From ad9dd01e97b800714e76baa9a31e80db7ecc1c90 Mon Sep 17 00:00:00 2001 From: Guillaume Jambet Date: Fri, 5 Jan 2018 15:12:31 +0100 Subject: [PATCH] SONAR-10222 Fail when searching member organizations and unauthenticated --- .../server/organization/ws/SearchAction.java | 5 +++++ .../server/organization/ws/SearchActionTest.java | 16 ++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchAction.java b/server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchAction.java index 2b454da4f4d..6e939c99bfa 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchAction.java @@ -88,6 +88,11 @@ public class SearchAction implements OrganizationsWsAction { @Override public void handle(Request request, Response response) throws Exception { + boolean isMember = request.mandatoryParamAsBoolean(PARAM_MEMBER); + if (isMember){ + userSession.checkLoggedIn(); + } + try (DbSession dbSession = dbClient.openSession(false)) { OrganizationQuery dbQuery = buildDbQuery(request); int total = dbClient.organizationDao().countByQuery(dbSession, dbQuery); diff --git a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchActionTest.java index 945b3159ee1..4294078260c 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchActionTest.java @@ -34,6 +34,7 @@ import org.sonar.db.DbTester; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; import org.sonar.db.user.UserDto; +import org.sonar.server.exceptions.UnauthorizedException; import org.sonar.server.organization.OrganizationValidationImpl; import org.sonar.server.tester.UserSessionRule; import org.sonar.server.ws.TestRequest; @@ -290,6 +291,21 @@ public class SearchActionTest { .doesNotContain(organizationWithoutMember.getKey()); } + @Test + public void fail_if_member_is_set_to_true_but_user_is_not_authenticated(){ + UserDto user = db.users().insertUser(); + OrganizationDto organization = db.organizations().insert(); + db.organizations().addMember(organization, user); + + userSession.anonymous(); + + expectedException.expect(UnauthorizedException.class); + expectedException.expectMessage("Authentication is required"); + + call(ws.newRequest().setParam(PARAM_MEMBER, String.valueOf(true))); + } + + private List executeRequestAndReturnList(@Nullable Integer page, @Nullable Integer pageSize, String... keys) { return call(page, pageSize, keys).getOrganizationsList(); } -- 2.39.5