From a5d505ac9b71b401691f452c69a994495c09cedb Mon Sep 17 00:00:00 2001 From: Aurelien Poscia Date: Mon, 8 Aug 2022 16:03:28 +0200 Subject: SONAR-17156 add unique index on project_uuid of project_badge_token and clean-up duplicates --- .../org/sonar/server/usertoken/TokenGenerator.java | 2 ++ .../org/sonar/server/usertoken/TokenGeneratorImpl.java | 18 ++++++++++++++---- .../sonar/server/usertoken/TokenGeneratorImplTest.java | 7 +++++++ 3 files changed, 23 insertions(+), 4 deletions(-) (limited to 'server/sonar-webserver-auth') diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/usertoken/TokenGenerator.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/usertoken/TokenGenerator.java index 1df9e1f8dad..4755c77ca94 100644 --- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/usertoken/TokenGenerator.java +++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/usertoken/TokenGenerator.java @@ -39,6 +39,8 @@ public interface TokenGenerator { */ String generate(TokenType tokenType); + String generateProjectBadgeToken(); + /** * Hash a token.
* Underlying algorithm, format and max length are diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/usertoken/TokenGeneratorImpl.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/usertoken/TokenGeneratorImpl.java index fee313bd1f0..1b9b88bc85c 100644 --- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/usertoken/TokenGeneratorImpl.java +++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/usertoken/TokenGeneratorImpl.java @@ -30,16 +30,26 @@ public class TokenGeneratorImpl implements TokenGenerator { @Override public String generate(TokenType tokenType) { - SecureRandom random = new SecureRandom(); - byte[] randomBytes = new byte[20]; - random.nextBytes(randomBytes); - return buildIdentifiablePartOfToken(tokenType) + Hex.encodeHexString(randomBytes); + String rawToken = generateRawToken(); + return buildIdentifiablePartOfToken(tokenType) + rawToken; } private static String buildIdentifiablePartOfToken(TokenType tokenType) { return SONARQUBE_TOKEN_PREFIX + tokenType.getIdentifier() + "_"; } + @Override + public String generateProjectBadgeToken() { + return generateRawToken(); + } + + private static String generateRawToken() { + SecureRandom random = new SecureRandom(); + byte[] randomBytes = new byte[20]; + random.nextBytes(randomBytes); + return Hex.encodeHexString(randomBytes); + } + @Override public String hash(String token) { return DigestUtils.sha384Hex(token); diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/usertoken/TokenGeneratorImplTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/usertoken/TokenGeneratorImplTest.java index 08a20be69b2..f89fc05f8a1 100644 --- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/usertoken/TokenGeneratorImplTest.java +++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/usertoken/TokenGeneratorImplTest.java @@ -60,6 +60,13 @@ public class TokenGeneratorImplTest { assertThat(token).matches("sqa_.{40}"); } + @Test + public void generateProjectBadgeToken_nullToken_shouldNotHavePrefix() { + String token = underTest.generateProjectBadgeToken(); + + assertThat(token).matches(".{40}"); + } + @Test public void token_does_not_contain_colon() { assertThat(underTest.generate(TokenType.USER_TOKEN)).doesNotContain(":"); -- cgit v1.2.3