mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 236 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30155 Commits
59 Branches
Tree: 4d8f0c4bf3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4d8f0c4bf3'
${ noResults }
sonarqube/server/sonar-webserver-webapi/src/test/java/org/sonar/server/user/ws/CreateActionTest.java

CreateActionTest.java 13KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2020 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.user.ws;

  21. 

  22. import java.util.HashSet;

  23. import java.util.Optional;

  24. import org.junit.Before;

  25. import org.junit.Rule;

  26. import org.junit.Test;

  27. import org.junit.rules.ExpectedException;

  28. import org.sonar.api.config.internal.MapSettings;

  29. import org.sonar.api.impl.utils.AlwaysIncreasingSystem2;

  30. import org.sonar.api.server.ws.WebService;

  31. import org.sonar.api.utils.System2;

  32. import org.sonar.core.config.CorePropertyDefinitions;

  33. import org.sonar.db.DbTester;

  34. import org.sonar.db.user.GroupDto;

  35. import org.sonar.db.user.UserDto;

  36. import org.sonar.server.authentication.CredentialsLocalAuthentication;

  37. import org.sonar.server.es.EsTester;

  38. import org.sonar.server.exceptions.ForbiddenException;

  39. import org.sonar.server.organization.DefaultOrganizationProvider;

  40. import org.sonar.server.organization.TestDefaultOrganizationProvider;

  41. import org.sonar.server.tester.UserSessionRule;

  42. import org.sonar.server.user.NewUserNotifier;

  43. import org.sonar.server.user.UserUpdater;

  44. import org.sonar.server.user.index.UserIndexDefinition;

  45. import org.sonar.server.user.index.UserIndexer;

  46. import org.sonar.server.user.ws.CreateAction.CreateRequest;

  47. import org.sonar.server.usergroups.DefaultGroupFinder;

  48. import org.sonar.server.ws.TestRequest;

  49. import org.sonar.server.ws.WsActionTester;

  50. import org.sonarqube.ws.Users.CreateWsResponse;

  51. import org.sonarqube.ws.Users.CreateWsResponse.User;

  52. 

  53. import static java.lang.String.format;

  54. import static java.util.Collections.singletonList;

  55. import static java.util.Optional.ofNullable;

  56. import static org.assertj.core.api.Assertions.assertThat;

  57. import static org.elasticsearch.index.query.QueryBuilders.boolQuery;

  58. import static org.elasticsearch.index.query.QueryBuilders.termQuery;

  59. import static org.mockito.Mockito.mock;

  60. import static org.sonar.db.user.UserTesting.newUserDto;

  61. import static org.sonar.server.user.index.UserIndexDefinition.FIELD_EMAIL;

  62. import static org.sonar.server.user.index.UserIndexDefinition.FIELD_LOGIN;

  63. import static org.sonar.server.user.index.UserIndexDefinition.FIELD_NAME;

  64. import static org.sonar.server.user.index.UserIndexDefinition.FIELD_SCM_ACCOUNTS;

  65. 

  66. public class CreateActionTest {

  67. 

  68.   private MapSettings settings = new MapSettings();

  69.   private System2 system2 = new AlwaysIncreasingSystem2();

  70. 

  71.   @Rule

  72.   public DbTester db = DbTester.create(system2);

  73.   @Rule

  74.   public EsTester es = EsTester.create();

  75.   @Rule

  76.   public UserSessionRule userSessionRule = UserSessionRule.standalone();

  77.   @Rule

  78.   public ExpectedException expectedException = ExpectedException.none();

  79. 

  80.   private UserIndexer userIndexer = new UserIndexer(db.getDbClient(), es.client());

  81.   private GroupDto defaultGroup;

  82.   private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db);

  83.   private CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient());

  84.   private WsActionTester tester = new WsActionTester(new CreateAction(

  85.     db.getDbClient(),

  86.     new UserUpdater(mock(NewUserNotifier.class), db.getDbClient(), userIndexer, defaultOrganizationProvider,

  87.       new DefaultGroupFinder(db.getDbClient()), settings.asConfig(), localAuthentication),

  88.     userSessionRule));

  89. 

