Merge pull request #15 from stephenc/jenkins-32769

[JENKINS-32769] SpecificUsersAuthorizationStrategy cannot work for ACL.SYSTEM
jenkinsci · Feb 11, 2016 · 43af1ff · 43af1ff
2 parents 5f567fc + 2c0799f
commit 43af1ff
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/...a/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java b/...a/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java
@@ -138,6 +138,7 @@ protected static boolean isAuthenticateionRequired(
         }
 
         User u = User.current();
+        // TODO use Jenkins.getInstance().getSecurityRealm().getUserIdStrategy().equals() once Jenkins 1.566+
         if (u != null && u.getId() != null && u.getId().equals(newStrategy.getUserid())) {
             // Any user can specify oneself.
             return false;
@@ -147,7 +148,8 @@ protected static boolean isAuthenticateionRequired(
             // if currentStrategy is null, authentication is always required.
             return true;
         }
-
+
+        // TODO use Jenkins.getInstance().getSecurityRealm().getUserIdStrategy().equals() once Jenkins 1.566+
         if (
                 currentStrategy.isNoNeedReauthentication()
                 && currentStrategy.getUserid() != null
@@ -260,7 +262,11 @@ protected SpecificUsersAuthorizationStrategy newInstanceWithoutAuthentication(
             if (StringUtils.isBlank(userid)) {
                 throw new FormException("userid must be specified", "userid");
             }
-
+            // TODO use Jenkins.getInstance().getSecurityRealm().getUserIdStrategy().equals(userid, ACL.SYSTEM.getPrincipal().toString())) once Jenkins 1.566+
+            if (userid.equals(ACL.SYSTEM.getPrincipal())) {
+                throw new FormException(Messages.SpecificUsersAuthorizationStrategy_userid_notSystem(), "userid");
+            }
+
             return new SpecificUsersAuthorizationStrategy(
                     userid, 
                     noNeedReauthentication
@@ -400,6 +406,10 @@ public FormValidation doCheckUserid(@QueryParameter String userid) {
             if (StringUtils.isBlank(userid)) {
                 return FormValidation.error(Messages.SpecificUsersAuthorizationStrategy_userid_required());
             }
+            // TODO use Jenkins.getInstance().getSecurityRealm().getUserIdStrategy().equals(userid, ACL.SYSTEM.getPrincipal().toString())) once Jenkins 1.566+
+            if (userid.equals(ACL.SYSTEM.getPrincipal())) {
+                return FormValidation.error(Messages.SpecificUsersAuthorizationStrategy_userid_notSystem());
+            }
             return FormValidation.ok();
         }
 

diff --git a/src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/Messages.properties b/src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/Messages.properties
@@ -23,6 +23,7 @@
 TriggeringUsersAuthorizationStrategy.DisplayName=Run as User who Triggered Build
 SpecificUsersAuthorizationStrategy.DisplayName=Run as Specific User
 SpecificUsersAuthorizationStrategy.userid.required=Required
+SpecificUsersAuthorizationStrategy.userid.notSystem=You cannot specify SYSTEM as the user with this strategy
 SpecificUsersAuthorizationStrategy.userid.authenticate=Failed to authenticate the user specified to run builds with its authorization. Please check User ID and Password is valid.
 SpecificUsersAuthorizationStrategy.userid.readResolve=Failed to authenticate the user specified to run builds with its authorization. In REST/CLI interface, you must be an administrator or you can specify yourself.
 SpecificUsersAuthorizationStrategy.password.required=Required