Merge pull request #104 from devicehive/hotfix

Hotfix for #102

pom.xml

@@ -7,7 +7,7 @@
     <groupId>com.devicehive</groupId>
     <artifactId>devicehive-server</artifactId>
     <packaging>${packaging.type}</packaging>
-    <version>2.0.6</version>
+    <version>2.0.7</version>
     <name>DeviceHive Java Server</name>
 
     <properties>

src/main/java/com/devicehive/model/Device.java

@@ -47,8 +47,7 @@ public class Device implements HiveEntity {
     private String guid;
     @SerializedName("key")
     @Column
-    @NotNull(message = "key field cannot be null.")
-    @Size(min = 1, max = 64, message = "Field cannot be empty. The length of key should not be more than 64 symbols.")
+    @Size(min = 1, max = 64, message = "Field could be empty. The length of key should not be more than 64 symbols.")
     private String key;
     @SerializedName("name")
     @Column
@@ -178,4 +177,4 @@ public static interface Parameters {
             static final String ID = "id";
         }
     }
-}
+}

src/main/java/com/devicehive/service/DeviceService.java

@@ -13,6 +13,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
 import org.springframework.transaction.annotation.Propagation;
 import org.springframework.transaction.annotation.Transactional;
@@ -84,8 +85,8 @@ public DeviceNotification deviceSaveByUser(DeviceUpdate deviceUpdate,
                                                User user) {
         logger.debug("Device save executed for device: id {}, user: {}", deviceUpdate.getGuid(), user.getId());
         Network network = networkService.createOrUpdateNetworkByUser(deviceUpdate.getNetwork(), user);
-        DeviceClass deviceClass = deviceClassService
-            .createOrUpdateDeviceClass(deviceUpdate.getDeviceClass(), equipmentSet);
+        network = findNetworkForAuth(network);
+        DeviceClass deviceClass = deviceClassService.createOrUpdateDeviceClass(deviceUpdate.getDeviceClass(), equipmentSet);
         Device existingDevice = genericDAO.createNamedQuery(Device.class, "Device.findByUUID", Optional.of(CacheConfig.refresh()))
                 .setParameter("guid", deviceUpdate.getGuid().getValue())
                 .getResultList()
@@ -143,12 +144,11 @@ public DeviceNotification deviceSaveByKey(DeviceUpdate deviceUpdate,
                 .stream().findFirst().orElse(null);
         if (existingDevice != null && !accessKeyService.hasAccessToNetwork(key, existingDevice.getNetwork())) {
             logger.error("Access key {} has no access to device network {}", key, existingDevice.getGuid());
-            throw new HiveException(
-                String.format(Messages.DEVICE_NOT_FOUND, deviceUpdate.getGuid().getValue()), UNAUTHORIZED.getStatusCode());
+            throw new HiveException(String.format(Messages.DEVICE_NOT_FOUND, deviceUpdate.getGuid().getValue()), UNAUTHORIZED.getStatusCode());
         }
         Network network = networkService.createOrVerifyNetworkByKey(deviceUpdate.getNetwork(), key);
-        DeviceClass deviceClass = deviceClassService
-            .createOrUpdateDeviceClass(deviceUpdate.getDeviceClass(), equipmentSet);
+        network = findNetworkForAuth(network);
+        DeviceClass deviceClass = deviceClassService.createOrUpdateDeviceClass(deviceUpdate.getDeviceClass(), equipmentSet);
         if (existingDevice == null) {
             Device device = deviceUpdate.convertTo();
             device.setDeviceClass(deviceClass);
@@ -199,9 +199,9 @@ public DeviceNotification deviceUpdateByDevice(DeviceUpdate deviceUpdate,
             throw new HiveException(String.format(Messages.DEVICE_NOT_FOUND, deviceUpdate.getGuid().getValue()),
                                     UNAUTHORIZED.getStatusCode());
         }
-        if (deviceUpdate.getKey() != null && !device.getKey().equals(deviceUpdate.getKey().getValue())) {
-            logger.error("Device update key {} doesn't equal to the authenticated device key {}",
-                    deviceUpdate.getKey().getValue(), device.getKey());
+        if (deviceUpdate.getKey() != null &&
+                (device.getKey() == null || !device.getKey().equals(deviceUpdate.getKey().getValue()))) {
+            logger.error("Device update key {} doesn't equal to the authenticated device key {}", deviceUpdate.getKey(), device.getKey());
             throw new HiveException(Messages.INCORRECT_CREDENTIALS, UNAUTHORIZED.getStatusCode());
         }
         DeviceClass deviceClass = deviceClassService
@@ -258,7 +258,9 @@ public DeviceNotification deviceSave(DeviceUpdate deviceUpdate,
             genericDAO.persist(device);
             return ServerResponsesFactory.createNotificationForDevice(device, SpecialNotifications.DEVICE_ADD);
         } else {
-            if (deviceUpdate.getKey() == null || !existingDevice.getKey().equals(deviceUpdate.getKey().getValue())) {
+            if (deviceUpdate.getKey() == null ||
+                    existingDevice.getKey() == null ||
+                    !existingDevice.getKey().equals(deviceUpdate.getKey().getValue())) {
                 logger.error("Device update key is null or doesn't equal to the authenticated device key {}", existingDevice.getKey());
                 throw new HiveException(Messages.INCORRECT_CREDENTIALS, UNAUTHORIZED.getStatusCode());
             }
@@ -435,4 +437,33 @@ private List<Device> getDeviceList(List<String> guids, HivePrincipal principal)
         return query.getResultList();
     }
 
