mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
27803 Commits
59 Branches
Tree: db18af0468
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'db18af0468'
${ noResults }
sonarqube/server/sonar-server/src/test/java/org/sonar/server/user/ws/DeactivateActionTest.java

DeactivateActionTest.java 16KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2019 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.user.ws;

  21. 

  22. import java.util.Optional;

  23. import javax.annotation.Nullable;

  24. import org.junit.Rule;

  25. import org.junit.Test;

  26. import org.junit.rules.ExpectedException;

  27. import org.sonar.api.utils.System2;

  28. import org.sonar.api.utils.internal.AlwaysIncreasingSystem2;

  29. import org.sonar.db.DbClient;

  30. import org.sonar.db.DbSession;

  31. import org.sonar.db.DbTester;

  32. import org.sonar.db.component.ComponentDto;

  33. import org.sonar.db.organization.OrganizationDto;

  34. import org.sonar.db.permission.template.PermissionTemplateDto;

  35. import org.sonar.db.permission.template.PermissionTemplateUserDto;

  36. import org.sonar.db.property.PropertyDto;

  37. import org.sonar.db.property.PropertyQuery;

  38. import org.sonar.db.qualityprofile.QProfileDto;

  39. import org.sonar.db.user.GroupDto;

  40. import org.sonar.db.user.UserDto;

  41. import org.sonar.server.es.EsTester;

  42. import org.sonar.server.exceptions.BadRequestException;

  43. import org.sonar.server.exceptions.ForbiddenException;

  44. import org.sonar.server.exceptions.NotFoundException;

  45. import org.sonar.server.exceptions.UnauthorizedException;

  46. import org.sonar.server.organization.DefaultOrganizationProvider;

  47. import org.sonar.server.organization.TestDefaultOrganizationProvider;

  48. import org.sonar.server.tester.UserSessionRule;

  49. import org.sonar.server.user.index.UserIndexDefinition;

  50. import org.sonar.server.user.index.UserIndexer;

  51. import org.sonar.server.ws.TestRequest;

  52. import org.sonar.server.ws.TestResponse;

  53. import org.sonar.server.ws.WsActionTester;

  54. 

  55. import static java.util.Collections.singletonList;

  56. import static org.assertj.core.api.Assertions.assertThat;

  57. import static org.elasticsearch.index.query.QueryBuilders.boolQuery;

  58. import static org.elasticsearch.index.query.QueryBuilders.termQuery;

  59. import static org.sonar.api.web.UserRole.CODEVIEWER;

  60. import static org.sonar.api.web.UserRole.USER;

  61. import static org.sonar.db.organization.OrganizationTesting.newOrganizationDto;

  62. import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;

  63. import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES;

  64. import static org.sonar.db.permission.OrganizationPermission.SCAN;

  65. import static org.sonar.db.property.PropertyTesting.newUserPropertyDto;

  66. import static org.sonar.server.user.index.UserIndexDefinition.FIELD_ACTIVE;

  67. import static org.sonar.server.user.index.UserIndexDefinition.FIELD_UUID;

  68. import static org.sonar.test.JsonAssert.assertJson;

  69. 

  70. public class DeactivateActionTest {

  71. 

  72.   private System2 system2 = AlwaysIncreasingSystem2.INSTANCE;

  73. 

  74.   @Rule

  75.   public ExpectedException expectedException = ExpectedException.none();

  76. 

  77.   @Rule

  78.   public DbTester db = DbTester.create(system2);

  79. 

  80.   @Rule

  81.   public EsTester es = EsTester.create();

  82. 

  83.   @Rule

  84.   public UserSessionRule userSession = UserSessionRule.standalone();

  85. 

  86.   private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db);

  87.   private DbClient dbClient = db.getDbClient();

  88.   private UserIndexer userIndexer = new UserIndexer(dbClient, es.client());

  89.   private DbSession dbSession = db.getSession();

  90. 

  91.   private WsActionTester ws = new WsActionTester(new DeactivateAction(

  92.     dbClient, userIndexer, userSession, new UserJsonWriter(userSession), defaultOrganizationProvider));

  93. 

  94.   @Test

  95.   public void deactivate_user_and_delete_his_related_data() {

  96.     UserDto user = db.users().insertUser(u -> u

  97.       .setLogin("ada.lovelace")

  98.       .setEmail("ada.lovelace@noteg.com")

  99.       .setName("Ada Lovelace")

  100.       .setScmAccounts(singletonList("al")));

  101.     logInAsSystemAdministrator();

  102. 

  103.     deactivate(user.getLogin());

  104. 

