]> source.dussan.org Git - sonarqube.git/commitdiff
SONAR-8416 fix quality flaws (duplicated code and other)
authorSébastien Lesaint <sebastien.lesaint@sonarsource.com>
Fri, 2 Dec 2016 08:12:18 +0000 (09:12 +0100)
committerSébastien Lesaint <sebastien.lesaint@sonarsource.com>
Wed, 14 Dec 2016 16:09:10 +0000 (17:09 +0100)
server/sonar-server/src/main/java/org/sonar/server/authentication/AuthenticationFilter.java [new file with mode: 0644]
server/sonar-server/src/main/java/org/sonar/server/authentication/InitFilter.java
server/sonar-server/src/main/java/org/sonar/server/authentication/OAuth2CallbackFilter.java
server/sonar-server/src/main/java/org/sonar/server/authentication/OAuthCsrfVerifier.java
server/sonar-server/src/test/java/org/sonar/server/authentication/InitFilterTest.java

diff --git a/server/sonar-server/src/main/java/org/sonar/server/authentication/AuthenticationFilter.java b/server/sonar-server/src/main/java/org/sonar/server/authentication/AuthenticationFilter.java
new file mode 100644 (file)
index 0000000..7ff8581
--- /dev/null
@@ -0,0 +1,73 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2016 SonarSource SA
+ * mailto:contact AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.server.authentication;
+
+import javax.annotation.CheckForNull;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.sonar.api.platform.Server;
+import org.sonar.api.server.authentication.IdentityProvider;
+import org.sonar.api.web.ServletFilter;
+
+import static com.google.common.base.Strings.isNullOrEmpty;
+import static java.lang.String.format;
+import static org.sonar.server.authentication.AuthenticationError.handleError;
+
+public abstract class AuthenticationFilter extends ServletFilter {
+  static final String CALLBACK_PATH = "/oauth2/callback/";
+  private final IdentityProviderRepository identityProviderRepository;
+  private final Server server;
+
+  public AuthenticationFilter(Server server, IdentityProviderRepository identityProviderRepository) {
+    this.server = server;
+    this.identityProviderRepository = identityProviderRepository;
+  }
+
+  /**
+   * @return the {@link IdentityProvider} for the key extracted in the request if is exists, or {@code null}, in which
+   *         case the request is fully handled and caller should not handle it
+   */
+  @CheckForNull
+  IdentityProvider resolveProviderOrHandleResponse(HttpServletRequest request, HttpServletResponse response, String path) {
+    String requestUri = request.getRequestURI();
+    String providerKey = extractKeyProvider(requestUri, server.getContextPath() + path);
+    if (providerKey == null) {
+      handleError(response, "No provider key found in URI");
+      return null;
+    }
+    try {
+      return identityProviderRepository.getEnabledByKey(providerKey);
+    } catch (Exception e) {
+      handleError(e, response, format("Failed to retrieve IdentityProvider for key '%s'", providerKey));
+      return null;
+    }
+  }
+
+  @CheckForNull
+  private static String extractKeyProvider(String requestUri, String context) {
+    if (requestUri.contains(context)) {
+      String key = requestUri.replace(context, "");
+      if (!isNullOrEmpty(key)) {
+        return key;
+      }
+    }
+    return null;
+  }
+}
index a95f788b81022ce81c3e7edd60b50d6a6d41853d..89857702f3b801dc9af64fc5d215e8de90366603 100644 (file)
@@ -20,7 +20,6 @@
 package org.sonar.server.authentication;
 
 import java.io.IOException;
-import javax.annotation.CheckForNull;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
@@ -33,32 +32,27 @@ import org.sonar.api.server.authentication.BaseIdentityProvider;
 import org.sonar.api.server.authentication.IdentityProvider;
 import org.sonar.api.server.authentication.OAuth2IdentityProvider;
 import org.sonar.api.server.authentication.UnauthorizedException;
-import org.sonar.api.web.ServletFilter;
 import org.sonar.server.authentication.event.AuthenticationEvent;
 import org.sonar.server.authentication.event.AuthenticationException;
 
