SONAR-21559 Fix SSF-553

server/sonar-web/src/main/js/api/settings.ts

@@ -20,7 +20,7 @@
 import { omitBy } from 'lodash';
 import { isCategoryDefinition } from '../apps/settings/utils';
 import { throwGlobalError } from '../helpers/error';
-import { getJSON, post, RequestData } from '../helpers/request';
+import { getJSON, post, postJSON, RequestData } from '../helpers/request';
 import { BranchParameters } from '../types/branch-like';
 import {
   ExtendedSettingDefinition,
@@ -109,7 +109,7 @@ export function generateSecretKey(): Promise<{ secretKey: string }> {
 }
 
 export function encryptValue(value: string): Promise<{ encryptedValue: string }> {
-  return getJSON('/api/settings/encrypt', { value }).catch(throwGlobalError);
+  return postJSON('/api/settings/encrypt', { value }).catch(throwGlobalError);
 }
 
 export function getLoginMessage(): Promise<{ message: string }> {

server/sonar-webserver-webapi/src/main/java/org/sonar/server/setting/ws/EncryptAction.java

@@ -21,6 +21,7 @@ package org.sonar.server.setting.ws;
 
 import org.sonar.api.config.internal.Encryption;
 import org.sonar.api.config.internal.Settings;
+import org.sonar.api.server.ws.Change;
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.Response;
 import org.sonar.api.server.ws.WebService;
@@ -46,9 +47,11 @@ public class EncryptAction implements SettingsWsAction {
       .setDescription("Encrypt a setting value.<br>" +
         "Requires 'Administer System' permission.")
       .setSince("6.1")
+      .setPost(true)
       .setHandler(this)
       .setInternal(true)
-      .setResponseExample(getClass().getResource("encrypt-example.json"));
+      .setResponseExample(getClass().getResource("encrypt-example.json"))
+      .setChangelog(new Change("9.9.4", "Move from GET to POST."));
 
     action.createParam(PARAM_VALUE)
       .setRequired(true)

server/sonar-webserver-webapi/src/test/java/org/sonar/server/setting/ws/EncryptActionTest.java

@@ -76,7 +76,7 @@ public class EncryptActionTest {
     WebService.Action definition = ws.getDef();
 
     assertThat(definition.key()).isEqualTo("encrypt");
-    assertThat(definition.isPost()).isFalse();
+    assertThat(definition.isPost()).isTrue();
     assertThat(definition.isInternal()).isTrue();
     assertThat(definition.responseExampleAsString()).isNotEmpty();
     assertThat(definition.params()).hasSize(1);

sonar-ws/src/main/java/org/sonarqube/ws/client/settings/SettingsService.java

@@ -64,7 +64,7 @@ public class SettingsService extends BaseService {
    */
   public EncryptWsResponse encrypt(EncryptRequest request) {
     return call(
-      new GetRequest(path("encrypt"))
+      new PostRequest(path("encrypt"))
         .setParam("value", request.getValue()),
       EncryptWsResponse.parser());
   }