SONAR-10222 Fail when searching member organizations and unauthenticated

author Guillaume Jambet <guillaume.jambet@sonarsource.com>

Fri, 5 Jan 2018 14:12:31 +0000 (15:12 +0100)

committer Stas Vilchik <stas.vilchik@sonarsource.com>

Wed, 14 Mar 2018 08:20:28 +0000 (09:20 +0100)
author Guillaume Jambet <guillaume.jambet@sonarsource.com>
Fri, 5 Jan 2018 14:12:31 +0000 (15:12 +0100)
committer Stas Vilchik <stas.vilchik@sonarsource.com>
Wed, 14 Mar 2018 08:20:28 +0000 (09:20 +0100)
diff --git a/server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchAction.java b/server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchAction.java

index 2b454da4f4d80e70e41ef672f5ed61c658c261ad..6e939c99bfa186b54d95c84e0f5453b7537434e0 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchAction.java
@@ -88,6 +88,11 @@ public class SearchAction implements OrganizationsWsAction {
  
    @Override
    public void handle(Request request, Response response) throws Exception {
+    boolean isMember = request.mandatoryParamAsBoolean(PARAM_MEMBER);
+    if (isMember){
+      userSession.checkLoggedIn();
+    }
+
      try (DbSession dbSession = dbClient.openSession(false)) {
        OrganizationQuery dbQuery = buildDbQuery(request);
        int total = dbClient.organizationDao().countByQuery(dbSession, dbQuery);
diff --git a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchActionTest.java

index 945b3159ee175ed49fc5a953327cafe8a788f286..4294078260cc77572f059a3aadc99cfa482fa226 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchActionTest.java
@@ -34,6 +34,7 @@ import org.sonar.db.DbTester;
  import org.sonar.db.organization.OrganizationDto;
  import org.sonar.db.user.GroupDto;
  import org.sonar.db.user.UserDto;
+import org.sonar.server.exceptions.UnauthorizedException;
  import org.sonar.server.organization.OrganizationValidationImpl;
  import org.sonar.server.tester.UserSessionRule;
  import org.sonar.server.ws.TestRequest;
@@ -290,6 +291,21 @@ public class SearchActionTest {
        .doesNotContain(organizationWithoutMember.getKey());
    }
  
+  @Test
+  public void fail_if_member_is_set_to_true_but_user_is_not_authenticated(){
+    UserDto user = db.users().insertUser();
+    OrganizationDto organization = db.organizations().insert();
+    db.organizations().addMember(organization, user);
+
+    userSession.anonymous();
+
+    expectedException.expect(UnauthorizedException.class);
+    expectedException.expectMessage("Authentication is required");
+
+    call(ws.newRequest().setParam(PARAM_MEMBER, String.valueOf(true)));
+  }
+
+
    private List<Organization> executeRequestAndReturnList(@Nullable Integer page, @Nullable Integer pageSize, String... keys) {
      return call(page, pageSize, keys).getOrganizationsList();
    }
author	Guillaume Jambet <guillaume.jambet@sonarsource.com>
	Fri, 5 Jan 2018 14:12:31 +0000 (15:12 +0100)
committer	Stas Vilchik <stas.vilchik@sonarsource.com>
	Wed, 14 Mar 2018 08:20:28 +0000 (09:20 +0100)
server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchAction.java		patch \| blob \| history
server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchActionTest.java		patch \| blob \| history