException("2FA provider is already configured");
+        }
+
         boolean verificationSuccess = twoFactorAuthService.checkVerificationCode(user, verificationCode, accountConfig, false);
         if (verificationSuccess) {
             return twoFaConfigManager.saveTwoFaAccountConfig(user.getTenantId(), user.getId(), accountConfig);
         } else {
-            throw new ThingsboardException("Verification code is incorrect", ThingsboardErrorCode.INVALID_ARGUMENTS);
+            throw new IllegalArgumentException("Verification code is incorrect");
         }
     }
 
+    @ApiOperation(value = "Update 2FA account config (updateTwoFaAccountConfig)", notes =
+            "Update config for a given provider type. \n" +
+                    "Update request example:\n" +
+                    "```\n{\n  \"useByDefault\": true\n}\n```\n" +
+                    "Returns whole account's 2FA settings object.\n" +
+                    ControllerConstants.AVAILABLE_FOR_ANY_AUTHORIZED_USER)
     @PutMapping("/account/config")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
     public AccountTwoFaSettings updateTwoFaAccountConfig(@RequestParam TwoFaProviderType providerType,
                                                          @RequestBody TwoFaAccountConfigUpdateRequest updateRequest) throws ThingsboardException {
         SecurityUser user = getCurrentUser();
-        TwoFaAccountConfig accountConfig = twoFaConfigManager.getTwoFaAccountConfig(user.getTenantId(), user.getId(), providerType)
-                .orElseThrow(() -> new IllegalArgumentException("No 2FA config for provider " + providerType));
 
+        AccountTwoFaSettings settings = twoFaConfigManager.getAccountTwoFaSettings(user.getTenantId(), user.getId())
+                .orElseThrow(() -> new IllegalArgumentException("No 2FA config found"));
+        Map<TwoFaProviderType, TwoFaAccountConfig> configs = settings.getConfigs();
+
+        TwoFaAccountConfig accountConfig;
+        if ((accountConfig = configs.get(providerType)) == null) {
+            throw new IllegalArgumentException("Config for " + providerType + " 2FA provider not found");
+        }
+        if (updateRequest.isUseByDefault()) {
+            configs.values().forEach(config -> config.setUseByDefault(false));
+        }
         accountConfig.setUseByDefault(updateRequest.isUseByDefault());
-        return twoFaConfigManager.saveTwoFaAccountConfig(user.getTenantId(), user.getId(), accountConfig);
+
+        return twoFaConfigManager.saveAccountTwoFaSettings(user.getTenantId(), user.getId(), settings);
     }
 
-    @ApiOperation(value = "Delete 2FA account config (deleteTwoFaAccountConfig)",
-            notes = "Delete user's 2FA config. " + ControllerConstants.AVAILABLE_FOR_ANY_AUTHORIZED_USER)
+    @ApiOperation(value = "Delete 2FA account config (deleteTwoFaAccountConfig)", notes =
+            "Delete 2FA config for a given 2FA provider type. \n" +
+                    "Returns whole account's 2FA settings object.\n" +
+                    ControllerConstants.AVAILABLE_FOR_ANY_AUTHORIZED_USER)
     @DeleteMapping("/account/config")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
     public AccountTwoFaSettings deleteTwoFaAccountConfig(@RequestParam TwoFaProviderType providerType) throws ThingsboardException {
@@ -186,6 +219,12 @@ public class TwoFaConfigController extends BaseController {
     }
 
 
+    @ApiOperation(value = "Get available 2FA providers (getAvailableTwoFaProviders)", notes =
+            "Get the list of provider types available for user to use (the ones configured by tenant or sysadmin).\n" +
+                    "Example of response:\n" +
+                    "```\n[\n  \"TOTP\",\n  \"EMAIL\",\n  \"SMS\"\n]\n```" +
+                    ControllerConstants.AVAILABLE_FOR_ANY_AUTHORIZED_USER
+    )
     @GetMapping("/providers")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
     public List<TwoFaProviderType> getAvailableTwoFaProviders() throws ThingsboardException {
@@ -196,8 +235,9 @@ public class TwoFaConfigController extends BaseController {
     }
 
 
-    @ApiOperation(value = "Get 2FA settings (getTwoFaSettings)", // FIXME [viacheslav]
-            notes = "Get settings for 2FA. If 2FA is not configured, then an empty response will be returned." +
+    @ApiOperation(value = "Get platform 2FA settings (getPlatformTwoFaSettings)",
+            notes = "Get platform settings for 2FA. The settings are described for savePlatformTwoFaSettings API method. " +
+                    "If 2FA is not configured, then an empty response will be returned." +
                     ControllerConstants.SYSTEM_OR_TENANT_AUTHORITY_PARAGRAPH)
     @GetMapping("/settings")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
@@ -205,9 +245,49 @@ public class TwoFaConfigController extends BaseController {
         return twoFaConfigManager.getPlatformTwoFaSettings(getTenantId(), false).orElse(null);
     }
 
-    @ApiOperation(value = "Save 2FA settings (saveTwoFaSettings)",
-            notes = "Save settings for 2FA. If a user is sysadmin - the settings are saved as AdminSettings; " +
-                    "if it is a tenant admin - as a tenant attribute." +
+    @ApiOperation(value = "Save platform 2FA settings (savePlatformTwoFaSettings)",
+            notes = "Save 2FA settings for platform. The settings have following properties:\n" +
+                    "- `useSystemTwoFactorAuthSettings` - option for tenant admins to use 2FA settings configured by sysadmin. " +
+                    "If this param is set to true, then the settings will not be validated for constraints (if it is a tenant admin; for sysadmin this param is ignored).\n" +
+                    "- `providers` - the list of 2FA providers' configs. Users will only be allowed to use 2FA providers from this list. \n\n" +
+                    "- `verificationCodeSendRateLimit` - rate limit configuration for verification code sending. " +
+                    "The format is standard: 'amountOfRequests:periodInSeconds'. The value of '1:60' would limit verification " +
+                    "code sending requests to one per minute.\n" +
+                    "- `verificationCodeCheckRateLimit` - rate limit configuration for verification code checking.\n" +
+                    "- `maxVerificationFailuresBeforeUserLockout` - maximum number of verification failures before a user gets disabled.\n" +
+                    "- `totalAllowedTimeForVerification` - total amount of time in seconds allotted for verification. " +
+                    "Basically, this property sets a lifetime for pre-verification token. If not set, default value of 30 minutes is used.\n" + NEW_LINE +
+                    "TOTP 2FA provider config has following settings:\n" +
+                    "- `issuerName` - issuer name that will be displayed in an authenticator app near a username. Must not be blank.\n\n" +
+                    "For SMS 2FA provider:\n" +
+                    "- `smsVerificationMessageTemplate` - verification message template.  Available template variables " +
+                    "are ${verificationCode} and ${userEmail}. It must not be blank and must contain verification code variable.\n" +
+                    "- `verificationCodeLifetime` - verification code lifetime in seconds. Required to be positive.\n\n" +
+                    "For EMAIL provider type:\n" +
+                    "- `verificationCodeLifetime` - the same as for SMS." + NEW_LINE +
+                    "Example of the settings:\n" +
+                    "```\n{\n" +
+                    "  \"useSystemTwoFactorAuthSettings\": false,\n" +
+                    "  \"providers\": [\n" +
+                    "    {\n" +
+                    "      \"providerType\": \"TOTP\",\n" +
+                    "      \"issuerName\": \"TB\"\n" +
+                    "    },\n" +
+                    "    {\n" +
+                    "      \"providerType\": \"EMAIL\",\n" +
+                    "      \"verificationCodeLifetime\": 60\n" +
+                    "    },\n" +
+                    "    {\n" +
+                    "      \"providerType\": \"SMS\",\n" +
+                    "      \"verificationCodeLifetime\": 60,\n" +
+                    "      \"smsVerificationMessageTemplate\": \"Here is your verification code: ${verificationCode}\"\n" +
+                    "    }\n" +
+                    "  ],\n" +
+                    "  \"verificationCodeSendRateLimit\": \"1:60\",\n" +
+                    "  \"verificationCodeCheckRateLimit\": \"3:900\",\n" +
+                    "  \"maxVerificationFailuresBeforeUserLockout\": 10,\n" +
+                    "  \"totalAllowedTimeForVerification\": 600\n" +
+                    "}\n```" +
                     ControllerConstants.SYSTEM_OR_TENANT_AUTHORITY_PARAGRAPH)
     @PostMapping("/settings")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
index a1fe5a7cfc..a43a73896e 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@@ -84,8 +84,8 @@ public class TwoFactorAuthController extends BaseController {
                     "and Too Many Requests error if rate limits are exceeded.")
     @PostMapping("/verification/check")
     @PreAuthorize("hasAuthority('PRE_VERIFICATION_TOKEN')")
-    public JwtTokenPair checkTwoFaVerificationCode(@ApiParam(value = "6-digit verification code", required = true)
-                                                   @RequestParam TwoFaProviderType providerType,
+    public JwtTokenPair checkTwoFaVerificationCode(@RequestParam TwoFaProviderType providerType,
+                                                   @ApiParam(value = "6-digit verification code", required = true)
                                                    @RequestParam String verificationCode, HttpServletRequest servletRequest) throws Exception {
         SecurityUser user = getCurrentUser();
         boolean verificationSuccess = twoFactorAuthService.checkVerificationCode(user, providerType, verificationCode, true);
@@ -101,6 +101,13 @@ public class TwoFactorAuthController extends BaseController {
     }
 
 
+    @ApiOperation(value = "Get available 2FA providers (getAvailableTwoFaProviders)", notes =
+            "Get the list of 2FA provider infos available for user to use. Example:\n" +
+                    "```\n[\n" +
+                    "  {\n    \"type\": \"EMAIL\",\n    \"default\": true\n  },\n" +
+                    "  {\n    \"type\": \"TOTP\",\n    \"default\": false\n  },\n" +
+                    "  {\n    \"type\": \"SMS\",\n    \"default\": false\n  }\n" +
+                    "]\n```")
     @GetMapping("/providers")
     @PreAuthorize("hasAuthority('PRE_VERIFICATION_TOKEN')")
     public List<TwoFaProviderInfo> getAvailableTwoFaProviders() throws ThingsboardException {
diff --git a/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java b/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java
index fa7cb2b7ff..c6ae0c70e4 100644
--- a/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java
+++ b/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java
@@ -40,7 +40,6 @@ import org.thingsboard.server.common.data.ApiUsageStateValue;
 import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.CustomerId;
-import org.thingsboard.server.common.data.id.EntityId;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.dao.exception.IncorrectParameterException;
 import org.thingsboard.server.dao.settings.AdminSettingsService;
@@ -311,6 +310,14 @@ public class DefaultMailService implements MailService {
         sendMail(mailSender, mailFrom, email, subject, message);
     }
 
+    @Override
+    public void sendTwoFaVerificationEmail(String email, String verificationCode) throws ThingsboardException { // TODO [viacheslav]: mail template
+        String subject = "ThingsBoard two-factor authentication";
+        String message = "Your 2FA verification code: " + verificationCode;
+
+        sendMail(mailSender, mailFrom, email, subject, message);
+    }
+
     @Override
     public void sendApiFeatureStateEmail(ApiFeature apiFeature, ApiUsageStateValue stateValue, String email, ApiUsageStateMailMessage msg) throws ThingsboardException {
         String subject = messages.getMessage("api.usage.state", null, Locale.US);
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java
index 9f9b4e4b0a..75ca7b1e45 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java
@@ -68,6 +68,20 @@ public class DefaultTwoFaConfigManager implements TwoFaConfigManager {
                 });
     }
 
+    @Override
+    public AccountTwoFaSettings saveAccountTwoFaSettings(TenantId tenantId, UserId userId, AccountTwoFaSettings settings) {
+        UserAuthSettings userAuthSettings = Optional.ofNullable(userAuthSettingsDao.findByUserId(userId))
+                .orElseGet(() -> {
+                    UserAuthSettings newUserAuthSettings = new UserAuthSettings();
+                    newUserAuthSettings.setUserId(userId);
+                    return newUserAuthSettings;
+                });
+        userAuthSettings.setTwoFaSettings(settings);
+        userAuthSettingsDao.save(tenantId, userAuthSettings);
+        return settings;
+    }
+
+
     @Override
     public Optional<TwoFaAccountConfig> getTwoFaAccountConfig(TenantId tenantId, UserId userId, TwoFaProviderType providerType) {
         return getAccountTwoFaSettings(tenantId, userId)
@@ -80,33 +94,21 @@ public class DefaultTwoFaConfigManager implements TwoFaConfigManager {
         getTwoFaProviderConfig(tenantId, accountConfig.getProviderType())
                 .orElseThrow(() -> new IllegalArgumentException("2FA provider is not configured"));
 
-        return createOrUpdateAccountTwoFaSettings(tenantId, userId, accountTwoFaSettings -> {
-            Map<TwoFaProviderType, TwoFaAccountConfig> configs = accountTwoFaSettings.getConfigs();
-            configs.put(accountConfig.getProviderType(), accountConfig);
+        AccountTwoFaSettings settings = getAccountTwoFaSettings(tenantId, userId).orElseGet(() -> {
+            AccountTwoFaSettings newSettings = new AccountTwoFaSettings();
+            newSettings.setConfigs(new LinkedHashMap<>());
+            return newSettings;
         });
+        settings.getConfigs().put(accountConfig.getProviderType(), accountConfig);
+        return saveAccountTwoFaSettings(tenantId, userId, settings);
     }
 
     @Override
     public AccountTwoFaSettings deleteTwoFaAccountConfig(TenantId tenantId, UserId userId, TwoFaProviderType providerType) {
-        return createOrUpdateAccountTwoFaSettings(tenantId, userId, accountTwoFaSettings -> {
-            accountTwoFaSettings.getConfigs().keySet().removeIf(providerType::equals);
-        });
-    }
-
-    private AccountTwoFaSettings createOrUpdateAccountTwoFaSettings(TenantId tenantId, UserId userId, Consumer<AccountTwoFaSettings> updater) {
-        UserAuthSettings userAuthSettings = Optional.ofNullable(userAuthSettingsDao.findByUserId(userId))
-                .orElseGet(() -> {
-                    UserAuthSettings newUserAuthSettings = new UserAuthSettings();
-                    newUserAuthSettings.setUserId(userId);
-
-                    AccountTwoFaSettings newAccountTwoFaSettings = new AccountTwoFaSettings();
-                    newAccountTwoFaSettings.setConfigs(new LinkedHashMap<>());
-                    newUserAuthSettings.setTwoFaSettings(newAccountTwoFaSettings);
-                    return newUserAuthSettings;
-                });
-        updater.accept(userAuthSettings.getTwoFaSettings());
-        userAuthSettingsDao.save(tenantId, userAuthSettings);
-        return userAuthSettings.getTwoFaSettings();
+        AccountTwoFaSettings settings = getAccountTwoFaSettings(tenantId, userId)
+                .orElseThrow(() -> new IllegalArgumentException("2FA not configured"));
+        settings.getConfigs().remove(providerType);
+        return saveAccountTwoFaSettings(tenantId, userId, settings);
     }
 
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFaConfigManager.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFaConfigManager.java
index b0073338b7..f1a4590572 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFaConfigManager.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFaConfigManager.java
@@ -26,9 +26,10 @@ import java.util.Optional;
 
 public interface TwoFaConfigManager {
 
-
     Optional<AccountTwoFaSettings> getAccountTwoFaSettings(TenantId tenantId, UserId userId);
 
+    AccountTwoFaSettings saveAccountTwoFaSettings(TenantId tenantId, UserId userId, AccountTwoFaSettings settings);
+
     Optional<TwoFaAccountConfig> getTwoFaAccountConfig(TenantId tenantId, UserId userId, TwoFaProviderType providerType);
 
     AccountTwoFaSettings saveTwoFaAccountConfig(TenantId tenantId, UserId userId, TwoFaAccountConfig accountConfig);
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFaProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFaProvider.java
index 4d4db92af1..e5c278942b 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFaProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFaProvider.java
@@ -26,9 +26,9 @@ public interface TwoFaProvider<C extends TwoFaProviderConfig, A extends TwoFaAcc
 
     A generateNewAccountConfig(User user, C providerConfig);
 
-    default void prepareVerificationCode(SecurityUser securityUser, C providerConfig, A accountConfig) throws ThingsboardException {}
+    default void prepareVerificationCode(SecurityUser user, C providerConfig, A accountConfig) throws ThingsboardException {}
 
-    boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, C providerConfig, A accountConfig);
+    boolean checkVerificationCode(SecurityUser user, String verificationCode, C providerConfig, A accountConfig);
 
 
     TwoFaProviderType getType();
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFaProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFaProvider.java
new file mode 100644
index 0000000000..984292668c
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFaProvider.java
@@ -0,0 +1,57 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.mfa.provider.impl;
+
+import org.springframework.cache.CacheManager;
+import org.springframework.stereotype.Service;
+import org.thingsboard.rule.engine.api.MailService;
+import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.security.model.mfa.account.EmailTwoFaAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.EmailTwoFaProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
+import org.thingsboard.server.queue.util.TbCoreComponent;
+import org.thingsboard.server.service.security.model.SecurityUser;
+
+@Service
+@TbCoreComponent
+public class EmailTwoFaProvider extends OtpBasedTwoFaProvider<EmailTwoFaProviderConfig, EmailTwoFaAccountConfig> {
+
+    private final MailService mailService;
+
+    protected EmailTwoFaProvider(CacheManager cacheManager, MailService mailService) {
+        super(cacheManager);
+        this.mailService = mailService;
+    }
+
+    @Override
+    public EmailTwoFaAccountConfig generateNewAccountConfig(User user, EmailTwoFaProviderConfig providerConfig) {
+        EmailTwoFaAccountConfig config = new EmailTwoFaAccountConfig();
+        config.setEmail(user.getEmail());
+        return config;
+    }
+
+    @Override
+    protected void sendVerificationCode(SecurityUser user, String verificationCode, EmailTwoFaProviderConfig providerConfig, EmailTwoFaAccountConfig accountConfig) throws ThingsboardException {
+        mailService.sendTwoFaVerificationEmail(accountConfig.getEmail(), verificationCode);
+    }
+
+    @Override
+    public TwoFaProviderType getType() {
+        return TwoFaProviderType.EMAIL;
+    }
+
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFaProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFaProvider.java
index 30f6fe4f50..f270316d2d 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFaProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFaProvider.java
@@ -38,27 +38,27 @@ public abstract class OtpBasedTwoFaProvider<C extends OtpBasedTwoFaProviderConfi
 
 
     @Override
-    public final void prepareVerificationCode(SecurityUser securityUser, C providerConfig, A accountConfig) throws ThingsboardException {
+    public final void prepareVerificationCode(SecurityUser user, C providerConfig, A accountConfig) throws ThingsboardException {
         String verificationCode = RandomStringUtils.randomNumeric(6);
-        verificationCodesCache.put(securityUser.getId(), new Otp(System.currentTimeMillis(), verificationCode, accountConfig));
-        sendVerificationCode(securityUser, verificationCode, providerConfig, accountConfig);
+        sendVerificationCode(user, verificationCode, providerConfig, accountConfig);
+        verificationCodesCache.put(user.getId(), new Otp(System.currentTimeMillis(), verificationCode, accountConfig));
     }
 
     protected abstract void sendVerificationCode(SecurityUser user, String verificationCode, C providerConfig, A accountConfig) throws ThingsboardException;
 
 
     @Override
-    public final boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, C providerConfig, A accountConfig) {
-        Otp correctVerificationCode = verificationCodesCache.get(securityUser.getId(), Otp.class);
+    public final boolean checkVerificationCode(SecurityUser user, String verificationCode, C providerConfig, A accountConfig) {
+        Otp correctVerificationCode = verificationCodesCache.get(user.getId(), Otp.class);
         if (correctVerificationCode != null) {
             if (System.currentTimeMillis() - correctVerificationCode.getTimestamp()
                     > TimeUnit.SECONDS.toMillis(providerConfig.getVerificationCodeLifetime())) {
-                verificationCodesCache.evict(securityUser.getId());
+                verificationCodesCache.evict(user.getId());
                 return false;
             }
             if (verificationCode.equals(correctVerificationCode.getValue())
                     && accountConfig.equals(correctVerificationCode.getAccountConfig())) {
-                verificationCodesCache.evict(securityUser.getId());
+                verificationCodesCache.evict(user.getId());
                 return true;
             }
         }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFaProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFaProvider.java
index 9b251e5b4a..289ddb7c9d 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFaProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFaProvider.java
@@ -45,7 +45,7 @@ public class TotpTwoFaProvider implements TwoFaProvider<TotpTwoFaProviderConfig,
     }
 
     @Override
-    public final boolean checkVerificationCode(SecurityUser securityUser, String verificationCode, TotpTwoFaProviderConfig providerConfig, TotpTwoFaAccountConfig accountConfig) {
+    public final boolean checkVerificationCode(SecurityUser user, String verificationCode, TotpTwoFaProviderConfig providerConfig, TotpTwoFaAccountConfig accountConfig) {
         String secretKey = UriComponentsBuilder.fromUriString(accountConfig.getAuthUrl()).build().getQueryParams().getFirst("secret");
         return new Totp(secretKey).verify(verificationCode);
     }
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
index 749eb08329..8d017cab20 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
@@ -15,11 +15,9 @@
  */
 package org.thingsboard.server.common.data.security.model.mfa;
 
-import io.swagger.annotations.ApiModel;
-import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
 import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
 
 import javax.validation.Valid;
 import javax.validation.constraints.Min;
@@ -28,29 +26,18 @@ import java.util.List;
 import java.util.Optional;
 
 @Data
-@ApiModel
 public class PlatformTwoFaSettings {
 
-    @ApiModelProperty(value = "Option for tenant admins to use 2FA settings configured by sysadmin. " +
-            "If this param is set to true, then the settings will not be validated for constraints " +
-            "(if it is a tenant admin; for sysadmin this param is ignored)")
     private boolean useSystemTwoFactorAuthSettings;
-    @ApiModelProperty(value = "The list of 2FA providers' configs. Users will only be allowed to use 2FA providers from this list.")
     @Valid
     private List<TwoFaProviderConfig> providers;
 
-    @ApiModelProperty(value = "Rate limit configuration for verification code sending. The format is standard: 'amountOfRequests:periodInSeconds'. " +
-            "The value of '1:60' would limit verification code sending requests to one per minute.", example = "1:60", required = false)
     @Pattern(regexp = "[1-9]\\d*:[1-9]\\d*", message = "verification code send rate limit configuration is invalid")
     private String verificationCodeSendRateLimit;
-    @ApiModelProperty(value = "Rate limit configuration for verification code checking.", example = "3:900", required = false)
     @Pattern(regexp = "[1-9]\\d*:[1-9]\\d*", message = "verification code check rate limit configuration is invalid")
     private String verificationCodeCheckRateLimit;
-    @ApiModelProperty(value = "Maximum number of verification failures before a user gets disabled.", example = "10", required = false)
     @Min(value = 0, message = "maximum number of verification failure before user lockout must be positive")
     private int maxVerificationFailuresBeforeUserLockout;
-    @ApiModelProperty(value = "Total amount of time in seconds allotted for verification. " +
-            "Basically, this property sets a lifetime for pre-verification token. If not set, default value of 30 minutes is used.", example = "3600", required = false)
     @Min(value = 1, message = "total amount of time allotted for verification must be greater than 0")
     private Integer totalAllowedTimeForVerification;
 
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/EmailTwoFaAccountConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/EmailTwoFaAccountConfig.java
new file mode 100644
index 0000000000..a2170d7a54
--- /dev/null
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/EmailTwoFaAccountConfig.java
@@ -0,0 +1,38 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.common.data.security.model.mfa.account;
+
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
+
+import javax.validation.constraints.Email;
+import javax.validation.constraints.NotBlank;
+
+@Data
+@EqualsAndHashCode(callSuper = true)
+public class EmailTwoFaAccountConfig extends OtpBasedTwoFaAccountConfig {
+
+    @NotBlank
+    @Email
+    private String email;
+
+    @Override
+    public TwoFaProviderType getProviderType() {
+        return TwoFaProviderType.EMAIL;
+    }
+
+}
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/SmsTwoFaAccountConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/SmsTwoFaAccountConfig.java
index 67d9d499ae..84a7b6924e 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/SmsTwoFaAccountConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/SmsTwoFaAccountConfig.java
@@ -15,8 +15,6 @@
  */
 package org.thingsboard.server.common.data.security.model.mfa.account;
 
-import io.swagger.annotations.ApiModel;
-import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
 import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
@@ -24,12 +22,10 @@ import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProvi
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.Pattern;
 
-@ApiModel
 @EqualsAndHashCode(callSuper = true)
 @Data
 public class SmsTwoFaAccountConfig extends OtpBasedTwoFaAccountConfig {
 
-    @ApiModelProperty(value = "Phone number to use for 2FA. Must no be blank and must be of E.164 number format.", required = true)
     @NotBlank(message = "phone number cannot be blank")
     @Pattern(regexp = "^\\+[1-9]\\d{1,14}$", message = "phone number is not of E.164 format")
     private String phoneNumber;
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TotpTwoFaAccountConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TotpTwoFaAccountConfig.java
index ecafde86ce..5cdec02e90 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TotpTwoFaAccountConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TotpTwoFaAccountConfig.java
@@ -15,8 +15,6 @@
  */
 package org.thingsboard.server.common.data.security.model.mfa.account;
 
-import io.swagger.annotations.ApiModel;
-import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
 import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
@@ -24,13 +22,10 @@ import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProvi
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.Pattern;
 
-@ApiModel // FIXME [viacheslav]
 @Data
 @EqualsAndHashCode(callSuper = true)
 public class TotpTwoFaAccountConfig extends TwoFaAccountConfig {
 
-    @ApiModelProperty(value = "OTP auth URL used to generate a QR code to scan with an authenticator app. Must not be blank and must follow specific pattern.",
-            example = "otpauth://totp/ThingsBoard:tenant@thingsboard.org?issuer=ThingsBoard&secret=FUNBIM3CXFNNGQR6ZIPVWHP65PPFWDII", required = true)
     @NotBlank(message = "OTP auth URL cannot be blank")
     @Pattern(regexp = "otpauth://totp/(\\S+?):(\\S+?)\\?issuer=(\\S+?)&secret=(\\w+?)", message = "OTP auth url is invalid")
     private String authUrl;
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TwoFaAccountConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TwoFaAccountConfig.java
index 5d366205cd..6bf2ee8fd3 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TwoFaAccountConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TwoFaAccountConfig.java
@@ -29,7 +29,8 @@ import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProvi
         property = "providerType")
 @JsonSubTypes({
         @Type(name = "TOTP", value = TotpTwoFaAccountConfig.class),
-        @Type(name = "SMS", value = SmsTwoFaAccountConfig.class)
+        @Type(name = "SMS", value = SmsTwoFaAccountConfig.class),
+        @Type(name = "EMAIL", value = EmailTwoFaAccountConfig.class)
 })
 @Data
 public abstract class TwoFaAccountConfig {
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/EmailTwoFaProviderConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/EmailTwoFaProviderConfig.java
new file mode 100644
index 0000000000..787f5b561d
--- /dev/null
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/EmailTwoFaProviderConfig.java
@@ -0,0 +1,30 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.common.data.security.model.mfa.provider;
+
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+@Data
+@EqualsAndHashCode(callSuper = true)
+public class EmailTwoFaProviderConfig extends OtpBasedTwoFaProviderConfig {
+
+    @Override
+    public TwoFaProviderType getProviderType() {
+        return TwoFaProviderType.EMAIL;
+    }
+
+}
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/OtpBasedTwoFaProviderConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/OtpBasedTwoFaProviderConfig.java
index 23d64c79aa..f1595e733f 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/OtpBasedTwoFaProviderConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/OtpBasedTwoFaProviderConfig.java
@@ -15,15 +15,14 @@
  */
 package org.thingsboard.server.common.data.security.model.mfa.provider;
 
-import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 
 import javax.validation.constraints.Min;
 
 @Data
 public abstract class OtpBasedTwoFaProviderConfig implements TwoFaProviderConfig {
-    @ApiModelProperty(value = "Verification code lifetime in seconds. Verification codes with a lifetime bigger than this param " +
-            "will be considered incorrect", example = "60", required = true)
+
     @Min(value = 1, message = "verification code lifetime is required")
     private int verificationCodeLifetime;
+
 }
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/SmsTwoFaProviderConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/SmsTwoFaProviderConfig.java
index 81efb7058e..e0ed0587d9 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/SmsTwoFaProviderConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/SmsTwoFaProviderConfig.java
@@ -15,22 +15,16 @@
  */
 package org.thingsboard.server.common.data.security.model.mfa.provider;
 
-import io.swagger.annotations.ApiModel;
-import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
 
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.Pattern;
 
-@ApiModel(parent = OtpBasedTwoFaProviderConfig.class)
 @EqualsAndHashCode(callSuper = true)
 @Data
 public class SmsTwoFaProviderConfig extends OtpBasedTwoFaProviderConfig {
 
-    @ApiModelProperty(value = "SMS verification message template. Available template variables are ${verificationCode} and ${userEmail}. " +
-            "It must not be blank and must contain verification code variable.",
-            example = "Here is your verification code: ${verificationCode}", required = true)
     @NotBlank(message = "verification message template is required")
     @Pattern(regexp = ".*\\$\\{verificationCode}.*", message = "template must contain verification code")
     private String smsVerificationMessageTemplate;
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TotpTwoFaProviderConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TotpTwoFaProviderConfig.java
index b631d367e5..32f443f785 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TotpTwoFaProviderConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TotpTwoFaProviderConfig.java
@@ -15,18 +15,13 @@
  */
 package org.thingsboard.server.common.data.security.model.mfa.provider;
 
-import io.swagger.annotations.ApiModel;
-import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 
 import javax.validation.constraints.NotBlank;
 
-@ApiModel
 @Data
 public class TotpTwoFaProviderConfig implements TwoFaProviderConfig {
 
-    @ApiModelProperty(value = "Issuer name that will be displayed in an authenticator app near a username. " +
-            "Must not be blank.", example = "ThingsBoard", required = true)
     @NotBlank(message = "issuer name must not be blank")
     private String issuerName;
 
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFaProviderConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFaProviderConfig.java
index 69d9989af4..65d9242900 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFaProviderConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFaProviderConfig.java
@@ -27,7 +27,8 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
         property = "providerType")
 @JsonSubTypes({
         @Type(name = "TOTP", value = TotpTwoFaProviderConfig.class),
-        @Type(name = "SMS", value = SmsTwoFaProviderConfig.class)
+        @Type(name = "SMS", value = SmsTwoFaProviderConfig.class),
+        @Type(name = "EMAIL", value = EmailTwoFaProviderConfig.class)
 })
 public interface TwoFaProviderConfig {
 
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFaProviderType.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFaProviderType.java
index 7e6f25195e..dd36f24394 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFaProviderType.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFaProviderType.java
@@ -17,5 +17,6 @@ package org.thingsboard.server.common.data.security.model.mfa.provider;
 
 public enum TwoFaProviderType {
     TOTP,
-    SMS
+    SMS,
+    EMAIL
 }
diff --git a/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/MailService.java b/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/MailService.java
index 86da82187d..10c37da564 100644
--- a/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/MailService.java
+++ b/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/MailService.java
@@ -24,8 +24,6 @@ import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.CustomerId;
 import org.thingsboard.server.common.data.id.TenantId;
 
-import java.util.Map;
-
 public interface MailService {
 
     void updateMailConfiguration();
@@ -46,6 +44,8 @@ public interface MailService {
 
     void sendAccountLockoutEmail(String lockoutEmail, String email, Integer maxFailedLoginAttempts) throws ThingsboardException;
 
+    void sendTwoFaVerificationEmail(String email, String verificationCode) throws ThingsboardException;
+
     void send(TenantId tenantId, CustomerId customerId, TbEmail tbEmail) throws ThingsboardException;
 
     void send(TenantId tenantId, CustomerId customerId, TbEmail tbEmail, JavaMailSender javaMailSender) throws ThingsboardException;

From 05301efe2c6c8631aced6606b818c6de95c4124a Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Fri, 6 May 2022 12:41:10 +0300
Subject: [PATCH 31/92] Update 2FA tests

---
 .../controller/TwoFactorAuthConfigTest.java   |  55 +-
 .../server/controller/TwoFactorAuthTest.java  | 693 ++++++++++--------
 .../common/msg/tools/RateLimitsTest.java      |   2 +-
 3 files changed, 408 insertions(+), 342 deletions(-)

diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
index 954d313480..3438ed19f8 100644
--- a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
@@ -30,6 +30,7 @@ import org.springframework.web.util.UriComponentsBuilder;
 import org.thingsboard.rule.engine.api.SmsService;
 import org.thingsboard.server.common.data.CacheConstants;
 import org.thingsboard.server.common.data.id.TenantId;
+import org.thingsboard.server.common.data.security.model.mfa.account.AccountTwoFaSettings;
 import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFaConfigManager;
 import org.thingsboard.server.common.data.security.model.mfa.PlatformTwoFaSettings;
@@ -82,15 +83,15 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
 
     @Test
-    public void testSaveTwoFaSettings() throws Exception {
+    public void testSavePlatformTwoFaSettingsForDifferentAuthorities() throws Exception {
         loginSysAdmin();
-        testSaveTestTwoFaSettings();
+        testSavePlatformTwoFaSettings();
 
         loginTenantAdmin();
-        testSaveTestTwoFaSettings();
+        testSavePlatformTwoFaSettings();
     }
 
-    private void testSaveTestTwoFaSettings() throws Exception {
+    private void testSavePlatformTwoFaSettings() throws Exception {
         TotpTwoFaProviderConfig totpTwoFaProviderConfig = new TotpTwoFaProviderConfig();
         totpTwoFaProviderConfig.setIssuerName("tb");
         SmsTwoFaProviderConfig smsTwoFaProviderConfig = new SmsTwoFaProviderConfig();
@@ -113,7 +114,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
     }
 
     @Test
-    public void testSaveTwoFaSettings_validationError() throws Exception {
+    public void testSavePlatformTwoFaSettings_validationError() throws Exception {
         loginTenantAdmin();
 
         PlatformTwoFaSettings twoFaSettings = new PlatformTwoFaSettings();
@@ -147,7 +148,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
     }
 
     @Test
-    public void testGetTwoFaSettings_useSysadminSettingsAsDefault() throws Exception {
+    public void testGetPlatformTwoFaSettings_useSysadminSettingsAsDefault() throws Exception {
         loginSysAdmin();
         PlatformTwoFaSettings sysadminTwoFaSettings = new PlatformTwoFaSettings();
         TotpTwoFaProviderConfig totpTwoFaProviderConfig = new TotpTwoFaProviderConfig();
@@ -204,7 +205,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
         TotpTwoFaProviderConfig invalidTotpTwoFaProviderConfig = new TotpTwoFaProviderConfig();
         invalidTotpTwoFaProviderConfig.setIssuerName("   ");
 
-        String errorResponse = saveTwoFaSettingsAndGetError(invalidTotpTwoFaProviderConfig);
+        String errorResponse = savePlatformTwoFaSettingsAndGetError(invalidTotpTwoFaProviderConfig);
         assertThat(errorResponse).containsIgnoringCase("issuer name must not be blank");
     }
 
@@ -214,17 +215,17 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
         invalidSmsTwoFaProviderConfig.setSmsVerificationMessageTemplate("does not contain verification code");
         invalidSmsTwoFaProviderConfig.setVerificationCodeLifetime(60);
 
-        String errorResponse = saveTwoFaSettingsAndGetError(invalidSmsTwoFaProviderConfig);
+        String errorResponse = savePlatformTwoFaSettingsAndGetError(invalidSmsTwoFaProviderConfig);
         assertThat(errorResponse).containsIgnoringCase("must contain verification code");
 
         invalidSmsTwoFaProviderConfig.setSmsVerificationMessageTemplate(null);
         invalidSmsTwoFaProviderConfig.setVerificationCodeLifetime(0);
-        errorResponse = saveTwoFaSettingsAndGetError(invalidSmsTwoFaProviderConfig);
+        errorResponse = savePlatformTwoFaSettingsAndGetError(invalidSmsTwoFaProviderConfig);
         assertThat(errorResponse).containsIgnoringCase("verification message template is required");
         assertThat(errorResponse).containsIgnoringCase("verification code lifetime is required");
     }
 
-    private String saveTwoFaSettingsAndGetError(TwoFaProviderConfig invalidTwoFaProviderConfig) throws Exception {
+    private String savePlatformTwoFaSettingsAndGetError(TwoFaProviderConfig invalidTwoFaProviderConfig) throws Exception {
         PlatformTwoFaSettings twoFaSettings = new PlatformTwoFaSettings();
         twoFaSettings.setProviders(Collections.singletonList(invalidTwoFaProviderConfig));
 
@@ -232,6 +233,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
                 .andExpect(status().isBadRequest()));
     }
 
+
     @Test
     public void testSaveTwoFaAccountConfig_providerNotConfigured() throws Exception {
         configureSmsTwoFaProvider("${verificationCode}");
@@ -255,7 +257,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
         loginTenantAdmin();
 
-        assertThat(readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), String.class)).isNullOrEmpty();
+        assertThat(readResponse(doGet("/api/2fa/account/settings").andExpect(status().isOk()), String.class)).isNullOrEmpty();
         generateTotpTwoFaAccountConfig(totpTwoFaProviderConfig);
     }
 
@@ -309,7 +311,10 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
         doPost("/api/2fa/account/config?verificationCode=" + correctVerificationCode, generatedTotpTwoFaAccountConfig)
                 .andExpect(status().isOk());
 
-        TwoFaAccountConfig twoFaAccountConfig = readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), TwoFaAccountConfig.class);
+        AccountTwoFaSettings accountTwoFaSettings = readResponse(doGet("/api/2fa/account/settings").andExpect(status().isOk()), AccountTwoFaSettings.class);
+        assertThat(accountTwoFaSettings.getConfigs()).size().isOne();
+
+        TwoFaAccountConfig twoFaAccountConfig = accountTwoFaSettings.getConfigs().get(TwoFaProviderType.TOTP);
         assertThat(twoFaAccountConfig).isEqualTo(generatedTotpTwoFaAccountConfig);
     }
 
@@ -349,15 +354,16 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
     @Test
     public void testGetTwoFaAccountConfig_whenProviderNotConfigured() throws Exception {
         testVerifyAndSaveTotpTwoFaAccountConfig();
-        assertThat(readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()),
-                TotpTwoFaAccountConfig.class)).isNotNull();
+        assertThat(readResponse(doGet("/api/2fa/account/settings").andExpect(status().isOk()),
+                AccountTwoFaSettings.class).getConfigs()).isNotEmpty();
 
         loginSysAdmin();
-
         saveProvidersConfigs();
 
-        assertThat(readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), String.class))
-                .isNullOrEmpty();
+        loginTenantAdmin();
+
+        assertThat(readResponse(doGet("/api/2fa/account/settings").andExpect(status().isOk()), AccountTwoFaSettings.class).getConfigs())
+                .isEmpty();
     }
 
     @Test
@@ -427,7 +433,8 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
         doPost("/api/2fa/account/config?verificationCode=" + correctVerificationCode, smsTwoFaAccountConfig)
                 .andExpect(status().isOk());
 
-        TwoFaAccountConfig accountConfig = readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), TwoFaAccountConfig.class);
+        AccountTwoFaSettings accountTwoFaSettings = readResponse(doGet("/api/2fa/account/settings").andExpect(status().isOk()), AccountTwoFaSettings.class);
+        TwoFaAccountConfig accountConfig = accountTwoFaSettings.getConfigs().get(TwoFaProviderType.SMS);
         assertThat(accountConfig).isEqualTo(smsTwoFaAccountConfig);
     }
 
@@ -470,7 +477,8 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
         doPost("/api/2fa/account/config?verificationCode=" + correctVerificationCode, initialSmsTwoFaAccountConfig)
                 .andExpect(status().isOk());
-        TwoFaAccountConfig accountConfig = readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), TwoFaAccountConfig.class);
+        AccountTwoFaSettings accountTwoFaSettings = readResponse(doGet("/api/2fa/account/settings").andExpect(status().isOk()), AccountTwoFaSettings.class);
+        TwoFaAccountConfig accountConfig = accountTwoFaSettings.getConfigs().get(TwoFaProviderType.SMS);
         assertThat(accountConfig).isEqualTo(initialSmsTwoFaAccountConfig);
     }
 
@@ -518,13 +526,14 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
         twoFaConfigManager.saveTwoFaAccountConfig(tenantId, tenantAdminUserId, accountConfig);
 
-        TwoFaAccountConfig savedAccountConfig = readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), TwoFaAccountConfig.class);
+        AccountTwoFaSettings accountTwoFaSettings = readResponse(doGet("/api/2fa/account/settings").andExpect(status().isOk()), AccountTwoFaSettings.class);
+        TwoFaAccountConfig savedAccountConfig = accountTwoFaSettings.getConfigs().get(TwoFaProviderType.SMS);
         assertThat(savedAccountConfig).isEqualTo(accountConfig);
 
-        doDelete("/api/2fa/account/config").andExpect(status().isOk());
+        doDelete("/api/2fa/account/config?providerType=SMS").andExpect(status().isOk());
 
-        assertThat(readResponse(doGet("/api/2fa/account/config").andExpect(status().isOk()), String.class))
-                .isNullOrEmpty();
+        assertThat(readResponse(doGet("/api/2fa/account/settings").andExpect(status().isOk()), AccountTwoFaSettings.class).getConfigs())
+                .doesNotContainKey(TwoFaProviderType.SMS);
     }
 
 }
diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
index 17910c4f16..1ad340d54b 100644
--- a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
@@ -15,6 +15,7 @@
  */
 package org.thingsboard.server.controller;
 
+import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.JsonNode;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.apache.commons.lang3.StringUtils;
@@ -36,23 +37,26 @@ import org.thingsboard.server.common.data.page.PageLink;
 import org.thingsboard.server.common.data.page.SortOrder;
 import org.thingsboard.server.common.data.page.TimePageLink;
 import org.thingsboard.server.common.data.security.Authority;
-import org.thingsboard.server.dao.audit.AuditLogService;
-import org.thingsboard.server.dao.user.UserService;
-import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
-import org.thingsboard.server.service.security.auth.mfa.config.TwoFaConfigManager;
 import org.thingsboard.server.common.data.security.model.mfa.PlatformTwoFaSettings;
+import org.thingsboard.server.common.data.security.model.mfa.account.EmailTwoFaAccountConfig;
 import org.thingsboard.server.common.data.security.model.mfa.account.SmsTwoFaAccountConfig;
 import org.thingsboard.server.common.data.security.model.mfa.account.TotpTwoFaAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.EmailTwoFaProviderConfig;
 import org.thingsboard.server.common.data.security.model.mfa.provider.SmsTwoFaProviderConfig;
 import org.thingsboard.server.common.data.security.model.mfa.provider.TotpTwoFaProviderConfig;
 import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderConfig;
 import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
+import org.thingsboard.server.dao.audit.AuditLogService;
+import org.thingsboard.server.dao.user.UserService;
+import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFaConfigManager;
 import org.thingsboard.server.service.security.auth.rest.LoginRequest;
 import org.thingsboard.server.service.security.model.JwtTokenPair;
 
 import java.time.Duration;
 import java.util.Arrays;
 import java.util.List;
+import java.util.Map;
 import java.util.concurrent.TimeUnit;
 import java.util.function.Consumer;
 import java.util.stream.Collectors;
@@ -68,319 +72,372 @@ import static org.mockito.Mockito.verify;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 public abstract class TwoFactorAuthTest extends AbstractControllerTest {
-//
-//    @Autowired
-//    private TwoFaConfigManager twoFaConfigManager;
-//    @Autowired
-//    private TwoFactorAuthService twoFactorAuthService;
-//    @MockBean
-//    private SmsService smsService;
-//    @Autowired
-//    private AuditLogService auditLogService;
-//    @Autowired
-//    private UserService userService;
-//
-//    private User user;
-//    private String username;
-//    private String password;
-//
-//    @Before
-//    public void beforeEach() throws Exception {
-//        username = "mfa@tb.io";
-//        password = "psswrd";
-//
-//        user = new User();
-//        user.setAuthority(Authority.TENANT_ADMIN);
-//        user.setEmail(username);
-//        user.setTenantId(tenantId);
-//
-//        loginSysAdmin();
-//        user = createUser(user, password);
-//    }
-//
-//    @After
-//    public void afterEach() {
-//        twoFaConfigManager.deletePlatformTwoFaSettings(tenantId);
-//        twoFaConfigManager.deletePlatformTwoFaSettings(TenantId.SYS_TENANT_ID);
-//    }
-//
-//    @Test
-//    public void testTwoFa_totp() throws Exception {
-//        TotpTwoFaAccountConfig totpTwoFaAccountConfig = configureTotpTwoFa();
-//
-//        logInWithPreVerificationToken();
-//
-//        doPost("/api/auth/2fa/verification/send")
-//                .andExpect(status().isOk());
-//
-//        String correctVerificationCode = getCorrectTotp(totpTwoFaAccountConfig);
-//
-//        JsonNode tokenPair = readResponse(doPost("/api/auth/2fa/verification/check?verificationCode=" + correctVerificationCode)
-//                .andExpect(status().isOk()), JsonNode.class);
-//        validateAndSetJwtToken(tokenPair, username);
-//
-//        User currentUser = readResponse(doGet("/api/auth/user")
-//                .andExpect(status().isOk()), User.class);
-//        assertThat(currentUser.getId()).isEqualTo(user.getId());
-//    }
-//
-//    @Test
-//    public void testTwoFa_sms() throws Exception {
-//        configureSmsTwoFa();
-//
-//        logInWithPreVerificationToken();
-//
-//        doPost("/api/auth/2fa/verification/send")
-//                .andExpect(status().isOk());
-//
-//        ArgumentCaptor<String> verificationCodeCaptor = ArgumentCaptor.forClass(String.class);
-//        verify(smsService).sendSms(eq(tenantId), any(), any(), verificationCodeCaptor.capture());
-//        String correctVerificationCode = verificationCodeCaptor.getValue();
-//
-//        JsonNode tokenPair = readResponse(doPost("/api/auth/2fa/verification/check?verificationCode=" + correctVerificationCode)
-//                .andExpect(status().isOk()), JsonNode.class);
-//        validateAndSetJwtToken(tokenPair, username);
-//
-//        User currentUser = readResponse(doGet("/api/auth/user")
-//                .andExpect(status().isOk()), User.class);
-//        assertThat(currentUser.getId()).isEqualTo(user.getId());
-//    }
-//
-//    @Test
-//    public void testTwoFaPreVerificationTokenLifetime() throws Exception {
-//        configureTotpTwoFa(twoFaSettings -> {
-//            twoFaSettings.setTotalAllowedTimeForVerification(5);
-//        });
-//
-//        logInWithPreVerificationToken();
-//
-//        await("expiration of the pre-verification token")
-//                .atLeast(Duration.ofSeconds(3).plusMillis(500))
-//                .atMost(Duration.ofSeconds(6))
-//                .untilAsserted(() -> {
-//                    doPost("/api/auth/2fa/verification/send")
-//                            .andExpect(status().isUnauthorized());
-//                });
-//    }
-//
-//    @Test
-//    public void testCheckVerificationCode_userBlocked() throws Exception {
-//        configureTotpTwoFa(twoFaSettings -> {
-//            twoFaSettings.setMaxVerificationFailuresBeforeUserLockout(10);
-//        });
-//
-//        logInWithPreVerificationToken();
-//
-//        Stream.generate(() -> RandomStringUtils.randomNumeric(6))
-//                .limit(9)
-//                .forEach(incorrectVerificationCode -> {
-//                    try {
-//                        String errorMessage = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=" + incorrectVerificationCode)
-//                                .andExpect(status().isBadRequest()));
-//                        assertThat(errorMessage).containsIgnoringCase("verification code is incorrect");
-//                    } catch (Exception e) {
-//                        fail();
-//                    }
-//                });
-//
-//        String errorMessage = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=" + RandomStringUtils.randomNumeric(6))
-//                .andExpect(status().isUnauthorized()));
-//        assertThat(errorMessage).containsIgnoringCase("account was locked due to exceeded 2fa verification attempts");
-//
-//        errorMessage = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=" + RandomStringUtils.randomNumeric(6))
-//                .andExpect(status().isUnauthorized()));
-//        assertThat(errorMessage).containsIgnoringCase("user is disabled");
-//    }
-//
-//    @Test
-//    public void testSendVerificationCode_rateLimit() throws Exception {
-//        configureTotpTwoFa(twoFaSettings -> {
-//            twoFaSettings.setVerificationCodeSendRateLimit("3:10");
-//        });
-//
-//        logInWithPreVerificationToken();
-//
-//        for (int i = 0; i < 3; i++) {
-//            doPost("/api/auth/2fa/verification/send")
-//                    .andExpect(status().isOk());
-//        }
-//
-//        String rateLimitExceededError = getErrorMessage(doPost("/api/auth/2fa/verification/send")
-//                .andExpect(status().isTooManyRequests()));
-//        assertThat(rateLimitExceededError).containsIgnoringCase("too many verification code sending requests");
-//
-//        await("verification code sending rate limit resetting")
-//                .atLeast(Duration.ofSeconds(8))
-//                .atMost(Duration.ofSeconds(12))
-//                .untilAsserted(() -> {
-//                    doPost("/api/auth/2fa/verification/send")
-//                            .andExpect(status().isOk());
-//                });
-//    }
-//
-//    @Test
-//    public void testCheckVerificationCode_rateLimit() throws Exception {
-//        TotpTwoFaAccountConfig totpTwoFaAccountConfig = configureTotpTwoFa(twoFaSettings -> {
-//            twoFaSettings.setVerificationCodeCheckRateLimit("3:10");
-//        });
-//
-//        logInWithPreVerificationToken();
-//
-//        for (int i = 0; i < 3; i++) {
-//            String incorrectVerificationCodeError = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=incorrect")
-//                    .andExpect(status().isBadRequest()));
-//            assertThat(incorrectVerificationCodeError).containsIgnoringCase("verification code is incorrect");
-//        }
-//
-//        String rateLimitExceededError = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=incorrect")
-//                .andExpect(status().isTooManyRequests()));
-//        assertThat(rateLimitExceededError).containsIgnoringCase("too many verification code checking requests");
-//
-//        await("verification code checking rate limit resetting")
-//                .atLeast(Duration.ofSeconds(8))
-//                .atMost(Duration.ofSeconds(12))
-//                .untilAsserted(() -> {
-//                    String incorrectVerificationCodeError = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=incorrect")
-//                            .andExpect(status().isBadRequest()));
-//                    assertThat(incorrectVerificationCodeError).containsIgnoringCase("verification code is incorrect");
-//                });
-//
-//        doPost("/api/auth/2fa/verification/check?verificationCode=" + getCorrectTotp(totpTwoFaAccountConfig))
-//                .andExpect(status().isOk());
-//    }
-//
-//    @Test
-//    public void testCheckVerificationCode_invalidVerificationCode() throws Exception {
-//        configureTotpTwoFa();
-//        logInWithPreVerificationToken();
-//
-//        for (String invalidVerificationCode : new String[]{"1234567", "ab1212", "12311 ", "oewkriwejqf"}) {
-//            String errorMessage = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=" + invalidVerificationCode)
-//                    .andExpect(status().isBadRequest()));
-//            assertThat(errorMessage).containsIgnoringCase("verification code is incorrect");
-//        }
-//    }
-//
-//    @Test
-//    public void testCheckVerificationCode_codeExpiration() throws Exception {
-//        configureSmsTwoFa(smsTwoFaProviderConfig -> {
-//            smsTwoFaProviderConfig.setVerificationCodeLifetime(10);
-//        });
-//
-//        logInWithPreVerificationToken();
-//
-//        ArgumentCaptor<String> verificationCodeCaptor = ArgumentCaptor.forClass(String.class);
-//        doPost("/api/auth/2fa/verification/send").andExpect(status().isOk());
-//        verify(smsService).sendSms(eq(tenantId), any(), any(), verificationCodeCaptor.capture());
-//
-//        String correctVerificationCode = verificationCodeCaptor.getValue();
-//
-//        await("verification code expiration")
-//                .pollDelay(10, TimeUnit.SECONDS)
-//                .atLeast(10, TimeUnit.SECONDS)
-//                .atMost(12, TimeUnit.SECONDS)
-//                .untilAsserted(() -> {
-//                    String incorrectVerificationCodeError = getErrorMessage(doPost("/api/auth/2fa/verification/check?verificationCode=" + correctVerificationCode)
-//                            .andExpect(status().isBadRequest()));
-//                    assertThat(incorrectVerificationCodeError).containsIgnoringCase("verification code is incorrect");
-//                });
-//    }
-//
-//    @Test
-//    public void testTwoFa_logLoginAction() throws Exception {
-//        TotpTwoFaAccountConfig totpTwoFaAccountConfig = configureTotpTwoFa();
-//
-//        logInWithPreVerificationToken();
-//        await("async audit log saving").during(1, TimeUnit.SECONDS);
-//        assertThat(getLogInAuditLogs()).isEmpty();
-//        assertThat(userService.findUserById(tenantId, user.getId()).getAdditionalInfo()
-//                .get("lastLoginTs")).isNull();
-//
-//        doPost("/api/auth/2fa/verification/check?verificationCode=incorrect")
-//                .andExpect(status().isBadRequest());
-//
-//        await("async audit log saving").atMost(1, TimeUnit.SECONDS)
-//                .until(() -> getLogInAuditLogs().size() == 1);
-//        assertThat(getLogInAuditLogs().get(0)).satisfies(failedLogInAuditLog -> {
-//            assertThat(failedLogInAuditLog.getActionStatus()).isEqualTo(ActionStatus.FAILURE);
-//            assertThat(failedLogInAuditLog.getActionFailureDetails()).containsIgnoringCase("verification code is incorrect");
-//            assertThat(failedLogInAuditLog.getUserName()).isEqualTo(username);
-//        });
-//
-//        doPost("/api/auth/2fa/verification/check?verificationCode=" + getCorrectTotp(totpTwoFaAccountConfig))
-//                .andExpect(status().isOk());
-//        await("async audit log saving").atMost(1, TimeUnit.SECONDS)
-//                .until(() -> getLogInAuditLogs().size() == 2);
-//        assertThat(getLogInAuditLogs().get(0)).satisfies(successfulLogInAuditLog -> {
-//            assertThat(successfulLogInAuditLog.getActionStatus()).isEqualTo(ActionStatus.SUCCESS);
-//            assertThat(successfulLogInAuditLog.getUserName()).isEqualTo(username);
-//        });
-//        assertThat(userService.findUserById(tenantId, user.getId()).getAdditionalInfo()
-//                .get("lastLoginTs").asLong())
-//                .isGreaterThan(System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(3));
-//    }
-//
-//    private List<AuditLog> getLogInAuditLogs() {
-//        return auditLogService.findAuditLogsByTenantIdAndUserId(tenantId, user.getId(), List.of(ActionType.LOGIN),
-//                new TimePageLink(new PageLink(10, 0, null, new SortOrder("createdTime", SortOrder.Direction.DESC)), 0L, System.currentTimeMillis())).getData();
-//    }
-//
-//    @Test
-//    public void testAuthWithoutTwoFaAccountConfig() throws ThingsboardException {
-//        configureTotpTwoFa();
-//        twoFaConfigManager.deleteTwoFaAccountConfig(tenantId, user.getId(), );
-//
-//        assertDoesNotThrow(() -> {
-//            login(username, password);
-//        });
-//    }
-//
-//    private void logInWithPreVerificationToken() throws Exception {
-//        LoginRequest loginRequest = new LoginRequest(username, password);
-//
-//        JwtTokenPair response = readResponse(doPost("/api/auth/login", loginRequest).andExpect(status().isOk()), JwtTokenPair.class);
-//        assertThat(response.getToken()).isNotNull();
-//        assertThat(response.getRefreshToken()).isNull();
-//        assertThat(response.getScope()).isEqualTo(Authority.PRE_VERIFICATION_TOKEN);
-//
-//        this.token = response.getToken();
-//    }
-//
-//    private TotpTwoFaAccountConfig configureTotpTwoFa(Consumer<PlatformTwoFaSettings>... customizer) throws ThingsboardException {
-//        TotpTwoFaProviderConfig totpTwoFaProviderConfig = new TotpTwoFaProviderConfig();
-//        totpTwoFaProviderConfig.setIssuerName("tb");
-//
-//        PlatformTwoFaSettings twoFaSettings = new PlatformTwoFaSettings();
-//        twoFaSettings.setUseSystemTwoFactorAuthSettings(false);
-//        twoFaSettings.setProviders(Arrays.stream(new TwoFaProviderConfig[]{totpTwoFaProviderConfig}).collect(Collectors.toList()));
-//        Arrays.stream(customizer).forEach(c -> c.accept(twoFaSettings));
-//        twoFaConfigManager.savePlatformTwoFaSettings(tenantId, twoFaSettings);
-//
-//        TotpTwoFaAccountConfig totpTwoFaAccountConfig = (TotpTwoFaAccountConfig) twoFactorAuthService.generateNewAccountConfig(user, TwoFaProviderType.TOTP);
-//        twoFaConfigManager.saveTwoFaAccountConfig(tenantId, user.getId(), totpTwoFaAccountConfig);
-//        return totpTwoFaAccountConfig;
-//    }
-//
-//    private SmsTwoFaAccountConfig configureSmsTwoFa(Consumer<SmsTwoFaProviderConfig>... customizer) throws ThingsboardException {
-//        SmsTwoFaProviderConfig smsTwoFaProviderConfig = new SmsTwoFaProviderConfig();
-//        smsTwoFaProviderConfig.setVerificationCodeLifetime(60);
-//        smsTwoFaProviderConfig.setSmsVerificationMessageTemplate("${verificationCode}");
-//        Arrays.stream(customizer).forEach(c -> c.accept(smsTwoFaProviderConfig));
-//
-//        PlatformTwoFaSettings twoFaSettings = new PlatformTwoFaSettings();
-//        twoFaSettings.setUseSystemTwoFactorAuthSettings(false);
-//        twoFaSettings.setProviders(Arrays.stream(new TwoFaProviderConfig[]{smsTwoFaProviderConfig}).collect(Collectors.toList()));
-//        twoFaConfigManager.savePlatformTwoFaSettings(tenantId, twoFaSettings);
-//
-//        SmsTwoFaAccountConfig smsTwoFaAccountConfig = new SmsTwoFaAccountConfig();
-//        smsTwoFaAccountConfig.setPhoneNumber("+38050505050");
-//        twoFaConfigManager.saveTwoFaAccountConfig(tenantId, user.getId(), smsTwoFaAccountConfig);
-//        return smsTwoFaAccountConfig;
-//    }
-//
-//    private String getCorrectTotp(TotpTwoFaAccountConfig totpTwoFaAccountConfig) {
-//        String secret = StringUtils.substringAfterLast(totpTwoFaAccountConfig.getAuthUrl(), "secret=");
-//        return new Totp(secret).now();
-//    }
+
+    @Autowired
+    private TwoFaConfigManager twoFaConfigManager;
+    @Autowired
+    private TwoFactorAuthService twoFactorAuthService;
+    @MockBean
+    private SmsService smsService;
+    @Autowired
+    private AuditLogService auditLogService;
+    @Autowired
+    private UserService userService;
+
+    private User user;
+    private String username;
+    private String password;
+
+    @Before
+    public void beforeEach() throws Exception {
+        username = "mfa@tb.io";
+        password = "psswrd";
+
+        user = new User();
+        user.setAuthority(Authority.TENANT_ADMIN);
+        user.setEmail(username);
+        user.setTenantId(tenantId);
+
+        loginSysAdmin();
+        user = createUser(user, password);
+    }
+
+    @After
+    public void afterEach() {
+        twoFaConfigManager.deletePlatformTwoFaSettings(tenantId);
+        twoFaConfigManager.deletePlatformTwoFaSettings(TenantId.SYS_TENANT_ID);
+    }
+
+    @Test
+    public void testTwoFa_totp() throws Exception {
+        TotpTwoFaAccountConfig totpTwoFaAccountConfig = configureTotpTwoFa();
+
+        logInWithPreVerificationToken(username, password);
+
+        doPost("/api/auth/2fa/verification/send?providerType=TOTP")
+                .andExpect(status().isOk());
+
+        String correctVerificationCode = getCorrectTotp(totpTwoFaAccountConfig);
+
+        JsonNode tokenPair = readResponse(doPost("/api/auth/2fa/verification/check?providerType=TOTP&verificationCode=" + correctVerificationCode)
+                .andExpect(status().isOk()), JsonNode.class);
+        validateAndSetJwtToken(tokenPair, username);
+
+        User currentUser = readResponse(doGet("/api/auth/user")
+                .andExpect(status().isOk()), User.class);
+        assertThat(currentUser.getId()).isEqualTo(user.getId());
+    }
+
+    @Test
+    public void testTwoFa_sms() throws Exception {
+        configureSmsTwoFa();
+
+        logInWithPreVerificationToken(username, password);
+
+        doPost("/api/auth/2fa/verification/send?providerType=SMS")
+                .andExpect(status().isOk());
+
+        ArgumentCaptor<String> verificationCodeCaptor = ArgumentCaptor.forClass(String.class);
+        verify(smsService).sendSms(eq(tenantId), any(), any(), verificationCodeCaptor.capture());
+        String correctVerificationCode = verificationCodeCaptor.getValue();
+
+        JsonNode tokenPair = readResponse(doPost("/api/auth/2fa/verification/check?providerType=SMS&verificationCode=" + correctVerificationCode)
+                .andExpect(status().isOk()), JsonNode.class);
+        validateAndSetJwtToken(tokenPair, username);
+
+        User currentUser = readResponse(doGet("/api/auth/user")
+                .andExpect(status().isOk()), User.class);
+        assertThat(currentUser.getId()).isEqualTo(user.getId());
+    }
+
+    @Test
+    public void testTwoFaPreVerificationTokenLifetime() throws Exception {
+        configureTotpTwoFa(twoFaSettings -> {
+            twoFaSettings.setTotalAllowedTimeForVerification(5);
+        });
+
+        logInWithPreVerificationToken(username, password);
+
+        await("expiration of the pre-verification token")
+                .atLeast(Duration.ofSeconds(3).plusMillis(500))
+                .atMost(Duration.ofSeconds(6))
+                .untilAsserted(() -> {
+                    doPost("/api/auth/2fa/verification/send?providerType=TOTP")
+                            .andExpect(status().isUnauthorized());
+                });
+    }
+
+    @Test
+    public void testCheckVerificationCode_userBlocked() throws Exception {
+        configureTotpTwoFa(twoFaSettings -> {
+            twoFaSettings.setMaxVerificationFailuresBeforeUserLockout(10);
+        });
+
+        logInWithPreVerificationToken(username, password);
+
+        Stream.generate(() -> RandomStringUtils.randomNumeric(6))
+                .limit(9)
+                .forEach(incorrectVerificationCode -> {
+                    try {
+                        String errorMessage = getErrorMessage(doPost("/api/auth/2fa/verification/check?providerType=TOTP&verificationCode=" + incorrectVerificationCode)
+                                .andExpect(status().isBadRequest()));
+                        assertThat(errorMessage).containsIgnoringCase("verification code is incorrect");
+                    } catch (Exception e) {
+                        fail();
+                    }
+                });
+
+        String errorMessage = getErrorMessage(doPost("/api/auth/2fa/verification/check?providerType=TOTP&verificationCode=" + RandomStringUtils.randomNumeric(6))
+                .andExpect(status().isUnauthorized()));
+        assertThat(errorMessage).containsIgnoringCase("account was locked due to exceeded 2fa verification attempts");
+
+        errorMessage = getErrorMessage(doPost("/api/auth/2fa/verification/check?providerType=TOTP&verificationCode=" + RandomStringUtils.randomNumeric(6))
+                .andExpect(status().isUnauthorized()));
+        assertThat(errorMessage).containsIgnoringCase("user is disabled");
+    }
+
+    @Test
+    public void testSendVerificationCode_rateLimit() throws Exception {
+        configureTotpTwoFa(twoFaSettings -> {
+            twoFaSettings.setVerificationCodeSendRateLimit("3:10");
+        });
+
+        logInWithPreVerificationToken(username, password);
+
+        for (int i = 0; i < 3; i++) {
+            doPost("/api/auth/2fa/verification/send?providerType=TOTP")
+                    .andExpect(status().isOk());
+        }
+
+        String rateLimitExceededError = getErrorMessage(doPost("/api/auth/2fa/verification/send?providerType=TOTP")
+                .andExpect(status().isTooManyRequests()));
+        assertThat(rateLimitExceededError).containsIgnoringCase("too many requests");
+
+        await("verification code sending rate limit resetting")
+                .atLeast(Duration.ofSeconds(8))
+                .atMost(Duration.ofSeconds(12))
+                .untilAsserted(() -> {
+                    doPost("/api/auth/2fa/verification/send?providerType=TOTP")
+                            .andExpect(status().isOk());
+                });
+    }
+
+    @Test
+    public void testCheckVerificationCode_rateLimit() throws Exception {
+        TotpTwoFaAccountConfig totpTwoFaAccountConfig = configureTotpTwoFa(twoFaSettings -> {
+            twoFaSettings.setVerificationCodeCheckRateLimit("3:10");
+        });
+
+        logInWithPreVerificationToken(username, password);
+
+        for (int i = 0; i < 3; i++) {
+            String incorrectVerificationCodeError = getErrorMessage(doPost("/api/auth/2fa/verification/check?providerType=TOTP&verificationCode=incorrect")
+                    .andExpect(status().isBadRequest()));
+            assertThat(incorrectVerificationCodeError).containsIgnoringCase("verification code is incorrect");
+        }
+
+        String rateLimitExceededError = getErrorMessage(doPost("/api/auth/2fa/verification/check?providerType=TOTP&verificationCode=incorrect")
+                .andExpect(status().isTooManyRequests()));
+        assertThat(rateLimitExceededError).containsIgnoringCase("too many requests");
+
+        await("verification code checking rate limit resetting")
+                .atLeast(Duration.ofSeconds(8))
+                .atMost(Duration.ofSeconds(12))
+                .untilAsserted(() -> {
+                    String incorrectVerificationCodeError = getErrorMessage(doPost("/api/auth/2fa/verification/check?providerType=TOTP&verificationCode=incorrect")
+                            .andExpect(status().isBadRequest()));
+                    assertThat(incorrectVerificationCodeError).containsIgnoringCase("verification code is incorrect");
+                });
+
+        doPost("/api/auth/2fa/verification/check?providerType=TOTP&verificationCode=" + getCorrectTotp(totpTwoFaAccountConfig))
+                .andExpect(status().isOk());
+    }
+
+    @Test
+    public void testCheckVerificationCode_invalidVerificationCode() throws Exception {
+        configureTotpTwoFa();
+        logInWithPreVerificationToken(username, password);
+
+        for (String invalidVerificationCode : new String[]{"1234567", "ab1212", "12311 ", "oewkriwejqf"}) {
+            String errorMessage = getErrorMessage(doPost("/api/auth/2fa/verification/check?providerType=TOTP&verificationCode=" + invalidVerificationCode)
+                    .andExpect(status().isBadRequest()));
+            assertThat(errorMessage).containsIgnoringCase("verification code is incorrect");
+        }
+    }
+
+    @Test
+    public void testCheckVerificationCode_codeExpiration() throws Exception {
+        configureSmsTwoFa(smsTwoFaProviderConfig -> {
+            smsTwoFaProviderConfig.setVerificationCodeLifetime(10);
+        });
+
+        logInWithPreVerificationToken(username, password);
+
+        ArgumentCaptor<String> verificationCodeCaptor = ArgumentCaptor.forClass(String.class);
+        doPost("/api/auth/2fa/verification/send?providerType=SMS").andExpect(status().isOk());
+        verify(smsService).sendSms(eq(tenantId), any(), any(), verificationCodeCaptor.capture());
+
+        String correctVerificationCode = verificationCodeCaptor.getValue();
+
+        await("verification code expiration")
+                .pollDelay(10, TimeUnit.SECONDS)
+                .atLeast(10, TimeUnit.SECONDS)
+                .atMost(12, TimeUnit.SECONDS)
+                .untilAsserted(() -> {
+                    String incorrectVerificationCodeError = getErrorMessage(doPost("/api/auth/2fa/verification/check?providerType=SMS&verificationCode=" + correctVerificationCode)
+                            .andExpect(status().isBadRequest()));
+                    assertThat(incorrectVerificationCodeError).containsIgnoringCase("verification code is incorrect");
+                });
+    }
+
+    @Test
+    public void testTwoFa_logLoginAction() throws Exception {
+        TotpTwoFaAccountConfig totpTwoFaAccountConfig = configureTotpTwoFa();
+
+        logInWithPreVerificationToken(username, password);
+        await("async audit log saving").during(1, TimeUnit.SECONDS);
+        assertThat(getLogInAuditLogs()).isEmpty();
+        assertThat(userService.findUserById(tenantId, user.getId()).getAdditionalInfo()
+                .get("lastLoginTs")).isNull();
+
+        doPost("/api/auth/2fa/verification/check?providerType=TOTP&verificationCode=incorrect")
+                .andExpect(status().isBadRequest());
+
+        await("async audit log saving").atMost(1, TimeUnit.SECONDS)
+                .until(() -> getLogInAuditLogs().size() == 1);
+        assertThat(getLogInAuditLogs().get(0)).satisfies(failedLogInAuditLog -> {
+            assertThat(failedLogInAuditLog.getActionStatus()).isEqualTo(ActionStatus.FAILURE);
+            assertThat(failedLogInAuditLog.getActionFailureDetails()).containsIgnoringCase("verification code is incorrect");
+            assertThat(failedLogInAuditLog.getUserName()).isEqualTo(username);
+        });
+
+        doPost("/api/auth/2fa/verification/check?providerType=TOTP&verificationCode=" + getCorrectTotp(totpTwoFaAccountConfig))
+                .andExpect(status().isOk());
+        await("async audit log saving").atMost(1, TimeUnit.SECONDS)
+                .until(() -> getLogInAuditLogs().size() == 2);
+        assertThat(getLogInAuditLogs().get(0)).satisfies(successfulLogInAuditLog -> {
+            assertThat(successfulLogInAuditLog.getActionStatus()).isEqualTo(ActionStatus.SUCCESS);
+            assertThat(successfulLogInAuditLog.getUserName()).isEqualTo(username);
+        });
+        assertThat(userService.findUserById(tenantId, user.getId()).getAdditionalInfo()
+                .get("lastLoginTs").asLong())
+                .isGreaterThan(System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(3));
+    }
+
+    private List<AuditLog> getLogInAuditLogs() {
+        return auditLogService.findAuditLogsByTenantIdAndUserId(tenantId, user.getId(), List.of(ActionType.LOGIN),
+                new TimePageLink(new PageLink(10, 0, null, new SortOrder("createdTime", SortOrder.Direction.DESC)), 0L, System.currentTimeMillis())).getData();
+    }
+
+    @Test
+    public void testAuthWithoutTwoFaAccountConfig() throws ThingsboardException {
+        configureTotpTwoFa();
+        twoFaConfigManager.deleteTwoFaAccountConfig(tenantId, user.getId(), TwoFaProviderType.TOTP);
+
+        assertDoesNotThrow(() -> {
+            login(username, password);
+        });
+    }
+
+    @Test
+    public void testTwoFa_multipleProviders() throws Exception {
+        PlatformTwoFaSettings platformTwoFaSettings = new PlatformTwoFaSettings();
+        platformTwoFaSettings.setUseSystemTwoFactorAuthSettings(true);
+
+        TotpTwoFaProviderConfig totpTwoFaProviderConfig = new TotpTwoFaProviderConfig();
+        totpTwoFaProviderConfig.setIssuerName("TB");
+
+        SmsTwoFaProviderConfig smsTwoFaProviderConfig = new SmsTwoFaProviderConfig();
+        smsTwoFaProviderConfig.setVerificationCodeLifetime(60);
+        smsTwoFaProviderConfig.setSmsVerificationMessageTemplate("${verificationCode}");
+
+        EmailTwoFaProviderConfig emailTwoFaProviderConfig = new EmailTwoFaProviderConfig();
+        emailTwoFaProviderConfig.setVerificationCodeLifetime(60);
+
+        platformTwoFaSettings.setProviders(List.of(totpTwoFaProviderConfig, smsTwoFaProviderConfig, emailTwoFaProviderConfig));
+        twoFaConfigManager.savePlatformTwoFaSettings(TenantId.SYS_TENANT_ID, platformTwoFaSettings);
+
+        User twoFaUser = new User();
+        twoFaUser.setAuthority(Authority.TENANT_ADMIN);
+        twoFaUser.setTenantId(tenantId);
+        twoFaUser.setEmail("2fa@thingsboard.org");
+        twoFaUser = createUserAndLogin(twoFaUser, "12345678");
+
+        TotpTwoFaAccountConfig totpTwoFaAccountConfig = (TotpTwoFaAccountConfig) twoFactorAuthService.generateNewAccountConfig(twoFaUser, TwoFaProviderType.TOTP);
+        totpTwoFaAccountConfig.setUseByDefault(true);
+        twoFaConfigManager.saveTwoFaAccountConfig(tenantId, twoFaUser.getId(), totpTwoFaAccountConfig);
+
+        SmsTwoFaAccountConfig smsTwoFaAccountConfig = new SmsTwoFaAccountConfig();
+        smsTwoFaAccountConfig.setPhoneNumber("+38012312322");
+        twoFaConfigManager.saveTwoFaAccountConfig(tenantId, twoFaUser.getId(), smsTwoFaAccountConfig);
+
+        EmailTwoFaAccountConfig emailTwoFaAccountConfig = new EmailTwoFaAccountConfig();
+        emailTwoFaAccountConfig.setEmail(twoFaUser.getEmail());
+        twoFaConfigManager.saveTwoFaAccountConfig(tenantId, twoFaUser.getId(), emailTwoFaAccountConfig);
+
+        logInWithPreVerificationToken(twoFaUser.getEmail(), "12345678");
+
+        Map<TwoFaProviderType, TwoFactorAuthController.TwoFaProviderInfo> providersInfos = readResponse(doGet("/api/auth/2fa/providers").andExpect(status().isOk()), new TypeReference<List<TwoFactorAuthController.TwoFaProviderInfo>>() {}).stream()
+                .collect(Collectors.toMap(TwoFactorAuthController.TwoFaProviderInfo::getType, v -> v));
+
+        assertThat(providersInfos).size().isEqualTo(3);
+
+        assertThat(providersInfos).containsKey(TwoFaProviderType.TOTP);
+        assertThat(providersInfos.get(TwoFaProviderType.TOTP).isDefault()).isTrue();
+
+        assertThat(providersInfos).containsKey(TwoFaProviderType.SMS);
+        assertThat(providersInfos.get(TwoFaProviderType.SMS).isDefault()).isFalse();
+
+        assertThat(providersInfos).containsKey(TwoFaProviderType.EMAIL);
+        assertThat(providersInfos.get(TwoFaProviderType.EMAIL).isDefault()).isFalse();
+    }
+
+    private void logInWithPreVerificationToken(String username, String password) throws Exception {
+        LoginRequest loginRequest = new LoginRequest(username, password);
+
+        JwtTokenPair response = readResponse(doPost("/api/auth/login", loginRequest).andExpect(status().isOk()), JwtTokenPair.class);
+        assertThat(response.getToken()).isNotNull();
+        assertThat(response.getRefreshToken()).isNull();
+        assertThat(response.getScope()).isEqualTo(Authority.PRE_VERIFICATION_TOKEN);
+
+        this.token = response.getToken();
+    }
+
+    private TotpTwoFaAccountConfig configureTotpTwoFa(Consumer<PlatformTwoFaSettings>... customizer) throws ThingsboardException {
+        TotpTwoFaProviderConfig totpTwoFaProviderConfig = new TotpTwoFaProviderConfig();
+        totpTwoFaProviderConfig.setIssuerName("tb");
+
+        PlatformTwoFaSettings twoFaSettings = new PlatformTwoFaSettings();
+        twoFaSettings.setUseSystemTwoFactorAuthSettings(false);
+        twoFaSettings.setProviders(Arrays.stream(new TwoFaProviderConfig[]{totpTwoFaProviderConfig}).collect(Collectors.toList()));
+        Arrays.stream(customizer).forEach(c -> c.accept(twoFaSettings));
+        twoFaConfigManager.savePlatformTwoFaSettings(tenantId, twoFaSettings);
+
+        TotpTwoFaAccountConfig totpTwoFaAccountConfig = (TotpTwoFaAccountConfig) twoFactorAuthService.generateNewAccountConfig(user, TwoFaProviderType.TOTP);
+        twoFaConfigManager.saveTwoFaAccountConfig(tenantId, user.getId(), totpTwoFaAccountConfig);
+        return totpTwoFaAccountConfig;
+    }
+
+    private SmsTwoFaAccountConfig configureSmsTwoFa(Consumer<SmsTwoFaProviderConfig>... customizer) throws ThingsboardException {
+        SmsTwoFaProviderConfig smsTwoFaProviderConfig = new SmsTwoFaProviderConfig();
+        smsTwoFaProviderConfig.setVerificationCodeLifetime(60);
+        smsTwoFaProviderConfig.setSmsVerificationMessageTemplate("${verificationCode}");
+        Arrays.stream(customizer).forEach(c -> c.accept(smsTwoFaProviderConfig));
+
+        PlatformTwoFaSettings twoFaSettings = new PlatformTwoFaSettings();
+        twoFaSettings.setUseSystemTwoFactorAuthSettings(false);
+        twoFaSettings.setProviders(Arrays.stream(new TwoFaProviderConfig[]{smsTwoFaProviderConfig}).collect(Collectors.toList()));
+        twoFaConfigManager.savePlatformTwoFaSettings(tenantId, twoFaSettings);
+
+        SmsTwoFaAccountConfig smsTwoFaAccountConfig = new SmsTwoFaAccountConfig();
+        smsTwoFaAccountConfig.setPhoneNumber("+38050505050");
+        twoFaConfigManager.saveTwoFaAccountConfig(tenantId, user.getId(), smsTwoFaAccountConfig);
+        return smsTwoFaAccountConfig;
+    }
+
+    private String getCorrectTotp(TotpTwoFaAccountConfig totpTwoFaAccountConfig) {
+        String secret = StringUtils.substringAfterLast(totpTwoFaAccountConfig.getAuthUrl(), "secret=");
+        return new Totp(secret).now();
+    }
 
 }
diff --git a/common/message/src/test/java/org/thingsboard/server/common/msg/tools/RateLimitsTest.java b/common/message/src/test/java/org/thingsboard/server/common/msg/tools/RateLimitsTest.java
index 3878d64ec9..b0bbfa3dc6 100644
--- a/common/message/src/test/java/org/thingsboard/server/common/msg/tools/RateLimitsTest.java
+++ b/common/message/src/test/java/org/thingsboard/server/common/msg/tools/RateLimitsTest.java
@@ -67,7 +67,7 @@ public class RateLimitsTest {
         assertThat(rateLimits.tryConsume()).as("new token is available").isFalse();
 
         int expectedRefillTime = period * 1000;
-        int gap = 100;
+        int gap = 300;
 
         await("tokens refill for rate limit " + rateLimitConfig)
                 .atLeast(expectedRefillTime - gap, TimeUnit.MILLISECONDS)

From 70cbe29a5ddcdb8e766f382ed1174dba97813ad0 Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Fri, 6 May 2022 17:52:22 +0300
Subject: [PATCH 32/92] UI: Add 2FA profile setting form and added support
 Email 2FA provider

---
 .../http/two-factor-authentication.service.ts |  40 ++++++-
 .../two-factor-auth-settings.component.html   |  25 ++++-
 .../two-factor-auth-settings.component.ts     |  26 +++--
 .../email-auth-dialog.component.html          | 104 +++++++++++++++++
 .../email-auth-dialog.component.scss          |  15 +++
 .../email-auth-dialog.component.ts            |  93 ++++++++++++++++
 .../sms-auth-dialog.component.html            | 105 ++++++++++++++++++
 .../sms-auth-dialog.component.scss            |  15 +++
 .../sms-auth-dialog.component.ts              |  91 +++++++++++++++
 .../totp-auth-dialog.component.html           |  97 ++++++++++++++++
 .../totp-auth-dialog.component.scss           |  15 +++
 .../totp-auth-dialog.component.ts             |  80 +++++++++++++
 .../pages/profile/profile-routing.module.ts   |  19 +++-
 .../home/pages/profile/profile.component.html |  65 ++++++++++-
 .../home/pages/profile/profile.component.scss |  17 +++
 .../home/pages/profile/profile.component.ts   | 103 ++++++++++++++++-
 .../home/pages/profile/profile.module.ts      |   8 +-
 ui-ngx/src/app/shared/models/constants.ts     |   1 +
 .../shared/models/two-factor-auth.models.ts   |  35 +++++-
 .../assets/locale/locale.constant-en_US.json  |   5 +-
 20 files changed, 932 insertions(+), 27 deletions(-)
 create mode 100644 ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/email-auth-dialog.component.html
 create mode 100644 ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/email-auth-dialog.component.scss
 create mode 100644 ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/email-auth-dialog.component.ts
 create mode 100644 ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/sms-auth-dialog.component.html
 create mode 100644 ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/sms-auth-dialog.component.scss
 create mode 100644 ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/sms-auth-dialog.component.ts
 create mode 100644 ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/totp-auth-dialog.component.html
 create mode 100644 ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/totp-auth-dialog.component.scss
 create mode 100644 ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/totp-auth-dialog.component.ts

diff --git a/ui-ngx/src/app/core/http/two-factor-authentication.service.ts b/ui-ngx/src/app/core/http/two-factor-authentication.service.ts
index 230eddd208..36183db9d8 100644
--- a/ui-ngx/src/app/core/http/two-factor-authentication.service.ts
+++ b/ui-ngx/src/app/core/http/two-factor-authentication.service.ts
@@ -18,7 +18,12 @@ import { Injectable } from '@angular/core';
 import { HttpClient } from '@angular/common/http';
 import { defaultHttpOptionsFromConfig, RequestConfig } from '@core/http/http-utils';
 import { Observable } from 'rxjs';
-import { TwoFactorAuthSettings } from '@shared/models/two-factor-auth.models';
+import {
+  AccountTwoFaSettings,
+  TwoFactorAuthAccountConfig,
+  TwoFactorAuthProviderType,
+  TwoFactorAuthSettings
+} from '@shared/models/two-factor-auth.models';
 
 @Injectable({
   providedIn: 'root'
@@ -38,4 +43,37 @@ export class TwoFactorAuthenticationService {
     return this.http.post<TwoFactorAuthSettings>(`/api/2fa/settings`, settings, defaultHttpOptionsFromConfig(config));
   }
 
+  getAvailableTwoFaProviders(config?: RequestConfig): Observable<Array<TwoFactorAuthProviderType>> {
+    return this.http.get<Array<TwoFactorAuthProviderType>>(`/api/2fa/providers`, defaultHttpOptionsFromConfig(config));
+  }
+
+  generateTwoFaAccountConfig(providerType: TwoFactorAuthProviderType, config?: RequestConfig): Observable<TwoFactorAuthAccountConfig> {
+    return this.http.post<TwoFactorAuthAccountConfig>(`/api/2fa/account/config/generate?providerType=${providerType}`,
+      defaultHttpOptionsFromConfig(config));
+  }
+
+  getAccountTwoFaSettings(config?: RequestConfig): Observable<AccountTwoFaSettings> {
+    return this.http.get<AccountTwoFaSettings>(`/api/2fa/account/settings`, defaultHttpOptionsFromConfig(config));
+  }
+
+  updateTwoFaAccountConfig(providerType: TwoFactorAuthProviderType, useByDefault: boolean,
+                           config?: RequestConfig): Observable<AccountTwoFaSettings> {
+    return this.http.put<AccountTwoFaSettings>(`/api/2fa/account/config?providerType=${providerType}`, {useByDefault},
+      defaultHttpOptionsFromConfig(config));
+  }
+
+  submitTwoFaAccountConfig(authConfig: TwoFactorAuthAccountConfig, config?: RequestConfig): Observable<any> {
+    return this.http.post(`/api/2fa/account/config/submit`, authConfig, defaultHttpOptionsFromConfig(config));
+  }
+
+  verifyAndSaveTwoFaAccountConfig(authConfig: TwoFactorAuthAccountConfig, verificationCode: number,
+                                  config?: RequestConfig): Observable<any> {
+    return this.http.post(`/api/2fa/account/config?verificationCode=${verificationCode}`, authConfig, defaultHttpOptionsFromConfig(config));
+  }
+
+  deleteTwoFaAccountConfig(providerType: TwoFactorAuthProviderType, config?: RequestConfig): Observable<AccountTwoFaSettings> {
+    return this.http.delete<AccountTwoFaSettings>(`/api/2fa/account/config?providerType=${providerType}`,
+      defaultHttpOptionsFromConfig(config));
+  }
+
 }
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
index c92fe6de74..fccec76b54 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
@@ -81,7 +81,7 @@
             <ng-container formArrayName="providers">
               <div class="container">
                 <mat-accordion multi>
-                  <mat-expansion-panel *ngFor="let provider of providersForm.controls; let i = index">
+                  <mat-expansion-panel *ngFor="let provider of providersForm.controls; let i = index; trackBy: trackByElement">
                     <mat-expansion-panel-header>
                       <mat-panel-title fxLayoutAlign="start center">
                         {{ provider.value.providerType }}
@@ -102,10 +102,10 @@
                         <mat-form-field fxFlex class="mat-block">
                           <mat-label translate>admin.2fa.provider</mat-label>
                           <mat-select formControlName="providerType">
-                            <mat-option *ngFor="let twoFactorAuthProviderType of twoFactorAuthProviderTypes"
-                                        [value]="twoFactorAuthProviderType"
-                                        [disabled]="selectedTypes(twoFactorAuthProviderType[twoFactorAuthProviderType], i)">
-                              {{ twoFactorAuthProviderType }}
+                            <mat-option *ngFor="let provider of twoFactorAuthProviderTypes; trackBy: trackByElement"
+                                        [value]="provider"
+                                        [disabled]="selectedTypes(twoFactorAuthProviderType[provider], i)">
+                              {{ provider }}
                             </mat-option>
                           </mat-select>
                         </mat-form-field>
@@ -144,6 +144,19 @@
                               </mat-error>
                             </mat-form-field>
                           </div>
+                          <div *ngSwitchCase="twoFactorAuthProviderType.EMAIL">
+                            <mat-form-field fxFlex class="mat-block">
+                              <mat-label translate>admin.2fa.verification-code-lifetime</mat-label>
+                              <input matInput formControlName="verificationCodeLifetime" type="number" step="1" min="1" required>
+                              <mat-error *ngIf="provider.get('verificationCodeLifetime').hasError('required')">
+                                {{ "admin.2fa.verification-code-lifetime-required" | translate }}
+                              </mat-error>
+                              <mat-error *ngIf="provider.get('verificationCodeLifetime').hasError('min') ||
+                                                provider.get('verificationCodeLifetime').hasError('pattern')">
+                                {{ "admin.2fa.verification-code-lifetime-pattern" | translate }}
+                              </mat-error>
+                            </mat-form-field>
+                          </div>
                         </ng-container>
                       </section>
                     </ng-template>
@@ -159,7 +172,7 @@
                     || providersForm.length == twoFactorAuthProviderTypes.length || (isLoading$ | async)"
                     (click)="addProvider()">
               <mat-icon>add</mat-icon>
-              <span translate>action.add</span>
+              <span translate>admin.2fa.add-provider</span>
             </button>
             <button mat-button mat-raised-button color="primary"
                     [disabled]="(isLoading$ | async) || twoFaFormGroup.invalid || !twoFaFormGroup.dirty"
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
index 992c1c8ae4..5caf1533ed 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
@@ -20,7 +20,7 @@ import { HasConfirmForm } from '@core/guards/confirm-on-exit.guard';
 import { Store } from '@ngrx/store';
 import { AppState } from '@core/core.state';
 import { ActivatedRoute } from '@angular/router';
-import { FormArray, FormBuilder, FormGroup, Validators } from '@angular/forms';
+import { AbstractControl, FormArray, FormBuilder, FormGroup, Validators } from '@angular/forms';
 import { DialogService } from '@core/services/dialog.service';
 import { TranslateService } from '@ngx-translate/core';
 import { WINDOW } from '@core/services/window.service';
@@ -108,13 +108,14 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
     settings.providers.forEach(() => {
       this.addProvider();
     });
-    this.twoFaFormGroup.patchValue(settings, {emitEvent: false});
+    this.twoFaFormGroup.patchValue(settings);
+    this.twoFaFormGroup.markAsPristine();
   }
 
   addProvider() {
     const newProviders = this.fb.group({
       providerType: [TwoFactorAuthProviderType.TOTP],
-      issuerName: ['', Validators.required],
+      issuerName: ['ThingsBoard', Validators.required],
       smsVerificationMessageTemplate: [{
         value: 'Verification code: ${verificationCode}',
         disabled: true
@@ -143,16 +144,21 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
           newProviders.get('smsVerificationMessageTemplate').disable({emitEvent: false});
           newProviders.get('verificationCodeLifetime').disable({emitEvent: false});
           break;
+        case TwoFactorAuthProviderType.EMAIL:
+          newProviders.get('issuerName').disable({emitEvent: false});
+          newProviders.get('smsVerificationMessageTemplate').disable({emitEvent: false});
+          newProviders.get('verificationCodeLifetime').enable({emitEvent: false});
+          break;
       }
     });
     if (this.providersForm.length) {
-      const selectProvidersType = this.providersForm.value[0].providerType;
-      if (selectProvidersType === TwoFactorAuthProviderType.TOTP) {
-        newProviders.get('providerType').setValue(TwoFactorAuthProviderType.SMS);
-        newProviders.updateValueAndValidity();
-      }
+      const selectedProviderTypes = this.providersForm.value.map(providers => providers.providerType);
+      const allowProviders = this.twoFactorAuthProviderTypes.filter(provider => !selectedProviderTypes.includes(provider));
+      newProviders.get('providerType').setValue(allowProviders[0]);
+      newProviders.updateValueAndValidity();
     }
     this.providersForm.push(newProviders);
+    this.providersForm.markAsDirty();
   }
 
   removeProviders($event: Event, index: number): void {
@@ -169,6 +175,10 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
     return this.twoFaFormGroup.get('providers') as FormArray;
   }
 
+  trackByElement(i: number, item: any) {
+    return item;
+  }
+
   selectedTypes(type: TwoFactorAuthProviderType, index: number): boolean {
     const selectedProviderTypes: TwoFactorAuthProviderType[] = this.providersForm.value.map(providers => providers.providerType);
     selectedProviderTypes.splice(index, 1);
diff --git a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/email-auth-dialog.component.html b/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/email-auth-dialog.component.html
new file mode 100644
index 0000000000..46710e6ba0
--- /dev/null
+++ b/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/email-auth-dialog.component.html
@@ -0,0 +1,104 @@
+<!--
+
+    Copyright © 2016-2022 The Thingsboard Authors
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+-->
+<mat-toolbar fxLayout="row" color="primary">
+  <h2>Enable email authenticator</h2>
+  <span fxFlex></span>
+  <button mat-icon-button
+          (click)="closeDialog()"
+          type="button">
+    <mat-icon class="material-icons">close</mat-icon>
+  </button>
+</mat-toolbar>
+<mat-progress-bar color="warn" mode="indeterminate" *ngIf="isLoading$ | async">
+</mat-progress-bar>
+<div style="height: 4px;" *ngIf="!(isLoading$ | async)"></div>
+<div mat-dialog-content style="padding: 0">
+  <mat-stepper labelPosition="bottom" linear #stepper>
+    <ng-template matStepperIcon="edit">
+      <mat-icon>done</mat-icon>
+    </ng-template>
+    <mat-step [stepControl]="emailConfigForm">
+      <ng-template matStepLabel>Add email</ng-template>
+      <form [formGroup]="emailConfigForm" style="display: block">
+        <mat-form-field class="mat-block" appearance="fill" style="max-width: 250px;">
+          <mat-label translate>user.email</mat-label>
+          <input matInput formControlName="email" required/>
+          <mat-error *ngIf="emailConfigForm.get('email').hasError('required')">
+            {{ 'user.email-required' | translate }}
+          </mat-error>
+          <mat-error *ngIf="emailConfigForm.get('email').hasError('email')">
+            {{ 'user.invalid-email-format' | translate }}
+          </mat-error>
+        </mat-form-field>
+        <div fxLayout="row" fxLayoutAlign="end center">
+          <button mat-button
+                  type="button"
+                  [mat-dialog-close]="false">
+            {{ 'action.cancel' | translate }}
+          </button>
+          <button mat-raised-button
+                  type="button"
+                  color="primary"
+                  [disabled]="(isLoading$ | async) || emailConfigForm.invalid"
+                  (click)="nextStep()">
+            Send code
+          </button>
+        </div>
+      </form>
+    </mat-step>
+    <mat-step [stepControl]="emailVerificationForm">
+      <ng-template matStepLabel>Authentication verification</ng-template>
+      <form [formGroup]="emailVerificationForm" style="display: block">
+        <p class="mat-body-strong">Enter the 6-digit code here</p>
+        <p class="mat-body" style="max-width: 480px;">Enter the 6 digit verification code we just sent to {{ emailConfigForm.get('email').value }}.</p>
+        <mat-form-field class="mat-block" appearance="fill" style="max-width: 200px;">
+          <mat-label>6-digit code</mat-label>
+          <input matInput formControlName="verificationCode" required maxlength="6" type="text" pattern="\d*">
+        </mat-form-field>
+        <div fxLayout="row" fxLayoutAlign="end center">
+          <button mat-button
+                  type="button"
+                  [mat-dialog-close]="false">
+            {{ 'action.cancel' | translate }}
+          </button>
+          <button mat-raised-button
+                  type="button"
+                  color="primary"
+                  [disabled]="(isLoading$ | async) || emailVerificationForm.invalid"
+                  (click)="nextStep()">
+            Activate
+          </button>
+        </div>
+      </form>
+    </mat-step>
+    <mat-step>
+      <ng-template matStepLabel matStepperIcon="done">Two-factor authentication activated</ng-template>
+      <div>
+        <h2 class="mat-h2">Email authentication enabled</h2>
+        <p class="mat-body" style="max-width: 480px;">If we notice an attempted login from a device or browser we don’t recognize, you will be prompted to enter the security code that will be sent to your email address.</p>
+        <div fxLayout="row" fxLayoutAlign="end center">
+          <button mat-button
+                  type="button"
+                  [mat-dialog-close]="true">
+            Done
+          </button>
+        </div>
+      </div>
+    </mat-step>
+  </mat-stepper>
+</div>
diff --git a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/email-auth-dialog.component.scss b/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/email-auth-dialog.component.scss
new file mode 100644
index 0000000000..ec6f008a80
--- /dev/null
+++ b/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/email-auth-dialog.component.scss
@@ -0,0 +1,15 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
diff --git a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/email-auth-dialog.component.ts b/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/email-auth-dialog.component.ts
new file mode 100644
index 0000000000..be5976c78b
--- /dev/null
+++ b/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/email-auth-dialog.component.ts
@@ -0,0 +1,93 @@
+///
+/// Copyright © 2016-2022 The Thingsboard Authors
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     http://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+///
+
+import { Component, Inject, ViewChild } from '@angular/core';
+import { DialogComponent } from '@shared/components/dialog.component';
+import { Store } from '@ngrx/store';
+import { AppState } from '@core/core.state';
+import { Router } from '@angular/router';
+import { MAT_DIALOG_DATA, MatDialogRef } from '@angular/material/dialog';
+import { FormBuilder, FormGroup, Validators } from '@angular/forms';
+import { TwoFactorAuthenticationService } from '@core/http/two-factor-authentication.service';
+import { TwoFactorAuthAccountConfig, TwoFactorAuthProviderType } from '@shared/models/two-factor-auth.models';
+import { MatStepper } from '@angular/material/stepper';
+
+export interface EmailAuthDialogData {
+  email: string;
+}
+
+@Component({
+  selector: 'tb-email-auth-dialog',
+  templateUrl: './email-auth-dialog.component.html',
+  styleUrls: ['./email-auth-dialog.component.scss']
+})
+export class EmailAuthDialogComponent extends DialogComponent<EmailAuthDialogComponent> {
+
+  private authAccountConfig: TwoFactorAuthAccountConfig;
+
+  emailConfigForm: FormGroup;
+  emailVerificationForm: FormGroup;
+
+  @ViewChild('stepper', {static: false}) stepper: MatStepper;
+
+  constructor(protected store: Store<AppState>,
+              protected router: Router,
+              private twoFaService: TwoFactorAuthenticationService,
+              @Inject(MAT_DIALOG_DATA) public data: EmailAuthDialogData,
+              public dialogRef: MatDialogRef<EmailAuthDialogComponent>,
+              public fb: FormBuilder) {
+    super(store, router, dialogRef);
+
+    this.emailConfigForm = this.fb.group({
+      email: [this.data.email, [Validators.required, Validators.email]]
+    });
+
+    this.emailVerificationForm = this.fb.group({
+      verificationCode: ['', [
+        Validators.required,
+        Validators.minLength(6),
+        Validators.maxLength(6),
+        Validators.pattern(/^\d*$/)
+      ]]
+    });
+  }
+
+  nextStep() {
+    switch (this.stepper.selectedIndex) {
+      case 0:
+        this.authAccountConfig = {
+          providerType: TwoFactorAuthProviderType.EMAIL,
+          useByDefault: true,
+          email: this.emailConfigForm.get('email').value as string
+        };
+        this.twoFaService.submitTwoFaAccountConfig(this.authAccountConfig).subscribe(() => {
+          this.stepper.next();
+        });
+        break;
+      case 1:
+        this.twoFaService.verifyAndSaveTwoFaAccountConfig(this.authAccountConfig,
+                                                          this.emailVerificationForm.get('verificationCode').value).subscribe(() => {
+          this.stepper.next();
+        });
+        break;
+    }
+  }
+
+  closeDialog() {
+    return this.dialogRef.close(this.stepper.selectedIndex > 1);
+  }
+
+}
diff --git a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/sms-auth-dialog.component.html b/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/sms-auth-dialog.component.html
new file mode 100644
index 0000000000..03c6c7a465
--- /dev/null
+++ b/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/sms-auth-dialog.component.html
@@ -0,0 +1,105 @@
+<!--
+
+    Copyright © 2016-2022 The Thingsboard Authors
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+-->
+<mat-toolbar fxLayout="row" color="primary">
+  <h2>Enable SMS authenticator</h2>
+  <span fxFlex></span>
+  <button mat-icon-button
+          (click)="closeDialog()"
+          type="button">
+    <mat-icon class="material-icons">close</mat-icon>
+  </button>
+</mat-toolbar>
+<mat-progress-bar color="warn" mode="indeterminate" *ngIf="isLoading$ | async">
+</mat-progress-bar>
+<div style="height: 4px;" *ngIf="!(isLoading$ | async)"></div>
+<div mat-dialog-content style="padding: 0">
+  <mat-stepper labelPosition="bottom" linear #stepper>
+    <ng-template matStepperIcon="edit">
+      <mat-icon>done</mat-icon>
+    </ng-template>
+    <mat-step [stepControl]="smsConfigForm">
+      <ng-template matStepLabel>Add phone number</ng-template>
+      <form [formGroup]="smsConfigForm" style="display: block">
+        <p class="mat-body-1">Enter the phone number including the area code.</p>
+        <mat-form-field class="mat-block" appearance="fill" style="max-width: 250px;">
+          <mat-label>Phone number</mat-label>
+          <input type="tel" required [pattern]="phoneNumberPattern" matInput formControlName="phone">
+          <mat-error *ngIf="smsConfigForm.get('phone').hasError('required')">
+            {{ 'admin.number-to-required' | translate }}
+          </mat-error>
+          <mat-error *ngIf="smsConfigForm.get('phone').hasError('pattern')">
+            {{ 'admin.phone-number-pattern' | translate }}
+          </mat-error>
+        </mat-form-field>
+        <div fxLayout="row" fxLayoutAlign="end center">
+          <button mat-button
+                  type="button"
+                  [mat-dialog-close]="false">
+            {{ 'action.cancel' | translate }}
+          </button>
+          <button mat-raised-button
+                  type="button"
+                  color="primary"
+                  [disabled]="(isLoading$ | async) || smsConfigForm.invalid"
+                  (click)="nextStep()">
+            Send code
+          </button>
+        </div>
+      </form>
+    </mat-step>
+    <mat-step [stepControl]="smsVerificationForm">
+      <ng-template matStepLabel>Authentication verification</ng-template>
+      <form [formGroup]="smsVerificationForm" style="display: block">
+        <p class="mat-body-strong">Enter the 6-digit code here</p>
+        <p class="mat-body" style="max-width: 480px;">Enter the 6 digit verification code we just sent to {{ smsConfigForm.get('phone').value }}.</p>
+        <mat-form-field class="mat-block" appearance="fill" style="max-width: 200px;">
+          <mat-label>6-digit code</mat-label>
+          <input matInput formControlName="verificationCode" required maxlength="6" type="text" pattern="\d*">
+        </mat-form-field>
+        <div fxLayout="row" fxLayoutAlign="end center">
+          <button mat-button
+                  type="button"
+                  [mat-dialog-close]="false">
+            {{ 'action.cancel' | translate }}
+          </button>
+          <button mat-raised-button
+                  type="button"
+                  color="primary"
+                  [disabled]="(isLoading$ | async) || smsVerificationForm.invalid"
+                  (click)="nextStep()">
+            Activate
+          </button>
+        </div>
+      </form>
+    </mat-step>
+    <mat-step>
+      <ng-template matStepLabel matStepperIcon="done">Two-factor authentication activated</ng-template>
+      <div>
+        <h2 class="mat-h2">SMS authentication enabled</h2>
+        <p class="mat-body" style="max-width: 480px;">If we notice an attempted login from a device or browser we don’t recognize, you will be prompted to enter the security code that will be sent to the phone number.</p>
+        <div fxLayout="row" fxLayoutAlign="end center">
+          <button mat-button
+                  type="button"
+                  [mat-dialog-close]="true">
+            Done
+          </button>
+        </div>
+      </div>
+    </mat-step>
+  </mat-stepper>
+</div>
diff --git a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/sms-auth-dialog.component.scss b/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/sms-auth-dialog.component.scss
new file mode 100644
index 0000000000..ec6f008a80
--- /dev/null
+++ b/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/sms-auth-dialog.component.scss
@@ -0,0 +1,15 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
diff --git a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/sms-auth-dialog.component.ts b/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/sms-auth-dialog.component.ts
new file mode 100644
index 0000000000..ed707922eb
--- /dev/null
+++ b/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/sms-auth-dialog.component.ts
@@ -0,0 +1,91 @@
+///
+/// Copyright © 2016-2022 The Thingsboard Authors
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     http://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+///
+
+import { Component, ViewChild } from '@angular/core';
+import { DialogComponent } from '@shared/components/dialog.component';
+import { Store } from '@ngrx/store';
+import { AppState } from '@core/core.state';
+import { Router } from '@angular/router';
+import { MatDialogRef } from '@angular/material/dialog';
+import { FormBuilder, FormGroup, Validators } from '@angular/forms';
+import { TwoFactorAuthenticationService } from '@core/http/two-factor-authentication.service';
+import { TwoFactorAuthAccountConfig, TwoFactorAuthProviderType } from '@shared/models/two-factor-auth.models';
+import { phoneNumberPattern } from '@shared/models/settings.models';
+import { MatStepper } from '@angular/material/stepper';
+
+@Component({
+  selector: 'tb-sms-auth-dialog',
+  templateUrl: './sms-auth-dialog.component.html',
+  styleUrls: ['./sms-auth-dialog.component.scss']
+})
+export class SMSAuthDialogComponent extends DialogComponent<SMSAuthDialogComponent> {
+
+  private authAccountConfig: TwoFactorAuthAccountConfig;
+
+  phoneNumberPattern = phoneNumberPattern;
+
+  smsConfigForm: FormGroup;
+  smsVerificationForm: FormGroup;
+
+  @ViewChild('stepper', {static: false}) stepper: MatStepper;
+
+  constructor(protected store: Store<AppState>,
+              protected router: Router,
+              private twoFaService: TwoFactorAuthenticationService,
+              public dialogRef: MatDialogRef<SMSAuthDialogComponent>,
+              public fb: FormBuilder) {
+    super(store, router, dialogRef);
+
+    this.smsConfigForm = this.fb.group({
+      phone: ['', [Validators.required, Validators.pattern(phoneNumberPattern)]]
+    });
+
+    this.smsVerificationForm = this.fb.group({
+      verificationCode: ['', [
+        Validators.required,
+        Validators.minLength(6),
+        Validators.maxLength(6),
+        Validators.pattern(/^\d*$/)
+      ]]
+    });
+  }
+
+  nextStep() {
+    switch (this.stepper.selectedIndex) {
+      case 0:
+        this.authAccountConfig = {
+          providerType: TwoFactorAuthProviderType.SMS,
+          useByDefault: true,
+          phoneNumber: this.smsConfigForm.get('phone').value as string
+        };
+        this.twoFaService.submitTwoFaAccountConfig(this.authAccountConfig).subscribe(() => {
+          this.stepper.next();
+        });
+        break;
+      case 1:
+        this.twoFaService.verifyAndSaveTwoFaAccountConfig(this.authAccountConfig,
+                                                          this.smsVerificationForm.get('verificationCode').value).subscribe(() => {
+          this.stepper.next();
+        });
+        break;
+    }
+  }
+
+  closeDialog() {
+    return this.dialogRef.close(this.stepper.selectedIndex > 1);
+  }
+
+}
diff --git a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/totp-auth-dialog.component.html b/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/totp-auth-dialog.component.html
new file mode 100644
index 0000000000..09afbb2de0
--- /dev/null
+++ b/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/totp-auth-dialog.component.html
@@ -0,0 +1,97 @@
+<!--
+
+    Copyright © 2016-2022 The Thingsboard Authors
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+-->
+<mat-toolbar fxLayout="row" color="primary">
+  <h2>Enable authenticator app</h2>
+  <span fxFlex></span>
+  <button mat-icon-button
+          (click)="closeDialog()"
+          type="button">
+    <mat-icon class="material-icons">close</mat-icon>
+  </button>
+</mat-toolbar>
+<mat-progress-bar color="warn" mode="indeterminate" *ngIf="isLoading$ | async">
+</mat-progress-bar>
+<div style="height: 4px;" *ngIf="!(isLoading$ | async)"></div>
+<div mat-dialog-content style="padding: 0">
+  <mat-stepper labelPosition="bottom" linear #stepper>
+    <ng-template matStepperIcon="edit">
+      <mat-icon>done</mat-icon>
+    </ng-template>
+    <mat-step>
+      <ng-template matStepLabel>Get app</ng-template>
+      <div>
+        <p class="mat-body-1">You'll need to use a verification app such as Google Authenticator, Authy, or Duo. Install from your app store</p>
+        <div fxLayout="row" fxLayoutAlign="end center">
+          <button mat-button
+                  type="button"
+                  [mat-dialog-close]="false">
+            {{ 'action.cancel' | translate }}
+          </button>
+          <button mat-raised-button
+                  type="button"
+                  color="primary"
+                  matStepperNext>
+            Next
+          </button>
+        </div>
+      </div>
+    </mat-step>
+    <mat-step [stepControl]="totpConfigForm">
+      <ng-template matStepLabel>Authentication verification</ng-template>
+      <form [formGroup]="totpConfigForm" style="display: block">
+        <p class="mat-body-strong">1. Scan this QR code with your verification app</p>
+        <p class="mat-body" style="margin-bottom: 8px">Once your app reads the QR code, you'll get a 6-digit code.</p>
+        <canvas fxFlex #canvas [ngStyle]="{display: totpAuthURL ? 'block' : 'none'}"></canvas>
+        <p class="mat-body-strong">2. Enter the 6-digit code here</p>
+        <p class="mat-body" style="max-width: 480px;">Enter the code from the app below. Once connected, we'll remember your phone so you can use it each time you log in.</p>
+        <mat-form-field class="mat-block" appearance="fill" style="max-width: 200px;">
+          <mat-label>6-digit code</mat-label>
+          <input matInput formControlName="verificationCode" required maxlength="6" type="text" pattern="\d*">
+        </mat-form-field>
+        <div fxLayout="row" fxLayoutAlign="end center">
+          <button mat-button
+                  type="button"
+                  [mat-dialog-close]="false">
+            {{ 'action.cancel' | translate }}
+          </button>
+          <button mat-raised-button
+                  type="button"
+                  color="primary"
+                  [disabled]="(isLoading$ | async) || totpConfigForm.invalid"
+                  (click)="onSaveConfig()">
+            Next
+          </button>
+        </div>
+      </form>
+    </mat-step>
+    <mat-step>
+      <ng-template matStepLabel matStepperIcon="done">Two-factor authentication activated</ng-template>
+      <div>
+        <h2 class="mat-h2">Success</h2>
+        <p class="mat-body" style="max-width: 480px;">The next time you login from an unrecognized browser or device, you will need to provide a two-factor authentication code.</p>
+        <div fxLayout="row" fxLayoutAlign="end center">
+          <button mat-button
+                  type="button"
+                  [mat-dialog-close]="true">
+            Done
+          </button>
+        </div>
+      </div>
+    </mat-step>
+  </mat-stepper>
+</div>
diff --git a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/totp-auth-dialog.component.scss b/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/totp-auth-dialog.component.scss
new file mode 100644
index 0000000000..ec6f008a80
--- /dev/null
+++ b/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/totp-auth-dialog.component.scss
@@ -0,0 +1,15 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
diff --git a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/totp-auth-dialog.component.ts b/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/totp-auth-dialog.component.ts
new file mode 100644
index 0000000000..86b596ac2b
--- /dev/null
+++ b/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/totp-auth-dialog.component.ts
@@ -0,0 +1,80 @@
+///
+/// Copyright © 2016-2022 The Thingsboard Authors
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     http://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+///
+
+import { Component, ElementRef, ViewChild } from '@angular/core';
+import { DialogComponent } from '@shared/components/dialog.component';
+import { Store } from '@ngrx/store';
+import { AppState } from '@core/core.state';
+import { Router } from '@angular/router';
+import { MatDialogRef } from '@angular/material/dialog';
+import { FormBuilder, FormGroup, Validators } from '@angular/forms';
+import { TwoFactorAuthenticationService } from '@core/http/two-factor-authentication.service';
+import { TotpTwoFactorAuthAccountConfig, TwoFactorAuthProviderType } from '@shared/models/two-factor-auth.models';
+import { MatStepper } from '@angular/material/stepper';
+
+@Component({
+  selector: 'tb-totp-auth-dialog',
+  templateUrl: './totp-auth-dialog.component.html',
+  styleUrls: ['./totp-auth-dialog.component.scss']
+})
+export class TotpAuthDialogComponent extends DialogComponent<TotpAuthDialogComponent> {
+
+  private authAccountConfig: TotpTwoFactorAuthAccountConfig;
+
+  totpConfigForm: FormGroup;
+  totpAuthURL: string;
+
+  @ViewChild('stepper', {static: false}) stepper: MatStepper;
+  @ViewChild('canvas', {static: false}) canvasRef: ElementRef<HTMLCanvasElement>;
+
+  constructor(protected store: Store<AppState>,
+              protected router: Router,
+              private twoFaService: TwoFactorAuthenticationService,
+              public dialogRef: MatDialogRef<TotpAuthDialogComponent>,
+              public fb: FormBuilder) {
+    super(store, router, dialogRef);
+    this.twoFaService.generateTwoFaAccountConfig(TwoFactorAuthProviderType.TOTP).subscribe(accountConfig => {
+      this.authAccountConfig = accountConfig as TotpTwoFactorAuthAccountConfig;
+      this.totpAuthURL = this.authAccountConfig.authUrl;
+      this.authAccountConfig.useByDefault = true;
+      import('qrcode').then((QRCode) => {
+        QRCode.toCanvas(this.canvasRef.nativeElement, this.totpAuthURL);
+        this.canvasRef.nativeElement.style.width = 'auto';
+        this.canvasRef.nativeElement.style.height = 'auto';
+      });
+    });
+    this.totpConfigForm = this.fb.group({
+      verificationCode: ['', [
+        Validators.required,
+        Validators.minLength(6),
+        Validators.maxLength(6),
+        Validators.pattern(/^\d*$/)
+      ]]
+    });
+  }
+
+  onSaveConfig() {
+    this.twoFaService.verifyAndSaveTwoFaAccountConfig(this.authAccountConfig,
+                                                      this.totpConfigForm.get('verificationCode').value).subscribe((res) => {
+      this.stepper.next();
+    });
+  }
+
+  closeDialog() {
+    return this.dialogRef.close(this.stepper.selectedIndex > 1);
+  }
+
+}
diff --git a/ui-ngx/src/app/modules/home/pages/profile/profile-routing.module.ts b/ui-ngx/src/app/modules/home/pages/profile/profile-routing.module.ts
index 440db606fd..e7dae87288 100644
--- a/ui-ngx/src/app/modules/home/pages/profile/profile-routing.module.ts
+++ b/ui-ngx/src/app/modules/home/pages/profile/profile-routing.module.ts
@@ -26,6 +26,8 @@ import { AppState } from '@core/core.state';
 import { UserService } from '@core/http/user.service';
 import { getCurrentAuthUser } from '@core/auth/auth.selectors';
 import { Observable } from 'rxjs';
+import { TwoFactorAuthProviderType } from '@shared/models/two-factor-auth.models';
+import { TwoFactorAuthenticationService } from '@core/http/two-factor-authentication.service';
 
 @Injectable()
 export class UserProfileResolver implements Resolve<User> {
@@ -40,6 +42,17 @@ export class UserProfileResolver implements Resolve<User> {
   }
 }
 
+@Injectable()
+export class UserTwoFAProvidersResolver implements Resolve<Array<TwoFactorAuthProviderType>> {
+
+  constructor(private twoFactorAuthService: TwoFactorAuthenticationService) {
+  }
+
+  resolve(): Observable<Array<TwoFactorAuthProviderType>> {
+    return this.twoFactorAuthService.getAvailableTwoFaProviders();
+  }
+}
+
 const routes: Routes = [
   {
     path: 'profile',
@@ -54,7 +67,8 @@ const routes: Routes = [
       }
     },
     resolve: {
-      user: UserProfileResolver
+      user: UserProfileResolver,
+      providers: UserTwoFAProvidersResolver
     }
   }
 ];
@@ -63,7 +77,8 @@ const routes: Routes = [
   imports: [RouterModule.forChild(routes)],
   exports: [RouterModule],
   providers: [
-    UserProfileResolver
+    UserProfileResolver,
+    UserTwoFAProvidersResolver
   ]
 })
 export class ProfileRoutingModule { }
diff --git a/ui-ngx/src/app/modules/home/pages/profile/profile.component.html b/ui-ngx/src/app/modules/home/pages/profile/profile.component.html
index b0bcabf62b..a1e9ec0523 100644
--- a/ui-ngx/src/app/modules/home/pages/profile/profile.component.html
+++ b/ui-ngx/src/app/modules/home/pages/profile/profile.component.html
@@ -93,8 +93,7 @@
             </button>
             <span class="profile-btn-subtext">{{ expirationJwtData }}</span>
           </div>
-          <div fxLayout="row" class="layout-wrap">
-            <span fxFlex></span>
+          <div fxLayout="row" fxLayoutAlign="end start">
             <button mat-button mat-raised-button color="primary"
                     type="submit"
                     [disabled]="(isLoading$ | async) || profile.invalid || !profile.dirty">
@@ -105,4 +104,66 @@
       </form>
     </mat-card-content>
   </mat-card>
+  <mat-card class="profile-card" *ngIf="allowTwoFactorAuth">
+    <mat-card-title>
+      <span class="mat-title">Two-factor authentication</span>
+    </mat-card-title>
+    <mat-card-content>
+      <div class="mat-body-1 description">
+        Two-Factor Authentication (2FA) can be used to help protect your account from unauthorized access by requiring you to enter a security code when you sign in.
+      </div>
+      <div class="mat-body-2">Available authentication methods:</div>
+      <form [formGroup]="twoFactorAuth">
+        <fieldset [disabled]="isLoading$ | async">
+          <mat-radio-group formControlName="useByDefault">
+            <div *ngIf="allowTOTP2faProvider" class="provider">
+              <h3 class="mat-h3">Third-Party authentication app</h3>
+              <div fxLayout="row" fxLayoutAlign="space-between start">
+                <div class="mat-body-1 description">
+                  Use an Authenticator App as your Two-Factor Authentication. When you sign in you’ll be required to use the security code provided by your Authenticator App.
+                </div>
+                <mat-slide-toggle formControlName="TOTP"
+                                  (click)="confirm2FAChange($event, twoFactorAuthProviderType.TOTP)">
+                </mat-slide-toggle>
+              </div>
+              <mat-radio-button [value]="twoFactorAuthProviderType.TOTP"
+                                *ngIf="twoFactorAuth.get('TOTP').value">
+                <span class="checkbox-label">Make this my primary Two-Factor authentication method</span>
+              </mat-radio-button>
+            </div>
+            <div *ngIf="allowSMS2faProvider" class="provider">
+              <h3 class="mat-h3">SMS authentication</h3>
+              <div fxLayout="row" fxLayoutAlign="space-between start">
+                <div class="mat-body-1 description">
+                  Use your phone as your Two-Factor Authentication when you sign in you’ll be required to use the security code we send you via SMS message.
+                </div>
+                <mat-slide-toggle formControlName="SMS"
+                                  (click)="confirm2FAChange($event, twoFactorAuthProviderType.SMS)">
+                </mat-slide-toggle>
+              </div>
+              <mat-radio-button [value]="twoFactorAuthProviderType.SMS"
+                                *ngIf="twoFactorAuth.get('SMS').value">
+                <span class="checkbox-label">Make this my primary Two-Factor authentication method</span>
+              </mat-radio-button>
+            </div>
+            <div *ngIf="allowEmail2faProvider" class="provider">
+              <h3 class="mat-h3">Email authentication</h3>
+              <div fxLayout="row" fxLayoutAlign="space-between start">
+                <div class="mat-body-1 description">
+                  Use a security code sent to your email address as your Two-Factor Authentication (2FA). The security code will be sent to the address associated with your account. You’ll need to use it in when you sign in.
+                </div>
+                <mat-slide-toggle formControlName="EMAIL"
+                                  (click)="confirm2FAChange($event, twoFactorAuthProviderType.EMAIL)">
+                </mat-slide-toggle>
+              </div>
+              <mat-radio-button [value]="twoFactorAuthProviderType.EMAIL"
+                                *ngIf="twoFactorAuth.get('EMAIL').value">
+                <span class="checkbox-label">Make this my primary Two-Factor authentication method</span>
+              </mat-radio-button>
+            </div>
+          </mat-radio-group>
+        </fieldset>
+      </form>
+    </mat-card-content>
+  </mat-card>
 </div>
diff --git a/ui-ngx/src/app/modules/home/pages/profile/profile.component.scss b/ui-ngx/src/app/modules/home/pages/profile/profile.component.scss
index 08916ca584..f3f41c41d8 100644
--- a/ui-ngx/src/app/modules/home/pages/profile/profile.component.scss
+++ b/ui-ngx/src/app/modules/home/pages/profile/profile.component.scss
@@ -59,4 +59,21 @@
       }
     }
   }
+  .description {
+    padding-bottom: 8px;
+    color: #808080;
+    margin-right: 8px;
+  }
+
+  .provider {
+    padding: 14px 0;
+
+    .mat-h3 {
+      margin-bottom: 8px;
+    }
+
+    .checkbox-label {
+      font-size: 14px;
+    }
+  }
 }
diff --git a/ui-ngx/src/app/modules/home/pages/profile/profile.component.ts b/ui-ngx/src/app/modules/home/pages/profile/profile.component.ts
index 610006a3fd..0c676aca46 100644
--- a/ui-ngx/src/app/modules/home/pages/profile/profile.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/profile/profile.component.ts
@@ -14,7 +14,7 @@
 /// limitations under the License.
 ///
 
-import { Component, OnInit } from '@angular/core';
+import { Component, OnInit, ViewChild } from '@angular/core';
 import { UserService } from '@core/http/user.service';
 import { AuthUser, User } from '@shared/models/user.model';
 import { Authority } from '@shared/models/authority.enum';
@@ -37,6 +37,12 @@ import { getCurrentAuthUser } from '@core/auth/auth.selectors';
 import { ActionNotificationShow } from '@core/notification/notification.actions';
 import { DatePipe } from '@angular/common';
 import { ClipboardService } from 'ngx-clipboard';
+import { TwoFactorAuthenticationService } from '@core/http/two-factor-authentication.service';
+import { AccountTwoFaSettings, TwoFactorAuthProviderType } from '@shared/models/two-factor-auth.models';
+import { MatSlideToggle } from '@angular/material/slide-toggle';
+import { TotpAuthDialogComponent } from '@home/pages/profile/authentication-dialog/totp-auth-dialog.component';
+import { SMSAuthDialogComponent } from '@home/pages/profile/authentication-dialog/sms-auth-dialog.component';
+import { EmailAuthDialogComponent, } from '@home/pages/profile/authentication-dialog/email-auth-dialog.component';
 
 @Component({
   selector: 'tb-profile',
@@ -47,8 +53,25 @@ export class ProfileComponent extends PageComponent implements OnInit, HasConfir
 
   authorities = Authority;
   profile: FormGroup;
+  twoFactorAuth: FormGroup;
   user: User;
   languageList = env.supportedLangs;
+  allowTwoFactorAuth = false;
+  allowSMS2faProvider = false;
+  allowTOTP2faProvider = false;
+  allowEmail2faProvider = false;
+  twoFactorAuthProviderType = TwoFactorAuthProviderType;
+
+  @ViewChild('totp') totp: MatSlideToggle;
+
+  private authDialogMap = new Map<TwoFactorAuthProviderType, any>(
+[
+          [TwoFactorAuthProviderType.TOTP, TotpAuthDialogComponent],
+          [TwoFactorAuthProviderType.SMS, SMSAuthDialogComponent],
+          [TwoFactorAuthProviderType.EMAIL, EmailAuthDialogComponent]
+      ]
+  );
+
   private readonly authUser: AuthUser;
 
   get jwtToken(): string {
@@ -69,6 +92,7 @@ export class ProfileComponent extends PageComponent implements OnInit, HasConfir
               private userService: UserService,
               private authService: AuthService,
               private translate: TranslateService,
+              private twoFaService: TwoFactorAuthenticationService,
               public dialog: MatDialog,
               public dialogService: DialogService,
               public fb: FormBuilder,
@@ -80,10 +104,12 @@ export class ProfileComponent extends PageComponent implements OnInit, HasConfir
 
   ngOnInit() {
     this.buildProfileForm();
+    this.buildTwoFactorForm();
     this.userLoaded(this.route.snapshot.data.user);
+    this.twoFactorLoad(this.route.snapshot.data.providers);
   }
 
-  buildProfileForm() {
+  private buildProfileForm() {
     this.profile = this.fb.group({
       email: ['', [Validators.required, Validators.email]],
       firstName: [''],
@@ -94,6 +120,19 @@ export class ProfileComponent extends PageComponent implements OnInit, HasConfir
     });
   }
 
+  private buildTwoFactorForm() {
+    this.twoFactorAuth = this.fb.group({
+      TOTP: [false],
+      SMS: [false],
+      EMAIL: [false],
+      useByDefault: [null]
+    });
+    this.twoFactorAuth.get('useByDefault').valueChanges.subscribe(value => {
+      this.twoFaService.updateTwoFaAccountConfig(value, true, {ignoreLoading: true})
+        .subscribe(data => this.processTwoFactorAuthConfig(data));
+    });
+  }
+
   save(): void {
     this.user = {...this.user, ...this.profile.value};
     if (!this.user.additionalInfo) {
@@ -128,7 +167,7 @@ export class ProfileComponent extends PageComponent implements OnInit, HasConfir
     });
   }
 
-  userLoaded(user: User) {
+  private userLoaded(user: User) {
     this.user = user;
     this.profile.reset(user);
     let lang;
@@ -151,6 +190,37 @@ export class ProfileComponent extends PageComponent implements OnInit, HasConfir
     this.profile.get('homeDashboardHideToolbar').setValue(homeDashboardHideToolbar);
   }
 
+  private twoFactorLoad(providers: TwoFactorAuthProviderType[]) {
+    if (providers.length) {
+      this.allowTwoFactorAuth = true;
+      this.twoFaService.getAccountTwoFaSettings().subscribe(data => this.processTwoFactorAuthConfig(data));
+      providers.forEach(provider => {
+        switch (provider) {
+          case TwoFactorAuthProviderType.SMS:
+            this.allowSMS2faProvider = true;
+            break;
+          case TwoFactorAuthProviderType.TOTP:
+            this.allowTOTP2faProvider = true;
+            break;
+          case TwoFactorAuthProviderType.EMAIL:
+            this.allowEmail2faProvider = true;
+            break;
+        }
+      });
+    }
+  }
+
+  private processTwoFactorAuthConfig(setting?: AccountTwoFaSettings) {
+    if (setting) {
+      Object.values(setting.configs).forEach(config => {
+        this.twoFactorAuth.get(config.providerType).setValue(true);
+        if (config.useByDefault) {
+          this.twoFactorAuth.get('useByDefault').setValue(config.providerType, {emitEvent: false});
+        }
+      });
+    }
+  }
+
   confirmForm(): FormGroup {
     return this.profile;
   }
@@ -179,4 +249,31 @@ export class ProfileComponent extends PageComponent implements OnInit, HasConfir
       }));
     }
   }
+
+  confirm2FAChange(event: MouseEvent, provider: TwoFactorAuthProviderType) {
+    event.stopPropagation();
+    event.preventDefault();
+    const providerName = provider === TwoFactorAuthProviderType.TOTP ? 'authenticator app' : `${provider.toLowerCase()} authentication`;
+    if (this.twoFactorAuth.get(provider).value) {
+      this.dialogService.confirm(`Are you sure you want to disable ${providerName}?`,
+        `Disabling ${providerName} will make your account less secure`).subscribe(res => {
+        if (res) {
+          this.twoFaService.deleteTwoFaAccountConfig(provider).subscribe(data => this.processTwoFactorAuthConfig(data));
+        }
+      });
+    } else {
+      this.dialog.open(this.authDialogMap.get(provider), {
+        disableClose: true,
+        panelClass: ['tb-dialog', 'tb-fullscreen-dialog'],
+        data: {
+          email: this.user.email
+        }
+      }).afterClosed().subscribe(res => {
+        if (res) {
+          this.twoFactorAuth.get(provider).setValue(res);
+          this.twoFactorAuth.get('useByDefault').setValue(provider, {emitEvent: false});
+        }
+      });
+    }
+  }
 }
diff --git a/ui-ngx/src/app/modules/home/pages/profile/profile.module.ts b/ui-ngx/src/app/modules/home/pages/profile/profile.module.ts
index 4a8bcab074..5210158537 100644
--- a/ui-ngx/src/app/modules/home/pages/profile/profile.module.ts
+++ b/ui-ngx/src/app/modules/home/pages/profile/profile.module.ts
@@ -20,11 +20,17 @@ import { ProfileComponent } from './profile.component';
 import { SharedModule } from '@shared/shared.module';
 import { ProfileRoutingModule } from './profile-routing.module';
 import { ChangePasswordDialogComponent } from '@modules/home/pages/profile/change-password-dialog.component';
+import { TotpAuthDialogComponent } from './authentication-dialog/totp-auth-dialog.component';
+import { SMSAuthDialogComponent } from '@home/pages/profile/authentication-dialog/sms-auth-dialog.component';
+import { EmailAuthDialogComponent } from '@home/pages/profile/authentication-dialog/email-auth-dialog.component';
 
 @NgModule({
   declarations: [
     ProfileComponent,
-    ChangePasswordDialogComponent
+    ChangePasswordDialogComponent,
+    TotpAuthDialogComponent,
+    SMSAuthDialogComponent,
+    EmailAuthDialogComponent
   ],
   imports: [
     CommonModule,
diff --git a/ui-ngx/src/app/shared/models/constants.ts b/ui-ngx/src/app/shared/models/constants.ts
index 4bfce6414a..833efd39ab 100644
--- a/ui-ngx/src/app/shared/models/constants.ts
+++ b/ui-ngx/src/app/shared/models/constants.ts
@@ -63,6 +63,7 @@ export const HelpLinks = {
     smsProviderSettings: helpBaseUrl + '/docs/user-guide/ui/sms-provider-settings',
     securitySettings: helpBaseUrl + '/docs/user-guide/ui/security-settings',
     oauth2Settings: helpBaseUrl + '/docs/user-guide/oauth-2-support/',
+    twoFactorAuthSettings: helpBaseUrl + '/docs/',
     ruleEngine: helpBaseUrl + '/docs/user-guide/rule-engine-2-0/overview/',
     ruleNodeCheckRelation: helpBaseUrl + '/docs/user-guide/rule-engine-2-0/filter-nodes/#check-relation-filter-node',
     ruleNodeCheckExistenceFields: helpBaseUrl + '/docs/user-guide/rule-engine-2-0/filter-nodes/#check-existence-fields-node',
diff --git a/ui-ngx/src/app/shared/models/two-factor-auth.models.ts b/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
index ab64143a66..731c1212e9 100644
--- a/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
+++ b/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
@@ -23,7 +23,8 @@ export interface TwoFactorAuthSettings {
   verificationCodeSendRateLimit: string;
 }
 
-export type TwoFactorAuthProviderConfig = Partial<TotpTwoFactorAuthProviderConfig | SmsTwoFactorAuthProviderConfig>;
+export type TwoFactorAuthProviderConfig = Partial<TotpTwoFactorAuthProviderConfig | SmsTwoFactorAuthProviderConfig |
+                                                    EmailTwoFactorAuthProviderConfig>;
 
 export interface TotpTwoFactorAuthProviderConfig {
   providerType: TwoFactorAuthProviderType;
@@ -36,7 +37,37 @@ export interface SmsTwoFactorAuthProviderConfig {
   verificationCodeLifetime: number;
 }
 
+export interface EmailTwoFactorAuthProviderConfig {
+  providerType: TwoFactorAuthProviderType;
+  verificationCodeLifetime: number;
+}
+
 export enum TwoFactorAuthProviderType{
   TOTP = 'TOTP',
-  SMS = 'SMS'
+  SMS = 'SMS',
+  EMAIL = 'EMAIL'
+}
+
+interface GeneralTwoFactorAuthAccountConfig {
+  providerType: TwoFactorAuthProviderType;
+  useByDefault: boolean;
+}
+
+export interface TotpTwoFactorAuthAccountConfig extends GeneralTwoFactorAuthAccountConfig {
+  authUrl: string;
+}
+
+export interface SmsTwoFactorAuthAccountConfig extends GeneralTwoFactorAuthAccountConfig {
+  phoneNumber: string;
+}
+
+export interface EmailTwoFactorAuthAccountConfig extends GeneralTwoFactorAuthAccountConfig {
+  email: string;
+}
+
+export type TwoFactorAuthAccountConfig = TotpTwoFactorAuthAccountConfig | SmsTwoFactorAuthAccountConfig | EmailTwoFactorAuthAccountConfig;
+
+
+export interface AccountTwoFaSettings {
+  configs?: {TwoFactorAuthProviderType: TwoFactorAuthAccountConfig};
 }
diff --git a/ui-ngx/src/assets/locale/locale.constant-en_US.json b/ui-ngx/src/assets/locale/locale.constant-en_US.json
index 89b9bc5d2d..743068fc22 100644
--- a/ui-ngx/src/assets/locale/locale.constant-en_US.json
+++ b/ui-ngx/src/assets/locale/locale.constant-en_US.json
@@ -255,6 +255,7 @@
         },
         "2fa":  {
           "2fa": "Two-factor authentication",
+          "add-provider": "Add provider",
           "available-providers": "Available providers:",
           "issuer-name": "Issuer name",
           "issuer-name-required": "Issuer name is required.",
@@ -262,14 +263,14 @@
           "max-verification-failures-before-user-lockout-pattern": "Max verification failures must be a positive integer.",
           "max-verification-failures-before-user-lockout-required": "Max verification failures is required.",
           "provider": "Provider",
-          "total-allowed-time-for-verification": "Total allowed time for verification",
+          "total-allowed-time-for-verification": "Total allowed time for verification (sec)",
           "total-allowed-time-for-verification-pattern": "Total allowed time must be a positive integer.",
           "total-allowed-time-for-verification-required": "Total allowed time is required.",
           "use-system-two-factor-auth-settings": "Use system two factor auth settings",
           "verification-code-check-rate-limit": "Verification code check rate limit",
           "verification-code-check-rate-limit-pattern": "Verification code check limit has invalid format",
           "verification-code-check-rate-limit-required": "Verification code check rate limit is required.",
-          "verification-code-lifetime": "Verification code lifetime",
+          "verification-code-lifetime": "Verification code lifetime (sec)",
           "verification-code-lifetime-pattern": "Verification code lifetime must be a positive integer.",
           "verification-code-lifetime-required": "Verification code lifetime is required.",
           "verification-code-send-rate-limit": "Verification code send rate limit",

From d3c23c914d2a29a1b27fdfde8b7632aa3d1e312c Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Mon, 9 May 2022 11:45:21 +0300
Subject: [PATCH 33/92] Ensure at least one 2FA account config is default

---
 .../controller/TwoFaConfigController.java       | 17 +++--------------
 .../mfa/config/DefaultTwoFaConfigManager.java   | 17 +++++++++++++----
 .../auth/mfa/config/TwoFaConfigManager.java     |  1 -
 .../controller/TwoFactorAuthConfigTest.java     |  3 +++
 4 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
index 60541b1ce4..d974189bab 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
@@ -50,7 +50,6 @@ import javax.servlet.http.HttpServletResponse;
 import javax.validation.Valid;
 import java.util.Collections;
 import java.util.List;
-import java.util.Map;
 import java.util.stream.Collectors;
 
 import static org.thingsboard.server.controller.ControllerConstants.NEW_LINE;
@@ -191,20 +190,10 @@ public class TwoFaConfigController extends BaseController {
                                                          @RequestBody TwoFaAccountConfigUpdateRequest updateRequest) throws ThingsboardException {
         SecurityUser user = getCurrentUser();
 
-        AccountTwoFaSettings settings = twoFaConfigManager.getAccountTwoFaSettings(user.getTenantId(), user.getId())
-                .orElseThrow(() -> new IllegalArgumentException("No 2FA config found"));
-        Map<TwoFaProviderType, TwoFaAccountConfig> configs = settings.getConfigs();
-
-        TwoFaAccountConfig accountConfig;
-        if ((accountConfig = configs.get(providerType)) == null) {
-            throw new IllegalArgumentException("Config for " + providerType + " 2FA provider not found");
-        }
-        if (updateRequest.isUseByDefault()) {
-            configs.values().forEach(config -> config.setUseByDefault(false));
-        }
+        TwoFaAccountConfig accountConfig = twoFaConfigManager.getTwoFaAccountConfig(user.getTenantId(), user.getId(), providerType)
+                .orElseThrow(() -> new IllegalArgumentException("Config for " + providerType + " 2FA provider not found"));
         accountConfig.setUseByDefault(updateRequest.isUseByDefault());
-
-        return twoFaConfigManager.saveAccountTwoFaSettings(user.getTenantId(), user.getId(), settings);
+        return twoFaConfigManager.saveTwoFaAccountConfig(user.getTenantId(), user.getId(), accountConfig);
     }
 
     @ApiOperation(value = "Delete 2FA account config (deleteTwoFaAccountConfig)", notes =
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java
index 75ca7b1e45..a1c56e4cd7 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java
@@ -38,11 +38,10 @@ import org.thingsboard.server.dao.settings.AdminSettingsService;
 import org.thingsboard.server.dao.user.UserAuthSettingsDao;
 
 import java.util.Collections;
+import java.util.Comparator;
 import java.util.LinkedHashMap;
-import java.util.Map;
 import java.util.Optional;
 import java.util.concurrent.ExecutionException;
-import java.util.function.Consumer;
 
 @Service
 @RequiredArgsConstructor
@@ -68,8 +67,7 @@ public class DefaultTwoFaConfigManager implements TwoFaConfigManager {
                 });
     }
 
-    @Override
-    public AccountTwoFaSettings saveAccountTwoFaSettings(TenantId tenantId, UserId userId, AccountTwoFaSettings settings) {
+    protected AccountTwoFaSettings saveAccountTwoFaSettings(TenantId tenantId, UserId userId, AccountTwoFaSettings settings) {
         UserAuthSettings userAuthSettings = Optional.ofNullable(userAuthSettingsDao.findByUserId(userId))
                 .orElseGet(() -> {
                     UserAuthSettings newUserAuthSettings = new UserAuthSettings();
@@ -99,7 +97,13 @@ public class DefaultTwoFaConfigManager implements TwoFaConfigManager {
             newSettings.setConfigs(new LinkedHashMap<>());
             return newSettings;
         });
+        if (accountConfig.isUseByDefault()) {
+            settings.getConfigs().values().forEach(config -> config.setUseByDefault(false));
+        }
         settings.getConfigs().put(accountConfig.getProviderType(), accountConfig);
+        if (settings.getConfigs().values().stream().noneMatch(TwoFaAccountConfig::isUseByDefault)) {
+            settings.getConfigs().values().stream().findFirst().ifPresent(config -> config.setUseByDefault(true));
+        }
         return saveAccountTwoFaSettings(tenantId, userId, settings);
     }
 
@@ -108,6 +112,11 @@ public class DefaultTwoFaConfigManager implements TwoFaConfigManager {
         AccountTwoFaSettings settings = getAccountTwoFaSettings(tenantId, userId)
                 .orElseThrow(() -> new IllegalArgumentException("2FA not configured"));
         settings.getConfigs().remove(providerType);
+        if (!settings.getConfigs().isEmpty() && settings.getConfigs().values().stream().noneMatch(TwoFaAccountConfig::isUseByDefault)) {
+            settings.getConfigs().values().stream()
+                    .min(Comparator.comparing(TwoFaAccountConfig::getProviderType))
+                    .ifPresent(config -> config.setUseByDefault(true));
+        }
         return saveAccountTwoFaSettings(tenantId, userId, settings);
     }
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFaConfigManager.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFaConfigManager.java
index f1a4590572..212c4697bf 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFaConfigManager.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFaConfigManager.java
@@ -28,7 +28,6 @@ public interface TwoFaConfigManager {
 
     Optional<AccountTwoFaSettings> getAccountTwoFaSettings(TenantId tenantId, UserId userId);
 
-    AccountTwoFaSettings saveAccountTwoFaSettings(TenantId tenantId, UserId userId, AccountTwoFaSettings settings);
 
     Optional<TwoFaAccountConfig> getTwoFaAccountConfig(TenantId tenantId, UserId userId, TwoFaProviderType providerType);
 
diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
index 3438ed19f8..f9dc02e8d3 100644
--- a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
@@ -303,6 +303,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
         loginTenantAdmin();
 
         TotpTwoFaAccountConfig generatedTotpTwoFaAccountConfig = generateTotpTwoFaAccountConfig(totpTwoFaProviderConfig);
+        generatedTotpTwoFaAccountConfig.setUseByDefault(true);
 
         String secret = UriComponentsBuilder.fromUriString(generatedTotpTwoFaAccountConfig.getAuthUrl()).build()
                 .getQueryParams().getFirst("secret");
@@ -421,6 +422,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
         SmsTwoFaAccountConfig smsTwoFaAccountConfig = new SmsTwoFaAccountConfig();
         smsTwoFaAccountConfig.setPhoneNumber("+38051889445");
+        smsTwoFaAccountConfig.setUseByDefault(true);
 
         ArgumentCaptor<String> verificationCodeCaptor = ArgumentCaptor.forClass(String.class);
         doPost("/api/2fa/account/config/submit", smsTwoFaAccountConfig).andExpect(status().isOk());
@@ -459,6 +461,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
         SmsTwoFaAccountConfig initialSmsTwoFaAccountConfig = new SmsTwoFaAccountConfig();
         initialSmsTwoFaAccountConfig.setPhoneNumber("+38051889445");
+        initialSmsTwoFaAccountConfig.setUseByDefault(true);
 
         ArgumentCaptor<String> verificationCodeCaptor = ArgumentCaptor.forClass(String.class);
         doPost("/api/2fa/account/config/submit", initialSmsTwoFaAccountConfig).andExpect(status().isOk());

From 664d337a99fac8c4aab9259a7b81bb65bb61263e Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Mon, 16 May 2022 17:21:04 +0300
Subject: [PATCH 34/92] UI: Refactoring 2FA system admin settings

---
 ui-ngx/src/app/core/services/menu.service.ts  |  14 -
 .../home/pages/admin/admin-routing.module.ts  |   2 +-
 .../two-factor-auth-settings.component.html   | 304 +++++++++---------
 .../two-factor-auth-settings.component.scss   |  63 +++-
 .../two-factor-auth-settings.component.ts     | 251 +++++++++------
 .../shared/models/two-factor-auth.models.ts   |  52 ++-
 .../assets/locale/locale.constant-en_US.json  |  17 +-
 7 files changed, 430 insertions(+), 273 deletions(-)

diff --git a/ui-ngx/src/app/core/services/menu.service.ts b/ui-ngx/src/app/core/services/menu.service.ts
index 15ab552d53..becf23ebb6 100644
--- a/ui-ngx/src/app/core/services/menu.service.ts
+++ b/ui-ngx/src/app/core/services/menu.service.ts
@@ -374,14 +374,6 @@ export class MenuService {
             path: '/settings/home',
             icon: 'settings_applications'
           },
-          {
-            id: guid(),
-            name: 'admin.2fa.2fa',
-            type: 'link',
-            path: '/settings/2fa',
-            icon: 'mdi:two-factor-authentication',
-            isMdiIcon: true
-          },
           {
             id: guid(),
             name: 'resource.resources-library',
@@ -518,12 +510,6 @@ export class MenuService {
             icon: 'settings_applications',
             path: '/settings/home'
           },
-          {
-            name: 'admin.2fa.2fa',
-            icon: 'mdi:two-factor-authentication',
-            isMdiIcon: true,
-            path: '/settings/2fa'
-          },
           {
             name: 'resource.resources-library',
             icon: 'folder',
diff --git a/ui-ngx/src/app/modules/home/pages/admin/admin-routing.module.ts b/ui-ngx/src/app/modules/home/pages/admin/admin-routing.module.ts
index e63eec7b52..b381d39b3c 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/admin-routing.module.ts
+++ b/ui-ngx/src/app/modules/home/pages/admin/admin-routing.module.ts
@@ -190,7 +190,7 @@ const routes: Routes = [
         component: TwoFactorAuthSettingsComponent,
         canDeactivate: [ConfirmOnExitGuard],
         data: {
-          auth: [Authority.SYS_ADMIN, Authority.TENANT_ADMIN],
+          auth: [Authority.SYS_ADMIN],
           title: 'admin.2fa.2fa',
           breadcrumb: {
             label: 'admin.2fa.2fa',
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
index fccec76b54..bcc5a695e2 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
@@ -27,159 +27,171 @@
     <mat-progress-bar color="warn" mode="indeterminate" *ngIf="isLoading$ | async">
     </mat-progress-bar>
     <div style="height: 4px;" *ngIf="!(isLoading$ | async)"></div>
-    <mat-card-content style="padding-top: 16px;">
+    <mat-card-content>
       <form [formGroup]="twoFaFormGroup" (ngSubmit)="save()">
         <fieldset [disabled]="isLoading$ | async">
-          <mat-checkbox *ngIf="isTenantAdmin()" formControlName="useSystemTwoFactorAuthSettings" style="padding-bottom: 16px;">
-            {{ 'admin.2fa.use-system-two-factor-auth-settings' | translate }}
-          </mat-checkbox>
-          <ng-container *ngIf="!isTenantAdmin() || !twoFaFormGroup.get('useSystemTwoFactorAuthSettings').value">
-            <mat-form-field fxFlex class="mat-block">
-              <mat-label translate>admin.2fa.total-allowed-time-for-verification</mat-label>
-              <input matInput required formControlName="totalAllowedTimeForVerification" type="number" step="1" min="1">
-              <mat-error *ngIf="twoFaFormGroup.get('totalAllowedTimeForVerification').hasError('required')">
-                {{ 'admin.2fa.total-allowed-time-for-verification-required' | translate }}
-              </mat-error>
-              <mat-error *ngIf="twoFaFormGroup.get('totalAllowedTimeForVerification').hasError('pattern')
-                  || twoFaFormGroup.get('totalAllowedTimeForVerification').hasError('min')">
-                {{ 'admin.2fa.total-allowed-time-for-verification-pattern' | translate }}
-              </mat-error>
-            </mat-form-field>
-            <mat-form-field fxFlex class="mat-block">
-              <mat-label translate>admin.2fa.max-verification-failures-before-user-lockout</mat-label>
-              <input matInput required formControlName="maxVerificationFailuresBeforeUserLockout" type="number" step="1" min="0" max="65535">
-              <mat-error *ngIf="twoFaFormGroup.get('maxVerificationFailuresBeforeUserLockout').hasError('required')">
-                {{ 'admin.2fa.max-verification-failures-before-user-lockout-required' | translate }}
-              </mat-error>
-              <mat-error *ngIf="twoFaFormGroup.get('maxVerificationFailuresBeforeUserLockout').hasError('pattern')
-                  || twoFaFormGroup.get('maxVerificationFailuresBeforeUserLockout').hasError('min')
-                  || twoFaFormGroup.get('maxVerificationFailuresBeforeUserLockout').hasError('max')">
-                {{ 'admin.2fa.max-verification-failures-before-user-lockout-pattern' | translate }}
-              </mat-error>
-            </mat-form-field>
-            <mat-form-field fxFlex class="mat-block">
-              <mat-label translate>admin.2fa.verification-code-send-rate-limit</mat-label>
-              <input matInput formControlName="verificationCodeSendRateLimit" required>
-              <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimit').hasError('required')">
-                {{ 'admin.2fa.verification-code-send-rate-limit-required' | translate }}
-              </mat-error>
-              <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimit').hasError('pattern')">
-                {{ 'admin.2fa.verification-code-send-rate-limit-pattern' | translate }}
-              </mat-error>
-            </mat-form-field>
-            <mat-form-field fxFlex class="mat-block">
-              <mat-label translate>admin.2fa.verification-code-check-rate-limit</mat-label>
-              <input matInput formControlName="verificationCodeCheckRateLimit" required>
-              <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimit').hasError('required')">
-                {{ 'admin.2fa.verification-code-check-rate-limit-required' | translate }}
-              </mat-error>
-              <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimit').hasError('pattern')">
-                {{ 'admin.2fa.verification-code-check-rate-limit-pattern' | translate }}
-              </mat-error>
-            </mat-form-field>
-            <div class="mat-h3" translate>admin.2fa.available-providers</div>
-            <ng-container formArrayName="providers">
-              <div class="container">
-                <mat-accordion multi>
-                  <mat-expansion-panel *ngFor="let provider of providersForm.controls; let i = index; trackBy: trackByElement">
-                    <mat-expansion-panel-header>
-                      <mat-panel-title fxLayoutAlign="start center">
-                        {{ provider.value.providerType }}
-                      </mat-panel-title>
-                      <mat-panel-description fxLayoutAlign="end center">
-                        <button mat-icon-button
-                                type="button"
-                                (click)="removeProviders($event, i)"
-                                matTooltip="{{ 'admin.oauth2.delete-provider' | translate }}"
-                                matTooltipPosition="above">
-                          <mat-icon>delete</mat-icon>
-                        </button>
-                      </mat-panel-description>
-                    </mat-expansion-panel-header>
+          <ng-container>
+            <fieldset class="fields-group">
+              <legend class="group-title" translate>admin.2fa.general-setting</legend>
+              <div class="input-row" fxLayout="row" fxLayout.sm="column" fxLayoutGap="8px">
+                <mat-form-field fxFlex class="mat-block">
+                  <mat-label translate>admin.2fa.total-allowed-time-for-verification</mat-label>
+                  <input matInput required formControlName="totalAllowedTimeForVerification" type="number" step="1" min="1">
+                  <mat-error *ngIf="twoFaFormGroup.get('totalAllowedTimeForVerification').hasError('required')">
+                    {{ 'admin.2fa.total-allowed-time-for-verification-required' | translate }}
+                  </mat-error>
+                  <mat-error *ngIf="twoFaFormGroup.get('totalAllowedTimeForVerification').hasError('pattern')
+                    || twoFaFormGroup.get('totalAllowedTimeForVerification').hasError('min')">
+                    {{ 'admin.2fa.total-allowed-time-for-verification-pattern' | translate }}
+                  </mat-error>
+                </mat-form-field>
+                <mat-form-field fxFlex class="mat-block">
+                  <mat-label translate>admin.2fa.max-verification-failures-before-user-lockout</mat-label>
+                  <input matInput required formControlName="maxVerificationFailuresBeforeUserLockout" type="number" step="1" min="0" max="65535">
+                  <mat-error *ngIf="twoFaFormGroup.get('maxVerificationFailuresBeforeUserLockout').hasError('required')">
+                    {{ 'admin.2fa.max-verification-failures-before-user-lockout-required' | translate }}
+                  </mat-error>
+                  <mat-error *ngIf="twoFaFormGroup.get('maxVerificationFailuresBeforeUserLockout').hasError('pattern')
+                    || twoFaFormGroup.get('maxVerificationFailuresBeforeUserLockout').hasError('min')
+                    || twoFaFormGroup.get('maxVerificationFailuresBeforeUserLockout').hasError('max')">
+                    {{ 'admin.2fa.max-verification-failures-before-user-lockout-pattern' | translate }}
+                  </mat-error>
+                </mat-form-field>
+              </div>
+              <mat-slide-toggle class="rate-limit-toggle" formControlName="verificationCodeSendRateLimitEnable">
+                {{ 'admin.2fa.verification-code-send-rate-limit' | translate }}
+              </mat-slide-toggle>
+              <div class="input-row" fxLayout="row" fxLayout.sm="column" fxLayoutGap="8px"
+                   *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitEnable').value">
+                <mat-form-field fxFlex class="mat-block">
+                  <mat-label translate>admin.2fa.number-of-attempts</mat-label>
+                  <input matInput formControlName="verificationCodeSendRateLimitNumber" type="number" step="1" min="1" required>
+                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitNumber').hasError('required')">
+                    {{ 'admin.2fa.number-of-attempts-required' | translate }}
+                  </mat-error>
+                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitNumber').hasError('pattern')
+                    || twoFaFormGroup.get('verificationCodeSendRateLimitNumber').hasError('min')">
+                    {{ 'admin.2fa.number-of-attempts-pattern' | translate }}
+                  </mat-error>
+                </mat-form-field>
+                <mat-form-field fxFlex class="mat-block">
+                  <mat-label translate>admin.2fa.within-time</mat-label>
+                  <input matInput formControlName="verificationCodeSendRateLimitTime" type="number" step="1" min="1" required>
+                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitTime').hasError('required')">
+                    {{ 'admin.2fa.within-time-required' | translate }}
+                  </mat-error>
+                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitTime').hasError('pattern')
+                    || twoFaFormGroup.get('verificationCodeSendRateLimitTime').hasError('min')">
+                    {{ 'admin.2fa.within-time-pattern' | translate }}
+                  </mat-error>
+                </mat-form-field>
+              </div>
+              <mat-slide-toggle class="rate-limit-toggle" formControlName="verificationCodeCheckRateLimitEnable">
+                {{ 'admin.2fa.verification-code-check-rate-limit' | translate }}
+              </mat-slide-toggle>
+              <div class="input-row" fxLayout="row" fxLayout.sm="column" fxLayoutGap="8px"
+                   *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitEnable').value">
+                <mat-form-field fxFlex class="mat-block">
+                  <mat-label translate>admin.2fa.number-of-attempts</mat-label>
+                  <input matInput formControlName="verificationCodeCheckRateLimitNumber" required type="number" step="1" min="1">
+                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitNumber').hasError('required')">
+                    {{ 'admin.2fa.number-of-attempts-required' | translate }}
+                  </mat-error>
+                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitNumber').hasError('pattern')
+                    || twoFaFormGroup.get('verificationCodeCheckRateLimitNumber').hasError('min')">
+                    {{ 'admin.2fa.number-of-attempts-pattern' | translate }}
+                  </mat-error>
+                </mat-form-field>
+                <mat-form-field fxFlex class="mat-block">
+                  <mat-label translate>admin.2fa.within-time</mat-label>
+                  <input matInput formControlName="verificationCodeCheckRateLimitTime" required type="number" step="1" min="1">
+                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitTime').hasError('required')">
+                    {{ 'admin.2fa.within-time-required' | translate }}
+                  </mat-error>
+                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitTime').hasError('pattern')
+                    || twoFaFormGroup.get('verificationCodeCheckRateLimitTime').hasError('min')">
+                    {{ 'admin.2fa.within-time-pattern' | translate }}
+                  </mat-error>
+                </mat-form-field>
+              </div>
+            </fieldset>
+            <fieldset class="fields-group" formArrayName="providers">
+              <legend class="group-title" translate>admin.2fa.available-providers</legend>
+              <ng-container *ngFor="let provider of providersForm.controls; let i = index; let $last = last; trackBy: trackByElement">
+                <mat-expansion-panel class="provider" [formGroupName]="i">
+                  <mat-expansion-panel-header>
+                    <mat-panel-title fxLayoutAlign="start center">
+                      <mat-slide-toggle
+                        (click)="toggleProviders($event)"
+                        formControlName="enable">
+                      </mat-slide-toggle>
+                      {{ provider.value.providerType }}
+                    </mat-panel-title>
+                  </mat-expansion-panel-header>
 
-                    <ng-template matExpansionPanelContent>
-                      <section [formGroupName]="i">
+                  <ng-template matExpansionPanelContent>
+                    <ng-container [ngSwitch]="provider.get('providerType').value">
+                      <ng-container *ngSwitchCase="twoFactorAuthProviderType.TOTP">
                         <mat-form-field fxFlex class="mat-block">
-                          <mat-label translate>admin.2fa.provider</mat-label>
-                          <mat-select formControlName="providerType">
-                            <mat-option *ngFor="let provider of twoFactorAuthProviderTypes; trackBy: trackByElement"
-                                        [value]="provider"
-                                        [disabled]="selectedTypes(twoFactorAuthProviderType[provider], i)">
-                              {{ provider }}
-                            </mat-option>
-                          </mat-select>
+                          <mat-label translate>admin.2fa.issuer-name</mat-label>
+                          <input matInput formControlName="issuerName" required>
+                          <mat-error *ngIf="provider.get('issuerName').hasError('required')">
+                            {{ "admin.2fa.issuer-name-required" | translate }}
+                          </mat-error>
+                        </mat-form-field>
+                      </ng-container>
+                      <div *ngSwitchCase="twoFactorAuthProviderType.SMS"
+                           fxLayout="row" fxLayout.xs="column" fxLayoutGap.gt-xs="8px">
+                        <mat-form-field fxFlex class="mat-block">
+                          <mat-label translate>admin.2fa.verification-message-template</mat-label>
+                          <input matInput formControlName="smsVerificationMessageTemplate" required>
+                          <mat-error *ngIf="provider.get('smsVerificationMessageTemplate').hasError('required')">
+                            {{ "admin.2fa.verification-message-template-required" | translate }}
+                          </mat-error>
+                          <mat-error *ngIf="provider.get('smsVerificationMessageTemplate').hasError('pattern')">
+                            {{ "admin.2fa.verification-message-template-pattern" | translate }}
+                          </mat-error>
                         </mat-form-field>
-                        <ng-container [ngSwitch]="provider.get('providerType').value">
-                          <ng-container *ngSwitchCase="twoFactorAuthProviderType.TOTP">
-                            <mat-form-field fxFlex class="mat-block">
-                              <mat-label translate>admin.2fa.issuer-name</mat-label>
-                              <input matInput formControlName="issuerName" required>
-                              <mat-error *ngIf="provider.get('issuerName').hasError('required')">
-                                {{ "admin.2fa.issuer-name-required" | translate }}
-                              </mat-error>
-                            </mat-form-field>
-                          </ng-container>
-                          <div *ngSwitchCase="twoFactorAuthProviderType.SMS"
-                               fxLayout="row" fxLayout.xs="column" fxLayoutGap.gt-xs="8px">
-                            <mat-form-field fxFlex class="mat-block">
-                              <mat-label translate>admin.2fa.verification-message-template</mat-label>
-                              <input matInput formControlName="smsVerificationMessageTemplate" required>
-                              <mat-error *ngIf="provider.get('smsVerificationMessageTemplate').hasError('required')">
-                                {{ "admin.2fa.verification-message-template-required" | translate }}
-                              </mat-error>
-                              <mat-error *ngIf="provider.get('smsVerificationMessageTemplate').hasError('pattern')">
-                                {{ "admin.2fa.verification-message-template-pattern" | translate }}
-                              </mat-error>
-                            </mat-form-field>
-
-                            <mat-form-field fxFlex class="mat-block">
-                              <mat-label translate>admin.2fa.verification-code-lifetime</mat-label>
-                              <input matInput formControlName="verificationCodeLifetime" type="number" step="1" min="1" required>
-                              <mat-error *ngIf="provider.get('verificationCodeLifetime').hasError('required')">
-                                {{ "admin.2fa.verification-code-lifetime-required" | translate }}
-                              </mat-error>
-                              <mat-error *ngIf="provider.get('verificationCodeLifetime').hasError('min') ||
-                                                provider.get('verificationCodeLifetime').hasError('pattern')">
-                                {{ "admin.2fa.verification-code-lifetime-pattern" | translate }}
-                              </mat-error>
-                            </mat-form-field>
-                          </div>
-                          <div *ngSwitchCase="twoFactorAuthProviderType.EMAIL">
-                            <mat-form-field fxFlex class="mat-block">
-                              <mat-label translate>admin.2fa.verification-code-lifetime</mat-label>
-                              <input matInput formControlName="verificationCodeLifetime" type="number" step="1" min="1" required>
-                              <mat-error *ngIf="provider.get('verificationCodeLifetime').hasError('required')">
-                                {{ "admin.2fa.verification-code-lifetime-required" | translate }}
-                              </mat-error>
-                              <mat-error *ngIf="provider.get('verificationCodeLifetime').hasError('min') ||
-                                                provider.get('verificationCodeLifetime').hasError('pattern')">
-                                {{ "admin.2fa.verification-code-lifetime-pattern" | translate }}
-                              </mat-error>
-                            </mat-form-field>
-                          </div>
-                        </ng-container>
-                      </section>
-                    </ng-template>
-                  </mat-expansion-panel>
-                </mat-accordion>
-              </div>
-            </ng-container>
 
+                        <mat-form-field fxFlex class="mat-block">
+                          <mat-label translate>admin.2fa.verification-code-lifetime</mat-label>
+                          <input matInput formControlName="verificationCodeLifetime" type="number" step="1" min="1" required>
+                          <mat-error *ngIf="provider.get('verificationCodeLifetime').hasError('required')">
+                            {{ "admin.2fa.verification-code-lifetime-required" | translate }}
+                          </mat-error>
+                          <mat-error *ngIf="provider.get('verificationCodeLifetime').hasError('min') ||
+                                            provider.get('verificationCodeLifetime').hasError('pattern')">
+                            {{ "admin.2fa.verification-code-lifetime-pattern" | translate }}
+                          </mat-error>
+                        </mat-form-field>
+                      </div>
+                      <div *ngSwitchCase="twoFactorAuthProviderType.EMAIL">
+                        <mat-form-field fxFlex class="mat-block">
+                          <mat-label translate>admin.2fa.verification-code-lifetime</mat-label>
+                          <input matInput formControlName="verificationCodeLifetime" type="number" step="1" min="1" required>
+                          <mat-error *ngIf="provider.get('verificationCodeLifetime').hasError('required')">
+                            {{ "admin.2fa.verification-code-lifetime-required" | translate }}
+                          </mat-error>
+                          <mat-error *ngIf="provider.get('verificationCodeLifetime').hasError('min') ||
+                                            provider.get('verificationCodeLifetime').hasError('pattern')">
+                            {{ "admin.2fa.verification-code-lifetime-pattern" | translate }}
+                          </mat-error>
+                        </mat-form-field>
+                      </div>
+                    </ng-container>
+                  </ng-template>
+                </mat-expansion-panel>
+                <mat-divider *ngIf="!$last"></mat-divider>
+              </ng-container>
+            </fieldset>
+            <div fxLayout="row" fxLayoutAlign="end center" fxLayoutGap="8px">
+              <button mat-button mat-raised-button color="primary"
+                      [disabled]="(isLoading$ | async) || twoFaFormGroup.invalid || !twoFaFormGroup.dirty"
+                      type="submit">
+                {{'action.save' | translate}}
+              </button>
+            </div>
           </ng-container>
-          <div fxLayout="row" fxLayoutAlign="end center" fxLayoutGap="8px">
-            <button type="button" mat-raised-button color="primary"
-                    [disabled]="twoFaFormGroup.get('useSystemTwoFactorAuthSettings').value
-                    || providersForm.length == twoFactorAuthProviderTypes.length || (isLoading$ | async)"
-                    (click)="addProvider()">
-              <mat-icon>add</mat-icon>
-              <span translate>admin.2fa.add-provider</span>
-            </button>
-            <button mat-button mat-raised-button color="primary"
-                    [disabled]="(isLoading$ | async) || twoFaFormGroup.invalid || !twoFaFormGroup.dirty"
-                    type="submit">
-              {{'action.save' | translate}}
-            </button>
-          </div>
         </fieldset>
       </form>
     </mat-card-content>
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss
index 8fb412f648..2ae3981717 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss
@@ -15,7 +15,66 @@
  */
 
 :host{
-  .container {
-    margin-bottom: 1em;
+
+  .fields-group {
+    margin: 8px 0;
+    border: 1px groove rgba(0, 0, 0, .25);
+    border-radius: 4px;
+    position: relative;
+    padding-bottom: 8px;
+
+    legend {
+      color: rgba(0, 0, 0, .7);
+      width: fit-content;
+    }
+
+    &:not(:last-of-type) {
+      padding: 8px;
+    }
+
+    &:last-of-type {
+      margin-bottom: 24px;
+      legend {
+        margin: 0 8px;
+      }
+    }
+
+    .rate-limit-toggle {
+      display: block;
+      margin-bottom: 8px;
+    }
+  }
+
+  .mat-expansion-panel {
+    box-shadow: none;
+    margin: 1px 0 0;
+    &.provider {
+      overflow: inherit;
+      .mat-expansion-panel-header {
+        padding: 0 24px 0 8px;
+        &.mat-expanded {
+          height: 48px;
+        }
+        .mat-slide-toggle {
+          margin-right: 8px;
+        }
+      }
+      .mat-expansion-panel-header-title {
+        height: 40px;
+      }
+    }
+  }
+}
+
+:host ::ng-deep {
+  .mat-expansion-panel {
+    &.provider {
+      .mat-expansion-panel-header > .mat-content {
+        overflow: inherit;
+      }
+      .mat-expansion-panel-body {
+        padding: 0 16px 8px 8px;
+      }
+    }
   }
 }
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
index 5caf1533ed..b23576f549 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
@@ -14,21 +14,21 @@
 /// limitations under the License.
 ///
 
-import { Component, Inject, OnDestroy, OnInit } from '@angular/core';
+import { Component, OnDestroy, OnInit } from '@angular/core';
 import { PageComponent } from '@shared/components/page.component';
 import { HasConfirmForm } from '@core/guards/confirm-on-exit.guard';
 import { Store } from '@ngrx/store';
 import { AppState } from '@core/core.state';
-import { ActivatedRoute } from '@angular/router';
-import { AbstractControl, FormArray, FormBuilder, FormGroup, Validators } from '@angular/forms';
-import { DialogService } from '@core/services/dialog.service';
-import { TranslateService } from '@ngx-translate/core';
-import { WINDOW } from '@core/services/window.service';
+import { FormArray, FormBuilder, FormGroup, Validators } from '@angular/forms';
 import { TwoFactorAuthenticationService } from '@core/http/two-factor-authentication.service';
-import { AuthState } from '@core/auth/auth.models';
-import { getCurrentAuthState } from '@core/auth/auth.selectors';
-import { Authority } from '@shared/models/authority.enum';
-import { TwoFactorAuthProviderType, TwoFactorAuthSettings } from '@shared/models/two-factor-auth.models';
+import {
+  TwoFactorAuthProviderType,
+  TwoFactorAuthSettings,
+  TwoFactorAuthSettingsForm
+} from '@shared/models/two-factor-auth.models';
+import { deepClone, isNotEmptyStr } from '@core/utils';
+import { Subject } from 'rxjs';
+import { takeUntil } from 'rxjs/operators';
 
 @Component({
   selector: 'tb-2fa-settings',
@@ -37,56 +37,72 @@ import { TwoFactorAuthProviderType, TwoFactorAuthSettings } from '@shared/models
 })
 export class TwoFactorAuthSettingsComponent extends PageComponent implements OnInit, HasConfirmForm, OnDestroy {
 
-  private authState: AuthState = getCurrentAuthState(this.store);
-  private authUser = this.authState.authUser;
+  private readonly destroy$ = new Subject<void>();
 
   twoFaFormGroup: FormGroup;
-  twoFactorAuthProviderTypes = Object.keys(TwoFactorAuthProviderType);
   twoFactorAuthProviderType = TwoFactorAuthProviderType;
 
   constructor(protected store: Store<AppState>,
-              private route: ActivatedRoute,
               private twoFaService: TwoFactorAuthenticationService,
-              private fb: FormBuilder,
-              private dialogService: DialogService,
-              private translate: TranslateService,
-              @Inject(WINDOW) private window: Window) {
+              private fb: FormBuilder) {
     super(store);
   }
 
   ngOnInit() {
     this.build2faSettingsForm();
     this.twoFaService.getTwoFaSettings().subscribe((setting) => {
-      this.initTwoFactorAuthForm(setting);
+      this.setAuthConfigFormValue(setting);
     });
   }
 
   ngOnDestroy() {
     super.ngOnDestroy();
+    this.destroy$.next();
+    this.destroy$.complete();
   }
 
   confirmForm(): FormGroup {
     return this.twoFaFormGroup;
   }
 
-  isTenantAdmin(): boolean {
-    return this.authUser.authority === Authority.TENANT_ADMIN;
+  save() {
+    if (this.twoFaFormGroup.valid) {
+      const setting = this.twoFaFormGroup.value as TwoFactorAuthSettingsForm;
+      this.joinRateLimit(setting, 'verificationCodeCheckRateLimit');
+      this.joinRateLimit(setting, 'verificationCodeSendRateLimit');
+      const providers = setting.providers.filter(provider => provider.enable);
+      providers.forEach(provider => delete provider.enable);
+      const config = Object.assign(setting, {providers});
+      this.twoFaService.saveTwoFaSettings(config).subscribe(
+        () => {
+          this.twoFaFormGroup.markAsUntouched();
+          this.twoFaFormGroup.markAsPristine();
+        }
+      );
+    } else {
+      Object.keys(this.twoFaFormGroup.controls).forEach(field => {
+        const control = this.twoFaFormGroup.get(field);
+        control.markAsTouched({onlySelf: true});
+      });
+    }
   }
 
-  save() {
-    const setting = this.twoFaFormGroup.value;
-    this.twoFaService.saveTwoFaSettings(setting).subscribe(
-      (twoFactorAuthSettings) => {
-        this.twoFaFormGroup.patchValue(twoFactorAuthSettings, {emitEvent: false});
-        this.twoFaFormGroup.markAsUntouched();
-        this.twoFaFormGroup.markAsPristine();
-      }
-    );
+  toggleProviders($event: Event): void {
+    if ($event) {
+      $event.stopPropagation();
+    }
+  }
+
+  trackByElement(i: number, item: any) {
+    return item;
+  }
+
+  get providersForm(): FormArray {
+    return this.twoFaFormGroup.get('providers') as FormArray;
   }
 
   private build2faSettingsForm(): void {
     this.twoFaFormGroup = this.fb.group({
-      useSystemTwoFactorAuthSettings: [this.isTenantAdmin()],
       maxVerificationFailuresBeforeUserLockout: [30, [
         Validators.required,
         Validators.pattern(/^\d*$/),
@@ -98,91 +114,122 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
         Validators.min(1),
         Validators.pattern(/^\d*$/)
       ]],
-      verificationCodeCheckRateLimit: ['3:900', [Validators.required, Validators.pattern(/^[1-9]\d*:[1-9]\d*$/)]],
-      verificationCodeSendRateLimit: ['1:60', [Validators.required, Validators.pattern(/^[1-9]\d*:[1-9]\d*$/)]],
+      verificationCodeCheckRateLimitEnable: [false],
+      verificationCodeCheckRateLimitNumber: ['3', [Validators.required, Validators.min(1), Validators.pattern(/^\d*$/)]],
+      verificationCodeCheckRateLimitTime: ['900', [Validators.required, Validators.min(1), Validators.pattern(/^\d*$/)]],
+      verificationCodeSendRateLimitEnable: [false],
+      verificationCodeSendRateLimitNumber: ['1', [Validators.required, Validators.min(1), Validators.pattern(/^\d*$/)]],
+      verificationCodeSendRateLimitTime: ['60', [Validators.required, Validators.min(1), Validators.pattern(/^\d*$/)]],
       providers: this.fb.array([])
     });
-  }
-
-  private initTwoFactorAuthForm(settings: TwoFactorAuthSettings) {
-    settings.providers.forEach(() => {
-      this.addProvider();
+    Object.values(TwoFactorAuthProviderType).forEach(provider => {
+      this.buildProvidersSettingsForm(provider);
+    });
+    this.twoFaFormGroup.get('verificationCodeCheckRateLimitEnable').valueChanges.pipe(
+      takeUntil(this.destroy$)
+    ).subscribe(value => {
+      if (value) {
+        this.twoFaFormGroup.get('verificationCodeCheckRateLimitNumber').enable({emitEvent: false});
+        this.twoFaFormGroup.get('verificationCodeCheckRateLimitTime').enable({emitEvent: false});
+      } else {
+        this.twoFaFormGroup.get('verificationCodeCheckRateLimitNumber').disable({emitEvent: false});
+        this.twoFaFormGroup.get('verificationCodeCheckRateLimitTime').disable({emitEvent: false});
+      }
+    });
+    this.twoFaFormGroup.get('verificationCodeSendRateLimitEnable').valueChanges.pipe(
+      takeUntil(this.destroy$)
+    ).subscribe(value => {
+      if (value) {
+        this.twoFaFormGroup.get('verificationCodeSendRateLimitNumber').enable({emitEvent: false});
+        this.twoFaFormGroup.get('verificationCodeSendRateLimitTime').enable({emitEvent: false});
+      } else {
+        this.twoFaFormGroup.get('verificationCodeSendRateLimitNumber').disable({emitEvent: false});
+        this.twoFaFormGroup.get('verificationCodeSendRateLimitTime').disable({emitEvent: false});
+      }
     });
-    this.twoFaFormGroup.patchValue(settings);
-    this.twoFaFormGroup.markAsPristine();
   }
 
-  addProvider() {
-    const newProviders = this.fb.group({
-      providerType: [TwoFactorAuthProviderType.TOTP],
-      issuerName: ['ThingsBoard', Validators.required],
-      smsVerificationMessageTemplate: [{
-        value: 'Verification code: ${verificationCode}',
-        disabled: true
-      }, [
-        Validators.required,
-        Validators.pattern(/\${verificationCode}/)
-      ]],
-      verificationCodeLifetime: [{
-        value: 120,
-        disabled: true
-      }, [
-        Validators.required,
-        Validators.min(1),
-        Validators.pattern(/^\d*$/)
-      ]]
+  private setAuthConfigFormValue(settings: TwoFactorAuthSettings) {
+    const [checkRateLimitNumber, checkRateLimitTime] = this.splitRateLimit(settings.verificationCodeCheckRateLimit);
+    const [sendRateLimitNumber, sendRateLimitTime] = this.splitRateLimit(settings.verificationCodeSendRateLimit);
+    const allowProvidersConfig = settings.providers.map(provider => provider.providerType);
+    const processFormValue: TwoFactorAuthSettingsForm = Object.assign(deepClone(settings), {
+      verificationCodeCheckRateLimitEnable: checkRateLimitNumber > 0,
+      verificationCodeCheckRateLimitNumber: checkRateLimitNumber || 3,
+      verificationCodeCheckRateLimitTime: checkRateLimitTime || 900,
+      verificationCodeSendRateLimitEnable: sendRateLimitNumber > 0,
+      verificationCodeSendRateLimitNumber: sendRateLimitNumber || 1,
+      verificationCodeSendRateLimitTime: sendRateLimitTime || 60,
+      providers: []
     });
-    newProviders.get('providerType').valueChanges.subscribe(type => {
-      switch (type) {
-        case TwoFactorAuthProviderType.SMS:
-          newProviders.get('issuerName').disable({emitEvent: false});
-          newProviders.get('smsVerificationMessageTemplate').enable({emitEvent: false});
-          newProviders.get('verificationCodeLifetime').enable({emitEvent: false});
-          break;
-        case TwoFactorAuthProviderType.TOTP:
-          newProviders.get('issuerName').enable({emitEvent: false});
-          newProviders.get('smsVerificationMessageTemplate').disable({emitEvent: false});
-          newProviders.get('verificationCodeLifetime').disable({emitEvent: false});
-          break;
-        case TwoFactorAuthProviderType.EMAIL:
-          newProviders.get('issuerName').disable({emitEvent: false});
-          newProviders.get('smsVerificationMessageTemplate').disable({emitEvent: false});
-          newProviders.get('verificationCodeLifetime').enable({emitEvent: false});
-          break;
+    Object.values(TwoFactorAuthProviderType).forEach(provider => {
+      const index = allowProvidersConfig.indexOf(provider);
+      if (index > -1) {
+        processFormValue.providers.push(Object.assign(settings.providers[index], {enable: true}));
+      } else {
+        processFormValue.providers.push({enable: false});
       }
     });
-    if (this.providersForm.length) {
-      const selectedProviderTypes = this.providersForm.value.map(providers => providers.providerType);
-      const allowProviders = this.twoFactorAuthProviderTypes.filter(provider => !selectedProviderTypes.includes(provider));
-      newProviders.get('providerType').setValue(allowProviders[0]);
-      newProviders.updateValueAndValidity();
-    }
-    this.providersForm.push(newProviders);
-    this.providersForm.markAsDirty();
+    this.twoFaFormGroup.patchValue(processFormValue);
   }
 
-  removeProviders($event: Event, index: number): void {
-    if ($event) {
-      $event.stopPropagation();
-      $event.preventDefault();
+  private buildProvidersSettingsForm(provider: TwoFactorAuthProviderType) {
+    const formControlConfig: {[key: string]: any} = {
+      providerType: [provider],
+      enable: [false]
+    };
+    switch (provider) {
+      case TwoFactorAuthProviderType.TOTP:
+        formControlConfig.issuerName = [{value: 'ThingsBoard', disabled: true}, Validators.required];
+        break;
+      case TwoFactorAuthProviderType.SMS:
+        formControlConfig.smsVerificationMessageTemplate = [{value: 'Verification code: ${verificationCode}', disabled: true}, [
+          Validators.required,
+          Validators.pattern(/\${verificationCode}/)
+        ]];
+        formControlConfig.verificationCodeLifetime = [{value: 120, disabled: true}, [
+          Validators.required,
+          Validators.min(1),
+          Validators.pattern(/^\d*$/)
+        ]];
+        break;
+      case TwoFactorAuthProviderType.EMAIL:
+        formControlConfig.verificationCodeLifetime = [{value: 120, disabled: true}, [
+          Validators.required,
+          Validators.min(1),
+          Validators.pattern(/^\d*$/)
+        ]];
+        break;
     }
-    this.providersForm.removeAt(index);
-    this.providersForm.markAsTouched();
-    this.providersForm.markAsDirty();
-  }
-
-  get providersForm(): FormArray {
-    return this.twoFaFormGroup.get('providers') as FormArray;
+    const newProviders = this.fb.group(formControlConfig);
+    newProviders.get('enable').valueChanges.pipe(
+      takeUntil(this.destroy$)
+    ).subscribe(value => {
+      if (value) {
+        newProviders.enable({emitEvent: false});
+      } else {
+        newProviders.disable({emitEvent: false});
+        newProviders.get('enable').enable({emitEvent: false});
+        newProviders.get('providerType').enable({emitEvent: false});
+      }
+    });
+    this.providersForm.push(newProviders);
   }
 
-  trackByElement(i: number, item: any) {
-    return item;
+  private splitRateLimit(setting: string): [number, number] {
+    if (isNotEmptyStr(setting)) {
+      const [attemptNumber, time] = setting.split(':');
+      return [parseInt(attemptNumber, 10), parseInt(time, 10)];
+    }
+    return [0, 0];
   }
 
-  selectedTypes(type: TwoFactorAuthProviderType, index: number): boolean {
-    const selectedProviderTypes: TwoFactorAuthProviderType[] = this.providersForm.value.map(providers => providers.providerType);
-    selectedProviderTypes.splice(index, 1);
-    return selectedProviderTypes.includes(type);
+  private joinRateLimit(processFormValue: TwoFactorAuthSettingsForm, property: string) {
+    if (processFormValue[`${property}Enable`]) {
+      processFormValue[property] = [processFormValue[`${property}Number`], processFormValue[`${property}Time`]].join(':');
+    }
+    delete processFormValue[`${property}Enable`];
+    delete processFormValue[`${property}Number`];
+    delete processFormValue[`${property}Time`];
   }
-
 }
diff --git a/ui-ngx/src/app/shared/models/two-factor-auth.models.ts b/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
index 731c1212e9..57e4e6b409 100644
--- a/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
+++ b/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
@@ -23,9 +23,22 @@ export interface TwoFactorAuthSettings {
   verificationCodeSendRateLimit: string;
 }
 
+export interface TwoFactorAuthSettingsForm extends TwoFactorAuthSettings{
+  providers: Array<TwoFactorAuthProviderConfigForm>;
+  verificationCodeCheckRateLimitEnable: boolean;
+  verificationCodeCheckRateLimitNumber: number;
+  verificationCodeCheckRateLimitTime: number;
+  verificationCodeSendRateLimitEnable: boolean;
+  verificationCodeSendRateLimitNumber: number;
+  verificationCodeSendRateLimitTime: number;
+}
+
 export type TwoFactorAuthProviderConfig = Partial<TotpTwoFactorAuthProviderConfig | SmsTwoFactorAuthProviderConfig |
                                                     EmailTwoFactorAuthProviderConfig>;
 
+export type TwoFactorAuthProviderConfigForm = Partial<TotpTwoFactorAuthProviderConfig | SmsTwoFactorAuthProviderConfig |
+  EmailTwoFactorAuthProviderConfig> & TwoFactorAuthProviderFormConfig;
+
 export interface TotpTwoFactorAuthProviderConfig {
   providerType: TwoFactorAuthProviderType;
   issuerName: string;
@@ -42,6 +55,10 @@ export interface EmailTwoFactorAuthProviderConfig {
   verificationCodeLifetime: number;
 }
 
+export interface TwoFactorAuthProviderFormConfig {
+  enable: boolean;
+}
+
 export enum TwoFactorAuthProviderType{
   TOTP = 'TOTP',
   SMS = 'SMS',
@@ -69,5 +86,38 @@ export type TwoFactorAuthAccountConfig = TotpTwoFactorAuthAccountConfig | SmsTwo
 
 
 export interface AccountTwoFaSettings {
-  configs?: {TwoFactorAuthProviderType: TwoFactorAuthAccountConfig};
+  configs: {TwoFactorAuthProviderType: TwoFactorAuthAccountConfig};
 }
+
+export interface TwoFaProviderInfo {
+  type: TwoFactorAuthProviderType;
+  default: boolean;
+}
+
+export interface TwoFactorAuthProviderData {
+  name: string;
+  description: string;
+}
+
+export const twoFactorAuthProvidersData = new Map<TwoFactorAuthProviderType, TwoFactorAuthProviderData>(
+  [
+    [
+      TwoFactorAuthProviderType.TOTP, {
+        name: 'Authentication app',
+        description: 'Use apps like Google Authenticator, Authy, or Duo on your phone to authenticate. It will generate a security code for logging in.'
+      }
+    ],
+    [
+      TwoFactorAuthProviderType.SMS, {
+        name: 'SMS',
+        description: 'Use your phone to authenticate. We\'ll send you a security code via SMS message when you log in.'
+      }
+    ],
+    [
+      TwoFactorAuthProviderType.EMAIL, {
+        name: 'Email',
+        description: 'Use a security code sent to your email address to authenticate.'
+      }
+    ],
+  ]
+);
diff --git a/ui-ngx/src/assets/locale/locale.constant-en_US.json b/ui-ngx/src/assets/locale/locale.constant-en_US.json
index 72bd583ef8..28ea3e1f7e 100644
--- a/ui-ngx/src/assets/locale/locale.constant-en_US.json
+++ b/ui-ngx/src/assets/locale/locale.constant-en_US.json
@@ -123,6 +123,7 @@
         "number-from-required": "Phone Number From is required.",
         "number-to": "Phone Number To",
         "number-to-required": "Phone Number To is required.",
+        "phone-number": "Phone Number",
         "phone-number-hint": "Phone Number in E.164 format, ex. +19995550123",
         "phone-number-hint-twilio": "Phone Number in E.164 format/Phone Number's SID/Messaging Service SID, ex. +19995550123/PNXXX/MGXXX",
         "phone-number-pattern": "Invalid phone number. Should be in E.164 format, ex. +19995550123.",
@@ -314,30 +315,32 @@
         },
         "2fa":  {
           "2fa": "Two-factor authentication",
-          "add-provider": "Add provider",
-          "available-providers": "Available providers:",
+          "available-providers": "Available providers",
+          "general-setting": "General setting",
           "issuer-name": "Issuer name",
           "issuer-name-required": "Issuer name is required.",
           "max-verification-failures-before-user-lockout": "Max verification failures before user lockout",
           "max-verification-failures-before-user-lockout-pattern": "Max verification failures must be a positive integer.",
           "max-verification-failures-before-user-lockout-required": "Max verification failures is required.",
+          "number-of-attempts": "Number of attempts",
+          "number-of-attempts-pattern": "Number of attempts must be a positive integer.",
+          "number-of-attempts-required": "Number of attempts is required.",
           "provider": "Provider",
           "total-allowed-time-for-verification": "Total allowed time for verification (sec)",
           "total-allowed-time-for-verification-pattern": "Total allowed time must be a positive integer.",
           "total-allowed-time-for-verification-required": "Total allowed time is required.",
           "use-system-two-factor-auth-settings": "Use system two factor auth settings",
           "verification-code-check-rate-limit": "Verification code check rate limit",
-          "verification-code-check-rate-limit-pattern": "Verification code check limit has invalid format",
-          "verification-code-check-rate-limit-required": "Verification code check rate limit is required.",
           "verification-code-lifetime": "Verification code lifetime (sec)",
           "verification-code-lifetime-pattern": "Verification code lifetime must be a positive integer.",
           "verification-code-lifetime-required": "Verification code lifetime is required.",
           "verification-code-send-rate-limit": "Verification code send rate limit",
-          "verification-code-send-rate-limit-pattern": "Verification code send limit has invalid format",
-          "verification-code-send-rate-limit-required": "Verification code send rate limit is required.",
           "verification-message-template": "Verification message template",
           "verification-message-template-pattern": "Verification message need to contains pattern: ${verificationCode}",
-          "verification-message-template-required": "Verification message template is required."
+          "verification-message-template-required": "Verification message template is required.",
+          "within-time": "Within time (sec)",
+          "within-time-pattern": "Time must be a positive integer.",
+          "within-time-required": "Time is required."
         }
       },
     "alarm": {

