Related to #1791
Also-by: Christoph Weitkamp <github@christophweitkamp.de>
Also-by: Mark <m.stroeve@appsoftware.nl>
Signed-off-by: Laurent Garnier <lg.hc@free.fr>
I can't think of a good reason why listing things or querying their status should be allowed for users.
The things layer should only be of concern to admins IMHO.
As noted here: https://community.openhab.org/t/oh3-will-list-all-your-things-even-if-you-are-not-logged-in/108006/3
passwords and other sensible information in configuration could end up being exposed without auth required.
Signed-off-by: Yannick Schaus <github@schaus.net>
Remove the groupname from the members if the group item is removed.
This is implemented in the ManagedItemProvider.
Fixes#1785Fixes#1392
Signed-off-by: Simon Lamon <simonlamon93@hotmail.com>
The /things, /rules, /ui/components endpoints retrieve all objects
in their entirety, which can become very big, i.e. channels, config
parameters, script rule modules or trees of UI components can
quickly add up to the size.
When the UI simply displays a list of those objects it retrieves all
this extra information but does nothing with it.
This introduces an optional ?summary=true query parameter for the
above resources to limit the output to pre-defined fields which are
deemed most relevant for displaying these lists, omitting the rest.
When the option is not set, the behavior remains unchanged so this
change is not API breaking. The API version has therefore not been
incremented. The client is responsible for adding the option to
retrieve summarized collections instead of the entire objects.
Signed-off-by: Yannick Schaus <github@schaus.net>
This should fix the issue reported here:
https://community.openhab.org/t/openhab-3-0-milestone-2-discussion/107564/8
where the Nashorn script engine would be created with the
current thread's class loader, causing JS code like this:
```
var Log = Java.type("org.openhab.core.model.script.actions.Log");
Log.logError("Experiments", "This is an OH error log");
Log.logWarn("Experiments", "This is an OH warn log");
Log.logInfo("Experiments", "This is an OH info log");
Log.logDebug("Experiments", "This is an OH debug log");
```
to run fine when the rule was triggered but fail to find the Log
class when run from the REST API's `/rest/rules/{ruleUID}/runnow`,
because in that case the generic createScriptEngine implementation
would return script engines using the JAX-RS class loader as the
"app" class loader.
Note:
We also have an opportunity to restrict which classes are exposed
to the script with a ClassFilter to a specific set:
https://docs.oracle.com/javase/8/docs/jdk/api/nashorn/jdk/nashorn/api/scripting/NashornScriptEngineFactory.html#getScriptEngine-java.lang.String:A-java.lang.ClassLoader-jdk.nashorn.api.scripting.ClassFilter-
This could prove useful to mitigate code execution vulnerabilities,
as the script code is modifiable remotely.
Signed-off-by: Yannick Schaus <github@schaus.net>
Some MQTT servers can be quirky, then do not handle Usubscribe request properly.
In this case we have to omit sending it. Introduce a boolean flag, telling
whether the request should be sent or not, and add a public function to set it.
iRobot built-in MQTT server is known to suffer from this problem.
Signed-off-by: Pavel Fedin <pavel_fedin@mail.ru>
These workarounds to prevent false positives can be removed now the EEAs allow for proper null analysis.
Signed-off-by: Wouter Born <github@maindrain.net>
* Added unit test for read-only Number- and String-Items to not return a Selection Element
* Improved usage of 'lastIndexOf'
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
This adds API tokens as a new credential type. Their format is:
`oh.<name>.<random chars>`
The "oh." prefix is used to tell them apart from a JWT access token,
because they're both used as a Bearer authorization scheme, but there
is no semantic value attached to any of the other parts.
They are stored hashed in the user's profile, and can be listed, added
or removed managed with the new `openhab:users` console command.
Currently the scopes are still not checked, but ultimately they could
be, for instance a scope of e.g. `user admin.items` would mean that the
API token can be used to perform user operations like retrieving info
or sending a command, _and_ managing the items, but nothing else -
even if the user has more permissions because of their role (which
will of course still be checked).
Tokens are normally passed in the Authorization header with the Bearer
scheme, or the X-OPENHAB-TOKEN header, like access tokens.
As a special exception, API tokens can also be used with the Basic
authorization scheme, **even if the allowBasicAuth** option is not
enabled in the "API Security" service, because there's no additional
security risk in allowing that. In that case, the token should be
passed as the username and the password MUST be empty.
In short, this means that all these curl commands will work:
- `curl -H 'Authorization: Bearer <token>' http://localhost:8080/rest/inbox`
- `curl -H 'X-OPENHAB-TOKEN: <token>' http://localhost:8080/rest/inbox`
- `curl -u '<token>[:]' http://localhost:8080/rest/inbox`
- `curl http://<token>@localhost:8080/rest/inbox`
2 REST API operations were adding to the AuthResource, to allow
authenticated users to list their tokens or remove (revoke) one.
Self-service for creating a token or changing the password is more
sensitive so these should be handled with a servlet and pages devoid
of any JavaScript instead of REST API calls, therefore for now they'll
have to be done with the console.
