aboutsummaryrefslogtreecommitdiffstats
path: root/server/sonar-webserver-webapi
diff options
context:
space:
mode:
authorAntoine Vigneau <antoine.vigneau@sonarsource.com>2024-03-19 11:58:22 +0100
committersonartech <sonartech@sonarsource.com>2024-03-20 20:02:43 +0000
commit0ae8d1634c2369bc24e71d2f46e6193c0db5caa4 (patch)
tree9c03df0836c89351405f20018ac5f5aff337f791 /server/sonar-webserver-webapi
parent4eec8f1729f8566b9c553d17b09801ba15cccc36 (diff)
downloadsonarqube-0ae8d1634c2369bc24e71d2f46e6193c0db5caa4.tar.gz
sonarqube-0ae8d1634c2369bc24e71d2f46e6193c0db5caa4.zip
SONAR-21879 Fix SSF-568
Diffstat (limited to 'server/sonar-webserver-webapi')
-rw-r--r--server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/AlmSettingsSupport.java12
-rw-r--r--server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/UpdateBitbucketAction.java4
-rw-r--r--server/sonar-webserver-webapi/src/test/java/org/sonar/server/almsettings/ws/UpdateBitbucketActionTest.java23
3 files changed, 34 insertions, 5 deletions
diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/AlmSettingsSupport.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/AlmSettingsSupport.java
index df9d6287c38..e10272d2612 100644
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/AlmSettingsSupport.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/AlmSettingsSupport.java
@@ -117,8 +117,16 @@ public class AlmSettingsSupport {
}
public void checkPrivateKeyOnUrlUpdate(AlmSettingDto almSettingDto, String url, @Nullable String privateKey) {
- if (!url.equals(almSettingDto.getUrl()) && isEmpty(privateKey)) {
- throw new IllegalArgumentException("Please provide the Private Key to update the URL.");
+ checkCredentialArtifactOnUrlUpdate(url, almSettingDto, privateKey, "Please provide the Private Key to update the URL.");
+ }
+
+ public void checkPatOnUrlUpdate(AlmSettingDto almSettingDto, String url, @Nullable String pat) {
+ checkCredentialArtifactOnUrlUpdate(url, almSettingDto, pat, "Please provide the Personal Access Token to update the URL.");
+ }
+
+ private static void checkCredentialArtifactOnUrlUpdate(String url, AlmSettingDto almSettingDto, @Nullable String credentialArtifact, String errorMessage) {
+ if (!url.equals(almSettingDto.getUrl()) && isEmpty(credentialArtifact)) {
+ throw new IllegalArgumentException(errorMessage);
}
}
}
diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/UpdateBitbucketAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/UpdateBitbucketAction.java
index fc2bc34beab..24e17c187f0 100644
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/UpdateBitbucketAction.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/almsettings/ws/UpdateBitbucketAction.java
@@ -85,7 +85,6 @@ public class UpdateBitbucketAction implements AlmSettingsWsAction {
private void doHandle(Request request) {
String key = request.mandatoryParam(PARAM_KEY);
String newKey = request.param(PARAM_NEW_KEY);
- String url = request.mandatoryParam(PARAM_URL);
String pat = request.param(PARAM_PERSONAL_ACCESS_TOKEN);
try (DbSession dbSession = dbClient.openSession(false)) {
@@ -94,6 +93,9 @@ public class UpdateBitbucketAction implements AlmSettingsWsAction {
almSettingsSupport.checkAlmSettingDoesNotAlreadyExist(dbSession, newKey);
}
+ String url = request.mandatoryParam(PARAM_URL);
+ almSettingsSupport.checkPatOnUrlUpdate(almSettingDto, url, pat);
+
if (isNotBlank(pat)) {
almSettingDto.setPersonalAccessToken(pat);
}
diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/almsettings/ws/UpdateBitbucketActionTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/almsettings/ws/UpdateBitbucketActionTest.java
index 86972538b10..0a8162b36eb 100644
--- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/almsettings/ws/UpdateBitbucketActionTest.java
+++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/almsettings/ws/UpdateBitbucketActionTest.java
@@ -31,6 +31,7 @@ import org.sonar.server.component.ComponentFinder;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.tester.UserSessionRule;
+import org.sonar.server.ws.TestRequest;
import org.sonar.server.ws.WsActionTester;
import static java.lang.String.format;
@@ -88,7 +89,23 @@ public class UpdateBitbucketActionTest {
}
@Test
- public void update_without_pat() {
+ public void fail_when_url_updated_without_pat() {
+ UserDto user = db.users().insertUser();
+ userSession.logIn(user).setSystemAdministrator();
+
+ AlmSettingDto almSettingDto = db.almSettings().insertBitbucketAlmSetting();
+
+ TestRequest request = ws.newRequest()
+ .setParam("key", almSettingDto.getKey())
+ .setParam("url", "https://bitbucket.enterprise-unicorn.com");
+
+ assertThatThrownBy(() -> request.execute())
+ .isInstanceOf(IllegalArgumentException.class)
+ .hasMessage("Please provide the Personal Access Token to update the URL.");
+ }
+
+ @Test
+ public void update_with_url_change_needs_path() {
UserDto user = db.users().insertUser();
userSession.logIn(user).setSystemAdministrator();
@@ -97,10 +114,12 @@ public class UpdateBitbucketActionTest {
ws.newRequest()
.setParam("key", almSettingDto.getKey())
.setParam("url", "https://bitbucket.enterprise-unicorn.com")
+ .setParam("personalAccessToken", "0123456789")
.execute();
+
assertThat(db.getDbClient().almSettingDao().selectAll(db.getSession()))
.extracting(AlmSettingDto::getKey, AlmSettingDto::getUrl, s -> s.getDecryptedPersonalAccessToken(encryption))
- .containsOnly(tuple(almSettingDto.getKey(), "https://bitbucket.enterprise-unicorn.com", almSettingDto.getDecryptedPersonalAccessToken(encryption)));
+ .containsOnly(tuple(almSettingDto.getKey(), "https://bitbucket.enterprise-unicorn.com", "0123456789"));
}
@Test