Merge with develop branch

scm-webapp/src/test/java/sonia/scm/api/v2/resources/AuthenticationResourceTest.java

@@ -67,7 +67,7 @@ public class AuthenticationResourceTest {
   @Rule
   public ShiroRule shiro = new ShiroRule();
 
-  private RestDispatcher dispatcher = new RestDispatcher();
+  private final RestDispatcher dispatcher = new RestDispatcher();
 
   @Mock
   private AccessTokenBuilderFactory accessTokenBuilderFactory;
@@ -75,9 +75,9 @@ public class AuthenticationResourceTest {
   @Mock
   private AccessTokenBuilder accessTokenBuilder;
 
-  private AccessTokenCookieIssuer cookieIssuer = new DefaultAccessTokenCookieIssuer(mock(ScmConfiguration.class));
+  private final AccessTokenCookieIssuer cookieIssuer = new DefaultAccessTokenCookieIssuer(mock(ScmConfiguration.class));
 
-  private MockHttpResponse response = new MockHttpResponse();
+  private final MockHttpResponse response = new MockHttpResponse();
 
   private static final String AUTH_JSON_TRILLIAN = "{\n" +
     "\t\"cookie\": true,\n" +

scm-webapp/src/test/java/sonia/scm/api/v2/resources/ConfigDtoToScmConfigurationMapperTest.java

@@ -21,7 +21,7 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE.
  */
-    
+
 package sonia.scm.api.v2.resources;
 
 import org.junit.Before;
@@ -29,6 +29,7 @@ import org.junit.Test;
 import org.mockito.InjectMocks;
 import org.mockito.internal.util.collections.Sets;
 import sonia.scm.config.ScmConfiguration;
+import sonia.scm.security.AnonymousMode;
 
 import java.util.Arrays;
 
@@ -41,9 +42,9 @@ public class ConfigDtoToScmConfigurationMapperTest {
   @InjectMocks
   private ConfigDtoToScmConfigurationMapperImpl mapper;
 
-  private String[] expectedUsers = { "trillian", "arthur" };
-  private String[] expectedGroups = { "admin", "plebs" };
-  private String[] expectedExcludes = { "ex", "clude" };
+  private String[] expectedUsers = {"trillian", "arthur"};
+  private String[] expectedGroups = {"admin", "plebs"};
+  private String[] expectedExcludes = {"ex", "clude"};
 
   @Before
   public void init() {
@@ -55,27 +56,42 @@ public class ConfigDtoToScmConfigurationMapperTest {
     ConfigDto dto = createDefaultDto();
     ScmConfiguration config = mapper.map(dto);
 
-    assertEquals("prPw" , config.getProxyPassword());
-    assertEquals(42 , config.getProxyPort());
-    assertEquals("srvr" , config.getProxyServer());
-    assertEquals("user" , config.getProxyUser());
+    assertEquals("prPw", config.getProxyPassword());
+    assertEquals(42, config.getProxyPort());
+    assertEquals("srvr", config.getProxyServer());
+    assertEquals("user", config.getProxyUser());
     assertTrue(config.isEnableProxy());
-    assertEquals("realm" , config.getRealmDescription());
+    assertEquals("realm", config.getRealmDescription());
     assertTrue(config.isDisableGroupingGrid());
-    assertEquals("yyyy" , config.getDateFormat());
-    assertTrue(config.isAnonymousAccessEnabled());
-    assertEquals("baseurl" , config.getBaseUrl());
+    assertEquals("yyyy", config.getDateFormat());
+    assertEquals(AnonymousMode.PROTOCOL_ONLY, config.getAnonymousMode());
+    assertEquals("baseurl", config.getBaseUrl());
     assertTrue(config.isForceBaseUrl());
-    assertEquals(41 , config.getLoginAttemptLimit());
+    assertEquals(41, config.getLoginAttemptLimit());
     assertTrue("proxyExcludes", config.getProxyExcludes().containsAll(Arrays.asList(expectedExcludes)));
     assertTrue(config.isSkipFailedAuthenticators());
-    assertEquals("https://plug.ins" , config.getPluginUrl());
-    assertEquals(40 , config.getLoginAttemptLimitTimeout());
+    assertEquals("https://plug.ins", config.getPluginUrl());
+    assertEquals(40, config.getLoginAttemptLimitTimeout());
     assertTrue(config.isEnabledXsrfProtection());
     assertEquals("username", config.getNamespaceStrategy());
     assertEquals("https://scm-manager.org/login-info", config.getLoginInfoUrl());
   }
 