From a80e83cb1297f3a486fe8114dd38f36728e8c46b Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Tue, 17 May 2022 17:38:30 +0300
Subject: [PATCH 35/92] UI: Add security page for user

---
 .../http/two-factor-authentication.service.ts |  13 +-
 .../app/modules/home/models/services.map.ts   |   4 +-
 .../modules/home/pages/home-pages.module.ts   |   2 +
 .../email-auth-dialog.component.html          | 104 -----------
 .../sms-auth-dialog.component.html            | 105 -----------
 .../sms-auth-dialog.component.scss            |  15 --
 .../totp-auth-dialog.component.html           |  97 ----------
 .../totp-auth-dialog.component.scss           |  15 --
 .../pages/profile/profile-routing.module.ts   |  19 +-
 .../home/pages/profile/profile.component.html |  99 ++--------
 .../home/pages/profile/profile.component.scss |  23 +--
 .../home/pages/profile/profile.component.ts   |  99 +---------
 .../home/pages/profile/profile.module.ts      |   8 +-
 .../authentication-dialog.component.scss      |  77 ++++++++
 .../authentication-dialog.map.ts              |  29 +++
 .../email-auth-dialog.component.html          | 102 +++++++++++
 .../email-auth-dialog.component.ts            |  40 ++--
 .../sms-auth-dialog.component.html            | 105 +++++++++++
 .../sms-auth-dialog.component.ts              |  40 ++--
 .../totp-auth-dialog.component.html           |  92 ++++++++++
 .../totp-auth-dialog.component.ts             |  17 +-
 .../pages/security/security-routing.module.ts |  84 +++++++++
 .../pages/security/security.component.html    |  80 ++++++++
 .../pages/security/security.component.scss    | 115 ++++++++++++
 .../home/pages/security/security.component.ts | 171 ++++++++++++++++++
 .../home/pages/security/security.module.ts    |  39 ++++
 .../components/user-menu.component.html       |   4 +
 .../shared/components/user-menu.component.ts  |   4 +
 .../shared/models/two-factor-auth.models.ts   |  12 +-
 .../assets/locale/locale.constant-en_US.json  | 100 +++++++---
 30 files changed, 1088 insertions(+), 626 deletions(-)
 delete mode 100644 ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/email-auth-dialog.component.html
 delete mode 100644 ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/sms-auth-dialog.component.html
 delete mode 100644 ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/sms-auth-dialog.component.scss
 delete mode 100644 ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/totp-auth-dialog.component.html
 delete mode 100644 ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/totp-auth-dialog.component.scss
 create mode 100644 ui-ngx/src/app/modules/home/pages/security/authentication-dialog/authentication-dialog.component.scss
 create mode 100644 ui-ngx/src/app/modules/home/pages/security/authentication-dialog/authentication-dialog.map.ts
 create mode 100644 ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.html
 rename ui-ngx/src/app/modules/home/pages/{profile => security}/authentication-dialog/email-auth-dialog.component.ts (71%)
 create mode 100644 ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.html
 rename ui-ngx/src/app/modules/home/pages/{profile => security}/authentication-dialog/sms-auth-dialog.component.ts (71%)
 create mode 100644 ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.html
 rename ui-ngx/src/app/modules/home/pages/{profile => security}/authentication-dialog/totp-auth-dialog.component.ts (85%)
 create mode 100644 ui-ngx/src/app/modules/home/pages/security/security-routing.module.ts
 create mode 100644 ui-ngx/src/app/modules/home/pages/security/security.component.html
 create mode 100644 ui-ngx/src/app/modules/home/pages/security/security.component.scss
 create mode 100644 ui-ngx/src/app/modules/home/pages/security/security.component.ts
 create mode 100644 ui-ngx/src/app/modules/home/pages/security/security.module.ts

diff --git a/ui-ngx/src/app/core/http/two-factor-authentication.service.ts b/ui-ngx/src/app/core/http/two-factor-authentication.service.ts
index 36183db9d8..c2a7a5235d 100644
--- a/ui-ngx/src/app/core/http/two-factor-authentication.service.ts
+++ b/ui-ngx/src/app/core/http/two-factor-authentication.service.ts
@@ -39,8 +39,8 @@ export class TwoFactorAuthenticationService {
     return this.http.get<TwoFactorAuthSettings>(`/api/2fa/settings`, defaultHttpOptionsFromConfig(config));
   }
 
-  saveTwoFaSettings(settings: TwoFactorAuthSettings, config?: RequestConfig): Observable<TwoFactorAuthSettings> {
-    return this.http.post<TwoFactorAuthSettings>(`/api/2fa/settings`, settings, defaultHttpOptionsFromConfig(config));
+  saveTwoFaSettings(settings: TwoFactorAuthSettings, config?: RequestConfig): Observable<any> {
+    return this.http.post(`/api/2fa/settings`, settings, defaultHttpOptionsFromConfig(config));
   }
 
   getAvailableTwoFaProviders(config?: RequestConfig): Observable<Array<TwoFactorAuthProviderType>> {
@@ -67,8 +67,9 @@ export class TwoFactorAuthenticationService {
   }
 
   verifyAndSaveTwoFaAccountConfig(authConfig: TwoFactorAuthAccountConfig, verificationCode: number,
-                                  config?: RequestConfig): Observable<any> {
-    return this.http.post(`/api/2fa/account/config?verificationCode=${verificationCode}`, authConfig, defaultHttpOptionsFromConfig(config));
+                                  config?: RequestConfig): Observable<AccountTwoFaSettings> {
+    return this.http.post<AccountTwoFaSettings>(`/api/2fa/account/config?verificationCode=${verificationCode}`,
+      authConfig, defaultHttpOptionsFromConfig(config));
   }
 
   deleteTwoFaAccountConfig(providerType: TwoFactorAuthProviderType, config?: RequestConfig): Observable<AccountTwoFaSettings> {
@@ -76,4 +77,8 @@ export class TwoFactorAuthenticationService {
       defaultHttpOptionsFromConfig(config));
   }
 
+  requestTwoFaVerificationCodeSend(providerType: TwoFactorAuthProviderType, config?: RequestConfig) {
+    return this.http.post(`/api/auth/2fa/verification/send?providerType=${providerType}`, defaultHttpOptionsFromConfig(config));
+  }
+
 }
diff --git a/ui-ngx/src/app/modules/home/models/services.map.ts b/ui-ngx/src/app/modules/home/models/services.map.ts
index 1f3a2bf5ae..9795dcdeda 100644
--- a/ui-ngx/src/app/modules/home/models/services.map.ts
+++ b/ui-ngx/src/app/modules/home/models/services.map.ts
@@ -36,6 +36,7 @@ import { BroadcastService } from '@core/services/broadcast.service';
 import { ImportExportService } from '@home/components/import-export/import-export.service';
 import { DeviceProfileService } from '@core/http/device-profile.service';
 import { OtaPackageService } from '@core/http/ota-package.service';
+import { TwoFactorAuthenticationService } from '@core/http/two-factor-authentication.service';
 
 export const ServicesMap = new Map<string, Type<any>>(
   [
@@ -59,6 +60,7 @@ export const ServicesMap = new Map<string, Type<any>>(
    ['router', Router],
    ['importExport', ImportExportService],
    ['deviceProfileService', DeviceProfileService],
-   ['otaPackageService', OtaPackageService]
+   ['otaPackageService', OtaPackageService],
+   ['twoFactorAuthenticationService', TwoFactorAuthenticationService]
   ]
 );
diff --git a/ui-ngx/src/app/modules/home/pages/home-pages.module.ts b/ui-ngx/src/app/modules/home/pages/home-pages.module.ts
index 576ab1c9b2..cf3aec6191 100644
--- a/ui-ngx/src/app/modules/home/pages/home-pages.module.ts
+++ b/ui-ngx/src/app/modules/home/pages/home-pages.module.ts
@@ -19,6 +19,7 @@ import { NgModule } from '@angular/core';
 import { AdminModule } from './admin/admin.module';
 import { HomeLinksModule } from './home-links/home-links.module';
 import { ProfileModule } from './profile/profile.module';
+import { SecurityModule } from '@home/pages/security/security.module';
 import { TenantModule } from '@modules/home/pages/tenant/tenant.module';
 import { CustomerModule } from '@modules/home/pages/customer/customer.module';
 import { AuditLogModule } from '@modules/home/pages/audit-log/audit-log.module';
@@ -42,6 +43,7 @@ import { OtaUpdateModule } from '@home/pages/ota-update/ota-update.module';
     AdminModule,
     HomeLinksModule,
     ProfileModule,
+    SecurityModule,
     TenantProfileModule,
     TenantModule,
     DeviceProfileModule,
diff --git a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/email-auth-dialog.component.html b/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/email-auth-dialog.component.html
deleted file mode 100644
index 46710e6ba0..0000000000
--- a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/email-auth-dialog.component.html
+++ /dev/null
@@ -1,104 +0,0 @@
-<!--
-
-    Copyright © 2016-2022 The Thingsboard Authors
-
-    Licensed under the Apache License, Version 2.0 (the "License");
-    you may not use this file except in compliance with the License.
-    You may obtain a copy of the License at
-
-        http://www.apache.org/licenses/LICENSE-2.0
-
-    Unless required by applicable law or agreed to in writing, software
-    distributed under the License is distributed on an "AS IS" BASIS,
-    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-    See the License for the specific language governing permissions and
-    limitations under the License.
-
--->
-<mat-toolbar fxLayout="row" color="primary">
-  <h2>Enable email authenticator</h2>
-  <span fxFlex></span>
-  <button mat-icon-button
-          (click)="closeDialog()"
-          type="button">
-    <mat-icon class="material-icons">close</mat-icon>
-  </button>
-</mat-toolbar>
-<mat-progress-bar color="warn" mode="indeterminate" *ngIf="isLoading$ | async">
-</mat-progress-bar>
-<div style="height: 4px;" *ngIf="!(isLoading$ | async)"></div>
-<div mat-dialog-content style="padding: 0">
-  <mat-stepper labelPosition="bottom" linear #stepper>
-    <ng-template matStepperIcon="edit">
-      <mat-icon>done</mat-icon>
-    </ng-template>
-    <mat-step [stepControl]="emailConfigForm">
-      <ng-template matStepLabel>Add email</ng-template>
-      <form [formGroup]="emailConfigForm" style="display: block">
-        <mat-form-field class="mat-block" appearance="fill" style="max-width: 250px;">
-          <mat-label translate>user.email</mat-label>
-          <input matInput formControlName="email" required/>
-          <mat-error *ngIf="emailConfigForm.get('email').hasError('required')">
-            {{ 'user.email-required' | translate }}
-          </mat-error>
-          <mat-error *ngIf="emailConfigForm.get('email').hasError('email')">
-            {{ 'user.invalid-email-format' | translate }}
-          </mat-error>
-        </mat-form-field>
-        <div fxLayout="row" fxLayoutAlign="end center">
-          <button mat-button
-                  type="button"
-                  [mat-dialog-close]="false">
-            {{ 'action.cancel' | translate }}
-          </button>
-          <button mat-raised-button
-                  type="button"
-                  color="primary"
-                  [disabled]="(isLoading$ | async) || emailConfigForm.invalid"
-                  (click)="nextStep()">
-            Send code
-          </button>
-        </div>
-      </form>
-    </mat-step>
-    <mat-step [stepControl]="emailVerificationForm">
-      <ng-template matStepLabel>Authentication verification</ng-template>
-      <form [formGroup]="emailVerificationForm" style="display: block">
-        <p class="mat-body-strong">Enter the 6-digit code here</p>
-        <p class="mat-body" style="max-width: 480px;">Enter the 6 digit verification code we just sent to {{ emailConfigForm.get('email').value }}.</p>
-        <mat-form-field class="mat-block" appearance="fill" style="max-width: 200px;">
-          <mat-label>6-digit code</mat-label>
-          <input matInput formControlName="verificationCode" required maxlength="6" type="text" pattern="\d*">
-        </mat-form-field>
-        <div fxLayout="row" fxLayoutAlign="end center">
-          <button mat-button
-                  type="button"
-                  [mat-dialog-close]="false">
-            {{ 'action.cancel' | translate }}
-          </button>
-          <button mat-raised-button
-                  type="button"
-                  color="primary"
-                  [disabled]="(isLoading$ | async) || emailVerificationForm.invalid"
-                  (click)="nextStep()">
-            Activate
-          </button>
-        </div>
-      </form>
-    </mat-step>
-    <mat-step>
-      <ng-template matStepLabel matStepperIcon="done">Two-factor authentication activated</ng-template>
-      <div>
-        <h2 class="mat-h2">Email authentication enabled</h2>
-        <p class="mat-body" style="max-width: 480px;">If we notice an attempted login from a device or browser we don’t recognize, you will be prompted to enter the security code that will be sent to your email address.</p>
-        <div fxLayout="row" fxLayoutAlign="end center">
-          <button mat-button
-                  type="button"
-                  [mat-dialog-close]="true">
-            Done
-          </button>
-        </div>
-      </div>
-    </mat-step>
-  </mat-stepper>
-</div>
diff --git a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/sms-auth-dialog.component.html b/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/sms-auth-dialog.component.html
deleted file mode 100644
index 03c6c7a465..0000000000
--- a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/sms-auth-dialog.component.html
+++ /dev/null
@@ -1,105 +0,0 @@
-<!--
-
-    Copyright © 2016-2022 The Thingsboard Authors
-
-    Licensed under the Apache License, Version 2.0 (the "License");
-    you may not use this file except in compliance with the License.
-    You may obtain a copy of the License at
-
-        http://www.apache.org/licenses/LICENSE-2.0
-
-    Unless required by applicable law or agreed to in writing, software
-    distributed under the License is distributed on an "AS IS" BASIS,
-    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-    See the License for the specific language governing permissions and
-    limitations under the License.
-
--->
-<mat-toolbar fxLayout="row" color="primary">
-  <h2>Enable SMS authenticator</h2>
-  <span fxFlex></span>
-  <button mat-icon-button
-          (click)="closeDialog()"
-          type="button">
-    <mat-icon class="material-icons">close</mat-icon>
-  </button>
-</mat-toolbar>
-<mat-progress-bar color="warn" mode="indeterminate" *ngIf="isLoading$ | async">
-</mat-progress-bar>
-<div style="height: 4px;" *ngIf="!(isLoading$ | async)"></div>
-<div mat-dialog-content style="padding: 0">
-  <mat-stepper labelPosition="bottom" linear #stepper>
-    <ng-template matStepperIcon="edit">
-      <mat-icon>done</mat-icon>
-    </ng-template>
-    <mat-step [stepControl]="smsConfigForm">
-      <ng-template matStepLabel>Add phone number</ng-template>
-      <form [formGroup]="smsConfigForm" style="display: block">
-        <p class="mat-body-1">Enter the phone number including the area code.</p>
-        <mat-form-field class="mat-block" appearance="fill" style="max-width: 250px;">
-          <mat-label>Phone number</mat-label>
-          <input type="tel" required [pattern]="phoneNumberPattern" matInput formControlName="phone">
-          <mat-error *ngIf="smsConfigForm.get('phone').hasError('required')">
-            {{ 'admin.number-to-required' | translate }}
-          </mat-error>
-          <mat-error *ngIf="smsConfigForm.get('phone').hasError('pattern')">
-            {{ 'admin.phone-number-pattern' | translate }}
-          </mat-error>
-        </mat-form-field>
-        <div fxLayout="row" fxLayoutAlign="end center">
-          <button mat-button
-                  type="button"
-                  [mat-dialog-close]="false">
-            {{ 'action.cancel' | translate }}
-          </button>
-          <button mat-raised-button
-                  type="button"
-                  color="primary"
-                  [disabled]="(isLoading$ | async) || smsConfigForm.invalid"
-                  (click)="nextStep()">
-            Send code
-          </button>
-        </div>
-      </form>
-    </mat-step>
-    <mat-step [stepControl]="smsVerificationForm">
-      <ng-template matStepLabel>Authentication verification</ng-template>
-      <form [formGroup]="smsVerificationForm" style="display: block">
-        <p class="mat-body-strong">Enter the 6-digit code here</p>
-        <p class="mat-body" style="max-width: 480px;">Enter the 6 digit verification code we just sent to {{ smsConfigForm.get('phone').value }}.</p>
-        <mat-form-field class="mat-block" appearance="fill" style="max-width: 200px;">
-          <mat-label>6-digit code</mat-label>
-          <input matInput formControlName="verificationCode" required maxlength="6" type="text" pattern="\d*">
-        </mat-form-field>
-        <div fxLayout="row" fxLayoutAlign="end center">
-          <button mat-button
-                  type="button"
-                  [mat-dialog-close]="false">
-            {{ 'action.cancel' | translate }}
-          </button>
-          <button mat-raised-button
-                  type="button"
-                  color="primary"
-                  [disabled]="(isLoading$ | async) || smsVerificationForm.invalid"
-                  (click)="nextStep()">
-            Activate
-          </button>
-        </div>
-      </form>
-    </mat-step>
-    <mat-step>
-      <ng-template matStepLabel matStepperIcon="done">Two-factor authentication activated</ng-template>
-      <div>
-        <h2 class="mat-h2">SMS authentication enabled</h2>
-        <p class="mat-body" style="max-width: 480px;">If we notice an attempted login from a device or browser we don’t recognize, you will be prompted to enter the security code that will be sent to the phone number.</p>
-        <div fxLayout="row" fxLayoutAlign="end center">
-          <button mat-button
-                  type="button"
-                  [mat-dialog-close]="true">
-            Done
-          </button>
-        </div>
-      </div>
-    </mat-step>
-  </mat-stepper>
-</div>
diff --git a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/sms-auth-dialog.component.scss b/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/sms-auth-dialog.component.scss
deleted file mode 100644
index ec6f008a80..0000000000
--- a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/sms-auth-dialog.component.scss
+++ /dev/null
@@ -1,15 +0,0 @@
-/**
- * Copyright © 2016-2022 The Thingsboard Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
diff --git a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/totp-auth-dialog.component.html b/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/totp-auth-dialog.component.html
deleted file mode 100644
index 09afbb2de0..0000000000
--- a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/totp-auth-dialog.component.html
+++ /dev/null
@@ -1,97 +0,0 @@
-<!--
-
-    Copyright © 2016-2022 The Thingsboard Authors
-
-    Licensed under the Apache License, Version 2.0 (the "License");
-    you may not use this file except in compliance with the License.
-    You may obtain a copy of the License at
-
-        http://www.apache.org/licenses/LICENSE-2.0
-
-    Unless required by applicable law or agreed to in writing, software
-    distributed under the License is distributed on an "AS IS" BASIS,
-    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-    See the License for the specific language governing permissions and
-    limitations under the License.
-
--->
-<mat-toolbar fxLayout="row" color="primary">
-  <h2>Enable authenticator app</h2>
-  <span fxFlex></span>
-  <button mat-icon-button
-          (click)="closeDialog()"
-          type="button">
-    <mat-icon class="material-icons">close</mat-icon>
-  </button>
-</mat-toolbar>
-<mat-progress-bar color="warn" mode="indeterminate" *ngIf="isLoading$ | async">
-</mat-progress-bar>
-<div style="height: 4px;" *ngIf="!(isLoading$ | async)"></div>
-<div mat-dialog-content style="padding: 0">
-  <mat-stepper labelPosition="bottom" linear #stepper>
-    <ng-template matStepperIcon="edit">
-      <mat-icon>done</mat-icon>
-    </ng-template>
-    <mat-step>
-      <ng-template matStepLabel>Get app</ng-template>
-      <div>
-        <p class="mat-body-1">You'll need to use a verification app such as Google Authenticator, Authy, or Duo. Install from your app store</p>
-        <div fxLayout="row" fxLayoutAlign="end center">
-          <button mat-button
-                  type="button"
-                  [mat-dialog-close]="false">
-            {{ 'action.cancel' | translate }}
-          </button>
-          <button mat-raised-button
-                  type="button"
-                  color="primary"
-                  matStepperNext>
-            Next
-          </button>
-        </div>
-      </div>
-    </mat-step>
-    <mat-step [stepControl]="totpConfigForm">
-      <ng-template matStepLabel>Authentication verification</ng-template>
-      <form [formGroup]="totpConfigForm" style="display: block">
-        <p class="mat-body-strong">1. Scan this QR code with your verification app</p>
-        <p class="mat-body" style="margin-bottom: 8px">Once your app reads the QR code, you'll get a 6-digit code.</p>
-        <canvas fxFlex #canvas [ngStyle]="{display: totpAuthURL ? 'block' : 'none'}"></canvas>
-        <p class="mat-body-strong">2. Enter the 6-digit code here</p>
-        <p class="mat-body" style="max-width: 480px;">Enter the code from the app below. Once connected, we'll remember your phone so you can use it each time you log in.</p>
-        <mat-form-field class="mat-block" appearance="fill" style="max-width: 200px;">
-          <mat-label>6-digit code</mat-label>
-          <input matInput formControlName="verificationCode" required maxlength="6" type="text" pattern="\d*">
-        </mat-form-field>
-        <div fxLayout="row" fxLayoutAlign="end center">
-          <button mat-button
-                  type="button"
-                  [mat-dialog-close]="false">
-            {{ 'action.cancel' | translate }}
-          </button>
-          <button mat-raised-button
-                  type="button"
-                  color="primary"
-                  [disabled]="(isLoading$ | async) || totpConfigForm.invalid"
-                  (click)="onSaveConfig()">
-            Next
-          </button>
-        </div>
-      </form>
-    </mat-step>
-    <mat-step>
-      <ng-template matStepLabel matStepperIcon="done">Two-factor authentication activated</ng-template>
-      <div>
-        <h2 class="mat-h2">Success</h2>
-        <p class="mat-body" style="max-width: 480px;">The next time you login from an unrecognized browser or device, you will need to provide a two-factor authentication code.</p>
-        <div fxLayout="row" fxLayoutAlign="end center">
-          <button mat-button
-                  type="button"
-                  [mat-dialog-close]="true">
-            Done
-          </button>
-        </div>
-      </div>
-    </mat-step>
-  </mat-stepper>
-</div>
diff --git a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/totp-auth-dialog.component.scss b/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/totp-auth-dialog.component.scss
deleted file mode 100644
index ec6f008a80..0000000000
--- a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/totp-auth-dialog.component.scss
+++ /dev/null
@@ -1,15 +0,0 @@
-/**
- * Copyright © 2016-2022 The Thingsboard Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
diff --git a/ui-ngx/src/app/modules/home/pages/profile/profile-routing.module.ts b/ui-ngx/src/app/modules/home/pages/profile/profile-routing.module.ts
index e7dae87288..440db606fd 100644
--- a/ui-ngx/src/app/modules/home/pages/profile/profile-routing.module.ts
+++ b/ui-ngx/src/app/modules/home/pages/profile/profile-routing.module.ts
@@ -26,8 +26,6 @@ import { AppState } from '@core/core.state';
 import { UserService } from '@core/http/user.service';
 import { getCurrentAuthUser } from '@core/auth/auth.selectors';
 import { Observable } from 'rxjs';
-import { TwoFactorAuthProviderType } from '@shared/models/two-factor-auth.models';
-import { TwoFactorAuthenticationService } from '@core/http/two-factor-authentication.service';
 
 @Injectable()
 export class UserProfileResolver implements Resolve<User> {
@@ -42,17 +40,6 @@ export class UserProfileResolver implements Resolve<User> {
   }
 }
 
-@Injectable()
-export class UserTwoFAProvidersResolver implements Resolve<Array<TwoFactorAuthProviderType>> {
-
-  constructor(private twoFactorAuthService: TwoFactorAuthenticationService) {
-  }
-
-  resolve(): Observable<Array<TwoFactorAuthProviderType>> {
-    return this.twoFactorAuthService.getAvailableTwoFaProviders();
-  }
-}
-
 const routes: Routes = [
   {
     path: 'profile',
@@ -67,8 +54,7 @@ const routes: Routes = [
       }
     },
     resolve: {
-      user: UserProfileResolver,
-      providers: UserTwoFAProvidersResolver
+      user: UserProfileResolver
     }
   }
 ];
@@ -77,8 +63,7 @@ const routes: Routes = [
   imports: [RouterModule.forChild(routes)],
   exports: [RouterModule],
   providers: [
-    UserProfileResolver,
-    UserTwoFAProvidersResolver
+    UserProfileResolver
   ]
 })
 export class ProfileRoutingModule { }
diff --git a/ui-ngx/src/app/modules/home/pages/profile/profile.component.html b/ui-ngx/src/app/modules/home/pages/profile/profile.component.html
index a1e9ec0523..7300f7ea7c 100644
--- a/ui-ngx/src/app/modules/home/pages/profile/profile.component.html
+++ b/ui-ngx/src/app/modules/home/pages/profile/profile.component.html
@@ -18,12 +18,13 @@
 <div>
   <mat-card class="profile-card">
     <mat-card-title>
-      <div fxLayout="row" fxLayout.xs="column" fxLayoutGap.xs="8px">
+      <div fxLayout="row" fxLayout.xs="column" fxLayoutGap.xs="8px"
+           fxLayoutAlign="space-between start" fxLayoutAlign.xs="start start">
         <div fxFlex fxLayout="column">
           <span class="mat-headline" translate>profile.profile</span>
           <span class="profile-email" style='opacity: 0.7;'>{{ profile ? profile.get('email').value : '' }}</span>
         </div>
-        <div fxFlex fxLayout="column">
+        <div fxLayout="column">
           <span class="mat-subheader" translate>profile.last-login-time</span>
           <span class="profile-last-login-ts" style='opacity: 0.7;'>{{ user?.additionalInfo?.lastLoginTs | date:'yyyy-MM-dd HH:mm:ss'  }}</span>
         </div>
@@ -77,21 +78,23 @@
               {{ 'dashboard.home-dashboard-hide-toolbar' | translate }}
             </mat-checkbox>
           </section>
-          <div fxLayout="row" style="padding-bottom: 16px;">
-            <button mat-button mat-raised-button color="primary"
-                    type="button"
-                    [disabled]="(isLoading$ | async)" (click)="changePassword()">
-              {{'profile.change-password' | translate}}
-            </button>
-          </div>
-          <div fxLayout="row" fxLayoutAlign=" center" style="padding-bottom: 16px;">
-            <button mat-raised-button
-                    type="button"
-                    (click)="copyToken()">
-              <mat-icon svgIcon="mdi:clipboard-arrow-left"></mat-icon>
-              <span>{{ 'profile.copy-jwt-token' | translate }}</span>
-            </button>
-            <span class="profile-btn-subtext">{{ expirationJwtData }}</span>
+          <div fxLayout="row" fxLayoutGap="16px" style="padding-bottom: 16px; margin-top: 20px;">
+            <div>
+              <button mat-button mat-raised-button color="primary"
+                      type="button"
+                      [disabled]="(isLoading$ | async)" (click)="changePassword()">
+                {{'profile.change-password' | translate}}
+              </button>
+            </div>
+            <div>
+              <button mat-raised-button
+                      type="button"
+                      (click)="copyToken()">
+                <mat-icon svgIcon="mdi:clipboard-arrow-left"></mat-icon>
+                <span>{{ 'profile.copy-jwt-token' | translate }}</span>
+              </button>
+              <div class="profile-btn-subtext">{{ expirationJwtData }}</div>
+            </div>
           </div>
           <div fxLayout="row" fxLayoutAlign="end start">
             <button mat-button mat-raised-button color="primary"
@@ -104,66 +107,4 @@
       </form>
     </mat-card-content>
   </mat-card>
-  <mat-card class="profile-card" *ngIf="allowTwoFactorAuth">
-    <mat-card-title>
-      <span class="mat-title">Two-factor authentication</span>
-    </mat-card-title>
-    <mat-card-content>
-      <div class="mat-body-1 description">
-        Two-Factor Authentication (2FA) can be used to help protect your account from unauthorized access by requiring you to enter a security code when you sign in.
-      </div>
-      <div class="mat-body-2">Available authentication methods:</div>
-      <form [formGroup]="twoFactorAuth">
-        <fieldset [disabled]="isLoading$ | async">
-          <mat-radio-group formControlName="useByDefault">
-            <div *ngIf="allowTOTP2faProvider" class="provider">
-              <h3 class="mat-h3">Third-Party authentication app</h3>
-              <div fxLayout="row" fxLayoutAlign="space-between start">
-                <div class="mat-body-1 description">
-                  Use an Authenticator App as your Two-Factor Authentication. When you sign in you’ll be required to use the security code provided by your Authenticator App.
-                </div>
-                <mat-slide-toggle formControlName="TOTP"
-                                  (click)="confirm2FAChange($event, twoFactorAuthProviderType.TOTP)">
-                </mat-slide-toggle>
-              </div>
-              <mat-radio-button [value]="twoFactorAuthProviderType.TOTP"
-                                *ngIf="twoFactorAuth.get('TOTP').value">
-                <span class="checkbox-label">Make this my primary Two-Factor authentication method</span>
-              </mat-radio-button>
-            </div>
-            <div *ngIf="allowSMS2faProvider" class="provider">
-              <h3 class="mat-h3">SMS authentication</h3>
-              <div fxLayout="row" fxLayoutAlign="space-between start">
-                <div class="mat-body-1 description">
-                  Use your phone as your Two-Factor Authentication when you sign in you’ll be required to use the security code we send you via SMS message.
-                </div>
-                <mat-slide-toggle formControlName="SMS"
-                                  (click)="confirm2FAChange($event, twoFactorAuthProviderType.SMS)">
-                </mat-slide-toggle>
-              </div>
-              <mat-radio-button [value]="twoFactorAuthProviderType.SMS"
-                                *ngIf="twoFactorAuth.get('SMS').value">
-                <span class="checkbox-label">Make this my primary Two-Factor authentication method</span>
-              </mat-radio-button>
-            </div>
-            <div *ngIf="allowEmail2faProvider" class="provider">
-              <h3 class="mat-h3">Email authentication</h3>
-              <div fxLayout="row" fxLayoutAlign="space-between start">
-                <div class="mat-body-1 description">
-                  Use a security code sent to your email address as your Two-Factor Authentication (2FA). The security code will be sent to the address associated with your account. You’ll need to use it in when you sign in.
-                </div>
-                <mat-slide-toggle formControlName="EMAIL"
-                                  (click)="confirm2FAChange($event, twoFactorAuthProviderType.EMAIL)">
-                </mat-slide-toggle>
-              </div>
-              <mat-radio-button [value]="twoFactorAuthProviderType.EMAIL"
-                                *ngIf="twoFactorAuth.get('EMAIL').value">
-                <span class="checkbox-label">Make this my primary Two-Factor authentication method</span>
-              </mat-radio-button>
-            </div>
-          </mat-radio-group>
-        </fieldset>
-      </form>
-    </mat-card-content>
-  </mat-card>
 </div>
diff --git a/ui-ngx/src/app/modules/home/pages/profile/profile.component.scss b/ui-ngx/src/app/modules/home/pages/profile/profile.component.scss
index f3f41c41d8..737c7c0999 100644
--- a/ui-ngx/src/app/modules/home/pages/profile/profile.component.scss
+++ b/ui-ngx/src/app/modules/home/pages/profile/profile.component.scss
@@ -39,8 +39,10 @@
       font-weight: 400;
     }
     .profile-btn-subtext {
-      opacity: 0.7;
-      padding: 10px;
+      font: 400 14px / 16px Roboto, "Helvetica Neue", sans-serif;
+      letter-spacing: 0.25px;
+      opacity: 0.6;
+      padding: 8px 0;
     }
     .tb-home-dashboard {
       tb-dashboard-autocomplete {
@@ -59,21 +61,4 @@
       }
     }
   }
-  .description {
-    padding-bottom: 8px;
-    color: #808080;
-    margin-right: 8px;
-  }
-
-  .provider {
-    padding: 14px 0;
-
-    .mat-h3 {
-      margin-bottom: 8px;
-    }
-
-    .checkbox-label {
-      font-size: 14px;
-    }
-  }
 }
diff --git a/ui-ngx/src/app/modules/home/pages/profile/profile.component.ts b/ui-ngx/src/app/modules/home/pages/profile/profile.component.ts
index 0c676aca46..76187b58c2 100644
--- a/ui-ngx/src/app/modules/home/pages/profile/profile.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/profile/profile.component.ts
@@ -14,7 +14,7 @@
 /// limitations under the License.
 ///
 
-import { Component, OnInit, ViewChild } from '@angular/core';
+import { Component, OnInit } from '@angular/core';
 import { UserService } from '@core/http/user.service';
 import { AuthUser, User } from '@shared/models/user.model';
 import { Authority } from '@shared/models/authority.enum';
@@ -37,12 +37,6 @@ import { getCurrentAuthUser } from '@core/auth/auth.selectors';
 import { ActionNotificationShow } from '@core/notification/notification.actions';
 import { DatePipe } from '@angular/common';
 import { ClipboardService } from 'ngx-clipboard';
-import { TwoFactorAuthenticationService } from '@core/http/two-factor-authentication.service';
-import { AccountTwoFaSettings, TwoFactorAuthProviderType } from '@shared/models/two-factor-auth.models';
-import { MatSlideToggle } from '@angular/material/slide-toggle';
-import { TotpAuthDialogComponent } from '@home/pages/profile/authentication-dialog/totp-auth-dialog.component';
-import { SMSAuthDialogComponent } from '@home/pages/profile/authentication-dialog/sms-auth-dialog.component';
-import { EmailAuthDialogComponent, } from '@home/pages/profile/authentication-dialog/email-auth-dialog.component';
 
 @Component({
   selector: 'tb-profile',
@@ -53,25 +47,8 @@ export class ProfileComponent extends PageComponent implements OnInit, HasConfir
 
   authorities = Authority;
   profile: FormGroup;
-  twoFactorAuth: FormGroup;
   user: User;
   languageList = env.supportedLangs;
-  allowTwoFactorAuth = false;
-  allowSMS2faProvider = false;
-  allowTOTP2faProvider = false;
-  allowEmail2faProvider = false;
-  twoFactorAuthProviderType = TwoFactorAuthProviderType;
-
-  @ViewChild('totp') totp: MatSlideToggle;
-
-  private authDialogMap = new Map<TwoFactorAuthProviderType, any>(
-[
-          [TwoFactorAuthProviderType.TOTP, TotpAuthDialogComponent],
-          [TwoFactorAuthProviderType.SMS, SMSAuthDialogComponent],
-          [TwoFactorAuthProviderType.EMAIL, EmailAuthDialogComponent]
-      ]
-  );
-
   private readonly authUser: AuthUser;
 
   get jwtToken(): string {
@@ -92,7 +69,6 @@ export class ProfileComponent extends PageComponent implements OnInit, HasConfir
               private userService: UserService,
               private authService: AuthService,
               private translate: TranslateService,
-              private twoFaService: TwoFactorAuthenticationService,
               public dialog: MatDialog,
               public dialogService: DialogService,
               public fb: FormBuilder,
@@ -104,9 +80,7 @@ export class ProfileComponent extends PageComponent implements OnInit, HasConfir
 
   ngOnInit() {
     this.buildProfileForm();
-    this.buildTwoFactorForm();
     this.userLoaded(this.route.snapshot.data.user);
-    this.twoFactorLoad(this.route.snapshot.data.providers);
   }
 
   private buildProfileForm() {
@@ -120,19 +94,6 @@ export class ProfileComponent extends PageComponent implements OnInit, HasConfir
     });
   }
 
-  private buildTwoFactorForm() {
-    this.twoFactorAuth = this.fb.group({
-      TOTP: [false],
-      SMS: [false],
-      EMAIL: [false],
-      useByDefault: [null]
-    });
-    this.twoFactorAuth.get('useByDefault').valueChanges.subscribe(value => {
-      this.twoFaService.updateTwoFaAccountConfig(value, true, {ignoreLoading: true})
-        .subscribe(data => this.processTwoFactorAuthConfig(data));
-    });
-  }
-
   save(): void {
     this.user = {...this.user, ...this.profile.value};
     if (!this.user.additionalInfo) {
@@ -190,37 +151,6 @@ export class ProfileComponent extends PageComponent implements OnInit, HasConfir
     this.profile.get('homeDashboardHideToolbar').setValue(homeDashboardHideToolbar);
   }
 
-  private twoFactorLoad(providers: TwoFactorAuthProviderType[]) {
-    if (providers.length) {
-      this.allowTwoFactorAuth = true;
-      this.twoFaService.getAccountTwoFaSettings().subscribe(data => this.processTwoFactorAuthConfig(data));
-      providers.forEach(provider => {
-        switch (provider) {
-          case TwoFactorAuthProviderType.SMS:
-            this.allowSMS2faProvider = true;
-            break;
-          case TwoFactorAuthProviderType.TOTP:
-            this.allowTOTP2faProvider = true;
-            break;
-          case TwoFactorAuthProviderType.EMAIL:
-            this.allowEmail2faProvider = true;
-            break;
-        }
-      });
-    }
-  }
-
-  private processTwoFactorAuthConfig(setting?: AccountTwoFaSettings) {
-    if (setting) {
-      Object.values(setting.configs).forEach(config => {
-        this.twoFactorAuth.get(config.providerType).setValue(true);
-        if (config.useByDefault) {
-          this.twoFactorAuth.get('useByDefault').setValue(config.providerType, {emitEvent: false});
-        }
-      });
-    }
-  }
-
   confirmForm(): FormGroup {
     return this.profile;
   }
@@ -249,31 +179,4 @@ export class ProfileComponent extends PageComponent implements OnInit, HasConfir
       }));
     }
   }
-
-  confirm2FAChange(event: MouseEvent, provider: TwoFactorAuthProviderType) {
-    event.stopPropagation();
-    event.preventDefault();
-    const providerName = provider === TwoFactorAuthProviderType.TOTP ? 'authenticator app' : `${provider.toLowerCase()} authentication`;
-    if (this.twoFactorAuth.get(provider).value) {
-      this.dialogService.confirm(`Are you sure you want to disable ${providerName}?`,
-        `Disabling ${providerName} will make your account less secure`).subscribe(res => {
-        if (res) {
-          this.twoFaService.deleteTwoFaAccountConfig(provider).subscribe(data => this.processTwoFactorAuthConfig(data));
-        }
-      });
-    } else {
-      this.dialog.open(this.authDialogMap.get(provider), {
-        disableClose: true,
-        panelClass: ['tb-dialog', 'tb-fullscreen-dialog'],
-        data: {
-          email: this.user.email
-        }
-      }).afterClosed().subscribe(res => {
-        if (res) {
-          this.twoFactorAuth.get(provider).setValue(res);
-          this.twoFactorAuth.get('useByDefault').setValue(provider, {emitEvent: false});
-        }
-      });
-    }
-  }
 }
diff --git a/ui-ngx/src/app/modules/home/pages/profile/profile.module.ts b/ui-ngx/src/app/modules/home/pages/profile/profile.module.ts
index 5210158537..4a8bcab074 100644
--- a/ui-ngx/src/app/modules/home/pages/profile/profile.module.ts
+++ b/ui-ngx/src/app/modules/home/pages/profile/profile.module.ts
@@ -20,17 +20,11 @@ import { ProfileComponent } from './profile.component';
 import { SharedModule } from '@shared/shared.module';
 import { ProfileRoutingModule } from './profile-routing.module';
 import { ChangePasswordDialogComponent } from '@modules/home/pages/profile/change-password-dialog.component';
-import { TotpAuthDialogComponent } from './authentication-dialog/totp-auth-dialog.component';
-import { SMSAuthDialogComponent } from '@home/pages/profile/authentication-dialog/sms-auth-dialog.component';
-import { EmailAuthDialogComponent } from '@home/pages/profile/authentication-dialog/email-auth-dialog.component';
 
 @NgModule({
   declarations: [
     ProfileComponent,
-    ChangePasswordDialogComponent,
-    TotpAuthDialogComponent,
-    SMSAuthDialogComponent,
-    EmailAuthDialogComponent
+    ChangePasswordDialogComponent
   ],
   imports: [
     CommonModule,
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/authentication-dialog.component.scss b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/authentication-dialog.component.scss
new file mode 100644
index 0000000000..9b8b17b102
--- /dev/null
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/authentication-dialog.component.scss
@@ -0,0 +1,77 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+:host{
+  .mat-toolbar > h2 {
+    font-weight: 400;
+    letter-spacing: 0.25px;
+  }
+
+  form {
+    display: block;
+  }
+
+  .mat-body-1 {
+    margin-bottom: 0;
+    letter-spacing: 0.25px;
+
+    &:not(:first-of-type) {
+      margin: 0 0 8px;
+    }
+  }
+
+  .input-container {
+    max-width: 290px;
+  }
+
+  .code-container {
+    max-width: 170px;
+  }
+
+  .result-title {
+    font: 500 18px / 24px Roboto, "Helvetica Neue", sans-serif;
+    letter-spacing: 0.1px;
+    margin: 8px 0;
+    text-align: center;
+  }
+
+  .result-description {
+    text-align: center;
+    margin: 0 0 16px;
+    letter-spacing: 0.25px;
+    max-width: 500px;
+  }
+
+  .step-description {
+    max-width: 450px;
+    &.input {
+      margin: 12px 0 0;
+    }
+  }
+
+  .qr-code-description {
+    text-align: center;
+    max-width: 180px;
+    letter-spacing: 0.25px;
+    color: rgba(0, 0, 0, 0.87);
+    margin-bottom: 0;
+  }
+
+  & ::ng-deep {
+    .mat-horizontal-stepper-header{
+      pointer-events: none !important;
+    }
+  }
+}
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/authentication-dialog.map.ts b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/authentication-dialog.map.ts
new file mode 100644
index 0000000000..503fdd69a6
--- /dev/null
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/authentication-dialog.map.ts
@@ -0,0 +1,29 @@
+///
+/// Copyright © 2016-2022 The Thingsboard Authors
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     http://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+///
+
+import { Type } from '@angular/core';
+import { TwoFactorAuthProviderType } from '@shared/models/two-factor-auth.models';
+import { TotpAuthDialogComponent } from './totp-auth-dialog.component';
+import { SMSAuthDialogComponent } from './sms-auth-dialog.component';
+import { EmailAuthDialogComponent } from './email-auth-dialog.component';
+
+export const authenticationDialogMap = new Map<TwoFactorAuthProviderType, Type<any>>(
+  [
+    [TwoFactorAuthProviderType.TOTP, TotpAuthDialogComponent],
+    [TwoFactorAuthProviderType.SMS, SMSAuthDialogComponent],
+    [TwoFactorAuthProviderType.EMAIL, EmailAuthDialogComponent]
+  ]
+);
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.html b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.html
new file mode 100644
index 0000000000..d591dc7261
--- /dev/null
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.html
@@ -0,0 +1,102 @@
+<!--
+
+    Copyright © 2016-2022 The Thingsboard Authors
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+-->
+<mat-toolbar fxLayout="row" color="primary">
+  <h2 translate>security.2fa.dialog.enable-email-title</h2>
+  <span fxFlex></span>
+  <button mat-icon-button
+          (click)="closeDialog()"
+          type="button">
+    <mat-icon class="material-icons">close</mat-icon>
+  </button>
+</mat-toolbar>
+<mat-progress-bar color="warn" mode="indeterminate" *ngIf="isLoading$ | async">
+</mat-progress-bar>
+<div style="height: 4px;" *ngIf="!(isLoading$ | async)"></div>
+<div mat-dialog-content tb-toast style="padding: 0">
+  <mat-stepper [linear]="true" #stepper>
+    <ng-template matStepperIcon="edit">
+      <mat-icon>done</mat-icon>
+    </ng-template>
+    <mat-step [stepControl]="emailConfigForm">
+      <ng-template matStepLabel>{{ 'security.2fa.dialog.email-step-label' | translate }}</ng-template>
+      <form [formGroup]="emailConfigForm" (ngSubmit)="nextStep()">
+        <p class="mat-body step-description input" translate>security.2fa.dialog.email-step-description</p>
+        <div fxLayout="row" fxLayoutAlign="space-between center">
+          <mat-form-field fxFlex class="mat-block input-container" floatLabel="always">
+            <mat-label></mat-label>
+            <input matInput formControlName="email"
+                   placeholder="{{ 'security.2fa.dialog.email-step-label' | translate }}" />
+            <mat-error *ngIf="emailConfigForm.get('email').hasError('required')">
+              {{ 'user.email-required' | translate }}
+            </mat-error>
+            <mat-error *ngIf="emailConfigForm.get('email').hasError('email')">
+              {{ 'user.invalid-email-format' | translate }}
+            </mat-error>
+          </mat-form-field>
+          <button mat-raised-button
+                  type="submit"
+                  color="primary"
+                  [disabled]="(isLoading$ | async) || emailConfigForm.invalid">
+            {{ 'security.2fa.dialog.send-code' | translate }}
+          </button>
+        </div>
+      </form>
+    </mat-step>
+    <mat-step [stepControl]="emailVerificationForm">
+      <ng-template matStepLabel>{{ 'security.2fa.dialog.verification-step-label' | translate }}</ng-template>
+      <form [formGroup]="emailVerificationForm" (ngSubmit)="nextStep()">
+        <p class="mat-body step-description input">
+          {{ 'security.2fa.dialog.verification-step-description' | translate : {address: emailConfigForm.get('email').value} }}
+        </p>
+        <div fxLayout="row" fxLayoutAlign="space-between center">
+          <mat-form-field fxFlex class="mat-block code-container" floatLabel="always">
+            <mat-label></mat-label>
+            <input matInput formControlName="verificationCode"
+                   maxlength="6" type="text"
+                   pattern="\d*"
+                   placeholder="{{ 'security.2fa.dialog.verification-code' | translate }}">
+            <mat-error *ngIf="emailVerificationForm.get('verificationCode').invalid">
+              {{ 'security.2fa.dialog.verification-code-invalid' | translate }}
+            </mat-error>
+          </mat-form-field>
+          <button mat-raised-button
+                  type="submit"
+                  color="primary"
+                  [disabled]="(isLoading$ | async) || emailVerificationForm.invalid">
+            {{ 'security.2fa.dialog.activate' | translate }}
+          </button>
+        </div>
+      </form>
+    </mat-step>
+    <mat-step>
+      <ng-template matStepLabel matStepperIcon="done">{{ 'security.2fa.dialog.activation-step-label' | translate }}</ng-template>
+      <div>
+        <h3 class="result-title" translate>security.2fa.dialog.success</h3>
+        <p class="mat-body result-description" translate>security.2fa.dialog.activation-step-description-email</p>
+        <div fxLayout="row" fxLayoutAlign="end center">
+          <button mat-raised-button
+                  type="button"
+                  color="primary"
+                  [mat-dialog-close]="true">
+            {{ 'import.stepper-text.done' | translate }}
+          </button>
+        </div>
+      </div>
+    </mat-step>
+  </mat-stepper>
+</div>
diff --git a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/email-auth-dialog.component.ts b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.ts
similarity index 71%
rename from ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/email-auth-dialog.component.ts
rename to ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.ts
index be5976c78b..166ff799b7 100644
--- a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/email-auth-dialog.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.ts
@@ -32,7 +32,7 @@ export interface EmailAuthDialogData {
 @Component({
   selector: 'tb-email-auth-dialog',
   templateUrl: './email-auth-dialog.component.html',
-  styleUrls: ['./email-auth-dialog.component.scss']
+  styleUrls: ['./authentication-dialog.component.scss']
 })
 export class EmailAuthDialogComponent extends DialogComponent<EmailAuthDialogComponent> {
 
@@ -68,20 +68,28 @@ export class EmailAuthDialogComponent extends DialogComponent<EmailAuthDialogCom
   nextStep() {
     switch (this.stepper.selectedIndex) {
       case 0:
-        this.authAccountConfig = {
-          providerType: TwoFactorAuthProviderType.EMAIL,
-          useByDefault: true,
-          email: this.emailConfigForm.get('email').value as string
-        };
-        this.twoFaService.submitTwoFaAccountConfig(this.authAccountConfig).subscribe(() => {
-          this.stepper.next();
-        });
+        if (this.emailConfigForm.valid) {
+          this.authAccountConfig = {
+            providerType: TwoFactorAuthProviderType.EMAIL,
+            useByDefault: true,
+            email: this.emailConfigForm.get('email').value as string
+          };
+          this.twoFaService.submitTwoFaAccountConfig(this.authAccountConfig).subscribe(() => {
+            this.stepper.next();
+          });
+        } else {
+          this.showFormErrors(this.emailConfigForm);
+        }
         break;
       case 1:
-        this.twoFaService.verifyAndSaveTwoFaAccountConfig(this.authAccountConfig,
-                                                          this.emailVerificationForm.get('verificationCode').value).subscribe(() => {
-          this.stepper.next();
-        });
+        if (this.emailVerificationForm.valid) {
+          this.twoFaService.verifyAndSaveTwoFaAccountConfig(this.authAccountConfig,
+            this.emailVerificationForm.get('verificationCode').value).subscribe(() => {
+            this.stepper.next();
+          });
+        } else {
+          this.showFormErrors(this.emailVerificationForm);
+        }
         break;
     }
   }
@@ -90,4 +98,10 @@ export class EmailAuthDialogComponent extends DialogComponent<EmailAuthDialogCom
     return this.dialogRef.close(this.stepper.selectedIndex > 1);
   }
 
+  private showFormErrors(form: FormGroup) {
+    Object.keys(form.controls).forEach(field => {
+      const control = form.get(field);
+      control.markAsTouched({onlySelf: true});
+    });
+  }
 }
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.html b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.html
new file mode 100644
index 0000000000..61b093dd00
--- /dev/null
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.html
@@ -0,0 +1,105 @@
+<!--
+
+    Copyright © 2016-2022 The Thingsboard Authors
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+-->
+<mat-toolbar fxLayout="row" color="primary">
+  <h2 translate>security.2fa.dialog.enable-sms-title</h2>
+  <span fxFlex></span>
+  <button mat-icon-button
+          (click)="closeDialog()"
+          type="button">
+    <mat-icon class="material-icons">close</mat-icon>
+  </button>
+</mat-toolbar>
+<mat-progress-bar color="warn" mode="indeterminate" *ngIf="isLoading$ | async">
+</mat-progress-bar>
+<div style="height: 4px;" *ngIf="!(isLoading$ | async)"></div>
+<div mat-dialog-content tb-toast style="padding: 0">
+  <mat-stepper linear #stepper>
+    <ng-template matStepperIcon="edit">
+      <mat-icon>done</mat-icon>
+    </ng-template>
+    <mat-step [stepControl]="smsConfigForm">
+      <ng-template matStepLabel>{{ 'security.2fa.dialog.sms-step-label' | translate }}</ng-template>
+      <form [formGroup]="smsConfigForm" (ngSubmit)="nextStep()">
+        <p class="mat-body step-description input" translate>security.2fa.dialog.sms-step-description</p>
+        <div fxLayout="row" fxLayoutAlign="space-between center">
+          <mat-form-field  fxFlex class="mat-block input-container" floatLabel="always">
+            <mat-label></mat-label>
+            <input type="tel"
+                   [pattern]="phoneNumberPattern"
+                   matInput formControlName="phone"
+                   placeholder="{{ 'security.2fa.dialog.sms-step-label' | translate }}">
+            <mat-error *ngIf="smsConfigForm.get('phone').hasError('required')">
+              {{ 'admin.number-to-required' | translate }}
+            </mat-error>
+            <mat-error *ngIf="smsConfigForm.get('phone').hasError('pattern')">
+              {{ 'admin.phone-number-pattern' | translate }}
+            </mat-error>
+            <mat-hint innerHTML="{{ 'admin.phone-number-hint' | translate }}"></mat-hint>
+          </mat-form-field>
+          <button mat-raised-button
+                  type="submit"
+                  color="primary"
+                  [disabled]="(isLoading$ | async) || smsConfigForm.invalid">
+            {{ 'security.2fa.dialog.send-code' | translate }}
+          </button>
+        </div>
+      </form>
+    </mat-step>
+    <mat-step [stepControl]="smsVerificationForm">
+      <ng-template matStepLabel>{{ 'security.2fa.dialog.verification-step-label' | translate }}</ng-template>
+      <form [formGroup]="smsVerificationForm" (ngSubmit)="nextStep()">
+        <p class="mat-body step-description input">
+          {{ 'security.2fa.dialog.verification-step-description' | translate : {address: smsConfigForm.get('phone').value} }}
+        </p>
+        <div fxLayout="row" fxLayoutAlign="space-between center">
+          <mat-form-field fxFlex class="mat-block code-container" floatLabel="always">
+            <mat-label></mat-label>
+            <input matInput formControlName="verificationCode"
+                   maxlength="6" type="text"
+                   pattern="\d*"
+                   placeholder="{{ 'security.2fa.dialog.verification-code' | translate }}">
+            <mat-error *ngIf="smsVerificationForm.get('verificationCode').invalid">
+              {{ 'security.2fa.dialog.verification-code-invalid' | translate }}
+            </mat-error>
+          </mat-form-field>
+          <button mat-raised-button
+                  type="submit"
+                  color="primary"
+                  [disabled]="(isLoading$ | async) || smsVerificationForm.invalid">
+            {{ 'security.2fa.dialog.activate' | translate }}
+          </button>
+        </div>
+      </form>
+    </mat-step>
+    <mat-step>
+      <ng-template matStepLabel matStepperIcon="done">{{ 'security.2fa.dialog.activation-step-label' | translate }}</ng-template>
+      <div>
+        <h3 class="result-title" translate>security.2fa.dialog.success</h3>
+        <p class="mat-body result-description" translate>security.2fa.dialog.activation-step-description-sms</p>
+        <div fxLayout="row" fxLayoutAlign="end center">
+          <button mat-raised-button
+                  type="button"
+                  color="primary"
+                  [mat-dialog-close]="true">
+            {{ 'import.stepper-text.done' | translate }}
+          </button>
+        </div>
+      </div>
+    </mat-step>
+  </mat-stepper>
+</div>
diff --git a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/sms-auth-dialog.component.ts b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.ts
similarity index 71%
rename from ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/sms-auth-dialog.component.ts
rename to ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.ts
index ed707922eb..030b67fd7a 100644
--- a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/sms-auth-dialog.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.ts
@@ -29,7 +29,7 @@ import { MatStepper } from '@angular/material/stepper';
 @Component({
   selector: 'tb-sms-auth-dialog',
   templateUrl: './sms-auth-dialog.component.html',
-  styleUrls: ['./sms-auth-dialog.component.scss']
+  styleUrls: ['./authentication-dialog.component.scss']
 })
 export class SMSAuthDialogComponent extends DialogComponent<SMSAuthDialogComponent> {
 
@@ -66,20 +66,28 @@ export class SMSAuthDialogComponent extends DialogComponent<SMSAuthDialogCompone
   nextStep() {
     switch (this.stepper.selectedIndex) {
       case 0:
-        this.authAccountConfig = {
-          providerType: TwoFactorAuthProviderType.SMS,
-          useByDefault: true,
-          phoneNumber: this.smsConfigForm.get('phone').value as string
-        };
-        this.twoFaService.submitTwoFaAccountConfig(this.authAccountConfig).subscribe(() => {
-          this.stepper.next();
-        });
+        if (this.smsConfigForm.valid) {
+          this.authAccountConfig = {
+            providerType: TwoFactorAuthProviderType.SMS,
+            useByDefault: true,
+            phoneNumber: this.smsConfigForm.get('phone').value as string
+          };
+          this.twoFaService.submitTwoFaAccountConfig(this.authAccountConfig).subscribe(() => {
+            this.stepper.next();
+          });
+        } else {
+          this.showFormErrors(this.smsConfigForm);
+        }
         break;
       case 1:
-        this.twoFaService.verifyAndSaveTwoFaAccountConfig(this.authAccountConfig,
-                                                          this.smsVerificationForm.get('verificationCode').value).subscribe(() => {
-          this.stepper.next();
-        });
+        if (this.smsVerificationForm.valid) {
+          this.twoFaService.verifyAndSaveTwoFaAccountConfig(this.authAccountConfig,
+            this.smsVerificationForm.get('verificationCode').value).subscribe(() => {
+            this.stepper.next();
+          });
+        } else {
+          this.showFormErrors(this.smsVerificationForm);
+        }
         break;
     }
   }
@@ -88,4 +96,10 @@ export class SMSAuthDialogComponent extends DialogComponent<SMSAuthDialogCompone
     return this.dialogRef.close(this.stepper.selectedIndex > 1);
   }
 
+  private showFormErrors(form: FormGroup) {
+    Object.keys(form.controls).forEach(field => {
+      const control = form.get(field);
+      control.markAsTouched({onlySelf: true});
+    });
+  }
 }
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.html b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.html
new file mode 100644
index 0000000000..6de8259011
--- /dev/null
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.html
@@ -0,0 +1,92 @@
+<!--
+
+    Copyright © 2016-2022 The Thingsboard Authors
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+-->
+<mat-toolbar fxLayout="row" color="primary">
+  <h2 translate>security.2fa.dialog.enable-totp-title</h2>
+  <span fxFlex></span>
+  <button mat-icon-button
+          (click)="closeDialog()"
+          type="button">
+    <mat-icon class="material-icons">close</mat-icon>
+  </button>
+</mat-toolbar>
+<mat-progress-bar color="warn" mode="indeterminate" *ngIf="isLoading$ | async">
+</mat-progress-bar>
+<div style="height: 4px;" *ngIf="!(isLoading$ | async)"></div>
+<div mat-dialog-content tb-toast style="padding: 0">
+  <mat-stepper linear #stepper>
+    <ng-template matStepperIcon="edit">
+      <mat-icon>done</mat-icon>
+    </ng-template>
+    <mat-step>
+      <ng-template matStepLabel>{{ 'security.2fa.dialog.totp-step-label' | translate }}</ng-template>
+      <div>
+        <p class="mat-body-1" translate>security.2fa.dialog.totp-step-description-open</p>
+        <p class="mat-body-1" translate>security.2fa.dialog.totp-step-description-install</p>
+        <div fxLayout="row" fxLayoutAlign="end center">
+          <button mat-raised-button
+                  type="button"
+                  color="primary"
+                  matStepperNext>
+            {{ 'security.2fa.dialog.next' | translate }}
+          </button>
+        </div>
+      </div>
+    </mat-step>
+    <mat-step [stepControl]="totpConfigForm">
+      <ng-template matStepLabel>{{ 'security.2fa.dialog.verification-step-label' | translate }}</ng-template>
+      <form [formGroup]="totpConfigForm" fxLayoutAlign="start center" fxLayout="column" (ngSubmit)="onSaveConfig()">
+        <p class="mat-body qr-code-description" translate>security.2fa.dialog.scan-qr-code</p>
+        <canvas fxFlex #canvas [ngStyle]="{display: totpAuthURL ? 'block' : 'none'}"></canvas>
+        <p class="mat-body qr-code-description" style="margin-top: 30px;" translate>security.2fa.dialog.enter-verification-code</p>
+        <mat-form-field fxFlex class="mat-block code-container" floatLabel="always">
+          <mat-label></mat-label>
+          <input matInput formControlName="verificationCode"
+                 maxlength="6" type="text"
+                 pattern="\d*"
+                 placeholder="{{ 'security.2fa.dialog.verification-code' | translate }}">
+          <mat-error *ngIf="totpConfigForm.get('verificationCode').invalid">
+            {{ 'security.2fa.dialog.verification-code-invalid' | translate }}
+          </mat-error>
+        </mat-form-field>
+      </form>
+      <div fxLayout="row" fxLayoutAlign="end center">
+        <button mat-raised-button
+                type="submit"
+                color="primary"
+                [disabled]="(isLoading$ | async) || totpConfigForm.invalid">
+          {{ 'security.2fa.dialog.next' | translate }}
+        </button>
+      </div>
+    </mat-step>
+    <mat-step>
+      <ng-template matStepLabel matStepperIcon="done">{{ 'security.2fa.dialog.activation-step-label' | translate }}</ng-template>
+      <div>
+        <h3 class="result-title" translate>security.2fa.dialog.success</h3>
+        <p class="mat-body result-description" translate>security.2fa.dialog.activation-step-description-totp</p>
+        <div fxLayout="row" fxLayoutAlign="end center">
+          <button mat-raised-button
+                  type="button"
+                  color="primary"
+                  [mat-dialog-close]="true">
+            {{ 'import.stepper-text.done' | translate }}
+          </button>
+        </div>
+      </div>
+    </mat-step>
+  </mat-stepper>
+</div>
diff --git a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/totp-auth-dialog.component.ts b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.ts
similarity index 85%
rename from ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/totp-auth-dialog.component.ts
rename to ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.ts
index 86b596ac2b..52aab77b57 100644
--- a/ui-ngx/src/app/modules/home/pages/profile/authentication-dialog/totp-auth-dialog.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.ts
@@ -28,7 +28,7 @@ import { MatStepper } from '@angular/material/stepper';
 @Component({
   selector: 'tb-totp-auth-dialog',
   templateUrl: './totp-auth-dialog.component.html',
-  styleUrls: ['./totp-auth-dialog.component.scss']
+  styleUrls: ['./authentication-dialog.component.scss']
 })
 export class TotpAuthDialogComponent extends DialogComponent<TotpAuthDialogComponent> {
 
@@ -67,10 +67,17 @@ export class TotpAuthDialogComponent extends DialogComponent<TotpAuthDialogCompo
   }
 
   onSaveConfig() {
-    this.twoFaService.verifyAndSaveTwoFaAccountConfig(this.authAccountConfig,
-                                                      this.totpConfigForm.get('verificationCode').value).subscribe((res) => {
-      this.stepper.next();
-    });
+    if (this.totpConfigForm.valid) {
+      this.twoFaService.verifyAndSaveTwoFaAccountConfig(this.authAccountConfig,
+        this.totpConfigForm.get('verificationCode').value).subscribe(() => {
+          this.stepper.next();
+        });
+    } else {
+      Object.keys(this.totpConfigForm.controls).forEach(field => {
+        const control = this.totpConfigForm.get(field);
+        control.markAsTouched({onlySelf: true});
+      });
+    }
   }
 
   closeDialog() {
diff --git a/ui-ngx/src/app/modules/home/pages/security/security-routing.module.ts b/ui-ngx/src/app/modules/home/pages/security/security-routing.module.ts
new file mode 100644
index 0000000000..430635cd8e
--- /dev/null
+++ b/ui-ngx/src/app/modules/home/pages/security/security-routing.module.ts
@@ -0,0 +1,84 @@
+///
+/// Copyright © 2016-2022 The Thingsboard Authors
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     http://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+///
+
+import { Injectable, NgModule } from '@angular/core';
+import { Resolve, RouterModule, Routes } from '@angular/router';
+
+import { SecurityComponent } from './security.component';
+import { ConfirmOnExitGuard } from '@core/guards/confirm-on-exit.guard';
+import { Authority } from '@shared/models/authority.enum';
+import { User } from '@shared/models/user.model';
+import { Store } from '@ngrx/store';
+import { AppState } from '@core/core.state';
+import { UserService } from '@core/http/user.service';
+import { getCurrentAuthUser } from '@core/auth/auth.selectors';
+import { Observable } from 'rxjs';
+import { TwoFactorAuthProviderType } from '@shared/models/two-factor-auth.models';
+import { TwoFactorAuthenticationService } from '@core/http/two-factor-authentication.service';
+
+@Injectable()
+export class UserProfileResolver implements Resolve<User> {
+
+  constructor(private store: Store<AppState>,
+              private userService: UserService) {
+  }
+
+  resolve(): Observable<User> {
+    const userId = getCurrentAuthUser(this.store).userId;
+    return this.userService.getUser(userId);
+  }
+}
+
+@Injectable()
+export class UserTwoFAProvidersResolver implements Resolve<Array<TwoFactorAuthProviderType>> {
+
+  constructor(private twoFactorAuthService: TwoFactorAuthenticationService) {
+  }
+
+  resolve(): Observable<Array<TwoFactorAuthProviderType>> {
+    return this.twoFactorAuthService.getAvailableTwoFaProviders();
+  }
+}
+
+const routes: Routes = [
+  {
+    path: 'security',
+    component: SecurityComponent,
+    canDeactivate: [ConfirmOnExitGuard],
+    data: {
+      auth: [Authority.SYS_ADMIN, Authority.TENANT_ADMIN, Authority.CUSTOMER_USER],
+      title: 'security.security',
+      breadcrumb: {
+        label: 'security.security',
+        icon: 'lock'
+      }
+    },
+    resolve: {
+      user: UserProfileResolver,
+      providers: UserTwoFAProvidersResolver
+    }
+  }
+];
+
+@NgModule({
+  imports: [RouterModule.forChild(routes)],
+  exports: [RouterModule],
+  providers: [
+    UserProfileResolver,
+    UserTwoFAProvidersResolver
+  ]
+})
+export class SecurityRoutingModule { }
diff --git a/ui-ngx/src/app/modules/home/pages/security/security.component.html b/ui-ngx/src/app/modules/home/pages/security/security.component.html
new file mode 100644
index 0000000000..19d414535e
--- /dev/null
+++ b/ui-ngx/src/app/modules/home/pages/security/security.component.html
@@ -0,0 +1,80 @@
+<!--
+
+    Copyright © 2016-2022 The Thingsboard Authors
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+-->
+<div class="profile-container" fxLayout="column" fxLayoutGap="8px">
+  <mat-card class="profile-card" fxLayout="column">
+    <mat-card-title>
+      <div fxLayout="row" fxLayout.xs="column" fxLayoutGap.xs="8px"
+           fxLayoutAlign="space-between start" fxLayoutAlign.xs="start start">
+        <div fxFlex class="mat-headline" translate>
+          security.security
+        </div>
+        <div fxLayout="column">
+          <span class="mat-subheader" translate>profile.last-login-time</span>
+          <span class="profile-last-login-ts" style='opacity: 0.7;'>{{ user?.additionalInfo?.lastLoginTs | date:'yyyy-MM-dd HH:mm:ss'  }}</span>
+        </div>
+      </div>
+    </mat-card-title>
+    <mat-card-content>
+      <div>
+        <button mat-stroked-button
+                color="primary"
+                type="button"
+                (click)="copyToken()">
+          <mat-icon class="material-icons">add_circle_outline</mat-icon>
+          <span>{{ 'profile.copy-jwt-token' | translate }}</span>
+        </button>
+        <div class="profile-btn-subtext">{{ expirationJwtData }}</div>
+      </div>
+    </mat-card-content>
+  </mat-card>
+  <mat-card class="profile-card" *ngIf="allowTwoFactorProviders.length">
+    <mat-card-title style="margin-bottom: 20px;">
+      <span class="mat-headline" translate>admin.2fa.2fa</span>
+    </mat-card-title>
+    <mat-card-subtitle style="margin-bottom: 40px;">
+      <div class="mat-body-1 description" translate>security.2fa.2fa-description</div>
+    </mat-card-subtitle>
+    <mat-card-content>
+      <h3 class="mat-h3 auth-title" translate>security.2fa.authenticate-with</h3>
+      <form [formGroup]="twoFactorAuth">
+        <fieldset [disabled]="isLoading$ | async">
+          <mat-radio-group formControlName="useByDefault">
+            <ng-container *ngFor="let provider of allowTwoFactorProviders; let $last = last; trackBy: trackByProvider">
+              <div class="provider">
+                <h4 class="provider-title">{{ providersData.get(provider).name | translate }}</h4>
+                <div fxLayout="row" fxLayoutAlign="space-between start">
+                  <div class="mat-body-1 description">
+                    {{ providersData.get(provider).description | translate }}
+                  </div>
+                  <mat-slide-toggle [formControlName]="provider"
+                                    (click)="confirm2FAChange($event, provider)">
+                  </mat-slide-toggle>
+                </div>
+                <mat-radio-button [value]="provider"
+                                  *ngIf="twoFactorAuth.get(provider).value">
+                  <span class="checkbox-label" translate>security.2fa.main-2fa-method</span>
+                </mat-radio-button>
+              </div>
+              <mat-divider *ngIf="!$last"></mat-divider>
+            </ng-container>
+          </mat-radio-group>
+        </fieldset>
+      </form>
+    </mat-card-content>
+  </mat-card>
+</div>
diff --git a/ui-ngx/src/app/modules/home/pages/security/security.component.scss b/ui-ngx/src/app/modules/home/pages/security/security.component.scss
new file mode 100644
index 0000000000..b14b2ebd18
--- /dev/null
+++ b/ui-ngx/src/app/modules/home/pages/security/security.component.scss
@@ -0,0 +1,115 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+@import "../../../../../scss/constants";
+
+:host {
+  .profile-container {
+    padding: 8px;
+  }
+  mat-card.profile-card {
+    @media #{$mat-gt-sm} {
+      width: 70%;
+    }
+    @media #{$mat-gt-md} {
+      width: 50%;
+    }
+    @media #{$mat-gt-xl} {
+      width: 45%;
+    }
+    .title-container {
+      margin: 0;
+    }
+    .profile-email {
+      font-size: 16px;
+      font-weight: 400;
+    }
+    .mat-subheader {
+      line-height: 24px;
+      color: rgba(0,0,0,0.54);
+      font-size: 14px;
+      font-weight: 400;
+    }
+    .profile-last-login-ts {
+      font-size: 16px;
+      font-weight: 400;
+    }
+    .profile-btn-subtext {
+      font: 400 14px / 16px Roboto, "Helvetica Neue", sans-serif;
+      letter-spacing: 0.25px;
+      opacity: 0.6;
+      padding: 8px 0;
+    }
+    .tb-home-dashboard {
+      tb-dashboard-autocomplete {
+        @media #{$mat-gt-sm} {
+          padding-right: 12px;
+        }
+
+        @media #{$mat-lt-md} {
+          padding-bottom: 12px;
+        }
+      }
+      mat-checkbox {
+        @media #{$mat-gt-sm} {
+          margin-top: 16px;
+        }
+      }
+    }
+  }
+
+  .description {
+    color: rgba(0, 0, 0, 0.54);
+    letter-spacing: 0.25px;
+    margin-right: 8px;
+  }
+
+  .auth-title {
+    font-weight: 500;
+    line-height: 20px;
+    letter-spacing: 0.25px;
+    margin: 0;
+  }
+
+  .mat-divider-horizontal {
+    left: 16px;
+    right: 16px;
+    width: auto;
+  }
+
+  .provider {
+    padding: 24px 0;
+
+    .provider-title {
+      font: 400 14px / 16px Roboto, "Helvetica Neue", sans-serif;
+      letter-spacing: 0.25px;
+      margin: 0 0 8px;
+    }
+
+    .description {
+      max-width: 85%;
+    }
+
+    .checkbox-label {
+      font-size: 14px;
+      letter-spacing: 0.25px;
+      opacity: 0.87;
+    }
+
+    .mat-radio-button {
+      margin-top: 8px;
+    }
+  }
+}
diff --git a/ui-ngx/src/app/modules/home/pages/security/security.component.ts b/ui-ngx/src/app/modules/home/pages/security/security.component.ts
new file mode 100644
index 0000000000..d5ded5f4f8
--- /dev/null
+++ b/ui-ngx/src/app/modules/home/pages/security/security.component.ts
@@ -0,0 +1,171 @@
+///
+/// Copyright © 2016-2022 The Thingsboard Authors
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     http://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+///
+
+import { Component, OnInit } from '@angular/core';
+import { User } from '@shared/models/user.model';
+import { PageComponent } from '@shared/components/page.component';
+import { Store } from '@ngrx/store';
+import { AppState } from '@core/core.state';
+import { FormBuilder, FormGroup } from '@angular/forms';
+import { TranslateService } from '@ngx-translate/core';
+import { MatDialog } from '@angular/material/dialog';
+import { DialogService } from '@core/services/dialog.service';
+import { ActivatedRoute } from '@angular/router';
+import { ActionNotificationShow } from '@core/notification/notification.actions';
+import { DatePipe } from '@angular/common';
+import { ClipboardService } from 'ngx-clipboard';
+import { TwoFactorAuthenticationService } from '@core/http/two-factor-authentication.service';
+import {
+  AccountTwoFaSettings,
+  twoFactorAuthProvidersData,
+  TwoFactorAuthProviderType
+} from '@shared/models/two-factor-auth.models';
+import { authenticationDialogMap } from '@home/pages/security/authentication-dialog/authentication-dialog.map';
+
+@Component({
+  selector: 'tb-security',
+  templateUrl: './security.component.html',
+  styleUrls: ['./security.component.scss']
+})
+export class SecurityComponent extends PageComponent implements OnInit {
+
+  twoFactorAuth: FormGroup;
+  user: User;
+  allowTwoFactorProviders: TwoFactorAuthProviderType[] = [];
+  providersData = twoFactorAuthProvidersData;
+
+  get jwtToken(): string {
+    return `Bearer ${localStorage.getItem('jwt_token')}`;
+  }
+
+  get jwtTokenExpiration(): string {
+    return localStorage.getItem('jwt_token_expiration');
+  }
+
+  get expirationJwtData(): string {
+    const expirationData = this.datePipe.transform(this.jwtTokenExpiration, 'yyyy-MM-dd HH:mm:ss');
+    return this.translate.instant('profile.valid-till', { expirationData });
+  }
+
+  constructor(protected store: Store<AppState>,
+              private route: ActivatedRoute,
+              private translate: TranslateService,
+              private twoFaService: TwoFactorAuthenticationService,
+              public dialog: MatDialog,
+              public dialogService: DialogService,
+              public fb: FormBuilder,
+              private datePipe: DatePipe,
+              private clipboardService: ClipboardService) {
+    super(store);
+  }
+
+  ngOnInit() {
+    this.buildTwoFactorForm();
+    this.user = this.route.snapshot.data.user;
+    this.twoFactorLoad(this.route.snapshot.data.providers);
+  }
+
+  private buildTwoFactorForm() {
+    this.twoFactorAuth = this.fb.group({
+      TOTP: [false],
+      SMS: [false],
+      EMAIL: [false],
+      useByDefault: [null]
+    });
+    this.twoFactorAuth.get('useByDefault').valueChanges.subscribe(value => {
+      this.twoFaService.updateTwoFaAccountConfig(value, true, {ignoreLoading: true})
+        .subscribe(data => this.processTwoFactorAuthConfig(data));
+    });
+  }
+
+  private twoFactorLoad(providers: TwoFactorAuthProviderType[]) {
+    if (providers.length) {
+      this.twoFaService.getAccountTwoFaSettings().subscribe(data => this.processTwoFactorAuthConfig(data));
+      Object.values(TwoFactorAuthProviderType).forEach(type => {
+        if (providers.includes(type)) {
+          this.allowTwoFactorProviders.push(type);
+        }
+      });
+    }
+  }
+
+  private processTwoFactorAuthConfig(setting: AccountTwoFaSettings) {
+    const configs = setting.configs;
+    Object.values(TwoFactorAuthProviderType).forEach(provider => {
+      if (configs[provider]) {
+        this.twoFactorAuth.get(provider).setValue(true);
+        if (configs[provider].useByDefault) {
+          this.twoFactorAuth.get('useByDefault').setValue(provider, {emitEvent: false});
+        }
+      } else {
+        this.twoFactorAuth.get(provider).setValue(false);
+      }
+    });
+  }
+
+  trackByProvider(i: number, provider: TwoFactorAuthProviderType) {
+    return provider;
+  }
+
+  copyToken() {
+    if (+this.jwtTokenExpiration < Date.now()) {
+      this.store.dispatch(new ActionNotificationShow({
+        message: this.translate.instant('profile.tokenCopiedWarnMessage'),
+        type: 'warn',
+        duration: 1500,
+        verticalPosition: 'bottom',
+        horizontalPosition: 'right'
+      }));
+    } else {
+      this.clipboardService.copyFromContent(this.jwtToken);
+      this.store.dispatch(new ActionNotificationShow({
+        message: this.translate.instant('profile.tokenCopiedSuccessMessage'),
+        type: 'success',
+        duration: 750,
+        verticalPosition: 'bottom',
+        horizontalPosition: 'right'
+      }));
+    }
+  }
+
+  confirm2FAChange(event: MouseEvent, provider: TwoFactorAuthProviderType) {
+    event.stopPropagation();
+    event.preventDefault();
+    if (this.twoFactorAuth.get(provider).value) {
+      const providerName = this.translate.instant(`security.2fa.provider.${provider.toLowerCase()}`);
+      this.dialogService.confirm(
+        this.translate.instant('security.2fa.disable-2fa-provider-title', {name: providerName}),
+        this.translate.instant('security.2fa.disable-2fa-provider-text', {name: providerName}),
+      ).subscribe(res => {
+        if (res) {
+          this.twoFaService.deleteTwoFaAccountConfig(provider).subscribe(data => this.processTwoFactorAuthConfig(data));
+        }
+      });
+    } else {
+      const dialogData = provider === TwoFactorAuthProviderType.EMAIL ? {email: this.user.email} : {};
+      this.dialog.open(authenticationDialogMap.get(provider), {
+        disableClose: true,
+        panelClass: ['tb-dialog', 'tb-fullscreen-dialog'],
+        data: dialogData
+      }).afterClosed().subscribe(res => {
+        if (res) {
+          this.twoFactorAuth.get(provider).setValue(res);
+          this.twoFactorAuth.get('useByDefault').setValue(provider, {emitEvent: false});
+        }
+      });
+    }
+  }
+}
diff --git a/ui-ngx/src/app/modules/home/pages/security/security.module.ts b/ui-ngx/src/app/modules/home/pages/security/security.module.ts
new file mode 100644
index 0000000000..2df54747a7
--- /dev/null
+++ b/ui-ngx/src/app/modules/home/pages/security/security.module.ts
@@ -0,0 +1,39 @@
+///
+/// Copyright © 2016-2022 The Thingsboard Authors
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     http://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+///
+
+import { NgModule } from '@angular/core';
+import { CommonModule } from '@angular/common';
+import { SecurityComponent } from './security.component';
+import { SharedModule } from '@shared/shared.module';
+import { SecurityRoutingModule } from './security-routing.module';
+import { TotpAuthDialogComponent } from './authentication-dialog/totp-auth-dialog.component';
+import { SMSAuthDialogComponent } from '@home/pages/security/authentication-dialog/sms-auth-dialog.component';
+import { EmailAuthDialogComponent } from '@home/pages/security/authentication-dialog/email-auth-dialog.component';
+
+@NgModule({
+  declarations: [
+    SecurityComponent,
+    TotpAuthDialogComponent,
+    SMSAuthDialogComponent,
+    EmailAuthDialogComponent
+  ],
+  imports: [
+    CommonModule,
+    SharedModule,
+    SecurityRoutingModule
+  ]
+})
+export class SecurityModule { }
diff --git a/ui-ngx/src/app/shared/components/user-menu.component.html b/ui-ngx/src/app/shared/components/user-menu.component.html
index 5dfcebf3f7..ffe9cdc158 100644
--- a/ui-ngx/src/app/shared/components/user-menu.component.html
+++ b/ui-ngx/src/app/shared/components/user-menu.component.html
@@ -32,6 +32,10 @@
         <mat-icon class="material-icons">account_circle</mat-icon>
         <span translate>home.profile</span>
       </button>
+      <button mat-menu-item (click)="openSecurity()">
+        <mat-icon class="material-icons">lock</mat-icon>
+        <span translate>security.security</span>
+      </button>
       <button mat-menu-item (click)="logout()">
         <mat-icon class="material-icons">exit_to_app</mat-icon>
         <span translate>home.logout</span>
diff --git a/ui-ngx/src/app/shared/components/user-menu.component.ts b/ui-ngx/src/app/shared/components/user-menu.component.ts
index 7388876896..00635597bc 100644
--- a/ui-ngx/src/app/shared/components/user-menu.component.ts
+++ b/ui-ngx/src/app/shared/components/user-menu.component.ts
@@ -106,6 +106,10 @@ export class UserMenuComponent implements OnInit, OnDestroy {
     this.router.navigate(['profile']);
   }
 
+  openSecurity(): void {
+    this.router.navigate(['security']);
+  }
+
   logout(): void {
     this.authService.logout();
   }
diff --git a/ui-ngx/src/app/shared/models/two-factor-auth.models.ts b/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
index 57e4e6b409..18bb3e4f20 100644
--- a/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
+++ b/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
@@ -103,20 +103,20 @@ export const twoFactorAuthProvidersData = new Map<TwoFactorAuthProviderType, Two
   [
     [
       TwoFactorAuthProviderType.TOTP, {
-        name: 'Authentication app',
-        description: 'Use apps like Google Authenticator, Authy, or Duo on your phone to authenticate. It will generate a security code for logging in.'
+        name: 'security.2fa.provider.totp',
+        description: 'security.2fa.provider.totp-description'
       }
     ],
     [
       TwoFactorAuthProviderType.SMS, {
-        name: 'SMS',
-        description: 'Use your phone to authenticate. We\'ll send you a security code via SMS message when you log in.'
+        name: 'security.2fa.provider.sms',
+        description: 'security.2fa.provider.sms-description'
       }
     ],
     [
       TwoFactorAuthProviderType.EMAIL, {
-        name: 'Email',
-        description: 'Use a security code sent to your email address to authenticate.'
+        name: 'security.2fa.provider.email',
+        description: 'security.2fa.provider.email-description'
       }
     ],
   ]
diff --git a/ui-ngx/src/assets/locale/locale.constant-en_US.json b/ui-ngx/src/assets/locale/locale.constant-en_US.json
index 28ea3e1f7e..8f56f1c3a0 100644
--- a/ui-ngx/src/assets/locale/locale.constant-en_US.json
+++ b/ui-ngx/src/assets/locale/locale.constant-en_US.json
@@ -123,7 +123,6 @@
         "number-from-required": "Phone Number From is required.",
         "number-to": "Phone Number To",
         "number-to-required": "Phone Number To is required.",
-        "phone-number": "Phone Number",
         "phone-number-hint": "Phone Number in E.164 format, ex. +19995550123",
         "phone-number-hint-twilio": "Phone Number in E.164 format/Phone Number's SID/Messaging Service SID, ex. +19995550123/PNXXX/MGXXX",
         "phone-number-pattern": "Invalid phone number. Should be in E.164 format, ex. +19995550123.",
@@ -314,33 +313,33 @@
             "scheme-korean-graphic-character-set": "14 - Korean Graphic Character Set (KS C 5601/KS X 1001)"
         },
         "2fa":  {
-          "2fa": "Two-factor authentication",
-          "available-providers": "Available providers",
-          "general-setting": "General setting",
-          "issuer-name": "Issuer name",
-          "issuer-name-required": "Issuer name is required.",
-          "max-verification-failures-before-user-lockout": "Max verification failures before user lockout",
-          "max-verification-failures-before-user-lockout-pattern": "Max verification failures must be a positive integer.",
-          "max-verification-failures-before-user-lockout-required": "Max verification failures is required.",
-          "number-of-attempts": "Number of attempts",
-          "number-of-attempts-pattern": "Number of attempts must be a positive integer.",
-          "number-of-attempts-required": "Number of attempts is required.",
-          "provider": "Provider",
-          "total-allowed-time-for-verification": "Total allowed time for verification (sec)",
-          "total-allowed-time-for-verification-pattern": "Total allowed time must be a positive integer.",
-          "total-allowed-time-for-verification-required": "Total allowed time is required.",
-          "use-system-two-factor-auth-settings": "Use system two factor auth settings",
-          "verification-code-check-rate-limit": "Verification code check rate limit",
-          "verification-code-lifetime": "Verification code lifetime (sec)",
-          "verification-code-lifetime-pattern": "Verification code lifetime must be a positive integer.",
-          "verification-code-lifetime-required": "Verification code lifetime is required.",
-          "verification-code-send-rate-limit": "Verification code send rate limit",
-          "verification-message-template": "Verification message template",
-          "verification-message-template-pattern": "Verification message need to contains pattern: ${verificationCode}",
-          "verification-message-template-required": "Verification message template is required.",
-          "within-time": "Within time (sec)",
-          "within-time-pattern": "Time must be a positive integer.",
-          "within-time-required": "Time is required."
+            "2fa": "Two-factor authentication",
+            "available-providers": "Available providers",
+            "general-setting": "General setting",
+            "issuer-name": "Issuer name",
+            "issuer-name-required": "Issuer name is required.",
+            "max-verification-failures-before-user-lockout": "Max verification failures before user lockout",
+            "max-verification-failures-before-user-lockout-pattern": "Max verification failures must be a positive integer.",
+            "max-verification-failures-before-user-lockout-required": "Max verification failures is required.",
+            "number-of-attempts": "Number of attempts",
+            "number-of-attempts-pattern": "Number of attempts must be a positive integer.",
+            "number-of-attempts-required": "Number of attempts is required.",
+            "provider": "Provider",
+            "total-allowed-time-for-verification": "Total allowed time for verification (sec)",
+            "total-allowed-time-for-verification-pattern": "Total allowed time must be a positive integer.",
+            "total-allowed-time-for-verification-required": "Total allowed time is required.",
+            "use-system-two-factor-auth-settings": "Use system two factor auth settings",
+            "verification-code-check-rate-limit": "Verification code check rate limit",
+            "verification-code-lifetime": "Verification code lifetime (sec)",
+            "verification-code-lifetime-pattern": "Verification code lifetime must be a positive integer.",
+            "verification-code-lifetime-required": "Verification code lifetime is required.",
+            "verification-code-send-rate-limit": "Verification code send rate limit",
+            "verification-message-template": "Verification message template",
+            "verification-message-template-pattern": "Verification message need to contains pattern: ${verificationCode}",
+            "verification-message-template-required": "Verification message template is required.",
+            "within-time": "Within time (sec)",
+            "within-time-pattern": "Time must be a positive integer.",
+            "within-time-required": "Time is required."
         }
       },
     "alarm": {
@@ -2564,6 +2563,51 @@
         "tokenCopiedSuccessMessage": "JWT token has been copied to clipboard",
         "tokenCopiedWarnMessage": "JWT token is expired! Please, refresh the page."
     },
+    "security": {
+        "security": "Security",
+        "2fa": {
+            "2fa": "Two-factor authentication",
+            "2fa-description": "Two-factor authentication protects your account from unauthorized access. All you have to do is enter a security code when you log in.",
+            "authenticate-with": "You can authenticate with:",
+            "disable-2fa-provider-text": "Disabling {{name}} will make your account less secure",
+            "disable-2fa-provider-title": "Are you sure you want to disable {{name}}?",
+            "main-2fa-method": "Use as main two-factor authentication method",
+            "dialog": {
+                "activate": "Activate",
+                "activation-step-description-email": "The next time you login in, you will be prompted to enter the security code that will be sent to your email address.",
+                "activation-step-description-sms": "The next time you login in, you will be prompted to enter the security code that will be sent to the phone number.",
+                "activation-step-description-totp": "The next time you login in, you will need to provide a two-factor authentication code.",
+                "activation-step-label": "Activation",
+                "email-step-description": "Enter an email to use as your authenticator.",
+                "email-step-label": "Email",
+                "enable-email-title": "Enable email authenticator",
+                "enable-sms-title": "Enable SMS authenticator",
+                "enable-totp-title": "Enable authenticator app",
+                "enter-verification-code": "Enter the 6-digit code here",
+                "next": "Next",
+                "scan-qr-code": "Scan this QR code with your verification app",
+                "send-code": "Send code",
+                "sms-step-description": "Enter a phone number to use as your authenticator.",
+                "sms-step-label": "Phone Number",
+                "success": "Success!",
+                "totp-step-description-install": "You can install apps like Google Authenticator, Authy, or Duo.",
+                "totp-step-description-open": "Open the authenticator app on your mobile phone.",
+                "totp-step-label": "Get app",
+                "verification-code": "6-digit code",
+                "verification-code-invalid": "Invalid verification code format",
+                "verification-step-description": "Enter a 6-digit code we just sent to {{address}}",
+                "verification-step-label": "Verification"
+            },
+            "provider": {
+                "email": "Email",
+                "email-description": "Use a security code sent to your email address to authenticate.",
+                "sms": "SMS",
+                "sms-description": "Use your phone to authenticate. We'll send you a security code via SMS message when you log in.",
+                "totp": "Authentication app",
+                "totp-description": "Use apps like Google Authenticator, Authy, or Duo on your phone to authenticate. It will generate a security code for logging in."
+            }
+        }
+    },
     "relation": {
         "relations": "Relations",
         "direction": "Direction",

From bd43ebc2044fdc2b868d9ade8cd5063106e53f1d Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Tue, 17 May 2022 18:06:35 +0300
Subject: [PATCH 36/92] UI: Refactoring sysadmin Two-factor authentication page

---
 .../two-factor-auth-settings.component.html   | 14 +++++-----
 .../two-factor-auth-settings.component.ts     | 26 ++++++++++++++-----
 .../assets/locale/locale.constant-en_US.json  |  9 ++++---
 3 files changed, 33 insertions(+), 16 deletions(-)

diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
index bcc5a695e2..656f6d7c3b 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
@@ -64,14 +64,14 @@
               <div class="input-row" fxLayout="row" fxLayout.sm="column" fxLayoutGap="8px"
                    *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitEnable').value">
                 <mat-form-field fxFlex class="mat-block">
-                  <mat-label translate>admin.2fa.number-of-attempts</mat-label>
+                  <mat-label translate>admin.2fa.number-of-send-attempts</mat-label>
                   <input matInput formControlName="verificationCodeSendRateLimitNumber" type="number" step="1" min="1" required>
                   <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitNumber').hasError('required')">
-                    {{ 'admin.2fa.number-of-attempts-required' | translate }}
+                    {{ 'admin.2fa.number-of-send-attempts-required' | translate }}
                   </mat-error>
                   <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitNumber').hasError('pattern')
                     || twoFaFormGroup.get('verificationCodeSendRateLimitNumber').hasError('min')">
-                    {{ 'admin.2fa.number-of-attempts-pattern' | translate }}
+                    {{ 'admin.2fa.number-of-send-attempts-pattern' | translate }}
                   </mat-error>
                 </mat-form-field>
                 <mat-form-field fxFlex class="mat-block">
@@ -92,14 +92,14 @@
               <div class="input-row" fxLayout="row" fxLayout.sm="column" fxLayoutGap="8px"
                    *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitEnable').value">
                 <mat-form-field fxFlex class="mat-block">
-                  <mat-label translate>admin.2fa.number-of-attempts</mat-label>
+                  <mat-label translate>admin.2fa.number-of-checking-attempts</mat-label>
                   <input matInput formControlName="verificationCodeCheckRateLimitNumber" required type="number" step="1" min="1">
                   <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitNumber').hasError('required')">
-                    {{ 'admin.2fa.number-of-attempts-required' | translate }}
+                    {{ 'admin.2fa.number-of-checking-attempts-required' | translate }}
                   </mat-error>
                   <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitNumber').hasError('pattern')
                     || twoFaFormGroup.get('verificationCodeCheckRateLimitNumber').hasError('min')">
-                    {{ 'admin.2fa.number-of-attempts-pattern' | translate }}
+                    {{ 'admin.2fa.number-of-checking-attempts-pattern' | translate }}
                   </mat-error>
                 </mat-form-field>
                 <mat-form-field fxFlex class="mat-block">
@@ -122,7 +122,7 @@
                   <mat-expansion-panel-header>
                     <mat-panel-title fxLayoutAlign="start center">
                       <mat-slide-toggle
-                        (click)="toggleProviders($event)"
+                        (click)="toggleProviders($event, i)"
                         formControlName="enable">
                       </mat-slide-toggle>
                       {{ provider.value.providerType }}
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
index b23576f549..c866612049 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
@@ -14,7 +14,7 @@
 /// limitations under the License.
 ///
 
-import { Component, OnDestroy, OnInit } from '@angular/core';
+import { Component, OnDestroy, OnInit, QueryList, ViewChild, ViewChildren } from '@angular/core';
 import { PageComponent } from '@shared/components/page.component';
 import { HasConfirmForm } from '@core/guards/confirm-on-exit.guard';
 import { Store } from '@ngrx/store';
@@ -29,6 +29,8 @@ import {
 import { deepClone, isNotEmptyStr } from '@core/utils';
 import { Subject } from 'rxjs';
 import { takeUntil } from 'rxjs/operators';
+import { MatStepper } from '@angular/material/stepper';
+import { MatExpansionPanel } from '@angular/material/expansion';
 
 @Component({
   selector: 'tb-2fa-settings',
@@ -42,6 +44,8 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
   twoFaFormGroup: FormGroup;
   twoFactorAuthProviderType = TwoFactorAuthProviderType;
 
+  @ViewChildren(MatExpansionPanel) expansionPanel: QueryList<MatExpansionPanel>;
+
   constructor(protected store: Store<AppState>,
               private twoFaService: TwoFactorAuthenticationService,
               private fb: FormBuilder) {
@@ -87,10 +91,15 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
     }
   }
 
-  toggleProviders($event: Event): void {
+  toggleProviders($event: Event, i: number): void {
     if ($event) {
       $event.stopPropagation();
     }
+    if (this.providersForm.at(i).get('enable').value) {
+      this.getByIndexPanel(i).close();
+    } else {
+      this.getByIndexPanel(i).open();
+    }
   }
 
   trackByElement(i: number, item: any) {
@@ -162,10 +171,11 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
       verificationCodeSendRateLimitTime: sendRateLimitTime || 60,
       providers: []
     });
-    Object.values(TwoFactorAuthProviderType).forEach(provider => {
-      const index = allowProvidersConfig.indexOf(provider);
-      if (index > -1) {
-        processFormValue.providers.push(Object.assign(settings.providers[index], {enable: true}));
+    Object.values(TwoFactorAuthProviderType).forEach((provider, index) => {
+      const findIndex = allowProvidersConfig.indexOf(provider);
+      if (findIndex > -1) {
+        processFormValue.providers.push(Object.assign(settings.providers[findIndex], {enable: true}));
+        this.getByIndexPanel(index).open();
       } else {
         processFormValue.providers.push({enable: false});
       }
@@ -216,6 +226,10 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
     this.providersForm.push(newProviders);
   }
 
+  private getByIndexPanel(index: number) {
+    return this.expansionPanel.find((_, i) => i === index);
+  }
+
   private splitRateLimit(setting: string): [number, number] {
     if (isNotEmptyStr(setting)) {
       const [attemptNumber, time] = setting.split(':');
diff --git a/ui-ngx/src/assets/locale/locale.constant-en_US.json b/ui-ngx/src/assets/locale/locale.constant-en_US.json
index 8f56f1c3a0..80064c88f9 100644
--- a/ui-ngx/src/assets/locale/locale.constant-en_US.json
+++ b/ui-ngx/src/assets/locale/locale.constant-en_US.json
@@ -321,9 +321,12 @@
             "max-verification-failures-before-user-lockout": "Max verification failures before user lockout",
             "max-verification-failures-before-user-lockout-pattern": "Max verification failures must be a positive integer.",
             "max-verification-failures-before-user-lockout-required": "Max verification failures is required.",
-            "number-of-attempts": "Number of attempts",
-            "number-of-attempts-pattern": "Number of attempts must be a positive integer.",
-            "number-of-attempts-required": "Number of attempts is required.",
+            "number-of-checking-attempts": "Number of checking attempts",
+            "number-of-checking-attempts-pattern": "Number of checking attempts must be a positive integer.",
+            "number-of-checking-attempts-required": "Number of checking attempts is required.",
+            "number-of-send-attempts": "Number of send attempts",
+            "number-of-send-attempts-pattern": "Number of send attempts must be a positive integer.",
+            "number-of-send-attempts-required": "Number of send attempts is required.",
             "provider": "Provider",
             "total-allowed-time-for-verification": "Total allowed time for verification (sec)",
             "total-allowed-time-for-verification-pattern": "Total allowed time must be a positive integer.",

From 41fede9b439ffb816d640a29eeeb73f23ee3b4b6 Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Tue, 17 May 2022 18:31:49 +0300
Subject: [PATCH 37/92] Add checks for SMS and mail service when setting up 2FA
 provider; 2Fa verification mail template

---
 application/pom.xml                           |  12 --
 .../controller/TwoFaConfigController.java     |  23 ---
 .../controller/TwoFactorAuthController.java   |  32 ++++-
 .../service/mail/DefaultMailService.java      |  22 ++-
 .../auth/mfa/DefaultTwoFactorAuthService.java |   5 +
 .../auth/mfa/TwoFactorAuthService.java        |   2 +
 .../mfa/config/DefaultTwoFaConfigManager.java |  11 +-
 .../auth/mfa/config/TwoFaConfigManager.java   |   3 +-
 .../auth/mfa/provider/TwoFaProvider.java      |   3 +
 .../mfa/provider/impl/EmailTwoFaProvider.java |   9 ++
 .../mfa/provider/impl/SmsTwoFaProvider.java   |   9 ++
 .../server/service/sms/DefaultSmsService.java |   6 +-
 .../main/resources/i18n/messages.properties   |   3 +-
 .../templates/2fa.verification.code.ftl       | 135 ++++++++++++++++++
 .../controller/TwoFactorAuthConfigTest.java   |   4 +-
 .../server/controller/TwoFactorAuthTest.java  |   5 +-
 .../server/common/data/StringUtils.java       |  18 +++
 .../dao/model/sql/UserAuthSettingsEntity.java |   2 +-
 .../rule/engine/api/MailService.java          |   2 +
 .../rule/engine/api/SmsService.java           |   2 +
 20 files changed, 255 insertions(+), 53 deletions(-)
 create mode 100644 application/src/main/resources/templates/2fa.verification.code.ftl

diff --git a/application/pom.xml b/application/pom.xml
index 1163629012..8093bf6eb2 100644
--- a/application/pom.xml
+++ b/application/pom.xml
@@ -345,18 +345,6 @@
             <groupId>org.jboss.aerogear</groupId>
             <artifactId>aerogear-otp-java</artifactId>
         </dependency>
-        <!-- TMP -->
-        <dependency>
-            <groupId>com.google.zxing</groupId>
-            <artifactId>core</artifactId>
-            <version>3.3.0</version>
-        </dependency>
-        <dependency>
-            <groupId>com.google.zxing</groupId>
-            <artifactId>javase</artifactId>
-            <version>3.3.0</version>
-        </dependency>
-        <!-- TMP -->
     </dependencies>
 
     <build>
diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
index d974189bab..907618c26f 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
@@ -15,10 +15,6 @@
  */
 package org.thingsboard.server.controller;
 
-import com.google.zxing.BarcodeFormat;
-import com.google.zxing.client.j2se.MatrixToImageWriter;
-import com.google.zxing.common.BitMatrix;
-import com.google.zxing.qrcode.QRCodeWriter;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
 import lombok.Data;
@@ -32,11 +28,9 @@ import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
-import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.security.model.mfa.PlatformTwoFaSettings;
 import org.thingsboard.server.common.data.security.model.mfa.account.AccountTwoFaSettings;
-import org.thingsboard.server.common.data.security.model.mfa.account.TotpTwoFaAccountConfig;
 import org.thingsboard.server.common.data.security.model.mfa.account.TwoFaAccountConfig;
 import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderConfig;
 import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
@@ -45,8 +39,6 @@ import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFaConfigManager;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletResponse;
 import javax.validation.Valid;
 import java.util.Collections;
 import java.util.List;
@@ -113,21 +105,6 @@ public class TwoFaConfigController extends BaseController {
         return twoFactorAuthService.generateNewAccountConfig(user, providerType);
     }
 
-    /* TMP */
-    @PostMapping("/account/config/tmp/generate/qr")
-    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
-    public void generateTwoFaAccountConfigWithQr(@RequestParam TwoFaProviderType providerType, HttpServletResponse response) throws Exception {
-        TwoFaAccountConfig config = generateTwoFaAccountConfig(providerType);
-        if (providerType == TwoFaProviderType.TOTP) {
-            BitMatrix qr = new QRCodeWriter().encode(((TotpTwoFaAccountConfig) config).getAuthUrl(), BarcodeFormat.QR_CODE, 200, 200);
-            try (ServletOutputStream outputStream = response.getOutputStream()) {
-                MatrixToImageWriter.writeToStream(qr, "PNG", outputStream);
-            }
-        }
-        response.setHeader("config", JacksonUtil.toString(config));
-    }
-    /* TMP */
-
     @ApiOperation(value = "Submit 2FA account config (submitTwoFaAccountConfig)",
             notes = "Submit 2FA account config to prepare for a future verification. " +
                     "Basically, this method will send a verification code for a given account config, if this has " +
diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
index a43a73896e..ea120ce432 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@@ -27,9 +27,12 @@ import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
+import org.thingsboard.server.common.data.StringUtils;
 import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.security.model.mfa.account.EmailTwoFaAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.account.SmsTwoFaAccountConfig;
 import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
@@ -104,9 +107,9 @@ public class TwoFactorAuthController extends BaseController {
     @ApiOperation(value = "Get available 2FA providers (getAvailableTwoFaProviders)", notes =
             "Get the list of 2FA provider infos available for user to use. Example:\n" +
                     "```\n[\n" +
-                    "  {\n    \"type\": \"EMAIL\",\n    \"default\": true\n  },\n" +
-                    "  {\n    \"type\": \"TOTP\",\n    \"default\": false\n  },\n" +
-                    "  {\n    \"type\": \"SMS\",\n    \"default\": false\n  }\n" +
+                    "  {\n    \"type\": \"EMAIL\",\n    \"default\": true,\n    \"contact\": \"ab*****ko@gmail.com\"\n  },\n" +
+                    "  {\n    \"type\": \"TOTP\",\n    \"default\": false,\n    \"contact\": null\n  },\n" +
+                    "  {\n    \"type\": \"SMS\",\n    \"default\": false,\n    \"contact\": \"+38********12\"\n  }\n" +
                     "]\n```")
     @GetMapping("/providers")
     @PreAuthorize("hasAuthority('PRE_VERIFICATION_TOKEN')")
@@ -114,10 +117,24 @@ public class TwoFactorAuthController extends BaseController {
         SecurityUser user = getCurrentUser();
         return twoFaConfigManager.getAccountTwoFaSettings(user.getTenantId(), user.getId())
                 .map(settings -> settings.getConfigs().values()).orElse(Collections.emptyList())
-                .stream().map(config -> TwoFaProviderInfo.builder()
-                        .type(config.getProviderType())
-                        .isDefault(config.isUseByDefault())
-                        .build())
+                .stream().map(config -> {
+                    String contact = null;
+                    switch (config.getProviderType()) {
+                        case SMS:
+                            String phoneNumber = ((SmsTwoFaAccountConfig) config).getPhoneNumber();
+                            contact = StringUtils.obfuscate(phoneNumber, 2, '*', phoneNumber.indexOf('+') + 1, phoneNumber.length());
+                            break;
+                        case EMAIL:
+                            String email = ((EmailTwoFaAccountConfig) config).getEmail();
+                            contact = StringUtils.obfuscate(email, 2, '*', 0, email.indexOf('@'));
+                            break;
+                    }
+                    return TwoFaProviderInfo.builder()
+                            .type(config.getProviderType())
+                            .isDefault(config.isUseByDefault())
+                            .contact(contact)
+                            .build();
+                })
                 .collect(Collectors.toList());
     }
 
@@ -127,6 +144,7 @@ public class TwoFactorAuthController extends BaseController {
     public static class TwoFaProviderInfo {
         private TwoFaProviderType type;
         private boolean isDefault;
+        private String contact;
     }
 
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java b/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java
index c6ae0c70e4..fdb1b579e9 100644
--- a/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java
+++ b/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java
@@ -47,6 +47,7 @@ import org.thingsboard.server.queue.usagestats.TbApiUsageClient;
 import org.thingsboard.server.service.apiusage.TbApiUsageStateService;
 
 import javax.annotation.PostConstruct;
+import javax.mail.MessagingException;
 import javax.mail.internet.MimeMessage;
 import java.io.ByteArrayInputStream;
 import java.util.HashMap;
@@ -100,7 +101,17 @@ public class DefaultMailService implements MailService {
             mailSender = createMailSender(jsonConfig);
             mailFrom = jsonConfig.get("mailFrom").asText();
         } else {
-            throw new IncorrectParameterException("Failed to date mail configuration. Settings not found!");
+            throw new IncorrectParameterException("Failed to update mail configuration. Settings not found!");
+        }
+    }
+
+    @Override
+    public boolean isConfigured(TenantId tenantId) {
+        try {
+            mailSender.testConnection();
+            return true;
+        } catch (MessagingException e) {
+            return false;
         }
     }
 
@@ -311,9 +322,12 @@ public class DefaultMailService implements MailService {
     }
 
     @Override
-    public void sendTwoFaVerificationEmail(String email, String verificationCode) throws ThingsboardException { // TODO [viacheslav]: mail template
-        String subject = "ThingsBoard two-factor authentication";
-        String message = "Your 2FA verification code: " + verificationCode;
+    public void sendTwoFaVerificationEmail(String email, String verificationCode) throws ThingsboardException {
+        String subject = messages.getMessage("2fa.verification.code.subject", null, Locale.US);
+        String message = mergeTemplateIntoString("2fa.verification.code.ftl", Map.of(
+                TARGET_EMAIL, email,
+                "verificationCode", verificationCode
+        ));
 
         sendMail(mailSender, mailFrom, email, subject, message);
     }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
index fd4f16ccdb..c3ab2c6650 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
@@ -68,6 +68,11 @@ public class DefaultTwoFactorAuthService implements TwoFactorAuthService {
                 .orElse(false);
     }
 
+    @Override
+    public void checkProvider(TenantId tenantId, TwoFaProviderType providerType) throws ThingsboardException {
+        getTwoFaProvider(providerType).check(tenantId);
+    }
+
 
     @Override
     public void prepareVerificationCode(SecurityUser user, TwoFaProviderType providerType, boolean checkLimits) throws Exception {
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
index b959f94acb..aabda27ec7 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/TwoFactorAuthService.java
@@ -27,6 +27,8 @@ public interface TwoFactorAuthService {
 
     boolean isTwoFaEnabled(TenantId tenantId, UserId userId);
 
+    void checkProvider(TenantId tenantId, TwoFaProviderType providerType) throws ThingsboardException;
+
 
     void prepareVerificationCode(SecurityUser user, TwoFaProviderType providerType, boolean checkLimits) throws Exception;
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java
index a1c56e4cd7..8227a3596a 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java
@@ -17,10 +17,13 @@ package org.thingsboard.server.service.security.auth.mfa.config;
 
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Service;
 import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.server.common.data.AdminSettings;
 import org.thingsboard.server.common.data.DataConstants;
+import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.kv.BaseAttributeKvEntry;
@@ -36,6 +39,7 @@ import org.thingsboard.server.dao.service.ConstraintValidator;
 import org.thingsboard.server.dao.settings.AdminSettingsDao;
 import org.thingsboard.server.dao.settings.AdminSettingsService;
 import org.thingsboard.server.dao.user.UserAuthSettingsDao;
+import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
 
 import java.util.Collections;
 import java.util.Comparator;
@@ -51,6 +55,8 @@ public class DefaultTwoFaConfigManager implements TwoFaConfigManager {
     private final AdminSettingsService adminSettingsService;
     private final AdminSettingsDao adminSettingsDao;
     private final AttributesService attributesService;
+    @Autowired @Lazy
+    private TwoFactorAuthService twoFactorAuthService;
 
     protected static final String TWO_FACTOR_AUTH_SETTINGS_KEY = "twoFaSettings";
 
@@ -147,10 +153,13 @@ public class DefaultTwoFaConfigManager implements TwoFaConfigManager {
 
     @SneakyThrows({InterruptedException.class, ExecutionException.class})
     @Override
-    public void savePlatformTwoFaSettings(TenantId tenantId, PlatformTwoFaSettings twoFactorAuthSettings) {
+    public void savePlatformTwoFaSettings(TenantId tenantId, PlatformTwoFaSettings twoFactorAuthSettings) throws ThingsboardException {
         if (tenantId.equals(TenantId.SYS_TENANT_ID) || !twoFactorAuthSettings.isUseSystemTwoFactorAuthSettings()) {
             ConstraintValidator.validateFields(twoFactorAuthSettings);
         }
+        for (TwoFaProviderConfig providerConfig : twoFactorAuthSettings.getProviders()) {
+            twoFactorAuthService.checkProvider(tenantId, providerConfig.getProviderType());
+        }
         if (tenantId.equals(TenantId.SYS_TENANT_ID)) {
             AdminSettings settings = Optional.ofNullable(adminSettingsService.findAdminSettingsByKey(tenantId, TWO_FACTOR_AUTH_SETTINGS_KEY))
                     .orElseGet(() -> {
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFaConfigManager.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFaConfigManager.java
index 212c4697bf..0fe33b7757 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFaConfigManager.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFaConfigManager.java
@@ -15,6 +15,7 @@
  */
 package org.thingsboard.server.service.security.auth.mfa.config;
 
+import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.security.model.mfa.PlatformTwoFaSettings;
@@ -38,7 +39,7 @@ public interface TwoFaConfigManager {
 
     Optional<PlatformTwoFaSettings> getPlatformTwoFaSettings(TenantId tenantId, boolean sysadminSettingsAsDefault);
 
-    void savePlatformTwoFaSettings(TenantId tenantId, PlatformTwoFaSettings twoFactorAuthSettings);
+    void savePlatformTwoFaSettings(TenantId tenantId, PlatformTwoFaSettings twoFactorAuthSettings) throws ThingsboardException;
 
     void deletePlatformTwoFaSettings(TenantId tenantId);
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFaProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFaProvider.java
index e5c278942b..19cc106657 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFaProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFaProvider.java
@@ -17,6 +17,7 @@ package org.thingsboard.server.service.security.auth.mfa.provider;
 
 import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.security.model.mfa.account.TwoFaAccountConfig;
 import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderConfig;
 import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
@@ -30,6 +31,8 @@ public interface TwoFaProvider<C extends TwoFaProviderConfig, A extends TwoFaAcc
 
     boolean checkVerificationCode(SecurityUser user, String verificationCode, C providerConfig, A accountConfig);
 
+    default void check(TenantId tenantId) throws ThingsboardException {};
+
 
     TwoFaProviderType getType();
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFaProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFaProvider.java
index 984292668c..39af5038ef 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFaProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFaProvider.java
@@ -19,7 +19,9 @@ import org.springframework.cache.CacheManager;
 import org.springframework.stereotype.Service;
 import org.thingsboard.rule.engine.api.MailService;
 import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.security.model.mfa.account.EmailTwoFaAccountConfig;
 import org.thingsboard.server.common.data.security.model.mfa.provider.EmailTwoFaProviderConfig;
 import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
@@ -44,6 +46,13 @@ public class EmailTwoFaProvider extends OtpBasedTwoFaProvider<EmailTwoFaProvider
         return config;
     }
 
+    @Override
+    public void check(TenantId tenantId) throws ThingsboardException {
+        if (!mailService.isConfigured(tenantId)) {
+            throw new ThingsboardException("Mail service is not set up", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
+        }
+    }
+
     @Override
     protected void sendVerificationCode(SecurityUser user, String verificationCode, EmailTwoFaProviderConfig providerConfig, EmailTwoFaAccountConfig accountConfig) throws ThingsboardException {
         mailService.sendTwoFaVerificationEmail(accountConfig.getEmail(), verificationCode);
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFaProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFaProvider.java
index 9ab8bb40ec..ef06b7add4 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFaProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFaProvider.java
@@ -20,7 +20,9 @@ import org.springframework.stereotype.Service;
 import org.thingsboard.rule.engine.api.SmsService;
 import org.thingsboard.rule.engine.api.util.TbNodeUtils;
 import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.security.model.mfa.account.SmsTwoFaAccountConfig;
 import org.thingsboard.server.common.data.security.model.mfa.provider.SmsTwoFaProviderConfig;
 import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
@@ -58,6 +60,13 @@ public class SmsTwoFaProvider extends OtpBasedTwoFaProvider<SmsTwoFaProviderConf
         smsService.sendSms(user.getTenantId(), user.getCustomerId(), new String[]{phoneNumber}, message);
     }
 
+    @Override
+    public void check(TenantId tenantId) throws ThingsboardException {
+        if (!smsService.isConfigured(tenantId)) {
+            throw new ThingsboardException("SMS service in not configured", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
+        }
+    }
+
 
     @Override
     public TwoFaProviderType getType() {
diff --git a/application/src/main/java/org/thingsboard/server/service/sms/DefaultSmsService.java b/application/src/main/java/org/thingsboard/server/service/sms/DefaultSmsService.java
index fe7dd4e0cd..ce22b0bd4b 100644
--- a/application/src/main/java/org/thingsboard/server/service/sms/DefaultSmsService.java
+++ b/application/src/main/java/org/thingsboard/server/service/sms/DefaultSmsService.java
@@ -29,7 +29,6 @@ import org.thingsboard.server.common.data.AdminSettings;
 import org.thingsboard.server.common.data.ApiUsageRecordKey;
 import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
-import org.thingsboard.server.common.data.id.EntityId;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.dao.settings.AdminSettingsService;
 import org.thingsboard.common.util.JacksonUtil;
@@ -87,6 +86,11 @@ public class DefaultSmsService implements SmsService {
         }
     }
 
+    @Override
+    public boolean isConfigured(TenantId tenantId) {
+        return smsSender != null;
+    }
+
     private int sendSms(String numberTo, String message) throws ThingsboardException {
         if (this.smsSender == null) {
             throw new ThingsboardException("Unable to send SMS: no SMS provider configured!", ThingsboardErrorCode.GENERAL);
diff --git a/application/src/main/resources/i18n/messages.properties b/application/src/main/resources/i18n/messages.properties
index bdbd64384b..678e4d4635 100644
--- a/application/src/main/resources/i18n/messages.properties
+++ b/application/src/main/resources/i18n/messages.properties
@@ -4,4 +4,5 @@ account.activated.subject=Thingsboard - your account has been activated
 reset.password.subject=Thingsboard - Password reset has been requested
 password.was.reset.subject=Thingsboard - your account password has been reset
 account.lockout.subject=Thingsboard - User account has been lockout
-api.usage.state=Thingsboard - Account limits
\ No newline at end of file
+api.usage.state=Thingsboard - Account limits
+2fa.verification.code.subject=ThingsBoard - 2FA verification code
diff --git a/application/src/main/resources/templates/2fa.verification.code.ftl b/application/src/main/resources/templates/2fa.verification.code.ftl
new file mode 100644
index 0000000000..2b205ecb5d
--- /dev/null
+++ b/application/src/main/resources/templates/2fa.verification.code.ftl
@@ -0,0 +1,135 @@
+<#--
+
+    Copyright © 2016-2022 The Thingsboard Authors
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+-->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"
+      style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
+<head>
+    <meta name="viewport" content="width=device-width"/>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+    <title>Thingsboard - Api Usage State</title>
+
+
+    <style type="text/css">
+        img {
+            max-width: 100%;
+        }
+
+        body {
+            -webkit-font-smoothing: antialiased;
+            -webkit-text-size-adjust: none;
+            width: 100% !important;
+            height: 100%;
+            line-height: 1.6em;
+        }
+
+        body {
+            background-color: #f6f6f6;
+        }
+
+        @media only screen and (max-width: 640px) {
+            body {
+                padding: 0 !important;
+            }
+
+            h1 {
+                font-weight: 800 !important;
+                margin: 20px 0 5px !important;
+            }
+
+            h2 {
+                font-weight: 800 !important;
+                margin: 20px 0 5px !important;
+            }
+
+            h3 {
+                font-weight: 800 !important;
+                margin: 20px 0 5px !important;
+            }
+
+            h4 {
+                font-weight: 800 !important;
+                margin: 20px 0 5px !important;
+            }
+
+            h1 {
+                font-size: 22px !important;
+            }
+
+            h2 {
+                font-size: 18px !important;
+            }
+
+            h3 {
+                font-size: 16px !important;
+            }
+
+            .container {
+                padding: 0 !important;
+                width: 100% !important;
+            }
+
+            .content {
+                padding: 0 !important;
+            }
+
+            .content-wrap {
+                padding: 10px !important;
+            }
+
+            .invoice {
+                width: 100% !important;
+            }
+        }
+    </style>
+</head>
+
+<body itemscope itemtype="http://schema.org/EmailMessage"
+      style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; width: 100% !important; height: 100%; line-height: 1.6em; background-color: #f6f6f6; margin: 0;"
+      bgcolor="#f6f6f6">
+
+<table class="main" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; box-sizing: border-box; border-radius: 3px; width: 100%; background-color: #f6f6f6; margin: 0px auto;" cellspacing="0" cellpadding="0" bgcolor="#f6f6f6">
+    <tbody>
+    <tr style="box-sizing: border-box; margin: 0px;">
+        <td class="content-wrap" style="box-sizing: border-box; vertical-align: top; margin: 0px; padding: 20px;" align="center" valign="top">
+            <table style="box-sizing: border-box; border: 1px solid #e9e9e9; border-radius: 3px; margin: 0px; height: 310px; background-color: #ffffff; width: 600px; max-width: 600px !important;" width="600" cellspacing="0" cellpadding="0">
+                <tbody>
+                <tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
+                    <td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; color: #348eda; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0px; padding: 0px; height: 110px;" valign="top"><img src="https://media.thingsboard.io/email/head.png" alt="" width="598" height="91" /></td>
+                </tr>
+                <tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 16px; margin: 0;">
+                    <td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; color: #000000; box-sizing: border-box; font-size: 16px; margin: 0px; padding: 0px 32px; height: 66px; vertical-align: middle;" valign="middle">Your 2FA verification code: <strong>${verificationCode}</strong></td>
+                </tr>
+                <tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
+                    <td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0px; padding: 0px 32px; height: 40px;" valign="top">&mdash; The ThingsBoard</td>
+                </tr>
+                </tbody>
+            </table>
+        </td>
+    </tr>
+    </tbody>
+</table>
+<table style="color: #999999; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; box-sizing: border-box; margin: 0px auto; height: 64px; background-color: #f6f6f6; width: 100%;" cellpadding="0px 0px 20px">
+    <tbody>
+    <tr style="box-sizing: border-box; margin: 0px;">
+        <td class="aligncenter content-block" style="box-sizing: border-box; font-size: 12px; margin: 0px; padding: 0px 0px 20px; width: 600px; text-align: center; vertical-align: middle;" align="center" valign="top">This email was sent to&nbsp;<a style="box-sizing: border-box; color: #999999; margin: 0px;" href="mailto:${targetEmail}">${targetEmail}</a>&nbsp;by ThingsBoard.</td>
+    </tr>
+    </tbody>
+</table>
+</body>
+</html>
diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
index f9dc02e8d3..2c4bd9fdb9 100644
--- a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
@@ -54,6 +54,7 @@ import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.argThat;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.doNothing;
 import static org.mockito.Mockito.verify;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
@@ -67,11 +68,12 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
     private CacheManager cacheManager;
     @Autowired
     private TwoFaConfigManager twoFaConfigManager;
-    @Autowired
+    @SpyBean
     private TwoFactorAuthService twoFactorAuthService;
 
     @Before
     public void beforeEach() throws Exception {
+        doNothing().when(twoFactorAuthService).checkProvider(any(), any());
         loginSysAdmin();
     }
 
diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
index 1ad340d54b..74b95284aa 100644
--- a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
@@ -26,6 +26,7 @@ import org.junit.Test;
 import org.mockito.ArgumentCaptor;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.boot.test.mock.mockito.SpyBean;
 import org.thingsboard.rule.engine.api.SmsService;
 import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.audit.ActionStatus;
@@ -68,6 +69,7 @@ import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.doNothing;
 import static org.mockito.Mockito.verify;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
@@ -75,7 +77,7 @@ public abstract class TwoFactorAuthTest extends AbstractControllerTest {
 
     @Autowired
     private TwoFaConfigManager twoFaConfigManager;
-    @Autowired
+    @SpyBean
     private TwoFactorAuthService twoFactorAuthService;
     @MockBean
     private SmsService smsService;
@@ -100,6 +102,7 @@ public abstract class TwoFactorAuthTest extends AbstractControllerTest {
 
         loginSysAdmin();
         user = createUser(user, password);
+        doNothing().when(twoFactorAuthService).checkProvider(any(), any());
     }
 
     @After
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/StringUtils.java b/common/data/src/main/java/org/thingsboard/server/common/data/StringUtils.java
index f1391555b0..17f3713b74 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/StringUtils.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/StringUtils.java
@@ -15,6 +15,8 @@
  */
 package org.thingsboard.server.common.data;
 
+import static org.apache.commons.lang3.StringUtils.repeat;
+
 public class StringUtils {
 
     public static boolean isEmpty(String source) {
@@ -32,4 +34,20 @@ public class StringUtils {
     public static boolean isNotBlank(String source) {
         return source != null && !source.isEmpty() && !source.trim().isEmpty();
     }
+
+    public static String obfuscate(String input, int seenMargin, char obfuscationChar,
+                                   int startIndexInclusive, int endIndexExclusive) {
+
+        String part = input.substring(startIndexInclusive, endIndexExclusive);
+        String obfuscatedPart;
+        if (part.length() <= seenMargin * 2) {
+            obfuscatedPart = repeat(obfuscationChar, part.length());
+        } else {
+            obfuscatedPart = part.substring(0, seenMargin)
+                    + repeat(obfuscationChar, part.length() - seenMargin * 2)
+                    + part.substring(part.length() - seenMargin);
+        }
+        return input.substring(0, startIndexInclusive) + obfuscatedPart + input.substring(endIndexExclusive);
+    }
+
 }
diff --git a/dao/src/main/java/org/thingsboard/server/dao/model/sql/UserAuthSettingsEntity.java b/dao/src/main/java/org/thingsboard/server/dao/model/sql/UserAuthSettingsEntity.java
index 1728fca936..bebddf5aa0 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/model/sql/UserAuthSettingsEntity.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/model/sql/UserAuthSettingsEntity.java
@@ -42,7 +42,7 @@ import java.util.UUID;
 @NoArgsConstructor
 @TypeDef(name = "json", typeClass = JsonStringType.class)
 @Entity
-@Table(name = ModelConstants.USER_AUTH_SETTINGS_COLUMN_FAMILY_NAME) // FIXME [viacheslav]: add to upgrade script
+@Table(name = ModelConstants.USER_AUTH_SETTINGS_COLUMN_FAMILY_NAME)
 public class UserAuthSettingsEntity extends BaseSqlEntity<UserAuthSettings> implements BaseEntity<UserAuthSettings> {
 
     @Column(name = ModelConstants.USER_AUTH_SETTINGS_USER_ID_PROPERTY, nullable = false, unique = true)
diff --git a/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/MailService.java b/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/MailService.java
index 10c37da564..236391ba16 100644
--- a/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/MailService.java
+++ b/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/MailService.java
@@ -28,6 +28,8 @@ public interface MailService {
 
     void updateMailConfiguration();
 
+    boolean isConfigured(TenantId tenantId);
+
     void sendEmail(TenantId tenantId, String email, String subject, String message) throws ThingsboardException;
 
     void sendTestMail(JsonNode config, String email) throws ThingsboardException;
diff --git a/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/SmsService.java b/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/SmsService.java
index d9578783b0..c38f99ecb2 100644
--- a/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/SmsService.java
+++ b/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/SmsService.java
@@ -24,6 +24,8 @@ public interface SmsService {
 
     void updateSmsConfiguration();
 
+    boolean isConfigured(TenantId tenantId);
+
     void sendSms(TenantId tenantId, CustomerId customerId, String[] numbersTo, String message) throws ThingsboardException;;
 
     void sendTestSms(TestSmsRequest testSmsRequest) throws ThingsboardException;

From d3863de0948063c19c41271e742cb790d211b645 Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Tue, 17 May 2022 18:45:11 +0300
Subject: [PATCH 38/92] Remove platform 2FA settings for tenant authority

---
 .../controller/TwoFaConfigController.java     |  7 +-
 .../mfa/config/DefaultTwoFaConfigManager.java | 62 ++++----------
 .../controller/TwoFactorAuthConfigTest.java   | 81 ++-----------------
 .../server/controller/TwoFactorAuthTest.java  |  7 +-
 .../model/mfa/PlatformTwoFaSettings.java      |  1 -
 5 files changed, 23 insertions(+), 135 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
index 907618c26f..2dec65ed93 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
@@ -206,15 +206,13 @@ public class TwoFaConfigController extends BaseController {
                     "If 2FA is not configured, then an empty response will be returned." +
                     ControllerConstants.SYSTEM_OR_TENANT_AUTHORITY_PARAGRAPH)
     @GetMapping("/settings")
-    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN')")
     public PlatformTwoFaSettings getPlatformTwoFaSettings() throws ThingsboardException {
         return twoFaConfigManager.getPlatformTwoFaSettings(getTenantId(), false).orElse(null);
     }
 
     @ApiOperation(value = "Save platform 2FA settings (savePlatformTwoFaSettings)",
             notes = "Save 2FA settings for platform. The settings have following properties:\n" +
-                    "- `useSystemTwoFactorAuthSettings` - option for tenant admins to use 2FA settings configured by sysadmin. " +
-                    "If this param is set to true, then the settings will not be validated for constraints (if it is a tenant admin; for sysadmin this param is ignored).\n" +
                     "- `providers` - the list of 2FA providers' configs. Users will only be allowed to use 2FA providers from this list. \n\n" +
                     "- `verificationCodeSendRateLimit` - rate limit configuration for verification code sending. " +
                     "The format is standard: 'amountOfRequests:periodInSeconds'. The value of '1:60' would limit verification " +
@@ -233,7 +231,6 @@ public class TwoFaConfigController extends BaseController {
                     "- `verificationCodeLifetime` - the same as for SMS." + NEW_LINE +
                     "Example of the settings:\n" +
                     "```\n{\n" +
-                    "  \"useSystemTwoFactorAuthSettings\": false,\n" +
                     "  \"providers\": [\n" +
                     "    {\n" +
                     "      \"providerType\": \"TOTP\",\n" +
@@ -256,7 +253,7 @@ public class TwoFaConfigController extends BaseController {
                     "}\n```" +
                     ControllerConstants.SYSTEM_OR_TENANT_AUTHORITY_PARAGRAPH)
     @PostMapping("/settings")
-    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN')")
     public void savePlatformTwoFaSettings(@ApiParam(value = "Settings value", required = true)
                                           @RequestBody PlatformTwoFaSettings twoFaSettings) throws ThingsboardException {
         twoFaConfigManager.savePlatformTwoFaSettings(getTenantId(), twoFaSettings);
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java
index 8227a3596a..e27d3967ad 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java
@@ -16,18 +16,14 @@
 package org.thingsboard.server.service.security.auth.mfa.config;
 
 import lombok.RequiredArgsConstructor;
-import lombok.SneakyThrows;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Service;
 import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.server.common.data.AdminSettings;
-import org.thingsboard.server.common.data.DataConstants;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.id.UserId;
-import org.thingsboard.server.common.data.kv.BaseAttributeKvEntry;
-import org.thingsboard.server.common.data.kv.JsonDataEntry;
 import org.thingsboard.server.common.data.security.UserAuthSettings;
 import org.thingsboard.server.common.data.security.model.mfa.PlatformTwoFaSettings;
 import org.thingsboard.server.common.data.security.model.mfa.account.AccountTwoFaSettings;
@@ -41,11 +37,9 @@ import org.thingsboard.server.dao.settings.AdminSettingsService;
 import org.thingsboard.server.dao.user.UserAuthSettingsDao;
 import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
 
-import java.util.Collections;
 import java.util.Comparator;
 import java.util.LinkedHashMap;
 import java.util.Optional;
-import java.util.concurrent.ExecutionException;
 
 @Service
 @RequiredArgsConstructor
@@ -54,7 +48,6 @@ public class DefaultTwoFaConfigManager implements TwoFaConfigManager {
     private final UserAuthSettingsDao userAuthSettingsDao;
     private final AdminSettingsService adminSettingsService;
     private final AdminSettingsDao adminSettingsDao;
-    private final AttributesService attributesService;
     @Autowired @Lazy
     private TwoFactorAuthService twoFactorAuthService;
 
@@ -132,60 +125,33 @@ public class DefaultTwoFaConfigManager implements TwoFaConfigManager {
                 .flatMap(twoFaSettings -> twoFaSettings.getProviderConfig(providerType));
     }
 
-    @SneakyThrows({InterruptedException.class, ExecutionException.class})
     @Override
     public Optional<PlatformTwoFaSettings> getPlatformTwoFaSettings(TenantId tenantId, boolean sysadminSettingsAsDefault) {
-        if (tenantId.equals(TenantId.SYS_TENANT_ID)) {
-            return Optional.ofNullable(adminSettingsService.findAdminSettingsByKey(TenantId.SYS_TENANT_ID, TWO_FACTOR_AUTH_SETTINGS_KEY))
-                    .map(adminSettings -> JacksonUtil.treeToValue(adminSettings.getJsonValue(), PlatformTwoFaSettings.class));
-        } else {
-            Optional<PlatformTwoFaSettings> tenantTwoFaSettings = attributesService.find(TenantId.SYS_TENANT_ID, tenantId,
-                            DataConstants.SERVER_SCOPE, TWO_FACTOR_AUTH_SETTINGS_KEY).get()
-                    .map(adminSettingsAttribute -> JacksonUtil.fromString(adminSettingsAttribute.getJsonValue().get(), PlatformTwoFaSettings.class));
-            if (sysadminSettingsAsDefault) {
-                if (tenantTwoFaSettings.isEmpty() || tenantTwoFaSettings.get().isUseSystemTwoFactorAuthSettings()) {
-                    return getPlatformTwoFaSettings(TenantId.SYS_TENANT_ID, false);
-                }
-            }
-            return tenantTwoFaSettings;
-        }
+        return Optional.ofNullable(adminSettingsService.findAdminSettingsByKey(TenantId.SYS_TENANT_ID, TWO_FACTOR_AUTH_SETTINGS_KEY))
+                .map(adminSettings -> JacksonUtil.treeToValue(adminSettings.getJsonValue(), PlatformTwoFaSettings.class));
     }
 
-    @SneakyThrows({InterruptedException.class, ExecutionException.class})
     @Override
     public void savePlatformTwoFaSettings(TenantId tenantId, PlatformTwoFaSettings twoFactorAuthSettings) throws ThingsboardException {
-        if (tenantId.equals(TenantId.SYS_TENANT_ID) || !twoFactorAuthSettings.isUseSystemTwoFactorAuthSettings()) {
-            ConstraintValidator.validateFields(twoFactorAuthSettings);
-        }
+        ConstraintValidator.validateFields(twoFactorAuthSettings);
         for (TwoFaProviderConfig providerConfig : twoFactorAuthSettings.getProviders()) {
             twoFactorAuthService.checkProvider(tenantId, providerConfig.getProviderType());
         }
-        if (tenantId.equals(TenantId.SYS_TENANT_ID)) {
-            AdminSettings settings = Optional.ofNullable(adminSettingsService.findAdminSettingsByKey(tenantId, TWO_FACTOR_AUTH_SETTINGS_KEY))
-                    .orElseGet(() -> {
-                        AdminSettings newSettings = new AdminSettings();
-                        newSettings.setKey(TWO_FACTOR_AUTH_SETTINGS_KEY);
-                        return newSettings;
-                    });
-            settings.setJsonValue(JacksonUtil.valueToTree(twoFactorAuthSettings));
-            adminSettingsService.saveAdminSettings(tenantId, settings);
-        } else {
-            attributesService.save(TenantId.SYS_TENANT_ID, tenantId, DataConstants.SERVER_SCOPE, Collections.singletonList(
-                    new BaseAttributeKvEntry(new JsonDataEntry(TWO_FACTOR_AUTH_SETTINGS_KEY, JacksonUtil.toString(twoFactorAuthSettings)), System.currentTimeMillis())
-            )).get();
-        }
+
+        AdminSettings settings = Optional.ofNullable(adminSettingsService.findAdminSettingsByKey(tenantId, TWO_FACTOR_AUTH_SETTINGS_KEY))
+                .orElseGet(() -> {
+                    AdminSettings newSettings = new AdminSettings();
+                    newSettings.setKey(TWO_FACTOR_AUTH_SETTINGS_KEY);
+                    return newSettings;
+                });
+        settings.setJsonValue(JacksonUtil.valueToTree(twoFactorAuthSettings));
+        adminSettingsService.saveAdminSettings(tenantId, settings);
     }
 
-    @SneakyThrows({InterruptedException.class, ExecutionException.class})
     @Override
     public void deletePlatformTwoFaSettings(TenantId tenantId) {
-        if (tenantId.equals(TenantId.SYS_TENANT_ID)) {
-            Optional.ofNullable(adminSettingsService.findAdminSettingsByKey(tenantId, TWO_FACTOR_AUTH_SETTINGS_KEY))
-                    .ifPresent(adminSettings -> adminSettingsDao.removeById(tenantId, adminSettings.getId().getId()));
-        } else {
-            attributesService.removeAll(TenantId.SYS_TENANT_ID, tenantId, DataConstants.SERVER_SCOPE,
-                    Collections.singletonList(TWO_FACTOR_AUTH_SETTINGS_KEY)).get();
-        }
+        Optional.ofNullable(adminSettingsService.findAdminSettingsByKey(tenantId, TWO_FACTOR_AUTH_SETTINGS_KEY))
+                .ifPresent(adminSettings -> adminSettingsDao.removeById(tenantId, adminSettings.getId().getId()));
     }
 
 }
diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
index 2c4bd9fdb9..d6fc640878 100644
--- a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
@@ -30,10 +30,8 @@ import org.springframework.web.util.UriComponentsBuilder;
 import org.thingsboard.rule.engine.api.SmsService;
 import org.thingsboard.server.common.data.CacheConstants;
 import org.thingsboard.server.common.data.id.TenantId;
-import org.thingsboard.server.common.data.security.model.mfa.account.AccountTwoFaSettings;
-import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
-import org.thingsboard.server.service.security.auth.mfa.config.TwoFaConfigManager;
 import org.thingsboard.server.common.data.security.model.mfa.PlatformTwoFaSettings;
+import org.thingsboard.server.common.data.security.model.mfa.account.AccountTwoFaSettings;
 import org.thingsboard.server.common.data.security.model.mfa.account.SmsTwoFaAccountConfig;
 import org.thingsboard.server.common.data.security.model.mfa.account.TotpTwoFaAccountConfig;
 import org.thingsboard.server.common.data.security.model.mfa.account.TwoFaAccountConfig;
@@ -41,6 +39,8 @@ import org.thingsboard.server.common.data.security.model.mfa.provider.SmsTwoFaPr
 import org.thingsboard.server.common.data.security.model.mfa.provider.TotpTwoFaProviderConfig;
 import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderConfig;
 import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
+import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFaConfigManager;
 import org.thingsboard.server.service.security.auth.mfa.provider.impl.OtpBasedTwoFaProvider;
 import org.thingsboard.server.service.security.auth.mfa.provider.impl.TotpTwoFaProvider;
 
@@ -85,15 +85,9 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
 
     @Test
-    public void testSavePlatformTwoFaSettingsForDifferentAuthorities() throws Exception {
+    public void testSavePlatformTwoFaSettings() throws Exception {
         loginSysAdmin();
-        testSavePlatformTwoFaSettings();
-
-        loginTenantAdmin();
-        testSavePlatformTwoFaSettings();
-    }
 
-    private void testSavePlatformTwoFaSettings() throws Exception {
         TotpTwoFaProviderConfig totpTwoFaProviderConfig = new TotpTwoFaProviderConfig();
         totpTwoFaProviderConfig.setIssuerName("tb");
         SmsTwoFaProviderConfig smsTwoFaProviderConfig = new SmsTwoFaProviderConfig();
@@ -117,7 +111,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
     @Test
     public void testSavePlatformTwoFaSettings_validationError() throws Exception {
-        loginTenantAdmin();
+        loginSysAdmin();
 
         PlatformTwoFaSettings twoFaSettings = new PlatformTwoFaSettings();
         twoFaSettings.setProviders(Collections.emptyList());
@@ -135,71 +129,6 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
                 "maximum number of verification failure before user lockout must be positive",
                 "total amount of time allotted for verification must be greater than 0"
         );
-
-        twoFaSettings.setUseSystemTwoFactorAuthSettings(true);
-        doPost("/api/2fa/settings", twoFaSettings)
-                .andExpect(status().isOk());
-
-        twoFaSettings.setVerificationCodeSendRateLimit(null);
-        twoFaSettings.setVerificationCodeCheckRateLimit(null);
-        twoFaSettings.setMaxVerificationFailuresBeforeUserLockout(0);
-        twoFaSettings.setTotalAllowedTimeForVerification(null);
-
-        doPost("/api/2fa/settings", twoFaSettings)
-                .andExpect(status().isOk());
-    }
-
-    @Test
-    public void testGetPlatformTwoFaSettings_useSysadminSettingsAsDefault() throws Exception {
-        loginSysAdmin();
-        PlatformTwoFaSettings sysadminTwoFaSettings = new PlatformTwoFaSettings();
-        TotpTwoFaProviderConfig totpTwoFaProviderConfig = new TotpTwoFaProviderConfig();
-        totpTwoFaProviderConfig.setIssuerName("tb");
-        sysadminTwoFaSettings.setProviders(Collections.singletonList(totpTwoFaProviderConfig));
-        sysadminTwoFaSettings.setMaxVerificationFailuresBeforeUserLockout(25);
-        doPost("/api/2fa/settings", sysadminTwoFaSettings).andExpect(status().isOk());
-
-        loginTenantAdmin();
-        PlatformTwoFaSettings tenantTwoFaSettings = new PlatformTwoFaSettings();
-        tenantTwoFaSettings.setUseSystemTwoFactorAuthSettings(true);
-        tenantTwoFaSettings.setProviders(Collections.emptyList());
-        doPost("/api/2fa/settings", tenantTwoFaSettings).andExpect(status().isOk());
-        PlatformTwoFaSettings twoFaSettings = readResponse(doGet("/api/2fa/settings").andExpect(status().isOk()), PlatformTwoFaSettings.class);
-        assertThat(twoFaSettings).isEqualTo(tenantTwoFaSettings);
-
-        doPost("/api/2fa/account/config/generate?providerType=TOTP")
-                .andExpect(status().isOk());
-
-        tenantTwoFaSettings.setUseSystemTwoFactorAuthSettings(false);
-        tenantTwoFaSettings.setProviders(Collections.emptyList());
-        tenantTwoFaSettings.setMaxVerificationFailuresBeforeUserLockout(10);
-        doPost("/api/2fa/settings", tenantTwoFaSettings).andExpect(status().isOk());
-        twoFaSettings = readResponse(doGet("/api/2fa/settings").andExpect(status().isOk()), PlatformTwoFaSettings.class);
-        assertThat(twoFaSettings).isEqualTo(tenantTwoFaSettings);
-
-        assertThat(getErrorMessage(doPost("/api/2fa/account/config/generate?providerType=TOTP")
-                .andExpect(status().isBadRequest()))).containsIgnoringCase("provider is not configured");
-
-        loginSysAdmin();
-        sysadminTwoFaSettings.setProviders(Collections.emptyList());
-        doPost("/api/2fa/settings", sysadminTwoFaSettings).andExpect(status().isOk());
-        loginTenantAdmin();
-        tenantTwoFaSettings.setUseSystemTwoFactorAuthSettings(true);
-        tenantTwoFaSettings.setProviders(Collections.singletonList(totpTwoFaProviderConfig));
-        doPost("/api/2fa/settings", tenantTwoFaSettings).andExpect(status().isOk());
-
-        assertThat(getErrorMessage(doPost("/api/2fa/account/config/generate?providerType=TOTP")
-                .andExpect(status().isBadRequest()))).containsIgnoringCase("provider is not configured");
-
-        tenantTwoFaSettings.setUseSystemTwoFactorAuthSettings(false);
-        doPost("/api/2fa/settings", tenantTwoFaSettings).andExpect(status().isOk());
-
-        doPost("/api/2fa/account/config/generate?providerType=TOTP")
-                .andExpect(status().isOk());
-
-        loginSysAdmin();
-        twoFaSettings = readResponse(doGet("/api/2fa/settings").andExpect(status().isOk()), PlatformTwoFaSettings.class);
-        assertThat(twoFaSettings).isEqualTo(sysadminTwoFaSettings);
     }
 
     @Test
diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
index 74b95284aa..40070b0106 100644
--- a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
@@ -345,7 +345,6 @@ public abstract class TwoFactorAuthTest extends AbstractControllerTest {
     @Test
     public void testTwoFa_multipleProviders() throws Exception {
         PlatformTwoFaSettings platformTwoFaSettings = new PlatformTwoFaSettings();
-        platformTwoFaSettings.setUseSystemTwoFactorAuthSettings(true);
 
         TotpTwoFaProviderConfig totpTwoFaProviderConfig = new TotpTwoFaProviderConfig();
         totpTwoFaProviderConfig.setIssuerName("TB");
@@ -411,10 +410,9 @@ public abstract class TwoFactorAuthTest extends AbstractControllerTest {
         totpTwoFaProviderConfig.setIssuerName("tb");
 
         PlatformTwoFaSettings twoFaSettings = new PlatformTwoFaSettings();
-        twoFaSettings.setUseSystemTwoFactorAuthSettings(false);
         twoFaSettings.setProviders(Arrays.stream(new TwoFaProviderConfig[]{totpTwoFaProviderConfig}).collect(Collectors.toList()));
         Arrays.stream(customizer).forEach(c -> c.accept(twoFaSettings));
-        twoFaConfigManager.savePlatformTwoFaSettings(tenantId, twoFaSettings);
+        twoFaConfigManager.savePlatformTwoFaSettings(TenantId.SYS_TENANT_ID, twoFaSettings);
 
         TotpTwoFaAccountConfig totpTwoFaAccountConfig = (TotpTwoFaAccountConfig) twoFactorAuthService.generateNewAccountConfig(user, TwoFaProviderType.TOTP);
         twoFaConfigManager.saveTwoFaAccountConfig(tenantId, user.getId(), totpTwoFaAccountConfig);
@@ -428,9 +426,8 @@ public abstract class TwoFactorAuthTest extends AbstractControllerTest {
         Arrays.stream(customizer).forEach(c -> c.accept(smsTwoFaProviderConfig));
 
         PlatformTwoFaSettings twoFaSettings = new PlatformTwoFaSettings();
-        twoFaSettings.setUseSystemTwoFactorAuthSettings(false);
         twoFaSettings.setProviders(Arrays.stream(new TwoFaProviderConfig[]{smsTwoFaProviderConfig}).collect(Collectors.toList()));
-        twoFaConfigManager.savePlatformTwoFaSettings(tenantId, twoFaSettings);
+        twoFaConfigManager.savePlatformTwoFaSettings(TenantId.SYS_TENANT_ID, twoFaSettings);
 
         SmsTwoFaAccountConfig smsTwoFaAccountConfig = new SmsTwoFaAccountConfig();
         smsTwoFaAccountConfig.setPhoneNumber("+38050505050");
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
index 8d017cab20..39ca0349fb 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
@@ -28,7 +28,6 @@ import java.util.Optional;
 @Data
 public class PlatformTwoFaSettings {
 
-    private boolean useSystemTwoFactorAuthSettings;
     @Valid
     private List<TwoFaProviderConfig> providers;
 

From 4e8be657ea1bafb1775515c0d577bd95bfb2f57e Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Wed, 18 May 2022 10:27:59 +0300
Subject: [PATCH 39/92] UI: Add mail template - Email verification code;
 refactoring

---
 .../templates/2fa.verification.code.ftl       | 120 ++++++++----------
 .../two-factor-auth-settings.component.html   |   2 +-
 .../assets/locale/locale.constant-en_US.json  |   2 +-
 3 files changed, 53 insertions(+), 71 deletions(-)

diff --git a/application/src/main/resources/templates/2fa.verification.code.ftl b/application/src/main/resources/templates/2fa.verification.code.ftl
index 2b205ecb5d..0aba62f90b 100644
--- a/application/src/main/resources/templates/2fa.verification.code.ftl
+++ b/application/src/main/resources/templates/2fa.verification.code.ftl
@@ -20,81 +20,42 @@
 <html xmlns="http://www.w3.org/1999/xhtml"
       style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
 <head>
-    <meta name="viewport" content="width=device-width"/>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
-    <title>Thingsboard - Api Usage State</title>
+    <meta name="viewport" content="width=device-width" />
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <title>Email verification code</title>
 
 
     <style type="text/css">
         img {
             max-width: 100%;
         }
-
         body {
-            -webkit-font-smoothing: antialiased;
-            -webkit-text-size-adjust: none;
-            width: 100% !important;
-            height: 100%;
-            line-height: 1.6em;
+            -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; width: 100% !important; height: 100%; line-height: 1.6em;
         }
-
         body {
             background-color: #f6f6f6;
         }
-
         @media only screen and (max-width: 640px) {
             body {
                 padding: 0 !important;
             }
-
-            h1 {
-                font-weight: 800 !important;
-                margin: 20px 0 5px !important;
-            }
-
             h2 {
                 font-weight: 800 !important;
-                margin: 20px 0 5px !important;
-            }
-
-            h3 {
-                font-weight: 800 !important;
-                margin: 20px 0 5px !important;
-            }
-
-            h4 {
-                font-weight: 800 !important;
-                margin: 20px 0 5px !important;
+                margin: 0 0 8px !important;
             }
-
-            h1 {
-                font-size: 22px !important;
-            }
-
             h2 {
                 font-size: 18px !important;
             }
-
-            h3 {
-                font-size: 16px !important;
-            }
-
             .container {
                 padding: 0 !important;
                 width: 100% !important;
             }
-
             .content {
                 padding: 0 !important;
             }
-
             .content-wrap {
                 padding: 10px !important;
             }
-
-            .invoice {
-                width: 100% !important;
-            }
         }
     </style>
 </head>
@@ -103,33 +64,54 @@
       style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; width: 100% !important; height: 100%; line-height: 1.6em; background-color: #f6f6f6; margin: 0;"
       bgcolor="#f6f6f6">
 
-<table class="main" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; box-sizing: border-box; border-radius: 3px; width: 100%; background-color: #f6f6f6; margin: 0px auto;" cellspacing="0" cellpadding="0" bgcolor="#f6f6f6">
-    <tbody>
-    <tr style="box-sizing: border-box; margin: 0px;">
-        <td class="content-wrap" style="box-sizing: border-box; vertical-align: top; margin: 0px; padding: 20px;" align="center" valign="top">
-            <table style="box-sizing: border-box; border: 1px solid #e9e9e9; border-radius: 3px; margin: 0px; height: 310px; background-color: #ffffff; width: 600px; max-width: 600px !important;" width="600" cellspacing="0" cellpadding="0">
-                <tbody>
-                <tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
-                    <td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; color: #348eda; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0px; padding: 0px; height: 110px;" valign="top"><img src="https://media.thingsboard.io/email/head.png" alt="" width="598" height="91" /></td>
-                </tr>
-                <tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 16px; margin: 0;">
-                    <td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; color: #000000; box-sizing: border-box; font-size: 16px; margin: 0px; padding: 0px 32px; height: 66px; vertical-align: middle;" valign="middle">Your 2FA verification code: <strong>${verificationCode}</strong></td>
-                </tr>
-                <tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
-                    <td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0px; padding: 0px 32px; height: 40px;" valign="top">&mdash; The ThingsBoard</td>
-                </tr>
-                </tbody>
-            </table>
+<table class="body-wrap" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; width: 100%; background-color: #f6f6f6; margin: 0;" bgcolor="#f6f6f6"><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0;" valign="top"></td>
+        <td class="container" width="600" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; display: block !important; max-width: 600px !important; clear: both !important; margin: 0 auto;" valign="top">
+            <div class="content" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; max-width: 600px; display: block; margin: 0 auto; padding: 20px;">
+                <table class="main" width="100%" cellpadding="0" cellspacing="0" itemprop="action" itemscope itemtype="http://schema.org/ConfirmAction" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; border-radius: 3px; background-color: #fff; margin: 0; border: 1px solid #e9e9e9;" bgcolor="#fff"><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="content-wrap" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 20px;" valign="top">
+                            <meta itemprop="name" content="Confirm Email" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;" /><table width="100%" cellpadding="0" cellspacing="0" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
+                                <tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
+                                    <td class="content-block" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; color: #348eda; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0;" valign="top" align="center">
+                                        <h2 style="margin-bottom: 0;">Email verification code:</h2>
+                                    </td>
+                                </tr>
+                                <tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
+                                    <td class="content-block" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; color: #348eda; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;" valign="top" align="center">
+                                        <h2 style="margin-top: 8px;">${verificationCode}</h2>
+                                    </td>
+                                </tr>
+                                <tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
+                                    <td class="content-block" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 8px;" valign="top">
+                                        Please verify your access using the code above.
+                                    </td>
+                                </tr>
+                                <tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
+                                    <td class="content-block" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 8px;" valign="top">
+                                        This code will expire in ${expiredTime} minutes. To get a new one, click Resend code on the Thingsboard platform.
+                                    </td>
+                                </tr>
+                                <tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
+                                    <td class="content-block" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;" valign="top">
+                                        If you didn't request for this code, then you can just ignore this email; access won't provided.
+                                    </td>
+                                </tr>
+                                <tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
+                                    <td class="content-block" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;" valign="top">
+                                        &mdash; The Thingsboard
+                                    </td>
+                                </tr></table></td>
+                    </tr>
+                </table>
+                <div class="footer" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; width: 100%; clear: both; color: #999; margin: 0; padding: 20px;">
+                    <table width="100%" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
+                        <tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
+                            <td class="aligncenter content-block" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 12px; vertical-align: top; color: #999; text-align: center; margin: 0; padding: 0 0 20px;" align="center" valign="top">This email was sent to <a href="mailto:${targetEmail}" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 12px; color: #999; text-decoration: underline; margin: 0;">${targetEmail}</a> by Thingsboard.</td>
+                        </tr>
+                    </table>
+                </div>
+            </div>
         </td>
+        <td style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0;" valign="top"></td>
     </tr>
-    </tbody>
-</table>
-<table style="color: #999999; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; box-sizing: border-box; margin: 0px auto; height: 64px; background-color: #f6f6f6; width: 100%;" cellpadding="0px 0px 20px">
-    <tbody>
-    <tr style="box-sizing: border-box; margin: 0px;">
-        <td class="aligncenter content-block" style="box-sizing: border-box; font-size: 12px; margin: 0px; padding: 0px 0px 20px; width: 600px; text-align: center; vertical-align: middle;" align="center" valign="top">This email was sent to&nbsp;<a style="box-sizing: border-box; color: #999999; margin: 0px;" href="mailto:${targetEmail}">${targetEmail}</a>&nbsp;by ThingsBoard.</td>
-    </tr>
-    </tbody>
 </table>
 </body>
 </html>
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
index 656f6d7c3b..f3e850a8d7 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
@@ -32,7 +32,7 @@
         <fieldset [disabled]="isLoading$ | async">
           <ng-container>
             <fieldset class="fields-group">
-              <legend class="group-title" translate>admin.2fa.general-setting</legend>
+              <legend class="group-title" translate>admin.2fa.verification-limitations</legend>
               <div class="input-row" fxLayout="row" fxLayout.sm="column" fxLayoutGap="8px">
                 <mat-form-field fxFlex class="mat-block">
                   <mat-label translate>admin.2fa.total-allowed-time-for-verification</mat-label>
diff --git a/ui-ngx/src/assets/locale/locale.constant-en_US.json b/ui-ngx/src/assets/locale/locale.constant-en_US.json
index 80064c88f9..98b4df1c2b 100644
--- a/ui-ngx/src/assets/locale/locale.constant-en_US.json
+++ b/ui-ngx/src/assets/locale/locale.constant-en_US.json
@@ -315,7 +315,6 @@
         "2fa":  {
             "2fa": "Two-factor authentication",
             "available-providers": "Available providers",
-            "general-setting": "General setting",
             "issuer-name": "Issuer name",
             "issuer-name-required": "Issuer name is required.",
             "max-verification-failures-before-user-lockout": "Max verification failures before user lockout",
@@ -338,6 +337,7 @@
             "verification-code-lifetime-required": "Verification code lifetime is required.",
             "verification-code-send-rate-limit": "Verification code send rate limit",
             "verification-message-template": "Verification message template",
+            "verification-limitations": "Verification limitations",
             "verification-message-template-pattern": "Verification message need to contains pattern: ${verificationCode}",
             "verification-message-template-required": "Verification message template is required.",
             "within-time": "Within time (sec)",

From 866ad82187e076398e4887e0c9da1f6bfee1b7b5 Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Wed, 18 May 2022 12:50:12 +0300
Subject: [PATCH 40/92] Email 2FA verification message improvements

---
 .../thingsboard/server/service/mail/DefaultMailService.java | 5 +++--
 .../security/auth/mfa/provider/impl/EmailTwoFaProvider.java | 2 +-
 .../src/main/resources/templates/2fa.verification.code.ftl  | 6 +++---
 .../data/security/model/mfa/PlatformTwoFaSettings.java      | 2 ++
 .../java/org/thingsboard/rule/engine/api/MailService.java   | 2 +-
 5 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java b/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java
index fdb1b579e9..9d2f7b8891 100644
--- a/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java
+++ b/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java
@@ -322,11 +322,12 @@ public class DefaultMailService implements MailService {
     }
 
     @Override
-    public void sendTwoFaVerificationEmail(String email, String verificationCode) throws ThingsboardException {
+    public void sendTwoFaVerificationEmail(String email, String verificationCode, int expirationTimeSeconds) throws ThingsboardException {
         String subject = messages.getMessage("2fa.verification.code.subject", null, Locale.US);
         String message = mergeTemplateIntoString("2fa.verification.code.ftl", Map.of(
                 TARGET_EMAIL, email,
-                "verificationCode", verificationCode
+                "verificationCode", verificationCode,
+                "expirationTimeSeconds", expirationTimeSeconds
         ));
 
         sendMail(mailSender, mailFrom, email, subject, message);
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFaProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFaProvider.java
index 39af5038ef..2aa5985514 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFaProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFaProvider.java
@@ -55,7 +55,7 @@ public class EmailTwoFaProvider extends OtpBasedTwoFaProvider<EmailTwoFaProvider
 
     @Override
     protected void sendVerificationCode(SecurityUser user, String verificationCode, EmailTwoFaProviderConfig providerConfig, EmailTwoFaAccountConfig accountConfig) throws ThingsboardException {
-        mailService.sendTwoFaVerificationEmail(accountConfig.getEmail(), verificationCode);
+        mailService.sendTwoFaVerificationEmail(accountConfig.getEmail(), verificationCode, providerConfig.getVerificationCodeLifetime());
     }
 
     @Override
diff --git a/application/src/main/resources/templates/2fa.verification.code.ftl b/application/src/main/resources/templates/2fa.verification.code.ftl
index 0aba62f90b..994215ebcb 100644
--- a/application/src/main/resources/templates/2fa.verification.code.ftl
+++ b/application/src/main/resources/templates/2fa.verification.code.ftl
@@ -71,7 +71,7 @@
                             <meta itemprop="name" content="Confirm Email" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;" /><table width="100%" cellpadding="0" cellspacing="0" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
                                 <tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
                                     <td class="content-block" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; color: #348eda; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0;" valign="top" align="center">
-                                        <h2 style="margin-bottom: 0;">Email verification code:</h2>
+                                        <h2 style="margin-bottom: 0;">Your verification code:</h2>
                                     </td>
                                 </tr>
                                 <tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
@@ -86,12 +86,12 @@
                                 </tr>
                                 <tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
                                     <td class="content-block" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 8px;" valign="top">
-                                        This code will expire in ${expiredTime} minutes. To get a new one, click Resend code on the Thingsboard platform.
+                                        This code will expire in ${expirationTimeSeconds} seconds.
                                     </td>
                                 </tr>
                                 <tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
                                     <td class="content-block" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;" valign="top">
-                                        If you didn't request for this code, then you can just ignore this email; access won't provided.
+                                        If you didn't request this code, you can ignore this email.
                                     </td>
                                 </tr>
                                 <tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
index 39ca0349fb..87d6403b04 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
@@ -15,6 +15,7 @@
  */
 package org.thingsboard.server.common.data.security.model.mfa;
 
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import lombok.Data;
 import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderConfig;
 import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
@@ -26,6 +27,7 @@ import java.util.List;
 import java.util.Optional;
 
 @Data
+@JsonIgnoreProperties(ignoreUnknown = true)
 public class PlatformTwoFaSettings {
 
     @Valid
diff --git a/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/MailService.java b/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/MailService.java
index 236391ba16..6ac4417934 100644
--- a/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/MailService.java
+++ b/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/MailService.java
@@ -46,7 +46,7 @@ public interface MailService {
 
     void sendAccountLockoutEmail(String lockoutEmail, String email, Integer maxFailedLoginAttempts) throws ThingsboardException;
 
-    void sendTwoFaVerificationEmail(String email, String verificationCode) throws ThingsboardException;
+    void sendTwoFaVerificationEmail(String email, String verificationCode, int expirationTimeSeconds) throws ThingsboardException;
 
     void send(TenantId tenantId, CustomerId customerId, TbEmail tbEmail) throws ThingsboardException;
 

From 1ab9ed2467de82f59a1985ec2d7a1aa2e5fa2592 Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Wed, 18 May 2022 15:44:42 +0300
Subject: [PATCH 41/92] UI: Add 2FA login page

---
 ui-ngx/src/app/core/auth/auth.service.ts      |  32 ++++-
 ui-ngx/src/app/core/guards/auth.guard.ts      |  13 +++
 .../email-auth-dialog.component.html          |   8 +-
 .../sms-auth-dialog.component.html            |   8 +-
 .../totp-auth-dialog.component.html           |   4 +-
 .../app/modules/login/login-routing.module.ts |  12 ++
 ui-ngx/src/app/modules/login/login.module.ts  |   4 +-
 .../two-factor-auth-login.component.html      |  79 +++++++++++++
 .../two-factor-auth-login.component.scss      |  66 +++++++++++
 .../login/two-factor-auth-login.component.ts  | 109 ++++++++++++++++++
 .../src/app/shared/models/authority.enum.ts   |   3 +-
 ui-ngx/src/app/shared/models/login.models.ts  |   3 +
 .../shared/models/two-factor-auth.models.ts   |  31 +++++
 .../assets/locale/locale.constant-en_US.json  |   9 +-
 14 files changed, 365 insertions(+), 16 deletions(-)
 create mode 100644 ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.html
 create mode 100644 ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.scss
 create mode 100644 ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.ts

diff --git a/ui-ngx/src/app/core/auth/auth.service.ts b/ui-ngx/src/app/core/auth/auth.service.ts
index 6b129da6ad..574bf05419 100644
--- a/ui-ngx/src/app/core/auth/auth.service.ts
+++ b/ui-ngx/src/app/core/auth/auth.service.ts
@@ -45,7 +45,8 @@ import { ActionNotificationShow } from '@core/notification/notification.actions'
 import { MatDialog, MatDialogConfig } from '@angular/material/dialog';
 import { AlertDialogComponent } from '@shared/components/dialog/alert-dialog.component';
 import { OAuth2ClientInfo, PlatformType } from '@shared/models/oauth2.models';
-import { isDefinedAndNotNull, isMobileApp } from '@core/utils';
+import { isMobileApp } from '@core/utils';
+import { TwoFactorAuthProviderType, TwoFaProviderInfo } from '@shared/models/two-factor-auth.models';
 
 @Injectable({
     providedIn: 'root'
@@ -70,6 +71,7 @@ export class AuthService {
 
   redirectUrl: string;
   oauth2Clients: Array<OAuth2ClientInfo> = null;
+  twoFactorAuthProviders: Array<TwoFaProviderInfo> = null;
 
   private refreshTokenSubject: ReplaySubject<LoginResponse> = null;
   private jwtHelper = new JwtHelperService();
@@ -114,6 +116,18 @@ export class AuthService {
 
   public login(loginRequest: LoginRequest): Observable<LoginResponse> {
     return this.http.post<LoginResponse>('/api/auth/login', loginRequest, defaultHttpOptions()).pipe(
+      tap((loginResponse: LoginResponse) => {
+          this.setUserFromJwtToken(loginResponse.token, loginResponse.refreshToken, true);
+          if (loginResponse.scope === Authority.PRE_VERIFICATION_TOKEN) {
+            this.router.navigateByUrl(`login/mfa`);
+          }
+        }
+      ));
+  }
+
+  public checkTwoFaVerificationCode(providerType: TwoFactorAuthProviderType, verificationCode: number): Observable<LoginResponse> {
+    return this.http.post<LoginResponse>(`/api/auth/2fa/verification/check?providerType=${providerType}&verificationCode=${verificationCode}`,
+      null, defaultHttpOptions()).pipe(
       tap((loginResponse: LoginResponse) => {
           this.setUserFromJwtToken(loginResponse.token, loginResponse.refreshToken, true);
         }
@@ -215,6 +229,15 @@ export class AuthService {
     );
   }
 
+  public getAvailableTwoFaLoginProviders(): Observable<Array<TwoFaProviderInfo>> {
+    return this.http.get<Array<TwoFaProviderInfo>>(`/api/auth/2fa/providers`, defaultHttpOptions()).pipe(
+      catchError(() => of([])),
+      tap((providers) => {
+        this.twoFactorAuthProviders = providers;
+      })
+    );
+  }
+
   private forceDefaultPlace(authState?: AuthState, path?: string, params?: any): boolean {
     if (authState && authState.authUser) {
       if (authState.authUser.authority === Authority.TENANT_ADMIN || authState.authUser.authority === Authority.CUSTOMER_USER) {
@@ -382,6 +405,9 @@ export class AuthService {
               loadUserSubject.error(err);
             }
           );
+        } else if (authPayload.authUser.authority === Authority.PRE_VERIFICATION_TOKEN) {
+          loadUserSubject.next(authPayload);
+          loadUserSubject.complete();
         } else if (authPayload.authUser.userId) {
           this.userService.getUser(authPayload.authUser.userId).subscribe(
             (user) => {
@@ -594,8 +620,8 @@ export class AuthService {
   private updateAndValidateToken(token, prefix, notify) {
     let valid = false;
     const tokenData = this.jwtHelper.decodeToken(token);
-    const issuedAt = tokenData.iat;
-    const expTime = tokenData.exp;
+    const issuedAt = tokenData?.iat;
+    const expTime = tokenData?.exp;
     if (issuedAt && expTime) {
       const ttl = expTime - issuedAt;
       if (ttl > 0) {
diff --git a/ui-ngx/src/app/core/guards/auth.guard.ts b/ui-ngx/src/app/core/guards/auth.guard.ts
index 5ead048f30..4fe53d7bdc 100644
--- a/ui-ngx/src/app/core/guards/auth.guard.ts
+++ b/ui-ngx/src/app/core/guards/auth.guard.ts
@@ -94,6 +94,8 @@ export class AuthGuard implements CanActivate, CanActivateChild {
                   return true;
                 })
               );
+            } else if (path === 'login.mfa') {
+              return of(this.router.parseUrl('/login'));
             } else {
               return of(true);
             }
@@ -114,6 +116,17 @@ export class AuthGuard implements CanActivate, CanActivateChild {
             this.mobileService.handleMobileNavigation(path, params);
             return of(false);
           }
+          if (authState.authUser.authority === Authority.PRE_VERIFICATION_TOKEN) {
+            if (path === 'login.mfa') {
+              return this.authService.getAvailableTwoFaLoginProviders().pipe(
+                map(() => {
+                  return true;
+                })
+              );
+            }
+            this.authService.logout();
+            return of(false);
+          }
           const defaultUrl = this.authService.defaultUrl(true, authState, path, params);
           if (defaultUrl) {
             // this.authService.gotoDefaultPlace(true);
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.html b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.html
index d591dc7261..75211537d4 100644
--- a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.html
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.html
@@ -37,9 +37,9 @@
       <form [formGroup]="emailConfigForm" (ngSubmit)="nextStep()">
         <p class="mat-body step-description input" translate>security.2fa.dialog.email-step-description</p>
         <div fxLayout="row" fxLayoutAlign="space-between center">
-          <mat-form-field fxFlex class="mat-block input-container" floatLabel="always">
+          <mat-form-field fxFlex class="mat-block input-container" hideRequiredMarker floatLabel="always">
             <mat-label></mat-label>
-            <input matInput formControlName="email"
+            <input matInput formControlName="email" required
                    placeholder="{{ 'security.2fa.dialog.email-step-label' | translate }}" />
             <mat-error *ngIf="emailConfigForm.get('email').hasError('required')">
               {{ 'user.email-required' | translate }}
@@ -64,11 +64,11 @@
           {{ 'security.2fa.dialog.verification-step-description' | translate : {address: emailConfigForm.get('email').value} }}
         </p>
         <div fxLayout="row" fxLayoutAlign="space-between center">
-          <mat-form-field fxFlex class="mat-block code-container" floatLabel="always">
+          <mat-form-field fxFlex class="mat-block code-container" hideRequiredMarker floatLabel="always">
             <mat-label></mat-label>
             <input matInput formControlName="verificationCode"
                    maxlength="6" type="text"
-                   pattern="\d*"
+                   pattern="\d*" required
                    placeholder="{{ 'security.2fa.dialog.verification-code' | translate }}">
             <mat-error *ngIf="emailVerificationForm.get('verificationCode').invalid">
               {{ 'security.2fa.dialog.verification-code-invalid' | translate }}
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.html b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.html
index 61b093dd00..f27e138a0e 100644
--- a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.html
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.html
@@ -37,9 +37,9 @@
       <form [formGroup]="smsConfigForm" (ngSubmit)="nextStep()">
         <p class="mat-body step-description input" translate>security.2fa.dialog.sms-step-description</p>
         <div fxLayout="row" fxLayoutAlign="space-between center">
-          <mat-form-field  fxFlex class="mat-block input-container" floatLabel="always">
+          <mat-form-field  fxFlex class="mat-block input-container" floatLabel="always" hideRequiredMarker>
             <mat-label></mat-label>
-            <input type="tel"
+            <input type="tel" required
                    [pattern]="phoneNumberPattern"
                    matInput formControlName="phone"
                    placeholder="{{ 'security.2fa.dialog.sms-step-label' | translate }}">
@@ -67,11 +67,11 @@
           {{ 'security.2fa.dialog.verification-step-description' | translate : {address: smsConfigForm.get('phone').value} }}
         </p>
         <div fxLayout="row" fxLayoutAlign="space-between center">
-          <mat-form-field fxFlex class="mat-block code-container" floatLabel="always">
+          <mat-form-field fxFlex class="mat-block code-container" floatLabel="always" hideRequiredMarker>
             <mat-label></mat-label>
             <input matInput formControlName="verificationCode"
                    maxlength="6" type="text"
-                   pattern="\d*"
+                   pattern="\d*" required
                    placeholder="{{ 'security.2fa.dialog.verification-code' | translate }}">
             <mat-error *ngIf="smsVerificationForm.get('verificationCode').invalid">
               {{ 'security.2fa.dialog.verification-code-invalid' | translate }}
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.html b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.html
index 6de8259011..54796c467d 100644
--- a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.html
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.html
@@ -53,11 +53,11 @@
         <p class="mat-body qr-code-description" translate>security.2fa.dialog.scan-qr-code</p>
         <canvas fxFlex #canvas [ngStyle]="{display: totpAuthURL ? 'block' : 'none'}"></canvas>
         <p class="mat-body qr-code-description" style="margin-top: 30px;" translate>security.2fa.dialog.enter-verification-code</p>
-        <mat-form-field fxFlex class="mat-block code-container" floatLabel="always">
+        <mat-form-field fxFlex class="mat-block code-container" floatLabel="always" hideRequiredMarker>
           <mat-label></mat-label>
           <input matInput formControlName="verificationCode"
                  maxlength="6" type="text"
-                 pattern="\d*"
+                 pattern="\d*" required
                  placeholder="{{ 'security.2fa.dialog.verification-code' | translate }}">
           <mat-error *ngIf="totpConfigForm.get('verificationCode').invalid">
             {{ 'security.2fa.dialog.verification-code-invalid' | translate }}
diff --git a/ui-ngx/src/app/modules/login/login-routing.module.ts b/ui-ngx/src/app/modules/login/login-routing.module.ts
index 1d10a296c4..6305fa9dfd 100644
--- a/ui-ngx/src/app/modules/login/login-routing.module.ts
+++ b/ui-ngx/src/app/modules/login/login-routing.module.ts
@@ -22,6 +22,8 @@ import { AuthGuard } from '@core/guards/auth.guard';
 import { ResetPasswordRequestComponent } from '@modules/login/pages/login/reset-password-request.component';
 import { ResetPasswordComponent } from '@modules/login/pages/login/reset-password.component';
 import { CreatePasswordComponent } from '@modules/login/pages/login/create-password.component';
+import { TwoFactorAuthLoginComponent } from '@modules/login/pages/login/two-factor-auth-login.component';
+import { Authority } from '@shared/models/authority.enum';
 
 const routes: Routes = [
   {
@@ -69,6 +71,16 @@ const routes: Routes = [
       module: 'public'
     },
     canActivate: [AuthGuard]
+  },
+  {
+    path: 'login/mfa',
+    component: TwoFactorAuthLoginComponent,
+    data: {
+      title: 'login.create-password',
+      auth: [Authority.PRE_VERIFICATION_TOKEN],
+      module: 'public'
+    },
+    canActivate: [AuthGuard]
   }
 ];
 
diff --git a/ui-ngx/src/app/modules/login/login.module.ts b/ui-ngx/src/app/modules/login/login.module.ts
index 78fec568c6..6414de2bf0 100644
--- a/ui-ngx/src/app/modules/login/login.module.ts
+++ b/ui-ngx/src/app/modules/login/login.module.ts
@@ -23,13 +23,15 @@ import { SharedModule } from '@app/shared/shared.module';
 import { ResetPasswordRequestComponent } from '@modules/login/pages/login/reset-password-request.component';
 import { ResetPasswordComponent } from '@modules/login/pages/login/reset-password.component';
 import { CreatePasswordComponent } from '@modules/login/pages/login/create-password.component';
+import { TwoFactorAuthLoginComponent } from '@modules/login/pages/login/two-factor-auth-login.component';
 
 @NgModule({
   declarations: [
     LoginComponent,
     ResetPasswordRequestComponent,
     ResetPasswordComponent,
-    CreatePasswordComponent
+    CreatePasswordComponent,
+    TwoFactorAuthLoginComponent
   ],
   imports: [
     CommonModule,
diff --git a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.html b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.html
new file mode 100644
index 0000000000..3db2b8b061
--- /dev/null
+++ b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.html
@@ -0,0 +1,79 @@
+<!--
+
+    Copyright © 2016-2022 The Thingsboard Authors
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+-->
+<div class="tb-two-factor-auth-login-content mat-app-background tb-dark" fxLayout="row" fxLayoutAlign="center center"
+     style="width: 100%;">
+  <mat-card fxFlex="initial" class="tb-two-factor-auth-login-card" >
+    <mat-card-title class="mat-headline" fxLayout="row" fxLayoutAlign="start center">
+      <button mat-icon-button type="button" (click)="cancelLogin()">
+        <mat-icon>chevron_left</mat-icon>
+      </button>
+      {{ 'login.verify-your-identity' | translate }}
+    </mat-card-title>
+    <mat-card-content>
+      <div class="providers-container tb-default" fxLayout="column" fxLayoutGap="8px" *ngIf="!selectedProvider">
+        <p class="mat-body" translate>login.select-way-to-verify</p>
+        <ng-container *ngFor="let provider of allowProviders">
+          <button type="button" mat-stroked-button class="provider" (click)="selectProvider(provider)">
+            <mat-icon class="icon" svgIcon="{{ providersData.get(provider).icon }}"></mat-icon>
+            {{ providersData.get(provider).name | translate }}
+          </button>
+        </ng-container>
+      </div>
+      <form [formGroup]="verificationForm" (ngSubmit)="sendVerificationCode()" *ngIf="selectedProvider">
+        <fieldset [disabled]="isLoading$ | async">
+          <div tb-toast fxLayout="column">
+            <p class="mat-body">{{ providerDescription }}</p>
+            <div fxLayout="row" class="code-block" fxLayoutGap="8px">
+              <mat-form-field class="mat-block" fxFlex floatLabel="always" hideRequiredMarker>
+                <mat-label></mat-label>
+                <input matInput formControlName="verificationCode"
+                       required maxlength="6" type="text" pattern="\d*"
+                       placeholder="{{ 'security.2fa.dialog.verification-code' | translate }}"/>
+                <mat-error *ngIf="verificationForm.get('verificationCode').invalid">
+                  {{ 'security.2fa.dialog.verification-code-invalid' | translate }}
+                </mat-error>
+              </mat-form-field>
+              <div fxLayoutAlign="start center" *ngIf="selectedProvider !== twoFactorAuthProvider.TOTP">
+                <button
+                  mat-button
+                  (click)="sendCode()"
+                  type="button">
+                  {{ 'login.resend-code' | translate }}
+                </button>
+              </div>
+            </div>
+            <span style="height: 40px;"></span>
+            <div fxLayout="column" fxLayoutGap="8px">
+              <button mat-raised-button
+                      color="accent"
+                      [disabled]="(isLoading$ | async) || verificationForm.invalid"
+                      type="submit">
+                {{ 'action.continue' | translate }}
+              </button>
+              <button mat-button
+                      type="button"
+                      (click)="selectProvider(null)">
+                {{ 'login.try-another-way' | translate }}
+              </button>
+            </div>
+          </div>
+        </fieldset>
+      </form>
+    </mat-card-content>
+  </mat-card>
+</div>
diff --git a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.scss b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.scss
new file mode 100644
index 0000000000..7403d7a27c
--- /dev/null
+++ b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.scss
@@ -0,0 +1,66 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+@import '../../../../../scss/constants';
+
+:host {
+  display: flex;
+  flex: 1 1 0;
+  .tb-two-factor-auth-login-content {
+    background-color: #eee;
+    .tb-two-factor-auth-login-card {
+      padding: 48px 48px 48px 16px;
+
+      @media #{$mat-gt-xs} {
+        width: 450px !important;
+      }
+
+      .mat-card-title{
+        font: 500 28px / 36px Roboto, "Helvetica Neue", sans-serif;
+      }
+
+      .mat-card-content {
+        margin-top: 44px;
+        margin-left: 40px;
+      }
+
+      .mat-body {
+        letter-spacing: 0.25px;
+        line-height: 16px;
+        margin: 0;
+      }
+
+      .code-block {
+        margin-top: 16px;
+      }
+
+      .providers-container{
+        padding: 0;
+
+        .mat-body {
+          padding-bottom: 8px;
+        }
+      }
+    }
+  }
+  ::ng-deep{
+    button.provider {
+      text-align: start;
+      &:not(.mat-button-disabled) {
+        border-color: rgba(255, 255, 255, .8);
+      }
+    }
+  }
+}
diff --git a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.ts b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.ts
new file mode 100644
index 0000000000..c2d34856e6
--- /dev/null
+++ b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.ts
@@ -0,0 +1,109 @@
+///
+/// Copyright © 2016-2022 The Thingsboard Authors
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     http://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+///
+
+import { Component, OnInit } from '@angular/core';
+import { AuthService } from '@core/auth/auth.service';
+import { Store } from '@ngrx/store';
+import { AppState } from '@core/core.state';
+import { PageComponent } from '@shared/components/page.component';
+import { FormBuilder, Validators } from '@angular/forms';
+import { TwoFactorAuthenticationService } from '@core/http/two-factor-authentication.service';
+import {
+  twoFactorAuthProvidersLoginData,
+  TwoFactorAuthProviderType,
+  TwoFaProviderInfo
+} from '@shared/models/two-factor-auth.models';
+import { TranslateService } from '@ngx-translate/core';
+
+@Component({
+  selector: 'tb-two-factor-auth-login',
+  templateUrl: './two-factor-auth-login.component.html',
+  styleUrls: ['./two-factor-auth-login.component.scss']
+})
+export class TwoFactorAuthLoginComponent extends PageComponent implements OnInit {
+
+  private providersInfo: TwoFaProviderInfo[];
+
+  selectedProvider: TwoFactorAuthProviderType;
+  twoFactorAuthProvider = TwoFactorAuthProviderType;
+  allowProviders: TwoFactorAuthProviderType[] = [];
+
+  providersData = twoFactorAuthProvidersLoginData;
+  providerDescription = '';
+
+  verificationForm = this.fb.group({
+    verificationCode: ['', [
+      Validators.required,
+      Validators.minLength(6),
+      Validators.maxLength(6),
+      Validators.pattern(/^\d*$/)
+    ]]
+  });
+
+  constructor(protected store: Store<AppState>,
+              private twoFactorAuthService: TwoFactorAuthenticationService,
+              private authService: AuthService,
+              private translate: TranslateService,
+              private fb: FormBuilder) {
+    super(store);
+  }
+
+  ngOnInit() {
+    this.providersInfo = this.authService.twoFactorAuthProviders;
+    Object.values(TwoFactorAuthProviderType).forEach(provider => {
+      const providerConfig = this.providersInfo.find(config => config.type === provider);
+      if (providerConfig) {
+        if (providerConfig.default) {
+          this.selectedProvider = providerConfig.type;
+          this.providerDescription = this.translate.instant(this.providersData.get(providerConfig.type).description, {
+            contact: providerConfig.contact
+          });
+        }
+        this.allowProviders.push(providerConfig.type);
+      }
+    });
+    if (this.selectedProvider !== TwoFactorAuthProviderType.TOTP) {
+      this.sendCode();
+    }
+  }
+
+  sendVerificationCode() {
+    if (this.verificationForm.valid && this.selectedProvider) {
+      this.authService.checkTwoFaVerificationCode(this.selectedProvider, this.verificationForm.get('verificationCode').value).subscribe(
+        () => {}
+      );
+    }
+  }
+
+  selectProvider(type: TwoFactorAuthProviderType) {
+    this.selectedProvider = type;
+    const providerConfig = this.providersInfo.find(config => config.type === type);
+    this.providerDescription = this.translate.instant(this.providersData.get(providerConfig.type).description, {
+      contact: providerConfig.contact
+    });
+    if (type !== TwoFactorAuthProviderType.TOTP && type !== null) {
+      this.sendCode();
+    }
+  }
+
+  sendCode() {
+    this.twoFactorAuthService.requestTwoFaVerificationCodeSend(this.selectedProvider).subscribe(() => {});
+  }
+
+  cancelLogin() {
+    this.authService.logout();
+  }
+}
diff --git a/ui-ngx/src/app/shared/models/authority.enum.ts b/ui-ngx/src/app/shared/models/authority.enum.ts
index 83dab9a8a8..683c153b07 100644
--- a/ui-ngx/src/app/shared/models/authority.enum.ts
+++ b/ui-ngx/src/app/shared/models/authority.enum.ts
@@ -19,5 +19,6 @@ export enum Authority {
   TENANT_ADMIN = 'TENANT_ADMIN',
   CUSTOMER_USER = 'CUSTOMER_USER',
   REFRESH_TOKEN = 'REFRESH_TOKEN',
-  ANONYMOUS = 'ANONYMOUS'
+  ANONYMOUS = 'ANONYMOUS',
+  PRE_VERIFICATION_TOKEN = 'PRE_VERIFICATION_TOKEN'
 }
diff --git a/ui-ngx/src/app/shared/models/login.models.ts b/ui-ngx/src/app/shared/models/login.models.ts
index 782e3a98a4..d3f1598fc5 100644
--- a/ui-ngx/src/app/shared/models/login.models.ts
+++ b/ui-ngx/src/app/shared/models/login.models.ts
@@ -14,6 +14,8 @@
 /// limitations under the License.
 ///
 
+import { Authority } from '@shared/models/authority.enum';
+
 export interface LoginRequest {
   username: string;
   password: string;
@@ -26,4 +28,5 @@ export interface PublicLoginRequest {
 export interface LoginResponse {
   token: string;
   refreshToken: string;
+  scope?: Authority;
 }
diff --git a/ui-ngx/src/app/shared/models/two-factor-auth.models.ts b/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
index 18bb3e4f20..75fc95ae4e 100644
--- a/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
+++ b/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
@@ -92,6 +92,7 @@ export interface AccountTwoFaSettings {
 export interface TwoFaProviderInfo {
   type: TwoFactorAuthProviderType;
   default: boolean;
+  contact?: string;
 }
 
 export interface TwoFactorAuthProviderData {
@@ -99,6 +100,10 @@ export interface TwoFactorAuthProviderData {
   description: string;
 }
 
+export interface TwoFactorAuthProviderLoginData extends TwoFactorAuthProviderData {
+  icon: string;
+}
+
 export const twoFactorAuthProvidersData = new Map<TwoFactorAuthProviderType, TwoFactorAuthProviderData>(
   [
     [
@@ -121,3 +126,29 @@ export const twoFactorAuthProvidersData = new Map<TwoFactorAuthProviderType, Two
     ],
   ]
 );
+
+export const twoFactorAuthProvidersLoginData = new Map<TwoFactorAuthProviderType, TwoFactorAuthProviderLoginData>(
+  [
+    [
+      TwoFactorAuthProviderType.TOTP, {
+      name: 'security.2fa.provider.totp',
+      description: 'login.totp-auth-description',
+      icon: 'mdi:cellphone-key'
+    }
+    ],
+    [
+      TwoFactorAuthProviderType.SMS, {
+      name: 'security.2fa.provider.sms',
+      description: 'login.sms-auth-description',
+      icon: 'mdi:message-reply-text-outline'
+    }
+    ],
+    [
+      TwoFactorAuthProviderType.EMAIL, {
+      name: 'security.2fa.provider.email',
+      description: 'login.email-auth-description',
+      icon: 'mdi:email-outline'
+    }
+    ],
+  ]
+);
diff --git a/ui-ngx/src/assets/locale/locale.constant-en_US.json b/ui-ngx/src/assets/locale/locale.constant-en_US.json
index 98b4df1c2b..f16eaf4526 100644
--- a/ui-ngx/src/assets/locale/locale.constant-en_US.json
+++ b/ui-ngx/src/assets/locale/locale.constant-en_US.json
@@ -2480,7 +2480,14 @@
         "email": "Email",
         "login-with": "Login with {{name}}",
         "or": "or",
-        "error": "Login error"
+        "error": "Login error",
+        "verify-your-identity": "Verify your identity",
+        "select-way-to-verify": "Select a way to verify",
+        "resend-code": "Resend code",
+        "try-another-way": "Try another way",
+        "totp-auth-description": "Please enter the security code from your authenticator app.",
+        "sms-auth-description": "A security code has been sent to your phone at {{contact}}.",
+        "email-auth-description": "A security code has been sent to your email address at {{contact}}."
     },
     "markdown": {
         "copy-code": "Click to copy",

From 57924394db7df2bffe196b3f6f2d236da7d8ce6e Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Wed, 18 May 2022 16:15:59 +0300
Subject: [PATCH 42/92] UI: Fixed config totp provider

---
 .../authentication-dialog/totp-auth-dialog.component.html      | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.html b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.html
index 54796c467d..0a2df8cf95 100644
--- a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.html
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.html
@@ -66,8 +66,9 @@
       </form>
       <div fxLayout="row" fxLayoutAlign="end center">
         <button mat-raised-button
-                type="submit"
+                type="button"
                 color="primary"
+                (click)="onSaveConfig()"
                 [disabled]="(isLoading$ | async) || totpConfigForm.invalid">
           {{ 'security.2fa.dialog.next' | translate }}
         </button>

From ebcfa52e8de6b2725db022130b06bd4f2765c5e1 Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Wed, 18 May 2022 17:49:25 +0300
Subject: [PATCH 43/92] UI: Refactoring

