From: Julien Lancelot <julien.lancelot@sonarsource.com>
Date: Mon, 25 Jan 2016 16:49:40 +0000 (+0100)
Subject: Fix /api/authentication/validate
X-Git-Tag: 5.4-M10~30
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=7c61e9ba37ddd199bc6ae8697c023ff168532bf9;p=sonarqube.git

Fix /api/authentication/validate

authentication_controler was using symbol :user_id instead of string 'user_id' to access to user id from session
---

diff --git a/it/it-tests/src/test/java/it/authorisation/AuthenticationTest.java b/it/it-tests/src/test/java/it/authorisation/AuthenticationTest.java
index 1ed047c08bb..5b390ec9976 100644
--- a/it/it-tests/src/test/java/it/authorisation/AuthenticationTest.java
+++ b/it/it-tests/src/test/java/it/authorisation/AuthenticationTest.java
@@ -30,6 +30,7 @@ import org.junit.BeforeClass;
 import org.junit.ClassRule;
 import org.junit.Ignore;
 import org.junit.Test;
+import org.sonar.wsclient.services.PropertyUpdateQuery;
 import org.sonarqube.ws.WsUserTokens;
 import org.sonarqube.ws.client.GetRequest;
 import org.sonarqube.ws.client.HttpConnector;
@@ -169,6 +170,26 @@ public class AuthenticationTest {
     assertThat(buildResult.isSuccess()).isFalse();
   }
 
+  @Test
+  public void authentication_with_web_service() {
+    assertThat(checkAuthenticationThroughWebService("admin", "admin")).isTrue();
+    assertThat(checkAuthenticationThroughWebService("wrong", "admin")).isFalse();
+    assertThat(checkAuthenticationThroughWebService("admin", "wrong")).isFalse();
+    assertThat(checkAuthenticationThroughWebService(null, null)).isTrue();
+
+    ORCHESTRATOR.getServer().getAdminWsClient().update(new PropertyUpdateQuery("sonar.forceAuthentication", "true"));
+
+    assertThat(checkAuthenticationThroughWebService("admin", "admin")).isTrue();
+    assertThat(checkAuthenticationThroughWebService("wrong", "admin")).isFalse();
+    assertThat(checkAuthenticationThroughWebService("admin", "wrong")).isFalse();
+    assertThat(checkAuthenticationThroughWebService(null, null)).isFalse();
+  }
+
+  private boolean checkAuthenticationThroughWebService(String login, String password) {
+    String result = ORCHESTRATOR.getServer().wsClient(login, password).get("/api/authentication/validate");
+    return result.contains("true");
+  }
+
   private static void createUser(String login, String password) {
     adminWsClient.wsConnector().call(
       new PostRequest("api/users/create")
diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/authentication_controller.rb b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/authentication_controller.rb
index 2429a9b8bcf..5ab761d41b8 100644
--- a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/authentication_controller.rb
+++ b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/authentication_controller.rb
@@ -55,7 +55,7 @@ class Api::AuthenticationController < Api::ApiController
   end
 
   def anonymous?
-    !session.has_key?(:user_id)
+    !session.has_key?('user_id')
   end
 
   def set_cache_buster