aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAntoine Vigneau <antoine.vigneau@sonarsource.com>2024-06-08 11:05:24 +0200
committersonartech <sonartech@sonarsource.com>2024-06-14 20:02:40 +0000
commit03ad2c680af7fe81ab75070fffdf38533ffc4faf (patch)
tree4f5af19bcb2a1c5497523d1473115affd10011fd
parentf3246d7c98801e66523110ceddd237858e63c738 (diff)
downloadsonarqube-03ad2c680af7fe81ab75070fffdf38533ffc4faf.tar.gz
sonarqube-03ad2c680af7fe81ab75070fffdf38533ffc4faf.zip
SONAR-22364 Fix SSF-572 on LTS
-rw-r--r--server/sonar-webserver-webapi/src/main/java/org/sonar/server/setting/ws/SetAction.java19
-rw-r--r--server/sonar-webserver-webapi/src/test/java/org/sonar/server/setting/ws/SetActionTest.java26
2 files changed, 45 insertions, 0 deletions
diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/setting/ws/SetAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/setting/ws/SetAction.java
index 66caf51d5b9..db24bf1629d 100644
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/setting/ws/SetAction.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/setting/ws/SetAction.java
@@ -57,6 +57,7 @@ import org.sonar.server.setting.ws.SettingValidations.SettingData;
import org.sonar.server.user.UserSession;
import static com.google.common.base.Preconditions.checkArgument;
+import static java.lang.String.format;
import static org.sonar.server.exceptions.BadRequestException.checkRequest;
import static org.sonar.server.setting.ws.SettingsWsParameters.PARAM_COMPONENT;
import static org.sonar.server.setting.ws.SettingsWsParameters.PARAM_FIELD_VALUES;
@@ -69,6 +70,9 @@ public class SetAction implements SettingsWsAction {
private static final Collector<CharSequence, ?, String> COMMA_JOINER = Collectors.joining(",");
private static final String MSG_NO_EMPTY_VALUE = "A non empty value must be provided";
private static final int VALUE_MAXIMUM_LENGTH = 4000;
+ static final Map<String, String> KEY_CONSTRAINTS = Map.of(
+ "sonar.auth.gitlab.url", "sonar.auth.gitlab.secret.secured"
+ );
private final PropertyDefinitions propertyDefinitions;
private final DbClient dbClient;
@@ -136,12 +140,27 @@ public class SetAction implements SettingsWsAction {
public void handle(Request request, Response response) throws Exception {
try (DbSession dbSession = dbClient.openSession(false)) {
SetRequest wsRequest = toWsRequest(request);
+ throwIfUnmatchedConstraintOnGlobalKey(wsRequest.getKey());
SettingsWsSupport.validateKey(wsRequest.getKey());
doHandle(dbSession, wsRequest);
}
response.noContent();
}
+ private void throwIfUnmatchedConstraintOnGlobalKey(String key) {
+ if (KEY_CONSTRAINTS.containsKey(key)) {
+ String keyConstrained = KEY_CONSTRAINTS.get(key);
+ checkRequest(!isGlobalKeySet(keyConstrained), format("Setting '%s' must be empty to set '%s'", keyConstrained, key));
+ }
+ }
+
+ private boolean isGlobalKeySet(String keyConstrained) {
+ try (DbSession dbSession = dbClient.openSession(false)) {
+ PropertyDto propertyDto = dbClient.propertiesDao().selectGlobalProperty(dbSession, keyConstrained);
+ return propertyDto != null && !StringUtils.isBlank(propertyDto.getValue());
+ }
+ }
+
private void doHandle(DbSession dbSession, SetRequest request) {
Optional<ComponentDto> component = searchComponent(dbSession, request);
String projectKey = component.isPresent() ? component.get().getKey() : null;
diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/setting/ws/SetActionTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/setting/ws/SetActionTest.java
index 3e9ecf1cad8..1cf965a2fc3 100644
--- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/setting/ws/SetActionTest.java
+++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/setting/ws/SetActionTest.java
@@ -1191,6 +1191,26 @@ public class SetActionTest {
}
@Test
+ public void fail_when_key_constraints_are_not_met() {
+ propertyDb.insertProperty(newGlobalPropertyDto("sonar.auth.gitlab.secret.secured", "secret"), null, null, null, null);
+
+ assertThatThrownBy(() -> {
+ callForGlobalSetting("sonar.auth.gitlab.url", "http://new.url");
+ })
+ .isInstanceOf(BadRequestException.class)
+ .hasMessage("Setting 'sonar.auth.gitlab.secret.secured' must be empty to set 'sonar.auth.gitlab.url'");
+ }
+
+ @Test
+ public void succeed_when_key_constraints_are_met() {
+ assertGlobalSettingIsNotSet("sonar.auth.gitlab.secret.secured");
+
+ callForGlobalSetting("sonar.auth.gitlab.url", "http://new.url");
+
+ assertGlobalSetting("sonar.auth.gitlab.url", "http://new.url");
+ }
+
+ @Test
public void definition() {
WebService.Action definition = ws.getDef();
@@ -1210,6 +1230,12 @@ public class SetActionTest {
.containsExactly(key, value, null);
}
+ private void assertGlobalSettingIsNotSet(String key) {
+ PropertyDto result = dbClient.propertiesDao().selectGlobalProperty(key);
+
+ assertThat(result).isNull();
+ }
+
private void assertUserSetting(String key, String value, String userUuid) {
List<PropertyDto> result = dbClient.propertiesDao().selectByQuery(PropertyQuery.builder().setKey(key).setUserUuid(userUuid).build(), dbSession);