---
 .../two-factor-auth-settings.component.html   | 181 +++++++++++++-----
 .../two-factor-auth-settings.component.scss   |   8 +-
 .../two-factor-auth-settings.component.ts     |   8 +-
 .../two-factor-auth-login.component.scss      |   8 +-
 .../login/two-factor-auth-login.component.ts  |  23 ++-
 5 files changed, 160 insertions(+), 68 deletions(-)

diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
index f3e850a8d7..8aff328999 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
@@ -33,7 +33,7 @@
           <ng-container>
             <fieldset class="fields-group">
               <legend class="group-title" translate>admin.2fa.verification-limitations</legend>
-              <div class="input-row" fxLayout="row" fxLayout.sm="column" fxLayoutGap="8px">
+              <div class="input-row" fxLayout="row" fxLayout.xs="column" fxLayoutGap.gt-xs="8px">
                 <mat-form-field fxFlex class="mat-block">
                   <mat-label translate>admin.2fa.total-allowed-time-for-verification</mat-label>
                   <input matInput required formControlName="totalAllowedTimeForVerification" type="number" step="1" min="1">
@@ -58,62 +58,137 @@
                   </mat-error>
                 </mat-form-field>
               </div>
-              <mat-slide-toggle class="rate-limit-toggle" formControlName="verificationCodeSendRateLimitEnable">
-                {{ 'admin.2fa.verification-code-send-rate-limit' | translate }}
-              </mat-slide-toggle>
-              <div class="input-row" fxLayout="row" fxLayout.sm="column" fxLayoutGap="8px"
-                   *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitEnable').value">
-                <mat-form-field fxFlex class="mat-block">
-                  <mat-label translate>admin.2fa.number-of-send-attempts</mat-label>
-                  <input matInput formControlName="verificationCodeSendRateLimitNumber" type="number" step="1" min="1" required>
-                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitNumber').hasError('required')">
-                    {{ 'admin.2fa.number-of-send-attempts-required' | translate }}
-                  </mat-error>
-                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitNumber').hasError('pattern')
+              <mat-expansion-panel class="provider">
+                <mat-expansion-panel-header>
+                  <mat-panel-title fxLayoutAlign="start center">
+                    <mat-slide-toggle
+                      (click)="toggleExtensionPanel($event, 0, twoFaFormGroup.get('verificationCodeSendRateLimitEnable').value)"
+                      formControlName="verificationCodeSendRateLimitEnable">
+                    </mat-slide-toggle>
+                    {{ 'admin.2fa.verification-code-send-rate-limit' | translate }}
+                  </mat-panel-title>
+                </mat-expansion-panel-header>
+                <ng-template matExpansionPanelContent>
+                  <div fxLayout="row" fxLayout.xs="column" fxLayoutGap.gt-xs="8px">
+                    <mat-form-field fxFlex class="mat-block">
+                      <mat-label translate>admin.2fa.number-of-send-attempts</mat-label>
+                      <input matInput formControlName="verificationCodeSendRateLimitNumber" type="number" step="1" min="1" required>
+                      <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitNumber').hasError('required')">
+                        {{ 'admin.2fa.number-of-send-attempts-required' | translate }}
+                      </mat-error>
+                      <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitNumber').hasError('pattern')
                     || twoFaFormGroup.get('verificationCodeSendRateLimitNumber').hasError('min')">
-                    {{ 'admin.2fa.number-of-send-attempts-pattern' | translate }}
-                  </mat-error>
-                </mat-form-field>
-                <mat-form-field fxFlex class="mat-block">
-                  <mat-label translate>admin.2fa.within-time</mat-label>
-                  <input matInput formControlName="verificationCodeSendRateLimitTime" type="number" step="1" min="1" required>
-                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitTime').hasError('required')">
-                    {{ 'admin.2fa.within-time-required' | translate }}
-                  </mat-error>
-                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitTime').hasError('pattern')
+                        {{ 'admin.2fa.number-of-send-attempts-pattern' | translate }}
+                      </mat-error>
+                    </mat-form-field>
+                    <mat-form-field fxFlex class="mat-block">
+                      <mat-label translate>admin.2fa.within-time</mat-label>
+                      <input matInput formControlName="verificationCodeSendRateLimitTime" type="number" step="1" min="1" required>
+                      <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitTime').hasError('required')">
+                        {{ 'admin.2fa.within-time-required' | translate }}
+                      </mat-error>
+                      <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitTime').hasError('pattern')
                     || twoFaFormGroup.get('verificationCodeSendRateLimitTime').hasError('min')">
-                    {{ 'admin.2fa.within-time-pattern' | translate }}
-                  </mat-error>
-                </mat-form-field>
-              </div>
-              <mat-slide-toggle class="rate-limit-toggle" formControlName="verificationCodeCheckRateLimitEnable">
-                {{ 'admin.2fa.verification-code-check-rate-limit' | translate }}
-              </mat-slide-toggle>
-              <div class="input-row" fxLayout="row" fxLayout.sm="column" fxLayoutGap="8px"
-                   *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitEnable').value">
-                <mat-form-field fxFlex class="mat-block">
-                  <mat-label translate>admin.2fa.number-of-checking-attempts</mat-label>
-                  <input matInput formControlName="verificationCodeCheckRateLimitNumber" required type="number" step="1" min="1">
-                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitNumber').hasError('required')">
-                    {{ 'admin.2fa.number-of-checking-attempts-required' | translate }}
-                  </mat-error>
-                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitNumber').hasError('pattern')
+                        {{ 'admin.2fa.within-time-pattern' | translate }}
+                      </mat-error>
+                    </mat-form-field>
+                  </div>
+                </ng-template>
+              </mat-expansion-panel>
+<!--              <mat-slide-toggle class="rate-limit-toggle" formControlName="verificationCodeSendRateLimitEnable">-->
+<!--                {{ 'admin.2fa.verification-code-send-rate-limit' | translate }}-->
+<!--              </mat-slide-toggle>-->
+<!--              <div class="input-row" fxLayout="row" fxLayout.xs="column" fxLayoutGap.gt-xs="8px"-->
+<!--                   *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitEnable').value">-->
+<!--                <mat-form-field fxFlex class="mat-block">-->
+<!--                  <mat-label translate>admin.2fa.number-of-send-attempts</mat-label>-->
+<!--                  <input matInput formControlName="verificationCodeSendRateLimitNumber" type="number" step="1" min="1" required>-->
+<!--                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitNumber').hasError('required')">-->
+<!--                    {{ 'admin.2fa.number-of-send-attempts-required' | translate }}-->
+<!--                  </mat-error>-->
+<!--                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitNumber').hasError('pattern')-->
+<!--                    || twoFaFormGroup.get('verificationCodeSendRateLimitNumber').hasError('min')">-->
+<!--                    {{ 'admin.2fa.number-of-send-attempts-pattern' | translate }}-->
+<!--                  </mat-error>-->
+<!--                </mat-form-field>-->
+<!--                <mat-form-field fxFlex class="mat-block">-->
+<!--                  <mat-label translate>admin.2fa.within-time</mat-label>-->
+<!--                  <input matInput formControlName="verificationCodeSendRateLimitTime" type="number" step="1" min="1" required>-->
+<!--                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitTime').hasError('required')">-->
+<!--                    {{ 'admin.2fa.within-time-required' | translate }}-->
+<!--                  </mat-error>-->
+<!--                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitTime').hasError('pattern')-->
+<!--                    || twoFaFormGroup.get('verificationCodeSendRateLimitTime').hasError('min')">-->
+<!--                    {{ 'admin.2fa.within-time-pattern' | translate }}-->
+<!--                  </mat-error>-->
+<!--                </mat-form-field>-->
+<!--              </div>-->
+              <mat-divider></mat-divider>
+              <mat-expansion-panel class="provider">
+                <mat-expansion-panel-header>
+                  <mat-panel-title fxLayoutAlign="start center">
+                    <mat-slide-toggle class="rate-limit-toggle"
+                                      (click)="toggleExtensionPanel($event, 1, twoFaFormGroup.get('verificationCodeCheckRateLimitEnable').value)"
+                                      formControlName="verificationCodeCheckRateLimitEnable">
+                    </mat-slide-toggle>
+                    {{ 'admin.2fa.verification-code-check-rate-limit' | translate }}
+                  </mat-panel-title>
+                </mat-expansion-panel-header>
+                <ng-template matExpansionPanelContent>
+                  <div fxLayout="row" fxLayout.xs="column" fxLayoutGap.gt-xs="8px">
+                    <mat-form-field fxFlex class="mat-block">
+                      <mat-label translate>admin.2fa.number-of-checking-attempts</mat-label>
+                      <input matInput formControlName="verificationCodeCheckRateLimitNumber" required type="number" step="1" min="1">
+                      <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitNumber').hasError('required')">
+                        {{ 'admin.2fa.number-of-checking-attempts-required' | translate }}
+                      </mat-error>
+                      <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitNumber').hasError('pattern')
                     || twoFaFormGroup.get('verificationCodeCheckRateLimitNumber').hasError('min')">
-                    {{ 'admin.2fa.number-of-checking-attempts-pattern' | translate }}
-                  </mat-error>
-                </mat-form-field>
-                <mat-form-field fxFlex class="mat-block">
-                  <mat-label translate>admin.2fa.within-time</mat-label>
-                  <input matInput formControlName="verificationCodeCheckRateLimitTime" required type="number" step="1" min="1">
-                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitTime').hasError('required')">
-                    {{ 'admin.2fa.within-time-required' | translate }}
-                  </mat-error>
-                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitTime').hasError('pattern')
+                        {{ 'admin.2fa.number-of-checking-attempts-pattern' | translate }}
+                      </mat-error>
+                    </mat-form-field>
+                    <mat-form-field fxFlex class="mat-block">
+                      <mat-label translate>admin.2fa.within-time</mat-label>
+                      <input matInput formControlName="verificationCodeCheckRateLimitTime" required type="number" step="1" min="1">
+                      <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitTime').hasError('required')">
+                        {{ 'admin.2fa.within-time-required' | translate }}
+                      </mat-error>
+                      <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitTime').hasError('pattern')
                     || twoFaFormGroup.get('verificationCodeCheckRateLimitTime').hasError('min')">
-                    {{ 'admin.2fa.within-time-pattern' | translate }}
-                  </mat-error>
-                </mat-form-field>
-              </div>
+                        {{ 'admin.2fa.within-time-pattern' | translate }}
+                      </mat-error>
+                    </mat-form-field>
+                  </div>
+                </ng-template>
+              </mat-expansion-panel>
+<!--              <mat-slide-toggle class="rate-limit-toggle" formControlName="verificationCodeCheckRateLimitEnable">-->
+<!--                {{ 'admin.2fa.verification-code-check-rate-limit' | translate }}-->
+<!--              </mat-slide-toggle>-->
+<!--              <div class="input-row" fxLayout="row" fxLayout.xs="column" fxLayoutGap.gt-xs="8px"-->
+<!--                   *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitEnable').value">-->
+<!--                <mat-form-field fxFlex class="mat-block">-->
+<!--                  <mat-label translate>admin.2fa.number-of-checking-attempts</mat-label>-->
+<!--                  <input matInput formControlName="verificationCodeCheckRateLimitNumber" required type="number" step="1" min="1">-->
+<!--                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitNumber').hasError('required')">-->
+<!--                    {{ 'admin.2fa.number-of-checking-attempts-required' | translate }}-->
+<!--                  </mat-error>-->
+<!--                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitNumber').hasError('pattern')-->
+<!--                    || twoFaFormGroup.get('verificationCodeCheckRateLimitNumber').hasError('min')">-->
+<!--                    {{ 'admin.2fa.number-of-checking-attempts-pattern' | translate }}-->
+<!--                  </mat-error>-->
+<!--                </mat-form-field>-->
+<!--                <mat-form-field fxFlex class="mat-block">-->
+<!--                  <mat-label translate>admin.2fa.within-time</mat-label>-->
+<!--                  <input matInput formControlName="verificationCodeCheckRateLimitTime" required type="number" step="1" min="1">-->
+<!--                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitTime').hasError('required')">-->
+<!--                    {{ 'admin.2fa.within-time-required' | translate }}-->
+<!--                  </mat-error>-->
+<!--                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitTime').hasError('pattern')-->
+<!--                    || twoFaFormGroup.get('verificationCodeCheckRateLimitTime').hasError('min')">-->
+<!--                    {{ 'admin.2fa.within-time-pattern' | translate }}-->
+<!--                  </mat-error>-->
+<!--                </mat-form-field>-->
+<!--              </div>-->
             </fieldset>
             <fieldset class="fields-group" formArrayName="providers">
               <legend class="group-title" translate>admin.2fa.available-providers</legend>
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss
index 2ae3981717..6a716e6c47 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss
@@ -26,17 +26,15 @@
     legend {
       color: rgba(0, 0, 0, .7);
       width: fit-content;
+      margin: 0 8px;
     }
 
-    &:not(:last-of-type) {
-      padding: 8px;
+    .input-row {
+      padding: 8px 8px 0;
     }
 
     &:last-of-type {
       margin-bottom: 24px;
-      legend {
-        margin: 0 8px;
-      }
     }
 
     .rate-limit-toggle {
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
index c866612049..10cc499118 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
@@ -92,10 +92,14 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
   }
 
   toggleProviders($event: Event, i: number): void {
+    this.toggleExtensionPanel($event, i + 2, this.providersForm.at(i).get('enable').value);
+  }
+
+  toggleExtensionPanel($event: Event, i: number, currentState: boolean) {
     if ($event) {
       $event.stopPropagation();
     }
-    if (this.providersForm.at(i).get('enable').value) {
+    if (currentState) {
       this.getByIndexPanel(i).close();
     } else {
       this.getByIndexPanel(i).open();
@@ -175,7 +179,7 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
       const findIndex = allowProvidersConfig.indexOf(provider);
       if (findIndex > -1) {
         processFormValue.providers.push(Object.assign(settings.providers[findIndex], {enable: true}));
-        this.getByIndexPanel(index).open();
+        this.getByIndexPanel(index + 2).open();
       } else {
         processFormValue.providers.push({enable: false});
       }
diff --git a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.scss b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.scss
index 7403d7a27c..c29e4ae6d4 100644
--- a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.scss
+++ b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.scss
@@ -28,7 +28,7 @@
       }
 
       .mat-card-title{
-        font: 500 28px / 36px Roboto, "Helvetica Neue", sans-serif;
+        font: 400 28px / 36px Roboto, "Helvetica Neue", sans-serif;
       }
 
       .mat-card-content {
@@ -58,9 +58,15 @@
   ::ng-deep{
     button.provider {
       text-align: start;
+      font-weight: 400;
       &:not(.mat-button-disabled) {
         border-color: rgba(255, 255, 255, .8);
       }
+      .icon{
+        height: 18px;
+        width: 18px;
+        vertical-align: sub;
+      }
     }
   }
 }
diff --git a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.ts b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.ts
index c2d34856e6..0c47899651 100644
--- a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.ts
+++ b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.ts
@@ -36,6 +36,7 @@ import { TranslateService } from '@ngx-translate/core';
 export class TwoFactorAuthLoginComponent extends PageComponent implements OnInit {
 
   private providersInfo: TwoFaProviderInfo[];
+  private prevProvider: TwoFactorAuthProviderType;
 
   selectedProvider: TwoFactorAuthProviderType;
   twoFactorAuthProvider = TwoFactorAuthProviderType;
@@ -89,13 +90,16 @@ export class TwoFactorAuthLoginComponent extends PageComponent implements OnInit
   }
 
   selectProvider(type: TwoFactorAuthProviderType) {
+    this.prevProvider = type === null ? this.selectedProvider : null;
     this.selectedProvider = type;
-    const providerConfig = this.providersInfo.find(config => config.type === type);
-    this.providerDescription = this.translate.instant(this.providersData.get(providerConfig.type).description, {
-      contact: providerConfig.contact
-    });
-    if (type !== TwoFactorAuthProviderType.TOTP && type !== null) {
-      this.sendCode();
+    if (type !== null) {
+      const providerConfig = this.providersInfo.find(config => config.type === type);
+      this.providerDescription = this.translate.instant(this.providersData.get(providerConfig.type).description, {
+        contact: providerConfig.contact
+      });
+      if (type !== TwoFactorAuthProviderType.TOTP) {
+        this.sendCode();
+      }
     }
   }
 
@@ -104,6 +108,11 @@ export class TwoFactorAuthLoginComponent extends PageComponent implements OnInit
   }
 
   cancelLogin() {
-    this.authService.logout();
+    if (this.prevProvider) {
+      this.selectedProvider = this.prevProvider;
+      this.prevProvider = null;
+    } else {
+      this.authService.logout();
+    }
   }
 }

From 708b7038d46c9438938fb8eb19df1e4b9c77ecd6 Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Wed, 18 May 2022 17:53:54 +0300
Subject: [PATCH 44/92] UI: Clear code

---
 .../two-factor-auth-settings.component.html   | 56 -------------------
 .../two-factor-auth-settings.component.ts     |  6 ++
 2 files changed, 6 insertions(+), 56 deletions(-)

diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
index 8aff328999..04cfd2c528 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
@@ -95,34 +95,6 @@
                   </div>
                 </ng-template>
               </mat-expansion-panel>
-<!--              <mat-slide-toggle class="rate-limit-toggle" formControlName="verificationCodeSendRateLimitEnable">-->
-<!--                {{ 'admin.2fa.verification-code-send-rate-limit' | translate }}-->
-<!--              </mat-slide-toggle>-->
-<!--              <div class="input-row" fxLayout="row" fxLayout.xs="column" fxLayoutGap.gt-xs="8px"-->
-<!--                   *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitEnable').value">-->
-<!--                <mat-form-field fxFlex class="mat-block">-->
-<!--                  <mat-label translate>admin.2fa.number-of-send-attempts</mat-label>-->
-<!--                  <input matInput formControlName="verificationCodeSendRateLimitNumber" type="number" step="1" min="1" required>-->
-<!--                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitNumber').hasError('required')">-->
-<!--                    {{ 'admin.2fa.number-of-send-attempts-required' | translate }}-->
-<!--                  </mat-error>-->
-<!--                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitNumber').hasError('pattern')-->
-<!--                    || twoFaFormGroup.get('verificationCodeSendRateLimitNumber').hasError('min')">-->
-<!--                    {{ 'admin.2fa.number-of-send-attempts-pattern' | translate }}-->
-<!--                  </mat-error>-->
-<!--                </mat-form-field>-->
-<!--                <mat-form-field fxFlex class="mat-block">-->
-<!--                  <mat-label translate>admin.2fa.within-time</mat-label>-->
-<!--                  <input matInput formControlName="verificationCodeSendRateLimitTime" type="number" step="1" min="1" required>-->
-<!--                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitTime').hasError('required')">-->
-<!--                    {{ 'admin.2fa.within-time-required' | translate }}-->
-<!--                  </mat-error>-->
-<!--                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitTime').hasError('pattern')-->
-<!--                    || twoFaFormGroup.get('verificationCodeSendRateLimitTime').hasError('min')">-->
-<!--                    {{ 'admin.2fa.within-time-pattern' | translate }}-->
-<!--                  </mat-error>-->
-<!--                </mat-form-field>-->
-<!--              </div>-->
               <mat-divider></mat-divider>
               <mat-expansion-panel class="provider">
                 <mat-expansion-panel-header>
@@ -161,34 +133,6 @@
                   </div>
                 </ng-template>
               </mat-expansion-panel>
-<!--              <mat-slide-toggle class="rate-limit-toggle" formControlName="verificationCodeCheckRateLimitEnable">-->
-<!--                {{ 'admin.2fa.verification-code-check-rate-limit' | translate }}-->
-<!--              </mat-slide-toggle>-->
-<!--              <div class="input-row" fxLayout="row" fxLayout.xs="column" fxLayoutGap.gt-xs="8px"-->
-<!--                   *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitEnable').value">-->
-<!--                <mat-form-field fxFlex class="mat-block">-->
-<!--                  <mat-label translate>admin.2fa.number-of-checking-attempts</mat-label>-->
-<!--                  <input matInput formControlName="verificationCodeCheckRateLimitNumber" required type="number" step="1" min="1">-->
-<!--                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitNumber').hasError('required')">-->
-<!--                    {{ 'admin.2fa.number-of-checking-attempts-required' | translate }}-->
-<!--                  </mat-error>-->
-<!--                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitNumber').hasError('pattern')-->
-<!--                    || twoFaFormGroup.get('verificationCodeCheckRateLimitNumber').hasError('min')">-->
-<!--                    {{ 'admin.2fa.number-of-checking-attempts-pattern' | translate }}-->
-<!--                  </mat-error>-->
-<!--                </mat-form-field>-->
-<!--                <mat-form-field fxFlex class="mat-block">-->
-<!--                  <mat-label translate>admin.2fa.within-time</mat-label>-->
-<!--                  <input matInput formControlName="verificationCodeCheckRateLimitTime" required type="number" step="1" min="1">-->
-<!--                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitTime').hasError('required')">-->
-<!--                    {{ 'admin.2fa.within-time-required' | translate }}-->
-<!--                  </mat-error>-->
-<!--                  <mat-error *ngIf="twoFaFormGroup.get('verificationCodeCheckRateLimitTime').hasError('pattern')-->
-<!--                    || twoFaFormGroup.get('verificationCodeCheckRateLimitTime').hasError('min')">-->
-<!--                    {{ 'admin.2fa.within-time-pattern' | translate }}-->
-<!--                  </mat-error>-->
-<!--                </mat-form-field>-->
-<!--              </div>-->
             </fieldset>
             <fieldset class="fields-group" formArrayName="providers">
               <legend class="group-title" translate>admin.2fa.available-providers</legend>
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
index 10cc499118..c46cb202eb 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
@@ -175,6 +175,12 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
       verificationCodeSendRateLimitTime: sendRateLimitTime || 60,
       providers: []
     });
+    if (sendRateLimitNumber > 0) {
+      this.getByIndexPanel(0).open();
+    }
+    if (checkRateLimitNumber > 0) {
+      this.getByIndexPanel(1).open();
+    }
     Object.values(TwoFactorAuthProviderType).forEach((provider, index) => {
       const findIndex = allowProvidersConfig.indexOf(provider);
       if (findIndex > -1) {

From 0e32206bd465f0f19a2da8488fcd4c15b2e0f9ed Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Thu, 19 May 2022 15:04:15 +0300
Subject: [PATCH 45/92] UI: Refactoring

---
 .../two-factor-auth-settings.component.html   | 141 +++++++++---------
 .../two-factor-auth-settings.component.scss   |   5 -
 .../two-factor-auth-settings.component.ts     |   4 +-
 .../email-auth-dialog.component.html          |  10 +-
 .../sms-auth-dialog.component.html            |   7 +-
 .../totp-auth-dialog.component.html           |   5 +-
 .../two-factor-auth-login.component.html      |   4 +-
 .../assets/locale/locale.constant-en_US.json  |   4 +-
 8 files changed, 90 insertions(+), 90 deletions(-)

diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
index 04cfd2c528..b5a06a6669 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
@@ -31,6 +31,75 @@
       <form [formGroup]="twoFaFormGroup" (ngSubmit)="save()">
         <fieldset [disabled]="isLoading$ | async">
           <ng-container>
+            <fieldset class="fields-group" formArrayName="providers">
+              <legend class="group-title" translate>admin.2fa.available-providers</legend>
+              <ng-container *ngFor="let provider of providersForm.controls; let i = index; let $last = last; trackBy: trackByElement">
+                <mat-expansion-panel class="provider" [formGroupName]="i">
+                  <mat-expansion-panel-header>
+                    <mat-panel-title fxLayoutAlign="start center">
+                      <mat-slide-toggle
+                        (click)="toggleProviders($event, i)"
+                        formControlName="enable">
+                      </mat-slide-toggle>
+                      {{ provider.value.providerType }}
+                    </mat-panel-title>
+                  </mat-expansion-panel-header>
+
+                  <ng-template matExpansionPanelContent>
+                    <ng-container [ngSwitch]="provider.get('providerType').value">
+                      <ng-container *ngSwitchCase="twoFactorAuthProviderType.TOTP">
+                        <mat-form-field fxFlex class="mat-block">
+                          <mat-label translate>admin.2fa.issuer-name</mat-label>
+                          <input matInput formControlName="issuerName" required>
+                          <mat-error *ngIf="provider.get('issuerName').hasError('required')">
+                            {{ "admin.2fa.issuer-name-required" | translate }}
+                          </mat-error>
+                        </mat-form-field>
+                      </ng-container>
+                      <div *ngSwitchCase="twoFactorAuthProviderType.SMS"
+                           fxLayout="row" fxLayout.xs="column" fxLayoutGap.gt-xs="8px">
+                        <mat-form-field fxFlex class="mat-block">
+                          <mat-label translate>admin.2fa.verification-message-template</mat-label>
+                          <input matInput formControlName="smsVerificationMessageTemplate" required>
+                          <mat-error *ngIf="provider.get('smsVerificationMessageTemplate').hasError('required')">
+                            {{ "admin.2fa.verification-message-template-required" | translate }}
+                          </mat-error>
+                          <mat-error *ngIf="provider.get('smsVerificationMessageTemplate').hasError('pattern')">
+                            {{ "admin.2fa.verification-message-template-pattern" | translate }}
+                          </mat-error>
+                        </mat-form-field>
+
+                        <mat-form-field fxFlex class="mat-block">
+                          <mat-label translate>admin.2fa.verification-code-lifetime</mat-label>
+                          <input matInput formControlName="verificationCodeLifetime" type="number" step="1" min="1" required>
+                          <mat-error *ngIf="provider.get('verificationCodeLifetime').hasError('required')">
+                            {{ "admin.2fa.verification-code-lifetime-required" | translate }}
+                          </mat-error>
+                          <mat-error *ngIf="provider.get('verificationCodeLifetime').hasError('min') ||
+                                            provider.get('verificationCodeLifetime').hasError('pattern')">
+                            {{ "admin.2fa.verification-code-lifetime-pattern" | translate }}
+                          </mat-error>
+                        </mat-form-field>
+                      </div>
+                      <div *ngSwitchCase="twoFactorAuthProviderType.EMAIL">
+                        <mat-form-field fxFlex class="mat-block">
+                          <mat-label translate>admin.2fa.verification-code-lifetime</mat-label>
+                          <input matInput formControlName="verificationCodeLifetime" type="number" step="1" min="1" required>
+                          <mat-error *ngIf="provider.get('verificationCodeLifetime').hasError('required')">
+                            {{ "admin.2fa.verification-code-lifetime-required" | translate }}
+                          </mat-error>
+                          <mat-error *ngIf="provider.get('verificationCodeLifetime').hasError('min') ||
+                                            provider.get('verificationCodeLifetime').hasError('pattern')">
+                            {{ "admin.2fa.verification-code-lifetime-pattern" | translate }}
+                          </mat-error>
+                        </mat-form-field>
+                      </div>
+                    </ng-container>
+                  </ng-template>
+                </mat-expansion-panel>
+                <mat-divider *ngIf="!$last"></mat-divider>
+              </ng-container>
+            </fieldset>
             <fieldset class="fields-group">
               <legend class="group-title" translate>admin.2fa.verification-limitations</legend>
               <div class="input-row" fxLayout="row" fxLayout.xs="column" fxLayoutGap.gt-xs="8px">
@@ -99,8 +168,7 @@
               <mat-expansion-panel class="provider">
                 <mat-expansion-panel-header>
                   <mat-panel-title fxLayoutAlign="start center">
-                    <mat-slide-toggle class="rate-limit-toggle"
-                                      (click)="toggleExtensionPanel($event, 1, twoFaFormGroup.get('verificationCodeCheckRateLimitEnable').value)"
+                    <mat-slide-toggle (click)="toggleExtensionPanel($event, 1, twoFaFormGroup.get('verificationCodeCheckRateLimitEnable').value)"
                                       formControlName="verificationCodeCheckRateLimitEnable">
                     </mat-slide-toggle>
                     {{ 'admin.2fa.verification-code-check-rate-limit' | translate }}
@@ -134,75 +202,6 @@
                 </ng-template>
               </mat-expansion-panel>
             </fieldset>
-            <fieldset class="fields-group" formArrayName="providers">
-              <legend class="group-title" translate>admin.2fa.available-providers</legend>
-              <ng-container *ngFor="let provider of providersForm.controls; let i = index; let $last = last; trackBy: trackByElement">
-                <mat-expansion-panel class="provider" [formGroupName]="i">
-                  <mat-expansion-panel-header>
-                    <mat-panel-title fxLayoutAlign="start center">
-                      <mat-slide-toggle
-                        (click)="toggleProviders($event, i)"
-                        formControlName="enable">
-                      </mat-slide-toggle>
-                      {{ provider.value.providerType }}
-                    </mat-panel-title>
-                  </mat-expansion-panel-header>
-
-                  <ng-template matExpansionPanelContent>
-                    <ng-container [ngSwitch]="provider.get('providerType').value">
-                      <ng-container *ngSwitchCase="twoFactorAuthProviderType.TOTP">
-                        <mat-form-field fxFlex class="mat-block">
-                          <mat-label translate>admin.2fa.issuer-name</mat-label>
-                          <input matInput formControlName="issuerName" required>
-                          <mat-error *ngIf="provider.get('issuerName').hasError('required')">
-                            {{ "admin.2fa.issuer-name-required" | translate }}
-                          </mat-error>
-                        </mat-form-field>
-                      </ng-container>
-                      <div *ngSwitchCase="twoFactorAuthProviderType.SMS"
-                           fxLayout="row" fxLayout.xs="column" fxLayoutGap.gt-xs="8px">
-                        <mat-form-field fxFlex class="mat-block">
-                          <mat-label translate>admin.2fa.verification-message-template</mat-label>
-                          <input matInput formControlName="smsVerificationMessageTemplate" required>
-                          <mat-error *ngIf="provider.get('smsVerificationMessageTemplate').hasError('required')">
-                            {{ "admin.2fa.verification-message-template-required" | translate }}
-                          </mat-error>
-                          <mat-error *ngIf="provider.get('smsVerificationMessageTemplate').hasError('pattern')">
-                            {{ "admin.2fa.verification-message-template-pattern" | translate }}
-                          </mat-error>
-                        </mat-form-field>
-
-                        <mat-form-field fxFlex class="mat-block">
-                          <mat-label translate>admin.2fa.verification-code-lifetime</mat-label>
-                          <input matInput formControlName="verificationCodeLifetime" type="number" step="1" min="1" required>
-                          <mat-error *ngIf="provider.get('verificationCodeLifetime').hasError('required')">
-                            {{ "admin.2fa.verification-code-lifetime-required" | translate }}
-                          </mat-error>
-                          <mat-error *ngIf="provider.get('verificationCodeLifetime').hasError('min') ||
-                                            provider.get('verificationCodeLifetime').hasError('pattern')">
-                            {{ "admin.2fa.verification-code-lifetime-pattern" | translate }}
-                          </mat-error>
-                        </mat-form-field>
-                      </div>
-                      <div *ngSwitchCase="twoFactorAuthProviderType.EMAIL">
-                        <mat-form-field fxFlex class="mat-block">
-                          <mat-label translate>admin.2fa.verification-code-lifetime</mat-label>
-                          <input matInput formControlName="verificationCodeLifetime" type="number" step="1" min="1" required>
-                          <mat-error *ngIf="provider.get('verificationCodeLifetime').hasError('required')">
-                            {{ "admin.2fa.verification-code-lifetime-required" | translate }}
-                          </mat-error>
-                          <mat-error *ngIf="provider.get('verificationCodeLifetime').hasError('min') ||
-                                            provider.get('verificationCodeLifetime').hasError('pattern')">
-                            {{ "admin.2fa.verification-code-lifetime-pattern" | translate }}
-                          </mat-error>
-                        </mat-form-field>
-                      </div>
-                    </ng-container>
-                  </ng-template>
-                </mat-expansion-panel>
-                <mat-divider *ngIf="!$last"></mat-divider>
-              </ng-container>
-            </fieldset>
             <div fxLayout="row" fxLayoutAlign="end center" fxLayoutGap="8px">
               <button mat-button mat-raised-button color="primary"
                       [disabled]="(isLoading$ | async) || twoFaFormGroup.invalid || !twoFaFormGroup.dirty"
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss
index 6a716e6c47..8cef8aaf8d 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss
@@ -36,11 +36,6 @@
     &:last-of-type {
       margin-bottom: 24px;
     }
-
-    .rate-limit-toggle {
-      display: block;
-      margin-bottom: 8px;
-    }
   }
 
   .mat-expansion-panel {
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
index c46cb202eb..18ac46c94d 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
@@ -203,9 +203,9 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
         formControlConfig.issuerName = [{value: 'ThingsBoard', disabled: true}, Validators.required];
         break;
       case TwoFactorAuthProviderType.SMS:
-        formControlConfig.smsVerificationMessageTemplate = [{value: 'Verification code: ${verificationCode}', disabled: true}, [
+        formControlConfig.smsVerificationMessageTemplate = [{value: 'Verification code: ${сode}', disabled: true}, [
           Validators.required,
-          Validators.pattern(/\${verificationCode}/)
+          Validators.pattern(/\${сode}/)
         ]];
         formControlConfig.verificationCodeLifetime = [{value: 120, disabled: true}, [
           Validators.required,
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.html b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.html
index 75211537d4..39a46340d9 100644
--- a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.html
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.html
@@ -36,10 +36,11 @@
       <ng-template matStepLabel>{{ 'security.2fa.dialog.email-step-label' | translate }}</ng-template>
       <form [formGroup]="emailConfigForm" (ngSubmit)="nextStep()">
         <p class="mat-body step-description input" translate>security.2fa.dialog.email-step-description</p>
-        <div fxLayout="row" fxLayoutAlign="space-between center">
+        <div fxLayout="row" fxLayoutAlign="space-between center" fxLayoutGap="8px">
           <mat-form-field fxFlex class="mat-block input-container" hideRequiredMarker floatLabel="always">
             <mat-label></mat-label>
-            <input matInput formControlName="email" required
+            <input matInput formControlName="email"
+                   type="email" required
                    placeholder="{{ 'security.2fa.dialog.email-step-label' | translate }}" />
             <mat-error *ngIf="emailConfigForm.get('email').hasError('required')">
               {{ 'user.email-required' | translate }}
@@ -67,8 +68,9 @@
           <mat-form-field fxFlex class="mat-block code-container" hideRequiredMarker floatLabel="always">
             <mat-label></mat-label>
             <input matInput formControlName="verificationCode"
-                   maxlength="6" type="text"
-                   pattern="\d*" required
+                   maxlength="6" type="text" required
+                   inputmode="numeric" pattern="[0-9]*"
+                   autocomplete="off"
                    placeholder="{{ 'security.2fa.dialog.verification-code' | translate }}">
             <mat-error *ngIf="emailVerificationForm.get('verificationCode').invalid">
               {{ 'security.2fa.dialog.verification-code-invalid' | translate }}
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.html b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.html
index f27e138a0e..49d8ee661f 100644
--- a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.html
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.html
@@ -66,12 +66,13 @@
         <p class="mat-body step-description input">
           {{ 'security.2fa.dialog.verification-step-description' | translate : {address: smsConfigForm.get('phone').value} }}
         </p>
-        <div fxLayout="row" fxLayoutAlign="space-between center">
+        <div fxLayout="row" fxLayoutAlign="space-between center" fxLayoutGap="8px">
           <mat-form-field fxFlex class="mat-block code-container" floatLabel="always" hideRequiredMarker>
             <mat-label></mat-label>
             <input matInput formControlName="verificationCode"
-                   maxlength="6" type="text"
-                   pattern="\d*" required
+                   maxlength="6" type="text" required
+                   inputmode="numeric" pattern="[0-9]*"
+                   autocomplete="off"
                    placeholder="{{ 'security.2fa.dialog.verification-code' | translate }}">
             <mat-error *ngIf="smsVerificationForm.get('verificationCode').invalid">
               {{ 'security.2fa.dialog.verification-code-invalid' | translate }}
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.html b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.html
index 0a2df8cf95..1a788c8ba5 100644
--- a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.html
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.html
@@ -56,8 +56,9 @@
         <mat-form-field fxFlex class="mat-block code-container" floatLabel="always" hideRequiredMarker>
           <mat-label></mat-label>
           <input matInput formControlName="verificationCode"
-                 maxlength="6" type="text"
-                 pattern="\d*" required
+                 maxlength="6" type="text" required
+                 inputmode="numeric" pattern="[0-9]*"
+                 autocomplete="off"
                  placeholder="{{ 'security.2fa.dialog.verification-code' | translate }}">
           <mat-error *ngIf="totpConfigForm.get('verificationCode').invalid">
             {{ 'security.2fa.dialog.verification-code-invalid' | translate }}
diff --git a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.html b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.html
index 3db2b8b061..8ebbe44b9d 100644
--- a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.html
+++ b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.html
@@ -42,7 +42,9 @@
               <mat-form-field class="mat-block" fxFlex floatLabel="always" hideRequiredMarker>
                 <mat-label></mat-label>
                 <input matInput formControlName="verificationCode"
-                       required maxlength="6" type="text" pattern="\d*"
+                       required maxlength="6" type="text"
+                       inputmode="numeric" pattern="[0-9]*"
+                       autocomplete="off"
                        placeholder="{{ 'security.2fa.dialog.verification-code' | translate }}"/>
                 <mat-error *ngIf="verificationForm.get('verificationCode').invalid">
                   {{ 'security.2fa.dialog.verification-code-invalid' | translate }}
diff --git a/ui-ngx/src/assets/locale/locale.constant-en_US.json b/ui-ngx/src/assets/locale/locale.constant-en_US.json
index f16eaf4526..d307fe9779 100644
--- a/ui-ngx/src/assets/locale/locale.constant-en_US.json
+++ b/ui-ngx/src/assets/locale/locale.constant-en_US.json
@@ -338,7 +338,7 @@
             "verification-code-send-rate-limit": "Verification code send rate limit",
             "verification-message-template": "Verification message template",
             "verification-limitations": "Verification limitations",
-            "verification-message-template-pattern": "Verification message need to contains pattern: ${verificationCode}",
+            "verification-message-template-pattern": "Verification message need to contains pattern: ${code}",
             "verification-message-template-required": "Verification message template is required.",
             "within-time": "Within time (sec)",
             "within-time-pattern": "Time must be a positive integer.",
@@ -2613,7 +2613,7 @@
                 "email-description": "Use a security code sent to your email address to authenticate.",
                 "sms": "SMS",
                 "sms-description": "Use your phone to authenticate. We'll send you a security code via SMS message when you log in.",
-                "totp": "Authentication app",
+                "totp": "Authenticator app",
                 "totp-description": "Use apps like Google Authenticator, Authy, or Duo on your phone to authenticate. It will generate a security code for logging in."
             }
         }

From 8abb23087d5e690efc5001e252d6930d144d016c Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Thu, 19 May 2022 17:04:55 +0300
Subject: [PATCH 46/92] UI: Change radio button to checkbox in Security page
 2FA

---
 .../pages/security/security.component.html    | 41 ++++++++--------
 .../pages/security/security.component.scss    |  2 +-
 .../home/pages/security/security.component.ts | 47 +++++++++++++++----
 3 files changed, 58 insertions(+), 32 deletions(-)

diff --git a/ui-ngx/src/app/modules/home/pages/security/security.component.html b/ui-ngx/src/app/modules/home/pages/security/security.component.html
index 19d414535e..6d5f57213f 100644
--- a/ui-ngx/src/app/modules/home/pages/security/security.component.html
+++ b/ui-ngx/src/app/modules/home/pages/security/security.component.html
@@ -52,28 +52,27 @@
     <mat-card-content>
       <h3 class="mat-h3 auth-title" translate>security.2fa.authenticate-with</h3>
       <form [formGroup]="twoFactorAuth">
-        <fieldset [disabled]="isLoading$ | async">
-          <mat-radio-group formControlName="useByDefault">
-            <ng-container *ngFor="let provider of allowTwoFactorProviders; let $last = last; trackBy: trackByProvider">
-              <div class="provider">
-                <h4 class="provider-title">{{ providersData.get(provider).name | translate }}</h4>
-                <div fxLayout="row" fxLayoutAlign="space-between start">
-                  <div class="mat-body-1 description">
-                    {{ providersData.get(provider).description | translate }}
-                  </div>
-                  <mat-slide-toggle [formControlName]="provider"
-                                    (click)="confirm2FAChange($event, provider)">
-                  </mat-slide-toggle>
-                </div>
-                <mat-radio-button [value]="provider"
-                                  *ngIf="twoFactorAuth.get(provider).value">
-                  <span class="checkbox-label" translate>security.2fa.main-2fa-method</span>
-                </mat-radio-button>
+        <ng-container *ngFor="let provider of allowTwoFactorProviders; let $last = last; trackBy: trackByProvider">
+          <div class="provider">
+            <h4 class="provider-title">{{ providersData.get(provider).name | translate }}</h4>
+            <div fxLayout="row" fxLayoutAlign="space-between start">
+              <div class="mat-body-1 description">
+                {{ providersData.get(provider).description | translate }}
               </div>
-              <mat-divider *ngIf="!$last"></mat-divider>
-            </ng-container>
-          </mat-radio-group>
-        </fieldset>
+              <mat-slide-toggle [formControlName]="provider"
+                                (click)="confirm2FAChange($event, provider)">
+              </mat-slide-toggle>
+            </div>
+            <mat-checkbox [value]="provider"
+                          [checked]="useByDefault === provider"
+                          (click)="changeDefaultProvider($event, provider)"
+                          [disabled]="(isLoading$ | async) || activeSingleProvider"
+                           *ngIf="twoFactorAuth.get(provider).value">
+              <span class="checkbox-label" translate>security.2fa.main-2fa-method</span>
+            </mat-checkbox>
+          </div>
+          <mat-divider *ngIf="!$last"></mat-divider>
+        </ng-container>
       </form>
     </mat-card-content>
   </mat-card>
diff --git a/ui-ngx/src/app/modules/home/pages/security/security.component.scss b/ui-ngx/src/app/modules/home/pages/security/security.component.scss
index b14b2ebd18..b95909c356 100644
--- a/ui-ngx/src/app/modules/home/pages/security/security.component.scss
+++ b/ui-ngx/src/app/modules/home/pages/security/security.component.scss
@@ -108,7 +108,7 @@
       opacity: 0.87;
     }
 
-    .mat-radio-button {
+    .mat-checkbox {
       margin-top: 8px;
     }
   }
diff --git a/ui-ngx/src/app/modules/home/pages/security/security.component.ts b/ui-ngx/src/app/modules/home/pages/security/security.component.ts
index d5ded5f4f8..412bc305a3 100644
--- a/ui-ngx/src/app/modules/home/pages/security/security.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/security/security.component.ts
@@ -14,7 +14,7 @@
 /// limitations under the License.
 ///
 
-import { Component, OnInit } from '@angular/core';
+import { Component, OnDestroy, OnInit } from '@angular/core';
 import { User } from '@shared/models/user.model';
 import { PageComponent } from '@shared/components/page.component';
 import { Store } from '@ngrx/store';
@@ -34,18 +34,24 @@ import {
   TwoFactorAuthProviderType
 } from '@shared/models/two-factor-auth.models';
 import { authenticationDialogMap } from '@home/pages/security/authentication-dialog/authentication-dialog.map';
+import { takeUntil, tap } from 'rxjs/operators';
+import { Subject } from 'rxjs';
 
 @Component({
   selector: 'tb-security',
   templateUrl: './security.component.html',
   styleUrls: ['./security.component.scss']
 })
-export class SecurityComponent extends PageComponent implements OnInit {
+export class SecurityComponent extends PageComponent implements OnInit, OnDestroy {
+
+  private readonly destroy$ = new Subject<void>();
 
   twoFactorAuth: FormGroup;
   user: User;
   allowTwoFactorProviders: TwoFactorAuthProviderType[] = [];
   providersData = twoFactorAuthProvidersData;
+  useByDefault: TwoFactorAuthProviderType = null;
+  activeSingleProvider = true;
 
   get jwtToken(): string {
     return `Bearer ${localStorage.getItem('jwt_token')}`;
@@ -78,16 +84,23 @@ export class SecurityComponent extends PageComponent implements OnInit {
     this.twoFactorLoad(this.route.snapshot.data.providers);
   }
 
+  ngOnDestroy() {
+    super.ngOnDestroy();
+    this.destroy$.next();
+    this.destroy$.complete();
+  }
+
   private buildTwoFactorForm() {
     this.twoFactorAuth = this.fb.group({
       TOTP: [false],
       SMS: [false],
-      EMAIL: [false],
-      useByDefault: [null]
+      EMAIL: [false]
     });
-    this.twoFactorAuth.get('useByDefault').valueChanges.subscribe(value => {
-      this.twoFaService.updateTwoFaAccountConfig(value, true, {ignoreLoading: true})
-        .subscribe(data => this.processTwoFactorAuthConfig(data));
+    this.twoFactorAuth.valueChanges.pipe(
+      takeUntil(this.destroy$)
+    ).subscribe((value: {TwoFactorAuthProviderType: boolean}) => {
+      const formActiveValue = Object.values(value).filter(item => item);
+      this.activeSingleProvider = formActiveValue.length < 2;
     });
   }
 
@@ -108,7 +121,7 @@ export class SecurityComponent extends PageComponent implements OnInit {
       if (configs[provider]) {
         this.twoFactorAuth.get(provider).setValue(true);
         if (configs[provider].useByDefault) {
-          this.twoFactorAuth.get('useByDefault').setValue(provider, {emitEvent: false});
+          this.useByDefault = provider;
         }
       } else {
         this.twoFactorAuth.get(provider).setValue(false);
@@ -151,7 +164,10 @@ export class SecurityComponent extends PageComponent implements OnInit {
         this.translate.instant('security.2fa.disable-2fa-provider-text', {name: providerName}),
       ).subscribe(res => {
         if (res) {
-          this.twoFaService.deleteTwoFaAccountConfig(provider).subscribe(data => this.processTwoFactorAuthConfig(data));
+          this.twoFactorAuth.disable({emitEvent: false});
+          this.twoFaService.deleteTwoFaAccountConfig(provider)
+            .pipe(tap(() => this.twoFactorAuth.enable({emitEvent: false})))
+            .subscribe(data => this.processTwoFactorAuthConfig(data));
         }
       });
     } else {
@@ -163,9 +179,20 @@ export class SecurityComponent extends PageComponent implements OnInit {
       }).afterClosed().subscribe(res => {
         if (res) {
           this.twoFactorAuth.get(provider).setValue(res);
-          this.twoFactorAuth.get('useByDefault').setValue(provider, {emitEvent: false});
+          this.useByDefault = provider;
         }
       });
     }
   }
+
+  changeDefaultProvider(event: MouseEvent, provider: TwoFactorAuthProviderType) {
+    event.stopPropagation();
+    event.preventDefault();
+    if (this.useByDefault !== provider) {
+      this.twoFactorAuth.disable({emitEvent: false});
+      this.twoFaService.updateTwoFaAccountConfig(provider, true)
+        .pipe(tap(() => this.twoFactorAuth.enable({emitEvent: false})))
+        .subscribe(data => this.processTwoFactorAuthConfig(data));
+    }
+  }
 }

From f2a4ebb136348185ab6f1e29e6d3eceb376c5ce3 Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Fri, 20 May 2022 12:50:06 +0300
Subject: [PATCH 47/92] 'verificationCode' variable to 'code' in SMS 2FA
 message template

---
 .../controller/TwoFaConfigController.java     |  4 ++--
 .../mfa/provider/impl/SmsTwoFaProvider.java   |  2 +-
 .../controller/TwoFactorAuthConfigTest.java   | 20 +++++++++----------
 .../server/controller/TwoFactorAuthTest.java  |  4 ++--
 .../mfa/provider/SmsTwoFaProviderConfig.java  |  2 +-
 5 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
index 2dec65ed93..f683c03187 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
@@ -225,7 +225,7 @@ public class TwoFaConfigController extends BaseController {
                     "- `issuerName` - issuer name that will be displayed in an authenticator app near a username. Must not be blank.\n\n" +
                     "For SMS 2FA provider:\n" +
                     "- `smsVerificationMessageTemplate` - verification message template.  Available template variables " +
-                    "are ${verificationCode} and ${userEmail}. It must not be blank and must contain verification code variable.\n" +
+                    "are ${code} and ${userEmail}. It must not be blank and must contain verification code variable.\n" +
                     "- `verificationCodeLifetime` - verification code lifetime in seconds. Required to be positive.\n\n" +
                     "For EMAIL provider type:\n" +
                     "- `verificationCodeLifetime` - the same as for SMS." + NEW_LINE +
@@ -243,7 +243,7 @@ public class TwoFaConfigController extends BaseController {
                     "    {\n" +
                     "      \"providerType\": \"SMS\",\n" +
                     "      \"verificationCodeLifetime\": 60,\n" +
-                    "      \"smsVerificationMessageTemplate\": \"Here is your verification code: ${verificationCode}\"\n" +
+                    "      \"smsVerificationMessageTemplate\": \"Here is your verification code: ${code}\"\n" +
                     "    }\n" +
                     "  ],\n" +
                     "  \"verificationCodeSendRateLimit\": \"1:60\",\n" +
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFaProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFaProvider.java
index ef06b7add4..63d3233928 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFaProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/SmsTwoFaProvider.java
@@ -51,7 +51,7 @@ public class SmsTwoFaProvider extends OtpBasedTwoFaProvider<SmsTwoFaProviderConf
     @Override
     protected void sendVerificationCode(SecurityUser user, String verificationCode, SmsTwoFaProviderConfig providerConfig, SmsTwoFaAccountConfig accountConfig) throws ThingsboardException {
         Map<String, String> messageData = Map.of(
-                "verificationCode", verificationCode,
+                "code", verificationCode,
                 "userEmail", user.getEmail()
         );
         String message = TbNodeUtils.processTemplate(providerConfig.getSmsVerificationMessageTemplate(), messageData);
diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
index d6fc640878..c0b2e48c35 100644
--- a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
@@ -91,7 +91,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
         TotpTwoFaProviderConfig totpTwoFaProviderConfig = new TotpTwoFaProviderConfig();
         totpTwoFaProviderConfig.setIssuerName("tb");
         SmsTwoFaProviderConfig smsTwoFaProviderConfig = new SmsTwoFaProviderConfig();
-        smsTwoFaProviderConfig.setSmsVerificationMessageTemplate("${verificationCode}");
+        smsTwoFaProviderConfig.setSmsVerificationMessageTemplate("${code}");
         smsTwoFaProviderConfig.setVerificationCodeLifetime(60);
 
         PlatformTwoFaSettings twoFaSettings = new PlatformTwoFaSettings();
@@ -167,7 +167,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
     @Test
     public void testSaveTwoFaAccountConfig_providerNotConfigured() throws Exception {
-        configureSmsTwoFaProvider("${verificationCode}");
+        configureSmsTwoFaProvider("${code}");
 
         loginTenantAdmin();
 
@@ -300,14 +300,14 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
     @Test
     public void testGenerateSmsTwoFaAccountConfig() throws Exception {
-        configureSmsTwoFaProvider("${verificationCode}");
+        configureSmsTwoFaProvider("${code}");
         doPost("/api/2fa/account/config/generate?providerType=SMS")
                 .andExpect(status().isOk());
     }
 
     @Test
     public void testSubmitSmsTwoFaAccountConfig() throws Exception {
-        String verificationMessageTemplate = "Here is your verification code: ${verificationCode}";
+        String verificationMessageTemplate = "Here is your verification code: ${code}";
         configureSmsTwoFaProvider(verificationMessageTemplate);
 
         loginTenantAdmin();
@@ -327,7 +327,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
     @Test
     public void testSubmitSmsTwoFaAccountConfig_validationError() throws Exception {
-        configureSmsTwoFaProvider("${verificationCode}");
+        configureSmsTwoFaProvider("${code}");
 
         SmsTwoFaAccountConfig smsTwoFaAccountConfig = new SmsTwoFaAccountConfig();
         String blankPhoneNumber = "";
@@ -347,7 +347,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
     @Test
     public void testVerifyAndSaveSmsTwoFaAccountConfig() throws Exception {
-        configureSmsTwoFaProvider("${verificationCode}");
+        configureSmsTwoFaProvider("${code}");
 
         loginTenantAdmin();
 
@@ -373,7 +373,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
     @Test
     public void testVerifyAndSaveSmsTwoFaAccountConfig_incorrectVerificationCode() throws Exception {
-        configureSmsTwoFaProvider("${verificationCode}");
+        configureSmsTwoFaProvider("${code}");
 
         loginTenantAdmin();
 
@@ -387,7 +387,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
     @Test
     public void testVerifyAndSaveSmsTwoFaAccountConfig_differentAccountConfigs() throws Exception {
-        configureSmsTwoFaProvider("${verificationCode}");
+        configureSmsTwoFaProvider("${code}");
         loginTenantAdmin();
 
         SmsTwoFaAccountConfig initialSmsTwoFaAccountConfig = new SmsTwoFaAccountConfig();
@@ -442,7 +442,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
     @Test
     public void testIsTwoFaEnabled() throws Exception {
-        configureSmsTwoFaProvider("${verificationCode}");
+        configureSmsTwoFaProvider("${code}");
         SmsTwoFaAccountConfig accountConfig = new SmsTwoFaAccountConfig();
         accountConfig.setPhoneNumber("+38050505050");
         twoFaConfigManager.saveTwoFaAccountConfig(tenantId, tenantAdminUserId, accountConfig);
@@ -452,7 +452,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
     @Test
     public void testDeleteTwoFaAccountConfig() throws Exception {
-        configureSmsTwoFaProvider("${verificationCode}");
+        configureSmsTwoFaProvider("${code}");
         SmsTwoFaAccountConfig accountConfig = new SmsTwoFaAccountConfig();
         accountConfig.setPhoneNumber("+38050505050");
 
diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
index 40070b0106..2d05974325 100644
--- a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
@@ -351,7 +351,7 @@ public abstract class TwoFactorAuthTest extends AbstractControllerTest {
 
         SmsTwoFaProviderConfig smsTwoFaProviderConfig = new SmsTwoFaProviderConfig();
         smsTwoFaProviderConfig.setVerificationCodeLifetime(60);
-        smsTwoFaProviderConfig.setSmsVerificationMessageTemplate("${verificationCode}");
+        smsTwoFaProviderConfig.setSmsVerificationMessageTemplate("${code}");
 
         EmailTwoFaProviderConfig emailTwoFaProviderConfig = new EmailTwoFaProviderConfig();
         emailTwoFaProviderConfig.setVerificationCodeLifetime(60);
@@ -422,7 +422,7 @@ public abstract class TwoFactorAuthTest extends AbstractControllerTest {
     private SmsTwoFaAccountConfig configureSmsTwoFa(Consumer<SmsTwoFaProviderConfig>... customizer) throws ThingsboardException {
         SmsTwoFaProviderConfig smsTwoFaProviderConfig = new SmsTwoFaProviderConfig();
         smsTwoFaProviderConfig.setVerificationCodeLifetime(60);
-        smsTwoFaProviderConfig.setSmsVerificationMessageTemplate("${verificationCode}");
+        smsTwoFaProviderConfig.setSmsVerificationMessageTemplate("${code}");
         Arrays.stream(customizer).forEach(c -> c.accept(smsTwoFaProviderConfig));
 
         PlatformTwoFaSettings twoFaSettings = new PlatformTwoFaSettings();
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/SmsTwoFaProviderConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/SmsTwoFaProviderConfig.java
index e0ed0587d9..973a2d0c3b 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/SmsTwoFaProviderConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/SmsTwoFaProviderConfig.java
@@ -26,7 +26,7 @@ import javax.validation.constraints.Pattern;
 public class SmsTwoFaProviderConfig extends OtpBasedTwoFaProviderConfig {
 
     @NotBlank(message = "verification message template is required")
-    @Pattern(regexp = ".*\\$\\{verificationCode}.*", message = "template must contain verification code")
+    @Pattern(regexp = ".*\\$\\{code}.*", message = "template must contain verification code")
     private String smsVerificationMessageTemplate;
 
     @Override

From 509962932c4535013f14a583f93be7364d4c14e6 Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Fri, 20 May 2022 14:55:37 +0300
Subject: [PATCH 48/92] Change verificationCodeSendRateLimit to
 minVerificationCodeSendPeriod

---
 .../server/controller/TwoFaConfigController.java          | 4 ++--
 .../security/auth/mfa/DefaultTwoFactorAuthService.java    | 7 ++++++-
 .../server/controller/TwoFactorAuthConfigTest.java        | 3 ---
 .../thingsboard/server/controller/TwoFactorAuthTest.java  | 8 +++-----
 .../data/security/model/mfa/PlatformTwoFaSettings.java    | 3 +--
 5 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
index f683c03187..87e54ec196 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
@@ -214,7 +214,7 @@ public class TwoFaConfigController extends BaseController {
     @ApiOperation(value = "Save platform 2FA settings (savePlatformTwoFaSettings)",
             notes = "Save 2FA settings for platform. The settings have following properties:\n" +
                     "- `providers` - the list of 2FA providers' configs. Users will only be allowed to use 2FA providers from this list. \n\n" +
-                    "- `verificationCodeSendRateLimit` - rate limit configuration for verification code sending. " +
+                    "- `minVerificationCodeSendPeriod` - minimal period in seconds to wait after verification code send request to send next request. " +
                     "The format is standard: 'amountOfRequests:periodInSeconds'. The value of '1:60' would limit verification " +
                     "code sending requests to one per minute.\n" +
                     "- `verificationCodeCheckRateLimit` - rate limit configuration for verification code checking.\n" +
@@ -246,7 +246,7 @@ public class TwoFaConfigController extends BaseController {
                     "      \"smsVerificationMessageTemplate\": \"Here is your verification code: ${code}\"\n" +
                     "    }\n" +
                     "  ],\n" +
-                    "  \"verificationCodeSendRateLimit\": \"1:60\",\n" +
+                    "  \"minVerificationCodeSendPeriod\": 60,\n" +
                     "  \"verificationCodeCheckRateLimit\": \"3:900\",\n" +
                     "  \"maxVerificationFailuresBeforeUserLockout\": 10,\n" +
                     "  \"totalAllowedTimeForVerification\": 600\n" +
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
index c3ab2c6650..d38483d0de 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
@@ -86,7 +86,12 @@ public class DefaultTwoFactorAuthService implements TwoFactorAuthService {
         PlatformTwoFaSettings twoFaSettings = configManager.getPlatformTwoFaSettings(user.getTenantId(), true)
                 .orElseThrow(() -> PROVIDER_NOT_CONFIGURED_ERROR);
         if (checkLimits) {
-            checkRateLimits(user.getId(), accountConfig.getProviderType(), twoFaSettings.getVerificationCodeSendRateLimit(), verificationCodeSendingRateLimits);
+            Integer minVerificationCodeSendPeriod = twoFaSettings.getMinVerificationCodeSendPeriod();
+            String rateLimit = null;
+            if (minVerificationCodeSendPeriod != null && minVerificationCodeSendPeriod > 0) {
+                rateLimit = "1:" + minVerificationCodeSendPeriod;
+            }
+            checkRateLimits(user.getId(), accountConfig.getProviderType(), rateLimit, verificationCodeSendingRateLimits);
         }
 
         TwoFaProviderConfig providerConfig = twoFaSettings.getProviderConfig(accountConfig.getProviderType())
diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
index c0b2e48c35..ec5b128efd 100644
--- a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
@@ -96,7 +96,6 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
         PlatformTwoFaSettings twoFaSettings = new PlatformTwoFaSettings();
         twoFaSettings.setProviders(List.of(totpTwoFaProviderConfig, smsTwoFaProviderConfig));
-        twoFaSettings.setVerificationCodeSendRateLimit("1:60");
         twoFaSettings.setVerificationCodeCheckRateLimit("3:900");
         twoFaSettings.setMaxVerificationFailuresBeforeUserLockout(10);
         twoFaSettings.setTotalAllowedTimeForVerification(3600);
@@ -115,7 +114,6 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
 
         PlatformTwoFaSettings twoFaSettings = new PlatformTwoFaSettings();
         twoFaSettings.setProviders(Collections.emptyList());
-        twoFaSettings.setVerificationCodeSendRateLimit("ab:aba");
         twoFaSettings.setVerificationCodeCheckRateLimit("0:12");
         twoFaSettings.setMaxVerificationFailuresBeforeUserLockout(-1);
         twoFaSettings.setTotalAllowedTimeForVerification(0);
@@ -124,7 +122,6 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
                 .andExpect(status().isBadRequest()));
 
         assertThat(errorMessage).contains(
-                "verification code send rate limit configuration is invalid",
                 "verification code check rate limit configuration is invalid",
                 "maximum number of verification failure before user lockout must be positive",
                 "total amount of time allotted for verification must be greater than 0"
diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
index 2d05974325..2f7ee93cee 100644
--- a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
@@ -202,15 +202,13 @@ public abstract class TwoFactorAuthTest extends AbstractControllerTest {
     @Test
     public void testSendVerificationCode_rateLimit() throws Exception {
         configureTotpTwoFa(twoFaSettings -> {
-            twoFaSettings.setVerificationCodeSendRateLimit("3:10");
+            twoFaSettings.setMinVerificationCodeSendPeriod(10);
         });
 
         logInWithPreVerificationToken(username, password);
 
-        for (int i = 0; i < 3; i++) {
-            doPost("/api/auth/2fa/verification/send?providerType=TOTP")
-                    .andExpect(status().isOk());
-        }
+        doPost("/api/auth/2fa/verification/send?providerType=TOTP")
+                .andExpect(status().isOk());
 
         String rateLimitExceededError = getErrorMessage(doPost("/api/auth/2fa/verification/send?providerType=TOTP")
                 .andExpect(status().isTooManyRequests()));
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
index 87d6403b04..9d581c0867 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
@@ -33,8 +33,7 @@ public class PlatformTwoFaSettings {
     @Valid
     private List<TwoFaProviderConfig> providers;
 
-    @Pattern(regexp = "[1-9]\\d*:[1-9]\\d*", message = "verification code send rate limit configuration is invalid")
-    private String verificationCodeSendRateLimit;
+    private Integer minVerificationCodeSendPeriod;
     @Pattern(regexp = "[1-9]\\d*:[1-9]\\d*", message = "verification code check rate limit configuration is invalid")
     private String verificationCodeCheckRateLimit;
     @Min(value = 0, message = "maximum number of verification failure before user lockout must be positive")

From 052cf3e50271df7c036ef93288d6380f758994cb Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Fri, 20 May 2022 15:00:19 +0300
Subject: [PATCH 49/92] Add verification code send period to providers info

---
 .../server/controller/TwoFactorAuthController.java           | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
index ea120ce432..5eb1f6530d 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@@ -31,6 +31,7 @@ import org.thingsboard.server.common.data.StringUtils;
 import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.security.model.mfa.PlatformTwoFaSettings;
 import org.thingsboard.server.common.data.security.model.mfa.account.EmailTwoFaAccountConfig;
 import org.thingsboard.server.common.data.security.model.mfa.account.SmsTwoFaAccountConfig;
 import org.thingsboard.server.dao.user.UserService;
@@ -48,6 +49,7 @@ import javax.servlet.http.HttpServletRequest;
 
 import java.util.Collections;
 import java.util.List;
+import java.util.Optional;
 import java.util.stream.Collectors;
 
 import static org.thingsboard.server.controller.ControllerConstants.NEW_LINE;
@@ -115,6 +117,7 @@ public class TwoFactorAuthController extends BaseController {
     @PreAuthorize("hasAuthority('PRE_VERIFICATION_TOKEN')")
     public List<TwoFaProviderInfo> getAvailableTwoFaProviders() throws ThingsboardException {
         SecurityUser user = getCurrentUser();
+        Optional<PlatformTwoFaSettings> platformTwoFaSettings = twoFaConfigManager.getPlatformTwoFaSettings(user.getTenantId(), true);
         return twoFaConfigManager.getAccountTwoFaSettings(user.getTenantId(), user.getId())
                 .map(settings -> settings.getConfigs().values()).orElse(Collections.emptyList())
                 .stream().map(config -> {
@@ -133,6 +136,7 @@ public class TwoFactorAuthController extends BaseController {
                             .type(config.getProviderType())
                             .isDefault(config.isUseByDefault())
                             .contact(contact)
+                            .minVerificationCodeSendPeriod(platformTwoFaSettings.get().getMinVerificationCodeSendPeriod())
                             .build();
                 })
                 .collect(Collectors.toList());
@@ -145,6 +149,7 @@ public class TwoFactorAuthController extends BaseController {
         private TwoFaProviderType type;
         private boolean isDefault;
         private String contact;
+        private Integer minVerificationCodeSendPeriod;
     }
 
 }

From cc310887c66c96cd6095eb003b5e3f7334383695 Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Fri, 20 May 2022 17:19:21 +0300
Subject: [PATCH 50/92] UI: Add 2FA resend code timer

---
 .../two-factor-auth-settings.component.html   | 54 ++++----------
 .../two-factor-auth-settings.component.scss   | 70 +++++++++++--------
 .../two-factor-auth-settings.component.ts     | 43 +++---------
 .../two-factor-auth-login.component.html      | 25 ++++---
 .../two-factor-auth-login.component.scss      |  9 +++
 .../login/two-factor-auth-login.component.ts  | 39 +++++++++--
 .../shared/models/two-factor-auth.models.ts   |  6 +-
 .../assets/locale/locale.constant-en_US.json  |  8 +--
 8 files changed, 127 insertions(+), 127 deletions(-)

diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
index b5a06a6669..d50430cfe3 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
@@ -38,7 +38,7 @@
                   <mat-expansion-panel-header>
                     <mat-panel-title fxLayoutAlign="start center">
                       <mat-slide-toggle
-                        (click)="toggleProviders($event, i)"
+                        (click)="toggleExtensionPanel($event, i, provider.get('enable').value)"
                         formControlName="enable">
                       </mat-slide-toggle>
                       {{ provider.value.providerType }}
@@ -114,6 +114,17 @@
                     {{ 'admin.2fa.total-allowed-time-for-verification-pattern' | translate }}
                   </mat-error>
                 </mat-form-field>
+                <mat-form-field fxFlex class="mat-block">
+                  <mat-label translate>admin.2fa.retry-verification-code-period</mat-label>
+                  <input matInput required formControlName="minVerificationCodeSendPeriod" type="number" step="1" min="5">
+                  <mat-error *ngIf="twoFaFormGroup.get('minVerificationCodeSendPeriod').hasError('required')">
+                    {{ 'admin.2fa.retry-verification-code-period-required' | translate }}
+                  </mat-error>
+                  <mat-error *ngIf="twoFaFormGroup.get('minVerificationCodeSendPeriod').hasError('pattern')
+                    || twoFaFormGroup.get('minVerificationCodeSendPeriod').hasError('min')">
+                    {{ 'admin.2fa.retry-verification-code-period-pattern' | translate }}
+                  </mat-error>
+                </mat-form-field>
                 <mat-form-field fxFlex class="mat-block">
                   <mat-label translate>admin.2fa.max-verification-failures-before-user-lockout</mat-label>
                   <input matInput required formControlName="maxVerificationFailuresBeforeUserLockout" type="number" step="1" min="0" max="65535">
@@ -127,48 +138,11 @@
                   </mat-error>
                 </mat-form-field>
               </div>
+
               <mat-expansion-panel class="provider">
                 <mat-expansion-panel-header>
                   <mat-panel-title fxLayoutAlign="start center">
-                    <mat-slide-toggle
-                      (click)="toggleExtensionPanel($event, 0, twoFaFormGroup.get('verificationCodeSendRateLimitEnable').value)"
-                      formControlName="verificationCodeSendRateLimitEnable">
-                    </mat-slide-toggle>
-                    {{ 'admin.2fa.verification-code-send-rate-limit' | translate }}
-                  </mat-panel-title>
-                </mat-expansion-panel-header>
-                <ng-template matExpansionPanelContent>
-                  <div fxLayout="row" fxLayout.xs="column" fxLayoutGap.gt-xs="8px">
-                    <mat-form-field fxFlex class="mat-block">
-                      <mat-label translate>admin.2fa.number-of-send-attempts</mat-label>
-                      <input matInput formControlName="verificationCodeSendRateLimitNumber" type="number" step="1" min="1" required>
-                      <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitNumber').hasError('required')">
-                        {{ 'admin.2fa.number-of-send-attempts-required' | translate }}
-                      </mat-error>
-                      <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitNumber').hasError('pattern')
-                    || twoFaFormGroup.get('verificationCodeSendRateLimitNumber').hasError('min')">
-                        {{ 'admin.2fa.number-of-send-attempts-pattern' | translate }}
-                      </mat-error>
-                    </mat-form-field>
-                    <mat-form-field fxFlex class="mat-block">
-                      <mat-label translate>admin.2fa.within-time</mat-label>
-                      <input matInput formControlName="verificationCodeSendRateLimitTime" type="number" step="1" min="1" required>
-                      <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitTime').hasError('required')">
-                        {{ 'admin.2fa.within-time-required' | translate }}
-                      </mat-error>
-                      <mat-error *ngIf="twoFaFormGroup.get('verificationCodeSendRateLimitTime').hasError('pattern')
-                    || twoFaFormGroup.get('verificationCodeSendRateLimitTime').hasError('min')">
-                        {{ 'admin.2fa.within-time-pattern' | translate }}
-                      </mat-error>
-                    </mat-form-field>
-                  </div>
-                </ng-template>
-              </mat-expansion-panel>
-              <mat-divider></mat-divider>
-              <mat-expansion-panel class="provider">
-                <mat-expansion-panel-header>
-                  <mat-panel-title fxLayoutAlign="start center">
-                    <mat-slide-toggle (click)="toggleExtensionPanel($event, 1, twoFaFormGroup.get('verificationCodeCheckRateLimitEnable').value)"
+                    <mat-slide-toggle (click)="toggleExtensionPanel($event, 3, twoFaFormGroup.get('verificationCodeCheckRateLimitEnable').value)"
                                       formControlName="verificationCodeCheckRateLimitEnable">
                     </mat-slide-toggle>
                     {{ 'admin.2fa.verification-code-check-rate-limit' | translate }}
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss
index 8cef8aaf8d..e29f039fde 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss
@@ -14,47 +14,55 @@
  * limitations under the License.
  */
 
-:host{
+@import "../../../../../scss/constants";
 
-  .fields-group {
-    margin: 8px 0;
-    border: 1px groove rgba(0, 0, 0, .25);
-    border-radius: 4px;
-    position: relative;
-    padding-bottom: 8px;
+:host{
 
-    legend {
-      color: rgba(0, 0, 0, .7);
-      width: fit-content;
-      margin: 0 8px;
+  mat-card.settings-card {
+    @media #{$mat-md} {
+      width: 90%;
     }
 
-    .input-row {
-      padding: 8px 8px 0;
-    }
+    .fields-group {
+      margin: 8px 0;
+      border: 1px groove rgba(0, 0, 0, .25);
+      border-radius: 4px;
+      position: relative;
+      padding-bottom: 8px;
+
+      legend {
+        color: rgba(0, 0, 0, .7);
+        width: fit-content;
+        margin: 0 8px;
+      }
+
+      .input-row {
+        padding: 8px 8px 0;
+      }
 
-    &:last-of-type {
-      margin-bottom: 24px;
+      &:last-of-type {
+        margin-bottom: 24px;
+      }
     }
-  }
 
-  .mat-expansion-panel {
-    box-shadow: none;
-    margin: 1px 0 0;
-    &.provider {
-      overflow: inherit;
-      .mat-expansion-panel-header {
-        padding: 0 24px 0 8px;
-        &.mat-expanded {
-          height: 48px;
+    .mat-expansion-panel {
+      box-shadow: none;
+      margin: 1px 0 0;
+      &.provider {
+        overflow: inherit;
+        .mat-expansion-panel-header {
+          padding: 0 24px 0 8px;
+          &.mat-expanded {
+            height: 48px;
+          }
+          .mat-slide-toggle {
+            margin-right: 8px;
+          }
         }
-        .mat-slide-toggle {
-          margin-right: 8px;
+        .mat-expansion-panel-header-title {
+          height: 40px;
         }
       }
-      .mat-expansion-panel-header-title {
-        height: 40px;
-      }
     }
   }
 }
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
index 18ac46c94d..bc2d936aa6 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
@@ -35,7 +35,7 @@ import { MatExpansionPanel } from '@angular/material/expansion';
 @Component({
   selector: 'tb-2fa-settings',
   templateUrl: './two-factor-auth-settings.component.html',
-  styleUrls: ['./two-factor-auth-settings.component.scss', './settings-card.scss']
+  styleUrls: [ './settings-card.scss', './two-factor-auth-settings.component.scss']
 })
 export class TwoFactorAuthSettingsComponent extends PageComponent implements OnInit, HasConfirmForm, OnDestroy {
 
@@ -73,7 +73,6 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
     if (this.twoFaFormGroup.valid) {
       const setting = this.twoFaFormGroup.value as TwoFactorAuthSettingsForm;
       this.joinRateLimit(setting, 'verificationCodeCheckRateLimit');
-      this.joinRateLimit(setting, 'verificationCodeSendRateLimit');
       const providers = setting.providers.filter(provider => provider.enable);
       providers.forEach(provider => delete provider.enable);
       const config = Object.assign(setting, {providers});
@@ -91,18 +90,14 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
     }
   }
 
-  toggleProviders($event: Event, i: number): void {
-    this.toggleExtensionPanel($event, i + 2, this.providersForm.at(i).get('enable').value);
-  }
-
-  toggleExtensionPanel($event: Event, i: number, currentState: boolean) {
+  toggleExtensionPanel($event: Event, index: number, currentState: boolean) {
     if ($event) {
       $event.stopPropagation();
     }
     if (currentState) {
-      this.getByIndexPanel(i).close();
+      this.getByIndexPanel(index).close();
     } else {
-      this.getByIndexPanel(i).open();
+      this.getByIndexPanel(index).open();
     }
   }
 
@@ -130,9 +125,7 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
       verificationCodeCheckRateLimitEnable: [false],
       verificationCodeCheckRateLimitNumber: ['3', [Validators.required, Validators.min(1), Validators.pattern(/^\d*$/)]],
       verificationCodeCheckRateLimitTime: ['900', [Validators.required, Validators.min(1), Validators.pattern(/^\d*$/)]],
-      verificationCodeSendRateLimitEnable: [false],
-      verificationCodeSendRateLimitNumber: ['1', [Validators.required, Validators.min(1), Validators.pattern(/^\d*$/)]],
-      verificationCodeSendRateLimitTime: ['60', [Validators.required, Validators.min(1), Validators.pattern(/^\d*$/)]],
+      minVerificationCodeSendPeriod: ['30', [Validators.required, Validators.min(5), Validators.pattern(/^\d*$/)]],
       providers: this.fb.array([])
     });
     Object.values(TwoFactorAuthProviderType).forEach(provider => {
@@ -149,43 +142,25 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
         this.twoFaFormGroup.get('verificationCodeCheckRateLimitTime').disable({emitEvent: false});
       }
     });
-    this.twoFaFormGroup.get('verificationCodeSendRateLimitEnable').valueChanges.pipe(
-      takeUntil(this.destroy$)
-    ).subscribe(value => {
-      if (value) {
-        this.twoFaFormGroup.get('verificationCodeSendRateLimitNumber').enable({emitEvent: false});
-        this.twoFaFormGroup.get('verificationCodeSendRateLimitTime').enable({emitEvent: false});
-      } else {
-        this.twoFaFormGroup.get('verificationCodeSendRateLimitNumber').disable({emitEvent: false});
-        this.twoFaFormGroup.get('verificationCodeSendRateLimitTime').disable({emitEvent: false});
-      }
-    });
   }
 
   private setAuthConfigFormValue(settings: TwoFactorAuthSettings) {
     const [checkRateLimitNumber, checkRateLimitTime] = this.splitRateLimit(settings.verificationCodeCheckRateLimit);
-    const [sendRateLimitNumber, sendRateLimitTime] = this.splitRateLimit(settings.verificationCodeSendRateLimit);
     const allowProvidersConfig = settings.providers.map(provider => provider.providerType);
     const processFormValue: TwoFactorAuthSettingsForm = Object.assign(deepClone(settings), {
       verificationCodeCheckRateLimitEnable: checkRateLimitNumber > 0,
       verificationCodeCheckRateLimitNumber: checkRateLimitNumber || 3,
       verificationCodeCheckRateLimitTime: checkRateLimitTime || 900,
-      verificationCodeSendRateLimitEnable: sendRateLimitNumber > 0,
-      verificationCodeSendRateLimitNumber: sendRateLimitNumber || 1,
-      verificationCodeSendRateLimitTime: sendRateLimitTime || 60,
       providers: []
     });
-    if (sendRateLimitNumber > 0) {
-      this.getByIndexPanel(0).open();
-    }
     if (checkRateLimitNumber > 0) {
-      this.getByIndexPanel(1).open();
+      this.getByIndexPanel(3).open();
     }
     Object.values(TwoFactorAuthProviderType).forEach((provider, index) => {
       const findIndex = allowProvidersConfig.indexOf(provider);
       if (findIndex > -1) {
         processFormValue.providers.push(Object.assign(settings.providers[findIndex], {enable: true}));
-        this.getByIndexPanel(index + 2).open();
+        this.getByIndexPanel(index).open();
       } else {
         processFormValue.providers.push({enable: false});
       }
@@ -203,9 +178,9 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
         formControlConfig.issuerName = [{value: 'ThingsBoard', disabled: true}, Validators.required];
         break;
       case TwoFactorAuthProviderType.SMS:
-        formControlConfig.smsVerificationMessageTemplate = [{value: 'Verification code: ${сode}', disabled: true}, [
+        formControlConfig.smsVerificationMessageTemplate = [{value: 'Verification code: ${code}', disabled: true}, [
           Validators.required,
-          Validators.pattern(/\${сode}/)
+          Validators.pattern(/\${code}/)
         ]];
         formControlConfig.verificationCodeLifetime = [{value: 120, disabled: true}, [
           Validators.required,
diff --git a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.html b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.html
index 8ebbe44b9d..78417564b3 100644
--- a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.html
+++ b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.html
@@ -46,20 +46,25 @@
                        inputmode="numeric" pattern="[0-9]*"
                        autocomplete="off"
                        placeholder="{{ 'security.2fa.dialog.verification-code' | translate }}"/>
-                <mat-error *ngIf="verificationForm.get('verificationCode').invalid">
+                <button *ngIf="selectedProvider !== twoFactorAuthProvider.TOTP"
+                        mat-button matSuffix
+                        (click)="sendCode($event)"
+                        [disabled]="disabledResendButton"
+                        type="button" tabindex="-1">
+                  {{ 'login.resend-code' | translate }}
+                </button>
+                <mat-error *ngIf="verificationForm.get('verificationCode').invalid" style="margin-bottom: 8px">
                   {{ 'security.2fa.dialog.verification-code-invalid' | translate }}
                 </mat-error>
+                <mat-error *ngIf="verificationForm.get('verificationCode').invalid && selectedProvider !== twoFactorAuthProvider.TOTP && countDownTime" class="timer">
+                  {{ 'login.resend-code-wait' | translate : {time: countDownTime} }}
+                </mat-error>
+                <mat-hint *ngIf="selectedProvider !== twoFactorAuthProvider.TOTP && countDownTime" class="timer">
+                  {{ 'login.resend-code-wait' | translate : {time: countDownTime} }}
+                </mat-hint>
               </mat-form-field>
-              <div fxLayoutAlign="start center" *ngIf="selectedProvider !== twoFactorAuthProvider.TOTP">
-                <button
-                  mat-button
-                  (click)="sendCode()"
-                  type="button">
-                  {{ 'login.resend-code' | translate }}
-                </button>
-              </div>
             </div>
-            <span style="height: 40px;"></span>
+            <span style="height: 50px;"></span>
             <div fxLayout="column" fxLayoutGap="8px">
               <button mat-raised-button
                       color="accent"
diff --git a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.scss b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.scss
index c29e4ae6d4..4d559f5435 100644
--- a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.scss
+++ b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.scss
@@ -53,6 +53,12 @@
           padding-bottom: 8px;
         }
       }
+
+      .timer {
+        font: 400 12px / 14px Roboto, "Helvetica Neue", sans-serif;
+        letter-spacing: 0.4px;
+        color: rgba(255, 255, 255, 0.8);
+      }
     }
   }
   ::ng-deep{
@@ -68,5 +74,8 @@
         vertical-align: sub;
       }
     }
+    .mat-form-field-invalid .mat-hint {
+      margin-top: 20px;
+    }
   }
 }
diff --git a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.ts b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.ts
index 0c47899651..68a1f245e2 100644
--- a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.ts
+++ b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.ts
@@ -14,7 +14,7 @@
 /// limitations under the License.
 ///
 
-import { Component, OnInit } from '@angular/core';
+import { Component, OnDestroy, OnInit } from '@angular/core';
 import { AuthService } from '@core/auth/auth.service';
 import { Store } from '@ngrx/store';
 import { AppState } from '@core/core.state';
@@ -27,16 +27,19 @@ import {
   TwoFaProviderInfo
 } from '@shared/models/two-factor-auth.models';
 import { TranslateService } from '@ngx-translate/core';
+import { interval, Subscription } from 'rxjs';
 
 @Component({
   selector: 'tb-two-factor-auth-login',
   templateUrl: './two-factor-auth-login.component.html',
   styleUrls: ['./two-factor-auth-login.component.scss']
 })
-export class TwoFactorAuthLoginComponent extends PageComponent implements OnInit {
+export class TwoFactorAuthLoginComponent extends PageComponent implements OnInit, OnDestroy {
 
   private providersInfo: TwoFaProviderInfo[];
   private prevProvider: TwoFactorAuthProviderType;
+  private timer: Subscription;
+  private minVerificationPeriod = 0;
 
   selectedProvider: TwoFactorAuthProviderType;
   twoFactorAuthProvider = TwoFactorAuthProviderType;
@@ -44,6 +47,8 @@ export class TwoFactorAuthLoginComponent extends PageComponent implements OnInit
 
   providersData = twoFactorAuthProvidersLoginData;
   providerDescription = '';
+  disabledResendButton = true;
+  countDownTime = 0;
 
   verificationForm = this.fb.group({
     verificationCode: ['', [
@@ -72,6 +77,7 @@ export class TwoFactorAuthLoginComponent extends PageComponent implements OnInit
           this.providerDescription = this.translate.instant(this.providersData.get(providerConfig.type).description, {
             contact: providerConfig.contact
           });
+          this.minVerificationPeriod = providerConfig?.minVerificationCodeSendPeriod || 30;
         }
         this.allowProviders.push(providerConfig.type);
       }
@@ -79,6 +85,12 @@ export class TwoFactorAuthLoginComponent extends PageComponent implements OnInit
     if (this.selectedProvider !== TwoFactorAuthProviderType.TOTP) {
       this.sendCode();
     }
+    this.timer = interval(1000).subscribe(() => this.updatedTime());
+  }
+
+  ngOnDestroy() {
+    super.ngOnDestroy();
+    this.timer.unsubscribe();
   }
 
   sendVerificationCode() {
@@ -93,18 +105,28 @@ export class TwoFactorAuthLoginComponent extends PageComponent implements OnInit
     this.prevProvider = type === null ? this.selectedProvider : null;
     this.selectedProvider = type;
     if (type !== null) {
+      this.verificationForm.get('verificationCode').reset();
       const providerConfig = this.providersInfo.find(config => config.type === type);
       this.providerDescription = this.translate.instant(this.providersData.get(providerConfig.type).description, {
         contact: providerConfig.contact
       });
+      this.minVerificationPeriod = providerConfig?.minVerificationCodeSendPeriod || 30;
       if (type !== TwoFactorAuthProviderType.TOTP) {
         this.sendCode();
       }
     }
   }
 
-  sendCode() {
-    this.twoFactorAuthService.requestTwoFaVerificationCodeSend(this.selectedProvider).subscribe(() => {});
+  sendCode($event?: Event) {
+    if ($event) {
+      $event.stopPropagation();
+    }
+    this.disabledResendButton = true;
+    this.twoFactorAuthService.requestTwoFaVerificationCodeSend(this.selectedProvider).subscribe(() => {
+      this.countDownTime = this.minVerificationPeriod;
+    }, () => {
+      this.countDownTime = 30;
+    });
   }
 
   cancelLogin() {
@@ -115,4 +137,13 @@ export class TwoFactorAuthLoginComponent extends PageComponent implements OnInit
       this.authService.logout();
     }
   }
+
+  private updatedTime() {
+    if (this.countDownTime > 0) {
+      this.countDownTime--;
+      if (this.countDownTime === 0) {
+        this.disabledResendButton = false;
+      }
+    }
+  }
 }
diff --git a/ui-ngx/src/app/shared/models/two-factor-auth.models.ts b/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
index 75fc95ae4e..7e3676d6fe 100644
--- a/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
+++ b/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
@@ -20,7 +20,7 @@ export interface TwoFactorAuthSettings {
   totalAllowedTimeForVerification: number;
   useSystemTwoFactorAuthSettings: boolean;
   verificationCodeCheckRateLimit: string;
-  verificationCodeSendRateLimit: string;
+  minVerificationCodeSendPeriod: number;
 }
 
 export interface TwoFactorAuthSettingsForm extends TwoFactorAuthSettings{
@@ -28,9 +28,6 @@ export interface TwoFactorAuthSettingsForm extends TwoFactorAuthSettings{
   verificationCodeCheckRateLimitEnable: boolean;
   verificationCodeCheckRateLimitNumber: number;
   verificationCodeCheckRateLimitTime: number;
-  verificationCodeSendRateLimitEnable: boolean;
-  verificationCodeSendRateLimitNumber: number;
-  verificationCodeSendRateLimitTime: number;
 }
 
 export type TwoFactorAuthProviderConfig = Partial<TotpTwoFactorAuthProviderConfig | SmsTwoFactorAuthProviderConfig |
@@ -93,6 +90,7 @@ export interface TwoFaProviderInfo {
   type: TwoFactorAuthProviderType;
   default: boolean;
   contact?: string;
+  minVerificationCodeSendPeriod?: number;
 }
 
 export interface TwoFactorAuthProviderData {
diff --git a/ui-ngx/src/assets/locale/locale.constant-en_US.json b/ui-ngx/src/assets/locale/locale.constant-en_US.json
index d307fe9779..e6b1b3682d 100644
--- a/ui-ngx/src/assets/locale/locale.constant-en_US.json
+++ b/ui-ngx/src/assets/locale/locale.constant-en_US.json
@@ -323,10 +323,10 @@
             "number-of-checking-attempts": "Number of checking attempts",
             "number-of-checking-attempts-pattern": "Number of checking attempts must be a positive integer.",
             "number-of-checking-attempts-required": "Number of checking attempts is required.",
-            "number-of-send-attempts": "Number of send attempts",
-            "number-of-send-attempts-pattern": "Number of send attempts must be a positive integer.",
-            "number-of-send-attempts-required": "Number of send attempts is required.",
             "provider": "Provider",
+            "retry-verification-code-period": "Retry verification code period (sec)",
+            "retry-verification-code-period-pattern": "Minimal period time is 5 sec",
+            "retry-verification-code-period-required": "Retry verification code period is required.",
             "total-allowed-time-for-verification": "Total allowed time for verification (sec)",
             "total-allowed-time-for-verification-pattern": "Total allowed time must be a positive integer.",
             "total-allowed-time-for-verification-required": "Total allowed time is required.",
@@ -335,7 +335,6 @@
             "verification-code-lifetime": "Verification code lifetime (sec)",
             "verification-code-lifetime-pattern": "Verification code lifetime must be a positive integer.",
             "verification-code-lifetime-required": "Verification code lifetime is required.",
-            "verification-code-send-rate-limit": "Verification code send rate limit",
             "verification-message-template": "Verification message template",
             "verification-limitations": "Verification limitations",
             "verification-message-template-pattern": "Verification message need to contains pattern: ${code}",
@@ -2484,6 +2483,7 @@
         "verify-your-identity": "Verify your identity",
         "select-way-to-verify": "Select a way to verify",
         "resend-code": "Resend code",
+        "resend-code-wait": "Resend code wait { time, plural, 1 {1 second} other {# seconds} }",
         "try-another-way": "Try another way",
         "totp-auth-description": "Please enter the security code from your authenticator app.",
         "sms-auth-description": "A security code has been sent to your phone at {{contact}}.",

From e28f9a282ea15f2a165d5c7b17ac3a03453b9337 Mon Sep 17 00:00:00 2001
From: nickAS21 <nick@thingsboard.io>
Date: Thu, 19 May 2022 11:50:31 +0300
Subject: [PATCH 51/92] refactoring: EntityViewController

---
 .../controller/EntityViewController.java      | 404 ++---------------
 .../entitiy/AbstractTbEntityService.java      |  14 +
 .../DefaultTbEntityViewService.java           | 418 ++++++++++++++++++
 .../entityView/TbEntityViewService.java       |  38 ++
 4 files changed, 506 insertions(+), 368 deletions(-)
 create mode 100644 application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/entitiy/entityView/TbEntityViewService.java

diff --git a/application/src/main/java/org/thingsboard/server/controller/EntityViewController.java b/application/src/main/java/org/thingsboard/server/controller/EntityViewController.java
index 2dc8fe42d6..e78a393b19 100644
--- a/application/src/main/java/org/thingsboard/server/controller/EntityViewController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/EntityViewController.java
@@ -15,15 +15,11 @@
  */
 package org.thingsboard.server.controller;
 
-import com.google.common.util.concurrent.FutureCallback;
-import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;
-import com.google.common.util.concurrent.MoreExecutors;
-import com.google.common.util.concurrent.SettableFuture;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
+import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.security.access.prepost.PreAuthorize;
@@ -36,45 +32,30 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.ResponseStatus;
 import org.springframework.web.bind.annotation.RestController;
 import org.thingsboard.server.common.data.Customer;
-import org.thingsboard.server.common.data.DataConstants;
 import org.thingsboard.server.common.data.EntitySubtype;
-import org.thingsboard.server.common.data.EntityType;
 import org.thingsboard.server.common.data.EntityView;
 import org.thingsboard.server.common.data.EntityViewInfo;
-import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.edge.Edge;
-import org.thingsboard.server.common.data.edge.EdgeEventActionType;
 import org.thingsboard.server.common.data.entityview.EntityViewSearchQuery;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.CustomerId;
 import org.thingsboard.server.common.data.id.EdgeId;
-import org.thingsboard.server.common.data.id.EntityId;
 import org.thingsboard.server.common.data.id.EntityViewId;
 import org.thingsboard.server.common.data.id.TenantId;
-import org.thingsboard.server.common.data.kv.AttributeKvEntry;
-import org.thingsboard.server.common.data.kv.BaseReadTsKvQuery;
-import org.thingsboard.server.common.data.kv.ReadTsKvQuery;
-import org.thingsboard.server.common.data.kv.TsKvEntry;
 import org.thingsboard.server.common.data.page.PageData;
 import org.thingsboard.server.common.data.page.PageLink;
 import org.thingsboard.server.common.data.page.TimePageLink;
 import org.thingsboard.server.dao.exception.IncorrectParameterException;
 import org.thingsboard.server.dao.model.ModelConstants;
-import org.thingsboard.server.dao.timeseries.TimeseriesService;
 import org.thingsboard.server.queue.util.TbCoreComponent;
+import org.thingsboard.server.service.entitiy.entityView.TbEntityViewService;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.permission.Operation;
 import org.thingsboard.server.service.security.permission.Resource;
 
-import javax.annotation.Nullable;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
 import java.util.List;
-import java.util.concurrent.ExecutionException;
 import java.util.stream.Collectors;
 
-import static org.apache.commons.lang3.StringUtils.isBlank;
 import static org.thingsboard.server.controller.ControllerConstants.CUSTOMER_ID;
 import static org.thingsboard.server.controller.ControllerConstants.CUSTOMER_ID_PARAM_DESCRIPTION;
 import static org.thingsboard.server.controller.ControllerConstants.EDGE_ASSIGN_ASYNC_FIRST_STEP_DESCRIPTION;
@@ -104,14 +85,14 @@ import static org.thingsboard.server.controller.EdgeController.EDGE_ID;
  */
 @RestController
 @TbCoreComponent
+@RequiredArgsConstructor
 @RequestMapping("/api")
 @Slf4j
 public class EntityViewController extends BaseController {
 
-    public static final String ENTITY_VIEW_ID = "entityViewId";
+    public final TbEntityViewService tbEntityViewService;
 
-    @Autowired
-    private TimeseriesService tsService;
+    public static final String ENTITY_VIEW_ID = "entityViewId";
 
     @ApiOperation(value = "Get entity view (getEntityViewById)",
             notes = "Fetch the EntityView object based on the provided entity view id. "
@@ -159,237 +140,8 @@ public class EntityViewController extends BaseController {
     public EntityView saveEntityView(
             @ApiParam(value = "A JSON object representing the entity view.")
             @RequestBody EntityView entityView) throws ThingsboardException {
-        try {
-            entityView.setTenantId(getCurrentUser().getTenantId());
-
-            List<ListenableFuture<?>> futures = new ArrayList<>();
-
-            if (entityView.getId() == null) {
-                accessControlService
-                        .checkPermission(getCurrentUser(), Resource.ENTITY_VIEW, Operation.CREATE, null, entityView);
-            } else {
-                EntityView existingEntityView = checkEntityViewId(entityView.getId(), Operation.WRITE);
-                if (existingEntityView.getKeys() != null) {
-                    if (existingEntityView.getKeys().getAttributes() != null) {
-                        futures.add(deleteAttributesFromEntityView(existingEntityView, DataConstants.CLIENT_SCOPE, existingEntityView.getKeys().getAttributes().getCs(), getCurrentUser()));
-                        futures.add(deleteAttributesFromEntityView(existingEntityView, DataConstants.SERVER_SCOPE, existingEntityView.getKeys().getAttributes().getCs(), getCurrentUser()));
-                        futures.add(deleteAttributesFromEntityView(existingEntityView, DataConstants.SHARED_SCOPE, existingEntityView.getKeys().getAttributes().getCs(), getCurrentUser()));
-                    }
-                }
-                List<String> tsKeys = existingEntityView.getKeys() != null && existingEntityView.getKeys().getTimeseries() != null ?
-                        existingEntityView.getKeys().getTimeseries() : Collections.emptyList();
-                futures.add(deleteLatestFromEntityView(existingEntityView, tsKeys, getCurrentUser()));
-            }
-
-            EntityView savedEntityView = checkNotNull(entityViewService.saveEntityView(entityView));
-            if (savedEntityView.getKeys() != null) {
-                if (savedEntityView.getKeys().getAttributes() != null) {
-                    futures.add(copyAttributesFromEntityToEntityView(savedEntityView, DataConstants.CLIENT_SCOPE, savedEntityView.getKeys().getAttributes().getCs(), getCurrentUser()));
-                    futures.add(copyAttributesFromEntityToEntityView(savedEntityView, DataConstants.SERVER_SCOPE, savedEntityView.getKeys().getAttributes().getSs(), getCurrentUser()));
-                    futures.add(copyAttributesFromEntityToEntityView(savedEntityView, DataConstants.SHARED_SCOPE, savedEntityView.getKeys().getAttributes().getSh(), getCurrentUser()));
-                }
-                futures.add(copyLatestFromEntityToEntityView(savedEntityView, getCurrentUser()));
-            }
-            for (ListenableFuture<?> future : futures) {
-                try {
-                    future.get();
-                } catch (InterruptedException | ExecutionException e) {
-                    throw new RuntimeException("Failed to copy attributes to entity view", e);
-                }
-            }
-
-            logEntityAction(savedEntityView.getId(), savedEntityView, null,
-                    entityView.getId() == null ? ActionType.ADDED : ActionType.UPDATED, null);
-
-            if (entityView.getId() != null) {
-                sendEntityNotificationMsg(savedEntityView.getTenantId(), savedEntityView.getId(), EdgeEventActionType.UPDATED);
-            }
-
-            return savedEntityView;
-        } catch (Exception e) {
-            logEntityAction(emptyId(EntityType.ENTITY_VIEW), entityView, null,
-                    entityView.getId() == null ? ActionType.ADDED : ActionType.UPDATED, e);
-            throw handleException(e);
-        }
-    }
-
-    private ListenableFuture<Void> deleteLatestFromEntityView(EntityView entityView, List<String> keys, SecurityUser user) {
-        EntityViewId entityId = entityView.getId();
-        SettableFuture<Void> resultFuture = SettableFuture.create();
-        if (keys != null && !keys.isEmpty()) {
-            tsSubService.deleteLatest(entityView.getTenantId(), entityId, keys, new FutureCallback<Void>() {
-                @Override
-                public void onSuccess(@Nullable Void tmp) {
-                    try {
-                        logTimeseriesDeleted(user, entityId, keys, null);
-                    } catch (ThingsboardException e) {
-                        log.error("Failed to log timeseries delete", e);
-                    }
-                    resultFuture.set(tmp);
-                }
-
-                @Override
-                public void onFailure(Throwable t) {
-                    try {
-                        logTimeseriesDeleted(user, entityId, keys, t);
-                    } catch (ThingsboardException e) {
-                        log.error("Failed to log timeseries delete", e);
-                    }
-                    resultFuture.setException(t);
-                }
-            });
-        } else {
-            tsSubService.deleteAllLatest(entityView.getTenantId(), entityId, new FutureCallback<Collection<String>>() {
-                @Override
-                public void onSuccess(@Nullable Collection<String> keys) {
-                    try {
-                        logTimeseriesDeleted(user, entityId, new ArrayList<>(keys), null);
-                    } catch (ThingsboardException e) {
-                        log.error("Failed to log timeseries delete", e);
-                    }
-                    resultFuture.set(null);
-                }
-
-                @Override
-                public void onFailure(Throwable t) {
-                    try {
-                        logTimeseriesDeleted(user, entityId, Collections.emptyList(), t);
-                    } catch (ThingsboardException e) {
-                        log.error("Failed to log timeseries delete", e);
-                    }
-                    resultFuture.setException(t);
-                }
-            });
-        }
-        return resultFuture;
-    }
-
-    private ListenableFuture<Void> deleteAttributesFromEntityView(EntityView entityView, String scope, List<String> keys, SecurityUser user) {
-        EntityViewId entityId = entityView.getId();
-        SettableFuture<Void> resultFuture = SettableFuture.create();
-        if (keys != null && !keys.isEmpty()) {
-            tsSubService.deleteAndNotify(entityView.getTenantId(), entityId, scope, keys, new FutureCallback<Void>() {
-                @Override
-                public void onSuccess(@Nullable Void tmp) {
-                    try {
-                        logAttributesDeleted(user, entityId, scope, keys, null);
-                    } catch (ThingsboardException e) {
-                        log.error("Failed to log attribute delete", e);
-                    }
-                    resultFuture.set(tmp);
-                }
-
-                @Override
-                public void onFailure(Throwable t) {
-                    try {
-                        logAttributesDeleted(user, entityId, scope, keys, t);
-                    } catch (ThingsboardException e) {
-                        log.error("Failed to log attribute delete", e);
-                    }
-                    resultFuture.setException(t);
-                }
-            });
-        } else {
-            resultFuture.set(null);
-        }
-        return resultFuture;
-    }
-
-    private ListenableFuture<List<Void>> copyLatestFromEntityToEntityView(EntityView entityView, SecurityUser user) {
-        EntityViewId entityId = entityView.getId();
-        List<String> keys = entityView.getKeys() != null && entityView.getKeys().getTimeseries() != null ?
-                entityView.getKeys().getTimeseries() : Collections.emptyList();
-        long startTs = entityView.getStartTimeMs();
-        long endTs = entityView.getEndTimeMs() == 0 ? Long.MAX_VALUE : entityView.getEndTimeMs();
-        ListenableFuture<List<String>> keysFuture;
-        if (keys.isEmpty()) {
-            keysFuture = Futures.transform(tsService.findAllLatest(user.getTenantId(),
-                    entityView.getEntityId()), latest -> latest.stream().map(TsKvEntry::getKey).collect(Collectors.toList()), MoreExecutors.directExecutor());
-        } else {
-            keysFuture = Futures.immediateFuture(keys);
-        }
-        ListenableFuture<List<TsKvEntry>> latestFuture = Futures.transformAsync(keysFuture, fetchKeys -> {
-            List<ReadTsKvQuery> queries = fetchKeys.stream().filter(key -> !isBlank(key)).map(key -> new BaseReadTsKvQuery(key, startTs, endTs, 1, "DESC")).collect(Collectors.toList());
-            if (!queries.isEmpty()) {
-                return tsService.findAll(user.getTenantId(), entityView.getEntityId(), queries);
-            } else {
-                return Futures.immediateFuture(null);
-            }
-        }, MoreExecutors.directExecutor());
-        return Futures.transform(latestFuture, latestValues -> {
-            if (latestValues != null && !latestValues.isEmpty()) {
-                tsSubService.saveLatestAndNotify(entityView.getTenantId(), entityId, latestValues, new FutureCallback<Void>() {
-                    @Override
-                    public void onSuccess(@Nullable Void tmp) {
-                    }
-
-                    @Override
-                    public void onFailure(Throwable t) {
-                    }
-                });
-            }
-            return null;
-        }, MoreExecutors.directExecutor());
-    }
-
-    private ListenableFuture<List<Void>> copyAttributesFromEntityToEntityView(EntityView entityView, String scope, Collection<String> keys, SecurityUser user) throws ThingsboardException {
-        EntityViewId entityId = entityView.getId();
-        if (keys != null && !keys.isEmpty()) {
-            ListenableFuture<List<AttributeKvEntry>> getAttrFuture = attributesService.find(getTenantId(), entityView.getEntityId(), scope, keys);
-            return Futures.transform(getAttrFuture, attributeKvEntries -> {
-                List<AttributeKvEntry> attributes;
-                if (attributeKvEntries != null && !attributeKvEntries.isEmpty()) {
-                    attributes =
-                            attributeKvEntries.stream()
-                                    .filter(attributeKvEntry -> {
-                                        long startTime = entityView.getStartTimeMs();
-                                        long endTime = entityView.getEndTimeMs();
-                                        long lastUpdateTs = attributeKvEntry.getLastUpdateTs();
-                                        return startTime == 0 && endTime == 0 ||
-                                                (endTime == 0 && startTime < lastUpdateTs) ||
-                                                (startTime == 0 && endTime > lastUpdateTs)
-                                                ? true : startTime < lastUpdateTs && endTime > lastUpdateTs;
-                                    }).collect(Collectors.toList());
-                    tsSubService.saveAndNotify(entityView.getTenantId(), entityId, scope, attributes, new FutureCallback<Void>() {
-                        @Override
-                        public void onSuccess(@Nullable Void tmp) {
-                            try {
-                                logAttributesUpdated(user, entityId, scope, attributes, null);
-                            } catch (ThingsboardException e) {
-                                log.error("Failed to log attribute updates", e);
-                            }
-                        }
-
-                        @Override
-                        public void onFailure(Throwable t) {
-                            try {
-                                logAttributesUpdated(user, entityId, scope, attributes, t);
-                            } catch (ThingsboardException e) {
-                                log.error("Failed to log attribute updates", e);
-                            }
-                        }
-                    });
-                }
-                return null;
-            }, MoreExecutors.directExecutor());
-        } else {
-            return Futures.immediateFuture(null);
-        }
-    }
-
-    private void logAttributesUpdated(SecurityUser user, EntityId entityId, String scope, List<AttributeKvEntry> attributes, Throwable e) throws ThingsboardException {
-        logEntityAction(user, entityId, null, null, ActionType.ATTRIBUTES_UPDATED, toException(e),
-                scope, attributes);
-    }
-
-    private void logAttributesDeleted(SecurityUser user, EntityId entityId, String scope, List<String> keys, Throwable e) throws ThingsboardException {
-        logEntityAction(user, entityId, null, null, ActionType.ATTRIBUTES_DELETED, toException(e),
-                scope, keys);
-    }
-
-    private void logTimeseriesDeleted(SecurityUser user, EntityId entityId, List<String> keys, Throwable e) throws ThingsboardException {
-        logEntityAction(user, entityId, null, null, ActionType.TIMESERIES_DELETED, toException(e),
-                keys);
+        entityView.setTenantId(getCurrentUser().getTenantId());
+        return tbEntityViewService.save(entityView, getCurrentUser());
     }
 
     @ApiOperation(value = "Delete entity view (deleteEntityView)",
@@ -402,24 +154,9 @@ public class EntityViewController extends BaseController {
             @ApiParam(value = ENTITY_VIEW_ID_PARAM_DESCRIPTION)
             @PathVariable(ENTITY_VIEW_ID) String strEntityViewId) throws ThingsboardException {
         checkParameter(ENTITY_VIEW_ID, strEntityViewId);
-        try {
-            EntityViewId entityViewId = new EntityViewId(toUUID(strEntityViewId));
-            EntityView entityView = checkEntityViewId(entityViewId, Operation.DELETE);
-
-            List<EdgeId> relatedEdgeIds = findRelatedEdgeIds(getTenantId(), entityViewId);
-
-            entityViewService.deleteEntityView(getTenantId(), entityViewId);
-            logEntityAction(entityViewId, entityView, entityView.getCustomerId(),
-                    ActionType.DELETED, null, strEntityViewId);
-
-            sendDeleteNotificationMsg(getTenantId(), entityViewId, relatedEdgeIds);
-        } catch (Exception e) {
-            logEntityAction(emptyId(EntityType.ENTITY_VIEW),
-                    null,
-                    null,
-                    ActionType.DELETED, e, strEntityViewId);
-            throw handleException(e);
-        }
+        EntityViewId entityViewId = new EntityViewId(toUUID(strEntityViewId));
+        EntityView entityView = checkEntityViewId(entityViewId, Operation.DELETE);
+        tbEntityViewService.delete(entityView, getCurrentUser());
     }
 
     @ApiOperation(value = "Get Entity View by name (getTenantEntityView)",
@@ -451,28 +188,13 @@ public class EntityViewController extends BaseController {
             @PathVariable(ENTITY_VIEW_ID) String strEntityViewId) throws ThingsboardException {
         checkParameter(CUSTOMER_ID, strCustomerId);
         checkParameter(ENTITY_VIEW_ID, strEntityViewId);
-        try {
-            CustomerId customerId = new CustomerId(toUUID(strCustomerId));
-            Customer customer = checkCustomerId(customerId, Operation.READ);
 
-            EntityViewId entityViewId = new EntityViewId(toUUID(strEntityViewId));
-            checkEntityViewId(entityViewId, Operation.ASSIGN_TO_CUSTOMER);
-
-            EntityView savedEntityView = checkNotNull(entityViewService.assignEntityViewToCustomer(getTenantId(), entityViewId, customerId));
-            logEntityAction(entityViewId, savedEntityView,
-                    savedEntityView.getCustomerId(),
-                    ActionType.ASSIGNED_TO_CUSTOMER, null, strEntityViewId, strCustomerId, customer.getName());
-
-            sendEntityAssignToCustomerNotificationMsg(savedEntityView.getTenantId(), savedEntityView.getId(),
-                    customerId, EdgeEventActionType.ASSIGNED_TO_CUSTOMER);
+        CustomerId customerId = new CustomerId(toUUID(strCustomerId));
+        Customer customer = checkCustomerId(customerId, Operation.READ);
 
-            return savedEntityView;
-        } catch (Exception e) {
-            logEntityAction(emptyId(EntityType.ENTITY_VIEW), null,
-                    null,
-                    ActionType.ASSIGNED_TO_CUSTOMER, e, strEntityViewId, strCustomerId);
-            throw handleException(e);
-        }
+        EntityViewId entityViewId = new EntityViewId(toUUID(strEntityViewId));
+        checkEntityViewId(entityViewId, Operation.ASSIGN_TO_CUSTOMER);
+        return tbEntityViewService.assignEntityViewToCustomer(entityViewId, customer, getCurrentUser());
     }
 
     @ApiOperation(value = "Unassign Entity View from customer (unassignEntityViewFromCustomer)",
@@ -484,28 +206,15 @@ public class EntityViewController extends BaseController {
             @ApiParam(value = ENTITY_VIEW_ID_PARAM_DESCRIPTION)
             @PathVariable(ENTITY_VIEW_ID) String strEntityViewId) throws ThingsboardException {
         checkParameter(ENTITY_VIEW_ID, strEntityViewId);
-        try {
-            EntityViewId entityViewId = new EntityViewId(toUUID(strEntityViewId));
-            EntityView entityView = checkEntityViewId(entityViewId, Operation.UNASSIGN_FROM_CUSTOMER);
-            if (entityView.getCustomerId() == null || entityView.getCustomerId().getId().equals(ModelConstants.NULL_UUID)) {
-                throw new IncorrectParameterException("Entity View isn't assigned to any customer!");
-            }
-            Customer customer = checkCustomerId(entityView.getCustomerId(), Operation.READ);
-            EntityView savedEntityView = checkNotNull(entityViewService.unassignEntityViewFromCustomer(getTenantId(), entityViewId));
-            logEntityAction(entityViewId, entityView,
-                    entityView.getCustomerId(),
-                    ActionType.UNASSIGNED_FROM_CUSTOMER, null, strEntityViewId, customer.getId().toString(), customer.getName());
+        EntityViewId entityViewId = new EntityViewId(toUUID(strEntityViewId));
+        EntityView entityView = checkEntityViewId(entityViewId, Operation.UNASSIGN_FROM_CUSTOMER);
+        if (entityView.getCustomerId() == null || entityView.getCustomerId().getId().equals(ModelConstants.NULL_UUID)) {
+            throw new IncorrectParameterException("Entity View isn't assigned to any customer!");
+        }
 
-            sendEntityAssignToCustomerNotificationMsg(savedEntityView.getTenantId(), savedEntityView.getId(),
-                    customer.getId(), EdgeEventActionType.UNASSIGNED_FROM_CUSTOMER);
+        Customer customer = checkCustomerId(entityView.getCustomerId(), Operation.READ);
 
-            return savedEntityView;
-        } catch (Exception e) {
-            logEntityAction(emptyId(EntityType.ENTITY_VIEW), null,
-                    null,
-                    ActionType.UNASSIGNED_FROM_CUSTOMER, e, strEntityViewId);
-            throw handleException(e);
-        }
+        return tbEntityViewService.unassignEntityViewFromCustomer(entityView, customer, getCurrentUser());
     }
 
     @ApiOperation(value = "Get Customer Entity Views (getCustomerEntityViews)",
@@ -705,23 +414,9 @@ public class EntityViewController extends BaseController {
             @ApiParam(value = ENTITY_VIEW_ID_PARAM_DESCRIPTION)
             @PathVariable(ENTITY_VIEW_ID) String strEntityViewId) throws ThingsboardException {
         checkParameter(ENTITY_VIEW_ID, strEntityViewId);
-        try {
-            EntityViewId entityViewId = new EntityViewId(toUUID(strEntityViewId));
-            EntityView entityView = checkEntityViewId(entityViewId, Operation.ASSIGN_TO_CUSTOMER);
-            Customer publicCustomer = customerService.findOrCreatePublicCustomer(entityView.getTenantId());
-            EntityView savedEntityView = checkNotNull(entityViewService.assignEntityViewToCustomer(getCurrentUser().getTenantId(), entityViewId, publicCustomer.getId()));
-
-            logEntityAction(entityViewId, savedEntityView,
-                    savedEntityView.getCustomerId(),
-                    ActionType.ASSIGNED_TO_CUSTOMER, null, strEntityViewId, publicCustomer.getId().toString(), publicCustomer.getName());
-
-            return savedEntityView;
-        } catch (Exception e) {
-            logEntityAction(emptyId(EntityType.ENTITY_VIEW), null,
-                    null,
-                    ActionType.ASSIGNED_TO_CUSTOMER, e, strEntityViewId);
-            throw handleException(e);
-        }
+        EntityViewId entityViewId = new EntityViewId(toUUID(strEntityViewId));
+        checkEntityViewId(entityViewId, Operation.ASSIGN_TO_CUSTOMER);
+        return tbEntityViewService.assignEntityViewToPublicCustomer(entityViewId, getCurrentUser());
     }
 
     @ApiOperation(value = "Assign entity view to edge (assignEntityViewToEdge)",
@@ -738,27 +433,13 @@ public class EntityViewController extends BaseController {
                                              @PathVariable(ENTITY_VIEW_ID) String strEntityViewId) throws ThingsboardException {
         checkParameter(EDGE_ID, strEdgeId);
         checkParameter(ENTITY_VIEW_ID, strEntityViewId);
-        try {
-            EdgeId edgeId = new EdgeId(toUUID(strEdgeId));
-            Edge edge = checkEdgeId(edgeId, Operation.READ);
-
-            EntityViewId entityViewId = new EntityViewId(toUUID(strEntityViewId));
-            checkEntityViewId(entityViewId, Operation.READ);
 
-            EntityView savedEntityView = checkNotNull(entityViewService.assignEntityViewToEdge(getTenantId(), entityViewId, edgeId));
-            logEntityAction(entityViewId, savedEntityView,
-                    savedEntityView.getCustomerId(),
-                    ActionType.ASSIGNED_TO_EDGE, null, strEntityViewId, strEdgeId, edge.getName());
+        EdgeId edgeId = new EdgeId(toUUID(strEdgeId));
+        Edge edge = checkEdgeId(edgeId, Operation.READ);
 
-            sendEntityAssignToEdgeNotificationMsg(getTenantId(), edgeId, savedEntityView.getId(), EdgeEventActionType.ASSIGNED_TO_EDGE);
-
-            return savedEntityView;
-        } catch (Exception e) {
-            logEntityAction(emptyId(EntityType.ENTITY_VIEW), null,
-                    null,
-                    ActionType.ASSIGNED_TO_EDGE, e, strEntityViewId, strEdgeId);
-            throw handleException(e);
-        }
+        EntityViewId entityViewId = new EntityViewId(toUUID(strEntityViewId));
+        checkEntityViewId(entityViewId, Operation.READ);
+        return tbEntityViewService.assignEntityViewToEdge(entityViewId, edge, getCurrentUser());
     }
 
     @ApiOperation(value = "Unassign entity view from edge (unassignEntityViewFromEdge)",
@@ -775,28 +456,15 @@ public class EntityViewController extends BaseController {
                                                  @PathVariable(ENTITY_VIEW_ID) String strEntityViewId) throws ThingsboardException {
         checkParameter(EDGE_ID, strEdgeId);
         checkParameter(ENTITY_VIEW_ID, strEntityViewId);
-        try {
-            EdgeId edgeId = new EdgeId(toUUID(strEdgeId));
-            Edge edge = checkEdgeId(edgeId, Operation.READ);
 
-            EntityViewId entityViewId = new EntityViewId(toUUID(strEntityViewId));
-            EntityView entityView = checkEntityViewId(entityViewId, Operation.READ);
-
-            EntityView savedEntityView = checkNotNull(entityViewService.unassignEntityViewFromEdge(getTenantId(), entityViewId, edgeId));
-            logEntityAction(entityViewId, entityView,
-                    entityView.getCustomerId(),
-                    ActionType.UNASSIGNED_FROM_EDGE, null, strEntityViewId, strEdgeId, edge.getName());
+        EdgeId edgeId = new EdgeId(toUUID(strEdgeId));
+        Edge edge = checkEdgeId(edgeId, Operation.READ);
 
-            sendEntityAssignToEdgeNotificationMsg(getTenantId(), edgeId, savedEntityView.getId(), EdgeEventActionType.UNASSIGNED_FROM_EDGE);
+        EntityViewId entityViewId = new EntityViewId(toUUID(strEntityViewId));
+        EntityView entityView = checkEntityViewId(entityViewId, Operation.READ);
 
-            return savedEntityView;
-        } catch (Exception e) {
-            logEntityAction(emptyId(EntityType.ENTITY_VIEW), null,
-                    null,
-                    ActionType.UNASSIGNED_FROM_EDGE, e, strEntityViewId, strEdgeId);
-            throw handleException(e);
-        }
-    }
+        return tbEntityViewService.unassignEntityViewFromEdge(entityView, edge, getCurrentUser());
+     }
 
     @PreAuthorize("hasAnyAuthority('TENANT_ADMIN', 'CUSTOMER_USER')")
     @RequestMapping(value = "/edge/{edgeId}/entityViews", params = {"pageSize", "page"}, method = RequestMethod.GET)
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/AbstractTbEntityService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/AbstractTbEntityService.java
index 95bbe1e82f..008db91a09 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/AbstractTbEntityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/AbstractTbEntityService.java
@@ -41,12 +41,14 @@ import org.thingsboard.server.common.data.page.PageDataIterableByTenantIdEntityI
 import org.thingsboard.server.common.data.page.TimePageLink;
 import org.thingsboard.server.dao.alarm.AlarmService;
 import org.thingsboard.server.dao.asset.AssetService;
+import org.thingsboard.server.dao.attributes.AttributesService;
 import org.thingsboard.server.dao.customer.CustomerService;
 import org.thingsboard.server.dao.dashboard.DashboardService;
 import org.thingsboard.server.dao.device.ClaimDevicesService;
 import org.thingsboard.server.dao.device.DeviceCredentialsService;
 import org.thingsboard.server.dao.device.DeviceService;
 import org.thingsboard.server.dao.edge.EdgeService;
+import org.thingsboard.server.dao.entityview.EntityViewService;
 import org.thingsboard.server.dao.exception.DataValidationException;
 import org.thingsboard.server.dao.exception.IncorrectParameterException;
 import org.thingsboard.server.dao.model.ModelConstants;
@@ -56,6 +58,8 @@ import org.thingsboard.server.dao.tenant.TenantService;
 import org.thingsboard.server.service.action.EntityActionService;
 import org.thingsboard.server.service.edge.EdgeNotificationService;
 import org.thingsboard.server.service.executors.DbCallbackExecutorService;
+import org.thingsboard.server.service.security.permission.AccessControlService;
+import org.thingsboard.server.service.telemetry.TelemetrySubscriptionService;
 
 import javax.mail.MessagingException;
 import java.util.ArrayList;
@@ -108,6 +112,16 @@ public abstract class AbstractTbEntityService {
     protected EdgeNotificationService edgeNotificationService;
     @Autowired
     protected DashboardService dashboardService;
+    @Autowired
+    protected EntityViewService entityViewService;
+    @Autowired
+    protected TelemetrySubscriptionService tsSubService;
+    @Autowired
+    protected AttributesService attributesService;
+    @Autowired
+    protected EntityViewService entityView;
+    @Autowired
+    protected AccessControlService accessControlService;
 
     protected ListenableFuture<Void> removeAlarmsByEntityId(TenantId tenantId, EntityId entityId) {
         ListenableFuture<PageData<AlarmInfo>> alarmsFuture =
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java
new file mode 100644
index 0000000000..6c8b49daa5
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java
@@ -0,0 +1,418 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.entitiy.entityView;
+
+import com.google.common.util.concurrent.FutureCallback;
+import com.google.common.util.concurrent.Futures;
+import com.google.common.util.concurrent.ListenableFuture;
+import com.google.common.util.concurrent.MoreExecutors;
+import com.google.common.util.concurrent.SettableFuture;
+import lombok.AllArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.thingsboard.server.common.data.Customer;
+import org.thingsboard.server.common.data.EntityView;
+import org.thingsboard.server.common.data.DataConstants;
+import org.thingsboard.server.common.data.EntityType;
+import org.thingsboard.server.common.data.audit.ActionType;
+import org.thingsboard.server.common.data.edge.Edge;
+import org.thingsboard.server.common.data.edge.EdgeEventActionType;
+import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.CustomerId;
+import org.thingsboard.server.common.data.id.EntityViewId;
+import org.thingsboard.server.common.data.id.EdgeId;
+import org.thingsboard.server.common.data.id.EntityId;
+import org.thingsboard.server.common.data.id.TenantId;
+import org.thingsboard.server.common.data.kv.AttributeKvEntry;
+import org.thingsboard.server.common.data.kv.BaseReadTsKvQuery;
+import org.thingsboard.server.common.data.kv.ReadTsKvQuery;
+import org.thingsboard.server.common.data.kv.TsKvEntry;
+import org.thingsboard.server.dao.timeseries.TimeseriesService;
+import org.thingsboard.server.queue.util.TbCoreComponent;
+import org.thingsboard.server.service.entitiy.AbstractTbEntityService;
+import org.thingsboard.server.service.security.model.SecurityUser;
+import org.thingsboard.server.service.security.permission.Operation;
+import org.thingsboard.server.service.security.permission.Resource;
+
+import javax.annotation.Nullable;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+import java.util.concurrent.ExecutionException;
+import java.util.stream.Collectors;
+
+import static org.apache.commons.lang3.StringUtils.isBlank;
+import static org.thingsboard.server.dao.service.Validator.validateId;
+
+@Service
+@TbCoreComponent
+@AllArgsConstructor
+@Slf4j
+public class DefaultTbEntityViewService extends AbstractTbEntityService implements TbEntityViewService {
+
+    @Autowired
+    private TimeseriesService tsService;
+
+    @Override
+    public EntityView save(EntityView entityView, SecurityUser user) throws ThingsboardException {
+        ActionType actionType = entityView.getId() == null ? ActionType.ADDED : ActionType.UPDATED;
+        try {
+            List<ListenableFuture<?>> futures = new ArrayList<>();
+
+            if (entityView.getId() == null) {
+                accessControlService
+                        .checkPermission(user, Resource.ENTITY_VIEW, Operation.CREATE, null, entityView);
+            } else {
+                EntityView existingEntityView = checkEntityViewId(entityView.getId(), Operation.WRITE, user);
+                if (existingEntityView.getKeys() != null) {
+                    if (existingEntityView.getKeys().getAttributes() != null) {
+                        futures.add(deleteAttributesFromEntityView(existingEntityView, DataConstants.CLIENT_SCOPE, existingEntityView.getKeys().getAttributes().getCs(), user));
+                        futures.add(deleteAttributesFromEntityView(existingEntityView, DataConstants.SERVER_SCOPE, existingEntityView.getKeys().getAttributes().getCs(), user));
+                        futures.add(deleteAttributesFromEntityView(existingEntityView, DataConstants.SHARED_SCOPE, existingEntityView.getKeys().getAttributes().getCs(), user));
+                    }
+                }
+                List<String> tsKeys = existingEntityView.getKeys() != null && existingEntityView.getKeys().getTimeseries() != null ?
+                        existingEntityView.getKeys().getTimeseries() : Collections.emptyList();
+                futures.add(deleteLatestFromEntityView(existingEntityView, tsKeys, user));
+            }
+
+            EntityView savedEntityView = checkNotNull(entityViewService.saveEntityView(entityView));
+            if (savedEntityView.getKeys() != null) {
+                if (savedEntityView.getKeys().getAttributes() != null) {
+                    futures.add(copyAttributesFromEntityToEntityView(savedEntityView, DataConstants.CLIENT_SCOPE, savedEntityView.getKeys().getAttributes().getCs(), user));
+                    futures.add(copyAttributesFromEntityToEntityView(savedEntityView, DataConstants.SERVER_SCOPE, savedEntityView.getKeys().getAttributes().getSs(), user));
+                    futures.add(copyAttributesFromEntityToEntityView(savedEntityView, DataConstants.SHARED_SCOPE, savedEntityView.getKeys().getAttributes().getSh(), user));
+                }
+                futures.add(copyLatestFromEntityToEntityView(savedEntityView, user));
+            }
+            for (ListenableFuture<?> future : futures) {
+                try {
+                    future.get();
+                } catch (InterruptedException | ExecutionException e) {
+                    throw new RuntimeException("Failed to copy attributes to entity view", e);
+                }
+            }
+
+            notificationEntityService.notifyCreateOrUpdateEntity(user.getTenantId(), savedEntityView.getId(), savedEntityView,
+                    null, actionType, user);
+
+            return savedEntityView;
+        } catch (Exception e) {
+            notificationEntityService.notifyEntity(user.getTenantId(), emptyId(EntityType.ENTITY_VIEW), entityView, null, actionType, user, e);
+            throw handleException(e);
+        }
+    }
+
+    @Override
+    public void delete(EntityView entityView, SecurityUser user) throws ThingsboardException {
+        TenantId tenantId = entityView.getTenantId();
+        EntityViewId entityViewId = entityView.getId();
+        try {
+            List<EdgeId> relatedEdgeIds = findRelatedEdgeIds(tenantId, entityViewId);
+            entityViewService.deleteEntityView(tenantId, entityViewId);
+            notificationEntityService.notifyDeleteEntity(tenantId, entityViewId, entityView, user.getCustomerId(), ActionType.DELETED,
+                    relatedEdgeIds, user, entityViewId.toString());
+        } catch (Exception e) {
+            notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.ENTITY_VIEW), null, null,
+                    ActionType.DELETED, user, e, entityViewId.toString());
+            throw handleException(e);
+        }
+    }
+
+    @Override
+    public EntityView assignEntityViewToCustomer(EntityViewId entityViewId, Customer customer, SecurityUser user) throws ThingsboardException {
+        ActionType actionType = ActionType.ASSIGNED_TO_CUSTOMER;
+        CustomerId customerId = customer.getId();
+        try {
+            EntityView savedEntityView = checkNotNull(entityViewService.assignEntityViewToCustomer(user.getTenantId(), entityViewId, customerId));
+            notificationEntityService.notifyAssignOrUnassignEntityToCustomer(user.getTenantId(), entityViewId, customerId, savedEntityView,
+                    actionType, EdgeEventActionType.ASSIGNED_TO_CUSTOMER, user, true, customerId.toString(), customer.getName());
+            return savedEntityView;
+        } catch (Exception e) {
+            notificationEntityService.notifyEntity(user.getTenantId(), emptyId(EntityType.ENTITY_VIEW), null, null,
+                    actionType, user, e, entityViewId.toString(), customerId.toString());
+            throw handleException(e);
+        }
+    }
+
+    @Override
+    public EntityView assignEntityViewToPublicCustomer(EntityViewId entityViewId, SecurityUser user) throws ThingsboardException {
+        ActionType actionType = ActionType.ASSIGNED_TO_CUSTOMER;
+        try {
+            Customer publicCustomer = customerService.findOrCreatePublicCustomer(user.getTenantId());
+            EntityView savedEntityView = checkNotNull(entityViewService.assignEntityViewToCustomer(user.getTenantId(), entityViewId, publicCustomer.getId()));
+            notificationEntityService.notifyAssignOrUnassignEntityToCustomer(user.getTenantId(), entityViewId, user.getCustomerId(), savedEntityView,
+                    actionType, null, user, false, entityViewId.toString(),
+                    publicCustomer.getId().toString(), publicCustomer.getName());
+            return savedEntityView;
+        } catch (Exception e) {
+            notificationEntityService.notifyEntity(user.getTenantId(), emptyId(EntityType.ENTITY_VIEW), null, null,
+                    actionType, user, e, entityViewId.toString());
+            throw handleException(e);
+        }
+    }
+
+    @Override
+    public EntityView assignEntityViewToEdge(EntityViewId entityViewId, Edge edge, SecurityUser user) throws ThingsboardException {
+        ActionType actionType = ActionType.ASSIGNED_TO_EDGE;
+        EdgeId edgeId = edge.getId();
+        TenantId tenantId = user.getTenantId();
+        try {
+            EntityView savedEntityView = checkNotNull(entityViewService.assignEntityViewToEdge(tenantId, entityViewId, edgeId));
+            notificationEntityService.notifyAssignOrUnassignEntityToEdge(tenantId, entityViewId, user.getCustomerId(),
+                    edgeId, savedEntityView, actionType, EdgeEventActionType.ASSIGNED_TO_EDGE, user, entityViewId.toString(),
+                    edgeId.toString(), edge.getName());
+            return savedEntityView;
+        } catch (Exception e) {
+            notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.DEVICE), null, null,
+                    actionType, user, e, entityViewId.toString(), edgeId.toString());
+            throw handleException(e);
+        }
+    }
+
+    @Override
+    public EntityView unassignEntityViewFromEdge(EntityView entityView, Edge edge, SecurityUser user) throws ThingsboardException {
+        ActionType actionType = ActionType.UNASSIGNED_FROM_EDGE;
+        TenantId tenantId = user.getTenantId();
+        EntityViewId entityViewId = entityView.getId();
+        EdgeId edgeId = edge.getId();
+        try {
+            EntityView savedDevice = checkNotNull(entityViewService.unassignEntityViewFromEdge(tenantId, entityViewId, edgeId));
+
+            notificationEntityService.notifyAssignOrUnassignEntityToEdge(tenantId, entityViewId, user.getCustomerId(),
+                    edgeId, entityView, actionType, EdgeEventActionType.UNASSIGNED_FROM_EDGE, user, entityViewId.toString(),
+                    edgeId.toString(), edge.getName());
+            return savedDevice;
+        } catch (Exception e) {
+            notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.ENTITY_VIEW), null, null,
+                    actionType, user, e, entityViewId.toString(), edgeId.toString());
+            throw handleException(e);
+        }
+    }
+
+    //
+    @Override
+    public EntityView unassignEntityViewFromCustomer(EntityView entityView, Customer customer, SecurityUser user) throws ThingsboardException {
+        ActionType actionType = ActionType.UNASSIGNED_FROM_CUSTOMER;
+        TenantId tenantId = entityView.getTenantId();
+        try {
+            EntityView savedEntityView = checkNotNull(entityViewService.unassignEntityViewFromCustomer(tenantId, entityView.getId()));
+            notificationEntityService.notifyAssignOrUnassignEntityToCustomer(tenantId, entityView.getId(), customer.getId(), savedEntityView,
+                    actionType, EdgeEventActionType.UNASSIGNED_FROM_CUSTOMER, user, true, customer.getId().toString(), customer.getName());
+            return savedEntityView;
+        } catch (Exception e) {
+            notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.ENTITY_VIEW), null, null,
+                    actionType, user, e, entityView.getId().toString());
+            throw handleException(e);
+        }
+    }
+
+
+    private ListenableFuture<List<Void>> copyAttributesFromEntityToEntityView(EntityView entityView, String scope, Collection<String> keys, SecurityUser user) throws ThingsboardException {
+        EntityViewId entityId = entityView.getId();
+        if (keys != null && !keys.isEmpty()) {
+            ListenableFuture<List<AttributeKvEntry>> getAttrFuture = attributesService.find(entityView.getTenantId(), entityView.getEntityId(), scope, keys);
+            return Futures.transform(getAttrFuture, attributeKvEntries -> {
+                List<AttributeKvEntry> attributes;
+                if (attributeKvEntries != null && !attributeKvEntries.isEmpty()) {
+                    attributes =
+                            attributeKvEntries.stream()
+                                    .filter(attributeKvEntry -> {
+                                        long startTime = entityView.getStartTimeMs();
+                                        long endTime = entityView.getEndTimeMs();
+                                        long lastUpdateTs = attributeKvEntry.getLastUpdateTs();
+                                        return startTime == 0 && endTime == 0 ||
+                                                (endTime == 0 && startTime < lastUpdateTs) ||
+                                                (startTime == 0 && endTime > lastUpdateTs)
+                                                ? true : startTime < lastUpdateTs && endTime > lastUpdateTs;
+                                    }).collect(Collectors.toList());
+                    tsSubService.saveAndNotify(entityView.getTenantId(), entityId, scope, attributes, new FutureCallback<Void>() {
+                        @Override
+                        public void onSuccess(@Nullable Void tmp) {
+                            try {
+                                logAttributesUpdated(user, entityId, scope, attributes, null);
+                            } catch (ThingsboardException e) {
+                                log.error("Failed to log attribute updates", e);
+                            }
+                        }
+
+                        @Override
+                        public void onFailure(Throwable t) {
+                            try {
+                                logAttributesUpdated(user, entityId, scope, attributes, t);
+                            } catch (ThingsboardException e) {
+                                log.error("Failed to log attribute updates", e);
+                            }
+                        }
+                    });
+                }
+                return null;
+            }, MoreExecutors.directExecutor());
+        } else {
+            return Futures.immediateFuture(null);
+        }
+    }
+
+    private ListenableFuture<List<Void>> copyLatestFromEntityToEntityView(EntityView entityView, SecurityUser user) {
+        EntityViewId entityId = entityView.getId();
+        List<String> keys = entityView.getKeys() != null && entityView.getKeys().getTimeseries() != null ?
+                entityView.getKeys().getTimeseries() : Collections.emptyList();
+        long startTs = entityView.getStartTimeMs();
+        long endTs = entityView.getEndTimeMs() == 0 ? Long.MAX_VALUE : entityView.getEndTimeMs();
+        ListenableFuture<List<String>> keysFuture;
+        if (keys.isEmpty()) {
+            keysFuture = Futures.transform(tsService.findAllLatest(user.getTenantId(),
+                    entityView.getEntityId()), latest -> latest.stream().map(TsKvEntry::getKey).collect(Collectors.toList()), MoreExecutors.directExecutor());
+        } else {
+            keysFuture = Futures.immediateFuture(keys);
+        }
+        ListenableFuture<List<TsKvEntry>> latestFuture = Futures.transformAsync(keysFuture, fetchKeys -> {
+            List<ReadTsKvQuery> queries = fetchKeys.stream().filter(key -> !isBlank(key)).map(key -> new BaseReadTsKvQuery(key, startTs, endTs, 1, "DESC")).collect(Collectors.toList());
+            if (!queries.isEmpty()) {
+                return tsService.findAll(user.getTenantId(), entityView.getEntityId(), queries);
+            } else {
+                return Futures.immediateFuture(null);
+            }
+        }, MoreExecutors.directExecutor());
+        return Futures.transform(latestFuture, latestValues -> {
+            if (latestValues != null && !latestValues.isEmpty()) {
+                tsSubService.saveLatestAndNotify(entityView.getTenantId(), entityId, latestValues, new FutureCallback<Void>() {
+                    @Override
+                    public void onSuccess(@Nullable Void tmp) {
+                    }
+
+                    @Override
+                    public void onFailure(Throwable t) {
+                    }
+                });
+            }
+            return null;
+        }, MoreExecutors.directExecutor());
+    }
+
+
+    private ListenableFuture<Void> deleteAttributesFromEntityView(EntityView entityView, String scope, List<String> keys, SecurityUser user) {
+        EntityViewId entityId = entityView.getId();
+        SettableFuture<Void> resultFuture = SettableFuture.create();
+        if (keys != null && !keys.isEmpty()) {
+            tsSubService.deleteAndNotify(entityView.getTenantId(), entityId, scope, keys, new FutureCallback<Void>() {
+                @Override
+                public void onSuccess(@Nullable Void tmp) {
+                    try {
+                        logAttributesDeleted(user, entityId, scope, keys, null);
+                    } catch (ThingsboardException e) {
+                        log.error("Failed to log attribute delete", e);
+                    }
+                    resultFuture.set(tmp);
+                }
+
+                @Override
+                public void onFailure(Throwable t) {
+                    try {
+                        logAttributesDeleted(user, entityId, scope, keys, t);
+                    } catch (ThingsboardException e) {
+                        log.error("Failed to log attribute delete", e);
+                    }
+                    resultFuture.setException(t);
+                }
+            });
+        } else {
+            resultFuture.set(null);
+        }
+        return resultFuture;
+    }
+
+    private ListenableFuture<Void> deleteLatestFromEntityView(EntityView entityView, List<String> keys, SecurityUser user) {
+        EntityViewId entityId = entityView.getId();
+        SettableFuture<Void> resultFuture = SettableFuture.create();
+        if (keys != null && !keys.isEmpty()) {
+            tsSubService.deleteLatest(entityView.getTenantId(), entityId, keys, new FutureCallback<Void>() {
+                @Override
+                public void onSuccess(@Nullable Void tmp) {
+                    try {
+                        logTimeseriesDeleted(user, entityId, keys, null);
+                    } catch (ThingsboardException e) {
+                        log.error("Failed to log timeseries delete", e);
+                    }
+                    resultFuture.set(tmp);
+                }
+
+                @Override
+                public void onFailure(Throwable t) {
+                    try {
+                        logTimeseriesDeleted(user, entityId, keys, t);
+                    } catch (ThingsboardException e) {
+                        log.error("Failed to log timeseries delete", e);
+                    }
+                    resultFuture.setException(t);
+                }
+            });
+        } else {
+            tsSubService.deleteAllLatest(entityView.getTenantId(), entityId, new FutureCallback<Collection<String>>() {
+                @Override
+                public void onSuccess(@Nullable Collection<String> keys) {
+                    try {
+                        logTimeseriesDeleted(user, entityId, new ArrayList<>(keys), null);
+                    } catch (ThingsboardException e) {
+                        log.error("Failed to log timeseries delete", e);
+                    }
+                    resultFuture.set(null);
+                }
+
+                @Override
+                public void onFailure(Throwable t) {
+                    try {
+                        logTimeseriesDeleted(user, entityId, Collections.emptyList(), t);
+                    } catch (ThingsboardException e) {
+                        log.error("Failed to log timeseries delete", e);
+                    }
+                    resultFuture.setException(t);
+                }
+            });
+        }
+        return resultFuture;
+    }
+
+    private void logAttributesUpdated(SecurityUser user, EntityId entityId, String scope, List<AttributeKvEntry> attributes, Throwable e) throws ThingsboardException {
+        logEntityAction(user, user.getTenantId(), entityId, null, null, ActionType.ATTRIBUTES_UPDATED, toException(e), scope, attributes);
+    }
+
+    private void logAttributesDeleted(SecurityUser user, EntityId entityId, String scope, List<String> keys, Throwable e) throws ThingsboardException {
+        logEntityAction(user, user.getTenantId(), entityId, null, null, ActionType.ATTRIBUTES_DELETED, toException(e), scope, keys);
+    }
+
+    private void logTimeseriesDeleted(SecurityUser user, EntityId entityId, List<String> keys, Throwable e) throws ThingsboardException {
+        logEntityAction(user, user.getTenantId(), entityId, null, null, ActionType.TIMESERIES_DELETED, toException(e), keys);
+    }
+
+    private EntityView checkEntityViewId(EntityViewId entityViewId, Operation operation, SecurityUser user) throws ThingsboardException {
+        try {
+            validateId(entityViewId, "Incorrect entityViewId " + entityViewId);
+            EntityView entityView = entityViewService.findEntityViewById(user.getTenantId(), entityViewId);
+            checkNotNull(entityView, "Entity view with id [" + entityViewId + "] is not found");
+            accessControlService.checkPermission(user, Resource.ENTITY_VIEW, operation, entityViewId, entityView);
+            return entityView;
+        } catch (Exception e) {
+            throw handleException(e, false);
+        }
+    }
+
+    public static Exception toException(Throwable error) {
+        return error != null ? (Exception.class.isInstance(error) ? (Exception) error : new Exception(error)) : null;
+    }
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/TbEntityViewService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/TbEntityViewService.java
new file mode 100644
index 0000000000..109041c222
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/TbEntityViewService.java
@@ -0,0 +1,38 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.entitiy.entityView;
+
+import org.thingsboard.server.common.data.Customer;
+import org.thingsboard.server.common.data.EntityView;
+import org.thingsboard.server.common.data.edge.Edge;
+import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.EntityViewId;
+import org.thingsboard.server.service.entitiy.SimpleTbEntityService;
+import org.thingsboard.server.service.security.model.SecurityUser;
+
+public interface TbEntityViewService extends SimpleTbEntityService<EntityView> {
+
+    EntityView assignEntityViewToCustomer(EntityViewId entityViewId, Customer customer, SecurityUser user) throws ThingsboardException;
+
+    EntityView assignEntityViewToPublicCustomer(EntityViewId entityViewId, SecurityUser user) throws ThingsboardException;
+
+    EntityView assignEntityViewToEdge(EntityViewId entityViewId, Edge edge, SecurityUser user) throws ThingsboardException;
+
+    EntityView unassignEntityViewFromEdge(EntityView entityView, Edge edge, SecurityUser user) throws ThingsboardException;
+
+    EntityView unassignEntityViewFromCustomer(EntityView entityView, Customer customer, SecurityUser user) throws ThingsboardException;
+
+}

From 907ac6da3df20f0e2c0a428ce35e5dba6cdabd3a Mon Sep 17 00:00:00 2001
From: nickAS21 <nick@thingsboard.io>
Date: Thu, 19 May 2022 18:45:40 +0300
Subject: [PATCH 52/92] refactoring: EntityViewController comments1

---
 .../DefaultTbNotificationEntityService.java     |  1 -
 .../entityView/DefaultTbEntityViewService.java  | 17 ++++++-----------
 2 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/DefaultTbNotificationEntityService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/DefaultTbNotificationEntityService.java
index 63ccd2b7a2..ad59452d64 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/DefaultTbNotificationEntityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/DefaultTbNotificationEntityService.java
@@ -301,5 +301,4 @@ public class DefaultTbNotificationEntityService implements TbNotificationEntityS
                 return null;
         }
     }
-
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java
index 6c8b49daa5..7ef353e854 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java
@@ -22,20 +22,19 @@ import com.google.common.util.concurrent.MoreExecutors;
 import com.google.common.util.concurrent.SettableFuture;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.thingsboard.server.common.data.Customer;
-import org.thingsboard.server.common.data.EntityView;
 import org.thingsboard.server.common.data.DataConstants;
 import org.thingsboard.server.common.data.EntityType;
+import org.thingsboard.server.common.data.EntityView;
 import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.edge.Edge;
 import org.thingsboard.server.common.data.edge.EdgeEventActionType;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.CustomerId;
-import org.thingsboard.server.common.data.id.EntityViewId;
 import org.thingsboard.server.common.data.id.EdgeId;
 import org.thingsboard.server.common.data.id.EntityId;
+import org.thingsboard.server.common.data.id.EntityViewId;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.kv.AttributeKvEntry;
 import org.thingsboard.server.common.data.kv.BaseReadTsKvQuery;
@@ -65,8 +64,7 @@ import static org.thingsboard.server.dao.service.Validator.validateId;
 @Slf4j
 public class DefaultTbEntityViewService extends AbstractTbEntityService implements TbEntityViewService {
 
-    @Autowired
-    private TimeseriesService tsService;
+    private  final TimeseriesService tsService;
 
     @Override
     public EntityView save(EntityView entityView, SecurityUser user) throws ThingsboardException {
@@ -205,7 +203,6 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
         }
     }
 
-    //
     @Override
     public EntityView unassignEntityViewFromCustomer(EntityView entityView, Customer customer, SecurityUser user) throws ThingsboardException {
         ActionType actionType = ActionType.UNASSIGNED_FROM_CUSTOMER;
@@ -222,7 +219,6 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
         }
     }
 
-
     private ListenableFuture<List<Void>> copyAttributesFromEntityToEntityView(EntityView entityView, String scope, Collection<String> keys, SecurityUser user) throws ThingsboardException {
         EntityViewId entityId = entityView.getId();
         if (keys != null && !keys.isEmpty()) {
@@ -305,7 +301,6 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
         }, MoreExecutors.directExecutor());
     }
 
-
     private ListenableFuture<Void> deleteAttributesFromEntityView(EntityView entityView, String scope, List<String> keys, SecurityUser user) {
         EntityViewId entityId = entityView.getId();
         SettableFuture<Void> resultFuture = SettableFuture.create();
@@ -389,15 +384,15 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
     }
 
     private void logAttributesUpdated(SecurityUser user, EntityId entityId, String scope, List<AttributeKvEntry> attributes, Throwable e) throws ThingsboardException {
-        logEntityAction(user, user.getTenantId(), entityId, null, null, ActionType.ATTRIBUTES_UPDATED, toException(e), scope, attributes);
+        notificationEntityService.notifyEntity(user.getTenantId(), entityId, null, null, ActionType.ATTRIBUTES_UPDATED, user, toException(e), scope, attributes);
     }
 
     private void logAttributesDeleted(SecurityUser user, EntityId entityId, String scope, List<String> keys, Throwable e) throws ThingsboardException {
-        logEntityAction(user, user.getTenantId(), entityId, null, null, ActionType.ATTRIBUTES_DELETED, toException(e), scope, keys);
+        notificationEntityService.notifyEntity(user.getTenantId(), entityId, null, null, ActionType.ATTRIBUTES_DELETED, user, toException(e), scope, keys);
     }
 
     private void logTimeseriesDeleted(SecurityUser user, EntityId entityId, List<String> keys, Throwable e) throws ThingsboardException {
-        logEntityAction(user, user.getTenantId(), entityId, null, null, ActionType.TIMESERIES_DELETED, toException(e), keys);
+        notificationEntityService.notifyEntity(user.getTenantId(), entityId, null, null, ActionType.TIMESERIES_DELETED, user, toException(e), keys);
     }
 
     private EntityView checkEntityViewId(EntityViewId entityViewId, Operation operation, SecurityUser user) throws ThingsboardException {

From 91741f6b643317648cda6224e050e3539e650b89 Mon Sep 17 00:00:00 2001
From: nickAS21 <nick@thingsboard.io>
Date: Thu, 19 May 2022 23:46:47 +0300
Subject: [PATCH 53/92] refactoring: EntityViewController TenantId CustomerId
 to service

---
 .../controller/EntityViewController.java      | 10 +++---
 .../DefaultTbEntityViewService.java           | 35 +++++++++----------
 .../entityView/TbEntityViewService.java       | 12 ++++---
 3 files changed, 28 insertions(+), 29 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/EntityViewController.java b/application/src/main/java/org/thingsboard/server/controller/EntityViewController.java
index e78a393b19..b6e62c02ef 100644
--- a/application/src/main/java/org/thingsboard/server/controller/EntityViewController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/EntityViewController.java
@@ -194,7 +194,7 @@ public class EntityViewController extends BaseController {
 
         EntityViewId entityViewId = new EntityViewId(toUUID(strEntityViewId));
         checkEntityViewId(entityViewId, Operation.ASSIGN_TO_CUSTOMER);
-        return tbEntityViewService.assignEntityViewToCustomer(entityViewId, customer, getCurrentUser());
+        return tbEntityViewService.assignEntityViewToCustomer(getTenantId(), entityViewId, customer, getCurrentUser());
     }
 
     @ApiOperation(value = "Unassign Entity View from customer (unassignEntityViewFromCustomer)",
@@ -214,7 +214,7 @@ public class EntityViewController extends BaseController {
 
         Customer customer = checkCustomerId(entityView.getCustomerId(), Operation.READ);
 
-        return tbEntityViewService.unassignEntityViewFromCustomer(entityView, customer, getCurrentUser());
+        return tbEntityViewService.unassignEntityViewFromCustomer(getTenantId(), entityView, customer, getCurrentUser());
     }
 
     @ApiOperation(value = "Get Customer Entity Views (getCustomerEntityViews)",
@@ -416,7 +416,7 @@ public class EntityViewController extends BaseController {
         checkParameter(ENTITY_VIEW_ID, strEntityViewId);
         EntityViewId entityViewId = new EntityViewId(toUUID(strEntityViewId));
         checkEntityViewId(entityViewId, Operation.ASSIGN_TO_CUSTOMER);
-        return tbEntityViewService.assignEntityViewToPublicCustomer(entityViewId, getCurrentUser());
+        return tbEntityViewService.assignEntityViewToPublicCustomer(getTenantId(), getCurrentUser().getCustomerId(), entityViewId, getCurrentUser());
     }
 
     @ApiOperation(value = "Assign entity view to edge (assignEntityViewToEdge)",
@@ -439,7 +439,7 @@ public class EntityViewController extends BaseController {
 
         EntityViewId entityViewId = new EntityViewId(toUUID(strEntityViewId));
         checkEntityViewId(entityViewId, Operation.READ);
-        return tbEntityViewService.assignEntityViewToEdge(entityViewId, edge, getCurrentUser());
+        return tbEntityViewService.assignEntityViewToEdge(getTenantId(), getCurrentUser().getCustomerId(), entityViewId, edge, getCurrentUser());
     }
 
     @ApiOperation(value = "Unassign entity view from edge (unassignEntityViewFromEdge)",
@@ -463,7 +463,7 @@ public class EntityViewController extends BaseController {
         EntityViewId entityViewId = new EntityViewId(toUUID(strEntityViewId));
         EntityView entityView = checkEntityViewId(entityViewId, Operation.READ);
 
-        return tbEntityViewService.unassignEntityViewFromEdge(entityView, edge, getCurrentUser());
+        return tbEntityViewService.unassignEntityViewFromEdge(getTenantId(), entityView.getCustomerId(), entityView, edge, getCurrentUser());
      }
 
     @PreAuthorize("hasAnyAuthority('TENANT_ADMIN', 'CUSTOMER_USER')")
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java
index 7ef353e854..eae7412dbd 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java
@@ -106,7 +106,7 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
                 }
             }
 
-            notificationEntityService.notifyCreateOrUpdateEntity(user.getTenantId(), savedEntityView.getId(), savedEntityView,
+            notificationEntityService.notifyCreateOrUpdateEntity(savedEntityView.getTenantId(), savedEntityView.getId(), savedEntityView,
                     null, actionType, user);
 
             return savedEntityView;
@@ -123,7 +123,7 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
         try {
             List<EdgeId> relatedEdgeIds = findRelatedEdgeIds(tenantId, entityViewId);
             entityViewService.deleteEntityView(tenantId, entityViewId);
-            notificationEntityService.notifyDeleteEntity(tenantId, entityViewId, entityView, user.getCustomerId(), ActionType.DELETED,
+            notificationEntityService.notifyDeleteEntity(tenantId, entityViewId, entityView, user != null ? user.getCustomerId() : null, ActionType.DELETED,
                     relatedEdgeIds, user, entityViewId.toString());
         } catch (Exception e) {
             notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.ENTITY_VIEW), null, null,
@@ -133,46 +133,45 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
     }
 
     @Override
-    public EntityView assignEntityViewToCustomer(EntityViewId entityViewId, Customer customer, SecurityUser user) throws ThingsboardException {
+    public EntityView assignEntityViewToCustomer(TenantId tenantId, EntityViewId entityViewId, Customer customer, SecurityUser user) throws ThingsboardException {
         ActionType actionType = ActionType.ASSIGNED_TO_CUSTOMER;
         CustomerId customerId = customer.getId();
         try {
-            EntityView savedEntityView = checkNotNull(entityViewService.assignEntityViewToCustomer(user.getTenantId(), entityViewId, customerId));
-            notificationEntityService.notifyAssignOrUnassignEntityToCustomer(user.getTenantId(), entityViewId, customerId, savedEntityView,
+            EntityView savedEntityView = checkNotNull(entityViewService.assignEntityViewToCustomer(tenantId, entityViewId, customerId));
+            notificationEntityService.notifyAssignOrUnassignEntityToCustomer(tenantId, entityViewId, customerId, savedEntityView,
                     actionType, EdgeEventActionType.ASSIGNED_TO_CUSTOMER, user, true, customerId.toString(), customer.getName());
             return savedEntityView;
         } catch (Exception e) {
-            notificationEntityService.notifyEntity(user.getTenantId(), emptyId(EntityType.ENTITY_VIEW), null, null,
+            notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.ENTITY_VIEW), null, null,
                     actionType, user, e, entityViewId.toString(), customerId.toString());
             throw handleException(e);
         }
     }
 
     @Override
-    public EntityView assignEntityViewToPublicCustomer(EntityViewId entityViewId, SecurityUser user) throws ThingsboardException {
+    public EntityView assignEntityViewToPublicCustomer(TenantId tenantId, CustomerId customerId, EntityViewId entityViewId, SecurityUser user) throws ThingsboardException {
         ActionType actionType = ActionType.ASSIGNED_TO_CUSTOMER;
         try {
-            Customer publicCustomer = customerService.findOrCreatePublicCustomer(user.getTenantId());
-            EntityView savedEntityView = checkNotNull(entityViewService.assignEntityViewToCustomer(user.getTenantId(), entityViewId, publicCustomer.getId()));
-            notificationEntityService.notifyAssignOrUnassignEntityToCustomer(user.getTenantId(), entityViewId, user.getCustomerId(), savedEntityView,
+            Customer publicCustomer = customerService.findOrCreatePublicCustomer(tenantId);
+            EntityView savedEntityView = checkNotNull(entityViewService.assignEntityViewToCustomer(tenantId, entityViewId, publicCustomer.getId()));
+            notificationEntityService.notifyAssignOrUnassignEntityToCustomer(tenantId, entityViewId, customerId, savedEntityView,
                     actionType, null, user, false, entityViewId.toString(),
                     publicCustomer.getId().toString(), publicCustomer.getName());
             return savedEntityView;
         } catch (Exception e) {
-            notificationEntityService.notifyEntity(user.getTenantId(), emptyId(EntityType.ENTITY_VIEW), null, null,
+            notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.ENTITY_VIEW), null, null,
                     actionType, user, e, entityViewId.toString());
             throw handleException(e);
         }
     }
 
     @Override
-    public EntityView assignEntityViewToEdge(EntityViewId entityViewId, Edge edge, SecurityUser user) throws ThingsboardException {
+    public EntityView assignEntityViewToEdge(TenantId tenantId, CustomerId customerId, EntityViewId entityViewId, Edge edge, SecurityUser user) throws ThingsboardException {
         ActionType actionType = ActionType.ASSIGNED_TO_EDGE;
         EdgeId edgeId = edge.getId();
-        TenantId tenantId = user.getTenantId();
         try {
             EntityView savedEntityView = checkNotNull(entityViewService.assignEntityViewToEdge(tenantId, entityViewId, edgeId));
-            notificationEntityService.notifyAssignOrUnassignEntityToEdge(tenantId, entityViewId, user.getCustomerId(),
+            notificationEntityService.notifyAssignOrUnassignEntityToEdge(tenantId, entityViewId, customerId,
                     edgeId, savedEntityView, actionType, EdgeEventActionType.ASSIGNED_TO_EDGE, user, entityViewId.toString(),
                     edgeId.toString(), edge.getName());
             return savedEntityView;
@@ -184,15 +183,14 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
     }
 
     @Override
-    public EntityView unassignEntityViewFromEdge(EntityView entityView, Edge edge, SecurityUser user) throws ThingsboardException {
+    public EntityView unassignEntityViewFromEdge(TenantId tenantId, CustomerId customerId, EntityView entityView, Edge edge, SecurityUser user) throws ThingsboardException {
         ActionType actionType = ActionType.UNASSIGNED_FROM_EDGE;
-        TenantId tenantId = user.getTenantId();
         EntityViewId entityViewId = entityView.getId();
         EdgeId edgeId = edge.getId();
         try {
             EntityView savedDevice = checkNotNull(entityViewService.unassignEntityViewFromEdge(tenantId, entityViewId, edgeId));
 
-            notificationEntityService.notifyAssignOrUnassignEntityToEdge(tenantId, entityViewId, user.getCustomerId(),
+            notificationEntityService.notifyAssignOrUnassignEntityToEdge(tenantId, entityViewId, customerId,
                     edgeId, entityView, actionType, EdgeEventActionType.UNASSIGNED_FROM_EDGE, user, entityViewId.toString(),
                     edgeId.toString(), edge.getName());
             return savedDevice;
@@ -204,9 +202,8 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
     }
 
     @Override
-    public EntityView unassignEntityViewFromCustomer(EntityView entityView, Customer customer, SecurityUser user) throws ThingsboardException {
+    public EntityView unassignEntityViewFromCustomer(TenantId tenantId, EntityView entityView, Customer customer, SecurityUser user) throws ThingsboardException {
         ActionType actionType = ActionType.UNASSIGNED_FROM_CUSTOMER;
-        TenantId tenantId = entityView.getTenantId();
         try {
             EntityView savedEntityView = checkNotNull(entityViewService.unassignEntityViewFromCustomer(tenantId, entityView.getId()));
             notificationEntityService.notifyAssignOrUnassignEntityToCustomer(tenantId, entityView.getId(), customer.getId(), savedEntityView,
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/TbEntityViewService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/TbEntityViewService.java
index 109041c222..80fcd68499 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/TbEntityViewService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/TbEntityViewService.java
@@ -19,20 +19,22 @@ import org.thingsboard.server.common.data.Customer;
 import org.thingsboard.server.common.data.EntityView;
 import org.thingsboard.server.common.data.edge.Edge;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.CustomerId;
 import org.thingsboard.server.common.data.id.EntityViewId;
+import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.service.entitiy.SimpleTbEntityService;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 public interface TbEntityViewService extends SimpleTbEntityService<EntityView> {
 
-    EntityView assignEntityViewToCustomer(EntityViewId entityViewId, Customer customer, SecurityUser user) throws ThingsboardException;
+    EntityView assignEntityViewToCustomer(TenantId tenantId, EntityViewId entityViewId, Customer customer, SecurityUser user) throws ThingsboardException;
 
-    EntityView assignEntityViewToPublicCustomer(EntityViewId entityViewId, SecurityUser user) throws ThingsboardException;
+    EntityView assignEntityViewToPublicCustomer(TenantId tenantId, CustomerId customerId, EntityViewId entityViewId, SecurityUser user) throws ThingsboardException;
 
-    EntityView assignEntityViewToEdge(EntityViewId entityViewId, Edge edge, SecurityUser user) throws ThingsboardException;
+    EntityView assignEntityViewToEdge(TenantId tenantId, CustomerId customerId, EntityViewId entityViewId, Edge edge, SecurityUser user) throws ThingsboardException;
 
-    EntityView unassignEntityViewFromEdge(EntityView entityView, Edge edge, SecurityUser user) throws ThingsboardException;
+    EntityView unassignEntityViewFromEdge(TenantId tenantId, CustomerId customerId, EntityView entityView, Edge edge, SecurityUser user) throws ThingsboardException;
 
-    EntityView unassignEntityViewFromCustomer(EntityView entityView, Customer customer, SecurityUser user) throws ThingsboardException;
+    EntityView unassignEntityViewFromCustomer(TenantId tenantId, EntityView entityView, Customer customer, SecurityUser user) throws ThingsboardException;
 
 }

From d813ef560f0602567234fe9d9addb5df75564dc5 Mon Sep 17 00:00:00 2001
From: nickAS21 <nick@thingsboard.io>
Date: Fri, 20 May 2022 08:08:01 +0300
Subject: [PATCH 54/92] refactoring: EntityViewController check entityView

---
 .../controller/EntityViewController.java      | 33 ++++++---
 .../DefaultTbEntityViewService.java           | 69 ++++++-------------
 .../entityView/TbEntityViewService.java       | 22 +++---
 3 files changed, 61 insertions(+), 63 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/EntityViewController.java b/application/src/main/java/org/thingsboard/server/controller/EntityViewController.java
index b6e62c02ef..7e365203f2 100644
--- a/application/src/main/java/org/thingsboard/server/controller/EntityViewController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/EntityViewController.java
@@ -141,7 +141,15 @@ public class EntityViewController extends BaseController {
             @ApiParam(value = "A JSON object representing the entity view.")
             @RequestBody EntityView entityView) throws ThingsboardException {
         entityView.setTenantId(getCurrentUser().getTenantId());
-        return tbEntityViewService.save(entityView, getCurrentUser());
+        EntityView existingEntityView = null;
+        if (entityView.getId() == null) {
+            accessControlService
+                    .checkPermission(getCurrentUser(), Resource.ENTITY_VIEW, Operation.CREATE, null, entityView);
+        } else {
+            existingEntityView = checkEntityViewId(entityView.getId(), Operation.WRITE);
+        }
+        EntityView savedEntityView = checkNotNull(entityViewService.saveEntityView(entityView));
+        return tbEntityViewService.save(entityView, existingEntityView, savedEntityView, getCurrentUser());
     }
 
     @ApiOperation(value = "Delete entity view (deleteEntityView)",
@@ -194,7 +202,9 @@ public class EntityViewController extends BaseController {
 
         EntityViewId entityViewId = new EntityViewId(toUUID(strEntityViewId));
         checkEntityViewId(entityViewId, Operation.ASSIGN_TO_CUSTOMER);
-        return tbEntityViewService.assignEntityViewToCustomer(getTenantId(), entityViewId, customer, getCurrentUser());
+
+        EntityView savedEntityView = checkNotNull(entityViewService.assignEntityViewToCustomer(getTenantId(), entityViewId, customerId));
+        return tbEntityViewService.assignEntityViewToCustomer(getTenantId(), savedEntityView, customer, getCurrentUser());
     }
 
     @ApiOperation(value = "Unassign Entity View from customer (unassignEntityViewFromCustomer)",
@@ -213,8 +223,8 @@ public class EntityViewController extends BaseController {
         }
 
         Customer customer = checkCustomerId(entityView.getCustomerId(), Operation.READ);
-
-        return tbEntityViewService.unassignEntityViewFromCustomer(getTenantId(), entityView, customer, getCurrentUser());
+        EntityView savedEntityView = checkNotNull(entityViewService.unassignEntityViewFromCustomer(getTenantId(), entityView.getId()));
+        return tbEntityViewService.unassignEntityViewFromCustomer(getTenantId(), savedEntityView, customer, getCurrentUser());
     }
 
     @ApiOperation(value = "Get Customer Entity Views (getCustomerEntityViews)",
@@ -416,7 +426,11 @@ public class EntityViewController extends BaseController {
         checkParameter(ENTITY_VIEW_ID, strEntityViewId);
         EntityViewId entityViewId = new EntityViewId(toUUID(strEntityViewId));
         checkEntityViewId(entityViewId, Operation.ASSIGN_TO_CUSTOMER);
-        return tbEntityViewService.assignEntityViewToPublicCustomer(getTenantId(), getCurrentUser().getCustomerId(), entityViewId, getCurrentUser());
+        Customer publicCustomer = customerService.findOrCreatePublicCustomer(getTenantId());
+        EntityView savedEntityView = checkNotNull(entityViewService.assignEntityViewToCustomer(getTenantId(),
+                entityViewId, publicCustomer.getId()));
+        return tbEntityViewService.assignEntityViewToPublicCustomer(getTenantId(), getCurrentUser().getCustomerId(),
+                publicCustomer, savedEntityView, getCurrentUser());
     }
 
     @ApiOperation(value = "Assign entity view to edge (assignEntityViewToEdge)",
@@ -439,7 +453,8 @@ public class EntityViewController extends BaseController {
 
         EntityViewId entityViewId = new EntityViewId(toUUID(strEntityViewId));
         checkEntityViewId(entityViewId, Operation.READ);
-        return tbEntityViewService.assignEntityViewToEdge(getTenantId(), getCurrentUser().getCustomerId(), entityViewId, edge, getCurrentUser());
+        EntityView savedEntityView = checkNotNull(entityViewService.assignEntityViewToEdge(getTenantId(), entityViewId, edgeId));
+        return tbEntityViewService.assignEntityViewToEdge(getTenantId(), getCurrentUser().getCustomerId(), savedEntityView, edge, getCurrentUser());
     }
 
     @ApiOperation(value = "Unassign entity view from edge (unassignEntityViewFromEdge)",
@@ -463,8 +478,10 @@ public class EntityViewController extends BaseController {
         EntityViewId entityViewId = new EntityViewId(toUUID(strEntityViewId));
         EntityView entityView = checkEntityViewId(entityViewId, Operation.READ);
 
-        return tbEntityViewService.unassignEntityViewFromEdge(getTenantId(), entityView.getCustomerId(), entityView, edge, getCurrentUser());
-     }
+        EntityView savedEntityView = checkNotNull(entityViewService.unassignEntityViewFromEdge(getTenantId(), entityViewId, edgeId));
+
+        return tbEntityViewService.unassignEntityViewFromEdge(getTenantId(), entityView.getCustomerId(), entityView, savedEntityView, edge, getCurrentUser());
+    }
 
     @PreAuthorize("hasAnyAuthority('TENANT_ADMIN', 'CUSTOMER_USER')")
     @RequestMapping(value = "/edge/{edgeId}/entityViews", params = {"pageSize", "page"}, method = RequestMethod.GET)
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java
index eae7412dbd..ee082ff7ef 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java
@@ -44,8 +44,6 @@ import org.thingsboard.server.dao.timeseries.TimeseriesService;
 import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.entitiy.AbstractTbEntityService;
 import org.thingsboard.server.service.security.model.SecurityUser;
-import org.thingsboard.server.service.security.permission.Operation;
-import org.thingsboard.server.service.security.permission.Resource;
 
 import javax.annotation.Nullable;
 import java.util.ArrayList;
@@ -56,7 +54,6 @@ import java.util.concurrent.ExecutionException;
 import java.util.stream.Collectors;
 
 import static org.apache.commons.lang3.StringUtils.isBlank;
-import static org.thingsboard.server.dao.service.Validator.validateId;
 
 @Service
 @TbCoreComponent
@@ -67,16 +64,11 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
     private  final TimeseriesService tsService;
 
     @Override
-    public EntityView save(EntityView entityView, SecurityUser user) throws ThingsboardException {
+    public EntityView save(EntityView entityView, EntityView existingEntityView, EntityView savedEntityView, SecurityUser user) throws ThingsboardException {
         ActionType actionType = entityView.getId() == null ? ActionType.ADDED : ActionType.UPDATED;
         try {
             List<ListenableFuture<?>> futures = new ArrayList<>();
-
-            if (entityView.getId() == null) {
-                accessControlService
-                        .checkPermission(user, Resource.ENTITY_VIEW, Operation.CREATE, null, entityView);
-            } else {
-                EntityView existingEntityView = checkEntityViewId(entityView.getId(), Operation.WRITE, user);
+            if (existingEntityView != null) {
                 if (existingEntityView.getKeys() != null) {
                     if (existingEntityView.getKeys().getAttributes() != null) {
                         futures.add(deleteAttributesFromEntityView(existingEntityView, DataConstants.CLIENT_SCOPE, existingEntityView.getKeys().getAttributes().getCs(), user));
@@ -89,7 +81,6 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
                 futures.add(deleteLatestFromEntityView(existingEntityView, tsKeys, user));
             }
 
-            EntityView savedEntityView = checkNotNull(entityViewService.saveEntityView(entityView));
             if (savedEntityView.getKeys() != null) {
                 if (savedEntityView.getKeys().getAttributes() != null) {
                     futures.add(copyAttributesFromEntityToEntityView(savedEntityView, DataConstants.CLIENT_SCOPE, savedEntityView.getKeys().getAttributes().getCs(), user));
@@ -132,68 +123,65 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
         }
     }
 
+
     @Override
-    public EntityView assignEntityViewToCustomer(TenantId tenantId, EntityViewId entityViewId, Customer customer, SecurityUser user) throws ThingsboardException {
+    public EntityView assignEntityViewToCustomer(TenantId tenantId, EntityView savedEntityView, Customer customer, SecurityUser user) throws ThingsboardException {
         ActionType actionType = ActionType.ASSIGNED_TO_CUSTOMER;
         CustomerId customerId = customer.getId();
-        try {
-            EntityView savedEntityView = checkNotNull(entityViewService.assignEntityViewToCustomer(tenantId, entityViewId, customerId));
-            notificationEntityService.notifyAssignOrUnassignEntityToCustomer(tenantId, entityViewId, customerId, savedEntityView,
+            try {
+            notificationEntityService.notifyAssignOrUnassignEntityToCustomer(tenantId, savedEntityView.getEntityId(), customerId, savedEntityView,
                     actionType, EdgeEventActionType.ASSIGNED_TO_CUSTOMER, user, true, customerId.toString(), customer.getName());
             return savedEntityView;
         } catch (Exception e) {
             notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.ENTITY_VIEW), null, null,
-                    actionType, user, e, entityViewId.toString(), customerId.toString());
+                    actionType, user, e, savedEntityView.getEntityId().toString(), customerId.toString());
             throw handleException(e);
         }
     }
 
     @Override
-    public EntityView assignEntityViewToPublicCustomer(TenantId tenantId, CustomerId customerId, EntityViewId entityViewId, SecurityUser user) throws ThingsboardException {
+    public EntityView assignEntityViewToPublicCustomer(TenantId tenantId, CustomerId customerId, Customer publicCustomer,
+                                                       EntityView savedEntityView, SecurityUser user) throws ThingsboardException {
         ActionType actionType = ActionType.ASSIGNED_TO_CUSTOMER;
         try {
-            Customer publicCustomer = customerService.findOrCreatePublicCustomer(tenantId);
-            EntityView savedEntityView = checkNotNull(entityViewService.assignEntityViewToCustomer(tenantId, entityViewId, publicCustomer.getId()));
-            notificationEntityService.notifyAssignOrUnassignEntityToCustomer(tenantId, entityViewId, customerId, savedEntityView,
-                    actionType, null, user, false, entityViewId.toString(),
+            notificationEntityService.notifyAssignOrUnassignEntityToCustomer(tenantId, savedEntityView.getEntityId(), customerId, savedEntityView,
+                    actionType, null, user, false, savedEntityView.getEntityId().toString(),
                     publicCustomer.getId().toString(), publicCustomer.getName());
             return savedEntityView;
         } catch (Exception e) {
             notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.ENTITY_VIEW), null, null,
-                    actionType, user, e, entityViewId.toString());
+                    actionType, user, e, savedEntityView.getEntityId().toString());
             throw handleException(e);
         }
     }
 
     @Override
-    public EntityView assignEntityViewToEdge(TenantId tenantId, CustomerId customerId, EntityViewId entityViewId, Edge edge, SecurityUser user) throws ThingsboardException {
+    public EntityView assignEntityViewToEdge(TenantId tenantId, CustomerId customerId, EntityView savedEntityView, Edge edge, SecurityUser user) throws ThingsboardException {
         ActionType actionType = ActionType.ASSIGNED_TO_EDGE;
         EdgeId edgeId = edge.getId();
         try {
-            EntityView savedEntityView = checkNotNull(entityViewService.assignEntityViewToEdge(tenantId, entityViewId, edgeId));
-            notificationEntityService.notifyAssignOrUnassignEntityToEdge(tenantId, entityViewId, customerId,
-                    edgeId, savedEntityView, actionType, EdgeEventActionType.ASSIGNED_TO_EDGE, user, entityViewId.toString(),
+            notificationEntityService.notifyAssignOrUnassignEntityToEdge(tenantId, savedEntityView.getEntityId(), customerId,
+                    edgeId, savedEntityView, actionType, EdgeEventActionType.ASSIGNED_TO_EDGE, user, savedEntityView.getEntityId().toString(),
                     edgeId.toString(), edge.getName());
             return savedEntityView;
         } catch (Exception e) {
             notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.DEVICE), null, null,
-                    actionType, user, e, entityViewId.toString(), edgeId.toString());
+                    actionType, user, e, savedEntityView.getEntityId().toString(), edgeId.toString());
             throw handleException(e);
         }
     }
 
     @Override
-    public EntityView unassignEntityViewFromEdge(TenantId tenantId, CustomerId customerId, EntityView entityView, Edge edge, SecurityUser user) throws ThingsboardException {
+    public EntityView unassignEntityViewFromEdge(TenantId tenantId, CustomerId customerId, EntityView entityView,
+                                                 EntityView savedEntityView, Edge edge, SecurityUser user) throws ThingsboardException {
         ActionType actionType = ActionType.UNASSIGNED_FROM_EDGE;
         EntityViewId entityViewId = entityView.getId();
         EdgeId edgeId = edge.getId();
         try {
-            EntityView savedDevice = checkNotNull(entityViewService.unassignEntityViewFromEdge(tenantId, entityViewId, edgeId));
-
             notificationEntityService.notifyAssignOrUnassignEntityToEdge(tenantId, entityViewId, customerId,
                     edgeId, entityView, actionType, EdgeEventActionType.UNASSIGNED_FROM_EDGE, user, entityViewId.toString(),
                     edgeId.toString(), edge.getName());
-            return savedDevice;
+            return savedEntityView;
         } catch (Exception e) {
             notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.ENTITY_VIEW), null, null,
                     actionType, user, e, entityViewId.toString(), edgeId.toString());
@@ -202,16 +190,15 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
     }
 
     @Override
-    public EntityView unassignEntityViewFromCustomer(TenantId tenantId, EntityView entityView, Customer customer, SecurityUser user) throws ThingsboardException {
+    public EntityView unassignEntityViewFromCustomer(TenantId tenantId, EntityView savedEntityView, Customer customer, SecurityUser user) throws ThingsboardException {
         ActionType actionType = ActionType.UNASSIGNED_FROM_CUSTOMER;
         try {
-            EntityView savedEntityView = checkNotNull(entityViewService.unassignEntityViewFromCustomer(tenantId, entityView.getId()));
-            notificationEntityService.notifyAssignOrUnassignEntityToCustomer(tenantId, entityView.getId(), customer.getId(), savedEntityView,
+            notificationEntityService.notifyAssignOrUnassignEntityToCustomer(tenantId, savedEntityView.getEntityId(), customer.getId(), savedEntityView,
                     actionType, EdgeEventActionType.UNASSIGNED_FROM_CUSTOMER, user, true, customer.getId().toString(), customer.getName());
             return savedEntityView;
         } catch (Exception e) {
             notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.ENTITY_VIEW), null, null,
-                    actionType, user, e, entityView.getId().toString());
+                    actionType, user, e, savedEntityView.getEntityId().toString());
             throw handleException(e);
         }
     }
@@ -392,18 +379,6 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
         notificationEntityService.notifyEntity(user.getTenantId(), entityId, null, null, ActionType.TIMESERIES_DELETED, user, toException(e), keys);
     }
 
-    private EntityView checkEntityViewId(EntityViewId entityViewId, Operation operation, SecurityUser user) throws ThingsboardException {
-        try {
-            validateId(entityViewId, "Incorrect entityViewId " + entityViewId);
-            EntityView entityView = entityViewService.findEntityViewById(user.getTenantId(), entityViewId);
-            checkNotNull(entityView, "Entity view with id [" + entityViewId + "] is not found");
-            accessControlService.checkPermission(user, Resource.ENTITY_VIEW, operation, entityViewId, entityView);
-            return entityView;
-        } catch (Exception e) {
-            throw handleException(e, false);
-        }
-    }
-
     public static Exception toException(Throwable error) {
         return error != null ? (Exception.class.isInstance(error) ? (Exception) error : new Exception(error)) : null;
     }
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/TbEntityViewService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/TbEntityViewService.java
index 80fcd68499..6240d12499 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/TbEntityViewService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/TbEntityViewService.java
@@ -20,21 +20,27 @@ import org.thingsboard.server.common.data.EntityView;
 import org.thingsboard.server.common.data.edge.Edge;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.CustomerId;
-import org.thingsboard.server.common.data.id.EntityViewId;
 import org.thingsboard.server.common.data.id.TenantId;
-import org.thingsboard.server.service.entitiy.SimpleTbEntityService;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
-public interface TbEntityViewService extends SimpleTbEntityService<EntityView> {
+public interface TbEntityViewService {
 
-    EntityView assignEntityViewToCustomer(TenantId tenantId, EntityViewId entityViewId, Customer customer, SecurityUser user) throws ThingsboardException;
+    EntityView save(EntityView entityView, EntityView existingEntityView, EntityView savedEntityView, SecurityUser user) throws ThingsboardException;
 
-    EntityView assignEntityViewToPublicCustomer(TenantId tenantId, CustomerId customerId, EntityViewId entityViewId, SecurityUser user) throws ThingsboardException;
+    void  delete (EntityView entity, SecurityUser user) throws ThingsboardException;
 
-    EntityView assignEntityViewToEdge(TenantId tenantId, CustomerId customerId, EntityViewId entityViewId, Edge edge, SecurityUser user) throws ThingsboardException;
+    EntityView assignEntityViewToCustomer(TenantId tenantId, EntityView savedEntityView, Customer customer,
+                                          SecurityUser user) throws ThingsboardException;
 
-    EntityView unassignEntityViewFromEdge(TenantId tenantId, CustomerId customerId, EntityView entityView, Edge edge, SecurityUser user) throws ThingsboardException;
+    EntityView assignEntityViewToPublicCustomer(TenantId tenantId, CustomerId customerId, Customer publicCustomer,
+                                                EntityView savedEntityView, SecurityUser user) throws ThingsboardException;
 
-    EntityView unassignEntityViewFromCustomer(TenantId tenantId, EntityView entityView, Customer customer, SecurityUser user) throws ThingsboardException;
+    EntityView assignEntityViewToEdge(TenantId tenantId, CustomerId customerId, EntityView savedEntityView, Edge edge,
+                                      SecurityUser user) throws ThingsboardException;
 
+    EntityView unassignEntityViewFromEdge(TenantId tenantId, CustomerId customerId, EntityView entityView,
+                                          EntityView savedEntityView, Edge edge, SecurityUser user) throws ThingsboardException;
+
+    EntityView unassignEntityViewFromCustomer(TenantId tenantId, EntityView savedEntityView, Customer customer,
+                                              SecurityUser user) throws ThingsboardException;
 }

From 91cb3b1826642d3efd11f3458f702fca5af18d1c Mon Sep 17 00:00:00 2001
From: nickAS21 <nick@thingsboard.io>
Date: Fri, 20 May 2022 10:56:49 +0300
Subject: [PATCH 55/92] refactoring: EntityViewController comments4 (NPE), fix
 bug test

---
 .../controller/EntityViewController.java      |  3 +-
 .../DefaultTbEntityViewService.java           | 46 +++++++++----------
 .../entityView/TbEntityViewService.java       |  2 +-
 3 files changed, 24 insertions(+), 27 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/EntityViewController.java b/application/src/main/java/org/thingsboard/server/controller/EntityViewController.java
index 7e365203f2..163ba2fd69 100644
--- a/application/src/main/java/org/thingsboard/server/controller/EntityViewController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/EntityViewController.java
@@ -148,8 +148,7 @@ public class EntityViewController extends BaseController {
         } else {
             existingEntityView = checkEntityViewId(entityView.getId(), Operation.WRITE);
         }
-        EntityView savedEntityView = checkNotNull(entityViewService.saveEntityView(entityView));
-        return tbEntityViewService.save(entityView, existingEntityView, savedEntityView, getCurrentUser());
+        return tbEntityViewService.save(entityView, existingEntityView, getCurrentUser());
     }
 
     @ApiOperation(value = "Delete entity view (deleteEntityView)",
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java
index ee082ff7ef..97bbb07a43 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java
@@ -61,26 +61,24 @@ import static org.apache.commons.lang3.StringUtils.isBlank;
 @Slf4j
 public class DefaultTbEntityViewService extends AbstractTbEntityService implements TbEntityViewService {
 
-    private  final TimeseriesService tsService;
+    private final TimeseriesService tsService;
 
     @Override
-    public EntityView save(EntityView entityView, EntityView existingEntityView, EntityView savedEntityView, SecurityUser user) throws ThingsboardException {
+    public EntityView save(EntityView entityView, EntityView existingEntityView, SecurityUser user) throws ThingsboardException {
         ActionType actionType = entityView.getId() == null ? ActionType.ADDED : ActionType.UPDATED;
         try {
             List<ListenableFuture<?>> futures = new ArrayList<>();
             if (existingEntityView != null) {
-                if (existingEntityView.getKeys() != null) {
-                    if (existingEntityView.getKeys().getAttributes() != null) {
-                        futures.add(deleteAttributesFromEntityView(existingEntityView, DataConstants.CLIENT_SCOPE, existingEntityView.getKeys().getAttributes().getCs(), user));
-                        futures.add(deleteAttributesFromEntityView(existingEntityView, DataConstants.SERVER_SCOPE, existingEntityView.getKeys().getAttributes().getCs(), user));
-                        futures.add(deleteAttributesFromEntityView(existingEntityView, DataConstants.SHARED_SCOPE, existingEntityView.getKeys().getAttributes().getCs(), user));
-                    }
+                if (existingEntityView.getKeys() != null && existingEntityView.getKeys().getAttributes() != null) {
+                    futures.add(deleteAttributesFromEntityView(existingEntityView, DataConstants.CLIENT_SCOPE, existingEntityView.getKeys().getAttributes().getCs(), user));
+                    futures.add(deleteAttributesFromEntityView(existingEntityView, DataConstants.SERVER_SCOPE, existingEntityView.getKeys().getAttributes().getCs(), user));
+                    futures.add(deleteAttributesFromEntityView(existingEntityView, DataConstants.SHARED_SCOPE, existingEntityView.getKeys().getAttributes().getCs(), user));
                 }
                 List<String> tsKeys = existingEntityView.getKeys() != null && existingEntityView.getKeys().getTimeseries() != null ?
                         existingEntityView.getKeys().getTimeseries() : Collections.emptyList();
                 futures.add(deleteLatestFromEntityView(existingEntityView, tsKeys, user));
             }
-
+            EntityView savedEntityView = checkNotNull(entityViewService.saveEntityView(entityView));
             if (savedEntityView.getKeys() != null) {
                 if (savedEntityView.getKeys().getAttributes() != null) {
                     futures.add(copyAttributesFromEntityToEntityView(savedEntityView, DataConstants.CLIENT_SCOPE, savedEntityView.getKeys().getAttributes().getCs(), user));
@@ -128,7 +126,7 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
     public EntityView assignEntityViewToCustomer(TenantId tenantId, EntityView savedEntityView, Customer customer, SecurityUser user) throws ThingsboardException {
         ActionType actionType = ActionType.ASSIGNED_TO_CUSTOMER;
         CustomerId customerId = customer.getId();
-            try {
+        try {
             notificationEntityService.notifyAssignOrUnassignEntityToCustomer(tenantId, savedEntityView.getEntityId(), customerId, savedEntityView,
                     actionType, EdgeEventActionType.ASSIGNED_TO_CUSTOMER, user, true, customerId.toString(), customer.getName());
             return savedEntityView;
@@ -225,7 +223,7 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
                         @Override
                         public void onSuccess(@Nullable Void tmp) {
                             try {
-                                logAttributesUpdated(user, entityId, scope, attributes, null);
+                                logAttributesUpdated(entityView.getTenantId(), user, entityId, scope, attributes, null);
                             } catch (ThingsboardException e) {
                                 log.error("Failed to log attribute updates", e);
                             }
@@ -234,7 +232,7 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
                         @Override
                         public void onFailure(Throwable t) {
                             try {
-                                logAttributesUpdated(user, entityId, scope, attributes, t);
+                                logAttributesUpdated(entityView.getTenantId(), user, entityId, scope, attributes, t);
                             } catch (ThingsboardException e) {
                                 log.error("Failed to log attribute updates", e);
                             }
@@ -293,7 +291,7 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
                 @Override
                 public void onSuccess(@Nullable Void tmp) {
                     try {
-                        logAttributesDeleted(user, entityId, scope, keys, null);
+                        logAttributesDeleted(entityView.getTenantId(), user, entityId, scope, keys, null);
                     } catch (ThingsboardException e) {
                         log.error("Failed to log attribute delete", e);
                     }
@@ -303,7 +301,7 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
                 @Override
                 public void onFailure(Throwable t) {
                     try {
-                        logAttributesDeleted(user, entityId, scope, keys, t);
+                        logAttributesDeleted(entityView.getTenantId(), user, entityId, scope, keys, t);
                     } catch (ThingsboardException e) {
                         log.error("Failed to log attribute delete", e);
                     }
@@ -324,7 +322,7 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
                 @Override
                 public void onSuccess(@Nullable Void tmp) {
                     try {
-                        logTimeseriesDeleted(user, entityId, keys, null);
+                        logTimeseriesDeleted(entityView.getTenantId(), user, entityId, keys, null);
                     } catch (ThingsboardException e) {
                         log.error("Failed to log timeseries delete", e);
                     }
@@ -334,7 +332,7 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
                 @Override
                 public void onFailure(Throwable t) {
                     try {
-                        logTimeseriesDeleted(user, entityId, keys, t);
+                        logTimeseriesDeleted(entityView.getTenantId(),user, entityId, keys, t);
                     } catch (ThingsboardException e) {
                         log.error("Failed to log timeseries delete", e);
                     }
@@ -346,7 +344,7 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
                 @Override
                 public void onSuccess(@Nullable Collection<String> keys) {
                     try {
-                        logTimeseriesDeleted(user, entityId, new ArrayList<>(keys), null);
+                        logTimeseriesDeleted(entityView.getTenantId(), user, entityId, new ArrayList<>(keys), null);
                     } catch (ThingsboardException e) {
                         log.error("Failed to log timeseries delete", e);
                     }
@@ -356,7 +354,7 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
                 @Override
                 public void onFailure(Throwable t) {
                     try {
-                        logTimeseriesDeleted(user, entityId, Collections.emptyList(), t);
+                        logTimeseriesDeleted(entityView.getTenantId(), user, entityId, Collections.emptyList(), t);
                     } catch (ThingsboardException e) {
                         log.error("Failed to log timeseries delete", e);
                     }
@@ -367,16 +365,16 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
         return resultFuture;
     }
 
-    private void logAttributesUpdated(SecurityUser user, EntityId entityId, String scope, List<AttributeKvEntry> attributes, Throwable e) throws ThingsboardException {
-        notificationEntityService.notifyEntity(user.getTenantId(), entityId, null, null, ActionType.ATTRIBUTES_UPDATED, user, toException(e), scope, attributes);
+    private void logAttributesUpdated(TenantId tenantId, SecurityUser user, EntityId entityId, String scope, List<AttributeKvEntry> attributes, Throwable e) throws ThingsboardException {
+        notificationEntityService.notifyEntity(tenantId, entityId, null, null, ActionType.ATTRIBUTES_UPDATED, user, toException(e), scope, attributes);
     }
 
