From a3ae9a82c4f2b99e68a2bc837b8fa318e7d410a1 Mon Sep 17 00:00:00 2001 From: Lukasz Jarocki Date: Wed, 24 Mar 2021 09:09:01 +0100 Subject: [PATCH] SONAR-14606 failing install request with 400 when no consent --- .../server/plugins/ws/InstallAction.java | 20 ++++++++++++-- .../server/plugins/ws/InstallActionTest.java | 27 +++++++++++++++++-- 2 files changed, 43 insertions(+), 4 deletions(-) diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/plugins/ws/InstallAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/plugins/ws/InstallAction.java index 09d043b7415..cac53ada5d7 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/plugins/ws/InstallAction.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/plugins/ws/InstallAction.java @@ -19,11 +19,16 @@ */ package org.sonar.server.plugins.ws; +import java.net.HttpURLConnection; import java.util.Objects; import java.util.Optional; + +import org.sonar.api.config.Configuration; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; +import org.sonar.core.extension.PluginRiskConsent; +import org.sonar.server.exceptions.ServerException; import org.sonar.server.plugins.PluginDownloader; import org.sonar.server.plugins.UpdateCenterMatrixFactory; import org.sonar.server.user.UserSession; @@ -31,6 +36,7 @@ import org.sonar.updatecenter.common.PluginUpdate; import org.sonar.updatecenter.common.UpdateCenter; import static java.lang.String.format; +import static org.sonar.core.config.CorePropertyDefinitions.PLUGINS_RISK_CONSENT; import static org.sonar.server.plugins.edition.EditionBundledPlugins.isEditionBundled; /** @@ -43,12 +49,14 @@ public class InstallAction implements PluginsWsAction { private final UpdateCenterMatrixFactory updateCenterFactory; private final PluginDownloader pluginDownloader; private final UserSession userSession; + private final Configuration configuration; - public InstallAction(UpdateCenterMatrixFactory updateCenterFactory, - PluginDownloader pluginDownloader, UserSession userSession) { + public InstallAction(UpdateCenterMatrixFactory updateCenterFactory, PluginDownloader pluginDownloader, + UserSession userSession, Configuration configuration) { this.updateCenterFactory = updateCenterFactory; this.pluginDownloader = pluginDownloader; this.userSession = userSession; + this.configuration = configuration; } @Override @@ -70,6 +78,9 @@ public class InstallAction implements PluginsWsAction { @Override public void handle(Request request, Response response) throws Exception { userSession.checkIsSystemAdministrator(); + if (!hasPluginInstallConsent()) { + throw new IllegalArgumentException("Can't install plugin without accepting firstly plugins risk consent"); + } String key = request.mandatoryParam(PARAM_KEY); PluginUpdate pluginUpdate = findAvailablePluginByKey(key); @@ -77,6 +88,11 @@ public class InstallAction implements PluginsWsAction { response.noContent(); } + private boolean hasPluginInstallConsent() { + Optional pluginRiskConsent = configuration.get(PLUGINS_RISK_CONSENT); + return pluginRiskConsent.filter(s -> PluginRiskConsent.valueOf(s) == PluginRiskConsent.ACCEPTED).isPresent(); + } + private PluginUpdate findAvailablePluginByKey(String key) { PluginUpdate pluginUpdate = null; diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/plugins/ws/InstallActionTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/plugins/ws/InstallActionTest.java index 70396fb6077..a3d36b670c3 100644 --- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/plugins/ws/InstallActionTest.java +++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/plugins/ws/InstallActionTest.java @@ -23,14 +23,19 @@ import com.google.common.collect.ImmutableList; import com.tngtech.java.junit.dataprovider.DataProvider; import com.tngtech.java.junit.dataprovider.DataProviderRunner; import com.tngtech.java.junit.dataprovider.UseDataProvider; + import java.util.Optional; + import org.junit.Before; import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; import org.junit.runner.RunWith; +import org.sonar.api.config.Configuration; import org.sonar.api.server.ws.WebService; +import org.sonar.core.extension.PluginRiskConsent; import org.sonar.server.exceptions.ForbiddenException; +import org.sonar.server.exceptions.ServerException; import org.sonar.server.plugins.PluginDownloader; import org.sonar.server.plugins.UpdateCenterMatrixFactory; import org.sonar.server.tester.UserSessionRule; @@ -43,10 +48,12 @@ import org.sonar.updatecenter.common.UpdateCenter; import org.sonar.updatecenter.common.Version; import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatThrownBy; import static org.mockito.ArgumentMatchers.anyBoolean; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; +import static org.sonar.core.config.CorePropertyDefinitions.PLUGINS_RISK_CONSENT; @RunWith(DataProviderRunner.class) public class InstallActionTest { @@ -62,12 +69,14 @@ public class InstallActionTest { private UpdateCenterMatrixFactory updateCenterFactory = mock(UpdateCenterMatrixFactory.class); private UpdateCenter updateCenter = mock(UpdateCenter.class); private PluginDownloader pluginDownloader = mock(PluginDownloader.class); - private InstallAction underTest = new InstallAction(updateCenterFactory, pluginDownloader, userSessionRule); + private Configuration configuration = mock(Configuration.class); + private InstallAction underTest = new InstallAction(updateCenterFactory, pluginDownloader, userSessionRule, configuration); private WsActionTester tester = new WsActionTester(underTest); @Before public void wireMocks() { when(updateCenterFactory.getUpdateCenter(anyBoolean())).thenReturn(Optional.of(updateCenter)); + when(configuration.get(PLUGINS_RISK_CONSENT)).thenReturn(Optional.of(PluginRiskConsent.ACCEPTED.name())); } @Test @@ -142,7 +151,7 @@ public class InstallActionTest { @DataProvider public static Object[][] editionBundledOrganizationAndLicense() { - return new Object[][] { + return new Object[][]{ {"SonarSource", "SonarSource"}, {"SonarSource", "Commercial"}, {"sonarsource", "SOnArSOURCE"} @@ -177,6 +186,20 @@ public class InstallActionTest { response.assertNoContent(); } + @Test + public void handle_givenRiskConsentNotAccepted_expectServerError() { + logInAsSystemAdministrator(); + + when(configuration.get(PLUGINS_RISK_CONSENT)).thenReturn(Optional.of(PluginRiskConsent.NOT_ACCEPTED.name())); + + assertThatThrownBy(() -> tester.newRequest() + .setParam(KEY_PARAM, PLUGIN_KEY) + .execute()) + .isInstanceOf(IllegalArgumentException.class) + .hasMessage("Can't install plugin without accepting firstly plugins risk consent"); + + } + private void logInAsSystemAdministrator() { userSessionRule.logIn().setSystemAdministrator(); } -- 2.39.5