Commit Graph

191 Commits

Author SHA1 Message Date
Christoph Weitkamp
8744bc10fe
[cache] Added 'ByteArrayFileCache' (#1723)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-10-25 12:06:30 +01:00
Yannick Schaus
8b52cab5ef
[REST Auth] API tokens & openhab:users console command (#1735)
This adds API tokens as a new credential type. Their format is:
`oh.<name>.<random chars>`

The "oh." prefix is used to tell them apart from a JWT access token,
because they're both used as a Bearer authorization scheme, but there
is no semantic value attached to any of the other parts.

They are stored hashed in the user's profile, and can be listed, added
or removed managed with the new `openhab:users` console command.

Currently the scopes are still not checked, but ultimately they could
be, for instance a scope of e.g. `user admin.items` would mean that the
API token can be used to perform user operations like retrieving info
or sending a command, _and_ managing the items, but nothing else -
even if the user has more permissions because of their role (which
will of course still be checked).

Tokens are normally passed in the Authorization header with the Bearer
scheme, or the X-OPENHAB-TOKEN header, like access tokens.
As a special exception, API tokens can also be used with the Basic
authorization scheme, **even if the allowBasicAuth** option is not
enabled in the "API Security" service, because there's no additional
security risk in allowing that. In that case, the token should be
passed as the username and the password MUST be empty.

In short, this means that all these curl commands will work:
- `curl -H 'Authorization: Bearer <token>' http://localhost:8080/rest/inbox`
- `curl -H 'X-OPENHAB-TOKEN: <token>' http://localhost:8080/rest/inbox`
- `curl -u '<token>[:]' http://localhost:8080/rest/inbox`
- `curl http://<token>@localhost:8080/rest/inbox`

2 REST API operations were adding to the AuthResource, to allow
authenticated users to list their tokens or remove (revoke) one.
Self-service for creating a token or changing the password is more
sensitive so these should be handled with a servlet and pages devoid
of any JavaScript instead of REST API calls, therefore for now they'll
have to be done with the console.

This also fixes regressions introduced with #1713 - the operations
annotated with @RolesAllowed({ Role.USER }) only were not authorized
for administrators anymore.

* Generate a unique salt for each token

Reusing the password salt is bad practice, and changing the
password changes the salt as well which makes all tokens
invalid.

Put the salt in the same field as the hash (concatenated
with a separator) to avoid modifying the JSON DB schema.

* Fix API token authentication, make scope available to security context

The X-OPENHAB-TOKEN header now has priority over the Authorization
header to credentials, if both are set.

* Add self-service pages to change password & create new API token

Signed-off-by: Yannick Schaus <github@schaus.net>
2020-10-25 12:04:40 +01:00
Wouter Born
4c31c0b3ff
Fix issues with configuration PIDs (#1727)
* Fixes warnings about "using different service PIDs"
* Fixes missing default values

Signed-off-by: Wouter Born <github@maindrain.net>
2020-10-18 18:02:13 +02:00
Wouter Born
3d88e91952
Open ProviderTracker asynchronously when activating AbstractRegistry (#1719)
* Open ProviderTracker asynchronously when activating AbstractRegistry

Fixes #890

Signed-off-by: Wouter Born <github@maindrain.net>
2020-10-18 00:31:13 +02:00
Kai Kreuzer
70fed5a9c2
Fixed initialization of group items with aggregation functions (#1718)
Signed-off-by: Kai Kreuzer <kai@openhab.org>
2020-10-15 23:03:22 +02:00
Kai Kreuzer
e9ffff9f01
Fixed name of measurement systems (#1717)
Signed-off-by: Kai Kreuzer <kai@openhab.org>
2020-10-14 22:46:55 +02:00
Christoph Weitkamp
fc65deca01
Reduced logging level to warn (#1657)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-09-19 16:00:37 +02:00
Kai Kreuzer
fa18610d77
[core] Make logger in QuantityType transient (#1652)
This makes QuantityType serialisable

Fixes #1651

Signed-off-by: Kai Kreuzer <kai@openhab.org>
2020-09-19 09:57:42 +02:00
Christoph Weitkamp
eab9be1410
Removed deprecated constructors and methods from Thing API (#1414)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-09-13 13:53:12 +02:00
Wouter Born
6018348d04
Remove deprecated NetUtil methods (#1622)
Signed-off-by: Wouter Born <github@maindrain.net>
2020-09-06 22:55:05 +02:00
Kai Kreuzer
9070539a1a
Improved add-on installation logic (#1617)
Signed-off-by: Kai Kreuzer <kai@openhab.org>
2020-09-03 12:13:25 +02:00
Wouter Born
057604cc2d
Use new Collection API methods (#1598)
Using the new methods there will be less and more readable code.