-    private void logAttributesDeleted(SecurityUser user, EntityId entityId, String scope, List<String> keys, Throwable e) throws ThingsboardException {
-        notificationEntityService.notifyEntity(user.getTenantId(), entityId, null, null, ActionType.ATTRIBUTES_DELETED, user, toException(e), scope, keys);
+    private void logAttributesDeleted(TenantId tenantId, SecurityUser user, EntityId entityId, String scope, List<String> keys, Throwable e) throws ThingsboardException {
+        notificationEntityService.notifyEntity(tenantId, entityId, null, null, ActionType.ATTRIBUTES_DELETED, user, toException(e), scope, keys);
     }
 
-    private void logTimeseriesDeleted(SecurityUser user, EntityId entityId, List<String> keys, Throwable e) throws ThingsboardException {
-        notificationEntityService.notifyEntity(user.getTenantId(), entityId, null, null, ActionType.TIMESERIES_DELETED, user, toException(e), keys);
+    private void logTimeseriesDeleted(TenantId tenantId, SecurityUser user, EntityId entityId, List<String> keys, Throwable e) throws ThingsboardException {
+        notificationEntityService.notifyEntity(tenantId, entityId, null, null, ActionType.TIMESERIES_DELETED, user, toException(e), keys);
     }
 
     public static Exception toException(Throwable error) {
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/TbEntityViewService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/TbEntityViewService.java
index 6240d12499..88dd7955c8 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/TbEntityViewService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/TbEntityViewService.java
@@ -25,7 +25,7 @@ import org.thingsboard.server.service.security.model.SecurityUser;
 
 public interface TbEntityViewService {
 
-    EntityView save(EntityView entityView, EntityView existingEntityView, EntityView savedEntityView, SecurityUser user) throws ThingsboardException;
+    EntityView save(EntityView entityView, EntityView existingEntityView, SecurityUser user) throws ThingsboardException;
 
     void  delete (EntityView entity, SecurityUser user) throws ThingsboardException;
 

From d3a5597b51e7870f556945d1b4a853a0d89c1f72 Mon Sep 17 00:00:00 2001
From: nickAS21 <nick@thingsboard.io>
Date: Fri, 20 May 2022 17:35:47 +0300
Subject: [PATCH 56/92] refactoring: EntityViewController fix bug test
 entityView ->Id

---
 .../DefaultTbEntityViewService.java           | 20 +++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java
index 97bbb07a43..b57ba0b080 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java
@@ -126,13 +126,14 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
     public EntityView assignEntityViewToCustomer(TenantId tenantId, EntityView savedEntityView, Customer customer, SecurityUser user) throws ThingsboardException {
         ActionType actionType = ActionType.ASSIGNED_TO_CUSTOMER;
         CustomerId customerId = customer.getId();
+        EntityViewId entityViewId = savedEntityView.getId();
         try {
-            notificationEntityService.notifyAssignOrUnassignEntityToCustomer(tenantId, savedEntityView.getEntityId(), customerId, savedEntityView,
+            notificationEntityService.notifyAssignOrUnassignEntityToCustomer(tenantId, entityViewId, customerId, savedEntityView,
                     actionType, EdgeEventActionType.ASSIGNED_TO_CUSTOMER, user, true, customerId.toString(), customer.getName());
             return savedEntityView;
         } catch (Exception e) {
             notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.ENTITY_VIEW), null, null,
-                    actionType, user, e, savedEntityView.getEntityId().toString(), customerId.toString());
+                    actionType, user, e, entityViewId.toString(), customerId.toString());
             throw handleException(e);
         }
     }
@@ -141,14 +142,15 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
     public EntityView assignEntityViewToPublicCustomer(TenantId tenantId, CustomerId customerId, Customer publicCustomer,
                                                        EntityView savedEntityView, SecurityUser user) throws ThingsboardException {
         ActionType actionType = ActionType.ASSIGNED_TO_CUSTOMER;
+        EntityViewId entityViewId = savedEntityView.getId();
         try {
-            notificationEntityService.notifyAssignOrUnassignEntityToCustomer(tenantId, savedEntityView.getEntityId(), customerId, savedEntityView,
+            notificationEntityService.notifyAssignOrUnassignEntityToCustomer(tenantId, entityViewId, customerId, savedEntityView,
                     actionType, null, user, false, savedEntityView.getEntityId().toString(),
                     publicCustomer.getId().toString(), publicCustomer.getName());
             return savedEntityView;
         } catch (Exception e) {
             notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.ENTITY_VIEW), null, null,
-                    actionType, user, e, savedEntityView.getEntityId().toString());
+                    actionType, user, e, entityViewId.toString());
             throw handleException(e);
         }
     }
@@ -157,14 +159,15 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
     public EntityView assignEntityViewToEdge(TenantId tenantId, CustomerId customerId, EntityView savedEntityView, Edge edge, SecurityUser user) throws ThingsboardException {
         ActionType actionType = ActionType.ASSIGNED_TO_EDGE;
         EdgeId edgeId = edge.getId();
+        EntityViewId entityViewId = savedEntityView.getId();
         try {
-            notificationEntityService.notifyAssignOrUnassignEntityToEdge(tenantId, savedEntityView.getEntityId(), customerId,
+            notificationEntityService.notifyAssignOrUnassignEntityToEdge(tenantId, entityViewId, customerId,
                     edgeId, savedEntityView, actionType, EdgeEventActionType.ASSIGNED_TO_EDGE, user, savedEntityView.getEntityId().toString(),
                     edgeId.toString(), edge.getName());
             return savedEntityView;
         } catch (Exception e) {
             notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.DEVICE), null, null,
-                    actionType, user, e, savedEntityView.getEntityId().toString(), edgeId.toString());
+                    actionType, user, e, entityViewId.toString(), edgeId.toString());
             throw handleException(e);
         }
     }
@@ -190,13 +193,14 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
     @Override
     public EntityView unassignEntityViewFromCustomer(TenantId tenantId, EntityView savedEntityView, Customer customer, SecurityUser user) throws ThingsboardException {
         ActionType actionType = ActionType.UNASSIGNED_FROM_CUSTOMER;
+        EntityViewId entityViewId = savedEntityView.getId();
         try {
-            notificationEntityService.notifyAssignOrUnassignEntityToCustomer(tenantId, savedEntityView.getEntityId(), customer.getId(), savedEntityView,
+            notificationEntityService.notifyAssignOrUnassignEntityToCustomer(tenantId, entityViewId, customer.getId(), savedEntityView,
                     actionType, EdgeEventActionType.UNASSIGNED_FROM_CUSTOMER, user, true, customer.getId().toString(), customer.getName());
             return savedEntityView;
         } catch (Exception e) {
             notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.ENTITY_VIEW), null, null,
-                    actionType, user, e, savedEntityView.getEntityId().toString());
+                    actionType, user, e, entityViewId.toString());
             throw handleException(e);
         }
     }

From d58eb37cb87dea6b79f367a1fc5f2a151b452ece Mon Sep 17 00:00:00 2001
From: nickAS21 <nick@thingsboard.io>
Date: Sat, 21 May 2022 09:13:20 +0300
Subject: [PATCH 57/92] refactoring: EntityViewController comments4 -
 saveEntityView from controller

---
 .../controller/EntityViewController.java      | 21 ++++++++-----------
 .../DefaultTbEntityViewService.java           | 21 ++++++++++---------
 .../entityView/TbEntityViewService.java       | 11 +++++-----
 3 files changed, 26 insertions(+), 27 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/EntityViewController.java b/application/src/main/java/org/thingsboard/server/controller/EntityViewController.java
index 163ba2fd69..a7089969c3 100644
--- a/application/src/main/java/org/thingsboard/server/controller/EntityViewController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/EntityViewController.java
@@ -202,8 +202,7 @@ public class EntityViewController extends BaseController {
         EntityViewId entityViewId = new EntityViewId(toUUID(strEntityViewId));
         checkEntityViewId(entityViewId, Operation.ASSIGN_TO_CUSTOMER);
 
-        EntityView savedEntityView = checkNotNull(entityViewService.assignEntityViewToCustomer(getTenantId(), entityViewId, customerId));
-        return tbEntityViewService.assignEntityViewToCustomer(getTenantId(), savedEntityView, customer, getCurrentUser());
+        return tbEntityViewService.assignEntityViewToCustomer(getTenantId(), entityViewId, customer, getCurrentUser());
     }
 
     @ApiOperation(value = "Unassign Entity View from customer (unassignEntityViewFromCustomer)",
@@ -222,8 +221,8 @@ public class EntityViewController extends BaseController {
         }
 
         Customer customer = checkCustomerId(entityView.getCustomerId(), Operation.READ);
-        EntityView savedEntityView = checkNotNull(entityViewService.unassignEntityViewFromCustomer(getTenantId(), entityView.getId()));
-        return tbEntityViewService.unassignEntityViewFromCustomer(getTenantId(), savedEntityView, customer, getCurrentUser());
+
+        return tbEntityViewService.unassignEntityViewFromCustomer(getTenantId(), entityViewId, customer, getCurrentUser());
     }
 
     @ApiOperation(value = "Get Customer Entity Views (getCustomerEntityViews)",
@@ -425,11 +424,11 @@ public class EntityViewController extends BaseController {
         checkParameter(ENTITY_VIEW_ID, strEntityViewId);
         EntityViewId entityViewId = new EntityViewId(toUUID(strEntityViewId));
         checkEntityViewId(entityViewId, Operation.ASSIGN_TO_CUSTOMER);
+
         Customer publicCustomer = customerService.findOrCreatePublicCustomer(getTenantId());
-        EntityView savedEntityView = checkNotNull(entityViewService.assignEntityViewToCustomer(getTenantId(),
-                entityViewId, publicCustomer.getId()));
+
         return tbEntityViewService.assignEntityViewToPublicCustomer(getTenantId(), getCurrentUser().getCustomerId(),
-                publicCustomer, savedEntityView, getCurrentUser());
+                publicCustomer, entityViewId, getCurrentUser());
     }
 
     @ApiOperation(value = "Assign entity view to edge (assignEntityViewToEdge)",
@@ -452,8 +451,8 @@ public class EntityViewController extends BaseController {
 
         EntityViewId entityViewId = new EntityViewId(toUUID(strEntityViewId));
         checkEntityViewId(entityViewId, Operation.READ);
-        EntityView savedEntityView = checkNotNull(entityViewService.assignEntityViewToEdge(getTenantId(), entityViewId, edgeId));
-        return tbEntityViewService.assignEntityViewToEdge(getTenantId(), getCurrentUser().getCustomerId(), savedEntityView, edge, getCurrentUser());
+
+        return tbEntityViewService.assignEntityViewToEdge(getTenantId(), getCurrentUser().getCustomerId(), entityViewId, edge, getCurrentUser());
     }
 
     @ApiOperation(value = "Unassign entity view from edge (unassignEntityViewFromEdge)",
@@ -477,9 +476,7 @@ public class EntityViewController extends BaseController {
         EntityViewId entityViewId = new EntityViewId(toUUID(strEntityViewId));
         EntityView entityView = checkEntityViewId(entityViewId, Operation.READ);
 
-        EntityView savedEntityView = checkNotNull(entityViewService.unassignEntityViewFromEdge(getTenantId(), entityViewId, edgeId));
-
-        return tbEntityViewService.unassignEntityViewFromEdge(getTenantId(), entityView.getCustomerId(), entityView, savedEntityView, edge, getCurrentUser());
+        return tbEntityViewService.unassignEntityViewFromEdge(getTenantId(), entityView.getCustomerId(), entityView, edge, getCurrentUser());
     }
 
     @PreAuthorize("hasAnyAuthority('TENANT_ADMIN', 'CUSTOMER_USER')")
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java
index b57ba0b080..7816330825 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/DefaultTbEntityViewService.java
@@ -121,13 +121,12 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
         }
     }
 
-
     @Override
-    public EntityView assignEntityViewToCustomer(TenantId tenantId, EntityView savedEntityView, Customer customer, SecurityUser user) throws ThingsboardException {
+    public EntityView assignEntityViewToCustomer(TenantId tenantId, EntityViewId entityViewId, Customer customer, SecurityUser user) throws ThingsboardException {
         ActionType actionType = ActionType.ASSIGNED_TO_CUSTOMER;
         CustomerId customerId = customer.getId();
-        EntityViewId entityViewId = savedEntityView.getId();
         try {
+            EntityView savedEntityView = checkNotNull(entityViewService.assignEntityViewToCustomer(tenantId, entityViewId, customerId));
             notificationEntityService.notifyAssignOrUnassignEntityToCustomer(tenantId, entityViewId, customerId, savedEntityView,
                     actionType, EdgeEventActionType.ASSIGNED_TO_CUSTOMER, user, true, customerId.toString(), customer.getName());
             return savedEntityView;
@@ -140,10 +139,11 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
 
     @Override
     public EntityView assignEntityViewToPublicCustomer(TenantId tenantId, CustomerId customerId, Customer publicCustomer,
-                                                       EntityView savedEntityView, SecurityUser user) throws ThingsboardException {
+                                                       EntityViewId entityViewId, SecurityUser user) throws ThingsboardException {
         ActionType actionType = ActionType.ASSIGNED_TO_CUSTOMER;
-        EntityViewId entityViewId = savedEntityView.getId();
         try {
+            EntityView savedEntityView = checkNotNull(entityViewService.assignEntityViewToCustomer(tenantId,
+                    entityViewId, publicCustomer.getId()));
             notificationEntityService.notifyAssignOrUnassignEntityToCustomer(tenantId, entityViewId, customerId, savedEntityView,
                     actionType, null, user, false, savedEntityView.getEntityId().toString(),
                     publicCustomer.getId().toString(), publicCustomer.getName());
@@ -156,10 +156,10 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
     }
 
     @Override
-    public EntityView assignEntityViewToEdge(TenantId tenantId, CustomerId customerId, EntityView savedEntityView, Edge edge, SecurityUser user) throws ThingsboardException {
+    public EntityView assignEntityViewToEdge(TenantId tenantId, CustomerId customerId, EntityViewId entityViewId, Edge edge, SecurityUser user) throws ThingsboardException {
         ActionType actionType = ActionType.ASSIGNED_TO_EDGE;
         EdgeId edgeId = edge.getId();
-        EntityViewId entityViewId = savedEntityView.getId();
+        EntityView savedEntityView = checkNotNull(entityViewService.assignEntityViewToEdge(tenantId, entityViewId, edgeId));
         try {
             notificationEntityService.notifyAssignOrUnassignEntityToEdge(tenantId, entityViewId, customerId,
                     edgeId, savedEntityView, actionType, EdgeEventActionType.ASSIGNED_TO_EDGE, user, savedEntityView.getEntityId().toString(),
@@ -174,11 +174,12 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
 
     @Override
     public EntityView unassignEntityViewFromEdge(TenantId tenantId, CustomerId customerId, EntityView entityView,
-                                                 EntityView savedEntityView, Edge edge, SecurityUser user) throws ThingsboardException {
+                                                 Edge edge, SecurityUser user) throws ThingsboardException {
         ActionType actionType = ActionType.UNASSIGNED_FROM_EDGE;
         EntityViewId entityViewId = entityView.getId();
         EdgeId edgeId = edge.getId();
         try {
+            EntityView savedEntityView = checkNotNull(entityViewService.unassignEntityViewFromEdge(tenantId, entityViewId, edgeId));
             notificationEntityService.notifyAssignOrUnassignEntityToEdge(tenantId, entityViewId, customerId,
                     edgeId, entityView, actionType, EdgeEventActionType.UNASSIGNED_FROM_EDGE, user, entityViewId.toString(),
                     edgeId.toString(), edge.getName());
@@ -191,10 +192,10 @@ public class DefaultTbEntityViewService extends AbstractTbEntityService implemen
     }
 
     @Override
-    public EntityView unassignEntityViewFromCustomer(TenantId tenantId, EntityView savedEntityView, Customer customer, SecurityUser user) throws ThingsboardException {
+    public EntityView unassignEntityViewFromCustomer(TenantId tenantId, EntityViewId entityViewId, Customer customer, SecurityUser user) throws ThingsboardException {
         ActionType actionType = ActionType.UNASSIGNED_FROM_CUSTOMER;
-        EntityViewId entityViewId = savedEntityView.getId();
         try {
+            EntityView savedEntityView = checkNotNull(entityViewService.unassignEntityViewFromCustomer(tenantId, entityViewId));
             notificationEntityService.notifyAssignOrUnassignEntityToCustomer(tenantId, entityViewId, customer.getId(), savedEntityView,
                     actionType, EdgeEventActionType.UNASSIGNED_FROM_CUSTOMER, user, true, customer.getId().toString(), customer.getName());
             return savedEntityView;
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/TbEntityViewService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/TbEntityViewService.java
index 88dd7955c8..dd5db9391b 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/TbEntityViewService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/entityView/TbEntityViewService.java
@@ -20,6 +20,7 @@ import org.thingsboard.server.common.data.EntityView;
 import org.thingsboard.server.common.data.edge.Edge;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.CustomerId;
+import org.thingsboard.server.common.data.id.EntityViewId;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
@@ -29,18 +30,18 @@ public interface TbEntityViewService {
 
     void  delete (EntityView entity, SecurityUser user) throws ThingsboardException;
 
-    EntityView assignEntityViewToCustomer(TenantId tenantId, EntityView savedEntityView, Customer customer,
+    EntityView assignEntityViewToCustomer(TenantId tenantId, EntityViewId entityViewId, Customer customer,
                                           SecurityUser user) throws ThingsboardException;
 
     EntityView assignEntityViewToPublicCustomer(TenantId tenantId, CustomerId customerId, Customer publicCustomer,
-                                                EntityView savedEntityView, SecurityUser user) throws ThingsboardException;
+                                                EntityViewId entityViewId, SecurityUser user) throws ThingsboardException;
 
-    EntityView assignEntityViewToEdge(TenantId tenantId, CustomerId customerId, EntityView savedEntityView, Edge edge,
+    EntityView assignEntityViewToEdge(TenantId tenantId, CustomerId customerId, EntityViewId entityViewId, Edge edge,
                                       SecurityUser user) throws ThingsboardException;
 
     EntityView unassignEntityViewFromEdge(TenantId tenantId, CustomerId customerId, EntityView entityView,
-                                          EntityView savedEntityView, Edge edge, SecurityUser user) throws ThingsboardException;
+                                          Edge edge, SecurityUser user) throws ThingsboardException;
 
-    EntityView unassignEntityViewFromCustomer(TenantId tenantId, EntityView savedEntityView, Customer customer,
+    EntityView unassignEntityViewFromCustomer(TenantId tenantId, EntityViewId entityViewId, Customer customer,
                                               SecurityUser user) throws ThingsboardException;
 }

From f76902009b2bcb071e881600c0b1b194802f071f Mon Sep 17 00:00:00 2001
From: nickAS21 <nick@thingsboard.io>
Date: Sun, 22 May 2022 18:57:58 +0300
Subject: [PATCH 58/92] refactoring: EntityViewController removed duplicate
 code

---
 .../server/service/entitiy/AbstractTbEntityService.java         | 2 --
 1 file changed, 2 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/AbstractTbEntityService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/AbstractTbEntityService.java
index 008db91a09..32a25d9c8c 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/AbstractTbEntityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/AbstractTbEntityService.java
@@ -119,8 +119,6 @@ public abstract class AbstractTbEntityService {
     @Autowired
     protected AttributesService attributesService;
     @Autowired
-    protected EntityViewService entityView;
-    @Autowired
     protected AccessControlService accessControlService;
 
     protected ListenableFuture<Void> removeAlarmsByEntityId(TenantId tenantId, EntityId entityId) {

From 0bb9d531cc7eb699435b0a821ad9ea1c19f17378 Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Mon, 23 May 2022 14:40:47 +0300
Subject: [PATCH 59/92] UI: Fixed permission on page security

---
 ui-ngx/src/app/core/auth/auth.service.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui-ngx/src/app/core/auth/auth.service.ts b/ui-ngx/src/app/core/auth/auth.service.ts
index 574bf05419..efec71142f 100644
--- a/ui-ngx/src/app/core/auth/auth.service.ts
+++ b/ui-ngx/src/app/core/auth/auth.service.ts
@@ -242,7 +242,7 @@ export class AuthService {
     if (authState && authState.authUser) {
       if (authState.authUser.authority === Authority.TENANT_ADMIN || authState.authUser.authority === Authority.CUSTOMER_USER) {
         if ((this.userHasDefaultDashboard(authState) && authState.forceFullscreen) || authState.authUser.isPublic) {
-          if (path === 'profile') {
+          if (path === 'profile' || path === 'security') {
             if (this.userHasProfile(authState.authUser)) {
               return false;
             } else {

From 8eb75f6e16aa8f1c1a2ccd8ddf062de5d0ea397c Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Mon, 23 May 2022 16:40:27 +0300
Subject: [PATCH 60/92] 2FA backup codes

---
 .../controller/TwoFaConfigController.java     | 10 ++-
 .../controller/TwoFactorAuthController.java   |  5 +-
 .../auth/mfa/DefaultTwoFactorAuthService.java |  2 +-
 .../mfa/config/DefaultTwoFaConfigManager.java | 13 ++--
 .../auth/mfa/provider/TwoFaProvider.java      |  2 +-
 .../impl/BackupCodeTwoFaProvider.java         | 73 +++++++++++++++++++
 .../provider/impl/OtpBasedTwoFaProvider.java  |  4 +-
 .../mfa/provider/impl/TotpTwoFaProvider.java  |  4 +-
 .../account/BackupCodeTwoFaAccountConfig.java | 57 +++++++++++++++
 .../model/mfa/account/TwoFaAccountConfig.java |  6 +-
 .../BackupCodeTwoFaProviderConfig.java        | 33 +++++++++
 .../mfa/provider/TwoFaProviderConfig.java     |  3 +-
 .../model/mfa/provider/TwoFaProviderType.java |  3 +-
 .../common/util/CollectionsUtil.java          |  5 ++
 14 files changed, 199 insertions(+), 21 deletions(-)
 create mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/BackupCodeTwoFaProvider.java
 create mode 100644 common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/BackupCodeTwoFaAccountConfig.java
 create mode 100644 common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/BackupCodeTwoFaProviderConfig.java

diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
index 87e54ec196..138b20b160 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
@@ -140,14 +140,18 @@ public class TwoFaConfigController extends BaseController {
     @PostMapping("/account/config")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
     public AccountTwoFaSettings verifyAndSaveTwoFaAccountConfig(@Valid @RequestBody TwoFaAccountConfig accountConfig,
-                                                                @ApiParam(value = "6-digit code from an authenticator app in case of TOTP 2FA, or the one sent via an SMS or email message in case of SMS or EMAIL 2FA", required = true)
-                                                                @RequestParam String verificationCode) throws Exception {
+                                                                @RequestParam(required = false) String verificationCode) throws Exception {
         SecurityUser user = getCurrentUser();
         if (twoFaConfigManager.getTwoFaAccountConfig(user.getTenantId(), user.getId(), accountConfig.getProviderType()).isPresent()) {
             throw new IllegalArgumentException("2FA provider is already configured");
         }
 
-        boolean verificationSuccess = twoFactorAuthService.checkVerificationCode(user, verificationCode, accountConfig, false);
+        boolean verificationSuccess;
+        if (accountConfig.getProviderType() != TwoFaProviderType.BACKUP_CODE) {
+            verificationSuccess = twoFactorAuthService.checkVerificationCode(user, verificationCode, accountConfig, false);
+        } else {
+            verificationSuccess = true;
+        }
         if (verificationSuccess) {
             return twoFaConfigManager.saveTwoFaAccountConfig(user.getTenantId(), user.getId(), accountConfig);
         } else {
diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
index 5eb1f6530d..003b4ab450 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@@ -16,7 +16,6 @@
 package org.thingsboard.server.controller;
 
 import io.swagger.annotations.ApiOperation;
-import io.swagger.annotations.ApiParam;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
@@ -34,11 +33,11 @@ import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.security.model.mfa.PlatformTwoFaSettings;
 import org.thingsboard.server.common.data.security.model.mfa.account.EmailTwoFaAccountConfig;
 import org.thingsboard.server.common.data.security.model.mfa.account.SmsTwoFaAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
 import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
 import org.thingsboard.server.service.security.auth.mfa.config.TwoFaConfigManager;
-import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
 import org.thingsboard.server.service.security.auth.rest.RestAuthenticationDetails;
 import org.thingsboard.server.service.security.model.JwtTokenPair;
 import org.thingsboard.server.service.security.model.SecurityUser;
@@ -46,7 +45,6 @@ import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
 import org.thingsboard.server.service.security.system.SystemSecurityService;
 
 import javax.servlet.http.HttpServletRequest;
-
 import java.util.Collections;
 import java.util.List;
 import java.util.Optional;
@@ -90,7 +88,6 @@ public class TwoFactorAuthController extends BaseController {
     @PostMapping("/verification/check")
     @PreAuthorize("hasAuthority('PRE_VERIFICATION_TOKEN')")
     public JwtTokenPair checkTwoFaVerificationCode(@RequestParam TwoFaProviderType providerType,
-                                                   @ApiParam(value = "6-digit verification code", required = true)
                                                    @RequestParam String verificationCode, HttpServletRequest servletRequest) throws Exception {
         SecurityUser user = getCurrentUser();
         boolean verificationSuccess = twoFactorAuthService.checkVerificationCode(user, providerType, verificationCode, true);
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
index d38483d0de..5929f04468 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
@@ -122,7 +122,7 @@ public class DefaultTwoFactorAuthService implements TwoFactorAuthService {
                 .orElseThrow(() -> PROVIDER_NOT_CONFIGURED_ERROR);
 
         boolean verificationSuccess;
-        if (StringUtils.isNumeric(verificationCode) && verificationCode.length() == 6) {
+        if (StringUtils.isNotBlank(verificationCode)) {
             verificationSuccess = getTwoFaProvider(accountConfig.getProviderType()).checkVerificationCode(user, verificationCode, providerConfig, accountConfig);
         } else {
             verificationSuccess = false;
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java
index e27d3967ad..bfe426d532 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java
@@ -30,7 +30,6 @@ import org.thingsboard.server.common.data.security.model.mfa.account.AccountTwoF
 import org.thingsboard.server.common.data.security.model.mfa.account.TwoFaAccountConfig;
 import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderConfig;
 import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
-import org.thingsboard.server.dao.attributes.AttributesService;
 import org.thingsboard.server.dao.service.ConstraintValidator;
 import org.thingsboard.server.dao.settings.AdminSettingsDao;
 import org.thingsboard.server.dao.settings.AdminSettingsService;
@@ -39,6 +38,7 @@ import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
 
 import java.util.Comparator;
 import java.util.LinkedHashMap;
+import java.util.Map;
 import java.util.Optional;
 
 @Service
@@ -74,7 +74,9 @@ public class DefaultTwoFaConfigManager implements TwoFaConfigManager {
                     return newUserAuthSettings;
                 });
         userAuthSettings.setTwoFaSettings(settings);
+        settings.getConfigs().values().forEach(accountConfig -> accountConfig.setSerializeHiddenFields(true));
         userAuthSettingsDao.save(tenantId, userAuthSettings);
+        settings.getConfigs().values().forEach(accountConfig -> accountConfig.setSerializeHiddenFields(false));
         return settings;
     }
 
@@ -96,12 +98,13 @@ public class DefaultTwoFaConfigManager implements TwoFaConfigManager {
             newSettings.setConfigs(new LinkedHashMap<>());
             return newSettings;
         });
+        Map<TwoFaProviderType, TwoFaAccountConfig> configs = settings.getConfigs();
         if (accountConfig.isUseByDefault()) {
-            settings.getConfigs().values().forEach(config -> config.setUseByDefault(false));
+            configs.values().forEach(config -> config.setUseByDefault(false));
         }
-        settings.getConfigs().put(accountConfig.getProviderType(), accountConfig);
-        if (settings.getConfigs().values().stream().noneMatch(TwoFaAccountConfig::isUseByDefault)) {
-            settings.getConfigs().values().stream().findFirst().ifPresent(config -> config.setUseByDefault(true));
+        configs.put(accountConfig.getProviderType(), accountConfig);
+        if (configs.values().stream().noneMatch(TwoFaAccountConfig::isUseByDefault)) {
+            configs.values().stream().findFirst().ifPresent(config -> config.setUseByDefault(true));
         }
         return saveAccountTwoFaSettings(tenantId, userId, settings);
     }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFaProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFaProvider.java
index 19cc106657..2522d3e41b 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFaProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/TwoFaProvider.java
@@ -29,7 +29,7 @@ public interface TwoFaProvider<C extends TwoFaProviderConfig, A extends TwoFaAcc
 
     default void prepareVerificationCode(SecurityUser user, C providerConfig, A accountConfig) throws ThingsboardException {}
 
-    boolean checkVerificationCode(SecurityUser user, String verificationCode, C providerConfig, A accountConfig);
+    boolean checkVerificationCode(SecurityUser user, String code, C providerConfig, A accountConfig);
 
     default void check(TenantId tenantId) throws ThingsboardException {};
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/BackupCodeTwoFaProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/BackupCodeTwoFaProvider.java
new file mode 100644
index 0000000000..bafc1da9f4
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/BackupCodeTwoFaProvider.java
@@ -0,0 +1,73 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.mfa.provider.impl;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.stereotype.Service;
+import org.thingsboard.common.util.CollectionsUtil;
+import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.common.data.security.model.mfa.account.BackupCodeTwoFaAccountConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.BackupCodeTwoFaProviderConfig;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
+import org.thingsboard.server.queue.util.TbCoreComponent;
+import org.thingsboard.server.service.security.auth.mfa.config.TwoFaConfigManager;
+import org.thingsboard.server.service.security.auth.mfa.provider.TwoFaProvider;
+import org.thingsboard.server.service.security.model.SecurityUser;
+
+import java.util.Set;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+@Service
+@TbCoreComponent
+public class BackupCodeTwoFaProvider implements TwoFaProvider<BackupCodeTwoFaProviderConfig, BackupCodeTwoFaAccountConfig> {
+
+    @Autowired @Lazy
+    private TwoFaConfigManager twoFaConfigManager;
+
+    @Override
+    public BackupCodeTwoFaAccountConfig generateNewAccountConfig(User user, BackupCodeTwoFaProviderConfig providerConfig) {
+        BackupCodeTwoFaAccountConfig config = new BackupCodeTwoFaAccountConfig();
+        config.setCodes(generateCodes(providerConfig.getCodesQuantity(), 8));
+        config.setSerializeHiddenFields(true);
+        return config;
+    }
+
+    private static Set<String> generateCodes(int count, int length) {
+        return Stream.generate(() -> RandomStringUtils.random(length, "0123456789abcdef"))
+                .distinct().limit(count)
+                .collect(Collectors.toSet());
+    }
+
+    @Override
+    public boolean checkVerificationCode(SecurityUser user, String code, BackupCodeTwoFaProviderConfig providerConfig, BackupCodeTwoFaAccountConfig accountConfig) {
+        if (CollectionsUtil.contains(accountConfig.getCodes(), code)) {
+            accountConfig.getCodes().remove(code);
+            twoFaConfigManager.saveTwoFaAccountConfig(user.getTenantId(), user.getId(), accountConfig);
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    @Override
+    public TwoFaProviderType getType() {
+        return TwoFaProviderType.BACKUP_CODE;
+    }
+
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFaProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFaProvider.java
index f270316d2d..d8df97afa7 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFaProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/OtpBasedTwoFaProvider.java
@@ -48,7 +48,7 @@ public abstract class OtpBasedTwoFaProvider<C extends OtpBasedTwoFaProviderConfi
 
 
     @Override
-    public final boolean checkVerificationCode(SecurityUser user, String verificationCode, C providerConfig, A accountConfig) {
+    public final boolean checkVerificationCode(SecurityUser user, String code, C providerConfig, A accountConfig) {
         Otp correctVerificationCode = verificationCodesCache.get(user.getId(), Otp.class);
         if (correctVerificationCode != null) {
             if (System.currentTimeMillis() - correctVerificationCode.getTimestamp()
@@ -56,7 +56,7 @@ public abstract class OtpBasedTwoFaProvider<C extends OtpBasedTwoFaProviderConfi
                 verificationCodesCache.evict(user.getId());
                 return false;
             }
-            if (verificationCode.equals(correctVerificationCode.getValue())
+            if (code.equals(correctVerificationCode.getValue())
                     && accountConfig.equals(correctVerificationCode.getAccountConfig())) {
                 verificationCodesCache.evict(user.getId());
                 return true;
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFaProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFaProvider.java
index 289ddb7c9d..f634185f7a 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFaProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/TotpTwoFaProvider.java
@@ -45,9 +45,9 @@ public class TotpTwoFaProvider implements TwoFaProvider<TotpTwoFaProviderConfig,
     }
 
     @Override
-    public final boolean checkVerificationCode(SecurityUser user, String verificationCode, TotpTwoFaProviderConfig providerConfig, TotpTwoFaAccountConfig accountConfig) {
+    public final boolean checkVerificationCode(SecurityUser user, String code, TotpTwoFaProviderConfig providerConfig, TotpTwoFaAccountConfig accountConfig) {
         String secretKey = UriComponentsBuilder.fromUriString(accountConfig.getAuthUrl()).build().getQueryParams().getFirst("secret");
-        return new Totp(secretKey).verify(verificationCode);
+        return new Totp(secretKey).verify(code);
     }
 
     @SneakyThrows
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/BackupCodeTwoFaAccountConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/BackupCodeTwoFaAccountConfig.java
new file mode 100644
index 0000000000..f6b72f5760
--- /dev/null
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/BackupCodeTwoFaAccountConfig.java
@@ -0,0 +1,57 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.common.data.security.model.mfa.account;
+
+import com.fasterxml.jackson.annotation.JsonGetter;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
+
+import javax.validation.constraints.NotEmpty;
+import java.util.Set;
+
+@Data
+@EqualsAndHashCode(callSuper = true)
+public class BackupCodeTwoFaAccountConfig extends TwoFaAccountConfig {
+
+    @NotEmpty
+    private Set<String> codes;
+
+    @Override
+    public TwoFaProviderType getProviderType() {
+        return TwoFaProviderType.BACKUP_CODE;
+    }
+
+
+    @JsonGetter("codes")
+    private Set<String> getCodesForJson() {
+        if (serializeHiddenFields) {
+            return codes;
+        } else {
+            return null;
+        }
+    }
+
+    @JsonGetter
+    private Integer getCodesLeft() {
+        if (codes != null) {
+            return codes.size();
+        } else {
+            return null;
+        }
+    }
+
+}
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TwoFaAccountConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TwoFaAccountConfig.java
index 6bf2ee8fd3..706ce776d8 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TwoFaAccountConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/account/TwoFaAccountConfig.java
@@ -30,13 +30,17 @@ import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProvi
 @JsonSubTypes({
         @Type(name = "TOTP", value = TotpTwoFaAccountConfig.class),
         @Type(name = "SMS", value = SmsTwoFaAccountConfig.class),
-        @Type(name = "EMAIL", value = EmailTwoFaAccountConfig.class)
+        @Type(name = "EMAIL", value = EmailTwoFaAccountConfig.class),
+        @Type(name = "BACKUP_CODE", value = BackupCodeTwoFaAccountConfig.class)
 })
 @Data
 public abstract class TwoFaAccountConfig {
 
     private boolean useByDefault;
 
+    @JsonIgnore
+    protected transient boolean serializeHiddenFields;
+
     @JsonIgnore
     public abstract TwoFaProviderType getProviderType();
 
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/BackupCodeTwoFaProviderConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/BackupCodeTwoFaProviderConfig.java
new file mode 100644
index 0000000000..9dc2a00b23
--- /dev/null
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/BackupCodeTwoFaProviderConfig.java
@@ -0,0 +1,33 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.common.data.security.model.mfa.provider;
+
+import lombok.Data;
+
+import javax.validation.constraints.Min;
+
+@Data
+public class BackupCodeTwoFaProviderConfig implements TwoFaProviderConfig {
+
+    @Min(0)
+    private int codesQuantity;
+
+    @Override
+    public TwoFaProviderType getProviderType() {
+        return TwoFaProviderType.BACKUP_CODE;
+    }
+
+}
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFaProviderConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFaProviderConfig.java
index 65d9242900..5a87d58467 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFaProviderConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFaProviderConfig.java
@@ -28,7 +28,8 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
 @JsonSubTypes({
         @Type(name = "TOTP", value = TotpTwoFaProviderConfig.class),
         @Type(name = "SMS", value = SmsTwoFaProviderConfig.class),
-        @Type(name = "EMAIL", value = EmailTwoFaProviderConfig.class)
+        @Type(name = "EMAIL", value = EmailTwoFaProviderConfig.class),
+        @Type(name = "BACKUP_CODE", value = BackupCodeTwoFaProviderConfig.class)
 })
 public interface TwoFaProviderConfig {
 
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFaProviderType.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFaProviderType.java
index dd36f24394..a2373319a2 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFaProviderType.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/TwoFaProviderType.java
@@ -18,5 +18,6 @@ package org.thingsboard.server.common.data.security.model.mfa.provider;
 public enum TwoFaProviderType {
     TOTP,
     SMS,
-    EMAIL
+    EMAIL,
+    BACKUP_CODE
 }
diff --git a/common/util/src/main/java/org/thingsboard/common/util/CollectionsUtil.java b/common/util/src/main/java/org/thingsboard/common/util/CollectionsUtil.java
index c995aa1e11..7e39f9a273 100644
--- a/common/util/src/main/java/org/thingsboard/common/util/CollectionsUtil.java
+++ b/common/util/src/main/java/org/thingsboard/common/util/CollectionsUtil.java
@@ -34,4 +34,9 @@ public class CollectionsUtil {
     public static <T> Set<T> diffSets(Set<T> a, Set<T> b) {
         return b.stream().filter(p -> !a.contains(p)).collect(Collectors.toSet());
     }
+
+    public static <T> boolean contains(Collection<T> collection, T element) {
+        return isNotEmpty(collection) && collection.contains(element);
+    }
+
 }

From 724f7c87084c7c88bd14af6b960cb5b0214e5bf0 Mon Sep 17 00:00:00 2001
From: nickAS21 <nick@thingsboard.io>
Date: Tue, 24 May 2022 13:52:38 +0300
Subject: [PATCH 61/92] refactoring: DeviceProfileController,
 EntityRelationController

---
 .../controller/DeviceProfileController.java   | 101 +++-------------
 .../controller/EntityRelationController.java  |  53 +++------
 .../entitiy/AbstractTbEntityService.java      |  12 ++
 .../DefaultTbNotificationEntityService.java   |  15 +++
 .../entitiy/TbNotificationEntityService.java  |   8 +-
 .../DefaultTbDeviceProfileService.java        | 110 ++++++++++++++++++
 .../deviceProfile/TbDeviceProfileService.java |  26 +++++
 .../DefaultTbEntityRelationService.java       |  64 ++++++++++
 .../TbEntityRelationService.java              |  28 +++++
 9 files changed, 290 insertions(+), 127 deletions(-)
 create mode 100644 application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/DefaultTbDeviceProfileService.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/TbDeviceProfileService.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/DefaultTbEntityRelationService.java
 create mode 100644 application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/TbEntityRelationService.java

diff --git a/application/src/main/java/org/thingsboard/server/controller/DeviceProfileController.java b/application/src/main/java/org/thingsboard/server/controller/DeviceProfileController.java
index 25a35e77fa..6dabe62aa2 100644
--- a/application/src/main/java/org/thingsboard/server/controller/DeviceProfileController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/DeviceProfileController.java
@@ -17,6 +17,7 @@ package org.thingsboard.server.controller;
 
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
+import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -32,21 +33,17 @@ import org.springframework.web.bind.annotation.ResponseStatus;
 import org.springframework.web.bind.annotation.RestController;
 import org.thingsboard.server.common.data.DeviceProfile;
 import org.thingsboard.server.common.data.DeviceProfileInfo;
-import org.thingsboard.server.common.data.EntityType;
-import org.thingsboard.server.common.data.audit.ActionType;
-import org.thingsboard.server.common.data.edge.EdgeEventActionType;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.DeviceProfileId;
 import org.thingsboard.server.common.data.page.PageData;
 import org.thingsboard.server.common.data.page.PageLink;
-import org.thingsboard.server.common.data.plugin.ComponentLifecycleEvent;
 import org.thingsboard.server.dao.timeseries.TimeseriesService;
 import org.thingsboard.server.queue.util.TbCoreComponent;
+import org.thingsboard.server.service.entitiy.deviceProfile.TbDeviceProfileService;
 import org.thingsboard.server.service.security.permission.Operation;
 import org.thingsboard.server.service.security.permission.Resource;
 
 import java.util.List;
-import java.util.Objects;
 import java.util.UUID;
 
 import static org.thingsboard.server.controller.ControllerConstants.DEVICE_PROFILE_DATA;
@@ -70,9 +67,11 @@ import static org.thingsboard.server.controller.ControllerConstants.UUID_WIKI_LI
 @RestController
 @TbCoreComponent
 @RequestMapping("/api")
+@RequiredArgsConstructor
 @Slf4j
 public class DeviceProfileController extends BaseController {
 
+    private  final TbDeviceProfileService tbDeviceProfileService;
 
     @Autowired
     private TimeseriesService timeseriesService;
@@ -201,44 +200,11 @@ public class DeviceProfileController extends BaseController {
     public DeviceProfile saveDeviceProfile(
             @ApiParam(value = "A JSON value representing the device profile.")
             @RequestBody DeviceProfile deviceProfile) throws ThingsboardException {
-        try {
-            boolean created = deviceProfile.getId() == null;
-            deviceProfile.setTenantId(getTenantId());
-
-            checkEntity(deviceProfile.getId(), deviceProfile, Resource.DEVICE_PROFILE);
-
-            boolean isFirmwareChanged = false;
-            boolean isSoftwareChanged = false;
-
-            if (!created) {
-                DeviceProfile oldDeviceProfile = deviceProfileService.findDeviceProfileById(getTenantId(), deviceProfile.getId());
-                if (!Objects.equals(deviceProfile.getFirmwareId(), oldDeviceProfile.getFirmwareId())) {
-                    isFirmwareChanged = true;
-                }
-                if (!Objects.equals(deviceProfile.getSoftwareId(), oldDeviceProfile.getSoftwareId())) {
-                    isSoftwareChanged = true;
-                }
-            }
-            DeviceProfile savedDeviceProfile = checkNotNull(deviceProfileService.saveDeviceProfile(deviceProfile));
+        deviceProfile.setTenantId(getTenantId());
 
-            tbClusterService.onDeviceProfileChange(savedDeviceProfile, null);
-            tbClusterService.broadcastEntityStateChangeEvent(deviceProfile.getTenantId(), savedDeviceProfile.getId(),
-                    created ? ComponentLifecycleEvent.CREATED : ComponentLifecycleEvent.UPDATED);
+        checkEntity(deviceProfile.getId(), deviceProfile, Resource.DEVICE_PROFILE);
 
-            logEntityAction(savedDeviceProfile.getId(), savedDeviceProfile,
-                    null,
-                    created ? ActionType.ADDED : ActionType.UPDATED, null);
-
-            otaPackageStateService.update(savedDeviceProfile, isFirmwareChanged, isSoftwareChanged);
-
-            sendEntityNotificationMsg(getTenantId(), savedDeviceProfile.getId(),
-                    deviceProfile.getId() == null ? EdgeEventActionType.ADDED : EdgeEventActionType.UPDATED);
-            return savedDeviceProfile;
-        } catch (Exception e) {
-            logEntityAction(emptyId(EntityType.DEVICE_PROFILE), deviceProfile,
-                    null, deviceProfile.getId() == null ? ActionType.ADDED : ActionType.UPDATED, e);
-            throw handleException(e);
-        }
+        return tbDeviceProfileService.save(deviceProfile, getCurrentUser());
     }
 
     @ApiOperation(value = "Delete device profile (deleteDeviceProfile)",
@@ -252,27 +218,10 @@ public class DeviceProfileController extends BaseController {
             @ApiParam(value = DEVICE_PROFILE_ID_PARAM_DESCRIPTION)
             @PathVariable(DEVICE_PROFILE_ID) String strDeviceProfileId) throws ThingsboardException {
         checkParameter(DEVICE_PROFILE_ID, strDeviceProfileId);
-        try {
-            DeviceProfileId deviceProfileId = new DeviceProfileId(toUUID(strDeviceProfileId));
-            DeviceProfile deviceProfile = checkDeviceProfileId(deviceProfileId, Operation.DELETE);
-            deviceProfileService.deleteDeviceProfile(getTenantId(), deviceProfileId);
-
-            tbClusterService.onDeviceProfileDelete(deviceProfile, null);
-            tbClusterService.broadcastEntityStateChangeEvent(deviceProfile.getTenantId(), deviceProfile.getId(), ComponentLifecycleEvent.DELETED);
-
-            logEntityAction(deviceProfileId, deviceProfile,
-                    null,
-                    ActionType.DELETED, null, strDeviceProfileId);
-
-            sendEntityNotificationMsg(getTenantId(), deviceProfile.getId(), EdgeEventActionType.DELETED);
-        } catch (Exception e) {
-            logEntityAction(emptyId(EntityType.DEVICE_PROFILE),
-                    null,
-                    null,
-                    ActionType.DELETED, e, strDeviceProfileId);
-            throw handleException(e);
-        }
-    }
+        DeviceProfileId deviceProfileId = new DeviceProfileId(toUUID(strDeviceProfileId));
+        DeviceProfile deviceProfile = checkDeviceProfileId(deviceProfileId, Operation.DELETE);
+        tbDeviceProfileService.delete(deviceProfile, getCurrentUser());
+     }
 
     @ApiOperation(value = "Make Device Profile Default (setDefaultDeviceProfile)",
             notes = "Marks device profile as default within a tenant scope." + TENANT_AUTHORITY_PARAGRAPH,
@@ -284,30 +233,10 @@ public class DeviceProfileController extends BaseController {
             @ApiParam(value = DEVICE_PROFILE_ID_PARAM_DESCRIPTION)
             @PathVariable(DEVICE_PROFILE_ID) String strDeviceProfileId) throws ThingsboardException {
         checkParameter(DEVICE_PROFILE_ID, strDeviceProfileId);
-        try {
-            DeviceProfileId deviceProfileId = new DeviceProfileId(toUUID(strDeviceProfileId));
-            DeviceProfile deviceProfile = checkDeviceProfileId(deviceProfileId, Operation.WRITE);
-            DeviceProfile previousDefaultDeviceProfile = deviceProfileService.findDefaultDeviceProfile(getTenantId());
-            if (deviceProfileService.setDefaultDeviceProfile(getTenantId(), deviceProfileId)) {
-                if (previousDefaultDeviceProfile != null) {
-                    previousDefaultDeviceProfile = deviceProfileService.findDeviceProfileById(getTenantId(), previousDefaultDeviceProfile.getId());
-
-                    logEntityAction(previousDefaultDeviceProfile.getId(), previousDefaultDeviceProfile,
-                            null, ActionType.UPDATED, null);
-                }
-                deviceProfile = deviceProfileService.findDeviceProfileById(getTenantId(), deviceProfileId);
-
-                logEntityAction(deviceProfile.getId(), deviceProfile,
-                        null, ActionType.UPDATED, null);
-            }
-            return deviceProfile;
-        } catch (Exception e) {
-            logEntityAction(emptyId(EntityType.DEVICE_PROFILE),
-                    null,
-                    null,
-                    ActionType.UPDATED, e, strDeviceProfileId);
-            throw handleException(e);
-        }
+        DeviceProfileId deviceProfileId = new DeviceProfileId(toUUID(strDeviceProfileId));
+        DeviceProfile deviceProfile = checkDeviceProfileId(deviceProfileId, Operation.WRITE);
+        DeviceProfile previousDefaultDeviceProfile = deviceProfileService.findDefaultDeviceProfile(getTenantId());
+        return tbDeviceProfileService.setDefaultDeviceProfile(deviceProfile, previousDefaultDeviceProfile, getCurrentUser());
     }
 
     @ApiOperation(value = "Get Device Profiles (getDeviceProfiles)",
diff --git a/application/src/main/java/org/thingsboard/server/controller/EntityRelationController.java b/application/src/main/java/org/thingsboard/server/controller/EntityRelationController.java
index f678335622..b1b39ef5bd 100644
--- a/application/src/main/java/org/thingsboard/server/controller/EntityRelationController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/EntityRelationController.java
@@ -17,6 +17,7 @@ package org.thingsboard.server.controller;
 
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
+import lombok.RequiredArgsConstructor;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.security.access.prepost.PreAuthorize;
@@ -28,8 +29,6 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.ResponseStatus;
 import org.springframework.web.bind.annotation.RestController;
 import org.thingsboard.server.common.data.audit.ActionType;
-import org.thingsboard.server.common.data.edge.EdgeEventActionType;
-import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.EntityId;
 import org.thingsboard.server.common.data.id.EntityIdFactory;
@@ -38,6 +37,7 @@ import org.thingsboard.server.common.data.relation.EntityRelationInfo;
 import org.thingsboard.server.common.data.relation.EntityRelationsQuery;
 import org.thingsboard.server.common.data.relation.RelationTypeGroup;
 import org.thingsboard.server.queue.util.TbCoreComponent;
+import org.thingsboard.server.service.entitiy.entityRelation.TbEntityRelationService;
 import org.thingsboard.server.service.security.permission.Operation;
 
 import java.util.List;
@@ -52,8 +52,11 @@ import static org.thingsboard.server.controller.ControllerConstants.RELATION_TYP
 @RestController
 @TbCoreComponent
 @RequestMapping("/api")
+@RequiredArgsConstructor
 public class EntityRelationController extends BaseController {
 
+    private  final TbEntityRelationService tbEntityRelationService;
+
     public static final String TO_TYPE = "toType";
     public static final String FROM_ID = "fromId";
     public static final String FROM_TYPE = "fromType";
@@ -77,28 +80,14 @@ public class EntityRelationController extends BaseController {
     @ResponseStatus(value = HttpStatus.OK)
     public void saveRelation(@ApiParam(value = "A JSON value representing the relation.", required = true)
                              @RequestBody EntityRelation relation) throws ThingsboardException {
-        try {
-            checkNotNull(relation);
-            checkEntityId(relation.getFrom(), Operation.WRITE);
-            checkEntityId(relation.getTo(), Operation.WRITE);
-            if (relation.getTypeGroup() == null) {
-                relation.setTypeGroup(RelationTypeGroup.COMMON);
-            }
-            relationService.saveRelation(getTenantId(), relation);
-
-            logEntityAction(relation.getFrom(), null, getCurrentUser().getCustomerId(),
-                    ActionType.RELATION_ADD_OR_UPDATE, null, relation);
-            logEntityAction(relation.getTo(), null, getCurrentUser().getCustomerId(),
-                    ActionType.RELATION_ADD_OR_UPDATE, null, relation);
-
-            sendRelationNotificationMsg(getTenantId(), relation, EdgeEventActionType.RELATION_ADD_OR_UPDATE);
-        } catch (Exception e) {
-            logEntityAction(relation.getFrom(), null, getCurrentUser().getCustomerId(),
-                    ActionType.RELATION_ADD_OR_UPDATE, e, relation);
-            logEntityAction(relation.getTo(), null, getCurrentUser().getCustomerId(),
-                    ActionType.RELATION_ADD_OR_UPDATE, e, relation);
-            throw handleException(e);
+        checkNotNull(relation);
+        checkEntityId(relation.getFrom(), Operation.WRITE);
+        checkEntityId(relation.getTo(), Operation.WRITE);
+        if (relation.getTypeGroup() == null) {
+            relation.setTypeGroup(RelationTypeGroup.COMMON);
         }
+
+       tbEntityRelationService.save(relation, getCurrentUser());
     }
 
     @ApiOperation(value = "Delete Relation (deleteRelation)",
@@ -123,24 +112,8 @@ public class EntityRelationController extends BaseController {
         checkEntityId(toId, Operation.WRITE);
         RelationTypeGroup relationTypeGroup = parseRelationTypeGroup(strRelationTypeGroup, RelationTypeGroup.COMMON);
         EntityRelation relation = new EntityRelation(fromId, toId, strRelationType, relationTypeGroup);
-        try {
-            Boolean found = relationService.deleteRelation(getTenantId(), fromId, toId, strRelationType, relationTypeGroup);
-            if (!found) {
-                throw new ThingsboardException("Requested item wasn't found!", ThingsboardErrorCode.ITEM_NOT_FOUND);
-            }
-            logEntityAction(relation.getFrom(), null, getCurrentUser().getCustomerId(),
-                    ActionType.RELATION_DELETED, null, relation);
-            logEntityAction(relation.getTo(), null, getCurrentUser().getCustomerId(),
-                    ActionType.RELATION_DELETED, null, relation);
 
-            sendRelationNotificationMsg(getTenantId(), relation, EdgeEventActionType.RELATION_DELETED);
-        } catch (Exception e) {
-            logEntityAction(relation.getFrom(), null, getCurrentUser().getCustomerId(),
-                    ActionType.RELATION_DELETED, e, relation);
-            logEntityAction(relation.getTo(), null, getCurrentUser().getCustomerId(),
-                    ActionType.RELATION_DELETED, e, relation);
-            throw handleException(e);
-        }
+        tbEntityRelationService.delete(relation, getCurrentUser());
     }
 
     @ApiOperation(value = "Delete Relations (deleteRelations)",
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/AbstractTbEntityService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/AbstractTbEntityService.java
index 32a25d9c8c..f19f5c603b 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/AbstractTbEntityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/AbstractTbEntityService.java
@@ -22,6 +22,7 @@ import lombok.Getter;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.thingsboard.server.cluster.TbClusterService;
 import org.thingsboard.server.common.data.EntityType;
 import org.thingsboard.server.common.data.HasName;
 import org.thingsboard.server.common.data.User;
@@ -46,18 +47,21 @@ import org.thingsboard.server.dao.customer.CustomerService;
 import org.thingsboard.server.dao.dashboard.DashboardService;
 import org.thingsboard.server.dao.device.ClaimDevicesService;
 import org.thingsboard.server.dao.device.DeviceCredentialsService;
+import org.thingsboard.server.dao.device.DeviceProfileService;
 import org.thingsboard.server.dao.device.DeviceService;
 import org.thingsboard.server.dao.edge.EdgeService;
 import org.thingsboard.server.dao.entityview.EntityViewService;
 import org.thingsboard.server.dao.exception.DataValidationException;
 import org.thingsboard.server.dao.exception.IncorrectParameterException;
 import org.thingsboard.server.dao.model.ModelConstants;
+import org.thingsboard.server.dao.relation.RelationService;
 import org.thingsboard.server.dao.rule.RuleChainService;
 import org.thingsboard.server.dao.tenant.TbTenantProfileCache;
 import org.thingsboard.server.dao.tenant.TenantService;
 import org.thingsboard.server.service.action.EntityActionService;
 import org.thingsboard.server.service.edge.EdgeNotificationService;
 import org.thingsboard.server.service.executors.DbCallbackExecutorService;
+import org.thingsboard.server.service.ota.OtaPackageStateService;
 import org.thingsboard.server.service.security.permission.AccessControlService;
 import org.thingsboard.server.service.telemetry.TelemetrySubscriptionService;
 
@@ -120,6 +124,14 @@ public abstract class AbstractTbEntityService {
     protected AttributesService attributesService;
     @Autowired
     protected AccessControlService accessControlService;
+    @Autowired
+    protected DeviceProfileService deviceProfileService;
+    @Autowired
+    protected TbClusterService tbClusterService;
+    @Autowired
+    protected OtaPackageStateService otaPackageStateService;
+    @Autowired
+    protected RelationService relationService;
 
     protected ListenableFuture<Void> removeAlarmsByEntityId(TenantId tenantId, EntityId entityId) {
         ListenableFuture<PageData<AlarmInfo>> alarmsFuture =
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/DefaultTbNotificationEntityService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/DefaultTbNotificationEntityService.java
index ad59452d64..42b0fa3781 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/DefaultTbNotificationEntityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/DefaultTbNotificationEntityService.java
@@ -202,6 +202,16 @@ public class DefaultTbNotificationEntityService implements TbNotificationEntityS
         sendEntityNotificationMsg(alarm.getTenantId(), alarm.getId(), edgeTypeByActionType(actionType));
     }
 
+    @Override
+    public <E extends HasName, I extends EntityId> void notifyCreateOrUpdateOrDelete(I entityId, E entity, SecurityUser user,
+                                                                                     ActionType actionType, Exception e,
+                                                                                     Object... additionalInfo) {
+        notifyEntity(user.getTenantId(), entityId, entity, null, actionType, user, e, additionalInfo);
+        if (e == null) {
+            sendEntityNotificationMsg(user.getTenantId(), entityId, edgeTypeByActionType(actionType));
+        }
+    }
+
     private <E extends HasName, I extends EntityId> void logEntityAction(TenantId tenantId, I entityId, E entity, CustomerId customerId,
                                                                          ActionType actionType, SecurityUser user, Object... additionalInfo) {
         logEntityAction(tenantId, entityId, entity, customerId, actionType, user, null, additionalInfo);
@@ -219,6 +229,9 @@ public class DefaultTbNotificationEntityService implements TbNotificationEntityS
     private void sendEntityNotificationMsg(TenantId tenantId, EntityId entityId, EdgeEventActionType action) {
         sendNotificationMsgToEdgeService(tenantId, null, entityId, null, null, action);
     }
+    private void sendEntityRelationNotificationMsg(TenantId tenantId, EntityId entityId, EdgeEventActionType action) {
+        sendNotificationMsgToEdgeService(tenantId, null, entityId, null, null, action);
+    }
 
     private void sendEntityAssignToCustomerNotificationMsg(TenantId tenantId, EntityId entityId, CustomerId customerId, EdgeEventActionType action) {
         try {
@@ -297,6 +310,8 @@ public class DefaultTbNotificationEntityService implements TbNotificationEntityS
                 return EdgeEventActionType.ALARM_CLEAR;
             case DELETED:
                 return EdgeEventActionType.DELETED;
+            case RELATION_ADD_OR_UPDATE:
+                return EdgeEventActionType.RELATION_ADD_OR_UPDATE;
             default:
                 return null;
         }
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/TbNotificationEntityService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/TbNotificationEntityService.java
index 5ac8bbcfbf..68e9c794bc 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/TbNotificationEntityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/TbNotificationEntityService.java
@@ -68,6 +68,7 @@ public interface TbNotificationEntityService {
 
     void notifyCreateOruUpdateTenant(Tenant tenant, ComponentLifecycleEvent event);
 
+
     void notifyDeleteTenant(Tenant tenant);
 
     void notifyCreateOrUpdateDevice(TenantId tenantId, DeviceId deviceId, CustomerId customerId, Device device,
@@ -82,7 +83,12 @@ public interface TbNotificationEntityService {
     void notifyAssignDeviceToTenant(TenantId tenantId, TenantId newTenantId, DeviceId deviceId, CustomerId customerId,
                                     Device device, Tenant tenant, SecurityUser user, Object... additionalInfo);
 
-    void notifyEdge(TenantId tenantId, EdgeId edgeId, CustomerId customerId, Edge edge, ActionType actionType, SecurityUser user, Object... additionalInfo);
+    void notifyEdge(TenantId tenantId, EdgeId edgeId, CustomerId customerId, Edge edge, ActionType actionType,
+                    SecurityUser user, Object... additionalInfo);
 
     void notifyCreateOrUpdateAlarm(Alarm alarm, ActionType actionType, SecurityUser user, Object... additionalInfo);
+
+    <E extends HasName, I extends EntityId> void  notifyCreateOrUpdateOrDelete(I entityId, E entity, SecurityUser user,
+                                                                               ActionType actionType, Exception e,
+                                                                               Object... additionalInfo);
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/DefaultTbDeviceProfileService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/DefaultTbDeviceProfileService.java
new file mode 100644
index 0000000000..cf97e1a2ea
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/DefaultTbDeviceProfileService.java
@@ -0,0 +1,110 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.entitiy.deviceProfile;
+
+import lombok.AllArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+import org.thingsboard.server.common.data.DeviceProfile;
+import org.thingsboard.server.common.data.EntityType;
+import org.thingsboard.server.common.data.audit.ActionType;
+import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.TenantId;
+import org.thingsboard.server.common.data.plugin.ComponentLifecycleEvent;
+import org.thingsboard.server.queue.util.TbCoreComponent;
+import org.thingsboard.server.service.entitiy.AbstractTbEntityService;
+import org.thingsboard.server.service.security.model.SecurityUser;
+
+import java.util.Objects;
+
+@Service
+@TbCoreComponent
+@AllArgsConstructor
+@Slf4j
+public class DefaultTbDeviceProfileService extends AbstractTbEntityService implements TbDeviceProfileService {
+    @Override
+    public DeviceProfile save(DeviceProfile deviceProfile, SecurityUser user) throws ThingsboardException {
+        ActionType actionType = deviceProfile.getId() == null ? ActionType.ADDED : ActionType.UPDATED;
+        TenantId tenantId = user.getTenantId();
+        try {
+            boolean isFirmwareChanged = false;
+            boolean isSoftwareChanged = false;
+
+            if (actionType.equals(ActionType.UPDATED)) {
+                DeviceProfile oldDeviceProfile = deviceProfileService.findDeviceProfileById(tenantId, deviceProfile.getId());
+                if (!Objects.equals(deviceProfile.getFirmwareId(), oldDeviceProfile.getFirmwareId())) {
+                    isFirmwareChanged = true;
+                }
+                if (!Objects.equals(deviceProfile.getSoftwareId(), oldDeviceProfile.getSoftwareId())) {
+                    isSoftwareChanged = true;
+                }
+            }
+            DeviceProfile savedDeviceProfile = checkNotNull(deviceProfileService.saveDeviceProfile(deviceProfile));
+
+            tbClusterService.onDeviceProfileChange(savedDeviceProfile, null);
+            tbClusterService.broadcastEntityStateChangeEvent(deviceProfile.getTenantId(), savedDeviceProfile.getId(),
+                    actionType.equals(ActionType.ADDED) ? ComponentLifecycleEvent.CREATED : ComponentLifecycleEvent.UPDATED);
+
+            otaPackageStateService.update(savedDeviceProfile, isFirmwareChanged, isSoftwareChanged);
+
+            notificationEntityService.notifyCreateOrUpdateOrDelete(deviceProfile.getId(), deviceProfile, user, actionType, null);
+            return savedDeviceProfile;
+        } catch (Exception e) {
+            notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.DEVICE_PROFILE), deviceProfile, null,
+                    actionType, user, e);
+            throw handleException(e);
+        }
+    }
+
+    @Override
+    public void delete(DeviceProfile deviceProfile, SecurityUser user) throws ThingsboardException {
+        TenantId tenantId = user.getTenantId();
+        try {
+            deviceProfileService.deleteDeviceProfile(tenantId, deviceProfile.getId());
+
+            tbClusterService.onDeviceProfileDelete(deviceProfile, null);
+            tbClusterService.broadcastEntityStateChangeEvent(deviceProfile.getTenantId(), deviceProfile.getId(), ComponentLifecycleEvent.DELETED);
+            notificationEntityService.notifyCreateOrUpdateOrDelete(deviceProfile.getId(), deviceProfile, user, ActionType.DELETED,  null, deviceProfile.getId().toString());
+        } catch (Exception e) {
+            notificationEntityService.notifyCreateOrUpdateOrDelete(emptyId(EntityType.DEVICE_PROFILE), null, user, ActionType.DELETED,  e, deviceProfile.getId().toString());
+            throw handleException(e);
+        }
+    }
+
+    @Override
+    public DeviceProfile setDefaultDeviceProfile(DeviceProfile deviceProfile, DeviceProfile previousDefaultDeviceProfile, SecurityUser user) throws ThingsboardException {
+        TenantId tenantId = user.getTenantId();
+        try {
+
+            if (deviceProfileService.setDefaultDeviceProfile(user.getTenantId(), deviceProfile.getId())) {
+                if (previousDefaultDeviceProfile != null) {
+                    previousDefaultDeviceProfile = deviceProfileService.findDeviceProfileById(user.getTenantId(), previousDefaultDeviceProfile.getId());
+                    notificationEntityService.notifyEntity(tenantId, previousDefaultDeviceProfile.getId(), previousDefaultDeviceProfile, null,
+                            ActionType.UPDATED, user, null);
+                }
+                deviceProfile = deviceProfileService.findDeviceProfileById(tenantId, deviceProfile.getId());
+
+                notificationEntityService.notifyEntity(tenantId, deviceProfile.getId(), deviceProfile, null,
+                        ActionType.UPDATED, user, null);
+            }
+            return deviceProfile;
+        } catch (Exception e) {
+            notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.DEVICE_PROFILE), null, null,
+                    ActionType.UPDATED, user, e, deviceProfile.getId().toString());
+            throw handleException(e);
+        }
+    }
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/TbDeviceProfileService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/TbDeviceProfileService.java
new file mode 100644
index 0000000000..28b07e7d13
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/TbDeviceProfileService.java
@@ -0,0 +1,26 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.entitiy.deviceProfile;
+
+import org.thingsboard.server.common.data.DeviceProfile;
+import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.service.entitiy.SimpleTbEntityService;
+import org.thingsboard.server.service.security.model.SecurityUser;
+
+public interface TbDeviceProfileService extends SimpleTbEntityService<DeviceProfile> {
+
+    DeviceProfile setDefaultDeviceProfile(DeviceProfile deviceProfile, DeviceProfile previousDefaultDeviceProfile, SecurityUser user) throws ThingsboardException;
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/DefaultTbEntityRelationService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/DefaultTbEntityRelationService.java
new file mode 100644
index 0000000000..19a08e5365
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/DefaultTbEntityRelationService.java
@@ -0,0 +1,64 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.entitiy.entityRelation;
+
+import lombok.AllArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+import org.thingsboard.server.common.data.audit.ActionType;
+import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
+import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.TenantId;
+import org.thingsboard.server.common.data.relation.EntityRelation;
+import org.thingsboard.server.queue.util.TbCoreComponent;
+import org.thingsboard.server.service.entitiy.AbstractTbEntityService;
+import org.thingsboard.server.service.security.model.SecurityUser;
+
+@Service
+@TbCoreComponent
+@AllArgsConstructor
+@Slf4j
+public class DefaultTbEntityRelationService extends AbstractTbEntityService implements TbEntityRelationService {
+    @Override
+    public void save(EntityRelation relation, SecurityUser user) throws ThingsboardException {
+        TenantId tenantId = user.getTenantId();
+        try {
+            relationService.saveRelation(tenantId, relation);
+            notificationEntityService.notifyCreateOrUpdateOrDelete(relation.getFrom(), null, user, ActionType.RELATION_ADD_OR_UPDATE, null, relation);
+            notificationEntityService.notifyCreateOrUpdateOrDelete(relation.getTo(), null, user, ActionType.RELATION_ADD_OR_UPDATE, null, relation);
+        } catch (Exception e) {
+            notificationEntityService.notifyCreateOrUpdateOrDelete(relation.getFrom(), null, user, ActionType.RELATION_ADD_OR_UPDATE, e, relation);
+            notificationEntityService.notifyCreateOrUpdateOrDelete(relation.getTo(), null, user, ActionType.RELATION_ADD_OR_UPDATE, e, relation);
+            throw handleException(e);
+        }
+    }
+
+    @Override
+    public void delete(EntityRelation relation, SecurityUser user) throws ThingsboardException {
+        try {
+            Boolean found = relationService.deleteRelation(user.getTenantId(), relation.getFrom(), relation.getTo(), relation.getType(), relation.getTypeGroup());
+            if (!found) {
+                throw new ThingsboardException("Requested item wasn't found!", ThingsboardErrorCode.ITEM_NOT_FOUND);
+            }
+            notificationEntityService.notifyCreateOrUpdateOrDelete(relation.getFrom(), null, user, ActionType.RELATION_DELETED, null, relation);
+            notificationEntityService.notifyCreateOrUpdateOrDelete(relation.getTo(), null, user, ActionType.RELATION_DELETED, null, relation);
+        } catch (Exception e) {
+            notificationEntityService.notifyCreateOrUpdateOrDelete(relation.getFrom(), null, user, ActionType.RELATION_DELETED, e, relation);
+            notificationEntityService.notifyCreateOrUpdateOrDelete(relation.getTo(), null, user, ActionType.RELATION_DELETED, e, relation);
+            throw handleException(e);
+        }
+    }
+}
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/TbEntityRelationService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/TbEntityRelationService.java
new file mode 100644
index 0000000000..8bcb58c777
--- /dev/null
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/TbEntityRelationService.java
@@ -0,0 +1,28 @@
+/**
+ * Copyright © 2016-2022 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.entitiy.entityRelation;
+
+import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.relation.EntityRelation;
+import org.thingsboard.server.service.security.model.SecurityUser;
+
+public interface TbEntityRelationService {
+
+    void save(EntityRelation entity, SecurityUser user) throws ThingsboardException;
+
+    void delete(EntityRelation entity, SecurityUser user) throws ThingsboardException;
+
+}

From 0aa86f5a72feaa53a5813fa63907f48e45f977fc Mon Sep 17 00:00:00 2001
From: nickAS21 <nick@thingsboard.io>
Date: Tue, 24 May 2022 14:22:33 +0300
Subject: [PATCH 62/92] refactoring: EntityRelationController removed unused
 code

---
 .../service/entitiy/DefaultTbNotificationEntityService.java    | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/DefaultTbNotificationEntityService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/DefaultTbNotificationEntityService.java
index 42b0fa3781..f9ea9ea166 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/DefaultTbNotificationEntityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/DefaultTbNotificationEntityService.java
@@ -229,9 +229,6 @@ public class DefaultTbNotificationEntityService implements TbNotificationEntityS
     private void sendEntityNotificationMsg(TenantId tenantId, EntityId entityId, EdgeEventActionType action) {
         sendNotificationMsgToEdgeService(tenantId, null, entityId, null, null, action);
     }
-    private void sendEntityRelationNotificationMsg(TenantId tenantId, EntityId entityId, EdgeEventActionType action) {
-        sendNotificationMsgToEdgeService(tenantId, null, entityId, null, null, action);
-    }
 
     private void sendEntityAssignToCustomerNotificationMsg(TenantId tenantId, EntityId entityId, CustomerId customerId, EdgeEventActionType action) {
         try {

From 15d9a3e956697e8a774aef15009e9fad95d0b745 Mon Sep 17 00:00:00 2001
From: nickAS21 <nick@thingsboard.io>
Date: Tue, 24 May 2022 15:01:24 +0300
Subject: [PATCH 63/92] refactoring: DeviceProfileController fix bug test
 MqttClaimDeviceTest

---
 .../entitiy/deviceProfile/DefaultTbDeviceProfileService.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/DefaultTbDeviceProfileService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/DefaultTbDeviceProfileService.java
index cf97e1a2ea..a01a37da0a 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/DefaultTbDeviceProfileService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/DefaultTbDeviceProfileService.java
@@ -60,7 +60,7 @@ public class DefaultTbDeviceProfileService extends AbstractTbEntityService imple
 
             otaPackageStateService.update(savedDeviceProfile, isFirmwareChanged, isSoftwareChanged);
 
-            notificationEntityService.notifyCreateOrUpdateOrDelete(deviceProfile.getId(), deviceProfile, user, actionType, null);
+            notificationEntityService.notifyCreateOrUpdateOrDelete(savedDeviceProfile.getId(), savedDeviceProfile, user, actionType, null);
             return savedDeviceProfile;
         } catch (Exception e) {
             notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.DEVICE_PROFILE), deviceProfile, null,

From d00234b3a29c320379ddb8226f27041783663bb5 Mon Sep 17 00:00:00 2001
From: nickAS21 <nick@thingsboard.io>
Date: Tue, 24 May 2022 18:09:19 +0300
Subject: [PATCH 64/92] refactoring: EntityRelationController fix bug
 sendRelationNotification

---
 .../DefaultTbNotificationEntityService.java   | 26 ++++++++++++++++---
 .../entitiy/TbNotificationEntityService.java  |  8 +++++-
 .../DefaultTbDeviceProfileService.java        |  6 ++---
 .../DefaultTbEntityRelationService.java       | 24 +++++++++++------
 4 files changed, 49 insertions(+), 15 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/DefaultTbNotificationEntityService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/DefaultTbNotificationEntityService.java
index f9ea9ea166..f9ab7401fc 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/DefaultTbNotificationEntityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/DefaultTbNotificationEntityService.java
@@ -24,6 +24,7 @@ import org.thingsboard.rule.engine.api.msg.DeviceCredentialsUpdateNotificationMs
 import org.thingsboard.server.cluster.TbClusterService;
 import org.thingsboard.server.common.data.DataConstants;
 import org.thingsboard.server.common.data.Device;
+import org.thingsboard.server.common.data.EntityType;
 import org.thingsboard.server.common.data.HasName;
 import org.thingsboard.server.common.data.Tenant;
 import org.thingsboard.server.common.data.alarm.Alarm;
@@ -37,6 +38,7 @@ import org.thingsboard.server.common.data.id.EdgeId;
 import org.thingsboard.server.common.data.id.EntityId;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.plugin.ComponentLifecycleEvent;
+import org.thingsboard.server.common.data.relation.EntityRelation;
 import org.thingsboard.server.common.data.security.DeviceCredentials;
 import org.thingsboard.server.common.msg.TbMsg;
 import org.thingsboard.server.common.msg.TbMsgDataType;
@@ -203,12 +205,30 @@ public class DefaultTbNotificationEntityService implements TbNotificationEntityS
     }
 
     @Override
-    public <E extends HasName, I extends EntityId> void notifyCreateOrUpdateOrDelete(I entityId, E entity, SecurityUser user,
+    public <E extends HasName, I extends EntityId> void notifyCreateOrUpdateOrDelete(TenantId tenantId, CustomerId customerId,
+                                                                                     I entityId, E entity, SecurityUser user,
                                                                                      ActionType actionType, Exception e,
                                                                                      Object... additionalInfo) {
-        notifyEntity(user.getTenantId(), entityId, entity, null, actionType, user, e, additionalInfo);
+        notifyEntity(tenantId, entityId, entity, customerId, actionType, user, e, additionalInfo);
         if (e == null) {
-            sendEntityNotificationMsg(user.getTenantId(), entityId, edgeTypeByActionType(actionType));
+            sendEntityNotificationMsg(tenantId, entityId, edgeTypeByActionType(actionType));
+        }
+    }
+
+    @Override
+    public void notifyCreateOrUpdateOrDeleteRelation(TenantId tenantId, CustomerId customerId, EntityId entityId,
+                                                     EntityRelation relation, SecurityUser user,
+                                                     ActionType actionType, Exception e,
+                                                     Object... additionalInfo) {
+        notifyEntity(tenantId, entityId, null, customerId, actionType, user, e, additionalInfo);
+        try {
+            if (!relation.getFrom().getEntityType().equals(EntityType.EDGE) &&
+                    !relation.getTo().getEntityType().equals(EntityType.EDGE)) {
+                sendNotificationMsgToEdgeService(tenantId, null, null, json.writeValueAsString(relation),
+                        EdgeEventType.RELATION, edgeTypeByActionType(actionType));
+            }
+        } catch (Exception e1) {
+            log.warn("Failed to push relation to core: {}", relation, e1);
         }
     }
 
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/TbNotificationEntityService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/TbNotificationEntityService.java
index 68e9c794bc..65d2db3fd6 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/TbNotificationEntityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/TbNotificationEntityService.java
@@ -28,6 +28,7 @@ import org.thingsboard.server.common.data.id.EdgeId;
 import org.thingsboard.server.common.data.id.EntityId;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.plugin.ComponentLifecycleEvent;
+import org.thingsboard.server.common.data.relation.EntityRelation;
 import org.thingsboard.server.common.data.security.DeviceCredentials;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
@@ -88,7 +89,12 @@ public interface TbNotificationEntityService {
 
     void notifyCreateOrUpdateAlarm(Alarm alarm, ActionType actionType, SecurityUser user, Object... additionalInfo);
 
-    <E extends HasName, I extends EntityId> void  notifyCreateOrUpdateOrDelete(I entityId, E entity, SecurityUser user,
+    <E extends HasName, I extends EntityId> void  notifyCreateOrUpdateOrDelete(TenantId tenantId, CustomerId customerId,
+                                                                               I entityId, E entity, SecurityUser user,
                                                                                ActionType actionType, Exception e,
                                                                                Object... additionalInfo);
+    void  notifyCreateOrUpdateOrDeleteRelation (TenantId tenantId, CustomerId customerId, EntityId entityId,
+                                                EntityRelation relation, SecurityUser user,
+                                                ActionType actionType, Exception e,
+                                                Object... additionalInfo);
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/DefaultTbDeviceProfileService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/DefaultTbDeviceProfileService.java
index a01a37da0a..cf6dfafa1e 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/DefaultTbDeviceProfileService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/DefaultTbDeviceProfileService.java
@@ -60,7 +60,7 @@ public class DefaultTbDeviceProfileService extends AbstractTbEntityService imple
 
             otaPackageStateService.update(savedDeviceProfile, isFirmwareChanged, isSoftwareChanged);
 
-            notificationEntityService.notifyCreateOrUpdateOrDelete(savedDeviceProfile.getId(), savedDeviceProfile, user, actionType, null);
+            notificationEntityService.notifyCreateOrUpdateOrDelete(user.getTenantId(), user.getCustomerId(), savedDeviceProfile.getId(), savedDeviceProfile, user, actionType, null);
             return savedDeviceProfile;
         } catch (Exception e) {
             notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.DEVICE_PROFILE), deviceProfile, null,
@@ -77,9 +77,9 @@ public class DefaultTbDeviceProfileService extends AbstractTbEntityService imple
 
             tbClusterService.onDeviceProfileDelete(deviceProfile, null);
             tbClusterService.broadcastEntityStateChangeEvent(deviceProfile.getTenantId(), deviceProfile.getId(), ComponentLifecycleEvent.DELETED);
-            notificationEntityService.notifyCreateOrUpdateOrDelete(deviceProfile.getId(), deviceProfile, user, ActionType.DELETED,  null, deviceProfile.getId().toString());
+            notificationEntityService.notifyCreateOrUpdateOrDelete(user.getTenantId(), user.getCustomerId(), deviceProfile.getId(), deviceProfile, user, ActionType.DELETED,  null, deviceProfile.getId().toString());
         } catch (Exception e) {
-            notificationEntityService.notifyCreateOrUpdateOrDelete(emptyId(EntityType.DEVICE_PROFILE), null, user, ActionType.DELETED,  e, deviceProfile.getId().toString());
+            notificationEntityService.notifyCreateOrUpdateOrDelete(user.getTenantId(), user.getCustomerId(), emptyId(EntityType.DEVICE_PROFILE), null, user, ActionType.DELETED,  e, deviceProfile.getId().toString());
             throw handleException(e);
         }
     }
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/DefaultTbEntityRelationService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/DefaultTbEntityRelationService.java
index 19a08e5365..7c4f688f8c 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/DefaultTbEntityRelationService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/DefaultTbEntityRelationService.java
@@ -37,11 +37,15 @@ public class DefaultTbEntityRelationService extends AbstractTbEntityService impl
         TenantId tenantId = user.getTenantId();
         try {
             relationService.saveRelation(tenantId, relation);
-            notificationEntityService.notifyCreateOrUpdateOrDelete(relation.getFrom(), null, user, ActionType.RELATION_ADD_OR_UPDATE, null, relation);
-            notificationEntityService.notifyCreateOrUpdateOrDelete(relation.getTo(), null, user, ActionType.RELATION_ADD_OR_UPDATE, null, relation);
+            notificationEntityService.notifyCreateOrUpdateOrDeleteRelation (user.getTenantId(), user.getCustomerId(),
+                    relation.getFrom(), relation, user, ActionType.RELATION_ADD_OR_UPDATE, null, relation);
+            notificationEntityService.notifyCreateOrUpdateOrDeleteRelation(user.getTenantId(), user.getCustomerId(),
+                    relation.getTo(), relation, user, ActionType.RELATION_ADD_OR_UPDATE, null, relation);
         } catch (Exception e) {
-            notificationEntityService.notifyCreateOrUpdateOrDelete(relation.getFrom(), null, user, ActionType.RELATION_ADD_OR_UPDATE, e, relation);
-            notificationEntityService.notifyCreateOrUpdateOrDelete(relation.getTo(), null, user, ActionType.RELATION_ADD_OR_UPDATE, e, relation);
+            notificationEntityService.notifyCreateOrUpdateOrDelete(user.getTenantId(), user.getCustomerId(),
+                    relation.getFrom(), null, user, ActionType.RELATION_ADD_OR_UPDATE, e, relation);
+            notificationEntityService.notifyCreateOrUpdateOrDelete(user.getTenantId(), user.getCustomerId(),
+                    relation.getTo(), null, user, ActionType.RELATION_ADD_OR_UPDATE, e, relation);
             throw handleException(e);
         }
     }
@@ -53,11 +57,15 @@ public class DefaultTbEntityRelationService extends AbstractTbEntityService impl
             if (!found) {
                 throw new ThingsboardException("Requested item wasn't found!", ThingsboardErrorCode.ITEM_NOT_FOUND);
             }
-            notificationEntityService.notifyCreateOrUpdateOrDelete(relation.getFrom(), null, user, ActionType.RELATION_DELETED, null, relation);
-            notificationEntityService.notifyCreateOrUpdateOrDelete(relation.getTo(), null, user, ActionType.RELATION_DELETED, null, relation);
+            notificationEntityService.notifyCreateOrUpdateOrDeleteRelation(user.getTenantId(), user.getCustomerId(),
+                    relation.getFrom(), relation, user, ActionType.RELATION_DELETED, null, relation);
+            notificationEntityService.notifyCreateOrUpdateOrDeleteRelation(user.getTenantId(), user.getCustomerId(),
+                    relation.getTo(), relation, user, ActionType.RELATION_DELETED, null, relation);
         } catch (Exception e) {
-            notificationEntityService.notifyCreateOrUpdateOrDelete(relation.getFrom(), null, user, ActionType.RELATION_DELETED, e, relation);
-            notificationEntityService.notifyCreateOrUpdateOrDelete(relation.getTo(), null, user, ActionType.RELATION_DELETED, e, relation);
+            notificationEntityService.notifyCreateOrUpdateOrDelete(user.getTenantId(), user.getCustomerId(),
+                    relation.getFrom(), null, user, ActionType.RELATION_DELETED, e, relation);
+            notificationEntityService.notifyCreateOrUpdateOrDelete(user.getTenantId(), user.getCustomerId(),
+                    relation.getTo(), null, user, ActionType.RELATION_DELETED, e, relation);
             throw handleException(e);
         }
     }

From aecaca734f1385cc54d57f297669356e72bb45ee Mon Sep 17 00:00:00 2001
From: nickAS21 <nick@thingsboard.io>
Date: Tue, 24 May 2022 23:33:39 +0300
Subject: [PATCH 65/92] refactoring: EntityRelationController fix bug
 testRelations

---
 .../controller/EntityRelationController.java  | 10 ++---
 .../DefaultTbNotificationEntityService.java   | 23 +++++++----
 .../entitiy/TbNotificationEntityService.java  | 23 ++++++-----
 .../DefaultTbEntityRelationService.java       | 41 ++++++++++---------
 .../TbEntityRelationService.java              |  9 +++-
 5 files changed, 58 insertions(+), 48 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/EntityRelationController.java b/application/src/main/java/org/thingsboard/server/controller/EntityRelationController.java
index b1b39ef5bd..54a891e1f8 100644
--- a/application/src/main/java/org/thingsboard/server/controller/EntityRelationController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/EntityRelationController.java
@@ -28,7 +28,6 @@ import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.ResponseStatus;
 import org.springframework.web.bind.annotation.RestController;
-import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.EntityId;
 import org.thingsboard.server.common.data.id.EntityIdFactory;
@@ -87,7 +86,7 @@ public class EntityRelationController extends BaseController {
             relation.setTypeGroup(RelationTypeGroup.COMMON);
         }
 
-       tbEntityRelationService.save(relation, getCurrentUser());
+       tbEntityRelationService.save(getTenantId(), getCurrentUser().getCustomerId(), relation, getCurrentUser());
     }
 
     @ApiOperation(value = "Delete Relation (deleteRelation)",
@@ -113,7 +112,7 @@ public class EntityRelationController extends BaseController {
         RelationTypeGroup relationTypeGroup = parseRelationTypeGroup(strRelationTypeGroup, RelationTypeGroup.COMMON);
         EntityRelation relation = new EntityRelation(fromId, toId, strRelationType, relationTypeGroup);
 
-        tbEntityRelationService.delete(relation, getCurrentUser());
+        tbEntityRelationService.delete(getTenantId(), getCurrentUser().getCustomerId(), relation, getCurrentUser());
     }
 
     @ApiOperation(value = "Delete Relations (deleteRelations)",
@@ -129,10 +128,9 @@ public class EntityRelationController extends BaseController {
         EntityId entityId = EntityIdFactory.getByTypeAndId(strType, strId);
         checkEntityId(entityId, Operation.WRITE);
         try {
-            relationService.deleteEntityRelations(getTenantId(), entityId);
-            logEntityAction(entityId, null, getCurrentUser().getCustomerId(), ActionType.RELATIONS_DELETED, null);
+            tbEntityRelationService.deleteRelations (getTenantId(), getCurrentUser().getCustomerId(), entityId, getCurrentUser(), null);
         } catch (Exception e) {
-            logEntityAction(entityId, null, getCurrentUser().getCustomerId(), ActionType.RELATIONS_DELETED, e);
+            tbEntityRelationService.deleteRelations (getTenantId(), getCurrentUser().getCustomerId(), entityId, getCurrentUser(), e);
             throw handleException(e);
         }
     }
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/DefaultTbNotificationEntityService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/DefaultTbNotificationEntityService.java
index f9ab7401fc..f9af011013 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/DefaultTbNotificationEntityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/DefaultTbNotificationEntityService.java
@@ -216,19 +216,22 @@ public class DefaultTbNotificationEntityService implements TbNotificationEntityS
     }
 
     @Override
-    public void notifyCreateOrUpdateOrDeleteRelation(TenantId tenantId, CustomerId customerId, EntityId entityId,
+    public void notifyCreateOrUpdateOrDeleteRelation(TenantId tenantId, CustomerId customerId,
                                                      EntityRelation relation, SecurityUser user,
                                                      ActionType actionType, Exception e,
                                                      Object... additionalInfo) {
-        notifyEntity(tenantId, entityId, null, customerId, actionType, user, e, additionalInfo);
-        try {
-            if (!relation.getFrom().getEntityType().equals(EntityType.EDGE) &&
-                    !relation.getTo().getEntityType().equals(EntityType.EDGE)) {
-                sendNotificationMsgToEdgeService(tenantId, null, null, json.writeValueAsString(relation),
-                        EdgeEventType.RELATION, edgeTypeByActionType(actionType));
+        notifyEntity(tenantId, relation.getFrom(), null, customerId, actionType, user, e, additionalInfo);
+        notifyEntity(tenantId, relation.getTo(), null, customerId, actionType, user, e, additionalInfo);
+        if (e == null) {
+            try {
+                if (!relation.getFrom().getEntityType().equals(EntityType.EDGE) &&
+                        !relation.getTo().getEntityType().equals(EntityType.EDGE)) {
+                    sendNotificationMsgToEdgeService(tenantId, null, null, json.writeValueAsString(relation),
+                            EdgeEventType.RELATION, edgeTypeByActionType(actionType));
+                }
+            } catch (Exception e1) {
+                log.warn("Failed to push relation to core: {}", relation, e1);
             }
-        } catch (Exception e1) {
-            log.warn("Failed to push relation to core: {}", relation, e1);
         }
     }
 
@@ -329,6 +332,8 @@ public class DefaultTbNotificationEntityService implements TbNotificationEntityS
                 return EdgeEventActionType.DELETED;
             case RELATION_ADD_OR_UPDATE:
                 return EdgeEventActionType.RELATION_ADD_OR_UPDATE;
+            case RELATION_DELETED:
+                return EdgeEventActionType.RELATION_DELETED;
             default:
                 return null;
         }
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/TbNotificationEntityService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/TbNotificationEntityService.java
index 65d2db3fd6..97d9b0ca58 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/TbNotificationEntityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/TbNotificationEntityService.java
@@ -50,9 +50,9 @@ public interface TbNotificationEntityService {
                                                                     SecurityUser user, Object... additionalInfo);
 
     void notifyDeleteAlarm(TenantId tenantId, Alarm alarm, EntityId originatorId,
-                                                                   CustomerId customerId, ActionType actionType,
-                                                                   List<EdgeId> relatedEdgeIds,
-                                                                   SecurityUser user, String body, Object... additionalInfo);
+                           CustomerId customerId, ActionType actionType,
+                           List<EdgeId> relatedEdgeIds,
+                           SecurityUser user, String body, Object... additionalInfo);
 
     <E extends HasName, I extends EntityId> void notifyAssignOrUnassignEntityToCustomer(TenantId tenantId, I entityId,
                                                                                         CustomerId customerId, E entity,
@@ -89,12 +89,13 @@ public interface TbNotificationEntityService {
 
     void notifyCreateOrUpdateAlarm(Alarm alarm, ActionType actionType, SecurityUser user, Object... additionalInfo);
 
-    <E extends HasName, I extends EntityId> void  notifyCreateOrUpdateOrDelete(TenantId tenantId, CustomerId customerId,
-                                                                               I entityId, E entity, SecurityUser user,
-                                                                               ActionType actionType, Exception e,
-                                                                               Object... additionalInfo);
-    void  notifyCreateOrUpdateOrDeleteRelation (TenantId tenantId, CustomerId customerId, EntityId entityId,
-                                                EntityRelation relation, SecurityUser user,
-                                                ActionType actionType, Exception e,
-                                                Object... additionalInfo);
+    <E extends HasName, I extends EntityId> void notifyCreateOrUpdateOrDelete(TenantId tenantId, CustomerId customerId,
+                                                                              I entityId, E entity, SecurityUser user,
+                                                                              ActionType actionType, Exception e,
+                                                                              Object... additionalInfo);
+
+    void notifyCreateOrUpdateOrDeleteRelation(TenantId tenantId, CustomerId customerId,
+                                              EntityRelation relation, SecurityUser user,
+                                              ActionType actionType, Exception e,
+                                              Object... additionalInfo);
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/DefaultTbEntityRelationService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/DefaultTbEntityRelationService.java
index 7c4f688f8c..57fedfab73 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/DefaultTbEntityRelationService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/DefaultTbEntityRelationService.java
@@ -21,6 +21,8 @@ import org.springframework.stereotype.Service;
 import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.CustomerId;
+import org.thingsboard.server.common.data.id.EntityId;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.relation.EntityRelation;
 import org.thingsboard.server.queue.util.TbCoreComponent;
@@ -33,40 +35,39 @@ import org.thingsboard.server.service.security.model.SecurityUser;
 @Slf4j
 public class DefaultTbEntityRelationService extends AbstractTbEntityService implements TbEntityRelationService {
     @Override
-    public void save(EntityRelation relation, SecurityUser user) throws ThingsboardException {
-        TenantId tenantId = user.getTenantId();
+    public void save(TenantId tenantId, CustomerId customerId, EntityRelation relation, SecurityUser user) throws ThingsboardException {
         try {
             relationService.saveRelation(tenantId, relation);
-            notificationEntityService.notifyCreateOrUpdateOrDeleteRelation (user.getTenantId(), user.getCustomerId(),
-                    relation.getFrom(), relation, user, ActionType.RELATION_ADD_OR_UPDATE, null, relation);
-            notificationEntityService.notifyCreateOrUpdateOrDeleteRelation(user.getTenantId(), user.getCustomerId(),
-                    relation.getTo(), relation, user, ActionType.RELATION_ADD_OR_UPDATE, null, relation);
+            notificationEntityService.notifyCreateOrUpdateOrDeleteRelation (tenantId, customerId,
+                    relation, user, ActionType.RELATION_ADD_OR_UPDATE, null, relation);
         } catch (Exception e) {
-            notificationEntityService.notifyCreateOrUpdateOrDelete(user.getTenantId(), user.getCustomerId(),
-                    relation.getFrom(), null, user, ActionType.RELATION_ADD_OR_UPDATE, e, relation);
-            notificationEntityService.notifyCreateOrUpdateOrDelete(user.getTenantId(), user.getCustomerId(),
-                    relation.getTo(), null, user, ActionType.RELATION_ADD_OR_UPDATE, e, relation);
+            notificationEntityService.notifyCreateOrUpdateOrDeleteRelation (tenantId, customerId,
+                    relation, user, ActionType.RELATION_ADD_OR_UPDATE, e, relation);
             throw handleException(e);
         }
     }
 
     @Override
-    public void delete(EntityRelation relation, SecurityUser user) throws ThingsboardException {
+    public void delete(TenantId tenantId, CustomerId customerId, EntityRelation relation, SecurityUser user) throws ThingsboardException {
         try {
-            Boolean found = relationService.deleteRelation(user.getTenantId(), relation.getFrom(), relation.getTo(), relation.getType(), relation.getTypeGroup());
+            Boolean found = relationService.deleteRelation(tenantId, relation.getFrom(), relation.getTo(), relation.getType(), relation.getTypeGroup());
             if (!found) {
                 throw new ThingsboardException("Requested item wasn't found!", ThingsboardErrorCode.ITEM_NOT_FOUND);
             }
-            notificationEntityService.notifyCreateOrUpdateOrDeleteRelation(user.getTenantId(), user.getCustomerId(),
-                    relation.getFrom(), relation, user, ActionType.RELATION_DELETED, null, relation);
-            notificationEntityService.notifyCreateOrUpdateOrDeleteRelation(user.getTenantId(), user.getCustomerId(),
-                    relation.getTo(), relation, user, ActionType.RELATION_DELETED, null, relation);
+            notificationEntityService.notifyCreateOrUpdateOrDeleteRelation (tenantId, customerId,
+                    relation, user, ActionType.RELATION_DELETED, null, relation);
         } catch (Exception e) {
-            notificationEntityService.notifyCreateOrUpdateOrDelete(user.getTenantId(), user.getCustomerId(),
-                    relation.getFrom(), null, user, ActionType.RELATION_DELETED, e, relation);
-            notificationEntityService.notifyCreateOrUpdateOrDelete(user.getTenantId(), user.getCustomerId(),
-                    relation.getTo(), null, user, ActionType.RELATION_DELETED, e, relation);
+            notificationEntityService.notifyCreateOrUpdateOrDeleteRelation (tenantId, customerId,
+                    relation, user, ActionType.RELATION_DELETED, e, relation);
             throw handleException(e);
         }
     }
+
+    @Override
+    public void deleteRelations(TenantId tenantId, CustomerId customerId, EntityId entityId, SecurityUser user, Exception e) throws ThingsboardException {
+        if (e == null) {
+            relationService.deleteEntityRelations(tenantId, entityId);
+        }
+        notificationEntityService.notifyEntity(tenantId, entityId, null, customerId, ActionType.RELATIONS_DELETED, user, e);
+    }
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/TbEntityRelationService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/TbEntityRelationService.java
index 8bcb58c777..b4adcfd913 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/TbEntityRelationService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/TbEntityRelationService.java
@@ -16,13 +16,18 @@
 package org.thingsboard.server.service.entitiy.entityRelation;
 
 import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.CustomerId;
+import org.thingsboard.server.common.data.id.EntityId;
+import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.relation.EntityRelation;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 public interface TbEntityRelationService {
 
-    void save(EntityRelation entity, SecurityUser user) throws ThingsboardException;
+    void save(TenantId tenantId, CustomerId customerId, EntityRelation entity, SecurityUser user) throws ThingsboardException;
 
-    void delete(EntityRelation entity, SecurityUser user) throws ThingsboardException;
+    void delete(TenantId tenantId, CustomerId customerId, EntityRelation entity, SecurityUser user) throws ThingsboardException;
+
+    void deleteRelations (TenantId tenantId, CustomerId customerId, EntityId entityId, SecurityUser user, Exception e) throws ThingsboardException;
 
 }

From 7af89eefb03d74b9da18c9e08ad4d255408af3cb Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Wed, 25 May 2022 12:32:42 +0300
Subject: [PATCH 66/92] UI: Add support backup codes in 2FA

---
 .../http/two-factor-authentication.service.ts | 10 ++-
 .../import-dialog-csv.component.html          |  2 +-
 .../import-export/import-export.models.ts     |  5 ++
 .../import-export/import-export.service.ts    | 21 +++++-
 .../two-factor-auth-settings.component.html   | 17 ++++-
 .../two-factor-auth-settings.component.ts     | 27 ++++----
 .../authentication-dialog.component.scss      | 24 +++++++
 .../authentication-dialog.map.ts              |  6 +-
 .../backup-code-auth-dialog.component.html    | 46 +++++++++++++
 .../backup-code-auth-dialog.component.ts      | 65 ++++++++++++++++++
 .../email-auth-dialog.component.html          |  6 +-
 .../email-auth-dialog.component.ts            | 16 +++--
 .../sms-auth-dialog.component.html            |  6 +-
 .../sms-auth-dialog.component.ts              | 16 +++--
 .../totp-auth-dialog.component.html           |  4 +-
 .../totp-auth-dialog.component.ts             | 12 +++-
 .../pages/security/security.component.html    |  8 ++-
 .../pages/security/security.component.scss    | 34 ++--------
 .../home/pages/security/security.component.ts | 66 ++++++++++++++-----
 .../home/pages/security/security.module.ts    |  6 +-
 .../two-factor-auth-login.component.html      | 12 ++--
 .../login/two-factor-auth-login.component.ts  | 35 +++++++++-
 .../shared/models/two-factor-auth.models.ts   | 53 +++++++++++----
 .../assets/locale/locale.constant-cs_CZ.json  |  6 +-
 .../assets/locale/locale.constant-el_GR.json  |  6 +-
 .../assets/locale/locale.constant-en_US.json  | 26 ++++++--
 .../assets/locale/locale.constant-es_ES.json  |  6 +-
 .../assets/locale/locale.constant-ka_GE.json  |  6 +-
 .../assets/locale/locale.constant-ko_KR.json  |  6 +-
 .../assets/locale/locale.constant-lv_LV.json  |  6 +-
 .../assets/locale/locale.constant-pt_BR.json  |  6 +-
 .../assets/locale/locale.constant-ro_RO.json  |  6 +-
 .../assets/locale/locale.constant-ru_RU.json  |  6 +-
 .../assets/locale/locale.constant-sl_SI.json  |  6 +-
 .../assets/locale/locale.constant-tr_TR.json  |  6 +-
 .../assets/locale/locale.constant-uk_UA.json  |  6 +-
 36 files changed, 438 insertions(+), 157 deletions(-)
 create mode 100644 ui-ngx/src/app/modules/home/pages/security/authentication-dialog/backup-code-auth-dialog.component.html
 create mode 100644 ui-ngx/src/app/modules/home/pages/security/authentication-dialog/backup-code-auth-dialog.component.ts

diff --git a/ui-ngx/src/app/core/http/two-factor-authentication.service.ts b/ui-ngx/src/app/core/http/two-factor-authentication.service.ts
index c2a7a5235d..2e3a7caeeb 100644
--- a/ui-ngx/src/app/core/http/two-factor-authentication.service.ts
+++ b/ui-ngx/src/app/core/http/two-factor-authentication.service.ts
@@ -24,6 +24,7 @@ import {
   TwoFactorAuthProviderType,
   TwoFactorAuthSettings
 } from '@shared/models/two-factor-auth.models';
+import { isDefinedAndNotNull } from '@core/utils';
 
 @Injectable({
   providedIn: 'root'
@@ -66,10 +67,13 @@ export class TwoFactorAuthenticationService {
     return this.http.post(`/api/2fa/account/config/submit`, authConfig, defaultHttpOptionsFromConfig(config));
   }
 
-  verifyAndSaveTwoFaAccountConfig(authConfig: TwoFactorAuthAccountConfig, verificationCode: number,
+  verifyAndSaveTwoFaAccountConfig(authConfig: TwoFactorAuthAccountConfig, verificationCode?: number,
                                   config?: RequestConfig): Observable<AccountTwoFaSettings> {
-    return this.http.post<AccountTwoFaSettings>(`/api/2fa/account/config?verificationCode=${verificationCode}`,
-      authConfig, defaultHttpOptionsFromConfig(config));
+    let url = '/api/2fa/account/config';
+    if (isDefinedAndNotNull(verificationCode)) {
+      url += `?verificationCode=${verificationCode}`;
+    }
+    return this.http.post<AccountTwoFaSettings>(url, authConfig, defaultHttpOptionsFromConfig(config));
   }
 
   deleteTwoFaAccountConfig(providerType: TwoFactorAuthProviderType, config?: RequestConfig): Observable<AccountTwoFaSettings> {
diff --git a/ui-ngx/src/app/modules/home/components/import-export/import-dialog-csv.component.html b/ui-ngx/src/app/modules/home/components/import-export/import-dialog-csv.component.html
index b1c241c2a0..ead10e727d 100644
--- a/ui-ngx/src/app/modules/home/components/import-export/import-dialog-csv.component.html
+++ b/ui-ngx/src/app/modules/home/components/import-export/import-dialog-csv.component.html
@@ -117,7 +117,7 @@
         </mat-progress-bar>
       </mat-step>
       <mat-step>
-        <ng-template matStepLabel>{{ 'import.stepper-text.done' | translate }}</ng-template>
+        <ng-template matStepLabel>{{ 'action.done' | translate }}</ng-template>
         <div fxLayout="column">
           <p class="mat-body-1" *ngIf="this.statistical?.created">
             {{ translate.instant('import.message.create-entities', {count: this.statistical.created}) }}
diff --git a/ui-ngx/src/app/modules/home/components/import-export/import-export.models.ts b/ui-ngx/src/app/modules/home/components/import-export/import-export.models.ts
index 3b3100f47a..e5426d0ce0 100644
--- a/ui-ngx/src/app/modules/home/components/import-export/import-export.models.ts
+++ b/ui-ngx/src/app/modules/home/components/import-export/import-export.models.ts
@@ -138,6 +138,11 @@ export interface FileType {
   extension: string;
 }
 
+export const TEXT_TYPE: FileType = {
+  mimeType: 'text/plain',
+  extension: 'txt'
+};
+
 export const JSON_TYPE: FileType = {
   mimeType: 'text/json',
   extension: 'json'
diff --git a/ui-ngx/src/app/modules/home/components/import-export/import-export.service.ts b/ui-ngx/src/app/modules/home/components/import-export/import-export.service.ts
index d502aacc08..6e81442923 100644
--- a/ui-ngx/src/app/modules/home/components/import-export/import-export.service.ts
+++ b/ui-ngx/src/app/modules/home/components/import-export/import-export.service.ts
@@ -35,7 +35,7 @@ import {
 import { MatDialog } from '@angular/material/dialog';
 import { ImportDialogComponent, ImportDialogData } from '@home/components/import-export/import-dialog.component';
 import { forkJoin, Observable, of } from 'rxjs';
-import {catchError, map, mergeMap, switchMap, tap} from 'rxjs/operators';
+import { catchError, map, mergeMap, tap } from 'rxjs/operators';
 import { DashboardUtilsService } from '@core/services/dashboard-utils.service';
 import { EntityService } from '@core/http/entity.service';
 import { Widget, WidgetSize, WidgetType, WidgetTypeDetails } from '@shared/models/widget.models';
@@ -44,7 +44,16 @@ import {
   EntityAliasesDialogData
 } from '@home/components/alias/entity-aliases-dialog.component';
 import { ItemBufferService, WidgetItem } from '@core/services/item-buffer.service';
-import { FileType, ImportWidgetResult, JSON_TYPE, WidgetsBundleItem, ZIP_TYPE, BulkImportRequest, BulkImportResult } from './import-export.models';
+import {
+  BulkImportRequest,
+  BulkImportResult,
+  FileType,
+  ImportWidgetResult,
+  JSON_TYPE,
+  TEXT_TYPE,
+  WidgetsBundleItem,
+  ZIP_TYPE
+} from './import-export.models';
 import { EntityType } from '@shared/models/entity-type.models';
 import { UtilsService } from '@core/services/utils.service';
 import { WidgetService } from '@core/http/widget.service';
@@ -554,6 +563,14 @@ export class ImportExportService {
     );
   }
 
+  public exportText(data: string | Array<string>, filename: string) {
+    let content = data;
+    if (Array.isArray(data)) {
+      content = data.join('\n');
+    }
+    this.downloadFile(content, filename, TEXT_TYPE);
+  }
+
   public exportJSZip(data: object, filename: string) {
     import('jszip').then((JSZip) => {
       const jsZip = new JSZip.default();
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
index d50430cfe3..1efa83a2eb 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
@@ -41,7 +41,7 @@
                         (click)="toggleExtensionPanel($event, i, provider.get('enable').value)"
                         formControlName="enable">
                       </mat-slide-toggle>
-                      {{ provider.value.providerType }}
+                      {{ twoFactorAuthProvidersData.get(provider.value.providerType).name | translate }}
                     </mat-panel-title>
                   </mat-expansion-panel-header>
 
@@ -94,6 +94,19 @@
                           </mat-error>
                         </mat-form-field>
                       </div>
+                      <div *ngSwitchCase="twoFactorAuthProviderType.BACKUP_CODE">
+                        <mat-form-field fxFlex class="mat-block">
+                          <mat-label translate>admin.2fa.number-of-codes</mat-label>
+                          <input matInput formControlName="codesQuantity" type="number" step="1" min="1" required>
+                          <mat-error *ngIf="provider.get('codesQuantity').hasError('required')">
+                            {{ "admin.2fa.number-of-codes-required" | translate }}
+                          </mat-error>
+                          <mat-error *ngIf="provider.get('codesQuantity').hasError('min') ||
+                                            provider.get('codesQuantity').hasError('pattern')">
+                            {{ "admin.2fa.number-of-codes-pattern" | translate }}
+                          </mat-error>
+                        </mat-form-field>
+                      </div>
                     </ng-container>
                   </ng-template>
                 </mat-expansion-panel>
@@ -142,7 +155,7 @@
               <mat-expansion-panel class="provider">
                 <mat-expansion-panel-header>
                   <mat-panel-title fxLayoutAlign="start center">
-                    <mat-slide-toggle (click)="toggleExtensionPanel($event, 3, twoFaFormGroup.get('verificationCodeCheckRateLimitEnable').value)"
+                    <mat-slide-toggle (click)="toggleExtensionPanel($event, providersForm.length, twoFaFormGroup.get('verificationCodeCheckRateLimitEnable').value)"
                                       formControlName="verificationCodeCheckRateLimitEnable">
                     </mat-slide-toggle>
                     {{ 'admin.2fa.verification-code-check-rate-limit' | translate }}
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
index bc2d936aa6..c3f49a0c61 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
@@ -14,7 +14,7 @@
 /// limitations under the License.
 ///
 
-import { Component, OnDestroy, OnInit, QueryList, ViewChild, ViewChildren } from '@angular/core';
+import { Component, OnDestroy, OnInit, QueryList, ViewChildren } from '@angular/core';
 import { PageComponent } from '@shared/components/page.component';
 import { HasConfirmForm } from '@core/guards/confirm-on-exit.guard';
 import { Store } from '@ngrx/store';
@@ -22,6 +22,7 @@ import { AppState } from '@core/core.state';
 import { FormArray, FormBuilder, FormGroup, Validators } from '@angular/forms';
 import { TwoFactorAuthenticationService } from '@core/http/two-factor-authentication.service';
 import {
+  twoFactorAuthProvidersData,
   TwoFactorAuthProviderType,
   TwoFactorAuthSettings,
   TwoFactorAuthSettingsForm
@@ -29,7 +30,6 @@ import {
 import { deepClone, isNotEmptyStr } from '@core/utils';
 import { Subject } from 'rxjs';
 import { takeUntil } from 'rxjs/operators';
-import { MatStepper } from '@angular/material/stepper';
 import { MatExpansionPanel } from '@angular/material/expansion';
 
 @Component({
@@ -40,9 +40,11 @@ import { MatExpansionPanel } from '@angular/material/expansion';
 export class TwoFactorAuthSettingsComponent extends PageComponent implements OnInit, HasConfirmForm, OnDestroy {
 
   private readonly destroy$ = new Subject<void>();
+  private readonly posIntValidation = [Validators.required, Validators.min(1), Validators.pattern(/^\d*$/)];
 
   twoFaFormGroup: FormGroup;
   twoFactorAuthProviderType = TwoFactorAuthProviderType;
+  twoFactorAuthProvidersData = twoFactorAuthProvidersData;
 
   @ViewChildren(MatExpansionPanel) expansionPanel: QueryList<MatExpansionPanel>;
 
@@ -123,8 +125,8 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
         Validators.pattern(/^\d*$/)
       ]],
       verificationCodeCheckRateLimitEnable: [false],
-      verificationCodeCheckRateLimitNumber: ['3', [Validators.required, Validators.min(1), Validators.pattern(/^\d*$/)]],
-      verificationCodeCheckRateLimitTime: ['900', [Validators.required, Validators.min(1), Validators.pattern(/^\d*$/)]],
+      verificationCodeCheckRateLimitNumber: ['3', this.posIntValidation],
+      verificationCodeCheckRateLimitTime: ['900', this.posIntValidation],
       minVerificationCodeSendPeriod: ['30', [Validators.required, Validators.min(5), Validators.pattern(/^\d*$/)]],
       providers: this.fb.array([])
     });
@@ -154,7 +156,7 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
       providers: []
     });
     if (checkRateLimitNumber > 0) {
-      this.getByIndexPanel(3).open();
+      this.getByIndexPanel(this.providersForm.length).open();
     }
     Object.values(TwoFactorAuthProviderType).forEach((provider, index) => {
       const findIndex = allowProvidersConfig.indexOf(provider);
@@ -182,18 +184,13 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
           Validators.required,
           Validators.pattern(/\${code}/)
         ]];
-        formControlConfig.verificationCodeLifetime = [{value: 120, disabled: true}, [
-          Validators.required,
-          Validators.min(1),
-          Validators.pattern(/^\d*$/)
-        ]];
+        formControlConfig.verificationCodeLifetime = [{value: 120, disabled: true}, this.posIntValidation];
         break;
       case TwoFactorAuthProviderType.EMAIL:
-        formControlConfig.verificationCodeLifetime = [{value: 120, disabled: true}, [
-          Validators.required,
-          Validators.min(1),
-          Validators.pattern(/^\d*$/)
-        ]];
+        formControlConfig.verificationCodeLifetime = [{value: 120, disabled: true}, this.posIntValidation];
+        break;
+      case TwoFactorAuthProviderType.BACKUP_CODE:
+        formControlConfig.codesQuantity = [{value: 10, disabled: true}, this.posIntValidation];
         break;
     }
     const newProviders = this.fb.group(formControlConfig);
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/authentication-dialog.component.scss b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/authentication-dialog.component.scss
index 9b8b17b102..0b27d00983 100644
--- a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/authentication-dialog.component.scss
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/authentication-dialog.component.scss
@@ -30,6 +30,13 @@
     &:not(:first-of-type) {
       margin: 0 0 8px;
     }
+    &.description {
+      margin: 0;
+      color: rgba(0, 0, 0, 0.54);
+      &:last-of-type {
+        margin-bottom: 24px;
+      }
+    }
   }
 
   .input-container {
@@ -69,6 +76,23 @@
     margin-bottom: 0;
   }
 
+  .backup-code {
+    max-width: 500px;
+    .container {
+      max-width: 500px;
+      margin: 40px 0 24px;
+      .code {
+        letter-spacing: 0.25px;
+        padding: 0 30px;
+        margin-bottom: 16px;
+        font-family: Roboto Mono, "Helvetica Neue", monospace;
+        &.even {
+          text-align: right;
+        }
+      }
+    }
+  }
+
   & ::ng-deep {
     .mat-horizontal-stepper-header{
       pointer-events: none !important;
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/authentication-dialog.map.ts b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/authentication-dialog.map.ts
index 503fdd69a6..c5f319872e 100644
--- a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/authentication-dialog.map.ts
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/authentication-dialog.map.ts
@@ -19,11 +19,15 @@ import { TwoFactorAuthProviderType } from '@shared/models/two-factor-auth.models
 import { TotpAuthDialogComponent } from './totp-auth-dialog.component';
 import { SMSAuthDialogComponent } from './sms-auth-dialog.component';
 import { EmailAuthDialogComponent } from './email-auth-dialog.component';
+import {
+  BackupCodeAuthDialogComponent
+} from '@home/pages/security/authentication-dialog/backup-code-auth-dialog.component';
 
 export const authenticationDialogMap = new Map<TwoFactorAuthProviderType, Type<any>>(
   [
     [TwoFactorAuthProviderType.TOTP, TotpAuthDialogComponent],
     [TwoFactorAuthProviderType.SMS, SMSAuthDialogComponent],
-    [TwoFactorAuthProviderType.EMAIL, EmailAuthDialogComponent]
+    [TwoFactorAuthProviderType.EMAIL, EmailAuthDialogComponent],
+    [TwoFactorAuthProviderType.BACKUP_CODE, BackupCodeAuthDialogComponent]
   ]
 );
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/backup-code-auth-dialog.component.html b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/backup-code-auth-dialog.component.html
new file mode 100644
index 0000000000..61701c9358
--- /dev/null
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/backup-code-auth-dialog.component.html
@@ -0,0 +1,46 @@
+<!--
+
+    Copyright © 2016-2022 The Thingsboard Authors
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+-->
+<mat-toolbar fxLayout="row" color="primary">
+  <h2 translate>security.2fa.dialog.get-backup-code-title</h2>
+  <span fxFlex></span>
+  <button mat-icon-button
+          (click)="closeDialog()"
+          type="button">
+    <mat-icon class="material-icons">close</mat-icon>
+  </button>
+</mat-toolbar>
+<mat-progress-bar color="warn" mode="indeterminate" *ngIf="isLoading$ | async">
+</mat-progress-bar>
+<div style="height: 4px;" *ngIf="!(isLoading$ | async)"></div>
+<div mat-dialog-content tb-toast class="backup-code">
+  <p class="mat-body-1 description" translate>security.2fa.dialog.backup-code-description</p>
+  <div class="container" fxLayout="row wrap">
+    <div *ngFor="let code of backupCode?.codes; even as $even" fxFlex="50" class="code" [ngClass]="{'even': $even}">
+      {{ code }}
+    </div>
+  </div>
+  <p class="mat-body-1 description" translate>security.2fa.dialog.backup-code-warn</p>
+  <div fxLayout="row" fxLayoutAlign="center start"  fxLayoutGap="16px">
+    <button type="button" mat-stroked-button color="primary" (click)="downloadFile()">
+      {{ 'security.2fa.dialog.download-txt' | translate }}
+    </button>
+    <button type="button" mat-raised-button color="primary">
+      {{ 'action.print' | translate }}
+    </button>
+  </div>
+</div>
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/backup-code-auth-dialog.component.ts b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/backup-code-auth-dialog.component.ts
new file mode 100644
index 0000000000..70c2888ac5
--- /dev/null
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/backup-code-auth-dialog.component.ts
@@ -0,0 +1,65 @@
+///
+/// Copyright © 2016-2022 The Thingsboard Authors
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     http://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+///
+
+import { Component } from '@angular/core';
+import { DialogComponent } from '@shared/components/dialog.component';
+import { Store } from '@ngrx/store';
+import { AppState } from '@core/core.state';
+import { Router } from '@angular/router';
+import { TwoFactorAuthenticationService } from '@core/http/two-factor-authentication.service';
+import { MatDialogRef } from '@angular/material/dialog';
+import { FormBuilder } from '@angular/forms';
+import {
+  AccountTwoFaSettings,
+  BackupCodeTwoFactorAuthAccountConfig,
+  TwoFactorAuthProviderType
+} from '@shared/models/two-factor-auth.models';
+import { mergeMap, tap } from 'rxjs/operators';
+import { ImportExportService } from '@home/components/import-export/import-export.service';
+
+@Component({
+  selector: 'tb-backup-code-auth-dialog',
+  templateUrl: './backup-code-auth-dialog.component.html',
+  styleUrls: ['./authentication-dialog.component.scss']
+})
+export class BackupCodeAuthDialogComponent extends DialogComponent<BackupCodeAuthDialogComponent> {
+
+  private config: AccountTwoFaSettings;
+  backupCode: BackupCodeTwoFactorAuthAccountConfig;
+
+  constructor(protected store: Store<AppState>,
+              protected router: Router,
+              private twoFaService: TwoFactorAuthenticationService,
+              private importExportService: ImportExportService,
+              public dialogRef: MatDialogRef<BackupCodeAuthDialogComponent>,
+              public fb: FormBuilder) {
+    super(store, router, dialogRef);
+    this.twoFaService.generateTwoFaAccountConfig(TwoFactorAuthProviderType.BACKUP_CODE).pipe(
+      tap((data: BackupCodeTwoFactorAuthAccountConfig) => this.backupCode = data),
+      mergeMap(data => this.twoFaService.verifyAndSaveTwoFaAccountConfig(data, null, {ignoreLoading: true}))
+    ).subscribe((config) => {
+      this.config = config;
+    });
+  }
+
+  closeDialog() {
+    this.dialogRef.close(this.config);
+  }
+
+  downloadFile() {
+    this.importExportService.exportText(this.backupCode.codes, 'backup-codes');
+  }
+}
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.html b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.html
index 39a46340d9..963374f49d 100644
--- a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.html
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.html
@@ -80,7 +80,7 @@
                   type="submit"
                   color="primary"
                   [disabled]="(isLoading$ | async) || emailVerificationForm.invalid">
-            {{ 'security.2fa.dialog.activate' | translate }}
+            {{ 'action.activate' | translate }}
           </button>
         </div>
       </form>
@@ -94,8 +94,8 @@
           <button mat-raised-button
                   type="button"
                   color="primary"
-                  [mat-dialog-close]="true">
-            {{ 'import.stepper-text.done' | translate }}
+                  (click)="closeDialog()">
+            {{ 'action.done' | translate }}
           </button>
         </div>
       </div>
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.ts b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.ts
index 166ff799b7..385ea0e818 100644
--- a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.ts
@@ -22,7 +22,11 @@ import { Router } from '@angular/router';
 import { MAT_DIALOG_DATA, MatDialogRef } from '@angular/material/dialog';
 import { FormBuilder, FormGroup, Validators } from '@angular/forms';
 import { TwoFactorAuthenticationService } from '@core/http/two-factor-authentication.service';
-import { TwoFactorAuthAccountConfig, TwoFactorAuthProviderType } from '@shared/models/two-factor-auth.models';
+import {
+  AccountTwoFaSettings,
+  TwoFactorAuthAccountConfig,
+  TwoFactorAuthProviderType
+} from '@shared/models/two-factor-auth.models';
 import { MatStepper } from '@angular/material/stepper';
 
 export interface EmailAuthDialogData {
@@ -37,6 +41,7 @@ export interface EmailAuthDialogData {
 export class EmailAuthDialogComponent extends DialogComponent<EmailAuthDialogComponent> {
 
   private authAccountConfig: TwoFactorAuthAccountConfig;
+  private config: AccountTwoFaSettings;
 
   emailConfigForm: FormGroup;
   emailVerificationForm: FormGroup;
@@ -84,9 +89,10 @@ export class EmailAuthDialogComponent extends DialogComponent<EmailAuthDialogCom
       case 1:
         if (this.emailVerificationForm.valid) {
           this.twoFaService.verifyAndSaveTwoFaAccountConfig(this.authAccountConfig,
-            this.emailVerificationForm.get('verificationCode').value).subscribe(() => {
-            this.stepper.next();
-          });
+            this.emailVerificationForm.get('verificationCode').value).subscribe((config) => {
+              this.config = config;
+              this.stepper.next();
+            });
         } else {
           this.showFormErrors(this.emailVerificationForm);
         }
@@ -95,7 +101,7 @@ export class EmailAuthDialogComponent extends DialogComponent<EmailAuthDialogCom
   }
 
   closeDialog() {
-    return this.dialogRef.close(this.stepper.selectedIndex > 1);
+    return this.dialogRef.close(this.config);
   }
 
   private showFormErrors(form: FormGroup) {
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.html b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.html
index 49d8ee661f..50256ccc39 100644
--- a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.html
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.html
@@ -82,7 +82,7 @@
                   type="submit"
                   color="primary"
                   [disabled]="(isLoading$ | async) || smsVerificationForm.invalid">
-            {{ 'security.2fa.dialog.activate' | translate }}
+            {{ 'action.activate' | translate }}
           </button>
         </div>
       </form>
@@ -96,8 +96,8 @@
           <button mat-raised-button
                   type="button"
                   color="primary"
-                  [mat-dialog-close]="true">
-            {{ 'import.stepper-text.done' | translate }}
+                  (click)="closeDialog()">
+            {{ 'action.done' | translate }}
           </button>
         </div>
       </div>
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.ts b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.ts
index 030b67fd7a..7ab946b86f 100644
--- a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.ts
@@ -22,7 +22,11 @@ import { Router } from '@angular/router';
 import { MatDialogRef } from '@angular/material/dialog';
 import { FormBuilder, FormGroup, Validators } from '@angular/forms';
 import { TwoFactorAuthenticationService } from '@core/http/two-factor-authentication.service';
-import { TwoFactorAuthAccountConfig, TwoFactorAuthProviderType } from '@shared/models/two-factor-auth.models';
+import {
+  AccountTwoFaSettings,
+  TwoFactorAuthAccountConfig,
+  TwoFactorAuthProviderType
+} from '@shared/models/two-factor-auth.models';
 import { phoneNumberPattern } from '@shared/models/settings.models';
 import { MatStepper } from '@angular/material/stepper';
 
@@ -34,6 +38,7 @@ import { MatStepper } from '@angular/material/stepper';
 export class SMSAuthDialogComponent extends DialogComponent<SMSAuthDialogComponent> {
 
   private authAccountConfig: TwoFactorAuthAccountConfig;
+  private config: AccountTwoFaSettings;
 
   phoneNumberPattern = phoneNumberPattern;
 
@@ -82,9 +87,10 @@ export class SMSAuthDialogComponent extends DialogComponent<SMSAuthDialogCompone
       case 1:
         if (this.smsVerificationForm.valid) {
           this.twoFaService.verifyAndSaveTwoFaAccountConfig(this.authAccountConfig,
-            this.smsVerificationForm.get('verificationCode').value).subscribe(() => {
-            this.stepper.next();
-          });
+            this.smsVerificationForm.get('verificationCode').value).subscribe((config) => {
+              this.config = config;
+              this.stepper.next();
+            });
         } else {
           this.showFormErrors(this.smsVerificationForm);
         }
@@ -93,7 +99,7 @@ export class SMSAuthDialogComponent extends DialogComponent<SMSAuthDialogCompone
   }
 
   closeDialog() {
-    return this.dialogRef.close(this.stepper.selectedIndex > 1);
+    return this.dialogRef.close(this.config);
   }
 
   private showFormErrors(form: FormGroup) {
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.html b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.html
index 1a788c8ba5..695d39860f 100644
--- a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.html
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.html
@@ -84,8 +84,8 @@
           <button mat-raised-button
                   type="button"
                   color="primary"
-                  [mat-dialog-close]="true">
-            {{ 'import.stepper-text.done' | translate }}
+                  (click)="closeDialog()">
+            {{ 'action.done' | translate }}
           </button>
         </div>
       </div>
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.ts b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.ts
index 52aab77b57..8bda837df3 100644
--- a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/totp-auth-dialog.component.ts
@@ -22,7 +22,11 @@ import { Router } from '@angular/router';
 import { MatDialogRef } from '@angular/material/dialog';
 import { FormBuilder, FormGroup, Validators } from '@angular/forms';
 import { TwoFactorAuthenticationService } from '@core/http/two-factor-authentication.service';
-import { TotpTwoFactorAuthAccountConfig, TwoFactorAuthProviderType } from '@shared/models/two-factor-auth.models';
+import {
+  AccountTwoFaSettings,
+  TotpTwoFactorAuthAccountConfig,
+  TwoFactorAuthProviderType
+} from '@shared/models/two-factor-auth.models';
 import { MatStepper } from '@angular/material/stepper';
 
 @Component({
@@ -33,6 +37,7 @@ import { MatStepper } from '@angular/material/stepper';
 export class TotpAuthDialogComponent extends DialogComponent<TotpAuthDialogComponent> {
 
   private authAccountConfig: TotpTwoFactorAuthAccountConfig;
+  private config: AccountTwoFaSettings;
 
   totpConfigForm: FormGroup;
   totpAuthURL: string;
@@ -69,7 +74,8 @@ export class TotpAuthDialogComponent extends DialogComponent<TotpAuthDialogCompo
   onSaveConfig() {
     if (this.totpConfigForm.valid) {
       this.twoFaService.verifyAndSaveTwoFaAccountConfig(this.authAccountConfig,
-        this.totpConfigForm.get('verificationCode').value).subscribe(() => {
+        this.totpConfigForm.get('verificationCode').value).subscribe((config) => {
+          this.config = config;
           this.stepper.next();
         });
     } else {
@@ -81,7 +87,7 @@ export class TotpAuthDialogComponent extends DialogComponent<TotpAuthDialogCompo
   }
 
   closeDialog() {
-    return this.dialogRef.close(this.stepper.selectedIndex > 1);
+    return this.dialogRef.close(this.config);
   }
 
 }
diff --git a/ui-ngx/src/app/modules/home/pages/security/security.component.html b/ui-ngx/src/app/modules/home/pages/security/security.component.html
index 6d5f57213f..8daa2f63ae 100644
--- a/ui-ngx/src/app/modules/home/pages/security/security.component.html
+++ b/ui-ngx/src/app/modules/home/pages/security/security.component.html
@@ -67,9 +67,15 @@
                           [checked]="useByDefault === provider"
                           (click)="changeDefaultProvider($event, provider)"
                           [disabled]="(isLoading$ | async) || activeSingleProvider"
-                           *ngIf="twoFactorAuth.get(provider).value">
+                           *ngIf="twoFactorAuth.get(provider).value && provider !== twoFactorAuthProviderType.BACKUP_CODE">
               <span class="checkbox-label" translate>security.2fa.main-2fa-method</span>
             </mat-checkbox>
+            <button type="button"
+             mat-stroked-button color="primary"
+             (click)="generateNewBackupCode()"
+             *ngIf="twoFactorAuth.get(provider).value && provider === twoFactorAuthProviderType.BACKUP_CODE">
+              Get new code
+            </button>
           </div>
           <mat-divider *ngIf="!$last"></mat-divider>
         </ng-container>
diff --git a/ui-ngx/src/app/modules/home/pages/security/security.component.scss b/ui-ngx/src/app/modules/home/pages/security/security.component.scss
index b95909c356..4688e46fae 100644
--- a/ui-ngx/src/app/modules/home/pages/security/security.component.scss
+++ b/ui-ngx/src/app/modules/home/pages/security/security.component.scss
@@ -29,13 +29,6 @@
     @media #{$mat-gt-xl} {
       width: 45%;
     }
-    .title-container {
-      margin: 0;
-    }
-    .profile-email {
-      font-size: 16px;
-      font-weight: 400;
-    }
     .mat-subheader {
       line-height: 24px;
       color: rgba(0,0,0,0.54);
@@ -52,22 +45,6 @@
       opacity: 0.6;
       padding: 8px 0;
     }
-    .tb-home-dashboard {
-      tb-dashboard-autocomplete {
-        @media #{$mat-gt-sm} {
-          padding-right: 12px;
-        }
-
-        @media #{$mat-lt-md} {
-          padding-bottom: 12px;
-        }
-      }
-      mat-checkbox {
-        @media #{$mat-gt-sm} {
-          margin-top: 16px;
-        }
-      }
-    }
   }
 
   .description {
@@ -76,13 +53,6 @@
     margin-right: 8px;
   }
 
-  .auth-title {
-    font-weight: 500;
-    line-height: 20px;
-    letter-spacing: 0.25px;
-    margin: 0;
-  }
-
   .mat-divider-horizontal {
     left: 16px;
     right: 16px;
@@ -111,5 +81,9 @@
     .mat-checkbox {
       margin-top: 8px;
     }
+
+    .mat-stroked-button {
+      margin-top: 8px;
+    }
   }
 }
diff --git a/ui-ngx/src/app/modules/home/pages/security/security.component.ts b/ui-ngx/src/app/modules/home/pages/security/security.component.ts
index 412bc305a3..e142dcbb1c 100644
--- a/ui-ngx/src/app/modules/home/pages/security/security.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/security/security.component.ts
@@ -35,7 +35,8 @@ import {
 } from '@shared/models/two-factor-auth.models';
 import { authenticationDialogMap } from '@home/pages/security/authentication-dialog/authentication-dialog.map';
 import { takeUntil, tap } from 'rxjs/operators';
-import { Subject } from 'rxjs';
+import { Observable, of, Subject } from 'rxjs';
+import { isDefinedAndNotNull } from '@core/utils';
 
 @Component({
   selector: 'tb-security',
@@ -45,11 +46,13 @@ import { Subject } from 'rxjs';
 export class SecurityComponent extends PageComponent implements OnInit, OnDestroy {
 
   private readonly destroy$ = new Subject<void>();
+  private accountConfig: AccountTwoFaSettings;
 
   twoFactorAuth: FormGroup;
   user: User;
   allowTwoFactorProviders: TwoFactorAuthProviderType[] = [];
   providersData = twoFactorAuthProvidersData;
+  twoFactorAuthProviderType = TwoFactorAuthProviderType;
   useByDefault: TwoFactorAuthProviderType = null;
   activeSingleProvider = true;
 
@@ -94,13 +97,19 @@ export class SecurityComponent extends PageComponent implements OnInit, OnDestro
     this.twoFactorAuth = this.fb.group({
       TOTP: [false],
       SMS: [false],
-      EMAIL: [false]
+      EMAIL: [false],
+      BACKUP_CODE: [{value: false, disabled: true}]
     });
     this.twoFactorAuth.valueChanges.pipe(
       takeUntil(this.destroy$)
     ).subscribe((value: {TwoFactorAuthProviderType: boolean}) => {
-      const formActiveValue = Object.values(value).filter(item => item);
+      const formActiveValue = Object.keys(value).filter(item => value[item] && item !== TwoFactorAuthProviderType.BACKUP_CODE);
       this.activeSingleProvider = formActiveValue.length < 2;
+      if (formActiveValue.length) {
+        this.twoFactorAuth.get('BACKUP_CODE').enable({emitEvent: false});
+      } else {
+        this.twoFactorAuth.get('BACKUP_CODE').disable({emitEvent: false});
+      }
     });
   }
 
@@ -116,7 +125,8 @@ export class SecurityComponent extends PageComponent implements OnInit, OnDestro
   }
 
   private processTwoFactorAuthConfig(setting: AccountTwoFaSettings) {
-    const configs = setting.configs;
+    this.accountConfig = setting;
+    const configs = this.accountConfig.configs;
     Object.values(TwoFactorAuthProviderType).forEach(provider => {
       if (configs[provider]) {
         this.twoFactorAuth.get(provider).setValue(true);
@@ -171,20 +181,23 @@ export class SecurityComponent extends PageComponent implements OnInit, OnDestro
         }
       });
     } else {
-      const dialogData = provider === TwoFactorAuthProviderType.EMAIL ? {email: this.user.email} : {};
-      this.dialog.open(authenticationDialogMap.get(provider), {
-        disableClose: true,
-        panelClass: ['tb-dialog', 'tb-fullscreen-dialog'],
-        data: dialogData
-      }).afterClosed().subscribe(res => {
-        if (res) {
-          this.twoFactorAuth.get(provider).setValue(res);
-          this.useByDefault = provider;
-        }
-      });
+      this.createdNewAuthConfig(provider);
     }
   }
 
+  private createdNewAuthConfig(provider: TwoFactorAuthProviderType) {
+    const dialogData = provider === TwoFactorAuthProviderType.EMAIL ? {email: this.user.email} : {};
+    this.dialog.open(authenticationDialogMap.get(provider), {
+      disableClose: true,
+      panelClass: ['tb-dialog', 'tb-fullscreen-dialog'],
+      data: dialogData
+    }).afterClosed().subscribe(res => {
+      if (isDefinedAndNotNull(res)) {
+        this.processTwoFactorAuthConfig(res);
+      }
+    });
+  }
+
   changeDefaultProvider(event: MouseEvent, provider: TwoFactorAuthProviderType) {
     event.stopPropagation();
     event.preventDefault();
@@ -195,4 +208,27 @@ export class SecurityComponent extends PageComponent implements OnInit, OnDestro
         .subscribe(data => this.processTwoFactorAuthConfig(data));
     }
   }
+
+  generateNewBackupCode() {
+    const codeLeft = this.accountConfig.configs[TwoFactorAuthProviderType.BACKUP_CODE].codesLeft;
+    let subscription: Observable<boolean>;
+    if (codeLeft) {
+      subscription = this.dialogService.confirm(
+        'Get new set of backup codes?',
+        `If you get new backup codes, ${codeLeft} remaining codes you have left will be unusable.`,
+        '',
+        'Get new codes'
+      );
+    } else {
+      subscription = of(true);
+    }
+    subscription.subscribe(res => {
+      if (res) {
+        this.twoFactorAuth.disable({emitEvent: false});
+        this.twoFaService.deleteTwoFaAccountConfig(TwoFactorAuthProviderType.BACKUP_CODE)
+          .pipe(tap(() => this.twoFactorAuth.enable({emitEvent: false})))
+          .subscribe(() => this.createdNewAuthConfig(TwoFactorAuthProviderType.BACKUP_CODE));
+      }
+    });
+  }
 }
diff --git a/ui-ngx/src/app/modules/home/pages/security/security.module.ts b/ui-ngx/src/app/modules/home/pages/security/security.module.ts
index 2df54747a7..5db12c2a68 100644
--- a/ui-ngx/src/app/modules/home/pages/security/security.module.ts
+++ b/ui-ngx/src/app/modules/home/pages/security/security.module.ts
@@ -22,13 +22,17 @@ import { SecurityRoutingModule } from './security-routing.module';
 import { TotpAuthDialogComponent } from './authentication-dialog/totp-auth-dialog.component';
 import { SMSAuthDialogComponent } from '@home/pages/security/authentication-dialog/sms-auth-dialog.component';
 import { EmailAuthDialogComponent } from '@home/pages/security/authentication-dialog/email-auth-dialog.component';
+import {
+  BackupCodeAuthDialogComponent
+} from '@home/pages/security/authentication-dialog/backup-code-auth-dialog.component';
 
 @NgModule({
   declarations: [
     SecurityComponent,
     TotpAuthDialogComponent,
     SMSAuthDialogComponent,
-    EmailAuthDialogComponent
+    EmailAuthDialogComponent,
+    BackupCodeAuthDialogComponent
   ],
   imports: [
     CommonModule,
diff --git a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.html b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.html
index 78417564b3..cf9e3186ba 100644
--- a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.html
+++ b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.html
@@ -42,11 +42,11 @@
               <mat-form-field class="mat-block" fxFlex floatLabel="always" hideRequiredMarker>
                 <mat-label></mat-label>
                 <input matInput formControlName="verificationCode"
-                       required maxlength="6" type="text"
-                       inputmode="numeric" pattern="[0-9]*"
+                       required [maxlength]="maxLengthInput" type="text"
+                       [attr.inputmode]="inputMode" [pattern]="pattern"
                        autocomplete="off"
-                       placeholder="{{ 'security.2fa.dialog.verification-code' | translate }}"/>
-                <button *ngIf="selectedProvider !== twoFactorAuthProvider.TOTP"
+                       placeholder="{{ providersData.get(selectedProvider).placeholder | translate }}"/>
+                <button *ngIf="showResendButton"
                         mat-button matSuffix
                         (click)="sendCode($event)"
                         [disabled]="disabledResendButton"
@@ -56,10 +56,10 @@
                 <mat-error *ngIf="verificationForm.get('verificationCode').invalid" style="margin-bottom: 8px">
                   {{ 'security.2fa.dialog.verification-code-invalid' | translate }}
                 </mat-error>
-                <mat-error *ngIf="verificationForm.get('verificationCode').invalid && selectedProvider !== twoFactorAuthProvider.TOTP && countDownTime" class="timer">
+                <mat-error *ngIf="verificationForm.get('verificationCode').invalid && showResendButton && countDownTime" class="timer">
                   {{ 'login.resend-code-wait' | translate : {time: countDownTime} }}
                 </mat-error>
-                <mat-hint *ngIf="selectedProvider !== twoFactorAuthProvider.TOTP && countDownTime" class="timer">
+                <mat-hint *ngIf="showResendButton && countDownTime" class="timer">
                   {{ 'login.resend-code-wait' | translate : {time: countDownTime} }}
                 </mat-hint>
               </mat-form-field>
diff --git a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.ts b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.ts
index 68a1f245e2..33ebd4d979 100644
--- a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.ts
+++ b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.ts
@@ -41,8 +41,8 @@ export class TwoFactorAuthLoginComponent extends PageComponent implements OnInit
   private timer: Subscription;
   private minVerificationPeriod = 0;
 
+  showResendButton = false;
   selectedProvider: TwoFactorAuthProviderType;
-  twoFactorAuthProvider = TwoFactorAuthProviderType;
   allowProviders: TwoFactorAuthProviderType[] = [];
 
   providersData = twoFactorAuthProvidersLoginData;
@@ -50,6 +50,10 @@ export class TwoFactorAuthLoginComponent extends PageComponent implements OnInit
   disabledResendButton = true;
   countDownTime = 0;
 
+  maxLengthInput = 6;
+  inputMode = 'numeric';
+  pattern = '[0-9]*';
+
   verificationForm = this.fb.group({
     verificationCode: ['', [
       Validators.required,
@@ -84,6 +88,7 @@ export class TwoFactorAuthLoginComponent extends PageComponent implements OnInit
     });
     if (this.selectedProvider !== TwoFactorAuthProviderType.TOTP) {
       this.sendCode();
+      this.showResendButton = true;
     }
     this.timer = interval(1000).subscribe(() => this.updatedTime());
   }
@@ -104,16 +109,40 @@ export class TwoFactorAuthLoginComponent extends PageComponent implements OnInit
   selectProvider(type: TwoFactorAuthProviderType) {
     this.prevProvider = type === null ? this.selectedProvider : null;
     this.selectedProvider = type;
+    this.showResendButton = false;
     if (type !== null) {
       this.verificationForm.get('verificationCode').reset();
       const providerConfig = this.providersInfo.find(config => config.type === type);
       this.providerDescription = this.translate.instant(this.providersData.get(providerConfig.type).description, {
         contact: providerConfig.contact
       });
-      this.minVerificationPeriod = providerConfig?.minVerificationCodeSendPeriod || 30;
-      if (type !== TwoFactorAuthProviderType.TOTP) {
+      if (type !== TwoFactorAuthProviderType.TOTP && type !== TwoFactorAuthProviderType.BACKUP_CODE) {
         this.sendCode();
+        this.showResendButton = true;
+        this.minVerificationPeriod = providerConfig?.minVerificationCodeSendPeriod || 30;
+      }
+      if (type === TwoFactorAuthProviderType.BACKUP_CODE) {
+        this.verificationForm.get('verificationCode').setValidators([
+          Validators.required,
+          Validators.minLength(8),
+          Validators.maxLength(8),
+          Validators.pattern(/^[\dabcdef]*$/)
+        ]);
+        this.maxLengthInput = 8;
+        this.inputMode = 'text';
+        this.pattern = '[0-9abcdef]*';
+      } else {
+        this.verificationForm.get('verificationCode').setValidators([
+          Validators.required,
+          Validators.minLength(6),
+          Validators.maxLength(6),
+          Validators.pattern(/^\d*$/)
+        ]);
+        this.maxLengthInput = 6;
+        this.inputMode = 'numeric';
+        this.pattern = '[0-9]*';
       }
+      this.verificationForm.get('verificationCode').updateValueAndValidity({emitEvent: false});
     }
   }
 
diff --git a/ui-ngx/src/app/shared/models/two-factor-auth.models.ts b/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
index 7e3676d6fe..fc56838899 100644
--- a/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
+++ b/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
@@ -59,7 +59,8 @@ export interface TwoFactorAuthProviderFormConfig {
 export enum TwoFactorAuthProviderType{
   TOTP = 'TOTP',
   SMS = 'SMS',
-  EMAIL = 'EMAIL'
+  EMAIL = 'EMAIL',
+  BACKUP_CODE = 'BACKUP_CODE'
 }
 
 interface GeneralTwoFactorAuthAccountConfig {
@@ -79,7 +80,13 @@ export interface EmailTwoFactorAuthAccountConfig extends GeneralTwoFactorAuthAcc
   email: string;
 }
 
-export type TwoFactorAuthAccountConfig = TotpTwoFactorAuthAccountConfig | SmsTwoFactorAuthAccountConfig | EmailTwoFactorAuthAccountConfig;
+export interface BackupCodeTwoFactorAuthAccountConfig extends GeneralTwoFactorAuthAccountConfig {
+  codesLeft: number;
+  codes?: Array<string>;
+}
+
+export type TwoFactorAuthAccountConfig = TotpTwoFactorAuthAccountConfig | SmsTwoFactorAuthAccountConfig |
+  EmailTwoFactorAuthAccountConfig | BackupCodeTwoFactorAuthAccountConfig;
 
 
 export interface AccountTwoFaSettings {
@@ -100,6 +107,7 @@ export interface TwoFactorAuthProviderData {
 
 export interface TwoFactorAuthProviderLoginData extends TwoFactorAuthProviderData {
   icon: string;
+  placeholder: string;
 }
 
 export const twoFactorAuthProvidersData = new Map<TwoFactorAuthProviderType, TwoFactorAuthProviderData>(
@@ -122,6 +130,12 @@ export const twoFactorAuthProvidersData = new Map<TwoFactorAuthProviderType, Two
         description: 'security.2fa.provider.email-description'
       }
     ],
+    [
+      TwoFactorAuthProviderType.BACKUP_CODE, {
+        name: 'security.2fa.provider.backup_code',
+        description: 'security.2fa.provider.backup-code-description'
+      }
+    ]
   ]
 );
 
@@ -129,24 +143,35 @@ export const twoFactorAuthProvidersLoginData = new Map<TwoFactorAuthProviderType
   [
     [
       TwoFactorAuthProviderType.TOTP, {
-      name: 'security.2fa.provider.totp',
-      description: 'login.totp-auth-description',
-      icon: 'mdi:cellphone-key'
-    }
+        name: 'security.2fa.provider.totp',
+        description: 'login.totp-auth-description',
+        placeholder: 'login.totp-auth-placeholder',
+        icon: 'mdi:cellphone-key'
+      }
     ],
     [
       TwoFactorAuthProviderType.SMS, {
-      name: 'security.2fa.provider.sms',
-      description: 'login.sms-auth-description',
-      icon: 'mdi:message-reply-text-outline'
-    }
+        name: 'security.2fa.provider.sms',
+        description: 'login.sms-auth-description',
+        placeholder: 'login.sms-auth-placeholder',
+        icon: 'mdi:message-reply-text-outline'
+      }
     ],
     [
       TwoFactorAuthProviderType.EMAIL, {
-      name: 'security.2fa.provider.email',
-      description: 'login.email-auth-description',
-      icon: 'mdi:email-outline'
-    }
+        name: 'security.2fa.provider.email',
+        description: 'login.email-auth-description',
+        placeholder: 'login.email-auth-placeholder',
+        icon: 'mdi:email-outline'
+      }
     ],
+    [
+      TwoFactorAuthProviderType.BACKUP_CODE, {
+        name: 'security.2fa.provider.backup_code',
+        description: 'login.backup-code-auth-description',
+        placeholder: 'login.backup-code-auth-placeholder',
+        icon: 'mdi:lock-outline'
+      }
+    ]
   ]
 );
diff --git a/ui-ngx/src/assets/locale/locale.constant-cs_CZ.json b/ui-ngx/src/assets/locale/locale.constant-cs_CZ.json
index dd4b9cc0b0..a16b28d561 100644
--- a/ui-ngx/src/assets/locale/locale.constant-cs_CZ.json
+++ b/ui-ngx/src/assets/locale/locale.constant-cs_CZ.json
@@ -57,7 +57,8 @@
         "download": "Stáhnout",
         "next-with-label": "Další: {{label}}",
         "read-more": "Zobrazit více",
-        "hide": "Skrýt"
+        "hide": "Skrýt",
+        "done": "Hotovo"
     },
     "aggregation": {
         "aggregation": "Agregace",
@@ -2169,8 +2170,7 @@
             "select-file": "Vybrat soubor",
             "configuration": "Importovat konfiguraci",
             "column-type": "Vybrat typ sloupců",
-            "creat-entities": "Vytvořím nové entity",
-            "done": "Hotovo"
+            "creat-entities": "Vytvořím nové entity"
         },
         "message": {
             "create-entities": "{{count}} nových entit bylo úspěšně vytvořeno.",
diff --git a/ui-ngx/src/assets/locale/locale.constant-el_GR.json b/ui-ngx/src/assets/locale/locale.constant-el_GR.json
index 6bd8168418..b66e02ba26 100644
--- a/ui-ngx/src/assets/locale/locale.constant-el_GR.json
+++ b/ui-ngx/src/assets/locale/locale.constant-el_GR.json
@@ -53,7 +53,8 @@
     "share-via": "Διαμοίραση μέσω {{provider}}",
     "move": "Μετακίνηση",
     "select": "Επιλογή",
-    "continue": "Συνέχεια"
+    "continue": "Συνέχεια",
+    "done": "Ολοκληρώθηκε"
   },
   "aggregation": {
     "aggregation": "Συνάθροιση",
@@ -1479,8 +1480,7 @@
       "select-file": "Επιλογή αρχείου",
       "configuration": "Εισαγωγή ρύθμισης",
       "column-type": "Επιλογή τύπου στήλης",
-      "creat-entities": "Δημιουργία νέων οντοτήτων",
-      "done": "Ολοκληρώθηκε"
+      "creat-entities": "Δημιουργία νέων οντοτήτων"
     },
     "message": {
       "create-entities": "{{count}} νέες οντότητες δημιουργήθηκαν με επιτυχία.",
diff --git a/ui-ngx/src/assets/locale/locale.constant-en_US.json b/ui-ngx/src/assets/locale/locale.constant-en_US.json
index e6b1b3682d..485960c2e2 100644
--- a/ui-ngx/src/assets/locale/locale.constant-en_US.json
+++ b/ui-ngx/src/assets/locale/locale.constant-en_US.json
@@ -57,7 +57,9 @@
         "download": "Download",
         "next-with-label": "Next: {{label}}",
         "read-more": "Read more",
-        "hide": "Hide"
+        "hide": "Hide",
+        "done": "Done",
+        "print": "Print"
     },
     "aggregation": {
         "aggregation": "Aggregation",
@@ -323,6 +325,9 @@
             "number-of-checking-attempts": "Number of checking attempts",
             "number-of-checking-attempts-pattern": "Number of checking attempts must be a positive integer.",
             "number-of-checking-attempts-required": "Number of checking attempts is required.",
+            "number-of-codes": "Number of codes",
+            "number-of-codes-pattern": "Number of codes must be a positive integer.",
+            "number-of-codes-required": "Number of codes is required.",
             "provider": "Provider",
             "retry-verification-code-period": "Retry verification code period (sec)",
             "retry-verification-code-period-pattern": "Minimal period time is 5 sec",
@@ -2404,8 +2409,7 @@
             "select-file": "Select a file",
             "configuration": "Import configuration",
             "column-type": "Select columns type",
-            "creat-entities": "Creating new entities",
-            "done": "Done"
+            "creat-entities": "Creating new entities"
         },
         "message": {
             "create-entities": "{{count}} new entities were successfully created.",
@@ -2486,8 +2490,13 @@
         "resend-code-wait": "Resend code wait { time, plural, 1 {1 second} other {# seconds} }",
         "try-another-way": "Try another way",
         "totp-auth-description": "Please enter the security code from your authenticator app.",
+        "totp-auth-placeholder": "Code",
         "sms-auth-description": "A security code has been sent to your phone at {{contact}}.",
-        "email-auth-description": "A security code has been sent to your email address at {{contact}}."
+        "sms-auth-placeholder": "SMS code",
+        "email-auth-description": "A security code has been sent to your email address at {{contact}}.",
+        "email-auth-placeholder": "Email code",
+        "backup-code-auth-description": "Please enter one of your backup codes.",
+        "backup-code-auth-placeholder": "Backup code"
     },
     "markdown": {
         "copy-code": "Click to copy",
@@ -2583,17 +2592,20 @@
             "disable-2fa-provider-title": "Are you sure you want to disable {{name}}?",
             "main-2fa-method": "Use as main two-factor authentication method",
             "dialog": {
-                "activate": "Activate",
                 "activation-step-description-email": "The next time you login in, you will be prompted to enter the security code that will be sent to your email address.",
                 "activation-step-description-sms": "The next time you login in, you will be prompted to enter the security code that will be sent to the phone number.",
                 "activation-step-description-totp": "The next time you login in, you will need to provide a two-factor authentication code.",
                 "activation-step-label": "Activation",
+                "backup-code-description": "Print out the codes so you have them handy when you need to use them to log in to your account. You can use each backup code once.",
+                "backup-code-warn": "Once you leave this page, these codes cannot be shown again. Store them safely using the options below.",
+                "download-txt": "Download (txt)",
                 "email-step-description": "Enter an email to use as your authenticator.",
                 "email-step-label": "Email",
                 "enable-email-title": "Enable email authenticator",
                 "enable-sms-title": "Enable SMS authenticator",
                 "enable-totp-title": "Enable authenticator app",
                 "enter-verification-code": "Enter the 6-digit code here",
+                "get-backup-code-title": "Get backup code",
                 "next": "Next",
                 "scan-qr-code": "Scan this QR code with your verification app",
                 "send-code": "Send code",
@@ -2614,7 +2626,9 @@
                 "sms": "SMS",
                 "sms-description": "Use your phone to authenticate. We'll send you a security code via SMS message when you log in.",
                 "totp": "Authenticator app",
-                "totp-description": "Use apps like Google Authenticator, Authy, or Duo on your phone to authenticate. It will generate a security code for logging in."
+                "totp-description": "Use apps like Google Authenticator, Authy, or Duo on your phone to authenticate. It will generate a security code for logging in.",
+                "backup_code": "Backup code",
+                "backup-code-description": "These printable one-time passcodes allow you to sign in when away from your phone, like when you’re traveling."
             }
         }
     },
diff --git a/ui-ngx/src/assets/locale/locale.constant-es_ES.json b/ui-ngx/src/assets/locale/locale.constant-es_ES.json
index caadecc9ae..f8e16aca0e 100644
--- a/ui-ngx/src/assets/locale/locale.constant-es_ES.json
+++ b/ui-ngx/src/assets/locale/locale.constant-es_ES.json
@@ -57,7 +57,8 @@
         "download": "Descargar",
         "next-with-label": "Siguiente: {{label}}",
         "read-more": "Leer más",
-        "hide": "Ocultar"
+        "hide": "Ocultar",
+        "done": "Hecho"
     },
     "aggregation": {
         "aggregation": "Agrupación",
@@ -1892,8 +1893,7 @@
             "select-file": "Seleccione un archivo",
             "configuration": "Importar configuración",
             "column-type": "Seleccionar tipo de columnas",
-            "creat-entities": "Creando nuevas entidades",
-            "done": "Hecho"
+            "creat-entities": "Creando nuevas entidades"
         },
         "message": {
             "create-entities": "Se crearon{{count}} nuevas entidades correctamente.",
diff --git a/ui-ngx/src/assets/locale/locale.constant-ka_GE.json b/ui-ngx/src/assets/locale/locale.constant-ka_GE.json
index fe1d1ff793..c33964e3b9 100644
--- a/ui-ngx/src/assets/locale/locale.constant-ka_GE.json
+++ b/ui-ngx/src/assets/locale/locale.constant-ka_GE.json
@@ -53,7 +53,8 @@
     "export": "ექსპორტი",
     "share-via": "გაზიარება როგორც {{provider}}",
     "continue": "გაგრძელება",
-    "discard-changes": "ცვლილებების გაუქმება"
+    "discard-changes": "ცვლილებების გაუქმება",
+    "done": "შესრულებულია"
   },
   "aggregation": {
     "aggregation": "აგრეგაცია",
@@ -1191,8 +1192,7 @@
       "select-file": "აირჩიე ფაილი",
       "configuration": "დააიმპორტე კონფიგურაცია",
       "column-type": "აირჩიე სვეტის ტიპი",
-      "creat-entities": "იქმნება ახალი ობიექტები",
-      "done": "შესრულებულია"
+      "creat-entities": "იქმნება ახალი ობიექტები"
     },
     "message": {
       "create-entities": "{{count}} ახალი ობიექტები წარმატებით შეიქმნა.",
diff --git a/ui-ngx/src/assets/locale/locale.constant-ko_KR.json b/ui-ngx/src/assets/locale/locale.constant-ko_KR.json
index de3ade448a..e56925bbed 100644
--- a/ui-ngx/src/assets/locale/locale.constant-ko_KR.json
+++ b/ui-ngx/src/assets/locale/locale.constant-ko_KR.json
@@ -57,7 +57,8 @@
         "download": "다운로드",
         "next-with-label": "다음: {{label}}",
         "read-more": "더보기",
-        "hide": "숨기기"
+        "hide": "숨기기",
+        "done": "완료"
     },
     "aggregation": {
         "aggregation": "집합",
@@ -1724,8 +1725,7 @@
             "select-file": "파일 선택",
             "configuration": "설정 불러오기",
             "column-type": "컬럼 유형 선택",
-            "creat-entities": "새로운 개체 생성",
-            "done": "완료"
+            "creat-entities": "새로운 개체 생성"
         },
         "message": {
             "create-entities": "{{count}}개의 새로운 개체사 성공적으로 생성되었습니다.",
diff --git a/ui-ngx/src/assets/locale/locale.constant-lv_LV.json b/ui-ngx/src/assets/locale/locale.constant-lv_LV.json
index d963a04243..77ca2300b5 100644
--- a/ui-ngx/src/assets/locale/locale.constant-lv_LV.json
+++ b/ui-ngx/src/assets/locale/locale.constant-lv_LV.json
@@ -49,7 +49,8 @@
         "import": "Importēt",
         "export": "Eksportēt",
         "share-via": "Dalīties caur {{provider}}",
-        "continue": "Turpināt"
+        "continue": "Turpināt",
+        "done": "Darīts"
     },
     "aggregation": {
         "aggregation": "Sakopojums",
@@ -1125,8 +1126,7 @@
             "select-file": "Atlasīt failu",
             "configuration": "Importēt konfigurāciju",
             "column-type": "Atlasīt kolonas tipu",
-            "creat-entities": "Radīt jaunas vienības",
-            "done": "Darīts"
+            "creat-entities": "Radīt jaunas vienības"
         },
         "message": {
             "create-entities": "{{count}} jaunas vienības sekmīgi radītas.",
diff --git a/ui-ngx/src/assets/locale/locale.constant-pt_BR.json b/ui-ngx/src/assets/locale/locale.constant-pt_BR.json
index 1c84ed3c16..a71cca0e39 100644
--- a/ui-ngx/src/assets/locale/locale.constant-pt_BR.json
+++ b/ui-ngx/src/assets/locale/locale.constant-pt_BR.json
@@ -54,7 +54,8 @@
     "share-via": "Compartilhar via {{provider}}",
     "continue": "Continuar",
     "discard-changes": "Descartar alterações",
-    "download": "Download"
+    "download": "Download",
+    "done": "Concluído"
   },
   "aggregation": {
     "aggregation": "Agregação",
@@ -1387,8 +1388,7 @@
       "select-file": "Selecionar um arquivo",
       "configuration": "Importar configuração",
       "column-type": "Selecionar tipos de colunas",
-      "creat-entities": "Criar novas entidades",
-      "done": "Concluído"
+      "creat-entities": "Criar novas entidades"
     },
     "message": {
       "create-entities": "{{count}} novas entidades foram criadas corretamente.",
diff --git a/ui-ngx/src/assets/locale/locale.constant-ro_RO.json b/ui-ngx/src/assets/locale/locale.constant-ro_RO.json
index fc00f9bd50..01af73ece5 100644
--- a/ui-ngx/src/assets/locale/locale.constant-ro_RO.json
+++ b/ui-ngx/src/assets/locale/locale.constant-ro_RO.json
@@ -50,7 +50,8 @@
         "export": "Export",
         "share-via": "Distribuie prin {{provider}}",
         "continue": "Continuă",
-        "discard-changes": "Anulează Schimbări"
+        "discard-changes": "Anulează Schimbări",
+        "done": "Terminat"
     },
     "aggregation": {
         "aggregation": "Agregare",
@@ -1177,8 +1178,7 @@
             "select-file": "Selectează un fişier",
             "configuration": "Importă configurație",
             "column-type": "Selectează tipul de coloane",
-            "creat-entities": "Creează entităţi noi",
-            "done": "Terminat"
+            "creat-entities": "Creează entităţi noi"
         },
         "message": {
             "create-entities": "{{count}} entităţi noi au fost create cu succes",
diff --git a/ui-ngx/src/assets/locale/locale.constant-ru_RU.json b/ui-ngx/src/assets/locale/locale.constant-ru_RU.json
index 2a6127f672..a4e894e59e 100644
--- a/ui-ngx/src/assets/locale/locale.constant-ru_RU.json
+++ b/ui-ngx/src/assets/locale/locale.constant-ru_RU.json
@@ -50,7 +50,8 @@
         "export": "Экспортировать",
         "share-via": "Поделиться в {{provider}}",
         "continue": "Продолжить",
-        "discard-changes": "Отменить изменения"
+        "discard-changes": "Отменить изменения",
+        "done": "Завершено"
     },
     "aggregation": {
         "aggregation": "Агрегация",
@@ -1206,8 +1207,7 @@
             "select-file": "Выберите файл",
             "configuration": "Конфигурация импорта",
             "column-type": "Выберите тип колонок",
-            "creat-entities": "Создание новых объектов",
-            "done": "Завершено"
+            "creat-entities": "Создание новых объектов"
         },
         "message": {
             "create-entities": "{{count}} новый(х) объект(ов) было успешно создано.",
diff --git a/ui-ngx/src/assets/locale/locale.constant-sl_SI.json b/ui-ngx/src/assets/locale/locale.constant-sl_SI.json
index 1b7275dc0e..62603b1408 100644
--- a/ui-ngx/src/assets/locale/locale.constant-sl_SI.json
+++ b/ui-ngx/src/assets/locale/locale.constant-sl_SI.json
@@ -57,7 +57,8 @@
     "download": "Prenesi",
     "next-with-label": "Naslednji: {{label}}",
     "read-more": "Preberi več",
-    "hide": "Skrij"
+    "hide": "Skrij",
+    "done": "Končano"
   },
   "aggregation": {
     "aggregation": "Združevanje",
@@ -1724,8 +1725,7 @@
       "select-file": "Izberi datoteko",
       "configuration": "Uvozi konfiguracijo",
       "column-type": "Izberi vrsto stolpca",
-      "creat-entities": "Ustvarjanje novih entitet",
-      "done": "Končano"
+      "creat-entities": "Ustvarjanje novih entitet"
     },
     "message": {
       "create-entities": "{{count}} novih entitet je bilo uspešno ustvarjenih.",
diff --git a/ui-ngx/src/assets/locale/locale.constant-tr_TR.json b/ui-ngx/src/assets/locale/locale.constant-tr_TR.json
index 76d8c99709..0c983e8968 100644
--- a/ui-ngx/src/assets/locale/locale.constant-tr_TR.json
+++ b/ui-ngx/src/assets/locale/locale.constant-tr_TR.json
@@ -57,7 +57,8 @@
     "download": "İndir",
     "next-with-label": "Sonraki: {{label}}",
     "read-more": "Devamını Oku",
-    "hide": "Gizle"
+    "hide": "Gizle",
+    "done": "Tamamlandı"
   },
   "aggregation": {
     "aggregation": "Aggregation",
@@ -2184,8 +2185,7 @@
       "select-file": "Bir dosya seçin",
       "configuration": "Yapılandırmayı içe aktar",
       "column-type": "Sütun türünü seçin",
-      "creat-entities": "Yeni varlıklar oluşturma",
-      "done": "Tamamlandı"
+      "creat-entities": "Yeni varlıklar oluşturma"
     },
     "message": {
       "create-entities": "{{count}} yeni öğe başarıyla oluşturuldu.",
diff --git a/ui-ngx/src/assets/locale/locale.constant-uk_UA.json b/ui-ngx/src/assets/locale/locale.constant-uk_UA.json
index 91039b302b..eff83577fd 100644
--- a/ui-ngx/src/assets/locale/locale.constant-uk_UA.json
+++ b/ui-ngx/src/assets/locale/locale.constant-uk_UA.json
@@ -52,7 +52,8 @@
         "continue": "Продовжити",
         "discard-changes": "Скасувати зміни",
         "move": "Перемістити",
-        "select": "Вибрати"
+        "select": "Вибрати",
+        "done": "Завершено"
     },
     "aggregation": {
         "aggregation": "Агрегація",
@@ -1458,8 +1459,7 @@
             "select-file": "Виберіть файл",
             "configuration": "Конфігурація імпорту",
             "column-type": "Виберіть тип колонок",
-            "creat-entities": "Створення нових сутностей",
-            "done": "Завершено"
+            "creat-entities": "Створення нових сутностей"
         },
         "message": {
             "create-entities": "{{count}} нову(их) сутність(ей) успішно створено.",

From 0c1edc8685fadbc0c1a2dbc2c40aed7c869f07db Mon Sep 17 00:00:00 2001
From: nickAS21 <nick@thingsboard.io>
Date: Wed, 25 May 2022 12:49:42 +0300
Subject: [PATCH 67/92] refactoring: InterfaceSimple add TenantId and
 CustomerId

---
 .../server/controller/CustomerController.java |  9 ++---
 .../controller/DashboardController.java       |  7 ++--
 .../controller/DeviceProfileController.java   |  6 ++--
 .../entitiy/SimpleTbEntityService.java        |  6 ++--
 .../customer/DefaultTbCustomerService.java    | 17 ++++-----
 .../dashboard/DefaultTbDashboardService.java  | 14 ++++----
 .../DefaultTbDeviceProfileService.java        | 35 ++++++++++---------
 .../deviceProfile/TbDeviceProfileService.java |  3 +-
 .../DefaultTbEntityRelationService.java       |  3 +-
 .../TbEntityRelationService.java              |  7 ++--
 10 files changed, 52 insertions(+), 55 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/CustomerController.java b/application/src/main/java/org/thingsboard/server/controller/CustomerController.java
index a824690653..5f5219da7e 100644
--- a/application/src/main/java/org/thingsboard/server/controller/CustomerController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/CustomerController.java
@@ -143,9 +143,10 @@ public class CustomerController extends BaseController {
     @RequestMapping(value = "/customer", method = RequestMethod.POST)
     @ResponseBody
     public Customer saveCustomer(@ApiParam(value = "A JSON value representing the customer.") @RequestBody Customer customer) throws ThingsboardException {
-        customer.setTenantId(getCurrentUser().getTenantId());
-        checkEntity(customer.getId(), customer, Resource.CUSTOMER);
-        return tbCustomerService.save(customer, getCurrentUser());
+        customer.setTenantId(getTenantId());
+        CustomerId customerId = customer.getId();
+        checkEntity(customerId, customer, Resource.CUSTOMER);
+        return tbCustomerService.save(getTenantId(), customerId, customer, getCurrentUser());
     }
 
     @ApiOperation(value = "Delete Customer (deleteCustomer)",
@@ -161,7 +162,7 @@ public class CustomerController extends BaseController {
         CustomerId customerId = new CustomerId(toUUID(strCustomerId));
         Customer customer = checkCustomerId(customerId, Operation.DELETE);
         try {
-            tbCustomerService.delete(customer, getCurrentUser());
+            tbCustomerService.delete(getTenantId(), customerId, customer, getCurrentUser());
         } catch (Exception e) {
             throw handleException(e);
         }
diff --git a/application/src/main/java/org/thingsboard/server/controller/DashboardController.java b/application/src/main/java/org/thingsboard/server/controller/DashboardController.java
index 044c61001d..b5667a61b9 100644
--- a/application/src/main/java/org/thingsboard/server/controller/DashboardController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/DashboardController.java
@@ -39,7 +39,6 @@ import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.server.common.data.Customer;
 import org.thingsboard.server.common.data.Dashboard;
 import org.thingsboard.server.common.data.DashboardInfo;
-import org.thingsboard.server.common.data.HasName;
 import org.thingsboard.server.common.data.HomeDashboard;
 import org.thingsboard.server.common.data.HomeDashboardInfo;
 import org.thingsboard.server.common.data.Tenant;
@@ -182,9 +181,9 @@ public class DashboardController extends BaseController {
     public Dashboard saveDashboard(
             @ApiParam(value = "A JSON value representing the dashboard.")
             @RequestBody Dashboard dashboard) throws ThingsboardException {
-        dashboard.setTenantId(getCurrentUser().getTenantId());
+        dashboard.setTenantId(getTenantId());
         checkEntity(dashboard.getId(), dashboard, Resource.DASHBOARD);
-        return tbDashboardService.save(dashboard, getCurrentUser());
+        return tbDashboardService.save(getTenantId(), null, dashboard, getCurrentUser());
     }
 
     @ApiOperation(value = "Delete the Dashboard (deleteDashboard)",
@@ -198,7 +197,7 @@ public class DashboardController extends BaseController {
         checkParameter(DASHBOARD_ID, strDashboardId);
         DashboardId dashboardId = new DashboardId(toUUID(strDashboardId));
         Dashboard dashboard = checkDashboardId(dashboardId, Operation.DELETE);
-        tbDashboardService.delete(dashboard, getCurrentUser());
+        tbDashboardService.delete(getTenantId(), null, dashboard, getCurrentUser());
     }
 
     @ApiOperation(value = "Assign the Dashboard (assignDashboardToCustomer)",
diff --git a/application/src/main/java/org/thingsboard/server/controller/DeviceProfileController.java b/application/src/main/java/org/thingsboard/server/controller/DeviceProfileController.java
index 6dabe62aa2..49ced0a999 100644
--- a/application/src/main/java/org/thingsboard/server/controller/DeviceProfileController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/DeviceProfileController.java
@@ -204,7 +204,7 @@ public class DeviceProfileController extends BaseController {
 
         checkEntity(deviceProfile.getId(), deviceProfile, Resource.DEVICE_PROFILE);
 
-        return tbDeviceProfileService.save(deviceProfile, getCurrentUser());
+        return tbDeviceProfileService.save(getTenantId(), getCurrentUser().getCustomerId(), deviceProfile, getCurrentUser());
     }
 
     @ApiOperation(value = "Delete device profile (deleteDeviceProfile)",
@@ -220,7 +220,7 @@ public class DeviceProfileController extends BaseController {
         checkParameter(DEVICE_PROFILE_ID, strDeviceProfileId);
         DeviceProfileId deviceProfileId = new DeviceProfileId(toUUID(strDeviceProfileId));
         DeviceProfile deviceProfile = checkDeviceProfileId(deviceProfileId, Operation.DELETE);
-        tbDeviceProfileService.delete(deviceProfile, getCurrentUser());
+        tbDeviceProfileService.delete(getTenantId(), getCurrentUser().getCustomerId(), deviceProfile, getCurrentUser());
      }
 
     @ApiOperation(value = "Make Device Profile Default (setDefaultDeviceProfile)",
@@ -236,7 +236,7 @@ public class DeviceProfileController extends BaseController {
         DeviceProfileId deviceProfileId = new DeviceProfileId(toUUID(strDeviceProfileId));
         DeviceProfile deviceProfile = checkDeviceProfileId(deviceProfileId, Operation.WRITE);
         DeviceProfile previousDefaultDeviceProfile = deviceProfileService.findDefaultDeviceProfile(getTenantId());
-        return tbDeviceProfileService.setDefaultDeviceProfile(deviceProfile, previousDefaultDeviceProfile, getCurrentUser());
+        return tbDeviceProfileService.setDefaultDeviceProfile(null, deviceProfile, previousDefaultDeviceProfile, getCurrentUser());
     }
 
     @ApiOperation(value = "Get Device Profiles (getDeviceProfiles)",
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/SimpleTbEntityService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/SimpleTbEntityService.java
index ce22e8d787..ed4cb84728 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/SimpleTbEntityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/SimpleTbEntityService.java
@@ -16,12 +16,14 @@
 package org.thingsboard.server.service.entitiy;
 
 import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.CustomerId;
+import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 public interface SimpleTbEntityService<T> {
 
-   T save(T entity, SecurityUser user) throws ThingsboardException;
+   T save(TenantId tenantId, CustomerId customerId, T entity, SecurityUser user) throws ThingsboardException;
 
-   void  delete (T entity, SecurityUser user) throws ThingsboardException;
+   void  delete (TenantId tenantId, CustomerId customerId, T entity, SecurityUser user) throws ThingsboardException;
 
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/customer/DefaultTbCustomerService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/customer/DefaultTbCustomerService.java
index 8f13b10cc5..fb64f7bff5 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/customer/DefaultTbCustomerService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/customer/DefaultTbCustomerService.java
@@ -40,12 +40,11 @@ public class DefaultTbCustomerService extends AbstractTbEntityService implements
     private final TbClusterService tbClusterService;
 
     @Override
-    public Customer save(Customer customer, SecurityUser user) throws ThingsboardException {
+    public Customer save(TenantId tenantId, CustomerId customerId, Customer customer, SecurityUser user) throws ThingsboardException {
         ActionType actionType = customer.getId() == null ? ActionType.ADDED : ActionType.UPDATED;
-        TenantId tenantId = customer.getTenantId();
         try {
             Customer savedCustomer = checkNotNull(customerService.saveCustomer(customer));
-            notificationEntityService.notifyCreateOrUpdateEntity(tenantId, savedCustomer.getId(), savedCustomer, savedCustomer.getId(), actionType, user);
+            notificationEntityService.notifyCreateOrUpdateEntity(tenantId, savedCustomer.getId(), savedCustomer, customerId, actionType, user);
             return savedCustomer;
         } catch (Exception e) {
             notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.CUSTOMER), customer, null, actionType, user, e);
@@ -55,18 +54,16 @@ public class DefaultTbCustomerService extends AbstractTbEntityService implements
 
 
     @Override
-    public void delete(Customer customer, SecurityUser user) throws ThingsboardException {
-        TenantId tenantId = customer.getTenantId();
-        CustomerId customerId = customer.getId();
+    public void delete(TenantId tenantId, CustomerId customerId, Customer customer, SecurityUser user) throws ThingsboardException {
         try {
-            List<EdgeId> relatedEdgeIds = findRelatedEdgeIds(tenantId, customerId);
+            List<EdgeId> relatedEdgeIds = findRelatedEdgeIds(tenantId, customer.getId());
             customerService.deleteCustomer(tenantId, customerId);
-            notificationEntityService.notifyDeleteEntity(tenantId, customerId, customer, customerId,
+            notificationEntityService.notifyDeleteEntity(tenantId, customer.getId(), customer, customerId,
                     ActionType.DELETED, relatedEdgeIds, user, customerId.toString());
-            tbClusterService.broadcastEntityStateChangeEvent(tenantId, customerId, ComponentLifecycleEvent.DELETED);
+            tbClusterService.broadcastEntityStateChangeEvent(tenantId, customer.getId(), ComponentLifecycleEvent.DELETED);
         } catch (Exception e) {
             notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.CUSTOMER), null, null,
-                    ActionType.DELETED, user, e, customerId.toString());
+                    ActionType.DELETED, user, e, customer.getId().toString());
             throw handleException(e);
         }
     }
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/dashboard/DefaultTbDashboardService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/dashboard/DefaultTbDashboardService.java
index a1bf4baf6b..499f372aaa 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/dashboard/DefaultTbDashboardService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/dashboard/DefaultTbDashboardService.java
@@ -43,31 +43,29 @@ import java.util.Set;
 public class DefaultTbDashboardService extends AbstractTbEntityService implements TbDashboardService {
 
     @Override
-    public Dashboard save(Dashboard dashboard, SecurityUser user) throws ThingsboardException {
+    public Dashboard save(TenantId tenantId, CustomerId customerId, Dashboard dashboard, SecurityUser user) throws ThingsboardException {
         ActionType actionType = dashboard.getId() == null ? ActionType.ADDED : ActionType.UPDATED;
-        TenantId tenantId = dashboard.getTenantId();
         try {
             Dashboard savedDashboard = checkNotNull(dashboardService.saveDashboard(dashboard));
             notificationEntityService.notifyCreateOrUpdateEntity(tenantId, savedDashboard.getId(), savedDashboard,
-                    null, actionType, user);
+                    customerId, actionType, user);
             return savedDashboard;
         } catch (Exception e) {
-            notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.DASHBOARD), dashboard, null, actionType, user, e);
+            notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.DASHBOARD), dashboard, customerId, actionType, user, e);
             throw handleException(e);
         }
     }
 
     @Override
-    public void delete(Dashboard dashboard, SecurityUser user) throws ThingsboardException {
-        TenantId tenantId = dashboard.getTenantId();
+    public void delete(TenantId tenantId, CustomerId customerId, Dashboard dashboard, SecurityUser user) throws ThingsboardException {
         DashboardId dashboardId = dashboard.getId();
         try {
             List<EdgeId> relatedEdgeIds = findRelatedEdgeIds(tenantId, dashboardId);
             dashboardService.deleteDashboard(tenantId, dashboardId);
-            notificationEntityService.notifyDeleteEntity(tenantId, dashboardId, dashboard, user.getCustomerId(),
+            notificationEntityService.notifyDeleteEntity(tenantId, dashboardId, dashboard, customerId,
                     ActionType.DELETED, relatedEdgeIds, user, dashboardId.toString());
         } catch (Exception e) {
-            notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.DASHBOARD), null, null,
+            notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.DASHBOARD), null, customerId,
                     ActionType.DELETED, user, e, dashboardId.toString());
             throw handleException(e);
         }
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/DefaultTbDeviceProfileService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/DefaultTbDeviceProfileService.java
index cf6dfafa1e..b3d946a462 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/DefaultTbDeviceProfileService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/DefaultTbDeviceProfileService.java
@@ -22,6 +22,8 @@ import org.thingsboard.server.common.data.DeviceProfile;
 import org.thingsboard.server.common.data.EntityType;
 import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.CustomerId;
+import org.thingsboard.server.common.data.id.DeviceProfileId;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.plugin.ComponentLifecycleEvent;
 import org.thingsboard.server.queue.util.TbCoreComponent;
@@ -36,9 +38,8 @@ import java.util.Objects;
 @Slf4j
 public class DefaultTbDeviceProfileService extends AbstractTbEntityService implements TbDeviceProfileService {
     @Override
-    public DeviceProfile save(DeviceProfile deviceProfile, SecurityUser user) throws ThingsboardException {
+    public DeviceProfile save(TenantId tenantId, CustomerId customerId, DeviceProfile deviceProfile, SecurityUser user) throws ThingsboardException {
         ActionType actionType = deviceProfile.getId() == null ? ActionType.ADDED : ActionType.UPDATED;
-        TenantId tenantId = user.getTenantId();
         try {
             boolean isFirmwareChanged = false;
             boolean isSoftwareChanged = false;
@@ -55,12 +56,12 @@ public class DefaultTbDeviceProfileService extends AbstractTbEntityService imple
             DeviceProfile savedDeviceProfile = checkNotNull(deviceProfileService.saveDeviceProfile(deviceProfile));
 
             tbClusterService.onDeviceProfileChange(savedDeviceProfile, null);
-            tbClusterService.broadcastEntityStateChangeEvent(deviceProfile.getTenantId(), savedDeviceProfile.getId(),
+            tbClusterService.broadcastEntityStateChangeEvent(tenantId, savedDeviceProfile.getId(),
                     actionType.equals(ActionType.ADDED) ? ComponentLifecycleEvent.CREATED : ComponentLifecycleEvent.UPDATED);
 
             otaPackageStateService.update(savedDeviceProfile, isFirmwareChanged, isSoftwareChanged);
 
-            notificationEntityService.notifyCreateOrUpdateOrDelete(user.getTenantId(), user.getCustomerId(), savedDeviceProfile.getId(), savedDeviceProfile, user, actionType, null);
+            notificationEntityService.notifyCreateOrUpdateOrDelete(tenantId, customerId, savedDeviceProfile.getId(), savedDeviceProfile, user, actionType, null);
             return savedDeviceProfile;
         } catch (Exception e) {
             notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.DEVICE_PROFILE), deviceProfile, null,
@@ -70,39 +71,39 @@ public class DefaultTbDeviceProfileService extends AbstractTbEntityService imple
     }
 
     @Override
-    public void delete(DeviceProfile deviceProfile, SecurityUser user) throws ThingsboardException {
-        TenantId tenantId = user.getTenantId();
+    public void delete(TenantId tenantId, CustomerId customerId, DeviceProfile deviceProfile, SecurityUser user) throws ThingsboardException {
+        DeviceProfileId deviceProfileId = deviceProfile.getId();
         try {
-            deviceProfileService.deleteDeviceProfile(tenantId, deviceProfile.getId());
+            deviceProfileService.deleteDeviceProfile(tenantId, deviceProfileId);
 
             tbClusterService.onDeviceProfileDelete(deviceProfile, null);
-            tbClusterService.broadcastEntityStateChangeEvent(deviceProfile.getTenantId(), deviceProfile.getId(), ComponentLifecycleEvent.DELETED);
-            notificationEntityService.notifyCreateOrUpdateOrDelete(user.getTenantId(), user.getCustomerId(), deviceProfile.getId(), deviceProfile, user, ActionType.DELETED,  null, deviceProfile.getId().toString());
+            tbClusterService.broadcastEntityStateChangeEvent(tenantId, deviceProfileId, ComponentLifecycleEvent.DELETED);
+            notificationEntityService.notifyCreateOrUpdateOrDelete(tenantId, customerId, deviceProfileId, deviceProfile, user, ActionType.DELETED,  null, deviceProfileId.toString());
         } catch (Exception e) {
-            notificationEntityService.notifyCreateOrUpdateOrDelete(user.getTenantId(), user.getCustomerId(), emptyId(EntityType.DEVICE_PROFILE), null, user, ActionType.DELETED,  e, deviceProfile.getId().toString());
+            notificationEntityService.notifyCreateOrUpdateOrDelete(tenantId, customerId, emptyId(EntityType.DEVICE_PROFILE), null, user, ActionType.DELETED,  e, deviceProfileId.toString());
             throw handleException(e);
         }
     }
 
     @Override
-    public DeviceProfile setDefaultDeviceProfile(DeviceProfile deviceProfile, DeviceProfile previousDefaultDeviceProfile, SecurityUser user) throws ThingsboardException {
-        TenantId tenantId = user.getTenantId();
+    public DeviceProfile setDefaultDeviceProfile(CustomerId customerId, DeviceProfile deviceProfile, DeviceProfile previousDefaultDeviceProfile, SecurityUser user) throws ThingsboardException {
+        TenantId tenantId = deviceProfile.getTenantId();
         try {
 
-            if (deviceProfileService.setDefaultDeviceProfile(user.getTenantId(), deviceProfile.getId())) {
+            if (deviceProfileService.setDefaultDeviceProfile(tenantId, deviceProfile.getId())) {
                 if (previousDefaultDeviceProfile != null) {
-                    previousDefaultDeviceProfile = deviceProfileService.findDeviceProfileById(user.getTenantId(), previousDefaultDeviceProfile.getId());
-                    notificationEntityService.notifyEntity(tenantId, previousDefaultDeviceProfile.getId(), previousDefaultDeviceProfile, null,
+                    previousDefaultDeviceProfile = deviceProfileService.findDeviceProfileById(tenantId, previousDefaultDeviceProfile.getId());
+                    notificationEntityService.notifyEntity(tenantId, previousDefaultDeviceProfile.getId(), previousDefaultDeviceProfile, customerId,
                             ActionType.UPDATED, user, null);
                 }
                 deviceProfile = deviceProfileService.findDeviceProfileById(tenantId, deviceProfile.getId());
 
-                notificationEntityService.notifyEntity(tenantId, deviceProfile.getId(), deviceProfile, null,
+                notificationEntityService.notifyEntity(tenantId, deviceProfile.getId(), deviceProfile, customerId,
                         ActionType.UPDATED, user, null);
             }
             return deviceProfile;
         } catch (Exception e) {
-            notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.DEVICE_PROFILE), null, null,
+            notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.DEVICE_PROFILE), null, customerId,
                     ActionType.UPDATED, user, e, deviceProfile.getId().toString());
             throw handleException(e);
         }
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/TbDeviceProfileService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/TbDeviceProfileService.java
index 28b07e7d13..b692c2f72b 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/TbDeviceProfileService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/TbDeviceProfileService.java
@@ -17,10 +17,11 @@ package org.thingsboard.server.service.entitiy.deviceProfile;
 
 import org.thingsboard.server.common.data.DeviceProfile;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.CustomerId;
 import org.thingsboard.server.service.entitiy.SimpleTbEntityService;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 public interface TbDeviceProfileService extends SimpleTbEntityService<DeviceProfile> {
 
-    DeviceProfile setDefaultDeviceProfile(DeviceProfile deviceProfile, DeviceProfile previousDefaultDeviceProfile, SecurityUser user) throws ThingsboardException;
+    DeviceProfile setDefaultDeviceProfile(CustomerId customerId, DeviceProfile deviceProfile, DeviceProfile previousDefaultDeviceProfile, SecurityUser user) throws ThingsboardException;
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/DefaultTbEntityRelationService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/DefaultTbEntityRelationService.java
index 57fedfab73..a2d82d8a25 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/DefaultTbEntityRelationService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/DefaultTbEntityRelationService.java
@@ -35,11 +35,12 @@ import org.thingsboard.server.service.security.model.SecurityUser;
 @Slf4j
 public class DefaultTbEntityRelationService extends AbstractTbEntityService implements TbEntityRelationService {
     @Override
-    public void save(TenantId tenantId, CustomerId customerId, EntityRelation relation, SecurityUser user) throws ThingsboardException {
+    public EntityRelation save(TenantId tenantId, CustomerId customerId, EntityRelation relation, SecurityUser user) throws ThingsboardException {
         try {
             relationService.saveRelation(tenantId, relation);
             notificationEntityService.notifyCreateOrUpdateOrDeleteRelation (tenantId, customerId,
                     relation, user, ActionType.RELATION_ADD_OR_UPDATE, null, relation);
+            return relation;
         } catch (Exception e) {
             notificationEntityService.notifyCreateOrUpdateOrDeleteRelation (tenantId, customerId,
                     relation, user, ActionType.RELATION_ADD_OR_UPDATE, e, relation);
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/TbEntityRelationService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/TbEntityRelationService.java
index b4adcfd913..aa7bf9b5c1 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/TbEntityRelationService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/TbEntityRelationService.java
@@ -20,13 +20,10 @@ import org.thingsboard.server.common.data.id.CustomerId;
 import org.thingsboard.server.common.data.id.EntityId;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.relation.EntityRelation;
+import org.thingsboard.server.service.entitiy.SimpleTbEntityService;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
-public interface TbEntityRelationService {
-
-    void save(TenantId tenantId, CustomerId customerId, EntityRelation entity, SecurityUser user) throws ThingsboardException;
-
-    void delete(TenantId tenantId, CustomerId customerId, EntityRelation entity, SecurityUser user) throws ThingsboardException;
+public interface TbEntityRelationService extends SimpleTbEntityService<EntityRelation> {
 
     void deleteRelations (TenantId tenantId, CustomerId customerId, EntityId entityId, SecurityUser user, Exception e) throws ThingsboardException;
 

From 71b81f984aa6539f9a05c315d19a511055618d60 Mon Sep 17 00:00:00 2001
From: nickAS21 <nick@thingsboard.io>
Date: Wed, 25 May 2022 14:39:08 +0300
Subject: [PATCH 68/92] refactoring: from InterfaceSimple del TenantId and
 CustomerId

