group=org.sonarsource.sonarqube
version=10.1
-pluginApiVersion=9.15.0.435
+pluginApiVersion=9.16.0.560
description=Open source platform for continuous inspection of code quality
projectTitle=SonarQube
org.gradle.jvmargs=-Xmx2048m
testImplementation 'junit:junit'
testImplementation 'org.assertj:assertj-core'
testImplementation 'org.mockito:mockito-core'
+ testImplementation project(path: ':server:sonar-webserver-api')
}
import java.util.Set;
import java.util.concurrent.ExecutionException;
import javax.annotation.CheckForNull;
-import javax.servlet.http.HttpServletRequest;
import org.sonar.api.server.ServerSide;
import org.sonar.api.server.authentication.Display;
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
import org.sonar.api.server.authentication.UnauthorizedException;
import org.sonar.api.server.authentication.UserIdentity;
+import org.sonar.api.server.http.HttpRequest;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;
}
private void onCallback(CallbackContext context) throws InterruptedException, ExecutionException, IOException {
- HttpServletRequest request = context.getRequest();
+ HttpRequest request = context.getHttpRequest();
OAuth20Service scribe = newScribeBuilder(context).build(scribeApi);
String code = request.getParameter(OAuthConstants.CODE);
OAuth2AccessToken accessToken = scribe.getAccessToken(code);
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
import org.sonar.api.server.authentication.UnauthorizedException;
import org.sonar.api.server.authentication.UserIdentity;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.utils.System2;
+import org.sonar.server.http.JavaxHttpRequest;
import static java.lang.String.format;
import static java.net.URLEncoder.encode;
return CALLBACK_URL;
}
+ @Override
+ public HttpRequest getHttpRequest() {
+ return new JavaxHttpRequest(request);
+ }
+
+ @Override
+ public HttpResponse getHttpResponse() {
+ throw new UnsupportedOperationException("not used");
+ }
+
@Override
public HttpServletRequest getRequest() {
- return request;
+ throw new UnsupportedOperationException("deprecated");
}
@Override
public HttpServletResponse getResponse() {
- throw new UnsupportedOperationException("not used");
+ throw new UnsupportedOperationException("deprecated");
}
}
return CALLBACK_URL;
}
+ @Override
+ public HttpRequest getHttpRequest() {
+ return null;
+ }
+
+ @Override
+ public HttpResponse getHttpResponse() {
+ return null;
+ }
+
@Override
public HttpServletRequest getRequest() {
return null;
testImplementation 'junit:junit'
testImplementation 'org.assertj:assertj-core'
testImplementation 'org.mockito:mockito-core'
+ testImplementation project(path: ':server:sonar-webserver-api')
}
import com.github.scribejava.core.oauth.OAuth20Service;
import java.io.IOException;
import java.util.concurrent.ExecutionException;
-import javax.servlet.http.HttpServletRequest;
import org.sonar.api.server.authentication.Display;
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
import org.sonar.api.server.authentication.UnauthorizedException;
import org.sonar.api.server.authentication.UserIdentity;
+import org.sonar.api.server.http.HttpRequest;
import static com.google.common.base.Preconditions.checkState;
import static java.lang.String.format;
private void onCallback(CallbackContext context) throws InterruptedException, ExecutionException, IOException {
context.verifyCsrfState();
- HttpServletRequest request = context.getRequest();
+ HttpRequest request = context.getHttpRequest();
OAuth20Service scribe = newScribeBuilder(context).build(scribeApi);
String code = request.getParameter("code");
OAuth2AccessToken accessToken = scribe.getAccessToken(code);
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
import org.sonar.api.server.authentication.UnauthorizedException;
import org.sonar.api.server.authentication.UserIdentity;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.utils.System2;
+import org.sonar.server.http.JavaxHttpRequest;
import static java.lang.String.format;
import static org.assertj.core.api.Assertions.assertThat;
return CALLBACK_URL;
}
+ @Override
+ public HttpRequest getHttpRequest() {
+ return new JavaxHttpRequest(request);
+ }
+
+ @Override
+ public HttpResponse getHttpResponse() {
+ throw new UnsupportedOperationException("not used");
+ }
+
@Override
public HttpServletRequest getRequest() {
- return request;
+ throw new UnsupportedOperationException("deprecated");
}
@Override
public HttpServletResponse getResponse() {
- throw new UnsupportedOperationException("not used");
+ throw new UnsupportedOperationException("deprecated");
}
}
return CALLBACK_URL;
}
+ @Override
+ public HttpRequest getHttpRequest() {
+ return null;
+ }
+
+ @Override
+ public HttpResponse getHttpResponse() {
+ return null;
+ }
+
@Override
public HttpServletRequest getRequest() {
return null;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.stream.Stream;
-import javax.servlet.http.HttpServletRequest;
import org.sonar.api.server.authentication.Display;
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
import org.sonar.api.server.authentication.UserIdentity;
+import org.sonar.api.server.http.HttpRequest;
import static com.google.common.base.Preconditions.checkState;
import static java.util.stream.Collectors.toSet;
}
private void onCallback(CallbackContext context) throws InterruptedException, ExecutionException, IOException {
- HttpServletRequest request = context.getRequest();
+ HttpRequest request = context.getHttpRequest();
OAuth20Service scribe = newScribeBuilder(context, gitLabSettings.syncUserGroups()).build(scribeApi);
String code = request.getParameter(OAuthConstants.CODE);
OAuth2AccessToken accessToken = scribe.getAccessToken(code);
*/
package org.sonar.auth.gitlab;
-import javax.servlet.http.HttpServletRequest;
import okhttp3.mockwebserver.MockResponse;
import okhttp3.mockwebserver.MockWebServer;
import org.assertj.core.api.Assertions;
import org.sonar.api.config.internal.MapSettings;
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
import org.sonar.api.server.authentication.UserIdentity;
+import org.sonar.api.server.http.HttpRequest;
import static java.lang.String.format;
import static org.assertj.core.api.Assertions.assertThat;
OAuth2IdentityProvider.CallbackContext callbackContext = Mockito.mock(OAuth2IdentityProvider.CallbackContext.class);
when(callbackContext.getCallbackUrl()).thenReturn("http://server/callback");
- HttpServletRequest httpServletRequest = Mockito.mock(HttpServletRequest.class);
- when(httpServletRequest.getParameter("code")).thenReturn(ANY_CODE_VALUE);
- when(callbackContext.getRequest()).thenReturn(httpServletRequest);
+ HttpRequest httpRequest = Mockito.mock(HttpRequest.class);
+ when(httpRequest.getParameter("code")).thenReturn(ANY_CODE_VALUE);
+ when(callbackContext.getHttpRequest()).thenReturn(httpRequest);
gitlab.enqueue(new MockResponse().setBody(
"{\n" + " \"access_token\": \"de6780bc506a0446309bd9362820ba8aed28aa506c71eedbe1c5c4f9dd350e54\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": 7200,\n"
OAuth2IdentityProvider.CallbackContext callbackContext = Mockito.mock(OAuth2IdentityProvider.CallbackContext.class);
when(callbackContext.getCallbackUrl()).thenReturn("http://server/callback");
- HttpServletRequest httpServletRequest = Mockito.mock(HttpServletRequest.class);
- when(httpServletRequest.getParameter("code")).thenReturn(ANY_CODE_VALUE);
- when(callbackContext.getRequest()).thenReturn(httpServletRequest);
+ HttpRequest httpRequest = Mockito.mock(HttpRequest.class);
+ when(httpRequest.getParameter("code")).thenReturn(ANY_CODE_VALUE);
+ when(callbackContext.getHttpRequest()).thenReturn(httpRequest);
gitlab.enqueue(new MockResponse().setBody(
"{\n" + " \"access_token\": \"de6780bc506a0446309bd9362820ba8aed28aa506c71eedbe1c5c4f9dd350e54\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": 7200,\n"
OAuth2IdentityProvider.CallbackContext callbackContext = Mockito.mock(OAuth2IdentityProvider.CallbackContext.class);
when(callbackContext.getCallbackUrl()).thenReturn("http://server/callback");
- HttpServletRequest httpServletRequest = Mockito.mock(HttpServletRequest.class);
- when(httpServletRequest.getParameter("code")).thenReturn(ANY_CODE_VALUE);
- when(callbackContext.getRequest()).thenReturn(httpServletRequest);
+ HttpRequest httpRequest = Mockito.mock(HttpRequest.class);
+ when(httpRequest.getParameter("code")).thenReturn(ANY_CODE_VALUE);
+ when(callbackContext.getHttpRequest()).thenReturn(httpRequest);
gitlab.enqueue(new MockResponse().setBody(
"{\n" + " \"access_token\": \"de6780bc506a0446309bd9362820ba8aed28aa506c71eedbe1c5c4f9dd350e54\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": 7200,\n"
OAuth2IdentityProvider.CallbackContext callbackContext = Mockito.mock(OAuth2IdentityProvider.CallbackContext.class);
when(callbackContext.getCallbackUrl()).thenReturn("http://server/callback");
- HttpServletRequest httpServletRequest = Mockito.mock(HttpServletRequest.class);
- when(httpServletRequest.getParameter("code")).thenReturn(ANY_CODE_VALUE);
- when(callbackContext.getRequest()).thenReturn(httpServletRequest);
+ HttpRequest httpRequest = Mockito.mock(HttpRequest.class);
+ when(httpRequest.getParameter("code")).thenReturn(ANY_CODE_VALUE);
+ when(callbackContext.getHttpRequest()).thenReturn(httpRequest);
gitlab.enqueue(new MockResponse().setBody(
"{\n" + " \"access_token\": \"de6780bc506a0446309bd9362820ba8aed28aa506c71eedbe1c5c4f9dd350e54\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": 7200,\n"
*/
package org.sonar.auth.ldap;
-import javax.servlet.http.HttpServletRequest;
import org.junit.ClassRule;
import org.junit.Test;
+import org.sonar.api.server.http.HttpRequest;
import org.sonar.auth.ldap.server.LdapServer;
import static org.assertj.core.api.Assertions.assertThat;
}
private static LdapAuthenticator.Context createContext(String username, String password) {
- return new LdapAuthenticator.Context(username, password, mock(HttpServletRequest.class));
+ return new LdapAuthenticator.Context(username, password, mock(HttpRequest.class));
}
}
package org.sonar.auth.ldap;
import java.util.Collection;
-import javax.servlet.http.HttpServletRequest;
import org.junit.ClassRule;
import org.junit.Test;
import org.sonar.api.config.internal.MapSettings;
+import org.sonar.api.server.http.HttpRequest;
import org.sonar.auth.ldap.server.LdapServer;
import static org.assertj.core.api.Assertions.assertThat;
}
private static LdapGroupsProvider.Context createContext(String serverName, String userName) {
- return new LdapGroupsProvider.Context(serverName, userName, mock(HttpServletRequest.class));
+ return new LdapGroupsProvider.Context(serverName, userName, mock(HttpRequest.class));
}
}
*/
package org.sonar.auth.ldap;
-import javax.servlet.http.HttpServletRequest;
import org.junit.ClassRule;
import org.junit.Test;
import org.sonar.api.config.internal.MapSettings;
+import org.sonar.api.server.http.HttpRequest;
import org.sonar.auth.ldap.server.LdapServer;
import static org.assertj.core.api.Assertions.assertThat;
}
private static LdapUsersProvider.Context createContext(String serverKey, String username) {
- return new LdapUsersProvider.Context(serverKey, username, mock(HttpServletRequest.class));
+ return new LdapUsersProvider.Context(serverKey, username, mock(HttpRequest.class));
}
}
package org.sonar.auth.ldap;
import java.io.File;
-import javax.servlet.http.HttpServletRequest;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Test;
import org.mockito.Mockito;
import org.sonar.api.config.Configuration;
import org.sonar.api.config.internal.MapSettings;
+import org.sonar.api.server.http.HttpRequest;
import org.sonar.auth.ldap.server.LdapServer;
import static org.assertj.core.api.Assertions.assertThat;
@Test
public void test_wrong_password() {
- LdapAuthenticator.Context wrongPasswordContext = new LdapAuthenticator.Context("Godin@EXAMPLE.ORG", "wrong_user_password", Mockito.mock(HttpServletRequest.class));
+ LdapAuthenticator.Context wrongPasswordContext = new LdapAuthenticator.Context("Godin@EXAMPLE.ORG", "wrong_user_password", Mockito.mock(HttpRequest.class));
assertThat(authenticator.doAuthenticate(wrongPasswordContext).isSuccess()).isFalse();
}
@Test
public void test_correct_password() {
- LdapAuthenticator.Context correctPasswordContext = new LdapAuthenticator.Context("Godin@EXAMPLE.ORG", "user_password", Mockito.mock(HttpServletRequest.class));
+ LdapAuthenticator.Context correctPasswordContext = new LdapAuthenticator.Context("Godin@EXAMPLE.ORG", "user_password", Mockito.mock(HttpRequest.class));
assertThat(authenticator.doAuthenticate(correctPasswordContext).isSuccess()).isTrue();
}
public void test_default_realm() {
// Using default realm from krb5.conf:
- LdapAuthenticator.Context defaultRealmContext = new LdapAuthenticator.Context("Godin", "user_password", Mockito.mock(HttpServletRequest.class));
+ LdapAuthenticator.Context defaultRealmContext = new LdapAuthenticator.Context("Godin", "user_password", Mockito.mock(HttpRequest.class));
assertThat(authenticator.doAuthenticate(defaultRealmContext).isSuccess()).isTrue();
}
@Test
public void test_groups() {
LdapGroupsProvider groupsProvider = ldapRealm.getGroupsProvider();
- LdapGroupsProvider.Context groupsContext = new LdapGroupsProvider.Context("default", "godin", Mockito.mock(HttpServletRequest.class));
+ LdapGroupsProvider.Context groupsContext = new LdapGroupsProvider.Context("default", "godin", Mockito.mock(HttpRequest.class));
assertThat(groupsProvider.doGetGroups(groupsContext))
.containsOnly("sonar-users");
}
*/
package org.sonar.auth.ldap;
-import javax.servlet.http.HttpServletRequest;
import org.junit.ClassRule;
import org.junit.Test;
import org.mockito.Mockito;
import org.sonar.api.config.Configuration;
import org.sonar.api.config.internal.MapSettings;
+import org.sonar.api.server.http.HttpRequest;
import org.sonar.auth.ldap.server.LdapServer;
import static org.assertj.core.api.Assertions.assertThat;
LdapGroupsProvider groupsProvider = realm.getGroupsProvider();
assertThat(groupsProvider).isInstanceOf(LdapGroupsProvider.class).isInstanceOf(DefaultLdapGroupsProvider.class);
- LdapUsersProvider.Context userContext = new DefaultLdapUsersProvider.Context("<default>", "tester", Mockito.mock(HttpServletRequest.class));
+ LdapUsersProvider.Context userContext = new DefaultLdapUsersProvider.Context("<default>", "tester", Mockito.mock(HttpRequest.class));
assertThatThrownBy(() -> usersProvider.doGetUserDetails(userContext))
.isInstanceOf(LdapException.class)
.hasMessage("Unable to retrieve details for user tester and server key <default>: No user mapping found.");
- LdapGroupsProvider.Context groupsContext = new DefaultLdapGroupsProvider.Context("default", "tester", Mockito.mock(HttpServletRequest.class));
+ LdapGroupsProvider.Context groupsContext = new DefaultLdapGroupsProvider.Context("default", "tester", Mockito.mock(HttpRequest.class));
assertThatThrownBy(() -> groupsProvider.doGetGroups(groupsContext))
.isInstanceOf(LdapException.class)
.hasMessage("Unable to retrieve groups for user tester in server with key <default>");
package org.sonar.auth.ldap;
import javax.annotation.Nullable;
-import javax.servlet.http.HttpServletRequest;
+import org.sonar.api.server.http.HttpRequest;
import static java.util.Objects.requireNonNull;
final class Context {
private String username;
private String password;
- private HttpServletRequest request;
+ private HttpRequest request;
- public Context(@Nullable String username, @Nullable String password, HttpServletRequest request) {
+ public Context(@Nullable String username, @Nullable String password, HttpRequest request) {
requireNonNull(request);
this.request = request;
this.username = username;
return password;
}
- public HttpServletRequest getRequest() {
+ public HttpRequest getRequest() {
return request;
}
}
package org.sonar.auth.ldap;
import java.util.Collection;
-import javax.servlet.http.HttpServletRequest;
+import org.sonar.api.server.http.HttpRequest;
public interface LdapGroupsProvider {
Collection<String> doGetGroups(Context context);
- record Context(String serverKey, String username, HttpServletRequest request) {
+ record Context(String serverKey, String username, HttpRequest request) {
}
}
*/
package org.sonar.auth.ldap;
-import javax.servlet.http.HttpServletRequest;
+import org.sonar.api.server.http.HttpRequest;
public interface LdapUsersProvider {
LdapUserDetails doGetUserDetails(Context context);
- record Context(String serverKey, String username, HttpServletRequest request) {
+ record Context(String serverKey, String username, HttpRequest request) {
}
}
compileOnlyApi 'javax.servlet:javax.servlet-api'
compileOnlyApi 'org.json:json'
compileOnlyApi project(':server:sonar-db-dao')
+ compileOnlyApi project(':server:sonar-webserver-api')
compileOnlyApi project(':sonar-core')
testImplementation 'com.tngtech.java:junit-dataprovider'
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
import org.sonar.api.server.authentication.UnauthorizedException;
import org.sonar.api.server.authentication.UserIdentity;
-import org.sonar.api.utils.System2;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.testfixtures.log.LogAndArguments;
import org.sonar.api.testfixtures.log.LogTester;
+import org.sonar.api.utils.System2;
import org.sonar.db.DbTester;
+import org.sonar.server.http.JavaxHttpRequest;
+import org.sonar.server.http.JavaxHttpResponse;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
return SQ_CALLBACK_URL;
}
+ @Override
+ public HttpRequest getHttpRequest() {
+ return new JavaxHttpRequest(mock(HttpServletRequest.class));
+ }
+
+ @Override
+ public HttpResponse getHttpResponse() {
+ return new JavaxHttpResponse(response);
+ }
+
@Override
public HttpServletRequest getRequest() {
- return mock(HttpServletRequest.class);
+ throw new UnsupportedOperationException("deprecated");
}
@Override
public HttpServletResponse getResponse() {
- return response;
+ throw new UnsupportedOperationException("deprecated");
}
}
this.expectedCallbackUrl = expectedCallbackUrl;
Map<String, String[]> parameterMap = new HashMap<>();
parameterMap.put("SAMLResponse", new String[]{loadResponse(encodedResponseFile)});
- when(getRequest().getParameterMap()).thenReturn(parameterMap);
+ when(((JavaxHttpRequest) getHttpRequest()).getDelegate().getParameterMap()).thenReturn(parameterMap);
}
return this.expectedCallbackUrl;
}
+ @Override
+ public HttpRequest getHttpRequest() {
+ return new JavaxHttpRequest(request);
+ }
+
+ @Override
+ public HttpResponse getHttpResponse() {
+ return new JavaxHttpResponse(response);
+ }
+
@Override
public HttpServletRequest getRequest() {
- return this.request;
+ return null;
}
@Override
public HttpServletResponse getResponse() {
- return this.response;
+ return null;
}
}
}
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
import org.json.JSONObject;
+import org.sonar.api.server.http.HttpRequest;
public final class SamlAuthStatusPageGenerator {
throw new IllegalStateException("This Utility class cannot be instantiated");
}
- public static String getSamlAuthStatusHtml(HttpServletRequest request, SamlAuthenticationStatus samlAuthenticationStatus) {
+ public static String getSamlAuthStatusHtml(HttpRequest request, SamlAuthenticationStatus samlAuthenticationStatus) {
Map<String, String> substitutionsMap = getSubstitutionsMap(request, samlAuthenticationStatus);
String htmlTemplate = getPlainTemplate();
.reduce(htmlTemplate, (accumulator, pattern) -> accumulator.replace(pattern, substitutionsMap.get(pattern)));
}
- private static Map<String, String> getSubstitutionsMap(HttpServletRequest request, SamlAuthenticationStatus samlAuthenticationStatus) {
+ private static Map<String, String> getSubstitutionsMap(HttpRequest request, SamlAuthenticationStatus samlAuthenticationStatus) {
return Map.of(
WEB_CONTEXT, request.getContextPath(),
SAML_AUTHENTICATION_STATUS, getBase64EncodedStatus(samlAuthenticationStatus));
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
import org.sonar.api.server.authentication.UnauthorizedException;
import org.sonar.api.server.authentication.UserIdentity;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;
+import org.sonar.server.http.JavaxHttpRequest;
+import org.sonar.server.http.JavaxHttpResponse;
import static java.util.Collections.emptySet;
import static java.util.Objects.requireNonNull;
this.samlMessageIdChecker = samlMessageIdChecker;
}
- public UserIdentity buildUserIdentity(OAuth2IdentityProvider.CallbackContext context, HttpServletRequest processedRequest) {
- Auth auth = this.initSamlAuth(processedRequest, context.getResponse());
+ public UserIdentity buildUserIdentity(OAuth2IdentityProvider.CallbackContext context, HttpRequest processedRequest) {
+ Auth auth = this.initSamlAuth(processedRequest, context.getHttpResponse());
processResponse(auth);
context.verifyCsrfState(STATE_REQUEST_PARAMETER);
return userIdentityBuilder.build();
}
- public void initLogin(String callbackUrl, String relayState, HttpServletRequest request, HttpServletResponse response) {
+ public void initLogin(String callbackUrl, String relayState, HttpRequest request, HttpResponse response) {
Auth auth = this.initSamlAuth(callbackUrl, request, response);
login(auth, relayState);
}
- private Auth initSamlAuth(HttpServletRequest request, HttpServletResponse response) {
+ private Auth initSamlAuth(HttpRequest request, HttpResponse response) {
return initSamlAuth(null, request, response);
}
- private Auth initSamlAuth(@Nullable String callbackUrl, HttpServletRequest request, HttpServletResponse response) {
+ private Auth initSamlAuth(@Nullable String callbackUrl, HttpRequest request, HttpResponse response) {
try {
- return new Auth(initSettings(callbackUrl), request, response);
+ //no way around this as onelogin requires javax request/response
+ HttpServletRequest httpServletRequest = ((JavaxHttpRequest) request).getDelegate();
+ HttpServletResponse httpServletResponse = ((JavaxHttpResponse) response).getDelegate();
+
+ return new Auth(initSettings(callbackUrl), httpServletRequest, httpServletResponse);
} catch (SettingsException e) {
throw new IllegalStateException("Failed to create a SAML Auth", e);
}
samlMessageIdChecker.check(auth);
}
- public String getAuthenticationStatusPage(HttpServletRequest request, HttpServletResponse response) {
+ public String getAuthenticationStatusPage(HttpRequest request, HttpResponse response) {
try {
Auth auth = initSamlAuth(request, response);
return getSamlAuthStatusHtml(request, getSamlAuthenticationStatus(auth, samlSettings));
}
}
}
-
import org.sonar.api.server.authentication.Display;
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
import org.sonar.api.server.authentication.UserIdentity;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.server.http.JavaxHttpRequest;
@ServerSide
public class SamlIdentityProvider implements OAuth2IdentityProvider {
@Override
public void init(InitContext context) {
SamlAuthenticator samlAuthenticator = new SamlAuthenticator(samlSettings, samlMessageIdChecker);
- samlAuthenticator.initLogin(context.getCallbackUrl(), context.generateCsrfState(), context.getRequest(), context.getResponse());
+ samlAuthenticator.initLogin(context.getCallbackUrl(), context.generateCsrfState(),
+ context.getHttpRequest(), context.getHttpResponse());
}
@Override
// - https://github.com/onelogin/java-saml/issues/198
// - https://github.com/onelogin/java-saml/issues/95
//
- HttpServletRequest processedRequest = useProxyHeadersInRequest(context.getRequest());
+ HttpRequest processedRequest = useProxyHeadersInRequest(context.getHttpRequest());
SamlAuthenticator samlAuthenticator = new SamlAuthenticator(samlSettings, samlMessageIdChecker);
UserIdentity userIdentity = samlAuthenticator.buildUserIdentity(context, processedRequest);
}
- private static HttpServletRequest useProxyHeadersInRequest(HttpServletRequest request) {
+ private static HttpRequest useProxyHeadersInRequest(HttpRequest request) {
String forwardedScheme = request.getHeader("X-Forwarded-Proto");
if (forwardedScheme != null) {
- request = new HttpServletRequestWrapper(request) {
+ HttpServletRequest httpServletRequest = new HttpServletRequestWrapper(((JavaxHttpRequest) request).getDelegate()) {
@Override
public String getScheme() {
return forwardedScheme;
return new StringBuffer(HTTPS_PATTERN.matcher(originalURL.toString()).replaceFirst(forwardedScheme + "://"));
}
};
+ return new JavaxHttpRequest(httpServletRequest);
}
return request;
import java.util.ArrayList;
import java.util.HashMap;
-import javax.servlet.http.HttpServletRequest;
import org.junit.Test;
+import org.sonar.api.server.http.HttpRequest;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.mock;
@Test
public void getSamlAuthStatusHtml_whenCalled_shouldGeneratePageWithData() {
SamlAuthenticationStatus samlAuthenticationStatus = mock(SamlAuthenticationStatus.class);
- HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
+ HttpRequest request = mock(HttpRequest.class);
when(samlAuthenticationStatus.getStatus()).thenReturn(null);
when(samlAuthenticationStatus.getErrors()).thenReturn(new ArrayList<>());
when(samlAuthenticationStatus.getWarnings()).thenReturn(new ArrayList<>());
when(samlAuthenticationStatus.getAvailableAttributes()).thenReturn(new HashMap<>());
when(samlAuthenticationStatus.getMappedAttributes()).thenReturn(new HashMap<>());
- when(httpServletRequest.getContextPath()).thenReturn("context");
+ when(request.getContextPath()).thenReturn("context");
- String completeHtmlTemplate = getSamlAuthStatusHtml(httpServletRequest, samlAuthenticationStatus);
+ String completeHtmlTemplate = getSamlAuthStatusHtml(request, samlAuthenticationStatus);
assertThat(completeHtmlTemplate).contains(EMPTY_DATA_RESPONSE);
}
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.junit.Test;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
+import org.sonar.server.http.JavaxHttpRequest;
+import org.sonar.server.http.JavaxHttpResponse;
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertFalse;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@Test
public void authentication_status_with_errors_returned_when_init_fails() {
SamlAuthenticator samlAuthenticator = new SamlAuthenticator(mock(SamlSettings.class), mock(SamlMessageIdChecker.class));
- HttpServletRequest request = mock(HttpServletRequest.class);
- HttpServletResponse response = mock(HttpServletResponse.class);
+ HttpRequest request = new JavaxHttpRequest(mock(HttpServletRequest.class));
+ HttpResponse response = new JavaxHttpResponse(mock(HttpServletResponse.class));
when(request.getContextPath()).thenReturn("context");
String authenticationStatus = samlAuthenticator.getAuthenticationStatusPage(request, response);
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.server.http;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.Enumeration;
+import javax.servlet.http.HttpServletRequest;
+import org.sonar.api.server.http.Cookie;
+import org.sonar.api.server.http.HttpRequest;
+
+/**
+ * Implementation of {@link HttpRequest} based on a delegate of {@link HttpServletRequest} from the Javax Servlet API.
+ */
+public class JavaxHttpRequest implements HttpRequest {
+
+ private final HttpServletRequest delegate;
+
+ public JavaxHttpRequest(HttpServletRequest delegate) {
+ this.delegate = delegate;
+ }
+
+ public HttpServletRequest getDelegate() {
+ return delegate;
+ }
+
+ @Override
+ public int getServerPort() {
+ return delegate.getServerPort();
+ }
+
+ @Override
+ public boolean isSecure() {
+ return delegate.isSecure();
+ }
+
+ @Override
+ public String getScheme() {
+ return delegate.getScheme();
+ }
+
+ @Override
+ public String getServerName() {
+ return delegate.getServerName();
+ }
+
+ @Override
+ public String getRequestURL() {
+ return delegate.getRequestURL().toString();
+ }
+
+ @Override
+ public String getRequestURI() {
+ return delegate.getRequestURI();
+ }
+
+ @Override
+ public String getQueryString() {
+ return delegate.getQueryString();
+ }
+
+ @Override
+ public String getContextPath() {
+ return delegate.getContextPath();
+ }
+
+ @Override
+ public String getParameter(String name) {
+ return delegate.getParameter(name);
+ }
+
+ @Override
+ public String[] getParameterValues(String name) {
+ return delegate.getParameterValues(name);
+ }
+
+ @Override
+ public String getHeader(String name) {
+ return delegate.getHeader(name);
+ }
+
+ @Override
+ public Enumeration<String> getHeaderNames() {
+ return delegate.getHeaderNames();
+ }
+
+ @Override
+ public Enumeration<String> getHeaders(String name) {
+ return delegate.getHeaders(name);
+ }
+
+ @Override
+ public String getMethod() {
+ return delegate.getMethod();
+ }
+
+ @Override
+ public String getRemoteAddr() {
+ return delegate.getRemoteAddr();
+ }
+
+ @Override
+ public void setAttribute(String name, Object value) {
+ delegate.setAttribute(name, value);
+ }
+
+ @Override
+ public String getServletPath() {
+ return delegate.getServletPath();
+ }
+
+ @Override
+ public BufferedReader getReader() throws IOException {
+ return delegate.getReader();
+ }
+
+ @Override
+ public Cookie[] getCookies() {
+ javax.servlet.http.Cookie[] cookies = delegate.getCookies();
+ if (cookies != null) {
+ return Arrays.stream(cookies)
+ .map(JavaxCookie::new)
+ .toArray(Cookie[]::new);
+ }
+ return new Cookie[0];
+ }
+
+ public static class JavaxCookie implements Cookie {
+ private final javax.servlet.http.Cookie delegate;
+
+ public JavaxCookie(javax.servlet.http.Cookie delegate) {
+ this.delegate = delegate;
+ }
+
+ @Override
+ public String getName() {
+ return delegate.getName();
+ }
+
+ @Override
+ public String getValue() {
+ return delegate.getValue();
+ }
+
+ @Override
+ public String getPath() {
+ return delegate.getPath();
+ }
+
+ @Override
+ public boolean isSecure() {
+ return delegate.getSecure();
+ }
+
+ @Override
+ public boolean isHttpOnly() {
+ return delegate.isHttpOnly();
+ }
+
+ @Override
+ public int getMaxAge() {
+ return delegate.getMaxAge();
+ }
+ }
+}
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.server.http;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.io.PrintWriter;
+import java.util.Collection;
+import javax.servlet.http.HttpServletResponse;
+import org.sonar.api.server.http.Cookie;
+import org.sonar.api.server.http.HttpResponse;
+
+/**
+ * Implementation of {@link HttpResponse} based on a delegate of {@link HttpServletResponse} from the Javax Servlet API.
