From: Julien Lancelot Date: Thu, 19 Jan 2017 07:53:37 +0000 (+0100) Subject: SONAR-5270 Delete WS api/user_properties X-Git-Tag: 6.3-RC1~431 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=be3c44f0e5ee70717fe8ab1c7d7c20c29ed82975;p=sonarqube.git SONAR-5270 Delete WS api/user_properties As this is a public WS, the action is still declared but the response code will always be 410 --- diff --git a/it/it-tests/src/test/java/it/user/RealmAuthenticationTest.java b/it/it-tests/src/test/java/it/user/RealmAuthenticationTest.java index f87b12e6f10..504842ce2c5 100644 --- a/it/it-tests/src/test/java/it/user/RealmAuthenticationTest.java +++ b/it/it-tests/src/test/java/it/user/RealmAuthenticationTest.java @@ -1,4 +1,4 @@ - /* +/* * SonarQube * Copyright (C) 2009-2016 SonarSource SA * mailto:contact AT sonarsource DOT com @@ -23,7 +23,6 @@ import com.google.common.collect.ImmutableMap; import com.google.common.collect.Maps; import com.sonar.orchestrator.Orchestrator; import java.util.Map; -import java.util.Objects; import javax.annotation.CheckForNull; import org.apache.commons.lang.RandomStringUtils; import org.junit.After; @@ -35,11 +34,8 @@ import org.junit.rules.ExpectedException; import org.sonar.wsclient.Host; import org.sonar.wsclient.Sonar; import org.sonar.wsclient.base.HttpException; -import org.sonar.wsclient.connectors.ConnectionException; import org.sonar.wsclient.connectors.HttpClient4Connector; import org.sonar.wsclient.services.AuthenticationQuery; -import org.sonar.wsclient.services.UserPropertyCreateQuery; -import org.sonar.wsclient.services.UserPropertyQuery; import org.sonar.wsclient.user.UserParameters; import org.sonarqube.ws.client.GetRequest; import org.sonarqube.ws.client.HttpConnector; @@ -73,8 +69,6 @@ public class RealmAuthenticationTest { * Property from security-plugin for user management. */ private static final String USERS_PROPERTY = "sonar.fakeauthenticator.users"; - private static String AUTHORIZED = "authorized"; - private static String NOT_AUTHORIZED = "not authorized"; @ClassRule public static final Orchestrator orchestrator = Orchestrator.builderEnv() @@ -112,7 +106,8 @@ public class RealmAuthenticationTest { users.put(username + ".groups", "sonar-user"); updateUsersInExtAuth(users); // Then - assertThat(loginAttempt(username, password)).isEqualTo(AUTHORIZED); + verifyAuthenticationIsOk(username, password); + // with external details and groups runSelenese(orchestrator, "/user/ExternalAuthenticationTest/external-user-details.html"); @@ -137,7 +132,8 @@ public class RealmAuthenticationTest { users.put(username + ".groups", "sonar-user"); updateUsersInExtAuth(users); // Then - assertThat(loginAttempt(username, password)).isEqualTo(AUTHORIZED); + verifyAuthenticationIsOk(username, password); + // with external details and groups // TODO replace by WS ? Or with new Selenese utils runSelenese(orchestrator, "/user/ExternalAuthenticationTest/external-user-details.html"); @@ -147,7 +143,8 @@ public class RealmAuthenticationTest { users.put(username + ".email", "tester2@example.org"); updateUsersInExtAuth(users); // Then - assertThat(loginAttempt(username, password)).isEqualTo(AUTHORIZED); + verifyAuthenticationIsOk(username, password); + // with external details and groups updated runSelenese(orchestrator, "/user/ExternalAuthenticationTest/external-user-details2.html"); } @@ -166,13 +163,14 @@ public class RealmAuthenticationTest { users.put(login + ".password", password); updateUsersInExtAuth(users); // Then - assertThat(loginAttempt(login, password)).isEqualTo(AUTHORIZED); + verifyAuthenticationIsOk(login, password); + // When external system does not work users.remove(login + ".password"); updateUsersInExtAuth(users); // Then - assertThat(loginAttempt(login, password)).isEqualTo(NOT_AUTHORIZED); + verifyAuthenticationIsNotOk(login, password); } /** @@ -191,8 +189,8 @@ public class RealmAuthenticationTest { updateUsersInExtAuth(users); // Then this is local DB that should be used - assertThat(loginAttempt(login, remotePassword)).isEqualTo(NOT_AUTHORIZED); - assertThat(loginAttempt(login, localPassword)).isEqualTo(AUTHORIZED); + verifyAuthenticationIsNotOk(login, remotePassword); + verifyAuthenticationIsOk(login, localPassword); } /** @@ -207,14 +205,14 @@ public class RealmAuthenticationTest { // When user not exists in external system // Then - assertThat(loginAttempt(username, password)).isEqualTo(NOT_AUTHORIZED); + verifyAuthenticationIsNotOk(username, password); // When user created in external system users.put(username + ".password", password); updateUsersInExtAuth(users); // Then - assertThat(loginAttempt(username, password)).isEqualTo(AUTHORIZED); - assertThat(loginAttempt(username, "wrong")).isEqualTo(NOT_AUTHORIZED); + verifyAuthenticationIsOk(username, password); + verifyAuthenticationIsNotOk(username, "wrong"); } /** @@ -232,13 +230,13 @@ public class RealmAuthenticationTest { // When user not exists in external system // Then - assertThat(loginAttempt(username, password)).isEqualTo(NOT_AUTHORIZED); + verifyAuthenticationIsNotOk(username, password); // When user created in external system users.put(username + ".password", password); updateUsersInExtAuth(users); // Then - assertThat(loginAttempt(username, password)).isEqualTo(NOT_AUTHORIZED); + verifyAuthenticationIsNotOk(username, password); } // SONAR-3258 @@ -256,7 +254,7 @@ public class RealmAuthenticationTest { users.put(login + ".password", password); updateUsersInExtAuth(users); // check that the deleted/deactivated user "tester" has been reactivated and can now log in - assertThat(loginAttempt(login, password)).isEqualTo(AUTHORIZED); + verifyAuthenticationIsOk(login, password); } /** @@ -266,7 +264,7 @@ public class RealmAuthenticationTest { public void update_password_of_technical_user() throws Exception { // Create user in external authentication updateUsersInExtAuth(ImmutableMap.of(USER_LOGIN + ".password", USER_LOGIN)); - assertThat(loginAttempt(USER_LOGIN, USER_LOGIN)).isEqualTo(AUTHORIZED); + verifyAuthenticationIsOk(USER_LOGIN, USER_LOGIN); // Create technical user in db createUserInDb(TECH_USER, "old_password"); @@ -299,19 +297,19 @@ public class RealmAuthenticationTest { users.put(login + ".password", password); updateUsersInExtAuth(users); - assertThat(checkAuthenticationWithWebService(login, password).code()).isEqualTo(HTTP_OK); - assertThat(checkAuthenticationWithWebService("wrong", password).code()).isEqualTo(HTTP_UNAUTHORIZED); - assertThat(checkAuthenticationWithWebService(login, "wrong").code()).isEqualTo(HTTP_UNAUTHORIZED); - assertThat(checkAuthenticationWithWebService(login, null).code()).isEqualTo(HTTP_UNAUTHORIZED); - assertThat(checkAuthenticationWithWebService(null, null).code()).isEqualTo(HTTP_OK); + verifyAuthenticationIsOk(login, password); + verifyAuthenticationIsNotOk("wrong", password); + verifyAuthenticationIsNotOk(login, "wrong"); + verifyAuthenticationIsNotOk(login, null); + verifyAuthenticationIsOk(null, null); setServerProperty(orchestrator, "sonar.forceAuthentication", "true"); - assertThat(checkAuthenticationWithWebService(login, password).code()).isEqualTo(HTTP_OK); - assertThat(checkAuthenticationWithWebService("wrong", password).code()).isEqualTo(HTTP_UNAUTHORIZED); - assertThat(checkAuthenticationWithWebService(login, "wrong").code()).isEqualTo(HTTP_UNAUTHORIZED); - assertThat(checkAuthenticationWithWebService(login, null).code()).isEqualTo(HTTP_UNAUTHORIZED); - assertThat(checkAuthenticationWithWebService(null, null).code()).isEqualTo(HTTP_UNAUTHORIZED); + verifyAuthenticationIsOk(login, password); + verifyAuthenticationIsNotOk("wrong", password); + verifyAuthenticationIsNotOk(login, "wrong"); + verifyAuthenticationIsNotOk(login, null); + verifyAuthenticationIsNotOk(null, null); } @Test @@ -320,7 +318,8 @@ public class RealmAuthenticationTest { String password = "1234567"; updateUsersInExtAuth(ImmutableMap.of(username + ".password", password)); - assertThat(loginAttempt(username, password)).isEqualTo(AUTHORIZED); + verifyAuthenticationIsOk(username, password); + ; } protected void verifyHttpException(Exception e, int expectedCode) { @@ -333,32 +332,6 @@ public class RealmAuthenticationTest { return createWsClient(login, password).find(new AuthenticationQuery()).isValid(); } - /** - * Utility method to check that user can be authorized. - * - * @throws IllegalStateException - */ - private String loginAttempt(String username, String password) { - String expectedValue = Long.toString(System.currentTimeMillis()); - Sonar wsClient = createWsClient(username, password); - try { - wsClient.create(new UserPropertyCreateQuery("auth", expectedValue)); - } catch (ConnectionException e) { - return NOT_AUTHORIZED; - } - try { - String value = wsClient.find(new UserPropertyQuery("auth")).getValue(); - if (!Objects.equals(value, expectedValue)) { - // exceptional case - update+retrieval were successful, but value doesn't match - throw new IllegalStateException("Expected " + expectedValue + " , but got " + value); - } - } catch (ConnectionException e) { - // exceptional case - update was successful, but not retrieval - throw new IllegalStateException(e); - } - return AUTHORIZED; - } - /** * Updates information about users in security-plugin. */ @@ -395,6 +368,14 @@ public class RealmAuthenticationTest { return sb.toString(); } + private void verifyAuthenticationIsOk(String login, String password) { + assertThat(checkAuthenticationWithWebService(login, password).code()).isEqualTo(HTTP_OK); + } + + private void verifyAuthenticationIsNotOk(String login, String password) { + assertThat(checkAuthenticationWithWebService(login, password).code()).isEqualTo(HTTP_UNAUTHORIZED); + } + private WsResponse checkAuthenticationWithWebService(String login, String password) { WsClient wsClient = WsClientFactories.getDefault().newClient(HttpConnector.newBuilder().url(orchestrator.getServer().getUrl()).credentials(login, password).build()); // Call any WS diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ws/UserPropertiesWs.java b/server/sonar-server/src/main/java/org/sonar/server/user/ws/UserPropertiesWs.java index e4ce7ce692c..0caad8934e6 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ws/UserPropertiesWs.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ws/UserPropertiesWs.java @@ -20,30 +20,26 @@ package org.sonar.server.user.ws; import org.sonar.api.server.ws.WebService; - -import static org.sonar.api.server.ws.RailsHandler.INSTANCE; -import static org.sonar.api.server.ws.RailsHandler.addFormatParam; +import org.sonar.server.ws.RemovedWebServiceHandler; public class UserPropertiesWs implements WebService { @Override public void define(Context context) { NewController controller = context.createController("api/user_properties"); - controller.setDescription("Manage user properties."); + controller.setDescription("Removed since 6.3, please use api/favorites and api/notifications instead"); controller.setSince("2.6"); - defineIndexAction(controller); - controller.done(); } private void defineIndexAction(NewController controller) { - NewAction action = controller.createAction("index") - .setDescription("Documentation of this web service is available here") + controller.createAction("index") + .setDescription("This web service is