11 months ago · 7101b666dc
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/ProjectBadgesWs.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/ProjectBadgesWs.java
@@ -24,6 +24,8 @@ import org.sonar.api.server.ws.WebService;

 public class ProjectBadgesWs implements WebService {

  static final String PROJECT_OR_APP_NOT_FOUND = "Project or Application not found";

  private final List<ProjectBadgesWsAction> actions;

  public ProjectBadgesWs(List<ProjectBadgesWsAction> actions) {
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/TokenAction.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/TokenAction.java
@@ -20,6 +20,7 @@
 package org.sonar.server.badge.ws;

 import com.google.common.io.Resources;
 import org.sonar.api.server.ws.Change;
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.Response;
 import org.sonar.api.server.ws.WebService;
@@ -34,6 +35,8 @@ import org.sonar.server.user.UserSession;
 import org.sonar.server.usertoken.TokenGenerator;
 import org.sonarqube.ws.ProjectBadgeToken.TokenWsResponse;

 import static java.lang.String.format;
 import static org.sonar.server.badge.ws.ProjectBadgesWs.PROJECT_OR_APP_NOT_FOUND;
 import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001;
 import static org.sonar.server.ws.WsUtils.writeProtobuf;

@@ -55,9 +58,10 @@ public class TokenAction implements ProjectBadgesWsAction {
    NewAction action = controller.createAction("token")
      .setHandler(this)
      .setSince("9.2")
      .setDescription("Retrieve a token to use for project badge access for private projects.<br/>" +
      .setChangelog(new Change("9.9", format("Application key can be used for %s parameter.", PROJECT_KEY_PARAM)))
      .setDescription("Retrieve a token to use for project or application badge access for private projects or applications.<br/>" +
        "This token can be used to authenticate with api/project_badges/quality_gate and api/project_badges/measure endpoints.<br/>" +
        "Requires 'Browse' permission on the specified project.")
        "Requires 'Browse' permission on the specified project or application.")
      .setResponseExample(Resources.getResource(getClass(), "token-example.json"));
    action.createParam(PROJECT_KEY_PARAM)
      .setDescription("Project or application key")
@@ -75,7 +79,8 @@ public class TokenAction implements ProjectBadgesWsAction {
    try (DbSession dbSession = dbClient.openSession(false)) {
      String projectKey = request.mandatoryParam(PROJECT_KEY_PARAM);

      ProjectDto projectDto = dbClient.projectDao().selectProjectByKey(dbSession, projectKey).orElseThrow(() -> new IllegalArgumentException("project not found"));
      ProjectDto projectDto = dbClient.projectDao().selectProjectOrAppByKey(dbSession, projectKey)
        .orElseThrow(() -> new IllegalArgumentException(PROJECT_OR_APP_NOT_FOUND));
      userSession.checkProjectPermission(UserRole.USER, projectDto);
      ProjectBadgeTokenDto projectBadgeTokenDto = dbClient.projectBadgeTokenDao().selectTokenByProject(dbSession, projectDto);

--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/TokenRenewAction.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/TokenRenewAction.java
@@ -19,6 +19,7 @@
 */
 package org.sonar.server.badge.ws;

 import org.sonar.api.server.ws.Change;
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.Response;
 import org.sonar.api.server.ws.WebService;
@@ -31,6 +32,8 @@ import org.sonar.db.user.TokenType;
 import org.sonar.server.user.UserSession;
 import org.sonar.server.usertoken.TokenGenerator;

 import static java.lang.String.format;
 import static org.sonar.server.badge.ws.ProjectBadgesWs.PROJECT_OR_APP_NOT_FOUND;
 import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001;

 public class TokenRenewAction implements ProjectBadgesWsAction {
@@ -52,11 +55,13 @@ public class TokenRenewAction implements ProjectBadgesWsAction {
      .setHandler(this)
      .setSince("9.2")
      .setPost(true)
      .setDescription("Creates new token replacing any existing token for project badge access for private projects.<br/>" +
      .setChangelog(new Change("9.9", format("Application key can be used for %s parameter.", PROJECT_KEY_PARAM)))
      .setDescription("Creates new token replacing any existing token for project or application badge access for private projects and " +
        "applications.<br/>" +
        "This token can be used to authenticate with api/project_badges/quality_gate and api/project_badges/measure endpoints.<br/>" +
        "Requires 'Administer' permission on the specified project.");
        "Requires 'Administer' permission on the specified project or application.");
    action.createParam(PROJECT_KEY_PARAM)
      .setDescription("Project key")
      .setDescription("Project or application key")
      .setRequired(true)
      .setExampleValue(KEY_PROJECT_EXAMPLE_001);
  }
@@ -71,7 +76,8 @@ public class TokenRenewAction implements ProjectBadgesWsAction {
    try (DbSession dbSession = dbClient.openSession(false)) {
      String projectKey = request.mandatoryParam(PROJECT_KEY_PARAM);

      ProjectDto projectDto = dbClient.projectDao().selectProjectByKey(dbSession, projectKey).orElseThrow(() -> new IllegalArgumentException("project not found"));
      ProjectDto projectDto = dbClient.projectDao().selectProjectOrAppByKey(dbSession, projectKey)
        .orElseThrow(() -> new IllegalArgumentException(PROJECT_OR_APP_NOT_FOUND));
      userSession.checkProjectPermission(UserRole.ADMIN, projectDto);
      String newGeneratedToken = tokenGenerator.generate(TokenType.PROJECT_BADGE_TOKEN);
      dbClient.projectBadgeTokenDao().upsert(dbSession, newGeneratedToken, projectDto, userSession.getUuid(), userSession.getLogin());
--- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/TokenActionTest.java
+++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/TokenActionTest.java
@@ -81,6 +81,18 @@ public class TokenActionTest {
    response.assertJson("{\"token\":\"generated_token\"}");
  }

  @Test
  public void handle_whenApplicationKeyPassed_shouldReturnToken() {
    ComponentDto application = db.components().insertPrivateApplication();
    userSession.logIn().addProjectPermission(UserRole.USER, application);
    when(tokenGenerator.generate(TokenType.PROJECT_BADGE_TOKEN)).thenReturn("generated_token");

    TestResponse response = ws.newRequest().setParam("project", application.getKey()).execute();

    response.assertJson("{\"token\":\"generated_token\"}");
  }


  @Test
  public void should_reuse_generated_token() {
    ComponentDto project = db.components().insertPrivateProject();
--- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/TokenRenewActionTest.java
+++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/TokenRenewActionTest.java
@@ -97,6 +97,20 @@ public class TokenRenewActionTest {
    response.assertNoContent();
  }

  @Test
  public void handle_whenApplicationKeyPassed_shouldAddTokenAndReturn204() {
    ProjectDto application = db.components().insertPrivateApplicationDto();
    userSession.logIn().addProjectPermission(UserRole.ADMIN, application);
    when(tokenGenerator.generate(TokenType.PROJECT_BADGE_TOKEN)).thenReturn("generated_token");

    TestResponse response = ws.newRequest().setParam("project", application.getKey()).execute();

    ProjectBadgeTokenDto projectBadgeTokenDto = db.getDbClient().projectBadgeTokenDao().selectTokenByProject(db.getSession(), application);
    assertThat(projectBadgeTokenDto).isNotNull();
    assertThat(projectBadgeTokenDto.getToken()).isEqualTo("generated_token");
    response.assertNoContent();
  }

  @Test
  public void should_replace_existing_token_when__token_already_present_and_update_update_at() {
    ProjectDto project = db.components().insertPrivateProjectDto();