From dd22374f61583a64d247eeaf7213fbebaf06522c Mon Sep 17 00:00:00 2001 From: Antoine Vigneau Date: Wed, 8 Mar 2023 11:30:50 +0100 Subject: [PATCH] SONAR-18654 Lock users endpoints --- .../sonar/server/user/ws/CreateActionIT.java | 41 ++++++++++++++++++- .../server/user/ws/DeactivateActionIT.java | 32 ++++++++++++++- .../sonar/server/user/ws/UpdateActionIT.java | 32 ++++++++++++++- .../ws/UpdateIdentityProviderActionIT.java | 33 +++++++++++++-- .../server/user/ws/UpdateLoginActionIT.java | 33 ++++++++++++++- .../sonar/server/user/ws/CreateAction.java | 6 ++- .../server/user/ws/DeactivateAction.java | 15 +++++-- .../sonar/server/user/ws/UpdateAction.java | 7 +++- .../user/ws/UpdateIdentityProviderAction.java | 7 +++- .../server/user/ws/UpdateLoginAction.java | 7 +++- 10 files changed, 198 insertions(+), 15 deletions(-) diff --git a/server/sonar-webserver-webapi/src/it/java/org/sonar/server/user/ws/CreateActionIT.java b/server/sonar-webserver-webapi/src/it/java/org/sonar/server/user/ws/CreateActionIT.java index 3d02f26e426..3f885ffefb4 100644 --- a/server/sonar-webserver-webapi/src/it/java/org/sonar/server/user/ws/CreateActionIT.java +++ b/server/sonar-webserver-webapi/src/it/java/org/sonar/server/user/ws/CreateActionIT.java @@ -36,7 +36,10 @@ import org.sonar.db.user.UserDto; import org.sonar.server.authentication.CredentialsLocalAuthentication; import org.sonar.server.es.EsClient; import org.sonar.server.es.EsTester; +import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; +import org.sonar.server.exceptions.UnauthorizedException; +import org.sonar.server.management.ManagedInstanceChecker; import org.sonar.server.tester.UserSessionRule; import org.sonar.server.user.NewUserNotifier; import org.sonar.server.user.UserUpdater; @@ -56,7 +59,10 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatThrownBy; import static org.elasticsearch.index.query.QueryBuilders.boolQuery; import static org.elasticsearch.index.query.QueryBuilders.termQuery; +import static org.mockito.Mockito.doThrow; import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.never; +import static org.mockito.Mockito.verify; import static org.sonar.db.user.UserTesting.newUserDto; import static org.sonar.server.user.index.UserIndexDefinition.FIELD_EMAIL; import static org.sonar.server.user.index.UserIndexDefinition.FIELD_LOGIN; @@ -78,8 +84,10 @@ public class CreateActionIT { private final UserIndexer userIndexer = new UserIndexer(db.getDbClient(), es.client()); private GroupDto defaultGroup; private final CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient(), settings.asConfig()); + + private final ManagedInstanceChecker managedInstanceChecker = mock(ManagedInstanceChecker.class); private final WsActionTester tester = new WsActionTester(new CreateAction(db.getDbClient(), new UserUpdater(mock(NewUserNotifier.class), - db.getDbClient(), userIndexer, new DefaultGroupFinder(db.getDbClient()), settings.asConfig(), new NoOpAuditPersister(), localAuthentication), userSessionRule)); + db.getDbClient(), userIndexer, new DefaultGroupFinder(db.getDbClient()), settings.asConfig(), new NoOpAuditPersister(), localAuthentication), userSessionRule, managedInstanceChecker)); @Before public void setUp() { @@ -354,6 +362,37 @@ public class CreateActionIT { .hasMessage("Insufficient privileges"); } + @Test + public void handle_whenInstanceManaged_shouldThrowBadRequestException() { + BadRequestException badRequestException = BadRequestException.create("message"); + doThrow(badRequestException).when(managedInstanceChecker).throwIfInstanceIsManaged(); + + logInAsSystemAdministrator(); + + CreateRequest request = CreateRequest.builder() + .setLogin("pipo") + .setName("John") + .setPassword("1234") + .build(); + + assertThatThrownBy(() -> call(request)) + .isEqualTo(badRequestException); + } + + @Test + public void handle_whenInstanceManagedAndNotSystemAdministrator_shouldThrowUnauthorizedException() { + CreateRequest