From cf967703afe5481785a8dd93e82a96718131fb99 Mon Sep 17 00:00:00 2001
From: Jatin Mehta <mjatin78@gmail.com>
Date: Mon, 6 Jan 2025 00:13:44 +0530
Subject: [PATCH] update token script should reject the tampered user-info-jwt

---
 admin-ui/app/locales/en/translation.json      |  5 +-
 admin-ui/app/locales/fr/translation.json      |  8 +--
 admin-ui/app/locales/pt/translation.json      |  8 +--
 .../routes/Apps/Gluu/GluuPermissionModal.js   | 49 +++++++++++++++++++
 .../app/routes/Dashboards/DashboardPage.js    | 30 +++++++-----
 5 files changed, 81 insertions(+), 19 deletions(-)
 create mode 100644 admin-ui/app/routes/Apps/Gluu/GluuPermissionModal.js

diff --git a/admin-ui/app/locales/en/translation.json b/admin-ui/app/locales/en/translation.json
index 691a2d309..555413557 100644
--- a/admin-ui/app/locales/en/translation.json
+++ b/admin-ui/app/locales/en/translation.json
@@ -83,7 +83,10 @@
     "config_api_status":"Config API Status",
     "key_cloak":"Keycloak",
     "jans_lock":"Jans Lock",
-    "jans_link":"Jans Link"
+    "jans_link":"Jans Link",
+    "access_denied":"Access Denied",
+    "access_denied_message":"You do not have permission to access this page",
+    "access_contact_admin":"Please contact your administrator for more information"
   },
   "fields": {
     "access_token_signing_alg": "JWS alg for signing",
diff --git a/admin-ui/app/locales/fr/translation.json b/admin-ui/app/locales/fr/translation.json
index 336415927..37049329b 100644
--- a/admin-ui/app/locales/fr/translation.json
+++ b/admin-ui/app/locales/fr/translation.json
@@ -31,7 +31,10 @@
     "config_api_status": "État de l'API de configuration",
     "key_cloak": "Keycloak",
     "jans_lock": "Jans Lock",
-    "jans_link": "Lien Jans"
+    "jans_link": "Lien Jans",
+    "access_denied":"Accès refusé",
+    "access_denied_message":"Vous n'êtes pas autorisé à accéder à cette page",
+    "access_contact_admin":"Veuillez contacter l'administrateur pour obtenir de l'aide"
   },
   "menus": {
     "adminui": "Administratrice",
@@ -104,8 +107,7 @@
     "customer_backend_key_attributes": "Clé/attributs du backend client",
     "source_backend_ldap_servers": "Serveurs LDAP dorsaux sources",
     "inum_db_server": "Serveur de base de données Inum",
-    "static_configuration": "Configuration statique",
-    "dynamic_configuration": "Configuration dynamique"
+    "static_configuration": "Configuration statique"
   },
   "actions": {
     "accept": "J'accepte",
diff --git a/admin-ui/app/locales/pt/translation.json b/admin-ui/app/locales/pt/translation.json
index 2f8ad127e..54d2dc364 100644
--- a/admin-ui/app/locales/pt/translation.json
+++ b/admin-ui/app/locales/pt/translation.json
@@ -31,7 +31,10 @@
     "config_api_status": "Status da API de configuração",
     "key_cloak": "Keycloak",
     "jans_lock": "Jans Lock",
-    "jans_link": "Link Jans"
+    "jans_link": "Link Jans",
+    "access_denied":"Acesso negado",
+    "access_denied_message":"Entre em contato com o administrador para obter ajuda",
+    "access_contact_admin":"Se você acha que isso é um erro, entre em contato com o administrador"
   },
   "menus": {
     "adminui": "Admin",
@@ -102,8 +105,7 @@
     "customer_backend_key_attributes": "Chave/atributos de back-end do cliente",
     "source_backend_ldap_servers": "Servidores LDAP de back-end de origem",
     "inum_db_server": "Servidor DB Inum",
-    "static_configuration": "Configuração estática",
-    "dynamic_configuration": "Configuração Dinâmica"
+    "static_configuration": "Configuração estática"
   },
   "actions": {
     "accept": "Aceitar",
diff --git a/admin-ui/app/routes/Apps/Gluu/GluuPermissionModal.js b/admin-ui/app/routes/Apps/Gluu/GluuPermissionModal.js
new file mode 100644
index 000000000..457559f61
--- /dev/null
+++ b/admin-ui/app/routes/Apps/Gluu/GluuPermissionModal.js
@@ -0,0 +1,49 @@
+import React from "react";
+import { useTranslation } from "react-i18next";
+import { Button, Modal, ModalBody, ModalFooter, ModalHeader } from "reactstrap";
+
+const GluuPermissionModal = ({ description = "", handler, isOpen }) => {
+  const { t } = useTranslation();
+
+  return (
+    <div>
+      <Modal
+        centered
+        isOpen={isOpen}
+        style={{ minWidth: "45vw" }}
+        toggle={handler}
+        className="modal-outline-primary"
+        backdrop="static"
+      >
+        <ModalHeader>
+          <i className="bi bi-shield-lock" /> {t("dashboard.access_denied")}
+        </ModalHeader>
+        <ModalBody className="text-center">
+          <p className="text-muted">
+            🚫 <strong>{t("dashboard.access_denied_message")}</strong>
+          </p>
+          <p>{t("dashboard.access_contact_admin")}</p>
+        </ModalBody>
+        <ModalFooter>
+          <Button
+            className="d-flex align-items-center"
+            onClick={handler}
+          >
+            {t("menus.signout")}
+          </Button>
+        </ModalFooter>
+      </Modal>
+
+      {/* Scoped CSS inside the component */}
+      <style>
+        {`
+          .modal {
+            background: #000 !important;
+          }
+        `}
+      </style>
+    </div>
+  );
+};
+
+export default GluuPermissionModal;
diff --git a/admin-ui/app/routes/Dashboards/DashboardPage.js b/admin-ui/app/routes/Dashboards/DashboardPage.js
index ac991e1af..69c4480fe 100644
--- a/admin-ui/app/routes/Dashboards/DashboardPage.js
+++ b/admin-ui/app/routes/Dashboards/DashboardPage.js
@@ -26,6 +26,8 @@ import UsersIcon from "Components/SVG/menu/Users";
 import Administrator from "Components/SVG/menu/Administrator";
 import OAuthIcon from "Components/SVG/menu/OAuth";
 import { getHealthServerStatus } from "../../redux/features/healthSlice";
+import GluuPermissionModal from "Routes/Apps/Gluu/GluuPermissionModal";
+import { auditLogoutLogs } from "../../../plugins/user-management/redux/features/userSlice";
 
