fleet/website/api/controllers/android-proxy/get-enterprise-applications.js

module.exports = {


  friendlyName: 'Get android enterprise applications',


  description: 'Gets an android enterprise application',


  inputs: {
    androidEnterpriseId: {
      type: 'string',
      required: true,
    },
    applicationId: {
      type: 'string',
      required: true,
    },
  },


  exits: {
    success: { description: 'The device of an Android enterprise was successfully retrieved.' },
    missingAuthHeader: { description: 'This request was missing an authorization header.', responseType: 'unauthorized'},
    unauthorized: { description: 'Invalid authentication token.', responseType: 'unauthorized'},
    notFound: { description: 'App not found', responseType: 'notFound' },
    deviceNoLongerManaged: { description: 'The device is no longer managed by the Android enterprise.', responseType: 'notFound' },
  },


  fn: async function ({ androidEnterpriseId, applicationId}) {

    // Extract fleetServerSecret from the Authorization header
    let authHeader = this.req.get('authorization');
    let fleetServerSecret;

    if (authHeader && authHeader.startsWith('Bearer')) {
      fleetServerSecret = authHeader.replace('Bearer', '').trim();
    } else {
      throw 'missingAuthHeader';
    }

    // Authenticate this request
    let thisAndroidEnterprise = await AndroidEnterprise.findOne({
      androidEnterpriseId: androidEnterpriseId
    });

    // Return a 404 response if no records are found.
    if (!thisAndroidEnterprise) {
      throw 'notFound';
    }
    // Return an unauthorized response if the provided secret does not match.
    if (thisAndroidEnterprise.fleetServerSecret !== fleetServerSecret) {
      throw 'unauthorized';
    }

    // Check the list of Android Enterprises managed by Fleet to see if this Android Enterprise is still managed.
    let isEnterpriseManagedByFleet = await sails.helpers.androidProxy.getIsEnterpriseManagedByFleet(androidEnterpriseId);
    // Return a 404 response if this Android enterprise is no longer managed by Fleet.
    if(!isEnterpriseManagedByFleet) {
      throw 'notFound';
    }

    // Get the device for this Android enterprise.
    // Note: We're using sails.helpers.flow.build here to handle any errors that occur using google's node library.
    let getApplicationsResponse = await sails.helpers.flow.build(async () => {
      let { google } = require('googleapis');
      let androidmanagement = google.androidmanagement('v1');
      let googleAuth = new google.auth.GoogleAuth({
        scopes: ['https://www.googleapis.com/auth/androidmanagement'],
        credentials: {
          client_email: sails.config.custom.androidEnterpriseServiceAccountEmailAddress,// eslint-disable-line camelcase
          private_key: sails.config.custom.androidEnterpriseServiceAccountPrivateKey,// eslint-disable-line camelcase
        },
      });
      // Acquire the google auth client, and bind it to all future calls
      let authClient = await googleAuth.getClient();
      google.options({ auth: authClient });
      // [?]: https://googleapis.dev/nodejs/googleapis/latest/androidmanagement/classes/Resource$Enterprises$Applications.html#get
      let getApplicationsResult = await androidmanagement.enterprises.applications.get({
        name: `enterprises/${androidEnterpriseId}/applications/${applicationId}`,
      });
      return getApplicationsResult.data;
    }).intercept((err) => {
      let errorString = err.toString();
      if (errorString.includes('Device is no longer being managed')) {
        return {'deviceNoLongerManaged': 'The device is no longer managed by the Android enterprise.'};
      }
      return new Error(`When attempting to get an application for an Android enterprise (${androidEnterpriseId}), an error occurred. Error: ${require('util').inspect(err)}`);
    });


    // Return the device data back to the Fleet server.
    return getApplicationsResponse;

  }


};
Android app self service: backend support (#34711) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> Related issue: Resolves #34389 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) ## Testing - [x] Added/updated automated tests - [x] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [x] QA'd all new/changed functionality manually ## Database migrations - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). 2025-11-13 23:10:24 +00:00			`module.exports = {`


			`friendlyName: 'Get android enterprise applications',`


			`description: 'Gets an android enterprise application',`


			`inputs: {`
			`androidEnterpriseId: {`
			`type: 'string',`
			`required: true,`
			`},`
			`applicationId: {`
			`type: 'string',`
			`required: true,`
			`},`
			`},`


			`exits: {`
fail gracefully when profile is invalid (#38899) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> Related issue: Resolves #35211 # Checklist for submitter - [x] QA'd all new/changed functionality manually 2026-01-28 15:57:27 +00:00			`success: { description: 'The device of an Android enterprise was successfully retrieved.' },`
Android app self service: backend support (#34711) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> Related issue: Resolves #34389 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) ## Testing - [x] Added/updated automated tests - [x] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [x] QA'd all new/changed functionality manually ## Database migrations - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). 2025-11-13 23:10:24 +00:00			`missingAuthHeader: { description: 'This request was missing an authorization header.', responseType: 'unauthorized'},`
			`unauthorized: { description: 'Invalid authentication token.', responseType: 'unauthorized'},`
			`notFound: { description: 'App not found', responseType: 'notFound' },`
			`deviceNoLongerManaged: { description: 'The device is no longer managed by the Android enterprise.', responseType: 'notFound' },`
			`},`


