Commit Graph

1265 Commits

Author SHA1 Message Date
Christoph Weitkamp
91e16e0f80
Print 'ItemChannelLink' configuration in output of console commands (#1794)
* Print ItemChannelLink configuration in output of console commands

Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-11-05 09:22:01 +01:00
Wouter Born
2f2bfde500
Remove Map null annotation workarounds (#1780)
These workarounds to prevent false positives can be removed now the EEAs allow for proper null analysis.

Signed-off-by: Wouter Born <github@maindrain.net>
2020-11-03 22:12:22 +01:00
Wouter Born
0281c10036
[infrastructure] add external null-annotations (#1775)
Add EEAs and fix null analysis errors.

Related to:

* #888
* openhab/openhab-addons#8848

Signed-off-by: Wouter Born <github@maindrain.net>
2020-11-03 21:33:48 +01:00
Christoph Weitkamp
a598fa94f4
Fixed provider comparison (#1792)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-11-03 18:00:28 +01:00
Kai Kreuzer
35b0a1275e
[charts] Add support for QuantityTypes to DefaultChartProvider (#1789)
Fixes #1781

Signed-off-by: Kai Kreuzer <kai@openhab.org>
2020-11-02 10:45:31 +01:00
Kai Kreuzer
5a9c5e7d87
strip unit from historic states (#1782)
Signed-off-by: Kai Kreuzer <kai@openhab.org>
2020-11-01 01:53:02 +01:00
Christoph Weitkamp
5683cc2472
Revert ordering of accepted data types for 'StringItem' (#1776)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-10-30 15:15:03 +01:00
Christoph Weitkamp
25683471e8
Revert ordering of accepted datatypes for StringItem (#1774)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-10-29 08:45:21 +01:00
radicale
ae26ce4618
Fixed typo in class name TrustAllTrustMananger. Will probably require changes in bindings as well. (#1773)
Signed-off-by: Alessandro Radicati <radicale@gmail.com>
2020-10-28 20:42:45 +01:00
Wouter Born
2cfdf1934e
Add .gitattributes (#1767)
Without this configuration there are Spotless issues with line endings on Windows.

See: openhab/openhab-addons#8712

Signed-off-by: Wouter Born <github@maindrain.net>
2020-10-26 22:24:59 +01:00
Kai Kreuzer
749b8f17fe
[automation] Allow dashes in rule file names (#1750)
* Allow dashes in rule file names

Fixes #1728

Signed-off-by: Kai Kreuzer <kai@openhab.org>
2020-10-25 20:19:00 +01:00
Yannick Schaus
3df4403268
[REST Auth] Clear session cookie only when deleting own session (#1758)
Fix https://github.com/openhab/openhab-webui/issues/441

Signed-off-by: Yannick Schaus <github@schaus.net>
2020-10-25 19:52:12 +01:00
Christoph Weitkamp
172ee2f0ad
Replaced static inline declarations by List.of() method (#1755)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-10-25 15:20:30 +01:00
Christoph Weitkamp
acdbdfa4d7
[ui] Added unit test for read-only Number- and String-Items to not return a Selection Element (#1754)
* Added unit test for read-only Number- and String-Items to not return a Selection Element
* Improved usage of 'lastIndexOf'

Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-10-25 12:11:17 +01:00
Christoph Weitkamp
8744bc10fe
[cache] Added 'ByteArrayFileCache' (#1723)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-10-25 12:06:30 +01:00
Yannick Schaus
8b52cab5ef
[REST Auth] API tokens & openhab:users console command (#1735)
This adds API tokens as a new credential type. Their format is:
`oh.<name>.<random chars>`

The "oh." prefix is used to tell them apart from a JWT access token,
because they're both used as a Bearer authorization scheme, but there
is no semantic value attached to any of the other parts.

They are stored hashed in the user's profile, and can be listed, added
or removed managed with the new `openhab:users` console command.

Currently the scopes are still not checked, but ultimately they could
be, for instance a scope of e.g. `user admin.items` would mean that the
API token can be used to perform user operations like retrieving info
or sending a command, _and_ managing the items, but nothing else -
even if the user has more permissions because of their role (which
will of course still be checked).

