source.dussan.org Git - sonarqube.git/blob

   1 /*
   2  * SonarQube
   3  * Copyright (C) 2009-2022 SonarSource SA
   4  * mailto:info AT sonarsource DOT com
   5  *
   6  * This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 3 of the License, or (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public License
  17  * along with this program; if not, write to the Free Software Foundation,
  18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  19  */
  20 package org.sonar.server.almsettings.ws;
  21
  22 import org.junit.Rule;
  23 import org.junit.Test;
  24 import org.sonar.api.config.internal.Encryption;
  25 import org.sonar.api.resources.ResourceTypes;
  26 import org.sonar.api.server.ws.WebService;
  27 import org.sonar.db.DbTester;
  28 import org.sonar.db.alm.setting.AlmSettingDto;
  29 import org.sonar.db.user.UserDto;
  30 import org.sonar.server.almsettings.MultipleAlmFeatureProvider;
  31 import org.sonar.server.component.ComponentFinder;
  32 import org.sonar.server.exceptions.BadRequestException;
  33 import org.sonar.server.exceptions.ForbiddenException;
  34 import org.sonar.server.exceptions.NotFoundException;
  35 import org.sonar.server.tester.UserSessionRule;
  36 import org.sonar.server.ws.TestRequest;
  37 import org.sonar.server.ws.WsActionTester;
  38
  39 import static java.lang.String.format;
  40 import static org.assertj.core.api.Assertions.assertThat;
  41 import static org.assertj.core.api.Assertions.assertThatNoException;
  42 import static org.assertj.core.api.Assertions.assertThatThrownBy;
  43 import static org.assertj.core.groups.Tuple.tuple;
  44 import static org.mockito.ArgumentMatchers.any;
  45 import static org.mockito.Mockito.mock;
  46 import static org.mockito.Mockito.when;
  47
  48 public class UpdateBitbucketCloudActionTest {
  49   @Rule
  50   public UserSessionRule userSession = UserSessionRule.standalone();
  51   @Rule
  52   public DbTester db = DbTester.create();
  53
  54   private final Encryption encryption = mock(Encryption.class);
  55
  56   private final WsActionTester ws = new WsActionTester(new UpdateBitbucketCloudAction(db.getDbClient(), userSession,
  57     new AlmSettingsSupport(db.getDbClient(), userSession, new ComponentFinder(db.getDbClient(), mock(ResourceTypes.class)),
  58       mock(MultipleAlmFeatureProvider.class))));
  59
  60   @Test
  61   public void update() {
  62     when(encryption.isEncrypted(any())).thenReturn(false);
  63     UserDto user = db.users().insertUser();
  64     userSession.logIn(user).setSystemAdministrator();
  65     AlmSettingDto almSettingDto = db.almSettings().insertBitbucketAlmSetting();
  66
  67     ws.newRequest()
  68       .setParam("key", almSettingDto.getKey())
  69       .setParam("workspace", "workspace")
  70       .setParam("clientId", "id")
  71       .setParam("clientSecret", "secret")
  72       .execute();
  73
  74     assertThat(db.getDbClient().almSettingDao().selectAll(db.getSession()))
  75       .extracting(AlmSettingDto::getKey, AlmSettingDto::getClientId,
  76         s -> s.getDecryptedClientSecret(encryption), AlmSettingDto::getAppId)
  77       .containsOnly(tuple(almSettingDto.getKey(), "id", "secret", "workspace"));
  78   }
  79
  80   @Test
  81   public void update_with_new_key() {
  82     when(encryption.isEncrypted(any())).thenReturn(false);
  83
  84     UserDto user = db.users().insertUser();
  85     userSession.logIn(user).setSystemAdministrator();
  86
  87     AlmSettingDto almSettingDto = db.almSettings().insertBitbucketAlmSetting();
  88
  89     ws.newRequest()
  90       .setParam("key", almSettingDto.getKey())
  91       .setParam("newKey", "Bitbucket Server - Infra Team")
  92       .setParam("workspace", "workspace")
  93       .setParam("clientId", "id")
  94       .setParam("clientSecret", "secret")
  95       .execute();
  96     assertThat(db.getDbClient().almSettingDao().selectAll(db.getSession()))
  97       .extracting(AlmSettingDto::getKey, AlmSettingDto::getClientId,
  98         s -> s.getDecryptedClientSecret(encryption), AlmSettingDto::getAppId)
  99       .containsOnly(tuple("Bitbucket Server - Infra Team", "id", "secret", "workspace"));
 100   }
 101
 102   @Test
 103   public void update_binding_without_changing_the_key() {
 104     when(encryption.isEncrypted(any())).thenReturn(false);
 105
 106     UserDto user = db.users().insertUser();
 107     userSession.logIn(user).setSystemAdministrator();
 108     AlmSettingDto almSetting = db.almSettings().insertBitbucketAlmSetting();
 109
 110     ws.newRequest()
 111       .setParam("key", almSetting.getKey())
 112       .setParam("newKey", almSetting.getKey())
 113       .setParam("workspace", "workspace")
 114       .setParam("clientId", "id")
 115       .setParam("clientSecret", "secret")
 116       .execute();
 117
 118     assertThat(db.getDbClient().almSettingDao().selectAll(db.getSession()))
 119       .extracting(AlmSettingDto::getKey, AlmSettingDto::getClientId,
 120         s -> s.getDecryptedClientSecret(encryption), AlmSettingDto::getAppId)