request = CreateRequest.builder() + .setLogin("pipo") + .setName("John") + .setPassword("1234") + .build(); + + assertThatThrownBy(() -> call(request)) + .isInstanceOf(UnauthorizedException.class) + .hasMessage("Authentication is required"); + verify(managedInstanceChecker, never()).throwIfInstanceIsManaged(); + } + @Test public void test_definition() { WebService.Action action = tester.getDef(); diff --git a/server/sonar-webserver-webapi/src/it/java/org/sonar/server/user/ws/DeactivateActionIT.java b/server/sonar-webserver-webapi/src/it/java/org/sonar/server/user/ws/DeactivateActionIT.java index 08ef9170955..99389de7c2f 100644 --- a/server/sonar-webserver-webapi/src/it/java/org/sonar/server/user/ws/DeactivateActionIT.java +++ b/server/sonar-webserver-webapi/src/it/java/org/sonar/server/user/ws/DeactivateActionIT.java @@ -51,6 +51,7 @@ import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.exceptions.UnauthorizedException; +import org.sonar.server.management.ManagedInstanceChecker; import org.sonar.server.tester.UserSessionRule; import org.sonar.server.user.ExternalIdentity; import org.sonar.server.user.index.UserIndexDefinition; @@ -64,6 +65,10 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatThrownBy; import static org.elasticsearch.index.query.QueryBuilders.boolQuery; import static org.elasticsearch.index.query.QueryBuilders.termQuery; +import static org.mockito.Mockito.doThrow; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.never; +import static org.mockito.Mockito.verify; import static org.sonar.db.property.PropertyTesting.newUserPropertyDto; import static org.sonar.server.user.index.UserIndexDefinition.FIELD_ACTIVE; import static org.sonar.server.user.index.UserIndexDefinition.FIELD_UUID; @@ -85,7 +90,8 @@ public class DeactivateActionIT { private final DbSession dbSession = db.getSession(); private final UserAnonymizer userAnonymizer = new UserAnonymizer(db.getDbClient(), () -> "anonymized"); private final UserDeactivator userDeactivator = new UserDeactivator(dbClient, userIndexer, userSession, userAnonymizer); - private final WsActionTester ws = new WsActionTester(new DeactivateAction(dbClient, userSession, new UserJsonWriter(userSession), userDeactivator)); + private final ManagedInstanceChecker managedInstanceChecker = mock(ManagedInstanceChecker.class); + private final WsActionTester ws = new WsActionTester(new DeactivateAction(dbClient, userSession, new UserJsonWriter(userSession), userDeactivator, managedInstanceChecker)); @Test public void deactivate_user_and_delete_their_related_data() { @@ -448,6 +454,30 @@ public class DeactivateActionIT { assertThat(db.getDbClient().scimUserDao().findByUserUuid(dbSession, user.getUuid())).isEmpty(); } + @Test + public void handle_whenUserManagedAndInstanceManaged_shouldThrowBadRequestException() { + BadRequestException badRequestException = BadRequestException.create("message"); + doThrow(badRequestException).when(managedInstanceChecker).throwIfInstanceIsManaged(); + + createAdminUser(); + logInAsSystemAdministrator(); + UserDto user = db.users().insertUser(u -> u.setLocal(false)); + + assertThatThrownBy(() -> deactivate(user.getLogin())) + .isEqualTo(badRequestException); + } + + @Test + public void handle_whenInstanceManagedAndNotSystemAdministrator_shouldThrowUnauthorizedException() { + UserDto userDto = db.users().insertUser(); + String login = userDto.getLogin(); + + assertThatThrownBy(() -> deactivate(login)) + .isInstanceOf(UnauthorizedException.class) + .hasMessage("Authentication is required"); + verify(managedInstanceChecker, never()).throwIfInstanceIsManaged(); + } + private void logInAsSystemAdministrator() { userSession.logIn().setSystemAdministrator(); } diff --git a/server/sonar-webserver-webapi/src/it/java/org/sonar/server/user/ws/UpdateActionIT.java b/server/sonar-webserver-webapi/src/it/java/org/sonar/server/user/ws/UpdateActionIT.java index 6f45e83a06d..789e3b06f47 100644 --- a/server/sonar-webserver-webapi/src/it/java/org/sonar/server/user/ws/UpdateActionIT.java +++ b/server/sonar-webserver-webapi/src/it/java/org/sonar/server/user/ws/UpdateActionIT.java @@ -32,8 +32,11 @@ import org.sonar.db.DbTester; import org.sonar.db.user.UserDto; import org.sonar.server.authentication.CredentialsLocalAuthentication; import org.sonar.server.es.EsTester; +import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; +import org.sonar.server.exceptions.UnauthorizedException; +import org.sonar.server.management.ManagedInstanceChecker; import org.sonar.server.tester.UserSessionRule; import org.sonar.server.user.NewUserNotifier; import org.sonar.server.user.UserUpdater; @@ -46,7 +49,10 @@ import static com.google.common.collect.Lists.newArrayList; import static java.util.Collections.singletonList; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatThrownBy; +import static org.mockito.Mockito.doThrow; import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.never; +import static org.mockito.Mockito.verify; import static org.sonar.db.user.UserTesting.newUserDto; public class UpdateActionIT { @@ -65,9 +71,10 @@ public class UpdateActionIT { private final DbSession dbSession = db.getSession(); private final UserIndexer userIndexer = new UserIndexer(dbClient, es.client()); private final CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient(), settings.asConfig()); + private final ManagedInstanceChecker managedInstanceChecker = mock(ManagedInstanceChecker.class); private final WsActionTester ws = new WsActionTester(new UpdateAction( new UserUpdater(mock(NewUserNotifier.class), dbClient, userIndexer, new DefaultGroupFinder(db.getDbClient()), settings.asConfig(), null, localAuthentication), - userSession, new UserJsonWriter(userSession), dbClient)); + userSession, new UserJsonWriter(userSession), dbClient, managedInstanceChecker)); @Before public void setUp() { @@ -284,6 +291,29 @@ public class UpdateActionIT { .hasMessage("Email 'invalid-email' is not valid"); } + @Test + public void handle_whenInstanceManaged_shouldThrowBadRequestException() { + BadRequestException badRequestException = BadRequestException.create("message"); + doThrow(badRequestException).when(managedInstanceChecker).throwIfInstanceIsManaged(); + + TestRequest updateRequest = ws.newRequest(); + + assertThatThrownBy(updateRequest::execute) + .isEqualTo(badRequestException); + } + + @Test + public void handle_whenInstanceManagedAndNotSystemAdministrator_shouldThrowUnauthorizedException() { + userSession.anonymous(); + + TestRequest updateRequest = ws.newRequest(); + + assertThatThrownBy(updateRequest::execute) + .isInstanceOf(UnauthorizedException.class) + .hasMessage("Authentication is required"); + verify(managedInstanceChecker, never()).throwIfInstanceIsManaged(); + } + @Test public void test_definition() { WebService.Action action = ws.getDef(); diff --git a/server/sonar-webserver-webapi/src/it/java/org/sonar/server/user/ws/UpdateIdentityProviderActionIT.java b/server/sonar-webserver-webapi/src/it/java/org/sonar/server/user/ws/UpdateIdentityProviderActionIT.java index 97a020eb7fd..e5271b48c26 100644 --- a/server/sonar-webserver-webapi/src/it/java/org/sonar/server/user/ws/UpdateIdentityProviderActionIT.java +++ b/server/sonar-webserver-webapi/src/it/java/org/sonar/server/user/ws/UpdateIdentityProviderActionIT.java @@ -22,7 +22,6 @@ package org.sonar.server.user.ws; import org.junit.Rule; import org.junit.Test; import org.sonar.api.config.internal.MapSettings; -import org.sonar.auth.ldap.LdapSettingsManager; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.DbTester; @@ -31,9 +30,11 @@ import org.sonar.server.authentication.CredentialsLocalAuthentication; import org.sonar.server.authentication.IdentityProviderRepositoryRule; import org.sonar.server.authentication.TestIdentityProvider; import org.sonar.server.es.EsTester; +import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.exceptions.UnauthorizedException; +import