From: Julien Lancelot Date: Mon, 25 Jan 2016 16:49:40 +0000 (+0100) Subject: Fix /api/authentication/validate X-Git-Tag: 5.4-M10~30 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=7c61e9ba37ddd199bc6ae8697c023ff168532bf9;p=sonarqube.git Fix /api/authentication/validate authentication_controler was using symbol :user_id instead of string 'user_id' to access to user id from session --- diff --git a/it/it-tests/src/test/java/it/authorisation/AuthenticationTest.java b/it/it-tests/src/test/java/it/authorisation/AuthenticationTest.java index 1ed047c08bb..5b390ec9976 100644 --- a/it/it-tests/src/test/java/it/authorisation/AuthenticationTest.java +++ b/it/it-tests/src/test/java/it/authorisation/AuthenticationTest.java @@ -30,6 +30,7 @@ import org.junit.BeforeClass; import org.junit.ClassRule; import org.junit.Ignore; import org.junit.Test; +import org.sonar.wsclient.services.PropertyUpdateQuery; import org.sonarqube.ws.WsUserTokens; import org.sonarqube.ws.client.GetRequest; import org.sonarqube.ws.client.HttpConnector; @@ -169,6 +170,26 @@ public class AuthenticationTest { assertThat(buildResult.isSuccess()).isFalse(); } + @Test + public void authentication_with_web_service() { + assertThat(checkAuthenticationThroughWebService("admin", "admin")).isTrue(); + assertThat(checkAuthenticationThroughWebService("wrong", "admin")).isFalse(); + assertThat(checkAuthenticationThroughWebService("admin", "wrong")).isFalse(); + assertThat(checkAuthenticationThroughWebService(null, null)).isTrue(); + + ORCHESTRATOR.getServer().getAdminWsClient().update(new PropertyUpdateQuery("sonar.forceAuthentication", "true")); + + assertThat(checkAuthenticationThroughWebService("admin", "admin")).isTrue(); + assertThat(checkAuthenticationThroughWebService("wrong", "admin")).isFalse(); + assertThat(checkAuthenticationThroughWebService("admin", "wrong")).isFalse(); + assertThat(checkAuthenticationThroughWebService(null, null)).isFalse(); + } + + private boolean checkAuthenticationThroughWebService(String login, String password) { + String result = ORCHESTRATOR.getServer().wsClient(login, password).get("/api/authentication/validate"); + return result.contains("true"); + } + private static void createUser(String login, String password) { adminWsClient.wsConnector().call( new PostRequest("api/users/create") diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/authentication_controller.rb b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/authentication_controller.rb index 2429a9b8bcf..5ab761d41b8 100644 --- a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/authentication_controller.rb +++ b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/authentication_controller.rb @@ -55,7 +55,7 @@ class Api::AuthenticationController < Api::ApiController end def anonymous? - !session.has_key?(:user_id) + !session.has_key?('user_id') end def set_cache_buster