This also fixes regressions introduced with #1713 - the operations
annotated with @RolesAllowed({ Role.USER }) only were not authorized
for administrators anymore.
* Generate a unique salt for each token
Reusing the password salt is bad practice, and changing the
password changes the salt as well which makes all tokens
invalid.
Put the salt in the same field as the hash (concatenated
with a separator) to avoid modifying the JSON DB schema.
* Fix API token authentication, make scope available to security context
The X-OPENHAB-TOKEN header now has priority over the Authorization
header to credentials, if both are set.
* Add self-service pages to change password & create new API token
Signed-off-by: Yannick Schaus <github@schaus.net>
* Add rule UID to error message
* Add exception with stacktrace when debug level is enabled
Related to #1734
Signed-off-by: Wouter Born <github@maindrain.net>
(I included these fixes in #1735 but extracted them in a stanalone
PR because it's easier to review and a little more urgent.)
As a result of the refactoring in #1713, the operations annotated with
`@RolesAllowed` containing `Role.USER` are not anymore automatically
considered accessible to all users, regardless of their actual roles.
4 operations are therefore now denied to admins if they only have the
`Role.ADMIN` role, as the first admininistrator is created only with
that role the UI encounters unexpected access denied errors and breaks.
(See https://github.com/openhab/openhab-webui/issues/422).
Closes https://github.com/openhab/openhab-webui/issues/422.
Signed-off-by: Yannick Schaus <github@schaus.net>
* Allow basic authentication to authorize API access
Closes#1699.
Note, this opens a minor security issue that allows an attacker
to brute force passwords by making calls to the API - contrary to
the authorization page, the credentials parsing for the REST API
is stateless & doesn't have a lock mechanism to lock user accounts
after too many failed login attempts.
Signed-off-by: Yannick Schaus <github@schaus.net>
Xtext uses a cache for looking up classes when rules are run.
It also adds a null class value to this cache when a class is not found.
Once a value has entered the cache it will not be updated.
This causes the cache to return the wrong class (or the null value) when
calling static methods on ActionService and ThingActions classes that
were added/updated.
With the changes in this PR Xtext will be configured to use a custom cache
that updates the ActionService and ThingActions class references.
The PR also has a fix for the AnnotatedThingActionModuleTypeProvider not
properly sending ModuleType removed events when all ThingActions
registrations have been removed.
Fixes#1265Fixes#1694
Signed-off-by: Wouter Born <github@maindrain.net>
When one of the engines is unset the ScriptModuleTypeProvider clears all parameter options instead of only those that apply to that engine.
This fixes the Nashorn engine missing from the parameter options on the first openHAB startup.
Signed-off-by: Wouter Born <github@maindrain.net>
Catch specific exceptions and don't log errors but instead add an appropriate message and preserve the stacktrace.
Signed-off-by: Wouter Born <github@maindrain.net>
* Prevent IllegalStateException when closing SSE sink
* Simplify code and log exceptions on debug
There seem to be no issues anymore with the exception handling when SSE clients disconnect so simplify the exception handling.
Suppressing exceptions based on error message is also likely to break when new exceptions are added or messages change.
There are also still exceptions that get logged with "failure" but from which the code seems to recover without any issues.
Fixes#1499
Signed-off-by: Wouter Born <github@maindrain.net>
Since there are no more action add-ons in the distribution, I'd suggest to remove these from the `KarafAddonService` so they won't appear in the UI menus.
Signed-off-by: Yannick Schaus <github@schaus.net>
* Fixes bugs (vulnerabilities/performance issues)
* Supports OSGi better
* Prevents illegal reflective access warnings on newer Java versions
* Supports java.time converters
For XStream release notes see: https://x-stream.github.io/changes.html
The XmlDocumentReader which uses XStream has also been modified to configure XStream security to prevent "Security framework of XStream not initialized, XStream is probably vulnerable" warnings.
Signed-off-by: Wouter Born <github@maindrain.net>
Upgrades to:
* Xtext 2.23.0
* Xtend 2.23.0
* LSP 0.9.0
For Xtext release notes see: https://www.eclipse.org/Xtext/releasenotes.html#/releasenotes/2020/09/01/version-2-23-0
The Xtext dependencies are now managed using their BOM which makes it easier to keep them in sync.
Because Xtext depends on a newer ASM version some runtime dependencies were also upgraded:
* ASM 8.0.1
* Pax Web 7.2.15
* XBean 4.17.0
Signed-off-by: Wouter Born <github@maindrain.net>
* Filter empty i18n config parameter options
There are many locales that do not have a country resulting in these empty parameter options.
Related to #1662
Signed-off-by: Wouter Born <github@maindrain.net>
* Add listener to SseBroadcaster so sseEventSinkRemoved events are handled
* Use Instant instead of long for tracking subscription creation times
* Run cleanup every 2 minutes instead of every 5 minutes
Fixes#1674
Signed-off-by: Wouter Born <github@maindrain.net>
This removes the remaining deprecated MQTT transport code which was not part of #1668.
Related to #1408
Signed-off-by: Wouter Born <github@maindrain.net>
The handleUpdate method was deprecated when profiles were introduced (see eclipse-archived/smarthome#4108).