org.sonar.server.management.ManagedInstanceChecker; import org.sonar.server.tester.UserSessionRule; import org.sonar.server.user.NewUserNotifier; import org.sonar.server.user.UserUpdater; @@ -45,7 +46,10 @@ import org.sonar.server.ws.WsActionTester; import static com.google.common.collect.Lists.newArrayList; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatThrownBy; +import static org.mockito.Mockito.doThrow; import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.never; +import static org.mockito.Mockito.verify; import static org.sonar.db.user.UserTesting.newUserDto; public class UpdateIdentityProviderActionIT { @@ -69,11 +73,11 @@ public class UpdateIdentityProviderActionIT { private final UserIndexer userIndexer = new UserIndexer(dbClient, es.client()); private final CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(dbClient, settings.asConfig()); - private final LdapSettingsManager ldapSettingsManager = mock(LdapSettingsManager.class); + private final ManagedInstanceChecker managedInstanceChecker = mock(ManagedInstanceChecker.class); private final WsActionTester underTest = new WsActionTester(new UpdateIdentityProviderAction(dbClient, identityProviderRepository, new UserUpdater(mock(NewUserNotifier.class), dbClient, userIndexer, new DefaultGroupFinder(db.getDbClient()), settings.asConfig(), null, localAuthentication), - userSession)); + userSession, managedInstanceChecker)); @Test public void change_identity_provider_of_a_local_user_all_params() { @@ -223,6 +227,29 @@ public class UpdateIdentityProviderActionIT { .isInstanceOf(ForbiddenException.class); } + @Test + public void handle_whenInstanceManaged_shouldThrowBadRequestException() { + BadRequestException badRequestException = BadRequestException.create("message"); + doThrow(badRequestException).when(managedInstanceChecker).throwIfInstanceIsManaged(); + + TestRequest request = underTest.newRequest(); + + assertThatThrownBy(request::execute) + .isEqualTo(badRequestException); + } + + @Test + public void handle_whenInstanceManagedAndNotSystemAdministrator_shouldThrowUnauthorizedException() { + userSession.anonymous(); + + TestRequest request = underTest.newRequest(); + + assertThatThrownBy(request::execute) + .isInstanceOf(UnauthorizedException.class) + .hasMessage("Authentication is required"); + verify(managedInstanceChecker, never()).throwIfInstanceIsManaged(); + } + private void createUser(boolean local, String login, String externalLogin, String externalIdentityProvider) { UserDto userDto = newUserDto() .setEmail("john@email.com") diff --git a/server/sonar-webserver-webapi/src/it/java/org/sonar/server/user/ws/UpdateLoginActionIT.java b/server/sonar-webserver-webapi/src/it/java/org/sonar/server/user/ws/UpdateLoginActionIT.java index d36a5bcccb5..d3609f45760 100644 --- a/server/sonar-webserver-webapi/src/it/java/org/sonar/server/user/ws/UpdateLoginActionIT.java +++ b/server/sonar-webserver-webapi/src/it/java/org/sonar/server/user/ws/UpdateLoginActionIT.java @@ -27,12 +27,16 @@ import org.sonar.api.utils.System2; import org.sonar.db.DbTester; import org.sonar.db.user.UserDto; import org.sonar.server.es.EsTester; +import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; +import org.sonar.server.exceptions.UnauthorizedException; +import org.sonar.server.management.ManagedInstanceChecker; import org.sonar.server.tester.UserSessionRule; import org.sonar.server.user.NewUserNotifier; import org.sonar.server.user.UserUpdater; import org.sonar.server.user.index.UserIndexer; +import org.sonar.server.ws.TestRequest; import org.sonar.server.ws.TestResponse; import org.sonar.server.ws.WsActionTester; @@ -40,7 +44,10 @@ import static java.lang.String.format; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatThrownBy; import static org.assertj.core.api.Assertions.tuple; +import static org.mockito.Mockito.doThrow; import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.never; +import