Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-30 18:07:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 122
fleet/website/api/controllers/android-proxy/modify-android-device.js
Jordan Montgomery abaf15ff51
Do not return MDM=off android hosts from reconciler (#34304) 
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #34299 

Unreleased bug in Android Config profiles 4.75.0 feature. No changes
file as such. I'm not entirely sure how to cause this as I was unable to
repro it locally, there may be a timing issue or something, so I haven't
fully QA'd manually. QA was limited to verifying basic reconciler
functionality

Also updated Website endpoint to not throw a 5XX since we expect this to
occasionally happen

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes

## Testing

- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [ ] QA'd all new/changed functionality manually

For unreleased bug fixes in a release candidate, one of:

- [x] Confirmed that the fix is not expected to adversely impact load
test results
2025-10-16 09:59:17 -04:00

100 lines
3.8 KiB
JavaScript
Vendored
Raw Blame History

module.exports = {
friendlyName: 'Modify android device',
description: 'Modifies a device of an Android enterprise',
inputs: {
androidEnterpriseId: {
type: 'string',
required: true,
},
deviceId: {
type: 'string',
required: true,
},
},
exits: {
success: { description: 'The device of an Android enterprise was successfully updated.' },
missingAuthHeader: { description: 'This request was missing an authorization header.', responseType: 'unauthorized'},
unauthorized: { description: 'Invalid authentication token.', responseType: 'unauthorized'},
notFound: { description: 'No Android enterprise found for this Fleet server.', responseType: 'notFound' },
deviceNoLongerManaged: { description: 'The device is no longer managed by the Android enterprise.', responseType: 'notFound' },
},
fn: async function ({ androidEnterpriseId, deviceId}) {
// Extract fleetServerSecret from the Authorization header
let authHeader = this.req.get('authorization');
let fleetServerSecret;
if (authHeader && authHeader.startsWith('Bearer')) {
fleetServerSecret = authHeader.replace('Bearer', '').trim();
} else {
throw 'missingAuthHeader';
}
// Authenticate this request
let thisAndroidEnterprise = await AndroidEnterprise.findOne({
androidEnterpriseId: androidEnterpriseId
});
// Return a 404 response if no records are found.
if (!thisAndroidEnterprise) {
throw 'notFound';
}
// Return an unauthorized response if the provided secret does not match.
if (thisAndroidEnterprise.fleetServerSecret !== fleetServerSecret) {
throw 'unauthorized';
}
// Check the list of Android Enterprises managed by Fleet to see if this Android Enterprise is still managed.
let isEnterpriseManagedByFleet = await sails.helpers.androidProxy.getIsEnterpriseManagedByFleet(androidEnterpriseId);
// Return a 404 response if this Android enterprise is no longer managed by Fleet.
if(!isEnterpriseManagedByFleet) {
throw 'notFound';
}
// Update the device for this Android enterprise.
// Note: We're using sails.helpers.flow.build here to handle any errors that occur using google's node library.
let modifyDeviceResponse = await sails.helpers.flow.build(async () => {
let { google } = require('googleapis');
let androidmanagement = google.androidmanagement('v1');
let googleAuth = new google.auth.GoogleAuth({
scopes: ['https://www.googleapis.com/auth/androidmanagement'],
credentials: {
client_email: sails.config.custom.androidEnterpriseServiceAccountEmailAddress,// eslint-disable-line camelcase
private_key: sails.config.custom.androidEnterpriseServiceAccountPrivateKey,// eslint-disable-line camelcase
},
});
// Acquire the google auth client, and bind it to all future calls
let authClient = await googleAuth.getClient();
google.options({ auth: authClient });
// [?]: https://googleapis.dev/nodejs/googleapis/latest/androidmanagement/classes/Resource$Enterprises$Devices.html#patch
let patchDeviceResponse = await androidmanagement.enterprises.devices.patch({
name: `enterprises/${androidEnterpriseId}/devices/${deviceId}`,
requestBody: this.req.body,
});
return patchDeviceResponse.data;
}).intercept((err) => {
let errorString = err.toString();
if (errorString.includes('Device is no longer being managed')) {
return {'deviceNoLongerManaged': 'The device is no longer managed by the Android enterprise.'};
}
return new Error(`When attempting to update a device for an Android enterprise (${androidEnterpriseId}), an error occurred. Error: ${err}`);
});
// Return the modified device back to the Fleet server.
return modifyDeviceResponse;
}
};
Reference in a new issue View git blame Copy permalink