+ */
+public class JavaxHttpResponse implements HttpResponse {
+
+ private final HttpServletResponse delegate;
+
+ public JavaxHttpResponse(HttpServletResponse delegate) {
+ this.delegate = delegate;
+ }
+
+ public HttpServletResponse getDelegate() {
+ return delegate;
+ }
+
+ @Override
+ public void addHeader(String name, String value) {
+ delegate.addHeader(name, value);
+ }
+
+ @Override
+ public String getHeader(String name) {
+ return delegate.getHeader(name);
+ }
+
+ @Override
+ public Collection<String> getHeaders(String name) {
+ return delegate.getHeaders(name);
+ }
+
+ @Override
+ public void setStatus(int status) {
+ delegate.setStatus(status);
+ }
+
+ @Override
+ public int getStatus() {
+ return delegate.getStatus();
+ }
+
+ @Override
+ public void setContentType(String contentType) {
+ delegate.setContentType(contentType);
+ }
+
+ @Override
+ public PrintWriter getWriter() throws IOException {
+ return delegate.getWriter();
+ }
+
+ @Override
+ public void setHeader(String name, String value) {
+ delegate.setHeader(name, value);
+ }
+
+ @Override
+ public void sendRedirect(String location) throws IOException {
+ delegate.sendRedirect(location);
+ }
+
+ @Override
+ public void addCookie(Cookie cookie) {
+ javax.servlet.http.Cookie javaxCookie = new javax.servlet.http.Cookie(cookie.getName(), cookie.getValue());
+ javaxCookie.setPath(cookie.getPath());
+ javaxCookie.setSecure(cookie.isSecure());
+ javaxCookie.setHttpOnly(cookie.isHttpOnly());
+ javaxCookie.setMaxAge(cookie.getMaxAge());
+ delegate.addCookie(javaxCookie);
+ }
+
+ @Override
+ public OutputStream getOutputStream() throws IOException {
+ return delegate.getOutputStream();
+ }
+
+ @Override
+ public void setCharacterEncoding(String charset) {
+ delegate.setCharacterEncoding(charset);
+ }
+}
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.server.http;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.util.Collections;
+import java.util.Enumeration;
+import javax.servlet.http.HttpServletRequest;
+import org.junit.Test;
+import org.sonar.api.server.http.Cookie;
+
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+public class JavaxHttpRequestTest {
+
+ @Test
+ public void delegate_methods() throws IOException {
+ HttpServletRequest requestMock = mock(HttpServletRequest.class);
+ Enumeration<String> enumeration = Collections.enumeration(Collections.emptySet());
+ when(requestMock.getHeaderNames()).thenReturn(enumeration);
+ when(requestMock.getRemoteAddr()).thenReturn("192.168.0.1");
+ when(requestMock.getServletPath()).thenReturn("/servlet-path");
+ BufferedReader bufferedReader = mock(BufferedReader.class);
+ when(requestMock.getReader()).thenReturn(bufferedReader);
+ javax.servlet.http.Cookie[] cookies = new javax.servlet.http.Cookie[0];
+ when(requestMock.getCookies()).thenReturn(cookies);
+ when(requestMock.getServerPort()).thenReturn(80);
+ when(requestMock.isSecure()).thenReturn(true);
+ when(requestMock.getScheme()).thenReturn("https");
+ when(requestMock.getServerName()).thenReturn("hostname");
+ when(requestMock.getRequestURL()).thenReturn(new StringBuffer("https://hostname:80/path"));
+ when(requestMock.getRequestURI()).thenReturn("/path");
+ when(requestMock.getQueryString()).thenReturn("param1=value1");
+ when(requestMock.getContextPath()).thenReturn("/path");
+ when(requestMock.getMethod()).thenReturn("POST");
+ when(requestMock.getParameter("param1")).thenReturn("value1");
+ when(requestMock.getParameterValues("param1")).thenReturn(new String[] {"value1"});
+ when(requestMock.getHeader("header1")).thenReturn("hvalue1");
+ Enumeration<String> headers = mock(Enumeration.class);
+ when(requestMock.getHeaders("header1")).thenReturn(headers);
+
+ JavaxHttpRequest underTest = new JavaxHttpRequest(requestMock);
+
+ assertThat(underTest.getDelegate()).isSameAs(requestMock);
+ assertThat(underTest.getServerPort()).isEqualTo(80);
+ assertThat(underTest.isSecure()).isTrue();
+ assertThat(underTest.getScheme()).isEqualTo("https");
+ assertThat(underTest.getServerName()).isEqualTo("hostname");
+ assertThat(underTest.getRequestURL()).isEqualTo("https://hostname:80/path");
+ assertThat(underTest.getRequestURI()).isEqualTo("/path");
+ assertThat(underTest.getQueryString()).isEqualTo("param1=value1");
+ assertThat(underTest.getContextPath()).isEqualTo("/path");
+ assertThat(underTest.getMethod()).isEqualTo("POST");
+ assertThat(underTest.getParameter("param1")).isEqualTo("value1");
+ assertThat(underTest.getParameterValues("param1")).containsExactly("value1");
+ assertThat(underTest.getHeader("header1")).isEqualTo("hvalue1");
+ assertThat(underTest.getHeaders("header1")).isEqualTo(headers);
+ assertThat(underTest.getHeaderNames()).isEqualTo(enumeration);
+ assertThat(underTest.getRemoteAddr()).isEqualTo("192.168.0.1");
+ assertThat(underTest.getServletPath()).isEqualTo("/servlet-path");
+ assertThat(underTest.getReader()).isEqualTo(bufferedReader);
+ assertThat(underTest.getCookies()).isEqualTo(cookies);
+
+ underTest.setAttribute("name", "value");
+ verify(requestMock).setAttribute("name", "value");
+ }
+
+ @Test
+ public void delegate_methods_for_cookie() {
+ javax.servlet.http.Cookie mockCookie = new javax.servlet.http.Cookie("name", "value");
+ mockCookie.setSecure(true);
+ mockCookie.setPath("path");
+ mockCookie.setHttpOnly(true);
+ mockCookie.setMaxAge(100);
+
+ Cookie cookie = new JavaxHttpRequest.JavaxCookie(mockCookie);
+ assertThat(cookie.getName()).isEqualTo("name");
+ assertThat(cookie.getValue()).isEqualTo("value");
+ assertThat(cookie.getPath()).isEqualTo("path");
+ assertThat(cookie.isSecure()).isTrue();
+ assertThat(cookie.isHttpOnly()).isTrue();
+ assertThat(cookie.getMaxAge()).isEqualTo(100);
+ }
+
+}
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.server.http;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.List;
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.HttpServletResponse;
+import org.junit.Test;
+import org.sonar.api.server.http.Cookie;
+
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+public class JavaxHttpResponseTest {
+
+ @Test
+ public void delegate_methods() throws IOException {
+ HttpServletResponse responseMock = mock(HttpServletResponse.class);
+ when(responseMock.getHeader("h1")).thenReturn("hvalue1");
+ when(responseMock.getHeaders("h1")).thenReturn(List.of("hvalue1"));
+ when(responseMock.getStatus()).thenReturn(200);
+ ServletOutputStream outputStream = mock(ServletOutputStream.class);
+ when(responseMock.getOutputStream()).thenReturn(outputStream);
+ PrintWriter writer = mock(PrintWriter.class);
+ when(responseMock.getWriter()).thenReturn(writer);
+
+ JavaxHttpResponse underTest = new JavaxHttpResponse(responseMock);
+
+ assertThat(underTest.getDelegate()).isSameAs(responseMock);
+ assertThat(underTest.getHeader("h1")).isEqualTo("hvalue1");
+ assertThat(underTest.getHeaders("h1")).asList().containsExactly("hvalue1");
+ assertThat(underTest.getStatus()).isEqualTo(200);
+ assertThat(underTest.getWriter()).isEqualTo(writer);
+ assertThat(underTest.getOutputStream()).isEqualTo(outputStream);
+
+ underTest.addHeader("h2", "hvalue2");
+ underTest.setHeader("h3", "hvalue3");
+ underTest.setStatus(201);
+ underTest.setContentType("text/plain");
+ underTest.sendRedirect("http://redirect");
+ underTest.setCharacterEncoding("UTF-8");
+
+ Cookie cookie = mock(Cookie.class);
+ when(cookie.getName()).thenReturn("name");
+ when(cookie.getValue()).thenReturn("value");
+ underTest.addCookie(cookie);
+ verify(responseMock).addHeader("h2", "hvalue2");
+ verify(responseMock).setHeader("h3", "hvalue3");
+ verify(responseMock).setStatus(201);
+ verify(responseMock).setContentType("text/plain");
+ verify(responseMock).sendRedirect("http://redirect");
+ verify(responseMock).setCharacterEncoding("UTF-8");
+ verify(responseMock).addCookie(any(javax.servlet.http.Cookie.class));
+ }
+}
*/
package org.sonar.server.authentication;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;
import org.sonar.server.authentication.event.AuthenticationException;
// Utility class
}
- static void handleError(Exception e, HttpServletRequest request, HttpServletResponse response, String message) {
+ static void handleError(Exception e, HttpRequest request, HttpResponse response, String message) {
LOGGER.warn(message, e);
redirectToUnauthorized(request, response);
}
- public static void handleError(HttpServletRequest request, HttpServletResponse response, String message) {
+ public static void handleError(HttpRequest request, HttpResponse response, String message) {
LOGGER.warn(message);
redirectToUnauthorized(request, response);
}
- static void handleAuthenticationError(AuthenticationException e, HttpServletRequest request, HttpServletResponse response) {
+ static void handleAuthenticationError(AuthenticationException e, HttpRequest request, HttpResponse response) {
String publicMessage = e.getPublicMessage();
if (publicMessage != null && !publicMessage.isEmpty()) {
addErrorCookie(request, response, publicMessage);
redirectToUnauthorized(request, response);
}
- public static void addErrorCookie(HttpServletRequest request, HttpServletResponse response, String value) {
+ public static void addErrorCookie(HttpRequest request, HttpResponse response, String value) {
response.addCookie(newCookieBuilder(request)
.setName(AUTHENTICATION_ERROR_COOKIE)
.setValue(encodeMessage(value))
.build());
}
- private static void redirectToUnauthorized(HttpServletRequest request, HttpServletResponse response) {
+ private static void redirectToUnauthorized(HttpRequest request, HttpResponse response) {
redirectTo(response, request.getContextPath() + UNAUTHORIZED_PATH);
}
}
package org.sonar.server.authentication;
import javax.annotation.CheckForNull;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.sonar.api.server.authentication.IdentityProvider;
-import org.sonar.api.web.ServletFilter;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
+import org.sonar.api.web.HttpFilter;
import static com.google.common.base.Strings.isNullOrEmpty;
import static java.lang.String.format;
import static org.sonar.server.authentication.AuthenticationError.handleError;
-public abstract class AuthenticationFilter extends ServletFilter {
+public abstract class AuthenticationFilter extends HttpFilter {
static final String CALLBACK_PATH = "/oauth2/callback/";
private final IdentityProviderRepository identityProviderRepository;
- public AuthenticationFilter(IdentityProviderRepository identityProviderRepository) {
+ protected AuthenticationFilter(IdentityProviderRepository identityProviderRepository) {
this.identityProviderRepository = identityProviderRepository;
}
* case the request is fully handled and caller should not handle it
*/
@CheckForNull
- IdentityProvider resolveProviderOrHandleResponse(HttpServletRequest request, HttpServletResponse response, String path) {
+ IdentityProvider resolveProviderOrHandleResponse(HttpRequest request, HttpResponse response, String path) {
String requestUri = request.getRequestURI();
String providerKey = extractKeyProvider(requestUri, request.getContextPath() + path);
if (providerKey == null) {
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import javax.servlet.http.HttpServletResponse;
+import org.sonar.api.server.http.HttpResponse;
import static java.lang.String.format;
import static java.net.URLEncoder.encode;
}
}
- public static void redirectTo(HttpServletResponse response, String url) {
+ public static void redirectTo(HttpResponse response, String url) {
+ try {
+ response.sendRedirect(url);
+ } catch (IOException e) {
+ throw new IllegalStateException(format("Fail to redirect to %s", url), e);
+ }
+ }
+
+ static void redirectTo(HttpServletResponse response, String url) {
try {
response.sendRedirect(url);
} catch (IOException e) {
import org.sonar.api.platform.Server;
import org.sonar.api.server.authentication.BaseIdentityProvider;
import org.sonar.api.server.authentication.UserIdentity;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.db.user.UserDto;
import org.sonar.server.authentication.event.AuthenticationEvent.Source;
+import org.sonar.server.http.JavaxHttpRequest;
+import org.sonar.server.http.JavaxHttpResponse;
import org.sonar.server.user.ThreadLocalUserSession;
import org.sonar.server.user.UserSessionFactory;
this.threadLocalUserSession = threadLocalUserSession;
}
- public BaseIdentityProvider.Context newContext(HttpServletRequest request, HttpServletResponse response, BaseIdentityProvider identityProvider) {
+ public BaseIdentityProvider.Context newContext(HttpRequest request, HttpResponse response, BaseIdentityProvider identityProvider) {
return new ContextImpl(request, response, identityProvider);
}
private class ContextImpl implements BaseIdentityProvider.Context {
- private final HttpServletRequest request;
- private final HttpServletResponse response;
+ private final HttpRequest request;
+ private final HttpResponse response;
private final BaseIdentityProvider identityProvider;
- public ContextImpl(HttpServletRequest request, HttpServletResponse response, BaseIdentityProvider identityProvider) {
+ public ContextImpl(HttpRequest request, HttpResponse response, BaseIdentityProvider identityProvider) {
this.request = request;
this.response = response;
this.identityProvider = identityProvider;
}
@Override
- public HttpServletRequest getRequest() {
+ public HttpRequest getHttpRequest() {
return request;
}
@Override
- public HttpServletResponse getResponse() {
+ public HttpResponse getHttpResponse() {
return response;
}
+ @Override
+ public HttpServletRequest getRequest() {
+ return ((JavaxHttpRequest) request).getDelegate();
+ }
+
+ @Override
+ public HttpServletResponse getResponse() {
+ return ((JavaxHttpResponse) response).getDelegate();
+ }
+
@Override
public String getServerBaseURL() {
return server.getPublicRootUrl();
import java.util.Base64;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
+import org.sonar.api.server.http.HttpRequest;
import org.sonar.db.user.UserDto;
import org.sonar.server.authentication.event.AuthenticationEvent;
import org.sonar.server.authentication.event.AuthenticationException;
this.userTokenAuthentication = userTokenAuthentication;
}
- public Optional<UserDto> authenticate(HttpServletRequest request) {
+ public Optional<UserDto> authenticate(HttpRequest request) {
return extractCredentialsFromHeader(request)
.flatMap(credentials -> Optional.ofNullable(authenticate(credentials, request)));
}
- public static Optional<Credentials> extractCredentialsFromHeader(HttpServletRequest request) {
+ public static Optional<Credentials> extractCredentialsFromHeader(HttpRequest request) {
String authorizationHeader = request.getHeader("Authorization");
if (authorizationHeader == null || !startsWithIgnoreCase(authorizationHeader, "BASIC")) {
return Optional.empty();
}
}
- private UserDto authenticate(Credentials credentials, HttpServletRequest request) {
+ private UserDto authenticate(Credentials credentials, HttpRequest request) {
if (credentials.getPassword().isEmpty()) {
Optional<UserAuthResult> userAuthResult = userTokenAuthentication.authenticate(request);
if (userAuthResult.isPresent()) {
import java.util.Arrays;
import java.util.Optional;
import javax.annotation.Nullable;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
+import org.sonar.api.server.http.Cookie;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.server.http.JavaxHttpRequest.JavaxCookie;
import static com.google.common.base.Strings.isNullOrEmpty;
import static java.util.Objects.requireNonNull;
// Only static methods
}
- public static Optional<Cookie> findCookie(String cookieName, HttpServletRequest request) {
+ public static Optional<Cookie> findCookie(String cookieName, HttpRequest request) {
Cookie[] cookies = request.getCookies();
if (cookies == null) {
return Optional.empty();
.findFirst();
}
- public static CookieBuilder newCookieBuilder(HttpServletRequest request) {
+ public static CookieBuilder newCookieBuilder(HttpRequest request) {
return new CookieBuilder(request);
}
public static class CookieBuilder {
- private final HttpServletRequest request;
+ private final HttpRequest request;
private String name;
private String value;
private String sameSite;
- CookieBuilder(HttpServletRequest request) {
+ CookieBuilder(HttpRequest request) {
this.request = request;
}
}
public Cookie build() {
- Cookie cookie = new Cookie(requireNonNull(name), value);
+ javax.servlet.http.Cookie cookie = new javax.servlet.http.Cookie(requireNonNull(name), value);
cookie.setPath(getContextPath(request));
cookie.setSecure(isHttps(request));
cookie.setHttpOnly(httpOnly);
cookie.setMaxAge(expiry);
- return cookie;
+ return new JavaxCookie(cookie);
}
public String toValueString() {
return output;
}
- private static boolean isHttps(HttpServletRequest request) {
+ private static boolean isHttps(HttpRequest request) {
return HTTPS_VALUE.equalsIgnoreCase(request.getHeader(HTTPS_HEADER));
}
- private static String getContextPath(HttpServletRequest request) {
+ private static String getContextPath(HttpRequest request) {
String path = request.getContextPath();
return isNullOrEmpty(path) ? "/" : path;
}
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
+import org.sonar.api.server.http.HttpRequest;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.user.UserDto;
this.ldapCredentialsAuthentication = ldapCredentialsAuthentication;
}
- public UserDto authenticate(Credentials credentials, HttpServletRequest request, Method method) {
+ public UserDto authenticate(Credentials credentials, HttpRequest request, Method method) {
try (DbSession dbSession = dbClient.openSession(false)) {
return authenticate(dbSession, credentials, request, method);
}
}
- private UserDto authenticate(DbSession dbSession, Credentials credentials, HttpServletRequest request, Method method) {
+ private UserDto authenticate(DbSession dbSession, Credentials credentials, HttpRequest request, Method method) {
UserDto localUser = dbClient.userDao().selectActiveUserByLogin(dbSession, credentials.getLogin());
if (localUser != null && localUser.isLocal()) {
String password = getNonNullPassword(credentials);
import java.util.Locale;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.sonar.api.Startable;
import org.sonar.api.config.Configuration;
import org.sonar.api.security.Authenticator;
import org.sonar.api.server.authentication.Display;
import org.sonar.api.server.authentication.IdentityProvider;
import org.sonar.api.server.authentication.UserIdentity;
-import org.sonar.api.utils.log.Logger;
-import org.sonar.api.utils.log.Loggers;
+import org.sonar.api.server.http.HttpRequest;
import org.sonar.db.user.UserDto;
import org.sonar.server.authentication.event.AuthenticationEvent;
import org.sonar.server.authentication.event.AuthenticationEvent.Source;
import org.sonar.server.authentication.event.AuthenticationException;
+import org.sonar.server.http.JavaxHttpRequest;
import org.sonar.server.user.SecurityRealmFactory;
import static java.util.Objects.requireNonNull;
*/
public class CredentialsExternalAuthentication implements Startable {
- private static final Logger LOG = Loggers.get(CredentialsExternalAuthentication.class);
+ private static final Logger LOG = LoggerFactory.getLogger(CredentialsExternalAuthentication.class);
private final Configuration config;
private final SecurityRealmFactory securityRealmFactory;
}
}
- public Optional<UserDto> authenticate(Credentials credentials, HttpServletRequest request, AuthenticationEvent.Method method) {
+ public Optional<UserDto> authenticate(Credentials credentials, HttpRequest request, AuthenticationEvent.Method method) {
if (realm == null) {
return Optional.empty();
}
return Optional.of(doAuthenticate(fixCase(credentials), request, method));
}
- private UserDto doAuthenticate(Credentials credentials, HttpServletRequest request, AuthenticationEvent.Method method) {
+ private UserDto doAuthenticate(Credentials credentials, HttpRequest request, AuthenticationEvent.Method method) {
try {
- ExternalUsersProvider.Context externalUsersProviderContext = new ExternalUsersProvider.Context(credentials.getLogin(), request);
+ HttpServletRequest httpServletRequest = ((JavaxHttpRequest) request).getDelegate();
+ ExternalUsersProvider.Context externalUsersProviderContext = new ExternalUsersProvider.Context(credentials.getLogin(), request, httpServletRequest);
UserDetails details = externalUsersProvider.doGetUserDetails(externalUsersProviderContext);
if (details == null) {
throw AuthenticationException.newBuilder()
.setMessage("No user details")
.build();
}
- Authenticator.Context authenticatorContext = new Authenticator.Context(credentials.getLogin(), credentials.getPassword().orElse(null), request);
+
+ Authenticator.Context authenticatorContext = new Authenticator.Context(credentials.getLogin(), credentials.getPassword().orElse(null), request, httpServletRequest);
boolean status = authenticator.doAuthenticate(authenticatorContext);
if (!status) {
throw AuthenticationException.newBuilder()
return Source.realm(method, realm.getName());
}
- private UserDto synchronize(String userLogin, UserDetails details, HttpServletRequest request, AuthenticationEvent.Method method) {
+ private UserDto synchronize(String userLogin, UserDetails details, HttpRequest request, AuthenticationEvent.Method method) {
String name = details.getName();
UserIdentity.Builder userIdentityBuilder = UserIdentity.builder()
.setName(isEmpty(name) ? userLogin : name)
.setEmail(trimToNull(details.getEmail()))
.setProviderLogin(userLogin);
if (externalGroupsProvider != null) {
- ExternalGroupsProvider.Context context = new ExternalGroupsProvider.Context(userLogin, request);
+ HttpServletRequest httpServletRequest = ((JavaxHttpRequest) request).getDelegate();
+ ExternalGroupsProvider.Context context = new ExternalGroupsProvider.Context(userLogin, request, httpServletRequest);
Collection<String> groups = externalGroupsProvider.doGetGroups(context);
userIdentityBuilder.setGroups(new HashSet<>(groups));
}
import java.io.IOException;
import java.util.Set;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.sonar.api.config.Configuration;
-import org.sonar.api.web.ServletFilter;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
+import org.sonar.api.web.FilterChain;
+import org.sonar.api.web.HttpFilter;
+import org.sonar.api.web.UrlPattern;
import org.sonar.server.user.ThreadLocalUserSession;
-import static org.sonar.api.web.ServletFilter.UrlPattern.Builder.staticResourcePatterns;
+import static org.sonar.api.web.UrlPattern.Builder.staticResourcePatterns;
import static org.sonar.server.authentication.AuthenticationRedirection.redirectTo;
-public class DefaultAdminCredentialsVerifierFilter extends ServletFilter {
+public class DefaultAdminCredentialsVerifierFilter extends HttpFilter {
private static final String RESET_PASSWORD_PATH = "/account/reset_password";
private static final String CHANGE_ADMIN_PASSWORD_PATH = "/admin/change_admin_password";
// This property is used by Orchestrator to disable this force redirect. It should never be used in production, which
}
@Override
- public void init(FilterConfig filterConfig) {
+ public void init() {
// nothing to do
}
@Override
- public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
- HttpServletRequest request = (HttpServletRequest) servletRequest;
- HttpServletResponse response = (HttpServletResponse) servletResponse;
+ public void doFilter(HttpRequest request, HttpResponse response, FilterChain chain) throws IOException {
boolean forceRedirect = config
.getBoolean(SONAR_FORCE_REDIRECT_DEFAULT_ADMIN_CREDENTIALS)
.orElse(true);
import com.google.common.annotations.VisibleForTesting;
import java.security.MessageDigest;
import java.util.Optional;
-import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.digest.HmacAlgorithms;
import org.apache.commons.codec.digest.HmacUtils;
import org.sonar.api.config.internal.Encryption;
import org.sonar.api.config.internal.Settings;
+import org.sonar.api.server.http.HttpRequest;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;
import org.sonar.db.DbClient;
this.encryption = settings.getEncryption();
}
- public Optional<UserAuthResult> authenticate(HttpServletRequest request) {
+ public Optional<UserAuthResult> authenticate(HttpRequest request) {
String githubAppId = request.getHeader(GITHUB_APP_ID_HEADER);
if (isEmpty(githubAppId)) {
return Optional.empty();
return createAuthResult(request);
}
- private static String getGithubSignature(HttpServletRequest request, String githubAppId) {
+ private static String getGithubSignature(HttpRequest request, String githubAppId) {
String githubSignature = request.getHeader(GITHUB_SIGNATURE_HEADER);
if (isEmpty(githubSignature)) {
logAuthenticationProblemAndThrow(format(MSG_UNAUTHENTICATED_GITHUB_CALLS_DENIED, githubAppId));
return githubSignature;
}
- private static String getBody(HttpServletRequest request) {
+ private static String getBody(HttpRequest request) {
try {
return request.getReader().lines().collect(joining(System.lineSeparator()));
} catch (Exception e) {
return MessageDigest.isEqual(githubSignature.getBytes(UTF_8), computedSignature.getBytes(UTF_8));
}
- private Optional<UserAuthResult> createAuthResult(HttpServletRequest request) {
+ private Optional<UserAuthResult> createAuthResult(HttpRequest request) {
UserAuthResult userAuthResult = UserAuthResult.withGithubWebhook();
authenticationEvent.loginSuccess(request, GITHUB_WEBHOOK_USER_NAME, AuthenticationEvent.Source.githubWebhook());
return Optional.of(userAuthResult);
import java.util.Map;
import java.util.Optional;
import javax.annotation.CheckForNull;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.sonar.api.Startable;
import org.sonar.api.config.Configuration;
import org.sonar.api.server.authentication.Display;
import org.sonar.api.server.authentication.IdentityProvider;
import org.sonar.api.server.authentication.UserIdentity;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.utils.System2;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;
// Nothing to do
}
- public Optional<UserDto> authenticate(HttpServletRequest request, HttpServletResponse response) {
+ public Optional<UserDto> authenticate(HttpRequest request, HttpResponse response) {
try {
return doAuthenticate(request, response);
} catch (BadRequestException e) {
}
}
- private Optional<UserDto> doAuthenticate(HttpServletRequest request, HttpServletResponse response) {
+ private Optional<UserDto> doAuthenticate(HttpRequest request, HttpResponse response) {
if (!enabled) {
return Optional.empty();
}
return Optional.of(userDto);
}
- private Optional<UserDto> getUserFromToken(HttpServletRequest request, HttpServletResponse response) {
+ private Optional<UserDto> getUserFromToken(HttpRequest request, HttpResponse response) {
Optional<JwtHttpHandler.Token> token = jwtHttpHandler.getToken(request, response);
if (token.isEmpty()) {
return Optional.empty();
return headerValuesByNames.get(settingsByKey.get(settingKey).toLowerCase(Locale.ENGLISH));
}
- private static Map<String, String> getHeaders(HttpServletRequest request) {
+ private static Map<String, String> getHeaders(HttpRequest request) {
Map<String, String> headers = new HashMap<>();
Collections.list(request.getHeaderNames()).forEach(header -> headers.put(header.toLowerCase(Locale.ENGLISH), request.getHeader(header)));
return headers;
*/
package org.sonar.server.authentication;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.sonar.api.server.authentication.BaseIdentityProvider;
import org.sonar.api.server.authentication.IdentityProvider;
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
import org.sonar.api.server.authentication.UnauthorizedException;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
+import org.sonar.api.web.FilterChain;
+import org.sonar.api.web.UrlPattern;
import org.sonar.server.authentication.event.AuthenticationEvent;
import org.sonar.server.authentication.event.AuthenticationException;
}
@Override
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
- HttpServletRequest httpRequest = (HttpServletRequest) request;
- HttpServletResponse httpResponse = (HttpServletResponse) response;
-
- IdentityProvider provider = resolveProviderOrHandleResponse(httpRequest, httpResponse, INIT_CONTEXT);
+ public void doFilter(HttpRequest request, HttpResponse response, FilterChain chain) {
+ IdentityProvider provider = resolveProviderOrHandleResponse(request, response, INIT_CONTEXT);
if (provider != null) {
- handleProvider(httpRequest, httpResponse, provider);
+ handleProvider(request, response, provider);
}
}
- private void handleProvider(HttpServletRequest request, HttpServletResponse response, IdentityProvider provider) {
+ private void handleProvider(HttpRequest request, HttpResponse response, IdentityProvider provider) {
try {
if (provider instanceof BaseIdentityProvider baseIdentityProvider) {
handleBaseIdentityProvider(request, response, baseIdentityProvider);
}
}
- private void handleBaseIdentityProvider(HttpServletRequest request, HttpServletResponse response, BaseIdentityProvider provider) {
+ private void handleBaseIdentityProvider(HttpRequest request, HttpResponse response, BaseIdentityProvider provider) {
try {
provider.init(baseContextFactory.newContext(request, response, provider));
} catch (UnauthorizedException e) {
}
}
- private void handleOAuth2IdentityProvider(HttpServletRequest request, HttpServletResponse response, OAuth2IdentityProvider provider) {
+ private void handleOAuth2IdentityProvider(HttpRequest request, HttpResponse response, OAuth2IdentityProvider provider) {
try {
provider.init(oAuth2ContextFactory.newContext(request, response, provider));
} catch (UnauthorizedException e) {
}
@Override
- public void init(FilterConfig filterConfig) {
+ public void init() {
// Nothing to do
}
*/
package org.sonar.server.authentication;
-import com.google.common.collect.ImmutableSet;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.Set;
import javax.annotation.CheckForNull;
import javax.annotation.Nullable;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.server.authentication.event.AuthenticationException;
import static org.apache.commons.lang.StringUtils.isBlank;
private static final String CSRF_STATE_COOKIE = "XSRF-TOKEN";
private static final String CSRF_HEADER = "X-XSRF-TOKEN";
- private static final Set<String> UPDATE_METHODS = ImmutableSet.of("POST", "PUT", "DELETE");
+ private static final Set<String> UPDATE_METHODS = Set.of("POST", "PUT", "DELETE");
private static final String API_URL = "/api";
- public String generateState(HttpServletRequest request, HttpServletResponse response, int timeoutInSeconds) {
+ public String generateState(HttpRequest request, HttpResponse response, int timeoutInSeconds) {
// Create a state token to prevent request forgery.
