KNOX-3187 - Show pop-up window on Token Management/Generation pages when Knox token hash key is missing (apache#1082)

Author: smolnar82

knox-token-generation-ui/token-generation/app/token-generation.component.ts

@@ -68,6 +68,7 @@ export class TokenGenerationComponent implements OnInit {
   // Data coming from TokenStateService status request
   tssStatus: TssStatusData;
 
+
   constructor(private http: HttpClient, private tokenGenService: TokenGenService) {
     this.tssStatusMessageLevel = 'info';
     this.tssStatusMessage = '';
@@ -79,7 +80,14 @@ export class TokenGenerationComponent implements OnInit {
   }
 
   ngOnInit(): void {
-    this.setTokenStateServiceStatus();
+    this.tokenGenService.isTokenHashKeyPresent().then(
+        tokenHashKeyPresent => {
+          if (tokenHashKeyPresent) {
+            this.setTokenStateServiceStatus();
+          } else {
+            this.showMissingKnoxTokenHashKeyPopup();
+          }
+        });
   }
 
   generateToken() {
@@ -110,13 +118,13 @@ export class TokenGenerationComponent implements OnInit {
 
   setTokenStateServiceStatus() {
     this.tokenGenService.getTokenStateServiceStatus()
-    .then(tssStatus => {
-      this.tssStatus = tssStatus;
-      this.decideTssMessage();
-    })
-    .catch((errorMessage) => {
-      this.requestErrorMessage = errorMessage;
-    });
+        .then(tssStatus => {
+          this.tssStatus = tssStatus;
+          this.decideTssMessage();
+        })
+        .catch((errorMessage) => {
+          this.requestErrorMessage = errorMessage;
+        });
   }
 
   copyTextToClipboard(elementId) {
@@ -206,4 +214,14 @@ export class TokenGenerationComponent implements OnInit {
     this.tssStatusMessageLevel = level;
     this.tssStatusMessage = message;
   }
+
+  private showMissingKnoxTokenHashKeyPopup(): void {
+    const message = 'The required gateway-level alias, knox.token.hash.key, is missing.';
+    Swal.fire({
+      icon: 'warning',
+      title: 'Token Generation Disabled!',
+      text: message,
+      confirmButtonColor: '#7cd1f9'
+    });
+  }
 }

knox-token-generation-ui/token-generation/app/token-generation.service.ts

@@ -25,6 +25,7 @@ export class TokenGenService {
     readonly tokenURL: string;
     readonly tssStatusRequestURL: string;
     readonly sessionUrl: string;
+    readonly metadataInfoUrl: string;
 
     constructor(private http: HttpClient) {
         const knoxtokenURL = 'knoxtoken/api/v2/token';
@@ -37,6 +38,7 @@ export class TokenGenService {
         this.tokenURL = topologyContext + knoxtokenURL;
         this.tssStatusRequestURL = topologyContext + tssStatusURL;
         this.sessionUrl = topologyContext + 'session/api/v1/sessioninfo';
+        this.metadataInfoUrl = topologyContext + 'api/v1/metadata/info';
     }
 
     getTokenStateServiceStatus(): Promise<TssStatusData> {
@@ -73,14 +75,31 @@ export class TokenGenService {
         });
     }
 
+    isTokenHashKeyPresent(): Promise<boolean> {
+        let headers = new HttpHeaders();
+        headers = this.addHeaders(headers);
+        return this.http.get(this.metadataInfoUrl, { headers: headers})
+            .toPromise()
+            .then(response => {
+                return response['generalProxyInfo']?.['enableTokenManagement'] === 'true';
+            })
+            .catch((err: HttpErrorResponse) => {
+                console.debug('TokenGenService --> isTokenHashKeyPresent() --> ' + this.metadataInfoUrl + '\n  error: ' + err.message);
+                if (err.status === 401) {
+                    window.location.assign(document.location.pathname);
+                } else {
+                    return this.handleError(err);
+                }
+            });
+    }
     getSessionInformation(): Promise<SessionInformation> {
         let headers = new HttpHeaders();
         headers = this.addHeaders(headers);
         return this.http.get(this.sessionUrl, { headers: headers})
             .toPromise()
             .then(response => response['sessioninfo'] as SessionInformation)
             .catch((err: HttpErrorResponse) => {
-                console.debug('TokenManagementService --> getSessionInformation() --> ' + this.sessionUrl + '\n  error: ' + err.message);
+                console.debug('TokenGenService --> getSessionInformation() --> ' + this.sessionUrl + '\n  error: ' + err.message);
                 if (err.status === 401) {
                     window.location.assign(document.location.pathname);
                 } else {

knox-token-management-ui/token-management/app/token.management.component.html

@@ -15,20 +15,20 @@
 <div>
 
     <div>
-        <button (click)="gotoTokenGenerationPage();">Generate New Token</button>
-        <button type="button" title="Refresh Knox Tokens" (click)="fetchKnoxTokens();">
+        <button (click)="gotoTokenGenerationPage();" [disabled]="!isTokenHashKeyPresent()">Generate New Token</button>
+        <button type="button" title="Refresh Knox Tokens" (click)="fetchKnoxTokens();" [disabled]="!isTokenHashKeyPresent()">
             <span class="glyphicon glyphicon-refresh"></span>
         </button>
         <span style="float: right;">
-            <mat-slide-toggle (change)="onChangeShowDisabledCookies($event)" [(ngModel)]="showDisabledKnoxSsoCookies">
+            <mat-slide-toggle (change)="onChangeShowDisabledCookies($event)" [(ngModel)]="showDisabledKnoxSsoCookies" [disabled]="!isTokenHashKeyPresent()">
               Show Disabled KnoxSSO Cookies
             </mat-slide-toggle>
         </span>
     </div>
 
