refactor: move password validation to ChargePointService

* and also make getRegistrationStatus return the password additionally, in order prevent another DB lookup later

Author: goekay

src/main/java/de/rwth/idsg/steve/repository/ChargePointRepository.java

@@ -20,14 +20,14 @@
 
 import de.rwth.idsg.steve.ocpp.OcppProtocol;
 import de.rwth.idsg.steve.repository.dto.ChargePoint;
+import de.rwth.idsg.steve.repository.dto.ChargePointRegistration;
 import de.rwth.idsg.steve.repository.dto.ChargePointSelect;
 import de.rwth.idsg.steve.repository.dto.ConnectorStatus;
 import de.rwth.idsg.steve.web.dto.ChargePointForm;
 import de.rwth.idsg.steve.web.dto.ChargePointQueryForm;
 import de.rwth.idsg.steve.web.dto.ConnectorStatusForm;
 import org.jetbrains.annotations.Nullable;
 
-import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
@@ -37,7 +37,7 @@
  * @since 19.08.2014
  */
 public interface ChargePointRepository {
-    Optional<String> getRegistrationStatus(String chargeBoxId);
+    Optional<ChargePointRegistration> getRegistration(String chargeBoxId);
 
     List<ChargePointSelect> getChargePointSelect(OcppProtocol protocol, List<String> inStatusFilter, List<String> chargeBoxIdFilter);
 
@@ -55,7 +55,4 @@ public interface ChargePointRepository {
     int addChargePoint(ChargePointForm form);
     void updateChargePoint(ChargePointForm form);
     void deleteChargePoint(int chargeBoxPk);
-
-    boolean isRegistered(String chargeBoxId);
-    boolean validatePassword(String chargeBoxId, String password);
 }

src/main/java/de/rwth/idsg/steve/repository/dto/ChargePointRegistration.java

@@ -0,0 +1,7 @@
+package de.rwth.idsg.steve.repository.dto;
+
+public record ChargePointRegistration(
+    String registrationStatus,
+    String hashedAuthPassword
+) {
+}

src/main/java/de/rwth/idsg/steve/repository/impl/ChargePointRepositoryImpl.java

@@ -23,6 +23,7 @@
 import de.rwth.idsg.steve.repository.AddressRepository;
 import de.rwth.idsg.steve.repository.ChargePointRepository;
 import de.rwth.idsg.steve.repository.dto.ChargePoint;
+import de.rwth.idsg.steve.repository.dto.ChargePointRegistration;
 import de.rwth.idsg.steve.repository.dto.ChargePointSelect;
 import de.rwth.idsg.steve.repository.dto.ConnectorStatus;
 import de.rwth.idsg.steve.utils.DateTimeUtils;
@@ -46,7 +47,6 @@
 import org.jooq.Table;
 import org.jooq.exception.DataAccessException;
 import org.jooq.impl.DSL;
-import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Repository;
 import org.springframework.util.CollectionUtils;
 
@@ -72,16 +72,18 @@ public class ChargePointRepositoryImpl implements ChargePointRepository {
 
     private final DSLContext ctx;
     private final AddressRepository addressRepository;
-    private final PasswordEncoder passwordEncoder;
 
     @Override
-    public Optional<String> getRegistrationStatus(String chargeBoxId) {
-        String status = ctx.select(CHARGE_BOX.REGISTRATION_STATUS)
-                           .from(CHARGE_BOX)
-                           .where(CHARGE_BOX.CHARGE_BOX_ID.eq(chargeBoxId))
-                           .fetchOne(CHARGE_BOX.REGISTRATION_STATUS);
-
-        return Optional.ofNullable(status);
+    public Optional<ChargePointRegistration> getRegistration(String chargeBoxId) {
+        var status = ctx.select(CHARGE_BOX.REGISTRATION_STATUS, CHARGE_BOX.AUTH_PASSWORD)
+                        .from(CHARGE_BOX)
+                        .where(CHARGE_BOX.CHARGE_BOX_ID.eq(chargeBoxId))
+                        .fetch()
+                        .map(rec -> new ChargePointRegistration(rec.value1(), rec.value2()));
+
+        return status.isEmpty()
+            ? Optional.empty()
+            : Optional.ofNullable(status.getFirst());
     }
 