  90.   @Before

  91.   public void setUp() {

  92.     defaultGroup = db.users().insertDefaultGroup();

  93.   }

  94. 

  95.   @Test

  96.   public void create_user() {

  97.     logInAsSystemAdministrator();

  98. 

  99.     CreateWsResponse response = call(CreateRequest.builder()

  100.       .setLogin("john")

  101.       .setName("John")

  102.       .setEmail("john@email.com")

  103.       .setScmAccounts(singletonList("jn"))

  104.       .setPassword("1234")

  105.       .build());

  106. 

  107.     assertThat(response.getUser())

  108.       .extracting(User::getLogin, User::getName, User::getEmail, User::getScmAccountsList, User::getLocal)

  109.       .containsOnly("john", "John", "john@email.com", singletonList("jn"), true);

  110. 

  111.     // exists in index

  112.     assertThat(es.client().prepareSearch(UserIndexDefinition.TYPE_USER)

  113.       .setQuery(boolQuery()

  114.         .must(termQuery(FIELD_LOGIN, "john"))

  115.         .must(termQuery(FIELD_NAME, "John"))

  116.         .must(termQuery(FIELD_EMAIL, "john@email.com"))

  117.         .must(termQuery(FIELD_SCM_ACCOUNTS, "jn")))

  118.       .get().getHits().getHits()).hasSize(1);

  119. 

  120.     // exists in db

  121.     Optional<UserDto> dbUser = db.users().selectUserByLogin("john");

  122.     assertThat(dbUser).isPresent();

  123.     assertThat(dbUser.get().isRoot()).isFalse();

  124. 

  125.     // member of default group in default organization

  126.     assertThat(db.users().selectGroupUuidsOfUser(dbUser.get())).containsOnly(defaultGroup.getUuid());

  127.   }

  128. 

  129.   @Test

  130.   public void create_local_user() {

  131.     logInAsSystemAdministrator();

  132. 

  133.     call(CreateRequest.builder()

  134.       .setLogin("john")

  135.       .setName("John")

  136.       .setPassword("1234")

  137.       .setLocal(true)

  138.       .build());

  139. 

  140.     assertThat(db.users().selectUserByLogin("john").get())

  141.       .extracting(UserDto::isLocal, UserDto::getExternalIdentityProvider, UserDto::getExternalLogin, UserDto::isRoot)

  142.       .containsOnly(true, "sonarqube", "john", false);

  143.   }

  144. 

  145.   @Test

  146.   public void create_none_local_user() {

  147.     logInAsSystemAdministrator();

  148. 

  149.     call(CreateRequest.builder()

  150.       .setLogin("john")

  151.       .setName("John")

  152.       .setLocal(false)

  153.       .build());

  154. 

  155.     assertThat(db.users().selectUserByLogin("john").get())

  156.       .extracting(UserDto::isLocal, UserDto::getExternalIdentityProvider, UserDto::getExternalLogin, UserDto::isRoot)

  157.       .containsOnly(false, "sonarqube", "john", false);

  158.   }

  159. 

  160.   @Test

  161.   public void create_user_with_comma_in_scm_account() {

  162.     logInAsSystemAdministrator();

  163. 

  164.     CreateWsResponse response = call(CreateRequest.builder()

  165.       .setLogin("john")

  166.       .setName("John")

  167.       .setEmail("john@email.com")

  168.       .setScmAccounts(singletonList("j,n"))

  169.       .setPassword("1234")

  170.       .build());

  171. 

  172.     assertThat(response.getUser().getScmAccountsList()).containsOnly("j,n");

  173.   }

  174. 

  175.   @Test

  176.   public void create_user_with_empty_email() {

  177.     logInAsSystemAdministrator();

  178. 

