fix review findings

scm-webapp/src/main/java/sonia/scm/api/v2/resources/AuthenticationRequestDto.java

@@ -32,8 +32,8 @@ import java.util.List;
 
 public class AuthenticationRequestDto {
 
-  @FormParam("grantType")
-  @JsonProperty("grantType")
+  @FormParam("grant_type")
+  @JsonProperty("grant_type")
   private String grantType;
 
   @FormParam("username")
@@ -69,7 +69,7 @@ public class AuthenticationRequestDto {
   }
 
   public boolean isValid() {
-    // password is currently the only valid grantType
+    // password is currently the only valid grant_type
     return "password".equals(grantType) && !Strings.isNullOrEmpty(username) && !Strings.isNullOrEmpty(password);
   }
 }

scm-webapp/src/main/java/sonia/scm/api/v2/resources/ConfigDto.java

@@ -46,6 +46,7 @@ public class ConfigDto extends HalRepresentation {
   private String realmDescription;
   private boolean disableGroupingGrid;
   private String dateFormat;
+  private boolean anonymousAccessEnabled;
   private AnonymousMode anonymousMode;
   private String baseUrl;
   private boolean forceBaseUrl;

scm-webapp/src/main/java/sonia/scm/api/v2/resources/ConfigDtoToScmConfigurationMapper.java

@@ -21,11 +21,14 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE.
  */
-    
+
 package sonia.scm.api.v2.resources;
 
+import org.mapstruct.AfterMapping;
 import org.mapstruct.Mapper;
+import org.mapstruct.MappingTarget;
 import sonia.scm.config.ScmConfiguration;
+import sonia.scm.security.AnonymousMode;
 
 // Mapstruct does not support parameterized (i.e. non-default) constructors. Thus, we need to use field injection.
 @SuppressWarnings("squid:S3306")
@@ -33,4 +36,15 @@ import sonia.scm.config.ScmConfiguration;
 public abstract class ConfigDtoToScmConfigurationMapper {
 
   public abstract ScmConfiguration map(ConfigDto dto);
+
+  @AfterMapping // Should map anonymous mode from old flag if not send explicit
+  void mapAnonymousMode(@MappingTarget ScmConfiguration config, ConfigDto configDto) {
+    if (configDto.getAnonymousMode() == null) {
+      if (configDto.isAnonymousAccessEnabled()) {
+        config.setAnonymousMode(AnonymousMode.PROTOCOL_ONLY);
+      } else {
+        config.setAnonymousMode(AnonymousMode.OFF);
+      }
+    }
+  }
 }

scm-webapp/src/main/java/sonia/scm/api/v2/resources/GroupCollectionResource.java

@@ -21,7 +21,7 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE.
  */
-    
+
 package sonia.scm.api.v2.resources;
 
 import io.swagger.v3.oas.annotations.Operation;
@@ -29,7 +29,6 @@ import io.swagger.v3.oas.annotations.headers.Header;
 import io.swagger.v3.oas.annotations.media.Content;
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
-import org.apache.shiro.SecurityUtils;
 import sonia.scm.group.Group;
 import sonia.scm.group.GroupManager;
 import sonia.scm.group.GroupPermissions;

scm-webapp/src/main/java/sonia/scm/api/v2/resources/IndexDtoGenerator.java

@@ -123,9 +123,17 @@ public class IndexDtoGenerator extends HalAppenderMapper {
   }
 
   private boolean shouldAppendSubjectRelatedLinks() {
-    return (SecurityUtils.getSubject().isAuthenticated()
-      && !Authentications.isAuthenticatedSubjectAnonymous())
-      || (Authentications.isAuthenticatedSubjectAnonymous()
-      && configuration.getAnonymousMode() == AnonymousMode.FULL);
+    return isAuthenticatedSubjectNotAnonymous()
+      || isAuthenticatedSubjectAllowedToBeAnonymous();
+  }
+
+  private boolean isAuthenticatedSubjectAllowedToBeAnonymous() {
+    return Authentications.isAuthenticatedSubjectAnonymous()
+      && configuration.getAnonymousMode() == AnonymousMode.FULL;
+  }
+
+  private boolean isAuthenticatedSubjectNotAnonymous() {
+    return SecurityUtils.getSubject().isAuthenticated()
+      && !Authentications.isAuthenticatedSubjectAnonymous();
   }
 }