Instead the "follow profile" can be used which forwards item updates as commands to handlers.
This profile works with any binding instead of only those that implement the handleUpdate method.
Related to #1408
Signed-off-by: Wouter Born <github@maindrain.net>
* Fix item channel links not properly initialized
* Add ChannelLinkNotifierOSGiTest
* Send at most one channelLinked event per linked thing channel when activating ChannelLinkNotifier
* Send channelUnlinked event only if all items are unlinked
* Use Registry stream instead of getAll
Fixes#1596
Signed-off-by: Wouter Born <github@maindrain.net>
Removes:
* ConfigOptionProvider.getParameterOptions(URI, String, Locale) (see also #1541)
* DiscoveryListener.removeOlderResults(DiscoveryService, long, Collection<ThingTypeUID>)
Related to #1408
Signed-off-by: Wouter Born <github@maindrain.net>
The path is incorrect because a bug was introduced in #1650.
This results in the MapTransformationServiceTest failing so it was disabled in openhab/openhab-addons#8519.
Signed-off-by: Wouter Born <github@maindrain.net>
The rules are often not instantiated within 5 seconds.
On a Raspberry Pi 3B it can take 12 seconds before rules are instantiated.
The code has also been improved with proper null annotations.
Related to #1637
Signed-off-by: Wouter Born <github@maindrain.net>
Also added "org.eclipse.jdt.annotation" to the test BOM so we can use "org.eclipse.jdt.annotation.Checks" in itests.
That class has many useful methods that help with writing more readable test code when using the Eclipse JDT null analysis annotations.
After running the resolver on the itests a lot of bundles were removed from the itest.bndrun files.
Signed-off-by: Wouter Born <github@maindrain.net>
Currently the AuthFilter will try to find a token in the
X-OPENHAB-TOKEN HTTP header - only when it finds a cookie
named X-OPENHAB-AUTH-HEADER. It can cause problems because
browsers or proxies might block the cookie from being sent
for various reasons (for instance if there's a path set
for it).
There is no downside IMHO to always try to fallback to
checking the X-OPENHAB-TOKEN header for a token, if and
only if it's not already provided in the Authorization
header. It is the responsibility of the client to decide
how it wants to authorize the request among the available
options - by checking a cookie, or something else entirely.
Also removed the '?api_key=' option because Swagger UI
doesn't provide tokens that way anymore.
Signed-off-by: Yannick Schaus <github@schaus.net>
The ResponseBuilder's "encoding()" function sets the http header "Content-Encoding", which is used to compress the media type and not to specify the character encoding.
Signed-off-by: Paul Vogel <pavog@users.noreply.github.com>
* Use Streams for filtering, mapping and checking predicates
* Add exception to warnings/errors when debug logging is enabled
* Use final featuresService field so method arguments can be removed
Fixes#1486
Signed-off-by: Wouter Born <github@maindrain.net>
The changes in #1614 caused null analysis errors in CommunicationManager.createCallback and caused unnecessary null check warnings in ProfileCallbackImpl.
Signed-off-by: Wouter Born <github@maindrain.net>
Closes https://github.com/openhab/openhab-webui/issues/309.
This only honors the scheme as reported by the `prefers-color-scheme` CSS media feature, i.e. local overrides for the main UI are not taken into account.
Tweak submit button styles to mimic the main UI's desktop theme.
Signed-off-by: Yannick Schaus <github@schaus.net>
* Migrates all tests to the JUnit 5 Jupiter API
* Updates bnd to 5.1.2
* Updates maven-surefire-plugin to 3.0.0-M5
* Updates Mockito to 3.4.6
* Updates Hamcrest to 2.2
* Removes org.openhab.core.boot POM dependencies
Signed-off-by: Wouter Born <github@maindrain.net>
This adds basic information about the runtime in the response
to the root `/rest` API resource, mostly for display purposes
by UIs: the version, build string and the location of the
configuration and user data folders.
Signed-off-by: Yannick Schaus <github@schaus.net>
The getAll() method in the ConfigDescriptionResource does not have a nickname set in its ApiOperation annotation.
Swagger uses the method name (getAll) as default operationId which is not unique.
Signed-off-by: Paul Vogel <pavog@users.noreply.github.com>
In order to change to a valid type since the documentation suggests "Valid values are "List", "Set" or "Map". Any other value will be ignored.".
Signed-off-by: Paul Vogel <pavog@users.noreply.github.com>
In order to change to a valid type since the documentation suggests "Valid values are "List", "Set" or "Map". Any other value will be ignored.".
Signed-off-by: Paul Vogel <pavog@users.noreply.github.com>
Replaces the way an array is declared with the way "prefered for java", because the [] is part of the TYPE and not the NAME.
Signed-off-by: Paul Vogel <pavog@users.noreply.github.com>
In order to change to a valid type since the documentation suggests "Valid values are "List", "Set" or "Map". Any other value will be ignored.".
Signed-off-by: Paul Vogel <pavog@users.noreply.github.com>
* Fix for handling inverted cron ranges
This fix adds support for inverted cron ranged. For example SUN-WEN.
