From: Eric Hartmann Date: Thu, 12 Apr 2018 16:31:48 +0000 (+0200) Subject: Revert "SONAR-6949 Increase crypted password size" X-Git-Tag: 7.5~1362 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=3cc3a8e9e2c7e9b891db4b4a7486e67243186e3a;p=sonarqube.git Revert "SONAR-6949 Increase crypted password size" This reverts commit 8e3729ab43842b5f23c431afdd5153c75530aa1d. --- diff --git a/build.gradle b/build.gradle index 600c7e8ca26..15751f75c65 100644 --- a/build.gradle +++ b/build.gradle @@ -186,7 +186,6 @@ subprojects { } dependency 'org.freemarker:freemarker:2.3.20' dependency 'org.hamcrest:hamcrest-all:1.3' - dependency 'org.mindrot:jbcrypt:0.4' dependency('org.mockito:mockito-core:2.15.0') { exclude 'org.hamcrest:hamcrest-core' } diff --git a/server/sonar-ce/src/test/java/org/sonar/ce/container/ComputeEngineContainerImplTest.java b/server/sonar-ce/src/test/java/org/sonar/ce/container/ComputeEngineContainerImplTest.java index 158f9ebe545..9c883ed7ae8 100644 --- a/server/sonar-ce/src/test/java/org/sonar/ce/container/ComputeEngineContainerImplTest.java +++ b/server/sonar-ce/src/test/java/org/sonar/ce/container/ComputeEngineContainerImplTest.java @@ -112,7 +112,7 @@ public class ComputeEngineContainerImplTest { ); assertThat(picoContainer.getParent().getParent().getComponentAdapters()).hasSize( CONTAINER_ITSELF - + 16 // MigrationConfigurationModule + + 15 // MigrationConfigurationModule + 17 // level 2 ); assertThat(picoContainer.getParent().getParent().getParent().getComponentAdapters()).hasSize( diff --git a/server/sonar-db-core/src/main/resources/org/sonar/db/version/schema-h2.ddl b/server/sonar-db-core/src/main/resources/org/sonar/db/version/schema-h2.ddl index 52eb5bea34e..961ca45a144 100644 --- a/server/sonar-db-core/src/main/resources/org/sonar/db/version/schema-h2.ddl +++ b/server/sonar-db-core/src/main/resources/org/sonar/db/version/schema-h2.ddl @@ -461,7 +461,7 @@ CREATE TABLE "USERS" ( "LOGIN" VARCHAR(255), "NAME" VARCHAR(200), "EMAIL" VARCHAR(100), - "CRYPTED_PASSWORD" VARCHAR(100), + "CRYPTED_PASSWORD" VARCHAR(40), "SALT" VARCHAR(40), "ACTIVE" BOOLEAN DEFAULT TRUE, "SCM_ACCOUNTS" VARCHAR(4000), diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/MigrationConfigurationModule.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/MigrationConfigurationModule.java index 7cba424fbe4..cf0d2d94bec 100644 --- a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/MigrationConfigurationModule.java +++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/MigrationConfigurationModule.java @@ -35,7 +35,6 @@ import org.sonar.server.platform.db.migration.version.v66.DbVersion66; import org.sonar.server.platform.db.migration.version.v67.DbVersion67; import org.sonar.server.platform.db.migration.version.v70.DbVersion70; import org.sonar.server.platform.db.migration.version.v71.DbVersion71; -import org.sonar.server.platform.db.migration.version.v72.DbVersion72; public class MigrationConfigurationModule extends Module { @Override @@ -54,7 +53,6 @@ public class MigrationConfigurationModule extends Module { DbVersion67.class, DbVersion70.class, DbVersion71.class, - DbVersion72.class, // migration steps MigrationStepRegistryImpl.class, diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v72/DbVersion72.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v72/DbVersion72.java deleted file mode 100644 index 6d42c8fb30d..00000000000 --- a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v72/DbVersion72.java +++ /dev/null @@ -1,33 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2018 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.server.platform.db.migration.version.v72; - -import org.sonar.server.platform.db.migration.step.MigrationStepRegistry; -import org.sonar.server.platform.db.migration.version.DbVersion; - -public class DbVersion72 implements DbVersion { - - @Override - public void addSteps(MigrationStepRegistry registry) { - registry - .add(2100, "Increase size of CRYPTED_PASSWORD", IncreaseCryptedPasswordSize.class) - ; - } -} diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v72/IncreaseCryptedPasswordSize.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v72/IncreaseCryptedPasswordSize.java deleted file mode 100644 index 4e09ef81c14..00000000000 --- a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v72/IncreaseCryptedPasswordSize.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2018 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.server.platform.db.migration.version.v72; - -import java.sql.SQLException; -import org.sonar.db.Database; -import org.sonar.server.platform.db.migration.sql.AlterColumnsBuilder; -import org.sonar.server.platform.db.migration.step.DdlChange; - -import static org.sonar.server.platform.db.migration.def.VarcharColumnDef.newVarcharColumnDefBuilder; - -public class IncreaseCryptedPasswordSize extends DdlChange { - private static final String TABLE_NAME = "users"; - - public IncreaseCryptedPasswordSize(Database db) { - super(db); - } - - @Override - public void execute(Context context) throws SQLException { - context.execute(new AlterColumnsBuilder(getDialect(), TABLE_NAME) - .updateColumn(newVarcharColumnDefBuilder() - .setColumnName("crypted_password") - .setLimit(100) - .build()) - .build()); - } -} diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v72/package-info.