DEV-166315: Create a Dashboard SSO Login Screen (#1)

* DEV-166315: add endpoint for getting session info * DEV-166315: add transition for session info * Add Pac4j entities temporary for the migration step * Add in the migration service --------- Co-authored-by: Amir Anjomshoaa <[email protected]>
mkdecisiondev · Jun 11, 2024 · 542521c · 542521c
1 parent b056001
commit 542521c
Show file tree

Hide file tree

Showing 4 changed files with 139 additions and 1 deletion.
diff --git a/data/ComponentMigration.csv b/data/ComponentMigration.csv
@@ -0,0 +1,4 @@
+# TODO This file is temporary and should be removed after the Moqui-SSO release is completed for all FIs and Pac4j component is removed for all users
+ComponentMigration.migrate#OidcValues, seed
+one
+1
diff --git a/entity/TemporaryPac4jEntities.xml b/entity/TemporaryPac4jEntities.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<entities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:noNamespaceSchemaLocation="http://moqui.org/xsd/entity-definition-2.1.xsd">
+    <entity entity-name="AuthenticationClient" package="mk.authentication" short-alias="clients">
+        <field name="clientId" type="id" is-pk="true"/>
+        <field name="name" type="text-short" />
+        <field name="enabled" type="text-indicator" default="N" />
+    </entity>
+
+    <entity entity-name="OidcAuthenticationClient" package="mk.authentication">
+        <field name="clientId" type="id" is-pk="true" />
+        <field name="id" type="text-short" />
+        <field name="secret" type="text-short" />
+        <field name="discoveryUri" type="text-medium" />
+        <field name="preferredJwsAlgorithm" type="text-short" />
+        <field name="useNonce" type="text-indicator" />
+
+        <relationship type="one" related="mk.authentication.AuthenticationClient" />
+    </entity>
+
+    <entity entity-name="OidcUserLoginSession" package="mk.authentication">
+        <field name="userId" type="id" is-pk="true"/>
+        <field name="sessionId" type="text-medium" is-pk="true"/>
+
+        <relationship type="one" related="moqui.security.UserAccount" short-alias="userAccount" title="UserAccount"/>
+
+        <index name="OidcUserLoginSessionIdx1">
+            <index-field name="userId"/>
+            <index-field name="sessionId"/>
+        </index>
+    </entity>
+</entities>
diff --git a/screen-extend/webroot/Login.xml b/screen-extend/webroot/Login.xml
@@ -40,7 +40,7 @@ along with this software (see the LICENSE.md file). If not, see
                 ec.artifactExecution.disableAuthz()
             </script>
             <entity-find entity-name="moqui.security.sso.AuthFlow" list="activeAuthFlowList">
-                <econdition field-name="disabled" operator="not-equals" value="Y"/>
+                <econdition field-name="disabled" operator="not-equals" value="Y" or-null="true"/>
                 <order-by field-name="sequenceNum,description"/>
             </entity-find>
             <set field="authFlowList" from="[]"/>
@@ -77,6 +77,19 @@ along with this software (see the LICENSE.md file). If not, see
         </actions>
         <default-response type="none"/>
     </transition>
+    <transition name="sessionInfo" require-session-token="false">
+        <actions>
+            <script>
+                ec.web.sendJsonResponse([userId: ec.user.userId,
+                                         creationTime: ec.web.session.getCreationTime(),
+                                         lastAccessedTime: ec.web.session.getLastAccessedTime(),
+                                         maxInactiveInterval: ec.web.session.getMaxInactiveInterval(),
+                                         moquiSessionToken: ec.web.sessionToken,
+                ])
+            </script>
+        </actions>
+        <default-response type="none"/>
+    </transition>
 
