SONAR-21813 Fix SSF-565

author: Antoine Vigneau <antoine.vigneau@sonarsource.com> 2024-03-12 11:30:43 +0100
committer: sonartech <sonartech@sonarsource.com> 2024-03-13 20:02:36 +0000
commit: 4eec8f1729f8566b9c553d17b09801ba15cccc36 (patch)
tree: 0bf43880f7fcc5cc758da6362b8d73f4256a0f04
parent: 91841b996da676b769a45dc831d6104465e2fc41 (diff)
download: sonarqube-4eec8f1729f8566b9c553d17b09801ba15cccc36.tar.gz
sonarqube-4eec8f1729f8566b9c553d17b09801ba15cccc36.zip
6 files changed, 56 insertions, 6 deletions
diff --git a/server/sonar-web/src/main/js/apps/settings/components/almIntegration/GithubForm.tsx b/server/sonar-web/src/main/js/apps/settings/components/almIntegration/GithubForm.tsx
index 67d9ed7846d..ac309b19223 100644
--- a/server/sonar-web/src/main/js/apps/settings/components/almIntegration/GithubForm.tsx
+++ b/server/sonar-web/src/main/js/apps/settings/components/almIntegration/GithubForm.tsx
@@ -56,6 +56,9 @@ export default function GithubForm(props: GithubFormProps) {
             {translate('settings.almintegration.form.url.github.help2')}
             <br />
             <em>https://api.github.com/</em>
+            <br />
+            <br />
+            {translate('settings.almintegration.form.url.github.private_key_warning')}
           </>
         }
         id="url.github"
diff --git a/server/sonar-web/src/main/js/apps/settings/components/almIntegration/__tests__/__snapshots__/GithubForm-test.tsx.snap b/server/sonar-web/src/main/js/apps/settings/components/almIntegration/__tests__/__snapshots__/GithubForm-test.tsx.snap
index 1abc6baade5..896a200167a 100644
--- a/server/sonar-web/src/main/js/apps/settings/components/almIntegration/__tests__/__snapshots__/GithubForm-test.tsx.snap
+++ b/server/sonar-web/src/main/js/apps/settings/components/almIntegration/__tests__/__snapshots__/GithubForm-test.tsx.snap
@@ -26,6 +26,9 @@ exports[`should render correctly 1`] = `
         <em>
           https://api.github.com/
         </em>
+        <br />
+        <br />
+        settings.almintegration.form.url.github.private_key_warning
       </React.Fragment>
     }
     id="url.github"
@@ -129,6 +132,9 @@ exports[`should render correctly 2`] = `
         <em>
           https://api.github.com/
         </em>
+        <br />
+        <br />
+        settings.almintegration.form.url.github.private_key_warning
       </React.Fragment>
     }
     id="url.github"
diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/AlmSettingsSupport.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/AlmSettingsSupport.java
index f7dd35d6647..df9d6287c38 100644
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/AlmSettingsSupport.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/AlmSettingsSupport.java
@@ -20,6 +20,7 @@
 package org.sonar.server.almsettings.ws;
 
 import java.util.regex.Pattern;
+import javax.annotation.Nullable;
 import org.sonar.api.server.ServerSide;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
@@ -34,6 +35,7 @@ import org.sonar.server.user.UserSession;
 import org.sonarqube.ws.AlmSettings;
 
 import static java.lang.String.format;
+import static org.apache.commons.lang.StringUtils.isEmpty;
 import static org.sonar.api.web.UserRole.ADMIN;
 
 @ServerSide
@@ -113,4 +115,10 @@ public class AlmSettingsSupport {
         throw new IllegalStateException(format("Unknown DevOps Platform '%s'", alm.name()));
     }
   }
+
+  public void checkPrivateKeyOnUrlUpdate(AlmSettingDto almSettingDto, String url, @Nullable String privateKey) {
+    if (!url.equals(almSettingDto.getUrl()) && isEmpty(privateKey)) {
+      throw new IllegalArgumentException("Please provide the Private Key to update the URL.");
+    }
+  }
 }
diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/UpdateGithubAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/UpdateGithubAction.java
index 7fa7da69c9a..fd1473d804c 100644
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/UpdateGithubAction.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/UpdateGithubAction.java
@@ -116,13 +116,17 @@ public class UpdateGithubAction implements AlmSettingsWsAction {
   private void doHandle(Request request, DbSession dbSession) {
     String key = request.mandatoryParam(PARAM_KEY);
     String newKey = request.param(PARAM_NEW_KEY);
+
     if (isNotBlank(newKey) && !newKey.equals(key)) {
       almSettingsSupport.checkAlmSettingDoesNotAlreadyExist(dbSession, newKey);
     }
 
     AlmSettingDto almSettingDto = almSettingsSupport.getAlmSetting(dbSession, key);
-
+    String url = request.mandatoryParam(PARAM_URL);
     String privateKey = request.param(PARAM_PRIVATE_KEY);
+
+    almSettingsSupport.checkPrivateKeyOnUrlUpdate(almSettingDto, url, privateKey);
+
     if (isNotBlank(privateKey)) {
       almSettingDto.setPrivateKey(privateKey);
     }
diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/almsettings/ws/UpdateGithubActionTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/almsettings/ws/UpdateGithubActionTest.java
index 2ee55b08bf8..c7248cbca3a 100644
--- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/almsettings/ws/UpdateGithubActionTest.java
+++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/almsettings/ws/UpdateGithubActionTest.java
@@ -123,14 +123,14 @@ public class UpdateGithubActionTest {
   }
 
