From ea95c89993fa08949afa1f980a9c2eeced558d00 Mon Sep 17 00:00:00 2001 From: Jatin Mehta Date: Sun, 5 Jan 2025 23:59:18 +0530 Subject: [PATCH] fix(admin-ui): update token script should reject the tampered user-info-jwt --- admin-ui/app/locales/en/translation.json | 5 +- admin-ui/app/locales/fr/translation.json | 5 +- admin-ui/app/locales/pt/translation.json | 5 +- .../routes/Apps/Gluu/GluuPermissionModal.js | 49 +++++++++++++++++++ .../app/routes/Dashboards/DashboardPage.js | 30 +++++++----- 5 files changed, 79 insertions(+), 15 deletions(-) create mode 100644 admin-ui/app/routes/Apps/Gluu/GluuPermissionModal.js diff --git a/admin-ui/app/locales/en/translation.json b/admin-ui/app/locales/en/translation.json index fe9c743f5..5be1180d2 100644 --- a/admin-ui/app/locales/en/translation.json +++ b/admin-ui/app/locales/en/translation.json @@ -84,7 +84,10 @@ "config_api_status":"Config API Status", "key_cloak":"Keycloak", "jans_lock":"Jans Lock", - "jans_link":"Jans Link" + "jans_link":"Jans Link", + "access_denied":"Access Denied", + "access_denied_message":"You do not have permission to access this page", + "access_contact_admin":"Please contact your administrator for more information" }, "fields": { "access_token_signing_alg": "JWS alg for signing", diff --git a/admin-ui/app/locales/fr/translation.json b/admin-ui/app/locales/fr/translation.json index 7eb8b51be..9c4584793 100644 --- a/admin-ui/app/locales/fr/translation.json +++ b/admin-ui/app/locales/fr/translation.json @@ -31,7 +31,10 @@ "config_api_status": "État de l'API de configuration", "key_cloak": "Keycloak", "jans_lock": "Jans Lock", - "jans_link": "Lien Jans" + "jans_link": "Lien Jans", + "access_denied":"Accès refusé", + "access_denied_message":"Vous n'êtes pas autorisé à accéder à cette page", + "access_contact_admin":"Veuillez contacter l'administrateur pour obtenir de l'aide" }, "menus": { "adminui": "Administratrice", diff --git a/admin-ui/app/locales/pt/translation.json b/admin-ui/app/locales/pt/translation.json index 6c717aa1a..e08ce76d5 100644 --- a/admin-ui/app/locales/pt/translation.json +++ b/admin-ui/app/locales/pt/translation.json @@ -31,7 +31,10 @@ "config_api_status": "Status da API de configuração", "key_cloak": "Keycloak", "jans_lock": "Jans Lock", - "jans_link": "Link Jans" + "jans_link": "Link Jans", + "access_denied":"Acesso negado", + "access_denied_message":"Entre em contato com o administrador para obter ajuda", + "access_contact_admin":"Se você acha que isso é um erro, entre em contato com o administrador" }, "menus": { "adminui": "Admin", diff --git a/admin-ui/app/routes/Apps/Gluu/GluuPermissionModal.js b/admin-ui/app/routes/Apps/Gluu/GluuPermissionModal.js new file mode 100644 index 000000000..457559f61 --- /dev/null +++ b/admin-ui/app/routes/Apps/Gluu/GluuPermissionModal.js @@ -0,0 +1,49 @@ +import React from "react"; +import { useTranslation } from "react-i18next"; +import { Button, Modal, ModalBody, ModalFooter, ModalHeader } from "reactstrap"; + +const GluuPermissionModal = ({ description = "", handler, isOpen }) => { + const { t } = useTranslation(); + + return ( +
+ + + {t("dashboard.access_denied")} + + +

+ 🚫 {t("dashboard.access_denied_message")} +

+

{t("dashboard.access_contact_admin")}

+ + + + + + + {/* Scoped CSS inside the component */} + +
+ ); +}; + +export default GluuPermissionModal; diff --git a/admin-ui/app/routes/Dashboards/DashboardPage.js b/admin-ui/app/routes/Dashboards/DashboardPage.js index ac991e1af..69c4480fe 100644 --- a/admin-ui/app/routes/Dashboards/DashboardPage.js +++ b/admin-ui/app/routes/Dashboards/DashboardPage.js @@ -26,6 +26,8 @@ import UsersIcon from "Components/SVG/menu/Users"; import Administrator from "Components/SVG/menu/Administrator"; import OAuthIcon from "Components/SVG/menu/OAuth"; import { getHealthServerStatus } from "../../redux/features/healthSlice"; +import GluuPermissionModal from "Routes/Apps/Gluu/GluuPermissionModal"; +import { auditLogoutLogs } from "../../../plugins/user-management/redux/features/userSlice"; function DashboardPage() { const { t } = useTranslation(); @@ -80,20 +82,22 @@ function DashboardPage() { }, [statData]); useEffect(() => { - if (Object.keys(license).length === 0 && access_token) { + if (Object.keys(license).length === 0 && access_token && hasBoth(permissions, STAT_READ, STAT_JANS_READ)) { getLicense(); } }, [access_token, license]); useEffect(() => { - if (clients.length === 0 && access_token) { + if (clients.length === 0 && access_token && hasBoth(permissions, STAT_READ, STAT_JANS_READ)) { buildPayload(userAction, "Fetch openid connect clients", {}); dispatch(getClients({ action: userAction })); } }, [access_token, clients]); useEffect(() => { - if (access_token) { + + if (access_token && hasBoth(permissions, STAT_READ, STAT_JANS_READ)) { + console.log("access_token", access_token,hasBoth(permissions, STAT_READ, STAT_JANS_READ)); getServerStatus(); buildPayload(userAction, "GET Health Status", { service: "all" }); dispatch(getHealthServerStatus({ action: userAction })); @@ -289,14 +293,23 @@ function DashboardPage() { ); }, [serverStatus, serverHealth, dbStatus, t, statusDetails, classes]); + const handleLogout = () => { + dispatch(auditLogoutLogs({ message: "Logging out due to insufficient permissions for Admin UI access." })); + }; + return ( + { + handleLogout(); + }} + isOpen={!hasBoth(permissions, STAT_READ, STAT_JANS_READ)} + />
-
- + -