search

TheThingSystem / steward

The Thing System is a set of software components and network protocols that aims to fix the Internet of Things. Our steward software is written in node.js making it both portable and easily extensible. It can run on your laptop, or fit onto a small single board computer like the Raspberry Pi.
http://thethingsystem.com
Other
346 stars 81 forks source link

Device database entry will be created before user credentials are validated by Cloud service #289

Open zhenx76 opened 8 years ago

zhenx76 commented 8 years ago

Hi,

I think I encountered a bug: When I was trying to add Nest cloud service to control the thermostat, I accidentally entered the wrong password at the very first time. This seems to be put the system to a state that I can't even correct the password. Here's what I think it happened:

  1. I entered the wrong password in d3 client, which will call "/api/v1/device/create" API to create the Nest cloud device;
  2. The create() function will call devices.discover() to discover existing device or add new device;
  3. In devices.discover() in device.js, a new Nest cloud object will be created and it will call login() to validate the user credentials;
  4. However, before the login() completes through callback, devices.discover() will go ahead and create the database entry, and store the wrong password;
  5. Later on, the login completes and complains about wrong password. Here the database entry will not be deleted or marked as invalid;
  6. Then I tried to "correct" password by adding a cloud service with the right password. This time devices.discover() will locate the device database entry (with wrong password), and it won't update the database entry with the right password.

Therefore the end result is that if I entered the wrong password for Nest for the first time, I can't connect to Nest any more. The only way to recover is to manually remove the invalid database entry.