import com.sonar.orchestrator.Orchestrator;
import it.Category4Suite;
-import java.io.IOException;
-import org.apache.http.HttpResponse;
-import org.apache.http.client.HttpClient;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.impl.client.DefaultHttpClient;
-import org.apache.http.util.EntityUtils;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
-import org.sonar.wsclient.base.HttpException;
-import org.sonar.wsclient.services.PropertyDeleteQuery;
-import org.sonar.wsclient.services.PropertyUpdateQuery;
+import org.sonarqube.ws.client.GetRequest;
+import org.sonarqube.ws.client.WsClient;
+import org.sonarqube.ws.client.WsResponse;
import util.QaOnly;
import static org.assertj.core.api.Assertions.assertThat;
+import static util.ItUtils.newAdminWsClient;
+import static util.ItUtils.newWsClient;
+import static util.ItUtils.setServerProperty;
@Category(QaOnly.class)
public class ForceAuthenticationTest {
@ClassRule
public static final Orchestrator orchestrator = Category4Suite.ORCHESTRATOR;
- /**
- * SONAR-5542
- */
- @Test
- public void force_authentication_should_be_used_on_java_web_services_but_not_on_batch_index_and_file() throws IOException {
- try {
- orchestrator.getServer().getAdminWsClient().update(new PropertyUpdateQuery("sonar.forceAuthentication", "true"));
+ static WsClient wsClient;
+ static WsClient adminWsClient;
- // /batch/index should never need authentication
- String batchIndex = orchestrator.getServer().wsClient().get("/batch/index");
- assertThat(batchIndex).isNotEmpty();
+ @BeforeClass
+ public static void setUp() throws Exception {
+ setServerProperty(orchestrator, "sonar.forceAuthentication", "true");
+ wsClient = newWsClient(orchestrator);
+ adminWsClient = newAdminWsClient(orchestrator);
+ }
- String jar = batchIndex.split("\\|")[0];
+ @AfterClass
+ public static void tearDown() throws Exception {
+ setServerProperty(orchestrator, "sonar.forceAuthentication", null);
+ }
- // /batch/file should never need authentication
- HttpClient httpclient = new DefaultHttpClient();
- try {
- HttpGet get = new HttpGet(orchestrator.getServer().getUrl() + "/batch/file?name=" + jar);
- HttpResponse response = httpclient.execute(get);
- assertThat(response.getStatusLine().getStatusCode()).isEqualTo(200);
- EntityUtils.consume(response.getEntity());
+ @Test
+ public void batch_ws_does_not_require_authentication() throws Exception {
+ WsResponse batchIndex = wsClient.wsConnector().call(new GetRequest("/batch/index")).failIfNotSuccessful();
+ String batchIndexContent = batchIndex.content();
- // As Sonar runner is still using /batch/key, we have to also verify it
- get = new HttpGet(orchestrator.getServer().getUrl() + "/batch/" + jar);
- response = httpclient.execute(get);
- assertThat(response.getStatusLine().getStatusCode()).isEqualTo(200);
- EntityUtils.consume(response.getEntity());
+ assertThat(batchIndexContent).isNotEmpty();
+ String jar = batchIndexContent.split("\\|")[0];
- } finally {
- httpclient.getConnectionManager().shutdown();
- }
+ assertThat(wsClient.wsConnector().call(
+ new GetRequest("/batch/file").setParam("name", jar)).failIfNotSuccessful().contentStream()).isNotNull();
- // but other java web services should need authentication
- try {
- orchestrator.getServer().wsClient().get("/api");
- } catch (HttpException e) {
- assertThat(e.getMessage()).contains("401");
- }
