jwt settings - running install on msa black box tests

2022-09-19 19:09:24 +03:00 · 2022-09-19 19:09:24 +03:00 · c313e1cf9c
commit c313e1cf9c
parent 5ea3c9ff6a
10 changed files with 34 additions and 24 deletions
--- a/application/src/main/java/org/thingsboard/server/ThingsboardInstallApplication.java
+++ b/application/src/main/java/org/thingsboard/server/ThingsboardInstallApplication.java
@ -32,6 +32,7 @@ import java.util.Arrays;
        "org.thingsboard.server.dao",
        "org.thingsboard.server.common.stats",
        "org.thingsboard.server.common.transport.config.ssl",
+        "org.thingsboard.server.config.jwt",
        "org.thingsboard.server.cache",
        "org.thingsboard.server.springfox"
 })
--- a/application/src/main/java/org/thingsboard/server/config/jwt/JwtSettings.java
+++ b/application/src/main/java/org/thingsboard/server/config/jwt/JwtSettings.java
@ -13,7 +13,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-package org.thingsboard.server.config;
+package org.thingsboard.server.config.jwt;

 import lombok.Data;
 import org.springframework.boot.context.properties.ConfigurationProperties;
--- a/application/src/main/java/org/thingsboard/server/config/jwt/JwtSettingsService.java
+++ b/application/src/main/java/org/thingsboard/server/config/jwt/JwtSettingsService.java
@ -13,12 +13,13 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-package org.thingsboard.server.config;
+package org.thingsboard.server.config.jwt;

 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.RandomStringUtils;
+import org.springframework.dao.InvalidDataAccessResourceUsageException;
 import org.springframework.stereotype.Service;
 import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.server.common.data.AdminSettings;
@ -67,11 +68,12 @@ public class JwtSettingsService {
    }

    public void createJwtAdminSettings() {
+        log.debug("Creating JWT admin settings...");
        Objects.requireNonNull(jwtSettings, "JWT settings is null");
-        if (!isJwtAdminSettingsExists()) {
+        if (isJwtAdminSettingsNotExists()) {
            if (hasDefaultTokenSigningKey()) {
                if (!isAllowedDefaultJwtSigningKey()) {
-                    log.warn("JWT token signing key is default. Generating a new random key");
+                    log.info("JWT token signing key is default. Generating a new random key");
                    jwtSettings.setTokenSigningKey(Base64.getEncoder().encodeToString(RandomStringUtils.randomAlphanumeric(64).getBytes(StandardCharsets.UTF_8)));
                }
            }
@ -84,12 +86,17 @@ public class JwtSettingsService {
        }
    }

-    public boolean isJwtAdminSettingsExists() {
+    public boolean isJwtAdminSettingsNotExists() {
        return findJwtAdminSettings() == null;
    }

    AdminSettings findJwtAdminSettings() {
+        try {
            return adminSettingsService.findAdminSettingsByKey(TenantId.SYS_TENANT_ID, ADMIN_SETTINGS_JWT_KEY);
+        } catch (InvalidDataAccessResourceUsageException ignored) {
+            log.debug("findAdminSettingsByKey is returning InvalidDataAccessResourceUsageException. This is an installation case when the database is not initialized yet");
+            return null;
+        }
    }

    /*
@ -101,8 +108,7 @@ public class JwtSettingsService {
    }

    public void validateJwtTokenSigningKey() {
-        if (!isJwtAdminSettingsExists()) {
-            if (hasDefaultTokenSigningKey()) {
+        if (isJwtAdminSettingsNotExists() && hasDefaultTokenSigningKey()) {
            if (isAllowedDefaultJwtSigningKey()) {
                log.warn("Default JWT signing key is allowed. This is a security issue. Please, consider to set a strong key in admin settings");
            } else {
@ -112,6 +118,5 @@ public class JwtSettingsService {
            }
        }
    }
-    }

 }
--- a/application/src/main/java/org/thingsboard/server/service/install/ConditionValidatorUpgradeServiceImpl.java
+++ b/application/src/main/java/org/thingsboard/server/service/install/ConditionValidatorUpgradeServiceImpl.java
@ -19,7 +19,7 @@ import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.context.annotation.Profile;
 import org.springframework.stereotype.Service;
-import org.thingsboard.server.config.JwtSettingsService;
+import org.thingsboard.server.config.jwt.JwtSettingsService;

@Service
@Profile("install")
@ -31,7 +31,7 @@ public class ConditionValidatorUpgradeServiceImpl implements ConditionValidatorU

