From: Antoine Vigneau Date: Tue, 19 Mar 2024 10:58:22 +0000 (+0100) Subject: SONAR-21878 Fix SSF-568 X-Git-Tag: 10.5.0.89998~115 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=1132d4e2e6d28cc7d1832202935fed17f874e0de;p=sonarqube.git SONAR-21878 Fix SSF-568 --- diff --git a/server/sonar-web/src/main/js/apps/settings/components/almIntegration/BitbucketServerForm.tsx b/server/sonar-web/src/main/js/apps/settings/components/almIntegration/BitbucketServerForm.tsx index 9a2fe35b151..9e48f6a0dbb 100644 --- a/server/sonar-web/src/main/js/apps/settings/components/almIntegration/BitbucketServerForm.tsx +++ b/server/sonar-web/src/main/js/apps/settings/components/almIntegration/BitbucketServerForm.tsx @@ -47,11 +47,12 @@ export default function BitbucketServerForm(props: BitbucketServerFormProps) { /> + <> + {translate('settings.almintegration.form.url.bitbucket.help')} +
+
+ {translate('settings.almintegration.form.url.bitbucket.pat_warning')} + } id="url.bitbucket" maxLength={2000} diff --git a/server/sonar-webserver-webapi/src/it/java/org/sonar/server/almsettings/ws/UpdateBitbucketActionIT.java b/server/sonar-webserver-webapi/src/it/java/org/sonar/server/almsettings/ws/UpdateBitbucketActionIT.java index 948abd11faf..c074756df70 100644 --- a/server/sonar-webserver-webapi/src/it/java/org/sonar/server/almsettings/ws/UpdateBitbucketActionIT.java +++ b/server/sonar-webserver-webapi/src/it/java/org/sonar/server/almsettings/ws/UpdateBitbucketActionIT.java @@ -31,6 +31,7 @@ import org.sonar.server.component.ComponentFinder; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.tester.UserSessionRule; +import org.sonar.server.ws.TestRequest; import org.sonar.server.ws.WsActionTester; import static java.lang.String.format; @@ -88,7 +89,23 @@ public class UpdateBitbucketActionIT { } @Test - public void update_without_pat() { + public void fail_when_url_updated_without_pat() { + UserDto user = db.users().insertUser(); + userSession.logIn(user).setSystemAdministrator(); + + AlmSettingDto almSettingDto = db.almSettings().insertBitbucketAlmSetting(); + + TestRequest request = ws.newRequest() + .setParam("key", almSettingDto.getKey()) + .setParam("url", "https://bitbucket.enterprise-unicorn.com"); + + assertThatThrownBy(() -> request.execute()) + .isInstanceOf(IllegalArgumentException.class) + .hasMessage("Please provide the Personal Access Token to update the URL."); + } + + @Test + public void update_with_url_change_needs_path() { UserDto user = db.users().insertUser(); userSession.logIn(user).setSystemAdministrator(); @@ -97,10 +114,12 @@ public class UpdateBitbucketActionIT { ws.newRequest() .setParam("key", almSettingDto.getKey()) .setParam("url", "https://bitbucket.enterprise-unicorn.com") + .setParam("personalAccessToken", "0123456789") .execute(); + assertThat(db.getDbClient().almSettingDao().selectAll(db.getSession())) .extracting(AlmSettingDto::getKey, AlmSettingDto::getUrl, s -> s.getDecryptedPersonalAccessToken(encryption)) - .containsOnly(tuple(almSettingDto.getKey(), "https://bitbucket.enterprise-unicorn.com", almSettingDto.getDecryptedPersonalAccessToken(encryption))); + .containsOnly(tuple(almSettingDto.getKey(), "https://bitbucket.enterprise-unicorn.com", "0123456789")); } @Test diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/AlmSettingsSupport.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/AlmSettingsSupport.java index 182c3cb11f9..b0b3c247a7f 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/AlmSettingsSupport.