Device database entry will be created before user credentials are validated by Cloud service

[zhenx76]

Hi,

I think I encountered a bug: When I was trying to add Nest cloud service to control the thermostat, I accidentally entered the wrong password at the very first time. This seems to be put the system to a state that I can't even correct the password. Here's what I think it happened:

1. I entered the wrong password in d3 client, which will call "/api/v1/device/create" API to create the Nest cloud device;
2. The create() function will call devices.discover() to discover existing device or add new device;
3. In devices.discover() in device.js, a new Nest cloud object will be created and it will call login() to validate the user credentials;
4. However, before the login() completes through callback, devices.discover() will go ahead and create the database entry, and store the wrong password;
5. Later on, the login completes and complains about wrong password. Here the database entry will not be deleted or marked as invalid;
6. Then I tried to "correct" password by adding a cloud service with the right password. This time devices.discover() will locate the device database entry (with wrong password), and it won't update the database entry with the right password.

Therefore the end result is that if I entered the wrong password for Nest for the first time, I can't connect to Nest any more. The only way to recover is to manually remove the invalid database entry.