From: Tobias Trabelsi <64127335+tobias-trabelsi-sonarsource@users.noreply.github.com>
Date: Wed, 9 Sep 2020 05:12:24 +0000 (+0200)
Subject: [DOCS] improved documentation about api endpoints
X-Git-Tag: 8.5.0.37579~84
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=4d83ca22b507bf847685bb419873f8cb5ecde866;p=sonarqube.git
[DOCS] improved documentation about api endpoints
---
diff --git a/server/sonar-docs/src/pages/instance-administration/security.md b/server/sonar-docs/src/pages/instance-administration/security.md
index 87b91e7524f..84619a73708 100644
--- a/server/sonar-docs/src/pages/instance-administration/security.md
+++ b/server/sonar-docs/src/pages/instance-administration/security.md
@@ -28,6 +28,50 @@ To force user authentication, log in as a system administrator, go to **[Adminis
[[info]]
| SonarQube does not support sharing email addresses across multiple users.
+### API Endpoints Authentication
+
+If the **Force user authentication** property is set to false, the following API endpoints are accessible **without authentication** (click **API endpoints** below to expand the list):
+
+[[collapse]]
+| ## API endpoints
+|
+| * api/components/search
+| * api/issues/tags
+| * api/languages/list
+| * api/metrics/domains
+| * api/metrics/search
+| * api/metrics/types
+| * api/plugins/installed
+| * api/project_tags/search
+| * api/qualitygates/list
+| * api/qualitygates/search
+| * api/qualitygates/show
+| * api/qualityprofiles/backup
+| * api/qualityprofiles/changelog
+| * api/qualityprofiles/export
+| * api/qualityprofiles/exporters
+| * api/qualityprofiles/importers
+| * api/qualityprofiles/inheritance
+| * api/qualityprofiles/projects
+| * api/qualityprofiles/search
+| * api/rules/repositories
+| * api/rules/search
+| * api/rules/show
+| * api/rules/tags
+| * api/server/version
+| * api/sources/scm (for public repositories)
+| * api/sources/show (for public repositories)
+| * api/system/db_migration_status
+| * api/system/migrate_db
+| * api/system/ping
+| * api/system/status
+| * api/system/upgrades
+| * api/users/search
+| * api/views/run
+| * api/webservices/list
+| * api/webservices/response_example
+
+It is advised to enable **Force user authentication** if you have your SonarQube instance publicly accessible.
### Authentication Mechanisms
Authentication can be managed through a number of mechanisms:
@@ -157,4 +201,3 @@ sonar.jdbc.password={aes}CCGCFg4Xpm6r+PiJb1Swfg== # Encrypted DB password
...
sonar.secretKeyPath=C:/path/to/my/secure/location/my_secret_key.txt
```
-
diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/qualityprofile/ws/ProjectsAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/qualityprofile/ws/ProjectsAction.java
index fa00e7ddf18..1ad0f1691a6 100644
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/qualityprofile/ws/ProjectsAction.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/qualityprofile/ws/ProjectsAction.java
@@ -65,7 +65,8 @@ public class ProjectsAction implements QProfileWsAction {
NewAction action = controller.createAction("projects")
.setSince("5.2")
.setHandler(this)
- .setDescription("List projects with their association status regarding a quality profile")
+ .setDescription("List projects with their association status regarding a quality profile
" +
+ "See api/qualitygates/search in order to get the Quality Gate Profile Key")
.setResponseExample(getClass().getResource("projects-example.json"));
action.setChangelog(
diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/usertoken/ws/SearchAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/usertoken/ws/SearchAction.java
index 23fcdf35184..2abe73025be 100644
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/usertoken/ws/SearchAction.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/usertoken/ws/SearchAction.java
@@ -51,8 +51,9 @@ public class SearchAction implements UserTokensWsAction {
WebService.NewAction action = context.createAction(ACTION_SEARCH)
.setDescription("List the access tokens of a user.
" +
"The login must exist and active.
" +
- "Field 'lastConnectionDate' is only updated every hour, so it may not be accurate, for instance when a user is using a token many times in less than one hour.
" +
+ "It requires administration permissions to specify a 'login' and list the tokens of another user. Otherwise, tokens for the current user are listed.
" +
+ "Authentication is required for this API endpoint")
.setChangelog(new Change("7.7", "New field 'lastConnectionDate' is added to response"))
.setResponseExample(getClass().getResource("search-example.json"))
.setSince("5.3")