search

telefonicaid / iotagent-ul

IoT Agent for a UltraLight 2.0 based protocol (with HTTP, MQTT and AMQP transports)
https://fiware-iotagent-ul.rtfd.io/
GNU Affero General Public License v3.0
37 stars 55 forks source link

Message with wrong Fiware-Service is accepted #207

Open gobaldia opened 7 years ago

gobaldia commented 7 years ago

I have the following important issue. I have two Services created as follows:

Host: localhost:4061
Content-Type: application/json
X-Auth-Token: [TOKEN]
Fiware-Service: A
Fiware-ServicePath: /auto
Cache-Control: no-cache
{
      "services": [
        {
          "apikey":      "apikeyA",
          "cbroker":     "http://localhost:1026",
          "entity_type": "A",
          "resource":    "/iot/d"
        }
      ]
    }

and

Host: localhost:4061
Content-Type: application/json
X-Auth-Token: [TOKEN]
Fiware-Service: B
Fiware-ServicePath: /auto
Cache-Control: no-cache
{
      "services": [
        {
          "apikey":      "apikeyB",
          "cbroker":     "http://localhost:1026",
          "entity_type": "B",
          "resource":    "/iot/d"
        }
      ]
    }

Then I have two devices: deviceA (in the service A, with Fiware-Service A) and deviceB (in the service B, with Fiware-Service B).

Then, if I try to send a measure to deviceA with APIKEY=apikeyA and Fiware-Service=B the measure is accepted and processed normally, and viceversa. It seems to header Fiware-Service is ignored. That's a big issue. It caused us a lot of inconveniences.

AlvaroVega commented 6 years ago

In that case apikey is prevaling over the header fiware-service. In some cases apikey unique by a mongo index.

AlvaroVega commented 6 years ago

Anyway, in order to check that service and subservice matches with the configuration provided for apikey you should enable Single Configuration Mode. https://github.com/telefonicaid/iotagent-node-lib#configurations-and-subservices