```
### Forward SonarQube custom headers
-SonarQube adds custom HTTP headers in order for some features to function properly. The reverse proxy should be configured to forward the following header: `sq-authentication-token-expiration`.
+SonarQube adds custom HTTP headers in order for some features to function properly. The reverse proxy should be configured to forward the following header: `SonarQube-Authentication-Token-Expiration`.
## Secure your Network
*/
private static final String ACCESS_LOG_LOGIN = "LOGIN";
- private static final String SQ_AUTHENTICATION_TOKEN_EXPIRATION = "sq-authentication-token-expiration";
+ private static final String SQ_AUTHENTICATION_TOKEN_EXPIRATION = "SonarQube-Authentication-Token-Expiration";
// SONAR-6546 these urls should be get from WebService
private static final Set<String> SKIPPED_URLS = Set.of(
email.addTo(emailData.getRecipients().toArray(String[]::new));
UserTokenDto token = emailData.getUserToken();
if (token.isExpired()) {
- email.setSubject(format("Your token with name \"%s\" has expired.", token.getName()));
+ email.setSubject(format("Your token \"%s\" has expired.", token.getName()));
} else {
- email.setSubject(format("Your token with name \"%s\" will expire on %s.", token.getName(), parseDate(token.getExpirationDate())));
+ email.setSubject(format("Your token \"%s\" will expire.", token.getName()));
}
email.setHtmlMsg(composeEmailBody(token));
}
private String composeEmailBody(UserTokenDto token) {
StringBuilder builder = new StringBuilder();
- builder.append("Token Summary<br/><br/>")
+ if (token.isExpired()) {
+ builder.append(format("Your token \"%s\" has expired.<br/><br/>", token.getName()));
+ } else {
+ builder.append(format("Your token \"%s\" will expire on %s.<br/><br/>", token.getName(), parseDate(token.getExpirationDate())));
+ }
+ builder
+ .append("Token Summary<br/><br/>")
.append(format("Name: %s<br/>", token.getName()))
.append(format("Type: %s<br/>", token.getType()));
if (PROJECT_ANALYSIS_TOKEN.name().equals(token.getType())) {
builder.append(format("Last used on: %s<br/>", parseDate(token.getLastConnectionDate())));
}
builder.append(format("%s on: %s<br/>", token.isExpired() ? "Expired" : "Expires", parseDate(token.getExpirationDate())))
- .append(format("<br/>If this token is still needed, visit <a href=\"%s/account/security/\">here</a> to generate an equivalent.", emailSettings.getServerBaseURL()));
+ .append(
+ format("<br/>If this token is still needed, please consider <a href=\"%s/account/security/\">generating</a> an equivalent.<br/><br/>", emailSettings.getServerBaseURL()))
+ .append("Don't forget to update the token in the locations where it is in use. "
+ + "This may include the CI pipeline that analyzes your projects, "
+ + "the IDE settings that connect SonarLint to SonarQube, "
+ + "and any places where you make calls to web services.");
return builder.toString();
}
private static String parseDate(long timestamp) {
- return Instant.ofEpochMilli(timestamp).atZone(ZoneOffset.UTC).toLocalDate().format(DateTimeFormatter.ofPattern("dd/MM/yyyy"));
+ return Instant.ofEpochMilli(timestamp).atZone(ZoneOffset.UTC).toLocalDate().format(DateTimeFormatter.ofPattern("MMMM dd, yyyy"));
}
}
when(threadLocalSession.isLoggedIn()).thenReturn(true);
assertThat(underTest.initUserSession(request, response)).isTrue();
- verify(response).addHeader("sq-authentication-token-expiration", formatDateTime(expirationTimestamp));
+ verify(response).addHeader("SonarQube-Authentication-Token-Expiration", formatDateTime(expirationTimestamp));
}
private void assertPathIsIgnored(String path) {
var emailData = new TokenExpirationEmail("admin@sonarsource.com", token);
var email = mock(HtmlEmail.class);
underTest.addReportContent(email, emailData);
- verify(email).setSubject(String.format("Your token with name \"projectToken\" will expire on %s.", parseDate(expiredDate)));
