mirrors
/
sonarqube
дзеркало https://github.com/SonarSource/sonarqube.git
Слідкувати 1
В обрані 0
Форк 0
Код Проблеми 0 Релізи 237 Вікі Активність
Переглянути джерело

SONAR-15978 Require auth for api/system/upgrades

tags/9.4.0.54424
Pierre 2 роки тому
джерело
cd54028b99
коміт
3e5016de49
2 змінених файлів з 28 додано та 3 видалено
Розділений перегляд Показати статистику Diff
  1. 7
    1
      server/sonar-webserver-webapi/src/main/java/org/sonar/server/platform/ws/UpgradesAction.java
  2. 21
    2
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/platform/ws/UpgradesActionTest.java

+ 7
- 1
server/sonar-webserver-webapi/src/main/java/org/sonar/server/platform/ws/UpgradesAction.java Переглянути файл

@@ -22,12 +22,14 @@ package org.sonar.server.platform.ws;
import com.google.common.io.Resources;
import java.util.List;
import java.util.Optional;
import org.sonar.api.server.ws.Change;
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.utils.text.JsonWriter;
import org.sonar.server.plugins.UpdateCenterMatrixFactory;
import org.sonar.server.ui.VersionFormatter;
import org.sonar.server.user.UserSession;
import org.sonar.updatecenter.common.Plugin;
import org.sonar.updatecenter.common.Release;
import org.sonar.updatecenter.common.SonarUpdate;
@@ -70,9 +72,11 @@ public class UpgradesAction implements SystemWsAction {
private static final String PROPERTY_TERMS_AND_CONDITIONS_URL = "termsAndConditionsUrl";

private final UpdateCenterMatrixFactory updateCenterFactory;
private final UserSession userSession;

public UpgradesAction(UpdateCenterMatrixFactory updateCenterFactory) {
public UpgradesAction(UpdateCenterMatrixFactory updateCenterFactory, UserSession userSession) {
this.updateCenterFactory = updateCenterFactory;
this.userSession = userSession;
}

private static void writeMetadata(JsonWriter jsonWriter, Release release) {
@@ -95,12 +99,14 @@ public class UpgradesAction implements SystemWsAction {
"Plugin information is retrieved from Update Center. Date and time at which Update Center was last refreshed " +
"is provided in the response.")
.setSince("5.2")
.setChangelog(new Change("9.4", "required authentication"))
.setHandler(this)
.setResponseExample(Resources.getResource(this.getClass(), "example-upgrades_plugins.json"));
}

@Override
public void handle(Request request, Response response) throws Exception {
userSession.checkLoggedIn();
try (JsonWriter jsonWriter = response.newJsonWriter()) {
jsonWriter.setSerializeEmptys(false);
writeResponse(jsonWriter);

+ 21
- 2
server/sonar-webserver-webapi/src/test/java/org/sonar/server/platform/ws/UpgradesActionTest.java Переглянути файл

@@ -20,11 +20,16 @@
package org.sonar.server.platform.ws;

import java.util.Optional;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.utils.DateUtils;
import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.plugins.UpdateCenterMatrixFactory;
import org.sonar.server.tester.UserSessionRule;
import org.sonar.server.ws.TestRequest;
import org.sonar.server.ws.TestResponse;
import org.sonar.server.ws.WsActionTester;
import org.sonar.updatecenter.common.Plugin;
@@ -42,6 +47,9 @@ import static org.mockito.Mockito.when;
import static org.sonar.test.JsonAssert.assertJson;

public class UpgradesActionTest {
@Rule
public UserSessionRule userSessionRule = UserSessionRule.standalone();

private static final String JSON_EMPTY_UPGRADE_LIST = "{" +
" \"upgrades\":" + "[]" +
"}";
@@ -49,7 +57,7 @@ public class UpgradesActionTest {
private UpdateCenterMatrixFactory updateCenterFactory = mock(UpdateCenterMatrixFactory.class);
private UpdateCenter updateCenter = mock(UpdateCenter.class);
private Sonar sonar = mock(Sonar.class);
private UpgradesAction underTest = new UpgradesAction(updateCenterFactory);
private UpgradesAction underTest = new UpgradesAction(updateCenterFactory, userSessionRule);

private WsActionTester tester = new WsActionTester(underTest);

@@ -103,12 +111,21 @@ public class UpgradesActionTest {
assertThat(def.isPost()).isFalse();
assertThat(def.description()).isNotEmpty();
assertThat(def.responseExample()).isNotNull();
assertThat(def.changelog()).isNotEmpty();
assertThat(def.params()).isEmpty();
}

@Test
public void require_authentication() {
TestRequest testRequest = tester.newRequest();
Assertions.assertThatThrownBy(testRequest::execute)
.hasMessage("Authentication is required")
.isInstanceOf(UnauthorizedException.class);
}

@Test
public void empty_array_is_returned_when_there_is_no_upgrade_available() {
userSessionRule.logIn();
TestResponse response = tester.newRequest().execute();

assertJson(response.getInput()).withStrictArrayOrder().isSimilarTo(JSON_EMPTY_UPGRADE_LIST);
@@ -116,6 +133,7 @@ public class UpgradesActionTest {

@Test
public void empty_array_is_returned_when_update_center_is_unavailable() {
userSessionRule.logIn();
when(updateCenterFactory.getUpdateCenter(anyBoolean())).thenReturn(Optional.empty());

TestResponse response = tester.newRequest().execute();
@@ -125,6 +143,7 @@ public class UpgradesActionTest {

@Test
public void verify_JSON_response_against_example() {
userSessionRule.logIn();
SonarUpdate sonarUpdate = createSonar_51_update();
when(sonar.getLtsRelease()).thenReturn(new Release(sonar, Version.create("8.9.2")));
when(updateCenter.findSonarUpdates()).thenReturn(of(sonarUpdate));

Писати Попередній перегляд
Завантаження…
Відмінити
Зберегти