Skip to content
This repository was archived by the owner on Jun 9, 2021. It is now read-only.

Commit ff78ac1

Browse files
committed
Not exposing username, password, in REST
1 parent 51599e7 commit ff78ac1

File tree

13 files changed

+171
-39
lines changed

13 files changed

+171
-39
lines changed

CHANGELOG.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,16 @@
22

33
Changelog of Pull Request Notifier for Bitbucket.
44

5+
## Unreleased
6+
### No issue
7+
Not exposing username, password, in REST
8+
9+
[a565291be41b9b3](https://github.com/tomasbjerre/pull-request-notifier-for-bitbucket/commit/a565291be41b9b3) Tomas Bjerre *2017-07-20 18:05:37*
10+
11+
doc
12+
13+
[51599e783601d51](https://github.com/tomasbjerre/pull-request-notifier-for-bitbucket/commit/51599e783601d51) Tomas Bjerre *2017-07-17 17:21:19*
14+
515
## 3.3
616
### GitHub [#233](https://github.com/tomasbjerre/pull-request-notifier-for-bitbucket/issues/233) Variable renderer tries to render extra variables
717
Avoid crash when variable resolved to string with dollar sign

src/main/java/se/bjurr/prnfb/presentation/dto/NotificationDTO.java

Lines changed: 53 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,13 +8,13 @@
88
import javax.xml.bind.annotation.XmlAccessorType;
99
import javax.xml.bind.annotation.XmlRootElement;
1010

11-
import com.google.common.base.Optional;
12-
1311
import se.bjurr.prnfb.http.UrlInvoker.HTTP_METHOD;
1412
import se.bjurr.prnfb.service.PrnfbRenderer.ENCODE_FOR;
1513
import se.bjurr.prnfb.settings.Restricted;
1614
import se.bjurr.prnfb.settings.TRIGGER_IF_MERGE;
1715

16+
import com.google.common.base.Optional;
17+
1818
@XmlRootElement
1919
@XmlAccessorType(FIELD)
2020
public class NotificationDTO implements Comparable<NotificationDTO>, Restricted {
@@ -427,4 +427,55 @@ public void setProxySchema(String proxySchema) {
427427
public String getProxySchema() {
428428
return proxySchema;
429429
}
430+
431+
@Override
432+
public String toString() {
433+
return "NotificationDTO [filterRegexp="
434+
+ filterRegexp
435+
+ ", filterString="
436+
+ filterString
437+
+ ", headers="
438+
+ headers
439+
+ ", injectionUrl="
440+
+ injectionUrl
441+
+ ", injectionUrlRegexp="
442+
+ injectionUrlRegexp
443+
+ ", method="
444+
+ method
445+
+ ", name="
446+
+ name
447+
+ ", password="
448+
+ password
449+
+ ", postContent="
450+
+ postContent
451+
+ ", projectKey="
452+
+ projectKey
453+
+ ", proxyPassword="
454+
+ proxyPassword
455+
+ ", proxyPort="
456+
+ proxyPort
457+
+ ", proxyServer="
458+
+ proxyServer
459+
+ ", proxySchema="
460+
+ proxySchema
461+
+ ", proxyUser="
462+
+ proxyUser
463+
+ ", repositorySlug="
464+
+ repositorySlug
465+
+ ", triggerIfCanMerge="
466+
+ triggerIfCanMerge
467+
+ ", triggerIgnoreStateList="
468+
+ triggerIgnoreStateList
469+
+ ", triggers="
470+
+ triggers
471+
+ ", url="
472+
+ url
473+
+ ", user="
474+
+ user
475+
+ ", uuid="
476+
+ uuid
477+
+ ", postContentEncoding="
478+
+ postContentEncoding
479+
+ "]";
480+
}
430481
}

src/main/java/se/bjurr/prnfb/service/SettingsService.java

Lines changed: 60 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99
import static com.google.common.collect.Iterables.tryFind;
1010
import static com.google.common.collect.Lists.newArrayList;
1111
import static se.bjurr.prnfb.settings.PrnfbNotificationBuilder.prnfbNotificationBuilder;
12+
import static se.bjurr.prnfb.settings.PrnfbSettings.UNCHANGED;
1213
import static se.bjurr.prnfb.settings.PrnfbSettingsBuilder.prnfbSettingsBuilder;
1314
import static se.bjurr.prnfb.settings.PrnfbSettingsDataBuilder.prnfbSettingsDataBuilder;
1415