// Store it in the cookie for later validation.
String state = new BigInteger(130, new SecureRandom()).toString(32);
return state;
}
- public void verifyState(HttpServletRequest request, @Nullable String csrfState, @Nullable String login) {
+ public void verifyState(HttpRequest request, @Nullable String csrfState, @Nullable String login) {
if (!shouldRequestBeChecked(request)) {
return;
}
return null;
}
- public void refreshState(HttpServletRequest request, HttpServletResponse response, String csrfState, int timeoutInSeconds) {
+ public void refreshState(HttpRequest request, HttpResponse response, String csrfState, int timeoutInSeconds) {
response.addHeader(SET_COOKIE,
newCookieBuilder(request)
.setName(CSRF_STATE_COOKIE)
.toValueString());
}
- public void removeState(HttpServletRequest request, HttpServletResponse response) {
+ public void removeState(HttpRequest request, HttpResponse response) {
response.addCookie(newCookieBuilder(request).setName(CSRF_STATE_COOKIE).setValue(null).setHttpOnly(false).setExpiry(0).build());
}
- private static boolean shouldRequestBeChecked(HttpServletRequest request) {
+ private static boolean shouldRequestBeChecked(HttpRequest request) {
if (UPDATE_METHODS.contains(request.getMethod())) {
String path = request.getRequestURI().replaceFirst(request.getContextPath(), "");
return path.startsWith(API_URL);
import java.util.Map;
import java.util.Optional;
import javax.annotation.Nullable;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.sonar.api.config.Configuration;
import org.sonar.api.server.ServerSide;
+import org.sonar.api.server.http.Cookie;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.utils.System2;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
this.jwtCsrfVerifier = jwtCsrfVerifier;
}
- public void generateToken(UserDto user, Map<String, Object> properties, HttpServletRequest request, HttpServletResponse response) {
+ public void generateToken(UserDto user, Map<String, Object> properties, HttpRequest request, HttpResponse response) {
String csrfState = jwtCsrfVerifier.generateState(request, response, sessionTimeoutInSeconds);
long expirationTime = system2.now() + sessionTimeoutInSeconds * 1000L;
SessionTokenDto sessionToken = createSessionToken(user, expirationTime);
}
}
- public void generateToken(UserDto user, HttpServletRequest request, HttpServletResponse response) {
+ public void generateToken(UserDto user, HttpRequest request, HttpResponse response) {
generateToken(user, Collections.emptyMap(), request, response);
}
- public Optional<UserDto> validateToken(HttpServletRequest request, HttpServletResponse response) {
+ public Optional<UserDto> validateToken(HttpRequest request, HttpResponse response) {
Optional<Token> token = getToken(request, response);
return token.map(Token::getUserDto);
}
- public Optional<Token> getToken(HttpServletRequest request, HttpServletResponse response) {
+ public Optional<Token> getToken(HttpRequest request, HttpResponse response) {
Optional<String> encodedToken = getTokenFromCookie(request);
if (!encodedToken.isPresent()) {
return Optional.empty();
}
}
- private static Optional<String> getTokenFromCookie(HttpServletRequest request) {
+ private static Optional<String> getTokenFromCookie(HttpRequest request) {
Optional<Cookie> jwtCookie = findCookie(JWT_COOKIE, request);
- if (!jwtCookie.isPresent()) {
+ if (jwtCookie.isEmpty()) {
return Optional.empty();
}
Cookie cookie = jwtCookie.get();
return Optional.of(token);
}
- private Optional<Token> validateToken(DbSession dbSession, String tokenEncoded, HttpServletRequest request, HttpServletResponse response) {
+ private Optional<Token> validateToken(DbSession dbSession, String tokenEncoded, HttpRequest request, HttpResponse response) {
Optional<Claims> claims = jwtSerializer.decode(tokenEncoded);
- if (!claims.isPresent()) {
+ if (claims.isEmpty()) {
return Optional.empty();
}
Claims token = claims.get();
Optional<SessionTokenDto> sessionToken = dbClient.sessionTokensDao().selectByUuid(dbSession, token.getId());
- if (!sessionToken.isPresent()) {
+ if (sessionToken.isEmpty()) {
return Optional.empty();
}
// Check on expiration is already done when decoding the JWT token, but here is done a double check with the expiration date from DB.
return new Date(lastFreshTime);
}
- private void refreshToken(DbSession dbSession, SessionTokenDto tokenFromDb, Claims tokenFromCookie, HttpServletRequest request, HttpServletResponse response) {
+ private void refreshToken(DbSession dbSession, SessionTokenDto tokenFromDb, Claims tokenFromCookie, HttpRequest request, HttpResponse response) {
long expirationTime = system2.now() + sessionTimeoutInSeconds * 1000L;
String refreshToken = jwtSerializer.refresh(tokenFromCookie, expirationTime);
response.addHeader(SET_COOKIE, createJwtSession(request, JWT_COOKIE, refreshToken, sessionTimeoutInSeconds));
dbSession.commit();
}
- public void removeToken(HttpServletRequest request, HttpServletResponse response) {
+ public void removeToken(HttpRequest request, HttpResponse response) {
removeSessionToken(request);
response.addCookie(createCookie(request, JWT_COOKIE, null, 0));
jwtCsrfVerifier.removeState(request, response);
}
- private void removeSessionToken(HttpServletRequest request) {
+ private void removeSessionToken(HttpRequest request) {
Optional<Cookie> jwtCookie = findCookie(JWT_COOKIE, request);
if (!jwtCookie.isPresent()) {
return;
}
}
- private static Cookie createCookie(HttpServletRequest request, String name, @Nullable String value, int expirationInSeconds) {
+ private static Cookie createCookie(HttpRequest request, String name, @Nullable String value, int expirationInSeconds) {
return newCookieBuilder(request).setName(name).setValue(value).setHttpOnly(true).setExpiry(expirationInSeconds).build();
}
- private static String createJwtSession(HttpServletRequest request, String name, @Nullable String value, int expirationInSeconds) {
+ private static String createJwtSession(HttpRequest request, String name, @Nullable String value, int expirationInSeconds) {
return newCookieBuilder(request).setName(name).setValue(value).setHttpOnly(true).setExpiry(expirationInSeconds).setSameSite(SAMESITE_LAX).toValueString();
}
import java.util.HashSet;
import java.util.Locale;
import java.util.Optional;
-import javax.servlet.http.HttpServletRequest;
import org.sonar.api.config.Configuration;
import org.sonar.api.server.authentication.Display;
import org.sonar.api.server.authentication.IdentityProvider;
import org.sonar.api.server.authentication.UserIdentity;
+import org.sonar.api.server.http.HttpRequest;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;
import org.sonar.auth.ldap.LdapAuthenticationResult;
this.ldapGroupsProvider = ldapRealm.getGroupsProvider();
}
- public Optional<UserDto> authenticate(Credentials credentials, HttpServletRequest request, AuthenticationEvent.Method method) {
+ public Optional<UserDto> authenticate(Credentials credentials, HttpRequest request, AuthenticationEvent.Method method) {
if (isLdapAuthActivated) {
return Optional.of(doAuthenticate(fixCase(credentials), request, method));
}
return Optional.empty();
}
- private UserDto doAuthenticate(Credentials credentials, HttpServletRequest request, AuthenticationEvent.Method method) {
+ private UserDto doAuthenticate(Credentials credentials, HttpRequest request, AuthenticationEvent.Method method) {
try {
LdapAuthenticator.Context ldapAuthenticatorContext = new LdapAuthenticator.Context(credentials.getLogin(), credentials.getPassword().orElse(null), request);
LdapAuthenticationResult authenticationResult = ldapAuthenticator.doAuthenticate(ldapAuthenticatorContext);
return Source.realm(method, "ldap");
}
- private UserDto synchronize(String userLogin, String serverKey, LdapUserDetails userDetails, HttpServletRequest request, AuthenticationEvent.Method method) {
+ private UserDto synchronize(String userLogin, String serverKey, LdapUserDetails userDetails, HttpRequest request, AuthenticationEvent.Method method) {
String name = userDetails.getName();
UserIdentity.Builder userIdentityBuilder = UserIdentity.builder()
.setName(isEmpty(name) ? userLogin : name)
import java.util.Optional;
import javax.servlet.FilterConfig;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
/**
* This class is used to store some parameters during the OAuth2 authentication process, by using a cookie.
*/
public interface OAuth2AuthenticationParameters {
- void init(HttpServletRequest request, HttpServletResponse response);
+ void init(HttpRequest request, HttpResponse response);
- Optional<String> getReturnTo(HttpServletRequest request);
+ Optional<String> getReturnTo(HttpRequest request);
- void delete(HttpServletRequest request, HttpServletResponse response);
+ void delete(HttpRequest request, HttpResponse response);
}
import java.util.Optional;
import java.util.regex.Pattern;
import javax.annotation.Nullable;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import org.sonar.api.server.http.Cookie;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import static java.net.URLDecoder.decode;
import static java.nio.charset.StandardCharsets.UTF_8;
}.getType();
@Override
- public void init(HttpServletRequest request, HttpServletResponse response) {
+ public void init(HttpRequest request, HttpResponse response) {
String returnTo = request.getParameter(RETURN_TO_PARAMETER);
Map<String, String> parameters = new HashMap<>();
Optional<String> sanitizeRedirectUrl = sanitizeRedirectUrl(returnTo);
}
@Override
- public Optional<String> getReturnTo(HttpServletRequest request) {
+ public Optional<String> getReturnTo(HttpRequest request) {
return getParameter(request, RETURN_TO_PARAMETER)
.flatMap(OAuth2AuthenticationParametersImpl::sanitizeRedirectUrl);
}
- private static Optional<String> getParameter(HttpServletRequest request, String parameterKey) {
- Optional<javax.servlet.http.Cookie> cookie = findCookie(AUTHENTICATION_COOKIE_NAME, request);
- if (!cookie.isPresent()) {
+ private static Optional<String> getParameter(HttpRequest request, String parameterKey) {
+ Optional<Cookie> cookie = findCookie(AUTHENTICATION_COOKIE_NAME, request);
+ if (cookie.isEmpty()) {
return empty();
}
}
@Override
- public void delete(HttpServletRequest request, HttpServletResponse response) {
+ public void delete(HttpRequest request, HttpResponse response) {
response.addCookie(newCookieBuilder(request)
.setName(AUTHENTICATION_COOKIE_NAME)
.setValue(null)
*/
package org.sonar.server.authentication;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.sonar.api.server.authentication.IdentityProvider;
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
import org.sonar.api.server.authentication.UnauthorizedException;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
+import org.sonar.api.web.FilterChain;
+import org.sonar.api.web.UrlPattern;
import org.sonar.server.authentication.event.AuthenticationEvent;
import org.sonar.server.authentication.event.AuthenticationException;
import org.sonar.server.user.ThreadLocalUserSession;
}
@Override
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
- HttpServletRequest httpRequest = (HttpServletRequest) request;
- HttpServletResponse httpResponse = (HttpServletResponse) response;
-
- IdentityProvider provider = resolveProviderOrHandleResponse(httpRequest, httpResponse, CALLBACK_PATH);
+ public void doFilter(HttpRequest request, HttpResponse response, FilterChain chain) {
+ IdentityProvider provider = resolveProviderOrHandleResponse(request, response, CALLBACK_PATH);
if (provider != null) {
- handleProvider(httpRequest, (HttpServletResponse) response, provider);
+ handleProvider(request, response, provider);
}
}
- private void handleProvider(HttpServletRequest request, HttpServletResponse response, IdentityProvider provider) {
+ private void handleProvider(HttpRequest request, HttpResponse response, IdentityProvider provider) {
try {
if (provider instanceof OAuth2IdentityProvider oAuth2IdentityProvider) {
- handleOAuth2Provider(response, request, oAuth2IdentityProvider);
+ handleOAuth2Provider(request, response, oAuth2IdentityProvider);
} else {
handleError(request, response, format("Not an OAuth2IdentityProvider: %s", provider.getClass()));
}
}
}
- private void handleOAuth2Provider(HttpServletResponse response, HttpServletRequest httpRequest, OAuth2IdentityProvider oAuth2Provider) {
- OAuth2IdentityProvider.CallbackContext context = oAuth2ContextFactory.newCallback(httpRequest, response, oAuth2Provider);
+ private void handleOAuth2Provider(HttpRequest request, HttpResponse response, OAuth2IdentityProvider oAuth2Provider) {
+ OAuth2IdentityProvider.CallbackContext context = oAuth2ContextFactory.newCallback(request, response, oAuth2Provider);
try {
oAuth2Provider.callback(context);
} catch (UnauthorizedException e) {
.build();
}
if (threadLocalUserSession.hasSession()) {
- authenticationEvent.loginSuccess(httpRequest, threadLocalUserSession.getLogin(), Source.oauth2(oAuth2Provider));
+ authenticationEvent.loginSuccess(request, threadLocalUserSession.getLogin(), Source.oauth2(oAuth2Provider));
} else {
throw AuthenticationException.newBuilder()
.setSource(Source.oauth2(oAuth2Provider))
}
@Override
- public void init(FilterConfig filterConfig) {
+ public void init() {
// Nothing to do
}
import org.sonar.api.server.ServerSide;
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
import org.sonar.api.server.authentication.UserIdentity;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.db.user.UserDto;
import org.sonar.server.authentication.event.AuthenticationEvent;
+import org.sonar.server.http.JavaxHttpRequest;
+import org.sonar.server.http.JavaxHttpResponse;
import org.sonar.server.user.ThreadLocalUserSession;
import org.sonar.server.user.UserSessionFactory;
this.oAuthParameters = oAuthParameters;
}
- public OAuth2IdentityProvider.InitContext newContext(HttpServletRequest request, HttpServletResponse response, OAuth2IdentityProvider identityProvider) {
+ public OAuth2IdentityProvider.InitContext newContext(HttpRequest request, HttpResponse response, OAuth2IdentityProvider identityProvider) {
return new OAuthContextImpl(request, response, identityProvider);
}
- public OAuth2IdentityProvider.CallbackContext newCallback(HttpServletRequest request, HttpServletResponse response, OAuth2IdentityProvider identityProvider) {
+ public OAuth2IdentityProvider.CallbackContext newCallback(HttpRequest request, HttpResponse response, OAuth2IdentityProvider identityProvider) {
return new OAuthContextImpl(request, response, identityProvider);
}
public class OAuthContextImpl implements OAuth2IdentityProvider.InitContext, OAuth2IdentityProvider.CallbackContext {
- private final HttpServletRequest request;
- private final HttpServletResponse response;
+ private final HttpRequest request;
+ private final HttpResponse response;
private final OAuth2IdentityProvider identityProvider;
- public OAuthContextImpl(HttpServletRequest request, HttpServletResponse response, OAuth2IdentityProvider identityProvider) {
+ public OAuthContextImpl(HttpRequest request, HttpResponse response, OAuth2IdentityProvider identityProvider) {
this.request = request;
this.response = response;
this.identityProvider = identityProvider;
}
@Override
- public HttpServletRequest getRequest() {
+ public HttpRequest getHttpRequest() {
return request;
}
@Override
- public HttpServletResponse getResponse() {
+ public HttpResponse getHttpResponse() {
return response;
}
+ @Override
+ public HttpServletRequest getRequest() {
+ return ((JavaxHttpRequest) request).getDelegate();
+ }
+
+ @Override
+ public HttpServletResponse getResponse() {
+ return ((JavaxHttpResponse) response).getDelegate();
+ }
+
@Override
public void redirectTo(String url) {
try {
try {
Optional<String> redirectTo = oAuthParameters.getReturnTo(request);
oAuthParameters.delete(request, response);
- getResponse().sendRedirect(redirectTo.orElse(server.getContextPath() + "/"));
+ getHttpResponse().sendRedirect(redirectTo.orElse(server.getContextPath() + "/"));
} catch (IOException e) {
throw new IllegalStateException("Fail to redirect to requested page", e);
}
import java.math.BigInteger;
import java.security.SecureRandom;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
+import org.sonar.api.server.http.Cookie;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.server.authentication.event.AuthenticationException;
import static java.lang.String.format;
private static final String CSRF_STATE_COOKIE = "OAUTHSTATE";
private static final String DEFAULT_STATE_PARAMETER_NAME = "state";
- public String generateState(HttpServletRequest request, HttpServletResponse response) {
+ public String generateState(HttpRequest request, HttpResponse response) {
// Create a state token to prevent request forgery.
// Store it in the session for later validation.
String state = new BigInteger(130, new SecureRandom()).toString(32);
return state;
}
- public void verifyState(HttpServletRequest request, HttpServletResponse response, OAuth2IdentityProvider provider) {
+ public void verifyState(HttpRequest request, HttpResponse response, OAuth2IdentityProvider provider) {
verifyState(request, response, provider, DEFAULT_STATE_PARAMETER_NAME);
}
- public void verifyState(HttpServletRequest request, HttpServletResponse response, OAuth2IdentityProvider provider, String parameterName) {
+ public void verifyState(HttpRequest request, HttpResponse response, OAuth2IdentityProvider provider, String parameterName) {
Cookie cookie = findCookie(CSRF_STATE_COOKIE, request)
.orElseThrow(AuthenticationException.newBuilder()
.setSource(Source.oauth2(provider))
*/
package org.sonar.server.authentication;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.sonar.api.server.ServerSide;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.server.user.UserSession;
@ServerSide
/**
* @throws org.sonar.server.authentication.event.AuthenticationException if user is not authenticated
*/
- UserSession authenticate(HttpServletRequest request, HttpServletResponse response);
+ UserSession authenticate(HttpRequest request, HttpResponse response);
}
package org.sonar.server.authentication;
import java.util.function.Function;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.db.user.UserDto;
import org.sonar.server.user.UserSession;
import org.sonar.server.user.UserSessionFactory;
}
@Override
- public UserSession authenticate(HttpServletRequest request, HttpServletResponse response) {
+ public UserSession authenticate(HttpRequest request, HttpResponse response) {
UserAuthResult userAuthResult = loadUser(request, response);
if (nonNull(userAuthResult.getUserDto())) {
if (TOKEN.equals(userAuthResult.getAuthType())) {
return userSessionFactory.createAnonymous();
}
- private UserAuthResult loadUser(HttpServletRequest request, HttpServletResponse response) {
+ private UserAuthResult loadUser(HttpRequest request, HttpResponse response) {
Function<UserAuthResult.AuthType, Function<UserDto, UserAuthResult>> createUserAuthResult = type -> userDto -> new UserAuthResult(userDto, type);
// SSO authentication should come first in order to update JWT if user from header is not the same is user from JWT
return httpHeadersAuthentication.authenticate(request, response).map(createUserAuthResult.apply(SSO))
import java.io.IOException;
import java.util.Set;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import org.sonar.api.web.ServletFilter;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
+import org.sonar.api.web.FilterChain;
+import org.sonar.api.web.HttpFilter;
+import org.sonar.api.web.UrlPattern;
import org.sonar.server.user.ThreadLocalUserSession;
-import static org.sonar.api.web.ServletFilter.UrlPattern.Builder.staticResourcePatterns;
+import static org.sonar.api.web.UrlPattern.Builder.staticResourcePatterns;
import static org.sonar.server.authentication.AuthenticationRedirection.redirectTo;
-public class ResetPasswordFilter extends ServletFilter {
+public class ResetPasswordFilter extends HttpFilter {
private static final String RESET_PASSWORD_PATH = "/account/reset_password";
private static final Set<String> SKIPPED_URLS = Set.of(
}
@Override
- public void init(FilterConfig filterConfig) {
+ public void init() {
// nothing to do
}
@Override
- public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
- HttpServletRequest request = (HttpServletRequest) servletRequest;
- HttpServletResponse response = (HttpServletResponse) servletResponse;
-
+ public void doFilter(HttpRequest request, HttpResponse response, FilterChain chain) throws IOException {
if (userSession.hasSession() && userSession.isLoggedIn() && userSession.shouldResetPassword()) {
redirectTo(response, request.getContextPath() + RESET_PASSWORD_PATH);
}
import java.security.SecureRandom;
import java.util.List;
import javax.servlet.http.HttpServletResponse;
+import org.sonar.api.server.http.HttpResponse;
public class SamlValidationCspHeaders {
throw new IllegalStateException("Utility class, cannot be instantiated");
}
- public static String addCspHeadersWithNonceToResponse(HttpServletResponse httpResponse) {
+ public static String addCspHeadersWithNonceToResponse(HttpResponse httpResponse) {
final String nonce = getNonce();
List<String> cspPolicies = List.of(
import java.net.URL;
import java.nio.charset.StandardCharsets;
import javax.annotation.Nullable;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.sonar.api.internal.apachecommons.lang.StringEscapeUtils;
import org.sonar.api.platform.Server;
-import org.sonar.api.web.ServletFilter;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
+import org.sonar.api.web.FilterChain;
+import org.sonar.api.web.HttpFilter;
+import org.sonar.api.web.UrlPattern;
import static org.sonar.server.authentication.AuthenticationFilter.CALLBACK_PATH;
-public class SamlValidationRedirectionFilter extends ServletFilter {
+public class SamlValidationRedirectionFilter extends HttpFilter {
public static final String VALIDATION_RELAY_STATE = "validation-query";
public static final String SAML_VALIDATION_CONTROLLER_CONTEXT = "saml";
}
@Override
- public void init(FilterConfig filterConfig) throws ServletException {
- super.init(filterConfig);
+ public void init() {
this.redirectionPageTemplate = extractTemplate("validation-redirection.html");
}
}
@Override
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+ public void doFilter(HttpRequest request, HttpResponse response, FilterChain chain) throws IOException {
String relayState = request.getParameter(RELAY_STATE_PARAMETER);
if (isSamlValidation(relayState)) {
- HttpServletResponse httpResponse = (HttpServletResponse) response;
-
URI redirectionEndpointUrl = URI.create(server.getContextPath() + "/")
.resolve(SAML_VALIDATION_CONTROLLER_CONTEXT + "/")
.resolve(SAML_VALIDATION_KEY);
String samlResponse = StringEscapeUtils.escapeHtml(request.getParameter(SAML_RESPONSE_PARAMETER));
String csrfToken = getCsrfTokenFromRelayState(relayState);
- String nonce = SamlValidationCspHeaders.addCspHeadersWithNonceToResponse(httpResponse);
+ String nonce = SamlValidationCspHeaders.addCspHeadersWithNonceToResponse(response);
String template = StringUtils.replaceEachRepeatedly(redirectionPageTemplate,
new String[]{"%NONCE%", "%WEB_CONTEXT%", "%VALIDATION_URL%", "%SAML_RESPONSE%", "%CSRF_TOKEN%"},
new String[]{nonce, server.getContextPath(), redirectionEndpointUrl.toString(), samlResponse, csrfToken});
- httpResponse.setContentType("text/html");
- httpResponse.getWriter().print(template);
+ response.setContentType("text/html");
+ response.getWriter().print(template);
return;
}
chain.doFilter(request, response);
}
return "";
}
-
}
import java.util.Optional;
import java.util.Set;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.sonar.api.config.Configuration;
import org.sonar.api.server.ServerSide;
-import org.sonar.api.web.ServletFilter.UrlPattern;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
+import org.sonar.api.web.UrlPattern;
import org.sonar.db.user.UserTokenDto;
import org.sonar.server.authentication.event.AuthenticationEvent;
import org.sonar.server.authentication.event.AuthenticationEvent.Source;
import static org.sonar.api.CoreProperties.CORE_FORCE_AUTHENTICATION_DEFAULT_VALUE;
import static org.sonar.api.CoreProperties.CORE_FORCE_AUTHENTICATION_PROPERTY;
import static org.sonar.api.utils.DateUtils.formatDateTime;
-import static org.sonar.api.web.ServletFilter.UrlPattern.Builder.staticResourcePatterns;
+import static org.sonar.api.web.UrlPattern.Builder.staticResourcePatterns;
import static org.sonar.server.authentication.AuthenticationError.handleAuthenticationError;
@ServerSide
this.requestAuthenticator = requestAuthenticator;
}
- public boolean initUserSession(HttpServletRequest request, HttpServletResponse response) {
+ public boolean initUserSession(HttpRequest request, HttpResponse response) {
String path = request.getRequestURI().replaceFirst(request.getContextPath(), "");
try {
// Do not set user session when url is excluded
return provider != AuthenticationEvent.Provider.LOCAL && provider != AuthenticationEvent.Provider.JWT;
}
- private void loadUserSession(HttpServletRequest request, HttpServletResponse response, boolean urlSupportsSystemPasscode) {
+ private void loadUserSession(HttpRequest request, HttpResponse response, boolean urlSupportsSystemPasscode) {
UserSession session = requestAuthenticator.authenticate(request, response);
if (!session.isLoggedIn() && !urlSupportsSystemPasscode && config.getBoolean(CORE_FORCE_AUTHENTICATION_PROPERTY).orElse(CORE_FORCE_AUTHENTICATION_DEFAULT_VALUE)) {
// authentication is required
request.setAttribute(ACCESS_LOG_LOGIN, defaultString(session.getLogin(), "-"));
}
- private static void checkTokenUserSession(HttpServletResponse response, UserSession session) {
+ private static void checkTokenUserSession(HttpResponse response, UserSession session) {
if (session instanceof TokenUserSession tokenUserSession) {
UserTokenDto userTokenDto = tokenUserSession.getUserToken();
Optional.ofNullable(userTokenDto.getExpirationDate()).ifPresent(expirationDate -> response.addHeader(SQ_AUTHENTICATION_TOKEN_EXPIRATION, formatDateTime(expirationDate)));
import java.io.Serializable;
import java.util.Objects;
import javax.annotation.Nullable;
-import javax.servlet.http.HttpServletRequest;
import org.sonar.api.server.authentication.BaseIdentityProvider;
import org.sonar.api.server.authentication.IdentityProvider;
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
+import org.sonar.api.server.http.HttpRequest;
import static com.google.common.base.Preconditions.checkArgument;
import static java.util.Objects.requireNonNull;
public interface AuthenticationEvent {
- void loginSuccess(HttpServletRequest request, @Nullable String login, Source source);
+ void loginSuccess(HttpRequest request, @Nullable String login, Source source);
- void loginFailure(HttpServletRequest request, AuthenticationException e);
+ void loginFailure(HttpRequest request, AuthenticationException e);
- void logoutSuccess(HttpServletRequest request, @Nullable String login);
+ void logoutSuccess(HttpRequest request, @Nullable String login);
- void logoutFailure(HttpServletRequest request, String errorMessage);
+ void logoutFailure(HttpRequest request, String errorMessage);
enum Method {
/**
import com.google.common.base.Joiner;
import java.util.Collections;
import javax.annotation.Nullable;
-import javax.servlet.http.HttpServletRequest;
+import org.sonar.api.server.http.HttpRequest;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;
import org.sonar.core.util.stream.MoreCollectors;
private static final int FLOOD_THRESHOLD = 128;
@Override
- public void loginSuccess(HttpServletRequest request, @Nullable String login, Source source) {
+ public void loginSuccess(HttpRequest request, @Nullable String login, Source source) {
checkRequest(request);
requireNonNull(source, "source can't be null");
if (!LOGGER.isDebugEnabled()) {
preventLogFlood(emptyIfNull(login)));
}
- private static String getAllIps(HttpServletRequest request) {
+ private static String getAllIps(HttpRequest request) {
return Collections.list(request.getHeaders("X-Forwarded-For")).stream().collect(MoreCollectors.join(Joiner.on(",")));
}
@Override
- public void loginFailure(HttpServletRequest request, AuthenticationException e) {
+ public void loginFailure(HttpRequest request, AuthenticationException e) {
checkRequest(request);
requireNonNull(e, "AuthenticationException can't be null");
if (!LOGGER.isDebugEnabled()) {
}
@Override
- public void logoutSuccess(HttpServletRequest request, @Nullable String login) {
+ public void logoutSuccess(HttpRequest request, @Nullable String login) {
checkRequest(request);
if (!LOGGER.isDebugEnabled()) {
return;
}
@Override
- public void logoutFailure(HttpServletRequest request, String errorMessage) {
+ public void logoutFailure(HttpRequest request, String errorMessage) {
checkRequest(request);
requireNonNull(errorMessage, "error message can't be null");
if (!LOGGER.isDebugEnabled()) {
request.getRemoteAddr(), getAllIps(request));
}
- private static void checkRequest(HttpServletRequest request) {
+ private static void checkRequest(HttpRequest request) {
requireNonNull(request, "request can't be null");
}
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
+import org.sonar.api.server.http.HttpRequest;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.user.UserDto;
this.authenticationEvent = authenticationEvent;
}
- public Optional<UserAuthResult> authenticate(HttpServletRequest request) {
+ public Optional<UserAuthResult> authenticate(HttpRequest request) {
return findBearerToken(request)
.or(() -> findTokenUsedWithBasicAuthentication(request))
.map(userAuthResult -> login(request, userAuthResult));
}
