Add tenant menu settingOAuth2

Add validation unique parameters to settings OAuth2

@@ -22,6 +22,7 @@ export interface AuthPayload {
   userTokenAccessEnabled: boolean;
   allowedDashboardIds: string[];
   forceFullscreen: boolean;
+  allowOAuth2Configuration: boolean;
 }
 
 export interface AuthState {
@@ -33,4 +34,5 @@ export interface AuthState {
   allowedDashboardIds: string[];
   forceFullscreen: boolean;
   lastPublicDashboardId: string;
+  allowOAuth2Configuration: boolean;
 }

@@ -22,6 +22,7 @@ const emptyUserAuthState: AuthPayload = {
   userDetails: null,
   userTokenAccessEnabled: false,
   forceFullscreen: false,
+  allowOAuth2Configuration: false,
   allowedDashboardIds: []
 };
 

@@ -425,15 +425,25 @@ export class AuthService {
     }
   }
 
+  private loadIsOAuth2ConfigurationAllow(authUser: AuthUser): Observable<boolean> {
+    if (authUser.authority === Authority.TENANT_ADMIN) {
+      return this.http.get<boolean>('/api/oauth2/config/isAllowed', defaultHttpOptions());
+    } else {
+      return of(false);
+    }
+  }
+
   private loadSystemParams(authPayload: AuthPayload): Observable<any> {
     const sources: Array<Observable<any>> = [this.loadIsUserTokenAccessEnabled(authPayload.authUser),
                                              this.fetchAllowedDashboardIds(authPayload),
+                                             this.loadIsOAuth2ConfigurationAllow(authPayload.authUser),
                                              this.timeService.loadMaxDatapointsLimit()];
     return forkJoin(sources)
       .pipe(map((data) => {
         const userTokenAccessEnabled: boolean = data[0];
         const allowedDashboardIds: string[] = data[1];
-        return {userTokenAccessEnabled, allowedDashboardIds};
+        const allowOAuth2Configuration: boolean = data[2];
+        return {userTokenAccessEnabled, allowedDashboardIds, allowOAuth2Configuration};
       }));
   }
 

@@ -18,12 +18,13 @@ import { Injectable } from '@angular/core';
 import { AuthService } from '../auth/auth.service';
 import { select, Store } from '@ngrx/store';
 import { AppState } from '../core.state';
-import { selectAuthUser, selectIsAuthenticated } from '../auth/auth.selectors';
+import { getCurrentAuthState, selectAuthUser, selectIsAuthenticated } from '../auth/auth.selectors';
 import { take } from 'rxjs/operators';
 import { HomeSection, MenuSection } from '@core/services/menu.models';
 import { BehaviorSubject, Observable, Subject } from 'rxjs';
 import { Authority } from '@shared/models/authority.enum';
 import { AuthUser } from '@shared/models/user.model';
+import { AuthState } from '@core/auth/auth.models';
 
 @Injectable({
   providedIn: 'root'
@@ -43,6 +44,8 @@ export class MenuService {
     );
   }
 
+  authState: AuthState = getCurrentAuthState(this.store);
+
   private buildMenu() {
     this.store.pipe(select(selectAuthUser), take(1)).subscribe(
       (authUser: AuthUser) => {
@@ -233,6 +236,25 @@ export class MenuService {
         icon: 'track_changes'
       }
     );
+
+    if (this.authState.allowOAuth2Configuration) {
+      sections.push({
+        name: 'admin.system-settings',
+        type: 'toggle',
+        path: '/settings',
+        height: '40px',
+        icon: 'settings',
+        pages: [
+          {
+            name: 'admin.oauth2.settings',
+            type: 'link',
+            path: '/settings/oauth2-settings',
+            icon: 'security'
+          }
+        ]
+      })
+    }
+
     return sections;
   }
 

@@ -28,7 +28,7 @@ const routes: Routes = [
   {
     path: 'settings',
     data: {
-      auth: [Authority.SYS_ADMIN],
+      auth: [Authority.SYS_ADMIN, Authority.TENANT_ADMIN],
       breadcrumb: {
         label: 'admin.system-settings',
         icon: 'settings'
@@ -37,7 +37,7 @@ const routes: Routes = [
     children: [
       {
         path: '',
-        redirectTo: 'general',
+        redirectTo: Authority.TENANT_ADMIN ? 'oauth2-settings' : 'general',
         pathMatch: 'full'
       },
       {
@@ -84,7 +84,7 @@ const routes: Routes = [
         component: OAuth2SettingsComponent,
         canDeactivate: [ConfirmOnExitGuard],
         data: {
-          auth: [Authority.SYS_ADMIN],
+          auth: [Authority.SYS_ADMIN, Authority.TENANT_ADMIN],
           title: 'admin.oauth2.settings',
           breadcrumb: {
             label: 'admin.oauth2.settings',