+  @Test
+  public void shouldMapAnonymousAccessFieldToAnonymousMode() {
+    ConfigDto dto = createDefaultDto();
+
+    ScmConfiguration config = mapper.map(dto);
+
+    assertEquals(AnonymousMode.PROTOCOL_ONLY, config.getAnonymousMode());
+
+    dto.setAnonymousMode(null);
+    dto.setAnonymousAccessEnabled(false);
+    ScmConfiguration config2 = mapper.map(dto);
+
+    assertEquals(AnonymousMode.OFF, config2.getAnonymousMode());
+  }
+
   private ConfigDto createDefaultDto() {
     ConfigDto configDto = new ConfigDto();
     configDto.setProxyPassword("prPw");
@@ -86,7 +102,7 @@ public class ConfigDtoToScmConfigurationMapperTest {
     configDto.setRealmDescription("realm");
     configDto.setDisableGroupingGrid(true);
     configDto.setDateFormat("yyyy");
-    configDto.setAnonymousAccessEnabled(true);
+    configDto.setAnonymousMode(AnonymousMode.PROTOCOL_ONLY);
     configDto.setBaseUrl("baseurl");
     configDto.setForceBaseUrl(true);
     configDto.setLoginAttemptLimit(41);

scm-webapp/src/test/java/sonia/scm/api/v2/resources/IndexDtoGeneratorTest.java

@@ -0,0 +1,137 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2020-present Cloudogu GmbH and Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package sonia.scm.api.v2.resources;
+
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.util.ThreadContext;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import sonia.scm.BasicContextProvider;
+import sonia.scm.config.ScmConfiguration;
+import sonia.scm.security.AnonymousMode;
+
+import java.net.URI;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.when;
+import static sonia.scm.SCMContext.USER_ANONYMOUS;
+
+@ExtendWith(MockitoExtension.class)
+class IndexDtoGeneratorTest {
+
+  private static final ScmPathInfo scmPathInfo = () -> URI.create("/api/v2");
+
+  @Mock
+  private ScmConfiguration configuration;
+  @Mock
+  private BasicContextProvider contextProvider;
+  @Mock
+  private ResourceLinks resourceLinks;
+
+  @Mock
+  private Subject subject;
+
+  @InjectMocks
+  private IndexDtoGenerator generator;
+
+  @BeforeEach
+  void bindSubject() {
+    ThreadContext.bind(subject);
+  }
+
+  @AfterEach
+  void tearDownSubject() {
+    ThreadContext.unbindSubject();
+  }
+
+  @Test
+  void shouldAppendMeIfAuthenticated() {
+    mockSubjectRelatedResourceLinks();
+    when(subject.isAuthenticated()).thenReturn(true);
+
+    when(contextProvider.getVersion()).thenReturn("2.x");
+
+    IndexDto dto = generator.generate();
+
+    assertThat(dto.getLinks().getLinkBy("me")).isPresent();
+  }
+
+  @Test
+  void shouldNotAppendMeIfUserIsAuthenticatedButAnonymous() {
+    mockResourceLinks();
+    when(subject.getPrincipal()).thenReturn(USER_ANONYMOUS);
+    when(subject.isAuthenticated()).thenReturn(true);
+
+    IndexDto dto = generator.generate();
+
+    assertThat(dto.getLinks().getLinkBy("me")).isNotPresent();
+  }
+
+  @Test
+  void shouldAppendMeIfUserIsAnonymousAndAnonymousModeIsFullEnabled() {
+    mockSubjectRelatedResourceLinks();
+    when(subject.getPrincipal()).thenReturn(USER_ANONYMOUS);
+    when(subject.isAuthenticated()).thenReturn(true);
+    when(configuration.getAnonymousMode()).thenReturn(AnonymousMode.FULL);
+
+    IndexDto dto = generator.generate();
+
+    assertThat(dto.getLinks().getLinkBy("me")).isPresent();
+  }
+
+  @Test
+  void shouldNotAppendMeIfUserIsAnonymousAndAnonymousModeIsProtocolOnly() {
+    mockResourceLinks();
+    when(subject.getPrincipal()).thenReturn(USER_ANONYMOUS);
+    when(subject.isAuthenticated()).thenReturn(true);
+    when(configuration.getAnonymousMode()).thenReturn(AnonymousMode.PROTOCOL_ONLY);
+
+    IndexDto dto = generator.generate();
+
+    assertThat(dto.getLinks().getLinkBy("me")).isNotPresent();
+  }
+
+
+  private void mockResourceLinks() {
+    when(resourceLinks.index()).thenReturn(new ResourceLinks.IndexLinks(scmPathInfo));
+    when(resourceLinks.uiPluginCollection()).thenReturn(new ResourceLinks.UIPluginCollectionLinks(scmPathInfo));
+    when(resourceLinks.authentication()).thenReturn(new ResourceLinks.AuthenticationLinks(scmPathInfo));
+  }
+
+  private void mockSubjectRelatedResourceLinks() {
+    mockResourceLinks();
+    when(resourceLinks.repositoryCollection()).thenReturn(new ResourceLinks.RepositoryCollectionLinks(scmPathInfo));
+    when(resourceLinks.repositoryVerbs()).thenReturn(new ResourceLinks.RepositoryVerbLinks(scmPathInfo));
+    when(resourceLinks.repositoryTypeCollection()).thenReturn(new ResourceLinks.RepositoryTypeCollectionLinks(scmPathInfo));
+    when(resourceLinks.repositoryRoleCollection()).thenReturn(new ResourceLinks.RepositoryRoleCollectionLinks(scmPathInfo));
+    when(resourceLinks.namespaceStrategies()).thenReturn(new ResourceLinks.NamespaceStrategiesLinks(scmPathInfo));
+    when(resourceLinks.me()).thenReturn(new ResourceLinks.MeLinks(scmPathInfo, new ResourceLinks.UserLinks(scmPathInfo)));
+  }
+}

