diff options
| author | Aurelien Poscia <aurelien.poscia@sonarsource.com> | 2022-08-08 16:03:28 +0200 |
|---|---|---|
| committer | sonartech <sonartech@sonarsource.com> | 2022-08-10 20:03:08 +0000 |
| commit | a5d505ac9b71b401691f452c69a994495c09cedb (patch) | |
| tree | 39721a0a1bc515ad6e3e6bf505213e5a2d46ad48 /server/sonar-webserver-auth | |
| parent | 3a1cbb57ea9e240d804c5208a7e0dbc49cd5d0ab (diff) | |
| download | sonarqube-a5d505ac9b71b401691f452c69a994495c09cedb.tar.gz sonarqube-a5d505ac9b71b401691f452c69a994495c09cedb.zip | |
SONAR-17156 add unique index on project_uuid of project_badge_token and clean-up duplicates
Diffstat (limited to 'server/sonar-webserver-auth')
3 files changed, 23 insertions, 4 deletions
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/usertoken/TokenGenerator.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/usertoken/TokenGenerator.java index 1df9e1f8dad..4755c77ca94 100644 --- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/usertoken/TokenGenerator.java +++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/usertoken/TokenGenerator.java @@ -39,6 +39,8 @@ public interface TokenGenerator { */ String generate(TokenType tokenType); + String generateProjectBadgeToken(); + /** * Hash a token.<br/> * Underlying algorithm, format and max length are diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/usertoken/TokenGeneratorImpl.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/usertoken/TokenGeneratorImpl.java index fee313bd1f0..1b9b88bc85c 100644 --- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/usertoken/TokenGeneratorImpl.java +++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/usertoken/TokenGeneratorImpl.java @@ -30,10 +30,8 @@ public class TokenGeneratorImpl implements TokenGenerator { @Override public String generate(TokenType tokenType) { - SecureRandom random = new SecureRandom(); - byte[] randomBytes = new byte[20]; - random.nextBytes(randomBytes); - return buildIdentifiablePartOfToken(tokenType) + Hex.encodeHexString(randomBytes); + String rawToken = generateRawToken(); + return buildIdentifiablePartOfToken(tokenType) + rawToken; } private static String buildIdentifiablePartOfToken(TokenType tokenType) { @@ -41,6 +39,18 @@ public class TokenGeneratorImpl implements TokenGenerator { } @Override + public String generateProjectBadgeToken() { + return generateRawToken(); + } + + private static String generateRawToken() { + SecureRandom random = new SecureRandom(); + byte[] randomBytes = new byte[20]; + random.nextBytes(randomBytes); + return Hex.encodeHexString(randomBytes); + } + + @Override public String hash(String token) { return DigestUtils.sha384Hex(token); } diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/usertoken/TokenGeneratorImplTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/usertoken/TokenGeneratorImplTest.java index 08a20be69b2..f89fc05f8a1 100644 --- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/usertoken/TokenGeneratorImplTest.java +++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/usertoken/TokenGeneratorImplTest.java @@ -61,6 +61,13 @@ public class TokenGeneratorImplTest { } @Test + public void generateProjectBadgeToken_nullToken_shouldNotHavePrefix() { + String token = underTest.generateProjectBadgeToken(); + + assertThat(token).matches(".{40}"); + } + + @Test public void token_does_not_contain_colon() { assertThat(underTest.generate(TokenType.USER_TOKEN)).doesNotContain(":"); } |