From 7101b666dc952fce6dedece3a515d495adfdc84c Mon Sep 17 00:00:00 2001 From: Lukasz Jarocki Date: Tue, 27 Jun 2023 11:47:17 +0200 Subject: [PATCH] SONAR-19580 fixed an issue with project badges for private applications --- .../org/sonar/server/badge/ws/ProjectBadgesWs.java | 2 ++ .../org/sonar/server/badge/ws/TokenAction.java | 11 ++++++++--- .../sonar/server/badge/ws/TokenRenewAction.java | 14 ++++++++++---- .../org/sonar/server/badge/ws/TokenActionTest.java | 12 ++++++++++++ .../server/badge/ws/TokenRenewActionTest.java | 14 ++++++++++++++ 5 files changed, 46 insertions(+), 7 deletions(-) diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/ProjectBadgesWs.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/ProjectBadgesWs.java index 146d1794608..2f0b68bcb53 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/ProjectBadgesWs.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/ProjectBadgesWs.java @@ -24,6 +24,8 @@ import org.sonar.api.server.ws.WebService; public class ProjectBadgesWs implements WebService { + static final String PROJECT_OR_APP_NOT_FOUND = "Project or Application not found"; + private final List actions; public ProjectBadgesWs(List actions) { diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/TokenAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/TokenAction.java index 0d83e52cc1a..910979e4011 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/TokenAction.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/TokenAction.java @@ -20,6 +20,7 @@ package org.sonar.server.badge.ws; import com.google.common.io.Resources; +import org.sonar.api.server.ws.Change; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; @@ -34,6 +35,8 @@ import org.sonar.server.user.UserSession; import org.sonar.server.usertoken.TokenGenerator; import org.sonarqube.ws.ProjectBadgeToken.TokenWsResponse; +import static java.lang.String.format; +import static org.sonar.server.badge.ws.ProjectBadgesWs.PROJECT_OR_APP_NOT_FOUND; import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001; import static org.sonar.server.ws.WsUtils.writeProtobuf; @@ -55,9 +58,10 @@ public class TokenAction implements ProjectBadgesWsAction { NewAction action = controller.createAction("token") .setHandler(this) .setSince("9.2") - .setDescription("Retrieve a token to use for project badge access for private projects.
" + + .setChangelog(new Change("9.9", format("Application key can be used for %s parameter.", PROJECT_KEY_PARAM))) + .setDescription("Retrieve a token to use for project or application badge access for private projects or applications.
" + "This token can be used to authenticate with api/project_badges/quality_gate and api/project_badges/measure endpoints.
" + - "Requires 'Browse' permission on the specified project.") + "Requires 'Browse' permission on the specified project or application.") .setResponseExample(Resources.getResource(getClass(), "token-example.json")); action.createParam(PROJECT_KEY_PARAM) .setDescription("Project or application key") @@ -75,7 +79,8 @@ public class TokenAction implements ProjectBadgesWsAction { try (DbSession dbSession = dbClient.openSession(false)) { String projectKey = request.mandatoryParam(PROJECT_KEY_PARAM); - ProjectDto projectDto = dbClient.projectDao().selectProjectByKey(dbSession, projectKey).orElseThrow(() -> new IllegalArgumentException("project not found")); + ProjectDto projectDto = dbClient.projectDao().selectProjectOrAppByKey(dbSession, projectKey) + .orElseThrow(() -> new IllegalArgumentException(PROJECT_OR_APP_NOT_FOUND)); userSession.checkProjectPermission(UserRole.USER, projectDto); ProjectBadgeTokenDto projectBadgeTokenDto = dbClient.projectBadgeTokenDao().selectTokenByProject(dbSession, projectDto); diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/TokenRenewAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/TokenRenewAction.java index a79f479c471..7c751010f75 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/TokenRenewAction.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/TokenRenewAction.java @@ -19,6 +19,7 @@ */ package org.sonar.server.badge.ws; +import org.sonar.api.server.ws.Change; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; @@ -31,6 +32,8 @@ import org.sonar.db.user.TokenType; import org.sonar.server.user.UserSession; import org.sonar.server.usertoken.TokenGenerator; +import static java.lang.String.format; +import static org.sonar.server.badge.ws.ProjectBadgesWs.PROJECT_OR_APP_NOT_FOUND; import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001; public class TokenRenewAction implements ProjectBadgesWsAction { @@ -52,11 +55,13 @@ public class TokenRenewAction implements ProjectBadgesWsAction { .setHandler(this) .setSince("9.2") .setPost(true) - .setDescription("Creates new token replacing any existing token for project badge access for private projects.