scm-webapp/src/test/java/sonia/scm/api/v2/resources/MeDtoFactoryTest.java

@@ -187,15 +187,15 @@ class MeDtoFactoryTest {
   }
 
   @Test
-  void shouldNotGetPasswordLinkForAnonymousUser() {
+  void shouldAppendOnlySelfLinkIfAnonymousUser() {
     User user = SCMContext.ANONYMOUS;
     prepareSubject(user);
 
-    when(userManager.isTypeDefault(any())).thenReturn(true);
-    when(UserPermissions.changePassword(user).isPermitted()).thenReturn(true);
-
     MeDto dto = meDtoFactory.create();
+    assertThat(dto.getLinks().getLinkBy("self")).isPresent();
     assertThat(dto.getLinks().getLinkBy("password")).isNotPresent();
+    assertThat(dto.getLinks().getLinkBy("delete")).isNotPresent();
+    assertThat(dto.getLinks().getLinkBy("update")).isNotPresent();
   }
 
   @Test
@@ -235,6 +235,4 @@ class MeDtoFactoryTest {
     MeDto dto = meDtoFactory.create();
     assertThat(dto.getLinks().getLinkBy("profile").get().getHref()).isEqualTo("http://hitchhiker.com/users/trillian");
   }
-
-
 }

scm-webapp/src/test/java/sonia/scm/api/v2/resources/ScmConfigurationToConfigDtoMapperTest.java

@@ -21,7 +21,7 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE.
  */
-    
+
 package sonia.scm.api.v2.resources;
 
 import org.apache.shiro.subject.Subject;
@@ -34,12 +34,14 @@ import org.junit.Test;
 import org.mockito.InjectMocks;
 import org.mockito.internal.util.collections.Sets;
 import sonia.scm.config.ScmConfiguration;
+import sonia.scm.security.AnonymousMode;
 
 import java.net.URI;
 import java.util.Arrays;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
@@ -47,11 +49,11 @@ import static org.mockito.MockitoAnnotations.initMocks;
 
 public class ScmConfigurationToConfigDtoMapperTest {
 
-  private URI baseUri =  URI.create("http://example.com/base/");
+  private URI baseUri = URI.create("http://example.com/base/");
 
