From a2da95760c91fff67ff2cf55214cb79fd2a719cb Mon Sep 17 00:00:00 2001 From: Andrii Landiak Date: Thu, 22 Jan 2026 11:18:42 +0200 Subject: [PATCH] Fix API key controller, when user update description or activity --- .../server/controller/ApiKeyController.java | 10 +++++++--- .../server/controller/ApiKeyControllerTest.java | 9 ++++++++- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/application/src/main/java/org/thingsboard/server/controller/ApiKeyController.java b/application/src/main/java/org/thingsboard/server/controller/ApiKeyController.java index 2c6ae69ca5..09972bd6c2 100644 --- a/application/src/main/java/org/thingsboard/server/controller/ApiKeyController.java +++ b/application/src/main/java/org/thingsboard/server/controller/ApiKeyController.java @@ -77,7 +77,11 @@ public class ApiKeyController extends BaseController { User user = checkUserId(apiKeyInfo.getUserId(), Operation.WRITE); apiKeyInfo.setTenantId(user.getTenantId()); checkEntity(apiKeyInfo.getId(), apiKeyInfo, Resource.API_KEY); - return checkNotNull(apiKeyService.saveApiKey(apiKeyInfo.getTenantId(), apiKeyInfo)); + ApiKey savedApiKey = checkNotNull(apiKeyService.saveApiKey(apiKeyInfo.getTenantId(), apiKeyInfo)); + if (apiKeyInfo.getId() != null) { + savedApiKey.setValue(null); + } + return savedApiKey; } @ApiOperation(value = "Get User Api Keys (getUserApiKeys)", @@ -121,7 +125,7 @@ public class ApiKeyController extends BaseController { ApiKey apiKey = checkApiKeyId(apiKeyId, Operation.WRITE); checkUserId(apiKey.getUserId(), Operation.WRITE); apiKey.setDescription(description.orElse(null)); - return apiKeyService.saveApiKey(apiKey.getTenantId(), apiKey); + return new ApiKeyInfo(apiKeyService.saveApiKey(apiKey.getTenantId(), apiKey)); } @ApiOperation(value = "Enable or disable API key (enableApiKey)", @@ -137,7 +141,7 @@ public class ApiKeyController extends BaseController { ApiKey apiKey = checkApiKeyId(apiKeyId, Operation.WRITE); checkUserId(apiKey.getUserId(), Operation.WRITE); apiKey.setEnabled(enabledValue); - return apiKeyService.saveApiKey(apiKey.getTenantId(), apiKey); + return new ApiKeyInfo(apiKeyService.saveApiKey(apiKey.getTenantId(), apiKey)); } @ApiOperation(value = "Delete API key by ID (deleteApiKey)", diff --git a/application/src/test/java/org/thingsboard/server/controller/ApiKeyControllerTest.java b/application/src/test/java/org/thingsboard/server/controller/ApiKeyControllerTest.java index 9c7f7a898d..836d1cbfad 100644 --- a/application/src/test/java/org/thingsboard/server/controller/ApiKeyControllerTest.java +++ b/application/src/test/java/org/thingsboard/server/controller/ApiKeyControllerTest.java @@ -53,7 +53,14 @@ public class ApiKeyControllerTest extends AbstractControllerTest { Assert.assertEquals(tenantId, savedApiKey.getTenantId()); Assert.assertEquals(tenantAdminUser.getId(), savedApiKey.getUserId()); - doDelete("/api/apiKey/" + savedApiKey.getId()).andExpect(status().isOk()); + String newDescription = "Updated API Key Description"; + savedApiKey.setDescription(newDescription); + ApiKey updatedApiKey = doPost("/api/apiKey", savedApiKey, ApiKey.class); + Assert.assertNotNull(updatedApiKey); + Assert.assertEquals(newDescription, updatedApiKey.getDescription()); + Assert.assertNull("Verify we do not expose API key value on update", updatedApiKey.getValue()); + + doDelete("/api/apiKey/" + updatedApiKey.getId()).andExpect(status().isOk()); } @Test