-}
+
+    private Network findNetworkForAuth(Network network) {
+        if (network == null) {
+            HivePrincipal principal = (HivePrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
+            User user = findUserFromAuth(principal);
+            if (user != null) {
+                if (!user.isAdmin()) {
+                    Set<Network> userNetworks = userService.findUserWithNetworks(user.getId()).getNetworks();
+                    if (userNetworks.isEmpty()) {
+                        throw new HiveException(Messages.NO_ACCESS_TO_NETWORK, PRECONDITION_FAILED.getStatusCode());
+                    }
+
+                    return userNetworks.iterator().next();
+                }
+            }
+        }
+        return network;
+    }
+
+    private User findUserFromAuth(HivePrincipal principal) {
+        if (principal.getUser() != null) {
+            return principal.getUser();
+        }
+        if (principal.getKey() != null && principal.getKey().getUser() != null)  {
+            return principal.getKey().getUser();
+        }
+        return null;
+    }
+
+}

src/main/resources/db/migration/V2_0_3__102_make_key_nullable.sql

@@ -0,0 +1 @@
+alter table device alter column key drop not null;

src/test/java/com/devicehive/service/DeviceServiceTest.java

@@ -4,13 +4,17 @@
 import com.devicehive.auth.HivePrincipal;
 import com.devicehive.base.AbstractResourceTest;
 import com.devicehive.base.fixture.DeviceFixture;
+import com.devicehive.exceptions.HiveException;
 import com.devicehive.model.*;
 import com.devicehive.model.enums.UserRole;
 import com.devicehive.model.updates.DeviceClassUpdate;
 import com.devicehive.model.updates.DeviceUpdate;
 import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.ExpectedException;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.context.SecurityContextHolder;
 
 import java.net.InetAddress;
 import java.net.UnknownHostException;
@@ -24,18 +28,16 @@
 
 public class DeviceServiceTest extends AbstractResourceTest {
 
+    @Rule
+    public ExpectedException expectedException = ExpectedException.none();
     @Autowired
     private DeviceService deviceService;
-
     @Autowired
     private DeviceNotificationService deviceNotificationService;
-
     @Autowired
     private UserService userService;
-
     @Autowired
     private NetworkService networkService;
-
     @Autowired
     private DeviceClassService deviceClassService;
 
@@ -63,7 +65,9 @@ public void should_save_and_notify_role_device() {
      * using Client role.
      */
     @Test
-    public void should_save_and_notify_role_client() {
+    public void should_throw_HiveException_when_role_client_creates_device_without_network() throws Exception {
+        expectedException.expect(HiveException.class);
+
         final Device device = DeviceFixture.createDevice();
         final DeviceClassUpdate dc = DeviceFixture.createDeviceClass();
         final DeviceUpdate deviceUpdate = DeviceFixture.createDevice(device.getKey(), dc);
@@ -73,11 +77,9 @@ public void should_save_and_notify_role_client() {
         user = userService.createUser(user, "123");
         final HivePrincipal principal = new HivePrincipal(user);
 
