@@ -33,8 +33,8 @@ public class GitLabSettings { | |||
static final String GITLAB_AUTH_ENABLED = "sonar.auth.gitlab.enabled"; | |||
static final String GITLAB_AUTH_URL = "sonar.auth.gitlab.url"; | |||
static final String GITLAB_AUTH_APPLICATION_ID = "sonar.auth.gitlab.applicationId"; | |||
static final String GITLAB_AUTH_SECRET = "sonar.auth.gitlab.secret"; | |||
static final String GITLAB_AUTH_APPLICATION_ID = "sonar.auth.gitlab.applicationId.secured"; | |||
static final String GITLAB_AUTH_SECRET = "sonar.auth.gitlab.secret.secured"; | |||
static final String GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP = "sonar.auth.gitlab.allowUsersToSignUp"; | |||
static final String GITLAB_AUTH_SYNC_USER_GROUPS = "sonar.auth.gitlab.groupsSync"; | |||
@@ -56,6 +56,9 @@ public class DbVersion86 implements DbVersion { | |||
.add(4123, "Add 'reset_password' column to 'users' table", AddResetPasswordColumnToUsers.class) | |||
.add(4124, "Populate 'reset_password' column with default value", PopulateResetPasswordDefaultValue.class) | |||
.add(4125, "Make 'reset_password' column in 'users' table not nullable", MakeResetPasswordColumnNotNull.class); | |||
.add(4125, "Make 'reset_password' column in 'users' table not nullable", MakeResetPasswordColumnNotNull.class) | |||
.add(4126, "Secure gitlab secret parameters", SecureGitlabSecretParameters.class) | |||
; | |||
} | |||
} |
@@ -0,0 +1,45 @@ | |||
/* | |||
* SonarQube | |||
* Copyright (C) 2009-2020 SonarSource SA | |||
* mailto:info AT sonarsource DOT com | |||
* | |||
* This program is free software; you can redistribute it and/or | |||
* modify it under the terms of the GNU Lesser General Public | |||
* License as published by the Free Software Foundation; either | |||
* version 3 of the License, or (at your option) any later version. | |||
* | |||
* This program is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |||
* Lesser General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Lesser General Public License | |||
* along with this program; if not, write to the Free Software Foundation, | |||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
*/ | |||
package org.sonar.server.platform.db.migration.version.v86; | |||
import java.sql.SQLException; | |||
import org.sonar.db.Database; | |||
import org.sonar.server.platform.db.migration.step.DataChange; | |||
public class SecureGitlabSecretParameters extends DataChange { | |||
public SecureGitlabSecretParameters(Database db) { | |||
super(db); | |||
} | |||
@Override | |||
protected void execute(Context context) throws SQLException { | |||
updateToSecured(context, "sonar.auth.gitlab.applicationId"); | |||
updateToSecured(context, "sonar.auth.gitlab.secret"); | |||
} | |||
private static void updateToSecured(Context context, String property) throws SQLException { | |||
context.prepareUpsert("update properties set prop_key = ? where prop_key = ?") | |||
.setString(1, property + ".secured") | |||
.setString(2, property) | |||
.execute() | |||
.commit(); | |||
} | |||
} |
@@ -0,0 +1,71 @@ | |||
/* | |||
* SonarQube | |||
* Copyright (C) 2009-2020 SonarSource SA | |||
* mailto:info AT sonarsource DOT com | |||
* | |||
* This program is free software; you can redistribute it and/or | |||
* modify it under the terms of the GNU Lesser General Public | |||
* License as published by the Free Software Foundation; either | |||
* version 3 of the License, or (at your option) any later version. | |||
* | |||
* This program is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |||
* Lesser General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Lesser General Public License | |||
* along with this program; if not, write to the Free Software Foundation, | |||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
*/ | |||
package org.sonar.server.platform.db.migration.version.v86; | |||
import java.sql.SQLException; | |||
import org.junit.Rule; | |||
import org.junit.Test; | |||
import org.sonar.api.utils.System2; | |||
import org.sonar.core.util.UuidFactory; | |||
import org.sonar.core.util.UuidFactoryFast; | |||
import org.sonar.db.CoreDbTester; | |||
import org.sonar.server.platform.db.migration.step.DataChange; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.assertj.core.api.Assertions.tuple; | |||
public class SecureGitlabSecretParametersTest { | |||
@Rule | |||
public CoreDbTester db = CoreDbTester.createForSchema(SecureGitlabSecretParametersTest.class, "schema.sql"); | |||
private final UuidFactory uuidFactory = UuidFactoryFast.getInstance(); | |||
private final DataChange underTest = new SecureGitlabSecretParameters(db.database()); | |||
@Test | |||
public void secure_gitlab_secret_parameters() throws SQLException { | |||
insertGitlabProperties(); | |||
underTest.execute(); | |||
assertThat(db.select("select * from PROPERTIES")) | |||
.extracting(r -> r.get("PROP_KEY"), r -> r.get("TEXT_VALUE")) | |||
.containsExactlyInAnyOrder( | |||
tuple("sonar.auth.gitlab.secret.secured", "secret secret"), | |||
tuple("sonar.auth.gitlab.applicationId.secured", "secret applicationId")); | |||
} | |||
private void insertGitlabProperties() { | |||
db.executeInsert("PROPERTIES", | |||
"prop_key", "sonar.auth.gitlab.secret", | |||
"is_empty", false, | |||
"text_value", "secret secret", | |||
"uuid", uuidFactory.create(), | |||
"created_at", System2.INSTANCE.now()); | |||
db.executeInsert("PROPERTIES", | |||
"prop_key", "sonar.auth.gitlab.applicationId", | |||
"is_empty", false, | |||
"text_value", "secret applicationId", | |||
"uuid", uuidFactory.create(), | |||
"created_at", System2.INSTANCE.now()); | |||
} | |||
} |
@@ -0,0 +1,12 @@ | |||
CREATE TABLE "PROPERTIES"( | |||
"PROP_KEY" VARCHAR(512) NOT NULL, | |||
"IS_EMPTY" BOOLEAN NOT NULL, | |||
"TEXT_VALUE" VARCHAR(4000), | |||
"CLOB_VALUE" CLOB, | |||
"CREATED_AT" BIGINT NOT NULL, | |||
"COMPONENT_UUID" VARCHAR(40), | |||
"UUID" VARCHAR(40) NOT NULL, | |||
"USER_UUID" VARCHAR(255) | |||
); | |||
ALTER TABLE "PROPERTIES" ADD CONSTRAINT "PK_PROPERTIES" PRIMARY KEY("UUID"); | |||
CREATE INDEX "PROPERTIES_KEY" ON "PROPERTIES"("PROP_KEY"); |