---
 .../server/controller/CustomerController.java |  7 +++----
 .../controller/DashboardController.java       |  4 ++--
 .../controller/DeviceProfileController.java   |  8 +++----
 .../entitiy/SimpleTbEntityService.java        |  6 ++----
 .../customer/DefaultTbCustomerService.java    |  8 +++++--
 .../dashboard/DefaultTbDashboardService.java  | 14 +++++++------
 .../DefaultTbDeviceProfileService.java        | 21 ++++++++++---------
 .../deviceProfile/TbDeviceProfileService.java |  3 +--
 .../DefaultTbEntityRelationService.java       |  3 +--
 .../TbEntityRelationService.java              |  7 +++++--
 10 files changed, 42 insertions(+), 39 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/CustomerController.java b/application/src/main/java/org/thingsboard/server/controller/CustomerController.java
index 5f5219da7e..4ebcde7d36 100644
--- a/application/src/main/java/org/thingsboard/server/controller/CustomerController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/CustomerController.java
@@ -144,9 +144,8 @@ public class CustomerController extends BaseController {
     @ResponseBody
     public Customer saveCustomer(@ApiParam(value = "A JSON value representing the customer.") @RequestBody Customer customer) throws ThingsboardException {
         customer.setTenantId(getTenantId());
-        CustomerId customerId = customer.getId();
-        checkEntity(customerId, customer, Resource.CUSTOMER);
-        return tbCustomerService.save(getTenantId(), customerId, customer, getCurrentUser());
+        checkEntity(customer.getId(), customer, Resource.CUSTOMER);
+        return tbCustomerService.save(customer, getCurrentUser());
     }
 
     @ApiOperation(value = "Delete Customer (deleteCustomer)",
@@ -162,7 +161,7 @@ public class CustomerController extends BaseController {
         CustomerId customerId = new CustomerId(toUUID(strCustomerId));
         Customer customer = checkCustomerId(customerId, Operation.DELETE);
         try {
-            tbCustomerService.delete(getTenantId(), customerId, customer, getCurrentUser());
+            tbCustomerService.delete(customer, getCurrentUser());
         } catch (Exception e) {
             throw handleException(e);
         }
diff --git a/application/src/main/java/org/thingsboard/server/controller/DashboardController.java b/application/src/main/java/org/thingsboard/server/controller/DashboardController.java
index b5667a61b9..fe87ff6cc8 100644
--- a/application/src/main/java/org/thingsboard/server/controller/DashboardController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/DashboardController.java
@@ -183,7 +183,7 @@ public class DashboardController extends BaseController {
             @RequestBody Dashboard dashboard) throws ThingsboardException {
         dashboard.setTenantId(getTenantId());
         checkEntity(dashboard.getId(), dashboard, Resource.DASHBOARD);
-        return tbDashboardService.save(getTenantId(), null, dashboard, getCurrentUser());
+        return tbDashboardService.save(dashboard, getCurrentUser());
     }
 
     @ApiOperation(value = "Delete the Dashboard (deleteDashboard)",
@@ -197,7 +197,7 @@ public class DashboardController extends BaseController {
         checkParameter(DASHBOARD_ID, strDashboardId);
         DashboardId dashboardId = new DashboardId(toUUID(strDashboardId));
         Dashboard dashboard = checkDashboardId(dashboardId, Operation.DELETE);
-        tbDashboardService.delete(getTenantId(), null, dashboard, getCurrentUser());
+        tbDashboardService.delete(dashboard, getCurrentUser());
     }
 
     @ApiOperation(value = "Assign the Dashboard (assignDashboardToCustomer)",
diff --git a/application/src/main/java/org/thingsboard/server/controller/DeviceProfileController.java b/application/src/main/java/org/thingsboard/server/controller/DeviceProfileController.java
index 49ced0a999..c9330c0a77 100644
--- a/application/src/main/java/org/thingsboard/server/controller/DeviceProfileController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/DeviceProfileController.java
@@ -201,10 +201,8 @@ public class DeviceProfileController extends BaseController {
             @ApiParam(value = "A JSON value representing the device profile.")
             @RequestBody DeviceProfile deviceProfile) throws ThingsboardException {
         deviceProfile.setTenantId(getTenantId());
-
         checkEntity(deviceProfile.getId(), deviceProfile, Resource.DEVICE_PROFILE);
-
-        return tbDeviceProfileService.save(getTenantId(), getCurrentUser().getCustomerId(), deviceProfile, getCurrentUser());
+        return tbDeviceProfileService.save(deviceProfile, getCurrentUser());
     }
 
     @ApiOperation(value = "Delete device profile (deleteDeviceProfile)",
@@ -220,7 +218,7 @@ public class DeviceProfileController extends BaseController {
         checkParameter(DEVICE_PROFILE_ID, strDeviceProfileId);
         DeviceProfileId deviceProfileId = new DeviceProfileId(toUUID(strDeviceProfileId));
         DeviceProfile deviceProfile = checkDeviceProfileId(deviceProfileId, Operation.DELETE);
-        tbDeviceProfileService.delete(getTenantId(), getCurrentUser().getCustomerId(), deviceProfile, getCurrentUser());
+        tbDeviceProfileService.delete(deviceProfile, getCurrentUser());
      }
 
     @ApiOperation(value = "Make Device Profile Default (setDefaultDeviceProfile)",
@@ -236,7 +234,7 @@ public class DeviceProfileController extends BaseController {
         DeviceProfileId deviceProfileId = new DeviceProfileId(toUUID(strDeviceProfileId));
         DeviceProfile deviceProfile = checkDeviceProfileId(deviceProfileId, Operation.WRITE);
         DeviceProfile previousDefaultDeviceProfile = deviceProfileService.findDefaultDeviceProfile(getTenantId());
-        return tbDeviceProfileService.setDefaultDeviceProfile(null, deviceProfile, previousDefaultDeviceProfile, getCurrentUser());
+        return tbDeviceProfileService.setDefaultDeviceProfile(deviceProfile, previousDefaultDeviceProfile, getCurrentUser());
     }
 
     @ApiOperation(value = "Get Device Profiles (getDeviceProfiles)",
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/SimpleTbEntityService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/SimpleTbEntityService.java
index ed4cb84728..ce22e8d787 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/SimpleTbEntityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/SimpleTbEntityService.java
@@ -16,14 +16,12 @@
 package org.thingsboard.server.service.entitiy;
 
 import org.thingsboard.server.common.data.exception.ThingsboardException;
-import org.thingsboard.server.common.data.id.CustomerId;
-import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 public interface SimpleTbEntityService<T> {
 
-   T save(TenantId tenantId, CustomerId customerId, T entity, SecurityUser user) throws ThingsboardException;
+   T save(T entity, SecurityUser user) throws ThingsboardException;
 
-   void  delete (TenantId tenantId, CustomerId customerId, T entity, SecurityUser user) throws ThingsboardException;
+   void  delete (T entity, SecurityUser user) throws ThingsboardException;
 
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/customer/DefaultTbCustomerService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/customer/DefaultTbCustomerService.java
index fb64f7bff5..838e32f427 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/customer/DefaultTbCustomerService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/customer/DefaultTbCustomerService.java
@@ -40,8 +40,10 @@ public class DefaultTbCustomerService extends AbstractTbEntityService implements
     private final TbClusterService tbClusterService;
 
     @Override
-    public Customer save(TenantId tenantId, CustomerId customerId, Customer customer, SecurityUser user) throws ThingsboardException {
+    public Customer save(Customer customer, SecurityUser user) throws ThingsboardException {
         ActionType actionType = customer.getId() == null ? ActionType.ADDED : ActionType.UPDATED;
+        TenantId tenantId = customer.getTenantId();
+        CustomerId customerId = customer.getId();
         try {
             Customer savedCustomer = checkNotNull(customerService.saveCustomer(customer));
             notificationEntityService.notifyCreateOrUpdateEntity(tenantId, savedCustomer.getId(), savedCustomer, customerId, actionType, user);
@@ -54,7 +56,9 @@ public class DefaultTbCustomerService extends AbstractTbEntityService implements
 
 
     @Override
-    public void delete(TenantId tenantId, CustomerId customerId, Customer customer, SecurityUser user) throws ThingsboardException {
+    public void delete(Customer customer, SecurityUser user) throws ThingsboardException {
+        TenantId tenantId = customer.getTenantId();
+        CustomerId customerId = customer.getId();
         try {
             List<EdgeId> relatedEdgeIds = findRelatedEdgeIds(tenantId, customer.getId());
             customerService.deleteCustomer(tenantId, customerId);
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/dashboard/DefaultTbDashboardService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/dashboard/DefaultTbDashboardService.java
index 499f372aaa..141963e2e3 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/dashboard/DefaultTbDashboardService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/dashboard/DefaultTbDashboardService.java
@@ -43,29 +43,31 @@ import java.util.Set;
 public class DefaultTbDashboardService extends AbstractTbEntityService implements TbDashboardService {
 
     @Override
-    public Dashboard save(TenantId tenantId, CustomerId customerId, Dashboard dashboard, SecurityUser user) throws ThingsboardException {
+    public Dashboard save(Dashboard dashboard, SecurityUser user) throws ThingsboardException {
         ActionType actionType = dashboard.getId() == null ? ActionType.ADDED : ActionType.UPDATED;
+        TenantId tenantId = dashboard.getTenantId();
         try {
             Dashboard savedDashboard = checkNotNull(dashboardService.saveDashboard(dashboard));
             notificationEntityService.notifyCreateOrUpdateEntity(tenantId, savedDashboard.getId(), savedDashboard,
-                    customerId, actionType, user);
+                    null, actionType, user);
             return savedDashboard;
         } catch (Exception e) {
-            notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.DASHBOARD), dashboard, customerId, actionType, user, e);
+            notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.DASHBOARD), dashboard, null, actionType, user, e);
             throw handleException(e);
         }
     }
 
     @Override
-    public void delete(TenantId tenantId, CustomerId customerId, Dashboard dashboard, SecurityUser user) throws ThingsboardException {
+    public void delete(Dashboard dashboard, SecurityUser user) throws ThingsboardException {
         DashboardId dashboardId = dashboard.getId();
+        TenantId tenantId = dashboard.getTenantId();
         try {
             List<EdgeId> relatedEdgeIds = findRelatedEdgeIds(tenantId, dashboardId);
             dashboardService.deleteDashboard(tenantId, dashboardId);
-            notificationEntityService.notifyDeleteEntity(tenantId, dashboardId, dashboard, customerId,
+            notificationEntityService.notifyDeleteEntity(tenantId, dashboardId, dashboard, null,
                     ActionType.DELETED, relatedEdgeIds, user, dashboardId.toString());
         } catch (Exception e) {
-            notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.DASHBOARD), null, customerId,
+            notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.DASHBOARD), null, null,
                     ActionType.DELETED, user, e, dashboardId.toString());
             throw handleException(e);
         }
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/DefaultTbDeviceProfileService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/DefaultTbDeviceProfileService.java
index b3d946a462..1c2b3bf79c 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/DefaultTbDeviceProfileService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/DefaultTbDeviceProfileService.java
@@ -22,7 +22,6 @@ import org.thingsboard.server.common.data.DeviceProfile;
 import org.thingsboard.server.common.data.EntityType;
 import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
-import org.thingsboard.server.common.data.id.CustomerId;
 import org.thingsboard.server.common.data.id.DeviceProfileId;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.plugin.ComponentLifecycleEvent;
@@ -38,8 +37,9 @@ import java.util.Objects;
 @Slf4j
 public class DefaultTbDeviceProfileService extends AbstractTbEntityService implements TbDeviceProfileService {
     @Override
-    public DeviceProfile save(TenantId tenantId, CustomerId customerId, DeviceProfile deviceProfile, SecurityUser user) throws ThingsboardException {
+    public DeviceProfile save(DeviceProfile deviceProfile, SecurityUser user) throws ThingsboardException {
         ActionType actionType = deviceProfile.getId() == null ? ActionType.ADDED : ActionType.UPDATED;
+        TenantId tenantId = deviceProfile.getTenantId();
         try {
             boolean isFirmwareChanged = false;
             boolean isSoftwareChanged = false;
@@ -61,7 +61,7 @@ public class DefaultTbDeviceProfileService extends AbstractTbEntityService imple
 
             otaPackageStateService.update(savedDeviceProfile, isFirmwareChanged, isSoftwareChanged);
 
-            notificationEntityService.notifyCreateOrUpdateOrDelete(tenantId, customerId, savedDeviceProfile.getId(), savedDeviceProfile, user, actionType, null);
+            notificationEntityService.notifyCreateOrUpdateOrDelete(tenantId, null, savedDeviceProfile.getId(), savedDeviceProfile, user, actionType, null);
             return savedDeviceProfile;
         } catch (Exception e) {
             notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.DEVICE_PROFILE), deviceProfile, null,
@@ -71,39 +71,40 @@ public class DefaultTbDeviceProfileService extends AbstractTbEntityService imple
     }
 
     @Override
-    public void delete(TenantId tenantId, CustomerId customerId, DeviceProfile deviceProfile, SecurityUser user) throws ThingsboardException {
+    public void delete(DeviceProfile deviceProfile, SecurityUser user) throws ThingsboardException {
         DeviceProfileId deviceProfileId = deviceProfile.getId();
+        TenantId tenantId = deviceProfile.getTenantId();
         try {
             deviceProfileService.deleteDeviceProfile(tenantId, deviceProfileId);
 
             tbClusterService.onDeviceProfileDelete(deviceProfile, null);
             tbClusterService.broadcastEntityStateChangeEvent(tenantId, deviceProfileId, ComponentLifecycleEvent.DELETED);
-            notificationEntityService.notifyCreateOrUpdateOrDelete(tenantId, customerId, deviceProfileId, deviceProfile, user, ActionType.DELETED,  null, deviceProfileId.toString());
+            notificationEntityService.notifyCreateOrUpdateOrDelete(tenantId, null, deviceProfileId, deviceProfile, user, ActionType.DELETED,  null, deviceProfileId.toString());
         } catch (Exception e) {
-            notificationEntityService.notifyCreateOrUpdateOrDelete(tenantId, customerId, emptyId(EntityType.DEVICE_PROFILE), null, user, ActionType.DELETED,  e, deviceProfileId.toString());
+            notificationEntityService.notifyCreateOrUpdateOrDelete(tenantId, null, emptyId(EntityType.DEVICE_PROFILE), null, user, ActionType.DELETED,  e, deviceProfileId.toString());
             throw handleException(e);
         }
     }
 
     @Override
-    public DeviceProfile setDefaultDeviceProfile(CustomerId customerId, DeviceProfile deviceProfile, DeviceProfile previousDefaultDeviceProfile, SecurityUser user) throws ThingsboardException {
+    public DeviceProfile setDefaultDeviceProfile(DeviceProfile deviceProfile, DeviceProfile previousDefaultDeviceProfile, SecurityUser user) throws ThingsboardException {
         TenantId tenantId = deviceProfile.getTenantId();
         try {
 
             if (deviceProfileService.setDefaultDeviceProfile(tenantId, deviceProfile.getId())) {
                 if (previousDefaultDeviceProfile != null) {
                     previousDefaultDeviceProfile = deviceProfileService.findDeviceProfileById(tenantId, previousDefaultDeviceProfile.getId());
-                    notificationEntityService.notifyEntity(tenantId, previousDefaultDeviceProfile.getId(), previousDefaultDeviceProfile, customerId,
+                    notificationEntityService.notifyEntity(tenantId, previousDefaultDeviceProfile.getId(), previousDefaultDeviceProfile, null,
                             ActionType.UPDATED, user, null);
                 }
                 deviceProfile = deviceProfileService.findDeviceProfileById(tenantId, deviceProfile.getId());
 
-                notificationEntityService.notifyEntity(tenantId, deviceProfile.getId(), deviceProfile, customerId,
+                notificationEntityService.notifyEntity(tenantId, deviceProfile.getId(), deviceProfile, null,
                         ActionType.UPDATED, user, null);
             }
             return deviceProfile;
         } catch (Exception e) {
-            notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.DEVICE_PROFILE), null, customerId,
+            notificationEntityService.notifyEntity(tenantId, emptyId(EntityType.DEVICE_PROFILE), null, null,
                     ActionType.UPDATED, user, e, deviceProfile.getId().toString());
             throw handleException(e);
         }
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/TbDeviceProfileService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/TbDeviceProfileService.java
index b692c2f72b..28b07e7d13 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/TbDeviceProfileService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/deviceProfile/TbDeviceProfileService.java
@@ -17,11 +17,10 @@ package org.thingsboard.server.service.entitiy.deviceProfile;
 
 import org.thingsboard.server.common.data.DeviceProfile;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
-import org.thingsboard.server.common.data.id.CustomerId;
 import org.thingsboard.server.service.entitiy.SimpleTbEntityService;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 public interface TbDeviceProfileService extends SimpleTbEntityService<DeviceProfile> {
 
-    DeviceProfile setDefaultDeviceProfile(CustomerId customerId, DeviceProfile deviceProfile, DeviceProfile previousDefaultDeviceProfile, SecurityUser user) throws ThingsboardException;
+    DeviceProfile setDefaultDeviceProfile(DeviceProfile deviceProfile, DeviceProfile previousDefaultDeviceProfile, SecurityUser user) throws ThingsboardException;
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/DefaultTbEntityRelationService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/DefaultTbEntityRelationService.java
index a2d82d8a25..57fedfab73 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/DefaultTbEntityRelationService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/DefaultTbEntityRelationService.java
@@ -35,12 +35,11 @@ import org.thingsboard.server.service.security.model.SecurityUser;
 @Slf4j
 public class DefaultTbEntityRelationService extends AbstractTbEntityService implements TbEntityRelationService {
     @Override
-    public EntityRelation save(TenantId tenantId, CustomerId customerId, EntityRelation relation, SecurityUser user) throws ThingsboardException {
+    public void save(TenantId tenantId, CustomerId customerId, EntityRelation relation, SecurityUser user) throws ThingsboardException {
         try {
             relationService.saveRelation(tenantId, relation);
             notificationEntityService.notifyCreateOrUpdateOrDeleteRelation (tenantId, customerId,
                     relation, user, ActionType.RELATION_ADD_OR_UPDATE, null, relation);
-            return relation;
         } catch (Exception e) {
             notificationEntityService.notifyCreateOrUpdateOrDeleteRelation (tenantId, customerId,
                     relation, user, ActionType.RELATION_ADD_OR_UPDATE, e, relation);
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/TbEntityRelationService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/TbEntityRelationService.java
index aa7bf9b5c1..3e31e71f6c 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/TbEntityRelationService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/TbEntityRelationService.java
@@ -20,10 +20,13 @@ import org.thingsboard.server.common.data.id.CustomerId;
 import org.thingsboard.server.common.data.id.EntityId;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.relation.EntityRelation;
-import org.thingsboard.server.service.entitiy.SimpleTbEntityService;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
-public interface TbEntityRelationService extends SimpleTbEntityService<EntityRelation> {
+public interface TbEntityRelationService {
+
+    void save(TenantId tenantId, CustomerId customerId, EntityRelation entity, SecurityUser user) throws ThingsboardException;
+
+    void  delete (TenantId tenantId, CustomerId customerId, EntityRelation entity, SecurityUser user) throws ThingsboardException;
 
     void deleteRelations (TenantId tenantId, CustomerId customerId, EntityId entityId, SecurityUser user, Exception e) throws ThingsboardException;
 

From d74459d891fe0e6185fd3297ac31a3479ece2799 Mon Sep 17 00:00:00 2001
From: nickAS21 <nick@thingsboard.io>
Date: Wed, 25 May 2022 15:45:30 +0300
Subject: [PATCH 69/92] refactoring: EntityRelationController comments1

---
 .../server/controller/EntityRelationController.java   |  7 +------
 .../DefaultTbEntityRelationService.java               | 11 +++++++----
 .../entityRelation/TbEntityRelationService.java       |  2 +-
 3 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/EntityRelationController.java b/application/src/main/java/org/thingsboard/server/controller/EntityRelationController.java
index 54a891e1f8..0a873aaa18 100644
--- a/application/src/main/java/org/thingsboard/server/controller/EntityRelationController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/EntityRelationController.java
@@ -127,12 +127,7 @@ public class EntityRelationController extends BaseController {
         checkParameter("entityType", strType);
         EntityId entityId = EntityIdFactory.getByTypeAndId(strType, strId);
         checkEntityId(entityId, Operation.WRITE);
-        try {
-            tbEntityRelationService.deleteRelations (getTenantId(), getCurrentUser().getCustomerId(), entityId, getCurrentUser(), null);
-        } catch (Exception e) {
-            tbEntityRelationService.deleteRelations (getTenantId(), getCurrentUser().getCustomerId(), entityId, getCurrentUser(), e);
-            throw handleException(e);
-        }
+        tbEntityRelationService.deleteRelations (getTenantId(), getCurrentUser().getCustomerId(), entityId, getCurrentUser());
     }
 
     @ApiOperation(value = "Get Relation (getRelation)",
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/DefaultTbEntityRelationService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/DefaultTbEntityRelationService.java
index 57fedfab73..ea895683a1 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/DefaultTbEntityRelationService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/DefaultTbEntityRelationService.java
@@ -64,10 +64,13 @@ public class DefaultTbEntityRelationService extends AbstractTbEntityService impl
     }
 
     @Override
-    public void deleteRelations(TenantId tenantId, CustomerId customerId, EntityId entityId, SecurityUser user, Exception e) throws ThingsboardException {
-        if (e == null) {
+    public void deleteRelations(TenantId tenantId, CustomerId customerId, EntityId entityId, SecurityUser user) throws ThingsboardException {
+        try {
             relationService.deleteEntityRelations(tenantId, entityId);
+            notificationEntityService.notifyEntity(tenantId, entityId, null, customerId, ActionType.RELATIONS_DELETED, user, null);
+        } catch (Exception e) {
+            notificationEntityService.notifyEntity(tenantId, entityId, null, customerId, ActionType.RELATIONS_DELETED, user, e);
+            throw handleException(e);
         }
-        notificationEntityService.notifyEntity(tenantId, entityId, null, customerId, ActionType.RELATIONS_DELETED, user, e);
-    }
+     }
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/TbEntityRelationService.java b/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/TbEntityRelationService.java
index 3e31e71f6c..52ad888dc8 100644
--- a/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/TbEntityRelationService.java
+++ b/application/src/main/java/org/thingsboard/server/service/entitiy/entityRelation/TbEntityRelationService.java
@@ -28,6 +28,6 @@ public interface TbEntityRelationService {
 
     void  delete (TenantId tenantId, CustomerId customerId, EntityRelation entity, SecurityUser user) throws ThingsboardException;
 
-    void deleteRelations (TenantId tenantId, CustomerId customerId, EntityId entityId, SecurityUser user, Exception e) throws ThingsboardException;
+    void deleteRelations (TenantId tenantId, CustomerId customerId, EntityId entityId, SecurityUser user) throws ThingsboardException;
 
 }

From 152f5bc2a821c91e362bf0cf9bf919e3f4a32cf0 Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Thu, 26 May 2022 09:41:42 +0300
Subject: [PATCH 70/92] UI: Add action print backup code

---
 .../authentication-dialog.component.scss      |  7 ++-
 .../backup-code-auth-dialog.component.html    | 11 ++--
 .../backup-code-auth-dialog.component.ts      | 23 +++++++++
 .../backup-code-print-template.raw            | 50 +++++++++++++++++++
 .../pages/security/security.component.html    |  6 +--
 .../assets/locale/locale.constant-en_US.json  |  1 +
 6 files changed, 90 insertions(+), 8 deletions(-)
 create mode 100644 ui-ngx/src/app/modules/home/pages/security/authentication-dialog/backup-code-print-template.raw

diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/authentication-dialog.component.scss b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/authentication-dialog.component.scss
index 0b27d00983..a9325b6468 100644
--- a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/authentication-dialog.component.scss
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/authentication-dialog.component.scss
@@ -80,10 +80,10 @@
     max-width: 500px;
     .container {
       max-width: 500px;
-      margin: 40px 0 24px;
+      margin: 40px 0 8px;
       .code {
         letter-spacing: 0.25px;
-        padding: 0 30px;
+        padding: 0 24px;
         margin-bottom: 16px;
         font-family: Roboto Mono, "Helvetica Neue", monospace;
         &.even {
@@ -91,6 +91,9 @@
         }
       }
     }
+    .action-buttons {
+      margin-bottom: 40px;
+    }
   }
 
   & ::ng-deep {
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/backup-code-auth-dialog.component.html b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/backup-code-auth-dialog.component.html
index 61701c9358..ab3ba1a797 100644
--- a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/backup-code-auth-dialog.component.html
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/backup-code-auth-dialog.component.html
@@ -34,13 +34,18 @@
       {{ code }}
     </div>
   </div>
-  <p class="mat-body-1 description" translate>security.2fa.dialog.backup-code-warn</p>
-  <div fxLayout="row" fxLayoutAlign="center start"  fxLayoutGap="16px">
+  <div fxLayout="row" fxLayoutAlign="center start"  fxLayoutGap="16px" class="action-buttons">
     <button type="button" mat-stroked-button color="primary" (click)="downloadFile()">
       {{ 'security.2fa.dialog.download-txt' | translate }}
     </button>
-    <button type="button" mat-raised-button color="primary">
+    <button type="button" mat-raised-button color="primary" (click)="printCode()">
       {{ 'action.print' | translate }}
     </button>
   </div>
+  <p class="mat-body-1 description" translate>security.2fa.dialog.backup-code-warn</p>
+  <div fxLayout="row" fxLayoutAlign="end start">
+    <button type="button" mat-raised-button color="primary" (click)="closeDialog()">
+      {{ 'action.done' | translate }}
+    </button>
+  </div>
 </div>
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/backup-code-auth-dialog.component.ts b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/backup-code-auth-dialog.component.ts
index 70c2888ac5..5d3a26b13d 100644
--- a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/backup-code-auth-dialog.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/backup-code-auth-dialog.component.ts
@@ -29,6 +29,9 @@ import {
 } from '@shared/models/two-factor-auth.models';
 import { mergeMap, tap } from 'rxjs/operators';
 import { ImportExportService } from '@home/components/import-export/import-export.service';
+import { deepClone } from '@core/utils';
+
+import printTemplate from '!raw-loader!./backup-code-print-template.raw';
 
 @Component({
   selector: 'tb-backup-code-auth-dialog',
@@ -62,4 +65,24 @@ export class BackupCodeAuthDialogComponent extends DialogComponent<BackupCodeAut
   downloadFile() {
     this.importExportService.exportText(this.backupCode.codes, 'backup-codes');
   }
+
+  printCode() {
+    const codeTemplate = deepClone(this.backupCode.codes)
+      .map(code => `<div class="code-row"><input type="checkbox"><span class="code">${code}</span></div>`).join('');
+    const printPage = printTemplate.replace('${codesBlock}', codeTemplate);
+    const newWindow = window.open('', 'Print backup code');
+
+    newWindow.document.open();
+    newWindow.document.write(printPage);
+
+    setTimeout(() => {
+      newWindow.print();
+
+      newWindow.document.close();
+
+      setTimeout(() => {
+        newWindow.close();
+      }, 10);
+    }, 0);
+  }
 }
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/backup-code-print-template.raw b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/backup-code-print-template.raw
new file mode 100644
index 0000000000..1ab7efc79f
--- /dev/null
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/backup-code-print-template.raw
@@ -0,0 +1,50 @@
+<html lang="en">
+<head>
+    <meta name="viewport" content="width=device-width" />
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <title>Backup code</title>
+
+    <style>
+        .code-block {
+            display: flex;
+            flex-wrap: wrap;
+            margin-bottom: 16px;
+        }
+        .code-row {
+            margin: 0 6px 8px;
+            display: flex;
+            min-width: 130px;
+        }
+        .code {
+            font: 400 16px / 20px Roboto Mono, "Helvetica Neue", monospace;
+            margin-left: 6px;
+        }
+        input[type="checkbox"] {
+            -webkit-appearance: none;
+            appearance: none;
+            background-color: #fff;
+            margin: 0;
+            font: inherit;
+            color: currentColor;
+            width: 1em;
+            height: 1em;
+            border: 0.1em solid currentColor;
+            border-radius: 0.15em;
+            transform: translateY(0em);
+        }
+    </style>
+</head>
+
+<body style="margin: 0">
+    <div style="margin: 8px; max-width: 286px">
+        <div style="border: #d0d7de solid 1px; border-radius:4px">
+            <h3 style="padding: 16px 24px; margin: 0; font: 500 20px / 24px Roboto, 'Helvetica Neue', sans-serif; text-align: center">
+                Backup codes
+            </h3>
+            <div class="code-block">
+                ${codesBlock}
+            </div>
+        </div>
+    </div>
+</body>
+</html>
diff --git a/ui-ngx/src/app/modules/home/pages/security/security.component.html b/ui-ngx/src/app/modules/home/pages/security/security.component.html
index 8daa2f63ae..4a43db2ce7 100644
--- a/ui-ngx/src/app/modules/home/pages/security/security.component.html
+++ b/ui-ngx/src/app/modules/home/pages/security/security.component.html
@@ -66,15 +66,15 @@
             <mat-checkbox [value]="provider"
                           [checked]="useByDefault === provider"
                           (click)="changeDefaultProvider($event, provider)"
-                          [disabled]="(isLoading$ | async) || activeSingleProvider"
-                           *ngIf="twoFactorAuth.get(provider).value && provider !== twoFactorAuthProviderType.BACKUP_CODE">
+                          [disabled]="(isLoading$ | async)"
+                           *ngIf="twoFactorAuth.get(provider).value && provider !== twoFactorAuthProviderType.BACKUP_CODE && !activeSingleProvider">
               <span class="checkbox-label" translate>security.2fa.main-2fa-method</span>
             </mat-checkbox>
             <button type="button"
              mat-stroked-button color="primary"
              (click)="generateNewBackupCode()"
              *ngIf="twoFactorAuth.get(provider).value && provider === twoFactorAuthProviderType.BACKUP_CODE">
-              Get new code
+              {{ 'security.2fa.get-new-code' | translate }}
             </button>
           </div>
           <mat-divider *ngIf="!$last"></mat-divider>
diff --git a/ui-ngx/src/assets/locale/locale.constant-en_US.json b/ui-ngx/src/assets/locale/locale.constant-en_US.json
index 485960c2e2..07817603dd 100644
--- a/ui-ngx/src/assets/locale/locale.constant-en_US.json
+++ b/ui-ngx/src/assets/locale/locale.constant-en_US.json
@@ -2590,6 +2590,7 @@
             "authenticate-with": "You can authenticate with:",
             "disable-2fa-provider-text": "Disabling {{name}} will make your account less secure",
             "disable-2fa-provider-title": "Are you sure you want to disable {{name}}?",
+            "get-new-code": "Get new code",
             "main-2fa-method": "Use as main two-factor authentication method",
             "dialog": {
                 "activation-step-description-email": "The next time you login in, you will be prompted to enter the security code that will be sent to your email address.",

From 67e969fd75167d9de29ef2c42acf491a6387b230 Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Thu, 26 May 2022 13:59:53 +0300
Subject: [PATCH 71/92] UI: 2fa improvement mobile view; remove required
 maxVerificationFailuresBeforeUserLockout

---
 .../two-factor-auth-settings.component.html   |  5 +---
 .../two-factor-auth-settings.component.scss   |  9 ++++++--
 .../two-factor-auth-settings.component.ts     |  1 -
 .../authentication-dialog.component.scss      | 20 ++++++++++++++--
 .../email-auth-dialog.component.html          | 23 ++++++++++++-------
 .../sms-auth-dialog.component.html            | 23 ++++++++++++-------
 .../pages/security/security.component.html    |  7 +++++-
 .../pages/security/security.component.scss    |  6 ++++-
 .../home/pages/security/security.component.ts | 22 ++++++++++++++++++
 .../two-factor-auth-login.component.scss      | 14 +++++++----
 .../shared/models/two-factor-auth.models.ts   | 15 ++++++++----
 .../assets/locale/locale.constant-en_US.json  |  7 ++++--
 12 files changed, 114 insertions(+), 38 deletions(-)

diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
index 1efa83a2eb..dde38b21f6 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
@@ -140,10 +140,7 @@
                 </mat-form-field>
                 <mat-form-field fxFlex class="mat-block">
                   <mat-label translate>admin.2fa.max-verification-failures-before-user-lockout</mat-label>
-                  <input matInput required formControlName="maxVerificationFailuresBeforeUserLockout" type="number" step="1" min="0" max="65535">
-                  <mat-error *ngIf="twoFaFormGroup.get('maxVerificationFailuresBeforeUserLockout').hasError('required')">
-                    {{ 'admin.2fa.max-verification-failures-before-user-lockout-required' | translate }}
-                  </mat-error>
+                  <input matInput formControlName="maxVerificationFailuresBeforeUserLockout" type="number" step="1" min="0" max="65535">
                   <mat-error *ngIf="twoFaFormGroup.get('maxVerificationFailuresBeforeUserLockout').hasError('pattern')
                     || twoFaFormGroup.get('maxVerificationFailuresBeforeUserLockout').hasError('min')
                     || twoFaFormGroup.get('maxVerificationFailuresBeforeUserLockout').hasError('max')">
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss
index e29f039fde..86254926b7 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss
@@ -16,8 +16,7 @@
 
 @import "../../../../../scss/constants";
 
-:host{
-
+:host {
   mat-card.settings-card {
     @media #{$mat-md} {
       width: 90%;
@@ -48,17 +47,22 @@
     .mat-expansion-panel {
       box-shadow: none;
       margin: 1px 0 0;
+
       &.provider {
         overflow: inherit;
+
         .mat-expansion-panel-header {
           padding: 0 24px 0 8px;
+
           &.mat-expanded {
             height: 48px;
           }
+
           .mat-slide-toggle {
             margin-right: 8px;
           }
         }
+
         .mat-expansion-panel-header-title {
           height: 40px;
         }
@@ -73,6 +77,7 @@
       .mat-expansion-panel-header > .mat-content {
         overflow: inherit;
       }
+
       .mat-expansion-panel-body {
         padding: 0 16px 8px 8px;
       }
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
index c3f49a0c61..7567d57d73 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
@@ -114,7 +114,6 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
   private build2faSettingsForm(): void {
     this.twoFaFormGroup = this.fb.group({
       maxVerificationFailuresBeforeUserLockout: [30, [
-        Validators.required,
         Validators.pattern(/^\d*$/),
         Validators.min(0),
         Validators.max(65535)
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/authentication-dialog.component.scss b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/authentication-dialog.component.scss
index a9325b6468..116db0fb85 100644
--- a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/authentication-dialog.component.scss
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/authentication-dialog.component.scss
@@ -13,7 +13,9 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-:host{
+@import "../../../../../../scss/constants";
+
+:host {
   .mat-toolbar > h2 {
     font-weight: 400;
     letter-spacing: 0.25px;
@@ -30,9 +32,11 @@
     &:not(:first-of-type) {
       margin: 0 0 8px;
     }
+
     &.description {
       margin: 0;
       color: rgba(0, 0, 0, 0.54);
+
       &:last-of-type {
         margin-bottom: 24px;
       }
@@ -45,6 +49,13 @@
 
   .code-container {
     max-width: 170px;
+
+    &.full-width-xs {
+      @media #{$mat-xs} {
+        max-width: 100%;
+        width: 100%;
+      }
+    }
   }
 
   .result-title {
@@ -63,6 +74,7 @@
 
   .step-description {
     max-width: 450px;
+
     &.input {
       margin: 12px 0 0;
     }
@@ -78,26 +90,30 @@
 
   .backup-code {
     max-width: 500px;
+
     .container {
       max-width: 500px;
       margin: 40px 0 8px;
+
       .code {
         letter-spacing: 0.25px;
         padding: 0 24px;
         margin-bottom: 16px;
         font-family: Roboto Mono, "Helvetica Neue", monospace;
+
         &.even {
           text-align: right;
         }
       }
     }
+
     .action-buttons {
       margin-bottom: 40px;
     }
   }
 
   & ::ng-deep {
-    .mat-horizontal-stepper-header{
+    .mat-horizontal-stepper-header {
       pointer-events: none !important;
     }
   }
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.html b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.html
index 963374f49d..45663845be 100644
--- a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.html
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/email-auth-dialog.component.html
@@ -64,8 +64,8 @@
         <p class="mat-body step-description input">
           {{ 'security.2fa.dialog.verification-step-description' | translate : {address: emailConfigForm.get('email').value} }}
         </p>
-        <div fxLayout="row" fxLayoutAlign="space-between center">
-          <mat-form-field fxFlex class="mat-block code-container" hideRequiredMarker floatLabel="always">
+        <div fxLayout="row" fxLayout.xs="column" fxLayoutAlign="space-between center" fxLayoutAlign.xs="start end">
+          <mat-form-field fxFlex class="mat-block code-container full-width-xs" hideRequiredMarker floatLabel="always">
             <mat-label></mat-label>
             <input matInput formControlName="verificationCode"
                    maxlength="6" type="text" required
@@ -76,12 +76,19 @@
               {{ 'security.2fa.dialog.verification-code-invalid' | translate }}
             </mat-error>
           </mat-form-field>
-          <button mat-raised-button
-                  type="submit"
-                  color="primary"
-                  [disabled]="(isLoading$ | async) || emailVerificationForm.invalid">
-            {{ 'action.activate' | translate }}
-          </button>
+          <div fxLayoutGap="8px">
+            <button mat-button
+                    matStepperPrevious
+                    [disabled]="(isLoading$ | async)">
+              {{ 'action.back' | translate }}
+            </button>
+            <button mat-raised-button
+                    type="submit"
+                    color="primary"
+                    [disabled]="(isLoading$ | async) || emailVerificationForm.invalid">
+              {{ 'action.activate' | translate }}
+            </button>
+          </div>
         </div>
       </form>
     </mat-step>
diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.html b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.html
index 50256ccc39..25a444257e 100644
--- a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.html
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.html
@@ -66,8 +66,8 @@
         <p class="mat-body step-description input">
           {{ 'security.2fa.dialog.verification-step-description' | translate : {address: smsConfigForm.get('phone').value} }}
         </p>
-        <div fxLayout="row" fxLayoutAlign="space-between center" fxLayoutGap="8px">
-          <mat-form-field fxFlex class="mat-block code-container" floatLabel="always" hideRequiredMarker>
+        <div fxLayout="row" fxLayout.xs="column" fxLayoutAlign="space-between center" fxLayoutAlign.xs="start end">
+          <mat-form-field fxFlex class="mat-block code-container full-width-xs" floatLabel="always" hideRequiredMarker>
             <mat-label></mat-label>
             <input matInput formControlName="verificationCode"
                    maxlength="6" type="text" required
@@ -78,12 +78,19 @@
               {{ 'security.2fa.dialog.verification-code-invalid' | translate }}
             </mat-error>
           </mat-form-field>
-          <button mat-raised-button
-                  type="submit"
-                  color="primary"
-                  [disabled]="(isLoading$ | async) || smsVerificationForm.invalid">
-            {{ 'action.activate' | translate }}
-          </button>
+          <div fxLayoutGap="8px">
+            <button mat-button
+                    matStepperPrevious
+                    [disabled]="(isLoading$ | async)">
+              {{ 'action.back' | translate }}
+            </button>
+            <button mat-raised-button
+                    type="submit"
+                    color="primary"
+                    [disabled]="(isLoading$ | async) || smsVerificationForm.invalid">
+              {{ 'action.activate' | translate }}
+            </button>
+          </div>
         </div>
       </form>
     </mat-step>
diff --git a/ui-ngx/src/app/modules/home/pages/security/security.component.html b/ui-ngx/src/app/modules/home/pages/security/security.component.html
index 4a43db2ce7..8e279f9c75 100644
--- a/ui-ngx/src/app/modules/home/pages/security/security.component.html
+++ b/ui-ngx/src/app/modules/home/pages/security/security.component.html
@@ -56,9 +56,14 @@
           <div class="provider">
             <h4 class="provider-title">{{ providersData.get(provider).name | translate }}</h4>
             <div fxLayout="row" fxLayoutAlign="space-between start">
-              <div class="mat-body-1 description">
+              <div class="mat-body-1 description" *ngIf="!twoFactorAuth.get(provider).value; else providerInfo">
                 {{ providersData.get(provider).description | translate }}
               </div>
+              <ng-template #providerInfo>
+                <div class="mat-body-1 description">
+                  {{ providersData.get(provider).activatedHint | translate: providerDataInfo(provider) }}
+                </div>
+              </ng-template>
               <mat-slide-toggle [formControlName]="provider"
                                 (click)="confirm2FAChange($event, provider)">
               </mat-slide-toggle>
diff --git a/ui-ngx/src/app/modules/home/pages/security/security.component.scss b/ui-ngx/src/app/modules/home/pages/security/security.component.scss
index 4688e46fae..7dad927038 100644
--- a/ui-ngx/src/app/modules/home/pages/security/security.component.scss
+++ b/ui-ngx/src/app/modules/home/pages/security/security.component.scss
@@ -19,6 +19,7 @@
   .profile-container {
     padding: 8px;
   }
+
   mat-card.profile-card {
     @media #{$mat-gt-sm} {
       width: 70%;
@@ -29,16 +30,19 @@
     @media #{$mat-gt-xl} {
       width: 45%;
     }
+
     .mat-subheader {
       line-height: 24px;
-      color: rgba(0,0,0,0.54);
+      color: rgba(0, 0, 0, 0.54);
       font-size: 14px;
       font-weight: 400;
     }
+
     .profile-last-login-ts {
       font-size: 16px;
       font-weight: 400;
     }
+
     .profile-btn-subtext {
       font: 400 14px / 16px Roboto, "Helvetica Neue", sans-serif;
       letter-spacing: 0.25px;
diff --git a/ui-ngx/src/app/modules/home/pages/security/security.component.ts b/ui-ngx/src/app/modules/home/pages/security/security.component.ts
index e142dcbb1c..34eda9781a 100644
--- a/ui-ngx/src/app/modules/home/pages/security/security.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/security/security.component.ts
@@ -30,6 +30,9 @@ import { ClipboardService } from 'ngx-clipboard';
 import { TwoFactorAuthenticationService } from '@core/http/two-factor-authentication.service';
 import {
   AccountTwoFaSettings,
+  BackupCodeTwoFactorAuthAccountConfig,
+  EmailTwoFactorAuthAccountConfig,
+  SmsTwoFactorAuthAccountConfig,
   twoFactorAuthProvidersData,
   TwoFactorAuthProviderType
 } from '@shared/models/two-factor-auth.models';
@@ -231,4 +234,23 @@ export class SecurityComponent extends PageComponent implements OnInit, OnDestro
       }
     });
   }
+
+  providerDataInfo(provider: TwoFactorAuthProviderType) {
+    const info = {info: null};
+    const providerConfig = this.accountConfig.configs[provider];
+    if (isDefinedAndNotNull(providerConfig)) {
+      switch (provider) {
+        case TwoFactorAuthProviderType.EMAIL:
+          info.info = (providerConfig as EmailTwoFactorAuthAccountConfig).email;
+          break;
+        case TwoFactorAuthProviderType.SMS:
+          info.info = (providerConfig as SmsTwoFactorAuthAccountConfig).phoneNumber;
+          break;
+        case TwoFactorAuthProviderType.BACKUP_CODE:
+          info.info = (providerConfig as BackupCodeTwoFactorAuthAccountConfig).codesLeft;
+          break;
+      }
+    }
+    return info;
+  }
 }
diff --git a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.scss b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.scss
index 4d559f5435..864d099e3c 100644
--- a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.scss
+++ b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.scss
@@ -18,8 +18,10 @@
 :host {
   display: flex;
   flex: 1 1 0;
+
   .tb-two-factor-auth-login-content {
     background-color: #eee;
+
     .tb-two-factor-auth-login-card {
       padding: 48px 48px 48px 16px;
 
@@ -27,7 +29,7 @@
         width: 450px !important;
       }
 
-      .mat-card-title{
+      .mat-card-title {
         font: 400 28px / 36px Roboto, "Helvetica Neue", sans-serif;
       }
 
@@ -46,7 +48,7 @@
         margin-top: 16px;
       }
 
-      .providers-container{
+      .providers-container {
         padding: 0;
 
         .mat-body {
@@ -61,19 +63,23 @@
       }
     }
   }
-  ::ng-deep{
+
+  ::ng-deep {
     button.provider {
       text-align: start;
       font-weight: 400;
+
       &:not(.mat-button-disabled) {
         border-color: rgba(255, 255, 255, .8);
       }
-      .icon{
+
+      .icon {
         height: 18px;
         width: 18px;
         vertical-align: sub;
       }
     }
+
     .mat-form-field-invalid .mat-hint {
       margin-top: 20px;
     }
diff --git a/ui-ngx/src/app/shared/models/two-factor-auth.models.ts b/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
index fc56838899..10040e00e7 100644
--- a/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
+++ b/ui-ngx/src/app/shared/models/two-factor-auth.models.ts
@@ -103,9 +103,10 @@ export interface TwoFaProviderInfo {
 export interface TwoFactorAuthProviderData {
   name: string;
   description: string;
+  activatedHint: string;
 }
 
-export interface TwoFactorAuthProviderLoginData extends TwoFactorAuthProviderData {
+export interface TwoFactorAuthProviderLoginData extends Omit<TwoFactorAuthProviderData, 'activatedHint'> {
   icon: string;
   placeholder: string;
 }
@@ -115,25 +116,29 @@ export const twoFactorAuthProvidersData = new Map<TwoFactorAuthProviderType, Two
     [
       TwoFactorAuthProviderType.TOTP, {
         name: 'security.2fa.provider.totp',
-        description: 'security.2fa.provider.totp-description'
+        description: 'security.2fa.provider.totp-description',
+        activatedHint: 'security.2fa.provider.totp-hint'
       }
     ],
     [
       TwoFactorAuthProviderType.SMS, {
         name: 'security.2fa.provider.sms',
-        description: 'security.2fa.provider.sms-description'
+        description: 'security.2fa.provider.sms-description',
+        activatedHint: 'security.2fa.provider.sms-hint'
       }
     ],
     [
       TwoFactorAuthProviderType.EMAIL, {
         name: 'security.2fa.provider.email',
-        description: 'security.2fa.provider.email-description'
+        description: 'security.2fa.provider.email-description',
+        activatedHint: 'security.2fa.provider.email-hint'
       }
     ],
     [
       TwoFactorAuthProviderType.BACKUP_CODE, {
         name: 'security.2fa.provider.backup_code',
-        description: 'security.2fa.provider.backup-code-description'
+        description: 'security.2fa.provider.backup-code-description',
+        activatedHint: 'security.2fa.provider.backup-code-hint'
       }
     ]
   ]
diff --git a/ui-ngx/src/assets/locale/locale.constant-en_US.json b/ui-ngx/src/assets/locale/locale.constant-en_US.json
index 07817603dd..85ea36d3ff 100644
--- a/ui-ngx/src/assets/locale/locale.constant-en_US.json
+++ b/ui-ngx/src/assets/locale/locale.constant-en_US.json
@@ -321,7 +321,6 @@
             "issuer-name-required": "Issuer name is required.",
             "max-verification-failures-before-user-lockout": "Max verification failures before user lockout",
             "max-verification-failures-before-user-lockout-pattern": "Max verification failures must be a positive integer.",
-            "max-verification-failures-before-user-lockout-required": "Max verification failures is required.",
             "number-of-checking-attempts": "Number of checking attempts",
             "number-of-checking-attempts-pattern": "Number of checking attempts must be a positive integer.",
             "number-of-checking-attempts-required": "Number of checking attempts is required.",
@@ -2624,12 +2623,16 @@
             "provider": {
                 "email": "Email",
                 "email-description": "Use a security code sent to your email address to authenticate.",
+                "email-hint": "Authentication codes are sent via email to {{ info }}",
                 "sms": "SMS",
                 "sms-description": "Use your phone to authenticate. We'll send you a security code via SMS message when you log in.",
+                "sms-hint": "Authentication codes are sent by text message to {{ info }}",
                 "totp": "Authenticator app",
                 "totp-description": "Use apps like Google Authenticator, Authy, or Duo on your phone to authenticate. It will generate a security code for logging in.",
+                "totp-hint": "Authenticator app is set up for your account",
                 "backup_code": "Backup code",
-                "backup-code-description": "These printable one-time passcodes allow you to sign in when away from your phone, like when you’re traveling."
+                "backup-code-description": "These printable one-time passcodes allow you to sign in when away from your phone, like when you’re traveling.",
+                "backup-code-hint": "{{ info }} single-use codes are active at this time"
             }
         }
     },

From eeb7dc23382770017847158ea76b5925695ac4fb Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Thu, 26 May 2022 16:13:24 +0300
Subject: [PATCH 72/92] Improvements for 2FA

---
 .../server/controller/TwoFaConfigController.java     |  4 ++--
 .../auth/mfa/config/DefaultTwoFaConfigManager.java   | 12 ++++++++++--
 .../security/auth/mfa/config/TwoFaConfigManager.java |  2 +-
 .../rest/RestAwareAuthenticationSuccessHandler.java  |  4 +++-
 .../system/DefaultSystemSecurityService.java         |  7 ++++---
 .../security/model/mfa/PlatformTwoFaSettings.java    |  2 +-
 .../mfa/provider/BackupCodeTwoFaProviderConfig.java  |  2 +-
 7 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
index 138b20b160..60239f3603 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
@@ -258,9 +258,9 @@ public class TwoFaConfigController extends BaseController {
                     ControllerConstants.SYSTEM_OR_TENANT_AUTHORITY_PARAGRAPH)
     @PostMapping("/settings")
     @PreAuthorize("hasAnyAuthority('SYS_ADMIN')")
-    public void savePlatformTwoFaSettings(@ApiParam(value = "Settings value", required = true)
+    public PlatformTwoFaSettings savePlatformTwoFaSettings(@ApiParam(value = "Settings value", required = true)
                                           @RequestBody PlatformTwoFaSettings twoFaSettings) throws ThingsboardException {
-        twoFaConfigManager.savePlatformTwoFaSettings(getTenantId(), twoFaSettings);
+        return twoFaConfigManager.savePlatformTwoFaSettings(getTenantId(), twoFaSettings);
     }
 
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java
index bfe426d532..23e6dc065f 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/DefaultTwoFaConfigManager.java
@@ -99,6 +99,9 @@ public class DefaultTwoFaConfigManager implements TwoFaConfigManager {
             return newSettings;
         });
         Map<TwoFaProviderType, TwoFaAccountConfig> configs = settings.getConfigs();
+        if (configs.isEmpty() && accountConfig.getProviderType() == TwoFaProviderType.BACKUP_CODE) {
+            throw new IllegalArgumentException("To use 2FA backup codes you first need to configure at least one provider");
+        }
         if (accountConfig.isUseByDefault()) {
             configs.values().forEach(config -> config.setUseByDefault(false));
         }
@@ -114,7 +117,11 @@ public class DefaultTwoFaConfigManager implements TwoFaConfigManager {
         AccountTwoFaSettings settings = getAccountTwoFaSettings(tenantId, userId)
                 .orElseThrow(() -> new IllegalArgumentException("2FA not configured"));
         settings.getConfigs().remove(providerType);
-        if (!settings.getConfigs().isEmpty() && settings.getConfigs().values().stream().noneMatch(TwoFaAccountConfig::isUseByDefault)) {
+        if (settings.getConfigs().size() == 1) {
+            settings.getConfigs().remove(TwoFaProviderType.BACKUP_CODE);
+        }
+        if (!settings.getConfigs().isEmpty() && settings.getConfigs().values().stream()
+                .noneMatch(TwoFaAccountConfig::isUseByDefault)) {
             settings.getConfigs().values().stream()
                     .min(Comparator.comparing(TwoFaAccountConfig::getProviderType))
                     .ifPresent(config -> config.setUseByDefault(true));
@@ -135,7 +142,7 @@ public class DefaultTwoFaConfigManager implements TwoFaConfigManager {
     }
 
     @Override
-    public void savePlatformTwoFaSettings(TenantId tenantId, PlatformTwoFaSettings twoFactorAuthSettings) throws ThingsboardException {
+    public PlatformTwoFaSettings savePlatformTwoFaSettings(TenantId tenantId, PlatformTwoFaSettings twoFactorAuthSettings) throws ThingsboardException {
         ConstraintValidator.validateFields(twoFactorAuthSettings);
         for (TwoFaProviderConfig providerConfig : twoFactorAuthSettings.getProviders()) {
             twoFactorAuthService.checkProvider(tenantId, providerConfig.getProviderType());
@@ -149,6 +156,7 @@ public class DefaultTwoFaConfigManager implements TwoFaConfigManager {
                 });
         settings.setJsonValue(JacksonUtil.valueToTree(twoFactorAuthSettings));
         adminSettingsService.saveAdminSettings(tenantId, settings);
+        return twoFactorAuthSettings;
     }
 
     @Override
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFaConfigManager.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFaConfigManager.java
index 0fe33b7757..c0e3200a4d 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFaConfigManager.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/TwoFaConfigManager.java
@@ -39,7 +39,7 @@ public interface TwoFaConfigManager {
 
     Optional<PlatformTwoFaSettings> getPlatformTwoFaSettings(TenantId tenantId, boolean sysadminSettingsAsDefault);
 
-    void savePlatformTwoFaSettings(TenantId tenantId, PlatformTwoFaSettings twoFactorAuthSettings) throws ThingsboardException;
+    PlatformTwoFaSettings savePlatformTwoFaSettings(TenantId tenantId, PlatformTwoFaSettings twoFactorAuthSettings) throws ThingsboardException;
 
     void deletePlatformTwoFaSettings(TenantId tenantId);
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
index 4ab4069b61..b4f0b293d3 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.java
@@ -55,7 +55,9 @@ public class RestAwareAuthenticationSuccessHandler implements AuthenticationSucc
 
         if (authentication instanceof MfaAuthenticationToken) {
             int preVerificationTokenLifetime = twoFaConfigManager.getPlatformTwoFaSettings(securityUser.getTenantId(), true)
-                    .flatMap(settings -> Optional.ofNullable(settings.getTotalAllowedTimeForVerification())).orElse((int) TimeUnit.MINUTES.toSeconds(30));
+                    .flatMap(settings -> Optional.ofNullable(settings.getTotalAllowedTimeForVerification())
+                            .filter(time -> time > 0))
+                    .orElse((int) TimeUnit.MINUTES.toSeconds(30));
             tokenPair.setToken(tokenFactory.createPreVerificationToken(securityUser, preVerificationTokenLifetime).getToken());
             tokenPair.setRefreshToken(null);
             tokenPair.setScope(Authority.PRE_VERIFICATION_TOKEN);
diff --git a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
index 57d009070c..65b89c85b8 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
@@ -172,11 +172,12 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
             return;
         }
 
-        if (twoFaSettings.getMaxVerificationFailuresBeforeUserLockout() > 0
-                && failedVerificationAttempts >= twoFaSettings.getMaxVerificationFailuresBeforeUserLockout()) {
+        Integer maxVerificationFailures = twoFaSettings.getMaxVerificationFailuresBeforeUserLockout();
+        if (maxVerificationFailures != null && maxVerificationFailures > 0
+                && failedVerificationAttempts >= maxVerificationFailures) {
             userService.setUserCredentialsEnabled(TenantId.SYS_TENANT_ID, userId, false);
             SecuritySettings securitySettings = self.getSecuritySettings(tenantId);
-            lockAccount(userId, securityUser.getEmail(), securitySettings.getUserLockoutNotificationEmail(), twoFaSettings.getMaxVerificationFailuresBeforeUserLockout());
+            lockAccount(userId, securityUser.getEmail(), securitySettings.getUserLockoutNotificationEmail(), maxVerificationFailures);
             throw new LockedException("User account was locked due to exceeded 2FA verification attempts");
         }
     }
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
index 9d581c0867..930b858316 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
@@ -37,7 +37,7 @@ public class PlatformTwoFaSettings {
     @Pattern(regexp = "[1-9]\\d*:[1-9]\\d*", message = "verification code check rate limit configuration is invalid")
     private String verificationCodeCheckRateLimit;
     @Min(value = 0, message = "maximum number of verification failure before user lockout must be positive")
-    private int maxVerificationFailuresBeforeUserLockout;
+    private Integer maxVerificationFailuresBeforeUserLockout;
     @Min(value = 1, message = "total amount of time allotted for verification must be greater than 0")
     private Integer totalAllowedTimeForVerification;
 
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/BackupCodeTwoFaProviderConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/BackupCodeTwoFaProviderConfig.java
index 9dc2a00b23..92def57ee4 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/BackupCodeTwoFaProviderConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/BackupCodeTwoFaProviderConfig.java
@@ -22,7 +22,7 @@ import javax.validation.constraints.Min;
 @Data
 public class BackupCodeTwoFaProviderConfig implements TwoFaProviderConfig {
 
-    @Min(0)
+    @Min(1)
     private int codesQuantity;
 
     @Override

From 76de89189037383cc4956fac9594a4ff4f1fe9a1 Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Thu, 26 May 2022 16:26:14 +0300
Subject: [PATCH 73/92] UI: 2fa improvement settings

---
 .../server/controller/TwoFaConfigController.java           | 6 +++---
 .../security/auth/mfa/DefaultTwoFactorAuthService.java     | 2 +-
 .../data/security/model/mfa/PlatformTwoFaSettings.java     | 1 +
 .../model/mfa/provider/BackupCodeTwoFaProviderConfig.java  | 2 +-
 .../src/app/core/http/two-factor-authentication.service.ts | 4 ++--
 .../home/pages/admin/two-factor-auth-settings.component.ts | 7 ++++---
 6 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
index 60239f3603..4b34b95f59 100644
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFaConfigController.java
@@ -218,10 +218,10 @@ public class TwoFaConfigController extends BaseController {
     @ApiOperation(value = "Save platform 2FA settings (savePlatformTwoFaSettings)",
             notes = "Save 2FA settings for platform. The settings have following properties:\n" +
                     "- `providers` - the list of 2FA providers' configs. Users will only be allowed to use 2FA providers from this list. \n\n" +
-                    "- `minVerificationCodeSendPeriod` - minimal period in seconds to wait after verification code send request to send next request. " +
-                    "The format is standard: 'amountOfRequests:periodInSeconds'. The value of '1:60' would limit verification " +
-                    "code sending requests to one per minute.\n" +
+                    "- `minVerificationCodeSendPeriod` - minimal period in seconds to wait after verification code send request to send next request. \n" +
                     "- `verificationCodeCheckRateLimit` - rate limit configuration for verification code checking.\n" +
+                    "The format is standard: 'amountOfRequests:periodInSeconds'. The value of '1:60' would limit verification " +
+                    "code checking requests to one per minute.\n" +
                     "- `maxVerificationFailuresBeforeUserLockout` - maximum number of verification failures before a user gets disabled.\n" +
                     "- `totalAllowedTimeForVerification` - total amount of time in seconds allotted for verification. " +
                     "Basically, this property sets a lifetime for pre-verification token. If not set, default value of 30 minutes is used.\n" + NEW_LINE +
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
index 5929f04468..78bf0cdcf6 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
@@ -88,7 +88,7 @@ public class DefaultTwoFactorAuthService implements TwoFactorAuthService {
         if (checkLimits) {
             Integer minVerificationCodeSendPeriod = twoFaSettings.getMinVerificationCodeSendPeriod();
             String rateLimit = null;
-            if (minVerificationCodeSendPeriod != null && minVerificationCodeSendPeriod > 0) {
+            if (minVerificationCodeSendPeriod != null && minVerificationCodeSendPeriod > 4) {
                 rateLimit = "1:" + minVerificationCodeSendPeriod;
             }
             checkRateLimits(user.getId(), accountConfig.getProviderType(), rateLimit, verificationCodeSendingRateLimits);
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
index 930b858316..9b660758d8 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
@@ -33,6 +33,7 @@ public class PlatformTwoFaSettings {
     @Valid
     private List<TwoFaProviderConfig> providers;
 
+    @Min(value = 5, message = "minimum verification code sent period must be greater than or equal 5")
     private Integer minVerificationCodeSendPeriod;
     @Pattern(regexp = "[1-9]\\d*:[1-9]\\d*", message = "verification code check rate limit configuration is invalid")
     private String verificationCodeCheckRateLimit;
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/BackupCodeTwoFaProviderConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/BackupCodeTwoFaProviderConfig.java
index 92def57ee4..e8d4b90e03 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/BackupCodeTwoFaProviderConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/provider/BackupCodeTwoFaProviderConfig.java
@@ -22,7 +22,7 @@ import javax.validation.constraints.Min;
 @Data
 public class BackupCodeTwoFaProviderConfig implements TwoFaProviderConfig {
 
-    @Min(1)
+    @Min(value = 1, message = "backup codes quantity must be greater than 0")
     private int codesQuantity;
 
     @Override
diff --git a/ui-ngx/src/app/core/http/two-factor-authentication.service.ts b/ui-ngx/src/app/core/http/two-factor-authentication.service.ts
index 2e3a7caeeb..a22da972ad 100644
--- a/ui-ngx/src/app/core/http/two-factor-authentication.service.ts
+++ b/ui-ngx/src/app/core/http/two-factor-authentication.service.ts
@@ -40,8 +40,8 @@ export class TwoFactorAuthenticationService {
     return this.http.get<TwoFactorAuthSettings>(`/api/2fa/settings`, defaultHttpOptionsFromConfig(config));
   }
 
-  saveTwoFaSettings(settings: TwoFactorAuthSettings, config?: RequestConfig): Observable<any> {
-    return this.http.post(`/api/2fa/settings`, settings, defaultHttpOptionsFromConfig(config));
+  saveTwoFaSettings(settings: TwoFactorAuthSettings, config?: RequestConfig): Observable<TwoFactorAuthSettings> {
+    return this.http.post<TwoFactorAuthSettings>(`/api/2fa/settings`, settings, defaultHttpOptionsFromConfig(config));
   }
 
   getAvailableTwoFaProviders(config?: RequestConfig): Observable<Array<TwoFactorAuthProviderType>> {
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
index 7567d57d73..72480b4d44 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
@@ -79,7 +79,8 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
       providers.forEach(provider => delete provider.enable);
       const config = Object.assign(setting, {providers});
       this.twoFaService.saveTwoFaSettings(config).subscribe(
-        () => {
+        (settings) => {
+          this.setAuthConfigFormValue(settings);
           this.twoFaFormGroup.markAsUntouched();
           this.twoFaFormGroup.markAsPristine();
         }
@@ -124,8 +125,8 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
         Validators.pattern(/^\d*$/)
       ]],
       verificationCodeCheckRateLimitEnable: [false],
-      verificationCodeCheckRateLimitNumber: ['3', this.posIntValidation],
-      verificationCodeCheckRateLimitTime: ['900', this.posIntValidation],
+      verificationCodeCheckRateLimitNumber: [{value: 3, disabled: true}, this.posIntValidation],
+      verificationCodeCheckRateLimitTime: [{value: 900, disabled: true}, this.posIntValidation],
       minVerificationCodeSendPeriod: ['30', [Validators.required, Validators.min(5), Validators.pattern(/^\d*$/)]],
       providers: this.fb.array([])
     });

From 026361ce69b5aff0649ea1b7a21803e81d028911 Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Fri, 27 May 2022 10:35:17 +0300
Subject: [PATCH 74/92] UI: Revert change

---
 ui-ngx/src/app/core/auth/auth.service.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui-ngx/src/app/core/auth/auth.service.ts b/ui-ngx/src/app/core/auth/auth.service.ts
index efec71142f..829d6c49b4 100644
--- a/ui-ngx/src/app/core/auth/auth.service.ts
+++ b/ui-ngx/src/app/core/auth/auth.service.ts
@@ -238,7 +238,7 @@ export class AuthService {
     );
   }
 
-  private forceDefaultPlace(authState?: AuthState, path?: string, params?: any): boolean {
+  public forceDefaultPlace(authState?: AuthState, path?: string, params?: any): boolean {
     if (authState && authState.authUser) {
       if (authState.authUser.authority === Authority.TENANT_ADMIN || authState.authUser.authority === Authority.CUSTOMER_USER) {
         if ((this.userHasDefaultDashboard(authState) && authState.forceFullscreen) || authState.authUser.isPublic) {

From 985f7c79aa98ef9deb3b5b04168a62346662cec6 Mon Sep 17 00:00:00 2001
From: Viacheslav Klimov <viacheslavklimov11@gmail.com>
Date: Fri, 27 May 2022 12:34:12 +0300
Subject: [PATCH 75/92] 2FA refactoring

---
 .../server/service/mail/DefaultMailService.java   | 15 +++++----------
 .../auth/mfa/DefaultTwoFactorAuthService.java     |  8 ++++----
 .../mfa/provider/impl/EmailTwoFaProvider.java     |  4 +++-
 .../server/service/sms/DefaultSmsService.java     | 10 +++++-----
 .../security/model/mfa/PlatformTwoFaSettings.java |  2 ++
 .../thingsboard/rule/engine/api/MailService.java  |  4 ++--
 .../thingsboard/rule/engine/api/SmsService.java   |  4 ++--
 7 files changed, 23 insertions(+), 24 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java b/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java
index 9d2f7b8891..b0c77f2794 100644
--- a/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java
+++ b/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java
@@ -105,16 +105,6 @@ public class DefaultMailService implements MailService {
         }
     }
 
-    @Override
-    public boolean isConfigured(TenantId tenantId) {
-        try {
-            mailSender.testConnection();
-            return true;
-        } catch (MessagingException e) {
-            return false;
-        }
-    }
-
     private JavaMailSenderImpl createMailSender(JsonNode jsonConfig) {
         JavaMailSenderImpl mailSender = new JavaMailSenderImpl();
         mailSender.setHost(jsonConfig.get("smtpHost").asText());
@@ -360,6 +350,11 @@ public class DefaultMailService implements MailService {
         sendMail(mailSender, mailFrom, email, subject, message);
     }
 
+    @Override
+    public void testConnection(TenantId tenantId) throws Exception {
+        mailSender.testConnection();
+    }
+
     private String toEnabledValueLabel(ApiFeature apiFeature) {
         switch (apiFeature) {
             case DB:
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
index 78bf0cdcf6..af78d307d3 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
@@ -121,11 +121,11 @@ public class DefaultTwoFactorAuthService implements TwoFactorAuthService {
         TwoFaProviderConfig providerConfig = twoFaSettings.getProviderConfig(accountConfig.getProviderType())
                 .orElseThrow(() -> PROVIDER_NOT_CONFIGURED_ERROR);
 
-        boolean verificationSuccess;
+        boolean verificationSuccess = false;
         if (StringUtils.isNotBlank(verificationCode)) {
-            verificationSuccess = getTwoFaProvider(accountConfig.getProviderType()).checkVerificationCode(user, verificationCode, providerConfig, accountConfig);
-        } else {
-            verificationSuccess = false;
+            if (StringUtils.isNumeric(verificationCode) || accountConfig.getProviderType() == TwoFaProviderType.BACKUP_CODE) {
+                verificationSuccess = getTwoFaProvider(accountConfig.getProviderType()).checkVerificationCode(user, verificationCode, providerConfig, accountConfig);
+            }
         }
         if (checkLimits) {
             try {
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFaProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFaProvider.java
index 2aa5985514..085b5a9f45 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFaProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFaProvider.java
@@ -48,7 +48,9 @@ public class EmailTwoFaProvider extends OtpBasedTwoFaProvider<EmailTwoFaProvider
 
     @Override
     public void check(TenantId tenantId) throws ThingsboardException {
-        if (!mailService.isConfigured(tenantId)) {
+        try {
+            mailService.testConnection(tenantId);
+        } catch (Exception e) {
             throw new ThingsboardException("Mail service is not set up", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
         }
     }
diff --git a/application/src/main/java/org/thingsboard/server/service/sms/DefaultSmsService.java b/application/src/main/java/org/thingsboard/server/service/sms/DefaultSmsService.java
index ce22b0bd4b..1c85e65325 100644
--- a/application/src/main/java/org/thingsboard/server/service/sms/DefaultSmsService.java
+++ b/application/src/main/java/org/thingsboard/server/service/sms/DefaultSmsService.java
@@ -86,11 +86,6 @@ public class DefaultSmsService implements SmsService {
         }
     }
 
-    @Override
-    public boolean isConfigured(TenantId tenantId) {
-        return smsSender != null;
-    }
-
     private int sendSms(String numberTo, String message) throws ThingsboardException {
         if (this.smsSender == null) {
             throw new ThingsboardException("Unable to send SMS: no SMS provider configured!", ThingsboardErrorCode.GENERAL);
@@ -128,6 +123,11 @@ public class DefaultSmsService implements SmsService {
         testSmsSender.destroy();
     }
 
+    @Override
+    public boolean isConfigured(TenantId tenantId) {
+        return smsSender != null;
+    }
+
     private int sendSms(SmsSender smsSender, String numberTo, String message) throws ThingsboardException {
         try {
             return smsSender.sendSms(numberTo, message);
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
index 9b660758d8..6f4b8d806f 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
@@ -22,6 +22,7 @@ import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProvi
 
 import javax.validation.Valid;
 import javax.validation.constraints.Min;
+import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Pattern;
 import java.util.List;
 import java.util.Optional;
@@ -31,6 +32,7 @@ import java.util.Optional;
 public class PlatformTwoFaSettings {
 
     @Valid
+    @NotNull
     private List<TwoFaProviderConfig> providers;
 
     @Min(value = 5, message = "minimum verification code sent period must be greater than or equal 5")
diff --git a/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/MailService.java b/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/MailService.java
index 6ac4417934..c4b47d2e46 100644
--- a/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/MailService.java
+++ b/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/MailService.java
@@ -28,8 +28,6 @@ public interface MailService {
 
     void updateMailConfiguration();
 
-    boolean isConfigured(TenantId tenantId);
-
     void sendEmail(TenantId tenantId, String email, String subject, String message) throws ThingsboardException;
 
     void sendTestMail(JsonNode config, String email) throws ThingsboardException;
@@ -54,4 +52,6 @@ public interface MailService {
 
     void sendApiFeatureStateEmail(ApiFeature apiFeature, ApiUsageStateValue stateValue, String email, ApiUsageStateMailMessage msg) throws ThingsboardException;
 
+    void testConnection(TenantId tenantId) throws Exception;
+
 }
diff --git a/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/SmsService.java b/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/SmsService.java
index c38f99ecb2..90c199cd42 100644
--- a/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/SmsService.java
+++ b/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/SmsService.java
@@ -24,10 +24,10 @@ public interface SmsService {
 
     void updateSmsConfiguration();
 
-    boolean isConfigured(TenantId tenantId);
-
     void sendSms(TenantId tenantId, CustomerId customerId, String[] numbersTo, String message) throws ThingsboardException;;
 
     void sendTestSms(TestSmsRequest testSmsRequest) throws ThingsboardException;
 
+    boolean isConfigured(TenantId tenantId);
+
 }

From 4ba75a7c38a4183bc2ae442ce8169ec7c59eede2 Mon Sep 17 00:00:00 2001
From: fe-dev <Dgerik2015@gmail.com>
Date: Fri, 27 May 2022 15:37:36 +0300
Subject: [PATCH 76/92] UI: Fixed build project

---
 ui-ngx/src/app/modules/common/modules-map.ts    | 2 ++
 ui-ngx/src/app/shared/models/settings.models.ts | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/ui-ngx/src/app/modules/common/modules-map.ts b/ui-ngx/src/app/modules/common/modules-map.ts
index b4f4ea1328..0d3f102564 100644
--- a/ui-ngx/src/app/modules/common/modules-map.ts
+++ b/ui-ngx/src/app/modules/common/modules-map.ts
@@ -157,6 +157,7 @@ import * as ImageInputComponent from '@shared/components/image-input.component';
 import * as FileInputComponent from '@shared/components/file-input.component';
 import * as MessageTypeAutocompleteComponent from '@shared/components/message-type-autocomplete.component';
 import * as KeyValMapComponent from '@shared/components/kv-map.component';
+import * as MultipleImageInputComponent from '@shared/components/multiple-image-input.component';
 import * as NavTreeComponent from '@shared/components/nav-tree.component';
 import * as LedLightComponent from '@shared/components/led-light.component';
 import * as TbJsonToStringDirective from '@shared/components/directives/tb-json-to-string.directive';
@@ -439,6 +440,7 @@ class ModulesMap implements IModulesMap {
     '@shared/components/file-input.component': FileInputComponent,
     '@shared/components/message-type-autocomplete.component': MessageTypeAutocompleteComponent,
     '@shared/components/kv-map.component': KeyValMapComponent,
+    '@shared/components/multiple-image-input.component': MultipleImageInputComponent,
     '@shared/components/nav-tree.component': NavTreeComponent,
     '@shared/components/led-light.component': LedLightComponent,
     '@shared/components/directives/tb-json-to-string.directive': TbJsonToStringDirective,
diff --git a/ui-ngx/src/app/shared/models/settings.models.ts b/ui-ngx/src/app/shared/models/settings.models.ts
index 615d0994c9..e00c8e28a0 100644
--- a/ui-ngx/src/app/shared/models/settings.models.ts
+++ b/ui-ngx/src/app/shared/models/settings.models.ts
@@ -141,7 +141,7 @@ export enum TypeOfNumber {
   Abbreviated = 'Abbreviated'
 }
 
-interface TypeDescriptor {
+export interface TypeDescriptor {
   name: string;
   value: number;
 }

From 095851897aa6d5f4a067416a3f60337d6f5b1000 Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Fri, 27 May 2022 16:02:32 +0300
Subject: [PATCH 77/92] UI: Fixed 2fa auth.guard and setting style

---
 ui-ngx/src/app/core/guards/auth.guard.ts      | 19 ++++++++++---------
 .../two-factor-auth-settings.component.html   | 18 +++++++++---------
 .../two-factor-auth-settings.component.ts     |  6 +++---
 3 files changed, 22 insertions(+), 21 deletions(-)

diff --git a/ui-ngx/src/app/core/guards/auth.guard.ts b/ui-ngx/src/app/core/guards/auth.guard.ts
index 4fe53d7bdc..fb424b06e3 100644
--- a/ui-ngx/src/app/core/guards/auth.guard.ts
+++ b/ui-ngx/src/app/core/guards/auth.guard.ts
@@ -78,7 +78,7 @@ export class AuthGuard implements CanActivate, CanActivateChild {
         const params = lastChild.params || {};
         const isPublic = data.module === 'public';
 
-        if (!authState.isAuthenticated) {
+        if (!authState.isAuthenticated || isPublic) {
           if (publicId && publicId.length > 0) {
             this.authService.setUserFromJwtToken(null, null, false);
             this.authService.reloadUser();
@@ -95,7 +95,15 @@ export class AuthGuard implements CanActivate, CanActivateChild {
                 })
               );
             } else if (path === 'login.mfa') {
-              return of(this.router.parseUrl('/login'));
+              if (authState.authUser?.authority === Authority.PRE_VERIFICATION_TOKEN) {
+                return this.authService.getAvailableTwoFaLoginProviders().pipe(
+                  map(() => {
+                    return true;
+                  })
+                );
+              }
+              this.authService.logout();
+              return of(this.authService.defaultUrl(false));
             } else {
               return of(true);
             }
@@ -117,13 +125,6 @@ export class AuthGuard implements CanActivate, CanActivateChild {
             return of(false);
           }
           if (authState.authUser.authority === Authority.PRE_VERIFICATION_TOKEN) {
-            if (path === 'login.mfa') {
-              return this.authService.getAvailableTwoFaLoginProviders().pipe(
-                map(() => {
-                  return true;
-                })
-              );
-            }
             this.authService.logout();
             return of(false);
           }
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
index dde38b21f6..9e0f54243f 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
@@ -30,7 +30,7 @@
     <mat-card-content>
       <form [formGroup]="twoFaFormGroup" (ngSubmit)="save()">
         <fieldset [disabled]="isLoading$ | async">
-          <ng-container>
+          <div>
             <fieldset class="fields-group" formArrayName="providers">
               <legend class="group-title" translate>admin.2fa.available-providers</legend>
               <ng-container *ngFor="let provider of providersForm.controls; let i = index; let $last = last; trackBy: trackByElement">
@@ -186,14 +186,14 @@
                 </ng-template>
               </mat-expansion-panel>
             </fieldset>
-            <div fxLayout="row" fxLayoutAlign="end center" fxLayoutGap="8px">
-              <button mat-button mat-raised-button color="primary"
-                      [disabled]="(isLoading$ | async) || twoFaFormGroup.invalid || !twoFaFormGroup.dirty"
-                      type="submit">
-                {{'action.save' | translate}}
-              </button>
-            </div>
-          </ng-container>
+          </div>
+          <div fxLayout="row" fxLayoutAlign="end center" fxLayoutGap="8px">
+            <button mat-button mat-raised-button color="primary"
+                    [disabled]="(isLoading$ | async) || twoFaFormGroup.invalid || !twoFaFormGroup.dirty"
+                    type="submit">
+              {{'action.save' | translate}}
+            </button>
+          </div>
         </fieldset>
       </form>
     </mat-card-content>
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
index 72480b4d44..98beae21cf 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
@@ -147,9 +147,9 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
   }
 
   private setAuthConfigFormValue(settings: TwoFactorAuthSettings) {
-    const [checkRateLimitNumber, checkRateLimitTime] = this.splitRateLimit(settings.verificationCodeCheckRateLimit);
-    const allowProvidersConfig = settings.providers.map(provider => provider.providerType);
-    const processFormValue: TwoFactorAuthSettingsForm = Object.assign(deepClone(settings), {
+    const [checkRateLimitNumber, checkRateLimitTime] = this.splitRateLimit(settings?.verificationCodeCheckRateLimit);
+    const allowProvidersConfig = settings?.providers.map(provider => provider.providerType) || [];
+    const processFormValue: TwoFactorAuthSettingsForm = Object.assign({}, settings, {
       verificationCodeCheckRateLimitEnable: checkRateLimitNumber > 0,
       verificationCodeCheckRateLimitNumber: checkRateLimitNumber || 3,
       verificationCodeCheckRateLimitTime: checkRateLimitTime || 900,

From 7836ad6f903e38a482e984bbb96fbbc6fe90f595 Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Fri, 27 May 2022 17:34:09 +0300
Subject: [PATCH 78/92] UI: Add validation 2fa settings

---
 .../two-factor-auth-settings.component.ts     | 21 ++++++++++++++++---
 .../app/modules/login/login-routing.module.ts |  2 +-
 .../assets/locale/locale.constant-en_US.json  |  1 +
 3 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
index 98beae21cf..895b80ed08 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
@@ -22,12 +22,13 @@ import { AppState } from '@core/core.state';
 import { FormArray, FormBuilder, FormGroup, Validators } from '@angular/forms';
 import { TwoFactorAuthenticationService } from '@core/http/two-factor-authentication.service';
 import {
+  TwoFactorAuthProviderConfigForm,
   twoFactorAuthProvidersData,
   TwoFactorAuthProviderType,
   TwoFactorAuthSettings,
   TwoFactorAuthSettingsForm
 } from '@shared/models/two-factor-auth.models';
-import { deepClone, isNotEmptyStr } from '@core/utils';
+import { isNotEmptyStr } from '@core/utils';
 import { Subject } from 'rxjs';
 import { takeUntil } from 'rxjs/operators';
 import { MatExpansionPanel } from '@angular/material/expansion';
@@ -73,7 +74,7 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
 
   save() {
     if (this.twoFaFormGroup.valid) {
-      const setting = this.twoFaFormGroup.value as TwoFactorAuthSettingsForm;
+      const setting = this.twoFaFormGroup.getRawValue() as TwoFactorAuthSettingsForm;
       this.joinRateLimit(setting, 'verificationCodeCheckRateLimit');
       const providers = setting.providers.filter(provider => provider.enable);
       providers.forEach(provider => delete provider.enable);
@@ -144,6 +145,20 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
         this.twoFaFormGroup.get('verificationCodeCheckRateLimitTime').disable({emitEvent: false});
       }
     });
+    this.providersForm.valueChanges.pipe(
+      takeUntil(this.destroy$)
+    ).subscribe((value: TwoFactorAuthProviderConfigForm[]) => {
+      const activeProvider = value.filter(provider => provider.enable);
+      const indexBackupCode = Object.values(TwoFactorAuthProviderType).indexOf(TwoFactorAuthProviderType.BACKUP_CODE);
+      if (!activeProvider.length ||
+        activeProvider.length === 1 && activeProvider[0].providerType === TwoFactorAuthProviderType.BACKUP_CODE) {
+        this.providersForm.at(indexBackupCode).get('enable').setValue(false, {emitEvent: false});
+        this.providersForm.at(indexBackupCode).disable( {emitEvent: false});
+        this.providersForm.at(indexBackupCode).get('providerType').enable({emitEvent: false});
+      } else {
+        this.providersForm.at(indexBackupCode).get('enable').enable( {emitEvent: false});
+      }
+    });
   }
 
   private setAuthConfigFormValue(settings: TwoFactorAuthSettings) {
@@ -205,7 +220,7 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
         newProviders.get('providerType').enable({emitEvent: false});
       }
     });
-    this.providersForm.push(newProviders);
+    this.providersForm.push(newProviders, {emitEvent: false});
   }
 
   private getByIndexPanel(index: number) {
diff --git a/ui-ngx/src/app/modules/login/login-routing.module.ts b/ui-ngx/src/app/modules/login/login-routing.module.ts
index 6305fa9dfd..425f6d16c8 100644
--- a/ui-ngx/src/app/modules/login/login-routing.module.ts
+++ b/ui-ngx/src/app/modules/login/login-routing.module.ts
@@ -76,7 +76,7 @@ const routes: Routes = [
     path: 'login/mfa',
     component: TwoFactorAuthLoginComponent,
     data: {
-      title: 'login.create-password',
+      title: 'login.two-factor-authentication',
       auth: [Authority.PRE_VERIFICATION_TOKEN],
       module: 'public'
     },
diff --git a/ui-ngx/src/assets/locale/locale.constant-en_US.json b/ui-ngx/src/assets/locale/locale.constant-en_US.json
index 7e5ab2fb72..69537cdd56 100644
--- a/ui-ngx/src/assets/locale/locale.constant-en_US.json
+++ b/ui-ngx/src/assets/locale/locale.constant-en_US.json
@@ -2480,6 +2480,7 @@
         "request-password-reset": "Request Password Reset",
         "reset-password": "Reset Password",
         "create-password": "Create Password",
+        "two-factor-authentication": "Two factor authentication",
         "passwords-mismatch-error": "Entered passwords must be same!",
         "password-again": "Password again",
         "sign-in": "Please sign in",

From f0d887b91aa8a9870302246ff92c0ce4d0dcb23a Mon Sep 17 00:00:00 2001
From: Andrii Shvaika <ashvayka@thingsboard.io>
Date: Mon, 30 May 2022 12:16:30 +0300
Subject: [PATCH 79/92] NPE fix in DefaultTbContext

---
 .../server/actors/ruleChain/DefaultTbContext.java         | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/actors/ruleChain/DefaultTbContext.java b/application/src/main/java/org/thingsboard/server/actors/ruleChain/DefaultTbContext.java
index 66fe935d68..9456e710df 100644
--- a/application/src/main/java/org/thingsboard/server/actors/ruleChain/DefaultTbContext.java
+++ b/application/src/main/java/org/thingsboard/server/actors/ruleChain/DefaultTbContext.java
@@ -169,7 +169,9 @@ class DefaultTbContext implements TbContext {
     private void enqueue(TopicPartitionInfo tpi, TbMsg tbMsg, Consumer<Throwable> onFailure, Runnable onSuccess) {
         if (!tbMsg.isValid()) {
             log.trace("[{}] Skip invalid message: {}", getTenantId(), tbMsg);
-            onFailure.accept(new IllegalArgumentException("Source message is no longer valid!"));
+            if (onFailure != null) {
+                onFailure.accept(new IllegalArgumentException("Source message is no longer valid!"));
+            }
             return;
         }
         TransportProtos.ToRuleEngineMsg msg = TransportProtos.ToRuleEngineMsg.newBuilder()
@@ -242,7 +244,9 @@ class DefaultTbContext implements TbContext {
     private void enqueueForTellNext(TopicPartitionInfo tpi, String queueName, TbMsg source, Set<String> relationTypes, String failureMessage, Runnable onSuccess, Consumer<Throwable> onFailure) {
         if (!source.isValid()) {
             log.trace("[{}] Skip invalid message: {}", getTenantId(), source);
-            onFailure.accept(new IllegalArgumentException("Source message is no longer valid!"));
+            if (onFailure != null) {
+                onFailure.accept(new IllegalArgumentException("Source message is no longer valid!"));
+            }
             return;
         }
         RuleChainId ruleChainId = nodeCtx.getSelf().getRuleChainId();

From 65541b9aed2c7e2a87568f1f5ed08ae309001227 Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Mon, 30 May 2022 13:00:01 +0300
Subject: [PATCH 80/92] UI: Fix style sms auth dialog

---
 .../authentication-dialog/sms-auth-dialog.component.html        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.html b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.html
index 25a444257e..d4fb60095a 100644
--- a/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.html
+++ b/ui-ngx/src/app/modules/home/pages/security/authentication-dialog/sms-auth-dialog.component.html
@@ -36,7 +36,7 @@
       <ng-template matStepLabel>{{ 'security.2fa.dialog.sms-step-label' | translate }}</ng-template>
       <form [formGroup]="smsConfigForm" (ngSubmit)="nextStep()">
         <p class="mat-body step-description input" translate>security.2fa.dialog.sms-step-description</p>
-        <div fxLayout="row" fxLayoutAlign="space-between center">
+        <div fxLayout="row" fxLayoutAlign="space-between center" fxLayoutGap="8px">
           <mat-form-field  fxFlex class="mat-block input-container" floatLabel="always" hideRequiredMarker>
             <mat-label></mat-label>
             <input type="tel" required

From f68bbd58d7bf2ebd4588a6b4a2b17fc7ce3fb011 Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Mon, 30 May 2022 15:35:07 +0300
Subject: [PATCH 81/92] Change 2fa mail pattern to replace code

---
 .../org/thingsboard/server/service/mail/DefaultMailService.java | 2 +-
 .../src/main/resources/templates/2fa.verification.code.ftl      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java b/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java
index b0c77f2794..f33f6d6a4e 100644
--- a/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java
+++ b/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java
@@ -316,7 +316,7 @@ public class DefaultMailService implements MailService {
         String subject = messages.getMessage("2fa.verification.code.subject", null, Locale.US);
         String message = mergeTemplateIntoString("2fa.verification.code.ftl", Map.of(
                 TARGET_EMAIL, email,
-                "verificationCode", verificationCode,
+                "сode", verificationCode,
                 "expirationTimeSeconds", expirationTimeSeconds
         ));
 
diff --git a/application/src/main/resources/templates/2fa.verification.code.ftl b/application/src/main/resources/templates/2fa.verification.code.ftl
index 994215ebcb..3c20b13ae8 100644
--- a/application/src/main/resources/templates/2fa.verification.code.ftl
+++ b/application/src/main/resources/templates/2fa.verification.code.ftl
@@ -76,7 +76,7 @@
                                 </tr>
                                 <tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
                                     <td class="content-block" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; color: #348eda; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;" valign="top" align="center">
-                                        <h2 style="margin-top: 8px;">${verificationCode}</h2>
+                                        <h2 style="margin-top: 8px;">${сode}</h2>
                                     </td>
                                 </tr>
                                 <tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">

From b050468e7f2d85994e3b7a4300804ab5d4a18808 Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Mon, 30 May 2022 18:01:02 +0300
Subject: [PATCH 82/92] UI: Move resend code in login 2fa page

---
 .../service/mail/DefaultMailService.java      |  2 +-
 .../templates/2fa.verification.code.ftl       |  2 +-
 .../two-factor-auth-login.component.html      | 43 +++++++++----------
 .../two-factor-auth-login.component.scss      |  3 +-
 .../assets/locale/locale.constant-en_US.json  |  2 +-
 5 files changed, 25 insertions(+), 27 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java b/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java
index f33f6d6a4e..7e1a3d7fa7 100644
--- a/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java
+++ b/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java
@@ -316,7 +316,7 @@ public class DefaultMailService implements MailService {
         String subject = messages.getMessage("2fa.verification.code.subject", null, Locale.US);
         String message = mergeTemplateIntoString("2fa.verification.code.ftl", Map.of(
                 TARGET_EMAIL, email,
-                "сode", verificationCode,
+                "code", verificationCode,
                 "expirationTimeSeconds", expirationTimeSeconds
         ));
 
diff --git a/application/src/main/resources/templates/2fa.verification.code.ftl b/application/src/main/resources/templates/2fa.verification.code.ftl
index 3c20b13ae8..0db3cd8215 100644
--- a/application/src/main/resources/templates/2fa.verification.code.ftl
+++ b/application/src/main/resources/templates/2fa.verification.code.ftl
@@ -76,7 +76,7 @@
                                 </tr>
                                 <tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
                                     <td class="content-block" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; color: #348eda; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;" valign="top" align="center">
-                                        <h2 style="margin-top: 8px;">${сode}</h2>
+                                        <h2 style="margin-top: 8px;">${code}</h2>
                                     </td>
                                 </tr>
                                 <tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
diff --git a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.html b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.html
index cf9e3186ba..b59139b36a 100644
--- a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.html
+++ b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.html
@@ -46,33 +46,32 @@
                        [attr.inputmode]="inputMode" [pattern]="pattern"
                        autocomplete="off"
                        placeholder="{{ providersData.get(selectedProvider).placeholder | translate }}"/>
-                <button *ngIf="showResendButton"
-                        mat-button matSuffix
-                        (click)="sendCode($event)"
-                        [disabled]="disabledResendButton"
-                        type="button" tabindex="-1">
-                  {{ 'login.resend-code' | translate }}
-                </button>
-                <mat-error *ngIf="verificationForm.get('verificationCode').invalid" style="margin-bottom: 8px">
+                <mat-error *ngIf="verificationForm.get('verificationCode').invalid">
                   {{ 'security.2fa.dialog.verification-code-invalid' | translate }}
                 </mat-error>
-                <mat-error *ngIf="verificationForm.get('verificationCode').invalid && showResendButton && countDownTime" class="timer">
-                  {{ 'login.resend-code-wait' | translate : {time: countDownTime} }}
-                </mat-error>
-                <mat-hint *ngIf="showResendButton && countDownTime" class="timer">
-                  {{ 'login.resend-code-wait' | translate : {time: countDownTime} }}
-                </mat-hint>
               </mat-form-field>
             </div>
             <span style="height: 50px;"></span>
-            <div fxLayout="column" fxLayoutGap="8px">
-              <button mat-raised-button
-                      color="accent"
-                      [disabled]="(isLoading$ | async) || verificationForm.invalid"
-                      type="submit">
-                {{ 'action.continue' | translate }}
-              </button>
-              <button mat-button
+            <button mat-raised-button
+                    color="accent"
+                    [disabled]="(isLoading$ | async) || verificationForm.invalid"
+                    type="submit">
+              {{ 'action.continue' | translate }}
+            </button>
+            <span style="height: 16px;"></span>
+            <div fxLayout="row" fxLayoutAlign="space-between center" fxLayoutGap="8px">
+              <div *ngIf="showResendButton" fxFlex="50" fxLayoutAlign="center center">
+                <div *ngIf="countDownTime" class="timer">
+                  {{ 'login.resend-code-wait' | translate : {time: countDownTime} }}
+                </div>
+                <button *ngIf="!disabledResendButton"
+                        mat-button fxFlex
+                        (click)="sendCode($event)"
+                        type="button">
+                  {{ 'login.resend-code' | translate }}
+                </button>
+              </div>
+              <button mat-button fxFlex
                       type="button"
                       (click)="selectProvider(null)">
                 {{ 'login.try-another-way' | translate }}
diff --git a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.scss b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.scss
index 864d099e3c..547b3b88a6 100644
--- a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.scss
+++ b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.scss
@@ -57,8 +57,7 @@
       }
 
       .timer {
-        font: 400 12px / 14px Roboto, "Helvetica Neue", sans-serif;
-        letter-spacing: 0.4px;
+        font: 500 12px / 14px Roboto, "Helvetica Neue", sans-serif;
         color: rgba(255, 255, 255, 0.8);
       }
     }
diff --git a/ui-ngx/src/assets/locale/locale.constant-en_US.json b/ui-ngx/src/assets/locale/locale.constant-en_US.json
index 69537cdd56..a316993329 100644
--- a/ui-ngx/src/assets/locale/locale.constant-en_US.json
+++ b/ui-ngx/src/assets/locale/locale.constant-en_US.json
@@ -2499,7 +2499,7 @@
         "verify-your-identity": "Verify your identity",
         "select-way-to-verify": "Select a way to verify",
         "resend-code": "Resend code",
-        "resend-code-wait": "Resend code wait { time, plural, 1 {1 second} other {# seconds} }",
+        "resend-code-wait": "Resend code in { time, plural, 1 {1 second} other {# seconds} }",
         "try-another-way": "Try another way",
         "totp-auth-description": "Please enter the security code from your authenticator app.",
         "totp-auth-placeholder": "Code",

From 59f18b0e0204afcb29eb6d0ff6cd7bc31bb540bf Mon Sep 17 00:00:00 2001
From: towfiq <towfiq.106@gmail.com>
Date: Tue, 31 May 2022 14:18:02 +0600
Subject: [PATCH 83/92] fix: typo fix in variable name and method name

---
 .../thingsboard/mqtt/MqttChannelHandler.java  |  2 +-
 .../org/thingsboard/mqtt/MqttClientImpl.java  | 25 +++++++++----------
 2 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/netty-mqtt/src/main/java/org/thingsboard/mqtt/MqttChannelHandler.java b/netty-mqtt/src/main/java/org/thingsboard/mqtt/MqttChannelHandler.java
index 48b5ea8a2e..faaadc456f 100644
--- a/netty-mqtt/src/main/java/org/thingsboard/mqtt/MqttChannelHandler.java
+++ b/netty-mqtt/src/main/java/org/thingsboard/mqtt/MqttChannelHandler.java
@@ -166,7 +166,7 @@ final class MqttChannelHandler extends SimpleChannelInboundHandler<MqttMessage>
         for (MqttPendingSubscription.MqttPendingHandler handler : pendingSubscription.getHandlers()) {
             MqttSubscription subscription = new MqttSubscription(pendingSubscription.getTopic(), handler.getHandler(), handler.isOnce());
             this.client.getSubscriptions().put(pendingSubscription.getTopic(), subscription);
-            this.client.getHandlerToSubscribtion().put(handler.getHandler(), subscription);
+            this.client.getHandlerToSubscription().put(handler.getHandler(), subscription);
         }
         this.client.getPendingSubscribeTopics().remove(pendingSubscription.getTopic());
 
diff --git a/netty-mqtt/src/main/java/org/thingsboard/mqtt/MqttClientImpl.java b/netty-mqtt/src/main/java/org/thingsboard/mqtt/MqttClientImpl.java
index 99fe5b31bc..e91af1c557 100644
--- a/netty-mqtt/src/main/java/org/thingsboard/mqtt/MqttClientImpl.java
+++ b/netty-mqtt/src/main/java/org/thingsboard/mqtt/MqttClientImpl.java
@@ -55,7 +55,6 @@ import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicInteger;
-import java.util.function.BiConsumer;
 
 /**
  * Represents an MqttClientImpl connected to a single MQTT server. Will try to keep the connection going at all times
@@ -70,7 +69,7 @@ final class MqttClientImpl implements MqttClient {
     private final HashMultimap<String, MqttSubscription> subscriptions = HashMultimap.create();
     private final ConcurrentMap<Integer, MqttPendingSubscription> pendingSubscriptions = new ConcurrentHashMap<>();
     private final Set<String> pendingSubscribeTopics = new HashSet<>();
-    private final HashMultimap<MqttHandler, MqttSubscription> handlerToSubscribtion = HashMultimap.create();
+    private final HashMultimap<MqttHandler, MqttSubscription> handlerToSubscription = HashMultimap.create();
     private final AtomicInteger nextMessageId = new AtomicInteger(1);
 
     private final MqttClientConfig clientConfig;
@@ -166,7 +165,7 @@ final class MqttClientImpl implements MqttClient {
                     pendingPublishes.forEach((id, mqttPendingPublish) -> mqttPendingPublish.onChannelClosed());
                     pendingPublishes.clear();
                     pendingSubscribeTopics.clear();
-                    handlerToSubscribtion.clear();
+                    handlerToSubscription.clear();
                     scheduleConnectIfRequired(host, port, true);
                 });
             } else {
@@ -283,11 +282,11 @@ final class MqttClientImpl implements MqttClient {
     @Override
     public Future<Void> off(String topic, MqttHandler handler) {
         Promise<Void> future = new DefaultPromise<>(this.eventLoop.next());
-        for (MqttSubscription subscription : this.handlerToSubscribtion.get(handler)) {
+        for (MqttSubscription subscription : this.handlerToSubscription.get(handler)) {
             this.subscriptions.remove(topic, subscription);
         }
-        this.handlerToSubscribtion.removeAll(handler);
-        this.checkSubscribtions(topic, future);
+        this.handlerToSubscription.removeAll(handler);
+        this.checkSubscriptions(topic, future);
         return future;
     }
 
@@ -303,12 +302,12 @@ final class MqttClientImpl implements MqttClient {
         Promise<Void> future = new DefaultPromise<>(this.eventLoop.next());
         ImmutableSet<MqttSubscription> subscriptions = ImmutableSet.copyOf(this.subscriptions.get(topic));
         for (MqttSubscription subscription : subscriptions) {
-            for (MqttSubscription handSub : this.handlerToSubscribtion.get(subscription.getHandler())) {
+            for (MqttSubscription handSub : this.handlerToSubscription.get(subscription.getHandler())) {
                 this.subscriptions.remove(topic, handSub);
             }
-            this.handlerToSubscribtion.remove(subscription.getHandler(), subscription);
+            this.handlerToSubscription.remove(subscription.getHandler(), subscription);
         }
-        this.checkSubscribtions(topic, future);
+        this.checkSubscriptions(topic, future);
         return future;
     }
 
@@ -461,7 +460,7 @@ final class MqttClientImpl implements MqttClient {
         if (this.serverSubscriptions.contains(topic)) {
             MqttSubscription subscription = new MqttSubscription(topic, handler, once);
             this.subscriptions.put(topic, subscription);
-            this.handlerToSubscribtion.put(handler, subscription);
+            this.handlerToSubscription.put(handler, subscription);
             return this.channel.newSucceededFuture();
         }
 
@@ -484,7 +483,7 @@ final class MqttClientImpl implements MqttClient {
         return future;
     }
 
-    private void checkSubscribtions(String topic, Promise<Void> promise) {
+    private void checkSubscriptions(String topic, Promise<Void> promise) {
         if (!(this.subscriptions.containsKey(topic) && this.subscriptions.get(topic).size() != 0) && this.serverSubscriptions.contains(topic)) {
             MqttFixedHeader fixedHeader = new MqttFixedHeader(MqttMessageType.UNSUBSCRIBE, false, MqttQoS.AT_LEAST_ONCE, false, 0);
             MqttMessageIdVariableHeader variableHeader = getNewMessageId();
@@ -514,8 +513,8 @@ final class MqttClientImpl implements MqttClient {
         return pendingSubscribeTopics;
     }
 
-    HashMultimap<MqttHandler, MqttSubscription> getHandlerToSubscribtion() {
-        return handlerToSubscribtion;
+    HashMultimap<MqttHandler, MqttSubscription> getHandlerToSubscription() {
+        return handlerToSubscription;
     }
 
     Set<String> getServerSubscriptions() {

From 9c8913edb4b44c55ed4bb785f541e7b2d3eb5c04 Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Tue, 31 May 2022 13:06:58 +0300
Subject: [PATCH 84/92] UI: Redesigned 2fa login page

---
 ui-ngx/src/app/core/auth/auth.service.ts      |  2 +-
 .../two-factor-auth-login.component.html      | 18 +++++++---
 .../two-factor-auth-login.component.scss      |  8 +++++
 .../login/two-factor-auth-login.component.ts  | 34 ++++++++++++++-----
 .../assets/locale/locale.constant-en_US.json  |  2 ++
 5 files changed, 51 insertions(+), 13 deletions(-)

diff --git a/ui-ngx/src/app/core/auth/auth.service.ts b/ui-ngx/src/app/core/auth/auth.service.ts
index 829d6c49b4..527c4cb6de 100644
--- a/ui-ngx/src/app/core/auth/auth.service.ts
+++ b/ui-ngx/src/app/core/auth/auth.service.ts
@@ -127,7 +127,7 @@ export class AuthService {
 
   public checkTwoFaVerificationCode(providerType: TwoFactorAuthProviderType, verificationCode: number): Observable<LoginResponse> {
     return this.http.post<LoginResponse>(`/api/auth/2fa/verification/check?providerType=${providerType}&verificationCode=${verificationCode}`,
-      null, defaultHttpOptions()).pipe(
+      null, defaultHttpOptions(false, true)).pipe(
       tap((loginResponse: LoginResponse) => {
           this.setUserFromJwtToken(loginResponse.token, loginResponse.refreshToken, true);
         }
diff --git a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.html b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.html
index b59139b36a..f6592e686e 100644
--- a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.html
+++ b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.html
@@ -46,9 +46,18 @@
                        [attr.inputmode]="inputMode" [pattern]="pattern"
                        autocomplete="off"
                        placeholder="{{ providersData.get(selectedProvider).placeholder | translate }}"/>
-                <mat-error *ngIf="verificationForm.get('verificationCode').invalid">
+                <mat-error *ngIf="verificationForm.get('verificationCode').getError('required') ||
+                                  verificationForm.get('verificationCode').getError('minlength') ||
+                                  verificationForm.get('verificationCode').getError('maxlength') ||
+                                  verificationForm.get('verificationCode').getError('pattern')">
                   {{ 'security.2fa.dialog.verification-code-invalid' | translate }}
                 </mat-error>
+                <mat-error *ngIf="verificationForm.get('verificationCode').getError('incorrectCode')">
+                  {{ 'security.2fa.dialog.verification-code-incorrect' | translate }}
+                </mat-error>
+                <mat-error *ngIf="verificationForm.get('verificationCode').getError('tooManyRequest')">
+                  {{ 'security.2fa.dialog.verification-code-many-request' | translate }}
+                </mat-error>
               </mat-form-field>
             </div>
             <span style="height: 50px;"></span>
@@ -59,12 +68,12 @@
               {{ 'action.continue' | translate }}
             </button>
             <span style="height: 16px;"></span>
-            <div fxLayout="row" fxLayoutAlign="space-between center" fxLayoutGap="8px">
-              <div *ngIf="showResendButton" fxFlex="50" fxLayoutAlign="center center">
+            <div fxLayout="row" fxLayoutAlign="space-between center" fxLayoutGap="8px" class="action-row">
+              <div *ngIf="showResendAction" fxFlex fxLayoutAlign="center center" class="action-resend">
                 <div *ngIf="countDownTime" class="timer">
                   {{ 'login.resend-code-wait' | translate : {time: countDownTime} }}
                 </div>
-                <button *ngIf="!disabledResendButton"
+                <button [fxShow]="!hideResendButton"
                         mat-button fxFlex
                         (click)="sendCode($event)"
                         type="button">
@@ -73,6 +82,7 @@
               </div>
               <button mat-button fxFlex
                       type="button"
+                      *ngIf="allowProviders.length > 1"
                       (click)="selectProvider(null)">
                 {{ 'login.try-another-way' | translate }}
               </button>
diff --git a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.scss b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.scss
index 547b3b88a6..248d719b7b 100644
--- a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.scss
+++ b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.scss
@@ -60,6 +60,14 @@
         font: 500 12px / 14px Roboto, "Helvetica Neue", sans-serif;
         color: rgba(255, 255, 255, 0.8);
       }
+
+      .action-row:nth-child(n) {
+        min-height: 36px;
+
+        .action-resend {
+          min-width: 50%;
+        }
+      }
     }
   }
 
diff --git a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.ts b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.ts
index 33ebd4d979..048fb83bbe 100644
--- a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.ts
+++ b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.ts
@@ -28,6 +28,7 @@ import {
 } from '@shared/models/two-factor-auth.models';
 import { TranslateService } from '@ngx-translate/core';
 import { interval, Subscription } from 'rxjs';
+import { isEqual } from '@core/utils';
 
 @Component({
   selector: 'tb-two-factor-auth-login',
@@ -40,14 +41,15 @@ export class TwoFactorAuthLoginComponent extends PageComponent implements OnInit
   private prevProvider: TwoFactorAuthProviderType;
   private timer: Subscription;
   private minVerificationPeriod = 0;
+  private timerID: NodeJS.Timeout;
 
-  showResendButton = false;
+  showResendAction = false;
   selectedProvider: TwoFactorAuthProviderType;
   allowProviders: TwoFactorAuthProviderType[] = [];
 
   providersData = twoFactorAuthProvidersLoginData;
   providerDescription = '';
-  disabledResendButton = true;
+  hideResendButton = true;
   countDownTime = 0;
 
   maxLengthInput = 6;
@@ -88,7 +90,7 @@ export class TwoFactorAuthLoginComponent extends PageComponent implements OnInit
     });
     if (this.selectedProvider !== TwoFactorAuthProviderType.TOTP) {
       this.sendCode();
-      this.showResendButton = true;
+      this.showResendAction = true;
     }
     this.timer = interval(1000).subscribe(() => this.updatedTime());
   }
@@ -96,12 +98,28 @@ export class TwoFactorAuthLoginComponent extends PageComponent implements OnInit
   ngOnDestroy() {
     super.ngOnDestroy();
     this.timer.unsubscribe();
+    clearTimeout(this.timerID);
   }
 
   sendVerificationCode() {
     if (this.verificationForm.valid && this.selectedProvider) {
       this.authService.checkTwoFaVerificationCode(this.selectedProvider, this.verificationForm.get('verificationCode').value).subscribe(
-        () => {}
+        () => {},
+        (error) => {
+          if (error.status === 400) {
+            this.verificationForm.get('verificationCode').setErrors({incorrectCode: true});
+          } else if (error.status === 429) {
+            this.verificationForm.get('verificationCode').setErrors({tooManyRequest: true});
+            this.timerID = setTimeout(() => {
+              let errors = this.verificationForm.get('verificationCode').errors;
+              delete errors.tooManyRequest;
+              if (isEqual(errors, {})) {
+                errors = null;
+              }
+              this.verificationForm.get('verificationCode').setErrors(errors);
+            }, 5000);
+          }
+        }
       );
     }
   }
@@ -109,7 +127,7 @@ export class TwoFactorAuthLoginComponent extends PageComponent implements OnInit
   selectProvider(type: TwoFactorAuthProviderType) {
     this.prevProvider = type === null ? this.selectedProvider : null;
     this.selectedProvider = type;
-    this.showResendButton = false;
+    this.showResendAction = false;
     if (type !== null) {
       this.verificationForm.get('verificationCode').reset();
       const providerConfig = this.providersInfo.find(config => config.type === type);
@@ -118,7 +136,7 @@ export class TwoFactorAuthLoginComponent extends PageComponent implements OnInit
       });
       if (type !== TwoFactorAuthProviderType.TOTP && type !== TwoFactorAuthProviderType.BACKUP_CODE) {
         this.sendCode();
-        this.showResendButton = true;
+        this.showResendAction = true;
         this.minVerificationPeriod = providerConfig?.minVerificationCodeSendPeriod || 30;
       }
       if (type === TwoFactorAuthProviderType.BACKUP_CODE) {
@@ -150,7 +168,7 @@ export class TwoFactorAuthLoginComponent extends PageComponent implements OnInit
     if ($event) {
       $event.stopPropagation();
     }
-    this.disabledResendButton = true;
+    this.hideResendButton = true;
     this.twoFactorAuthService.requestTwoFaVerificationCodeSend(this.selectedProvider).subscribe(() => {
       this.countDownTime = this.minVerificationPeriod;
     }, () => {
@@ -171,7 +189,7 @@ export class TwoFactorAuthLoginComponent extends PageComponent implements OnInit
     if (this.countDownTime > 0) {
       this.countDownTime--;
       if (this.countDownTime === 0) {
-        this.disabledResendButton = false;
+        this.hideResendButton = false;
       }
     }
   }
diff --git a/ui-ngx/src/assets/locale/locale.constant-en_US.json b/ui-ngx/src/assets/locale/locale.constant-en_US.json
index a316993329..25f27ed346 100644
--- a/ui-ngx/src/assets/locale/locale.constant-en_US.json
+++ b/ui-ngx/src/assets/locale/locale.constant-en_US.json
@@ -2633,6 +2633,8 @@
                 "totp-step-label": "Get app",
                 "verification-code": "6-digit code",
                 "verification-code-invalid": "Invalid verification code format",
+                "verification-code-incorrect": "Verification code is incorrect",
+                "verification-code-many-request": "Too many requests check verification code",
                 "verification-step-description": "Enter a 6-digit code we just sent to {{address}}",
                 "verification-step-label": "Verification"
             },

From da058ccfc1f5edafa51ef00be444cc1a9f6682a5 Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Tue, 31 May 2022 17:22:08 +0300
Subject: [PATCH 85/92] UI: Fixed validation

---
 .../data/security/model/mfa/PlatformTwoFaSettings.java       | 2 +-
 .../home/pages/admin/two-factor-auth-settings.component.html | 5 +++--
 .../home/pages/admin/two-factor-auth-settings.component.scss | 4 ++++
 .../home/pages/admin/two-factor-auth-settings.component.ts   | 4 ++--
 .../app/modules/home/pages/security/security.component.ts    | 3 +++
 .../login/pages/login/two-factor-auth-login.component.ts     | 3 ++-
 ui-ngx/src/assets/locale/locale.constant-en_US.json          | 2 +-
 7 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
index 6f4b8d806f..fd72e7a027 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/security/model/mfa/PlatformTwoFaSettings.java
@@ -41,7 +41,7 @@ public class PlatformTwoFaSettings {
     private String verificationCodeCheckRateLimit;
     @Min(value = 0, message = "maximum number of verification failure before user lockout must be positive")
     private Integer maxVerificationFailuresBeforeUserLockout;
-    @Min(value = 1, message = "total amount of time allotted for verification must be greater than 0")
+    @Min(value = 60, message = "total amount of time allotted for verification must be greater than or equal 60")
     private Integer totalAllowedTimeForVerification;
 
 
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
index 9e0f54243f..1c6124bdc7 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.html
@@ -51,7 +51,8 @@
                         <mat-form-field fxFlex class="mat-block">
                           <mat-label translate>admin.2fa.issuer-name</mat-label>
                           <input matInput formControlName="issuerName" required>
-                          <mat-error *ngIf="provider.get('issuerName').hasError('required')">
+                          <mat-error *ngIf="provider.get('issuerName').hasError('required') ||
+                                            provider.get('issuerName').hasError('pattern')">
                             {{ "admin.2fa.issuer-name-required" | translate }}
                           </mat-error>
                         </mat-form-field>
@@ -118,7 +119,7 @@
               <div class="input-row" fxLayout="row" fxLayout.xs="column" fxLayoutGap.gt-xs="8px">
                 <mat-form-field fxFlex class="mat-block">
                   <mat-label translate>admin.2fa.total-allowed-time-for-verification</mat-label>
-                  <input matInput required formControlName="totalAllowedTimeForVerification" type="number" step="1" min="1">
+                  <input matInput required formControlName="totalAllowedTimeForVerification" type="number" step="1" min="60">
                   <mat-error *ngIf="twoFaFormGroup.get('totalAllowedTimeForVerification').hasError('required')">
                     {{ 'admin.2fa.total-allowed-time-for-verification-required' | translate }}
                   </mat-error>
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss
index 86254926b7..254cc51c22 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.scss
@@ -73,6 +73,10 @@
 
 :host ::ng-deep {
   .mat-expansion-panel {
+    .mat-expansion-panel-content {
+      font-size: 16px;
+    }
+
     &.provider {
       .mat-expansion-panel-header > .mat-content {
         overflow: inherit;
diff --git a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
index 895b80ed08..f4c7c2f1c9 100644
--- a/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/admin/two-factor-auth-settings.component.ts
@@ -122,7 +122,7 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
       ]],
       totalAllowedTimeForVerification: [3600, [
         Validators.required,
-        Validators.min(1),
+        Validators.min(60),
         Validators.pattern(/^\d*$/)
       ]],
       verificationCodeCheckRateLimitEnable: [false],
@@ -192,7 +192,7 @@ export class TwoFactorAuthSettingsComponent extends PageComponent implements OnI
     };
     switch (provider) {
       case TwoFactorAuthProviderType.TOTP:
-        formControlConfig.issuerName = [{value: 'ThingsBoard', disabled: true}, Validators.required];
+        formControlConfig.issuerName = [{value: 'ThingsBoard', disabled: true}, [Validators.required, Validators.pattern(/^\S+$/)]];
         break;
       case TwoFactorAuthProviderType.SMS:
         formControlConfig.smsVerificationMessageTemplate = [{value: 'Verification code: ${code}', disabled: true}, [
diff --git a/ui-ngx/src/app/modules/home/pages/security/security.component.ts b/ui-ngx/src/app/modules/home/pages/security/security.component.ts
index 34eda9781a..ab7d470e9e 100644
--- a/ui-ngx/src/app/modules/home/pages/security/security.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/security/security.component.ts
@@ -170,6 +170,9 @@ export class SecurityComponent extends PageComponent implements OnInit, OnDestro
   confirm2FAChange(event: MouseEvent, provider: TwoFactorAuthProviderType) {
     event.stopPropagation();
     event.preventDefault();
+    if (this.twoFactorAuth.get(provider).disabled) {
+      return;
+    }
     if (this.twoFactorAuth.get(provider).value) {
       const providerName = this.translate.instant(`security.2fa.provider.${provider.toLowerCase()}`);
       this.dialogService.confirm(
diff --git a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.ts b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.ts
index 048fb83bbe..73401f2a0c 100644
--- a/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.ts
+++ b/ui-ngx/src/app/modules/login/pages/login/two-factor-auth-login.component.ts
@@ -169,10 +169,11 @@ export class TwoFactorAuthLoginComponent extends PageComponent implements OnInit
       $event.stopPropagation();
     }
     this.hideResendButton = true;
+    this.countDownTime = 0;
     this.twoFactorAuthService.requestTwoFaVerificationCodeSend(this.selectedProvider).subscribe(() => {
       this.countDownTime = this.minVerificationPeriod;
     }, () => {
-      this.countDownTime = 30;
+      this.countDownTime = this.minVerificationPeriod;
     });
   }
 
diff --git a/ui-ngx/src/assets/locale/locale.constant-en_US.json b/ui-ngx/src/assets/locale/locale.constant-en_US.json
index 25f27ed346..f54ec4c3a1 100644
--- a/ui-ngx/src/assets/locale/locale.constant-en_US.json
+++ b/ui-ngx/src/assets/locale/locale.constant-en_US.json
@@ -332,7 +332,7 @@
             "retry-verification-code-period-pattern": "Minimal period time is 5 sec",
             "retry-verification-code-period-required": "Retry verification code period is required.",
             "total-allowed-time-for-verification": "Total allowed time for verification (sec)",
-            "total-allowed-time-for-verification-pattern": "Total allowed time must be a positive integer.",
+            "total-allowed-time-for-verification-pattern": "Minimal total allowed time is 60 sec",
             "total-allowed-time-for-verification-required": "Total allowed time is required.",
             "use-system-two-factor-auth-settings": "Use system two factor auth settings",
             "verification-code-check-rate-limit": "Verification code check rate limit",

From fd6ead6c481c4b7b28dbb24435467e3632fed163 Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Wed, 1 Jun 2022 10:02:23 +0300
Subject: [PATCH 86/92] Fixed test

---
 .../thingsboard/server/controller/TwoFactorAuthConfigTest.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
index ec5b128efd..ee93cadaa4 100644
--- a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthConfigTest.java
@@ -124,7 +124,7 @@ public abstract class TwoFactorAuthConfigTest extends AbstractControllerTest {
         assertThat(errorMessage).contains(
                 "verification code check rate limit configuration is invalid",
                 "maximum number of verification failure before user lockout must be positive",
-                "total amount of time allotted for verification must be greater than 0"
+                "total amount of time allotted for verification must be greater than or equal 60"
         );
     }
 

From 9fd78e595caa8071d06f9fb6c8a10edd59201de4 Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Wed, 1 Jun 2022 10:43:58 +0300
Subject: [PATCH 87/92] =?UTF-8?q?Fixed=20test=D1=96?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../thingsboard/server/controller/TwoFactorAuthTest.java    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
index 2f7ee93cee..b825571694 100644
--- a/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/TwoFactorAuthTest.java
@@ -156,14 +156,14 @@ public abstract class TwoFactorAuthTest extends AbstractControllerTest {
     @Test
     public void testTwoFaPreVerificationTokenLifetime() throws Exception {
         configureTotpTwoFa(twoFaSettings -> {
-            twoFaSettings.setTotalAllowedTimeForVerification(5);
+            twoFaSettings.setTotalAllowedTimeForVerification(65);
         });
 
         logInWithPreVerificationToken(username, password);
 
         await("expiration of the pre-verification token")
-                .atLeast(Duration.ofSeconds(3).plusMillis(500))
-                .atMost(Duration.ofSeconds(6))
+                .atLeast(Duration.ofSeconds(30).plusMillis(500))
+                .atMost(Duration.ofSeconds(70))
                 .untilAsserted(() -> {
                     doPost("/api/auth/2fa/verification/send?providerType=TOTP")
                             .andExpect(status().isUnauthorized());

From 0bf8749ca52b2e57c2027554bbcd0ebd41ab57b1 Mon Sep 17 00:00:00 2001
From: YevhenBondarenko <ybondarenko@thingsboard.io>
Date: Wed, 1 Jun 2022 12:05:00 +0200
Subject: [PATCH 88/92] fixed race condition during queue creating

---
 .../java/org/thingsboard/server/common/data/TenantProfile.java  | 2 ++
 .../server/queue/discovery/HashPartitionService.java            | 2 --
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/TenantProfile.java b/common/data/src/main/java/org/thingsboard/server/common/data/TenantProfile.java
index 308500a6bd..e5cbf23179 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/TenantProfile.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/TenantProfile.java
@@ -21,6 +21,7 @@ import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
+import lombok.ToString;
 import lombok.extern.slf4j.Slf4j;
 import org.thingsboard.server.common.data.id.TenantProfileId;
 import org.thingsboard.server.common.data.tenant.profile.DefaultTenantProfileConfiguration;
@@ -36,6 +37,7 @@ import static org.thingsboard.server.common.data.SearchTextBasedWithAdditionalIn
 
 @ApiModel
 @Data
+@ToString(exclude = {"profileDataBytes"})
 @EqualsAndHashCode(callSuper = true)
 @Slf4j
 public class TenantProfile extends SearchTextBased<TenantProfileId> implements HasName {
diff --git a/common/queue/src/main/java/org/thingsboard/server/queue/discovery/HashPartitionService.java b/common/queue/src/main/java/org/thingsboard/server/queue/discovery/HashPartitionService.java
index ccf8b9dd92..e7db76bead 100644
--- a/common/queue/src/main/java/org/thingsboard/server/queue/discovery/HashPartitionService.java
+++ b/common/queue/src/main/java/org/thingsboard/server/queue/discovery/HashPartitionService.java
@@ -214,8 +214,6 @@ public class HashPartitionService implements PartitionService {
 
     @Override
     public synchronized void recalculatePartitions(ServiceInfo currentService, List<ServiceInfo> otherServices) {
-        partitionsInit();
-
         tbTransportServicesByType.clear();
         logServiceInfo(currentService);
         otherServices.forEach(this::logServiceInfo);

From c377f80caa7b221e40303430db946d2ea7d91f55 Mon Sep 17 00:00:00 2001
From: fe-dev <Dgerik2015@gmail.com>
Date: Wed, 1 Jun 2022 19:14:09 +0300
Subject: [PATCH 89/92] UI: Fix bugs

---
 .../tenant-profile-queues.component.html      |  26 +-
 .../queue/tenant-profile-queues.component.ts  |  10 +-
 .../profile/tenant-profile.component.ts       |   4 +-
 .../queue/queue-form.component.html           | 341 +++++++++---------
 .../components/queue/queue-form.component.ts  |  47 +--
 .../tenant-profiles-table-config.resolver.ts  |  15 +-
 ui-ngx/src/app/shared/models/queue.models.ts  |  61 +++-
 .../assets/locale/locale.constant-en_US.json  |  27 +-
 8 files changed, 302 insertions(+), 229 deletions(-)

diff --git a/ui-ngx/src/app/modules/home/components/profile/queue/tenant-profile-queues.component.html b/ui-ngx/src/app/modules/home/components/profile/queue/tenant-profile-queues.component.html
index 9339438726..b755e02d8b 100644
--- a/ui-ngx/src/app/modules/home/components/profile/queue/tenant-profile-queues.component.html
+++ b/ui-ngx/src/app/modules/home/components/profile/queue/tenant-profile-queues.component.html
@@ -20,12 +20,26 @@
        *ngFor="let queuesControl of queuesFormArray.controls; trackBy: trackByQueue;
        let $index = index; last as isLast;"
        [ngStyle]="!isLast ? {paddingBottom: '8px'} : {}">
-    <tb-queue-form [formControl]="queuesControl"
-                   (removeQueue)="removeQueue($index)"
-                   [mainQueue]="$index === 0"
-                   [expanded]="$index === 0"
-                   [newQueue]="newQueue">
-    </tb-queue-form>
+    <mat-expansion-panel fxFlex [expanded]="true">
+      <mat-expansion-panel-header>
+        <div fxFlex fxLayout="row" fxLayoutAlign="start center">
+          <mat-panel-title>
+            {{ queuesControl.value.name }}
+          </mat-panel-title>
+          <span fxFlex></span>
+          <button *ngIf="!($index === 0) && !disabled" mat-icon-button style="min-width: 40px;"
+                  type="button"
+                  (click)="removeQueue($index)"
+                  matTooltip="{{ 'action.remove' | translate }}"
+                  matTooltipPosition="above">
+            <mat-icon>delete</mat-icon>
+          </button>
+        </div>
+      </mat-expansion-panel-header>
+      <ng-template matExpansionPanelContent>
+        <tb-queue-form [formControl]="queuesControl"></tb-queue-form>
+      </ng-template>
+    </mat-expansion-panel>
   </div>
   <div *ngIf="!queuesFormArray.controls.length">
       <span translate fxLayoutAlign="center center"
diff --git a/ui-ngx/src/app/modules/home/components/profile/queue/tenant-profile-queues.component.ts b/ui-ngx/src/app/modules/home/components/profile/queue/tenant-profile-queues.component.ts
index ebba35397c..45a7d87eca 100644
--- a/ui-ngx/src/app/modules/home/components/profile/queue/tenant-profile-queues.component.ts
+++ b/ui-ngx/src/app/modules/home/components/profile/queue/tenant-profile-queues.component.ts
@@ -126,9 +126,9 @@ export class TenantProfileQueuesComponent implements ControlValueAccessor, Valid
     } else {
       this.tenantProfileQueuesFormGroup.enable({emitEvent: false});
     }
-    this.valueChangeSubscription$ = this.tenantProfileQueuesFormGroup.valueChanges.subscribe(value => {
-      this.updateModel();
-    });
+    this.valueChangeSubscription$ = this.tenantProfileQueuesFormGroup.valueChanges.subscribe(() =>
+      this.updateModel()
+    );
   }
 
   public trackByQueue(index: number, queueControl: AbstractControl) {
@@ -183,10 +183,6 @@ export class TenantProfileQueuesComponent implements ControlValueAccessor, Valid
     };
   }
 
-  getName(value) {
-    return this.utils.customTranslation(value, value);
-  }
-
   private updateModel() {
     const queues: Array<QueueInfo> = this.tenantProfileQueuesFormGroup.get('queues').value;
     this.propagateChange(queues);
diff --git a/ui-ngx/src/app/modules/home/components/profile/tenant-profile.component.ts b/ui-ngx/src/app/modules/home/components/profile/tenant-profile.component.ts
index ed88fe9fba..413055fede 100644
--- a/ui-ngx/src/app/modules/home/components/profile/tenant-profile.component.ts
+++ b/ui-ngx/src/app/modules/home/components/profile/tenant-profile.component.ts
@@ -109,7 +109,9 @@ export class TenantProfileComponent extends EntityComponent<TenantProfile> {
     this.entityForm.patchValue({name: entity.name}, {emitEvent: false});
     this.entityForm.patchValue({isolatedTbCore: entity.isolatedTbCore}, {emitEvent: false});
     this.entityForm.patchValue({isolatedTbRuleEngine: entity.isolatedTbRuleEngine}, {emitEvent: false});
-    this.entityForm.get('profileData').patchValue({configuration: entity.profileData?.configuration}, {emitEvent: false});
+    this.entityForm.get('profileData').patchValue({
+      configuration: !this.isAdd ? entity.profileData?.configuration : createTenantProfileConfiguration(TenantProfileType.DEFAULT)
+    }, {emitEvent: false});
     this.entityForm.get('profileData').patchValue({queueConfiguration: entity.profileData?.queueConfiguration}, {emitEvent: false});
     this.entityForm.patchValue({description: entity.description}, {emitEvent: false});
   }
diff --git a/ui-ngx/src/app/modules/home/components/queue/queue-form.component.html b/ui-ngx/src/app/modules/home/components/queue/queue-form.component.html
index 920ad2f162..5dee2afa87 100644
--- a/ui-ngx/src/app/modules/home/components/queue/queue-form.component.html
+++ b/ui-ngx/src/app/modules/home/components/queue/queue-form.component.html
@@ -15,182 +15,165 @@
     limitations under the License.
 
 -->
-<mat-expansion-panel fxFlex [(expanded)]="expanded">
-  <mat-expansion-panel-header>
-    <div fxFlex fxLayout="row" fxLayoutAlign="start center">
-      <mat-panel-title>
-        {{ queueTitle }}
-      </mat-panel-title>
-      <span fxFlex></span>
-      <button *ngIf="!mainQueue && !disabled" mat-icon-button style="min-width: 40px;"
-              type="button"
-              (click)="removeQueue.emit()"
-              matTooltip="{{ 'action.remove' | translate }}"
-              matTooltipPosition="above">
-        <mat-icon>delete</mat-icon>
-      </button>
-    </div>
-  </mat-expansion-panel-header>
-  <ng-template matExpansionPanelContent>
-    <form [formGroup]="queueFormGroup" fxLayout="column" fxLayoutGap="0.5em">
-      <mat-form-field class="mat-block">
-        <mat-label translate>admin.queue-name</mat-label>
-        <input matInput formControlName="name" required>
-        <mat-error *ngIf="queueFormGroup.get('name').hasError('required')">
-          {{ 'queue.name-required' | translate }}
-        </mat-error>
-        <mat-error *ngIf="queueFormGroup.get('name').hasError('unique')">
-          {{ 'queue.name-unique' | translate }}
-        </mat-error>
-      </mat-form-field>
-      <mat-form-field class="mat-block">
-        <mat-label translate>queue.poll-interval</mat-label>
-        <input type="number" matInput formControlName="pollInterval" required>
-        <mat-error *ngIf="queueFormGroup.get('pollInterval').hasError('required')">
-          {{ 'queue.poll-interval-required' | translate }}
-        </mat-error>
-        <mat-error *ngIf="queueFormGroup.get('pollInterval').hasError('min') &&
-                   !queueFormGroup.get('pollInterval').hasError('required')">
-          {{ 'queue.poll-interval-min-value' | translate }}
-        </mat-error>
-      </mat-form-field>
-      <mat-form-field class="mat-block">
-        <mat-label translate>queue.partitions</mat-label>
-        <input type="number" matInput formControlName="partitions" required>
-        <mat-error *ngIf="queueFormGroup.get('partitions').hasError('required')">
-          {{ 'queue.partitions-required' | translate }}
-        </mat-error>
-        <mat-error *ngIf="queueFormGroup.get('partitions').hasError('min') &&
-                   !queueFormGroup.get('partitions').hasError('required')">
-          {{ 'queue.partitions-min-value' | translate }}
-        </mat-error>
-      </mat-form-field>
-      <mat-checkbox class="hinted-checkbox" formControlName="consumerPerPartition">
-        <div>{{ 'queue.consumer-per-partition' | translate }}</div>
-        <div class="tb-hint">{{'queue.consumer-per-partition-hint' | translate}}</div>
-      </mat-checkbox>
-      <mat-form-field class="mat-block">
-        <mat-label translate>queue.processing-timeout</mat-label>
-        <input type="number" matInput formControlName="packProcessingTimeout" required>
-        <mat-error *ngIf="queueFormGroup.get('packProcessingTimeout').hasError('required')">
-          {{ 'queue.pack-processing-timeout-required' | translate }}
-        </mat-error>
-        <mat-error *ngIf="queueFormGroup.get('packProcessingTimeout').hasError('min') &&
-                   !queueFormGroup.get('packProcessingTimeout').hasError('required')">
-          {{ 'queue.pack-processing-timeout-min-value' | translate }}
-        </mat-error>
-      </mat-form-field>
-      <mat-accordion class="queue-strategy" [multi]="true">
-        <mat-expansion-panel [expanded]="false">
-          <mat-expansion-panel-header>
-            <mat-panel-title translate>
-              queue.submit-strategy
-            </mat-panel-title>
-          </mat-expansion-panel-header>
-          <ng-template matExpansionPanelContent>
-            <div formGroupName="submitStrategy">
-              <mat-form-field class="mat-block">
-                <mat-label translate>queue.submit-strategy</mat-label>
-                <mat-select formControlName="type" required>
-                  <mat-option *ngFor="let strategy of submitStrategies" [value]="strategy">
-                    {{ strategy }}
-                  </mat-option>
-                </mat-select>
-                <mat-error *ngIf="queueFormGroup.get('submitStrategy.type').hasError('required')">
-                  {{ 'queue.submit-strategy-type-required' | translate }}
-                </mat-error>
-              </mat-form-field>
-              <mat-form-field class="mat-block" *ngIf="hideBatchSize">
-                <mat-label translate>queue.batch-size</mat-label>
-                <input type="number" matInput formControlName="batchSize" required>
-                <mat-error *ngIf="queueFormGroup.get('submitStrategy.batchSize').hasError('required')">
-                  {{ 'queue.batch-size-required' | translate }}
-                </mat-error>
-                <mat-error *ngIf="queueFormGroup.get('submitStrategy.batchSize').hasError('min') &&
-                     !queueFormGroup.get('submitStrategy.batchSize').hasError('required')">
-                  {{ 'queue.batch-size-min-value' | translate }}
-                </mat-error>
-              </mat-form-field>
-            </div>
-          </ng-template>
-        </mat-expansion-panel>
-        <mat-expansion-panel [expanded]="false">
-          <mat-expansion-panel-header>
-            <mat-panel-title translate>
-              queue.processing-strategy
-            </mat-panel-title>
-          </mat-expansion-panel-header>
-          <ng-template matExpansionPanelContent>
-            <div formGroupName="processingStrategy">
-              <mat-form-field class="mat-block">
-                <mat-label translate>queue.processing-strategy</mat-label>
-                <mat-select formControlName="type" required>
-                  <mat-option *ngFor="let strategy of processingStrategies" [value]="strategy">
-                    {{ strategy }}
-                  </mat-option>
-                </mat-select>
-                <mat-error *ngIf="queueFormGroup.get('processingStrategy.type').hasError('required')">
-                  {{ 'queue.processing-strategy-type-required' | translate }}
-                </mat-error>
-              </mat-form-field>
-              <mat-form-field class="mat-block">
-                <mat-label translate>queue.retries</mat-label>
-                <input type="number" matInput formControlName="retries" required>
-                <mat-error *ngIf="queueFormGroup.get('processingStrategy.retries').hasError('required')">
-                  {{ 'queue.retries-required' | translate }}
-                </mat-error>
-                <mat-error *ngIf="queueFormGroup.get('processingStrategy.retries').hasError('min') &&
-                     !queueFormGroup.get('processingStrategy.retries').hasError('required')">
-                  {{ 'queue.retries-min-value' | translate }}
-                </mat-error>
-              </mat-form-field>
-              <mat-form-field class="mat-block">
-                <mat-label translate>queue.failure-percentage</mat-label>
-                <input type="number" matInput formControlName="failurePercentage" required>
-                <mat-error *ngIf="queueFormGroup.get('processingStrategy.failurePercentage').hasError('required')">
-                  {{ 'queue.failure-percentage-required' | translate }}
-                </mat-error>
-                <mat-error *ngIf="queueFormGroup.get('processingStrategy.failurePercentage').hasError('min') &&
-                     !queueFormGroup.get('processingStrategy.failurePercentage').hasError('required') &&
-                     !queueFormGroup.get('processingStrategy.failurePercentage').hasError('max')">
-                  {{ 'queue.failure-percentage-min-value' | translate }}
-                </mat-error>
-                <mat-error *ngIf="queueFormGroup.get('processingStrategy.failurePercentage').hasError('max') &&
-                     !queueFormGroup.get('processingStrategy.failurePercentage').hasError('required') &&
-                     !queueFormGroup.get('processingStrategy.failurePercentage').hasError('min')">
-                  {{ 'queue.failure-percentage-max-value' | translate }}
-                </mat-error>
-              </mat-form-field>
-              <mat-form-field class="mat-block">
-                <mat-label translate>queue.pause-between-retries</mat-label>
-                <input type="number" matInput formControlName="pauseBetweenRetries" required>
-                <mat-error *ngIf="queueFormGroup.get('processingStrategy.pauseBetweenRetries').hasError('required')">
-                  {{ 'queue.pause-between-retries-required' | translate }}
-                </mat-error>
-                <mat-error *ngIf="queueFormGroup.get('processingStrategy.pauseBetweenRetries').hasError('min') &&
-                     !queueFormGroup.get('processingStrategy.pauseBetweenRetries').hasError('required')">
-                  {{ 'queue.pause-between-retries-min-value' | translate }}
-                </mat-error>
-              </mat-form-field>
-              <mat-form-field class="mat-block">
-                <mat-label translate>queue.max-pause-between-retries</mat-label>
-                <input type="number" matInput formControlName="maxPauseBetweenRetries" required>
-                <mat-error *ngIf="queueFormGroup.get('processingStrategy.maxPauseBetweenRetries').hasError('required')">
-                  {{ 'queue.max-pause-between-retries-required' | translate }}
-                </mat-error>
-                <mat-error *ngIf="queueFormGroup.get('processingStrategy.maxPauseBetweenRetries').hasError('min') &&
-                     !queueFormGroup.get('processingStrategy.maxPauseBetweenRetries').hasError('required')">
-                  {{ 'queue.max-pause-between-retries-min-value' | translate }}
-                </mat-error>
-              </mat-form-field>
-            </div>
-          </ng-template>
-        </mat-expansion-panel>
-      </mat-accordion>
-      <mat-form-field class="mat-block" formGroupName="additionalInfo">
-        <mat-label translate>queue.description</mat-label>
-        <textarea matInput formControlName="description" rows="2"></textarea>
-      </mat-form-field>
-    </form>
-  </ng-template>
-</mat-expansion-panel>
+
+<form [formGroup]="queueFormGroup" fxLayout="column" fxLayoutGap="0.5em">
+  <mat-form-field class="mat-block">
+    <mat-label translate>admin.queue-name</mat-label>
+    <input matInput formControlName="name" required>
+    <mat-error *ngIf="queueFormGroup.get('name').hasError('required')">
+      {{ 'queue.name-required' | translate }}
+    </mat-error>
+    <mat-error *ngIf="queueFormGroup.get('name').hasError('unique')">
+      {{ 'queue.name-unique' | translate }}
+    </mat-error>
+  </mat-form-field>
+  <mat-form-field class="mat-block">
+    <mat-label translate>queue.poll-interval</mat-label>
+    <input type="number" matInput formControlName="pollInterval" required>
+    <mat-error *ngIf="queueFormGroup.get('pollInterval').hasError('required')">
+      {{ 'queue.poll-interval-required' | translate }}
+    </mat-error>
+    <mat-error *ngIf="queueFormGroup.get('pollInterval').hasError('min') &&
+               !queueFormGroup.get('pollInterval').hasError('required')">
+      {{ 'queue.poll-interval-min-value' | translate }}
+    </mat-error>
+  </mat-form-field>
+  <mat-form-field class="mat-block">
+    <mat-label translate>queue.partitions</mat-label>
+    <input type="number" matInput formControlName="partitions" required>
+    <mat-error *ngIf="queueFormGroup.get('partitions').hasError('required')">
+      {{ 'queue.partitions-required' | translate }}
+    </mat-error>
+    <mat-error *ngIf="queueFormGroup.get('partitions').hasError('min') &&
+               !queueFormGroup.get('partitions').hasError('required')">
+      {{ 'queue.partitions-min-value' | translate }}
+    </mat-error>
+  </mat-form-field>
+  <mat-checkbox class="hinted-checkbox" formControlName="consumerPerPartition">
+    <div>{{ 'queue.consumer-per-partition' | translate }}</div>
+    <div class="tb-hint">{{'queue.consumer-per-partition-hint' | translate}}</div>
+  </mat-checkbox>
+  <mat-form-field class="mat-block">
+    <mat-label translate>queue.processing-timeout</mat-label>
+    <input type="number" matInput formControlName="packProcessingTimeout" required>
+    <mat-error *ngIf="queueFormGroup.get('packProcessingTimeout').hasError('required')">
+      {{ 'queue.pack-processing-timeout-required' | translate }}
+    </mat-error>
+    <mat-error *ngIf="queueFormGroup.get('packProcessingTimeout').hasError('min') &&
+               !queueFormGroup.get('packProcessingTimeout').hasError('required')">
+      {{ 'queue.pack-processing-timeout-min-value' | translate }}
+    </mat-error>
+  </mat-form-field>
+  <mat-accordion class="queue-strategy" [multi]="true">
+    <mat-expansion-panel [expanded]="false">
+      <mat-expansion-panel-header>
+        <mat-panel-title translate>
+          queue.submit-strategy
+        </mat-panel-title>
+      </mat-expansion-panel-header>
+      <ng-template matExpansionPanelContent>
+        <div formGroupName="submitStrategy">
+          <mat-form-field class="mat-block">
+            <mat-label translate>queue.submit-strategy</mat-label>
+            <mat-select formControlName="type" required>
+              <mat-option *ngFor="let strategy of submitStrategies" [value]="strategy">
+                {{ queueSubmitStrategyTypesMap.get(queueSubmitStrategyTypes[strategy]).label | translate }}
+              </mat-option>
+            </mat-select>
+            <mat-error *ngIf="queueFormGroup.get('submitStrategy.type').hasError('required')">
+              {{ 'queue.submit-strategy-type-required' | translate }}
+            </mat-error>
+          </mat-form-field>
+          <mat-form-field class="mat-block" *ngIf="hideBatchSize">
+            <mat-label translate>queue.batch-size</mat-label>
+            <input type="number" matInput formControlName="batchSize" required>
+            <mat-error *ngIf="queueFormGroup.get('submitStrategy.batchSize').hasError('required')">
+              {{ 'queue.batch-size-required' | translate }}
+            </mat-error>
+            <mat-error *ngIf="queueFormGroup.get('submitStrategy.batchSize').hasError('min') &&
+                 !queueFormGroup.get('submitStrategy.batchSize').hasError('required')">
+              {{ 'queue.batch-size-min-value' | translate }}
+            </mat-error>
+          </mat-form-field>
+        </div>
+      </ng-template>
+    </mat-expansion-panel>
+    <mat-expansion-panel [expanded]="false">
+      <mat-expansion-panel-header>
+        <mat-panel-title translate>
+          queue.processing-strategy
+        </mat-panel-title>
+      </mat-expansion-panel-header>
+      <ng-template matExpansionPanelContent>
+        <div formGroupName="processingStrategy">
+          <mat-form-field class="mat-block">
+            <mat-label translate>queue.processing-strategy</mat-label>
+            <mat-select formControlName="type" required>
+              <mat-option *ngFor="let strategy of processingStrategies" [value]="strategy">
+                {{ queueProcessingStrategyTypesMap.get(queueProcessingStrategyTypes[strategy]).label | translate }}
+              </mat-option>
+            </mat-select>
+            <mat-error *ngIf="queueFormGroup.get('processingStrategy.type').hasError('required')">
+              {{ 'queue.processing-strategy-type-required' | translate }}
+            </mat-error>
+          </mat-form-field>
+          <mat-form-field class="mat-block">
+            <mat-label translate>queue.retries</mat-label>
+            <input type="number" matInput formControlName="retries" required>
+            <mat-error *ngIf="queueFormGroup.get('processingStrategy.retries').hasError('required')">
+              {{ 'queue.retries-required' | translate }}
+            </mat-error>
+            <mat-error *ngIf="queueFormGroup.get('processingStrategy.retries').hasError('min') &&
+                 !queueFormGroup.get('processingStrategy.retries').hasError('required')">
+              {{ 'queue.retries-min-value' | translate }}
+            </mat-error>
+          </mat-form-field>
+          <mat-form-field class="mat-block">
+            <mat-label translate>queue.failure-percentage</mat-label>
+            <input type="number" matInput formControlName="failurePercentage" required>
+            <mat-error *ngIf="queueFormGroup.get('processingStrategy.failurePercentage').hasError('required')">
+              {{ 'queue.failure-percentage-required' | translate }}
+            </mat-error>
+            <mat-error *ngIf="queueFormGroup.get('processingStrategy.failurePercentage').hasError('min') &&
+                 !queueFormGroup.get('processingStrategy.failurePercentage').hasError('required') &&
+                 !queueFormGroup.get('processingStrategy.failurePercentage').hasError('max')">
+              {{ 'queue.failure-percentage-min-value' | translate }}
+            </mat-error>
+            <mat-error *ngIf="queueFormGroup.get('processingStrategy.failurePercentage').hasError('max') &&
+                 !queueFormGroup.get('processingStrategy.failurePercentage').hasError('required') &&
+                 !queueFormGroup.get('processingStrategy.failurePercentage').hasError('min')">
+              {{ 'queue.failure-percentage-max-value' | translate }}
+            </mat-error>
+          </mat-form-field>
+          <mat-form-field class="mat-block">
+            <mat-label translate>queue.pause-between-retries</mat-label>
+            <input type="number" matInput formControlName="pauseBetweenRetries" required>
+            <mat-error *ngIf="queueFormGroup.get('processingStrategy.pauseBetweenRetries').hasError('required')">
+              {{ 'queue.pause-between-retries-required' | translate }}
+            </mat-error>
+            <mat-error *ngIf="queueFormGroup.get('processingStrategy.pauseBetweenRetries').hasError('min') &&
+                 !queueFormGroup.get('processingStrategy.pauseBetweenRetries').hasError('required')">
+              {{ 'queue.pause-between-retries-min-value' | translate }}
+            </mat-error>
+          </mat-form-field>
+          <mat-form-field class="mat-block">
+            <mat-label translate>queue.max-pause-between-retries</mat-label>
+            <input type="number" matInput formControlName="maxPauseBetweenRetries" required>
+            <mat-error *ngIf="queueFormGroup.get('processingStrategy.maxPauseBetweenRetries').hasError('required')">
+              {{ 'queue.max-pause-between-retries-required' | translate }}
+            </mat-error>
+            <mat-error *ngIf="queueFormGroup.get('processingStrategy.maxPauseBetweenRetries').hasError('min') &&
+                 !queueFormGroup.get('processingStrategy.maxPauseBetweenRetries').hasError('required')">
+              {{ 'queue.max-pause-between-retries-min-value' | translate }}
+            </mat-error>
+          </mat-form-field>
+        </div>
+      </ng-template>
+    </mat-expansion-panel>
+  </mat-accordion>
+  <mat-form-field class="mat-block" formGroupName="additionalInfo">
+    <mat-label translate>queue.description</mat-label>
+    <textarea matInput formControlName="description" rows="2"></textarea>
+    <mat-hint translate>queue.description-hint</mat-hint>
+  </mat-form-field>
+</form>
diff --git a/ui-ngx/src/app/modules/home/components/queue/queue-form.component.ts b/ui-ngx/src/app/modules/home/components/queue/queue-form.component.ts
index 6a437799b5..cb2cf06b88 100644
--- a/ui-ngx/src/app/modules/home/components/queue/queue-form.component.ts
+++ b/ui-ngx/src/app/modules/home/components/queue/queue-form.component.ts
@@ -14,7 +14,7 @@
 /// limitations under the License.
 ///
 
-import { Component, forwardRef, Input, OnInit, Output, EventEmitter, OnDestroy } from '@angular/core';
+import { Component, forwardRef, Input, OnDestroy, OnInit } from '@angular/core';
 import {
   ControlValueAccessor,
   FormBuilder,
@@ -25,9 +25,14 @@ import {
   Validator,
   Validators
 } from '@angular/forms';
-import { MatDialog } from '@angular/material/dialog';
 import { UtilsService } from '@core/services/utils.service';
-import { QueueInfo, QueueProcessingStrategyTypes, QueueSubmitStrategyTypes } from '@shared/models/queue.models';
+import {
+  QueueInfo,
+  QueueProcessingStrategyTypes,
+  QueueProcessingStrategyTypesMap,
+  QueueSubmitStrategyTypes,
+  QueueSubmitStrategyTypesMap
+} from '@shared/models/queue.models';
 import { isDefinedAndNotNull } from '@core/utils';
 import { Subscription } from 'rxjs';
 
@@ -56,31 +61,25 @@ export class QueueFormComponent implements ControlValueAccessor, OnInit, OnDestr
   @Input()
   newQueue = false;
 
-  @Input()
-  mainQueue = false;
-
   @Input()
   systemQueue = false;
 
-  @Input()
-  expanded = false;
-
-  @Output()
-  removeQueue = new EventEmitter();
-
   queueFormGroup: FormGroup;
-  submitStrategies: string[] = [];
-  processingStrategies: string[] = [];
-  queueTitle = '';
   hideBatchSize = false;
 
+  queueSubmitStrategyTypes = QueueSubmitStrategyTypes;
+  queueProcessingStrategyTypes = QueueProcessingStrategyTypes;
+  submitStrategies: string[] = Object.values(this.queueSubmitStrategyTypes);
+  processingStrategies: string[] = Object.values(this.queueProcessingStrategyTypes);
+  queueSubmitStrategyTypesMap = QueueSubmitStrategyTypesMap;
+  queueProcessingStrategyTypesMap = QueueProcessingStrategyTypesMap;
+
   private modelValue: QueueInfo;
   private propagateChange = null;
   private propagateChangePending = false;
   private valueChange$: Subscription = null;
 
-  constructor(private dialog: MatDialog,
-              private utils: UtilsService,
+  constructor(private utils: UtilsService,
               private fb: FormBuilder) {
   }
 
@@ -98,8 +97,6 @@ export class QueueFormComponent implements ControlValueAccessor, OnInit, OnDestr
   }
 
   ngOnInit() {
-    this.submitStrategies = Object.values(QueueSubmitStrategyTypes);
-    this.processingStrategies = Object.values(QueueProcessingStrategyTypes);
     this.queueFormGroup = this.fb.group(
       {
         name: ['', [Validators.required]],
@@ -128,7 +125,6 @@ export class QueueFormComponent implements ControlValueAccessor, OnInit, OnDestr
     });
     this.queueFormGroup.get('name').valueChanges.subscribe((value) => {
       this.queueFormGroup.patchValue({topic: `tb_rule_engine.${value}`});
-      this.queueTitle = this.utils.customTranslation(value, value);
     });
     this.queueFormGroup.get('submitStrategy').get('type').valueChanges.subscribe(() => {
       this.submitStrategyTypeChanged();
@@ -160,14 +156,13 @@ export class QueueFormComponent implements ControlValueAccessor, OnInit, OnDestr
   writeValue(value: QueueInfo): void {
     this.propagateChangePending = false;
     this.modelValue = value;
-    if (!this.modelValue.name) {
-      this.expanded = true;
-    }
-    this.queueTitle = this.utils.customTranslation(value.name, value.name);
     if (isDefinedAndNotNull(this.modelValue)) {
       this.queueFormGroup.patchValue(this.modelValue, {emitEvent: false});
+      this.submitStrategyTypeChanged();
+      if (!this.modelValue.name) {
+        this.queueFormGroup.get('name').enable({emitEvent: false});
+      }
     }
-    this.submitStrategyTypeChanged();
     if (!this.disabled && !this.queueFormGroup.valid) {
       this.updateModel();
     }
@@ -209,13 +204,11 @@ export class QueueFormComponent implements ControlValueAccessor, OnInit, OnDestr
     const type: QueueSubmitStrategyTypes = form.get('type').value;
     const batchSizeField = form.get('batchSize');
     if (type === QueueSubmitStrategyTypes.BATCH) {
-      batchSizeField.enable({emitEvent: false});
       batchSizeField.patchValue(1000, {emitEvent: false});
       batchSizeField.setValidators([Validators.min(1), Validators.required]);
       this.hideBatchSize = true;
     } else {
       batchSizeField.patchValue(null, {emitEvent: false});
-      batchSizeField.disable({emitEvent: false});
       batchSizeField.clearValidators();
       this.hideBatchSize = false;
     }
diff --git a/ui-ngx/src/app/modules/home/pages/tenant-profile/tenant-profiles-table-config.resolver.ts b/ui-ngx/src/app/modules/home/pages/tenant-profile/tenant-profiles-table-config.resolver.ts
index 7484d8b403..d9f7efc602 100644
--- a/ui-ngx/src/app/modules/home/pages/tenant-profile/tenant-profiles-table-config.resolver.ts
+++ b/ui-ngx/src/app/modules/home/pages/tenant-profile/tenant-profiles-table-config.resolver.ts
@@ -101,12 +101,15 @@ export class TenantProfilesTableConfigResolver implements Resolve<EntityTableCon
   }
 
   addId(queues) {
-    const queuesWithId = [];
-    queues.forEach(value => {
-      value.id = guid();
-      queuesWithId.push(value);
-    });
-    return queuesWithId;
+    if (queues) {
+      const queuesWithId = [];
+      queues.forEach(value => {
+        value.id = guid();
+        queuesWithId.push(value);
+      });
+      return queuesWithId;
+    }
+    return null;
   }
 
   resolve(): EntityTableConfig<TenantProfile> {
diff --git a/ui-ngx/src/app/shared/models/queue.models.ts b/ui-ngx/src/app/shared/models/queue.models.ts
index 6c67b4db1b..dc90781d30 100644
--- a/ui-ngx/src/app/shared/models/queue.models.ts
+++ b/ui-ngx/src/app/shared/models/queue.models.ts
@@ -14,9 +14,9 @@
 /// limitations under the License.
 ///
 
-import { BaseData, HasId } from '@shared/models/base-data';
+import { BaseData } from '@shared/models/base-data';
 import { TenantId } from '@shared/models/id/tenant-id';
-import {QueueId} from '@shared/models/id/queue-id';
+import { QueueId } from '@shared/models/id/queue-id';
 
 export enum ServiceType {
   TB_CORE = 'TB_CORE',
@@ -33,6 +33,35 @@ export enum QueueSubmitStrategyTypes {
   BATCH = 'BATCH'
 }
 
+export interface QueueStrategyData {
+  label: string;
+  hint: string;
+}
+
+export const QueueSubmitStrategyTypesMap = new Map<QueueSubmitStrategyTypes, QueueStrategyData>(
+  [
+    [QueueSubmitStrategyTypes.SEQUENTIAL_BY_ORIGINATOR, {
+      label: 'queue.strategies.sequential-by-originator-label',
+      hint: 'queue.strategies.sequential-by-originator-hint',
+    }],
+    [QueueSubmitStrategyTypes.SEQUENTIAL_BY_TENANT, {
+      label: 'queue.strategies.sequential-by-tenant-label',
+      hint: 'queue.strategies.sequential-by-tenant-hint',
+    }],
+    [QueueSubmitStrategyTypes.SEQUENTIAL, {
+      label: 'queue.strategies.sequential-label',
+      hint: 'queue.strategies.sequential-hint',
+    }],
+    [QueueSubmitStrategyTypes.BURST, {
+      label: 'queue.strategies.burst-label',
+      hint: 'queue.strategies.burst-hint',
+    }],
+    [QueueSubmitStrategyTypes.BATCH, {
+      label: 'queue.strategies.batch-label',
+      hint: 'queue.strategies.batch-hint',
+    }]
+  ]);
+
 export enum QueueProcessingStrategyTypes {
   RETRY_FAILED_AND_TIMED_OUT = 'RETRY_FAILED_AND_TIMED_OUT',
   SKIP_ALL_FAILURES = 'SKIP_ALL_FAILURES',
@@ -42,6 +71,34 @@ export enum QueueProcessingStrategyTypes {
   RETRY_TIMED_OUT = 'RETRY_TIMED_OUT'
 }
 
+export const QueueProcessingStrategyTypesMap = new Map<QueueProcessingStrategyTypes, QueueStrategyData>(
+  [
+    [QueueProcessingStrategyTypes.RETRY_FAILED_AND_TIMED_OUT, {
+      label: 'queue.strategies.retry-failed-and-timeout-label',
+      hint: 'queue.strategies.retry-failed-and-timout-hint',
+    }],
+    [QueueProcessingStrategyTypes.SKIP_ALL_FAILURES, {
+      label: 'queue.strategies.skip-all-failures-label',
+      hint: 'queue.strategies.skip-all-failures-hint',
+    }],
+    [QueueProcessingStrategyTypes.SKIP_ALL_FAILURES_AND_TIMED_OUT, {
+      label: 'queue.strategies.skip-all-failures-and-timeouts-label',
+      hint: 'queue.strategies.skip-all-failures-and-timeouts-hint',
+    }],
+    [QueueProcessingStrategyTypes.RETRY_ALL, {
+      label: 'queue.strategies.retry-all-label',
+      hint: 'queue.strategies.retry-all-hint',
+    }],
+    [QueueProcessingStrategyTypes.RETRY_FAILED, {
+      label: 'queue.strategies.retry-failed-label',
+      hint: 'queue.strategies.retry-failed-hint',
+    }],
+    [QueueProcessingStrategyTypes.RETRY_TIMED_OUT, {
+      label: 'queue.strategies.retry-timeout-label',
+      hint: 'queue.strategies.retry-timeout-hint',
+    }]
+  ]);
+
 export interface QueueInfo extends BaseData<QueueId> {
   generatedId?: string;
   name: string;
diff --git a/ui-ngx/src/assets/locale/locale.constant-en_US.json b/ui-ngx/src/assets/locale/locale.constant-en_US.json
index ff1f85b1f0..12d35b6e0f 100644
--- a/ui-ngx/src/assets/locale/locale.constant-en_US.json
+++ b/ui-ngx/src/assets/locale/locale.constant-en_US.json
@@ -2821,7 +2821,32 @@
         "copyId": "Copy queue Id",
         "idCopiedMessage": "Queue Id has been copied to clipboard",
         "description": "Description",
-        "alt-description": "Submit Strategy: {{submitStrategy}}, Processing Strategy: {{processingStrategy}}"
+        "description-hint": "This text will be displayed in the Queue description instead of the selected strategy",
+        "alt-description": "Submit Strategy: {{submitStrategy}}, Processing Strategy: {{processingStrategy}}",
+        "strategies": {
+            "sequential-by-originator-label": "Sequential by originator",
+            "sequential-by-originator-hint": "New message for e.g. device A is not submitted until previous message for device A is acknowledged",
+            "sequential-by-tenant-label": "Sequential by tenant",
+            "sequential-by-tenant-hint": "New message for e.g tenant A is not submitted until previous message for tenant A is acknowledged",
+            "sequential-label": "Sequential",
+            "sequential-hint": "New message is not submitted until previous message is acknowledged",
+            "burst-label": "Burst",
+            "burst-hint": "All messages are submitted to the rule chains in the order they arrive",
+            "batch-label": "Batch",
+            "batch-hint": "New batch is not submitted until previous batch is acknowledged",
+            "skip-all-failures-label": "Skip all failures",
+            "skip-all-failures-hint": "Ignore all failures",
+            "skip-all-failures-and-timeouts-label": "Skip all failures and timeouts",
+            "skip-all-failures-and-timeouts-hint": "Ignore all failures and timeouts",
+            "retry-all-label": "Retry all",
+            "retry-all-hint": "Retry all messages from processing pack",
+            "retry-failed-label": "Retry failed",
+            "retry-failed-hint": "Retry all failed messages from processing pack",
+            "retry-timeout-label": "Retry timeout",
+            "retry-timeout-hint": "Retry all timed-out messages from processing pack",
+            "retry-failed-and-timeout-label": "Retry failed and timeout",
+            "retry-failed-and-timeout-hint": "Retry all failed and timed-out messages from processing pack"
+        }
     },
     "tenant": {
         "tenant": "Tenant",

From 370919ef48811395a39175adcc0937252281556d Mon Sep 17 00:00:00 2001
From: fe-dev <Dgerik2015@gmail.com>
Date: Thu, 2 Jun 2022 09:47:54 +0300
Subject: [PATCH 90/92] UI: fix trackby and add customtranslation title

---
 .../tenant-profile-queues.component.html      |  4 ++--
 .../queue/tenant-profile-queues.component.ts  | 15 ++++++++++++++-
 .../components/queue/queue-form.component.ts  |  3 ---
 .../tenant-profiles-table-config.resolver.ts  | 19 +------------------
 4 files changed, 17 insertions(+), 24 deletions(-)

diff --git a/ui-ngx/src/app/modules/home/components/profile/queue/tenant-profile-queues.component.html b/ui-ngx/src/app/modules/home/components/profile/queue/tenant-profile-queues.component.html
index b755e02d8b..784f13d3f4 100644
--- a/ui-ngx/src/app/modules/home/components/profile/queue/tenant-profile-queues.component.html
+++ b/ui-ngx/src/app/modules/home/components/profile/queue/tenant-profile-queues.component.html
@@ -24,7 +24,7 @@
       <mat-expansion-panel-header>
         <div fxFlex fxLayout="row" fxLayoutAlign="start center">
           <mat-panel-title>
-            {{ queuesControl.value.name }}
+            {{ getTitle(queuesControl.value.name) }}
           </mat-panel-title>
           <span fxFlex></span>
           <button *ngIf="!($index === 0) && !disabled" mat-icon-button style="min-width: 40px;"
@@ -37,7 +37,7 @@
         </div>
       </mat-expansion-panel-header>
       <ng-template matExpansionPanelContent>
-        <tb-queue-form [formControl]="queuesControl"></tb-queue-form>
+        <tb-queue-form [formControl]="queuesControl" [newQueue]="newQueue"></tb-queue-form>
       </ng-template>
     </mat-expansion-panel>
   </div>
diff --git a/ui-ngx/src/app/modules/home/components/profile/queue/tenant-profile-queues.component.ts b/ui-ngx/src/app/modules/home/components/profile/queue/tenant-profile-queues.component.ts
index 45a7d87eca..aa5325e974 100644
--- a/ui-ngx/src/app/modules/home/components/profile/queue/tenant-profile-queues.component.ts
+++ b/ui-ngx/src/app/modules/home/components/profile/queue/tenant-profile-queues.component.ts
@@ -56,6 +56,7 @@ export class TenantProfileQueuesComponent implements ControlValueAccessor, Valid
 
   tenantProfileQueuesFormGroup: FormGroup;
   newQueue = false;
+  idMap = [];
 
   private requiredValue: boolean;
   get required(): boolean {
@@ -116,7 +117,13 @@ export class TenantProfileQueuesComponent implements ControlValueAccessor, Valid
     }
     const queuesControls: Array<AbstractControl> = [];
     if (queues) {
-      queues.forEach((queue) => {
+      queues.forEach((queue, index) => {
+        if (!queue.id) {
+          if (!this.idMap[index]) {
+            this.idMap.push(guid());
+          }
+          queue.id = this.idMap[index];
+        }
         queuesControls.push(this.fb.control(queue, [Validators.required]));
       });
     }
@@ -140,6 +147,7 @@ export class TenantProfileQueuesComponent implements ControlValueAccessor, Valid
 
   public removeQueue(index: number) {
     (this.tenantProfileQueuesFormGroup.get('queues') as FormArray).removeAt(index);
+    this.idMap.splice(index, 1);
   }
 
   public addQueue() {
@@ -166,6 +174,7 @@ export class TenantProfileQueuesComponent implements ControlValueAccessor, Valid
         description: ''
       }
     };
+    this.idMap.push(queue.id);
     this.newQueue = true;
     const queuesArray = this.tenantProfileQueuesFormGroup.get('queues') as FormArray;
     queuesArray.push(this.fb.control(queue, []));
@@ -175,6 +184,10 @@ export class TenantProfileQueuesComponent implements ControlValueAccessor, Valid
     }
   }
 
+  getTitle(value): string {
+    return this.utils.customTranslation(value, value);
+  }
+
   public validate(c: AbstractControl): ValidationErrors | null {
     return this.tenantProfileQueuesFormGroup.valid ? null : {
       queues: {
diff --git a/ui-ngx/src/app/modules/home/components/queue/queue-form.component.ts b/ui-ngx/src/app/modules/home/components/queue/queue-form.component.ts
index cb2cf06b88..bb86b1edcb 100644
--- a/ui-ngx/src/app/modules/home/components/queue/queue-form.component.ts
+++ b/ui-ngx/src/app/modules/home/components/queue/queue-form.component.ts
@@ -159,9 +159,6 @@ export class QueueFormComponent implements ControlValueAccessor, OnInit, OnDestr
     if (isDefinedAndNotNull(this.modelValue)) {
       this.queueFormGroup.patchValue(this.modelValue, {emitEvent: false});
       this.submitStrategyTypeChanged();
-      if (!this.modelValue.name) {
-        this.queueFormGroup.get('name').enable({emitEvent: false});
-      }
     }
     if (!this.disabled && !this.queueFormGroup.valid) {
       this.updateModel();
diff --git a/ui-ngx/src/app/modules/home/pages/tenant-profile/tenant-profiles-table-config.resolver.ts b/ui-ngx/src/app/modules/home/pages/tenant-profile/tenant-profiles-table-config.resolver.ts
index d9f7efc602..cf6686d78f 100644
--- a/ui-ngx/src/app/modules/home/pages/tenant-profile/tenant-profiles-table-config.resolver.ts
+++ b/ui-ngx/src/app/modules/home/pages/tenant-profile/tenant-profiles-table-config.resolver.ts
@@ -86,12 +86,7 @@ export class TenantProfilesTableConfigResolver implements Resolve<EntityTableCon
     this.config.deleteEntitiesContent = () => this.translate.instant('tenant-profile.delete-tenant-profiles-text');
 
     this.config.entitiesFetchFunction = pageLink => this.tenantProfileService.getTenantProfiles(pageLink);
-    this.config.loadEntity = id => this.tenantProfileService.getTenantProfile(id.id).pipe(
-      map(tenantProfile => ({
-        ...tenantProfile,
-        profileData: {...tenantProfile.profileData, queueConfiguration: this.addId(tenantProfile.profileData.queueConfiguration)},
-      }))
-    );
+    this.config.loadEntity = id => this.tenantProfileService.getTenantProfile(id.id);
     this.config.saveEntity = tenantProfile => this.tenantProfileService.saveTenantProfile(tenantProfile);
     this.config.deleteEntity = id => this.tenantProfileService.deleteTenantProfile(id.id);
     this.config.onEntityAction = action => this.onTenantProfileAction(action);
@@ -100,18 +95,6 @@ export class TenantProfilesTableConfigResolver implements Resolve<EntityTableCon
     this.config.addActionDescriptors = this.configureAddActions();
   }
 
-  addId(queues) {
-    if (queues) {
-      const queuesWithId = [];
-      queues.forEach(value => {
-        value.id = guid();
-        queuesWithId.push(value);
-      });
-      return queuesWithId;
-    }
-    return null;
-  }
-
   resolve(): EntityTableConfig<TenantProfile> {
     this.config.tableTitle = this.translate.instant('tenant-profile.tenant-profiles');
 

From 484a62b964a234bcf72a0d38f024b22b131b56c0 Mon Sep 17 00:00:00 2001
From: Vladyslav_Prykhodko <vprykhodko@thingsboard.io>
Date: Thu, 2 Jun 2022 11:40:39 +0300
Subject: [PATCH 91/92] Updated rulenode-core-config