-import static com.google.common.base.Strings.isNullOrEmpty;
 import static java.lang.String.format;
 import static org.sonar.server.authentication.AuthenticationError.handleAuthenticationError;
 import static org.sonar.server.authentication.AuthenticationError.handleError;
 import static org.sonar.server.authentication.event.AuthenticationEvent.Source;
 
-public class InitFilter extends ServletFilter {
+public class InitFilter extends AuthenticationFilter {
 
   private static final String INIT_CONTEXT = "/sessions/init/";
 
-  private final IdentityProviderRepository identityProviderRepository;
   private final BaseContextFactory baseContextFactory;
   private final OAuth2ContextFactory oAuth2ContextFactory;
-  private final Server server;
   private final AuthenticationEvent authenticationEvent;
 
   public InitFilter(IdentityProviderRepository identityProviderRepository, BaseContextFactory baseContextFactory,
     OAuth2ContextFactory oAuth2ContextFactory, Server server, AuthenticationEvent authenticationEvent) {
-    this.identityProviderRepository = identityProviderRepository;
+    super(server, identityProviderRepository);
     this.baseContextFactory = baseContextFactory;
     this.oAuth2ContextFactory = oAuth2ContextFactory;
-    this.server = server;
     this.authenticationEvent = authenticationEvent;
   }
 
@@ -72,39 +66,12 @@ public class InitFilter extends ServletFilter {
     HttpServletRequest httpRequest = (HttpServletRequest) request;
     HttpServletResponse httpResponse = (HttpServletResponse) response;
 
-    IdentityProvider provider = resolveProviderOrHandleResponse(httpRequest, httpResponse);
+    IdentityProvider provider = resolveProviderOrHandleResponse(httpRequest, httpResponse, INIT_CONTEXT);
     if (provider != null) {
       handleProvider(httpRequest, httpResponse, provider);
     }
   }
 
-  @CheckForNull
-  private IdentityProvider resolveProviderOrHandleResponse(HttpServletRequest request, HttpServletResponse response) {
-    String requestURI = request.getRequestURI();
-    String providerKey = extractKeyProvider(requestURI, server.getContextPath() + INIT_CONTEXT);
-    if (providerKey == null) {
-      handleError(response, "No provider key found in URI");
-      return null;
-    }
-    try {
-      return identityProviderRepository.getEnabledByKey(providerKey);
-    } catch (Exception e) {
-      handleError(e, response, format("Failed to retrieve IdentityProvider for key '%s'", providerKey));
-      return null;
-    }
-  }
-
-  @CheckForNull
-  private static String extractKeyProvider(String requestUri, String context) {
-    if (requestUri.contains(context)) {
-      String key = requestUri.replace(context, "");
-      if (!isNullOrEmpty(key)) {
-        return key;
-      }
-    }
-    return null;
-  }
-
   private void handleProvider(HttpServletRequest request, HttpServletResponse response, IdentityProvider provider) {
     try {
       if (provider instanceof BaseIdentityProvider) {
index d376634d3db5940b74054dff5b1325d1e2a281b5..5ae0537e9144ab842b55370ec24ae3fa98bfae69 100644 (file)
@@ -33,30 +33,23 @@ import org.sonar.api.server.authentication.IdentityProvider;
 import org.sonar.api.server.authentication.OAuth2IdentityProvider;
 import org.sonar.api.server.authentication.UnauthorizedException;
 import org.sonar.api.server.authentication.UserIdentity;
-import org.sonar.api.web.ServletFilter;
 import org.sonar.server.authentication.event.AuthenticationEvent;
 import org.sonar.server.authentication.event.AuthenticationException;
 
-import static com.google.common.base.Strings.isNullOrEmpty;
 import static java.lang.String.format;
 import static org.sonar.server.authentication.AuthenticationError.handleAuthenticationError;
 import static org.sonar.server.authentication.AuthenticationError.handleError;
 import static org.sonar.server.authentication.event.AuthenticationEvent.Source;
 
