From 1025c620d71f5ba1a908852dcfee9f0b2ec7d8c6 Mon Sep 17 00:00:00 2001 From: David Gageot Date: Mon, 10 Sep 2012 17:02:34 +0200 Subject: [PATCH] SONAR-3776 Provide a WS Api to validate a user's login/password --- .../api/authentication_controller.rb | 61 +++++++++++++++++++ sonar-ws-client/pom.xml | 5 ++ .../wsclient/services/Authentication.java | 33 ++++++++++ .../services/AuthenticationQuery.java | 34 +++++++++++ .../AuthenticationUnmarshaller.java | 39 ++++++++++++ .../wsclient/unmarshallers/Unmarshallers.java | 21 ++++++- .../services/AuthenticationQueryTest.java | 34 +++++++++++ .../wsclient/services/AuthenticationTest.java | 33 ++++++++++ .../AuthenticationUnmarshallerTest.java | 41 +++++++++++++ .../authentication_invalid.json | 1 + .../authentication/authentication_valid.json | 1 + 11 files changed, 302 insertions(+), 1 deletion(-) create mode 100644 sonar-server/src/main/webapp/WEB-INF/app/controllers/api/authentication_controller.rb create mode 100644 sonar-ws-client/src/main/java/org/sonar/wsclient/services/Authentication.java create mode 100644 sonar-ws-client/src/main/java/org/sonar/wsclient/services/AuthenticationQuery.java create mode 100644 sonar-ws-client/src/main/java/org/sonar/wsclient/unmarshallers/AuthenticationUnmarshaller.java create mode 100644 sonar-ws-client/src/test/java/org/sonar/wsclient/services/AuthenticationQueryTest.java create mode 100644 sonar-ws-client/src/test/java/org/sonar/wsclient/services/AuthenticationTest.java create mode 100644 sonar-ws-client/src/test/java/org/sonar/wsclient/unmarshallers/AuthenticationUnmarshallerTest.java create mode 100644 sonar-ws-client/src/test/resources/authentication/authentication_invalid.json create mode 100644 sonar-ws-client/src/test/resources/authentication/authentication_valid.json diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/authentication_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/authentication_controller.rb new file mode 100644 index 00000000000..fdc47c440fd --- /dev/null +++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/authentication_controller.rb @@ -0,0 +1,61 @@ +# +# Sonar, open source software quality management tool. +# Copyright (C) 2008-2012 SonarSource +# mailto:contact AT sonarsource DOT com +# +# Sonar is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 3 of the License, or (at your option) any later version. +# +# Sonar is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with Sonar; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02 +# +class Api::AuthenticationController < Api::ApiController + skip_before_filter :check_authentication + + # prevent HTTP proxies from caching authentication status + before_filter :set_cache_buster, :only => 'index' + + # + # GET /api/authentication/index + # curl http://localhost:9000/api/authentication/index -v -u admin:admin + # + def index + hash={:valid => valid?} + + respond_to do |format| + format.json { render :json => jsonp(hash) } + format.xml { render :xml => hash.to_xml(:skip_types => true, :root => 'authentication') } + format.text { render :text => text_not_supported } + end + end + + private + + def valid? + logged_in? || (!force_authentication? && anonymous?) + end + + def force_authentication? + property = Property.find(:first, :conditions => {:prop_key => org.sonar.api.CoreProperties.CORE_FORCE_AUTHENTICATION_PROPERTY, :resource_id => nil, :user_id => nil}) + property ? property.value == 'true' : false + end + + def anonymous? + !session.has_key?(:user_id) + end + + def set_cache_buster + response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate" + response.headers["Pragma"] = "no-cache" + response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT" + end + +end diff --git a/sonar-ws-client/pom.xml b/sonar-ws-client/pom.xml index 25980be3f84..3a00bb5fd35 100644 --- a/sonar-ws-client/pom.xml +++ b/sonar-ws-client/pom.xml @@ -86,5 +86,10 @@ 6.1.6 test + + org.easytesting + fest-assert + test + diff --git a/sonar-ws-client/src/main/java/org/sonar/wsclient/services/Authentication.java b/sonar-ws-client/src/main/java/org/sonar/wsclient/services/Authentication.java new file mode 100644 index 00000000000..2e2d662a208 --- /dev/null +++ b/sonar-ws-client/src/main/java/org/sonar/wsclient/services/Authentication.java @@ -0,0 +1,33 @@ +/* + * Sonar, open source software quality management tool. + * Copyright (C) 2008-2012 SonarSource + * mailto:contact AT sonarsource DOT com + * + * Sonar is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * Sonar