SONAR-15978 Require auth for api/server/version

diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java
index bb6f0e7773e249d5a4459cb5a1477ddabc401806..9007d0908a0157e7eb5dbdb2db5771faa0f39d1d 100644 (file)
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java
@@ -54,7 +54,6 @@ public class UserSessionInitializer {
     "/maintenance/*", "/setup/*",
     "/sessions/*", "/oauth2/callback/*",
     "/api/system/db_migration_status", "/api/system/status", "/api/system/migrate_db",
-    "/api/server/version",
     "/api/users/identity_providers", "/api/l10n/index",
     "/api/authentication/login", "/api/authentication/logout", "/api/authentication/validate",
     "/api/project_badges/measure", "/api/project_badges/quality_gate");

diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/platform/ws/ServerWs.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/platform/ws/ServerWs.java
index 783f2c2499c199efcc32e8195801ec51094a03b4..82875198639b1be43979af60dce8c5650f818e7f 100644 (file)
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/platform/ws/ServerWs.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/platform/ws/ServerWs.java
@@ -22,10 +22,12 @@ package org.sonar.server.platform.ws;
 import com.google.common.io.Resources;
 import org.apache.commons.io.IOUtils;
 import org.sonar.api.platform.Server;
+import org.sonar.api.server.ws.Change;
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.RequestHandler;
 import org.sonar.api.server.ws.Response;
 import org.sonar.api.server.ws.WebService;
+import org.sonar.server.user.UserSession;
 import org.sonarqube.ws.MediaTypes;
 
 import static java.nio.charset.StandardCharsets.UTF_8;
@@ -33,9 +35,11 @@ import static java.nio.charset.StandardCharsets.UTF_8;
 public class ServerWs implements WebService, RequestHandler {
 
   private final Server server;
+  private final UserSession userSession;
 
-  public ServerWs(Server server) {
+  public ServerWs(Server server, UserSession userSession) {
     this.server = server;
+    this.userSession = userSession;
   }
 
   @Override
@@ -46,6 +50,7 @@ public class ServerWs implements WebService, RequestHandler {
       .setDescription("Version of SonarQube in plain text")
       .setSince("2.10")
       .setResponseExample(Resources.getResource(this.getClass(), "example-server-version.txt"))
+      .setChangelog(new Change("9.4", "require authentication"))
       .setHandler(this);
 
     controller.done();
@@ -53,6 +58,7 @@ public class ServerWs implements WebService, RequestHandler {
 
   @Override
   public void handle(Request request, Response response) throws Exception {
+    userSession.checkLoggedIn();
     response.stream().setMediaType(MediaTypes.TXT);
     IOUtils.write(server.getVersion(), response.stream().output(), UTF_8);
   }

diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/platform/ws/ServerWsTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/platform/ws/ServerWsTest.java
index 367793ea4546b167f25601191582b702aaa40afe..f261dfd22b173e2ac5b11921067c6a8a7b634bba 100644 (file)
--- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/platform/ws/ServerWsTest.java
+++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/platform/ws/ServerWsTest.java
@@ -19,10 +19,14 @@
  */
 package org.sonar.server.platform.ws;
 
+import org.assertj.core.api.Assertions;
+import org.junit.Rule;
 import org.junit.Test;
 import org.sonar.api.platform.Server;
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.WebService;
+import org.sonar.server.exceptions.UnauthorizedException;
+import org.sonar.server.tester.UserSessionRule;
 import org.sonar.server.ws.DumbResponse;
 import org.sonar.server.ws.TestResponse;
 
@@ -32,8 +36,11 @@ import static org.mockito.Mockito.when;
 
 public class ServerWsTest {
 
+  @Rule
+  public UserSessionRule userSessionRule = UserSessionRule.standalone();
+
   private Server server = mock(Server.class);
-  private ServerWs underTest = new ServerWs(server);
+  private ServerWs underTest = new ServerWs(server, userSessionRule);
 
   @Test
   public void define_version_action() {
@@ -48,10 +55,20 @@ public class ServerWsTest {
     assertThat(versionAction.since()).isEqualTo("2.10");
     assertThat(versionAction.description()).isNotEmpty();
     assertThat(versionAction.isPost()).isFalse();
+    assertThat(versionAction.changelog()).isNotEmpty();
+  }
+
+  @Test
+  public void require_authentication() {
+    DumbResponse response = new DumbResponse();
+    Assertions.assertThatThrownBy(() -> underTest.handle(mock(Request.class), response))
+      .hasMessage("Authentication is required")
+      .isInstanceOf(UnauthorizedException.class);
   }
 
   @Test
   public void returns_version_as_plain_text() throws Exception {
+    userSessionRule.logIn();
     when(server.getVersion()).thenReturn("6.4-SNAPSHOT");
 
     DumbResponse response = new DumbResponse();
@@ -62,6 +79,7 @@ public class ServerWsTest {
 
   @Test
   public void test_example_of_version() {
+    userSessionRule.logIn();
     WebService.Context context = new WebService.Context();
     underTest.define(context);