From e9ab5675868c2469beaa5fb49a56d6a53860f59b Mon Sep 17 00:00:00 2001
From: Teryk Bellahsene <teryk.bellahsene@sonarsource.com>
Date: Thu, 22 Jun 2017 18:25:18 +0200
Subject: [PATCH] SONAR-9448 Sanitize api/qualityprofiles/remove_project

---
 .../server/component/ComponentFinder.java     |  1 +
 .../ws/RemoveProjectAction.java               | 26 ++++++++++--------
 .../ws/RemoveProjectActionTest.java           | 27 +++++++++++++------
 3 files changed, 35 insertions(+), 19 deletions(-)

diff --git a/server/sonar-server/src/main/java/org/sonar/server/component/ComponentFinder.java b/server/sonar-server/src/main/java/org/sonar/server/component/ComponentFinder.java
index 3a6ba665890f..a179d61ab294 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/component/ComponentFinder.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/component/ComponentFinder.java
@@ -146,6 +146,7 @@ public OrganizationDto getOrganization(DbSession dbSession, ComponentDto compone
   public enum ParamNames {
     PROJECT_ID_AND_KEY("projectId", "projectKey"),
     PROJECT_UUID_AND_KEY("projectUuid", "projectKey"),
+    PROJECT_UUID_AND_PROJECT("projectUuid", "project"),
     UUID_AND_KEY("uuid", "key"),
     ID_AND_KEY("id", "key"),
     COMPONENT_ID_AND_KEY("componentId", "componentKey"),
diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/RemoveProjectAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/RemoveProjectAction.java
index 035890436f70..1ea1ac98715b 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/RemoveProjectAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/RemoveProjectAction.java
@@ -34,9 +34,10 @@
 import org.sonar.server.exceptions.ForbiddenException;
 import org.sonar.server.user.UserSession;
 
+import static org.sonar.core.util.Uuids.UUID_EXAMPLE_09;
 import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001;
 import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.ACTION_REMOVE_PROJECT;
-import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROJECT_KEY;
+import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROJECT;
 import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROJECT_UUID;
 
 public class RemoveProjectAction implements QProfileWsAction {
@@ -59,23 +60,26 @@ public RemoveProjectAction(DbClient dbClient, UserSession userSession, Languages
   public void define(WebService.NewController controller) {
     NewAction action = controller.createAction(ACTION_REMOVE_PROJECT)
       .setSince("5.2")
-      .setDescription("Remove a project's association with a quality profile.")
+      .setDescription("Remove a project's association with a quality profile.<br> " +
+        "Requires to be logged in and the 'Administer Quality Profiles' permission.")
       .setPost(true)
       .setHandler(this);
     QProfileReference.defineParams(action, languages);
     QProfileWsSupport.createOrganizationParam(action).setSince("6.4");
 
-    action.createParam(PARAM_PROJECT_UUID)
-      .setDescription("A project UUID. Either this parameter, or projectKey must be set.")
-      .setExampleValue("69e57151-be0d-4157-adff-c06741d88879");
-    action.createParam(PARAM_PROJECT_KEY)
-      .setDescription("A project key. Either this parameter, or projectUuid must be set.")
+    action.createParam(PARAM_PROJECT)
+      .setDescription("Project key")
+      .setDeprecatedKey("projectKey", "6.5")
       .setExampleValue(KEY_PROJECT_EXAMPLE_001);
+    
+    action.createParam(PARAM_PROJECT_UUID)
+      .setDescription("Project ID. Either this parameter, or '%s' must be set.", PARAM_PROJECT)
+      .setDeprecatedSince("6.5")
+      .setExampleValue(UUID_EXAMPLE_09);
   }
 
   @Override
   public void handle(Request request, Response response) throws Exception {
-    // fail fast if not logged in
     userSession.checkLoggedIn();
 
     try (DbSession dbSession = dbClient.openSession(false)) {
@@ -83,7 +87,7 @@ public void handle(Request request, Response response) throws Exception {
       QProfileDto profile = wsSupport.getProfile(dbSession, QProfileReference.from(request));
 
       if (!profile.getOrganizationUuid().equals(project.getOrganizationUuid())) {
-        throw new IllegalArgumentException("Project and Quality profile must have same organization");
+        throw new IllegalArgumentException("Project and Quality profile must have the same organization");
       }
 
       dbClient.qualityProfileDao().deleteProjectProfileAssociation(dbSession, project, profile);
@@ -94,9 +98,9 @@ public void handle(Request request, Response response) throws Exception {
   }
 