- private static Optional<String> findBearerToken(HttpServletRequest request) {
+ private static Optional<String> findBearerToken(HttpRequest request) {
// hack necessary as #org.sonar.server.monitoring.MetricsAction and org.sonar.server.platform.ws.SafeModeMonitoringMetricAction
// are providing their own bearer token based authentication mechanism that we can't get rid of for backward compatibility reasons
if (request.getServletPath().startsWith(API_MONITORING_METRICS_PATH)) {
return Optional.empty();
}
- private static Optional<String> findTokenUsedWithBasicAuthentication(HttpServletRequest request) {
+ private static Optional<String> findTokenUsedWithBasicAuthentication(HttpRequest request) {
Credentials credentials = extractCredentialsFromHeader(request).orElse(null);
if (isTokenWithBasicAuthenticationMethod(credentials)) {
return Optional.ofNullable(credentials.getLogin());
return Optional.ofNullable(credentials).map(c -> c.getPassword().isEmpty()).orElse(false);
}
- private UserAuthResult login(HttpServletRequest request, String token) {
+ private UserAuthResult login(HttpRequest request, String token) {
UserAuthResult userAuthResult = authenticateFromUserToken(token, request);
authenticationEvent.loginSuccess(request, userAuthResult.getUserDto().getLogin(), AuthenticationEvent.Source.local(AuthenticationEvent.Method.SONARQUBE_TOKEN));
return userAuthResult;
}
- private UserAuthResult authenticateFromUserToken(String token, HttpServletRequest request) {
+ private UserAuthResult authenticateFromUserToken(String token, HttpRequest request) {
try (DbSession dbSession = dbClient.openSession(false)) {
UserTokenDto userToken = authenticate(token);
UserDto userDto = dbClient.userDao().selectByUuid(dbSession, userToken.getUserUuid());
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.sonar.api.server.authentication.BaseIdentityProvider;
import org.sonar.api.server.authentication.UserIdentity;
import org.sonar.db.user.UserDto;
+import org.sonar.server.http.JavaxHttpRequest;
+import org.sonar.server.http.JavaxHttpResponse;
import org.sonar.server.user.TestUserSessionFactory;
import org.sonar.server.user.ThreadLocalUserSession;
import org.sonar.server.user.UserSession;
.setEmail("john@email.com")
.build();
- private ThreadLocalUserSession threadLocalUserSession = mock(ThreadLocalUserSession.class);
+ private final ThreadLocalUserSession threadLocalUserSession = mock(ThreadLocalUserSession.class);
- private TestUserRegistrar userIdentityAuthenticator = new TestUserRegistrar();
- private Server server = mock(Server.class);
+ private final TestUserRegistrar userIdentityAuthenticator = new TestUserRegistrar();
+ private final Server server = mock(Server.class);
- private HttpServletRequest request = mock(HttpServletRequest.class);
- private HttpServletResponse response = mock(HttpServletResponse.class);
- private BaseIdentityProvider identityProvider = mock(BaseIdentityProvider.class);
- private JwtHttpHandler jwtHttpHandler = mock(JwtHttpHandler.class);
- private TestUserSessionFactory userSessionFactory = TestUserSessionFactory.standalone();
+ private final HttpServletRequest request = mock(HttpServletRequest.class);
+ private final HttpServletResponse response = mock(HttpServletResponse.class);
+ private final BaseIdentityProvider identityProvider = mock(BaseIdentityProvider.class);
+ private final JwtHttpHandler jwtHttpHandler = mock(JwtHttpHandler.class);
+ private final TestUserSessionFactory userSessionFactory = TestUserSessionFactory.standalone();
- private BaseContextFactory underTest = new BaseContextFactory(userIdentityAuthenticator, server, jwtHttpHandler, threadLocalUserSession, userSessionFactory);
+ private final BaseContextFactory underTest = new BaseContextFactory(userIdentityAuthenticator, server, jwtHttpHandler, threadLocalUserSession, userSessionFactory);
@Before
public void setUp() {
when(server.getPublicRootUrl()).thenReturn(PUBLIC_ROOT_URL);
when(identityProvider.getName()).thenReturn("GitHub");
when(identityProvider.getKey()).thenReturn("github");
- when(request.getSession()).thenReturn(mock(HttpSession.class));
}
@Test
public void create_context() {
- BaseIdentityProvider.Context context = underTest.newContext(request, response, identityProvider);
+ JavaxHttpRequest httpRequest = new JavaxHttpRequest(request);
+ JavaxHttpResponse httpResponse = new JavaxHttpResponse(response);
+ BaseIdentityProvider.Context context = underTest.newContext(httpRequest, httpResponse, identityProvider);
+
+ assertThat(context.getHttpRequest()).isEqualTo(httpRequest);
+ assertThat(context.getHttpResponse()).isEqualTo(httpResponse);
assertThat(context.getRequest()).isEqualTo(request);
assertThat(context.getResponse()).isEqualTo(response);
@Test
public void authenticate() {
- BaseIdentityProvider.Context context = underTest.newContext(request, response, identityProvider);
+ JavaxHttpRequest httpRequest = new JavaxHttpRequest(request);
+ JavaxHttpResponse httpResponse = new JavaxHttpResponse(response);
+
+ BaseIdentityProvider.Context context = underTest.newContext(httpRequest, httpResponse, identityProvider);
ArgumentCaptor<UserDto> userArgumentCaptor = ArgumentCaptor.forClass(UserDto.class);
context.authenticate(USER_IDENTITY);
assertThat(userIdentityAuthenticator.isAuthenticated()).isTrue();
verify(threadLocalUserSession).set(any(UserSession.class));
- verify(jwtHttpHandler).generateToken(userArgumentCaptor.capture(), eq(request), eq(response));
+ verify(jwtHttpHandler).generateToken(userArgumentCaptor.capture(), eq(httpRequest), eq(httpResponse));
assertThat(userArgumentCaptor.getValue().getExternalId()).isEqualTo(USER_IDENTITY.getProviderId());
assertThat(userArgumentCaptor.getValue().getExternalLogin()).isEqualTo(USER_IDENTITY.getProviderLogin());
assertThat(userArgumentCaptor.getValue().getExternalIdentityProvider()).isEqualTo("github");
import java.util.Base64;
import java.util.Optional;
-import javax.servlet.http.HttpServletRequest;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
+import org.sonar.api.server.http.HttpRequest;
import org.sonar.api.utils.System2;
import org.sonar.db.DbTester;
import org.sonar.db.user.UserDto;
private final CredentialsAuthentication credentialsAuthentication = mock(CredentialsAuthentication.class);
private final UserTokenAuthentication userTokenAuthentication = mock(UserTokenAuthentication.class);
- private final HttpServletRequest request = mock(HttpServletRequest.class);
+ private final HttpRequest request = mock(HttpRequest.class);
private final AuthenticationEvent authenticationEvent = mock(AuthenticationEvent.class);
*/
package org.sonar.server.authentication;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
import org.junit.Test;
+import org.sonar.api.server.http.Cookie;
+import org.sonar.api.server.http.HttpRequest;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
private static final String HTTPS_HEADER = "X-Forwarded-Proto";
- private HttpServletRequest request = mock(HttpServletRequest.class);
+ private HttpRequest request = mock(HttpRequest.class);
@Test
public void create_cookie() {
assertThat(cookie.getValue()).isEqualTo("value");
assertThat(cookie.isHttpOnly()).isTrue();
assertThat(cookie.getMaxAge()).isEqualTo(10);
- assertThat(cookie.getSecure()).isFalse();
+ assertThat(cookie.isSecure()).isFalse();
assertThat(cookie.getPath()).isEqualTo("/");
}
assertThat(cookie.getValue()).isEqualTo("value");
assertThat(cookie.isHttpOnly()).isTrue();
assertThat(cookie.getMaxAge()).isEqualTo(10);
- assertThat(cookie.getSecure()).isFalse();
+ assertThat(cookie.isSecure()).isFalse();
assertThat(cookie.getPath()).isEqualTo("/sonarqube");
}
public void create_not_secured_cookie_when_header_is_not_http() {
when(request.getHeader(HTTPS_HEADER)).thenReturn("http");
Cookie cookie = newCookieBuilder(request).setName("name").setValue("value").setHttpOnly(true).setExpiry(10).build();
- assertThat(cookie.getSecure()).isFalse();
+ assertThat(cookie.isSecure()).isFalse();
}
@Test
public void create_secured_cookie_when_X_Forwarded_Proto_header_is_https() {
when(request.getHeader(HTTPS_HEADER)).thenReturn("https");
Cookie cookie = newCookieBuilder(request).setName("name").setValue("value").setHttpOnly(true).setExpiry(10).build();
- assertThat(cookie.getSecure()).isTrue();
+ assertThat(cookie.isSecure()).isTrue();
}
@Test
public void create_secured_cookie_when_X_Forwarded_Proto_header_is_HTTPS() {
when(request.getHeader(HTTPS_HEADER)).thenReturn("HTTPS");
Cookie cookie = newCookieBuilder(request).setName("name").setValue("value").setHttpOnly(true).setExpiry(10).build();
- assertThat(cookie.getSecure()).isTrue();
+ assertThat(cookie.isSecure()).isTrue();
}
@Test
package org.sonar.server.authentication;
import java.util.Optional;
-import javax.servlet.http.HttpServletRequest;
import org.junit.Rule;
import org.junit.Test;
import org.sonar.api.config.internal.MapSettings;
+import org.sonar.api.server.http.HttpRequest;
import org.sonar.api.utils.System2;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
public DbTester dbTester = DbTester.create(System2.INSTANCE);
private final DbClient dbClient = dbTester.getDbClient();
private final DbSession dbSession = dbTester.getSession();
- private final HttpServletRequest request = mock(HttpServletRequest.class);
+ private final HttpRequest request = mock(HttpRequest.class);
private final AuthenticationEvent authenticationEvent = mock(AuthenticationEvent.class);
private final MapSettings settings = new MapSettings().setProperty("sonar.internal.pbkdf2.iterations", NUMBER_OF_PBKDF2_ITERATIONS);
private final CredentialsExternalAuthentication externalAuthentication = mock(CredentialsExternalAuthentication.class);
import org.sonar.api.security.ExternalUsersProvider;
import org.sonar.api.security.SecurityRealm;
import org.sonar.api.security.UserDetails;
+import org.sonar.api.server.http.HttpRequest;
import org.sonar.server.authentication.event.AuthenticationEvent;
import org.sonar.server.authentication.event.AuthenticationEvent.Source;
import org.sonar.server.authentication.event.AuthenticationException;
+import org.sonar.server.http.JavaxHttpRequest;
import org.sonar.server.user.SecurityRealmFactory;
import static java.util.Arrays.asList;
private static final String REALM_NAME = "realm name";
- private MapSettings settings = new MapSettings();
+ private final MapSettings settings = new MapSettings();
- private SecurityRealmFactory securityRealmFactory = mock(SecurityRealmFactory.class);
- private SecurityRealm realm = mock(SecurityRealm.class);
- private Authenticator authenticator = mock(Authenticator.class);
- private ExternalUsersProvider externalUsersProvider = mock(ExternalUsersProvider.class);
- private ExternalGroupsProvider externalGroupsProvider = mock(ExternalGroupsProvider.class);
+ private final SecurityRealmFactory securityRealmFactory = mock(SecurityRealmFactory.class);
+ private final SecurityRealm realm = mock(SecurityRealm.class);
+ private final Authenticator authenticator = mock(Authenticator.class);
+ private final ExternalUsersProvider externalUsersProvider = mock(ExternalUsersProvider.class);
+ private final ExternalGroupsProvider externalGroupsProvider = mock(ExternalGroupsProvider.class);
- private TestUserRegistrar userIdentityAuthenticator = new TestUserRegistrar();
- private AuthenticationEvent authenticationEvent = mock(AuthenticationEvent.class);
+ private final TestUserRegistrar userIdentityAuthenticator = new TestUserRegistrar();
+ private final AuthenticationEvent authenticationEvent = mock(AuthenticationEvent.class);
- private HttpServletRequest request = mock(HttpServletRequest.class);
+ private final HttpRequest request = new JavaxHttpRequest(mock(HttpServletRequest.class));
- private CredentialsExternalAuthentication underTest = new CredentialsExternalAuthentication(settings.asConfig(), securityRealmFactory, userIdentityAuthenticator, authenticationEvent);
+ private final CredentialsExternalAuthentication underTest = new CredentialsExternalAuthentication(settings.asConfig(), securityRealmFactory, userIdentityAuthenticator,
+ authenticationEvent);
@Before
public void setUp() throws Exception {
when(externalUsersProvider.doGetUserDetails(any(ExternalUsersProvider.Context.class))).thenReturn(null);
- assertThatThrownBy(() -> underTest.authenticate(new Credentials(LOGIN, PASSWORD), request, BASIC))
+ Credentials credentials = new Credentials(LOGIN, PASSWORD);
+ assertThatThrownBy(() -> underTest.authenticate(credentials, request, BASIC))
.hasMessage("No user details")
.isInstanceOf(AuthenticationException.class)
.hasFieldOrPropertyWithValue("source", Source.realm(BASIC, REALM_NAME))
when(authenticator.doAuthenticate(any(Authenticator.Context.class))).thenReturn(false);
- assertThatThrownBy(() -> underTest.authenticate(new Credentials(LOGIN, PASSWORD), request, BASIC))
+ Credentials credentials = new Credentials(LOGIN, PASSWORD);
+ assertThatThrownBy(() -> underTest.authenticate(credentials, request, BASIC))
.hasMessage("Realm returned authenticate=false")
.isInstanceOf(AuthenticationException.class)
.hasFieldOrPropertyWithValue("source", Source.realm(BASIC, REALM_NAME))
when(externalUsersProvider.doGetUserDetails(any(ExternalUsersProvider.Context.class))).thenReturn(new UserDetails());
- assertThatThrownBy(() -> underTest.authenticate(new Credentials(LOGIN, PASSWORD), request, SONARQUBE_TOKEN))
+ Credentials credentials = new Credentials(LOGIN, PASSWORD);
+ assertThatThrownBy(() -> underTest.authenticate(credentials, request, SONARQUBE_TOKEN))
.hasMessage(expectedMessage)
.isInstanceOf(AuthenticationException.class)
.hasFieldOrPropertyWithValue("source", Source.realm(SONARQUBE_TOKEN, REALM_NAME))
when(realm.doGetAuthenticator()).thenReturn(null);
when(securityRealmFactory.getRealm()).thenReturn(realm);
- assertThatThrownBy(() -> underTest.start())
+ assertThatThrownBy(underTest::start)
.isInstanceOf(NullPointerException.class)
.hasMessage("No authenticator available");
}
when(realm.getUsersProvider()).thenReturn(null);
when(securityRealmFactory.getRealm()).thenReturn(realm);
- assertThatThrownBy(() -> underTest.start())
+ assertThatThrownBy(underTest::start)
.isInstanceOf(NullPointerException.class)
.hasMessage("No users provider available");
}
import com.tngtech.java.junit.dataprovider.DataProviderRunner;
import com.tngtech.java.junit.dataprovider.UseDataProvider;
import java.util.Optional;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.sonar.api.config.Configuration;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
+import org.sonar.api.web.FilterChain;
import org.sonar.server.user.ThreadLocalUserSession;
import static org.mockito.ArgumentMatchers.any;
@RunWith(DataProviderRunner.class)
public class DefaultAdminCredentialsVerifierFilterTest {
- private final HttpServletRequest request = mock(HttpServletRequest.class);
- private final HttpServletResponse response = mock(HttpServletResponse.class);
+ private final HttpRequest request = mock(HttpRequest.class);
+ private final HttpResponse response = mock(HttpResponse.class);
private final FilterChain chain = mock(FilterChain.class);
private final Configuration config = mock(Configuration.class);
private final DefaultAdminCredentialsVerifier defaultAdminCredentialsVerifier = mock(DefaultAdminCredentialsVerifier.class);
@Test
public void verify_other_methods() {
- underTest.init(mock(FilterConfig.class));
+ underTest.init();
underTest.destroy();
verifyNoInteractions(request, response, chain, session);
import java.io.IOException;
import java.io.StringReader;
import java.util.Optional;
-import javax.servlet.http.HttpServletRequest;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.mockito.Mockito;
import org.sonar.api.config.internal.Encryption;
import org.sonar.api.config.internal.Settings;
+import org.sonar.api.server.http.HttpRequest;
import org.sonar.api.testfixtures.log.LogAndArguments;
import org.sonar.api.testfixtures.log.LogTester;
import org.sonar.api.utils.log.LoggerLevel;
@Test
public void authenticate_withComputedSignatureMatchingGithubSignature_returnsAuthentication() {
- HttpServletRequest request = mockRequest(GITHUB_PAYLOAD, GITHUB_SIGNATURE);
+ HttpRequest request = mockRequest(GITHUB_PAYLOAD, GITHUB_SIGNATURE);
Optional<UserAuthResult> authentication = githubWebhookAuthentication.authenticate(request);
assertThat(authentication).isPresent();
@Test
public void authenticate_withoutGithubSignatureHeader_throws() {
- HttpServletRequest request = mockRequest(GITHUB_PAYLOAD, null);
+ HttpRequest request = mockRequest(GITHUB_PAYLOAD, null);
String expectedMessage = format(MSG_UNAUTHENTICATED_GITHUB_CALLS_DENIED, APP_ID);
assertThatExceptionOfType(AuthenticationException.class)
@Test
public void authenticate_withoutBody_throws() {
- HttpServletRequest request = mockRequest(null, GITHUB_SIGNATURE);
+ HttpRequest request = mockRequest(null, GITHUB_SIGNATURE);
assertThatExceptionOfType(AuthenticationException.class)
.isThrownBy(() -> githubWebhookAuthentication.authenticate(request))
@Test
public void authenticate_withExceptionWhileReadingBody_throws() throws IOException {
- HttpServletRequest request = mockRequest(GITHUB_PAYLOAD, GITHUB_SIGNATURE);
+ HttpRequest request = mockRequest(GITHUB_PAYLOAD, GITHUB_SIGNATURE);
when(request.getReader()).thenThrow(new IOException());
assertThatExceptionOfType(AuthenticationException.class)
@Test
public void authenticate_withoutAppId_returnsEmpty() {
- HttpServletRequest request = mockRequest(null, GITHUB_SIGNATURE);
+ HttpRequest request = mockRequest(null, GITHUB_SIGNATURE);
when(request.getHeader(GITHUB_APP_ID_HEADER)).thenReturn(null);
assertThat(githubWebhookAuthentication.authenticate(request)).isEmpty();
@Test
public void authenticate_withWrongPayload_throws() {
- HttpServletRequest request = mockRequest(GITHUB_PAYLOAD + "_", GITHUB_SIGNATURE);
+ HttpRequest request = mockRequest(GITHUB_PAYLOAD + "_", GITHUB_SIGNATURE);
assertThatExceptionOfType(AuthenticationException.class)
.isThrownBy(() -> githubWebhookAuthentication.authenticate(request))
@Test
public void authenticate_withWrongSignature_throws() {
- HttpServletRequest request = mockRequest(GITHUB_PAYLOAD, GITHUB_SIGNATURE + "_");
+ HttpRequest request = mockRequest(GITHUB_PAYLOAD, GITHUB_SIGNATURE + "_");
assertThatExceptionOfType(AuthenticationException.class)
.isThrownBy(() -> githubWebhookAuthentication.authenticate(request))
@Test
public void authenticate_whenNoWebhookSecret_throws() {
- HttpServletRequest request = mockRequest(GITHUB_PAYLOAD, GITHUB_SIGNATURE);
+ HttpRequest request = mockRequest(GITHUB_PAYLOAD, GITHUB_SIGNATURE);
db.getDbClient().almSettingDao().update(db.getSession(), almSettingDto.setWebhookSecret(null), true);
db.commit();
assertThat(logTester.getLogs(LoggerLevel.WARN)).extracting(LogAndArguments::getFormattedMsg).contains(expectedMessage);
}
- private static HttpServletRequest mockRequest(@Nullable String payload, @Nullable String gitHubSignature) {
- HttpServletRequest request = mock(HttpServletRequest.class, Mockito.RETURNS_DEEP_STUBS);
+ private static HttpRequest mockRequest(@Nullable String payload, @Nullable String gitHubSignature) {
+ HttpRequest request = mock(HttpRequest.class, Mockito.RETURNS_DEEP_STUBS);
try {
StringReader stringReader = new StringReader(requireNonNullElse(payload, ""));
BufferedReader bufferedReader = new BufferedReader(stringReader);
import java.util.Map;
import java.util.Optional;
import javax.annotation.Nullable;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.sonar.api.config.internal.MapSettings;
import org.sonar.api.impl.utils.AlwaysIncreasingSystem2;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.utils.System2;
import org.sonar.db.DbTester;
import org.sonar.db.audit.AuditPersister;
private final UserRegistrarImpl userIdentityAuthenticator = new UserRegistrarImpl(db.getDbClient(),
new UserUpdater(mock(NewUserNotifier.class), db.getDbClient(), defaultGroupFinder, settings.asConfig(), mock(AuditPersister.class), localAuthentication),
defaultGroupFinder, mock(ManagedInstanceService.class));
- private final HttpServletResponse response = mock(HttpServletResponse.class);
+ private final HttpResponse response = mock(HttpResponse.class);
private final JwtHttpHandler jwtHttpHandler = mock(JwtHttpHandler.class);
private final AuthenticationEvent authenticationEvent = mock(AuthenticationEvent.class);
private final HttpHeadersAuthentication underTest = new HttpHeadersAuthentication(system2, settings.asConfig(), userIdentityAuthenticator, jwtHttpHandler,
public void create_user_when_authenticating_new_user() {
startWithSso();
setNotUserInToken();
- HttpServletRequest request = createRequest(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, GROUPS);
+ HttpRequest request = createRequest(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, GROUPS);
underTest.authenticate(request, response);
startWithSso();
setNotUserInToken();
- HttpServletRequest request = createRequest(DEFAULT_LOGIN, null, null, null);
+ HttpRequest request = createRequest(DEFAULT_LOGIN, null, null, null);
underTest.authenticate(request, response);
verifyUserInDb(DEFAULT_LOGIN, DEFAULT_LOGIN, null, sonarUsers);
setNotUserInToken();
insertUser(newUserDto().setLogin(DEFAULT_LOGIN).setExternalLogin(DEFAULT_LOGIN).setExternalIdentityProvider("sonarqube").setName("old name").setEmail(DEFAULT_USER.getEmail()), group1);
// Name, email and groups are different
- HttpServletRequest request = createRequest(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, GROUP2);
+ HttpRequest request = createRequest(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, GROUP2);
underTest.authenticate(request, response);
startWithSso();
setNotUserInToken();
insertUser(DEFAULT_USER, group1);
- HttpServletRequest request = createRequest(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, "");
+ HttpRequest request = createRequest(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, "");
underTest.authenticate(request, response);
headerValuesByName.put("X-Forwarded-Login", DEFAULT_LOGIN);
headerValuesByName.put("X-Forwarded-Email", DEFAULT_USER.getEmail());
headerValuesByName.put("X-Forwarded-Groups", null);
- HttpServletRequest request = createRequest(headerValuesByName);
+ HttpRequest request = createRequest(headerValuesByName);
underTest.authenticate(request, response);
startWithSso();
setNotUserInToken();
insertUser(DEFAULT_USER, group1, sonarUsers);
- HttpServletRequest request = createRequest(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, null);
+ HttpRequest request = createRequest(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, null);
underTest.authenticate(request, response);
startWithSso();
UserDto user = insertUser(DEFAULT_USER, group1);
setUserInToken(user, CLOSE_REFRESH_TIME);
- HttpServletRequest request = createRequest(DEFAULT_LOGIN, "new name", "new email", GROUP2);
+ HttpRequest request = createRequest(DEFAULT_LOGIN, "new name", "new email", GROUP2);
underTest.authenticate(request, response);
UserDto user = insertUser(DEFAULT_USER, group1);
// Refresh time was updated 6 minutes ago => more than 5 minutes
setUserInToken(user, NOW - 6 * 60 * 1000L);
- HttpServletRequest request = createRequest(DEFAULT_LOGIN, "new name", DEFAULT_USER.getEmail(), GROUP2);
+ HttpRequest request = createRequest(DEFAULT_LOGIN, "new name", DEFAULT_USER.getEmail(), GROUP2);
underTest.authenticate(request, response);
startWithSso();
UserDto user = insertUser(DEFAULT_USER, group1);
setUserInToken(user, null);
- HttpServletRequest request = createRequest(DEFAULT_LOGIN, "new name", DEFAULT_USER.getEmail(), GROUP2);
+ HttpRequest request = createRequest(DEFAULT_LOGIN, "new name", DEFAULT_USER.getEmail(), GROUP2);
underTest.authenticate(request, response);
UserDto user = insertUser(DEFAULT_USER, group1);
// Refresh time was updated 6 minutes ago => less than 10 minutes ago so not updated
setUserInToken(user, NOW - 6 * 60 * 1000L);
- HttpServletRequest request = createRequest(DEFAULT_LOGIN, "new name", "new email", GROUP2);
+ HttpRequest request = createRequest(DEFAULT_LOGIN, "new name", "new email", GROUP2);
underTest.authenticate(request, response);
startWithSso();
insertUser(DEFAULT_USER, group1);
setUserInToken(DEFAULT_USER, CLOSE_REFRESH_TIME);
- HttpServletRequest request = createRequest("AnotherLogin", "Another name", "Another email", GROUP2);
+ HttpRequest request = createRequest("AnotherLogin", "Another name", "Another email", GROUP2);
underTest.authenticate(request, response);
settings.setProperty("sonar.web.sso.groupsHeader", "head-groups");
startWithSso();
setNotUserInToken();
- HttpServletRequest request = createRequest(ImmutableMap.of("head-login", DEFAULT_LOGIN, "head-name", DEFAULT_NAME, "head-email", DEFAULT_EMAIL, "head-groups", GROUPS));
+ HttpRequest request = createRequest(ImmutableMap.of("head-login", DEFAULT_LOGIN, "head-name", DEFAULT_NAME, "head-email", DEFAULT_EMAIL, "head-groups", GROUPS));
underTest.authenticate(request, response);
settings.setProperty("sonar.web.sso.groupsHeader", "Groups");
startWithSso();
setNotUserInToken();
- HttpServletRequest request = createRequest(ImmutableMap.of("login", DEFAULT_LOGIN, "name", DEFAULT_NAME, "email", DEFAULT_EMAIL, "groups", GROUPS));
+ HttpRequest request = createRequest(ImmutableMap.of("login", DEFAULT_LOGIN, "name", DEFAULT_NAME, "email", DEFAULT_EMAIL, "groups", GROUPS));
underTest.authenticate(request, response);
public void trim_groups() {
startWithSso();
setNotUserInToken();
- HttpServletRequest request = createRequest(DEFAULT_LOGIN, null, null, " dev , admin ");
+ HttpRequest request = createRequest(DEFAULT_LOGIN, null, null, " dev , admin ");
underTest.authenticate(request, response);
}
private void setUserInToken(UserDto user, @Nullable Long lastRefreshTime) {
- when(jwtHttpHandler.getToken(any(HttpServletRequest.class), any(HttpServletResponse.class)))
+ when(jwtHttpHandler.getToken(any(HttpRequest.class), any(HttpResponse.class)))
.thenReturn(Optional.of(new JwtHttpHandler.Token(
user,
lastRefreshTime == null ? Collections.emptyMap() : ImmutableMap.of("ssoLastRefreshTime", lastRefreshTime))));
}
private void setNotUserInToken() {
- when(jwtHttpHandler.getToken(any(HttpServletRequest.class), any(HttpServletResponse.class))).thenReturn(Optional.empty());
+ when(jwtHttpHandler.getToken(any(HttpRequest.class), any(HttpResponse.class))).thenReturn(Optional.empty());
}
private UserDto insertUser(UserDto user, GroupDto... groups) {
return user;
}
- private static HttpServletRequest createRequest(Map<String, String> headerValuesByName) {
- HttpServletRequest request = mock(HttpServletRequest.class);
+ private static HttpRequest createRequest(Map<String, String> headerValuesByName) {
+ HttpRequest request = mock(HttpRequest.class);
setHeaders(request, headerValuesByName);
return request;
}
- private static HttpServletRequest createRequest(String login, @Nullable String name, @Nullable String email, @Nullable String groups) {
+ private static HttpRequest createRequest(String login, @Nullable String name, @Nullable String email, @Nullable String groups) {
Map<String, String> headerValuesByName = new HashMap<>();
headerValuesByName.put("X-Forwarded-Login", login);
if (name != null) {
if (groups != null) {
headerValuesByName.put("X-Forwarded-Groups", groups);
}
- HttpServletRequest request = mock(HttpServletRequest.class);
+ HttpRequest request = mock(HttpRequest.class);
setHeaders(request, headerValuesByName);
return request;
}
- private static void setHeaders(HttpServletRequest request, Map<String, String> valuesByName) {
+ private static void setHeaders(HttpRequest request, Map<String, String> valuesByName) {
valuesByName.forEach((key, value) -> when(request.getHeader(key)).thenReturn(value));
when(request.getHeaderNames()).thenReturn(Collections.enumeration(valuesByName.keySet()));
}
}
private void verifyTokenIsUpdated(long refreshTime) {
- verify(jwtHttpHandler).generateToken(any(UserDto.class), eq(ImmutableMap.of("ssoLastRefreshTime", refreshTime)), any(HttpServletRequest.class), any(HttpServletResponse.class));
+ verify(jwtHttpHandler).generateToken(any(UserDto.class), eq(ImmutableMap.of("ssoLastRefreshTime", refreshTime)), any(HttpRequest.class), any(HttpResponse.class));
}
private void verifyTokenIsNotUpdated() {
- verify(jwtHttpHandler, never()).generateToken(any(UserDto.class), anyMap(), any(HttpServletRequest.class), any(HttpServletResponse.class));
+ verify(jwtHttpHandler, never()).generateToken(any(UserDto.class), anyMap(), any(HttpRequest.class), any(HttpResponse.class));
}
}
*/
package org.sonar.server.authentication;
-import javax.servlet.FilterChain;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.sonar.api.server.authentication.IdentityProvider;
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
import org.sonar.api.server.authentication.UnauthorizedException;
+import org.sonar.api.server.http.Cookie;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.testfixtures.log.LogTester;
+import org.sonar.api.web.FilterChain;
import org.sonar.server.authentication.event.AuthenticationEvent;
import org.sonar.server.authentication.event.AuthenticationException;
private BaseContextFactory baseContextFactory = mock(BaseContextFactory.class);
private OAuth2ContextFactory oAuth2ContextFactory = mock(OAuth2ContextFactory.class);
- private HttpServletRequest request = mock(HttpServletRequest.class);
- private HttpServletResponse response = mock(HttpServletResponse.class);
+ private HttpRequest request = mock(HttpRequest.class);
+ private HttpResponse response = mock(HttpResponse.class);
private FilterChain chain = mock(FilterChain.class);
private FakeOAuth2IdentityProvider oAuth2IdentityProvider = new FakeOAuth2IdentityProvider(OAUTH2_PROVIDER_KEY, true);
assertThat(cookie.getPath()).isEqualTo("/");