is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with Sonar; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02 + */ +package org.sonar.wsclient.services; + +public class Authentication extends Model { + private boolean valid; + + public boolean isValid() { + return valid; + } + + public Authentication setValid(boolean valid) { + this.valid = valid; + return this; + } +} diff --git a/sonar-ws-client/src/main/java/org/sonar/wsclient/services/AuthenticationQuery.java b/sonar-ws-client/src/main/java/org/sonar/wsclient/services/AuthenticationQuery.java new file mode 100644 index 00000000000..5d4fcf4ab24 --- /dev/null +++ b/sonar-ws-client/src/main/java/org/sonar/wsclient/services/AuthenticationQuery.java @@ -0,0 +1,34 @@ +/* + * Sonar, open source software quality management tool. + * Copyright (C) 2008-2012 SonarSource + * mailto:contact AT sonarsource DOT com + * + * Sonar is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * Sonar is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with Sonar; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02 + */ +package org.sonar.wsclient.services; + +public class AuthenticationQuery extends Query { + public static final String BASE_URL = "/api/authentication/index"; + + @Override + public String getUrl() { + return BASE_URL; + } + + @Override + public Class getModelClass() { + return Authentication.class; + } +} diff --git a/sonar-ws-client/src/main/java/org/sonar/wsclient/unmarshallers/AuthenticationUnmarshaller.java b/sonar-ws-client/src/main/java/org/sonar/wsclient/unmarshallers/AuthenticationUnmarshaller.java new file mode 100644 index 00000000000..31c1ad8e548 --- /dev/null +++ b/sonar-ws-client/src/main/java/org/sonar/wsclient/unmarshallers/AuthenticationUnmarshaller.java @@ -0,0 +1,39 @@ +/* + * Sonar, open source software quality management tool. + * Copyright (C) 2008-2012 SonarSource + * mailto:contact AT sonarsource DOT com + * + * Sonar is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * Sonar is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with Sonar; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02 + */ +package org.sonar.wsclient.unmarshallers; + +import org.sonar.wsclient.services.Authentication; +import org.sonar.wsclient.services.WSUtils; + +import java.util.List; + +public class AuthenticationUnmarshaller implements Unmarshaller { + public Authentication toModel(String json) { + WSUtils utils = WSUtils.getINSTANCE(); + Object map = utils.parse(json); + + return new Authentication() + .setValid(utils.getBoolean(map, "valid")); + } + + public List toModels(String json) { + throw new UnsupportedOperationException(); + } +} diff --git a/sonar-ws-client/src/main/java/org/sonar/wsclient/unmarshallers/Unmarshallers.java b/sonar-ws-client/src/main/java/org/sonar/wsclient/unmarshallers/Unmarshallers.java index 3be4dc4b161..b34d561fae5 100644 --- a/sonar-ws-client/src/main/java/org/sonar/wsclient/unmarshallers/Unmarshallers.java +++ b/sonar-ws-client/src/main/java/org/sonar/wsclient/unmarshallers/Unmarshallers.java @@ -19,7 +19,25 @@ */ package org.sonar.wsclient.unmarshallers; -import org.sonar.wsclient.services.*; +import org.sonar.wsclient.services.Authentication; +import org.sonar.wsclient.services.Dependency; +import org.sonar.wsclient.services.DependencyTree; +import org.sonar.wsclient.services.Event; +import org.sonar.wsclient.services.Favourite; +import org.sonar.wsclient.services.ManualMeasure; +import org.sonar.wsclient.services.Metric; +import org.sonar.wsclient.services.Model; +import org.sonar.wsclient.services.Plugin; +import org.sonar.wsclient.services.Profile; +import org.sonar.wsclient.services.Property; +import org.sonar.wsclient.services.Resource; +import org.sonar.wsclient.services.Review; +import org.sonar.wsclient.services.Rule; +import org.sonar.wsclient.services.Server; +import org.sonar.wsclient.services.ServerSetup; +import org.sonar.wsclient.services.Source; +import org.sonar.wsclient.services.TimeMachine; +import org.sonar.wsclient.services.Violation; import java.util.HashMap; import java.util.Map; @@ -49,6 +67,7 @@ public final class Unmarshallers { unmarshallers.put(Profile.class, new ProfileUnmarshaller()); unmarshallers.put(Review.class, new ReviewUnmarshaller()); unmarshallers.put(ManualMeasure.class, new ManualMeasureUnmarshaller()); + unmarshallers.put(Authentication.class, new AuthenticationUnmarshaller()); } public static Unmarshaller forModel(Class modelClass) { diff --git