 function DashboardPage() {
   const { t } = useTranslation();
@@ -80,20 +82,22 @@ function DashboardPage() {
   }, [statData]);
 
   useEffect(() => {
-    if (Object.keys(license).length === 0 && access_token) {
+    if (Object.keys(license).length === 0 && access_token && hasBoth(permissions, STAT_READ, STAT_JANS_READ)) {
       getLicense();
     }
   }, [access_token, license]);
 
   useEffect(() => {
-    if (clients.length === 0 && access_token) {
+    if (clients.length === 0 && access_token && hasBoth(permissions, STAT_READ, STAT_JANS_READ)) {
       buildPayload(userAction, "Fetch openid connect clients", {});
       dispatch(getClients({ action: userAction }));
     }
   }, [access_token, clients]);
 
   useEffect(() => {
-    if (access_token) {
+
+    if (access_token && hasBoth(permissions, STAT_READ, STAT_JANS_READ)) {
+      console.log("access_token", access_token,hasBoth(permissions, STAT_READ, STAT_JANS_READ));
       getServerStatus();
       buildPayload(userAction, "GET Health Status", { service: "all" });
       dispatch(getHealthServerStatus({ action: userAction }));
@@ -289,14 +293,23 @@ function DashboardPage() {
     );
   }, [serverStatus, serverHealth, dbStatus, t, statusDetails, classes]);
 
+  const handleLogout = () => {
+    dispatch(auditLogoutLogs({ message: "Logging out due to insufficient permissions for Admin UI access." }));
+  };
+
   return (
     <GluuLoader blocking={loading}>
+      <GluuPermissionModal
+        handler={() => {
+          handleLogout();
+        }}
+        isOpen={!hasBoth(permissions, STAT_READ, STAT_JANS_READ)}
+      />
       <GluuViewWrapper
         canShow={hasBoth(permissions, STAT_READ, STAT_JANS_READ)}
       >
         <div className={classes.root}>
           <Grid container className="px-40 h-100" spacing={2}>
-
             <Grid item lg={3} md={12} xs={12} height="auto">
               <div
                 className={classes.userInfoTitle}
@@ -336,13 +349,7 @@ function DashboardPage() {
               {StatusCard}
             </Grid>
 
-            <Grid
-              item
-              lg={4}
-              md={12}
-              xs={12}
-            
-            >
+            <Grid item lg={4} md={12} xs={12}>
               <Paper
                 className={`${classes.dashboardCard} top-minus-40 d-flex justify-content-center`}
                 elevation={0}
@@ -396,7 +403,6 @@ function DashboardPage() {
                 </Grid>
               </Paper>
             </Grid>
-
           </Grid>
 
           <Grid container className={`px-40`}>