+ // As sonar-runner is still using deprecated /batch/key, we have to also verify it
+ assertThat(wsClient.wsConnector().call(new GetRequest("/batch/" + jar)).failIfNotSuccessful().contentStream()).isNotNull();
+ }
+
+ @Test
+ public void other_ws_require_authentication() throws Exception {
+ assertThat(wsClient.wsConnector().call(new GetRequest("/api/issues/search")).code()).isEqualTo(401);
+ assertThat(adminWsClient.wsConnector().call(new GetRequest("/api/issues/search")).code()).isEqualTo(200);
- } finally {
- orchestrator.getServer().getAdminWsClient().delete(new PropertyDeleteQuery("sonar.forceAuthentication"));
- }
+ assertThat(wsClient.wsConnector().call(new GetRequest("/api/rules/search")).code()).isEqualTo(401);
+ assertThat(adminWsClient.wsConnector().call(new GetRequest("/api/rules/search")).code()).isEqualTo(200);
}
}
userRule.createUser(LOGIN, "123456");
addUserPermission(LOGIN, "admin");
addUserPermission(LOGIN, "scan");
+
+ userRule.createUser("simple-user", "password");
}
@AfterClass
new SeleneseTest(Selenese.builder().setHtmlTestsInClasspath("authentication",
"/user/LocalAuthenticationTest/login_successful.html",
"/user/LocalAuthenticationTest/login_wrong_password.html",
+ "/user/LocalAuthenticationTest/should_not_be_unlogged_when_going_to_login_page.html",
+ "/user/LocalAuthenticationTest/redirect_to_login_when_not_enough_privilege.html",
// SONAR-2132
"/user/LocalAuthenticationTest/redirect_to_original_url_after_direct_login.html",
// SONAR-2009
- "/user/LocalAuthenticationTest/redirect_to_original_url_after_indirect_login.html"
- ).build()).runOn(ORCHESTRATOR);
+ "/user/LocalAuthenticationTest/redirect_to_original_url_after_indirect_login.html").build()).runOn(ORCHESTRATOR);
setServerProperty(ORCHESTRATOR, "sonar.forceAuthentication", "true");
new SeleneseTest(Selenese.builder().setHtmlTestsInClasspath("force-authentication",
// SONAR-3473
- "/user/LocalAuthenticationTest/force-authentication.html"
- ).build()).runOn(ORCHESTRATOR);
+ "/user/LocalAuthenticationTest/force-authentication.html").build()).runOn(ORCHESTRATOR);
}
@Test
*/
@Test
public void authentication_with_any_ws() throws Exception {
- assertThat(checkAuthenticationWithAnyWebService("admin", "admin").code()).isEqualTo(200);
- assertThat(checkAuthenticationWithAnyWebService("wrong", "admin").code()).isEqualTo(401);
- assertThat(checkAuthenticationWithAnyWebService("admin", "wrong").code()).isEqualTo(401);
- assertThat(checkAuthenticationWithAnyWebService("admin", null).code()).isEqualTo(401);
- assertThat(checkAuthenticationWithAnyWebService(null, null).code()).isEqualTo(200);
+ assertThat(checkAuthenticationWithAnyWS("admin", "admin").code()).isEqualTo(200);
+ assertThat(checkAuthenticationWithAnyWS("wrong", "admin").code()).isEqualTo(401);
+ assertThat(checkAuthenticationWithAnyWS("admin", "wrong").code()).isEqualTo(401);
+ assertThat(checkAuthenticationWithAnyWS("admin", null).code()).isEqualTo(401);
+ assertThat(checkAuthenticationWithAnyWS(null, null).code()).isEqualTo(200);
setServerProperty(ORCHESTRATOR, "sonar.forceAuthentication", "true");
- assertThat(checkAuthenticationWithAnyWebService("admin", "admin").code()).isEqualTo(200);
- assertThat(checkAuthenticationWithAnyWebService("wrong", "admin").code()).isEqualTo(401);
- assertThat(checkAuthenticationWithAnyWebService("admin", "wrong").code()).isEqualTo(401);
