diff options
| author | Jacek <jacek.poreda@sonarsource.com> | 2020-11-18 10:08:33 +0100 |
|---|---|---|
| committer | sonartech <sonartech@sonarsource.com> | 2020-11-26 20:06:29 +0000 |
| commit | 6e18f97ab530ffc932b1b2a2888e31e112b4be96 (patch) | |
| tree | c6a84fec314040d252d1b12725fa6ac8996a1566 /sonar-core | |
| parent | 6424be5625e272f415067c9cd39af5fa07689c9a (diff) | |
| download | sonarqube-6e18f97ab530ffc932b1b2a2888e31e112b4be96.tar.gz sonarqube-6e18f97ab530ffc932b1b2a2888e31e112b4be96.zip | |
SONAR-14159 enforce user authentication by default
Diffstat (limited to 'sonar-core')
| -rw-r--r-- | sonar-core/src/main/java/org/sonar/core/config/SecurityProperties.java | 3 | ||||
| -rw-r--r-- | sonar-core/src/test/java/org/sonar/core/config/SecurityPropertiesTest.java | 42 |
2 files changed, 44 insertions, 1 deletions
diff --git a/sonar-core/src/main/java/org/sonar/core/config/SecurityProperties.java b/sonar-core/src/main/java/org/sonar/core/config/SecurityProperties.java index a9e93b8a5a2..17f898d8512 100644 --- a/sonar-core/src/main/java/org/sonar/core/config/SecurityProperties.java +++ b/sonar-core/src/main/java/org/sonar/core/config/SecurityProperties.java @@ -39,7 +39,8 @@ class SecurityProperties { .name("Force user authentication") .description( "Forcing user authentication prevents anonymous users from accessing the SonarQube UI, or project data via the Web API. " - + "Some specific read-only Web APIs, including those required to prompt authentication, are still available anonymously.") + + "Some specific read-only Web APIs, including those required to prompt authentication, are still available anonymously." + + "<br><strong>Disabling this setting can expose the instance to security risks.</strong>") .type(PropertyType.BOOLEAN) .category(CoreProperties.CATEGORY_SECURITY) .build()); diff --git a/sonar-core/src/test/java/org/sonar/core/config/SecurityPropertiesTest.java b/sonar-core/src/test/java/org/sonar/core/config/SecurityPropertiesTest.java new file mode 100644 index 00000000000..21c60bcb075 --- /dev/null +++ b/sonar-core/src/test/java/org/sonar/core/config/SecurityPropertiesTest.java @@ -0,0 +1,42 @@ +/* + * SonarQube + * Copyright (C) 2009-2020 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.core.config; + +import java.util.Optional; +import org.junit.Test; +import org.sonar.api.config.PropertyDefinition; + +import static org.assertj.core.api.Assertions.assertThat; + +public class SecurityPropertiesTest { + + @Test + public void creates_properties() { + assertThat(SecurityProperties.all()).isNotEmpty(); + Optional<PropertyDefinition> propertyDefinition = SecurityProperties.all().stream() + .filter(d -> d.key().equals("sonar.forceAuthentication")).findFirst(); + assertThat(propertyDefinition) + .isNotEmpty() + .get() + .extracting(PropertyDefinition::defaultValue) + .isEqualTo("true"); + } + +} |