It also works all ranges and also with additional increments.
Closes#1516
Signed-off-by: Hilbrand Bouwkamp <hilbrand@h72.nl>
It is easier to use the ConfigurableService properties when it's possible to annotate classes using a ComponentPropertyType.
Signed-off-by: Wouter Born <github@maindrain.net>
* Migrate to JAX-RS Whiteboard
* Upgrade Jackson and Swagger TP feature dependencies
The upstream JAX-RS Whiteboard feature is not used because the version ranges currently do not work with Karaf on Windows.
See: https://issues.apache.org/jira/browse/KARAF-6536
* Update Felix logback to 1.0.2
This version adds the jul-to-slf4j bridge (FELIX-6027).
JUL is used by CXF and using the bridge we can use logback to reduce the verbosity of the info logging whenever org.apache.cxf.endpoint.ServerImpl creates endpoints.
* Update Aries Whiteboard to 1.0.8
* Removes the hated default web application (ARIES-1931)
* Improves performance
* Uses CXF 3.2.12
* Don't reuse SSE event builders
SSE event builders are not thread-safe.
It also causes the wrong default values being used.
Also-by: Markus Rathgeb <maggu2810@gmail.com>
Signed-off-by: Wouter Born <github@maindrain.net>
* Improve SerialPortManager.getIdentifiers() JavaDoc
The current JavaDocs do not clearly state that it does not always return all identifiers.
E.g. it will not return any RFC2217 identifiers or undiscovered RXTX port identifiers.
So it should not be used to search for an identifier when the serial port name is known.
This method is useful for listing available port options in UIs and logging.
Signed-off-by: Wouter Born <github@maindrain.net>
The first version of nrjavaserial with OSGi manifest entries is 3.12.0.
The interface has not changed and is still the same with nrjavaserial 5.x.
So using 3.12.0 as compile time dependency and defining a [3.12,6) version range using bnd.bnd files allows for maximum flexibility.
Signed-off-by: Wouter Born <github@maindrain.net>
Previously, the state values were compared only if the item state was instanceof DecimalType
which did not work for channels that had a dimension specifier, such as Type:Length. The itemState
instance was of type QuantityType<Quantity<BigDecimal>> and therefore was never compared in the rules
Signed-off-by: Sebastian Irimia <aisebastian@yahoo.com>
* Remove deprecated `TrustManagerProvider`
It was deprecated since the introduction of the `ExtensibleTrustManager` (https://github.com/eclipse/smarthome/pull/6281).
Related to #1408
Signed-off-by: Wouter Born <github@maindrain.net>
* Add and fix more null annotations
* Add more @NonNullByDefault and @Nullable annotations
* Remove unnecessary @NonNull annotations
* Fix a few other trivial SAT issues
* Add constructor injection for MDNSDiscoveryService
Signed-off-by: Wouter Born <github@maindrain.net>
* Clarify return values for implementation
* Dynamic state/command provider should not return original descritpion
* Added ERROR log message
* Added integration test for CommandDescriptionProvider
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
* Added API for ScriptEngineFactory implementations to pull presets
Existing API only allows engine factory implementors to request presets are pushed into existing scopes, rather than returning them directory, so that they can be bound into module or library systems. This change allows implementors to capture the presets requested (and potentially ignore any pushed), and therefore expose them via idiomatic import mechanisms for the language being implemented
Signed-off-by: Jonathan Gilbert <jpg@trillica.com>
For ESH it made sense to use this but nowadays these UIs are no longer part of openhab-core and the demo app used for development is in openhab-distro.
Furthermore it provides links to UIs that are no longer part of OH3, uses ESH logos and the new Default UI is also using / so it throws exceptions.
See: https://github.com/openhab/openhab-distro/pull/1084#issuecomment-596226652
Signed-off-by: Wouter Born <github@maindrain.net>
* removed ThingLinkManager and with it the auto-linking feature and "Simple Mode"
Signed-off-by: Kai Kreuzer <kai@openhab.org>
* removed feature from REST API as well
Signed-off-by: Kai Kreuzer <kai@openhab.org>
* removed tests
Signed-off-by: Kai Kreuzer <kai@openhab.org>
* fixed default service pid and removed esh traces in service configuration
* fixed default service.cfg location
Signed-off-by: Kai Kreuzer <kai@openhab.org>
This fixes a NPE which occurs when a ItemStateChangedEvent
is broadcasted by the ItemStatesSseBroadcaster while some
SseStateEventOutputs haven't initialized their list of
tracked items.
Signed-off-by: Yannick Schaus <github@schaus.net>
* Metadata-based state & command description providers
Implements #1185.
These providers will look into item metadata, which
can be managed by UIs with the API, to set or override
the item's state description (pattern, options, read
only...) or command description.
Signed-off-by: Yannick Schaus <github@schaus.net>
* UI component registries initial implementation
This is an initial implementation of #1355.
It was simple enough to make to be proposed as
a PR already without waiting for remarks on the RFC.
The SitemapProvider for the `system:sitemap`
namespace as described in #1355 is not part of
this PR.
