From: Wouter Admiraal <wouter.admiraal@sonarsource.com>
Date: Thu, 1 Feb 2024 09:53:08 +0000 (+0100)
Subject: SONAR-21559 Fix SSF-553
X-Git-Tag: 10.4.0.87286~19
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=48f43d6a3bf9bbd7c9b58eb5cde635572184ad01;p=sonarqube.git

SONAR-21559 Fix SSF-553
---

diff --git a/server/sonar-web/src/main/js/api/settings.ts b/server/sonar-web/src/main/js/api/settings.ts
index e29a51753bd..21063ea2c93 100644
--- a/server/sonar-web/src/main/js/api/settings.ts
+++ b/server/sonar-web/src/main/js/api/settings.ts
@@ -20,7 +20,7 @@
 import { omitBy } from 'lodash';
 import { isCategoryDefinition } from '../apps/settings/utils';
 import { throwGlobalError } from '../helpers/error';
-import { getJSON, post, RequestData } from '../helpers/request';
+import { getJSON, post, postJSON, RequestData } from '../helpers/request';
 import { BranchParameters } from '../types/branch-like';
 import {
   ExtendedSettingDefinition,
@@ -110,7 +110,7 @@ export function generateSecretKey(): Promise<{ secretKey: string }> {
 }
 
 export function encryptValue(value: string): Promise<{ encryptedValue: string }> {
-  return getJSON('/api/settings/encrypt', { value }).catch(throwGlobalError);
+  return postJSON('/api/settings/encrypt', { value }).catch(throwGlobalError);
 }
 
 export function getLoginMessage(): Promise<{ message: string }> {
diff --git a/server/sonar-webserver-webapi/src/it/java/org/sonar/server/setting/ws/EncryptActionIT.java b/server/sonar-webserver-webapi/src/it/java/org/sonar/server/setting/ws/EncryptActionIT.java
index 5a429b29177..5ab5b341587 100644
--- a/server/sonar-webserver-webapi/src/it/java/org/sonar/server/setting/ws/EncryptActionIT.java
+++ b/server/sonar-webserver-webapi/src/it/java/org/sonar/server/setting/ws/EncryptActionIT.java
@@ -76,7 +76,7 @@ public class EncryptActionIT {
     WebService.Action definition = ws.getDef();
 
     assertThat(definition.key()).isEqualTo("encrypt");
-    assertThat(definition.isPost()).isFalse();
+    assertThat(definition.isPost()).isTrue();
     assertThat(definition.isInternal()).isTrue();
     assertThat(definition.responseExampleAsString()).isNotEmpty();
     assertThat(definition.params()).hasSize(1);
diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/setting/ws/EncryptAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/setting/ws/EncryptAction.java
index 863eaef4e04..b77c4738f2e 100644
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/setting/ws/EncryptAction.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/setting/ws/EncryptAction.java
@@ -21,6 +21,7 @@ package org.sonar.server.setting.ws;
 
 import org.sonar.api.config.internal.Encryption;
 import org.sonar.api.config.internal.Settings;
+import org.sonar.api.server.ws.Change;
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.Response;
 import org.sonar.api.server.ws.WebService;
@@ -46,9 +47,11 @@ public class EncryptAction implements SettingsWsAction {
       .setDescription("Encrypt a setting value.<br>" +
         "Requires 'Administer System' permission.")
       .setSince("6.1")
+      .setPost(true)
       .setHandler(this)
       .setInternal(true)
-      .setResponseExample(getClass().getResource("encrypt-example.json"));
+      .setResponseExample(getClass().getResource("encrypt-example.json"))
+      .setChangelog(new Change("10.4", "Move from GET to POST."));
 
     action.createParam(PARAM_VALUE)
       .setRequired(true)