aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukasz Jarocki <lukasz.jarocki@sonarsource.com>2023-06-27 11:47:17 +0200
committersonartech <sonartech@sonarsource.com>2023-07-03 20:03:25 +0000
commit7101b666dc952fce6dedece3a515d495adfdc84c (patch)
treefcb83e88d47ae51c68f8c9a94c2537442fdba777
parent7a56d38032d02e024fd0a51ae641025c32c45b2a (diff)
downloadsonarqube-7101b666dc952fce6dedece3a515d495adfdc84c.tar.gz
sonarqube-7101b666dc952fce6dedece3a515d495adfdc84c.zip
SONAR-19580 fixed an issue with project badges for private applications
-rw-r--r--server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/ProjectBadgesWs.java2
-rw-r--r--server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/TokenAction.java11
-rw-r--r--server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/TokenRenewAction.java14
-rw-r--r--server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/TokenActionTest.java12
-rw-r--r--server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/TokenRenewActionTest.java14
5 files changed, 46 insertions, 7 deletions
diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/ProjectBadgesWs.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/ProjectBadgesWs.java
index 146d1794608..2f0b68bcb53 100644
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/ProjectBadgesWs.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/ProjectBadgesWs.java
@@ -24,6 +24,8 @@ import org.sonar.api.server.ws.WebService;
public class ProjectBadgesWs implements WebService {
+ static final String PROJECT_OR_APP_NOT_FOUND = "Project or Application not found";
+
private final List<ProjectBadgesWsAction> actions;
public ProjectBadgesWs(List<ProjectBadgesWsAction> actions) {
diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/TokenAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/TokenAction.java
index 0d83e52cc1a..910979e4011 100644
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/TokenAction.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/TokenAction.java
@@ -20,6 +20,7 @@
package org.sonar.server.badge.ws;
import com.google.common.io.Resources;
+import org.sonar.api.server.ws.Change;
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
@@ -34,6 +35,8 @@ import org.sonar.server.user.UserSession;
import org.sonar.server.usertoken.TokenGenerator;
import org.sonarqube.ws.ProjectBadgeToken.TokenWsResponse;
+import static java.lang.String.format;
+import static org.sonar.server.badge.ws.ProjectBadgesWs.PROJECT_OR_APP_NOT_FOUND;
import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001;
import static org.sonar.server.ws.WsUtils.writeProtobuf;
@@ -55,9 +58,10 @@ public class TokenAction implements ProjectBadgesWsAction {
NewAction action = controller.createAction("token")
.setHandler(this)
.setSince("9.2")
- .setDescription("Retrieve a token to use for project badge access for private projects.<br/>" +
+ .setChangelog(new Change("9.9", format("Application key can be used for %s parameter.", PROJECT_KEY_PARAM)))
+ .setDescription("Retrieve a token to use for project or application badge access for private projects or applications.<br/>" +
"This token can be used to authenticate with api/project_badges/quality_gate and api/project_badges/measure endpoints.<br/>" +
- "Requires 'Browse' permission on the specified project.")
+ "Requires 'Browse' permission on the specified project or application.")
.setResponseExample(Resources.getResource(getClass(), "token-example.json"));
action.createParam(PROJECT_KEY_PARAM)
.setDescription("Project or application key")
@@ -75,7 +79,8 @@ public class TokenAction implements ProjectBadgesWsAction {
try (DbSession dbSession = dbClient.openSession(false)) {
String projectKey = request.mandatoryParam(PROJECT_KEY_PARAM);
- ProjectDto projectDto = dbClient.projectDao().selectProjectByKey(dbSession, projectKey).orElseThrow(() -> new IllegalArgumentException("project not found"));
+ ProjectDto projectDto = dbClient.projectDao().selectProjectOrAppByKey(dbSession, projectKey)
+ .orElseThrow(() -> new IllegalArgumentException(PROJECT_OR_APP_NOT_FOUND));
userSession.checkProjectPermission(UserRole.USER, projectDto);
ProjectBadgeTokenDto projectBadgeTokenDto = dbClient.projectBadgeTokenDao().selectTokenByProject(dbSession, projectDto);
diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/TokenRenewAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/TokenRenewAction.java
index a79f479c471..7c751010f75 100644
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/TokenRenewAction.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/TokenRenewAction.java
@@ -19,6 +19,7 @@
*/
package org.sonar.server.badge.ws;
+import org.sonar.api.server.ws.Change;
