SONAR-10222 Fail when searching member organizations and unauthenticated

author: Guillaume Jambet <guillaume.jambet@sonarsource.com> 2018-01-05 15:12:31 +0100
committer: Stas Vilchik <stas.vilchik@sonarsource.com> 2018-03-14 09:20:28 +0100
commit: ad9dd01e97b800714e76baa9a31e80db7ecc1c90 (patch)
tree: f13963072b08b517d4751bc0a936d840c3ad7db2 /server/sonar-server
parent: ea3457eed7977b7660716a6f76e23b87b0b3e05f (diff)
download: sonarqube-ad9dd01e97b800714e76baa9a31e80db7ecc1c90.tar.gz
sonarqube-ad9dd01e97b800714e76baa9a31e80db7ecc1c90.zip
2 files changed, 21 insertions, 0 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchAction.java b/server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchAction.java
index 2b454da4f4d..6e939c99bfa 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchAction.java
@@ -88,6 +88,11 @@ public class SearchAction implements OrganizationsWsAction {
 
   @Override
   public void handle(Request request, Response response) throws Exception {
+    boolean isMember = request.mandatoryParamAsBoolean(PARAM_MEMBER);
+    if (isMember){
+      userSession.checkLoggedIn();
+    }
+
     try (DbSession dbSession = dbClient.openSession(false)) {
       OrganizationQuery dbQuery = buildDbQuery(request);
       int total = dbClient.organizationDao().countByQuery(dbSession, dbQuery);
diff --git a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchActionTest.java
index 945b3159ee1..4294078260c 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchActionTest.java
@@ -34,6 +34,7 @@ import org.sonar.db.DbTester;
 import org.sonar.db.organization.OrganizationDto;
 import org.sonar.db.user.GroupDto;
 import org.sonar.db.user.UserDto;
+import org.sonar.server.exceptions.UnauthorizedException;
 import org.sonar.server.organization.OrganizationValidationImpl;
 import org.sonar.server.tester.UserSessionRule;
 import org.sonar.server.ws.TestRequest;
@@ -290,6 +291,21 @@ public class SearchActionTest {
       .doesNotContain(organizationWithoutMember.getKey());
   }
 
+  @Test
+  public void fail_if_member_is_set_to_true_but_user_is_not_authenticated(){
+    UserDto user = db.users().insertUser();
+    OrganizationDto organization = db.organizations().insert();
+    db.organizations().addMember(organization, user);
+
+    userSession.anonymous();
+
+    expectedException.expect(UnauthorizedException.class);
+    expectedException.expectMessage("Authentication is required");
+
+    call(ws.newRequest().setParam(PARAM_MEMBER, String.valueOf(true)));
+  }
+
+
   private List<Organization> executeRequestAndReturnList(@Nullable Integer page, @Nullable Integer pageSize, String... keys) {
     return call(page, pageSize, keys).getOrganizationsList();
   }
author	Guillaume Jambet <guillaume.jambet@sonarsource.com>	2018-01-05 15:12:31 +0100
committer	Stas Vilchik <stas.vilchik@sonarsource.com>	2018-03-14 09:20:28 +0100
commit	ad9dd01e97b800714e76baa9a31e80db7ecc1c90 (patch)
tree	f13963072b08b517d4751bc0a936d840c3ad7db2 /server/sonar-server
parent	ea3457eed7977b7660716a6f76e23b87b0b3e05f (diff)
download	sonarqube-ad9dd01e97b800714e76baa9a31e80db7ecc1c90.tar.gz sonarqube-ad9dd01e97b800714e76baa9a31e80db7ecc1c90.zip