Signed-off-by: Yannick Schaus <github@schaus.net>
* Fix bug in ChannelDTOMapper
* Add AutoUpdatePolicy to ChannelDTO
Also-by: Christoph Weitkamp <github@christophweitkamp.de>
Signed-off-by: Simon Lamon <simonlamon93@hotmail.com>
When a thing is enabled, the `ThingManagerImpl` takes care of calling `ThingHandler#initialize()`.
That makes totally sense if the thing was disabled before. However, if `setEnabled(thingUID, true)` is called for a thing which was already enabled, it causes an additional initialization.
Since concurrent hanlder initializations may cause trouble, it is safer to prevent this. Therefore enabling a thing (including starting its thing handler) should only be performed if the thing is disabled.
Signed-off-by: Michael Reitler <michael.dicke@smail.inf.h-brs.de>
* var and varh were missing
* var is basically an alternate form of WATT
* kvarh was incorrectly marked as a division between kvar and hour
* Volt-Ampere added to the units
This unit for apparent power in an electrical circuit. Useful for smart meters and solar inverters.
Signed-off-by: Nagy Attila Gabor <mrbig@sneaker.hu>
* [voice] Simplify lifecycle by using constructor injection
* Removed usage of org.apache.commons.lang.ArrayUtils
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
* Added public method to remove all members from a group
* Spelling in itest method names
* File encoding
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
* replaced Joda Time by Java Time
Signed-off-by: Kai Kreuzer <kai@openhab.org>
* removed joda from target platform feature
Signed-off-by: Kai Kreuzer <kai@openhab.org>
* updated tests
Signed-off-by: Kai Kreuzer <kai@openhab.org>
* fixed persistence extension tests
Signed-off-by: Kai Kreuzer <kai@openhab.org>
* Minor code improvements; Added nullness annotations to ThingActions and ThingHandlerService
* Revert renaming of 'thingRegistry' property
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
These filters help reduce payloads for UIs which
retrieve ad-hoc information rather than maintaining
a global state.
Signed-off-by: Yannick Schaus <github@schaus.net>
* Refactor dashboard tiles into core
Move the tile concept from the dashboard UI to the
org.openhab.core.ui bundle, and add a REST resource
(/rest/ui/tiles) to retrieve the list of tiles i.e.
registered UIs.
Signed-off-by: Yannick Schaus <github@schaus.net>
contains + get will do its job as long as all collection access uses the
same synchronization locks and as long as every put ensures there will
never by a null value be inserted.
If the map implementation checks if a key is available, we can also get
the value already (IMHO there is no need for the overhead to first
lookup if the key is present and after that is checked, we call the get
function). It should be better to get the value and check if it differs
from null.
Signed-off-by: Markus Rathgeb <maggu2810@gmail.com>
* slf4j logging: remove not needed object array creation
* remove explicit `toString()` calls and check if debug is enabled
Signed-off-by: Markus Rathgeb <maggu2810@gmail.com>
These changes prepare for custom ScriptEngineFactories and does not
include any breaking changes.
* Moved AbstractScriptEngineFactory out of internal so that it can be
used by custom factories
* Modified ScriptEngineModuleTypeProvider to include engines from custom
factories
* Cleaned up some logging
Signed-off-by: Scott Rushworth <openhab@5iver.com>
To prevent weak cipher/protocol warnings it's better to not customize the default excluded ciphers and protocols.
The MD5 ciphers have already been excluded by default since Jetty 9.3.11.v20160721.
Fixes#1064
Signed-off-by: Wouter Born <github@maindrain.net>
* Added unit test to cover #1226
* Call 'removeItem()' with item name instead of ThingUID
* Added nullness annotations
* Use constructor injection
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
Make sure Throwables are not be substituted into log messages so they can be formatted according to the logging configuration.
Signed-off-by: Wouter Born <github@maindrain.net>
Using waitForAssert instead of sleeping 10ms makes the tests stable when the system has some load.
Fixes#1139
Signed-off-by: Wouter Born <github@maindrain.net>
Every connection to the LSP server failed because it always threw a org.eclipse.smarthome.model.ide.SitemapIdeSetup NoClassDefFoundError.
Which is caused by the SitemapIdeSetup residing in a package that is split between both the org.openhab.core.model.item.ide and the org.openhab.core.model.sitemap.ide bundles.
The SitemapIdeSetup class is also using classes from the org.eclipse.smarthome.model package which is also a package split between the org.openhab.core.model.items and org.openhab.core.model.sitemap bundles.
After renaming the packages used for the sitemap classes the NoClassDefFoundError is resolved and LSP works properly again.
Many imports were updated for the sitemap model package changes.
Fixes#1030
Signed-off-by: Wouter Born <github@maindrain.net>
Fixes SAT errors/warnings in resources and tests reported by SAT 0.8.0-SNAPSHOT.