assertThat(cookie.isHttpOnly()).isFalse();
assertThat(cookie.getMaxAge()).isEqualTo(300);
- assertThat(cookie.getSecure()).isFalse();
+ assertThat(cookie.isSecure()).isFalse();
}
@Test
*/
package org.sonar.server.authentication;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
+import org.sonar.api.server.http.Cookie;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.server.authentication.event.AuthenticationEvent.Source;
import org.sonar.server.authentication.event.AuthenticationException;
private ArgumentCaptor<Cookie> cookieArgumentCaptor = ArgumentCaptor.forClass(Cookie.class);
- private HttpServletResponse response = mock(HttpServletResponse.class);
- private HttpServletRequest request = mock(HttpServletRequest.class);
+ private HttpResponse response = mock(HttpResponse.class);
+ private HttpRequest request = mock(HttpRequest.class);
private JwtCsrfVerifier underTest = new JwtCsrfVerifier();
assertThat(cookie.getPath()).isEqualTo("/");
assertThat(cookie.isHttpOnly()).isFalse();
assertThat(cookie.getMaxAge()).isEqualTo(TIMEOUT);
- assertThat(cookie.getSecure()).isFalse();
+ assertThat(cookie.isSecure()).isFalse();
}
private void mockPostJavaWsRequest() {
import java.util.Map;
import java.util.Optional;
import javax.annotation.Nullable;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.sonar.api.config.internal.MapSettings;
+import org.sonar.api.server.http.Cookie;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.utils.System2;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.user.SessionTokenDto;
import org.sonar.db.user.UserDto;
+import org.sonar.server.http.JavaxHttpRequest;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
private DbSession dbSession = db.getSession();
private ArgumentCaptor<Cookie> cookieArgumentCaptor = ArgumentCaptor.forClass(Cookie.class);
private ArgumentCaptor<JwtSerializer.JwtSession> jwtArgumentCaptor = ArgumentCaptor.forClass(JwtSerializer.JwtSession.class);
- private HttpServletRequest request = mock(HttpServletRequest.class);
- private HttpServletResponse response = mock(HttpServletResponse.class);
+ private HttpRequest request = mock(HttpRequest.class);
+ private HttpResponse response = mock(HttpResponse.class);
private HttpSession httpSession = mock(HttpSession.class);
private System2 system2 = spy(System2.INSTANCE);
private MapSettings settings = new MapSettings();
@Before
public void setUp() {
when(system2.now()).thenReturn(NOW);
- when(request.getSession()).thenReturn(httpSession);
when(jwtSerializer.encode(any(JwtSerializer.JwtSession.class))).thenReturn(JWT_TOKEN);
when(jwtCsrfVerifier.generateState(eq(request), eq(response), anyInt())).thenReturn(CSRF_STATE);
}
@Test
public void validate_token_does_nothing_when_empty_value_in_jwt_cookie() {
- when(request.getCookies()).thenReturn(new Cookie[] {new Cookie("JWT-SESSION", "")});
+ when(request.getCookies()).thenReturn(new Cookie[] {new JavaxHttpRequest.JavaxCookie(new javax.servlet.http.Cookie("JWT-SESSION", ""))});
underTest.validateToken(request, response);
assertThat(cookie.getPath()).isEqualTo("/");
assertThat(cookie.isHttpOnly()).isTrue();
assertThat(cookie.getMaxAge()).isEqualTo(expiry);
- assertThat(cookie.getSecure()).isFalse();
+ assertThat(cookie.isSecure()).isFalse();
assertThat(cookie.getValue()).isEqualTo(value);
}
}
private Cookie addJwtCookie() {
- Cookie cookie = new Cookie("JWT-SESSION", JWT_TOKEN);
+ Cookie cookie = new JavaxHttpRequest.JavaxCookie(new javax.servlet.http.Cookie("JWT-SESSION", JWT_TOKEN));
when(request.getCookies()).thenReturn(new Cookie[] {cookie});
return cookie;
}
package org.sonar.server.authentication;
import javax.annotation.Nullable;
-import javax.servlet.http.HttpServletRequest;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.sonar.api.config.internal.MapSettings;
import org.sonar.api.server.authentication.IdentityProvider;
import org.sonar.api.server.authentication.UserIdentity;
+import org.sonar.api.server.http.HttpRequest;
import org.sonar.auth.ldap.LdapAuthenticator;
import org.sonar.auth.ldap.LdapGroupsProvider;
import org.sonar.auth.ldap.LdapRealm;
private AuthenticationEvent authenticationEvent;
@Mock
- private HttpServletRequest request = mock(HttpServletRequest.class);
+ private HttpRequest request = mock(HttpRequest.class);
@Mock
private LdapAuthenticator ldapAuthenticator;
import com.tngtech.java.junit.dataprovider.DataProvider;
import com.tngtech.java.junit.dataprovider.DataProviderRunner;
import java.util.Optional;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentCaptor;
+import org.sonar.api.server.http.Cookie;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
+import org.sonar.server.http.JavaxHttpRequest;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.ArgumentMatchers.any;
private static final String AUTHENTICATION_COOKIE_NAME = "AUTH-PARAMS";
private final ArgumentCaptor<Cookie> cookieArgumentCaptor = ArgumentCaptor.forClass(Cookie.class);
- private final HttpServletResponse response = mock(HttpServletResponse.class);
- private final HttpServletRequest request = mock(HttpServletRequest.class);
+ private final HttpResponse response = mock(HttpResponse.class);
+ private final HttpRequest request = mock(HttpRequest.class);
private final OAuth2AuthenticationParameters underTest = new OAuth2AuthenticationParametersImpl();
assertThat(cookie.getPath()).isEqualTo("/");
assertThat(cookie.isHttpOnly()).isTrue();
assertThat(cookie.getMaxAge()).isEqualTo(300);
- assertThat(cookie.getSecure()).isFalse();
+ assertThat(cookie.isSecure()).isFalse();
}
@Test
@Test
public void get_return_to_parameter() {
- when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{\"return_to\":\"/admin/settings\"}")});
+ when(request.getCookies()).thenReturn(new Cookie[] {wrapCookie(AUTHENTICATION_COOKIE_NAME, "{\"return_to\":\"/admin/settings\"}")});
Optional<String> redirection = underTest.getReturnTo(request);
@Test
public void get_return_to_is_empty_when_no_value() {
- when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{}")});
+ when(request.getCookies()).thenReturn(new Cookie[] {wrapCookie(AUTHENTICATION_COOKIE_NAME, "{}")});
Optional<String> redirection = underTest.getReturnTo(request);
@Test
public void delete() {
- when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{\"return_to\":\"/admin/settings\"}")});
+ when(request.getCookies()).thenReturn(new Cookie[] {wrapCookie(AUTHENTICATION_COOKIE_NAME, "{\"return_to\":\"/admin/settings\"}")});
underTest.delete(request, response);
assertThat(updatedCookie.getPath()).isEqualTo("/");
assertThat(updatedCookie.getMaxAge()).isZero();
}
+
+ private JavaxHttpRequest.JavaxCookie wrapCookie(String name, String value) {
+ return new JavaxHttpRequest.JavaxCookie(new javax.servlet.http.Cookie(name, value));
+ }
}
*/
package org.sonar.server.authentication;
-import javax.servlet.FilterChain;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
import org.sonar.api.server.authentication.UnauthorizedException;
import org.sonar.api.server.authentication.UserIdentity;
+import org.sonar.api.server.http.Cookie;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.testfixtures.log.LogTester;
+import org.sonar.api.web.FilterChain;
import org.sonar.server.authentication.event.AuthenticationEvent;
import org.sonar.server.authentication.event.AuthenticationException;
import org.sonar.server.user.ThreadLocalUserSession;
private OAuth2ContextFactory oAuth2ContextFactory = mock(OAuth2ContextFactory.class);
- private HttpServletRequest request = mock(HttpServletRequest.class);
- private HttpServletResponse response = mock(HttpServletResponse.class);
+ private HttpRequest request = mock(HttpRequest.class);
+ private HttpResponse response = mock(HttpResponse.class);
private FilterChain chain = mock(FilterChain.class);
private FakeOAuth2IdentityProvider oAuth2IdentityProvider = new WellbehaveFakeOAuth2IdentityProvider(OAUTH2_PROVIDER_KEY, true, LOGIN);
assertThat(cookie.getPath()).isEqualTo("/");
assertThat(cookie.isHttpOnly()).isFalse();
assertThat(cookie.getMaxAge()).isEqualTo(300);
- assertThat(cookie.getSecure()).isFalse();
+ assertThat(cookie.isSecure()).isFalse();
}
@Test
*/
package org.sonar.server.authentication;
-import com.google.common.collect.ImmutableSet;
import java.util.Optional;
-import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.sonar.api.platform.Server;
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
import org.sonar.api.server.authentication.UserIdentity;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.db.user.UserDto;
-import org.sonar.server.authentication.OAuth2ContextFactory.OAuthContextImpl;
+import org.sonar.server.http.JavaxHttpRequest;
+import org.sonar.server.http.JavaxHttpResponse;
import org.sonar.server.user.TestUserSessionFactory;
import org.sonar.server.user.ThreadLocalUserSession;
import org.sonar.server.user.UserSession;
.setEmail("john@email.com")
.build();
+ private final ThreadLocalUserSession threadLocalUserSession = mock(ThreadLocalUserSession.class);
+ private final TestUserRegistrar userIdentityAuthenticator = new TestUserRegistrar();
+ private final Server server = mock(Server.class);
+ private final OAuthCsrfVerifier csrfVerifier = mock(OAuthCsrfVerifier.class);
+ private final JwtHttpHandler jwtHttpHandler = mock(JwtHttpHandler.class);
+ private final TestUserSessionFactory userSessionFactory = TestUserSessionFactory.standalone();
+ private final OAuth2AuthenticationParameters oAuthParameters = mock(OAuth2AuthenticationParameters.class);
+ private final HttpServletRequest request = mock(HttpServletRequest.class);
+ private final HttpServletResponse response = mock(HttpServletResponse.class);
- private ThreadLocalUserSession threadLocalUserSession = mock(ThreadLocalUserSession.class);
- private TestUserRegistrar userIdentityAuthenticator = new TestUserRegistrar();
- private Server server = mock(Server.class);
- private OAuthCsrfVerifier csrfVerifier = mock(OAuthCsrfVerifier.class);
- private JwtHttpHandler jwtHttpHandler = mock(JwtHttpHandler.class);
- private TestUserSessionFactory userSessionFactory = TestUserSessionFactory.standalone();
- private OAuth2AuthenticationParameters oAuthParameters = mock(OAuth2AuthenticationParameters.class);
- private HttpServletRequest request = mock(HttpServletRequest.class);
- private HttpServletResponse response = mock(HttpServletResponse.class);
- private HttpSession session = mock(HttpSession.class);
- private OAuth2IdentityProvider identityProvider = mock(OAuth2IdentityProvider.class);
+ private final HttpRequest httpRequest = new JavaxHttpRequest(request);
+ private final HttpResponse httpResponse = new JavaxHttpResponse(response);
- private OAuth2ContextFactory underTest = new OAuth2ContextFactory(threadLocalUserSession, userIdentityAuthenticator, server, csrfVerifier, jwtHttpHandler, userSessionFactory,
+ private final OAuth2IdentityProvider identityProvider = mock(OAuth2IdentityProvider.class);
+
+ private final OAuth2ContextFactory underTest = new OAuth2ContextFactory(threadLocalUserSession, userIdentityAuthenticator, server, csrfVerifier, jwtHttpHandler,
+ userSessionFactory,
oAuthParameters);
@Before
public void setUp() {
- when(request.getSession()).thenReturn(session);
when(identityProvider.getKey()).thenReturn(PROVIDER_KEY);
when(identityProvider.getName()).thenReturn(PROVIDER_NAME);
}
OAuth2IdentityProvider.InitContext context = newInitContext();
+ assertThat(context.getHttpRequest()).isEqualTo(httpRequest);
+ assertThat(context.getHttpResponse()).isEqualTo(httpResponse);
+
assertThat(context.getRequest()).isEqualTo(request);
assertThat(context.getResponse()).isEqualTo(response);
+
assertThat(context.getCallbackUrl()).isEqualTo("https://mydomain.com/oauth2/callback/github");
}
context.generateCsrfState();
- verify(csrfVerifier).generateState(request, response);
+ verify(csrfVerifier).generateState(httpRequest, httpResponse);
}
@Test
OAuth2IdentityProvider.CallbackContext callback = newCallbackContext();
- assertThat(callback.getRequest()).isEqualTo(request);
- assertThat(callback.getResponse()).isEqualTo(response);
+ assertThat(callback.getHttpRequest()).isEqualTo(httpRequest);
+ assertThat(callback.getHttpResponse()).isEqualTo(httpResponse);
assertThat(callback.getCallbackUrl()).isEqualTo("https://mydomain.com/oauth2/callback/github");
}
assertThat(userIdentityAuthenticator.isAuthenticated()).isTrue();
verify(threadLocalUserSession).set(any(UserSession.class));
ArgumentCaptor<UserDto> userArgumentCaptor = ArgumentCaptor.forClass(UserDto.class);
- verify(jwtHttpHandler).generateToken(userArgumentCaptor.capture(), eq(request), eq(response));
+ verify(jwtHttpHandler).generateToken(userArgumentCaptor.capture(), eq(httpRequest), eq(httpResponse));
assertThat(userArgumentCaptor.getValue().getExternalId()).isEqualTo(USER_IDENTITY.getProviderId());
assertThat(userArgumentCaptor.getValue().getExternalLogin()).isEqualTo(USER_IDENTITY.getProviderLogin());
assertThat(userArgumentCaptor.getValue().getExternalIdentityProvider()).isEqualTo(PROVIDER_KEY);
@Test
public void redirect_to_home() throws Exception {
when(server.getContextPath()).thenReturn("");
- when(oAuthParameters.getReturnTo(request)).thenReturn(Optional.empty());
+ when(oAuthParameters.getReturnTo(httpRequest)).thenReturn(Optional.empty());
OAuth2IdentityProvider.CallbackContext callback = newCallbackContext();
callback.redirectToRequestedPage();
@Test
public void redirect_to_home_with_context() throws Exception {
when(server.getContextPath()).thenReturn("/sonarqube");
- when(oAuthParameters.getReturnTo(request)).thenReturn(Optional.empty());
+ when(oAuthParameters.getReturnTo(httpRequest)).thenReturn(Optional.empty());
OAuth2IdentityProvider.CallbackContext callback = newCallbackContext();
callback.redirectToRequestedPage();
@Test
public void redirect_to_requested_page() throws Exception {
- when(oAuthParameters.getReturnTo(request)).thenReturn(Optional.of("/admin/settings"));
+ when(oAuthParameters.getReturnTo(httpRequest)).thenReturn(Optional.of("/admin/settings"));
when(server.getContextPath()).thenReturn("");
OAuth2IdentityProvider.CallbackContext callback = newCallbackContext();
@Test
public void redirect_to_requested_page_does_not_need_context() throws Exception {
- when(oAuthParameters.getReturnTo(request)).thenReturn(Optional.of("/admin/settings"));
+ when(oAuthParameters.getReturnTo(httpRequest)).thenReturn(Optional.of("/admin/settings"));
when(server.getContextPath()).thenReturn("/other");
OAuth2IdentityProvider.CallbackContext callback = newCallbackContext();
callback.verifyCsrfState();
- verify(csrfVerifier).verifyState(request, response, identityProvider);
+ verify(csrfVerifier).verifyState(httpRequest, httpResponse, identityProvider);
}
@Test
public void delete_oauth2_parameters_during_redirection() {
- when(oAuthParameters.getReturnTo(request)).thenReturn(Optional.of("/admin/settings"));
+ when(oAuthParameters.getReturnTo(httpRequest)).thenReturn(Optional.of("/admin/settings"));
when(server.getContextPath()).thenReturn("");
OAuth2IdentityProvider.CallbackContext callback = newCallbackContext();
callback.redirectToRequestedPage();
- verify(oAuthParameters).delete(request, response);
+ verify(oAuthParameters).delete(httpRequest, httpResponse);
}
private OAuth2IdentityProvider.InitContext newInitContext() {
- return underTest.newContext(request, response, identityProvider);
+ return underTest.newContext(httpRequest, httpResponse, identityProvider);
}
private OAuth2IdentityProvider.CallbackContext newCallbackContext() {
- return underTest.newCallback(request, response, identityProvider);
+ return underTest.newCallback(httpRequest, httpResponse, identityProvider);
}
}
*/
package org.sonar.server.authentication;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.sonar.api.platform.Server;
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
+import org.sonar.api.server.http.Cookie;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.server.authentication.event.AuthenticationEvent;
import org.sonar.server.authentication.event.AuthenticationException;
+import org.sonar.server.http.JavaxHttpRequest;
import static org.apache.commons.codec.digest.DigestUtils.sha1Hex;
import static org.apache.commons.codec.digest.DigestUtils.sha256Hex;
private OAuth2IdentityProvider identityProvider = mock(OAuth2IdentityProvider.class);
private Server server = mock(Server.class);
- private HttpServletResponse response = mock(HttpServletResponse.class);
- private HttpServletRequest request = mock(HttpServletRequest.class);
+ private HttpResponse response = mock(HttpResponse.class);
+ private HttpRequest request = mock(HttpRequest.class);
private OAuthCsrfVerifier underTest = new OAuthCsrfVerifier();
@Test
public void verify_state() {
String state = "state";
- when(request.getCookies()).thenReturn(new Cookie[]{new Cookie("OAUTHSTATE", sha256Hex(state))});
+ when(request.getCookies()).thenReturn(new Cookie[]{wrapCookie("OAUTHSTATE", sha256Hex(state))});
when(request.getParameter("aStateParameter")).thenReturn(state);
underTest.verifyState(request, response, identityProvider, "aStateParameter");
@Test
public void verify_state_using_default_state_parameter() {
String state = "state";
- when(request.getCookies()).thenReturn(new Cookie[]{new Cookie("OAUTHSTATE", sha256Hex(state))});
+ when(request.getCookies()).thenReturn(new Cookie[]{wrapCookie("OAUTHSTATE", sha256Hex(state))});
when(request.getParameter("state")).thenReturn(state);
underTest.verifyState(request, response, identityProvider);
@Test
public void fail_with_AuthenticationException_when_state_cookie_is_not_the_same_as_state_parameter() {
- when(request.getCookies()).thenReturn(new Cookie[]{new Cookie("OAUTHSTATE", sha1Hex("state"))});
+ when(request.getCookies()).thenReturn(new Cookie[]{wrapCookie("OAUTHSTATE", sha1Hex("state"))});
when(request.getParameter("state")).thenReturn("other value");
assertThatThrownBy(() -> underTest.verifyState(request, response, identityProvider))
@Test
public void fail_with_AuthenticationException_when_state_cookie_is_null() {
- when(request.getCookies()).thenReturn(new Cookie[]{new Cookie("OAUTHSTATE", null)});
+ when(request.getCookies()).thenReturn(new Cookie[]{wrapCookie("OAUTHSTATE", null)});
when(request.getParameter("state")).thenReturn("state");
assertThatThrownBy(() -> underTest.verifyState(request, response, identityProvider))
@Test
public void fail_with_AuthenticationException_when_state_parameter_is_empty() {
- when(request.getCookies()).thenReturn(new Cookie[]{new Cookie("OAUTHSTATE", sha1Hex("state"))});
+ when(request.getCookies()).thenReturn(new Cookie[]{wrapCookie("OAUTHSTATE", sha1Hex("state"))});
when(request.getParameter("state")).thenReturn("");
assertThatThrownBy(() -> underTest.verifyState(request, response, identityProvider))
assertThat(cookie.getPath()).isEqualTo("/");
assertThat(cookie.isHttpOnly()).isTrue();
assertThat(cookie.getMaxAge()).isEqualTo(-1);
- assertThat(cookie.getSecure()).isFalse();
+ assertThat(cookie.isSecure()).isFalse();
+ }
+
+ private JavaxHttpRequest.JavaxCookie wrapCookie(String name, String value) {
+ return new JavaxHttpRequest.JavaxCookie(new javax.servlet.http.Cookie(name, value));
}
}
package org.sonar.server.authentication;
import java.util.Optional;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.junit.Before;
import org.junit.Test;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.db.user.UserDto;
import org.sonar.db.user.UserTokenDto;
import org.sonar.server.tester.AnonymousMockUserSession;
private static final UserDto A_USER = newUserDto();
private static final UserTokenDto A_USER_TOKEN = mockUserTokenDto(A_USER);
- private final HttpServletRequest request = mock(HttpServletRequest.class);
- private final HttpServletResponse response = mock(HttpServletResponse.class);
+ private final HttpRequest request = mock(HttpRequest.class);
+ private final HttpResponse response = mock(HttpResponse.class);
private final JwtHttpHandler jwtHttpHandler = mock(JwtHttpHandler.class);
private final BasicAuthentication basicAuthentication = mock(BasicAuthentication.class);
private final UserTokenAuthentication userTokenAuthentication = mock(UserTokenAuthentication.class);
import com.tngtech.java.junit.dataprovider.DataProvider;
import com.tngtech.java.junit.dataprovider.DataProviderRunner;
import com.tngtech.java.junit.dataprovider.UseDataProvider;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
+import org.sonar.api.web.FilterChain;
import org.sonar.server.user.ThreadLocalUserSession;
import static org.mockito.ArgumentMatchers.any;
@RunWith(DataProviderRunner.class)
public class ResetPasswordFilterTest {
- private final HttpServletRequest request = mock(HttpServletRequest.class);
- private final HttpServletResponse response = mock(HttpServletResponse.class);
+ private final HttpRequest request = mock(HttpRequest.class);
+ private final HttpResponse response = mock(HttpResponse.class);
private final FilterChain chain = mock(FilterChain.class);
private final ThreadLocalUserSession session = mock(ThreadLocalUserSession.class);
@Test
public void verify_other_methods() {
- underTest.init(mock(FilterConfig.class));
+ underTest.init();
underTest.destroy();
verifyNoInteractions(request, response, chain, session);
*/
package org.sonar.server.authentication;
-import javax.servlet.http.HttpServletResponse;
import org.junit.Test;
+import org.sonar.api.server.http.HttpResponse;
import static org.mockito.ArgumentMatchers.contains;
import static org.mockito.ArgumentMatchers.eq;
@Test
public void addCspHeadersWithNonceToResponse_whenCalled_shouldAddNonceToCspHeaders() {
- HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
+ HttpResponse httpServletResponse = mock(HttpResponse.class);
String nonce = addCspHeadersWithNonceToResponse(httpServletResponse);
import java.io.IOException;
import java.io.PrintWriter;
import java.util.List;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentCaptor;
-import org.mockito.internal.verification.VerificationModeFactory;
import org.sonar.api.platform.Server;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
+import org.sonar.api.web.FilterChain;
import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.Assert.assertThrows;
Server server = mock(Server.class);
doReturn("contextPath").when(server).getContextPath();
underTest = new SamlValidationRedirectionFilter(server);
- underTest.init(mock(FilterConfig.class));
+ underTest.init();
}
}
@Test
- public void do_filter_validation_relay_state_with_csrfToken() throws ServletException, IOException {
- HttpServletRequest servletRequest = mock(HttpServletRequest.class);
- HttpServletResponse servletResponse = mock(HttpServletResponse.class);
+ public void do_filter_validation_relay_state_with_csrfToken() throws IOException {
+ HttpRequest servletRequest = mock(HttpRequest.class);
+ HttpResponse servletResponse = mock(HttpResponse.class);
FilterChain filterChain = mock(FilterChain.class);
String validSample = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
}
@Test
- public void do_filter_validation_relay_state_with_malicious_csrfToken() throws ServletException, IOException {
- HttpServletRequest servletRequest = mock(HttpServletRequest.class);
- HttpServletResponse servletResponse = mock(HttpServletResponse.class);
+ public void do_filter_validation_relay_state_with_malicious_csrfToken() throws IOException {
+ HttpRequest servletRequest = mock(HttpRequest.class);
+ HttpResponse servletResponse = mock(HttpResponse.class);
FilterChain filterChain = mock(FilterChain.class);
String validSample = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
}
@Test
- public void do_filter_validation_wrong_SAML_response() throws ServletException, IOException {
- HttpServletRequest servletRequest = mock(HttpServletRequest.class);
- HttpServletResponse servletResponse = mock(HttpServletResponse.class);
+ public void do_filter_validation_wrong_SAML_response() throws IOException {
+ HttpRequest servletRequest = mock(HttpRequest.class);
+ HttpResponse servletResponse = mock(HttpResponse.class);
FilterChain filterChain = mock(FilterChain.class);
String maliciousSaml = "test\"</input><script>/*hack website*/</script><input value=\"";
@Test
@UseDataProvider("invalidRelayStateValues")
- public void do_filter_invalid_relayState_values(String relayStateValue) throws ServletException, IOException {
- HttpServletRequest servletRequest = mock(HttpServletRequest.class);
- HttpServletResponse servletResponse = mock(HttpServletResponse.class);
+ public void do_filter_invalid_relayState_values(String relayStateValue) throws IOException {
+ HttpRequest servletRequest = mock(HttpRequest.class);
+ HttpResponse servletResponse = mock(HttpResponse.class);
FilterChain filterChain = mock(FilterChain.class);
doReturn(relayStateValue).when(servletRequest).getParameter("RelayState");
import java.time.LocalDateTime;
import java.time.ZoneOffset;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.sonar.api.config.internal.MapSettings;
import org.sonar.api.server.authentication.BaseIdentityProvider;
+import org.sonar.api.server.http.Cookie;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.utils.System2;
import org.sonar.db.DbTester;
import org.sonar.db.user.UserDto;
public DbTester dbTester = DbTester.create(System2.INSTANCE);
private ThreadLocalUserSession threadLocalSession = mock(ThreadLocalUserSession.class);
- private HttpServletRequest request = mock(HttpServletRequest.class);
- private HttpServletResponse response = mock(HttpServletResponse.class);
+ private HttpRequest request = mock(HttpRequest.class);
+ private HttpResponse response = mock(HttpResponse.class);
private RequestAuthenticator authenticator = mock(RequestAuthenticator.class);
private AuthenticationEvent authenticationEvent = mock(AuthenticationEvent.class);
private MapSettings settings = new MapSettings();
assertThat(cookie.getPath()).isEqualTo("/");
assertThat(cookie.isHttpOnly()).isFalse();
assertThat(cookie.getMaxAge()).isEqualTo(300);
- assertThat(cookie.getSecure()).isFalse();
+ assertThat(cookie.isSecure()).isFalse();
}
@Test
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
-import javax.servlet.http.HttpServletRequest;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.slf4j.event.Level;
+import org.sonar.api.server.http.HttpRequest;
import org.sonar.api.testfixtures.log.LogTester;
import org.sonar.api.utils.log.LoggerLevel;
@Rule
public LogTester logTester = new LogTester();
- private AuthenticationEventImpl underTest = new AuthenticationEventImpl();
+ private final AuthenticationEventImpl underTest = new AuthenticationEventImpl();
@Before
public void setUp() {
public void login_success_fails_with_NPE_if_request_is_null() {
logTester.setLevel(LoggerLevel.INFO);
- assertThatThrownBy(() -> underTest.loginSuccess(null, "login", Source.sso()))
+ Source sso = Source.sso();
+ assertThatThrownBy(() -> underTest.loginSuccess(null, "login", sso))
.isInstanceOf(NullPointerException.class)
.hasMessage("request can't be null");
}
public void login_success_fails_with_NPE_if_source_is_null() {
logTester.setLevel(LoggerLevel.INFO);
- assertThatThrownBy(() -> underTest.loginSuccess(mock(HttpServletRequest.class), "login", null))
+ assertThatThrownBy(() -> underTest.loginSuccess(mock(HttpRequest.class), "login", null))
.isInstanceOf(NullPointerException.class)
.hasMessage("source can't be null");
}
@Test
public void login_success_does_not_interact_with_request_if_log_level_is_above_DEBUG() {
- HttpServletRequest request = mock(HttpServletRequest.class);
+ HttpRequest request = mock(HttpRequest.class);
logTester.setLevel(LoggerLevel.INFO);
underTest.loginSuccess(request, "login", Source.sso());
@Test
public void login_success_logs_X_Forwarded_For_header_from_request() {
- HttpServletRequest request = mockRequest("1.2.3.4", asList("2.3.4.5"));
+ HttpRequest request = mockRequest("1.2.3.4", asList("2.3.4.5"));
underTest.loginSuccess(request, "foo", Source.realm(Method.EXTERNAL, "bar"));
verifyLog("login success [method|EXTERNAL][provider|REALM|bar][IP|1.2.3.4|2.3.4.5][login|foo]");
@Test
public void login_success_logs_X_Forwarded_For_header_from_request_and_supports_multiple_headers() {
- HttpServletRequest request = mockRequest("1.2.3.4", asList("2.3.4.5", "6.5.4.3"), asList("9.5.6.7"), asList("6.3.2.4"));
+ HttpRequest request = mockRequest("1.2.3.4", asList("2.3.4.5", "6.5.4.3"), asList("9.5.6.7"), asList("6.3.2.4"));
underTest.loginSuccess(request, "foo", Source.realm(Method.EXTERNAL, "bar"));
verifyLog("login success [method|EXTERNAL][provider|REALM|bar][IP|1.2.3.4|2.3.4.5,6.5.4.3,9.5.6.7,6.3.2.4][login|foo]");
public void login_failure_fails_with_NPE_if_request_is_null() {
logTester.setLevel(LoggerLevel.INFO);
- assertThatThrownBy(() -> underTest.loginFailure(null, newBuilder().setSource(Source.sso()).build()))
+ AuthenticationException exception = newBuilder().setSource(Source.sso()).build();
+ assertThatThrownBy(() -> underTest.loginFailure(null, exception))
.isInstanceOf(NullPointerException.class)
.hasMessage("request can't be null");
}
public void login_failure_fails_with_NPE_if_AuthenticationException_is_null() {
logTester.setLevel(LoggerLevel.INFO);
- assertThatThrownBy(() -> underTest.loginFailure(mock(HttpServletRequest.class), null))
+ assertThatThrownBy(() -> underTest.loginFailure(mock(HttpRequest.class), null))
.isInstanceOf(NullPointerException.class)
.hasMessage("AuthenticationException can't be null");
}
@Test
public void login_failure_does_not_interact_with_arguments_if_log_level_is_above_DEBUG() {
- HttpServletRequest request = mock(HttpServletRequest.class);
+ HttpRequest request = mock(HttpRequest.class);
AuthenticationException exception = mock(AuthenticationException.class);
logTester.setLevel(LoggerLevel.INFO);
.setMessage("Hop la!")
