diff options
author | Julien Lancelot <julien.lancelot@sonarsource.com> | 2016-07-05 08:19:46 +0200 |
---|---|---|
committer | Julien Lancelot <julien.lancelot@sonarsource.com> | 2016-07-05 08:19:46 +0200 |
commit | 8168dffb0103a5861b836c03e3e0bd00f132eeb1 (patch) | |
tree | 91a848ee210754495a311168a9138ee09edd3864 /server | |
parent | b3aa5f8069bbd1dbc4e3ae754641f15462f4f17a (diff) | |
download | sonarqube-8168dffb0103a5861b836c03e3e0bd00f132eeb1.tar.gz sonarqube-8168dffb0103a5861b836c03e3e0bd00f132eeb1.zip |
SONAR-7732 Do not remove cookies when user is not authenticated
Diffstat (limited to 'server')
4 files changed, 7 insertions, 23 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/authentication/JwtHttpHandler.java b/server/sonar-server/src/main/java/org/sonar/server/authentication/JwtHttpHandler.java index 2e8e88e258f..ab847de238f 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/authentication/JwtHttpHandler.java +++ b/server/sonar-server/src/main/java/org/sonar/server/authentication/JwtHttpHandler.java @@ -94,7 +94,6 @@ public class JwtHttpHandler { if (userDto.isPresent()) { return userDto; } - removeToken(response); return Optional.empty(); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java b/server/sonar-server/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java index d25063ba7fd..3b2053eee66 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java +++ b/server/sonar-server/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java @@ -85,7 +85,6 @@ public class UserSessionInitializer { setUserSession(request, response); return true; } catch (UnauthorizedException e) { - jwtHttpHandler.removeToken(response); response.setStatus(HTTP_UNAUTHORIZED); if (isWsUrl(path)) { return false; diff --git a/server/sonar-server/src/test/java/org/sonar/server/authentication/JwtHttpHandlerTest.java b/server/sonar-server/src/test/java/org/sonar/server/authentication/JwtHttpHandlerTest.java index e276fde6007..0d0ce6cf511 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/authentication/JwtHttpHandlerTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/authentication/JwtHttpHandlerTest.java @@ -196,7 +196,7 @@ public class JwtHttpHandlerTest { } @Test - public void validate_token_removes_session_when_disconnected_timeout_is_reached() throws Exception { + public void validate_token_does_not_refresh_session_when_disconnected_timeout_is_reached() throws Exception { addJwtCookie(); // Token was created 4 months ago, refreshed 4 minutes ago, and it expired in 5 minutes @@ -206,12 +206,10 @@ public class JwtHttpHandlerTest { when(jwtSerializer.decode(JWT_TOKEN)).thenReturn(Optional.of(claims)); assertThat(underTest.validateToken(request, response).isPresent()).isFalse(); - - verifyCookie(findCookie("JWT-SESSION").get(), null, 0); } @Test - public void validate_token_removes_session_when_user_is_disabled() throws Exception { + public void validate_token_does_not_refresh_session_when_user_is_disabled() throws Exception { addJwtCookie(); UserDto user = addUser(false); @@ -219,19 +217,15 @@ public class JwtHttpHandlerTest { when(jwtSerializer.decode(JWT_TOKEN)).thenReturn(Optional.of(claims)); assertThat(underTest.validateToken(request, response).isPresent()).isFalse(); - - verifyCookie(findCookie("JWT-SESSION").get(), null, 0); } @Test - public void validate_token_removes_session_when_token_is_no_more_valid() throws Exception { + public void validate_token_does_not_refresh_session_when_token_is_no_more_valid() throws Exception { addJwtCookie(); when(jwtSerializer.decode(JWT_TOKEN)).thenReturn(Optional.empty()); assertThat(underTest.validateToken(request, response).isPresent()).isFalse(); - - verifyCookie(findCookie("JWT-SESSION").get(), null, 0); } @Test @@ -280,18 +274,6 @@ public class JwtHttpHandlerTest { } @Test - public void validate_token_remove_state_when_removing_token() throws Exception { - addJwtCookie(); - // Token is invalid => it will be removed - when(jwtSerializer.decode(JWT_TOKEN)).thenReturn(Optional.empty()); - - underTest.validateToken(request, response); - - verifyCookie(findCookie("JWT-SESSION").get(), null, 0); - verify(jwtCsrfVerifier).removeState(response); - } - - @Test public void remove_token() throws Exception { underTest.removeToken(response); diff --git a/server/sonar-server/src/test/java/org/sonar/server/authentication/UserSessionInitializerTest.java b/server/sonar-server/src/test/java/org/sonar/server/authentication/UserSessionInitializerTest.java index 6ea3fcd2007..dba52e8d4dc 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/authentication/UserSessionInitializerTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/authentication/UserSessionInitializerTest.java @@ -137,6 +137,7 @@ public class UserSessionInitializerTest { assertThat(underTest.initUserSession(request, response)).isTrue(); verify(response).setStatus(401); + verifyZeroInteractions(userSession); } @Test @@ -149,6 +150,7 @@ public class UserSessionInitializerTest { assertThat(underTest.initUserSession(request, response)).isTrue(); verify(response).setStatus(401); + verifyZeroInteractions(userSession); } @Test @@ -159,6 +161,7 @@ public class UserSessionInitializerTest { assertThat(underTest.initUserSession(request, response)).isFalse(); verify(response).setStatus(401); + verifyZeroInteractions(userSession); } @Test @@ -169,6 +172,7 @@ public class UserSessionInitializerTest { assertThat(underTest.initUserSession(request, response)).isFalse(); verify(response).setStatus(401); + verifyZeroInteractions(userSession); } @Test |