* Added marker interface for TriggerHandler to indicate if they are time based and thus can be used to simulate execution times.
* Added marker interface for ConditionHandler to indicate, if they are time based and thus can be checked during rule execution for a certain time.
* Moved CronAdjuster to common, so it can be used for the rule simulation
* Created RuleExecutionSimulator that allows simulation of rules
* Added method in RuleManger to create simulation
* Added rest endpoint for rule simulation.
* Changed marker interface to return TemporalAdjuster instead of cron expression. This better hides the internals of the TriggerHandler (i.e. the cron expression) and is more clear and flexible for other handlers to implement
Fixes#2044Fixes#2266
Signed-off-by: Sönke Küper <soenkekueper@gmx.de>
Workaround for https://github.com/openhab/openhab-core/issues/1842.
Typically serial connections are disconnected and reconnected on IO
errors. This has turned out to be problematic with the recent
nrjavaserial updates brought by OH3 (locking behaviour of nrjavaserial
seems to be prone to deadlocks).
We workaround the issues by trying to keep the serial connection open
as long as possible.
Signed-off-by: Sami Salonen <ssalonen@gmail.com>
* Aligns compile dependencies with OSGi R7
* Aligns runtime dependencies with Karaf 4.3.1
* Fixes issues due to dependency changes:
* AudioServletTest never ending due to Jetty upgrade
* Feature resolution failing due to Karaf activation-api no longer visible
* Uses Pax Logging as runtime dependency instead of Felix Log
This dependency change makes itests and Demo App behave more like the actual distro
To change the log level in itests, change the value of org.ops4j.pax.logging.DefaultServiceLog.level in itest-include.bndrun
* Adds --add-opens and nashorn.args in itest-include.bndrun to prevent some warnings being logged in itests
Related to openhab/openhab-distro#1167
Signed-off-by: Wouter Born <github@maindrain.net>
Allows scripts to specify per-script start levels which differ from the start level for the ScriptFileWatcher itself. Also extracted some functionality from ScriptFileWatcher into distinct components & added unit tests to cover all script loading functionality.
Signed-off-by: Jonathan Gilbert <jpg@trillica.com>
Some users reported the scheduler to be run to earlier.
It actual is known the Java scheduler can drift.
To handle this problem 2 changes have been made:
1. If the scheduler triggers > 2 sec before expected end time it will
reschedule.
2. The scheduler keeps track of the timestamp the job should run. For
recurring schedulers, like cron, when the next job is run it offsets of
the calculated time, and not the actual time. This guaranties that the
next scheduled time is actual the next scheduled time and not the same
end time in case the scheduler would trigger to early.
Signed-off-by: Hilbrand Bouwkamp <hilbrand@h72.nl>
* [modbus] More strict nullness annotations
Taking into consideration that we always have default
EndpointPoolConfiguration
* [modbus] Utilize default pool configuration consistently
* [modbus] Make (internal) ModbusCommunicationInterfaceImpl constr private
* [modbus] Handle null config of modbus comm when detecting open conns
* [modbus] default connection timeout of 10s with default pool config
Signed-off-by: Sami Salonen <ssalonen@gmail.com>
* Add profile to generate semantics classes with groovy-maven-plugin
This way you can generate the classes with Maven when adding -DgenerateTagClasses to your build command.
I.e. you no longer need to have Groovy locally installed for this.
Also properly sorts the generated imports so they match the Spotless configuration.
Signed-off-by: Wouter Born <github@maindrain.net>
* Add site provider lookup in proxy
Third attempt at this PR, but this very simply allows for the proxy to find the sitemaps for both file based as well as gui generated.
Fixes#2154Fixesopenhab/openhab-webui#763Fixesopenhab/openhab-webui#745
Also-by: Kai Kreuzer <kai@openhab.org>
Signed-off-by: Brian Homeyer <bhomeyer@gmail.com>
* Exclude commons-net from core dependencies so it is no longer automatically a transitive compile dependency
* Update nrjavaserial compile dependency to a version that no longer includes commons-net packages
* Define and use commons.net.version property
* Rework features so commons-net is only installed when required
Signed-off-by: Wouter Born <github@maindrain.net>
* Fix parsing integer & booleans parameters in UI component based sitemaps
Also catch remaining exceptions and log a warning/ignore the parameter
instead of making the whole sitemap building process fail.