.setLogin("foo")
.build();
- HttpServletRequest request = mockRequest("1.2.3.4", asList("2.3.4.5"));
+ HttpRequest request = mockRequest("1.2.3.4", asList("2.3.4.5"));
underTest.loginFailure(request, exception);
verifyLog("login failure [cause|Hop la!][method|EXTERNAL][provider|REALM|bar][IP|1.2.3.4|2.3.4.5][login|foo]");
.setMessage("Boom!")
.setLogin("foo")
.build();
- HttpServletRequest request = mockRequest("1.2.3.4", asList("2.3.4.5", "6.5.4.3"), asList("9.5.6.7"), asList("6.3.2.4"));
+ HttpRequest request = mockRequest("1.2.3.4", asList("2.3.4.5", "6.5.4.3"), asList("9.5.6.7"), asList("6.3.2.4"));
underTest.loginFailure(request, exception);
verifyLog("login failure [cause|Boom!][method|EXTERNAL][provider|REALM|bar][IP|1.2.3.4|2.3.4.5,6.5.4.3,9.5.6.7,6.3.2.4][login|foo]");
@Test
public void logout_success_does_not_interact_with_request_if_log_level_is_above_DEBUG() {
- HttpServletRequest request = mock(HttpServletRequest.class);
+ HttpRequest request = mock(HttpRequest.class);
logTester.setLevel(LoggerLevel.INFO);
underTest.logoutSuccess(request, "foo");
@Test
public void logout_success_logs_X_Forwarded_For_header_from_request() {
- HttpServletRequest request = mockRequest("1.2.3.4", asList("2.3.4.5"));
+ HttpRequest request = mockRequest("1.2.3.4", asList("2.3.4.5"));
underTest.logoutSuccess(request, "foo");
verifyLog("logout success [IP|1.2.3.4|2.3.4.5][login|foo]");
@Test
public void logout_success_logs_X_Forwarded_For_header_from_request_and_supports_multiple_headers() {
- HttpServletRequest request = mockRequest("1.2.3.4", asList("2.3.4.5", "6.5.4.3"), asList("9.5.6.7"), asList("6.3.2.4"));
+ HttpRequest request = mockRequest("1.2.3.4", asList("2.3.4.5", "6.5.4.3"), asList("9.5.6.7"), asList("6.3.2.4"));
underTest.logoutSuccess(request, "foo");
verifyLog("logout success [IP|1.2.3.4|2.3.4.5,6.5.4.3,9.5.6.7,6.3.2.4][login|foo]");
public void login_fails_with_NPE_if_error_message_is_null() {
logTester.setLevel(LoggerLevel.INFO);
- assertThatThrownBy(() -> underTest.logoutFailure(mock(HttpServletRequest.class), null))
+ assertThatThrownBy(() -> underTest.logoutFailure(mock(HttpRequest.class), null))
.isInstanceOf(NullPointerException.class)
.hasMessage("error message can't be null");
}
@Test
public void logout_does_not_interact_with_request_if_log_level_is_above_DEBUG() {
- HttpServletRequest request = mock(HttpServletRequest.class);
+ HttpRequest request = mock(HttpRequest.class);
logTester.setLevel(LoggerLevel.INFO);
underTest.logoutFailure(request, "bad csrf");
@Test
public void logout_logs_X_Forwarded_For_header_from_request() {
- HttpServletRequest request = mockRequest("1.2.3.4", asList("2.3.4.5"));
+ HttpRequest request = mockRequest("1.2.3.4", asList("2.3.4.5"));
underTest.logoutFailure(request, "bad token");
verifyLog("logout failure [error|bad token][IP|1.2.3.4|2.3.4.5]");
@Test
public void logout_logs_X_Forwarded_For_header_from_request_and_supports_multiple_headers() {
- HttpServletRequest request = mockRequest("1.2.3.4", asList("2.3.4.5", "6.5.4.3"), asList("9.5.6.7"), asList("6.3.2.4"));
+ HttpRequest request = mockRequest("1.2.3.4", asList("2.3.4.5", "6.5.4.3"), asList("9.5.6.7"), asList("6.3.2.4"));
underTest.logoutFailure(request, "bad token");
verifyLog("logout failure [error|bad token][IP|1.2.3.4|2.3.4.5,6.5.4.3,9.5.6.7,6.3.2.4]");
.containsOnly(expected);
}
- private static HttpServletRequest mockRequest() {
+ private static HttpRequest mockRequest() {
return mockRequest("");
}
- private static HttpServletRequest mockRequest(String remoteAddr, List<String>... remoteIps) {
- HttpServletRequest res = mock(HttpServletRequest.class);
+ private static HttpRequest mockRequest(String remoteAddr, List<String>... remoteIps) {
+ HttpRequest res = mock(HttpRequest.class);
when(res.getRemoteAddr()).thenReturn(remoteAddr);
when(res.getHeaders("X-Forwarded-For"))
.thenReturn(Collections.enumeration(
import java.time.ZonedDateTime;
import java.util.Base64;
import java.util.Optional;
-import javax.servlet.http.HttpServletRequest;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;
+import org.sonar.api.server.http.HttpRequest;
import org.sonar.api.utils.System2;
import org.sonar.db.DbTester;
import org.sonar.db.user.UserDto;
private final TokenGenerator tokenGenerator = mock(TokenGenerator.class);
private final UserLastConnectionDatesUpdater userLastConnectionDatesUpdater = mock(UserLastConnectionDatesUpdater.class);
private final AuthenticationEvent authenticationEvent = mock(AuthenticationEvent.class);
- private final HttpServletRequest request = mock(HttpServletRequest.class);
+ private final HttpRequest request = mock(HttpRequest.class);
private final UserTokenAuthentication underTest = new UserTokenAuthentication(tokenGenerator, db.getDbClient(), userLastConnectionDatesUpdater, authenticationEvent);
@Before
import java.io.IOException;
import java.util.Set;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.sonar.api.config.Configuration;
-import org.sonar.api.web.ServletFilter;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
+import org.sonar.api.web.FilterChain;
+import org.sonar.api.web.HttpFilter;
+import org.sonar.api.web.UrlPattern;
import org.sonar.core.extension.PluginRiskConsent;
import org.sonar.server.user.ThreadLocalUserSession;
-import static org.sonar.api.web.ServletFilter.UrlPattern.Builder.staticResourcePatterns;
+import static org.sonar.api.web.UrlPattern.Builder.staticResourcePatterns;
import static org.sonar.core.config.CorePropertyDefinitions.PLUGINS_RISK_CONSENT;
import static org.sonar.core.extension.PluginRiskConsent.NOT_ACCEPTED;
import static org.sonar.core.extension.PluginRiskConsent.REQUIRED;
import static org.sonar.server.authentication.AuthenticationRedirection.redirectTo;
-public class PluginsRiskConsentFilter extends ServletFilter {
+public class PluginsRiskConsentFilter extends HttpFilter {
private static final String PLUGINS_RISK_CONSENT_PATH = "/admin/plugin_risk_consent"; //NOSONAR this path will be the same in every environment
}
@Override
- public void init(FilterConfig filterConfig) throws ServletException {
+ public void init() {
//nothing to do
}
@Override
- public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
- HttpServletRequest request = (HttpServletRequest) servletRequest;
- HttpServletResponse response = (HttpServletResponse) servletResponse;
+ public void doFilter(HttpRequest request, HttpResponse response, FilterChain chain) throws IOException{
PluginRiskConsent riskConsent = PluginRiskConsent.valueOf(config.get(PLUGINS_RISK_CONSENT).orElse(NOT_ACCEPTED.name()));
if (userSession.hasSession() && userSession.isLoggedIn()
package org.sonar.server.plugins;
import java.util.Optional;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletRequest;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;
import org.sonar.api.config.Configuration;
-import org.sonar.api.web.ServletFilter;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
+import org.sonar.api.web.FilterChain;
+import org.sonar.api.web.UrlPattern;
import org.sonar.core.extension.PluginRiskConsent;
import org.sonar.server.user.ThreadLocalUserSession;
private Configuration configuration;
private ThreadLocalUserSession userSession;
- private ServletRequest servletRequest;
- private HttpServletResponse servletResponse;
+ private HttpRequest request;
+ private HttpResponse response;
private FilterChain chain;
@Before
when(configuration.get(PLUGINS_RISK_CONSENT)).thenReturn(Optional.of(PluginRiskConsent.REQUIRED.name()));
userSession = mock(ThreadLocalUserSession.class);
- servletRequest = mock(HttpServletRequest.class);
- servletResponse = mock(HttpServletResponse.class);
+ request = mock(HttpRequest.class);
+ response = mock(HttpResponse.class);
chain = mock(FilterChain.class);
}
when(userSession.hasSession()).thenReturn(true);
- consentFilter.doFilter(servletRequest, servletResponse, chain);
+ consentFilter.doFilter(request, response, chain);
- verify(servletResponse, times(0)).sendRedirect(Mockito.anyString());
+ verify(response, times(0)).sendRedirect(Mockito.anyString());
}
@Test
when(userSession.hasSession()).thenReturn(true);
when(userSession.isLoggedIn()).thenReturn(false);
- consentFilter.doFilter(servletRequest, servletResponse, chain);
+ consentFilter.doFilter(request, response, chain);
- verify(servletResponse, times(0)).sendRedirect(Mockito.anyString());
+ verify(response, times(0)).sendRedirect(Mockito.anyString());
}
@Test
when(userSession.isLoggedIn()).thenReturn(false);
when(configuration.get(PLUGINS_RISK_CONSENT)).thenReturn(Optional.of(PluginRiskConsent.REQUIRED.name()));
- consentFilter.doFilter(servletRequest, servletResponse, chain);
+ consentFilter.doFilter(request, response, chain);
- verify(servletResponse, times(0)).sendRedirect(Mockito.anyString());
+ verify(response, times(0)).sendRedirect(Mockito.anyString());
}
@Test
when(userSession.isLoggedIn()).thenReturn(false);
when(configuration.get(PLUGINS_RISK_CONSENT)).thenReturn(Optional.of(PluginRiskConsent.ACCEPTED.name()));
- consentFilter.doFilter(servletRequest, servletResponse, chain);
+ consentFilter.doFilter(request, response, chain);
- verify(servletResponse, times(0)).sendRedirect(Mockito.anyString());
+ verify(response, times(0)).sendRedirect(Mockito.anyString());
}
@Test
when(userSession.isLoggedIn()).thenReturn(true);
when(userSession.isSystemAdministrator()).thenReturn(false);
- consentFilter.doFilter(servletRequest, servletResponse, chain);
+ consentFilter.doFilter(request, response, chain);
- verify(servletResponse, times(0)).sendRedirect(Mockito.anyString());
+ verify(response, times(0)).sendRedirect(Mockito.anyString());
}
@Test
when(userSession.isSystemAdministrator()).thenReturn(false);
when(configuration.get(PLUGINS_RISK_CONSENT)).thenReturn(Optional.of(PluginRiskConsent.REQUIRED.name()));
- consentFilter.doFilter(servletRequest, servletResponse, chain);
+ consentFilter.doFilter(request, response, chain);
- verify(servletResponse, times(0)).sendRedirect(Mockito.anyString());
+ verify(response, times(0)).sendRedirect(Mockito.anyString());
}
@Test
when(userSession.isLoggedIn()).thenReturn(true);
when(userSession.isSystemAdministrator()).thenReturn(true);
- consentFilter.doFilter(servletRequest, servletResponse, chain);
+ consentFilter.doFilter(request, response, chain);
- verify(servletResponse, times(1)).sendRedirect(Mockito.anyString());
+ verify(response, times(1)).sendRedirect(Mockito.anyString());
}
@Test
when(userSession.isSystemAdministrator()).thenReturn(true);
when(configuration.get(PLUGINS_RISK_CONSENT)).thenReturn(Optional.of(PluginRiskConsent.ACCEPTED.name()));
- consentFilter.doFilter(servletRequest, servletResponse, chain);
+ consentFilter.doFilter(request, response, chain);
- verify(servletResponse, times(0)).sendRedirect(Mockito.anyString());
+ verify(response, times(0)).sendRedirect(Mockito.anyString());
}
@Test
public void doGetPattern_excludesNotEmpty() {
PluginsRiskConsentFilter consentFilter = new PluginsRiskConsentFilter(configuration, userSession);
- ServletFilter.UrlPattern urlPattern = consentFilter.doGetPattern();
+ UrlPattern urlPattern = consentFilter.doGetPattern();
assertThat(urlPattern.getExclusions()).isNotEmpty();
import javax.annotation.CheckForNull;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.IOUtils;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.server.ws.Response;
import org.sonar.api.utils.text.JsonWriter;
import org.sonar.api.utils.text.XmlWriter;
+import org.sonar.server.http.JavaxHttpResponse;
import org.sonar.server.ws.ServletResponse;
import org.sonar.server.ws.TestableResponse;
import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
public class DumbPushResponse extends ServletResponse implements TestableResponse {
public DumbPushResponse() {
- super(mock(HttpServletResponse.class));
+ super(initMock());
+ }
+
+ private static HttpResponse initMock() {
+ JavaxHttpResponse mock = mock(JavaxHttpResponse.class);
+ when(mock.getDelegate()).thenReturn(mock(HttpServletResponse.class));
+ return mock;
}
private DumbPushResponse.InMemoryStream stream;
import java.util.Map;
import java.util.Optional;
import javax.servlet.AsyncContext;
+import org.sonar.server.http.JavaxHttpRequest;
import org.sonar.server.ws.ServletRequest;
import org.sonar.server.ws.TestRequest;
import org.sonar.server.ws.TestResponse;
private TestRequest testRequest = new TestRequest();
public TestPushRequest() {
- super(null);
+ super(mock(JavaxHttpRequest.class));
}
@Override
*/
package org.sonar.server.authentication.ws;
-import javax.servlet.FilterChain;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.utils.System2;
+import org.sonar.api.web.FilterChain;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
@Rule
public DbTester dbTester = DbTester.create(System2.INSTANCE);
- private DbClient dbClient = dbTester.getDbClient();
+ private final DbClient dbClient = dbTester.getDbClient();
- private DbSession dbSession = dbTester.getSession();
+ private final DbSession dbSession = dbTester.getSession();
- private ThreadLocalUserSession threadLocalUserSession = new ThreadLocalUserSession();
+ private final ThreadLocalUserSession threadLocalUserSession = new ThreadLocalUserSession();
- private HttpServletRequest request = mock(HttpServletRequest.class);
- private HttpServletResponse response = mock(HttpServletResponse.class);
- private FilterChain chain = mock(FilterChain.class);
+ private final HttpRequest request = mock(HttpRequest.class);
+ private final HttpResponse response = mock(HttpResponse.class);
+ private final FilterChain chain = mock(FilterChain.class);
- private CredentialsAuthentication credentialsAuthentication = mock(CredentialsAuthentication.class);
- private JwtHttpHandler jwtHttpHandler = mock(JwtHttpHandler.class);
- private AuthenticationEvent authenticationEvent = mock(AuthenticationEvent.class);
- private TestUserSessionFactory userSessionFactory = TestUserSessionFactory.standalone();
+ private final CredentialsAuthentication credentialsAuthentication = mock(CredentialsAuthentication.class);
+ private final JwtHttpHandler jwtHttpHandler = mock(JwtHttpHandler.class);
+ private final AuthenticationEvent authenticationEvent = mock(AuthenticationEvent.class);
+ private final TestUserSessionFactory userSessionFactory = TestUserSessionFactory.standalone();
- private UserDto user = UserTesting.newUserDto().setLogin(LOGIN);
- private LoginAction underTest = new LoginAction(credentialsAuthentication, jwtHttpHandler, threadLocalUserSession, authenticationEvent, userSessionFactory);
+ private final UserDto user = UserTesting.newUserDto().setLogin(LOGIN);
+ private final LoginAction underTest = new LoginAction(credentialsAuthentication, jwtHttpHandler, threadLocalUserSession, authenticationEvent, userSessionFactory);
@Before
public void setUp() {
}
@Test
- public void return_authorized_code_when_unauthorized_exception_is_thrown() throws Exception {
+ public void return_authorized_code_when_unauthorized_exception_is_thrown() {
doThrow(new UnauthorizedException("error !")).when(credentialsAuthentication).authenticate(new Credentials(LOGIN, PASSWORD), request, FORM);
executeRequest(LOGIN, PASSWORD);
}
@Test
- public void return_unauthorized_code_when_no_login() throws Exception {
+ public void return_unauthorized_code_when_no_login() {
executeRequest(null, PASSWORD);
verify(response).setStatus(401);
verify(authenticationEvent).loginFailure(eq(request), any(AuthenticationException.class));
}
@Test
- public void return_unauthorized_code_when_empty_login() throws Exception {
+ public void return_unauthorized_code_when_empty_login() {
executeRequest("", PASSWORD);
verify(response).setStatus(401);
verify(authenticationEvent).loginFailure(eq(request), any(AuthenticationException.class));
}
@Test
- public void return_unauthorized_code_when_no_password() throws Exception {
+ public void return_unauthorized_code_when_no_password() {
executeRequest(LOGIN, null);
verify(response).setStatus(401);
verify(authenticationEvent).loginFailure(eq(request), any(AuthenticationException.class));
}
@Test
- public void return_unauthorized_code_when_empty_password() throws Exception {
+ public void return_unauthorized_code_when_empty_password() {
executeRequest(LOGIN, "");
verify(response).setStatus(401);
verify(authenticationEvent).loginFailure(eq(request), any(AuthenticationException.class));
import java.io.IOException;
import java.util.Optional;
import javax.annotation.Nullable;
-import javax.servlet.FilterChain;
import javax.servlet.ServletOutputStream;
import javax.servlet.WriteListener;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.sonar.api.config.internal.MapSettings;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.server.ws.WebService;
+import org.sonar.api.web.FilterChain;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.audit.NoOpAuditPersister;
private final ArgumentCaptor<UserDto> userDtoCaptor = ArgumentCaptor.forClass(UserDto.class);
- private final HttpServletRequest request = mock(HttpServletRequest.class);
- private final HttpServletResponse response = mock(HttpServletResponse.class);
+ private final HttpRequest request = mock(HttpRequest.class);
+ private final HttpResponse response = mock(HttpResponse.class);
private final FilterChain chain = mock(FilterChain.class);
private final MapSettings settings = new MapSettings().setProperty("sonar.internal.pbkdf2.iterations", "1");
private final JwtHttpHandler jwtHttpHandler = mock(JwtHttpHandler.class);
- private final ChangePasswordAction changePasswordAction = new ChangePasswordAction(db.getDbClient(), userUpdater, userSessionRule, localAuthentication, jwtHttpHandler);
+ private final ChangePasswordAction underTest = new ChangePasswordAction(db.getDbClient(), userUpdater, userSessionRule, localAuthentication, jwtHttpHandler);
private ServletOutputStream responseOutputStream;
@Before
userSessionRule.logIn(user.getLogin());
UserTestData anotherLocalUser = createLocalUser();
- assertThatThrownBy(() -> executeTest(anotherLocalUser.getLogin(), "I dunno", NEW_PASSWORD))
+ String anotherLocalUserLogin = anotherLocalUser.getLogin();
+ assertThatThrownBy(() -> executeTest(anotherLocalUserLogin, "I dunno", NEW_PASSWORD))
.isInstanceOf(ForbiddenException.class);
verifyNoInteractions(jwtHttpHandler);
assertThat(findSessionTokenDto(db.getSession(), user.getSessionTokenUuid())).isPresent();
UserDto user = db.users().insertUser(u -> u.setActive(false));
userSessionRule.logIn(user);
- assertThatThrownBy(() -> executeTest(user.getLogin(), null, "polop"))
+ String userLogin = user.getLogin();
+ assertThatThrownBy(() -> executeTest(userLogin, null, "polop"))
.isInstanceOf(NotFoundException.class)
- .hasMessage(format("User with login '%s' has not been found", user.getLogin()));
+ .hasMessage(format("User with login '%s' has not been found", userLogin));
verifyNoInteractions(jwtHttpHandler);
}
UserTestData user = createLocalUser();
userSessionRule.logIn(user.userDto());
-
executeTest(user.getLogin(), OLD_PASSWORD, null);
verify(response).setStatus(HTTP_BAD_REQUEST);
assertThat(responseOutputStream).hasToString("{\"result\":\"The 'password' parameter is missing\"}");
WebService.Context context = new WebService.Context();
WebService.NewController newController = context.createController(controllerKey);
- changePasswordAction.define(newController);
+ underTest.define(newController);
newController.done();
WebService.Action changePassword = context.controller(controllerKey).action("change_password");
when(request.getParameter(PARAM_LOGIN)).thenReturn(login);
when(request.getParameter(PARAM_PREVIOUS_PASSWORD)).thenReturn(oldPassword);
when(request.getParameter(PARAM_PASSWORD)).thenReturn(newPassword);
- changePasswordAction.doFilter(request, response, chain);
+ underTest.doFilter(request, response, chain);
}
private UserTestData createLocalUser(String password) {
*/
package org.sonar.server.authentication.ws;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.server.ws.WebService;
-import org.sonar.api.web.ServletFilter;
+import org.sonar.api.web.FilterChain;
+import org.sonar.api.web.HttpFilter;
+import org.sonar.api.web.UrlPattern;
import org.sonar.db.user.UserDto;
import org.sonar.server.authentication.Credentials;
import org.sonar.server.authentication.CredentialsAuthentication;
import static org.sonar.server.authentication.ws.AuthenticationWs.AUTHENTICATION_CONTROLLER;
import static org.sonarqube.ws.client.WsRequest.Method.POST;
-public class LoginAction extends ServletFilter implements AuthenticationWsAction {
+public class LoginAction extends HttpFilter implements AuthenticationWsAction {
private static final String LOGIN_ACTION = "login";
public static final String LOGIN_URL = "/" + AUTHENTICATION_CONTROLLER + "/" + LOGIN_ACTION;
}
@Override
- public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) {
- HttpServletRequest request = (HttpServletRequest) servletRequest;
- HttpServletResponse response = (HttpServletResponse) servletResponse;
-
+ public void doFilter(HttpRequest request, HttpResponse response, FilterChain chain) {
if (!request.getMethod().equals(POST.name())) {
response.setStatus(HTTP_BAD_REQUEST);
return;
}
}
- private UserDto authenticate(HttpServletRequest request) {
+ private UserDto authenticate(HttpRequest request) {
String login = request.getParameter("login");
String password = request.getParameter("password");
if (isEmpty(login) || isEmpty(password)) {
}
@Override
- public void init(FilterConfig filterConfig) {
+ public void init() {
// Nothing to do
}
package org.sonar.server.authentication.ws;
import java.util.Optional;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.server.ws.WebService;
-import org.sonar.api.web.ServletFilter;
+import org.sonar.api.web.FilterChain;
+import org.sonar.api.web.HttpFilter;
+import org.sonar.api.web.UrlPattern;
import org.sonar.server.authentication.JwtHttpHandler;
import org.sonar.server.authentication.event.AuthenticationEvent;
import org.sonar.server.authentication.event.AuthenticationException;
import static org.sonar.server.authentication.ws.AuthenticationWs.AUTHENTICATION_CONTROLLER;
import static org.sonarqube.ws.client.WsRequest.Method.POST;
-public class LogoutAction extends ServletFilter implements AuthenticationWsAction {
+public class LogoutAction extends HttpFilter implements AuthenticationWsAction {
private static final String LOGOUT_ACTION = "logout";
public static final String LOGOUT_URL = "/" + AUTHENTICATION_CONTROLLER + "/" + LOGOUT_ACTION;
}
@Override
- public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) {
- HttpServletRequest request = (HttpServletRequest) servletRequest;
- HttpServletResponse response = (HttpServletResponse) servletResponse;
-
+ public void doFilter(HttpRequest request, HttpResponse response, FilterChain chain) {
if (!request.getMethod().equals(POST.name())) {
response.setStatus(HTTP_BAD_REQUEST);
return;
logout(request, response);
}
- private void logout(HttpServletRequest request, HttpServletResponse response) {
+ private void logout(HttpRequest request, HttpResponse response) {
generateAuthenticationEvent(request, response);
jwtHttpHandler.removeToken(request, response);
}
/**
* The generation of the authentication event should not prevent the removal of JWT cookie, that's why it's done in a separate method
*/
- private void generateAuthenticationEvent(HttpServletRequest request, HttpServletResponse response) {
+ private void generateAuthenticationEvent(HttpRequest request, HttpResponse response) {
try {
Optional<JwtHttpHandler.Token> token = jwtHttpHandler.getToken(request, response);
String userLogin = token.map(value -> value.getUserDto().getLogin()).orElse(null);
}
@Override
- public void init(FilterConfig filterConfig) {
+ public void init() {
// Nothing to do
}
import com.google.common.io.Resources;
import java.io.IOException;
import java.util.Optional;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.sonar.api.config.Configuration;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.utils.text.JsonWriter;
-import org.sonar.api.web.ServletFilter;
+import org.sonar.api.web.FilterChain;
+import org.sonar.api.web.HttpFilter;
+import org.sonar.api.web.UrlPattern;
import org.sonar.db.user.UserDto;
import org.sonar.server.authentication.BasicAuthentication;
import org.sonar.server.authentication.JwtHttpHandler;
import static org.sonar.api.CoreProperties.CORE_FORCE_AUTHENTICATION_PROPERTY;
import static org.sonar.server.authentication.ws.AuthenticationWs.AUTHENTICATION_CONTROLLER;
-public class ValidateAction extends ServletFilter implements AuthenticationWsAction {
+public class ValidateAction extends HttpFilter implements AuthenticationWsAction {
private static final String VALIDATE_ACTION = "validate";
public static final String VALIDATE_URL = "/" + AUTHENTICATION_CONTROLLER + "/" + VALIDATE_ACTION;
}
@Override
- public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException {
- HttpServletRequest request = (HttpServletRequest) servletRequest;
- HttpServletResponse response = (HttpServletResponse) servletResponse;
-
+ public void doFilter(HttpRequest request, HttpResponse response, FilterChain filterChain) throws IOException {
boolean isAuthenticated = authenticate(request, response);
response.setContentType(MediaTypes.JSON);
}
}
- private boolean authenticate(HttpServletRequest request, HttpServletResponse response) {
+ private boolean authenticate(HttpRequest request, HttpResponse response) {
try {
Optional<UserDto> user = jwtHttpHandler.validateToken(request, response);
if (user.isPresent()) {
}
@Override
- public void init(FilterConfig filterConfig) {
+ public void init() {
// Nothing to do
}
import java.io.IOException;
import java.util.Arrays;
import java.util.stream.Collectors;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpServletResponse;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.server.ws.WebService;
-import org.sonar.api.web.ServletFilter;
+import org.sonar.api.web.FilterChain;
+import org.sonar.api.web.HttpFilter;
+import org.sonar.api.web.UrlPattern;
import org.sonar.auth.saml.SamlAuthenticator;
import org.sonar.auth.saml.SamlIdentityProvider;
import org.sonar.server.authentication.AuthenticationError;
import org.sonar.server.authentication.SamlValidationCspHeaders;
import org.sonar.server.authentication.SamlValidationRedirectionFilter;
import org.sonar.server.authentication.event.AuthenticationException;
+import org.sonar.server.http.JavaxHttpRequest;
import org.sonar.server.user.ThreadLocalUserSession;
