SONAR-14159 enforce user authentication by default

author: Jacek <jacek.poreda@sonarsource.com> 2020-11-18 10:08:33 +0100
committer: sonartech <sonartech@sonarsource.com> 2020-11-26 20:06:29 +0000
commit: 6e18f97ab530ffc932b1b2a2888e31e112b4be96 (patch)
tree: c6a84fec314040d252d1b12725fa6ac8996a1566 /server/sonar-webserver-webapi/src
parent: 6424be5625e272f415067c9cd39af5fa07689c9a (diff)
download: sonarqube-6e18f97ab530ffc932b1b2a2888e31e112b4be96.tar.gz
sonarqube-6e18f97ab530ffc932b1b2a2888e31e112b4be96.zip
2 files changed, 13 insertions, 1 deletions
diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/authentication/ws/ValidateAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/authentication/ws/ValidateAction.java
index e967996175c..061510b86e2 100644
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/authentication/ws/ValidateAction.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/authentication/ws/ValidateAction.java
@@ -39,6 +39,7 @@ import org.sonar.server.authentication.event.AuthenticationException;
 import org.sonar.server.ws.ServletFilterHandler;
 import org.sonarqube.ws.MediaTypes;
 
+import static org.sonar.api.CoreProperties.CORE_FORCE_AUTHENTICATION_DEFAULT_VALUE;
 import static org.sonar.api.CoreProperties.CORE_FORCE_AUTHENTICATION_PROPERTY;
 import static org.sonar.server.authentication.ws.AuthenticationWs.AUTHENTICATION_CONTROLLER;
 
@@ -96,7 +97,7 @@ public class ValidateAction extends ServletFilter implements AuthenticationWsAct
       if (user.isPresent()) {
         return true;
       }
-      return !config.getBoolean(CORE_FORCE_AUTHENTICATION_PROPERTY).orElse(false);
+      return !config.getBoolean(CORE_FORCE_AUTHENTICATION_PROPERTY).orElse(CORE_FORCE_AUTHENTICATION_DEFAULT_VALUE);
     } catch (AuthenticationException e) {
       return false;
     }
diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/authentication/ws/ValidateActionTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/authentication/ws/ValidateActionTest.java
index 368b518095d..fedb5224bd2 100644
--- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/authentication/ws/ValidateActionTest.java
+++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/authentication/ws/ValidateActionTest.java
@@ -126,6 +126,17 @@ public class ValidateActionTest {
   }
 
   @Test
+  public void return_false_when_no_jwt_nor_basic_auth_and_force_authentication_fallback_to_default() throws Exception {
+    when(jwtHttpHandler.validateToken(request, response)).thenReturn(Optional.empty());
+    when(basicAuthentication.authenticate(request)).thenReturn(Optional.empty());
+
+    underTest.doFilter(request, response, chain);
+
+    verify(response).setContentType(MediaTypes.JSON);
+    JsonAssert.assertJson(stringWriter.toString()).isSimilarTo("{\"valid\":false}");
+  }
+
+  @Test
   public void return_false_when_jwt_throws_unauthorized_exception() throws Exception {
     doThrow(AuthenticationException.class).when(jwtHttpHandler).validateToken(request, response);
     when(basicAuthentication.authenticate(request)).thenReturn(Optional.empty());
author	Jacek <jacek.poreda@sonarsource.com>	2020-11-18 10:08:33 +0100
committer	sonartech <sonartech@sonarsource.com>	2020-11-26 20:06:29 +0000
commit	6e18f97ab530ffc932b1b2a2888e31e112b4be96 (patch)
tree	c6a84fec314040d252d1b12725fa6ac8996a1566 /server/sonar-webserver-webapi/src
parent	6424be5625e272f415067c9cd39af5fa07689c9a (diff)
download	sonarqube-6e18f97ab530ffc932b1b2a2888e31e112b4be96.tar.gz sonarqube-6e18f97ab530ffc932b1b2a2888e31e112b4be96.zip