diff options
author | Pierre Guillot <50145663+pierre-guillot-sonarsource@users.noreply.github.com> | 2022-10-07 13:58:19 +0200 |
---|---|---|
committer | sonartech <sonartech@sonarsource.com> | 2022-10-07 20:03:00 +0000 |
commit | aaadf8992978dbe2c4f7b1a3795c8d627234dc32 (patch) | |
tree | ecfd87da7648723ddff7dad66f24070ec587805f | |
parent | 657e8f919836bb5fc6b788eb72897ac639010a84 (diff) | |
download | sonarqube-aaadf8992978dbe2c4f7b1a3795c8d627234dc32.tar.gz sonarqube-aaadf8992978dbe2c4f7b1a3795c8d627234dc32.zip |
SONAR-17435 fix SSF-318
3 files changed, 28 insertions, 30 deletions
diff --git a/server/sonar-web/src/main/js/api/settings.ts b/server/sonar-web/src/main/js/api/settings.ts index 6fd866a2a30..20c397eedc6 100644 --- a/server/sonar-web/src/main/js/api/settings.ts +++ b/server/sonar-web/src/main/js/api/settings.ts @@ -20,7 +20,7 @@ import { omitBy } from 'lodash'; import { isCategoryDefinition } from '../apps/settings/utils'; import { throwGlobalError } from '../helpers/error'; -import { getJSON, post, postJSON, RequestData } from '../helpers/request'; +import { getJSON, post, RequestData } from '../helpers/request'; import { BranchParameters } from '../types/branch-like'; import { ExtendedSettingDefinition, @@ -105,9 +105,9 @@ export function checkSecretKey(): Promise<{ secretKeyAvailable: boolean }> { } export function generateSecretKey(): Promise<{ secretKey: string }> { - return postJSON('/api/settings/generate_secret_key').catch(throwGlobalError); + return getJSON('/api/settings/generate_secret_key').catch(throwGlobalError); } export function encryptValue(value: string): Promise<{ encryptedValue: string }> { - return postJSON('/api/settings/encrypt', { value }).catch(throwGlobalError); + return getJSON('/api/settings/encrypt', { value }).catch(throwGlobalError); } diff --git a/server/sonar-webserver-ws/src/main/java/org/sonar/server/ws/RequestVerifier.java b/server/sonar-webserver-ws/src/main/java/org/sonar/server/ws/RequestVerifier.java index 36334869a00..636ada3a8d2 100644 --- a/server/sonar-webserver-ws/src/main/java/org/sonar/server/ws/RequestVerifier.java +++ b/server/sonar-webserver-ws/src/main/java/org/sonar/server/ws/RequestVerifier.java @@ -36,12 +36,14 @@ public class RequestVerifier { if (action.isPost()) { throw new ServerException(SC_METHOD_NOT_ALLOWED, "HTTP method POST is required"); } - return; - case "PUT": - case "DELETE": - throw new ServerException(SC_METHOD_NOT_ALLOWED, String.format("HTTP method %s is not allowed", request.method())); + break; + case "POST": + if (!action.isPost()) { + throw new ServerException(SC_METHOD_NOT_ALLOWED, "HTTP method GET is required"); + } + break; default: - // Nothing to do + throw new ServerException(SC_METHOD_NOT_ALLOWED, String.format("HTTP method %s is not allowed", request.method())); } } } diff --git a/server/sonar-webserver-ws/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java b/server/sonar-webserver-ws/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java index e138a6bc316..bec6603904b 100644 --- a/server/sonar-webserver-ws/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java +++ b/server/sonar-webserver-ws/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java @@ -57,7 +57,7 @@ public class WebServiceEngineTest { @Test public void load_ws_definitions_at_startup() { - WebServiceEngine underTest = new WebServiceEngine(new WebService[] { + WebServiceEngine underTest = new WebServiceEngine(new WebService[]{ newWs("api/foo/index", a -> { }), newWs("api/bar/index", a -> { @@ -75,7 +75,7 @@ public class WebServiceEngineTest { @DataProvider public static Object[][] responseData() { - return new Object[][] { + return new Object[][]{ {"/api/ping", "pong", 200}, {"api/ping", "pong", 200}, {"api/ping.json", "pong", 200}, @@ -130,35 +130,31 @@ public class WebServiceEngineTest { } @Test - public void POST_is_considered_as_GET_if_POST_is_not_supported() { - Request request = new TestRequest().setMethod("POST").setPath("api/ping"); + public void fail_if_method_POST_is_not_allowed() { + Request request = new TestRequest().setMethod("POST").setPath("api/foo"); - DumbResponse response = run(request, newPingWs(a -> { - })); + DumbResponse response = run(request, newWs("api/foo", a -> a.setPost(false))); - assertThat(response.stream().outputAsString()).isEqualTo("pong"); - assertThat(response.status()).isEqualTo(200); + assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"HTTP method GET is required\"}]}"); + assertThat(response.status()).isEqualTo(405); } - @Test - public void method_PUT_is_not_allowed() { - Request request = new TestRequest().setMethod("PUT").setPath("/api/ping"); - - DumbResponse response = run(request, newPingWs(a -> { - })); - - assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"HTTP method PUT is not allowed\"}]}"); - assertThat(response.status()).isEqualTo(405); + @DataProvider + public static String[] verbs() { + return new String[]{ + "PUT", "DELETE", "HEAD", "PATCH", "CONNECT", "OPTIONS", "TRACE" + }; } @Test - public void method_DELETE_is_not_allowed() { - Request request = new TestRequest().setMethod("DELETE").setPath("api/ping"); + @UseDataProvider("verbs") + public void method_is_not_allowed(String verb) { + Request request = new TestRequest().setMethod(verb).setPath("/api/ping"); DumbResponse response = run(request, newPingWs(a -> { })); - assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"HTTP method DELETE is not allowed\"}]}"); + assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"HTTP method " + verb + " is not allowed\"}]}"); assertThat(response.status()).isEqualTo(405); } @@ -315,7 +311,7 @@ public class WebServiceEngineTest { }))); assertThat(response.stream().outputAsString()).isEqualTo( - "{\"scope\":\"PROJECT\",\"errors\":[{\"msg\":\"Bad request !\"}]}"); + "{\"scope\":\"PROJECT\",\"errors\":[{\"msg\":\"Bad request !\"}]}"); assertThat(response.status()).isEqualTo(400); assertThat(response.mediaType()).isEqualTo(MediaTypes.JSON); assertThat(logTester.logs(LoggerLevel.ERROR)).isEmpty(); @@ -394,7 +390,7 @@ public class WebServiceEngineTest { public void fail_when_start_in_not_called() { Request request = new TestRequest().setPath("/api/ping"); DumbResponse response = new DumbResponse(); - WebServiceEngine underTest = new WebServiceEngine(new WebService[] {newPingWs(a -> { + WebServiceEngine underTest = new WebServiceEngine(new WebService[]{newPingWs(a -> { })}); underTest.execute(request, response); |