Fix wrong feature ID for the video widget URL.
Fixes#2047.
Fixes#1987.
Fixes#1898.
Fixes#1875.
Fixes https://github.com/openhab/openhab-webui/issues/745.
Signed-off-by: Yannick Schaus <github@schaus.net>
In additions, command->registers tests have been once made more
readable, covering all the corner cases with integers.
Signed-off-by: Sami Salonen <ssalonen@gmail.com>
use full filename without extension as uid for rules provided by DSL files
fix bug where rule filenames with common prefix and "." resulted in same uid
Signed-off-by: Leon Kiefer <leon.k97@gmx.de>
This contains an update to the messages for the login,
change password, create API token pages from Crowdin
in ISO-8859 format.
Contains a completed German translation update, and
the following new completed languages:
- Czech
- Finnish
- Hungarian
- Portuguese (Brazil)
- Swedish
- Ukrainian
Dutch, French, Italian are unchanged from RC1.
Signed-off-by: Yannick Schaus <github@schaus.net>
The "summary" mode for `/rest/things` introduced in https://github.com/openhab/openhab-core/pull/1827
leads to these warnings in the console:
```
Field 'firmwareStatus' could not be eliminated: Can not set final org.openhab.core.thing.firmware.dto.FirmwareStatusDTO field org.openhab.core.io.rest.core.thing.EnrichedThingDTO.firmwareStatus to null value
```
The easiest solution to remove those warnings is to add it again to the list of fields included in the summaries.
Signed-off-by: Yannick Schaus <github@schaus.net>
This is the PR with the messages.properties files in
Dutch, German (partial) and Italian extracted from
#1929 and converted to the proper ISO-8859 encoding.
Signed-off-by: Yannick Schaus <github@schaus.net>
This implements localized messages for the authorize, change
password and create API token pages using a resource bundle.
Messages in English & French are included.
Signed-off-by: Yannick Schaus <github@schaus.net>
Related to #1791
Also-by: Christoph Weitkamp <github@christophweitkamp.de>
Also-by: Mark <m.stroeve@appsoftware.nl>
Signed-off-by: Laurent Garnier <lg.hc@free.fr>
I can't think of a good reason why listing things or querying their status should be allowed for users.
The things layer should only be of concern to admins IMHO.
As noted here: https://community.openhab.org/t/oh3-will-list-all-your-things-even-if-you-are-not-logged-in/108006/3
passwords and other sensible information in configuration could end up being exposed without auth required.
Signed-off-by: Yannick Schaus <github@schaus.net>
Remove the groupname from the members if the group item is removed.
This is implemented in the ManagedItemProvider.
Fixes#1785Fixes#1392
Signed-off-by: Simon Lamon <simonlamon93@hotmail.com>
The /things, /rules, /ui/components endpoints retrieve all objects
in their entirety, which can become very big, i.e. channels, config
parameters, script rule modules or trees of UI components can
quickly add up to the size.
When the UI simply displays a list of those objects it retrieves all
this extra information but does nothing with it.
This introduces an optional ?summary=true query parameter for the
above resources to limit the output to pre-defined fields which are
deemed most relevant for displaying these lists, omitting the rest.
When the option is not set, the behavior remains unchanged so this
change is not API breaking. The API version has therefore not been
incremented. The client is responsible for adding the option to
retrieve summarized collections instead of the entire objects.
Signed-off-by: Yannick Schaus <github@schaus.net>
This should fix the issue reported here:
https://community.openhab.org/t/openhab-3-0-milestone-2-discussion/107564/8
where the Nashorn script engine would be created with the
current thread's class loader, causing JS code like this:
```
var Log = Java.type("org.openhab.core.model.script.actions.Log");
Log.logError("Experiments", "This is an OH error log");
Log.logWarn("Experiments", "This is an OH warn log");
Log.logInfo("Experiments", "This is an OH info log");
Log.logDebug("Experiments", "This is an OH debug log");
```
to run fine when the rule was triggered but fail to find the Log
class when run from the REST API's `/rest/rules/{ruleUID}/runnow`,
because in that case the generic createScriptEngine implementation
would return script engines using the JAX-RS class loader as the
"app" class loader.
