mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
28067 Commits
59 Branches
Tree: eb399b126d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'eb399b126d'
${ noResults }
sonarqube/server/sonar-server/src/test/java/org/sonar/server/user/ws/CreateActionTest.java

CreateActionTest.java 15KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2019 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.user.ws;

  21. 

  22. import java.util.HashSet;

  23. import java.util.Optional;

  24. import org.junit.Before;

  25. import org.junit.Rule;

  26. import org.junit.Test;

  27. import org.junit.rules.ExpectedException;

  28. import org.mockito.ArgumentCaptor;

  29. import org.sonar.api.config.internal.MapSettings;

  30. import org.sonar.api.server.ws.WebService;

  31. import org.sonar.api.utils.System2;

  32. import org.sonar.api.utils.internal.AlwaysIncreasingSystem2;

  33. import org.sonar.core.config.CorePropertyDefinitions;

  34. import org.sonar.db.DbSession;

  35. import org.sonar.db.DbTester;

  36. import org.sonar.db.user.GroupDto;

  37. import org.sonar.db.user.UserDto;

  38. import org.sonar.server.authentication.CredentialsLocalAuthentication;

  39. import org.sonar.server.es.EsTester;

  40. import org.sonar.server.exceptions.ForbiddenException;

  41. import org.sonar.server.organization.DefaultOrganizationProvider;

  42. import org.sonar.server.organization.OrganizationUpdater;

  43. import org.sonar.server.organization.TestDefaultOrganizationProvider;

  44. import org.sonar.server.organization.TestOrganizationFlags;

  45. import org.sonar.server.tester.UserSessionRule;

  46. import org.sonar.server.user.NewUserNotifier;

  47. import org.sonar.server.user.UserUpdater;

  48. import org.sonar.server.user.index.UserIndexDefinition;

  49. import org.sonar.server.user.index.UserIndexer;

  50. import org.sonar.server.user.ws.CreateAction.CreateRequest;

  51. import org.sonar.server.usergroups.DefaultGroupFinder;

  52. import org.sonar.server.ws.TestRequest;

  53. import org.sonar.server.ws.WsActionTester;

  54. import org.sonarqube.ws.Users.CreateWsResponse;

  55. import org.sonarqube.ws.Users.CreateWsResponse.User;

  56. 

  57. import static java.lang.String.format;

  58. import static java.util.Collections.singletonList;

  59. import static java.util.Optional.ofNullable;

  60. import static org.assertj.core.api.Assertions.assertThat;

  61. import static org.elasticsearch.index.query.QueryBuilders.boolQuery;

  62. import static org.elasticsearch.index.query.QueryBuilders.termQuery;

  63. import static org.mockito.ArgumentMatchers.any;

  64. import static org.mockito.Mockito.mock;

  65. import static org.mockito.Mockito.verify;

  66. import static org.sonar.db.user.UserTesting.newUserDto;

  67. import static org.sonar.server.user.index.UserIndexDefinition.FIELD_EMAIL;

  68. import static org.sonar.server.user.index.UserIndexDefinition.FIELD_LOGIN;

  69. import static org.sonar.server.user.index.UserIndexDefinition.FIELD_NAME;

  70. import static org.sonar.server.user.index.UserIndexDefinition.FIELD_SCM_ACCOUNTS;

  71. 

  72. public class CreateActionTest {

  73. 

  74.   private static final String DEFAULT_GROUP_NAME = "sonar-users";

  75.   private MapSettings settings = new MapSettings();

  76.   private System2 system2 = new AlwaysIncreasingSystem2();

  77. 

  78.   @Rule

  79.   public DbTester db = DbTester.create(system2);

  80.   @Rule

  81.   public EsTester es = EsTester.create();

  82.   @Rule

  83.   public UserSessionRule userSessionRule = UserSessionRule.standalone();

  84.   @Rule

  85.   public ExpectedException expectedException = ExpectedException.none();

  86. 

  87.   private UserIndexer userIndexer = new UserIndexer(db.getDbClient(), es.client());

  88.   private GroupDto defaultGroupInDefaultOrg;

  89.   private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db);

  90.   private TestOrganizationFlags organizationFlags = TestOrganizationFlags.standalone();

  91.   private OrganizationUpdater organizationUpdater = mock(OrganizationUpdater.class);

  92.   private CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient());

  93.   private WsActionTester tester = new WsActionTester(new CreateAction(

  94.     db.getDbClient(),

  95.     new UserUpdater(system2, mock(NewUserNotifier.class), db.getDbClient(), userIndexer, organizationFlags, defaultOrganizationProvider,

  96.       organizationUpdater, new DefaultGroupFinder(db.getDbClient()), settings.asConfig(), localAuthentication),

  97.     userSessionRule));

  98. 

