diff options
| author | Pierre <pierre.guillot@sonarsource.com> | 2021-11-12 10:39:19 +0100 |
|---|---|---|
| committer | sonartech <sonartech@sonarsource.com> | 2021-11-15 20:04:34 +0000 |
| commit | 36f0e6075ebfb3c58c5bc26cfb91460a061201d1 (patch) | |
| tree | c39327c9169b045eb0c6ec41af8022df906209b9 /server/sonar-webserver-auth | |
| parent | 29b7cf350cd0235475e1c09182ab905e4303b442 (diff) | |
| download | sonarqube-36f0e6075ebfb3c58c5bc26cfb91460a061201d1.tar.gz sonarqube-36f0e6075ebfb3c58c5bc26cfb91460a061201d1.zip | |
SONAR-13426 accept tokens on api/project_badges/measure and quality_gate endpoints, including with force auth enabled
Diffstat (limited to 'server/sonar-webserver-auth')
2 files changed, 7 insertions, 4 deletions
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java index 6f8cc31b90f..205b669eb99 100644 --- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java +++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java @@ -50,14 +50,15 @@ public class UserSessionInitializer { private static final String ACCESS_LOG_LOGIN = "LOGIN"; // SONAR-6546 these urls should be get from WebService - private static final Set<String> SKIPPED_URLS = ImmutableSet.of( + private static final Set<String> SKIPPED_URLS = Set.of( "/batch/index", "/batch/file", "/maintenance/*", "/setup/*", "/sessions/*", "/oauth2/callback/*", "/api/system/db_migration_status", "/api/system/status", "/api/system/migrate_db", "/api/server/version", "/api/users/identity_providers", "/api/l10n/index", - "/api/authentication/login", "/api/authentication/logout", "/api/authentication/validate"); + "/api/authentication/login", "/api/authentication/logout", "/api/authentication/validate", + "/api/project_badges/measure", "/api/project_badges/quality_gate"); private static final Set<String> URL_USING_PASSCODE = ImmutableSet.of( "/api/ce/info", "/api/ce/pause", "/api/ce/resume", "/api/system/health", "/api/system/analytics", "/api/system/migrate_es"); diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/UserSessionInitializerTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/UserSessionInitializerTest.java index 74a87664bdf..df26d723052 100644 --- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/UserSessionInitializerTest.java +++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/UserSessionInitializerTest.java @@ -32,7 +32,6 @@ import org.sonar.api.utils.System2; import org.sonar.db.DbTester; import org.sonar.server.authentication.event.AuthenticationEvent; import org.sonar.server.authentication.event.AuthenticationEvent.Method; -import org.sonar.server.authentication.event.AuthenticationEvent.Provider; import org.sonar.server.authentication.event.AuthenticationEvent.Source; import org.sonar.server.authentication.event.AuthenticationException; import org.sonar.server.tester.AnonymousMockUserSession; @@ -42,7 +41,6 @@ import org.sonar.server.user.UserSession; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.ArgumentMatchers.eq; -import static org.mockito.ArgumentMatchers.isNull; import static org.mockito.Mockito.doThrow; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.reset; @@ -96,6 +94,10 @@ public class UserSessionInitializerTest { assertPathIsIgnored("/api/users/identity_providers"); assertPathIsIgnored("/api/l10n/index"); + // exclude project_badge url, as they can be auth. by a token as queryparam + assertPathIsIgnored("/api/project_badges/measure"); + assertPathIsIgnored("/api/project_badges/quality_gate"); + // exlude passcode urls assertPathIsIgnoredWithAnonymousAccess("/api/ce/info"); assertPathIsIgnoredWithAnonymousAccess("/api/ce/pause"); |