@@ -18,18 +19,6 @@
1819
import org.slf4j.Logger;
1920
import org.slf4j.LoggerFactory;
2021

21-
import com.atlassian.bitbucket.pull.PullRequestState;
22-
import com.atlassian.bitbucket.user.SecurityService;
23-
import com.atlassian.bitbucket.util.Operation;
24-
import com.atlassian.sal.api.pluginsettings.PluginSettings;
25-
import com.atlassian.sal.api.pluginsettings.PluginSettingsFactory;
26-
import com.atlassian.sal.api.transaction.TransactionCallback;
27-
import com.atlassian.sal.api.transaction.TransactionTemplate;
28-
import com.google.common.annotations.VisibleForTesting;
29-
import com.google.common.base.Optional;
30-
import com.google.common.base.Predicate;
31-
import com.google.gson.Gson;
32-
3322
import se.bjurr.prnfb.listener.PrnfbPullRequestAction;
3423
import se.bjurr.prnfb.presentation.dto.ON_OR_OFF;
3524
import se.bjurr.prnfb.settings.HasUuid;
@@ -45,6 +34,18 @@
4534
import se.bjurr.prnfb.settings.legacy.Header;
4635
import se.bjurr.prnfb.settings.legacy.SettingsStorage;
4736

37+
import com.atlassian.bitbucket.pull.PullRequestState;
38+
import com.atlassian.bitbucket.user.SecurityService;
39+
import com.atlassian.bitbucket.util.Operation;
40+
import com.atlassian.sal.api.pluginsettings.PluginSettings;
41+
import com.atlassian.sal.api.pluginsettings.PluginSettingsFactory;
42+
import com.atlassian.sal.api.transaction.TransactionCallback;
43+
import com.atlassian.sal.api.transaction.TransactionTemplate;
44+
import com.google.common.annotations.VisibleForTesting;
45+
import com.google.common.base.Optional;
46+
import com.google.common.base.Predicate;
47+
import com.google.gson.Gson;
48+
4849
public class SettingsService {
4950

5051
public static final String STORAGE_KEY = "se.bjurr.prnfb.pull-request-notifier-for-bitbucket-3";
@@ -233,20 +234,44 @@ private PrnfbButton doAddOrUpdateButton(PrnfbButton prnfbButton) {
233234
return prnfbButton;
234235
}
235236

236-
private PrnfbNotification doAddOrUpdateNotification(PrnfbNotification prnfbNotification)
237+
private PrnfbNotification doAddOrUpdateNotification(PrnfbNotification newNotification)
237238
throws ValidationException {
238-
if (findNotification(prnfbNotification.getUuid()).isPresent()) {
239-
doDeleteNotification(prnfbNotification.getUuid());
239+
Optional<PrnfbNotification> oldNotification = findNotification(newNotification.getUuid());
240+
if (oldNotification.isPresent()) {
241+
String user = keepIfUnchanged(newNotification.getUser(), oldNotification.get().getUser());
242+
String password =
243+
keepIfUnchanged(newNotification.getPassword(), oldNotification.get().getPassword());
244+
String proxyUser =
245+
keepIfUnchanged(newNotification.getProxyUser(), oldNotification.get().getProxyUser());
246+
String proxyPassword =
247+
keepIfUnchanged(
248+
newNotification.getProxyPassword(), oldNotification.get().getProxyPassword());
249+
newNotification =
250+
prnfbNotificationBuilder(newNotification) //
251+
.withUser(user) //
252+
.withPassword(password) //
253+
.withProxyUser(proxyUser) //
254+
.withPassword(proxyPassword) //
255+
.build();
256+
doDeleteNotification(newNotification.getUuid());
240257
}
241258