  99.   @Before

  100.   public void setUp() {

  101.     defaultGroupInDefaultOrg = db.users().insertDefaultGroup(db.getDefaultOrganization(), DEFAULT_GROUP_NAME);

  102.   }

  103. 

  104.   @Test

  105.   public void create_user() {

  106.     logInAsSystemAdministrator();

  107. 

  108.     CreateWsResponse response = call(CreateRequest.builder()

  109.       .setLogin("john")

  110.       .setName("John")

  111.       .setEmail("john@email.com")

  112.       .setScmAccounts(singletonList("jn"))

  113.       .setPassword("1234")

  114.       .build());

  115. 

  116.     assertThat(response.getUser())

  117.       .extracting(User::getLogin, User::getName, User::getEmail, User::getScmAccountsList, User::getLocal)

  118.       .containsOnly("john", "John", "john@email.com", singletonList("jn"), true);

  119. 

  120.     // exists in index

  121.     assertThat(es.client().prepareSearch(UserIndexDefinition.TYPE_USER)

  122.       .setQuery(boolQuery()

  123.         .must(termQuery(FIELD_LOGIN, "john"))

  124.         .must(termQuery(FIELD_NAME, "John"))

  125.         .must(termQuery(FIELD_EMAIL, "john@email.com"))

  126.         .must(termQuery(FIELD_SCM_ACCOUNTS, "jn")))

  127.       .get().getHits().getHits()).hasSize(1);

  128. 

  129.     // exists in db

  130.     Optional<UserDto> dbUser = db.users().selectUserByLogin("john");

  131.     assertThat(dbUser).isPresent();

  132.     assertThat(dbUser.get().isRoot()).isFalse();

  133. 

  134.     // member of default group in default organization

  135.     assertThat(db.users().selectGroupIdsOfUser(dbUser.get())).containsOnly(defaultGroupInDefaultOrg.getId());

  136.   }

  137. 

  138.   @Test

  139.   public void create_user_calls_create_personal_organization_if_personal_organizations_are_enabled() {

  140.     logInAsSystemAdministrator();

  141.     enableCreatePersonalOrg(true);

  142.     assertACallToOrganizationCreationWhenUserIsCreated();

  143.   }

  144. 

  145.   @Test

  146.   public void create_user_calls_create_personal_organization_if_personal_organizations_are_disabled() {

  147.     logInAsSystemAdministrator();

  148.     enableCreatePersonalOrg(false);

  149.     assertACallToOrganizationCreationWhenUserIsCreated();

  150.   }

  151. 

  152.   @Test

  153.   public void create_user_associates_him_to_default_organization() {

  154.     logInAsSystemAdministrator();

  155.     enableCreatePersonalOrg(true);

  156. 

  157.     call(CreateRequest.builder()

  158.       .setLogin("john")

  159.       .setName("John")

  160.       .setPassword("1234")

  161.       .build());

  162. 

  163.     Optional<UserDto> dbUser = db.users().selectUserByLogin("john");

  164.     assertThat(dbUser).isPresent();

  165.     assertThat(db.getDbClient().organizationMemberDao().select(db.getSession(), defaultOrganizationProvider.get().getUuid(), dbUser.get().getId())).isPresent();

  166.   }

  167. 

  168.   @Test

  169.   public void create_local_user() {

  170.     logInAsSystemAdministrator();

  171. 

  172.     call(CreateRequest.builder()

  173.       .setLogin("john")

  174.       .setName("John")

  175.       .setPassword("1234")

  176.       .setLocal(true)

  177.       .build());

  178. 

  179.     assertThat(db.users().selectUserByLogin("john").get())

  180.       .extracting(UserDto::isLocal, UserDto::getExternalIdentityProvider, UserDto::getExternalLogin, UserDto::isRoot)

  181.       .containsOnly(true, "sonarqube", "john", false);

  182.   }

  183. 

  184.   @Test

  185.   public void create_none_local_user() {

  186.     logInAsSystemAdministrator();

  187. 

  188.     call(CreateRequest.builder()

  189.       .setLogin("john")

  190.       .setName("John")

  191.       .setLocal(false)

  192.       .build());

  193. 

  194.     assertThat(db.users().selectUserByLogin("john").get())

  195.       .extracting(UserDto::isLocal, UserDto::getExternalIdentityProvider, UserDto::getExternalLogin, UserDto::isRoot)

  196.       .containsOnly(false, "sonarqube", "john", false);

  197.   }

  198. 

