Skip to content

Commit

Permalink
Merge pull request #10 from ydubreuil/JENKINS-25637
Browse files Browse the repository at this point in the history 
[FIXED JENKINS-25637] don't require a crumb to trigger a build
  • Loading branch information
@jglick
jglick committed Apr 28, 2016
2 parents 1bfbfda + a1a621d commit b55500b
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 5 deletions.
31 changes: 26 additions & 5 deletions src/main/java/org/jenkinsci/plugins/build_token_root/BuildRootAction.java
View file
Expand Up @@ -35,15 +35,18 @@
import hudson.model.Queue;
import hudson.model.UnprotectedRootAction;
import hudson.security.ACL;
import hudson.security.csrf.CrumbExclusion;
import hudson.triggers.SCMTrigger;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletRequest;
import jenkins.model.Jenkins;
import jenkins.model.ParameterizedJobMixIn;
import jenkins.triggers.SCMTriggerItem;
Expand All @@ -62,9 +65,10 @@
public class BuildRootAction implements UnprotectedRootAction {

private static final Logger LOGGER = Logger.getLogger(BuildRootAction.class.getName());
public static final String URLNAME = "buildByToken";

@Override public String getUrlName() {
return "buildByToken";
return URLNAME;
}

@Override public String getIconFileName() {
Expand Down Expand Up @@ -107,10 +111,10 @@ public void doBuildWithParameters(StaplerRequest req, StaplerResponse rsp, @Quer
}
List<ParameterValue> values = new ArrayList<ParameterValue>();
for (ParameterDefinition d : pp.getParameterDefinitions()) {
ParameterValue value = d.createValue(req);
if (value != null) {
values.add(value);
}
ParameterValue value = d.createValue(req);
if (value != null) {
values.add(value);
}
}
Queue.Item item = Jenkins.getInstance().getQueue().schedule(p, delay.getTime(), new ParametersAction(values), getBuildCause(req));
if (item != null) {
Expand Down Expand Up @@ -188,4 +192,21 @@ private void ok(StaplerResponse rsp) throws IOException {
w.close();
}

@Extension
public static class BuildRootActionCrumbExclusion extends CrumbExclusion {

@Override
public boolean process(HttpServletRequest req, HttpServletResponse resp, FilterChain chain) throws IOException, ServletException {
String pathInfo = req.getPathInfo();
if (pathInfo != null && pathInfo.startsWith(getExclusionPath())) {
chain.doFilter(req, resp);
return true;
}
return false;
}

public String getExclusionPath() {
return "/" + URLNAME + "/";
}
}
}
20 changes: 20 additions & 0 deletions src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java
View file
Expand Up @@ -42,6 +42,8 @@
import java.util.logging.Logger;
import jenkins.model.ParameterizedJobMixIn;
import org.apache.commons.httpclient.HttpStatus;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.methods.PostMethod;
import org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition;
import org.jenkinsci.plugins.workflow.job.WorkflowJob;
import static org.junit.Assert.*;
Expand Down Expand Up @@ -133,4 +135,22 @@ private void assertCreated(Page page) throws Exception {
// TODO test polling
// TODO test projects in folders

@Issue("JENKINS-25637")
@PresetData(PresetData.DataSet.NO_ANONYMOUS_READACCESS)
@Test public void testCrumbBypass() throws Exception {
FreeStyleProject p = j.createFreeStyleProject("p");
setAuthToken(p);

HttpClient client = new HttpClient();

PostMethod post = new PostMethod(j.jenkins.getRootUrl() + "buildByToken/build");
post.addParameter("job", p.getFullName());
post.addParameter("token", "secret");
post.addParameter("delay", "0sec");
client.executeMethod(post);
assertEquals(post.getStatusLine().getReasonPhrase(), 201, post.getStatusCode());

j.waitUntilNoActivity();
assertEquals(1, p.getBuilds().size());
}
}

0 comments on commit b55500b

Please sign in to comment.