" + + .setChangelog(new Change("9.9", format("Application key can be used for %s parameter.", PROJECT_KEY_PARAM))) + .setDescription("Creates new token replacing any existing token for project or application badge access for private projects and " + + "applications.
" + "This token can be used to authenticate with api/project_badges/quality_gate and api/project_badges/measure endpoints.
" + - "Requires 'Administer' permission on the specified project."); + "Requires 'Administer' permission on the specified project or application."); action.createParam(PROJECT_KEY_PARAM) - .setDescription("Project key") + .setDescription("Project or application key") .setRequired(true) .setExampleValue(KEY_PROJECT_EXAMPLE_001); } @@ -71,7 +76,8 @@ public class TokenRenewAction implements ProjectBadgesWsAction { try (DbSession dbSession = dbClient.openSession(false)) { String projectKey = request.mandatoryParam(PROJECT_KEY_PARAM); - ProjectDto projectDto = dbClient.projectDao().selectProjectByKey(dbSession, projectKey).orElseThrow(() -> new IllegalArgumentException("project not found")); + ProjectDto projectDto = dbClient.projectDao().selectProjectOrAppByKey(dbSession, projectKey) + .orElseThrow(() -> new IllegalArgumentException(PROJECT_OR_APP_NOT_FOUND)); userSession.checkProjectPermission(UserRole.ADMIN, projectDto); String newGeneratedToken = tokenGenerator.generate(TokenType.PROJECT_BADGE_TOKEN); dbClient.projectBadgeTokenDao().upsert(dbSession, newGeneratedToken, projectDto, userSession.getUuid(), userSession.getLogin()); diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/TokenActionTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/TokenActionTest.java index 701e7db0e27..e8b606e7c44 100644 --- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/TokenActionTest.java +++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/TokenActionTest.java @@ -81,6 +81,18 @@ public class TokenActionTest { response.assertJson("{\"token\":\"generated_token\"}"); } + @Test + public void handle_whenApplicationKeyPassed_shouldReturnToken() { + ComponentDto application = db.components().insertPrivateApplication(); + userSession.logIn().addProjectPermission(UserRole.USER, application); + when(tokenGenerator.generate(TokenType.PROJECT_BADGE_TOKEN)).thenReturn("generated_token"); + + TestResponse response = ws.newRequest().setParam("project", application.getKey()).execute(); + + response.assertJson("{\"token\":\"generated_token\"}"); + } + + @Test public void should_reuse_generated_token() { ComponentDto project = db.components().insertPrivateProject(); diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/TokenRenewActionTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/TokenRenewActionTest.java index 55eb86bb59a..1fa68c50260 100644 --- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/TokenRenewActionTest.java +++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/TokenRenewActionTest.java @@ -97,6 +97,20 @@ public class TokenRenewActionTest { response.assertNoContent(); } + @Test + public void handle_whenApplicationKeyPassed_shouldAddTokenAndReturn204() { + ProjectDto application = db.components().insertPrivateApplicationDto(); + userSession.logIn().addProjectPermission(UserRole.ADMIN, application); + when(tokenGenerator.generate(TokenType.PROJECT_BADGE_TOKEN)).thenReturn("generated_token"); + + TestResponse response = ws.newRequest().setParam("project", application.getKey()).execute(); + + ProjectBadgeTokenDto projectBadgeTokenDto = db.getDbClient().projectBadgeTokenDao().selectTokenByProject(db.getSession(), application); + assertThat(projectBadgeTokenDto).isNotNull(); + assertThat(projectBadgeTokenDto.getToken()).isEqualTo("generated_token"); + response.assertNoContent(); + } + @Test public void should_replace_existing_token_when__token_already_present_and_update_update_at() { ProjectDto project = db.components().insertPrivateProjectDto(); -- 2.39.5