Note:
We also have an opportunity to restrict which classes are exposed
to the script with a ClassFilter to a specific set:
https://docs.oracle.com/javase/8/docs/jdk/api/nashorn/jdk/nashorn/api/scripting/NashornScriptEngineFactory.html#getScriptEngine-java.lang.String:A-java.lang.ClassLoader-jdk.nashorn.api.scripting.ClassFilter-
This could prove useful to mitigate code execution vulnerabilities,
as the script code is modifiable remotely.
Signed-off-by: Yannick Schaus <github@schaus.net>
Some MQTT servers can be quirky, then do not handle Usubscribe request properly.
In this case we have to omit sending it. Introduce a boolean flag, telling
whether the request should be sent or not, and add a public function to set it.
iRobot built-in MQTT server is known to suffer from this problem.
Signed-off-by: Pavel Fedin <pavel_fedin@mail.ru>
These workarounds to prevent false positives can be removed now the EEAs allow for proper null analysis.
Signed-off-by: Wouter Born <github@maindrain.net>
* Added unit test for read-only Number- and String-Items to not return a Selection Element
* Improved usage of 'lastIndexOf'
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
This adds API tokens as a new credential type. Their format is:
`oh.<name>.<random chars>`
The "oh." prefix is used to tell them apart from a JWT access token,
because they're both used as a Bearer authorization scheme, but there
is no semantic value attached to any of the other parts.
They are stored hashed in the user's profile, and can be listed, added
or removed managed with the new `openhab:users` console command.
Currently the scopes are still not checked, but ultimately they could
be, for instance a scope of e.g. `user admin.items` would mean that the
API token can be used to perform user operations like retrieving info
or sending a command, _and_ managing the items, but nothing else -
even if the user has more permissions because of their role (which
will of course still be checked).
Tokens are normally passed in the Authorization header with the Bearer
scheme, or the X-OPENHAB-TOKEN header, like access tokens.
As a special exception, API tokens can also be used with the Basic
authorization scheme, **even if the allowBasicAuth** option is not
enabled in the "API Security" service, because there's no additional
security risk in allowing that. In that case, the token should be
passed as the username and the password MUST be empty.
In short, this means that all these curl commands will work:
- `curl -H 'Authorization: Bearer <token>' http://localhost:8080/rest/inbox`
- `curl -H 'X-OPENHAB-TOKEN: <token>' http://localhost:8080/rest/inbox`
- `curl -u '<token>[:]' http://localhost:8080/rest/inbox`
- `curl http://<token>@localhost:8080/rest/inbox`
2 REST API operations were adding to the AuthResource, to allow
authenticated users to list their tokens or remove (revoke) one.
Self-service for creating a token or changing the password is more
sensitive so these should be handled with a servlet and pages devoid
of any JavaScript instead of REST API calls, therefore for now they'll
have to be done with the console.
This also fixes regressions introduced with #1713 - the operations
annotated with @RolesAllowed({ Role.USER }) only were not authorized
for administrators anymore.
* Generate a unique salt for each token
Reusing the password salt is bad practice, and changing the
password changes the salt as well which makes all tokens
invalid.
Put the salt in the same field as the hash (concatenated
with a separator) to avoid modifying the JSON DB schema.
* Fix API token authentication, make scope available to security context
The X-OPENHAB-TOKEN header now has priority over the Authorization
header to credentials, if both are set.
* Add self-service pages to change password & create new API token
Signed-off-by: Yannick Schaus <github@schaus.net>
* Add rule UID to error message
* Add exception with stacktrace when debug level is enabled
Related to #1734
Signed-off-by: Wouter Born <github@maindrain.net>
(I included these fixes in #1735 but extracted them in a stanalone
PR because it's easier to review and a little more urgent.)
As a result of the refactoring in #1713, the operations annotated with
`@RolesAllowed` containing `Role.USER` are not anymore automatically
considered accessible to all users, regardless of their actual roles.
4 operations are therefore now denied to admins if they only have the
`Role.ADMIN` role, as the first admininistrator is created only with
that role the UI encounters unexpected access denied errors and breaks.
(See https://github.com/openhab/openhab-webui/issues/422).
Closes https://github.com/openhab/openhab-webui/issues/422.
Signed-off-by: Yannick Schaus <github@schaus.net>
* Allow basic authentication to authorize API access
Closes#1699.