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/AlmSettingsSupport.java @@ -113,8 +113,16 @@ public class AlmSettingsSupport { } public void checkPrivateKeyOnUrlUpdate(AlmSettingDto almSettingDto, String url, @Nullable String privateKey) { - if (!url.equals(almSettingDto.getUrl()) && isEmpty(privateKey)) { - throw new IllegalArgumentException("Please provide the Private Key to update the URL."); + checkCredentialArtifactOnUrlUpdate(url, almSettingDto, privateKey, "Please provide the Private Key to update the URL."); + } + + public void checkPatOnUrlUpdate(AlmSettingDto almSettingDto, String url, @Nullable String pat) { + checkCredentialArtifactOnUrlUpdate(url, almSettingDto, pat, "Please provide the Personal Access Token to update the URL."); + } + + private static void checkCredentialArtifactOnUrlUpdate(String url, AlmSettingDto almSettingDto, @Nullable String credentialArtifact, String errorMessage) { + if (!url.equals(almSettingDto.getUrl()) && isEmpty(credentialArtifact)) { + throw new IllegalArgumentException(errorMessage); } } } diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/UpdateBitbucketAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/UpdateBitbucketAction.java index e7d330729f1..bd0882fa035 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/UpdateBitbucketAction.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/UpdateBitbucketAction.java @@ -85,7 +85,6 @@ public class UpdateBitbucketAction implements AlmSettingsWsAction { private void doHandle(Request request) { String key = request.mandatoryParam(PARAM_KEY); String newKey = request.param(PARAM_NEW_KEY); - String url = request.mandatoryParam(PARAM_URL); String pat = request.param(PARAM_PERSONAL_ACCESS_TOKEN); try (DbSession dbSession = dbClient.openSession(false)) { @@ -94,6 +93,9 @@ public class UpdateBitbucketAction implements AlmSettingsWsAction { almSettingsSupport.checkAlmSettingDoesNotAlreadyExist(dbSession, newKey); } + String url = request.mandatoryParam(PARAM_URL); + almSettingsSupport.checkPatOnUrlUpdate(almSettingDto, url, pat); + if (isNotBlank(pat)) { almSettingDto.setPersonalAccessToken(pat); } diff --git a/sonar-core/src/main/resources/org/sonar/l10n/core.properties b/sonar-core/src/main/resources/org/sonar/l10n/core.properties index 6fe31ea22cd..1d898ce9376 100644 --- a/sonar-core/src/main/resources/org/sonar/l10n/core.properties +++ b/sonar-core/src/main/resources/org/sonar/l10n/core.properties @@ -1456,11 +1456,12 @@ settings.almintegration.form.url.azure=Azure DevOps URL settings.almintegration.form.url.azure.help1=For Azure DevOps Server, provide the full collection URL: settings.almintegration.form.url.azure.help2=For Azure DevOps Services, provide the full organization URL: settings.almintegration.form.url.bitbucket=Bitbucket Server URL -settings.almintegration.form.url.bitbucket.help=Example: {example} +settings.almintegration.form.url.bitbucket.help=Example: https://bitbucket-server.your-company.com +settings.almintegration.form.url.bitbucket.pat_warning=For security reasons, please make sure to provide the Personal Access Token to update the URL. settings.almintegration.form.url.github=GitHub API URL settings.almintegration.form.url.github.help1=Example for GitHub Enterprise: settings.almintegration.form.url.github.help2=If using GitHub.com: -settings.almintegration.form.url.github.private_key_warning=Please make sure to provide the GitHub App private key for updating the URL. +settings.almintegration.form.url.github.private_key_warning=For security reasons, please make sure to provide the GitHub App private key to update the URL. settings.almintegration.form.url.gitlab=GitLab API URL settings.almintegration.form.url.gitlab.help=Provide the GitLab API URL. For example: settings.almintegration.form.app_id=GitHub App ID