mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
27803 Commits
59 Branches
Tree: db18af0468
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'db18af0468'
${ noResults }
sonarqube/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/GenerateAction.java

GenerateAction.java 5.5KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2019 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.usertoken.ws;

  21. 

  22. import org.sonar.api.server.ws.Request;

  23. import org.sonar.api.server.ws.Response;

  24. import org.sonar.api.server.ws.WebService;

  25. import org.sonar.api.utils.System2;

  26. import org.sonar.db.DbClient;

  27. import org.sonar.db.DbSession;

  28. import org.sonar.db.user.UserDto;

  29. import org.sonar.db.user.UserTokenDto;

  30. import org.sonar.server.exceptions.ServerException;

  31. import org.sonar.server.usertoken.TokenGenerator;

  32. import org.sonarqube.ws.UserTokens;

  33. import org.sonarqube.ws.UserTokens.GenerateWsResponse;

  34. 

  35. import static java.net.HttpURLConnection.HTTP_INTERNAL_ERROR;

  36. import static org.sonar.api.utils.DateUtils.formatDateTime;

  37. import static org.sonar.server.usertoken.ws.UserTokenSupport.ACTION_GENERATE;

  38. import static org.sonar.server.usertoken.ws.UserTokenSupport.PARAM_LOGIN;

  39. import static org.sonar.server.usertoken.ws.UserTokenSupport.PARAM_NAME;

  40. import static org.sonar.server.ws.WsUtils.checkRequest;

  41. import static org.sonar.server.ws.WsUtils.writeProtobuf;

  42. 

  43. public class GenerateAction implements UserTokensWsAction {

  44. 

  45.   private static final int MAX_TOKEN_NAME_LENGTH = 100;

  46. 

  47.   private final DbClient dbClient;

  48.   private final System2 system;

  49.   private final TokenGenerator tokenGenerator;

  50.   private final UserTokenSupport userTokenSupport;

  51. 

  52.   public GenerateAction(DbClient dbClient, System2 system, TokenGenerator tokenGenerator, UserTokenSupport userTokenSupport) {

  53.     this.dbClient = dbClient;

  54.     this.system = system;

  55.     this.tokenGenerator = tokenGenerator;

  56.     this.userTokenSupport = userTokenSupport;

  57.   }

  58. 

  59.   @Override

  60.   public void define(WebService.NewController context) {

  61.     WebService.NewAction action = context.createAction(ACTION_GENERATE)

  62.       .setSince("5.3")

  63.       .setPost(true)

  64.       .setDescription("Generate a user access token. <br />" +

  65.         "Please keep your tokens secret. They enable to authenticate and analyze projects.<br />" +

  66.         "It requires administration permissions to specify a 'login' and generate a token for another user. Otherwise, a token is generated for the current user.")

  67.       .setResponseExample(getClass().getResource("generate-example.json"))

  68.       .setHandler(this);

  69. 

  70.     action.createParam(PARAM_LOGIN)

  71.       .setDescription("User login. If not set, the token is generated for the authenticated user.")

  72.       .setExampleValue("g.hopper");

  73. 

  74.     action.createParam(PARAM_NAME)

  75.       .setRequired(true)

  76.       .setMaximumLength(MAX_TOKEN_NAME_LENGTH)

  77.       .setDescription("Token name")

  78.       .setExampleValue("Project scan on Travis");

  79.   }

  80. 

  81.   @Override

  82.   public void handle(Request request, Response response) throws Exception {

  83.     UserTokens.GenerateWsResponse generateWsResponse = doHandle(request);

  84.     writeProtobuf(generateWsResponse, request, response);

  85.   }

  86. 

  87.   private UserTokens.GenerateWsResponse doHandle(Request request) {

  88.     try (DbSession dbSession = dbClient.openSession(false)) {

  89.       String name = request.mandatoryParam(PARAM_NAME).trim();

  90.       UserDto user = userTokenSupport.getUser(dbSession, request);

  91.       checkTokenDoesNotAlreadyExists(dbSession, user, name);

  92. 

  93.       String token = tokenGenerator.generate();

  94.       String tokenHash = hashToken(dbSession, token);

  95.       UserTokenDto userTokenDto = insertTokenInDb(dbSession, user, name, tokenHash);

  96.       return buildResponse(userTokenDto, token, user);

  97.     }

  98.   }

  99. 

  100.   private String hashToken(DbSession dbSession, String token) {

  101.     String tokenHash = tokenGenerator.hash(token);

  102.     UserTokenDto userToken = dbClient.userTokenDao().selectByTokenHash(dbSession, tokenHash);

  103.     if (userToken == null) {

  104.       return tokenHash;

  105.     }

  106.     throw new ServerException(HTTP_INTERNAL_ERROR, "Error while generating token. Please try again.");

  107.   }

  108. 

  109.   private void checkTokenDoesNotAlreadyExists(DbSession dbSession, UserDto user, String name) {

  110.     UserTokenDto userTokenDto = dbClient.userTokenDao().selectByUserAndName(dbSession, user, name);

  111.     checkRequest(userTokenDto == null, "A user token for login '%s' and name '%s' already exists", user.getLogin(), name);

  112.   }

  113. 

  114.   private UserTokenDto insertTokenInDb(DbSession dbSession, UserDto user, String name, String tokenHash) {

  115.     UserTokenDto userTokenDto = new UserTokenDto()

  116.       .setUserUuid(user.getUuid())

  117.       .setName(name)

  118.       .setTokenHash(tokenHash)

  119.       .setCreatedAt(system.now());

  120.     dbClient.userTokenDao().insert(dbSession, userTokenDto);

  121.     dbSession.commit();

  122.     return userTokenDto;

  123.   }

  124. 

  125.   private static GenerateWsResponse buildResponse(UserTokenDto userTokenDto, String token, UserDto user) {

  126.     return UserTokens.GenerateWsResponse.newBuilder()

  127.       .setLogin(user.getLogin())

  128.       .setName(userTokenDto.getName())

  129.       .setCreatedAt(formatDateTime(userTokenDto.getCreatedAt()))

  130.       .setToken(token)

  131.       .build();

  132.   }

  133. 

  134. }