@@ -52,6 +52,9 @@
                       <mat-error *ngIf="domain.get('domainName').hasError('pattern')">
                         {{ 'admin.error-verification-url' | translate }}
                       </mat-error>
+                      <mat-error *ngIf="domain.get('domainName').hasError('unique')">
+                        {{ 'admin.domain-name-unique' | translate }}
+                      </mat-error>
                     </mat-form-field>
 
                     <mat-form-field fxFlex class="mat-block">
@@ -84,6 +87,9 @@
                                 <mat-error *ngIf="registration.get('registrationId').hasError('required')">
                                   {{ 'admin.oauth2.registration-id-required' | translate }}
                                 </mat-error>
+                                <mat-error *ngIf="registration.get('registrationId').hasError('unique')">
+                                  {{ 'admin.oauth2.registration-id-unique' | translate }}
+                                </mat-error>
                               </mat-form-field>
 
                               <mat-form-field fxFlex class="mat-block">
@@ -140,10 +146,8 @@
                             <mat-form-field fxFlex class="mat-block">
                               <mat-label translate>admin.oauth2.scope</mat-label>
                               <mat-chip-list #scopeList>
-                                <mat-chip
-                                  *ngFor="let scope of registration.get('scope').value; let k = index;"
-                                  removable
-                                  (removed)="removeScope(k, registration)">
+                                <mat-chip *ngFor="let scope of registration.get('scope').value; let k = index;"
+                                          removable (removed)="removeScope(k, registration)">
                                   {{scope}}
                                   <mat-icon matChipRemove>cancel</mat-icon>
                                 </mat-chip>
@@ -152,6 +156,9 @@
                                        matChipInputAddOnBlur
                                        (matChipInputTokenEnd)="addScope($event, registration)">
                               </mat-chip-list>
+                              <mat-error *ngIf="registration.get('scope').hasError('required')">
+                                {{ 'admin.oauth2.jwk-set-uri-required' | translate }}
+                              </mat-error>
                             </mat-form-field>
 
                             <div fxLayout="row" fxLayout.xs="column" fxLayoutGap.gt-xs="8px">

@@ -112,14 +112,44 @@ export class OAuth2SettingsComponent extends PageComponent implements OnInit, Ha
 
   private buildOAuth2SettingsForm(): void {
     this.oauth2SettingsForm = this.fb.group({
-      clientsDomainsParams: this.fb.array([])
+      clientsDomainsParams: this.fb.array([], Validators.required)
     });
   }
 
   private initOAuth2Settings(oauth2Settings: OAuth2Settings): void {
-    oauth2Settings.clientsDomainsParams.forEach((domaindomain) => {
-      this.clientsDomainsParams.push(this.buildSettingsDomain(domaindomain));
-    });
+    if(oauth2Settings.clientsDomainsParams) {
+      oauth2Settings.clientsDomainsParams.forEach((domaindomain) => {
+        this.clientsDomainsParams.push(this.buildSettingsDomain(domaindomain));
+      });
+    }
+  }
+
+  private uniqueDomainValidator(control: AbstractControl): { [key: string]: boolean } | null {
+    if (control.value !== null && control?.root) {
+      const listDomainName = [];
+      control.root.value.clientsDomainsParams.forEach((domain) => {
+        listDomainName.push(domain.domainName);
+      })
+      if (listDomainName.indexOf(control.value) > -1) {
+        return {unique: true};
+      }
+    }
+    return null;
+  }
+
+  private uniqueRegistrationIdValidator(control: AbstractControl): { [key: string]: boolean } | null {
+    if (control.value !== null && control?.root) {
+      const listRegistration = [];
+      control.root.value.clientsDomainsParams.forEach((domain) => {
+        domain.clientRegistrations.forEach((client) => {
+          listRegistration.push(client.registrationId);
+        })
+      })
+      if (listRegistration.indexOf(control.value) > -1) {
+        return {unique: true};
+      }
+    }
+    return null;
   }
 