     @Override
@@ -376,41 +378,4 @@ private void deleteChargePointInternal(DSLContext ctx, int chargeBoxPk) {
            .where(CHARGE_BOX.CHARGE_BOX_PK.equal(chargeBoxPk))
            .execute();
     }
-
-    @Override
-    public boolean isRegistered(String chargeBoxId) {
-        return ctx.fetchExists(
-            ctx.selectFrom(CHARGE_BOX)
-               .where(CHARGE_BOX.CHARGE_BOX_ID.eq(chargeBoxId))
-        );
-    }
-
-    @Override
-    public boolean validatePassword(String chargeBoxId, String password) {
-        if (password == null || password.isEmpty()) {
-            log.warn("Empty password provided for charge point '{}'", chargeBoxId);
-            return false;
-        }
-
-        var storedHashedPassword = ctx.select(CHARGE_BOX.AUTH_PASSWORD)
-            .from(CHARGE_BOX)
-            .where(CHARGE_BOX.CHARGE_BOX_ID.eq(chargeBoxId))
-            .fetchOne(CHARGE_BOX.AUTH_PASSWORD);
-
-        if (storedHashedPassword == null || storedHashedPassword.isEmpty()) {
-            log.warn("No password configured for charge point '{}' - authentication disabled", chargeBoxId);
-            return true;
-        }
-
-        try {
-            var matches = passwordEncoder.matches(password, storedHashedPassword);
-            if (!matches) {
-                log.warn("Invalid password attempt for charge point '{}'", chargeBoxId);
-            }
-            return matches;
-        } catch (IllegalArgumentException e) {
-            log.error("Invalid BCrypt hash stored for charge point '{}'. Hash might be corrupted.", chargeBoxId, e);
-            return false;
-        }
-    }
 }

src/main/java/de/rwth/idsg/steve/service/ChargePointService.java

@@ -43,8 +43,10 @@
 import lombok.extern.slf4j.Slf4j;
 import ocpp.cs._2015._10.RegistrationStatus;
 import org.joda.time.DateTime;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.util.CollectionUtils;
+import org.springframework.util.StringUtils;
 
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -74,6 +76,7 @@ public class ChargePointService {
     private final ChargePointRepository chargePointRepository;
     private final GenericRepository genericRepository;
     private final SteveProperties steveProperties;
+    private final PasswordEncoder passwordEncoder;
 
     // SOAP-based charge points are stored in DB with an endpoint address.
     // But, for WebSocket-based charge points, the active sessions are stored in memory.
@@ -127,6 +130,31 @@ public void removeUnknown(List<String> chargeBoxIdList) {
     // Registration status
     // -------------------------------------------------------------------------
 
+    public boolean validatePassword(String chargeBoxId, String passwordFromHeaders, String storedHashedPassword) {
+        // if no password in DB, this station needs no validation
+        if (StringUtils.isEmpty(storedHashedPassword)) {
+            log.info("No password configured for charge point '{}' - authentication disabled", chargeBoxId);
+            return true;
+        }
+
+        // there is a password in DB, but the station provided no password
+        if (StringUtils.isEmpty(passwordFromHeaders)) {
+            log.warn("Empty password provided for charge point '{}'", chargeBoxId);
+            return false;
+        }
+
+        try {
+            var matches = passwordEncoder.matches(passwordFromHeaders, storedHashedPassword);
+            if (!matches) {
+                log.warn("Invalid password attempt for charge point '{}'", chargeBoxId);
+            }
+            return matches;
+        } catch (Exception e) {
+            log.error("Exception while checking password for charge point '{}'", chargeBoxId, e);
+            return false;
+        }
+    }
+
     public Optional<RegistrationStatus> getRegistrationStatus(String chargeBoxId) {
         Lock l = isRegisteredLocks.get(chargeBoxId);
         l.lock();
@@ -143,10 +171,10 @@ public Optional<RegistrationStatus> getRegistrationStatus(String chargeBoxId) {
 