Tokens are normally passed in the Authorization header with the Bearer
scheme, or the X-OPENHAB-TOKEN header, like access tokens.
As a special exception, API tokens can also be used with the Basic
authorization scheme, **even if the allowBasicAuth** option is not
enabled in the "API Security" service, because there's no additional
security risk in allowing that. In that case, the token should be
passed as the username and the password MUST be empty.

In short, this means that all these curl commands will work:
- `curl -H 'Authorization: Bearer <token>' http://localhost:8080/rest/inbox`
- `curl -H 'X-OPENHAB-TOKEN: <token>' http://localhost:8080/rest/inbox`
- `curl -u '<token>[:]' http://localhost:8080/rest/inbox`
- `curl http://<token>@localhost:8080/rest/inbox`

2 REST API operations were adding to the AuthResource, to allow
authenticated users to list their tokens or remove (revoke) one.
Self-service for creating a token or changing the password is more
sensitive so these should be handled with a servlet and pages devoid
of any JavaScript instead of REST API calls, therefore for now they'll
have to be done with the console.

This also fixes regressions introduced with #1713 - the operations
annotated with @RolesAllowed({ Role.USER }) only were not authorized
for administrators anymore.

* Generate a unique salt for each token

Reusing the password salt is bad practice, and changing the
password changes the salt as well which makes all tokens
invalid.

Put the salt in the same field as the hash (concatenated
with a separator) to avoid modifying the JSON DB schema.

* Fix API token authentication, make scope available to security context

The X-OPENHAB-TOKEN header now has priority over the Authorization
header to credentials, if both are set.

* Add self-service pages to change password & create new API token

Signed-off-by: Yannick Schaus <github@schaus.net>
2020-10-25 12:04:40 +01:00
Christoph Weitkamp
dd92288e97
Added nullness annotations, ctor injection (#1747)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-10-24 10:08:38 +02:00
Christoph Weitkamp
5d75bce553
Sort audio sinks (#1744)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-10-21 23:56:44 +02:00
Wouter Born
584c85a07f
[automation] Improve rule debugging (#1742)
* Add rule UID to error message
* Add exception with stacktrace when debug level is enabled

Related to #1734

Signed-off-by: Wouter Born <github@maindrain.net>
2020-10-20 15:50:25 +02:00
Yannick Schaus
d262b6f5bc
Add missing roles checks (#1739)
(I included these fixes in #1735 but extracted them in a stanalone
PR because it's easier to review and a little more urgent.)

As a result of the refactoring in #1713, the operations annotated with
`@RolesAllowed` containing `Role.USER` are not anymore automatically
considered accessible to all users, regardless of their actual roles.

4 operations are therefore now denied to admins if they only have the
`Role.ADMIN` role, as the first admininistrator is created only with
that role the UI encounters unexpected access denied errors and breaks.
(See https://github.com/openhab/openhab-webui/issues/422).

Closes https://github.com/openhab/openhab-webui/issues/422.

Signed-off-by: Yannick Schaus <github@schaus.net>
2020-10-20 08:20:39 +02:00
Wouter Born
0ac14b9f8f
Fix IAE when enabling debug logging on PersistenceManagerImpl (#1737)
Signed-off-by: Wouter Born <github@maindrain.net>
2020-10-19 22:47:28 +02:00
Christoph Weitkamp
7d70a97b77
Fixed IndexOutOfBoundsException in ScriptModuleTypeProvider (#1730)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-10-19 13:41:58 +02:00
Wouter Born
b2c045d0fe
Fix build by wrapping lines (#1729)
Caused by #1713

Signed-off-by: Wouter Born <github@maindrain.net>
2020-10-19 11:42:26 +02:00
Yannick Schaus
e26c49b9bf
Allow basic authentication to authorize API access (#1713)
* Allow basic authentication to authorize API access

Closes #1699.

Note, this opens a minor security issue that allows an attacker
to brute force passwords by making calls to the API - contrary to
the authorization page, the credentials parsing for the REST API
is stateless & doesn't have a lock mechanism to lock user accounts
after too many failed login attempts.

