SonarLint connected mode with Token authentication

ankurja · March 13, 2020, 10:33pm

SonarQube v7.9.1 LTS
SonarLint v4.1.0

I have a question related to SonarLint connected mode.
Once the connection and bindings have been established successfully, does SonarLint ever go to SonarQube Server ? If yes, when ? Does it go everytime I do a right click on a file in eclipse and do ‘Analyze’ ?

Background:
I am testing Token authentication method. The connection and bindings works fine but problem is that Token continues to work even after the user has been removed from Active Directory. Login through SonarQube UI does not work for that removed user but the generated token continues to work.

Why is this so ? What is the way to ensure that the token for removed user is no more valid and does not work through SonarLint ?

julienlancelot · March 19, 2020, 3:52pm

Hi @ankurja,

When a user is removed from Active Directory, there’s no way for SonarQube to detect this removal. The user should also manually be removed from SonarQube.

Regards

ankurja · March 23, 2020, 5:35pm

Thanks @julienlancelot. Is there a way to script the removal of such users from SonarQube, may be by accessing SonarQube DB directly or by using SonarQube Web API ? Is it recommended to automate this or should it be kept manual ?

julienlancelot · March 24, 2020, 8:31am

You can use the web service api/users/deactivate, and you can do it when you want, either automatically, or manually, it’s up to you.