SONAR-8716 fix check of permissions in api/server/check_secret_key

author Simon Brandhof <simon.brandhof@sonarsource.com>

Thu, 2 Feb 2017 14:17:16 +0000 (15:17 +0100)

committer Simon Brandhof <simon.brandhof@sonarsource.com>

Tue, 7 Feb 2017 13:30:39 +0000 (14:30 +0100)
author Simon Brandhof <simon.brandhof@sonarsource.com>
Thu, 2 Feb 2017 14:17:16 +0000 (15:17 +0100)
committer Simon Brandhof <simon.brandhof@sonarsource.com>
Tue, 7 Feb 2017 13:30:39 +0000 (14:30 +0100)
diff --git a/server/sonar-server/src/main/java/org/sonar/server/setting/ws/CheckSecretKeyAction.java b/server/sonar-server/src/main/java/org/sonar/server/setting/ws/CheckSecretKeyAction.java

index 2fc736b1746432ef3ecae53297084c2716e547da..96d9c01574818e1e28cbbeaf0893899a55f9bfdc 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/setting/ws/CheckSecretKeyAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/setting/ws/CheckSecretKeyAction.java
@@ -27,7 +27,6 @@ import org.sonar.api.server.ws.WebService;
  import org.sonar.server.user.UserSession;
  import org.sonarqube.ws.Settings.CheckSecretKeyWsResponse;
  
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
  import static org.sonar.server.ws.WsUtils.writeProtobuf;
  
  public class CheckSecretKeyAction implements SettingsWsAction {
@@ -52,7 +51,7 @@ public class CheckSecretKeyAction implements SettingsWsAction {
  
    @Override
    public void handle(Request request, Response response) throws Exception {
-    userSession.checkPermission(SYSTEM_ADMIN);
+    userSession.checkLoggedIn().checkIsRoot();
  
      writeProtobuf(CheckSecretKeyWsResponse.newBuilder().setSecretKeyAvailable(settings.getEncryption().hasSecretKey()).build(), request, response);
    }
diff --git a/server/sonar-server/src/test/java/org/sonar/server/setting/ws/CheckSecretKeyActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/setting/ws/CheckSecretKeyActionTest.java

index 16ec66b53ea41437f3d6705892592dbef2fe82aa..e3e2d81d45b5fdffad371f56f5fb8d960e842d82 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/setting/ws/CheckSecretKeyActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/setting/ws/CheckSecretKeyActionTest.java
@@ -33,6 +33,7 @@ import org.sonar.api.config.MapSettings;
  import org.sonar.api.config.Settings;
  import org.sonar.api.server.ws.WebService;
  import org.sonar.server.exceptions.ForbiddenException;
+import org.sonar.server.exceptions.UnauthorizedException;
  import org.sonar.server.tester.UserSessionRule;
  import org.sonar.server.ws.TestRequest;
  import org.sonar.server.ws.WsActionTester;
@@ -40,27 +41,25 @@ import org.sonarqube.ws.MediaTypes;
  import org.sonarqube.ws.Settings.CheckSecretKeyWsResponse;
  
  import static org.assertj.core.api.Assertions.assertThat;
-import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
  import static org.sonar.test.JsonAssert.assertJson;
  
  public class CheckSecretKeyActionTest {
    @Rule
    public ExpectedException expectedException = ExpectedException.none();
    @Rule
-  public UserSessionRule userSession = UserSessionRule.standalone().setGlobalPermissions(SYSTEM_ADMIN);
+  public UserSessionRule userSession = UserSessionRule.standalone();
    @Rule
    public TemporaryFolder temporaryFolder = new TemporaryFolder();
  
-  Settings settings = new MapSettings();
-  Encryption encryption = settings.getEncryption();
-
-  CheckSecretKeyAction underTest = new CheckSecretKeyAction(settings, userSession);
-
-  WsActionTester ws = new WsActionTester(underTest);
+  private Settings settings = new MapSettings();
+  private Encryption encryption = settings.getEncryption();
+  private CheckSecretKeyAction underTest = new CheckSecretKeyAction(settings, userSession);
+  private WsActionTester ws = new WsActionTester(underTest);
  
    @Test
    public void json_example() throws IOException {
+    logInAsRoot();
+
      File secretKeyFile = temporaryFolder.newFile();
      FileUtils.writeStringToFile(secretKeyFile, "fCVFf/JHRi8Qwu5KLNva7g==");
      encryption.setPathToSecretKey(secretKeyFile.getAbsolutePath());
@@ -72,6 +71,8 @@ public class CheckSecretKeyActionTest {
  
    @Test
    public void false_when_no_secret_key() {
+    logInAsRoot();
+
      encryption.setPathToSecretKey("unknown/path/to_secret_key.txt");
  
      CheckSecretKeyWsResponse result = call();
@@ -92,10 +93,21 @@ public class CheckSecretKeyActionTest {
    }
  
    @Test
-  public void fail_if_insufficient_permissions() {
-    expectedException.expect(ForbiddenException.class);
+  public void throw_UnauthorizedException_if_not_logged_in() {
+    userSession.anonymous();
  
-    userSession.anonymous().setGlobalPermissions(QUALITY_PROFILE_ADMIN);
+    expectedException.expect(UnauthorizedException.class);
+    expectedException.expectMessage("Authentication is required");
+
+    call();
+  }
+
+  @Test
+  public void throw_ForbiddenException_if_not_root() {
+    userSession.login();
+
+    expectedException.expect(ForbiddenException.class);
+    expectedException.expectMessage("Insufficient privileges");
  
      call();
    }
@@ -112,4 +124,7 @@ public class CheckSecretKeyActionTest {
      }
    }
  
+  private void logInAsRoot() {
+    userSession.login().setRoot();
+  }
  }
author	Simon Brandhof <simon.brandhof@sonarsource.com>
	Thu, 2 Feb 2017 14:17:16 +0000 (15:17 +0100)
committer	Simon Brandhof <simon.brandhof@sonarsource.com>
	Tue, 7 Feb 2017 13:30:39 +0000 (14:30 +0100)
server/sonar-server/src/main/java/org/sonar/server/setting/ws/CheckSecretKeyAction.java		patch \| blob \| history
server/sonar-server/src/test/java/org/sonar/server/setting/ws/CheckSecretKeyActionTest.java		patch \| blob \| history