]> source.dussan.org Git - sonarqube.git/commitdiff
projects / sonarqube.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 247a097)
Fix /api/authentication/validate
authorJulien Lancelot <julien.lancelot@sonarsource.com>
Mon, 25 Jan 2016 16:49:40 +0000 (17:49 +0100)
committerJulien Lancelot <julien.lancelot@sonarsource.com>
Mon, 25 Jan 2016 16:49:40 +0000 (17:49 +0100)
authentication_controler was using symbol :user_id instead of string 'user_id' to access to user id from session

it/it-tests/src/test/java/it/authorisation/AuthenticationTest.java patch | blob | history
server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/authentication_controller.rb patch | blob | history

diff --git a/it/it-tests/src/test/java/it/authorisation/AuthenticationTest.java b/it/it-tests/src/test/java/it/authorisation/AuthenticationTest.java
index 1ed047c08bbae832742e920bedc7bffe31e03dea..5b390ec997684bb6809d6f6025109cd1e2c61c38 100644 (file)
--- a/it/it-tests/src/test/java/it/authorisation/AuthenticationTest.java
+++ b/it/it-tests/src/test/java/it/authorisation/AuthenticationTest.java
@@ -30,6 +30,7 @@ import org.junit.BeforeClass;
 import org.junit.ClassRule;
 import org.junit.Ignore;
 import org.junit.Test;
+import org.sonar.wsclient.services.PropertyUpdateQuery;
 import org.sonarqube.ws.WsUserTokens;
 import org.sonarqube.ws.client.GetRequest;
 import org.sonarqube.ws.client.HttpConnector;
@@ -169,6 +170,26 @@ public class AuthenticationTest {
     assertThat(buildResult.isSuccess()).isFalse();
   }
 
+  @Test
+  public void authentication_with_web_service() {
+    assertThat(checkAuthenticationThroughWebService("admin", "admin")).isTrue();
+    assertThat(checkAuthenticationThroughWebService("wrong", "admin")).isFalse();
+    assertThat(checkAuthenticationThroughWebService("admin", "wrong")).isFalse();
+    assertThat(checkAuthenticationThroughWebService(null, null)).isTrue();
+
+    ORCHESTRATOR.getServer().getAdminWsClient().update(new PropertyUpdateQuery("sonar.forceAuthentication", "true"));
+
+    assertThat(checkAuthenticationThroughWebService("admin", "admin")).isTrue();
+    assertThat(checkAuthenticationThroughWebService("wrong", "admin")).isFalse();
+    assertThat(checkAuthenticationThroughWebService("admin", "wrong")).isFalse();
+    assertThat(checkAuthenticationThroughWebService(null, null)).isFalse();
+  }
+
+  private boolean checkAuthenticationThroughWebService(String login, String password) {
+    String result = ORCHESTRATOR.getServer().wsClient(login, password).get("/api/authentication/validate");
+    return result.contains("true");
+  }
+
   private static void createUser(String login, String password) {
     adminWsClient.wsConnector().call(
       new PostRequest("api/users/create")
diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/authentication_controller.rb b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/authentication_controller.rb
index 2429a9b8bcfd67fb7529967ec314d29b2eb37f67..5ab761d41b82b0c66730b93f0d77611fc1312ed9 100644 (file)
--- a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/authentication_controller.rb
+++ b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/authentication_controller.rb
@@ -55,7 +55,7 @@ class Api::AuthenticationController < Api::ApiController
   end
 
   def anonymous?
-    !session.has_key?(:user_id)
+    !session.has_key?('user_id')
   end
 
   def set_cache_buster
Continuous Inspection: https://github.com/SonarSource/sonarqube