  199.   @Test

  200.   public void create_user_with_comma_in_scm_account() {

  201.     logInAsSystemAdministrator();

  202. 

  203.     CreateWsResponse response = call(CreateRequest.builder()

  204.       .setLogin("john")

  205.       .setName("John")

  206.       .setEmail("john@email.com")

  207.       .setScmAccounts(singletonList("j,n"))

  208.       .setPassword("1234")

  209.       .build());

  210. 

  211.     assertThat(response.getUser().getScmAccountsList()).containsOnly("j,n");

  212.   }

  213. 

  214.   @Test

  215.   public void create_user_with_empty_email() {

  216.     logInAsSystemAdministrator();

  217. 

  218.     call(CreateRequest.builder()

  219.       .setLogin("john")

  220.       .setName("John")

  221.       .setPassword("1234")

  222.       .setEmail("")

  223.       .build());

  224. 

  225.     assertThat(db.users().selectUserByLogin("john").get())

  226.       .extracting(UserDto::getExternalLogin)

  227.       .containsOnly("john");

  228.   }

  229. 

  230.   @Test

  231.   public void create_user_with_deprecated_scmAccounts_parameter() {

  232.     logInAsSystemAdministrator();

  233. 

  234.     tester.newRequest()

  235.       .setParam("login", "john")

  236.       .setParam("name", "John")

  237.       .setParam("password", "1234")

  238.       .setParam("scmAccounts", "jn")

  239.       .execute();

  240. 

  241.     assertThat(db.users().selectUserByLogin("john").get().getScmAccountsAsList()).containsOnly("jn");

  242.   }

  243. 

  244.   @Test

  245.   public void create_user_with_deprecated_scm_accounts_parameter() {

  246.     logInAsSystemAdministrator();

  247. 

  248.     tester.newRequest()

  249.       .setParam("login", "john")

  250.       .setParam("name", "John")

  251.       .setParam("password", "1234")

  252.       .setParam("scm_accounts", "jn")

  253.       .execute();

  254. 

  255.     assertThat(db.users().selectUserByLogin("john").get().getScmAccountsAsList()).containsOnly("jn");

  256.   }

  257. 

  258.   @Test

  259.   public void reactivate_user() {

  260.     logInAsSystemAdministrator();

  261. 

  262.     db.users().insertUser(newUserDto("john", "John", "john@email.com").setActive(false));

  263.     userIndexer.indexOnStartup(new HashSet<>());

  264. 

  265.     call(CreateRequest.builder()

  266.       .setLogin("john")

  267.       .setName("John")

  268.       .setEmail("john@email.com")

  269.       .setScmAccounts(singletonList("jn"))

  270.       .setPassword("1234")

  271.       .build());

  272. 

  273.     assertThat(db.users().selectUserByLogin("john").get().isActive()).isTrue();

  274.   }

  275. 

  276.   @Test

  277.   public void fail_to_reactivate_user_when_active_user_exists() {

  278.     logInAsSystemAdministrator();

  279.     UserDto user = db.users().insertUser();

  280. 

  281.     expectedException.expect(IllegalArgumentException.class);

  282.     expectedException.expectMessage(format("An active user with login '%s' already exists", user.getLogin()));

  283. 

  284.     call(CreateRequest.builder()

  285.       .setLogin(user.getLogin())

  286.       .setName("John")

  287.       .setPassword("1234")

  288.       .build());

  289.   }

  290. 

  291.   @Test

  292.   public void fail_when_missing_login() {

  293.     logInAsSystemAdministrator();

  294. 

  295.     expectedException.expect(IllegalArgumentException.class);

  296.     expectedException.expectMessage("Login is mandatory and must not be empty");

  297.     call(CreateRequest.builder()

  298.       .setLogin(null)

  299.       .setName("John")

  300.       .setPassword("1234")

  301.       .build());

  302.   }

  303. 

  304.   @Test

  305.   public void fail_when_login_is_too_short() {

  306.     logInAsSystemAdministrator();

  307. 

  308.     expectedException.expect(IllegalArgumentException.class);

  309.     expectedException.expectMessage("'login' length (1) is shorter than the minimum authorized (2)");

  310.     call(CreateRequest.builder()

  311.       .setLogin("a")

  312.       .setName("John")

  313.       .setPassword("1234")

  314.       .build());

  315.   }

  316. 

  317.   @Test

  318.   public void fail_when_missing_name() {

  319.     logInAsSystemAdministrator();

  320. 

  321.     expectedException.expect(IllegalArgumentException.class);

  322.     expectedException.expectMessage("Name is mandatory and must not be empty");

  323.     call(CreateRequest.builder()

  324.       .setLogin("john")

  325.       .setName(null)

  326.       .setPassword("1234")

  327.       .build());

  328.   }

  329. 