- verify(email).setHtmlMsg(String.format("Token Summary<br/><br/>"
- + "Name: projectToken<br/>"
- + "Type: PROJECT_ANALYSIS_TOKEN<br/>"
- + "Project: projectA<br/>"
- + "Created on: 01/01/2022<br/>"
- + "Last used on: 01/01/2022<br/>"
- + "Expires on: %s<br/><br/>"
- + "If this token is still needed, visit <a href=\"http://localhost/account/security/\">here</a> to generate an equivalent.",
- parseDate(expiredDate)));
+ verify(email).setSubject(String.format("Your token \"projectToken\" will expire."));
+ verify(email).setHtmlMsg(
+ String.format("Your token \"projectToken\" will expire on %s.<br/><br/>"
+ + "Token Summary<br/><br/>"
+ + "Name: projectToken<br/>"
+ + "Type: PROJECT_ANALYSIS_TOKEN<br/>"
+ + "Project: projectA<br/>"
+ + "Created on: January 01, 2022<br/>"
+ + "Last used on: January 01, 2022<br/>"
+ + "Expires on: %s<br/><br/>"
+ + "If this token is still needed, please consider <a href=\"http://localhost/account/security/\">generating</a> an equivalent.<br/><br/>"
+ + "Don't forget to update the token in the locations where it is in use. This may include the CI pipeline that analyzes your projects, the IDE settings that connect SonarLint to SonarQube, and any places where you make calls to web services.",
+ parseDate(expiredDate), parseDate(expiredDate)));
}
@Test
var emailData = new TokenExpirationEmail("admin@sonarsource.com", token);
var email = mock(HtmlEmail.class);
underTest.addReportContent(email, emailData);
- verify(email).setSubject("Your token with name \"globalToken\" has expired.");
- verify(email).setHtmlMsg(String.format("Token Summary<br/><br/>"
- + "Name: globalToken<br/>"
- + "Type: GLOBAL_ANALYSIS_TOKEN<br/>"
- + "Created on: 01/01/2022<br/>"
- + "Last used on: 01/01/2022<br/>"
- + "Expired on: %s<br/><br/>"
- + "If this token is still needed, visit <a href=\"http://localhost/account/security/\">here</a> to generate an equivalent.",
- parseDate(expiredDate)));
+ verify(email).setSubject("Your token \"globalToken\" has expired.");
+ verify(email).setHtmlMsg(
+ String.format("Your token \"globalToken\" has expired.<br/><br/>"
+ + "Token Summary<br/><br/>"
+ + "Name: globalToken<br/>"
+ + "Type: GLOBAL_ANALYSIS_TOKEN<br/>"
+ + "Created on: January 01, 2022<br/>"
+ + "Last used on: January 01, 2022<br/>"
+ + "Expired on: %s<br/><br/>"
+ + "If this token is still needed, please consider <a href=\"http://localhost/account/security/\">generating</a> an equivalent.<br/><br/>"
+ + "Don't forget to update the token in the locations where it is in use. This may include the CI pipeline that analyzes your projects, the IDE settings that connect SonarLint to SonarQube, and any places where you make calls to web services.",
+ parseDate(expiredDate)));
}
private UserTokenDto createToken(String name, String project, long expired) {
}
private String parseDate(long timestamp) {
- return Instant.ofEpochMilli(timestamp).atZone(ZoneOffset.UTC).toLocalDate().format(DateTimeFormatter.ofPattern("dd/MM/yyyy"));
+ return Instant.ofEpochMilli(timestamp).atZone(ZoneOffset.UTC).toLocalDate().format(DateTimeFormatter.ofPattern("MMMM dd, yyyy"));
}
}
action.createParam(PARAM_EXPIRATION_DATE)
.setSince("9.6")
- .setDescription("The expiration date of the token being generated, in ISO 8601 format (YYYY-MM-DD).");
+ .setDescription("The expiration date of the token being generated, in ISO 8601 format (YYYY-MM-DD). If not set, default to no expiration.");
}
@Override
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
-import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
public class DefaultScannerWsClient implements ScannerWsClient {
private static final int MAX_ERROR_MSG_LEN = 128;
- private static final String SQ_TOKEN_EXPIRATION_HEADER = "sq-authentication-token-expiration";
