apache · DaanHoogland · Feb 11, 2026 · Feb 11, 2026 · Feb 11, 2026 · Feb 12, 2026
diff --git a/engine/schema/src/main/java/com/cloud/user/UserVO.java b/engine/schema/src/main/java/com/cloud/user/UserVO.java
@@ -123,8 +123,8 @@ public UserVO() {
     }
 
     public UserVO(long id) {
+        this();
         this.id = id;
-        this.uuid = UUID.randomUUID().toString();
     }
 
     public UserVO(long accountId, String username, String password, String firstName, String lastName, String email, String timezone, String uuid, Source source) {

diff --git a/engine/schema/src/main/java/com/cloud/user/dao/AccountDaoImpl.java b/engine/schema/src/main/java/com/cloud/user/dao/AccountDaoImpl.java
@@ -42,7 +42,7 @@
 
 @Component
 public class AccountDaoImpl extends GenericDaoBase<AccountVO, Long> implements AccountDao {
-    private static final String FIND_USER_ACCOUNT_BY_API_KEY = "SELECT u.id, u.username, u.account_id, u.secret_key, u.state, u.api_key_access, "
+    private static final String FIND_USER_ACCOUNT_BY_API_KEY = "SELECT u.id, u.uuid, u.username, u.account_id, u.secret_key, u.state, u.api_key_access, "
         + "a.id, a.account_name, a.type, a.role_id, a.domain_id, a.state, a.api_key_access " + "FROM `cloud`.`user` u, `cloud`.`account` a "
         + "WHERE u.account_id = a.id AND u.api_key = ? and u.removed IS NULL";
 
@@ -138,41 +138,41 @@ public Pair<User, Account> findUserAccountByApiKey(String apiKey) {
         PreparedStatement pstmt = null;
         Pair<User, Account> userAcctPair = null;
         try {
-            String sql = FIND_USER_ACCOUNT_BY_API_KEY;
-            pstmt = txn.prepareAutoCloseStatement(sql);
+            pstmt = txn.prepareAutoCloseStatement(FIND_USER_ACCOUNT_BY_API_KEY);
             pstmt.setString(1, apiKey);
             ResultSet rs = pstmt.executeQuery();
             // TODO:  make sure we don't have more than 1 result?  ApiKey had better be unique
             if (rs.next()) {
-                User u = new UserVO(rs.getLong(1));
-                u.setUsername(rs.getString(2));
-                u.setAccountId(rs.getLong(3));
-                u.setSecretKey(DBEncryptionUtil.decrypt(rs.getString(4)));
-                u.setState(State.getValueOf(rs.getString(5)));
-                boolean apiKeyAccess = rs.getBoolean(6);
+                UserVO u = new UserVO(rs.getLong(1));
+                u.setUuid(rs.getString(2));
+                u.setUsername(rs.getString(3));
+                u.setAccountId(rs.getLong(4));
+                u.setSecretKey(DBEncryptionUtil.decrypt(rs.getString(5)));
+                u.setState(State.getValueOf(rs.getString(6)));
+                boolean apiKeyAccess = rs.getBoolean(7);
                 if (rs.wasNull()) {
                     u.setApiKeyAccess(null);
                 } else {
                     u.setApiKeyAccess(apiKeyAccess);
                 }
 
-                AccountVO a = new AccountVO(rs.getLong(7));
-                a.setAccountName(rs.getString(8));
-                a.setType(Account.Type.getFromValue(rs.getInt(9)));
-                a.setRoleId(rs.getLong(10));
-                a.setDomainId(rs.getLong(11));
-                a.setState(State.getValueOf(rs.getString(12)));
-                apiKeyAccess = rs.getBoolean(13);
+                AccountVO a = new AccountVO(rs.getLong(8));
+                a.setAccountName(rs.getString(9));
+                a.setType(Account.Type.getFromValue(rs.getInt(10)));
+                a.setRoleId(rs.getLong(11));
+                a.setDomainId(rs.getLong(12));
+                a.setState(State.getValueOf(rs.getString(13)));
+                apiKeyAccess = rs.getBoolean(14);
                 if (rs.wasNull()) {
                     a.setApiKeyAccess(null);
                 } else {
                     a.setApiKeyAccess(apiKeyAccess);
                 }
 
-                userAcctPair = new Pair<User, Account>(u, a);
+                userAcctPair = new Pair<>(u, a);
             }
         } catch (Exception e) {
-            logger.warn("Exception finding user/acct by api key: " + apiKey, e);
+            logger.warn("Exception finding user/acct by api key: {}", apiKey, e);
         }
         return userAcctPair;
     }
@@ -341,11 +341,9 @@ public long getDomainIdForGivenAccountId(long id) {
             domain_id = account_vo.getDomainId();
         }
         catch (Exception e) {
-            logger.warn("getDomainIdForGivenAccountId: Exception :" + e.getMessage());
-        }
-        finally {
-            return domain_id;
+            logger.warn("Can not get DomainId for the given AccountId; exception message : {}", e.getMessage());
         }
+        return domain_id;
     }
 
     @Override

diff --git a/server/src/main/java/com/cloud/user/AccountManagerImpl.java b/server/src/main/java/com/cloud/user/AccountManagerImpl.java
@@ -1861,10 +1861,9 @@ protected void validateAndUpdateApiAndSecretKeyIfNeeded(UpdateUserCmd updateUser
         if (isApiKeyBlank && isSecretKeyBlank) {
             return;
         }
-        Pair<User, Account> apiKeyOwner = _accountDao.findUserAccountByApiKey(apiKey);
+        UserAccount apiKeyOwner = _userAccountDao.getUserByApiKey(apiKey);
         if (apiKeyOwner != null) {
-            User userThatHasTheProvidedApiKey = apiKeyOwner.first();
-            if (userThatHasTheProvidedApiKey.getId() != user.getId()) {
+            if (apiKeyOwner.getId() != user.getId()) {
                 throw new InvalidParameterValueException(String.format("The API key [%s] already exists in the system. Please provide a unique key.", apiKey));
             }
         }
@@ -3050,7 +3049,14 @@ protected void updateLoginAttemptsWhenIncorrectLoginAttemptsEnabled(UserAccount
 
     @Override
     public Pair<User, Account> findUserByApiKey(String apiKey) {
-        return _accountDao.findUserAccountByApiKey(apiKey);
+        UserAccount userAccount = _userAccountDao.getUserByApiKey(apiKey);
+        if (userAccount != null) {
+            User user = _userDao.getUser(userAccount.getId());
+            Account account = _accountDao.findById(userAccount.getAccountId());
+            return new Pair<>(user, account);
+        } else {
+            return null;
+        }
     }
 
     @Override
@@ -3184,14 +3190,14 @@ private String createUserApiKey(long userId) {
             UserVO updatedUser = _userDao.createForUpdate();
 
             String encodedKey;
-            Pair<User, Account> userAcct;
+            UserAccount userAcct;
             int retryLimit = 10;
             do {
                 // FIXME: what algorithm should we use for API keys?
                 KeyGenerator generator = KeyGenerator.getInstance("HmacSHA1");
                 SecretKey key = generator.generateKey();
                 encodedKey = Base64.encodeBase64URLSafeString(key.getEncoded());
-                userAcct = _accountDao.findUserAccountByApiKey(encodedKey);
+                userAcct = _userAccountDao.getUserByApiKey(encodedKey);
                 retryLimit--;
             } while ((userAcct != null) && (retryLimit >= 0));