- assertThat(checkAuthenticationWithAnyWebService("admin", null).code()).isEqualTo(401);
- assertThat(checkAuthenticationWithAnyWebService(null, null).code()).isEqualTo(401);
+ assertThat(checkAuthenticationWithAnyWS("admin", "admin").code()).isEqualTo(200);
+ assertThat(checkAuthenticationWithAnyWS("wrong", "admin").code()).isEqualTo(401);
+ assertThat(checkAuthenticationWithAnyWS("admin", "wrong").code()).isEqualTo(401);
+ assertThat(checkAuthenticationWithAnyWS("admin", null).code()).isEqualTo(401);
+ assertThat(checkAuthenticationWithAnyWS(null, null).code()).isEqualTo(401);
}
private boolean checkAuthenticationWithAuthenticateWebService(String login, String password) {
return result.contains("{\"valid\":true}");
}
- private WsResponse checkAuthenticationWithAnyWebService(String login, String password) {
+ private WsResponse checkAuthenticationWithAnyWS(String login, String password) {
WsClient wsClient = WsClientFactories.getDefault().newClient(HttpConnector.newBuilder().url(ORCHESTRATOR.getServer().getUrl()).credentials(login, password).build());
// Call any WS
return wsClient.wsConnector().call(new GetRequest("api/rules/search"));
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head profile="http://selenium-ide.openqa.org/profiles/test-case">
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+ <title>redirect-to-original-url-after-direct-login</title>
+</head>
+<body>
+<table cellpadding="1" cellspacing="1" border="1">
+ <tbody>
+ <tr>
+ <td>open</td>
+ <td>/sessions/new</td>
+ <td></td>
+</tr>
+<tr>
+ <td>waitForText</td>
+ <td>content</td>
+ <td>*Log In to SonarQube*</td>
+</tr>
+<tr>
+ <td>type</td>
+ <td>id=login</td>
+ <td>simple-user</td>
+</tr>
+<tr>
+ <td>type</td>
+ <td>id=password</td>
+ <td>password</td>
+</tr>
+<tr>
+ <td>clickAndWait</td>
+ <td>commit</td>
+ <td></td>
+</tr>
+<tr>
+ <td>waitForElementPresent</td>
+ <td>css=.js-user-authenticated</td>
+ <td></td>
+</tr>
+<tr>
+ <td>open</td>
+ <td>/settings</td>
+ <td></td>
+</tr>
+<tr>
+ <td>waitForText</td>
+ <td>content</td>
+ <td>*Log In to SonarQube*</td>
+</tr>
+<tr>
+ <td>assertText</td>
+ <td>content</td>
+ <td>*You are not authorized to access this page. Please log in with more privileges and try again.*</td>
+</tr>
+</tbody>
+</table>
+</body>
+</html>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head profile="http://selenium-ide.openqa.org/profiles/test-case">
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+ <title>redirect-to-original-url-after-direct-login</title>
+</head>
+<body>
+<table cellpadding="1" cellspacing="1" border="1">
+ <tbody>
+ <tr>
+ <td>open</td>
+ <td>/sessions/new</td>
+ <td></td>
+</tr>
+<tr>
+ <td>waitForText</td>
+ <td>content</td>
+ <td>*Log In to SonarQube*</td>
+</tr>
+<tr>
+ <td>type</td>
+ <td>id=login</td>
+ <td>simple-user</td>
+</tr>
+<tr>
+ <td>type</td>
+ <td>id=password</td>
+ <td>password</td>
+</tr>
+<tr>
+ <td>clickAndWait</td>
+ <td>commit</td>
+ <td></td>
+</tr>
+<tr>
+ <td>waitForElementPresent</td>
+ <td>css=.js-user-authenticated</td>
+ <td></td>
+</tr>
+<tr>
+ <td>open</td>
+ <td>/sessions/new</td>
+ <td></td>
+</tr>
+<tr>
+ <td>waitForText</td>
+ <td>content</td>
+ <td>*Log In to SonarQube*</td>
+</tr>
+<tr>
+ <td>open</td>
+ <td>/</td>
+ <td></td>
+</tr>
+<tr>
+ <td>waitForText</td>
+ <td>css=.js-user-authenticated</td>
+ <td>*simple-user*</td>
+</tr>
+</tbody>
+</table>
+</body>
+</html>