   private buildSettingsDomain(domainParams?: DomainParams): FormGroup {
@@ -130,9 +160,9 @@ export class OAuth2SettingsComponent extends PageComponent implements OnInit, Ha
     }
     url += '/login/oauth2/code/';
     const formDomain = this.fb.group({
-      domainName: ['', [Validators.required, Validators.pattern('((?![:/]).)*$')]],
+      domainName: [null, [Validators.required, Validators.pattern('((?![:/]).)*$'), this.uniqueDomainValidator]],
       redirectUriTemplate: [url, [Validators.required, Validators.pattern(this.URL_REGEXP)]],
-      clientRegistrations: this.fb.array([])
+      clientRegistrations: this.fb.array([], Validators.required)
     });
 
     this.subscriptions.push(formDomain.get('domainName').valueChanges.subscribe((domain) => {
@@ -156,7 +186,7 @@ export class OAuth2SettingsComponent extends PageComponent implements OnInit, Ha
 
   private buildSettingsRegistration(registrationData?: ClientRegistration): FormGroup {
     const clientRegistration = this.fb.group({
-      registrationId: [null, [Validators.required]],
+      registrationId: [null, [Validators.required, this.uniqueRegistrationIdValidator]],
       clientName: [null, [Validators.required]],
       loginButtonLabel: [null, [Validators.required]],
       loginButtonIcon: [null],
@@ -202,7 +232,6 @@ export class OAuth2SettingsComponent extends PageComponent implements OnInit, Ha
   }
 
   save(): void {
-    console.log(this.oauth2SettingsForm.value);
     this.adminService.saveOAuth2Settings(this.oauth2SettingsForm.value).subscribe(
       (oauth2Settings) => {
         this.oauth2Settings = oauth2Settings;
@@ -246,7 +275,7 @@ export class OAuth2SettingsComponent extends PageComponent implements OnInit, Ha
 
     const domainName = this.clientsDomainsParams.at(index).get('domainName').value;
     this.dialogService.confirm(
-      this.translate.instant('admin.oauth2.delete-domain-title', {domainName}),
+      this.translate.instant('admin.oauth2.delete-domain-title', {domainName: domainName || ''}),
       this.translate.instant('admin.oauth2.delete-domain-text'), null,
       this.translate.instant('action.delete')
     ).subscribe((data) => {
@@ -272,7 +301,7 @@ export class OAuth2SettingsComponent extends PageComponent implements OnInit, Ha
 
     const registrationId = this.clientDomainRegistrations(controler).at(index).get('registrationId').value;
     this.dialogService.confirm(
-      this.translate.instant('admin.oauth2.delete-registration-title', {name: registrationId}),
+      this.translate.instant('admin.oauth2.delete-registration-title', {name: registrationId || ''}),
       this.translate.instant('admin.oauth2.delete-registration-text'), null,
       this.translate.instant('action.delete')
     ).subscribe((data) => {

@@ -58,7 +58,7 @@ export class TenantComponent extends ContactBasedComponent<Tenant> {
           {
             description: [entity && entity.additionalInfo ? entity.additionalInfo.description : ''],
             allowOAuth2Configuration: [isDefined(entity?.additionalInfo?.allowOAuth2Configuration) ?
-              entity.additionalInfo.allowOAuth2Configuration : true]
+              entity.additionalInfo.allowOAuth2Configuration : false]
           }
         )
       }
@@ -72,7 +72,7 @@ export class TenantComponent extends ContactBasedComponent<Tenant> {
     this.entityForm.patchValue({additionalInfo: {
       description: entity.additionalInfo ? entity.additionalInfo.description : '',
       allowOAuth2Configuration: isDefined(entity?.additionalInfo?.allowOAuth2Configuration) ?
-        entity.additionalInfo.allowOAuth2Configuration : true
+        entity.additionalInfo.allowOAuth2Configuration : false
     }});
   }
 

@@ -121,6 +121,7 @@
         "minimum-max-failed-login-attempts-range": "Maximum number of failed login attempts can't be negative",
         "user-lockout-notification-email": "In case user account lockout, send notification to email",
         "domain-name": "Domain name",
+        "domain-name-unique": "Domain name need to unique for the system.",
         "error-verification-url": "A domain name shouldn't contain symbols '/' and ':'. Example: thingsboard.io",
         "add-domain": "Add domain",
         "new-domain": "New domain",
@@ -129,6 +130,7 @@
           "settings": "OAuth2 settings",
           "registration-id": "Registration ID",
           "registration-id-required": "Registration ID is required.",
+          "registration-id-unique": "Registration ID need to unique for the system.",
           "client-name": "Client name",
           "client-name-required": "Client name is required.",
           "client-id": "Client ID",