a/sonar-ws-client/src/test/java/org/sonar/wsclient/services/AuthenticationQueryTest.java b/sonar-ws-client/src/test/java/org/sonar/wsclient/services/AuthenticationQueryTest.java new file mode 100644 index 00000000000..cfdb766b8b9 --- /dev/null +++ b/sonar-ws-client/src/test/java/org/sonar/wsclient/services/AuthenticationQueryTest.java @@ -0,0 +1,34 @@ +/* + * Sonar, open source software quality management tool. + * Copyright (C) 2008-2012 SonarSource + * mailto:contact AT sonarsource DOT com + * + * Sonar is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * Sonar is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with Sonar; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02 + */ +package org.sonar.wsclient.services; + +import org.junit.Test; + +import static org.fest.assertions.Assertions.assertThat; + +public class AuthenticationQueryTest extends QueryTestCase { + @Test + public void should_query_right_url() { + AuthenticationQuery query = new AuthenticationQuery(); + + assertThat(query.getUrl()).isEqualTo("/api/authentication/index"); + assertThat(query.getModelClass().getName()).isEqualTo(Authentication.class.getName()); + } +} diff --git a/sonar-ws-client/src/test/java/org/sonar/wsclient/services/AuthenticationTest.java b/sonar-ws-client/src/test/java/org/sonar/wsclient/services/AuthenticationTest.java new file mode 100644 index 00000000000..669c7fd7303 --- /dev/null +++ b/sonar-ws-client/src/test/java/org/sonar/wsclient/services/AuthenticationTest.java @@ -0,0 +1,33 @@ +/* + * Sonar, open source software quality management tool. + * Copyright (C) 2008-2012 SonarSource + * mailto:contact AT sonarsource DOT com + * + * Sonar is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * Sonar is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with Sonar; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02 + */ +package org.sonar.wsclient.services; + +import org.junit.Test; + +import static org.fest.assertions.Assertions.assertThat; + +public class AuthenticationTest { + @Test + public void should_set_valid_state() { + assertThat(new Authentication().isValid()).isFalse(); + assertThat(new Authentication().setValid(false).isValid()).isFalse(); + assertThat(new Authentication().setValid(true).isValid()).isTrue(); + } +} diff --git a/sonar-ws-client/src/test/java/org/sonar/wsclient/unmarshallers/AuthenticationUnmarshallerTest.java b/sonar-ws-client/src/test/java/org/sonar/wsclient/unmarshallers/AuthenticationUnmarshallerTest.java new file mode 100644 index 00000000000..6487bfe5f0c --- /dev/null +++ b/sonar-ws-client/src/test/java/org/sonar/wsclient/unmarshallers/AuthenticationUnmarshallerTest.java @@ -0,0 +1,41 @@ +/* + * Sonar, open source software quality management tool. + * Copyright (C) 2008-2012 SonarSource + * mailto:contact AT sonarsource DOT com + * + * Sonar is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * Sonar is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with Sonar; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02 + */ +package org.sonar.wsclient.unmarshallers; + +import org.junit.Test; +import org.sonar.wsclient.services.Authentication; + +import static org.fest.assertions.Assertions.assertThat; + +public class AuthenticationUnmarshallerTest extends UnmarshallerTestCase { + @Test + public void should_unmarshall_valid_authentication() { + Authentication authentication = new AuthenticationUnmarshaller().toModel(loadFile("/authentication/authentication_valid.json")); + + assertThat(authentication.isValid()).isTrue(); + } + + @Test + public void should_unmarshall_invalid_authentication() { + Authentication authentication = new AuthenticationUnmarshaller().toModel(loadFile("/authentication/authentication_invalid.json")); + + assertThat(authentication.isValid()).isFalse(); + } +} diff --git a/sonar-ws-client/src/test/resources/authentication/authentication_invalid.json b/sonar-ws-client/src/test/resources/authentication/authentication_invalid.json new file mode 100644 index 00000000000..032d6e5bc05 --- /dev/null +++ b/sonar-ws-client/src/test/resources/authentication/authentication_invalid.json @@ -0,0 +1 @@ +{"valid":false} \ No newline at end of file diff --git a/sonar-ws-client/src/test/resources/authentication/authentication_valid.json b/sonar-ws-client/src/test/resources/authentication/authentication_valid.json new file mode 100644 index 00000000000..a9d0d8f0794 --- /dev/null +++ b/sonar-ws-client/src/test/resources/authentication/authentication_valid.json @@ -0,0 +1 @@ +{"valid":true} \ No newline at end of file -- 2.39.5