Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[FIXED JENKINS-12875] Change default crumb name to Jenkins-Crumb
- Loading branch information
1 parent
e322322
commit ed0ea63
Showing
5 changed files
with
24 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -62,17 +62,11 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha | |
String crumbFieldName = crumbIssuer.getDescriptor().getCrumbRequestField(); | ||
String crumbSalt = crumbIssuer.getDescriptor().getCrumbSalt(); | ||
|
||
String crumb = httpRequest.getHeader(crumbFieldName); | ||
boolean valid = false; | ||
String crumb = extractCrumbFromRequest(httpRequest, crumbFieldName); | ||
if (crumb == null) { | ||
Enumeration<?> paramNames = request.getParameterNames(); | ||
while (paramNames.hasMoreElements()) { | ||
String paramName = (String) paramNames.nextElement(); | ||
if (crumbFieldName.equals(paramName)) { | ||
crumb = request.getParameter(paramName); | ||
break; | ||
} | ||
} | ||
// compatibility for clients that hard-code the default crumb name up to Jenkins 1.TODO | ||
extractCrumbFromRequest(httpRequest, ".crumb"); | ||
} | ||
if (crumb != null) { | ||
if (crumbIssuer.validateCrumb(httpRequest, crumbSalt, crumb)) { | ||
|
@@ -93,6 +87,21 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha | |
} | ||
} | ||
|
||
private String extractCrumbFromRequest(HttpServletRequest httpRequest, String crumbFieldName) { | ||
String crumb = httpRequest.getHeader(crumbFieldName); | ||
if (crumb == null) { | ||
Enumeration<?> paramNames = httpRequest.getParameterNames(); | ||
while (paramNames.hasMoreElements()) { | ||
String paramName = (String) paramNames.nextElement(); | ||
if (crumbFieldName.equals(paramName)) { | ||
crumb = httpRequest.getParameter(paramName); | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
Blaisorblade
|
||
break; | ||
} | ||
} | ||
} | ||
return crumb; | ||
} | ||
|
||
protected static boolean isMultipart(HttpServletRequest request) { | ||
if (request == null) { | ||
return false; | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@daniel-beck Why not just
httpRequest.getParameter(crumbFieldName)
, since the code ensures thatcrumbFieldName.equals(paramName)
are equal so thegetParameter
result should be the same? That's less code, and has better worst-case performance.JavaDocs for getParameter don't suggest anything else strange going on.
If there's a valid reason I'm missing, I'd suggest to explain it in a comment, lest somebody like me miss that, refactor the code like I'm proposing and introduce a bug.