Related to openhab/static-code-analysis#363
Signed-off-by: Wouter Born <github@maindrain.net>
* Added "resources" folder as a resource folder to bnd instructions
Co-Authored-By: Wouter Born <github@maindrain.net>
Signed-off-by: Kai Kreuzer <kai@openhab.org>
* Added nullness annotations to o.o.c.binding.xml
* Use local variables
* Removed unuused import
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
* Added contructor injection to thing xml
* Removed Nullable from getChannels and getChannelGroups
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
* Added nullness annotations to 'RuleTemplateI18nUtil'
* Added nullness annotations to 'ConfigDescriptionGroupI18nUtil'
* Moved 'ConfigDescriptionI18nUtil' into internal package
* Moved 'ConfigDescriptionGroupI18nUtil' into internal package
* Moved 'ThingTypeI18nUtil' into internal package
* Use 'ConfigI18nLocalizationService' instead of 'ConfigDescriptionI18nUtil'
* Use default labels / descriptions if application of localization is not successful
* Resolved itest.bndrun files
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
Adds null annotations to all registries, the interfaces they implement and a few other classes.
Also-by: Christoph Weitkamp <github@christophweitkamp.de>
Signed-off-by: Wouter Born <github@maindrain.net>
* Use !isEmpty() instead of "size() > 0" or "size() != 0"
!isEmpty() expresses the intent more clearly and is therefore preferred.
Counting the number of elements can also be an expensive operation e.g. when using linked lists.
Co-Authored-By: Christoph Weitkamp <github@christophweitkamp.de>
Signed-off-by: Wouter Born <github@maindrain.net>
isEmpty() expresses the intent more clearly and is therefore preferred.
Counting the number of elements can also be an expensive operation e.g. when using linked lists.
Signed-off-by: Wouter Born <github@maindrain.net>
* Minor code improvements in profile factory
* Added integration test to check if factory creates all available profiles
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
* Improve ThingTypeXmlProvider exception handling
When a binding such as ZWave has hundereds of ThingTypes it's hard to debug thing type definition issues.
This PR adds a UID (ConfigDescription, ChannelType, ChannelGroupType and ThingType) to the logging so it will be easier to find the root cause of exceptions.
Because the exceptions are caught, an error in one ThingType definition will no longer prevent other perfectly fine ThingTypes to be registered so the impact of definition issues is reduced.
Signed-off-by: Wouter Born <github@maindrain.net>
Activating the PersistentInbox after the mocks are initialized prevents the TimeToLiveCheckingThread calling the storage mock which would cause the exception.
Fixes#1091
Signed-off-by: Wouter Born <github@maindrain.net>
Suppresses the SystemPrintln SAT findings because this class is a Karaf shell command which prints to the console.
Signed-off-by: Wouter Born <github@maindrain.net>
* Changed pid from 'org.eclipse.smarthome.core.i18nprovider' to 'org.eclipse.smarthome.i18n'
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
Fixes wrong names identified by the following rules:
* ConstantNameCheck
* LocalFinalVariableNameCheck
* LocalVariableNameCheck
* StaticVariableNameCheck
Most mismatches identified by the MemberNameCheck have also been fixed except for those where the variables are used in events/DTOs etc which would cause issues.
Signed-off-by: Wouter Born <github@maindrain.net>
Fixes the SAT warning: First javadoc author should have "Initial contribution" contribution description.
Signed-off-by: Wouter Born <github@maindrain.net>
* Move IO HTTP unit tests
All IO HTTP tests are unit tests so there is no need for an itests project.
Signed-off-by: Wouter Born <github@maindrain.net>
* Move thing XML unit tests
Moves the thing XML unit tests from the itests project to the bundle project.
Signed-off-by: Wouter Born <github@maindrain.net>
* Move compat1x unit tests
All compat1x tests are unit tests so there is no need for an itests project.
Signed-off-by: Wouter Born <github@maindrain.net>
* Move model LSP unit tests
All model LSP tests are unit tests so there is no need for an itests project.
Signed-off-by: Wouter Born <github@maindrain.net>
* Move semantics unit tests
All semantics tests are unit tests so there is no need for an itests project.
Signed-off-by: Wouter Born <github@maindrain.net>
* Move transform unit tests
All transform tests are unit tests so there is no need for an itests project.
Signed-off-by: Wouter Born <github@maindrain.net>
* Move UI icon unit tests
All UI icon tests are unit tests so there is no need for an itests project.
Signed-off-by: Wouter Born <github@maindrain.net>
* [OAuth2] redirectURI should be optional on getAccessTokenResponseByAuthorizationCode
The redirectURI should be optional (Nullable) on getAccessTokenResponseByAuthorizationCode as in the JavaDoc is stated (as is stated in the refered specification).
* [OAuth2] Removed redundant NonNull
Signed-off-by: Hilbrand Bouwkamp <hilbrand@h72.nl>
Wait for stop future to complete and fix the NPE that would cause the future not to complete.
When disconnecting the client the callback is null.
Signed-off-by: Wouter Born <github@maindrain.net>
* Fix DateTimeType parsing of strings with 2 nano digits
Some formatters such as the DateTimeFormatter.ISO_LOCAL_DATE_TIME may also output a string containing 2 nano digits which fail to be parsed by DateTimeValue.