scm-webapp/src/main/java/sonia/scm/api/v2/resources/MeDtoFactory.java

@@ -21,7 +21,7 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE.
  */
-    
+
 package sonia.scm.api.v2.resources;
 
 import de.otto.edison.hal.Embedded;
@@ -30,7 +30,6 @@ import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.subject.PrincipalCollection;
 import org.apache.shiro.subject.Subject;
 import sonia.scm.group.GroupCollector;
-import sonia.scm.security.Authentications;
 import sonia.scm.user.User;
 import sonia.scm.user.UserManager;
 import sonia.scm.user.UserPermissions;
@@ -83,16 +82,14 @@ public class MeDtoFactory extends HalAppenderMapper {
 
   private MeDto createDto(User user) {
     Links.Builder linksBuilder = linkingTo().self(resourceLinks.me().self());
-    if (isNotAnonymous(user)) {
-      if (UserPermissions.delete(user).isPermitted()) {
-        linksBuilder.single(link("delete", resourceLinks.me().delete(user.getName())));
-      }
-      if (UserPermissions.modify(user).isPermitted()) {
-        linksBuilder.single(link("update", resourceLinks.me().update(user.getName())));
-      }
-      if (userManager.isTypeDefault(user) && UserPermissions.changePassword(user).isPermitted()) {
-        linksBuilder.single(link("password", resourceLinks.me().passwordChange()));
-      }
+    if (UserPermissions.delete(user).isPermitted()) {
+      linksBuilder.single(link("delete", resourceLinks.me().delete(user.getName())));
+    }
+    if (UserPermissions.modify(user).isPermitted()) {
+      linksBuilder.single(link("update", resourceLinks.me().update(user.getName())));
+    }
+    if (userManager.isTypeDefault(user) && UserPermissions.changePassword(user).isPermitted()) {
+      linksBuilder.single(link("password", resourceLinks.me().passwordChange()));
     }
 
     Embedded.Builder embeddedBuilder = embeddedBuilder();
@@ -100,8 +97,4 @@ public class MeDtoFactory extends HalAppenderMapper {
 
     return new MeDto(linksBuilder.build(), embeddedBuilder.build());
   }
-
-  private boolean isNotAnonymous(User user) {
-    return !Authentications.isSubjectAnonymous(user.getName());
-  }
 }

scm-webapp/src/main/java/sonia/scm/api/v2/resources/ScmConfigurationToConfigDtoMapper.java

@@ -27,9 +27,12 @@ package sonia.scm.api.v2.resources;
 import de.otto.edison.hal.Links;
 import org.mapstruct.AfterMapping;
 import org.mapstruct.Mapper;
+import org.mapstruct.Mapping;
 import org.mapstruct.MappingTarget;
+import org.mapstruct.Named;
 import sonia.scm.config.ConfigurationPermissions;
 import sonia.scm.config.ScmConfiguration;
+import sonia.scm.security.AnonymousMode;
 
 import javax.inject.Inject;
 
@@ -44,6 +47,15 @@ public abstract class ScmConfigurationToConfigDtoMapper extends BaseMapper<ScmCo
   @Inject
   private ResourceLinks resourceLinks;
 
+  @Mapping(target = "anonymousAccessEnabled", source = "anonymousMode", qualifiedByName = "mapAnonymousAccess")
+  @Mapping(target = "attributes", ignore = true)
+  public abstract ConfigDto map(ScmConfiguration scmConfiguration);
+
+  @Named("mapAnonymousAccess")
+  boolean mapAnonymousAccess(AnonymousMode anonymousMode) {
+    return anonymousMode != AnonymousMode.OFF;
+  }
+
   @AfterMapping
   void appendLinks(ScmConfiguration config, @MappingTarget ConfigDto target) {
     Links.Builder linksBuilder = linkingTo().self(resourceLinks.config().self());

scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserCollectionResource.java

@@ -21,7 +21,7 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE.
  */
-    
+
 package sonia.scm.api.v2.resources;
 
 import io.swagger.v3.oas.annotations.Operation;
@@ -30,7 +30,6 @@ import io.swagger.v3.oas.annotations.media.Content;
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import org.apache.shiro.authc.credential.PasswordService;
-import sonia.scm.group.GroupPermissions;
 import sonia.scm.search.SearchRequest;
 import sonia.scm.search.SearchUtil;
 import sonia.scm.user.User;