[JENKINS-34426] Fix to handle SECURITY-243 (#34)

jenkinsci · May 19, 2016 · 57f4d97 · 57f4d97
1 parent 3862baf
commit 57f4d97
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 2 deletions.
diff --git a/src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java b/src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
@@ -229,6 +229,7 @@ private List<SocketInfo> obtainLDAPServers(String domainName) throws Authenticat
     public UserDetails retrieveUser(final String username, final String password, final String domainName, final List<SocketInfo> ldapServers) {
         UserDetails userDetails;
         try {
+            final ActiveDirectoryUserDetail[] cacheMiss = new ActiveDirectoryUserDetail[1];
             userDetails = userCache.get(username, new Callable<UserDetails>() {
                 public UserDetails call() throws AuthenticationException {
                     DirContext context;
@@ -312,11 +313,12 @@ public UserDetails call() throws AuthenticationException {
                         Set<GrantedAuthority> groups = resolveGroups(domainDN, dnFormatted, context);
                         groups.add(SecurityRealm.AUTHENTICATED_AUTHORITY);
 
-                        return new ActiveDirectoryUserDetail(username, password, true, true, true, true, groups.toArray(new GrantedAuthority[groups.size()]),
+                        cacheMiss[0] = new ActiveDirectoryUserDetail(username, password, true, true, true, true, groups.toArray(new GrantedAuthority[groups.size()]),
                                 getStringAttribute(user, "displayName"),
                                 getStringAttribute(user, "mail"),
                                 getStringAttribute(user, "telephoneNumber")
-                        ).updateUserInfo();
+                        );
+                        return cacheMiss[0];
                     } catch (NamingException e) {
                         if (anonymousBind && e.getMessage().contains("successful bind must be completed") && e.getMessage().contains("000004DC")) {
                             // sometimes (or always?) anonymous bind itself will succeed but the actual query will fail.
@@ -331,6 +333,9 @@ public UserDetails call() throws AuthenticationException {
                     }
                 }
             });
+            if (cacheMiss[0] != null) {
+                cacheMiss[0].updateUserInfo();
+            }
         } catch (UncheckedExecutionException e) {
            Throwable t = e.getCause();
             if (t instanceof AuthenticationException) {

diff --git a/src/main/java/hudson/plugins/active_directory/ActiveDirectoryUserDetail.java b/src/main/java/hudson/plugins/active_directory/ActiveDirectoryUserDetail.java
@@ -24,6 +24,7 @@
 package hudson.plugins.active_directory;
 
 import java.io.IOException;
+import java.lang.reflect.InvocationTargetException;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashSet;
@@ -177,6 +178,19 @@ public static long getSerialVersionUID() {
      * Gets the corresponding {@link hudson.model.User} object.
      */
     public hudson.model.User getJenkinsUser() {
+        try { // TODO 1.651.2+ remove reflection
+            return (hudson.model.User) hudson.model.User.class.getMethod("getById", String.class, boolean.class).invoke(null, getUsername(), true);
+        } catch (InvocationTargetException e) {
+            if (e.getCause() instanceof RuntimeException) {
+                throw (RuntimeException)e.getCause();
+            }
+            // Only RuntimeException is expected
+            LOGGER.log(Level.WARNING, String.format("There was a problem obtaining the Jenkins user %s by Id", getUsername()), e);
+        } catch (NoSuchMethodException e) {
+            // fine, older baseline
+        } catch (Exception e) { // unexpected
+            LOGGER.log(Level.WARNING, String.format("There was a problem obtaining the Jenkins user %s by Id", getUsername()), e);
+        }
         return hudson.model.User.get(getUsername());
     }