@Override
public void handle(Request request, Response response) throws Exception {
- if (!userSession.isSystemAdministrator() && !systemPasscode.isValid(request)) {
+ if (!systemPasscode.isValid(request) && !userSession.isSystemAdministrator()) {
throw AbstractUserSession.insufficientPrivilegesException();
}
@Override
public void handle(Request request, Response response) throws Exception {
- if (!userSession.isSystemAdministrator() && !systemPasscode.isValid(request)) {
+ if (!systemPasscode.isValid(request) && !userSession.isSystemAdministrator()) {
throw AbstractUserSession.insufficientPrivilegesException();
}
@Override
public void handle(Request request, Response response) throws Exception {
- if (!userSession.isSystemAdministrator() && !systemPasscode.isValid(request)) {
+ if (!systemPasscode.isValid(request) && !userSession.isSystemAdministrator()) {
throw AbstractUserSession.insufficientPrivilegesException();
}
@Override
public void handle(Request request, Response response) throws Exception {
- if (!isPassCodeAuthenticated(request) && !isSystemAdmin()) {
+ if (!systemPasscode.isValid(request) && !isSystemAdmin()) {
throw new ForbiddenException("Insufficient privileges");
}
return userSession.isSystemAdministrator();
}
- private boolean isPassCodeAuthenticated(Request request) {
- return systemPasscode.isConfigured() && systemPasscode.isValid(request);
- }
-
}
@Override
public void handle(Request request, Response response) throws Exception {
- if (!systemPasscode.isConfigured() || !systemPasscode.isValid(request)) {
+ if (!systemPasscode.isValid(request)) {
throw new ForbiddenException("Insufficient privileges");
}
* Passcode for accessing some web services, usually for connecting
* monitoring tools without using the credentials
* of a system administrator.
+ *
+ * Important - the web services accepting passcode must be listed in
+ * {@link org.sonar.server.authentication.UserSessionInitializer#URL_USING_PASSCODE}.
*/
public interface SystemPasscode {
/**
- * Whether the system passcode is configured in sonar.properties or not.
- * By default passcode is not defined and {@code false} is returned.
- */
- boolean isConfigured();
-
- /**
- * Whether the configured system passcode is provided by the HTTP request or not.
- * Returns {@code false} if {@link #isConfigured()} is {@code false}.
+ * Whether the system passcode is provided by the HTTP request or not.
+ * Returns {@code false} if passcode is not configured.
*/
boolean isValid(Request request);
this.configuration = configuration;
}
- @Override
- public boolean isConfigured() {
- return configuredPasscode != null;
- }
-
@Override
public boolean isValid(Request request) {
if (configuredPasscode == null) {
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
-import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.WebService;
import org.sonar.process.cluster.health.NodeDetails;
import org.sonar.process.cluster.health.NodeHealth;
@Test
public void request_fails_with_SystemPasscode_enabled_and_anonymous() {
- when(systemPasscode.isConfigured()).thenReturn(true);
+ when(systemPasscode.isValid(any())).thenReturn(false);
TestRequest request = underTest.newRequest();
expectForbiddenException();
@Test
public void request_fails_with_SystemPasscode_enabled_but_no_passcode_and_user_is_not_system_administrator() {
- when(systemPasscode.isConfigured()).thenReturn(true);
- when(systemPasscode.isValid(any(Request.class))).thenReturn(false);
+ when(systemPasscode.isValid(any())).thenReturn(false);
userSessionRule.logIn();
when(healthChecker.checkCluster()).thenReturn(randomStatusMinimalClusterHealth());
TestRequest request = underTest.newRequest();
@Test
public void request_succeeds_with_SystemPasscode_enabled_and_passcode() {
- when(systemPasscode.isConfigured()).thenReturn(true);
- when(systemPasscode.isValid(any(Request.class))).thenReturn(true);
+ when(systemPasscode.isValid(any())).thenReturn(true);
when(healthChecker.checkCluster()).thenReturn(randomStatusMinimalClusterHealth());
TestRequest request = underTest.newRequest();
}
@Test
- public void request_succeeds_with_SystemPasscode_disabled_and_user_is_system_administrator() {
- when(systemPasscode.isConfigured()).thenReturn(false);
- userSessionRule.logIn().setSystemAdministrator();
- when(healthChecker.checkCluster()).thenReturn(randomStatusMinimalClusterHealth());
- TestRequest request = underTest.newRequest();
-
- request.execute();