Signed-off-by: Yannick Schaus <github@schaus.net>
2020-10-18 20:59:51 +02:00
Wouter Born
4c31c0b3ff
Fix issues with configuration PIDs (#1727)
* Fixes warnings about "using different service PIDs"
* Fixes missing default values

Signed-off-by: Wouter Born <github@maindrain.net>
2020-10-18 18:02:13 +02:00
Wouter Born
3d88e91952
Open ProviderTracker asynchronously when activating AbstractRegistry (#1719)
* Open ProviderTracker asynchronously when activating AbstractRegistry

Fixes #890

Signed-off-by: Wouter Born <github@maindrain.net>
2020-10-18 00:31:13 +02:00
Christoph Weitkamp
4ba70778d1
Added validation for relation between ThingUID and BridgeUID (#1704)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-10-17 17:59:34 +02:00
Wouter Born
605c1c238c
Add Automation extension type (#1722)
Signed-off-by: Wouter Born <github@maindrain.net>
2020-10-17 15:08:53 +02:00
Wouter Born
a70dd39a6b
Fix JSR223 JavaScript files not loading (#1725)
This adds a missing feature required for being able to load JSR223 JavaScript rules out of the box.

Signed-off-by: Wouter Born <github@maindrain.net>
2020-10-17 15:03:36 +02:00
Kai Kreuzer
8a3d438c4f
upgraded JmDNS to version 3.5.6 (#1721)
Signed-off-by: Kai Kreuzer <kai@openhab.org>
2020-10-16 12:52:25 +02:00
Kai Kreuzer
5d830d64f0
Fixed missing item resolution of DSL scripts created through the UI (#1720)
Signed-off-by: Kai Kreuzer <kai@openhab.org>
2020-10-15 23:04:30 +02:00
Kai Kreuzer
70fed5a9c2
Fixed initialization of group items with aggregation functions (#1718)
Signed-off-by: Kai Kreuzer <kai@openhab.org>
2020-10-15 23:03:22 +02:00
Kai Kreuzer
e9ffff9f01
Fixed name of measurement systems (#1717)
Signed-off-by: Kai Kreuzer <kai@openhab.org>
2020-10-14 22:46:55 +02:00
Wouter Born
0d1a15ef34
Update ActionService and ThingActions classes in Xtext cache (#1714)
Xtext uses a cache for looking up classes when rules are run.
It also adds a null class value to this cache when a class is not found.

Once a value has entered the cache it will not be updated.
This causes the cache to return the wrong class (or the null value) when
calling static methods on ActionService and ThingActions classes that
were added/updated.

With the changes in this PR Xtext will be configured to use a custom cache
that updates the ActionService and ThingActions class references.

The PR also has a fix for the AnnotatedThingActionModuleTypeProvider not
properly sending ModuleType removed events when all ThingActions
registrations have been removed.

Fixes #1265
Fixes #1694

Signed-off-by: Wouter Born <github@maindrain.net>
2020-10-13 23:17:57 +02:00
Wouter Born
7d8126e89f
Fix ScriptEngine parameter option removal (#1716)
When one of the engines is unset the ScriptModuleTypeProvider clears all parameter options instead of only those that apply to that engine.
This fixes the Nashorn engine missing from the parameter options on the first openHAB startup.

Signed-off-by: Wouter Born <github@maindrain.net>
2020-10-13 23:13:30 +02:00
Connor Petty
a29490a545
Fix and cleanup logging in ExecUtil (#1705)
* Fix and cleanup logging in ExecUtil

Signed-off-by: Connor Petty <mistercpp2000+gitsignoff@gmail.com>
2020-10-11 22:19:42 +02:00
Wouter Born
ab1fa65aa1
Improve JwtHelper exception handling (#1712)
Catch specific exceptions and don't log errors but instead add an appropriate message and preserve the stacktrace.

Signed-off-by: Wouter Born <github@maindrain.net>
2020-10-11 10:03:39 +02:00
Wouter Born
23e8f18e7f
Use openhab-addons-deps Maven repository for all Xtext Orbit bundle dependencies (#1711)
Fixes #960

Signed-off-by: Wouter Born <github@maindrain.net>
2020-10-11 09:58:51 +02:00
Kai Kreuzer
351fcb1852
Include measurement system in REST root resource (#1710)
Signed-off-by: Kai Kreuzer <kai@openhab.org>
2020-10-10 20:04:25 +02:00
Wouter Born
76f51026aa
Simplify core features to prevent unnecessary bundle refreshes (#1709)
It seems that when multiple features install the same bundle it may cause Karaf to refresh bundles when (un)installing features.
When the (redundant) openhab-core-automation feature is removed and the serial dependencies are merged into the openhab-transport-serial feature these restarts due these bundle refreshes no longer occur.

