SONAR-10040 add length validation to Tokens ws

diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/user/UserTokenDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/user/UserTokenDto.java
index e2b859725f2de4988239003928fecbbd2669552b..53f2e00c7eaa3f0d3e4fe81166cc6cf3e320d504 100644 (file)
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/user/UserTokenDto.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/user/UserTokenDto.java
@@ -20,7 +20,6 @@
 package org.sonar.db.user;
 
 import static org.sonar.db.user.UserTokenValidator.checkTokenHash;
-import static org.sonar.db.user.UserTokenValidator.checkTokenName;
 
 public class UserTokenDto {
   private String login;
@@ -42,7 +41,7 @@ public class UserTokenDto {
   }
 
   public UserTokenDto setName(String name) {
-    this.name = checkTokenName(name);
+    this.name = name;
     return this;
   }
 

diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/user/UserTokenValidator.java b/server/sonar-db-dao/src/main/java/org/sonar/db/user/UserTokenValidator.java
index be4a82a32a93efb886c9b469f3b07af24fbfcafd..6917c2f7a3e56bd362a82ab252933ddb00901400 100644 (file)
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/user/UserTokenValidator.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/user/UserTokenValidator.java
@@ -19,23 +19,17 @@
  */
 package org.sonar.db.user;
 
-import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkState;
 
 public class UserTokenValidator {
-  private static final int MAX_TOKEN_NAME_LENGTH = 100;
   private static final int MAX_TOKEN_HASH_LENGTH = 255;
 
   private UserTokenValidator() {
     // utility methods
   }
 
-  public static String checkTokenName(String name) {
-    checkArgument(name.length() <= MAX_TOKEN_NAME_LENGTH, "Token name length (%s) is longer than the maximum authorized (%s)", name.length(), MAX_TOKEN_NAME_LENGTH);
-    return name;
-  }
-
   static String checkTokenHash(String hash) {
-    checkArgument(hash.length() <= MAX_TOKEN_HASH_LENGTH, "Token hash length (%s) is longer than the maximum authorized (%s)", hash.length(), MAX_TOKEN_HASH_LENGTH);
+    checkState(hash.length() <= MAX_TOKEN_HASH_LENGTH, "Token hash length (%s) is longer than the maximum authorized (%s)", hash.length(), MAX_TOKEN_HASH_LENGTH);
     return hash;
   }
 }

diff --git a/server/sonar-db-dao/src/test/java/org/sonar/db/user/UserTokenDtoTest.java b/server/sonar-db-dao/src/test/java/org/sonar/db/user/UserTokenDtoTest.java
index ab3dfd93799d57fc657243350dd9e8ccc77b12bb..d0d5f575f6f07e53eb87c1c6472065296ceae913 100644 (file)
--- a/server/sonar-db-dao/src/test/java/org/sonar/db/user/UserTokenDtoTest.java
+++ b/server/sonar-db-dao/src/test/java/org/sonar/db/user/UserTokenDtoTest.java
@@ -29,17 +29,9 @@ public class UserTokenDtoTest {
   @Rule
   public ExpectedException expectedException = ExpectedException.none();
 
-  @Test
-  public void fail_if_name_is_longer_than_100_characters() {
-    expectedException.expect(IllegalArgumentException.class);
-    expectedException.expectMessage("Token name length (101) is longer than the maximum authorized (100)");
-
-    new UserTokenDto().setName(randomAlphabetic(101));
-  }
-
   @Test
   public void fail_if_token_hash_is_longer_than_255_characters() {
-    expectedException.expect(IllegalArgumentException.class);
+    expectedException.expect(IllegalStateException.class);
     expectedException.expectMessage("Token hash length (256) is longer than the maximum authorized (255)");
 
     new UserTokenDto().setTokenHash(randomAlphabetic(256));

diff --git a/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/GenerateAction.java b/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/GenerateAction.java
index e91812c40008bcbca9b563648cac29e9e700d479..12e1c7b5e7e48521ca3f09367b951b455d1cdbdc 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/GenerateAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/GenerateAction.java
@@ -36,7 +36,6 @@ import org.sonarqube.ws.WsUserTokens.GenerateWsResponse;
 import org.sonarqube.ws.client.usertoken.GenerateWsRequest;
 
 import static java.net.HttpURLConnection.HTTP_INTERNAL_ERROR;
-import static org.sonar.db.user.UserTokenValidator.checkTokenName;
 import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException;
 import static org.sonar.server.ws.WsUtils.checkRequest;
 import static org.sonar.server.ws.WsUtils.writeProtobuf;
@@ -45,6 +44,7 @@ import static org.sonarqube.ws.client.usertoken.UserTokensWsParameters.PARAM_LOG
 import static org.sonarqube.ws.client.usertoken.UserTokensWsParameters.PARAM_NAME;
 
 public class GenerateAction implements UserTokensWsAction {
+  private static final int MAX_TOKEN_NAME_LENGTH = 100;
   private final DbClient dbClient;
   private final UserSession userSession;
   private final System2 system;
@@ -74,6 +74,7 @@ public class GenerateAction implements UserTokensWsAction {
 
     action.createParam(PARAM_NAME)
       .setRequired(true)
+      .setMaximumLength(MAX_TOKEN_NAME_LENGTH)
       .setDescription("Token name")
       .setExampleValue("Project scan on Travis");
   }
@@ -109,7 +110,6 @@ public class GenerateAction implements UserTokensWsAction {
   }
 
   private void checkWsRequest(DbSession dbSession, GenerateWsRequest request) {
-    checkTokenName(request.getName());
     checkLoginExists(dbSession, request);
 
     Optional<UserTokenDto> userTokenDto = dbClient.userTokenDao().selectByLoginAndName(dbSession, request.getLogin(), request.getName());

diff --git a/server/sonar-server/src/test/java/org/sonar/server/usertoken/ws/GenerateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usertoken/ws/GenerateActionTest.java
index 27c0b65fbed9430db9a16a7e44679656bf5c484e..3d305c6c8adde65006cd0b2f0de152e498744825 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/usertoken/ws/GenerateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/usertoken/ws/GenerateActionTest.java
@@ -37,7 +37,6 @@ import org.sonar.server.ws.WsActionTester;
 import org.sonarqube.ws.MediaTypes;
 import org.sonarqube.ws.WsUserTokens.GenerateWsResponse;
 
-import static org.apache.commons.lang.RandomStringUtils.randomAlphabetic;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Matchers.anyString;
 import static org.mockito.Mockito.mock;
@@ -96,16 +95,6 @@ public class GenerateActionTest {
     assertThat(response.getLogin()).isEqualTo(GRACE_HOPPER);
   }
 
-  @Test
-  public void fail_if_name_is_longer_than_100_characters() {
-    logInAsSystemAdministrator();
-
-    expectedException.expect(IllegalArgumentException.class);
-    expectedException.expectMessage("Token name length (101) is longer than the maximum authorized (100)");
-
-    newRequest(GRACE_HOPPER, randomAlphabetic(101));
-  }
-
   @Test
   public void fail_if_login_does_not_exist() {
     logInAsSystemAdministrator();