Merge branch 'develop' into feature/user_converter

scm-webapp/src/test/java/sonia/scm/plugin/PluginInstallationVerifierTest.java

@@ -144,6 +144,17 @@ class PluginInstallationVerifierTest {
     PluginInstallationVerifier.verify(context, descriptor);
   }
 
+  @Test
+  @SuppressWarnings("squid:S2699") // we are happy if no exception is thrown
+  void shouldVerifyPluginWithSnapshotDependencies() {
+    matchConditions();
+
+    PluginInstallationContext context = mockInstallationOf(IID_PLUGIN, "1.0.0-SNAPSHOT");
+    mockDependingOf(IID_PLUGIN, "1.0.0-20201022.094711-15");
+
+    PluginInstallationVerifier.verify(context, descriptor);
+  }
+
   @Test
   @SuppressWarnings("squid:S2699") // we are happy if no exception is thrown
   void shouldVerifyPluginWithOptionalDependency() {

scm-webapp/src/test/java/sonia/scm/security/ApiKeyRealmTest.java

@@ -25,6 +25,7 @@
 package sonia.scm.security;
 
 import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.authc.UsernamePasswordToken;
 import org.apache.shiro.authz.AuthorizationException;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -105,6 +106,15 @@ class ApiKeyRealmTest {
     assertThat(supports).isFalse();
   }
 
+  @Test
+  void shouldIgnoreNonBase64Tokens() {
+    UsernamePasswordToken token = new UsernamePasswordToken("trillian", "My&SecretPassword");
+
+    boolean supports = realm.supports(token);
+
+    assertThat(supports).isFalse();
+  }
+
   void verifyScopeSet(String... permissions) {
     verify(authenticationInfoBuilder).withScope(argThat(scope -> {
       assertThat(scope).containsExactly(permissions);