aboutsummaryrefslogtreecommitdiffstats
path: root/server/sonar-webserver-auth/src
diff options
context:
space:
mode:
authorLukasz Jarocki <lukasz.jarocki@sonarsource.com>2022-02-10 07:48:40 +0100
committersonartech <sonartech@sonarsource.com>2022-02-18 15:48:04 +0000
commitb384ebcf1f7228c81c01c61d56ace4eb044c11de (patch)
treec5f71d7b18e448c6af1d880d971a4fd67e737533 /server/sonar-webserver-auth/src
parent90d9a31aa2feb59ce8546fede2721892473ec993 (diff)
downloadsonarqube-b384ebcf1f7228c81c01c61d56ace4eb044c11de.tar.gz
sonarqube-b384ebcf1f7228c81c01c61d56ace4eb044c11de.zip
SONAR-15985 implemented security checks before pushing a message to SL clients
Diffstat (limited to 'server/sonar-webserver-auth/src')
-rw-r--r--server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/SafeModeUserSession.java5
-rw-r--r--server/sonar-webserver-auth/src/main/java/org/sonar/server/user/DoPrivileged.java5
-rw-r--r--server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java5
-rw-r--r--server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java5
-rw-r--r--server/sonar-webserver-auth/src/main/java/org/sonar/server/user/UserSession.java2
-rw-r--r--server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/SafeModeUserSessionTest.java1
-rw-r--r--server/sonar-webserver-auth/src/test/java/org/sonar/server/user/DoPrivilegedTest.java1
-rw-r--r--server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java11
-rw-r--r--server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ThreadLocalUserSessionTest.java1
-rw-r--r--server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/AnonymousMockUserSession.java5
-rw-r--r--server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/MockUserSession.java5
-rw-r--r--server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/UserSessionRule.java5
-rw-r--r--server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/user/TestUserSessionFactory.java5
13 files changed, 56 insertions, 0 deletions
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/SafeModeUserSession.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/SafeModeUserSession.java
index 78601b04878..6864bce8424 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/SafeModeUserSession.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/SafeModeUserSession.java
@@ -108,4 +108,9 @@ public class SafeModeUserSession extends AbstractUserSession {
public boolean isSystemAdministrator() {
return false;
}
+
+ @Override
+ public boolean isActive() {
+ return false;
+ }
}
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/DoPrivileged.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/DoPrivileged.java
index 0e4e8a70aff..0ac01236152 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/DoPrivileged.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/DoPrivileged.java
@@ -142,6 +142,11 @@ public final class DoPrivileged {
return true;
}
+ @Override
+ public boolean isActive() {
+ return true;
+ }
+
}
private void start() {
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java
index 9d51a52211c..b8d9dfa21b5 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java
@@ -342,6 +342,11 @@ public class ServerUserSession extends AbstractUserSession {
return isSystemAdministrator;
}
+ @Override
+ public boolean isActive() {
+ return userDto.isActive();
+ }
+
private boolean loadIsSystemAdministrator() {
if (isRoot()) {
return true;
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java
index 1ae45a0fa90..1d8866c1b16 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java
@@ -174,6 +174,11 @@ public class ThreadLocalUserSession implements UserSession {
}
@Override
+ public boolean isActive() {
+ return get().isActive();
+ }
+
+ @Override
public boolean hasComponentPermission(String permission, ComponentDto component) {
return get().hasComponentPermission(permission, component);
}
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/UserSession.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/UserSession.java
index 116dc6341c0..f10db0d1dfc 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/UserSession.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/UserSession.java
@@ -274,4 +274,6 @@ public interface UserSession {
* otherwise throws {@link org.sonar.server.exceptions.ForbiddenException}.
