@@ -24,6 +24,8 @@ import org.sonar.api.server.ws.WebService; | |||
public class ProjectBadgesWs implements WebService { | |||
static final String PROJECT_OR_APP_NOT_FOUND = "Project or Application not found"; | |||
private final List<ProjectBadgesWsAction> actions; | |||
public ProjectBadgesWs(List<ProjectBadgesWsAction> actions) { |
@@ -20,6 +20,7 @@ | |||
package org.sonar.server.badge.ws; | |||
import com.google.common.io.Resources; | |||
import org.sonar.api.server.ws.Change; | |||
import org.sonar.api.server.ws.Request; | |||
import org.sonar.api.server.ws.Response; | |||
import org.sonar.api.server.ws.WebService; | |||
@@ -34,6 +35,8 @@ import org.sonar.server.user.UserSession; | |||
import org.sonar.server.usertoken.TokenGenerator; | |||
import org.sonarqube.ws.ProjectBadgeToken.TokenWsResponse; | |||
import static java.lang.String.format; | |||
import static org.sonar.server.badge.ws.ProjectBadgesWs.PROJECT_OR_APP_NOT_FOUND; | |||
import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001; | |||
import static org.sonar.server.ws.WsUtils.writeProtobuf; | |||
@@ -55,9 +58,10 @@ public class TokenAction implements ProjectBadgesWsAction { | |||
NewAction action = controller.createAction("token") | |||
.setHandler(this) | |||
.setSince("9.2") | |||
.setDescription("Retrieve a token to use for project badge access for private projects.<br/>" + | |||
.setChangelog(new Change("9.9", format("Application key can be used for %s parameter.", PROJECT_KEY_PARAM))) | |||
.setDescription("Retrieve a token to use for project or application badge access for private projects or applications.<br/>" + | |||
"This token can be used to authenticate with api/project_badges/quality_gate and api/project_badges/measure endpoints.<br/>" + | |||
"Requires 'Browse' permission on the specified project.") | |||
"Requires 'Browse' permission on the specified project or application.") | |||
.setResponseExample(Resources.getResource(getClass(), "token-example.json")); | |||
action.createParam(PROJECT_KEY_PARAM) | |||
.setDescription("Project or application key") | |||
@@ -75,7 +79,8 @@ public class TokenAction implements ProjectBadgesWsAction { | |||
try (DbSession dbSession = dbClient.openSession(false)) { | |||
String projectKey = request.mandatoryParam(PROJECT_KEY_PARAM); | |||
ProjectDto projectDto = dbClient.projectDao().selectProjectByKey(dbSession, projectKey).orElseThrow(() -> new IllegalArgumentException("project not found")); | |||
ProjectDto projectDto = dbClient.projectDao().selectProjectOrAppByKey(dbSession, projectKey) | |||
.orElseThrow(() -> new IllegalArgumentException(PROJECT_OR_APP_NOT_FOUND)); | |||
userSession.checkProjectPermission(UserRole.USER, projectDto); | |||
ProjectBadgeTokenDto projectBadgeTokenDto = dbClient.projectBadgeTokenDao().selectTokenByProject(dbSession, projectDto); | |||
@@ -19,6 +19,7 @@ | |||
*/ | |||
package org.sonar.server.badge.ws; | |||
import org.sonar.api.server.ws.Change; | |||
import org.sonar.api.server.ws.Request; | |||
import org.sonar.api.server.ws.Response; | |||
import org.sonar.api.server.ws.WebService; | |||
@@ -31,6 +32,8 @@ import org.sonar.db.user.TokenType; | |||
import org.sonar.server.user.UserSession; | |||
import org.sonar.server.usertoken.TokenGenerator; | |||
import static java.lang.String.format; | |||
import static org.sonar.server.badge.ws.ProjectBadgesWs.PROJECT_OR_APP_NOT_FOUND; | |||
import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001; | |||
public class TokenRenewAction implements ProjectBadgesWsAction { | |||
@@ -52,11 +55,13 @@ public class TokenRenewAction implements ProjectBadgesWsAction { | |||
