[FIXED JENKINS-26831] save secret password

jenkinsci · Feb 11, 2015 · 5cbc6c7 · 5cbc6c7
1 parent 76c2b50
commit 5cbc6c7
Show file tree

Hide file tree

Showing 6 changed files with 87 additions and 35 deletions.
diff --git a/src/main/java/hudson/plugins/mantis/MantisSite.java b/src/main/java/hudson/plugins/mantis/MantisSite.java
@@ -9,6 +9,7 @@
 import hudson.plugins.mantis.model.MantisViewState;
 import hudson.plugins.mantis.soap.MantisSession;
 import hudson.plugins.mantis.soap.MantisSessionFactory;
+import hudson.util.Secret;
 
 import java.net.MalformedURLException;
 import java.net.URL;
@@ -44,7 +45,13 @@ public final class MantisSite {
     /**
      * password for Mantis installation.
      */
-    private final String password;
+    @Deprecated
+    private String password;
+
+    /**
+     * secret password for Mantis installation.
+     */
+    private Secret secretPassword;
 
     /**
      * user name for Basic Authentication.
@@ -54,7 +61,13 @@ public final class MantisSite {
     /**
      * password for Basic Authentication.
      */
-    private final String basicPassword;
+    @Deprecated
+    private String basicPassword;
+
+    /**
+     * secret password for Mantis installation.
+     */
+    private Secret secretBasicPassword;
 
     public static MantisSite get(final AbstractProject<?, ?> p) {
         final MantisProjectProperty mpp = p.getProperty(MantisProjectProperty.class);
@@ -85,10 +98,20 @@ public String getUserName() {
         return userName;
     }
 
+    @Deprecated
     public String getPassword() {
         return password;
     }
 
+    public String getPlainPassword() {
+        return Secret.toString(secretPassword);
+    }
+
+    public Secret getSecretPassword() {
+        return secretPassword;
+    }
+
+
     public String getName() {
         return url.toExternalForm();
     }
@@ -97,9 +120,18 @@ public String getBasicUserName() {
         return basicUserName;
     }
 
+    @Deprecated
     public String getBasicPassword() {
         return basicPassword;
     }
+
+    public String getPlainBasicPassword() {
+        return Secret.toString(secretBasicPassword);
+    }
+
+    public Secret getSecretBasicPassword() {
+        return secretBasicPassword;
+    }
 
     @DataBoundConstructor
     public MantisSite(final URL url, final String version, final String userName,
@@ -115,9 +147,9 @@ public MantisSite(final URL url, final String version, final String userName,
         }
         this.version = MantisVersion.getVersionSafely(version, MantisVersion.V110);
         this.userName = Util.fixEmptyAndTrim(userName);
-        this.password = Util.fixEmptyAndTrim(password);
+        this.secretPassword = Secret.fromString(Util.fixEmptyAndTrim(password));
         this.basicUserName = Util.fixEmptyAndTrim(basicUserName);
-        this.basicPassword = Util.fixEmptyAndTrim(basicPassword);
+        this.secretBasicPassword = Secret.fromString(Util.fixEmptyAndTrim(basicPassword));
     }
 
     public String getIssueLink(int issueNo) {
@@ -210,5 +242,17 @@ public String getDisplayName() {
         }
     }
 
+    protected Object readResolve() {
+        if (password != null) {
+            secretPassword = Secret.fromString(password);
+            password = null;
+        }
+        if (basicPassword != null) {
+            secretBasicPassword = Secret.fromString(basicPassword);
+            basicPassword = null;
+        }
+        return this;
+    }
+
     private static final Logger LOGGER = Logger.getLogger(MantisSite.class.getName());
 }
diff --git a/src/main/java/hudson/plugins/mantis/soap/mantis110/MantisSessionImpl.java b/src/main/java/hudson/plugins/mantis/soap/mantis110/MantisSessionImpl.java
@@ -40,9 +40,9 @@ public MantisSessionImpl(final MantisSite site) throws MantisHandlingException {
             portType = locator.getMantisConnectPort(endpoint);
 
             // Basic Authentication if they are specified
-            if (site.getBasicUserName() != null && site.getBasicPassword() != null) {
+            if (site.getBasicUserName() != null && site.getPlainBasicPassword() != null) {
                 ((Stub) portType).setUsername(site.getBasicUserName());
-                ((Stub) portType).setPassword(site.getBasicPassword());
+                ((Stub) portType).setPassword(site.getPlainBasicPassword());
             }
             // Support https
             // Allowing unsigned server certs
@@ -60,7 +60,7 @@ public MantisIssue getIssue(final int id) throws MantisHandlingException {
         IssueData data;
         try {
             data =
-                    portType.mc_issue_get(site.getUserName(), site.getPassword(), BigInteger.valueOf(id));
+                    portType.mc_issue_get(site.getUserName(), site.getPlainPassword(), BigInteger.valueOf(id));
         } catch (final RemoteException e) {
             throw new MantisHandlingException(e);
         }
@@ -75,7 +75,7 @@ public void addNote(final int id, final MantisNote note)
         data.setView_state(new ObjectRef(BigInteger.valueOf(note.getViewState().getCode()), null));
 