-        deviceService.deviceSaveAndNotify(deviceUpdate, Collections.<Equipment>emptySet(), principal);
+        SecurityContextHolder.getContext().setAuthentication(new HiveAuthentication(principal));
 
-        final DeviceNotification existingNotification = deviceNotificationService.find(null, device.getGuid());
-        assertNotNull(existingNotification);
-        assertEquals(device.getGuid(), existingNotification.getDeviceGuid());
+        deviceService.deviceSaveAndNotify(deviceUpdate, Collections.<Equipment>emptySet(), principal);
     }
 
     /**
@@ -96,6 +98,8 @@ public void should_save_and_notify_role_admin() {
         user = userService.createUser(user, "123");
         final HivePrincipal principal = new HivePrincipal(user);
 
+        SecurityContextHolder.getContext().setAuthentication(new HiveAuthentication(principal));
+
         deviceService.deviceSaveAndNotify(deviceUpdate, Collections.<Equipment>emptySet(), principal);
 
         final Device existingDevice = deviceService.getDeviceWithNetworkAndDeviceClass(device.getGuid(), principal);
@@ -122,7 +126,7 @@ public void should_save_and_notify_role_key() throws UnknownHostException {
         user = userService.createUser(user, "123");
 
         final Network network = new Network();
-        network.setName(""+randomUUID());
+        network.setName("" + randomUUID());
         Network created = networkService.create(network);
         assertThat(created.getId(), notNullValue());
         userService.assignNetwork(user.getId(), network.getId());
@@ -165,7 +169,7 @@ public void should_save_and_find_without_permissions() {
         user = userService.createUser(user, "123");
 
         final Network network = new Network();
-        network.setName(""+randomUUID());
+        network.setName("" + randomUUID());
         Network created = networkService.create(network);
         assertThat(created.getId(), notNullValue());
         userService.assignNetwork(user.getId(), network.getId());
@@ -208,14 +212,14 @@ public void should_save_and_find_by_user() throws UnknownHostException {
         user1 = userService.createUser(user1, "123");
 
         final Network network = new Network();
-        network.setName(""+randomUUID());
+        network.setName("" + randomUUID());
         Network created = networkService.create(network);
         assertThat(created.getId(), notNullValue());
         userService.assignNetwork(user.getId(), network.getId());
         deviceUpdate.setNetwork(new NullableWrapper<>(network));
 
         final Network network1 = new Network();
-        network1.setName(""+randomUUID());
+        network1.setName("" + randomUUID());
         Network created1 = networkService.create(network1);
         assertThat(created1.getId(), notNullValue());
         userService.assignNetwork(user1.getId(), network1.getId());
@@ -264,14 +268,14 @@ public void should_save_and_find_by_device_id() throws UnknownHostException {
         user1 = userService.createUser(user1, "123");
 
         final Network network = new Network();
-        network.setName(""+randomUUID());
+        network.setName("" + randomUUID());
         Network created = networkService.create(network);
         assertThat(created.getId(), notNullValue());
         userService.assignNetwork(user.getId(), network.getId());
         deviceUpdate.setNetwork(new NullableWrapper<>(network));
 
         final Network network1 = new Network();
-        network1.setName(""+randomUUID());
+        network1.setName("" + randomUUID());
         Network created1 = networkService.create(network1);
         assertThat(created1.getId(), notNullValue());
         userService.assignNetwork(user1.getId(), network1.getId());
@@ -317,7 +321,7 @@ public void should_save_and_find_by_device_name() {
         deviceService.deviceSave(deviceUpdate1, Collections.<Equipment>emptySet());
         deviceService.deviceSave(deviceUpdate2, Collections.<Equipment>emptySet());
 
-        final List<Device> devices =  deviceService.getList("DEVICE_NAME", null, null, null, null,null,null,null,null,false,null,null,null );
+        final List<Device> devices = deviceService.getList("DEVICE_NAME", null, null, null, null, null, null, null, null, false, null, null, null);
         assertNotNull(devices);
         assertEquals(devices.size(), 1);
         assertEquals(device.getGuid(), devices.get(0).getGuid());
@@ -343,7 +347,7 @@ public void should_save_and_find_by_device_status() {
         deviceService.deviceSave(deviceUpdate1, Collections.<Equipment>emptySet());
         deviceService.deviceSave(deviceUpdate2, Collections.<Equipment>emptySet());
 