import org.sonar.server.ws.ServletFilterHandler;
import static org.sonar.server.saml.ws.SamlValidationWs.SAML_VALIDATION_CONTROLLER;
-public class ValidationAction extends ServletFilter implements SamlAction {
+public class ValidationAction extends HttpFilter implements SamlAction {
static final String VALIDATION_CALLBACK_KEY = SamlValidationRedirectionFilter.SAML_VALIDATION_KEY;
private static final String URL_DELIMITER = "/";
}
@Override
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
- HttpServletResponse httpResponse = (HttpServletResponse) response;
- HttpServletRequest httpRequest = (HttpServletRequest) request;
-
+ public void doFilter(HttpRequest request, HttpResponse response, FilterChain filterChain) throws IOException {
try {
- oAuthCsrfVerifier.verifyState(httpRequest, httpResponse, samlIdentityProvider, "CSRFToken");
+ oAuthCsrfVerifier.verifyState(request, response, samlIdentityProvider, "CSRFToken");
} catch (AuthenticationException exception) {
- AuthenticationError.handleError(httpRequest, httpResponse, exception.getMessage());
+ AuthenticationError.handleError(request, response, exception.getMessage());
return;
}
if (!userSession.hasSession() || !userSession.isSystemAdministrator()) {
- AuthenticationError.handleError(httpRequest, httpResponse, "User needs to be logged in as system administrator to access this page.");
+ AuthenticationError.handleError(request, response, "User needs to be logged in as system administrator to access this page.");
return;
}
- httpRequest = new HttpServletRequestWrapper(httpRequest) {
+ HttpServletRequest httpRequest = new HttpServletRequestWrapper(((JavaxHttpRequest) request).getDelegate()) {
@Override
public StringBuffer getRequestURL() {
return new StringBuffer(oAuth2ContextFactory.generateCallbackUrl(SamlIdentityProvider.KEY));
}
};
- httpResponse.setContentType("text/html");
+ response.setContentType("text/html");
- String htmlResponse = samlAuthenticator.getAuthenticationStatusPage(httpRequest, httpResponse);
- String nonce = SamlValidationCspHeaders.addCspHeadersWithNonceToResponse(httpResponse);
+ String htmlResponse = samlAuthenticator.getAuthenticationStatusPage(new JavaxHttpRequest(httpRequest), response);
+ String nonce = SamlValidationCspHeaders.addCspHeadersWithNonceToResponse(response);
htmlResponse = htmlResponse.replace("%NONCE%", nonce);
- httpResponse.getWriter().print(htmlResponse);
+ response.getWriter().print(htmlResponse);
}
@Override
package org.sonar.server.saml.ws;
import java.io.IOException;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.server.ws.WebService;
-import org.sonar.api.web.ServletFilter;
+import org.sonar.api.web.FilterChain;
+import org.sonar.api.web.HttpFilter;
+import org.sonar.api.web.UrlPattern;
import org.sonar.auth.saml.SamlAuthenticator;
import org.sonar.auth.saml.SamlIdentityProvider;
import org.sonar.server.authentication.AuthenticationError;
import static org.sonar.server.authentication.SamlValidationRedirectionFilter.SAML_VALIDATION_CONTROLLER_CONTEXT;
import static org.sonar.server.authentication.SamlValidationRedirectionFilter.SAML_VALIDATION_KEY;
-public class ValidationInitAction extends ServletFilter implements SamlAction {
+public class ValidationInitAction extends HttpFilter implements SamlAction {
public static final String VALIDATION_RELAY_STATE = "validation-query";
public static final String VALIDATION_INIT_KEY = "validation_init";
}
@Override
- public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
- HttpServletRequest request = (HttpServletRequest) servletRequest;
- HttpServletResponse response = (HttpServletResponse) servletResponse;
-
+ public void doFilter(HttpRequest request, HttpResponse response, FilterChain chain) throws IOException {
try {
userSession.checkIsSystemAdministrator();
} catch (ForbiddenException e) {
return;
}
- String csrfState = oAuthCsrfVerifier.generateState(request,response);
+ String csrfState = oAuthCsrfVerifier.generateState(request, response);
try {
samlAuthenticator.initLogin(oAuth2ContextFactory.generateCallbackUrl(SamlIdentityProvider.KEY),
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.util.Optional;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.server.ws.Change;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;
-import org.sonar.api.web.ServletFilter;
+import org.sonar.api.web.FilterChain;
+import org.sonar.api.web.HttpFilter;
+import org.sonar.api.web.UrlPattern;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.user.UserDto;
import static org.sonarqube.ws.client.user.UsersWsParameters.PARAM_PASSWORD;
import static org.sonarqube.ws.client.user.UsersWsParameters.PARAM_PREVIOUS_PASSWORD;
-public class ChangePasswordAction extends ServletFilter implements BaseUsersWsAction {
+public class ChangePasswordAction extends HttpFilter implements BaseUsersWsAction {
private static final Logger LOG = Loggers.get(ChangePasswordAction.class);
}
@Override
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
+ public void doFilter(HttpRequest request, HttpResponse response, FilterChain chain) {
userSession.checkLoggedIn();
try (DbSession dbSession = dbClient.openSession(false)) {
String login = getParamOrThrow(request, PARAM_LOGIN);
}
}
- private static String getParamOrThrow(ServletRequest request, String key) throws PasswordException {
+ private static String getParamOrThrow(HttpRequest request, String key) throws PasswordException {
String value = request.getParameter(key);
if (isNullOrEmpty(value)) {
throw new PasswordException(format(MSG_PARAMETER_MISSING, key));
return user;
}
- private void deleteTokensAndRefreshSession(ServletRequest request, ServletResponse response, DbSession dbSession, UserDto user) {
+ private void deleteTokensAndRefreshSession(HttpRequest request, HttpResponse response, DbSession dbSession, UserDto user) {
dbClient.sessionTokensDao().deleteByUser(dbSession, user);
refreshJwtToken(request, response, user);
}
- private void refreshJwtToken(ServletRequest request, ServletResponse response, UserDto user) {
- HttpServletRequest httpRequest = (HttpServletRequest) request;
- HttpServletResponse httpResponse = (HttpServletResponse) response;
- jwtHttpHandler.removeToken(httpRequest, httpResponse);
- jwtHttpHandler.generateToken(user, httpRequest, httpResponse);
+ private void refreshJwtToken(HttpRequest request, HttpResponse response, UserDto user) {
+ jwtHttpHandler.removeToken(request, response);
+ jwtHttpHandler.generateToken(user, request, response);
}
private void updatePassword(DbSession dbSession, UserDto user, String newPassword) {
});
}
- private static void setResponseStatus(ServletResponse response, int newStatusCode) {
- ((HttpServletResponse) response).setStatus(newStatusCode);
+ private static void setResponseStatus(HttpResponse response, int newStatusCode) {
+ response.setStatus(newStatusCode);
}
- private static void writeJsonResponse(String msg, ServletResponse response) {
+ private static void writeJsonResponse(String msg, HttpResponse response) {
Gson gson = new GsonBuilder()
.disableHtmlEscaping()
.create();
+
try (OutputStream output = response.getOutputStream();
JsonWriter writer = gson.newJsonWriter(new OutputStreamWriter(output, UTF_8))) {
response.setContentType(JSON);
import java.util.Collections;
import java.util.Optional;
-import javax.servlet.FilterChain;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import org.junit.Rule;
import org.junit.Test;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.server.ws.WebService;
-import org.sonar.api.utils.System2;
-import org.sonar.db.DbTester;
+import org.sonar.api.web.FilterChain;
import org.sonar.db.user.UserDto;
import org.sonar.server.authentication.JwtHttpHandler;
import org.sonar.server.authentication.event.AuthenticationEvent;
private static final UserDto USER = newUserDto().setLogin("john");
+ private final HttpRequest request = mock(HttpRequest.class);
+ private final HttpResponse response = mock(HttpResponse.class);
+ private final FilterChain chain = mock(FilterChain.class);
- private HttpServletRequest request = mock(HttpServletRequest.class);
- private HttpServletResponse response = mock(HttpServletResponse.class);
- private FilterChain chain = mock(FilterChain.class);
+ private final JwtHttpHandler jwtHttpHandler = mock(JwtHttpHandler.class);
+ private final AuthenticationEvent authenticationEvent = mock(AuthenticationEvent.class);
- private JwtHttpHandler jwtHttpHandler = mock(JwtHttpHandler.class);
- private AuthenticationEvent authenticationEvent = mock(AuthenticationEvent.class);
-
- private LogoutAction underTest = new LogoutAction(jwtHttpHandler, authenticationEvent);
+ private final LogoutAction underTest = new LogoutAction(jwtHttpHandler, authenticationEvent);
@Test
public void verify_definition() {
public void generate_auth_event_on_failure() {
setUser(USER);
AuthenticationException exception = AuthenticationException.newBuilder().setMessage("error!").setSource(sso()).build();
- doThrow(exception).when(jwtHttpHandler).getToken(any(HttpServletRequest.class), any(HttpServletResponse.class));
+ doThrow(exception).when(jwtHttpHandler).getToken(any(HttpRequest.class), any(HttpResponse.class));
executeRequest();
verify(authenticationEvent).logoutFailure(request, "error!");
- verify(jwtHttpHandler).removeToken(any(HttpServletRequest.class), any(HttpServletResponse.class));
+ verify(jwtHttpHandler).removeToken(any(HttpRequest.class), any(HttpResponse.class));
verifyNoInteractions(chain);
}
}
private void setUser(UserDto user) {
- when(jwtHttpHandler.getToken(any(HttpServletRequest.class), any(HttpServletResponse.class)))
+ when(jwtHttpHandler.getToken(any(HttpRequest.class), any(HttpResponse.class)))
.thenReturn(Optional.of(new JwtHttpHandler.Token(user, Collections.emptyMap())));
}
private void setNoUser() {
- when(jwtHttpHandler.getToken(any(HttpServletRequest.class), any(HttpServletResponse.class))).thenReturn(Optional.empty());
+ when(jwtHttpHandler.getToken(any(HttpRequest.class), any(HttpResponse.class))).thenReturn(Optional.empty());
}
}
import java.io.PrintWriter;
import java.io.StringWriter;
import java.util.Optional;
-import javax.servlet.FilterChain;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.junit.Before;
import org.junit.Test;
import org.sonar.api.config.internal.MapSettings;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.server.ws.WebService;
+import org.sonar.api.web.FilterChain;
import org.sonar.server.authentication.BasicAuthentication;
import org.sonar.server.authentication.JwtHttpHandler;
import org.sonar.server.authentication.event.AuthenticationException;
public class ValidateActionTest {
- StringWriter stringWriter = new StringWriter();
+ private final StringWriter stringWriter = new StringWriter();
- HttpServletRequest request = mock(HttpServletRequest.class);
- HttpServletResponse response = mock(HttpServletResponse.class);
- FilterChain chain = mock(FilterChain.class);
+ private final HttpRequest request = mock(HttpRequest.class);
+ private final HttpResponse response = mock(HttpResponse.class);
+ private final FilterChain chain = mock(FilterChain.class);
- BasicAuthentication basicAuthentication = mock(BasicAuthentication.class);
- JwtHttpHandler jwtHttpHandler = mock(JwtHttpHandler.class);
+ private final BasicAuthentication basicAuthentication = mock(BasicAuthentication.class);
+ private final JwtHttpHandler jwtHttpHandler = mock(JwtHttpHandler.class);
- MapSettings settings = new MapSettings();
+ private final MapSettings settings = new MapSettings();
- ValidateAction underTest = new ValidateAction(settings.asConfig(), basicAuthentication, jwtHttpHandler);
+ private final ValidateAction underTest = new ValidateAction(settings.asConfig(), basicAuthentication, jwtHttpHandler);
@Before
public void setUp() throws Exception {
import java.io.PrintWriter;
import java.io.StringWriter;
import java.util.List;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.junit.Before;
import org.junit.Test;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.server.ws.WebService;
+import org.sonar.api.web.FilterChain;
import org.sonar.auth.saml.SamlAuthenticator;
import org.sonar.auth.saml.SamlIdentityProvider;
import org.sonar.server.authentication.OAuth2ContextFactory;
import org.sonar.server.authentication.OAuthCsrfVerifier;
-import org.sonar.server.authentication.SamlValidationCspHeaders;
import org.sonar.server.authentication.event.AuthenticationEvent;
import org.sonar.server.authentication.event.AuthenticationException;
+import org.sonar.server.http.JavaxHttpRequest;
+import org.sonar.server.http.JavaxHttpResponse;
import org.sonar.server.user.ThreadLocalUserSession;
import static org.assertj.core.api.Assertions.assertThat;
underTest = new ValidationAction(userSession, samlAuthenticator, oAuth2ContextFactory, samlIdentityProvider, oAuthCsrfVerifier);
}
-
@Test
public void do_get_pattern() {
assertThat(underTest.doGetPattern().matches("/saml/validation")).isTrue();
}
@Test
- public void do_filter_admin() throws ServletException, IOException {
- HttpServletRequest servletRequest = mock(HttpServletRequest.class);
+ public void do_filter_admin() throws IOException {
+ HttpServletRequest servletRequest = spy(HttpServletRequest.class);
HttpServletResponse servletResponse = mock(HttpServletResponse.class);
StringWriter stringWriter = new StringWriter();
doReturn(new PrintWriter(stringWriter)).when(servletResponse).getWriter();
final String mockedHtmlContent = "mocked html content";
doReturn(mockedHtmlContent).when(samlAuthenticator).getAuthenticationStatusPage(any(), any());
- underTest.doFilter(servletRequest, servletResponse, filterChain);
+ underTest.doFilter(new JavaxHttpRequest(servletRequest), new JavaxHttpResponse(servletResponse), filterChain);
verify(samlAuthenticator).getAuthenticationStatusPage(any(), any());
verify(servletResponse).getWriter();
}
@Test
- public void do_filter_not_authorized() throws ServletException, IOException {
- HttpServletRequest servletRequest = spy(HttpServletRequest.class);
- HttpServletResponse servletResponse = mock(HttpServletResponse.class);
+ public void do_filter_not_authorized() throws IOException {
+ HttpRequest servletRequest = spy(HttpRequest.class);
+ HttpResponse servletResponse = mock(HttpResponse.class);
StringWriter stringWriter = new StringWriter();
doReturn(new PrintWriter(stringWriter)).when(servletResponse).getWriter();
FilterChain filterChain = mock(FilterChain.class);
}
@Test
- public void do_filter_failed_csrf_verification() throws ServletException, IOException {
- HttpServletRequest servletRequest = spy(HttpServletRequest.class);
- HttpServletResponse servletResponse = mock(HttpServletResponse.class);
+ public void do_filter_failed_csrf_verification() throws IOException {
+ HttpRequest servletRequest = spy(HttpRequest.class);
+ HttpResponse servletResponse = mock(HttpResponse.class);
StringWriter stringWriter = new StringWriter();
doReturn(new PrintWriter(stringWriter)).when(servletResponse).getWriter();
FilterChain filterChain = mock(FilterChain.class);
doReturn("IdentityProviderName").when(samlIdentityProvider).getName();
doThrow(AuthenticationException.newBuilder()
.setSource(AuthenticationEvent.Source.oauth2(samlIdentityProvider))
- .setMessage("Cookie is missing").build()).when(oAuthCsrfVerifier).verifyState(any(),any(),any(), any());
+ .setMessage("Cookie is missing").build()).when(oAuthCsrfVerifier).verifyState(any(), any(), any(), any());
doReturn(true).when(userSession).hasSession();
doReturn(true).when(userSession).isSystemAdministrator();
package org.sonar.server.saml.ws;
import java.io.IOException;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.server.ws.WebService;
+import org.sonar.api.web.FilterChain;
import org.sonar.auth.saml.SamlAuthenticator;
import org.sonar.server.authentication.OAuth2ContextFactory;
import org.sonar.server.authentication.OAuthCsrfVerifier;
}
@Test
- public void do_filter_as_admin() throws IOException, ServletException {
+ public void do_filter_as_admin() throws IOException {
userSession.logIn().setSystemAdministrator();
- HttpServletRequest servletRequest = mock(HttpServletRequest.class);
- HttpServletResponse servletResponse = mock(HttpServletResponse.class);
+ HttpRequest servletRequest = mock(HttpRequest.class);
+ HttpResponse servletResponse = mock(HttpResponse.class);
FilterChain filterChain = mock(FilterChain.class);
String callbackUrl = "http://localhost:9000/api/validation_test";
}
@Test
- public void do_filter_as_admin_with_init_issues() throws IOException, ServletException {
+ public void do_filter_as_admin_with_init_issues() throws IOException {
userSession.logIn().setSystemAdministrator();
- HttpServletRequest servletRequest = mock(HttpServletRequest.class);
- HttpServletResponse servletResponse = mock(HttpServletResponse.class);
+ HttpRequest servletRequest = mock(HttpRequest.class);
+ HttpResponse servletResponse = mock(HttpResponse.class);
FilterChain filterChain = mock(FilterChain.class);
String callbackUrl = "http://localhost:9000/api/validation_test";
when(oAuth2ContextFactory.generateCallbackUrl(anyString()))
}
@Test
- public void do_filter_as_not_admin() throws IOException, ServletException {
+ public void do_filter_as_not_admin() throws IOException {
userSession.logIn();
- HttpServletRequest servletRequest = mock(HttpServletRequest.class);
- HttpServletResponse servletResponse = mock(HttpServletResponse.class);
+ HttpRequest servletRequest = mock(HttpRequest.class);
+ HttpResponse servletResponse = mock(HttpResponse.class);
FilterChain filterChain = mock(FilterChain.class);
String callbackUrl = "http://localhost:9000/api/validation_test";
when(oAuth2ContextFactory.generateCallbackUrl(anyString()))
}
@Test
- public void do_filter_as_anonymous() throws IOException, ServletException {
+ public void do_filter_as_anonymous() throws IOException {
userSession.anonymous();
- HttpServletRequest servletRequest = mock(HttpServletRequest.class);
- HttpServletResponse servletResponse = mock(HttpServletResponse.class);
+ HttpRequest servletRequest = mock(HttpRequest.class);
+ HttpResponse servletResponse = mock(HttpResponse.class);
FilterChain filterChain = mock(FilterChain.class);
String callbackUrl = "http://localhost:9000/api/validation_test";
when(oAuth2ContextFactory.generateCallbackUrl(anyString()))
assertThat(validationInitAction.handler()).isNotNull();
}
- private void mockCsrfTokenGeneration(HttpServletRequest servletRequest, HttpServletResponse servletResponse) {
+ private void mockCsrfTokenGeneration(HttpRequest servletRequest, HttpResponse servletResponse) {
when(oAuthCsrfVerifier.generateState(servletRequest, servletResponse)).thenReturn("CSRF_TOKEN");
}
}
import javax.servlet.http.HttpServletRequest;
import org.sonar.api.impl.ws.PartImpl;
import org.sonar.api.impl.ws.ValidatingRequest;
+import org.sonar.api.server.http.HttpRequest;
import org.sonar.api.utils.log.Loggers;
+import org.sonar.server.http.JavaxHttpRequest;
import org.sonarqube.ws.MediaTypes;
import static com.google.common.base.MoreObjects.firstNonNull;
private final HttpServletRequest source;
- public ServletRequest(HttpServletRequest source) {
- this.source = source;
+ public ServletRequest(HttpRequest source) {
+ this.source = ((JavaxHttpRequest) source).getDelegate();
}
@Override
import java.nio.charset.StandardCharsets;
import java.util.Collection;
import javax.servlet.http.HttpServletResponse;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.server.ws.Response;
import org.sonar.api.utils.text.JsonWriter;
import org.sonar.api.utils.text.XmlWriter;
+import org.sonar.server.http.JavaxHttpResponse;
import static java.nio.charset.StandardCharsets.UTF_8;
import static org.sonarqube.ws.MediaTypes.JSON;
private final ServletStream stream;
- public ServletResponse(HttpServletResponse response) {
- stream = new ServletStream(response);
+ public ServletResponse(HttpResponse response) {
+ HttpServletResponse httpServletResponse = ((JavaxHttpResponse) response).getDelegate();
+ stream = new ServletStream(httpServletResponse);
}
public static class ServletStream implements Stream {
*/
package org.sonar.server.ws;
-import com.google.common.collect.ImmutableMap;
import com.google.common.net.HttpHeaders;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.util.List;
+import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.Part;
import org.junit.Test;
+import org.sonar.server.http.JavaxHttpRequest;
import org.sonarqube.ws.MediaTypes;
import static org.assertj.core.api.Assertions.assertThat;
public class ServletRequestTest {
+ private final HttpServletRequest source = mock(HttpServletRequest.class);
- private HttpServletRequest source = mock(HttpServletRequest.class);
-
- private ServletRequest underTest = new ServletRequest(source);
+ private final ServletRequest underTest = new ServletRequest(new JavaxHttpRequest(source));
@Test
public void call_method() {
@Test
public void has_param_from_source() {
- when(source.getParameterMap()).thenReturn(ImmutableMap.of("param", new String[] {"value"}));
- ServletRequest request = new ServletRequest(source);
+ when(source.getParameterMap()).thenReturn(Map.of("param", new String[] {"value"}));
+ ServletRequest request = new ServletRequest(new JavaxHttpRequest(source));
assertThat(request.hasParam("param")).isTrue();
}
package org.sonar.server.ws;
import java.io.IOException;
-import java.nio.charset.Charset;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletResponse;
import org.junit.Before;
import org.junit.Test;
+import org.sonar.server.http.JavaxHttpResponse;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.mock;
public class ServletResponseTest {
+ private final ServletOutputStream output = mock(ServletOutputStream.class);
+ private final HttpServletResponse response = mock(HttpServletResponse.class);
- private ServletOutputStream output = mock(ServletOutputStream.class);
- private HttpServletResponse response = mock(HttpServletResponse.class);
-
- private ServletResponse underTest = new ServletResponse(response);
+ private final ServletResponse underTest = new ServletResponse(new JavaxHttpResponse(response));
@Before
public void setUp() throws Exception {
import java.io.IOException;
import javax.annotation.CheckForNull;
import javax.annotation.Nullable;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.junit.Rule;
import org.junit.Test;
import org.sonar.api.impl.utils.TestSystem2;
+import org.sonar.api.server.http.HttpResponse;
+import org.sonar.api.web.FilterChain;
import org.sonar.db.DbTester;
import org.sonar.db.user.UserDto;
+import org.sonar.server.http.JavaxHttpRequest;
import org.sonar.server.user.ServerUserSession;
import org.sonar.server.user.ThreadLocalUserSession;
public DbTester dbTester = DbTester.create(system2);
@Test
- public void update() throws IOException, ServletException {
+ public void update() throws IOException {
system2.setNow(10_000_000L);
addUser(LOGIN, 1_000_000L);
}
@Test
- public void update_first_time() throws IOException, ServletException {
+ public void update_first_time() throws IOException {
system2.setNow(10_000_000L);
addUser(LOGIN, null);
}
@Test
- public void do_nothing_if_no_sonarlint_agent() throws IOException, ServletException {
+ public void do_nothing_if_no_sonarlint_agent() throws IOException {
system2.setNow(10_000L);
addUser(LOGIN, 1_000L);
}
@Test
- public void do_nothing_if_not_logged_in() throws IOException, ServletException {
+ public void do_nothing_if_not_logged_in() throws IOException {
system2.setNow(10_000_000L);
addUser("invalid", 1_000_000L);
}
@Test
- public void dont_fail_if_no_user_set() throws IOException, ServletException {
+ public void dont_fail_if_no_user_set() throws IOException {
SonarLintConnectionFilter underTest = new SonarLintConnectionFilter(dbTester.getDbClient(), new ThreadLocalUserSession(), system2);
- HttpServletRequest request = mock(HttpServletRequest.class);
- when(request.getHeader("User-Agent")).thenReturn("sonarlint");
+ HttpServletRequest httpRequest = mock(HttpServletRequest.class);
+ when(httpRequest.getHeader("User-Agent")).thenReturn("sonarlint");
FilterChain chain = mock(FilterChain.class);
- underTest.doFilter(request, mock(ServletResponse.class), chain);
+ underTest.doFilter(new JavaxHttpRequest(httpRequest), mock(HttpResponse.class), chain);
verify(chain).doFilter(any(), any());
}
@Test
- public void only_update_if_not_updated_within_1h() throws IOException, ServletException {
+ public void only_update_if_not_updated_within_1h() throws IOException {
system2.setNow(2_000_000L);
addUser(LOGIN, 1_000_000L);
return dbTester.getDbClient().userDao().selectByLogin(dbTester.getSession(), login).getLastSonarlintConnectionDate();
}
- private void runFilter(String loggedInUser, @Nullable String agent) throws IOException, ServletException {
+ private void runFilter(String loggedInUser, @Nullable String agent) throws IOException {
UserDto user = dbTester.getDbClient().userDao().selectByLogin(dbTester.getSession(), loggedInUser);
ThreadLocalUserSession session = new ThreadLocalUserSession();
session.set(new ServerUserSession(dbTester.getDbClient(), user));
SonarLintConnectionFilter underTest = new SonarLintConnectionFilter(dbTester.getDbClient(), session, system2);
- HttpServletRequest request = mock(HttpServletRequest.class);
- when(request.getHeader("User-Agent")).thenReturn(agent);
+ HttpServletRequest httpRequest = mock(HttpServletRequest.class);
+ when(httpRequest.getHeader("User-Agent")).thenReturn(agent);
FilterChain chain = mock(FilterChain.class);
- underTest.doFilter(request, mock(ServletResponse.class), chain);
+ underTest.doFilter(new JavaxHttpRequest(httpRequest), mock(HttpResponse.class), chain);
verify(chain).doFilter(any(), any());
}
}
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.utils.log.Loggers;
+import org.sonar.api.web.HttpFilter;
import org.sonar.api.web.ServletFilter;
+import org.sonar.server.http.JavaxHttpRequest;
+import org.sonar.server.http.JavaxHttpResponse;
import org.sonar.server.platform.PlatformImpl;
/**
private static final String SCIM_FILTER_PATH = "/api/scim/v2/";
private static volatile MasterServletFilter instance;
+
+ @Deprecated(forRemoval = true)
private ServletFilter[] filters;
+ private HttpFilter[] httpFilters;
private FilterConfig config;
public MasterServletFilter() {
public void init(FilterConfig config) {
// Filters are already available in the container unless a database migration is required. See
// org.sonar.server.startup.RegisterServletFilters.