*/
UserSession checkIsSystemAdministrator();
+
+ boolean isActive();
}
diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/SafeModeUserSessionTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/SafeModeUserSessionTest.java
index ad1cc032f00..0278a2eab3f 100644
--- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/SafeModeUserSessionTest.java
+++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/SafeModeUserSessionTest.java
@@ -37,6 +37,7 @@ public class SafeModeUserSessionTest {
assertThat(underTest.shouldResetPassword()).isFalse();
assertThat(underTest.getName()).isNull();
assertThat(underTest.getGroups()).isEmpty();
+ assertThat(underTest.isActive()).isFalse();
}
@Test
diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/DoPrivilegedTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/DoPrivilegedTest.java
index 9275a3ce5ed..b45fe1547d6 100644
--- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/DoPrivilegedTest.java
+++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/DoPrivilegedTest.java
@@ -51,6 +51,7 @@ public class DoPrivilegedTest {
assertThat(catcher.userSession.hasComponentPermission("any permission", new ComponentDto())).isTrue();
assertThat(catcher.userSession.isSystemAdministrator()).isTrue();
assertThat(catcher.userSession.shouldResetPassword()).isFalse();
+ assertThat(catcher.userSession.isActive()).isTrue();
assertThat(catcher.userSession.hasChildProjectsPermission(USER, new ComponentDto())).isTrue();
assertThat(catcher.userSession.hasPortfolioChildProjectsPermission(USER, new ComponentDto())).isTrue();
diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java
index c43ee7ee538..c3ea59725e7 100644
--- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java
+++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java
@@ -127,6 +127,17 @@ public class ServerUserSessionTest {
}
@Test
+ public void isActive_redirectsValueFromUserDto() {
+ UserDto active = db.users().insertUser();
+ active.setActive(true);
+ assertThat(newUserSession(active).isActive()).isTrue();
+
+ UserDto notActive = db.users().insertUser();
+ notActive.setActive(false);
+ assertThat(newUserSession(notActive).isActive()).isFalse();
+ }
+
+ @Test
public void isRoot_is_false_is_flag_root_is_false_on_UserDto() {
UserDto root = db.users().insertUser();
root = db.users().makeRoot(root);
diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ThreadLocalUserSessionTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ThreadLocalUserSessionTest.java
index c831d7bfe24..4f8a5e463c9 100644
--- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ThreadLocalUserSessionTest.java
+++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ThreadLocalUserSessionTest.java
@@ -69,6 +69,7 @@ public class ThreadLocalUserSessionTest {
assertThat(threadLocalUserSession.getLogin()).isEqualTo("karadoc");
assertThat(threadLocalUserSession.getUuid()).isEqualTo("karadoc-uuid");
assertThat(threadLocalUserSession.isLoggedIn()).isTrue();
+ assertThat(threadLocalUserSession.isActive()).isTrue();
assertThat(threadLocalUserSession.shouldResetPassword()).isTrue();
assertThat(threadLocalUserSession.getGroups()).extracting(GroupDto::getUuid).containsOnly(group.getUuid());
assertThat(threadLocalUserSession.hasChildProjectsPermission(USER, new ComponentDto())).isFalse();
diff --git a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/AnonymousMockUserSession.java b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/AnonymousMockUserSession.java
index b1495fe6f22..704345cf6eb 100644
--- a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/AnonymousMockUserSession.java
+++ b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/AnonymousMockUserSession.java
@@ -36,6 +36,11 @@ public class AnonymousMockUserSession extends AbstractMockUserSession<AnonymousM
}
@Override
+ public boolean isActive() {
+ return false;
+ }
+
+ @Override
public String getLogin() {
return null;
}
diff --git a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/MockUserSession.java b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/MockUserSession.java
index ecc6f906844..b199c30275a 100644
--- a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/MockUserSession.java
+++ b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/MockUserSession.java
@@ -86,6 +86,11 @@ public class MockUserSession extends AbstractMockUserSession<MockUserSession> {
return root;
}
+ @Override
+ public boolean isActive() {
+ return true;
+ }
+
public void setRoot(boolean root) {
this.root = root;
}
diff --git a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/UserSessionRule.java b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/UserSessionRule.java
index c50fdfbb4b0..c8fc0b37f98 100644
--- a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/UserSessionRule.java
+++ b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/UserSessionRule.java
@@ -412,4 +412,9 @@ public class UserSessionRule implements TestRule, UserSession {
currentUserSession.checkIsSystemAdministrator();
return this;
}
+
+ @Override
+ public boolean isActive() {
+ return currentUserSession.isActive();
+ }
}
diff --git a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/user/TestUserSessionFactory.java b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/user/TestUserSessionFactory.java
index 892ed01a0d9..d09d9ea662d 100644
--- a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/user/TestUserSessionFactory.java
+++ b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/user/TestUserSessionFactory.java
@@ -134,6 +134,11 @@ public class TestUserSessionFactory implements UserSessionFactory {
throw notImplemented();
}
+ @Override
+ public boolean isActive() {
+ throw notImplemented();
+ }
+
private static RuntimeException notImplemented() {
return new UnsupportedOperationException("not implemented");
}