mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
27803 Commits
59 Branches
Tree: db18af0468
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'db18af0468'
${ noResults }
sonarqube/server/sonar-server/src/test/java/org/sonar/server/usertoken/ws/GenerateActionTest.java

GenerateActionTest.java 6.0KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2019 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.usertoken.ws;

  21. 

  22. import javax.annotation.Nullable;

  23. import org.junit.Before;

  24. import org.junit.Rule;

  25. import org.junit.Test;

  26. import org.junit.rules.ExpectedException;

  27. import org.sonar.api.utils.System2;

  28. import org.sonar.db.DbTester;

  29. import org.sonar.db.user.UserDto;

  30. import org.sonar.server.exceptions.BadRequestException;

  31. import org.sonar.server.exceptions.ForbiddenException;

  32. import org.sonar.server.exceptions.NotFoundException;

  33. import org.sonar.server.exceptions.ServerException;

  34. import org.sonar.server.exceptions.UnauthorizedException;

  35. import org.sonar.server.tester.UserSessionRule;

  36. import org.sonar.server.usertoken.TokenGenerator;

  37. import org.sonar.server.ws.TestRequest;

  38. import org.sonar.server.ws.WsActionTester;

  39. import org.sonarqube.ws.MediaTypes;

  40. import org.sonarqube.ws.UserTokens.GenerateWsResponse;

  41. 

  42. import static org.assertj.core.api.Assertions.assertThat;

  43. import static org.mockito.ArgumentMatchers.anyString;

  44. import static org.mockito.Mockito.mock;

  45. import static org.mockito.Mockito.when;

  46. import static org.sonar.server.usertoken.ws.UserTokenSupport.PARAM_LOGIN;

  47. import static org.sonar.server.usertoken.ws.UserTokenSupport.PARAM_NAME;

  48. import static org.sonar.test.JsonAssert.assertJson;

  49. 

  50. public class GenerateActionTest {

  51. 

  52.   private static final String TOKEN_NAME = "Third Party Application";

  53. 

  54.   @Rule

  55.   public DbTester db = DbTester.create(System2.INSTANCE);

  56.   @Rule

  57.   public UserSessionRule userSession = UserSessionRule.standalone();

  58.   @Rule

  59.   public ExpectedException expectedException = ExpectedException.none();

  60. 

  61.   private TokenGenerator tokenGenerator = mock(TokenGenerator.class);

  62. 

  63.   private WsActionTester ws = new WsActionTester(

  64.     new GenerateAction(db.getDbClient(), System2.INSTANCE, tokenGenerator, new UserTokenSupport(db.getDbClient(), userSession)));

  65. 

  66.   @Before

  67.   public void setUp() {

  68.     when(tokenGenerator.generate()).thenReturn("123456789");

  69.     when(tokenGenerator.hash(anyString())).thenReturn("987654321");

  70.   }

  71. 

  72.   @Test

  73.   public void json_example() {

  74.     UserDto user1 = db.users().insertUser(u -> u.setLogin("grace.hopper"));

  75.     UserDto user2 = db.users().insertUser(u -> u.setLogin("ada.lovelace"));

  76.     logInAsSystemAdministrator();

  77. 

  78.     String response = ws.newRequest()

  79.       .setMediaType(MediaTypes.JSON)

  80.       .setParam(PARAM_LOGIN, user1.getLogin())

  81.       .setParam(PARAM_NAME, TOKEN_NAME)

  82.       .execute().getInput();

  83. 

  84.     assertJson(response).ignoreFields("createdAt").isSimilarTo(getClass().getResource("generate-example.json"));

  85.   }

  86. 

  87.   @Test

  88.   public void a_user_can_generate_token_for_himself() {

  89.     UserDto user = db.users().insertUser();

  90.     userSession.logIn(user);

  91. 

  92.     GenerateWsResponse response = newRequest(null, TOKEN_NAME);

  93. 

  94.     assertThat(response.getLogin()).isEqualTo(user.getLogin());

  95.     assertThat(response.getCreatedAt()).isNotEmpty();

  96.   }

  97. 

  98.   @Test

  99.   public void fail_if_login_does_not_exist() {

  100.     logInAsSystemAdministrator();

  101. 

  102.     expectedException.expect(NotFoundException.class);

  103.     expectedException.expectMessage("User with login 'unknown-login' doesn't exist");

  104. 

  105.     newRequest("unknown-login", "any-name");

  106.   }

  107. 

  108.   @Test

  109.   public void fail_if_name_is_blank() {

  110.     UserDto user = db.users().insertUser();

  111.     logInAsSystemAdministrator();

  112. 

  113.     expectedException.expect(IllegalArgumentException.class);

  114.     expectedException.expectMessage("The 'name' parameter is missing");

  115. 

  116.     newRequest(user.getLogin(), "   ");

  117.   }

  118. 

  119.   @Test

  120.   public void fail_if_token_with_same_login_and_name_exists() {

  121.     UserDto user = db.users().insertUser();

  122.     logInAsSystemAdministrator();

  123.     db.users().insertToken(user, t -> t.setName(TOKEN_NAME));

  124. 

  125.     expectedException.expect(BadRequestException.class);

  126.     expectedException.expectMessage(String.format("A user token for login '%s' and name 'Third Party Application' already exists", user.getLogin()));

  127. 

  128.     newRequest(user.getLogin(), TOKEN_NAME);

  129.   }

  130. 

  131.   @Test

  132.   public void fail_if_token_hash_already_exists_in_db() {

  133.     UserDto user = db.users().insertUser();

  134.     logInAsSystemAdministrator();

  135.     when(tokenGenerator.hash(anyString())).thenReturn("987654321");

  136.     db.users().insertToken(user, t -> t.setTokenHash("987654321"));

  137. 

  138.     expectedException.expect(ServerException.class);

  139.     expectedException.expectMessage("Error while generating token. Please try again.");

  140. 

  141.     newRequest(user.getLogin(), TOKEN_NAME);

  142.   }

  143. 

  144.   @Test

  145.   public void throw_ForbiddenException_if_non_administrator_creates_token_for_someone_else() {

  146.     UserDto user = db.users().insertUser();

  147.     userSession.logIn().setNonSystemAdministrator();

  148. 

  149.     expectedException.expect(ForbiddenException.class);

  150. 

  151.     newRequest(user.getLogin(), TOKEN_NAME);

  152.   }

  153. 

  154.   @Test

  155.   public void throw_UnauthorizedException_if_not_logged_in() {

  156.     UserDto user = db.users().insertUser();

  157.     userSession.anonymous();

  158. 

  159.     expectedException.expect(UnauthorizedException.class);

  160. 

  161.     newRequest(user.getLogin(), TOKEN_NAME);

  162.   }

  163. 

  164.   private GenerateWsResponse newRequest(@Nullable String login, String name) {

  165.     TestRequest testRequest = ws.newRequest()

  166.       .setParam(PARAM_NAME, name);

  167.     if (login != null) {

  168.       testRequest.setParam(PARAM_LOGIN, login);

  169.     }

  170. 

  171.     return testRequest.executeProtobuf(GenerateWsResponse.class);

  172.   }

  173. 

  174.   private void logInAsSystemAdministrator() {

  175.     userSession.logIn().setSystemAdministrator();

  176.   }

  177. }