+ private static final String SQ_TOKEN_EXPIRATION_HEADER = "SonarQube-Authentication-Token-Expiration";
+ private static final DateTimeFormatter USER_FRIENDLY_DATETIME_FORMAT = DateTimeFormatter.ofPattern("MMMM dd, yyyy");
private static final Logger LOG = Loggers.get(DefaultScannerWsClient.class);
private final Set<String> warningMessages = new HashSet<>();
private void checkAuthenticationWarnings(WsResponse response) {
if (response.code() == HTTP_OK) {
response.header(SQ_TOKEN_EXPIRATION_HEADER).ifPresent(expirationDate -> {
- if (isTokenExpiringInOneWeek(expirationDate)) {
- addAnalysisWarning(expirationDate);
+ var datetimeInUTC = ZonedDateTime.from(DateTimeFormatter.ofPattern(DATETIME_FORMAT)
+ .parse(expirationDate)).withZoneSameInstant(ZoneOffset.UTC);
+ if (isTokenExpiringInOneWeek(datetimeInUTC)) {
+ addAnalysisWarning(datetimeInUTC);
}
});
}
}
- private static boolean isTokenExpiringInOneWeek(String expirationDate) {
+ private static boolean isTokenExpiringInOneWeek(ZonedDateTime expirationDate) {
ZonedDateTime localDateTime = ZonedDateTime.now(ZoneOffset.UTC);
- ZonedDateTime headerDateTime = LocalDateTime.from(DateTimeFormatter.ofPattern(DATETIME_FORMAT)
- .parse(expirationDate)).minusDays(7).atZone(ZoneOffset.UTC);
+ ZonedDateTime headerDateTime = expirationDate.minusDays(7);
return localDateTime.isAfter(headerDateTime);
}
- private void addAnalysisWarning(String tokenExpirationDate) {
- String warningMessage = "The token used for this analysis will expire on: " + tokenExpirationDate;
+ private void addAnalysisWarning(ZonedDateTime tokenExpirationDate) {
+ String warningMessage = "The token used for this analysis will expire on: " + tokenExpirationDate.format(USER_FRIENDLY_DATETIME_FORMAT);
if (!warningMessages.contains(warningMessage)) {
warningMessages.add(warningMessage);
LOG.warn(warningMessage);
- LOG.warn("Analysis executed with this token after the expiration date will fail.");
+ LOG.warn("Analysis executed with this token will fail after the expiration date.");
}
- analysisWarnings.addUnique(warningMessage + "\nAnalysis executed with this token after the expiration date will fail.");
+ analysisWarnings.addUnique(warningMessage + "\nAfter this date, the token can no longer be used to execute the analysis. "
+ + "Please consider generating a new token and updating it in the locations where it is in use.");
}
/**
@Test
public void warnings_are_added_when_expiration_approaches() {
WsRequest request = newRequest();
+ var fiveDaysLatter = LocalDateTime.now().atZone(ZoneOffset.UTC).plusDays(5);
String expirationDate = DateTimeFormatter
.ofPattern(DATETIME_FORMAT)
- .format(LocalDateTime.now().atOffset(ZoneOffset.UTC).plusDays(5));
+ .format(fiveDaysLatter);
WsResponse response = newResponse()
.setCode(200)
.setExpirationDate(expirationDate);
// check logs
List<String> warningLogs = logTester.logs(LoggerLevel.WARN);
assertThat(warningLogs).hasSize(2);
- assertThat(warningLogs.get(0)).contains("The token used for this analysis will expire on: " + expirationDate);
- assertThat(warningLogs.get(1)).contains("Analysis executed with this token after the expiration date will fail.");
+ assertThat(warningLogs.get(0)).contains("The token used for this analysis will expire on: " + fiveDaysLatter.format(DateTimeFormatter.ofPattern("MMMM dd, yyyy")));
+ assertThat(warningLogs.get(1)).contains("Analysis executed with this token will fail after the expiration date.");
}
@Test
public class MockWsResponse extends BaseResponse {
private static final String CONTENT_TYPE_HEADER = "Content-Type";
- private static final String SQ_TOKEN_EXPIRATION_HEADER = "sq-authentication-token-expiration";
+ private static final String SQ_TOKEN_EXPIRATION_HEADER = "SonarQube-Authentication-Token-Expiration";
private int code = HttpURLConnection.HTTP_OK;
private String requestUrl;
projects / sonarqube.git / commitdiff