diff options
author | Lukasz Jarocki <lukasz.jarocki@sonarsource.com> | 2022-02-10 07:48:40 +0100 |
---|---|---|
committer | sonartech <sonartech@sonarsource.com> | 2022-02-18 15:48:04 +0000 |
commit | b384ebcf1f7228c81c01c61d56ace4eb044c11de (patch) | |
tree | c5f71d7b18e448c6af1d880d971a4fd67e737533 /server/sonar-webserver-auth/src | |
parent | 90d9a31aa2feb59ce8546fede2721892473ec993 (diff) | |
download | sonarqube-b384ebcf1f7228c81c01c61d56ace4eb044c11de.tar.gz sonarqube-b384ebcf1f7228c81c01c61d56ace4eb044c11de.zip |
SONAR-15985 implemented security checks before pushing a message to SL clients
Diffstat (limited to 'server/sonar-webserver-auth/src')
13 files changed, 56 insertions, 0 deletions
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/SafeModeUserSession.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/SafeModeUserSession.java index 78601b04878..6864bce8424 100644 --- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/SafeModeUserSession.java +++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/SafeModeUserSession.java @@ -108,4 +108,9 @@ public class SafeModeUserSession extends AbstractUserSession { public boolean isSystemAdministrator() { return false; } + + @Override + public boolean isActive() { + return false; + } } diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/DoPrivileged.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/DoPrivileged.java index 0e4e8a70aff..0ac01236152 100644 --- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/DoPrivileged.java +++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/DoPrivileged.java @@ -142,6 +142,11 @@ public final class DoPrivileged { return true; } + @Override + public boolean isActive() { + return true; + } + } private void start() { diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java index 9d51a52211c..b8d9dfa21b5 100644 --- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java +++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java @@ -342,6 +342,11 @@ public class ServerUserSession extends AbstractUserSession { return isSystemAdministrator; } + @Override + public boolean isActive() { + return userDto.isActive(); + } + private boolean loadIsSystemAdministrator() { if (isRoot()) { return true; diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java index 1ae45a0fa90..1d8866c1b16 100644 --- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java +++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java @@ -174,6 +174,11 @@ public class ThreadLocalUserSession implements UserSession { } @Override + public boolean isActive() { + return get().isActive(); + } + + @Override public boolean hasComponentPermission(String permission, ComponentDto component) { return get().hasComponentPermission(permission, component); } diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/UserSession.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/UserSession.java index 116dc6341c0..f10db0d1dfc 100644 --- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/UserSession.java +++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/UserSession.java @@ -274,4 +274,6 @@ public interface UserSession { * otherwise throws {@link org.sonar.server.exceptions.ForbiddenException}. */ UserSession checkIsSystemAdministrator(); + + boolean isActive(); } diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/SafeModeUserSessionTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/SafeModeUserSessionTest.java index ad1cc032f00..0278a2eab3f 100644 --- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/SafeModeUserSessionTest.java +++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/SafeModeUserSessionTest.java @@ -37,6 +37,7 @@ public class SafeModeUserSessionTest { assertThat(underTest.shouldResetPassword()).isFalse(); assertThat(underTest.getName()).isNull(); assertThat(underTest.getGroups()).isEmpty(); + assertThat(underTest.isActive()).isFalse(); } @Test diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/DoPrivilegedTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/DoPrivilegedTest.java index 9275a3ce5ed..b45fe1547d6 100644 --- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/DoPrivilegedTest.java +++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/DoPrivilegedTest.java @@ -51,6 +51,7 @@ public class DoPrivilegedTest { assertThat(catcher.userSession.hasComponentPermission("any permission", new ComponentDto())).isTrue(); assertThat(catcher.userSession.isSystemAdministrator()).isTrue(); assertThat(catcher.userSession.shouldResetPassword()).isFalse(); + assertThat(catcher.userSession.isActive()).isTrue(); assertThat(catcher.userSession.hasChildProjectsPermission(USER, new ComponentDto())).isTrue(); assertThat(catcher.userSession.hasPortfolioChildProjectsPermission(USER, new ComponentDto())).isTrue(); diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java index c43ee7ee538..c3ea59725e7 100644 --- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java +++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java @@ -127,6 +127,17 @@ public class ServerUserSessionTest { } @Test + public void isActive_redirectsValueFromUserDto() { + UserDto active = db.users().insertUser(); + active.setActive(true); + assertThat(newUserSession(active).isActive()).isTrue(); + + UserDto notActive = db.users().insertUser(); + notActive.setActive(false); + assertThat(newUserSession(notActive).isActive()).isFalse(); + } + + @Test public void isRoot_is_false_is_flag_root_is_false_on_UserDto() { UserDto root = db.users().insertUser(); root = db.users().makeRoot(root); diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ThreadLocalUserSessionTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ThreadLocalUserSessionTest.java index c831d7bfe24..4f8a5e463c9 100644 --- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ThreadLocalUserSessionTest.java +++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ThreadLocalUserSessionTest.java @@ -69,6 +69,7 @@ public class ThreadLocalUserSessionTest { assertThat(threadLocalUserSession.getLogin()).isEqualTo("karadoc"); assertThat(threadLocalUserSession.getUuid()).isEqualTo("karadoc-uuid"); assertThat(threadLocalUserSession.isLoggedIn()).isTrue(); + assertThat(threadLocalUserSession.isActive()).isTrue(); assertThat(threadLocalUserSession.shouldResetPassword()).isTrue(); assertThat(threadLocalUserSession.getGroups()).extracting(GroupDto::getUuid).containsOnly(group.getUuid()); assertThat(threadLocalUserSession.hasChildProjectsPermission(USER, new ComponentDto())).isFalse(); diff --git a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/AnonymousMockUserSession.java b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/AnonymousMockUserSession.java index b1495fe6f22..704345cf6eb 100644 --- a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/AnonymousMockUserSession.java +++ b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/AnonymousMockUserSession.java @@ -36,6 +36,11 @@ public class AnonymousMockUserSession extends AbstractMockUserSession<AnonymousM } @Override + public boolean isActive() { + return false; + } + + @Override public String getLogin() { return null; } diff --git a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/MockUserSession.java b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/MockUserSession.java index ecc6f906844..b199c30275a 100644 --- a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/MockUserSession.java +++ b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/MockUserSession.java @@ -86,6 +86,11 @@ public class MockUserSession extends AbstractMockUserSession<MockUserSession> { return root; } + @Override + public boolean isActive() { + return true; + } + public void setRoot(boolean root) { this.root = root; } diff --git a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/UserSessionRule.java b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/UserSessionRule.java index c50fdfbb4b0..c8fc0b37f98 100644 --- a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/UserSessionRule.java +++ b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/UserSessionRule.java @@ -412,4 +412,9 @@ public class UserSessionRule implements TestRule, UserSession { currentUserSession.checkIsSystemAdministrator(); return this; } + + @Override + public boolean isActive() { + return currentUserSession.isActive(); + } } diff --git a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/user/TestUserSessionFactory.java b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/user/TestUserSessionFactory.java index 892ed01a0d9..d09d9ea662d 100644 --- a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/user/TestUserSessionFactory.java +++ b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/user/TestUserSessionFactory.java @@ -134,6 +134,11 @@ public class TestUserSessionFactory implements UserSessionFactory { throw notImplemented(); } + @Override + public boolean isActive() { + throw notImplemented(); + } + private static RuntimeException notImplemented() { return new UnsupportedOperationException("not implemented"); } |