  179.     call(CreateRequest.builder()

  180.       .setLogin("john")

  181.       .setName("John")

  182.       .setPassword("1234")

  183.       .setEmail("")

  184.       .build());

  185. 

  186.     assertThat(db.users().selectUserByLogin("john").get())

  187.       .extracting(UserDto::getExternalLogin)

  188.       .isEqualTo("john");

  189.   }

  190. 

  191.   @Test

  192.   public void create_user_with_deprecated_scmAccounts_parameter() {

  193.     logInAsSystemAdministrator();

  194. 

  195.     tester.newRequest()

  196.       .setParam("login", "john")

  197.       .setParam("name", "John")

  198.       .setParam("password", "1234")

  199.       .setParam("scmAccounts", "jn")

  200.       .execute();

  201. 

  202.     assertThat(db.users().selectUserByLogin("john").get().getScmAccountsAsList()).containsOnly("jn");

  203.   }

  204. 

  205.   @Test

  206.   public void create_user_with_deprecated_scm_accounts_parameter() {

  207.     logInAsSystemAdministrator();

  208. 

  209.     tester.newRequest()

  210.       .setParam("login", "john")

  211.       .setParam("name", "John")

  212.       .setParam("password", "1234")

  213.       .setParam("scm_accounts", "jn")

  214.       .execute();

  215. 

  216.     assertThat(db.users().selectUserByLogin("john").get().getScmAccountsAsList()).containsOnly("jn");

  217.   }

  218. 

  219.   @Test

  220.   public void reactivate_user() {

  221.     logInAsSystemAdministrator();

  222. 

  223.     db.users().insertUser(newUserDto("john", "John", "john@email.com").setActive(false));

  224.     userIndexer.indexOnStartup(new HashSet<>());

  225. 

  226.     call(CreateRequest.builder()

  227.       .setLogin("john")

  228.       .setName("John")

  229.       .setEmail("john@email.com")

  230.       .setScmAccounts(singletonList("jn"))

  231.       .setPassword("1234")

  232.       .build());

  233. 

  234.     assertThat(db.users().selectUserByLogin("john").get().isActive()).isTrue();

  235.   }

  236. 

  237.   @Test

  238.   public void fail_to_reactivate_user_when_active_user_exists() {

  239.     logInAsSystemAdministrator();

  240.     UserDto user = db.users().insertUser();

  241. 

  242.     expectedException.expect(IllegalArgumentException.class);

  243.     expectedException.expectMessage(format("An active user with login '%s' already exists", user.getLogin()));

  244. 

  245.     call(CreateRequest.builder()

  246.       .setLogin(user.getLogin())

  247.       .setName("John")

  248.       .setPassword("1234")

  249.       .build());

  250.   }

  251. 

  252.   @Test

  253.   public void fail_when_missing_login() {

  254.     logInAsSystemAdministrator();

  255. 

  256.     expectedException.expect(IllegalArgumentException.class);

  257.     expectedException.expectMessage("Login is mandatory and must not be empty");

  258.     call(CreateRequest.builder()

  259.       .setLogin(null)

  260.       .setName("John")

  261.       .setPassword("1234")

  262.       .build());

  263.   }

  264. 

  265.   @Test

  266.   public void fail_when_login_is_too_short() {

  267.     logInAsSystemAdministrator();

  268. 

  269.     expectedException.expect(IllegalArgumentException.class);

  270.     expectedException.expectMessage("'login' length (1) is shorter than the minimum authorized (2)");

  271.     call(CreateRequest.builder()

  272.       .setLogin("a")

  273.       .setName("John")

  274.       .setPassword("1234")

  275.       .build());

  276.   }

  277. 

  278.   @Test

  279.   public void fail_when_missing_name() {

  280.     logInAsSystemAdministrator();

  281. 

  282.     expectedException.expect(IllegalArgumentException.class);

  283.     expectedException.expectMessage("Name is mandatory and must not be empty");

  284.     call(CreateRequest.builder()

  285.       .setLogin("john")

  286.       .setName(null)

  287.       .setPassword("1234")

  288.       .build());

  289.   }

  290. 

