steve icon indicating copy to clipboard operation
steve copied to clipboard
verified publisher icon steve-community

org.jooq.exception.DataAccessException when adding a Unknown Charge Point with ChargeBox ID starting by a space

Open juherr opened this issue 3 years ago • 5 comments

Checklist

  • [ ] I checked other issues already, but found no answer/solution
  • [ ] I checked the documentation and wiki, but found no answer/solution
  • [ ] I am running the latest version and the issue still occurs
  • [ ] I am sure that this issue is about SteVe (and not about the charging station software or something unrelated to SteVe)

Specifications

SteVe Version     : 3.4.9
Operating system  : Linux
JDK               : 17
Database          : MySQL 8.0

Expected Behavior

The unknown charge point is added.

Actual Behavior

image

Steps to Reproduce the Problem

  1. Create a new charge point with ChargeBox ID (ie: TEST)
  2. Create a new unknown charge point with the previous ChargeBox ID starting by a space (ie: %20TEST)
  3. Add the unknown charge point

Additional context

...

juherr avatar Jun 08 '22 16:06 juherr

this is because String fields go through org.springframework.beans.propertyeditors.StringTrimmerEditor as registered here in order to sanitize and clean the input within the web/controller layer. this editor internally calls String.trim() which removes leading and trailing spaces.

i can understand the confusion because what you expect is not what you get but some input sanitation is necessary, don't you think? suggestion?

goekay avatar Jun 08 '22 20:06 goekay

some input sanitation is necessary, don't you think? suggestion?

Yes, I totally agree it is often good that human inputs are sanitized. I think it is also part of the business logic and could be better placed near the business code.

Space is a legit char for chargebox id and I didn't find any exceptions for the first or last char. image

I think the design issue here and #836 is the inconsistency in the way the chargebox id is managed between the ocpp part and the UI part.

My suggestion:

  • if space is a good first/last char then it should be managed in the whole application
  • if space is not a good first/last char then it should not be shown as an Unknown Charge Point (maybe HTTP 400 on the websocket connection).

WDYT?

juherr avatar Jun 10 '22 09:06 juherr

this is because String fields go through org.springframework.beans.propertyeditors.StringTrimmerEditor as registered here in order to sanitize and clean the input within the web/controller layer. this editor internally calls String.trim() which removes leading and trailing spaces.

Does it mean passwords are trimmed too?

juherr avatar Jun 10 '22 09:06 juherr

Does it mean passwords are trimmed too?

which passwords (plural) you mean? the sign in credentials of the web ui are not affected by this.

goekay avatar Jun 16 '22 21:06 goekay

If password is kept as it, why not chargebox_id? At least, when it comes from a station event.

juherr avatar Jun 17 '22 18:06 juherr