static org.mockito.Mockito.verify; public class UpdateLoginActionIT { @@ -53,8 +60,9 @@ public class UpdateLoginActionIT { @Rule public UserSessionRule userSession = UserSessionRule.standalone().logIn().setSystemAdministrator(); + private final ManagedInstanceChecker managedInstanceChecker = mock(ManagedInstanceChecker.class); private final WsActionTester ws = new WsActionTester(new UpdateLoginAction(db.getDbClient(), userSession, - new UserUpdater(mock(NewUserNotifier.class), db.getDbClient(), new UserIndexer(db.getDbClient(), es.client()), null, null, null, null))); + new UserUpdater(mock(NewUserNotifier.class), db.getDbClient(), new UserIndexer(db.getDbClient(), es.client()), null, null, null, null), managedInstanceChecker)); @Test public void update_login_from_sonarqube_account_when_user_is_local() { @@ -204,6 +212,29 @@ public class UpdateLoginActionIT { assertThat(response.getInput()).isEmpty(); } + @Test + public void handle_whenInstanceManaged_shouldThrowBadRequestException() { + BadRequestException badRequestException = BadRequestException.create("message"); + doThrow(badRequestException).when(managedInstanceChecker).throwIfInstanceIsManaged(); + + TestRequest request = ws.newRequest(); + + assertThatThrownBy(request::execute) + .isEqualTo(badRequestException); + } + + @Test + public void handle_whenInstanceManagedAndNotSystemAdministrator_shouldThrowUnauthorizedException() { + userSession.anonymous(); + + TestRequest request = ws.newRequest(); + + assertThatThrownBy(request::execute) + .isInstanceOf(UnauthorizedException.class) + .hasMessage("Authentication is required"); + verify(managedInstanceChecker, never()).throwIfInstanceIsManaged(); + } + @Test public void test_definition() { WebService.Action def = ws.getDef(); diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/user/ws/CreateAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/user/ws/CreateAction.java index 1cf8430695c..b84dc65d1d5 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/user/ws/CreateAction.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/user/ws/CreateAction.java @@ -31,6 +31,7 @@ import org.sonar.api.server.ws.WebService; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.user.UserDto; +import org.sonar.server.management.ManagedInstanceChecker; import org.sonar.server.user.ExternalIdentity; import org.sonar.server.user.NewUser; import org.sonar.server.user.UserSession; @@ -62,11 +63,13 @@ public class CreateAction implements UsersWsAction { private final DbClient dbClient; private final UserUpdater userUpdater; private final UserSession userSession; + private final ManagedInstanceChecker managedInstanceChecker; - public CreateAction(DbClient dbClient, UserUpdater userUpdater, UserSession userSession) { + public CreateAction(DbClient dbClient, UserUpdater userUpdater, UserSession userSession, ManagedInstanceChecker managedInstanceService) { this.dbClient = dbClient; this.userUpdater = userUpdater; this.userSession = userSession; + this.managedInstanceChecker = managedInstanceService; } @Override @@ -120,6 +123,7 @@ public class CreateAction implements UsersWsAction { @Override public void handle(Request request, Response response) throws Exception { userSession.checkLoggedIn().checkIsSystemAdministrator(); + managedInstanceChecker.throwIfInstanceIsManaged(); CreateRequest createRequest = toWsRequest(request); checkArgument(isValidIfPresent(createRequest.getEmail()), "Email '%s' is not valid", createRequest.getEmail()); writeProtobuf(doHandle(createRequest), request, response); diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/user/ws/DeactivateAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/user/ws/DeactivateAction.java index b12f2a64aec..51659894336 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/user/ws/DeactivateAction.