  105.     verifyThatUserIsDeactivated(user.getLogin());

  106.     assertThat(es.client().prepareSearch(UserIndexDefinition.INDEX_TYPE_USER)

  107.       .setQuery(boolQuery()

  108.         .must(termQuery(FIELD_UUID, user.getUuid()))

  109.         .must(termQuery(FIELD_ACTIVE, "false")))

  110.       .get().getHits().getHits()).hasSize(1);

  111.   }

  112. 

  113.   @Test

  114.   public void deactivate_user_deletes_his_group_membership() {

  115.     logInAsSystemAdministrator();

  116.     UserDto user = db.users().insertUser();

  117.     GroupDto group1 = db.users().insertGroup();

  118.     db.users().insertGroup();

  119.     db.users().insertMember(group1, user);

  120. 

  121.     deactivate(user.getLogin());

  122. 

  123.     assertThat(db.getDbClient().groupMembershipDao().selectGroupIdsByUserId(dbSession, user.getId())).isEmpty();

  124.   }

  125. 

  126.   @Test

  127.   public void deactivate_user_deletes_his_tokens() {

  128.     logInAsSystemAdministrator();

  129.     UserDto user = db.users().insertUser();

  130.     db.users().insertToken(user);

  131.     db.users().insertToken(user);

  132.     db.commit();

  133. 

  134.     deactivate(user.getLogin());

  135. 

  136.     assertThat(db.getDbClient().userTokenDao().selectByUser(dbSession, user)).isEmpty();

  137.   }

  138. 

  139.   @Test

  140.   public void deactivate_user_deletes_his_properties() {

  141.     logInAsSystemAdministrator();

  142.     UserDto user = db.users().insertUser();

  143.     ComponentDto project = db.components().insertPrivateProject();

  144.     db.properties().insertProperty(newUserPropertyDto(user));

  145.     db.properties().insertProperty(newUserPropertyDto(user));

  146.     db.properties().insertProperty(newUserPropertyDto(user).setResourceId(project.getId()));

  147. 

  148.     deactivate(user.getLogin());

  149. 

  150.     assertThat(db.getDbClient().propertiesDao().selectByQuery(PropertyQuery.builder().setUserId(user.getId()).build(), dbSession)).isEmpty();

  151.     assertThat(db.getDbClient().propertiesDao().selectByQuery(PropertyQuery.builder().setUserId(user.getId()).setComponentId(project.getId()).build(), dbSession)).isEmpty();

  152.   }

  153. 

  154.   @Test

  155.   public void deactivate_user_deletes_his_permissions() {

  156.     logInAsSystemAdministrator();

  157.     UserDto user = db.users().insertUser();

  158.     ComponentDto project = db.components().insertPrivateProject();

  159.     db.users().insertPermissionOnUser(user, SCAN);

  160.     db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_PROFILES);

  161.     db.users().insertProjectPermissionOnUser(user, USER, project);

  162.     db.users().insertProjectPermissionOnUser(user, CODEVIEWER, project);

  163. 

  164.     deactivate(user.getLogin());

  165. 

  166.     assertThat(db.getDbClient().userPermissionDao().selectGlobalPermissionsOfUser(dbSession, user.getId(), db.getDefaultOrganization().getUuid())).isEmpty();

  167.     assertThat(db.getDbClient().userPermissionDao().selectProjectPermissionsOfUser(dbSession, user.getId(), project.getId())).isEmpty();

  168.   }

  169. 

  170.   @Test

  171.   public void deactivate_user_deletes_his_permission_templates() {

  172.     logInAsSystemAdministrator();

  173.     UserDto user = db.users().insertUser();

  174.     PermissionTemplateDto template = db.permissionTemplates().insertTemplate();

  175.     PermissionTemplateDto anotherTemplate = db.permissionTemplates().insertTemplate();

  176.     db.permissionTemplates().addUserToTemplate(template.getId(), user.getId(), USER);

  177.     db.permissionTemplates().addUserToTemplate(anotherTemplate.getId(), user.getId(), CODEVIEWER);

  178. 

  179.     deactivate(user.getLogin());

  180. 

  181.     assertThat(db.getDbClient().permissionTemplateDao().selectUserPermissionsByTemplateId(dbSession, template.getId())).extracting(PermissionTemplateUserDto::getUserId).isEmpty();

  182.     assertThat(db.getDbClient().permissionTemplateDao().selectUserPermissionsByTemplateId(dbSession, anotherTemplate.getId())).extracting(PermissionTemplateUserDto::getUserId)

  183.       .isEmpty();

  184.   }

  185. 

  186.   @Test

  187.   public void deactivate_user_deletes_his_qprofiles_permissions() {

  188.     logInAsSystemAdministrator();

  189.     UserDto user = db.users().insertUser();

  190.     QProfileDto profile = db.qualityProfiles().insert(db.getDefaultOrganization());

  191.     db.qualityProfiles().addUserPermission(profile, user);

  192. 

  193.     deactivate(user.getLogin());

  194. 