         try {
-            portType.mc_issue_note_add(site.getUserName(), site.getPassword(), BigInteger.valueOf(id), data);
+            portType.mc_issue_note_add(site.getUserName(), site.getPlainPassword(), BigInteger.valueOf(id), data);
         } catch (final RemoteException e) {
             throw new MantisHandlingException(e);
         }
@@ -95,7 +95,7 @@ public List<MantisProject> getProjects() throws MantisHandlingException {
         List<MantisProject> projects = new ArrayList<MantisProject>();
         ProjectData[] data;
         try {
-            data = portType.mc_projects_get_user_accessible(site.getUserName(), site.getPassword());
+            data = portType.mc_projects_get_user_accessible(site.getUserName(), site.getPlainPassword());
         } catch (final RemoteException e) {
             throw new MantisHandlingException(e);
         }
@@ -121,7 +121,7 @@ public List<MantisCategory> getCategories(int projectId) throws MantisHandlingEx
         String[] list;
         try {
             list = portType.mc_project_get_categories(
-                    site.getUserName(), site.getPassword(), BigInteger.valueOf(projectId));
+                    site.getUserName(), site.getPlainPassword(), BigInteger.valueOf(projectId));
         } catch (final RemoteException e) {
             throw new MantisHandlingException(e);
         }
@@ -156,7 +156,7 @@ public int addIssue(MantisIssue issue) throws MantisHandlingException {
 
         BigInteger addedIssueNo = null;
         try {
-            addedIssueNo = portType.mc_issue_add(site.getUserName(), site.getPassword(), data);
+            addedIssueNo = portType.mc_issue_add(site.getUserName(), site.getPlainPassword(), data);
         } catch (final RemoteException e) {
             throw new MantisHandlingException(e);
         }

diff --git a/src/main/java/hudson/plugins/mantis/soap/mantis120/MantisSessionImpl.java b/src/main/java/hudson/plugins/mantis/soap/mantis120/MantisSessionImpl.java
@@ -39,9 +39,9 @@ public MantisSessionImpl(final MantisSite site) throws MantisHandlingException {
             portType = locator.getMantisConnectPort(endpoint);
 
             // Basic Authentication if they are specified
-            if (site.getBasicUserName() != null && site.getBasicPassword() != null) {
+            if (site.getBasicUserName() != null && site.getPlainBasicPassword() != null) {
                 ((Stub) portType).setUsername(site.getBasicUserName());
-                ((Stub) portType).setPassword(site.getBasicPassword());
+                ((Stub) portType).setPassword(site.getPlainBasicPassword());
             }
             // Support https
             // Allowing unsigned server certs
@@ -59,7 +59,7 @@ public MantisIssue getIssue(final int id) throws MantisHandlingException {
         IssueData data;
         try {
             data =
-                    portType.mc_issue_get(site.getUserName(), site.getPassword(), BigInteger.valueOf(id));
+                    portType.mc_issue_get(site.getUserName(), site.getPlainPassword(), BigInteger.valueOf(id));
         } catch (final RemoteException e) {
             throw new MantisHandlingException(e);
         }
@@ -74,7 +74,7 @@ public void addNote(final int id, final MantisNote note)
         data.setView_state(new ObjectRef(BigInteger.valueOf(note.getViewState().getCode()), null));
 
         try {
-            portType.mc_issue_note_add(site.getUserName(), site.getPassword(), BigInteger.valueOf(id), data);
+            portType.mc_issue_note_add(site.getUserName(), site.getPlainPassword(), BigInteger.valueOf(id), data);
         } catch (final RemoteException e) {
             throw new MantisHandlingException(e);
         }
@@ -94,7 +94,7 @@ public List<MantisProject> getProjects() throws MantisHandlingException {
         List<MantisProject> projects = new ArrayList<MantisProject>();
         ProjectData[] data;
         try {
-            data = portType.mc_projects_get_user_accessible(site.getUserName(), site.getPassword());
+            data = portType.mc_projects_get_user_accessible(site.getUserName(), site.getPlainPassword());
         } catch (final RemoteException e) {
             throw new MantisHandlingException(e);
         }
@@ -120,7 +120,7 @@ public List<MantisCategory> getCategories(int projectId) throws MantisHandlingEx
         String[] list;
         try {
             list = portType.mc_project_get_categories(
-                    site.getUserName(), site.getPassword(), BigInteger.valueOf(projectId));
+                    site.getUserName(), site.getPlainPassword(), BigInteger.valueOf(projectId));
         } catch (final RemoteException e) {
             throw new MantisHandlingException(e);
         }
@@ -155,7 +155,7 @@ public int addIssue(MantisIssue issue) throws MantisHandlingException {
 
