From 6e18f97ab530ffc932b1b2a2888e31e112b4be96 Mon Sep 17 00:00:00 2001 From: Jacek Date: Wed, 18 Nov 2020 10:08:33 +0100 Subject: SONAR-14159 enforce user authentication by default --- .../org/sonar/server/authentication/ws/ValidateAction.java | 3 ++- .../sonar/server/authentication/ws/ValidateActionTest.java | 11 +++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) (limited to 'server/sonar-webserver-webapi/src') diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/authentication/ws/ValidateAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/authentication/ws/ValidateAction.java index e967996175c..061510b86e2 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/authentication/ws/ValidateAction.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/authentication/ws/ValidateAction.java @@ -39,6 +39,7 @@ import org.sonar.server.authentication.event.AuthenticationException; import org.sonar.server.ws.ServletFilterHandler; import org.sonarqube.ws.MediaTypes; +import static org.sonar.api.CoreProperties.CORE_FORCE_AUTHENTICATION_DEFAULT_VALUE; import static org.sonar.api.CoreProperties.CORE_FORCE_AUTHENTICATION_PROPERTY; import static org.sonar.server.authentication.ws.AuthenticationWs.AUTHENTICATION_CONTROLLER; @@ -96,7 +97,7 @@ public class ValidateAction extends ServletFilter implements AuthenticationWsAct if (user.isPresent()) { return true; } - return !config.getBoolean(CORE_FORCE_AUTHENTICATION_PROPERTY).orElse(false); + return !config.getBoolean(CORE_FORCE_AUTHENTICATION_PROPERTY).orElse(CORE_FORCE_AUTHENTICATION_DEFAULT_VALUE); } catch (AuthenticationException e) { return false; } diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/authentication/ws/ValidateActionTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/authentication/ws/ValidateActionTest.java index 368b518095d..fedb5224bd2 100644 --- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/authentication/ws/ValidateActionTest.java +++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/authentication/ws/ValidateActionTest.java @@ -125,6 +125,17 @@ public class ValidateActionTest { JsonAssert.assertJson(stringWriter.toString()).isSimilarTo("{\"valid\":false}"); } + @Test + public void return_false_when_no_jwt_nor_basic_auth_and_force_authentication_fallback_to_default() throws Exception { + when(jwtHttpHandler.validateToken(request, response)).thenReturn(Optional.empty()); + when(basicAuthentication.authenticate(request)).thenReturn(Optional.empty()); + + underTest.doFilter(request, response, chain); + + verify(response).setContentType(MediaTypes.JSON); + JsonAssert.assertJson(stringWriter.toString()).isSimilarTo("{\"valid\":false}"); + } + @Test public void return_false_when_jwt_throws_unauthorized_exception() throws Exception { doThrow(AuthenticationException.class).when(jwtHttpHandler).validateToken(request, response); -- cgit v1.2.3