From 47c34064dd5279ed517c30af01ef5488d0c4bcb4 Mon Sep 17 00:00:00 2001 From: =?utf8?q?S=C3=A9bastien=20Lesaint?= Date: Wed, 29 Apr 2015 13:24:09 +0200 Subject: [PATCH] system/upgrades and system/restart should not require user authent remove global authentication verification on /api/system in RoR so that WS /api/system/upgrades and /api/system/restart do not require user to be authenticated --- .../platform/ws/SystemInfoWsAction.java | 11 ++++++--- .../platform/ws/SystemRestartWsAction.java | 23 +++++++++++-------- .../app/controllers/api/server_controller.rb | 2 +- 3 files changed, 22 insertions(+), 14 deletions(-) diff --git a/server/sonar-server/src/main/java/org/sonar/server/platform/ws/SystemInfoWsAction.java b/server/sonar-server/src/main/java/org/sonar/server/platform/ws/SystemInfoWsAction.java index 136340c696c..6368101a8b4 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/platform/ws/SystemInfoWsAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/platform/ws/SystemInfoWsAction.java @@ -20,6 +20,8 @@ package org.sonar.server.platform.ws; +import java.util.Map; + import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; @@ -28,8 +30,9 @@ import org.sonar.core.permission.GlobalPermissions; import org.sonar.server.platform.monitoring.Monitor; import org.sonar.server.user.UserSession; -import java.util.Map; - +/** + * Implementation of the {@code info} action for the System WebService. + */ public class SystemInfoWsAction implements SystemWsAction { private final Monitor[] monitors; @@ -41,7 +44,9 @@ public class SystemInfoWsAction implements SystemWsAction { @Override public void define(WebService.NewController controller) { controller.createAction("info") - .setDescription("Detailed information about system configuration") + .setDescription("Detailed information about system configuration." + + "
" + + "Requires user to be authenticated with Administer System permissions.") .setSince("5.1") .setResponseExample(getClass().getResource("/org/sonar/server/platform/ws/example-system-info.json")) .setHandler(this); diff --git a/server/sonar-server/src/main/java/org/sonar/server/platform/ws/SystemRestartWsAction.java b/server/sonar-server/src/main/java/org/sonar/server/platform/ws/SystemRestartWsAction.java index 9227df4f4ac..f2f6bf94bad 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/platform/ws/SystemRestartWsAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/platform/ws/SystemRestartWsAction.java @@ -19,7 +19,6 @@ */ package org.sonar.server.platform.ws; - import org.sonar.api.config.Settings; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; @@ -29,8 +28,13 @@ import org.sonar.api.utils.log.Loggers; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.platform.Platform; +/** + * Implementation of the {@code restart} action for the System WebService. + */ public class SystemRestartWsAction implements SystemWsAction { + private static final Logger LOGGER = Loggers.get(SystemRestartWsAction.class); + private final Settings settings; private final Platform platform; @@ -43,7 +47,7 @@ public class SystemRestartWsAction implements SystemWsAction { public void define(WebService.NewController controller) { controller.createAction("restart") .setDescription("Restart server. Available only on development mode (sonar.web.dev=true). " + - "Ruby on Rails extensions are not reloaded") + "Ruby on Rails extensions are not reloaded.") .setSince("4.3") .setPost(true) .setHandler(this); @@ -51,15 +55,14 @@ public class SystemRestartWsAction implements SystemWsAction { @Override public void handle(Request request, Response response) { - if (settings.getBoolean("sonar.web.dev")) { - Logger logger = Loggers.get(getClass()); - logger.info("Restart server"); - platform.restart(); - logger.info("Server restarted"); - response.noContent(); - - } else { + if (!settings.getBoolean("sonar.web.dev")) { throw new ForbiddenException(); } + + LOGGER.info("Restart server"); + platform.restart(); + LOGGER.info("Server restarted"); + response.noContent(); } + } diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/server_controller.rb b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/server_controller.rb index 91ff7fd875e..ab4b158a85b 100644 --- a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/server_controller.rb +++ b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/server_controller.rb @@ -19,7 +19,7 @@ # class Api::ServerController < Api::ApiController - skip_before_filter :check_authentication, :except => 'system' + skip_before_filter :check_authentication # prevent HTTP proxies from caching server status before_filter :set_cache_buster, :only => 'index' -- 2.39.5