     <div *ngIf="userCanSeeAllTokens()">
         <span style="float: right;">
-            <mat-slide-toggle (change)="onChangeShowMyTokensOnly($event)" [(ngModel)]="showMyTokensOnly">
+            <mat-slide-toggle (change)="onChangeShowMyTokensOnly($event)" [(ngModel)]="showMyTokensOnly" [disabled]="!isTokenHashKeyPresent()">
               Show My Tokens Only
             </mat-slide-toggle>
         </span>

knox-token-management-ui/token-management/app/token.management.component.ts

@@ -22,6 +22,7 @@ import {MatPaginator} from '@angular/material/paginator';
 import {MatSort} from '@angular/material/sort';
 import {MatSlideToggleChange} from '@angular/material/slide-toggle';
 import {SelectionModel} from '@angular/cdk/collections';
+import Swal from 'sweetalert2';
 
 @Component({
     selector: 'app-token-management',
@@ -39,6 +40,7 @@ export class TokenManagementComponent implements OnInit {
     userName: string;
     canSeeAllTokens: boolean;
     currentKnoxSsoCookieTokenId: string;
+    tokenHashKeyPresent: boolean;
     knoxTokens: MatTableDataSource<KnoxToken> = new MatTableDataSource();
     selection = new SelectionModel<KnoxToken>(true, []);
     allKnoxTokens: KnoxToken[];
@@ -103,6 +105,15 @@ export class TokenManagementComponent implements OnInit {
 
     ngOnInit(): void {
         console.debug('TokenManagementComponent --> ngOnInit()');
+        this.tokenManagementService.isTokenHashKeyPresent().then(
+            tokenHashKeyPresent => {
+                this.tokenHashKeyPresent = tokenHashKeyPresent;
+                if (!tokenHashKeyPresent) {
+                    this.showMissingKnoxTokenHashKeyPopup();
+                }
+            }
+        );
+
         this.tokenManagementService.getSessionInformation()
             .then(sessionInformation => {
               this.canSeeAllTokens = sessionInformation.canSeeAllTokens;
@@ -111,6 +122,10 @@ export class TokenManagementComponent implements OnInit {
             });
     }
 
+    isTokenHashKeyPresent(): boolean{
+        return this.tokenHashKeyPresent;
+    }
+
     setUserName(userName: string) {
         this.userName = userName;
         this.fetchKnoxTokens();
@@ -121,8 +136,12 @@ export class TokenManagementComponent implements OnInit {
     }
 
     fetchKnoxTokens(): void {
-        this.tokenManagementService.getKnoxTokens(this.userName, this.canSeeAllTokens)
-            .then(tokens => this.updateTokens(tokens));
+        if (this.tokenHashKeyPresent) {
+            this.tokenManagementService.getKnoxTokens(this.userName, this.canSeeAllTokens)
+                .then(tokens => this.updateTokens(tokens));
+        } else {
+            console.debug('knox.token.hash.key is missing, skipping Knox token fetch...');
+        }
     }
 
     private isMyToken(token: KnoxToken): boolean {
@@ -284,4 +303,14 @@ export class TokenManagementComponent implements OnInit {
         return this.isKnoxSsoCookie(token) && token.tokenId === this.currentKnoxSsoCookieTokenId;
     }
 
+    private showMissingKnoxTokenHashKeyPopup(): void {
+        const message = 'The required gateway-level alias, knox.token.hash.key, is missing.';
+        Swal.fire({
+            icon: 'warning',
+            title: 'Token Management Disabled!',
+            text: message,
+            confirmButtonColor: '#7cd1f9'
+        });
+    }
+
 }

knox-token-management-ui/token-management/app/token.management.service.ts

@@ -38,6 +38,7 @@ export class TokenManagementService {
     revokeKnoxTokenUrl = this.apiUrl + 'revoke';
     revokeKnoxTokensBatchUrl = this.apiUrl + 'revokeTokens';
     getTssStatusUrl = this.apiUrl + 'getTssStatus';
+    metadataInfoUrl = this.topologyContext + 'api/v1/metadata/info';
 
     constructor(private http: HttpClient) {}
 
@@ -129,6 +130,25 @@ export class TokenManagementService {
             });
     }
 
+    isTokenHashKeyPresent(): Promise<boolean> {
+        let headers = new HttpHeaders();
+        headers = this.addJsonHeaders(headers);
+        return this.http.get(this.metadataInfoUrl, { headers: headers})
+            .toPromise()
+            .then(response => {
+                return response['generalProxyInfo']?.['enableTokenManagement'] === 'true';
+            })
+            .catch((err: HttpErrorResponse) => {
+                console.debug('TokenManagementService --> isTokenHashKeyPresent() --> '
+                    + this.metadataInfoUrl + '\n  error: ' + err.message);
+                if (err.status === 401) {
+                    window.location.assign(document.location.pathname);
+                } else {
+                    return this.handleError(err);
+                }
+            });
+    }
+
     getSessionInformation(): Promise<SessionInformation> {
         let headers = new HttpHeaders();
         headers = this.addJsonHeaders(headers);