p85947160
/
Gitee-Jenkins-Plugin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #1 from mreichel/bugfixSecureDefaults 

#427 Plugin should have secure defaults
This commit is contained in:
milena 2017-06-20 11:03:12 +02:00 committed by GitHub
parent ddf7c3e02e 34c3642f61
commit a8c40ff4ec
3 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/main/java/com/dabsquared/gitlabjenkins/connection/GitLabConnectionConfig.java
View File

@ -35,7 +35,7 @@ import java.util.Map;
@Extension
public class GitLabConnectionConfig extends GlobalConfiguration {
private boolean useAuthenticatedEndpoint;
private Boolean useAuthenticatedEndpoint = true;
private List<GitLabConnection> connections = new ArrayList<>();
private transient Map<String, GitLabConnection> connectionMap = new HashMap<>();
private transient Map<String, GitLabApi> clients = new HashMap<>();
@ -55,11 +55,11 @@ public class GitLabConnectionConfig extends GlobalConfiguration {
return super.configure(req, json);
}
public boolean isUseAuthenticatedEndpoint() {
public Boolean getUseAuthenticatedEndpoint() {
return useAuthenticatedEndpoint;
}
void setUseAuthenticatedEndpoint(boolean useAuthenticatedEndpoint) {
void setUseAuthenticatedEndpoint(Boolean useAuthenticatedEndpoint) {
this.useAuthenticatedEndpoint = useAuthenticatedEndpoint;
}
@ -176,4 +176,11 @@ public class GitLabConnectionConfig extends GlobalConfiguration {
}
}
}
//For backwards compatibility. ReadResolve is called on startup
protected GitLabConnectionConfig readResolve() {
if (useAuthenticatedEndpoint == null) {
setUseAuthenticatedEndpoint(false);
}
return this;
}
}

2
src/main/java/com/dabsquared/gitlabjenkins/webhook/build/BuildWebHookAction.java
View File

@ -56,7 +56,7 @@ abstract class BuildWebHookAction implements WebHookAction {
}
private void checkPermission(Permission permission) {
if (((GitLabConnectionConfig) Jenkins.getInstance().getDescriptor(GitLabConnectionConfig.class)).isUseAuthenticatedEndpoint()) {
if (((GitLabConnectionConfig) Jenkins.getInstance().getDescriptor(GitLabConnectionConfig.class)).getUseAuthenticatedEndpoint()) {
if (!Jenkins.getActiveInstance().getACL().hasPermission(authentication, permission)) {
String message = Messages.AccessDeniedException2_MissingPermission(authentication.getName(), permission.group.title+"/"+permission.name);
LOGGER.finest("Unauthorized (Did you forget to add API Token to the web hook ?)");

5
src/test/java/com/dabsquared/gitlabjenkins/connection/GitLabConnectionConfigTest.java
View File

@ -37,6 +37,7 @@ import java.util.List;
import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.mock;
import static org.mockserver.model.HttpRequest.request;
import static org.mockserver.model.HttpResponse.response;
@ -94,7 +95,8 @@ public class GitLabConnectionConfigTest {
@Test
public void authenticationEnabled_anonymous_forbidden() throws IOException, URISyntaxException {
jenkins.get(GitLabConnectionConfig.class).setUseAuthenticatedEndpoint(true);
Boolean defaultValue = jenkins.get(GitLabConnectionConfig.class).getUseAuthenticatedEndpoint();
assertTrue(defaultValue);
jenkins.getInstance().setAuthorizationStrategy(new GlobalMatrixAuthorizationStrategy());
URL jenkinsURL = jenkins.getURL();
FreeStyleProject project = jenkins.createFreeStyleProject("test");
@ -114,7 +116,6 @@ public class GitLabConnectionConfigTest {
@Test
public void authenticationEnabled_registered_success() throws Exception {
String username = "test-user";
jenkins.get(GitLabConnectionConfig.class).setUseAuthenticatedEndpoint(true);
jenkins.getInstance().setSecurityRealm(jenkins.createDummySecurityRealm());
GlobalMatrixAuthorizationStrategy authorizationStrategy = new GlobalMatrixAuthorizationStrategy();
authorizationStrategy.add(Item.BUILD, username);