-public class OAuth2CallbackFilter extends ServletFilter {
+public class OAuth2CallbackFilter extends AuthenticationFilter {
 
-  public static final String CALLBACK_PATH = "/oauth2/callback/";
-
-  private final IdentityProviderRepository identityProviderRepository;
   private final OAuth2ContextFactory oAuth2ContextFactory;
-  private final Server server;
   private final AuthenticationEvent authenticationEvent;
 
   public OAuth2CallbackFilter(IdentityProviderRepository identityProviderRepository, OAuth2ContextFactory oAuth2ContextFactory,
     Server server, AuthenticationEvent authenticationEvent) {
-    this.identityProviderRepository = identityProviderRepository;
+    super(server, identityProviderRepository);
     this.oAuth2ContextFactory = oAuth2ContextFactory;
-    this.server = server;
     this.authenticationEvent = authenticationEvent;
   }
 
@@ -70,39 +63,12 @@ public class OAuth2CallbackFilter extends ServletFilter {
     HttpServletRequest httpRequest = (HttpServletRequest) request;
     HttpServletResponse httpResponse = (HttpServletResponse) response;
 
-    IdentityProvider provider = resolveProviderOrHandleResponse(httpRequest, httpResponse);
+    IdentityProvider provider = resolveProviderOrHandleResponse(httpRequest, httpResponse, CALLBACK_PATH);
     if (provider != null) {
       handleProvider(httpRequest, (HttpServletResponse) response, provider);
     }
   }
 
-  @CheckForNull
-  private IdentityProvider resolveProviderOrHandleResponse(HttpServletRequest request, HttpServletResponse response) {
-    String requestUri = request.getRequestURI();
-    String providerKey = extractKeyProvider(requestUri, server.getContextPath() + CALLBACK_PATH);
-    if (providerKey == null) {
-      handleError(response, "No provider key found in URI");
-      return null;
-    }
-    try {
-      return identityProviderRepository.getEnabledByKey(providerKey);
-    } catch (Exception e) {
-      handleError(e, response, format("Failed to retrieve IdentityProvider for key '%s'", providerKey));
-      return null;
-    }
-  }
-
-  @CheckForNull
-  private static String extractKeyProvider(String requestUri, String context) {
-    if (requestUri.contains(context)) {
-      String key = requestUri.replace(context, "");
-      if (!isNullOrEmpty(key)) {
-        return key;
-      }
-    }
-    return null;
-  }
-
   private void handleProvider(HttpServletRequest request, HttpServletResponse response, IdentityProvider provider) {
     try {
       if (provider instanceof OAuth2IdentityProvider) {
index 874734d859a8595091e1942f8c350e43fec85dbd..2c29f2c1a093cf19e82f7292baa9726bfd0ed3bb 100644 (file)
@@ -48,10 +48,9 @@ public class OAuthCsrfVerifier {
 
   public void verifyState(HttpServletRequest request, HttpServletResponse response, OAuth2IdentityProvider provider) {
     Cookie cookie = findCookie(CSRF_STATE_COOKIE, request)
-      .orElseThrow(() -> AuthenticationException.newBuilder()
+      .orElseThrow(AuthenticationException.newBuilder()
         .setSource(Source.oauth2(provider))
-        .setMessage(format("Cookie '%s' is missing", CSRF_STATE_COOKIE))
-        .build());
+        .setMessage(format("Cookie '%s' is missing", CSRF_STATE_COOKIE))::build);
     String hashInCookie = cookie.getValue();
 
     // remove cookie
index 10dabe5f749c1b6c612d53c50666fc59a97672c5..c1375e0e4f5d12253e7d910581883640a01c9266 100644 (file)
@@ -154,7 +154,6 @@ public class InitFilterTest {
 
     assertError("Unsupported IdentityProvider class: class org.sonar.server.authentication.InitFilterTest$UnsupportedIdentityProvider");
     verifyZeroInteractions(authenticationEvent);
-
   }
 
   @Test