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/user/ws/DeactivateAction.java @@ -29,6 +29,7 @@ import org.sonar.api.utils.text.JsonWriter; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.user.UserDto; +import org.sonar.server.management.ManagedInstanceChecker; import org.sonar.server.user.UserSession; import static java.util.Collections.singletonList; @@ -44,13 +45,15 @@ public class DeactivateAction implements UsersWsAction { private final UserSession userSession; private final UserJsonWriter userWriter; private final UserDeactivator userDeactivator; + private final ManagedInstanceChecker managedInstanceChecker; public DeactivateAction(DbClient dbClient, UserSession userSession, UserJsonWriter userWriter, - UserDeactivator userDeactivator) { + UserDeactivator userDeactivator, ManagedInstanceChecker managedInstanceChecker) { this.dbClient = dbClient; this.userSession = userSession; this.userWriter = userWriter; this.userDeactivator = userDeactivator; + this.managedInstanceChecker = managedInstanceChecker; } @Override @@ -78,12 +81,11 @@ public class DeactivateAction implements UsersWsAction { @Override public void handle(Request request, Response response) throws Exception { String login; - userSession.checkLoggedIn().checkIsSystemAdministrator(); login = request.mandatoryParam(PARAM_LOGIN); checkRequest(!login.equals(userSession.getLogin()), "Self-deactivation is not possible"); - try (DbSession dbSession = dbClient.openSession(false)) { + preventManagedUserDeactivationIfManagedInstance(dbSession, login); boolean shouldAnonymize = request.mandatoryParamAsBoolean(PARAM_ANONYMIZE); UserDto userDto = shouldAnonymize ? userDeactivator.deactivateUserWithAnonymization(dbSession, login) @@ -92,6 +94,13 @@ public class DeactivateAction implements UsersWsAction { } } + private void preventManagedUserDeactivationIfManagedInstance(DbSession dbSession, String login) { + UserDto userDto = dbClient.userDao().selectByLogin(dbSession, login); + if (userDto != null && !userDto.isLocal()) { + managedInstanceChecker.throwIfInstanceIsManaged(); + } + } + private void writeResponse(Response response, String login) { try (DbSession dbSession = dbClient.openSession(false)) { UserDto user = dbClient.userDao().selectByLogin(dbSession, login); diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/user/ws/UpdateAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/user/ws/UpdateAction.java index b50d53126e9..73af1722dc6 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/user/ws/UpdateAction.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/user/ws/UpdateAction.java @@ -34,6 +34,7 @@ import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.NotFoundException; +import org.sonar.server.management.ManagedInstanceChecker; import org.sonar.server.user.UpdateUser; import org.sonar.server.user.UserSession; import org.sonar.server.user.UserUpdater; @@ -62,12 +63,15 @@ public class UpdateAction implements UsersWsAction { private final UserSession userSession; private final UserJsonWriter userWriter; private final DbClient dbClient; + private final ManagedInstanceChecker managedInstanceChecker; - public UpdateAction(UserUpdater userUpdater, UserSession userSession, UserJsonWriter userWriter, DbClient dbClient) { + public UpdateAction(UserUpdater userUpdater, UserSession userSession, UserJsonWriter userWriter, DbClient dbClient, + ManagedInstanceChecker managedInstanceChecker) { this.userUpdater = userUpdater; this.userSession = userSession; this.userWriter = userWriter; this.dbClient = dbClient; + this.managedInstanceChecker = managedInstanceChecker; } @Override @@ -106,6 +110,7 @@ public class UpdateAction implements UsersWsAction { @Override public void handle(Request request, Response response) throws Exception { userSession.checkLoggedIn().checkIsSystemAdministrator(); + managedInstanceChecker.throwIfInstanceIsManaged(); UpdateRequest updateRequest = toWsRequest(request); checkArgument(isValidIfPresent(updateRequest.getEmail()), "Email '%s' is not valid", updateRequest.getEmail()); try (DbSession dbSession = dbClient.openSession(false)) { diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/user/ws/UpdateIdentityProviderAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/user/ws/UpdateIdentityProviderAction.java index 09e36ae8796..f38c851733b 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/user/ws/UpdateIdentityProviderAction.