  330.   @Test

  331.   public void fail_when_missing_password() {

  332.     logInAsSystemAdministrator();

  333. 

  334.     expectedException.expect(IllegalArgumentException.class);

  335.     expectedException.expectMessage("Password is mandatory and must not be empty");

  336.     call(CreateRequest.builder()

  337.       .setLogin("john")

  338.       .setName("John")

  339.       .setPassword(null)

  340.       .build());

  341.   }

  342. 

  343.   @Test

  344.   public void fail_when_password_is_set_on_none_local_user() {

  345.     logInAsSystemAdministrator();

  346. 

  347.     expectedException.expect(IllegalArgumentException.class);

  348.     expectedException.expectMessage("Password should only be set on local user");

  349.     call(CreateRequest.builder()

  350.       .setLogin("john")

  351.       .setName("John")

  352.       .setPassword("1234")

  353.       .setLocal(false)

  354.       .build());

  355.   }

  356. 

  357.   @Test

  358.   public void fail_when_email_is_invalid() {

  359.     logInAsSystemAdministrator();

  360. 

  361.     expectedException.expect(IllegalArgumentException.class);

  362.     expectedException.expectMessage("Email 'invalid-email' is not valid");

  363. 

  364.     call(CreateRequest.builder()

  365.       .setLogin("pipo")

  366.       .setName("John")

  367.       .setPassword("1234")

  368.       .setEmail("invalid-email")

  369.       .build());

  370.   }

  371. 

  372.   @Test

  373.   public void throw_ForbiddenException_if_not_system_administrator() {

  374.     userSessionRule.logIn().setNonSystemAdministrator();

  375. 

  376.     expectedException.expect(ForbiddenException.class);

  377.     expectedException.expectMessage("");

  378. 

  379.     expectedException.expect(ForbiddenException.class);

  380.     executeRequest("john");

  381.   }

  382. 

  383.   @Test

  384.   public void test_definition() {

  385.     WebService.Action action = tester.getDef();

  386.     assertThat(action).isNotNull();

  387.     assertThat(action.isPost()).isTrue();

  388.     assertThat(action.params()).hasSize(7);

  389.   }

  390. 

  391.   private CreateWsResponse executeRequest(String login) {

  392.     return call(CreateRequest.builder()

  393.       .setLogin(login)

  394.       .setName("name of " + login)

  395.       .setEmail(login + "@email.com")

  396.       .setScmAccounts(singletonList(login.substring(0, 2)))

  397.       .setPassword("pwd_" + login)

  398.       .build());

  399.   }

  400. 

  401.   private void assertACallToOrganizationCreationWhenUserIsCreated() {

  402.     call(CreateRequest.builder()

  403.       .setLogin("john")

  404.       .setName("John")

  405.       .setPassword("1234")

  406.       .build());

  407. 

  408.     Optional<UserDto> dbUser = db.users().selectUserByLogin("john");

  409.     assertThat(dbUser).isPresent();

  410. 

  411.     ArgumentCaptor<UserDto> userCaptor = ArgumentCaptor.forClass(UserDto.class);

  412.     verify(organizationUpdater).createForUser(any(DbSession.class), userCaptor.capture());

  413.     assertThat(userCaptor.getValue().getId()).isEqualTo(dbUser.get().getId());

  414.   }

  415. 

  416.   private void logInAsSystemAdministrator() {

  417.     userSessionRule.logIn().setSystemAdministrator();

  418.   }

  419. 

  420.   private CreateWsResponse call(CreateRequest createRequest) {

  421.     TestRequest request = tester.newRequest();

  422.     ofNullable(createRequest.getLogin()).ifPresent(e4 -> request.setParam("login", e4));

  423.     ofNullable(createRequest.getName()).ifPresent(e3 -> request.setParam("name", e3));

  424.     ofNullable(createRequest.getEmail()).ifPresent(e2 -> request.setParam("email", e2));

  425.     ofNullable(createRequest.getPassword()).ifPresent(e1 -> request.setParam("password", e1));

  426.     ofNullable(createRequest.getScmAccounts()).ifPresent(e -> request.setMultiParam("scmAccount", e));

  427.     request.setParam("local", createRequest.isLocal() ? "true" : "false");

  428.     return request.executeProtobuf(CreateWsResponse.class);

  429.   }

  430. 

  431.   private void enableCreatePersonalOrg(boolean flag) {

  432.     settings.setProperty(CorePropertyDefinitions.ORGANIZATIONS_CREATE_PERSONAL_ORG, flag);

  433.   }

  434. 

  435. }