     <actions-extend>
         <script>ec.artifactExecution.disableAuthz()</script>

diff --git a/service/ComponentMigration.xml b/service/ComponentMigration.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<services xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://moqui.org/xsd/service-definition-3.xsd">
+    <!-- TODO This file is temporary and should be removed after the Moqui-SSO release is completed for all FIs and Pac4j component is removed for all users -->
+    <service verb="migrate" noun="OidcValues">
+        <description>
+            The intention of this service to be run during the load service for new releases to move the values for Oidc tables related to Pac4j to Moqui-SSO tables corresponded to it
+        </description>
+        <in-parameters>
+            <parameter name="one"/>
+        </in-parameters>
+        <actions>
+            <log level="error" message="ComponentMigration.migrate#OidcValues ==> We made it and this ran through the load process"/>
+            <entity-find-count entity-name="moqui.security.sso.AuthFlow" count-field="authFlowCount"/>
+
+            <if condition="authFlowCount != 0">
+                <log level="error" message="Migration has been done, Records found in moqui.security.sso.AuthFlow, Aborting Migration"/>
+                <return/>
+            </if>
+            <entity-find entity-name="mk.authentication.OidcAuthenticationClient" list="oidcPac4j"/>
+            <if condition="oidcPac4j.size() == 0 || oidcPac4j.size() > 1">
+                <log level="error" message="Found ${oidcPac4j.size()} record in OidcAuthenticationClient aborting migration"/>
+            </if>
+
+            <service-call name="store#moqui.security.sso.AuthFlow">
+                <field-map field-name="authFlowId" value="Keycloak"/>
+                <field-map field-name="defaultUserGroupId" value="ALL_USERS"/>
+                <field-map field-name="sequenceNum" value="1"/>
+                <field-map field-name="iconName" value="security"/>
+                <field-map field-name="authFlowTypeEnumId" value="AftOidc"/>
+                <field-map field-name="description" value="Keycloak"/>
+            </service-call>
+            <log level="error" message="ComponentMigration.migrate#OidcValues ==> We created Auth Flow"/>
+            <service-call name="store#moqui.security.sso.AuthFlowFieldMap">
+                <field-map field-name="authFlowId" value="Keycloak"/>
+                <field-map field-name="ruleSeqId" value="01"/>
+                <field-map field-name="dstFieldName" value="userFullName"/>
+                <field-map field-name="srcFieldName" value="name"/>
+            </service-call>
+            <service-call name="store#moqui.security.sso.AuthFlowFieldMap">
+                <field-map field-name="authFlowId" value="Keycloak"/>
+                <field-map field-name="ruleSeqId" value="02"/>
+                <field-map field-name="dstFieldName" value="firstName"/>
+                <field-map field-name="srcFieldName" value="given_name"/>
+            </service-call>
+            <service-call name="store#moqui.security.sso.AuthFlowFieldMap">
+                <field-map field-name="authFlowId" value="Keycloak"/>
+                <field-map field-name="ruleSeqId" value="03"/>
+                <field-map field-name="dstFieldName" value="lastName"/>
+                <field-map field-name="srcFieldName" value="family_name"/>
+            </service-call>
+            <service-call name="store#moqui.security.sso.AuthFlowFieldMap">
+                <field-map field-name="authFlowId" value="Keycloak"/>
+                <field-map field-name="ruleSeqId" value="04"/>
+                <field-map field-name="dstFieldName" value="emailAddress"/>
+                <field-map field-name="srcFieldName" value="email"/>
+            </service-call>
+
+            <entity-find entity-name="moqui.security.UserGroup" list="userGroups"/>
+            <iterate list="userGroups" entry="userGroup">
+                <service-call name="store#moqui.security.sso.AuthFlowRoleMap">
+                    <field-map field-name="authFlowId" value="Keycloak"/>
+                    <field-map field-name="userGroupId" from="userGroup.userGroupId"/>
+                    <field-map field-name="roleName" from="userGroup.description"/>
+                </service-call>
+            </iterate>
+
+            <set field="oidcPac4j" from="oidcPac4j.getFirst()"/>
+            <set field="realmUrl" from="oidcPac4j.discoveryUri"/>
+            <script>
+                URL url = new URL(realmUrl)
+                String baseUrl = url.getProtocol() + "://" + url.getHost()
+                int start = realmUrl.indexOf("realms") + 7 as int
+                int end = realmUrl.indexOf(".well") - 1 as int
+                String realm = realmUrl.substring(start,end)
+            </script>
+            <service-call name="store#moqui.security.sso.OidcFlow">
+                <field-map field-name="authFlowId" value="Keycloak"/>
+                <field-map field-name="clientTypeEnumId" value="OctKeycloak"/>
+                <field-map field-name="clientId" from="oidcPac4j.clientId"/>
+                <field-map field-name="secret" from="oidcPac4j.secret"/>
+                <field-map field-name="preferredJwsAlgorithmEnumId" value="OjaRS512"/>
+                <field-map field-name="realm" from="realm"/>
+                <field-map field-name="baseUri" from="baseUrl"/>
+            </service-call>
+        </actions>
+    </service>
+
+</services>