-        final List<Device> devices =  deviceService.getList(null, null, "TEST", null, null,null,null,null,null,false,null,null,null );
+        final List<Device> devices = deviceService.getList(null, null, "TEST", null, null, null, null, null, null, false, null, null, null);
         assertNotNull(devices);
         assertEquals(devices.size(), 2);
         assertEquals(device1.getGuid(), devices.get(0).getGuid());
@@ -371,14 +375,14 @@ public void should_save_and_find_by_network_id() {
         user1 = userService.createUser(user1, "123");
 
         final Network network = new Network();
-        network.setName(""+randomUUID());
+        network.setName("" + randomUUID());
         Network created = networkService.create(network);
         assertThat(created.getId(), notNullValue());
         userService.assignNetwork(user.getId(), network.getId());
         deviceUpdate.setNetwork(new NullableWrapper<>(network));
 
         final Network network1 = new Network();
-        network1.setName(""+randomUUID());
+        network1.setName("" + randomUUID());
         Network created1 = networkService.create(network1);
         assertThat(created1.getId(), notNullValue());
         userService.assignNetwork(user1.getId(), network1.getId());
@@ -392,7 +396,7 @@ public void should_save_and_find_by_network_id() {
         deviceService.deviceSave(deviceUpdate, Collections.<Equipment>emptySet());
         deviceService.deviceSave(deviceUpdate1, Collections.<Equipment>emptySet());
 
-        final List<Device> devices = deviceService.getList(null, null, null, network1.getId(), null,null,null,null,null,false,null,null,null );
+        final List<Device> devices = deviceService.getList(null, null, null, network1.getId(), null, null, null, null, null, false, null, null, null);
         assertNotNull(devices);
         assertEquals(device1.getGuid(), devices.get(0).getGuid());
         assertNotNull(devices.get(0).getNetwork());
@@ -416,7 +420,7 @@ public void should_save_and_find_by_device_class_id() {
         deviceService.deviceSave(deviceUpdate, Collections.<Equipment>emptySet());
         deviceService.deviceSave(deviceUpdate1, Collections.<Equipment>emptySet());
 
-        final List<Device> devices = deviceService.getList(null, null, null, null, null, dc.getId(),null,null,null,false,null,null,null );
+        final List<Device> devices = deviceService.getList(null, null, null, null, null, dc.getId(), null, null, null, false, null, null, null);
         assertNotNull(devices);
         assertEquals(device.getGuid(), devices.get(0).getGuid());
     }
@@ -438,7 +442,7 @@ public void should_save_and_find_by_device_class_name() {
         deviceService.deviceSave(deviceUpdate, Collections.<Equipment>emptySet());
         deviceService.deviceSave(deviceUpdate1, Collections.<Equipment>emptySet());
 
-        final List<Device> devices = deviceService.getList(null, null, null, null, null, null, dc.getName(),null,null,false,null,null,null );
+        final List<Device> devices = deviceService.getList(null, null, null, null, null, null, dc.getName(), null, null, false, null, null, null);
         assertNotNull(devices);
         assertEquals(device.getGuid(), devices.get(0).getGuid());
     }
@@ -461,7 +465,7 @@ public void should_save_and_find_by_device_class_version() {
         deviceService.deviceSave(deviceUpdate, Collections.<Equipment>emptySet());
         deviceService.deviceSave(deviceUpdate1, Collections.<Equipment>emptySet());
 
-        final List<Device> devices = deviceService.getList(null, null, null, null, null, null, null, dc1.getVersion(),null,false,null,null,null );
+        final List<Device> devices = deviceService.getList(null, null, null, null, null, null, null, dc1.getVersion(), null, false, null, null, null);
         assertNotNull(devices);
         assertEquals(device1.getGuid(), devices.get(0).getGuid());
     }
@@ -500,7 +504,7 @@ public void should_return_device_count() {
         user = userService.createUser(user, "123");
 
         final Network network = new Network();
-        network.setName(""+randomUUID());
+        network.setName("" + randomUUID());
         Network created = networkService.create(network);
         assertThat(created.getId(), notNullValue());
         userService.assignNetwork(user.getId(), network.getId());