aboutsummaryrefslogtreecommitdiffstats
path: root/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/authentication_controller.rb
blob: 2429a9b8bcfd67fb7529967ec314d29b2eb37f67 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

#
# SonarQube, open source software quality management tool.
# Copyright (C) 2008-2014 SonarSource
# mailto:contact AT sonarsource DOT com
#
# SonarQube is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 3 of the License, or (at your option) any later version.
#
# SonarQube is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with this program; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
#
class Api::AuthenticationController < Api::ApiController
  skip_before_filter :check_authentication

  # prevent HTTP proxies from caching authentication status
  before_filter :set_cache_buster

  #
  # GET /api/authentication/validate
  # curl http://localhost:9000/api/authentication/validate -v -u admin:admin
  #
  # Since v.3.3
  def validate
    hash={:valid => valid?}

    # make sure no authentication information is left by
    # this validation 
    reset_session
    cookies[:auth_token]

    respond_to do |format|
      format.json { render :json => jsonp(hash) }
      format.xml { render :xml => hash.to_xml(:skip_types => true, :root => 'authentication') }
      format.text { render :text => text_not_supported }
    end
  end

  private

  def valid?
    logged_in? || (!force_authentication? && anonymous?)
  end

  def force_authentication?
    property = Property.by_key(org.sonar.api.CoreProperties.CORE_FORCE_AUTHENTICATION_PROPERTY)
    property ? property.value == 'true' : false
  end

  def anonymous?
    !session.has_key?(:user_id)
  end

  def set_cache_buster
    response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
    response.headers["Pragma"] = "no-cache"
    response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
  end

end
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-07 02:16:57 +0000