Added validation for device name in provision request, if it is present. Added session closing when provision client tries to use topics not allowed for provisioning feature

6 years ago · 680eb89fa0
3 changed files with 8 additions and 5 deletions
--- a/application/src/main/java/org/thingsboard/server/service/device/DeviceProvisionServiceImpl.java
+++ b/application/src/main/java/org/thingsboard/server/service/device/DeviceProvisionServiceImpl.java
@ -18,9 +18,7 @@ package org.thingsboard.server.service.device;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.node.ObjectNode;
-import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;
-import com.google.common.util.concurrent.MoreExecutors;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang.RandomStringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
@ -114,6 +112,13 @@ public class DeviceProvisionServiceImpl implements DeviceProvisionService {
    public ProvisionResponse provisionDevice(ProvisionRequest provisionRequest) {
        String provisionRequestKey = provisionRequest.getCredentials().getProvisionDeviceKey();
        String provisionRequestSecret = provisionRequest.getCredentials().getProvisionDeviceSecret();
+        if (provisionRequest.getDeviceName() != null) {
+            provisionRequest.setDeviceName(provisionRequest.getDeviceName().trim());
+            if (StringUtils.isEmpty(provisionRequest.getDeviceName())) {
+                log.warn("Provision request contains empty device name!");
+                throw new ProvisionFailedException(ProvisionResponseStatus.FAILURE.name());
+            }
+        }

        if (StringUtils.isEmpty(provisionRequestKey) || StringUtils.isEmpty(provisionRequestSecret)) {
            throw new ProvisionFailedException(ProvisionResponseStatus.NOT_FOUND.name());
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/device/DeviceProvisionService.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/device/DeviceProvisionService.java
@ -15,9 +15,6 @@
 */
 package org.thingsboard.server.dao.device;

-import com.google.common.util.concurrent.ListenableFuture;
-import org.thingsboard.server.common.data.Device;
-import org.thingsboard.server.common.data.DeviceProfile;
 import org.thingsboard.server.dao.device.provision.ProvisionFailedException;
 import org.thingsboard.server.dao.device.provision.ProvisionRequest;
 import org.thingsboard.server.dao.device.provision.ProvisionResponse;
--- a/common/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttTransportHandler.java
+++ b/common/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttTransportHandler.java
@ -179,6 +179,7 @@ public class MqttTransportHandler extends ChannelInboundHandlerAdapter implement
                            }
                        }
                    } else {
+                        ctx.close();
                        throw new RuntimeException("Unsupported topic for provisioning requests!");
                    }
                } catch (RuntimeException | AdaptorException e) {