-  private String[] expectedUsers = { "trillian", "arthur" };
-  private String[] expectedGroups = { "admin", "plebs" };
-  private String[] expectedExcludes = { "ex", "clude" };
+  private String[] expectedUsers = {"trillian", "arthur"};
+  private String[] expectedGroups = {"admin", "plebs"};
+  private String[] expectedExcludes = {"ex", "clude"};
 
   @SuppressWarnings("unused") // Is injected
   private ResourceLinks resourceLinks = ResourceLinksMock.createMock(baseUri);
@@ -85,22 +87,22 @@ public class ScmConfigurationToConfigDtoMapperTest {
     when(subject.isPermitted("configuration:write:global")).thenReturn(true);
     ConfigDto dto = mapper.map(config);
 
-    assertEquals("heartOfGold" , dto.getProxyPassword());
-    assertEquals(1234 , dto.getProxyPort());
-    assertEquals("proxyserver" , dto.getProxyServer());
-    assertEquals("trillian" , dto.getProxyUser());
+    assertEquals("heartOfGold", dto.getProxyPassword());
+    assertEquals(1234, dto.getProxyPort());
+    assertEquals("proxyserver", dto.getProxyServer());
+    assertEquals("trillian", dto.getProxyUser());
     assertTrue(dto.isEnableProxy());
-    assertEquals("description" , dto.getRealmDescription());
+    assertEquals("description", dto.getRealmDescription());
     assertTrue(dto.isDisableGroupingGrid());
-    assertEquals("dd" , dto.getDateFormat());
-    assertTrue(dto.isAnonymousAccessEnabled());
-    assertEquals("baseurl" , dto.getBaseUrl());
+    assertEquals("dd", dto.getDateFormat());
+    assertSame(AnonymousMode.FULL, dto.getAnonymousMode());
+    assertEquals("baseurl", dto.getBaseUrl());
     assertTrue(dto.isForceBaseUrl());
-    assertEquals(1 , dto.getLoginAttemptLimit());
+    assertEquals(1, dto.getLoginAttemptLimit());
     assertTrue("proxyExcludes", dto.getProxyExcludes().containsAll(Arrays.asList(expectedExcludes)));
     assertTrue(dto.isSkipFailedAuthenticators());
-    assertEquals("pluginurl" , dto.getPluginUrl());
-    assertEquals(2 , dto.getLoginAttemptLimitTimeout());
+    assertEquals("pluginurl", dto.getPluginUrl());
+    assertEquals(2, dto.getLoginAttemptLimitTimeout());
     assertTrue(dto.isEnabledXsrfProtection());
     assertEquals("username", dto.getNamespaceStrategy());
     assertEquals("https://scm-manager.org/login-info", dto.getLoginInfoUrl());
@@ -121,6 +123,21 @@ public class ScmConfigurationToConfigDtoMapperTest {
     assertFalse(dto.getLinks().hasLink("update"));
   }
 
+  @Test
+  public void shouldMapAnonymousAccessField() {
+    ScmConfiguration config = createConfiguration();
+
+    when(subject.hasRole("configuration:write:global")).thenReturn(false);
+    ConfigDto dto = mapper.map(config);
+
+    assertTrue(dto.isAnonymousAccessEnabled());
+
+    config.setAnonymousMode(AnonymousMode.OFF);
+    ConfigDto secondDto = mapper.map(config);
+
+    assertFalse(secondDto.isAnonymousAccessEnabled());
+  }
+
   private ScmConfiguration createConfiguration() {
     ScmConfiguration config = new ScmConfiguration();
     config.setProxyPassword("heartOfGold");
@@ -131,7 +148,7 @@ public class ScmConfigurationToConfigDtoMapperTest {
     config.setRealmDescription("description");
     config.setDisableGroupingGrid(true);
     config.setDateFormat("dd");
-    config.setAnonymousAccessEnabled(true);
+    config.setAnonymousMode(AnonymousMode.FULL);
     config.setBaseUrl("baseurl");
     config.setForceBaseUrl(true);
     config.setLoginAttemptLimit(1);

scm-webapp/src/test/java/sonia/scm/filter/PropagatePrincipleFilterTest.java

@@ -38,6 +38,7 @@ import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 import sonia.scm.SCMContext;
 import sonia.scm.config.ScmConfiguration;
+import sonia.scm.security.AnonymousMode;
 import sonia.scm.user.User;
 import sonia.scm.user.UserTestData;
 
