SONAR-14606 failing install request with 400 when no consent

author Lukasz Jarocki <lukasz.jarocki@sonarsource.com>

Wed, 24 Mar 2021 08:09:01 +0000 (09:09 +0100)

committer sonartech <sonartech@sonarsource.com>

Thu, 15 Apr 2021 20:03:44 +0000 (20:03 +0000)
author Lukasz Jarocki <lukasz.jarocki@sonarsource.com>
Wed, 24 Mar 2021 08:09:01 +0000 (09:09 +0100)
committer sonartech <sonartech@sonarsource.com>
Thu, 15 Apr 2021 20:03:44 +0000 (20:03 +0000)
diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/plugins/ws/InstallAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/plugins/ws/InstallAction.java

index 09d043b7415491dc894d77aacfe0e68d734e7244..cac53ada5d79231a1cb788c54eabcf8e32580bfc 100644 (file)
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/plugins/ws/InstallAction.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/plugins/ws/InstallAction.java
@@ -19,11 +19,16 @@
   */
  package org.sonar.server.plugins.ws;
  
+import java.net.HttpURLConnection;
  import java.util.Objects;
  import java.util.Optional;
+
+import org.sonar.api.config.Configuration;
  import org.sonar.api.server.ws.Request;
  import org.sonar.api.server.ws.Response;
  import org.sonar.api.server.ws.WebService;
+import org.sonar.core.extension.PluginRiskConsent;
+import org.sonar.server.exceptions.ServerException;
  import org.sonar.server.plugins.PluginDownloader;
  import org.sonar.server.plugins.UpdateCenterMatrixFactory;
  import org.sonar.server.user.UserSession;
@@ -31,6 +36,7 @@ import org.sonar.updatecenter.common.PluginUpdate;
  import org.sonar.updatecenter.common.UpdateCenter;
  
  import static java.lang.String.format;
+import static org.sonar.core.config.CorePropertyDefinitions.PLUGINS_RISK_CONSENT;
  import static org.sonar.server.plugins.edition.EditionBundledPlugins.isEditionBundled;
  
  /**
@@ -43,12 +49,14 @@ public class InstallAction implements PluginsWsAction {
    private final UpdateCenterMatrixFactory updateCenterFactory;
    private final PluginDownloader pluginDownloader;
    private final UserSession userSession;
+  private final Configuration configuration;
  
-  public InstallAction(UpdateCenterMatrixFactory updateCenterFactory,
-    PluginDownloader pluginDownloader, UserSession userSession) {
+  public InstallAction(UpdateCenterMatrixFactory updateCenterFactory, PluginDownloader pluginDownloader,
+    UserSession userSession, Configuration configuration) {
      this.updateCenterFactory = updateCenterFactory;
      this.pluginDownloader = pluginDownloader;
      this.userSession = userSession;
+    this.configuration = configuration;
    }
  
    @Override
@@ -70,6 +78,9 @@ public class InstallAction implements PluginsWsAction {
    @Override
    public void handle(Request request, Response response) throws Exception {
      userSession.checkIsSystemAdministrator();
+    if (!hasPluginInstallConsent()) {
+      throw new IllegalArgumentException("Can't install plugin without accepting firstly plugins risk consent");
+    }
  
      String key = request.mandatoryParam(PARAM_KEY);
      PluginUpdate pluginUpdate = findAvailablePluginByKey(key);
@@ -77,6 +88,11 @@ public class InstallAction implements PluginsWsAction {
      response.noContent();
    }
  
+  private boolean hasPluginInstallConsent() {
+    Optional<String> pluginRiskConsent = configuration.get(PLUGINS_RISK_CONSENT);
+    return pluginRiskConsent.filter(s -> PluginRiskConsent.valueOf(s) == PluginRiskConsent.ACCEPTED).isPresent();
+  }
+
    private PluginUpdate findAvailablePluginByKey(String key) {
      PluginUpdate pluginUpdate = null;
  
diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/plugins/ws/InstallActionTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/plugins/ws/InstallActionTest.java