242259
PrnfbSettings originalSettings = doGetPrnfbSettings();
243260
PrnfbSettings updated =
244261
prnfbSettingsBuilder(originalSettings) //
245-
.withNotification(prnfbNotification) //
262+
.withNotification(newNotification) //
246263
.build();
247264

248265
doSetPrnfbSettings(updated);
249-
return prnfbNotification;
266+
return newNotification;
267+
}
268+
269+
private String keepIfUnchanged(Optional<String> newValue, Optional<String> oldValue) {
270+
boolean isUnchanged = newValue.isPresent() && newValue.get().equals(UNCHANGED);
271+
if (isUnchanged) {
272+
return oldValue.orNull();
273+
}
274+
return newValue.orNull();
250275
}
251276

252277
private void doDeleteButton(UUID uuid) {
@@ -303,8 +328,24 @@ private PrnfbSettings doGetPrnfbSettings() {
303328
return gson.fromJson(storedSettings.toString(), PrnfbSettings.class);
304329
}
305330

306-
private void doSetPrnfbSettings(PrnfbSettings PrnfbSettings) {
307-
String data = gson.toJson(PrnfbSettings);
331+
private void doSetPrnfbSettings(PrnfbSettings newSettings) {
332+
PrnfbSettingsData oldSettingsData = doGetPrnfbSettings().getPrnfbSettingsData();
333+
PrnfbSettingsData newSettingsData = newSettings.getPrnfbSettingsData();
334+
String keyStorePassword =
335+
keepIfUnchanged(
336+
newSettingsData.getKeyStorePassword(), oldSettingsData.getKeyStorePassword());
337+
338+
PrnfbSettingsData adjustedSettingsData =
339+
prnfbSettingsDataBuilder(newSettingsData) //
340+
.setKeyStorePassword(keyStorePassword) //
341+
.build();
342+
343+
PrnfbSettings adjustedSettings =
344+
prnfbSettingsBuilder(newSettings) //
345+
.setPrnfbSettingsData(adjustedSettingsData) //
346+
.build();
347+
348+
String data = gson.toJson(adjustedSettings);
308349
this.pluginSettings.put(STORAGE_KEY, data);
309350
}
310351

src/main/java/se/bjurr/prnfb/settings/PrnfbNotification.java

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -14,14 +14,14 @@
1414
import java.util.List;
1515
import java.util.UUID;
1616

17-
import com.atlassian.bitbucket.pull.PullRequestState;
18-
import com.google.common.base.MoreObjects;
19-
import com.google.common.base.Optional;
20-
2117
import se.bjurr.prnfb.http.UrlInvoker.HTTP_METHOD;
2218
import se.bjurr.prnfb.listener.PrnfbPullRequestAction;
2319
import se.bjurr.prnfb.service.PrnfbRenderer.ENCODE_FOR;
2420

21+
import com.atlassian.bitbucket.pull.PullRequestState;
22+
import com.google.common.base.MoreObjects;
23+
import com.google.common.base.Optional;
24+
2525
public class PrnfbNotification implements HasUuid, Restricted {
2626

2727
private static final String DEFAULT_NAME = "Notification";

src/main/java/se/bjurr/prnfb/settings/PrnfbSettings.java

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66
import java.util.List;
77

88
public class PrnfbSettings {
9+
public static final String UNCHANGED = "KEEP_THIS_TO_LEAVE_UNCHANGED";
910
private final List<PrnfbButton> buttons;
1011
private List<PrnfbNotification> notifications = newArrayList();
1112
private final PrnfbSettingsData prnfbSettingsData;
@@ -68,10 +69,10 @@ public PrnfbSettingsData getPrnfbSettingsData() {
6869
public int hashCode() {
6970
final int prime = 31;
7071
int result = 1;
71-
result = prime * result + ((this.buttons == null) ? 0 : this.buttons.hashCode());
72-
result = prime * result + ((this.notifications == null) ? 0 : this.notifications.hashCode());
72+
result = prime * result + (this.buttons == null ? 0 : this.buttons.hashCode());
73+
result = prime * result + (this.notifications == null ? 0 : this.notifications.hashCode());
7374
result =
74-
prime * result + ((this.prnfbSettingsData == null) ? 0 : this.prnfbSettingsData.hashCode());
75+
prime * result + (this.prnfbSettingsData == null ? 0 : this.prnfbSettingsData.hashCode());
7576
return result;
7677
}
7778
}