@@ -110,7 +111,7 @@ public class PropagatePrincipleFilterTest {
    */
   @Test
   public void testAnonymousWithAccessEnabled() throws IOException, ServletException {
-    configuration.setAnonymousAccessEnabled(true);
+    configuration.setAnonymousMode(AnonymousMode.FULL);
     
     // execute
     propagatePrincipleFilter.doFilter(request, response, chain);

scm-webapp/src/test/java/sonia/scm/lifecycle/SetupContextListenerTest.java

@@ -37,6 +37,7 @@ import org.mockito.junit.jupiter.MockitoSettings;
 import org.mockito.quality.Strictness;
 import sonia.scm.SCMContext;
 import sonia.scm.config.ScmConfiguration;
+import sonia.scm.security.AnonymousMode;
 import sonia.scm.security.PermissionAssigner;
 import sonia.scm.security.PermissionDescriptor;
 import sonia.scm.user.User;
@@ -82,7 +83,7 @@ class SetupContextListenerTest {
 
   @BeforeEach
   void mockScmConfiguration() {
-    when(scmConfiguration.isAnonymousAccessEnabled()).thenReturn(false);
+    when(scmConfiguration.getAnonymousMode()).thenReturn(AnonymousMode.OFF);
   }
 
   @BeforeEach
@@ -145,7 +146,7 @@ class SetupContextListenerTest {
   void shouldCreateAnonymousUserIfRequired() {
     List<User> users = Lists.newArrayList(UserTestData.createTrillian());
     when(userManager.getAll()).thenReturn(users);
-    when(scmConfiguration.isAnonymousAccessEnabled()).thenReturn(true);
+    when(scmConfiguration.getAnonymousMode()).thenReturn(AnonymousMode.FULL);
 
     setupContextListener.contextInitialized(null);
 
@@ -166,7 +167,7 @@ class SetupContextListenerTest {
   void shouldNotCreateAnonymousUserIfAlreadyExists() {
     List<User> users = Lists.newArrayList(SCMContext.ANONYMOUS);
     when(userManager.getAll()).thenReturn(users);
-    when(scmConfiguration.isAnonymousAccessEnabled()).thenReturn(true);
+    when(scmConfiguration.getAnonymousMode()).thenReturn(AnonymousMode.FULL);
 
     setupContextListener.contextInitialized(null);
 

scm-webapp/src/test/java/sonia/scm/security/BearerRealmTest.java

@@ -21,7 +21,7 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE.
  */
-    
+
 package sonia.scm.security;
 
 import org.apache.shiro.authc.AuthenticationInfo;

scm-webapp/src/test/java/sonia/scm/security/JwtAccessTokenResolverTest.java

@@ -130,7 +130,7 @@ public class JwtAccessTokenResolverTest {
     String compact = createCompactToken("trillian", secureKey, exp, Scope.empty());
     
     // expect exception
-    expectedException.expect(AuthenticationException.class);
+    expectedException.expect(TokenExpiredException.class);
     expectedException.expectCause(instanceOf(ExpiredJwtException.class));
     
     BearerToken bearer = BearerToken.valueOf(compact);

scm-webapp/src/test/java/sonia/scm/update/repository/AnonymousModeUpdateStepTest.java