- }
-
- @Test
- public void request_succeeds_with_SystemPasscode_enabled_but_no_passcode_and_user_is_system_administrator() {
- when(systemPasscode.isConfigured()).thenReturn(true);
- when(systemPasscode.isValid(any(Request.class))).thenReturn(false);
- userSessionRule.logIn().setSystemAdministrator();
- when(healthChecker.checkCluster()).thenReturn(randomStatusMinimalClusterHealth());
- TestRequest request = underTest.newRequest();
-
- request.execute();
- }
-
- @Test
- public void request_succeeds_with_SystemPasscode_enabled_and_passcode_and_user_is_system_administrator() {
- when(systemPasscode.isConfigured()).thenReturn(true);
- when(systemPasscode.isValid(any(Request.class))).thenReturn(true);
+ public void request_succeeds_with_SystemPasscode_incorrect_and_user_is_system_administrator() {
+ when(systemPasscode.isValid(any())).thenReturn(false);
userSessionRule.logIn().setSystemAdministrator();
when(healthChecker.checkCluster()).thenReturn(randomStatusMinimalClusterHealth());
TestRequest request = underTest.newRequest();
*/
private void authenticateWithRandomMethod() {
if (random.nextBoolean()) {
- when(systemPasscode.isConfigured()).thenReturn(true);
if (random.nextBoolean()) {
- when(systemPasscode.isValid(any(Request.class))).thenReturn(true);
+ when(systemPasscode.isValid(any())).thenReturn(true);
} else {
- when(systemPasscode.isValid(any(Request.class))).thenReturn(false);
+ when(systemPasscode.isValid(any())).thenReturn(false);
userSessionRule.logIn().setSystemAdministrator();
}
} else {
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
-import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.WebService;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.health.Health;
}
@Test
- public void request_fails_with_ForbiddenException_when_PassCode_disabled() {
- when(systemPasscode.isConfigured()).thenReturn(false);
- when(systemPasscode.isValid(any(Request.class))).thenReturn(random.nextBoolean());
+ public void request_fails_with_ForbiddenException_when_PassCode_disabled_or_incorrect() {
+ when(systemPasscode.isValid(any())).thenReturn(false);
TestRequest request = underTest.newRequest();
expectForbiddenException();
}
@Test
- public void request_fails_with_ForbiddenException_when_PassCode_enabled_but_no_passcode() {
- when(systemPasscode.isConfigured()).thenReturn(true);
- when(systemPasscode.isValid(any(Request.class))).thenReturn(false);
- TestRequest request = underTest.newRequest();
-
- expectForbiddenException();
-
- request.execute();
- }
-
- @Test
- public void request_succeeds_when_PassCode_enabled_and_valid_passcode() {
+ public void request_succeeds_when_valid_passcode() {
authenticateWithPasscode();
when(healthChecker.checkNode())
.thenReturn(newHealthCheckBuilder()
}
private void authenticateWithPasscode() {
- when(systemPasscode.isConfigured()).thenReturn(true);
- when(systemPasscode.isValid(any(Request.class))).thenReturn(true);
+ when(systemPasscode.isValid(any())).thenReturn(true);
}
}
underTest.stop();
}
- @Test
- public void isConfigured_is_true_if_property_is_not_blank() {
- verifyIsConfigured("foo", true);
- }
-
- @Test
- public void isConfigured_is_false_if_property_value_is_blank() {
- verifyIsConfigured(" ", false);
- }
-
- @Test
- public void isConfigured_is_false_if_property_value_is_empty() {
- verifyIsConfigured("", false);
- }
-
- @Test
- public void isConfigured_is_false_if_property_is_not_defined() {
- assertThat(underTest.isConfigured()).isFalse();
- }
-
@Test
public void startup_logs_show_that_feature_is_enabled() {
configurePasscode("foo");
assertThat(logTester.logs(LoggerLevel.INFO)).contains("System authentication by passcode is disabled");
}
+ @Test
+ public void passcode_is_disabled_if_blank_configuration() {
+ configurePasscode("");
+ underTest.start();
+
+ assertThat(logTester.logs(LoggerLevel.INFO)).contains("System authentication by passcode is disabled");
+ }
+
@Test
public void isValid_is_true_if_request_header_matches_configured_passcode() {
verifyIsValid(true, "foo", "foo");
assertThat(underTest.isValid(request)).isEqualTo(expectedResult);
}
- private void verifyIsConfigured(String propertyValue, boolean expectedResult) {
- configurePasscode(propertyValue);
- assertThat(underTest.isConfigured()).isEqualTo(expectedResult);
- }
-
private void configurePasscode(String propertyValue) {
settings.setProperty("sonar.web.systemPasscode", propertyValue);
underTest.start();