			`fn: async function ({ androidEnterpriseId, applicationId}) {`

			`// Extract fleetServerSecret from the Authorization header`
			`let authHeader = this.req.get('authorization');`
			`let fleetServerSecret;`

			`if (authHeader && authHeader.startsWith('Bearer')) {`
			`fleetServerSecret = authHeader.replace('Bearer', '').trim();`
			`} else {`
			`throw 'missingAuthHeader';`
			`}`

			`// Authenticate this request`
			`let thisAndroidEnterprise = await AndroidEnterprise.findOne({`
			`androidEnterpriseId: androidEnterpriseId`
			`});`

			`// Return a 404 response if no records are found.`
			`if (!thisAndroidEnterprise) {`
			`throw 'notFound';`
			`}`
			`// Return an unauthorized response if the provided secret does not match.`
			`if (thisAndroidEnterprise.fleetServerSecret !== fleetServerSecret) {`
			`throw 'unauthorized';`
			`}`

			`// Check the list of Android Enterprises managed by Fleet to see if this Android Enterprise is still managed.`
			`let isEnterpriseManagedByFleet = await sails.helpers.androidProxy.getIsEnterpriseManagedByFleet(androidEnterpriseId);`
			`// Return a 404 response if this Android enterprise is no longer managed by Fleet.`
			`if(!isEnterpriseManagedByFleet) {`
			`throw 'notFound';`
			`}`

			`// Get the device for this Android enterprise.`
			`// Note: We're using sails.helpers.flow.build here to handle any errors that occur using google's node library.`
			`let getApplicationsResponse = await sails.helpers.flow.build(async () => {`
			`let { google } = require('googleapis');`
			`let androidmanagement = google.androidmanagement('v1');`
			`let googleAuth = new google.auth.GoogleAuth({`
			`scopes: ['https://www.googleapis.com/auth/androidmanagement'],`
			`credentials: {`
			`client_email: sails.config.custom.androidEnterpriseServiceAccountEmailAddress,// eslint-disable-line camelcase`
			`private_key: sails.config.custom.androidEnterpriseServiceAccountPrivateKey,// eslint-disable-line camelcase`
			`},`
			`});`
			`// Acquire the google auth client, and bind it to all future calls`
			`let authClient = await googleAuth.getClient();`
			`google.options({ auth: authClient });`
			`// [?]: https://googleapis.dev/nodejs/googleapis/latest/androidmanagement/classes/Resource$Enterprises$Applications.html#get`
Website: Update android proxy `get-enterprise-applications` endpoint (#38972) Changes: - Updated the `get-enterprise-applications` Android proxy endpoint to use the `enterprises.applications.get` method (It is currently using the enterprises.devices.get` method) - Updated errors returned by the `get-enterprise-applications` endpoint to include more information from the error returned by Google. 2026-02-09 23:25:56 +00:00			`let getApplicationsResult = await androidmanagement.enterprises.applications.get({`
Android app self service: backend support (#34711) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> Related issue: Resolves #34389 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) ## Testing - [x] Added/updated automated tests - [x] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [x] QA'd all new/changed functionality manually ## Database migrations - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). 2025-11-13 23:10:24 +00:00			name: `enterprises/${androidEnterpriseId}/applications/${applicationId}`,
			`});`
			`return getApplicationsResult.data;`
			`}).intercept((err) => {`
			`let errorString = err.toString();`
			`if (errorString.includes('Device is no longer being managed')) {`
			`return {'deviceNoLongerManaged': 'The device is no longer managed by the Android enterprise.'};`
			`}`
Website: Update android proxy `get-enterprise-applications` endpoint (#38972) Changes: - Updated the `get-enterprise-applications` Android proxy endpoint to use the `enterprises.applications.get` method (It is currently using the enterprises.devices.get` method) - Updated errors returned by the `get-enterprise-applications` endpoint to include more information from the error returned by Google. 2026-02-09 23:25:56 +00:00			return new Error(`When attempting to get an application for an Android enterprise (${androidEnterpriseId}), an error occurred. Error: ${require('util').inspect(err)}`);
Android app self service: backend support (#34711) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> Related issue: Resolves #34389 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) ## Testing - [x] Added/updated automated tests - [x] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [x] QA'd all new/changed functionality manually ## Database migrations - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). 2025-11-13 23:10:24 +00:00			`});`


			`// Return the device data back to the Fleet server.`
			`return getApplicationsResponse;`

			`}`


			`};`