- init(config, PlatformImpl.getInstance().getContainer().getComponentsByType(ServletFilter.class));
+ List<ServletFilter> servletFilterList = PlatformImpl.getInstance().getContainer().getComponentsByType(ServletFilter.class);
+ List<HttpFilter> httpFilterList = PlatformImpl.getInstance().getContainer().getComponentsByType(HttpFilter.class);
+ init(config, servletFilterList, httpFilterList);
}
@CheckForNull
MasterServletFilter.instance = instance;
}
- void init(FilterConfig config, List<ServletFilter> filters) {
+ void init(FilterConfig config, List<ServletFilter> filters, List<HttpFilter> httpFilters) {
this.config = config;
- initFilters(filters);
+ initHttpFilters(httpFilters);
+ initServletFilters(filters);
}
- public void initFilters(List<ServletFilter> filterExtensions) {
- LinkedList<ServletFilter> filterList = new LinkedList<>();
- for (ServletFilter extension : filterExtensions) {
+ public void initHttpFilters(List<HttpFilter> filterExtensions) {
+ LinkedList<HttpFilter> filterList = new LinkedList<>();
+ for (HttpFilter extension : filterExtensions) {
try {
Loggers.get(MasterServletFilter.class).info(String.format("Initializing servlet filter %s [pattern=%s]", extension, extension.doGetPattern().label()));
- extension.init(config);
+ extension.init();
// As for scim we need to intercept traffic to URLs with path parameters
// and that use is not properly handled when dealing with inclusions/exclusions of the WebServiceFilter,
// we need to make sure the Scim filters are invoked before the WebserviceFilter
throw new IllegalStateException("Fail to initialize servlet filter: " + extension + ". Message: " + e.getMessage(), e);
}
}
- filters = filterList.toArray(new ServletFilter[0]);
+ httpFilters = filterList.toArray(new HttpFilter[0]);
}
- private static boolean isScimFilter(ServletFilter extension) {
+ private static boolean isScimFilter(HttpFilter extension) {
return extension.doGetPattern().getInclusions().stream()
.anyMatch(s -> s.startsWith(SCIM_FILTER_PATH));
}
+ @Deprecated(forRemoval = true)
+ public void initServletFilters(List<ServletFilter> filterExtensions) {
+ LinkedList<ServletFilter> filterList = new LinkedList<>();
+ for (ServletFilter extension : filterExtensions) {
+ try {
+ Loggers.get(MasterServletFilter.class).info(String.format("Initializing servlet filter %s [pattern=%s]", extension, extension.doGetPattern().label()));
+ extension.init(config);
+ // adding deprecated extensions as last
+ filterList.addLast(extension);
+ } catch (Exception e) {
+ throw new IllegalStateException("Fail to initialize servlet filter: " + extension + ". Message: " + e.getMessage(), e);
+ }
+ }
+ filters = filterList.toArray(new ServletFilter[0]);
+ }
+
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException {
HttpServletRequest hsr = (HttpServletRequest) request;
- if (filters.length == 0) {
+ if (filters.length == 0 && httpFilters.length == 0) {
chain.doFilter(hsr, response);
} else {
String path = hsr.getRequestURI().replaceFirst(hsr.getContextPath(), "");
}
private void buildGodchain(String path, GodFilterChain godChain) {
+ Arrays.stream(httpFilters)
+ .filter(filter -> filter.doGetPattern().matches(path))
+ .forEachOrdered(godChain::addFilter);
+
Arrays.stream(filters)
.filter(filter -> filter.doGetPattern().matches(path))
.forEachOrdered(godChain::addFilter);
for (ServletFilter filter : filters) {
filter.destroy();
}
+
+ for (HttpFilter filter : httpFilters) {
+ filter.destroy();
+ }
}
@VisibleForTesting
return filters;
}
+ @VisibleForTesting
+ HttpFilter[] getHttpFilters() {
+ return httpFilters;
+ }
+
private static final class GodFilterChain implements FilterChain {
- private FilterChain chain;
- private List<Filter> filters = new LinkedList<>();
+ private final FilterChain chain;
+ private final List<Filter> filters = new LinkedList<>();
private Iterator<Filter> iterator;
public GodFilterChain(FilterChain chain) {
@Override
public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
+
if (iterator == null) {
iterator = filters.iterator();
}
if (iterator.hasNext()) {
- iterator.next().doFilter(request, response, this);
+ Filter next = iterator.next();
+ next.doFilter(request, response, this);
} else {
chain.doFilter(request, response);
}
}
+ @Deprecated(forRemoval = true)
public void addFilter(Filter filter) {
Preconditions.checkState(iterator == null);
filters.add(filter);
}
+
+ public void addFilter(HttpFilter filter) {
+ Preconditions.checkState(iterator == null);
+ filters.add(new JavaxFilterAdapter(filter));
+ }
+ }
+
+ private static class JavaxFilterAdapter implements Filter {
+ private final HttpFilter httpFilter;
+
+ JavaxFilterAdapter(HttpFilter httpFilter) {
+ this.httpFilter = httpFilter;
+ }
+
+ @Override
+ public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
+ HttpRequest javaxHttpRequest = new JavaxHttpRequest((HttpServletRequest) servletRequest);
+ HttpResponse javaxHttpResponse = new JavaxHttpResponse((HttpServletResponse) servletResponse);
+ httpFilter.doFilter(javaxHttpRequest, javaxHttpResponse, new HttpFilterChainAdapter(chain));
+ }
}
+ private static class HttpFilterChainAdapter implements org.sonar.api.web.FilterChain {
+ private final FilterChain filterChain;
+
+ HttpFilterChainAdapter(FilterChain filterChain) {
+ this.filterChain = filterChain;
+ }
+
+ @Override
+ public void doFilter(HttpRequest httpRequest, HttpResponse httpResponse) throws IOException {
+ try {
+ filterChain.doFilter(((JavaxHttpRequest) httpRequest).getDelegate(), ((JavaxHttpResponse) httpResponse).getDelegate());
+ } catch (ServletException e) {
+ throw new RuntimeException(e);
+ }
+ }
+ }
}
import java.util.Arrays;
import org.sonar.api.Startable;
+import org.sonar.api.web.HttpFilter;
import org.sonar.api.web.ServletFilter;
import org.springframework.beans.factory.annotation.Autowired;
* @since 3.5
*/
public class RegisterServletFilters implements Startable {
- private final ServletFilter[] filters;
+ private final ServletFilter[] servletFilters;
+ private final HttpFilter[] httpFilters;
@Autowired(required = false)
- public RegisterServletFilters(ServletFilter[] filters) {
- this.filters = filters;
+ @Deprecated(since = "10.1", forRemoval = true)
+ public RegisterServletFilters(ServletFilter[] servletFilters, HttpFilter[] httpFilters) {
+ this.servletFilters = servletFilters;
+ this.httpFilters = httpFilters;
+ }
+
+ @Autowired(required = false)
+ public RegisterServletFilters(HttpFilter[] httpFilters) {
+ this(new ServletFilter[0], httpFilters);
}
@Autowired(required = false)
public RegisterServletFilters() {
- this(new ServletFilter[0]);
+ this(new ServletFilter[0], new HttpFilter[0]);
}
@Override
MasterServletFilter masterServletFilter = MasterServletFilter.getInstance();
if (masterServletFilter != null) {
// Probably a database upgrade. MasterSlaveFilter was instantiated by the servlet container
- // while picocontainer was not completely up.
+ // while spring was not completely up.
// See https://jira.sonarsource.com/browse/SONAR-3612
- masterServletFilter.initFilters(Arrays.asList(filters));
+ masterServletFilter.initHttpFilters(Arrays.asList(httpFilters));
+ masterServletFilter.initServletFilters(Arrays.asList(servletFilters));
}
}
import java.io.IOException;
import java.util.Locale;
import java.util.Optional;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.utils.System2;
-import org.sonar.api.web.ServletFilter;
+import org.sonar.api.web.FilterChain;
+import org.sonar.api.web.HttpFilter;
+import org.sonar.api.web.UrlPattern;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.server.user.ThreadLocalUserSession;
import static java.util.concurrent.TimeUnit.HOURS;
-public class SonarLintConnectionFilter extends ServletFilter {
+public class SonarLintConnectionFilter extends HttpFilter {
private static final UrlPattern URL_PATTERN = UrlPattern.builder()
.includes("/api/*")
.excludes("/api/v2/*")
}
@Override
- public void doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
- HttpServletRequest request = (HttpServletRequest) servletRequest;
+ public void doFilter(HttpRequest request, HttpResponse response, FilterChain chain) throws IOException {
ServletRequest wsRequest = new ServletRequest(request);
Optional<String> agent = wsRequest.header("User-Agent");
if (agent.isPresent() && agent.get().toLowerCase(Locale.ENGLISH).contains("sonarlint")) {
update();
}
- chain.doFilter(servletRequest, servletResponse);
- }
-
- @Override
- public void init(FilterConfig filterConfig) {
- // Nothing to do
- }
-
- @Override
- public void destroy() {
- // Nothing to do
+ chain.doFilter(request, response);
}
public void update() {
import org.sonar.api.utils.log.Loggers;
import org.sonar.db.DBSessions;
import org.sonar.server.authentication.UserSessionInitializer;
+import org.sonar.server.http.JavaxHttpRequest;
+import org.sonar.server.http.JavaxHttpResponse;
import org.sonar.server.platform.Platform;
import org.sonar.server.platform.PlatformImpl;
import org.sonar.server.setting.ThreadLocalSettings;
private static void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
@Nullable UserSessionInitializer userSessionInitializer) throws IOException, ServletException {
try {
- if (userSessionInitializer == null || userSessionInitializer.initUserSession(request, response)) {
+ if (userSessionInitializer == null || userSessionInitializer.initUserSession(new JavaxHttpRequest(request), new JavaxHttpResponse(response))) {
chain.doFilter(request, response);
}
} finally {
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Stream;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.server.ws.WebService;
-import org.sonar.api.web.ServletFilter;
+import org.sonar.api.web.FilterChain;
+import org.sonar.api.web.HttpFilter;
+import org.sonar.api.web.UrlPattern;
import org.sonar.core.util.stream.MoreCollectors;
import org.sonar.server.ws.ServletFilterHandler;
import org.sonar.server.ws.ServletRequest;
* <li>web services that directly implemented with servlet filter, see {@link ServletFilterHandler})</li>
* </ul>
*/
-public class WebServiceFilter extends ServletFilter {
+public class WebServiceFilter extends HttpFilter {
private final WebServiceEngine webServiceEngine;
private final Set<String> includeUrls;
}
@Override
- public void doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, FilterChain chain) {
- HttpServletRequest request = (HttpServletRequest) servletRequest;
- HttpServletResponse response = (HttpServletResponse) servletResponse;
+ public void doFilter(HttpRequest request, HttpResponse response, FilterChain filterChain) {
ServletRequest wsRequest = new ServletRequest(request);
ServletResponse wsResponse = new ServletResponse(response);
webServiceEngine.execute(wsRequest, wsResponse);
}
- @Override
- public void init(FilterConfig filterConfig) {
- // Nothing to do
- }
-
- @Override
- public void destroy() {
- // Nothing to do
- }
-
private static Function<WebService.Action, String> toPath() {
return action -> "/" + action.path() + ".*";
}
*/
package org.sonar.server.platform.web;
-import com.google.common.collect.ImmutableMap;
import java.util.Map;
import java.util.Set;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import org.sonar.api.web.ServletFilter;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
+import org.sonar.api.web.FilterChain;
+import org.sonar.api.web.HttpFilter;
+import org.sonar.api.web.UrlPattern;
import org.sonar.server.ws.ServletRequest;
import org.sonar.server.ws.ServletResponse;
import org.sonar.server.ws.WebServiceEngine;
/**
* This filter is used to execute renamed/moved web services
*/
-public class WebServiceReroutingFilter extends ServletFilter {
+public class WebServiceReroutingFilter extends HttpFilter {
- private static final Map<String, String> REDIRECTS = ImmutableMap.<String, String>builder()
- .put("/api/components/bulk_update_key", "/api/projects/bulk_update_key")
- .put("/api/components/update_key", "/api/projects/update_key")
- .build();
+ private static final Map<String, String> REDIRECTS = Map.of(
+ "/api/components/bulk_update_key", "/api/projects/bulk_update_key",
+ "/api/components/update_key", "/api/projects/update_key");
static final Set<String> MOVED_WEB_SERVICES = REDIRECTS.keySet();
private final WebServiceEngine webServiceEngine;
}
@Override
- public void doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, FilterChain chain) {
- HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
- RedirectionRequest wsRequest = new RedirectionRequest(httpRequest);
- ServletResponse wsResponse = new ServletResponse((HttpServletResponse) servletResponse);
+ public void doFilter(HttpRequest request, HttpResponse response, FilterChain filterChain) {
+ RedirectionRequest wsRequest = new RedirectionRequest(request);
+ ServletResponse wsResponse = new ServletResponse(response);
webServiceEngine.execute(wsRequest, wsResponse);
}
@Override
- public void init(FilterConfig filterConfig) {
+ public void init() {
// Nothing to do
}
private static class RedirectionRequest extends ServletRequest {
private final String redirectedPath;
- public RedirectionRequest(HttpServletRequest source) {
+ public RedirectionRequest(HttpRequest source) {
super(source);
this.redirectedPath = REDIRECTS.getOrDefault(source.getServletPath(), source.getServletPath());
}
import java.io.IOException;
import java.util.Collections;
+import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import org.mockito.InOrder;
import org.mockito.Mockito;
import org.slf4j.event.Level;
+import org.sonar.api.server.http.HttpRequest;
+import org.sonar.api.server.http.HttpResponse;
import org.sonar.api.testfixtures.log.LogTester;
+import org.sonar.api.web.HttpFilter;
import org.sonar.api.web.ServletFilter;
import org.sonar.api.web.ServletFilter.UrlPattern;
+import org.sonar.server.http.JavaxHttpRequest;
+import org.sonar.server.http.JavaxHttpResponse;
import static java.util.Arrays.asList;
+import static java.util.Collections.emptyList;
import static java.util.Collections.singletonList;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
}
@Test
- public void should_init_and_destroy_filters() throws Exception {
- ServletFilter filter = createMockFilter();
+ public void should_init_and_destroy_filters() throws ServletException {
+ ServletFilter servletFilter = createMockServletFilter();
+ HttpFilter httpFilter = createMockHttpFilter();
FilterConfig config = mock(FilterConfig.class);
MasterServletFilter master = new MasterServletFilter();
- master.init(config, singletonList(filter));
+ master.init(config, singletonList(servletFilter), singletonList(httpFilter));
- assertThat(master.getFilters()).containsOnly(filter);
- verify(filter).init(config);
+ assertThat(master.getFilters()).containsOnly(servletFilter);
+ assertThat(master.getHttpFilters()).containsOnly(httpFilter);
+ verify(servletFilter).init(config);
+ verify(httpFilter).init();
master.destroy();
- verify(filter).destroy();
+ verify(servletFilter).destroy();
+ verify(httpFilter).destroy();
}
@Test
public void servlet_container_should_instantiate_only_a_single_master_instance() {
new MasterServletFilter();
- assertThatThrownBy(() -> new MasterServletFilter())
+ assertThatThrownBy(MasterServletFilter::new)
.isInstanceOf(IllegalStateException.class)
.hasMessageContaining("Servlet filter org.sonar.server.platform.web.MasterServletFilter is already instantiated");
}
@Test
public void should_propagate_initialization_failure() throws Exception {
- ServletFilter filter = createMockFilter();
+ ServletFilter filter = createMockServletFilter();
doThrow(new IllegalStateException("foo")).when(filter).init(any(FilterConfig.class));
FilterConfig config = mock(FilterConfig.class);
MasterServletFilter filters = new MasterServletFilter();
- assertThatThrownBy(() -> filters.init(config, singletonList(filter)))
+ List<ServletFilter> servletFilters = singletonList(filter);
+ List<HttpFilter> httpFilters = emptyList();
+ assertThatThrownBy(() -> filters.init(config, servletFilters, httpFilters))
.isInstanceOf(IllegalStateException.class)
.hasMessageContaining("foo");
}
public void filters_should_be_optional() throws Exception {
FilterConfig config = mock(FilterConfig.class);
MasterServletFilter filters = new MasterServletFilter();
- filters.init(config, Collections.emptyList());
+ filters.init(config, Collections.emptyList(), Collections.emptyList());
ServletRequest request = mock(HttpServletRequest.class);
ServletResponse response = mock(HttpServletResponse.class);
public void should_add_scim_filter_first_for_scim_request() throws Exception {
String scimPath = "/api/scim/v2/Groups";
HttpServletRequest request = mock(HttpServletRequest.class);
+ HttpServletResponse response = mock(HttpServletResponse.class);
when(request.getRequestURI()).thenReturn(scimPath);
when(request.getContextPath()).thenReturn("");
- ServletResponse response = mock(HttpServletResponse.class);
+
+ HttpRequest httpRequest = mock(JavaxHttpRequest.class);
+ HttpResponse httpResponse = mock(JavaxHttpResponse.class);
+ when(httpRequest.getRequestURI()).thenReturn(scimPath);
+ when(httpRequest.getContextPath()).thenReturn("");
+
FilterChain chain = mock(FilterChain.class);
ServletFilter filter1 = mockFilter(ServletFilter.class, request, response);
ServletFilter filter2 = mockFilter(ServletFilter.class, request, response);
- ServletFilter filter3 = mockFilter(WebServiceFilter.class, request, response);
- when(filter3.doGetPattern()).thenReturn(UrlPattern.builder().includes(scimPath).build());
+ HttpFilter filter3 = mockHttpFilter(WebServiceFilter.class, httpRequest, httpResponse);
+ HttpFilter filter4 = mockHttpFilter(HttpFilter.class, httpRequest, httpResponse);
+ when(filter3.doGetPattern()).thenReturn(org.sonar.api.web.UrlPattern.builder().includes(scimPath).build());
MasterServletFilter filters = new MasterServletFilter();
- filters.init(mock(FilterConfig.class), asList(filter3, filter1, filter2));
+ filters.init(mock(FilterConfig.class), asList(filter1, filter2), asList(filter4, filter3));
filters.doFilter(request, response, chain);
- InOrder inOrder = Mockito.inOrder(filter1, filter2, filter3);
+ InOrder inOrder = Mockito.inOrder(filter1, filter2, filter3, filter4);
inOrder.verify(filter3).doFilter(any(), any(), any());
+ inOrder.verify(filter4).doFilter(any(), any(), any());
inOrder.verify(filter1).doFilter(any(), any(), any());
inOrder.verify(filter2).doFilter(any(), any(), any());
}
return filter;
}
+ private HttpFilter mockHttpFilter(Class<? extends HttpFilter> filterClazz, HttpRequest request, HttpResponse response) throws IOException {
+ HttpFilter filter = mock(filterClazz);
+ when(filter.doGetPattern()).thenReturn(org.sonar.api.web.UrlPattern.builder().build());
+ doAnswer(invocation -> {
+ org.sonar.api.web.FilterChain argument = invocation.getArgument(2, org.sonar.api.web.FilterChain.class);
+ argument.doFilter(request, response);
+ return null;
+ }).when(filter).doFilter(any(), any(), any());
+ return filter;
+ }
+
@Test
public void display_servlet_filter_patterns_in_INFO_log() {
- ServletFilter filter = new PatternFilter(UrlPattern.builder().includes("/api/issues").excludes("/batch/projects").build());
+ HttpFilter filter = new PatternFilter(org.sonar.api.web.UrlPattern.builder().includes("/api/issues").excludes("/batch/projects").build());
FilterConfig config = mock(FilterConfig.class);
MasterServletFilter master = new MasterServletFilter();
- master.init(config, singletonList(filter));
+ master.init(config, emptyList(), singletonList(filter));
assertThat(logTester.logs(Level.INFO)).containsOnly("Initializing servlet filter PatternFilter [pattern=UrlPattern{inclusions=[/api/issues], exclusions=[/batch/projects]}]");
}
- private static ServletFilter createMockFilter() {
+ private static ServletFilter createMockServletFilter() {
ServletFilter filter = mock(ServletFilter.class);
when(filter.doGetPattern()).thenReturn(UrlPattern.builder().build());
return filter;
}
- private static class PatternFilter extends ServletFilter {
+ private static HttpFilter createMockHttpFilter() {
+ HttpFilter filter = mock(HttpFilter.class);
+ when(filter.doGetPattern()).thenReturn(org.sonar.api.web.UrlPattern.builder().build());
+ return filter;
+ }
- private final UrlPattern urlPattern;
+ private static class PatternFilter extends HttpFilter {
- PatternFilter(UrlPattern urlPattern) {
+ private final org.sonar.api.web.UrlPattern urlPattern;
+
+ PatternFilter(org.sonar.api.web.UrlPattern urlPattern) {
this.urlPattern = urlPattern;
}
@Override
- public UrlPattern doGetPattern() {
+ public org.sonar.api.web.UrlPattern doGetPattern() {
return urlPattern;
}
@Override
- public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) {
- // Nothing to do
- }
+ public void doFilter(HttpRequest request, HttpResponse response, org.sonar.api.web.FilterChain chain) throws IOException {
- @Override
- public void init(FilterConfig filterConfig) {
- // Nothing to do
- }
-
- @Override
- public void destroy() {
- // Nothing to do
}
@Override
package org.sonar.server.platform.web;
import org.junit.Test;
+import org.sonar.api.web.HttpFilter;
import org.sonar.api.web.ServletFilter;
import static org.mockito.ArgumentMatchers.anyList;
@Test
public void should_not_fail_if_master_filter_is_not_up() {
MasterServletFilter.setInstance(null);
- new RegisterServletFilters(new ServletFilter[2]).start();
+ new RegisterServletFilters(new ServletFilter[2], new HttpFilter[2]).start();
}
@Test
public void should_register_filters_if_master_filter_is_up() {
MasterServletFilter.setInstance(mock(MasterServletFilter.class));
- new RegisterServletFilters(new ServletFilter[2]).start();
+ new RegisterServletFilters(new ServletFilter[2], new HttpFilter[2]).start();
- verify(MasterServletFilter.getInstance()).initFilters(anyList());
+ verify(MasterServletFilter.getInstance()).initServletFilters(anyList());
}
@Test
MasterServletFilter.setInstance(mock(MasterServletFilter.class));
new RegisterServletFilters().start();
// do not fail
- verify(MasterServletFilter.getInstance()).initFilters(anyList());
+ verify(MasterServletFilter.getInstance()).initHttpFilters(anyList());
+ verify(MasterServletFilter.getInstance()).initServletFilters(anyList());
}
}
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Test;
import org.mockito.InOrder;
import org.sonar.core.platform.ExtensionContainer;
import org.sonar.db.DBSessions;
import org.sonar.server.authentication.UserSessionInitializer;
+import org.sonar.server.http.JavaxHttpRequest;
+import org.sonar.server.http.JavaxHttpResponse;
import org.sonar.server.platform.Platform;
import org.sonar.server.setting.ThreadLocalSettings;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.fail;
+import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.doThrow;
import static org.mockito.Mockito.inOrder;
import static org.mockito.Mockito.mock;
underTest.doFilter(request, response, chain);
verify(chain).doFilter(request, response);
- verify(userSessionInitializer).initUserSession(request, response);
+ verify(userSessionInitializer).initUserSession(any(JavaxHttpRequest.class), any(JavaxHttpResponse.class));
}
@Test
underTest.doFilter(request, response, chain);
verify(chain, never()).doFilter(request, response);
- verify(userSessionInitializer).initUserSession(request, response);
+ verify(userSessionInitializer).initUserSession(any(JavaxHttpRequest.class), any(JavaxHttpResponse.class));
}
@Test
@Test
public void just_for_fun_and_coverage() {
UserSessionFilter filter = new UserSessionFilter();
- filter.init(mock(FilterConfig.class));
- filter.destroy();
- // do not fail
+
+ FilterConfig filterConfig = mock(FilterConfig.class);
+ Assertions.assertThatNoException().isThrownBy(() -> filter.init(filterConfig));
+ Assertions.assertThatNoException().isThrownBy(filter::destroy);
}
private void mockUserSessionInitializer(boolean value) {
when(container.getOptionalComponentByType(UserSessionInitializer.class)).thenReturn(Optional.of(userSessionInitializer));
- when(userSessionInitializer.initUserSession(request, response)).thenReturn(value);
+ when(userSessionInitializer.initUserSession(any(JavaxHttpRequest.class), any(JavaxHttpResponse.class))).thenReturn(value);
}
private RuntimeException mockUserSessionInitializerRemoveUserSessionFailing() {
import java.util.ArrayList;
import java.util.List;
-import javax.servlet.FilterChain;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.sonar.api.server.ws.RequestHandler;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
+import org.sonar.api.web.FilterChain;
+import org.sonar.server.http.JavaxHttpRequest;
+import org.sonar.server.http.JavaxHttpResponse;
import org.sonar.server.ws.ServletFilterHandler;
import org.sonar.server.ws.WebServiceEngine;
public class WebServiceFilterTest {
- private static final String RUNTIME_VERSION = "7.1.0.1234";
+ private final WebServiceEngine webServiceEngine = mock(WebServiceEngine.class);
-
- private WebServiceEngine webServiceEngine = mock(WebServiceEngine.class);
-
- private HttpServletRequest request = mock(HttpServletRequest.class);
- private HttpServletResponse response = mock(HttpServletResponse.class);
- private FilterChain chain = mock(FilterChain.class);
- private ServletOutputStream responseOutput = mock(ServletOutputStream.class);
+ private final HttpServletRequest request = mock(HttpServletRequest.class);
+ private final HttpServletResponse response = mock(HttpServletResponse.class);
+ private final FilterChain chain = mock(FilterChain.class);
+ private final ServletOutputStream responseOutput = mock(ServletOutputStream.class);
private WebServiceFilter underTest;
@Before
public void setUp() throws Exception {
when(request.getContextPath()).thenReturn("");
- when(response.getOutputStream()).thenReturn(responseOutput);
+ HttpServletResponse mockResponse = mock(HttpServletResponse.class);
+ when(mockResponse.getOutputStream()).thenReturn(responseOutput);
}
@Test
public void execute_ws() {
underTest = new WebServiceFilter(webServiceEngine);
- underTest.doFilter(request, response, chain);
+ underTest.doFilter(new JavaxHttpRequest(request), new JavaxHttpResponse(response), chain);
verify(webServiceEngine).execute(any(), any());
}
}
static final class WsUrl {
- private String controller;
- private String[] actions;
+ private final String controller;
+ private final String[] actions;
private RequestHandler requestHandler = EmptyRequestHandler.INSTANCE;
WsUrl(String controller, String... actions) {
*/
package org.sonar.server.platform.web;
-import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
+import org.sonar.api.web.FilterChain;
+import org.sonar.server.http.JavaxHttpRequest;
+import org.sonar.server.http.JavaxHttpResponse;
import org.sonar.server.ws.ServletRequest;
import org.sonar.server.ws.ServletResponse;
import org.sonar.server.ws.WebServiceEngine;
public class WebServiceReroutingFilterTest {
- private WebServiceEngine webServiceEngine = mock(WebServiceEngine.class);
+ private final WebServiceEngine webServiceEngine = mock(WebServiceEngine.class);
- private HttpServletRequest request = mock(HttpServletRequest.class);
- private HttpServletResponse response = mock(HttpServletResponse.class);
- private FilterChain chain = mock(FilterChain.class);
- private ArgumentCaptor<ServletRequest> servletRequestCaptor = ArgumentCaptor.forClass(ServletRequest.class);
+ private final HttpServletRequest request = mock(HttpServletRequest.class);
+ private final HttpServletResponse response = mock(HttpServletResponse.class);
+ private final FilterChain chain = mock(FilterChain.class);
+ private final ArgumentCaptor<ServletRequest> servletRequestCaptor = ArgumentCaptor.forClass(ServletRequest.class);
- private WebServiceReroutingFilter underTest = new WebServiceReroutingFilter(webServiceEngine);
+ private final WebServiceReroutingFilter underTest = new WebServiceReroutingFilter(webServiceEngine);
@Before
public void setUp() {
when(request.getServletPath()).thenReturn("/api/components/update_key");
when(request.getMethod()).thenReturn("POST");
- underTest.doFilter(request, response, chain);
+ underTest.doFilter(new JavaxHttpRequest(request), new JavaxHttpResponse(response), chain);
assertRedirection("/api/projects/update_key", "POST");
}
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.builder.ToStringBuilder;
import org.apache.commons.lang.builder.ToStringStyle;
+import org.sonar.api.code.CodeCharacteristic;
import org.sonar.api.issue.Issue;
import org.sonar.api.issue.IssueComment;
import org.sonar.api.rule.RuleKey;
return type;
}
+ @CheckForNull
+ @Override
+ public CodeCharacteristic characteristic() {
+ throw new IllegalStateException("Not implemented yet");
+ }
+
public DefaultIssue setType(RuleType type) {
this.type = type;
return this;
*/
package org.sonar.api.batch.sensor.issue.internal;
+import javax.annotation.CheckForNull;
import javax.annotation.Nullable;
import org.sonar.api.batch.fs.internal.DefaultInputProject;
import org.sonar.api.batch.rule.Severity;
import org.sonar.api.batch.sensor.internal.SensorStorage;
import org.sonar.api.batch.sensor.issue.ExternalIssue;
import org.sonar.api.batch.sensor.issue.NewExternalIssue;
+import org.sonar.api.code.CodeCharacteristic;
import org.sonar.api.rule.RuleKey;
import org.sonar.api.rules.RuleType;
return type;
}
+ @CheckForNull
+ @Override
+ public CodeCharacteristic characteristic() {
+ throw new IllegalStateException("Not implemented yet");
+ }
+
@Override
public NewExternalIssue engineId(String engineId) {
this.engineId = engineId;
return this;
}
+ @Override
+ public NewExternalIssue characteristic(CodeCharacteristic characteristic) {
+ throw new IllegalStateException("Not implemented yet");
+ }
+
}
import org.sonar.api.batch.sensor.internal.SensorStorage;
import org.sonar.api.batch.sensor.rule.AdHocRule;
import org.sonar.api.batch.sensor.rule.NewAdHocRule;
+import org.sonar.api.code.CodeCharacteristic;
import org.sonar.api.rules.RuleType;
import static org.apache.commons.lang.StringUtils.isNotBlank;
return type;
}
+ @CheckForNull
+ @Override
+ public CodeCharacteristic characteristic() {
+ throw new IllegalStateException("Not implemented yet");
+ }
+
@Override
public DefaultAdHocRule engineId(String engineId) {
this.engineId = engineId;
return this;
}
+ @Override
+ public NewAdHocRule characteristic(CodeCharacteristic characteristic) {
+ throw new IllegalStateException("Not implemented yet");
+ }
+
}
projects / sonarqube.git / commitdiff