* Fix parsing of arbitrary number of nano digits for Java 11
Signed-off-by: Wouter Born <github@maindrain.net>
* Bump SAT version; Fixed high priority findings
* Defined path to feature file to avoid warnings
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
* Use constructor injection to simplify lifecycle
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
* PR extended by ItemStateConverter
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
* Use constructor injection to simplify lifecycle
* Added nullness annotations to PersistenceManager
* Removed declaration with null
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
* Move null annotations between modifiers and variable type
* Remove redundant public modifiers from interfaces where applicable
* Remove redundant `@NonNull` annotations
Signed-off-by: Wouter Born <github@maindrain.net>
Change reference cardinality from MULTIPLE to AT_LEAST_ONE so the serial port provider can be used immediately when ThingHandlers are initialized.
Fixes#937
This would always result in the following logging on startup:
[WARN ] [serial.internal.SerialPortManagerImpl] - No SerialPortProvider found for: /dev/ttyUSB0
Bindings without serial port reconnection logic would need to be manually restarted (Z-Wave Binding).
Signed-off-by: Wouter Born <github@maindrain.net>
If visibility of a sitemap widget that does not have a (valid) item is
changed, 'itemToBeSent' becomes null, in which case we need to omit
filling out 'event.item' and 'event.state' (and keep them as null).
Closes#897
Signed-off-by: Danny Baumann <dannybaumann@web.de>
The project has been replaced by REST publisher and the sources should
be removed by https://github.com/openhab/openhab-core/pull/905
It seems something went wrong.
Let's remove it now!
Signed-off-by: Markus Rathgeb <maggu2810@gmail.com>
* add project for publisher
* add unmodified com.eclipsesource.jaxrs.publisher sources
* modify and use modified publisher
* drop tracker usage (only for custom whitelist by fragments)
* add the new code to new classes and namespace
Also-by: Kai Kreuzer <kai@openhab.org>
Signed-off-by: Markus Rathgeb <maggu2810@gmail.com>
It should not matter if the instructions are split or not.
But if it is splitted the nullness tooling don't know that the stream
after the filter contains only non null elements.
As it should not matter and to make the tooling happy...
Signed-off-by: Markus Rathgeb <maggu2810@gmail.com>
* Get all serial port identifiers by calling RXTX with and without using the gnu.io.rxtx.SerialPorts property
* Filter getSerialPortIdentifiers() stream on distinct port names
* Fix thread safety issues by saving getPortIdentifiers() Enumeration result to new list
Fixes#805
Signed-off-by: Wouter Born <github@maindrain.net>
Newer Jetty versions log warnings when weak cipher suites are configured.
This occurs when using Karaf 4.2.6 with Jetty 9.4.18.v20190429.
See also: https://github.com/eclipse/jetty.project/pull/3050
Signed-off-by: Wouter Born <github@maindrain.net>
* automation: Use constructor injection to simplify lifecycle
* Refactoring of 'DefaultScriptScopeProvider' class
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
If a component should be activated an instance is constructed and that
object is activated.
Let's split the construction and activation logic also if constructor
injection is used.
Signed-off-by: Markus Rathgeb <maggu2810@gmail.com>
* Make sure to always send the correct 'item' member in SSE events.
If a change to item A causes visibility changes to item B, we previously
sent an SSE event for B including the new visibility for B, but included
item and state of A. This leads to client confusion, as it'll update its
internal state for the widget belonging to B with the item state of A.
Make sure to always send the item for B and to omit state in that case.
Closes#690
Signed-off-by: Danny Baumann <dannybaumann@web.de>
* Travis CI: check POM convention
We could use Travis CI to execute some checks in front of the normal
build.
This change adds a check if the POM files follow our POM conventions.
If something fails, it show which files violates the convention and the
command that should be executed to fix the situation.
For example if the base POM file breaks the convention:
At least one POM file breaks the convention, please use sortpom to fix the POM file(s).
modified: pom.xml
You should run the following command in the root directory of your working copy:
mvn com.github.ekryd.sortpom:sortpom-maven-plugin:sort -Dsort.keepBlankLines=true -Dsort.createBackupFile=false -Dsort.predefinedSortOrder=recommended_2008_06
* add sortpom plugin to verify phase
* do not use dependency reduced pom (use scope)
Signed-off-by: Markus Rathgeb <maggu2810@gmail.com>
The current rule registry implementation provides a configuration for
the "rule reinitialization delay". That configuration is not used by the
rule registry itself but used by the rule engine implementation.
This required the rule engine implementation to contain a special code
path that checks if the injected rule registry is an instance of that
special implementation to access that configuration parameter.
As the configuration is not used by the registry itself, it does not
make sense that it is a configuration of that component.
If the rule engine (at least this special implementation) would like to
use a configurable parameter, it should be part of that specific
component implementation.
Signed-off-by: Markus Rathgeb <maggu2810@gmail.com>
After the bump of Paho from 1.2.0 to 1.2.1 the library enables the https
hostname verification.
This breaks compatibility with current consumers.
Connections cannot be established anymore.
We disable the https hostname verification to keep the old behaviour.
We should add an API so the hostname verification can be enabled if
desired.
This also makes the version 1.2.1 the lower version limit as we need to
use the API to disable the verification internally.
