Zipeng WU
3 years ago
5 changed files with 134 additions and 3 deletions
+ 2
- 2
server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabSettings.java
View File
| @@ -33,8 +33,8 @@ public class GitLabSettings { | |||
| static final String GITLAB_AUTH_ENABLED = "sonar.auth.gitlab.enabled"; | |||
| static final String GITLAB_AUTH_URL = "sonar.auth.gitlab.url"; | |||
| static final String GITLAB_AUTH_APPLICATION_ID = "sonar.auth.gitlab.applicationId"; | |||
| static final String GITLAB_AUTH_SECRET = "sonar.auth.gitlab.secret"; | |||
| static final String GITLAB_AUTH_APPLICATION_ID = "sonar.auth.gitlab.applicationId.secured"; | |||
| static final String GITLAB_AUTH_SECRET = "sonar.auth.gitlab.secret.secured"; | |||
| static final String GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP = "sonar.auth.gitlab.allowUsersToSignUp"; | |||
| static final String GITLAB_AUTH_SYNC_USER_GROUPS = "sonar.auth.gitlab.groupsSync"; | |||
+ 4
- 1
server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v86/DbVersion86.java
View File
| @@ -56,6 +56,9 @@ public class DbVersion86 implements DbVersion { | |||
| .add(4123, "Add 'reset_password' column to 'users' table", AddResetPasswordColumnToUsers.class) | |||
| .add(4124, "Populate 'reset_password' column with default value", PopulateResetPasswordDefaultValue.class) | |||
| .add(4125, "Make 'reset_password' column in 'users' table not nullable", MakeResetPasswordColumnNotNull.class); | |||
| .add(4125, "Make 'reset_password' column in 'users' table not nullable", MakeResetPasswordColumnNotNull.class) | |||
| .add(4126, "Secure gitlab secret parameters", SecureGitlabSecretParameters.class) | |||
| ; | |||
| } | |||
| } | |||
+ 45
- 0
server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v86/SecureGitlabSecretParameters.java
View File
| @@ -0,0 +1,45 @@ | |||
| /* | |||
| * SonarQube | |||
| * Copyright (C) 2009-2020 SonarSource SA | |||
| * mailto:info AT sonarsource DOT com | |||
| * | |||
| * This program is free software; you can redistribute it and/or | |||
| * modify it under the terms of the GNU Lesser General Public | |||
| * License as published by the Free Software Foundation; either | |||
| * version 3 of the License, or (at your option) any later version. | |||
| * | |||
| * This program is distributed in the hope that it will be useful, | |||
| * but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |||
| * Lesser General Public License for more details. | |||
| * | |||
| * You should have received a copy of the GNU Lesser General Public License | |||
| * along with this program; if not, write to the Free Software Foundation, | |||
| * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
| */ | |||
| package org.sonar.server.platform.db.migration.version.v86; | |||
| import java.sql.SQLException; | |||
| import org.sonar.db.Database; | |||
| import org.sonar.server.platform.db.migration.step.DataChange; | |||
| public class SecureGitlabSecretParameters extends DataChange { | |||
| public SecureGitlabSecretParameters(Database db) { | |||
| super(db); | |||
| } | |||
| @Override | |||
| protected void execute(Context context) throws SQLException { | |||
| updateToSecured(context, "sonar.auth.gitlab.applicationId"); | |||
| updateToSecured(context, "sonar.auth.gitlab.secret"); | |||
| } | |||
| private static void updateToSecured(Context context, String property) throws SQLException { | |||
| context.prepareUpsert("update properties set prop_key = ? where prop_key = ?") | |||
| .setString(1, property + ".secured") | |||
| .setString(2, property) | |||
| .execute() | |||
| .commit(); | |||
| } | |||