Note, this opens a minor security issue that allows an attacker
to brute force passwords by making calls to the API - contrary to
the authorization page, the credentials parsing for the REST API
is stateless & doesn't have a lock mechanism to lock user accounts
after too many failed login attempts.
Signed-off-by: Yannick Schaus <github@schaus.net>
Xtext uses a cache for looking up classes when rules are run.
It also adds a null class value to this cache when a class is not found.
Once a value has entered the cache it will not be updated.
This causes the cache to return the wrong class (or the null value) when
calling static methods on ActionService and ThingActions classes that
were added/updated.
With the changes in this PR Xtext will be configured to use a custom cache
that updates the ActionService and ThingActions class references.
The PR also has a fix for the AnnotatedThingActionModuleTypeProvider not
properly sending ModuleType removed events when all ThingActions
registrations have been removed.
Fixes#1265Fixes#1694
Signed-off-by: Wouter Born <github@maindrain.net>
When one of the engines is unset the ScriptModuleTypeProvider clears all parameter options instead of only those that apply to that engine.
This fixes the Nashorn engine missing from the parameter options on the first openHAB startup.
Signed-off-by: Wouter Born <github@maindrain.net>
Catch specific exceptions and don't log errors but instead add an appropriate message and preserve the stacktrace.
Signed-off-by: Wouter Born <github@maindrain.net>
* Prevent IllegalStateException when closing SSE sink
* Simplify code and log exceptions on debug
There seem to be no issues anymore with the exception handling when SSE clients disconnect so simplify the exception handling.
Suppressing exceptions based on error message is also likely to break when new exceptions are added or messages change.
There are also still exceptions that get logged with "failure" but from which the code seems to recover without any issues.
Fixes#1499
Signed-off-by: Wouter Born <github@maindrain.net>
Since there are no more action add-ons in the distribution, I'd suggest to remove these from the `KarafAddonService` so they won't appear in the UI menus.
Signed-off-by: Yannick Schaus <github@schaus.net>
* Fixes bugs (vulnerabilities/performance issues)
* Supports OSGi better
* Prevents illegal reflective access warnings on newer Java versions
* Supports java.time converters
For XStream release notes see: https://x-stream.github.io/changes.html
The XmlDocumentReader which uses XStream has also been modified to configure XStream security to prevent "Security framework of XStream not initialized, XStream is probably vulnerable" warnings.
Signed-off-by: Wouter Born <github@maindrain.net>
Upgrades to:
* Xtext 2.23.0
* Xtend 2.23.0
* LSP 0.9.0
For Xtext release notes see: https://www.eclipse.org/Xtext/releasenotes.html#/releasenotes/2020/09/01/version-2-23-0
The Xtext dependencies are now managed using their BOM which makes it easier to keep them in sync.
Because Xtext depends on a newer ASM version some runtime dependencies were also upgraded:
* ASM 8.0.1
* Pax Web 7.2.15
* XBean 4.17.0
Signed-off-by: Wouter Born <github@maindrain.net>
* Filter empty i18n config parameter options
There are many locales that do not have a country resulting in these empty parameter options.
Related to #1662
Signed-off-by: Wouter Born <github@maindrain.net>
* Add listener to SseBroadcaster so sseEventSinkRemoved events are handled
* Use Instant instead of long for tracking subscription creation times
* Run cleanup every 2 minutes instead of every 5 minutes
Fixes#1674
Signed-off-by: Wouter Born <github@maindrain.net>
This removes the remaining deprecated MQTT transport code which was not part of #1668.
Related to #1408
Signed-off-by: Wouter Born <github@maindrain.net>
The handleUpdate method was deprecated when profiles were introduced (see eclipse-archived/smarthome#4108).
Instead the "follow profile" can be used which forwards item updates as commands to handlers.
This profile works with any binding instead of only those that implement the handleUpdate method.
Related to #1408
Signed-off-by: Wouter Born <github@maindrain.net>
* Fix item channel links not properly initialized
* Add ChannelLinkNotifierOSGiTest
* Send at most one channelLinked event per linked thing channel when activating ChannelLinkNotifier
* Send channelUnlinked event only if all items are unlinked
* Use Registry stream instead of getAll
Fixes#1596
Signed-off-by: Wouter Born <github@maindrain.net>
Removes:
* ConfigOptionProvider.getParameterOptions(URI, String, Locale) (see also #1541)
* DiscoveryListener.removeOlderResults(DiscoveryService, long, Collection<ThingTypeUID>)
Related to #1408
Signed-off-by: Wouter Born <github@maindrain.net>
The path is incorrect because a bug was introduced in #1650.