 121       .containsOnly(tuple(almSetting.getKey(), "id", "secret", "workspace"));
 122   }
 123
 124   @Test
 125   public void update_without_secret() {
 126     when(encryption.isEncrypted(any())).thenReturn(false);
 127
 128     UserDto user = db.users().insertUser();
 129     userSession.logIn(user).setSystemAdministrator();
 130
 131     AlmSettingDto almSettingDto = db.almSettings().insertBitbucketAlmSetting();
 132
 133     ws.newRequest()
 134       .setParam("key", almSettingDto.getKey())
 135       .setParam("workspace", "workspace")
 136       .setParam("clientId", "id")
 137       .execute();
 138     assertThat(db.getDbClient().almSettingDao().selectAll(db.getSession()))
 139       .extracting(AlmSettingDto::getKey, AlmSettingDto::getClientId,
 140         s -> s.getDecryptedClientSecret(encryption), AlmSettingDto::getAppId)
 141       .containsOnly(tuple(almSettingDto.getKey(), "id", almSettingDto.getDecryptedPrivateKey(encryption), "workspace"));
 142   }
 143
 144   @Test
 145   public void fail_when_key_does_not_match_existing_alm_setting() {
 146     UserDto user = db.users().insertUser();
 147     userSession.logIn(user).setSystemAdministrator();
 148     TestRequest request = ws.newRequest()
 149       .setParam("key", "unknown")
 150       .setParam("workspace", "workspace")
 151       .setParam("clientId", "id")
 152       .setParam("clientSecret", "secret");
 153
 154     assertThatThrownBy(request::execute)
 155       .isInstanceOf(NotFoundException.class)
 156       .hasMessage("ALM setting with key 'unknown' cannot be found");
 157   }
 158
 159   @Test
 160   public void fail_when_new_key_matches_existing_alm_setting() {
 161     UserDto user = db.users().insertUser();
 162     userSession.logIn(user).setSystemAdministrator();
 163     AlmSettingDto almSetting1 = db.almSettings().insertBitbucketAlmSetting();
 164     AlmSettingDto almSetting2 = db.almSettings().insertBitbucketAlmSetting();
 165     TestRequest request = ws.newRequest()
 166       .setParam("key", almSetting1.getKey())
 167       .setParam("newKey", almSetting2.getKey())
 168       .setParam("workspace", "workspace")
 169       .setParam("clientId", "id")
 170       .setParam("clientSecret", "secret");
 171
 172     assertThatThrownBy(request::execute)
 173       .isInstanceOf(IllegalArgumentException.class)
 174       .hasMessage(format("An ALM setting with key '%s' already exists", almSetting2.getKey()));
 175   }
 176
 177   @Test
 178   public void fail_when_missing_administer_system_permission() {
 179     UserDto user = db.users().insertUser();
 180     userSession.logIn(user);
 181     AlmSettingDto almSettingDto = db.almSettings().insertBitbucketAlmSetting();
 182     TestRequest request = ws.newRequest()
 183       .setParam("key", almSettingDto.getKey())
 184       .setParam("newKey", "Bitbucket Server - Infra Team")
 185       .setParam("workspace", "workspace")
 186       .setParam("clientId", "id")
 187       .setParam("clientSecret", "secret");
 188
 189     assertThatThrownBy(request::execute)
 190       .isInstanceOf(ForbiddenException.class);
 191   }
 192
 193   @Test
 194   public void fail_when_workspace_id_format_is_incorrect() {
 195     String workspace = "workspace/name";
 196     UserDto user = db.users().insertUser();
 197     userSession.logIn(user).setSystemAdministrator();
 198     AlmSettingDto almSettingDto = db.almSettings().insertBitbucketAlmSetting();
 199
 200     TestRequest request = ws.newRequest()
 201       .setParam("key", almSettingDto.getKey())
 202       .setParam("workspace", workspace)
 203       .setParam("clientId", "id")
 204       .setParam("clientSecret", "secret");
 205
 206     assertThatThrownBy(request::execute)
 207       .isInstanceOf(BadRequestException.class)
 208       .hasMessageContaining(String.format(
 209         "Workspace ID '%s' has an incorrect format. Should only contain lowercase letters, numbers, dashes, and underscores.",
 210         workspace
 211       ));
 212   }
 213
 214   @Test
 215   public void do_not_fail_when_workspace_id_format_is_correct() {
 216     String workspace = "work-space_123";
 217     UserDto user = db.users().insertUser();
 218     userSession.logIn(user).setSystemAdministrator();
 219     AlmSettingDto almSettingDto = db.almSettings().insertBitbucketAlmSetting();
 220
 221     TestRequest request = ws.newRequest()
 222       .setParam("key", almSettingDto.getKey())
 223       .setParam("workspace", workspace)
 224       .setParam("clientId", "id")
 225       .setParam("clientSecret", "secret");
 226
 227     assertThatNoException().isThrownBy(request::execute);
 228   }
 229
 230   @Test
 231   public void definition() {
 232     WebService.Action def = ws.getDef();
 233
 234     assertThat(def.since()).isEqualTo("8.7");
 235     assertThat(def.isPost()).isTrue();
 236     assertThat(def.params())
 237       .extracting(WebService.Param::key, WebService.Param::isRequired)
 238       .containsExactlyInAnyOrder(tuple("key", true), tuple("newKey", false), tuple("workspace", true),
 239         tuple("clientId", true), tuple("clientSecret", false));
 240   }
 241
 242 }