index 70396fb6077e22a28b8fb4666841cea0c7a96ea1..a3d36b670c3f2db414c5a90e1b236a47944c6eae 100644 (file)
--- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/plugins/ws/InstallActionTest.java
+++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/plugins/ws/InstallActionTest.java
@@ -23,14 +23,19 @@ import com.google.common.collect.ImmutableList;
  import com.tngtech.java.junit.dataprovider.DataProvider;
  import com.tngtech.java.junit.dataprovider.DataProviderRunner;
  import com.tngtech.java.junit.dataprovider.UseDataProvider;
+
  import java.util.Optional;
+
  import org.junit.Before;
  import org.junit.Rule;
  import org.junit.Test;
  import org.junit.rules.ExpectedException;
  import org.junit.runner.RunWith;
+import org.sonar.api.config.Configuration;
  import org.sonar.api.server.ws.WebService;
+import org.sonar.core.extension.PluginRiskConsent;
  import org.sonar.server.exceptions.ForbiddenException;
+import org.sonar.server.exceptions.ServerException;
  import org.sonar.server.plugins.PluginDownloader;
  import org.sonar.server.plugins.UpdateCenterMatrixFactory;
  import org.sonar.server.tester.UserSessionRule;
@@ -43,10 +48,12 @@ import org.sonar.updatecenter.common.UpdateCenter;
  import org.sonar.updatecenter.common.Version;
  
  import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
  import static org.mockito.ArgumentMatchers.anyBoolean;
  import static org.mockito.Mockito.mock;
  import static org.mockito.Mockito.verify;
  import static org.mockito.Mockito.when;
+import static org.sonar.core.config.CorePropertyDefinitions.PLUGINS_RISK_CONSENT;
  
  @RunWith(DataProviderRunner.class)
  public class InstallActionTest {
@@ -62,12 +69,14 @@ public class InstallActionTest {
    private UpdateCenterMatrixFactory updateCenterFactory = mock(UpdateCenterMatrixFactory.class);
    private UpdateCenter updateCenter = mock(UpdateCenter.class);
    private PluginDownloader pluginDownloader = mock(PluginDownloader.class);
-  private InstallAction underTest = new InstallAction(updateCenterFactory, pluginDownloader, userSessionRule);
+  private Configuration configuration = mock(Configuration.class);
+  private InstallAction underTest = new InstallAction(updateCenterFactory, pluginDownloader, userSessionRule, configuration);
    private WsActionTester tester = new WsActionTester(underTest);
  
    @Before
    public void wireMocks() {
      when(updateCenterFactory.getUpdateCenter(anyBoolean())).thenReturn(Optional.of(updateCenter));
+    when(configuration.get(PLUGINS_RISK_CONSENT)).thenReturn(Optional.of(PluginRiskConsent.ACCEPTED.name()));
    }
  
    @Test
@@ -142,7 +151,7 @@ public class InstallActionTest {
  
    @DataProvider
    public static Object[][] editionBundledOrganizationAndLicense() {
-    return new Object[][] {
+    return new Object[][]{
        {"SonarSource", "SonarSource"},
        {"SonarSource", "Commercial"},
        {"sonarsource", "SOnArSOURCE"}
@@ -177,6 +186,20 @@ public class InstallActionTest {
      response.assertNoContent();
    }
  
+  @Test
+  public void handle_givenRiskConsentNotAccepted_expectServerError() {
+    logInAsSystemAdministrator();
+
+    when(configuration.get(PLUGINS_RISK_CONSENT)).thenReturn(Optional.of(PluginRiskConsent.NOT_ACCEPTED.name()));
+
+    assertThatThrownBy(() -> tester.newRequest()
+      .setParam(KEY_PARAM, PLUGIN_KEY)
+      .execute())
+      .isInstanceOf(IllegalArgumentException.class)
+      .hasMessage("Can't install plugin without accepting firstly plugins risk consent");
+
+  }
+
    private void logInAsSystemAdministrator() {
      userSessionRule.logIn().setSystemAdministrator();
    }
author	Lukasz Jarocki <lukasz.jarocki@sonarsource.com>
	Wed, 24 Mar 2021 08:09:01 +0000 (09:09 +0100)
committer	sonartech <sonartech@sonarsource.com>
	Thu, 15 Apr 2021 20:03:44 +0000 (20:03 +0000)
server/sonar-webserver-webapi/src/main/java/org/sonar/server/plugins/ws/InstallAction.java		patch \| blob \| history
server/sonar-webserver-webapi/src/test/java/org/sonar/server/plugins/ws/InstallActionTest.java		patch \| blob \| history