This results in the MapTransformationServiceTest failing so it was disabled in openhab/openhab-addons#8519.
Signed-off-by: Wouter Born <github@maindrain.net>
The rules are often not instantiated within 5 seconds.
On a Raspberry Pi 3B it can take 12 seconds before rules are instantiated.
The code has also been improved with proper null annotations.
Related to #1637
Signed-off-by: Wouter Born <github@maindrain.net>
Also added "org.eclipse.jdt.annotation" to the test BOM so we can use "org.eclipse.jdt.annotation.Checks" in itests.
That class has many useful methods that help with writing more readable test code when using the Eclipse JDT null analysis annotations.
After running the resolver on the itests a lot of bundles were removed from the itest.bndrun files.
Signed-off-by: Wouter Born <github@maindrain.net>
Currently the AuthFilter will try to find a token in the
X-OPENHAB-TOKEN HTTP header - only when it finds a cookie
named X-OPENHAB-AUTH-HEADER. It can cause problems because
browsers or proxies might block the cookie from being sent
for various reasons (for instance if there's a path set
for it).
There is no downside IMHO to always try to fallback to
checking the X-OPENHAB-TOKEN header for a token, if and
only if it's not already provided in the Authorization
header. It is the responsibility of the client to decide
how it wants to authorize the request among the available
options - by checking a cookie, or something else entirely.
Also removed the '?api_key=' option because Swagger UI
doesn't provide tokens that way anymore.
Signed-off-by: Yannick Schaus <github@schaus.net>
The ResponseBuilder's "encoding()" function sets the http header "Content-Encoding", which is used to compress the media type and not to specify the character encoding.
Signed-off-by: Paul Vogel <pavog@users.noreply.github.com>
* Use Streams for filtering, mapping and checking predicates
* Add exception to warnings/errors when debug logging is enabled
* Use final featuresService field so method arguments can be removed
Fixes#1486
Signed-off-by: Wouter Born <github@maindrain.net>
The changes in #1614 caused null analysis errors in CommunicationManager.createCallback and caused unnecessary null check warnings in ProfileCallbackImpl.
Signed-off-by: Wouter Born <github@maindrain.net>
Closes https://github.com/openhab/openhab-webui/issues/309.
This only honors the scheme as reported by the `prefers-color-scheme` CSS media feature, i.e. local overrides for the main UI are not taken into account.
Tweak submit button styles to mimic the main UI's desktop theme.
Signed-off-by: Yannick Schaus <github@schaus.net>
* Migrates all tests to the JUnit 5 Jupiter API
* Updates bnd to 5.1.2
* Updates maven-surefire-plugin to 3.0.0-M5
* Updates Mockito to 3.4.6
* Updates Hamcrest to 2.2
* Removes org.openhab.core.boot POM dependencies
Signed-off-by: Wouter Born <github@maindrain.net>
This adds basic information about the runtime in the response
to the root `/rest` API resource, mostly for display purposes
by UIs: the version, build string and the location of the
configuration and user data folders.
Signed-off-by: Yannick Schaus <github@schaus.net>
The getAll() method in the ConfigDescriptionResource does not have a nickname set in its ApiOperation annotation.
Swagger uses the method name (getAll) as default operationId which is not unique.
Signed-off-by: Paul Vogel <pavog@users.noreply.github.com>
In order to change to a valid type since the documentation suggests "Valid values are "List", "Set" or "Map". Any other value will be ignored.".
Signed-off-by: Paul Vogel <pavog@users.noreply.github.com>
In order to change to a valid type since the documentation suggests "Valid values are "List", "Set" or "Map". Any other value will be ignored.".
Signed-off-by: Paul Vogel <pavog@users.noreply.github.com>
Replaces the way an array is declared with the way "prefered for java", because the [] is part of the TYPE and not the NAME.
Signed-off-by: Paul Vogel <pavog@users.noreply.github.com>
In order to change to a valid type since the documentation suggests "Valid values are "List", "Set" or "Map". Any other value will be ignored.".
Signed-off-by: Paul Vogel <pavog@users.noreply.github.com>