  291.   @Test

  292.   public void fail_when_missing_password() {

  293.     logInAsSystemAdministrator();

  294. 

  295.     expectedException.expect(IllegalArgumentException.class);

  296.     expectedException.expectMessage("Password is mandatory and must not be empty");

  297.     call(CreateRequest.builder()

  298.       .setLogin("john")

  299.       .setName("John")

  300.       .setPassword(null)

  301.       .build());

  302.   }

  303. 

  304.   @Test

  305.   public void fail_when_password_is_set_on_none_local_user() {

  306.     logInAsSystemAdministrator();

  307. 

  308.     expectedException.expect(IllegalArgumentException.class);

  309.     expectedException.expectMessage("Password should only be set on local user");

  310.     call(CreateRequest.builder()

  311.       .setLogin("john")

  312.       .setName("John")

  313.       .setPassword("1234")

  314.       .setLocal(false)

  315.       .build());

  316.   }

  317. 

  318.   @Test

  319.   public void fail_when_email_is_invalid() {

  320.     logInAsSystemAdministrator();

  321. 

  322.     expectedException.expect(IllegalArgumentException.class);

  323.     expectedException.expectMessage("Email 'invalid-email' is not valid");

  324. 

  325.     call(CreateRequest.builder()

  326.       .setLogin("pipo")

  327.       .setName("John")

  328.       .setPassword("1234")

  329.       .setEmail("invalid-email")

  330.       .build());

  331.   }

  332. 

  333.   @Test

  334.   public void throw_ForbiddenException_if_not_system_administrator() {

  335.     userSessionRule.logIn().setNonSystemAdministrator();

  336. 

  337.     expectedException.expect(ForbiddenException.class);

  338.     expectedException.expectMessage("");

  339. 

  340.     expectedException.expect(ForbiddenException.class);

  341.     executeRequest("john");

  342.   }

  343. 

  344.   @Test

  345.   public void test_definition() {

  346.     WebService.Action action = tester.getDef();

  347.     assertThat(action).isNotNull();

  348.     assertThat(action.isPost()).isTrue();

  349.     assertThat(action.params()).hasSize(7);

  350.   }

  351. 

  352.   private CreateWsResponse executeRequest(String login) {

  353.     return call(CreateRequest.builder()

  354.       .setLogin(login)

  355.       .setName("name of " + login)

  356.       .setEmail(login + "@email.com")

  357.       .setScmAccounts(singletonList(login.substring(0, 2)))

  358.       .setPassword("pwd_" + login)

  359.       .build());

  360.   }

  361. 

  362.   private void logInAsSystemAdministrator() {

  363.     userSessionRule.logIn().setSystemAdministrator();

  364.   }

  365. 

  366.   private CreateWsResponse call(CreateRequest createRequest) {

  367.     TestRequest request = tester.newRequest();

  368.     ofNullable(createRequest.getLogin()).ifPresent(e4 -> request.setParam("login", e4));

  369.     ofNullable(createRequest.getName()).ifPresent(e3 -> request.setParam("name", e3));

  370.     ofNullable(createRequest.getEmail()).ifPresent(e2 -> request.setParam("email", e2));

  371.     ofNullable(createRequest.getPassword()).ifPresent(e1 -> request.setParam("password", e1));

  372.     ofNullable(createRequest.getScmAccounts()).ifPresent(e -> request.setMultiParam("scmAccount", e));

  373.     request.setParam("local", createRequest.isLocal() ? "true" : "false");

  374.     return request.executeProtobuf(CreateWsResponse.class);

  375.   }

  376. 

  377.   private void enableCreatePersonalOrg(boolean flag) {

  378.     settings.setProperty(CorePropertyDefinitions.ORGANIZATIONS_CREATE_PERSONAL_ORG, flag);

  379.   }

  380. 

  381. }