   private ComponentDto loadProject(DbSession dbSession, Request request) {
-    String projectKey = request.param(PARAM_PROJECT_KEY);
+    String projectKey = request.param(PARAM_PROJECT);
     String projectUuid = request.param(PARAM_PROJECT_UUID);
-    ComponentDto project = componentFinder.getByUuidOrKey(dbSession, projectUuid, projectKey, ComponentFinder.ParamNames.PROJECT_UUID_AND_KEY);
+    ComponentDto project = componentFinder.getByUuidOrKey(dbSession, projectUuid, projectKey, ComponentFinder.ParamNames.PROJECT_UUID_AND_PROJECT);
     checkAdministrator(project);
     return project;
   }
diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RemoveProjectActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RemoveProjectActionTest.java
index a17b31e44595..28ed1dac1cf9 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RemoveProjectActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RemoveProjectActionTest.java
@@ -60,24 +60,35 @@ public class RemoveProjectActionTest {
   private DbClient dbClient = db.getDbClient();
   private Languages languages = LanguageTesting.newLanguages(LANGUAGE_1, LANGUAGE_2);
   private QProfileWsSupport wsSupport = new QProfileWsSupport(dbClient, userSession, TestDefaultOrganizationProvider.from(db));
+
   private RemoveProjectAction underTest = new RemoveProjectAction(dbClient, userSession, languages,
       new ComponentFinder(dbClient, new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT)), wsSupport);
-  private WsActionTester tester = new WsActionTester(underTest);
+  private WsActionTester ws = new WsActionTester(underTest);
 
   @Test
-  public void test_definition() {
-    WebService.Action definition = tester.getDef();
+  public void definition() {
+    WebService.Action definition = ws.getDef();
+
     assertThat(definition.since()).isEqualTo("5.2");
     assertThat(definition.isPost()).isTrue();
+    assertThat(definition.key()).isEqualTo("remove_project");
 
-    // parameters
-    assertThat(definition.params()).extracting(WebService.Param::key).containsOnly("profile", "profileName", "projectKey", "language", "projectUuid", "organization");
+    assertThat(definition.params()).extracting(WebService.Param::key).containsOnly("profile", "profileName", "project", "language", "projectUuid", "organization");
     WebService.Param languageParam = definition.param("language");
     assertThat(languageParam.possibleValues()).containsOnly(LANGUAGE_1, LANGUAGE_2);
     assertThat(languageParam.exampleValue()).isNull();
+    assertThat(languageParam.deprecatedSince()).isEqualTo("6.5");
     WebService.Param organizationParam = definition.param("organization");
     assertThat(organizationParam.since()).isEqualTo("6.4");
     assertThat(organizationParam.isInternal()).isTrue();
+    WebService.Param profile = definition.param("profile");
+    assertThat(profile.deprecatedKey()).isEqualTo("profileKey");
+    WebService.Param profileName = definition.param("profileName");
+    assertThat(profileName.deprecatedSince()).isEqualTo("6.5");
+    WebService.Param project = definition.param("project");
+    assertThat(project.deprecatedKey()).isEqualTo("projectKey");
+    WebService.Param projectUuid = definition.param("projectUuid");
+    assertThat(projectUuid.deprecatedSince()).isEqualTo("6.5");
   }
 
   @Test
@@ -154,7 +165,7 @@ public void throw_NotFoundException_if_project_does_not_exist() {
     expectedException.expect(NotFoundException.class);
     expectedException.expectMessage("Component id 'unknown' not found");
 
-    tester.newRequest()
+    ws.newRequest()
       .setParam("projectUuid", "unknown")
       .setParam("profileKey", profile.getKee())
       .execute();
@@ -168,7 +179,7 @@ public void throw_NotFoundException_if_profile_does_not_exist() {
     expectedException.expect(NotFoundException.class);
     expectedException.expectMessage("Quality Profile with key 'unknown' does not exist");
 
-    tester.newRequest()
+    ws.newRequest()
       .setParam("projectUuid", project.uuid())
       .setParam("profileKey", "unknown")
       .execute();
@@ -189,7 +200,7 @@ private void logInAsProfileAdmin() {
   }
 
   private TestResponse call(ComponentDto project, QProfileDto qualityProfile) {
-    TestRequest request = tester.newRequest()
+    TestRequest request = ws.newRequest()
       .setParam("projectUuid", project.uuid())
       .setParam("profileKey", qualityProfile.getKee());
     return request.execute();