         BigInteger addedIssueNo = null;
         try {
-            addedIssueNo = portType.mc_issue_add(site.getUserName(), site.getPassword(), data);
+            addedIssueNo = portType.mc_issue_add(site.getUserName(), site.getPlainPassword(), data);
         } catch (final RemoteException e) {
             throw new MantisHandlingException(e);
         }

diff --git a/src/main/resources/hudson/plugins/mantis/MantisProjectProperty/global.jelly b/src/main/resources/hudson/plugins/mantis/MantisProjectProperty/global.jelly
@@ -28,7 +28,7 @@
 
           <f:entry title="${%Password}" >
             <f:password class="setting-input" 
-                   type="password" name="m.password" value="${site.password}" />
+                   type="password" name="m.password" value="${site.secretPassword}" />
           </f:entry>
 
           <f:advanced>
@@ -38,8 +38,8 @@
                 <f:textbox name="m.basicUserName" value="${site.basicUserName}" />               
               </f:entry>
               <f:entry title="${%Password}" >
-                <input class="setting-input" 
-                       type="password" name="m.basicPassword" value="${site.basicPassword}" />
+                <f:password class="setting-input"
+                       type="password" name="m.basicPassword" value="${site.secretBasicPassword}" />
               </f:entry>
               <f:validateButton
                  title="${%Verify}" progress="${%Verifying...}"

diff --git a/src/test/java/hudson/plugins/mantis/MantisProjectPropertyConfigSubmitTest.java b/src/test/java/hudson/plugins/mantis/MantisProjectPropertyConfigSubmitTest.java
@@ -39,10 +39,10 @@ public void testConfigSubmit_001() throws Exception {
 
         assertEquals("http://localhost/mantis/", form.getInputByName("m.url").getValueAttribute());
         assertEquals("V110", form.getSelectByName("m.version").getSelectedOptions().get(0).getValueAttribute());
-        assertEquals("test", form.getInputByName("m.userName").getValueAttribute());
-        assertEquals("test", form.getInputByName("m.password").getValueAttribute());
-        assertEquals("test", form.getInputByName("m.basicUserName").getValueAttribute());
-        assertEquals("test", form.getInputByName("m.basicPassword").getValueAttribute());
+        assertEquals(s.getUserName(), form.getInputByName("m.userName").getValueAttribute());
+        assertEquals(s.getSecretPassword().getEncryptedValue(), form.getInputByName("m.password").getValueAttribute());
+        assertEquals(s.getBasicUserName(), form.getInputByName("m.basicUserName").getValueAttribute());
+        assertEquals(s.getSecretBasicPassword().getEncryptedValue(), form.getInputByName("m.basicPassword").getValueAttribute());
 
     }
 
@@ -73,8 +73,8 @@ public void testConfigSubmit_002() throws Exception {
         assertEquals(new URL("http://bacons.ddo.jp/mantis/"), site.getUrl());
         assertEquals(MantisSite.MantisVersion.V120, site.getVersion());
         assertEquals("mantis", site.getUserName());
-        assertEquals("mantis", site.getPassword());
+        assertEquals("mantis", site.getPlainPassword());
         assertEquals("mantis", site.getBasicUserName());
-        assertEquals("mantis", site.getBasicPassword());
+        assertEquals("mantis", site.getPlainBasicPassword());
     }
 }
diff --git a/src/test/java/hudson/plugins/mantis/MantisSiteTest.java b/src/test/java/hudson/plugins/mantis/MantisSiteTest.java
@@ -4,19 +4,18 @@
 import hudson.plugins.mantis.model.MantisIssue;
 import hudson.plugins.mantis.model.MantisProject;
 import hudson.plugins.mantis.model.MantisViewState;
-import java.net.MalformedURLException;
 import java.net.URL;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
-import static org.junit.Assert.*;
+import org.jvnet.hudson.test.HudsonTestCase;
 
 /**
  * Test class.
  * 
  * @author Seiji Sogabe
  */
-public class MantisSiteTest {
+public class MantisSiteTest extends HudsonTestCase {
 
     private static String MANTIS_URL = "http://bacons.ddo.jp/mantis/";
 
@@ -30,13 +29,17 @@ public MantisSiteTest() {
     }
 
     @Before
-    public void setUp() throws MalformedURLException {
+    @Override
+    public void setUp() throws Exception {
+        super.setUp();
         mantisUrl = new URL(MANTIS_URL);
         googleUrl = new URL("http://www.google.com");
     }
 
     @After
-    public void tearDown() {
+    @Override
+    public void tearDown() throws Exception {
+        super.tearDown();
     }
 
     @Test
@@ -66,10 +69,15 @@ public void testGetIssue() throws MantisHandlingException {
         assertEquals("for Jenkins Mantis Plugin", issue.getSummary());
     }
 
-    @Test(expected = MantisHandlingException.class)
-    public void testGetIssue_NotFound() throws MantisHandlingException {
+    @Test
+    public void testGetIssue_NotFound() {
         target = createMantisSite();
-        target.getIssue(99999);
+        try {
+            target.getIssue(99999);
+            fail();
+        } catch (MantisHandlingException e) {
+            // OK
+        }
     }
 
     @Test