  195.     assertThat(db.getDbClient().qProfileEditUsersDao().exists(dbSession, profile, user)).isFalse();

  196.   }

  197. 

  198.   @Test

  199.   public void deactivate_user_deletes_his_default_assignee_settings() {

  200.     logInAsSystemAdministrator();

  201.     UserDto user = db.users().insertUser();

  202.     ComponentDto project = db.components().insertPrivateProject();

  203.     ComponentDto anotherProject = db.components().insertPrivateProject();

  204.     db.properties().insertProperty(new PropertyDto().setKey("sonar.issues.defaultAssigneeLogin").setValue(user.getLogin()).setResourceId(project.getId()));

  205.     db.properties().insertProperty(new PropertyDto().setKey("sonar.issues.defaultAssigneeLogin").setValue(user.getLogin()).setResourceId(anotherProject.getId()));

  206.     db.properties().insertProperty(new PropertyDto().setKey("other").setValue(user.getLogin()).setResourceId(anotherProject.getId()));

  207. 

  208.     deactivate(user.getLogin());

  209. 

  210.     assertThat(db.getDbClient().propertiesDao().selectByQuery(PropertyQuery.builder().setKey("sonar.issues.defaultAssigneeLogin").build(), db.getSession())).isEmpty();

  211.     assertThat(db.getDbClient().propertiesDao().selectByQuery(PropertyQuery.builder().build(), db.getSession())).extracting(PropertyDto::getKey).containsOnly("other");

  212.   }

  213. 

  214.   @Test

  215.   public void deactivate_user_deletes_his_organization_membership() {

  216.     logInAsSystemAdministrator();

  217.     UserDto user = db.users().insertUser();

  218.     OrganizationDto organization = db.organizations().insert();

  219.     db.organizations().addMember(organization, user);

  220.     OrganizationDto anotherOrganization = db.organizations().insert();

  221.     db.organizations().addMember(anotherOrganization, user);

  222. 

  223.     deactivate(user.getLogin());

  224. 

  225.     assertThat(dbClient.organizationMemberDao().select(db.getSession(), organization.getUuid(), user.getId())).isNotPresent();

  226.     assertThat(dbClient.organizationMemberDao().select(db.getSession(), anotherOrganization.getUuid(), user.getId())).isNotPresent();

  227.   }

  228. 

  229.   @Test

  230.   public void deactivate_user_deletes_his_user_settings() {

  231.     logInAsSystemAdministrator();

  232.     UserDto user = db.users().insertUser();

  233.     db.users().insertUserSetting(user);

  234.     db.users().insertUserSetting(user);

  235.     UserDto anotherUser = db.users().insertUser();

  236.     db.users().insertUserSetting(anotherUser);

  237. 

  238.     deactivate(user.getLogin());

  239. 

  240.     assertThat(db.getDbClient().userPropertiesDao().selectByUser(dbSession, user)).isEmpty();

  241.     assertThat(db.getDbClient().userPropertiesDao().selectByUser(dbSession, anotherUser)).hasSize(1);

  242.   }

  243. 

  244.   @Test

  245.   public void cannot_deactivate_self() {

  246.     UserDto user = db.users().insertUser();

  247.     userSession.logIn(user.getLogin()).setSystemAdministrator();

  248. 

  249.     expectedException.expect(BadRequestException.class);

  250.     expectedException.expectMessage("Self-deactivation is not possible");

  251. 

  252.     deactivate(user.getLogin());

  253. 

  254.     verifyThatUserExists(user.getLogin());

  255.   }

  256. 

  257.   @Test

  258.   public void deactivation_requires_to_be_logged_in() {

  259.     expectedException.expect(UnauthorizedException.class);

  260.     expectedException.expectMessage("Authentication is required");

  261. 

  262.     deactivate("someone");

  263.   }

  264. 

  265.   @Test

  266.   public void deactivation_requires_administrator_permission() {

  267.     userSession.logIn();

  268. 

  269.     expectedException.expect(ForbiddenException.class);

  270.     expectedException.expectMessage("Insufficient privileges");

  271. 

  272.     deactivate("someone");

  273.   }

  274. 

  275.   @Test

  276.   public void fail_if_user_does_not_exist() {

  277.     logInAsSystemAdministrator();

  278. 

  279.     expectedException.expect(NotFoundException.class);

  280.     expectedException.expectMessage("User 'someone' doesn't exist");

  281. 

  282.     deactivate("someone");

  283.   }

  284. 

  285.   @Test

  286.   public void fail_if_login_is_blank() {

  287.     logInAsSystemAdministrator();

  288. 

  289.     expectedException.expect(IllegalArgumentException.class);

  290.     expectedException.expectMessage("The 'login' parameter is missing");

  291. 

  292.     deactivate("");

  293.   }

  294. 

