diff options
| author | Teryk Bellahsene <teryk.bellahsene@sonarsource.com> | 2016-05-04 11:06:45 +0200 |
|---|---|---|
| committer | Teryk Bellahsene <teryk.bellahsene@sonarsource.com> | 2016-05-06 11:14:12 +0200 |
| commit | 3833b03095b0af4e81977c7fd75d7623df4f878d (patch) | |
| tree | 7c947d67c1c87bb925b662b77e66cc7e13d36318 /sonar-db | |
| parent | 27f9120cef1ffe43e71e8b8dd3198c9526c88984 (diff) | |
| download | sonarqube-3833b03095b0af4e81977c7fd75d7623df4f878d.tar.gz sonarqube-3833b03095b0af4e81977c7fd75d7623df4f878d.zip | |
SONAR-7526 WS api/user_tokens/generate functional checks of name and token hash
Diffstat (limited to 'sonar-db')
3 files changed, 93 insertions, 2 deletions
diff --git a/sonar-db/src/main/java/org/sonar/db/user/UserTokenDto.java b/sonar-db/src/main/java/org/sonar/db/user/UserTokenDto.java index c414d9bc92a..ce227272195 100644 --- a/sonar-db/src/main/java/org/sonar/db/user/UserTokenDto.java +++ b/sonar-db/src/main/java/org/sonar/db/user/UserTokenDto.java @@ -19,6 +19,9 @@ */ package org.sonar.db.user; +import static org.sonar.db.user.UserTokenValidator.checkTokenHash; +import static org.sonar.db.user.UserTokenValidator.checkTokenName; + public class UserTokenDto { private String login; private String name; @@ -39,7 +42,7 @@ public class UserTokenDto { } public UserTokenDto setName(String name) { - this.name = name; + this.name = checkTokenName(name); return this; } @@ -48,7 +51,7 @@ public class UserTokenDto { } public UserTokenDto setTokenHash(String tokenHash) { - this.tokenHash = tokenHash; + this.tokenHash = checkTokenHash(tokenHash); return this; } diff --git a/sonar-db/src/main/java/org/sonar/db/user/UserTokenValidator.java b/sonar-db/src/main/java/org/sonar/db/user/UserTokenValidator.java new file mode 100644 index 00000000000..b4b4064bce0 --- /dev/null +++ b/sonar-db/src/main/java/org/sonar/db/user/UserTokenValidator.java @@ -0,0 +1,41 @@ +/* + * SonarQube + * Copyright (C) 2009-2016 SonarSource SA + * mailto:contact AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.db.user; + +import static com.google.common.base.Preconditions.checkArgument; + +public class UserTokenValidator { + private static final int MAX_TOKEN_NAME_LENGTH = 100; + private static final int MAX_TOKEN_HASH_LENGTH = 255; + + private UserTokenValidator() { + // utility methods + } + + public static String checkTokenName(String name) { + checkArgument(name.length() <= MAX_TOKEN_NAME_LENGTH, "Token name length (%s) is longer than the maximum authorized (%s)", name.length(), MAX_TOKEN_NAME_LENGTH); + return name; + } + + static String checkTokenHash(String hash) { + checkArgument(hash.length() <= MAX_TOKEN_HASH_LENGTH, "Token hash length (%s) is longer than the maximum authorized (%s)", hash.length(), MAX_TOKEN_HASH_LENGTH); + return hash; + } +} diff --git a/sonar-db/src/test/java/org/sonar/db/user/UserTokenDtoTest.java b/sonar-db/src/test/java/org/sonar/db/user/UserTokenDtoTest.java new file mode 100644 index 00000000000..af8b0918f39 --- /dev/null +++ b/sonar-db/src/test/java/org/sonar/db/user/UserTokenDtoTest.java @@ -0,0 +1,47 @@ +/* + * SonarQube + * Copyright (C) 2009-2016 SonarSource SA + * mailto:contact AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.db.user; + +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.ExpectedException; + +import static org.apache.commons.lang.RandomStringUtils.randomAlphabetic; + +public class UserTokenDtoTest { + @Rule + public ExpectedException expectedException = ExpectedException.none(); + + @Test + public void fail_if_name_is_longer_than_100_characters() { + expectedException.expect(IllegalArgumentException.class); + expectedException.expectMessage("Token name length (101) is longer than the maximum authorized (100)"); + + new UserTokenDto().setName(randomAlphabetic(101)); + } + + @Test + public void fail_if_token_hash_is_longer_than_255_characters() { + expectedException.expect(IllegalArgumentException.class); + expectedException.expectMessage("Token hash length (256) is longer than the maximum authorized (255)"); + + new UserTokenDto().setTokenHash(randomAlphabetic(256)); + } +} |