     private Optional<RegistrationStatus> getRegistrationStatusInternal(String chargeBoxId) {
         // 1. exit if already registered
-        Optional<String> status = chargePointRepository.getRegistrationStatus(chargeBoxId);
+        var status = chargePointRepository.getRegistration(chargeBoxId);
         if (status.isPresent()) {
             try {
-                return Optional.ofNullable(RegistrationStatus.fromValue(status.get()));
+                return Optional.ofNullable(RegistrationStatus.fromValue(status.get().registrationStatus()));
             } catch (Exception e) {
                 // in cases where the database entry (string) is altered, and therefore cannot be converted to enum
                 log.error("Exception happened", e);

src/test/java/de/rwth/idsg/steve/issues/Issue1219.java

@@ -42,8 +42,6 @@
 import org.jooq.impl.DataSourceConnectionProvider;
 import org.jooq.impl.DefaultConfiguration;
 import org.jooq.tools.jdbc.SingleConnectionDataSource;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
 
 import java.sql.Connection;
 import java.sql.DriverManager;
@@ -61,7 +59,6 @@ public class Issue1219 {
     private static final String url = "jdbc:mysql://localhost:3306/stevedb";
     private static final String userName = "steve";
     private static final String password = "changeme";
-    private static final PasswordEncoder PASSWORD_ENCODER = new BCryptPasswordEncoder();
 
     private final DSLContext ctx;
 
@@ -155,7 +152,7 @@ private List<Integer> insertStartTransactions(int count, List<String> ocppTags,
     }
 
     private List<String> insertChargeBoxes(int count) {
-        var repository = new ChargePointRepositoryImpl(ctx, new AddressRepositoryImpl(), PASSWORD_ENCODER);
+        var repository = new ChargePointRepositoryImpl(ctx, new AddressRepositoryImpl());
 
         List<String> ids = IntStream.range(0, count).mapToObj(val -> UUID.randomUUID().toString()).collect(Collectors.toList());
         repository.addChargePointList(ids);

src/test/java/de/rwth/idsg/steve/utils/__DatabasePreparer__.java

@@ -45,8 +45,6 @@
 import org.jooq.Schema;
 import org.jooq.Table;
 import org.jooq.impl.DSL;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
 
 import java.util.Arrays;
 import java.util.List;
@@ -74,7 +72,6 @@ public class __DatabasePreparer__ {
     private static final String REGISTERED_CHARGE_BOX_ID = "charge_box_2aa6a783d47d";
     private static final String REGISTERED_CHARGE_BOX_ID_2 = "charge_box_2aa6a783d47d_2";
     private static final String REGISTERED_OCPP_TAG = "id_tag_2aa6a783d47d";
-    private static final PasswordEncoder PASSWORD_ENCODER = new BCryptPasswordEncoder();
 
     private final DSLContext dslContext;
 
@@ -129,7 +126,7 @@ public List<Reservation> getReservations() {
     }
 
     public List<ConnectorStatus> getChargePointConnectorStatus() {
-        ChargePointRepositoryImpl impl = new ChargePointRepositoryImpl(dslContext, new AddressRepositoryImpl(), PASSWORD_ENCODER);
+        ChargePointRepositoryImpl impl = new ChargePointRepositoryImpl(dslContext, new AddressRepositoryImpl());
         return impl.getChargePointConnectorStatus(null);
     }
 
@@ -144,7 +141,7 @@ public OcppTagActivityRecord getOcppTagRecord(String idTag) {
     }
 
     public ChargePoint.Details getCBDetails(String chargeboxID) {
-        ChargePointRepositoryImpl impl = new ChargePointRepositoryImpl(dslContext, new AddressRepositoryImpl(), PASSWORD_ENCODER);
+        ChargePointRepositoryImpl impl = new ChargePointRepositoryImpl(dslContext, new AddressRepositoryImpl());
         Map<String, Integer> pkMap = impl.getChargeBoxIdPkPair(Arrays.asList(chargeboxID));
         int pk = pkMap.get(chargeboxID);
         return impl.getDetails(pk);