  295.   @Test

  296.   public void fail_if_login_is_missing() {

  297.     logInAsSystemAdministrator();

  298. 

  299.     expectedException.expect(IllegalArgumentException.class);

  300.     expectedException.expectMessage("The 'login' parameter is missing");

  301. 

  302.     deactivate(null);

  303.   }

  304. 

  305.   @Test

  306.   public void fail_to_deactivate_last_administrator_of_default_organization() {

  307.     UserDto admin = db.users().insertUser();

  308.     db.users().insertPermissionOnUser(admin, ADMINISTER);

  309.     logInAsSystemAdministrator();

  310. 

  311.     expectedException.expect(BadRequestException.class);

  312.     expectedException.expectMessage("User is last administrator, and cannot be deactivated");

  313. 

  314.     deactivate(admin.getLogin());

  315.   }

  316. 

  317.   @Test

  318.   public void fail_to_deactivate_last_administrator_of_organization() {

  319.     // user1 is the unique administrator of org1 and org2.

  320.     // user1 and user2 are both administrators of org3

  321.     UserDto user1 = db.users().insertUser(u -> u.setLogin("test"));

  322.     OrganizationDto org1 = db.organizations().insert(newOrganizationDto().setKey("org1"));

  323.     OrganizationDto org2 = db.organizations().insert(newOrganizationDto().setKey("org2"));

  324.     OrganizationDto org3 = db.organizations().insert(newOrganizationDto().setKey("org3"));

  325.     db.users().insertPermissionOnUser(org1, user1, ADMINISTER);

  326.     db.users().insertPermissionOnUser(org2, user1, ADMINISTER);

  327.     db.users().insertPermissionOnUser(org3, user1, ADMINISTER);

  328.     UserDto user2 = db.users().insertUser();

  329.     db.users().insertPermissionOnUser(org3, user2, ADMINISTER);

  330.     logInAsSystemAdministrator();

  331. 

  332.     expectedException.expect(BadRequestException.class);

  333.     expectedException.expectMessage("User 'test' is last administrator of organizations [org1, org2], and cannot be deactivated");

  334. 

  335.     deactivate(user1.getLogin());

  336.   }

  337. 

  338.   @Test

  339.   public void administrators_can_be_deactivated_if_there_are_still_other_administrators() {

  340.     UserDto admin = db.users().insertUser();

  341.     UserDto anotherAdmin = db.users().insertUser();

  342.     db.users().insertPermissionOnUser(admin, ADMINISTER);

  343.     db.users().insertPermissionOnUser(anotherAdmin, ADMINISTER);

  344.     db.commit();

  345.     logInAsSystemAdministrator();

  346. 

  347.     deactivate(admin.getLogin());

  348. 

  349.     verifyThatUserIsDeactivated(admin.getLogin());

  350.     verifyThatUserExists(anotherAdmin.getLogin());

  351.   }

  352. 

  353.   @Test

  354.   public void test_definition() {

  355.     assertThat(ws.getDef().isPost()).isTrue();

  356.     assertThat(ws.getDef().isInternal()).isFalse();

  357.     assertThat(ws.getDef().params()).hasSize(1);

  358.   }

  359. 

  360.   @Test

  361.   public void test_example() {

  362.     UserDto user = db.users().insertUser(u -> u

  363.       .setLogin("ada.lovelace")

  364.       .setEmail("ada.lovelace@noteg.com")

  365.       .setName("Ada Lovelace")

  366.       .setLocal(true)

  367.       .setScmAccounts(singletonList("al")));

  368.     logInAsSystemAdministrator();

  369. 

  370.     String json = deactivate(user.getLogin()).getInput();

  371. 

  372.     assertJson(json).isSimilarTo(ws.getDef().responseExampleAsString());

  373.   }

  374. 

  375.   private void logInAsSystemAdministrator() {

  376.     userSession.logIn().setSystemAdministrator();

  377.   }

  378. 

  379.   private TestResponse deactivate(@Nullable String login) {

  380.     TestRequest request = ws.newRequest()

  381.       .setMethod("POST");

  382.     Optional.ofNullable(login).ifPresent(t -> request.setParam("login", login));

  383.     return request.execute();

  384.   }

  385. 

  386.   private void verifyThatUserExists(String login) {

  387.     assertThat(db.users().selectUserByLogin(login)).isPresent();

  388.   }

  389. 

  390.   private void verifyThatUserIsDeactivated(String login) {

  391.     Optional<UserDto> user = db.users().selectUserByLogin(login);

  392.     assertThat(user).isPresent();

  393.     assertThat(user.get().isActive()).isFalse();

  394.     assertThat(user.get().getEmail()).isNull();

  395.     assertThat(user.get().getScmAccountsAsList()).isEmpty();

  396.   }

  397. }