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/user/ws/UpdateIdentityProviderAction.java @@ -32,6 +32,7 @@ import org.sonar.db.DbSession; import org.sonar.db.user.UserDto; import org.sonar.server.authentication.IdentityProviderRepository; import org.sonar.server.exceptions.NotFoundException; +import org.sonar.server.management.ManagedInstanceChecker; import org.sonar.server.user.ExternalIdentity; import org.sonar.server.user.UpdateUser; import org.sonar.server.user.UserSession; @@ -52,15 +53,16 @@ public class UpdateIdentityProviderAction implements UsersWsAction { private final DbClient dbClient; private final IdentityProviderRepository identityProviderRepository; - private final UserUpdater userUpdater; private final UserSession userSession; + private final ManagedInstanceChecker managedInstanceChecker; - public UpdateIdentityProviderAction(DbClient dbClient, IdentityProviderRepository identityProviderRepository, UserUpdater userUpdater, UserSession userSession) { + public UpdateIdentityProviderAction(DbClient dbClient, IdentityProviderRepository identityProviderRepository, UserUpdater userUpdater, UserSession userSession, ManagedInstanceChecker managedInstanceChecker) { this.dbClient = dbClient; this.identityProviderRepository = identityProviderRepository; this.userUpdater = userUpdater; this.userSession = userSession; + this.managedInstanceChecker = managedInstanceChecker; } @Override @@ -98,6 +100,7 @@ public class UpdateIdentityProviderAction implements UsersWsAction { @Override public void handle(Request request, Response response) throws Exception { userSession.checkLoggedIn().checkIsSystemAdministrator(); + managedInstanceChecker.throwIfInstanceIsManaged(); UpdateIdentityProviderRequest wsRequest = toWsRequest(request); doHandle(wsRequest); response.noContent(); diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/user/ws/UpdateLoginAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/user/ws/UpdateLoginAction.java index f48e6fc30cb..570cdc8c4cd 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/user/ws/UpdateLoginAction.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/user/ws/UpdateLoginAction.java @@ -26,6 +26,7 @@ import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.NotFoundException; +import org.sonar.server.management.ManagedInstanceChecker; import org.sonar.server.user.UpdateUser; import org.sonar.server.user.UserSession; import org.sonar.server.user.UserUpdater; @@ -42,11 +43,14 @@ public class UpdateLoginAction implements UsersWsAction { private final DbClient dbClient; private final UserSession userSession; private final UserUpdater userUpdater; + private final ManagedInstanceChecker managedInstanceChecker; - public UpdateLoginAction(DbClient dbClient, UserSession userSession, UserUpdater userUpdater) { + public UpdateLoginAction(DbClient dbClient, UserSession userSession, UserUpdater userUpdater, + ManagedInstanceChecker managedInstanceChecker) { this.dbClient = dbClient; this.userSession = userSession; this.userUpdater = userUpdater; + this.managedInstanceChecker = managedInstanceChecker; } @Override @@ -74,6 +78,7 @@ public class UpdateLoginAction implements UsersWsAction { @Override public void handle(Request request, Response response) throws Exception { userSession.checkLoggedIn().checkIsSystemAdministrator(); + managedInstanceChecker.throwIfInstanceIsManaged(); String login = request.mandatoryParam(PARAM_LOGIN); String newLogin = request.mandatoryParam(PARAM_NEW_LOGIN); try (DbSession dbSession = dbClient.openSession(false)) { -- 2.39.5