.setHandler(this) | |||
.setSince("9.2") | |||
.setPost(true) | |||
.setDescription("Creates new token replacing any existing token for project badge access for private projects.<br/>" + | |||
.setChangelog(new Change("9.9", format("Application key can be used for %s parameter.", PROJECT_KEY_PARAM))) | |||
.setDescription("Creates new token replacing any existing token for project or application badge access for private projects and " + | |||
"applications.<br/>" + | |||
"This token can be used to authenticate with api/project_badges/quality_gate and api/project_badges/measure endpoints.<br/>" + | |||
"Requires 'Administer' permission on the specified project."); | |||
"Requires 'Administer' permission on the specified project or application."); | |||
action.createParam(PROJECT_KEY_PARAM) | |||
.setDescription("Project key") | |||
.setDescription("Project or application key") | |||
.setRequired(true) | |||
.setExampleValue(KEY_PROJECT_EXAMPLE_001); | |||
} | |||
@@ -71,7 +76,8 @@ public class TokenRenewAction implements ProjectBadgesWsAction { | |||
try (DbSession dbSession = dbClient.openSession(false)) { | |||
String projectKey = request.mandatoryParam(PROJECT_KEY_PARAM); | |||
ProjectDto projectDto = dbClient.projectDao().selectProjectByKey(dbSession, projectKey).orElseThrow(() -> new IllegalArgumentException("project not found")); | |||
ProjectDto projectDto = dbClient.projectDao().selectProjectOrAppByKey(dbSession, projectKey) | |||
.orElseThrow(() -> new IllegalArgumentException(PROJECT_OR_APP_NOT_FOUND)); | |||
userSession.checkProjectPermission(UserRole.ADMIN, projectDto); | |||
String newGeneratedToken = tokenGenerator.generate(TokenType.PROJECT_BADGE_TOKEN); | |||
dbClient.projectBadgeTokenDao().upsert(dbSession, newGeneratedToken, projectDto, userSession.getUuid(), userSession.getLogin()); |
@@ -81,6 +81,18 @@ public class TokenActionTest { | |||
response.assertJson("{\"token\":\"generated_token\"}"); | |||
} | |||
@Test | |||
public void handle_whenApplicationKeyPassed_shouldReturnToken() { | |||
ComponentDto application = db.components().insertPrivateApplication(); | |||
userSession.logIn().addProjectPermission(UserRole.USER, application); | |||
when(tokenGenerator.generate(TokenType.PROJECT_BADGE_TOKEN)).thenReturn("generated_token"); | |||
TestResponse response = ws.newRequest().setParam("project", application.getKey()).execute(); | |||
response.assertJson("{\"token\":\"generated_token\"}"); | |||
} | |||
@Test | |||
public void should_reuse_generated_token() { | |||
ComponentDto project = db.components().insertPrivateProject(); |
@@ -97,6 +97,20 @@ public class TokenRenewActionTest { | |||
response.assertNoContent(); | |||
} | |||
@Test | |||
public void handle_whenApplicationKeyPassed_shouldAddTokenAndReturn204() { | |||
ProjectDto application = db.components().insertPrivateApplicationDto(); | |||
userSession.logIn().addProjectPermission(UserRole.ADMIN, application); | |||
when(tokenGenerator.generate(TokenType.PROJECT_BADGE_TOKEN)).thenReturn("generated_token"); | |||
TestResponse response = ws.newRequest().setParam("project", application.getKey()).execute(); | |||
ProjectBadgeTokenDto projectBadgeTokenDto = db.getDbClient().projectBadgeTokenDao().selectTokenByProject(db.getSession(), application); | |||
assertThat(projectBadgeTokenDto).isNotNull(); | |||
assertThat(projectBadgeTokenDto.getToken()).isEqualTo("generated_token"); | |||
response.assertNoContent(); | |||
} | |||
@Test | |||
public void should_replace_existing_token_when__token_already_present_and_update_update_at() { | |||
ProjectDto project = db.components().insertPrivateProjectDto(); |