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
@@ -31,6 +32,8 @@ import org.sonar.db.user.TokenType;
import org.sonar.server.user.UserSession;
import org.sonar.server.usertoken.TokenGenerator;
+import static java.lang.String.format;
+import static org.sonar.server.badge.ws.ProjectBadgesWs.PROJECT_OR_APP_NOT_FOUND;
import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001;
public class TokenRenewAction implements ProjectBadgesWsAction {
@@ -52,11 +55,13 @@ public class TokenRenewAction implements ProjectBadgesWsAction {
.setHandler(this)
.setSince("9.2")
.setPost(true)
- .setDescription("Creates new token replacing any existing token for project badge access for private projects.<br/>" +
+ .setChangelog(new Change("9.9", format("Application key can be used for %s parameter.", PROJECT_KEY_PARAM)))
+ .setDescription("Creates new token replacing any existing token for project or application badge access for private projects and " +
+ "applications.<br/>" +
"This token can be used to authenticate with api/project_badges/quality_gate and api/project_badges/measure endpoints.<br/>" +
- "Requires 'Administer' permission on the specified project.");
+ "Requires 'Administer' permission on the specified project or application.");
action.createParam(PROJECT_KEY_PARAM)
- .setDescription("Project key")
+ .setDescription("Project or application key")
.setRequired(true)
.setExampleValue(KEY_PROJECT_EXAMPLE_001);
}
@@ -71,7 +76,8 @@ public class TokenRenewAction implements ProjectBadgesWsAction {
try (DbSession dbSession = dbClient.openSession(false)) {
String projectKey = request.mandatoryParam(PROJECT_KEY_PARAM);
- ProjectDto projectDto = dbClient.projectDao().selectProjectByKey(dbSession, projectKey).orElseThrow(() -> new IllegalArgumentException("project not found"));
+ ProjectDto projectDto = dbClient.projectDao().selectProjectOrAppByKey(dbSession, projectKey)
+ .orElseThrow(() -> new IllegalArgumentException(PROJECT_OR_APP_NOT_FOUND));
userSession.checkProjectPermission(UserRole.ADMIN, projectDto);
String newGeneratedToken = tokenGenerator.generate(TokenType.PROJECT_BADGE_TOKEN);
dbClient.projectBadgeTokenDao().upsert(dbSession, newGeneratedToken, projectDto, userSession.getUuid(), userSession.getLogin());
diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/TokenActionTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/TokenActionTest.java
index 701e7db0e27..e8b606e7c44 100644
--- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/TokenActionTest.java
+++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/TokenActionTest.java
@@ -82,6 +82,18 @@ public class TokenActionTest {
}
@Test
+ public void handle_whenApplicationKeyPassed_shouldReturnToken() {
+ ComponentDto application = db.components().insertPrivateApplication();
+ userSession.logIn().addProjectPermission(UserRole.USER, application);
+ when(tokenGenerator.generate(TokenType.PROJECT_BADGE_TOKEN)).thenReturn("generated_token");
+
+ TestResponse response = ws.newRequest().setParam("project", application.getKey()).execute();
+
+ response.assertJson("{\"token\":\"generated_token\"}");
+ }
+
+
+ @Test
public void should_reuse_generated_token() {
ComponentDto project = db.components().insertPrivateProject();
userSession.logIn().addProjectPermission(UserRole.USER, project);
diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/TokenRenewActionTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/TokenRenewActionTest.java
index 55eb86bb59a..1fa68c50260 100644
--- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/TokenRenewActionTest.java
+++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/TokenRenewActionTest.java
@@ -98,6 +98,20 @@ public class TokenRenewActionTest {
}
@Test
+ public void handle_whenApplicationKeyPassed_shouldAddTokenAndReturn204() {
+ ProjectDto application = db.components().insertPrivateApplicationDto();
+ userSession.logIn().addProjectPermission(UserRole.ADMIN, application);
+ when(tokenGenerator.generate(TokenType.PROJECT_BADGE_TOKEN)).thenReturn("generated_token");
+
+ TestResponse response = ws.newRequest().setParam("project", application.getKey()).execute();
+
+ ProjectBadgeTokenDto projectBadgeTokenDto = db.getDbClient().projectBadgeTokenDao().selectTokenByProject(db.getSession(), application);
+ assertThat(projectBadgeTokenDto).isNotNull();
+ assertThat(projectBadgeTokenDto.getToken()).isEqualTo("generated_token");
+ response.assertNoContent();
+ }
+
+ @Test
public void should_replace_existing_token_when__token_already_present_and_update_update_at() {
ProjectDto project = db.components().insertPrivateProjectDto();
userSession.logIn().addProjectPermission(UserRole.ADMIN, project);