Skip to content

Commit

Permalink
Merge pull request #4202 from nscuro/fix-redundant-configproperty-que…
Browse files Browse the repository at this point in the history
…ries

Fix redundant `ConfigProperty` queries in `BadgeResource`
  • Loading branch information
nscuro authored Oct 1, 2024
2 parents 56d9deb + c85bf47 commit 62fd1e4
Showing 1 changed file with 16 additions and 20 deletions.
36 changes: 16 additions & 20 deletions src/main/java/org/dependencytrack/resources/v1/BadgeResource.java
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,7 @@
package org.dependencytrack.resources.v1;

import alpine.common.logging.Logger;
import alpine.common.util.BooleanUtil;
import alpine.model.ApiKey;
import alpine.model.ConfigProperty;
import alpine.model.UserPrincipal;
import alpine.model.LdapUser;
import alpine.model.ManagedUser;
Expand Down Expand Up @@ -80,12 +78,6 @@ public class BadgeResource extends AlpineResource {

private final Logger LOGGER = Logger.getLogger(AuthenticationFilter.class);

private boolean isUnauthenticatedBadgeAccessEnabled(final QueryManager qm) {
ConfigProperty property = qm.getConfigProperty(
GENERAL_BADGE_ENABLED.getGroupName(), GENERAL_BADGE_ENABLED.getPropertyName());
return BooleanUtil.valueOf(property.getPropertyValue());
}

// Stand-in methods for alpine.server.filters.AuthenticationFilter and
// alpine.server.filters.AuthorizationFilter to allow enabling and disabling of
// unauthenticated access to the badges API during runtime, used solely to offer
Expand Down Expand Up @@ -191,15 +183,16 @@ public Response getProjectVulnerabilitiesBadge(
@Parameter(description = "The UUID of the project to retrieve metrics for", schema = @Schema(type = "string", format = "uuid"), required = true)
@PathParam("uuid") @ValidUuid String uuid) {
try (QueryManager qm = new QueryManager()) {
if (!isUnauthenticatedBadgeAccessEnabled(qm) && !passesAuthentication()) {
final boolean shouldBypassAuth = qm.isEnabled(GENERAL_BADGE_ENABLED);
if (!shouldBypassAuth && !passesAuthentication()) {
return Response.status(Response.Status.UNAUTHORIZED).build();
}
if (!isUnauthenticatedBadgeAccessEnabled(qm) && !passesAuthorization(qm)) {
if (!shouldBypassAuth && !passesAuthorization(qm)) {
return Response.status(Response.Status.FORBIDDEN).build();
}
final Project project = qm.getObjectByUuid(Project.class, uuid);
if (project != null) {
if (!isUnauthenticatedBadgeAccessEnabled(qm) && !qm.hasAccess(super.getPrincipal(), project)) {
if (!shouldBypassAuth && !qm.hasAccess(super.getPrincipal(), project)) {
return Response.status(Response.Status.FORBIDDEN).entity("Access to the specified project is forbidden").build();
}
final ProjectMetrics metrics = qm.getMostRecentProjectMetrics(project);
Expand Down Expand Up @@ -235,15 +228,16 @@ public Response getProjectVulnerabilitiesBadge(
@Parameter(description = "The version of the project to query on", required = true)
@PathParam("version") String version) {
try (QueryManager qm = new QueryManager()) {
if (!isUnauthenticatedBadgeAccessEnabled(qm) && !passesAuthentication()) {
final boolean shouldBypassAuth = qm.isEnabled(GENERAL_BADGE_ENABLED);
if (!shouldBypassAuth && !passesAuthentication()) {
return Response.status(Response.Status.UNAUTHORIZED).build();
}
if (!isUnauthenticatedBadgeAccessEnabled(qm) && !passesAuthorization(qm)) {
if (!shouldBypassAuth && !passesAuthorization(qm)) {
return Response.status(Response.Status.FORBIDDEN).build();
}
final Project project = qm.getProject(name, version);
if (project != null) {
if (!isUnauthenticatedBadgeAccessEnabled(qm) && !qm.hasAccess(super.getPrincipal(), project)) {
if (!shouldBypassAuth && !qm.hasAccess(super.getPrincipal(), project)) {
return Response.status(Response.Status.FORBIDDEN).entity("Access to the specified project is forbidden").build();
}
final ProjectMetrics metrics = qm.getMostRecentProjectMetrics(project);
Expand Down Expand Up @@ -277,15 +271,16 @@ public Response getProjectPolicyViolationsBadge(
@Parameter(description = "The UUID of the project to retrieve a badge for", schema = @Schema(type = "string", format = "uuid"), required = true)
@PathParam("uuid") @ValidUuid String uuid) {
try (QueryManager qm = new QueryManager()) {
if (!isUnauthenticatedBadgeAccessEnabled(qm) && !passesAuthentication()) {
final boolean shouldBypassAuth = qm.isEnabled(GENERAL_BADGE_ENABLED);
if (!shouldBypassAuth && !passesAuthentication()) {
return Response.status(Response.Status.UNAUTHORIZED).build();
}
if (!isUnauthenticatedBadgeAccessEnabled(qm) && !passesAuthorization(qm)) {
if (!shouldBypassAuth && !passesAuthorization(qm)) {
return Response.status(Response.Status.FORBIDDEN).build();
}
final Project project = qm.getObjectByUuid(Project.class, uuid);
if (project != null) {
if (!isUnauthenticatedBadgeAccessEnabled(qm) && !qm.hasAccess(super.getPrincipal(), project)) {
if (!shouldBypassAuth && !qm.hasAccess(super.getPrincipal(), project)) {
return Response.status(Response.Status.FORBIDDEN).entity("Access to the specified project is forbidden").build();
}
final ProjectMetrics metrics = qm.getMostRecentProjectMetrics(project);
Expand Down Expand Up @@ -321,15 +316,16 @@ public Response getProjectPolicyViolationsBadge(
@Parameter(description = "The version of the project to query on", required = true)
@PathParam("version") String version) {
try (QueryManager qm = new QueryManager()) {
if (!isUnauthenticatedBadgeAccessEnabled(qm) && !passesAuthentication()) {
final boolean shouldBypassAuth = qm.isEnabled(GENERAL_BADGE_ENABLED);
if (!shouldBypassAuth && !passesAuthentication()) {
return Response.status(Response.Status.UNAUTHORIZED).build();
}
if (!isUnauthenticatedBadgeAccessEnabled(qm) && !passesAuthorization(qm)) {
if (!shouldBypassAuth && !passesAuthorization(qm)) {
return Response.status(Response.Status.FORBIDDEN).build();
}
final Project project = qm.getProject(name, version);
if (project != null) {
if (!isUnauthenticatedBadgeAccessEnabled(qm) && !qm.hasAccess(super.getPrincipal(), project)) {
if (!shouldBypassAuth && !qm.hasAccess(super.getPrincipal(), project)) {
return Response.status(Response.Status.FORBIDDEN).entity("Access to the specified project is forbidden").build();
}
final ProjectMetrics metrics = qm.getMostRecentProjectMetrics(project);
Expand Down

0 comments on commit 62fd1e4

Please sign in to comment.