mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
Browse Source

SONAR-8716 fix check of permissions in EncryptAction

tags/6.3-RC1
Simon Brandhof 7 years ago
parent
215764c9a0
commit
316982d6c9
2 changed files with 40 additions and 21 deletions
Split View Show Diff Stats
  1. 1
    2
      server/sonar-server/src/main/java/org/sonar/server/setting/ws/EncryptAction.java
  2. 39
    19
      server/sonar-server/src/test/java/org/sonar/server/setting/ws/EncryptActionTest.java

+ 1
- 2
server/sonar-server/src/main/java/org/sonar/server/setting/ws/EncryptAction.java View File

@@ -28,7 +28,6 @@ import org.sonar.api.server.ws.WebService;
import org.sonar.server.user.UserSession;
import org.sonarqube.ws.Settings.EncryptWsResponse;

import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.server.ws.WsUtils.checkRequest;
import static org.sonar.server.ws.WsUtils.writeProtobuf;
import static org.sonarqube.ws.client.setting.SettingsWsParameters.PARAM_VALUE;
@@ -60,7 +59,7 @@ public class EncryptAction implements SettingsWsAction {

@Override
public void handle(Request request, Response response) throws Exception {
userSession.checkPermission(SYSTEM_ADMIN);
userSession.checkLoggedIn().checkIsRoot();

String value = request.mandatoryParam(PARAM_VALUE);
checkRequest(!value.isEmpty(), "Parameter '%s' must not be empty", PARAM_VALUE);

+ 39
- 19
server/sonar-server/src/test/java/org/sonar/server/setting/ws/EncryptActionTest.java View File

@@ -36,6 +36,7 @@ import org.sonar.api.config.Settings;
import org.sonar.api.server.ws.WebService;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.tester.UserSessionRule;
import org.sonar.server.ws.TestRequest;
import org.sonar.server.ws.WsActionTester;
@@ -43,8 +44,6 @@ import org.sonarqube.ws.MediaTypes;
import org.sonarqube.ws.Settings.EncryptWsResponse;

import static org.assertj.core.api.Assertions.assertThat;
import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.test.JsonAssert.assertJson;
import static org.sonarqube.ws.client.setting.SettingsWsParameters.PARAM_VALUE;

@@ -52,31 +51,29 @@ public class EncryptActionTest {
@Rule
public ExpectedException expectedException = ExpectedException.none();
@Rule
public UserSessionRule userSession = UserSessionRule.standalone().setGlobalPermissions(SYSTEM_ADMIN);
public UserSessionRule userSession = UserSessionRule.standalone();
@Rule
public TemporaryFolder folder = new TemporaryFolder();

Settings settings = new MapSettings();
Encryption encryption = settings.getEncryption();

EncryptAction underTest = new EncryptAction(userSession, settings);

WsActionTester ws = new WsActionTester(underTest);
private Settings settings = new MapSettings();
private Encryption encryption = settings.getEncryption();
private EncryptAction underTest = new EncryptAction(userSession, settings);
private WsActionTester ws = new WsActionTester(underTest);

@Before
public void setUp_secret_key() {
try {
File secretKeyFile = folder.newFile();
FileUtils.writeStringToFile(secretKeyFile, "fCVFf/JHRi8Qwu5KLNva7g==");
public void setUpSecretKey() throws Exception {
logInAsRoot();

encryption.setPathToSecretKey(secretKeyFile.getAbsolutePath());
} catch (IOException e) {
Throwables.propagate(e);
}
File secretKeyFile = folder.newFile();
FileUtils.writeStringToFile(secretKeyFile, "fCVFf/JHRi8Qwu5KLNva7g==");
encryption.setPathToSecretKey(secretKeyFile.getAbsolutePath());
}

@Test
public void json_example() {
logInAsRoot();

String result = ws.newRequest().setParam("value", "my value").execute().getInput();

assertJson(result).isSimilarTo(ws.getDef().responseExampleAsString());
@@ -84,6 +81,8 @@ public class EncryptActionTest {

@Test
public void encrypt() {
logInAsRoot();

EncryptWsResponse result = call("my value!");

assertThat(result.getEncryptedValue()).isEqualTo("{aes}NoofntibpMBdhkMfXQxYcA==");
@@ -101,16 +100,29 @@ public class EncryptActionTest {
}

@Test
public void fail_if_insufficient_permissions() {
public void throw_ForbiddenException_if_not_root() throws Exception {
userSession.login().setNonRoot();

expectedException.expect(ForbiddenException.class);
expectedException.expectMessage("Insufficient privileges");

userSession.anonymous().setGlobalPermissions(QUALITY_PROFILE_ADMIN);
call("my value");
}

@Test
public void throw_UnauthorizedException_if_not_logged_in() throws Exception {
userSession.anonymous();

expectedException.expect(UnauthorizedException.class);
expectedException.expectMessage("Authentication is required");

call("my value");
}

@Test
public void fail_if_value_is_not_provided() {
logInAsRoot();

expectedException.expect(IllegalArgumentException.class);

call(null);
@@ -118,6 +130,8 @@ public class EncryptActionTest {

@Test
public void fail_if_value_is_empty() {
logInAsRoot();

expectedException.expect(BadRequestException.class);
expectedException.expectMessage("Parameter 'value' must not be empty");

@@ -126,6 +140,8 @@ public class EncryptActionTest {

@Test
public void fail_if_no_secret_key_available() {
logInAsRoot();

encryption.setPathToSecretKey("unknown/path/to/secret/key");

expectedException.expect(BadRequestException.class);
@@ -149,4 +165,8 @@ public class EncryptActionTest {
throw Throwables.propagate(e);
}
}

private void logInAsRoot() {
userSession.login().setRoot();
}
}

Write Preview
Loading…
Cancel
Save