Fixes #1322, #1354

Signed-off-by: Wouter Born <github@maindrain.net>
2020-10-10 18:24:13 +02:00
Wouter Born
159aefffa5
Remove unused DBus Transport (#1708)
Related to #960

Signed-off-by: Wouter Born <github@maindrain.net>
2020-10-10 08:08:22 +02:00
Connor Petty
0dfda1e7f6
Make ExecUtil more robust (#1700)
Signed-off-by: Connor Petty <mistercpp2000+gitsignoff@gmail.com>
2020-10-08 18:38:04 +02:00
Christoph Weitkamp
c4b76a0ad1
Added action for 'isBankHoliday(<file>)' (#1703)
Signed-off-by: Christoph Weitkamp <github@christophweitkamp.de>
2020-10-07 22:03:15 +02:00
Wouter Born
1edf25b4f9
Prevent IllegalStateException when closing SSE sink (#1698)
* Prevent IllegalStateException when closing SSE sink
* Simplify code and log exceptions on debug

There seem to be no issues anymore with the exception handling when SSE clients disconnect so simplify the exception handling.
Suppressing exceptions based on error message is also likely to break when new exceptions are added or messages change.
There are also still exceptions that get logged with "failure" but from which the code seems to recover without any issues.

Fixes #1499

Signed-off-by: Wouter Born <github@maindrain.net>
2020-10-07 20:20:52 +02:00
Wouter Born
44b1823e97
Fix two typos (#1691)
Signed-off-by: Wouter Born <github@maindrain.net>
2020-10-05 09:03:27 +02:00
Yannick Schaus
b7a764f358
Remove actions from available add-on types (#1690)
Since there are no more action add-ons in the distribution, I'd suggest to remove these from the `KarafAddonService` so they won't appear in the UI menus.

Signed-off-by: Yannick Schaus <github@schaus.net>
2020-10-04 22:38:42 +02:00
Wouter Born
6a55834c63
Remove Jackson 1.x compile dependency (#1689)
It doesn't seem to be used by anything and it is also not part of the target platform.

Signed-off-by: Wouter Born <github@maindrain.net>
2020-10-04 21:19:38 +02:00
Wouter Born
d1629e50f3
Upgrade to XStream 1.4.13 (#1688)
* Fixes bugs (vulnerabilities/performance issues)
* Supports OSGi better
* Prevents illegal reflective access warnings on newer Java versions
* Supports java.time converters

For XStream release notes see: https://x-stream.github.io/changes.html

The XmlDocumentReader which uses XStream has also been modified to configure XStream security to prevent "Security framework of XStream not initialized, XStream is probably vulnerable" warnings.

Signed-off-by: Wouter Born <github@maindrain.net>
2020-10-04 19:56:44 +02:00
Wouter Born
abd2630777
Upgrade Xtext/Xtend to 2.23.0 and LSP 0.9.0 (#1685)
Upgrades to:

* Xtext 2.23.0
* Xtend 2.23.0
* LSP 0.9.0

For Xtext release notes see: https://www.eclipse.org/Xtext/releasenotes.html#/releasenotes/2020/09/01/version-2-23-0

The Xtext dependencies are now managed using their BOM which makes it easier to keep them in sync.

Because Xtext depends on a newer ASM version some runtime dependencies were also upgraded:

* ASM 8.0.1
* Pax Web 7.2.15
* XBean 4.17.0

Signed-off-by: Wouter Born <github@maindrain.net>
2020-10-04 12:27:58 +02:00
Hilbrand Bouwkamp
11935a8ad8
Removed obsolete guava dependencies from feature files (#1682)
Signed-off-by: Hilbrand Bouwkamp <hilbrand@h72.nl>
2020-10-03 12:37:23 +02:00