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v72/package-info.java deleted file mode 100644 index c29969daa67..00000000000 --- a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v72/package-info.java +++ /dev/null @@ -1,24 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2018 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -@ParametersAreNonnullByDefault -package org.sonar.server.platform.db.migration.version.v72; - -import javax.annotation.ParametersAreNonnullByDefault; - diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/MigrationConfigurationModuleTest.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/MigrationConfigurationModuleTest.java index 03db8bf6e46..29059e5f75e 100644 --- a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/MigrationConfigurationModuleTest.java +++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/MigrationConfigurationModuleTest.java @@ -37,7 +37,7 @@ public class MigrationConfigurationModuleTest { assertThat(container.getPicoContainer().getComponentAdapters()) .hasSize(COMPONENTS_IN_EMPTY_COMPONENT_CONTAINER // DbVersion classes - + 13 + + 12 // Others + 3); } diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v72/DbVersion72Test.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v72/DbVersion72Test.java deleted file mode 100644 index 9b870fe4912..00000000000 --- a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v72/DbVersion72Test.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2018 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.server.platform.db.migration.version.v72; - -import org.junit.Test; - -import static org.sonar.server.platform.db.migration.version.DbVersionTestUtils.verifyMigrationCount; -import static org.sonar.server.platform.db.migration.version.DbVersionTestUtils.verifyMinimumMigrationNumber; - -public class DbVersion72Test { - private DbVersion72 underTest = new DbVersion72(); - - @Test - public void migrationNumber_starts_at_2100() { - verifyMinimumMigrationNumber(underTest, 2100); - } - - @Test - public void verify_migration_count() { - verifyMigrationCount(underTest, 1); - } - -} diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v72/IncreaseCryptedPasswordSizeTest.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v72/IncreaseCryptedPasswordSizeTest.java deleted file mode 100644 index 455c0a25835..00000000000 --- a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v72/IncreaseCryptedPasswordSizeTest.java +++ /dev/null @@ -1,63 +0,0 @@ -package org.sonar.server.platform.db.migration.version.v72;/* - * SonarQube - * Copyright (C) 2009-2018 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ - -import java.sql.SQLException; -import org.junit.Rule; -import org.junit.Test; -import org.junit.rules.ExpectedException; -import org.mindrot.jbcrypt.BCrypt; -import org.sonar.db.CoreDbTester; - -import static org.assertj.core.api.Assertions.assertThat; - -public class IncreaseCryptedPasswordSizeTest { - private static final String TABLE_NAME = "users"; - - @Rule - public CoreDbTester db = CoreDbTester.createForSchema(IncreaseCryptedPasswordSizeTest.class, "users.sql"); - @Rule - public ExpectedException expectedException = ExpectedException.none(); - - private IncreaseCryptedPasswordSize underTest = new IncreaseCryptedPasswordSize(db.database()); - - @Test - public void cannot_insert_crypted_password() { - expectedException.expect(IllegalStateException.class); - - insertRow(); - } - - @Test - public void can_insert_crypted_password_after_execute() throws SQLException { - underTest.execute(); - assertThat(db.countRowsOfTable(TABLE_NAME)).isEqualTo(0); - insertRow(); - assertThat(db.countRowsOfTable(TABLE_NAME)).isEqualTo(1); - } - - private void insertRow() { - db.executeInsert( - "USERS", - "CRYPTED_PASSWORD", BCrypt.hashpw("a", BCrypt.gensalt()), - "IS_ROOT", false, - "ONBOARDED", false); - } - -} diff --git a/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v72/IncreaseCryptedPasswordSizeTest/users.sql b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v72/IncreaseCryptedPasswordSizeTest/users.sql deleted file mode 100644 index 3cf041df7dc..00000000000 --- a/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v72/IncreaseCryptedPasswordSizeTest/users.sql +++ /dev/null @@ -1,21 +0,0 @@ -CREATE TABLE "USERS" ( - "ID" INTEGER NOT NULL GENERATED BY DEFAULT AS IDENTITY (START WITH 1, INCREMENT BY 1), - "LOGIN" VARCHAR(255), - "NAME" VARCHAR(200), - "EMAIL" VARCHAR(100), - "CRYPTED_PASSWORD" VARCHAR(40), - "SALT" VARCHAR(40), - "ACTIVE" BOOLEAN DEFAULT TRUE, - "SCM_ACCOUNTS" VARCHAR(4000), - "EXTERNAL_IDENTITY" VARCHAR(255), - "EXTERNAL_IDENTITY_PROVIDER" VARCHAR(100), - "IS_ROOT" BOOLEAN NOT NULL, - "USER_LOCAL" BOOLEAN, - "ONBOARDED" BOOLEAN NOT NULL, - "CREATED_AT" BIGINT, - "UPDATED_AT" BIGINT, - "HOMEPAGE_TYPE" VARCHAR(40), - "HOMEPAGE_PARAMETER" VARCHAR(40) -); -CREATE UNIQUE INDEX "USERS_LOGIN" ON "USERS" ("LOGIN"); -CREATE INDEX "USERS_UPDATED_AT" ON "USERS" ("UPDATED_AT"); diff --git a/sonar-core/build.gradle b/sonar-core/build.gradle index cecce8b43fd..a2d0f1bb189 100644 --- a/sonar-core/build.gradle +++ b/sonar-core/build.gradle @@ -20,7 +20,6 @@ dependencies { compile 'org.picocontainer:picocontainer' compile 'org.slf4j:slf4j-api' compile 'org.sonarsource.update-center:sonar-update-center-common' - compile 'org.mindrot:jbcrypt' compile project(path: ':sonar-plugin-api', configuration: 'shadow') compileOnly 'com.google.code.findbugs:jsr305'