src/main/java/se/bjurr/prnfb/settings/PrnfbSettingsDataBuilder.java

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ private PrnfbSettingsDataBuilder(PrnfbSettingsData settings) {
2222
this.keyStore = settings.getKeyStore().orNull();
2323
this.keyStoreType = settings.getKeyStoreType();
2424
this.keyStorePassword = settings.getKeyStorePassword().orNull();
25+
this.adminRestriction = settings.getAdminRestriction();
2526
}
2627

2728
public PrnfbSettingsData build() {

src/main/java/se/bjurr/prnfb/transformer/NotificationTransformer.java

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -3,18 +3,19 @@
33
import static com.google.common.base.Strings.isNullOrEmpty;
44
import static com.google.common.collect.Lists.newArrayList;
55
import static se.bjurr.prnfb.settings.PrnfbNotificationBuilder.prnfbNotificationBuilder;
6+
import static se.bjurr.prnfb.settings.PrnfbSettings.UNCHANGED;
67

78
import java.util.List;
89

9-
import com.atlassian.bitbucket.pull.PullRequestState;
10-
1110
import se.bjurr.prnfb.listener.PrnfbPullRequestAction;
1211
import se.bjurr.prnfb.presentation.dto.HeaderDTO;
1312
import se.bjurr.prnfb.presentation.dto.NotificationDTO;
1413
import se.bjurr.prnfb.settings.PrnfbHeader;
1514
import se.bjurr.prnfb.settings.PrnfbNotification;
1615
import se.bjurr.prnfb.settings.ValidationException;
1716

17+
import com.atlassian.bitbucket.pull.PullRequestState;
18+
1819
public class NotificationTransformer {
1920

2021
public static NotificationDTO toNotificationDto(PrnfbNotification from) {
@@ -28,19 +29,19 @@ public static NotificationDTO toNotificationDto(PrnfbNotification from) {
2829
to.setMethod(from.getMethod());
2930
to.setName(from.getName());
3031
to.setHeaders(toHeaders(from.getHeaders()));
31-
to.setPassword(from.getPassword().orNull());
3232
to.setPostContent(from.getPostContent().orNull());
3333
to.setPostContentEncoding(from.getPostContentEncoding());
34-
to.setProxyPassword(from.getProxyPassword().orNull());
3534
to.setProxyPort(from.getProxyPort());
3635
to.setProxyServer(from.getProxyServer().orNull());
3736
to.setProxySchema(from.getProxySchema().orNull());
38-
to.setProxyUser(from.getProxyUser().orNull());
37+
to.setProxyUser(UNCHANGED);
38+
to.setProxyPassword(UNCHANGED);
3939
to.setTriggerIfCanMerge(from.getTriggerIfCanMerge());
4040
to.setTriggerIgnoreStateList(toPullRequestStateStrings(from.getTriggerIgnoreStateList()));
4141
to.setTriggers(toStrings(from.getTriggers()));
4242
to.setUrl(from.getUrl());
43-
to.setUser(from.getUser().orNull());
43+
to.setUser(UNCHANGED);
44+
to.setPassword(UNCHANGED);
4445
to.setUuid(from.getUuid());
4546
return to;
4647
}

src/main/java/se/bjurr/prnfb/transformer/SettingsTransformer.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
package se.bjurr.prnfb.transformer;
22