---
 .../resources/public/static/rulenode/rulenode-core-config.js    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rule-engine/rule-engine-components/src/main/resources/public/static/rulenode/rulenode-core-config.js b/rule-engine/rule-engine-components/src/main/resources/public/static/rulenode/rulenode-core-config.js
index f7ead71ec3..c4516988b4 100644
--- a/rule-engine/rule-engine-components/src/main/resources/public/static/rulenode/rulenode-core-config.js
+++ b/rule-engine/rule-engine-components/src/main/resources/public/static/rulenode/rulenode-core-config.js
@@ -1 +1 @@
-System.register(["@angular/core","@shared/public-api","@ngrx/store","@angular/forms","@angular/material/form-field","@angular/material/checkbox","@angular/flex-layout/flex","@ngx-translate/core","@angular/material/input","@angular/common","@angular/platform-browser","@angular/material/select","@angular/material/core","@angular/material/expansion","@shared/components/button/toggle-password.component","@shared/components/file-input.component","@shared/components/queue/queue-autocomplete.component","@core/public-api","@shared/components/js-func.component","@angular/material/button","@angular/cdk/keycodes","@angular/material/chips","@angular/material/icon","@angular/flex-layout/extended","@shared/components/entity/entity-type-select.component","@shared/components/entity/entity-select.component","@angular/cdk/coercion","@shared/components/tb-error.component","@angular/material/tooltip","rxjs/operators","@shared/components/tb-checkbox.component","@home/components/sms/sms-provider-configuration.component","@home/components/public-api","@shared/components/relation/relation-type-autocomplete.component","@shared/components/entity/entity-subtype-list.component","@home/components/relation/relation-filters.component","rxjs","@angular/material/autocomplete","@shared/pipe/highlight.pipe","@shared/components/entity/entity-autocomplete.component","@shared/components/entity/entity-type-list.component"],(function(e){"use strict";var t,o,r,a,n,l,i,s,m,u,p,d,f,c,g,x,y,b,h,C,F,L,v,I,N,T,q,k,M,S,A,G,D,V,E,P,R,w,O,H,U,K,B,j,z,_,Q,$,W,Y,J,Z,X,ee,te,oe,re,ae,ne,le,ie,se,me,ue,pe,de,fe,ce,ge,xe,ye,be,he,Ce,Fe,Le,ve,Ie;return{setters:[function(e){t=e,o=e.Component,r=e.Pipe,a=e.ViewChild,n=e.forwardRef,l=e.Input,i=e.NgModule},function(e){s=e.RuleNodeConfigurationComponent,m=e.AttributeScope,u=e.telemetryTypeTranslations,p=e.ServiceType,d=e.AlarmSeverity,f=e.alarmSeverityTranslations,c=e.EntitySearchDirection,g=e.entitySearchDirectionTranslations,x=e.EntityType,y=e.PageComponent,b=e.MessageType,h=e.messageTypeNames,C=e,F=e.SharedModule,L=e.AggregationType,v=e.aggregationTranslations,I=e.alarmStatusTranslations,N=e.AlarmStatus},function(e){T=e},function(e){q=e,k=e.Validators,M=e.NgControl,S=e.NG_VALUE_ACCESSOR,A=e.NG_VALIDATORS,G=e.FormControl},function(e){D=e},function(e){V=e},function(e){E=e},function(e){P=e},function(e){R=e},function(e){w=e,O=e.CommonModule},function(e){H=e},function(e){U=e},function(e){K=e},function(e){B=e},function(e){j=e},function(e){z=e},function(e){_=e},function(e){Q=e,$=e.isDefinedAndNotNull,W=e.isNotEmptyStr},function(e){Y=e},function(e){J=e},function(e){Z=e.ENTER,X=e.COMMA,ee=e.SEMICOLON},function(e){te=e},function(e){oe=e},function(e){re=e},function(e){ae=e},function(e){ne=e},function(e){le=e.coerceBooleanProperty},function(e){ie=e},function(e){se=e},function(e){me=e.distinctUntilChanged,ue=e.startWith,pe=e.map,de=e.mergeMap,fe=e.share},function(e){ce=e},function(e){ge=e},function(e){xe=e.HomeComponentsModule},function(e){ye=e},function(e){be=e},function(e){he=e},function(e){Ce=e.of},function(e){Fe=e},function(e){Le=e},function(e){ve=e},function(e){Ie=e}],execute:function(){class Ne extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.emptyConfigForm}onConfigurationSet(e){this.emptyConfigForm=this.fb.group({})}}e("EmptyConfigComponent",Ne),Ne.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ne,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Ne.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Ne,selector:"tb-node-empty-config",usesInheritance:!0,ngImport:t,template:"<div></div>",isInline:!0}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ne,decorators:[{type:o,args:[{selector:"tb-node-empty-config",template:"<div></div>",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Te{constructor(e){this.sanitizer=e}transform(e){return this.sanitizer.bypassSecurityTrustHtml(e)}}e("SafeHtmlPipe",Te),Te.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Te,deps:[{token:H.DomSanitizer}],target:t.ɵɵFactoryTarget.Pipe}),Te.ɵpipe=t.ɵɵngDeclarePipe({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Te,name:"safeHtml"}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Te,decorators:[{type:r,args:[{name:"safeHtml"}]}],ctorParameters:function(){return[{type:H.DomSanitizer}]}});class qe extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.assignCustomerConfigForm}onConfigurationSet(e){this.assignCustomerConfigForm=this.fb.group({customerNamePattern:[e?e.customerNamePattern:null,[k.required,k.pattern(/.*\S.*/)]],createCustomerIfNotExists:[!!e&&e.createCustomerIfNotExists,[]],customerCacheExpiration:[e?e.customerCacheExpiration:null,[k.required,k.min(0)]]})}prepareOutputConfig(e){return e.customerNamePattern=e.customerNamePattern.trim(),e}}e("AssignCustomerConfigComponent",qe),qe.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:qe,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),qe.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:qe,selector:"tb-action-node-assign-to-customer-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="assignCustomerConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.customer-name-pattern</mat-label>\n    <input required matInput formControlName="customerNamePattern">\n    <mat-error *ngIf="assignCustomerConfigForm.get(\'customerNamePattern\').hasError(\'required\') ||\n                      assignCustomerConfigForm.get(\'customerNamePattern\').hasError(\'pattern\')">\n      {{ \'tb.rulenode.customer-name-pattern-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-checkbox fxFlex formControlName="createCustomerIfNotExists" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.create-customer-if-not-exists\' | translate }}\n  </mat-checkbox>\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.customer-cache-expiration</mat-label>\n    <input required type="number" min="0" step="1" matInput formControlName="customerCacheExpiration">\n    <mat-error *ngIf="assignCustomerConfigForm.get(\'customerCacheExpiration\').hasError(\'required\')">\n      {{ \'tb.rulenode.customer-cache-expiration-required\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="assignCustomerConfigForm.get(\'customerCacheExpiration\').hasError(\'min\')">\n      {{ \'tb.rulenode.customer-cache-expiration-range\' | translate }}\n    </mat-error>\n    <mat-hint translate>tb.rulenode.customer-cache-expiration-hint</mat-hint>\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:qe,decorators:[{type:o,args:[{selector:"tb-action-node-assign-to-customer-config",templateUrl:"./assign-customer-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class ke extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.attributeScopes=Object.keys(m),this.telemetryTypeTranslationsMap=u}configForm(){return this.attributesConfigForm}onConfigurationSet(e){this.attributesConfigForm=this.fb.group({scope:[e?e.scope:null,[k.required]],notifyDevice:[!e||e.notifyDevice,[]]})}}var Me;e("AttributesConfigComponent",ke),ke.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ke,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),ke.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:ke,selector:"tb-action-node-attributes-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="attributesConfigForm" fxLayout="column">\n  <mat-form-field fxFlex class="mat-block">\n    <mat-label translate>attribute.attributes-scope</mat-label>\n    <mat-select formControlName="scope" required>\n      <mat-option *ngFor="let scope of attributeScopes" [value]="scope">\n        {{ telemetryTypeTranslationsMap.get(scope) | translate }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n  <div *ngIf="attributesConfigForm.get(\'scope\').value === \'SHARED_SCOPE\'">\n    <mat-checkbox formControlName="notifyDevice">\n      {{ \'tb.rulenode.notify-device\' | translate }}\n    </mat-checkbox>\n    <div class="tb-hint" style="padding-bottom: 16px;" translate>tb.rulenode.notify-device-hint</div>\n  </div>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ke,decorators:[{type:o,args:[{selector:"tb-action-node-attributes-config",templateUrl:"./attributes-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}}),function(e){e.CUSTOMER="CUSTOMER",e.TENANT="TENANT",e.RELATED="RELATED",e.ALARM_ORIGINATOR="ALARM_ORIGINATOR"}(Me||(Me={}));const Se=new Map([[Me.CUSTOMER,"tb.rulenode.originator-customer"],[Me.TENANT,"tb.rulenode.originator-tenant"],[Me.RELATED,"tb.rulenode.originator-related"],[Me.ALARM_ORIGINATOR,"tb.rulenode.originator-alarm-originator"]]);var Ae;!function(e){e.CIRCLE="CIRCLE",e.POLYGON="POLYGON"}(Ae||(Ae={}));const Ge=new Map([[Ae.CIRCLE,"tb.rulenode.perimeter-circle"],[Ae.POLYGON,"tb.rulenode.perimeter-polygon"]]);var De;!function(e){e.MILLISECONDS="MILLISECONDS",e.SECONDS="SECONDS",e.MINUTES="MINUTES",e.HOURS="HOURS",e.DAYS="DAYS"}(De||(De={}));const Ve=new Map([[De.MILLISECONDS,"tb.rulenode.time-unit-milliseconds"],[De.SECONDS,"tb.rulenode.time-unit-seconds"],[De.MINUTES,"tb.rulenode.time-unit-minutes"],[De.HOURS,"tb.rulenode.time-unit-hours"],[De.DAYS,"tb.rulenode.time-unit-days"]]);var Ee;!function(e){e.METER="METER",e.KILOMETER="KILOMETER",e.FOOT="FOOT",e.MILE="MILE",e.NAUTICAL_MILE="NAUTICAL_MILE"}(Ee||(Ee={}));const Pe=new Map([[Ee.METER,"tb.rulenode.range-unit-meter"],[Ee.KILOMETER,"tb.rulenode.range-unit-kilometer"],[Ee.FOOT,"tb.rulenode.range-unit-foot"],[Ee.MILE,"tb.rulenode.range-unit-mile"],[Ee.NAUTICAL_MILE,"tb.rulenode.range-unit-nautical-mile"]]);var Re;!function(e){e.TITLE="TITLE",e.COUNTRY="COUNTRY",e.STATE="STATE",e.CITY="CITY",e.ZIP="ZIP",e.ADDRESS="ADDRESS",e.ADDRESS2="ADDRESS2",e.PHONE="PHONE",e.EMAIL="EMAIL",e.ADDITIONAL_INFO="ADDITIONAL_INFO"}(Re||(Re={}));const we=new Map([[Re.TITLE,"tb.rulenode.entity-details-title"],[Re.COUNTRY,"tb.rulenode.entity-details-country"],[Re.STATE,"tb.rulenode.entity-details-state"],[Re.CITY,"tb.rulenode.entity-details-city"],[Re.ZIP,"tb.rulenode.entity-details-zip"],[Re.ADDRESS,"tb.rulenode.entity-details-address"],[Re.ADDRESS2,"tb.rulenode.entity-details-address2"],[Re.PHONE,"tb.rulenode.entity-details-phone"],[Re.EMAIL,"tb.rulenode.entity-details-email"],[Re.ADDITIONAL_INFO,"tb.rulenode.entity-details-additional_info"]]);var Oe,He,Ue;!function(e){e.FIRST="FIRST",e.LAST="LAST",e.ALL="ALL"}(Oe||(Oe={})),function(e){e.ASC="ASC",e.DESC="DESC"}(He||(He={})),function(e){e.STANDARD="STANDARD",e.FIFO="FIFO"}(Ue||(Ue={}));const Ke=new Map([[Ue.STANDARD,"tb.rulenode.sqs-queue-standard"],[Ue.FIFO,"tb.rulenode.sqs-queue-fifo"]]),Be=["anonymous","basic","cert.PEM"],je=new Map([["anonymous","tb.rulenode.credentials-anonymous"],["basic","tb.rulenode.credentials-basic"],["cert.PEM","tb.rulenode.credentials-pem"]]),ze=["sas","cert.PEM"],_e=new Map([["sas","tb.rulenode.credentials-sas"],["cert.PEM","tb.rulenode.credentials-pem"]]);var Qe;!function(e){e.GET="GET",e.POST="POST",e.PUT="PUT",e.DELETE="DELETE"}(Qe||(Qe={}));const $e=["US-ASCII","ISO-8859-1","UTF-8","UTF-16BE","UTF-16LE","UTF-16"],We=new Map([["US-ASCII","tb.rulenode.charset-us-ascii"],["ISO-8859-1","tb.rulenode.charset-iso-8859-1"],["UTF-8","tb.rulenode.charset-utf-8"],["UTF-16BE","tb.rulenode.charset-utf-16be"],["UTF-16LE","tb.rulenode.charset-utf-16le"],["UTF-16","tb.rulenode.charset-utf-16"]]);class Ye extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.allAzureIotHubCredentialsTypes=ze,this.azureIotHubCredentialsTypeTranslationsMap=_e}configForm(){return this.azureIotHubConfigForm}onConfigurationSet(e){this.azureIotHubConfigForm=this.fb.group({topicPattern:[e?e.topicPattern:null,[k.required]],host:[e?e.host:null,[k.required]],port:[e?e.port:null,[k.required,k.min(1),k.max(65535)]],connectTimeoutSec:[e?e.connectTimeoutSec:null,[k.required,k.min(1),k.max(200)]],clientId:[e?e.clientId:null,[k.required]],cleanSession:[!!e&&e.cleanSession,[]],ssl:[!!e&&e.ssl,[]],credentials:this.fb.group({type:[e&&e.credentials?e.credentials.type:null,[k.required]],sasKey:[e&&e.credentials?e.credentials.sasKey:null,[]],caCert:[e&&e.credentials?e.credentials.caCert:null,[]],caCertFileName:[e&&e.credentials?e.credentials.caCertFileName:null,[]],privateKey:[e&&e.credentials?e.credentials.privateKey:null,[]],privateKeyFileName:[e&&e.credentials?e.credentials.privateKeyFileName:null,[]],cert:[e&&e.credentials?e.credentials.cert:null,[]],certFileName:[e&&e.credentials?e.credentials.certFileName:null,[]],password:[e&&e.credentials?e.credentials.password:null,[]]})})}prepareOutputConfig(e){const t=e.credentials.type;return"sas"===t&&(e.credentials={type:t,sasKey:e.credentials.sasKey,caCert:e.credentials.caCert,caCertFileName:e.credentials.caCertFileName}),e}validatorTriggers(){return["credentials.type"]}updateValidators(e){const t=this.azureIotHubConfigForm.get("credentials"),o=t.get("type").value;switch(e&&t.reset({type:o},{emitEvent:!1}),t.get("sasKey").setValidators([]),t.get("privateKey").setValidators([]),t.get("privateKeyFileName").setValidators([]),t.get("cert").setValidators([]),t.get("certFileName").setValidators([]),o){case"sas":t.get("sasKey").setValidators([k.required]);break;case"cert.PEM":t.get("privateKey").setValidators([k.required]),t.get("privateKeyFileName").setValidators([k.required]),t.get("cert").setValidators([k.required]),t.get("certFileName").setValidators([k.required])}t.get("sasKey").updateValueAndValidity({emitEvent:e}),t.get("privateKey").updateValueAndValidity({emitEvent:e}),t.get("privateKeyFileName").updateValueAndValidity({emitEvent:e}),t.get("cert").updateValueAndValidity({emitEvent:e}),t.get("certFileName").updateValueAndValidity({emitEvent:e})}}e("AzureIotHubConfigComponent",Ye),Ye.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ye,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Ye.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Ye,selector:"tb-action-node-azure-iot-hub-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="azureIotHubConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.topic</mat-label>\n    <input required matInput formControlName="topicPattern">\n    <mat-error *ngIf="azureIotHubConfigForm.get(\'topicPattern\').hasError(\'required\')">\n      {{ \'tb.rulenode.topic-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.hostname</mat-label>\n    <input required matInput formControlName="host">\n    <mat-error *ngIf="azureIotHubConfigForm.get(\'host\').hasError(\'required\')">\n      {{ \'tb.rulenode.hostname-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.device-id</mat-label>\n    <input required matInput formControlName="clientId" autocomplete="new-clientId">\n    <mat-error *ngIf="azureIotHubConfigForm.get(\'clientId\').hasError(\'required\')">\n      {{ \'tb.rulenode.device-id-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-accordion multi>\n    <mat-expansion-panel class="tb-mqtt-credentials-panel-group">\n      <mat-expansion-panel-header>\n        <mat-panel-title translate>tb.rulenode.credentials</mat-panel-title>\n        <mat-panel-description>\n          {{ azureIotHubCredentialsTypeTranslationsMap.get(azureIotHubConfigForm.get(\'credentials.type\').value) | translate }}\n        </mat-panel-description>\n      </mat-expansion-panel-header>\n      <section formGroupName="credentials" fxLayout="column">\n        <mat-form-field class="mat-block">\n          <mat-label translate>tb.rulenode.credentials-type</mat-label>\n          <mat-select formControlName="type" required>\n            <mat-option *ngFor="let credentialsType of allAzureIotHubCredentialsTypes" [value]="credentialsType">\n              {{ azureIotHubCredentialsTypeTranslationsMap.get(credentialsType) | translate }}\n            </mat-option>\n          </mat-select>\n          <mat-error *ngIf="azureIotHubConfigForm.get(\'credentials.type\').hasError(\'required\')">\n            {{ \'tb.rulenode.credentials-type-required\' | translate }}\n          </mat-error>\n        </mat-form-field>\n        <section fxLayout="column" [ngSwitch]="azureIotHubConfigForm.get(\'credentials.type\').value">\n          <ng-template ngSwitchCase="anonymous">\n          </ng-template>\n          <ng-template ngSwitchCase="sas">\n            <mat-form-field class="mat-block">\n              <mat-label translate>tb.rulenode.sas-key</mat-label>\n              <input type="password" required matInput formControlName="sasKey" autocomplete="new-password">\n              <tb-toggle-password matSuffix></tb-toggle-password>\n              <mat-error *ngIf="azureIotHubConfigForm.get(\'credentials.sasKey\').hasError(\'required\')">\n                {{ \'tb.rulenode.sas-key-required\' | translate }}\n              </mat-error>\n            </mat-form-field>\n            <tb-file-input formControlName="caCert"\n                           inputId="caCertSelect"\n                           [existingFileName]="azureIotHubConfigForm.get(\'credentials.caCertFileName\').value"\n                           (fileNameChanged)="azureIotHubConfigForm.get(\'credentials.caCertFileName\').setValue($event)"\n                           label="{{\'tb.rulenode.azure-ca-cert\' | translate}}"\n                           noFileText="tb.rulenode.no-file"\n                           dropLabel="{{\'tb.rulenode.drop-file\' | translate}}">\n            </tb-file-input>\n          </ng-template>\n          <ng-template ngSwitchCase="cert.PEM">\n            <tb-file-input formControlName="caCert"\n                           inputId="caCertSelect"\n                           [existingFileName]="azureIotHubConfigForm.get(\'credentials.caCertFileName\').value"\n                           (fileNameChanged)="azureIotHubConfigForm.get(\'credentials.caCertFileName\').setValue($event)"\n                           label="{{\'tb.rulenode.azure-ca-cert\' | translate}}"\n                           noFileText="tb.rulenode.no-file"\n                           dropLabel="{{\'tb.rulenode.drop-file\' | translate}}">\n            </tb-file-input>\n            <tb-file-input formControlName="cert"\n                           inputId="CertSelect"\n                           [existingFileName]="azureIotHubConfigForm.get(\'credentials.certFileName\').value"\n                           (fileNameChanged)="azureIotHubConfigForm.get(\'credentials.certFileName\').setValue($event)"\n                           required\n                           requiredAsError\n                           label="{{\'tb.rulenode.cert\' | translate}}"\n                           noFileText="tb.rulenode.no-file"\n                           dropLabel="{{\'tb.rulenode.drop-file\' | translate}}">\n            </tb-file-input>\n            <tb-file-input style="padding-bottom: 8px;"\n                           formControlName="privateKey"\n                           inputId="privateKeySelect"\n                           [existingFileName]="azureIotHubConfigForm.get(\'credentials.privateKeyFileName\').value"\n                           (fileNameChanged)="azureIotHubConfigForm.get(\'credentials.privateKeyFileName\').setValue($event)"\n                           required\n                           requiredAsError\n                           label="{{\'tb.rulenode.private-key\' | translate}}"\n                           noFileText="tb.rulenode.no-file"\n                           dropLabel="{{\'tb.rulenode.drop-file\' | translate}}">\n            </tb-file-input>\n            <mat-form-field class="mat-block">\n              <mat-label translate>tb.rulenode.private-key-password</mat-label>\n              <input type="password" matInput formControlName="password" autocomplete="new-password">\n              <tb-toggle-password matSuffix></tb-toggle-password>\n            </mat-form-field>\n          </ng-template>\n        </section>\n      </section>\n    </mat-expansion-panel>\n    </mat-accordion>\n</section>\n',styles:[":host .tb-mqtt-credentials-panel-group{margin:0 6px}:host .tb-hint.client-id{margin-top:-1.25em;max-width:-moz-fit-content;max-width:fit-content}:host mat-checkbox{padding-bottom:16px}\n"],components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:B.MatExpansionPanel,selector:"mat-expansion-panel",inputs:["disabled","expanded","hideToggle","togglePosition"],outputs:["opened","closed","expandedChange","afterExpand","afterCollapse"],exportAs:["matExpansionPanel"]},{type:B.MatExpansionPanelHeader,selector:"mat-expansion-panel-header",inputs:["tabIndex","expandedHeight","collapsedHeight"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:j.TogglePasswordComponent,selector:"tb-toggle-password"},{type:z.FileInputComponent,selector:"tb-file-input",inputs:["label","accept","noFileText","inputId","allowedExtensions","dropLabel","contentConvertFunction","required","requiredAsError","disabled","existingFileName","readAsBinary","workFromFileObj","multipleFile"],outputs:["fileNameChanged"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:B.MatAccordion,selector:"mat-accordion",inputs:["multi","displayMode","togglePosition","hideToggle"],exportAs:["matAccordion"]},{type:B.MatExpansionPanelTitle,selector:"mat-panel-title"},{type:B.MatExpansionPanelDescription,selector:"mat-panel-description"},{type:q.FormGroupName,selector:"[formGroupName]",inputs:["formGroupName"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:w.NgSwitch,selector:"[ngSwitch]",inputs:["ngSwitch"]},{type:w.NgSwitchCase,selector:"[ngSwitchCase]",inputs:["ngSwitchCase"]},{type:D.MatSuffix,selector:"[matSuffix]"}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ye,decorators:[{type:o,args:[{selector:"tb-action-node-azure-iot-hub-config",templateUrl:"./azure-iot-hub-config.component.html",styleUrls:["./mqtt-config.component.scss"]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Je extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.serviceType=p.TB_RULE_ENGINE}configForm(){return this.checkPointConfigForm}onConfigurationSet(e){this.checkPointConfigForm=this.fb.group({queueId:[e?e.queueId:null,[k.required]]})}}e("CheckPointConfigComponent",Je),Je.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Je,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Je.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Je,selector:"tb-action-node-check-point-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="checkPointConfigForm" fxLayout="column">\n  <tb-queue-autocomplete\n    required\n    [queueType]="serviceType"\n    formControlName="queueId">\n  </tb-queue-autocomplete>\n</section>\n',components:[{type:_.QueueAutocompleteComponent,selector:"tb-queue-autocomplete",inputs:["labelText","requiredText","required","queueType","disabled"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]}]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Je,decorators:[{type:o,args:[{selector:"tb-action-node-check-point-config",templateUrl:"./check-point-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Ze extends s{constructor(e,t,o,r){super(e),this.store=e,this.fb=t,this.nodeScriptTestService=o,this.translate=r}configForm(){return this.clearAlarmConfigForm}onConfigurationSet(e){this.clearAlarmConfigForm=this.fb.group({alarmDetailsBuildJs:[e?e.alarmDetailsBuildJs:null,[k.required]],alarmType:[e?e.alarmType:null,[k.required]]})}testScript(){const e=this.clearAlarmConfigForm.get("alarmDetailsBuildJs").value;this.nodeScriptTestService.testNodeScript(e,"json",this.translate.instant("tb.rulenode.details"),"Details",["msg","metadata","msgType"],this.ruleNodeId,"rulenode/clear_alarm_node_script_fn").subscribe((e=>{e&&this.clearAlarmConfigForm.get("alarmDetailsBuildJs").setValue(e)}))}onValidate(){this.jsFuncComponent.validateOnSubmit()}}e("ClearAlarmConfigComponent",Ze),Ze.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ze,deps:[{token:T.Store},{token:q.FormBuilder},{token:Q.NodeScriptTestService},{token:P.TranslateService}],target:t.ɵɵFactoryTarget.Component}),Ze.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Ze,selector:"tb-action-node-clear-alarm-config",viewQueries:[{propertyName:"jsFuncComponent",first:!0,predicate:["jsFuncComponent"],descendants:!0,static:!0}],usesInheritance:!0,ngImport:t,template:'<section [formGroup]="clearAlarmConfigForm" fxLayout="column">\n  <label translate class="tb-title no-padding">tb.rulenode.alarm-details-builder</label>\n  <tb-js-func #jsFuncComponent\n              formControlName="alarmDetailsBuildJs"\n              functionName="Details"\n              [functionArgs]="[\'msg\', \'metadata\', \'msgType\']"\n              helpId="rulenode/clear_alarm_node_script_fn"\n              noValidate="true">\n  </tb-js-func>\n  <div fxLayout="row" style="padding-bottom: 16px;">\n    <button mat-button mat-raised-button color="primary" (click)="testScript()">\n      {{ \'tb.rulenode.test-details-function\' | translate }}\n    </button>\n  </div>\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.alarm-type</mat-label>\n    <input required matInput formControlName="alarmType">\n    <mat-error *ngIf="clearAlarmConfigForm.get(\'alarmType\').hasError(\'required\')">\n      {{ \'tb.rulenode.alarm-type-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n</section>\n',components:[{type:Y.JsFuncComponent,selector:"tb-js-func",inputs:["functionName","functionArgs","validationArgs","resultType","disabled","fillHeight","editorCompleter","globalVariables","disableUndefinedCheck","helpId","noValidate","required"]},{type:J.MatButton,selector:"button[mat-button], button[mat-raised-button], button[mat-icon-button],             button[mat-fab], button[mat-mini-fab], button[mat-stroked-button],             button[mat-flat-button]",inputs:["disabled","disableRipple","color"],exportAs:["matButton"]},{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:D.MatLabel,selector:"mat-label"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ze,decorators:[{type:o,args:[{selector:"tb-action-node-clear-alarm-config",templateUrl:"./clear-alarm-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder},{type:Q.NodeScriptTestService},{type:P.TranslateService}]},propDecorators:{jsFuncComponent:[{type:a,args:["jsFuncComponent",{static:!0}]}]}});class Xe extends s{constructor(e,t,o,r){super(e),this.store=e,this.fb=t,this.nodeScriptTestService=o,this.translate=r,this.alarmSeverities=Object.keys(d),this.alarmSeverityTranslationMap=f,this.separatorKeysCodes=[Z,X,ee]}configForm(){return this.createAlarmConfigForm}onConfigurationSet(e){this.createAlarmConfigForm=this.fb.group({alarmDetailsBuildJs:[e?e.alarmDetailsBuildJs:null,[k.required]],useMessageAlarmData:[!!e&&e.useMessageAlarmData,[]],overwriteAlarmDetails:[!!e&&e.overwriteAlarmDetails,[]],alarmType:[e?e.alarmType:null,[]],severity:[e?e.severity:null,[]],propagate:[!!e&&e.propagate,[]],relationTypes:[e?e.relationTypes:null,[]],propagateToOwner:[!!e&&e.propagateToOwner,[]],propagateToTenant:[!!e&&e.propagateToTenant,[]],dynamicSeverity:!1}),this.createAlarmConfigForm.get("dynamicSeverity").valueChanges.subscribe((e=>{e?this.createAlarmConfigForm.get("severity").patchValue("",{emitEvent:!1}):this.createAlarmConfigForm.get("severity").patchValue(this.alarmSeverities[0],{emitEvent:!1})}))}validatorTriggers(){return["useMessageAlarmData"]}updateValidators(e){this.createAlarmConfigForm.get("useMessageAlarmData").value?(this.createAlarmConfigForm.get("alarmType").setValidators([]),this.createAlarmConfigForm.get("severity").setValidators([])):(this.createAlarmConfigForm.get("alarmType").setValidators([k.required]),this.createAlarmConfigForm.get("severity").setValidators([k.required])),this.createAlarmConfigForm.get("alarmType").updateValueAndValidity({emitEvent:e}),this.createAlarmConfigForm.get("severity").updateValueAndValidity({emitEvent:e})}testScript(){const e=this.createAlarmConfigForm.get("alarmDetailsBuildJs").value;this.nodeScriptTestService.testNodeScript(e,"json",this.translate.instant("tb.rulenode.details"),"Details",["msg","metadata","msgType"],this.ruleNodeId,"rulenode/create_alarm_node_script_fn").subscribe((e=>{e&&this.createAlarmConfigForm.get("alarmDetailsBuildJs").setValue(e)}))}removeKey(e,t){const o=this.createAlarmConfigForm.get(t).value,r=o.indexOf(e);r>=0&&(o.splice(r,1),this.createAlarmConfigForm.get(t).setValue(o,{emitEvent:!0}))}addKey(e,t){const o=e.input;let r=e.value;if((r||"").trim()){r=r.trim();let e=this.createAlarmConfigForm.get(t).value;e&&-1!==e.indexOf(r)||(e||(e=[]),e.push(r),this.createAlarmConfigForm.get(t).setValue(e,{emitEvent:!0}))}o&&(o.value="")}onValidate(){const e=this.createAlarmConfigForm.get("useMessageAlarmData").value,t=this.createAlarmConfigForm.get("overwriteAlarmDetails").value;e&&!t||this.jsFuncComponent.validateOnSubmit()}}e("CreateAlarmConfigComponent",Xe),Xe.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Xe,deps:[{token:T.Store},{token:q.FormBuilder},{token:Q.NodeScriptTestService},{token:P.TranslateService}],target:t.ɵɵFactoryTarget.Component}),Xe.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Xe,selector:"tb-action-node-create-alarm-config",viewQueries:[{propertyName:"jsFuncComponent",first:!0,predicate:["jsFuncComponent"],descendants:!0,static:!0}],usesInheritance:!0,ngImport:t,template:'<section [formGroup]="createAlarmConfigForm" fxLayout="column">\n  <mat-checkbox formControlName="useMessageAlarmData" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.use-message-alarm-data\' | translate }}\n  </mat-checkbox>\n  <mat-checkbox formControlName="overwriteAlarmDetails" [fxShow]="createAlarmConfigForm.get(\'useMessageAlarmData\').value === true"\n                style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.overwrite-alarm-details\' | translate }}\n  </mat-checkbox>\n  <section fxLayout="column" [fxShow]="createAlarmConfigForm.get(\'useMessageAlarmData\').value === false ||\n                                       createAlarmConfigForm.get(\'overwriteAlarmDetails\').value === true">\n    <label translate class="tb-title no-padding">tb.rulenode.alarm-details-builder</label>\n    <tb-js-func #jsFuncComponent\n                formControlName="alarmDetailsBuildJs"\n                functionName="Details"\n                [functionArgs]="[\'msg\', \'metadata\', \'msgType\']"\n                helpId="rulenode/create_alarm_node_script_fn"\n                noValidate="true">\n    </tb-js-func>\n    <div fxLayout="row" style="padding-bottom: 16px;">\n      <button mat-button mat-raised-button color="primary" (click)="testScript()">\n        {{ \'tb.rulenode.test-details-function\' | translate }}\n      </button>\n    </div>\n  </section>\n  <section fxLayout="column" [fxShow]="createAlarmConfigForm.get(\'useMessageAlarmData\').value === false">\n    <mat-form-field fxFlex style="padding-bottom: 16px;">\n      <mat-label translate>tb.rulenode.alarm-type</mat-label>\n      <input required matInput formControlName="alarmType">\n      <mat-error *ngIf="createAlarmConfigForm.get(\'alarmType\').hasError(\'required\')">\n        {{ \'tb.rulenode.alarm-type-required\' | translate }}\n      </mat-error>\n      <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n    </mat-form-field>\n    <mat-checkbox formControlName="dynamicSeverity" style="padding-bottom: 16px;">\n      {{ \'tb.rulenode.use-alarm-severity-pattern\' | translate }}\n    </mat-checkbox>\n    <mat-form-field fxFlex *ngIf="!createAlarmConfigForm.get(\'dynamicSeverity\').value">\n      <mat-label translate>tb.rulenode.alarm-severity</mat-label>\n      <mat-select formControlName="severity" required>\n        <mat-option *ngFor="let severity of alarmSeverities" [value]="severity">\n          {{ alarmSeverityTranslationMap.get(severity) | translate }}\n        </mat-option>\n      </mat-select>\n      <mat-error *ngIf="createAlarmConfigForm.get(\'severity\').hasError(\'required\')">\n        {{ \'tb.rulenode.alarm-severity-required\' | translate }}\n      </mat-error>\n    </mat-form-field>\n    <mat-form-field fxFlex *ngIf="createAlarmConfigForm.get(\'dynamicSeverity\').value" style="padding-bottom: 32px;">\n      <mat-label translate>tb.rulenode.alarm-severity-pattern</mat-label>\n      <input matInput formControlName="severity" required>\n      <mat-error *ngIf="createAlarmConfigForm.get(\'severity\').hasError(\'required\')">\n        {{ \'tb.rulenode.alarm-severity-required\' | translate }}\n      </mat-error>\n      <mat-hint [innerHTML]="\'tb.rulenode.alarm-severity-pattern-hint\' | translate | safeHtml"></mat-hint>\n    </mat-form-field>\n    <mat-checkbox formControlName="propagate" style="padding-bottom: 16px;">\n      {{ \'tb.rulenode.propagate\' | translate }}\n    </mat-checkbox>\n    <section *ngIf="createAlarmConfigForm.get(\'propagate\').value === true">\n      <mat-form-field floatLabel="always" class="mat-block" style="padding-bottom: 16px;">\n        <mat-label translate>tb.rulenode.relation-types-list</mat-label>\n        <mat-chip-list #relationTypesChipList>\n          <mat-chip\n            *ngFor="let key of createAlarmConfigForm.get(\'relationTypes\').value;"\n            (removed)="removeKey(key, \'relationTypes\')">\n            {{key}}\n            <mat-icon matChipRemove>close</mat-icon>\n          </mat-chip>\n          <input matInput type="text" placeholder="{{\'tb.rulenode.relation-types-list\' | translate}}"\n                 style="max-width: 200px;"\n                 [matChipInputFor]="relationTypesChipList"\n                 [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n                 (matChipInputTokenEnd)="addKey($event, \'relationTypes\')"\n                 [matChipInputAddOnBlur]="true">\n        </mat-chip-list>\n        <mat-hint translate>tb.rulenode.relation-types-list-hint</mat-hint>\n      </mat-form-field>\n    </section>\n    <mat-checkbox formControlName="propagateToOwner" style="padding-bottom: 16px;">\n      {{ \'tb.rulenode.propagate-to-owner\' | translate }}\n    </mat-checkbox>\n    <mat-checkbox formControlName="propagateToTenant" style="padding-bottom: 16px;">\n      {{ \'tb.rulenode.propagate-to-tenant\' | translate }}\n    </mat-checkbox>\n  </section>\n</section>\n',components:[{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:Y.JsFuncComponent,selector:"tb-js-func",inputs:["functionName","functionArgs","validationArgs","resultType","disabled","fillHeight","editorCompleter","globalVariables","disableUndefinedCheck","helpId","noValidate","required"]},{type:J.MatButton,selector:"button[mat-button], button[mat-raised-button], button[mat-icon-button],             button[mat-fab], button[mat-mini-fab], button[mat-stroked-button],             button[mat-flat-button]",inputs:["disabled","disableRipple","color"],exportAs:["matButton"]},{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:te.MatChipList,selector:"mat-chip-list",inputs:["aria-orientation","multiple","compareWith","value","required","placeholder","disabled","selectable","tabIndex","errorStateMatcher"],outputs:["change","valueChange"],exportAs:["matChipList"]},{type:oe.MatIcon,selector:"mat-icon",inputs:["color","inline","svgIcon","fontSet","fontIcon"],exportAs:["matIcon"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:re.DefaultShowHideDirective,selector:"  [fxShow], [fxShow.print],  [fxShow.xs], [fxShow.sm], [fxShow.md], [fxShow.lg], [fxShow.xl],  [fxShow.lt-sm], [fxShow.lt-md], [fxShow.lt-lg], [fxShow.lt-xl],  [fxShow.gt-xs], [fxShow.gt-sm], [fxShow.gt-md], [fxShow.gt-lg],  [fxHide], [fxHide.print],  [fxHide.xs], [fxHide.sm], [fxHide.md], [fxHide.lg], [fxHide.xl],  [fxHide.lt-sm], [fxHide.lt-md], [fxHide.lt-lg], [fxHide.lt-xl],  [fxHide.gt-xs], [fxHide.gt-sm], [fxHide.gt-md], [fxHide.gt-lg]",inputs:["fxShow","fxShow.print","fxShow.xs","fxShow.sm","fxShow.md","fxShow.lg","fxShow.xl","fxShow.lt-sm","fxShow.lt-md","fxShow.lt-lg","fxShow.lt-xl","fxShow.gt-xs","fxShow.gt-sm","fxShow.gt-md","fxShow.gt-lg","fxHide","fxHide.print","fxHide.xs","fxHide.sm","fxHide.md","fxHide.lg","fxHide.xl","fxHide.lt-sm","fxHide.lt-md","fxHide.lt-lg","fxHide.lt-xl","fxHide.gt-xs","fxHide.gt-sm","fxHide.gt-md","fxHide.gt-lg"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:D.MatLabel,selector:"mat-label"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:te.MatChip,selector:"mat-basic-chip, [mat-basic-chip], mat-chip, [mat-chip]",inputs:["color","disableRipple","tabIndex","selected","value","selectable","disabled","removable"],outputs:["selectionChange","destroyed","removed"],exportAs:["matChip"]},{type:te.MatChipRemove,selector:"[matChipRemove]"},{type:te.MatChipInput,selector:"input[matChipInputFor]",inputs:["matChipInputSeparatorKeyCodes","placeholder","id","matChipInputFor","matChipInputAddOnBlur","disabled"],outputs:["matChipInputTokenEnd"],exportAs:["matChipInput","matChipInputFor"]}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Xe,decorators:[{type:o,args:[{selector:"tb-action-node-create-alarm-config",templateUrl:"./create-alarm-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder},{type:Q.NodeScriptTestService},{type:P.TranslateService}]},propDecorators:{jsFuncComponent:[{type:a,args:["jsFuncComponent",{static:!0}]}]}});class et extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.directionTypes=Object.keys(c),this.directionTypeTranslations=g,this.entityType=x}configForm(){return this.createRelationConfigForm}onConfigurationSet(e){this.createRelationConfigForm=this.fb.group({direction:[e?e.direction:null,[k.required]],entityType:[e?e.entityType:null,[k.required]],entityNamePattern:[e?e.entityNamePattern:null,[]],entityTypePattern:[e?e.entityTypePattern:null,[]],relationType:[e?e.relationType:null,[k.required]],createEntityIfNotExists:[!!e&&e.createEntityIfNotExists,[]],removeCurrentRelations:[!!e&&e.removeCurrentRelations,[]],changeOriginatorToRelatedEntity:[!!e&&e.changeOriginatorToRelatedEntity,[]],entityCacheExpiration:[e?e.entityCacheExpiration:null,[k.required,k.min(0)]]})}validatorTriggers(){return["entityType"]}updateValidators(e){const t=this.createRelationConfigForm.get("entityType").value;t?this.createRelationConfigForm.get("entityNamePattern").setValidators([k.required,k.pattern(/.*\S.*/)]):this.createRelationConfigForm.get("entityNamePattern").setValidators([]),!t||t!==x.DEVICE&&t!==x.ASSET?this.createRelationConfigForm.get("entityTypePattern").setValidators([]):this.createRelationConfigForm.get("entityTypePattern").setValidators([k.required,k.pattern(/.*\S.*/)]),this.createRelationConfigForm.get("entityNamePattern").updateValueAndValidity({emitEvent:e}),this.createRelationConfigForm.get("entityTypePattern").updateValueAndValidity({emitEvent:e})}prepareOutputConfig(e){return e.entityNamePattern=e.entityNamePattern?e.entityNamePattern.trim():null,e.entityTypePattern=e.entityTypePattern?e.entityTypePattern.trim():null,e}}e("CreateRelationConfigComponent",et),et.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:et,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),et.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:et,selector:"tb-action-node-create-relation-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="createRelationConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" style="min-width: 100px;">\n    <mat-label translate>relation.direction</mat-label>\n    <mat-select required matInput formControlName="direction">\n      <mat-option *ngFor="let type of directionTypes" [value]="type">\n        {{ directionTypeTranslations.get(type) | translate }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n  <div fxLayout="row" fxLayoutGap="8px">\n    <tb-entity-type-select\n      showLabel\n      style="min-width: 100px;"\n      required\n      formControlName="entityType">\n    </tb-entity-type-select>\n    <mat-form-field *ngIf="createRelationConfigForm.get(\'entityType\').value" fxFlex class="mat-block" style="padding-bottom: 40px;">\n      <mat-label translate>tb.rulenode.entity-name-pattern</mat-label>\n      <input required matInput formControlName="entityNamePattern">\n      <mat-error *ngIf="createRelationConfigForm.get(\'entityNamePattern\').hasError(\'required\') ||\n                        createRelationConfigForm.get(\'entityNamePattern\').hasError(\'pattern\')">\n        {{ \'tb.rulenode.entity-name-pattern-required\' | translate }}\n      </mat-error>\n      <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n    </mat-form-field>\n    <mat-form-field *ngIf="createRelationConfigForm.get(\'entityType\').value === entityType.DEVICE ||\n                           createRelationConfigForm.get(\'entityType\').value === entityType.ASSET"\n                    fxFlex class="mat-block" style="padding-bottom: 40px;">\n      <mat-label translate>tb.rulenode.entity-type-pattern</mat-label>\n      <input required matInput formControlName="entityTypePattern">\n      <mat-error *ngIf="createRelationConfigForm.get(\'entityTypePattern\').hasError(\'required\') ||\n                        createRelationConfigForm.get(\'entityTypePattern\').hasError(\'pattern\')">\n        {{ \'tb.rulenode.entity-type-pattern-required\' | translate }}\n      </mat-error>\n      <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n    </mat-form-field>\n  </div>\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.relation-type-pattern</mat-label>\n    <input required matInput formControlName="relationType">\n    <mat-error *ngIf="createRelationConfigForm.get(\'relationType\').hasError(\'required\')">\n      {{ \'tb.rulenode.relation-type-pattern-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <section *ngIf="createRelationConfigForm.get(\'entityType\').value === entityType.CUSTOMER ||\n                  createRelationConfigForm.get(\'entityType\').value === entityType.DEVICE ||\n                  createRelationConfigForm.get(\'entityType\').value === entityType.ASSET">\n    <mat-checkbox formControlName="createEntityIfNotExists">\n      {{ \'tb.rulenode.create-entity-if-not-exists\' | translate }}\n    </mat-checkbox>\n    <div class="tb-hint" style="padding-bottom: 16px;" translate>tb.rulenode.create-entity-if-not-exists-hint</div>\n  </section>\n  <mat-checkbox formControlName="removeCurrentRelations">\n    {{ \'tb.rulenode.remove-current-relations\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" style="padding-bottom: 16px;" translate>tb.rulenode.remove-current-relations-hint</div>\n  <mat-checkbox formControlName="changeOriginatorToRelatedEntity">\n    {{ \'tb.rulenode.change-originator-to-related-entity\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" style="padding-bottom: 16px;" translate>tb.rulenode.change-originator-to-related-entity-hint</div>\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.entity-cache-expiration</mat-label>\n    <input required type="number" min="0" step="1" matInput formControlName="entityCacheExpiration">\n    <mat-error *ngIf="createRelationConfigForm.get(\'entityCacheExpiration\').hasError(\'required\')">\n      {{ \'tb.rulenode.entity-cache-expiration-required\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="createRelationConfigForm.get(\'entityCacheExpiration\').hasError(\'min\')">\n      {{ \'tb.rulenode.entity-cache-expiration-range\' | translate }}\n    </mat-error>\n    <mat-hint translate>tb.rulenode.entity-cache-expiration-hint</mat-hint>\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:ae.EntityTypeSelectComponent,selector:"tb-entity-type-select",inputs:["allowedEntityTypes","useAliasEntityTypes","showLabel","required","disabled"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:et,decorators:[{type:o,args:[{selector:"tb-action-node-create-relation-config",templateUrl:"./create-relation-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class tt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.directionTypes=Object.keys(c),this.directionTypeTranslations=g,this.entityType=x}configForm(){return this.deleteRelationConfigForm}onConfigurationSet(e){this.deleteRelationConfigForm=this.fb.group({deleteForSingleEntity:[!!e&&e.deleteForSingleEntity,[]],direction:[e?e.direction:null,[k.required]],entityType:[e?e.entityType:null,[]],entityNamePattern:[e?e.entityNamePattern:null,[]],relationType:[e?e.relationType:null,[k.required]],entityCacheExpiration:[e?e.entityCacheExpiration:null,[k.required,k.min(0)]]})}validatorTriggers(){return["deleteForSingleEntity","entityType"]}updateValidators(e){const t=this.deleteRelationConfigForm.get("deleteForSingleEntity").value,o=this.deleteRelationConfigForm.get("entityType").value;t?this.deleteRelationConfigForm.get("entityType").setValidators([k.required]):this.deleteRelationConfigForm.get("entityType").setValidators([]),t&&o?this.deleteRelationConfigForm.get("entityNamePattern").setValidators([k.required,k.pattern(/.*\S.*/)]):this.deleteRelationConfigForm.get("entityNamePattern").setValidators([]),this.deleteRelationConfigForm.get("entityType").updateValueAndValidity({emitEvent:!1}),this.deleteRelationConfigForm.get("entityNamePattern").updateValueAndValidity({emitEvent:e})}prepareOutputConfig(e){return e.entityNamePattern=e.entityNamePattern?e.entityNamePattern.trim():null,e}}e("DeleteRelationConfigComponent",tt),tt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:tt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),tt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:tt,selector:"tb-action-node-delete-relation-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="deleteRelationConfigForm" fxLayout="column">\n  <mat-checkbox formControlName="deleteForSingleEntity">\n    {{ \'tb.rulenode.delete-relation-to-specific-entity\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" style="padding-bottom: 16px;" translate>tb.rulenode.delete-relation-hint</div>\n  <mat-form-field class="mat-block" style="min-width: 100px;">\n    <mat-label translate>relation.direction</mat-label>\n    <mat-select required matInput formControlName="direction">\n      <mat-option *ngFor="let type of directionTypes" [value]="type">\n        {{ directionTypeTranslations.get(type) | translate }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n  <div *ngIf="deleteRelationConfigForm.get(\'deleteForSingleEntity\').value" fxLayout="row" fxLayoutGap="8px">\n    <tb-entity-type-select\n      showLabel\n      style="min-width: 100px;"\n      required\n      formControlName="entityType">\n    </tb-entity-type-select>\n    <mat-form-field *ngIf="deleteRelationConfigForm.get(\'entityType\').value" fxFlex class="mat-block" style="padding-bottom: 32px;">\n      <mat-label translate>tb.rulenode.entity-name-pattern</mat-label>\n      <input required matInput formControlName="entityNamePattern">\n      <mat-error *ngIf="deleteRelationConfigForm.get(\'entityNamePattern\').hasError(\'required\') ||\n                        deleteRelationConfigForm.get(\'entityNamePattern\').hasError(\'pattern\')">\n        {{ \'tb.rulenode.entity-name-pattern-required\' | translate }}\n      </mat-error>\n      <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n    </mat-form-field>\n  </div>\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.relation-type-pattern</mat-label>\n    <input required matInput formControlName="relationType">\n    <mat-error *ngIf="deleteRelationConfigForm.get(\'relationType\').hasError(\'required\')">\n      {{ \'tb.rulenode.relation-type-pattern-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.entity-cache-expiration</mat-label>\n    <input required type="number" min="0" step="1" matInput formControlName="entityCacheExpiration">\n    <mat-error *ngIf="deleteRelationConfigForm.get(\'entityCacheExpiration\').hasError(\'required\')">\n      {{ \'tb.rulenode.entity-cache-expiration-required\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="deleteRelationConfigForm.get(\'entityCacheExpiration\').hasError(\'min\')">\n      {{ \'tb.rulenode.entity-cache-expiration-range\' | translate }}\n    </mat-error>\n    <mat-hint translate>tb.rulenode.entity-cache-expiration-hint</mat-hint>\n  </mat-form-field>\n</section>\n',components:[{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:ae.EntityTypeSelectComponent,selector:"tb-entity-type-select",inputs:["allowedEntityTypes","useAliasEntityTypes","showLabel","required","disabled"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:D.MatLabel,selector:"mat-label"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:tt,decorators:[{type:o,args:[{selector:"tb-action-node-delete-relation-config",templateUrl:"./delete-relation-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class ot extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.deviceProfile}onConfigurationSet(e){this.deviceProfile=this.fb.group({persistAlarmRulesState:[!!e&&e.persistAlarmRulesState,k.required],fetchAlarmRulesStateOnStart:[!!e&&e.fetchAlarmRulesStateOnStart,k.required]})}}e("DeviceProfileConfigComponent",ot),ot.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ot,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),ot.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:ot,selector:"tb-device-profile-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="deviceProfile" fxLayout="column">\n  <mat-checkbox fxFlex formControlName="persistAlarmRulesState" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.persist-alarm-rules\' | translate }}\n  </mat-checkbox>\n  <mat-checkbox fxFlex formControlName="fetchAlarmRulesStateOnStart" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.fetch-alarm-rules\' | translate }}\n  </mat-checkbox>\n</section>\n',components:[{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ot,decorators:[{type:o,args:[{selector:"tb-device-profile-config",templateUrl:"./device-profile-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class rt extends s{constructor(e,t,o,r){super(e),this.store=e,this.fb=t,this.nodeScriptTestService=o,this.translate=r}configForm(){return this.generatorConfigForm}onConfigurationSet(e){this.generatorConfigForm=this.fb.group({msgCount:[e?e.msgCount:null,[k.required,k.min(0)]],periodInSeconds:[e?e.periodInSeconds:null,[k.required,k.min(1)]],originator:[e?e.originator:null,[]],jsScript:[e?e.jsScript:null,[k.required]]})}prepareInputConfig(e){return e&&(e.originatorId&&e.originatorType?e.originator={id:e.originatorId,entityType:e.originatorType}:e.originator=null,delete e.originatorId,delete e.originatorType),e}prepareOutputConfig(e){return e.originator?(e.originatorId=e.originator.id,e.originatorType=e.originator.entityType):(e.originatorId=null,e.originatorType=null),delete e.originator,e}testScript(){const e=this.generatorConfigForm.get("jsScript").value;this.nodeScriptTestService.testNodeScript(e,"generate",this.translate.instant("tb.rulenode.generator"),"Generate",["prevMsg","prevMetadata","prevMsgType"],this.ruleNodeId,"rulenode/generator_node_script_fn").subscribe((e=>{e&&this.generatorConfigForm.get("jsScript").setValue(e)}))}onValidate(){this.jsFuncComponent.validateOnSubmit()}}e("GeneratorConfigComponent",rt),rt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:rt,deps:[{token:T.Store},{token:q.FormBuilder},{token:Q.NodeScriptTestService},{token:P.TranslateService}],target:t.ɵɵFactoryTarget.Component}),rt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:rt,selector:"tb-action-node-generator-config",viewQueries:[{propertyName:"jsFuncComponent",first:!0,predicate:["jsFuncComponent"],descendants:!0,static:!0}],usesInheritance:!0,ngImport:t,template:'<section [formGroup]="generatorConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.message-count</mat-label>\n    <input required type="number" min="0" step="1" matInput formControlName="msgCount">\n    <mat-error *ngIf="generatorConfigForm.get(\'msgCount\').hasError(\'required\')">\n      {{ \'tb.rulenode.message-count-required\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="generatorConfigForm.get(\'msgCount\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-message-count-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.period-seconds</mat-label>\n    <input required type="number" min="1" step="1" matInput formControlName="periodInSeconds">\n    <mat-error *ngIf="generatorConfigForm.get(\'periodInSeconds\').hasError(\'required\')">\n      {{ \'tb.rulenode.period-seconds-required\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="generatorConfigForm.get(\'periodInSeconds\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-period-seconds-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <div fxLayout="column">\n    <label class="tb-small">{{ \'tb.rulenode.originator\' | translate }}</label>\n    <tb-entity-select\n      required="false"\n      formControlName="originator">\n    </tb-entity-select>\n  </div>\n  <label translate class="tb-title no-padding">tb.rulenode.generate</label>\n  <tb-js-func #jsFuncComponent\n              formControlName="jsScript"\n              functionName="Generate"\n              [functionArgs]="[\'prevMsg\', \'prevMetadata\', \'prevMsgType\']"\n              helpId="rulenode/generator_node_script_fn"\n              noValidate="true">\n  </tb-js-func>\n  <div fxLayout="row" style="padding-bottom: 16px;">\n    <button mat-button mat-raised-button color="primary" (click)="testScript()">\n      {{ \'tb.rulenode.test-generator-function\' | translate }}\n    </button>\n  </div>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:ne.EntitySelectComponent,selector:"tb-entity-select",inputs:["allowedEntityTypes","useAliasEntityTypes","required","disabled"]},{type:Y.JsFuncComponent,selector:"tb-js-func",inputs:["functionName","functionArgs","validationArgs","resultType","disabled","fillHeight","editorCompleter","globalVariables","disableUndefinedCheck","helpId","noValidate","required"]},{type:J.MatButton,selector:"button[mat-button], button[mat-raised-button], button[mat-icon-button],             button[mat-fab], button[mat-mini-fab], button[mat-stroked-button],             button[mat-flat-button]",inputs:["disabled","disableRipple","color"],exportAs:["matButton"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:rt,decorators:[{type:o,args:[{selector:"tb-action-node-generator-config",templateUrl:"./generator-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder},{type:Q.NodeScriptTestService},{type:P.TranslateService}]},propDecorators:{jsFuncComponent:[{type:a,args:["jsFuncComponent",{static:!0}]}]}});class at extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.perimeterType=Ae,this.perimeterTypes=Object.keys(Ae),this.perimeterTypeTranslationMap=Ge,this.rangeUnits=Object.keys(Ee),this.rangeUnitTranslationMap=Pe,this.timeUnits=Object.keys(De),this.timeUnitsTranslationMap=Ve}configForm(){return this.geoActionConfigForm}onConfigurationSet(e){this.geoActionConfigForm=this.fb.group({latitudeKeyName:[e?e.latitudeKeyName:null,[k.required]],longitudeKeyName:[e?e.longitudeKeyName:null,[k.required]],perimeterType:[e?e.perimeterType:null,[k.required]],fetchPerimeterInfoFromMessageMetadata:[!!e&&e.fetchPerimeterInfoFromMessageMetadata,[]],perimeterKeyName:[e?e.perimeterKeyName:null,[]],centerLatitude:[e?e.centerLatitude:null,[]],centerLongitude:[e?e.centerLatitude:null,[]],range:[e?e.range:null,[]],rangeUnit:[e?e.rangeUnit:null,[]],polygonsDefinition:[e?e.polygonsDefinition:null,[]],minInsideDuration:[e?e.minInsideDuration:null,[k.required,k.min(1),k.max(2147483647)]],minInsideDurationTimeUnit:[e?e.minInsideDurationTimeUnit:null,[k.required]],minOutsideDuration:[e?e.minOutsideDuration:null,[k.required,k.min(1),k.max(2147483647)]],minOutsideDurationTimeUnit:[e?e.minOutsideDurationTimeUnit:null,[k.required]]})}validatorTriggers(){return["fetchPerimeterInfoFromMessageMetadata","perimeterType"]}updateValidators(e){const t=this.geoActionConfigForm.get("fetchPerimeterInfoFromMessageMetadata").value,o=this.geoActionConfigForm.get("perimeterType").value;t?this.geoActionConfigForm.get("perimeterKeyName").setValidators([k.required]):this.geoActionConfigForm.get("perimeterKeyName").setValidators([]),t||o!==Ae.CIRCLE?(this.geoActionConfigForm.get("centerLatitude").setValidators([]),this.geoActionConfigForm.get("centerLongitude").setValidators([]),this.geoActionConfigForm.get("range").setValidators([]),this.geoActionConfigForm.get("rangeUnit").setValidators([])):(this.geoActionConfigForm.get("centerLatitude").setValidators([k.required,k.min(-90),k.max(90)]),this.geoActionConfigForm.get("centerLongitude").setValidators([k.required,k.min(-180),k.max(180)]),this.geoActionConfigForm.get("range").setValidators([k.required,k.min(0)]),this.geoActionConfigForm.get("rangeUnit").setValidators([k.required])),t||o!==Ae.POLYGON?this.geoActionConfigForm.get("polygonsDefinition").setValidators([]):this.geoActionConfigForm.get("polygonsDefinition").setValidators([k.required]),this.geoActionConfigForm.get("perimeterKeyName").updateValueAndValidity({emitEvent:e}),this.geoActionConfigForm.get("centerLatitude").updateValueAndValidity({emitEvent:e}),this.geoActionConfigForm.get("centerLongitude").updateValueAndValidity({emitEvent:e}),this.geoActionConfigForm.get("range").updateValueAndValidity({emitEvent:e}),this.geoActionConfigForm.get("rangeUnit").updateValueAndValidity({emitEvent:e}),this.geoActionConfigForm.get("polygonsDefinition").updateValueAndValidity({emitEvent:e})}}e("GpsGeoActionConfigComponent",at),at.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:at,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),at.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:at,selector:"tb-action-node-gps-geofencing-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="geoActionConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.latitude-key-name</mat-label>\n    <input matInput formControlName="latitudeKeyName" required>\n    <mat-error *ngIf="geoActionConfigForm.get(\'latitudeKeyName\').hasError(\'required\')">\n      {{ \'tb.rulenode.latitude-key-name-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.longitude-key-name</mat-label>\n    <input matInput formControlName="longitudeKeyName" required>\n    <mat-error *ngIf="geoActionConfigForm.get(\'longitudeKeyName\').hasError(\'required\')">\n      {{ \'tb.rulenode.longitude-key-name-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field fxFlex class="mat-block">\n    <mat-label translate>tb.rulenode.perimeter-type</mat-label>\n    <mat-select formControlName="perimeterType" required>\n      <mat-option *ngFor="let type of perimeterTypes" [value]="type">\n        {{ perimeterTypeTranslationMap.get(type) | translate }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n  <mat-checkbox fxFlex formControlName="fetchPerimeterInfoFromMessageMetadata" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.fetch-perimeter-info-from-message-metadata\' | translate }}\n  </mat-checkbox>\n  <mat-form-field *ngIf="geoActionConfigForm.get(\'fetchPerimeterInfoFromMessageMetadata\').value" class="mat-block">\n    <mat-label translate>tb.rulenode.perimeter-key-name</mat-label>\n    <input matInput formControlName="perimeterKeyName" required>\n    <mat-error *ngIf="geoActionConfigForm.get(\'perimeterKeyName\').hasError(\'required\')">\n      {{ \'tb.rulenode.perimeter-key-name-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <div fxLayout="column"\n       *ngIf="geoActionConfigForm.get(\'perimeterType\').value === perimeterType.CIRCLE &&\n       !geoActionConfigForm.get(\'fetchPerimeterInfoFromMessageMetadata\').value">\n    <div fxLayout="row" fxLayoutGap="8px">\n      <mat-form-field fxFlex>\n        <mat-label translate>tb.rulenode.circle-center-latitude</mat-label>\n        <input type="number" min="-90" max="90" step="0.1" matInput formControlName="centerLatitude" required>\n        <mat-error *ngIf="geoActionConfigForm.get(\'centerLatitude\').hasError(\'required\')">\n          {{ \'tb.rulenode.circle-center-latitude-required\' | translate }}\n        </mat-error>\n      </mat-form-field>\n      <mat-form-field fxFlex>\n        <mat-label translate>tb.rulenode.circle-center-longitude</mat-label>\n        <input type="number" min="-180" max="180" step="0.1" matInput formControlName="centerLongitude" required>\n        <mat-error *ngIf="geoActionConfigForm.get(\'centerLongitude\').hasError(\'required\')">\n          {{ \'tb.rulenode.circle-center-longitude-required\' | translate }}\n        </mat-error>\n      </mat-form-field>\n    </div>\n    <div fxLayout="row" fxLayoutGap="8px">\n      <mat-form-field fxFlex>\n        <mat-label translate>tb.rulenode.range</mat-label>\n        <input type="number" min="0" step="0.1" matInput formControlName="range" required>\n        <mat-error *ngIf="geoActionConfigForm.get(\'range\').hasError(\'required\')">\n          {{ \'tb.rulenode.range-required\' | translate }}\n        </mat-error>\n      </mat-form-field>\n      <mat-form-field fxFlex>\n        <mat-label translate>tb.rulenode.range-units</mat-label>\n        <mat-select formControlName="rangeUnit" required>\n          <mat-option *ngFor="let type of rangeUnits" [value]="type">\n            {{ rangeUnitTranslationMap.get(type) | translate }}\n          </mat-option>\n        </mat-select>\n      </mat-form-field>\n    </div>\n  </div>\n  <div fxLayout="column" *ngIf="geoActionConfigForm.get(\'perimeterType\').value === perimeterType.POLYGON &&\n                             !geoActionConfigForm.get(\'fetchPerimeterInfoFromMessageMetadata\').value">\n    <mat-form-field class="mat-block" hintLabel="{{\'tb.rulenode.polygon-definition-hint\' | translate}}" style="padding-bottom: 16px;">\n      <mat-label translate>tb.rulenode.polygon-definition</mat-label>\n      <input matInput formControlName="polygonsDefinition" required>\n      <mat-error *ngIf="geoActionConfigForm.get(\'polygonsDefinition\').hasError(\'required\')">\n        {{ \'tb.rulenode.polygon-definition-required\' | translate }}\n      </mat-error>\n    </mat-form-field>\n  </div>\n  <div fxLayout="column" fxLayout.gt-sm="row" fxLayoutGap.gt-sm="8px">\n    <mat-form-field fxFlex class="mat-block">\n      <mat-label translate>tb.rulenode.min-inside-duration</mat-label>\n      <input type="number" step="1" min="1" max="2147483647" matInput formControlName="minInsideDuration" required>\n      <mat-error *ngIf="geoActionConfigForm.get(\'minInsideDuration\').hasError(\'required\')">\n        {{ \'tb.rulenode.min-inside-duration-value-required\' | translate }}\n      </mat-error>\n      <mat-error *ngIf="geoActionConfigForm.get(\'minInsideDuration\').hasError(\'min\')">\n        {{ \'tb.rulenode.time-value-range\' | translate }}\n      </mat-error>\n      <mat-error *ngIf="geoActionConfigForm.get(\'minInsideDuration\').hasError(\'max\')">\n        {{ \'tb.rulenode.time-value-range\' | translate }}\n      </mat-error>\n    </mat-form-field>\n    <mat-form-field fxFlex class="mat-block">\n      <mat-label translate>tb.rulenode.min-inside-duration-time-unit</mat-label>\n      <mat-select formControlName="minInsideDurationTimeUnit" required>\n        <mat-option *ngFor="let timeUnit of timeUnits" [value]="timeUnit">\n          {{ timeUnitsTranslationMap.get(timeUnit) | translate }}\n        </mat-option>\n      </mat-select>\n    </mat-form-field>\n  </div>\n  <div fxLayout="column" fxLayout.gt-sm="row" fxLayoutGap.gt-sm="8px">\n    <mat-form-field fxFlex class="mat-block">\n      <mat-label translate>tb.rulenode.min-outside-duration</mat-label>\n      <input type="number" step="1" min="1" max="2147483647" matInput formControlName="minOutsideDuration" required>\n      <mat-error *ngIf="geoActionConfigForm.get(\'minOutsideDuration\').hasError(\'required\')">\n        {{ \'tb.rulenode.min-outside-duration-value-required\' | translate }}\n      </mat-error>\n      <mat-error *ngIf="geoActionConfigForm.get(\'minOutsideDuration\').hasError(\'min\')">\n        {{ \'tb.rulenode.time-value-range\' | translate }}\n      </mat-error>\n      <mat-error *ngIf="geoActionConfigForm.get(\'minOutsideDuration\').hasError(\'max\')">\n        {{ \'tb.rulenode.time-value-range\' | translate }}\n      </mat-error>\n    </mat-form-field>\n    <mat-form-field fxFlex class="mat-block">\n      <mat-label translate>tb.rulenode.min-outside-duration-time-unit</mat-label>\n      <mat-select formControlName="minOutsideDurationTimeUnit" required>\n        <mat-option *ngFor="let timeUnit of timeUnits" [value]="timeUnit">\n          {{ timeUnitsTranslationMap.get(timeUnit) | translate }}\n        </mat-option>\n      </mat-select>\n    </mat-form-field>\n  </div>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.MaxValidator,selector:"input[type=number][max][formControlName],input[type=number][max][formControl],input[type=number][max][ngModel]",inputs:["max"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:at,decorators:[{type:o,args:[{selector:"tb-action-node-gps-geofencing-config",templateUrl:"./gps-geo-action-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class nt extends y{constructor(e,t,o,r){super(e),this.store=e,this.translate=t,this.injector=o,this.fb=r,this.propagateChange=null,this.valueChangeSubscription=null}get required(){return this.requiredValue}set required(e){this.requiredValue=le(e)}ngOnInit(){this.ngControl=this.injector.get(M),null!=this.ngControl&&(this.ngControl.valueAccessor=this),this.kvListFormGroup=this.fb.group({}),this.kvListFormGroup.addControl("keyVals",this.fb.array([]))}keyValsFormArray(){return this.kvListFormGroup.get("keyVals")}registerOnChange(e){this.propagateChange=e}registerOnTouched(e){}setDisabledState(e){this.disabled=e,this.disabled?this.kvListFormGroup.disable({emitEvent:!1}):this.kvListFormGroup.enable({emitEvent:!1})}writeValue(e){this.valueChangeSubscription&&this.valueChangeSubscription.unsubscribe();const t=[];if(e)for(const o of Object.keys(e))Object.prototype.hasOwnProperty.call(e,o)&&t.push(this.fb.group({key:[o,[k.required]],value:[e[o],[k.required]]}));this.kvListFormGroup.setControl("keyVals",this.fb.array(t)),this.valueChangeSubscription=this.kvListFormGroup.valueChanges.subscribe((()=>{this.updateModel()}))}removeKeyVal(e){this.kvListFormGroup.get("keyVals").removeAt(e)}addKeyVal(){this.kvListFormGroup.get("keyVals").push(this.fb.group({key:["",[k.required]],value:["",[k.required]]}))}validate(e){return!this.kvListFormGroup.get("keyVals").value.length&&this.required?{kvMapRequired:!0}:this.kvListFormGroup.valid?null:{kvFieldsRequired:!0}}updateModel(){const e=this.kvListFormGroup.get("keyVals").value;if(this.required&&!e.length||!this.kvListFormGroup.valid)this.propagateChange(null);else{const t={};e.forEach((e=>{t[e.key]=e.value})),this.propagateChange(t)}}}e("KvMapConfigComponent",nt),nt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:nt,deps:[{token:T.Store},{token:P.TranslateService},{token:t.Injector},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),nt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:nt,selector:"tb-kv-map-config",inputs:{disabled:"disabled",requiredText:"requiredText",keyText:"keyText",keyRequiredText:"keyRequiredText",valText:"valText",valRequiredText:"valRequiredText",hintText:"hintText",required:"required"},providers:[{provide:S,useExisting:n((()=>nt)),multi:!0},{provide:A,useExisting:n((()=>nt)),multi:!0}],usesInheritance:!0,ngImport:t,template:'<section fxLayout="column" class="tb-kv-map-config" [formGroup]="kvListFormGroup">\n  <div class="header" fxFlex fxLayout="row" fxLayoutGap="8px">\n    <span class="cell" fxFlex>{{ keyText | translate }}</span>\n    <span class="cell" fxFlex>{{ valText | translate }}</span>\n    <span [fxShow]="!disabled" style="width: 52px;" innerHTML="&nbsp"></span>\n  </div>\n  <div class="body">\n    <div class="row" fxLayout="row" fxLayoutAlign="start center" fxLayoutGap="8px"\n         formArrayName="keyVals"\n         *ngFor="let keyValControl of keyValsFormArray().controls; let $index = index">\n      <mat-form-field fxFlex floatLabel="always" hideRequiredMarker class="cell mat-block">\n        <mat-label></mat-label>\n        <input [formControl]="keyValControl.get(\'key\')" matInput required\n               placeholder="{{ keyText | translate }}"/>\n        <mat-error *ngIf="keyValControl.get(\'key\').hasError(\'required\')">\n          {{ keyRequiredText | translate }}\n        </mat-error>\n      </mat-form-field>\n      <mat-form-field fxFlex floatLabel="always" hideRequiredMarker class="cell mat-block">\n        <mat-label></mat-label>\n        <input [formControl]="keyValControl.get(\'value\')" matInput required\n               placeholder="{{ valText | translate }}"/>\n        <mat-error *ngIf="keyValControl.get(\'value\').hasError(\'required\')">\n          {{ valRequiredText | translate }}\n        </mat-error>\n      </mat-form-field>\n      <button mat-button mat-icon-button color="primary"\n              [fxShow]="!disabled"\n              type="button"\n              (click)="removeKeyVal($index)"\n              [disabled]="isLoading$ | async"\n              matTooltip="{{ \'tb.key-val.remove-entry\' | translate }}"\n              matTooltipPosition="above">\n        <mat-icon>close</mat-icon>\n      </button>\n    </div>\n    <div *ngIf="hintText" class="tb-hint" [innerHTML]="hintText | translate | safeHtml"></div>\n  </div>\n  <tb-error [error]="ngControl.hasError(\'kvMapRequired\')\n                  ? translate.instant(requiredText) : \'\'"></tb-error>\n  <div style="margin-top: 8px;">\n    <button mat-button mat-raised-button color="primary"\n            [fxShow]="!disabled"\n            [disabled]="isLoading$ | async"\n            (click)="addKeyVal()"\n            type="button"\n            matTooltip="{{ \'tb.key-val.add-entry\' | translate }}"\n            matTooltipPosition="above">\n      <mat-icon>add</mat-icon>\n      {{ \'action.add\' | translate }}\n    </button>\n  </div>\n</section>\n',styles:[":host .tb-kv-map-config{margin-bottom:16px}:host .tb-kv-map-config .header{padding-left:5px;padding-right:5px;padding-bottom:5px}:host .tb-kv-map-config .header .cell{padding-left:5px;padding-right:5px;color:#0000008a;font-size:12px;font-weight:700;white-space:nowrap}:host .tb-kv-map-config .body{padding-left:5px;padding-right:5px;padding-bottom:20px;max-height:300px;overflow:auto}:host .tb-kv-map-config .body .cell{padding-left:5px;padding-right:5px}:host ::ng-deep .tb-kv-map-config .body mat-form-field.cell{margin:0}:host ::ng-deep .tb-kv-map-config .body mat-form-field.cell .mat-form-field-infix{border-top:0}:host ::ng-deep .tb-kv-map-config .body button.mat-button{margin:0;align-self:baseline}\n"],components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:J.MatButton,selector:"button[mat-button], button[mat-raised-button], button[mat-icon-button],             button[mat-fab], button[mat-mini-fab], button[mat-stroked-button],             button[mat-flat-button]",inputs:["disabled","disableRipple","color"],exportAs:["matButton"]},{type:oe.MatIcon,selector:"mat-icon",inputs:["color","inline","svgIcon","fontSet","fontIcon"],exportAs:["matIcon"]},{type:ie.TbErrorComponent,selector:"tb-error",inputs:["error"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:re.DefaultShowHideDirective,selector:"  [fxShow], [fxShow.print],  [fxShow.xs], [fxShow.sm], [fxShow.md], [fxShow.lg], [fxShow.xl],  [fxShow.lt-sm], [fxShow.lt-md], [fxShow.lt-lg], [fxShow.lt-xl],  [fxShow.gt-xs], [fxShow.gt-sm], [fxShow.gt-md], [fxShow.gt-lg],  [fxHide], [fxHide.print],  [fxHide.xs], [fxHide.sm], [fxHide.md], [fxHide.lg], [fxHide.xl],  [fxHide.lt-sm], [fxHide.lt-md], [fxHide.lt-lg], [fxHide.lt-xl],  [fxHide.gt-xs], [fxHide.gt-sm], [fxHide.gt-md], [fxHide.gt-lg]",inputs:["fxShow","fxShow.print","fxShow.xs","fxShow.sm","fxShow.md","fxShow.lg","fxShow.xl","fxShow.lt-sm","fxShow.lt-md","fxShow.lt-lg","fxShow.lt-xl","fxShow.gt-xs","fxShow.gt-sm","fxShow.gt-md","fxShow.gt-lg","fxHide","fxHide.print","fxHide.xs","fxHide.sm","fxHide.md","fxHide.lg","fxHide.xl","fxHide.lt-sm","fxHide.lt-md","fxHide.lt-lg","fxHide.lt-xl","fxHide.gt-xs","fxHide.gt-sm","fxHide.gt-md","fxHide.gt-lg"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:E.DefaultLayoutAlignDirective,selector:"  [fxLayoutAlign], [fxLayoutAlign.xs], [fxLayoutAlign.sm], [fxLayoutAlign.md],  [fxLayoutAlign.lg], [fxLayoutAlign.xl], [fxLayoutAlign.lt-sm], [fxLayoutAlign.lt-md],  [fxLayoutAlign.lt-lg], [fxLayoutAlign.lt-xl], [fxLayoutAlign.gt-xs], [fxLayoutAlign.gt-sm],  [fxLayoutAlign.gt-md], [fxLayoutAlign.gt-lg]",inputs:["fxLayoutAlign","fxLayoutAlign.xs","fxLayoutAlign.sm","fxLayoutAlign.md","fxLayoutAlign.lg","fxLayoutAlign.xl","fxLayoutAlign.lt-sm","fxLayoutAlign.lt-md","fxLayoutAlign.lt-lg","fxLayoutAlign.lt-xl","fxLayoutAlign.gt-xs","fxLayoutAlign.gt-sm","fxLayoutAlign.gt-md","fxLayoutAlign.gt-lg"]},{type:q.FormArrayName,selector:"[formArrayName]",inputs:["formArrayName"]},{type:D.MatLabel,selector:"mat-label"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlDirective,selector:"[formControl]",inputs:["disabled","formControl","ngModel"],outputs:["ngModelChange"],exportAs:["ngForm"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:se.MatTooltip,selector:"[matTooltip]",exportAs:["matTooltip"]}],pipes:{translate:P.TranslatePipe,async:w.AsyncPipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:nt,decorators:[{type:o,args:[{selector:"tb-kv-map-config",templateUrl:"./kv-map-config.component.html",styleUrls:["./kv-map-config.component.scss"],providers:[{provide:S,useExisting:n((()=>nt)),multi:!0},{provide:A,useExisting:n((()=>nt)),multi:!0}]}]}],ctorParameters:function(){return[{type:T.Store},{type:P.TranslateService},{type:t.Injector},{type:q.FormBuilder}]},propDecorators:{disabled:[{type:l}],requiredText:[{type:l}],keyText:[{type:l}],keyRequiredText:[{type:l}],valText:[{type:l}],valRequiredText:[{type:l}],hintText:[{type:l}],required:[{type:l}]}});class lt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.ackValues=["all","-1","0","1"],this.ToByteStandartCharsetTypesValues=$e,this.ToByteStandartCharsetTypeTranslationMap=We}configForm(){return this.kafkaConfigForm}onConfigurationSet(e){this.kafkaConfigForm=this.fb.group({topicPattern:[e?e.topicPattern:null,[k.required]],bootstrapServers:[e?e.bootstrapServers:null,[k.required]],retries:[e?e.retries:null,[k.min(0)]],batchSize:[e?e.batchSize:null,[k.min(0)]],linger:[e?e.linger:null,[k.min(0)]],bufferMemory:[e?e.bufferMemory:null,[k.min(0)]],acks:[e?e.acks:null,[k.required]],keySerializer:[e?e.keySerializer:null,[k.required]],valueSerializer:[e?e.valueSerializer:null,[k.required]],otherProperties:[e?e.otherProperties:null,[]],addMetadataKeyValuesAsKafkaHeaders:[!!e&&e.addMetadataKeyValuesAsKafkaHeaders,[]],kafkaHeadersCharset:[e?e.kafkaHeadersCharset:null,[]]})}validatorTriggers(){return["addMetadataKeyValuesAsKafkaHeaders"]}updateValidators(e){this.kafkaConfigForm.get("addMetadataKeyValuesAsKafkaHeaders").value?this.kafkaConfigForm.get("kafkaHeadersCharset").setValidators([k.required]):this.kafkaConfigForm.get("kafkaHeadersCharset").setValidators([]),this.kafkaConfigForm.get("kafkaHeadersCharset").updateValueAndValidity({emitEvent:e})}}e("KafkaConfigComponent",lt),lt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:lt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),lt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:lt,selector:"tb-action-node-kafka-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="kafkaConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" style="padding-bottom: 8px;">\n    <mat-label translate>tb.rulenode.topic-pattern</mat-label>\n    <input required matInput formControlName="topicPattern">\n    <mat-error *ngIf="kafkaConfigForm.get(\'topicPattern\').hasError(\'required\')">\n      {{ \'tb.rulenode.topic-pattern-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.bootstrap-servers</mat-label>\n    <input required matInput formControlName="bootstrapServers">\n    <mat-error *ngIf="kafkaConfigForm.get(\'bootstrapServers\').hasError(\'required\')">\n      {{ \'tb.rulenode.bootstrap-servers-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.retries</mat-label>\n    <input type="number" step="1" min="0" matInput formControlName="retries">\n    <mat-error *ngIf="kafkaConfigForm.get(\'retries\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-retries-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.batch-size-bytes</mat-label>\n    <input type="number" step="1" min="0" matInput formControlName="batchSize">\n    <mat-error *ngIf="kafkaConfigForm.get(\'batchSize\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-batch-size-bytes-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.linger-ms</mat-label>\n    <input type="number" step="1" min="0" matInput formControlName="linger">\n    <mat-error *ngIf="kafkaConfigForm.get(\'linger\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-linger-ms-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.buffer-memory-bytes</mat-label>\n    <input type="number" step="1" min="0" matInput formControlName="bufferMemory">\n    <mat-error *ngIf="kafkaConfigForm.get(\'bufferMemory\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-buffer-memory-bytes-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.acks</mat-label>\n    <mat-select formControlName="acks" required>\n      <mat-option *ngFor="let ackValue of ackValues" [value]="ackValue">\n        {{ ackValue }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.key-serializer</mat-label>\n    <input required matInput formControlName="keySerializer">\n    <mat-error *ngIf="kafkaConfigForm.get(\'keySerializer\').hasError(\'required\')">\n      {{ \'tb.rulenode.key-serializer-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.value-serializer</mat-label>\n    <input required matInput formControlName="valueSerializer">\n    <mat-error *ngIf="kafkaConfigForm.get(\'valueSerializer\').hasError(\'required\')">\n      {{ \'tb.rulenode.value-serializer-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <label translate class="tb-title">tb.rulenode.other-properties</label>\n  <tb-kv-map-config\n    required="false"\n    formControlName="otherProperties"\n    keyText="tb.rulenode.key"\n    keyRequiredText="tb.rulenode.key-required"\n    valText="tb.rulenode.value"\n    valRequiredText="tb.rulenode.value-required">\n  </tb-kv-map-config>\n  <mat-checkbox fxFlex formControlName="addMetadataKeyValuesAsKafkaHeaders" style="padding-top: 16px;">\n    {{ \'tb.rulenode.add-metadata-key-values-as-kafka-headers\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" translate>tb.rulenode.add-metadata-key-values-as-kafka-headers-hint</div>\n  <mat-form-field fxFlex class="mat-block" *ngIf="kafkaConfigForm.get(\'addMetadataKeyValuesAsKafkaHeaders\').value">\n    <mat-label translate>tb.rulenode.charset-encoding</mat-label>\n    <mat-select formControlName="kafkaHeadersCharset" required>\n      <mat-option *ngFor="let charset of ToByteStandartCharsetTypesValues" [value]="charset">\n        {{ ToByteStandartCharsetTypeTranslationMap.get(charset) | translate }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:nt,selector:"tb-kv-map-config",inputs:["disabled","requiredText","keyText","keyRequiredText","valText","valRequiredText","hintText","required"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:lt,decorators:[{type:o,args:[{selector:"tb-action-node-kafka-config",templateUrl:"./kafka-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class it extends s{constructor(e,t,o,r){super(e),this.store=e,this.fb=t,this.nodeScriptTestService=o,this.translate=r}configForm(){return this.logConfigForm}onConfigurationSet(e){this.logConfigForm=this.fb.group({jsScript:[e?e.jsScript:null,[k.required]]})}testScript(){const e=this.logConfigForm.get("jsScript").value;this.nodeScriptTestService.testNodeScript(e,"string",this.translate.instant("tb.rulenode.to-string"),"ToString",["msg","metadata","msgType"],this.ruleNodeId,"rulenode/log_node_script_fn").subscribe((e=>{e&&this.logConfigForm.get("jsScript").setValue(e)}))}onValidate(){this.jsFuncComponent.validateOnSubmit()}}e("LogConfigComponent",it),it.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:it,deps:[{token:T.Store},{token:q.FormBuilder},{token:Q.NodeScriptTestService},{token:P.TranslateService}],target:t.ɵɵFactoryTarget.Component}),it.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:it,selector:"tb-action-node-log-config",viewQueries:[{propertyName:"jsFuncComponent",first:!0,predicate:["jsFuncComponent"],descendants:!0,static:!0}],usesInheritance:!0,ngImport:t,template:'<section [formGroup]="logConfigForm" fxLayout="column">\n  <label translate class="tb-title no-padding">tb.rulenode.to-string</label>\n  <tb-js-func #jsFuncComponent\n              formControlName="jsScript"\n              functionName="ToString"\n              [functionArgs]="[\'msg\', \'metadata\', \'msgType\']"\n              helpId="rulenode/log_node_script_fn"\n              noValidate="true">\n  </tb-js-func>\n  <div fxLayout="row">\n    <button mat-button mat-raised-button color="primary" (click)="testScript()">\n      {{ \'tb.rulenode.test-to-string-function\' | translate }}\n    </button>\n  </div>\n</section>\n',components:[{type:Y.JsFuncComponent,selector:"tb-js-func",inputs:["functionName","functionArgs","validationArgs","resultType","disabled","fillHeight","editorCompleter","globalVariables","disableUndefinedCheck","helpId","noValidate","required"]},{type:J.MatButton,selector:"button[mat-button], button[mat-raised-button], button[mat-icon-button],             button[mat-fab], button[mat-mini-fab], button[mat-stroked-button],             button[mat-flat-button]",inputs:["disabled","disableRipple","color"],exportAs:["matButton"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:it,decorators:[{type:o,args:[{selector:"tb-action-node-log-config",templateUrl:"./log-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder},{type:Q.NodeScriptTestService},{type:P.TranslateService}]},propDecorators:{jsFuncComponent:[{type:a,args:["jsFuncComponent",{static:!0}]}]}});class st extends y{constructor(e,t){super(e),this.store=e,this.fb=t,this.subscriptions=[],this.disableCertPemCredentials=!1,this.passwordFieldRquired=!0,this.allCredentialsTypes=Be,this.credentialsTypeTranslationsMap=je,this.propagateChange=null}get required(){return this.requiredValue}set required(e){this.requiredValue=le(e)}ngOnInit(){this.credentialsConfigFormGroup=this.fb.group({type:[null,[k.required]],username:[null,[]],password:[null,[]],caCert:[null,[]],caCertFileName:[null,[]],privateKey:[null,[]],privateKeyFileName:[null,[]],cert:[null,[]],certFileName:[null,[]]}),this.subscriptions.push(this.credentialsConfigFormGroup.valueChanges.pipe(me()).subscribe((()=>{this.updateView()}))),this.subscriptions.push(this.credentialsConfigFormGroup.get("type").valueChanges.subscribe((()=>{this.credentialsTypeChanged()})))}ngOnChanges(e){for(const t of Object.keys(e)){const o=e[t];if(!o.firstChange&&o.currentValue!==o.previousValue&&o.currentValue&&"disableCertPemCredentials"===t){"cert.PEM"===this.credentialsConfigFormGroup.get("type").value&&setTimeout((()=>{this.credentialsConfigFormGroup.get("type").patchValue("anonymous",{emitEvent:!0})}))}}}ngOnDestroy(){this.subscriptions.forEach((e=>e.unsubscribe()))}writeValue(e){$(e)&&(this.credentialsConfigFormGroup.reset(e,{emitEvent:!1}),this.updateValidators(!1))}setDisabledState(e){e?this.credentialsConfigFormGroup.disable():(this.credentialsConfigFormGroup.enable(),this.updateValidators())}updateView(){let e=this.credentialsConfigFormGroup.value;const t=e.type;switch(t){case"anonymous":e={type:t};break;case"basic":e={type:t,username:e.username,password:e.password};break;case"cert.PEM":delete e.username}this.propagateChange(e)}registerOnChange(e){this.propagateChange=e}registerOnTouched(e){}validate(e){return this.credentialsConfigFormGroup.valid?null:{credentialsConfig:{valid:!1}}}credentialsTypeChanged(){this.credentialsConfigFormGroup.patchValue({username:null,password:null,caCert:null,caCertFileName:null,privateKey:null,privateKeyFileName:null,cert:null,certFileName:null}),this.updateValidators()}updateValidators(e=!1){const t=this.credentialsConfigFormGroup.get("type").value;switch(e&&this.credentialsConfigFormGroup.reset({type:t},{emitEvent:!1}),this.credentialsConfigFormGroup.setValidators([]),this.credentialsConfigFormGroup.get("username").setValidators([]),this.credentialsConfigFormGroup.get("password").setValidators([]),t){case"anonymous":break;case"basic":this.credentialsConfigFormGroup.get("username").setValidators([k.required]),this.credentialsConfigFormGroup.get("password").setValidators(this.passwordFieldRquired?[k.required]:[]);break;case"cert.PEM":this.credentialsConfigFormGroup.setValidators([this.requiredFilesSelected(k.required,[["caCert","caCertFileName"],["privateKey","privateKeyFileName","cert","certFileName"]])])}this.credentialsConfigFormGroup.get("username").updateValueAndValidity({emitEvent:e}),this.credentialsConfigFormGroup.get("password").updateValueAndValidity({emitEvent:e}),this.credentialsConfigFormGroup.updateValueAndValidity({emitEvent:e})}requiredFilesSelected(e,t=null){return o=>{t||(t=[Object.keys(o.controls)]);return(null==o?void 0:o.controls)&&t.some((t=>t.every((t=>!e(o.controls[t])))))?null:{notAllRequiredFilesSelected:!0}}}}e("CredentialsConfigComponent",st),st.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:st,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),st.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:st,selector:"tb-credentials-config",inputs:{required:"required",disableCertPemCredentials:"disableCertPemCredentials",passwordFieldRquired:"passwordFieldRquired"},providers:[{provide:S,useExisting:n((()=>st)),multi:!0},{provide:A,useExisting:n((()=>st)),multi:!0}],usesInheritance:!0,usesOnChanges:!0,ngImport:t,template:'<section [formGroup]="credentialsConfigFormGroup" fxLayout="column">\n  <mat-expansion-panel class="tb-credentials-config-panel-group">\n    <mat-expansion-panel-header>\n      <mat-panel-title translate>tb.rulenode.credentials</mat-panel-title>\n      <mat-panel-description>\n        {{ credentialsTypeTranslationsMap.get(credentialsConfigFormGroup.get(\'type\').value) | translate }}\n      </mat-panel-description>\n    </mat-expansion-panel-header>\n    <ng-template matExpansionPanelContent>\n      <mat-form-field class="mat-block">\n        <mat-label translate>tb.rulenode.credentials-type</mat-label>\n        <mat-select formControlName="type" required>\n          <mat-option *ngFor="let credentialsType of allCredentialsTypes" [value]="credentialsType" [disabled]="credentialsType === \'cert.PEM\' && disableCertPemCredentials">\n            {{ credentialsTypeTranslationsMap.get(credentialsType) | translate }}\n          </mat-option>\n        </mat-select>\n        <mat-error *ngIf="credentialsConfigFormGroup.get(\'type\').hasError(\'required\')">\n          {{ \'tb.rulenode.credentials-type-required\' | translate }}\n        </mat-error>\n      </mat-form-field>\n      <section fxLayout="column" [ngSwitch]="credentialsConfigFormGroup.get(\'type\').value">\n        <ng-template ngSwitchCase="anonymous">\n        </ng-template>\n        <ng-template ngSwitchCase="basic">\n          <mat-form-field class="mat-block">\n            <mat-label translate>tb.rulenode.username</mat-label>\n            <input required matInput formControlName="username">\n            <mat-error *ngIf="credentialsConfigFormGroup.get(\'username\').hasError(\'required\')">\n              {{ \'tb.rulenode.username-required\' | translate }}\n            </mat-error>\n          </mat-form-field>\n          <mat-form-field class="mat-block">\n            <mat-label translate>tb.rulenode.password</mat-label>\n            <input type="password" [required]="passwordFieldRquired" matInput formControlName="password">\n            <tb-toggle-password matSuffix></tb-toggle-password>\n            <mat-error *ngIf="credentialsConfigFormGroup.get(\'password\').hasError(\'required\') && passwordFieldRquired">\n              {{ \'tb.rulenode.password-required\' | translate }}\n            </mat-error>\n          </mat-form-field>\n        </ng-template>\n        <ng-template ngSwitchCase="cert.PEM">\n          <div class="tb-hint">{{ \'tb.rulenode.credentials-pem-hint\' | translate }}</div>\n          <tb-file-input formControlName="caCert"\n                         inputId="caCertSelect"\n                         [existingFileName]="credentialsConfigFormGroup.get(\'caCertFileName\').value"\n                         (fileNameChanged)="credentialsConfigFormGroup.get(\'caCertFileName\').setValue($event)"\n                         label="{{\'tb.rulenode.ca-cert\' | translate}}"\n                         noFileText="tb.rulenode.no-file"\n                         dropLabel="{{\'tb.rulenode.drop-file\' | translate}}">\n          </tb-file-input>\n          <tb-file-input formControlName="cert"\n                         inputId="CertSelect"\n                         [existingFileName]="credentialsConfigFormGroup.get(\'certFileName\').value"\n                         (fileNameChanged)="credentialsConfigFormGroup.get(\'certFileName\').setValue($event)"\n                         label="{{\'tb.rulenode.cert\' | translate}}"\n                         noFileText="tb.rulenode.no-file"\n                         dropLabel="{{\'tb.rulenode.drop-file\' | translate}}">\n          </tb-file-input>\n          <tb-file-input style="padding-bottom: 8px;"\n                         formControlName="privateKey"\n                         inputId="privateKeySelect"\n                         [existingFileName]="credentialsConfigFormGroup.get(\'privateKeyFileName\').value"\n                         (fileNameChanged)="credentialsConfigFormGroup.get(\'privateKeyFileName\').setValue($event)"\n                         label="{{\'tb.rulenode.private-key\' | translate}}"\n                         noFileText="tb.rulenode.no-file"\n                         dropLabel="{{\'tb.rulenode.drop-file\' | translate}}">\n          </tb-file-input>\n          <mat-form-field class="mat-block">\n            <mat-label translate>tb.rulenode.private-key-password</mat-label>\n            <input type="password" matInput formControlName="password">\n            <tb-toggle-password matSuffix></tb-toggle-password>\n          </mat-form-field>\n        </ng-template>\n      </section>\n    </ng-template>\n  </mat-expansion-panel>\n</section>\n',components:[{type:B.MatExpansionPanel,selector:"mat-expansion-panel",inputs:["disabled","expanded","hideToggle","togglePosition"],outputs:["opened","closed","expandedChange","afterExpand","afterCollapse"],exportAs:["matExpansionPanel"]},{type:B.MatExpansionPanelHeader,selector:"mat-expansion-panel-header",inputs:["tabIndex","expandedHeight","collapsedHeight"]},{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:j.TogglePasswordComponent,selector:"tb-toggle-password"},{type:z.FileInputComponent,selector:"tb-file-input",inputs:["label","accept","noFileText","inputId","allowedExtensions","dropLabel","contentConvertFunction","required","requiredAsError","disabled","existingFileName","readAsBinary","workFromFileObj","multipleFile"],outputs:["fileNameChanged"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:B.MatExpansionPanelTitle,selector:"mat-panel-title"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:B.MatExpansionPanelDescription,selector:"mat-panel-description"},{type:B.MatExpansionPanelContent,selector:"ng-template[matExpansionPanelContent]"},{type:D.MatLabel,selector:"mat-label"},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:w.NgSwitch,selector:"[ngSwitch]",inputs:["ngSwitch"]},{type:w.NgSwitchCase,selector:"[ngSwitchCase]",inputs:["ngSwitchCase"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:D.MatSuffix,selector:"[matSuffix]"}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:st,decorators:[{type:o,args:[{selector:"tb-credentials-config",templateUrl:"./credentials-config.component.html",styleUrls:[],providers:[{provide:S,useExisting:n((()=>st)),multi:!0},{provide:A,useExisting:n((()=>st)),multi:!0}]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]},propDecorators:{required:[{type:l}],disableCertPemCredentials:[{type:l}],passwordFieldRquired:[{type:l}]}});class mt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.subscriptions=[]}configForm(){return this.mqttConfigForm}onConfigurationSet(e){this.mqttConfigForm=this.fb.group({topicPattern:[e?e.topicPattern:null,[k.required]],host:[e?e.host:null,[k.required]],port:[e?e.port:null,[k.required,k.min(1),k.max(65535)]],connectTimeoutSec:[e?e.connectTimeoutSec:null,[k.required,k.min(1),k.max(200)]],clientId:[e?e.clientId:null,[]],appendClientIdSuffix:[{value:!!e&&e.appendClientIdSuffix,disabled:!(e&&W(e.clientId))},[]],cleanSession:[!!e&&e.cleanSession,[]],ssl:[!!e&&e.ssl,[]],credentials:[e?e.credentials:null,[]]}),this.subscriptions.push(this.mqttConfigForm.get("clientId").valueChanges.subscribe((e=>{W(e)?this.mqttConfigForm.get("appendClientIdSuffix").enable({emitEvent:!1}):this.mqttConfigForm.get("appendClientIdSuffix").disable({emitEvent:!1})})))}ngOnDestroy(){this.subscriptions.forEach((e=>e.unsubscribe()))}}e("MqttConfigComponent",mt),mt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:mt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),mt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:mt,selector:"tb-action-node-mqtt-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="mqttConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.topic-pattern</mat-label>\n    <input required matInput formControlName="topicPattern">\n    <mat-error *ngIf="mqttConfigForm.get(\'topicPattern\').hasError(\'required\')">\n      {{ \'tb.rulenode.topic-pattern-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <div fxFlex fxLayout="column" fxLayout.gt-sm="row" fxLayoutGap.gt-sm="8px">\n    <mat-form-field fxFlex="60" class="mat-block">\n      <mat-label translate>tb.rulenode.host</mat-label>\n      <input required matInput formControlName="host">\n      <mat-error *ngIf="mqttConfigForm.get(\'host\').hasError(\'required\')">\n        {{ \'tb.rulenode.host-required\' | translate }}\n      </mat-error>\n    </mat-form-field>\n    <mat-form-field fxFlex="40" class="mat-block">\n      <mat-label translate>tb.rulenode.port</mat-label>\n      <input required type="number" step="1" min="1" max="65535" matInput formControlName="port">\n      <mat-error *ngIf="mqttConfigForm.get(\'port\').hasError(\'required\')">\n        {{ \'tb.rulenode.port-required\' | translate }}\n      </mat-error>\n      <mat-error *ngIf="mqttConfigForm.get(\'port\').hasError(\'min\')">\n        {{ \'tb.rulenode.port-range\' | translate }}\n      </mat-error>\n      <mat-error *ngIf="mqttConfigForm.get(\'port\').hasError(\'max\')">\n        {{ \'tb.rulenode.port-range\' | translate }}\n      </mat-error>\n    </mat-form-field>\n    <mat-form-field fxFlex="40" class="mat-block">\n      <mat-label translate>tb.rulenode.connect-timeout</mat-label>\n      <input required type="number" step="1" min="1" max="200" matInput formControlName="connectTimeoutSec">\n      <mat-error *ngIf="mqttConfigForm.get(\'connectTimeoutSec\').hasError(\'required\')">\n        {{ \'tb.rulenode.connect-timeout-required\' | translate }}\n      </mat-error>\n      <mat-error *ngIf="mqttConfigForm.get(\'connectTimeoutSec\').hasError(\'min\')">\n        {{ \'tb.rulenode.connect-timeout-range\' | translate }}\n      </mat-error>\n      <mat-error *ngIf="mqttConfigForm.get(\'connectTimeoutSec\').hasError(\'max\')">\n        {{ \'tb.rulenode.connect-timeout-range\' | translate }}\n      </mat-error>\n    </mat-form-field>\n  </div>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.client-id</mat-label>\n    <input matInput formControlName="clientId">\n  </mat-form-field>\n  <div class="tb-hint client-id" translate>tb.rulenode.client-id-hint</div>\n  <mat-checkbox formControlName="appendClientIdSuffix">\n    {{ \'tb.rulenode.append-client-id-suffix\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint client-id">{{ "tb.rulenode.client-id-suffix-hint" | translate }}</div>\n  <mat-checkbox formControlName="cleanSession">\n    {{ \'tb.rulenode.clean-session\' | translate }}\n  </mat-checkbox>\n  <mat-checkbox formControlName="ssl">\n    {{ \'tb.rulenode.enable-ssl\' | translate }}\n  </mat-checkbox>\n  <tb-credentials-config formControlName="credentials" [passwordFieldRquired]="false"></tb-credentials-config>\n</section>\n',styles:[":host .tb-mqtt-credentials-panel-group{margin:0 6px}:host .tb-hint.client-id{margin-top:-1.25em;max-width:-moz-fit-content;max-width:fit-content}:host mat-checkbox{padding-bottom:16px}\n"],components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:st,selector:"tb-credentials-config",inputs:["required","disableCertPemCredentials","passwordFieldRquired"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.MaxValidator,selector:"input[type=number][max][formControlName],input[type=number][max][formControl],input[type=number][max][ngModel]",inputs:["max"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:mt,decorators:[{type:o,args:[{selector:"tb-action-node-mqtt-config",templateUrl:"./mqtt-config.component.html",styleUrls:["./mqtt-config.component.scss"]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class ut extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.msgCountConfigForm}onConfigurationSet(e){this.msgCountConfigForm=this.fb.group({interval:[e?e.interval:null,[k.required,k.min(1)]],telemetryPrefix:[e?e.telemetryPrefix:null,[k.required]]})}}e("MsgCountConfigComponent",ut),ut.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ut,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),ut.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:ut,selector:"tb-action-node-msg-count-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="msgCountConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.interval-seconds</mat-label>\n    <input required type="number" min="1" step="1" matInput formControlName="interval">\n    <mat-error *ngIf="msgCountConfigForm.get(\'interval\').hasError(\'required\')">\n      {{ \'tb.rulenode.interval-seconds-required\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="msgCountConfigForm.get(\'interval\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-interval-seconds-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.output-timeseries-key-prefix</mat-label>\n    <input required matInput formControlName="telemetryPrefix">\n    <mat-error *ngIf="msgCountConfigForm.get(\'telemetryPrefix\').hasError(\'required\')">\n      {{ \'tb.rulenode.output-timeseries-key-prefix-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ut,decorators:[{type:o,args:[{selector:"tb-action-node-msg-count-config",templateUrl:"./msg-count-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class pt extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.msgDelayConfigForm}onConfigurationSet(e){this.msgDelayConfigForm=this.fb.group({useMetadataPeriodInSecondsPatterns:[!!e&&e.useMetadataPeriodInSecondsPatterns,[]],periodInSeconds:[e?e.periodInSeconds:null,[]],periodInSecondsPattern:[e?e.periodInSecondsPattern:null,[]],maxPendingMsgs:[e?e.maxPendingMsgs:null,[k.required,k.min(1),k.max(1e5)]]})}validatorTriggers(){return["useMetadataPeriodInSecondsPatterns"]}updateValidators(e){this.msgDelayConfigForm.get("useMetadataPeriodInSecondsPatterns").value?(this.msgDelayConfigForm.get("periodInSecondsPattern").setValidators([k.required]),this.msgDelayConfigForm.get("periodInSeconds").setValidators([])):(this.msgDelayConfigForm.get("periodInSecondsPattern").setValidators([]),this.msgDelayConfigForm.get("periodInSeconds").setValidators([k.required,k.min(0)])),this.msgDelayConfigForm.get("periodInSecondsPattern").updateValueAndValidity({emitEvent:e}),this.msgDelayConfigForm.get("periodInSeconds").updateValueAndValidity({emitEvent:e})}}e("MsgDelayConfigComponent",pt),pt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:pt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),pt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:pt,selector:"tb-action-node-msg-delay-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="msgDelayConfigForm" fxLayout="column">\n  <mat-checkbox formControlName="useMetadataPeriodInSecondsPatterns">\n    {{ \'tb.rulenode.use-metadata-period-in-seconds-patterns\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" style="padding-bottom: 16px;" translate>tb.rulenode.use-metadata-period-in-seconds-patterns-hint</div>\n  <mat-form-field *ngIf="msgDelayConfigForm.get(\'useMetadataPeriodInSecondsPatterns\').value !== true; else periodInSecondsPattern"\n                  class="mat-block">\n    <mat-label translate>tb.rulenode.period-seconds</mat-label>\n    <input required type="number" min="0" step="1" matInput formControlName="periodInSeconds">\n    <mat-error *ngIf="msgDelayConfigForm.get(\'periodInSeconds\').hasError(\'required\')">\n      {{ \'tb.rulenode.period-seconds-required\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="msgDelayConfigForm.get(\'periodInSeconds\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-period-0-seconds-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <ng-template #periodInSecondsPattern>\n    <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n      <mat-label translate>tb.rulenode.period-in-seconds-pattern</mat-label>\n      <input required matInput formControlName="periodInSecondsPattern">\n      <mat-error *ngIf="msgDelayConfigForm.get(\'periodInSecondsPattern\').hasError(\'required\')">\n        {{ \'tb.rulenode.period-in-seconds-pattern-required\' | translate }}\n      </mat-error>\n      <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n    </mat-form-field>\n  </ng-template>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.max-pending-messages</mat-label>\n    <input required type="number" min="1" max="100000" step="1" matInput formControlName="maxPendingMsgs">\n    <mat-error *ngIf="msgDelayConfigForm.get(\'maxPendingMsgs\').hasError(\'required\')">\n      {{ \'tb.rulenode.max-pending-messages-required\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="msgDelayConfigForm.get(\'maxPendingMsgs\').hasError(\'min\')">\n      {{ \'tb.rulenode.max-pending-messages-range\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="msgDelayConfigForm.get(\'maxPendingMsgs\').hasError(\'max\')">\n      {{ \'tb.rulenode.max-pending-messages-range\' | translate }}\n    </mat-error>\n  </mat-form-field>\n</section>\n',components:[{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatLabel,selector:"mat-label"},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:q.MaxValidator,selector:"input[type=number][max][formControlName],input[type=number][max][formControl],input[type=number][max][ngModel]",inputs:["max"]}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:pt,decorators:[{type:o,args:[{selector:"tb-action-node-msg-delay-config",templateUrl:"./msg-delay-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class dt extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.pubSubConfigForm}onConfigurationSet(e){this.pubSubConfigForm=this.fb.group({projectId:[e?e.projectId:null,[k.required]],topicName:[e?e.topicName:null,[k.required]],serviceAccountKey:[e?e.serviceAccountKey:null,[k.required]],serviceAccountKeyFileName:[e?e.serviceAccountKeyFileName:null,[k.required]],messageAttributes:[e?e.messageAttributes:null,[]]})}}e("PubSubConfigComponent",dt),dt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:dt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),dt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:dt,selector:"tb-action-node-pub-sub-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="pubSubConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.gcp-project-id</mat-label>\n    <input required matInput formControlName="projectId">\n    <mat-error *ngIf="pubSubConfigForm.get(\'projectId\').hasError(\'required\')">\n      {{ \'tb.rulenode.gcp-project-id-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.pubsub-topic-name</mat-label>\n    <input required matInput formControlName="topicName">\n    <mat-error *ngIf="pubSubConfigForm.get(\'topicName\').hasError(\'required\')">\n      {{ \'tb.rulenode.pubsub-topic-name-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <tb-file-input style="padding-bottom: 24px;"\n                 formControlName="serviceAccountKey"\n                 [existingFileName]="pubSubConfigForm.get(\'serviceAccountKeyFileName\').value"\n                 (fileNameChanged)="pubSubConfigForm.get(\'serviceAccountKeyFileName\').setValue($event)"\n                 required\n                 requiredAsError\n                 label="{{\'tb.rulenode.gcp-service-account-key\' | translate}}"\n                 noFileText="tb.rulenode.no-file"\n                 dropLabel="{{\'tb.rulenode.drop-file\' | translate}}">\n  </tb-file-input>\n  <label translate class="tb-title">tb.rulenode.message-attributes</label>\n  <div class="tb-hint" [innerHTML]="\'tb.rulenode.message-attributes-hint\' | translate | safeHtml"></div>\n  <tb-kv-map-config\n    required="false"\n    formControlName="messageAttributes"\n    keyText="tb.rulenode.name"\n    keyRequiredText="tb.rulenode.name-required"\n    valText="tb.rulenode.value"\n    valRequiredText="tb.rulenode.value-required">\n  </tb-kv-map-config>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:z.FileInputComponent,selector:"tb-file-input",inputs:["label","accept","noFileText","inputId","allowedExtensions","dropLabel","contentConvertFunction","required","requiredAsError","disabled","existingFileName","readAsBinary","workFromFileObj","multipleFile"],outputs:["fileNameChanged"]},{type:nt,selector:"tb-kv-map-config",inputs:["disabled","requiredText","keyText","keyRequiredText","valText","valRequiredText","hintText","required"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:dt,decorators:[{type:o,args:[{selector:"tb-action-node-pub-sub-config",templateUrl:"./pubsub-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class ft extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.attributeScopes=Object.keys(m),this.telemetryTypeTranslationsMap=u}configForm(){return this.pushToCloudConfigForm}onConfigurationSet(e){this.pushToCloudConfigForm=this.fb.group({scope:[e?e.scope:null,[k.required]]})}}e("PushToCloudConfigComponent",ft),ft.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ft,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),ft.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:ft,selector:"tb-action-node-push-to-cloud-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="pushToCloudConfigForm" fxLayout="column">\n  <mat-form-field fxFlex class="mat-block">\n    <mat-label translate>attribute.attributes-scope</mat-label>\n    <mat-select formControlName="scope" required>\n      <mat-option *ngFor="let scope of attributeScopes" [value]="scope">\n        {{ telemetryTypeTranslationsMap.get(scope) | translate }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ft,decorators:[{type:o,args:[{selector:"tb-action-node-push-to-cloud-config",templateUrl:"./push-to-cloud-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class ct extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.attributeScopes=Object.keys(m),this.telemetryTypeTranslationsMap=u}configForm(){return this.pushToEdgeConfigForm}onConfigurationSet(e){this.pushToEdgeConfigForm=this.fb.group({scope:[e?e.scope:null,[k.required]]})}}e("PushToEdgeConfigComponent",ct),ct.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ct,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),ct.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:ct,selector:"tb-action-node-push-to-edge-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="pushToEdgeConfigForm" fxLayout="column">\n  <mat-form-field fxFlex class="mat-block">\n    <mat-label translate>attribute.attributes-scope</mat-label>\n    <mat-select formControlName="scope" required>\n      <mat-option *ngFor="let scope of attributeScopes" [value]="scope">\n        {{ telemetryTypeTranslationsMap.get(scope) | translate }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ct,decorators:[{type:o,args:[{selector:"tb-action-node-push-to-edge-config",templateUrl:"./push-to-edge-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class gt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.messageProperties=[null,"BASIC","TEXT_PLAIN","MINIMAL_BASIC","MINIMAL_PERSISTENT_BASIC","PERSISTENT_BASIC","PERSISTENT_TEXT_PLAIN"]}configForm(){return this.rabbitMqConfigForm}onConfigurationSet(e){this.rabbitMqConfigForm=this.fb.group({exchangeNamePattern:[e?e.exchangeNamePattern:null,[]],routingKeyPattern:[e?e.routingKeyPattern:null,[]],messageProperties:[e?e.messageProperties:null,[]],host:[e?e.host:null,[k.required]],port:[e?e.port:null,[k.required,k.min(1),k.max(65535)]],virtualHost:[e?e.virtualHost:null,[]],username:[e?e.username:null,[]],password:[e?e.password:null,[]],automaticRecoveryEnabled:[!!e&&e.automaticRecoveryEnabled,[]],connectionTimeout:[e?e.connectionTimeout:null,[k.min(0)]],handshakeTimeout:[e?e.handshakeTimeout:null,[k.min(0)]],clientProperties:[e?e.clientProperties:null,[]]})}}e("RabbitMqConfigComponent",gt),gt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:gt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),gt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:gt,selector:"tb-action-node-rabbit-mq-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="rabbitMqConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.exchange-name-pattern</mat-label>\n    <input matInput formControlName="exchangeNamePattern">\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.routing-key-pattern</mat-label>\n    <input matInput formControlName="routingKeyPattern">\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.message-properties</mat-label>\n    <mat-select formControlName="messageProperties">\n      <mat-option *ngFor="let property of messageProperties" [value]="property">\n        {{ property }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n  <div fxLayout.gt-sm="row" fxLayoutGap.gt-sm="8px">\n    <mat-form-field fxFlex="100" fxFlex.gt-sm="60" class="mat-block">\n      <mat-label translate>tb.rulenode.host</mat-label>\n      <input required matInput formControlName="host">\n      <mat-error *ngIf="rabbitMqConfigForm.get(\'host\').hasError(\'required\')">\n        {{ \'tb.rulenode.host-required\' | translate }}\n      </mat-error>\n    </mat-form-field>\n    <mat-form-field fxFlex="100" fxFlex.gt-sm="40" class="mat-block">\n      <mat-label translate>tb.rulenode.port</mat-label>\n      <input required type="number" step="1" min="1" max="65535" matInput formControlName="port">\n      <mat-error *ngIf="rabbitMqConfigForm.get(\'port\').hasError(\'required\')">\n        {{ \'tb.rulenode.port-required\' | translate }}\n      </mat-error>\n      <mat-error *ngIf="rabbitMqConfigForm.get(\'port\').hasError(\'min\')">\n        {{ \'tb.rulenode.port-range\' | translate }}\n      </mat-error>\n      <mat-error *ngIf="rabbitMqConfigForm.get(\'port\').hasError(\'max\')">\n        {{ \'tb.rulenode.port-range\' | translate }}\n      </mat-error>\n    </mat-form-field>\n  </div>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.virtual-host</mat-label>\n    <input matInput formControlName="virtualHost">\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.username</mat-label>\n    <input matInput formControlName="username">\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.password</mat-label>\n    <input type="password" matInput formControlName="password">\n    <tb-toggle-password matSuffix></tb-toggle-password>\n  </mat-form-field>\n  <mat-checkbox formControlName="automaticRecoveryEnabled" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.automatic-recovery\' | translate }}\n  </mat-checkbox>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.connection-timeout-ms</mat-label>\n    <input type="number" step="1" min="0" matInput formControlName="connectionTimeout">\n    <mat-error *ngIf="rabbitMqConfigForm.get(\'connectionTimeout\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-connection-timeout-ms-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.handshake-timeout-ms</mat-label>\n    <input type="number" step="1" min="0" matInput formControlName="handshakeTimeout">\n    <mat-error *ngIf="rabbitMqConfigForm.get(\'handshakeTimeout\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-handshake-timeout-ms-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <label translate class="tb-title">tb.rulenode.client-properties</label>\n  <tb-kv-map-config\n    required="false"\n    formControlName="clientProperties"\n    keyText="tb.rulenode.key"\n    keyRequiredText="tb.rulenode.key-required"\n    valText="tb.rulenode.value"\n    valRequiredText="tb.rulenode.value-required">\n  </tb-kv-map-config>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:j.TogglePasswordComponent,selector:"tb-toggle-password"},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:nt,selector:"tb-kv-map-config",inputs:["disabled","requiredText","keyText","keyRequiredText","valText","valRequiredText","hintText","required"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.MaxValidator,selector:"input[type=number][max][formControlName],input[type=number][max][formControl],input[type=number][max][ngModel]",inputs:["max"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"},{type:D.MatSuffix,selector:"[matSuffix]"}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:gt,decorators:[{type:o,args:[{selector:"tb-action-node-rabbit-mq-config",templateUrl:"./rabbit-mq-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class xt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.proxySchemes=["http","https"],this.httpRequestTypes=Object.keys(Qe)}configForm(){return this.restApiCallConfigForm}onConfigurationSet(e){this.restApiCallConfigForm=this.fb.group({restEndpointUrlPattern:[e?e.restEndpointUrlPattern:null,[k.required]],requestMethod:[e?e.requestMethod:null,[k.required]],useSimpleClientHttpFactory:[!!e&&e.useSimpleClientHttpFactory,[]],ignoreRequestBody:[!!e&&e.ignoreRequestBody,[]],enableProxy:[!!e&&e.enableProxy,[]],useSystemProxyProperties:[!!e&&e.enableProxy,[]],proxyScheme:[e?e.proxyHost:null,[]],proxyHost:[e?e.proxyHost:null,[]],proxyPort:[e?e.proxyPort:null,[]],proxyUser:[e?e.proxyUser:null,[]],proxyPassword:[e?e.proxyPassword:null,[]],readTimeoutMs:[e?e.readTimeoutMs:null,[]],maxParallelRequestsCount:[e?e.maxParallelRequestsCount:null,[k.min(0)]],headers:[e?e.headers:null,[]],useRedisQueueForMsgPersistence:[!!e&&e.useRedisQueueForMsgPersistence,[]],trimQueue:[!!e&&e.trimQueue,[]],maxQueueSize:[e?e.maxQueueSize:null,[]],credentials:[e?e.credentials:null,[]]})}validatorTriggers(){return["useSimpleClientHttpFactory","useRedisQueueForMsgPersistence","enableProxy","useSystemProxyProperties"]}updateValidators(e){const t=this.restApiCallConfigForm.get("useSimpleClientHttpFactory").value,o=this.restApiCallConfigForm.get("useRedisQueueForMsgPersistence").value,r=this.restApiCallConfigForm.get("enableProxy").value,a=this.restApiCallConfigForm.get("useSystemProxyProperties").value;r&&!a?(this.restApiCallConfigForm.get("proxyHost").setValidators(r?[k.required]:[]),this.restApiCallConfigForm.get("proxyPort").setValidators(r?[k.required,k.min(1),k.max(65535)]:[])):(this.restApiCallConfigForm.get("proxyHost").setValidators([]),this.restApiCallConfigForm.get("proxyPort").setValidators([]),t?this.restApiCallConfigForm.get("readTimeoutMs").setValidators([]):this.restApiCallConfigForm.get("readTimeoutMs").setValidators([k.min(0)])),o?this.restApiCallConfigForm.get("maxQueueSize").setValidators([k.min(0)]):this.restApiCallConfigForm.get("maxQueueSize").setValidators([]),this.restApiCallConfigForm.get("readTimeoutMs").updateValueAndValidity({emitEvent:e}),this.restApiCallConfigForm.get("maxQueueSize").updateValueAndValidity({emitEvent:e}),this.restApiCallConfigForm.get("proxyHost").updateValueAndValidity({emitEvent:e}),this.restApiCallConfigForm.get("proxyPort").updateValueAndValidity({emitEvent:e}),this.restApiCallConfigForm.get("credentials").updateValueAndValidity({emitEvent:e})}}e("RestApiCallConfigComponent",xt),xt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:xt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),xt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:xt,selector:"tb-action-node-rest-api-call-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="restApiCallConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.endpoint-url-pattern</mat-label>\n    <input required matInput formControlName="restEndpointUrlPattern">\n    <mat-error *ngIf="restApiCallConfigForm.get(\'restEndpointUrlPattern\').hasError(\'required\')">\n      {{ \'tb.rulenode.endpoint-url-pattern-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.request-method</mat-label>\n    <mat-select formControlName="requestMethod">\n      <mat-option *ngFor="let requestType of httpRequestTypes" [value]="requestType">\n        {{ requestType }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n  <mat-checkbox formControlName="enableProxy" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.enable-proxy\' | translate }}\n  </mat-checkbox>\n  <mat-checkbox *ngIf="!restApiCallConfigForm.get(\'enableProxy\').value" formControlName="useSimpleClientHttpFactory" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.use-simple-client-http-factory\' | translate }}\n  </mat-checkbox>\n  <mat-checkbox formControlName="ignoreRequestBody" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.ignore-request-body\' | translate }}\n  </mat-checkbox>\n  <div *ngIf="restApiCallConfigForm.get(\'enableProxy\').value">\n    <mat-checkbox formControlName="useSystemProxyProperties" style="padding-bottom: 16px;">\n      {{ \'tb.rulenode.use-system-proxy-properties\' | translate }}\n    </mat-checkbox>\n    <div *ngIf="!restApiCallConfigForm.get(\'useSystemProxyProperties\').value">\n      <div fxLayout.gt-sm="row" fxLayoutGap.gt-sm="8px">\n        <mat-form-field class="mat-block" fxFlex="100" fxFlex.gt-sm="10">\n          <mat-label translate>tb.rulenode.proxy-scheme</mat-label>\n          <mat-select formControlName="proxyScheme">\n            <mat-option *ngFor="let proxyScheme of proxySchemes" [value]="proxyScheme">\n              {{ proxyScheme }}\n            </mat-option>\n          </mat-select>\n        </mat-form-field>\n        <mat-form-field class="md-block" fxFlex="100" fxFlex.gt-sm="50">\n          <mat-label translate>tb.rulenode.proxy-host</mat-label>\n          <input matInput required formControlName="proxyHost">\n          <mat-error *ngIf="restApiCallConfigForm.get(\'proxyHost\').hasError(\'required\')">\n            {{ \'tb.rulenode.proxy-host-required\' | translate }}\n          </mat-error>\n        </mat-form-field>\n        <mat-form-field class="mat-block" fxFlex="100" fxFlex.gt-sm="40">\n          <mat-label translate>tb.rulenode.proxy-port</mat-label>\n          <input matInput required formControlName="proxyPort" type="number" step="1">\n          <mat-error *ngIf="restApiCallConfigForm.get(\'proxyPort\').hasError(\'required\')">\n            {{ \'tb.rulenode.proxy-port-required\' | translate }}\n          </mat-error>\n          <mat-error\n            *ngIf="restApiCallConfigForm.get(\'proxyPort\').hasError(\'min\') || restApiCallConfigForm.get(\'proxyPort\').hasError(\'max\')">\n            {{ \'tb.rulenode.proxy-port-range\' | translate }}\n          </mat-error>\n        </mat-form-field>\n      </div>\n      <mat-form-field class="mat-block">\n        <mat-label translate>tb.rulenode.proxy-user</mat-label>\n        <input matInput formControlName="proxyUser">\n      </mat-form-field>\n      <mat-form-field class="mat-block">\n        <mat-label translate>tb.rulenode.proxy-password</mat-label>\n        <input matInput formControlName="proxyPassword">\n      </mat-form-field>\n    </div>\n  </div>\n  <mat-form-field *ngIf="!restApiCallConfigForm.get(\'useSimpleClientHttpFactory\').value || restApiCallConfigForm.get(\'enableProxy\').value" class="mat-block"\n                  style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.read-timeout</mat-label>\n    <input type="number" step="1" min="0" matInput formControlName="readTimeoutMs">\n    <mat-hint translate>tb.rulenode.read-timeout-hint</mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.max-parallel-requests-count</mat-label>\n    <input type="number" step="1" min="0" matInput formControlName="maxParallelRequestsCount">\n    <mat-hint translate>tb.rulenode.max-parallel-requests-count-hint</mat-hint>\n  </mat-form-field>\n  <label translate class="tb-title">tb.rulenode.headers</label>\n  <div class="tb-hint" [innerHTML]="\'tb.rulenode.headers-hint\' | translate | safeHtml"></div>\n  <tb-kv-map-config\n    required="false"\n    formControlName="headers"\n    keyText="tb.rulenode.header"\n    keyRequiredText="tb.rulenode.header-required"\n    valText="tb.rulenode.value"\n    valRequiredText="tb.rulenode.value-required">\n  </tb-kv-map-config>\n  <mat-checkbox formControlName="useRedisQueueForMsgPersistence" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.use-redis-queue\' | translate }}\n  </mat-checkbox>\n  <div fxLayout="column" *ngIf="restApiCallConfigForm.get(\'useRedisQueueForMsgPersistence\').value === true">\n    <mat-checkbox formControlName="trimQueue" style="padding-bottom: 16px;">\n      {{ \'tb.rulenode.trim-redis-queue\' | translate }}\n    </mat-checkbox>\n    <mat-form-field class="mat-block">\n      <mat-label translate>tb.rulenode.redis-queue-max-size</mat-label>\n      <input type="number" step="1" min="0" matInput formControlName="maxQueueSize">\n    </mat-form-field>\n  </div>\n  <tb-credentials-config formControlName="credentials" [disableCertPemCredentials]="restApiCallConfigForm.get(\'useSimpleClientHttpFactory\').value"></tb-credentials-config>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:nt,selector:"tb-kv-map-config",inputs:["disabled","requiredText","keyText","keyRequiredText","valText","valRequiredText","hintText","required"]},{type:st,selector:"tb-credentials-config",inputs:["required","disableCertPemCredentials","passwordFieldRquired"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:xt,decorators:[{type:o,args:[{selector:"tb-action-node-rest-api-call-config",templateUrl:"./rest-api-call-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class yt extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.rpcReplyConfigForm}onConfigurationSet(e){this.rpcReplyConfigForm=this.fb.group({requestIdMetaDataAttribute:[e?e.requestIdMetaDataAttribute:null,[]]})}}e("RpcReplyConfigComponent",yt),yt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:yt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),yt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:yt,selector:"tb-action-node-rpc-reply-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="rpcReplyConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.request-id-metadata-attribute</mat-label>\n    <input matInput formControlName="requestIdMetaDataAttribute">\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]}]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:yt,decorators:[{type:o,args:[{selector:"tb-action-node-rpc-reply-config",templateUrl:"./rpc-reply-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class bt extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.rpcRequestConfigForm}onConfigurationSet(e){this.rpcRequestConfigForm=this.fb.group({timeoutInSeconds:[e?e.timeoutInSeconds:null,[k.required,k.min(0)]]})}}e("RpcRequestConfigComponent",bt),bt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:bt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),bt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:bt,selector:"tb-action-node-rpc-request-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="rpcRequestConfigForm" fxLayout="column">\n  <mat-form-field fxFlex class="mat-block">\n    <mat-label translate>tb.rulenode.timeout-sec</mat-label>\n    <input type="number" min="0" step="1" matInput formControlName="timeoutInSeconds" required>\n    <mat-error *ngIf="rpcRequestConfigForm.get(\'timeoutInSeconds\').hasError(\'required\')">\n      {{ \'tb.rulenode.timeout-required\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="rpcRequestConfigForm.get(\'timeoutInSeconds\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-timeout-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:bt,decorators:[{type:o,args:[{selector:"tb-action-node-rpc-request-config",templateUrl:"./rpc-request-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class ht extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.saveToCustomTableConfigForm}onConfigurationSet(e){this.saveToCustomTableConfigForm=this.fb.group({tableName:[e?e.tableName:null,[k.required,k.pattern(/.*\S.*/)]],fieldsMapping:[e?e.fieldsMapping:null,[k.required]]})}prepareOutputConfig(e){return e.tableName=e.tableName.trim(),e}}e("SaveToCustomTableConfigComponent",ht),ht.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ht,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),ht.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:ht,selector:"tb-action-node-custom-table-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="saveToCustomTableConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.custom-table-name</mat-label>\n    <input required matInput formControlName="tableName">\n    <mat-error *ngIf="saveToCustomTableConfigForm.get(\'tableName\').hasError(\'required\') ||\n                      saveToCustomTableConfigForm.get(\'tableName\').hasError(\'pattern\')">\n      {{ \'tb.rulenode.custom-table-name-required\' | translate }}\n    </mat-error>\n    <mat-hint translate>tb.rulenode.custom-table-hint</mat-hint>\n  </mat-form-field>\n  <label translate class="tb-title tb-required">tb.rulenode.fields-mapping</label>\n  <tb-kv-map-config\n    required\n    formControlName="fieldsMapping"\n    requiredText="tb.rulenode.fields-mapping-required"\n    keyText="tb.rulenode.message-field"\n    keyRequiredText="tb.rulenode.message-field-required"\n    valText="tb.rulenode.table-col"\n    valRequiredText="tb.rulenode.table-col-required">\n  </tb-kv-map-config>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:nt,selector:"tb-kv-map-config",inputs:["disabled","requiredText","keyText","keyRequiredText","valText","valRequiredText","hintText","required"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ht,decorators:[{type:o,args:[{selector:"tb-action-node-custom-table-config",templateUrl:"./save-to-custom-table-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Ct extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.smtpProtocols=["smtp","smtps"],this.tlsVersions=["TLSv1","TLSv1.1","TLSv1.2","TLSv1.3"]}configForm(){return this.sendEmailConfigForm}onConfigurationSet(e){this.sendEmailConfigForm=this.fb.group({useSystemSmtpSettings:[!!e&&e.useSystemSmtpSettings,[]],smtpProtocol:[e?e.smtpProtocol:null,[]],smtpHost:[e?e.smtpHost:null,[]],smtpPort:[e?e.smtpPort:null,[]],timeout:[e?e.timeout:null,[]],enableTls:[!!e&&e.enableTls,[]],tlsVersion:[e?e.tlsVersion:null,[]],enableProxy:[!!e&&e.enableProxy,[]],proxyHost:[e?e.proxyHost:null,[]],proxyPort:[e?e.proxyPort:null,[]],proxyUser:[e?e.proxyUser:null,[]],proxyPassword:[e?e.proxyPassword:null,[]],username:[e?e.username:null,[]],password:[e?e.password:null,[]]})}validatorTriggers(){return["useSystemSmtpSettings","enableProxy"]}updateValidators(e){const t=this.sendEmailConfigForm.get("useSystemSmtpSettings").value,o=this.sendEmailConfigForm.get("enableProxy").value;t?(this.sendEmailConfigForm.get("smtpProtocol").setValidators([]),this.sendEmailConfigForm.get("smtpHost").setValidators([]),this.sendEmailConfigForm.get("smtpPort").setValidators([]),this.sendEmailConfigForm.get("timeout").setValidators([]),this.sendEmailConfigForm.get("proxyHost").setValidators([]),this.sendEmailConfigForm.get("proxyPort").setValidators([])):(this.sendEmailConfigForm.get("smtpProtocol").setValidators([k.required]),this.sendEmailConfigForm.get("smtpHost").setValidators([k.required]),this.sendEmailConfigForm.get("smtpPort").setValidators([k.required,k.min(1),k.max(65535)]),this.sendEmailConfigForm.get("timeout").setValidators([k.required,k.min(0)]),this.sendEmailConfigForm.get("proxyHost").setValidators(o?[k.required]:[]),this.sendEmailConfigForm.get("proxyPort").setValidators(o?[k.required,k.min(1),k.max(65535)]:[])),this.sendEmailConfigForm.get("smtpProtocol").updateValueAndValidity({emitEvent:e}),this.sendEmailConfigForm.get("smtpHost").updateValueAndValidity({emitEvent:e}),this.sendEmailConfigForm.get("smtpPort").updateValueAndValidity({emitEvent:e}),this.sendEmailConfigForm.get("timeout").updateValueAndValidity({emitEvent:e}),this.sendEmailConfigForm.get("proxyHost").updateValueAndValidity({emitEvent:e}),this.sendEmailConfigForm.get("proxyPort").updateValueAndValidity({emitEvent:e})}}e("SendEmailConfigComponent",Ct),Ct.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ct,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Ct.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Ct,selector:"tb-action-node-send-email-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="sendEmailConfigForm" fxLayout="column">\n  <mat-checkbox formControlName="useSystemSmtpSettings" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.use-system-smtp-settings\' | translate }}\n  </mat-checkbox>\n  <section fxLayout="column" *ngIf="sendEmailConfigForm.get(\'useSystemSmtpSettings\').value === false">\n    <mat-form-field class="mat-block">\n      <mat-label translate>tb.rulenode.smtp-protocol</mat-label>\n      <mat-select formControlName="smtpProtocol">\n        <mat-option *ngFor="let smtpProtocol of smtpProtocols" [value]="smtpProtocol">\n          {{ smtpProtocol.toUpperCase() }}\n        </mat-option>\n      </mat-select>\n    </mat-form-field>\n    <div fxLayout.gt-sm="row" fxLayoutGap.gt-sm="8px">\n      <mat-form-field fxFlex="100" fxFlex.gt-sm="60" class="mat-block">\n        <mat-label translate>tb.rulenode.smtp-host</mat-label>\n        <input required matInput formControlName="smtpHost">\n        <mat-error *ngIf="sendEmailConfigForm.get(\'smtpHost\').hasError(\'required\')">\n          {{ \'tb.rulenode.smtp-host-required\' | translate }}\n        </mat-error>\n      </mat-form-field>\n      <mat-form-field fxFlex="100" fxFlex.gt-sm="40" class="mat-block">\n        <mat-label translate>tb.rulenode.smtp-port</mat-label>\n        <input required type="number" step="1" min="1" max="65535" matInput formControlName="smtpPort">\n        <mat-error *ngIf="sendEmailConfigForm.get(\'smtpPort\').hasError(\'required\')">\n          {{ \'tb.rulenode.smtp-port-required\' | translate }}\n        </mat-error>\n        <mat-error *ngIf="sendEmailConfigForm.get(\'smtpPort\').hasError(\'min\')">\n          {{ \'tb.rulenode.smtp-port-range\' | translate }}\n        </mat-error>\n        <mat-error *ngIf="sendEmailConfigForm.get(\'smtpPort\').hasError(\'max\')">\n          {{ \'tb.rulenode.smtp-port-range\' | translate }}\n        </mat-error>\n      </mat-form-field>\n    </div>\n    <mat-form-field class="mat-block">\n      <mat-label translate>tb.rulenode.timeout-msec</mat-label>\n      <input required type="number" step="1" min="0" matInput formControlName="timeout">\n      <mat-error *ngIf="sendEmailConfigForm.get(\'timeout\').hasError(\'required\')">\n        {{ \'tb.rulenode.timeout-required\' | translate }}\n      </mat-error>\n      <mat-error *ngIf="sendEmailConfigForm.get(\'timeout\').hasError(\'min\')">\n        {{ \'tb.rulenode.min-timeout-msec-message\' | translate }}\n      </mat-error>\n    </mat-form-field>\n    <mat-checkbox formControlName="enableTls" style="padding-bottom: 16px;">\n      {{ \'tb.rulenode.enable-tls\' | translate }}\n    </mat-checkbox>\n    <mat-form-field class="mat-block" *ngIf="sendEmailConfigForm.get(\'enableTls\').value === true">\n      <mat-label translate>tb.rulenode.tls-version</mat-label>\n      <mat-select formControlName="tlsVersion">\n        <mat-option *ngFor="let tlsVersion of tlsVersions" [value]="tlsVersion">\n          {{ tlsVersion }}\n        </mat-option>\n      </mat-select>\n    </mat-form-field>\n    <tb-checkbox formControlName="enableProxy" style="display: block; padding-bottom: 16px;">\n      {{ \'tb.rulenode.enable-proxy\' | translate }}\n    </tb-checkbox>\n    <div *ngIf="sendEmailConfigForm.get(\'enableProxy\').value">\n      <div fxLayout.gt-sm="row" fxLayoutGap.gt-sm="8px">\n        <mat-form-field class="mat-block" fxFlex="100" fxFlex.gt-sm="60">\n          <mat-label translate>tb.rulenode.proxy-host</mat-label>\n          <input matInput required formControlName="proxyHost">\n          <mat-error *ngIf="sendEmailConfigForm.get(\'proxyHost\').hasError(\'required\')">\n            {{ \'tb.rulenode.proxy-host-required\' | translate }}\n          </mat-error>\n        </mat-form-field>\n        <mat-form-field class="mat-block" fxFlex="100" fxFlex.gt-sm="40">\n          <mat-label translate>tb.rulenode.proxy-port</mat-label>\n          <input matInput required formControlName="proxyPort" type="number" step="1" min="1" max="65535">\n          <mat-error *ngIf="sendEmailConfigForm.get(\'proxyPort\').hasError(\'required\')">\n            {{ \'tb.rulenode.proxy-port-required\' | translate }}\n          </mat-error>\n          <mat-error *ngIf="sendEmailConfigForm.get(\'proxyPort\').hasError(\'min\') || sendEmailConfigForm.get(\'proxyPort\').hasError(\'max\')">\n            {{ \'tb.rulenode.proxy-port-range\' | translate }}\n          </mat-error>\n        </mat-form-field>\n      </div>\n      <mat-form-field class="mat-block">\n        <mat-label translate>tb.rulenode.proxy-user</mat-label>\n        <input matInput formControlName="proxyUser">\n      </mat-form-field>\n      <mat-form-field class="mat-block">\n        <mat-label translate>tb.rulenode.proxy-password</mat-label>\n        <input matInput formControlName="proxyPassword">\n      </mat-form-field>\n    </div>\n    <mat-form-field class="mat-block" floatLabel="always">\n      <mat-label translate>tb.rulenode.username</mat-label>\n      <input matInput placeholder="{{ \'tb.rulenode.enter-username\' | translate }}" formControlName="username">\n    </mat-form-field>\n    <mat-form-field class="mat-block" floatLabel="always">\n      <mat-label translate>tb.rulenode.password</mat-label>\n      <input matInput type="password" placeholder="{{ \'tb.rulenode.enter-password\' | translate }}" formControlName="password">\n      <tb-toggle-password matSuffix></tb-toggle-password>\n    </mat-form-field>\n  </section>\n</section>\n',components:[{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:ce.TbCheckboxComponent,selector:"tb-checkbox",inputs:["disabled","trueValue","falseValue"],outputs:["valueChange"]},{type:j.TogglePasswordComponent,selector:"tb-toggle-password"}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.MaxValidator,selector:"input[type=number][max][formControlName],input[type=number][max][formControl],input[type=number][max][ngModel]",inputs:["max"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"},{type:D.MatSuffix,selector:"[matSuffix]"}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ct,decorators:[{type:o,args:[{selector:"tb-action-node-send-email-config",templateUrl:"./send-email-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Ft extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.sendSmsConfigForm}onConfigurationSet(e){this.sendSmsConfigForm=this.fb.group({numbersToTemplate:[e?e.numbersToTemplate:null,[k.required]],smsMessageTemplate:[e?e.smsMessageTemplate:null,[k.required]],useSystemSmsSettings:[!!e&&e.useSystemSmsSettings,[]],smsProviderConfiguration:[e?e.smsProviderConfiguration:null,[]]})}validatorTriggers(){return["useSystemSmsSettings"]}updateValidators(e){this.sendSmsConfigForm.get("useSystemSmsSettings").value?this.sendSmsConfigForm.get("smsProviderConfiguration").setValidators([]):this.sendSmsConfigForm.get("smsProviderConfiguration").setValidators([k.required]),this.sendSmsConfigForm.get("smsProviderConfiguration").updateValueAndValidity({emitEvent:e})}}e("SendSmsConfigComponent",Ft),Ft.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ft,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Ft.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Ft,selector:"tb-action-node-send-sms-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="sendSmsConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" style="padding-bottom: 24px;">\n    <mat-label translate>tb.rulenode.numbers-to-template</mat-label>\n    <input required matInput formControlName="numbersToTemplate">\n    <mat-error *ngIf="sendSmsConfigForm.get(\'numbersToTemplate\').hasError(\'required\')">\n      {{ \'tb.rulenode.numbers-to-template-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.numbers-to-template-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block" style="padding-bottom: 8px;">\n    <mat-label translate>tb.rulenode.sms-message-template</mat-label>\n    <textarea required matInput formControlName="smsMessageTemplate" rows="6"></textarea>\n    <mat-error *ngIf="sendSmsConfigForm.get(\'smsMessageTemplate\').hasError(\'required\')">\n      {{ \'tb.rulenode.sms-message-template-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-checkbox formControlName="useSystemSmsSettings" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.use-system-sms-settings\' | translate }}\n  </mat-checkbox>\n  <tb-sms-provider-configuration\n    *ngIf="sendSmsConfigForm.get(\'useSystemSmsSettings\').value === false"\n    formControlName="smsProviderConfiguration"\n    required>\n  </tb-sms-provider-configuration>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:ge.SmsProviderConfigurationComponent,selector:"tb-sms-provider-configuration",inputs:["required","disabled"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ft,decorators:[{type:o,args:[{selector:"tb-action-node-send-sms-config",templateUrl:"./send-sms-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Lt extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.snsConfigForm}onConfigurationSet(e){this.snsConfigForm=this.fb.group({topicArnPattern:[e?e.topicArnPattern:null,[k.required]],accessKeyId:[e?e.accessKeyId:null,[k.required]],secretAccessKey:[e?e.secretAccessKey:null,[k.required]],region:[e?e.region:null,[k.required]]})}}e("SnsConfigComponent",Lt),Lt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Lt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Lt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Lt,selector:"tb-action-node-sns-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="snsConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" style="padding-bottom: 8px;">\n    <mat-label translate>tb.rulenode.topic-arn-pattern</mat-label>\n    <input required matInput formControlName="topicArnPattern">\n    <mat-error *ngIf="snsConfigForm.get(\'topicArnPattern\').hasError(\'required\')">\n      {{ \'tb.rulenode.topic-arn-pattern-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.aws-access-key-id</mat-label>\n    <input required matInput formControlName="accessKeyId">\n    <mat-error *ngIf="snsConfigForm.get(\'accessKeyId\').hasError(\'required\')">\n      {{ \'tb.rulenode.aws-access-key-id-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.aws-secret-access-key</mat-label>\n    <input required matInput formControlName="secretAccessKey">\n    <mat-error *ngIf="snsConfigForm.get(\'secretAccessKey\').hasError(\'required\')">\n      {{ \'tb.rulenode.aws-secret-access-key-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.aws-region</mat-label>\n    <input required matInput formControlName="region">\n    <mat-error *ngIf="snsConfigForm.get(\'region\').hasError(\'required\')">\n      {{ \'tb.rulenode.aws-region-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Lt,decorators:[{type:o,args:[{selector:"tb-action-node-sns-config",templateUrl:"./sns-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class vt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.sqsQueueType=Ue,this.sqsQueueTypes=Object.keys(Ue),this.sqsQueueTypeTranslationsMap=Ke}configForm(){return this.sqsConfigForm}onConfigurationSet(e){this.sqsConfigForm=this.fb.group({queueType:[e?e.queueType:null,[k.required]],queueUrlPattern:[e?e.queueUrlPattern:null,[k.required]],delaySeconds:[e?e.delaySeconds:null,[k.min(0),k.max(900)]],messageAttributes:[e?e.messageAttributes:null,[]],accessKeyId:[e?e.accessKeyId:null,[k.required]],secretAccessKey:[e?e.secretAccessKey:null,[k.required]],region:[e?e.region:null,[k.required]]})}}e("SqsConfigComponent",vt),vt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:vt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),vt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:vt,selector:"tb-action-node-sqs-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="sqsConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.queue-type</mat-label>\n    <mat-select formControlName="queueType" required>\n      <mat-option *ngFor="let type of sqsQueueTypes" [value]="type">\n        {{ sqsQueueTypeTranslationsMap.get(type) | translate }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n  <mat-form-field class="mat-block" style="padding-bottom: 8px;">\n    <mat-label translate>tb.rulenode.queue-url-pattern</mat-label>\n    <input required matInput formControlName="queueUrlPattern">\n    <mat-error *ngIf="sqsConfigForm.get(\'queueUrlPattern\').hasError(\'required\')">\n      {{ \'tb.rulenode.queue-url-pattern-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field *ngIf="sqsConfigForm.get(\'queueType\').value === sqsQueueType.STANDARD" class="mat-block">\n    <mat-label translate>tb.rulenode.delay-seconds</mat-label>\n    <input required type="number" min="0" max="900" step="1" matInput formControlName="delaySeconds">\n    <mat-error *ngIf="sqsConfigForm.get(\'delaySeconds\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-delay-seconds-message\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="sqsConfigForm.get(\'delaySeconds\').hasError(\'max\')">\n      {{ \'tb.rulenode.max-delay-seconds-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <label translate class="tb-title">tb.rulenode.message-attributes</label>\n  <div class="tb-hint" [innerHTML]="\'tb.rulenode.message-attributes-hint\' | translate | safeHtml"></div>\n  <tb-kv-map-config\n    required="false"\n    formControlName="messageAttributes"\n    keyText="tb.rulenode.name"\n    keyRequiredText="tb.rulenode.name-required"\n    valText="tb.rulenode.value"\n    valRequiredText="tb.rulenode.value-required">\n  </tb-kv-map-config>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.aws-access-key-id</mat-label>\n    <input required matInput formControlName="accessKeyId">\n    <mat-error *ngIf="sqsConfigForm.get(\'accessKeyId\').hasError(\'required\')">\n      {{ \'tb.rulenode.aws-access-key-id-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.aws-secret-access-key</mat-label>\n    <input required matInput formControlName="secretAccessKey">\n    <mat-error *ngIf="sqsConfigForm.get(\'secretAccessKey\').hasError(\'required\')">\n      {{ \'tb.rulenode.aws-secret-access-key-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.aws-region</mat-label>\n    <input required matInput formControlName="region">\n    <mat-error *ngIf="sqsConfigForm.get(\'region\').hasError(\'required\')">\n      {{ \'tb.rulenode.aws-region-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:nt,selector:"tb-kv-map-config",inputs:["disabled","requiredText","keyText","keyRequiredText","valText","valRequiredText","hintText","required"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.MaxValidator,selector:"input[type=number][max][formControlName],input[type=number][max][formControl],input[type=number][max][ngModel]",inputs:["max"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:vt,decorators:[{type:o,args:[{selector:"tb-action-node-sqs-config",templateUrl:"./sqs-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class It extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.timeseriesConfigForm}onConfigurationSet(e){this.timeseriesConfigForm=this.fb.group({defaultTTL:[e?e.defaultTTL:null,[k.required,k.min(0)]],skipLatestPersistence:[!!e&&e.skipLatestPersistence,[]],useServerTs:[!!e&&e.useServerTs,[]]})}}e("TimeseriesConfigComponent",It),It.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:It,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),It.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:It,selector:"tb-action-node-timeseries-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="timeseriesConfigForm" fxLayout="column">\n  <mat-form-field fxFlex class="mat-block">\n    <mat-label translate>tb.rulenode.default-ttl</mat-label>\n    <input type="number" min="0" step="1" matInput formControlName="defaultTTL" required>\n    <mat-error *ngIf="timeseriesConfigForm.get(\'defaultTTL\').hasError(\'required\')">\n      {{ \'tb.rulenode.default-ttl-required\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="timeseriesConfigForm.get(\'defaultTTL\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-default-ttl-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-checkbox fxFlex formControlName="skipLatestPersistence" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.skip-latest-persistence\' | translate }}\n  </mat-checkbox>\n  <mat-checkbox fxFlex formControlName="useServerTs">\n    {{ \'tb.rulenode.use-server-ts\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" style="padding-bottom: 16px;" translate>tb.rulenode.use-server-ts-hint</div>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:It,decorators:[{type:o,args:[{selector:"tb-action-node-timeseries-config",templateUrl:"./timeseries-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Nt extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.unassignCustomerConfigForm}onConfigurationSet(e){this.unassignCustomerConfigForm=this.fb.group({customerNamePattern:[e?e.customerNamePattern:null,[k.required,k.pattern(/.*\S.*/)]],customerCacheExpiration:[e?e.customerCacheExpiration:null,[k.required,k.min(0)]]})}prepareOutputConfig(e){return e.customerNamePattern=e.customerNamePattern.trim(),e}}e("UnassignCustomerConfigComponent",Nt),Nt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Nt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Nt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Nt,selector:"tb-action-node-un-assign-to-customer-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="unassignCustomerConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.customer-name-pattern</mat-label>\n    <input required matInput formControlName="customerNamePattern">\n    <mat-error *ngIf="unassignCustomerConfigForm.get(\'customerNamePattern\').hasError(\'required\') ||\n                      unassignCustomerConfigForm.get(\'customerNamePattern\').hasError(\'pattern\')">\n      {{ \'tb.rulenode.customer-name-pattern-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.customer-cache-expiration</mat-label>\n    <input required type="number" min="0" step="1" matInput formControlName="customerCacheExpiration">\n    <mat-error *ngIf="unassignCustomerConfigForm.get(\'customerCacheExpiration\').hasError(\'required\')">\n      {{ \'tb.rulenode.customer-cache-expiration-required\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="unassignCustomerConfigForm.get(\'customerCacheExpiration\').hasError(\'min\')">\n      {{ \'tb.rulenode.customer-cache-expiration-range\' | translate }}\n    </mat-error>\n    <mat-hint translate>tb.rulenode.customer-cache-expiration-hint</mat-hint>\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Nt,decorators:[{type:o,args:[{selector:"tb-action-node-un-assign-to-customer-config",templateUrl:"./unassign-customer-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Tt extends y{constructor(e,t){super(e),this.store=e,this.fb=t,this.directionTypes=Object.keys(c),this.directionTypeTranslations=g,this.entityType=x,this.propagateChange=null}get required(){return this.requiredValue}set required(e){this.requiredValue=le(e)}ngOnInit(){this.deviceRelationsQueryFormGroup=this.fb.group({fetchLastLevelOnly:[!1,[]],direction:[null,[k.required]],maxLevel:[null,[]],relationType:[null],deviceTypes:[null,[k.required]]}),this.deviceRelationsQueryFormGroup.valueChanges.subscribe((e=>{this.deviceRelationsQueryFormGroup.valid?this.propagateChange(e):this.propagateChange(null)}))}registerOnChange(e){this.propagateChange=e}registerOnTouched(e){}setDisabledState(e){this.disabled=e,this.disabled?this.deviceRelationsQueryFormGroup.disable({emitEvent:!1}):this.deviceRelationsQueryFormGroup.enable({emitEvent:!1})}writeValue(e){this.deviceRelationsQueryFormGroup.reset(e,{emitEvent:!1})}}e("DeviceRelationsQueryConfigComponent",Tt),Tt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Tt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Tt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Tt,selector:"tb-device-relations-query-config",inputs:{disabled:"disabled",required:"required"},providers:[{provide:S,useExisting:n((()=>Tt)),multi:!0}],usesInheritance:!0,ngImport:t,template:'<section fxLayout="column" [formGroup]="deviceRelationsQueryFormGroup">\n  <mat-checkbox formControlName="fetchLastLevelOnly" style="padding-bottom: 16px;">\n    {{ \'alias.last-level-relation\' | translate }}\n  </mat-checkbox>\n  <div fxLayoutGap="8px" fxLayout="row">\n    <mat-form-field class="mat-block" style="min-width: 100px;">\n      <mat-label translate>relation.direction</mat-label>\n      <mat-select required matInput formControlName="direction">\n        <mat-option *ngFor="let type of directionTypes" [value]="type">\n          {{ directionTypeTranslations.get(type) | translate }}\n        </mat-option>\n      </mat-select>\n    </mat-form-field>\n    <mat-form-field fxFlex floatLabel="always" class="mat-block">\n      <mat-label translate>tb.rulenode.max-relation-level</mat-label>\n      <input matInput\n             type="number"\n             min="1"\n             step="1"\n             placeholder="{{ \'tb.rulenode.unlimited-level\' | translate }}"\n             formControlName="maxLevel">\n    </mat-form-field>\n  </div>\n  <div class="mat-caption" style="color: rgba(0,0,0,0.57);" translate>relation.relation-type</div>\n  <tb-relation-type-autocomplete\n    fxFlex\n    formControlName="relationType">\n  </tb-relation-type-autocomplete>\n  <div class="mat-caption tb-required" style="color: rgba(0,0,0,0.57);" translate>device.device-types</div>\n  <tb-entity-subtype-list\n    required\n    [entityType]="entityType.DEVICE"\n    formControlName="deviceTypes">\n  </tb-entity-subtype-list>\n</section>\n',components:[{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:ye.RelationTypeAutocompleteComponent,selector:"tb-relation-type-autocomplete",inputs:["required","disabled"]},{type:be.EntitySubTypeListComponent,selector:"tb-entity-subtype-list",inputs:["required","disabled","entityType"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Tt,decorators:[{type:o,args:[{selector:"tb-device-relations-query-config",templateUrl:"./device-relations-query-config.component.html",styleUrls:[],providers:[{provide:S,useExisting:n((()=>Tt)),multi:!0}]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]},propDecorators:{disabled:[{type:l}],required:[{type:l}]}});class qt extends y{constructor(e,t){super(e),this.store=e,this.fb=t,this.directionTypes=Object.keys(c),this.directionTypeTranslations=g,this.propagateChange=null}get required(){return this.requiredValue}set required(e){this.requiredValue=le(e)}ngOnInit(){this.relationsQueryFormGroup=this.fb.group({fetchLastLevelOnly:[!1,[]],direction:[null,[k.required]],maxLevel:[null,[]],filters:[null]}),this.relationsQueryFormGroup.valueChanges.subscribe((e=>{this.relationsQueryFormGroup.valid?this.propagateChange(e):this.propagateChange(null)}))}registerOnChange(e){this.propagateChange=e}registerOnTouched(e){}setDisabledState(e){this.disabled=e,this.disabled?this.relationsQueryFormGroup.disable({emitEvent:!1}):this.relationsQueryFormGroup.enable({emitEvent:!1})}writeValue(e){this.relationsQueryFormGroup.reset(e||{},{emitEvent:!1})}}e("RelationsQueryConfigComponent",qt),qt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:qt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),qt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:qt,selector:"tb-relations-query-config",inputs:{disabled:"disabled",required:"required"},providers:[{provide:S,useExisting:n((()=>qt)),multi:!0}],usesInheritance:!0,ngImport:t,template:'<section fxLayout="column" [formGroup]="relationsQueryFormGroup">\n  <mat-checkbox formControlName="fetchLastLevelOnly" style="padding-bottom: 16px;">\n    {{ \'alias.last-level-relation\' | translate }}\n  </mat-checkbox>\n  <div fxLayoutGap="8px" fxLayout="row">\n    <mat-form-field class="mat-block" style="min-width: 100px;">\n      <mat-label translate>relation.direction</mat-label>\n      <mat-select required matInput formControlName="direction">\n        <mat-option *ngFor="let type of directionTypes" [value]="type">\n          {{ directionTypeTranslations.get(type) | translate }}\n        </mat-option>\n      </mat-select>\n    </mat-form-field>\n    <mat-form-field fxFlex floatLabel="always" class="mat-block">\n      <mat-label translate>tb.rulenode.max-relation-level</mat-label>\n      <input matInput\n             type="number"\n             min="1"\n             step="1"\n             placeholder="{{ \'tb.rulenode.unlimited-level\' | translate }}"\n             formControlName="maxLevel">\n    </mat-form-field>\n  </div>\n  <div class="mat-caption" style="color: rgba(0,0,0,0.57);" translate>relation.relation-filters</div>\n  <tb-relation-filters\n    formControlName="filters"\n  ></tb-relation-filters>\n</section>\n',components:[{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:he.RelationFiltersComponent,selector:"tb-relation-filters",inputs:["disabled","allowedEntityTypes"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:qt,decorators:[{type:o,args:[{selector:"tb-relations-query-config",templateUrl:"./relations-query-config.component.html",styleUrls:[],providers:[{provide:S,useExisting:n((()=>qt)),multi:!0}]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]},propDecorators:{disabled:[{type:l}],required:[{type:l}]}});class kt extends y{constructor(e,t,o,r){super(e),this.store=e,this.translate=t,this.truncate=o,this.fb=r,this.placeholder="tb.rulenode.message-type",this.separatorKeysCodes=[Z,X,ee],this.messageTypes=[],this.messageTypesList=[],this.searchText="",this.propagateChange=e=>{},this.messageTypeConfigForm=this.fb.group({messageType:[null]});for(const e of Object.keys(b))this.messageTypesList.push({name:h.get(b[e]),value:e})}get required(){return this.requiredValue}set required(e){this.requiredValue=le(e)}registerOnChange(e){this.propagateChange=e}registerOnTouched(e){}ngOnInit(){this.filteredMessageTypes=this.messageTypeConfigForm.get("messageType").valueChanges.pipe(ue(""),pe((e=>e||"")),de((e=>this.fetchMessageTypes(e))),fe())}ngAfterViewInit(){}setDisabledState(e){this.disabled=e,this.disabled?this.messageTypeConfigForm.disable({emitEvent:!1}):this.messageTypeConfigForm.enable({emitEvent:!1})}writeValue(e){this.searchText="",this.messageTypes.length=0,e&&e.forEach((e=>{const t=this.messageTypesList.find((t=>t.value===e));t?this.messageTypes.push({name:t.name,value:t.value}):this.messageTypes.push({name:e,value:e})}))}displayMessageTypeFn(e){return e?e.name:void 0}textIsNotEmpty(e){return!!(e&&null!=e&&e.length>0)}createMessageType(e,t){e.preventDefault(),this.transformMessageType(t)}add(e){this.transformMessageType(e.value)}fetchMessageTypes(e){if(this.searchText=e,this.searchText&&this.searchText.length){const e=this.searchText.toUpperCase();return Ce(this.messageTypesList.filter((t=>t.name.toUpperCase().includes(e))))}return Ce(this.messageTypesList)}transformMessageType(e){if((e||"").trim()){let t=null;const o=e.trim(),r=this.messageTypesList.find((e=>e.name===o));t=r?{name:r.name,value:r.value}:{name:o,value:o},t&&this.addMessageType(t)}this.clear("")}remove(e){const t=this.messageTypes.indexOf(e);t>=0&&(this.messageTypes.splice(t,1),this.updateModel())}selected(e){this.addMessageType(e.option.value),this.clear("")}addMessageType(e){-1===this.messageTypes.findIndex((t=>t.value===e.value))&&(this.messageTypes.push(e),this.updateModel())}onFocus(){this.messageTypeConfigForm.get("messageType").updateValueAndValidity({onlySelf:!0,emitEvent:!0})}clear(e=""){this.messageTypeInput.nativeElement.value=e,this.messageTypeConfigForm.get("messageType").patchValue(null,{emitEvent:!0}),setTimeout((()=>{this.messageTypeInput.nativeElement.blur(),this.messageTypeInput.nativeElement.focus()}),0)}updateModel(){const e=this.messageTypes.map((e=>e.value));this.required?(this.chipList.errorState=!e.length,this.propagateChange(e.length>0?e:null)):(this.chipList.errorState=!1,this.propagateChange(e))}}e("MessageTypesConfigComponent",kt),kt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:kt,deps:[{token:T.Store},{token:P.TranslateService},{token:C.TruncatePipe},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),kt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:kt,selector:"tb-message-types-config",inputs:{required:"required",label:"label",placeholder:"placeholder",disabled:"disabled"},providers:[{provide:S,useExisting:n((()=>kt)),multi:!0}],viewQueries:[{propertyName:"chipList",first:!0,predicate:["chipList"],descendants:!0},{propertyName:"matAutocomplete",first:!0,predicate:["messageTypeAutocomplete"],descendants:!0},{propertyName:"messageTypeInput",first:!0,predicate:["messageTypeInput"],descendants:!0}],usesInheritance:!0,ngImport:t,template:'<mat-form-field [formGroup]="messageTypeConfigForm" style="width: 100%;">\n  <mat-label *ngIf="label" translate>{{ label }}</mat-label>\n  <mat-chip-list #chipList [required]="required">\n    <mat-chip\n      *ngFor="let messageType of messageTypes"\n      [selectable]="true"\n      [removable]="true"\n      (removed)="remove(messageType)">\n      {{messageType.name}}\n      <mat-icon matChipRemove>close</mat-icon>\n    </mat-chip>\n    <input matInput type="text" placeholder="{{ placeholder | translate }}"\n           style="max-width: 200px;"\n           #messageTypeInput\n           (focusin)="onFocus()"\n           formControlName="messageType"\n           matAutocompleteOrigin\n           #origin="matAutocompleteOrigin"\n           [matAutocompleteConnectedTo]="origin"\n           [matAutocomplete]="messageTypeAutocomplete"\n           [matChipInputFor]="chipList"\n           [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n           (matChipInputTokenEnd)="add($event)">\n  </mat-chip-list>\n  <mat-autocomplete #messageTypeAutocomplete="matAutocomplete"\n                    class="tb-autocomplete"\n                    (optionSelected)="selected($event)"\n                    [displayWith]="displayMessageTypeFn">\n    <mat-option *ngFor="let messageType of filteredMessageTypes | async" [value]="messageType">\n      <span [innerHTML]="messageType.name | highlight:searchText"></span>\n    </mat-option>\n    <mat-option *ngIf="(filteredMessageTypes | async)?.length === 0" [value]="null" class="tb-not-found">\n      <div class="tb-not-found-content" (click)="$event.stopPropagation()">\n        <div *ngIf="!textIsNotEmpty(searchText); else searchNotEmpty">\n          <span translate>tb.rulenode.no-message-types-found</span>\n        </div>\n        <ng-template #searchNotEmpty>\n                <span>\n                  {{ translate.get(\'tb.rulenode.no-message-type-matching\',\n                  {messageType: truncate.transform(searchText, true, 6, &apos;...&apos;)}) | async }}\n                </span>\n        </ng-template>\n        <span>\n          <a translate (click)="createMessageType($event, searchText)">tb.rulenode.create-new-message-type</a>\n        </span>\n      </div>\n    </mat-option>\n  </mat-autocomplete>\n  <mat-error *ngIf="chipList.errorState">\n    {{ \'tb.rulenode.message-types-required\' | translate }}\n  </mat-error>\n</mat-form-field>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:te.MatChipList,selector:"mat-chip-list",inputs:["aria-orientation","multiple","compareWith","value","required","placeholder","disabled","selectable","tabIndex","errorStateMatcher"],outputs:["change","valueChange"],exportAs:["matChipList"]},{type:oe.MatIcon,selector:"mat-icon",inputs:["color","inline","svgIcon","fontSet","fontIcon"],exportAs:["matIcon"]},{type:Fe.MatAutocomplete,selector:"mat-autocomplete",inputs:["disableRipple"],exportAs:["matAutocomplete"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]}],directives:[{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:te.MatChip,selector:"mat-basic-chip, [mat-basic-chip], mat-chip, [mat-chip]",inputs:["color","disableRipple","tabIndex","selected","value","selectable","disabled","removable"],outputs:["selectionChange","destroyed","removed"],exportAs:["matChip"]},{type:te.MatChipRemove,selector:"[matChipRemove]"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:Fe.MatAutocompleteTrigger,selector:"input[matAutocomplete], textarea[matAutocomplete]",exportAs:["matAutocompleteTrigger"]},{type:te.MatChipInput,selector:"input[matChipInputFor]",inputs:["matChipInputSeparatorKeyCodes","placeholder","id","matChipInputFor","matChipInputAddOnBlur","disabled"],outputs:["matChipInputTokenEnd"],exportAs:["matChipInput","matChipInputFor"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:Fe.MatAutocompleteOrigin,selector:"[matAutocompleteOrigin]",exportAs:["matAutocompleteOrigin"]},{type:D.MatError,selector:"mat-error",inputs:["id"]}],pipes:{translate:P.TranslatePipe,async:w.AsyncPipe,highlight:Le.HighlightPipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:kt,decorators:[{type:o,args:[{selector:"tb-message-types-config",templateUrl:"./message-types-config.component.html",styleUrls:[],providers:[{provide:S,useExisting:n((()=>kt)),multi:!0}]}]}],ctorParameters:function(){return[{type:T.Store},{type:P.TranslateService},{type:C.TruncatePipe},{type:q.FormBuilder}]},propDecorators:{required:[{type:l}],label:[{type:l}],placeholder:[{type:l}],disabled:[{type:l}],chipList:[{type:a,args:["chipList",{static:!1}]}],matAutocomplete:[{type:a,args:["messageTypeAutocomplete",{static:!1}]}],messageTypeInput:[{type:a,args:["messageTypeInput",{static:!1}]}]}});class Mt{}e("RulenodeCoreConfigCommonModule",Mt),Mt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Mt,deps:[],target:t.ɵɵFactoryTarget.NgModule}),Mt.ɵmod=t.ɵɵngDeclareNgModule({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Mt,declarations:[nt,Tt,qt,kt,st,Te],imports:[O,F,xe],exports:[nt,Tt,qt,kt,st,Te]}),Mt.ɵinj=t.ɵɵngDeclareInjector({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Mt,imports:[[O,F,xe]]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Mt,decorators:[{type:i,args:[{declarations:[nt,Tt,qt,kt,st,Te],imports:[O,F,xe],exports:[nt,Tt,qt,kt,st,Te]}]}]});class St{}e("RuleNodeCoreConfigActionModule",St),St.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:St,deps:[],target:t.ɵɵFactoryTarget.NgModule}),St.ɵmod=t.ɵɵngDeclareNgModule({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:St,declarations:[ke,It,bt,it,qe,Ze,Xe,et,pt,tt,rt,at,ut,yt,ht,Nt,Lt,vt,dt,lt,mt,gt,xt,Ct,Je,Ye,ot,Ft,ct,ft],imports:[O,F,xe,Mt],exports:[ke,It,bt,it,qe,Ze,Xe,et,pt,tt,rt,at,ut,yt,ht,Nt,Lt,vt,dt,lt,mt,gt,xt,Ct,Je,Ye,ot,Ft,ct,ft]}),St.ɵinj=t.ɵɵngDeclareInjector({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:St,imports:[[O,F,xe,Mt]]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:St,decorators:[{type:i,args:[{declarations:[ke,It,bt,it,qe,Ze,Xe,et,pt,tt,rt,at,ut,yt,ht,Nt,Lt,vt,dt,lt,mt,gt,xt,Ct,Je,Ye,ot,Ft,ct,ft],imports:[O,F,xe,Mt],exports:[ke,It,bt,it,qe,Ze,Xe,et,pt,tt,rt,at,ut,yt,ht,Nt,Lt,vt,dt,lt,mt,gt,xt,Ct,Je,Ye,ot,Ft,ct,ft]}]}]});class At extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.separatorKeysCodes=[Z,X,ee]}configForm(){return this.calculateDeltaConfigForm}onConfigurationSet(e){this.calculateDeltaConfigForm=this.fb.group({inputValueKey:[e?e.inputValueKey:null,[k.required]],outputValueKey:[e?e.outputValueKey:null,[k.required]],useCache:[e?e.useCache:null,[]],addPeriodBetweenMsgs:[!!e&&e.addPeriodBetweenMsgs,[]],periodValueKey:[e?e.periodValueKey:null,[]],round:[e?e.round:null,[k.min(0),k.max(15)]],tellFailureIfDeltaIsNegative:[e?e.tellFailureIfDeltaIsNegative:null,[]]})}updateValidators(e){this.calculateDeltaConfigForm.get("addPeriodBetweenMsgs").value?this.calculateDeltaConfigForm.get("periodValueKey").setValidators([k.required]):this.calculateDeltaConfigForm.get("periodValueKey").setValidators([]),this.calculateDeltaConfigForm.get("periodValueKey").updateValueAndValidity({emitEvent:e})}validatorTriggers(){return["addPeriodBetweenMsgs"]}}e("CalculateDeltaConfigComponent",At),At.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:At,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),At.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:At,selector:"tb-enrichment-node-calculate-delta-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="calculateDeltaConfigForm" fxLayout="column">\n  <div fxLayout.gt-sm="row" fxLayoutGap.gt-sm="8px">\n    <mat-form-field class="mat-block" fxFlex="100" fxFlex.gt-sm="38">\n      <mat-label translate>tb.rulenode.input-value-key</mat-label>\n      <input required matInput formControlName="inputValueKey">\n      <mat-error *ngIf="calculateDeltaConfigForm.get(\'inputValueKey\').hasError(\'required\')">\n        {{ \'tb.rulenode.input-value-key-required\' | translate }}\n      </mat-error>\n    </mat-form-field>\n    <mat-form-field class="mat-block" fxFlex="100" fxFlex.gt-sm="38">\n      <mat-label translate>tb.rulenode.output-value-key</mat-label>\n      <input required matInput formControlName="outputValueKey">\n      <mat-error *ngIf="calculateDeltaConfigForm.get(\'outputValueKey\').hasError(\'required\')">\n        {{ \'tb.rulenode.output-value-key-required\' | translate }}\n      </mat-error>\n    </mat-form-field>\n    <mat-form-field class="mat-block" fxFlex="100" fxFlex.gt-sm="24">\n      <mat-label translate>tb.rulenode.round</mat-label>\n      <input type="number" min="0" max="15" step="1" matInput formControlName="round">\n      <mat-error *ngIf="calculateDeltaConfigForm.get(\'round\').hasError(\'min\')">\n        {{ \'tb.rulenode.round-range\' | translate }}\n      </mat-error>\n      <mat-error *ngIf="calculateDeltaConfigForm.get(\'round\').hasError(\'max\')">\n        {{ \'tb.rulenode.round-range\' | translate }}\n      </mat-error>\n    </mat-form-field>\n  </div>\n  <mat-checkbox formControlName="useCache" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.use-cache\' | translate }}\n  </mat-checkbox>\n  <mat-checkbox formControlName="tellFailureIfDeltaIsNegative" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.tell-failure-if-delta-is-negative\' | translate }}\n  </mat-checkbox>\n  <mat-checkbox formControlName="addPeriodBetweenMsgs" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.add-period-between-msgs\' | translate }}\n  </mat-checkbox>\n  <mat-form-field class="mat-block" *ngIf="calculateDeltaConfigForm.get(\'addPeriodBetweenMsgs\').value">\n    <mat-label translate>tb.rulenode.period-value-key</mat-label>\n    <input required matInput formControlName="periodValueKey">\n    <mat-error *ngIf="calculateDeltaConfigForm.get(\'periodValueKey\').hasError(\'required\')">\n      {{ \'tb.rulenode.period-value-key-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.MaxValidator,selector:"input[type=number][max][formControlName],input[type=number][max][formControl],input[type=number][max][ngModel]",inputs:["max"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:At,decorators:[{type:o,args:[{selector:"tb-enrichment-node-calculate-delta-config",templateUrl:"./calculate-delta-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Gt extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.customerAttributesConfigForm}onConfigurationSet(e){this.customerAttributesConfigForm=this.fb.group({telemetry:[!!e&&e.telemetry,[]],attrMapping:[e?e.attrMapping:null,[k.required]]})}}e("CustomerAttributesConfigComponent",Gt),Gt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Gt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Gt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Gt,selector:"tb-enrichment-node-customer-attributes-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="customerAttributesConfigForm" fxLayout="column">\n  <label translate class="tb-title tb-required">tb.rulenode.attr-mapping</label>\n  <mat-checkbox fxFlex formControlName="telemetry" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.latest-telemetry\' | translate }}\n  </mat-checkbox>\n  <tb-kv-map-config\n    required\n    formControlName="attrMapping"\n    requiredText="tb.rulenode.attr-mapping-required"\n    keyText="{{ customerAttributesConfigForm.get(\'telemetry\').value ? \'tb.rulenode.source-telemetry\' : \'tb.rulenode.source-attribute\' }}"\n    keyRequiredText="{{ customerAttributesConfigForm.get(\'telemetry\').value ? \'tb.rulenode.source-telemetry-required\' : \'tb.rulenode.source-attribute-required\' }}"\n    valText="tb.rulenode.target-attribute"\n    valRequiredText="tb.rulenode.target-attribute-required"\n    hintText="tb.rulenode.kv-map-pattern-hint">\n  </tb-kv-map-config>\n</section>\n',components:[{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:nt,selector:"tb-kv-map-config",inputs:["disabled","requiredText","keyText","keyRequiredText","valText","valRequiredText","hintText","required"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Gt,decorators:[{type:o,args:[{selector:"tb-enrichment-node-customer-attributes-config",templateUrl:"./customer-attributes-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Dt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.separatorKeysCodes=[Z,X,ee]}configForm(){return this.deviceAttributesConfigForm}onConfigurationSet(e){this.deviceAttributesConfigForm=this.fb.group({deviceRelationsQuery:[e?e.deviceRelationsQuery:null,[k.required]],tellFailureIfAbsent:[!!e&&e.tellFailureIfAbsent,[]],clientAttributeNames:[e?e.clientAttributeNames:null,[]],sharedAttributeNames:[e?e.sharedAttributeNames:null,[]],serverAttributeNames:[e?e.serverAttributeNames:null,[]],latestTsKeyNames:[e?e.latestTsKeyNames:null,[]],getLatestValueWithTs:[!!e&&e.getLatestValueWithTs,[]]})}removeKey(e,t){const o=this.deviceAttributesConfigForm.get(t).value,r=o.indexOf(e);r>=0&&(o.splice(r,1),this.deviceAttributesConfigForm.get(t).setValue(o,{emitEvent:!0}))}addKey(e,t){const o=e.input;let r=e.value;if((r||"").trim()){r=r.trim();let e=this.deviceAttributesConfigForm.get(t).value;e&&-1!==e.indexOf(r)||(e||(e=[]),e.push(r),this.deviceAttributesConfigForm.get(t).setValue(e,{emitEvent:!0}))}o&&(o.value="")}}e("DeviceAttributesConfigComponent",Dt),Dt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Dt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Dt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Dt,selector:"tb-enrichment-node-device-attributes-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="deviceAttributesConfigForm" fxLayout="column">\n  <label translate class="tb-title tb-required">tb.rulenode.device-relations-query</label>\n  <tb-device-relations-query-config\n    required\n    formControlName="deviceRelationsQuery"\n    style="padding-bottom: 15px;">\n  </tb-device-relations-query-config>\n  <mat-checkbox fxFlex formControlName="tellFailureIfAbsent" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.tell-failure-if-absent\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" translate>tb.rulenode.tell-failure-if-absent-hint</div>\n  <label translate class="tb-title no-padding">tb.rulenode.client-attributes</label>\n  <mat-form-field floatLabel="always" class="mat-block">\n    <mat-label></mat-label>\n    <mat-chip-list #clientAttributesChipList>\n      <mat-chip\n        *ngFor="let key of deviceAttributesConfigForm.get(\'clientAttributeNames\').value;"\n        (removed)="removeKey(key, \'clientAttributeNames\')">\n        {{key}}\n        <mat-icon matChipRemove>close</mat-icon>\n      </mat-chip>\n      <input matInput type="text" placeholder="{{\'tb.rulenode.client-attributes\' | translate}}"\n             style="max-width: 200px;"\n             [matChipInputFor]="clientAttributesChipList"\n             [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n             (matChipInputTokenEnd)="addKey($event, \'clientAttributeNames\')"\n             [matChipInputAddOnBlur]="true">\n    </mat-chip-list>\n  </mat-form-field>\n  <label translate class="tb-title no-padding">tb.rulenode.shared-attributes</label>\n  <mat-form-field floatLabel="always" class="mat-block">\n    <mat-label></mat-label>\n    <mat-chip-list #sharedAttributesChipList>\n      <mat-chip\n        *ngFor="let key of deviceAttributesConfigForm.get(\'sharedAttributeNames\').value;"\n        (removed)="removeKey(key, \'sharedAttributeNames\')">\n        {{key}}\n        <mat-icon matChipRemove>close</mat-icon>\n      </mat-chip>\n      <input matInput type="text" placeholder="{{\'tb.rulenode.shared-attributes\' | translate}}"\n             style="max-width: 200px;"\n             [matChipInputFor]="sharedAttributesChipList"\n             [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n             (matChipInputTokenEnd)="addKey($event, \'sharedAttributeNames\')"\n             [matChipInputAddOnBlur]="true">\n    </mat-chip-list>\n  </mat-form-field>\n  <label translate class="tb-title no-padding">tb.rulenode.server-attributes</label>\n  <mat-form-field floatLabel="always" class="mat-block">\n    <mat-label></mat-label>\n    <mat-chip-list #serverAttributesChipList>\n      <mat-chip\n        *ngFor="let key of deviceAttributesConfigForm.get(\'serverAttributeNames\').value;"\n        (removed)="removeKey(key, \'serverAttributeNames\')">\n        {{key}}\n        <mat-icon matChipRemove>close</mat-icon>\n      </mat-chip>\n      <input matInput type="text" placeholder="{{\'tb.rulenode.server-attributes\' | translate}}"\n             style="max-width: 200px;"\n             [matChipInputFor]="serverAttributesChipList"\n             [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n             (matChipInputTokenEnd)="addKey($event, \'serverAttributeNames\')"\n             [matChipInputAddOnBlur]="true">\n    </mat-chip-list>\n  </mat-form-field>\n  <label translate class="tb-title no-padding">tb.rulenode.latest-timeseries</label>\n  <mat-form-field floatLabel="always" class="mat-block">\n    <mat-label></mat-label>\n    <mat-chip-list #latestTimeseriesChipList>\n      <mat-chip\n        *ngFor="let key of deviceAttributesConfigForm.get(\'latestTsKeyNames\').value;"\n        (removed)="removeKey(key, \'latestTsKeyNames\')">\n        {{key}}\n        <mat-icon matChipRemove>close</mat-icon>\n      </mat-chip>\n      <input matInput type="text" placeholder="{{\'tb.rulenode.latest-timeseries\' | translate}}"\n             style="max-width: 200px;"\n             [matChipInputFor]="latestTimeseriesChipList"\n             [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n             (matChipInputTokenEnd)="addKey($event, \'latestTsKeyNames\')"\n             [matChipInputAddOnBlur]="true">\n    </mat-chip-list>\n  </mat-form-field>\n  <mat-checkbox formControlName="getLatestValueWithTs" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.get-latest-value-with-ts\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" [innerHTML]="\'tb.rulenode.get-latest-value-with-ts-hint\' | translate | safeHtml"></div>\n</section>\n',styles:[":host label.tb-title{margin-bottom:-10px}\n"],components:[{type:Tt,selector:"tb-device-relations-query-config",inputs:["disabled","required"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:te.MatChipList,selector:"mat-chip-list",inputs:["aria-orientation","multiple","compareWith","value","required","placeholder","disabled","selectable","tabIndex","errorStateMatcher"],outputs:["change","valueChange"],exportAs:["matChipList"]},{type:oe.MatIcon,selector:"mat-icon",inputs:["color","inline","svgIcon","fontSet","fontIcon"],exportAs:["matIcon"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:D.MatLabel,selector:"mat-label"},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:te.MatChip,selector:"mat-basic-chip, [mat-basic-chip], mat-chip, [mat-chip]",inputs:["color","disableRipple","tabIndex","selected","value","selectable","disabled","removable"],outputs:["selectionChange","destroyed","removed"],exportAs:["matChip"]},{type:te.MatChipRemove,selector:"[matChipRemove]"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:te.MatChipInput,selector:"input[matChipInputFor]",inputs:["matChipInputSeparatorKeyCodes","placeholder","id","matChipInputFor","matChipInputAddOnBlur","disabled"],outputs:["matChipInputTokenEnd"],exportAs:["matChipInput","matChipInputFor"]}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Dt,decorators:[{type:o,args:[{selector:"tb-enrichment-node-device-attributes-config",templateUrl:"./device-attributes-config.component.html",styleUrls:["./device-attributes-config.component.scss"]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Vt extends s{constructor(e,t,o){super(e),this.store=e,this.translate=t,this.fb=o,this.entityDetailsTranslationsMap=we,this.entityDetailsList=[],this.searchText="",this.displayDetailsFn=this.displayDetails.bind(this);for(const e of Object.keys(Re))this.entityDetailsList.push(Re[e]);this.detailsFormControl=new G(""),this.filteredEntityDetails=this.detailsFormControl.valueChanges.pipe(ue(""),pe((e=>e||"")),de((e=>this.fetchEntityDetails(e))),fe())}ngOnInit(){super.ngOnInit()}configForm(){return this.entityDetailsConfigForm}prepareInputConfig(e){return this.searchText="",this.detailsFormControl.patchValue("",{emitEvent:!0}),e}onConfigurationSet(e){this.entityDetailsConfigForm=this.fb.group({detailsList:[e?e.detailsList:null,[k.required]],addToMetadata:[!!e&&e.addToMetadata,[]]})}displayDetails(e){return e?this.translate.instant(we.get(e)):void 0}fetchEntityDetails(e){if(this.searchText=e,this.searchText&&this.searchText.length){const e=this.searchText.toUpperCase();return Ce(this.entityDetailsList.filter((t=>this.translate.instant(we.get(Re[t])).toUpperCase().includes(e))))}return Ce(this.entityDetailsList)}detailsFieldSelected(e){this.addDetailsField(e.option.value),this.clear("")}removeDetailsField(e){const t=this.entityDetailsConfigForm.get("detailsList").value;if(t){const o=t.indexOf(e);o>=0&&(t.splice(o,1),this.entityDetailsConfigForm.get("detailsList").setValue(t))}}addDetailsField(e){let t=this.entityDetailsConfigForm.get("detailsList").value;t||(t=[]);-1===t.indexOf(e)&&(t.push(e),this.entityDetailsConfigForm.get("detailsList").setValue(t))}onEntityDetailsInputFocus(){this.detailsFormControl.updateValueAndValidity({onlySelf:!0,emitEvent:!0})}clear(e=""){this.detailsInput.nativeElement.value=e,this.detailsFormControl.patchValue(null,{emitEvent:!0}),setTimeout((()=>{this.detailsInput.nativeElement.blur(),this.detailsInput.nativeElement.focus()}),0)}}e("EntityDetailsConfigComponent",Vt),Vt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Vt,deps:[{token:T.Store},{token:P.TranslateService},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Vt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Vt,selector:"tb-enrichment-node-entity-details-config",viewQueries:[{propertyName:"detailsInput",first:!0,predicate:["detailsInput"],descendants:!0}],usesInheritance:!0,ngImport:t,template:'<section [formGroup]="entityDetailsConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" class="entity-fields-list">\n    <mat-label translate>tb.rulenode.entity-details</mat-label>\n    <mat-chip-list #detailsChipList required>\n      <mat-chip\n        *ngFor="let details of entityDetailsConfigForm.get(\'detailsList\').value;"\n        (removed)="removeDetailsField(details)">\n        <span>\n          <strong>{{entityDetailsTranslationsMap.get(details) | translate}}</strong>\n        </span>\n        <mat-icon matChipRemove>close</mat-icon>\n      </mat-chip>\n      <input matInput type="text"\n             style="max-width: 200px;"\n             #detailsInput\n             (focusin)="onEntityDetailsInputFocus()"\n             [formControl]="detailsFormControl"\n             matAutocompleteOrigin\n             #origin="matAutocompleteOrigin"\n             [matAutocompleteConnectedTo]="origin"\n             [matAutocomplete]="detailsAutocomplete"\n             [matChipInputFor]="detailsChipList">\n    </mat-chip-list>\n    <mat-autocomplete #detailsAutocomplete="matAutocomplete"\n                      class="tb-autocomplete"\n                      (optionSelected)="detailsFieldSelected($event)"\n                      [displayWith]="displayDetailsFn">\n      <mat-option *ngFor="let details of filteredEntityDetails | async" [value]="details">\n        <span [innerHTML]="entityDetailsTranslationsMap.get(details) | translate | highlight:searchText"></span>\n      </mat-option>\n      <mat-option *ngIf="(filteredEntityDetails | async)?.length === 0" [value]="null" class="tb-not-found">\n        <div class="tb-not-found-content" (click)="$event.stopPropagation()">\n          <div>\n            <span translate>tb.rulenode.no-entity-details-matching</span>\n          </div>\n        </div>\n      </mat-option>\n    </mat-autocomplete>\n  </mat-form-field>\n  <tb-error [error]="(detailsFormControl.touched &&\n                     entityDetailsConfigForm.get(\'detailsList\').hasError(\'required\'))\n                  ? translate.instant(\'tb.rulenode.entity-details-list-empty\') : \'\'"></tb-error>\n  <mat-checkbox fxFlex formControlName="addToMetadata" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.add-to-metadata\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" translate>tb.rulenode.add-to-metadata-hint</div>\n</section>\n',styles:[":host ::ng-deep mat-form-field.entity-fields-list .mat-form-field-wrapper{margin-bottom:-1.25em}\n"],components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:te.MatChipList,selector:"mat-chip-list",inputs:["aria-orientation","multiple","compareWith","value","required","placeholder","disabled","selectable","tabIndex","errorStateMatcher"],outputs:["change","valueChange"],exportAs:["matChipList"]},{type:oe.MatIcon,selector:"mat-icon",inputs:["color","inline","svgIcon","fontSet","fontIcon"],exportAs:["matIcon"]},{type:Fe.MatAutocomplete,selector:"mat-autocomplete",inputs:["disableRipple"],exportAs:["matAutocomplete"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:ie.TbErrorComponent,selector:"tb-error",inputs:["error"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:te.MatChip,selector:"mat-basic-chip, [mat-basic-chip], mat-chip, [mat-chip]",inputs:["color","disableRipple","tabIndex","selected","value","selectable","disabled","removable"],outputs:["selectionChange","destroyed","removed"],exportAs:["matChip"]},{type:te.MatChipRemove,selector:"[matChipRemove]"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:Fe.MatAutocompleteTrigger,selector:"input[matAutocomplete], textarea[matAutocomplete]",exportAs:["matAutocompleteTrigger"]},{type:te.MatChipInput,selector:"input[matChipInputFor]",inputs:["matChipInputSeparatorKeyCodes","placeholder","id","matChipInputFor","matChipInputAddOnBlur","disabled"],outputs:["matChipInputTokenEnd"],exportAs:["matChipInput","matChipInputFor"]},{type:Fe.MatAutocompleteOrigin,selector:"[matAutocompleteOrigin]",exportAs:["matAutocompleteOrigin"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlDirective,selector:"[formControl]",inputs:["disabled","formControl","ngModel"],outputs:["ngModelChange"],exportAs:["ngForm"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]}],pipes:{translate:P.TranslatePipe,async:w.AsyncPipe,highlight:Le.HighlightPipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Vt,decorators:[{type:o,args:[{selector:"tb-enrichment-node-entity-details-config",templateUrl:"./entity-details-config.component.html",styleUrls:["./entity-details-config.component.scss"]}]}],ctorParameters:function(){return[{type:T.Store},{type:P.TranslateService},{type:q.FormBuilder}]},propDecorators:{detailsInput:[{type:a,args:["detailsInput",{static:!1}]}]}});class Et extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.separatorKeysCodes=[Z,X,ee],this.aggregationTypes=L,this.aggregations=Object.keys(L),this.aggregationTypesTranslations=v,this.fetchMode=Oe,this.fetchModes=Object.keys(Oe),this.samplingOrders=Object.keys(He),this.timeUnits=Object.values(De),this.timeUnitsTranslationMap=Ve}configForm(){return this.getTelemetryFromDatabaseConfigForm}onConfigurationSet(e){this.getTelemetryFromDatabaseConfigForm=this.fb.group({latestTsKeyNames:[e?e.latestTsKeyNames:null,[]],aggregation:[e?e.aggregation:null,[k.required]],fetchMode:[e?e.fetchMode:null,[k.required]],orderBy:[e?e.orderBy:null,[]],limit:[e?e.limit:null,[]],useMetadataIntervalPatterns:[!!e&&e.useMetadataIntervalPatterns,[]],startInterval:[e?e.startInterval:null,[]],startIntervalTimeUnit:[e?e.startIntervalTimeUnit:null,[]],endInterval:[e?e.endInterval:null,[]],endIntervalTimeUnit:[e?e.endIntervalTimeUnit:null,[]],startIntervalPattern:[e?e.startIntervalPattern:null,[]],endIntervalPattern:[e?e.endIntervalPattern:null,[]]})}validatorTriggers(){return["fetchMode","useMetadataIntervalPatterns"]}updateValidators(e){const t=this.getTelemetryFromDatabaseConfigForm.get("fetchMode").value,o=this.getTelemetryFromDatabaseConfigForm.get("useMetadataIntervalPatterns").value;t&&t===Oe.ALL?(this.getTelemetryFromDatabaseConfigForm.get("aggregation").setValidators([k.required]),this.getTelemetryFromDatabaseConfigForm.get("orderBy").setValidators([k.required]),this.getTelemetryFromDatabaseConfigForm.get("limit").setValidators([k.required,k.min(2),k.max(1e3)])):(this.getTelemetryFromDatabaseConfigForm.get("aggregation").setValidators([]),this.getTelemetryFromDatabaseConfigForm.get("orderBy").setValidators([]),this.getTelemetryFromDatabaseConfigForm.get("limit").setValidators([])),o?(this.getTelemetryFromDatabaseConfigForm.get("startInterval").setValidators([]),this.getTelemetryFromDatabaseConfigForm.get("startIntervalTimeUnit").setValidators([]),this.getTelemetryFromDatabaseConfigForm.get("endInterval").setValidators([]),this.getTelemetryFromDatabaseConfigForm.get("endIntervalTimeUnit").setValidators([]),this.getTelemetryFromDatabaseConfigForm.get("startIntervalPattern").setValidators([k.required]),this.getTelemetryFromDatabaseConfigForm.get("endIntervalPattern").setValidators([k.required])):(this.getTelemetryFromDatabaseConfigForm.get("startInterval").setValidators([k.required,k.min(1),k.max(2147483647)]),this.getTelemetryFromDatabaseConfigForm.get("startIntervalTimeUnit").setValidators([k.required]),this.getTelemetryFromDatabaseConfigForm.get("endInterval").setValidators([k.required,k.min(1),k.max(2147483647)]),this.getTelemetryFromDatabaseConfigForm.get("endIntervalTimeUnit").setValidators([k.required]),this.getTelemetryFromDatabaseConfigForm.get("startIntervalPattern").setValidators([]),this.getTelemetryFromDatabaseConfigForm.get("endIntervalPattern").setValidators([])),this.getTelemetryFromDatabaseConfigForm.get("aggregation").updateValueAndValidity({emitEvent:e}),this.getTelemetryFromDatabaseConfigForm.get("orderBy").updateValueAndValidity({emitEvent:e}),this.getTelemetryFromDatabaseConfigForm.get("limit").updateValueAndValidity({emitEvent:e}),this.getTelemetryFromDatabaseConfigForm.get("startInterval").updateValueAndValidity({emitEvent:e}),this.getTelemetryFromDatabaseConfigForm.get("startIntervalTimeUnit").updateValueAndValidity({emitEvent:e}),this.getTelemetryFromDatabaseConfigForm.get("endInterval").updateValueAndValidity({emitEvent:e}),this.getTelemetryFromDatabaseConfigForm.get("endIntervalTimeUnit").updateValueAndValidity({emitEvent:e}),this.getTelemetryFromDatabaseConfigForm.get("startIntervalPattern").updateValueAndValidity({emitEvent:e}),this.getTelemetryFromDatabaseConfigForm.get("endIntervalPattern").updateValueAndValidity({emitEvent:e})}removeKey(e,t){const o=this.getTelemetryFromDatabaseConfigForm.get(t).value,r=o.indexOf(e);r>=0&&(o.splice(r,1),this.getTelemetryFromDatabaseConfigForm.get(t).setValue(o,{emitEvent:!0}))}addKey(e,t){const o=e.input;let r=e.value;if((r||"").trim()){r=r.trim();let e=this.getTelemetryFromDatabaseConfigForm.get(t).value;e&&-1!==e.indexOf(r)||(e||(e=[]),e.push(r),this.getTelemetryFromDatabaseConfigForm.get(t).setValue(e,{emitEvent:!0}))}o&&(o.value="")}}e("GetTelemetryFromDatabaseConfigComponent",Et),Et.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Et,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Et.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Et,selector:"tb-enrichment-node-get-telemetry-from-database",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="getTelemetryFromDatabaseConfigForm" fxLayout="column">\n  <label translate class="tb-title no-padding">tb.rulenode.timeseries-key</label>\n  <mat-form-field floatLabel="always" class="mat-block" style="padding-bottom: 16px;">\n    <mat-label></mat-label>\n    <mat-chip-list #latestTimeseriesChipList>\n      <mat-chip\n        *ngFor="let key of getTelemetryFromDatabaseConfigForm.get(\'latestTsKeyNames\').value;"\n        (removed)="removeKey(key, \'latestTsKeyNames\')">\n        {{key}}\n        <mat-icon matChipRemove>close</mat-icon>\n      </mat-chip>\n      <input matInput type="text" placeholder="{{\'tb.rulenode.timeseries-key\' | translate}}"\n             style="max-width: 200px;"\n             [matChipInputFor]="latestTimeseriesChipList"\n             [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n             (matChipInputTokenEnd)="addKey($event, \'latestTsKeyNames\')"\n             [matChipInputAddOnBlur]="true">\n    </mat-chip-list>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.fetch-mode</mat-label>\n    <mat-select formControlName="fetchMode" required>\n      <mat-option *ngFor="let mode of fetchModes" [value]="mode">\n        {{ mode }}\n      </mat-option>\n    </mat-select>\n    <mat-hint translate>tb.rulenode.fetch-mode-hint</mat-hint>\n  </mat-form-field>\n  <div fxLayout="column" *ngIf="getTelemetryFromDatabaseConfigForm.get(\'fetchMode\').value === fetchMode.ALL">\n    <mat-form-field>\n      <mat-label translate>aggregation.function</mat-label>\n      <mat-select formControlName="aggregation" required>\n        <mat-option *ngFor="let aggregation of aggregations" [value]="aggregation">\n          {{ aggregationTypesTranslations.get(aggregationTypes[aggregation]) | translate }}\n        </mat-option>\n      </mat-select>\n    </mat-form-field>\n    <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n      <mat-label translate>tb.rulenode.order-by</mat-label>\n      <mat-select formControlName="orderBy" required>\n        <mat-option *ngFor="let order of samplingOrders" [value]="order">\n          {{ order }}\n        </mat-option>\n      </mat-select>\n      <mat-hint translate>tb.rulenode.order-by-hint</mat-hint>\n    </mat-form-field>\n    <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n      <mat-label translate>tb.rulenode.limit</mat-label>\n      <input type="number" min="2" max="1000" step="1" matInput formControlName="limit" required>\n      <mat-hint translate>tb.rulenode.limit-hint</mat-hint>\n    </mat-form-field>\n  </div>\n  <mat-checkbox formControlName="useMetadataIntervalPatterns" style="padding-bottom: 8px;">\n    {{ \'tb.rulenode.use-metadata-interval-patterns\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" style="padding-bottom: 16px;" translate>tb.rulenode.use-metadata-interval-patterns-hint</div>\n  <div fxLayout="column" *ngIf="getTelemetryFromDatabaseConfigForm.get(\'useMetadataIntervalPatterns\').value === false; else intervalPattern">\n    <div fxLayout="column" fxLayout.gt-sm="row" fxLayoutGap.gt-sm="8px">\n      <mat-form-field fxFlex class="mat-block">\n        <mat-label translate>tb.rulenode.start-interval</mat-label>\n        <input type="number" step="1" min="1" max="2147483647" matInput formControlName="startInterval" required>\n        <mat-error *ngIf="getTelemetryFromDatabaseConfigForm.get(\'startInterval\').hasError(\'required\')">\n          {{ \'tb.rulenode.start-interval-value-required\' | translate }}\n        </mat-error>\n        <mat-error *ngIf="getTelemetryFromDatabaseConfigForm.get(\'startInterval\').hasError(\'min\')">\n          {{ \'tb.rulenode.time-value-range\' | translate }}\n        </mat-error>\n        <mat-error *ngIf="getTelemetryFromDatabaseConfigForm.get(\'startInterval\').hasError(\'max\')">\n          {{ \'tb.rulenode.time-value-range\' | translate }}\n        </mat-error>\n      </mat-form-field>\n      <mat-form-field fxFlex class="mat-block">\n        <mat-label translate>tb.rulenode.start-interval-time-unit</mat-label>\n        <mat-select formControlName="startIntervalTimeUnit" required>\n          <mat-option *ngFor="let timeUnit of timeUnits" [value]="timeUnit">\n            {{ timeUnitsTranslationMap.get(timeUnit) | translate }}\n          </mat-option>\n        </mat-select>\n      </mat-form-field>\n    </div>\n    <div fxLayout="column" fxLayout.gt-sm="row" fxLayoutGap.gt-sm="8px">\n      <mat-form-field fxFlex class="mat-block">\n        <mat-label translate>tb.rulenode.end-interval</mat-label>\n        <input type="number" step="1" min="1" max="2147483647" matInput formControlName="endInterval" required>\n        <mat-error *ngIf="getTelemetryFromDatabaseConfigForm.get(\'endInterval\').hasError(\'required\')">\n          {{ \'tb.rulenode.end-interval-value-required\' | translate }}\n        </mat-error>\n        <mat-error *ngIf="getTelemetryFromDatabaseConfigForm.get(\'endInterval\').hasError(\'min\')">\n          {{ \'tb.rulenode.time-value-range\' | translate }}\n        </mat-error>\n        <mat-error *ngIf="getTelemetryFromDatabaseConfigForm.get(\'endInterval\').hasError(\'max\')">\n          {{ \'tb.rulenode.time-value-range\' | translate }}\n        </mat-error>\n      </mat-form-field>\n      <mat-form-field fxFlex class="mat-block">\n        <mat-label translate>tb.rulenode.end-interval-time-unit</mat-label>\n        <mat-select formControlName="endIntervalTimeUnit" required>\n          <mat-option *ngFor="let timeUnit of timeUnits" [value]="timeUnit">\n            {{ timeUnitsTranslationMap.get(timeUnit) | translate }}\n          </mat-option>\n        </mat-select>\n      </mat-form-field>\n    </div>\n  </div>\n  <ng-template #intervalPattern>\n    <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n      <mat-label translate>tb.rulenode.start-interval-pattern</mat-label>\n      <input matInput formControlName="startIntervalPattern" required>\n      <mat-error *ngIf="getTelemetryFromDatabaseConfigForm.get(\'startIntervalPattern\').hasError(\'required\')">\n        {{ \'tb.rulenode.start-interval-pattern-required\' | translate }}\n      </mat-error>\n      <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n    </mat-form-field>\n    <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n      <mat-label translate>tb.rulenode.end-interval-pattern</mat-label>\n      <input matInput formControlName="endIntervalPattern" required>\n      <mat-error *ngIf="getTelemetryFromDatabaseConfigForm.get(\'endIntervalPattern\').hasError(\'required\')">\n        {{ \'tb.rulenode.end-interval-pattern-required\' | translate }}\n      </mat-error>\n      <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n    </mat-form-field>\n  </ng-template>\n</section>\n',styles:[":host label.tb-title{margin-bottom:-10px}\n"],components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:te.MatChipList,selector:"mat-chip-list",inputs:["aria-orientation","multiple","compareWith","value","required","placeholder","disabled","selectable","tabIndex","errorStateMatcher"],outputs:["change","valueChange"],exportAs:["matChipList"]},{type:oe.MatIcon,selector:"mat-icon",inputs:["color","inline","svgIcon","fontSet","fontIcon"],exportAs:["matIcon"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:D.MatLabel,selector:"mat-label"},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:te.MatChip,selector:"mat-basic-chip, [mat-basic-chip], mat-chip, [mat-chip]",inputs:["color","disableRipple","tabIndex","selected","value","selectable","disabled","removable"],outputs:["selectionChange","destroyed","removed"],exportAs:["matChip"]},{type:te.MatChipRemove,selector:"[matChipRemove]"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:te.MatChipInput,selector:"input[matChipInputFor]",inputs:["matChipInputSeparatorKeyCodes","placeholder","id","matChipInputFor","matChipInputAddOnBlur","disabled"],outputs:["matChipInputTokenEnd"],exportAs:["matChipInput","matChipInputFor"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.MaxValidator,selector:"input[type=number][max][formControlName],input[type=number][max][formControl],input[type=number][max][ngModel]",inputs:["max"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:D.MatError,selector:"mat-error",inputs:["id"]}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Et,decorators:[{type:o,args:[{selector:"tb-enrichment-node-get-telemetry-from-database",templateUrl:"./get-telemetry-from-database-config.component.html",styleUrls:["./get-telemetry-from-database-config.component.scss"]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Pt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.separatorKeysCodes=[Z,X,ee]}configForm(){return this.originatorAttributesConfigForm}onConfigurationSet(e){this.originatorAttributesConfigForm=this.fb.group({tellFailureIfAbsent:[!!e&&e.tellFailureIfAbsent,[]],clientAttributeNames:[e?e.clientAttributeNames:null,[]],sharedAttributeNames:[e?e.sharedAttributeNames:null,[]],serverAttributeNames:[e?e.serverAttributeNames:null,[]],latestTsKeyNames:[e?e.latestTsKeyNames:null,[]],getLatestValueWithTs:[!!e&&e.getLatestValueWithTs,[]]})}removeKey(e,t){const o=this.originatorAttributesConfigForm.get(t).value,r=o.indexOf(e);r>=0&&(o.splice(r,1),this.originatorAttributesConfigForm.get(t).setValue(o,{emitEvent:!0}))}addKey(e,t){const o=e.input;let r=e.value;if((r||"").trim()){r=r.trim();let e=this.originatorAttributesConfigForm.get(t).value;e&&-1!==e.indexOf(r)||(e||(e=[]),e.push(r),this.originatorAttributesConfigForm.get(t).setValue(e,{emitEvent:!0}))}o&&(o.value="")}}e("OriginatorAttributesConfigComponent",Pt),Pt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Pt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Pt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Pt,selector:"tb-enrichment-node-originator-attributes-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="originatorAttributesConfigForm" fxLayout="column">\n  <mat-checkbox fxFlex formControlName="tellFailureIfAbsent" style="padding-bottom: 8px;">\n    {{ \'tb.rulenode.tell-failure-if-absent\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" translate>tb.rulenode.tell-failure-if-absent-hint</div>\n  <label translate class="tb-title no-padding">tb.rulenode.client-attributes</label>\n  <mat-form-field floatLabel="always" class="mat-block" style="padding-bottom: 16px;">\n    <mat-label></mat-label>\n    <mat-chip-list #clientAttributesChipList>\n      <mat-chip\n        *ngFor="let key of originatorAttributesConfigForm.get(\'clientAttributeNames\').value;"\n        (removed)="removeKey(key, \'clientAttributeNames\')">\n        {{key}}\n        <mat-icon matChipRemove>close</mat-icon>\n      </mat-chip>\n      <input matInput type="text" placeholder="{{\'tb.rulenode.client-attributes\' | translate}}"\n             style="max-width: 200px;"\n             [matChipInputFor]="clientAttributesChipList"\n             [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n             (matChipInputTokenEnd)="addKey($event, \'clientAttributeNames\')"\n             [matChipInputAddOnBlur]="true">\n    </mat-chip-list>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <label translate class="tb-title no-padding">tb.rulenode.shared-attributes</label>\n  <mat-form-field floatLabel="always" class="mat-block" style="padding-bottom: 16px;">\n    <mat-label></mat-label>\n    <mat-chip-list #sharedAttributesChipList>\n      <mat-chip\n        *ngFor="let key of originatorAttributesConfigForm.get(\'sharedAttributeNames\').value;"\n        (removed)="removeKey(key, \'sharedAttributeNames\')">\n        {{key}}\n        <mat-icon matChipRemove>close</mat-icon>\n      </mat-chip>\n      <input matInput type="text" placeholder="{{\'tb.rulenode.shared-attributes\' | translate}}"\n             style="max-width: 200px;"\n             [matChipInputFor]="sharedAttributesChipList"\n             [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n             (matChipInputTokenEnd)="addKey($event, \'sharedAttributeNames\')"\n             [matChipInputAddOnBlur]="true">\n    </mat-chip-list>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <label translate class="tb-title no-padding">tb.rulenode.server-attributes</label>\n  <mat-form-field floatLabel="always" class="mat-block" style="padding-bottom: 16px;">\n    <mat-label></mat-label>\n    <mat-chip-list #serverAttributesChipList>\n      <mat-chip\n        *ngFor="let key of originatorAttributesConfigForm.get(\'serverAttributeNames\').value;"\n        (removed)="removeKey(key, \'serverAttributeNames\')">\n        {{key}}\n        <mat-icon matChipRemove>close</mat-icon>\n      </mat-chip>\n      <input matInput type="text" placeholder="{{\'tb.rulenode.server-attributes\' | translate}}"\n             style="max-width: 200px;"\n             [matChipInputFor]="serverAttributesChipList"\n             [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n             (matChipInputTokenEnd)="addKey($event, \'serverAttributeNames\')"\n             [matChipInputAddOnBlur]="true">\n    </mat-chip-list>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <label translate class="tb-title no-padding">tb.rulenode.latest-timeseries</label>\n  <mat-form-field floatLabel="always" class="mat-block" style="padding-bottom: 16px;">\n    <mat-label></mat-label>\n    <mat-chip-list #latestTimeseriesChipList>\n      <mat-chip\n        *ngFor="let key of originatorAttributesConfigForm.get(\'latestTsKeyNames\').value;"\n        (removed)="removeKey(key, \'latestTsKeyNames\')">\n        {{key}}\n        <mat-icon matChipRemove>close</mat-icon>\n      </mat-chip>\n      <input matInput type="text" placeholder="{{\'tb.rulenode.latest-timeseries\' | translate}}"\n             style="max-width: 200px;"\n             [matChipInputFor]="latestTimeseriesChipList"\n             [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n             (matChipInputTokenEnd)="addKey($event, \'latestTsKeyNames\')"\n             [matChipInputAddOnBlur]="true">\n    </mat-chip-list>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-checkbox formControlName="getLatestValueWithTs" style="padding-bottom: 8px;">\n    {{ \'tb.rulenode.get-latest-value-with-ts\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" [innerHTML]="\'tb.rulenode.get-latest-value-with-ts-hint\' | translate | safeHtml"></div>\n</section>\n',styles:[":host label.tb-title{margin-bottom:-10px}\n"],components:[{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:te.MatChipList,selector:"mat-chip-list",inputs:["aria-orientation","multiple","compareWith","value","required","placeholder","disabled","selectable","tabIndex","errorStateMatcher"],outputs:["change","valueChange"],exportAs:["matChipList"]},{type:oe.MatIcon,selector:"mat-icon",inputs:["color","inline","svgIcon","fontSet","fontIcon"],exportAs:["matIcon"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:D.MatLabel,selector:"mat-label"},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:te.MatChip,selector:"mat-basic-chip, [mat-basic-chip], mat-chip, [mat-chip]",inputs:["color","disableRipple","tabIndex","selected","value","selectable","disabled","removable"],outputs:["selectionChange","destroyed","removed"],exportAs:["matChip"]},{type:te.MatChipRemove,selector:"[matChipRemove]"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:te.MatChipInput,selector:"input[matChipInputFor]",inputs:["matChipInputSeparatorKeyCodes","placeholder","id","matChipInputFor","matChipInputAddOnBlur","disabled"],outputs:["matChipInputTokenEnd"],exportAs:["matChipInput","matChipInputFor"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Pt,decorators:[{type:o,args:[{selector:"tb-enrichment-node-originator-attributes-config",templateUrl:"./originator-attributes-config.component.html",styleUrls:["./originator-attributes-config.component.scss"]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Rt extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.originatorFieldsConfigForm}onConfigurationSet(e){this.originatorFieldsConfigForm=this.fb.group({fieldsMapping:[e?e.fieldsMapping:null,[k.required]]})}}e("OriginatorFieldsConfigComponent",Rt),Rt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Rt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Rt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Rt,selector:"tb-enrichment-node-originator-fields-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="originatorFieldsConfigForm" fxLayout="column">\n  <label translate class="tb-title tb-required">tb.rulenode.fields-mapping</label>\n  <tb-kv-map-config\n    required\n    formControlName="fieldsMapping"\n    requiredText="tb.rulenode.fields-mapping-required"\n    keyText="tb.rulenode.source-field"\n    keyRequiredText="tb.rulenode.source-field-required"\n    valText="tb.rulenode.target-attribute"\n    valRequiredText="tb.rulenode.target-attribute-required">\n  </tb-kv-map-config>\n</section>\n',components:[{type:nt,selector:"tb-kv-map-config",inputs:["disabled","requiredText","keyText","keyRequiredText","valText","valRequiredText","hintText","required"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]}]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Rt,decorators:[{type:o,args:[{selector:"tb-enrichment-node-originator-fields-config",templateUrl:"./originator-fields-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class wt extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.relatedAttributesConfigForm}onConfigurationSet(e){this.relatedAttributesConfigForm=this.fb.group({relationsQuery:[e?e.relationsQuery:null,[k.required]],telemetry:[!!e&&e.telemetry,[]],attrMapping:[e?e.attrMapping:null,[k.required]]})}}e("RelatedAttributesConfigComponent",wt),wt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:wt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),wt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:wt,selector:"tb-enrichment-node-related-attributes-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="relatedAttributesConfigForm" fxLayout="column">\n  <label translate class="tb-title tb-required">tb.rulenode.relations-query</label>\n  <tb-relations-query-config\n    required\n    formControlName="relationsQuery"\n    style="padding-bottom: 15px;">\n  </tb-relations-query-config>\n  <label translate class="tb-title tb-required">tb.rulenode.attr-mapping</label>\n  <mat-checkbox fxFlex formControlName="telemetry" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.latest-telemetry\' | translate }}\n  </mat-checkbox>\n  <tb-kv-map-config\n    required\n    formControlName="attrMapping"\n    requiredText="tb.rulenode.attr-mapping-required"\n    keyText="{{ relatedAttributesConfigForm.get(\'telemetry\').value ? \'tb.rulenode.source-telemetry\' : \'tb.rulenode.source-attribute\' }}"\n    keyRequiredText="{{ relatedAttributesConfigForm.get(\'telemetry\').value ? \'tb.rulenode.source-telemetry-required\' : \'tb.rulenode.source-attribute-required\' }}"\n    valText="tb.rulenode.target-attribute"\n    valRequiredText="tb.rulenode.target-attribute-required"\n    hintText="tb.rulenode.kv-map-pattern-hint">\n  </tb-kv-map-config>\n</section>\n',components:[{type:qt,selector:"tb-relations-query-config",inputs:["disabled","required"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:nt,selector:"tb-kv-map-config",inputs:["disabled","requiredText","keyText","keyRequiredText","valText","valRequiredText","hintText","required"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:wt,decorators:[{type:o,args:[{selector:"tb-enrichment-node-related-attributes-config",templateUrl:"./related-attributes-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Ot extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.tenantAttributesConfigForm}onConfigurationSet(e){this.tenantAttributesConfigForm=this.fb.group({telemetry:[!!e&&e.telemetry,[]],attrMapping:[e?e.attrMapping:null,[k.required]]})}}e("TenantAttributesConfigComponent",Ot),Ot.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ot,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Ot.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Ot,selector:"tb-enrichment-node-tenant-attributes-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="tenantAttributesConfigForm" fxLayout="column">\n  <label translate class="tb-title tb-required">tb.rulenode.attr-mapping</label>\n  <mat-checkbox fxFlex formControlName="telemetry" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.latest-telemetry\' | translate }}\n  </mat-checkbox>\n  <tb-kv-map-config\n    required\n    formControlName="attrMapping"\n    requiredText="tb.rulenode.attr-mapping-required"\n    keyText="{{ tenantAttributesConfigForm.get(\'telemetry\').value ? \'tb.rulenode.source-telemetry\' : \'tb.rulenode.source-attribute\' }}"\n    keyRequiredText="{{ tenantAttributesConfigForm.get(\'telemetry\').value ? \'tb.rulenode.source-telemetry-required\' : \'tb.rulenode.source-attribute-required\' }}"\n    valText="tb.rulenode.target-attribute"\n    valRequiredText="tb.rulenode.target-attribute-required"\n    hintText="tb.rulenode.kv-map-pattern-hint">\n  </tb-kv-map-config>\n</section>\n',components:[{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:nt,selector:"tb-kv-map-config",inputs:["disabled","requiredText","keyText","keyRequiredText","valText","valRequiredText","hintText","required"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ot,decorators:[{type:o,args:[{selector:"tb-enrichment-node-tenant-attributes-config",templateUrl:"./tenant-attributes-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Ht{}e("RulenodeCoreConfigEnrichmentModule",Ht),Ht.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ht,deps:[],target:t.ɵɵFactoryTarget.NgModule}),Ht.ɵmod=t.ɵɵngDeclareNgModule({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ht,declarations:[Gt,Vt,Dt,Pt,Rt,Et,wt,Ot,At],imports:[O,F,Mt],exports:[Gt,Vt,Dt,Pt,Rt,Et,wt,Ot,At]}),Ht.ɵinj=t.ɵɵngDeclareInjector({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ht,imports:[[O,F,Mt]]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ht,decorators:[{type:i,args:[{declarations:[Gt,Vt,Dt,Pt,Rt,Et,wt,Ot,At],imports:[O,F,Mt],exports:[Gt,Vt,Dt,Pt,Rt,Et,wt,Ot,At]}]}]});class Ut extends s{constructor(e,t,o){super(e),this.store=e,this.translate=t,this.fb=o,this.alarmStatusTranslationsMap=I,this.alarmStatusList=[],this.searchText="",this.displayStatusFn=this.displayStatus.bind(this);for(const e of Object.keys(N))this.alarmStatusList.push(N[e]);this.statusFormControl=new G(""),this.filteredAlarmStatus=this.statusFormControl.valueChanges.pipe(ue(""),pe((e=>e||"")),de((e=>this.fetchAlarmStatus(e))),fe())}ngOnInit(){super.ngOnInit()}configForm(){return this.alarmStatusConfigForm}prepareInputConfig(e){return this.searchText="",this.statusFormControl.patchValue("",{emitEvent:!0}),e}onConfigurationSet(e){this.alarmStatusConfigForm=this.fb.group({alarmStatusList:[e?e.alarmStatusList:null,[k.required]]})}displayStatus(e){return e?this.translate.instant(I.get(e)):void 0}fetchAlarmStatus(e){const t=this.getAlarmStatusList();if(this.searchText=e,this.searchText&&this.searchText.length){const e=this.searchText.toUpperCase();return Ce(t.filter((t=>this.translate.instant(I.get(N[t])).toUpperCase().includes(e))))}return Ce(t)}alarmStatusSelected(e){this.addAlarmStatus(e.option.value),this.clear("")}removeAlarmStatus(e){const t=this.alarmStatusConfigForm.get("alarmStatusList").value;if(t){const o=t.indexOf(e);o>=0&&(t.splice(o,1),this.alarmStatusConfigForm.get("alarmStatusList").setValue(t))}}addAlarmStatus(e){let t=this.alarmStatusConfigForm.get("alarmStatusList").value;t||(t=[]);-1===t.indexOf(e)&&(t.push(e),this.alarmStatusConfigForm.get("alarmStatusList").setValue(t))}getAlarmStatusList(){return this.alarmStatusList.filter((e=>-1===this.alarmStatusConfigForm.get("alarmStatusList").value.indexOf(e)))}onAlarmStatusInputFocus(){this.statusFormControl.updateValueAndValidity({onlySelf:!0,emitEvent:!0})}clear(e=""){this.alarmStatusInput.nativeElement.value=e,this.statusFormControl.patchValue(null,{emitEvent:!0}),setTimeout((()=>{this.alarmStatusInput.nativeElement.blur(),this.alarmStatusInput.nativeElement.focus()}),0)}}e("CheckAlarmStatusComponent",Ut),Ut.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ut,deps:[{token:T.Store},{token:P.TranslateService},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Ut.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Ut,selector:"tb-filter-node-check-alarm-status-config",viewQueries:[{propertyName:"alarmStatusInput",first:!0,predicate:["alarmStatusInput"],descendants:!0}],usesInheritance:!0,ngImport:t,template:'<section [formGroup]="alarmStatusConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" class="alarm-status-list">\n  <mat-label translate>tb.rulenode.alarm-status-filter</mat-label>\n  <mat-chip-list #alarmStatusChipList required>\n    <mat-chip\n      *ngFor="let alarmStatus of alarmStatusConfigForm.get(\'alarmStatusList\').value;"\n      (removed)="removeAlarmStatus(alarmStatus)">\n        <span>\n          <strong>{{alarmStatusTranslationsMap.get(alarmStatus) | translate}}</strong>\n        </span>\n      <mat-icon matChipRemove>close</mat-icon>\n    </mat-chip>\n    <input matInput type="text"\n           style="max-width: 200px;"\n           #alarmStatusInput\n           (focusin)="onAlarmStatusInputFocus()"\n           [formControl]="statusFormControl"\n           matAutocompleteOrigin\n           #origin="matAutocompleteOrigin"\n           [matAutocompleteConnectedTo]="origin"\n           [matAutocomplete]="alarmStatusAutocomplete"\n           [matChipInputFor]="alarmStatusChipList">\n  </mat-chip-list>\n  <mat-autocomplete #alarmStatusAutocomplete="matAutocomplete"\n                    class="tb-autocomplete"\n                    (optionSelected)="alarmStatusSelected($event)"\n                    [displayWith]="displayStatusFn">\n    <mat-option *ngFor="let status of filteredAlarmStatus | async" [value]="status">\n      <span [innerHTML]="alarmStatusTranslationsMap.get(status) | translate | highlight:searchText"></span>\n    </mat-option>\n    <mat-option *ngIf="(filteredAlarmStatus | async)?.length === 0" [value]="null" class="tb-not-found">\n      <div class="tb-not-found-content" (click)="$event.stopPropagation()">\n        <div>\n          <span translate>tb.rulenode.no-alarm-status-matching</span>\n        </div>\n      </div>\n    </mat-option>\n  </mat-autocomplete>\n  </mat-form-field>\n  <tb-error [error]="(statusFormControl.touched &&\n                     alarmStatusConfigForm.get(\'alarmStatusList\').hasError(\'required\'))\n                  ? translate.instant(\'tb.rulenode.alarm-status-list-empty\') : \'\'"></tb-error>\n  </section>\n\n\n\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:te.MatChipList,selector:"mat-chip-list",inputs:["aria-orientation","multiple","compareWith","value","required","placeholder","disabled","selectable","tabIndex","errorStateMatcher"],outputs:["change","valueChange"],exportAs:["matChipList"]},{type:oe.MatIcon,selector:"mat-icon",inputs:["color","inline","svgIcon","fontSet","fontIcon"],exportAs:["matIcon"]},{type:Fe.MatAutocomplete,selector:"mat-autocomplete",inputs:["disableRipple"],exportAs:["matAutocomplete"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:ie.TbErrorComponent,selector:"tb-error",inputs:["error"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:te.MatChip,selector:"mat-basic-chip, [mat-basic-chip], mat-chip, [mat-chip]",inputs:["color","disableRipple","tabIndex","selected","value","selectable","disabled","removable"],outputs:["selectionChange","destroyed","removed"],exportAs:["matChip"]},{type:te.MatChipRemove,selector:"[matChipRemove]"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:Fe.MatAutocompleteTrigger,selector:"input[matAutocomplete], textarea[matAutocomplete]",exportAs:["matAutocompleteTrigger"]},{type:te.MatChipInput,selector:"input[matChipInputFor]",inputs:["matChipInputSeparatorKeyCodes","placeholder","id","matChipInputFor","matChipInputAddOnBlur","disabled"],outputs:["matChipInputTokenEnd"],exportAs:["matChipInput","matChipInputFor"]},{type:Fe.MatAutocompleteOrigin,selector:"[matAutocompleteOrigin]",exportAs:["matAutocompleteOrigin"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlDirective,selector:"[formControl]",inputs:["disabled","formControl","ngModel"],outputs:["ngModelChange"],exportAs:["ngForm"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]}],pipes:{translate:P.TranslatePipe,async:w.AsyncPipe,highlight:Le.HighlightPipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ut,decorators:[{type:o,args:[{selector:"tb-filter-node-check-alarm-status-config",templateUrl:"./check-alarm-status.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:P.TranslateService},{type:q.FormBuilder}]},propDecorators:{alarmStatusInput:[{type:a,args:["alarmStatusInput",{static:!1}]}]}});class Kt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.separatorKeysCodes=[Z,X,ee]}configForm(){return this.checkMessageConfigForm}onConfigurationSet(e){this.checkMessageConfigForm=this.fb.group({messageNames:[e?e.messageNames:null,[]],metadataNames:[e?e.metadataNames:null,[]],checkAllKeys:[!!e&&e.checkAllKeys,[]]})}validateConfig(){const e=this.checkMessageConfigForm.get("messageNames").value,t=this.checkMessageConfigForm.get("metadataNames").value;return e.length>0||t.length>0}removeMessageName(e){const t=this.checkMessageConfigForm.get("messageNames").value,o=t.indexOf(e);o>=0&&(t.splice(o,1),this.checkMessageConfigForm.get("messageNames").setValue(t,{emitEvent:!0}))}removeMetadataName(e){const t=this.checkMessageConfigForm.get("metadataNames").value,o=t.indexOf(e);o>=0&&(t.splice(o,1),this.checkMessageConfigForm.get("metadataNames").setValue(t,{emitEvent:!0}))}addMessageName(e){const t=e.input;let o=e.value;if((o||"").trim()){o=o.trim();let e=this.checkMessageConfigForm.get("messageNames").value;e&&-1!==e.indexOf(o)||(e||(e=[]),e.push(o),this.checkMessageConfigForm.get("messageNames").setValue(e,{emitEvent:!0}))}t&&(t.value="")}addMetadataName(e){const t=e.input;let o=e.value;if((o||"").trim()){o=o.trim();let e=this.checkMessageConfigForm.get("metadataNames").value;e&&-1!==e.indexOf(o)||(e||(e=[]),e.push(o),this.checkMessageConfigForm.get("metadataNames").setValue(e,{emitEvent:!0}))}t&&(t.value="")}}e("CheckMessageConfigComponent",Kt),Kt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Kt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Kt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Kt,selector:"tb-filter-node-check-message-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="checkMessageConfigForm" fxLayout="column">\n  <label translate class="tb-title no-padding tb-required">tb.rulenode.data-keys</label>\n  <mat-form-field floatLabel="always" class="mat-block">\n    <mat-label></mat-label>\n    <mat-chip-list #messageNamesChipList>\n      <mat-chip\n        *ngFor="let messageName of checkMessageConfigForm.get(\'messageNames\').value;"\n        (removed)="removeMessageName(messageName)">\n        {{messageName}}\n        <mat-icon matChipRemove>close</mat-icon>\n      </mat-chip>\n      <input matInput type="text" placeholder="{{\'tb.rulenode.data-keys\' | translate}}"\n             style="max-width: 200px;"\n             [matChipInputFor]="messageNamesChipList"\n             [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n             (matChipInputTokenEnd)="addMessageName($event)"\n             [matChipInputAddOnBlur]="true">\n    </mat-chip-list>\n  </mat-form-field>\n  <div class="tb-hint" translate>tb.rulenode.separator-hint</div>\n  <label translate class="tb-title no-padding tb-required">tb.rulenode.metadata-keys</label>\n  <mat-form-field floatLabel="always" class="mat-block">\n    <mat-label></mat-label>\n    <mat-chip-list #metadataNamesChipList>\n      <mat-chip\n        *ngFor="let metadataName of checkMessageConfigForm.get(\'metadataNames\').value;"\n        (removed)="removeMetadataName(metadataName)">\n        {{metadataName}}\n        <mat-icon matChipRemove>close</mat-icon>\n      </mat-chip>\n      <input matInput type="text" placeholder="{{\'tb.rulenode.metadata-keys\' | translate}}"\n             style="max-width: 200px;"\n             [matChipInputFor]="metadataNamesChipList"\n             [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n             (matChipInputTokenEnd)="addMetadataName($event)"\n             [matChipInputAddOnBlur]="true">\n    </mat-chip-list>\n  </mat-form-field>\n  <div class="tb-hint" translate>tb.rulenode.separator-hint</div>\n  <mat-checkbox fxFlex formControlName="checkAllKeys" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.check-all-keys\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" translate>tb.rulenode.check-all-keys-hint</div>\n</section>\n',styles:[":host label.tb-title{margin-bottom:-10px}\n"],components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:te.MatChipList,selector:"mat-chip-list",inputs:["aria-orientation","multiple","compareWith","value","required","placeholder","disabled","selectable","tabIndex","errorStateMatcher"],outputs:["change","valueChange"],exportAs:["matChipList"]},{type:oe.MatIcon,selector:"mat-icon",inputs:["color","inline","svgIcon","fontSet","fontIcon"],exportAs:["matIcon"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:D.MatLabel,selector:"mat-label"},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:te.MatChip,selector:"mat-basic-chip, [mat-basic-chip], mat-chip, [mat-chip]",inputs:["color","disableRipple","tabIndex","selected","value","selectable","disabled","removable"],outputs:["selectionChange","destroyed","removed"],exportAs:["matChip"]},{type:te.MatChipRemove,selector:"[matChipRemove]"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:te.MatChipInput,selector:"input[matChipInputFor]",inputs:["matChipInputSeparatorKeyCodes","placeholder","id","matChipInputFor","matChipInputAddOnBlur","disabled"],outputs:["matChipInputTokenEnd"],exportAs:["matChipInput","matChipInputFor"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Kt,decorators:[{type:o,args:[{selector:"tb-filter-node-check-message-config",templateUrl:"./check-message-config.component.html",styleUrls:["./check-message-config.component.scss"]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Bt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.entitySearchDirection=Object.keys(c),this.entitySearchDirectionTranslationsMap=g}configForm(){return this.checkRelationConfigForm}onConfigurationSet(e){this.checkRelationConfigForm=this.fb.group({checkForSingleEntity:[!!e&&e.checkForSingleEntity,[]],direction:[e?e.direction:null,[]],entityType:[e?e.entityType:null,e&&e.checkForSingleEntity?[k.required]:[]],entityId:[e?e.entityId:null,e&&e.checkForSingleEntity?[k.required]:[]],relationType:[e?e.relationType:null,[k.required]]})}validatorTriggers(){return["checkForSingleEntity"]}updateValidators(e){const t=this.checkRelationConfigForm.get("checkForSingleEntity").value;this.checkRelationConfigForm.get("entityType").setValidators(t?[k.required]:[]),this.checkRelationConfigForm.get("entityType").updateValueAndValidity({emitEvent:e}),this.checkRelationConfigForm.get("entityId").setValidators(t?[k.required]:[]),this.checkRelationConfigForm.get("entityId").updateValueAndValidity({emitEvent:e})}}e("CheckRelationConfigComponent",Bt),Bt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Bt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Bt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Bt,selector:"tb-filter-node-check-relation-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="checkRelationConfigForm" fxLayout="column">\n  <mat-checkbox fxFlex formControlName="checkForSingleEntity" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.check-relation-to-specific-entity\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" translate>tb.rulenode.check-relation-hint</div>\n  <mat-form-field class="mat-block" style="min-width: 100px;">\n    <mat-label translate>relation.direction</mat-label>\n    <mat-select formControlName="direction" required>\n      <mat-option *ngFor="let direction of entitySearchDirection" [value]="direction">\n        {{ entitySearchDirectionTranslationsMap.get(direction) | translate }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n  <div fxLayout="row" *ngIf="checkRelationConfigForm.get(\'checkForSingleEntity\').value" style="padding-top: 20px">\n    <tb-entity-type-select\n      style="min-width: 100px; padding-bottom: 20px; padding-right: 8px;"\n      showLabel\n      required\n      formControlName="entityType">\n    </tb-entity-type-select>\n    <tb-entity-autocomplete\n      fxFlex\n      required\n      *ngIf="checkRelationConfigForm.get(\'entityType\').value"\n      [entityType]="checkRelationConfigForm.get(\'entityType\').value"\n      formControlName="entityId">\n    </tb-entity-autocomplete>\n  </div>\n  <tb-relation-type-autocomplete\n    required\n    formControlName="relationType">\n  </tb-relation-type-autocomplete>\n</section>\n',components:[{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:ae.EntityTypeSelectComponent,selector:"tb-entity-type-select",inputs:["allowedEntityTypes","useAliasEntityTypes","showLabel","required","disabled"]},{type:ve.EntityAutocompleteComponent,selector:"tb-entity-autocomplete",inputs:["entityType","entitySubtype","excludeEntityIds","labelText","requiredText","required","disabled"],outputs:["entityChanged"]},{type:ye.RelationTypeAutocompleteComponent,selector:"tb-relation-type-autocomplete",inputs:["required","disabled"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:D.MatLabel,selector:"mat-label"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Bt,decorators:[{type:o,args:[{selector:"tb-filter-node-check-relation-config",templateUrl:"./check-relation-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class jt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.perimeterType=Ae,this.perimeterTypes=Object.keys(Ae),this.perimeterTypeTranslationMap=Ge,this.rangeUnits=Object.keys(Ee),this.rangeUnitTranslationMap=Pe}configForm(){return this.geoFilterConfigForm}onConfigurationSet(e){this.geoFilterConfigForm=this.fb.group({latitudeKeyName:[e?e.latitudeKeyName:null,[k.required]],longitudeKeyName:[e?e.longitudeKeyName:null,[k.required]],perimeterType:[e?e.perimeterType:null,[k.required]],fetchPerimeterInfoFromMessageMetadata:[!!e&&e.fetchPerimeterInfoFromMessageMetadata,[]],perimeterKeyName:[e?e.perimeterKeyName:null,[]],centerLatitude:[e?e.centerLatitude:null,[]],centerLongitude:[e?e.centerLatitude:null,[]],range:[e?e.range:null,[]],rangeUnit:[e?e.rangeUnit:null,[]],polygonsDefinition:[e?e.polygonsDefinition:null,[]]})}validatorTriggers(){return["fetchPerimeterInfoFromMessageMetadata","perimeterType"]}updateValidators(e){const t=this.geoFilterConfigForm.get("fetchPerimeterInfoFromMessageMetadata").value,o=this.geoFilterConfigForm.get("perimeterType").value;t?this.geoFilterConfigForm.get("perimeterKeyName").setValidators([k.required]):this.geoFilterConfigForm.get("perimeterKeyName").setValidators([]),t||o!==Ae.CIRCLE?(this.geoFilterConfigForm.get("centerLatitude").setValidators([]),this.geoFilterConfigForm.get("centerLongitude").setValidators([]),this.geoFilterConfigForm.get("range").setValidators([]),this.geoFilterConfigForm.get("rangeUnit").setValidators([])):(this.geoFilterConfigForm.get("centerLatitude").setValidators([k.required,k.min(-90),k.max(90)]),this.geoFilterConfigForm.get("centerLongitude").setValidators([k.required,k.min(-180),k.max(180)]),this.geoFilterConfigForm.get("range").setValidators([k.required,k.min(0)]),this.geoFilterConfigForm.get("rangeUnit").setValidators([k.required])),t||o!==Ae.POLYGON?this.geoFilterConfigForm.get("polygonsDefinition").setValidators([]):this.geoFilterConfigForm.get("polygonsDefinition").setValidators([k.required]),this.geoFilterConfigForm.get("perimeterKeyName").updateValueAndValidity({emitEvent:e}),this.geoFilterConfigForm.get("centerLatitude").updateValueAndValidity({emitEvent:e}),this.geoFilterConfigForm.get("centerLongitude").updateValueAndValidity({emitEvent:e}),this.geoFilterConfigForm.get("range").updateValueAndValidity({emitEvent:e}),this.geoFilterConfigForm.get("rangeUnit").updateValueAndValidity({emitEvent:e}),this.geoFilterConfigForm.get("polygonsDefinition").updateValueAndValidity({emitEvent:e})}}e("GpsGeoFilterConfigComponent",jt),jt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:jt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),jt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:jt,selector:"tb-filter-node-gps-geofencing-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="geoFilterConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.latitude-key-name</mat-label>\n    <input matInput formControlName="latitudeKeyName" required>\n    <mat-error *ngIf="geoFilterConfigForm.get(\'latitudeKeyName\').hasError(\'required\')">\n      {{ \'tb.rulenode.latitude-key-name-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.longitude-key-name</mat-label>\n    <input matInput formControlName="longitudeKeyName" required>\n    <mat-error *ngIf="geoFilterConfigForm.get(\'longitudeKeyName\').hasError(\'required\')">\n      {{ \'tb.rulenode.longitude-key-name-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field fxFlex class="mat-block">\n    <mat-label translate>tb.rulenode.perimeter-type</mat-label>\n    <mat-select formControlName="perimeterType" required>\n      <mat-option *ngFor="let type of perimeterTypes" [value]="type">\n        {{ perimeterTypeTranslationMap.get(type) | translate }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n  <mat-checkbox fxFlex formControlName="fetchPerimeterInfoFromMessageMetadata" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.fetch-perimeter-info-from-message-metadata\' | translate }}\n  </mat-checkbox>\n  <mat-form-field *ngIf="geoFilterConfigForm.get(\'fetchPerimeterInfoFromMessageMetadata\').value" class="mat-block">\n    <mat-label translate>tb.rulenode.perimeter-key-name</mat-label>\n    <input matInput formControlName="perimeterKeyName" required>\n    <mat-error *ngIf="geoFilterConfigForm.get(\'perimeterKeyName\').hasError(\'required\')">\n      {{ \'tb.rulenode.perimeter-key-name-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <div fxLayout="column"\n       *ngIf="geoFilterConfigForm.get(\'perimeterType\').value === perimeterType.CIRCLE &&\n       !geoFilterConfigForm.get(\'fetchPerimeterInfoFromMessageMetadata\').value">\n    <div fxLayout="row" fxLayoutGap="8px">\n      <mat-form-field fxFlex>\n        <mat-label translate>tb.rulenode.circle-center-latitude</mat-label>\n        <input type="number" min="-90" max="90" step="0.1" matInput formControlName="centerLatitude" required>\n        <mat-error *ngIf="geoFilterConfigForm.get(\'centerLatitude\').hasError(\'required\')">\n          {{ \'tb.rulenode.circle-center-latitude-required\' | translate }}\n        </mat-error>\n      </mat-form-field>\n      <mat-form-field fxFlex>\n        <mat-label translate>tb.rulenode.circle-center-longitude</mat-label>\n        <input type="number" min="-180" max="180" step="0.1" matInput formControlName="centerLongitude" required>\n        <mat-error *ngIf="geoFilterConfigForm.get(\'centerLongitude\').hasError(\'required\')">\n          {{ \'tb.rulenode.circle-center-longitude-required\' | translate }}\n        </mat-error>\n      </mat-form-field>\n    </div>\n    <div fxLayout="row" fxLayoutGap="8px">\n      <mat-form-field fxFlex>\n        <mat-label translate>tb.rulenode.range</mat-label>\n        <input type="number" min="0" step="0.1" matInput formControlName="range" required>\n        <mat-error *ngIf="geoFilterConfigForm.get(\'range\').hasError(\'required\')">\n          {{ \'tb.rulenode.range-required\' | translate }}\n        </mat-error>\n      </mat-form-field>\n      <mat-form-field fxFlex>\n        <mat-label translate>tb.rulenode.range-units</mat-label>\n        <mat-select formControlName="rangeUnit" required>\n          <mat-option *ngFor="let type of rangeUnits" [value]="type">\n            {{ rangeUnitTranslationMap.get(type) | translate }}\n          </mat-option>\n        </mat-select>\n      </mat-form-field>\n    </div>\n  </div>\n  <div fxLayout="row" *ngIf="geoFilterConfigForm.get(\'perimeterType\').value === perimeterType.POLYGON &&\n                             !geoFilterConfigForm.get(\'fetchPerimeterInfoFromMessageMetadata\').value">\n    <div fxLayout="column" fxFlex="100">\n      <mat-form-field class="mat-block" hintLabel="{{\'tb.rulenode.polygon-definition-hint\' | translate}}">\n        <mat-label translate>tb.rulenode.polygon-definition</mat-label>\n        <input matInput formControlName="polygonsDefinition" required>\n        <mat-error *ngIf="geoFilterConfigForm.get(\'polygonsDefinition\').hasError(\'required\')">\n          {{ \'tb.rulenode.polygon-definition-required\' | translate }}\n        </mat-error>\n      </mat-form-field>\n    </div>\n  </div>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.MaxValidator,selector:"input[type=number][max][formControlName],input[type=number][max][formControl],input[type=number][max][ngModel]",inputs:["max"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:jt,decorators:[{type:o,args:[{selector:"tb-filter-node-gps-geofencing-config",templateUrl:"./gps-geo-filter-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class zt extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.messageTypeConfigForm}onConfigurationSet(e){this.messageTypeConfigForm=this.fb.group({messageTypes:[e?e.messageTypes:null,[k.required]]})}}e("MessageTypeConfigComponent",zt),zt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:zt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),zt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:zt,selector:"tb-filter-node-message-type-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="messageTypeConfigForm" fxLayout="column">\n  <tb-message-types-config\n    required\n    label="tb.rulenode.message-types-filter"\n    formControlName="messageTypes"\n  ></tb-message-types-config>\n</section>\n',components:[{type:kt,selector:"tb-message-types-config",inputs:["required","label","placeholder","disabled"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]}]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:zt,decorators:[{type:o,args:[{selector:"tb-filter-node-message-type-config",templateUrl:"./message-type-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class _t extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.allowedEntityTypes=[x.DEVICE,x.ASSET,x.ENTITY_VIEW,x.TENANT,x.CUSTOMER,x.USER,x.DASHBOARD,x.RULE_CHAIN,x.RULE_NODE]}configForm(){return this.originatorTypeConfigForm}onConfigurationSet(e){this.originatorTypeConfigForm=this.fb.group({originatorTypes:[e?e.originatorTypes:null,[k.required]]})}}e("OriginatorTypeConfigComponent",_t),_t.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:_t,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),_t.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:_t,selector:"tb-filter-node-originator-type-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="originatorTypeConfigForm" fxLayout="column">\n  <label translate class="tb-title no-padding tb-required">tb.rulenode.originator-types-filter</label>\n  <tb-entity-type-list fxFlex\n                       formControlName="originatorTypes"\n                       [allowedEntityTypes]="allowedEntityTypes"\n                       [ignoreAuthorityFilter]="true"\n                       required>\n  </tb-entity-type-list>\n</section>\n',styles:[":host ::ng-deep tb-entity-type-list .mat-form-field-flex{padding-top:0}:host ::ng-deep tb-entity-type-list .mat-form-field-infix{border-top:0}\n"],components:[{type:Ie.EntityTypeListComponent,selector:"tb-entity-type-list",inputs:["required","disabled","allowedEntityTypes","ignoreAuthorityFilter"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]}]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:_t,decorators:[{type:o,args:[{selector:"tb-filter-node-originator-type-config",templateUrl:"./originator-type-config.component.html",styleUrls:["./originator-type-config.component.scss"]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Qt extends s{constructor(e,t,o,r){super(e),this.store=e,this.fb=t,this.nodeScriptTestService=o,this.translate=r}configForm(){return this.scriptConfigForm}onConfigurationSet(e){this.scriptConfigForm=this.fb.group({jsScript:[e?e.jsScript:null,[k.required]]})}testScript(){const e=this.scriptConfigForm.get("jsScript").value;this.nodeScriptTestService.testNodeScript(e,"filter",this.translate.instant("tb.rulenode.filter"),"Filter",["msg","metadata","msgType"],this.ruleNodeId,"rulenode/filter_node_script_fn").subscribe((e=>{e&&this.scriptConfigForm.get("jsScript").setValue(e)}))}onValidate(){this.jsFuncComponent.validateOnSubmit()}}e("ScriptConfigComponent",Qt),Qt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Qt,deps:[{token:T.Store},{token:q.FormBuilder},{token:Q.NodeScriptTestService},{token:P.TranslateService}],target:t.ɵɵFactoryTarget.Component}),Qt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Qt,selector:"tb-filter-node-script-config",viewQueries:[{propertyName:"jsFuncComponent",first:!0,predicate:["jsFuncComponent"],descendants:!0,static:!0}],usesInheritance:!0,ngImport:t,template:'<section [formGroup]="scriptConfigForm" fxLayout="column">\n  <label translate class="tb-title no-padding">tb.rulenode.filter</label>\n  <tb-js-func #jsFuncComponent\n              formControlName="jsScript"\n              functionName="Filter"\n              [functionArgs]="[\'msg\', \'metadata\', \'msgType\']"\n              helpId="rulenode/filter_node_script_fn"\n              noValidate="true">\n  </tb-js-func>\n  <div fxLayout="row">\n    <button mat-button mat-raised-button color="primary" (click)="testScript()">\n      {{ \'tb.rulenode.test-filter-function\' | translate }}\n    </button>\n  </div>\n</section>\n',components:[{type:Y.JsFuncComponent,selector:"tb-js-func",inputs:["functionName","functionArgs","validationArgs","resultType","disabled","fillHeight","editorCompleter","globalVariables","disableUndefinedCheck","helpId","noValidate","required"]},{type:J.MatButton,selector:"button[mat-button], button[mat-raised-button], button[mat-icon-button],             button[mat-fab], button[mat-mini-fab], button[mat-stroked-button],             button[mat-flat-button]",inputs:["disabled","disableRipple","color"],exportAs:["matButton"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Qt,decorators:[{type:o,args:[{selector:"tb-filter-node-script-config",templateUrl:"./script-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder},{type:Q.NodeScriptTestService},{type:P.TranslateService}]},propDecorators:{jsFuncComponent:[{type:a,args:["jsFuncComponent",{static:!0}]}]}});class $t extends s{constructor(e,t,o,r){super(e),this.store=e,this.fb=t,this.nodeScriptTestService=o,this.translate=r}configForm(){return this.switchConfigForm}onConfigurationSet(e){this.switchConfigForm=this.fb.group({jsScript:[e?e.jsScript:null,[k.required]]})}testScript(){const e=this.switchConfigForm.get("jsScript").value;this.nodeScriptTestService.testNodeScript(e,"switch",this.translate.instant("tb.rulenode.switch"),"Switch",["msg","metadata","msgType"],this.ruleNodeId,"rulenode/switch_node_script_fn").subscribe((e=>{e&&this.switchConfigForm.get("jsScript").setValue(e)}))}onValidate(){this.jsFuncComponent.validateOnSubmit()}}e("SwitchConfigComponent",$t),$t.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:$t,deps:[{token:T.Store},{token:q.FormBuilder},{token:Q.NodeScriptTestService},{token:P.TranslateService}],target:t.ɵɵFactoryTarget.Component}),$t.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:$t,selector:"tb-filter-node-switch-config",viewQueries:[{propertyName:"jsFuncComponent",first:!0,predicate:["jsFuncComponent"],descendants:!0,static:!0}],usesInheritance:!0,ngImport:t,template:'<section [formGroup]="switchConfigForm" fxLayout="column">\n  <label translate class="tb-title no-padding">tb.rulenode.switch</label>\n  <tb-js-func #jsFuncComponent\n              formControlName="jsScript"\n              functionName="Switch"\n              [functionArgs]="[\'msg\', \'metadata\', \'msgType\']"\n              helpId="rulenode/switch_node_script_fn"\n              noValidate="true">\n  </tb-js-func>\n  <div fxLayout="row">\n    <button mat-button mat-raised-button color="primary" (click)="testScript()">\n      {{ \'tb.rulenode.test-switch-function\' | translate }}\n    </button>\n  </div>\n</section>\n',components:[{type:Y.JsFuncComponent,selector:"tb-js-func",inputs:["functionName","functionArgs","validationArgs","resultType","disabled","fillHeight","editorCompleter","globalVariables","disableUndefinedCheck","helpId","noValidate","required"]},{type:J.MatButton,selector:"button[mat-button], button[mat-raised-button], button[mat-icon-button],             button[mat-fab], button[mat-mini-fab], button[mat-stroked-button],             button[mat-flat-button]",inputs:["disabled","disableRipple","color"],exportAs:["matButton"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:$t,decorators:[{type:o,args:[{selector:"tb-filter-node-switch-config",templateUrl:"./switch-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder},{type:Q.NodeScriptTestService},{type:P.TranslateService}]},propDecorators:{jsFuncComponent:[{type:a,args:["jsFuncComponent",{static:!0}]}]}});class Wt{}e("RuleNodeCoreConfigFilterModule",Wt),Wt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Wt,deps:[],target:t.ɵɵFactoryTarget.NgModule}),Wt.ɵmod=t.ɵɵngDeclareNgModule({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Wt,declarations:[Kt,Bt,jt,zt,_t,Qt,$t,Ut],imports:[O,F,Mt],exports:[Kt,Bt,jt,zt,_t,Qt,$t,Ut]}),Wt.ɵinj=t.ɵɵngDeclareInjector({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Wt,imports:[[O,F,Mt]]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Wt,decorators:[{type:i,args:[{declarations:[Kt,Bt,jt,zt,_t,Qt,$t,Ut],imports:[O,F,Mt],exports:[Kt,Bt,jt,zt,_t,Qt,$t,Ut]}]}]});class Yt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.originatorSource=Me,this.originatorSources=Object.keys(Me),this.originatorSourceTranslationMap=Se}configForm(){return this.changeOriginatorConfigForm}onConfigurationSet(e){this.changeOriginatorConfigForm=this.fb.group({originatorSource:[e?e.originatorSource:null,[k.required]],relationsQuery:[e?e.relationsQuery:null,[]]})}validatorTriggers(){return["originatorSource"]}updateValidators(e){const t=this.changeOriginatorConfigForm.get("originatorSource").value;t&&t===Me.RELATED?this.changeOriginatorConfigForm.get("relationsQuery").setValidators([k.required]):this.changeOriginatorConfigForm.get("relationsQuery").setValidators([]),this.changeOriginatorConfigForm.get("relationsQuery").updateValueAndValidity({emitEvent:e})}}e("ChangeOriginatorConfigComponent",Yt),Yt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Yt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Yt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Yt,selector:"tb-transformation-node-change-originator-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="changeOriginatorConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.originator-source</mat-label>\n    <mat-select formControlName="originatorSource" required>\n      <mat-option *ngFor="let source of originatorSources" [value]="source">\n        {{ originatorSourceTranslationMap.get(source) | translate }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n  <section fxLayout="column" *ngIf="changeOriginatorConfigForm.get(\'originatorSource\').value === originatorSource.RELATED">\n    <label translate class="tb-title tb-required">tb.rulenode.relations-query</label>\n    <tb-relations-query-config\n      required\n      formControlName="relationsQuery"\n      style="padding-bottom: 15px;">\n    </tb-relations-query-config>\n  </section>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:qt,selector:"tb-relations-query-config",inputs:["disabled","required"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Yt,decorators:[{type:o,args:[{selector:"tb-transformation-node-change-originator-config",templateUrl:"./change-originator-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Jt extends s{constructor(e,t,o,r){super(e),this.store=e,this.fb=t,this.nodeScriptTestService=o,this.translate=r}configForm(){return this.scriptConfigForm}onConfigurationSet(e){this.scriptConfigForm=this.fb.group({jsScript:[e?e.jsScript:null,[k.required]]})}testScript(){const e=this.scriptConfigForm.get("jsScript").value;this.nodeScriptTestService.testNodeScript(e,"update",this.translate.instant("tb.rulenode.transformer"),"Transform",["msg","metadata","msgType"],this.ruleNodeId,"rulenode/transformation_node_script_fn").subscribe((e=>{e&&this.scriptConfigForm.get("jsScript").setValue(e)}))}onValidate(){this.jsFuncComponent.validateOnSubmit()}}e("TransformScriptConfigComponent",Jt),Jt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Jt,deps:[{token:T.Store},{token:q.FormBuilder},{token:Q.NodeScriptTestService},{token:P.TranslateService}],target:t.ɵɵFactoryTarget.Component}),Jt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Jt,selector:"tb-transformation-node-script-config",viewQueries:[{propertyName:"jsFuncComponent",first:!0,predicate:["jsFuncComponent"],descendants:!0,static:!0}],usesInheritance:!0,ngImport:t,template:'<section [formGroup]="scriptConfigForm" fxLayout="column">\n  <label translate class="tb-title no-padding">tb.rulenode.transform</label>\n  <tb-js-func #jsFuncComponent\n              formControlName="jsScript"\n              functionName="Transform"\n              helpId="rulenode/transformation_node_script_fn"\n              [functionArgs]="[\'msg\', \'metadata\', \'msgType\']"\n              noValidate="true">\n  </tb-js-func>\n  <div fxLayout="row">\n    <button mat-button mat-raised-button color="primary" (click)="testScript()">\n      {{ \'tb.rulenode.test-transformer-function\' | translate }}\n    </button>\n  </div>\n</section>\n',components:[{type:Y.JsFuncComponent,selector:"tb-js-func",inputs:["functionName","functionArgs","validationArgs","resultType","disabled","fillHeight","editorCompleter","globalVariables","disableUndefinedCheck","helpId","noValidate","required"]},{type:J.MatButton,selector:"button[mat-button], button[mat-raised-button], button[mat-icon-button],             button[mat-fab], button[mat-mini-fab], button[mat-stroked-button],             button[mat-flat-button]",inputs:["disabled","disableRipple","color"],exportAs:["matButton"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Jt,decorators:[{type:o,args:[{selector:"tb-transformation-node-script-config",templateUrl:"./script-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder},{type:Q.NodeScriptTestService},{type:P.TranslateService}]},propDecorators:{jsFuncComponent:[{type:a,args:["jsFuncComponent",{static:!0}]}]}});class Zt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.mailBodyTypes=[{name:"tb.mail-body-type.plain-text",value:"false"},{name:"tb.mail-body-type.html",value:"true"},{name:"tb.mail-body-type.dynamic",value:"dynamic"}]}configForm(){return this.toEmailConfigForm}onConfigurationSet(e){this.toEmailConfigForm=this.fb.group({fromTemplate:[e?e.fromTemplate:null,[k.required]],toTemplate:[e?e.toTemplate:null,[k.required]],ccTemplate:[e?e.ccTemplate:null,[]],bccTemplate:[e?e.bccTemplate:null,[]],subjectTemplate:[e?e.subjectTemplate:null,[k.required]],mailBodyType:[e?e.mailBodyType:null],isHtmlTemplate:[e?e.isHtmlTemplate:null],bodyTemplate:[e?e.bodyTemplate:null,[k.required]]}),this.toEmailConfigForm.get("mailBodyType").valueChanges.pipe(ue([null==e?void 0:e.subjectTemplate])).subscribe((e=>{"dynamic"===e?(this.toEmailConfigForm.get("isHtmlTemplate").patchValue("",{emitEvent:!1}),this.toEmailConfigForm.get("isHtmlTemplate").setValidators(k.required)):this.toEmailConfigForm.get("isHtmlTemplate").clearValidators(),this.toEmailConfigForm.get("isHtmlTemplate").updateValueAndValidity()}))}}e("ToEmailConfigComponent",Zt),Zt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Zt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Zt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Zt,selector:"tb-transformation-node-to-email-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="toEmailConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.from-template</mat-label>\n    <textarea required matInput formControlName="fromTemplate" rows="2"></textarea>\n    <mat-error *ngIf="toEmailConfigForm.get(\'fromTemplate\').hasError(\'required\')">\n      {{ \'tb.rulenode.from-template-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.to-template</mat-label>\n    <textarea required matInput formControlName="toTemplate" rows="2"></textarea>\n    <mat-error *ngIf="toEmailConfigForm.get(\'toTemplate\').hasError(\'required\')">\n      {{ \'tb.rulenode.to-template-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.mail-address-list-template-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block" style="padding-bottom: 24px;">\n    <mat-label translate>tb.rulenode.cc-template</mat-label>\n    <textarea matInput formControlName="ccTemplate" rows="2"></textarea>\n    <mat-hint [innerHTML]="\'tb.rulenode.mail-address-list-template-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block" style="padding-bottom: 24px;">\n    <mat-label translate>tb.rulenode.bcc-template</mat-label>\n    <textarea matInput formControlName="bccTemplate" rows="2"></textarea>\n    <mat-hint [innerHTML]="\'tb.rulenode.mail-address-list-template-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block" style="padding-bottom: 24px;">\n    <mat-label translate>tb.rulenode.subject-template</mat-label>\n    <textarea required matInput formControlName="subjectTemplate" rows="2"></textarea>\n    <mat-error *ngIf="toEmailConfigForm.get(\'subjectTemplate\').hasError(\'required\')">\n      {{ \'tb.rulenode.subject-template-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.mail-body-type</mat-label>\n    <mat-select formControlName="mailBodyType">\n      <mat-option *ngFor="let type of mailBodyTypes" [value]="type.value">\n        {{ type.name | translate }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n  <mat-form-field class="mat-block" *ngIf="toEmailConfigForm.get(\'mailBodyType\').value === \'dynamic\'" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.dynamic-mail-body-type</mat-label>\n    <input required matInput formControlName="isHtmlTemplate">\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.body-template</mat-label>\n    <textarea required matInput formControlName="bodyTemplate" rows="6"></textarea>\n    <mat-error *ngIf="toEmailConfigForm.get(\'bodyTemplate\').hasError(\'required\')">\n      {{ \'tb.rulenode.body-template-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Zt,decorators:[{type:o,args:[{selector:"tb-transformation-node-to-email-config",templateUrl:"./to-email-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Xt{}e("RulenodeCoreConfigTransformModule",Xt),Xt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Xt,deps:[],target:t.ɵɵFactoryTarget.NgModule}),Xt.ɵmod=t.ɵɵngDeclareNgModule({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Xt,declarations:[Yt,Jt,Zt],imports:[O,F,Mt],exports:[Yt,Jt,Zt]}),Xt.ɵinj=t.ɵɵngDeclareInjector({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Xt,imports:[[O,F,Mt]]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Xt,decorators:[{type:i,args:[{declarations:[Yt,Jt,Zt],imports:[O,F,Mt],exports:[Yt,Jt,Zt]}]}]});class eo extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.entityType=x}configForm(){return this.ruleChainInputConfigForm}onConfigurationSet(e){this.ruleChainInputConfigForm=this.fb.group({ruleChainId:[e?e.ruleChainId:null,[k.required]]})}}e("RuleChainInputComponent",eo),eo.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:eo,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),eo.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:eo,selector:"tb-flow-node-rule-chain-input-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="ruleChainInputConfigForm" fxLayout="column">\n  <tb-entity-autocomplete required\n                          [excludeEntityIds]="[ruleChainId]"\n                          [entityType]="entityType.RULE_CHAIN"\n                          [entitySubtype]="ruleChainType"\n                          formControlName="ruleChainId">\n  </tb-entity-autocomplete>\n</section>\n',components:[{type:ve.EntityAutocompleteComponent,selector:"tb-entity-autocomplete",inputs:["entityType","entitySubtype","excludeEntityIds","labelText","requiredText","required","disabled"],outputs:["entityChanged"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]}]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:eo,decorators:[{type:o,args:[{selector:"tb-flow-node-rule-chain-input-config",templateUrl:"./rule-chain-input.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class to extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.ruleChainOutputConfigForm}onConfigurationSet(e){this.ruleChainOutputConfigForm=this.fb.group({})}}e("RuleChainOutputComponent",to),to.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:to,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),to.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:to,selector:"tb-flow-node-rule-chain-output-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="ruleChainOutputConfigForm" fxLayout="column">\n  <div innerHTML="{{ \'tb.rulenode.output-node-name-hint\' | translate }}"></div>\n</section>\n',directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:to,decorators:[{type:o,args:[{selector:"tb-flow-node-rule-chain-output-config",templateUrl:"./rule-chain-output.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class oo{}e("RuleNodeCoreConfigFlowModule",oo),oo.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:oo,deps:[],target:t.ɵɵFactoryTarget.NgModule}),oo.ɵmod=t.ɵɵngDeclareNgModule({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:oo,declarations:[eo,to],imports:[O,F,Mt],exports:[eo,to]}),oo.ɵinj=t.ɵɵngDeclareInjector({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:oo,imports:[[O,F,Mt]]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:oo,decorators:[{type:i,args:[{declarations:[eo,to],imports:[O,F,Mt],exports:[eo,to]}]}]});class ro{constructor(e){!function(e){e.setTranslation("en_US",{tb:{rulenode:{"create-entity-if-not-exists":"Create new entity if not exists","create-entity-if-not-exists-hint":"Create a new entity set above if it does not exist.","entity-name-pattern":"Name pattern","entity-name-pattern-required":"Name pattern is required","entity-type-pattern":"Type pattern","entity-type-pattern-required":"Type pattern is required","entity-cache-expiration":"Entities cache expiration time (sec)","entity-cache-expiration-hint":"Specifies maximum time interval allowed to store found entity records. 0 value means that records will never expire.","entity-cache-expiration-required":"Entities cache expiration time is required.","entity-cache-expiration-range":"Entities cache expiration time should be greater than or equal to 0.","customer-name-pattern":"Customer name pattern","customer-name-pattern-required":"Customer name pattern is required","create-customer-if-not-exists":"Create new customer if not exists","customer-cache-expiration":"Customers cache expiration time (sec)","customer-cache-expiration-hint":"Specifies maximum time interval allowed to store found customer records. 0 value means that records will never expire.","customer-cache-expiration-required":"Customers cache expiration time is required.","customer-cache-expiration-range":"Customers cache expiration time should be greater than or equal to 0.","start-interval":"Start Interval","end-interval":"End Interval","start-interval-time-unit":"Start Interval Time Unit","end-interval-time-unit":"End Interval Time Unit","fetch-mode":"Fetch mode","fetch-mode-hint":"If selected fetch mode 'ALL'  you able to choose telemetry sampling order.","order-by":"Order by","order-by-hint":"Select to choose telemetry sampling order.",limit:"Limit","limit-hint":"Min limit value is 2, max - 1000. In case you want to fetch a single entry, select fetch mode 'FIRST' or 'LAST'.","time-unit-milliseconds":"Milliseconds","time-unit-seconds":"Seconds","time-unit-minutes":"Minutes","time-unit-hours":"Hours","time-unit-days":"Days","time-value-range":"Time value should be in a range from 1 to 2147483647.","start-interval-value-required":"Start interval value is required.","end-interval-value-required":"End interval value is required.",filter:"Filter",switch:"Switch","message-type":"Message type","message-type-required":"Message type is required.","message-types-filter":"Message types filter","no-message-types-found":"No message types found","no-message-type-matching":"'{{messageType}}' not found.","create-new-message-type":"Create a new one!","message-types-required":"Message types are required.","client-attributes":"Client attributes","shared-attributes":"Shared attributes","server-attributes":"Server attributes","notify-device":"Notify Device","notify-device-hint":"If the message arrives from the device, we will push it back to the device by default.","latest-timeseries":"Latest timeseries","timeseries-key":"Timeseries key","data-keys":"Message data","metadata-keys":"Message metadata","relations-query":"Relations query","device-relations-query":"Device relations query","max-relation-level":"Max relation level","relation-type-pattern":"Relation type pattern","relation-type-pattern-required":"Relation type pattern is required","relation-types-list":"Relation types to propagate","relation-types-list-hint":"If Propagate relation types are not selected, alarms will be propagated without filtering by relation type.","unlimited-level":"Unlimited level","latest-telemetry":"Latest telemetry","attr-mapping":"Attributes mapping","source-attribute":"Source attribute","source-attribute-required":"Source attribute is required.","source-telemetry":"Source telemetry","source-telemetry-required":"Source telemetry is required.","target-attribute":"Target attribute","target-attribute-required":"Target attribute is required.","attr-mapping-required":"At least one attribute mapping should be specified.","fields-mapping":"Fields mapping","fields-mapping-required":"At least one field mapping should be specified.","source-field":"Source field","source-field-required":"Source field is required.","originator-source":"Originator source","originator-customer":"Customer","originator-tenant":"Tenant","originator-related":"Related","originator-alarm-originator":"Alarm Originator","clone-message":"Clone message",transform:"Transform","default-ttl":"Default TTL in seconds","default-ttl-required":"Default TTL is required.","min-default-ttl-message":"Only 0 minimum TTL is allowed.","message-count":"Message count (0 - unlimited)","message-count-required":"Message count is required.","min-message-count-message":"Only 0 minimum message count is allowed.","period-seconds":"Period in seconds","period-seconds-required":"Period is required.","use-metadata-period-in-seconds-patterns":"Use period in seconds pattern","use-metadata-period-in-seconds-patterns-hint":"If selected, rule node use period in seconds interval pattern from message metadata or data assuming that intervals are in the seconds.","period-in-seconds-pattern":"Period in seconds pattern","period-in-seconds-pattern-required":"Period in seconds pattern is required","min-period-seconds-message":"Only 1 second minimum period is allowed.",originator:"Originator","message-body":"Message body","message-metadata":"Message metadata",generate:"Generate","test-generator-function":"Test generator function",generator:"Generator","test-filter-function":"Test filter function","test-switch-function":"Test switch function","test-transformer-function":"Test transformer function",transformer:"Transformer","alarm-create-condition":"Alarm create condition","test-condition-function":"Test condition function","alarm-clear-condition":"Alarm clear condition","alarm-details-builder":"Alarm details builder","test-details-function":"Test details function","alarm-type":"Alarm type","alarm-type-required":"Alarm type is required.","alarm-severity":"Alarm severity","alarm-severity-required":"Alarm severity is required","alarm-severity-pattern":"Alarm severity pattern","alarm-status-filter":"Alarm status filter","alarm-status-list-empty":"Alarm status list is empty","no-alarm-status-matching":"No alarm status matching were found.",propagate:"Propagate alarm to related entities","propagate-to-owner":"Propagate alarm to entity owner (Customer or Tenant)","propagate-to-tenant":"Propagate alarm to Tenant",condition:"Condition",details:"Details","to-string":"To string","test-to-string-function":"Test to string function","from-template":"From Template","from-template-required":"From Template is required","to-template":"To Template","to-template-required":"To Template is required","mail-address-list-template-hint":'Comma separated address list, use <code><span style="color: #000;">$&#123;</span>metadataKey<span style="color: #000;">&#125;</span></code> for value from metadata, <code><span style="color: #000;">$[</span>messageKey<span style="color: #000;">]</span></code> for value from message body',"cc-template":"Cc Template","bcc-template":"Bcc Template","subject-template":"Subject Template","subject-template-required":"Subject Template is required","body-template":"Body Template","body-template-required":"Body Template is required","dynamic-mail-body-type":"Dynamic mail body type","mail-body-type":"Mail body type","request-id-metadata-attribute":"Request Id Metadata attribute name","timeout-sec":"Timeout in seconds","timeout-required":"Timeout is required","min-timeout-message":"Only 0 minimum timeout value is allowed.","endpoint-url-pattern":"Endpoint URL pattern","endpoint-url-pattern-required":"Endpoint URL pattern is required","request-method":"Request method","use-simple-client-http-factory":"Use simple client HTTP factory","ignore-request-body":"Without request body","read-timeout":"Read timeout in millis","read-timeout-hint":"The value of 0 means an infinite timeout","max-parallel-requests-count":"Max number of parallel requests","max-parallel-requests-count-hint":"The value of 0 specifies no limit in parallel processing",headers:"Headers","headers-hint":'Use <code><span style="color: #000;">$&#123;</span>metadataKey<span style="color: #000;">&#125;</span></code> for value from metadata, <code><span style="color: #000;">$[</span>messageKey<span style="color: #000;">]</span></code> for value from message body in header/value fields',header:"Header","header-required":"Header is required",value:"Value","value-required":"Value is required","topic-pattern":"Topic pattern","topic-pattern-required":"Topic pattern is required",topic:"Topic","topic-required":"Topic is required","bootstrap-servers":"Bootstrap servers","bootstrap-servers-required":"Bootstrap servers value is required","other-properties":"Other properties",key:"Key","key-required":"Key is required",retries:"Automatically retry times if fails","min-retries-message":"Only 0 minimum retries is allowed.","batch-size-bytes":"Produces batch size in bytes","min-batch-size-bytes-message":"Only 0 minimum batch size is allowed.","linger-ms":"Time to buffer locally (ms)","min-linger-ms-message":"Only 0 ms minimum value is allowed.","buffer-memory-bytes":"Client buffer max size in bytes","min-buffer-memory-message":"Only 0 minimum buffer size is allowed.",acks:"Number of acknowledgments","key-serializer":"Key serializer","key-serializer-required":"Key serializer is required","value-serializer":"Value serializer","value-serializer-required":"Value serializer is required","topic-arn-pattern":"Topic ARN pattern","topic-arn-pattern-required":"Topic ARN pattern is required","aws-access-key-id":"AWS Access Key ID","aws-access-key-id-required":"AWS Access Key ID is required","aws-secret-access-key":"AWS Secret Access Key","aws-secret-access-key-required":"AWS Secret Access Key is required","aws-region":"AWS Region","aws-region-required":"AWS Region is required","exchange-name-pattern":"Exchange name pattern","routing-key-pattern":"Routing key pattern","message-properties":"Message properties",host:"Host","host-required":"Host is required",port:"Port","port-required":"Port is required","port-range":"Port should be in a range from 1 to 65535.","virtual-host":"Virtual host",username:"Username",password:"Password","automatic-recovery":"Automatic recovery","connection-timeout-ms":"Connection timeout (ms)","min-connection-timeout-ms-message":"Only 0 ms minimum value is allowed.","handshake-timeout-ms":"Handshake timeout (ms)","min-handshake-timeout-ms-message":"Only 0 ms minimum value is allowed.","client-properties":"Client properties","queue-url-pattern":"Queue URL pattern","queue-url-pattern-required":"Queue URL pattern is required","delay-seconds":"Delay (seconds)","min-delay-seconds-message":"Only 0 seconds minimum value is allowed.","max-delay-seconds-message":"Only 900 seconds maximum value is allowed.",name:"Name","name-required":"Name is required","queue-type":"Queue type","sqs-queue-standard":"Standard","sqs-queue-fifo":"FIFO","gcp-project-id":"GCP project ID","gcp-project-id-required":"GCP project ID is required","gcp-service-account-key":"GCP service account key file","gcp-service-account-key-required":"GCP service account key file is required","pubsub-topic-name":"Topic name","pubsub-topic-name-required":"Topic name is required","message-attributes":"Message attributes","message-attributes-hint":'Use <code><span style="color: #000;">$&#123;</span>metadataKey<span style="color: #000;">&#125;</span></code> for value from metadata, <code><span style="color: #000;">$[</span>messageKey<span style="color: #000;">]</span></code> for value from message body in name/value fields',"connect-timeout":"Connection timeout (sec)","connect-timeout-required":"Connection timeout is required.","connect-timeout-range":"Connection timeout should be in a range from 1 to 200.","client-id":"Client ID","client-id-hint":'Hint: Optional. Leave empty for auto-generated Client ID. Be careful when specifying the Client ID. Majority of the MQTT brokers will not allow multiple connections with the same Client ID. To connect to such brokers, your mqtt Client ID must be unique. When platform is running in a micro-services mode, the copy of rule node is launched in each micro-service. This will automatically lead to multiple mqtt clients with the same ID and may cause failures of the rule node. To avoid such failures enable "Add Service ID as suffix to Client ID" option below.',"append-client-id-suffix":"Add Service ID as suffix to Client ID","client-id-suffix-hint":'Hint: Optional. Applied when "Client ID" specified explicitly. If selected then Service ID will be added to Client ID as a suffix. Helps to avoid failures when platform is running in a micro-services mode.',"device-id":"Device ID","device-id-required":"Device ID is required.","clean-session":"Clean session","enable-ssl":"Enable SSL",credentials:"Credentials","credentials-type":"Credentials type","credentials-type-required":"Credentials type is required.","credentials-anonymous":"Anonymous","credentials-basic":"Basic","credentials-pem":"PEM","credentials-pem-hint":"At least Server CA certificate file or a pair of Client certificate and Client private key files are required","credentials-sas":"Shared Access Signature","sas-key":"SAS Key","sas-key-required":"SAS Key is required.",hostname:"Hostname","hostname-required":"Hostname is required.","azure-ca-cert":"CA certificate file","username-required":"Username is required.","password-required":"Password is required.","ca-cert":"Server CA certificate file *","private-key":"Client private key file *",cert:"Client certificate file *","no-file":"No file selected.","drop-file":"Drop a file or click to select a file to upload.","private-key-password":"Private key password","use-system-smtp-settings":"Use system SMTP settings","use-metadata-interval-patterns":"Use interval patterns","use-metadata-interval-patterns-hint":"If selected, rule node use start and end interval patterns from message metadata or data assuming that intervals are in the milliseconds.","use-message-alarm-data":"Use message alarm data","overwrite-alarm-details":"Overwrite alarm details","use-alarm-severity-pattern":"Use alarm severity pattern","check-all-keys":"Check that all selected keys are present","check-all-keys-hint":"If selected, checks that all specified keys are present in the message data and metadata.","check-relation-to-specific-entity":"Check relation to specific entity","check-relation-hint":"Checks existence of relation to specific entity or to any entity based on direction and relation type.","delete-relation-to-specific-entity":"Delete relation to specific entity","delete-relation-hint":"Deletes relation from the originator of the incoming message to the specified entity or list of entities based on direction and type.","remove-current-relations":"Remove current relations","remove-current-relations-hint":"Removes current relations from the originator of the incoming message based on direction and type.","change-originator-to-related-entity":"Change originator to related entity","change-originator-to-related-entity-hint":"Used to process submitted message as a message from another entity.","start-interval-pattern":"Start interval pattern","end-interval-pattern":"End interval pattern","start-interval-pattern-required":"Start interval pattern is required","end-interval-pattern-required":"End interval pattern is required","smtp-protocol":"Protocol","smtp-host":"SMTP host","smtp-host-required":"SMTP host is required.","smtp-port":"SMTP port","smtp-port-required":"You must supply a smtp port.","smtp-port-range":"SMTP port should be in a range from 1 to 65535.","timeout-msec":"Timeout ms","min-timeout-msec-message":"Only 0 ms minimum value is allowed.","enter-username":"Enter username","enter-password":"Enter password","enable-tls":"Enable TLS","tls-version":"TLS version","enable-proxy":"Enable proxy","use-system-proxy-properties":"Use system proxy properties","proxy-host":"Proxy host","proxy-host-required":"Proxy host is required.","proxy-port":"Proxy port","proxy-port-required":"Proxy port is required.","proxy-port-range":"Proxy port should be in a range from 1 to 65535.","proxy-user":"Proxy user","proxy-password":"Proxy password","proxy-scheme":"Proxy scheme","numbers-to-template":"Phone Numbers To Template","numbers-to-template-required":"Phone Numbers To Template is required","numbers-to-template-hint":'Comma separated Phone Numbers, use <code><span style="color: #000;">$&#123;</span>metadataKey<span style="color: #000;">&#125;</span></code> for value from metadata, <code><span style="color: #000;">$[</span>messageKey<span style="color: #000;">]</span></code> for value from message body',"sms-message-template":"SMS message Template","sms-message-template-required":"SMS message Template is required","use-system-sms-settings":"Use system SMS provider settings","min-period-0-seconds-message":"Only 0 second minimum period is allowed.","max-pending-messages":"Maximum pending messages","max-pending-messages-required":"Maximum pending messages is required.","max-pending-messages-range":"Maximum pending messages should be in a range from 1 to 100000.","originator-types-filter":"Originator types filter","interval-seconds":"Interval in seconds","interval-seconds-required":"Interval is required.","min-interval-seconds-message":"Only 1 second minimum interval is allowed.","output-timeseries-key-prefix":"Output timeseries key prefix","output-timeseries-key-prefix-required":"Output timeseries key prefix required.","separator-hint":'You should press "enter" to complete field input.',"entity-details":"Select entity details:","entity-details-title":"Title","entity-details-country":"Country","entity-details-state":"State","entity-details-city":"City","entity-details-zip":"Zip","entity-details-address":"Address","entity-details-address2":"Address2","entity-details-additional_info":"Additional Info","entity-details-phone":"Phone","entity-details-email":"Email","add-to-metadata":"Add selected details to message metadata","add-to-metadata-hint":"If selected, adds the selected details keys to the message metadata instead of message data.","entity-details-list-empty":"No entity details selected.","no-entity-details-matching":"No entity details matching were found.","custom-table-name":"Custom table name","custom-table-name-required":"Table Name is required","custom-table-hint":"You should enter the table name without prefix 'cs_tb_'.","message-field":"Message field","message-field-required":"Message field is required.","table-col":"Table column","table-col-required":"Table column is required.","latitude-key-name":"Latitude key name","longitude-key-name":"Longitude key name","latitude-key-name-required":"Latitude key name is required.","longitude-key-name-required":"Longitude key name is required.","fetch-perimeter-info-from-message-metadata":"Fetch perimeter information from message metadata","perimeter-key-name":"Perimeter key name","perimeter-key-name-required":"Perimeter key name is required.","perimeter-circle":"Circle","perimeter-polygon":"Polygon","perimeter-type":"Perimeter type","circle-center-latitude":"Center latitude","circle-center-latitude-required":"Center latitude is required.","circle-center-longitude":"Center longitude","circle-center-longitude-required":"Center longitude is required.","range-unit-meter":"Meter","range-unit-kilometer":"Kilometer","range-unit-foot":"Foot","range-unit-mile":"Mile","range-unit-nautical-mile":"Nautical mile","range-units":"Range units",range:"Range","range-required":"Range is required.","polygon-definition":"Polygon definition","polygon-definition-required":"Polygon definition is required.","polygon-definition-hint":"Please, use the following format for manual definition of polygon: [[lat1,lon1],[lat2,lon2], ... ,[latN,lonN]].","min-inside-duration":"Minimal inside duration","min-inside-duration-value-required":"Minimal inside duration is required","min-inside-duration-time-unit":"Minimal inside duration time unit","min-outside-duration":"Minimal outside duration","min-outside-duration-value-required":"Minimal outside duration is required","min-outside-duration-time-unit":"Minimal outside duration time unit","tell-failure-if-absent":"Tell Failure","tell-failure-if-absent-hint":'If at least one selected key doesn\'t exist the outbound message will report "Failure".',"get-latest-value-with-ts":"Fetch Latest telemetry with Timestamp","get-latest-value-with-ts-hint":'If selected, latest telemetry values will be added to the outbound message metadata with timestamp, e.g: "temp": "&#123;"ts":1574329385897, "value":42&#125;"',"use-redis-queue":"Use redis queue for message persistence","trim-redis-queue":"Trim redis queue","redis-queue-max-size":"Redis queue max size","add-metadata-key-values-as-kafka-headers":"Add Message metadata key-value pairs to Kafka record headers","add-metadata-key-values-as-kafka-headers-hint":"If selected, key-value pairs from message metadata will be added to the outgoing records headers as byte arrays with predefined charset encoding.","charset-encoding":"Charset encoding","charset-encoding-required":"Charset encoding is required.","charset-us-ascii":"US-ASCII","charset-iso-8859-1":"ISO-8859-1","charset-utf-8":"UTF-8","charset-utf-16be":"UTF-16BE","charset-utf-16le":"UTF-16LE","charset-utf-16":"UTF-16","select-queue-hint":"The queue name can be selected from a drop-down list or add a custom name.","persist-alarm-rules":"Persist state of alarm rules","fetch-alarm-rules":"Fetch state of alarm rules","input-value-key":"Input value key","input-value-key-required":"Input value key is required.","output-value-key":"Output value key","output-value-key-required":"Output value key is required.",round:"Decimals","round-range":"Decimals should be in a range from 0 to 15.","use-cache":"Use cache for latest value","tell-failure-if-delta-is-negative":"Tell Failure if delta is negative","add-period-between-msgs":"Add period between messages","period-value-key":"Period value key","period-value-key-required":"Period value key is required.","general-pattern-hint":'Hint: use <code><span style="color: #000;">$&#123;</span>metadataKey<span style="color: #000;">&#125;</span></code> for value from metadata, <code><span style="color: #000;">$[</span>messageKey<span style="color: #000;">]</span></code> for value from message body',"alarm-severity-pattern-hint":'Hint: use <code><span style="color: #000;">$&#123;</span>metadataKey<span style="color: #000;">&#125;</span></code> for value from metadata, <code><span style="color: #000;">$[</span>messageKey<span style="color: #000;">]</span></code> for value from message body. Alarm severity should be system (CRITICAL, MAJOR etc.)',"output-node-name-hint":"The <b>rule node name</b> corresponds to the <b>relation type</b> of the output message, and it is used to forward messages to other rule nodes in the caller rule chain.","skip-latest-persistence":"Skip latest persistence","use-server-ts":"Use server ts","use-server-ts-hint":"Enable this setting to use the timestamp of the message processing instead of the timestamp from the message. Useful for all sorts of sequential processing if you merge messages from multiple sources (devices, assets, etc).","kv-map-pattern-hint":'Hint: use <code><span style="color: #000;">$&#123;</span>metadataKey<span style="color: #000;">&#125;</span></code> for value from metadata, <code><span style="color: #000;">$[</span>messageKey<span style="color: #000;">]</span></code> for value from message body to substitute "Source" and "Target" key names'},"key-val":{key:"Key",value:"Value","remove-entry":"Remove entry","add-entry":"Add entry"},"mail-body-type":{"plain-text":"Plain Text",html:"HTML",dynamic:"Dynamic"}}},!0)}(e)}}e("RuleNodeCoreConfigModule",ro),ro.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ro,deps:[{token:P.TranslateService}],target:t.ɵɵFactoryTarget.NgModule}),ro.ɵmod=t.ɵɵngDeclareNgModule({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ro,declarations:[Ne],imports:[O,F],exports:[St,Wt,Ht,Xt,oo,Ne]}),ro.ɵinj=t.ɵɵngDeclareInjector({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ro,imports:[[O,F],St,Wt,Ht,Xt,oo]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ro,decorators:[{type:i,args:[{declarations:[Ne],imports:[O,F],exports:[St,Wt,Ht,Xt,oo,Ne]}]}],ctorParameters:function(){return[{type:P.TranslateService}]}})}}}));//# sourceMappingURL=rulenode-core-config.js.map