Signed-off-by: Wouter Born <github@maindrain.net>
2020-08-22 23:04:11 +02:00
Wouter Born
d5529f0c1b
Fix various deprecations (#1595)
Signed-off-by: Wouter Born <github@maindrain.net>
2020-08-15 10:54:41 +02:00
Wouter Born
7300734585
Use "openhab" event topic prefix (#1587)
Signed-off-by: Wouter Born <github@maindrain.net>
2020-08-11 21:16:49 +02:00
Wouter Born
d3ea6063c0
Migrate to JUnit 5 (#1580)
* Migrates all tests to the JUnit 5 Jupiter API
* Updates bnd to 5.1.2
* Updates maven-surefire-plugin to 3.0.0-M5
* Updates Mockito to 3.4.6
* Updates Hamcrest to 2.2
* Removes org.openhab.core.boot POM dependencies

Signed-off-by: Wouter Born <github@maindrain.net>
2020-08-09 14:36:46 +02:00
Wouter Born
df780f8467
Fix QuantityType.format timezone bug (#1575)
* Fix QuantityType.format timezone bug

Signed-off-by: Wouter Born <github@maindrain.net>
2020-08-01 13:03:01 +02:00
Kai Kreuzer
0f134996f2
removed boot bundle (#1559)
Signed-off-by: Kai Kreuzer <kai@openhab.org>
2020-07-24 13:11:56 +02:00
Paul Vogel
ed21001891
Cleanup tests: Simplify assertEquals with boolean to assertTrue or assertFalse (#1567)
Signed-off-by: Paul Vogel <pavog@users.noreply.github.com>
2020-07-23 22:19:00 +02:00
Kai Kreuzer
8218f44667
[cleanup] refactored Extension to Addon (#1560)
* refactored Extension to Addon

Signed-off-by: Kai Kreuzer <kai@openhab.org>
2020-07-22 21:08:10 +02:00
Paul Vogel
27dcce5207
Replace for-loops and iterators with foreach-loops (#1561)
Signed-off-by: Paul Vogel <pavog@users.noreply.github.com>
2020-07-21 17:40:29 +02:00
Paul Vogel
a00cc871a9
Replace c-style array declaration with java-style array declaration (#1556)
Replaces the way an array is declared with the way "prefered for java", because the [] is part of the TYPE and not the NAME.

Signed-off-by: Paul Vogel <pavog@users.noreply.github.com>
2020-07-20 18:31:03 +02:00
Paul Vogel
d21d9b64e6
Remove unnecessary conversion to string (#1557)
We can remove the explicit conversion to the string, as this is done implicitly.

Signed-off-by: Paul Vogel <pavog@users.noreply.github.com>
2020-07-20 18:29:27 +02:00
Christoph Weitkamp
72c2ee78d1
Moved 'parseState()' method into 'GroupFunctionHelper' and apply only if needed (#1534)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-07-09 23:25:15 +02:00
Hilbrand Bouwkamp
6c935985a6
Fix for cron scheduler handling sunday as number (#1533)
* Fix for cron scheduler handling sunday as number

Closes #1532

Signed-off-by: Hilbrand Bouwkamp <hilbrand@h72.nl>
2020-06-26 17:18:57 +02:00
Christoph Weitkamp
115b3e22f3
Use 'ZoneId.systemDefault()' instead of 'TimeZone.getDefault().toZoneId()' (#1527)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-06-21 14:34:40 +02:00
Christoph Weitkamp
6deb3255ea
Apply TimeFormat for labels of Number:Time items (#1470)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-06-18 22:25:10 +02:00
Christoph Weitkamp
68405036f1
Removed 'Calendar' leftovers (#1522)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-06-14 17:13:28 +02:00
Kai Kreuzer
173c93081d
Replaced "classic" rule engine by a DSLRuleProvider for the NGRE (#1451)
Signed-off-by: Kai Kreuzer <kai@openhab.org>
2020-06-14 10:36:25 +02:00
Christoph Weitkamp
1fddac192b
Removed deprecated contructors and methods (#1500)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-06-13 21:01:06 +02:00
Hilbrand Bouwkamp
e84d01bafe
[core] Fix for handling inverted cron ranges (#1519)
* Fix for handling inverted cron ranges

This fix adds support for inverted cron ranged. For example SUN-WEN.
It also works all ranges and also with additional increments.

