From 09f0335614316c665021beca34d2006e0d02ee37 Mon Sep 17 00:00:00 2001 From: Aurelien Poscia Date: Mon, 1 May 2023 08:04:00 +0200 Subject: [PATCH] SONAR-19084 Prevent enabling GitHub provisioning if config is incomplete --- .../org/sonar/auth/github/GitHubSettings.java | 15 +++++++++-- .../sonar/auth/github/GitHubSettingsTest.java | 25 ++++++++++++++++++- 2 files changed, 37 insertions(+), 3 deletions(-) diff --git a/server/sonar-auth-github/src/main/java/org/sonar/auth/github/GitHubSettings.java b/server/sonar-auth-github/src/main/java/org/sonar/auth/github/GitHubSettings.java index d736e1e26eb..25b27bf7284 100644 --- a/server/sonar-auth-github/src/main/java/org/sonar/auth/github/GitHubSettings.java +++ b/server/sonar-auth-github/src/main/java/org/sonar/auth/github/GitHubSettings.java @@ -29,7 +29,9 @@ import org.sonar.api.config.Configuration; import org.sonar.api.config.PropertyDefinition; import org.sonar.server.property.InternalProperties; +import static java.lang.String.format; import static java.lang.String.valueOf; +import static org.apache.commons.lang.StringUtils.isNotBlank; import static org.sonar.api.PropertyType.BOOLEAN; import static org.sonar.api.PropertyType.PASSWORD; import static org.sonar.api.PropertyType.STRING; @@ -59,7 +61,6 @@ public class GitHubSettings { private final InternalProperties internalProperties; - public GitHubSettings(Configuration configuration, InternalProperties internalProperties) { this.configuration = configuration; this.internalProperties = internalProperties; @@ -117,11 +118,21 @@ public class GitHubSettings { public void setProvisioning(boolean enableProvisioning) { if (enableProvisioning) { - checkState(isEnabled(), "GitHub authentication must be enabled to enable GitHub provisioning."); + checkGithubConfigIsCompleteForProvisioning(); } internalProperties.write(PROVISIONING, String.valueOf(enableProvisioning)); } + private void checkGithubConfigIsCompleteForProvisioning() { + checkState(isEnabled(), getErrorMessage("GitHub authentication must be enabled")); + checkState(isNotBlank(appId()), getErrorMessage("Application ID must be provided")); + checkState(isNotBlank(privateKey()), getErrorMessage("Private key must be provided")); + } + + private static String getErrorMessage(String prefix) { + return format("%s to enable GitHub provisioning.", prefix); + } + public boolean isProvisioningEnabled() { return isEnabled() && internalProperties.read(PROVISIONING).map(Boolean::parseBoolean).orElse(false); } diff --git a/server/sonar-auth-github/src/test/java/org/sonar/auth/github/GitHubSettingsTest.java b/server/sonar-auth-github/src/test/java/org/sonar/auth/github/GitHubSettingsTest.java index 6d2ceaabc12..344a85bfc7c 100644 --- a/server/sonar-auth-github/src/test/java/org/sonar/auth/github/GitHubSettingsTest.java +++ b/server/sonar-auth-github/src/test/java/org/sonar/auth/github/GitHubSettingsTest.java @@ -100,11 +100,34 @@ public class GitHubSettingsTest { assertThatIllegalStateException() .isThrownBy(() -> underTest.setProvisioning(true)) .withMessage("GitHub authentication must be enabled to enable GitHub provisioning."); + assertThat(underTest.isProvisioningEnabled()).isFalse(); + } + + @Test + public void setProvisioning_whenPrivateKeyMissing_shouldThrow() { + enableGithubAuthenticationWithGithubApp(); + settings.setProperty("sonar.auth.github.privateKey.secured", ""); + + assertThatIllegalStateException() + .isThrownBy(() -> underTest.setProvisioning(true)) + .withMessage("Private key must be provided to enable GitHub provisioning."); + assertThat(underTest.isProvisioningEnabled()).isFalse(); + } + + @Test + public void setProvisioning_whenAppIdMissing_shouldThrow() { + enableGithubAuthenticationWithGithubApp(); + settings.setProperty("sonar.auth.github.appId", ""); + + assertThatIllegalStateException() + .isThrownBy(() -> underTest.setProvisioning(true)) + .withMessage("Application ID must be provided to enable GitHub provisioning."); + assertThat(underTest.isProvisioningEnabled()).isFalse(); } @Test public void setProvisioning_whenPassedTrue_delegatesToInternalPropertiesWrite() { - enableGithubAuthentication(); + enableGithubAuthenticationWithGithubApp(); underTest.setProvisioning(true); verify(internalProperties).write(GitHubSettings.PROVISIONING, Boolean.TRUE.toString()); } -- 2.39.5