SONAR-7732 UserSession throws UnauthorizedException if null

If user is not authorized (bad credentials, not authenticated when force authentication is true, etc.) the UserSession will throw an UnauthorizedException in order for rails to be able to deal with this use case (redirect to login page, render 401 in WS,etc.)

5 files changed, 23 insertions, 6 deletions

diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/java_ws_controller.rb b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/java_ws_controller.rb
index d9a159be64b..cb74a0700b3 100644
--- a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/java_ws_controller.rb
+++ b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/java_ws_controller.rb
@@ -52,6 +52,7 @@ class Api::JavaWsController < Api::ApiController
     (params[:wspath]=='batch' && params[:wsaction]=='index') ||
       (params[:wspath]=='batch' && params[:wsaction]=='file') ||
       (params[:wspath]=='api/system' && params[:wsaction]=='db_migration_status') ||
+      (params[:wspath]=='api/system' && params[:wsaction]=='migrate_db') ||
       (params[:wspath]=='api/system' && params[:wsaction]=='status')
   end
 
diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/application_controller.rb b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/application_controller.rb
index 83b7a6ebff8..b2e07cd7b86 100644
--- a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/application_controller.rb
+++ b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/application_controller.rb
@@ -102,7 +102,11 @@ class ApplicationController < ActionController::Base
   end
 
   def check_authentication
-    access_denied if !current_user && java_facade.getConfigurationValue('sonar.forceAuthentication')=='true'
+    begin
+      current_user
+    rescue Java::OrgSonarServerExceptions::UnauthorizedException => ex
+      access_denied
+    end
   end
 
   # i18n
diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/views/layouts/_head.html.erb b/server/sonar-web/src/main/webapp/WEB-INF/app/views/layouts/_head.html.erb
index 66c5645c688..30673cc211b 100644
--- a/server/sonar-web/src/main/webapp/WEB-INF/app/views/layouts/_head.html.erb
+++ b/server/sonar-web/src/main/webapp/WEB-INF/app/views/layouts/_head.html.erb
@@ -26,9 +26,9 @@
     <%# The two lines below mean that before full removal of Rails, we have to find a way to handle config properties %>
     window.SS = {
       hoursInDay: <%= configuration('sonar.technicalDebt.hoursInDay', 8) %>,
-      user: '<%= escape_javascript current_user.login if current_user -%>',
-      userName: '<%= escape_javascript current_user.name if current_user -%>',
-      userEmail: '<%= escape_javascript current_user.email if current_user -%>',
+      user: '<%= escape_javascript current_user.login if logged_in? -%>',
+      userName: '<%= escape_javascript current_user.name if logged_in? -%>',
+      userEmail: '<%= escape_javascript current_user.email if logged_in? -%>',
       lf: {
         enableGravatar: <%= configuration('sonar.lf.enableGravatar', true) %>,
         gravatarServerUrl: '<%= configuration('sonar.lf.gravatarServerUrl') %>'
diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/views/layouts/_navbar.html.erb b/server/sonar-web/src/main/webapp/WEB-INF/app/views/layouts/_navbar.html.erb
index 88a863b31d4..a99e21339f7 100644
--- a/server/sonar-web/src/main/webapp/WEB-INF/app/views/layouts/_navbar.html.erb
+++ b/server/sonar-web/src/main/webapp/WEB-INF/app/views/layouts/_navbar.html.erb
@@ -18,6 +18,6 @@
     window.sonarqube.space = 'settings';
     <% end %>
 
-    window.SS.isUserAdmin = <%= current_user && is_admin? ? 'true' : 'false' -%>;
+    window.SS.isUserAdmin = <%= logged_in? && is_admin? ? 'true' : 'false' -%>;
   })();
 </script>
diff --git a/server/sonar-web/src/main/webapp/WEB-INF/lib/authenticated_system.rb b/server/sonar-web/src/main/webapp/WEB-INF/lib/authenticated_system.rb
index c9be7f12c8a..83ac2b912c4 100644
--- a/server/sonar-web/src/main/webapp/WEB-INF/lib/authenticated_system.rb
+++ b/server/sonar-web/src/main/webapp/WEB-INF/lib/authenticated_system.rb
@@ -2,11 +2,19 @@ module AuthenticatedSystem
   # Returns true or false if the user is logged in.
   # Preloads @current_user with the user model if they're logged in.
   def logged_in?
-    !!current_user
+    if Java::OrgSonarServerPlatform::Platform.component(Java::OrgSonarServerUser::ThreadLocalUserSession.java_class).hasSession()
+      !!current_user
+    else
+      false
+    end
   end
 
   # Accesses the current user from the session.
   # Future calls avoid the database because nil is not equal to false.
+  #
+  # This method will generate a Java::OrgSonarServerExceptions::UnauthorizedException if user is unauthorized
+  # (bad credentials, not authenticated by force authentication is set to true, etc...)
+  #
   def current_user
     @current_user ||= login_from_java_user_session unless @current_user == false
   end
@@ -118,6 +126,10 @@ module AuthenticatedSystem
   #
 
   # Called from #current_user.  First attempt to login by the user id stored in the session.
+  #
+  # This method will generate a Java::OrgSonarServerExceptions::UnauthorizedException if user is unauthorized
+  # (bad credentials, not authenticated by force authentication is set to true, etc...)
+  #
   def login_from_java_user_session
     userSession = Java::OrgSonarServerPlatform::Platform.component(Java::OrgSonarServerUser::UserSession.java_class)
     user_id = userSession.getUserId() if userSession && userSession.isLoggedIn()