mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
Browse Source

SONAR-21878 Fix SSF-568

tags/10.5.0.89998
Antoine Vigneau 1 month ago
parent
f798f44194
commit
1132d4e2e6
5 changed files with 43 additions and 12 deletions
Split View Show Diff Stats
  1. 6
    5
      server/sonar-web/src/main/js/apps/settings/components/almIntegration/BitbucketServerForm.tsx
  2. 21
    2
      server/sonar-webserver-webapi/src/it/java/org/sonar/server/almsettings/ws/UpdateBitbucketActionIT.java
  3. 10
    2
      server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/AlmSettingsSupport.java
  4. 3
    1
      server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/UpdateBitbucketAction.java
  5. 3
    2
      sonar-core/src/main/resources/org/sonar/l10n/core.properties

+ 6
- 5
server/sonar-web/src/main/js/apps/settings/components/almIntegration/BitbucketServerForm.tsx View File

@@ -47,11 +47,12 @@ export default function BitbucketServerForm(props: BitbucketServerFormProps) {
/>
<AlmBindingDefinitionFormField
help={
<FormattedMessage
defaultMessage={translate('settings.almintegration.form.url.bitbucket.help')}
id="settings.almintegration.form.url.bitbucket.help"
values={{ example: 'https://bitbucket-server.your-company.com' }}
/>
<>
{translate('settings.almintegration.form.url.bitbucket.help')}
<br />
<br />
{translate('settings.almintegration.form.url.bitbucket.pat_warning')}
</>
}
id="url.bitbucket"
maxLength={2000}

+ 21
- 2
server/sonar-webserver-webapi/src/it/java/org/sonar/server/almsettings/ws/UpdateBitbucketActionIT.java View File

@@ -31,6 +31,7 @@ import org.sonar.server.component.ComponentFinder;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.tester.UserSessionRule;
import org.sonar.server.ws.TestRequest;
import org.sonar.server.ws.WsActionTester;

import static java.lang.String.format;
@@ -88,7 +89,23 @@ public class UpdateBitbucketActionIT {
}

@Test
public void update_without_pat() {
public void fail_when_url_updated_without_pat() {
UserDto user = db.users().insertUser();
userSession.logIn(user).setSystemAdministrator();

AlmSettingDto almSettingDto = db.almSettings().insertBitbucketAlmSetting();

TestRequest request = ws.newRequest()
.setParam("key", almSettingDto.getKey())
.setParam("url", "https://bitbucket.enterprise-unicorn.com");

assertThatThrownBy(() -> request.execute())
.isInstanceOf(IllegalArgumentException.class)
.hasMessage("Please provide the Personal Access Token to update the URL.");
}

@Test
public void update_with_url_change_needs_path() {
UserDto user = db.users().insertUser();
userSession.logIn(user).setSystemAdministrator();

@@ -97,10 +114,12 @@ public class UpdateBitbucketActionIT {
ws.newRequest()
.setParam("key", almSettingDto.getKey())
.setParam("url", "https://bitbucket.enterprise-unicorn.com")
.setParam("personalAccessToken", "0123456789")
.execute();

assertThat(db.getDbClient().almSettingDao().selectAll(db.getSession()))
.extracting(AlmSettingDto::getKey, AlmSettingDto::getUrl, s -> s.getDecryptedPersonalAccessToken(encryption))
.containsOnly(tuple(almSettingDto.getKey(), "https://bitbucket.enterprise-unicorn.com", almSettingDto.getDecryptedPersonalAccessToken(encryption)));
.containsOnly(tuple(almSettingDto.getKey(), "https://bitbucket.enterprise-unicorn.com", "0123456789"));
}

@Test

+ 10
- 2
server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/AlmSettingsSupport.java View File

@@ -113,8 +113,16 @@ public class AlmSettingsSupport {
}

public void checkPrivateKeyOnUrlUpdate(AlmSettingDto almSettingDto, String url, @Nullable String privateKey) {
if (!url.equals(almSettingDto.getUrl()) && isEmpty(privateKey)) {
throw new IllegalArgumentException("Please provide the Private Key to update the URL.");
checkCredentialArtifactOnUrlUpdate(url, almSettingDto, privateKey, "Please provide the Private Key to update the URL.");
}

public void checkPatOnUrlUpdate(AlmSettingDto almSettingDto, String url, @Nullable String pat) {
checkCredentialArtifactOnUrlUpdate(url, almSettingDto, pat, "Please provide the Personal Access Token to update the URL.");
}

private static void checkCredentialArtifactOnUrlUpdate(String url, AlmSettingDto almSettingDto, @Nullable String credentialArtifact, String errorMessage) {
if (!url.equals(almSettingDto.getUrl()) && isEmpty(credentialArtifact)) {
throw new IllegalArgumentException(errorMessage);
}
}
}

+ 3
- 1
server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/UpdateBitbucketAction.java View File

@@ -85,7 +85,6 @@ public class UpdateBitbucketAction implements AlmSettingsWsAction {
private void doHandle(Request request) {
String key = request.mandatoryParam(PARAM_KEY);
String newKey = request.param(PARAM_NEW_KEY);
String url = request.mandatoryParam(PARAM_URL);
String pat = request.param(PARAM_PERSONAL_ACCESS_TOKEN);

try (DbSession dbSession = dbClient.openSession(false)) {
@@ -94,6 +93,9 @@ public class UpdateBitbucketAction implements AlmSettingsWsAction {
almSettingsSupport.checkAlmSettingDoesNotAlreadyExist(dbSession, newKey);
}

String url = request.mandatoryParam(PARAM_URL);
almSettingsSupport.checkPatOnUrlUpdate(almSettingDto, url, pat);

if (isNotBlank(pat)) {
almSettingDto.setPersonalAccessToken(pat);
}

+ 3
- 2
sonar-core/src/main/resources/org/sonar/l10n/core.properties View File

@@ -1456,11 +1456,12 @@ settings.almintegration.form.url.azure=Azure DevOps URL
settings.almintegration.form.url.azure.help1=For Azure DevOps Server, provide the full collection URL:
settings.almintegration.form.url.azure.help2=For Azure DevOps Services, provide the full organization URL:
settings.almintegration.form.url.bitbucket=Bitbucket Server URL
settings.almintegration.form.url.bitbucket.help=Example: {example}
settings.almintegration.form.url.bitbucket.help=Example: https://bitbucket-server.your-company.com
settings.almintegration.form.url.bitbucket.pat_warning=For security reasons, please make sure to provide the Personal Access Token to update the URL.
settings.almintegration.form.url.github=GitHub API URL
settings.almintegration.form.url.github.help1=Example for GitHub Enterprise:
settings.almintegration.form.url.github.help2=If using GitHub.com:
settings.almintegration.form.url.github.private_key_warning=Please make sure to provide the GitHub App private key for updating the URL.
settings.almintegration.form.url.github.private_key_warning=For security reasons, please make sure to provide the GitHub App private key to update the URL.
settings.almintegration.form.url.gitlab=GitLab API URL
settings.almintegration.form.url.gitlab.help=Provide the GitLab API URL. For example:
settings.almintegration.form.app_id=GitHub App ID

Write Preview
Loading…
Cancel
Save