Closes #1516

Signed-off-by: Hilbrand Bouwkamp <hilbrand@h72.nl>
2020-06-09 12:32:26 +02:00
Christoph Weitkamp
370feb5404
Added few unit tests! (#1518)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-06-08 21:26:49 +02:00
Kai Kreuzer
d265e16e67
[automation] Added group and system triggers to automation component (#1509)
* Added group and system triggers to automation component

Signed-off-by: Kai Kreuzer <kai@openhab.org>
2020-06-04 07:24:42 +02:00
Chris Jackson
795a19249c
Ensure managed provider is unset by registered provider (#1506)
Signed-off-by: Chris Jackson <chris@cd-jackson.com>
2020-06-01 01:28:25 +02:00
Christoph Weitkamp
907da5064c
Removed unused InstanceCreator implementation (#1502)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-05-27 17:25:03 +02:00
Wouter Born
02b13f5263
Update maven-javadoc-plugin to 3.2.0 (#1494)
Signed-off-by: Wouter Born <github@maindrain.net>
2020-05-23 17:35:13 +02:00
Wouter Born
f3508e4775
Use constructor injection and update null annotations (#1487)
* Use constructor injection and update null annotations

Signed-off-by: Wouter Born <github@maindrain.net>
2020-05-20 17:29:18 +02:00
Christoph Weitkamp
178ffdf9c2
Removed some ESH leftovers (#1468)
* Removed ESH leftovers

Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-05-11 08:41:12 +02:00
Wouter Born
61e17ce39e
Upgrade SAT and Spotless, apply Spotless and enable check (#1446)
* Update SAT and Spotless dependencies
* Apply Spotless and enable check

Signed-off-by: Wouter Born <github@maindrain.net>
2020-04-26 11:15:24 +02:00
Wouter Born
ed4b5ff94b
Reconfigure and apply Spotless (#1442)
Adds a configuration for feature.xml files which will be necessary for https://github.com/openhab/static-code-analysis/pull/375

Also applies the results of running Spotless

Signed-off-by: Wouter Born <github@maindrain.net>
2020-04-23 17:17:12 +02:00
Christoph Weitkamp
d371a34321
Removed dependency on 'org.apache.commons.lang' (#1433)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-04-22 14:32:31 +02:00
Christoph Weitkamp
6b4e54ada3
Removed deprecated 'newItemBuilder' method (#1429)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-04-19 14:51:21 +02:00
Wouter Born
92027ca922
Use .equals() on constants and literals to prevent NPEs (#1420)
* Use .equals() on constants and literals to prevent NPEs

Signed-off-by: Wouter Born <github@maindrain.net>
2020-04-16 07:40:49 +02:00
Wouter Born
6c85b1bccd
Add and fix more null annotations (#1421)
Signed-off-by: Wouter Born <github@maindrain.net>
2020-04-15 01:44:37 +02:00
Christoph Weitkamp
b770bb1b4a
Removed 'StateDescriptionProvider' interface (#1413)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-04-14 21:15:29 +02:00
Wouter Born
fb7a7ac421
Add null annotations to providers and ThingManager (#1412)
* Add null annotations to providers and ThingManager

Signed-off-by: Wouter Born <github@maindrain.net>
2020-04-11 08:29:12 +02:00
J-N-K
70b9355d08
[uom] Fix concurrency issue in state update (#1406)
* Fix concurrency issue in state update

Signed-off-by: Jan N. Klug <jan.n.klug@rub.de>
2020-04-08 19:54:13 +02:00
Wouter Born
945afcdb1a
Add and fix more null annotations (#1407)
* Add and fix more null annotations
* Add more @NonNullByDefault and @Nullable annotations
* Remove unnecessary @NonNull annotations
* Fix a few other trivial SAT issues
* Add constructor injection for MDNSDiscoveryService

Signed-off-by: Wouter Born <github@maindrain.net>
2020-04-06 10:45:39 +02:00
Christoph Weitkamp
1981e548aa
[thing] Dynamic state/command provider should not return original description (#1399)
* Clarify return values for implementation
* Dynamic state/command provider should not return original descritpion
* Added ERROR log message
* Added integration test for CommandDescriptionProvider

Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-04-06 08:49:26 +02:00
Christoph Weitkamp
3cb26ee28a
[storage] Improved JavaDoc (#1409)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-04-06 08:48:20 +02:00
Christoph Weitkamp
259af7aaef
Fix java.lang.UnsupportedOperationException in StateDescriptionFragmentBuilder (#1405)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-04-05 17:53:48 +02:00