+System.register(["@angular/core","@shared/public-api","@ngrx/store","@angular/forms","@angular/material/form-field","@angular/material/checkbox","@angular/flex-layout/flex","@ngx-translate/core","@angular/material/input","@angular/common","@angular/platform-browser","@angular/material/select","@angular/material/core","@angular/material/expansion","@shared/components/button/toggle-password.component","@shared/components/file-input.component","@shared/components/queue/queue-autocomplete.component","@core/public-api","@shared/components/js-func.component","@angular/material/button","@angular/cdk/keycodes","@angular/material/chips","@angular/material/icon","@angular/flex-layout/extended","@shared/components/entity/entity-type-select.component","@shared/components/entity/entity-select.component","@angular/cdk/coercion","@shared/components/tb-error.component","@angular/material/tooltip","rxjs/operators","@shared/components/tb-checkbox.component","@home/components/sms/sms-provider-configuration.component","@home/components/public-api","@shared/components/relation/relation-type-autocomplete.component","@shared/components/entity/entity-subtype-list.component","@home/components/relation/relation-filters.component","rxjs","@angular/material/autocomplete","@shared/pipe/highlight.pipe","@shared/components/entity/entity-autocomplete.component","@shared/components/entity/entity-type-list.component"],(function(e){"use strict";var t,o,r,a,n,l,i,s,m,u,p,d,f,c,g,x,y,b,h,C,F,L,v,I,N,T,q,k,M,S,A,G,D,V,E,P,R,w,O,H,U,K,B,j,z,_,Q,$,W,Y,J,Z,X,ee,te,oe,re,ae,ne,le,ie,se,me,ue,pe,de,fe,ce,ge,xe,ye,be,he,Ce,Fe,Le,ve,Ie;return{setters:[function(e){t=e,o=e.Component,r=e.Pipe,a=e.ViewChild,n=e.forwardRef,l=e.Input,i=e.NgModule},function(e){s=e.RuleNodeConfigurationComponent,m=e.AttributeScope,u=e.telemetryTypeTranslations,p=e.ServiceType,d=e.AlarmSeverity,f=e.alarmSeverityTranslations,c=e.EntitySearchDirection,g=e.entitySearchDirectionTranslations,x=e.EntityType,y=e.PageComponent,b=e.MessageType,h=e.messageTypeNames,C=e,F=e.SharedModule,L=e.AggregationType,v=e.aggregationTranslations,I=e.alarmStatusTranslations,N=e.AlarmStatus},function(e){T=e},function(e){q=e,k=e.Validators,M=e.NgControl,S=e.NG_VALUE_ACCESSOR,A=e.NG_VALIDATORS,G=e.FormControl},function(e){D=e},function(e){V=e},function(e){E=e},function(e){P=e},function(e){R=e},function(e){w=e,O=e.CommonModule},function(e){H=e},function(e){U=e},function(e){K=e},function(e){B=e},function(e){j=e},function(e){z=e},function(e){_=e},function(e){Q=e,$=e.isDefinedAndNotNull,W=e.isNotEmptyStr},function(e){Y=e},function(e){J=e},function(e){Z=e.ENTER,X=e.COMMA,ee=e.SEMICOLON},function(e){te=e},function(e){oe=e},function(e){re=e},function(e){ae=e},function(e){ne=e},function(e){le=e.coerceBooleanProperty},function(e){ie=e},function(e){se=e},function(e){me=e.distinctUntilChanged,ue=e.startWith,pe=e.map,de=e.mergeMap,fe=e.share},function(e){ce=e},function(e){ge=e},function(e){xe=e.HomeComponentsModule},function(e){ye=e},function(e){be=e},function(e){he=e},function(e){Ce=e.of},function(e){Fe=e},function(e){Le=e},function(e){ve=e},function(e){Ie=e}],execute:function(){class Ne extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.emptyConfigForm}onConfigurationSet(e){this.emptyConfigForm=this.fb.group({})}}e("EmptyConfigComponent",Ne),Ne.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ne,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Ne.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Ne,selector:"tb-node-empty-config",usesInheritance:!0,ngImport:t,template:"<div></div>",isInline:!0}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ne,decorators:[{type:o,args:[{selector:"tb-node-empty-config",template:"<div></div>",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Te{constructor(e){this.sanitizer=e}transform(e){return this.sanitizer.bypassSecurityTrustHtml(e)}}e("SafeHtmlPipe",Te),Te.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Te,deps:[{token:H.DomSanitizer}],target:t.ɵɵFactoryTarget.Pipe}),Te.ɵpipe=t.ɵɵngDeclarePipe({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Te,name:"safeHtml"}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Te,decorators:[{type:r,args:[{name:"safeHtml"}]}],ctorParameters:function(){return[{type:H.DomSanitizer}]}});class qe extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.assignCustomerConfigForm}onConfigurationSet(e){this.assignCustomerConfigForm=this.fb.group({customerNamePattern:[e?e.customerNamePattern:null,[k.required,k.pattern(/.*\S.*/)]],createCustomerIfNotExists:[!!e&&e.createCustomerIfNotExists,[]],customerCacheExpiration:[e?e.customerCacheExpiration:null,[k.required,k.min(0)]]})}prepareOutputConfig(e){return e.customerNamePattern=e.customerNamePattern.trim(),e}}e("AssignCustomerConfigComponent",qe),qe.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:qe,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),qe.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:qe,selector:"tb-action-node-assign-to-customer-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="assignCustomerConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.customer-name-pattern</mat-label>\n    <input required matInput formControlName="customerNamePattern">\n    <mat-error *ngIf="assignCustomerConfigForm.get(\'customerNamePattern\').hasError(\'required\') ||\n                      assignCustomerConfigForm.get(\'customerNamePattern\').hasError(\'pattern\')">\n      {{ \'tb.rulenode.customer-name-pattern-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-checkbox fxFlex formControlName="createCustomerIfNotExists" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.create-customer-if-not-exists\' | translate }}\n  </mat-checkbox>\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.customer-cache-expiration</mat-label>\n    <input required type="number" min="0" step="1" matInput formControlName="customerCacheExpiration">\n    <mat-error *ngIf="assignCustomerConfigForm.get(\'customerCacheExpiration\').hasError(\'required\')">\n      {{ \'tb.rulenode.customer-cache-expiration-required\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="assignCustomerConfigForm.get(\'customerCacheExpiration\').hasError(\'min\')">\n      {{ \'tb.rulenode.customer-cache-expiration-range\' | translate }}\n    </mat-error>\n    <mat-hint translate>tb.rulenode.customer-cache-expiration-hint</mat-hint>\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:qe,decorators:[{type:o,args:[{selector:"tb-action-node-assign-to-customer-config",templateUrl:"./assign-customer-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class ke extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.attributeScopes=Object.keys(m),this.telemetryTypeTranslationsMap=u}configForm(){return this.attributesConfigForm}onConfigurationSet(e){this.attributesConfigForm=this.fb.group({scope:[e?e.scope:null,[k.required]],notifyDevice:[!e||e.notifyDevice,[]]})}}var Me;e("AttributesConfigComponent",ke),ke.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ke,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),ke.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:ke,selector:"tb-action-node-attributes-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="attributesConfigForm" fxLayout="column">\n  <mat-form-field fxFlex class="mat-block">\n    <mat-label translate>attribute.attributes-scope</mat-label>\n    <mat-select formControlName="scope" required>\n      <mat-option *ngFor="let scope of attributeScopes" [value]="scope">\n        {{ telemetryTypeTranslationsMap.get(scope) | translate }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n  <div *ngIf="attributesConfigForm.get(\'scope\').value === \'SHARED_SCOPE\'">\n    <mat-checkbox formControlName="notifyDevice">\n      {{ \'tb.rulenode.notify-device\' | translate }}\n    </mat-checkbox>\n    <div class="tb-hint" style="padding-bottom: 16px;" translate>tb.rulenode.notify-device-hint</div>\n  </div>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ke,decorators:[{type:o,args:[{selector:"tb-action-node-attributes-config",templateUrl:"./attributes-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}}),function(e){e.CUSTOMER="CUSTOMER",e.TENANT="TENANT",e.RELATED="RELATED",e.ALARM_ORIGINATOR="ALARM_ORIGINATOR"}(Me||(Me={}));const Se=new Map([[Me.CUSTOMER,"tb.rulenode.originator-customer"],[Me.TENANT,"tb.rulenode.originator-tenant"],[Me.RELATED,"tb.rulenode.originator-related"],[Me.ALARM_ORIGINATOR,"tb.rulenode.originator-alarm-originator"]]);var Ae;!function(e){e.CIRCLE="CIRCLE",e.POLYGON="POLYGON"}(Ae||(Ae={}));const Ge=new Map([[Ae.CIRCLE,"tb.rulenode.perimeter-circle"],[Ae.POLYGON,"tb.rulenode.perimeter-polygon"]]);var De;!function(e){e.MILLISECONDS="MILLISECONDS",e.SECONDS="SECONDS",e.MINUTES="MINUTES",e.HOURS="HOURS",e.DAYS="DAYS"}(De||(De={}));const Ve=new Map([[De.MILLISECONDS,"tb.rulenode.time-unit-milliseconds"],[De.SECONDS,"tb.rulenode.time-unit-seconds"],[De.MINUTES,"tb.rulenode.time-unit-minutes"],[De.HOURS,"tb.rulenode.time-unit-hours"],[De.DAYS,"tb.rulenode.time-unit-days"]]);var Ee;!function(e){e.METER="METER",e.KILOMETER="KILOMETER",e.FOOT="FOOT",e.MILE="MILE",e.NAUTICAL_MILE="NAUTICAL_MILE"}(Ee||(Ee={}));const Pe=new Map([[Ee.METER,"tb.rulenode.range-unit-meter"],[Ee.KILOMETER,"tb.rulenode.range-unit-kilometer"],[Ee.FOOT,"tb.rulenode.range-unit-foot"],[Ee.MILE,"tb.rulenode.range-unit-mile"],[Ee.NAUTICAL_MILE,"tb.rulenode.range-unit-nautical-mile"]]);var Re;!function(e){e.TITLE="TITLE",e.COUNTRY="COUNTRY",e.STATE="STATE",e.CITY="CITY",e.ZIP="ZIP",e.ADDRESS="ADDRESS",e.ADDRESS2="ADDRESS2",e.PHONE="PHONE",e.EMAIL="EMAIL",e.ADDITIONAL_INFO="ADDITIONAL_INFO"}(Re||(Re={}));const we=new Map([[Re.TITLE,"tb.rulenode.entity-details-title"],[Re.COUNTRY,"tb.rulenode.entity-details-country"],[Re.STATE,"tb.rulenode.entity-details-state"],[Re.CITY,"tb.rulenode.entity-details-city"],[Re.ZIP,"tb.rulenode.entity-details-zip"],[Re.ADDRESS,"tb.rulenode.entity-details-address"],[Re.ADDRESS2,"tb.rulenode.entity-details-address2"],[Re.PHONE,"tb.rulenode.entity-details-phone"],[Re.EMAIL,"tb.rulenode.entity-details-email"],[Re.ADDITIONAL_INFO,"tb.rulenode.entity-details-additional_info"]]);var Oe,He,Ue;!function(e){e.FIRST="FIRST",e.LAST="LAST",e.ALL="ALL"}(Oe||(Oe={})),function(e){e.ASC="ASC",e.DESC="DESC"}(He||(He={})),function(e){e.STANDARD="STANDARD",e.FIFO="FIFO"}(Ue||(Ue={}));const Ke=new Map([[Ue.STANDARD,"tb.rulenode.sqs-queue-standard"],[Ue.FIFO,"tb.rulenode.sqs-queue-fifo"]]),Be=["anonymous","basic","cert.PEM"],je=new Map([["anonymous","tb.rulenode.credentials-anonymous"],["basic","tb.rulenode.credentials-basic"],["cert.PEM","tb.rulenode.credentials-pem"]]),ze=["sas","cert.PEM"],_e=new Map([["sas","tb.rulenode.credentials-sas"],["cert.PEM","tb.rulenode.credentials-pem"]]);var Qe;!function(e){e.GET="GET",e.POST="POST",e.PUT="PUT",e.DELETE="DELETE"}(Qe||(Qe={}));const $e=["US-ASCII","ISO-8859-1","UTF-8","UTF-16BE","UTF-16LE","UTF-16"],We=new Map([["US-ASCII","tb.rulenode.charset-us-ascii"],["ISO-8859-1","tb.rulenode.charset-iso-8859-1"],["UTF-8","tb.rulenode.charset-utf-8"],["UTF-16BE","tb.rulenode.charset-utf-16be"],["UTF-16LE","tb.rulenode.charset-utf-16le"],["UTF-16","tb.rulenode.charset-utf-16"]]);class Ye extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.allAzureIotHubCredentialsTypes=ze,this.azureIotHubCredentialsTypeTranslationsMap=_e}configForm(){return this.azureIotHubConfigForm}onConfigurationSet(e){this.azureIotHubConfigForm=this.fb.group({topicPattern:[e?e.topicPattern:null,[k.required]],host:[e?e.host:null,[k.required]],port:[e?e.port:null,[k.required,k.min(1),k.max(65535)]],connectTimeoutSec:[e?e.connectTimeoutSec:null,[k.required,k.min(1),k.max(200)]],clientId:[e?e.clientId:null,[k.required]],cleanSession:[!!e&&e.cleanSession,[]],ssl:[!!e&&e.ssl,[]],credentials:this.fb.group({type:[e&&e.credentials?e.credentials.type:null,[k.required]],sasKey:[e&&e.credentials?e.credentials.sasKey:null,[]],caCert:[e&&e.credentials?e.credentials.caCert:null,[]],caCertFileName:[e&&e.credentials?e.credentials.caCertFileName:null,[]],privateKey:[e&&e.credentials?e.credentials.privateKey:null,[]],privateKeyFileName:[e&&e.credentials?e.credentials.privateKeyFileName:null,[]],cert:[e&&e.credentials?e.credentials.cert:null,[]],certFileName:[e&&e.credentials?e.credentials.certFileName:null,[]],password:[e&&e.credentials?e.credentials.password:null,[]]})})}prepareOutputConfig(e){const t=e.credentials.type;return"sas"===t&&(e.credentials={type:t,sasKey:e.credentials.sasKey,caCert:e.credentials.caCert,caCertFileName:e.credentials.caCertFileName}),e}validatorTriggers(){return["credentials.type"]}updateValidators(e){const t=this.azureIotHubConfigForm.get("credentials"),o=t.get("type").value;switch(e&&t.reset({type:o},{emitEvent:!1}),t.get("sasKey").setValidators([]),t.get("privateKey").setValidators([]),t.get("privateKeyFileName").setValidators([]),t.get("cert").setValidators([]),t.get("certFileName").setValidators([]),o){case"sas":t.get("sasKey").setValidators([k.required]);break;case"cert.PEM":t.get("privateKey").setValidators([k.required]),t.get("privateKeyFileName").setValidators([k.required]),t.get("cert").setValidators([k.required]),t.get("certFileName").setValidators([k.required])}t.get("sasKey").updateValueAndValidity({emitEvent:e}),t.get("privateKey").updateValueAndValidity({emitEvent:e}),t.get("privateKeyFileName").updateValueAndValidity({emitEvent:e}),t.get("cert").updateValueAndValidity({emitEvent:e}),t.get("certFileName").updateValueAndValidity({emitEvent:e})}}e("AzureIotHubConfigComponent",Ye),Ye.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ye,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Ye.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Ye,selector:"tb-action-node-azure-iot-hub-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="azureIotHubConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.topic</mat-label>\n    <input required matInput formControlName="topicPattern">\n    <mat-error *ngIf="azureIotHubConfigForm.get(\'topicPattern\').hasError(\'required\')">\n      {{ \'tb.rulenode.topic-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.hostname</mat-label>\n    <input required matInput formControlName="host">\n    <mat-error *ngIf="azureIotHubConfigForm.get(\'host\').hasError(\'required\')">\n      {{ \'tb.rulenode.hostname-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.device-id</mat-label>\n    <input required matInput formControlName="clientId" autocomplete="new-clientId">\n    <mat-error *ngIf="azureIotHubConfigForm.get(\'clientId\').hasError(\'required\')">\n      {{ \'tb.rulenode.device-id-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-accordion multi>\n    <mat-expansion-panel class="tb-mqtt-credentials-panel-group">\n      <mat-expansion-panel-header>\n        <mat-panel-title translate>tb.rulenode.credentials</mat-panel-title>\n        <mat-panel-description>\n          {{ azureIotHubCredentialsTypeTranslationsMap.get(azureIotHubConfigForm.get(\'credentials.type\').value) | translate }}\n        </mat-panel-description>\n      </mat-expansion-panel-header>\n      <section formGroupName="credentials" fxLayout="column">\n        <mat-form-field class="mat-block">\n          <mat-label translate>tb.rulenode.credentials-type</mat-label>\n          <mat-select formControlName="type" required>\n            <mat-option *ngFor="let credentialsType of allAzureIotHubCredentialsTypes" [value]="credentialsType">\n              {{ azureIotHubCredentialsTypeTranslationsMap.get(credentialsType) | translate }}\n            </mat-option>\n          </mat-select>\n          <mat-error *ngIf="azureIotHubConfigForm.get(\'credentials.type\').hasError(\'required\')">\n            {{ \'tb.rulenode.credentials-type-required\' | translate }}\n          </mat-error>\n        </mat-form-field>\n        <section fxLayout="column" [ngSwitch]="azureIotHubConfigForm.get(\'credentials.type\').value">\n          <ng-template ngSwitchCase="anonymous">\n          </ng-template>\n          <ng-template ngSwitchCase="sas">\n            <mat-form-field class="mat-block">\n              <mat-label translate>tb.rulenode.sas-key</mat-label>\n              <input type="password" required matInput formControlName="sasKey" autocomplete="new-password">\n              <tb-toggle-password matSuffix></tb-toggle-password>\n              <mat-error *ngIf="azureIotHubConfigForm.get(\'credentials.sasKey\').hasError(\'required\')">\n                {{ \'tb.rulenode.sas-key-required\' | translate }}\n              </mat-error>\n            </mat-form-field>\n            <tb-file-input formControlName="caCert"\n                           inputId="caCertSelect"\n                           [existingFileName]="azureIotHubConfigForm.get(\'credentials.caCertFileName\').value"\n                           (fileNameChanged)="azureIotHubConfigForm.get(\'credentials.caCertFileName\').setValue($event)"\n                           label="{{\'tb.rulenode.azure-ca-cert\' | translate}}"\n                           noFileText="tb.rulenode.no-file"\n                           dropLabel="{{\'tb.rulenode.drop-file\' | translate}}">\n            </tb-file-input>\n          </ng-template>\n          <ng-template ngSwitchCase="cert.PEM">\n            <tb-file-input formControlName="caCert"\n                           inputId="caCertSelect"\n                           [existingFileName]="azureIotHubConfigForm.get(\'credentials.caCertFileName\').value"\n                           (fileNameChanged)="azureIotHubConfigForm.get(\'credentials.caCertFileName\').setValue($event)"\n                           label="{{\'tb.rulenode.azure-ca-cert\' | translate}}"\n                           noFileText="tb.rulenode.no-file"\n                           dropLabel="{{\'tb.rulenode.drop-file\' | translate}}">\n            </tb-file-input>\n            <tb-file-input formControlName="cert"\n                           inputId="CertSelect"\n                           [existingFileName]="azureIotHubConfigForm.get(\'credentials.certFileName\').value"\n                           (fileNameChanged)="azureIotHubConfigForm.get(\'credentials.certFileName\').setValue($event)"\n                           required\n                           requiredAsError\n                           label="{{\'tb.rulenode.cert\' | translate}}"\n                           noFileText="tb.rulenode.no-file"\n                           dropLabel="{{\'tb.rulenode.drop-file\' | translate}}">\n            </tb-file-input>\n            <tb-file-input style="padding-bottom: 8px;"\n                           formControlName="privateKey"\n                           inputId="privateKeySelect"\n                           [existingFileName]="azureIotHubConfigForm.get(\'credentials.privateKeyFileName\').value"\n                           (fileNameChanged)="azureIotHubConfigForm.get(\'credentials.privateKeyFileName\').setValue($event)"\n                           required\n                           requiredAsError\n                           label="{{\'tb.rulenode.private-key\' | translate}}"\n                           noFileText="tb.rulenode.no-file"\n                           dropLabel="{{\'tb.rulenode.drop-file\' | translate}}">\n            </tb-file-input>\n            <mat-form-field class="mat-block">\n              <mat-label translate>tb.rulenode.private-key-password</mat-label>\n              <input type="password" matInput formControlName="password" autocomplete="new-password">\n              <tb-toggle-password matSuffix></tb-toggle-password>\n            </mat-form-field>\n          </ng-template>\n        </section>\n      </section>\n    </mat-expansion-panel>\n    </mat-accordion>\n</section>\n',styles:[":host .tb-mqtt-credentials-panel-group{margin:0 6px}:host .tb-hint.client-id{margin-top:-1.25em;max-width:-moz-fit-content;max-width:fit-content}:host mat-checkbox{padding-bottom:16px}\n"],components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:B.MatExpansionPanel,selector:"mat-expansion-panel",inputs:["disabled","expanded","hideToggle","togglePosition"],outputs:["opened","closed","expandedChange","afterExpand","afterCollapse"],exportAs:["matExpansionPanel"]},{type:B.MatExpansionPanelHeader,selector:"mat-expansion-panel-header",inputs:["tabIndex","expandedHeight","collapsedHeight"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:j.TogglePasswordComponent,selector:"tb-toggle-password"},{type:z.FileInputComponent,selector:"tb-file-input",inputs:["label","accept","noFileText","inputId","allowedExtensions","dropLabel","contentConvertFunction","required","requiredAsError","disabled","existingFileName","readAsBinary","workFromFileObj","multipleFile"],outputs:["fileNameChanged"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:B.MatAccordion,selector:"mat-accordion",inputs:["multi","displayMode","togglePosition","hideToggle"],exportAs:["matAccordion"]},{type:B.MatExpansionPanelTitle,selector:"mat-panel-title"},{type:B.MatExpansionPanelDescription,selector:"mat-panel-description"},{type:q.FormGroupName,selector:"[formGroupName]",inputs:["formGroupName"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:w.NgSwitch,selector:"[ngSwitch]",inputs:["ngSwitch"]},{type:w.NgSwitchCase,selector:"[ngSwitchCase]",inputs:["ngSwitchCase"]},{type:D.MatSuffix,selector:"[matSuffix]"}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ye,decorators:[{type:o,args:[{selector:"tb-action-node-azure-iot-hub-config",templateUrl:"./azure-iot-hub-config.component.html",styleUrls:["./mqtt-config.component.scss"]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Je extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.serviceType=p.TB_RULE_ENGINE}configForm(){return this.checkPointConfigForm}onConfigurationSet(e){this.checkPointConfigForm=this.fb.group({queueId:[e?e.queueId:null,[k.required]]})}}e("CheckPointConfigComponent",Je),Je.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Je,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Je.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Je,selector:"tb-action-node-check-point-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="checkPointConfigForm" fxLayout="column">\n  <tb-queue-autocomplete\n    required\n    [queueType]="serviceType"\n    formControlName="queueId">\n  </tb-queue-autocomplete>\n</section>\n',components:[{type:_.QueueAutocompleteComponent,selector:"tb-queue-autocomplete",inputs:["labelText","requiredText","required","queueType","disabled"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]}]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Je,decorators:[{type:o,args:[{selector:"tb-action-node-check-point-config",templateUrl:"./check-point-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Ze extends s{constructor(e,t,o,r){super(e),this.store=e,this.fb=t,this.nodeScriptTestService=o,this.translate=r}configForm(){return this.clearAlarmConfigForm}onConfigurationSet(e){this.clearAlarmConfigForm=this.fb.group({alarmDetailsBuildJs:[e?e.alarmDetailsBuildJs:null,[k.required]],alarmType:[e?e.alarmType:null,[k.required]]})}testScript(){const e=this.clearAlarmConfigForm.get("alarmDetailsBuildJs").value;this.nodeScriptTestService.testNodeScript(e,"json",this.translate.instant("tb.rulenode.details"),"Details",["msg","metadata","msgType"],this.ruleNodeId,"rulenode/clear_alarm_node_script_fn").subscribe((e=>{e&&this.clearAlarmConfigForm.get("alarmDetailsBuildJs").setValue(e)}))}onValidate(){this.jsFuncComponent.validateOnSubmit()}}e("ClearAlarmConfigComponent",Ze),Ze.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ze,deps:[{token:T.Store},{token:q.FormBuilder},{token:Q.NodeScriptTestService},{token:P.TranslateService}],target:t.ɵɵFactoryTarget.Component}),Ze.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Ze,selector:"tb-action-node-clear-alarm-config",viewQueries:[{propertyName:"jsFuncComponent",first:!0,predicate:["jsFuncComponent"],descendants:!0,static:!0}],usesInheritance:!0,ngImport:t,template:'<section [formGroup]="clearAlarmConfigForm" fxLayout="column">\n  <label translate class="tb-title no-padding">tb.rulenode.alarm-details-builder</label>\n  <tb-js-func #jsFuncComponent\n              formControlName="alarmDetailsBuildJs"\n              functionName="Details"\n              [functionArgs]="[\'msg\', \'metadata\', \'msgType\']"\n              helpId="rulenode/clear_alarm_node_script_fn"\n              noValidate="true">\n  </tb-js-func>\n  <div fxLayout="row" style="padding-bottom: 16px;">\n    <button mat-button mat-raised-button color="primary" (click)="testScript()">\n      {{ \'tb.rulenode.test-details-function\' | translate }}\n    </button>\n  </div>\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.alarm-type</mat-label>\n    <input required matInput formControlName="alarmType">\n    <mat-error *ngIf="clearAlarmConfigForm.get(\'alarmType\').hasError(\'required\')">\n      {{ \'tb.rulenode.alarm-type-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n</section>\n',components:[{type:Y.JsFuncComponent,selector:"tb-js-func",inputs:["functionTitle","functionName","functionArgs","validationArgs","resultType","disabled","fillHeight","minHeight","editorCompleter","globalVariables","disableUndefinedCheck","helpId","noValidate","required"]},{type:J.MatButton,selector:"button[mat-button], button[mat-raised-button], button[mat-icon-button],             button[mat-fab], button[mat-mini-fab], button[mat-stroked-button],             button[mat-flat-button]",inputs:["disabled","disableRipple","color"],exportAs:["matButton"]},{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:D.MatLabel,selector:"mat-label"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ze,decorators:[{type:o,args:[{selector:"tb-action-node-clear-alarm-config",templateUrl:"./clear-alarm-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder},{type:Q.NodeScriptTestService},{type:P.TranslateService}]},propDecorators:{jsFuncComponent:[{type:a,args:["jsFuncComponent",{static:!0}]}]}});class Xe extends s{constructor(e,t,o,r){super(e),this.store=e,this.fb=t,this.nodeScriptTestService=o,this.translate=r,this.alarmSeverities=Object.keys(d),this.alarmSeverityTranslationMap=f,this.separatorKeysCodes=[Z,X,ee]}configForm(){return this.createAlarmConfigForm}onConfigurationSet(e){this.createAlarmConfigForm=this.fb.group({alarmDetailsBuildJs:[e?e.alarmDetailsBuildJs:null,[k.required]],useMessageAlarmData:[!!e&&e.useMessageAlarmData,[]],overwriteAlarmDetails:[!!e&&e.overwriteAlarmDetails,[]],alarmType:[e?e.alarmType:null,[]],severity:[e?e.severity:null,[]],propagate:[!!e&&e.propagate,[]],relationTypes:[e?e.relationTypes:null,[]],propagateToOwner:[!!e&&e.propagateToOwner,[]],propagateToTenant:[!!e&&e.propagateToTenant,[]],dynamicSeverity:!1}),this.createAlarmConfigForm.get("dynamicSeverity").valueChanges.subscribe((e=>{e?this.createAlarmConfigForm.get("severity").patchValue("",{emitEvent:!1}):this.createAlarmConfigForm.get("severity").patchValue(this.alarmSeverities[0],{emitEvent:!1})}))}validatorTriggers(){return["useMessageAlarmData"]}updateValidators(e){this.createAlarmConfigForm.get("useMessageAlarmData").value?(this.createAlarmConfigForm.get("alarmType").setValidators([]),this.createAlarmConfigForm.get("severity").setValidators([])):(this.createAlarmConfigForm.get("alarmType").setValidators([k.required]),this.createAlarmConfigForm.get("severity").setValidators([k.required])),this.createAlarmConfigForm.get("alarmType").updateValueAndValidity({emitEvent:e}),this.createAlarmConfigForm.get("severity").updateValueAndValidity({emitEvent:e})}testScript(){const e=this.createAlarmConfigForm.get("alarmDetailsBuildJs").value;this.nodeScriptTestService.testNodeScript(e,"json",this.translate.instant("tb.rulenode.details"),"Details",["msg","metadata","msgType"],this.ruleNodeId,"rulenode/create_alarm_node_script_fn").subscribe((e=>{e&&this.createAlarmConfigForm.get("alarmDetailsBuildJs").setValue(e)}))}removeKey(e,t){const o=this.createAlarmConfigForm.get(t).value,r=o.indexOf(e);r>=0&&(o.splice(r,1),this.createAlarmConfigForm.get(t).setValue(o,{emitEvent:!0}))}addKey(e,t){const o=e.input;let r=e.value;if((r||"").trim()){r=r.trim();let e=this.createAlarmConfigForm.get(t).value;e&&-1!==e.indexOf(r)||(e||(e=[]),e.push(r),this.createAlarmConfigForm.get(t).setValue(e,{emitEvent:!0}))}o&&(o.value="")}onValidate(){const e=this.createAlarmConfigForm.get("useMessageAlarmData").value,t=this.createAlarmConfigForm.get("overwriteAlarmDetails").value;e&&!t||this.jsFuncComponent.validateOnSubmit()}}e("CreateAlarmConfigComponent",Xe),Xe.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Xe,deps:[{token:T.Store},{token:q.FormBuilder},{token:Q.NodeScriptTestService},{token:P.TranslateService}],target:t.ɵɵFactoryTarget.Component}),Xe.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Xe,selector:"tb-action-node-create-alarm-config",viewQueries:[{propertyName:"jsFuncComponent",first:!0,predicate:["jsFuncComponent"],descendants:!0,static:!0}],usesInheritance:!0,ngImport:t,template:'<section [formGroup]="createAlarmConfigForm" fxLayout="column">\n  <mat-checkbox formControlName="useMessageAlarmData" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.use-message-alarm-data\' | translate }}\n  </mat-checkbox>\n  <mat-checkbox formControlName="overwriteAlarmDetails" [fxShow]="createAlarmConfigForm.get(\'useMessageAlarmData\').value === true"\n                style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.overwrite-alarm-details\' | translate }}\n  </mat-checkbox>\n  <section fxLayout="column" [fxShow]="createAlarmConfigForm.get(\'useMessageAlarmData\').value === false ||\n                                       createAlarmConfigForm.get(\'overwriteAlarmDetails\').value === true">\n    <label translate class="tb-title no-padding">tb.rulenode.alarm-details-builder</label>\n    <tb-js-func #jsFuncComponent\n                formControlName="alarmDetailsBuildJs"\n                functionName="Details"\n                [functionArgs]="[\'msg\', \'metadata\', \'msgType\']"\n                helpId="rulenode/create_alarm_node_script_fn"\n                noValidate="true">\n    </tb-js-func>\n    <div fxLayout="row" style="padding-bottom: 16px;">\n      <button mat-button mat-raised-button color="primary" (click)="testScript()">\n        {{ \'tb.rulenode.test-details-function\' | translate }}\n      </button>\n    </div>\n  </section>\n  <section fxLayout="column" [fxShow]="createAlarmConfigForm.get(\'useMessageAlarmData\').value === false">\n    <mat-form-field fxFlex style="padding-bottom: 16px;">\n      <mat-label translate>tb.rulenode.alarm-type</mat-label>\n      <input required matInput formControlName="alarmType">\n      <mat-error *ngIf="createAlarmConfigForm.get(\'alarmType\').hasError(\'required\')">\n        {{ \'tb.rulenode.alarm-type-required\' | translate }}\n      </mat-error>\n      <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n    </mat-form-field>\n    <mat-checkbox formControlName="dynamicSeverity" style="padding-bottom: 16px;">\n      {{ \'tb.rulenode.use-alarm-severity-pattern\' | translate }}\n    </mat-checkbox>\n    <mat-form-field fxFlex *ngIf="!createAlarmConfigForm.get(\'dynamicSeverity\').value">\n      <mat-label translate>tb.rulenode.alarm-severity</mat-label>\n      <mat-select formControlName="severity" required>\n        <mat-option *ngFor="let severity of alarmSeverities" [value]="severity">\n          {{ alarmSeverityTranslationMap.get(severity) | translate }}\n        </mat-option>\n      </mat-select>\n      <mat-error *ngIf="createAlarmConfigForm.get(\'severity\').hasError(\'required\')">\n        {{ \'tb.rulenode.alarm-severity-required\' | translate }}\n      </mat-error>\n    </mat-form-field>\n    <mat-form-field fxFlex *ngIf="createAlarmConfigForm.get(\'dynamicSeverity\').value" style="padding-bottom: 32px;">\n      <mat-label translate>tb.rulenode.alarm-severity-pattern</mat-label>\n      <input matInput formControlName="severity" required>\n      <mat-error *ngIf="createAlarmConfigForm.get(\'severity\').hasError(\'required\')">\n        {{ \'tb.rulenode.alarm-severity-required\' | translate }}\n      </mat-error>\n      <mat-hint [innerHTML]="\'tb.rulenode.alarm-severity-pattern-hint\' | translate | safeHtml"></mat-hint>\n    </mat-form-field>\n    <mat-checkbox formControlName="propagate" style="padding-bottom: 16px;">\n      {{ \'tb.rulenode.propagate\' | translate }}\n    </mat-checkbox>\n    <section *ngIf="createAlarmConfigForm.get(\'propagate\').value === true">\n      <mat-form-field floatLabel="always" class="mat-block" style="padding-bottom: 16px;">\n        <mat-label translate>tb.rulenode.relation-types-list</mat-label>\n        <mat-chip-list #relationTypesChipList>\n          <mat-chip\n            *ngFor="let key of createAlarmConfigForm.get(\'relationTypes\').value;"\n            (removed)="removeKey(key, \'relationTypes\')">\n            {{key}}\n            <mat-icon matChipRemove>close</mat-icon>\n          </mat-chip>\n          <input matInput type="text" placeholder="{{\'tb.rulenode.relation-types-list\' | translate}}"\n                 style="max-width: 200px;"\n                 [matChipInputFor]="relationTypesChipList"\n                 [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n                 (matChipInputTokenEnd)="addKey($event, \'relationTypes\')"\n                 [matChipInputAddOnBlur]="true">\n        </mat-chip-list>\n        <mat-hint translate>tb.rulenode.relation-types-list-hint</mat-hint>\n      </mat-form-field>\n    </section>\n    <mat-checkbox formControlName="propagateToOwner" style="padding-bottom: 16px;">\n      {{ \'tb.rulenode.propagate-to-owner\' | translate }}\n    </mat-checkbox>\n    <mat-checkbox formControlName="propagateToTenant" style="padding-bottom: 16px;">\n      {{ \'tb.rulenode.propagate-to-tenant\' | translate }}\n    </mat-checkbox>\n  </section>\n</section>\n',components:[{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:Y.JsFuncComponent,selector:"tb-js-func",inputs:["functionTitle","functionName","functionArgs","validationArgs","resultType","disabled","fillHeight","minHeight","editorCompleter","globalVariables","disableUndefinedCheck","helpId","noValidate","required"]},{type:J.MatButton,selector:"button[mat-button], button[mat-raised-button], button[mat-icon-button],             button[mat-fab], button[mat-mini-fab], button[mat-stroked-button],             button[mat-flat-button]",inputs:["disabled","disableRipple","color"],exportAs:["matButton"]},{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:te.MatChipList,selector:"mat-chip-list",inputs:["aria-orientation","multiple","compareWith","value","required","placeholder","disabled","selectable","tabIndex","errorStateMatcher"],outputs:["change","valueChange"],exportAs:["matChipList"]},{type:oe.MatIcon,selector:"mat-icon",inputs:["color","inline","svgIcon","fontSet","fontIcon"],exportAs:["matIcon"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:re.DefaultShowHideDirective,selector:"  [fxShow], [fxShow.print],  [fxShow.xs], [fxShow.sm], [fxShow.md], [fxShow.lg], [fxShow.xl],  [fxShow.lt-sm], [fxShow.lt-md], [fxShow.lt-lg], [fxShow.lt-xl],  [fxShow.gt-xs], [fxShow.gt-sm], [fxShow.gt-md], [fxShow.gt-lg],  [fxHide], [fxHide.print],  [fxHide.xs], [fxHide.sm], [fxHide.md], [fxHide.lg], [fxHide.xl],  [fxHide.lt-sm], [fxHide.lt-md], [fxHide.lt-lg], [fxHide.lt-xl],  [fxHide.gt-xs], [fxHide.gt-sm], [fxHide.gt-md], [fxHide.gt-lg]",inputs:["fxShow","fxShow.print","fxShow.xs","fxShow.sm","fxShow.md","fxShow.lg","fxShow.xl","fxShow.lt-sm","fxShow.lt-md","fxShow.lt-lg","fxShow.lt-xl","fxShow.gt-xs","fxShow.gt-sm","fxShow.gt-md","fxShow.gt-lg","fxHide","fxHide.print","fxHide.xs","fxHide.sm","fxHide.md","fxHide.lg","fxHide.xl","fxHide.lt-sm","fxHide.lt-md","fxHide.lt-lg","fxHide.lt-xl","fxHide.gt-xs","fxHide.gt-sm","fxHide.gt-md","fxHide.gt-lg"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:D.MatLabel,selector:"mat-label"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:te.MatChip,selector:"mat-basic-chip, [mat-basic-chip], mat-chip, [mat-chip]",inputs:["color","disableRipple","tabIndex","selected","value","selectable","disabled","removable"],outputs:["selectionChange","destroyed","removed"],exportAs:["matChip"]},{type:te.MatChipRemove,selector:"[matChipRemove]"},{type:te.MatChipInput,selector:"input[matChipInputFor]",inputs:["matChipInputSeparatorKeyCodes","placeholder","id","matChipInputFor","matChipInputAddOnBlur","disabled"],outputs:["matChipInputTokenEnd"],exportAs:["matChipInput","matChipInputFor"]}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Xe,decorators:[{type:o,args:[{selector:"tb-action-node-create-alarm-config",templateUrl:"./create-alarm-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder},{type:Q.NodeScriptTestService},{type:P.TranslateService}]},propDecorators:{jsFuncComponent:[{type:a,args:["jsFuncComponent",{static:!0}]}]}});class et extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.directionTypes=Object.keys(c),this.directionTypeTranslations=g,this.entityType=x}configForm(){return this.createRelationConfigForm}onConfigurationSet(e){this.createRelationConfigForm=this.fb.group({direction:[e?e.direction:null,[k.required]],entityType:[e?e.entityType:null,[k.required]],entityNamePattern:[e?e.entityNamePattern:null,[]],entityTypePattern:[e?e.entityTypePattern:null,[]],relationType:[e?e.relationType:null,[k.required]],createEntityIfNotExists:[!!e&&e.createEntityIfNotExists,[]],removeCurrentRelations:[!!e&&e.removeCurrentRelations,[]],changeOriginatorToRelatedEntity:[!!e&&e.changeOriginatorToRelatedEntity,[]],entityCacheExpiration:[e?e.entityCacheExpiration:null,[k.required,k.min(0)]]})}validatorTriggers(){return["entityType"]}updateValidators(e){const t=this.createRelationConfigForm.get("entityType").value;t?this.createRelationConfigForm.get("entityNamePattern").setValidators([k.required,k.pattern(/.*\S.*/)]):this.createRelationConfigForm.get("entityNamePattern").setValidators([]),!t||t!==x.DEVICE&&t!==x.ASSET?this.createRelationConfigForm.get("entityTypePattern").setValidators([]):this.createRelationConfigForm.get("entityTypePattern").setValidators([k.required,k.pattern(/.*\S.*/)]),this.createRelationConfigForm.get("entityNamePattern").updateValueAndValidity({emitEvent:e}),this.createRelationConfigForm.get("entityTypePattern").updateValueAndValidity({emitEvent:e})}prepareOutputConfig(e){return e.entityNamePattern=e.entityNamePattern?e.entityNamePattern.trim():null,e.entityTypePattern=e.entityTypePattern?e.entityTypePattern.trim():null,e}}e("CreateRelationConfigComponent",et),et.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:et,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),et.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:et,selector:"tb-action-node-create-relation-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="createRelationConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" style="min-width: 100px;">\n    <mat-label translate>relation.direction</mat-label>\n    <mat-select required matInput formControlName="direction">\n      <mat-option *ngFor="let type of directionTypes" [value]="type">\n        {{ directionTypeTranslations.get(type) | translate }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n  <div fxLayout="row" fxLayoutGap="8px">\n    <tb-entity-type-select\n      showLabel\n      style="min-width: 100px;"\n      required\n      formControlName="entityType">\n    </tb-entity-type-select>\n    <mat-form-field *ngIf="createRelationConfigForm.get(\'entityType\').value" fxFlex class="mat-block" style="padding-bottom: 40px;">\n      <mat-label translate>tb.rulenode.entity-name-pattern</mat-label>\n      <input required matInput formControlName="entityNamePattern">\n      <mat-error *ngIf="createRelationConfigForm.get(\'entityNamePattern\').hasError(\'required\') ||\n                        createRelationConfigForm.get(\'entityNamePattern\').hasError(\'pattern\')">\n        {{ \'tb.rulenode.entity-name-pattern-required\' | translate }}\n      </mat-error>\n      <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n    </mat-form-field>\n    <mat-form-field *ngIf="createRelationConfigForm.get(\'entityType\').value === entityType.DEVICE ||\n                           createRelationConfigForm.get(\'entityType\').value === entityType.ASSET"\n                    fxFlex class="mat-block" style="padding-bottom: 40px;">\n      <mat-label translate>tb.rulenode.entity-type-pattern</mat-label>\n      <input required matInput formControlName="entityTypePattern">\n      <mat-error *ngIf="createRelationConfigForm.get(\'entityTypePattern\').hasError(\'required\') ||\n                        createRelationConfigForm.get(\'entityTypePattern\').hasError(\'pattern\')">\n        {{ \'tb.rulenode.entity-type-pattern-required\' | translate }}\n      </mat-error>\n      <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n    </mat-form-field>\n  </div>\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.relation-type-pattern</mat-label>\n    <input required matInput formControlName="relationType">\n    <mat-error *ngIf="createRelationConfigForm.get(\'relationType\').hasError(\'required\')">\n      {{ \'tb.rulenode.relation-type-pattern-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <section *ngIf="createRelationConfigForm.get(\'entityType\').value === entityType.CUSTOMER ||\n                  createRelationConfigForm.get(\'entityType\').value === entityType.DEVICE ||\n                  createRelationConfigForm.get(\'entityType\').value === entityType.ASSET">\n    <mat-checkbox formControlName="createEntityIfNotExists">\n      {{ \'tb.rulenode.create-entity-if-not-exists\' | translate }}\n    </mat-checkbox>\n    <div class="tb-hint" style="padding-bottom: 16px;" translate>tb.rulenode.create-entity-if-not-exists-hint</div>\n  </section>\n  <mat-checkbox formControlName="removeCurrentRelations">\n    {{ \'tb.rulenode.remove-current-relations\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" style="padding-bottom: 16px;" translate>tb.rulenode.remove-current-relations-hint</div>\n  <mat-checkbox formControlName="changeOriginatorToRelatedEntity">\n    {{ \'tb.rulenode.change-originator-to-related-entity\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" style="padding-bottom: 16px;" translate>tb.rulenode.change-originator-to-related-entity-hint</div>\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.entity-cache-expiration</mat-label>\n    <input required type="number" min="0" step="1" matInput formControlName="entityCacheExpiration">\n    <mat-error *ngIf="createRelationConfigForm.get(\'entityCacheExpiration\').hasError(\'required\')">\n      {{ \'tb.rulenode.entity-cache-expiration-required\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="createRelationConfigForm.get(\'entityCacheExpiration\').hasError(\'min\')">\n      {{ \'tb.rulenode.entity-cache-expiration-range\' | translate }}\n    </mat-error>\n    <mat-hint translate>tb.rulenode.entity-cache-expiration-hint</mat-hint>\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:ae.EntityTypeSelectComponent,selector:"tb-entity-type-select",inputs:["allowedEntityTypes","useAliasEntityTypes","showLabel","required","disabled"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:et,decorators:[{type:o,args:[{selector:"tb-action-node-create-relation-config",templateUrl:"./create-relation-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class tt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.directionTypes=Object.keys(c),this.directionTypeTranslations=g,this.entityType=x}configForm(){return this.deleteRelationConfigForm}onConfigurationSet(e){this.deleteRelationConfigForm=this.fb.group({deleteForSingleEntity:[!!e&&e.deleteForSingleEntity,[]],direction:[e?e.direction:null,[k.required]],entityType:[e?e.entityType:null,[]],entityNamePattern:[e?e.entityNamePattern:null,[]],relationType:[e?e.relationType:null,[k.required]],entityCacheExpiration:[e?e.entityCacheExpiration:null,[k.required,k.min(0)]]})}validatorTriggers(){return["deleteForSingleEntity","entityType"]}updateValidators(e){const t=this.deleteRelationConfigForm.get("deleteForSingleEntity").value,o=this.deleteRelationConfigForm.get("entityType").value;t?this.deleteRelationConfigForm.get("entityType").setValidators([k.required]):this.deleteRelationConfigForm.get("entityType").setValidators([]),t&&o?this.deleteRelationConfigForm.get("entityNamePattern").setValidators([k.required,k.pattern(/.*\S.*/)]):this.deleteRelationConfigForm.get("entityNamePattern").setValidators([]),this.deleteRelationConfigForm.get("entityType").updateValueAndValidity({emitEvent:!1}),this.deleteRelationConfigForm.get("entityNamePattern").updateValueAndValidity({emitEvent:e})}prepareOutputConfig(e){return e.entityNamePattern=e.entityNamePattern?e.entityNamePattern.trim():null,e}}e("DeleteRelationConfigComponent",tt),tt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:tt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),tt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:tt,selector:"tb-action-node-delete-relation-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="deleteRelationConfigForm" fxLayout="column">\n  <mat-checkbox formControlName="deleteForSingleEntity">\n    {{ \'tb.rulenode.delete-relation-to-specific-entity\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" style="padding-bottom: 16px;" translate>tb.rulenode.delete-relation-hint</div>\n  <mat-form-field class="mat-block" style="min-width: 100px;">\n    <mat-label translate>relation.direction</mat-label>\n    <mat-select required matInput formControlName="direction">\n      <mat-option *ngFor="let type of directionTypes" [value]="type">\n        {{ directionTypeTranslations.get(type) | translate }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n  <div *ngIf="deleteRelationConfigForm.get(\'deleteForSingleEntity\').value" fxLayout="row" fxLayoutGap="8px">\n    <tb-entity-type-select\n      showLabel\n      style="min-width: 100px;"\n      required\n      formControlName="entityType">\n    </tb-entity-type-select>\n    <mat-form-field *ngIf="deleteRelationConfigForm.get(\'entityType\').value" fxFlex class="mat-block" style="padding-bottom: 32px;">\n      <mat-label translate>tb.rulenode.entity-name-pattern</mat-label>\n      <input required matInput formControlName="entityNamePattern">\n      <mat-error *ngIf="deleteRelationConfigForm.get(\'entityNamePattern\').hasError(\'required\') ||\n                        deleteRelationConfigForm.get(\'entityNamePattern\').hasError(\'pattern\')">\n        {{ \'tb.rulenode.entity-name-pattern-required\' | translate }}\n      </mat-error>\n      <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n    </mat-form-field>\n  </div>\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.relation-type-pattern</mat-label>\n    <input required matInput formControlName="relationType">\n    <mat-error *ngIf="deleteRelationConfigForm.get(\'relationType\').hasError(\'required\')">\n      {{ \'tb.rulenode.relation-type-pattern-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.entity-cache-expiration</mat-label>\n    <input required type="number" min="0" step="1" matInput formControlName="entityCacheExpiration">\n    <mat-error *ngIf="deleteRelationConfigForm.get(\'entityCacheExpiration\').hasError(\'required\')">\n      {{ \'tb.rulenode.entity-cache-expiration-required\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="deleteRelationConfigForm.get(\'entityCacheExpiration\').hasError(\'min\')">\n      {{ \'tb.rulenode.entity-cache-expiration-range\' | translate }}\n    </mat-error>\n    <mat-hint translate>tb.rulenode.entity-cache-expiration-hint</mat-hint>\n  </mat-form-field>\n</section>\n',components:[{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:ae.EntityTypeSelectComponent,selector:"tb-entity-type-select",inputs:["allowedEntityTypes","useAliasEntityTypes","showLabel","required","disabled"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:D.MatLabel,selector:"mat-label"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:tt,decorators:[{type:o,args:[{selector:"tb-action-node-delete-relation-config",templateUrl:"./delete-relation-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class ot extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.deviceProfile}onConfigurationSet(e){this.deviceProfile=this.fb.group({persistAlarmRulesState:[!!e&&e.persistAlarmRulesState,k.required],fetchAlarmRulesStateOnStart:[!!e&&e.fetchAlarmRulesStateOnStart,k.required]})}}e("DeviceProfileConfigComponent",ot),ot.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ot,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),ot.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:ot,selector:"tb-device-profile-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="deviceProfile" fxLayout="column">\n  <mat-checkbox fxFlex formControlName="persistAlarmRulesState" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.persist-alarm-rules\' | translate }}\n  </mat-checkbox>\n  <mat-checkbox fxFlex formControlName="fetchAlarmRulesStateOnStart" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.fetch-alarm-rules\' | translate }}\n  </mat-checkbox>\n</section>\n',components:[{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ot,decorators:[{type:o,args:[{selector:"tb-device-profile-config",templateUrl:"./device-profile-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class rt extends s{constructor(e,t,o,r){super(e),this.store=e,this.fb=t,this.nodeScriptTestService=o,this.translate=r}configForm(){return this.generatorConfigForm}onConfigurationSet(e){this.generatorConfigForm=this.fb.group({msgCount:[e?e.msgCount:null,[k.required,k.min(0)]],periodInSeconds:[e?e.periodInSeconds:null,[k.required,k.min(1)]],originator:[e?e.originator:null,[]],jsScript:[e?e.jsScript:null,[k.required]]})}prepareInputConfig(e){return e&&(e.originatorId&&e.originatorType?e.originator={id:e.originatorId,entityType:e.originatorType}:e.originator=null,delete e.originatorId,delete e.originatorType),e}prepareOutputConfig(e){return e.originator?(e.originatorId=e.originator.id,e.originatorType=e.originator.entityType):(e.originatorId=null,e.originatorType=null),delete e.originator,e}testScript(){const e=this.generatorConfigForm.get("jsScript").value;this.nodeScriptTestService.testNodeScript(e,"generate",this.translate.instant("tb.rulenode.generator"),"Generate",["prevMsg","prevMetadata","prevMsgType"],this.ruleNodeId,"rulenode/generator_node_script_fn").subscribe((e=>{e&&this.generatorConfigForm.get("jsScript").setValue(e)}))}onValidate(){this.jsFuncComponent.validateOnSubmit()}}e("GeneratorConfigComponent",rt),rt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:rt,deps:[{token:T.Store},{token:q.FormBuilder},{token:Q.NodeScriptTestService},{token:P.TranslateService}],target:t.ɵɵFactoryTarget.Component}),rt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:rt,selector:"tb-action-node-generator-config",viewQueries:[{propertyName:"jsFuncComponent",first:!0,predicate:["jsFuncComponent"],descendants:!0,static:!0}],usesInheritance:!0,ngImport:t,template:'<section [formGroup]="generatorConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.message-count</mat-label>\n    <input required type="number" min="0" step="1" matInput formControlName="msgCount">\n    <mat-error *ngIf="generatorConfigForm.get(\'msgCount\').hasError(\'required\')">\n      {{ \'tb.rulenode.message-count-required\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="generatorConfigForm.get(\'msgCount\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-message-count-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.period-seconds</mat-label>\n    <input required type="number" min="1" step="1" matInput formControlName="periodInSeconds">\n    <mat-error *ngIf="generatorConfigForm.get(\'periodInSeconds\').hasError(\'required\')">\n      {{ \'tb.rulenode.period-seconds-required\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="generatorConfigForm.get(\'periodInSeconds\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-period-seconds-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <div fxLayout="column">\n    <label class="tb-small">{{ \'tb.rulenode.originator\' | translate }}</label>\n    <tb-entity-select\n      required="false"\n      formControlName="originator">\n    </tb-entity-select>\n  </div>\n  <label translate class="tb-title no-padding">tb.rulenode.generate</label>\n  <tb-js-func #jsFuncComponent\n              formControlName="jsScript"\n              functionName="Generate"\n              [functionArgs]="[\'prevMsg\', \'prevMetadata\', \'prevMsgType\']"\n              helpId="rulenode/generator_node_script_fn"\n              noValidate="true">\n  </tb-js-func>\n  <div fxLayout="row" style="padding-bottom: 16px;">\n    <button mat-button mat-raised-button color="primary" (click)="testScript()">\n      {{ \'tb.rulenode.test-generator-function\' | translate }}\n    </button>\n  </div>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:ne.EntitySelectComponent,selector:"tb-entity-select",inputs:["allowedEntityTypes","useAliasEntityTypes","required","disabled"]},{type:Y.JsFuncComponent,selector:"tb-js-func",inputs:["functionTitle","functionName","functionArgs","validationArgs","resultType","disabled","fillHeight","minHeight","editorCompleter","globalVariables","disableUndefinedCheck","helpId","noValidate","required"]},{type:J.MatButton,selector:"button[mat-button], button[mat-raised-button], button[mat-icon-button],             button[mat-fab], button[mat-mini-fab], button[mat-stroked-button],             button[mat-flat-button]",inputs:["disabled","disableRipple","color"],exportAs:["matButton"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:rt,decorators:[{type:o,args:[{selector:"tb-action-node-generator-config",templateUrl:"./generator-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder},{type:Q.NodeScriptTestService},{type:P.TranslateService}]},propDecorators:{jsFuncComponent:[{type:a,args:["jsFuncComponent",{static:!0}]}]}});class at extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.perimeterType=Ae,this.perimeterTypes=Object.keys(Ae),this.perimeterTypeTranslationMap=Ge,this.rangeUnits=Object.keys(Ee),this.rangeUnitTranslationMap=Pe,this.timeUnits=Object.keys(De),this.timeUnitsTranslationMap=Ve}configForm(){return this.geoActionConfigForm}onConfigurationSet(e){this.geoActionConfigForm=this.fb.group({latitudeKeyName:[e?e.latitudeKeyName:null,[k.required]],longitudeKeyName:[e?e.longitudeKeyName:null,[k.required]],perimeterType:[e?e.perimeterType:null,[k.required]],fetchPerimeterInfoFromMessageMetadata:[!!e&&e.fetchPerimeterInfoFromMessageMetadata,[]],perimeterKeyName:[e?e.perimeterKeyName:null,[]],centerLatitude:[e?e.centerLatitude:null,[]],centerLongitude:[e?e.centerLatitude:null,[]],range:[e?e.range:null,[]],rangeUnit:[e?e.rangeUnit:null,[]],polygonsDefinition:[e?e.polygonsDefinition:null,[]],minInsideDuration:[e?e.minInsideDuration:null,[k.required,k.min(1),k.max(2147483647)]],minInsideDurationTimeUnit:[e?e.minInsideDurationTimeUnit:null,[k.required]],minOutsideDuration:[e?e.minOutsideDuration:null,[k.required,k.min(1),k.max(2147483647)]],minOutsideDurationTimeUnit:[e?e.minOutsideDurationTimeUnit:null,[k.required]]})}validatorTriggers(){return["fetchPerimeterInfoFromMessageMetadata","perimeterType"]}updateValidators(e){const t=this.geoActionConfigForm.get("fetchPerimeterInfoFromMessageMetadata").value,o=this.geoActionConfigForm.get("perimeterType").value;t?this.geoActionConfigForm.get("perimeterKeyName").setValidators([k.required]):this.geoActionConfigForm.get("perimeterKeyName").setValidators([]),t||o!==Ae.CIRCLE?(this.geoActionConfigForm.get("centerLatitude").setValidators([]),this.geoActionConfigForm.get("centerLongitude").setValidators([]),this.geoActionConfigForm.get("range").setValidators([]),this.geoActionConfigForm.get("rangeUnit").setValidators([])):(this.geoActionConfigForm.get("centerLatitude").setValidators([k.required,k.min(-90),k.max(90)]),this.geoActionConfigForm.get("centerLongitude").setValidators([k.required,k.min(-180),k.max(180)]),this.geoActionConfigForm.get("range").setValidators([k.required,k.min(0)]),this.geoActionConfigForm.get("rangeUnit").setValidators([k.required])),t||o!==Ae.POLYGON?this.geoActionConfigForm.get("polygonsDefinition").setValidators([]):this.geoActionConfigForm.get("polygonsDefinition").setValidators([k.required]),this.geoActionConfigForm.get("perimeterKeyName").updateValueAndValidity({emitEvent:e}),this.geoActionConfigForm.get("centerLatitude").updateValueAndValidity({emitEvent:e}),this.geoActionConfigForm.get("centerLongitude").updateValueAndValidity({emitEvent:e}),this.geoActionConfigForm.get("range").updateValueAndValidity({emitEvent:e}),this.geoActionConfigForm.get("rangeUnit").updateValueAndValidity({emitEvent:e}),this.geoActionConfigForm.get("polygonsDefinition").updateValueAndValidity({emitEvent:e})}}e("GpsGeoActionConfigComponent",at),at.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:at,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),at.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:at,selector:"tb-action-node-gps-geofencing-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="geoActionConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.latitude-key-name</mat-label>\n    <input matInput formControlName="latitudeKeyName" required>\n    <mat-error *ngIf="geoActionConfigForm.get(\'latitudeKeyName\').hasError(\'required\')">\n      {{ \'tb.rulenode.latitude-key-name-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.longitude-key-name</mat-label>\n    <input matInput formControlName="longitudeKeyName" required>\n    <mat-error *ngIf="geoActionConfigForm.get(\'longitudeKeyName\').hasError(\'required\')">\n      {{ \'tb.rulenode.longitude-key-name-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field fxFlex class="mat-block">\n    <mat-label translate>tb.rulenode.perimeter-type</mat-label>\n    <mat-select formControlName="perimeterType" required>\n      <mat-option *ngFor="let type of perimeterTypes" [value]="type">\n        {{ perimeterTypeTranslationMap.get(type) | translate }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n  <mat-checkbox fxFlex formControlName="fetchPerimeterInfoFromMessageMetadata" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.fetch-perimeter-info-from-message-metadata\' | translate }}\n  </mat-checkbox>\n  <mat-form-field *ngIf="geoActionConfigForm.get(\'fetchPerimeterInfoFromMessageMetadata\').value" class="mat-block">\n    <mat-label translate>tb.rulenode.perimeter-key-name</mat-label>\n    <input matInput formControlName="perimeterKeyName" required>\n    <mat-error *ngIf="geoActionConfigForm.get(\'perimeterKeyName\').hasError(\'required\')">\n      {{ \'tb.rulenode.perimeter-key-name-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <div fxLayout="column"\n       *ngIf="geoActionConfigForm.get(\'perimeterType\').value === perimeterType.CIRCLE &&\n       !geoActionConfigForm.get(\'fetchPerimeterInfoFromMessageMetadata\').value">\n    <div fxLayout="row" fxLayoutGap="8px">\n      <mat-form-field fxFlex>\n        <mat-label translate>tb.rulenode.circle-center-latitude</mat-label>\n        <input type="number" min="-90" max="90" step="0.1" matInput formControlName="centerLatitude" required>\n        <mat-error *ngIf="geoActionConfigForm.get(\'centerLatitude\').hasError(\'required\')">\n          {{ \'tb.rulenode.circle-center-latitude-required\' | translate }}\n        </mat-error>\n      </mat-form-field>\n      <mat-form-field fxFlex>\n        <mat-label translate>tb.rulenode.circle-center-longitude</mat-label>\n        <input type="number" min="-180" max="180" step="0.1" matInput formControlName="centerLongitude" required>\n        <mat-error *ngIf="geoActionConfigForm.get(\'centerLongitude\').hasError(\'required\')">\n          {{ \'tb.rulenode.circle-center-longitude-required\' | translate }}\n        </mat-error>\n      </mat-form-field>\n    </div>\n    <div fxLayout="row" fxLayoutGap="8px">\n      <mat-form-field fxFlex>\n        <mat-label translate>tb.rulenode.range</mat-label>\n        <input type="number" min="0" step="0.1" matInput formControlName="range" required>\n        <mat-error *ngIf="geoActionConfigForm.get(\'range\').hasError(\'required\')">\n          {{ \'tb.rulenode.range-required\' | translate }}\n        </mat-error>\n      </mat-form-field>\n      <mat-form-field fxFlex>\n        <mat-label translate>tb.rulenode.range-units</mat-label>\n        <mat-select formControlName="rangeUnit" required>\n          <mat-option *ngFor="let type of rangeUnits" [value]="type">\n            {{ rangeUnitTranslationMap.get(type) | translate }}\n          </mat-option>\n        </mat-select>\n      </mat-form-field>\n    </div>\n  </div>\n  <div fxLayout="column" *ngIf="geoActionConfigForm.get(\'perimeterType\').value === perimeterType.POLYGON &&\n                             !geoActionConfigForm.get(\'fetchPerimeterInfoFromMessageMetadata\').value">\n    <mat-form-field class="mat-block" hintLabel="{{\'tb.rulenode.polygon-definition-hint\' | translate}}" style="padding-bottom: 16px;">\n      <mat-label translate>tb.rulenode.polygon-definition</mat-label>\n      <input matInput formControlName="polygonsDefinition" required>\n      <mat-error *ngIf="geoActionConfigForm.get(\'polygonsDefinition\').hasError(\'required\')">\n        {{ \'tb.rulenode.polygon-definition-required\' | translate }}\n      </mat-error>\n    </mat-form-field>\n  </div>\n  <div fxLayout="column" fxLayout.gt-sm="row" fxLayoutGap.gt-sm="8px">\n    <mat-form-field fxFlex class="mat-block">\n      <mat-label translate>tb.rulenode.min-inside-duration</mat-label>\n      <input type="number" step="1" min="1" max="2147483647" matInput formControlName="minInsideDuration" required>\n      <mat-error *ngIf="geoActionConfigForm.get(\'minInsideDuration\').hasError(\'required\')">\n        {{ \'tb.rulenode.min-inside-duration-value-required\' | translate }}\n      </mat-error>\n      <mat-error *ngIf="geoActionConfigForm.get(\'minInsideDuration\').hasError(\'min\')">\n        {{ \'tb.rulenode.time-value-range\' | translate }}\n      </mat-error>\n      <mat-error *ngIf="geoActionConfigForm.get(\'minInsideDuration\').hasError(\'max\')">\n        {{ \'tb.rulenode.time-value-range\' | translate }}\n      </mat-error>\n    </mat-form-field>\n    <mat-form-field fxFlex class="mat-block">\n      <mat-label translate>tb.rulenode.min-inside-duration-time-unit</mat-label>\n      <mat-select formControlName="minInsideDurationTimeUnit" required>\n        <mat-option *ngFor="let timeUnit of timeUnits" [value]="timeUnit">\n          {{ timeUnitsTranslationMap.get(timeUnit) | translate }}\n        </mat-option>\n      </mat-select>\n    </mat-form-field>\n  </div>\n  <div fxLayout="column" fxLayout.gt-sm="row" fxLayoutGap.gt-sm="8px">\n    <mat-form-field fxFlex class="mat-block">\n      <mat-label translate>tb.rulenode.min-outside-duration</mat-label>\n      <input type="number" step="1" min="1" max="2147483647" matInput formControlName="minOutsideDuration" required>\n      <mat-error *ngIf="geoActionConfigForm.get(\'minOutsideDuration\').hasError(\'required\')">\n        {{ \'tb.rulenode.min-outside-duration-value-required\' | translate }}\n      </mat-error>\n      <mat-error *ngIf="geoActionConfigForm.get(\'minOutsideDuration\').hasError(\'min\')">\n        {{ \'tb.rulenode.time-value-range\' | translate }}\n      </mat-error>\n      <mat-error *ngIf="geoActionConfigForm.get(\'minOutsideDuration\').hasError(\'max\')">\n        {{ \'tb.rulenode.time-value-range\' | translate }}\n      </mat-error>\n    </mat-form-field>\n    <mat-form-field fxFlex class="mat-block">\n      <mat-label translate>tb.rulenode.min-outside-duration-time-unit</mat-label>\n      <mat-select formControlName="minOutsideDurationTimeUnit" required>\n        <mat-option *ngFor="let timeUnit of timeUnits" [value]="timeUnit">\n          {{ timeUnitsTranslationMap.get(timeUnit) | translate }}\n        </mat-option>\n      </mat-select>\n    </mat-form-field>\n  </div>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.MaxValidator,selector:"input[type=number][max][formControlName],input[type=number][max][formControl],input[type=number][max][ngModel]",inputs:["max"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:at,decorators:[{type:o,args:[{selector:"tb-action-node-gps-geofencing-config",templateUrl:"./gps-geo-action-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class nt extends y{constructor(e,t,o,r){super(e),this.store=e,this.translate=t,this.injector=o,this.fb=r,this.propagateChange=null,this.valueChangeSubscription=null}get required(){return this.requiredValue}set required(e){this.requiredValue=le(e)}ngOnInit(){this.ngControl=this.injector.get(M),null!=this.ngControl&&(this.ngControl.valueAccessor=this),this.kvListFormGroup=this.fb.group({}),this.kvListFormGroup.addControl("keyVals",this.fb.array([]))}keyValsFormArray(){return this.kvListFormGroup.get("keyVals")}registerOnChange(e){this.propagateChange=e}registerOnTouched(e){}setDisabledState(e){this.disabled=e,this.disabled?this.kvListFormGroup.disable({emitEvent:!1}):this.kvListFormGroup.enable({emitEvent:!1})}writeValue(e){this.valueChangeSubscription&&this.valueChangeSubscription.unsubscribe();const t=[];if(e)for(const o of Object.keys(e))Object.prototype.hasOwnProperty.call(e,o)&&t.push(this.fb.group({key:[o,[k.required]],value:[e[o],[k.required]]}));this.kvListFormGroup.setControl("keyVals",this.fb.array(t)),this.valueChangeSubscription=this.kvListFormGroup.valueChanges.subscribe((()=>{this.updateModel()}))}removeKeyVal(e){this.kvListFormGroup.get("keyVals").removeAt(e)}addKeyVal(){this.kvListFormGroup.get("keyVals").push(this.fb.group({key:["",[k.required]],value:["",[k.required]]}))}validate(e){return!this.kvListFormGroup.get("keyVals").value.length&&this.required?{kvMapRequired:!0}:this.kvListFormGroup.valid?null:{kvFieldsRequired:!0}}updateModel(){const e=this.kvListFormGroup.get("keyVals").value;if(this.required&&!e.length||!this.kvListFormGroup.valid)this.propagateChange(null);else{const t={};e.forEach((e=>{t[e.key]=e.value})),this.propagateChange(t)}}}e("KvMapConfigComponent",nt),nt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:nt,deps:[{token:T.Store},{token:P.TranslateService},{token:t.Injector},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),nt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:nt,selector:"tb-kv-map-config",inputs:{disabled:"disabled",requiredText:"requiredText",keyText:"keyText",keyRequiredText:"keyRequiredText",valText:"valText",valRequiredText:"valRequiredText",hintText:"hintText",required:"required"},providers:[{provide:S,useExisting:n((()=>nt)),multi:!0},{provide:A,useExisting:n((()=>nt)),multi:!0}],usesInheritance:!0,ngImport:t,template:'<section fxLayout="column" class="tb-kv-map-config" [formGroup]="kvListFormGroup">\n  <div class="header" fxFlex fxLayout="row" fxLayoutGap="8px">\n    <span class="cell" fxFlex>{{ keyText | translate }}</span>\n    <span class="cell" fxFlex>{{ valText | translate }}</span>\n    <span [fxShow]="!disabled" style="width: 52px;" innerHTML="&nbsp"></span>\n  </div>\n  <div class="body">\n    <div class="row" fxLayout="row" fxLayoutAlign="start center" fxLayoutGap="8px"\n         formArrayName="keyVals"\n         *ngFor="let keyValControl of keyValsFormArray().controls; let $index = index">\n      <mat-form-field fxFlex floatLabel="always" hideRequiredMarker class="cell mat-block">\n        <mat-label></mat-label>\n        <input [formControl]="keyValControl.get(\'key\')" matInput required\n               placeholder="{{ keyText | translate }}"/>\n        <mat-error *ngIf="keyValControl.get(\'key\').hasError(\'required\')">\n          {{ keyRequiredText | translate }}\n        </mat-error>\n      </mat-form-field>\n      <mat-form-field fxFlex floatLabel="always" hideRequiredMarker class="cell mat-block">\n        <mat-label></mat-label>\n        <input [formControl]="keyValControl.get(\'value\')" matInput required\n               placeholder="{{ valText | translate }}"/>\n        <mat-error *ngIf="keyValControl.get(\'value\').hasError(\'required\')">\n          {{ valRequiredText | translate }}\n        </mat-error>\n      </mat-form-field>\n      <button mat-button mat-icon-button color="primary"\n              [fxShow]="!disabled"\n              type="button"\n              (click)="removeKeyVal($index)"\n              [disabled]="isLoading$ | async"\n              matTooltip="{{ \'tb.key-val.remove-entry\' | translate }}"\n              matTooltipPosition="above">\n        <mat-icon>close</mat-icon>\n      </button>\n    </div>\n    <div *ngIf="hintText" class="tb-hint" [innerHTML]="hintText | translate | safeHtml"></div>\n  </div>\n  <tb-error [error]="ngControl.hasError(\'kvMapRequired\')\n                  ? translate.instant(requiredText) : \'\'"></tb-error>\n  <div style="margin-top: 8px;">\n    <button mat-button mat-raised-button color="primary"\n            [fxShow]="!disabled"\n            [disabled]="isLoading$ | async"\n            (click)="addKeyVal()"\n            type="button"\n            matTooltip="{{ \'tb.key-val.add-entry\' | translate }}"\n            matTooltipPosition="above">\n      <mat-icon>add</mat-icon>\n      {{ \'action.add\' | translate }}\n    </button>\n  </div>\n</section>\n',styles:[":host .tb-kv-map-config{margin-bottom:16px}:host .tb-kv-map-config .header{padding-left:5px;padding-right:5px;padding-bottom:5px}:host .tb-kv-map-config .header .cell{padding-left:5px;padding-right:5px;color:#0000008a;font-size:12px;font-weight:700;white-space:nowrap}:host .tb-kv-map-config .body{padding-left:5px;padding-right:5px;padding-bottom:20px;max-height:300px;overflow:auto}:host .tb-kv-map-config .body .cell{padding-left:5px;padding-right:5px}:host ::ng-deep .tb-kv-map-config .body mat-form-field.cell{margin:0}:host ::ng-deep .tb-kv-map-config .body mat-form-field.cell .mat-form-field-infix{border-top:0}:host ::ng-deep .tb-kv-map-config .body button.mat-button{margin:0;align-self:baseline}\n"],components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:J.MatButton,selector:"button[mat-button], button[mat-raised-button], button[mat-icon-button],             button[mat-fab], button[mat-mini-fab], button[mat-stroked-button],             button[mat-flat-button]",inputs:["disabled","disableRipple","color"],exportAs:["matButton"]},{type:oe.MatIcon,selector:"mat-icon",inputs:["color","inline","svgIcon","fontSet","fontIcon"],exportAs:["matIcon"]},{type:ie.TbErrorComponent,selector:"tb-error",inputs:["error"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:re.DefaultShowHideDirective,selector:"  [fxShow], [fxShow.print],  [fxShow.xs], [fxShow.sm], [fxShow.md], [fxShow.lg], [fxShow.xl],  [fxShow.lt-sm], [fxShow.lt-md], [fxShow.lt-lg], [fxShow.lt-xl],  [fxShow.gt-xs], [fxShow.gt-sm], [fxShow.gt-md], [fxShow.gt-lg],  [fxHide], [fxHide.print],  [fxHide.xs], [fxHide.sm], [fxHide.md], [fxHide.lg], [fxHide.xl],  [fxHide.lt-sm], [fxHide.lt-md], [fxHide.lt-lg], [fxHide.lt-xl],  [fxHide.gt-xs], [fxHide.gt-sm], [fxHide.gt-md], [fxHide.gt-lg]",inputs:["fxShow","fxShow.print","fxShow.xs","fxShow.sm","fxShow.md","fxShow.lg","fxShow.xl","fxShow.lt-sm","fxShow.lt-md","fxShow.lt-lg","fxShow.lt-xl","fxShow.gt-xs","fxShow.gt-sm","fxShow.gt-md","fxShow.gt-lg","fxHide","fxHide.print","fxHide.xs","fxHide.sm","fxHide.md","fxHide.lg","fxHide.xl","fxHide.lt-sm","fxHide.lt-md","fxHide.lt-lg","fxHide.lt-xl","fxHide.gt-xs","fxHide.gt-sm","fxHide.gt-md","fxHide.gt-lg"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:E.DefaultLayoutAlignDirective,selector:"  [fxLayoutAlign], [fxLayoutAlign.xs], [fxLayoutAlign.sm], [fxLayoutAlign.md],  [fxLayoutAlign.lg], [fxLayoutAlign.xl], [fxLayoutAlign.lt-sm], [fxLayoutAlign.lt-md],  [fxLayoutAlign.lt-lg], [fxLayoutAlign.lt-xl], [fxLayoutAlign.gt-xs], [fxLayoutAlign.gt-sm],  [fxLayoutAlign.gt-md], [fxLayoutAlign.gt-lg]",inputs:["fxLayoutAlign","fxLayoutAlign.xs","fxLayoutAlign.sm","fxLayoutAlign.md","fxLayoutAlign.lg","fxLayoutAlign.xl","fxLayoutAlign.lt-sm","fxLayoutAlign.lt-md","fxLayoutAlign.lt-lg","fxLayoutAlign.lt-xl","fxLayoutAlign.gt-xs","fxLayoutAlign.gt-sm","fxLayoutAlign.gt-md","fxLayoutAlign.gt-lg"]},{type:q.FormArrayName,selector:"[formArrayName]",inputs:["formArrayName"]},{type:D.MatLabel,selector:"mat-label"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlDirective,selector:"[formControl]",inputs:["disabled","formControl","ngModel"],outputs:["ngModelChange"],exportAs:["ngForm"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:se.MatTooltip,selector:"[matTooltip]",exportAs:["matTooltip"]}],pipes:{translate:P.TranslatePipe,async:w.AsyncPipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:nt,decorators:[{type:o,args:[{selector:"tb-kv-map-config",templateUrl:"./kv-map-config.component.html",styleUrls:["./kv-map-config.component.scss"],providers:[{provide:S,useExisting:n((()=>nt)),multi:!0},{provide:A,useExisting:n((()=>nt)),multi:!0}]}]}],ctorParameters:function(){return[{type:T.Store},{type:P.TranslateService},{type:t.Injector},{type:q.FormBuilder}]},propDecorators:{disabled:[{type:l}],requiredText:[{type:l}],keyText:[{type:l}],keyRequiredText:[{type:l}],valText:[{type:l}],valRequiredText:[{type:l}],hintText:[{type:l}],required:[{type:l}]}});class lt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.ackValues=["all","-1","0","1"],this.ToByteStandartCharsetTypesValues=$e,this.ToByteStandartCharsetTypeTranslationMap=We}configForm(){return this.kafkaConfigForm}onConfigurationSet(e){this.kafkaConfigForm=this.fb.group({topicPattern:[e?e.topicPattern:null,[k.required]],bootstrapServers:[e?e.bootstrapServers:null,[k.required]],retries:[e?e.retries:null,[k.min(0)]],batchSize:[e?e.batchSize:null,[k.min(0)]],linger:[e?e.linger:null,[k.min(0)]],bufferMemory:[e?e.bufferMemory:null,[k.min(0)]],acks:[e?e.acks:null,[k.required]],keySerializer:[e?e.keySerializer:null,[k.required]],valueSerializer:[e?e.valueSerializer:null,[k.required]],otherProperties:[e?e.otherProperties:null,[]],addMetadataKeyValuesAsKafkaHeaders:[!!e&&e.addMetadataKeyValuesAsKafkaHeaders,[]],kafkaHeadersCharset:[e?e.kafkaHeadersCharset:null,[]]})}validatorTriggers(){return["addMetadataKeyValuesAsKafkaHeaders"]}updateValidators(e){this.kafkaConfigForm.get("addMetadataKeyValuesAsKafkaHeaders").value?this.kafkaConfigForm.get("kafkaHeadersCharset").setValidators([k.required]):this.kafkaConfigForm.get("kafkaHeadersCharset").setValidators([]),this.kafkaConfigForm.get("kafkaHeadersCharset").updateValueAndValidity({emitEvent:e})}}e("KafkaConfigComponent",lt),lt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:lt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),lt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:lt,selector:"tb-action-node-kafka-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="kafkaConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" style="padding-bottom: 8px;">\n    <mat-label translate>tb.rulenode.topic-pattern</mat-label>\n    <input required matInput formControlName="topicPattern">\n    <mat-error *ngIf="kafkaConfigForm.get(\'topicPattern\').hasError(\'required\')">\n      {{ \'tb.rulenode.topic-pattern-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.bootstrap-servers</mat-label>\n    <input required matInput formControlName="bootstrapServers">\n    <mat-error *ngIf="kafkaConfigForm.get(\'bootstrapServers\').hasError(\'required\')">\n      {{ \'tb.rulenode.bootstrap-servers-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.retries</mat-label>\n    <input type="number" step="1" min="0" matInput formControlName="retries">\n    <mat-error *ngIf="kafkaConfigForm.get(\'retries\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-retries-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.batch-size-bytes</mat-label>\n    <input type="number" step="1" min="0" matInput formControlName="batchSize">\n    <mat-error *ngIf="kafkaConfigForm.get(\'batchSize\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-batch-size-bytes-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.linger-ms</mat-label>\n    <input type="number" step="1" min="0" matInput formControlName="linger">\n    <mat-error *ngIf="kafkaConfigForm.get(\'linger\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-linger-ms-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.buffer-memory-bytes</mat-label>\n    <input type="number" step="1" min="0" matInput formControlName="bufferMemory">\n    <mat-error *ngIf="kafkaConfigForm.get(\'bufferMemory\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-buffer-memory-bytes-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.acks</mat-label>\n    <mat-select formControlName="acks" required>\n      <mat-option *ngFor="let ackValue of ackValues" [value]="ackValue">\n        {{ ackValue }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.key-serializer</mat-label>\n    <input required matInput formControlName="keySerializer">\n    <mat-error *ngIf="kafkaConfigForm.get(\'keySerializer\').hasError(\'required\')">\n      {{ \'tb.rulenode.key-serializer-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.value-serializer</mat-label>\n    <input required matInput formControlName="valueSerializer">\n    <mat-error *ngIf="kafkaConfigForm.get(\'valueSerializer\').hasError(\'required\')">\n      {{ \'tb.rulenode.value-serializer-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <label translate class="tb-title">tb.rulenode.other-properties</label>\n  <tb-kv-map-config\n    required="false"\n    formControlName="otherProperties"\n    keyText="tb.rulenode.key"\n    keyRequiredText="tb.rulenode.key-required"\n    valText="tb.rulenode.value"\n    valRequiredText="tb.rulenode.value-required">\n  </tb-kv-map-config>\n  <mat-checkbox fxFlex formControlName="addMetadataKeyValuesAsKafkaHeaders" style="padding-top: 16px;">\n    {{ \'tb.rulenode.add-metadata-key-values-as-kafka-headers\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" translate>tb.rulenode.add-metadata-key-values-as-kafka-headers-hint</div>\n  <mat-form-field fxFlex class="mat-block" *ngIf="kafkaConfigForm.get(\'addMetadataKeyValuesAsKafkaHeaders\').value">\n    <mat-label translate>tb.rulenode.charset-encoding</mat-label>\n    <mat-select formControlName="kafkaHeadersCharset" required>\n      <mat-option *ngFor="let charset of ToByteStandartCharsetTypesValues" [value]="charset">\n        {{ ToByteStandartCharsetTypeTranslationMap.get(charset) | translate }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:nt,selector:"tb-kv-map-config",inputs:["disabled","requiredText","keyText","keyRequiredText","valText","valRequiredText","hintText","required"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:lt,decorators:[{type:o,args:[{selector:"tb-action-node-kafka-config",templateUrl:"./kafka-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class it extends s{constructor(e,t,o,r){super(e),this.store=e,this.fb=t,this.nodeScriptTestService=o,this.translate=r}configForm(){return this.logConfigForm}onConfigurationSet(e){this.logConfigForm=this.fb.group({jsScript:[e?e.jsScript:null,[k.required]]})}testScript(){const e=this.logConfigForm.get("jsScript").value;this.nodeScriptTestService.testNodeScript(e,"string",this.translate.instant("tb.rulenode.to-string"),"ToString",["msg","metadata","msgType"],this.ruleNodeId,"rulenode/log_node_script_fn").subscribe((e=>{e&&this.logConfigForm.get("jsScript").setValue(e)}))}onValidate(){this.jsFuncComponent.validateOnSubmit()}}e("LogConfigComponent",it),it.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:it,deps:[{token:T.Store},{token:q.FormBuilder},{token:Q.NodeScriptTestService},{token:P.TranslateService}],target:t.ɵɵFactoryTarget.Component}),it.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:it,selector:"tb-action-node-log-config",viewQueries:[{propertyName:"jsFuncComponent",first:!0,predicate:["jsFuncComponent"],descendants:!0,static:!0}],usesInheritance:!0,ngImport:t,template:'<section [formGroup]="logConfigForm" fxLayout="column">\n  <label translate class="tb-title no-padding">tb.rulenode.to-string</label>\n  <tb-js-func #jsFuncComponent\n              formControlName="jsScript"\n              functionName="ToString"\n              [functionArgs]="[\'msg\', \'metadata\', \'msgType\']"\n              helpId="rulenode/log_node_script_fn"\n              noValidate="true">\n  </tb-js-func>\n  <div fxLayout="row">\n    <button mat-button mat-raised-button color="primary" (click)="testScript()">\n      {{ \'tb.rulenode.test-to-string-function\' | translate }}\n    </button>\n  </div>\n</section>\n',components:[{type:Y.JsFuncComponent,selector:"tb-js-func",inputs:["functionTitle","functionName","functionArgs","validationArgs","resultType","disabled","fillHeight","minHeight","editorCompleter","globalVariables","disableUndefinedCheck","helpId","noValidate","required"]},{type:J.MatButton,selector:"button[mat-button], button[mat-raised-button], button[mat-icon-button],             button[mat-fab], button[mat-mini-fab], button[mat-stroked-button],             button[mat-flat-button]",inputs:["disabled","disableRipple","color"],exportAs:["matButton"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:it,decorators:[{type:o,args:[{selector:"tb-action-node-log-config",templateUrl:"./log-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder},{type:Q.NodeScriptTestService},{type:P.TranslateService}]},propDecorators:{jsFuncComponent:[{type:a,args:["jsFuncComponent",{static:!0}]}]}});class st extends y{constructor(e,t){super(e),this.store=e,this.fb=t,this.subscriptions=[],this.disableCertPemCredentials=!1,this.passwordFieldRquired=!0,this.allCredentialsTypes=Be,this.credentialsTypeTranslationsMap=je,this.propagateChange=null}get required(){return this.requiredValue}set required(e){this.requiredValue=le(e)}ngOnInit(){this.credentialsConfigFormGroup=this.fb.group({type:[null,[k.required]],username:[null,[]],password:[null,[]],caCert:[null,[]],caCertFileName:[null,[]],privateKey:[null,[]],privateKeyFileName:[null,[]],cert:[null,[]],certFileName:[null,[]]}),this.subscriptions.push(this.credentialsConfigFormGroup.valueChanges.pipe(me()).subscribe((()=>{this.updateView()}))),this.subscriptions.push(this.credentialsConfigFormGroup.get("type").valueChanges.subscribe((()=>{this.credentialsTypeChanged()})))}ngOnChanges(e){for(const t of Object.keys(e)){const o=e[t];if(!o.firstChange&&o.currentValue!==o.previousValue&&o.currentValue&&"disableCertPemCredentials"===t){"cert.PEM"===this.credentialsConfigFormGroup.get("type").value&&setTimeout((()=>{this.credentialsConfigFormGroup.get("type").patchValue("anonymous",{emitEvent:!0})}))}}}ngOnDestroy(){this.subscriptions.forEach((e=>e.unsubscribe()))}writeValue(e){$(e)&&(this.credentialsConfigFormGroup.reset(e,{emitEvent:!1}),this.updateValidators(!1))}setDisabledState(e){e?this.credentialsConfigFormGroup.disable():(this.credentialsConfigFormGroup.enable(),this.updateValidators())}updateView(){let e=this.credentialsConfigFormGroup.value;const t=e.type;switch(t){case"anonymous":e={type:t};break;case"basic":e={type:t,username:e.username,password:e.password};break;case"cert.PEM":delete e.username}this.propagateChange(e)}registerOnChange(e){this.propagateChange=e}registerOnTouched(e){}validate(e){return this.credentialsConfigFormGroup.valid?null:{credentialsConfig:{valid:!1}}}credentialsTypeChanged(){this.credentialsConfigFormGroup.patchValue({username:null,password:null,caCert:null,caCertFileName:null,privateKey:null,privateKeyFileName:null,cert:null,certFileName:null}),this.updateValidators()}updateValidators(e=!1){const t=this.credentialsConfigFormGroup.get("type").value;switch(e&&this.credentialsConfigFormGroup.reset({type:t},{emitEvent:!1}),this.credentialsConfigFormGroup.setValidators([]),this.credentialsConfigFormGroup.get("username").setValidators([]),this.credentialsConfigFormGroup.get("password").setValidators([]),t){case"anonymous":break;case"basic":this.credentialsConfigFormGroup.get("username").setValidators([k.required]),this.credentialsConfigFormGroup.get("password").setValidators(this.passwordFieldRquired?[k.required]:[]);break;case"cert.PEM":this.credentialsConfigFormGroup.setValidators([this.requiredFilesSelected(k.required,[["caCert","caCertFileName"],["privateKey","privateKeyFileName","cert","certFileName"]])])}this.credentialsConfigFormGroup.get("username").updateValueAndValidity({emitEvent:e}),this.credentialsConfigFormGroup.get("password").updateValueAndValidity({emitEvent:e}),this.credentialsConfigFormGroup.updateValueAndValidity({emitEvent:e})}requiredFilesSelected(e,t=null){return o=>{t||(t=[Object.keys(o.controls)]);return(null==o?void 0:o.controls)&&t.some((t=>t.every((t=>!e(o.controls[t])))))?null:{notAllRequiredFilesSelected:!0}}}}e("CredentialsConfigComponent",st),st.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:st,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),st.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:st,selector:"tb-credentials-config",inputs:{required:"required",disableCertPemCredentials:"disableCertPemCredentials",passwordFieldRquired:"passwordFieldRquired"},providers:[{provide:S,useExisting:n((()=>st)),multi:!0},{provide:A,useExisting:n((()=>st)),multi:!0}],usesInheritance:!0,usesOnChanges:!0,ngImport:t,template:'<section [formGroup]="credentialsConfigFormGroup" fxLayout="column">\n  <mat-expansion-panel class="tb-credentials-config-panel-group">\n    <mat-expansion-panel-header>\n      <mat-panel-title translate>tb.rulenode.credentials</mat-panel-title>\n      <mat-panel-description>\n        {{ credentialsTypeTranslationsMap.get(credentialsConfigFormGroup.get(\'type\').value) | translate }}\n      </mat-panel-description>\n    </mat-expansion-panel-header>\n    <ng-template matExpansionPanelContent>\n      <mat-form-field class="mat-block">\n        <mat-label translate>tb.rulenode.credentials-type</mat-label>\n        <mat-select formControlName="type" required>\n          <mat-option *ngFor="let credentialsType of allCredentialsTypes" [value]="credentialsType" [disabled]="credentialsType === \'cert.PEM\' && disableCertPemCredentials">\n            {{ credentialsTypeTranslationsMap.get(credentialsType) | translate }}\n          </mat-option>\n        </mat-select>\n        <mat-error *ngIf="credentialsConfigFormGroup.get(\'type\').hasError(\'required\')">\n          {{ \'tb.rulenode.credentials-type-required\' | translate }}\n        </mat-error>\n      </mat-form-field>\n      <section fxLayout="column" [ngSwitch]="credentialsConfigFormGroup.get(\'type\').value">\n        <ng-template ngSwitchCase="anonymous">\n        </ng-template>\n        <ng-template ngSwitchCase="basic">\n          <mat-form-field class="mat-block">\n            <mat-label translate>tb.rulenode.username</mat-label>\n            <input required matInput formControlName="username">\n            <mat-error *ngIf="credentialsConfigFormGroup.get(\'username\').hasError(\'required\')">\n              {{ \'tb.rulenode.username-required\' | translate }}\n            </mat-error>\n          </mat-form-field>\n          <mat-form-field class="mat-block">\n            <mat-label translate>tb.rulenode.password</mat-label>\n            <input type="password" [required]="passwordFieldRquired" matInput formControlName="password">\n            <tb-toggle-password matSuffix></tb-toggle-password>\n            <mat-error *ngIf="credentialsConfigFormGroup.get(\'password\').hasError(\'required\') && passwordFieldRquired">\n              {{ \'tb.rulenode.password-required\' | translate }}\n            </mat-error>\n          </mat-form-field>\n        </ng-template>\n        <ng-template ngSwitchCase="cert.PEM">\n          <div class="tb-hint">{{ \'tb.rulenode.credentials-pem-hint\' | translate }}</div>\n          <tb-file-input formControlName="caCert"\n                         inputId="caCertSelect"\n                         [existingFileName]="credentialsConfigFormGroup.get(\'caCertFileName\').value"\n                         (fileNameChanged)="credentialsConfigFormGroup.get(\'caCertFileName\').setValue($event)"\n                         label="{{\'tb.rulenode.ca-cert\' | translate}}"\n                         noFileText="tb.rulenode.no-file"\n                         dropLabel="{{\'tb.rulenode.drop-file\' | translate}}">\n          </tb-file-input>\n          <tb-file-input formControlName="cert"\n                         inputId="CertSelect"\n                         [existingFileName]="credentialsConfigFormGroup.get(\'certFileName\').value"\n                         (fileNameChanged)="credentialsConfigFormGroup.get(\'certFileName\').setValue($event)"\n                         label="{{\'tb.rulenode.cert\' | translate}}"\n                         noFileText="tb.rulenode.no-file"\n                         dropLabel="{{\'tb.rulenode.drop-file\' | translate}}">\n          </tb-file-input>\n          <tb-file-input style="padding-bottom: 8px;"\n                         formControlName="privateKey"\n                         inputId="privateKeySelect"\n                         [existingFileName]="credentialsConfigFormGroup.get(\'privateKeyFileName\').value"\n                         (fileNameChanged)="credentialsConfigFormGroup.get(\'privateKeyFileName\').setValue($event)"\n                         label="{{\'tb.rulenode.private-key\' | translate}}"\n                         noFileText="tb.rulenode.no-file"\n                         dropLabel="{{\'tb.rulenode.drop-file\' | translate}}">\n          </tb-file-input>\n          <mat-form-field class="mat-block">\n            <mat-label translate>tb.rulenode.private-key-password</mat-label>\n            <input type="password" matInput formControlName="password">\n            <tb-toggle-password matSuffix></tb-toggle-password>\n          </mat-form-field>\n        </ng-template>\n      </section>\n    </ng-template>\n  </mat-expansion-panel>\n</section>\n',components:[{type:B.MatExpansionPanel,selector:"mat-expansion-panel",inputs:["disabled","expanded","hideToggle","togglePosition"],outputs:["opened","closed","expandedChange","afterExpand","afterCollapse"],exportAs:["matExpansionPanel"]},{type:B.MatExpansionPanelHeader,selector:"mat-expansion-panel-header",inputs:["tabIndex","expandedHeight","collapsedHeight"]},{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:j.TogglePasswordComponent,selector:"tb-toggle-password"},{type:z.FileInputComponent,selector:"tb-file-input",inputs:["label","accept","noFileText","inputId","allowedExtensions","dropLabel","contentConvertFunction","required","requiredAsError","disabled","existingFileName","readAsBinary","workFromFileObj","multipleFile"],outputs:["fileNameChanged"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:B.MatExpansionPanelTitle,selector:"mat-panel-title"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:B.MatExpansionPanelDescription,selector:"mat-panel-description"},{type:B.MatExpansionPanelContent,selector:"ng-template[matExpansionPanelContent]"},{type:D.MatLabel,selector:"mat-label"},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:w.NgSwitch,selector:"[ngSwitch]",inputs:["ngSwitch"]},{type:w.NgSwitchCase,selector:"[ngSwitchCase]",inputs:["ngSwitchCase"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:D.MatSuffix,selector:"[matSuffix]"}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:st,decorators:[{type:o,args:[{selector:"tb-credentials-config",templateUrl:"./credentials-config.component.html",styleUrls:[],providers:[{provide:S,useExisting:n((()=>st)),multi:!0},{provide:A,useExisting:n((()=>st)),multi:!0}]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]},propDecorators:{required:[{type:l}],disableCertPemCredentials:[{type:l}],passwordFieldRquired:[{type:l}]}});class mt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.subscriptions=[]}configForm(){return this.mqttConfigForm}onConfigurationSet(e){this.mqttConfigForm=this.fb.group({topicPattern:[e?e.topicPattern:null,[k.required]],host:[e?e.host:null,[k.required]],port:[e?e.port:null,[k.required,k.min(1),k.max(65535)]],connectTimeoutSec:[e?e.connectTimeoutSec:null,[k.required,k.min(1),k.max(200)]],clientId:[e?e.clientId:null,[]],appendClientIdSuffix:[{value:!!e&&e.appendClientIdSuffix,disabled:!(e&&W(e.clientId))},[]],cleanSession:[!!e&&e.cleanSession,[]],ssl:[!!e&&e.ssl,[]],credentials:[e?e.credentials:null,[]]}),this.subscriptions.push(this.mqttConfigForm.get("clientId").valueChanges.subscribe((e=>{W(e)?this.mqttConfigForm.get("appendClientIdSuffix").enable({emitEvent:!1}):this.mqttConfigForm.get("appendClientIdSuffix").disable({emitEvent:!1})})))}ngOnDestroy(){this.subscriptions.forEach((e=>e.unsubscribe()))}}e("MqttConfigComponent",mt),mt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:mt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),mt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:mt,selector:"tb-action-node-mqtt-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="mqttConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.topic-pattern</mat-label>\n    <input required matInput formControlName="topicPattern">\n    <mat-error *ngIf="mqttConfigForm.get(\'topicPattern\').hasError(\'required\')">\n      {{ \'tb.rulenode.topic-pattern-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <div fxFlex fxLayout="column" fxLayout.gt-sm="row" fxLayoutGap.gt-sm="8px">\n    <mat-form-field fxFlex="60" class="mat-block">\n      <mat-label translate>tb.rulenode.host</mat-label>\n      <input required matInput formControlName="host">\n      <mat-error *ngIf="mqttConfigForm.get(\'host\').hasError(\'required\')">\n        {{ \'tb.rulenode.host-required\' | translate }}\n      </mat-error>\n    </mat-form-field>\n    <mat-form-field fxFlex="40" class="mat-block">\n      <mat-label translate>tb.rulenode.port</mat-label>\n      <input required type="number" step="1" min="1" max="65535" matInput formControlName="port">\n      <mat-error *ngIf="mqttConfigForm.get(\'port\').hasError(\'required\')">\n        {{ \'tb.rulenode.port-required\' | translate }}\n      </mat-error>\n      <mat-error *ngIf="mqttConfigForm.get(\'port\').hasError(\'min\')">\n        {{ \'tb.rulenode.port-range\' | translate }}\n      </mat-error>\n      <mat-error *ngIf="mqttConfigForm.get(\'port\').hasError(\'max\')">\n        {{ \'tb.rulenode.port-range\' | translate }}\n      </mat-error>\n    </mat-form-field>\n    <mat-form-field fxFlex="40" class="mat-block">\n      <mat-label translate>tb.rulenode.connect-timeout</mat-label>\n      <input required type="number" step="1" min="1" max="200" matInput formControlName="connectTimeoutSec">\n      <mat-error *ngIf="mqttConfigForm.get(\'connectTimeoutSec\').hasError(\'required\')">\n        {{ \'tb.rulenode.connect-timeout-required\' | translate }}\n      </mat-error>\n      <mat-error *ngIf="mqttConfigForm.get(\'connectTimeoutSec\').hasError(\'min\')">\n        {{ \'tb.rulenode.connect-timeout-range\' | translate }}\n      </mat-error>\n      <mat-error *ngIf="mqttConfigForm.get(\'connectTimeoutSec\').hasError(\'max\')">\n        {{ \'tb.rulenode.connect-timeout-range\' | translate }}\n      </mat-error>\n    </mat-form-field>\n  </div>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.client-id</mat-label>\n    <input matInput formControlName="clientId">\n  </mat-form-field>\n  <div class="tb-hint client-id" translate>tb.rulenode.client-id-hint</div>\n  <mat-checkbox formControlName="appendClientIdSuffix">\n    {{ \'tb.rulenode.append-client-id-suffix\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint client-id">{{ "tb.rulenode.client-id-suffix-hint" | translate }}</div>\n  <mat-checkbox formControlName="cleanSession">\n    {{ \'tb.rulenode.clean-session\' | translate }}\n  </mat-checkbox>\n  <mat-checkbox formControlName="ssl">\n    {{ \'tb.rulenode.enable-ssl\' | translate }}\n  </mat-checkbox>\n  <tb-credentials-config formControlName="credentials" [passwordFieldRquired]="false"></tb-credentials-config>\n</section>\n',styles:[":host .tb-mqtt-credentials-panel-group{margin:0 6px}:host .tb-hint.client-id{margin-top:-1.25em;max-width:-moz-fit-content;max-width:fit-content}:host mat-checkbox{padding-bottom:16px}\n"],components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:st,selector:"tb-credentials-config",inputs:["required","disableCertPemCredentials","passwordFieldRquired"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.MaxValidator,selector:"input[type=number][max][formControlName],input[type=number][max][formControl],input[type=number][max][ngModel]",inputs:["max"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:mt,decorators:[{type:o,args:[{selector:"tb-action-node-mqtt-config",templateUrl:"./mqtt-config.component.html",styleUrls:["./mqtt-config.component.scss"]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class ut extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.msgCountConfigForm}onConfigurationSet(e){this.msgCountConfigForm=this.fb.group({interval:[e?e.interval:null,[k.required,k.min(1)]],telemetryPrefix:[e?e.telemetryPrefix:null,[k.required]]})}}e("MsgCountConfigComponent",ut),ut.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ut,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),ut.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:ut,selector:"tb-action-node-msg-count-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="msgCountConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.interval-seconds</mat-label>\n    <input required type="number" min="1" step="1" matInput formControlName="interval">\n    <mat-error *ngIf="msgCountConfigForm.get(\'interval\').hasError(\'required\')">\n      {{ \'tb.rulenode.interval-seconds-required\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="msgCountConfigForm.get(\'interval\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-interval-seconds-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.output-timeseries-key-prefix</mat-label>\n    <input required matInput formControlName="telemetryPrefix">\n    <mat-error *ngIf="msgCountConfigForm.get(\'telemetryPrefix\').hasError(\'required\')">\n      {{ \'tb.rulenode.output-timeseries-key-prefix-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ut,decorators:[{type:o,args:[{selector:"tb-action-node-msg-count-config",templateUrl:"./msg-count-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class pt extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.msgDelayConfigForm}onConfigurationSet(e){this.msgDelayConfigForm=this.fb.group({useMetadataPeriodInSecondsPatterns:[!!e&&e.useMetadataPeriodInSecondsPatterns,[]],periodInSeconds:[e?e.periodInSeconds:null,[]],periodInSecondsPattern:[e?e.periodInSecondsPattern:null,[]],maxPendingMsgs:[e?e.maxPendingMsgs:null,[k.required,k.min(1),k.max(1e5)]]})}validatorTriggers(){return["useMetadataPeriodInSecondsPatterns"]}updateValidators(e){this.msgDelayConfigForm.get("useMetadataPeriodInSecondsPatterns").value?(this.msgDelayConfigForm.get("periodInSecondsPattern").setValidators([k.required]),this.msgDelayConfigForm.get("periodInSeconds").setValidators([])):(this.msgDelayConfigForm.get("periodInSecondsPattern").setValidators([]),this.msgDelayConfigForm.get("periodInSeconds").setValidators([k.required,k.min(0)])),this.msgDelayConfigForm.get("periodInSecondsPattern").updateValueAndValidity({emitEvent:e}),this.msgDelayConfigForm.get("periodInSeconds").updateValueAndValidity({emitEvent:e})}}e("MsgDelayConfigComponent",pt),pt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:pt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),pt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:pt,selector:"tb-action-node-msg-delay-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="msgDelayConfigForm" fxLayout="column">\n  <mat-checkbox formControlName="useMetadataPeriodInSecondsPatterns">\n    {{ \'tb.rulenode.use-metadata-period-in-seconds-patterns\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" style="padding-bottom: 16px;" translate>tb.rulenode.use-metadata-period-in-seconds-patterns-hint</div>\n  <mat-form-field *ngIf="msgDelayConfigForm.get(\'useMetadataPeriodInSecondsPatterns\').value !== true; else periodInSecondsPattern"\n                  class="mat-block">\n    <mat-label translate>tb.rulenode.period-seconds</mat-label>\n    <input required type="number" min="0" step="1" matInput formControlName="periodInSeconds">\n    <mat-error *ngIf="msgDelayConfigForm.get(\'periodInSeconds\').hasError(\'required\')">\n      {{ \'tb.rulenode.period-seconds-required\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="msgDelayConfigForm.get(\'periodInSeconds\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-period-0-seconds-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <ng-template #periodInSecondsPattern>\n    <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n      <mat-label translate>tb.rulenode.period-in-seconds-pattern</mat-label>\n      <input required matInput formControlName="periodInSecondsPattern">\n      <mat-error *ngIf="msgDelayConfigForm.get(\'periodInSecondsPattern\').hasError(\'required\')">\n        {{ \'tb.rulenode.period-in-seconds-pattern-required\' | translate }}\n      </mat-error>\n      <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n    </mat-form-field>\n  </ng-template>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.max-pending-messages</mat-label>\n    <input required type="number" min="1" max="100000" step="1" matInput formControlName="maxPendingMsgs">\n    <mat-error *ngIf="msgDelayConfigForm.get(\'maxPendingMsgs\').hasError(\'required\')">\n      {{ \'tb.rulenode.max-pending-messages-required\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="msgDelayConfigForm.get(\'maxPendingMsgs\').hasError(\'min\')">\n      {{ \'tb.rulenode.max-pending-messages-range\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="msgDelayConfigForm.get(\'maxPendingMsgs\').hasError(\'max\')">\n      {{ \'tb.rulenode.max-pending-messages-range\' | translate }}\n    </mat-error>\n  </mat-form-field>\n</section>\n',components:[{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatLabel,selector:"mat-label"},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:q.MaxValidator,selector:"input[type=number][max][formControlName],input[type=number][max][formControl],input[type=number][max][ngModel]",inputs:["max"]}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:pt,decorators:[{type:o,args:[{selector:"tb-action-node-msg-delay-config",templateUrl:"./msg-delay-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class dt extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.pubSubConfigForm}onConfigurationSet(e){this.pubSubConfigForm=this.fb.group({projectId:[e?e.projectId:null,[k.required]],topicName:[e?e.topicName:null,[k.required]],serviceAccountKey:[e?e.serviceAccountKey:null,[k.required]],serviceAccountKeyFileName:[e?e.serviceAccountKeyFileName:null,[k.required]],messageAttributes:[e?e.messageAttributes:null,[]]})}}e("PubSubConfigComponent",dt),dt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:dt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),dt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:dt,selector:"tb-action-node-pub-sub-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="pubSubConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.gcp-project-id</mat-label>\n    <input required matInput formControlName="projectId">\n    <mat-error *ngIf="pubSubConfigForm.get(\'projectId\').hasError(\'required\')">\n      {{ \'tb.rulenode.gcp-project-id-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.pubsub-topic-name</mat-label>\n    <input required matInput formControlName="topicName">\n    <mat-error *ngIf="pubSubConfigForm.get(\'topicName\').hasError(\'required\')">\n      {{ \'tb.rulenode.pubsub-topic-name-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <tb-file-input style="padding-bottom: 24px;"\n                 formControlName="serviceAccountKey"\n                 [existingFileName]="pubSubConfigForm.get(\'serviceAccountKeyFileName\').value"\n                 (fileNameChanged)="pubSubConfigForm.get(\'serviceAccountKeyFileName\').setValue($event)"\n                 required\n                 requiredAsError\n                 label="{{\'tb.rulenode.gcp-service-account-key\' | translate}}"\n                 noFileText="tb.rulenode.no-file"\n                 dropLabel="{{\'tb.rulenode.drop-file\' | translate}}">\n  </tb-file-input>\n  <label translate class="tb-title">tb.rulenode.message-attributes</label>\n  <div class="tb-hint" [innerHTML]="\'tb.rulenode.message-attributes-hint\' | translate | safeHtml"></div>\n  <tb-kv-map-config\n    required="false"\n    formControlName="messageAttributes"\n    keyText="tb.rulenode.name"\n    keyRequiredText="tb.rulenode.name-required"\n    valText="tb.rulenode.value"\n    valRequiredText="tb.rulenode.value-required">\n  </tb-kv-map-config>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:z.FileInputComponent,selector:"tb-file-input",inputs:["label","accept","noFileText","inputId","allowedExtensions","dropLabel","contentConvertFunction","required","requiredAsError","disabled","existingFileName","readAsBinary","workFromFileObj","multipleFile"],outputs:["fileNameChanged"]},{type:nt,selector:"tb-kv-map-config",inputs:["disabled","requiredText","keyText","keyRequiredText","valText","valRequiredText","hintText","required"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:dt,decorators:[{type:o,args:[{selector:"tb-action-node-pub-sub-config",templateUrl:"./pubsub-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class ft extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.attributeScopes=Object.keys(m),this.telemetryTypeTranslationsMap=u}configForm(){return this.pushToCloudConfigForm}onConfigurationSet(e){this.pushToCloudConfigForm=this.fb.group({scope:[e?e.scope:null,[k.required]]})}}e("PushToCloudConfigComponent",ft),ft.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ft,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),ft.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:ft,selector:"tb-action-node-push-to-cloud-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="pushToCloudConfigForm" fxLayout="column">\n  <mat-form-field fxFlex class="mat-block">\n    <mat-label translate>attribute.attributes-scope</mat-label>\n    <mat-select formControlName="scope" required>\n      <mat-option *ngFor="let scope of attributeScopes" [value]="scope">\n        {{ telemetryTypeTranslationsMap.get(scope) | translate }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ft,decorators:[{type:o,args:[{selector:"tb-action-node-push-to-cloud-config",templateUrl:"./push-to-cloud-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class ct extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.attributeScopes=Object.keys(m),this.telemetryTypeTranslationsMap=u}configForm(){return this.pushToEdgeConfigForm}onConfigurationSet(e){this.pushToEdgeConfigForm=this.fb.group({scope:[e?e.scope:null,[k.required]]})}}e("PushToEdgeConfigComponent",ct),ct.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ct,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),ct.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:ct,selector:"tb-action-node-push-to-edge-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="pushToEdgeConfigForm" fxLayout="column">\n  <mat-form-field fxFlex class="mat-block">\n    <mat-label translate>attribute.attributes-scope</mat-label>\n    <mat-select formControlName="scope" required>\n      <mat-option *ngFor="let scope of attributeScopes" [value]="scope">\n        {{ telemetryTypeTranslationsMap.get(scope) | translate }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ct,decorators:[{type:o,args:[{selector:"tb-action-node-push-to-edge-config",templateUrl:"./push-to-edge-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class gt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.messageProperties=[null,"BASIC","TEXT_PLAIN","MINIMAL_BASIC","MINIMAL_PERSISTENT_BASIC","PERSISTENT_BASIC","PERSISTENT_TEXT_PLAIN"]}configForm(){return this.rabbitMqConfigForm}onConfigurationSet(e){this.rabbitMqConfigForm=this.fb.group({exchangeNamePattern:[e?e.exchangeNamePattern:null,[]],routingKeyPattern:[e?e.routingKeyPattern:null,[]],messageProperties:[e?e.messageProperties:null,[]],host:[e?e.host:null,[k.required]],port:[e?e.port:null,[k.required,k.min(1),k.max(65535)]],virtualHost:[e?e.virtualHost:null,[]],username:[e?e.username:null,[]],password:[e?e.password:null,[]],automaticRecoveryEnabled:[!!e&&e.automaticRecoveryEnabled,[]],connectionTimeout:[e?e.connectionTimeout:null,[k.min(0)]],handshakeTimeout:[e?e.handshakeTimeout:null,[k.min(0)]],clientProperties:[e?e.clientProperties:null,[]]})}}e("RabbitMqConfigComponent",gt),gt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:gt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),gt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:gt,selector:"tb-action-node-rabbit-mq-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="rabbitMqConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.exchange-name-pattern</mat-label>\n    <input matInput formControlName="exchangeNamePattern">\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.routing-key-pattern</mat-label>\n    <input matInput formControlName="routingKeyPattern">\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.message-properties</mat-label>\n    <mat-select formControlName="messageProperties">\n      <mat-option *ngFor="let property of messageProperties" [value]="property">\n        {{ property }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n  <div fxLayout.gt-sm="row" fxLayoutGap.gt-sm="8px">\n    <mat-form-field fxFlex="100" fxFlex.gt-sm="60" class="mat-block">\n      <mat-label translate>tb.rulenode.host</mat-label>\n      <input required matInput formControlName="host">\n      <mat-error *ngIf="rabbitMqConfigForm.get(\'host\').hasError(\'required\')">\n        {{ \'tb.rulenode.host-required\' | translate }}\n      </mat-error>\n    </mat-form-field>\n    <mat-form-field fxFlex="100" fxFlex.gt-sm="40" class="mat-block">\n      <mat-label translate>tb.rulenode.port</mat-label>\n      <input required type="number" step="1" min="1" max="65535" matInput formControlName="port">\n      <mat-error *ngIf="rabbitMqConfigForm.get(\'port\').hasError(\'required\')">\n        {{ \'tb.rulenode.port-required\' | translate }}\n      </mat-error>\n      <mat-error *ngIf="rabbitMqConfigForm.get(\'port\').hasError(\'min\')">\n        {{ \'tb.rulenode.port-range\' | translate }}\n      </mat-error>\n      <mat-error *ngIf="rabbitMqConfigForm.get(\'port\').hasError(\'max\')">\n        {{ \'tb.rulenode.port-range\' | translate }}\n      </mat-error>\n    </mat-form-field>\n  </div>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.virtual-host</mat-label>\n    <input matInput formControlName="virtualHost">\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.username</mat-label>\n    <input matInput formControlName="username">\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.password</mat-label>\n    <input type="password" matInput formControlName="password">\n    <tb-toggle-password matSuffix></tb-toggle-password>\n  </mat-form-field>\n  <mat-checkbox formControlName="automaticRecoveryEnabled" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.automatic-recovery\' | translate }}\n  </mat-checkbox>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.connection-timeout-ms</mat-label>\n    <input type="number" step="1" min="0" matInput formControlName="connectionTimeout">\n    <mat-error *ngIf="rabbitMqConfigForm.get(\'connectionTimeout\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-connection-timeout-ms-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.handshake-timeout-ms</mat-label>\n    <input type="number" step="1" min="0" matInput formControlName="handshakeTimeout">\n    <mat-error *ngIf="rabbitMqConfigForm.get(\'handshakeTimeout\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-handshake-timeout-ms-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <label translate class="tb-title">tb.rulenode.client-properties</label>\n  <tb-kv-map-config\n    required="false"\n    formControlName="clientProperties"\n    keyText="tb.rulenode.key"\n    keyRequiredText="tb.rulenode.key-required"\n    valText="tb.rulenode.value"\n    valRequiredText="tb.rulenode.value-required">\n  </tb-kv-map-config>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:j.TogglePasswordComponent,selector:"tb-toggle-password"},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:nt,selector:"tb-kv-map-config",inputs:["disabled","requiredText","keyText","keyRequiredText","valText","valRequiredText","hintText","required"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.MaxValidator,selector:"input[type=number][max][formControlName],input[type=number][max][formControl],input[type=number][max][ngModel]",inputs:["max"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"},{type:D.MatSuffix,selector:"[matSuffix]"}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:gt,decorators:[{type:o,args:[{selector:"tb-action-node-rabbit-mq-config",templateUrl:"./rabbit-mq-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class xt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.proxySchemes=["http","https"],this.httpRequestTypes=Object.keys(Qe)}configForm(){return this.restApiCallConfigForm}onConfigurationSet(e){this.restApiCallConfigForm=this.fb.group({restEndpointUrlPattern:[e?e.restEndpointUrlPattern:null,[k.required]],requestMethod:[e?e.requestMethod:null,[k.required]],useSimpleClientHttpFactory:[!!e&&e.useSimpleClientHttpFactory,[]],ignoreRequestBody:[!!e&&e.ignoreRequestBody,[]],enableProxy:[!!e&&e.enableProxy,[]],useSystemProxyProperties:[!!e&&e.enableProxy,[]],proxyScheme:[e?e.proxyHost:null,[]],proxyHost:[e?e.proxyHost:null,[]],proxyPort:[e?e.proxyPort:null,[]],proxyUser:[e?e.proxyUser:null,[]],proxyPassword:[e?e.proxyPassword:null,[]],readTimeoutMs:[e?e.readTimeoutMs:null,[]],maxParallelRequestsCount:[e?e.maxParallelRequestsCount:null,[k.min(0)]],headers:[e?e.headers:null,[]],useRedisQueueForMsgPersistence:[!!e&&e.useRedisQueueForMsgPersistence,[]],trimQueue:[!!e&&e.trimQueue,[]],maxQueueSize:[e?e.maxQueueSize:null,[]],credentials:[e?e.credentials:null,[]]})}validatorTriggers(){return["useSimpleClientHttpFactory","useRedisQueueForMsgPersistence","enableProxy","useSystemProxyProperties"]}updateValidators(e){const t=this.restApiCallConfigForm.get("useSimpleClientHttpFactory").value,o=this.restApiCallConfigForm.get("useRedisQueueForMsgPersistence").value,r=this.restApiCallConfigForm.get("enableProxy").value,a=this.restApiCallConfigForm.get("useSystemProxyProperties").value;r&&!a?(this.restApiCallConfigForm.get("proxyHost").setValidators(r?[k.required]:[]),this.restApiCallConfigForm.get("proxyPort").setValidators(r?[k.required,k.min(1),k.max(65535)]:[])):(this.restApiCallConfigForm.get("proxyHost").setValidators([]),this.restApiCallConfigForm.get("proxyPort").setValidators([]),t?this.restApiCallConfigForm.get("readTimeoutMs").setValidators([]):this.restApiCallConfigForm.get("readTimeoutMs").setValidators([k.min(0)])),o?this.restApiCallConfigForm.get("maxQueueSize").setValidators([k.min(0)]):this.restApiCallConfigForm.get("maxQueueSize").setValidators([]),this.restApiCallConfigForm.get("readTimeoutMs").updateValueAndValidity({emitEvent:e}),this.restApiCallConfigForm.get("maxQueueSize").updateValueAndValidity({emitEvent:e}),this.restApiCallConfigForm.get("proxyHost").updateValueAndValidity({emitEvent:e}),this.restApiCallConfigForm.get("proxyPort").updateValueAndValidity({emitEvent:e}),this.restApiCallConfigForm.get("credentials").updateValueAndValidity({emitEvent:e})}}e("RestApiCallConfigComponent",xt),xt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:xt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),xt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:xt,selector:"tb-action-node-rest-api-call-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="restApiCallConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.endpoint-url-pattern</mat-label>\n    <input required matInput formControlName="restEndpointUrlPattern">\n    <mat-error *ngIf="restApiCallConfigForm.get(\'restEndpointUrlPattern\').hasError(\'required\')">\n      {{ \'tb.rulenode.endpoint-url-pattern-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.request-method</mat-label>\n    <mat-select formControlName="requestMethod">\n      <mat-option *ngFor="let requestType of httpRequestTypes" [value]="requestType">\n        {{ requestType }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n  <mat-checkbox formControlName="enableProxy" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.enable-proxy\' | translate }}\n  </mat-checkbox>\n  <mat-checkbox *ngIf="!restApiCallConfigForm.get(\'enableProxy\').value" formControlName="useSimpleClientHttpFactory" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.use-simple-client-http-factory\' | translate }}\n  </mat-checkbox>\n  <mat-checkbox formControlName="ignoreRequestBody" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.ignore-request-body\' | translate }}\n  </mat-checkbox>\n  <div *ngIf="restApiCallConfigForm.get(\'enableProxy\').value">\n    <mat-checkbox formControlName="useSystemProxyProperties" style="padding-bottom: 16px;">\n      {{ \'tb.rulenode.use-system-proxy-properties\' | translate }}\n    </mat-checkbox>\n    <div *ngIf="!restApiCallConfigForm.get(\'useSystemProxyProperties\').value">\n      <div fxLayout.gt-sm="row" fxLayoutGap.gt-sm="8px">\n        <mat-form-field class="mat-block" fxFlex="100" fxFlex.gt-sm="10">\n          <mat-label translate>tb.rulenode.proxy-scheme</mat-label>\n          <mat-select formControlName="proxyScheme">\n            <mat-option *ngFor="let proxyScheme of proxySchemes" [value]="proxyScheme">\n              {{ proxyScheme }}\n            </mat-option>\n          </mat-select>\n        </mat-form-field>\n        <mat-form-field class="md-block" fxFlex="100" fxFlex.gt-sm="50">\n          <mat-label translate>tb.rulenode.proxy-host</mat-label>\n          <input matInput required formControlName="proxyHost">\n          <mat-error *ngIf="restApiCallConfigForm.get(\'proxyHost\').hasError(\'required\')">\n            {{ \'tb.rulenode.proxy-host-required\' | translate }}\n          </mat-error>\n        </mat-form-field>\n        <mat-form-field class="mat-block" fxFlex="100" fxFlex.gt-sm="40">\n          <mat-label translate>tb.rulenode.proxy-port</mat-label>\n          <input matInput required formControlName="proxyPort" type="number" step="1">\n          <mat-error *ngIf="restApiCallConfigForm.get(\'proxyPort\').hasError(\'required\')">\n            {{ \'tb.rulenode.proxy-port-required\' | translate }}\n          </mat-error>\n          <mat-error\n            *ngIf="restApiCallConfigForm.get(\'proxyPort\').hasError(\'min\') || restApiCallConfigForm.get(\'proxyPort\').hasError(\'max\')">\n            {{ \'tb.rulenode.proxy-port-range\' | translate }}\n          </mat-error>\n        </mat-form-field>\n      </div>\n      <mat-form-field class="mat-block">\n        <mat-label translate>tb.rulenode.proxy-user</mat-label>\n        <input matInput formControlName="proxyUser">\n      </mat-form-field>\n      <mat-form-field class="mat-block">\n        <mat-label translate>tb.rulenode.proxy-password</mat-label>\n        <input matInput formControlName="proxyPassword">\n      </mat-form-field>\n    </div>\n  </div>\n  <mat-form-field *ngIf="!restApiCallConfigForm.get(\'useSimpleClientHttpFactory\').value || restApiCallConfigForm.get(\'enableProxy\').value" class="mat-block"\n                  style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.read-timeout</mat-label>\n    <input type="number" step="1" min="0" matInput formControlName="readTimeoutMs">\n    <mat-hint translate>tb.rulenode.read-timeout-hint</mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.max-parallel-requests-count</mat-label>\n    <input type="number" step="1" min="0" matInput formControlName="maxParallelRequestsCount">\n    <mat-hint translate>tb.rulenode.max-parallel-requests-count-hint</mat-hint>\n  </mat-form-field>\n  <label translate class="tb-title">tb.rulenode.headers</label>\n  <div class="tb-hint" [innerHTML]="\'tb.rulenode.headers-hint\' | translate | safeHtml"></div>\n  <tb-kv-map-config\n    required="false"\n    formControlName="headers"\n    keyText="tb.rulenode.header"\n    keyRequiredText="tb.rulenode.header-required"\n    valText="tb.rulenode.value"\n    valRequiredText="tb.rulenode.value-required">\n  </tb-kv-map-config>\n  <mat-checkbox formControlName="useRedisQueueForMsgPersistence" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.use-redis-queue\' | translate }}\n  </mat-checkbox>\n  <div fxLayout="column" *ngIf="restApiCallConfigForm.get(\'useRedisQueueForMsgPersistence\').value === true">\n    <mat-checkbox formControlName="trimQueue" style="padding-bottom: 16px;">\n      {{ \'tb.rulenode.trim-redis-queue\' | translate }}\n    </mat-checkbox>\n    <mat-form-field class="mat-block">\n      <mat-label translate>tb.rulenode.redis-queue-max-size</mat-label>\n      <input type="number" step="1" min="0" matInput formControlName="maxQueueSize">\n    </mat-form-field>\n  </div>\n  <tb-credentials-config formControlName="credentials" [disableCertPemCredentials]="restApiCallConfigForm.get(\'useSimpleClientHttpFactory\').value"></tb-credentials-config>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:nt,selector:"tb-kv-map-config",inputs:["disabled","requiredText","keyText","keyRequiredText","valText","valRequiredText","hintText","required"]},{type:st,selector:"tb-credentials-config",inputs:["required","disableCertPemCredentials","passwordFieldRquired"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:xt,decorators:[{type:o,args:[{selector:"tb-action-node-rest-api-call-config",templateUrl:"./rest-api-call-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class yt extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.rpcReplyConfigForm}onConfigurationSet(e){this.rpcReplyConfigForm=this.fb.group({requestIdMetaDataAttribute:[e?e.requestIdMetaDataAttribute:null,[]]})}}e("RpcReplyConfigComponent",yt),yt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:yt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),yt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:yt,selector:"tb-action-node-rpc-reply-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="rpcReplyConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.request-id-metadata-attribute</mat-label>\n    <input matInput formControlName="requestIdMetaDataAttribute">\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]}]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:yt,decorators:[{type:o,args:[{selector:"tb-action-node-rpc-reply-config",templateUrl:"./rpc-reply-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class bt extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.rpcRequestConfigForm}onConfigurationSet(e){this.rpcRequestConfigForm=this.fb.group({timeoutInSeconds:[e?e.timeoutInSeconds:null,[k.required,k.min(0)]]})}}e("RpcRequestConfigComponent",bt),bt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:bt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),bt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:bt,selector:"tb-action-node-rpc-request-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="rpcRequestConfigForm" fxLayout="column">\n  <mat-form-field fxFlex class="mat-block">\n    <mat-label translate>tb.rulenode.timeout-sec</mat-label>\n    <input type="number" min="0" step="1" matInput formControlName="timeoutInSeconds" required>\n    <mat-error *ngIf="rpcRequestConfigForm.get(\'timeoutInSeconds\').hasError(\'required\')">\n      {{ \'tb.rulenode.timeout-required\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="rpcRequestConfigForm.get(\'timeoutInSeconds\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-timeout-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:bt,decorators:[{type:o,args:[{selector:"tb-action-node-rpc-request-config",templateUrl:"./rpc-request-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class ht extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.saveToCustomTableConfigForm}onConfigurationSet(e){this.saveToCustomTableConfigForm=this.fb.group({tableName:[e?e.tableName:null,[k.required,k.pattern(/.*\S.*/)]],fieldsMapping:[e?e.fieldsMapping:null,[k.required]]})}prepareOutputConfig(e){return e.tableName=e.tableName.trim(),e}}e("SaveToCustomTableConfigComponent",ht),ht.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ht,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),ht.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:ht,selector:"tb-action-node-custom-table-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="saveToCustomTableConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.custom-table-name</mat-label>\n    <input required matInput formControlName="tableName">\n    <mat-error *ngIf="saveToCustomTableConfigForm.get(\'tableName\').hasError(\'required\') ||\n                      saveToCustomTableConfigForm.get(\'tableName\').hasError(\'pattern\')">\n      {{ \'tb.rulenode.custom-table-name-required\' | translate }}\n    </mat-error>\n    <mat-hint translate>tb.rulenode.custom-table-hint</mat-hint>\n  </mat-form-field>\n  <label translate class="tb-title tb-required">tb.rulenode.fields-mapping</label>\n  <tb-kv-map-config\n    required\n    formControlName="fieldsMapping"\n    requiredText="tb.rulenode.fields-mapping-required"\n    keyText="tb.rulenode.message-field"\n    keyRequiredText="tb.rulenode.message-field-required"\n    valText="tb.rulenode.table-col"\n    valRequiredText="tb.rulenode.table-col-required">\n  </tb-kv-map-config>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:nt,selector:"tb-kv-map-config",inputs:["disabled","requiredText","keyText","keyRequiredText","valText","valRequiredText","hintText","required"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ht,decorators:[{type:o,args:[{selector:"tb-action-node-custom-table-config",templateUrl:"./save-to-custom-table-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Ct extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.smtpProtocols=["smtp","smtps"],this.tlsVersions=["TLSv1","TLSv1.1","TLSv1.2","TLSv1.3"]}configForm(){return this.sendEmailConfigForm}onConfigurationSet(e){this.sendEmailConfigForm=this.fb.group({useSystemSmtpSettings:[!!e&&e.useSystemSmtpSettings,[]],smtpProtocol:[e?e.smtpProtocol:null,[]],smtpHost:[e?e.smtpHost:null,[]],smtpPort:[e?e.smtpPort:null,[]],timeout:[e?e.timeout:null,[]],enableTls:[!!e&&e.enableTls,[]],tlsVersion:[e?e.tlsVersion:null,[]],enableProxy:[!!e&&e.enableProxy,[]],proxyHost:[e?e.proxyHost:null,[]],proxyPort:[e?e.proxyPort:null,[]],proxyUser:[e?e.proxyUser:null,[]],proxyPassword:[e?e.proxyPassword:null,[]],username:[e?e.username:null,[]],password:[e?e.password:null,[]]})}validatorTriggers(){return["useSystemSmtpSettings","enableProxy"]}updateValidators(e){const t=this.sendEmailConfigForm.get("useSystemSmtpSettings").value,o=this.sendEmailConfigForm.get("enableProxy").value;t?(this.sendEmailConfigForm.get("smtpProtocol").setValidators([]),this.sendEmailConfigForm.get("smtpHost").setValidators([]),this.sendEmailConfigForm.get("smtpPort").setValidators([]),this.sendEmailConfigForm.get("timeout").setValidators([]),this.sendEmailConfigForm.get("proxyHost").setValidators([]),this.sendEmailConfigForm.get("proxyPort").setValidators([])):(this.sendEmailConfigForm.get("smtpProtocol").setValidators([k.required]),this.sendEmailConfigForm.get("smtpHost").setValidators([k.required]),this.sendEmailConfigForm.get("smtpPort").setValidators([k.required,k.min(1),k.max(65535)]),this.sendEmailConfigForm.get("timeout").setValidators([k.required,k.min(0)]),this.sendEmailConfigForm.get("proxyHost").setValidators(o?[k.required]:[]),this.sendEmailConfigForm.get("proxyPort").setValidators(o?[k.required,k.min(1),k.max(65535)]:[])),this.sendEmailConfigForm.get("smtpProtocol").updateValueAndValidity({emitEvent:e}),this.sendEmailConfigForm.get("smtpHost").updateValueAndValidity({emitEvent:e}),this.sendEmailConfigForm.get("smtpPort").updateValueAndValidity({emitEvent:e}),this.sendEmailConfigForm.get("timeout").updateValueAndValidity({emitEvent:e}),this.sendEmailConfigForm.get("proxyHost").updateValueAndValidity({emitEvent:e}),this.sendEmailConfigForm.get("proxyPort").updateValueAndValidity({emitEvent:e})}}e("SendEmailConfigComponent",Ct),Ct.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ct,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Ct.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Ct,selector:"tb-action-node-send-email-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="sendEmailConfigForm" fxLayout="column">\n  <mat-checkbox formControlName="useSystemSmtpSettings" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.use-system-smtp-settings\' | translate }}\n  </mat-checkbox>\n  <section fxLayout="column" *ngIf="sendEmailConfigForm.get(\'useSystemSmtpSettings\').value === false">\n    <mat-form-field class="mat-block">\n      <mat-label translate>tb.rulenode.smtp-protocol</mat-label>\n      <mat-select formControlName="smtpProtocol">\n        <mat-option *ngFor="let smtpProtocol of smtpProtocols" [value]="smtpProtocol">\n          {{ smtpProtocol.toUpperCase() }}\n        </mat-option>\n      </mat-select>\n    </mat-form-field>\n    <div fxLayout.gt-sm="row" fxLayoutGap.gt-sm="8px">\n      <mat-form-field fxFlex="100" fxFlex.gt-sm="60" class="mat-block">\n        <mat-label translate>tb.rulenode.smtp-host</mat-label>\n        <input required matInput formControlName="smtpHost">\n        <mat-error *ngIf="sendEmailConfigForm.get(\'smtpHost\').hasError(\'required\')">\n          {{ \'tb.rulenode.smtp-host-required\' | translate }}\n        </mat-error>\n      </mat-form-field>\n      <mat-form-field fxFlex="100" fxFlex.gt-sm="40" class="mat-block">\n        <mat-label translate>tb.rulenode.smtp-port</mat-label>\n        <input required type="number" step="1" min="1" max="65535" matInput formControlName="smtpPort">\n        <mat-error *ngIf="sendEmailConfigForm.get(\'smtpPort\').hasError(\'required\')">\n          {{ \'tb.rulenode.smtp-port-required\' | translate }}\n        </mat-error>\n        <mat-error *ngIf="sendEmailConfigForm.get(\'smtpPort\').hasError(\'min\')">\n          {{ \'tb.rulenode.smtp-port-range\' | translate }}\n        </mat-error>\n        <mat-error *ngIf="sendEmailConfigForm.get(\'smtpPort\').hasError(\'max\')">\n          {{ \'tb.rulenode.smtp-port-range\' | translate }}\n        </mat-error>\n      </mat-form-field>\n    </div>\n    <mat-form-field class="mat-block">\n      <mat-label translate>tb.rulenode.timeout-msec</mat-label>\n      <input required type="number" step="1" min="0" matInput formControlName="timeout">\n      <mat-error *ngIf="sendEmailConfigForm.get(\'timeout\').hasError(\'required\')">\n        {{ \'tb.rulenode.timeout-required\' | translate }}\n      </mat-error>\n      <mat-error *ngIf="sendEmailConfigForm.get(\'timeout\').hasError(\'min\')">\n        {{ \'tb.rulenode.min-timeout-msec-message\' | translate }}\n      </mat-error>\n    </mat-form-field>\n    <mat-checkbox formControlName="enableTls" style="padding-bottom: 16px;">\n      {{ \'tb.rulenode.enable-tls\' | translate }}\n    </mat-checkbox>\n    <mat-form-field class="mat-block" *ngIf="sendEmailConfigForm.get(\'enableTls\').value === true">\n      <mat-label translate>tb.rulenode.tls-version</mat-label>\n      <mat-select formControlName="tlsVersion">\n        <mat-option *ngFor="let tlsVersion of tlsVersions" [value]="tlsVersion">\n          {{ tlsVersion }}\n        </mat-option>\n      </mat-select>\n    </mat-form-field>\n    <tb-checkbox formControlName="enableProxy" style="display: block; padding-bottom: 16px;">\n      {{ \'tb.rulenode.enable-proxy\' | translate }}\n    </tb-checkbox>\n    <div *ngIf="sendEmailConfigForm.get(\'enableProxy\').value">\n      <div fxLayout.gt-sm="row" fxLayoutGap.gt-sm="8px">\n        <mat-form-field class="mat-block" fxFlex="100" fxFlex.gt-sm="60">\n          <mat-label translate>tb.rulenode.proxy-host</mat-label>\n          <input matInput required formControlName="proxyHost">\n          <mat-error *ngIf="sendEmailConfigForm.get(\'proxyHost\').hasError(\'required\')">\n            {{ \'tb.rulenode.proxy-host-required\' | translate }}\n          </mat-error>\n        </mat-form-field>\n        <mat-form-field class="mat-block" fxFlex="100" fxFlex.gt-sm="40">\n          <mat-label translate>tb.rulenode.proxy-port</mat-label>\n          <input matInput required formControlName="proxyPort" type="number" step="1" min="1" max="65535">\n          <mat-error *ngIf="sendEmailConfigForm.get(\'proxyPort\').hasError(\'required\')">\n            {{ \'tb.rulenode.proxy-port-required\' | translate }}\n          </mat-error>\n          <mat-error *ngIf="sendEmailConfigForm.get(\'proxyPort\').hasError(\'min\') || sendEmailConfigForm.get(\'proxyPort\').hasError(\'max\')">\n            {{ \'tb.rulenode.proxy-port-range\' | translate }}\n          </mat-error>\n        </mat-form-field>\n      </div>\n      <mat-form-field class="mat-block">\n        <mat-label translate>tb.rulenode.proxy-user</mat-label>\n        <input matInput formControlName="proxyUser">\n      </mat-form-field>\n      <mat-form-field class="mat-block">\n        <mat-label translate>tb.rulenode.proxy-password</mat-label>\n        <input matInput formControlName="proxyPassword">\n      </mat-form-field>\n    </div>\n    <mat-form-field class="mat-block" floatLabel="always">\n      <mat-label translate>tb.rulenode.username</mat-label>\n      <input matInput placeholder="{{ \'tb.rulenode.enter-username\' | translate }}" formControlName="username">\n    </mat-form-field>\n    <mat-form-field class="mat-block" floatLabel="always">\n      <mat-label translate>tb.rulenode.password</mat-label>\n      <input matInput type="password" placeholder="{{ \'tb.rulenode.enter-password\' | translate }}" formControlName="password">\n      <tb-toggle-password matSuffix></tb-toggle-password>\n    </mat-form-field>\n  </section>\n</section>\n',components:[{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:ce.TbCheckboxComponent,selector:"tb-checkbox",inputs:["disabled","trueValue","falseValue"],outputs:["valueChange"]},{type:j.TogglePasswordComponent,selector:"tb-toggle-password"}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.MaxValidator,selector:"input[type=number][max][formControlName],input[type=number][max][formControl],input[type=number][max][ngModel]",inputs:["max"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"},{type:D.MatSuffix,selector:"[matSuffix]"}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ct,decorators:[{type:o,args:[{selector:"tb-action-node-send-email-config",templateUrl:"./send-email-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Ft extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.sendSmsConfigForm}onConfigurationSet(e){this.sendSmsConfigForm=this.fb.group({numbersToTemplate:[e?e.numbersToTemplate:null,[k.required]],smsMessageTemplate:[e?e.smsMessageTemplate:null,[k.required]],useSystemSmsSettings:[!!e&&e.useSystemSmsSettings,[]],smsProviderConfiguration:[e?e.smsProviderConfiguration:null,[]]})}validatorTriggers(){return["useSystemSmsSettings"]}updateValidators(e){this.sendSmsConfigForm.get("useSystemSmsSettings").value?this.sendSmsConfigForm.get("smsProviderConfiguration").setValidators([]):this.sendSmsConfigForm.get("smsProviderConfiguration").setValidators([k.required]),this.sendSmsConfigForm.get("smsProviderConfiguration").updateValueAndValidity({emitEvent:e})}}e("SendSmsConfigComponent",Ft),Ft.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ft,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Ft.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Ft,selector:"tb-action-node-send-sms-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="sendSmsConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" style="padding-bottom: 24px;">\n    <mat-label translate>tb.rulenode.numbers-to-template</mat-label>\n    <input required matInput formControlName="numbersToTemplate">\n    <mat-error *ngIf="sendSmsConfigForm.get(\'numbersToTemplate\').hasError(\'required\')">\n      {{ \'tb.rulenode.numbers-to-template-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.numbers-to-template-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block" style="padding-bottom: 8px;">\n    <mat-label translate>tb.rulenode.sms-message-template</mat-label>\n    <textarea required matInput formControlName="smsMessageTemplate" rows="6"></textarea>\n    <mat-error *ngIf="sendSmsConfigForm.get(\'smsMessageTemplate\').hasError(\'required\')">\n      {{ \'tb.rulenode.sms-message-template-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-checkbox formControlName="useSystemSmsSettings" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.use-system-sms-settings\' | translate }}\n  </mat-checkbox>\n  <tb-sms-provider-configuration\n    *ngIf="sendSmsConfigForm.get(\'useSystemSmsSettings\').value === false"\n    formControlName="smsProviderConfiguration"\n    required>\n  </tb-sms-provider-configuration>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:ge.SmsProviderConfigurationComponent,selector:"tb-sms-provider-configuration",inputs:["required","disabled"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ft,decorators:[{type:o,args:[{selector:"tb-action-node-send-sms-config",templateUrl:"./send-sms-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Lt extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.snsConfigForm}onConfigurationSet(e){this.snsConfigForm=this.fb.group({topicArnPattern:[e?e.topicArnPattern:null,[k.required]],accessKeyId:[e?e.accessKeyId:null,[k.required]],secretAccessKey:[e?e.secretAccessKey:null,[k.required]],region:[e?e.region:null,[k.required]]})}}e("SnsConfigComponent",Lt),Lt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Lt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Lt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Lt,selector:"tb-action-node-sns-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="snsConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" style="padding-bottom: 8px;">\n    <mat-label translate>tb.rulenode.topic-arn-pattern</mat-label>\n    <input required matInput formControlName="topicArnPattern">\n    <mat-error *ngIf="snsConfigForm.get(\'topicArnPattern\').hasError(\'required\')">\n      {{ \'tb.rulenode.topic-arn-pattern-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.aws-access-key-id</mat-label>\n    <input required matInput formControlName="accessKeyId">\n    <mat-error *ngIf="snsConfigForm.get(\'accessKeyId\').hasError(\'required\')">\n      {{ \'tb.rulenode.aws-access-key-id-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.aws-secret-access-key</mat-label>\n    <input required matInput formControlName="secretAccessKey">\n    <mat-error *ngIf="snsConfigForm.get(\'secretAccessKey\').hasError(\'required\')">\n      {{ \'tb.rulenode.aws-secret-access-key-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.aws-region</mat-label>\n    <input required matInput formControlName="region">\n    <mat-error *ngIf="snsConfigForm.get(\'region\').hasError(\'required\')">\n      {{ \'tb.rulenode.aws-region-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Lt,decorators:[{type:o,args:[{selector:"tb-action-node-sns-config",templateUrl:"./sns-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class vt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.sqsQueueType=Ue,this.sqsQueueTypes=Object.keys(Ue),this.sqsQueueTypeTranslationsMap=Ke}configForm(){return this.sqsConfigForm}onConfigurationSet(e){this.sqsConfigForm=this.fb.group({queueType:[e?e.queueType:null,[k.required]],queueUrlPattern:[e?e.queueUrlPattern:null,[k.required]],delaySeconds:[e?e.delaySeconds:null,[k.min(0),k.max(900)]],messageAttributes:[e?e.messageAttributes:null,[]],accessKeyId:[e?e.accessKeyId:null,[k.required]],secretAccessKey:[e?e.secretAccessKey:null,[k.required]],region:[e?e.region:null,[k.required]]})}}e("SqsConfigComponent",vt),vt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:vt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),vt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:vt,selector:"tb-action-node-sqs-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="sqsConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.queue-type</mat-label>\n    <mat-select formControlName="queueType" required>\n      <mat-option *ngFor="let type of sqsQueueTypes" [value]="type">\n        {{ sqsQueueTypeTranslationsMap.get(type) | translate }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n  <mat-form-field class="mat-block" style="padding-bottom: 8px;">\n    <mat-label translate>tb.rulenode.queue-url-pattern</mat-label>\n    <input required matInput formControlName="queueUrlPattern">\n    <mat-error *ngIf="sqsConfigForm.get(\'queueUrlPattern\').hasError(\'required\')">\n      {{ \'tb.rulenode.queue-url-pattern-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field *ngIf="sqsConfigForm.get(\'queueType\').value === sqsQueueType.STANDARD" class="mat-block">\n    <mat-label translate>tb.rulenode.delay-seconds</mat-label>\n    <input required type="number" min="0" max="900" step="1" matInput formControlName="delaySeconds">\n    <mat-error *ngIf="sqsConfigForm.get(\'delaySeconds\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-delay-seconds-message\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="sqsConfigForm.get(\'delaySeconds\').hasError(\'max\')">\n      {{ \'tb.rulenode.max-delay-seconds-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <label translate class="tb-title">tb.rulenode.message-attributes</label>\n  <div class="tb-hint" [innerHTML]="\'tb.rulenode.message-attributes-hint\' | translate | safeHtml"></div>\n  <tb-kv-map-config\n    required="false"\n    formControlName="messageAttributes"\n    keyText="tb.rulenode.name"\n    keyRequiredText="tb.rulenode.name-required"\n    valText="tb.rulenode.value"\n    valRequiredText="tb.rulenode.value-required">\n  </tb-kv-map-config>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.aws-access-key-id</mat-label>\n    <input required matInput formControlName="accessKeyId">\n    <mat-error *ngIf="sqsConfigForm.get(\'accessKeyId\').hasError(\'required\')">\n      {{ \'tb.rulenode.aws-access-key-id-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.aws-secret-access-key</mat-label>\n    <input required matInput formControlName="secretAccessKey">\n    <mat-error *ngIf="sqsConfigForm.get(\'secretAccessKey\').hasError(\'required\')">\n      {{ \'tb.rulenode.aws-secret-access-key-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.aws-region</mat-label>\n    <input required matInput formControlName="region">\n    <mat-error *ngIf="sqsConfigForm.get(\'region\').hasError(\'required\')">\n      {{ \'tb.rulenode.aws-region-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:nt,selector:"tb-kv-map-config",inputs:["disabled","requiredText","keyText","keyRequiredText","valText","valRequiredText","hintText","required"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.MaxValidator,selector:"input[type=number][max][formControlName],input[type=number][max][formControl],input[type=number][max][ngModel]",inputs:["max"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:vt,decorators:[{type:o,args:[{selector:"tb-action-node-sqs-config",templateUrl:"./sqs-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class It extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.timeseriesConfigForm}onConfigurationSet(e){this.timeseriesConfigForm=this.fb.group({defaultTTL:[e?e.defaultTTL:null,[k.required,k.min(0)]],skipLatestPersistence:[!!e&&e.skipLatestPersistence,[]],useServerTs:[!!e&&e.useServerTs,[]]})}}e("TimeseriesConfigComponent",It),It.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:It,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),It.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:It,selector:"tb-action-node-timeseries-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="timeseriesConfigForm" fxLayout="column">\n  <mat-form-field fxFlex class="mat-block">\n    <mat-label translate>tb.rulenode.default-ttl</mat-label>\n    <input type="number" min="0" step="1" matInput formControlName="defaultTTL" required>\n    <mat-error *ngIf="timeseriesConfigForm.get(\'defaultTTL\').hasError(\'required\')">\n      {{ \'tb.rulenode.default-ttl-required\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="timeseriesConfigForm.get(\'defaultTTL\').hasError(\'min\')">\n      {{ \'tb.rulenode.min-default-ttl-message\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-checkbox fxFlex formControlName="skipLatestPersistence" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.skip-latest-persistence\' | translate }}\n  </mat-checkbox>\n  <mat-checkbox fxFlex formControlName="useServerTs">\n    {{ \'tb.rulenode.use-server-ts\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" style="padding-bottom: 16px;" translate>tb.rulenode.use-server-ts-hint</div>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:It,decorators:[{type:o,args:[{selector:"tb-action-node-timeseries-config",templateUrl:"./timeseries-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Nt extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.unassignCustomerConfigForm}onConfigurationSet(e){this.unassignCustomerConfigForm=this.fb.group({customerNamePattern:[e?e.customerNamePattern:null,[k.required,k.pattern(/.*\S.*/)]],customerCacheExpiration:[e?e.customerCacheExpiration:null,[k.required,k.min(0)]]})}prepareOutputConfig(e){return e.customerNamePattern=e.customerNamePattern.trim(),e}}e("UnassignCustomerConfigComponent",Nt),Nt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Nt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Nt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Nt,selector:"tb-action-node-un-assign-to-customer-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="unassignCustomerConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.customer-name-pattern</mat-label>\n    <input required matInput formControlName="customerNamePattern">\n    <mat-error *ngIf="unassignCustomerConfigForm.get(\'customerNamePattern\').hasError(\'required\') ||\n                      unassignCustomerConfigForm.get(\'customerNamePattern\').hasError(\'pattern\')">\n      {{ \'tb.rulenode.customer-name-pattern-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.customer-cache-expiration</mat-label>\n    <input required type="number" min="0" step="1" matInput formControlName="customerCacheExpiration">\n    <mat-error *ngIf="unassignCustomerConfigForm.get(\'customerCacheExpiration\').hasError(\'required\')">\n      {{ \'tb.rulenode.customer-cache-expiration-required\' | translate }}\n    </mat-error>\n    <mat-error *ngIf="unassignCustomerConfigForm.get(\'customerCacheExpiration\').hasError(\'min\')">\n      {{ \'tb.rulenode.customer-cache-expiration-range\' | translate }}\n    </mat-error>\n    <mat-hint translate>tb.rulenode.customer-cache-expiration-hint</mat-hint>\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Nt,decorators:[{type:o,args:[{selector:"tb-action-node-un-assign-to-customer-config",templateUrl:"./unassign-customer-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Tt extends y{constructor(e,t){super(e),this.store=e,this.fb=t,this.directionTypes=Object.keys(c),this.directionTypeTranslations=g,this.entityType=x,this.propagateChange=null}get required(){return this.requiredValue}set required(e){this.requiredValue=le(e)}ngOnInit(){this.deviceRelationsQueryFormGroup=this.fb.group({fetchLastLevelOnly:[!1,[]],direction:[null,[k.required]],maxLevel:[null,[]],relationType:[null],deviceTypes:[null,[k.required]]}),this.deviceRelationsQueryFormGroup.valueChanges.subscribe((e=>{this.deviceRelationsQueryFormGroup.valid?this.propagateChange(e):this.propagateChange(null)}))}registerOnChange(e){this.propagateChange=e}registerOnTouched(e){}setDisabledState(e){this.disabled=e,this.disabled?this.deviceRelationsQueryFormGroup.disable({emitEvent:!1}):this.deviceRelationsQueryFormGroup.enable({emitEvent:!1})}writeValue(e){this.deviceRelationsQueryFormGroup.reset(e,{emitEvent:!1})}}e("DeviceRelationsQueryConfigComponent",Tt),Tt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Tt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Tt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Tt,selector:"tb-device-relations-query-config",inputs:{disabled:"disabled",required:"required"},providers:[{provide:S,useExisting:n((()=>Tt)),multi:!0}],usesInheritance:!0,ngImport:t,template:'<section fxLayout="column" [formGroup]="deviceRelationsQueryFormGroup">\n  <mat-checkbox formControlName="fetchLastLevelOnly" style="padding-bottom: 16px;">\n    {{ \'alias.last-level-relation\' | translate }}\n  </mat-checkbox>\n  <div fxLayoutGap="8px" fxLayout="row">\n    <mat-form-field class="mat-block" style="min-width: 100px;">\n      <mat-label translate>relation.direction</mat-label>\n      <mat-select required matInput formControlName="direction">\n        <mat-option *ngFor="let type of directionTypes" [value]="type">\n          {{ directionTypeTranslations.get(type) | translate }}\n        </mat-option>\n      </mat-select>\n    </mat-form-field>\n    <mat-form-field fxFlex floatLabel="always" class="mat-block">\n      <mat-label translate>tb.rulenode.max-relation-level</mat-label>\n      <input matInput\n             type="number"\n             min="1"\n             step="1"\n             placeholder="{{ \'tb.rulenode.unlimited-level\' | translate }}"\n             formControlName="maxLevel">\n    </mat-form-field>\n  </div>\n  <div class="mat-caption" style="color: rgba(0,0,0,0.57);" translate>relation.relation-type</div>\n  <tb-relation-type-autocomplete\n    fxFlex\n    formControlName="relationType">\n  </tb-relation-type-autocomplete>\n  <div class="mat-caption tb-required" style="color: rgba(0,0,0,0.57);" translate>device.device-types</div>\n  <tb-entity-subtype-list\n    required\n    [entityType]="entityType.DEVICE"\n    formControlName="deviceTypes">\n  </tb-entity-subtype-list>\n</section>\n',components:[{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:ye.RelationTypeAutocompleteComponent,selector:"tb-relation-type-autocomplete",inputs:["required","disabled"]},{type:be.EntitySubTypeListComponent,selector:"tb-entity-subtype-list",inputs:["required","disabled","entityType"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Tt,decorators:[{type:o,args:[{selector:"tb-device-relations-query-config",templateUrl:"./device-relations-query-config.component.html",styleUrls:[],providers:[{provide:S,useExisting:n((()=>Tt)),multi:!0}]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]},propDecorators:{disabled:[{type:l}],required:[{type:l}]}});class qt extends y{constructor(e,t){super(e),this.store=e,this.fb=t,this.directionTypes=Object.keys(c),this.directionTypeTranslations=g,this.propagateChange=null}get required(){return this.requiredValue}set required(e){this.requiredValue=le(e)}ngOnInit(){this.relationsQueryFormGroup=this.fb.group({fetchLastLevelOnly:[!1,[]],direction:[null,[k.required]],maxLevel:[null,[]],filters:[null]}),this.relationsQueryFormGroup.valueChanges.subscribe((e=>{this.relationsQueryFormGroup.valid?this.propagateChange(e):this.propagateChange(null)}))}registerOnChange(e){this.propagateChange=e}registerOnTouched(e){}setDisabledState(e){this.disabled=e,this.disabled?this.relationsQueryFormGroup.disable({emitEvent:!1}):this.relationsQueryFormGroup.enable({emitEvent:!1})}writeValue(e){this.relationsQueryFormGroup.reset(e||{},{emitEvent:!1})}}e("RelationsQueryConfigComponent",qt),qt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:qt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),qt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:qt,selector:"tb-relations-query-config",inputs:{disabled:"disabled",required:"required"},providers:[{provide:S,useExisting:n((()=>qt)),multi:!0}],usesInheritance:!0,ngImport:t,template:'<section fxLayout="column" [formGroup]="relationsQueryFormGroup">\n  <mat-checkbox formControlName="fetchLastLevelOnly" style="padding-bottom: 16px;">\n    {{ \'alias.last-level-relation\' | translate }}\n  </mat-checkbox>\n  <div fxLayoutGap="8px" fxLayout="row">\n    <mat-form-field class="mat-block" style="min-width: 100px;">\n      <mat-label translate>relation.direction</mat-label>\n      <mat-select required matInput formControlName="direction">\n        <mat-option *ngFor="let type of directionTypes" [value]="type">\n          {{ directionTypeTranslations.get(type) | translate }}\n        </mat-option>\n      </mat-select>\n    </mat-form-field>\n    <mat-form-field fxFlex floatLabel="always" class="mat-block">\n      <mat-label translate>tb.rulenode.max-relation-level</mat-label>\n      <input matInput\n             type="number"\n             min="1"\n             step="1"\n             placeholder="{{ \'tb.rulenode.unlimited-level\' | translate }}"\n             formControlName="maxLevel">\n    </mat-form-field>\n  </div>\n  <div class="mat-caption" style="color: rgba(0,0,0,0.57);" translate>relation.relation-filters</div>\n  <tb-relation-filters\n    formControlName="filters"\n  ></tb-relation-filters>\n</section>\n',components:[{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:he.RelationFiltersComponent,selector:"tb-relation-filters",inputs:["disabled","allowedEntityTypes"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:qt,decorators:[{type:o,args:[{selector:"tb-relations-query-config",templateUrl:"./relations-query-config.component.html",styleUrls:[],providers:[{provide:S,useExisting:n((()=>qt)),multi:!0}]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]},propDecorators:{disabled:[{type:l}],required:[{type:l}]}});class kt extends y{constructor(e,t,o,r){super(e),this.store=e,this.translate=t,this.truncate=o,this.fb=r,this.placeholder="tb.rulenode.message-type",this.separatorKeysCodes=[Z,X,ee],this.messageTypes=[],this.messageTypesList=[],this.searchText="",this.propagateChange=e=>{},this.messageTypeConfigForm=this.fb.group({messageType:[null]});for(const e of Object.keys(b))this.messageTypesList.push({name:h.get(b[e]),value:e})}get required(){return this.requiredValue}set required(e){this.requiredValue=le(e)}registerOnChange(e){this.propagateChange=e}registerOnTouched(e){}ngOnInit(){this.filteredMessageTypes=this.messageTypeConfigForm.get("messageType").valueChanges.pipe(ue(""),pe((e=>e||"")),de((e=>this.fetchMessageTypes(e))),fe())}ngAfterViewInit(){}setDisabledState(e){this.disabled=e,this.disabled?this.messageTypeConfigForm.disable({emitEvent:!1}):this.messageTypeConfigForm.enable({emitEvent:!1})}writeValue(e){this.searchText="",this.messageTypes.length=0,e&&e.forEach((e=>{const t=this.messageTypesList.find((t=>t.value===e));t?this.messageTypes.push({name:t.name,value:t.value}):this.messageTypes.push({name:e,value:e})}))}displayMessageTypeFn(e){return e?e.name:void 0}textIsNotEmpty(e){return!!(e&&null!=e&&e.length>0)}createMessageType(e,t){e.preventDefault(),this.transformMessageType(t)}add(e){this.transformMessageType(e.value)}fetchMessageTypes(e){if(this.searchText=e,this.searchText&&this.searchText.length){const e=this.searchText.toUpperCase();return Ce(this.messageTypesList.filter((t=>t.name.toUpperCase().includes(e))))}return Ce(this.messageTypesList)}transformMessageType(e){if((e||"").trim()){let t=null;const o=e.trim(),r=this.messageTypesList.find((e=>e.name===o));t=r?{name:r.name,value:r.value}:{name:o,value:o},t&&this.addMessageType(t)}this.clear("")}remove(e){const t=this.messageTypes.indexOf(e);t>=0&&(this.messageTypes.splice(t,1),this.updateModel())}selected(e){this.addMessageType(e.option.value),this.clear("")}addMessageType(e){-1===this.messageTypes.findIndex((t=>t.value===e.value))&&(this.messageTypes.push(e),this.updateModel())}onFocus(){this.messageTypeConfigForm.get("messageType").updateValueAndValidity({onlySelf:!0,emitEvent:!0})}clear(e=""){this.messageTypeInput.nativeElement.value=e,this.messageTypeConfigForm.get("messageType").patchValue(null,{emitEvent:!0}),setTimeout((()=>{this.messageTypeInput.nativeElement.blur(),this.messageTypeInput.nativeElement.focus()}),0)}updateModel(){const e=this.messageTypes.map((e=>e.value));this.required?(this.chipList.errorState=!e.length,this.propagateChange(e.length>0?e:null)):(this.chipList.errorState=!1,this.propagateChange(e))}}e("MessageTypesConfigComponent",kt),kt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:kt,deps:[{token:T.Store},{token:P.TranslateService},{token:C.TruncatePipe},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),kt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:kt,selector:"tb-message-types-config",inputs:{required:"required",label:"label",placeholder:"placeholder",disabled:"disabled"},providers:[{provide:S,useExisting:n((()=>kt)),multi:!0}],viewQueries:[{propertyName:"chipList",first:!0,predicate:["chipList"],descendants:!0},{propertyName:"matAutocomplete",first:!0,predicate:["messageTypeAutocomplete"],descendants:!0},{propertyName:"messageTypeInput",first:!0,predicate:["messageTypeInput"],descendants:!0}],usesInheritance:!0,ngImport:t,template:'<mat-form-field [formGroup]="messageTypeConfigForm" style="width: 100%;">\n  <mat-label *ngIf="label" translate>{{ label }}</mat-label>\n  <mat-chip-list #chipList [required]="required">\n    <mat-chip\n      *ngFor="let messageType of messageTypes"\n      [selectable]="true"\n      [removable]="true"\n      (removed)="remove(messageType)">\n      {{messageType.name}}\n      <mat-icon matChipRemove>close</mat-icon>\n    </mat-chip>\n    <input matInput type="text" placeholder="{{ placeholder | translate }}"\n           style="max-width: 200px;"\n           #messageTypeInput\n           (focusin)="onFocus()"\n           formControlName="messageType"\n           matAutocompleteOrigin\n           #origin="matAutocompleteOrigin"\n           [matAutocompleteConnectedTo]="origin"\n           [matAutocomplete]="messageTypeAutocomplete"\n           [matChipInputFor]="chipList"\n           [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n           (matChipInputTokenEnd)="add($event)">\n  </mat-chip-list>\n  <mat-autocomplete #messageTypeAutocomplete="matAutocomplete"\n                    class="tb-autocomplete"\n                    (optionSelected)="selected($event)"\n                    [displayWith]="displayMessageTypeFn">\n    <mat-option *ngFor="let messageType of filteredMessageTypes | async" [value]="messageType">\n      <span [innerHTML]="messageType.name | highlight:searchText"></span>\n    </mat-option>\n    <mat-option *ngIf="(filteredMessageTypes | async)?.length === 0" [value]="null" class="tb-not-found">\n      <div class="tb-not-found-content" (click)="$event.stopPropagation()">\n        <div *ngIf="!textIsNotEmpty(searchText); else searchNotEmpty">\n          <span translate>tb.rulenode.no-message-types-found</span>\n        </div>\n        <ng-template #searchNotEmpty>\n                <span>\n                  {{ translate.get(\'tb.rulenode.no-message-type-matching\',\n                  {messageType: truncate.transform(searchText, true, 6, &apos;...&apos;)}) | async }}\n                </span>\n        </ng-template>\n        <span>\n          <a translate (click)="createMessageType($event, searchText)">tb.rulenode.create-new-message-type</a>\n        </span>\n      </div>\n    </mat-option>\n  </mat-autocomplete>\n  <mat-error *ngIf="chipList.errorState">\n    {{ \'tb.rulenode.message-types-required\' | translate }}\n  </mat-error>\n</mat-form-field>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:te.MatChipList,selector:"mat-chip-list",inputs:["aria-orientation","multiple","compareWith","value","required","placeholder","disabled","selectable","tabIndex","errorStateMatcher"],outputs:["change","valueChange"],exportAs:["matChipList"]},{type:oe.MatIcon,selector:"mat-icon",inputs:["color","inline","svgIcon","fontSet","fontIcon"],exportAs:["matIcon"]},{type:Fe.MatAutocomplete,selector:"mat-autocomplete",inputs:["disableRipple"],exportAs:["matAutocomplete"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]}],directives:[{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:te.MatChip,selector:"mat-basic-chip, [mat-basic-chip], mat-chip, [mat-chip]",inputs:["color","disableRipple","tabIndex","selected","value","selectable","disabled","removable"],outputs:["selectionChange","destroyed","removed"],exportAs:["matChip"]},{type:te.MatChipRemove,selector:"[matChipRemove]"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:Fe.MatAutocompleteTrigger,selector:"input[matAutocomplete], textarea[matAutocomplete]",exportAs:["matAutocompleteTrigger"]},{type:te.MatChipInput,selector:"input[matChipInputFor]",inputs:["matChipInputSeparatorKeyCodes","placeholder","id","matChipInputFor","matChipInputAddOnBlur","disabled"],outputs:["matChipInputTokenEnd"],exportAs:["matChipInput","matChipInputFor"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:Fe.MatAutocompleteOrigin,selector:"[matAutocompleteOrigin]",exportAs:["matAutocompleteOrigin"]},{type:D.MatError,selector:"mat-error",inputs:["id"]}],pipes:{translate:P.TranslatePipe,async:w.AsyncPipe,highlight:Le.HighlightPipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:kt,decorators:[{type:o,args:[{selector:"tb-message-types-config",templateUrl:"./message-types-config.component.html",styleUrls:[],providers:[{provide:S,useExisting:n((()=>kt)),multi:!0}]}]}],ctorParameters:function(){return[{type:T.Store},{type:P.TranslateService},{type:C.TruncatePipe},{type:q.FormBuilder}]},propDecorators:{required:[{type:l}],label:[{type:l}],placeholder:[{type:l}],disabled:[{type:l}],chipList:[{type:a,args:["chipList",{static:!1}]}],matAutocomplete:[{type:a,args:["messageTypeAutocomplete",{static:!1}]}],messageTypeInput:[{type:a,args:["messageTypeInput",{static:!1}]}]}});class Mt{}e("RulenodeCoreConfigCommonModule",Mt),Mt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Mt,deps:[],target:t.ɵɵFactoryTarget.NgModule}),Mt.ɵmod=t.ɵɵngDeclareNgModule({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Mt,declarations:[nt,Tt,qt,kt,st,Te],imports:[O,F,xe],exports:[nt,Tt,qt,kt,st,Te]}),Mt.ɵinj=t.ɵɵngDeclareInjector({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Mt,imports:[[O,F,xe]]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Mt,decorators:[{type:i,args:[{declarations:[nt,Tt,qt,kt,st,Te],imports:[O,F,xe],exports:[nt,Tt,qt,kt,st,Te]}]}]});class St{}e("RuleNodeCoreConfigActionModule",St),St.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:St,deps:[],target:t.ɵɵFactoryTarget.NgModule}),St.ɵmod=t.ɵɵngDeclareNgModule({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:St,declarations:[ke,It,bt,it,qe,Ze,Xe,et,pt,tt,rt,at,ut,yt,ht,Nt,Lt,vt,dt,lt,mt,gt,xt,Ct,Je,Ye,ot,Ft,ct,ft],imports:[O,F,xe,Mt],exports:[ke,It,bt,it,qe,Ze,Xe,et,pt,tt,rt,at,ut,yt,ht,Nt,Lt,vt,dt,lt,mt,gt,xt,Ct,Je,Ye,ot,Ft,ct,ft]}),St.ɵinj=t.ɵɵngDeclareInjector({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:St,imports:[[O,F,xe,Mt]]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:St,decorators:[{type:i,args:[{declarations:[ke,It,bt,it,qe,Ze,Xe,et,pt,tt,rt,at,ut,yt,ht,Nt,Lt,vt,dt,lt,mt,gt,xt,Ct,Je,Ye,ot,Ft,ct,ft],imports:[O,F,xe,Mt],exports:[ke,It,bt,it,qe,Ze,Xe,et,pt,tt,rt,at,ut,yt,ht,Nt,Lt,vt,dt,lt,mt,gt,xt,Ct,Je,Ye,ot,Ft,ct,ft]}]}]});class At extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.separatorKeysCodes=[Z,X,ee]}configForm(){return this.calculateDeltaConfigForm}onConfigurationSet(e){this.calculateDeltaConfigForm=this.fb.group({inputValueKey:[e?e.inputValueKey:null,[k.required]],outputValueKey:[e?e.outputValueKey:null,[k.required]],useCache:[e?e.useCache:null,[]],addPeriodBetweenMsgs:[!!e&&e.addPeriodBetweenMsgs,[]],periodValueKey:[e?e.periodValueKey:null,[]],round:[e?e.round:null,[k.min(0),k.max(15)]],tellFailureIfDeltaIsNegative:[e?e.tellFailureIfDeltaIsNegative:null,[]]})}updateValidators(e){this.calculateDeltaConfigForm.get("addPeriodBetweenMsgs").value?this.calculateDeltaConfigForm.get("periodValueKey").setValidators([k.required]):this.calculateDeltaConfigForm.get("periodValueKey").setValidators([]),this.calculateDeltaConfigForm.get("periodValueKey").updateValueAndValidity({emitEvent:e})}validatorTriggers(){return["addPeriodBetweenMsgs"]}}e("CalculateDeltaConfigComponent",At),At.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:At,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),At.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:At,selector:"tb-enrichment-node-calculate-delta-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="calculateDeltaConfigForm" fxLayout="column">\n  <div fxLayout.gt-sm="row" fxLayoutGap.gt-sm="8px">\n    <mat-form-field class="mat-block" fxFlex="100" fxFlex.gt-sm="38">\n      <mat-label translate>tb.rulenode.input-value-key</mat-label>\n      <input required matInput formControlName="inputValueKey">\n      <mat-error *ngIf="calculateDeltaConfigForm.get(\'inputValueKey\').hasError(\'required\')">\n        {{ \'tb.rulenode.input-value-key-required\' | translate }}\n      </mat-error>\n    </mat-form-field>\n    <mat-form-field class="mat-block" fxFlex="100" fxFlex.gt-sm="38">\n      <mat-label translate>tb.rulenode.output-value-key</mat-label>\n      <input required matInput formControlName="outputValueKey">\n      <mat-error *ngIf="calculateDeltaConfigForm.get(\'outputValueKey\').hasError(\'required\')">\n        {{ \'tb.rulenode.output-value-key-required\' | translate }}\n      </mat-error>\n    </mat-form-field>\n    <mat-form-field class="mat-block" fxFlex="100" fxFlex.gt-sm="24">\n      <mat-label translate>tb.rulenode.round</mat-label>\n      <input type="number" min="0" max="15" step="1" matInput formControlName="round">\n      <mat-error *ngIf="calculateDeltaConfigForm.get(\'round\').hasError(\'min\')">\n        {{ \'tb.rulenode.round-range\' | translate }}\n      </mat-error>\n      <mat-error *ngIf="calculateDeltaConfigForm.get(\'round\').hasError(\'max\')">\n        {{ \'tb.rulenode.round-range\' | translate }}\n      </mat-error>\n    </mat-form-field>\n  </div>\n  <mat-checkbox formControlName="useCache" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.use-cache\' | translate }}\n  </mat-checkbox>\n  <mat-checkbox formControlName="tellFailureIfDeltaIsNegative" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.tell-failure-if-delta-is-negative\' | translate }}\n  </mat-checkbox>\n  <mat-checkbox formControlName="addPeriodBetweenMsgs" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.add-period-between-msgs\' | translate }}\n  </mat-checkbox>\n  <mat-form-field class="mat-block" *ngIf="calculateDeltaConfigForm.get(\'addPeriodBetweenMsgs\').value">\n    <mat-label translate>tb.rulenode.period-value-key</mat-label>\n    <input required matInput formControlName="periodValueKey">\n    <mat-error *ngIf="calculateDeltaConfigForm.get(\'periodValueKey\').hasError(\'required\')">\n      {{ \'tb.rulenode.period-value-key-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.MaxValidator,selector:"input[type=number][max][formControlName],input[type=number][max][formControl],input[type=number][max][ngModel]",inputs:["max"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:At,decorators:[{type:o,args:[{selector:"tb-enrichment-node-calculate-delta-config",templateUrl:"./calculate-delta-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Gt extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.customerAttributesConfigForm}onConfigurationSet(e){this.customerAttributesConfigForm=this.fb.group({telemetry:[!!e&&e.telemetry,[]],attrMapping:[e?e.attrMapping:null,[k.required]]})}}e("CustomerAttributesConfigComponent",Gt),Gt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Gt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Gt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Gt,selector:"tb-enrichment-node-customer-attributes-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="customerAttributesConfigForm" fxLayout="column">\n  <label translate class="tb-title tb-required">tb.rulenode.attr-mapping</label>\n  <mat-checkbox fxFlex formControlName="telemetry" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.latest-telemetry\' | translate }}\n  </mat-checkbox>\n  <tb-kv-map-config\n    required\n    formControlName="attrMapping"\n    requiredText="tb.rulenode.attr-mapping-required"\n    keyText="{{ customerAttributesConfigForm.get(\'telemetry\').value ? \'tb.rulenode.source-telemetry\' : \'tb.rulenode.source-attribute\' }}"\n    keyRequiredText="{{ customerAttributesConfigForm.get(\'telemetry\').value ? \'tb.rulenode.source-telemetry-required\' : \'tb.rulenode.source-attribute-required\' }}"\n    valText="tb.rulenode.target-attribute"\n    valRequiredText="tb.rulenode.target-attribute-required"\n    hintText="tb.rulenode.kv-map-pattern-hint">\n  </tb-kv-map-config>\n</section>\n',components:[{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:nt,selector:"tb-kv-map-config",inputs:["disabled","requiredText","keyText","keyRequiredText","valText","valRequiredText","hintText","required"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Gt,decorators:[{type:o,args:[{selector:"tb-enrichment-node-customer-attributes-config",templateUrl:"./customer-attributes-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Dt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.separatorKeysCodes=[Z,X,ee]}configForm(){return this.deviceAttributesConfigForm}onConfigurationSet(e){this.deviceAttributesConfigForm=this.fb.group({deviceRelationsQuery:[e?e.deviceRelationsQuery:null,[k.required]],tellFailureIfAbsent:[!!e&&e.tellFailureIfAbsent,[]],clientAttributeNames:[e?e.clientAttributeNames:null,[]],sharedAttributeNames:[e?e.sharedAttributeNames:null,[]],serverAttributeNames:[e?e.serverAttributeNames:null,[]],latestTsKeyNames:[e?e.latestTsKeyNames:null,[]],getLatestValueWithTs:[!!e&&e.getLatestValueWithTs,[]]})}removeKey(e,t){const o=this.deviceAttributesConfigForm.get(t).value,r=o.indexOf(e);r>=0&&(o.splice(r,1),this.deviceAttributesConfigForm.get(t).setValue(o,{emitEvent:!0}))}addKey(e,t){const o=e.input;let r=e.value;if((r||"").trim()){r=r.trim();let e=this.deviceAttributesConfigForm.get(t).value;e&&-1!==e.indexOf(r)||(e||(e=[]),e.push(r),this.deviceAttributesConfigForm.get(t).setValue(e,{emitEvent:!0}))}o&&(o.value="")}}e("DeviceAttributesConfigComponent",Dt),Dt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Dt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Dt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Dt,selector:"tb-enrichment-node-device-attributes-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="deviceAttributesConfigForm" fxLayout="column">\n  <label translate class="tb-title tb-required">tb.rulenode.device-relations-query</label>\n  <tb-device-relations-query-config\n    required\n    formControlName="deviceRelationsQuery"\n    style="padding-bottom: 15px;">\n  </tb-device-relations-query-config>\n  <mat-checkbox fxFlex formControlName="tellFailureIfAbsent" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.tell-failure-if-absent\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" translate>tb.rulenode.tell-failure-if-absent-hint</div>\n  <label translate class="tb-title no-padding">tb.rulenode.client-attributes</label>\n  <mat-form-field floatLabel="always" class="mat-block">\n    <mat-label></mat-label>\n    <mat-chip-list #clientAttributesChipList>\n      <mat-chip\n        *ngFor="let key of deviceAttributesConfigForm.get(\'clientAttributeNames\').value;"\n        (removed)="removeKey(key, \'clientAttributeNames\')">\n        {{key}}\n        <mat-icon matChipRemove>close</mat-icon>\n      </mat-chip>\n      <input matInput type="text" placeholder="{{\'tb.rulenode.client-attributes\' | translate}}"\n             style="max-width: 200px;"\n             [matChipInputFor]="clientAttributesChipList"\n             [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n             (matChipInputTokenEnd)="addKey($event, \'clientAttributeNames\')"\n             [matChipInputAddOnBlur]="true">\n    </mat-chip-list>\n  </mat-form-field>\n  <label translate class="tb-title no-padding">tb.rulenode.shared-attributes</label>\n  <mat-form-field floatLabel="always" class="mat-block">\n    <mat-label></mat-label>\n    <mat-chip-list #sharedAttributesChipList>\n      <mat-chip\n        *ngFor="let key of deviceAttributesConfigForm.get(\'sharedAttributeNames\').value;"\n        (removed)="removeKey(key, \'sharedAttributeNames\')">\n        {{key}}\n        <mat-icon matChipRemove>close</mat-icon>\n      </mat-chip>\n      <input matInput type="text" placeholder="{{\'tb.rulenode.shared-attributes\' | translate}}"\n             style="max-width: 200px;"\n             [matChipInputFor]="sharedAttributesChipList"\n             [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n             (matChipInputTokenEnd)="addKey($event, \'sharedAttributeNames\')"\n             [matChipInputAddOnBlur]="true">\n    </mat-chip-list>\n  </mat-form-field>\n  <label translate class="tb-title no-padding">tb.rulenode.server-attributes</label>\n  <mat-form-field floatLabel="always" class="mat-block">\n    <mat-label></mat-label>\n    <mat-chip-list #serverAttributesChipList>\n      <mat-chip\n        *ngFor="let key of deviceAttributesConfigForm.get(\'serverAttributeNames\').value;"\n        (removed)="removeKey(key, \'serverAttributeNames\')">\n        {{key}}\n        <mat-icon matChipRemove>close</mat-icon>\n      </mat-chip>\n      <input matInput type="text" placeholder="{{\'tb.rulenode.server-attributes\' | translate}}"\n             style="max-width: 200px;"\n             [matChipInputFor]="serverAttributesChipList"\n             [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n             (matChipInputTokenEnd)="addKey($event, \'serverAttributeNames\')"\n             [matChipInputAddOnBlur]="true">\n    </mat-chip-list>\n  </mat-form-field>\n  <label translate class="tb-title no-padding">tb.rulenode.latest-timeseries</label>\n  <mat-form-field floatLabel="always" class="mat-block">\n    <mat-label></mat-label>\n    <mat-chip-list #latestTimeseriesChipList>\n      <mat-chip\n        *ngFor="let key of deviceAttributesConfigForm.get(\'latestTsKeyNames\').value;"\n        (removed)="removeKey(key, \'latestTsKeyNames\')">\n        {{key}}\n        <mat-icon matChipRemove>close</mat-icon>\n      </mat-chip>\n      <input matInput type="text" placeholder="{{\'tb.rulenode.latest-timeseries\' | translate}}"\n             style="max-width: 200px;"\n             [matChipInputFor]="latestTimeseriesChipList"\n             [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n             (matChipInputTokenEnd)="addKey($event, \'latestTsKeyNames\')"\n             [matChipInputAddOnBlur]="true">\n    </mat-chip-list>\n  </mat-form-field>\n  <mat-checkbox formControlName="getLatestValueWithTs" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.get-latest-value-with-ts\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" [innerHTML]="\'tb.rulenode.get-latest-value-with-ts-hint\' | translate | safeHtml"></div>\n</section>\n',styles:[":host label.tb-title{margin-bottom:-10px}\n"],components:[{type:Tt,selector:"tb-device-relations-query-config",inputs:["disabled","required"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:te.MatChipList,selector:"mat-chip-list",inputs:["aria-orientation","multiple","compareWith","value","required","placeholder","disabled","selectable","tabIndex","errorStateMatcher"],outputs:["change","valueChange"],exportAs:["matChipList"]},{type:oe.MatIcon,selector:"mat-icon",inputs:["color","inline","svgIcon","fontSet","fontIcon"],exportAs:["matIcon"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:D.MatLabel,selector:"mat-label"},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:te.MatChip,selector:"mat-basic-chip, [mat-basic-chip], mat-chip, [mat-chip]",inputs:["color","disableRipple","tabIndex","selected","value","selectable","disabled","removable"],outputs:["selectionChange","destroyed","removed"],exportAs:["matChip"]},{type:te.MatChipRemove,selector:"[matChipRemove]"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:te.MatChipInput,selector:"input[matChipInputFor]",inputs:["matChipInputSeparatorKeyCodes","placeholder","id","matChipInputFor","matChipInputAddOnBlur","disabled"],outputs:["matChipInputTokenEnd"],exportAs:["matChipInput","matChipInputFor"]}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Dt,decorators:[{type:o,args:[{selector:"tb-enrichment-node-device-attributes-config",templateUrl:"./device-attributes-config.component.html",styleUrls:["./device-attributes-config.component.scss"]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Vt extends s{constructor(e,t,o){super(e),this.store=e,this.translate=t,this.fb=o,this.entityDetailsTranslationsMap=we,this.entityDetailsList=[],this.searchText="",this.displayDetailsFn=this.displayDetails.bind(this);for(const e of Object.keys(Re))this.entityDetailsList.push(Re[e]);this.detailsFormControl=new G(""),this.filteredEntityDetails=this.detailsFormControl.valueChanges.pipe(ue(""),pe((e=>e||"")),de((e=>this.fetchEntityDetails(e))),fe())}ngOnInit(){super.ngOnInit()}configForm(){return this.entityDetailsConfigForm}prepareInputConfig(e){return this.searchText="",this.detailsFormControl.patchValue("",{emitEvent:!0}),e}onConfigurationSet(e){this.entityDetailsConfigForm=this.fb.group({detailsList:[e?e.detailsList:null,[k.required]],addToMetadata:[!!e&&e.addToMetadata,[]]})}displayDetails(e){return e?this.translate.instant(we.get(e)):void 0}fetchEntityDetails(e){if(this.searchText=e,this.searchText&&this.searchText.length){const e=this.searchText.toUpperCase();return Ce(this.entityDetailsList.filter((t=>this.translate.instant(we.get(Re[t])).toUpperCase().includes(e))))}return Ce(this.entityDetailsList)}detailsFieldSelected(e){this.addDetailsField(e.option.value),this.clear("")}removeDetailsField(e){const t=this.entityDetailsConfigForm.get("detailsList").value;if(t){const o=t.indexOf(e);o>=0&&(t.splice(o,1),this.entityDetailsConfigForm.get("detailsList").setValue(t))}}addDetailsField(e){let t=this.entityDetailsConfigForm.get("detailsList").value;t||(t=[]);-1===t.indexOf(e)&&(t.push(e),this.entityDetailsConfigForm.get("detailsList").setValue(t))}onEntityDetailsInputFocus(){this.detailsFormControl.updateValueAndValidity({onlySelf:!0,emitEvent:!0})}clear(e=""){this.detailsInput.nativeElement.value=e,this.detailsFormControl.patchValue(null,{emitEvent:!0}),setTimeout((()=>{this.detailsInput.nativeElement.blur(),this.detailsInput.nativeElement.focus()}),0)}}e("EntityDetailsConfigComponent",Vt),Vt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Vt,deps:[{token:T.Store},{token:P.TranslateService},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Vt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Vt,selector:"tb-enrichment-node-entity-details-config",viewQueries:[{propertyName:"detailsInput",first:!0,predicate:["detailsInput"],descendants:!0}],usesInheritance:!0,ngImport:t,template:'<section [formGroup]="entityDetailsConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" class="entity-fields-list">\n    <mat-label translate>tb.rulenode.entity-details</mat-label>\n    <mat-chip-list #detailsChipList required>\n      <mat-chip\n        *ngFor="let details of entityDetailsConfigForm.get(\'detailsList\').value;"\n        (removed)="removeDetailsField(details)">\n        <span>\n          <strong>{{entityDetailsTranslationsMap.get(details) | translate}}</strong>\n        </span>\n        <mat-icon matChipRemove>close</mat-icon>\n      </mat-chip>\n      <input matInput type="text"\n             style="max-width: 200px;"\n             #detailsInput\n             (focusin)="onEntityDetailsInputFocus()"\n             [formControl]="detailsFormControl"\n             matAutocompleteOrigin\n             #origin="matAutocompleteOrigin"\n             [matAutocompleteConnectedTo]="origin"\n             [matAutocomplete]="detailsAutocomplete"\n             [matChipInputFor]="detailsChipList">\n    </mat-chip-list>\n    <mat-autocomplete #detailsAutocomplete="matAutocomplete"\n                      class="tb-autocomplete"\n                      (optionSelected)="detailsFieldSelected($event)"\n                      [displayWith]="displayDetailsFn">\n      <mat-option *ngFor="let details of filteredEntityDetails | async" [value]="details">\n        <span [innerHTML]="entityDetailsTranslationsMap.get(details) | translate | highlight:searchText"></span>\n      </mat-option>\n      <mat-option *ngIf="(filteredEntityDetails | async)?.length === 0" [value]="null" class="tb-not-found">\n        <div class="tb-not-found-content" (click)="$event.stopPropagation()">\n          <div>\n            <span translate>tb.rulenode.no-entity-details-matching</span>\n          </div>\n        </div>\n      </mat-option>\n    </mat-autocomplete>\n  </mat-form-field>\n  <tb-error [error]="(detailsFormControl.touched &&\n                     entityDetailsConfigForm.get(\'detailsList\').hasError(\'required\'))\n                  ? translate.instant(\'tb.rulenode.entity-details-list-empty\') : \'\'"></tb-error>\n  <mat-checkbox fxFlex formControlName="addToMetadata" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.add-to-metadata\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" translate>tb.rulenode.add-to-metadata-hint</div>\n</section>\n',styles:[":host ::ng-deep mat-form-field.entity-fields-list .mat-form-field-wrapper{margin-bottom:-1.25em}\n"],components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:te.MatChipList,selector:"mat-chip-list",inputs:["aria-orientation","multiple","compareWith","value","required","placeholder","disabled","selectable","tabIndex","errorStateMatcher"],outputs:["change","valueChange"],exportAs:["matChipList"]},{type:oe.MatIcon,selector:"mat-icon",inputs:["color","inline","svgIcon","fontSet","fontIcon"],exportAs:["matIcon"]},{type:Fe.MatAutocomplete,selector:"mat-autocomplete",inputs:["disableRipple"],exportAs:["matAutocomplete"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:ie.TbErrorComponent,selector:"tb-error",inputs:["error"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:te.MatChip,selector:"mat-basic-chip, [mat-basic-chip], mat-chip, [mat-chip]",inputs:["color","disableRipple","tabIndex","selected","value","selectable","disabled","removable"],outputs:["selectionChange","destroyed","removed"],exportAs:["matChip"]},{type:te.MatChipRemove,selector:"[matChipRemove]"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:Fe.MatAutocompleteTrigger,selector:"input[matAutocomplete], textarea[matAutocomplete]",exportAs:["matAutocompleteTrigger"]},{type:te.MatChipInput,selector:"input[matChipInputFor]",inputs:["matChipInputSeparatorKeyCodes","placeholder","id","matChipInputFor","matChipInputAddOnBlur","disabled"],outputs:["matChipInputTokenEnd"],exportAs:["matChipInput","matChipInputFor"]},{type:Fe.MatAutocompleteOrigin,selector:"[matAutocompleteOrigin]",exportAs:["matAutocompleteOrigin"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlDirective,selector:"[formControl]",inputs:["disabled","formControl","ngModel"],outputs:["ngModelChange"],exportAs:["ngForm"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]}],pipes:{translate:P.TranslatePipe,async:w.AsyncPipe,highlight:Le.HighlightPipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Vt,decorators:[{type:o,args:[{selector:"tb-enrichment-node-entity-details-config",templateUrl:"./entity-details-config.component.html",styleUrls:["./entity-details-config.component.scss"]}]}],ctorParameters:function(){return[{type:T.Store},{type:P.TranslateService},{type:q.FormBuilder}]},propDecorators:{detailsInput:[{type:a,args:["detailsInput",{static:!1}]}]}});class Et extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.separatorKeysCodes=[Z,X,ee],this.aggregationTypes=L,this.aggregations=Object.keys(L),this.aggregationTypesTranslations=v,this.fetchMode=Oe,this.fetchModes=Object.keys(Oe),this.samplingOrders=Object.keys(He),this.timeUnits=Object.values(De),this.timeUnitsTranslationMap=Ve}configForm(){return this.getTelemetryFromDatabaseConfigForm}onConfigurationSet(e){this.getTelemetryFromDatabaseConfigForm=this.fb.group({latestTsKeyNames:[e?e.latestTsKeyNames:null,[]],aggregation:[e?e.aggregation:null,[k.required]],fetchMode:[e?e.fetchMode:null,[k.required]],orderBy:[e?e.orderBy:null,[]],limit:[e?e.limit:null,[]],useMetadataIntervalPatterns:[!!e&&e.useMetadataIntervalPatterns,[]],startInterval:[e?e.startInterval:null,[]],startIntervalTimeUnit:[e?e.startIntervalTimeUnit:null,[]],endInterval:[e?e.endInterval:null,[]],endIntervalTimeUnit:[e?e.endIntervalTimeUnit:null,[]],startIntervalPattern:[e?e.startIntervalPattern:null,[]],endIntervalPattern:[e?e.endIntervalPattern:null,[]]})}validatorTriggers(){return["fetchMode","useMetadataIntervalPatterns"]}updateValidators(e){const t=this.getTelemetryFromDatabaseConfigForm.get("fetchMode").value,o=this.getTelemetryFromDatabaseConfigForm.get("useMetadataIntervalPatterns").value;t&&t===Oe.ALL?(this.getTelemetryFromDatabaseConfigForm.get("aggregation").setValidators([k.required]),this.getTelemetryFromDatabaseConfigForm.get("orderBy").setValidators([k.required]),this.getTelemetryFromDatabaseConfigForm.get("limit").setValidators([k.required,k.min(2),k.max(1e3)])):(this.getTelemetryFromDatabaseConfigForm.get("aggregation").setValidators([]),this.getTelemetryFromDatabaseConfigForm.get("orderBy").setValidators([]),this.getTelemetryFromDatabaseConfigForm.get("limit").setValidators([])),o?(this.getTelemetryFromDatabaseConfigForm.get("startInterval").setValidators([]),this.getTelemetryFromDatabaseConfigForm.get("startIntervalTimeUnit").setValidators([]),this.getTelemetryFromDatabaseConfigForm.get("endInterval").setValidators([]),this.getTelemetryFromDatabaseConfigForm.get("endIntervalTimeUnit").setValidators([]),this.getTelemetryFromDatabaseConfigForm.get("startIntervalPattern").setValidators([k.required]),this.getTelemetryFromDatabaseConfigForm.get("endIntervalPattern").setValidators([k.required])):(this.getTelemetryFromDatabaseConfigForm.get("startInterval").setValidators([k.required,k.min(1),k.max(2147483647)]),this.getTelemetryFromDatabaseConfigForm.get("startIntervalTimeUnit").setValidators([k.required]),this.getTelemetryFromDatabaseConfigForm.get("endInterval").setValidators([k.required,k.min(1),k.max(2147483647)]),this.getTelemetryFromDatabaseConfigForm.get("endIntervalTimeUnit").setValidators([k.required]),this.getTelemetryFromDatabaseConfigForm.get("startIntervalPattern").setValidators([]),this.getTelemetryFromDatabaseConfigForm.get("endIntervalPattern").setValidators([])),this.getTelemetryFromDatabaseConfigForm.get("aggregation").updateValueAndValidity({emitEvent:e}),this.getTelemetryFromDatabaseConfigForm.get("orderBy").updateValueAndValidity({emitEvent:e}),this.getTelemetryFromDatabaseConfigForm.get("limit").updateValueAndValidity({emitEvent:e}),this.getTelemetryFromDatabaseConfigForm.get("startInterval").updateValueAndValidity({emitEvent:e}),this.getTelemetryFromDatabaseConfigForm.get("startIntervalTimeUnit").updateValueAndValidity({emitEvent:e}),this.getTelemetryFromDatabaseConfigForm.get("endInterval").updateValueAndValidity({emitEvent:e}),this.getTelemetryFromDatabaseConfigForm.get("endIntervalTimeUnit").updateValueAndValidity({emitEvent:e}),this.getTelemetryFromDatabaseConfigForm.get("startIntervalPattern").updateValueAndValidity({emitEvent:e}),this.getTelemetryFromDatabaseConfigForm.get("endIntervalPattern").updateValueAndValidity({emitEvent:e})}removeKey(e,t){const o=this.getTelemetryFromDatabaseConfigForm.get(t).value,r=o.indexOf(e);r>=0&&(o.splice(r,1),this.getTelemetryFromDatabaseConfigForm.get(t).setValue(o,{emitEvent:!0}))}addKey(e,t){const o=e.input;let r=e.value;if((r||"").trim()){r=r.trim();let e=this.getTelemetryFromDatabaseConfigForm.get(t).value;e&&-1!==e.indexOf(r)||(e||(e=[]),e.push(r),this.getTelemetryFromDatabaseConfigForm.get(t).setValue(e,{emitEvent:!0}))}o&&(o.value="")}}e("GetTelemetryFromDatabaseConfigComponent",Et),Et.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Et,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Et.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Et,selector:"tb-enrichment-node-get-telemetry-from-database",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="getTelemetryFromDatabaseConfigForm" fxLayout="column">\n  <label translate class="tb-title no-padding">tb.rulenode.timeseries-key</label>\n  <mat-form-field floatLabel="always" class="mat-block" style="padding-bottom: 16px;">\n    <mat-label></mat-label>\n    <mat-chip-list #latestTimeseriesChipList>\n      <mat-chip\n        *ngFor="let key of getTelemetryFromDatabaseConfigForm.get(\'latestTsKeyNames\').value;"\n        (removed)="removeKey(key, \'latestTsKeyNames\')">\n        {{key}}\n        <mat-icon matChipRemove>close</mat-icon>\n      </mat-chip>\n      <input matInput type="text" placeholder="{{\'tb.rulenode.timeseries-key\' | translate}}"\n             style="max-width: 200px;"\n             [matChipInputFor]="latestTimeseriesChipList"\n             [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n             (matChipInputTokenEnd)="addKey($event, \'latestTsKeyNames\')"\n             [matChipInputAddOnBlur]="true">\n    </mat-chip-list>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.fetch-mode</mat-label>\n    <mat-select formControlName="fetchMode" required>\n      <mat-option *ngFor="let mode of fetchModes" [value]="mode">\n        {{ mode }}\n      </mat-option>\n    </mat-select>\n    <mat-hint translate>tb.rulenode.fetch-mode-hint</mat-hint>\n  </mat-form-field>\n  <div fxLayout="column" *ngIf="getTelemetryFromDatabaseConfigForm.get(\'fetchMode\').value === fetchMode.ALL">\n    <mat-form-field>\n      <mat-label translate>aggregation.function</mat-label>\n      <mat-select formControlName="aggregation" required>\n        <mat-option *ngFor="let aggregation of aggregations" [value]="aggregation">\n          {{ aggregationTypesTranslations.get(aggregationTypes[aggregation]) | translate }}\n        </mat-option>\n      </mat-select>\n    </mat-form-field>\n    <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n      <mat-label translate>tb.rulenode.order-by</mat-label>\n      <mat-select formControlName="orderBy" required>\n        <mat-option *ngFor="let order of samplingOrders" [value]="order">\n          {{ order }}\n        </mat-option>\n      </mat-select>\n      <mat-hint translate>tb.rulenode.order-by-hint</mat-hint>\n    </mat-form-field>\n    <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n      <mat-label translate>tb.rulenode.limit</mat-label>\n      <input type="number" min="2" max="1000" step="1" matInput formControlName="limit" required>\n      <mat-hint translate>tb.rulenode.limit-hint</mat-hint>\n    </mat-form-field>\n  </div>\n  <mat-checkbox formControlName="useMetadataIntervalPatterns" style="padding-bottom: 8px;">\n    {{ \'tb.rulenode.use-metadata-interval-patterns\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" style="padding-bottom: 16px;" translate>tb.rulenode.use-metadata-interval-patterns-hint</div>\n  <div fxLayout="column" *ngIf="getTelemetryFromDatabaseConfigForm.get(\'useMetadataIntervalPatterns\').value === false; else intervalPattern">\n    <div fxLayout="column" fxLayout.gt-sm="row" fxLayoutGap.gt-sm="8px">\n      <mat-form-field fxFlex class="mat-block">\n        <mat-label translate>tb.rulenode.start-interval</mat-label>\n        <input type="number" step="1" min="1" max="2147483647" matInput formControlName="startInterval" required>\n        <mat-error *ngIf="getTelemetryFromDatabaseConfigForm.get(\'startInterval\').hasError(\'required\')">\n          {{ \'tb.rulenode.start-interval-value-required\' | translate }}\n        </mat-error>\n        <mat-error *ngIf="getTelemetryFromDatabaseConfigForm.get(\'startInterval\').hasError(\'min\')">\n          {{ \'tb.rulenode.time-value-range\' | translate }}\n        </mat-error>\n        <mat-error *ngIf="getTelemetryFromDatabaseConfigForm.get(\'startInterval\').hasError(\'max\')">\n          {{ \'tb.rulenode.time-value-range\' | translate }}\n        </mat-error>\n      </mat-form-field>\n      <mat-form-field fxFlex class="mat-block">\n        <mat-label translate>tb.rulenode.start-interval-time-unit</mat-label>\n        <mat-select formControlName="startIntervalTimeUnit" required>\n          <mat-option *ngFor="let timeUnit of timeUnits" [value]="timeUnit">\n            {{ timeUnitsTranslationMap.get(timeUnit) | translate }}\n          </mat-option>\n        </mat-select>\n      </mat-form-field>\n    </div>\n    <div fxLayout="column" fxLayout.gt-sm="row" fxLayoutGap.gt-sm="8px">\n      <mat-form-field fxFlex class="mat-block">\n        <mat-label translate>tb.rulenode.end-interval</mat-label>\n        <input type="number" step="1" min="1" max="2147483647" matInput formControlName="endInterval" required>\n        <mat-error *ngIf="getTelemetryFromDatabaseConfigForm.get(\'endInterval\').hasError(\'required\')">\n          {{ \'tb.rulenode.end-interval-value-required\' | translate }}\n        </mat-error>\n        <mat-error *ngIf="getTelemetryFromDatabaseConfigForm.get(\'endInterval\').hasError(\'min\')">\n          {{ \'tb.rulenode.time-value-range\' | translate }}\n        </mat-error>\n        <mat-error *ngIf="getTelemetryFromDatabaseConfigForm.get(\'endInterval\').hasError(\'max\')">\n          {{ \'tb.rulenode.time-value-range\' | translate }}\n        </mat-error>\n      </mat-form-field>\n      <mat-form-field fxFlex class="mat-block">\n        <mat-label translate>tb.rulenode.end-interval-time-unit</mat-label>\n        <mat-select formControlName="endIntervalTimeUnit" required>\n          <mat-option *ngFor="let timeUnit of timeUnits" [value]="timeUnit">\n            {{ timeUnitsTranslationMap.get(timeUnit) | translate }}\n          </mat-option>\n        </mat-select>\n      </mat-form-field>\n    </div>\n  </div>\n  <ng-template #intervalPattern>\n    <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n      <mat-label translate>tb.rulenode.start-interval-pattern</mat-label>\n      <input matInput formControlName="startIntervalPattern" required>\n      <mat-error *ngIf="getTelemetryFromDatabaseConfigForm.get(\'startIntervalPattern\').hasError(\'required\')">\n        {{ \'tb.rulenode.start-interval-pattern-required\' | translate }}\n      </mat-error>\n      <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n    </mat-form-field>\n    <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n      <mat-label translate>tb.rulenode.end-interval-pattern</mat-label>\n      <input matInput formControlName="endIntervalPattern" required>\n      <mat-error *ngIf="getTelemetryFromDatabaseConfigForm.get(\'endIntervalPattern\').hasError(\'required\')">\n        {{ \'tb.rulenode.end-interval-pattern-required\' | translate }}\n      </mat-error>\n      <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n    </mat-form-field>\n  </ng-template>\n</section>\n',styles:[":host label.tb-title{margin-bottom:-10px}\n"],components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:te.MatChipList,selector:"mat-chip-list",inputs:["aria-orientation","multiple","compareWith","value","required","placeholder","disabled","selectable","tabIndex","errorStateMatcher"],outputs:["change","valueChange"],exportAs:["matChipList"]},{type:oe.MatIcon,selector:"mat-icon",inputs:["color","inline","svgIcon","fontSet","fontIcon"],exportAs:["matIcon"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:D.MatLabel,selector:"mat-label"},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:te.MatChip,selector:"mat-basic-chip, [mat-basic-chip], mat-chip, [mat-chip]",inputs:["color","disableRipple","tabIndex","selected","value","selectable","disabled","removable"],outputs:["selectionChange","destroyed","removed"],exportAs:["matChip"]},{type:te.MatChipRemove,selector:"[matChipRemove]"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:te.MatChipInput,selector:"input[matChipInputFor]",inputs:["matChipInputSeparatorKeyCodes","placeholder","id","matChipInputFor","matChipInputAddOnBlur","disabled"],outputs:["matChipInputTokenEnd"],exportAs:["matChipInput","matChipInputFor"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.MaxValidator,selector:"input[type=number][max][formControlName],input[type=number][max][formControl],input[type=number][max][ngModel]",inputs:["max"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:D.MatError,selector:"mat-error",inputs:["id"]}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Et,decorators:[{type:o,args:[{selector:"tb-enrichment-node-get-telemetry-from-database",templateUrl:"./get-telemetry-from-database-config.component.html",styleUrls:["./get-telemetry-from-database-config.component.scss"]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Pt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.separatorKeysCodes=[Z,X,ee]}configForm(){return this.originatorAttributesConfigForm}onConfigurationSet(e){this.originatorAttributesConfigForm=this.fb.group({tellFailureIfAbsent:[!!e&&e.tellFailureIfAbsent,[]],clientAttributeNames:[e?e.clientAttributeNames:null,[]],sharedAttributeNames:[e?e.sharedAttributeNames:null,[]],serverAttributeNames:[e?e.serverAttributeNames:null,[]],latestTsKeyNames:[e?e.latestTsKeyNames:null,[]],getLatestValueWithTs:[!!e&&e.getLatestValueWithTs,[]]})}removeKey(e,t){const o=this.originatorAttributesConfigForm.get(t).value,r=o.indexOf(e);r>=0&&(o.splice(r,1),this.originatorAttributesConfigForm.get(t).setValue(o,{emitEvent:!0}))}addKey(e,t){const o=e.input;let r=e.value;if((r||"").trim()){r=r.trim();let e=this.originatorAttributesConfigForm.get(t).value;e&&-1!==e.indexOf(r)||(e||(e=[]),e.push(r),this.originatorAttributesConfigForm.get(t).setValue(e,{emitEvent:!0}))}o&&(o.value="")}}e("OriginatorAttributesConfigComponent",Pt),Pt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Pt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Pt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Pt,selector:"tb-enrichment-node-originator-attributes-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="originatorAttributesConfigForm" fxLayout="column">\n  <mat-checkbox fxFlex formControlName="tellFailureIfAbsent" style="padding-bottom: 8px;">\n    {{ \'tb.rulenode.tell-failure-if-absent\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" translate>tb.rulenode.tell-failure-if-absent-hint</div>\n  <label translate class="tb-title no-padding">tb.rulenode.client-attributes</label>\n  <mat-form-field floatLabel="always" class="mat-block" style="padding-bottom: 16px;">\n    <mat-label></mat-label>\n    <mat-chip-list #clientAttributesChipList>\n      <mat-chip\n        *ngFor="let key of originatorAttributesConfigForm.get(\'clientAttributeNames\').value;"\n        (removed)="removeKey(key, \'clientAttributeNames\')">\n        {{key}}\n        <mat-icon matChipRemove>close</mat-icon>\n      </mat-chip>\n      <input matInput type="text" placeholder="{{\'tb.rulenode.client-attributes\' | translate}}"\n             style="max-width: 200px;"\n             [matChipInputFor]="clientAttributesChipList"\n             [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n             (matChipInputTokenEnd)="addKey($event, \'clientAttributeNames\')"\n             [matChipInputAddOnBlur]="true">\n    </mat-chip-list>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <label translate class="tb-title no-padding">tb.rulenode.shared-attributes</label>\n  <mat-form-field floatLabel="always" class="mat-block" style="padding-bottom: 16px;">\n    <mat-label></mat-label>\n    <mat-chip-list #sharedAttributesChipList>\n      <mat-chip\n        *ngFor="let key of originatorAttributesConfigForm.get(\'sharedAttributeNames\').value;"\n        (removed)="removeKey(key, \'sharedAttributeNames\')">\n        {{key}}\n        <mat-icon matChipRemove>close</mat-icon>\n      </mat-chip>\n      <input matInput type="text" placeholder="{{\'tb.rulenode.shared-attributes\' | translate}}"\n             style="max-width: 200px;"\n             [matChipInputFor]="sharedAttributesChipList"\n             [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n             (matChipInputTokenEnd)="addKey($event, \'sharedAttributeNames\')"\n             [matChipInputAddOnBlur]="true">\n    </mat-chip-list>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <label translate class="tb-title no-padding">tb.rulenode.server-attributes</label>\n  <mat-form-field floatLabel="always" class="mat-block" style="padding-bottom: 16px;">\n    <mat-label></mat-label>\n    <mat-chip-list #serverAttributesChipList>\n      <mat-chip\n        *ngFor="let key of originatorAttributesConfigForm.get(\'serverAttributeNames\').value;"\n        (removed)="removeKey(key, \'serverAttributeNames\')">\n        {{key}}\n        <mat-icon matChipRemove>close</mat-icon>\n      </mat-chip>\n      <input matInput type="text" placeholder="{{\'tb.rulenode.server-attributes\' | translate}}"\n             style="max-width: 200px;"\n             [matChipInputFor]="serverAttributesChipList"\n             [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n             (matChipInputTokenEnd)="addKey($event, \'serverAttributeNames\')"\n             [matChipInputAddOnBlur]="true">\n    </mat-chip-list>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <label translate class="tb-title no-padding">tb.rulenode.latest-timeseries</label>\n  <mat-form-field floatLabel="always" class="mat-block" style="padding-bottom: 16px;">\n    <mat-label></mat-label>\n    <mat-chip-list #latestTimeseriesChipList>\n      <mat-chip\n        *ngFor="let key of originatorAttributesConfigForm.get(\'latestTsKeyNames\').value;"\n        (removed)="removeKey(key, \'latestTsKeyNames\')">\n        {{key}}\n        <mat-icon matChipRemove>close</mat-icon>\n      </mat-chip>\n      <input matInput type="text" placeholder="{{\'tb.rulenode.latest-timeseries\' | translate}}"\n             style="max-width: 200px;"\n             [matChipInputFor]="latestTimeseriesChipList"\n             [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n             (matChipInputTokenEnd)="addKey($event, \'latestTsKeyNames\')"\n             [matChipInputAddOnBlur]="true">\n    </mat-chip-list>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-checkbox formControlName="getLatestValueWithTs" style="padding-bottom: 8px;">\n    {{ \'tb.rulenode.get-latest-value-with-ts\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" [innerHTML]="\'tb.rulenode.get-latest-value-with-ts-hint\' | translate | safeHtml"></div>\n</section>\n',styles:[":host label.tb-title{margin-bottom:-10px}\n"],components:[{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:te.MatChipList,selector:"mat-chip-list",inputs:["aria-orientation","multiple","compareWith","value","required","placeholder","disabled","selectable","tabIndex","errorStateMatcher"],outputs:["change","valueChange"],exportAs:["matChipList"]},{type:oe.MatIcon,selector:"mat-icon",inputs:["color","inline","svgIcon","fontSet","fontIcon"],exportAs:["matIcon"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:D.MatLabel,selector:"mat-label"},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:te.MatChip,selector:"mat-basic-chip, [mat-basic-chip], mat-chip, [mat-chip]",inputs:["color","disableRipple","tabIndex","selected","value","selectable","disabled","removable"],outputs:["selectionChange","destroyed","removed"],exportAs:["matChip"]},{type:te.MatChipRemove,selector:"[matChipRemove]"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:te.MatChipInput,selector:"input[matChipInputFor]",inputs:["matChipInputSeparatorKeyCodes","placeholder","id","matChipInputFor","matChipInputAddOnBlur","disabled"],outputs:["matChipInputTokenEnd"],exportAs:["matChipInput","matChipInputFor"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Pt,decorators:[{type:o,args:[{selector:"tb-enrichment-node-originator-attributes-config",templateUrl:"./originator-attributes-config.component.html",styleUrls:["./originator-attributes-config.component.scss"]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Rt extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.originatorFieldsConfigForm}onConfigurationSet(e){this.originatorFieldsConfigForm=this.fb.group({fieldsMapping:[e?e.fieldsMapping:null,[k.required]]})}}e("OriginatorFieldsConfigComponent",Rt),Rt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Rt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Rt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Rt,selector:"tb-enrichment-node-originator-fields-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="originatorFieldsConfigForm" fxLayout="column">\n  <label translate class="tb-title tb-required">tb.rulenode.fields-mapping</label>\n  <tb-kv-map-config\n    required\n    formControlName="fieldsMapping"\n    requiredText="tb.rulenode.fields-mapping-required"\n    keyText="tb.rulenode.source-field"\n    keyRequiredText="tb.rulenode.source-field-required"\n    valText="tb.rulenode.target-attribute"\n    valRequiredText="tb.rulenode.target-attribute-required">\n  </tb-kv-map-config>\n</section>\n',components:[{type:nt,selector:"tb-kv-map-config",inputs:["disabled","requiredText","keyText","keyRequiredText","valText","valRequiredText","hintText","required"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]}]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Rt,decorators:[{type:o,args:[{selector:"tb-enrichment-node-originator-fields-config",templateUrl:"./originator-fields-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class wt extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.relatedAttributesConfigForm}onConfigurationSet(e){this.relatedAttributesConfigForm=this.fb.group({relationsQuery:[e?e.relationsQuery:null,[k.required]],telemetry:[!!e&&e.telemetry,[]],attrMapping:[e?e.attrMapping:null,[k.required]]})}}e("RelatedAttributesConfigComponent",wt),wt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:wt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),wt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:wt,selector:"tb-enrichment-node-related-attributes-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="relatedAttributesConfigForm" fxLayout="column">\n  <label translate class="tb-title tb-required">tb.rulenode.relations-query</label>\n  <tb-relations-query-config\n    required\n    formControlName="relationsQuery"\n    style="padding-bottom: 15px;">\n  </tb-relations-query-config>\n  <label translate class="tb-title tb-required">tb.rulenode.attr-mapping</label>\n  <mat-checkbox fxFlex formControlName="telemetry" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.latest-telemetry\' | translate }}\n  </mat-checkbox>\n  <tb-kv-map-config\n    required\n    formControlName="attrMapping"\n    requiredText="tb.rulenode.attr-mapping-required"\n    keyText="{{ relatedAttributesConfigForm.get(\'telemetry\').value ? \'tb.rulenode.source-telemetry\' : \'tb.rulenode.source-attribute\' }}"\n    keyRequiredText="{{ relatedAttributesConfigForm.get(\'telemetry\').value ? \'tb.rulenode.source-telemetry-required\' : \'tb.rulenode.source-attribute-required\' }}"\n    valText="tb.rulenode.target-attribute"\n    valRequiredText="tb.rulenode.target-attribute-required"\n    hintText="tb.rulenode.kv-map-pattern-hint">\n  </tb-kv-map-config>\n</section>\n',components:[{type:qt,selector:"tb-relations-query-config",inputs:["disabled","required"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:nt,selector:"tb-kv-map-config",inputs:["disabled","requiredText","keyText","keyRequiredText","valText","valRequiredText","hintText","required"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:wt,decorators:[{type:o,args:[{selector:"tb-enrichment-node-related-attributes-config",templateUrl:"./related-attributes-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Ot extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.tenantAttributesConfigForm}onConfigurationSet(e){this.tenantAttributesConfigForm=this.fb.group({telemetry:[!!e&&e.telemetry,[]],attrMapping:[e?e.attrMapping:null,[k.required]]})}}e("TenantAttributesConfigComponent",Ot),Ot.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ot,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Ot.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Ot,selector:"tb-enrichment-node-tenant-attributes-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="tenantAttributesConfigForm" fxLayout="column">\n  <label translate class="tb-title tb-required">tb.rulenode.attr-mapping</label>\n  <mat-checkbox fxFlex formControlName="telemetry" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.latest-telemetry\' | translate }}\n  </mat-checkbox>\n  <tb-kv-map-config\n    required\n    formControlName="attrMapping"\n    requiredText="tb.rulenode.attr-mapping-required"\n    keyText="{{ tenantAttributesConfigForm.get(\'telemetry\').value ? \'tb.rulenode.source-telemetry\' : \'tb.rulenode.source-attribute\' }}"\n    keyRequiredText="{{ tenantAttributesConfigForm.get(\'telemetry\').value ? \'tb.rulenode.source-telemetry-required\' : \'tb.rulenode.source-attribute-required\' }}"\n    valText="tb.rulenode.target-attribute"\n    valRequiredText="tb.rulenode.target-attribute-required"\n    hintText="tb.rulenode.kv-map-pattern-hint">\n  </tb-kv-map-config>\n</section>\n',components:[{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:nt,selector:"tb-kv-map-config",inputs:["disabled","requiredText","keyText","keyRequiredText","valText","valRequiredText","hintText","required"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ot,decorators:[{type:o,args:[{selector:"tb-enrichment-node-tenant-attributes-config",templateUrl:"./tenant-attributes-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Ht{}e("RulenodeCoreConfigEnrichmentModule",Ht),Ht.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ht,deps:[],target:t.ɵɵFactoryTarget.NgModule}),Ht.ɵmod=t.ɵɵngDeclareNgModule({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ht,declarations:[Gt,Vt,Dt,Pt,Rt,Et,wt,Ot,At],imports:[O,F,Mt],exports:[Gt,Vt,Dt,Pt,Rt,Et,wt,Ot,At]}),Ht.ɵinj=t.ɵɵngDeclareInjector({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ht,imports:[[O,F,Mt]]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ht,decorators:[{type:i,args:[{declarations:[Gt,Vt,Dt,Pt,Rt,Et,wt,Ot,At],imports:[O,F,Mt],exports:[Gt,Vt,Dt,Pt,Rt,Et,wt,Ot,At]}]}]});class Ut extends s{constructor(e,t,o){super(e),this.store=e,this.translate=t,this.fb=o,this.alarmStatusTranslationsMap=I,this.alarmStatusList=[],this.searchText="",this.displayStatusFn=this.displayStatus.bind(this);for(const e of Object.keys(N))this.alarmStatusList.push(N[e]);this.statusFormControl=new G(""),this.filteredAlarmStatus=this.statusFormControl.valueChanges.pipe(ue(""),pe((e=>e||"")),de((e=>this.fetchAlarmStatus(e))),fe())}ngOnInit(){super.ngOnInit()}configForm(){return this.alarmStatusConfigForm}prepareInputConfig(e){return this.searchText="",this.statusFormControl.patchValue("",{emitEvent:!0}),e}onConfigurationSet(e){this.alarmStatusConfigForm=this.fb.group({alarmStatusList:[e?e.alarmStatusList:null,[k.required]]})}displayStatus(e){return e?this.translate.instant(I.get(e)):void 0}fetchAlarmStatus(e){const t=this.getAlarmStatusList();if(this.searchText=e,this.searchText&&this.searchText.length){const e=this.searchText.toUpperCase();return Ce(t.filter((t=>this.translate.instant(I.get(N[t])).toUpperCase().includes(e))))}return Ce(t)}alarmStatusSelected(e){this.addAlarmStatus(e.option.value),this.clear("")}removeAlarmStatus(e){const t=this.alarmStatusConfigForm.get("alarmStatusList").value;if(t){const o=t.indexOf(e);o>=0&&(t.splice(o,1),this.alarmStatusConfigForm.get("alarmStatusList").setValue(t))}}addAlarmStatus(e){let t=this.alarmStatusConfigForm.get("alarmStatusList").value;t||(t=[]);-1===t.indexOf(e)&&(t.push(e),this.alarmStatusConfigForm.get("alarmStatusList").setValue(t))}getAlarmStatusList(){return this.alarmStatusList.filter((e=>-1===this.alarmStatusConfigForm.get("alarmStatusList").value.indexOf(e)))}onAlarmStatusInputFocus(){this.statusFormControl.updateValueAndValidity({onlySelf:!0,emitEvent:!0})}clear(e=""){this.alarmStatusInput.nativeElement.value=e,this.statusFormControl.patchValue(null,{emitEvent:!0}),setTimeout((()=>{this.alarmStatusInput.nativeElement.blur(),this.alarmStatusInput.nativeElement.focus()}),0)}}e("CheckAlarmStatusComponent",Ut),Ut.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ut,deps:[{token:T.Store},{token:P.TranslateService},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Ut.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Ut,selector:"tb-filter-node-check-alarm-status-config",viewQueries:[{propertyName:"alarmStatusInput",first:!0,predicate:["alarmStatusInput"],descendants:!0}],usesInheritance:!0,ngImport:t,template:'<section [formGroup]="alarmStatusConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" class="alarm-status-list">\n  <mat-label translate>tb.rulenode.alarm-status-filter</mat-label>\n  <mat-chip-list #alarmStatusChipList required>\n    <mat-chip\n      *ngFor="let alarmStatus of alarmStatusConfigForm.get(\'alarmStatusList\').value;"\n      (removed)="removeAlarmStatus(alarmStatus)">\n        <span>\n          <strong>{{alarmStatusTranslationsMap.get(alarmStatus) | translate}}</strong>\n        </span>\n      <mat-icon matChipRemove>close</mat-icon>\n    </mat-chip>\n    <input matInput type="text"\n           style="max-width: 200px;"\n           #alarmStatusInput\n           (focusin)="onAlarmStatusInputFocus()"\n           [formControl]="statusFormControl"\n           matAutocompleteOrigin\n           #origin="matAutocompleteOrigin"\n           [matAutocompleteConnectedTo]="origin"\n           [matAutocomplete]="alarmStatusAutocomplete"\n           [matChipInputFor]="alarmStatusChipList">\n  </mat-chip-list>\n  <mat-autocomplete #alarmStatusAutocomplete="matAutocomplete"\n                    class="tb-autocomplete"\n                    (optionSelected)="alarmStatusSelected($event)"\n                    [displayWith]="displayStatusFn">\n    <mat-option *ngFor="let status of filteredAlarmStatus | async" [value]="status">\n      <span [innerHTML]="alarmStatusTranslationsMap.get(status) | translate | highlight:searchText"></span>\n    </mat-option>\n    <mat-option *ngIf="(filteredAlarmStatus | async)?.length === 0" [value]="null" class="tb-not-found">\n      <div class="tb-not-found-content" (click)="$event.stopPropagation()">\n        <div>\n          <span translate>tb.rulenode.no-alarm-status-matching</span>\n        </div>\n      </div>\n    </mat-option>\n  </mat-autocomplete>\n  </mat-form-field>\n  <tb-error [error]="(statusFormControl.touched &&\n                     alarmStatusConfigForm.get(\'alarmStatusList\').hasError(\'required\'))\n                  ? translate.instant(\'tb.rulenode.alarm-status-list-empty\') : \'\'"></tb-error>\n  </section>\n\n\n\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:te.MatChipList,selector:"mat-chip-list",inputs:["aria-orientation","multiple","compareWith","value","required","placeholder","disabled","selectable","tabIndex","errorStateMatcher"],outputs:["change","valueChange"],exportAs:["matChipList"]},{type:oe.MatIcon,selector:"mat-icon",inputs:["color","inline","svgIcon","fontSet","fontIcon"],exportAs:["matIcon"]},{type:Fe.MatAutocomplete,selector:"mat-autocomplete",inputs:["disableRipple"],exportAs:["matAutocomplete"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:ie.TbErrorComponent,selector:"tb-error",inputs:["error"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:te.MatChip,selector:"mat-basic-chip, [mat-basic-chip], mat-chip, [mat-chip]",inputs:["color","disableRipple","tabIndex","selected","value","selectable","disabled","removable"],outputs:["selectionChange","destroyed","removed"],exportAs:["matChip"]},{type:te.MatChipRemove,selector:"[matChipRemove]"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:Fe.MatAutocompleteTrigger,selector:"input[matAutocomplete], textarea[matAutocomplete]",exportAs:["matAutocompleteTrigger"]},{type:te.MatChipInput,selector:"input[matChipInputFor]",inputs:["matChipInputSeparatorKeyCodes","placeholder","id","matChipInputFor","matChipInputAddOnBlur","disabled"],outputs:["matChipInputTokenEnd"],exportAs:["matChipInput","matChipInputFor"]},{type:Fe.MatAutocompleteOrigin,selector:"[matAutocompleteOrigin]",exportAs:["matAutocompleteOrigin"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlDirective,selector:"[formControl]",inputs:["disabled","formControl","ngModel"],outputs:["ngModelChange"],exportAs:["ngForm"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]}],pipes:{translate:P.TranslatePipe,async:w.AsyncPipe,highlight:Le.HighlightPipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Ut,decorators:[{type:o,args:[{selector:"tb-filter-node-check-alarm-status-config",templateUrl:"./check-alarm-status.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:P.TranslateService},{type:q.FormBuilder}]},propDecorators:{alarmStatusInput:[{type:a,args:["alarmStatusInput",{static:!1}]}]}});class Kt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.separatorKeysCodes=[Z,X,ee]}configForm(){return this.checkMessageConfigForm}onConfigurationSet(e){this.checkMessageConfigForm=this.fb.group({messageNames:[e?e.messageNames:null,[]],metadataNames:[e?e.metadataNames:null,[]],checkAllKeys:[!!e&&e.checkAllKeys,[]]})}validateConfig(){const e=this.checkMessageConfigForm.get("messageNames").value,t=this.checkMessageConfigForm.get("metadataNames").value;return e.length>0||t.length>0}removeMessageName(e){const t=this.checkMessageConfigForm.get("messageNames").value,o=t.indexOf(e);o>=0&&(t.splice(o,1),this.checkMessageConfigForm.get("messageNames").setValue(t,{emitEvent:!0}))}removeMetadataName(e){const t=this.checkMessageConfigForm.get("metadataNames").value,o=t.indexOf(e);o>=0&&(t.splice(o,1),this.checkMessageConfigForm.get("metadataNames").setValue(t,{emitEvent:!0}))}addMessageName(e){const t=e.input;let o=e.value;if((o||"").trim()){o=o.trim();let e=this.checkMessageConfigForm.get("messageNames").value;e&&-1!==e.indexOf(o)||(e||(e=[]),e.push(o),this.checkMessageConfigForm.get("messageNames").setValue(e,{emitEvent:!0}))}t&&(t.value="")}addMetadataName(e){const t=e.input;let o=e.value;if((o||"").trim()){o=o.trim();let e=this.checkMessageConfigForm.get("metadataNames").value;e&&-1!==e.indexOf(o)||(e||(e=[]),e.push(o),this.checkMessageConfigForm.get("metadataNames").setValue(e,{emitEvent:!0}))}t&&(t.value="")}}e("CheckMessageConfigComponent",Kt),Kt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Kt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Kt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Kt,selector:"tb-filter-node-check-message-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="checkMessageConfigForm" fxLayout="column">\n  <label translate class="tb-title no-padding tb-required">tb.rulenode.data-keys</label>\n  <mat-form-field floatLabel="always" class="mat-block">\n    <mat-label></mat-label>\n    <mat-chip-list #messageNamesChipList>\n      <mat-chip\n        *ngFor="let messageName of checkMessageConfigForm.get(\'messageNames\').value;"\n        (removed)="removeMessageName(messageName)">\n        {{messageName}}\n        <mat-icon matChipRemove>close</mat-icon>\n      </mat-chip>\n      <input matInput type="text" placeholder="{{\'tb.rulenode.data-keys\' | translate}}"\n             style="max-width: 200px;"\n             [matChipInputFor]="messageNamesChipList"\n             [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n             (matChipInputTokenEnd)="addMessageName($event)"\n             [matChipInputAddOnBlur]="true">\n    </mat-chip-list>\n  </mat-form-field>\n  <div class="tb-hint" translate>tb.rulenode.separator-hint</div>\n  <label translate class="tb-title no-padding tb-required">tb.rulenode.metadata-keys</label>\n  <mat-form-field floatLabel="always" class="mat-block">\n    <mat-label></mat-label>\n    <mat-chip-list #metadataNamesChipList>\n      <mat-chip\n        *ngFor="let metadataName of checkMessageConfigForm.get(\'metadataNames\').value;"\n        (removed)="removeMetadataName(metadataName)">\n        {{metadataName}}\n        <mat-icon matChipRemove>close</mat-icon>\n      </mat-chip>\n      <input matInput type="text" placeholder="{{\'tb.rulenode.metadata-keys\' | translate}}"\n             style="max-width: 200px;"\n             [matChipInputFor]="metadataNamesChipList"\n             [matChipInputSeparatorKeyCodes]="separatorKeysCodes"\n             (matChipInputTokenEnd)="addMetadataName($event)"\n             [matChipInputAddOnBlur]="true">\n    </mat-chip-list>\n  </mat-form-field>\n  <div class="tb-hint" translate>tb.rulenode.separator-hint</div>\n  <mat-checkbox fxFlex formControlName="checkAllKeys" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.check-all-keys\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" translate>tb.rulenode.check-all-keys-hint</div>\n</section>\n',styles:[":host label.tb-title{margin-bottom:-10px}\n"],components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:te.MatChipList,selector:"mat-chip-list",inputs:["aria-orientation","multiple","compareWith","value","required","placeholder","disabled","selectable","tabIndex","errorStateMatcher"],outputs:["change","valueChange"],exportAs:["matChipList"]},{type:oe.MatIcon,selector:"mat-icon",inputs:["color","inline","svgIcon","fontSet","fontIcon"],exportAs:["matIcon"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:D.MatLabel,selector:"mat-label"},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:te.MatChip,selector:"mat-basic-chip, [mat-basic-chip], mat-chip, [mat-chip]",inputs:["color","disableRipple","tabIndex","selected","value","selectable","disabled","removable"],outputs:["selectionChange","destroyed","removed"],exportAs:["matChip"]},{type:te.MatChipRemove,selector:"[matChipRemove]"},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:te.MatChipInput,selector:"input[matChipInputFor]",inputs:["matChipInputSeparatorKeyCodes","placeholder","id","matChipInputFor","matChipInputAddOnBlur","disabled"],outputs:["matChipInputTokenEnd"],exportAs:["matChipInput","matChipInputFor"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Kt,decorators:[{type:o,args:[{selector:"tb-filter-node-check-message-config",templateUrl:"./check-message-config.component.html",styleUrls:["./check-message-config.component.scss"]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Bt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.entitySearchDirection=Object.keys(c),this.entitySearchDirectionTranslationsMap=g}configForm(){return this.checkRelationConfigForm}onConfigurationSet(e){this.checkRelationConfigForm=this.fb.group({checkForSingleEntity:[!!e&&e.checkForSingleEntity,[]],direction:[e?e.direction:null,[]],entityType:[e?e.entityType:null,e&&e.checkForSingleEntity?[k.required]:[]],entityId:[e?e.entityId:null,e&&e.checkForSingleEntity?[k.required]:[]],relationType:[e?e.relationType:null,[k.required]]})}validatorTriggers(){return["checkForSingleEntity"]}updateValidators(e){const t=this.checkRelationConfigForm.get("checkForSingleEntity").value;this.checkRelationConfigForm.get("entityType").setValidators(t?[k.required]:[]),this.checkRelationConfigForm.get("entityType").updateValueAndValidity({emitEvent:e}),this.checkRelationConfigForm.get("entityId").setValidators(t?[k.required]:[]),this.checkRelationConfigForm.get("entityId").updateValueAndValidity({emitEvent:e})}}e("CheckRelationConfigComponent",Bt),Bt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Bt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Bt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Bt,selector:"tb-filter-node-check-relation-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="checkRelationConfigForm" fxLayout="column">\n  <mat-checkbox fxFlex formControlName="checkForSingleEntity" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.check-relation-to-specific-entity\' | translate }}\n  </mat-checkbox>\n  <div class="tb-hint" translate>tb.rulenode.check-relation-hint</div>\n  <mat-form-field class="mat-block" style="min-width: 100px;">\n    <mat-label translate>relation.direction</mat-label>\n    <mat-select formControlName="direction" required>\n      <mat-option *ngFor="let direction of entitySearchDirection" [value]="direction">\n        {{ entitySearchDirectionTranslationsMap.get(direction) | translate }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n  <div fxLayout="row" *ngIf="checkRelationConfigForm.get(\'checkForSingleEntity\').value" style="padding-top: 20px">\n    <tb-entity-type-select\n      style="min-width: 100px; padding-bottom: 20px; padding-right: 8px;"\n      showLabel\n      required\n      formControlName="entityType">\n    </tb-entity-type-select>\n    <tb-entity-autocomplete\n      fxFlex\n      required\n      *ngIf="checkRelationConfigForm.get(\'entityType\').value"\n      [entityType]="checkRelationConfigForm.get(\'entityType\').value"\n      formControlName="entityId">\n    </tb-entity-autocomplete>\n  </div>\n  <tb-relation-type-autocomplete\n    required\n    formControlName="relationType">\n  </tb-relation-type-autocomplete>\n</section>\n',components:[{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]},{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:ae.EntityTypeSelectComponent,selector:"tb-entity-type-select",inputs:["allowedEntityTypes","useAliasEntityTypes","showLabel","required","disabled"]},{type:ve.EntityAutocompleteComponent,selector:"tb-entity-autocomplete",inputs:["entityType","entitySubtype","excludeEntityIds","labelText","requiredText","required","disabled"],outputs:["entityChanged"]},{type:ye.RelationTypeAutocompleteComponent,selector:"tb-relation-type-autocomplete",inputs:["required","disabled"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:D.MatLabel,selector:"mat-label"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Bt,decorators:[{type:o,args:[{selector:"tb-filter-node-check-relation-config",templateUrl:"./check-relation-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class jt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.perimeterType=Ae,this.perimeterTypes=Object.keys(Ae),this.perimeterTypeTranslationMap=Ge,this.rangeUnits=Object.keys(Ee),this.rangeUnitTranslationMap=Pe}configForm(){return this.geoFilterConfigForm}onConfigurationSet(e){this.geoFilterConfigForm=this.fb.group({latitudeKeyName:[e?e.latitudeKeyName:null,[k.required]],longitudeKeyName:[e?e.longitudeKeyName:null,[k.required]],perimeterType:[e?e.perimeterType:null,[k.required]],fetchPerimeterInfoFromMessageMetadata:[!!e&&e.fetchPerimeterInfoFromMessageMetadata,[]],perimeterKeyName:[e?e.perimeterKeyName:null,[]],centerLatitude:[e?e.centerLatitude:null,[]],centerLongitude:[e?e.centerLatitude:null,[]],range:[e?e.range:null,[]],rangeUnit:[e?e.rangeUnit:null,[]],polygonsDefinition:[e?e.polygonsDefinition:null,[]]})}validatorTriggers(){return["fetchPerimeterInfoFromMessageMetadata","perimeterType"]}updateValidators(e){const t=this.geoFilterConfigForm.get("fetchPerimeterInfoFromMessageMetadata").value,o=this.geoFilterConfigForm.get("perimeterType").value;t?this.geoFilterConfigForm.get("perimeterKeyName").setValidators([k.required]):this.geoFilterConfigForm.get("perimeterKeyName").setValidators([]),t||o!==Ae.CIRCLE?(this.geoFilterConfigForm.get("centerLatitude").setValidators([]),this.geoFilterConfigForm.get("centerLongitude").setValidators([]),this.geoFilterConfigForm.get("range").setValidators([]),this.geoFilterConfigForm.get("rangeUnit").setValidators([])):(this.geoFilterConfigForm.get("centerLatitude").setValidators([k.required,k.min(-90),k.max(90)]),this.geoFilterConfigForm.get("centerLongitude").setValidators([k.required,k.min(-180),k.max(180)]),this.geoFilterConfigForm.get("range").setValidators([k.required,k.min(0)]),this.geoFilterConfigForm.get("rangeUnit").setValidators([k.required])),t||o!==Ae.POLYGON?this.geoFilterConfigForm.get("polygonsDefinition").setValidators([]):this.geoFilterConfigForm.get("polygonsDefinition").setValidators([k.required]),this.geoFilterConfigForm.get("perimeterKeyName").updateValueAndValidity({emitEvent:e}),this.geoFilterConfigForm.get("centerLatitude").updateValueAndValidity({emitEvent:e}),this.geoFilterConfigForm.get("centerLongitude").updateValueAndValidity({emitEvent:e}),this.geoFilterConfigForm.get("range").updateValueAndValidity({emitEvent:e}),this.geoFilterConfigForm.get("rangeUnit").updateValueAndValidity({emitEvent:e}),this.geoFilterConfigForm.get("polygonsDefinition").updateValueAndValidity({emitEvent:e})}}e("GpsGeoFilterConfigComponent",jt),jt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:jt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),jt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:jt,selector:"tb-filter-node-gps-geofencing-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="geoFilterConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.latitude-key-name</mat-label>\n    <input matInput formControlName="latitudeKeyName" required>\n    <mat-error *ngIf="geoFilterConfigForm.get(\'latitudeKeyName\').hasError(\'required\')">\n      {{ \'tb.rulenode.latitude-key-name-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.longitude-key-name</mat-label>\n    <input matInput formControlName="longitudeKeyName" required>\n    <mat-error *ngIf="geoFilterConfigForm.get(\'longitudeKeyName\').hasError(\'required\')">\n      {{ \'tb.rulenode.longitude-key-name-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <mat-form-field fxFlex class="mat-block">\n    <mat-label translate>tb.rulenode.perimeter-type</mat-label>\n    <mat-select formControlName="perimeterType" required>\n      <mat-option *ngFor="let type of perimeterTypes" [value]="type">\n        {{ perimeterTypeTranslationMap.get(type) | translate }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n  <mat-checkbox fxFlex formControlName="fetchPerimeterInfoFromMessageMetadata" style="padding-bottom: 16px;">\n    {{ \'tb.rulenode.fetch-perimeter-info-from-message-metadata\' | translate }}\n  </mat-checkbox>\n  <mat-form-field *ngIf="geoFilterConfigForm.get(\'fetchPerimeterInfoFromMessageMetadata\').value" class="mat-block">\n    <mat-label translate>tb.rulenode.perimeter-key-name</mat-label>\n    <input matInput formControlName="perimeterKeyName" required>\n    <mat-error *ngIf="geoFilterConfigForm.get(\'perimeterKeyName\').hasError(\'required\')">\n      {{ \'tb.rulenode.perimeter-key-name-required\' | translate }}\n    </mat-error>\n  </mat-form-field>\n  <div fxLayout="column"\n       *ngIf="geoFilterConfigForm.get(\'perimeterType\').value === perimeterType.CIRCLE &&\n       !geoFilterConfigForm.get(\'fetchPerimeterInfoFromMessageMetadata\').value">\n    <div fxLayout="row" fxLayoutGap="8px">\n      <mat-form-field fxFlex>\n        <mat-label translate>tb.rulenode.circle-center-latitude</mat-label>\n        <input type="number" min="-90" max="90" step="0.1" matInput formControlName="centerLatitude" required>\n        <mat-error *ngIf="geoFilterConfigForm.get(\'centerLatitude\').hasError(\'required\')">\n          {{ \'tb.rulenode.circle-center-latitude-required\' | translate }}\n        </mat-error>\n      </mat-form-field>\n      <mat-form-field fxFlex>\n        <mat-label translate>tb.rulenode.circle-center-longitude</mat-label>\n        <input type="number" min="-180" max="180" step="0.1" matInput formControlName="centerLongitude" required>\n        <mat-error *ngIf="geoFilterConfigForm.get(\'centerLongitude\').hasError(\'required\')">\n          {{ \'tb.rulenode.circle-center-longitude-required\' | translate }}\n        </mat-error>\n      </mat-form-field>\n    </div>\n    <div fxLayout="row" fxLayoutGap="8px">\n      <mat-form-field fxFlex>\n        <mat-label translate>tb.rulenode.range</mat-label>\n        <input type="number" min="0" step="0.1" matInput formControlName="range" required>\n        <mat-error *ngIf="geoFilterConfigForm.get(\'range\').hasError(\'required\')">\n          {{ \'tb.rulenode.range-required\' | translate }}\n        </mat-error>\n      </mat-form-field>\n      <mat-form-field fxFlex>\n        <mat-label translate>tb.rulenode.range-units</mat-label>\n        <mat-select formControlName="rangeUnit" required>\n          <mat-option *ngFor="let type of rangeUnits" [value]="type">\n            {{ rangeUnitTranslationMap.get(type) | translate }}\n          </mat-option>\n        </mat-select>\n      </mat-form-field>\n    </div>\n  </div>\n  <div fxLayout="row" *ngIf="geoFilterConfigForm.get(\'perimeterType\').value === perimeterType.POLYGON &&\n                             !geoFilterConfigForm.get(\'fetchPerimeterInfoFromMessageMetadata\').value">\n    <div fxLayout="column" fxFlex="100">\n      <mat-form-field class="mat-block" hintLabel="{{\'tb.rulenode.polygon-definition-hint\' | translate}}">\n        <mat-label translate>tb.rulenode.polygon-definition</mat-label>\n        <input matInput formControlName="polygonsDefinition" required>\n        <mat-error *ngIf="geoFilterConfigForm.get(\'polygonsDefinition\').hasError(\'required\')">\n          {{ \'tb.rulenode.polygon-definition-required\' | translate }}\n        </mat-error>\n      </mat-form-field>\n    </div>\n  </div>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:V.MatCheckbox,selector:"mat-checkbox",inputs:["disableRipple","color","tabIndex","aria-label","aria-labelledby","id","labelPosition","name","required","checked","disabled","indeterminate","aria-describedby","value"],outputs:["change","indeterminateChange"],exportAs:["matCheckbox"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:E.DefaultLayoutGapDirective,selector:"  [fxLayoutGap], [fxLayoutGap.xs], [fxLayoutGap.sm], [fxLayoutGap.md],  [fxLayoutGap.lg], [fxLayoutGap.xl], [fxLayoutGap.lt-sm], [fxLayoutGap.lt-md],  [fxLayoutGap.lt-lg], [fxLayoutGap.lt-xl], [fxLayoutGap.gt-xs], [fxLayoutGap.gt-sm],  [fxLayoutGap.gt-md], [fxLayoutGap.gt-lg]",inputs:["fxLayoutGap","fxLayoutGap.xs","fxLayoutGap.sm","fxLayoutGap.md","fxLayoutGap.lg","fxLayoutGap.xl","fxLayoutGap.lt-sm","fxLayoutGap.lt-md","fxLayoutGap.lt-lg","fxLayoutGap.lt-xl","fxLayoutGap.gt-xs","fxLayoutGap.gt-sm","fxLayoutGap.gt-md","fxLayoutGap.gt-lg"]},{type:q.MinValidator,selector:"input[type=number][min][formControlName],input[type=number][min][formControl],input[type=number][min][ngModel]",inputs:["min"]},{type:q.MaxValidator,selector:"input[type=number][max][formControlName],input[type=number][max][formControl],input[type=number][max][ngModel]",inputs:["max"]},{type:q.NumberValueAccessor,selector:"input[type=number][formControlName],input[type=number][formControl],input[type=number][ngModel]"}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:jt,decorators:[{type:o,args:[{selector:"tb-filter-node-gps-geofencing-config",templateUrl:"./gps-geo-filter-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class zt extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.messageTypeConfigForm}onConfigurationSet(e){this.messageTypeConfigForm=this.fb.group({messageTypes:[e?e.messageTypes:null,[k.required]]})}}e("MessageTypeConfigComponent",zt),zt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:zt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),zt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:zt,selector:"tb-filter-node-message-type-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="messageTypeConfigForm" fxLayout="column">\n  <tb-message-types-config\n    required\n    label="tb.rulenode.message-types-filter"\n    formControlName="messageTypes"\n  ></tb-message-types-config>\n</section>\n',components:[{type:kt,selector:"tb-message-types-config",inputs:["required","label","placeholder","disabled"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]}]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:zt,decorators:[{type:o,args:[{selector:"tb-filter-node-message-type-config",templateUrl:"./message-type-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class _t extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.allowedEntityTypes=[x.DEVICE,x.ASSET,x.ENTITY_VIEW,x.TENANT,x.CUSTOMER,x.USER,x.DASHBOARD,x.RULE_CHAIN,x.RULE_NODE]}configForm(){return this.originatorTypeConfigForm}onConfigurationSet(e){this.originatorTypeConfigForm=this.fb.group({originatorTypes:[e?e.originatorTypes:null,[k.required]]})}}e("OriginatorTypeConfigComponent",_t),_t.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:_t,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),_t.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:_t,selector:"tb-filter-node-originator-type-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="originatorTypeConfigForm" fxLayout="column">\n  <label translate class="tb-title no-padding tb-required">tb.rulenode.originator-types-filter</label>\n  <tb-entity-type-list fxFlex\n                       formControlName="originatorTypes"\n                       [allowedEntityTypes]="allowedEntityTypes"\n                       [ignoreAuthorityFilter]="true"\n                       required>\n  </tb-entity-type-list>\n</section>\n',styles:[":host ::ng-deep tb-entity-type-list .mat-form-field-flex{padding-top:0}:host ::ng-deep tb-entity-type-list .mat-form-field-infix{border-top:0}\n"],components:[{type:Ie.EntityTypeListComponent,selector:"tb-entity-type-list",inputs:["required","disabled","allowedEntityTypes","ignoreAuthorityFilter"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:E.DefaultFlexDirective,selector:"  [fxFlex], [fxFlex.xs], [fxFlex.sm], [fxFlex.md],  [fxFlex.lg], [fxFlex.xl], [fxFlex.lt-sm], [fxFlex.lt-md],  [fxFlex.lt-lg], [fxFlex.lt-xl], [fxFlex.gt-xs], [fxFlex.gt-sm],  [fxFlex.gt-md], [fxFlex.gt-lg]",inputs:["fxFlex","fxFlex.xs","fxFlex.sm","fxFlex.md","fxFlex.lg","fxFlex.xl","fxFlex.lt-sm","fxFlex.lt-md","fxFlex.lt-lg","fxFlex.lt-xl","fxFlex.gt-xs","fxFlex.gt-sm","fxFlex.gt-md","fxFlex.gt-lg"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]}]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:_t,decorators:[{type:o,args:[{selector:"tb-filter-node-originator-type-config",templateUrl:"./originator-type-config.component.html",styleUrls:["./originator-type-config.component.scss"]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Qt extends s{constructor(e,t,o,r){super(e),this.store=e,this.fb=t,this.nodeScriptTestService=o,this.translate=r}configForm(){return this.scriptConfigForm}onConfigurationSet(e){this.scriptConfigForm=this.fb.group({jsScript:[e?e.jsScript:null,[k.required]]})}testScript(){const e=this.scriptConfigForm.get("jsScript").value;this.nodeScriptTestService.testNodeScript(e,"filter",this.translate.instant("tb.rulenode.filter"),"Filter",["msg","metadata","msgType"],this.ruleNodeId,"rulenode/filter_node_script_fn").subscribe((e=>{e&&this.scriptConfigForm.get("jsScript").setValue(e)}))}onValidate(){this.jsFuncComponent.validateOnSubmit()}}e("ScriptConfigComponent",Qt),Qt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Qt,deps:[{token:T.Store},{token:q.FormBuilder},{token:Q.NodeScriptTestService},{token:P.TranslateService}],target:t.ɵɵFactoryTarget.Component}),Qt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Qt,selector:"tb-filter-node-script-config",viewQueries:[{propertyName:"jsFuncComponent",first:!0,predicate:["jsFuncComponent"],descendants:!0,static:!0}],usesInheritance:!0,ngImport:t,template:'<section [formGroup]="scriptConfigForm" fxLayout="column">\n  <label translate class="tb-title no-padding">tb.rulenode.filter</label>\n  <tb-js-func #jsFuncComponent\n              formControlName="jsScript"\n              functionName="Filter"\n              [functionArgs]="[\'msg\', \'metadata\', \'msgType\']"\n              helpId="rulenode/filter_node_script_fn"\n              noValidate="true">\n  </tb-js-func>\n  <div fxLayout="row">\n    <button mat-button mat-raised-button color="primary" (click)="testScript()">\n      {{ \'tb.rulenode.test-filter-function\' | translate }}\n    </button>\n  </div>\n</section>\n',components:[{type:Y.JsFuncComponent,selector:"tb-js-func",inputs:["functionTitle","functionName","functionArgs","validationArgs","resultType","disabled","fillHeight","minHeight","editorCompleter","globalVariables","disableUndefinedCheck","helpId","noValidate","required"]},{type:J.MatButton,selector:"button[mat-button], button[mat-raised-button], button[mat-icon-button],             button[mat-fab], button[mat-mini-fab], button[mat-stroked-button],             button[mat-flat-button]",inputs:["disabled","disableRipple","color"],exportAs:["matButton"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Qt,decorators:[{type:o,args:[{selector:"tb-filter-node-script-config",templateUrl:"./script-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder},{type:Q.NodeScriptTestService},{type:P.TranslateService}]},propDecorators:{jsFuncComponent:[{type:a,args:["jsFuncComponent",{static:!0}]}]}});class $t extends s{constructor(e,t,o,r){super(e),this.store=e,this.fb=t,this.nodeScriptTestService=o,this.translate=r}configForm(){return this.switchConfigForm}onConfigurationSet(e){this.switchConfigForm=this.fb.group({jsScript:[e?e.jsScript:null,[k.required]]})}testScript(){const e=this.switchConfigForm.get("jsScript").value;this.nodeScriptTestService.testNodeScript(e,"switch",this.translate.instant("tb.rulenode.switch"),"Switch",["msg","metadata","msgType"],this.ruleNodeId,"rulenode/switch_node_script_fn").subscribe((e=>{e&&this.switchConfigForm.get("jsScript").setValue(e)}))}onValidate(){this.jsFuncComponent.validateOnSubmit()}}e("SwitchConfigComponent",$t),$t.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:$t,deps:[{token:T.Store},{token:q.FormBuilder},{token:Q.NodeScriptTestService},{token:P.TranslateService}],target:t.ɵɵFactoryTarget.Component}),$t.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:$t,selector:"tb-filter-node-switch-config",viewQueries:[{propertyName:"jsFuncComponent",first:!0,predicate:["jsFuncComponent"],descendants:!0,static:!0}],usesInheritance:!0,ngImport:t,template:'<section [formGroup]="switchConfigForm" fxLayout="column">\n  <label translate class="tb-title no-padding">tb.rulenode.switch</label>\n  <tb-js-func #jsFuncComponent\n              formControlName="jsScript"\n              functionName="Switch"\n              [functionArgs]="[\'msg\', \'metadata\', \'msgType\']"\n              helpId="rulenode/switch_node_script_fn"\n              noValidate="true">\n  </tb-js-func>\n  <div fxLayout="row">\n    <button mat-button mat-raised-button color="primary" (click)="testScript()">\n      {{ \'tb.rulenode.test-switch-function\' | translate }}\n    </button>\n  </div>\n</section>\n',components:[{type:Y.JsFuncComponent,selector:"tb-js-func",inputs:["functionTitle","functionName","functionArgs","validationArgs","resultType","disabled","fillHeight","minHeight","editorCompleter","globalVariables","disableUndefinedCheck","helpId","noValidate","required"]},{type:J.MatButton,selector:"button[mat-button], button[mat-raised-button], button[mat-icon-button],             button[mat-fab], button[mat-mini-fab], button[mat-stroked-button],             button[mat-flat-button]",inputs:["disabled","disableRipple","color"],exportAs:["matButton"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:$t,decorators:[{type:o,args:[{selector:"tb-filter-node-switch-config",templateUrl:"./switch-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder},{type:Q.NodeScriptTestService},{type:P.TranslateService}]},propDecorators:{jsFuncComponent:[{type:a,args:["jsFuncComponent",{static:!0}]}]}});class Wt{}e("RuleNodeCoreConfigFilterModule",Wt),Wt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Wt,deps:[],target:t.ɵɵFactoryTarget.NgModule}),Wt.ɵmod=t.ɵɵngDeclareNgModule({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Wt,declarations:[Kt,Bt,jt,zt,_t,Qt,$t,Ut],imports:[O,F,Mt],exports:[Kt,Bt,jt,zt,_t,Qt,$t,Ut]}),Wt.ɵinj=t.ɵɵngDeclareInjector({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Wt,imports:[[O,F,Mt]]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Wt,decorators:[{type:i,args:[{declarations:[Kt,Bt,jt,zt,_t,Qt,$t,Ut],imports:[O,F,Mt],exports:[Kt,Bt,jt,zt,_t,Qt,$t,Ut]}]}]});class Yt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.originatorSource=Me,this.originatorSources=Object.keys(Me),this.originatorSourceTranslationMap=Se}configForm(){return this.changeOriginatorConfigForm}onConfigurationSet(e){this.changeOriginatorConfigForm=this.fb.group({originatorSource:[e?e.originatorSource:null,[k.required]],relationsQuery:[e?e.relationsQuery:null,[]]})}validatorTriggers(){return["originatorSource"]}updateValidators(e){const t=this.changeOriginatorConfigForm.get("originatorSource").value;t&&t===Me.RELATED?this.changeOriginatorConfigForm.get("relationsQuery").setValidators([k.required]):this.changeOriginatorConfigForm.get("relationsQuery").setValidators([]),this.changeOriginatorConfigForm.get("relationsQuery").updateValueAndValidity({emitEvent:e})}}e("ChangeOriginatorConfigComponent",Yt),Yt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Yt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Yt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Yt,selector:"tb-transformation-node-change-originator-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="changeOriginatorConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.originator-source</mat-label>\n    <mat-select formControlName="originatorSource" required>\n      <mat-option *ngFor="let source of originatorSources" [value]="source">\n        {{ originatorSourceTranslationMap.get(source) | translate }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n  <section fxLayout="column" *ngIf="changeOriginatorConfigForm.get(\'originatorSource\').value === originatorSource.RELATED">\n    <label translate class="tb-title tb-required">tb.rulenode.relations-query</label>\n    <tb-relations-query-config\n      required\n      formControlName="relationsQuery"\n      style="padding-bottom: 15px;">\n    </tb-relations-query-config>\n  </section>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]},{type:qt,selector:"tb-relations-query-config",inputs:["disabled","required"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Yt,decorators:[{type:o,args:[{selector:"tb-transformation-node-change-originator-config",templateUrl:"./change-originator-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Jt extends s{constructor(e,t,o,r){super(e),this.store=e,this.fb=t,this.nodeScriptTestService=o,this.translate=r}configForm(){return this.scriptConfigForm}onConfigurationSet(e){this.scriptConfigForm=this.fb.group({jsScript:[e?e.jsScript:null,[k.required]]})}testScript(){const e=this.scriptConfigForm.get("jsScript").value;this.nodeScriptTestService.testNodeScript(e,"update",this.translate.instant("tb.rulenode.transformer"),"Transform",["msg","metadata","msgType"],this.ruleNodeId,"rulenode/transformation_node_script_fn").subscribe((e=>{e&&this.scriptConfigForm.get("jsScript").setValue(e)}))}onValidate(){this.jsFuncComponent.validateOnSubmit()}}e("TransformScriptConfigComponent",Jt),Jt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Jt,deps:[{token:T.Store},{token:q.FormBuilder},{token:Q.NodeScriptTestService},{token:P.TranslateService}],target:t.ɵɵFactoryTarget.Component}),Jt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Jt,selector:"tb-transformation-node-script-config",viewQueries:[{propertyName:"jsFuncComponent",first:!0,predicate:["jsFuncComponent"],descendants:!0,static:!0}],usesInheritance:!0,ngImport:t,template:'<section [formGroup]="scriptConfigForm" fxLayout="column">\n  <label translate class="tb-title no-padding">tb.rulenode.transform</label>\n  <tb-js-func #jsFuncComponent\n              formControlName="jsScript"\n              functionName="Transform"\n              helpId="rulenode/transformation_node_script_fn"\n              [functionArgs]="[\'msg\', \'metadata\', \'msgType\']"\n              noValidate="true">\n  </tb-js-func>\n  <div fxLayout="row">\n    <button mat-button mat-raised-button color="primary" (click)="testScript()">\n      {{ \'tb.rulenode.test-transformer-function\' | translate }}\n    </button>\n  </div>\n</section>\n',components:[{type:Y.JsFuncComponent,selector:"tb-js-func",inputs:["functionTitle","functionName","functionArgs","validationArgs","resultType","disabled","fillHeight","minHeight","editorCompleter","globalVariables","disableUndefinedCheck","helpId","noValidate","required"]},{type:J.MatButton,selector:"button[mat-button], button[mat-raised-button], button[mat-icon-button],             button[mat-fab], button[mat-mini-fab], button[mat-stroked-button],             button[mat-flat-button]",inputs:["disabled","disableRipple","color"],exportAs:["matButton"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Jt,decorators:[{type:o,args:[{selector:"tb-transformation-node-script-config",templateUrl:"./script-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder},{type:Q.NodeScriptTestService},{type:P.TranslateService}]},propDecorators:{jsFuncComponent:[{type:a,args:["jsFuncComponent",{static:!0}]}]}});class Zt extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.mailBodyTypes=[{name:"tb.mail-body-type.plain-text",value:"false"},{name:"tb.mail-body-type.html",value:"true"},{name:"tb.mail-body-type.dynamic",value:"dynamic"}]}configForm(){return this.toEmailConfigForm}onConfigurationSet(e){this.toEmailConfigForm=this.fb.group({fromTemplate:[e?e.fromTemplate:null,[k.required]],toTemplate:[e?e.toTemplate:null,[k.required]],ccTemplate:[e?e.ccTemplate:null,[]],bccTemplate:[e?e.bccTemplate:null,[]],subjectTemplate:[e?e.subjectTemplate:null,[k.required]],mailBodyType:[e?e.mailBodyType:null],isHtmlTemplate:[e?e.isHtmlTemplate:null],bodyTemplate:[e?e.bodyTemplate:null,[k.required]]}),this.toEmailConfigForm.get("mailBodyType").valueChanges.pipe(ue([null==e?void 0:e.subjectTemplate])).subscribe((e=>{"dynamic"===e?(this.toEmailConfigForm.get("isHtmlTemplate").patchValue("",{emitEvent:!1}),this.toEmailConfigForm.get("isHtmlTemplate").setValidators(k.required)):this.toEmailConfigForm.get("isHtmlTemplate").clearValidators(),this.toEmailConfigForm.get("isHtmlTemplate").updateValueAndValidity()}))}}e("ToEmailConfigComponent",Zt),Zt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Zt,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),Zt.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:Zt,selector:"tb-transformation-node-to-email-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="toEmailConfigForm" fxLayout="column">\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.from-template</mat-label>\n    <textarea required matInput formControlName="fromTemplate" rows="2"></textarea>\n    <mat-error *ngIf="toEmailConfigForm.get(\'fromTemplate\').hasError(\'required\')">\n      {{ \'tb.rulenode.from-template-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.to-template</mat-label>\n    <textarea required matInput formControlName="toTemplate" rows="2"></textarea>\n    <mat-error *ngIf="toEmailConfigForm.get(\'toTemplate\').hasError(\'required\')">\n      {{ \'tb.rulenode.to-template-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.mail-address-list-template-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block" style="padding-bottom: 24px;">\n    <mat-label translate>tb.rulenode.cc-template</mat-label>\n    <textarea matInput formControlName="ccTemplate" rows="2"></textarea>\n    <mat-hint [innerHTML]="\'tb.rulenode.mail-address-list-template-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block" style="padding-bottom: 24px;">\n    <mat-label translate>tb.rulenode.bcc-template</mat-label>\n    <textarea matInput formControlName="bccTemplate" rows="2"></textarea>\n    <mat-hint [innerHTML]="\'tb.rulenode.mail-address-list-template-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block" style="padding-bottom: 24px;">\n    <mat-label translate>tb.rulenode.subject-template</mat-label>\n    <textarea required matInput formControlName="subjectTemplate" rows="2"></textarea>\n    <mat-error *ngIf="toEmailConfigForm.get(\'subjectTemplate\').hasError(\'required\')">\n      {{ \'tb.rulenode.subject-template-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block">\n    <mat-label translate>tb.rulenode.mail-body-type</mat-label>\n    <mat-select formControlName="mailBodyType">\n      <mat-option *ngFor="let type of mailBodyTypes" [value]="type.value">\n        {{ type.name | translate }}\n      </mat-option>\n    </mat-select>\n  </mat-form-field>\n  <mat-form-field class="mat-block" *ngIf="toEmailConfigForm.get(\'mailBodyType\').value === \'dynamic\'" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.dynamic-mail-body-type</mat-label>\n    <input required matInput formControlName="isHtmlTemplate">\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n  <mat-form-field class="mat-block" style="padding-bottom: 16px;">\n    <mat-label translate>tb.rulenode.body-template</mat-label>\n    <textarea required matInput formControlName="bodyTemplate" rows="6"></textarea>\n    <mat-error *ngIf="toEmailConfigForm.get(\'bodyTemplate\').hasError(\'required\')">\n      {{ \'tb.rulenode.body-template-required\' | translate }}\n    </mat-error>\n    <mat-hint [innerHTML]="\'tb.rulenode.general-pattern-hint\' | translate | safeHtml"></mat-hint>\n  </mat-form-field>\n</section>\n',components:[{type:D.MatFormField,selector:"mat-form-field",inputs:["color","floatLabel","appearance","hideRequiredMarker","hintLabel"],exportAs:["matFormField"]},{type:U.MatSelect,selector:"mat-select",inputs:["disabled","disableRipple","tabIndex"],exportAs:["matSelect"]},{type:K.MatOption,selector:"mat-option",exportAs:["matOption"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:D.MatLabel,selector:"mat-label"},{type:P.TranslateDirective,selector:"[translate],[ngx-translate]",inputs:["translate","translateParams"]},{type:R.MatInput,selector:"input[matInput], textarea[matInput], select[matNativeControl],      input[matNativeControl], textarea[matNativeControl]",inputs:["id","disabled","required","type","value","readonly","placeholder","errorStateMatcher","aria-describedby"],exportAs:["matInput"]},{type:q.DefaultValueAccessor,selector:"input:not([type=checkbox])[formControlName],textarea[formControlName],input:not([type=checkbox])[formControl],textarea[formControl],input:not([type=checkbox])[ngModel],textarea[ngModel],[ngDefaultControl]"},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]},{type:w.NgIf,selector:"[ngIf]",inputs:["ngIf","ngIfThen","ngIfElse"]},{type:D.MatError,selector:"mat-error",inputs:["id"]},{type:D.MatHint,selector:"mat-hint",inputs:["align","id"]},{type:w.NgForOf,selector:"[ngFor][ngForOf]",inputs:["ngForOf","ngForTrackBy","ngForTemplate"]}],pipes:{translate:P.TranslatePipe,safeHtml:Te}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Zt,decorators:[{type:o,args:[{selector:"tb-transformation-node-to-email-config",templateUrl:"./to-email-config.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class Xt{}e("RulenodeCoreConfigTransformModule",Xt),Xt.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Xt,deps:[],target:t.ɵɵFactoryTarget.NgModule}),Xt.ɵmod=t.ɵɵngDeclareNgModule({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Xt,declarations:[Yt,Jt,Zt],imports:[O,F,Mt],exports:[Yt,Jt,Zt]}),Xt.ɵinj=t.ɵɵngDeclareInjector({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Xt,imports:[[O,F,Mt]]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:Xt,decorators:[{type:i,args:[{declarations:[Yt,Jt,Zt],imports:[O,F,Mt],exports:[Yt,Jt,Zt]}]}]});class eo extends s{constructor(e,t){super(e),this.store=e,this.fb=t,this.entityType=x}configForm(){return this.ruleChainInputConfigForm}onConfigurationSet(e){this.ruleChainInputConfigForm=this.fb.group({ruleChainId:[e?e.ruleChainId:null,[k.required]]})}}e("RuleChainInputComponent",eo),eo.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:eo,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),eo.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:eo,selector:"tb-flow-node-rule-chain-input-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="ruleChainInputConfigForm" fxLayout="column">\n  <tb-entity-autocomplete required\n                          [excludeEntityIds]="[ruleChainId]"\n                          [entityType]="entityType.RULE_CHAIN"\n                          [entitySubtype]="ruleChainType"\n                          formControlName="ruleChainId">\n  </tb-entity-autocomplete>\n</section>\n',components:[{type:ve.EntityAutocompleteComponent,selector:"tb-entity-autocomplete",inputs:["entityType","entitySubtype","excludeEntityIds","labelText","requiredText","required","disabled"],outputs:["entityChanged"]}],directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]},{type:q.RequiredValidator,selector:":not([type=checkbox])[required][formControlName],:not([type=checkbox])[required][formControl],:not([type=checkbox])[required][ngModel]",inputs:["required"]},{type:q.NgControlStatus,selector:"[formControlName],[ngModel],[formControl]"},{type:q.FormControlName,selector:"[formControlName]",inputs:["disabled","formControlName","ngModel"],outputs:["ngModelChange"]}]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:eo,decorators:[{type:o,args:[{selector:"tb-flow-node-rule-chain-input-config",templateUrl:"./rule-chain-input.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class to extends s{constructor(e,t){super(e),this.store=e,this.fb=t}configForm(){return this.ruleChainOutputConfigForm}onConfigurationSet(e){this.ruleChainOutputConfigForm=this.fb.group({})}}e("RuleChainOutputComponent",to),to.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:to,deps:[{token:T.Store},{token:q.FormBuilder}],target:t.ɵɵFactoryTarget.Component}),to.ɵcmp=t.ɵɵngDeclareComponent({minVersion:"12.0.0",version:"12.2.15",type:to,selector:"tb-flow-node-rule-chain-output-config",usesInheritance:!0,ngImport:t,template:'<section [formGroup]="ruleChainOutputConfigForm" fxLayout="column">\n  <div innerHTML="{{ \'tb.rulenode.output-node-name-hint\' | translate }}"></div>\n</section>\n',directives:[{type:E.DefaultLayoutDirective,selector:"  [fxLayout], [fxLayout.xs], [fxLayout.sm], [fxLayout.md],  [fxLayout.lg], [fxLayout.xl], [fxLayout.lt-sm], [fxLayout.lt-md],  [fxLayout.lt-lg], [fxLayout.lt-xl], [fxLayout.gt-xs], [fxLayout.gt-sm],  [fxLayout.gt-md], [fxLayout.gt-lg]",inputs:["fxLayout","fxLayout.xs","fxLayout.sm","fxLayout.md","fxLayout.lg","fxLayout.xl","fxLayout.lt-sm","fxLayout.lt-md","fxLayout.lt-lg","fxLayout.lt-xl","fxLayout.gt-xs","fxLayout.gt-sm","fxLayout.gt-md","fxLayout.gt-lg"]},{type:q.NgControlStatusGroup,selector:"[formGroupName],[formArrayName],[ngModelGroup],[formGroup],form:not([ngNoForm]),[ngForm]"},{type:q.FormGroupDirective,selector:"[formGroup]",inputs:["formGroup"],outputs:["ngSubmit"],exportAs:["ngForm"]}],pipes:{translate:P.TranslatePipe}}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:to,decorators:[{type:o,args:[{selector:"tb-flow-node-rule-chain-output-config",templateUrl:"./rule-chain-output.component.html",styleUrls:[]}]}],ctorParameters:function(){return[{type:T.Store},{type:q.FormBuilder}]}});class oo{}e("RuleNodeCoreConfigFlowModule",oo),oo.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:oo,deps:[],target:t.ɵɵFactoryTarget.NgModule}),oo.ɵmod=t.ɵɵngDeclareNgModule({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:oo,declarations:[eo,to],imports:[O,F,Mt],exports:[eo,to]}),oo.ɵinj=t.ɵɵngDeclareInjector({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:oo,imports:[[O,F,Mt]]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:oo,decorators:[{type:i,args:[{declarations:[eo,to],imports:[O,F,Mt],exports:[eo,to]}]}]});class ro{constructor(e){!function(e){e.setTranslation("en_US",{tb:{rulenode:{"create-entity-if-not-exists":"Create new entity if not exists","create-entity-if-not-exists-hint":"Create a new entity set above if it does not exist.","entity-name-pattern":"Name pattern","entity-name-pattern-required":"Name pattern is required","entity-type-pattern":"Type pattern","entity-type-pattern-required":"Type pattern is required","entity-cache-expiration":"Entities cache expiration time (sec)","entity-cache-expiration-hint":"Specifies maximum time interval allowed to store found entity records. 0 value means that records will never expire.","entity-cache-expiration-required":"Entities cache expiration time is required.","entity-cache-expiration-range":"Entities cache expiration time should be greater than or equal to 0.","customer-name-pattern":"Customer name pattern","customer-name-pattern-required":"Customer name pattern is required","create-customer-if-not-exists":"Create new customer if not exists","customer-cache-expiration":"Customers cache expiration time (sec)","customer-cache-expiration-hint":"Specifies maximum time interval allowed to store found customer records. 0 value means that records will never expire.","customer-cache-expiration-required":"Customers cache expiration time is required.","customer-cache-expiration-range":"Customers cache expiration time should be greater than or equal to 0.","start-interval":"Start Interval","end-interval":"End Interval","start-interval-time-unit":"Start Interval Time Unit","end-interval-time-unit":"End Interval Time Unit","fetch-mode":"Fetch mode","fetch-mode-hint":"If selected fetch mode 'ALL'  you able to choose telemetry sampling order.","order-by":"Order by","order-by-hint":"Select to choose telemetry sampling order.",limit:"Limit","limit-hint":"Min limit value is 2, max - 1000. In case you want to fetch a single entry, select fetch mode 'FIRST' or 'LAST'.","time-unit-milliseconds":"Milliseconds","time-unit-seconds":"Seconds","time-unit-minutes":"Minutes","time-unit-hours":"Hours","time-unit-days":"Days","time-value-range":"Time value should be in a range from 1 to 2147483647.","start-interval-value-required":"Start interval value is required.","end-interval-value-required":"End interval value is required.",filter:"Filter",switch:"Switch","message-type":"Message type","message-type-required":"Message type is required.","message-types-filter":"Message types filter","no-message-types-found":"No message types found","no-message-type-matching":"'{{messageType}}' not found.","create-new-message-type":"Create a new one!","message-types-required":"Message types are required.","client-attributes":"Client attributes","shared-attributes":"Shared attributes","server-attributes":"Server attributes","notify-device":"Notify Device","notify-device-hint":"If the message arrives from the device, we will push it back to the device by default.","latest-timeseries":"Latest timeseries","timeseries-key":"Timeseries key","data-keys":"Message data","metadata-keys":"Message metadata","relations-query":"Relations query","device-relations-query":"Device relations query","max-relation-level":"Max relation level","relation-type-pattern":"Relation type pattern","relation-type-pattern-required":"Relation type pattern is required","relation-types-list":"Relation types to propagate","relation-types-list-hint":"If Propagate relation types are not selected, alarms will be propagated without filtering by relation type.","unlimited-level":"Unlimited level","latest-telemetry":"Latest telemetry","attr-mapping":"Attributes mapping","source-attribute":"Source attribute","source-attribute-required":"Source attribute is required.","source-telemetry":"Source telemetry","source-telemetry-required":"Source telemetry is required.","target-attribute":"Target attribute","target-attribute-required":"Target attribute is required.","attr-mapping-required":"At least one attribute mapping should be specified.","fields-mapping":"Fields mapping","fields-mapping-required":"At least one field mapping should be specified.","source-field":"Source field","source-field-required":"Source field is required.","originator-source":"Originator source","originator-customer":"Customer","originator-tenant":"Tenant","originator-related":"Related","originator-alarm-originator":"Alarm Originator","clone-message":"Clone message",transform:"Transform","default-ttl":"Default TTL in seconds","default-ttl-required":"Default TTL is required.","min-default-ttl-message":"Only 0 minimum TTL is allowed.","message-count":"Message count (0 - unlimited)","message-count-required":"Message count is required.","min-message-count-message":"Only 0 minimum message count is allowed.","period-seconds":"Period in seconds","period-seconds-required":"Period is required.","use-metadata-period-in-seconds-patterns":"Use period in seconds pattern","use-metadata-period-in-seconds-patterns-hint":"If selected, rule node use period in seconds interval pattern from message metadata or data assuming that intervals are in the seconds.","period-in-seconds-pattern":"Period in seconds pattern","period-in-seconds-pattern-required":"Period in seconds pattern is required","min-period-seconds-message":"Only 1 second minimum period is allowed.",originator:"Originator","message-body":"Message body","message-metadata":"Message metadata",generate:"Generate","test-generator-function":"Test generator function",generator:"Generator","test-filter-function":"Test filter function","test-switch-function":"Test switch function","test-transformer-function":"Test transformer function",transformer:"Transformer","alarm-create-condition":"Alarm create condition","test-condition-function":"Test condition function","alarm-clear-condition":"Alarm clear condition","alarm-details-builder":"Alarm details builder","test-details-function":"Test details function","alarm-type":"Alarm type","alarm-type-required":"Alarm type is required.","alarm-severity":"Alarm severity","alarm-severity-required":"Alarm severity is required","alarm-severity-pattern":"Alarm severity pattern","alarm-status-filter":"Alarm status filter","alarm-status-list-empty":"Alarm status list is empty","no-alarm-status-matching":"No alarm status matching were found.",propagate:"Propagate alarm to related entities","propagate-to-owner":"Propagate alarm to entity owner (Customer or Tenant)","propagate-to-tenant":"Propagate alarm to Tenant",condition:"Condition",details:"Details","to-string":"To string","test-to-string-function":"Test to string function","from-template":"From Template","from-template-required":"From Template is required","to-template":"To Template","to-template-required":"To Template is required","mail-address-list-template-hint":'Comma separated address list, use <code><span style="color: #000;">$&#123;</span>metadataKey<span style="color: #000;">&#125;</span></code> for value from metadata, <code><span style="color: #000;">$[</span>messageKey<span style="color: #000;">]</span></code> for value from message body',"cc-template":"Cc Template","bcc-template":"Bcc Template","subject-template":"Subject Template","subject-template-required":"Subject Template is required","body-template":"Body Template","body-template-required":"Body Template is required","dynamic-mail-body-type":"Dynamic mail body type","mail-body-type":"Mail body type","request-id-metadata-attribute":"Request Id Metadata attribute name","timeout-sec":"Timeout in seconds","timeout-required":"Timeout is required","min-timeout-message":"Only 0 minimum timeout value is allowed.","endpoint-url-pattern":"Endpoint URL pattern","endpoint-url-pattern-required":"Endpoint URL pattern is required","request-method":"Request method","use-simple-client-http-factory":"Use simple client HTTP factory","ignore-request-body":"Without request body","read-timeout":"Read timeout in millis","read-timeout-hint":"The value of 0 means an infinite timeout","max-parallel-requests-count":"Max number of parallel requests","max-parallel-requests-count-hint":"The value of 0 specifies no limit in parallel processing",headers:"Headers","headers-hint":'Use <code><span style="color: #000;">$&#123;</span>metadataKey<span style="color: #000;">&#125;</span></code> for value from metadata, <code><span style="color: #000;">$[</span>messageKey<span style="color: #000;">]</span></code> for value from message body in header/value fields',header:"Header","header-required":"Header is required",value:"Value","value-required":"Value is required","topic-pattern":"Topic pattern","topic-pattern-required":"Topic pattern is required",topic:"Topic","topic-required":"Topic is required","bootstrap-servers":"Bootstrap servers","bootstrap-servers-required":"Bootstrap servers value is required","other-properties":"Other properties",key:"Key","key-required":"Key is required",retries:"Automatically retry times if fails","min-retries-message":"Only 0 minimum retries is allowed.","batch-size-bytes":"Produces batch size in bytes","min-batch-size-bytes-message":"Only 0 minimum batch size is allowed.","linger-ms":"Time to buffer locally (ms)","min-linger-ms-message":"Only 0 ms minimum value is allowed.","buffer-memory-bytes":"Client buffer max size in bytes","min-buffer-memory-message":"Only 0 minimum buffer size is allowed.",acks:"Number of acknowledgments","key-serializer":"Key serializer","key-serializer-required":"Key serializer is required","value-serializer":"Value serializer","value-serializer-required":"Value serializer is required","topic-arn-pattern":"Topic ARN pattern","topic-arn-pattern-required":"Topic ARN pattern is required","aws-access-key-id":"AWS Access Key ID","aws-access-key-id-required":"AWS Access Key ID is required","aws-secret-access-key":"AWS Secret Access Key","aws-secret-access-key-required":"AWS Secret Access Key is required","aws-region":"AWS Region","aws-region-required":"AWS Region is required","exchange-name-pattern":"Exchange name pattern","routing-key-pattern":"Routing key pattern","message-properties":"Message properties",host:"Host","host-required":"Host is required",port:"Port","port-required":"Port is required","port-range":"Port should be in a range from 1 to 65535.","virtual-host":"Virtual host",username:"Username",password:"Password","automatic-recovery":"Automatic recovery","connection-timeout-ms":"Connection timeout (ms)","min-connection-timeout-ms-message":"Only 0 ms minimum value is allowed.","handshake-timeout-ms":"Handshake timeout (ms)","min-handshake-timeout-ms-message":"Only 0 ms minimum value is allowed.","client-properties":"Client properties","queue-url-pattern":"Queue URL pattern","queue-url-pattern-required":"Queue URL pattern is required","delay-seconds":"Delay (seconds)","min-delay-seconds-message":"Only 0 seconds minimum value is allowed.","max-delay-seconds-message":"Only 900 seconds maximum value is allowed.",name:"Name","name-required":"Name is required","queue-type":"Queue type","sqs-queue-standard":"Standard","sqs-queue-fifo":"FIFO","gcp-project-id":"GCP project ID","gcp-project-id-required":"GCP project ID is required","gcp-service-account-key":"GCP service account key file","gcp-service-account-key-required":"GCP service account key file is required","pubsub-topic-name":"Topic name","pubsub-topic-name-required":"Topic name is required","message-attributes":"Message attributes","message-attributes-hint":'Use <code><span style="color: #000;">$&#123;</span>metadataKey<span style="color: #000;">&#125;</span></code> for value from metadata, <code><span style="color: #000;">$[</span>messageKey<span style="color: #000;">]</span></code> for value from message body in name/value fields',"connect-timeout":"Connection timeout (sec)","connect-timeout-required":"Connection timeout is required.","connect-timeout-range":"Connection timeout should be in a range from 1 to 200.","client-id":"Client ID","client-id-hint":'Hint: Optional. Leave empty for auto-generated Client ID. Be careful when specifying the Client ID. Majority of the MQTT brokers will not allow multiple connections with the same Client ID. To connect to such brokers, your mqtt Client ID must be unique. When platform is running in a micro-services mode, the copy of rule node is launched in each micro-service. This will automatically lead to multiple mqtt clients with the same ID and may cause failures of the rule node. To avoid such failures enable "Add Service ID as suffix to Client ID" option below.',"append-client-id-suffix":"Add Service ID as suffix to Client ID","client-id-suffix-hint":'Hint: Optional. Applied when "Client ID" specified explicitly. If selected then Service ID will be added to Client ID as a suffix. Helps to avoid failures when platform is running in a micro-services mode.',"device-id":"Device ID","device-id-required":"Device ID is required.","clean-session":"Clean session","enable-ssl":"Enable SSL",credentials:"Credentials","credentials-type":"Credentials type","credentials-type-required":"Credentials type is required.","credentials-anonymous":"Anonymous","credentials-basic":"Basic","credentials-pem":"PEM","credentials-pem-hint":"At least Server CA certificate file or a pair of Client certificate and Client private key files are required","credentials-sas":"Shared Access Signature","sas-key":"SAS Key","sas-key-required":"SAS Key is required.",hostname:"Hostname","hostname-required":"Hostname is required.","azure-ca-cert":"CA certificate file","username-required":"Username is required.","password-required":"Password is required.","ca-cert":"Server CA certificate file *","private-key":"Client private key file *",cert:"Client certificate file *","no-file":"No file selected.","drop-file":"Drop a file or click to select a file to upload.","private-key-password":"Private key password","use-system-smtp-settings":"Use system SMTP settings","use-metadata-interval-patterns":"Use interval patterns","use-metadata-interval-patterns-hint":"If selected, rule node use start and end interval patterns from message metadata or data assuming that intervals are in the milliseconds.","use-message-alarm-data":"Use message alarm data","overwrite-alarm-details":"Overwrite alarm details","use-alarm-severity-pattern":"Use alarm severity pattern","check-all-keys":"Check that all selected keys are present","check-all-keys-hint":"If selected, checks that all specified keys are present in the message data and metadata.","check-relation-to-specific-entity":"Check relation to specific entity","check-relation-hint":"Checks existence of relation to specific entity or to any entity based on direction and relation type.","delete-relation-to-specific-entity":"Delete relation to specific entity","delete-relation-hint":"Deletes relation from the originator of the incoming message to the specified entity or list of entities based on direction and type.","remove-current-relations":"Remove current relations","remove-current-relations-hint":"Removes current relations from the originator of the incoming message based on direction and type.","change-originator-to-related-entity":"Change originator to related entity","change-originator-to-related-entity-hint":"Used to process submitted message as a message from another entity.","start-interval-pattern":"Start interval pattern","end-interval-pattern":"End interval pattern","start-interval-pattern-required":"Start interval pattern is required","end-interval-pattern-required":"End interval pattern is required","smtp-protocol":"Protocol","smtp-host":"SMTP host","smtp-host-required":"SMTP host is required.","smtp-port":"SMTP port","smtp-port-required":"You must supply a smtp port.","smtp-port-range":"SMTP port should be in a range from 1 to 65535.","timeout-msec":"Timeout ms","min-timeout-msec-message":"Only 0 ms minimum value is allowed.","enter-username":"Enter username","enter-password":"Enter password","enable-tls":"Enable TLS","tls-version":"TLS version","enable-proxy":"Enable proxy","use-system-proxy-properties":"Use system proxy properties","proxy-host":"Proxy host","proxy-host-required":"Proxy host is required.","proxy-port":"Proxy port","proxy-port-required":"Proxy port is required.","proxy-port-range":"Proxy port should be in a range from 1 to 65535.","proxy-user":"Proxy user","proxy-password":"Proxy password","proxy-scheme":"Proxy scheme","numbers-to-template":"Phone Numbers To Template","numbers-to-template-required":"Phone Numbers To Template is required","numbers-to-template-hint":'Comma separated Phone Numbers, use <code><span style="color: #000;">$&#123;</span>metadataKey<span style="color: #000;">&#125;</span></code> for value from metadata, <code><span style="color: #000;">$[</span>messageKey<span style="color: #000;">]</span></code> for value from message body',"sms-message-template":"SMS message Template","sms-message-template-required":"SMS message Template is required","use-system-sms-settings":"Use system SMS provider settings","min-period-0-seconds-message":"Only 0 second minimum period is allowed.","max-pending-messages":"Maximum pending messages","max-pending-messages-required":"Maximum pending messages is required.","max-pending-messages-range":"Maximum pending messages should be in a range from 1 to 100000.","originator-types-filter":"Originator types filter","interval-seconds":"Interval in seconds","interval-seconds-required":"Interval is required.","min-interval-seconds-message":"Only 1 second minimum interval is allowed.","output-timeseries-key-prefix":"Output timeseries key prefix","output-timeseries-key-prefix-required":"Output timeseries key prefix required.","separator-hint":'You should press "enter" to complete field input.',"entity-details":"Select entity details:","entity-details-title":"Title","entity-details-country":"Country","entity-details-state":"State","entity-details-city":"City","entity-details-zip":"Zip","entity-details-address":"Address","entity-details-address2":"Address2","entity-details-additional_info":"Additional Info","entity-details-phone":"Phone","entity-details-email":"Email","add-to-metadata":"Add selected details to message metadata","add-to-metadata-hint":"If selected, adds the selected details keys to the message metadata instead of message data.","entity-details-list-empty":"No entity details selected.","no-entity-details-matching":"No entity details matching were found.","custom-table-name":"Custom table name","custom-table-name-required":"Table Name is required","custom-table-hint":"You should enter the table name without prefix 'cs_tb_'.","message-field":"Message field","message-field-required":"Message field is required.","table-col":"Table column","table-col-required":"Table column is required.","latitude-key-name":"Latitude key name","longitude-key-name":"Longitude key name","latitude-key-name-required":"Latitude key name is required.","longitude-key-name-required":"Longitude key name is required.","fetch-perimeter-info-from-message-metadata":"Fetch perimeter information from message metadata","perimeter-key-name":"Perimeter key name","perimeter-key-name-required":"Perimeter key name is required.","perimeter-circle":"Circle","perimeter-polygon":"Polygon","perimeter-type":"Perimeter type","circle-center-latitude":"Center latitude","circle-center-latitude-required":"Center latitude is required.","circle-center-longitude":"Center longitude","circle-center-longitude-required":"Center longitude is required.","range-unit-meter":"Meter","range-unit-kilometer":"Kilometer","range-unit-foot":"Foot","range-unit-mile":"Mile","range-unit-nautical-mile":"Nautical mile","range-units":"Range units",range:"Range","range-required":"Range is required.","polygon-definition":"Polygon definition","polygon-definition-required":"Polygon definition is required.","polygon-definition-hint":"Please, use the following format for manual definition of polygon: [[lat1,lon1],[lat2,lon2], ... ,[latN,lonN]].","min-inside-duration":"Minimal inside duration","min-inside-duration-value-required":"Minimal inside duration is required","min-inside-duration-time-unit":"Minimal inside duration time unit","min-outside-duration":"Minimal outside duration","min-outside-duration-value-required":"Minimal outside duration is required","min-outside-duration-time-unit":"Minimal outside duration time unit","tell-failure-if-absent":"Tell Failure","tell-failure-if-absent-hint":'If at least one selected key doesn\'t exist the outbound message will report "Failure".',"get-latest-value-with-ts":"Fetch Latest telemetry with Timestamp","get-latest-value-with-ts-hint":'If selected, latest telemetry values will be added to the outbound message metadata with timestamp, e.g: "temp": "&#123;"ts":1574329385897, "value":42&#125;"',"use-redis-queue":"Use redis queue for message persistence","trim-redis-queue":"Trim redis queue","redis-queue-max-size":"Redis queue max size","add-metadata-key-values-as-kafka-headers":"Add Message metadata key-value pairs to Kafka record headers","add-metadata-key-values-as-kafka-headers-hint":"If selected, key-value pairs from message metadata will be added to the outgoing records headers as byte arrays with predefined charset encoding.","charset-encoding":"Charset encoding","charset-encoding-required":"Charset encoding is required.","charset-us-ascii":"US-ASCII","charset-iso-8859-1":"ISO-8859-1","charset-utf-8":"UTF-8","charset-utf-16be":"UTF-16BE","charset-utf-16le":"UTF-16LE","charset-utf-16":"UTF-16","select-queue-hint":"The queue name can be selected from a drop-down list or add a custom name.","persist-alarm-rules":"Persist state of alarm rules","fetch-alarm-rules":"Fetch state of alarm rules","input-value-key":"Input value key","input-value-key-required":"Input value key is required.","output-value-key":"Output value key","output-value-key-required":"Output value key is required.",round:"Decimals","round-range":"Decimals should be in a range from 0 to 15.","use-cache":"Use cache for latest value","tell-failure-if-delta-is-negative":"Tell Failure if delta is negative","add-period-between-msgs":"Add period between messages","period-value-key":"Period value key","period-value-key-required":"Period value key is required.","general-pattern-hint":'Hint: use <code><span style="color: #000;">$&#123;</span>metadataKey<span style="color: #000;">&#125;</span></code> for value from metadata, <code><span style="color: #000;">$[</span>messageKey<span style="color: #000;">]</span></code> for value from message body',"alarm-severity-pattern-hint":'Hint: use <code><span style="color: #000;">$&#123;</span>metadataKey<span style="color: #000;">&#125;</span></code> for value from metadata, <code><span style="color: #000;">$[</span>messageKey<span style="color: #000;">]</span></code> for value from message body. Alarm severity should be system (CRITICAL, MAJOR etc.)',"output-node-name-hint":"The <b>rule node name</b> corresponds to the <b>relation type</b> of the output message, and it is used to forward messages to other rule nodes in the caller rule chain.","skip-latest-persistence":"Skip latest persistence","use-server-ts":"Use server ts","use-server-ts-hint":"Enable this setting to use the timestamp of the message processing instead of the timestamp from the message. Useful for all sorts of sequential processing if you merge messages from multiple sources (devices, assets, etc).","kv-map-pattern-hint":'Hint: use <code><span style="color: #000;">$&#123;</span>metadataKey<span style="color: #000;">&#125;</span></code> for value from metadata, <code><span style="color: #000;">$[</span>messageKey<span style="color: #000;">]</span></code> for value from message body to substitute "Source" and "Target" key names'},"key-val":{key:"Key",value:"Value","remove-entry":"Remove entry","add-entry":"Add entry"},"mail-body-type":{"plain-text":"Plain Text",html:"HTML",dynamic:"Dynamic"}}},!0)}(e)}}e("RuleNodeCoreConfigModule",ro),ro.ɵfac=t.ɵɵngDeclareFactory({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ro,deps:[{token:P.TranslateService}],target:t.ɵɵFactoryTarget.NgModule}),ro.ɵmod=t.ɵɵngDeclareNgModule({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ro,declarations:[Ne],imports:[O,F],exports:[St,Wt,Ht,Xt,oo,Ne]}),ro.ɵinj=t.ɵɵngDeclareInjector({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ro,imports:[[O,F],St,Wt,Ht,Xt,oo]}),t.ɵɵngDeclareClassMetadata({minVersion:"12.0.0",version:"12.2.15",ngImport:t,type:ro,decorators:[{type:i,args:[{declarations:[Ne],imports:[O,F],exports:[St,Wt,Ht,Xt,oo,Ne]}]}],ctorParameters:function(){return[{type:P.TranslateService}]}})}}}));//# sourceMappingURL=rulenode-core-config.js.map