   @Test
-  public void update_without_private_key_nor_client_secret() {
+  public void update_without_client_secret() {
     buildTestRequestWithoutSecrets().execute();
 
     assertThat(db.getDbClient().almSettingDao().selectAll(db.getSession()))
       .extracting(AlmSettingDto::getKey, AlmSettingDto::getUrl, AlmSettingDto::getAppId,
         s -> s.getDecryptedPrivateKey(encryption), AlmSettingDto::getClientId, s -> s.getDecryptedClientSecret(encryption))
       .containsOnly(tuple(almSettingDto.getKey(), "https://github.enterprise-unicorn.com", "54321",
-        almSettingDto.getDecryptedPrivateKey(encryption), "client_1234", almSettingDto.getDecryptedClientSecret(encryption)));
+        "10987654321", "client_1234", almSettingDto.getDecryptedClientSecret(encryption)));
   }
 
 
@@ -139,7 +139,8 @@ public class UpdateGithubActionTest {
       .setParam("key", almSettingDto.getKey())
       .setParam("url", "https://github.enterprise-unicorn.com/")
       .setParam("appId", "54321")
-      .setParam("clientId", "client_1234");
+      .setParam("clientId", "client_1234")
+      .setParam("privateKey", "10987654321");
   }
 
   @Test
@@ -167,6 +168,34 @@ public class UpdateGithubActionTest {
   }
 
   @Test
+  public void update_without_url_changes_does_not_need_private_key() {
+    TestRequest request = ws.newRequest()
+      .setParam("key", almSettingDto.getKey())
+      .setParam("url", almSettingDto.getUrl())
+      .setParam("appId", "54321")
+      .setParam("clientId", "client_1234");
+
+    request.execute();
+
+    assertThat(db.getDbClient().almSettingDao().selectAll(db.getSession()))
+      .extracting(AlmSettingDto::getKey, AlmSettingDto::getUrl, AlmSettingDto::getAppId, AlmSettingDto::getClientId)
+      .containsOnly(tuple(almSettingDto.getKey(), almSettingDto.getUrl(), "54321", "client_1234"));
+  }
+
+  @Test
+  public void fail_when_url_updated_without_private_key() {
+    TestRequest request = ws.newRequest()
+      .setParam("key", almSettingDto.getKey())
+      .setParam("url", "https://github.enterprise-unicorn.com")
+      .setParam("appId", "54321")
+      .setParam("clientId", "client_1234");
+
+    assertThatThrownBy(request::execute)
+      .isInstanceOf(IllegalArgumentException.class)
+      .hasMessageContaining("Please provide the Private Key to update the URL.");
+  }
+
+  @Test
   public void fail_when_missing_administer_system_permission() {
     UserDto user = db.users().insertUser();
     userSession.logIn(user);
@@ -250,8 +279,7 @@ public class UpdateGithubActionTest {
   public static Object[][] secretParams() {
     return new Object[][] {
       {"webhookSecret"},
-      {"clientSecret"},
-      {"privateKey"}
+      {"clientSecret"}
     };
   }
 
diff --git a/sonar-core/src/main/resources/org/sonar/l10n/core.properties b/sonar-core/src/main/resources/org/sonar/l10n/core.properties
index 599e3127f23..4cb6ae9a39b 100644
--- a/sonar-core/src/main/resources/org/sonar/l10n/core.properties
+++ b/sonar-core/src/main/resources/org/sonar/l10n/core.properties
@@ -1232,6 +1232,7 @@ settings.almintegration.form.url.bitbucket.help=Example: {example}
 settings.almintegration.form.url.github=GitHub API URL
 settings.almintegration.form.url.github.help1=Example for Github Enterprise:
 settings.almintegration.form.url.github.help2=If using GitHub.com:
+settings.almintegration.form.url.github.private_key_warning=Please make sure to provide the GitHub App private key for updating the URL.
 settings.almintegration.form.url.gitlab=GitLab API URL
 settings.almintegration.form.url.gitlab.help=Provide the GitLab API URL. For example:
 settings.almintegration.form.app_id=GitHub App ID
author	Antoine Vigneau <antoine.vigneau@sonarsource.com>	2024-03-12 11:30:43 +0100
committer	sonartech <sonartech@sonarsource.com>	2024-03-13 20:02:36 +0000
commit	4eec8f1729f8566b9c553d17b09801ba15cccc36 (patch)
tree	0bf43880f7fcc5cc758da6362b8d73f4256a0f04
parent	91841b996da676b769a45dc831d6104465e2fc41 (diff)
download	sonarqube-4eec8f1729f8566b9c553d17b09801ba15cccc36.tar.gz sonarqube-4eec8f1729f8566b9c553d17b09801ba15cccc36.zip