removed") .setSince("2.6") + .setDeprecatedSince("6.3") .setResponseExample(getClass().getResource("user_properties-index-example.xml")) - .setHandler(INSTANCE); - addFormatParam(action); + .setHandler(RemovedWebServiceHandler.INSTANCE); } } diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/user_properties_controller.rb b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/user_properties_controller.rb deleted file mode 100644 index 1138ee241f8..00000000000 --- a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/user_properties_controller.rb +++ /dev/null @@ -1,117 +0,0 @@ -# -# SonarQube, open source software quality management tool. -# Copyright (C) 2008-2016 SonarSource -# mailto:contact AT sonarsource DOT com -# -# SonarQube is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; either -# version 3 of the License, or (at your option) any later version. -# -# SonarQube is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public License -# along with this program; if not, write to the Free Software Foundation, -# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# - -require 'json' - -class Api::UserPropertiesController < Api::ApiController - - before_filter :login_required - - - # - # GET /api/user_properties - # curl http://localhost:9000/api/user_properties -v -u admin:admin - # - def index - properties = current_user.properties - respond_to do |format| - format.json { render :json => jsonp(properties_to_json(properties)) } - format.xml { render :xml => properties_to_xml(properties) } - format.text { render :text => text_not_supported } - end - end - - # - # GET /api/user_properties/ - # curl http://localhost:9000/api/user_properties/ -v -u admin:admin - # - def show - property = Property.by_key(params[:id], nil, current_user.id) - if property - respond_to do |format| - format.json { render :json => jsonp(properties_to_json([property])) } - format.xml { render :xml => properties_to_xml([property]) } - format.text { render :text => text_not_supported } - end - else - render_error('Not found', 404) - end - end - - - # - # POST /api/user_properties?key=&value= - # curl -d "key=foo&value=bar" http://localhost:9000/api/user_properties -v -u admin:admin - # - def create - key = params[:key] - value = params[:value] - if key - begin - property=Property.set(key, value, nil, current_user.id) - respond_to do |format| - format.json { render :json => jsonp(properties_to_json([property])) } - format.xml { render :xml => properties_to_xml([property]) } - format.text { render :text => text_not_supported } - end - - rescue Exception => e - render_error(e.message, 500) - end - else - render_error('Bad request: missing key', 400) - end - end - - # - # DELETE /api/user_properties/ - # curl -X DELETE http://localhost:9000/api/user_properties/ -v -u admin:admin - # - def destroy - begin - if params[:id] - Api::Utils.java_facade.saveProperty(params[:id], nil, current_user.id, nil) - end - render_success("Property deleted") - rescue Exception => e - logger.error("Fails to execute #{request.url} : #{e.message}") - render_error(e.message) - end - end - - private - - def properties_to_json(properties=[]) - json=[] - properties.each do |p| - json< 0)) - xml.properties do - properties.each do |p| - p.to_xml(xml) - end - end - end - -end diff --git a/server/sonar-web/src/main/webapp/WEB-INF/config/routes.rb b/server/sonar-web/src/main/webapp/WEB-INF/config/routes.rb index db15069fc6c..06242b629d2 100644 --- a/server/sonar-web/src/main/webapp/WEB-INF/config/routes.rb +++ b/server/sonar-web/src/main/webapp/WEB-INF/config/routes.rb @@ -1,6 +1,5 @@ ActionController::Routing::Routes.draw do |map| map.namespace :api do |api| - api.resources :user_properties, :only => [:index, :show, :create, :destroy], :requirements => { :id => /.*/ } api.resources :projects, :only => [:index], :requirements => { :id => /.*/ } end