Added system/ping endpoint to the list of apis accesible outside localhost (#4399)

fixes #4397

Signed-off-by: Gino Augustine <ginoaugustine@gmail.com>

Author: ginoaugustine

apiary.apib

@@ -4,7 +4,7 @@ HIFORMAT: 1A
 
 OpenGrok RESTful API documentation. The following endpoints are accessible under `/api/v1` with the exception of `/metrics`.
 
-Besides `/suggester`, `/search` and `/metrics` endpoints, everything is accessible from `localhost` only
+Besides `/suggester`, `/search`, `/system/ping` and `/metrics` endpoints, everything is accessible from `localhost` only
 unless authentication bearer tokens are configured in the web application and used via the 'Authorization' HTTP header
 (within HTTPS connection).
 

opengrok-web/src/main/java/org/opengrok/web/api/v1/controller/SystemController.java

@@ -47,9 +47,11 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
-@Path("/system")
+@Path(SystemController.PATH)
 public class SystemController {
 
+    public static final String PATH = "system";
+
     private final RuntimeEnvironment env = RuntimeEnvironment.getInstance();
 
     private static final Logger LOGGER = LoggerFactory.getLogger(SystemController.class);

opengrok-web/src/main/java/org/opengrok/web/api/v1/filter/IncomingFilter.java

@@ -39,6 +39,7 @@
 import org.opengrok.web.api.v1.controller.HistoryController;
 import org.opengrok.web.api.v1.controller.SearchController;
 import org.opengrok.web.api.v1.controller.SuggesterController;
+import org.opengrok.web.api.v1.controller.SystemController;
 
 import java.io.IOException;
 import java.net.InetAddress;
@@ -70,7 +71,8 @@ public class IncomingFilter implements ContainerRequestFilter, ConfigurationChan
      */
     private static final Set<String> allowedPaths = new HashSet<>(Arrays.asList(
             SearchController.PATH, SuggesterController.PATH, SuggesterController.PATH + "/config",
-            HistoryController.PATH, FileController.PATH, AnnotationController.PATH));
+            HistoryController.PATH, FileController.PATH, AnnotationController.PATH,
+            SystemController.PATH + "/ping"));
 
     @Context
     private HttpServletRequest request;
@@ -136,7 +138,7 @@ public void filter(final ContainerRequestContext context) {
         }
 
         if (allowedPaths.contains(path)) {
-            LOGGER.log(Level.FINEST, "allowing request to {0} based on whitelisted path", path);
+            LOGGER.log(Level.FINEST, "allowing request to {0} based on allow listed path", path);
             return;
         }
 

opengrok-web/src/test/java/org/opengrok/web/api/v1/filter/IncomingFilterTest.java

@@ -198,13 +198,13 @@ private ContainerRequestContext mockContainerRequestContext(final String path) {
 
     @Test
     public void localhostTest() throws Exception {
-        assertFilterDoesNotBlockAddress("127.0.0.1");
+        assertFilterDoesNotBlockAddress("127.0.0.1", "test");
     }
 
-    private void assertFilterDoesNotBlockAddress(final String remoteAddr) throws Exception {
+    private void assertFilterDoesNotBlockAddress(final String remoteAddr, final String url) throws Exception {
         IncomingFilter filter = mockWithRemoteAddress(remoteAddr);
 
-        ContainerRequestContext context = mockContainerRequestContext("test");
+        ContainerRequestContext context = mockContainerRequestContext(url);
 
         ArgumentCaptor<Response> captor = ArgumentCaptor.forClass(Response.class);
 
@@ -215,19 +215,32 @@ private void assertFilterDoesNotBlockAddress(final String remoteAddr) throws Exc
 
     @Test
     public void localhostIPv6Test() throws Exception {
-        assertFilterDoesNotBlockAddress("0:0:0:0:0:0:0:1");
+        assertFilterDoesNotBlockAddress("0:0:0:0:0:0:0:1", "test");
     }
 
     @Test
     public void searchTest() throws Exception {
-        IncomingFilter filter = mockWithRemoteAddress("10.0.0.1");
+        assertFilterDoesNotBlockAddress("10.0.0.1", "search");
+    }
 
-        ContainerRequestContext context = mockContainerRequestContext("search");
+    @Test
+    public void systemPingRemoteWithoutTokenTest() throws Exception {
+        assertFilterDoesNotBlockAddress("10.0.0.1", "system/ping");
+    }
+
+    @Test
+    public void systemPathDescWithoutTokenTest() throws Exception {
+
+        IncomingFilter filter = mockWithRemoteAddress("192.168.1.1");
+
+        ContainerRequestContext context = mockContainerRequestContext("system/pathdesc");
 
         ArgumentCaptor<Response> captor = ArgumentCaptor.forClass(Response.class);
 
         filter.filter(context);
 
-        verify(context, never()).abortWith(captor.capture());
+        verify(context).abortWith(captor.capture());
+
+        assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), captor.getValue().getStatus());
     }
 }