Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[JENKINS-28298] Doesn't authorize with strategies disabled in global-…
…security configuration.
  • Loading branch information
ikedam committed Jul 8, 2015
1 parent b221960 commit 5a5d514
Show file tree
Hide file tree
Showing 4 changed files with 81 additions and 4 deletions.
Expand Up @@ -24,8 +24,11 @@

package org.jenkinsci.plugins.authorizeproject;

import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;

import jenkins.model.Jenkins;
import jenkins.security.QueueItemAuthenticatorConfiguration;
Expand Down Expand Up @@ -56,6 +59,8 @@ public class AuthorizeProjectProperty extends JobProperty<Job<?,?>> {
*/
public static final String PROPERTYNAME = "authorize_project_property";

private static final Logger LOGGER = Logger.getLogger(AuthorizeProjectProperty.class.getName());

private AuthorizeProjectStrategy strategy;

/**
Expand All @@ -78,6 +83,28 @@ public AuthorizeProjectProperty(AuthorizeProjectStrategy strategy) {
this.strategy = strategy;
}

/**
* @return strategy only when it's enabled. null otherwise.
*/
public AuthorizeProjectStrategy getEnabledStrategy() {
AuthorizeProjectStrategy strategy = getStrategy();
if(strategy == null) {
return null;
}
if(DescriptorVisibilityFilter.apply(
ProjectQueueItemAuthenticator.getConfigured(),
Arrays.asList(strategy.getDescriptor())
).isEmpty()) {
LOGGER.log(
Level.WARNING,
"{0} is configured but disabled in the globel-security configuration.",
strategy.getDescriptor().getDisplayName()
);
return null;
}
return strategy;
}

/**
* Return the authorization for a build.
*
Expand All @@ -86,10 +113,11 @@ public AuthorizeProjectProperty(AuthorizeProjectStrategy strategy) {
* @see AuthorizeProjectStrategy#authenticate(hudson.model.Job, hudson.model.Queue.Item)
*/
public Authentication authenticate(Queue.Item item) {
if (getStrategy() == null) {
AuthorizeProjectStrategy strategy = getEnabledStrategy();
if (strategy == null) {
return null;
}
return getStrategy().authenticate(owner, item);
return strategy.authenticate(owner, item);
}

/**
Expand Down
Expand Up @@ -83,6 +83,15 @@ public static class NullAuthorizeProjectStrategy extends AuthorizeProjectStrateg
public Authentication authenticate(Job<?, ?> project, Queue.Item item) {
return null;
}

@TestExtension
public static class DescriptorImpl extends AuthorizeProjectStrategyDescriptor {
@Override
public String getDisplayName() {
return "AuthorizeProjectStrategyWithOldSignature";
}

}
}

@Test
Expand Down Expand Up @@ -378,6 +387,15 @@ public AuthorizeProjectStrategyWithOldSignature(String name) {
public Authentication authenticate(AbstractProject<?, ?> project, Queue.Item item) {
return User.get(name).impersonate();
}

@TestExtension("testOldSignature")
public static class DescriptorImpl extends AuthorizeProjectStrategyDescriptor {
@Override
public String getDisplayName() {
return "AuthorizeProjectStrategyWithOldSignature";
}

}
}

@Test
Expand Down
Expand Up @@ -68,7 +68,7 @@
*/
public class SpecificUsersAuthorizationStrategyTest {
@Rule
public JenkinsRule j = new AuthorizeProjectJenkinsRule();
public JenkinsRule j = new AuthorizeProjectJenkinsRule(SpecificUsersAuthorizationStrategy.class);

private void prepareSecurity() {
// This allows any users authenticate name == password
Expand Down
Expand Up @@ -24,6 +24,13 @@

package org.jenkinsci.plugins.authorizeproject.testutil;

import hudson.model.Describable;

import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Map.Entry;

import jenkins.security.QueueItemAuthenticatorConfiguration;

import org.jenkinsci.plugins.authorizeproject.ProjectQueueItemAuthenticator;
Expand All @@ -35,6 +42,23 @@
*
*/
public class AuthorizeProjectJenkinsRule extends JenkinsRule {
private Map<Class<? extends Describable<?>>, Boolean> strategyEnabledMapByClass;

public AuthorizeProjectJenkinsRule() {
this(Collections.<Class<? extends Describable<?>>, Boolean>emptyMap());
}

public AuthorizeProjectJenkinsRule(Class<? extends Describable<?>>... strategiesToEnabled) {
this(new HashMap<Class<? extends Describable<?>>, Boolean>());
for(Class<? extends Describable<?>> strategy: strategiesToEnabled) {
this.strategyEnabledMapByClass.put(strategy, true);
}
}

public AuthorizeProjectJenkinsRule(Map<Class<? extends Describable<?>>, Boolean> strategyEnabledMapByClass) {
this.strategyEnabledMapByClass = strategyEnabledMapByClass;
}

@Override
public WebClient createWebClient() {
return new WebClient() {
Expand All @@ -53,6 +77,13 @@ public void throwFailingHttpStatusCodeExceptionIfNecessary(WebResponse webRespon

public void before() throws Throwable {
super.before();
QueueItemAuthenticatorConfiguration.get().getAuthenticators().add(new ProjectQueueItemAuthenticator());
Map<String, Boolean> strategyEnabledMap = new HashMap<String, Boolean>();
for(Entry<Class<? extends Describable<?>>, Boolean> e: strategyEnabledMapByClass.entrySet()) {
strategyEnabledMap.put(
jenkins.getDescriptor(e.getKey()).getId(),
e.getValue()
);
}
QueueItemAuthenticatorConfiguration.get().getAuthenticators().add(new ProjectQueueItemAuthenticator(strategyEnabledMap));
}
}

0 comments on commit 5a5d514

Please sign in to comment.