From 316982d6c9795da9ecf47e14bbbff1ee8db82441 Mon Sep 17 00:00:00 2001 From: Simon Brandhof Date: Thu, 2 Feb 2017 15:19:44 +0100 Subject: [PATCH] SONAR-8716 fix check of permissions in EncryptAction --- .../server/setting/ws/EncryptAction.java | 3 +- .../server/setting/ws/EncryptActionTest.java | 58 +++++++++++++------ 2 files changed, 40 insertions(+), 21 deletions(-) diff --git a/server/sonar-server/src/main/java/org/sonar/server/setting/ws/EncryptAction.java b/server/sonar-server/src/main/java/org/sonar/server/setting/ws/EncryptAction.java index 2615d6590a1..abc383eb480 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/setting/ws/EncryptAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/setting/ws/EncryptAction.java @@ -28,7 +28,6 @@ import org.sonar.api.server.ws.WebService; import org.sonar.server.user.UserSession; import org.sonarqube.ws.Settings.EncryptWsResponse; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.ws.WsUtils.checkRequest; import static org.sonar.server.ws.WsUtils.writeProtobuf; import static org.sonarqube.ws.client.setting.SettingsWsParameters.PARAM_VALUE; @@ -60,7 +59,7 @@ public class EncryptAction implements SettingsWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkPermission(SYSTEM_ADMIN); + userSession.checkLoggedIn().checkIsRoot(); String value = request.mandatoryParam(PARAM_VALUE); checkRequest(!value.isEmpty(), "Parameter '%s' must not be empty", PARAM_VALUE); diff --git a/server/sonar-server/src/test/java/org/sonar/server/setting/ws/EncryptActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/setting/ws/EncryptActionTest.java index 43b05f269ff..73623a21c82 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/setting/ws/EncryptActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/setting/ws/EncryptActionTest.java @@ -36,6 +36,7 @@ import org.sonar.api.config.Settings; import org.sonar.api.server.ws.WebService; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; +import org.sonar.server.exceptions.UnauthorizedException; import org.sonar.server.tester.UserSessionRule; import org.sonar.server.ws.TestRequest; import org.sonar.server.ws.WsActionTester; @@ -43,8 +44,6 @@ import org.sonarqube.ws.MediaTypes; import org.sonarqube.ws.Settings.EncryptWsResponse; import static org.assertj.core.api.Assertions.assertThat; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.test.JsonAssert.assertJson; import static org.sonarqube.ws.client.setting.SettingsWsParameters.PARAM_VALUE; @@ -52,31 +51,29 @@ public class EncryptActionTest { @Rule public ExpectedException expectedException = ExpectedException.none(); @Rule - public UserSessionRule userSession = UserSessionRule.standalone().setGlobalPermissions(SYSTEM_ADMIN); + public UserSessionRule userSession = UserSessionRule.standalone(); @Rule public TemporaryFolder folder = new TemporaryFolder(); - Settings settings = new MapSettings(); - Encryption encryption = settings.getEncryption(); - - EncryptAction underTest = new EncryptAction(userSession, settings); - - WsActionTester ws = new WsActionTester(underTest); + private Settings settings = new MapSettings(); + private Encryption encryption = settings.getEncryption(); + private EncryptAction underTest = new EncryptAction(userSession, settings); + private WsActionTester ws = new WsActionTester(underTest); @Before - public void setUp_secret_key() { - try { - File secretKeyFile = folder.newFile(); - FileUtils.writeStringToFile(secretKeyFile, "fCVFf/JHRi8Qwu5KLNva7g=="); + public void setUpSecretKey() throws Exception { + logInAsRoot(); - encryption.setPathToSecretKey(secretKeyFile.getAbsolutePath()); - } catch (IOException e) { - Throwables.propagate(e); - } + File secretKeyFile = folder.newFile(); + FileUtils.writeStringToFile(secretKeyFile, "fCVFf/JHRi8Qwu5KLNva7g=="); + + encryption.setPathToSecretKey(secretKeyFile.getAbsolutePath()); } @Test public void json_example() { + logInAsRoot(); + String result = ws.newRequest().setParam("value", "my value").execute().getInput(); assertJson(result).isSimilarTo(ws.getDef().responseExampleAsString()); @@ -84,6 +81,8 @@ public class EncryptActionTest { @Test public void encrypt() { + logInAsRoot(); + EncryptWsResponse result = call("my value!"); assertThat(result.getEncryptedValue()).isEqualTo("{aes}NoofntibpMBdhkMfXQxYcA=="); @@ -101,16 +100,29 @@ public class EncryptActionTest { } @Test - public void fail_if_insufficient_permissions() { + public void throw_ForbiddenException_if_not_root() throws Exception { + userSession.login().setNonRoot(); + expectedException.expect(ForbiddenException.class); + expectedException.expectMessage("Insufficient privileges"); - userSession.anonymous().setGlobalPermissions(QUALITY_PROFILE_ADMIN); + call("my value"); + } + + @Test + public void throw_UnauthorizedException_if_not_logged_in() throws Exception { + userSession.anonymous(); + + expectedException.expect(UnauthorizedException.class); + expectedException.expectMessage("Authentication is required"); call("my value"); } @Test public void fail_if_value_is_not_provided() { + logInAsRoot(); + expectedException.expect(IllegalArgumentException.class); call(null); @@ -118,6 +130,8 @@ public class EncryptActionTest { @Test public void fail_if_value_is_empty() { + logInAsRoot(); + expectedException.expect(BadRequestException.class); expectedException.expectMessage("Parameter 'value' must not be empty"); @@ -126,6 +140,8 @@ public class EncryptActionTest { @Test public void fail_if_no_secret_key_available() { + logInAsRoot(); + encryption.setPathToSecretKey("unknown/path/to/secret/key"); expectedException.expect(BadRequestException.class); @@ -149,4 +165,8 @@ public class EncryptActionTest { throw Throwables.propagate(e); } } + + private void logInAsRoot() { + userSession.login().setRoot(); + } } -- 2.39.5