3+
import static se.bjurr.prnfb.settings.PrnfbSettings.UNCHANGED;
34
import static se.bjurr.prnfb.settings.PrnfbSettingsDataBuilder.prnfbSettingsDataBuilder;
45
import se.bjurr.prnfb.presentation.dto.SettingsDataDTO;
56
import se.bjurr.prnfb.settings.PrnfbSettingsData;
@@ -10,7 +11,7 @@ public static SettingsDataDTO toDto(PrnfbSettingsData settingsData) {
1011
SettingsDataDTO dto = new SettingsDataDTO();
1112
dto.setAdminRestriction(settingsData.getAdminRestriction());
1213
dto.setKeyStore(settingsData.getKeyStore().orNull());
13-
dto.setKeyStorePassword(settingsData.getKeyStorePassword().orNull());
14+
dto.setKeyStorePassword(UNCHANGED);
1415
dto.setKeyStoreType(settingsData.getKeyStoreType());
1516
dto.setShouldAcceptAnyCertificate(settingsData.isShouldAcceptAnyCertificate());
1617
return dto;

src/test/java/se/bjurr/prnfb/presentation/NotificationServletTest.java

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
import static org.mockito.Mockito.when;
99
import static org.mockito.MockitoAnnotations.initMocks;
1010
import static se.bjurr.prnfb.listener.PrnfbPullRequestAction.MERGED;
11+
import static se.bjurr.prnfb.settings.PrnfbSettings.UNCHANGED;
1112
import static se.bjurr.prnfb.test.Podam.populatedInstanceOf;
1213
import static se.bjurr.prnfb.transformer.NotificationTransformer.toPrnfbNotification;
1314

@@ -20,13 +21,13 @@
2021
import org.mockito.Mock;
2122
import org.mockito.Mockito;
2223

23-
import com.google.common.collect.Lists;
24-
2524
import se.bjurr.prnfb.presentation.dto.NotificationDTO;
2625
import se.bjurr.prnfb.service.SettingsService;
2726
import se.bjurr.prnfb.service.UserCheckService;
2827
import se.bjurr.prnfb.settings.PrnfbNotification;
2928

29+
import com.google.common.collect.Lists;
30+
3031
public class NotificationServletTest {
3132
private PrnfbNotification notification1;
3233
private PrnfbNotification notification2;
@@ -93,11 +94,19 @@ public void testNotificationCanBeRead() throws Exception {
9394
.thenReturn(storedSettings);
9495

9596
List<NotificationDTO> actual = (List<NotificationDTO>) this.sut.get().getEntity();
96-
97+
setUnchanged(notificationDto1);
98+
setUnchanged(notificationDto2);
9799
assertThat(actual) //
98100
.containsOnly(this.notificationDto1, this.notificationDto2);
99101
}
100102

103+
private void setUnchanged(NotificationDTO dto) {
104+
dto.setUser(UNCHANGED);
105+
dto.setPassword(UNCHANGED);
106+
dto.setProxyUser(UNCHANGED);
107+
dto.setProxyPassword(UNCHANGED);
108+
}
109+
101110
@Test
102111
public void testThatNotificationCanBeListedPerProject() throws Exception {
103112
List<PrnfbNotification> notifications = newArrayList(this.notification1);
@@ -110,6 +119,7 @@ public void testThatNotificationCanBeListedPerProject() throws Exception {
110119
@SuppressWarnings("unchecked")
111120
Iterable<NotificationDTO> actualList = (Iterable<NotificationDTO>) actual.getEntity();
112121

122+
setUnchanged(notificationDto1);
113123
assertThat(actualList) //
114124
.containsOnly(this.notificationDto1);
115125
}
@@ -131,6 +141,8 @@ public void testThatNotificationCanBeListedPerProjectAndRepo() throws Exception
131141
@SuppressWarnings("unchecked")
132142
Iterable<NotificationDTO> actualList = (Iterable<NotificationDTO>) actual.getEntity();
133143

144+
setUnchanged(notificationDto1);
145+
134146
assertThat(actualList) //
135147
.containsOnly(this.notificationDto1);
136148
}

0 commit comments

Comments
 (0)