SONAR-19084 Prevent enabling GitHub provisioning if config is incomplete

author Aurelien Poscia <aurelien.poscia@sonarsource.com>

Mon, 1 May 2023 06:04:00 +0000 (08:04 +0200)

committer sonartech <sonartech@sonarsource.com>

Thu, 11 May 2023 20:03:13 +0000 (20:03 +0000)
author Aurelien Poscia <aurelien.poscia@sonarsource.com>
Mon, 1 May 2023 06:04:00 +0000 (08:04 +0200)
committer sonartech <sonartech@sonarsource.com>
Thu, 11 May 2023 20:03:13 +0000 (20:03 +0000)
diff --git a/server/sonar-auth-github/src/main/java/org/sonar/auth/github/GitHubSettings.java b/server/sonar-auth-github/src/main/java/org/sonar/auth/github/GitHubSettings.java

index d736e1e26ebfc94a5b8c673535084a8bd68e0208..25b27bf72845eb04b418c978219073213a247cd4 100644 (file)
--- a/server/sonar-auth-github/src/main/java/org/sonar/auth/github/GitHubSettings.java
+++ b/server/sonar-auth-github/src/main/java/org/sonar/auth/github/GitHubSettings.java
@@ -29,7 +29,9 @@ import org.sonar.api.config.Configuration;
  import org.sonar.api.config.PropertyDefinition;
  import org.sonar.server.property.InternalProperties;
  
+import static java.lang.String.format;
  import static java.lang.String.valueOf;
+import static org.apache.commons.lang.StringUtils.isNotBlank;
  import static org.sonar.api.PropertyType.BOOLEAN;
  import static org.sonar.api.PropertyType.PASSWORD;
  import static org.sonar.api.PropertyType.STRING;
@@ -59,7 +61,6 @@ public class GitHubSettings {
  
    private final InternalProperties internalProperties;
  
-
    public GitHubSettings(Configuration configuration, InternalProperties internalProperties) {
      this.configuration = configuration;
      this.internalProperties = internalProperties;
@@ -117,11 +118,21 @@ public class GitHubSettings {
  
    public void setProvisioning(boolean enableProvisioning) {
      if (enableProvisioning) {
-      checkState(isEnabled(), "GitHub authentication must be enabled to enable GitHub provisioning.");
+      checkGithubConfigIsCompleteForProvisioning();
      }
      internalProperties.write(PROVISIONING, String.valueOf(enableProvisioning));
    }
  
+  private void checkGithubConfigIsCompleteForProvisioning() {
+    checkState(isEnabled(), getErrorMessage("GitHub authentication must be enabled"));
+    checkState(isNotBlank(appId()), getErrorMessage("Application ID must be provided"));
+    checkState(isNotBlank(privateKey()), getErrorMessage("Private key must be provided"));
+  }
+
+  private static String getErrorMessage(String prefix) {
+    return format("%s to enable GitHub provisioning.", prefix);
+  }
+
    public boolean isProvisioningEnabled() {
      return isEnabled() && internalProperties.read(PROVISIONING).map(Boolean::parseBoolean).orElse(false);
    }
diff --git a/server/sonar-auth-github/src/test/java/org/sonar/auth/github/GitHubSettingsTest.java b/server/sonar-auth-github/src/test/java/org/sonar/auth/github/GitHubSettingsTest.java

index 6d2ceaabc12d6ce24da3ef7c48b4866c024fdbcc..344a85bfc7cc6c55135493fd8b08af463ed6cabc 100644 (file)
--- a/server/sonar-auth-github/src/test/java/org/sonar/auth/github/GitHubSettingsTest.java
+++ b/server/sonar-auth-github/src/test/java/org/sonar/auth/github/GitHubSettingsTest.java
@@ -100,11 +100,34 @@ public class GitHubSettingsTest {
      assertThatIllegalStateException()
        .isThrownBy(() -> underTest.setProvisioning(true))
        .withMessage("GitHub authentication must be enabled to enable GitHub provisioning.");
+    assertThat(underTest.isProvisioningEnabled()).isFalse();
+  }
+
+  @Test
+  public void setProvisioning_whenPrivateKeyMissing_shouldThrow() {
+    enableGithubAuthenticationWithGithubApp();
+    settings.setProperty("sonar.auth.github.privateKey.secured", "");
+
+    assertThatIllegalStateException()
+      .isThrownBy(() -> underTest.setProvisioning(true))
+      .withMessage("Private key must be provided to enable GitHub provisioning.");
+    assertThat(underTest.isProvisioningEnabled()).isFalse();
+  }
+
+  @Test
+  public void setProvisioning_whenAppIdMissing_shouldThrow() {
+    enableGithubAuthenticationWithGithubApp();
+    settings.setProperty("sonar.auth.github.appId", "");
+
+    assertThatIllegalStateException()
+      .isThrownBy(() -> underTest.setProvisioning(true))
+      .withMessage("Application ID must be provided to enable GitHub provisioning.");
+    assertThat(underTest.isProvisioningEnabled()).isFalse();
    }
  
    @Test
    public void setProvisioning_whenPassedTrue_delegatesToInternalPropertiesWrite() {
-    enableGithubAuthentication();
+    enableGithubAuthenticationWithGithubApp();
      underTest.setProvisioning(true);
      verify(internalProperties).write(GitHubSettings.PROVISIONING, Boolean.TRUE.toString());
    }
author	Aurelien Poscia <aurelien.poscia@sonarsource.com>
	Mon, 1 May 2023 06:04:00 +0000 (08:04 +0200)
committer	sonartech <sonartech@sonarsource.com>
	Thu, 11 May 2023 20:03:13 +0000 (20:03 +0000)
server/sonar-auth-github/src/main/java/org/sonar/auth/github/GitHubSettings.java		patch \| blob \| history
server/sonar-auth-github/src/test/java/org/sonar/auth/github/GitHubSettingsTest.java		patch \| blob \| history