diff options
author | Antoine Vigneau <antoine.vigneau@sonarsource.com> | 2024-03-19 11:58:22 +0100 |
---|---|---|
committer | sonartech <sonartech@sonarsource.com> | 2024-03-20 20:02:43 +0000 |
commit | 0ae8d1634c2369bc24e71d2f46e6193c0db5caa4 (patch) | |
tree | 9c03df0836c89351405f20018ac5f5aff337f791 /server/sonar-webserver-webapi | |
parent | 4eec8f1729f8566b9c553d17b09801ba15cccc36 (diff) | |
download | sonarqube-0ae8d1634c2369bc24e71d2f46e6193c0db5caa4.tar.gz sonarqube-0ae8d1634c2369bc24e71d2f46e6193c0db5caa4.zip |
SONAR-21879 Fix SSF-568
Diffstat (limited to 'server/sonar-webserver-webapi')
3 files changed, 34 insertions, 5 deletions
diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/AlmSettingsSupport.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/AlmSettingsSupport.java index df9d6287c38..e10272d2612 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/AlmSettingsSupport.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/AlmSettingsSupport.java @@ -117,8 +117,16 @@ public class AlmSettingsSupport { } public void checkPrivateKeyOnUrlUpdate(AlmSettingDto almSettingDto, String url, @Nullable String privateKey) { - if (!url.equals(almSettingDto.getUrl()) && isEmpty(privateKey)) { - throw new IllegalArgumentException("Please provide the Private Key to update the URL."); + checkCredentialArtifactOnUrlUpdate(url, almSettingDto, privateKey, "Please provide the Private Key to update the URL."); + } + + public void checkPatOnUrlUpdate(AlmSettingDto almSettingDto, String url, @Nullable String pat) { + checkCredentialArtifactOnUrlUpdate(url, almSettingDto, pat, "Please provide the Personal Access Token to update the URL."); + } + + private static void checkCredentialArtifactOnUrlUpdate(String url, AlmSettingDto almSettingDto, @Nullable String credentialArtifact, String errorMessage) { + if (!url.equals(almSettingDto.getUrl()) && isEmpty(credentialArtifact)) { + throw new IllegalArgumentException(errorMessage); } } } diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/UpdateBitbucketAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/UpdateBitbucketAction.java index fc2bc34beab..24e17c187f0 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/UpdateBitbucketAction.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/UpdateBitbucketAction.java @@ -85,7 +85,6 @@ public class UpdateBitbucketAction implements AlmSettingsWsAction { private void doHandle(Request request) { String key = request.mandatoryParam(PARAM_KEY); String newKey = request.param(PARAM_NEW_KEY); - String url = request.mandatoryParam(PARAM_URL); String pat = request.param(PARAM_PERSONAL_ACCESS_TOKEN); try (DbSession dbSession = dbClient.openSession(false)) { @@ -94,6 +93,9 @@ public class UpdateBitbucketAction implements AlmSettingsWsAction { almSettingsSupport.checkAlmSettingDoesNotAlreadyExist(dbSession, newKey); } + String url = request.mandatoryParam(PARAM_URL); + almSettingsSupport.checkPatOnUrlUpdate(almSettingDto, url, pat); + if (isNotBlank(pat)) { almSettingDto.setPersonalAccessToken(pat); } diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/almsettings/ws/UpdateBitbucketActionTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/almsettings/ws/UpdateBitbucketActionTest.java index 86972538b10..0a8162b36eb 100644 --- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/almsettings/ws/UpdateBitbucketActionTest.java +++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/almsettings/ws/UpdateBitbucketActionTest.java @@ -31,6 +31,7 @@ import org.sonar.server.component.ComponentFinder; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.tester.UserSessionRule; +import org.sonar.server.ws.TestRequest; import org.sonar.server.ws.WsActionTester; import static java.lang.String.format; @@ -88,7 +89,23 @@ public class UpdateBitbucketActionTest { } @Test - public void update_without_pat() { + public void fail_when_url_updated_without_pat() { + UserDto user = db.users().insertUser(); + userSession.logIn(user).setSystemAdministrator(); + + AlmSettingDto almSettingDto = db.almSettings().insertBitbucketAlmSetting(); + + TestRequest request = ws.newRequest() + .setParam("key", almSettingDto.getKey()) + .setParam("url", "https://bitbucket.enterprise-unicorn.com"); + + assertThatThrownBy(() -> request.execute()) + .isInstanceOf(IllegalArgumentException.class) + .hasMessage("Please provide the Personal Access Token to update the URL."); + } + + @Test + public void update_with_url_change_needs_path() { UserDto user = db.users().insertUser(); userSession.logIn(user).setSystemAdministrator(); @@ -97,10 +114,12 @@ public class UpdateBitbucketActionTest { ws.newRequest() .setParam("key", almSettingDto.getKey()) .setParam("url", "https://bitbucket.enterprise-unicorn.com") + .setParam("personalAccessToken", "0123456789") .execute(); + assertThat(db.getDbClient().almSettingDao().selectAll(db.getSession())) .extracting(AlmSettingDto::getKey, AlmSettingDto::getUrl, s -> s.getDecryptedPersonalAccessToken(encryption)) - .containsOnly(tuple(almSettingDto.getKey(), "https://bitbucket.enterprise-unicorn.com", almSettingDto.getDecryptedPersonalAccessToken(encryption))); + .containsOnly(tuple(almSettingDto.getKey(), "https://bitbucket.enterprise-unicorn.com", "0123456789")); } @Test |