From d4bf9dd5d954f6020f9a323ae5231ba114545d97 Mon Sep 17 00:00:00 2001
From: Andrii Shvaika <ashvayka@thingsboard.io>
Date: Thu, 2 Jun 2022 13:05:17 +0300
Subject: [PATCH 92/92] Adding @TbCoreComponent to the 2FA services to fix
 rule-engine msa

---
 .../server/config/ThingsboardSecurityConfiguration.java    | 6 ++----
 .../server/install/ThingsboardInstallConfiguration.java    | 5 ++++-
 .../security/auth/oauth2/AppleOAuth2ClientMapper.java      | 2 ++
 .../security/auth/oauth2/BasicOAuth2ClientMapper.java      | 2 ++
 .../security/auth/oauth2/CustomOAuth2ClientMapper.java     | 2 ++
 .../security/auth/oauth2/GithubOAuth2ClientMapper.java     | 2 ++
 .../security/auth/oauth2/OAuth2ClientMapperProvider.java   | 2 ++
 .../auth/oauth2/Oauth2AuthenticationFailureHandler.java    | 2 ++
 .../auth/oauth2/Oauth2AuthenticationSuccessHandler.java    | 2 ++
 .../security/auth/rest/RestAuthenticationProvider.java     | 2 ++
 .../security/system/DefaultSystemSecurityService.java      | 2 ++
 .../thingsboard/server/dao/audit/AuditLogLevelFilter.java  | 7 ++++++-
 .../server/dao/audit}/AuditLogLevelProperties.java         | 2 +-
 .../thingsboard/server/dao/audit/AuditLogServiceImpl.java  | 1 +
 .../server/dao/service/AbstractServiceTest.java            | 5 ++++-
 docker/.gitignore                                          | 1 +
 16 files changed, 37 insertions(+), 8 deletions(-)
 rename {application/src/main/java/org/thingsboard/server/config => dao/src/main/java/org/thingsboard/server/dao/audit}/AuditLogLevelProperties.java (96%)

diff --git a/application/src/main/java/org/thingsboard/server/config/ThingsboardSecurityConfiguration.java b/application/src/main/java/org/thingsboard/server/config/ThingsboardSecurityConfiguration.java
index 3e9597a72d..823bbf35e3 100644
--- a/application/src/main/java/org/thingsboard/server/config/ThingsboardSecurityConfiguration.java
+++ b/application/src/main/java/org/thingsboard/server/config/ThingsboardSecurityConfiguration.java
@@ -42,6 +42,7 @@ import org.springframework.web.filter.CorsFilter;
 import org.thingsboard.server.dao.audit.AuditLogLevelFilter;
 import org.thingsboard.server.dao.oauth2.OAuth2Configuration;
 import org.thingsboard.server.exception.ThingsboardErrorResponseHandler;
+import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.auth.jwt.JwtAuthenticationProvider;
 import org.thingsboard.server.service.security.auth.jwt.JwtTokenAuthenticationProcessingFilter;
 import org.thingsboard.server.service.security.auth.jwt.RefreshTokenAuthenticationProvider;
@@ -61,6 +62,7 @@ import java.util.List;
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled=true)
 @Order(SecurityProperties.BASIC_AUTH_ORDER)
+@TbCoreComponent
 public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapter {
 
     public static final String JWT_TOKEN_HEADER_PARAM = "X-Authorization";
@@ -241,8 +243,4 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt
         }
     }
 
-    @Bean
-    public AuditLogLevelFilter auditLogLevelFilter(@Autowired AuditLogLevelProperties auditLogLevelProperties) {
-        return new AuditLogLevelFilter(auditLogLevelProperties.getMask());
-    }
 }
diff --git a/application/src/main/java/org/thingsboard/server/install/ThingsboardInstallConfiguration.java b/application/src/main/java/org/thingsboard/server/install/ThingsboardInstallConfiguration.java
index a1f1fcf0e3..4338f4aa44 100644
--- a/application/src/main/java/org/thingsboard/server/install/ThingsboardInstallConfiguration.java
+++ b/application/src/main/java/org/thingsboard/server/install/ThingsboardInstallConfiguration.java
@@ -19,6 +19,7 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
 import org.thingsboard.server.dao.audit.AuditLogLevelFilter;
+import org.thingsboard.server.dao.audit.AuditLogLevelProperties;
 
 import java.util.HashMap;
 
@@ -28,6 +29,8 @@ public class ThingsboardInstallConfiguration {
 
     @Bean
     public AuditLogLevelFilter emptyAuditLogLevelFilter() {
-        return new AuditLogLevelFilter(new HashMap<>());
+        var props = new AuditLogLevelProperties();
+        props.setMask(new HashMap<>());
+        return new AuditLogLevelFilter(props);
     }
 }
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/AppleOAuth2ClientMapper.java b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/AppleOAuth2ClientMapper.java
index a02d8a4441..77b9a94aaa 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/AppleOAuth2ClientMapper.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/AppleOAuth2ClientMapper.java
@@ -26,6 +26,7 @@ import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.server.common.data.oauth2.OAuth2MapperConfig;
 import org.thingsboard.server.common.data.oauth2.OAuth2Registration;
 import org.thingsboard.server.dao.oauth2.OAuth2User;
+import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 import javax.servlet.http.HttpServletRequest;
@@ -34,6 +35,7 @@ import java.util.Map;
 
 @Service(value = "appleOAuth2ClientMapper")
 @Slf4j
+@TbCoreComponent
 public class AppleOAuth2ClientMapper extends AbstractOAuth2ClientMapper implements OAuth2ClientMapper {
 
     private static final String USER = "user";
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/BasicOAuth2ClientMapper.java b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/BasicOAuth2ClientMapper.java
index bfab031de8..42f44a712d 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/BasicOAuth2ClientMapper.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/BasicOAuth2ClientMapper.java
@@ -21,6 +21,7 @@ import org.springframework.stereotype.Service;
 import org.thingsboard.server.common.data.oauth2.OAuth2MapperConfig;
 import org.thingsboard.server.common.data.oauth2.OAuth2Registration;
 import org.thingsboard.server.dao.oauth2.OAuth2User;
+import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 import javax.servlet.http.HttpServletRequest;
@@ -28,6 +29,7 @@ import java.util.Map;
 
 @Service(value = "basicOAuth2ClientMapper")
 @Slf4j
+@TbCoreComponent
 public class BasicOAuth2ClientMapper extends AbstractOAuth2ClientMapper implements OAuth2ClientMapper {
 
     @Override
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/CustomOAuth2ClientMapper.java b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/CustomOAuth2ClientMapper.java
index 1f075f4b44..39438b997d 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/CustomOAuth2ClientMapper.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/CustomOAuth2ClientMapper.java
@@ -28,6 +28,7 @@ import org.thingsboard.server.common.data.oauth2.OAuth2CustomMapperConfig;
 import org.thingsboard.server.common.data.oauth2.OAuth2MapperConfig;
 import org.thingsboard.server.common.data.oauth2.OAuth2Registration;
 import org.thingsboard.server.dao.oauth2.OAuth2User;
+import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 import javax.annotation.PostConstruct;
@@ -35,6 +36,7 @@ import javax.servlet.http.HttpServletRequest;
 
 @Service(value = "customOAuth2ClientMapper")
 @Slf4j
+@TbCoreComponent
 public class CustomOAuth2ClientMapper extends AbstractOAuth2ClientMapper implements OAuth2ClientMapper {
     private static final String PROVIDER_ACCESS_TOKEN = "provider-access-token";
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/GithubOAuth2ClientMapper.java b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/GithubOAuth2ClientMapper.java
index 45d75f164e..d4d4d99005 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/GithubOAuth2ClientMapper.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/GithubOAuth2ClientMapper.java
@@ -27,6 +27,7 @@ import org.thingsboard.server.common.data.oauth2.OAuth2MapperConfig;
 import org.thingsboard.server.common.data.oauth2.OAuth2Registration;
 import org.thingsboard.server.dao.oauth2.OAuth2Configuration;
 import org.thingsboard.server.dao.oauth2.OAuth2User;
+import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 import javax.servlet.http.HttpServletRequest;
@@ -36,6 +37,7 @@ import java.util.Optional;
 
 @Service(value = "githubOAuth2ClientMapper")
 @Slf4j
+@TbCoreComponent
 public class GithubOAuth2ClientMapper extends AbstractOAuth2ClientMapper implements OAuth2ClientMapper {
     private static final String EMAIL_URL_KEY = "emailUrl";
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/OAuth2ClientMapperProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/OAuth2ClientMapperProvider.java
index e843d6d907..3c1ac4a5c6 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/OAuth2ClientMapperProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/OAuth2ClientMapperProvider.java
@@ -20,9 +20,11 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
 import org.thingsboard.server.common.data.oauth2.MapperType;
+import org.thingsboard.server.queue.util.TbCoreComponent;
 
 @Component
 @Slf4j
+@TbCoreComponent
 public class OAuth2ClientMapperProvider {
 
     @Autowired
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationFailureHandler.java b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationFailureHandler.java
index c8b4dad02d..c12c6081f6 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationFailureHandler.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationFailureHandler.java
@@ -25,6 +25,7 @@ import org.thingsboard.server.common.data.StringUtils;
 import org.thingsboard.server.common.data.id.CustomerId;
 import org.thingsboard.server.common.data.id.EntityId;
 import org.thingsboard.server.common.data.id.TenantId;
+import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.system.SystemSecurityService;
 import org.thingsboard.server.utils.MiscUtils;
 
@@ -35,6 +36,7 @@ import java.io.IOException;
 import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
 
+@TbCoreComponent
 @Component(value = "oauth2AuthenticationFailureHandler")
 public class Oauth2AuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
 
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java
index eab858ef3e..e2a78eb605 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java
@@ -31,6 +31,7 @@ import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.oauth2.OAuth2Registration;
 import org.thingsboard.server.common.data.security.model.JwtToken;
 import org.thingsboard.server.dao.oauth2.OAuth2Service;
+import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.auth.jwt.RefreshTokenRepository;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
@@ -45,6 +46,7 @@ import java.util.UUID;
 
 @Slf4j
 @Component(value = "oauth2AuthenticationSuccessHandler")
+@TbCoreComponent
 public class Oauth2AuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
 
     private final JwtTokenFactory tokenFactory;
diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
index cb12ada559..b3ef88dbff 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
@@ -38,6 +38,7 @@ import org.thingsboard.server.common.data.security.Authority;
 import org.thingsboard.server.common.data.security.UserCredentials;
 import org.thingsboard.server.dao.customer.CustomerService;
 import org.thingsboard.server.dao.user.UserService;
+import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.auth.MfaAuthenticationToken;
 import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
 import org.thingsboard.server.service.security.model.SecurityUser;
@@ -49,6 +50,7 @@ import java.util.UUID;
 
 @Component
 @Slf4j
+@TbCoreComponent
 public class RestAuthenticationProvider implements AuthenticationProvider {
 
     private final SystemSecurityService systemSecurityService;
diff --git a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
index 65b89c85b8..32a0ff9e70 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
@@ -55,6 +55,7 @@ import org.thingsboard.server.dao.settings.AdminSettingsService;
 import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.dao.user.UserServiceImpl;
 import org.thingsboard.server.common.data.security.model.mfa.PlatformTwoFaSettings;
+import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.auth.rest.RestAuthenticationDetails;
 import org.thingsboard.server.service.security.exception.UserPasswordExpiredException;
 import org.thingsboard.server.service.security.model.SecurityUser;
@@ -72,6 +73,7 @@ import static org.thingsboard.server.common.data.CacheConstants.SECURITY_SETTING
 
 @Service
 @Slf4j
+@TbCoreComponent
 public class DefaultSystemSecurityService implements SystemSecurityService {
 
     @Autowired
diff --git a/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogLevelFilter.java b/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogLevelFilter.java
index 8ecda6fe42..5bdf856223 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogLevelFilter.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogLevelFilter.java
@@ -15,6 +15,8 @@
  */
 package org.thingsboard.server.dao.audit;
 
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.stereotype.Component;
 import org.thingsboard.server.common.data.EntityType;
 import org.thingsboard.server.common.data.audit.ActionType;
 
@@ -22,11 +24,14 @@ import java.util.HashMap;
 import java.util.Locale;
 import java.util.Map;
 
+@Component
+@ConditionalOnProperty(prefix = "audit-log", value = "enabled", havingValue = "true")
 public class AuditLogLevelFilter {
 
     private Map<EntityType, AuditLogLevelMask> entityTypeMask = new HashMap<>();
 
-    public AuditLogLevelFilter(Map<String, String> mask) {
+    public AuditLogLevelFilter(AuditLogLevelProperties auditLogLevelProperties) {
+        Map<String, String> mask = auditLogLevelProperties.getMask();
         entityTypeMask.clear();
         mask.forEach((entityTypeStr, logLevelMaskStr) -> {
             EntityType entityType = EntityType.valueOf(entityTypeStr.toUpperCase(Locale.ENGLISH));
diff --git a/application/src/main/java/org/thingsboard/server/config/AuditLogLevelProperties.java b/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogLevelProperties.java
similarity index 96%
rename from application/src/main/java/org/thingsboard/server/config/AuditLogLevelProperties.java
rename to dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogLevelProperties.java
index d492fb365e..82556759f2 100644
--- a/application/src/main/java/org/thingsboard/server/config/AuditLogLevelProperties.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogLevelProperties.java
@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.thingsboard.server.config;
+package org.thingsboard.server.dao.audit;
 
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
diff --git a/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java b/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java
index 6e26f4343d..e88c37d213 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java
@@ -25,6 +25,7 @@ import com.google.common.util.concurrent.ListenableFuture;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Bean;
 import org.springframework.stereotype.Service;
 import org.springframework.util.StringUtils;
 import org.thingsboard.common.util.JacksonUtil;
diff --git a/dao/src/test/java/org/thingsboard/server/dao/service/AbstractServiceTest.java b/dao/src/test/java/org/thingsboard/server/dao/service/AbstractServiceTest.java
index c1ecafda6e..b06e354321 100644
--- a/dao/src/test/java/org/thingsboard/server/dao/service/AbstractServiceTest.java
+++ b/dao/src/test/java/org/thingsboard/server/dao/service/AbstractServiceTest.java
@@ -49,6 +49,7 @@ import org.thingsboard.server.dao.alarm.AlarmService;
 import org.thingsboard.server.dao.asset.AssetService;
 import org.thingsboard.server.dao.audit.AuditLogLevelFilter;
 import org.thingsboard.server.dao.audit.AuditLogLevelMask;
+import org.thingsboard.server.dao.audit.AuditLogLevelProperties;
 import org.thingsboard.server.dao.component.ComponentDescriptorService;
 import org.thingsboard.server.dao.customer.CustomerService;
 import org.thingsboard.server.dao.dashboard.DashboardService;
@@ -218,7 +219,9 @@ public abstract class AbstractServiceTest {
         for (EntityType entityType : EntityType.values()) {
             mask.put(entityType.name().toLowerCase(), AuditLogLevelMask.RW.name());
         }
-        return new AuditLogLevelFilter(mask);
+        var props = new AuditLogLevelProperties();
+        props.setMask(mask);
+        return new AuditLogLevelFilter(props);
     }
 
     protected DeviceProfile createDeviceProfile(TenantId tenantId, String name) {
diff --git a/docker/.gitignore b/docker/.gitignore
index eee422d573..e5313d17cf 100644
--- a/docker/.gitignore
+++ b/docker/.gitignore
@@ -5,4 +5,5 @@ tb-node/db/**
 tb-node/postgres/**
 tb-node/cassandra/**
 tb-transports/*/log
+docker/tb-vc-executor/log/**
 !.env