@@ -0,0 +1,104 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2020-present Cloudogu GmbH and Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package sonia.scm.update.repository;
+
+import com.google.common.io.Resources;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.jupiter.api.io.TempDir;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import sonia.scm.SCMContextProvider;
+import sonia.scm.config.ScmConfiguration;
+import sonia.scm.security.AnonymousMode;
+import sonia.scm.store.ConfigurationStore;
+import sonia.scm.store.InMemoryConfigurationStoreFactory;
+
+import javax.xml.bind.JAXBException;
+import java.io.IOException;
+import java.net.URL;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.when;
+import static sonia.scm.store.InMemoryConfigurationStoreFactory.create;
+
+@ExtendWith(MockitoExtension.class)
+class AnonymousModeUpdateStepTest {
+
+  @Mock
+  private SCMContextProvider contextProvider;
+
+  private AnonymousModeUpdateStep updateStep;
+  private ConfigurationStore<ScmConfiguration> configurationStore;
+
+  private Path configDir;
+
+  @BeforeEach
+  void initUpdateStep(@TempDir Path tempDir) throws IOException {
+    when(contextProvider.resolve(any(Path.class))).thenReturn(tempDir.toAbsolutePath());
+    configDir = tempDir;
+    Files.createDirectories(configDir);
+    InMemoryConfigurationStoreFactory inMemoryConfigurationStoreFactory = create();
+    configurationStore = inMemoryConfigurationStoreFactory.get("config", null);
+    updateStep = new AnonymousModeUpdateStep(contextProvider, inMemoryConfigurationStoreFactory);
+  }
+
+  @Test
+  void shouldNotUpdateIfConfigFileNotAvailable() throws JAXBException {
+    updateStep.doUpdate();
+
+    assertThat(configurationStore.getOptional()).isNotPresent();
+  }
+
+  @Test
+  void shouldUpdateDisabledAnonymousMode() throws JAXBException, IOException {
+    copyTestDatabaseFile(configDir, "config.xml", "config.xml");
+    configurationStore.set(new ScmConfiguration());
+
+    updateStep.doUpdate();
+
+    assertThat((configurationStore.get()).getAnonymousMode()).isEqualTo(AnonymousMode.OFF);
+  }
+
+  @Test
+  void shouldUpdateEnabledAnonymousMode() throws JAXBException, IOException {
+    copyTestDatabaseFile(configDir, "config-withAnon.xml", "config.xml");
+    configurationStore.set(new ScmConfiguration());
+
+    updateStep.doUpdate();
+
+    assertThat((configurationStore.get()).getAnonymousMode()).isEqualTo(AnonymousMode.PROTOCOL_ONLY);
+  }
+
+  private void copyTestDatabaseFile(Path configDir, String sourceFileName, String targetFileName) throws IOException {
+    URL url = Resources.getResource("sonia/scm/update/security/" + sourceFileName);
+    Files.copy(url.openStream(), configDir.resolve(targetFileName));
+  }
+}

scm-webapp/src/test/java/sonia/scm/user/AnonymousUserDeletionEventHandlerTest.java

@@ -29,6 +29,7 @@ import org.junit.jupiter.api.Test;
 import sonia.scm.HandlerEventType;
 import sonia.scm.SCMContext;
 import sonia.scm.config.ScmConfiguration;
+import sonia.scm.security.AnonymousMode;
 
 import static org.junit.jupiter.api.Assertions.assertThrows;
 
@@ -45,7 +46,7 @@ class AnonymousUserDeletionEventHandlerTest {
 
   @Test
   void shouldThrowAnonymousUserDeletionExceptionIfAnonymousAccessIsEnabled() {
-    scmConfiguration.setAnonymousAccessEnabled(true);
+    scmConfiguration.setAnonymousMode(AnonymousMode.FULL);
 
     hook = new AnonymousUserDeletionEventHandler(scmConfiguration);
     UserEvent deletionEvent = new UserEvent(HandlerEventType.BEFORE_DELETE, SCMContext.ANONYMOUS);
@@ -55,7 +56,7 @@ class AnonymousUserDeletionEventHandlerTest {
 
   @Test
   void shouldNotThrowAnonymousUserDeletionException() {
-    scmConfiguration.setAnonymousAccessEnabled(false);
+    scmConfiguration.setAnonymousMode(AnonymousMode.OFF);
 
     hook = new AnonymousUserDeletionEventHandler(scmConfiguration);
     UserEvent deletionEvent = new UserEvent(HandlerEventType.BEFORE_DELETE,  SCMContext.ANONYMOUS);