7 years ago · 215764c9a0
--- a/server/sonar-server/src/main/java/org/sonar/server/setting/ws/CheckSecretKeyAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/setting/ws/CheckSecretKeyAction.java
@@ -27,7 +27,6 @@ import org.sonar.api.server.ws.WebService;
 import org.sonar.server.user.UserSession;
 import org.sonarqube.ws.Settings.CheckSecretKeyWsResponse;

 import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
 import static org.sonar.server.ws.WsUtils.writeProtobuf;

 public class CheckSecretKeyAction implements SettingsWsAction {
@@ -52,7 +51,7 @@ public class CheckSecretKeyAction implements SettingsWsAction {

  @Override
  public void handle(Request request, Response response) throws Exception {
    userSession.checkPermission(SYSTEM_ADMIN);
    userSession.checkLoggedIn().checkIsRoot();

    writeProtobuf(CheckSecretKeyWsResponse.newBuilder().setSecretKeyAvailable(settings.getEncryption().hasSecretKey()).build(), request, response);
  }
--- a/server/sonar-server/src/test/java/org/sonar/server/setting/ws/CheckSecretKeyActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/setting/ws/CheckSecretKeyActionTest.java
@@ -33,6 +33,7 @@ import org.sonar.api.config.MapSettings;
 import org.sonar.api.config.Settings;
 import org.sonar.api.server.ws.WebService;
 import org.sonar.server.exceptions.ForbiddenException;
 import org.sonar.server.exceptions.UnauthorizedException;
 import org.sonar.server.tester.UserSessionRule;
 import org.sonar.server.ws.TestRequest;
 import org.sonar.server.ws.WsActionTester;
@@ -40,27 +41,25 @@ import org.sonarqube.ws.MediaTypes;
 import org.sonarqube.ws.Settings.CheckSecretKeyWsResponse;

 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN;
 import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
 import static org.sonar.test.JsonAssert.assertJson;

 public class CheckSecretKeyActionTest {
  @Rule
  public ExpectedException expectedException = ExpectedException.none();
  @Rule
  public UserSessionRule userSession = UserSessionRule.standalone().setGlobalPermissions(SYSTEM_ADMIN);
  public UserSessionRule userSession = UserSessionRule.standalone();
  @Rule
  public TemporaryFolder temporaryFolder = new TemporaryFolder();

  Settings settings = new MapSettings();
  Encryption encryption = settings.getEncryption();

  CheckSecretKeyAction underTest = new CheckSecretKeyAction(settings, userSession);

  WsActionTester ws = new WsActionTester(underTest);
  private Settings settings = new MapSettings();
  private Encryption encryption = settings.getEncryption();
  private CheckSecretKeyAction underTest = new CheckSecretKeyAction(settings, userSession);
  private WsActionTester ws = new WsActionTester(underTest);

  @Test
  public void json_example() throws IOException {
    logInAsRoot();

    File secretKeyFile = temporaryFolder.newFile();
    FileUtils.writeStringToFile(secretKeyFile, "fCVFf/JHRi8Qwu5KLNva7g==");
    encryption.setPathToSecretKey(secretKeyFile.getAbsolutePath());
@@ -72,6 +71,8 @@ public class CheckSecretKeyActionTest {

  @Test
  public void false_when_no_secret_key() {
    logInAsRoot();

    encryption.setPathToSecretKey("unknown/path/to_secret_key.txt");

    CheckSecretKeyWsResponse result = call();
@@ -92,10 +93,21 @@ public class CheckSecretKeyActionTest {
  }

  @Test
  public void fail_if_insufficient_permissions() {
    expectedException.expect(ForbiddenException.class);
  public void throw_UnauthorizedException_if_not_logged_in() {
    userSession.anonymous();

    userSession.anonymous().setGlobalPermissions(QUALITY_PROFILE_ADMIN);
    expectedException.expect(UnauthorizedException.class);
    expectedException.expectMessage("Authentication is required");

    call();
  }

  @Test
  public void throw_ForbiddenException_if_not_root() {
    userSession.login();

    expectedException.expect(ForbiddenException.class);
    expectedException.expectMessage("Insufficient privileges");

    call();
  }
@@ -112,4 +124,7 @@ public class CheckSecretKeyActionTest {
    }
  }

  private void logInAsRoot() {
    userSession.login().setRoot();
  }
 }