From: Guillaume Jambet <guillaume.jambet@sonarsource.com>
Date: Fri, 3 Nov 2017 16:20:02 +0000 (+0100)
Subject: SONAR-10040 add length validation to Tokens ws
X-Git-Tag: 7.0-RC1~352
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=2f2bee91083c3e6f0ed2c195bd5e2aebbe5e4be2;p=sonarqube.git

SONAR-10040 add length validation to Tokens ws
---

diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/user/UserTokenDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/user/UserTokenDto.java
index e2b859725f2..53f2e00c7ea 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/user/UserTokenDto.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/user/UserTokenDto.java
@@ -20,7 +20,6 @@
 package org.sonar.db.user;
 
 import static org.sonar.db.user.UserTokenValidator.checkTokenHash;
-import static org.sonar.db.user.UserTokenValidator.checkTokenName;
 
 public class UserTokenDto {
   private String login;
@@ -42,7 +41,7 @@ public class UserTokenDto {
   }
 
   public UserTokenDto setName(String name) {
-    this.name = checkTokenName(name);
+    this.name = name;
     return this;
   }
 
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/user/UserTokenValidator.java b/server/sonar-db-dao/src/main/java/org/sonar/db/user/UserTokenValidator.java
index be4a82a32a9..6917c2f7a3e 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/user/UserTokenValidator.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/user/UserTokenValidator.java
@@ -19,23 +19,17 @@
  */
 package org.sonar.db.user;
 
-import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkState;
 
 public class UserTokenValidator {
-  private static final int MAX_TOKEN_NAME_LENGTH = 100;
   private static final int MAX_TOKEN_HASH_LENGTH = 255;
 
   private UserTokenValidator() {
     // utility methods
   }
 
-  public static String checkTokenName(String name) {
-    checkArgument(name.length() <= MAX_TOKEN_NAME_LENGTH, "Token name length (%s) is longer than the maximum authorized (%s)", name.length(), MAX_TOKEN_NAME_LENGTH);
-    return name;
-  }
-
   static String checkTokenHash(String hash) {
-    checkArgument(hash.length() <= MAX_TOKEN_HASH_LENGTH, "Token hash length (%s) is longer than the maximum authorized (%s)", hash.length(), MAX_TOKEN_HASH_LENGTH);
+    checkState(hash.length() <= MAX_TOKEN_HASH_LENGTH, "Token hash length (%s) is longer than the maximum authorized (%s)", hash.length(), MAX_TOKEN_HASH_LENGTH);
     return hash;
   }
 }
diff --git a/server/sonar-db-dao/src/test/java/org/sonar/db/user/UserTokenDtoTest.java b/server/sonar-db-dao/src/test/java/org/sonar/db/user/UserTokenDtoTest.java
index ab3dfd93799..d0d5f575f6f 100644
--- a/server/sonar-db-dao/src/test/java/org/sonar/db/user/UserTokenDtoTest.java
+++ b/server/sonar-db-dao/src/test/java/org/sonar/db/user/UserTokenDtoTest.java
@@ -29,17 +29,9 @@ public class UserTokenDtoTest {
   @Rule
   public ExpectedException expectedException = ExpectedException.none();
 
-  @Test
-  public void fail_if_name_is_longer_than_100_characters() {
-    expectedException.expect(IllegalArgumentException.class);
-    expectedException.expectMessage("Token name length (101) is longer than the maximum authorized (100)");
-
-    new UserTokenDto().setName(randomAlphabetic(101));
-  }
-
   @Test
   public void fail_if_token_hash_is_longer_than_255_characters() {
-    expectedException.expect(IllegalArgumentException.class);
+    expectedException.expect(IllegalStateException.class);
     expectedException.expectMessage("Token hash length (256) is longer than the maximum authorized (255)");
 
     new UserTokenDto().setTokenHash(randomAlphabetic(256));
diff --git a/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/GenerateAction.java b/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/GenerateAction.java
index e91812c4000..12e1c7b5e7e 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/GenerateAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/GenerateAction.java
@@ -36,7 +36,6 @@ import org.sonarqube.ws.WsUserTokens.GenerateWsResponse;
 import org.sonarqube.ws.client.usertoken.GenerateWsRequest;
 
 import static java.net.HttpURLConnection.HTTP_INTERNAL_ERROR;
-import static org.sonar.db.user.UserTokenValidator.checkTokenName;
 import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException;
 import static org.sonar.server.ws.WsUtils.checkRequest;
 import static org.sonar.server.ws.WsUtils.writeProtobuf;
@@ -45,6 +44,7 @@ import static org.sonarqube.ws.client.usertoken.UserTokensWsParameters.PARAM_LOG
 import static org.sonarqube.ws.client.usertoken.UserTokensWsParameters.PARAM_NAME;
 
 public class GenerateAction implements UserTokensWsAction {
+  private static final int MAX_TOKEN_NAME_LENGTH = 100;
   private final DbClient dbClient;
   private final UserSession userSession;
   private final System2 system;
@@ -74,6 +74,7 @@ public class GenerateAction implements UserTokensWsAction {
 
     action.createParam(PARAM_NAME)
       .setRequired(true)
+      .setMaximumLength(MAX_TOKEN_NAME_LENGTH)
       .setDescription("Token name")
       .setExampleValue("Project scan on Travis");
   }
@@ -109,7 +110,6 @@ public class GenerateAction implements UserTokensWsAction {
   }
 
   private void checkWsRequest(DbSession dbSession, GenerateWsRequest request) {
-    checkTokenName(request.getName());
     checkLoginExists(dbSession, request);
 
     Optional<UserTokenDto> userTokenDto = dbClient.userTokenDao().selectByLoginAndName(dbSession, request.getLogin(), request.getName());
diff --git a/server/sonar-server/src/test/java/org/sonar/server/usertoken/ws/GenerateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usertoken/ws/GenerateActionTest.java
index 27c0b65fbed..3d305c6c8ad 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/usertoken/ws/GenerateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/usertoken/ws/GenerateActionTest.java
@@ -37,7 +37,6 @@ import org.sonar.server.ws.WsActionTester;
 import org.sonarqube.ws.MediaTypes;
 import org.sonarqube.ws.WsUserTokens.GenerateWsResponse;
 
-import static org.apache.commons.lang.RandomStringUtils.randomAlphabetic;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Matchers.anyString;
 import static org.mockito.Mockito.mock;
@@ -96,16 +95,6 @@ public class GenerateActionTest {
     assertThat(response.getLogin()).isEqualTo(GRACE_HOPPER);
   }
 
-  @Test
-  public void fail_if_name_is_longer_than_100_characters() {
-    logInAsSystemAdministrator();
-
-    expectedException.expect(IllegalArgumentException.class);
-    expectedException.expectMessage("Token name length (101) is longer than the maximum authorized (100)");
-
-    newRequest(GRACE_HOPPER, randomAlphabetic(101));
-  }
-
   @Test
   public void fail_if_login_does_not_exist() {
     logInAsSystemAdministrator();