Related to: https://github.com/openhab/openhab-core/issues/815
Signed-off-by: Markus Rathgeb <maggu2810@gmail.com>
The antlr generator has been downloaded by a specific download maven
plugin at build time.
Instead of calling the plugin goals it would be much simpler to add the
downloaded file to the repository (I assume it has been not possible on
the Eclipse repository before).
Another benefit would be the IDE integration as the IDE does not need to
know if the plugin needs to be executed or not...
The provided antlr generator has been taken from:
http://download.itemis.com/antlr-generator-3.2.0-patch.jar
Signed-off-by: Markus Rathgeb <maggu2810@gmail.com>
We should not remove entries (so keys) from the map while we are using
the key set (a view) of that map (see JavaDoc: otherwise "results of the
iteration undefined").
Signed-off-by: Markus Rathgeb <maggu2810@gmail.com>
There is a recommended ordering for all Maven POM files.
See: https://maven.apache.org/developers/conventions/code.html
The POM files has been "fixed" by using the "sortpom-maven-plugin".
The blank lines has been kept to keep the element separation for
readability.
The plugin also fixes indentation etc.
Have a look at: https://github.com/Ekryd/sortpom/wiki
The profile has been set to "recommended_2008_06" that states:
The POM Code Convention that was chosen by Maven developers in 2008
Command that has been executed:
mvn \
com.github.ekryd.sortpom:sortpom-maven-plugin:sort \
-Dsort.keepBlankLines=true \
-Dsort.predefinedSortOrder=recommended_2008_06
Signed-off-by: Markus Rathgeb <maggu2810@gmail.com>
The singleton instance of "Diagnostician" is used without
synchronization.
The singleton "Diasnostician" instance is using the singleton
"EValidator.Registry" instance (without synchronization).
In very rare high load situations there has been CME detected.
My first "solution" has been to synchronize the access of
Diagnostician's instance method by using
```java
synchronized (Diagnostician.INSTANCE) {
...
```
But after realize that EMF is using internally other singletons I tried
to find any information about EMF and thread safety.
I found this one: https://javahacks.net/2016/07/13/emf-thread-safety/
EMF models are not thread-safe by default and writing multithreaded
applications is not that simple.
The more complex our application became, the more often we got
concurrent modification exceptions and had problems with filtering and
sorting operations.
So, I assume instead of adding synchronizations to our code that is
using EMF (IIRC this has been already done on the ESH hosted code base
long time ago) we should try to execute EMF code in a safe manner.
This implementation adds a "SafeEMF" OSGi service that should be used to
execute EMF code to ensure none code of EMF (or at least the ones that
calls has been migrated to the SafeEMF usage) is accessed by separate
threads at the same time.
Related to: https://github.com/openhab/openhab-core/issues/772
Signed-off-by: Markus Rathgeb <maggu2810@gmail.com>
The member variable "compositeFactory" that holds the
"CompositeModuleHandlerFactory" instance is set in the activation method
by calling the constructor of of "CompositeModuleHandlerFactory".
This reference is destroyed and unset in the deactivate method.
There exists DS managed multiple optional references to
"ModuleHandlerFactory".
The "add" logic does not touch the "compositeFactory" variable.
The "remove" logic checks if the given service reference is a
"CompositeModuleHandlerFactory" and unsets the "compositeFactory" member
variable.
If e.g. a module handler factory is injected that also implements the
CompositeModuleHandlerFactory the CompositeModuleHandlerFactory created
by the activate method is still be used. If that specific module handler
factory is removed again, the variable "compositeFactory" is unset and
there is NO CompositeModuleHandlerFactory present anymore.
There are two options:
* The instance created in the activate method should be used as long as
no other one is injected.
* The instance created in the activate method should be used all the
time.
The whole code base does not contain another specific implementation for
CompositeModuleHandlerFactory, so there is no (at least in openHAB Core)
change that a CompositeModuleHandlerFactory is injected.
So instead of adding a non deterministic usage of "some" composite
module handler factory (which will require a fix of the "set module
handler factory method" and some others), let's drop the buggy code in
the "remove module handler factory" and use the manually created
composite module handler factory all the time.
Signed-off-by: Markus Rathgeb <maggu2810@gmail.com>
There workaround for a servlet implementation lower then 3 can be removed.
After we migrated from ESH to openHAB Core we could set servlet >= 3 as a requirement.
Signed-off-by: Markus Rathgeb <maggu2810@gmail.com>
We should disable the compression regardless if servlet 3 is used or
not. It does not matter which servlet version is used, the client should
receive the messages as soon as possible without compression or
buffering.
You can identify the lost SSE feature as soon as you enable the usage of
Jetty's GzipHandler.
Signed-off-by: Markus Rathgeb <maggu2810@gmail.com>
Currently, the scripts are loaded based on the lexicographical order of
the absolute paths of the scripts. This makes it difficult to control
the load order. This change bases the load order solely on the filename,
as was originally used before
https://github.com/eclipse/smarthome/pull/3855, and preserves the
ability to use scripts with the same filename.
Signed-off-by: Scott Rushworth <openhab@5iver.com>