    @Override
    public void validateConditionsBeforeUpgrade(String fromVersion) throws Exception {
-        log.info("Validating conditions before upgrade..");
+        log.info("Validating conditions before upgrade...");
        jwtSettingsService.validateJwtTokenSigningKey();
    }

--- a/application/src/main/java/org/thingsboard/server/service/install/DefaultSystemDataLoaderService.java
+++ b/application/src/main/java/org/thingsboard/server/service/install/DefaultSystemDataLoaderService.java
@ -82,7 +82,7 @@ import org.thingsboard.server.common.data.tenant.profile.DefaultTenantProfileCon
 import org.thingsboard.server.common.data.tenant.profile.TenantProfileData;
 import org.thingsboard.server.common.data.tenant.profile.TenantProfileQueueConfiguration;
 import org.thingsboard.server.common.data.widget.WidgetsBundle;
-import org.thingsboard.server.config.JwtSettingsService;
+import org.thingsboard.server.config.jwt.JwtSettingsService;
 import org.thingsboard.server.dao.attributes.AttributesService;
 import org.thingsboard.server.dao.customer.CustomerService;
 import org.thingsboard.server.dao.device.DeviceCredentialsService;
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/TokenOutdatingService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/TokenOutdatingService.java
@ -25,7 +25,7 @@ import org.thingsboard.server.common.data.CacheConstants;
 import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.security.event.UserAuthDataChangedEvent;
 import org.thingsboard.server.common.data.security.model.JwtToken;
-import org.thingsboard.server.config.JwtSettingsService;
+import org.thingsboard.server.config.jwt.JwtSettingsService;
 import org.thingsboard.server.service.security.model.token.JwtTokenFactory;

 import javax.annotation.PostConstruct;
--- a/application/src/main/java/org/thingsboard/server/service/security/model/token/JwtTokenFactory.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/model/token/JwtTokenFactory.java
@ -35,7 +35,7 @@ import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.security.Authority;
 import org.thingsboard.server.common.data.security.model.JwtToken;
-import org.thingsboard.server.config.JwtSettingsService;
+import org.thingsboard.server.config.jwt.JwtSettingsService;
 import org.thingsboard.server.service.security.exception.JwtExpiredTokenException;
 import org.thingsboard.server.service.security.model.JwtTokenPair;
 import org.thingsboard.server.service.security.model.SecurityUser;
--- a/application/src/test/java/org/thingsboard/server/service/security/auth/JwtTokenFactoryTest.java
+++ b/application/src/test/java/org/thingsboard/server/service/security/auth/JwtTokenFactoryTest.java
@ -23,8 +23,8 @@ import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.security.Authority;
 import org.thingsboard.server.common.data.security.model.JwtToken;
-import org.thingsboard.server.config.JwtSettings;
-import org.thingsboard.server.config.JwtSettingsService;
+import org.thingsboard.server.config.jwt.JwtSettings;
+import org.thingsboard.server.config.jwt.JwtSettingsService;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.UserPrincipal;
 import org.thingsboard.server.service.security.model.token.AccessJwtToken;
--- a/application/src/test/java/org/thingsboard/server/service/security/auth/TokenOutdatingTest.java
+++ b/application/src/test/java/org/thingsboard/server/service/security/auth/TokenOutdatingTest.java
@ -26,8 +26,8 @@ import org.thingsboard.server.common.data.security.Authority;
 import org.thingsboard.server.common.data.security.UserCredentials;
 import org.thingsboard.server.common.data.security.event.UserAuthDataChangedEvent;
 import org.thingsboard.server.common.data.security.model.JwtToken;
-import org.thingsboard.server.config.JwtSettings;
-import org.thingsboard.server.config.JwtSettingsService;
+import org.thingsboard.server.config.jwt.JwtSettings;
+import org.thingsboard.server.config.jwt.JwtSettingsService;
 import org.thingsboard.server.dao.customer.CustomerService;
 import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.service.security.auth.jwt.JwtAuthenticationProvider;
--- a/packaging/java/scripts/install/logback.xml
+++ b/packaging/java/scripts/install/logback.xml
@ -56,6 +56,10 @@
        <appender-ref ref="STDOUT" />
    </logger>

+    <logger name="org.thingsboard.server.config.jwt" level="INFO">
+        <appender-ref ref="STDOUT" />
+    </logger>
+
    <logger name="org.thingsboard.server" level="INFO" />

    <root level="INFO">