| } | |||
+ 71
- 0
server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v86/SecureGitlabSecretParametersTest.java
View File
| @@ -0,0 +1,71 @@ | |||
| /* | |||
| * SonarQube | |||
| * Copyright (C) 2009-2020 SonarSource SA | |||
| * mailto:info AT sonarsource DOT com | |||
| * | |||
| * This program is free software; you can redistribute it and/or | |||
| * modify it under the terms of the GNU Lesser General Public | |||
| * License as published by the Free Software Foundation; either | |||
| * version 3 of the License, or (at your option) any later version. | |||
| * | |||
| * This program is distributed in the hope that it will be useful, | |||
| * but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |||
| * Lesser General Public License for more details. | |||
| * | |||
| * You should have received a copy of the GNU Lesser General Public License | |||
| * along with this program; if not, write to the Free Software Foundation, | |||
| * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
| */ | |||
| package org.sonar.server.platform.db.migration.version.v86; | |||
| import java.sql.SQLException; | |||
| import org.junit.Rule; | |||
| import org.junit.Test; | |||
| import org.sonar.api.utils.System2; | |||
| import org.sonar.core.util.UuidFactory; | |||
| import org.sonar.core.util.UuidFactoryFast; | |||
| import org.sonar.db.CoreDbTester; | |||
| import org.sonar.server.platform.db.migration.step.DataChange; | |||
| import static org.assertj.core.api.Assertions.assertThat; | |||
| import static org.assertj.core.api.Assertions.tuple; | |||
| public class SecureGitlabSecretParametersTest { | |||
| @Rule | |||
| public CoreDbTester db = CoreDbTester.createForSchema(SecureGitlabSecretParametersTest.class, "schema.sql"); | |||
| private final UuidFactory uuidFactory = UuidFactoryFast.getInstance(); | |||
| private final DataChange underTest = new SecureGitlabSecretParameters(db.database()); | |||
| @Test | |||
| public void secure_gitlab_secret_parameters() throws SQLException { | |||
| insertGitlabProperties(); | |||
| underTest.execute(); | |||
| assertThat(db.select("select * from PROPERTIES")) | |||
| .extracting(r -> r.get("PROP_KEY"), r -> r.get("TEXT_VALUE")) | |||
| .containsExactlyInAnyOrder( | |||
| tuple("sonar.auth.gitlab.secret.secured", "secret secret"), | |||
| tuple("sonar.auth.gitlab.applicationId.secured", "secret applicationId")); | |||
| } | |||
| private void insertGitlabProperties() { | |||
| db.executeInsert("PROPERTIES", | |||
| "prop_key", "sonar.auth.gitlab.secret", | |||
| "is_empty", false, | |||
| "text_value", "secret secret", | |||
| "uuid", uuidFactory.create(), | |||
| "created_at", System2.INSTANCE.now()); | |||
| db.executeInsert("PROPERTIES", | |||
| "prop_key", "sonar.auth.gitlab.applicationId", | |||
| "is_empty", false, | |||
| "text_value", "secret applicationId", | |||
| "uuid", uuidFactory.create(), | |||
| "created_at", System2.INSTANCE.now()); | |||
| } | |||
| } | |||
+ 12
- 0
server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v86/SecureGitlabSecretParametersTest/schema.sql
View File
| @@ -0,0 +1,12 @@ | |||
| CREATE TABLE "PROPERTIES"( | |||
| "PROP_KEY" VARCHAR(512) NOT NULL, | |||
| "IS_EMPTY" BOOLEAN NOT NULL, | |||
| "TEXT_VALUE" VARCHAR(4000), | |||
| "CLOB_VALUE" CLOB, | |||
| "CREATED_AT" BIGINT NOT NULL, | |||
| "COMPONENT_UUID" VARCHAR(40), | |||
| "UUID" VARCHAR(40) NOT NULL, | |||
| "USER_UUID" VARCHAR(255) | |||
| ); | |||
| ALTER TABLE "PROPERTIES" ADD CONSTRAINT "PK_PROPERTIES" PRIMARY KEY("UUID"); | |||
| CREATE INDEX "PROPERTIES_KEY" ON "PROPERTIES"("PROP_KEY"); | |||
Loading…