Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge pull request #2127 from kzantow/JENKINS-33572
[JENKINS-33572] - initial admin user should not retain setup token
  • Loading branch information
daniel-beck committed Mar 16, 2016
2 parents 5ecbb09 + 479b9b2 commit c57821a
Showing 1 changed file with 22 additions and 2 deletions.
24 changes: 22 additions & 2 deletions core/src/main/java/jenkins/install/SetupWizard.java
@@ -1,7 +1,9 @@
package jenkins.install;

import java.io.IOException;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.UUID;
import java.util.logging.Logger;

Expand All @@ -19,12 +21,12 @@
import org.kohsuke.stapler.StaplerResponse;

import hudson.BulkChange;
import hudson.ExtensionList;
import hudson.model.Descriptor;
import hudson.model.User;
import hudson.model.UserProperty;
import hudson.model.UserPropertyDescriptor;
import hudson.security.FullControlOnceLoggedInAuthorizationStrategy;
import hudson.security.HudsonPrivateSecurityRealm;
import hudson.security.PermissionAdder;
import hudson.security.SecurityRealm;
import hudson.security.csrf.DefaultCrumbIssuer;
import hudson.util.HttpResponses;
Expand Down Expand Up @@ -113,6 +115,19 @@ public SetupWizard(Jenkins j) throws IOException {
*/
public HttpResponse doCompleteInstall(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException {
Jenkins j = Jenkins.getActiveInstance();
User u = j.getUser("admin");
// JENKINS-33572 - without creating a new 'admin' user, auth key erroneously remained
if(u != null && u.getProperty(AuthenticationKey.class) != null) {
// There must be a better way of removing things...
Iterator<Map.Entry<Descriptor<UserProperty>,UserProperty>> entries = u.getProperties().entrySet().iterator();
while(entries.hasNext()) {
Map.Entry<?, ?> entry = entries.next();
if(entry.getValue() instanceof AuthenticationKey) {
entries.remove();
}
}
u.save();
}
j.setInstallState(InstallState.INITIAL_SETUP_COMPLETED);
InstallUtil.saveLastExecVersion();
PluginServletFilter.removeFilter(FORCE_SETUP_WIZARD_FILTER);
Expand All @@ -139,6 +154,11 @@ public String getKey() {
public void setKey(String key) {
this.key = key;
}

@Override
public UserPropertyDescriptor getDescriptor() {
return null;
}
}

/**
Expand Down

0 comments on commit c57821a

Please sign in to comment.